def EditBookInstanceView(request, pk):
if not request.user.is_staff or not request.user.groups.filter(
name='Manager').exists():
return redirect('404')
copy = BookInstance.objects.get(pk=pk)
if request.method == 'POST':
form = BookInstanceForm(request.POST, instance=copy)
if form.is_valid():
bookinstance = form.save()
LogEntry.objects.log_action(
user_id=request.user.id,
content_type_id=ContentType.objects.get_for_model(
bookinstance).pk,
object_id=bookinstance.id,
object_repr=str(bookinstance.__str__()),
action_flag=CHANGE,
change_message=construct_change_message(
form, None,
False) # Set to False when edited, set to True when added
)
messages.success(request,
'Your edits to this book copy has been saved!')
return HttpResponseRedirect(reverse('book-copies'))
else:
form = BookInstanceForm(instance=copy)
else:
form = BookInstanceForm(instance=copy)
return render(request, "manager/edit_book_instance.html", {
'form': form,
'copy': copy
})
def AddBookInstanceView(request):
if not request.user.is_staff or not request.user.groups.filter(
name='Manager').exists():
return redirect('404')
if request.method == "POST":
form = BookInstanceForm(request.POST)
if form.is_valid():
bookinstance = form.save()
bookinstance.save()
LogEntry.objects.log_action(
user_id=request.user.id,
content_type_id=ContentType.objects.get_for_model(
bookinstance).pk,
object_id=bookinstance.id,
object_repr=str(bookinstance.__str__()),
action_flag=ADDITION,
change_message=construct_change_message(
form, None,
True) # Set to False when edited, set to True when added
)
messages.success(request,
'You have now added a copy for this book!')
return HttpResponseRedirect(reverse('book-copies'))
else:
form = BookInstanceForm()
return render(request, "manager/add_book_instance.html", {"form": form})
def ChangePasswordView(request):
if request.user.is_staff:
return redirect('404')
if request.method == 'POST':
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid():
user = form.save()
update_session_auth_hash(request, user) # Important!
LogEntry.objects.log_action(
user_id=request.user.id,
content_type_id=ContentType.objects.get_for_model(user).pk,
object_id=user.id,
object_repr=str(user.__str__()),
action_flag=CHANGE,
change_message=construct_change_message(
form, None,
False) # Set to False when edited, set to True when added
)
messages.success(request,
'Your password was successfully updated!')
return redirect('user-profile', username=user.username)
else:
messages.error(request, 'Please correct the error below.')
else:
form = PasswordChangeForm(request.user)
return render(request, 'catalog/change_password.html', {'form': form})
def form_valid(self, form):
adv_id = self.request.GET.get('advisory', '')
cust_id = self.request.GET.get('customer', '')
advisory = Advisory.objects.get(pk=adv_id)
customer = Customer.objects.get(pk=cust_id)
form.instance.advisory = advisory
form.instance.customer = customer
from django.contrib.admin.utils import construct_change_message
change_message = construct_change_message(None, None, True)
#self.log_addition(self.request, form.instance, change_message)
return super(DetailAddView, self).form_valid(form)
def log_form_addition_or_change(self, form, was_adding, formsets=None):
"""
Shortcut for logging the addition/deletion made via form. Resembles ModelAdmin too.
If there are accompanyed formset to the main action, their change could be logged too.
"""
if not form.is_valid():
raise ValidationError("Form invalid.")
if formsets and not all_valid(formsets):
raise ValidationError("Some of the formsets not valid.")
message_list = construct_change_message(form, formsets, was_adding)
if was_adding:
self.log_addition(form.instance, message_list)
else:
self.log_change(form.instance, message_list)
def SignUpView(request):
if not request.user.is_anonymous:
return redirect('404')
else:
form = SignUpForm(request.POST)
if form.is_valid():
user = form.save()
user.refresh_from_db() # used to handle synchronism issue
user.profile.first_name = form.cleaned_data.get('first_name')
user.profile.last_name = form.cleaned_data.get('last_name')
user.profile.email = form.cleaned_data.get('email')
user.profile.ID_num = form.cleaned_data.get(
'ID_num'
) # set all user info as well as ID number and role to profile model
user.profile.role = form.cleaned_data.get('role')
LibraryMember = Group.objects.get(
name='Library Members'
) # add a user to the Library Members group (default is teacher or student)
LibraryMember.user_set.add(
user) # Library Members do not have any CRUD permissions
user.save()
LogEntry.objects.log_action(
user_id=user.id,
content_type_id=ContentType.objects.get_for_model(user).pk,
object_id=user.id,
object_repr=str(user.__str__()),
action_flag=ADDITION,
change_message=construct_change_message(
form, None,
True) # Set to False when edited, set to True when added
)
messages.success(
request,
"Account saved! Please login again to verify it is you!")
return redirect(
'login'
) # redirect to homepage once account has been successfully registered
else:
form = SignUpForm()
return render(request, '../templates/registration/signup.html',
{'form': form})
def AddManagerView(request):
if not request.user.is_staff or not request.user.groups.filter(
name='Administrator').exists():
return redirect('404')
form = CreateManagerForm(request.POST)
if form.is_valid():
user = form.save()
user.refresh_from_db() # used to handle synchronism issue
user.profile.first_name = form.cleaned_data.get('first_name')
user.profile.last_name = form.cleaned_data.get('last_name')
user.profile.email = form.cleaned_data.get('email')
user.profile.ID_num = form.cleaned_data.get(
'ID_num'
) # set all user info as well as ID number and role to profile model
user.profile.role = 'manager'
LibraryMember = Group.objects.get(
name='Manager') # add a user to the Manager group
LibraryMember.user_set.add(
user) # Managers have permissions for books and bookinstances
user.is_staff = True
user.save()
LogEntry.objects.log_action(
user_id=request.user.id,
content_type_id=ContentType.objects.get_for_model(user).pk,
object_id=user.id,
object_repr=str(user.__str__()),
action_flag=ADDITION,
change_message=construct_change_message(
form, None,
True) # Set to False when edited, set to True when added
)
messages.success(request,
'The new manager is now added to the system!')
return redirect(
'../managers'
) # redirect to manager list page once account has been successfully registered
else:
form = CreateManagerForm()
return render(request, 'administrator/add_manager.html', {'form': form})
def ReviewBookView(request, pk):
book = get_object_or_404(Book, pk=pk)
if request.user.is_staff:
return redirect('404')
if request.method == 'POST':
form = ReviewForm(request.POST)
if form.is_valid():
review = form.save()
review.book = book
review.user = request.user
review.save()
LogEntry.objects.log_action(
user_id=request.user.id,
content_type_id=ContentType.objects.get_for_model(review).pk,
object_id=review.id,
object_repr=str(review.__str__()),
action_flag=ADDITION,
change_message=construct_change_message(
form, None,
True) # Set to False when edited, set to True when added
)
messages.success(request,
'Your review has been posted to the website!')
return redirect('book-detail',
pk=pk) # return to the current book-detail page
else:
messages.error(request, 'Please correct the error below.')
else:
form = ReviewForm()
return render(request, 'catalog/book_review.html', {
'form': form,
'book': book,
})
def form_valid(self, form): from django.contrib.admin.utils import construct_change_message change_message = construct_change_message(form, None, None) self.log_change(self.request, self.object, change_message) return super(UserprofileDetailView, self).form_valid(form)
def get_info(vuln_raw):
data = json.loads(vuln_raw)
now = datetime.now(utc)
tdelta = now - timedelta(days=365)
liste = StringIO.StringIO()
db = StringIO.StringIO()
debug = StringIO.StringIO()
# get my user
try:
user = User.objects.get(username='******')
except User.DoesNotExist:
# We have to make this customer
print "Making user cisco_import.."
user = User.objects.create(username='******')
# get Cisco vendor ID
try:
cisco = Vendor.objects.get(vendor_name='Cisco')
except Vendor.DoesNotExist:
# We have to make this customer
print "Making customer Cisco.."
cisco = Vendor.objects.create(vendor_name='Cisco')
for vuln in sorted(data, reverse=True, key=getdate):
print "Starting on %s" % (vuln['advisory_id'])
products = []
for product in vuln['product_names']:
product = product.strip(' \t\n\r')
#print "Check if the product \"%s\" is a part of the database" % (product)
#Check if product is part of database
try:
p = Product.objects.get(product_vendor=cisco,
product_name=product)
except Product.DoesNotExist:
print "Product \"%s\" is NOT a part of the database, adding" % (
product)
p = Product.objects.create(product_vendor=cisco,
product_name=product)
change_message = construct_change_message(None, None, True)
log_addition(user, p, change_message)
products.append(p)
cves = []
for cve in vuln['cves']:
cve = cve.strip(' \t\n\r')
#Check if cve is part of database
try:
p = CVE.objects.get(cve_id=cve)
except CVE.DoesNotExist:
print "Creating new CVE signature %s" % (cve)
p = CVE.objects.create(cve_id=cve)
change_message = construct_change_message(None, None, True)
log_addition(user, p, change_message)
cves.append(p)
bugs = []
for bug in vuln['bug_ids']:
bug = bug.strip(' \t\n\r')
#Check if bug is part of database
try:
p = Bug.objects.get(bug_id=bug, bug_vendor=cisco)
except Bug.DoesNotExist:
print "Creating new BUG id %s" % (bug)
p = Bug.objects.create(bug_id=bug, bug_vendor=cisco)
change_message = construct_change_message(None, None, True)
log_addition(user, p, change_message)
bugs.append(p)
cwes = []
for cwe in vuln['cwe']:
cwe = cwe.strip(' \t\n\r')
#Check if cwe is part of database
try:
p = CWE.objects.get(cwe_id=cwe)
except CWE.DoesNotExist:
print "Creating new CWE %s" % (cwe)
p = CWE.objects.create(cwe_id=cwe)
change_message = construct_change_message(None, None, True)
log_addition(user, p, change_message)
cwes.append(p)
ipssigs = []
for ipssig in vuln['ips_signatures']:
#print "Check if the IPS signature \"%s\" is a part of the database" % (ipssig)
if type(ipssig) is dict:
legacy_ips_id = ipssig['legacy_ips_id'].strip(' \t\n\r')
elif type(ipssig) is str:
legacy_ips_id = ipssig.strip(' \t\n\r')
ipssig = {
"legacy_ips_id": legacy_ips_id,
"legacy_ips_url": "",
"release_version": "",
"software_version": "",
}
else:
legacy_ips_id = "NA"
ipssig = {
"legacy_ips_id": legacy_ips_id,
"legacy_ips_url": "",
"release_version": "",
"software_version": "",
}
#Check if ipssig is part of database
try:
p = Ips_signature.objects.get(legacy_ips_id=legacy_ips_id)
except Ips_signature.DoesNotExist:
print "Creating new IPS signature %s" % (legacy_ips_id)
p = Ips_signature.objects.create(
legacy_ips_id=legacy_ips_id,
legacy_ips_url=ipssig['legacy_ips_url'],
release_version=ipssig['release_version'],
software_version=ipssig['software_version'])
change_message = construct_change_message(None, None, True)
log_addition(user, p, change_message)
ipssigs.append(p)
first_published = parse(vuln['first_published'])
last_updated = parse(vuln['last_updated'])
# Check if this advisory exists, if not, make it
advisory_id = vuln['advisory_id'].strip(' \t\n\r')
try:
advisory = Ciscoadvisory.objects.get(advisory_id=advisory_id)
except Ciscoadvisory.DoesNotExist:
print "Creating new Advisory ID %s" % (advisory_id)
advisory = Ciscoadvisory.objects.create(
advisory_id=advisory_id,
advisory_vendor=cisco,
advisory_title=vuln['advisory_title'],
cvrf_url=vuln['cvrf_url'],
cvss_base_score=vuln['cvss_base_score'],
first_published=first_published,
last_updated=last_updated,
publication_url=vuln['publication_url'],
sir=vuln['sir'],
summary=vuln['summary'])
for bug in bugs:
advisory.bug_ids.add(bug)
for cve in cves:
advisory.cves.add(cve)
for cwe in cwes:
advisory.cwe.add(cwe)
for ips in ipssigs:
advisory.ips_signatures.add(ips)
for product in products:
advisory.product_names.add(product)
advisory.save()
change_message = construct_change_message(None, None, True)
log_addition(user, advisory, change_message)
# Check if the advisory has been updated
if advisory.last_updated < last_updated:
change_message = []
print "Updating advisory ID %s" % (advisory_id)
if vuln['advisory_title'] != advisory.advisory_title:
advisory.advisory_title = vuln['advisory_title']
change_message.append(
{'changed': {
'fields': 'advisory_title',
}})
if advisory.cvrf_url != vuln['cvrf_url']:
advisory.cvrf_url = vuln['cvrf_url']
change_message.append({'changed': {
'fields': 'cvrf_url',
}})
if advisory.cvss_base_score != vuln['cvss_base_score']:
advisory.cvss_base_score = vuln['cvss_base_score']
change_message.append(
{'changed': {
'fields': 'cvss_base_score',
}})
if list(advisory.bug_ids.all()) != list(bugs):
advisory.bug_ids.set(bugs)
change_message.append({'changed': {
'fields': 'bug_ids',
}})
if list(advisory.cves.all()) != list(cves):
advisory.cves.set(cves)
change_message.append({'changed': {
'fields': 'cves',
}})
if list(advisory.cwe.all()) != list(cwes):
advisory.cwe.set(cwes)
change_message.append({'changed': {
'fields': 'cwe',
}})
if advisory.first_published != first_published:
advisory.first_published = first_published
change_message.append(
{'changed': {
'fields': 'first_published',
}})
if advisory.ips_signatures != ipssigs:
advisory.ips_signatures = ipssigs
change_message.append(
{'changed': {
'fields': 'ips_signatures',
}})
if advisory.last_updated != last_updated:
advisory.last_updated = last_updated
change_message.append(
{'changed': {
'fields': 'last_updated',
}})
if list(advisory.product_names.all()) != list(products):
advisory.product_names.set(products)
change_message.append(
{'changed': {
'fields': 'product_names',
}})
if advisory.publication_url != vuln['publication_url']:
advisory.publication_url = vuln['publication_url']
change_message.append(
{'changed': {
'fields': 'publication_url',
}})
if advisory.sir != vuln['sir']:
advisory.sir = vuln['sir']
change_message.append({'changed': {
'fields': 'sir',
}})
if advisory.summary != vuln['summary']:
advisory.summary = vuln['summary']
change_message.append({'changed': {
'fields': 'summary',
}})
advisory.save()
log_change(user, advisory, change_message)
#now we'll have to make all assessments of this advisory invalid
a = Advisory.objects.get(
object_id=advisory.pk,
content_type=get_content_type_for_model(Ciscoadvisory))
assessments = a.assessment_set.all()
for assessment in assessments:
print "Invalidating assessment %s" % (assessment)
assessment.valid = Assessment.NO
assessment.save()