def test_mark_fresh_as_mitigated(self, mock_dt): mock_dt.now.return_value = frozen_datetime finding = Finding(is_Mitigated=True, active=False) changed = helper.update_finding_status(finding, self.user_1) self.assertEqual(self.get_mitigation_status_fields(finding), (True, frozen_datetime, self.user_1)) self.assertTrue(changed)
def test_mark_old_active_as_mitigated(self, mock_can_edit, mock_tz, mock_dt): mock_dt.now.return_value = frozen_datetime mock_tz.now.return_value = frozen_datetime old_finding = Finding() new_finding = Finding(is_Mitigated=True, active=False) changed = helper.update_finding_status(new_finding, self.user_1, old_finding) self.assertEqual(self.get_mitigation_status_fields(new_finding), (True, frozen_datetime, self.user_1)) self.assertFalse(changed)
def test_set_old_mitigated_as_active(self, mock_can_edit, mock_tz, mock_dt): mock_dt.now.return_value = frozen_datetime mock_tz.now.return_value = frozen_datetime old_finding = Finding(is_Mitigated=True, active=False, mitigated=frozen_datetime, mitigated_by=self.user_2) new_finding = Finding(active=True) changed = helper.update_finding_status(new_finding, self.user_1, old_finding) self.assertEqual(self.get_mitigation_status_fields(new_finding), (False, None, None)) self.assertFalse(changed)
def test_update_old_mitigated_with_missing_data(self, mock_can_edit, mock_tz, mock_dt): mock_dt.now.return_value = frozen_datetime mock_tz.now.return_value = frozen_datetime custom_mitigated = datetime.datetime.now() old_finding = Finding(is_Mitigated=True, active=False, mitigated=custom_mitigated, mitigated_by=self.user_2) new_finding = Finding(is_Mitigated=True, active=False) changed = helper.update_finding_status(new_finding, self.user_1, old_finding) # mitigated and mitigated_vy get updated self.assertEqual(self.get_mitigation_status_fields(new_finding), (True, frozen_datetime, self.user_1)) self.assertTrue(changed)
def add_temp_finding(request, tid, fid): jform = None test = get_object_or_404(Test, id=tid) finding = get_object_or_404(Finding_Template, id=fid) findings = Finding_Template.objects.all() push_all_jira_issues = jira_helper.is_push_all_issues(finding) if request.method == 'POST': form = AddFindingForm(request.POST, req_resp=None, product=test.engagement.product) if jira_helper.get_jira_project(test): jform = JIRAFindingForm( push_all=jira_helper.is_push_all_issues(test), prefix='jiraform', jira_project=jira_helper.get_jira_project(test), finding_form=form) logger.debug('jform valid: %s', jform.is_valid()) if (form['active'].value() is False or form['false_p'].value() ) and form['duplicate'].value() is False: closing_disabled = Note_Type.objects.filter( is_mandatory=True, is_active=True).count() if closing_disabled != 0: error_inactive = ValidationError( 'Can not set a finding as inactive without adding all mandatory notes', code='not_active_or_false_p_true') error_false_p = ValidationError( 'Can not set a finding as false positive without adding all mandatory notes', code='not_active_or_false_p_true') if form['active'].value() is False: form.add_error('active', error_inactive) if form['false_p'].value(): form.add_error('false_p', error_false_p) messages.add_message( request, messages.ERROR, 'Can not set a finding as inactive or false positive without adding all mandatory notes', extra_tags='alert-danger') if form.is_valid(): finding.last_used = timezone.now() finding.save() new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) new_finding.date = form.cleaned_data['date'] or datetime.today() finding_helper.update_finding_status(new_finding, request.user) new_finding.save(dedupe_option=False, false_history=False) # Save and add new endpoints finding_helper.add_endpoints(new_finding, form) new_finding.save(false_history=True) if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm( request.POST, prefix='jiraform', instance=new_finding, push_all=push_all_jira_issues, jira_project=jira_helper.get_jira_project(test), finding_form=form) if jform.is_valid(): if jform.cleaned_data.get('push_to_jira'): jira_helper.push_to_jira(new_finding) else: add_error_message_to_response( 'jira form validation failed: %s' % jform.errors) messages.add_message(request, messages.SUCCESS, 'Finding from template added successfully.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_test', args=(test.id, ))) else: messages.add_message( request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') else: form = AddFindingForm(req_resp=None, product=test.engagement.product, initial={ 'active': False, 'date': timezone.now().date(), 'verified': False, 'false_p': False, 'duplicate': False, 'out_of_scope': False, 'title': finding.title, 'description': finding.description, 'cwe': finding.cwe, 'severity': finding.severity, 'mitigation': finding.mitigation, 'impact': finding.impact, 'references': finding.references, 'numerical_severity': finding.numerical_severity }) if jira_helper.get_jira_project(test): jform = JIRAFindingForm( push_all=jira_helper.is_push_all_issues(test), prefix='jiraform', jira_project=jira_helper.get_jira_project(test), finding_form=form) # logger.debug('form valid: %s', form.is_valid()) # logger.debug('jform valid: %s', jform.is_valid()) # logger.debug('form errors: %s', form.errors) # logger.debug('jform errors: %s', jform.errors) # logger.debug('jform errors: %s', vars(jform)) product_tab = Product_Tab(test.engagement.product.id, title="Add Finding", tab="engagements") product_tab.setEngagement(test.engagement) return render( request, 'dojo/add_findings.html', { 'form': form, 'product_tab': product_tab, 'jform': jform, 'findings': findings, 'temp': True, 'fid': finding.id, 'tid': test.id, 'test': test, })