def save(self, push_to_jira=False):
data = self.validated_data
test = data['test']
scan_type = data['scan_type']
endpoint_to_add = data['endpoint_to_add']
minimum_severity = data['minimum_severity']
scan_date = data['scan_date']
close_old_findings = data['close_old_findings']
verified = data['verified']
active = data['active']
version = data.get('version', None)
build_id = data.get('build_id', None)
branch_tag = data.get('branch_tag', None)
commit_hash = data.get('commit_hash', None)
scan = data.get('file', None)
endpoints_to_add = [endpoint_to_add] if endpoint_to_add else None
reimporter = ReImporter()
try:
test, finding_count, new_finding_count, closed_finding_count, reactivated_finding_count, untouched_finding_count = \
reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,
tags=None, minimum_severity=minimum_severity,
endpoints_to_add=endpoints_to_add, scan_date=scan_date,
version=version, branch_tag=branch_tag, build_id=build_id,
commit_hash=commit_hash, push_to_jira=push_to_jira,
close_old_findings=close_old_findings)
# convert to exception otherwise django rest framework will swallow them as 400 error
# exceptions are already logged in the importer
except SyntaxError as se:
raise Exception(se)
except ValueError as ve:
raise Exception(ve)
return test
def re_import_scan_results(request, tid):
additional_message = "When re-uploading a scan, any findings not found in original scan will be updated as " \
"mitigated. The process attempts to identify the differences, however manual verification " \
"is highly recommended."
test = get_object_or_404(Test, id=tid)
# by default we keep a trace of the scan_type used to create the test
# if it's not here, we use the "name" of the test type
# this feature exists to provide custom label for tests for some parsers
if test.scan_type:
scan_type = test.scan_type
else:
scan_type = test.test_type.name
engagement = test.engagement
form = ReImportScanForm(test=test)
jform = None
jira_project = jira_helper.get_jira_project(test)
push_all_jira_issues = jira_helper.is_push_all_issues(test)
# Decide if we need to present the Push to JIRA form
if get_system_setting('enable_jira') and jira_project:
jform = JIRAImportScanForm(push_all=push_all_jira_issues,
prefix='jiraform')
if request.method == "POST":
form = ReImportScanForm(request.POST, request.FILES, test=test)
if jira_project:
jform = JIRAImportScanForm(request.POST,
push_all=push_all_jira_issues,
prefix='jiraform')
if form.is_valid() and (jform is None or jform.is_valid()):
scan_date = form.cleaned_data['scan_date']
minimum_severity = form.cleaned_data['minimum_severity']
scan = request.FILES.get('file', None)
active = form.cleaned_data['active']
verified = form.cleaned_data['verified']
tags = form.cleaned_data['tags']
version = form.cleaned_data.get('version', None)
branch_tag = form.cleaned_data.get('branch_tag', None)
build_id = form.cleaned_data.get('build_id', None)
commit_hash = form.cleaned_data.get('commit_hash', None)
api_scan_configuration = form.cleaned_data.get(
'api_scan_configuration', None)
service = form.cleaned_data.get('service', None)
endpoints_to_add = None # not available on reimport UI
close_old_findings = form.cleaned_data.get('close_old_findings',
True)
group_by = form.cleaned_data.get('group_by', None)
# Tags are replaced, same behaviour as with django-tagging
test.tags = tags
test.version = version
if scan and is_scan_file_too_large(scan):
messages.add_message(
request,
messages.ERROR,
"Report file is too large. Maximum supported size is {} MB"
.format(settings.SCAN_FILE_MAX_SIZE),
extra_tags='alert-danger')
return HttpResponseRedirect(
reverse('re_import_scan_results', args=(test.id, )))
push_to_jira = push_all_jira_issues or (
jform and jform.cleaned_data.get('push_to_jira'))
error = False
finding_count, new_finding_count, closed_finding_count, reactivated_finding_count, untouched_finding_count = 0, 0, 0, 0, 0
reimporter = ReImporter()
try:
test, finding_count, new_finding_count, closed_finding_count, reactivated_finding_count, untouched_finding_count, _ = \
reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,
tags=None, minimum_severity=minimum_severity,
endpoints_to_add=endpoints_to_add, scan_date=scan_date,
version=version, branch_tag=branch_tag, build_id=build_id,
commit_hash=commit_hash, push_to_jira=push_to_jira,
close_old_findings=close_old_findings, group_by=group_by,
api_scan_configuration=api_scan_configuration, service=service)
except Exception as e:
logger.exception(e)
add_error_message_to_response(
'An exception error occurred during the report import:%s' %
str(e))
error = True
if not error:
message = construct_imported_message(
scan_type,
finding_count,
new_finding_count=new_finding_count,
closed_finding_count=closed_finding_count,
reactivated_finding_count=reactivated_finding_count,
untouched_finding_count=untouched_finding_count)
add_success_message_to_response(message)
return HttpResponseRedirect(reverse('view_test', args=(test.id, )))
product_tab = Product_Tab(engagement.product.id,
title="Re-upload a %s" % scan_type,
tab="engagements")
product_tab.setEngagement(engagement)
form.fields['endpoints'].queryset = Endpoint.objects.filter(
product__id=product_tab.product.id)
form.initial['api_scan_configuration'] = test.api_scan_configuration
form.fields[
'api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(
product__id=product_tab.product.id)
return render(
request, 'dojo/import_scan_results.html', {
'form': form,
'product_tab': product_tab,
'eid': engagement.id,
'additional_message': additional_message,
'jform': jform,
'scan_types': get_scan_types_sorted(),
})