def generate_report(request, obj): user = Dojo_User.objects.get(id=request.user.id) customer = None product = None engagement = None test = None endpoint = None endpoint_all_findings = None endpoint_monthly_counts = None endpoint_active_findings = None accepted_findings = None open_findings = None closed_findings = None verified_findings = None report_title = None report_subtitle = None report_info = "Generated By %s on %s" % (user.get_full_name(), ( timezone.now().strftime("%m/%d/%Y %I:%M%p %Z"))) if type(obj).__name__ == "Product": if request.user.is_staff or request.user in obj.authorized_users.all(): pass # user is authorized for this product else: raise PermissionDenied elif type(obj).__name__ == "Endpoint": if request.user.is_staff or request.user in obj.product.authorized_users.all( ): pass # user is authorized for this product else: raise PermissionDenied elif type(obj).__name__ == "QuerySet": # authorization taken care of by only selecting findings from product user is authed to see pass else: if not request.user.is_staff: raise PermissionDenied report_format = request.GET.get('report_type', 'AsciiDoc') report_template = int(request.GET.get('report_template', 0)) include_finding_notes = int(request.GET.get('include_finding_notes', 0)) include_finding_images = int(request.GET.get('include_finding_images', 0)) include_executive_summary = int( request.GET.get('include_executive_summary', 0)) include_table_of_contents = int( request.GET.get('include_table_of_contents', 0)) generate = "_generate" in request.GET report_name = str(obj) report_type = type(obj).__name__ add_breadcrumb(title="Generate Report", top_level=False, request=request) if type(obj).__name__ == "Customer": customer = obj filename = "customer_finding_report.pdf" template = "dojo/customer_pdf_report.html" report_name = "Customer Report: " + str(customer) report_title = "Customer Report" report_subtitle = str(customer) findings = ReportFindingFilter( request.GET, queryset=Finding.objects.filter( test__engagement__product__customer=customer).distinct( ).prefetch_related('test', 'test__engagement__product', 'test__engagement__product__customer')) products = Product.objects.filter( customer=customer, engagement__test__finding__in=findings.qs).distinct() engagements = Engagement.objects.filter( product__customer=customer, test__finding__in=findings.qs).distinct() tests = Test.objects.filter(engagement__product__customer=customer, finding__in=findings.qs).distinct() if findings: start_date = datetime.combine(findings.qs.last().date, datetime.min.time()) else: start_date = timezone.now() end_date = timezone.now() r = relativedelta(end_date, start_date) months_between = (r.years * 12) + r.months # include current month months_between += 1 endpoint_monthly_counts = get_period_counts_legacy( findings.qs, findings.qs, None, months_between, start_date, relative_delta='months') context = { 'customer': customer, 'products': products, 'engagements': engagements, 'tests': tests, 'report_name': report_name, 'endpoint_opened_per_month': endpoint_monthly_counts['opened_per_period'] if endpoint_monthly_counts is not None else [], 'endpoint_active_findings': findings.qs, 'findings': findings.qs, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': settings.TEAM_NAME, 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id } elif type(obj).__name__ == "Product": product = obj filename = "product_finding_report.pdf" template = "dojo/product_pdf_report.html" report_name = "Product Report: " + str(product) report_title = "Product Report" report_subtitle = str(product) findings = ReportFindingFilter( request.GET, queryset=Finding.objects.filter( test__engagement__product=product).distinct().prefetch_related( 'test', 'test__engagement__product', 'test__engagement__product__customer')) ids = set(finding.id for finding in findings.qs) engagements = Engagement.objects.filter( test__finding__id__in=ids).distinct() tests = Test.objects.filter(finding__id__in=ids).distinct() context = { 'product': product, 'engagements': engagements, 'tests': tests, 'report_name': report_name, 'findings': findings.qs, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': settings.TEAM_NAME, 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id } elif type(obj).__name__ == "Engagement": engagement = obj findings = ReportFindingFilter( request.GET, queryset=Finding.objects.filter( test__engagement=engagement, ).order_by( '-score').prefetch_related( 'test', 'test__engagement__product', 'test__engagement__product__customer').distinct()) report_name = '%s - %s - %s' % (engagement.product.customer, engagement.product, engagement) filename = "engagement_finding_report.pdf" template = 'dojo/engagement_pdf_report_new.html' report_title = "Engagement Report" report_subtitle = str(engagement) ids = set(finding.id for finding in findings.qs) tests = Test.objects.filter(finding__id__in=ids).distinct() context = { 'engagement': engagement, 'tests': tests, 'report_name': report_name, 'findings': findings.qs, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': get_system_setting('team_name'), 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id } elif type(obj).__name__ == "Test": test = obj findings = ReportFindingFilter( request.GET, queryset=Finding.objects.filter(test=test).prefetch_related( 'test', 'test__engagement__product', 'test__engagement__product__customer').distinct()) filename = "test_finding_report.pdf" template = "dojo/test_pdf_report.html" report_name = "Test Report: " + str(test) report_title = "Test Report" report_subtitle = str(test) context = { 'test': test, 'report_name': report_name, 'findings': findings.qs, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': settings.TEAM_NAME, 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id } elif type(obj).__name__ == "Endpoint": endpoint = obj host = endpoint.host_no_port report_name = "Endpoint Report: " + host report_type = "Endpoint" endpoints = Endpoint.objects.filter( host__regex="^" + host + ":?", product=endpoint.product).distinct() filename = "endpoint_finding_report.pdf" template = 'dojo/endpoint_pdf_report.html' report_title = "Endpoint Report" report_subtitle = host findings = ReportFindingFilter( request.GET, queryset=Finding.objects.filter( endpoints__in=endpoints, ).prefetch_related( 'test', 'test__engagement__product', 'test__engagement__product__customer').distinct()) context = { 'endpoint': endpoint, 'endpoints': endpoints, 'report_name': report_name, 'findings': findings.qs, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': get_system_setting('team_name'), 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id } elif type(obj).__name__ == "QuerySet": findings = ReportAuthedFindingFilter( request.GET, queryset=obj.prefetch_related( 'test', 'test__engagement__product', 'test__engagement__product__customer').distinct(), user=request.user) filename = "finding_report.pdf" report_name = 'Finding' report_type = 'Finding' template = 'dojo/finding_pdf_report.html' report_title = "Finding Report" report_subtitle = '' context = { 'findings': findings.qs, 'report_name': report_name, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': settings.TEAM_NAME, 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id } else: raise Http404() report_form = ReportOptionsForm() if generate: report_form = ReportOptionsForm(request.GET) if report_format == 'AsciiDoc': return render( request, 'dojo/asciidoc_report.html', { 'customer': customer, 'product': product, 'engagement': engagement, 'test': test, 'endpoint': endpoint, 'findings': findings.qs, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': settings.TEAM_NAME, 'title': 'Generate Report', 'user_id': request.user.id, 'host': report_url_resolver(request), }) elif report_format == 'PDF': if 'regen' in request.GET: # we should already have a report object, lets get and use it report = get_object_or_404(Report, id=request.GET['regen']) report.datetime = timezone.now() report.status = 'requested' if report.requester.username != request.user.username: report.requester = request.user else: # lets create the report object and send it in to celery task report = Report(name=report_name, type=report_type, format='PDF', requester=request.user, task_id='tbd', options=request.path + "?" + request.GET.urlencode()) report.save() async_pdf_report.delay(report=report, template=template, filename=filename, report_title=report_title, report_subtitle=report_subtitle, report_info=report_info, context=context, uri=request.build_absolute_uri( report.get_url())) messages.add_message(request, messages.SUCCESS, 'Your report is building.', extra_tags='alert-success') return HttpResponseRedirect(reverse('reports')) elif report_format == 'docx': template = glob(settings.DOJO_ROOT + '/templates/dojo/*.docx')[report_template] filename = "engagement_finding_report.docx" report_title = "Engagement Report" if 'regen' in request.GET: # we should already have a report object, lets get and use it report = get_object_or_404(Report, id=request.GET['regen']) report.datetime = timezone.now() report.template = template report.status = 'requested' if report.requester.username != request.user.username: report.requester = request.user else: # lets create the report object and send it in to celery task report = Report(name=report_name, type=report_type, format='docx', requester=request.user, task_id='tbd', options=request.path + "?" + request.GET.urlencode()) report.save() async_docx_report.delay(report=report, template=template, filename=filename, report_title=report_title, report_subtitle=report_subtitle, report_info=report_info, context=context, uri=request.build_absolute_uri( report.get_url())) return HttpResponseRedirect(reverse('reports')) else: raise Http404() paged_findings = get_page_items(request, findings.qs, 25) return render( request, 'dojo/request_report.html', { 'customer': customer, 'product': product, 'engagement': engagement, 'test': test, 'endpoint': endpoint, 'findings': findings, 'paged_findings': paged_findings, 'report_form': report_form, })