def new_eng_for_app(request, pid, cicd=False): jform = None prod = Product.objects.get(id=pid) if request.method == 'POST': form = EngForm(request.POST, cicd=cicd) if form.is_valid(): new_eng = form.save(commit=False) if not new_eng.name: new_eng.name = str(new_eng.target_start) new_eng.threat_model = False new_eng.api_test = False new_eng.pen_test = False new_eng.check_list = False new_eng.product = prod if new_eng.threat_model: new_eng.progress = 'threat_model' else: new_eng.progress = 'other' if cicd: new_eng.engagement_type = 'CI/CD' new_eng.status = "In Progress" new_eng.save() tags = request.POST.getlist('tags') t = ", ".join(tags) new_eng.tags = t if get_system_setting('enable_jira'): # Test to make sure there is a Jira project associated the product try: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues) if jform.is_valid(): add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira')) except JIRA_PKey.DoesNotExist: pass messages.add_message(request, messages.SUCCESS, 'Engagement added successfully.', extra_tags='alert-success') create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=request.build_absolute_uri(reverse('view_engagement', args=(new_eng.id,))), objowner=new_eng.lead) if "_Add Tests" in request.POST: return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,))) elif "_Import Scan Results" in request.POST: return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,))) else: return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,))) else: form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id) if(get_system_setting('enable_jira')): if JIRA_PKey.objects.filter(product=prod).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues) product_tab = Product_Tab(pid, title="New Engagement", tab="engagements") return render(request, 'dojo/new_eng.html', {'form': form, 'pid': pid, 'product_tab': product_tab, 'jform': jform })
def edit_engagement(request, eid): eng = Engagement.objects.get(pk=eid) jform = None if request.method == 'POST': form = EngForm2(request.POST, instance=eng) if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=True) if form.is_valid(): if 'jiraform-push_to_jira' in request.POST: try: jissue = JIRA_Issue.objects.get(engagement=eng) update_epic_task.delay( eng, jform.cleaned_data.get('push_to_jira')) enabled = True except: enabled = False add_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira')) pass form.save() tags = request.POST.getlist('tags') t = ", ".join(tags) eng.tags = t messages.add_message(request, messages.SUCCESS, 'Engagement updated successfully.', extra_tags='alert-success') if '_Add Tests' in request.POST: return HttpResponseRedirect( reverse('add_tests', args=(eng.id, ))) else: return HttpResponseRedirect( reverse('view_engagement', args=(eng.id, ))) else: form = EngForm2(instance=eng) try: jissue = JIRA_Issue.objects.get(engagement=eng) enabled = True except: enabled = False pass if get_system_setting('enable_jira') and JIRA_PKey.objects.filter( product=eng.product).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=enabled) else: jform = None form.initial['tags'] = [tag.name for tag in eng.tags] add_breadcrumb(parent=eng, title="Edit Engagement", top_level=False, request=request) return render(request, 'dojo/new_eng.html', { 'form': form, 'edit': True, 'jform': jform })
def new_eng_for_app(request, pid, cicd=False): jform = None prod = Product.objects.get(id=pid) if request.method == 'POST': form = EngForm(request.POST, cicd=cicd) if form.is_valid(): new_eng = form.save(commit=False) if not new_eng.name: new_eng.name = str(new_eng.target_start) new_eng.threat_model = False new_eng.api_test = False new_eng.pen_test = False new_eng.check_list = False new_eng.product = prod if new_eng.threat_model: new_eng.progress = 'threat_model' else: new_eng.progress = 'other' if cicd: new_eng.engagement_type = 'CI/CD' new_eng.status = "In Progress" new_eng.save() tags = request.POST.getlist('tags') t = ", ".join(tags) new_eng.tags = t if get_system_setting('enable_jira'): # Test to make sure there is a Jira project associated the product try: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues) if jform.is_valid(): add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira')) except JIRA_PKey.DoesNotExist: pass messages.add_message(request, messages.SUCCESS, 'Engagement added successfully.', extra_tags='alert-success') create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=reverse('view_engagement', args=(new_eng.id,)), objowner=new_eng.lead) if "_Add Tests" in request.POST: return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,))) elif "_Import Scan Results" in request.POST: return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,))) else: return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,))) else: form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id) if(get_system_setting('enable_jira')): if JIRA_PKey.objects.filter(product=prod).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues) product_tab = Product_Tab(pid, title="New Engagement", tab="engagements") return render(request, 'dojo/new_eng.html', {'form': form, 'pid': pid, 'product_tab': product_tab, 'jform': jform })
def new_eng_for_app(request, pid): jform = None prod = Product.objects.get(id=pid) if request.method == 'POST': form = EngForm(request.POST) if form.is_valid(): new_eng = form.save(commit=False) new_eng.product = prod if new_eng.threat_model: new_eng.progress = 'threat_model' else: new_eng.progress = 'other' new_eng.save() if get_system_setting('enable_jira'): #Test to make sure there is a Jira project associated the product try: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get( product=prod).push_all_issues) if jform.is_valid(): add_epic_task.delay( new_eng, jform.cleaned_data.get('push_to_jira')) except JIRA_PKey.DoesNotExist: pass #else: # print >>sys.stderr, 'no prefix is found' messages.add_message(request, messages.SUCCESS, 'Engagement added successfully.', extra_tags='alert-success') if "_Add Tests" in request.POST: return HttpResponseRedirect( reverse('add_tests', args=(new_eng.id, ))) else: return HttpResponseRedirect( reverse('view_engagement', args=(new_eng.id, ))) else: form = EngForm(initial={}) if (get_system_setting('enable_jira')): if JIRA_PKey.objects.filter(product=prod).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get( product=prod).push_all_issues) add_breadcrumb(parent=prod, title="New Engagement", top_level=False, request=request) return render(request, 'dojo/new_eng.html', { 'form': form, 'pid': pid, 'jform': jform })
def new_eng_for_app(request, pid): jform = None prod = Product.objects.get(id=pid) if request.method == 'POST': form = EngForm(request.POST) if form.is_valid(): new_eng = form.save(commit=False) new_eng.product = prod if new_eng.threat_model: new_eng.progress = 'threat_model' else: new_eng.progress = 'other' new_eng.save() if get_system_setting('enable_jira'): #Test to make sure there is a Jira project associated the product try: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues) if jform.is_valid(): add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira')) except JIRA_PKey.DoesNotExist: pass #else: # print >>sys.stderr, 'no prefix is found' messages.add_message(request, messages.SUCCESS, 'Engagement added successfully.', extra_tags='alert-success') create_notification(event='engagement_added', title='Engagement added', engagement=new_eng, url=request.build_absolute_uri(reverse('view_engagement', args=(new_eng.id,))), objowner=new_eng.lead) if "_Add Tests" in request.POST: return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,))) else: return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,))) else: form = EngForm(initial={}) if(get_system_setting('enable_jira')): if JIRA_PKey.objects.filter(product=prod).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues) add_breadcrumb(parent=prod, title="New Engagement", top_level=False, request=request) return render(request, 'dojo/new_eng.html', {'form': form, 'pid': pid, 'jform': jform })
def edit_engagement(request, eid): eng = Engagement.objects.get(pk=eid) jform = None if request.method == 'POST': form = EngForm2(request.POST, instance=eng) if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=True) if form.is_valid(): if 'jiraform-push_to_jira' in request.POST: try: jissue = JIRA_Issue.objects.get(engagement=eng) update_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira')) enabled = True except: enabled = False add_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira')) pass form.save() tags = request.POST.getlist('tags') t = ", ".join(tags) eng.tags = t messages.add_message(request, messages.SUCCESS, 'Engagement updated successfully.', extra_tags='alert-success') if '_Add Tests' in request.POST: return HttpResponseRedirect(reverse('add_tests', args=(eng.id,))) else: return HttpResponseRedirect(reverse('view_engagement', args=(eng.id,))) else: form = EngForm2(instance=eng) try: jissue = JIRA_Issue.objects.get(engagement=eng) enabled = True except: enabled = False pass if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=eng.product).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=enabled) else: jform = None form.initial['tags'] = [tag.name for tag in eng.tags] add_breadcrumb(parent=eng, title="Edit Engagement", top_level=False, request=request) return render(request, 'dojo/new_eng.html', {'form': form, 'edit': True, 'jform': jform })
def edit_engagement(request, eid): eng = Engagement.objects.get(pk=eid) ci_cd_form = False if eng.engagement_type == "CI/CD": ci_cd_form = True jform = None if request.method == 'POST': form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id) if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=False) if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()): if 'jiraform-push_to_jira' in request.POST: if JIRA_Issue.objects.filter(engagement=eng).exists(): update_epic_task.delay( eng, jform.cleaned_data.get('push_to_jira')) else: add_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira')) temp_form = form.save(commit=False) if (temp_form.status == "Cancelled" or temp_form.status == "Completed"): temp_form.active = False elif (temp_form.active is False): temp_form.active = True temp_form.product_id = form.cleaned_data.get('product').id temp_form.save() tags = request.POST.getlist('tags') t = ", ".join('"{0}"'.format(w) for w in tags) eng.tags = t messages.add_message(request, messages.SUCCESS, 'Engagement updated successfully.', extra_tags='alert-success') if '_Add Tests' in request.POST: return HttpResponseRedirect( reverse('add_tests', args=(eng.id, ))) else: return HttpResponseRedirect( reverse('view_engagement', args=(eng.id, ))) else: form = EngForm(initial={'product': eng.product.id}, instance=eng, cicd=ci_cd_form, product=eng.product.id) try: # jissue = JIRA_Issue.objects.get(engagement=eng) enabled = True except: enabled = False pass if get_system_setting('enable_jira') and JIRA_PKey.objects.filter( product=eng.product).count() != 0: # Enabled must be false in this case, because this Push-to-jira is more about # epics then findings. jform = JIRAFindingForm(prefix='jiraform', enabled=False) # Feels like we should probably inform the user that this particular checkbox # is more about epics and engagements than findings and issues. jform.fields['push_to_jira'].help_text = \ "Checking this will add an EPIC or update an existing EPIC for this engagement." jform.fields['push_to_jira'].label = "Create or update EPIC" else: jform = None form.initial['tags'] = [tag.name for tag in eng.tags] title = "" if eng.engagement_type == "CI/CD": title = " CI/CD" product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements") product_tab.setEngagement(eng) return render( request, 'dojo/new_eng.html', { 'product_tab': product_tab, 'form': form, 'edit': True, 'jform': jform, 'eng': eng })
def edit_engagement(request, eid): eng = Engagement.objects.get(pk=eid) ci_cd_form = False if eng.engagement_type == "CI/CD": ci_cd_form = True jform = None if request.method == 'POST': form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id) if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm( request.POST, prefix='jiraform', enabled=True) if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()): if 'jiraform-push_to_jira' in request.POST: if JIRA_Issue.objects.filter(engagement=eng).exists(): update_epic_task.delay( eng, jform.cleaned_data.get('push_to_jira')) enabled = True else: enabled = False add_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira')) temp_form = form.save(commit=False) if (temp_form.status == "Cancelled" or temp_form.status == "Completed"): temp_form.active = False elif(temp_form.active is False): temp_form.active = True temp_form.save() tags = request.POST.getlist('tags') t = ", ".join(tags) eng.tags = t messages.add_message( request, messages.SUCCESS, 'Engagement updated successfully.', extra_tags='alert-success') if '_Add Tests' in request.POST: return HttpResponseRedirect( reverse('add_tests', args=(eng.id, ))) else: return HttpResponseRedirect( reverse('view_engagement', args=(eng.id, ))) else: form = EngForm(instance=eng, cicd=ci_cd_form, product=eng.product.id) try: # jissue = JIRA_Issue.objects.get(engagement=eng) enabled = True except: enabled = False pass if get_system_setting('enable_jira') and JIRA_PKey.objects.filter( product=eng.product).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=enabled) else: jform = None form.initial['tags'] = [tag.name for tag in eng.tags] title = "" if eng.engagement_type == "CI/CD": title = " CI/CD" product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements") product_tab.setEngagement(eng) return render(request, 'dojo/new_eng.html', { 'product_tab': product_tab, 'form': form, 'edit': True, 'jform': jform, 'eng': eng })
def edit_engagement(request, eid): eng = Engagement.objects.get(pk=eid) ci_cd_form = False if eng.engagement_type == "CI/CD": ci_cd_form = True jform = None use_jira = get_system_setting( 'enable_jira') and eng.product.jira_pkey is not None if request.method == 'POST': form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id, user=request.user) if 'jiraform-push_to_jira' in request.POST: jform = JIRAEngagementForm(request.POST, prefix='jiraform', instance=eng) if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()): logger.debug('jform valid') if 'jiraform-push_to_jira' in request.POST: logger.debug('push_to_jira true') if JIRA_Issue.objects.filter(engagement=eng).exists(): if Dojo_User.wants_block_execution(request.user): update_epic(eng, jform.cleaned_data.get('push_to_jira')) else: update_epic_task.delay( eng, jform.cleaned_data.get('push_to_jira')) else: if Dojo_User.wants_block_execution(request.user): add_epic(eng, jform.cleaned_data.get('push_to_jira')) else: add_epic_task.delay( eng, jform.cleaned_data.get('push_to_jira')) temp_form = form.save(commit=False) if (temp_form.status == "Cancelled" or temp_form.status == "Completed"): temp_form.active = False elif (temp_form.active is False): temp_form.active = True temp_form.product_id = form.cleaned_data.get('product').id temp_form.save() tags = request.POST.getlist('tags') t = ", ".join('"{0}"'.format(w) for w in tags) eng.tags = t messages.add_message(request, messages.SUCCESS, 'Engagement updated successfully.', extra_tags='alert-success') if '_Add Tests' in request.POST: return HttpResponseRedirect( reverse('add_tests', args=(eng.id, ))) else: return HttpResponseRedirect( reverse('view_engagement', args=(eng.id, ))) else: form = EngForm(initial={'product': eng.product.id}, instance=eng, cicd=ci_cd_form, product=eng.product.id, user=request.user) if use_jira: jform = JIRAEngagementForm(prefix='jiraform', instance=eng) else: jform = None form.initial['tags'] = [tag.name for tag in eng.tags] title = "" if eng.engagement_type == "CI/CD": title = " CI/CD" product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements") product_tab.setEngagement(eng) return render( request, 'dojo/new_eng.html', { 'product_tab': product_tab, 'form': form, 'edit': True, 'jform': jform, 'eng': eng })
def new_eng_for_app(request, pid): jform = None prod = Product.objects.get(id=pid) if request.method == 'POST': form = EngForm(request.POST) if form.is_valid(): new_eng = form.save(commit=False) new_eng.product = prod new_eng.save() form.save_m2m() if get_system_setting('enable_jira'): #Test to make sure there is a Jira project associated the product try: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get( product=prod).push_all_issues) if jform.is_valid(): add_epic_task.delay( new_eng, jform.cleaned_data.get('push_to_jira')) except JIRA_PKey.DoesNotExist: pass #else: # print >>sys.stderr, 'no prefix is found' messages.add_message(request, messages.SUCCESS, 'Engagement added successfully.', extra_tags='alert-success') create_notification(event='engagement_added', title='Engagement added', engagement=new_eng, url=request.build_absolute_uri( reverse('view_engagement', args=(new_eng.id, ))), objowner=new_eng.analysts.all()) if "_Add Tests" in request.POST: return HttpResponseRedirect( reverse('add_tests', args=(new_eng.id, ))) else: return HttpResponseRedirect( reverse('view_engagement', args=(new_eng.id, ))) else: form = EngForm(auth_users=( prod.authorized_users.all() | Dojo_User.objects.filter(is_superuser=True)).distinct()) if (get_system_setting('enable_jira')): if JIRA_PKey.objects.filter(product=prod).count() != 0: jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get( product=prod).push_all_issues) add_breadcrumb(parent=prod, title="New Engagement", top_level=False, request=request) return render(request, 'dojo/new_eng.html', { 'form': form, 'pid': pid, 'jform': jform })