def finding_bulk_update(request, tid): test = get_object_or_404(Test, id=tid) form = FindingBulkUpdateForm(request.POST) if request.method == "POST": finding_to_update = request.POST.getlist('finding_to_update') if request.POST.get('delete_bulk_findings') and finding_to_update: finds = Finding.objects.filter(test=test, id__in=finding_to_update) product = Product.objects.get(engagement__test=test) finds.delete() calculate_grade(product) else: if form.is_valid() and finding_to_update: finding_to_update = request.POST.getlist('finding_to_update') finds = Finding.objects.filter(test=test, id__in=finding_to_update) if form.cleaned_data['severity']: finds.update(severity=form.cleaned_data['severity'], numerical_severity=Finding.get_numerical_severity(form.cleaned_data['severity']), last_reviewed=timezone.now(), last_reviewed_by=request.user) if form.cleaned_data['status']: finds.update(active=form.cleaned_data['active'], verified=form.cleaned_data['verified'], false_p=form.cleaned_data['false_p'], out_of_scope=form.cleaned_data['out_of_scope'], is_Mitigated=form.cleaned_data['is_Mitigated'], last_reviewed=timezone.now(), last_reviewed_by=request.user) if form.cleaned_data['tags']: for finding in finds: tags = request.POST.getlist('tags') ts = ", ".join(tags) finding.tags = ts # Update the grade as bulk edits don't go through save if form.cleaned_data['severity'] or form.cleaned_data['status']: calculate_grade(test.engagement.product) for finding in finds: if JIRA_PKey.objects.filter(product=finding.test.engagement.product).count() == 0: log_jira_alert('Finding cannot be pushed to jira as there is no jira configuration for this product.', finding) else: old_status = finding.status() if form.cleaned_data['push_to_jira']: if JIRA_Issue.objects.filter(finding=finding).exists(): update_issue_task.delay(finding, old_status, True) else: add_issue_task.delay(finding, True) messages.add_message(request, messages.SUCCESS, 'Bulk edit of findings was successful. Check to make sure it is what you intended.', extra_tags='alert-success') else: messages.add_message(request, messages.ERROR, 'Unable to process bulk update. Required fields were not selected.', extra_tags='alert-danger') return HttpResponseRedirect(reverse('view_test', args=(test.id,)))
def edit_finding(request, fid): finding = get_object_or_404(Finding, id=fid) old_status = finding.status() form = FindingForm(instance=finding) form.initial['tags'] = [tag.name for tag in finding.tags] form_error = False jform = None try: jissue = JIRA_Issue.objects.get(finding=finding) enabled = True except: enabled = False pass if hasattr(settings, 'ENABLE_JIRA'): if settings.ENABLE_JIRA: if JIRA_PKey.objects.filter( product=finding.test.engagement.product) != 0: jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') if request.method == 'POST': form = FindingForm(request.POST, instance=finding) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = finding.test new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = datetime.now(tz=localtz) new_finding.mitigated_by = request.user if new_finding.active is True: new_finding.false_p = False new_finding.mitigated = None new_finding.mitigated_by = None create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.last_reviewed = datetime.now(tz=localtz) new_finding.last_reviewed_by = request.user tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): try: jissue = JIRA_Issue.objects.get(finding=new_finding) update_issue_task.delay( new_finding, old_status, jform.cleaned_data.get('push_to_jira')) except: add_issue_task.delay( new_finding, jform.cleaned_data.get('push_to_jira')) pass tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t messages.add_message(request, messages.SUCCESS, 'Finding saved successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter( title=new_finding.title) if len(templates) > 0: messages.add_message( request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template( title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message( request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') return HttpResponseRedirect( reverse('view_finding', args=(new_finding.id, ))) else: messages.add_message( request, messages.ERROR, 'There appears to be errors on the form, please correct below.', extra_tags='alert-danger') form_error = True if form_error and 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = finding.endpoints.all() form.initial['tags'] = [tag.name for tag in finding.tags] add_breadcrumb(parent=finding, title="Edit", top_level=False, request=request) return render(request, 'dojo/edit_findings.html', { 'form': form, 'finding': finding, 'jform': jform })
def edit_finding(request, fid): finding = get_object_or_404(Finding, id=fid) old_status = finding.status() form = FindingForm(instance=finding) form.initial['tags'] = [tag.name for tag in finding.tags] form_error = False jform = None try: jissue = JIRA_Issue.objects.get(finding=finding) enabled = True except: enabled = False pass if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=finding.test.engagement.product) != 0: jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') if request.method == 'POST': form = FindingForm(request.POST, instance=finding) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = finding.test new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user if new_finding.active is True: new_finding.false_p = False new_finding.mitigated = None new_finding.mitigated_by = None create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.last_reviewed = timezone.now() new_finding.last_reviewed_by = request.user tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): try: jissue = JIRA_Issue.objects.get(finding=new_finding) update_issue_task.delay(new_finding, old_status, jform.cleaned_data.get('push_to_jira')) except: add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) pass tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t messages.add_message(request, messages.SUCCESS, 'Finding saved successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter(title=new_finding.title) if len(templates) > 0: messages.add_message(request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template(title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message(request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_finding', args=(new_finding.id,))) else: messages.add_message(request, messages.ERROR, 'There appears to be errors on the form, please correct below.', extra_tags='alert-danger') form_error = True if form_error and 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = finding.endpoints.all() form.initial['tags'] = [tag.name for tag in finding.tags] add_breadcrumb(parent=finding, title="Edit", top_level=False, request=request) return render(request, 'dojo/edit_findings.html', {'form': form, 'finding': finding, 'jform' : jform })