def view_finding(request, fid): finding = get_object_or_404(Finding, id=fid) user = request.user try: jissue = JIRA_Issue.objects.get(finding=finding) except: jissue = None pass try: jpkey = JIRA_PKey.objects.get(product=finding.test.engagement.product) jconf = jpkey.conf except: jconf = None pass dojo_user = get_object_or_404(Dojo_User, id=user.id) if user.is_staff or user in finding.test.engagement.product.authorized_users.all( ): pass # user is authorized for this product else: raise PermissionDenied notes = finding.notes.all() if request.method == 'POST': form = NoteForm(request.POST) if form.is_valid(): new_note = form.save(commit=False) new_note.author = request.user new_note.date = datetime.now(tz=localtz) new_note.save() finding.notes.add(new_note) finding.last_reviewed = new_note.date finding.last_reviewed_by = user finding.save() if jissue is not None: add_comment_task(finding, new_note) form = NoteForm() url = request.build_absolute_uri( reverse("view_finding", args=(finding.id, ))) title = "Finding: " + finding.title process_notifications(request, new_note, url, title) messages.add_message(request, messages.SUCCESS, 'Note saved.', extra_tags='alert-success') else: form = NoteForm() try: reqres = BurpRawRequestResponse.objects.get(finding=finding) burp_request = base64.b64decode(reqres.burpRequestBase64) burp_response = base64.b64decode(reqres.burpResponseBase64) except: reqres = None burp_request = None burp_response = None add_breadcrumb(parent=finding, top_level=False, request=request) return render( request, 'dojo/view_finding.html', { 'finding': finding, 'burp_request': burp_request, 'jissue': jissue, 'jconf': jconf, 'burp_response': burp_response, 'dojo_user': dojo_user, 'user': user, 'notes': notes, 'form': form })
def view_finding(request, fid): finding = get_object_or_404(Finding, id=fid) cred_finding = Cred_Mapping.objects.filter(finding=finding.id).select_related('cred_id').order_by('cred_id') creds = Cred_Mapping.objects.filter(test=finding.test.id).select_related('cred_id').order_by('cred_id') cred_engagement = Cred_Mapping.objects.filter(engagement=finding.test.engagement.id).select_related('cred_id').order_by('cred_id') user = request.user try: jissue = JIRA_Issue.objects.get(finding=finding) except: jissue = None pass try: jpkey = JIRA_PKey.objects.get(product=finding.test.engagement.product) jconf = jpkey.conf except: jconf = None pass dojo_user = get_object_or_404(Dojo_User, id=user.id) if user.is_staff or user in finding.test.engagement.product.authorized_users.all(): pass # user is authorized for this product else: raise PermissionDenied notes = finding.notes.all() if request.method == 'POST': form = NoteForm(request.POST) if form.is_valid(): new_note = form.save(commit=False) new_note.author = request.user new_note.date = timezone.now() new_note.save() finding.notes.add(new_note) finding.last_reviewed = new_note.date finding.last_reviewed_by = user finding.save() if jissue is not None: add_comment_task(finding, new_note) form = NoteForm() url = request.build_absolute_uri(reverse("view_finding", args=(finding.id,))) title= "Finding: "+ finding.title process_notifications(request, new_note, url, title) messages.add_message(request, messages.SUCCESS, 'Note saved.', extra_tags='alert-success') else: form = NoteForm() try: reqres = BurpRawRequestResponse.objects.get(finding=finding) burp_request = base64.b64decode(reqres.burpRequestBase64) burp_response = base64.b64decode(reqres.burpResponseBase64) except: reqres = None burp_request = None burp_response = None add_breadcrumb(parent=finding, top_level=False, request=request) return render(request, 'dojo/view_finding.html', {'finding': finding, 'burp_request': burp_request, 'jissue': jissue, 'jconf': jconf, 'cred_finding': cred_finding, 'creds': creds, 'cred_engagement': cred_engagement, 'burp_response': burp_response, 'dojo_user': dojo_user, 'user': user, 'notes': notes, 'form': form, 'found_by': finding.found_by.all().distinct()})