def add_meta_data(request, pid):
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = DojoMetaDataForm(request.POST)
if form.is_valid():
cf, created = DojoMeta.objects.get_or_create(
name=form.cleaned_data['name'],
model_name='Product',
model_id=prod.id,
value=form.cleaned_data['value'])
cf.save()
prod.product_meta.add(cf)
prod.save()
messages.add_message(request,
messages.SUCCESS,
'Metadata added successfully.',
extra_tags='alert-success')
if 'add_another' in request.POST:
return HttpResponseRedirect(
reverse('add_meta_data', args=(pid, )))
else:
return HttpResponseRedirect(
reverse('view_product', args=(pid, )))
else:
form = DojoMetaDataForm()
product_tab = Product_Tab(pid, title="Add Metadata", tab="settings")
return render(request, 'dojo/add_product_meta_data.html', {
'form': form,
'product_tab': product_tab,
'product': prod,
})
def edit_engagement_presets(request, pid, eid):
prod = get_object_or_404(Product, id=pid)
preset = get_object_or_404(Engagement_Presets, id=eid)
product_tab = Product_Tab(prod.id,
title="Edit Engagement Preset",
tab="settings")
if request.method == 'POST':
tform = EngagementPresetsForm(request.POST, instance=preset)
if tform.is_valid():
tform.save()
messages.add_message(request,
messages.SUCCESS,
'Engagement Preset Successfully Updated.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('engagement_presets', args=(pid, )))
else:
tform = EngagementPresetsForm(instance=preset)
return render(request, 'dojo/edit_presets.html', {
'product_tab': product_tab,
'tform': tform,
'prod': prod
})
def upload_threatmodel(request, eid):
eng = Engagement.objects.get(id=eid)
add_breadcrumb(
parent=eng,
title="Upload a threat model",
top_level=False,
request=request)
if request.method == 'POST':
form = UploadThreatForm(request.POST, request.FILES)
if form.is_valid():
handle_uploaded_threat(request.FILES['file'], eng)
eng.progress = 'other'
eng.threat_model = True
eng.save()
messages.add_message(
request,
messages.SUCCESS,
'Threat model saved.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_engagement', args=(eid, )))
else:
form = UploadThreatForm()
product_tab = Product_Tab(eng.product.id, title="Upload Threat Model", tab="engagements")
return render(request, 'dojo/up_threat.html', {
'form': form,
'product_tab': product_tab,
'eng': eng,
})
def edit_meta_data(request, eid):
endpoint = Endpoint.objects.get(id=eid)
if request.method == 'POST':
for key, value in request.POST.iteritems():
if key.startswith('cfv_'):
cfv_id = int(key.split('_')[1])
cfv = get_object_or_404(DojoMeta, id=cfv_id)
value = value.strip()
if value:
cfv.value = value
cfv.save()
else:
cfv.delete()
messages.add_message(request,
messages.SUCCESS,
'Metadata edited successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_endpoint', args=(eid, )))
product_tab = Product_Tab(endpoint.product.id,
"Edit Metadata",
tab="endpoints")
return render(request, 'dojo/edit_endpoint_meta_data.html', {
'endpoint': endpoint,
'product_tab': product_tab,
})
def delete_product(request, pid):
product = get_object_or_404(Product, pk=pid)
form = DeleteProductForm(instance=product)
if request.method == 'POST':
if 'id' in request.POST and str(product.id) == request.POST['id']:
form = DeleteProductForm(request.POST, instance=product)
if form.is_valid():
if product.tags:
del product.tags
product.delete()
messages.add_message(request,
messages.SUCCESS,
'Product and relationships removed.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('product'))
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([product])
rels = collector.nested()
product_tab = Product_Tab(pid, title="Product", tab="settings")
return render(
request, 'dojo/delete_product.html', {
'product': product,
'form': form,
'product_tab': product_tab,
'rels': rels,
})
def view_test(request, tid):
test = Test.objects.get(id=tid)
prod = test.engagement.product
auth = request.user.is_staff or request.user in prod.authorized_users.all()
if not auth:
# will render 403
raise PermissionDenied
notes = test.notes.all()
person = request.user.username
findings = Finding.objects.filter(test=test).order_by('numerical_severity')
stub_findings = Stub_Finding.objects.filter(test=test)
cred_test = Cred_Mapping.objects.filter(
test=test).select_related('cred_id').order_by('cred_id')
creds = Cred_Mapping.objects.filter(
engagement=test.engagement).select_related('cred_id').order_by(
'cred_id')
if request.method == 'POST' and request.user.is_staff:
form = NoteForm(request.POST)
if form.is_valid():
new_note = form.save(commit=False)
new_note.author = request.user
new_note.date = timezone.now()
new_note.save()
test.notes.add(new_note)
form = NoteForm()
url = request.build_absolute_uri(
reverse("view_test", args=(test.id, )))
title = "Test: %s on %s" % (test.test_type.name,
test.engagement.product.name)
process_notifications(request, new_note, url, title)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
else:
form = NoteForm()
fpage = get_page_items(request, findings, 25)
sfpage = get_page_items(request, stub_findings, 25)
show_re_upload = any(test.test_type.name in code
for code in ImportScanForm.SCAN_TYPE_CHOICES)
product_tab = Product_Tab(prod.id, title="Test", tab="engagements")
product_tab.setEngagement(test.engagement)
return render(
request, 'dojo/view_test.html', {
'test': test,
'product_tab': product_tab,
'findings': fpage,
'findings_count': findings.count(),
'stub_findings': sfpage,
'form': form,
'notes': notes,
'person': person,
'request': request,
'show_re_upload': show_re_upload,
'creds': creds,
'cred_test': cred_test
})
def edit_endpoint(request, eid):
endpoint = get_object_or_404(Endpoint, id=eid)
if request.method == 'POST':
form = EditEndpointForm(request.POST, instance=endpoint)
if form.is_valid():
endpoint = form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
endpoint.tags = t
messages.add_message(request,
messages.SUCCESS,
'Endpoint updated successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_endpoint', args=(endpoint.id, )))
add_breadcrumb(parent=endpoint,
title="Edit",
top_level=False,
request=request)
form = EditEndpointForm(instance=endpoint)
form.initial['tags'] = [tag.name for tag in endpoint.tags]
product_tab = Product_Tab(endpoint.product.id, "Endpoint", tab="endpoints")
return render(request, "dojo/edit_endpoint.html", {
"endpoint": endpoint,
'product_tab': product_tab,
"form": form,
})
def process_endpoint_view(request, eid, host_view=False):
endpoint = get_object_or_404(Endpoint, id=eid)
if host_view:
endpoints = endpoint.host_endpoints()
endpoint_metadata = None
all_findings = endpoint.host_findings()
active_findings = endpoint.host_active_findings()
else:
endpoints = None
endpoint_metadata = dict(
endpoint.endpoint_meta.values_list('name', 'value'))
all_findings = endpoint.findings()
active_findings = endpoint.active_findings()
if all_findings:
start_date = timezone.make_aware(
datetime.combine(all_findings.last().date, datetime.min.time()))
else:
start_date = timezone.now()
end_date = timezone.now()
r = relativedelta(end_date, start_date)
months_between = (r.years * 12) + r.months
# include current month
months_between += 1
# closed_findings is needed as a parameter for get_periods_counts, but they are not relevant in the endpoint view
closed_findings = Finding.objects.none()
monthly_counts = get_period_counts(active_findings,
all_findings,
closed_findings,
None,
months_between,
start_date,
relative_delta='months')
paged_findings = get_page_items(request, active_findings, 25)
vulnerable = False
if active_findings.count() != 0:
vulnerable = True
product_tab = Product_Tab(endpoint.product.id,
"Host" if host_view else "Endpoint",
tab="endpoints")
return render(
request, "dojo/view_endpoint.html", {
"endpoint": endpoint,
'product_tab': product_tab,
"endpoints": endpoints,
"findings": paged_findings,
'all_findings': all_findings,
'opened_per_month': monthly_counts['opened_per_period'],
'endpoint_metadata': endpoint_metadata,
'vulnerable': vulnerable,
'host_view': host_view,
})
def edit_endpoint(request, eid):
endpoint = get_object_or_404(Endpoint, id=eid)
if request.method == 'POST':
form = EditEndpointForm(request.POST, instance=endpoint)
if form.is_valid():
logger.debug('saving endpoint')
endpoint = form.save()
messages.add_message(request,
messages.SUCCESS,
'Endpoint updated successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_endpoint', args=(endpoint.id, )))
else:
add_breadcrumb(parent=endpoint,
title="Edit",
top_level=False,
request=request)
form = EditEndpointForm(instance=endpoint)
product_tab = Product_Tab(endpoint.product.id, "Endpoint", tab="endpoints")
return render(request, "dojo/edit_endpoint.html", {
"endpoint": endpoint,
'product_tab': product_tab,
"form": form,
})
def delete_product(request, pid):
product = get_object_or_404(Product, pk=pid)
form = DeleteProductForm(instance=product)
if request.method == 'POST':
if 'id' in request.POST and str(product.id) == request.POST['id']:
form = DeleteProductForm(request.POST, instance=product)
if form.is_valid():
if product.tags:
del product.tags
product.delete()
messages.add_message(request,
messages.SUCCESS,
'Product and relationships removed.',
extra_tags='alert-success')
create_notification(event='other',
title='Deletion of %s' % product.name,
description='The product "%s" was deleted by %s' % (product.name, request.user),
url=request.build_absolute_uri(reverse('product')),
icon="exclamation-triangle")
return HttpResponseRedirect(reverse('product'))
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([product])
rels = collector.nested()
product_tab = Product_Tab(pid, title="Product", tab="settings")
return render(request, 'dojo/delete_product.html',
{'product': product,
'form': form,
'product_tab': product_tab,
'rels': rels,
})
def new_eng_for_app(request, pid, cicd=False):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST, cicd=cicd)
if form.is_valid():
new_eng = form.save(commit=False)
if not new_eng.name:
new_eng.name = str(new_eng.target_start)
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
if cicd:
new_eng.engagement_type = 'CI/CD'
new_eng.status = "In Progress"
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_eng.tags = t
if get_system_setting('enable_jira'):
# Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=reverse('view_engagement', args=(new_eng.id,)), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
elif "_Import Scan Results" in request.POST:
return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id)
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
product_tab = Product_Tab(pid, title="New Engagement", tab="engagements")
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'product_tab': product_tab,
'jform': jform
})
def edit_tool_product(request, pid, ttid):
prod = get_object_or_404(Product, id=pid)
tool_product = Tool_Product_Settings.objects.get(pk=ttid)
if request.method == 'POST':
tform = ToolProductSettingsForm(request.POST, instance=tool_product)
if tform.is_valid():
tform.save()
messages.add_message(
request,
messages.SUCCESS,
'Tool Product Configuration Successfully Updated.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('all_tool_product', args=(pid, )))
else:
tform = ToolProductSettingsForm(instance=tool_product)
product_tab = Product_Tab(pid,
title="Edit Product Tool Configuration",
tab="settings")
return render(request, 'dojo/edit_tool_product.html', {
'tform': tform,
'product_tab': product_tab
})
def new_tool_product(request, pid):
prod = get_object_or_404(Product, id=pid)
if request.method == 'POST':
tform = ToolProductSettingsForm(request.POST)
if tform.is_valid():
# form.tool_type = tool_type
new_prod = tform.save(commit=False)
new_prod.product = prod
new_prod.save()
messages.add_message(
request,
messages.SUCCESS,
'Product Tool Configuration Successfully Created.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('all_tool_product', args=(pid, )))
else:
tform = ToolProductSettingsForm()
product_tab = Product_Tab(pid, title="Tool Configurations", tab="settings")
return render(request, 'dojo/new_tool_product.html', {
'tform': tform,
'product_tab': product_tab,
'pid': pid
})
def edit_meta_data(request, pid):
prod = Product.objects.get(id=pid)
product_cf = prod.product_meta
product_metadata = {}
for cf in product_cf.all():
cfv = cf.value
if len(cfv):
product_metadata[cf] = cfv
if request.method == 'POST':
for key, value in request.POST.iteritems():
if key.startswith('cfv_'):
cfv_id = int(key.split('_')[1])
cfv = get_object_or_404(DojoMeta, id=cfv_id)
value = value.strip()
if value:
cfv.value = value
cfv.save()
else:
cfv.delete()
messages.add_message(request,
messages.SUCCESS,
'Metadata edited successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_product', args=(pid, )))
product_tab = Product_Tab(pid, title="Edit Metadata", tab="settings")
return render(
request, 'dojo/edit_product_meta_data.html', {
'product': prod,
'product_tab': product_tab,
'product_metadata': product_metadata,
})
def action_history(request, cid, oid):
try:
ct = ContentType.objects.get_for_id(cid)
obj = ct.get_object_for_this_type(pk=oid)
except KeyError:
raise Http404()
product_id = None
active_tab = None
finding = None
test = False
object_value = None
if str(ct) == "product":
product_id = obj.id
active_tab = "overview"
object_value = Product.objects.get(id=obj.id)
elif str(ct) == "engagement":
object_value = Engagement.objects.get(id=obj.id)
product_id = object_value.product.id
active_tab = "engagements"
elif str(ct) == "test":
object_value = Test.objects.get(id=obj.id)
product_id = object_value.engagement.product.id
active_tab = "engagements"
test = True
elif str(ct) == "finding":
object_value = Finding.objects.get(id=obj.id)
product_id = object_value.test.engagement.product.id
active_tab = "findings"
finding = object_value
elif str(ct) == "endpoint":
object_value = Endpoint.objects.get(id=obj.id)
product_id = object_value.product.id
active_tab = "endpoints"
product_tab = None
if product_id:
product_tab = Product_Tab(product_id, title="History", tab=active_tab)
if active_tab == "engagements":
if str(ct) == "engagement":
product_tab.setEngagement(object_value)
else:
product_tab.setEngagement(object_value.engagement)
history = LogEntry.objects.filter(content_type=ct,
object_pk=obj.id).order_by('-timestamp')
history = LogEntryFilter(request.GET, queryset=history)
paged_history = get_page_items(request, history.qs, 25)
return render(
request, 'dojo/action_history.html', {
"history": paged_history,
'product_tab': product_tab,
"filtered": history,
"obj": obj,
"test": test,
"object_value": object_value,
"finding": finding
})
def add_endpoint(request, pid):
product = get_object_or_404(Product, id=pid)
template = 'dojo/add_endpoint.html'
form = AddEndpointForm(product=product)
if request.method == 'POST':
form = AddEndpointForm(request.POST, product=product)
if form.is_valid():
endpoints = form.save()
tags = request.POST.get('tags')
for e in endpoints:
e.tags = tags
e.save()
messages.add_message(request,
messages.SUCCESS,
'Endpoint added successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('endpoint') + "?product=" + pid)
product_tab = Product_Tab(product.id, "Add Endpoint", tab="endpoints")
return render(request, template, {
'product_tab': product_tab,
'name': 'Add Endpoint',
'form': form
})
def delete_endpoint(request, eid):
endpoint = get_object_or_404(Endpoint, pk=eid)
product = endpoint.product
form = DeleteEndpointForm(instance=endpoint)
if request.method == 'POST':
if 'id' in request.POST and str(endpoint.id) == request.POST['id']:
form = DeleteEndpointForm(request.POST, instance=endpoint)
if form.is_valid():
endpoint.delete()
messages.add_message(request,
messages.SUCCESS,
'Endpoint and relationships removed.',
extra_tags='alert-success')
create_notification(event='other',
title='Deletion of %s' % endpoint,
description='The endpoint "%s" was deleted by %s' % (endpoint, request.user),
url=request.build_absolute_uri(reverse('endpoints')),
icon="exclamation-triangle")
return HttpResponseRedirect(reverse('view_product', args=(product.id,)))
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([endpoint])
rels = collector.nested()
product_tab = Product_Tab(endpoint.product.id, "Delete Endpoint", tab="endpoints")
return render(request, 'dojo/delete_endpoint.html',
{'endpoint': endpoint,
'product_tab': product_tab,
'form': form,
'rels': rels,
})
def delete_test(request, tid):
test = get_object_or_404(Test, pk=tid)
eng = test.engagement
form = DeleteTestForm(instance=test)
if request.method == 'POST':
if 'id' in request.POST and str(test.id) == request.POST['id']:
form = DeleteTestForm(request.POST, instance=test)
if form.is_valid():
del test.tags
test.delete()
messages.add_message(request,
messages.SUCCESS,
'Test and relationships removed.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_engagement', args=(eng.id,)))
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([test])
rels = collector.nested()
product_tab = Product_Tab(test.engagement.product.id, title="Delete Test", tab="engagements")
product_tab.setEngagement(test.engagement)
return render(request, 'dojo/delete_test.html',
{'test': test,
'product_tab': product_tab,
'form': form,
'rels': rels,
'deletable_objects': rels,
})
def delete_engagement(request, eid):
engagement = get_object_or_404(Engagement, pk=eid)
product = engagement.product
form = DeleteEngagementForm(instance=engagement)
if request.method == 'POST':
if 'id' in request.POST and str(engagement.id) == request.POST['id']:
form = DeleteEngagementForm(request.POST, instance=engagement)
if form.is_valid():
del engagement.tags
engagement.delete()
messages.add_message(
request,
messages.SUCCESS,
'Engagement and relationships removed.',
extra_tags='alert-success')
if engagement.engagement_type == 'CI/CD':
return HttpResponseRedirect(reverse("view_engagements_cicd", args=(product.id, )))
else:
return HttpResponseRedirect(reverse("view_engagements", args=(product.id, )))
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([engagement])
rels = collector.nested()
product_tab = Product_Tab(product.id, title="Delete Engagement", tab="engagements")
product_tab.setEngagement(engagement)
return render(request, 'dojo/delete_engagement.html', {
'product_tab': product_tab,
'engagement': engagement,
'form': form,
'rels': rels,
})
def delete(request, pid, type):
product = get_object_or_404(Product, id=pid)
benchmark_type = get_object_or_404(Benchmark_Type, id=type)
benchmark_product_summary = Benchmark_Product_Summary.objects.filter(product=product, benchmark_type=type).first()
form = DeleteBenchmarkForm(instance=benchmark_product_summary)
if request.method == 'POST':
if 'id' in request.POST and str(benchmark_product_summary.id) == request.POST['id']:
form = DeleteBenchmarkForm(request.POST, instance=benchmark_product_summary)
if form.is_valid():
benchmark_product = Benchmark_Product.objects.filter(product=product, control__category__type=type)
benchmark_product.delete()
benchmark_product_summary.delete()
messages.add_message(request,
messages.SUCCESS,
'Benchmarks removed.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('product'))
product_tab = Product_Tab(pid, title="Delete Benchmarks", tab="benchmarks")
return render(request, 'dojo/delete_benchmark.html',
{'product': product,
'form': form,
'product_tab': product_tab
})
def add_meta_data(request, eid):
endpoint = Endpoint.objects.get(id=eid)
if request.method == 'POST':
form = DojoMetaDataForm(request.POST,
instance=DojoMeta(endpoint=endpoint))
if form.is_valid():
form.save()
messages.add_message(request,
messages.SUCCESS,
'Metadata added successfully.',
extra_tags='alert-success')
if 'add_another' in request.POST:
return HttpResponseRedirect(
reverse('add_meta_data', args=(eid, )))
else:
return HttpResponseRedirect(
reverse('view_endpoint', args=(eid, )))
else:
form = DojoMetaDataForm()
add_breadcrumb(parent=endpoint,
title="Add Metadata",
top_level=False,
request=request)
product_tab = Product_Tab(endpoint.product.id,
"Add Metadata",
tab="endpoints")
return render(request, 'dojo/add_endpoint_meta_data.html', {
'form': form,
'product_tab': product_tab,
'endpoint': endpoint,
})
def edit_cred_product(request, pid, ttid):
cred = get_object_or_404(Cred_Mapping.objects.select_related('cred_id'),
id=ttid)
prod = get_object_or_404(Product, pk=pid)
if request.method == 'POST':
tform = CredMappingFormProd(request.POST, instance=cred)
if tform.is_valid():
tform.save()
messages.add_message(request,
messages.SUCCESS,
'Credential Successfully Updated.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('all_cred_product', args=(pid, )))
else:
tform = CredMappingFormProd(instance=cred)
product_tab = Product_Tab(prod.id,
title="Edit Product Credential",
tab="settings")
return render(request, 'dojo/edit_cred_all.html', {
'tform': tform,
'product_tab': product_tab,
'cred_type': "Product"
})
def delete_engagement_presets(request, pid, eid):
prod = get_object_or_404(Product, id=pid)
preset = get_object_or_404(Engagement_Presets, id=eid)
form = DeleteEngagementPresetsForm(instance=preset)
if request.method == 'POST':
if 'id' in request.POST:
form = DeleteEngagementPresetsForm(request.POST, instance=preset)
if form.is_valid():
preset.delete()
messages.add_message(
request,
messages.SUCCESS,
'Engagement presets and engagement relationships removed.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('engagement_presets', args=(pid, )))
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([preset])
rels = collector.nested()
product_tab = Product_Tab(pid,
title="Delete Engagement Preset",
tab="settings")
return render(
request, 'dojo/delete_presets.html', {
'product': product,
'form': form,
'product_tab': product_tab,
'rels': rels,
})
def new_cred_product(request, pid):
prod = get_object_or_404(Product, pk=pid)
if request.method == 'POST':
tform = CredMappingFormProd(request.POST)
if tform.is_valid():
# Select the credential mapping object from the selected list and only allow if the credential is associated with the product
cred_user = Cred_Mapping.objects.filter(
cred_id=tform.cleaned_data['cred_id'].id, product=pid).first()
message = "Credential already associated."
status_tag = 'alert-danger'
if cred_user is None:
prod = Product.objects.get(id=pid)
new_f = tform.save(commit=False)
new_f.product = prod
new_f.save()
message = 'Credential Successfully Updated.'
status_tag = 'alert-success'
messages.add_message(
request, messages.SUCCESS, message, extra_tags=status_tag)
return HttpResponseRedirect(reverse('all_cred_product', args=(pid, )))
else:
tform = CredMappingFormProd()
product_tab = Product_Tab(pid, title="Add Credential Configuration", tab="settings")
return render(request, 'dojo/new_cred_product.html', {
'tform': tform,
'pid': pid,
'product_tab': product_tab
})
def add_meta_data(request, pid):
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = DojoMetaDataForm(request.POST, instance=DojoMeta(product=prod))
if form.is_valid():
form.save()
messages.add_message(request,
messages.SUCCESS,
'Metadata added successfully.',
extra_tags='alert-success')
if 'add_another' in request.POST:
return HttpResponseRedirect(
reverse('add_meta_data', args=(pid, )))
else:
return HttpResponseRedirect(
reverse('view_product', args=(pid, )))
else:
form = DojoMetaDataForm()
product_tab = Product_Tab(pid, title="Add Metadata", tab="settings")
return render(request, 'dojo/add_product_meta_data.html', {
'form': form,
'product_tab': product_tab,
'product': prod,
})
def new_object(request, pid):
prod = get_object_or_404(Product, id=pid)
if request.method == 'POST':
tform = ObjectSettingsForm(request.POST)
if tform.is_valid():
new_prod = tform.save(commit=False)
new_prod.product = prod
new_prod.save()
messages.add_message(request,
messages.SUCCESS,
'Added Tracked File to a Product',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_objects', args=(pid, )))
else:
tform = ObjectSettingsForm()
product_tab = Product_Tab(pid,
title="Add Tracked Files to a Product",
tab="settings")
return render(request, 'dojo/new_object.html', {
'tform': tform,
'product_tab': product_tab,
'pid': prod.id
})
def add_engagement_presets(request, pid):
prod = get_object_or_404(Product, id=pid)
if request.method == 'POST':
tform = EngagementPresetsForm(request.POST)
if tform.is_valid():
form_copy = tform.save(commit=False)
form_copy.product = prod
form_copy.save()
tform.save_m2m()
messages.add_message(request,
messages.SUCCESS,
'Engagement Preset Successfully Created.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('engagement_presets', args=(pid, )))
else:
tform = EngagementPresetsForm()
product_tab = Product_Tab(pid,
title="New Engagement Preset",
tab="settings")
return render(request, 'dojo/new_params.html', {
'tform': tform,
'pid': pid,
'product_tab': product_tab
})
def delete_object(request, pid, ttid):
object = Objects_Product.objects.get(pk=ttid)
product = get_object_or_404(Product, id=pid)
if object.product != product:
raise BadRequest(
f'Product {pid} does not fit to product of Object {object.product.id}'
)
if request.method == 'POST':
tform = ObjectSettingsForm(request.POST, instance=object)
object.delete()
messages.add_message(request,
messages.SUCCESS,
'Tracked Product Files Deleted.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_objects', args=(pid, )))
else:
tform = DeleteObjectsSettingsForm(instance=object)
product_tab = Product_Tab(pid,
title="Delete Product Tool Configuration",
tab="settings")
return render(request, 'dojo/delete_object.html', {
'tform': tform,
'product_tab': product_tab
})
def edit_test(request, tid):
test = get_object_or_404(Test, pk=tid)
form = TestForm(instance=test)
if request.method == 'POST':
form = TestForm(request.POST, instance=test)
if form.is_valid():
new_test = form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_test.tags = t
messages.add_message(request,
messages.SUCCESS,
'Test saved.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_engagement', args=(test.engagement.id,)))
form.initial['target_start'] = test.target_start.date()
form.initial['target_end'] = test.target_end.date()
form.initial['tags'] = [tag.name for tag in test.tags]
product_tab = Product_Tab(test.engagement.product.id, title="Edit Test", tab="engagements")
product_tab.setEngagement(test.engagement)
return render(request, 'dojo/edit_test.html',
{'test': test,
'product_tab': product_tab,
'form': form,
})
def edit_object(request, pid, ttid):
object = Objects_Product.objects.get(pk=ttid)
if request.method == 'POST':
tform = ObjectSettingsForm(request.POST, instance=object)
if tform.is_valid():
tform.save()
# tags = request.POST.getlist('tags')
# t = ", ".join('"{0}"'.format(w) for w in tags)
# object.tags = t
messages.add_message(request,
messages.SUCCESS,
'Tool Product Configuration Successfully Updated.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_objects', args=(pid,)))
else:
tform = ObjectSettingsForm(instance=object)
# tform.initial['tags'] = [tag.name for tag in object.tags.all()]
product_tab = Product_Tab(pid, title="Edit Tracked Files", tab="settings")
return render(request,
'dojo/edit_object.html',
{
'tform': tform,
'product_tab': product_tab
})
