def create_new_submission():
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
form = SubmitForm(request.form)
# validates input and csrf token
if form.validate_on_submit():
submissions_table.put_item(
Item={
'Uid': str(uuid4()),
'CreatedBy': data['username'],
'CreatedAt': get_current_timestamp(),
'Title': form.title.data,
'Content': form.content.data,
'Reviewed': False,
'ReviewedBy': "",
'ReviewedAt': "",
'Deleted': False
})
if request.form['submit'] == "Submit":
return redirect('/')
elif request.form['submit'] == "Submit and create another":
return redirect('/submit')
else:
return redirect('/')
return render_template('submit_new.html', form=form, data=data)
def search():
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
form = SearchFrom(request.form)
items_list = []
is_search = False
if request.method == "POST":
is_search = True
keywords = [string.strip() for string in form.hidden.data.split(",")]
tags_list = [string.strip() for string in form.tags.data.split(",")]
response = findings_table.scan(
FilterExpression=Attr('Published').eq(True))
items = response['Items']
for item in items:
if search_results(keywords=keywords,
tags_list=tags_list,
item=item):
item['CreatedAt'] = get_real_date_from_timestamp(
item['CreatedAt'])
items_list.append(item)
return render_template("search.html",
items=items_list,
form=form,
tags=tag_list,
data=data,
is_search=is_search)
def home():
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
if get_jwt_identity():
# make a list of recent approved findings only
response = findings_table.scan(
FilterExpression=Attr('Published').eq(True))
items = response['Items']
ordered_items = sorted(items,
key=lambda k: k['CreatedAt'],
reverse=True)
# replace timestamp with real time
for item in ordered_items:
if item['Deleted']:
ordered_items.remove(item)
else:
item['CreatedAt'] = get_real_date_from_timestamp(
item['CreatedAt'])
return render_template('index.html', items=ordered_items, data=data)
else:
return url_for('.sign_in')
def review_submission(Uid, CreatedBy):
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
form = PublishForm(request.form)
item = get_submission_item(Uid, CreatedBy)
item_created_at = item['CreatedAt']
item['CreatedAt'] = get_real_datetime_from_timestamp(item['CreatedAt'])
if form.validate_on_submit():
tags = request.form['tags'].split(",")
current_time = get_current_timestamp()
findings_table.put_item(
Item={
'Uid': Uid,
'CreatedBy': CreatedBy,
'CreatedAt': item_created_at,
'firstReviewedBy': data['username'],
'firstReviewedAt': current_time,
'secondReviewedBy': "",
'secondReviewedAt': "",
'LastEditAt': "",
'LastEditBy': "",
'Approved': False,
'Title': form.title.data,
'Description': form.finding_description.data,
'Probability': form.risk_probability.data,
'Severity': form.risk_severity.data,
'OverallRisk': form.risk_level.data,
'RiskDetails': form.risk_description.data,
'Recommendations': form.risk_recommendations.data,
'Published': True,
'Deleted': False,
'Tags': tags
})
submissions_table.update_item(
Key={
'Uid': Uid,
'CreatedBy': CreatedBy
},
UpdateExpression=
"SET Reviewed = :val1, ReviewedAt = :val2, ReviewedBy = :val3",
ExpressionAttributeValues={
':val1': True,
':val2': current_time,
':val3': data['username']
})
item = get_finding_item(Uid, CreatedBy)
create_docx_from_item(item=item)
return redirect('/findings/view/finding=' + Uid + "by=" + CreatedBy)
return render_template("review_submission.html",
item=item,
form=form,
tags=tag_list,
data=data)
def findings_trash():
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
response = findings_table.scan(FilterExpression=Attr('Deleted').eq(True))
items = response['Items']
ordered_items = sorted(items, key=lambda k: k['CreatedAt'], reverse=True)
for item in ordered_items:
item['CreatedAt'] = get_real_datetime_from_timestamp(item['CreatedAt'])
return render_template('findings_trash.html', items=items, data=data)
def second_review_finding(Uid, CreatedBy):
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
form = PublishForm(request.form)
item = get_finding_item(Uid, CreatedBy)
if form.validate_on_submit():
tags = request.form['tags'].split(",")
findings_table.update_item(
Key={
'Uid': Uid,
'CreatedBy': CreatedBy
},
UpdateExpression=
"SET Title = :val1, Description = :val2, RiskDetails = :val3, Probability = :val4, "
"Severity = :val5, OverallRisk = :val6, Recommendations = :val7, Tags = :val8,"
"Approved = :val9, secondReviewedAt = :val10, secondReviewedBy = :val11, "
"LastEditAt = :val10, LastEditBy = :val11",
ExpressionAttributeValues={
':val1': form.title.data,
':val2': form.finding_description.data,
':val3': form.risk_description.data,
':val4': form.risk_probability.data,
':val5': form.risk_severity.data,
':val6': form.risk_level.data,
':val7': form.risk_recommendations.data,
':val8': tags,
':val9': True,
':val10': get_current_timestamp(),
':val11': data['username']
})
item = get_finding_item(Uid, CreatedBy)
create_docx_from_item(item=item)
return redirect('/findings/view/finding=' + Uid + 'by=' + CreatedBy)
return render_template("second_review_finding.html",
item=item,
form=form,
tags=tag_list,
data=data)
def second_review_list():
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
response = findings_table.scan(FilterExpression=Attr('Approved').eq(False))
# on button click
i = 0
items = response['Items']
ordered_items = sorted(items, key=lambda k: k['CreatedAt'], reverse=True)
for item in ordered_items:
if item['Deleted']:
i += 1
items.remove(item)
timestamp = item['CreatedAt']
real_time = get_real_datetime_from_timestamp(timestamp=timestamp)
item['CreatedAt'] = real_time
return render_template('waiting_for_second_review.html',
items=items,
trash=i,
data=data)
def view_finding(Uid, CreatedBy):
verify_jwt_in_request()
data = get_user_data_from_cookies(user_request=request)
form = ButtonForm(request.form)
item = get_finding_item(Uid, CreatedBy)
item['CreatedAt'] = get_real_datetime_from_timestamp(item['CreatedAt'])
item['firstReviewedAt'] = get_real_datetime_from_timestamp(
item['firstReviewedAt'])
if item['secondReviewedAt'] != "":
item['secondReviewedAt'] = get_real_datetime_from_timestamp(
item['secondReviewedAt'])
if item['LastEditAt'] != "":
item['LastEditAt'] = get_real_datetime_from_timestamp(
item['LastEditAt'])
return render_template("view_finding.html",
item=item,
data=data,
form=form)
