def vulnerable_endpoints(request):
endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False,
finding__duplicate=False, finding__out_of_scope=False).distinct()
# are they authorized
if request.user.is_staff:
pass
else:
products = Product.objects.filter(authorized_users__in=[request.user])
if products.exists():
endpoints = endpoints.filter(product__in=products.all())
else:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request)
return render(request,
'dojo/endpoints.html',
{"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "Vulnerable Endpoints",
})
def all_endpoints(request):
endpoints = Endpoint.objects.all()
# are they authorized
if request.user.is_staff:
pass
else:
products = Product.objects.filter(authorized_users__in=[request.user])
if products.exists():
endpoints = endpoints.filter(product__in=products.all())
else:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request)
return render(request,
'dojo/endpoints.html',
{"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "All Endpoints",
})
def vulnerable_endpoints(request):
endpoints = Endpoint.objects.filter(
finding__active=True,
finding__verified=True,
finding__false_p=False,
finding__duplicate=False,
finding__out_of_scope=False).distinct()
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(
EndpointFilter(request.GET, queryset=endpoints, user=request.user))
endpoints = EndpointFilter(request.GET,
queryset=endpoints.filter(id__in=ids),
user=request.user)
paged_endpoints = get_page_items(request, endpoints, 25)
add_breadcrumb(title="Vulnerable Endpoints",
top_level=not len(request.GET),
request=request)
return render(
request, 'dojo/endpoints.html', {
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "Vulnerable Endpoints",
})
def all_endpoints(request):
endpoints = Endpoint.objects.all()
# are they authorized
if request.user.is_staff:
pass
else:
products = Product.objects.filter(authorized_users__in=[request.user])
if products.exists():
endpoints = endpoints.filter(product__in=products.all())
else:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user))
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
paged_endpoints = get_page_items(request, endpoints, 25)
add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request)
return render(request,
'dojo/endpoints.html',
{"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "All Endpoints",
})
def vulnerable_endpoints(request):
endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False,
finding__duplicate=False, finding__out_of_scope=False).distinct()
# are they authorized
if request.user.is_staff:
pass
else:
products = Product.objects.filter(authorized_users__in=[request.user])
if products.exists():
endpoints = endpoints.filter(product__in=products.all())
else:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request)
return render(request,
'dojo/endpoints.html',
{"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "Vulnerable Endpoints",
})
def vulnerable_endpoints(request):
endpoints = Endpoint.objects.filter(finding__active=True,
finding__verified=True,
finding__false_p=False,
finding__duplicate=False,
finding__out_of_scope=False,
mitigated=False).prefetch_related(
'product', 'product__tags',
'tags').distinct()
# are they authorized
if request.user.is_staff:
pass
else:
endpoints = Endpoint.objects.filter(
Q(product__authorized_users__in=[request.user])
| Q(product__prod_type__authorized_users__in=[request.user]))
if not endpoints:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(
EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET,
queryset=endpoints.filter(id__in=ids),
user=request.user)
endpoints_query = endpoints.qs.order_by('host')
paged_endpoints = get_page_items(request, endpoints_query, 25)
add_breadcrumb(title="Vulnerable Endpoints",
top_level=not len(request.GET),
request=request)
system_settings = System_Settings.objects.get()
product_tab = None
view_name = "All Endpoints"
if product:
product_tab = Product_Tab(product.id,
"Vulnerable Endpoints",
tab="endpoints")
return render(
request, 'dojo/endpoints.html', {
'product_tab': product_tab,
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "Vulnerable Endpoints",
})
def report_builder(request):
add_breadcrumb(title="Report Builder", top_level=True, request=request)
findings = Finding.objects.all()
findings = ReportAuthedFindingFilter(request.GET, queryset=findings)
endpoints = Endpoint.objects.filter(
finding__active=True,
finding__verified=True,
finding__false_p=False,
finding__duplicate=False,
finding__out_of_scope=False,
).distinct()
ids = get_endpoint_ids(endpoints)
endpoints = Endpoint.objects.filter(id__in=ids)
endpoints = EndpointFilter(request.GET,
queryset=endpoints,
user=request.user)
in_use_widgets = [ReportOptions(request=request)]
available_widgets = [
CoverPage(request=request),
TableOfContents(request=request),
WYSIWYGContent(request=request),
FindingList(request=request, findings=findings),
EndpointList(request=request, endpoints=endpoints),
PageBreak()
]
return render(request, 'dojo/report_builder.html', {
"available_widgets": available_widgets,
"in_use_widgets": in_use_widgets
})
def report_endpoints(request):
user = Dojo_User.objects.get(id=request.user.id)
endpoints = Endpoint.objects.filter(
finding__active=True,
finding__verified=True,
finding__false_p=False,
finding__duplicate=False,
finding__out_of_scope=False,
).distinct()
ids = get_endpoint_ids(endpoints)
endpoints = Endpoint.objects.filter(id__in=ids)
endpoints = EndpointFilter(request.GET,
queryset=endpoints,
user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
return render(
request, 'dojo/report_endpoints.html', {
"endpoints": paged_endpoints,
"filtered": endpoints,
"title": "endpoint-list",
})
def vulnerable_endpoints(request):
endpoints = Endpoint.objects.filter(finding__active=True,
finding__verified=True,
finding__false_p=False,
finding__duplicate=False,
finding__out_of_scope=False,
mitigated=False).prefetch_related(
'product', 'product__tags',
'tags').distinct()
endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints,
request.user)
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
if not settings.FEATURE_AUTHORIZATION_V2:
if not user_is_authorized(request.user, 'view', product):
raise PermissionDenied
else:
user_has_permission_or_403(request.user, product,
Permissions.Product_View)
ids = get_endpoint_ids(
EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET,
queryset=endpoints.filter(id__in=ids),
user=request.user)
endpoints_query = endpoints.qs.order_by('host')
paged_endpoints = get_page_items(request, endpoints_query, 25)
add_breadcrumb(title="Vulnerable Endpoints",
top_level=not len(request.GET),
request=request)
product_tab = None
if product:
product_tab = Product_Tab(product.id,
"Vulnerable Endpoints",
tab="endpoints")
return render(
request, 'dojo/endpoints.html', {
'product_tab': product_tab,
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "Vulnerable Endpoints",
})
def all_endpoints(request):
endpoints = Endpoint.objects.all()
show_uri = get_system_setting('display_endpoint_uri')
# are they authorized
if request.user.is_staff:
pass
else:
products = Product.objects.filter(authorized_users__in=[request.user])
if products.exists():
endpoints = endpoints.filter(product__in=products.all())
else:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
if show_uri:
endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
else:
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request)
product_tab = None
view_name = "All Endpoints"
if product:
view_name = "Endpoints"
product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints")
return render(
request, 'dojo/endpoints.html', {
'product_tab': product_tab,
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": view_name,
"show_uri": show_uri
})
def vulnerable_endpoints(request):
endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False,
finding__duplicate=False, finding__out_of_scope=False).distinct()
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user))
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
paged_endpoints = get_page_items(request, endpoints, 25)
add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request)
return render(request,
'dojo/endpoints.html',
{"endpoints": paged_endpoints,
"filtered": endpoints,
"name": "Vulnerable Endpoints",
})
def all_endpoints(request):
endpoints = Endpoint.objects.all().prefetch_related(
'product', 'tags', 'product__tags')
show_uri = get_system_setting('display_endpoint_uri')
# are they authorized
if request.user.is_staff:
pass
else:
endpoints = Endpoint.objects.filter(
Q(product__authorized_users__in=[request.user])
| Q(product__prod_type__authorized_users__in=[request.user]))
if not endpoints:
raise PermissionDenied
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
if show_uri:
endpoints = EndpointFilter(request.GET,
queryset=endpoints,
user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
else:
ids = get_endpoint_ids(
EndpointFilter(request.GET, queryset=endpoints,
user=request.user).qs)
endpoints = EndpointFilter(request.GET,
queryset=endpoints.filter(id__in=ids),
user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
add_breadcrumb(title="All Endpoints",
top_level=not len(request.GET),
request=request)
product_tab = None
view_name = "All Endpoints"
if product:
view_name = "Endpoints"
product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints")
return render(
request, 'dojo/endpoints.html', {
'product_tab': product_tab,
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": view_name,
"show_uri": show_uri
})
def all_endpoints(request):
endpoints = Endpoint.objects.prefetch_related('product', 'tags',
'product__tags')
endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints,
request.user)
show_uri = get_system_setting('display_endpoint_uri')
product = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
if not settings.FEATURE_AUTHORIZATION_V2:
if not user_is_authorized(request.user, 'view', product):
raise PermissionDenied
else:
user_has_permission_or_403(request.user, product,
Permissions.Product_View)
if show_uri:
endpoints = EndpointFilter(request.GET,
queryset=endpoints,
user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
else:
ids = get_endpoint_ids(
EndpointFilter(request.GET, queryset=endpoints,
user=request.user).qs)
endpoints = EndpointFilter(request.GET,
queryset=endpoints.filter(id__in=ids),
user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
add_breadcrumb(title="All Endpoints",
top_level=not len(request.GET),
request=request)
product_tab = None
view_name = "All Endpoints"
if product:
view_name = "Endpoints"
product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints")
return render(
request, 'dojo/endpoints.html', {
'product_tab': product_tab,
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": view_name,
"show_uri": show_uri
})
def process_endpoints_view(request, host_view=False, vulnerable=False):
if vulnerable:
endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False,
finding__duplicate=False, finding__out_of_scope=False)
endpoints = endpoints.filter(endpoint_status__mitigated=False)
else:
endpoints = Endpoint.objects.all()
endpoints = endpoints.prefetch_related('product', 'product__tags', 'tags').distinct()
endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user)
if host_view:
ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs)
endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user)
else:
endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user)
paged_endpoints = get_page_items(request, endpoints.qs, 25)
if vulnerable:
view_name = "Vulnerable"
else:
view_name = "All"
if host_view:
view_name += " Hosts"
else:
view_name += " Endpoints"
add_breadcrumb(title=view_name, top_level=not len(request.GET), request=request)
product_tab = None
if 'product' in request.GET:
p = request.GET.getlist('product', [])
if len(p) == 1:
product = get_object_or_404(Product, id=p[0])
user_has_permission_or_403(request.user, product, Permissions.Product_View)
product_tab = Product_Tab(product.id, view_name, tab="endpoints")
return render(
request, 'dojo/endpoints.html', {
'product_tab': product_tab,
"endpoints": paged_endpoints,
"filtered": endpoints,
"name": view_name,
"host_view": host_view,
"product_tab": product_tab
})
def report_widget_factory(json_data=None,
request=None,
user=None,
finding_notes=False,
finding_images=False,
host=None):
selected_widgets = OrderedDict()
widgets = json.loads(json_data)
for idx, widget in enumerate(widgets):
if list(widget.keys())[0] == 'page-break':
selected_widgets[list(widget.keys())[0] + '-' +
str(idx)] = PageBreak()
if list(widget.keys())[0] == 'endpoint-list':
endpoints = Endpoint.objects.filter(
finding__active=True,
finding__verified=True,
finding__false_p=False,
finding__duplicate=False,
finding__out_of_scope=False,
).distinct()
d = QueryDict(mutable=True)
for item in widget.get(list(widget.keys())[0]):
if item['name'] in d:
d.getlist(item['name']).append(item['value'])
else:
d[item['name']] = item['value']
from dojo.endpoint.views import get_endpoint_ids
ids = get_endpoint_ids(endpoints)
endpoints = Endpoint.objects.filter(id__in=endpoints)
endpoints = EndpointFilter(d,
queryset=endpoints,
user=request.user)
user_id = user.id if user is not None else None
endpoints = EndpointList(request=request,
endpoints=endpoints,
finding_notes=finding_notes,
finding_images=finding_images,
host=host,
user_id=user_id)
selected_widgets[list(widget.keys())[0] + '-' +
str(idx)] = endpoints
if list(widget.keys())[0] == 'finding-list':
findings = Finding.objects.all()
d = QueryDict(mutable=True)
for item in widget.get(list(widget.keys())[0]):
if item['name'] in d:
d.getlist(item['name']).append(item['value'])
else:
d[item['name']] = item['value']
findings = ReportFindingFilter(d, queryset=findings)
user_id = user.id if user is not None else None
selected_widgets[list(widget.keys())[0] + '-' +
str(idx)] = FindingList(
request=request,
findings=findings,
finding_notes=finding_notes,
finding_images=finding_images,
host=host,
user_id=user_id)
if list(widget.keys())[0] == 'wysiwyg-content':
wysiwyg_content = WYSIWYGContent(request=request)
wysiwyg_content.title = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'heading'), None)['value']
wysiwyg_content.content = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'hidden_content'), None)['value']
selected_widgets[list(widget.keys())[0] + '-' +
str(idx)] = wysiwyg_content
if list(widget.keys())[0] == 'report-options':
options = ReportOptions(request=request)
options.include_finding_notes = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'include_finding_notes'), None)[
'value']
options.include_finding_images = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'include_finding_images'), None)[
'value']
options.report_type = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'report_type'), None)['value']
options.report_name = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'report_name'), None)['value']
selected_widgets[list(widget.keys())[0]] = options
if list(widget.keys())[0] == 'table-of-contents':
toc = TableOfContents(request=request)
toc.title = next((item
for item in widget.get(list(widget.keys())[0])
if item["name"] == 'heading'), None)['value']
toc.depth = next((item
for item in widget.get(list(widget.keys())[0])
if item["name"] == 'depth'), None)['value']
toc.depth = int(toc.depth) + 1
selected_widgets[list(widget.keys())[0]] = toc
if list(widget.keys())[0] == 'cover-page':
cover_page = CoverPage(request=request)
cover_page.title = next(
(item for item in widget.get(list(widget.keys())[0])
if item["name"] == 'heading'), None)['value']
cover_page.sub_heading = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'sub_heading'), None)['value']
cover_page.meta_info = \
next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'meta_info'), None)['value']
selected_widgets[list(widget.keys())[0]] = cover_page
return selected_widgets
