def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False).distinct() # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def all_endpoints(request): endpoints = Endpoint.objects.all() # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "All Endpoints", })
def all_endpoints(request): endpoints = Endpoint.objects.all() # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user)) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "All Endpoints", })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter( finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False).distinct() product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user)) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) return render( request, 'dojo/endpoints.html', { "endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, mitigated=False).prefetch_related( 'product', 'product__tags', 'tags').distinct() # are they authorized if request.user.is_staff: pass else: endpoints = Endpoint.objects.filter( Q(product__authorized_users__in=[request.user]) | Q(product__prod_type__authorized_users__in=[request.user])) if not endpoints: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) endpoints_query = endpoints.qs.order_by('host') paged_endpoints = get_page_items(request, endpoints_query, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) system_settings = System_Settings.objects.get() product_tab = None view_name = "All Endpoints" if product: product_tab = Product_Tab(product.id, "Vulnerable Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def process_endpoints_view(request, host_view=False, vulnerable=False): if vulnerable: endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, mitigated=False) else: endpoints = Endpoint.objects.all() endpoints = endpoints.prefetch_related('product', 'product__tags', 'tags').distinct() endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user) if host_view: ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) else: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) if vulnerable: view_name = "Vulnerable" else: view_name = "All" if host_view: view_name += " Endpoint Hosts" else: view_name += " Endpoints" add_breadcrumb(title=view_name, top_level=not len(request.GET), request=request) product_tab = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if not settings.FEATURE_AUTHORIZATION_V2: if not user_is_authorized(request.user, 'view', product): raise PermissionDenied else: user_has_permission_or_403(request.user, product, Permissions.Product_View) product_tab = Product_Tab(product.id, view_name, tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "host_view": host_view, "product_tab": product_tab })
def all_endpoints(request): endpoints = Endpoint.objects.all().prefetch_related( 'product', 'tags', 'product__tags') show_uri = get_system_setting('display_endpoint_uri') # are they authorized if request.user.is_staff: pass else: endpoints = Endpoint.objects.filter( Q(product__authorized_users__in=[request.user]) | Q(product__prod_type__authorized_users__in=[request.user])) if not endpoints: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if show_uri: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) else: ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) product_tab = None view_name = "All Endpoints" if product: view_name = "Endpoints" product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "show_uri": show_uri })
def all_endpoints(request): endpoints = Endpoint.objects.prefetch_related('product', 'tags', 'product__tags') endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user) show_uri = get_system_setting('display_endpoint_uri') product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if not settings.FEATURE_AUTHORIZATION_V2: if not user_is_authorized(request.user, 'view', product): raise PermissionDenied else: user_has_permission_or_403(request.user, product, Permissions.Product_View) if show_uri: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) else: ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) product_tab = None view_name = "All Endpoints" if product: view_name = "Endpoints" product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "show_uri": show_uri })
def all_endpoints(request): endpoints = Endpoint.objects.all() show_uri = get_system_setting('display_endpoint_uri') # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if show_uri: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) else: ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) product_tab = None view_name = "All Endpoints" if product: view_name = "Endpoints" product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "show_uri": show_uri })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False).distinct() product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user)) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })