def product_endpoint_report(request, pid): user = Dojo_User.objects.get(id=request.user.id) product = get_object_or_404(Product.objects.all().prefetch_related( 'engagement_set__test_set__test_type', 'engagement_set__test_set__environment'), id=pid) endpoint_ids = Endpoint.objects.filter( product=product, finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, ).values_list('id', flat=True) # ids = get_endpoint_ids(endpoints) endpoints = prefetch_related_endpoints_for_report( Endpoint.objects.filter(id__in=endpoint_ids)) endpoints = EndpointReportFilter(request.GET, queryset=endpoints) paged_endpoints = get_page_items(request, endpoints.qs, 25) report_format = request.GET.get('report_type', 'AsciiDoc') include_finding_notes = int(request.GET.get('include_finding_notes', 0)) include_finding_images = int(request.GET.get('include_finding_images', 0)) include_executive_summary = int( request.GET.get('include_executive_summary', 0)) include_table_of_contents = int( request.GET.get('include_table_of_contents', 0)) generate = "_generate" in request.GET add_breadcrumb(parent=product, title="Vulnerable Product Endpoints Report", top_level=False, request=request) report_form = ReportOptionsForm() filename = "product_endpoint_report.pdf" template = "dojo/product_endpoint_pdf_report.html" report_name = "Product Endpoint Report: " + str(product) report_title = "Product Endpoint Report" report_subtitle = str(product) report_info = "Generated By %s on %s" % (user.get_full_name(), ( timezone.now().strftime("%m/%d/%Y %I:%M%p %Z"))) try: start_date = Finding.objects.filter( endpoints__in=endpoints.qs).order_by('date')[:1][0].date except: start_date = timezone.now() end_date = timezone.now() risk_acceptances = Risk_Acceptance.objects.filter( engagement__test__finding__endpoints__in=endpoints.qs) accepted_findings = [ finding for ra in risk_acceptances for finding in ra.accepted_findings.filter(endpoints__in=endpoints.qs) ] verified_findings = Finding.objects.filter( endpoints__in=endpoints.qs, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False) open_findings = Finding.objects.filter(endpoints__in=endpoints.qs, false_p=False, verified=True, duplicate=False, out_of_scope=False, active=True, mitigated__isnull=True) closed_findings = Finding.objects.filter(endpoints__in=endpoints.qs, false_p=False, verified=True, duplicate=False, out_of_scope=False, mitigated__isnull=False) if generate: report_form = ReportOptionsForm(request.GET) if report_format == 'AsciiDoc': return render( request, 'dojo/asciidoc_report.html', { 'product_type': None, 'product': product, 'accepted_findings': accepted_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'verified_findings': verified_findings, 'engagement': None, 'test': None, 'endpoints': endpoints, 'endpoint': None, 'findings': None, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': request.user, 'title': 'Generate Report', }) elif report_format == 'PDF': endpoints = endpoints.qs.order_by('finding__numerical_severity') # lets create the report object and send it in to celery task if 'regen' in request.GET: # we should already have a report object, lets get and use it report = get_object_or_404(Report, id=request.GET['regen']) report.datetime = timezone.now() report.status = 'requested' if report.requester.username != request.user.username: report.requester = request.user else: report = Report(name="Product Endpoints " + str(product), type="Product Endpoint", format='PDF', requester=request.user, task_id='tbd', options=request.path + "?" + request.GET.urlencode()) report.save() async_pdf_report.delay( report=report, template=template, filename=filename, report_title=report_title, report_subtitle=report_subtitle, report_info=report_info, context={ 'product': product, 'endpoints': endpoints, 'accepted_findings': accepted_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'verified_findings': verified_findings, 'report_name': report_name, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': user, 'team_name': get_system_setting('team_name'), 'title': 'Generate Report', 'host': report_url_resolver(request), 'user_id': request.user.id }, uri=request.build_absolute_uri(report.get_url())) messages.add_message(request, messages.SUCCESS, 'Your report is building.', extra_tags='alert-success') return HttpResponseRedirect(reverse('reports')) elif report_format == 'HTML': return render( request, template, { 'product_type': None, 'product': product, 'engagement': None, 'test': None, 'endpoint': None, 'endpoints': endpoints.qs, 'findings': None, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'user': request.user, 'title': 'Generate Report', }) else: raise Http404() product_tab = Product_Tab(product.id, "Product Endpoint Report", tab="endpoints") return render( request, 'dojo/request_endpoint_report.html', { "endpoints": paged_endpoints, "filtered": endpoints, "product_tab": product_tab, 'report_form': report_form, "name": "Vulnerable Product Endpoints", })
def product_endpoint_report(request, pid): user = Dojo_User.objects.get(id=request.user.id) product = get_object_or_404(Product.objects.all().prefetch_related( 'engagement_set__test_set__test_type', 'engagement_set__test_set__environment'), id=pid) endpoint_ids = Endpoint.objects.filter( product=product, finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, ).values_list('id', flat=True) endpoints = prefetch_related_endpoints_for_report( Endpoint.objects.filter(id__in=endpoint_ids)) endpoints = EndpointReportFilter(request.GET, queryset=endpoints) paged_endpoints = get_page_items(request, endpoints.qs, 25) report_format = request.GET.get('report_type', 'AsciiDoc') include_finding_notes = int(request.GET.get('include_finding_notes', 0)) include_finding_images = int(request.GET.get('include_finding_images', 0)) include_executive_summary = int( request.GET.get('include_executive_summary', 0)) include_table_of_contents = int( request.GET.get('include_table_of_contents', 0)) include_disclaimer = int(request.GET.get('include_disclaimer', 0)) disclaimer = get_system_setting('disclaimer') if include_disclaimer and len(disclaimer) == 0: disclaimer = 'Please configure in System Settings.' generate = "_generate" in request.GET add_breadcrumb(parent=product, title="Vulnerable Product Endpoints Report", top_level=False, request=request) report_form = ReportOptionsForm() template = "dojo/product_endpoint_pdf_report.html" report_name = "Product Endpoint Report: " + str(product) report_title = "Product Endpoint Report" report_subtitle = str(product) report_info = "Generated By %s on %s" % (user.get_full_name(), ( timezone.now().strftime("%m/%d/%Y %I:%M%p %Z"))) try: start_date = Finding.objects.filter( endpoints__in=endpoints.qs).order_by('date')[:1][0].date except: start_date = timezone.now() end_date = timezone.now() risk_acceptances = Risk_Acceptance.objects.filter( engagement__test__finding__endpoints__in=endpoints.qs) accepted_findings = [ finding for ra in risk_acceptances for finding in ra.accepted_findings.filter(endpoints__in=endpoints.qs) ] verified_findings = Finding.objects.filter( endpoints__in=endpoints.qs, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False) open_findings = Finding.objects.filter(endpoints__in=endpoints.qs, false_p=False, verified=True, duplicate=False, out_of_scope=False, active=True, mitigated__isnull=True) closed_findings = Finding.objects.filter(endpoints__in=endpoints.qs, false_p=False, verified=True, duplicate=False, out_of_scope=False, mitigated__isnull=False) if generate: report_form = ReportOptionsForm(request.GET) if report_format == 'AsciiDoc': return render( request, 'dojo/asciidoc_report.html', { 'product_type': None, 'product': product, 'accepted_findings': accepted_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'verified_findings': verified_findings, 'engagement': None, 'test': None, 'endpoints': endpoints, 'endpoint': None, 'findings': None, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'include_disclaimer': include_disclaimer, 'disclaimer': disclaimer, 'user': request.user, 'title': 'Generate Report', }) elif report_format == 'HTML': return render( request, template, { 'product_type': None, 'product': product, 'engagement': None, 'test': None, 'endpoint': None, 'endpoints': endpoints.qs, 'findings': None, 'include_finding_notes': include_finding_notes, 'include_finding_images': include_finding_images, 'include_executive_summary': include_executive_summary, 'include_table_of_contents': include_table_of_contents, 'include_disclaimer': include_disclaimer, 'disclaimer': disclaimer, 'user': request.user, 'title': 'Generate Report', }) else: raise Http404() product_tab = Product_Tab(product.id, "Product Endpoint Report", tab="endpoints") return render( request, 'dojo/request_endpoint_report.html', { "endpoints": paged_endpoints, "filtered": endpoints, "product_tab": product_tab, 'report_form': report_form, "name": "Vulnerable Product Endpoints", })