def view_engagement(request, eid):
eng = Engagement.objects.get(id=eid)
tests = Test.objects.filter(engagement=eng)
risks_accepted = eng.risk_acceptance.all()
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
eng_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
try:
check = Check_List.objects.get(engagement=eng)
except:
check = None
pass
form = DoneForm()
if request.method == 'POST':
eng.progress = 'check_list'
eng.save()
add_breadcrumb(parent=eng, top_level=False, request=request)
return render(
request, 'dojo/view_eng.html', {
'eng': eng,
'tests': tests,
'check': check,
'threat': eng.tmodel_path,
'risk': eng.risk_path,
'form': form,
'risks_accepted': risks_accepted,
'can_add_risk': len(eng_findings),
})
def view_engagement(request, eid):
eng = Engagement.objects.get(id=eid)
tests = Test.objects.filter(engagement=eng)
risks_accepted = eng.risk_acceptance.all()
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
eng_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
try:
check = Check_List.objects.get(engagement=eng)
except:
check = None
pass
form = DoneForm()
if request.method == 'POST':
eng.progress = 'check_list'
eng.save()
add_breadcrumb(parent=eng, top_level=False, request=request)
if hasattr(settings, 'ENABLE_DEDUPLICATION'):
if settings.ENABLE_DEDUPLICATION:
enabled = True
findings = Finding.objects.filter(test__engagement=eng,
duplicate=False)
else:
enabled = False
findings = None
else:
enabled = False
findings = None
if findings is not None:
fpage = get_page_items(request, findings, 15)
else:
fpage = None
return render(
request, 'dojo/view_eng.html', {
'eng': eng,
'tests': tests,
'findings': fpage,
'enabled': enabled,
'check': check,
'threat': eng.tmodel_path,
'risk': eng.risk_path,
'form': form,
'risks_accepted': risks_accepted,
'can_add_risk': len(eng_findings),
})
def view_engagement(request, eid):
eng = get_object_or_404(Engagement, id=eid)
tests = eng.test_set.all().order_by('test_type__name', '-updated')
default_page_num = 10
tests_filter = EngagementTestFilter(request.GET, queryset=tests, engagement=eng)
paged_tests = get_page_items(request, tests_filter.qs, default_page_num)
# prefetch only after creating the filters to avoid https://code.djangoproject.com/ticket/23771 and https://code.djangoproject.com/ticket/25375
paged_tests.object_list = prefetch_for_view_tests(paged_tests.object_list)
prod = eng.product
risks_accepted = eng.risk_acceptance.all().select_related('owner').annotate(accepted_findings_count=Count('accepted_findings__id'))
preset_test_type = None
network = None
if eng.preset:
preset_test_type = eng.preset.test_type.all()
network = eng.preset.network_locations.all()
system_settings = System_Settings.objects.get()
jissue = jira_helper.get_jira_issue(eng)
jira_project = jira_helper.get_jira_project(eng)
try:
check = Check_List.objects.get(engagement=eng)
except:
check = None
pass
notes = eng.notes.all()
note_type_activation = Note_Type.objects.filter(is_active=True).count()
if note_type_activation:
available_note_types = find_available_notetypes(notes)
form = DoneForm()
files = eng.files.all()
if request.method == 'POST':
user_has_permission_or_403(request.user, eng, Permissions.Note_Add)
eng.progress = 'check_list'
eng.save()
if note_type_activation:
form = TypedNoteForm(request.POST, available_note_types=available_note_types)
else:
form = NoteForm(request.POST)
if form.is_valid():
new_note = form.save(commit=False)
new_note.author = request.user
new_note.date = timezone.now()
new_note.save()
eng.notes.add(new_note)
if note_type_activation:
form = TypedNoteForm(available_note_types=available_note_types)
else:
form = NoteForm()
url = request.build_absolute_uri(reverse("view_engagement", args=(eng.id,)))
title = "Engagement: %s on %s" % (eng.name, eng.product.name)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
else:
if note_type_activation:
form = TypedNoteForm(available_note_types=available_note_types)
else:
form = NoteForm()
creds = Cred_Mapping.objects.filter(
product=eng.product).select_related('cred_id').order_by('cred_id')
cred_eng = Cred_Mapping.objects.filter(
engagement=eng.id).select_related('cred_id').order_by('cred_id')
add_breadcrumb(parent=eng, top_level=False, request=request)
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(prod.id, title="View" + title + " Engagement", tab="engagements")
product_tab.setEngagement(eng)
return render(
request, 'dojo/view_eng.html', {
'eng': eng,
'product_tab': product_tab,
'system_settings': system_settings,
'tests': paged_tests,
'filter': tests_filter,
'check': check,
'threat': eng.tmodel_path,
'form': form,
'notes': notes,
'files': files,
'risks_accepted': risks_accepted,
'jissue': jissue,
'jira_project': jira_project,
'creds': creds,
'cred_eng': cred_eng,
'network': network,
'preset_test_type': preset_test_type
})
def view_engagement(request, eid):
eng = Engagement.objects.get(id=eid)
tests = Test.objects.filter(engagement=eng)
risks_accepted = eng.risk_acceptance.all()
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
except:
jissue = None
pass
try:
jconf = JIRA_PKey.objects.get(product=eng.product).conf
except:
jconf = None
pass
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
eng_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
try:
check = Check_List.objects.get(engagement=eng)
except:
check = None
pass
form = DoneForm()
if request.method == 'POST':
eng.progress = 'check_list'
eng.save()
creds = Cred_Mapping.objects.filter(
product=eng.product).select_related('cred_id').order_by('cred_id')
cred_eng = Cred_Mapping.objects.filter(
engagement=eng.id).select_related('cred_id').order_by('cred_id')
add_breadcrumb(parent=eng, top_level=False, request=request)
if hasattr(settings, 'ENABLE_DEDUPLICATION'):
if settings.ENABLE_DEDUPLICATION:
enabled = True
findings = Finding.objects.filter(test__engagement=eng,
duplicate=False)
else:
enabled = False
findings = None
else:
enabled = False
findings = None
if findings is not None:
fpage = get_page_items(request, findings, 15)
else:
fpage = None
# ----------
try:
start_date = Finding.objects.filter(
test__engagement__product=eng.product).order_by('date')[:1][0].date
except:
start_date = localtz.localize(datetime.today())
end_date = localtz.localize(datetime.today())
risk_acceptances = Risk_Acceptance.objects.filter(
engagement__in=Engagement.objects.filter(product=eng.product))
accepted_findings = [
finding for ra in risk_acceptances
for finding in ra.accepted_findings.all()
]
week_date = end_date - timedelta(
days=7) # seven days and /newer are considered "new"
new_verified_findings = Finding.objects.filter(
test__engagement__product=eng.product,
date__range=[week_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False).order_by("date")
open_findings = Finding.objects.filter(
test__engagement__product=eng.product,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
active=True,
mitigated__isnull=True)
closed_findings = Finding.objects.filter(
test__engagement__product=eng.product,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=False)
return render(
request, 'dojo/view_eng.html', {
'eng': eng,
'tests': tests,
'findings': fpage,
'enabled': enabled,
'check': check,
'threat': eng.tmodel_path,
'risk': eng.risk_path,
'form': form,
'risks_accepted': risks_accepted,
'can_add_risk': len(eng_findings),
'jissue': jissue,
'jconf': jconf,
'open_findings': open_findings,
'closed_findings': closed_findings,
'accepted_findings': accepted_findings,
'new_findings': new_verified_findings,
'start_date': start_date,
'creds': creds,
'cred_eng': cred_eng
})
def view_engagement(request, eid):
eng = get_object_or_404(Engagement, id=eid)
tests = Test.objects.filter(engagement=eng).order_by(
'test_type__name', '-updated')
prod = eng.product
auth = request.user.is_staff or request.user in prod.authorized_users.all()
risks_accepted = eng.risk_acceptance.all()
preset_test_type = None
network = None
if eng.preset:
preset_test_type = eng.preset.test_type.all()
network = eng.preset.network_locations.all()
system_settings = System_Settings.objects.get()
if not auth:
# will render 403
raise PermissionDenied
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
except:
jissue = None
pass
try:
jconf = JIRA_PKey.objects.get(product=eng.product).conf
except:
jconf = None
pass
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
eng_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
try:
check = Check_List.objects.get(engagement=eng)
except:
check = None
pass
form = DoneForm()
if request.method == 'POST' and request.user.is_staff:
eng.progress = 'check_list'
eng.save()
creds = Cred_Mapping.objects.filter(
product=eng.product).select_related('cred_id').order_by('cred_id')
cred_eng = Cred_Mapping.objects.filter(
engagement=eng.id).select_related('cred_id').order_by('cred_id')
add_breadcrumb(parent=eng, top_level=False, request=request)
if hasattr(settings, 'ENABLE_DEDUPLICATION'):
if settings.ENABLE_DEDUPLICATION:
enabled = True
findings = Finding.objects.filter(test__engagement=eng,
duplicate=False)
else:
enabled = False
findings = None
else:
enabled = False
findings = None
if findings is not None:
fpage = get_page_items(request, findings, 15)
else:
fpage = None
# ----------
try:
start_date = Finding.objects.filter(
test__engagement__product=eng.product).order_by('date')[:1][0].date
except:
start_date = timezone.now()
end_date = timezone.now()
risk_acceptances = Risk_Acceptance.objects.filter(
engagement__in=Engagement.objects.filter(product=eng.product))
accepted_findings = [
finding for ra in risk_acceptances
for finding in ra.accepted_findings.all()
]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(prod.id,
title="View" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(eng)
return render(
request, 'dojo/view_eng.html', {
'eng': eng,
'product_tab': product_tab,
'system_settings': system_settings,
'tests': tests,
'findings': fpage,
'enabled': enabled,
'check': check,
'threat': eng.tmodel_path,
'risk': eng.risk_path,
'form': form,
'risks_accepted': risks_accepted,
'can_add_risk': eng_findings.count(),
'jissue': jissue,
'jconf': jconf,
'accepted_findings': accepted_findings,
'start_date': start_date,
'creds': creds,
'cred_eng': cred_eng,
'network': network,
'preset_test_type': preset_test_type
})
def view_engagement(request, eid):
if request.user.is_superuser:
eng = get_object_or_404(Engagement, id=eid)
else:
eng = get_object_or_404(Engagement, id=eid, analysts__in=[request.user])
tests = Test.objects.filter(engagement=eng)
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
except:
jissue = None
pass
try:
jconf = JIRA_PKey.objects.get(product=eng.product).conf
except:
jconf = None
pass
try:
check = Check_List.objects.get(engagement=eng)
except:
check = None
pass
form = DoneForm()
if request.method == 'POST':
eng.progress = 'check_list'
eng.save()
add_breadcrumb(parent=eng, top_level=False, request=request)
if hasattr(settings, 'ENABLE_DEDUPLICATION'):
if settings.ENABLE_DEDUPLICATION:
enabled = True
findings = Finding.objects.filter(test__engagement=eng, duplicate=False)
else:
enabled = False
findings = None
else:
enabled = False
findings = None
if findings is not None:
fpage = get_page_items(request, findings, 15)
else:
fpage = None
# ----------
try:
start_date = Finding.objects.filter(test__engagement__product=eng.product).order_by('date')[:1][0].date
except:
start_date = timezone.now()
end_date = timezone.now()
week_date = end_date - timedelta(days=7) # seven days and /newer are considered "new"
new_verified_findings = Finding.objects.filter(test__engagement__product=eng.product,
date__range=[week_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False).order_by("date")
open_findings = Finding.objects.filter(test__engagement__product=eng.product,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=True)
closed_findings = Finding.objects.filter(test__engagement__product=eng.product,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=False)
return render(request, 'dojo/view_eng.html',
{'eng': eng, 'tests': tests,
'findings': fpage, 'enabled': enabled,
'form': form,
'jissue': jissue, 'jconf': jconf,
'open_findings': open_findings,
'closed_findings': closed_findings,
'new_findings': new_verified_findings,
'start_date': start_date
})