def finding_bulk_update(request, tid): test = get_object_or_404(Test, id=tid) form = FindingBulkUpdateForm(request.POST) if request.method == "POST": finding_to_update = request.POST.getlist('finding_to_update') if request.POST.get('delete_bulk_findings') and finding_to_update: finds = Finding.objects.filter(test=test, id__in=finding_to_update) product = Product.objects.get(engagement__test=test) finds.delete() calculate_grade(product) else: if form.is_valid() and finding_to_update: finding_to_update = request.POST.getlist('finding_to_update') finds = Finding.objects.filter(test=test, id__in=finding_to_update) if form.cleaned_data['severity']: finds.update(severity=form.cleaned_data['severity'], numerical_severity=Finding.get_numerical_severity(form.cleaned_data['severity']), last_reviewed=timezone.now(), last_reviewed_by=request.user) if form.cleaned_data['status']: finds.update(active=form.cleaned_data['active'], verified=form.cleaned_data['verified'], false_p=form.cleaned_data['false_p'], out_of_scope=form.cleaned_data['out_of_scope'], is_Mitigated=form.cleaned_data['is_Mitigated'], last_reviewed=timezone.now(), last_reviewed_by=request.user) if form.cleaned_data['tags']: for finding in finds: tags = request.POST.getlist('tags') ts = ", ".join(tags) finding.tags = ts # Update the grade as bulk edits don't go through save if form.cleaned_data['severity'] or form.cleaned_data['status']: calculate_grade(test.engagement.product) for finding in finds: if JIRA_PKey.objects.filter(product=finding.test.engagement.product).count() == 0: log_jira_alert('Finding cannot be pushed to jira as there is no jira configuration for this product.', finding) else: old_status = finding.status() if form.cleaned_data['push_to_jira']: if JIRA_Issue.objects.filter(finding=finding).exists(): update_issue_task.delay(finding, old_status, True) else: add_issue_task.delay(finding, True) messages.add_message(request, messages.SUCCESS, 'Bulk edit of findings was successful. Check to make sure it is what you intended.', extra_tags='alert-success') else: messages.add_message(request, messages.ERROR, 'Unable to process bulk update. Required fields were not selected.', extra_tags='alert-danger') return HttpResponseRedirect(reverse('view_test', args=(test.id,)))
def add_findings(request, tid): test = Test.objects.get(id=tid) form_error = False enabled = False jform = None form = AddFindingForm(initial={'date': timezone.now().date()}) if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=test.engagement.product).count() != 0: enabled = JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') else: jform = None if request.method == 'POST': form = AddFindingForm(request.POST) if form['active'].value() is False or form['verified'].value() is False and 'jiraform-push_to_jira' in request.POST: error = ValidationError('Findings must be active and verified to be pushed to JIRA', code='not_active_or_verified') if form['active'].value() is False: form.add_error('active', error) if form['verified'].value() is False: form.add_error('verified', error) messages.add_message(request, messages.ERROR, 'Findings must be active and verified to be pushed to JIRA', extra_tags='alert-danger') if form['severity'].value() == 'Info' and 'jiraform-push_to_jira' in request.POST: error = ValidationError('Findings with Informational severity cannot be pushed to JIRA.', code='info-severity-to-jira') if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.save(dedupe_option=False) new_finding.endpoints.set(form.cleaned_data['endpoints']) new_finding.save(false_history=True) create_notification(event='other', title='Addition of %s' % new_finding.title, description='Finding "%s" was added by %s' % (new_finding.title, request.user), url=request.build_absolute_uri(reverse('view_finding', args=(new_finding.id,))), icon="exclamation-triangle") if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding added successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter(title=new_finding.title) if len(templates) > 0: messages.add_message(request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template(title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message(request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') if '_Finished' in request.POST: return HttpResponseRedirect(reverse('view_test', args=(test.id,))) else: return HttpResponseRedirect(reverse('add_findings', args=(test.id,))) else: if 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = Endpoint.objects.none() form_error = True messages.add_message(request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') product_tab = Product_Tab(test.engagement.product.id, title="Add Finding", tab="engagements") product_tab.setEngagement(test.engagement) return render(request, 'dojo/add_findings.html', {'form': form, 'product_tab': product_tab, 'test': test, 'temp': False, 'tid': tid, 'form_error': form_error, 'jform': jform, })
def add_temp_finding(request, tid, fid): jform = None test = get_object_or_404(Test, id=tid) finding = get_object_or_404(Finding_Template, id=fid) findings = Finding_Template.objects.all() if request.method == 'POST': form = FindingForm(request.POST, template=True) if form.is_valid(): finding.last_used = timezone.now() finding.save() new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) new_finding.date = datetime.today() if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user create_template = new_finding.is_template # is template always False now in favor of new model Finding_Template # no further action needed here since this is already adding from template. new_finding.is_template = False new_finding.save(dedupe_option=False, false_history=False) new_finding.endpoints.set(form.cleaned_data['endpoints']) new_finding.save(false_history=True) tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=True) if jform.is_valid(): add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding from template added successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter(title=new_finding.title) if len(templates) > 0: messages.add_message(request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template(title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message(request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_test', args=(test.id,))) else: messages.add_message(request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') else: form = FindingForm(template=True, initial={'active': False, 'date': timezone.now().date(), 'verified': False, 'false_p': False, 'duplicate': False, 'out_of_scope': False, 'title': finding.title, 'description': finding.description, 'cwe': finding.cwe, 'severity': finding.severity, 'mitigation': finding.mitigation, 'impact': finding.impact, 'references': finding.references, 'numerical_severity': finding.numerical_severity, 'tags': [tag.name for tag in finding.tags]}) if get_system_setting('enable_jira'): enabled = JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') else: jform = None product_tab = Product_Tab(test.engagement.product.id, title="Add Finding", tab="engagements") product_tab.setEngagement(test.engagement) return render(request, 'dojo/add_findings.html', {'form': form, 'product_tab': product_tab, 'jform': jform, 'findings': findings, 'temp': True, 'fid': finding.id, 'tid': test.id, 'test': test, })
def edit_finding(request, fid): finding = get_object_or_404(Finding, id=fid) old_status = finding.status() form = FindingForm(instance=finding) form.initial['tags'] = [tag.name for tag in finding.tags] form_error = False jform = None try: jissue = JIRA_Issue.objects.get(finding=finding) enabled = True except: enabled = False pass if hasattr(settings, 'ENABLE_JIRA'): if settings.ENABLE_JIRA: if JIRA_PKey.objects.filter( product=finding.test.engagement.product) != 0: jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') if request.method == 'POST': form = FindingForm(request.POST, instance=finding) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = finding.test new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = datetime.now(tz=localtz) new_finding.mitigated_by = request.user if new_finding.active is True: new_finding.false_p = False new_finding.mitigated = None new_finding.mitigated_by = None create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.last_reviewed = datetime.now(tz=localtz) new_finding.last_reviewed_by = request.user tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): try: jissue = JIRA_Issue.objects.get(finding=new_finding) update_issue_task.delay( new_finding, old_status, jform.cleaned_data.get('push_to_jira')) except: add_issue_task.delay( new_finding, jform.cleaned_data.get('push_to_jira')) pass tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t messages.add_message(request, messages.SUCCESS, 'Finding saved successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter( title=new_finding.title) if len(templates) > 0: messages.add_message( request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template( title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message( request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') return HttpResponseRedirect( reverse('view_finding', args=(new_finding.id, ))) else: messages.add_message( request, messages.ERROR, 'There appears to be errors on the form, please correct below.', extra_tags='alert-danger') form_error = True if form_error and 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = finding.endpoints.all() form.initial['tags'] = [tag.name for tag in finding.tags] add_breadcrumb(parent=finding, title="Edit", top_level=False, request=request) return render(request, 'dojo/edit_findings.html', { 'form': form, 'finding': finding, 'jform': jform })
def promote_to_finding(request, fid): finding = get_object_or_404(Stub_Finding, id=fid) test = finding.test form_error = False jira_available = False if hasattr(settings, 'ENABLE_JIRA'): if settings.ENABLE_JIRA: if JIRA_PKey.objects.filter(product=test.engagement.product) != 0: jform = JIRAFindingForm( request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get( product=test.engagement.product).push_all_issues) jira_available = True else: jform = None form = PromoteFindingForm( initial={ 'title': finding.title, 'date': finding.date, 'severity': finding.severity, 'description': finding.description, 'test': finding.test, 'reporter': finding.reporter }) if request.method == 'POST': form = PromoteFindingForm(request.POST) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) new_finding.active = True new_finding.false_p = False new_finding.duplicate = False new_finding.mitigated = None new_finding.verified = True new_finding.out_of_scope = False new_finding.save() new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.save() finding.delete() if 'jiraform' in request.POST: jform = JIRAFindingForm( request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get( product=test.engagement.product).push_all_issues) if jform.is_valid(): add_issue_task.delay( new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding promoted successfully.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_test', args=(test.id, ))) else: if 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data[ 'endpoints'] else: form.fields['endpoints'].queryset = Endpoint.objects.none() form_error = True messages.add_message( request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') add_breadcrumb(parent=test, title="Promote Finding", top_level=False, request=request) return render( request, 'dojo/promote_to_finding.html', { 'form': form, 'test': test, 'stub_finding': finding, 'form_error': form_error, })
def add_temp_finding(request, tid, fid): jform = None test = get_object_or_404(Test, id=tid) finding = get_object_or_404(Finding_Template, id=fid) findings = Finding_Template.objects.all() if request.method == 'POST': form = FindingForm(request.POST) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) new_finding.date = datetime.today() if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user create_template = new_finding.is_template # is template always False now in favor of new model Finding_Template # no further action needed here since this is already adding from template. new_finding.is_template = False new_finding.save() new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=True) add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding from template added successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter(title=new_finding.title) if len(templates) > 0: messages.add_message(request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template(title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message(request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_test', args=(test.id,))) else: messages.add_message(request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') else: form = FindingForm(initial={'active': False, 'date': timezone.now().date(), 'verified': False, 'false_p': False, 'duplicate': False, 'out_of_scope': False, 'title': finding.title, 'description': finding.description, 'cwe': finding.cwe, 'severity': finding.severity, 'mitigation': finding.mitigation, 'impact': finding.impact, 'references': finding.references, 'numerical_severity': finding.numerical_severity}) if get_system_setting('enable_jira'): enabled = JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') else: jform = None add_breadcrumb(parent=test, title="Add Finding", top_level=False, request=request) return render(request, 'dojo/add_findings.html', {'form': form, 'jform': jform, 'findings': findings, 'temp': True, 'fid': finding.id, 'tid': test.id, 'test': test, })
def ad_hoc_finding(request, pid): prod = Product.objects.get(id=pid) test = None try: eng = Engagement.objects.get(product=prod, name="Ad Hoc Engagement") tests = Test.objects.filter(engagement=eng) if len(tests) != 0: test = tests[0] else: test = Test(engagement=eng, test_type=Test_Type.objects.get(name="Pen Test"), target_start=timezone.now(), target_end=timezone.now()) test.save() except: eng = Engagement(name="Ad Hoc Engagement", target_start=timezone.now(), target_end=timezone.now(), active=False, product=prod) eng.save() test = Test(engagement=eng, test_type=Test_Type.objects.get(name="Pen Test"), target_start=timezone.now(), target_end=timezone.now()) test.save() form_error = False enabled = False jform = None form = AdHocFindingForm(initial={'date': timezone.now().date()}) if get_system_setting('enable_jira'): if JIRA_PKey.objects.filter( product=test.engagement.product).count() != 0: enabled = JIRA_PKey.objects.get( product=test.engagement.product).push_all_issues jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') else: jform = None if request.method == 'POST': form = AdHocFindingForm(request.POST) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.save() new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): add_issue_task.delay( new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding added successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter( title=new_finding.title) if len(templates) > 0: messages.add_message( request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template( title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message( request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') if '_Finished' in request.POST: return HttpResponseRedirect( reverse('view_test', args=(test.id, ))) else: return HttpResponseRedirect( reverse('add_findings', args=(test.id, ))) else: if 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data[ 'endpoints'] else: form.fields['endpoints'].queryset = Endpoint.objects.none() form_error = True messages.add_message( request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') product_tab = Product_Tab(pid, title="Add Finding", tab="engagements") product_tab.setEngagement(eng) return render( request, 'dojo/ad_hoc_findings.html', { 'form': form, 'product_tab': product_tab, 'temp': False, 'tid': test.id, 'pid': pid, 'form_error': form_error, 'jform': jform, })
def add_findings(request, tid): test = Test.objects.get(id=tid) form_error = False enabled = False jform = None form = AddFindingForm(initial={'date': timezone.now().date()}) if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=test.engagement.product).count() != 0: enabled = JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') else: jform = None if request.method == 'POST': form = AddFindingForm(request.POST) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.save() new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding added successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter(title=new_finding.title) if len(templates) > 0: messages.add_message(request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template(title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message(request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') if '_Finished' in request.POST: return HttpResponseRedirect(reverse('view_test', args=(test.id,))) else: return HttpResponseRedirect(reverse('add_findings', args=(test.id,))) else: if 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = Endpoint.objects.none() form_error = True messages.add_message(request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') add_breadcrumb(parent=test, title="Add Finding", top_level=False, request=request) return render(request, 'dojo/add_findings.html', {'form': form, 'test': test, 'temp': False, 'tid': tid, 'form_error': form_error, 'jform': jform, })
def add_findings(request, tid): test = Test.objects.get(id=tid) form_error = False enabled = False jform = None form = AddFindingForm(initial={'date': datetime.now(tz=localtz).date()}) if hasattr(settings, 'ENABLE_JIRA'): if settings.ENABLE_JIRA: if JIRA_PKey.objects.filter( product=test.engagement.product).count() != 0: enabled = JIRA_PKey.objects.get( product=test.engagement.product).push_all_issues jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') else: jform = None if request.method == 'POST': form = AddFindingForm(request.POST) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = datetime.now(tz=localtz) new_finding.mitigated_by = request.user create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.save() new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): add_issue_task.delay( new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding added successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter( title=new_finding.title) if len(templates) > 0: messages.add_message( request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template( title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message( request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') if '_Finished' in request.POST: return HttpResponseRedirect( reverse('view_test', args=(test.id, ))) else: return HttpResponseRedirect( reverse('add_findings', args=(test.id, ))) else: if 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data[ 'endpoints'] else: form.fields['endpoints'].queryset = Endpoint.objects.none() form_error = True messages.add_message( request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') add_breadcrumb(parent=test, title="Add Finding", top_level=False, request=request) return render( request, 'dojo/add_findings.html', { 'form': form, 'test': test, 'temp': False, 'tid': tid, 'form_error': form_error, 'jform': jform, })
def promote_to_finding(request, fid): finding = get_object_or_404(Stub_Finding, id=fid) test = finding.test form_error = False jira_available = False if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=test.engagement.product) != 0: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues) jira_available = True else: jform = None form = PromoteFindingForm(initial={'title': finding.title, 'date': finding.date, 'severity': finding.severity, 'description': finding.description, 'test': finding.test, 'reporter': finding.reporter}) if request.method == 'POST': form = PromoteFindingForm(request.POST) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) new_finding.active = True new_finding.false_p = False new_finding.duplicate = False new_finding.mitigated = None new_finding.verified = True new_finding.out_of_scope = False new_finding.save() new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.save() finding.delete() if 'jiraform' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues) if jform.is_valid(): add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) messages.add_message(request, messages.SUCCESS, 'Finding promoted successfully.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_test', args=(test.id,))) else: if 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = Endpoint.objects.none() form_error = True messages.add_message(request, messages.ERROR, 'The form has errors, please correct them below.', extra_tags='alert-danger') add_breadcrumb(parent=test, title="Promote Finding", top_level=False, request=request) return render(request, 'dojo/promote_to_finding.html', {'form': form, 'test': test, 'stub_finding': finding, 'form_error': form_error, })
def edit_finding(request, fid): finding = get_object_or_404(Finding, id=fid) old_status = finding.status() form = FindingForm(instance=finding) form.initial['tags'] = [tag.name for tag in finding.tags] form_error = False jform = None try: jissue = JIRA_Issue.objects.get(finding=finding) enabled = True except: enabled = False pass if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=finding.test.engagement.product) != 0: jform = JIRAFindingForm(enabled=enabled, prefix='jiraform') if request.method == 'POST': form = FindingForm(request.POST, instance=finding) if form.is_valid(): new_finding = form.save(commit=False) new_finding.test = finding.test new_finding.numerical_severity = Finding.get_numerical_severity( new_finding.severity) if new_finding.false_p or new_finding.active is False: new_finding.mitigated = timezone.now() new_finding.mitigated_by = request.user if new_finding.active is True: new_finding.false_p = False new_finding.mitigated = None new_finding.mitigated_by = None create_template = new_finding.is_template # always false now since this will be deprecated soon in favor of new Finding_Template model new_finding.is_template = False new_finding.endpoints = form.cleaned_data['endpoints'] new_finding.last_reviewed = timezone.now() new_finding.last_reviewed_by = request.user tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t new_finding.save() if 'jiraform-push_to_jira' in request.POST: jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled) if jform.is_valid(): try: jissue = JIRA_Issue.objects.get(finding=new_finding) update_issue_task.delay(new_finding, old_status, jform.cleaned_data.get('push_to_jira')) except: add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira')) pass tags = request.POST.getlist('tags') t = ", ".join(tags) new_finding.tags = t messages.add_message(request, messages.SUCCESS, 'Finding saved successfully.', extra_tags='alert-success') if create_template: templates = Finding_Template.objects.filter(title=new_finding.title) if len(templates) > 0: messages.add_message(request, messages.ERROR, 'A finding template was not created. A template with this title already ' 'exists.', extra_tags='alert-danger') else: template = Finding_Template(title=new_finding.title, cwe=new_finding.cwe, severity=new_finding.severity, description=new_finding.description, mitigation=new_finding.mitigation, impact=new_finding.impact, references=new_finding.references, numerical_severity=new_finding.numerical_severity) template.save() messages.add_message(request, messages.SUCCESS, 'A finding template was also created.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_finding', args=(new_finding.id,))) else: messages.add_message(request, messages.ERROR, 'There appears to be errors on the form, please correct below.', extra_tags='alert-danger') form_error = True if form_error and 'endpoints' in form.cleaned_data: form.fields['endpoints'].queryset = form.cleaned_data['endpoints'] else: form.fields['endpoints'].queryset = finding.endpoints.all() form.initial['tags'] = [tag.name for tag in finding.tags] add_breadcrumb(parent=finding, title="Edit", top_level=False, request=request) return render(request, 'dojo/edit_findings.html', {'form': form, 'finding': finding, 'jform' : jform })
def pushing_finding_to_jira(request, fid): finding = get_object_or_404(Finding, id=fid) add_issue_task.delay(finding, True) return render(request, 'dojo/findings_list.html')