def resolve_total_findings(self, info): """Resolve total findings attribute.""" finding_ids = finding_domain.filter_deleted_findings( project_domain.list_findings(self.name)) findings_loader = info.context.loaders['finding'] findings = findings_loader.load_many(finding_ids).then( lambda findings: [finding for finding in findings if finding.current_state != 'DELETED']) self.total_findings = findings.then(len) return self.total_findings
def resolve_drafts(self, info): """ Resolve drafts attribute """ util.cloudwatch_log(info.context, 'Security: Access to {project} ' 'drafts'.format(project=self.name)) finding_ids = finding_domain.filter_deleted_findings( project_domain.list_drafts(self.name)) findings_loader = info.context.loaders['finding'] self.drafts = findings_loader.load_many(finding_ids).then( lambda drafts: [draft for draft in drafts if draft.current_state != 'DELETED']) return self.drafts
def resolve_findings(self, info): """Resolve findings attribute.""" util.cloudwatch_log(info.context, 'Security: Access to {project} ' 'findings'.format(project=self.name)) finding_ids = finding_domain.filter_deleted_findings( project_domain.list_findings(self.name)) findings_loader = info.context.loaders['finding'] self.findings = findings_loader.load_many(finding_ids).then( lambda findings: [finding for finding in findings if finding.current_state != 'DELETED']) return self.findings
def resolve_max_severity(self, info): """Resolve maximum severity attribute.""" finding_ids = finding_domain.filter_deleted_findings( project_domain.list_findings(self.name)) findings_loader = info.context.loaders['finding'] self.max_severity = findings_loader.load_many(finding_ids).then( lambda findings: max([ finding.severity_score for finding in findings if finding.current_state != 'DELETED']) if findings else 0) return self.max_severity
def resolve_closed_vulnerabilities(self, info): """Resolve closed vulnerabilities attribute.""" finding_ids = finding_domain.filter_deleted_findings( project_domain.list_findings(self.name)) vulns_loader = info.context.loaders['vulnerability'] self.closed_vulnerabilities = vulns_loader.load_many(finding_ids).then( lambda findings: sum([ len([vuln for vuln in vulns if vuln_domain.get_current_state(vuln) == 'closed' and (vuln.current_approval_status != 'PENDING' or vuln.last_approved_status)]) for vulns in findings ])) return self.closed_vulnerabilities
def get_new_releases(): """Summary mail send with findings that have not been released yet.""" rollbar.report_message('Warning: Function to get new releases is running', 'warning') test_projects = FI_TEST_PROJECTS.split(',') projects = project_domain.get_active_projects() email_context = defaultdict(list) cont = 0 for project in projects: if project not in test_projects: try: finding_requests = finding_domain.get_findings( finding_domain.filter_deleted_findings(project_domain.list_drafts(project))) for finding in finding_requests: if 'releaseDate' not in finding: submission = finding.get('historicState') status = submission[-1].get('state') category = ('unsubmitted' if status in ('CREATED', 'REJECTED') else 'unreleased') email_context[category].append({ 'finding_name': finding.get('finding'), 'finding_url': '{url!s}/dashboard#!/project/{project!s}/drafts/' '{finding!s}/description' .format(url=BASE_URL, project=project, finding=finding.get('findingId')), 'project': project.upper() }) cont += 1 except (TypeError, KeyError): rollbar.report_message( 'Warning: An error ocurred getting data for new drafts email', 'warning') else: # ignore test projects pass if cont > 0: email_context['total_unreleased'] = len(email_context['unreleased']) email_context['total_unsubmitted'] = len(email_context['unsubmitted']) approvers = FI_MAIL_REVIEWERS.split(',') mail_to = [FI_MAIL_PROJECTS] mail_to.extend(approvers) send_mail_new_releases(mail_to, email_context) else: rollbar.report_message('Warning: There are no new drafts', 'warning')
def reset_expired_accepted_findings(): """ Update treatment if acceptance date expires """ rollbar.report_message('Warning: Function to update treatment if' 'acceptance date expires is running', 'warning') today = datetime.now().strftime('%Y-%m-%d %H:%M:%S') projects = project_domain.get_active_projects() for project in projects: findings = finding_domain.get_findings( finding_domain.filter_deleted_findings( project_domain.list_findings(project))) for finding in findings: finding_id = finding.get('findingId') historic_treatment = finding.get('historicTreatment', [{}]) is_accepted_expired = historic_treatment[-1].get('acceptance_date', today) < today is_undefined_accepted_expired = ( historic_treatment[-1].get('treatment') == 'ACCEPTED_UNDEFINED' and historic_treatment[-1].get('acceptance_status') == 'SUBMITTED' and datetime.strptime(historic_treatment[-1].get('date'), "%Y-%m-%d %H:%M:%S") + timedelta(days=5) <= datetime.strptime(today, "%Y-%m-%d %H:%M:%S")) if is_accepted_expired or is_undefined_accepted_expired: updated_values = {'treatment': 'NEW'} finding_domain.update_treatment(finding_id, updated_values, '') util.invalidate_cache(finding_id)