def new_eng_for_app(request, pid, cicd=False):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST, cicd=cicd)
if form.is_valid():
new_eng = form.save(commit=False)
if not new_eng.name:
new_eng.name = str(new_eng.target_start)
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
if cicd:
new_eng.engagement_type = 'CI/CD'
new_eng.status = "In Progress"
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_eng.tags = t
if get_system_setting('enable_jira'):
# Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=request.build_absolute_uri(reverse('view_engagement', args=(new_eng.id,))), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
elif "_Import Scan Results" in request.POST:
return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id)
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
product_tab = Product_Tab(pid, title="New Engagement", tab="engagements")
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'product_tab': product_tab,
'jform': jform
})
def new_engagement(request):
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save()
new_eng.lead = request.user
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_eng.tags = t
messages.add_message(
request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(initial={'date': timezone.now().date()})
add_breadcrumb(title="New Engagement", top_level=False, request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
})
def new_eng_for_app(request, pid):
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
new_eng.save()
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={})
add_breadcrumb(parent=prod, title="New Engagement", top_level=False, request=request)
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
})
def new_eng_for_app(request, pid):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
new_eng.save()
if get_system_setting('enable_jira'):
#Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform',
enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
#else:
# print >>sys.stderr, 'no prefix is found'
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title='Engagement added', engagement=new_eng, url=request.build_absolute_uri(reverse('view_engagement', args=(new_eng.id,))), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={})
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
add_breadcrumb(parent=prod, title="New Engagement", top_level=False, request=request)
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'jform': jform
})
def new_engagement(request):
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save()
new_eng.lead = request.user
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.product_id = form.cleaned_data.get('product').id
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join('"{0}"'.format(w) for w in tags)
new_eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(initial={'date': timezone.now().date()})
add_breadcrumb(title="New Engagement", top_level=False, request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
})
def new_eng_for_app(request, pid):
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
new_eng.save()
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(initial={})
add_breadcrumb(parent=prod,
title="New Engagement",
top_level=False,
request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
'pid': pid,
})
def new_eng_for_app(request, pid, cicd=False):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST, cicd=cicd)
if form.is_valid():
new_eng = form.save(commit=False)
if not new_eng.name:
new_eng.name = str(new_eng.target_start)
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
if cicd:
new_eng.engagement_type = 'CI/CD'
new_eng.status = "In Progress"
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_eng.tags = t
if get_system_setting('enable_jira'):
# Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=reverse('view_engagement', args=(new_eng.id,)), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
elif "_Import Scan Results" in request.POST:
return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id)
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
product_tab = Product_Tab(pid, title="New Engagement", tab="engagements")
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'product_tab': product_tab,
'jform': jform
})
def new_eng_for_app(request, pid):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
new_eng.save()
if get_system_setting('enable_jira'):
#Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(
new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
#else:
# print >>sys.stderr, 'no prefix is found'
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(initial={})
if (get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
add_breadcrumb(parent=prod,
title="New Engagement",
top_level=False,
request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
'pid': pid,
'jform': jform
})
def edit_engagement(request, eid):
engagement = Engagement.objects.get(pk=eid)
is_ci_cd = engagement.engagement_type == "CI/CD"
jira_project_form = None
jira_epic_form = None
jira_project = None
jira_error = False
if request.method == 'POST':
form = EngForm(request.POST, instance=engagement, cicd=is_ci_cd, product=engagement.product, user=request.user)
jira_project = jira_helper.get_jira_project(engagement, use_inheritance=False)
if form.is_valid():
# first save engagement details
new_status = form.cleaned_data.get('status')
engagement = form.save(commit=False)
if (new_status == "Cancelled" or new_status == "Completed"):
engagement.active = False
create_notification(event='close_engagement',
title='Closure of %s' % engagement.name,
description='The engagement "%s" was closed' % (engagement.name),
engagement=engagement, url=reverse('engagement_all_findings', args=(engagement.id, ))),
else:
engagement.active = True
engagement.save()
form.save_m2m()
messages.add_message(
request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
success, jira_project_form = jira_helper.process_jira_project_form(request, instance=jira_project, target='engagement', engagement=engagement, product=engagement.product)
error = not success
success, jira_epic_form = jira_helper.process_jira_epic_form(request, engagement=engagement)
error = error or not success
if not error:
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(engagement.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(engagement.id, )))
else:
logger.debug(form.errors)
else:
form = EngForm(initial={'product': engagement.product}, instance=engagement, cicd=is_ci_cd, product=engagement.product, user=request.user)
jira_epic_form = None
if get_system_setting('enable_jira'):
jira_project = jira_helper.get_jira_project(engagement, use_inheritance=False)
jira_project_form = JIRAProjectForm(instance=jira_project, target='engagement', product=engagement.product)
logger.debug('showing jira-epic-form')
jira_epic_form = JIRAEngagementForm(instance=engagement)
if is_ci_cd:
title = 'Edit CI/CD Engagement'
else:
title = 'Edit Interactive Engagement'
product_tab = Product_Tab(engagement.product.id, title=title, tab="engagements")
product_tab.setEngagement(engagement)
return render(request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'title': title,
'form': form,
'edit': True,
'jira_epic_form': jira_epic_form,
'jira_project_form': jira_project_form,
'engagement': engagement,
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
if request.method == 'POST':
form = EngForm(request.POST,
instance=eng,
cicd=ci_cd_form,
product=eng.product.id)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=False)
if (form.is_valid() and jform is None) or (form.is_valid() and jform
and jform.is_valid()):
if 'jiraform-push_to_jira' in request.POST:
if JIRA_Issue.objects.filter(engagement=eng).exists():
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
else:
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled"
or temp_form.status == "Completed"):
temp_form.active = False
elif (temp_form.active is False):
temp_form.active = True
temp_form.product_id = form.cleaned_data.get('product').id
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join('"{0}"'.format(w) for w in tags)
eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(initial={'product': eng.product.id},
instance=eng,
cicd=ci_cd_form,
product=eng.product.id)
try:
# jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
# Enabled must be false in this case, because this Push-to-jira is more about
# epics then findings.
jform = JIRAFindingForm(prefix='jiraform', enabled=False)
# Feels like we should probably inform the user that this particular checkbox
# is more about epics and engagements than findings and issues.
jform.fields['push_to_jira'].help_text = \
"Checking this will add an EPIC or update an existing EPIC for this engagement."
jform.fields['push_to_jira'].label = "Create or update EPIC"
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id,
title="Edit" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(eng)
return render(
request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
if request.method == 'POST':
form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(
request.POST, prefix='jiraform', enabled=True)
if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()):
if 'jiraform-push_to_jira' in request.POST:
if JIRA_Issue.objects.filter(engagement=eng).exists():
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
enabled = True
else:
enabled = False
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled" or temp_form.status == "Completed"):
temp_form.active = False
elif(temp_form.active is False):
temp_form.active = True
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
eng.tags = t
messages.add_message(
request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(instance=eng, cicd=ci_cd_form, product=eng.product.id)
try:
# jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements")
product_tab.setEngagement(eng)
return render(request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
use_jira = get_system_setting(
'enable_jira') and eng.product.jira_pkey is not None
if request.method == 'POST':
form = EngForm(request.POST,
instance=eng,
cicd=ci_cd_form,
product=eng.product.id,
user=request.user)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAEngagementForm(request.POST,
prefix='jiraform',
instance=eng)
if (form.is_valid() and jform is None) or (form.is_valid() and jform
and jform.is_valid()):
logger.debug('jform valid')
if 'jiraform-push_to_jira' in request.POST:
logger.debug('push_to_jira true')
if JIRA_Issue.objects.filter(engagement=eng).exists():
if Dojo_User.wants_block_execution(request.user):
update_epic(eng,
jform.cleaned_data.get('push_to_jira'))
else:
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
else:
if Dojo_User.wants_block_execution(request.user):
add_epic(eng, jform.cleaned_data.get('push_to_jira'))
else:
add_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled"
or temp_form.status == "Completed"):
temp_form.active = False
elif (temp_form.active is False):
temp_form.active = True
temp_form.product_id = form.cleaned_data.get('product').id
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join('"{0}"'.format(w) for w in tags)
eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(initial={'product': eng.product.id},
instance=eng,
cicd=ci_cd_form,
product=eng.product.id,
user=request.user)
if use_jira:
jform = JIRAEngagementForm(prefix='jiraform', instance=eng)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id,
title="Edit" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(eng)
return render(
request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def edit_engagement(request, eid):
engagement = Engagement.objects.get(pk=eid)
is_ci_cd = engagement.engagement_type == "CI/CD"
jira_epic_form = None
jira_project = None
jira_error = False
if request.method == 'POST':
form = EngForm(request.POST,
instance=engagement,
cicd=is_ci_cd,
product=engagement.product.id,
user=request.user)
jira_project = jira_helper.get_jira_project(engagement,
use_inheritance=False)
if form.is_valid():
# first save engagement details
new_status = form.cleaned_data.get('status')
engagement = form.save(commit=False)
if (new_status == "Cancelled" or new_status == "Completed"):
engagement.active = False
else:
engagement.active = True
engagement.save()
form.save_m2m()
# tags = request.POST.getlist('tags')
# t = ", ".join('"{0}"'.format(w) for w in tags)
# engagement.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
success, jira_project_form = jira_helper.process_jira_project_form(
request, instance=jira_project, engagement=engagement)
error = not success
success, jira_epic_form = jira_helper.process_jira_epic_form(
request, engagement=engagement)
error = error or not success
if not error:
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(engagement.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(engagement.id, )))
else:
logger.debug(form.errors)
form = EngForm(initial={'product': engagement.product},
instance=engagement,
cicd=is_ci_cd,
product=engagement.product,
user=request.user)
jira_project_form = None
jira_epic_form = None
if get_system_setting('enable_jira'):
jira_project = jira_helper.get_jira_project(engagement,
use_inheritance=False)
jira_project_form = JIRAProjectForm(instance=jira_project,
target='engagement',
product=engagement.product)
logger.debug('showing jira-epic-form')
jira_epic_form = JIRAEngagementForm(instance=engagement)
# form.initial['tags'] = [tag.name for tag in engagement.tags.all()]
title = ' CI/CD' if is_ci_cd else ''
product_tab = Product_Tab(engagement.product.id,
title="Edit" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(engagement)
return render(
request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jira_epic_form': jira_epic_form,
'jira_project_form': jira_project_form,
'engagement': engagement,
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
if request.method == 'POST':
form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(
request.POST, prefix='jiraform', enabled=True)
if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()):
if 'jiraform-push_to_jira' in request.POST:
if JIRA_Issue.objects.filter(engagement=eng).exists():
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
enabled = True
else:
enabled = False
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled" or temp_form.status == "Completed"):
temp_form.active = False
elif(temp_form.active is False):
temp_form.active = True
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
eng.tags = t
messages.add_message(
request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(instance=eng, cicd=ci_cd_form, product=eng.product.id)
try:
# jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements")
product_tab.setEngagement(eng)
return render(request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def new_eng_for_app(request, pid):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
new_eng.save()
form.save_m2m()
if get_system_setting('enable_jira'):
#Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(
new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
#else:
# print >>sys.stderr, 'no prefix is found'
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added',
title='Engagement added',
engagement=new_eng,
url=request.build_absolute_uri(
reverse('view_engagement',
args=(new_eng.id, ))),
objowner=new_eng.analysts.all())
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(auth_users=(
prod.authorized_users.all()
| Dojo_User.objects.filter(is_superuser=True)).distinct())
if (get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
add_breadcrumb(parent=prod,
title="New Engagement",
top_level=False,
request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
'pid': pid,
'jform': jform
})
def edit_engagement(request, eid):
engagement = Engagement.objects.get(pk=eid)
is_ci_cd = engagement.engagement_type == "CI/CD"
jira_epic_form = None
jira_project = jira_helper.get_jira_project(engagement,
use_inheritance=False)
jira_error = False
if request.method == 'POST':
form = EngForm(request.POST,
instance=engagement,
cicd=is_ci_cd,
product=engagement.product.id,
user=request.user)
jira_project_form = JIRAProjectForm(request.POST,
prefix='jira-project-form',
instance=jira_project,
target='engagement')
jira_epic_form = JIRAEngagementForm(request.POST,
prefix='jira-epic-form',
instance=engagement)
if (form.is_valid()
and (jira_project_form is None or jira_project_form.is_valid())
and (jira_epic_form is None or jira_epic_form.is_valid())):
# first save engagement details
new_status = form.cleaned_data.get('status')
engagement = form.save(commit=False)
if (new_status == "Cancelled" or new_status == "Completed"):
engagement.active = False
else:
engagement.active = True
engagement.save()
tags = request.POST.getlist('tags')
t = ", ".join('"{0}"'.format(w) for w in tags)
engagement.tags = t
# save jira project config
jira_project = jira_project_form.save(commit=False)
jira_project.engagement = engagement
# only check jira project if form is sufficiently populated
if jira_project.jira_instance and jira_project.project_key:
jira_error = not jira_helper.is_jira_project_valid(
jira_project)
if not jira_error:
jira_project.save()
messages.add_message(
request,
messages.SUCCESS,
'JIRA Project config added successfully.',
extra_tags='alert-success')
# push epic
if jira_epic_form.cleaned_data.get('push_to_jira'):
if jira_helper.push_to_jira(engagement):
messages.add_message(
request,
messages.SUCCESS,
'Push to JIRA for Epic queued succesfully, check alerts on the top right for errors',
extra_tags='alert-success')
else:
jira_error = True
messages.add_message(
request,
messages.SUCCESS,
'Push to JIRA for Epic failed, check alerts on the top right for errors',
extra_tags='alert-danger')
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if not jira_error:
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(engagement.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(engagement.id, )))
else:
# if forms invalid, page will just reload and show errors
if jira_project_form.errors or jira_epic_form.errors:
messages.add_message(request,
messages.ERROR,
'Errors in JIRA forms, see below',
extra_tags='alert-danger')
else:
form = EngForm(initial={'product': engagement.product},
instance=engagement,
cicd=is_ci_cd,
product=engagement.product,
user=request.user)
jira_project_form = None
jira_epic_form = None
if get_system_setting('enable_jira'):
jira_project_form = JIRAProjectForm(prefix='jira-project-form',
instance=jira_project,
target='engagement',
product=engagement.product)
if jira_project:
logger.debug('showing jira-epic-form')
jira_epic_form = JIRAEngagementForm(prefix='jira-epic-form',
instance=engagement)
form.initial['tags'] = [tag.name for tag in engagement.tags]
title = ' CI/CD' if is_ci_cd else ''
product_tab = Product_Tab(engagement.product.id,
title="Edit" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(engagement)
return render(
request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jira_epic_form': jira_epic_form,
'jira_project_form': jira_project_form,
})
