def finding_bulk_update(request, tid):
test = get_object_or_404(Test, id=tid)
form = FindingBulkUpdateForm(request.POST)
if request.method == "POST":
finding_to_update = request.POST.getlist('finding_to_update')
if request.POST.get('delete_bulk_findings') and finding_to_update:
finds = Finding.objects.filter(test=test, id__in=finding_to_update)
product = Product.objects.get(engagement__test=test)
finds.delete()
calculate_grade(product)
else:
if form.is_valid() and finding_to_update:
finding_to_update = request.POST.getlist('finding_to_update')
finds = Finding.objects.filter(test=test, id__in=finding_to_update)
if form.cleaned_data['severity']:
finds.update(severity=form.cleaned_data['severity'],
numerical_severity=Finding.get_numerical_severity(form.cleaned_data['severity']),
last_reviewed=timezone.now(),
last_reviewed_by=request.user)
if form.cleaned_data['status']:
finds.update(active=form.cleaned_data['active'],
verified=form.cleaned_data['verified'],
false_p=form.cleaned_data['false_p'],
out_of_scope=form.cleaned_data['out_of_scope'],
is_Mitigated=form.cleaned_data['is_Mitigated'],
last_reviewed=timezone.now(),
last_reviewed_by=request.user)
if form.cleaned_data['tags']:
for finding in finds:
tags = request.POST.getlist('tags')
ts = ", ".join(tags)
finding.tags = ts
# Update the grade as bulk edits don't go through save
if form.cleaned_data['severity'] or form.cleaned_data['status']:
calculate_grade(test.engagement.product)
for finding in finds:
if JIRA_PKey.objects.filter(product=finding.test.engagement.product).count() == 0:
log_jira_alert('Finding cannot be pushed to jira as there is no jira configuration for this product.', finding)
else:
old_status = finding.status()
if form.cleaned_data['push_to_jira']:
if JIRA_Issue.objects.filter(finding=finding).exists():
update_issue_task.delay(finding, old_status, True)
else:
add_issue_task.delay(finding, True)
messages.add_message(request,
messages.SUCCESS,
'Bulk edit of findings was successful. Check to make sure it is what you intended.',
extra_tags='alert-success')
else:
messages.add_message(request,
messages.ERROR,
'Unable to process bulk update. Required fields were not selected.',
extra_tags='alert-danger')
return HttpResponseRedirect(reverse('view_test', args=(test.id,)))
def edit_finding(request, fid):
finding = get_object_or_404(Finding, id=fid)
old_status = finding.status()
form = FindingForm(instance=finding)
form.initial['tags'] = [tag.name for tag in finding.tags]
form_error = False
jform = None
try:
jissue = JIRA_Issue.objects.get(finding=finding)
enabled = True
except:
enabled = False
pass
if hasattr(settings, 'ENABLE_JIRA'):
if settings.ENABLE_JIRA:
if JIRA_PKey.objects.filter(
product=finding.test.engagement.product) != 0:
jform = JIRAFindingForm(enabled=enabled, prefix='jiraform')
if request.method == 'POST':
form = FindingForm(request.POST, instance=finding)
if form.is_valid():
new_finding = form.save(commit=False)
new_finding.test = finding.test
new_finding.numerical_severity = Finding.get_numerical_severity(
new_finding.severity)
if new_finding.false_p or new_finding.active is False:
new_finding.mitigated = datetime.now(tz=localtz)
new_finding.mitigated_by = request.user
if new_finding.active is True:
new_finding.false_p = False
new_finding.mitigated = None
new_finding.mitigated_by = None
create_template = new_finding.is_template
# always false now since this will be deprecated soon in favor of new Finding_Template model
new_finding.is_template = False
new_finding.endpoints = form.cleaned_data['endpoints']
new_finding.last_reviewed = datetime.now(tz=localtz)
new_finding.last_reviewed_by = request.user
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_finding.tags = t
new_finding.save()
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=enabled)
if jform.is_valid():
try:
jissue = JIRA_Issue.objects.get(finding=new_finding)
update_issue_task.delay(
new_finding, old_status,
jform.cleaned_data.get('push_to_jira'))
except:
add_issue_task.delay(
new_finding,
jform.cleaned_data.get('push_to_jira'))
pass
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_finding.tags = t
messages.add_message(request,
messages.SUCCESS,
'Finding saved successfully.',
extra_tags='alert-success')
if create_template:
templates = Finding_Template.objects.filter(
title=new_finding.title)
if len(templates) > 0:
messages.add_message(
request,
messages.ERROR,
'A finding template was not created. A template with this title already '
'exists.',
extra_tags='alert-danger')
else:
template = Finding_Template(
title=new_finding.title,
cwe=new_finding.cwe,
severity=new_finding.severity,
description=new_finding.description,
mitigation=new_finding.mitigation,
impact=new_finding.impact,
references=new_finding.references,
numerical_severity=new_finding.numerical_severity)
template.save()
messages.add_message(
request,
messages.SUCCESS,
'A finding template was also created.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_finding', args=(new_finding.id, )))
else:
messages.add_message(
request,
messages.ERROR,
'There appears to be errors on the form, please correct below.',
extra_tags='alert-danger')
form_error = True
if form_error and 'endpoints' in form.cleaned_data:
form.fields['endpoints'].queryset = form.cleaned_data['endpoints']
else:
form.fields['endpoints'].queryset = finding.endpoints.all()
form.initial['tags'] = [tag.name for tag in finding.tags]
add_breadcrumb(parent=finding,
title="Edit",
top_level=False,
request=request)
return render(request, 'dojo/edit_findings.html', {
'form': form,
'finding': finding,
'jform': jform
})
def edit_finding(request, fid):
finding = get_object_or_404(Finding, id=fid)
old_status = finding.status()
form = FindingForm(instance=finding)
form.initial['tags'] = [tag.name for tag in finding.tags]
form_error = False
jform = None
try:
jissue = JIRA_Issue.objects.get(finding=finding)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=finding.test.engagement.product) != 0:
jform = JIRAFindingForm(enabled=enabled, prefix='jiraform')
if request.method == 'POST':
form = FindingForm(request.POST, instance=finding)
if form.is_valid():
new_finding = form.save(commit=False)
new_finding.test = finding.test
new_finding.numerical_severity = Finding.get_numerical_severity(
new_finding.severity)
if new_finding.false_p or new_finding.active is False:
new_finding.mitigated = timezone.now()
new_finding.mitigated_by = request.user
if new_finding.active is True:
new_finding.false_p = False
new_finding.mitigated = None
new_finding.mitigated_by = None
create_template = new_finding.is_template
# always false now since this will be deprecated soon in favor of new Finding_Template model
new_finding.is_template = False
new_finding.endpoints = form.cleaned_data['endpoints']
new_finding.last_reviewed = timezone.now()
new_finding.last_reviewed_by = request.user
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_finding.tags = t
new_finding.save()
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=enabled)
if jform.is_valid():
try:
jissue = JIRA_Issue.objects.get(finding=new_finding)
update_issue_task.delay(new_finding, old_status, jform.cleaned_data.get('push_to_jira'))
except:
add_issue_task.delay(new_finding, jform.cleaned_data.get('push_to_jira'))
pass
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_finding.tags = t
messages.add_message(request,
messages.SUCCESS,
'Finding saved successfully.',
extra_tags='alert-success')
if create_template:
templates = Finding_Template.objects.filter(title=new_finding.title)
if len(templates) > 0:
messages.add_message(request,
messages.ERROR,
'A finding template was not created. A template with this title already '
'exists.',
extra_tags='alert-danger')
else:
template = Finding_Template(title=new_finding.title,
cwe=new_finding.cwe,
severity=new_finding.severity,
description=new_finding.description,
mitigation=new_finding.mitigation,
impact=new_finding.impact,
references=new_finding.references,
numerical_severity=new_finding.numerical_severity)
template.save()
messages.add_message(request,
messages.SUCCESS,
'A finding template was also created.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_finding', args=(new_finding.id,)))
else:
messages.add_message(request,
messages.ERROR,
'There appears to be errors on the form, please correct below.',
extra_tags='alert-danger')
form_error = True
if form_error and 'endpoints' in form.cleaned_data:
form.fields['endpoints'].queryset = form.cleaned_data['endpoints']
else:
form.fields['endpoints'].queryset = finding.endpoints.all()
form.initial['tags'] = [tag.name for tag in finding.tags]
add_breadcrumb(parent=finding, title="Edit", top_level=False, request=request)
return render(request, 'dojo/edit_findings.html',
{'form': form,
'finding': finding,
'jform' : jform
})
