def fillWithDefects(self):
"""
Fetch defects that are global (not assigned to an ip) and fill the defect table with them.
"""
table = Defect.getDefectTable()
for line in table:
self.addDefect(Defect(line))
def _insertChildrenDefects(self):
"""Insert every children defect in database as DefectView under this node"""
defects = self.controller.getDefects()
for defect in defects:
defect_o = DefectController(Defect(defect))
defect_vw = DefectView(self.appliTw, self.appliViewFrame,
self.mainApp, defect_o)
defect_vw.addInTreeview(str(self.controller.getDbId()))
def findDefectTemplateByTitle(self, title, multi=False):
apiclient = APIClient.getInstance()
defects_matching, msg = apiclient.searchDefect(title)
if defects_matching is not None:
if len(defects_matching) >= 1 and not multi:
return Defect(defects_matching[0])
else:
return defects_matching
def createDefectCallback(self, _event=None):
"""Callback for tool click #TODO move to ToolController
Creates an empty defect view and open it's insert window with notes = tools notes.
"""
modelData = self.controller.getData()
toExport = modelData["notes"]
for widget in self.appliViewFrame.winfo_children():
widget.destroy()
dv = DefectView(self.appliTw, self.appliViewFrame, self.mainApp,
DefectController(Defect(modelData)))
dv.openInsertWindow(toExport)
def addDefectCallback(self, _event):
"""
Create an empty defect model and its attached view. Open this view insert window.
Args:
event: Automatically generated with a button Callback, not used but mandatory.
"""
for widget in self.appliViewFrame.winfo_children():
widget.destroy()
modelData = self.controller.getData()
dv = DefectView(self.appliTw, self.appliViewFrame, self.mainApp,
DefectController(Defect(modelData)))
dv.openInsertWindow()
def multi_insert(self):
values = self.browse_down_treevw.getValue()
for title in values:
results, msg = APIClient.searchDefect(title)
if results is not None:
result = results[0]
d_o = Defect()
types = result["type"].split(",")
d_o.initialize("", "", "", result["title"],
result["synthesis"], result["description"],
result["ease"], result["impact"],
result["risk"], "N/A", types,
result["language"], "", result["fixes"])
d_o.addInDb()
else:
tk.messagebox.showerror("Could not saerch defect", msg)
return True
def setMainRedactor(self):
"""Sets a main redactor for a pentest. Each not assigned defect will be assigned to him/her"""
self.settings.reloadSettings()
dialog = ChildDialogCombo(self.parent,
self.settings.getPentesters() + ["N/A"],
"Set main redactor", "N/A")
newVal = self.parent.wait_window(dialog.app)
if newVal is None:
return
if not newVal or newVal.strip() == "":
return
columnRedactor = self.treevw['columns'].index("redactor")
for it in self.treevw.get_children():
oldValues = self.treevw.item(it)["values"]
if oldValues[columnRedactor] == "N/A":
oldValues[columnRedactor] = newVal
self.treevw.item(it, values=oldValues)
d_o = Defect({"_id": it})
d_o.update({"redactor": newVal})
self.mainRedac = newVal
def addInTreeview(self, parentNode=None, addChildren=True):
"""Add this view in treeview. Also stores infos in application treeview.
Args:
parentNode: if None, will calculate the parent. If setted, forces the node to be inserted inside given parentNode.
addChildren: If False, skip the tool and defects insert. Useful when displaying search results
"""
if parentNode is None:
parentNode = self.getParentNode()
nodeText = str(self.controller.getModelRepr())
elif parentNode == '':
nodeText = self.controller.getDetailedString()
else:
nodeText = str(self.controller.getModelRepr())
self.appliTw.views[str(self.controller.getDbId())] = {"view": self}
try:
self.appliTw.insert(parentNode,
"end",
str(self.controller.getDbId()),
text=nodeText,
tags=self.controller.getTags(),
image=self.getClassIcon())
except TclError:
pass
if addChildren:
defects = self.controller.getDefects()
for defect in defects:
defect_o = DefectController(Defect(defect))
defect_vw = DefectView(self.appliTw, self.appliViewFrame,
self.mainApp, defect_o)
defect_vw.addInTreeview(str(self.controller.getDbId()))
tools = self.controller.getTools()
for tool in tools:
tool_o = ToolController(Tool(tool))
tool_vw = ToolView(self.appliTw, self.appliViewFrame,
self.mainApp, tool_o)
tool_vw.addInTreeview(str(self.controller.getDbId()))
self.appliTw.sort(parentNode)
if "hidden" in self.controller.getTags():
self.hide()
def __init__(self, parent, settings, defectModel=None, multi=False):
"""
Open a child dialog of a tkinter application to choose autoscan settings.
Args:
parent: the tkinter parent view to use for this window construction.
defectModel : A Defect Model object to load default values. None to have empty fields, default is None.
"""
self.app = tk.Toplevel(parent)
if defectModel is not None:
if defectModel.isTemplate:
self.app.title("Edit a security defect template")
else:
self.app.title("Edit a security defect")
else:
self.app.title("Add a security defect")
self.app.resizable(True, True)
self.app.geometry("800x600")
container = ttk.Frame(self.app)
container.columnconfigure(0, weight=1)
container.rowconfigure(0, weight=1)
self.rvalue = None
self.canvas = tk.Canvas(container, bg="white")
self.appFrame = ttk.Frame(self.canvas)
self.myscrollbar = tk.Scrollbar(container,
orient="vertical",
command=self.canvas.yview)
self.canvas.bind('<Enter>', self.boundToMousewheel)
self.canvas.bind('<Leave>', self.unboundToMousewheel)
self.canvas.bind(
'<Configure>', lambda e: self.canvas.configure(scrollregion=self.
canvas.bbox("all")))
self.canvas_main_frame = self.canvas.create_window(
(0, 0), window=self.appFrame, anchor='nw')
self.canvas.configure(yscrollcommand=self.myscrollbar.set)
self.isInsert = defectModel is None
self.multi = multi
if self.isInsert:
defectModel = Defect()
self.defect_vw = DefectView(None, self.appFrame, parent,
DefectController(defectModel))
if self.isInsert:
if multi:
self.defect_vw.openMultiInsertWindow(addButtons=False)
else:
self.defect_vw.openInsertWindow(addButtons=False)
else:
self.defect_vw.openModifyWindow(addButtons=False)
ok_button = ttk.Button(self.appFrame, text="OK")
ok_button.pack(side="right", padx=5, pady=10)
ok_button.bind('<Button-1>', self.okCallback)
cancel_button = ttk.Button(self.appFrame, text="Cancel")
cancel_button.pack(side="right", padx=5, pady=10, ipadx=10)
cancel_button.bind('<Button-1>', self.cancel)
self.canvas.configure(scrollregion=self.canvas.bbox("all"))
self.canvas.bind("<Configure>", self.resizeAppFrame)
self.canvas.grid(column=0, row=0, sticky="nsew")
self.myscrollbar.grid(column=1, row=0, sticky="ns")
container.pack(fill=tk.BOTH, ipady=10, ipadx=10, expand=True)
# self.appFrame.pack(fill=tk.X, ipady=10, ipadx=10, expand=True) this break the canvas drawing with scrollbar
try:
self.app.wait_visibility()
self.app.transient(parent)
self.app.grab_set()
self.app.focus_force()
self.app.lift()
except tk.TclError:
pass
def notify(self, db, collection, iid, action, _parent):
"""
Callback for the observer implemented in mongo.py.
Each time an object is inserted, updated or deleted the standard way, this function will be called.
Args:
collection: the collection that has been modified
iid: the mongo ObjectId _id that was modified/inserted/deleted
action: string "update" or "insert" or "delete". It was the action performed on the iid
_parent: Not used. the mongo ObjectId of the parent. Only if action in an insert. Not used anymore
"""
apiclient = APIClient.getInstance()
if not apiclient.getCurrentPentest() != "":
return
if db == "pollenisator":
if collection == "settings":
self.configureTags()
return
if apiclient.getCurrentPentest() != db:
return
# Delete
if action == "delete":
if collection == "defects":
view = self.getViewFromId(str(iid))
if view is not None:
self.appli.statusbar.notify([], view.controller.getTags())
try:
self.delete(ObjectId(iid))
except tk.TclError:
pass # item was not inserted in the treeview
# Insert
if action == "insert":
view = None
res = apiclient.find(collection, {"_id": ObjectId(iid)}, False)
if collection == "tools":
view = ToolView(self, self.appli.viewframe, self.appli,
ToolController(Tool(res)))
elif collection == "waves":
view = WaveView(self, self.appli.viewframe, self.appli,
WaveController(Wave(res)))
elif collection == "scopes":
view = ScopeView(self, self.appli.viewframe, self.appli,
ScopeController(Scope(res)))
elif collection == "ports":
view = PortView(self, self.appli.viewframe, self.appli,
PortController(Port(res)))
elif collection == "ips":
view = IpView(self, self.appli.viewframe, self.appli,
IpController(Ip(res)))
elif collection == "intervals":
view = IntervalView(self, self.appli.viewframe, self.appli,
IntervalController(Interval(res)))
elif collection == "defects":
view = DefectView(self, self.appli.viewframe, self.appli,
DefectController(Defect(res)))
elif collection == "commands":
view = CommandView(self, self.appli.viewframe, self.appli,
CommandController(Command(res)))
elif collection == "group_commands":
view = CommandGroupView(
self, self.appli.viewframe, self.appli,
CommandGroupController(CommandGroup(res)))
try:
if view is not None:
view.addInTreeview()
view.insertReceived()
self.appli.statusbar.notify(view.controller.getTags())
except tk.TclError:
pass
if action == "update":
try:
view = self.getViewFromId(str(iid))
if view is not None:
item = self.item(str(iid))
oldTags = item["tags"]
view.controller.actualize()
self.appli.statusbar.notify(view.controller.getTags(),
oldTags)
self.item(str(iid),
text=str(view.controller.getModelRepr()),
image=view.getIcon())
except tk.TclError:
if view is not None:
view.addInTreeview()
if str(self.appli.openedViewFrameId) == str(iid):
for widget in self.appli.viewframe.winfo_children():
widget.destroy()
view.openModifyWindow()
if view is not None:
view.updateReceived()
self.appli.statusbar.update()