def request_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to review a finding, we need to capture why a review is needed # we can do this with a Note if request.method == 'POST': form = ReviewFindingForm(request.POST) if form.is_valid(): now = timezone.now() new_note = Notes() new_note.entry = "Review Request: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding.notes.add(new_note) finding.active = False finding.verified = False finding.under_review = True finding.review_requested_by = user finding.last_reviewed = now finding.last_reviewed_by = request.user users = form.cleaned_data['reviewers'] finding.reviewers = users finding.save() create_notification(event='review_requested', title='Finding review requested', description='User %s has requested that you please review the finding "%s" for accuracy:\n\n%s' \ % (user, finding.title, new_note), icon='check', url=request.build_absolute_uri(reverse("view_finding", args=(finding.id,)))) messages.add_message( request, messages.SUCCESS, 'Finding marked for review and reviewers notified.', extra_tags='alert-success') return HttpResponseRedirect( reverse('view_finding', args=(finding.id, ))) else: form = ReviewFindingForm() add_breadcrumb(parent=finding, title="Review Finding", top_level=False, request=request) return render(request, 'dojo/review_finding.html', { 'finding': finding, 'user': user, 'form': form })
def clear_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to clear a review for a finding, we need to capture why and how it was reviewed # we can do this with a Note if user == finding.review_requested_by or user in finding.reviewers.all(): pass else: return HttpResponseForbidden() if request.method == 'POST': form = ClearFindingReviewForm(request.POST, instance=finding) if form.is_valid(): now = datetime.now(tz=localtz) new_note = Notes() new_note.entry = "Review Cleared: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding = form.save(commit=False) finding.under_review = False finding.last_reviewed = now finding.last_reviewed_by = request.user finding.reviewers = [] finding.save() finding.notes.add(new_note) messages.add_message( request, messages.SUCCESS, 'Finding review has been updated successfully.', extra_tags='alert-success') return HttpResponseRedirect( reverse('view_finding', args=(finding.id, ))) else: form = ClearFindingReviewForm(instance=finding) add_breadcrumb(parent=finding, title="Clear Finding Review", top_level=False, request=request) return render(request, 'dojo/clear_finding_review.html', { 'finding': finding, 'user': user, 'form': form })
def request_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to review a finding, we need to capture why a review is needed # we can do this with a Note if request.method == 'POST': form = ReviewFindingForm(request.POST) if form.is_valid(): now = datetime.now(tz=localtz) new_note = Notes() new_note.entry = "Review Request: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding.notes.add(new_note) finding.active = False finding.verified = False finding.under_review = True finding.review_requested_by = user finding.last_reviewed = now finding.last_reviewed_by = request.user users = form.cleaned_data['reviewers'] finding.reviewers = users finding.save() send_review_email(request, user, finding, users, new_note) messages.add_message( request, messages.SUCCESS, 'Finding marked for review and reviewers notified.', extra_tags='alert-success') return HttpResponseRedirect( reverse('view_finding', args=(finding.id, ))) else: form = ReviewFindingForm() add_breadcrumb(parent=finding, title="Review Finding", top_level=False, request=request) return render(request, 'dojo/review_finding.html', { 'finding': finding, 'user': user, 'form': form })
def webhook(request): # Webhook shouldn't be active if jira isn't enabled if not get_system_setting('enable_jira'): raise PermissionDenied elif not get_system_setting('enable_jira_web_hook'): raise PermissionDenied if request.method == 'POST': parsed = json.loads(request.body) if 'issue' in parsed.keys(): jid = parsed['issue']['id'] jissue = get_object_or_404(JIRA_Issue, jira_id=jid) if jissue.finding is not None: finding = jissue.finding resolved = True if parsed['issue']['fields']['resolution'] is None: resolved = False if finding.active == resolved: if finding.active: now = timezone.now() finding.active = False finding.mitigated = now finding.endpoints.clear() else: finding.active = True finding.mitigated = None finding.save() finding.save() """ if jissue.engagement is not None: eng = jissue.engagement if parsed['issue']['fields']['resolution'] != None: eng.active = False eng.status = 'Completed' eng.save() """ else: comment_text = parsed['comment']['body'] commentor = parsed['comment']['updateAuthor']['displayName'] jid = parsed['comment']['self'].split('/')[7] jissue = JIRA_Issue.objects.get(jira_id=jid) finding = jissue.finding new_note = Notes() new_note.entry = '(%s): %s' % (commentor, comment_text) new_note.author, created = User.objects.get_or_create( username='******') new_note.save() finding.notes.add(new_note) finding.save() return HttpResponse('')
def webhook(request): # Webhook shouldn't be active if jira isn't enabled if not get_system_setting('enable_jira'): raise PermissionDenied elif not get_system_setting('enable_jira_web_hook'): raise PermissionDenied if request.method == 'POST': parsed = json.loads(request.body) if 'issue' in parsed.keys(): jid = parsed['issue']['id'] jissue = get_object_or_404(JIRA_Issue, jira_id=jid) if jissue.finding is not None: finding = jissue.finding resolved = True if parsed['issue']['fields']['resolution'] is None: resolved = False if finding.active == resolved: if finding.active: now = timezone.now() finding.active = False finding.mitigated = now finding.endpoints.clear() else: finding.active = True finding.mitigated = None finding.save() finding.save() """ if jissue.engagement is not None: eng = jissue.engagement if parsed['issue']['fields']['resolution'] != None: eng.active = False eng.status = 'Completed' eng.save() """ else: comment_text = parsed['comment']['body'] commentor = parsed['comment']['updateAuthor']['displayName'] jid = parsed['comment']['self'].split('/')[7] jissue = JIRA_Issue.objects.get(jira_id=jid) finding = jissue.finding new_note = Notes() new_note.entry = '(%s): %s' % (commentor, comment_text) new_note.author, created = User.objects.get_or_create(username='******') new_note.save() finding.notes.add(new_note) finding.save() return HttpResponse('')
def request_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to review a finding, we need to capture why a review is needed # we can do this with a Note if request.method == 'POST': form = ReviewFindingForm(request.POST) if form.is_valid(): now = timezone.now() new_note = Notes() new_note.entry = "Review Request: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding.notes.add(new_note) finding.active = False finding.verified = False finding.under_review = True finding.review_requested_by = user finding.last_reviewed = now finding.last_reviewed_by = request.user users = form.cleaned_data['reviewers'] finding.reviewers = users finding.save() create_notification(event='review_requested', title='Finding review requested', description='User %s has requested that you please review the finding "%s" for accuracy:\n\n%s' \ % (user, finding.title, new_note), icon='check', url=request.build_absolute_uri(reverse("view_finding", args=(finding.id,)))) messages.add_message(request, messages.SUCCESS, 'Finding marked for review and reviewers notified.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_finding', args=(finding.id,))) else: form = ReviewFindingForm() add_breadcrumb(parent=finding, title="Review Finding", top_level=False, request=request) return render(request, 'dojo/review_finding.html', {'finding': finding, 'user': user, 'form': form})
def finding_unlink_jira(request, finding): logger.debug('removing linked jira issue %s for finding %i', finding.jira_issue.jira_key, finding.id) finding.jira_issue.delete() finding.save(push_to_jira=False, dedupe_option=False, issue_updater_option=False) jira_issue_url = get_jira_url(finding) new_note = Notes() new_note.entry = 'unlinked JIRA issue %s from finding' % (jira_issue_url) new_note.author = request.user new_note.save() finding.notes.add(new_note) return True
def clear_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to clear a review for a finding, we need to capture why and how it was reviewed # we can do this with a Note if user == finding.review_requested_by or user in finding.reviewers.all(): pass else: return HttpResponseForbidden() if request.method == 'POST': form = ClearFindingReviewForm(request.POST, instance=finding) if form.is_valid(): now = timezone.now() new_note = Notes() new_note.entry = "Review Cleared: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding = form.save(commit=False) finding.under_review = False finding.last_reviewed = now finding.last_reviewed_by = request.user finding.reviewers = [] finding.save() finding.notes.add(new_note) messages.add_message(request, messages.SUCCESS, 'Finding review has been updated successfully.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_finding', args=(finding.id,))) else: form = ClearFindingReviewForm(instance=finding) add_breadcrumb(parent=finding, title="Clear Finding Review", top_level=False, request=request) return render(request, 'dojo/clear_finding_review.html', {'finding': finding, 'user': user, 'form': form})
def handle(self, *args, **options): findings = Finding.objects.exclude(jira_issue__isnull=True) findings = findings.filter(verified=True, active=True) findings = findings.prefetch_related('jira_issue') # finding = Finding.objects.get(id=1) for finding in findings: # try: JIRAError.log_to_tempfile = False jira = jira_helper.get_jira_connection(finding) j_issue = finding.jira_issue issue = jira.issue(j_issue.jira_id) # Issue Cloned print(issue.fields.issuelinks[0]) print("Jira Issue: " + str(issue)) print("Resolution: " + str(issue.fields.resolution)) if issue.fields.resolution is not None \ and not finding.under_defect_review: # print issue.fields.__dict__ print("Jira Issue: " + str(issue) + " changed status") # Create Jira Note now = timezone.now() new_note = Notes() new_note.entry = "Please Review Jira Request: " + str( issue) + ". Review status has changed to " + str( issue.fields.resolution) + "." new_note.author = User.objects.get(username='******') new_note.date = now new_note.save() finding.notes.add(new_note) finding.under_defect_review = True dojo_user = Dojo_User.objects.get(username='******') finding.defect_review_requested_by = dojo_user # Create alert to notify user jira_helper.log_jira_message("Jira issue status change, please review.", finding) finding.save() else: print("No update necessary")
def handle(self, *args, **options): findings = Finding.objects.exclude(jira_issue__isnull=True) findings = findings.filter(verified=True, active=True) # finding = Finding.objects.get(id=1) for finding in findings: # try: JIRAError.log_to_tempfile = False jira = get_jira_connection(finding) j_issue = JIRA_Issue.objects.get(finding=finding) issue = jira.issue(j_issue.jira_id) # Issue Cloned print issue.fields.issuelinks[0] print "Jira Issue: " + str(issue) print "Resolution: " + str(issue.fields.resolution) if issue.fields.resolution is not None \ and finding.under_defect_review == False: # print issue.fields.__dict__ print "Jira Issue: " + str(issue) + " changed status" # Create Jira Note now = timezone.now() new_note = Notes() new_note.entry = "Please Review Jira Request: " + str( issue) + ". Review status has changed to " + str( issue.fields.resolution) + "." new_note.author = User.objects.get(username='******') new_note.date = now new_note.save() finding.notes.add(new_note) finding.under_defect_review = True dojo_user = Dojo_User.objects.get(username='******') finding.defect_review_requested_by = dojo_user # Create alert to notify user log_jira_message("Jira issue status change, please review.", finding) finding.save() else: print "No update necessary"
def finding_link_jira(request, finding, new_jira_issue_key): logger.debug('linking existing jira issue %s for finding %i', new_jira_issue_key, finding.id) existing_jira_issue = jira_get_issue(get_jira_project(finding), new_jira_issue_key) jira_project = get_jira_project(finding) if not existing_jira_issue: raise ValueError('JIRA issue not found or cannot be retrieved: ' + new_jira_issue_key) jira_issue = JIRA_Issue(jira_id=existing_jira_issue.id, jira_key=existing_jira_issue.key, finding=finding, jira_project=jira_project) jira_issue.jira_key = new_jira_issue_key # jira timestampe are in iso format: 'updated': '2020-07-17T09:49:51.447+0200' # seems to be a pain to parse these in python < 3.7, so for now just record the curent time as # as the timestamp the jira link was created / updated in DD jira_issue.jira_creation = timezone.now() jira_issue.jira_change = timezone.now() jira_issue.save() finding.save(push_to_jira=False, dedupe_option=False, issue_updater_option=False) jira_issue_url = get_jira_url(finding) new_note = Notes() new_note.entry = 'linked JIRA issue %s to finding' % (jira_issue_url) new_note.author = request.user new_note.save() finding.notes.add(new_note) return True
def webhook(request): # Webhook shouldn't be active if jira isn't enabled if not get_system_setting('enable_jira'): raise PermissionDenied elif not get_system_setting('enable_jira_web_hook'): raise PermissionDenied if request.method == 'POST': parsed = json.loads(request.body.decode('utf-8')) if parsed.get('webhookEvent') == 'jira:issue_updated': jid = parsed['issue']['id'] jissue = get_object_or_404(JIRA_Issue, jira_id=jid) if jissue.finding is not None: finding = jissue.finding jira_conf = finding.jira_conf() resolved = True resolution = parsed['issue']['fields']['resolution'] if resolution is None: resolved = False if finding.active == resolved: if finding.active: if jira_conf and resolution[ 'name'] in jira_conf.accepted_resolutions: finding.active = False finding.mitigated = None finding.is_Mitigated = False finding.false_p = False assignee = parsed['issue']['fields'].get( 'assignee') assignee_name = assignee[ 'name'] if assignee else None Risk_Acceptance.objects.create( accepted_by=assignee_name, reporter=finding.reporter, ).accepted_findings.set([finding]) elif jira_conf and resolution[ 'name'] in jira_conf.false_positive_resolutions: finding.active = False finding.verified = False finding.mitigated = None finding.is_Mitigated = False finding.false_p = True finding.remove_from_any_risk_acceptance() else: # Mitigated by default as before now = timezone.now() finding.active = False finding.mitigated = now finding.endpoints.clear() finding.false_p = False finding.remove_from_any_risk_acceptance() else: # Reopen / Open Jira issue finding.active = True finding.mitigated = None finding.is_Mitigated = False finding.false_p = False finding.remove_from_any_risk_acceptance() finding.jira_change = timezone.now() finding.save() """ if jissue.engagement is not None: eng = jissue.engagement if parsed['issue']['fields']['resolution'] != None: eng.active = False eng.status = 'Completed' eng.save() """ if parsed.get('webhookEvent') == 'comment_created': comment_text = parsed['comment']['body'] commentor = parsed['comment']['updateAuthor']['displayName'] jid = parsed['comment']['self'].split('/')[7] jissue = JIRA_Issue.objects.get(jira_id=jid) finding = jissue.finding new_note = Notes() new_note.entry = '(%s): %s' % (commentor, comment_text) new_note.author, created = User.objects.get_or_create( username='******') new_note.save() finding.notes.add(new_note) finding.jira_change = timezone.now() finding.save() if parsed.get('webhookEvent') not in [ 'comment_created', 'jira:issue_updated' ]: logger.info('Unrecognized JIRA webhook event received: {}'.format( parsed.get('webhookEvent'))) return HttpResponse('')
def webhook(request, secret=None): if not get_system_setting('enable_jira'): logger.debug('ignoring incoming webhook as JIRA is disabled.') raise Http404('JIRA disabled') elif not get_system_setting('enable_jira_web_hook'): logger.debug('ignoring incoming webhook as JIRA Webhook is disabled.') raise Http404('JIRA Webhook disabled') elif not get_system_setting('disable_jira_webhook_secret'): if not get_system_setting('jira_webhook_secret'): logger.warning( 'ignoring incoming webhook as JIRA Webhook secret is empty in Defect Dojo system settings.' ) raise PermissionDenied('JIRA Webhook secret cannot be empty') if secret != get_system_setting('jira_webhook_secret'): logger.warning('invalid secret provided to JIRA Webhook') raise PermissionDenied( 'invalid or no secret provided to JIRA Webhook') # if webhook secret is disabled in system_settings, we ignore the incoming secret, even if it doesn't match # example json bodies at the end of this file if request.content_type != 'application/json': return HttpResponseBadRequest("only application/json supported") if request.method == 'POST': try: parsed = json.loads(request.body.decode('utf-8')) if parsed.get('webhookEvent') == 'jira:issue_updated': # xml examples at the end of file jid = parsed['issue']['id'] jissue = get_object_or_404(JIRA_Issue, jira_id=jid) logging.info("Received issue update for {}".format( jissue.jira_key)) if jissue.finding: finding = jissue.finding jira_instance = jira_helper.get_jira_instance(finding) resolved = True resolution = parsed['issue']['fields']['resolution'] # "resolution":{ # "self":"http://www.testjira.com/rest/api/2/resolution/11", # "id":"11", # "description":"Cancelled by the customer.", # "name":"Cancelled" # }, # or # "resolution": null if resolution is None: resolved = False logger.debug( "JIRA resolution is None, therefore resolved is now False" ) if finding.active is resolved: if finding.active: if jira_instance and resolution[ 'name'] in jira_instance.accepted_resolutions: logger.debug( "Marking related finding of {} as accepted. Creating risk acceptance." .format(jissue.jira_key)) finding.active = False finding.mitigated = None finding.is_Mitigated = False finding.false_p = False assignee = parsed['issue']['fields'].get( 'assignee') assignee_name = assignee[ 'name'] if assignee else None Risk_Acceptance.objects.create( accepted_by=assignee_name, owner=finding.reporter, ).accepted_findings.set([finding]) elif jira_instance and resolution[ 'name'] in jira_instance.false_positive_resolutions: logger.debug( "Marking related finding of {} as false-positive" .format(jissue.jira_key)) finding.active = False finding.verified = False finding.mitigated = None finding.is_Mitigated = False finding.false_p = True ra_helper.remove_from_any_risk_acceptance( finding) else: # Mitigated by default as before logger.debug( "Marking related finding of {} as mitigated (default)" .format(jissue.jira_key)) now = timezone.now() finding.active = False finding.mitigated = now finding.is_Mitigated = True finding.endpoints.clear() finding.false_p = False ra_helper.remove_from_any_risk_acceptance( finding) else: # Reopen / Open Jira issue logger.debug( "Re-opening related finding of {}".format( jissue.jira_key)) finding.active = True finding.mitigated = None finding.is_Mitigated = False finding.false_p = False ra_helper.remove_from_any_risk_acceptance(finding) else: # Reopen / Open Jira issue finding.active = True finding.mitigated = None finding.is_Mitigated = False finding.false_p = False ra_helper.remove_from_any_risk_acceptance(finding) finding.jira_issue.jira_change = timezone.now() finding.jira_issue.save() finding.save() elif jissue.engagement: # if parsed['issue']['fields']['resolution'] != None: # eng.active = False # eng.status = 'Completed' # eng.save() return HttpResponse('Update for engagement ignored') else: raise Http404( 'No finding or engagement found for JIRA issue {}'. format(jissue.jira_key)) if parsed.get('webhookEvent') == 'comment_created': """ example incoming requests from JIRA Server 8.14.0 { "timestamp":1610269967824, "webhookEvent":"comment_created", "comment":{ "self":"https://jira.host.com/rest/api/2/issue/115254/comment/466578", "id":"466578", "author":{ "self":"https://jira.host.com/rest/api/2/user?username=defect.dojo", "name":"defect.dojo", "key":"defect.dojo", # seems to be only present on JIRA Server, not on Cloud "avatarUrls":{ "48x48":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=48", "24x24":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=24", "16x16":"https://www.gravatar.com/avatar9637bfb970eff6176357df615f548f1c?d=mm&s=16", "32x32":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=32" }, "displayName":"Defect Dojo", "active":true, "timeZone":"Europe/Amsterdam" }, "body":"(Valentijn Scholten):test4", "updateAuthor":{ "self":"https://jira.host.com/rest/api/2/user?username=defect.dojo", "name":"defect.dojo", "key":"defect.dojo", "avatarUrls":{ "48x48":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=48", "24x24""https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=24", "16x16":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=16", "32x32":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=32" }, "displayName":"Defect Dojo", "active":true, "timeZone":"Europe/Amsterdam" }, "created":"2021-01-10T10:12:47.824+0100", "updated":"2021-01-10T10:12:47.824+0100" } } """ comment_text = parsed['comment']['body'] commentor = '' if 'name' in parsed['comment']['updateAuthor']: commentor = parsed['comment']['updateAuthor']['name'] elif 'emailAddress' in parsed['comment']['updateAuthor']: commentor = parsed['comment']['updateAuthor'][ 'emailAddress'] else: logger.debug( 'Could not find the author of this jira comment!') commentor_display_name = parsed['comment']['updateAuthor'][ 'displayName'] # example: body['comment']['self'] = "http://www.testjira.com/jira_under_a_path/rest/api/2/issue/666/comment/456843" jid = parsed['comment']['self'].split('/')[-3] jissue = get_object_or_404(JIRA_Issue, jira_id=jid) logging.info("Received issue comment for {}".format( jissue.jira_key)) logger.debug('jissue: %s', vars(jissue)) if jissue.finding: # logger.debug('finding: %s', vars(jissue.finding)) jira_usernames = JIRA_Instance.objects.values_list( 'username', flat=True) for jira_userid in jira_usernames: # logger.debug('incoming username: %s jira config username: %s', commentor.lower(), jira_userid.lower()) if jira_userid.lower() == commentor.lower(): logger.debug( 'skipping incoming JIRA comment as the user id of the comment in JIRA (%s) matches the JIRA username in DefectDojo (%s)', commentor.lower(), jira_userid.lower()) return HttpResponse('') break finding = jissue.finding new_note = Notes() new_note.entry = '(%s (%s)): %s' % ( commentor_display_name, commentor, comment_text) new_note.author, created = User.objects.get_or_create( username='******') new_note.save() finding.notes.add(new_note) finding.jira_issue.jira_change = timezone.now() finding.jira_issue.save() finding.save() create_notification( event='other', title='JIRA incoming comment - %s' % (jissue.finding), url=reverse("view_finding", args=(jissue.finding.id, )), icon='check') elif jissue.engagement: return HttpResponse('Comment for engagement ignored') else: raise Http404( 'No finding or engagement found for JIRA issue {}'. format(jissue.jira_key)) if parsed.get('webhookEvent') not in [ 'comment_created', 'jira:issue_updated' ]: logger.info( 'Unrecognized JIRA webhook event received: {}'.format( parsed.get('webhookEvent'))) except Exception as e: if isinstance(e, Http404): logger.warning('404 error processing JIRA webhook') else: logger.exception(e) try: logger.debug('jira_webhook_body_parsed:') logger.debug(json.dumps(parsed, indent=4)) except: logger.debug('jira_webhook_body:') logger.debug(request.body.decode('utf-8')) # reraise to make sure we don't silently swallow things raise return HttpResponse('')
def handle_uploaded_cvff(request, f): output = StringIO.StringIO() for chunk in f.chunks(): output.write(chunk) csvString = output.getvalue().splitlines(True)[1:] inputCSV = csv.reader(csvString, quoting=csv.QUOTE_NONNUMERIC) logger.error('Before moving into loop') isHeader = 1 indexOfResolution = 0 for row in inputCSV: if isHeader == 1: for col in row: if str(col) == "WSO2_resolution": isHeader = 0 break indexOfResolution = indexOfResolution + 1 try: finding = Finding.objects.filter(pk=float(row[0]))[0] logger.error('Finding note count for id ' + str(row[0]) + ' is : ' + str(finding.notes.count())) status = str(row[indexOfResolution]).strip().split("(")[0] if finding.notes.count() == 0: note = Notes(entry="[ " + status + " ] ~ " + row[indexOfResolution + 2], author=request.user) note.save() finding.notes.add(note) logger.info('Adding new note') else: note = finding.notes.all()[0] note.entry = "[ " + status + " ] ~ " + row[indexOfResolution + 2] note.author = request.user note.save() logger.info('Updating existing note' + str(note.id)) status = status.replace('.', '').replace(',', '').replace(' ', '').lower() finding.false_p = False finding.verified = False finding.active = False finding.out_of_scope = False finding.save() if status == 'falsepositive': finding.false_p = True finding.save() elif status == 'notathreat': finding.verified = True finding.save() elif status == 'needtobefixed': finding.active = True finding.save() elif status == 'needtofix': finding.active = True finding.save() elif status == 'truepositive': finding.active = True finding.save() elif status == 'alreadymitigated': finding.out_of_scope = True finding.save() elif status == 'notapplicable': finding.under_review = True finding.save() #elif status == 'cannotreproduce': # finding.under_review = True # finding.save() else: logger.error('Unknown status for : ' + str(row[0]) + ". Status is : " + status) except Exception as e: logger.error(e.message) logger.error('Error in processing row: ' + str(row[0]) + ". Skipping.")
def handle_uploaded_cvff(request, f): output = StringIO.StringIO() for chunk in f.chunks(): output.write(chunk) csvString = output.getvalue().splitlines(True)[1:] inputCSV = csv.reader(csvString, quoting=csv.QUOTE_NONNUMERIC) logger.error('Before moving into loop') isHeader = 1 indexOfResolution = 0 for row in inputCSV: if isHeader == 1: for col in row: if str(col) == "WSO2_resolution": isHeader = 0 break indexOfResolution = indexOfResolution + 1 try: finding = Finding.objects.filter(pk=float(row[0]))[0]; logger.error('Finding note count for id '+ str(row[0]) +' is : ' + str(finding.notes.count())) status = str(row[indexOfResolution]).strip().split("(")[0] if finding.notes.count() == 0: note = Notes(entry="[ " + status + " ] ~ " + row[indexOfResolution + 2], author=request.user) note.save() finding.notes.add(note); logger.info('Adding new note') else: note = finding.notes.all()[0] note.entry = "[ " + status + " ] ~ " + row[indexOfResolution + 2] note.author=request.user note.save() logger.info('Updating existing note' + str(note.id)) status = status.replace('.','').replace(',','').replace(' ','').lower() finding.false_p = False finding.verified = False finding.active = False finding.out_of_scope = False finding.save() if status == 'falsepositive': finding.false_p = True finding.save() elif status == 'notathreat': finding.verified = True finding.save() elif status == 'needtobefixed': finding.active = True finding.save() elif status == 'needtofix': finding.active = True finding.save() elif status == 'truepositive': finding.active = True finding.save() elif status == 'alreadymitigated': finding.out_of_scope = True finding.save() elif status == 'notapplicable': finding.under_review = True finding.save() #elif status == 'cannotreproduce': # finding.under_review = True # finding.save() else: logger.error('Unknown status for : ' + str(row[0]) + ". Status is : " + status) except Exception as e: logger.error(e.message) logger.error('Error in processing row: ' + str(row[0]) + ". Skipping.")