def create_new_submission(): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) form = SubmitForm(request.form) # validates input and csrf token if form.validate_on_submit(): submissions_table.put_item( Item={ 'Uid': str(uuid4()), 'CreatedBy': data['username'], 'CreatedAt': get_current_timestamp(), 'Title': form.title.data, 'Content': form.content.data, 'Reviewed': False, 'ReviewedBy': "", 'ReviewedAt': "", 'Deleted': False }) if request.form['submit'] == "Submit": return redirect('/') elif request.form['submit'] == "Submit and create another": return redirect('/submit') else: return redirect('/') return render_template('submit_new.html', form=form, data=data)
def search(): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) form = SearchFrom(request.form) items_list = [] is_search = False if request.method == "POST": is_search = True keywords = [string.strip() for string in form.hidden.data.split(",")] tags_list = [string.strip() for string in form.tags.data.split(",")] response = findings_table.scan( FilterExpression=Attr('Published').eq(True)) items = response['Items'] for item in items: if search_results(keywords=keywords, tags_list=tags_list, item=item): item['CreatedAt'] = get_real_date_from_timestamp( item['CreatedAt']) items_list.append(item) return render_template("search.html", items=items_list, form=form, tags=tag_list, data=data, is_search=is_search)
def home(): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) if get_jwt_identity(): # make a list of recent approved findings only response = findings_table.scan( FilterExpression=Attr('Published').eq(True)) items = response['Items'] ordered_items = sorted(items, key=lambda k: k['CreatedAt'], reverse=True) # replace timestamp with real time for item in ordered_items: if item['Deleted']: ordered_items.remove(item) else: item['CreatedAt'] = get_real_date_from_timestamp( item['CreatedAt']) return render_template('index.html', items=ordered_items, data=data) else: return url_for('.sign_in')
def review_submission(Uid, CreatedBy): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) form = PublishForm(request.form) item = get_submission_item(Uid, CreatedBy) item_created_at = item['CreatedAt'] item['CreatedAt'] = get_real_datetime_from_timestamp(item['CreatedAt']) if form.validate_on_submit(): tags = request.form['tags'].split(",") current_time = get_current_timestamp() findings_table.put_item( Item={ 'Uid': Uid, 'CreatedBy': CreatedBy, 'CreatedAt': item_created_at, 'firstReviewedBy': data['username'], 'firstReviewedAt': current_time, 'secondReviewedBy': "", 'secondReviewedAt': "", 'LastEditAt': "", 'LastEditBy': "", 'Approved': False, 'Title': form.title.data, 'Description': form.finding_description.data, 'Probability': form.risk_probability.data, 'Severity': form.risk_severity.data, 'OverallRisk': form.risk_level.data, 'RiskDetails': form.risk_description.data, 'Recommendations': form.risk_recommendations.data, 'Published': True, 'Deleted': False, 'Tags': tags }) submissions_table.update_item( Key={ 'Uid': Uid, 'CreatedBy': CreatedBy }, UpdateExpression= "SET Reviewed = :val1, ReviewedAt = :val2, ReviewedBy = :val3", ExpressionAttributeValues={ ':val1': True, ':val2': current_time, ':val3': data['username'] }) item = get_finding_item(Uid, CreatedBy) create_docx_from_item(item=item) return redirect('/findings/view/finding=' + Uid + "by=" + CreatedBy) return render_template("review_submission.html", item=item, form=form, tags=tag_list, data=data)
def findings_trash(): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) response = findings_table.scan(FilterExpression=Attr('Deleted').eq(True)) items = response['Items'] ordered_items = sorted(items, key=lambda k: k['CreatedAt'], reverse=True) for item in ordered_items: item['CreatedAt'] = get_real_datetime_from_timestamp(item['CreatedAt']) return render_template('findings_trash.html', items=items, data=data)
def second_review_finding(Uid, CreatedBy): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) form = PublishForm(request.form) item = get_finding_item(Uid, CreatedBy) if form.validate_on_submit(): tags = request.form['tags'].split(",") findings_table.update_item( Key={ 'Uid': Uid, 'CreatedBy': CreatedBy }, UpdateExpression= "SET Title = :val1, Description = :val2, RiskDetails = :val3, Probability = :val4, " "Severity = :val5, OverallRisk = :val6, Recommendations = :val7, Tags = :val8," "Approved = :val9, secondReviewedAt = :val10, secondReviewedBy = :val11, " "LastEditAt = :val10, LastEditBy = :val11", ExpressionAttributeValues={ ':val1': form.title.data, ':val2': form.finding_description.data, ':val3': form.risk_description.data, ':val4': form.risk_probability.data, ':val5': form.risk_severity.data, ':val6': form.risk_level.data, ':val7': form.risk_recommendations.data, ':val8': tags, ':val9': True, ':val10': get_current_timestamp(), ':val11': data['username'] }) item = get_finding_item(Uid, CreatedBy) create_docx_from_item(item=item) return redirect('/findings/view/finding=' + Uid + 'by=' + CreatedBy) return render_template("second_review_finding.html", item=item, form=form, tags=tag_list, data=data)
def second_review_list(): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) response = findings_table.scan(FilterExpression=Attr('Approved').eq(False)) # on button click i = 0 items = response['Items'] ordered_items = sorted(items, key=lambda k: k['CreatedAt'], reverse=True) for item in ordered_items: if item['Deleted']: i += 1 items.remove(item) timestamp = item['CreatedAt'] real_time = get_real_datetime_from_timestamp(timestamp=timestamp) item['CreatedAt'] = real_time return render_template('waiting_for_second_review.html', items=items, trash=i, data=data)
def view_finding(Uid, CreatedBy): verify_jwt_in_request() data = get_user_data_from_cookies(user_request=request) form = ButtonForm(request.form) item = get_finding_item(Uid, CreatedBy) item['CreatedAt'] = get_real_datetime_from_timestamp(item['CreatedAt']) item['firstReviewedAt'] = get_real_datetime_from_timestamp( item['firstReviewedAt']) if item['secondReviewedAt'] != "": item['secondReviewedAt'] = get_real_datetime_from_timestamp( item['secondReviewedAt']) if item['LastEditAt'] != "": item['LastEditAt'] = get_real_datetime_from_timestamp( item['LastEditAt']) return render_template("view_finding.html", item=item, data=data, form=form)