def get_new_vulnerabilities(): """Summary mail send with the findings of a project.""" rollbar.report_message( 'Warning: Function to get new vulnerabilities is running', 'warning') projects = project_domain.get_active_projects() fin_attrs = 'finding_id, historic_treatment, project_name, finding' for project in projects: context = {'updated_findings': list(), 'no_treatment_findings': list()} try: finding_requests = project_domain.get_released_findings(project, fin_attrs) for act_finding in finding_requests: finding_url = get_finding_url(act_finding) msj_finding_pending = \ create_msj_finding_pending(act_finding) delta = calculate_vulnerabilities(act_finding) finding_text = format_vulnerabilities(delta, act_finding) if msj_finding_pending: context['no_treatment_findings'].append({'finding_name': msj_finding_pending, 'finding_url': finding_url}) if finding_text: context['updated_findings'].append({'finding_name': finding_text, 'finding_url': finding_url}) context['project'] = str.upper(str(act_finding['project_name'])) context['project_url'] = '{url!s}/dashboard#!/project/' \ '{project!s}/indicators' \ .format(url=BASE_URL, project=act_finding['project_name']) except (TypeError, KeyError): rollbar.report_message( 'Error: An error ocurred getting new vulnerabilities ' 'notification email', 'error', payload_data=locals()) raise if context['updated_findings']: mail_to = prepare_mail_recipients(project) send_mail_new_vulnerabilities(mail_to, context)
def create_register_by_week(project: str) -> List[List[Dict[str, Union[str, int]]]]: """Create weekly vulnerabilities registry by project""" accepted = 0 closed = 0 found = 0 all_registers = OrderedDict() findings_released = project_domain.get_released_findings(project) vulns = get_all_vulns_by_project(findings_released) if vulns: first_day, last_day = get_first_week_dates(vulns) first_day_last_week = get_date_last_vulns(vulns) while first_day <= first_day_last_week: result_vulns_by_week = get_status_vulns_by_time_range( vulns, first_day, last_day, findings_released) accepted += result_vulns_by_week.get('accepted', 0) closed += result_vulns_by_week.get('closed', 0) found += result_vulns_by_week.get('found', 0) if any(status_vuln for status_vuln in list(result_vulns_by_week.values())): week_dates = create_weekly_date(first_day) all_registers[week_dates] = { 'found': found, 'closed': closed, 'accepted': accepted, 'assumed_closed': accepted + closed } first_day = str(datetime.strptime(first_day, '%Y-%m-%d %H:%M:%S') + timedelta(days=7)) last_day = str(datetime.strptime(last_day, '%Y-%m-%d %H:%M:%S') + timedelta(days=7)) return create_data_format_chart(all_registers)
def test_get_all_vulns_by_project(self): all_registers = get_released_findings('UNITTESTING') test_data = get_all_vulns_by_project(all_registers) assert isinstance(test_data, list) for item in test_data: assert isinstance(item, dict) assert test_data[0]['finding_id']
def test_get_status_vulns_by_time_range(self): released_findings = get_released_findings('UNITTESTING') first_day = '2019-01-01 12:00:00' last_day = '2019-06-30 23:59:59' vulns = get_all_vulns_by_project(released_findings) test_data = get_status_vulns_by_time_range( vulns, first_day, last_day, released_findings ) expected_output = {'found': 6, 'accepted': 4, 'closed': 2} assert test_data == expected_output
def test_get_accepted_vulns(self): released_findings = get_released_findings('UNITTESTING') first_day = '2019-01-01 12:00:00' last_day = '2019-06-30 23:59:59' vulns = get_all_vulns_by_project(released_findings) test_data = get_accepted_vulns( released_findings, vulns, first_day, last_day ) expected_output = 4 assert test_data == expected_output
def get_project_indicators(project: str) -> Dict[str, object]: findings = project_domain.get_released_findings( project, 'finding_id, historic_treatment, cvss_temporal') indicators = { 'last_closing_date': project_domain.get_last_closing_vuln(findings), 'mean_remediate': project_domain.get_mean_remediate(findings), 'max_open_severity': project_domain.get_max_open_severity(findings), 'total_treatment': project_domain.get_total_treatment(findings), 'remediated_over_time': create_register_by_week(project) } return indicators
def generate_complete_report(request): user_data = util.get_jwt_content(request) projects = user_domain.get_projects(user_data['user_email']) book = load_workbook('/usr/src/app/app/techdoc/templates/COMPLETE.xlsx') sheet = book.active project_col = 1 finding_col = 2 vuln_where_col = 3 vuln_specific_col = 4 treatment_col = 5 treatment_mgr_col = 6 row_offset = 2 row_index = row_offset for project in projects: findings = project_domain.get_released_findings( project, 'finding_id, finding, treatment') for finding in findings: vulns = finding_dal.get_vulnerabilities(finding['finding_id']) for vuln in vulns: sheet.cell(row_index, vuln_where_col, vuln['where']) sheet.cell(row_index, vuln_specific_col, vuln['specific']) sheet.cell(row_index, project_col, project.upper()) sheet.cell(row_index, finding_col, '{name!s} (#{id!s})'.format( name=finding['finding'].encode('utf-8'), id=finding['finding_id'])) sheet.cell(row_index, treatment_col, finding['treatment']) sheet.cell(row_index, treatment_mgr_col, vuln.get('treatment_manager', 'Unassigned')) row_index += 1 username = user_data['user_email'].split('@')[0].encode('utf8', 'ignore') filename = 'complete_report.xlsx' filepath = '/tmp/{username}-{filename}'.format(filename=filename, username=username) book.save(filepath) with open(filepath, 'rb') as document: response = HttpResponse(document.read()) response['Content-Type'] = 'application/vnd.openxmlformats\ -officedocument.spreadsheetml.sheet' response['Content-Disposition'] = 'inline;filename={filename}'.format( filename=filename) return response