def upload_risk(request, eid):
eng = Engagement.objects.get(id=eid)
# exclude the findings already accepted
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
eng_findings = Finding.objects.filter(active="True", verified="True", duplicate="False", test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
if request.method == 'POST':
form = UploadRiskForm(request.POST, request.FILES)
if form.is_valid():
findings = form.cleaned_data['accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk = form.save(commit=False)
risk.reporter = form.cleaned_data['reporter']
risk.expiration_date = form.cleaned_data['expiration_date']
risk.accepted_by = form.cleaned_data['accepted_by']
risk.compensating_control = form.cleaned_data['compensating_control']
risk.path = form.cleaned_data['path']
risk.save() # have to save before findings can be added
risk.accepted_findings = findings
if form.cleaned_data['notes']:
notes = Notes(
entry=form.cleaned_data['notes'],
author=request.user,
date=timezone.now())
notes.save()
risk.notes.add(notes)
risk.save() # saving notes and findings
eng.risk_acceptance.add(risk)
eng.save()
messages.add_message(
request,
messages.SUCCESS,
'Risk exception saved.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_engagement', args=(eid, )))
else:
form = UploadRiskForm(initial={'reporter': request.user})
form.fields["accepted_findings"].queryset = eng_findings
product_tab = Product_Tab(eng.product.id, title="Upload Risk Exception", tab="engagements")
product_tab.setEngagement(eng)
return render(request, 'dojo/up_risk.html', {
'eng': eng,
'product_tab': product_tab,
'form': form
})
def upload_risk(request, eid):
eng = Engagement.objects.get(id=eid)
# exclude the findings already accepted
exclude_findings = [finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()]
eng_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
if request.method == 'POST':
form = UploadRiskForm(request.POST, request.FILES)
if form.is_valid():
findings = form.cleaned_data['accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk = form.save(commit=False)
risk.reporter = form.cleaned_data['reporter']
risk.path = form.cleaned_data['path']
risk.save() # have to save before findings can be added
risk.accepted_findings = findings
if form.cleaned_data['notes']:
notes = Notes(entry=form.cleaned_data['notes'],
author=request.user,
date=localtz.localize(datetime.today()))
notes.save()
risk.notes.add(notes)
risk.save() # saving notes and findings
eng.risk_acceptance.add(risk)
eng.save()
messages.add_message(request,
messages.SUCCESS,
'Risk acceptance saved.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_engagement', args=(eid,)))
else:
form = UploadRiskForm(initial={'reporter': request.user})
form.fields["accepted_findings"].queryset = eng_findings
add_breadcrumb(parent=eng, title="Upload Risk Acceptance", top_level=False, request=request)
return render(request, 'dojo/up_risk.html',
{'eng': eng, 'form': form})
def upload_risk(request, eid):
eng = Engagement.objects.get(id=eid)
unaccepted_findings = Finding.objects.filter(active="True", verified="True", duplicate="False", test__in=eng.test_set.all()) \
.exclude(risk_acceptance__isnull=False).order_by('title')
if request.method == 'POST':
form = UploadRiskForm(request.POST, request.FILES)
if form.is_valid():
findings = form.cleaned_data['accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk = form.save(commit=False)
risk.owner = form.cleaned_data['owner']
risk.expiration_date = form.cleaned_data['expiration_date']
risk.accepted_by = form.cleaned_data['accepted_by']
risk.compensating_control = form.cleaned_data[
'compensating_control']
risk.path = form.cleaned_data['path']
risk.save() # have to save before findings can be added
risk.accepted_findings.set(findings)
if form.cleaned_data['notes']:
notes = Notes(entry=form.cleaned_data['notes'],
author=request.user,
date=timezone.now())
notes.save()
risk.notes.add(notes)
risk.save() # saving notes and findings
eng.risk_acceptance.add(risk)
eng.save()
messages.add_message(request,
messages.SUCCESS,
'Risk exception saved.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_engagement', args=(eid, )))
else:
form = UploadRiskForm(
initial={
'owner': request.user,
'name': 'Ad Hoc ' +
timezone.now().strftime('%b %d, %Y, %H:%M:%S')
})
form.fields["accepted_findings"].queryset = unaccepted_findings
product_tab = Product_Tab(eng.product.id,
title="Upload Risk Exception",
tab="engagements")
product_tab.setEngagement(eng)
return render(request, 'dojo/up_risk.html', {
'eng': eng,
'product_tab': product_tab,
'form': form
})
def upload_risk(request, eid):
eng = Engagement.objects.get(id=eid)
# exclude the findings already accepted
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
eng_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by('title')
if request.method == 'POST':
form = UploadRiskForm(request.POST, request.FILES)
if form.is_valid():
findings = form.cleaned_data['accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk = form.save(commit=False)
risk.reporter = form.cleaned_data['reporter']
risk.path = form.cleaned_data['path']
risk.save() # have to save before findings can be added
risk.accepted_findings = findings
if form.cleaned_data['notes']:
notes = Notes(entry=form.cleaned_data['notes'],
author=request.user,
date=localtz.localize(datetime.today()))
notes.save()
risk.notes.add(notes)
risk.save() # saving notes and findings
eng.risk_acceptance.add(risk)
eng.save()
messages.add_message(request,
messages.SUCCESS,
'Risk acceptance saved.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_engagement', args=(eid, )))
else:
form = UploadRiskForm(initial={'reporter': request.user})
form.fields["accepted_findings"].queryset = eng_findings
add_breadcrumb(parent=eng,
title="Upload Risk Acceptance",
top_level=False,
request=request)
return render(request, 'dojo/up_risk.html', {'eng': eng, 'form': form})