def download_report(): if request.args.get("proj") != None: project_id = request.args.get("proj") if Project.getProject(project_id) != False: project = Project.getProject(project_id) options = { 'page-size': 'A4', 'margin-top': '0in', 'margin-right': '0in', 'margin-bottom': '0.2in', 'margin-left': '0in', 'footer-center': '[page] of [topage]', } url = str(request.url_root)+"/report?project_id="+str(project_id) pdf = pdfkit.from_url(url, False, options=options) response = make_response(pdf) response.headers["Content-Type"] = "application/pdf" projectName = str(project['projectName']) projectName = projectName.replace(" ","-") reportName = projectName+"-Report_"+str(date.today()) response.headers["Content-Disposition"] = "inline; filename="+reportName+".pdf" return response else: return "Missing project ID"
def get_report(): project_id = request.args.get("project_id") project = Project.getProject(id=project_id) vulnerabilities = Vulnerability.getVulnerabilities(report_id=project_id) severities = Vulnerability.getVulnerabilitiesSeverities(project_id) vulnerabilities1 = Vulnerability.getVulnerabilities(report_id=project_id) clientLogo = project["clientLogoID"][0] print(clientLogo) if vulnerabilities != None: return render_template('report.html', project=project, vulnerabilities=vulnerabilities, vulnerabilities1 = vulnerabilities1, severities=severities, filename=clientLogo) else: return False
def add_vulnerability(): report_id = request.form['report_id'] name = request.form['name'] status = request.form['status'] severity = request.form['severity'] exploitability = request.form['exploitability'] poc = request.form['poc'] description = request.form['description'] comments = request.form['comments'] references = request.form['references'] owaspTop10 = request.form['owaspTop10'] risk = request.form['risk'] date = request.form['date'] remediation = request.form['remediation'] if 'pocImageIDText' in request.form: pocImage = request.form['pocImageIDText'] print(pocImage) else: pocImage = None if 'pocImage' in request.files: image = request.files['pocImage'] if image.filename != '': # add picture to DB and get ID image_id = Project.addImage(image, image.filename) pocImage = image.filename vuln_id = request.args.get('vuln') if vuln_id !=None: #if vuln already exist, dont add it, just edit it if Vulnerability.getVulnerability(vuln_id) != False: vulnerability = Vulnerability(_id=vuln_id, report_id=report_id, name=name, status=status, severity=severity, exploitability=exploitability, poc=poc, description=description, comments=comments, references=references, owaspTop10=owaspTop10, risk=risk, remediation=remediation, pocImage=pocImage, date=date) Vulnerability.editVulnerability(vuln_id, vulnerability) else: #if vuln does not exist, add it vulnerability = Vulnerability(report_id=report_id, name=name, status=status, severity=severity, exploitability=exploitability, poc=poc, description=description, comments=comments, references=references, owaspTop10=owaspTop10, risk=risk, remediation=remediation, pocImage=pocImage, date=date) Vulnerability.addVulnerability(vulnerability) return project_template(projectID=report_id)
def project_template(projectID=None): if projectID is None: projectID = request.args.get('proj') project = Project.getProject(projectID) if (projectID != None): vulnerabilities = Vulnerability.getVulnerabilities(projectID) clientLogo = project['clientLogoID'][0] else: vulnerabilities = None clientLogo = None if (project != False): clientLogo = project['clientLogoID'][0] else: clientLogo = None return render_template('project.html', project = project, clientLogo=clientLogo, vulnerabilities=vulnerabilities)
def add_project(): projectName = request.form['projectName'] client = request.form['client'] contact = request.form['contact'] description = request.form['description'] target = request.form['target'] scope = request.form['scope'] startDate = request.form['startDate'] endDate = request.form['endDate'] author = request.form['author'] testers = request.form['testers'] reviewers = request.form['reviewers'] executiveSummary = request.form['executiveSummary'] conclusion = request.form['conclusion'] clientLogoID = request.form['clientLogoIDtext'] if 'clientLogoID' in request.files: image = request.files['clientLogoID'] if image.filename!='': #add picture to DB and get ID image_id = Project.addImage(image, image.filename) clientLogoID = image.filename if request.form['projectID'] !=None: #if project already exist, dont add it, just edit it projectID = request.form['projectID'] if Project.getProject(projectID) != False: project = Project(_id=projectID,projectName=projectName, client=client, contact=contact, author=author, description=description, target=target, scope=scope, startDate=startDate, endDate=endDate, testers=testers, reviewers=reviewers, executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID) Project.editProject(projectID, project) else: #if project does not exist, add it project = Project(projectName=projectName, client=client, contact=contact, description=description, target=target, scope=scope, startDate=startDate, endDate=endDate, author=author, testers=testers, reviewers=reviewers, executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID) Project.addProject(project) return projects_template()
# #Add # print("testing add") # Project.addProject(project) #Working # # #find # print("testing find all") # projects = Project.getProjects() #Working # # projects_list = [] # if projects != None: # for project in projects: # print(project["_id"]) # projects_list.append(project) # # print("number of projects is :", len(projects_list)) # # #Delete # print("testing delete") # #print(Project.deleteProject(id="caf248905e1b49598c7ddb58c2ea06e4")) #working # # #update # print("testing edit") # print(Project.editProject(id="c9534e72a12b4227900487640af5af8d", newObj={"client":"NewClientName"})) # # #get # print("testing find one") # projectx = Project.getProject("fef85927c1804a8ebbfdaa1a2b149002") # print(projectx) print(Project.getProjectNumbersOfVulnerabilities())
owaspTop10="hacker", description="hacker", references="www.example.com", risk="", remidiation="") #add vuln #Vulnerability.addVulnerability(vulnerability01) #workring #Vulnerability.addVulnerability(vulnerability02) #Vulnerability.addVulnerability(vulnerability03) #find all vuln of report print("testing find all vuln of a project") vulnerabilities_list = [] vulnerabilities = Vulnerability.getVulnerabilities( "baf03af5f64e438a9bad9b161863782b") #working project = Project.getProject("baf03af5f64e438a9bad9b161863782b") print(project["client"]) for vuln in vulnerabilities: vulnerabilities_list.append(vuln) for vuln in vulnerabilities_list: print(vuln["name"], vuln["severity"], vuln["_id"], vuln["status"]) #find one vuln print("testing find one vuln") vuln = Vulnerability.getVulnerability("7c40e40dfc7b4f97a3e3436838759403") print(vuln) #edit vuln print("testing edit") print( Vulnerability.editVulnerability(id="14ce263fde964e7ead2b424bc712dd79",
from src.models.Project import Project from src.common.Database import Database Database.initialize() project = Project(author="tester1", client="ClientName2", contact=11100011, testers=["tester1", "tester2"], reference="xx123", startDate="01-01-2020", endDate="02-01-2020", description="first project for testing", scope=["www.example1.com", "www.example2.com", "127.0.0.1"], target="Client Website", reviewers=["manager1", "client1", "developer1"]) #Add #Database.insert(collection="projects",data=project.json()) Project.addProject(project) #find projects = Project.getProjects() projects_list = [] for project in projects: print(project["id"]) projects_list.append(project) print("number of projects is :", len(projects_list)) #Delete #Database.delete_many(collection="projects",query={"client": "ClientName"})
def delete_project(): _id = request.form["project_id"] Project.deleteProject(id=_id) return projects_template()
def projects_template(): #fetch projects from model projects = Project.getProjects() nos_vulns = Project.getProjectNumbersOfVulnerabilities() return render_template('projects.html', projects=zip(projects, nos_vulns))
def getImage(filename): if filename == "None": return "" else: return Project.getImage(filename=filename)