def get_new_vulnerabilities():
"""Summary mail send with the findings of a project."""
rollbar.report_message(
'Warning: Function to get new vulnerabilities is running', 'warning')
projects = project_domain.get_active_projects()
fin_attrs = 'finding_id, historic_treatment, project_name, finding'
for project in projects:
context = {'updated_findings': list(), 'no_treatment_findings': list()}
try:
finding_requests = project_domain.get_released_findings(project, fin_attrs)
for act_finding in finding_requests:
finding_url = get_finding_url(act_finding)
msj_finding_pending = \
create_msj_finding_pending(act_finding)
delta = calculate_vulnerabilities(act_finding)
finding_text = format_vulnerabilities(delta, act_finding)
if msj_finding_pending:
context['no_treatment_findings'].append({'finding_name': msj_finding_pending,
'finding_url': finding_url})
if finding_text:
context['updated_findings'].append({'finding_name': finding_text,
'finding_url': finding_url})
context['project'] = str.upper(str(act_finding['project_name']))
context['project_url'] = '{url!s}/dashboard#!/project/' \
'{project!s}/indicators' \
.format(url=BASE_URL, project=act_finding['project_name'])
except (TypeError, KeyError):
rollbar.report_message(
'Error: An error ocurred getting new vulnerabilities '
'notification email',
'error', payload_data=locals())
raise
if context['updated_findings']:
mail_to = prepare_mail_recipients(project)
send_mail_new_vulnerabilities(mail_to, context)
def create_register_by_week(project: str) -> List[List[Dict[str, Union[str, int]]]]:
"""Create weekly vulnerabilities registry by project"""
accepted = 0
closed = 0
found = 0
all_registers = OrderedDict()
findings_released = project_domain.get_released_findings(project)
vulns = get_all_vulns_by_project(findings_released)
if vulns:
first_day, last_day = get_first_week_dates(vulns)
first_day_last_week = get_date_last_vulns(vulns)
while first_day <= first_day_last_week:
result_vulns_by_week = get_status_vulns_by_time_range(
vulns, first_day,
last_day,
findings_released)
accepted += result_vulns_by_week.get('accepted', 0)
closed += result_vulns_by_week.get('closed', 0)
found += result_vulns_by_week.get('found', 0)
if any(status_vuln for status_vuln in list(result_vulns_by_week.values())):
week_dates = create_weekly_date(first_day)
all_registers[week_dates] = {
'found': found,
'closed': closed,
'accepted': accepted,
'assumed_closed': accepted + closed
}
first_day = str(datetime.strptime(first_day, '%Y-%m-%d %H:%M:%S') +
timedelta(days=7))
last_day = str(datetime.strptime(last_day, '%Y-%m-%d %H:%M:%S') +
timedelta(days=7))
return create_data_format_chart(all_registers)
def test_get_all_vulns_by_project(self):
all_registers = get_released_findings('UNITTESTING')
test_data = get_all_vulns_by_project(all_registers)
assert isinstance(test_data, list)
for item in test_data:
assert isinstance(item, dict)
assert test_data[0]['finding_id']
def test_get_status_vulns_by_time_range(self):
released_findings = get_released_findings('UNITTESTING')
first_day = '2019-01-01 12:00:00'
last_day = '2019-06-30 23:59:59'
vulns = get_all_vulns_by_project(released_findings)
test_data = get_status_vulns_by_time_range(
vulns, first_day, last_day, released_findings
)
expected_output = {'found': 6, 'accepted': 4, 'closed': 2}
assert test_data == expected_output
def test_get_accepted_vulns(self):
released_findings = get_released_findings('UNITTESTING')
first_day = '2019-01-01 12:00:00'
last_day = '2019-06-30 23:59:59'
vulns = get_all_vulns_by_project(released_findings)
test_data = get_accepted_vulns(
released_findings, vulns, first_day, last_day
)
expected_output = 4
assert test_data == expected_output
def get_project_indicators(project: str) -> Dict[str, object]:
findings = project_domain.get_released_findings(
project, 'finding_id, historic_treatment, cvss_temporal')
indicators = {
'last_closing_date': project_domain.get_last_closing_vuln(findings),
'mean_remediate': project_domain.get_mean_remediate(findings),
'max_open_severity': project_domain.get_max_open_severity(findings),
'total_treatment': project_domain.get_total_treatment(findings),
'remediated_over_time': create_register_by_week(project)
}
return indicators
def generate_complete_report(request):
user_data = util.get_jwt_content(request)
projects = user_domain.get_projects(user_data['user_email'])
book = load_workbook('/usr/src/app/app/techdoc/templates/COMPLETE.xlsx')
sheet = book.active
project_col = 1
finding_col = 2
vuln_where_col = 3
vuln_specific_col = 4
treatment_col = 5
treatment_mgr_col = 6
row_offset = 2
row_index = row_offset
for project in projects:
findings = project_domain.get_released_findings(
project, 'finding_id, finding, treatment')
for finding in findings:
vulns = finding_dal.get_vulnerabilities(finding['finding_id'])
for vuln in vulns:
sheet.cell(row_index, vuln_where_col, vuln['where'])
sheet.cell(row_index, vuln_specific_col, vuln['specific'])
sheet.cell(row_index, project_col, project.upper())
sheet.cell(row_index, finding_col, '{name!s} (#{id!s})'.format(
name=finding['finding'].encode('utf-8'),
id=finding['finding_id']))
sheet.cell(row_index, treatment_col, finding['treatment'])
sheet.cell(row_index, treatment_mgr_col,
vuln.get('treatment_manager', 'Unassigned'))
row_index += 1
username = user_data['user_email'].split('@')[0].encode('utf8', 'ignore')
filename = 'complete_report.xlsx'
filepath = '/tmp/{username}-{filename}'.format(filename=filename,
username=username)
book.save(filepath)
with open(filepath, 'rb') as document:
response = HttpResponse(document.read())
response['Content-Type'] = 'application/vnd.openxmlformats\
-officedocument.spreadsheetml.sheet'
response['Content-Disposition'] = 'inline;filename={filename}'.format(
filename=filename)
return response