def view_test(request, tid):
test_prefetched = get_authorized_tests(Permissions.Test_View)
test_prefetched = test_prefetched.annotate(
total_reimport_count=Count('test_import__id', distinct=True))
# tests_prefetched = test_prefetched.prefetch_related(Prefetch('test_import_set', queryset=Test_Import.objects.filter(~Q(findings_affected=None))))
# tests_prefetched = test_prefetched.prefetch_related('test_import_set')
# test_prefetched = test_prefetched.prefetch_related('test_import_set__test_import_finding_action_set')
test = get_object_or_404(test_prefetched, pk=tid)
# test = get_object_or_404(Test, pk=tid)
prod = test.engagement.product
notes = test.notes.all()
note_type_activation = Note_Type.objects.filter(is_active=True).count()
if note_type_activation:
available_note_types = find_available_notetypes(notes)
files = test.files.all()
person = request.user.username
findings = Finding.objects.filter(test=test).order_by('numerical_severity')
findings = FindingFilter(request.GET, queryset=findings)
stub_findings = Stub_Finding.objects.filter(test=test)
cred_test = Cred_Mapping.objects.filter(
test=test).select_related('cred_id').order_by('cred_id')
creds = Cred_Mapping.objects.filter(
engagement=test.engagement).select_related('cred_id').order_by(
'cred_id')
system_settings = get_object_or_404(System_Settings, id=1)
if request.method == 'POST':
user_has_permission_or_403(request.user, test, Permissions.Note_Add)
if note_type_activation:
form = TypedNoteForm(request.POST,
available_note_types=available_note_types)
else:
form = NoteForm(request.POST)
if form.is_valid():
new_note = form.save(commit=False)
new_note.author = request.user
new_note.date = timezone.now()
new_note.save()
test.notes.add(new_note)
if note_type_activation:
form = TypedNoteForm(available_note_types=available_note_types)
else:
form = NoteForm()
url = request.build_absolute_uri(
reverse("view_test", args=(test.id, )))
title = "Test: %s on %s" % (test.test_type.name,
test.engagement.product.name)
process_notifications(request, new_note, url, title)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
else:
if note_type_activation:
form = TypedNoteForm(available_note_types=available_note_types)
else:
form = NoteForm()
title_words = get_words_for_field(Finding, 'title')
component_words = get_words_for_field(Finding, 'component_name')
# test_imports = test.test_import_set.all()
test_imports = Test_Import.objects.filter(test=test)
test_import_filter = TestImportFilter(request.GET, test_imports)
paged_test_imports = get_page_items_and_count(request,
test_import_filter.qs,
5,
prefix='test_imports')
paged_test_imports.object_list = paged_test_imports.object_list.prefetch_related(
'test_import_finding_action_set')
paged_findings = get_page_items_and_count(request,
prefetch_for_findings(
findings.qs),
25,
prefix='findings')
paged_stub_findings = get_page_items(request, stub_findings, 25)
show_re_upload = any(test.test_type.name in code
for code in get_choices_sorted())
product_tab = Product_Tab(prod.id, title="Test", tab="engagements")
product_tab.setEngagement(test.engagement)
jira_project = jira_helper.get_jira_project(test)
finding_groups = test.finding_group_set.all().prefetch_related(
'findings', 'jira_issue', 'creator')
bulk_edit_form = FindingBulkUpdateForm(request.GET)
google_sheets_enabled = system_settings.enable_google_sheets
sheet_url = None
if google_sheets_enabled and system_settings.credentials:
spreadsheet_name = test.engagement.product.name + "-" + test.engagement.name + "-" + str(
test.id)
system_settings = get_object_or_404(System_Settings, id=1)
service_account_info = json.loads(system_settings.credentials)
SCOPES = ['https://www.googleapis.com/auth/drive']
credentials = service_account.Credentials.from_service_account_info(
service_account_info, scopes=SCOPES)
try:
drive_service = googleapiclient.discovery.build(
'drive', 'v3', credentials=credentials, cache_discovery=False)
folder_id = system_settings.drive_folder_ID
gs_files = drive_service.files().list(
q="mimeType='application/vnd.google-apps.spreadsheet' and parents in '%s' and name='%s'"
% (folder_id, spreadsheet_name),
spaces='drive',
pageSize=10,
fields='files(id, name)').execute()
except googleapiclient.errors.HttpError:
messages.add_message(
request,
messages.ERROR,
"There is a problem with the Google Sheets Sync Configuration. Contact your system admin to solve the issue. Until fixed, the Google Sheets Sync feature cannot be used.",
extra_tags="alert-danger",
)
google_sheets_enabled = False
except httplib2.ServerNotFoundError:
messages.add_message(
request,
messages.ERROR,
"Unable to reach the Google Sheet API.",
extra_tags="alert-danger",
)
else:
spreadsheets = gs_files.get('files')
if len(spreadsheets) == 1:
spreadsheetId = spreadsheets[0].get('id')
sheet_url = 'https://docs.google.com/spreadsheets/d/' + spreadsheetId
return render(
request, 'dojo/view_test.html', {
'test': test,
'prod': prod,
'product_tab': product_tab,
'findings': paged_findings,
'filtered': findings,
'stub_findings': paged_stub_findings,
'title_words': title_words,
'component_words': component_words,
'form': form,
'notes': notes,
'files': files,
'person': person,
'request': request,
'show_re_upload': show_re_upload,
'creds': creds,
'cred_test': cred_test,
'jira_project': jira_project,
'show_export': google_sheets_enabled
and system_settings.credentials,
'sheet_url': sheet_url,
'bulk_edit_form': bulk_edit_form,
'paged_test_imports': paged_test_imports,
'test_import_filter': test_import_filter,
'finding_groups': finding_groups,
'finding_group_by_options': Finding_Group.GROUP_BY_OPTIONS,
})
def view_test(request, tid):
test = get_object_or_404(Test, pk=tid)
prod = test.engagement.product
tags = Tag.objects.usage_for_model(Finding)
notes = test.notes.all()
note_type_activation = Note_Type.objects.filter(is_active=True).count()
if note_type_activation:
available_note_types = find_available_notetypes(notes)
person = request.user.username
findings = Finding.objects.filter(test=test).order_by('numerical_severity')
findings = OpenFindingFilter(request.GET, queryset=findings)
stub_findings = Stub_Finding.objects.filter(test=test)
cred_test = Cred_Mapping.objects.filter(
test=test).select_related('cred_id').order_by('cred_id')
creds = Cred_Mapping.objects.filter(
engagement=test.engagement).select_related('cred_id').order_by(
'cred_id')
system_settings = get_object_or_404(System_Settings, id=1)
if request.method == 'POST' and request.user.is_staff:
if note_type_activation:
form = TypedNoteForm(request.POST,
available_note_types=available_note_types)
else:
form = NoteForm(request.POST)
if form.is_valid():
new_note = form.save(commit=False)
new_note.author = request.user
new_note.date = timezone.now()
new_note.save()
test.notes.add(new_note)
if note_type_activation:
form = TypedNoteForm(available_note_types=available_note_types)
else:
form = NoteForm()
url = request.build_absolute_uri(
reverse("view_test", args=(test.id, )))
title = "Test: %s on %s" % (test.test_type.name,
test.engagement.product.name)
process_notifications(request, new_note, url, title)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
else:
if note_type_activation:
form = TypedNoteForm(available_note_types=available_note_types)
else:
form = NoteForm()
title_words = get_words_for_field(findings.qs, 'title')
component_words = get_words_for_field(findings.qs, 'component_name')
paged_findings, total_findings_count = get_page_items_and_count(
request, prefetch_for_findings(findings.qs), 25)
paged_stub_findings = get_page_items(request, stub_findings, 25)
show_re_upload = any(test.test_type.name in code
for code in ImportScanForm.SCAN_TYPE_CHOICES)
product_tab = Product_Tab(prod.id, title="Test", tab="engagements")
product_tab.setEngagement(test.engagement)
jira_config = JIRA_PKey.objects.filter(product=prod.id).first()
if jira_config:
jira_config = jira_config.conf_id
google_sheets_enabled = system_settings.enable_google_sheets
sheet_url = None
if google_sheets_enabled:
spreadsheet_name = test.engagement.product.name + "-" + test.engagement.name + "-" + str(
test.id)
system_settings = get_object_or_404(System_Settings, id=1)
service_account_info = json.loads(system_settings.credentials)
SCOPES = ['https://www.googleapis.com/auth/drive']
credentials = service_account.Credentials.from_service_account_info(
service_account_info, scopes=SCOPES)
try:
drive_service = googleapiclient.discovery.build(
'drive', 'v3', credentials=credentials, cache_discovery=False)
folder_id = system_settings.drive_folder_ID
files = drive_service.files().list(
q="mimeType='application/vnd.google-apps.spreadsheet' and parents in '%s' and name='%s'"
% (folder_id, spreadsheet_name),
spaces='drive',
pageSize=10,
fields='files(id, name)').execute()
except googleapiclient.errors.HttpError:
messages.add_message(
request,
messages.ERROR,
"There is a problem with the Google Sheets Sync Configuration. Contact your system admin to solve the issue. Until fixed Google Shet Sync feature can not be used.",
extra_tags="alert-danger",
)
google_sheets_enabled = False
except httplib2.ServerNotFoundError:
messages.add_message(
request,
messages.ERROR,
"Unable to reach the Google Sheet API.",
extra_tags="alert-danger",
)
else:
spreadsheets = files.get('files')
if len(spreadsheets) == 1:
spreadsheetId = spreadsheets[0].get('id')
sheet_url = 'https://docs.google.com/spreadsheets/d/' + spreadsheetId
return render(
request, 'dojo/view_test.html', {
'test': test,
'product_tab': product_tab,
'findings': paged_findings,
'filtered': findings,
'findings_count': total_findings_count,
'stub_findings': paged_stub_findings,
'title_words': title_words,
'component_words': component_words,
'form': form,
'notes': notes,
'person': person,
'request': request,
'show_re_upload': show_re_upload,
'creds': creds,
'cred_test': cred_test,
'tag_input': tags,
'jira_config': jira_config,
'show_export': google_sheets_enabled,
'sheet_url': sheet_url
})
