def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False).distinct() # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def all_endpoints(request): endpoints = Endpoint.objects.all() # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "All Endpoints", })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter( finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False).distinct() product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user)) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) return render( request, 'dojo/endpoints.html', { "endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def all_endpoints(request): endpoints = Endpoint.objects.all() # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user)) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "All Endpoints", })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, mitigated=False).prefetch_related( 'product', 'product__tags', 'tags').distinct() # are they authorized if request.user.is_staff: pass else: endpoints = Endpoint.objects.filter( Q(product__authorized_users__in=[request.user]) | Q(product__prod_type__authorized_users__in=[request.user])) if not endpoints: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) endpoints_query = endpoints.qs.order_by('host') paged_endpoints = get_page_items(request, endpoints_query, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) system_settings = System_Settings.objects.get() product_tab = None view_name = "All Endpoints" if product: product_tab = Product_Tab(product.id, "Vulnerable Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def report_builder(request): add_breadcrumb(title="Report Builder", top_level=True, request=request) findings = Finding.objects.all() findings = ReportAuthedFindingFilter(request.GET, queryset=findings) endpoints = Endpoint.objects.filter( finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, ).distinct() ids = get_endpoint_ids(endpoints) endpoints = Endpoint.objects.filter(id__in=ids) endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) in_use_widgets = [ReportOptions(request=request)] available_widgets = [ CoverPage(request=request), TableOfContents(request=request), WYSIWYGContent(request=request), FindingList(request=request, findings=findings), EndpointList(request=request, endpoints=endpoints), PageBreak() ] return render(request, 'dojo/report_builder.html', { "available_widgets": available_widgets, "in_use_widgets": in_use_widgets })
def report_endpoints(request): user = Dojo_User.objects.get(id=request.user.id) endpoints = Endpoint.objects.filter( finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, ).distinct() ids = get_endpoint_ids(endpoints) endpoints = Endpoint.objects.filter(id__in=ids) endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) return render( request, 'dojo/report_endpoints.html', { "endpoints": paged_endpoints, "filtered": endpoints, "title": "endpoint-list", })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, mitigated=False).prefetch_related( 'product', 'product__tags', 'tags').distinct() endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user) product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if not settings.FEATURE_AUTHORIZATION_V2: if not user_is_authorized(request.user, 'view', product): raise PermissionDenied else: user_has_permission_or_403(request.user, product, Permissions.Product_View) ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) endpoints_query = endpoints.qs.order_by('host') paged_endpoints = get_page_items(request, endpoints_query, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) product_tab = None if product: product_tab = Product_Tab(product.id, "Vulnerable Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def all_endpoints(request): endpoints = Endpoint.objects.all() show_uri = get_system_setting('display_endpoint_uri') # are they authorized if request.user.is_staff: pass else: products = Product.objects.filter(authorized_users__in=[request.user]) if products.exists(): endpoints = endpoints.filter(product__in=products.all()) else: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if show_uri: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) else: ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) product_tab = None view_name = "All Endpoints" if product: view_name = "Endpoints" product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "show_uri": show_uri })
def vulnerable_endpoints(request): endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False).distinct() product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user)) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints, 25) add_breadcrumb(title="Vulnerable Endpoints", top_level=not len(request.GET), request=request) return render(request, 'dojo/endpoints.html', {"endpoints": paged_endpoints, "filtered": endpoints, "name": "Vulnerable Endpoints", })
def all_endpoints(request): endpoints = Endpoint.objects.all().prefetch_related( 'product', 'tags', 'product__tags') show_uri = get_system_setting('display_endpoint_uri') # are they authorized if request.user.is_staff: pass else: endpoints = Endpoint.objects.filter( Q(product__authorized_users__in=[request.user]) | Q(product__prod_type__authorized_users__in=[request.user])) if not endpoints: raise PermissionDenied product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if show_uri: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) else: ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) product_tab = None view_name = "All Endpoints" if product: view_name = "Endpoints" product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "show_uri": show_uri })
def all_endpoints(request): endpoints = Endpoint.objects.prefetch_related('product', 'tags', 'product__tags') endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user) show_uri = get_system_setting('display_endpoint_uri') product = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) if not settings.FEATURE_AUTHORIZATION_V2: if not user_is_authorized(request.user, 'view', product): raise PermissionDenied else: user_has_permission_or_403(request.user, product, Permissions.Product_View) if show_uri: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) else: ids = get_endpoint_ids( EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) add_breadcrumb(title="All Endpoints", top_level=not len(request.GET), request=request) product_tab = None view_name = "All Endpoints" if product: view_name = "Endpoints" product_tab = Product_Tab(product.id, "Endpoints", tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "show_uri": show_uri })
def process_endpoints_view(request, host_view=False, vulnerable=False): if vulnerable: endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False) endpoints = endpoints.filter(endpoint_status__mitigated=False) else: endpoints = Endpoint.objects.all() endpoints = endpoints.prefetch_related('product', 'product__tags', 'tags').distinct() endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user) if host_view: ids = get_endpoint_ids(EndpointFilter(request.GET, queryset=endpoints, user=request.user).qs) endpoints = EndpointFilter(request.GET, queryset=endpoints.filter(id__in=ids), user=request.user) else: endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) if vulnerable: view_name = "Vulnerable" else: view_name = "All" if host_view: view_name += " Hosts" else: view_name += " Endpoints" add_breadcrumb(title=view_name, top_level=not len(request.GET), request=request) product_tab = None if 'product' in request.GET: p = request.GET.getlist('product', []) if len(p) == 1: product = get_object_or_404(Product, id=p[0]) user_has_permission_or_403(request.user, product, Permissions.Product_View) product_tab = Product_Tab(product.id, view_name, tab="endpoints") return render( request, 'dojo/endpoints.html', { 'product_tab': product_tab, "endpoints": paged_endpoints, "filtered": endpoints, "name": view_name, "host_view": host_view, "product_tab": product_tab })
def report_widget_factory(json_data=None, request=None, user=None, finding_notes=False, finding_images=False, host=None): selected_widgets = OrderedDict() widgets = json.loads(json_data) for idx, widget in enumerate(widgets): if list(widget.keys())[0] == 'page-break': selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = PageBreak() if list(widget.keys())[0] == 'endpoint-list': endpoints = Endpoint.objects.filter( finding__active=True, finding__verified=True, finding__false_p=False, finding__duplicate=False, finding__out_of_scope=False, ).distinct() d = QueryDict(mutable=True) for item in widget.get(list(widget.keys())[0]): if item['name'] in d: d.getlist(item['name']).append(item['value']) else: d[item['name']] = item['value'] from dojo.endpoint.views import get_endpoint_ids ids = get_endpoint_ids(endpoints) endpoints = Endpoint.objects.filter(id__in=endpoints) endpoints = EndpointFilter(d, queryset=endpoints, user=request.user) user_id = user.id if user is not None else None endpoints = EndpointList(request=request, endpoints=endpoints, finding_notes=finding_notes, finding_images=finding_images, host=host, user_id=user_id) selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = endpoints if list(widget.keys())[0] == 'finding-list': findings = Finding.objects.all() d = QueryDict(mutable=True) for item in widget.get(list(widget.keys())[0]): if item['name'] in d: d.getlist(item['name']).append(item['value']) else: d[item['name']] = item['value'] findings = ReportFindingFilter(d, queryset=findings) user_id = user.id if user is not None else None selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = FindingList( request=request, findings=findings, finding_notes=finding_notes, finding_images=finding_images, host=host, user_id=user_id) if list(widget.keys())[0] == 'wysiwyg-content': wysiwyg_content = WYSIWYGContent(request=request) wysiwyg_content.title = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'heading'), None)['value'] wysiwyg_content.content = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'hidden_content'), None)['value'] selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = wysiwyg_content if list(widget.keys())[0] == 'report-options': options = ReportOptions(request=request) options.include_finding_notes = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'include_finding_notes'), None)[ 'value'] options.include_finding_images = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'include_finding_images'), None)[ 'value'] options.report_type = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'report_type'), None)['value'] options.report_name = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'report_name'), None)['value'] selected_widgets[list(widget.keys())[0]] = options if list(widget.keys())[0] == 'table-of-contents': toc = TableOfContents(request=request) toc.title = next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'heading'), None)['value'] toc.depth = next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'depth'), None)['value'] toc.depth = int(toc.depth) + 1 selected_widgets[list(widget.keys())[0]] = toc if list(widget.keys())[0] == 'cover-page': cover_page = CoverPage(request=request) cover_page.title = next( (item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'heading'), None)['value'] cover_page.sub_heading = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'sub_heading'), None)['value'] cover_page.meta_info = \ next((item for item in widget.get(list(widget.keys())[0]) if item["name"] == 'meta_info'), None)['value'] selected_widgets[list(widget.keys())[0]] = cover_page return selected_widgets