Пример #1
0
def product_endpoint_report(request, pid):
    user = Dojo_User.objects.get(id=request.user.id)
    product = get_object_or_404(Product.objects.all().prefetch_related(
        'engagement_set__test_set__test_type',
        'engagement_set__test_set__environment'),
                                id=pid)
    endpoint_ids = Endpoint.objects.filter(
        product=product,
        finding__active=True,
        finding__verified=True,
        finding__false_p=False,
        finding__duplicate=False,
        finding__out_of_scope=False,
    ).values_list('id', flat=True)

    # ids = get_endpoint_ids(endpoints)

    endpoints = prefetch_related_endpoints_for_report(
        Endpoint.objects.filter(id__in=endpoint_ids))
    endpoints = EndpointReportFilter(request.GET, queryset=endpoints)

    paged_endpoints = get_page_items(request, endpoints.qs, 25)
    report_format = request.GET.get('report_type', 'AsciiDoc')
    include_finding_notes = int(request.GET.get('include_finding_notes', 0))
    include_finding_images = int(request.GET.get('include_finding_images', 0))
    include_executive_summary = int(
        request.GET.get('include_executive_summary', 0))
    include_table_of_contents = int(
        request.GET.get('include_table_of_contents', 0))
    generate = "_generate" in request.GET
    add_breadcrumb(parent=product,
                   title="Vulnerable Product Endpoints Report",
                   top_level=False,
                   request=request)
    report_form = ReportOptionsForm()

    filename = "product_endpoint_report.pdf"
    template = "dojo/product_endpoint_pdf_report.html"
    report_name = "Product Endpoint Report: " + str(product)
    report_title = "Product Endpoint Report"
    report_subtitle = str(product)
    report_info = "Generated By %s on %s" % (user.get_full_name(), (
        timezone.now().strftime("%m/%d/%Y %I:%M%p %Z")))

    try:
        start_date = Finding.objects.filter(
            endpoints__in=endpoints.qs).order_by('date')[:1][0].date
    except:
        start_date = timezone.now()

    end_date = timezone.now()

    risk_acceptances = Risk_Acceptance.objects.filter(
        engagement__test__finding__endpoints__in=endpoints.qs)

    accepted_findings = [
        finding for ra in risk_acceptances
        for finding in ra.accepted_findings.filter(endpoints__in=endpoints.qs)
    ]

    verified_findings = Finding.objects.filter(
        endpoints__in=endpoints.qs,
        date__range=[start_date, end_date],
        false_p=False,
        verified=True,
        duplicate=False,
        out_of_scope=False)

    open_findings = Finding.objects.filter(endpoints__in=endpoints.qs,
                                           false_p=False,
                                           verified=True,
                                           duplicate=False,
                                           out_of_scope=False,
                                           active=True,
                                           mitigated__isnull=True)

    closed_findings = Finding.objects.filter(endpoints__in=endpoints.qs,
                                             false_p=False,
                                             verified=True,
                                             duplicate=False,
                                             out_of_scope=False,
                                             mitigated__isnull=False)
    if generate:
        report_form = ReportOptionsForm(request.GET)
        if report_format == 'AsciiDoc':
            return render(
                request, 'dojo/asciidoc_report.html', {
                    'product_type': None,
                    'product': product,
                    'accepted_findings': accepted_findings,
                    'open_findings': open_findings,
                    'closed_findings': closed_findings,
                    'verified_findings': verified_findings,
                    'engagement': None,
                    'test': None,
                    'endpoints': endpoints,
                    'endpoint': None,
                    'findings': None,
                    'include_finding_notes': include_finding_notes,
                    'include_finding_images': include_finding_images,
                    'include_executive_summary': include_executive_summary,
                    'include_table_of_contents': include_table_of_contents,
                    'user': request.user,
                    'title': 'Generate Report',
                })
        elif report_format == 'PDF':
            endpoints = endpoints.qs.order_by('finding__numerical_severity')
            # lets create the report object and send it in to celery task
            if 'regen' in request.GET:
                # we should already have a report object, lets get and use it
                report = get_object_or_404(Report, id=request.GET['regen'])
                report.datetime = timezone.now()
                report.status = 'requested'
                if report.requester.username != request.user.username:
                    report.requester = request.user
            else:
                report = Report(name="Product Endpoints " + str(product),
                                type="Product Endpoint",
                                format='PDF',
                                requester=request.user,
                                task_id='tbd',
                                options=request.path + "?" +
                                request.GET.urlencode())
            report.save()
            async_pdf_report.delay(
                report=report,
                template=template,
                filename=filename,
                report_title=report_title,
                report_subtitle=report_subtitle,
                report_info=report_info,
                context={
                    'product': product,
                    'endpoints': endpoints,
                    'accepted_findings': accepted_findings,
                    'open_findings': open_findings,
                    'closed_findings': closed_findings,
                    'verified_findings': verified_findings,
                    'report_name': report_name,
                    'include_finding_notes': include_finding_notes,
                    'include_finding_images': include_finding_images,
                    'include_executive_summary': include_executive_summary,
                    'include_table_of_contents': include_table_of_contents,
                    'user': user,
                    'team_name': get_system_setting('team_name'),
                    'title': 'Generate Report',
                    'host': report_url_resolver(request),
                    'user_id': request.user.id
                },
                uri=request.build_absolute_uri(report.get_url()))
            messages.add_message(request,
                                 messages.SUCCESS,
                                 'Your report is building.',
                                 extra_tags='alert-success')
            return HttpResponseRedirect(reverse('reports'))
        elif report_format == 'HTML':
            return render(
                request, template, {
                    'product_type': None,
                    'product': product,
                    'engagement': None,
                    'test': None,
                    'endpoint': None,
                    'endpoints': endpoints.qs,
                    'findings': None,
                    'include_finding_notes': include_finding_notes,
                    'include_finding_images': include_finding_images,
                    'include_executive_summary': include_executive_summary,
                    'include_table_of_contents': include_table_of_contents,
                    'user': request.user,
                    'title': 'Generate Report',
                })
        else:
            raise Http404()

    product_tab = Product_Tab(product.id,
                              "Product Endpoint Report",
                              tab="endpoints")
    return render(
        request, 'dojo/request_endpoint_report.html', {
            "endpoints": paged_endpoints,
            "filtered": endpoints,
            "product_tab": product_tab,
            'report_form': report_form,
            "name": "Vulnerable Product Endpoints",
        })
Пример #2
0
def product_endpoint_report(request, pid):
    user = Dojo_User.objects.get(id=request.user.id)
    product = get_object_or_404(Product.objects.all().prefetch_related(
        'engagement_set__test_set__test_type',
        'engagement_set__test_set__environment'),
                                id=pid)
    endpoint_ids = Endpoint.objects.filter(
        product=product,
        finding__active=True,
        finding__verified=True,
        finding__false_p=False,
        finding__duplicate=False,
        finding__out_of_scope=False,
    ).values_list('id', flat=True)

    endpoints = prefetch_related_endpoints_for_report(
        Endpoint.objects.filter(id__in=endpoint_ids))
    endpoints = EndpointReportFilter(request.GET, queryset=endpoints)

    paged_endpoints = get_page_items(request, endpoints.qs, 25)
    report_format = request.GET.get('report_type', 'AsciiDoc')
    include_finding_notes = int(request.GET.get('include_finding_notes', 0))
    include_finding_images = int(request.GET.get('include_finding_images', 0))
    include_executive_summary = int(
        request.GET.get('include_executive_summary', 0))
    include_table_of_contents = int(
        request.GET.get('include_table_of_contents', 0))
    include_disclaimer = int(request.GET.get('include_disclaimer', 0))
    disclaimer = get_system_setting('disclaimer')
    if include_disclaimer and len(disclaimer) == 0:
        disclaimer = 'Please configure in System Settings.'
    generate = "_generate" in request.GET
    add_breadcrumb(parent=product,
                   title="Vulnerable Product Endpoints Report",
                   top_level=False,
                   request=request)
    report_form = ReportOptionsForm()

    template = "dojo/product_endpoint_pdf_report.html"
    report_name = "Product Endpoint Report: " + str(product)
    report_title = "Product Endpoint Report"
    report_subtitle = str(product)
    report_info = "Generated By %s on %s" % (user.get_full_name(), (
        timezone.now().strftime("%m/%d/%Y %I:%M%p %Z")))

    try:
        start_date = Finding.objects.filter(
            endpoints__in=endpoints.qs).order_by('date')[:1][0].date
    except:
        start_date = timezone.now()

    end_date = timezone.now()

    risk_acceptances = Risk_Acceptance.objects.filter(
        engagement__test__finding__endpoints__in=endpoints.qs)

    accepted_findings = [
        finding for ra in risk_acceptances
        for finding in ra.accepted_findings.filter(endpoints__in=endpoints.qs)
    ]

    verified_findings = Finding.objects.filter(
        endpoints__in=endpoints.qs,
        date__range=[start_date, end_date],
        false_p=False,
        verified=True,
        duplicate=False,
        out_of_scope=False)

    open_findings = Finding.objects.filter(endpoints__in=endpoints.qs,
                                           false_p=False,
                                           verified=True,
                                           duplicate=False,
                                           out_of_scope=False,
                                           active=True,
                                           mitigated__isnull=True)

    closed_findings = Finding.objects.filter(endpoints__in=endpoints.qs,
                                             false_p=False,
                                             verified=True,
                                             duplicate=False,
                                             out_of_scope=False,
                                             mitigated__isnull=False)
    if generate:
        report_form = ReportOptionsForm(request.GET)
        if report_format == 'AsciiDoc':
            return render(
                request, 'dojo/asciidoc_report.html', {
                    'product_type': None,
                    'product': product,
                    'accepted_findings': accepted_findings,
                    'open_findings': open_findings,
                    'closed_findings': closed_findings,
                    'verified_findings': verified_findings,
                    'engagement': None,
                    'test': None,
                    'endpoints': endpoints,
                    'endpoint': None,
                    'findings': None,
                    'include_finding_notes': include_finding_notes,
                    'include_finding_images': include_finding_images,
                    'include_executive_summary': include_executive_summary,
                    'include_table_of_contents': include_table_of_contents,
                    'include_disclaimer': include_disclaimer,
                    'disclaimer': disclaimer,
                    'user': request.user,
                    'title': 'Generate Report',
                })
        elif report_format == 'HTML':
            return render(
                request, template, {
                    'product_type': None,
                    'product': product,
                    'engagement': None,
                    'test': None,
                    'endpoint': None,
                    'endpoints': endpoints.qs,
                    'findings': None,
                    'include_finding_notes': include_finding_notes,
                    'include_finding_images': include_finding_images,
                    'include_executive_summary': include_executive_summary,
                    'include_table_of_contents': include_table_of_contents,
                    'include_disclaimer': include_disclaimer,
                    'disclaimer': disclaimer,
                    'user': request.user,
                    'title': 'Generate Report',
                })
        else:
            raise Http404()

    product_tab = Product_Tab(product.id,
                              "Product Endpoint Report",
                              tab="endpoints")
    return render(
        request, 'dojo/request_endpoint_report.html', {
            "endpoints": paged_endpoints,
            "filtered": endpoints,
            "product_tab": product_tab,
            'report_form': report_form,
            "name": "Vulnerable Product Endpoints",
        })