def add_vulnerability(): report_id = request.form['report_id'] name = request.form['name'] status = request.form['status'] severity = request.form['severity'] exploitability = request.form['exploitability'] poc = request.form['poc'] description = request.form['description'] comments = request.form['comments'] references = request.form['references'] owaspTop10 = request.form['owaspTop10'] risk = request.form['risk'] date = request.form['date'] remediation = request.form['remediation'] if 'pocImageIDText' in request.form: pocImage = request.form['pocImageIDText'] print(pocImage) else: pocImage = None if 'pocImage' in request.files: image = request.files['pocImage'] if image.filename != '': # add picture to DB and get ID image_id = Project.addImage(image, image.filename) pocImage = image.filename vuln_id = request.args.get('vuln') if vuln_id !=None: #if vuln already exist, dont add it, just edit it if Vulnerability.getVulnerability(vuln_id) != False: vulnerability = Vulnerability(_id=vuln_id, report_id=report_id, name=name, status=status, severity=severity, exploitability=exploitability, poc=poc, description=description, comments=comments, references=references, owaspTop10=owaspTop10, risk=risk, remediation=remediation, pocImage=pocImage, date=date) Vulnerability.editVulnerability(vuln_id, vulnerability) else: #if vuln does not exist, add it vulnerability = Vulnerability(report_id=report_id, name=name, status=status, severity=severity, exploitability=exploitability, poc=poc, description=description, comments=comments, references=references, owaspTop10=owaspTop10, risk=risk, remediation=remediation, pocImage=pocImage, date=date) Vulnerability.addVulnerability(vulnerability) return project_template(projectID=report_id)
def add_project(): projectName = request.form['projectName'] client = request.form['client'] contact = request.form['contact'] description = request.form['description'] target = request.form['target'] scope = request.form['scope'] startDate = request.form['startDate'] endDate = request.form['endDate'] author = request.form['author'] testers = request.form['testers'] reviewers = request.form['reviewers'] executiveSummary = request.form['executiveSummary'] conclusion = request.form['conclusion'] clientLogoID = request.form['clientLogoIDtext'] if 'clientLogoID' in request.files: image = request.files['clientLogoID'] if image.filename!='': #add picture to DB and get ID image_id = Project.addImage(image, image.filename) clientLogoID = image.filename if request.form['projectID'] !=None: #if project already exist, dont add it, just edit it projectID = request.form['projectID'] if Project.getProject(projectID) != False: project = Project(_id=projectID,projectName=projectName, client=client, contact=contact, author=author, description=description, target=target, scope=scope, startDate=startDate, endDate=endDate, testers=testers, reviewers=reviewers, executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID) Project.editProject(projectID, project) else: #if project does not exist, add it project = Project(projectName=projectName, client=client, contact=contact, description=description, target=target, scope=scope, startDate=startDate, endDate=endDate, author=author, testers=testers, reviewers=reviewers, executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID) Project.addProject(project) return projects_template()