def add_vulnerability():
report_id = request.form['report_id']
name = request.form['name']
status = request.form['status']
severity = request.form['severity']
exploitability = request.form['exploitability']
poc = request.form['poc']
description = request.form['description']
comments = request.form['comments']
references = request.form['references']
owaspTop10 = request.form['owaspTop10']
risk = request.form['risk']
date = request.form['date']
remediation = request.form['remediation']
if 'pocImageIDText' in request.form:
pocImage = request.form['pocImageIDText']
print(pocImage)
else:
pocImage = None
if 'pocImage' in request.files:
image = request.files['pocImage']
if image.filename != '':
# add picture to DB and get ID
image_id = Project.addImage(image, image.filename)
pocImage = image.filename
vuln_id = request.args.get('vuln')
if vuln_id !=None: #if vuln already exist, dont add it, just edit it
if Vulnerability.getVulnerability(vuln_id) != False:
vulnerability = Vulnerability(_id=vuln_id, report_id=report_id, name=name, status=status, severity=severity,
exploitability=exploitability, poc=poc, description=description,
comments=comments,
references=references, owaspTop10=owaspTop10,
risk=risk, remediation=remediation, pocImage=pocImage, date=date)
Vulnerability.editVulnerability(vuln_id, vulnerability)
else: #if vuln does not exist, add it
vulnerability = Vulnerability(report_id=report_id, name=name, status=status, severity=severity,
exploitability=exploitability, poc=poc, description=description,
comments=comments,
references=references, owaspTop10=owaspTop10,
risk=risk, remediation=remediation, pocImage=pocImage, date=date)
Vulnerability.addVulnerability(vulnerability)
return project_template(projectID=report_id)
def add_project():
projectName = request.form['projectName']
client = request.form['client']
contact = request.form['contact']
description = request.form['description']
target = request.form['target']
scope = request.form['scope']
startDate = request.form['startDate']
endDate = request.form['endDate']
author = request.form['author']
testers = request.form['testers']
reviewers = request.form['reviewers']
executiveSummary = request.form['executiveSummary']
conclusion = request.form['conclusion']
clientLogoID = request.form['clientLogoIDtext']
if 'clientLogoID' in request.files:
image = request.files['clientLogoID']
if image.filename!='':
#add picture to DB and get ID
image_id = Project.addImage(image, image.filename)
clientLogoID = image.filename
if request.form['projectID'] !=None: #if project already exist, dont add it, just edit it
projectID = request.form['projectID']
if Project.getProject(projectID) != False:
project = Project(_id=projectID,projectName=projectName, client=client, contact=contact, author=author, description=description, target=target,
scope=scope, startDate=startDate, endDate=endDate, testers=testers, reviewers=reviewers,
executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID)
Project.editProject(projectID, project)
else: #if project does not exist, add it
project = Project(projectName=projectName, client=client, contact=contact, description=description,
target=target,
scope=scope, startDate=startDate, endDate=endDate, author=author, testers=testers,
reviewers=reviewers,
executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID)
Project.addProject(project)
return projects_template()