aboutsummaryrefslogtreecommitdiffstats
path: root/lib/srtgui/reports.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/srtgui/reports.py')
-rw-r--r--lib/srtgui/reports.py119
1 files changed, 115 insertions, 4 deletions
diff --git a/lib/srtgui/reports.py b/lib/srtgui/reports.py
index a7de4ca4..297b885a 100644
--- a/lib/srtgui/reports.py
+++ b/lib/srtgui/reports.py
@@ -659,6 +659,7 @@ class CvesReport(Report):
context['report_type_list'] = '\
<option value="summary">CVEs Table</option> \
+ <option value="cve_defects">CVE to Defects Table</option> \
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
@@ -678,7 +679,7 @@ class CvesReport(Report):
'
return context
- def print_row(self,writer,is_header,is_full,cve):
+ def print_row_summary(self,writer,is_header,is_full,cve):
if is_header:
if not is_full:
writer.writerow([
@@ -762,6 +763,99 @@ class CvesReport(Report):
cve.description,
])
+ def print_row_cve_defects(self,writer,mode,is_full,cve,vulnerability,investigation,defect):
+ if 'header' == mode:
+ if not is_full:
+ writer.writerow([
+ 'Name',
+ 'Status',
+ 'Severity (V3)',
+ 'Published',
+ 'Vulnerability',
+ 'Investigation',
+ 'Investigation Product',
+ 'Investigation Priority',
+ 'Investigation Status',
+ 'Investigation Outcome',
+ 'Defect',
+ 'Defect Priority',
+ 'Defect Status',
+ 'Defect resolution',
+ ])
+ else:
+ writer.writerow([
+ 'Name',
+ 'Status',
+ 'Severity (V3)',
+ 'Published',
+ 'Vulnerability',
+ 'Investigation',
+ 'Investigation Product',
+ 'Investigation Priority',
+ 'Investigation Status',
+ 'Investigation Outcome',
+ 'Defect',
+ 'Defect Priority',
+ 'Defect Status',
+ 'Defect resolution',
+ ])
+ elif 'cve' == mode:
+ c2v_list = cve.cve_to_vulnerability.all()
+ if c2v_list:
+ for cv in c2v_list:
+ v2i_list = cv.vulnerability.vulnerability_investigation.all()
+ if v2i_list:
+ for investigation in v2i_list:
+ i2d_list = investigation.investigation_to_defect.all()
+ if i2d_list:
+ for i2d in investigation.investigation_to_defect.all():
+ self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,investigation,i2d.defect)
+ else:
+ self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,investigation,None)
+ else:
+ self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,None,None)
+ else:
+ self.print_row_cve_defects(writer,'line',is_full,cve,None,None,None)
+ else:
+ if not is_full:
+ writer.writerow([
+ cve.name,
+ cve.get_status_text,
+ '%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
+ cve.get_publish_text,
+ vulnerability.name if vulnerability else '<no_vulnerability>',
+ investigation.name if investigation else '',
+ investigation.product.long_name if investigation and investigation.product else '<no_product>',
+ investigation.get_priority_text if investigation else '',
+ investigation.get_status_text if investigation else '',
+ investigation.get_outcome_text if investigation else '',
+ defect.name if defect else '<no_defect>',
+ defect.get_priority_text if defect else '',
+ defect.get_status_text if defect else '',
+ defect.get_resolution_text if defect else '',
+ ])
+ else:
+ writer.writerow([
+ cve.name,
+ cve.get_status_text,
+ '%s %s' % (cve.recommend,cve.recommend_list),
+ cve.cve_data_type,
+ cve.cve_data_format,
+ cve.cve_data_version,
+ '%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
+ '%s %s' % (cve.cvssV2_baseScore,cve.cvssV2_severity),
+ cve.get_publish_text,
+ vulnerability.name if vulnerability else '',
+ investigation.name if investigation else '',
+ investigation.get_priority_text if investigation else '',
+ investigation.get_status_text if investigation else '',
+ investigation.get_outcome_text if investigation else '',
+ defect.name if defect else '',
+ defect.get_priority_text if defect else '',
+ defect.get_status_text if defect else '',
+ defect.get_outcome_text if defect else '',
+ ])
+
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CVES_EXEC", *args, **kwargs)
super(CvesReport, self).exec_report(*args, **kwargs)
@@ -786,21 +880,38 @@ class CvesReport(Report):
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
- self.print_row(writer,True,"all" == columns,None)
+ self.print_row_summary(writer,True,"all" == columns,None)
+ if 'displayed' == range:
+ for id in record_list.split(','):
+ if not id:
+ continue
+ cve = Cve.objects.get(id=id)
+ if not name_filter or (name_filter in cve.name):
+ self.print_row_summary(writer,False,"all" == columns,cve)
+ elif 'all' == range:
+ if name_filter:
+ query = Cve.objects.filter(name__contains=name_filter).order_by('name')
+ else:
+ query = Cve.objects.all().order_by('name')
+ for cve in query:
+ self.print_row_summary(writer,False,"all" == columns,cve)
+
+ if ('cve_defects' == report_type):
+ self.print_row_cve_defects(writer,'header',"all" == columns,None,None,None,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
cve = Cve.objects.get(id=id)
if not name_filter or (name_filter in cve.name):
- self.print_row(writer,False,"all" == columns,cve)
+ self.print_row_cve_defects(writer,'cve',"all" == columns,cve,None,None,None)
elif 'all' == range:
if name_filter:
query = Cve.objects.filter(name__contains=name_filter).order_by('name')
else:
query = Cve.objects.all().order_by('name')
for cve in query:
- self.print_row(writer,False,"all" == columns,cve)
+ self.print_row_cve_defects(writer,'line',"all" == columns,cve,None,None,None)
return report_name,os.path.basename(report_name)