diff options
Diffstat (limited to 'lib/srtgui')
-rw-r--r-- | lib/srtgui/api.py | 17 | ||||
-rw-r--r-- | lib/srtgui/reports.py | 13 | ||||
-rw-r--r-- | lib/srtgui/tables.py | 37 | ||||
-rw-r--r-- | lib/srtgui/templatetags/objects_to_dictionaries_filter.py | 1 | ||||
-rw-r--r-- | lib/srtgui/templatetags/projecttags.py | 32 | ||||
-rw-r--r-- | lib/srtgui/typeaheads.py | 3 | ||||
-rw-r--r-- | lib/srtgui/urls.py | 8 | ||||
-rw-r--r-- | lib/srtgui/views.py | 47 | ||||
-rw-r--r-- | lib/srtgui/widgets.py | 156 |
9 files changed, 110 insertions, 204 deletions
diff --git a/lib/srtgui/api.py b/lib/srtgui/api.py index d9e49ef0..7fbfc1e3 100644 --- a/lib/srtgui/api.py +++ b/lib/srtgui/api.py @@ -20,19 +20,10 @@ import os import sys -import re import logging -import json -from collections import Counter import subprocess -from django.http import HttpResponse, JsonResponse -from django.views.generic import View -from django.urls import reverse -from django.db.models import Q, F -from django.db import Error - -from srtgui.templatetags.projecttags import filtered_filesizeformat +from django.http import JsonResponse logger = logging.getLogger("srt") @@ -82,8 +73,8 @@ def execute_process(*args): # Extract Upstream CVE record details # -def readCveDetails_Upstream(cve,cve_datasource): - from orm.models import CveDetail, DataSource +def readCveDetails_Upstream(cve, cve_datasource): + from orm.models import CveDetail # Initialize and populate CveDetail object to return v = CveDetail() @@ -211,8 +202,6 @@ def readCveDetails_None(cve): def readCveDetails(cve,cve_datasource): - from orm.models import CveDetail - if None == cve_datasource: return readCveDetails_None(cve) elif "Local" == cve_datasource.name: diff --git a/lib/srtgui/reports.py b/lib/srtgui/reports.py index 21fca2dc..a7de4ca4 100644 --- a/lib/srtgui/reports.py +++ b/lib/srtgui/reports.py @@ -19,20 +19,15 @@ # Please run flake8 on this file before sending patches import os -import re import logging -import json -from collections import Counter -from datetime import datetime, date +from datetime import datetime import csv from orm.models import Cve, CveSource, Vulnerability, Investigation, Defect, Product -from orm.models import SrtSetting, Package -from srtgui.api import readCveDetails, writeCveDetails, summaryCveDetails +from orm.models import Package +from srtgui.api import readCveDetails, summaryCveDetails -from django.db.models import Q, F -from django.db import Error -from srtgui.templatetags.projecttags import filtered_filesizeformat +from django.db.models import Q logger = logging.getLogger("srt") diff --git a/lib/srtgui/tables.py b/lib/srtgui/tables.py index 115f49b4..0535a7a1 100644 --- a/lib/srtgui/tables.py +++ b/lib/srtgui/tables.py @@ -20,26 +20,18 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from srtgui.widgets import ToasterTable -from orm.models import SrtSetting from orm.models import Cve, Vulnerability, Investigation, CweTable, Product -from orm.models import Package, PackageToCve +from orm.models import Package from orm.models import CpeTable, CpeFilter, Defect, DataSource from orm.models import PublishPending -from orm.models import Notify, NotifyAccess, NotifyCategories -from users.models import SrtUser, UserSafe +from orm.models import Notify, NotifyCategories +from users.models import UserSafe -from django.db.models import Q, Max, Sum, Count, When, Case, Value, IntegerField -from django.conf.urls import url -from django.urls import reverse, resolve -from django.http import HttpResponse -from django.views.generic import TemplateView +from django.db.models import Q from srtgui.tablefilter import TableFilter from srtgui.tablefilter import TableFilterActionToggle -from srtgui.tablefilter import TableFilterActionDateRange -from srtgui.tablefilter import TableFilterActionDay -import os import re # quick development/debugging support @@ -66,27 +58,6 @@ class CvesTable(ToasterTable): Cve.STATUS[status][1], Q(status=Cve.STATUS[status][0])) ) - if False: - is_status.add_action(TableFilterActionToggle( - "new", - "New", - Q(status=Cve.NEW)) - ) - is_status.add_action(TableFilterActionToggle( - "investigate", - "Investigate", - Q(status=Cve.INVESTIGATE)) - ) - is_status.add_action(TableFilterActionToggle( - "vulnerable", - "Is Vulnerable", - Q(status=Cve.VULNERABLE)) - ) - is_status.add_action(TableFilterActionToggle( - "not_vulnerable", - "Not Vulnerable", - Q(status=Cve.NOT_VULNERABLE)) - ) self.add_filter(is_status) # Recommends filter diff --git a/lib/srtgui/templatetags/objects_to_dictionaries_filter.py b/lib/srtgui/templatetags/objects_to_dictionaries_filter.py index 0dcc7d27..b6c18a86 100644 --- a/lib/srtgui/templatetags/objects_to_dictionaries_filter.py +++ b/lib/srtgui/templatetags/objects_to_dictionaries_filter.py @@ -1,5 +1,4 @@ from django import template -import json register = template.Library() diff --git a/lib/srtgui/templatetags/projecttags.py b/lib/srtgui/templatetags/projecttags.py index 6b3132ed..d7bc5319 100644 --- a/lib/srtgui/templatetags/projecttags.py +++ b/lib/srtgui/templatetags/projecttags.py @@ -20,13 +20,11 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import os -from datetime import datetime, timedelta from os.path import relpath import re import json as JsonLib from django import template -from django.utils import timezone from django.template.defaultfilters import filesizeformat from django.utils.safestring import mark_safe from django.contrib.auth.models import Group @@ -84,21 +82,18 @@ def json(value, default = None): @register.filter("whitespace_slice") def whitespace_space_filter(value, arg): - try: - bits = [] - for x in arg.split(":"): - if len(x) == 0: - bits.append(None) + bits = [] + for x in arg.split(":"): + if len(x) == 0: + bits.append(None) + else: + # convert numeric value to the first whitespace after + first_whitespace = value.find(" ", int(x)) + if first_whitespace == -1: + bits.append(int(x)) else: - # convert numeric value to the first whitespace after - first_whitespace = value.find(" ", int(x)) - if first_whitespace == -1: - bits.append(int(x)) - else: - bits.append(first_whitespace) - return value[slice(*bits)] - except (ValueError, TypeError): - raise + bits.append(first_whitespace) + return value[slice(*bits)] @register.filter def divide(value, arg): @@ -190,8 +185,8 @@ def check_filter_status(options, filter): def variable_parent_name(value): """ filter extended variable names to the parent name """ - value=re.sub('_\$.*', '', value) - return re.sub('_[a-z].*', '', value) + value=re.sub(r'_\$.*', '', value) + return re.sub(r'_[a-z].*', '', value) @register.filter def filter_setin_files(file_list, matchstr): @@ -256,7 +251,6 @@ def filter_sizeovertotal(package_object, total_size): return '{:.1%}'.format(float(size)/float(total_size)) -from django.utils.safestring import mark_safe @register.filter def format_vpackage_rowclass(size): if size == -1: diff --git a/lib/srtgui/typeaheads.py b/lib/srtgui/typeaheads.py index fb26cf0b..e32c16ad 100644 --- a/lib/srtgui/typeaheads.py +++ b/lib/srtgui/typeaheads.py @@ -105,9 +105,6 @@ class MachinesTypeAhead(ToasterTypeAhead): class DistrosTypeAhead(ToasterTypeAhead): """ Typeahead for all the distros available in the current project's configuration """ - def __init__(self): - super(DistrosTypeAhead, self).__init__() - def apply_search(self, search_term, prj, request): distros = prj.get_available_distros() distros = distros.order_by("name") diff --git a/lib/srtgui/urls.py b/lib/srtgui/urls.py index 7d34e0fb..26c484d8 100644 --- a/lib/srtgui/urls.py +++ b/lib/srtgui/urls.py @@ -16,14 +16,10 @@ # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -from django.conf.urls import include, url -from django.views.generic import RedirectView, TemplateView +from django.conf.urls import url +from django.views.generic import RedirectView -from django.http import HttpResponseBadRequest from srtgui import tables -#from srtgui import typeaheads -from srtgui import api -from srtgui import widgets from srtgui import views urlpatterns = [ diff --git a/lib/srtgui/views.py b/lib/srtgui/views.py index 072d81af..122d9133 100644 --- a/lib/srtgui/views.py +++ b/lib/srtgui/views.py @@ -20,28 +20,23 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import os -import sys import traceback import subprocess from datetime import timedelta, datetime from decimal import Decimal -from os.path import dirname import mimetypes import json import re -from srtgui.templatetags.projecttags import json as jsonfilter - -from django.db.models import F, Q, Sum -from django.db import IntegrityError -from django.shortcuts import render, redirect, get_object_or_404 +from django.db.models import Q +from django.shortcuts import render, redirect from django.db.models.functions import Lower -from orm.models import Cve, CveLocal, CveSource, CveDetail, CveHistory +from orm.models import Cve, CveLocal, CveSource, CveHistory from orm.models import Vulnerability, VulnerabilityHistory, CveToVulnerablility, VulnerabilityToInvestigation, VulnerabilityNotification, VulnerabilityAccess, VulnerabilityComments, VulnerabilityUploads from orm.models import Investigation, InvestigationHistory, InvestigationToDefect, InvestigationComments, InvestigationNotification, InvestigationAccess, InvestigationUploads -from orm.models import SrtSetting, CweTable, Product -from orm.models import Package, PackageToCve -from orm.models import Investigation, DataSource +from orm.models import SrtSetting, Product +from orm.models import Package +from orm.models import DataSource from orm.models import Defect, PublishPending from orm.models import Notify, NotifyAccess, NotifyCategories @@ -51,12 +46,9 @@ from srtgui.reports import ReportManager from srtgui.api import readCveDetails, writeCveDetails, summaryCveDetails, execute_process from django.urls import reverse, resolve -from django.core.exceptions import MultipleObjectsReturned, ObjectDoesNotExist -from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger -from django.core.files.uploadedfile import UploadedFile -from django.http import HttpResponse, HttpResponseNotFound, JsonResponse, HttpResponseRedirect +from django.core.paginator import EmptyPage, PageNotAnInteger +from django.http import HttpResponse from django.utils import timezone -from django import forms import logging @@ -197,10 +189,7 @@ def _verify_parameters(g, mandatory_parameters): return None def _redirect_parameters(view, g, mandatory_parameters, *args, **kwargs): - try: - from urllib import unquote, urlencode - except ImportError: - from urllib.parse import unquote, urlencode + from urllib.parse import unquote, urlencode url = reverse(view, kwargs=kwargs) params = {} for i in g: @@ -232,8 +221,8 @@ def __get_q_for_val(name, value): if "OR" in value or "AND" in value: result = None for x in value.split("OR"): - x = __get_q_for_val(name, x) - result = result | x if result else x + x = __get_q_for_val(name, x) + result = result | x if result else x return result if "AND" in value: result = None @@ -310,7 +299,7 @@ def _validate_input(field_input, model): if True in [field.startswith(x) for x in valid_fields]: break else: - return None, (field, valid_fields) + return None, (field, valid_fields) return field_input, invalid @@ -383,7 +372,6 @@ def _get_parameters_values(request, default_count, default_order): # set cookies for parameters. this is usefull in case parameters are set # manually from the GET values of the link def _set_parameters_values(pagesize, orderby, request): - from django.urls import resolve current_url = resolve(request.path_info).url_name request.session['%s_count' % current_url] = pagesize request.session['%s_orderby' % current_url] =orderby @@ -411,8 +399,8 @@ def _modify_date_range_filter(filter_string): if 0 > filter_string.find('_daterange'): return filter_string,'' # normalize GUI dates to database format - filter_string = filter_string.replace('_daterange','').replace(':','!'); - filter_list = filter_string.split('!'); + filter_string = filter_string.replace('_daterange','').replace(':','!') + filter_list = filter_string.split('!') if 4 != len(filter_list): return filter_string today = timezone.localtime(timezone.now()) @@ -499,8 +487,6 @@ def management(request): } return render(request, 'management.html', context) - -import copy def cve(request, cve_pk, active_tab="1"): if request.method == "GET": template = "cve.html" @@ -619,7 +605,7 @@ def cve_edit(request, cve_pk): else: cve_object = Cve.objects.get(name=cve_pk) cve_pk = cve_object.pk - except Exception as e: + except Exception: return redirect(landing) # Create the local CVE edit record if not already present cve_local_object,created = CveLocal.objects.get_or_create(name=cve_object.name) @@ -1040,7 +1026,6 @@ def _create_defect(investigation,defect_reason,components): return d.name def xhr_triage_commit(request): - global defect_count _log("xhr_triage_commit(%s)" % request.POST) if not 'action' in request.POST: return HttpResponse(json.dumps({"error":"missing action\n"}), content_type = "application/json") @@ -1156,7 +1141,7 @@ def xhr_triage_commit(request): # map vulnerability to CVE cv = CveToVulnerablility.objects.create(vulnerability=v,cve=cve) - cv.save(); + cv.save() # add audit comment vc = VulnerabilityHistory.objects.create(vulnerability=v) vc.date = today diff --git a/lib/srtgui/widgets.py b/lib/srtgui/widgets.py index e0033e16..b491a1c4 100644 --- a/lib/srtgui/widgets.py +++ b/lib/srtgui/widgets.py @@ -29,27 +29,16 @@ from django.template import Context, Template from django.template import VariableDoesNotExist from django.template import TemplateSyntaxError from django.core.serializers.json import DjangoJSONEncoder -from django.core.exceptions import FieldError -from django.utils import timezone -from django.http import JsonResponse -from django.urls import reverse from orm.models import SrtSetting, Cve -from srtgui.templatetags.projecttags import sectohms, get_tasks -from srtgui.templatetags.projecttags import json as template_json import types import json import collections import re -import os from srtgui.tablefilter import TableFilterMap - -try: - from urllib import unquote_plus -except ImportError: - from urllib.parse import unquote_plus +from urllib.parse import unquote_plus import logging logger = logging.getLogger("srt") @@ -249,14 +238,10 @@ class ToasterTable(TemplateView): if "all" in action_name: return - try: - table_filter = self.filter_map.get_filter(filter_name) - action = table_filter.get_action(action_name) - action.set_filter_params(action_params) - self.queryset = action.filter(self.queryset) - except KeyError: - # pass it to the user - programming error here - raise + table_filter = self.filter_map.get_filter(filter_name) + action = table_filter.get_action(action_name) + action.set_filter_params(action_params) + self.queryset = action.filter(self.queryset) def apply_orderby(self, orderby): # Note that django will execute this when we try to retrieve the data @@ -357,76 +342,71 @@ class ToasterTable(TemplateView): 'error': "ok", } - try: - for model_obj in page.object_list: - # Use collection to maintain the order - required_data = collections.OrderedDict() - - for col in self.columns: - field = col['field_name'] - if not field: - field = col['static_data_name'] - if not field: - raise NoFieldOrDataName("Must supply a field_name or" - "static_data_name for column" - "%s.%s" % - (self.__class__.__name__, col) - ) - - # Check if we need to process some static data - if "static_data_name" in col and col['static_data_name']: - # Overwrite the field_name with static_data_name - # so that this can be used as the html class name - col['field_name'] = col['static_data_name'] - - try: - # Render the template given - required_data[col['static_data_name']] = \ - self.render_static_data( - col['static_data_template'], model_obj) - except (TemplateSyntaxError, - VariableDoesNotExist) as e: - logger.error("could not render template code" - "%s %s %s", - col['static_data_template'], - e, self.__class__.__name__) - required_data[col['static_data_name']] =\ - '<!--error-->' + for model_obj in page.object_list: + # Use collection to maintain the order + required_data = collections.OrderedDict() + + for col in self.columns: + field = col['field_name'] + if not field: + field = col['static_data_name'] + if not field: + raise NoFieldOrDataName("Must supply a field_name or" + "static_data_name for column" + "%s.%s" % + (self.__class__.__name__, col) + ) + + # Check if we need to process some static data + if "static_data_name" in col and col['static_data_name']: + # Overwrite the field_name with static_data_name + # so that this can be used as the html class name + col['field_name'] = col['static_data_name'] + + try: + # Render the template given + required_data[col['static_data_name']] = \ + self.render_static_data( + col['static_data_template'], model_obj) + except (TemplateSyntaxError, + VariableDoesNotExist) as e: + logger.error("could not render template code" + "%s %s %s", + col['static_data_template'], + e, self.__class__.__name__) + required_data[col['static_data_name']] =\ + '<!--error-->' + + else: + # Traverse to any foriegn key in the field + # e.g. recipe__layer_version__name + model_data = None + + if "__" in field: + for subfield in field.split("__"): + if not model_data: + # The first iteration is always going to + # be on the actual model object instance. + # Subsequent ones are on the result of + # that. e.g. forieng key objects + model_data = getattr(model_obj, + subfield) + else: + model_data = getattr(model_data, + subfield) else: - # Traverse to any foriegn key in the field - # e.g. recipe__layer_version__name - model_data = None - - if "__" in field: - for subfield in field.split("__"): - if not model_data: - # The first iteration is always going to - # be on the actual model object instance. - # Subsequent ones are on the result of - # that. e.g. forieng key objects - model_data = getattr(model_obj, - subfield) - else: - model_data = getattr(model_data, - subfield) - - else: - model_data = getattr(model_obj, - col['field_name']) - - # We might have a model function as the field so - # call it to return the data needed - if isinstance(model_data, types.MethodType): - model_data = model_data() - - required_data[col['field_name']] = model_data - - data['rows'].append(required_data) - - except FieldError: - # pass it to the user - programming-error here - raise + model_data = getattr(model_obj, + col['field_name']) + + # We might have a model function as the field so + # call it to return the data needed + if isinstance(model_data, types.MethodType): + model_data = model_data() + + required_data[col['field_name']] = model_data + + data['rows'].append(required_data) # apply any row data customization override before converted to JSON data = self.apply_row_customization(data) |