diff options
Diffstat (limited to 'lib/srtgui')
| -rw-r--r-- | lib/srtgui/tables.py | 7 | ||||
| -rw-r--r-- | lib/srtgui/templates/publish.html | 361 | ||||
| -rw-r--r-- | lib/srtgui/templates/publish_diff_snapshot.html | 327 | ||||
| -rw-r--r-- | lib/srtgui/urls.py | 6 | ||||
| -rw-r--r-- | lib/srtgui/views.py | 184 |
5 files changed, 554 insertions, 331 deletions
diff --git a/lib/srtgui/tables.py b/lib/srtgui/tables.py index e80ee71e..e0a6fb42 100644 --- a/lib/srtgui/tables.py +++ b/lib/srtgui/tables.py @@ -1739,6 +1739,13 @@ class SourcesTable(ToasterTable): def setup_columns(self, *args, **kwargs): + self.add_column(title="ID", + hideable=True, + hidden=True, + orderable=True, + field_name="id", + ) + self.add_column(title="Key", hideable=False, orderable=True, diff --git a/lib/srtgui/templates/publish.html b/lib/srtgui/templates/publish.html index cf0f2294..826e1953 100644 --- a/lib/srtgui/templates/publish.html +++ b/lib/srtgui/templates/publish.html @@ -4,324 +4,49 @@ {% load projecttags %} {% load humanize %} -{% block title %} Publish Requests {% endblock %} - +{% block title %} Publish Reports {% endblock %} {% block pagecontent %} -<div class="row"> - <!-- Breadcrumbs --> - <div class="col-md-12"> - <ul class="breadcrumb" id="breadcrumb"> - <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> - <li><a href="{% url 'manage' %}">Management</a></li><span class="divider">→</span> - <li>Publish Report Management</li> - </ul> - </div> -</div> - -<h2>Publish Report Management</h2> -<ul> - <li>The SRTool supports exporting new and updated CVEs to external publishing tools</li> -</ul> - -<hr> - -<h2>Publish Via Database Snapshots</h2> -<h3> On Demand</h3> -<ul> - <li>This extracts the changes from a 'base' database backup snapshot to more recent 'top' snapshot</li> - <li>The 'start' and 'stop' dates can extract a subset of those changes. Normally they are set to the 'base' and 'top' dates</li> -</ul> - -<div style="padding-left:30px;"> - <div> - <label> Start Snapshot: </label> - <select id="snap_date_base"> - {% for snap in snapshot_list %} - <option value="{{snap.date}}" {% if snap_start_index == snap.index %}selected{% endif %}> - ({{snap.mode}}) {{snap.date}} {{snap.time}} | {{snap.day}} - </option> - {% endfor %} - </select> - </div> - <div> - <label> Stop Snapshot: </label> - <select id="snap_date_top"> - {% for snap in snapshot_list %} - <option value="{{snap.date}}" {% if snap_stop_index == snap.index %}selected{% endif %}> - ({{snap.mode}}) {{snap.date}} {{snap.time}} | {{snap.day}} - </option> - {% endfor %} - </select> - </div> - <div> - Start Date: <input type="text" id="snap_date_start" value="{{snap_date_start}}"> - Stop Date: <input type="text" id="snap_date_stop" value="{{snap_date_stop}}"> - <I>(Format: yyyy-mm-dd)</I> - </div> -<br> -</div> - -<div> - <span style="padding-left:30px;"><button id="export-snapshot" class="btn btn-default" type="button">Generate</button></span> - <!--<button type="submit" name="action" value="export-snapshot">Export</button> --> - <span id="export-snapshot-text">Generate the publish table on-demand (using snapshots)</span> - <span id="generating-report" hidden style="color:red"><I>... Generating the report - this will take a few minutes ...</I></span> -</div> -<br> - -<form method="POST"> {% csrf_token %} -<h3>Automatic (Under Development)</h3> -<div style="padding-left: 25px;"> - <label> Frequency: </label> - <select id="snap_frequency"> - {% for snap in snapshot_frequency_list %} - <option value="{{snap}}" {% if snap == snap_frequency_select %}selected{% endif %}> - {{snap}} - </option> - {% endfor %} - </select> - <span style="padding-left:30px;"><button id="export-snapshot" class="btn btn-default" type="button" disabled>Save</button></span> - <!--<button type="submit" name="action" value="export-snapshot">Export</button> --> - Save the automatic publishing frequency -</div> -</form> - -<h3>Generated Reports</h3> -<div style="padding-left: 25px;"> - <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> - <thead> - <tr> - <th>Name</th> - <th>Size</th> - <th>Date</th> - <th>Manage</th> - </tr> - </thead> - {% if generated_report_list %} - {% for report in generated_report_list %} - <tr> - <td>{{report.name}}</td> - <td>{{report.size}}</td> - <td>{{report.date}}</td> - <td> - <span id="attachment_entry_'+{{report.name}}+'" class="js-config-var-name"></span> - <form id="downloadbanner-{{forloop.counter}}" enctype="multipart/form-data" method="post" >{% csrf_token %} - <input type="hidden" id="action" name="action" value="download"> - <input type="hidden" id="report_id" name="report_name" value={{report.name}}> - <span class="glyphicon glyphicon-download-alt submit-downloadreport" id="report_download_'+{{report.name}}+'" x-data="{{forloop.counter}}"></span> - {% if request.user.is_creator %} - <span class="glyphicon glyphicon-trash trash-report" id="report_trash_'+{{report.name}}+'" x-data="{{report.name}}"></span> - {% endif %} - </form> - </td> - </tr> - {% endfor %} - {% else %} - <tr> - <td>No report files found</td> - </tr> - {% endif %} - </table> - (last report = {{snap_last_calc}}) -</div> - -<hr> - -<form method="POST"> {% csrf_token %} -<h2>Publish Via History Tables (Under development)</h2> -<ul> - <li>These tools can be used to (a) gather the candidate CVEs, (b) review and edit the list if needed, (c) generate the report when ready</li> - <li>The user can explicitly include and exclude CVEs from the "New" list and the "Updated" list, in case the automatic caltulations need adjustment</li> - <li>These mark-ups are inserted into the respective CVE's history at a mid-point date of the period, so they are both persistent and period-specific</li> - <li>The user can clear the markups from the given period and start over, but this will not affect any other period</li> -</ul> -<h3> Publish Preparation</h3> -<ul> - <div> - Start Date: <input type="text" name="date_start" value="{{date_start}}"> - Stop Date: <input type="text" name="date_stop" value="{{date_stop}}"> - </div> - <br> - <div> - Product filter: - <select name="product-filter" id="select-product-filter"> - <option value="0">WR Linux Suported Products</option> - </select> - </div> - <br> - <div> - <button type="submit" name="action" value="recalculate">Recalculate publish table</button> - Gather the items for this period to be published from SRTool, with user changes (last done {{last_calc}}) - </div> - <br> - <div> - <button type="submit" name="action" value="reset">Reset user edits, Recalculate</button> - Remove the user changes for this period, recalculate the table - </div> -</ul> -<h3> Publish Preview and Modifications</h3> -<ul> - <div> - <button type="submit" name="action" value="view">View the publish table</button> - View the publish table, prune entries - </div> - <br> - <div> - <button type="submit" name="action" value="add-cve">Add via CVEs</button> - Add recent CVEs to the table - </div> - <br> - <div> - <button type="submit" name="action" value="add-defect">Add via defects</button> - Add CVEs of recent defects to the table - </div> - <br> -</ul> -<h3> Publish the Report</h3> -<ul> - <div> - <button type="submit" name="action" value="export">Export</button> - Export the publish table (using history) - </div> - <br> -</ul> -</form> - -<script> - var selected_newcomment=false; - - $(document).ready(function() { - - function onCommitAjaxSuccess(data, textstatus) { - document.getElementById("export-snapshot").disabled = false; - /* document.getElementById("download-snapshot").disabled = false;*/ - document.getElementById("export-snapshot-text").innerText = "Generate the publish table on-demand (using snapshots)"; - document.getElementById("generating-report").style.display = "block"; - if (window.console && window.console.log) { - console.log("XHR returned:", data, "(" + textstatus + ")"); - } else { - alert("NO CONSOLE:\n"); - return; - } - if (data.error != "ok") { - alert("error on request:\n" + data.error); - return; - } - // reload the page with the updated tables - location.reload(true); - } - - function onCommitAjaxError(jqXHR, textstatus, error) { - console.log("ERROR:"+error+"|"+textstatus); - alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); - document.getElementById("export-snapshot").disabled = false; - document.getElementById("export-snapshot-text").innerText = "Generate the publish table on-demand (using snapshots)"; - /* document.getElementById("download-snapshot").disabled = false; */ - document.getElementById("generating-report").style.display = "block"; - } - - /* ensure cookie exists {% csrf_token %} */ - function postCommitAjaxRequest(reqdata) { - var ajax = $.ajax({ - type:"POST", - data: reqdata, - url:"{% url 'xhr_publish' %}", - headers: { 'X-CSRFToken': $.cookie("csrftoken")}, - success: onCommitAjaxSuccess, - error: onCommitAjaxError, - }); - } - - $("#snap_date_base").change(function(){ - snap_date_base = $("#snap_date_base").val(); - snap_date_top = $("#snap_date_top").val(); - if (snap_date_base > snap_date_top) { - $("#snap_date_base").val(snap_date_top); - $("#snap_date_top").val(snap_date_base); - $("#snap_date_start").val(snap_date_top); - $("#snap_date_stop").val(snap_date_base); - } else { - snap_date_start = $("#snap_date_start").val(); - snap_date_stop = $("#snap_date_stop").val(); - $("#snap_date_start").val(snap_date_base); - if (snap_date_stop < snap_date_base) { - $("#snap_date_stop").val(snap_date_top); - } - } - }); - - $("#snap_date_top").change(function(){ - snap_date_base = $("#snap_date_base").val(); - snap_date_top = $("#snap_date_top").val(); - if (snap_date_base > snap_date_top) { - $("#snap_date_base").val(snap_date_top); - $("#snap_date_top").val(snap_date_base); - $("#snap_date_start").val(snap_date_top); - $("#snap_date_stop").val(snap_date_base); - } else { - snap_date_start = $("#snap_date_start").val(); - snap_date_stop = $("#snap_date_stop").val(); - if (snap_date_start > snap_date_top) { - $("#snap_date_start").val(snap_date_base); - } - $("#snap_date_stop").val(snap_date_top); - } - }); - - $('#export-snapshot').click(function(){ - snap_date_base = $("#snap_date_base").val(); - snap_date_top = $("#snap_date_top").val(); - snap_date_start = $("#snap_date_start").val(); - snap_date_stop = $("#snap_date_stop").val(); - if (snap_date_start > snap_date_stop) { - alert("Error: the start date is after the stop date"); - return; - } - if (snap_date_start < snap_date_base) { - alert("Error: the start date is before the snapshot base date"); - return; - } - if (snap_date_stop > snap_date_top) { - alert("Error: the stop date is after the snapshot top date"); - return; - } - var result = confirm("Generate the report? This will take several minutes."); - if (result){ - document.getElementById("export-snapshot").disabled = true; - document.getElementById("export-snapshot-text").innerText = "... Generating the report - this will take a few minutes ..."; - - /* document.getElementById("download-snapshot").disabled = true; */ - document.getElementById("generating-report").style.display = "none"; - postCommitAjaxRequest({ - "action" : 'export-snapshot', - "snap_date_base" : snap_date_base, - "snap_date_top" : snap_date_top, - "snap_date_start" : snap_date_start, - "snap_date_stop" : snap_date_stop - }); - } - }); - - - /* Manage report files */ - - $('.submit-downloadreport').click(function() { - $("#downloadbanner-"+this.getAttribute("x-data")).submit(); - }); - - $('.trash-report').click(function() { - var result = confirm("Are you sure?"); - if (result){ - postCommitAjaxRequest({ - "action" : 'submit-trashreport', - "report_name" : $(this).attr('x-data'), - }); - } - }); - - - - }); -</script> + <div class="row"> + <div class="col-md-7" style="padding-left: 50px;"> + <h1>Management</h1> + </div> + </div> + <div class="row"> + <div class="jumbotron well-transparent"> + + <div class="col-md-6"> + <div> + <table class="table table-striped table-condensed" data-testid="landing-hyperlinks-table"> + <thead> + <tr> + <th>Action</th> + <th>Description</th> + </tr> + </thead> + + <tr> + <td><a class="btn btn-info btn-lg" href="{% url 'report' 'publish-summary' %}">Summary of CVEs</a></td> + <td>Summary across CVEs and Products</td> + </tr> + + <tr> + <td><a class="btn btn-info btn-lg" href="{% url 'publish_diff_snapshot' %}">Difference Snapshots [UNDER DEVELOPMENT]</a></td> + <td>Difference Report via Snapshots</td> + </tr> + + <tr> + <td><a class="btn btn-info btn-lg" href="{% url 'publish_diff_history' %}">Difference History [UNDER DEVELOPMENT]</a></td> + <td>Difference Report via History</td> + </tr> + + </table> + </div> + + </div> + + </div> + + </div> + </div> {% endblock %} diff --git a/lib/srtgui/templates/publish_diff_snapshot.html b/lib/srtgui/templates/publish_diff_snapshot.html new file mode 100644 index 00000000..cf0f2294 --- /dev/null +++ b/lib/srtgui/templates/publish_diff_snapshot.html @@ -0,0 +1,327 @@ +{% extends "base.html" %} + +{% load static %} +{% load projecttags %} +{% load humanize %} + +{% block title %} Publish Requests {% endblock %} + +{% block pagecontent %} +<div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'manage' %}">Management</a></li><span class="divider">→</span> + <li>Publish Report Management</li> + </ul> + </div> +</div> + +<h2>Publish Report Management</h2> +<ul> + <li>The SRTool supports exporting new and updated CVEs to external publishing tools</li> +</ul> + +<hr> + +<h2>Publish Via Database Snapshots</h2> +<h3> On Demand</h3> +<ul> + <li>This extracts the changes from a 'base' database backup snapshot to more recent 'top' snapshot</li> + <li>The 'start' and 'stop' dates can extract a subset of those changes. Normally they are set to the 'base' and 'top' dates</li> +</ul> + +<div style="padding-left:30px;"> + <div> + <label> Start Snapshot: </label> + <select id="snap_date_base"> + {% for snap in snapshot_list %} + <option value="{{snap.date}}" {% if snap_start_index == snap.index %}selected{% endif %}> + ({{snap.mode}}) {{snap.date}} {{snap.time}} | {{snap.day}} + </option> + {% endfor %} + </select> + </div> + <div> + <label> Stop Snapshot: </label> + <select id="snap_date_top"> + {% for snap in snapshot_list %} + <option value="{{snap.date}}" {% if snap_stop_index == snap.index %}selected{% endif %}> + ({{snap.mode}}) {{snap.date}} {{snap.time}} | {{snap.day}} + </option> + {% endfor %} + </select> + </div> + <div> + Start Date: <input type="text" id="snap_date_start" value="{{snap_date_start}}"> + Stop Date: <input type="text" id="snap_date_stop" value="{{snap_date_stop}}"> + <I>(Format: yyyy-mm-dd)</I> + </div> +<br> +</div> + +<div> + <span style="padding-left:30px;"><button id="export-snapshot" class="btn btn-default" type="button">Generate</button></span> + <!--<button type="submit" name="action" value="export-snapshot">Export</button> --> + <span id="export-snapshot-text">Generate the publish table on-demand (using snapshots)</span> + <span id="generating-report" hidden style="color:red"><I>... Generating the report - this will take a few minutes ...</I></span> +</div> +<br> + +<form method="POST"> {% csrf_token %} +<h3>Automatic (Under Development)</h3> +<div style="padding-left: 25px;"> + <label> Frequency: </label> + <select id="snap_frequency"> + {% for snap in snapshot_frequency_list %} + <option value="{{snap}}" {% if snap == snap_frequency_select %}selected{% endif %}> + {{snap}} + </option> + {% endfor %} + </select> + <span style="padding-left:30px;"><button id="export-snapshot" class="btn btn-default" type="button" disabled>Save</button></span> + <!--<button type="submit" name="action" value="export-snapshot">Export</button> --> + Save the automatic publishing frequency +</div> +</form> + +<h3>Generated Reports</h3> +<div style="padding-left: 25px;"> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> + <thead> + <tr> + <th>Name</th> + <th>Size</th> + <th>Date</th> + <th>Manage</th> + </tr> + </thead> + {% if generated_report_list %} + {% for report in generated_report_list %} + <tr> + <td>{{report.name}}</td> + <td>{{report.size}}</td> + <td>{{report.date}}</td> + <td> + <span id="attachment_entry_'+{{report.name}}+'" class="js-config-var-name"></span> + <form id="downloadbanner-{{forloop.counter}}" enctype="multipart/form-data" method="post" >{% csrf_token %} + <input type="hidden" id="action" name="action" value="download"> + <input type="hidden" id="report_id" name="report_name" value={{report.name}}> + <span class="glyphicon glyphicon-download-alt submit-downloadreport" id="report_download_'+{{report.name}}+'" x-data="{{forloop.counter}}"></span> + {% if request.user.is_creator %} + <span class="glyphicon glyphicon-trash trash-report" id="report_trash_'+{{report.name}}+'" x-data="{{report.name}}"></span> + {% endif %} + </form> + </td> + </tr> + {% endfor %} + {% else %} + <tr> + <td>No report files found</td> + </tr> + {% endif %} + </table> + (last report = {{snap_last_calc}}) +</div> + +<hr> + +<form method="POST"> {% csrf_token %} +<h2>Publish Via History Tables (Under development)</h2> +<ul> + <li>These tools can be used to (a) gather the candidate CVEs, (b) review and edit the list if needed, (c) generate the report when ready</li> + <li>The user can explicitly include and exclude CVEs from the "New" list and the "Updated" list, in case the automatic caltulations need adjustment</li> + <li>These mark-ups are inserted into the respective CVE's history at a mid-point date of the period, so they are both persistent and period-specific</li> + <li>The user can clear the markups from the given period and start over, but this will not affect any other period</li> +</ul> +<h3> Publish Preparation</h3> +<ul> + <div> + Start Date: <input type="text" name="date_start" value="{{date_start}}"> + Stop Date: <input type="text" name="date_stop" value="{{date_stop}}"> + </div> + <br> + <div> + Product filter: + <select name="product-filter" id="select-product-filter"> + <option value="0">WR Linux Suported Products</option> + </select> + </div> + <br> + <div> + <button type="submit" name="action" value="recalculate">Recalculate publish table</button> + Gather the items for this period to be published from SRTool, with user changes (last done {{last_calc}}) + </div> + <br> + <div> + <button type="submit" name="action" value="reset">Reset user edits, Recalculate</button> + Remove the user changes for this period, recalculate the table + </div> +</ul> +<h3> Publish Preview and Modifications</h3> +<ul> + <div> + <button type="submit" name="action" value="view">View the publish table</button> + View the publish table, prune entries + </div> + <br> + <div> + <button type="submit" name="action" value="add-cve">Add via CVEs</button> + Add recent CVEs to the table + </div> + <br> + <div> + <button type="submit" name="action" value="add-defect">Add via defects</button> + Add CVEs of recent defects to the table + </div> + <br> +</ul> +<h3> Publish the Report</h3> +<ul> + <div> + <button type="submit" name="action" value="export">Export</button> + Export the publish table (using history) + </div> + <br> +</ul> +</form> + +<script> + var selected_newcomment=false; + + $(document).ready(function() { + + function onCommitAjaxSuccess(data, textstatus) { + document.getElementById("export-snapshot").disabled = false; + /* document.getElementById("download-snapshot").disabled = false;*/ + document.getElementById("export-snapshot-text").innerText = "Generate the publish table on-demand (using snapshots)"; + document.getElementById("generating-report").style.display = "block"; + if (window.console && window.console.log) { + console.log("XHR returned:", data, "(" + textstatus + ")"); + } else { + alert("NO CONSOLE:\n"); + return; + } + if (data.error != "ok") { + alert("error on request:\n" + data.error); + return; + } + // reload the page with the updated tables + location.reload(true); + } + + function onCommitAjaxError(jqXHR, textstatus, error) { + console.log("ERROR:"+error+"|"+textstatus); + alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); + document.getElementById("export-snapshot").disabled = false; + document.getElementById("export-snapshot-text").innerText = "Generate the publish table on-demand (using snapshots)"; + /* document.getElementById("download-snapshot").disabled = false; */ + document.getElementById("generating-report").style.display = "block"; + } + + /* ensure cookie exists {% csrf_token %} */ + function postCommitAjaxRequest(reqdata) { + var ajax = $.ajax({ + type:"POST", + data: reqdata, + url:"{% url 'xhr_publish' %}", + headers: { 'X-CSRFToken': $.cookie("csrftoken")}, + success: onCommitAjaxSuccess, + error: onCommitAjaxError, + }); + } + + $("#snap_date_base").change(function(){ + snap_date_base = $("#snap_date_base").val(); + snap_date_top = $("#snap_date_top").val(); + if (snap_date_base > snap_date_top) { + $("#snap_date_base").val(snap_date_top); + $("#snap_date_top").val(snap_date_base); + $("#snap_date_start").val(snap_date_top); + $("#snap_date_stop").val(snap_date_base); + } else { + snap_date_start = $("#snap_date_start").val(); + snap_date_stop = $("#snap_date_stop").val(); + $("#snap_date_start").val(snap_date_base); + if (snap_date_stop < snap_date_base) { + $("#snap_date_stop").val(snap_date_top); + } + } + }); + + $("#snap_date_top").change(function(){ + snap_date_base = $("#snap_date_base").val(); + snap_date_top = $("#snap_date_top").val(); + if (snap_date_base > snap_date_top) { + $("#snap_date_base").val(snap_date_top); + $("#snap_date_top").val(snap_date_base); + $("#snap_date_start").val(snap_date_top); + $("#snap_date_stop").val(snap_date_base); + } else { + snap_date_start = $("#snap_date_start").val(); + snap_date_stop = $("#snap_date_stop").val(); + if (snap_date_start > snap_date_top) { + $("#snap_date_start").val(snap_date_base); + } + $("#snap_date_stop").val(snap_date_top); + } + }); + + $('#export-snapshot').click(function(){ + snap_date_base = $("#snap_date_base").val(); + snap_date_top = $("#snap_date_top").val(); + snap_date_start = $("#snap_date_start").val(); + snap_date_stop = $("#snap_date_stop").val(); + if (snap_date_start > snap_date_stop) { + alert("Error: the start date is after the stop date"); + return; + } + if (snap_date_start < snap_date_base) { + alert("Error: the start date is before the snapshot base date"); + return; + } + if (snap_date_stop > snap_date_top) { + alert("Error: the stop date is after the snapshot top date"); + return; + } + var result = confirm("Generate the report? This will take several minutes."); + if (result){ + document.getElementById("export-snapshot").disabled = true; + document.getElementById("export-snapshot-text").innerText = "... Generating the report - this will take a few minutes ..."; + + /* document.getElementById("download-snapshot").disabled = true; */ + document.getElementById("generating-report").style.display = "none"; + postCommitAjaxRequest({ + "action" : 'export-snapshot', + "snap_date_base" : snap_date_base, + "snap_date_top" : snap_date_top, + "snap_date_start" : snap_date_start, + "snap_date_stop" : snap_date_stop + }); + } + }); + + + /* Manage report files */ + + $('.submit-downloadreport').click(function() { + $("#downloadbanner-"+this.getAttribute("x-data")).submit(); + }); + + $('.trash-report').click(function() { + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashreport', + "report_name" : $(this).attr('x-data'), + }); + } + }); + + + + }); +</script> + +{% endblock %} diff --git a/lib/srtgui/urls.py b/lib/srtgui/urls.py index a4947c51..c0df1c89 100644 --- a/lib/srtgui/urls.py +++ b/lib/srtgui/urls.py @@ -141,13 +141,17 @@ urlpatterns = [ name='manage_notifications'), url(r'^triage_cves/$', views.triage_cves, name='triage_cves'), url(r'^create_vulnerability/$', views.create_vulnerability, name='create_vulnerability'), - url(r'^publish/$', views.publish, name='publish'), url(r'^manage_report/$', views.manage_report, name='manage_report'), url(r'^sources/$', tables.SourcesTable.as_view(template_name="sources-toastertable.html"), name='sources'), url(r'^users/$', views.users, name='users'), + url(r'^publish/$', views.publish, name='publish'), + url(r'^publish_summary/$', views.publish_summary, name='publish_summary'), + url(r'^publish_diff_snapshot/$', views.publish_diff_snapshot, name='publish_diff_snapshot'), + url(r'^publish_diff_history/$', views.publish_diff_history, name='publish_diff_history'), + url(r'^maintenance/$', views.maintenance, name='maintenance'), url(r'^history_cve/$', tables.HistoryCveTable.as_view(template_name="history-cve-toastertable.html"), diff --git a/lib/srtgui/views.py b/lib/srtgui/views.py index 79bf7b17..7f819fd1 100644 --- a/lib/srtgui/views.py +++ b/lib/srtgui/views.py @@ -994,6 +994,26 @@ def publish(request): # does this user have permission to see this record? if not UserSafe.is_creator(request.user): return redirect(landing) + + context = { + } + return render(request, 'publish.html', context) + +def publish_summary(request): + # does this user have permission to see this record? + if not UserSafe.is_creator(request.user): + return redirect(landing) + + context = { + } + return render(request, 'management.html', context) + +def publish_diff_snapshot(request): + # does this user have permission to see this record? + if not UserSafe.is_creator(request.user): + return redirect(landing) + + main_app = SrtSetting.get_setting('SRT_MAIN_APP','yp') if request.method == "GET": # Prepare available snapshots @@ -1037,9 +1057,145 @@ def publish(request): ] # List of available reports generated_report_list = [] - for entry in os.scandir('data/wr'): - if entry.name.startswith('cve-svns-srtool'): - generated_report_list.append(ReportFile(entry.name,entry.stat().st_size,datetime.fromtimestamp(entry.stat().st_mtime))) + if os.path.isdir('data/publish'): + for entry in os.scandir('data/publish'): + if entry.name.startswith('cve-svns-srtool'): + generated_report_list.append(ReportFile(entry.name,entry.stat().st_size,datetime.fromtimestamp(entry.stat().st_mtime))) +# generated_report_list.sort() + generated_report_list = sorted(generated_report_list,key=lambda x: x.name) + + # Prepare History data + last_calc = SrtSetting.get_setting('publish_last_calc','06/08/2019') + date_start = SrtSetting.get_setting('publish_date_start','06/08/2019') + date_stop = SrtSetting.get_setting('publish_date_stop','06/21/2019') + + context = { + 'date_start' : date_start, + 'date_stop' : date_stop, + 'last_calc' : last_calc, + + 'snap_date_start' : snap_date_start, + 'snap_date_stop' : snap_date_stop, + 'snap_date_base' : snap_date_base, + 'snap_date_top' : snap_date_top, + 'snapshot_list' : snapshot_list, + 'snap_start_index' : '%02d' % snap_start_index, + 'snap_stop_index' : '%02d' % snap_stop_index, + 'snap_last_calc' : snap_last_calc, + 'generated_report_list' : generated_report_list, + + 'snapshot_frequency_list' : snapshot_frequency_list, + 'snap_frequency_select' : snap_frequency_select, + } + return render(request, 'publish_diff_snapshot.html', context) + elif request.method == "POST": + action = request.POST['action'] + + if request.POST["action"] == "download": + report_name = request.POST['report_name'] + file_path = 'data/publish/%s' % (report_name) + if file_path: + fsock = open(file_path, "rb") + content_type = MimeTypeFinder.get_mimetype(file_path) + response = HttpResponse(fsock, content_type = content_type) + disposition = 'attachment; filename="{}"'.format(file_path) + response['Content-Disposition'] = 'attachment; filename="{}"'.format(file_path) + _log("EXPORT_POST_Q{%s} %s || %s " % (response, response['Content-Disposition'], disposition)) + return response + else: + return render(request, "unavailable_artifact.html", context={}) + + # Dates (make as no timezone) + msg = '' + try: + msg = 'Start:%s' % request.POST.get('date_start', '') + date_start = datetime.strptime(request.POST.get('date_start', ''), '%m/%d/%Y') + msg = 'Stop:%s' % request.POST.get('date_stop', '') + date_stop = datetime.strptime(request.POST.get('date_stop', ''), '%m/%d/%Y') + if date_stop < date_start: +# return 'Error:stop date is before start date' + _log('Error:stop date is before start date') + pass + except Exception as e: +# return 'Error:bad format for dates (must be mm/dd/yyyy) (%s)(%s)' % (msg,e),'' + _log('Error:bad format for dates (must be mm/dd/yyyy) (%s)(%s)' % (msg,e)) + pass + SrtSetting.set_setting('publish_date_start',date_start.strftime('%m/%d/%Y')) + SrtSetting.set_setting('publish_date_stop',date_stop.strftime('%m/%d/%Y')) + if 'recalculate' == action: + # Calculate + publishCalculate(date_start,date_stop) + return redirect('publish') + if 'view' == action: + # Go to publish list page + return redirect('publish-list') + if 'add-cve' == action: + # Go to publish list page + return redirect('publish-cve') + if 'add-defect' == action: + # Go to publish list page + return redirect('publish-defect') + if 'reset' == action: + publishReset(date_start,date_stop) + publishCalculate(date_start,date_stop) + return redirect('publish') + if 'export' == action: + return redirect('/%s/report/publish' % main_app) + return redirect('publish') + +def publish_diff_history(request): + # does this user have permission to see this record? + if not UserSafe.is_creator(request.user): + return redirect(landing) + + main_app = SrtSetting.get_setting('SRT_MAIN_APP','yp') + if request.method == "GET": + + # Prepare available snapshots + snapshot_list = [] + snap_start_index = 0 + snap_stop_index = 0 + snap_date_base = SrtSetting.get_setting('publish_snap_date_base','2019-06-08') + snap_date_top = SrtSetting.get_setting('publish_snap_date_top','2019-06-16') + snap_date_start = SrtSetting.get_setting('publish_snap_date_start','2019-06-08') + snap_date_stop = SrtSetting.get_setting('publish_snap_date_stop','2019-06-16') + snap_last_calc = SrtSetting.get_setting('publish_snap_last_calc','') + backup_returncode,backup_stdout,backup_result = execute_process('bin/common/srtool_backup.py','--list-backups-db') + for i,line in enumerate(backup_stdout.decode("utf-8").splitlines()): + # Week|backup_2019_19|2019-05-18|12:51:51|Saturday, May 18 2019 + backup_mode,backup_dir,backup_date,backup_time,backup_day = line.split('|') + if 'Now' != backup_mode: + snap = Snap(i,backup_mode,backup_dir,backup_date,backup_time,backup_day) + snapshot_list.append(snap) + if snap_date_base == snap.date: + snap_start_index = i + if snap_date_start < snap.date: + snap_date_start = snap.date + if snap_date_stop < snap.date: + snap_date_stop = snap.date + if snap_date_top == snap.date: + snap_stop_index = i + if snap_date_stop > snap.date: + snap_date_stop = snap.date + if not snap_stop_index: + snap_stop_index = i + if snap_date_stop < snap.date: + snap_date_stop = snap.date + # Report automation + snap_frequency_select = SrtSetting.get_setting('publish_snap_frequency','Off') + snapshot_frequency_list = [ + 'Off', + 'Monthly', + 'Bi-monthly', + 'Weekly', + 'Daily', + ] + # List of available reports + generated_report_list = [] + if os.path.isdir('data/publish'): + for entry in os.scandir('data/publish'): + if entry.name.startswith('cve-svns-srtool'): + generated_report_list.append(ReportFile(entry.name,entry.stat().st_size,datetime.fromtimestamp(entry.stat().st_mtime))) # generated_report_list.sort() generated_report_list = sorted(generated_report_list,key=lambda x: x.name) @@ -1072,7 +1228,7 @@ def publish(request): if request.POST["action"] == "download": report_name = request.POST['report_name'] - file_path = 'data/wr/%s' % report_name + file_path = 'data/publish/%s' % (report_name) if file_path: fsock = open(file_path, "rb") content_type = MimeTypeFinder.get_mimetype(file_path) @@ -1119,10 +1275,12 @@ def publish(request): publishCalculate(date_start,date_stop) return redirect('publish') if 'export' == action: - return redirect('/wr/report/publish') + return redirect('/%s/report/publish' % main_app) return redirect('publish') + + def manage_report(request): # does this user have permission to see this record? if not UserSafe.is_creator(request.user): @@ -2146,6 +2304,8 @@ def xhr_investigation_commit(request): def xhr_publish(request): _log("xhr_publish(%s)" % request.POST) + main_app = SrtSetting.get_setting('SRT_MAIN_APP','yp') + def remove_mark(mark,line): pos1 = line.find(mark) if -1 == pos1: @@ -2185,18 +2345,18 @@ def xhr_publish(request): if (not top_dir) and (snap_date_top == backup_date) and ('Now' != backup_mode): top_dir = 'backups/%s' % backup_dir - _log('Publish:./bin/wr/srtool_publish.py --srt2update ' + base_dir) - report_returncode,report_stdout,report_error = execute_process('./bin/wr/srtool_publish.py','--srt2update',base_dir) + _log('Publish:./bin/%s/srtool_publish.py --srt2update %s' % (main_app,base_dir)) + report_returncode,report_stdout,report_error = execute_process('./bin/%s/srtool_publish.py' % main_app,'--srt2update',base_dir) if 0 != report_returncode: return_data = {"error": "Error: base dir prep:%s:%s" % (report_error,report_stdout),} return HttpResponse(json.dumps( return_data ), content_type = "application/json") - _log('Publish:./bin/wr/srtool_publish.py --srt2update ' + top_dir) - report_returncode,report_stdout,report_error = execute_process('./bin/wr/srtool_publish.py','--srt2update',top_dir) + _log('Publish:./bin/%s/srtool_publish.py --srt2update %s' % (main_app,top_dir)) + report_returncode,report_stdout,report_error = execute_process('./bin/%s/srtool_publish.py' % main_app,'--srt2update',top_dir) if 0 != report_returncode: return_data = {"error": "Error: top dir prep:%s:%s" % (report_error,report_stdout),} return HttpResponse(json.dumps( return_data ), content_type = "application/json") - _log('Publish:./bin/wr/srtool_publish.py --validate-update-svns --previous '+base_dir+' --current '+top_dir+' --start '+snap_date_start+' --stop '+snap_date_stop) - report_returncode,report_stdout,report_error = execute_process('./bin/wr/srtool_publish.py', + _log('Publish:./bin/'+main_app+'/srtool_publish.py --validate-update-svns --previous '+base_dir+' --current '+top_dir+' --start '+snap_date_start+' --stop '+snap_date_stop) + report_returncode,report_stdout,report_error = execute_process('./bin/%s/srtool_publish.py' % main_app, '--validate-update-svns','--previous',base_dir,'--current',top_dir, '--start',snap_date_start,'--stop',snap_date_stop) if 0 != report_returncode: @@ -2212,7 +2372,7 @@ def xhr_publish(request): _log('Publish:Done!') elif 'submit-trashreport' == action: report_name = request.POST['report_name'] - os.remove('data/wr/%s' % report_name) + os.remove('data/%s/%s' % (main_app,report_name)) else: srtool_today_time = datetime.today() srtool_today = datetime.today().strftime("%Y-%m-%d") |