#
# Security Response Tool Implementation
#
# Copyright (C) 2017-2018 Wind River Systems
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Please run flake8 on this file before sending patches
import os
import logging
from datetime import datetime, timedelta
import csv
from orm.models import Cve, CveSource, Vulnerability, Investigation, Defect, Product
from orm.models import Package
from orm.models import SRTool, SrtSetting
from orm.models import PublishSet, DefectHistory
from orm.models import Notify, ErrorLog
from srtgui.api import readCveDetails, summaryCveDetails
from django.db.models import Q
logger = logging.getLogger("srt")
SRT_BASE_DIR = os.environ['SRT_BASE_DIR']
SRT_REPORT_DIR = '%s/reports' % SRT_BASE_DIR
# quick development/debugging support
from srtgui.api import _log
def _log_args(msg, *args, **kwargs):
s = '%s:(' % msg
if args:
for a in args:
s += '%s,' % a
s += '),('
if kwargs:
for key, value in kwargs.items():
s += '(%s=%s),' % (key,value)
s += ')'
_log(s)
class Report():
def __init__(self, parent_page, *args, **kwargs):
self.parent_page = parent_page
self.report_name = '%s%s' % (parent_page[0].upper(),parent_page[1:])
self.title = self.report_name
self.request = kwargs['request']
def get_context_data(self, *args, **kwargs):
context = {}
context['title'] = self.title
context['parent_page'] = self.parent_page
context['report_name'] = self.report_name
context['report_enable_submit'] = '1'
# global variables
return context
def exec_report(self, *args, **kwargs):
return None
class ManagementReport(Report):
"""Report for the Management Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_MANAGEMENT_INIT(%s)" % parent_page, *args, **kwargs)
super(ManagementReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_MANAGEMENT_CONTEXT", *args, **kwargs)
context = super(ManagementReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_MANAGEMENT_EXEC", *args, **kwargs)
super(ManagementReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
csv_separator = request_POST.get('csv_separator', 'semi')
report_name = '%s/management_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = ';'
if csv_separator == 'comma': tab = ','
if csv_separator == 'tab': tab = '\t'
else:
tab = " = "
if 'status' == report_type:
if 'txt' == format:
file.write("Report : Management - Summary\n")
file.write("\n")
file.write("%s%s%s\n" % ('cve_total',tab,Cve.objects.all().count()))
file.write("%s%s%s\n" % ('cve_new',tab,Cve.objects.filter(status=Cve.NEW).count()))
file.write("%s%s%s\n" % ('cve_open',tab,Cve.objects.filter( Q(status=Cve.INVESTIGATE) & Q(status=Cve.VULNERABLE) ).count()))
file.write("%s%s%s\n" % ('vulnerability_total',tab,Vulnerability.objects.all().count()))
file.write("%s%s%s\n" % ('vulnerability_open',tab,Vulnerability.objects.filter(outcome=Vulnerability.OPEN).count()))
file.write("%s%s%s\n" % ('vulnerability_critical',tab,Vulnerability.objects.filter(priority=Vulnerability.CRITICAL).count()))
file.write("%s%s%s\n" % ('vulnerability_high',tab,Vulnerability.objects.filter(priority=Vulnerability.HIGH).count()))
file.write("%s%s%s\n" % ('vulnerability_medium',tab,Vulnerability.objects.filter(priority=Vulnerability.MEDIUM).count()))
file.write("%s%s%s\n" % ('vulnerability_low',tab,Vulnerability.objects.filter(priority=Vulnerability.LOW).count()))
file.write("%s%s%s\n" % ('investigation_total',tab,Investigation.objects.all().count()))
file.write("%s%s%s\n" % ('investigation_open',tab,Investigation.objects.filter(outcome=Investigation.OPEN).count()))
file.write("%s%s%s\n" % ('investigation_critical',tab,Investigation.objects.filter(priority=Investigation.CRITICAL).count()))
file.write("%s%s%s\n" % ('investigation_high',tab,Investigation.objects.filter(priority=Investigation.HIGH).count()))
file.write("%s%s%s\n" % ('investigation_medium',tab,Investigation.objects.filter(priority=Investigation.MEDIUM).count()))
file.write("%s%s%s\n" % ('investigation_low',tab,Investigation.objects.filter(priority=Investigation.LOW).count()))
file.write("%s%s%s\n" % ('defect_total',tab,Defect.objects.all().count()))
if 'vulnerabilities' == report_type:
if 'txt' == format:
file.write("Report : Management - Open Vulnerabilities\n")
file.write("\n")
else:
file.write("Name\tStatus\tOutcome\tPriority\tComments\tCVEs\tInvestigations\n")
for v in Vulnerability.objects.filter(outcome=Vulnerability.OPEN):
if 'txt' == format:
file.write("Name: %s\n" % v.name)
file.write(" Status: %s\n" % v.get_status_text)
file.write(" Outcome: %s\n" % v.get_outcome_text)
file.write(" Priority: %s\n" % v.get_priority_text)
file.write(" Comments: %s\n" % v.comments)
file.write(" CVEs: ")
for i,vc in enumerate(v.vulnerability_to_cve.all()):
if i > 0:
file.write(",")
file.write("%s" % vc.cve.name)
file.write("\n")
file.write(" Investigations: ")
for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
if i > 0:
file.write(",")
file.write("%s" % investigation.name)
file.write("\n")
file.write("\n")
else:
file.write("%s\t%s\t%s\t%s\t%s\t" % (v.name,v.get_status_text,v.get_outcome_text,v.get_priority_text,v.comments))
for i,vc in enumerate(v.vulnerability_to_cve.all()):
if i > 0:
file.write(",")
file.write("%s" % vc.cve.name)
file.write("\t")
for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
if i > 0:
file.write(",")
file.write("%s" % investigation.name)
file.write("\n")
if 'investigations' == report_type:
if 'txt' == format:
file.write("Report : Management - Open Vulnerabilities\n")
file.write("\n")
else:
file.write("Name\tStatus\tOutcome\tPriority\tComments\tDefects\n")
for investigation in Investigation.objects.filter(outcome=Vulnerability.OPEN):
if 'txt' == format:
file.write("Name: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Comments: %s\n" % investigation.comments)
file.write(" Defects: ")
for i,id in enumerate(investigation.investigation_to_defect.filter(investigation=investigation)):
if i > 0:
file.write(",")
file.write("%s" % id.defect.name)
file.write("\n")
file.write("\n")
else:
file.write("%s\t%s\t%s\t%s\t%s\t" % (investigation.name,investigation.get_status_text,
investigation.get_outcome_text,investigation.get_priority_text,investigation.comments))
for i,id in enumerate(investigation.investigation_to_defect.filter(investigation=investigation)):
if i > 0:
file.write(",")
file.write("%s" % id.defect.name)
file.write("\n")
return report_name,os.path.basename(report_name)
class CveReport(Report):
"""Report for the CVE Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_CVE_INIT(%s)" % parent_page, *args, **kwargs)
super(CveReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_CVE_CONTEXT", *args, **kwargs)
context = super(CveReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
'
context['report_custom_list'] = '\
CVSS_v2
\
References
\
CPE list
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CVE_EXEC", *args, **kwargs)
super(CveReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
cvss_v2 = request_POST.get('cvss_v2', '')
ref_list = request_POST.get('ref', '')
cpe = request_POST.get('cpe', '')
cve = Cve.objects.get(id=record_list)
report_name = '%s/cve_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if ('summary' == report_type) or ('audit' == report_type):
if 'txt' == format:
file.write("Report : CVE %s - Summary\n" % cve.name)
file.write("\n")
# Gather the sources for this CVE
cve_sources = CveSource.objects.filter(cve=cve.id).order_by('pk')
if 1 < len(cve_sources):
sources = ''
for cve_source in cve_sources:
sources += '%s ' % cve_source.datasource.source
cveDetails,cve_html = summaryCveDetails(cve,cve_sources)
elif 1 == len(cve_sources):
sources = cve_sources[0].datasource.source
cveDetails = readCveDetails(cve,cve_sources[0].datasource)
cve_html = ''
else:
sources = ''
cveDetails = readCveDetails(cve,None)
cve_html = ''
file.write("%s%s%s\n" % ('source',tab,sources))
file.write("%s%s%s\n" % ('status',tab,cve.status))
file.write("%s%s%s\n" % ('cve_data_type',tab,cve.cve_data_type))
file.write("%s%s%s\n" % ('cve_data_format',tab,cve.cve_data_format))
file.write("%s%s%s\n" % ('cve_data_version',tab,cve.cve_data_version))
file.write("%s%s%s\n" % ('description',tab,cve.description))
file.write("\n")
file.write("CVSS Version 3:\n")
file.write(" %s%s%s\n" % ('cvssV3_baseScore',tab,cve.cvssV3_baseScore))
file.write(" %s%s%s\n" % ('cvssV3_baseSeverity',tab,cve.cvssV3_baseSeverity))
file.write(" %s%s%s\n" % ('cvssV3_vectorString',tab,cveDetails.cvssV3_vectorString))
file.write(" %s%s%s\n" % ('cvssV3_exploitabilityScore',tab,cveDetails.cvssV3_exploitabilityScore))
file.write(" %s%s%s\n" % ('cvssV3_impactScore',tab,cveDetails.cvssV3_impactScore))
file.write(" %s%s%s\n" % ('cvssV3_attackVector',tab,cveDetails.cvssV3_attackVector))
file.write(" %s%s%s\n" % ('cvssV3_attackComplexity',tab,cveDetails.cvssV3_attackComplexity))
file.write(" %s%s%s\n" % ('cvssV3_privilegesRequired',tab,cveDetails.cvssV3_privilegesRequired))
file.write(" %s%s%s\n" % ('cvssV3_userInteraction',tab,cveDetails.cvssV3_userInteraction))
file.write(" %s%s%s\n" % ('cvssV3_scope',tab,cveDetails.cvssV3_scope))
file.write(" %s%s%s\n" % ('cvssV3_confidentialityImpact',tab,cveDetails.cvssV3_confidentialityImpact))
file.write(" %s%s%s\n" % ('cvssV3_integrityImpact',tab,cveDetails.cvssV3_integrityImpact))
file.write(" %s%s%s\n" % ('cvssV3_availabilityImpact',tab,cveDetails.cvssV3_availabilityImpact))
if (cvss_v2):
file.write("\n")
file.write("CVSS Version 2:\n")
file.write(" %s%s%s\n" % ('cvssV2_baseScore',tab,cve.cvssV2_baseScore))
file.write(" %s%s%s\n" % ('cvssV2_severity',tab,cve.cvssV2_severity))
file.write(" %s%s%s\n" % ('cvssV2_vectorString',tab,cveDetails.cvssV2_vectorString))
file.write(" %s%s%s\n" % ('cvssV2_exploitabilityScore',tab,cveDetails.cvssV2_exploitabilityScore))
file.write(" %s%s%s\n" % ('cvssV2_impactScore',tab,cveDetails.cvssV2_impactScore))
file.write(" %s%s%s\n" % ('cvssV2_accessVector',tab,cveDetails.cvssV2_accessVector))
file.write(" %s%s%s\n" % ('cvssV2_accessComplexity',tab,cveDetails.cvssV2_accessComplexity))
file.write(" %s%s%s\n" % ('cvssV2_authentication',tab,cveDetails.cvssV2_authentication))
file.write(" %s%s%s\n" % ('cvssV2_confidentialityImpact',tab,cveDetails.cvssV2_confidentialityImpact))
file.write(" %s%s%s\n" % ('cvssV2_integrityImpact',tab,cveDetails.cvssV2_integrityImpact))
if (ref_list):
file.write("\n")
file.write("References:\n")
for i,ref in enumerate(cve.references.all()):
file.write(" %s\n" % ref.hyperlink)
if (cpe):
file.write("\n")
file.write("CPE Table:\n")
for cpe in cve.cpe_list.split("|"):
if '' == cpe:
file.write(" Configation:\n")
elif '' == cpe:
file.write(" * AND\n")
elif '' == cpe:
file.write(" * OR\n")
else :
file.write(" %s\n" % cpe)
if 'audit' == report_type:
for cv in cve.cve_to_vulnerability.all():
v = cv.vulnerability
file.write("\n")
file.write("-------------------------------------------\n")
file.write("Vulnerability: %s\n" % v.name)
file.write(" Status: %s\n" % v.get_status_text)
file.write(" Outcome: %s\n" % v.get_outcome_text)
file.write(" Priority: %s\n" % v.get_priority_text)
file.write(" Comments: %s\n" % v.comments)
file.write("\n")
file.write(" Investigations:\n")
for investigation in Investigation.objects.filter(vulnerability=v):
file.write(" Name: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Defects: ")
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
file.write(",")
file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
file.write("\n")
file.write("\n")
file.write(" Comments:\n")
for i,vc in enumerate(v.vulnerability_comments.all()):
file.write(" %s (%s): %s\n" % (vc.date,vc.author,vc.comment))
file.write("\n")
file.write(" Audit Trail:\n")
for i,vh in enumerate(v.vulnerability_history.all()):
file.write(" %s (%s): %s\n" % (vh.date,vh.author,vh.comment))
file.write("\n")
else:
file.write("Investigations: no attached investigations as this time\n")
return report_name,os.path.basename(report_name)
class VulnerabilityReport(Report):
"""Report for the Vulnerability Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_VULNERABILITY_INIT(%s)" % parent_page, *args, **kwargs)
super(VulnerabilityReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITY_CONTEXT", *args, **kwargs)
context = super(VulnerabilityReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITY_EXEC", *args, **kwargs)
super(VulnerabilityReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
vulnerability = Vulnerability.objects.get(id=record_list)
report_name = '%s/vulnerability_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if ('summary' == report_type) or ('audit' == report_type):
if 'txt' == format:
file.write("Report : Vulnerability %s - Summary\n" % vulnerability.name)
file.write("\n")
file.write("Vulnerability: %s\n" % vulnerability.name)
file.write(" Status: %s\n" % vulnerability.get_status_text)
file.write(" Outcome: %s\n" % vulnerability.get_outcome_text)
file.write(" Priority: %s\n" % vulnerability.get_priority_text)
file.write(" Comments: %s\n" % vulnerability.comments)
file.write("\n")
file.write("Products:\n")
found_p = False
for i,product in enumerate(Product.objects.all().order_by('order')):
product_header = False
for investigation in Investigation.objects.filter(vulnerability=vulnerability,product=product):
found_p = True
found_i = True
if not product_header:
file.write("%2d) Product: %s\n" % (i+1,investigation.product.long_name))
product_header = True
file.write(" Investigation: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Defects: ")
for j,id in enumerate(investigation.investigation_to_defect.all()):
if j > 0:
file.write(",")
file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
file.write("\n")
if not found_p:
file.write(" No products found\n")
file.write("\n")
file.write("Comments:\n")
found_c = False
for i,vc in enumerate(vulnerability.vulnerability_comments.all()):
found_c = True
file.write(" %2d) %s (%s): %s\n" % (i,vc.date,vc.author,vc.comment))
if not found_c:
file.write(" No comments found\n")
if 'audit' == report_type:
file.write("\n")
file.write("Audit Trail:\n")
for i,vh in enumerate(vulnerability.vulnerability_history.all()):
file.write(" %2d) %s (%s): %s\n" % (i,vh.date,vh.author,vh.comment))
file.write("\n")
return report_name,os.path.basename(report_name)
class InvestigationReport(Report):
"""Report for the Investigation Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_INVESTIGATION_INIT(%s)" % parent_page, *args, **kwargs)
super(InvestigationReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATION_CONTEXT", *args, **kwargs)
context = super(InvestigationReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATION_EXEC", *args, **kwargs)
super(InvestigationReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
investigation = Investigation.objects.get(id=record_list)
report_name = '%s/investigation_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if ('summary' == report_type) or ('audit' == report_type):
if 'txt' == format:
file.write("Report : Investigation %s - Summary\n" % investigation.name)
file.write("\n")
file.write("Name: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Defects: ")
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
file.write(",")
file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
file.write("\n")
file.write("\n")
file.write("Comments:\n")
found_c = False
for i, ic in enumerate(investigation.investigation_comments.all()):
found_c = True
file.write(" %s (%s): %s\n" % (ic.date,ic.author,ic.comment))
if not found_c:
file.write(" No comments found\n")
if 'audit' == report_type:
file.write("\n")
file.write(" Audit Trail:\n")
for i,ih in enumerate(investigation.investigation_history.all()):
file.write(" %s (%s): %s\n" % (ih.date,ih.author,ih.comment))
file.write("\n")
return report_name,os.path.basename(report_name)
class DefectReport(Report):
"""Report for the Defect Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_DEFECT_INIT(%s)" % parent_page, *args, **kwargs)
super(DefectReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_DEFECT_CONTEXT", *args, **kwargs)
context = super(DefectReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_DEFECT_EXEC", *args, **kwargs)
super(DefectReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
csv_separator = request_POST.get('csv_separator', 'semi')
report_name = '%s/defect_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = ';'
if csv_separator == 'comma': tab = ','
if csv_separator == 'tab': tab = '\t'
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tSummary\tPriority\tStatus\tResolution\tSRT Priority\tSRT Status\tSRT Outcome\tReleased Version\tURL\tInvestigations\tProduct\n")
if 'txt' == format:
file.write("Report : Defects Table\n")
file.write("\n")
file.write("Name,Summary,Priority,Status,Resolution,SRT Priority,SRT Status,SRT Outcome,Released Version,URL,Investigations,Product\n")
defect = Defect.objects.get(id=record_list)
file.write("%s%s" % (defect.name,tab))
file.write("%s%s" % (defect.summary,tab))
file.write("%s%s" % (defect.get_defect_priority_text,tab))
file.write("%s%s" % (defect.get_defect_status_text,tab))
file.write("%s%s" % (defect.get_defect_resolution_text,tab))
file.write("%s%s" % (defect.get_priority_text,tab))
file.write("%s%s" % (defect.get_status_text,tab))
file.write("%s%s" % (defect.get_outcome_text,tab))
file.write("%s%s" % (defect.release_version,tab))
file.write("%s%s" % (defect.publish,tab))
file.write("%s%s" % (defect.url,tab))
for i,di in enumerate(defect.defect_to_investigation.all()):
if i > 0:
file.write(" ")
file.write("%s" % (di.investigation.name))
file.write("%s" % tab)
tab='' # EOL
file.write("%s%s" % (defect.product.long_name,tab))
file.write("\n")
return report_name,os.path.basename(report_name)
class CvesReport(Report):
"""Report for the CVEs Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_CVES_INIT(%s)" % parent_page, *args, **kwargs)
super(CvesReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_CVES_CONTEXT", *args, **kwargs)
context = super(CvesReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV (tab delimited)
\
'
context['report_custom_list'] = '\
CVE name filter =
\
'
return context
def print_row_summary(self,writer,is_header,is_full,cve):
if is_header:
if not is_full:
writer.writerow([
'Name',
'Status',
'Severity (V3)',
'Published',
'Modified',
'Comments',
'Comments Private',
'Vulnerabilities',
'Defects',
'Description',
])
else:
writer.writerow([
'Name',
'Status',
'Score',
'Data Type',
'Data Format',
'Data Version',
'Severity (V3)',
'Severity (V2)',
'Published',
'Modified',
'Comments',
'Comments Private',
'Publish Request',
'Publish Date',
'Vulnerabilities',
'Defects',
'Description',
])
else:
cve_vulnerabilities = ''
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
cve_vulnerabilities += ' '
cve_vulnerabilities += cv.vulnerability.name
cve_defects = ''
i = 0
for cv in cve.cve_to_vulnerability.all():
for investigation in cv.vulnerability.vulnerability_investigation.all():
for id in investigation.investigation_to_defect.all():
if i > 0:
cve_defects += ' '
i += 1
cve_defects += id.defect.name
if not is_full:
writer.writerow([
cve.name,
cve.get_status_text,
'%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
cve.get_publish_text,
cve.lastModifiedDate,
cve.comments,
cve.comments_private,
cve_vulnerabilities,
cve_defects,
cve.description,
])
else:
writer.writerow([
cve.name,
cve.get_status_text,
'%s %s' % (cve.recommend,cve.recommend_list),
cve.cve_data_type,
cve.cve_data_format,
cve.cve_data_version,
'%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
'%s %s' % (cve.cvssV2_baseScore,cve.cvssV2_severity),
cve.get_publish_text,
cve.lastModifiedDate,
cve.comments,
cve.comments_private,
cve.get_publish_text,
cve.publishedDate,
cve_vulnerabilities,
cve_defects,
cve.description,
])
def print_row_cve_defects(self,writer,mode,is_full,cve,vulnerability,investigation,defect):
if 'header' == mode:
if not is_full:
writer.writerow([
'Name',
'Status',
'Severity (V3)',
'Published',
'Vulnerability',
'Investigation',
'Investigation Product',
'Investigation Priority',
'Investigation Status',
'Investigation Outcome',
'Defect',
'Defect Priority',
'Defect Status',
'Defect resolution',
])
else:
writer.writerow([
'Name',
'Status',
'Severity (V3)',
'Published',
'Vulnerability',
'Investigation',
'Investigation Product',
'Investigation Priority',
'Investigation Status',
'Investigation Outcome',
'Defect',
'Defect Priority',
'Defect Status',
'Defect resolution',
])
elif 'cve' == mode:
c2v_list = cve.cve_to_vulnerability.all()
if c2v_list:
for cv in c2v_list:
v2i_list = cv.vulnerability.vulnerability_investigation.all()
if v2i_list:
for investigation in v2i_list:
i2d_list = investigation.investigation_to_defect.all()
if i2d_list:
for i2d in investigation.investigation_to_defect.all():
self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,investigation,i2d.defect)
else:
self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,investigation,None)
else:
self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,None,None)
else:
self.print_row_cve_defects(writer,'line',is_full,cve,None,None,None)
else:
if not is_full:
writer.writerow([
cve.name,
cve.get_status_text,
'%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
cve.get_publish_text,
vulnerability.name if vulnerability else '',
investigation.name if investigation else '',
investigation.product.long_name if investigation and investigation.product else '',
investigation.get_priority_text if investigation else '',
investigation.get_status_text if investigation else '',
investigation.get_outcome_text if investigation else '',
defect.name if defect else '',
defect.get_priority_text if defect else '',
defect.get_status_text if defect else '',
defect.get_defect_resolution_text if defect else '',
])
else:
writer.writerow([
cve.get_status_text,
'%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
cve.get_publish_text,
vulnerability.name if vulnerability else '',
investigation.name if investigation else '',
investigation.product.long_name if investigation and investigation.product else '',
investigation.get_priority_text if investigation else '',
investigation.get_status_text if investigation else '',
investigation.get_outcome_text if investigation else '',
defect.name if defect else '',
defect.get_priority_text if defect else '',
defect.get_status_text if defect else '',
defect.get_defect_resolution_text if defect else '',
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CVES_EXEC", *args, **kwargs)
super(CvesReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
name_filter = request_POST.get('name_filter', '').upper()
report_name = '%s/cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
if 'csv' == format:
delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row_summary(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
cve = Cve.objects.get(id=id)
if not name_filter or (name_filter in cve.name):
self.print_row_summary(writer,False,"all" == columns,cve)
elif 'all' == range:
if name_filter:
query = Cve.objects.filter(name__contains=name_filter).order_by('name')
else:
query = Cve.objects.all().order_by('name')
for cve in query:
self.print_row_summary(writer,False,"all" == columns,cve)
if ('cve_defects' == report_type):
self.print_row_cve_defects(writer,'header',"all" == columns,None,None,None,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
cve = Cve.objects.get(id=id)
if not name_filter or (name_filter in cve.name):
self.print_row_cve_defects(writer,'cve',"all" == columns,cve,None,None,None)
elif 'all' == range:
if name_filter:
query = Cve.objects.filter(name__contains=name_filter).order_by('name')
else:
query = Cve.objects.all().order_by('name')
for cve in query:
self.print_row_cve_defects(writer,'line',"all" == columns,cve,None,None,None)
return report_name,os.path.basename(report_name)
class SelectCvesReport(Report):
"""Report for the Select CVEs Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_SELECTCVES_INIT(%s)" % parent_page, *args, **kwargs)
super(SelectCvesReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_SELECTCVES_CONTEXT", *args, **kwargs)
context = super(SelectCvesReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_SELECTCVES_EXEC", *args, **kwargs)
super(SelectCvesReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/select_cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
for id in record_list.split(','):
if not id:
continue
cve = Cve.objects.get(id=id)
file.write("%s%s" % (cve.name,tab))
file.write("%s%s" % (cve.get_status_text,tab))
file.write("%s%s" % (cve.cve_data_type,tab))
file.write("%s%s" % (cve.cve_data_format,tab))
file.write("%s%s" % (cve.cve_data_version,tab))
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
file.write(" ")
file.write("%s" % cv.vulnerability.name)
file.write("%s" % tab)
file.write("%s%s" % (cve.description,tab))
file.write("\n")
return report_name,os.path.basename(report_name)
class VulnerabilitiesReport(Report):
"""Report for the Vulnerabilities Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_VULNERABILITIES_INIT(%s)" % parent_page, *args, **kwargs)
super(VulnerabilitiesReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITIES_CONTEXT", *args, **kwargs)
context = super(VulnerabilitiesReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV (tab delimited)
\
'
return context
def print_row(self,writer,is_header,is_full,vulnerability):
if is_header:
if not is_full:
writer.writerow([
'Name',
'CVE',
'Status',
'Outcome',
'Priority',
'Comments',
'Comments Private',
'Investigations',
'Defects',
'Products',
])
else:
writer.writerow([
'Name',
'CVE',
'Status',
'Outcome',
'Priority',
'Comments',
'Comments Private',
'Investigations',
'Defects',
'Products',
])
else:
vulnerability_cves = ''
for i,vc in enumerate(vulnerability.vulnerability_to_cve.all()):
if i > 0:
vulnerability_cves += ' '
vulnerability_cves += vc.cve.name
vulnerability_investigations = ''
for i,investigation in enumerate(vulnerability.vulnerability_investigation.all()):
if i > 0:
vulnerability_investigations += ' '
vulnerability_investigations += investigation.name
vulnerability_defects = ''
i = 0
for investigation in vulnerability.vulnerability_investigation.all():
for id in investigation.investigation_to_defect.all():
if i > 0:
vulnerability_defects += ' '
i += 1
vulnerability_defects += id.defect.name
vulnerability_products = ''
for i,vi in enumerate(vulnerability.vulnerability2investigation.all()):
if i > 0:
vulnerability_products += ' '
vulnerability_products += vi.investigation.product.get_defect_tag('key')
if not is_full:
writer.writerow([
vulnerability.name,
vulnerability_cves,
vulnerability.get_status_text,
vulnerability.get_outcome_text,
vulnerability.get_priority_text,
vulnerability.comments,
vulnerability.comments_private,
vulnerability_investigations,
vulnerability_defects,
vulnerability_products,
])
else:
writer.writerow([
vulnerability.name,
vulnerability.cve_primary_name,
vulnerability.get_status_text,
vulnerability.get_outcome_text,
vulnerability.get_priority_text,
vulnerability.comments,
vulnerability.comments_private,
vulnerability_investigations,
vulnerability_defects,
vulnerability_products,
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITIES_EXEC", *args, **kwargs)
super(VulnerabilitiesReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/vulnerabilities_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
if 'csv' == format:
delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
vulnerability = Vulnerability.objects.get(id=id)
self.print_row(writer,False,"all" == columns,vulnerability)
elif 'all' == range:
query = Vulnerability.objects.all().order_by('name')
for vulnerability in query:
self.print_row(writer,False,"all" == columns,vulnerability)
return report_name,os.path.basename(report_name)
class InvestigationsReport(Report):
"""Report for the Investigations Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_INVESTIGATIONS_INIT(%s)" % parent_page, *args, **kwargs)
super(InvestigationsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATIONS_CONTEXT", *args, **kwargs)
context = super(InvestigationsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
context['report_custom_list'] = '\
Product defect prefix filter = (method to filter by product)
\
'
return context
def print_row(self,writer,is_header,is_full,investigation):
if is_header:
if not is_full:
writer.writerow([
'Name',
'Defects',
'Status',
'Outcome',
'Release Version',
'Priority',
'Comments',
'Comments Private',
'Vulnerability',
'Product',
'Updated',
])
else:
writer.writerow([
'Name',
'Defects',
'Status',
'Outcome',
'Release Version',
'Priority',
'Comments',
'Comments Private',
'Vulnerability',
'Product',
'Updated',
])
else:
investigation_defects = ''
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
investigation_defects += ' '
investigation_defects += id.defect.name
investigation_release_versions = ''
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
investigation_release_versions += ' '
investigation_release_versions += id.defect.release_version
if not is_full:
writer.writerow([
investigation.name,
investigation_defects,
investigation.get_status_text,
investigation.get_outcome_text,
investigation_release_versions,
investigation.get_priority_text,
investigation.comments,
investigation.comments_private,
investigation.vulnerability.get_long_name,
investigation.product.long_name,
investigation.srt_updated.strftime('%m-%d-%Y'),
])
else:
writer.writerow([
investigation.name,
investigation_defects,
investigation.get_status_text,
investigation.get_outcome_text,
investigation_release_versions,
investigation.get_priority_text,
investigation.comments,
investigation.comments_private,
investigation.vulnerability.get_long_name,
investigation.product.long_name,
investigation.srt_updated.strftime('%m-%d-%Y'),
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATIONS_EXEC", *args, **kwargs)
super(InvestigationsReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
name_filter = request_POST.get('name_filter', '').upper()
csv_separator = request_POST.get('csv_separator', 'semi')
report_name = '%s/investigations_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
if 'csv' == format:
delimiter = ';'
if csv_separator == 'comma': delimiter = ','
if csv_separator == 'tab': delimiter = '\t'
else:
delimiter = ","
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
investigation = Investigation.objects.get(id=id)
if not name_filter or (name_filter in investigation.product.get_defect_tag('key')):
self.print_row(writer,False,"all" == columns,investigation)
elif 'all' == range:
query = Investigation.objects.all().order_by('name')
for investigation in query:
if name_filter and (not name_filter in investigation.product.get_defect_tag('key')):
continue
self.print_row(writer,False,"all" == columns,investigation)
return report_name,os.path.basename(report_name)
class DefectsReport(Report):
"""Report for the Defects Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_DEFECTS_INIT(%s)" % parent_page, *args, **kwargs)
super(DefectsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_DEFECTS_CONTEXT", *args, **kwargs)
context = super(DefectsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV \
(Separator: \
) \
\
'
context['report_custom_list'] = '\
Defect name filter =
\
' % SrtSetting.get_setting('SRTOOL_DEFECT_SAMPLENAME',"DEFECT-XYZ")
return context
def print_row(self,writer,is_header,is_full,defect):
if is_header:
if not is_full:
writer.writerow([
'Name',
'Summary',
'Priority',
'Status',
'Resolution',
'SRT Priority',
'SRT Status',
'SRT Outcome',
'Release Version',
'Publish',
'Investigations',
'Product',
])
else:
writer.writerow([
'Name',
'Summary',
'Priority',
'Status',
'Resolution',
'SRT Priority',
'SRT Status',
'SRT Outcome',
'Release Version',
'Publish',
'URL',
'Investigations',
'Product',
])
else:
defect_investigations = ''
for i,di in enumerate(defect.defect_to_investigation.all()):
if i > 0:
defect_investigations += ' '
defect_investigations += di.investigation.name
if not is_full:
writer.writerow([
defect.name,
defect.summary,
defect.get_defect_priority_text,
defect.get_defect_status_text,
defect.get_defect_resolution_text,
defect.get_priority_text,
defect.get_status_text,
defect.get_outcome_text,
defect.release_version,
defect.publish,
defect_investigations,
defect.product.long_name if defect.product else '',
])
else:
writer.writerow([
defect.name,
defect.summary,
defect.get_defect_priority_text,
defect.get_defect_status_text,
defect.get_defect_resolution_text,
defect.get_priority_text,
defect.get_status_text,
defect.get_outcome_text,
defect.release_version,
defect.publish,
defect.url,
defect_investigations,
defect.product.long_name if defect.product else '',
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_DEFECTS_EXEC", *args, **kwargs)
super(DefectsReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
name_filter = request_POST.get('name_filter', '').upper()
csv_separator = request_POST.get('csv_separator', 'semi')
report_name = '%s/defects_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
if 'csv' == format:
delimiter = ';'
if csv_separator == 'comma': delimiter = ','
if csv_separator == 'tab': delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
defect = Defect.objects.get(id=id)
if not name_filter or (name_filter in defect.name):
self.print_row(writer,False,"all" == columns,defect)
elif 'all' == range:
if name_filter:
query = Defect.objects.filter(name__contains=name_filter).order_by('name')
else:
query = Defect.objects.all().order_by('name')
for defect in query:
self.print_row(writer,False,"all" == columns,defect)
return report_name,os.path.basename(report_name)
class ProductsReport(Report):
"""Report for the Products Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PRODUCTS_INIT(%s)" % parent_page, *args, **kwargs)
super(ProductsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PRODUCTS_CONTEXT", *args, **kwargs)
context = super(ProductsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
All
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PRODUCTS_EXEC", *args, **kwargs)
super(ProductsReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/products_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tVersion\tProfile\tCPE\tSRT SPE\tInvestigations\tDefects\n")
if 'txt' == format:
file.write("Report : Products Table\n")
file.write("\n")
file.write("Name,Version,Profile,CPE,SRT SPE,Investigations,Defects\n")
for product in Product.objects.all():
file.write("%s%s" % (product.name,tab))
file.write("%s%s" % (product.version,tab))
file.write("%s%s" % (product.profile,tab))
file.write("%s%s" % (product.cpe,tab))
file.write("%s%s" % (product.defect_tags,tab))
file.write("%s%s" % (product.product_tags,tab))
for i,pi in enumerate(product.product_investigation.all()):
if i > 0:
file.write(" ")
file.write("%s" % (pi.name))
file.write("%s" % tab)
for i,pd in enumerate(product.product_defect.all()):
if i > 0:
file.write(" ")
file.write("%s" % (pd.name))
#file.write("%s" % tab)
file.write("\n")
return report_name,os.path.basename(report_name)
class PublishCveReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PUBLISHCVE_INIT(%s)" % parent_page, *args, **kwargs)
super(PublishCveReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PUBLISHCVE_CONTEXT", *args, **kwargs)
context = super(PublishCveReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHCVE_EXEC", *args, **kwargs)
super(PublishCveReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
for id in record_list.split(','):
if not id:
continue
try:
cve = Cve.objects.get(id=id)
file.write("%s%s" % (cve.name,tab))
file.write("%s%s" % (cve.get_status_text,tab))
file.write("%s%s" % (cve.cve_data_type,tab))
file.write("%s%s" % (cve.cve_data_format,tab))
file.write("%s%s" % (cve.cve_data_version,tab))
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
file.write(" ")
file.write("%s" % cv.vulnerability.name)
file.write("%s" % tab)
file.write("%s" % (cve.description))
file.write("\n")
except Exception as e:
_log("EXCEPTION:%s" % e)
return report_name,os.path.basename(report_name)
class PublishPendingCveReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_INIT(%s)" % parent_page, *args, **kwargs)
super(PublishPendingCveReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_CONTEXT", *args, **kwargs)
context = super(PublishPendingCveReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_EXEC", *args, **kwargs)
super(PublishPendingCveReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
for id in record_list.split(','):
if not id:
continue
try:
cve = Cve.objects.get(id=id)
file.write("%s%s" % (cve.name,tab))
file.write("%s%s" % (cve.get_status_text,tab))
file.write("%s%s" % (cve.cve_data_type,tab))
file.write("%s%s" % (cve.cve_data_format,tab))
file.write("%s%s" % (cve.cve_data_version,tab))
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
file.write(" ")
file.write("%s" % cv.vulnerability.name)
file.write("%s" % tab)
file.write("%s" % (cve.description))
file.write("\n")
except Exception as e:
_log("EXCEPTION:%s" % e)
return report_name,os.path.basename(report_name)
class PublishListReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PUBLISHLIST_INIT(%s)" % parent_page, *args, **kwargs)
super(PublishListReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PUBLISHLIST_CONTEXT", *args, **kwargs)
context = super(PublishListReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHLIST_EXEC", *args, **kwargs)
super(PublishListReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
format = request_POST.get('format', '')
report_type = request_POST.get('report_type', '')
csv_separator = request_POST.get('csv_separator', 'semi')
report_name = '%s/publish_list_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = ';'
if csv_separator == 'comma': tab = ','
if csv_separator == 'tab': tab = '\t'
else:
tab = ","
if ('preview' == report_type):
if 'csv' == format:
file.write("State\tCve_Name\tCve_Published\tCve_Modified\tCve_Status\tCve_Acknowledge\tReason\tCVE_Description\n".replace('\t',tab))
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write('%-7s %-18s %11s %11s %16s %11s %-35s %s\n' % ('State','Cve_Name','Published','Modified','Cve_Status','Acknowledge','CVE_Description','Reason'))
for publishset in PublishSet.objects.all():
if 'csv' == format:
file.write("%s%s" % (publishset.state_text,tab))
file.write("%s%s" % (publishset.cve.name,tab))
file.write("%s%s" % (publishset.cve.publishedDate,tab))
file.write("%s%s" % (publishset.cve.lastModifiedDate,tab))
file.write("%s%s" % (publishset.cve.get_status_text,tab))
file.write("%s%s" % (publishset.cve.acknowledge_date,tab))
file.write("%s%s" % (publishset.reason,tab))
file.write("%s%s" % (publishset.cve.description,tab))
file.write("\n")
if 'txt' == format:
try:
acknowledge_date = publishset.cve.acknowledge_date.strftime('%m/%d/%Y')
except:
acknowledge_date = ''
if publishset.cve.description:
description = publishset.cve.description[:30] + '...'
else:
description = ''
file.write("%-7s," % publishset.state_text)
file.write("%-18s," % publishset.cve.name)
file.write("%11s," % publishset.cve.publishedDate)
file.write("%11s," % publishset.cve.lastModifiedDate)
file.write("%16s," % publishset.cve.get_status_text)
file.write("%11s," % acknowledge_date)
file.write("%-35s," % description)
file.write("%s," % publishset.reason)
file.write("\n")
if ('report' == report_type):
product_list = Product.objects.all()
def get_product_status_matrix(product_list,cve):
# Preset the default product status labels
status_table = {}
product_top_order = 99
product_top_defect = []
for product in product_list:
status_table[product.key] = publishset.cve.get_status_text
# Set the specific status for the child investigations
for cv in cve.cve_to_vulnerability.all():
#status_text = cv.vulnerability.get_status_text
for investigation in cv.vulnerability.vulnerability_investigation.all():
product_key = investigation.product.key
release_version_list = []
for id in investigation.investigation_to_defect.all():
# Find defect(s) for higest ordered product
if product_top_order > investigation.product.order:
product_top_order = investigation.product.order
product_top_defect = []
if product_top_order == investigation.product.order:
product_top_defect.append(id.defect.name)
# Gather the status or release version
if id.defect.release_version:
release_version_list.append(id.defect.release_version)
release_version = '/'.join(release_version_list)
if release_version:
status_table[product_key] = release_version
elif investigation.status in (SRTool.NOT_VULNERABLE,SRTool.VULNERABLE):
status_table[product_key] = investigation.get_status_text
else:
status_table[product_key] = ''
return status_table
if 'csv' == format:
file.write("State\tCve_Name\tCve_Published\tCve_Modified\tCve_Status\tCve_Acknowledge\tCVE_Description")
for product in product_list:
file.write("\t%s" % product.long_name)
file.write("\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write('%-7s,%-18s,%11s,%11s,%16s,%11s,%-35s,' % ('State','Cve_Name','Published','Modified','Cve_Status','Acknowledge','CVE_Description'))
for product in product_list:
min_len = max(16,len(product.long_name)+1)
str_format = "%s%ds," % ('%',min_len)
file.write(str_format % product.long_name)
file.write("\n")
for publishset in PublishSet.objects.all():
if 'csv' == format:
# Print common status
file.write("%s%s" % (publishset.state_text,tab))
file.write("%s%s" % (publishset.cve.name,tab))
file.write("%s%s" % (publishset.cve.publishedDate,tab))
file.write("%s%s" % (publishset.cve.lastModifiedDate,tab))
file.write("%s%s" % (publishset.cve.get_status_text,tab))
file.write("%s%s" % (publishset.cve.acknowledge_date,tab))
file.write("%s%s" % (publishset.reason,tab))
file.write("%s%s" % (publishset.cve.description,tab))
# Compute the product columns
status_table = get_product_status_matrix(product_list,publishset.cve)
# Print the product columns
for product in Product.objects.all():
file.write("%s%s" % (status_table[product.key],tab))
file.write("\n")
if 'txt' == format:
try:
acknowledge_date = publishset.cve.acknowledge_date.strftime('%m/%d/%Y')
except:
acknowledge_date = ''
if publishset.cve.description:
description = publishset.cve.description[:30] + '...'
else:
description = ''
# Print common status
file.write("%-7s," % publishset.state_text)
file.write("%-18s," % publishset.cve.name)
file.write("%11s," % publishset.cve.publishedDate)
file.write("%11s," % publishset.cve.lastModifiedDate)
file.write("%16s," % publishset.cve.get_status_text)
file.write("%11s," % acknowledge_date)
file.write("%-35s," % description)
# Compute the product columns
status_table = get_product_status_matrix(product_list,publishset.cve)
# Print the product columns
for product in Product.objects.all():
min_len = max(16,len(product.long_name)+1)
str_format = "%s%ds," % ('%',min_len)
file.write(str_format % status_table[product.key])
file.write("\n")
return report_name,os.path.basename(report_name)
class PackageFiltersReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PACKAGEFILTERSREPORT_INIT(%s)" % parent_page, *args, **kwargs)
super(PackageFiltersReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PACKAGEFILTERSREPORT_CONTEXT", *args, **kwargs)
context = super(PackageFiltersReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
All
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
r
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_EXEC", *args, **kwargs)
super(PackageFiltersReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/package_keywords.%s' % (SRT_REPORT_DIR,format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=',',
quotechar='"', quoting=csv.QUOTE_MINIMAL)
writer.writerow(['Mode','Name','RealName','InvalidName','Weight'])
query = Package.objects.all().order_by('name')
for package in query:
if 0 == package.weight:
package.weight = 1
writer.writerow(['FOR' if (Package.FOR == package.mode) else 'AGAINST',package.name,package.realname,package.invalidname,package.weight])
return report_name,os.path.basename(report_name)
###############################################################################
#
# PublishSummaryReport: Publish CVE status summary across products
#
class PublishSummaryReport(PublishListReport):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PUBLISHSUMMARY_INIT(%s)" % parent_page, *args, **kwargs)
super(PublishSummaryReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PUBLISHSUMMARY_CONTEXT", *args, **kwargs)
context = super(PublishSummaryReport, self).get_context_data(*args, **kwargs)
# Add a custom extension report type
context['report_type_list'] = '\
\
'
context['report_custom_list'] = ''
# Add scope
context['report_custom_list'] += '\
New CVEs
\
Investigate CVEs
\
Vulnerable CVEs
\
Not Vulnerable CVEs
\
New-Reserved CVEs
\
Historical CVEs
\
'
# Add extra
context['report_custom_list'] += '
'
context['report_custom_list'] += '\
Truncate fields (for simple text reports)
\
'
return context
def get_product_status_matrix(self,product_list,cve):
# Preset the default product status labels
status_table = {}
product_top_order = 99
product_top_defect = []
# Default all product status to the CVE's status
for product in product_list:
status_table[product.key] = ''
# Set the specific status for the child investigations
for cv in cve.cve_to_vulnerability.all():
#status_text = cv.vulnerability.get_status_text
for investigation in cv.vulnerability.vulnerability_investigation.all():
# product_key = investigation.product.key
release_version_list = []
# Gather release versions, find the highest product's respective defect
for id in investigation.investigation_to_defect.all():
# Find defect(s) for higest ordered product
if product_top_order > investigation.product.order:
product_top_order = investigation.product.order
product_top_defect = []
if product_top_order == investigation.product.order:
product_top_defect.append(id.defect.name)
# Gather the status or release version
if id.defect.release_version:
release_version_list.append(id.defect.release_version)
release_version = '/'.join(release_version_list)
# Set investigation status, unless there are release versions
status_table[investigation.product.key] = investigation.get_status_text
if release_version:
status_table[investigation.product.key] = release_version
return status_table,product_top_defect
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHSUMMARY_EXEC", *args, **kwargs)
super(PublishSummaryReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
format = request_POST.get('format', '')
report_type = request_POST.get('report_type', '')
csv_separator = request_POST.get('csv_separator', 'semi')
truncate = ('on' == request_POST.get('truncate', 'off'))
status_list = []
if ('on' == request_POST.get('new', 'off')): status_list.append(Cve.NEW)
if ('on' == request_POST.get('investigate', 'off')): status_list.append(Cve.INVESTIGATE)
if ('on' == request_POST.get('vulnerable', 'off')): status_list.append(Cve.VULNERABLE)
if ('on' == request_POST.get('not-vulnerable', 'off')): status_list.append(Cve.NOT_VULNERABLE)
if ('on' == request_POST.get('new-reserved', 'off')): status_list.append(Cve.NEW_RESERVED)
if ('on' == request_POST.get('historical', 'off')): status_list.append(Cve.HISTORICAL)
# Default to the regular report output if not our custom extension
if not report_type in ('publish_summary'):
return(super(PublishSummaryReport, self).exec_report(*args, **kwargs))
if 'csv' == format:
separator = ';'
if csv_separator == 'comma': separator = ','
if csv_separator == 'tab': separator = '\t'
report_name = '%s/cve-svns-srtool-%s.csv' % (SRT_REPORT_DIR,datetime.today().strftime('%Y_%m_%d'))
else:
separator = ","
report_name = '%s/cve-svns-srtool-%s.txt' % (SRT_REPORT_DIR,datetime.today().strftime('%Y_%m_%d'))
# Get the desired product list
product_list = Product.objects.order_by('-order')
if 'publish_summary' == report_type:
with open(report_name, 'w', newline='') as csvfile:
writer = None
# Assemble the header
text_format = '%-18s,%16s,%-11s,%-8s,%-11s,%-8s,%-30s,%-25s,%15s,%15s,%11s,'
header = [
'CVE Number',
'Status',
'V2_Severity',
'V2_Score',
'V3_Severity',
'V3_Score',
'CVE Description',
'YP Comments',
'Created Date',
'Modified Date',
'YP Ack Date',
]
# Assemble the product column namess
for product in product_list:
product_title = product.key
header.append(product_title)
min_len = max(16,len(product_title)+1)
str_format = "%s%ds," % ('%',min_len)
text_format += str_format
# # Add Top Defect
# header.append('Top Defect')
# text_format += '%s'
# Print the header
if 'csv' == format:
writer = csv.writer(csvfile, delimiter=separator, quotechar='"', quoting=csv.QUOTE_MINIMAL)
writer.writerow(header)
else:
writer = csvfile
print(text_format % tuple(header), file=csvfile)
for i,cve in enumerate(Cve.objects.filter(status__in=status_list).order_by('name_sort')):
# Compute the product columns
status_table,product_top_defect = self.get_product_status_matrix(product_list,cve)
# Assemble the row data
if cve.description:
if truncate:
description = cve.description[:26] + '...'
else:
description = cve.description
else:
description = ''
# Use publish date if acknowledge date not available
try:
acknowledge_date = cve.acknowledge_date
if not acknowledge_date:
acknowledge_date = datetime.strptime(cve.publishedDate, '%Y-%m-%d')
acknowledge_date = acknowledge_date.strftime('%m/%d/%Y')
except:
acknowledge_date = ''
_log("NO ACK:%s,%s" % (cve.acknowledge_date,cve.publishedDate))
row = [
cve.name,
cve.get_status_text,
cve.cvssV2_severity,
cve.cvssV2_baseScore,
cve.cvssV3_baseSeverity,
cve.cvssV3_baseScore,
description,
cve.get_public_comments[:20] if truncate else cve.get_public_comments,
cve.srt_created.strftime('%Y/%m/%d') if cve.srt_created else '',
cve.srt_updated.strftime('%Y/%m/%d') if cve.srt_updated else '',
acknowledge_date,
]
# Append the product columns
for product in product_list:
# Show inactive status as normal status
row.append(status_table[product.key].replace('(','').replace(')',''))
# row.append('/'.join(product_top_defect))
# Print the row
if 'csv' == format:
writer.writerow(row)
else:
print(text_format % tuple(row), file=writer)
return report_name,os.path.basename(report_name)
class CpesSrtoolReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_CPESSRTOOLREPORT_INIT(%s)" % parent_page, *args, **kwargs)
super(CpesSrtoolReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_CPESSRTOOLREPORT_CONTEXT", *args, **kwargs)
context = super(CpesSrtoolReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
All
\
Only packages against CVEs
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CPESSRTOOLREPORT_EXEC", *args, **kwargs)
super(CpesSrtoolReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/cpes_srtool_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
reportfile = open(report_name, 'w', newline='')
if 'csv' == format:
writer = csv.writer(reportfile, delimiter=',',
quotechar='"', quoting=csv.QUOTE_MINIMAL)
writer.writerow(['Package','CVE','Vulnerability','Affected','Related'])
else:
reportfile.write("Package,CVE,Vulnerability,Affected,Related")
if ('summary' == report_type):
query = Package.objects.all().order_by('name')
for package in query:
name = package.name
cves = ''
for pc in package.package2cve.all():
cves += '%s ' % pc.cve.name
vulnerabilities = ''
for pc in package.package2cve.all():
for cv in pc.cve.cve_to_vulnerability.all():
vulnerabilities += '%s ' % cv.vulnerability.name
affected = ''
for pc in package.package2cve.all():
for cv in pc.cve.cve_to_vulnerability.all():
for vp in cv.vulnerability.affected_products.all():
if 0 == vp.relation:
affected += '%s ' % vp.investigation.name
related = ''
for pc in package.package2cve.all():
for cv in pc.cve.cve_to_vulnerability.all():
for vp in cv.vulnerability.affected_products.all():
if 1 == vp.relation:
related += '%s ' % vp.investigation.name
if ("cves" == records) and not cves:
continue
if 'csv' == format:
writer.writerow([name,cves.strip(),vulnerabilities.strip(),affected.strip(),related.strip()])
else:
reportfile.write("%s,%s,%s,%s,%s\n" % (name,cves.strip(),vulnerabilities.strip(),affected.strip(),related.strip()))
reportfile.close()
return report_name,os.path.basename(report_name)
###############################################################################
#
# History reports
#
class HistoryDefectReport(Report):
"""Report for the History Defect Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("WR_HISTORY_DEFECT_INIT(%s)" % parent_page, *args, **kwargs)
super(HistoryDefectReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("WR_HISTORY_DEFECT_CONTEXT", *args, **kwargs)
context = super(HistoryDefectReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
context['report_recordrange_list'] = '\
Selected
\
All
\
'
# Add a date range
date_start = datetime.strptime('2019-2-15', '%Y-%m-%d')
date_stop = datetime.strptime('2019-3-15', '%Y-%m-%d')
context['report_date_list'] = '\
Start:
\
Stop: \
' % (date_start.strftime('%m/%d/%Y'),date_stop.strftime('%m/%d/%Y'))
# Done!
return context
def exec_report(self, *args, **kwargs):
_log_args("WR_HISTORY_DEFECT_EXEC", *args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
# title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
csv_separator = request_POST.get('csv_separator', 'semi')
# Dates (make as no timezone)
msg = ''
try:
msg = 'Start:%s' % request_POST.get('date_start', '')
date_start = datetime.strptime(request_POST.get('date_start', ''), '%m/%d/%Y')
msg = 'Stop:%s' % request_POST.get('date_stop', '')
date_stop = datetime.strptime(request_POST.get('date_stop', ''), '%m/%d/%Y')
if date_stop < date_start:
return 'Error:stop date is before start date',''
except Exception as e:
return 'Error:bad format for dates (must be mm/dd/yyyy) (%s)(%s)' % (msg,e),''
report_name = '%s/defect_history_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
separator = ";"
if csv_separator == 'comma': separator = ","
if csv_separator == 'tab': separator = "\t"
writer = csv.writer(report_name, delimiter=separator,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
else:
separator = ","
if ('history' == report_type):
if 'csv' == format:
writer.writerow(['Index','Defect','Date','Author','Comment'])
if 'txt' == format:
file.write("Report : Defect History\n")
file.write("\n")
text_format='%02d) %-14s %-10s %-10s %s\n'
file.write(text_format % (0,'Defect','Date','Author','Comment'))
for i,dh in enumerate(DefectHistory.objects.filter(date__gte=date_start,date__lte=date_stop).order_by('defect__name')):
if 'csv' == format:
writer.writerow([i+1,dh.defect.name,dh.date.strftime('%Y-%m-%d'),dh.author,dh.comment])
if 'txt' == format:
file.write(text_format % (i+1,dh.defect.name,dh.date.strftime('%Y-%m-%d'),dh.author,dh.comment))
return report_name,os.path.basename(report_name)
###############################################################################
#
# Notifications reports
#
class NotificationsReport(Report):
"""Report for the Notifications Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("WR_NOTIFICATION_INIT(%s)" % parent_page, *args, **kwargs)
super(NotificationsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("WR_NOTIFICATION_CONTEXT", *args, **kwargs)
context = super(NotificationsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
context['report_recordrange_list'] = '\
All
\
'
# Add a date range
date_start = datetime.today() - timedelta(days=30)
date_stop = datetime.today()
context['report_date_list'] = '\
Start:
\
Stop: \
' % (date_start.strftime('%m/%d/%Y'),date_stop.strftime('%m/%d/%Y'))
# Done!
return context
def exec_report(self, *args, **kwargs):
_log_args("WR_NOTIFICATION_EXEC", *args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
# title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
csv_separator = request_POST.get('csv_separator', 'semi')
# Dates (make as no timezone)
msg = ''
try:
msg = 'Start:%s' % request_POST.get('date_start', '')
date_start = datetime.strptime(request_POST.get('date_start', ''), '%m/%d/%Y')
msg = 'Stop:%s' % request_POST.get('date_stop', '')
date_stop = datetime.strptime(request_POST.get('date_stop', ''), '%m/%d/%Y')
if date_stop < date_start:
return 'Error:stop date is before start date',''
except Exception as e:
return 'Error:bad format for dates (must be mm/dd/yyyy) (%s)(%s)' % (msg,e),''
date_start = date_start.strftime('%Y-%m-%d')
date_stop = date_stop.strftime('%Y-%m-%d')
report_name = '%s/notifications_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
separator = ";"
if csv_separator == 'comma': separator = ","
if csv_separator == 'tab': separator = "\t"
writer = csv.writer(file, delimiter=separator,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
else:
separator = ","
if ('summary' == report_type):
if 'csv' == format:
writer.writerow(['Date','Category','Priority','Decription','URL','Author'])
if 'txt' == format:
file.write("Report : Notifications\n")
file.write("\n")
text_format='%02d) %-10s %-25s %-10s "%s",%s,%s\n'
file.write(text_format % (0,'Date','Category','Priority','Decription','URL','Author'))
# for i,notify in enumerate(Notify.objects.filter(srt_updated__gte=date_start,srt_updated__lte=date_stop).order_by('-srt_updated')):
for i,notify in enumerate(Notify.objects.all().order_by('-srt_updated')):
srt_updated = notify.srt_updated.strftime('%Y-%m-%d')
if (date_start > srt_updated) or (date_stop < srt_updated):
continue
if 'csv' == format:
writer.writerow([i+1,srt_updated,notify.category,notify.get_priority_text,notify.description,notify.url,notify.author])
if 'txt' == format:
file.write(text_format % (i+1,srt_updated,notify.category,notify.get_priority_text,notify.description,notify.url,notify.author))
return report_name,os.path.basename(report_name)
###############################################################################
#
# ErrorLogs reports
#
class ErrorLogsReport(Report):
"""Report for the Error Logs Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("WR_ERRORLOGS_INIT(%s)" % parent_page, *args, **kwargs)
super(ErrorLogsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("WR_ERRORLOGS_CONTEXT", *args, **kwargs)
context = super(ErrorLogsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV \
(Separator: \
) \
\
'
context['report_recordrange_list'] = '\
All
\
'
# Add a date range
date_start = datetime.today() - timedelta(days=30)
date_stop = datetime.today()
context['report_date_list'] = '\
Start:
\
Stop: \
' % (date_start.strftime('%m/%d/%Y'),date_stop.strftime('%m/%d/%Y'))
# Done!
return context
def exec_report(self, *args, **kwargs):
_log_args("WR_ERRORLOGS_EXEC", *args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
# title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
csv_separator = request_POST.get('csv_separator', 'semi')
# Dates (make as no timezone)
msg = ''
try:
msg = 'Start:%s' % request_POST.get('date_start', '')
date_start = datetime.strptime(request_POST.get('date_start', ''), '%m/%d/%Y')
msg = 'Stop:%s' % request_POST.get('date_stop', '')
date_stop = datetime.strptime(request_POST.get('date_stop', ''), '%m/%d/%Y')
if date_stop < date_start:
return 'Error:stop date is before start date',''
except Exception as e:
return 'Error:bad format for dates (must be mm/dd/yyyy) (%s)(%s)' % (msg,e),''
date_start = date_start.strftime('%Y-%m-%d')
date_stop = date_stop.strftime('%Y-%m-%d')
report_name = '%s/errorlogs_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
separator = ";"
if csv_separator == 'comma': separator = ","
if csv_separator == 'tab': separator = "\t"
writer = csv.writer(file, delimiter=separator,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
else:
separator = ","
if ('summary' == report_type):
if 'csv' == format:
writer.writerow(['Date','Severity','Decription'])
if 'txt' == format:
file.write("Report : Error Logs\n")
file.write("Start=%s,Stop=%s\n" % (date_start,date_stop))
text_format='%02d) %-10s %-10s "%s"\n'
file.write(text_format % (0,'Date','Severity','Decription'))
# for i,notify in enumerate(ErrorLog.objects.filter(srt_created__gte=date_start,srt_created__lte=date_stop).order_by('-srt_created')):
for i,notify in enumerate(ErrorLog.objects.all().order_by('-srt_created')):
srt_created = notify.srt_created.strftime('%Y-%m-%d')
if (date_start > srt_created) or (date_stop < srt_created):
continue
if 'csv' == format:
writer.writerow([i+1,srt_created,notify.severity,notify.description])
if 'txt' == format:
file.write(text_format % (i+1,srt_created,notify.get_severity_text,notify.description))
return report_name,os.path.basename(report_name)
###############################################################################
#
class DefaultReport(Report):
"""Report for the Default Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_GENERIC_INIT(%s)" % parent_page, *args, **kwargs)
super(DefaultReport, self).__init__(parent_page, *args, **kwargs)
self.default_orderby = "name"
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_GENERIC_CONTEXT", *args, **kwargs)
context = super(DefaultReport, self).get_context_data(*args, **kwargs)
context['report_enable_submit'] = ''
#context['report_recordrange_list'] = '\
# Selected
\
# all
\
#context['report_columnrange_list'] = ''
# Selected
# All
#context['report_format_list'] = '\
# Text
\
# CSV
\
# RTF
# XML
# CVE NIST JSON
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_GENERIC_EXEC", *args, **kwargs)
super(DefaultReport, self).exec_report(*args, **kwargs)
return None
class ReportManager():
@staticmethod
def get_report_class(parent_page, *args, **kwargs):
if ('management' == parent_page) or ('manage' == parent_page):
return ManagementReport(parent_page, *args, **kwargs)
elif 'cve' == parent_page:
return CveReport(parent_page, *args, **kwargs)
elif 'vulnerability' == parent_page:
return VulnerabilityReport(parent_page, *args, **kwargs)
elif 'investigation' == parent_page:
return InvestigationReport(parent_page, *args, **kwargs)
elif 'defect' == parent_page:
return DefectReport(parent_page, *args, **kwargs)
elif 'cves' == parent_page:
return CvesReport(parent_page, *args, **kwargs)
elif 'select-cves' == parent_page:
return SelectCvesReport(parent_page, *args, **kwargs)
elif 'vulnerabilities' == parent_page:
return VulnerabilitiesReport(parent_page, *args, **kwargs)
elif 'investigations' == parent_page:
return InvestigationsReport(parent_page, *args, **kwargs)
elif 'defects' == parent_page:
return DefectsReport(parent_page, *args, **kwargs)
elif 'products' == parent_page:
return ProductsReport(parent_page, *args, **kwargs)
elif 'select-publish' == parent_page:
return PublishCveReport(parent_page, *args, **kwargs)
elif 'update-published' == parent_page:
return PublishPendingCveReport(parent_page, *args, **kwargs)
elif 'publish' == parent_page:
return PublishListReport(parent_page, *args, **kwargs)
elif 'publish-list' == parent_page:
return PublishListReport(parent_page, *args, **kwargs)
elif 'publish-summary' == parent_page:
return PublishSummaryReport(parent_page, *args, **kwargs)
elif 'package-filters' == parent_page:
return PackageFiltersReport(parent_page, *args, **kwargs)
elif 'cpes_srtool' == parent_page:
return CpesSrtoolReport(parent_page, *args, **kwargs)
elif 'manage_notifications' == parent_page:
return NotificationsReport(parent_page, *args, **kwargs)
elif 'error_logs' == parent_page:
return ErrorLogsReport(parent_page, *args, **kwargs)
elif 'history_defect' == parent_page:
return HistoryDefectReport(parent_page, *args, **kwargs)
else:
return DefaultReport(parent_page, *args, **kwargs)
@staticmethod
def get_context_data(parent_page, *args, **kwargs):
reporter = ReportManager.get_report_class(parent_page, *args, **kwargs)
return reporter.get_context_data(*args, **kwargs)
@staticmethod
def exec_report(parent_page, *args, **kwargs):
reporter = ReportManager.get_report_class(parent_page, *args, **kwargs)
return reporter.exec_report(*args, **kwargs)