aboutsummaryrefslogtreecommitdiffstats
path: root/lib/srtgui/reports.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/srtgui/reports.py')
-rw-r--r--lib/srtgui/reports.py1326
1 files changed, 1326 insertions, 0 deletions
diff --git a/lib/srtgui/reports.py b/lib/srtgui/reports.py
new file mode 100644
index 00000000..f27beb34
--- /dev/null
+++ b/lib/srtgui/reports.py
@@ -0,0 +1,1326 @@
+#
+# Security Response Tool Implementation
+#
+# Copyright (C) 2017-2018 Wind River Systems
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Please run flake8 on this file before sending patches
+
+import os
+import re
+import logging
+import json
+from collections import Counter
+from datetime import datetime, date
+
+from orm.models import Cve, Vulnerability, Investigation, Defect, Product
+from orm.models import SrtSetting, Access, Keywords
+
+from django.db.models import Q, F
+from django.db import Error
+from srtgui.templatetags.projecttags import filtered_filesizeformat
+
+logger = logging.getLogger("srt")
+
+SRT_BASE_DIR = os.environ['SRT_BASE_DIR']
+SRT_REPORT_DIR = '%s/reports' % SRT_BASE_DIR
+
+# quick development/debugging support
+from srtgui.api import _log
+
+def _log_args(msg, *args, **kwargs):
+ s = '%s:(' % msg
+ if args:
+ for a in args:
+ s += '%s,' % a
+ s += '),('
+ if kwargs:
+ for key, value in kwargs.items():
+ s += '(%s=%s),' % (key,value)
+ s += ')'
+ _log(s)
+
+class Report():
+ def __init__(self, parent_page, *args, **kwargs):
+ self.parent_page = parent_page
+ self.report_name = '%s%s' % (parent_page[0].upper(),parent_page[1:])
+ self.title = self.report_name
+ self.request = kwargs['request']
+
+ def get_context_data(self, *args, **kwargs):
+ context = {}
+ context['title'] = self.title
+ context['parent_page'] = self.parent_page
+ context['report_name'] = self.report_name
+ context['report_enable_submit'] = '1'
+ # global variables
+ context['access'] = Access(int(self.request.session.get('srt_user_id', '0')))
+
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ return None
+
+
+class ManagementReport(Report):
+ """Report for the Management Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_MANAGEMENT_INIT(%s)" % parent_page, *args, **kwargs)
+ super(ManagementReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_MANAGEMENT_CONTEXT", *args, **kwargs)
+ context = super(ManagementReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="status">Overall Status</option> \
+ <option value="vulnerabilities">Open Vulnerabilities</option> \
+ <option value="investigations">Open Investigations</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_MANAGEMENT_EXEC", *args, **kwargs)
+ super(ManagementReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+
+ report_name = '%s/management_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = " = "
+
+ if 'status' == report_type:
+ if 'txt' == format:
+ file.write("Report : Management - Summary\n")
+ file.write("\n")
+ file.write("%s%s%s\n" % ('cve_total',tab,Cve.objects.all().count()))
+ file.write("%s%s%s\n" % ('cve_new',tab,Cve.objects.filter(status=Cve.NEW).count()))
+ file.write("%s%s%s\n" % ('cve_open',tab,Cve.objects.filter( Q(status=Cve.INVESTIGATE) & Q(status=Cve.VULNERABLE) ).count()))
+ file.write("%s%s%s\n" % ('vulnerability_total',tab,Vulnerability.objects.all().count()))
+ file.write("%s%s%s\n" % ('vulnerability_open',tab,Vulnerability.objects.filter(outcome=Vulnerability.OPEN).count()))
+ file.write("%s%s%s\n" % ('vulnerability_high',tab,Vulnerability.objects.filter(severity=Vulnerability.HIGH).count()))
+ file.write("%s%s%s\n" % ('vulnerability_medium',tab,Vulnerability.objects.filter(severity=Vulnerability.MEDIUM).count()))
+ file.write("%s%s%s\n" % ('vulnerability_low',tab,Vulnerability.objects.filter(severity=Vulnerability.HIGH).count()))
+ file.write("%s%s%s\n" % ('investigation_total',tab,Investigation.objects.all().count()))
+ file.write("%s%s%s\n" % ('investigation_open',tab,Investigation.objects.filter(outcome=Investigation.OPEN).count()))
+ file.write("%s%s%s\n" % ('investigation_high',tab,Investigation.objects.filter(severity=Investigation.HIGH).count()))
+ file.write("%s%s%s\n" % ('investigation_medium',tab,Investigation.objects.filter(severity=Investigation.MEDIUM).count()))
+ file.write("%s%s%s\n" % ('investigation_low',tab,Investigation.objects.filter(severity=Investigation.LOW).count()))
+ file.write("%s%s%s\n" % ('defect_total',tab,Defect.objects.all().count()))
+
+ if 'vulnerabilities' == report_type:
+ if 'txt' == format:
+ file.write("Report : Management - Open Vulnerabilities\n")
+ file.write("\n")
+ else:
+ file.write("Name\tStatus\tOutcome\tSeverity\tComments\tCVEs\tInvestigations\n")
+ for v in Vulnerability.objects.filter(outcome=Vulnerability.OPEN):
+ if 'txt' == format:
+ file.write("Name: %s\n" % v.name)
+ file.write(" Status: %s\n" % v.get_status_text)
+ file.write(" Outcome: %s\n" % v.get_outcome_text)
+ file.write(" Severity: %s\n" % v.get_severity_text)
+ file.write(" Comments: %s\n" % v.comments)
+ file.write(" CVEs: ")
+ for i,vc in enumerate(v.vulnerability_to_cve.all()):
+ if i > 0:
+ file.write(",")
+ file.write("%s" % vc.cve.name)
+ file.write("\n")
+ file.write(" Investigations: ")
+ for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
+ if i > 0:
+ file.write(",")
+ file.write("%s" % investigation.name)
+ file.write("\n")
+ file.write("\n")
+ else:
+ file.write("%s\t%s\t%s\t%s\t%s\t" % (v.name,v.get_status_text,v.get_outcome_text,v.get_severity_text,v.comments))
+ for i,vc in enumerate(v.vulnerability_to_cve.all()):
+ if i > 0:
+ file.write(",")
+ file.write("%s" % vc.cve.name)
+ file.write("\t")
+ for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
+ if i > 0:
+ file.write(",")
+ file.write("%s" % investigation.name)
+ file.write("\n")
+
+ if 'investigations' == report_type:
+ if 'txt' == format:
+ file.write("Report : Management - Open Vulnerabilities\n")
+ file.write("\n")
+ else:
+ file.write("Name\tStatus\tOutcome\tSeverity\tComments\tDefects\n")
+ for investigation in Investigation.objects.filter(outcome=Vulnerability.OPEN):
+ if 'txt' == format:
+ file.write("Name: %s\n" % investigation.name)
+ file.write(" Status: %s\n" % investigation.get_status_text)
+ file.write(" Outcome: %s\n" % investigation.get_outcome_text)
+ file.write(" Severity: %s\n" % investigation.get_severity_text)
+ file.write(" Comments: %s\n" % investigation.comments)
+ file.write(" Defects: ")
+ for i,id in enumerate(investigation.investigation_to_defect.filter(investigation=investigation)):
+ if i > 0:
+ file.write(",")
+ file.write("%s" % id.defect.name)
+ file.write("\n")
+ file.write("\n")
+ else:
+ file.write("%s\t%s\t%s\t%s\t%s\t" % (investigation.name,investigation.get_status_text,
+ investigation.get_outcome_text,investigation.get_severity_text,investigation.comments))
+ for i,id in enumerate(investigation.investigation_to_defect.filter(investigation=investigation)):
+ if i > 0:
+ file.write(",")
+ file.write("%s" % id.defect.name)
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class CveReport(Report):
+ """Report for the CVE Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_CVE_INIT(%s)" % parent_page, *args, **kwargs)
+ super(CveReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_CVE_CONTEXT", *args, **kwargs)
+ context = super(CveReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">CVE Summary</option> \
+ <option value="audit">CVE Audit</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ '
+ context['report_custom_list'] = '\
+ <input type="checkbox" class="checkbox-options" name="cvss_v2" value="cvss_v2"> CVSS_v2<br> \
+ <input type="checkbox" class="checkbox-options" name="ref" type="ref"> References<br> \
+ <input type="checkbox" class="checkbox-options" name="cpe" type="cpe"> CPE list<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_CVE_EXEC", *args, **kwargs)
+ super(CveReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ cvss_v2 = request_POST.get('cvss_v2', '')
+ ref_list = request_POST.get('ref', '')
+ cpe = request_POST.get('cpe', '')
+
+ cve = Cve.objects.get(id=record_list)
+
+ report_name = '%s/cve_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = " = "
+
+ if ('summary' == report_type) or ('audit' == report_type):
+ if 'txt' == format:
+ file.write("Report : CVE %s - Summary\n" % cve.name)
+ file.write("\n")
+ file.write("%s%s%s\n" % ('source',tab,cve.source))
+ file.write("%s%s%s\n" % ('status',tab,cve.status))
+ file.write("%s%s%s\n" % ('cve_data_type',tab,cve.cve_data_type))
+ file.write("%s%s%s\n" % ('cve_data_format',tab,cve.cve_data_format))
+ file.write("%s%s%s\n" % ('cve_data_version',tab,cve.cve_data_version))
+ file.write("%s%s%s\n" % ('description',tab,cve.description))
+ file.write("\n")
+
+ file.write("CVSS Version 3:\n")
+ file.write(" %s%s%s\n" % ('cvssV3_baseScore',tab,cve.cvssV3_baseScore))
+ file.write(" %s%s%s\n" % ('cvssV3_baseSeverity',tab,cve.cvssV3_baseSeverity))
+ file.write(" %s%s%s\n" % ('cvssV3_vectorString',tab,cve.cvssV3_vectorString))
+ file.write(" %s%s%s\n" % ('cvssV3_exploitabilityScore',tab,cve.cvssV3_exploitabilityScore))
+ file.write(" %s%s%s\n" % ('cvssV3_impactScore',tab,cve.cvssV3_impactScore))
+ file.write(" %s%s%s\n" % ('cvssV3_attackVector',tab,cve.cvssV3_attackVector))
+ file.write(" %s%s%s\n" % ('cvssV3_attackComplexity',tab,cve.cvssV3_attackComplexity))
+ file.write(" %s%s%s\n" % ('cvssV3_privilegesRequired',tab,cve.cvssV3_privilegesRequired))
+ file.write(" %s%s%s\n" % ('cvssV3_userInteraction',tab,cve.cvssV3_userInteraction))
+ file.write(" %s%s%s\n" % ('cvssV3_scope',tab,cve.cvssV3_scope))
+ file.write(" %s%s%s\n" % ('cvssV3_confidentialityImpact',tab,cve.cvssV3_confidentialityImpact))
+ file.write(" %s%s%s\n" % ('cvssV3_integrityImpact',tab,cve.cvssV3_integrityImpact))
+ file.write(" %s%s%s\n" % ('cvssV3_availabilityImpact',tab,cve.cvssV3_availabilityImpact))
+
+ if (cvss_v2):
+ file.write("\n")
+ file.write("CVSS Version 2:\n")
+ file.write(" %s%s%s\n" % ('cvssV2_baseScore',tab,cve.cvssV2_baseScore))
+ file.write(" %s%s%s\n" % ('cvssV2_severity',tab,cve.cvssV2_severity))
+ file.write(" %s%s%s\n" % ('cvssV2_vectorString',tab,cve.cvssV2_vectorString))
+ file.write(" %s%s%s\n" % ('cvssV2_exploitabilityScore',tab,cve.cvssV2_exploitabilityScore))
+ file.write(" %s%s%s\n" % ('cvssV2_impactScore',tab,cve.cvssV2_impactScore))
+ file.write(" %s%s%s\n" % ('cvssV2_accessVector',tab,cve.cvssV2_accessVector))
+ file.write(" %s%s%s\n" % ('cvssV2_accessComplexity',tab,cve.cvssV2_accessComplexity))
+ file.write(" %s%s%s\n" % ('cvssV2_authentication',tab,cve.cvssV2_authentication))
+ file.write(" %s%s%s\n" % ('cvssV2_confidentialityImpact',tab,cve.cvssV2_confidentialityImpact))
+ file.write(" %s%s%s\n" % ('cvssV2_integrityImpact',tab,cve.cvssV2_integrityImpact))
+
+ if (ref_list):
+ file.write("\n")
+ file.write("References:\n")
+ for i,ref in enumerate(cve.references.all()):
+ file.write(" %s\n" % ref.hyperlink)
+
+ if (cpe):
+ file.write("\n")
+ file.write("CPE Table:\n")
+ for cpe in cve.cpe_list.split("|"):
+ if '<config>' == cpe:
+ file.write(" Configation:\n")
+ elif '<and>' == cpe:
+ file.write(" * AND\n")
+ elif '<or>' == cpe:
+ file.write(" * OR\n")
+ else :
+ file.write(" %s\n" % cpe)
+
+ if 'audit' == report_type:
+
+ for cv in cve.cve_to_vulnerability.all():
+ v = cv.vulnerability
+ file.write("\n")
+ file.write("-------------------------------------------\n")
+ file.write("Vulnerability: %s\n" % v.name)
+ file.write(" Status: %s\n" % v.get_status_text)
+ file.write(" Outcome: %s\n" % v.get_outcome_text)
+ file.write(" Severity: %s\n" % v.get_severity_text)
+ file.write(" Comments: %s\n" % v.comments)
+ file.write("\n")
+ file.write(" Investigations:\n")
+ for investigation in Investigation.objects.filter(vulnerability=v):
+ file.write(" Name: %s\n" % investigation.name)
+ file.write(" Status: %s\n" % investigation.get_status_text)
+ file.write(" Outcome: %s\n" % investigation.get_outcome_text)
+ file.write(" Severity: %s\n" % investigation.get_severity_text)
+ file.write(" Defects: ")
+ for i,id in enumerate(investigation.investigation_to_defect.all()):
+ if i > 0:
+ file.write(",")
+ file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
+ file.write("\n")
+
+ file.write("\n")
+ file.write(" Comments:\n")
+ for i,vc in enumerate(v.vulnerability_comments.all()):
+ file.write(" %s (%s): %s\n" % (vc.date,vc.author,vc.comment))
+
+ file.write("\n")
+ file.write(" Audit Trail:\n")
+ for i,vh in enumerate(v.vulnerability_history.all()):
+ file.write(" %s (%s): %s\n" % (vh.date,vh.author,vh.comment))
+
+ file.write("\n")
+ else:
+ file.write("Investigations: no attached investigations as this time\n")
+
+ return report_name,os.path.basename(report_name)
+
+class VulnerabilityReport(Report):
+ """Report for the Vulnerability Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_VULNERABILITY_INIT(%s)" % parent_page, *args, **kwargs)
+ super(VulnerabilityReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_VULNERABILITY_CONTEXT", *args, **kwargs)
+ context = super(VulnerabilityReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Vulnerability Summary</option> \
+ <option value="audit">Vulnerability Audit</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_VULNERABILITY_EXEC", *args, **kwargs)
+ super(VulnerabilityReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ v = Vulnerability.objects.get(id=record_list)
+
+ report_name = '%s/vulnerability_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = " = "
+
+ if ('summary' == report_type) or ('audit' == report_type):
+ if 'txt' == format:
+ file.write("Report : Vulnerability %s - Summary\n" % v.name)
+ file.write("\n")
+
+ file.write("Vulnerability: %s\n" % v.name)
+ file.write(" Status: %s\n" % v.get_status_text)
+ file.write(" Outcome: %s\n" % v.get_outcome_text)
+ file.write(" Severity: %s\n" % v.get_severity_text)
+ file.write(" Comments: %s\n" % v.comments)
+
+ file.write("\n")
+ file.write("Affected Products:\n")
+ found_p = False
+ for i,p in enumerate(v.get_affected_list):
+ found_p = True
+ file.write("%2d) Product: %s\n" % (i,p.product.long_name))
+ found_i = False
+ for investigation in Investigation.objects.filter(vulnerability=v,product=p.product):
+ found_i = True
+ file.write(" Investigation: %s\n" % investigation.name)
+ file.write(" Status: %s\n" % investigation.get_status_text)
+ file.write(" Outcome: %s\n" % investigation.get_outcome_text)
+ file.write(" Severity: %s\n" % investigation.get_severity_text)
+ file.write(" Defects: ")
+ for j,id in enumerate(investigation.investigation_to_defect.all()):
+ if j > 0:
+ file.write(",")
+ file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
+ file.write("\n")
+ if not found_i:
+ file.write(" No investigations found\n")
+ if not found_p:
+ file.write(" No affected products found\n")
+
+ file.write("\n")
+ file.write("Related Products:\n")
+ found_p = False
+ for i,p in enumerate(v.get_related_list):
+ found_p = True
+ file.write("%2d) Product: %s\n" % (i,p.product.long_name))
+ if not found_p:
+ file.write(" No related products found\n")
+
+ file.write("\n")
+ file.write("Comments:\n")
+ found_c = False
+ for i,vc in enumerate(v.vulnerability_comments.all()):
+ found_c = True
+ file.write(" %2d) %s (%s): %s\n" % (i,vc.date,vc.author,vc.comment))
+ if not found_c:
+ file.write(" No comments found\n")
+
+ if 'audit' == report_type:
+ file.write("\n")
+ file.write("Audit Trail:\n")
+ for i,vh in enumerate(v.vulnerability_history.all()):
+ file.write(" %2d) %s (%s): %s\n" % (i,vh.date,vh.author,vh.comment))
+
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class InvestigationReport(Report):
+ """Report for the Investigation Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_INVESTIGATION_INIT(%s)" % parent_page, *args, **kwargs)
+ super(InvestigationReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_INVESTIGATION_CONTEXT", *args, **kwargs)
+ context = super(InvestigationReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Investigation Summary</option> \
+ <option value="audit">Investigation Audit</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_INVESTIGATION_EXEC", *args, **kwargs)
+ super(InvestigationReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ investigation = Investigation.objects.get(id=record_list)
+
+ report_name = '%s/investigation_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = " = "
+
+ if ('summary' == report_type) or ('audit' == report_type):
+ if 'txt' == format:
+ file.write("Report : Investigation %s - Summary\n" % investigation.name)
+ file.write("\n")
+
+ file.write("Name: %s\n" % investigation.name)
+ file.write(" Status: %s\n" % investigation.get_status_text)
+ file.write(" Outcome: %s\n" % investigation.get_outcome_text)
+ file.write(" Severity: %s\n" % investigation.get_severity_text)
+ file.write(" Defects: ")
+ for i,id in enumerate(investigation.investigation_to_defect.all()):
+ if i > 0:
+ file.write(",")
+ file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
+ file.write("\n")
+
+ file.write("\n")
+ file.write("Comments:\n")
+ found_c = False
+ for i,vc in enumerate(investigation.investigation_comments.all()):
+ found_c = True
+ file.write(" %s (%s): %s\n" % (ic.date,ic.author,ic.comment))
+ if not found_c:
+ file.write(" No comments found\n")
+
+ if 'audit' == report_type:
+ file.write("\n")
+ file.write(" Audit Trail:\n")
+ for i,ih in enumerate(investigation.investigation_history.all()):
+ file.write(" %s (%s): %s\n" % (ih.date,ih.author,ih.comment))
+
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class DefectReport(Report):
+ """Report for the Defect Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_DEFECT_INIT(%s)" % parent_page, *args, **kwargs)
+ super(DefectReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_DEFECT_CONTEXT", *args, **kwargs)
+ context = super(DefectReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Defect Summary</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_DEFECT_EXEC", *args, **kwargs)
+ super(DefectReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/defect_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tSummary\tPriority\tStatus\tResolution\tReleased Version\tURL\tInvestigations\tProduct\n")
+ if 'txt' == format:
+ file.write("Report : Defects Table\n")
+ file.write("\n")
+ file.write("Name,Summary,Priority,Status,Resolution,Released Version,URL,Investigations,Product\n")
+
+ defect = Defect.objects.get(id=record_list)
+ file.write("%s%s" % (defect.name,tab))
+ file.write("%s%s" % (defect.summary,tab))
+ file.write("%s%s" % (defect.get_priority_text,tab))
+ file.write("%s%s" % (defect.get_status_text,tab))
+ file.write("%s%s" % (defect.get_resolution_text,tab))
+ file.write("%s%s" % (defect.release_version,tab))
+ file.write("%s%s" % (defect.publish,tab))
+ file.write("%s%s" % (defect.url,tab))
+ for i,di in enumerate(defect.defect_to_investigation.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % (di.investigation.name))
+ file.write("%s" % tab)
+ tab='' # EOL
+ file.write("%s%s" % (defect.product.long_name,tab))
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+
+class CvesReport(Report):
+ """Report for the CVEs Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_CVES_INIT(%s)" % parent_page, *args, **kwargs)
+ super(CvesReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_CVES_CONTEXT", *args, **kwargs)
+ context = super(CvesReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">CVEs Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_CVES_EXEC", *args, **kwargs)
+ super(CvesReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
+ if 'txt' == format:
+ file.write("Report : CVEs Table\n")
+ file.write("\n")
+ file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
+
+ for id in record_list.split(','):
+ if not id:
+ continue
+ cve = Cve.objects.get(id=id)
+ file.write("%s%s" % (cve.name,tab))
+ file.write("%s%s" % (cve.get_status_text,tab))
+ file.write("%s%s" % (cve.cve_data_type,tab))
+ file.write("%s%s" % (cve.cve_data_format,tab))
+ file.write("%s%s" % (cve.cve_data_version,tab))
+
+ for i,cv in enumerate(cve.cve_to_vulnerability.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % cv.vulnerability.name)
+ file.write("%s" % tab)
+
+ file.write("%s%s" % (cve.description,tab))
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class SelectCvesReport(Report):
+ """Report for the Select CVEs Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_SELECTCVES_INIT(%s)" % parent_page, *args, **kwargs)
+ super(SelectCvesReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_SELECTCVES_CONTEXT", *args, **kwargs)
+ context = super(SelectCvesReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">CVEs Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_SELECTCVES_EXEC", *args, **kwargs)
+ super(SelectCvesReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/select_cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
+ if 'txt' == format:
+ file.write("Report : CVEs Table\n")
+ file.write("\n")
+ file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
+
+ for id in record_list.split(','):
+ if not id:
+ continue
+ cve = Cve.objects.get(id=id)
+ file.write("%s%s" % (cve.name,tab))
+ file.write("%s%s" % (cve.get_status_text,tab))
+ file.write("%s%s" % (cve.cve_data_type,tab))
+ file.write("%s%s" % (cve.cve_data_format,tab))
+ file.write("%s%s" % (cve.cve_data_version,tab))
+
+ for i,cv in enumerate(cve.cve_to_vulnerability.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % cv.vulnerability.name)
+ file.write("%s" % tab)
+
+ file.write("%s%s" % (cve.description,tab))
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class VulnerabilitiesReport(Report):
+ """Report for the Vulnerabilities Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_VULNERABILITIES_INIT(%s)" % parent_page, *args, **kwargs)
+ super(VulnerabilitiesReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_VULNERABILITIES_CONTEXT", *args, **kwargs)
+ context = super(VulnerabilitiesReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Vulnerabilities Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_VULNERABILITIES_EXEC", *args, **kwargs)
+ super(VulnerabilitiesReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/vulnerabilities_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tStatus\tOutcome\tSeverity\tCVEs\tInvestigations\n")
+ if 'txt' == format:
+ file.write("Report : Investigations Table\n")
+ file.write("\n")
+ file.write("Name,Status,Outcome,Severity,CVEs,Investigations\n")
+
+ for id in record_list.split(','):
+ if not id:
+ continue
+ v = Vulnerability.objects.get(id=id)
+ file.write("%s%s" % (v.name,tab))
+ file.write("%s%s" % (v.get_status_text,tab))
+ file.write("%s%s" % (v.get_outcome_text,tab))
+ file.write("%s%s" % (v.get_severity_text,tab))
+ for i,vc in enumerate(v.vulnerability_to_cve.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % vc.cve.name)
+ file.write("%s" % tab)
+ for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % investigation.name)
+ #file.write("%s" % tab)
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class InvestigationsReport(Report):
+ """Report for the Investigations Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_INVESTIGATIONS_INIT(%s)" % parent_page, *args, **kwargs)
+ super(InvestigationsReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_INVESTIGATIONS_CONTEXT", *args, **kwargs)
+ context = super(InvestigationsReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Investigations Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_INVESTIGATIONS_EXEC", *args, **kwargs)
+ super(InvestigationsReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/investigations_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tStatus\tOutcome\tSeverity\tProduct\tDefects\n")
+ if 'txt' == format:
+ file.write("Report : Investigations Table\n")
+ file.write("\n")
+ file.write("Name,Status,Outcome,Severity,Product,Defects\n")
+
+ for id in record_list.split(','):
+ if not id:
+ continue
+ investigation = Investigation.objects.get(id=id)
+ file.write("%s%s" % (investigation.name,tab))
+ file.write("%s%s" % (investigation.get_status_text,tab))
+ file.write("%s%s" % (investigation.get_outcome_text,tab))
+ file.write("%s%s" % (investigation.get_severity_text,tab))
+ file.write("%s%s" % (investigation.product.long_name,tab))
+ for i,id in enumerate(investigation.investigation_to_defect.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
+ #file.write("%s" % tab)
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class DefectsReport(Report):
+ """Report for the Defects Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_DEFECTS_INIT(%s)" % parent_page, *args, **kwargs)
+ super(DefectsReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_DEFECTS_CONTEXT", *args, **kwargs)
+ context = super(DefectsReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Defects Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_DEFECTS_EXEC", *args, **kwargs)
+ super(DefectsReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/defects_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tSummary\tPriority\tStatus\tResolution\tReleased Version\tURL\tInvestigations\tProduct\n")
+ if 'txt' == format:
+ file.write("Report : Defects Table\n")
+ file.write("\n")
+ file.write("Name,Summary,Priority,Status,Resolution,Released Version,URL,Investigations,Product\n")
+
+ for id in record_list.split(','):
+ if not id:
+ continue
+ defect = Defect.objects.get(id=id)
+ file.write("%s%s" % (defect.name,tab))
+ file.write("%s%s" % (defect.summary,tab))
+ file.write("%s%s" % (defect.get_priority_text,tab))
+ file.write("%s%s" % (defect.get_status_text,tab))
+ file.write("%s%s" % (defect.get_resolution_text,tab))
+ file.write("%s%s" % (defect.release_version,tab))
+ file.write("%s%s" % (defect.publish,tab))
+ file.write("%s%s" % (defect.url,tab))
+ for i,di in enumerate(defect.defect_to_investigation.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % (di.investigation.name))
+ file.write("%s" % tab)
+ tab='' # EOL
+ file.write("%s%s" % (defect.product.long_name,tab))
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class ProductsReport(Report):
+ """Report for the Products Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_PRODUCTS_INIT(%s)" % parent_page, *args, **kwargs)
+ super(ProductsReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_PRODUCTS_CONTEXT", *args, **kwargs)
+ context = super(ProductsReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">Products Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_PRODUCTS_EXEC", *args, **kwargs)
+ super(ProductsReport, self).exec_report(*args, **kwargs)
+
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ report_name = '%s/products_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tVersion\tProfile\tCPE\tSRT SPE\tInvestigations\tDefects\n")
+ if 'txt' == format:
+ file.write("Report : Investigations Table\n")
+ file.write("\n")
+ file.write("Name,Version,Profile,CPE,SRT SPE,Investigations,Defects\n")
+
+ for id in record_list.split(','):
+ if not id:
+ continue
+ product = Product.objects.get(id=id)
+ file.write("%s%s" % (product.name,tab))
+ file.write("%s%s" % (product.version,tab))
+ file.write("%s%s" % (product.profile,tab))
+ file.write("%s%s" % (product.cpe,tab))
+ file.write("%s%s" % (product.srt_cpe,tab))
+ file.write("%s%s" % (product.defect_prefix,tab))
+ for i,pi in enumerate(product.product_investigation.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % (pi.name))
+ file.write("%s" % tab)
+ for i,pd in enumerate(product.product_defect.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % (pd.name))
+ #file.write("%s" % tab)
+ file.write("\n")
+
+ return report_name,os.path.basename(report_name)
+
+class PublishCveReport(Report):
+ """Report for the Publish Cve Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_PUBLISHCVE_INIT(%s)" % parent_page, *args, **kwargs)
+ super(PublishCveReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_PUBLISHCVE_CONTEXT", *args, **kwargs)
+ context = super(PublishCveReport, self).get_context_data(*args, **kwargs)
+
+ context['report_type_list'] = '\
+ <option value="summary">CVE Publish Request Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_PUBLISHCVE_EXEC", *args, **kwargs)
+ super(PublishCveReport, self).exec_report(*args, **kwargs)
+
+ _log("FOO1")
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ _log("FOO2 (%s,%s,%s" % (record_list,format,report_type))
+ report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ _log("FOO3")
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
+ if 'txt' == format:
+ file.write("Report : CVEs Table\n")
+ file.write("\n")
+ file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
+
+ _log("FOO4")
+ for id in record_list.split(','):
+ _log("FOO5:%s" % id)
+ if not id:
+ continue
+ try:
+ cve = Cve.objects.get(id=id)
+ file.write("%s%s" % (cve.name,tab))
+ file.write("%s%s" % (cve.get_status_text,tab))
+ file.write("%s%s" % (cve.cve_data_type,tab))
+ file.write("%s%s" % (cve.cve_data_format,tab))
+ file.write("%s%s" % (cve.cve_data_version,tab))
+
+ for i,cv in enumerate(cve.cve_to_vulnerability.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % cv.vulnerability.name)
+ file.write("%s" % tab)
+
+ file.write("%s" % (cve.description))
+ file.write("\n")
+ except Exception as e:
+ _log("FOOX:%s" % e)
+
+ _log("FOO9:%s" % (report_name))
+ return report_name,os.path.basename(report_name)
+
+class PublishPendingCveReport(Report):
+ """Report for the Publish Cve Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_PUBLISHPENDINGCVE_INIT(%s)" % parent_page, *args, **kwargs)
+ super(PublishPendingCveReport, self).__init__(parent_page, *args, **kwargs)
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_PUBLISHPENDINGCVE_CONTEXT", *args, **kwargs)
+ context = super(PublishPendingCveReport, self).get_context_data(*args, **kwargs)
+ context['report_type_list'] = '\
+ <option value="summary">CVE Publish Request Table</option> \
+ '
+ context['report_get_title'] = '1'
+ context['report_recordrange_list'] = '\
+ <input type="radio" name="records" value="selected" checked> Selected<br> \
+ '
+ context['report_columnrange_list'] = ''
+ context['report_format_list'] = '\
+ <input type="radio" name="format" value="txt" checked> Text<br> \
+ <input type="radio" name="format" value="csv"> CSV<br> \
+ '
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_PUBLISHPENDINGCVE_EXEC", *args, **kwargs)
+ super(PublishPendingCveReport, self).exec_report(*args, **kwargs)
+
+ _log("FOO1")
+ request_POST = self.request.POST
+
+ records = request_POST.get('records', '')
+ format = request_POST.get('format', '')
+ title = request_POST.get('title', '')
+ report_type = request_POST.get('report_type', '')
+ record_list = request_POST.get('record_list', '')
+
+ _log("FOO2 (%s,%s,%s" % (record_list,format,report_type))
+ report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
+ with open(report_name, 'w') as file:
+
+ _log("FOO3")
+ if 'csv' == format:
+ tab = "\t"
+ else:
+ tab = ","
+
+ if ('summary' == report_type):
+ if 'csv' == format:
+ file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
+ if 'txt' == format:
+ file.write("Report : CVEs Table\n")
+ file.write("\n")
+ file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
+
+ _log("FOO4")
+ for id in record_list.split(','):
+ if not id:
+ continue
+ _log("FOO5:%s" % id)
+ try:
+ cve = Cve.objects.get(id=id)
+ file.write("%s%s" % (cve.name,tab))
+ file.write("%s%s" % (cve.get_status_text,tab))
+ file.write("%s%s" % (cve.cve_data_type,tab))
+ file.write("%s%s" % (cve.cve_data_format,tab))
+ file.write("%s%s" % (cve.cve_data_version,tab))
+
+ for i,cv in enumerate(cve.cve_to_vulnerability.all()):
+ if i > 0:
+ file.write(" ")
+ file.write("%s" % cv.vulnerability.name)
+ file.write("%s" % tab)
+
+ file.write("%s" % (cve.description))
+ file.write("\n")
+ except Exception as e:
+ _log("FOOX:%s" % e)
+
+ _log("FOO9:%s" % (report_name))
+ return report_name,os.path.basename(report_name)
+
+class DefaultReport(Report):
+ """Report for the Default Page"""
+
+ def __init__(self, parent_page, *args, **kwargs):
+ _log_args("REPORT_GENERIC_INIT(%s)" % parent_page, *args, **kwargs)
+ super(DefaultReport, self).__init__(parent_page, *args, **kwargs)
+ self.default_orderby = "name"
+
+ def get_context_data(self, *args, **kwargs):
+ _log_args("REPORT_GENERIC_CONTEXT", *args, **kwargs)
+ context = super(DefaultReport, self).get_context_data(*args, **kwargs)
+ context['report_enable_submit'] = ''
+
+ #context['report_recordrange_list'] = '\
+ # <input type="radio" name="records" value="selected" checked> Selected<br> \
+ # <input type="radio" name="records" value="all"> all<br> \
+ #context['report_columnrange_list'] = ''
+ # <input type="radio" name="columns" value="selected" checked> Selected<br>
+ # <input type="radio" name="columns" value="all"> All<br>
+ #context['report_format_list'] = '\
+ # <input type="radio" name="format" value="txt" checked> Text<br> \
+ # <input type="radio" name="format" value="csv"> CSV<br> \
+ # <input type="radio" name="format" value="rtf"> RTF<br>
+ # <input type="radio" name="format" value="xml"> XML<br>
+ # <input type="radio" name="format" value="json"> CVE NIST JSON<br>
+
+ return context
+
+ def exec_report(self, *args, **kwargs):
+ _log_args("REPORT_GENERIC_EXEC", *args, **kwargs)
+ super(ManagementReport, self).exec_report(*args, **kwargs)
+ return None
+
+
+class ReportManager():
+ @staticmethod
+ def get_report_class(parent_page, *args, **kwargs):
+ if ('management' == parent_page) or ('manage' == parent_page):
+ return ManagementReport(parent_page, *args, **kwargs)
+
+ elif 'cve' == parent_page:
+ return CveReport(parent_page, *args, **kwargs)
+ elif 'vulnerability' == parent_page:
+ return VulnerabilityReport(parent_page, *args, **kwargs)
+ elif 'investigation' == parent_page:
+ return InvestigationReport(parent_page, *args, **kwargs)
+ elif 'defect' == parent_page:
+ return DefectReport(parent_page, *args, **kwargs)
+
+ elif 'cves' == parent_page:
+ return CvesReport(parent_page, *args, **kwargs)
+ elif 'select-cves' == parent_page:
+ return SelectCvesReport(parent_page, *args, **kwargs)
+ elif 'vulnerabilities' == parent_page:
+ return VulnerabilitiesReport(parent_page, *args, **kwargs)
+ elif 'investigations' == parent_page:
+ return InvestigationsReport(parent_page, *args, **kwargs)
+ elif 'defects' == parent_page:
+ return DefectsReport(parent_page, *args, **kwargs)
+ elif 'products' == parent_page:
+ return ProductsReport(parent_page, *args, **kwargs)
+
+ elif 'select-publish' == parent_page:
+ return PublishCveReport(parent_page, *args, **kwargs)
+ elif 'update-published' == parent_page:
+ return PublishPendingCveReport(parent_page, *args, **kwargs)
+
+
+ else:
+ return DefaultReport(parent_page, *args, **kwargs)
+
+ @staticmethod
+ def get_context_data(parent_page, *args, **kwargs):
+ reporter = ReportManager.get_report_class(parent_page, *args, **kwargs)
+ return reporter.get_context_data(*args, **kwargs)
+
+ @staticmethod
+ def exec_report(parent_page, *args, **kwargs):
+ reporter = ReportManager.get_report_class(parent_page, *args, **kwargs)
+ return reporter.exec_report(*args, **kwargs)
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 06:27:56 +0000