diff options
Diffstat (limited to 'lib/srtgui/tables.py')
-rw-r--r-- | lib/srtgui/tables.py | 861 |
1 files changed, 551 insertions, 310 deletions
diff --git a/lib/srtgui/tables.py b/lib/srtgui/tables.py index 798855d6..643dd34d 100644 --- a/lib/srtgui/tables.py +++ b/lib/srtgui/tables.py @@ -22,7 +22,8 @@ from srtgui.widgets import ToasterTable from orm.models import SrtSetting from orm.models import Cve, Vulnerability, Investigation, CweTable, Product -from orm.models import CpeTable, Access, CpeFilter, Defect, Keywords +from orm.models import CpeTable, Access, CpeFilter, Defect, Keywords, DataSource +from orm.models import PublishPending from django.db.models import Q, Max, Sum, Count, When, Case, Value, IntegerField from django.conf.urls import url @@ -35,47 +36,46 @@ from srtgui.tablefilter import TableFilterActionToggle from srtgui.tablefilter import TableFilterActionDateRange from srtgui.tablefilter import TableFilterActionDay -def _log(msg): - f1=open('/tmp/srt.log', 'a') - f1.write("|" + msg + "|\n" ) - f1.close() +import os +# quick development/debugging support +from srtgui.api import _log -class AllCveTable(ToasterTable): +class CvesTable(ToasterTable): """Table of All CVE's in SRTool""" def __init__(self, *args, **kwargs): - super(AllCveTable, self).__init__(*args, **kwargs) + super(CvesTable, self).__init__(*args, **kwargs) self.default_orderby = "name" def get_context_data(self, **kwargs): - context = super(AllCveTable, self).get_context_data(**kwargs) + context = super(CvesTable, self).get_context_data(**kwargs) return context def setup_filters(self, *args, **kwargs): - # Is Vulnerable filter + # Is Status filter is_status = TableFilter(name="is_status", title="Filter CVE's by 'Status") - exec_is_new = TableFilterActionToggle( + is_status.add_action(TableFilterActionToggle( "new", "New", Q(status=Cve.NEW)) - exec_is_investigate = TableFilterActionToggle( + ) + is_status.add_action(TableFilterActionToggle( "investigate", "Investigate", Q(status=Cve.INVESTIGATE)) - exec_is_vulnerable = TableFilterActionToggle( + ) + is_status.add_action(TableFilterActionToggle( "vulnerable", "Is Vulnerable", Q(status=Cve.VULNERABLE)) - exec_is_not_vulnerable = TableFilterActionToggle( + ) + is_status.add_action(TableFilterActionToggle( "not_vulnerable", "Not Vulnerable", Q(status=Cve.NOT_VULNERABLE)) - is_status.add_action(exec_is_new) - is_status.add_action(exec_is_investigate) - is_status.add_action(exec_is_vulnerable) - is_status.add_action(exec_is_not_vulnerable) + ) self.add_filter(is_status) # Recommends filter @@ -123,38 +123,37 @@ class AllCveTable(ToasterTable): Cve.objects.all() # filter out hidden records - userAccess = Access() + userAccess = Access(self.request.session.get('srt_user_id', '0')) if not userAccess.is_admin(): self.queryset = self.queryset.exclude(public = False) self.queryset = self.queryset.order_by(self.default_orderby) -# self.static_context_extra['in_prj'] = ProjectLayer.objects.filter(Q(project=kwargs['pid']) & Q(layercommit=kwargs['layerid'])).count() + def setup_columns(self, *args, **kwargs): id_link_template = ''' - <a href="{% url 'cve' data.id %}"> - {{data.name}} - </a> + <a href="{% url 'cve' data.id %}" id="dataid_{{data.id}}">{{data.name}}</a> ''' - self.add_column(title="ID", + self.add_column(title="Name", hideable=False, orderable=True, field_name="name", static_data_name="name", - static_data_template=id_link_template) + static_data_template=id_link_template, + ) self.add_column(title="Status", field_name="status", hideable=True, orderable=True, - filter_name="is_status", +# filter_name="is_status", static_data_name="status", static_data_template="{{data.get_status_text}}" ) score_link_template = ''' - {% if 0 == data.recommend %}0{% else %}{{data.recommend}}{% endif %} + {% if 0 == data.recommend %}0{% else %}{{data.recommend}}{% endif %} ''' self.add_column(title="Score", field_name="recommend", @@ -189,17 +188,18 @@ class AllCveTable(ToasterTable): ) severity_v3_template = ''' - {{data.cvssV3_baseScore}} {{data.cvssV3_baseSeverity}} + {{data.cvssV3_baseScore}} {{data.cvssV3_baseSeverity}} ''' self.add_column(title="Severity (V3)", help_text="Severity of the CVE (v3)", hideable=False, orderable=False, static_data_name='severity_v3', - static_data_template=severity_v3_template) + static_data_template=severity_v3_template, + ) severity_v2_template = ''' - {{data.cvssV2_baseScore}} {{data.cvssV2_severity}} + {{data.cvssV2_baseScore}} {{data.cvssV2_severity}} ''' self.add_column(title="Severity (V2)", help_text="Severity of the CVE (v2)", @@ -207,19 +207,22 @@ class AllCveTable(ToasterTable): hidden=True, orderable=False, static_data_name='severity_v2', - static_data_template=severity_v2_template) + static_data_template=severity_v2_template, + ) self.add_column(title="Published", help_text="Initial publish date of the CVE", hideable=False, orderable=True, - field_name="publishedDate") + field_name="publishedDate", + ) self.add_column(title="Modified", help_text="Last modification date of the CVE", hideable=True, orderable=True, - field_name="lastModifiedDate") + field_name="lastModifiedDate", + ) self.add_column(title="Comments", field_name="comments", @@ -227,7 +230,25 @@ class AllCveTable(ToasterTable): orderable=True, ) - userAccess = Access() + self.add_column(title="Publish Request", + help_text="SRT Publish Request State", + hideable=True, + hidden=True, + orderable=True, + field_name="publish_state", + static_data_name="publish_state", + static_data_template='{{data.get_publish_text}}', + ) + + self.add_column(title="Publish Date", + help_text="SRT Publish date of the CVE", + hideable=True, + hidden=True, + orderable=True, + field_name="publish_date" + ) + + userAccess = Access(self.request.session.get('srt_user_id', '0')) if userAccess.is_admin(): self.add_column(title="Comments Private", field_name="comments_private", @@ -235,27 +256,32 @@ class AllCveTable(ToasterTable): ) vulnerability_link_template = ''' - {% if data.cve_to_vulnerability.all %} - {% for cv in data.cve_to_vulnerability.all %} - {% if not forloop.first %}| {% endif %}<a href="{% url 'vulnerability' cv.vulnerability.pk %}">{{cv.vulnerability.name}}</a> - {% endfor %} - {% endif %} + {% for cv in data.cve_to_vulnerability.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'vulnerability' cv.vulnerability.pk %}">{{cv.vulnerability.name}}</a> + {% endfor %} ''' self.add_column(title="Vulnerability", static_data_name="vulnerability", static_data_template=vulnerability_link_template, - hidden=False) - - if False: - defect_template = ''' +# static_data_template='', + hidden=False, + ) - ''' - self.add_column(title="Defect", - help_text="Associated Defects", - hideable=True, - orderable=True, - static_data_name='defect', - static_data_template=defect_template) + defect_link_template = ''' + {% for cv in data.cve_to_vulnerability.all %} + {% for investigation in cv.vulnerability.vulnerability_investigation.all %} + {% for id in investigation.investigation_to_defect.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' id.defect.pk %}">{{id.defect.name}}</a> + {% endfor %} + {% endfor %} + {% endfor %} + ''' + self.add_column(title="Defect", + static_data_name="defect", + static_data_template=defect_link_template, +# static_data_template='', + hidden=False, + ) class SelectCveTable(ToasterTable): @@ -274,27 +300,15 @@ class SelectCveTable(ToasterTable): data = super(SelectCveTable, self).apply_row_customization(data) # data:dict_keys(['rows', 'total', 'default_orderby', 'error', 'columns']) - if False: - # TEST - KeywordsFor = SrtSetting.objects.get(name='keywords_for').value.split('|') - KeywordsAgainst = SrtSetting.objects.get(name='keywords_against').value.split('|') - qq = 0 - for i in range(len(data['rows'])): - data['rows'][i]['for'] = 'Y:%s%d' % (KeywordsFor[qq],i) - data['rows'][i]['against'] = 'N:%s%d' % (KeywordsAgainst[qq],i) - qq += 1 - if 10<qq: - qq = 0 - - if True: - for i in range(len(data['rows'])): - data['rows'][i]['for'] = '' - data['rows'][i]['against'] = '' - for key in data['rows'][i]['comments_private'].split(','): - if key.startswith('+'): - data['rows'][i]['for'] += '%s ' % key[1:] - elif key.startswith('-'): - data['rows'][i]['against'] += '%s ' % key[1:] + # comments_private -> recommend_list + for i in range(len(data['rows'])): + data['rows'][i]['for'] = '' + data['rows'][i]['against'] = '' + for key in data['rows'][i]['recommend_list'].split(','): + if key.startswith('+'): + data['rows'][i]['for'] += '%s ' % key[1:] + elif key.startswith('-'): + data['rows'][i]['against'] += '%s ' % key[1:] return data @@ -365,14 +379,12 @@ class SelectCveTable(ToasterTable): Cve.objects.filter(status = Cve.NEW,name__startswith = 'CVE-2018') # filter out hidden records !!! ALL NEW ONES SHOULD BE PUBLIC -# userAccess = Access() +# userAccess = Access(self.request.session.get('srt_user_id', '0')) # if not userAccess.is_admin(): # self.queryset = self.queryset.exclude(public = False) self.queryset = self.queryset.order_by(self.default_orderby) -# self.static_context_extra['in_prj'] = ProjectLayer.objects.filter(Q(project=kwargs['pid']) & Q(layercommit=kwargs['layerid'])).count() - def setup_columns(self, *args, **kwargs): @@ -380,7 +392,7 @@ class SelectCveTable(ToasterTable): field_name="Select", hideable=False, static_data_name="select", - static_data_template='<input type="checkbox" name="{{data.name}}" />' + static_data_template='<input type="checkbox" name="{{data.name}}" />', ) self.add_column(title="Status", @@ -389,18 +401,17 @@ class SelectCveTable(ToasterTable): orderable=True, filter_name="is_status", static_data_name="status", - static_data_template="{{data.get_status_text}}" + static_data_template="{{data.get_status_text}}", ) - self.add_column(title="Comments", - field_name="comments_private", + self.add_column(title="Recommend List", + field_name="recommend_list", hideable=True, hidden=True, ) -# {% if 0 == data.recommend %}0{% else %}{{data.recommend}}{% endif %} recommend_link_template = ''' - {% load projecttags %}{{data.recommend|recommend_display}} + {% load projecttags %}{{data.recommend|recommend_display}} ''' self.add_column(title="Recommendation", hideable=False, @@ -412,16 +423,15 @@ class SelectCveTable(ToasterTable): ) id_link_template = ''' - <a href="{% url 'cve' data.id %}" target="_blank"> - {{data.name}} - </a> + <a href="{% url 'cve' data.id %}" id="dataid_{{data.id}}" target="_blank">{{data.name}}</a> ''' self.add_column(title="Name", hideable=False, orderable=True, field_name="name", static_data_name="name", - static_data_template=id_link_template) + static_data_template=id_link_template, + ) self.add_column(title="Description", field_name="description", @@ -429,17 +439,18 @@ class SelectCveTable(ToasterTable): ) severity_v3_template = ''' - {{data.cvssV3_baseScore}} {{data.cvssV3_baseSeverity}} + {{data.cvssV3_baseScore}} {{data.cvssV3_baseSeverity}} ''' self.add_column(title="Severity (V3)", help_text="Severity of the CVE (v3)", hideable=False, orderable=False, static_data_name='severity_v3', - static_data_template=severity_v3_template) + static_data_template=severity_v3_template, + ) severity_v2_template = ''' - {{data.cvssV2_baseScore}} {{data.cvssV2_severity}} + {{data.cvssV2_baseScore}} {{data.cvssV2_severity}} ''' self.add_column(title="Severity (V2)", help_text="Severity of the CVE (v2)", @@ -447,15 +458,11 @@ class SelectCveTable(ToasterTable): hidden=True, orderable=False, static_data_name='severity_v2', - static_data_template=severity_v2_template) - - -#{{keyscore|get_dict_value:data.name}} -#{{keysfor|get_dict_value:data.name}} -#{{keysagainst|get_dict_value:data.name}} + static_data_template=severity_v2_template, + ) for_template = ''' - {{keysfor|get_dict_value:data.name}} + {{keysfor|get_dict_value:data.name}} ''' self.add_column(title="Reasons For", help_text="Keywords for accepting this CVE", @@ -466,7 +473,7 @@ class SelectCveTable(ToasterTable): ) against_template = ''' - {{keysagainst|get_dict_value:data.name}} + {{keysagainst|get_dict_value:data.name}} ''' self.add_column(title="Reasons Against", help_text="Keywords for not accepting this CVE", @@ -477,15 +484,15 @@ class SelectCveTable(ToasterTable): ) -class AllDefectTable(ToasterTable): - """Table of All Defects's in SRTool""" +class DefectsTable(ToasterTable): + """Table of All Defects in SRTool""" def __init__(self, *args, **kwargs): - super(AllDefectTable, self).__init__(*args, **kwargs) + super(DefectsTable, self).__init__(*args, **kwargs) self.default_orderby = "name" def get_context_data(self, **kwargs): - context = super(AllDefectTable, self).get_context_data(**kwargs) + context = super(DefectsTable, self).get_context_data(**kwargs) return context @@ -493,102 +500,47 @@ class AllDefectTable(ToasterTable): # Priority filter is_priority = TableFilter(name="is_priority", title="Filter defects by 'Priority'") - exec_is_low = TableFilterActionToggle( - "low", - "Low", - Q(priority=Defect.LOW)) - exec_is_medium = TableFilterActionToggle( - "medium", - "Medium", - Q(priority=Defect.MEDIUM)) - exec_is_high = TableFilterActionToggle( - "high", - "High", - Q(priority=Defect.HIGH)) - is_priority.add_action(exec_is_low) - is_priority.add_action(exec_is_medium) - is_priority.add_action(exec_is_high) + for priority in range(len(Defect.Priority)): + is_priority.add_action(TableFilterActionToggle( + Defect.Priority[priority][1].lower().replace(' ','_'), + Defect.Priority[priority][1], + Q(resolution=Defect.Priority[priority][0])) + ) self.add_filter(is_priority) # Status filter is_status = TableFilter(name="is_status", title="Filter defects by 'Status'") - exec_is_open = TableFilterActionToggle( - "open", - "Open", - Q(status=Defect.OPEN)) - exec_is_in_progress = TableFilterActionToggle( - "in_progress", - "In progress", - Q(status=Defect.IN_PROGRESS)) - exec_is_on_hold = TableFilterActionToggle( - "on_hold", - "On Hold", - Q(status=Defect.ON_HOLD)) - exec_is_checked_in = TableFilterActionToggle( - "checked_in", - "Checked In", - Q(status=Defect.CHECKED_IN)) - exec_is_resolved = TableFilterActionToggle( - "resolved", - "Resolved", - Q(status=Defect.RESOLVED)) - exec_is_closed = TableFilterActionToggle( - "closed", - "Closed", - Q(status=Defect.CLOSED)) - is_status.add_action(exec_is_open) - is_status.add_action(exec_is_in_progress) - is_status.add_action(exec_is_on_hold) - is_status.add_action(exec_is_checked_in) - is_status.add_action(exec_is_resolved) - is_status.add_action(exec_is_closed) + for status in range(len(Defect.Status)): + is_status.add_action(TableFilterActionToggle( + Defect.Status[status][1].lower().replace(' ','_'), + Defect.Status[status][1], + Q(resolution=Defect.Status[status][0])) + ) self.add_filter(is_status) # Resolution filter is_resolution = TableFilter(name="is_resolution", title="Filter defects by 'Resolution'") - exec_is_unresolved = TableFilterActionToggle( - "unresolved", - "Unresolved", - Q(resolution=Defect.UNRESOLVED)) - exec_is_fixed = TableFilterActionToggle( - "fixed", - "Fixed", - Q(resolution=Defect.FIXED)) - exec_is_will_not_fix = TableFilterActionToggle( - "will_not_fix", - "Will Not Fix", - Q(resolution=Defect.WILL_NOT_FIX)) - exec_is_withdrawn = TableFilterActionToggle( - "withdrawn", - "Withdrawn", - Q(resolution=Defect.WITHDRAWN)) - exec_is_rejected = TableFilterActionToggle( - "rejected", - "Rejected", - Q(resolution=Defect.REJECTED)) - exec_is_duplicate = TableFilterActionToggle( - "duplicate", - "Duplicate", - Q(resolution=Defect.DUPLICATE)) - is_resolution.add_action(exec_is_unresolved) - is_resolution.add_action(exec_is_fixed) - is_resolution.add_action(exec_is_will_not_fix) - is_resolution.add_action(exec_is_withdrawn) - is_resolution.add_action(exec_is_rejected) - is_resolution.add_action(exec_is_duplicate) + for resolution in range(len(Defect.Resolution)): + is_resolution.add_action(TableFilterActionToggle( + Defect.Resolution[resolution][1].lower().replace(' ','_'), + Defect.Resolution[resolution][1], + Q(resolution=Defect.Resolution[resolution][0])) + ) self.add_filter(is_resolution) # Product filter #(name="Wind River Linux",version="LTS-17") is_product = TableFilter(name="is_product", title="Filter defects by 'Product'") - for p in Product.objects.all(): + for product in Product.objects.all(): + _log("PRODUCTS:%s,%s"% (product.defect_prefix,product.long_name)) is_product.add_action( TableFilterActionToggle( - p.defect_prefix, - p.long_name(), - Q(product=p)) ) + product.defect_prefix, + product.long_name, + Q(product=product)) + ) self.add_filter(is_product) @@ -601,16 +553,15 @@ class AllDefectTable(ToasterTable): def setup_columns(self, *args, **kwargs): name_link_template = ''' - <a href="http://defect.wrs.com/browse/{{data.name}}" target="_blank"> - {{data.name}} - </a> + <a href="{% url 'defect' data.id %}" id="dataid_{{data.id}}">{{data.name}}</a> ''' self.add_column(title="Name", hideable=False, orderable=True, field_name="name", static_data_name="name", - static_data_template=name_link_template) + static_data_template=name_link_template, + ) self.add_column(title="Summary", field_name="summary", @@ -622,25 +573,25 @@ class AllDefectTable(ToasterTable): orderable=True, filter_name="is_priority", static_data_name="priority", - static_data_template='{{data.get_priority_text}}' + static_data_template='{{data.get_priority_text}}', ) - + self.add_column(title="Status", hideable=False, field_name="status", orderable=True, filter_name="is_status", static_data_name="status", - static_data_template='{{data.get_status_text}}' + static_data_template='{{data.get_status_text}}', ) - - self.add_column(title="resolution", + + self.add_column(title="Resolution", hideable=False, field_name="resolution", orderable=True, filter_name="is_resolution", static_data_name="resolution", - static_data_template='{{data.get_resolution_text}}' + static_data_template='{{data.get_resolution_text}}', ) self.add_column(title="Release Version", @@ -649,53 +600,64 @@ class AllDefectTable(ToasterTable): field_name="release_version", ) - self.add_column(title="Publish OLS", + self.add_column(title="Publish", hideable=True, orderable=True, - field_name="publishOLS", + field_name="publish", + ) + + url_link_template = ''' + <a href="{{data.url}}" target="_blank">{{data.url}}</a> + ''' + self.add_column(title="URL", + field_name="url", + hideable=True, + hidden=True, + static_data_name="url", + static_data_template=url_link_template, ) #date_created = models.DateField(null=True, blank=True) #date_updated = models.DateField(null=True, blank=True) investigations_link_template = ''' - {% for ji in data.defect_to_investigation.all %} - {% if not forloop.first %}| {% endif %}<a href="{% url 'investigation' ji.investigation.id %}" target="_blank">{{ji.investigation.name}} </a> - {% endfor %} + {% for ji in data.defect_to_investigation.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'investigation' ji.investigation.id %}" target="_blank">{{ji.investigation.name}} </a> + {% endfor %} ''' self.add_column(title="Investigation", hideable=True, # orderable=True, # multiple investigations static_data_name="investigation", - static_data_template=investigations_link_template + static_data_template=investigations_link_template, ) # !!! HACK: 'data.product' is returning '%s' when it is supposed to be null !!! product_link_template = ''' - {% if data.product != '%s' %} - <a href="{% url 'products'%}"> - {{data.product.long_name}} - </a> - {% endif %} + {% if data.product != '%s' %} + <a href="{% url 'product' data.product.id %}"> + {{data.product.long_name}} + </a> + {% endif %} ''' self.add_column(title="Product", hideable=True, orderable=True, filter_name="is_product", static_data_name="product", - static_data_template=product_link_template + static_data_template=product_link_template, ) -class AllCweTable(ToasterTable): +class CwesTable(ToasterTable): """Table of All CWE's in SRTool""" def __init__(self, *args, **kwargs): - super(AllCweTable, self).__init__(*args, **kwargs) + super(CwesTable, self).__init__(*args, **kwargs) self.default_orderby = "name_sort" def get_context_data(self, **kwargs): - context = super(AllCweTable, self).get_context_data(**kwargs) + context = super(CwesTable, self).get_context_data(**kwargs) return context @@ -719,28 +681,22 @@ class AllCweTable(ToasterTable): def setup_columns(self, *args, **kwargs): - name_link_template = ''' - <a href="cwelink_{{data.name}}"></a> - {{data.name}} - ''' self.add_column(title="Name", + field_name="name", hideable=False, orderable=True, - field_name="name_sort", - static_data_name="name_sort", - static_data_template=name_link_template) + ) href_link_template = ''' - <a href="{{data.href}}" target="_blank"> - {{data.href}} - </a> + <a href="{{data.href}}" id="dataid_{{data.id}} target="_blank">{{data.href}}</a> ''' self.add_column(title="Link", hideable=False, orderable=False, field_name="href", static_data_name="href", - static_data_template=href_link_template) + static_data_template=href_link_template, + ) self.add_column(title="Summary", field_name="summary", @@ -758,23 +714,23 @@ class AllCweTable(ToasterTable): static_data_name="cves", static_data_template='{{data.vulnerable_count}}', ) - + # self.add_column(title="CVE's", # hidden=False, # static_data_name="cves", # static_data_template='{{data.cwe2cve.all.count}}', # ) - -class AllCpeTable(ToasterTable): + +class CpesTable(ToasterTable): """Table of All CPE's in SRTool""" def __init__(self, *args, **kwargs): - super(AllCpeTable, self).__init__(*args, **kwargs) + super(CpesTable, self).__init__(*args, **kwargs) self.default_orderby = "vulnerable" def get_context_data(self, **kwargs): - context = super(AllCpeTable, self).get_context_data(**kwargs) + context = super(CpesTable, self).get_context_data(**kwargs) return context def setup_filters(self, *args, **kwargs): @@ -808,20 +764,13 @@ class AllCpeTable(ToasterTable): # cpeMatchString = models.TextField(blank=True) # cpe23Uri = models.TextField(blank=True) - vulnerable_link_template = ''' - {% if data.vulnerable %} - Yes - {% else %} - No - {% endif %} - ''' self.add_column(title="Vulnerable", field_name="vulnerable", hideable=False, orderable=True, filter_name="is_vulnerable", static_data_name="vulnerable", - static_data_template=vulnerable_link_template + static_data_template="{% if data.vulnerable %}Yes{% else %}No{% endif %}", ) self.add_column(title="CPE 2.3", @@ -845,16 +794,17 @@ class AllCpeTable(ToasterTable): ) cve_link_template = ''' - {% for pv in data.cpe2cve.all %} - {% if not forloop.first %}| {% endif %}<a href="{% url 'cve' pv.cve.id %}">{{pv.cve.name}} </a> - {% endfor %} + {% for pv in data.cpe2cve.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'cve' pv.cve.id %}">{{pv.cve.name}} </a> + {% endfor %} ''' self.add_column(title="CVE", hideable=False, orderable=True, field_name="cveName", static_data_name="cveName", - static_data_template=cve_link_template) + static_data_template=cve_link_template, + ) class ManageCpeTable(ToasterTable): @@ -918,7 +868,7 @@ class ManageCpeTable(ToasterTable): field_name="Select", hideable=False, static_data_name="select", - static_data_template='<input type="checkbox" name="check_{{data.key_prime}}_{{data.key_sub}}" />' + static_data_template='<input type="checkbox" name="check_{{data.key_prime}}_{{data.key_sub}}" />', ) @@ -928,7 +878,7 @@ class ManageCpeTable(ToasterTable): orderable=True, filter_name="is_status", static_data_name="status", - static_data_template="{{data.get_status_text}}" + static_data_template="{{data.get_status_text}}", ) self.add_column(title="Company", @@ -943,22 +893,15 @@ class ManageCpeTable(ToasterTable): hideable=False, orderable=True, static_data_name="key_sub", - static_data_template="{% if data.key_sub %}{{data.key_sub}}{% else %}(company){% endif %}" + static_data_template="{% if data.key_sub %}{{data.key_sub}}{% else %}(company){% endif %}", ) - automatic_link_template = ''' - {% if data.automatic %} - Yes - {% else %} - No - {% endif %} - ''' self.add_column(title="Automatic", field_name="automatic", hideable=False, orderable=True, static_data_name="automatic", - static_data_template=automatic_link_template + static_data_template="{% if data.automatic %}Yes{% else %}No{% endif %}", ) manage_link_template = ''' @@ -970,7 +913,7 @@ class ManageCpeTable(ToasterTable): hideable=False, orderable=True, static_data_name="manage", - static_data_template=manage_link_template + static_data_template=manage_link_template, ) @@ -1015,14 +958,15 @@ class ProductsTable(ToasterTable): def setup_columns(self, *args, **kwargs): name_link_template = ''' - {{data.name}} + <a href="{% url 'product' data.id %}" id="dataid_{{data.id}}">{{data.name}}<a> ''' self.add_column(title="Name", hideable=False, orderable=True, field_name="name", static_data_name="name", - static_data_template=name_link_template) + static_data_template=name_link_template, + ) self.add_column(title="Version", field_name="version", @@ -1042,8 +986,8 @@ class ProductsTable(ToasterTable): self.add_column(title="SRT CPE", field_name="srt_cpe", - hideable=False, - ) + hideable=True, + ) self.add_column(title="Defect Prefix", field_name="defect_prefix", @@ -1052,25 +996,25 @@ class ProductsTable(ToasterTable): investigations_link_template = ''' - {% if data.product_investigation.all.count %} - <a href="{% url 'investigations' %}?filter=is_product:{{data.defect_prefix}}&"> - {{data.product_investigation.all.count}} - </a> - {% else %}0{% endif %} + {% if data.product_investigation.all.count %} + <a href="{% url 'investigations' %}?filter=is_product:{{data.defect_prefix}}&"> + {{data.product_investigation.all.count}} + </a> + {% else %}0{% endif %} ''' self.add_column(title="Investigations", field_name="investigations", hidden=False, static_data_name="investigations", - static_data_template=investigations_link_template + static_data_template=investigations_link_template, ) defects_link_template = ''' - {% if data.product_defect.all.count %} - <a href="{% url 'all-defects' %}?filter=is_product:{{data.defect_prefix}}&"> - {{data.product_defect.all.count}} - </a> - {% else %}0{% endif %} + {% if data.product_defect.all.count %} + <a href="{% url 'defects' %}?filter=is_product:{{data.defect_prefix}}&"> + {{data.product_defect.all.count}} + </a> + {% else %}0{% endif %} ''' self.add_column(title="Defects", field_name="defects", @@ -1080,15 +1024,15 @@ class ProductsTable(ToasterTable): ) -class AllVulnerabilitiesTable(ToasterTable): +class VulnerabilitiesTable(ToasterTable): """Table of All Vulnerabilities in SRTool""" def __init__(self, *args, **kwargs): - super(AllVulnerabilitiesTable, self).__init__(*args, **kwargs) + super(VulnerabilitiesTable, self).__init__(*args, **kwargs) self.default_orderby = "name" def get_context_data(self, **kwargs): - context = super(AllVulnerabilitiesTable, self).get_context_data(**kwargs) + context = super(VulnerabilitiesTable, self).get_context_data(**kwargs) return context @@ -1163,7 +1107,7 @@ class AllVulnerabilitiesTable(ToasterTable): Vulnerability.objects.all() # filter out hidden records - userAccess = Access() + userAccess = Access(self.request.session.get('srt_user_id', '0')) if not userAccess.is_admin(): self.queryset = self.queryset.exclude(public = False) @@ -1172,37 +1116,37 @@ class AllVulnerabilitiesTable(ToasterTable): def setup_columns(self, *args, **kwargs): id_link_template = ''' - <a href="{% url 'vulnerability' data.id %}"> - {{data.name}} - </a> + <a href="{% url 'vulnerability' data.id %}" id="dataid_{{data.id}}">{{data.name}}</a> ''' self.add_column(title="ID", hideable=False, orderable=True, field_name="name", static_data_name="name", - static_data_template=id_link_template) + static_data_template=id_link_template, + ) cve_link_template = ''' - {% for vc in data.vulnerability_to_cve.all %} - {% if not forloop.first %}| {% endif %} <a href="{% url 'cve' vc.cve.pk %}"> - {{vc.cve.name}} - </a> - {% endfor %} + {% for vc in data.vulnerability_to_cve.all %} + {% if not forloop.first %}| {% endif %} <a href="{% url 'cve' vc.cve.pk %}"> + {{vc.cve.name}} + </a> + {% endfor %} ''' self.add_column(title="CVE", hideable=False, orderable=False, field_name="cve__name", static_data_name="cve__name", - static_data_template=cve_link_template) + static_data_template=cve_link_template, + ) self.add_column(title="Status", field_name="status", hideable=False, filter_name="is_status", static_data_name="status", - static_data_template="{{data.get_status_text}}" + static_data_template="{{data.get_status_text}}", ) self.add_column(title="Outcome", @@ -1210,7 +1154,7 @@ class AllVulnerabilitiesTable(ToasterTable): hideable=False, filter_name="is_outcome", static_data_name="outcome", - static_data_template="{{data.get_outcome_text}}" + static_data_template="{{data.get_outcome_text}}", ) self.add_column(title="Severity", @@ -1218,7 +1162,7 @@ class AllVulnerabilitiesTable(ToasterTable): hideable=False, filter_name="is_severity", static_data_name="severity", - static_data_template="{{data.get_severity_text}}" + static_data_template="{{data.get_severity_text}}", ) self.add_column(title="Comments", @@ -1226,62 +1170,82 @@ class AllVulnerabilitiesTable(ToasterTable): hideable=True, ) - userAccess = Access() + userAccess = Access(self.request.session.get('srt_user_id', '0')) if userAccess.is_admin(): self.add_column(title="Comments Private", field_name="comments_private", hideable=True, ) + investigate_link_template = ''' + {% for investigation in data.vulnerability_investigation.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'investigation' investigation.id %}" target="_blank">{{investigation.name}}</a> + {% endfor %} + ''' + self.add_column(title="Investigations", + static_data_name="vulnerability_investigation", + static_data_template=investigate_link_template, + hidden=False, + ) + + defect_link_template = ''' + {% for investigation in data.vulnerability_investigation.all %} + {% for id in investigation.investigation_to_defect.all %} + {% if forloop.counter == 1 %}| {% endif %}<a href="{% url 'defect' id.defect.id %}" target="_blank">{{id.defect.name}}</a> + {% endfor %} + {% endfor %} + ''' + self.add_column(title="Defects", + static_data_name="investigation_to_defect", + static_data_template=defect_link_template, + hidden=False, + ) + + # VulnerabilityProduct.AFFECTED = 0 product_link_template = ''' {% for vp in data.affected_products.all %} - {% if vp.relation = 0 %}{% if not forloop.first %}| {% endif %}<a href="{% url 'products'%}" target="_blank">{{vp.product.defect_prefix}}</a>{% endif %} - {% endfor %} + {% if vp.product != '%s' %} + {% if vp.relation == 0 %}{% if not forloop.first %}| {% endif %}<a href="{% url 'product' vp.product.id %}" target="_blank">{{vp.product.defect_prefix}}</a>{% endif %} + {% endfor %} + {% endif %} ''' self.add_column(title="Products", static_data_name="investigation_products", static_data_template=product_link_template, hidden=False, ) - if False: - self.add_column(title="Defects", - static_data_name="investigation_defects", - static_data_template='\ - 0', - hidden=False, - ) -class AllInvestigationsTable(ToasterTable): +class InvestigationsTable(ToasterTable): """Table of All Investigations in SRTool""" def __init__(self, *args, **kwargs): - super(AllInvestigationsTable, self).__init__(*args, **kwargs) + super(InvestigationsTable, self).__init__(*args, **kwargs) self.default_orderby = "name" def get_context_data(self, **kwargs): - context = super(AllInvestigationsTable, self).get_context_data(**kwargs) + context = super(InvestigationsTable, self).get_context_data(**kwargs) return context def setup_filters(self, *args, **kwargs): # Status filter is_status = TableFilter(name="is_status", title="Filter Investigations by 'Status'") - exec_is_investigate = TableFilterActionToggle( + is_status.add_action(TableFilterActionToggle( "investigate", "Investigate", Q(status=Investigation.INVESTIGATE)) - exec_is_vulnerable = TableFilterActionToggle( + ) + is_status.add_action(TableFilterActionToggle( "vulnerable", "Is Vulnerable", Q(status=Investigation.VULNERABLE)) - exec_is_not_vulnerable = TableFilterActionToggle( + ) + is_status.add_action(TableFilterActionToggle( "not_vulnerable", "Not Vulnerable", Q(status=Investigation.NOT_VULNERABLE)) - is_status.add_action(exec_is_investigate) - is_status.add_action(exec_is_vulnerable) - is_status.add_action(exec_is_not_vulnerable) + ) self.add_filter(is_status) # Outcome filter @@ -1335,7 +1299,7 @@ class AllInvestigationsTable(ToasterTable): for p in Product.objects.all(): is_product.add_action( TableFilterActionToggle( p.defect_prefix, - p.long_name(), + p.long_name, Q(product=p)) ) self.add_filter(is_product) @@ -1345,7 +1309,7 @@ class AllInvestigationsTable(ToasterTable): Investigation.objects.all() # filter out hidden records - userAccess = Access() + userAccess = Access(self.request.session.get('srt_user_id', '0')) if not userAccess.is_admin(): self.queryset = self.queryset.exclude(public = False) @@ -1354,27 +1318,26 @@ class AllInvestigationsTable(ToasterTable): def setup_columns(self, *args, **kwargs): id_link_template = ''' - <a href="{% url 'investigation' data.id %}"> - {{data.name}} - </a> + <a href="{% url 'investigation' data.id %}" id="dataid_{{data.id}}">{{data.name}}</a> ''' self.add_column(title="ID", hideable=False, orderable=True, field_name="name", static_data_name="name", - static_data_template=id_link_template) + static_data_template=id_link_template, + ) defect_link_template = ''' {% for ij in data.investigation_to_defect.all %} - {% if not forloop.first %}| {% endif %}<a href="http://defect.wrs.com/browse/{{ij.defect.name}}" target="_blank">{{ij.defect.name}} </a> + {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' ij.defect.id %}">{{ij.defect.name}} </a> {% endfor %} ''' self.add_column(title="Defects", field_name="defect", hideable=False, static_data_name="defect", - static_data_template=defect_link_template + static_data_template=defect_link_template, ) self.add_column(title="Status", @@ -1382,7 +1345,7 @@ class AllInvestigationsTable(ToasterTable): hideable=True, filter_name="is_status", static_data_name="status", - static_data_template="{{data.get_status_text}}" + static_data_template="{{data.get_status_text}}", ) self.add_column(title="Outcome", @@ -1390,15 +1353,20 @@ class AllInvestigationsTable(ToasterTable): hideable=False, filter_name="is_outcome", static_data_name="outcome", - static_data_template="{{data.get_outcome_text}}" + static_data_template="{{data.get_outcome_text}}", ) + release_version_template = ''' + {% for ij in data.investigation_to_defect.all %} + {% if not forloop.first %}| {% endif %}<a href="{{ij.defect.url}}" target="_blank">{{ij.defect.release_version}} </a> + {% endfor %} + ''' self.add_column(title="Release Version", # field_name="release_version", orderable=True, hideable=False, - static_data_name="outcome", - static_data_template="{{data.defect.release_version}}" + static_data_name="release_version", + static_data_template=release_version_template, ) self.add_column(title="Severity", @@ -1406,7 +1374,7 @@ class AllInvestigationsTable(ToasterTable): filter_name="is_severity", hideable=False, static_data_name="severity", - static_data_template="{{data.get_severity_text}}" + static_data_template="{{data.get_severity_text}}", ) self.add_column(title="Comments", @@ -1414,7 +1382,7 @@ class AllInvestigationsTable(ToasterTable): hideable=True, ) - userAccess = Access() + userAccess = Access(self.request.session.get('srt_user_id', '0')) if userAccess.is_admin(): self.add_column(title="Comments Private", field_name="comments_private", @@ -1432,7 +1400,7 @@ class AllInvestigationsTable(ToasterTable): # orderable=True, filter_name="is_product", static_data_name="investigation_products", - static_data_template="<a href=\"{% url 'products' %}\">{{data.product.long_name}}</a>", + static_data_template="<a href=\"{% url 'product' data.product.id %}\">{{data.product.long_name}}</a>", ) @@ -1468,7 +1436,7 @@ class KeywordsTable(ToasterTable): Keywords.objects.all() # # filter out hidden records -# userAccess = Access() +# userAccess = Access(self.request.session.get('srt_user_id', '0')) # if not userAccess.is_admin(): # self.queryset = self.queryset.exclude(public = False) @@ -1504,5 +1472,278 @@ class KeywordsTable(ToasterTable): hideable=False, orderable=False, static_data_name="manage", - static_data_template=manage_link_template) + static_data_template=manage_link_template, + ) + + +class SourcesTable(ToasterTable): + """Table of All Data Sources in SRTool""" + + def __init__(self, *args, **kwargs): + super(SourcesTable, self).__init__(*args, **kwargs) + self.default_orderby = "data" + + def get_context_data(self, **kwargs): + context = super(SourcesTable, self).get_context_data(**kwargs) + return context + + def setup_queryset(self, *args, **kwargs): + self.queryset = \ + DataSource.objects.all() + + self.queryset = self.queryset.order_by(self.default_orderby) + + def setup_columns(self, *args, **kwargs): + + self.add_column(title="Data", + hideable=False, + orderable=True, + field_name="data", + static_data_name="data", + static_data_template='<span id="dataid_{{data.id}}">{{data.data}}</span>', + ) + + self.add_column(title="Source", + hideable=False, + orderable=True, + field_name="source", + ) + + self.add_column(title="Type", + hideable=False, + orderable=True, + field_name="type", + ) + + self.add_column(title="Description", + hideable=False, + orderable=False, + field_name="description", + ) + + self.add_column(title="File Path", + hideable=True, + hidden=True, + orderable=False, + field_name="file_path", + ) + + self.add_column(title="URL", + hideable=True, + hidden=True, + orderable=False, + field_name="url", + ) + + self.add_column(title="Meta URL", + hideable=True, + hidden=True, + orderable=False, + field_name="meta_url", + ) + + self.add_column(title="Data Modified", + hideable=False, + orderable=True, + field_name="lastModifiedDate", + ) + + self.add_column(title="Updates", + hideable=False, + orderable=True, + field_name="update_frequency", + static_data_name="update_frequency", + static_data_template="{{data.get_frequency_text}}", + ) + + self.add_column(title="Updated", + hideable=False, + orderable=True, + field_name="update_time", + ) + + self.add_column(title="Command", + hideable=True, + orderable=False, + field_name="command", + ) + + +class SelectPublishTable(ToasterTable): + """Table of Publishable CVE's in SRTool""" + + def __init__(self, *args, **kwargs): + super(SelectPublishTable, self).__init__(*args, **kwargs) + self.default_orderby = "name" + _log("SelectPublishTable:__init") + + def get_context_data(self,**kwargs): + _log("SelectPublishTable:get_context_data") + context = super(SelectPublishTable, self).get_context_data(**kwargs) + return context + + def setup_filters(self, *args, **kwargs): + _log("SelectPublishTable:setup_filters") + # Status filter + is_status = TableFilter(name="is_status", + title="Filter CVE's by 'Status") + is_status.add_action(TableFilterActionToggle( + "new", + "New", + Q(status=Cve.NEW)) + ) + is_status.add_action(TableFilterActionToggle( + "investigate", + "Investigate", + Q(status=Cve.INVESTIGATE)) + ) + is_status.add_action(TableFilterActionToggle( + "vulnerable", + "Is Vulnerable", + Q(status=Cve.VULNERABLE)) + ) + is_status.add_action(TableFilterActionToggle( + "not_vulnerable", + "Not Vulnerable", + Q(status=Cve.NOT_VULNERABLE)) + ) + self.add_filter(is_status) + + def setup_queryset(self, *args, **kwargs): + _log("SelectPublishTable:setup_queryset") + self.queryset = \ + Cve.objects.filter(publish_state = Cve.PUBLISH_REQUEST) | \ + Cve.objects.filter(publish_state = Cve.PUBLISH_UPDATE) + + _log("SelectPublishTable1:%s" % len(self.queryset)) + + # filter out hidden records !!! ALL NEW ONES SHOULD BE PUBLIC +# userAccess = Access(self.request.session.get('srt_user_id', '0')) +# if not userAccess.is_admin(): +# self.queryset = self.queryset.exclude(public = False) + + self.queryset = self.queryset.order_by(self.default_orderby) + + def setup_columns(self, *args, **kwargs): + + _log("SelectPublishTable:setup_columns") + + self.add_column(title="Select", + field_name="Select", + hideable=False, + static_data_name="select", + static_data_template='<input type="checkbox" name="{{data.name}}" />', + ) + + self.add_column(title="Status", + field_name="status", + hideable=False, + orderable=True, + filter_name="is_status", + static_data_name="status", + static_data_template="{{data.get_status_text}}", + ) + + id_link_template = ''' + <a href="{% url 'cve' data.id %}" id="dataid_{{data.id}}" target="_blank">{{data.name}}</a> + ''' + self.add_column(title="Name", + hideable=False, + orderable=True, + field_name="name", + static_data_name="name", + static_data_template=id_link_template, + ) + + self.add_column(title="Publish Request", + field_name="publish_state", + hideable=False, + static_data_name="publish_state", + static_data_template="{{data.get_publish_text}}", + ) + + self.add_column(title="Request Date", + field_name="publish_date", + hideable=False, + static_data_name="publish_date", + static_data_template="{% if data.publish_date %}{{data.publish_date}}{% else %}ASAP{% endif %}", + ) + + severity_v3_template = ''' + {{data.cvssV3_baseScore}} {{data.cvssV3_baseSeverity}} + ''' + self.add_column(title="Severity (V3)", + help_text="Severity of the CVE (v3)", + hideable=False, + orderable=False, + static_data_name='severity_v3', + static_data_template=severity_v3_template, + ) + + self.add_column(title="Description", + field_name="description", + hideable=False, + ) + +class UpdatePublishedTable(ToasterTable): + """Table of Publish requested CVE's in SRTool""" + + def __init__(self, *args, **kwargs): + super(UpdatePublishedTable, self).__init__(*args, **kwargs) + self.default_orderby = "date" + + def get_context_data(self,**kwargs): + context = super(UpdatePublishedTable, self).get_context_data(**kwargs) + return context + + def setup_queryset(self, *args, **kwargs): + self.queryset = PublishPending.objects.all() + self.queryset = self.queryset.order_by(self.default_orderby) + + def setup_columns(self, *args, **kwargs): + + self.add_column(title="Select", + field_name="Select", + hideable=False, + static_data_name="select", + static_data_template='<input type="checkbox" name="{{data.cve.name}}" />', + ) + + self.add_column(title="Status", + field_name="status", + hideable=False, + orderable=True, + static_data_name="status", + static_data_template="{{data.cve.get_status_text}}", + ) + + id_link_template = ''' + <a href="{% url 'cve' data.cve.id %}" id="dataid_{{data.cve.id}}" target="_blank">{{data.cve.name}}</a> + ''' + self.add_column(title="Name", + hideable=False, + orderable=True, + field_name="name", + static_data_name="name", + static_data_template=id_link_template, + ) + + self.add_column(title="Publish Request", + field_name="publish_state", + hideable=False, + static_data_name="publish_state", + static_data_template="{{data.cve.get_publish_text}}", + ) + + self.add_column(title="Publish Request Date", + field_name="date", + hideable=False, + orderable=True, + ) + + if False: + self.add_column(title="Note", + field_name="note", + hideable=False, + ) |