diff options
Diffstat (limited to 'lib/srtgui/reports.py')
| -rw-r--r-- | lib/srtgui/reports.py | 492 |
1 files changed, 415 insertions, 77 deletions
diff --git a/lib/srtgui/reports.py b/lib/srtgui/reports.py index 572e45bf..e282a8d0 100644 --- a/lib/srtgui/reports.py +++ b/lib/srtgui/reports.py @@ -25,6 +25,8 @@ import csv from orm.models import Cve, CveSource, Vulnerability, Investigation, Defect, Product from orm.models import Package +from orm.models import SRTool, SrtSetting +from orm.models import PublishSet, DefectHistory from srtgui.api import readCveDetails, summaryCveDetails from django.db.models import Q @@ -93,7 +95,14 @@ class ManagementReport(Report): context['report_columnrange_list'] = '' context['report_format_list'] = '\ <input type="radio" name="format" value="txt" checked> Text<br> \ - <input type="radio" name="format" value="csv"> CSV<br> \ + <input type="radio" name="format" value="csv"> CSV \ + (Separator: \ + <select name="csv_separator"> \ + <option value="semi">Semi-colon</option> \ + <option value="comma">Comma</option> \ + <option value="tab">Tab</option> \ + </select>) \ + <br> \ ' return context @@ -107,12 +116,15 @@ class ManagementReport(Report): format = request_POST.get('format', '') title = request_POST.get('title', '') report_type = request_POST.get('report_type', '') + csv_separator = request_POST.get('csv_separator', 'semi') - report_name = '%s/management_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/management_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: - tab = "\t" + tab = ';' + if csv_separator == 'comma': tab = ',' + if csv_separator == 'tab': tab = '\t' else: tab = " = " @@ -125,11 +137,13 @@ class ManagementReport(Report): file.write("%s%s%s\n" % ('cve_open',tab,Cve.objects.filter( Q(status=Cve.INVESTIGATE) & Q(status=Cve.VULNERABLE) ).count())) file.write("%s%s%s\n" % ('vulnerability_total',tab,Vulnerability.objects.all().count())) file.write("%s%s%s\n" % ('vulnerability_open',tab,Vulnerability.objects.filter(outcome=Vulnerability.OPEN).count())) + file.write("%s%s%s\n" % ('vulnerability_critical',tab,Vulnerability.objects.filter(priority=Vulnerability.CRITICAL).count())) file.write("%s%s%s\n" % ('vulnerability_high',tab,Vulnerability.objects.filter(priority=Vulnerability.HIGH).count())) file.write("%s%s%s\n" % ('vulnerability_medium',tab,Vulnerability.objects.filter(priority=Vulnerability.MEDIUM).count())) - file.write("%s%s%s\n" % ('vulnerability_low',tab,Vulnerability.objects.filter(priority=Vulnerability.HIGH).count())) + file.write("%s%s%s\n" % ('vulnerability_low',tab,Vulnerability.objects.filter(priority=Vulnerability.LOW).count())) file.write("%s%s%s\n" % ('investigation_total',tab,Investigation.objects.all().count())) file.write("%s%s%s\n" % ('investigation_open',tab,Investigation.objects.filter(outcome=Investigation.OPEN).count())) + file.write("%s%s%s\n" % ('investigation_critical',tab,Investigation.objects.filter(priority=Investigation.CRITICAL).count())) file.write("%s%s%s\n" % ('investigation_high',tab,Investigation.objects.filter(priority=Investigation.HIGH).count())) file.write("%s%s%s\n" % ('investigation_medium',tab,Investigation.objects.filter(priority=Investigation.MEDIUM).count())) file.write("%s%s%s\n" % ('investigation_low',tab,Investigation.objects.filter(priority=Investigation.LOW).count())) @@ -254,7 +268,7 @@ class CveReport(Report): cve = Cve.objects.get(id=record_list) - report_name = '%s/cve_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/cve_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: @@ -417,9 +431,9 @@ class VulnerabilityReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - v = Vulnerability.objects.get(id=record_list) + vulnerability = Vulnerability.objects.get(id=record_list) - report_name = '%s/vulnerability_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/vulnerability_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: @@ -429,24 +443,26 @@ class VulnerabilityReport(Report): if ('summary' == report_type) or ('audit' == report_type): if 'txt' == format: - file.write("Report : Vulnerability %s - Summary\n" % v.name) + file.write("Report : Vulnerability %s - Summary\n" % vulnerability.name) file.write("\n") - file.write("Vulnerability: %s\n" % v.name) - file.write(" Status: %s\n" % v.get_status_text) - file.write(" Outcome: %s\n" % v.get_outcome_text) - file.write(" Priority: %s\n" % v.get_priority_text) - file.write(" Comments: %s\n" % v.comments) + file.write("Vulnerability: %s\n" % vulnerability.name) + file.write(" Status: %s\n" % vulnerability.get_status_text) + file.write(" Outcome: %s\n" % vulnerability.get_outcome_text) + file.write(" Priority: %s\n" % vulnerability.get_priority_text) + file.write(" Comments: %s\n" % vulnerability.comments) file.write("\n") - file.write("Affected Products:\n") + file.write("Products:\n") found_p = False - for i,p in enumerate(v.get_affected_list): - found_p = True - file.write("%2d) Product: %s\n" % (i,p.product.long_name)) - found_i = False - for investigation in Investigation.objects.filter(vulnerability=v,product=p.product): + for i,product in enumerate(Product.objects.all().order_by('order')): + product_header = False + for investigation in Investigation.objects.filter(vulnerability=vulnerability,product=product): + found_p = True found_i = True + if not product_header: + file.write("%2d) Product: %s\n" % (i+1,investigation.product.long_name)) + product_header = True file.write(" Investigation: %s\n" % investigation.name) file.write(" Status: %s\n" % investigation.get_status_text) file.write(" Outcome: %s\n" % investigation.get_outcome_text) @@ -457,24 +473,13 @@ class VulnerabilityReport(Report): file.write(",") file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text)) file.write("\n") - if not found_i: - file.write(" No investigations found\n") - if not found_p: - file.write(" No affected products found\n") - - file.write("\n") - file.write("Related Products:\n") - found_p = False - for i,p in enumerate(v.get_related_list): - found_p = True - file.write("%2d) Product: %s\n" % (i,p.product.long_name)) if not found_p: - file.write(" No related products found\n") + file.write(" No products found\n") file.write("\n") file.write("Comments:\n") found_c = False - for i,vc in enumerate(v.vulnerability_comments.all()): + for i,vc in enumerate(vulnerability.vulnerability_comments.all()): found_c = True file.write(" %2d) %s (%s): %s\n" % (i,vc.date,vc.author,vc.comment)) if not found_c: @@ -483,7 +488,7 @@ class VulnerabilityReport(Report): if 'audit' == report_type: file.write("\n") file.write("Audit Trail:\n") - for i,vh in enumerate(v.vulnerability_history.all()): + for i,vh in enumerate(vulnerability.vulnerability_history.all()): file.write(" %2d) %s (%s): %s\n" % (i,vh.date,vh.author,vh.comment)) file.write("\n") @@ -529,7 +534,7 @@ class InvestigationReport(Report): investigation = Investigation.objects.get(id=record_list) - report_name = '%s/investigation_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/investigation_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: @@ -593,7 +598,14 @@ class DefectReport(Report): context['report_columnrange_list'] = '' context['report_format_list'] = '\ <input type="radio" name="format" value="txt" checked> Text<br> \ - <input type="radio" name="format" value="csv"> CSV<br> \ + <input type="radio" name="format" value="csv"> CSV \ + (Separator: \ + <select name="csv_separator"> \ + <option value="semi">Semi-colon</option> \ + <option value="comma">Comma</option> \ + <option value="tab">Tab</option> \ + </select>) \ + <br> \ ' return context @@ -608,29 +620,36 @@ class DefectReport(Report): title = request_POST.get('title', '') report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') + csv_separator = request_POST.get('csv_separator', 'semi') - report_name = '%s/defect_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/defect_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: - tab = "\t" + tab = ';' + if csv_separator == 'comma': tab = ',' + if csv_separator == 'tab': tab = '\t' else: tab = "," if ('summary' == report_type): if 'csv' == format: - file.write("Name\tSummary\tPriority\tStatus\tResolution\tReleased Version\tURL\tInvestigations\tProduct\n") + file.write("Name\tSummary\tPriority\tStatus\tResolution\tSRT Priority\tSRT Status\tSRT Outcome\tReleased Version\tURL\tInvestigations\tProduct\n") if 'txt' == format: file.write("Report : Defects Table\n") file.write("\n") - file.write("Name,Summary,Priority,Status,Resolution,Released Version,URL,Investigations,Product\n") + file.write("Name,Summary,Priority,Status,Resolution,SRT Priority,SRT Status,SRT Outcome,Released Version,URL,Investigations,Product\n") defect = Defect.objects.get(id=record_list) file.write("%s%s" % (defect.name,tab)) file.write("%s%s" % (defect.summary,tab)) + + file.write("%s%s" % (defect.get_defect_priority_text,tab)) + file.write("%s%s" % (defect.get_defect_status_text,tab)) + file.write("%s%s" % (defect.get_defect_resolution_text,tab)) file.write("%s%s" % (defect.get_priority_text,tab)) file.write("%s%s" % (defect.get_status_text,tab)) - file.write("%s%s" % (defect.get_resolution_text,tab)) + file.write("%s%s" % (defect.get_outcome_text,tab)) file.write("%s%s" % (defect.release_version,tab)) file.write("%s%s" % (defect.publish,tab)) file.write("%s%s" % (defect.url,tab)) @@ -832,7 +851,7 @@ class CvesReport(Report): defect.name if defect else '<no_defect>', defect.get_priority_text if defect else '', defect.get_status_text if defect else '', - defect.get_resolution_text if defect else '', + defect.get_defect_resolution_text if defect else '', ]) else: writer.writerow([ @@ -848,7 +867,7 @@ class CvesReport(Report): defect.name if defect else '<no_defect>', defect.get_priority_text if defect else '', defect.get_status_text if defect else '', - defect.get_resolution_text if defect else '', + defect.get_defect_resolution_text if defect else '', ]) def exec_report(self, *args, **kwargs): @@ -865,7 +884,7 @@ class CvesReport(Report): record_list = request_POST.get('record_list', '') name_filter = request_POST.get('name_filter', '').upper() - report_name = '%s/cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) if 'csv' == format: delimiter = '\t' else: @@ -947,7 +966,7 @@ class SelectCvesReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - report_name = '%s/select_cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/select_cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: @@ -1105,7 +1124,7 @@ class VulnerabilitiesReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - report_name = '%s/vulnerabilities_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/vulnerabilities_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) if 'csv' == format: delimiter = '\t' else: @@ -1153,11 +1172,18 @@ class InvestigationsReport(Report): <input type="radio" name="columns" value="all" > All<br> \ ' context['report_format_list'] = '\ - <input type="radio" name="format" value="txt" checked> Text (comma delimited)<br> \ - <input type="radio" name="format" value="csv"> CSV (tab delimited)<br> \ + <input type="radio" name="format" value="txt" checked> Text<br> \ + <input type="radio" name="format" value="csv"> CSV \ + (Separator: \ + <select name="csv_separator"> \ + <option value="semi">Semi-colon</option> \ + <option value="comma">Comma</option> \ + <option value="tab">Tab</option> \ + </select>) \ + <br> \ ' context['report_custom_list'] = '\ - Product defect prefix filter = <input type="text" placeholder="e.g. LIN9" name="name_filter" size="40"> (method to filter by product)<br>\ + Product defect prefix filter = <input type="text" placeholder="" name="name_filter" size="40"> (method to filter by product)<br>\ ' return context @@ -1175,6 +1201,7 @@ class InvestigationsReport(Report): 'Comments Private', 'Vulnerability', 'Product', + 'Updated', ]) else: writer.writerow([ @@ -1188,6 +1215,7 @@ class InvestigationsReport(Report): 'Comments Private', 'Vulnerability', 'Product', + 'Updated', ]) else: investigation_defects = '' @@ -1212,6 +1240,7 @@ class InvestigationsReport(Report): investigation.comments_private, investigation.vulnerability.get_long_name, investigation.product.long_name, + investigation.srt_updated.strftime('%m-%d-%Y'), ]) else: writer.writerow([ @@ -1225,6 +1254,7 @@ class InvestigationsReport(Report): investigation.comments_private, investigation.vulnerability.get_long_name, investigation.product.long_name, + investigation.srt_updated.strftime('%m-%d-%Y'), ]) def exec_report(self, *args, **kwargs): @@ -1240,12 +1270,16 @@ class InvestigationsReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') name_filter = request_POST.get('name_filter', '').upper() + csv_separator = request_POST.get('csv_separator', 'semi') + + report_name = '%s/investigations_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) - report_name = '%s/investigations_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) if 'csv' == format: - delimiter = '\t' + delimiter = ';' + if csv_separator == 'comma': delimiter = ',' + if csv_separator == 'tab': delimiter = '\t' else: - delimiter = ',' + delimiter = "," with open(report_name, 'w', newline='') as csvfile: writer = csv.writer(csvfile, delimiter=delimiter, @@ -1293,11 +1327,19 @@ class DefectsReport(Report): ' context['report_format_list'] = '\ <input type="radio" name="format" value="txt" checked> Text (comma delimited)<br> \ - <input type="radio" name="format" value="csv"> CSV (tab delimited)<br> \ + <input type="radio" name="format" value="csv"> CSV \ + (Separator: \ + <select name="csv_separator"> \ + <option value="semi">Semi-colon</option> \ + <option value="comma">Comma</option> \ + <option value="tab">Tab</option> \ + </select>) \ + <br> \ ' + context['report_custom_list'] = '\ - Defect name filter = <input type="text" placeholder="e.g. LIN9" name="name_filter" size="40"> <br>\ - ' + Defect name filter = <input type="text" placeholder="e.g. %s" name="name_filter" size="40"> <br>\ + ' % SrtSetting.get_setting('SRTOOL_DEFECT_SAMPLENAME',"DEFECT-XYZ") return context def print_row(self,writer,is_header,is_full,defect): @@ -1309,6 +1351,9 @@ class DefectsReport(Report): 'Priority', 'Status', 'Resolution', + 'SRT Priority', + 'SRT Status', + 'SRT Outcome', 'Release Version', 'Publish', 'Investigations', @@ -1321,6 +1366,9 @@ class DefectsReport(Report): 'Priority', 'Status', 'Resolution', + 'SRT Priority', + 'SRT Status', + 'SRT Outcome', 'Release Version', 'Publish', 'URL', @@ -1337,9 +1385,12 @@ class DefectsReport(Report): writer.writerow([ defect.name, defect.summary, + defect.get_defect_priority_text, + defect.get_defect_status_text, + defect.get_defect_resolution_text, defect.get_priority_text, defect.get_status_text, - defect.get_resolution_text, + defect.get_outcome_text, defect.release_version, defect.publish, defect_investigations, @@ -1349,9 +1400,12 @@ class DefectsReport(Report): writer.writerow([ defect.name, defect.summary, + defect.get_defect_priority_text, + defect.get_defect_status_text, + defect.get_defect_resolution_text, defect.get_priority_text, defect.get_status_text, - defect.get_resolution_text, + defect.get_outcome_text, defect.release_version, defect.publish, defect.url, @@ -1372,10 +1426,13 @@ class DefectsReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') name_filter = request_POST.get('name_filter', '').upper() + csv_separator = request_POST.get('csv_separator', 'semi') - report_name = '%s/defects_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/defects_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) if 'csv' == format: - delimiter = '\t' + delimiter = ';' + if csv_separator == 'comma': delimiter = ',' + if csv_separator == 'tab': delimiter = '\t' else: delimiter = ',' with open(report_name, 'w', newline='') as csvfile: @@ -1437,7 +1494,7 @@ class ProductsReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - report_name = '%s/products_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/products_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: if 'csv' == format: @@ -1504,7 +1561,6 @@ class PublishCveReport(Report): _log_args("REPORT_PUBLISHCVE_EXEC", *args, **kwargs) super(PublishCveReport, self).exec_report(*args, **kwargs) - _log("FOO1") request_POST = self.request.POST records = request_POST.get('records', '') @@ -1513,11 +1569,9 @@ class PublishCveReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - _log("FOO2 (%s,%s,%s" % (record_list,format,report_type)) - report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: - _log("FOO3") if 'csv' == format: tab = "\t" else: @@ -1531,9 +1585,7 @@ class PublishCveReport(Report): file.write("\n") file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n") - _log("FOO4") for id in record_list.split(','): - _log("FOO5:%s" % id) if not id: continue try: @@ -1553,9 +1605,8 @@ class PublishCveReport(Report): file.write("%s" % (cve.description)) file.write("\n") except Exception as e: - _log("FOOX:%s" % e) + _log("EXCEPTION:%s" % e) - _log("FOO9:%s" % (report_name)) return report_name,os.path.basename(report_name) class PublishPendingCveReport(Report): @@ -1586,7 +1637,6 @@ class PublishPendingCveReport(Report): _log_args("REPORT_PUBLISHPENDINGCVE_EXEC", *args, **kwargs) super(PublishPendingCveReport, self).exec_report(*args, **kwargs) - _log("FOO1") request_POST = self.request.POST records = request_POST.get('records', '') @@ -1595,11 +1645,9 @@ class PublishPendingCveReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - _log("FOO2 (%s,%s,%s" % (record_list,format,report_type)) - report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) with open(report_name, 'w') as file: - _log("FOO3") if 'csv' == format: tab = "\t" else: @@ -1613,11 +1661,9 @@ class PublishPendingCveReport(Report): file.write("\n") file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n") - _log("FOO4") for id in record_list.split(','): if not id: continue - _log("FOO5:%s" % id) try: cve = Cve.objects.get(id=id) file.write("%s%s" % (cve.name,tab)) @@ -1635,9 +1681,188 @@ class PublishPendingCveReport(Report): file.write("%s" % (cve.description)) file.write("\n") except Exception as e: - _log("FOOX:%s" % e) + _log("EXCEPTION:%s" % e) + + return report_name,os.path.basename(report_name) + +class PublishListReport(Report): + """Report for the Publish Cve Page""" + + def __init__(self, parent_page, *args, **kwargs): + _log_args("REPORT_PUBLISHLIST_INIT(%s)" % parent_page, *args, **kwargs) + super(PublishListReport, self).__init__(parent_page, *args, **kwargs) + + def get_context_data(self, *args, **kwargs): + _log_args("REPORT_PUBLISHLIST_CONTEXT", *args, **kwargs) + context = super(PublishListReport, self).get_context_data(*args, **kwargs) + context['report_type_list'] = '\ + <option value="preview">Preview CVE Publish List</option> \ + <option value="report">Publish Report </option> \ + ' + context['report_columnrange_list'] = '' + context['report_format_list'] = '\ + <input type="radio" name="format" value="txt" checked> Text<br> \ + <input type="radio" name="format" value="csv"> CSV \ + (Separator: \ + <select name="csv_separator"> \ + <option value="semi">Semi-colon</option> \ + <option value="comma">Comma</option> \ + <option value="tab">Tab</option> \ + </select>) \ + <br> \ + ' + return context + + def exec_report(self, *args, **kwargs): + _log_args("REPORT_PUBLISHLIST_EXEC", *args, **kwargs) + super(PublishListReport, self).exec_report(*args, **kwargs) + + request_POST = self.request.POST + format = request_POST.get('format', '') + report_type = request_POST.get('report_type', '') + csv_separator = request_POST.get('csv_separator', 'semi') + + report_name = '%s/publish_list_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) + with open(report_name, 'w') as file: + + if 'csv' == format: + tab = ';' + if csv_separator == 'comma': tab = ',' + if csv_separator == 'tab': tab = '\t' + else: + tab = "," + + if ('preview' == report_type): + if 'csv' == format: + file.write("State\tCve_Name\tCve_Published\tCve_Modified\tCve_Status\tCve_Acknowledge\tReason\tCVE_Description\n".replace('\t',tab)) + if 'txt' == format: + file.write("Report : CVEs Table\n") + file.write("\n") + file.write('%-7s %-18s %11s %11s %16s %11s %-35s %s\n' % ('State','Cve_Name','Published','Modified','Cve_Status','Acknowledge','CVE_Description','Reason')) + + for publishset in PublishSet.objects.all(): + if 'csv' == format: + file.write("%s%s" % (publishset.state_text,tab)) + file.write("%s%s" % (publishset.cve.name,tab)) + file.write("%s%s" % (publishset.cve.publishedDate,tab)) + file.write("%s%s" % (publishset.cve.lastModifiedDate,tab)) + file.write("%s%s" % (publishset.cve.get_status_text,tab)) + file.write("%s%s" % (publishset.cve.acknowledge_date,tab)) + file.write("%s%s" % (publishset.reason,tab)) + file.write("%s%s" % (publishset.cve.description,tab)) + file.write("\n") + if 'txt' == format: + try: + acknowledge_date = publishset.cve.acknowledge_date.strftime('%m/%d/%Y') + except: + acknowledge_date = '' + if publishset.cve.description: + description = publishset.cve.description[:30] + '...' + else: + description = '' + file.write("%-7s," % publishset.state_text) + file.write("%-18s," % publishset.cve.name) + file.write("%11s," % publishset.cve.publishedDate) + file.write("%11s," % publishset.cve.lastModifiedDate) + file.write("%16s," % publishset.cve.get_status_text) + file.write("%11s," % acknowledge_date) + file.write("%-35s," % description) + file.write("%s," % publishset.reason) + file.write("\n") + + if ('report' == report_type): + product_list = Product.objects.all() + + def get_product_status_matrix(product_list,cve): + # Preset the default product status labels + status_table = {} + product_top_order = 99 + product_top_defect = [] + for product in product_list: + status_table[product.key] = publishset.cve.get_status_text + # Set the specific status for the child investigations + for cv in cve.cve_to_vulnerability.all(): + #status_text = cv.vulnerability.get_status_text + for investigation in cv.vulnerability.vulnerability_investigation.all(): + product_key = investigation.product.key + release_version_list = [] + for id in investigation.investigation_to_defect.all(): + # Find defect(s) for higest ordered product + if product_top_order > investigation.product.order: + product_top_order = investigation.product.order + product_top_defect = [] + if product_top_order == investigation.product.order: + product_top_defect.append(id.defect.name) + # Gather the status or release version + if id.defect.release_version: + release_version_list.append(id.defect.release_version) + release_version = '/'.join(release_version_list) + if release_version: + status_table[product_key] = release_version + elif investigation.status in (SRTool.NOT_VULNERABLE,SRTool.VULNERABLE): + status_table[product_key] = investigation.get_status_text + else: + status_table[product_key] = '' + return status_table + + if 'csv' == format: + file.write("State\tCve_Name\tCve_Published\tCve_Modified\tCve_Status\tCve_Acknowledge\tCVE_Description") + for product in product_list: + file.write("\t%s" % product.long_name) + file.write("\n") + + if 'txt' == format: + file.write("Report : CVEs Table\n") + file.write("\n") + file.write('%-7s,%-18s,%11s,%11s,%16s,%11s,%-35s,' % ('State','Cve_Name','Published','Modified','Cve_Status','Acknowledge','CVE_Description')) + for product in product_list: + min_len = max(16,len(product.long_name)+1) + str_format = "%s%ds," % ('%',min_len) + file.write(str_format % product.long_name) + file.write("\n") + for publishset in PublishSet.objects.all(): + if 'csv' == format: + # Print common status + file.write("%s%s" % (publishset.state_text,tab)) + file.write("%s%s" % (publishset.cve.name,tab)) + file.write("%s%s" % (publishset.cve.publishedDate,tab)) + file.write("%s%s" % (publishset.cve.lastModifiedDate,tab)) + file.write("%s%s" % (publishset.cve.get_status_text,tab)) + file.write("%s%s" % (publishset.cve.acknowledge_date,tab)) + file.write("%s%s" % (publishset.reason,tab)) + file.write("%s%s" % (publishset.cve.description,tab)) + # Compute the product columns + status_table = get_product_status_matrix(product_list,publishset.cve) + # Print the product columns + for product in Product.objects.all(): + file.write("%s%s" % (status_table[product.key],tab)) + file.write("\n") + if 'txt' == format: + try: + acknowledge_date = publishset.cve.acknowledge_date.strftime('%m/%d/%Y') + except: + acknowledge_date = '' + if publishset.cve.description: + description = publishset.cve.description[:30] + '...' + else: + description = '' + # Print common status + file.write("%-7s," % publishset.state_text) + file.write("%-18s," % publishset.cve.name) + file.write("%11s," % publishset.cve.publishedDate) + file.write("%11s," % publishset.cve.lastModifiedDate) + file.write("%16s," % publishset.cve.get_status_text) + file.write("%11s," % acknowledge_date) + file.write("%-35s," % description) + # Compute the product columns + status_table = get_product_status_matrix(product_list,publishset.cve) + # Print the product columns + for product in Product.objects.all(): + min_len = max(16,len(product.long_name)+1) + str_format = "%s%ds," % ('%',min_len) + file.write(str_format % status_table[product.key]) + file.write("\n") - _log("FOO9:%s" % (report_name)) return report_name,os.path.basename(report_name) class PackageFiltersReport(Report): @@ -1659,7 +1884,7 @@ class PackageFiltersReport(Report): ' context['report_columnrange_list'] = '' context['report_format_list'] = '\ - <input type="radio" name="format" value="csv" checked> CSV<br> \ + <input type="radio" name="format" value="csv" checked> r<br> \ ' return context @@ -1731,7 +1956,7 @@ class CpesSrtoolReport(Report): report_type = request_POST.get('report_type', '') record_list = request_POST.get('record_list', '') - report_name = '%s/cpes_srtool_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format) + report_name = '%s/cpes_srtool_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) reportfile = open(report_name, 'w', newline='') if 'csv' == format: @@ -1776,6 +2001,111 @@ class CpesSrtoolReport(Report): return report_name,os.path.basename(report_name) +############################################################################### +# +# History reports +# + +class HistoryDefectReport(Report): + """Report for the History Defect Page""" + + def __init__(self, parent_page, *args, **kwargs): + _log_args("WR_HISTORY_DEFECT_INIT(%s)" % parent_page, *args, **kwargs) + super(HistoryDefectReport, self).__init__(parent_page, *args, **kwargs) + + def get_context_data(self, *args, **kwargs): + _log_args("WR_HISTORY_DEFECT_CONTEXT", *args, **kwargs) + context = super(HistoryDefectReport, self).get_context_data(*args, **kwargs) + + context['report_type_list'] = '\ + <option value="history">Defect History</option> \ + ' + + context['report_columnrange_list'] = '' + context['report_format_list'] = '\ + <input type="radio" name="format" value="txt" checked> Text<br> \ + <input type="radio" name="format" value="csv"> CSV \ + (Separator: \ + <select name="csv_separator"> \ + <option value="semi">Semi-colon</option> \ + <option value="comma">Comma</option> \ + <option value="tab">Tab</option> \ + </select>) \ + <br> \ + ' + + context['report_recordrange_list'] = '\ + <input type="radio" name="records" value="selected" checked> Selected<br> \ + <input type="radio" name="records" value="all"> All<br> \ + ' + + # Add a date range + date_start = datetime.strptime('2019-2-15', '%Y-%m-%d') + date_stop = datetime.strptime('2019-3-15', '%Y-%m-%d') + context['report_date_list'] = '\ + Start: <input type="text" name="date_start" value="%s"><br> \ + Stop: <input type="text" name="date_stop" value="%s"> \ + ' % (date_start.strftime('%m/%d/%Y'),date_stop.strftime('%m/%d/%Y')) + + # Done! + return context + + def exec_report(self, *args, **kwargs): + _log_args("WR_HISTORY_DEFECT_EXEC", *args, **kwargs) + + request_POST = self.request.POST + + records = request_POST.get('records', '') + format = request_POST.get('format', '') +# title = request_POST.get('title', '') + report_type = request_POST.get('report_type', '') + record_list = request_POST.get('record_list', '') + csv_separator = request_POST.get('csv_separator', 'semi') + + # Dates (make as no timezone) + msg = '' + try: + msg = 'Start:%s' % request_POST.get('date_start', '') + date_start = datetime.strptime(request_POST.get('date_start', ''), '%m/%d/%Y') + msg = 'Stop:%s' % request_POST.get('date_stop', '') + date_stop = datetime.strptime(request_POST.get('date_stop', ''), '%m/%d/%Y') + if date_stop < date_start: + return 'Error:stop date is before start date','' + except Exception as e: + return 'Error:bad format for dates (must be mm/dd/yyyy) (%s)(%s)' % (msg,e),'' + + report_name = '%s/defect_history_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d_%H%M'),format) + with open(report_name, 'w') as file: + + if 'csv' == format: + separator = ";" + if csv_separator == 'comma': separator = "," + if csv_separator == 'tab': separator = "\t" + writer = csv.writer(csvfile, delimiter=separator, + quotechar='"', quoting=csv.QUOTE_MINIMAL) + else: + separator = "," + + if ('history' == report_type): + if 'csv' == format: + writer.writerow(['Index','Defect','Date','Author','Comment']) + if 'txt' == format: + file.write("Report : Defect History\n") + file.write("\n") + text_format='%02d) %-14s %-10s %-10s %s\n' + file.write(text_format % (0,'Defect','Date','Author','Comment')) + + for i,dh in enumerate(DefectHistory.objects.filter(date__gte=date_start,date__lte=date_stop).order_by('defect__name')): + if 'csv' == format: + writer.writerow([i+1,dh.defect.name,dh.date.strftime('%Y-%m-%d'),dh.author,dh.comment]) + if 'txt' == format: + file.write(text_format % (i+1,dh.defect.name,dh.date.strftime('%Y-%m-%d'),dh.author,dh.comment)) + + return report_name,os.path.basename(report_name) + +############################################################################### +# + class DefaultReport(Report): """Report for the Default Page""" @@ -1843,11 +2173,19 @@ class ReportManager(): elif 'update-published' == parent_page: return PublishPendingCveReport(parent_page, *args, **kwargs) + elif 'publish' == parent_page: + return PublishListReport(parent_page, *args, **kwargs) + elif 'publish-list' == parent_page: + return PublishListReport(parent_page, *args, **kwargs) + elif 'package-filters' == parent_page: return PackageFiltersReport(parent_page, *args, **kwargs) elif 'cpes_srtool' == parent_page: return CpesSrtoolReport(parent_page, *args, **kwargs) + elif 'history_defect' == parent_page: + return HistoryDefectReport(parent_page, *args, **kwargs) + else: return DefaultReport(parent_page, *args, **kwargs) |