diff options
Diffstat (limited to 'lib/srtgui/reports.py')
-rw-r--r-- | lib/srtgui/reports.py | 119 |
1 files changed, 115 insertions, 4 deletions
diff --git a/lib/srtgui/reports.py b/lib/srtgui/reports.py index a7de4ca4..297b885a 100644 --- a/lib/srtgui/reports.py +++ b/lib/srtgui/reports.py @@ -659,6 +659,7 @@ class CvesReport(Report): context['report_type_list'] = '\ <option value="summary">CVEs Table</option> \ + <option value="cve_defects">CVE to Defects Table</option> \ ' context['report_get_title'] = '' context['report_recordrange_list'] = '\ @@ -678,7 +679,7 @@ class CvesReport(Report): ' return context - def print_row(self,writer,is_header,is_full,cve): + def print_row_summary(self,writer,is_header,is_full,cve): if is_header: if not is_full: writer.writerow([ @@ -762,6 +763,99 @@ class CvesReport(Report): cve.description, ]) + def print_row_cve_defects(self,writer,mode,is_full,cve,vulnerability,investigation,defect): + if 'header' == mode: + if not is_full: + writer.writerow([ + 'Name', + 'Status', + 'Severity (V3)', + 'Published', + 'Vulnerability', + 'Investigation', + 'Investigation Product', + 'Investigation Priority', + 'Investigation Status', + 'Investigation Outcome', + 'Defect', + 'Defect Priority', + 'Defect Status', + 'Defect resolution', + ]) + else: + writer.writerow([ + 'Name', + 'Status', + 'Severity (V3)', + 'Published', + 'Vulnerability', + 'Investigation', + 'Investigation Product', + 'Investigation Priority', + 'Investigation Status', + 'Investigation Outcome', + 'Defect', + 'Defect Priority', + 'Defect Status', + 'Defect resolution', + ]) + elif 'cve' == mode: + c2v_list = cve.cve_to_vulnerability.all() + if c2v_list: + for cv in c2v_list: + v2i_list = cv.vulnerability.vulnerability_investigation.all() + if v2i_list: + for investigation in v2i_list: + i2d_list = investigation.investigation_to_defect.all() + if i2d_list: + for i2d in investigation.investigation_to_defect.all(): + self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,investigation,i2d.defect) + else: + self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,investigation,None) + else: + self.print_row_cve_defects(writer,'line',is_full,cve,cv.vulnerability,None,None) + else: + self.print_row_cve_defects(writer,'line',is_full,cve,None,None,None) + else: + if not is_full: + writer.writerow([ + cve.name, + cve.get_status_text, + '%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity), + cve.get_publish_text, + vulnerability.name if vulnerability else '<no_vulnerability>', + investigation.name if investigation else '', + investigation.product.long_name if investigation and investigation.product else '<no_product>', + investigation.get_priority_text if investigation else '', + investigation.get_status_text if investigation else '', + investigation.get_outcome_text if investigation else '', + defect.name if defect else '<no_defect>', + defect.get_priority_text if defect else '', + defect.get_status_text if defect else '', + defect.get_resolution_text if defect else '', + ]) + else: + writer.writerow([ + cve.name, + cve.get_status_text, + '%s %s' % (cve.recommend,cve.recommend_list), + cve.cve_data_type, + cve.cve_data_format, + cve.cve_data_version, + '%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity), + '%s %s' % (cve.cvssV2_baseScore,cve.cvssV2_severity), + cve.get_publish_text, + vulnerability.name if vulnerability else '', + investigation.name if investigation else '', + investigation.get_priority_text if investigation else '', + investigation.get_status_text if investigation else '', + investigation.get_outcome_text if investigation else '', + defect.name if defect else '', + defect.get_priority_text if defect else '', + defect.get_status_text if defect else '', + defect.get_outcome_text if defect else '', + ]) + def exec_report(self, *args, **kwargs): _log_args("REPORT_CVES_EXEC", *args, **kwargs) super(CvesReport, self).exec_report(*args, **kwargs) @@ -786,21 +880,38 @@ class CvesReport(Report): writer = csv.writer(csvfile, delimiter=delimiter, quotechar='"', quoting=csv.QUOTE_MINIMAL) if ('summary' == report_type): - self.print_row(writer,True,"all" == columns,None) + self.print_row_summary(writer,True,"all" == columns,None) + if 'displayed' == range: + for id in record_list.split(','): + if not id: + continue + cve = Cve.objects.get(id=id) + if not name_filter or (name_filter in cve.name): + self.print_row_summary(writer,False,"all" == columns,cve) + elif 'all' == range: + if name_filter: + query = Cve.objects.filter(name__contains=name_filter).order_by('name') + else: + query = Cve.objects.all().order_by('name') + for cve in query: + self.print_row_summary(writer,False,"all" == columns,cve) + + if ('cve_defects' == report_type): + self.print_row_cve_defects(writer,'header',"all" == columns,None,None,None,None) if 'displayed' == range: for id in record_list.split(','): if not id: continue cve = Cve.objects.get(id=id) if not name_filter or (name_filter in cve.name): - self.print_row(writer,False,"all" == columns,cve) + self.print_row_cve_defects(writer,'cve',"all" == columns,cve,None,None,None) elif 'all' == range: if name_filter: query = Cve.objects.filter(name__contains=name_filter).order_by('name') else: query = Cve.objects.all().order_by('name') for cve in query: - self.print_row(writer,False,"all" == columns,cve) + self.print_row_cve_defects(writer,'line',"all" == columns,cve,None,None,None) return report_name,os.path.basename(report_name) |