diff options
Diffstat (limited to 'lib/srtgui/templates')
26 files changed, 2398 insertions, 453 deletions
diff --git a/lib/srtgui/templates/base.html b/lib/srtgui/templates/base.html index 3cc98a49..527d6b9b 100644 --- a/lib/srtgui/templates/base.html +++ b/lib/srtgui/templates/base.html @@ -148,9 +148,15 @@ window.onclick = function(event) { </div> <div class="collapse navbar-collapse" id="global-nav"> <ul class="nav navbar-nav"> + <li id="navbar-home" {% if request.resolver_match.url_name == 'landing' %}class="active"{% endif %}> + <a href="{% url 'landing' %}"> + <i class="glyphicon glyphicon-tasks"></i> + Home + </a> + </li> {% if access.is_guest %} {% else %} - <li id="navbar-manage" class="active"> + <li id="navbar-manage" {% if request.resolver_match.url_name == 'manage' %}class="active"{% endif %}> <a href="{% url 'manage' %}"> <i class="glyphicon glyphicon-tasks"></i> Management @@ -158,18 +164,18 @@ window.onclick = function(event) { </li> {% endif %} {% if request.resolver_match.url_name != 'landing' %} - <li id="navbar-all-builds" - {% if request.resolver_match.url_name == 'all-cves' %} + <li id="navbar-all-cves" + {% if request.resolver_match.url_name == 'cves' %} class="active" {% endif %}> - <a href="{% url 'all-cves' %}"> + <a href="{% url 'cves' %}"> <i class="glyphicon glyphicon-tasks"></i> All CVE's </a> </li> {% endif %} <li id="navbar-docs"> - <a href="{% url 'guided_tour' %}"> <i class="glyphicon glyphicon-book"></i> Documentation </a> + <a href="{% url 'guided_tour' %}"> <i class="glyphicon glyphicon-book"></i> Documentation ({{srt_user_id}},{{access.current_user_access}})</a> <!-- <a target="_blank" href="https://knowledge.windriver.com/en-us/000_Products/000/010/050"> <i class="glyphicon glyphicon-book"></i> @@ -180,7 +186,7 @@ window.onclick = function(event) { </ul> {% if access.is_guest %} - <a class="btn btn-default navbar-btn navbar-right" id="login-button" href="{% url 'login_admin' %}">Login (Guest)</a> + <a class="btn btn-default navbar-btn navbar-right" id="login-button" href="{% url 'login' %}">Login (Guest)</a> {% else %} <a class="btn btn-default navbar-btn navbar-right" id="login-button" href="{% url 'login_guest' %}">Logout ({{access.user_name}})</a> {% endif %} @@ -189,19 +195,9 @@ window.onclick = function(event) { <button onclick="myFunction()" class="dropbtn ">Tools</button> <div id="myDropdown" class="dropdown-content"> {% if request.resolver_match.url_name == 'landing' %} - {% if access.is_creator %} - <a href="{% url 'users' %}">Users</a> - <a href="{% url 'sources' %}">Sources</a> - <a href="{% url 'manage' %}">Management</a> - {% endif %} - <a href="{% url 'export' request.resolver_match.url_name %}">Report ...</a> - <a href="{% url 'export' request.resolver_match.url_name %}">Export ...</a> + <a href="{% url 'report' request.resolver_match.url_name %}">Report/Export ...</a> {% else %} - {% if access.is_creator %} - <a href="">Edit ...</a> - {% endif %} - <a href="{% url 'export' request.resolver_match.url_name %}">Report ...</a> - <a href="{% url 'export' request.resolver_match.url_name %}">Export ...</a> + <a id="report_link" href="{% url 'report' request.resolver_match.url_name %}">Report/Export ...</a> {% endif %} </div> </div> diff --git a/lib/srtgui/templates/cpes-toastertable.html b/lib/srtgui/templates/cpes-toastertable.html index 58101e2a..8c92c012 100644 --- a/lib/srtgui/templates/cpes-toastertable.html +++ b/lib/srtgui/templates/cpes-toastertable.html @@ -29,7 +29,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cpes' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> diff --git a/lib/srtgui/templates/cve.html b/lib/srtgui/templates/cve.html index b1df1819..a70448f8 100644 --- a/lib/srtgui/templates/cve.html +++ b/lib/srtgui/templates/cve.html @@ -8,357 +8,452 @@ <div class="row"> <!-- Breadcrumbs --> - <div class="col-md-12"> - <ul class="breadcrumb" id="breadcrumb"> - <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> - <li><a href="{% url 'all-cves' %}">CVE's</a></li><span class="divider">→</span> - <li>{{cve_list_table.0.0.name}}</li> - <li><a class="btn btn-default navbar-btn " id="cve-prev" href="{% url 'cve' cve_prev %}">Prev</a></li> - <li><a class="btn btn-default navbar-btn " id="cve-next" href="{% url 'cve' cve_next %}">Next</a></li> - </ul> - </div> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'cves' %}">CVE's</a></li><span class="divider">→</span> + <li>{{cve_list_table.0.0.name}}</li> + <li><a class="btn btn-default navbar-btn " id="cve-prev" href="{% url 'cve' cve_prev %}">Prev</a></li> + <li><a class="btn btn-default navbar-btn " id="cve-next" href="{% url 'cve' cve_next %}">Next</a></li> + </ul> + </div> </div> <!-- Begin container --> + <div class="row"> <div class="col-md-12"> <div class="page-header build-data"> - <h1>{{cve_list_table.0.0.name}} Detail {% if not cve_list_table.0.0.public %} <font color="red">[PRIVATE]</font> {% endif %}</h1> + <h1 style="display:inline-block;vertical-align: middle;">{{cve_list_table.0.0.name}} Detail {% if not cve_list_table.0.0.public %} <font color="red">[PRIVATE]</font> {% endif %}</h1> + {% if access.is_creator %} + <span style="padding-left:30px;"><button id="select-quickedit" class="btn btn-default" type="button">Edit SRTool Status...</button></span> + <!--<span style="padding-left:30px;"><button id="select-quickedit" class="btn btn-default" type="button">Edit CVE Data ...</button></span>--> + {% endif %} </div> </div> </div> + <div class="row" style="padding-left: 25px;"> <UL> - <LI> + <LI> + <i>SRTool Priority:</i> {{cve_list_table.0.0.get_priority_text}} + </LI> + <LI> <i>SRTool Status:</i> {{cve_list_table.0.0.get_status_text}} - </LI> - <LI> + </LI> + <LI> <i>SRTool Notes:</i> '{{cve_list_table.0.0.comments}}' - {% if access.is_creator %} - </LI> - <LI> - <i>SRTool Private Notes:</i> '{{cve_list_table.0.0.comments_private}}' - {% endif %} - </LI> - <LI> - {% if access.is_creator %} - <i>Publish</i> = - <select name="Publish"> - <option value="Undetermined">Undetermined</option> - <option value="Automatic Publish Date">Automatic Publish Date</option> - <option value="Request Publish Date">Request Publish Date</option> - <option value="Published">Published</option> - <option value="Do Not Published">Do Not Published</option> - </select> - <i>Publish Date</i> = {{cve_list_table.0.0.publish_date}} - <a class="btn btn-default " id="login-button" href="">Publish Now</a> - <!--<a class="btn btn-default navbar-btn " id="login-button" href="">Publish Now</a> --> - {% else %} - <i>Publish</i> = {{cve_list_table.0.0.get_publish_text}}, <i>Publish Date</i> = {{cve_list_table.0.0.publish_date}} - {% endif %} - </LI> + {% if access.is_creator %} + </LI> + <LI> + <i>SRTool Private Notes:</i> '{{cve_list_table.0.0.comments_private}}' + {% endif %} + </LI> + <LI> + {% if access.is_creator %} + <i>Publish = {{cve_list_table.0.0.get_publish_text}}</i> + <!--<a class="btn btn-default navbar-btn " id="login-button" href="">Publish Now</a> --> + {% else %} + <i>Publish</i> = {{cve_list_table.0.0.get_publish_text}}, <i>Publish Date</i> = {{cve_list_table.0.0.publish_date}} + {% endif %} + </LI> </UL> + + +</div> +<!-- Quick Edit --> +<div id="details-quickedit" style="display:none;"> + <p><p> + <button class="execute" id="submit-quickedit"> Submit Changes </button> + <p><i>Priority</i> = + <select name="Priority" id="select-priority-state"> + <option value="0" {% if 0 == cve_list_table.0.0.priority %}selected{% endif %}></option> + <option value="1" {% if 1 == cve_list_table.0.0.priority %}selected{% endif %}>Minor</option> + <option value="2" {% if 2 == cve_list_table.0.0.priority %}selected{% endif %}>Low</option> + <option value="3" {% if 3 == cve_list_table.0.0.priority %}selected{% endif %}>Medium</option> + <option value="4" {% if 4 == cve_list_table.0.0.priority %}selected{% endif %}>High</option> + </select> + <p><input type="text" placeholder="Edit Note" id="text-note" size="40" value="{{cve_list_table.0.0.comments}}"></p> + <p><input type="text" placeholder="Edit Private Note" id="text-private-note" size="40" value="{{cve_list_table.0.0.comments_private}}"></p> + <i>Publish</i> = + <select name="Publish" id="select-publish-state"> + <option value="0" {% if 0 == cve_list_table.0.0.publish_state %}selected{% endif %}>Unpublished</option> + <option value="1" {% if 1 == cve_list_table.0.0.publish_state %}selected{% endif %}>Not to be Published</option> + <option value="2" {% if 2 == cve_list_table.0.0.publish_state %}selected{% endif %}>Published</option> + <option value="3" {% if 3 == cve_list_table.0.0.publish_state %}selected{% endif %}>Publish Request (New)</option> + <option value="4" {% if 4 == cve_list_table.0.0.publish_state %}selected{% endif %}>Publish Request (Update)</option> + <option value="5" {% if 5 == cve_list_table.0.0.publish_state %}selected{% endif %}>Publish Submitted</option> + </select> + <i>Publish Date</i> = <input type="text" placeholder="Auto Publish Date" id="select-publish-date" size="40" value="{{cve_list_table.0.0.publish_date}}"><p> + <p><p> </div> <div class="row"> <div class="col-md-8 tabbable"> <ul class="nav nav-tabs"> - {% for object,state,id in cve_list_table %} + {% for object,details,state,id in cve_list_table %} <li class="{{state}}"> <a href="#{{id}}" data-toggle="tab"> <span class="glyphicon glyphicon-question-sign get-help" title="{{id}}"></span> {{id}} </a> </li> - {% endfor %} + {% endfor %} </ul> <div class="tab-content"> - {% for object,state,id in cve_list_table %} - <div class="tab-pane {{state}}" id="{{id}}"> + {% for object,details,state,id in cve_list_table %} + <div class="tab-pane {{state}}" id="{{id}}"> <!-- vvvvvvvvvvvvvvvvvvvvvvvvvvvvvv --> - <div class="row"> - <div class="col-md-5"> - <div> - <h3>Decription</h3> - {{object.description}} - </div> - <p/> - <div> - <B>Source:</B> {{object.cve_data_format}} <B>Last Modified:</B> {{object.lastModifiedDate}} - </div> - </div> - <div class="col-md-5"> - <div class="well"> - <h2>Quick Info</h2> - - - <dl class="dl-horizontal"> - <dt>CVE Dictionary Entry:</dt> - <dd>{{object.name}}</dd> - - <dt>Original release date:</dt> - <dd>{{object.publishedDate}}</dd> - - <dt>Last revised:</dt> - <dd>{{object.lastModifiedDate}}</dd> - - <dt>Source:</dt> - <dd>{{object.cve_data_format}}</dd> - - {% if id == "Summary" %} - <dt>SRTool Vulnerability:</dt> - <dd> - {% if object.cve_to_vulnerability.all %} - {% for cv in object.cve_to_vulnerability.all %} - {% if not forloop.first %}| {% endif %}<a href="{% url 'vulnerability' cv.vulnerability.pk %}">{{cv.vulnerability.name}}</a> - {% endfor %} - {% else %} - No vulnerability record found - {% endif %} - {% endif %} - </dd> - </dl> - </div> - </div> - </div> - - <div class="row"> - <h3>Impact</h3> - <div class="col-md-4"> - <h3>CVSS Severity (version 3.0):</h3> - <dl class="dl-horizontal"> - <dt>CVSS v3 Base Score:</dt> - <dd>{{object.cvssV3_baseScore}} {{object.cvssV3_baseSeverity}}</dd> - - <dt>Vector:</dt> - <dd>{{object.cvssV3_vectorString}}</dd> - - <dt>Impact Score:</dt> - <dd>{{object.cvssV3_impactScore}}</dd> - - <dt>Exploitability Score:</dt> - <dd>{{object.cvssV3_exploitabilityScore}}</dd> - </dl> - <h3>CVSS Version 3 Metrics:</h3> - <dl class="dl-horizontal"> - <dt>Attack Vector (AV):</dt> - <dd>{{object.cvssV3_attackVector}}</dd> - - <dt>Attack Complexity (AC):</dt> - <dd>{{object.cvssV3_attackComplexity}}</dd> - - <dt>Privileges Required (PR):</dt> - <dd>{{object.cvssV3_privilegesRequired}}</dd> - - <dt>User Interaction (UI):</dt> - <dd>{{object.cvssV3_userInteraction}}</dd> - - <dt>Scope (S):</dt> - <dd>{{object.cvssV3_scope}}</dd> - - <dt>Confidentiality (C):</dt> - <dd>{{object.cvssV3_confidentialityImpact}}</dd> - - <dt>Integrity (I):</dt> - <dd>{{object.cvssV3_integrityImpact}}</dd> - - <dt>Availability (A):</dt> - <dd>{{object.cvssV3_availabilityImpact}}</dd> - </dl> - </div> - <div class="col-md-4"> - <h3>CVSS Severity (version 2.0):</h3> - <dl class="dl-horizontal"> - <dt>CVSS v2 Base Score:</dt> - <dd>{{object.cvssV2_baseScore}} {{object.cvssV2_severity}}</dd> - - <dt>Vector:</dt> - <dd>{{object.cvssV2_vectorString}}</dd> - - <dt>Impact Subscore:</dt> - <dd>{{object.cvssV2_impactScore}}</dd> - - <dt>Exploitability Subscore:</dt> - <dd>{{object.cvssV2_exploitabilityScore}}</dd> - - </dl> - <h3>CVSS Version 2 Metrics:</h3> - <dl class="dl-horizontal"> - <dt>Access Vector (AV):</dt> - <dd>{{object.cvssV2_accessVector}}</dd> - - <dt>Access Complexity (AC):</dt> - <dd>{{object.cvssV2_accessComplexity}}</dd> - - <dt>Authentication:</dt> - <dd>{{object.cvssV2_authentication}}</dd> - - <dt>Impact Type:</dt> - <dd>???</dd> - - </dl> - </div> - </div> - - <div class="row"> - <h3>References to Advisories, Solutions, and Tools</h3> - <p> - By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites - because they may have information that would be of interest to you. No inferences should be drawn on account - of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate - for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on - these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please - address comments about this page to nvd@nist.gov. - </p> - <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> - <thead> - <tr> - <th>Hyperlink</th> - <th>Resource</th> - <th>Type</th> - <th>Source</th> - <th>Name</th> - </tr> - </thead> - {% if object.references.all %} - {% for ref in object.references.all %} - <tr> - <td><a href="{{ref.hyperlink}}" target="_blank">{{ ref.hyperlink }}</a></td> - <td>{{ ref.resource }}</td> - <td>{{ ref.type }}</td> - <td>{{ ref.source }}</td> - <td>{{ ref.name }}</td> - </tr> - {% endfor %} - {% else %} - <tr> - <td>No references</td> - </tr> - {% endif %} - </table> - </div> - - <div class="row"> - <h3>Technical Details</h3> - <p> - <h4>Vulnerability Type<a href="{% url 'all-cwes' %}"> (View All)</a></h4> - <p> - <table class="table table-striped table-condensed" data-testid="cve2cwe-hyperlinks-table"> - <thead> - <tr> - <th>Name</th> - <th>Summary</th> - </tr> - </thead> - {% if object.cve2cwe.all %} - {% for ref in object.cve2cwe.all %} - <tr> - <td>{{ ref.cwe.name }}</td> - <td>{{ ref.cwe.summary }}</td> - </tr> - {% endfor %} - {% else %} - <tr> - <td>No CWE references</td> - </tr> - {% endif %} - </table> - </div> - - <div class="row"> - <h3>Vulnerable software and versions</h3> - <div > <!--style="padding-left: 25px;" --> - {% if object.get_cpe_list %} - {% for cpe in object.get_cpe_list %} - {% if not cpe %} - {% elif not cpe.0 %} - {% elif '<config' in cpe.0 %} - <div style="padding-left: 25px;"> - <h4>• Configuration </h3> - {% elif '<and>' == cpe.0 %} - <div style="padding-left: 25px;"> - <h4>• AND</h3> - {% elif '<or>' == cpe.0 %} - <div style="padding-left: 25px;"> - <h4>• OR</h3> - <table class="table table-striped table-condensed" data-testid="configs-hyperlinks-table"> - <thead> - <tr> - <th>Vulnerable</th> - <th>CPE 2.3</th> - <th>CPE 2.2</th> - <th><!--<span class="glyphicon glyphicon-question-sign get-help" title="Version End Including"></span>-->Version End</th> - </tr> - </thead> - {% elif '</or>' == cpe.0 %} - </table> - </div> - {% elif '</and>' == cpe.0 %} - </div> - {% elif '</config>' == cpe.0 %} - </div> - {% else %} - <tr> - <td>{{ cpe.0 }}</td> - <td>{{ cpe.1 }}</td> - <td>{{ cpe.2 }}</td> - <td>{{ cpe.3 }}</td> - </tr> - {% endif %} - {% endfor %} - {% else %} - No CPE configurations - {% endif %} - </div> - <p/> - </div> - - - <div class="row"> - <h3>History - </h3> - - <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> - <thead> - <tr> - <th>Comment</th> - <th>Date</th> - <th>Author</th> - </tr> - </thead> - - {% if object.cve_history.all %} - {% for c in object.cve_history.all %} - <tr> - <td>{{ c.comment }}</td> - <td>{{ c.date }}</td> - <td>{{ c.author }}</td> - </tr> - {% endfor %} - {% else %} - <tr> - <td>No history found</td> - </tr> - {% endif %} - </table> - - </div> + <!-- Row: Description and Quick Info --> + <div class="row"> + <div class="col-md-5"> + <div> + <h3>Decription</h3> + {{object.description}} + </div> + <p/> + <div> + <B>Source:</B> {{object.cve_data_format}} <B>Last Modified:</B> {{object.lastModifiedDate}} + </div> + </div> + <div class="col-md-5"> + <div class="well"> + <h2>Quick Info</h2> + + + <dl class="dl-horizontal"> + <dt>CVE Dictionary Entry:</dt> + <dd>{{object.name}}</dd> + + <dt>Original release date:</dt> + <dd>{{object.publishedDate}}</dd> + + <dt>Last revised:</dt> + <dd>{{object.lastModifiedDate}}</dd> + + <dt>Source:</dt> + <dd>{{object.cve_data_format}}</dd> + + {% if id == "Summary" %} + <dt>SRTool Vulnerability:</dt> + <dd> + {% if object.cve_to_vulnerability.all %} + {% for cv in object.cve_to_vulnerability.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'vulnerability' cv.vulnerability.pk %}">{{cv.vulnerability.name}}</a> + {% endfor %} + {% else %} + No vulnerability record found + {% endif %} + {% endif %} + </dd> + + <dt>NIST Link:</dt> + <dd><a href="https://nvd.nist.gov/vuln/detail/{{object.name}}" target="_blank">{{object.name}}</a></dd> + + </dl> + </div> + </div> + </div> <!-- /Description --> + + <!-- Row: CVSS --> + <div class="row" style="padding-left: 25px;"> + <h3>Impact</h3> + <div class="col-md-4"> + <h3>CVSS Severity (version 3.0):</h3> + <dl class="dl-horizontal"> + <dt>CVSS v3 Base Score:</dt> + <dd>{{object.cvssV3_baseScore}} {{object.cvssV3_baseSeverity}}</dd> + + <dt>Vector:</dt> + <dd>{{details.cvssV3_vectorString}}</dd> + + <dt>Impact Score:</dt> + <dd>{{details.cvssV3_impactScore}}</dd> + + <dt>Exploitability Score:</dt> + <dd>{{details.cvssV3_exploitabilityScore}}</dd> + </dl> + <h3>CVSS Version 3 Metrics:</h3> + <dl class="dl-horizontal"> + <dt>Attack Vector (AV):</dt> + <dd>{{details.cvssV3_attackVector}}</dd> + + <dt>Attack Complexity (AC):</dt> + <dd>{{details.cvssV3_attackComplexity}}</dd> + + <dt>Privileges Required (PR):</dt> + <dd>{{details.cvssV3_privilegesRequired}}</dd> + + <dt>User Interaction (UI):</dt> + <dd>{{details.cvssV3_userInteraction}}</dd> + + <dt>Scope (S):</dt> + <dd>{{details.cvssV3_scope}}</dd> + + <dt>Confidentiality (C):</dt> + <dd>{{details.cvssV3_confidentialityImpact}}</dd> + + <dt>Integrity (I):</dt> + <dd>{{details.cvssV3_integrityImpact}}</dd> + + <dt>Availability (A):</dt> + <dd>{{details.cvssV3_availabilityImpact}}</dd> + </dl> + </div> + <div class="col-md-4"> + <h3>CVSS Severity (version 2.0):</h3> + <dl class="dl-horizontal"> + <dt>CVSS v2 Base Score:</dt> + <dd>{{object.cvssV2_baseScore}} {{details.cvssV2_severity}}</dd> + + <dt>Vector:</dt> + <dd>{{details.cvssV2_vectorString}}</dd> + + <dt>Impact Subscore:</dt> + <dd>{{details.cvssV2_impactScore}}</dd> + + <dt>Exploitability Subscore:</dt> + <dd>{{details.cvssV2_exploitabilityScore}}</dd> + + </dl> + <h3>CVSS Version 2 Metrics:</h3> + <dl class="dl-horizontal"> + <dt>Access Vector (AV):</dt> + <dd>{{details.cvssV2_accessVector}}</dd> + + <dt>Access Complexity (AC):</dt> + <dd>{{details.cvssV2_accessComplexity}}</dd> + + <dt>Authentication:</dt> + <dd>{{details.cvssV2_authentication}}</dd> + + <dt>Impact Type:</dt> + <dd>???</dd> + + </dl> + </div> + </div> <!-- /CVSS --> + + <!-- Row: References --> + <div class="row" style="padding-left: 25px;"> + <h3>References to Advisories, Solutions, and Tools</h3> + <p> + By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites + because they may have information that would be of interest to you. No inferences should be drawn on account + of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate + for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on + these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please + address comments about this page to nvd@nist.gov. + </p> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> + <thead> + <tr> + <th>Hyperlink</th> + <th>Resource</th> + </tr> + </thead> + {% if object.references.all %} + {% for ref in object.references.all %} + <tr> + <td><a href="{{ref.hyperlink}}" target="_blank">{{ ref.hyperlink }}</a></td> + <td>{{ ref.resource }}</td> + </tr> + {% endfor %} + {% else %} + <tr> + <td>No references</td> + </tr> + {% endif %} + </table> + </div> <!-- /References --> + + <!-- Row: CWE --> + <div class="row" style="padding-left: 25px;"> + <h3>Technical Details</h3> + <p> + <h4>Vulnerability Type<a href="{% url 'cwes' %}"> (View All)</a></h4> + <p> + <table class="table table-striped table-condensed" data-testid="cve2cwe-hyperlinks-table"> + <thead> + <tr> + <th>Name</th> + <th>Summary</th> + </tr> + </thead> + {% if object.cve2cwe.all %} + {% for ref in object.cve2cwe.all %} + <tr> + <td>{{ ref.cwe.name }}</td> + <td>{{ ref.cwe.summary }}</td> + </tr> + {% endfor %} + {% else %} + <tr> + <td>No CWE references</td> + </tr> + {% endif %} + </table> + </div> <!-- /CWE --> + + <!-- Row: CPE --> + <div class="row" style="padding-left: 25px;"> + <h3>Vulnerable software and versions</h3> + <div > <!--style="padding-left: 25px;" --> + {% if details.get_cpe_list %} + {% for cpe in details.get_cpe_list %} + {% if not cpe %} + {% elif not cpe.0 %} + {% elif '[config' in cpe.0 %} + <div style="padding-left: 25px;"> + <h4>• Configuration </h3> + {% elif '[and]' == cpe.0 %} + <div style="padding-left: 25px;"> + <h4>• AND</h3> + {% elif '[or]' == cpe.0 %} + <div style="padding-left: 25px;"> + <h4>• OR</h3> + <table class="table table-striped table-condensed" data-testid="configs-hyperlinks-table"> + <thead> + <tr> + <th>Vulnerable</th> + <th>CPE 2.3</th> + <th>CPE 2.2</th> + <th><!--<span class="glyphicon glyphicon-question-sign get-help" title="Version End Including"></span>-->Version End</th> + </tr> + </thead> + {% elif '[/or]' == cpe.0 %} + </table> + </div> + {% elif '[/and]' == cpe.0 %} + </div> + {% elif '[/config]' == cpe.0 %} + </div> + {% else %} + <tr> + <td>{{ cpe.0 }}</td> + <td>{{ cpe.1 }}</td> + <td>{{ cpe.2 }}</td> + <td>{{ cpe.3 }}</td> + </tr> + {% endif %} + {% endfor %} + {% else %} + No CPE configurations + {% endif %} + </div> + <p> + </div> <!-- /CPE --> + <!-- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ --> - </div> <!-- end tab-pane --> + </div> <!-- end tab-pane --> {% endfor %} </div> <!-- end tab-content --> </div> <!-- end tabbable --> </div> <!-- end row --> +<div class="row" style="padding-left: 25px;"> + <h3>History</h3> + + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> + <thead> + <tr> + <th>Comment</th> + <th>Date</th> + <th>Author</th> + </tr> + </thead> + + {% if cve_list_table.1.0.cve_history.all %} + {% for c in cve_list_table.1.0.cve_history.all %} + <tr> + <td>{{ c.comment }}</td> + <td>{{ c.date }}</td> + <td>{{ c.author }}</td> + </tr> + {% endfor %} + {% else %} + <tr> + <td>No history found</td> + </tr> + {% endif %} + </table> +</div> + <HR ALIGN="center" WIDTH="100%"> +<script> + var selected_quickedit=false; + + $(document).ready(function() { + function onCommitAjaxSuccess(data, textstatus) { + if (window.console && window.console.log) { + console.log("XHR returned:", data, "(" + textstatus + ")"); + } else { + alert("NO CONSOLE:\n"); + return; + } + if (data.error != "ok") { + alert("error on request:\n" + data.error); + return; + } + // reload the page with the updated tables + location.reload(true); + } + + function onCommitAjaxError(jqXHR, textstatus, error) { + console.log("ERROR:"+error+"|"+textstatus); + alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); + } + + /* ensure cookie exists {% csrf_token %} */ + function postCommitAjaxRequest(reqdata) { + reqdata['cve_id'] = {{ object.id }}; + var ajax = $.ajax({ + type:"POST", + data: reqdata, + url:"{% url 'xhr_cve_commit' %}", + headers: { 'X-CSRFToken': $.cookie("csrftoken")}, + success: onCommitAjaxSuccess, + error: onCommitAjaxError, + }) + } + + $('#select-quickedit').click(function(){ + if (selected_quickedit) { + selected_quickedit=false; + $("#details-quickedit").slideUp(); + } else { + selected_quickedit=true; + $("#details-quickedit").slideDown(); + } + }); + + $('#submit-quickedit').click(function(){ + var note=$('#text-note').val().trim(); + var private_note=$('#text-private-note').val().trim(); + var priority=$('#select-priority-state').val(); + var publish_state=$('#select-publish-state').val(); + var publish_date=$('#select-publish-date').val(); + postCommitAjaxRequest({ + "action" : 'submit-quickedit', + "priority" : priority, + "note" : note, + "private_note" : private_note, + "publish_state" : publish_state, + "publish_date" : publish_date, + }); + }); + + /* Set the report link */ + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{cve_list_table.0.0.id}}"); + }); +</script> {% endblock %} - diff --git a/lib/srtgui/templates/cves-select-toastertable.html b/lib/srtgui/templates/cves-select-toastertable.html index 8e2445b0..3399332e 100644 --- a/lib/srtgui/templates/cves-select-toastertable.html +++ b/lib/srtgui/templates/cves-select-toastertable.html @@ -111,7 +111,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cpes' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -338,6 +339,17 @@ titleElt.text(title); cve_total = total; update_vulnerable_status(); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/cves-toastertable.html b/lib/srtgui/templates/cves-toastertable.html index fa83e5df..5fc37fdf 100644 --- a/lib/srtgui/templates/cves-toastertable.html +++ b/lib/srtgui/templates/cves-toastertable.html @@ -30,7 +30,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cves' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -53,6 +54,17 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/cwes-toastertable.html b/lib/srtgui/templates/cwes-toastertable.html index 06369343..cbd62a90 100644 --- a/lib/srtgui/templates/cwes-toastertable.html +++ b/lib/srtgui/templates/cwes-toastertable.html @@ -29,7 +29,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cwes' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -52,6 +53,17 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".href > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/defect.html b/lib/srtgui/templates/defect.html new file mode 100644 index 00000000..aa13b0dd --- /dev/null +++ b/lib/srtgui/templates/defect.html @@ -0,0 +1,86 @@ +{% extends "base.html" %} + +{% load projecttags %} + +{% block title %} {{object.name}} - SRTool {% endblock %} + +{% block pagecontent %} + +<div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'defects' %}">Defects</a></li><span class="divider">→</span> + <li>{{object.name}}</li> + </ul> + </div> +</div> + +<!-- Begin container --> + +<div class="row"> + <div class="col-md-12"> + <div class="page-header build-data"> + <h1>Defect {{object.name}} Detail</h1> + </div> + </div> +</div> + +<div class="row"> + <div class="col-md-5"> + <div class="well"> + <h2>Quick Info</h2> + <dl class="dl-horizontal"> + <dt>Summary:</dt> + <dd>{{object.summary}}</dd> + + <dt>URL:</dt> + <dd><a href="{{object.url}}" id="dataid_{{object.id}}" target="_blank">{{object.url}}</a></dd> + + <dt>Priority:</dt> + <dd>{{object.get_priority_text}}</dd> + + <dt>Status:</dt> + <dd>{{object.get_status_text}}</dd> + + <dt>Resolution:</dt> + <dd>{{object.get_resolution_text}}</dd> + + <dt>Publish:</dt> + <dd>{{object.publish}}</dd> + + <dt>Release Version:</dt> + <dd>{{object.release_version}}</dd> + + <dt>Investigations:</dt> + <dd> + {% for ji in object.defect_to_investigation.all %} + {% if not forloop.first %}| {% endif %}<a href="{% url 'investigation' ji.investigation.id %}" target="_blank">{{ji.investigation.name}} </a> + {% endfor %} + </dd> + + <dt>Product:</dt> + <dd><a href="{% url 'product' object.product.id %}">{{object.product.long_name}}</a></dd> + + <dt>date_created:</dt> + <dd>{{object.date_created}}</dd> + + <dt>date_updated:</dt> + <dd>{{object.date_updated}}</dd> + + </dl> + </div> + </div> +</div> + + +<!-- Javascript support --> +<script> + $(document).ready(function() { + /* Set the report link */ + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{object.id}}"); + }); +</script> + +{% endblock %} diff --git a/lib/srtgui/templates/defects-toastertable.html b/lib/srtgui/templates/defects-toastertable.html index 82a6c5ee..1d699909 100644 --- a/lib/srtgui/templates/defects-toastertable.html +++ b/lib/srtgui/templates/defects-toastertable.html @@ -29,7 +29,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cpes' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -52,6 +53,17 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/guided_tour.html b/lib/srtgui/templates/guided_tour.html index 648bde14..fe5fd60e 100644 --- a/lib/srtgui/templates/guided_tour.html +++ b/lib/srtgui/templates/guided_tour.html @@ -74,7 +74,7 @@ <div class="row" style="padding-left: 25px;"> <h3><a id="public"></a>Public View</h3> <ul> - <li> <b><a href="{% url 'all-cves' %}">CVE's</a></b> </li> + <li> <b><a href="{% url 'cves' %}">CVE's</a></b> </li> <ul> <li> The CVE page is based on the NIST public page, and includes the V3 and V2 severities information, download links, and CPE's</li> <li> There are tabs to see (a) the original source data and (b) the SRTool edits (if any)</li> @@ -104,7 +104,7 @@ </ul> </ul> <ul> - <li> <b><a href="{% url 'all-defects' %}">Defects</a></b> </li> + <li> <b><a href="{% url 'defects' %}">Defects</a></b> </li> <ul> <li> This table lists all of the Jira defects being tracked by the Vulnerabilities and Investigations </li> <li> A quick status overview of the defects is provided </li> @@ -118,14 +118,14 @@ </ul> </ul> <ul> - <li> <b><a href="{% url 'all-cpes' %}">CPE's</a></b> </li> + <li> <b><a href="{% url 'cpes' %}">CPE's</a></b> </li> <ul> <li> The 'Common Product Enumerations' (CPE) found in the vulnerable CVE records </li> <li> This data can help track CPE's that result in vulnerabilities, to help improve triaging CVE's </li> </ul> </ul> <ul> - <li> <b><a href="{% url 'all-cwes' %}">CWE's</a></b> </li> + <li> <b><a href="{% url 'cwes' %}">CWE's</a></b> </li> <ul> <li> The 'Common Weakness Enumerations' (CWE) found in the vulnerable CVE records </li> </ul> diff --git a/lib/srtgui/templates/investigation.html b/lib/srtgui/templates/investigation.html index 77cb8fbd..bf0a5672 100644 --- a/lib/srtgui/templates/investigation.html +++ b/lib/srtgui/templates/investigation.html @@ -52,7 +52,7 @@ <h2>Quick Info</h2> <dl class="dl-horizontal"> <dt>Product:</dt> - <dd>{{object.product.name}} {{ object.product.version }} {{ object.product.profile }}</dd> + <dd><a href="{% url 'product' object.product.id %}">{{object.product.long_name}}</a></dd> <dt>Investigation:</dt> <dd><a href="{% url 'vulnerability' object.vulnerability.id %}">{{object.vulnerability.get_long_name}}</a></dd> @@ -60,15 +60,42 @@ <dt>Defect:</dt> <dd> {% for ij in object.investigation_to_defect.all %} - {% if not forloop.first %}| {% endif %}<a href="http://defect.wrs.com/browse/{{ij.defect.name}}" target="_blank">{{ij.defect.name}} </a> + {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' ij.defect.id %}" target="_blank">{{ij.defect.name}} </a> {% endfor %} <p> {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="">Attach Defect</a> - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="">Create Defect</a> + <a class="btn btn-default navbar-btn " id="select-attachdefect">Attach Defect</a> + <a class="btn btn-default navbar-btn " id="select-createdefect">Create Defect</a> + <a class="btn btn-default navbar-btn " id="select-trashdefect">Detach Defect</a> {% endif %} </dd> + <div id="details-attachdefect" style="display:none; border: 1px solid; padding:20px; width:400px; margin-bottom:25px; margin-left:150px"> + <p><b><label>Select Defect by Key:</label></b> + <div id="input-attachdefect" style="padding-left: 50px"> + <p><input type="text" id="text-attachdefect" placeholder="Issue Key (ex. {{defect_example}})" size="20"> <button class="execute" id="submit-attachdefect"> Submit </button></p> + </div> + </div> + + <div id="details-trashdefect" style="display:none; border: 1px solid; padding:20px; width:400px; margin-bottom:25px; margin-left:150px"> + <p><b><label>Select Defect(s):</label></b> + <div id="select-trashdefectlist" style="padding-left: 50px"> + <div class="row"> + <div id="all-investigation-to-defects" class="scrolling" style="width: 300px;"> + {% for obj in investigation_to_defect %} + <div class="checkbox"> + <label> + <input class="checkbox-defects" name="{{obj.defect.pk}}" type="checkbox">{{obj.defect.name}} + </label> + <p> + </div> + {% endfor %} + </div> + <button class="execute" id="submit-trashdefect"> Detach </button> + </div> + </div> + </div> + <dt>Status:</dt> <dd>{{object.get_status_text}}</dd> @@ -81,7 +108,7 @@ <dt>Release Version:</dt> <dd> {% for ij in object.investigation_to_defect.all %} - {% if not forloop.first %}| {% endif %}<a href="http://defect.wrs.com/browse/{{ij.defect.name}}" target="_blank">{{ij.defect.release_version}} </a> + {% if not forloop.first %}| {% endif %}<a href="{{ij.defect.url}}" target="_blank">{{ij.defect.release_version}} </a> {% endfor %} </dd> </dl> @@ -91,14 +118,18 @@ <hr> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Comments - {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="{% url 'login' %}">Add comment</a> - {% endif %} + {% if access.is_creator %} + <button id="select-newcomment" class="btn btn-default" type="button">Add comment ...</button> + {% endif %} </h3> - <table class="table table-striped table-condensed" data-testid="inv-hyperlinks-table"> + <div id="input-newcomment" style="padding-left: 50px; display:none;"> + <p><input type="text" id="text-newcomment" size="40"> <button class="execute" id="submit-newcomment"> Submit </button></p> + </div> + + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> <th>Comment</th> @@ -116,11 +147,11 @@ <td>{{ c.comment }}</td> <td>{{ c.date }}</td> <td>{{ c.author }}</td> - {% if access.is_creator %} + {% if access.is_creator or c.author == current_user %} <td> <span id="config_var_entry_'+configvars_sorted[i][2]+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{c.id}}+'" x-data="'+{{c.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="comment_trash_'+{{c.id}}+'" x-data="'+{{c.id}}+'"></span> + <span class="glyphicon glyphicon-edit edit-comment" id="affected_edit_'+{{c.id}}+'" x-data="{{c.id}}"></span> + <span class="glyphicon glyphicon-trash trash-comment" id="comment_trash_'+{{c.id}}+'" x-data="{{c.id}}"></span> </td> {% endif %} </tr> @@ -134,13 +165,25 @@ </div> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Attachments - {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="{% url 'login' %}">Add attachment</a> - {% endif %} + {% if access.is_creator %} + <a class="btn btn-default navbar-btn " id="select-addattachment">Add attachment ... </a> + {% endif %} </h3> + <div id="details-addattachment" style="padding-left: 50px; display:none;"> + <p><p> + <div class="row"> + <form id="uploadbanner" enctype="multipart/form-data" method="post">{% csrf_token %} + <input id="fileDescription" name="fileDescription" type="text" placeholder="Enter Description" /> + <input id="fileUpload" name="fileUpload" type="file" /> + <input type="hidden" id="action" name="action" value="upload"> + <input type="submit" value="submit file" id="submit-addattachment" /> + </form> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -157,17 +200,20 @@ {% for u in object.investigation_uploads.all %} <tr> <td>{{ u.description }}</td> - <td>{{ u.path }}</td> + <td>{{ u.path|basename }}</td> <td>{{ u.size }}</td> <td>{{ u.date }}</td> <td>{{ u.author }}</td> <td> <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-download-alt get-help" title="Download document"></span> - {% if access.is_creator %} - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="attachment_trash_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - {% endif %} + <form id="downloadbanner" enctype="multipart/form-data" method="post" >{% csrf_token %} + <input type="hidden" id="action" name="action" value="download"> + <input type="hidden" id="record_id" name="record_id" value={{u.id}}> + <span class="glyphicon glyphicon-download-alt submit-downloadattachment" id="attachment_download_'+{{u.id}}+'" x-data="{{u.id}}"></span> + {% if access.is_creator %} + <span class="glyphicon glyphicon-trash trash-attachment" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> + {% endif %} + </form> </td> </tr> {% endfor %} @@ -177,18 +223,37 @@ </tr> {% endif %} </table> - </div> <br/> <hr/> {% if access.is_creator %} - <div class="row"> + <div class="row" style="padding-left: 25px;"> <h3>Change Notifications - <a class="btn btn-default navbar-btn " id="new-investigation-notify" href="{% url 'login' %}">Add user notification</a> + {% if access.is_creator %} + <button id="select-addusernotify" class="btn btn-default" type="button">Add user notification ...</button> + {% endif %} </h3> + <div id="details-addusernotify" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-addusernotify"> Submit </button> + <div class="row"> + <p> + <div id="all-users" class="scrolling" style="width: 300px;"> + {% for user in users %} + <div class="checkbox"> + <label> + <input class="checkbox-users" name="{{user.pk}}" type="checkbox">{{user.name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -200,16 +265,16 @@ </tr> </thead> - {% if object.investigation_users.all %} - {% for u in object.investigation_users.all %} + {% if object.investigation_notification.all %} + {% for u in object.investigation_notification.all %} <tr> <td>{{ u.user.name }}</td> <td>{{ u.user.email }}</td> - {% if access.is_creator %} + {% if access.is_creator or u.user.name == current_user %} <td> <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="attachment_trash_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> + <span class="glyphicon glyphicon-edit edit-usernotification" id="affected_edit_'+{{u.id}}+'" x-data="{{u.id}}"></span> + <span class="glyphicon glyphicon-trash trash-usernotification" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> </td> {% endif %} </tr> @@ -223,11 +288,31 @@ </div> - <div class="row"> + <div class="row" style="padding-left: 25px;"> <h3>User Access - <a class="btn btn-default navbar-btn " id="new-investigation-access" href="{% url 'login' %}">Add user access</a> + {% if access.is_creator %} + <button id="select-adduseraccess" class="btn btn-default" type="button">Add user access ...</button> + {% endif %} </h3> + <div id="details-adduseraccess" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-adduseraccess"> Submit </button> + <div class="row"> + <p> + <div id="all-users" class="scrolling" style="width: 300px;"> + {% for user in users %} + <div class="checkbox"> + <label> + <input class="checkbox-users" name="{{user.pk}}" type="checkbox">{{user.name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -253,8 +338,8 @@ {% if access.is_creator %} <td> <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="attachment_trash_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> + <span class="glyphicon glyphicon-edit edit-useraccess" id="affected_edit_'+{{u.id}}+'" x-data="{{u.id}}"></span> + <span class="glyphicon glyphicon-trash trash-useraccess" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> </td> {% endif %} </tr> @@ -271,7 +356,7 @@ </div> {% endif %} -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>History</h3> <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> @@ -297,5 +382,287 @@ </table> </div> +<script> + var selected_newcomment=false; + var selected_addusernotify=false; + var selected_adduseraccess=false; + var selected_addattachment=false; + var selected_attachdefect=false; + var selected_trashdefect=false; + + $(document).ready(function() { + function onCommitAjaxSuccess(data, textstatus) { + if (window.console && window.console.log) { + console.log("XHR returned:", data, "(" + textstatus + ")"); + } else { + alert("NO CONSOLE:\n"); + return; + } + if (data.error != "ok") { + alert("error on request:\n" + data.error); + return; + } + // reload the page with the updated tables + location.reload(true); + } + + function onCommitAjaxError(jqXHR, textstatus, error) { + console.log("ERROR:"+error+"|"+textstatus); + alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); + } + + /* ensure cookie exists {% csrf_token %} */ + function postCommitAjaxRequest(reqdata) { + reqdata["investigation_id"] = {{ object.id }} + var ajax = $.ajax({ + type:"POST", + data: reqdata, + url:"{% url 'xhr_investigation_commit' %}", + headers: { 'X-CSRFToken': $.cookie("csrftoken")}, + success: onCommitAjaxSuccess, + error: onCommitAjaxError, + }); + } + + /* (De-)Select management */ + + $('#select-these').click(function(){ + $(':checkbox').each(function(){ + $(this).prop('checked', true); + }); + }); + + $('#unselect-these').click(function(){ + $(':checkbox').each(function(){ + $(this).prop('checked', false); + }); + }); + + /* Defect management */ + + $('#select-attachdefect').click(function(){ + if (selected_attachdefect) { + selected_attachdefect=false; + $("#details-attachdefect").slideUp(); + } else { + if (selected_trashdefect) { + selected_trashdefect = false; + } + selected_attachdefect=true; + $("#details-trashdefect").slideUp(); + $("#details-attachdefect").slideDown(); + } + }) + + $('#select-trashdefect').click(function(){ + if (selected_trashdefect) { + selected_trashdefect=false; + $("#details-trashdefect").slideUp(); + } else { + if (selected_attachdefect) { + selected_attachdefect = false; + } + selected_trashdefect=true; + $("#details-trashdefect").slideDown(); + $("#details-attachdefect").slideUp(); + } + }) + + $('#submit-attachdefectlist').click(function(){ + var defect_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + defect_list += $(this).prop('name') + ","; + } + }); + if ("" == defect_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-attachdefectlist', + "defects" : defect_list, + }); + }); + + $('#submit-attachdefect').click(function(){ + var query=$('#text-attachdefect').val().trim() + if (query=="") { + alert("No query given"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-attachdefect', + "query" : query, + }) + }); + + $('#submit-trashdefect').click(function(){ + var defect_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + defect_list += $(this).prop('name') + ","; + } + }); + if ("" == defect_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-trashdefect', + "defects" : defect_list, + }); + }); + + /* Comment management */ + + $('#select-newcomment').click(function(){ + if (selected_newcomment) { + selected_newcomment=false; + $("#input-newcomment").slideUp(); + } else { + selected_newcomment=true; + $("#input-newcomment").slideDown(); + } + }); + + $('#submit-newcomment').click(function(){ + var comment=$('#text-newcomment').val().trim() + if (comment=="") { + alert("No comment was written"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-newcomment', + "comment" : comment, + }) + }); + + $('.trash-comment').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashcomment', + "record_id" : $(this).attr('x-data'), + }); + } + }) + + /* Attachement management */ + + $('#select-addattachment').click(function() { + if (selected_addattachment) { + selected_addattachment=false; + $("#details-addattachment").slideUp(); + } else { + selected_addattachment=true; + $("#details-addattachment").slideDown(); + } + }); + + $('.submit-downloadattachment').click(function() { + $("#downloadbanner").submit(); + }); + + $('.trash-attachment').click(function() { + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashattachment', + "record_id" : $(this).attr('x-data'), + }); + } + }); + + /* User notify management */ + + $('#select-addusernotify').click(function(){ + if (selected_addusernotify) { + selected_addusernotify=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-addusernotify").slideUp(); + } else { + selected_addusernotify=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-addusernotify").slideDown(); + } + }); + + $('#submit-addusernotify').click(function(){ + var user_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + user_list += $(this).prop('name') + ","; + } + }); + if ("" == user_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-addusernotify', + "users" : user_list, + }); + }); + + $('.trash-usernotification').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashusernotification', + "record_id" : $(this).attr('x-data'), + }); + } + }) + + /* User access management */ + + $('#select-adduseraccess').click(function(){ + if (selected_adduseraccess) { + selected_adduseraccess=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-adduseraccess").slideUp(); + } else { + selected_adduseraccess=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-adduseraccess").slideDown(); + } + }); + + $('#submit-adduseraccess').click(function(){ + var user_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + user_list += $(this).prop('name') + ","; + } + }); + if ("" == user_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-adduseraccess', + "users" : user_list, + }); + }); + + $('.trash-useraccess').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashuseraccess', + "record_id" : $(this).attr('x-data'), + }); + } + }) + + /* Set the report link */ + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{object.id}}"); + }); +</script> {% endblock %} diff --git a/lib/srtgui/templates/investigations-toastertable.html b/lib/srtgui/templates/investigations-toastertable.html index 2aee7f7e..384d7141 100644 --- a/lib/srtgui/templates/investigations-toastertable.html +++ b/lib/srtgui/templates/investigations-toastertable.html @@ -30,7 +30,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cves' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -53,6 +54,17 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/landing.html b/lib/srtgui/templates/landing.html index 52f24482..e0950bd8 100644 --- a/lib/srtgui/templates/landing.html +++ b/lib/srtgui/templates/landing.html @@ -25,7 +25,7 @@ </tr> </thead> - {% if access.is_admin %} + {% if access.is_creator %} <tr> <td><a class="btn btn-info btn-lg" href="{% url 'manage' %}">Management</a></td> <td>Triage CVE's, Create Vulnerabilities, Manage Users</td> @@ -33,7 +33,7 @@ {% endif %} <tr> - <td><a class="btn btn-info btn-lg" href="{% url 'all-cves' %}">CVE's</a></td> + <td><a class="btn btn-info btn-lg" href="{% url 'cves' %}">CVE's</a></td> <td>Common Vulnerblility Enumeration</td> </tr> @@ -48,7 +48,7 @@ </tr> <tr> - <td><a class="btn btn-info btn-lg" href="{% url 'all-defects' %}">Defects</a></td> + <td><a class="btn btn-info btn-lg" href="{% url 'defects' %}">Defects</a></td> <td>SRTool Defects</td> </tr> @@ -58,12 +58,12 @@ </tr> <tr> - <td><a class="btn btn-info btn-lg" href="{% url 'all-cpes' %}">CPE's</a></td> + <td><a class="btn btn-info btn-lg" href="{% url 'cpes' %}">CPE's</a></td> <td>Common Platform Enumeration</td> </tr> <tr> - <td><a class="btn btn-info btn-lg" href="{% url 'all-cwes' %}">CWE's</a></td> + <td><a class="btn btn-info btn-lg" href="{% url 'cwes' %}">CWE's</a></td> <td>Common Weakness Enumeration</td> </tr> diff --git a/lib/srtgui/templates/login.html b/lib/srtgui/templates/login.html new file mode 100644 index 00000000..be597992 --- /dev/null +++ b/lib/srtgui/templates/login.html @@ -0,0 +1,40 @@ +{% extends "base.html" %} + +{% load static %} +{% load projecttags %} +{% load humanize %} + +{% block title %} Login Page {% endblock %} +{% block pagecontent %} + <div class="row"> + <div class="col-md-7" style="padding-left: 50px;"> + <h1>Login Page</h1> + </div> + </div> + + <form method="POST">{% csrf_token %} + <div class="row" style="padding-left: 100px;"> + <h2>Select User:</h2> + {% if object.all %} + <select name="username" size="10" required> + {% for user in object.all %} + <option>{{user.name}} ({{user.get_access_text}})</option> + {% endfor %} + </select> + {% else %} + <p>No Users Found</p> + {% endif%} + </div> + + <div class="row" style="padding-left: 100px;"> + <h2>Password:</h2> + <input type="password" class="form-control" style="width: 150px;" name="password" placeholder="(enter anything)"> + </div> + + <div class="top-air" style="padding-left: 100px;"> + <input type="submit" id="login-button" class="btn btn-primary btn-lg" value="Submit"/> + <a class="btn btn-info btn-lg" href="{% url 'landing' %}">Cancel</a> + </div> + </form> + +{% endblock %} diff --git a/lib/srtgui/templates/manage-cpes-toastertable.html b/lib/srtgui/templates/manage-cpes-toastertable.html index dc4bb800..13fdff80 100644 --- a/lib/srtgui/templates/manage-cpes-toastertable.html +++ b/lib/srtgui/templates/manage-cpes-toastertable.html @@ -36,7 +36,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cpes' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -60,6 +61,17 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/management.html b/lib/srtgui/templates/management.html index 2e53ee88..cfdd10d4 100644 --- a/lib/srtgui/templates/management.html +++ b/lib/srtgui/templates/management.html @@ -35,8 +35,8 @@ </tr> <tr> - <td><a class="btn btn-info btn-lg" href="{% url 'publish' %}">Publish Vulnerabilities</a></td> - <td>Process the items that are ready to be published</td> + <td><a class="btn btn-info btn-lg" href="{% url 'publish' %}">Publish Request</a></td> + <td>Process the items that are ready to be published from SRTool</td> </tr> <tr> @@ -44,6 +44,7 @@ <td>Report on the over all response system status</td> </tr> + {% if access.is_admin %} <tr> <td><a class="btn btn-info btn-lg" href="{% url 'users' %}">Manage Users</a></td> <td>Add, edit, and remove users</td> @@ -53,6 +54,7 @@ <td><a class="btn btn-info btn-lg" href="{% url 'sources' %}">Manage Sources</a></td> <td>Manage source list, perform manual pulls</td> </tr> + {% endif %} </table> </div> @@ -65,16 +67,16 @@ <dl class="dl-horizontal"> <dt>CVE's: Total Count =</dt> <dd> - <a href="{% url 'all-cves' %}"> {{cve_total}} </a> + <a href="{% url 'cves' %}"> {{cve_total}} </a> </dd> <dt>Pending triaged =</dt> <dd> - <a href="{% url 'all-cves' %}?limit=25&page=1&orderby=name&filter=is_status:new&default_orderby=name&filter_value=on&"> {{cve_new}} </a> + <a href="{% url 'cves' %}?limit=25&page=1&orderby=name&filter=is_status:new&default_orderby=name&filter_value=on&"> {{cve_new}} </a> </dd> <!-- <dt>Open =</dt> <dd> - <a href="{% url 'all-cves' %}?limit=25&page=1&orderby=name&filter=is_status:open&default_orderby=name&filter_value=on&"> {{cve_open}} </a> + <a href="{% url 'cves' %}?limit=25&page=1&orderby=name&filter=is_status:open&default_orderby=name&filter_value=on&"> {{cve_open}} </a> </dd> --> <dt>Vulnerabilities: Total Count =</dt> @@ -125,7 +127,7 @@ <dt>Defects: Total Count =</dt> <dd> - <a href="{% url 'all-defects' %}" %}> {{defect_total}} </a> + <a href="{% url 'defects' %}" %}> {{defect_total}} </a> </dd> </dl> diff --git a/lib/srtgui/templates/product.html b/lib/srtgui/templates/product.html new file mode 100644 index 00000000..e26bb2fe --- /dev/null +++ b/lib/srtgui/templates/product.html @@ -0,0 +1,84 @@ +{% extends "base.html" %} + +{% load projecttags %} + +{% block title %} {{object.name}} - SRTool {% endblock %} + +{% block pagecontent %} + +<div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'products' %}">Products</a></li><span class="divider">→</span> + <li>{{object.name}}</li> + </ul> + </div> +</div> + +<!-- Begin container --> + +<div class="row"> + <div class="col-md-12"> + <div class="page-header build-data"> + <h1>Product {{object.long_name}}Detail</h1> + </div> + </div> +</div> + +<div class="row"> + <div class="col-md-5"> + <div class="well"> + <h2>Quick Info</h2> + <dl class="dl-horizontal"> + <dt>Name:</dt> + <dd>{{object.name}}</dd> + + <dt>Version:</dt> + <dd>{{object.version}}</dd> + + <dt>Profile:</dt> + <dd>{{object.profile}}</dd> + + <dt>Cpe:</dt> + <dd>{{object.cpe}}</dd> + + <dt>Srt Cpe:</dt> + <dd>{{object.srt_cpe}}</dd> + + <dt>Defect Prefix:</dt> + <dd>{{object.defect_prefix }}</dd> + + <dt>Investigations Count/Link:</dt> + <dd> + {% if object.product_investigation.all.count %} + <a href="{% url 'investigations' %}?filter=is_product:{{object.defect_prefix}}&" class="btn btn-info" > + {{object.product_investigation.all.count}} + </a> + {% else %}0{% endif %} + </dd> + + <dt>Defects Count/Link:</dt> + <dd> + {% if object.product_defect.all.count %} + <a href="{% url 'defects' %}?filter=is_product:{{object.defect_prefix}}&" class="btn btn-info" > + {{object.product_defect.all.count}} + </a> + {% else %}0{% endif %} + </dd> + + </dl> + </div> + </div> +</div> + +<!-- Javascript support --> +<script> + $(document).ready(function() { + /* Set the report link */ + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{object.id}}"); + }); +</script> + +{% endblock %} diff --git a/lib/srtgui/templates/products-toastertable.html b/lib/srtgui/templates/products-toastertable.html index 65602be7..7e12b96b 100644 --- a/lib/srtgui/templates/products-toastertable.html +++ b/lib/srtgui/templates/products-toastertable.html @@ -30,7 +30,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cves' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -53,6 +54,17 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> diff --git a/lib/srtgui/templates/publish-select-toastertable.html b/lib/srtgui/templates/publish-select-toastertable.html new file mode 100644 index 00000000..5a439c63 --- /dev/null +++ b/lib/srtgui/templates/publish-select-toastertable.html @@ -0,0 +1,248 @@ +{% extends 'base.html' %} +{% load static %} + + +{% block extraheadcontent %} + <link rel="stylesheet" href="{% static 'css/jquery-ui.min.css' %}" type='text/css'> + <link rel="stylesheet" href="{% static 'css/jquery-ui.structure.min.css' %}" type='text/css'> + <link rel="stylesheet" href="{% static 'css/jquery-ui.theme.min.css' %}" type='text/css'> + <script src="{% static 'js/jquery-ui.min.js' %}"> + </script> + {% if access.is_creator %}{% else %}<meta http-equiv="refresh" content="0; url=/" />{% endif %} + + <style> + /* Style the execution buttons */ + button.execute { height:50px;width:210px;background-color:#4CAF50;text-align:center; border:2px #f69c55;border-radius: 12px; } + + button:disabled { + cursor: not-allowed; + } + + /* Create two equal columns that floats next to each other */ + .column { + float: left; + width: 350px; + padding: 10px; + } + + /* Clear floats after the columns */ + .row:after { + content: ""; + display: table; + clear: both; + } + </style> + +{% endblock %} + +{% block title %} Publish CVE's - SRTool {% endblock %} + +{% block pagecontent %} + + <div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'manage' %}">Management</a></li><span class="divider">→</span> + <li><a href="{% url 'publish' %}">Publish</a></li><span class="divider">→</span> + <li>Publish CVE's</li> + </ul> + </div> + </div> + + <div id="change-publish-state" > <!--class="form-inline" --> + <b><big>Actions: </big></b> + <button id="select-these" class="btn btn-default" type="button">Select these</button> + <button id="unselect-these" class="btn btn-default" type="button">Un-select these</button> + <button id="select-publish" class="btn btn-default" type="button">Update ...</button> + <!--<button id="collect-publish" class="btn btn-default" type="button">Collect Publishable CVEs</button> --> + </div> + + <div id="details-publish" style="display:none;"> + <p><p> + <button class="execute" id="submit-publish"> Update Publish CVE State </button> + <p><b><big>New Publish State: </big></b> + <select name="Publish" id="select-publish-state"> + <option value="0" >Unpublished</option> + <option value="1" >Not to be Published</option> + <option value="2" >Published</option> + <option value="3" >Publish Request (New)</option> + <option value="4" >Publish Request (Update)</option> + <option value="5" selected>Publish Submitted</option> + </select> + </div> + + <div class="row"> + <div class="col-md-12"> + <div class="page-header"> + <h1 class="top-air" data-role="page-title"></h1> + </div> + + {% url '' as xhr_table_url %} + {% include 'toastertable.html' %} + </div> + </div> + + <!-- Javascript support --> + <script> + + //# sourceURL=somename.js + + // global variables + var selected_publish=false; + var cve_total=0; + + $(document).ready(function() { + + function onCommitAjaxSuccess(data, textstatus) { + if (window.console && window.console.log) { + console.log("XHR returned:", data, "(" + textstatus + ")"); + } else { + alert("NO CONSOLE:\n"); + return; + } + if (data.error != "ok") { + alert("error on request:\n" + data.error); + return; + } + // reload the page with the updated tables + location.reload(true); + } + + function onCommitAjaxError(jqXHR, textstatus, error) { + console.log("ERROR:"+error+"|"+textstatus); + alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); + } + + /* ensure cookie exists {% csrf_token %} */ + function postCommitAjaxRequest(reqdata) { + var ajax = $.ajax({ + type:"POST", + data: reqdata, + url:"{% url 'xhr_cve_publish_commit'%}", + headers: { 'X-CSRFToken': $.cookie("csrftoken")}, + success: onCommitAjaxSuccess, + error: onCommitAjaxError, + }) + } + + function update_publish_status() { + var cve_count = 0; + var cve_checked_count = 0; + $('#selectpublishtable input').each(function(){ + cve_count = cve_count + 1; + if ($(this).is(':checked')) { + cve_checked_count = cve_checked_count + 1; + } + }); + if (cve_total > cve_count) { + document.getElementById("select-these").innerText = "Select "+(cve_count-cve_checked_count)+" unchecked ("+(cve_total-cve_count)+" offpage)"; + } else { + document.getElementById("select-these").innerText = "Select "+(cve_count-cve_checked_count)+" unchecked"; + } + document.getElementById("unselect-these").innerText = "Un-select "+cve_checked_count+" checked"; + if (0 == cve_checked_count) { + //$("#submit-publish").attr("disabled","disabled"); + document.getElementById("submit-publish").disabled = true; + } else { + //$("#submit-publish").removeAttr("disabled"); + document.getElementById("submit-publish").disabled = false; + } + } + + $('#select-these').click(function(){ + $('#selectpublishtable input').each(function(){ + $(this).prop('checked', true); + }); + update_publish_status(); + }); + + $('#unselect-these').click(function(){ + $('#selectpublishtable input').each(function(){ + $(this).prop('checked', false); + }); + update_publish_status(); + }); + + // Open Publish Action + $('#select-publish').click(function(){ + if (selected_publish) { + selected_publish=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-publish").slideUp(); + } else { + selected_publish=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + update_publish_status(); + $("#details-publish").slideDown(); + } + }); + + $('#submit-publish').click(function(){ + var cve_list=""; + $('#selectpublishtable input').each(function(){ + if ($(this).is(':checked')) { + cve_list +=$(this).prop('name') + ","; + } + }); + if ("" == cve_list) { + alert("No CVE's were selected"); + return; + } + publish_state=$('#select-publish-state').val(); + postCommitAjaxRequest({ + "publish_state" : publish_state, + "cve_list" : cve_list, + }); + + }); + + // When change in product selections, update labels and enables + $(document).on("change", "#all-products :checkbox", function() { + update_publish_status(); + }); + + // When change in CVE selections, update labels and enables + $(document).on("change", "#selectpublishtable :checkbox", function() { + update_publish_status(); + }); + + + // Standard Toaster Table enablement + + var tableElt = $("#{{table_name}}"); + var titleElt = $("[data-role='page-title']"); + + tableElt.on("table-done", function (e, total, tableParams) { + var title = "Publish CVE's"; + + if (tableParams.search || tableParams.filter) { + if (total === 0) { + title = "No CVE's found"; + } + else if (total > 0) { + title = total + " CVE" + (total > 1 ? "'s" : '') + " found"; + } + } + + titleElt.text(title); + cve_total = total; + update_publish_status(); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); + + }); + </script> +{% endblock %} diff --git a/lib/srtgui/templates/publish.html b/lib/srtgui/templates/publish.html index 2b65e81b..b1f3d83f 100644 --- a/lib/srtgui/templates/publish.html +++ b/lib/srtgui/templates/publish.html @@ -7,25 +7,38 @@ {% block title %} Publish Requests {% endblock %} {% block pagecontent %} - <div class="row"> - <div class="col-md-7" style="padding-left: 50px;"> +<div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> <li><a href="{% url 'manage' %}">Management</a></li><span class="divider">→</span> - <h1>Publish (Proposals)</h1> - </div> - </div> + <li>Publish (Proposals)</li> + </ul> + </div> +</div> <h2> Manage Publish Requests</h2> <ul> - <li>This interface can review and accept the list of vulnerabilities that have readhed their publication date</li> - <li>This is preferable over automatic publishing for when the defect and/or official publish date are not very certain</li> + <li>The SRTool supports an external publishing tool, for example a business table or the vendor's public website</li> + <li>These tools can be used to (a) submit CVEs to that tool, and (b) update the CVEs when they have been published</li> </ul> <h2> Publishing Actions</h2> <ul> - <li>Format (and hopefully automatically register) the Vulnerability information to the company website</li> - <li>Format a notice for TechPubs</li> - <li>Format a notice for the respective product leads</li> + <tr> + <td><a class="btn btn-info btn-lg" href="{% url 'select-publish' %}">Publish Request</a></td> + <td>Process the items that are ready to be published from SRTool</td> + </tr> + + <br> + <br> + <br> + + <tr> + <td><a class="btn btn-info btn-lg" href="{% url 'update-published' %}">Published Update</a></td> + <td>Process the items that have been published</td> + </tr> </ul> {% endblock %} diff --git a/lib/srtgui/templates/published-select-toastertable.html b/lib/srtgui/templates/published-select-toastertable.html new file mode 100644 index 00000000..df89d142 --- /dev/null +++ b/lib/srtgui/templates/published-select-toastertable.html @@ -0,0 +1,247 @@ +{% extends 'base.html' %} +{% load static %} + + +{% block extraheadcontent %} + <link rel="stylesheet" href="{% static 'css/jquery-ui.min.css' %}" type='text/css'> + <link rel="stylesheet" href="{% static 'css/jquery-ui.structure.min.css' %}" type='text/css'> + <link rel="stylesheet" href="{% static 'css/jquery-ui.theme.min.css' %}" type='text/css'> + <script src="{% static 'js/jquery-ui.min.js' %}"> + </script> + {% if access.is_creator %}{% else %}<meta http-equiv="refresh" content="0; url=/" />{% endif %} + + <style> + /* Style the execution buttons */ + button.execute { height:50px;width:210px;background-color:#4CAF50;text-align:center; border:2px #f69c55;border-radius: 12px; } + + button:disabled { + cursor: not-allowed; + } + + /* Create two equal columns that floats next to each other */ + .column { + float: left; + width: 350px; + padding: 10px; + } + + /* Clear floats after the columns */ + .row:after { + content: ""; + display: table; + clear: both; + } + </style> + +{% endblock %} + +{% block title %} Publish Reqested CVE's - SRTool {% endblock %} + +{% block pagecontent %} + + <div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'manage' %}">Management</a></li><span class="divider">→</span> + <li><a href="{% url 'publish' %}">Publish</a></li><span class="divider">→</span> + <li>Publish Requested Update CVE's</li> + </ul> + </div> + </div> + + <div id="change-publish-state" > <!--class="form-inline" --> + <b><big>Actions: </big></b> + <button id="select-these" class="btn btn-default" type="button">Select these</button> + <button id="unselect-these" class="btn btn-default" type="button">Un-select these</button> + <button id="select-publish" class="btn btn-default" type="button">Update ...</button> + <!--<button id="collect-publish" class="btn btn-default" type="button">Collect Publishable CVEs</button> --> + </div> + + <div id="details-publish" style="display:none;"> + <p><p> + <button class="execute" id="submit-publish"> Update Publish CVE State </button> + <p><b><big>New Publish State: </big></b> + <select name="Publish" id="select-publish-state"> + <option value="0" >Unpublished</option> + <option value="1" >Not to be Published</option> + <option value="2" selected>Published</option> + <option value="3" >Publish Request (New)</option> + <option value="4" >Publish Request (Update)</option> + <option value="5" >Publish Submitted</option> + </select> + </div> + + <div class="row"> + <div class="col-md-12"> + <div class="page-header"> + <h1 class="top-air" data-role="page-title"></h1> + </div> + + {% url '' as xhr_table_url %} + {% include 'toastertable.html' %} + </div> + </div> + + <!-- Javascript support --> + <script> + + //# sourceURL=somename.js + + // global variables + var selected_publish=false; + var cve_total=0; + + $(document).ready(function() { + + function onCommitAjaxSuccess(data, textstatus) { + if (window.console && window.console.log) { + console.log("XHR returned:", data, "(" + textstatus + ")"); + } else { + alert("NO CONSOLE:\n"); + return; + } + if (data.error != "ok") { + alert("error on request:\n" + data.error); + return; + } + // reload the page with the updated tables + location.reload(true); + } + + function onCommitAjaxError(jqXHR, textstatus, error) { + console.log("ERROR:"+error+"|"+textstatus); + alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); + } + + /* ensure cookie exists {% csrf_token %} */ + function postCommitAjaxRequest(reqdata) { + var ajax = $.ajax({ + type:"POST", + data: reqdata, + url:"{% url 'xhr_cve_publish_commit' %}", + headers: { 'X-CSRFToken': $.cookie("csrftoken")}, + success: onCommitAjaxSuccess, + error: onCommitAjaxError, + }) + } + + function update_publish_status() { + var cve_count = 0; + var cve_checked_count = 0; + $('#updatepublishedtable input').each(function(){ + cve_count = cve_count + 1; + if ($(this).is(':checked')) { + cve_checked_count = cve_checked_count + 1; + } + }); + if (cve_total > cve_count) { + document.getElementById("select-these").innerText = "Select "+(cve_count-cve_checked_count)+" unchecked ("+(cve_total-cve_count)+" offpage)"; + } else { + document.getElementById("select-these").innerText = "Select "+(cve_count-cve_checked_count)+" unchecked"; + } + document.getElementById("unselect-these").innerText = "Un-select "+cve_checked_count+" checked"; + if (0 == cve_checked_count) { + //$("#submit-publish").attr("disabled","disabled"); + document.getElementById("submit-publish").disabled = true; + } else { + //$("#submit-publish").removeAttr("disabled"); + document.getElementById("submit-publish").disabled = false; + } + } + + $('#select-these').click(function(){ + $('#updatepublishedtable input').each(function(){ + $(this).prop('checked', true); + }); + update_publish_status(); + }); + + $('#unselect-these').click(function(){ + $('#updatepublishedtable input').each(function(){ + $(this).prop('checked', false); + }); + update_publish_status(); + }); + + // Open Publish Action + $('#select-publish').click(function(){ + if (selected_publish) { + selected_publish=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-publish").slideUp(); + } else { + selected_publish=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + update_publish_status(); + $("#details-publish").slideDown(); + } + }); + + $('#submit-publish').click(function(){ + var cve_list=""; + $('#updatepublishedtable input').each(function(){ + if ($(this).is(':checked')) { + cve_list +=$(this).prop('name') + ","; + } + }); + if ("" == cve_list) { + alert("No CVE's were selected"); + return; + } + publish_state=$('#select-publish-state').val(); + postCommitAjaxRequest({ + "publish_state" : publish_state, + "cve_list" : cve_list, + }); + +// $.post("/srtgui/export/publish_cve", {parent_page:'publish_cve',cve_list:cve_list,report_type:$('#report_type').val(),report_format:$('#report_format').val(),csrfmiddlewaretoken:'{{ csrf_token }}'}, function(result){ +// alert(result); +// }); + + }); + + // When change in CVE selections, update labels and enables + $(document).on("change", "#updatepublishedtable :checkbox", function() { + update_publish_status(); + }); + + + // Standard Toaster Table enablement + + var tableElt = $("#{{table_name}}"); + var titleElt = $("[data-role='page-title']"); + + tableElt.on("table-done", function (e, total, tableParams) { + var title = "Publish Requested CVE's"; + + if (tableParams.search || tableParams.filter) { + if (total === 0) { + title = "No CVE's found"; + } + else if (total > 0) { + title = total + " CVE" + (total > 1 ? "'s" : '') + " found"; + } + } + + titleElt.text(title); + cve_total = total; + update_publish_status(); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list += this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + + }); + }); + </script> +{% endblock %} diff --git a/lib/srtgui/templates/report.html b/lib/srtgui/templates/report.html new file mode 100644 index 00000000..d4d27f76 --- /dev/null +++ b/lib/srtgui/templates/report.html @@ -0,0 +1,73 @@ +{% extends "base.html" %} + +{% load static %} +{% load projecttags %} +{% load humanize %} + +{% block title %} Report/Export {% endblock %} + +{% block pagecontent %} + <div class="row"> + <div class="col-md-7" style="padding-left: 50px;"> + <h1>Report/Export: {{title}}</h1> + </div> + </div> + + <form method="POST">{% csrf_token %} + <input type="hidden" name="parent_page" value="{{parent_page}}"> + <input type="hidden" name="record_list" value="{{record_list}}"> + + {% if report_type_list %} + <hr> + Report Type:<br> + <select name="report_type"> + {{report_type_list|safe}} + </select> + {% else %} + <hr> + Note: There is no report defined for this page.<br> + {% endif %} + + {% if report_get_title %} + <hr> + Title:<br> + <input type="text" name="title"> + <br> + {% endif %} + <hr> + + {% if report_recordrange_list %} + Record Range:<br> + {{report_recordrange_list|safe}} + <br> + {% endif %} + {% if report_columnrange_list %} + Column Range:<br> + {{report_columnrange_list|safe}} + {% endif %} + <hr> + + {% if report_format_list %} + Export Format:<br> + {{report_format_list|safe}} + <hr> + {% endif %} + + {% if report_custom_list %} + Page Specific Settings:<br> + {{report_custom_list|safe}} + <hr> + {% endif %} + + {% if report_enable_submit %} + <input type="submit" id="submit-report-button" class="btn btn-primary btn-lg" value="Generate and Download Report"/> + <a class="btn btn-info btn-lg" id="report-done" href="{% url 'landing' %}">Done</a> + {% else %} + <a class="btn btn-info btn-lg" id="report-cancel" href="{% url 'landing' %}">Cancel</a> + {% endif %} + + </form> + +<br> +{% endblock %} + diff --git a/lib/srtgui/templates/sources-toastertable.html b/lib/srtgui/templates/sources-toastertable.html new file mode 100644 index 00000000..1721e3b0 --- /dev/null +++ b/lib/srtgui/templates/sources-toastertable.html @@ -0,0 +1,72 @@ +{% extends 'base.html' %} +{% load static %} + +{% block extraheadcontent %} + <link rel="stylesheet" href="{% static 'css/jquery-ui.min.css' %}" type='text/css'> + <link rel="stylesheet" href="{% static 'css/jquery-ui.structure.min.css' %}" type='text/css'> + <link rel="stylesheet" href="{% static 'css/jquery-ui.theme.min.css' %}" type='text/css'> + <script src="{% static 'js/jquery-ui.min.js' %}"> + </script> +{% endblock %} + +{% block title %} Data Sources - SRTool {% endblock %} + +{% block pagecontent %} + +<div class="row"> + <!-- Breadcrumbs --> + <div class="col-md-12"> + <ul class="breadcrumb" id="breadcrumb"> + <li><a href="{% url 'landing' %}">Home</a></li><span class="divider">→</span> + <li><a href="{% url 'manage' %}">Management</a></li><span class="divider">→</span> + <li>Data Sources</li> + </ul> + </div> +</div> + + +<div class="row"> + <div class="col-md-12"> + <div class="page-header"> + <h1 class="top-air" data-role="page-title"></h1> + </div> + + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} + {% include 'toastertable.html' %} + </div> +</div> + + <script> + $(document).ready(function () { + var tableElt = $("#{{table_name}}"); + var titleElt = $("[data-role='page-title']"); + + tableElt.on("table-done", function (e, total, tableParams) { + var title = "Data Sources"; + + if (tableParams.search || tableParams.filter) { + if (total === 0) { + title = "No Data Sources found"; + } + else if (total > 0) { + title = total + " Data Source" + (total > 1 ? 's' : '') + " found"; + } + } + + titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".data > span").each(function(){ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + + }); + }); + </script> +{% endblock %} diff --git a/lib/srtgui/templates/triage_cves.html b/lib/srtgui/templates/triage_cves.html index 7325dce8..1df170ab 100644 --- a/lib/srtgui/templates/triage_cves.html +++ b/lib/srtgui/templates/triage_cves.html @@ -22,12 +22,18 @@ </ul> <a class="btn btn-info btn-lg" href="{% url 'keywords' %}">Manage Keyword Filters</a></td> -<h2> Guided Bulk Triage </h2> +<h2> New CVEs Triage </h2> <ul> - <li>Select a range of similar CVE's via scoring, string matches, and filters</li> + <li>Select a range of similar new incoming CVE's via scoring, string matches, and filters</li> <li>You can then (a) review/sample them, (b) select all or some, and then (c) click a button to bulk assign them</li> </ul> <a class="btn btn-info btn-lg" href="{% url 'select-cves' %}">Incoming CVE Triage Page</a> + +<h2> Updated CVEs Triage</h2> +<ul> + <li>Select a range of similar updated CVE's via scoring, string matches, and filters</li> + <li>You can then (a) review/sample them, (b) select all or some, and then (c) click a button to bulk assign them</li> +</ul> <a class="btn btn-info btn-lg" href="{% url 'tbd' %}">Updated CVE Triage Page</a> <h2> Guided Manual Triage </h2> diff --git a/lib/srtgui/templates/users.html b/lib/srtgui/templates/users.html index f934e552..3837b1fb 100644 --- a/lib/srtgui/templates/users.html +++ b/lib/srtgui/templates/users.html @@ -42,7 +42,7 @@ </div> </div> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>User List <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="{% url 'login' %}">Add user</a> </h3> @@ -59,17 +59,17 @@ </thead> {% if object.all %} - {% for p in object.all %} + {% for user in object.all %} <tr> - <td>{{ p.name }} </td> - <td>{{ p.email }} </td> - <td>{{ p.role }} </td> - <td>{{ p.get_access_text }} </td> + <td>{{ user.name }} </td> + <td>{{ user.email }} </td> + <td>{{ user.role }} </td> + <td>{{ user.get_access_text }} </td> <td> - {% if p.name != "Guest" %} - <span id="user_'+{{p.id}}+'" class="js-user-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="user_'+{{p.id}}+'" x-data="'+{{p.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="user_'+{{p.id}}+'" x-data="'+{{p.id}}+'"></span> + {% if not user.builtin %} + <span id="user_'+{{user.id}}+'" class="js-user-name"></span> + <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="user_'+{{user.id}}+'" x-data="'+{{user.id}}+'"></span> + <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="user_'+{{user.id}}+'" x-data="'+{{user.id}}+'"></span> {% endif %} </td> diff --git a/lib/srtgui/templates/vulnerabilities-toastertable.html b/lib/srtgui/templates/vulnerabilities-toastertable.html index 27d8bea4..5a5bae50 100644 --- a/lib/srtgui/templates/vulnerabilities-toastertable.html +++ b/lib/srtgui/templates/vulnerabilities-toastertable.html @@ -30,7 +30,8 @@ <h1 class="top-air" data-role="page-title"></h1> </div> - {% url 'cves' as xhr_table_url %} + {# xhr_table_url is just the current url so leave it blank #} + {% url '' as xhr_table_url %} {% include 'toastertable.html' %} </div> </div> @@ -53,7 +54,21 @@ } titleElt.text(title); + + /* Set the report link */ + var record_list="" + $(".name > a").each(function(){ + /* if ('id' in $(this)) { */ + var this_id=$(this).prop('id'); + if (this_id.startsWith("dataid_")) { + record_list +=this_id.replace(/dataid_/,"") + ","; + } + /* } */ + }); + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list="+record_list); + }); }); </script> {% endblock %} + diff --git a/lib/srtgui/templates/vulnerability.html b/lib/srtgui/templates/vulnerability.html index b238f7fc..ec0df78b 100644 --- a/lib/srtgui/templates/vulnerability.html +++ b/lib/srtgui/templates/vulnerability.html @@ -1,9 +1,32 @@ {% extends "base.html" %} - {% load projecttags %} -{% block title %} {{object.name}} - SRTool {% endblock %} +{% block extraheadcontent %} + <style> + /* Style the execution buttons */ + /*button.execute { height:50px;width:210px;background-color:#4CAF50;text-align:center; border:2px #f69c55;border-radius: 12px; }*/ + + button:disabled { + cursor: not-allowed; + } + + /* Create two equal columns that floats next to each other */ + .column { + float: left; + width: 350px; + padding: 10px; + } + + /* Clear floats after the columns */ + .row:after { + content: ""; + display: table; + clear: both; + } + </style> +{% endblock %} +{% block title %} {{object.name}} - SRTool {% endblock %} {% block pagecontent %} <div class="row"> @@ -56,9 +79,10 @@ </div> <div class="col-md-5"> <div class="well"> - <h2>Quick Info</h2> - - + <h2>Quick Info + {% if access.is_creator %} + <button id="select-quickedit" class="btn btn-default" type="button">Edit ...</button> + {% endif %}</h2> <dl class="dl-horizontal"> <dt>CVE Dictionary Entry:</dt> <dd> @@ -98,18 +122,104 @@ <dd> {{object.get_severity_text}} </dd> + <dt>Note:</dt> + <dd> + {{object.comments}} + </dd> + <dt>Private Note:</dt> + <dd> + {{object.comments_private}} + </dd> + + <div id="details-quickedit" style="display:none;"> + <p><p> + <button class="execute" id="submit-quickedit"> Submit Changes </button> + <p><input type="text" placeholder="Edit Note" id="text-note" size="40" value="{{object.comments}}"></p> + <p><input type="text" placeholder="Edit Private Note" id="text-private-note" size="40" value="{{object.comments_private}}"></p> + <p><p> + <div class="row"> + <div class="column"> + <p><b><label id="set_status">Set Status:</label></b> + <div id="status-list" class="scrolling" style="width: 300px;"> + <div class="checkbox"> <label> + <input type="radio" name="status" value="2" type="checkbox" {%if 2 == object.status %}checked="checked"{% endif %}> Vulnerable + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="status" value="1" type="checkbox" {%if 1 == object.status %}checked="checked"{% endif %}> Not Vulnerable + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="status" value="0" type="checkbox" {%if 0 == object.status %}checked="checked"{% endif %}> Investiage + </label><p></div> + </div> + </div> + <div class="column"> + <p><b><label id="set_outcome">Set Outcome:</label></b> + <div id="outcome-list" class="scrolling" style="width: 300px;"> + <div class="checkbox"> <label> + <input type="radio" name="outcome" value="3" type="checkbox" {%if 3 == object.outcome %}checked="checked"{% endif %}> Not Fix + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="outcome" value="2" type="checkbox" {%if 2 == object.outcome %}checked="checked"{% endif %}> Closed (Not Vulnerable) + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="outcome" value="1" type="checkbox" {%if 1 == object.outcome %}checked="checked"{% endif %}> Closed (Fixed) + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="outcome" value="0" type="checkbox" {%if 0 == object.outcome %}checked="checked"{% endif %}> Open + </label><p></div> + </div> + </div> + <div class="column"> + <p><b><label id="set_severity">Set Severity:</label></b> + <div id="severity-list" class="scrolling" style="width: 300px;"> + <div class="checkbox"> <label> + <input type="radio" name="severity" value="4" type="checkbox" {%if 4 == object.severity %}checked="checked"{% endif %}> High + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="severity" value="3" type="checkbox" {%if 3 == object.severity %}checked="checked"{% endif %}> Medium + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="severity" value="2" type="checkbox" {%if 2 == object.severity %}checked="checked"{% endif %}> Low + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="severity" value="1" type="checkbox" {%if 0 == object.severity %}checked="checked"{% endif %}> Minor + </label><p></div> + <div class="checkbox"> <label> + <input type="radio" name="severity" value="0" type="checkbox" {%if 0 == object.severity %}checked="checked"{% endif %}> Undefined + </label><p></div> + </div> + </div> + </div> + </div> </dl> </div> </div> </div> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Affected Products {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="{% url 'login' %}">Add product</a> + <button id="select-addaffectedproduct" class="btn btn-default" type="button">Add product ...</button> {% endif %} </h3> + <div id="details-addaffectedproduct" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-addaffectedproduct"> Submit </button> + <div class="row"> + <div id="all-affectedproducts" class="scrolling" style="width: 300px;"> + {% for product in products %} + <div class="checkbox"> + <label> + <input class="checkbox-products" name="{{product.pk}}" type="checkbox">{{product.long_name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -128,19 +238,20 @@ {% if object.get_affected_list.all %} {% for p in object.get_affected_list.all %} <tr> - <td>{{ p.product.name }} {{ p.product.version }} {{ p.product.profile }} </td> + {% if p.product != '%s' %} <!-- hack for null records --> + <td><a href="{% url 'product' p.product.id %}">{{ p.product.long_name }}<a></td> {% if p.investigation %} <td><a href="{% url 'investigation' p.investigation.id %}">{{ p.investigation.name }}<a></td> <td>{{ p.investigation.get_status_text }}</td> <td>{{ p.investigation.get_outcome_text }}</td> <td> {% for ij in p.investigation.investigation_to_defect.all %} - {% if not forloop.first %}| {% endif %}<a href="http://defect.wrs.com/browse/{{ij.defect.name}}" target="_blank">{{ij.defect.name}} </a> + {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' ij.defect.id %}">{{ij.defect.name}} </a> {% endfor %} </td> <td> {% for ij in p.investigation.investigation_to_defect.all %} - {% if not forloop.first %}| {% endif %}<a href="http://defect.wrs.com/browse/{{ij.defect.name}}" target="_blank">{{ij.defect.release_version}} </a> + {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' ij.defect.id %}">{{ij.defect.release_version}} </a> {% endfor %} </td> {% else %} @@ -153,10 +264,10 @@ {% if access.is_creator %} <td> <span id="affected_entry_'+{{p.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{p.id}}+'" x-data="'+{{p.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="affected_trash_'+{{p.id}}+'" x-data="'+{{p.id}}+'"></span> + <span class="glyphicon glyphicon-trash trash-affected" id="affected_trash_'+{{p.id}}+'" x-data="{{p.id}}"></span> </td> {% endif %} + {% endif %} </tr> {% endfor %} {% else %} @@ -168,13 +279,30 @@ </div> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Related Products {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="{% url 'login' %}">Add product</a> + <button id="select-addrelatedproduct" class="btn btn-default" type="button">Add product ...</button> {% endif %} </h3> + <div id="details-addrelatedproduct" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-addrelatedproduct"> Submit </button> + <div class="row"> + <div id="all-relatedproducts" class="scrolling" style="width: 300px;"> + {% for product in products %} + <div class="checkbox"> + <label> + <input class="checkbox-products" name="{{product.pk}}" type="checkbox">{{product.long_name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -188,15 +316,16 @@ {% if object.get_related_list.all %} {% for p in object.get_related_list.all %} <tr> - <td>{{ p.product.name }} {{ p.product.version }} {{ p.product.profile }} </td> + {% if p.product != '%s' %} <!-- hack for null records --> + <td><a href="{ % url 'product' p.product.id % }">{{p.product.long_name}}</a></td> <td>Not vulnerable</td> {% if access.is_creator %} <td> <span id="related_var_entry_'+{{p.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{p.id}}+'" x-data="'+{{p.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="related_trash_'+{{p.id}}+'" x-data="'+{{p.id}}+'"></span> + <span class="glyphicon glyphicon-trash trash-related" id="related_trash_'+{{p.id}}+'" x-data="{{p.id}}"></span> </td> {% endif %} + {% endif %} </tr> {% endfor %} {% else %} @@ -209,13 +338,17 @@ </div> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Comments {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-comment" href="{% url 'login' %}">Add comment</a> + <button id="select-newcomment" class="btn btn-default" type="button">Add comment ...</button> {% endif %} </h3> +<div id="input-newcomment" style="padding-left: 50px; display:none;"> + <p><input type="text" id="text-newcomment" size="40"> <button class="execute" id="submit-newcomment"> Submit </button></p> +</div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -234,11 +367,10 @@ <td>{{ c.comment }}</td> <td>{{ c.date }}</td> <td>{{ c.author }}</td> - {% if access.is_creator %} + {% if access.is_creator or c.author == access.current_user_name %} <td> <span id="config_var_entry_'+configvars_sorted[i][2]+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="comment_edit_'+{{c.id}}+'" x-data="'+{{c.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="comment_trash_'+{{c.id}}+'" x-data="'+{{c.id}}+'"></span> + <span class="glyphicon glyphicon-trash trash-comment" id="comment_trash_'+{{c.id}}+'" x-data="{{c.id}}"></span> </td> {% endif %} </tr> @@ -252,13 +384,25 @@ </div> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Attachments {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-attachement" href="{% url 'login' %}">Add attachment</a> + <a class="btn btn-default navbar-btn " id="select-addattachment">Add attachment ... </a> {% endif %} </h3> + <div id="details-addattachment" style="padding-left: 50px; display:none;"> + <p><p> + <div class="row"> + <form id="uploadbanner" enctype="multipart/form-data" method="post">{% csrf_token %} + <input id="fileDescription" name="fileDescription" type="text" placeholder="Enter Description" /> + <input id="fileUpload" name="fileUpload" type="file" /> + <input type="hidden" id="action" name="action" value="upload"> + <input type="submit" value="submit file" id="submit-addattachment" /> + </form> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -275,17 +419,20 @@ {% for u in object.vulnerability_uploads.all %} <tr> <td>{{ u.description }}</td> - <td>{{ u.path }}</td> + <td>{{ u.path|basename }}</td> <td>{{ u.size }}</td> <td>{{ u.date }}</td> <td>{{ u.author }}</td> <td> <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-download-alt get-help" title="Download document"></span> - {% if access.is_creator %} - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="attachment_trash_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - {% endif %} + <form id="downloadbanner" enctype="multipart/form-data" method="post" >{% csrf_token %} + <input type="hidden" id="action" name="action" value="download"> + <input type="hidden" id="record_id" name="record_id" value={{u.id}}> + <span class="glyphicon glyphicon-download-alt submit-downloadattachment" id="attachment_download_'+{{u.id}}+'" x-data="{{u.id}}"></span> + {% if access.is_creator %} + <span class="glyphicon glyphicon-trash trash-attachment" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> + {% endif %} + </form> </td> </tr> {% endfor %} @@ -295,18 +442,35 @@ </tr> {% endif %} </table> - </div> <br/> -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>Change Notifications {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-notify" href="{% url 'login' %}">Add user notification</a> + <button id="select-addusernotify" class="btn btn-default" type="button">Add user notification ...</button> {% endif %} </h3> + <div id="details-addusernotify" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-addusernotify"> Submit </button> + <div class="row"> + <p> + <div id="all-users" class="scrolling" style="width: 300px;"> + {% for user in users %} + <div class="checkbox"> + <label> + <input class="checkbox-users" name="{{user.pk}}" type="checkbox">{{user.name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -318,16 +482,15 @@ </tr> </thead> - {% if object.vulnerability_users.all %} - {% for u in object.vulnerability_users.all %} + {% if object.vulnerability_notification.all %} + {% for u in object.vulnerability_notification.all %} <tr> <td>{{ u.user.name }}</td> <td>{{ u.user.email }}</td> - {% if access.is_creator %} + {% if access.is_creator or u.user.name == access.current_user_name %} <td> <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="attachment_trash_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> + <span class="glyphicon glyphicon-trash trash-usernotification" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> </td> {% endif %} </tr> @@ -341,15 +504,34 @@ </div> -{% if access.is_creator %} +{% if not object.public %} + {% if access.is_creator %} - <div class="row"> + <div class="row" style="padding-left: 25px;"> <h3>User Access {% if access.is_creator %} - <a class="btn btn-default navbar-btn " id="new-investigation-access" href="{% url 'login' %}">Add user access</a> + <button id="select-adduseraccess" class="btn btn-default" type="button">Add user access ...</button> {% endif %} </h3> + <div id="details-adduseraccess" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-adduseraccess"> Submit </button> + <div class="row"> + <p> + <div id="all-users" class="scrolling" style="width: 300px;"> + {% for user in users %} + <div class="checkbox"> + <label> + <input class="checkbox-users" name="{{user.pk}}" type="checkbox">{{user.name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> <tr> @@ -372,8 +554,7 @@ <td>{{ u.user.name }}</td> <td> <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> - <span class="glyphicon glyphicon-edit js-icon-pencil-config_var" id="affected_edit_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> - <span class="glyphicon glyphicon-trash js-icon-trash-config_var" id="attachment_trash_'+{{u.id}}+'" x-data="'+{{u.id}}+'"></span> + <span class="glyphicon glyphicon-trash trash-useraccess" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> </td> </tr> {% endfor %} @@ -387,9 +568,10 @@ </table> </div> + {% endif %} {% endif %} -<div class="row"> +<div class="row" style="padding-left: 25px;"> <h3>History</h3> <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> <thead> @@ -415,5 +597,339 @@ </table> </div> +<!-- Javascript support --> +<script> + var selected_addrelatedproduct=false; + var selected_addaffectedproduct=false; + var selected_newcomment=false; + var selected_addusernotify=false; + var selected_adduseraccess=false; + var selected_quickedit=false; + var selected_addattachment=false; + + window.onload = function() { + $("input[name=status][value=" + {{ object.status }} + "]").prop('checked', true); + $("input[name=outcome][value=" + {{ object.outcome }} + "]").prop('checked', true); + $("input[name=severity][value=" + {{ object.severity }} + "]").prop('checked', true); + } + + $(document).ready(function() { + function onCommitAjaxSuccess(data, textstatus) { + if (window.console && window.console.log) { + console.log("XHR returned:", data, "(" + textstatus + ")"); + } else { + alert("NO CONSOLE:\n"); + return; + } + if (data.error != "ok") { + alert("error on request:\n" + data.error); + return; + } + // reload the page with the updated tables + location.reload(true); + } + + function onCommitAjaxError(jqXHR, textstatus, error) { + console.log("ERROR:"+error+"|"+textstatus); + alert("XHR errored1:\n" + error + "\n(" + textstatus + ")"); + } + + /* ensure cookie exists {% csrf_token %} */ + function postCommitAjaxRequest(reqdata) { + reqdata["vulnerability_id"] = {{ object.id }} + var ajax = $.ajax({ + type:"POST", + data: reqdata, + url:"{% url 'xhr_vulnerability_commit' %}", + headers: { 'X-CSRFToken': $.cookie("csrftoken")}, + success: onCommitAjaxSuccess, + error: onCommitAjaxError, + }) + } + + $('#select-these').click(function(){ + $(':checkbox').each(function(){ + $(this).prop('checked', true); + }); + }); + + $('#unselect-these').click(function(){ + $(':checkbox').each(function(){ + $(this).prop('checked', false); + }); + }); + + $('#select-quickedit').click(function(){ + if (selected_quickedit) { + selected_quickedit=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-quickedit").slideUp(); + } else { + selected_quickedit=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-quickedit").slideDown(); + } + }); + + $('#submit-quickedit').click(function(){ + var note=$('#text-note').val().trim() + var private_note=$('#text-private-note').val().trim() + var status=0 + $('#status-list input').each(function(){ + if ($(this).is(':checked')) { + status = $(this).prop('value'); + } + }); + var outcome=0 + $('#outcome-list input').each(function(){ + if ($(this).is(':checked')) { + outcome = $(this).prop('value'); + } + }); + var severity=0 + $('#severity-list input').each(function(){ + if ($(this).is(':checked')) { + severity = $(this).prop('value'); + } + }); + + postCommitAjaxRequest({ + "action" : 'submit-quickedit', + "note" : note, + "private_note" : private_note, + "status" : status, + "outcome" : outcome, + "severity" : severity, + }); + }); + + $('#select-addrelatedproduct').click(function(){ + if (selected_addrelatedproduct) { + selected_addrelatedproduct=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-addrelatedproduct").slideUp(); + } else { + selected_addrelatedproduct=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-addrelatedproduct").slideDown(); + } + }); + + $('#submit-addrelatedproduct').click(function(){ + var product_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + product_list += $(this).prop('name') + ","; + } + }); + if ("" == product_list) { + alert("No products were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-addrelatedproduct', + "products" : product_list, + }); + }); + + $('.trash-related').click(function() { + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashrelated', + "record_id" : $(this).attr('x-data'), + }); + } + }); + + $('#select-addaffectedproduct').click(function(){ + if (selected_addaffectedproduct) { + selected_addaffectedproduct=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-addaffectedproduct").slideUp(); + } else { + selected_addaffectedproduct=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-addaffectedproduct").slideDown(); + } + }); + + $('#submit-addaffectedproduct').click(function(){ + var product_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + product_list += $(this).prop('name') + ","; + } + }); + if ("" == product_list) { + alert("No products were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-addaffectedproduct', + "products" : product_list, + }); + }); + + $('.trash-affected').click(function() { + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashaffected', + "record_id" : $(this).attr('x-data'), + }); + } + }); + + $('#select-newcomment').click(function(){ + if (selected_newcomment) { + selected_newcomment=false; + $("#input-newcomment").slideUp(); + } else { + selected_newcomment=true; + $("#input-newcomment").slideDown(); + } + }); + + $('#submit-newcomment').click(function(){ + var comment=$('#text-newcomment').val().trim() + if (comment=="") { + alert("No comment was written"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-newcomment', + "comment" : comment, + }) + }); + + $('.trash-comment').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashcomment', + "record_id" : $(this).attr('x-data'), + }); + } + }) + + $('#select-addattachment').click(function() { + if (selected_addattachment) { + selected_addattachment=false; + $("#details-addattachment").slideUp(); + } else { + selected_addattachment=true; + $("#details-addattachment").slideDown(); + } + }); + + $('.submit-downloadattachment').click(function() { + $("#downloadbanner").submit(); + }); + + $('.trash-attachment').click(function() { + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashattachment', + "record_id" : $(this).attr('x-data'), + }); + } + }); + + // Open AddUserNotify Action + $('#select-addusernotify').click(function(){ + if (selected_addusernotify) { + selected_addusernotify=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-addusernotify").slideUp(); + } else { + selected_addusernotify=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-addusernotify").slideDown(); + } + }); + + $('#submit-addusernotify').click(function(){ + var user_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + user_list += $(this).prop('name') + ","; + } + }); + if ("" == user_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-addusernotify', + "users" : user_list, + }); + }); + + $('.trash-usernotification').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashusernotification', + "record_id" : $(this).attr('x-data'), + }); + } + }) + + $('#select-adduseraccess').click(function(){ + if (selected_adduseraccess) { + selected_adduseraccess=false; + $("#select-these").removeAttr("disabled"); + $("#unselect-these").removeAttr("disabled"); + $("#details-adduseraccess").slideUp(); + } else { + selected_adduseraccess=true; + $("#select-these").attr("disabled","disabled"); + $("#unselect-these").attr("disabled","disabled"); + $("#details-adduseraccess").slideDown(); + } + }); + + $('#submit-adduseraccess').click(function(){ + var user_list="" + $(':checkbox').each(function(){ + if ($(this).is(':checked')) { + user_list += $(this).prop('name') + ","; + } + }); + if ("" == user_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-adduseraccess', + "users" : user_list, + }); + }); + + $('.trash-useraccess').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashuseraccess', + "record_id" : $(this).attr('x-data'), + }); + } + }) + + /* Set the report link */ + $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{object.id}}"); + }); +</script> + {% endblock %} |