diff options
Diffstat (limited to 'lib/srtgui/views.py')
-rw-r--r-- | lib/srtgui/views.py | 59 |
1 files changed, 55 insertions, 4 deletions
diff --git a/lib/srtgui/views.py b/lib/srtgui/views.py index 7fdfad98..d3601181 100644 --- a/lib/srtgui/views.py +++ b/lib/srtgui/views.py @@ -40,6 +40,7 @@ from orm.models import DataSource from orm.models import Defect, DefectHistory, PublishPending, PublishSet from orm.models import Notify, NotifyAccess, NotifyCategories from orm.models import SRTool, Update +from orm.models import ErrorLog from users.models import SrtUser, UserSafe @@ -59,7 +60,7 @@ SRT_BASE_DIR = os.environ['SRT_BASE_DIR'] logger = logging.getLogger("srt") # quick development/debugging support -from srtgui.api import _log +from srtgui.api import error_log, _log # # ================= Helper Routines ============================================ @@ -494,6 +495,10 @@ def management(request): 'defect_p2' : defect_p2, 'package_total' : Package.objects.all().count(), + + 'notification_total' : Notify.objects.all().count(), + 'errorlog_total' : ErrorLog.objects.all().count(), + } return render(request, 'management.html', context) @@ -503,6 +508,7 @@ def maintenance(request): return redirect(landing) context = { + 'errorlog_total' : ErrorLog.objects.all().count(), 'history_cve_total' : CveHistory.objects.all().count(), 'history_vulnerability_total' : VulnerabilityHistory.objects.all().count(), 'history_investigation_total' : InvestigationHistory.objects.all().count(), @@ -668,7 +674,7 @@ def vulnerability(request, vulnerability_pk): except: return redirect(landing) - products = Product.objects.all() + products = Product.objects.all().order_by('order') # does this user have permission to see this record? if (not vulnerability_object.public) and (not UserSafe.is_admin(request.user)): @@ -756,12 +762,15 @@ def investigation(request, investigation_pk): # Calculate the default 'affected_components' list, if any affected_components = '' - affected_components_list = [] + affected_components_list = {} + for package in investigation_object.packages.split(): + affected_components_list[package] = True vulnerability = investigation_object.vulnerability vc_list = vulnerability.vulnerability_to_cve.all() for vc in vc_list: if vc.cve.packages: - affected_components_list.append(vc.cve.packages) + for package in vc.cve.packages.split(): + affected_components_list[package] = True if affected_components_list: affected_components = ' '.join(affected_components_list) @@ -1382,6 +1391,8 @@ def _create_defect(investigation,reason,defect_reason,domain_components,affected d_name = params[0] d_url = params[1] _log("SRT_DEFECT3c|%s|%s|" % (d_name,d_url)) + else: + error_log(ErrorLog.ERROR,"DEFECT_CREATION_FAIL(%d)'%s':'%s'" % (result_returncode,result_stdout,result_stderr)) ### TO-DO: Trigger dialog in a production system if not defect created at this point ### For now provide a defect number simulation if not d_name: @@ -1407,6 +1418,7 @@ def _create_defect(investigation,reason,defect_reason,domain_components,affected d.srt_status = Defect.VULNERABLE d.srt_outcome = Defect.OPEN d.url = d_url + d.packages = investigation.packages d.save() _log("NEW_DEFECT:%s|%s|%s|%s" % (d.name,summary,components,priority)) # Create Investigation to Defect @@ -1606,6 +1618,7 @@ def xhr_triage_commit(request): vulnerability.status = new_status vulnerability.outcome = Vulnerability.OPEN vulnerability.comments = reason + vulnerability.packages = cve.packages vulnerability.save() notify_message += " %s" % v_name created_list += ' %s' % vulnerability.name @@ -1645,6 +1658,7 @@ def xhr_triage_commit(request): investigation = Investigation.objects.create(name=i_name,product=product,vulnerability = vulnerability) investigation.priority = cve_priority investigation.outcome = Investigation.OPEN + investigation.packages = cve.packages # Check to see if product is active _log("BOO1:") if 'no' == product.get_product_tag('active','yes'): @@ -1834,6 +1848,7 @@ def xhr_cve_commit(request): status = cve.status, priority = cve.priority, comments = cve.comments, + packages = cve.packages, ) vulnerability.save() history_update.append(Update.ATTACH_INV % (vname)) @@ -1931,6 +1946,7 @@ def xhr_vulnerability_commit(request): priority = int(request.POST['priority']) status = int(request.POST['status']) outcome = int(request.POST['outcome']) + affected_components = request.POST['affected_components'].strip() v = Vulnerability.objects.get(id=v_id) if (v.priority != priority): history_update.append(Update.PRIORITY % (SRTool.priority_text(v.priority),SRTool.priority_text(priority))) @@ -1950,6 +1966,9 @@ def xhr_vulnerability_commit(request): if (tags != v.tags): history_update.append(Update.TAG) v.tags = tags + if (affected_components != v.packages): + history_update.append(Update.AFFECTED_COMPONENT % (v.packages,affected_components)) + v.packages = affected_components v.save() if 'submit-addproduct' == action: products = request.POST['products'] @@ -1968,6 +1987,7 @@ def xhr_vulnerability_commit(request): priority = vulnerability_obj.priority, product = product_obj, comments = vulnerability_obj.comments, + packages = vulnerability_obj.packages, ) vul2inv = VulnerabilityToInvestigation.objects.create(vulnerability=vulnerability_obj,investigation=investigation_obj) vul2inv.save() @@ -2118,6 +2138,30 @@ def xhr_notifications(request): _log("xhr_notifications_commit:no(%s)" % e) return HttpResponse(json.dumps({"error":str(e) + "\n"}), content_type = "application/json") +def xhr_errorlogs(request): + _log("xhr_errorlogs(%s)" % request.POST) + if not 'action' in request.POST: + return HttpResponse(json.dumps({"error":"missing action\n"}), content_type = "application/json") + + action = request.POST['action'] + + _log("xhr_errorlogs1") + + try: + results_msg = '' + if 'delete-errorlogs' == action: + log_list = request.POST['log_list'] + for log_id in log_list.split(','): + ErrorLog.objects.get(pk=log_id).delete() + return_data = { + "error": "ok", + "results_msg": results_msg, + } + return HttpResponse(json.dumps( return_data ), content_type = "application/json") + except Exception as e: + _log("xhr_errorlogs_commit:ERROR(%s)" % e) + return HttpResponse(json.dumps({"error":str(e) + "\n"}), content_type = "application/json") + def xhr_packages(request): _log("xhr_packages(%s)" % request.POST) if not 'action' in request.POST: @@ -2155,6 +2199,7 @@ def xhr_investigation_commit(request): username = UserSafe.user_name(request.user) try: history_update = [] + xhr_note = '' if 'submit-quickedit' == action: priority = int(request.POST['priority']) status = int(request.POST['status']) @@ -2162,6 +2207,7 @@ def xhr_investigation_commit(request): note = request.POST['note'].strip() private_note = request.POST['private_note'].strip() tags = request.POST['tags'].strip() + affected_components = request.POST['affected_components'].strip() invst = Investigation.objects.get(id=invst_id) if (invst.priority != priority): history_update.append(Update.PRIORITY % (SRTool.priority_text(invst.priority),SRTool.priority_text(priority))) @@ -2181,6 +2227,9 @@ def xhr_investigation_commit(request): if (invst.tags != tags): invst.tags = tags history_update.append(Update.TAG) + if (invst.packages != affected_components): + history_update.append(Update.AFFECTED_COMPONENT % (invst.packages,affected_components)) + invst.packages = affected_components invst.save() if 'submit-attachdefectlist' == action: defects = request.POST['defects'] @@ -2230,6 +2279,7 @@ def xhr_investigation_commit(request): affected_components = request.POST['affected_components'].strip() defect_name,created = _create_defect(investigation,'',defect_reason,components,affected_components,username) history_update.append(Update.ATTACH_DEV % defect_name) + xhr_note = defect_name if 'submit-detachdefect' == action: defect_name = request.POST['defect'] product_id = Investigation.objects.get(id=invst_id).product_id @@ -2293,6 +2343,7 @@ def xhr_investigation_commit(request): InvestigationHistory.objects.create(investigation_id=invst_id, comment=update_comment, date=datetime.now().strftime('%Y-%m-%d'), author=username) return_data = { "error": "ok", + "note": xhr_note, } return HttpResponse(json.dumps( return_data ), content_type = "application/json") |