diff options
Diffstat (limited to 'lib/srtgui/views.py')
-rw-r--r-- | lib/srtgui/views.py | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/lib/srtgui/views.py b/lib/srtgui/views.py index dc8f7642..db9e8fbc 100644 --- a/lib/srtgui/views.py +++ b/lib/srtgui/views.py @@ -522,7 +522,7 @@ def cve(request, cve_pk, active_tab="1"): # Prepend summary page? cve_sources = CveSource.objects.filter(cve=cve_object.id).order_by('datasource__key') - if 1 < len(cve_sources): + if True or (1 < len(cve_sources)): tab_states[chr(cve_index)] = '' cveDetails,cve_html = summaryCveDetails(cve_object,cve_sources) cve_list_table.append([cveDetails,tab_states[chr(cve_index)],'Summary',cve_html]) @@ -1096,22 +1096,45 @@ def xhr_triage_commit(request): created_list = "Status=%s:%s" % (cve.get_status_text,created_list) if 'submit-isvulnerable' == action: - reason = request.POST['reason'] - defect_reason = request.POST['defect_reason'] + reason = request.POST['reason'].strip() + defect_reason = request.POST['defect_reason'].strip() cves = request.POST['cves'] products = request.POST['products'] components = request.POST['components'] priority = request.POST['priority'] make_defects = ('yes' == request.POST['mk_d']) mark_publish = ('yes' == request.POST['pub']) - group_vulnerabilities = ('yes' == request.POST['group_v']) + group_vulnerability = int(request.POST['vul_group']) + group_vulnerability_name = request.POST['vul_name'].strip() notifications = ('yes' == request.POST['notify']) add_for = request.POST['for'] - _log("xhr_triage_commit:IS:%s|%s|%s|%s|%s|%s|%s|%s|%s" % (reason,defect_reason,cves,products,components,make_defects,mark_publish,add_for,priority)) - first_vulnerability = True + _log("xhr_triage_commit:IS:%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|" % (reason,defect_reason,cves,products,components,make_defects,mark_publish,add_for,priority,group_vulnerability,group_vulnerability_name)) + # Set up investigation_names = {} created_list = '' notify_message = 'Triage:Vulnerable:' + # Map vulnerability grouping + v = None + if 2 == group_vulnerability: + # Existing V all C + first_vulnerability = False + group_vulnerabilities = True + try: + v = Vulnerability.objects.get(name=group_vulnerability_name) + created_list += ' %s(found)' % v.name + notify_message += ' Found:%s' % v.name + except Exception as e: + _log("xhr_triage_commit:No such Vulnerability name found (%s,%s)" % (group_vulnerability_name,e)) + return HttpResponse(json.dumps({"error":"No such Vulnerability name found (%s)" % (group_vulnerability_name)}), content_type = "application/json") + elif 1 == group_vulnerability: + # One V all C + first_vulnerability = True + group_vulnerabilities = True + else: + # One V per C + first_vulnerability = True + group_vulnerabilities = False + # Process the CVE list for cve_name in cves.split(','): # update CVE cve = Cve.objects.get(name=cve_name) @@ -1135,6 +1158,7 @@ def xhr_triage_commit(request): v.save() notify_message += " %s" % v_name created_list += ' %s' % v.name + _log("Create First Vulnerability:%s" % v.name) # add audit comment cc = CveHistory.objects.create(cve=cve) cc.date = today @@ -1316,6 +1340,17 @@ def xhr_cve_commit(request): cve2vul = CveToVulnerablility.objects.create(cve = cve,vulnerability = vulnerability) cve2vul.save() _log("SUBMIT-CREATE-VULNERABILITY:%s,%s,%s" % (cve.id,vulnerability.id,cve2vul.id)) + if 'submit-attach-vulnerability' == action: + _log("SUBMIT-CREATE-VULNERABILITY") + vname = request.POST['vul_name'].strip() + try: + vulnerability = Vulnerability.objects.get(name = vname) + except Exception as e: + _log("xhr_triage_commit:No such Vulnerability name found (%s,%s)" % (vname,e)) + return HttpResponse(json.dumps({"error":"No such Vulnerability name found (%s)" % (vname)}), content_type = "application/json") + cve2vul = CveToVulnerablility.objects.create(cve = cve,vulnerability = vulnerability) + cve2vul.save() + _log("SUBMIT-CREATE-VULNERABILITY:%s,%s,%s" % (cve.id,vulnerability.id,cve2vul.id)) return_data = { "error": "ok", |