| Age | Commit message (Collapse) | Author |
|---|
|
Normally the Table display feature caches served pages for
faster refresh. However, in the SRTool the data is very
volaile so this often shows stale information. For now,
disable the caching.
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
Enhance the search query processing:
* By default, space separators are treated as AND
* Add the explicit keywords OR and AND
Note: these keywords switch the default separator
* Allow OR searches in addition to AND searches
Note: mixed searches use the SQL precedence rules
* Allow a '-' prefix to exclude a string
* Allow single and double quotes for exact matches
Examples:
* abd def (equals: abc AND def)
* abc OR def (equals: OR abc def)
* abc OR "def ghi" (equals: abc OR 'def ghi')
* abc OR def AND -ghi
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
|
|
- Fix whitespace
- Remove redundant imports
- Remove redundant semicolons
- Remove redundant try/except
- Remove redundant super()
|
|
[YOCTO #13093]
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
Support Django-2.2:
Move 'django.core.urlresolvers' to 'django.urls'
Disable 'register.assignment_tag' tags
Move settings 'MIDDLEWARE_CLASSES' to 'MIDDLEWARE'
Move urlpatterns 'include' to 'path'
Move 'regex.pattern' to 'pattern.regex.pattern'
Maintain Django-1.11 support
General Fixes:
Fix commit for notify_categories
Add more error halt checks during lsupdates
Add explicit 'on_delete=models.CASCADE' for all ForeignKey's
Fix 'get_defect_tag' processing
[YOCTO #13091]
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
Changes:
Repartition the data sources
Reconfigure the data sources into self-contained directories under the "bin" directory.
Implement dynamic data source discovery and import
Remove all hard coded data source data (e.g. fixtures, data, CVE lookups)
Add license files to all data sources
Django User model
Add "users" Django application dir
Login page
Self create user account page
Password change page
User access and delete management
CVE
Name sorting by hidden 'name_sort' field (CVE-nnnn-0nnnnnn)
CVE Triage
Auto import reserved CVEs
Add MITRE CVE records where NIST missing
Add data source count to triage page
Easy checkbox toggle by clicking any field
Triage any CVE status category (not just new)
Assign to any CVE status category
Object create/delete
Create/Delete Vulnerablities
Create/Delete Investigations from Vulnerablity page
Add "Historical" CVE status
When bootstraping system, all CVEs older than 60 days preset to "Historical"
Add CVEs withint 60 days preset to "New"
Can be overridden by defect and systaining status imports
Preadd Debian data for "New" CVEs
Abstraction
Add generic Product mappings to defect system ("defect_tag": defect prefix)
Add generic Product mappings to product system ("product_tag": product reference, related)
Manage functions via "srt" script
For example add superuser
Normalize Vulnerability to Investigation mapping
Replace orm_vulnerabilityproduct with orm_vulnerabilitytoinvestigation
General
Enable the 'srtool-requirements.txt' Django test
Speed the CVE scoring by pre-fetching the datasources
Progress display cleanup
Move and update srtool_defect prototype to 'bin/yp'
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
Summary:
* CVE management enhancements
* Lookup Mitre, Red Hat, Debian
* Local CVE's
* Edit CVE's
* CVE triage: create defects and notifications
* Packages
* Table, packages to C/V/I/D
* Filter model update
* Triage filtering script
* Notifications
* Upstream CVE changes
* Upstream defect changes
* Notices and reminders
* Creation
* Emails
* Productization
* Move DataSource to Init/Update/Lookup model
* Add defect details to Management home page
* Add author to notification records
* Move fixture data and SrtSettings to JSON files
* database column mappings for scripts generated directly from database
* srtool_utils.py: add [backup|restore]_cve_packages
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
* Add incremental NIST scans and import to CVE database
* Add modified NIST scans and import to CVE database
* Moved CVE details out of SRTool database to reduce size
* Add CVE details lookup in cached CVE upstream files
* Added edit support for Vulnerabilies and Investigations
* Comments
* Attachments and downloads
* Product list
* History audit trail
* Add Vulnerability and Investigation creation from CVE triage
* Add user id to session variables
* Add defect import placeholder script
* Modularize the fixture files for common versus site-specific setup
Signed-off-by: Moayer, Puya <Puya.Moayer@windriver.com>
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
|
Signed-off-by: David Reyna <David.Reyna@windriver.com>
|
David Reyna
Ross Burton