#
# Security Response Tool Implementation
#
# Copyright (C) 2017-2018 Wind River Systems
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Please run flake8 on this file before sending patches
import os
import logging
from datetime import datetime
import csv
from orm.models import Cve, CveSource, Vulnerability, Investigation, Defect, Product
from orm.models import Package
from srtgui.api import readCveDetails, summaryCveDetails
from django.db.models import Q
logger = logging.getLogger("srt")
SRT_BASE_DIR = os.environ['SRT_BASE_DIR']
SRT_REPORT_DIR = '%s/reports' % SRT_BASE_DIR
# quick development/debugging support
from srtgui.api import _log
def _log_args(msg, *args, **kwargs):
s = '%s:(' % msg
if args:
for a in args:
s += '%s,' % a
s += '),('
if kwargs:
for key, value in kwargs.items():
s += '(%s=%s),' % (key,value)
s += ')'
_log(s)
class Report():
def __init__(self, parent_page, *args, **kwargs):
self.parent_page = parent_page
self.report_name = '%s%s' % (parent_page[0].upper(),parent_page[1:])
self.title = self.report_name
self.request = kwargs['request']
def get_context_data(self, *args, **kwargs):
context = {}
context['title'] = self.title
context['parent_page'] = self.parent_page
context['report_name'] = self.report_name
context['report_enable_submit'] = '1'
# global variables
return context
def exec_report(self, *args, **kwargs):
return None
class ManagementReport(Report):
"""Report for the Management Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_MANAGEMENT_INIT(%s)" % parent_page, *args, **kwargs)
super(ManagementReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_MANAGEMENT_CONTEXT", *args, **kwargs)
context = super(ManagementReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_MANAGEMENT_EXEC", *args, **kwargs)
super(ManagementReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
report_name = '%s/management_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if 'status' == report_type:
if 'txt' == format:
file.write("Report : Management - Summary\n")
file.write("\n")
file.write("%s%s%s\n" % ('cve_total',tab,Cve.objects.all().count()))
file.write("%s%s%s\n" % ('cve_new',tab,Cve.objects.filter(status=Cve.NEW).count()))
file.write("%s%s%s\n" % ('cve_open',tab,Cve.objects.filter( Q(status=Cve.INVESTIGATE) & Q(status=Cve.VULNERABLE) ).count()))
file.write("%s%s%s\n" % ('vulnerability_total',tab,Vulnerability.objects.all().count()))
file.write("%s%s%s\n" % ('vulnerability_open',tab,Vulnerability.objects.filter(outcome=Vulnerability.OPEN).count()))
file.write("%s%s%s\n" % ('vulnerability_high',tab,Vulnerability.objects.filter(priority=Vulnerability.HIGH).count()))
file.write("%s%s%s\n" % ('vulnerability_medium',tab,Vulnerability.objects.filter(priority=Vulnerability.MEDIUM).count()))
file.write("%s%s%s\n" % ('vulnerability_low',tab,Vulnerability.objects.filter(priority=Vulnerability.HIGH).count()))
file.write("%s%s%s\n" % ('investigation_total',tab,Investigation.objects.all().count()))
file.write("%s%s%s\n" % ('investigation_open',tab,Investigation.objects.filter(outcome=Investigation.OPEN).count()))
file.write("%s%s%s\n" % ('investigation_high',tab,Investigation.objects.filter(priority=Investigation.HIGH).count()))
file.write("%s%s%s\n" % ('investigation_medium',tab,Investigation.objects.filter(priority=Investigation.MEDIUM).count()))
file.write("%s%s%s\n" % ('investigation_low',tab,Investigation.objects.filter(priority=Investigation.LOW).count()))
file.write("%s%s%s\n" % ('defect_total',tab,Defect.objects.all().count()))
if 'vulnerabilities' == report_type:
if 'txt' == format:
file.write("Report : Management - Open Vulnerabilities\n")
file.write("\n")
else:
file.write("Name\tStatus\tOutcome\tPriority\tComments\tCVEs\tInvestigations\n")
for v in Vulnerability.objects.filter(outcome=Vulnerability.OPEN):
if 'txt' == format:
file.write("Name: %s\n" % v.name)
file.write(" Status: %s\n" % v.get_status_text)
file.write(" Outcome: %s\n" % v.get_outcome_text)
file.write(" Priority: %s\n" % v.get_priority_text)
file.write(" Comments: %s\n" % v.comments)
file.write(" CVEs: ")
for i,vc in enumerate(v.vulnerability_to_cve.all()):
if i > 0:
file.write(",")
file.write("%s" % vc.cve.name)
file.write("\n")
file.write(" Investigations: ")
for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
if i > 0:
file.write(",")
file.write("%s" % investigation.name)
file.write("\n")
file.write("\n")
else:
file.write("%s\t%s\t%s\t%s\t%s\t" % (v.name,v.get_status_text,v.get_outcome_text,v.get_priority_text,v.comments))
for i,vc in enumerate(v.vulnerability_to_cve.all()):
if i > 0:
file.write(",")
file.write("%s" % vc.cve.name)
file.write("\t")
for i,investigation in enumerate(Investigation.objects.filter(vulnerability=v)):
if i > 0:
file.write(",")
file.write("%s" % investigation.name)
file.write("\n")
if 'investigations' == report_type:
if 'txt' == format:
file.write("Report : Management - Open Vulnerabilities\n")
file.write("\n")
else:
file.write("Name\tStatus\tOutcome\tPriority\tComments\tDefects\n")
for investigation in Investigation.objects.filter(outcome=Vulnerability.OPEN):
if 'txt' == format:
file.write("Name: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Comments: %s\n" % investigation.comments)
file.write(" Defects: ")
for i,id in enumerate(investigation.investigation_to_defect.filter(investigation=investigation)):
if i > 0:
file.write(",")
file.write("%s" % id.defect.name)
file.write("\n")
file.write("\n")
else:
file.write("%s\t%s\t%s\t%s\t%s\t" % (investigation.name,investigation.get_status_text,
investigation.get_outcome_text,investigation.get_priority_text,investigation.comments))
for i,id in enumerate(investigation.investigation_to_defect.filter(investigation=investigation)):
if i > 0:
file.write(",")
file.write("%s" % id.defect.name)
file.write("\n")
return report_name,os.path.basename(report_name)
class CveReport(Report):
"""Report for the CVE Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_CVE_INIT(%s)" % parent_page, *args, **kwargs)
super(CveReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_CVE_CONTEXT", *args, **kwargs)
context = super(CveReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
'
context['report_custom_list'] = '\
CVSS_v2
\
References
\
CPE list
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CVE_EXEC", *args, **kwargs)
super(CveReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
cvss_v2 = request_POST.get('cvss_v2', '')
ref_list = request_POST.get('ref', '')
cpe = request_POST.get('cpe', '')
cve = Cve.objects.get(id=record_list)
report_name = '%s/cve_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if ('summary' == report_type) or ('audit' == report_type):
if 'txt' == format:
file.write("Report : CVE %s - Summary\n" % cve.name)
file.write("\n")
# Gather the sources for this CVE
cve_sources = CveSource.objects.filter(cve=cve.id).order_by('pk')
if 1 < len(cve_sources):
sources = ''
for cve_source in cve_sources:
sources += '%s ' % cve_source.datasource.source
cveDetails,cve_html = summaryCveDetails(cve,cve_sources)
elif 1 == len(cve_sources):
sources = cve_sources[0].datasource.source
cveDetails = readCveDetails(cve,cve_sources[0].datasource)
cve_html = ''
else:
sources = ''
cveDetails = readCveDetails(cve,None)
cve_html = ''
file.write("%s%s%s\n" % ('source',tab,sources))
file.write("%s%s%s\n" % ('status',tab,cve.status))
file.write("%s%s%s\n" % ('cve_data_type',tab,cve.cve_data_type))
file.write("%s%s%s\n" % ('cve_data_format',tab,cve.cve_data_format))
file.write("%s%s%s\n" % ('cve_data_version',tab,cve.cve_data_version))
file.write("%s%s%s\n" % ('description',tab,cve.description))
file.write("\n")
file.write("CVSS Version 3:\n")
file.write(" %s%s%s\n" % ('cvssV3_baseScore',tab,cve.cvssV3_baseScore))
file.write(" %s%s%s\n" % ('cvssV3_baseSeverity',tab,cve.cvssV3_baseSeverity))
file.write(" %s%s%s\n" % ('cvssV3_vectorString',tab,cveDetails.cvssV3_vectorString))
file.write(" %s%s%s\n" % ('cvssV3_exploitabilityScore',tab,cveDetails.cvssV3_exploitabilityScore))
file.write(" %s%s%s\n" % ('cvssV3_impactScore',tab,cveDetails.cvssV3_impactScore))
file.write(" %s%s%s\n" % ('cvssV3_attackVector',tab,cveDetails.cvssV3_attackVector))
file.write(" %s%s%s\n" % ('cvssV3_attackComplexity',tab,cveDetails.cvssV3_attackComplexity))
file.write(" %s%s%s\n" % ('cvssV3_privilegesRequired',tab,cveDetails.cvssV3_privilegesRequired))
file.write(" %s%s%s\n" % ('cvssV3_userInteraction',tab,cveDetails.cvssV3_userInteraction))
file.write(" %s%s%s\n" % ('cvssV3_scope',tab,cveDetails.cvssV3_scope))
file.write(" %s%s%s\n" % ('cvssV3_confidentialityImpact',tab,cveDetails.cvssV3_confidentialityImpact))
file.write(" %s%s%s\n" % ('cvssV3_integrityImpact',tab,cveDetails.cvssV3_integrityImpact))
file.write(" %s%s%s\n" % ('cvssV3_availabilityImpact',tab,cveDetails.cvssV3_availabilityImpact))
if (cvss_v2):
file.write("\n")
file.write("CVSS Version 2:\n")
file.write(" %s%s%s\n" % ('cvssV2_baseScore',tab,cve.cvssV2_baseScore))
file.write(" %s%s%s\n" % ('cvssV2_severity',tab,cve.cvssV2_severity))
file.write(" %s%s%s\n" % ('cvssV2_vectorString',tab,cveDetails.cvssV2_vectorString))
file.write(" %s%s%s\n" % ('cvssV2_exploitabilityScore',tab,cveDetails.cvssV2_exploitabilityScore))
file.write(" %s%s%s\n" % ('cvssV2_impactScore',tab,cveDetails.cvssV2_impactScore))
file.write(" %s%s%s\n" % ('cvssV2_accessVector',tab,cveDetails.cvssV2_accessVector))
file.write(" %s%s%s\n" % ('cvssV2_accessComplexity',tab,cveDetails.cvssV2_accessComplexity))
file.write(" %s%s%s\n" % ('cvssV2_authentication',tab,cveDetails.cvssV2_authentication))
file.write(" %s%s%s\n" % ('cvssV2_confidentialityImpact',tab,cveDetails.cvssV2_confidentialityImpact))
file.write(" %s%s%s\n" % ('cvssV2_integrityImpact',tab,cveDetails.cvssV2_integrityImpact))
if (ref_list):
file.write("\n")
file.write("References:\n")
for i,ref in enumerate(cve.references.all()):
file.write(" %s\n" % ref.hyperlink)
if (cpe):
file.write("\n")
file.write("CPE Table:\n")
for cpe in cve.cpe_list.split("|"):
if '' == cpe:
file.write(" Configation:\n")
elif '' == cpe:
file.write(" * AND\n")
elif '' == cpe:
file.write(" * OR\n")
else :
file.write(" %s\n" % cpe)
if 'audit' == report_type:
for cv in cve.cve_to_vulnerability.all():
v = cv.vulnerability
file.write("\n")
file.write("-------------------------------------------\n")
file.write("Vulnerability: %s\n" % v.name)
file.write(" Status: %s\n" % v.get_status_text)
file.write(" Outcome: %s\n" % v.get_outcome_text)
file.write(" Priority: %s\n" % v.get_priority_text)
file.write(" Comments: %s\n" % v.comments)
file.write("\n")
file.write(" Investigations:\n")
for investigation in Investigation.objects.filter(vulnerability=v):
file.write(" Name: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Defects: ")
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
file.write(",")
file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
file.write("\n")
file.write("\n")
file.write(" Comments:\n")
for i,vc in enumerate(v.vulnerability_comments.all()):
file.write(" %s (%s): %s\n" % (vc.date,vc.author,vc.comment))
file.write("\n")
file.write(" Audit Trail:\n")
for i,vh in enumerate(v.vulnerability_history.all()):
file.write(" %s (%s): %s\n" % (vh.date,vh.author,vh.comment))
file.write("\n")
else:
file.write("Investigations: no attached investigations as this time\n")
return report_name,os.path.basename(report_name)
class VulnerabilityReport(Report):
"""Report for the Vulnerability Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_VULNERABILITY_INIT(%s)" % parent_page, *args, **kwargs)
super(VulnerabilityReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITY_CONTEXT", *args, **kwargs)
context = super(VulnerabilityReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITY_EXEC", *args, **kwargs)
super(VulnerabilityReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
v = Vulnerability.objects.get(id=record_list)
report_name = '%s/vulnerability_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if ('summary' == report_type) or ('audit' == report_type):
if 'txt' == format:
file.write("Report : Vulnerability %s - Summary\n" % v.name)
file.write("\n")
file.write("Vulnerability: %s\n" % v.name)
file.write(" Status: %s\n" % v.get_status_text)
file.write(" Outcome: %s\n" % v.get_outcome_text)
file.write(" Priority: %s\n" % v.get_priority_text)
file.write(" Comments: %s\n" % v.comments)
file.write("\n")
file.write("Affected Products:\n")
found_p = False
for i,p in enumerate(v.get_affected_list):
found_p = True
file.write("%2d) Product: %s\n" % (i,p.product.long_name))
found_i = False
for investigation in Investigation.objects.filter(vulnerability=v,product=p.product):
found_i = True
file.write(" Investigation: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Defects: ")
for j,id in enumerate(investigation.investigation_to_defect.all()):
if j > 0:
file.write(",")
file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
file.write("\n")
if not found_i:
file.write(" No investigations found\n")
if not found_p:
file.write(" No affected products found\n")
file.write("\n")
file.write("Related Products:\n")
found_p = False
for i,p in enumerate(v.get_related_list):
found_p = True
file.write("%2d) Product: %s\n" % (i,p.product.long_name))
if not found_p:
file.write(" No related products found\n")
file.write("\n")
file.write("Comments:\n")
found_c = False
for i,vc in enumerate(v.vulnerability_comments.all()):
found_c = True
file.write(" %2d) %s (%s): %s\n" % (i,vc.date,vc.author,vc.comment))
if not found_c:
file.write(" No comments found\n")
if 'audit' == report_type:
file.write("\n")
file.write("Audit Trail:\n")
for i,vh in enumerate(v.vulnerability_history.all()):
file.write(" %2d) %s (%s): %s\n" % (i,vh.date,vh.author,vh.comment))
file.write("\n")
return report_name,os.path.basename(report_name)
class InvestigationReport(Report):
"""Report for the Investigation Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_INVESTIGATION_INIT(%s)" % parent_page, *args, **kwargs)
super(InvestigationReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATION_CONTEXT", *args, **kwargs)
context = super(InvestigationReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATION_EXEC", *args, **kwargs)
super(InvestigationReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
investigation = Investigation.objects.get(id=record_list)
report_name = '%s/investigation_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = " = "
if ('summary' == report_type) or ('audit' == report_type):
if 'txt' == format:
file.write("Report : Investigation %s - Summary\n" % investigation.name)
file.write("\n")
file.write("Name: %s\n" % investigation.name)
file.write(" Status: %s\n" % investigation.get_status_text)
file.write(" Outcome: %s\n" % investigation.get_outcome_text)
file.write(" Priority: %s\n" % investigation.get_priority_text)
file.write(" Defects: ")
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
file.write(",")
file.write("%s (%s)" % (id.defect.name,id.defect.get_status_text))
file.write("\n")
file.write("\n")
file.write("Comments:\n")
found_c = False
for i, ic in enumerate(investigation.investigation_comments.all()):
found_c = True
file.write(" %s (%s): %s\n" % (ic.date,ic.author,ic.comment))
if not found_c:
file.write(" No comments found\n")
if 'audit' == report_type:
file.write("\n")
file.write(" Audit Trail:\n")
for i,ih in enumerate(investigation.investigation_history.all()):
file.write(" %s (%s): %s\n" % (ih.date,ih.author,ih.comment))
file.write("\n")
return report_name,os.path.basename(report_name)
class DefectReport(Report):
"""Report for the Defect Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_DEFECT_INIT(%s)" % parent_page, *args, **kwargs)
super(DefectReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_DEFECT_CONTEXT", *args, **kwargs)
context = super(DefectReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_DEFECT_EXEC", *args, **kwargs)
super(DefectReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/defect_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tSummary\tPriority\tStatus\tResolution\tReleased Version\tURL\tInvestigations\tProduct\n")
if 'txt' == format:
file.write("Report : Defects Table\n")
file.write("\n")
file.write("Name,Summary,Priority,Status,Resolution,Released Version,URL,Investigations,Product\n")
defect = Defect.objects.get(id=record_list)
file.write("%s%s" % (defect.name,tab))
file.write("%s%s" % (defect.summary,tab))
file.write("%s%s" % (defect.get_priority_text,tab))
file.write("%s%s" % (defect.get_status_text,tab))
file.write("%s%s" % (defect.get_resolution_text,tab))
file.write("%s%s" % (defect.release_version,tab))
file.write("%s%s" % (defect.publish,tab))
file.write("%s%s" % (defect.url,tab))
for i,di in enumerate(defect.defect_to_investigation.all()):
if i > 0:
file.write(" ")
file.write("%s" % (di.investigation.name))
file.write("%s" % tab)
tab='' # EOL
file.write("%s%s" % (defect.product.long_name,tab))
file.write("\n")
return report_name,os.path.basename(report_name)
class CvesReport(Report):
"""Report for the CVEs Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_CVES_INIT(%s)" % parent_page, *args, **kwargs)
super(CvesReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_CVES_CONTEXT", *args, **kwargs)
context = super(CvesReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV (tab delimited)
\
'
context['report_custom_list'] = '\
CVE name filter =
\
'
return context
def print_row(self,writer,is_header,is_full,cve):
if is_header:
if not is_full:
writer.writerow([
'Name',
'Status',
'Severity (V3)',
'Published',
'Modified',
'Comments',
'Comments Private',
'Vulnerabilities',
'Defects',
'Description',
])
else:
writer.writerow([
'Name',
'Status',
'Score',
'Data Type',
'Data Format',
'Data Version',
'Severity (V3)',
'Severity (V2)',
'Published',
'Modified',
'Comments',
'Comments Private',
'Publish Request',
'Publish Date',
'Vulnerabilities',
'Defects',
'Description',
])
else:
cve_vulnerabilities = ''
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
cve_vulnerabilities += ' '
cve_vulnerabilities += cv.vulnerability.name
cve_defects = ''
i = 0
for cv in cve.cve_to_vulnerability.all():
for investigation in cv.vulnerability.vulnerability_investigation.all():
for id in investigation.investigation_to_defect.all():
if i > 0:
cve_defects += ' '
i += 1
cve_defects += id.defect.name
if not is_full:
writer.writerow([
cve.name,
cve.get_status_text,
'%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
cve.get_publish_text,
cve.lastModifiedDate,
cve.comments,
cve.comments_private,
cve_vulnerabilities,
cve_defects,
cve.description,
])
else:
writer.writerow([
cve.name,
cve.get_status_text,
'%s %s' % (cve.recommend,cve.recommend_list),
cve.cve_data_type,
cve.cve_data_format,
cve.cve_data_version,
'%s %s' % (cve.cvssV3_baseScore,cve.cvssV3_baseSeverity),
'%s %s' % (cve.cvssV2_baseScore,cve.cvssV2_severity),
cve.get_publish_text,
cve.lastModifiedDate,
cve.comments,
cve.comments_private,
cve.get_publish_text,
cve.publishedDate,
cve_vulnerabilities,
cve_defects,
cve.description,
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CVES_EXEC", *args, **kwargs)
super(CvesReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
name_filter = request_POST.get('name_filter', '').upper()
report_name = '%s/cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
if 'csv' == format:
delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
cve = Cve.objects.get(id=id)
if not name_filter or (name_filter in cve.name):
self.print_row(writer,False,"all" == columns,cve)
elif 'all' == range:
if name_filter:
query = Cve.objects.filter(name__contains=name_filter).order_by('name')
else:
query = Cve.objects.all().order_by('name')
for cve in query:
self.print_row(writer,False,"all" == columns,cve)
return report_name,os.path.basename(report_name)
class SelectCvesReport(Report):
"""Report for the Select CVEs Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_SELECTCVES_INIT(%s)" % parent_page, *args, **kwargs)
super(SelectCvesReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_SELECTCVES_CONTEXT", *args, **kwargs)
context = super(SelectCvesReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_SELECTCVES_EXEC", *args, **kwargs)
super(SelectCvesReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/select_cves_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
for id in record_list.split(','):
if not id:
continue
cve = Cve.objects.get(id=id)
file.write("%s%s" % (cve.name,tab))
file.write("%s%s" % (cve.get_status_text,tab))
file.write("%s%s" % (cve.cve_data_type,tab))
file.write("%s%s" % (cve.cve_data_format,tab))
file.write("%s%s" % (cve.cve_data_version,tab))
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
file.write(" ")
file.write("%s" % cv.vulnerability.name)
file.write("%s" % tab)
file.write("%s%s" % (cve.description,tab))
file.write("\n")
return report_name,os.path.basename(report_name)
class VulnerabilitiesReport(Report):
"""Report for the Vulnerabilities Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_VULNERABILITIES_INIT(%s)" % parent_page, *args, **kwargs)
super(VulnerabilitiesReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITIES_CONTEXT", *args, **kwargs)
context = super(VulnerabilitiesReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV (tab delimited)
\
'
return context
def print_row(self,writer,is_header,is_full,vulnerability):
if is_header:
if not is_full:
writer.writerow([
'Name',
'CVE',
'Status',
'Outcome',
'Priority',
'Comments',
'Comments Private',
'Investigations',
'Defects',
'Products',
])
else:
writer.writerow([
'Name',
'CVE',
'Status',
'Outcome',
'Priority',
'Comments',
'Comments Private',
'Investigations',
'Defects',
'Products',
])
else:
vulnerability_cves = ''
for i,vc in enumerate(vulnerability.vulnerability_to_cve.all()):
if i > 0:
vulnerability_cves += ' '
vulnerability_cves += vc.cve.name
vulnerability_investigations = ''
for i,investigation in enumerate(vulnerability.vulnerability_investigation.all()):
if i > 0:
vulnerability_investigations += ' '
vulnerability_investigations += investigation.name
vulnerability_defects = ''
i = 0
for investigation in vulnerability.vulnerability_investigation.all():
for id in investigation.investigation_to_defect.all():
if i > 0:
vulnerability_defects += ' '
i += 1
vulnerability_defects += id.defect.name
vulnerability_products = ''
for i,vi in enumerate(vulnerability.vulnerability2investigation.all()):
if i > 0:
vulnerability_products += ' '
vulnerability_products += vi.investigation.product.get_defect_tag('key')
if not is_full:
writer.writerow([
vulnerability.name,
vulnerability_cves,
vulnerability.get_status_text,
vulnerability.get_outcome_text,
vulnerability.get_priority_text,
vulnerability.comments,
vulnerability.comments_private,
vulnerability_investigations,
vulnerability_defects,
vulnerability_products,
])
else:
writer.writerow([
vulnerability.name,
vulnerability.cve_primary_name,
vulnerability.get_status_text,
vulnerability.get_outcome_text,
vulnerability.get_priority_text,
vulnerability.comments,
vulnerability.comments_private,
vulnerability_investigations,
vulnerability_defects,
vulnerability_products,
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_VULNERABILITIES_EXEC", *args, **kwargs)
super(VulnerabilitiesReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/vulnerabilities_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
if 'csv' == format:
delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
vulnerability = Vulnerability.objects.get(id=id)
self.print_row(writer,False,"all" == columns,vulnerability)
elif 'all' == range:
query = Vulnerability.objects.all().order_by('name')
for vulnerability in query:
self.print_row(writer,False,"all" == columns,vulnerability)
return report_name,os.path.basename(report_name)
class InvestigationsReport(Report):
"""Report for the Investigations Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_INVESTIGATIONS_INIT(%s)" % parent_page, *args, **kwargs)
super(InvestigationsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATIONS_CONTEXT", *args, **kwargs)
context = super(InvestigationsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV (tab delimited)
\
'
context['report_custom_list'] = '\
Product defect prefix filter = (method to filter by product)
\
'
return context
def print_row(self,writer,is_header,is_full,investigation):
if is_header:
if not is_full:
writer.writerow([
'Name',
'Defects',
'Status',
'Outcome',
'Release Version',
'Priority',
'Comments',
'Comments Private',
'Vulnerability',
'Product',
])
else:
writer.writerow([
'Name',
'Defects',
'Status',
'Outcome',
'Release Version',
'Priority',
'Comments',
'Comments Private',
'Vulnerability',
'Product',
])
else:
investigation_defects = ''
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
investigation_defects += ' '
investigation_defects += id.defect.name
investigation_release_versions = ''
for i,id in enumerate(investigation.investigation_to_defect.all()):
if i > 0:
investigation_release_versions += ' '
investigation_release_versions += id.defect.release_version
if not is_full:
writer.writerow([
investigation.name,
investigation_defects,
investigation.get_status_text,
investigation.get_outcome_text,
investigation_release_versions,
investigation.get_priority_text,
investigation.comments,
investigation.comments_private,
investigation.vulnerability.get_long_name,
investigation.product.long_name,
])
else:
writer.writerow([
investigation.name,
investigation_defects,
investigation.get_status_text,
investigation.get_outcome_text,
investigation_release_versions,
investigation.get_priority_text,
investigation.comments,
investigation.comments_private,
investigation.vulnerability.get_long_name,
investigation.product.long_name,
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_INVESTIGATIONS_EXEC", *args, **kwargs)
super(InvestigationsReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
name_filter = request_POST.get('name_filter', '').upper()
report_name = '%s/investigations_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
if 'csv' == format:
delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
investigation = Investigation.objects.get(id=id)
if not name_filter or (name_filter in investigation.product.get_defect_tag('key')):
self.print_row(writer,False,"all" == columns,investigation)
elif 'all' == range:
query = Investigation.objects.all().order_by('name')
for investigation in query:
if name_filter and (not name_filter in investigation.product.get_defect_tag('key')):
continue
self.print_row(writer,False,"all" == columns,investigation)
return report_name,os.path.basename(report_name)
class DefectsReport(Report):
"""Report for the Defects Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_DEFECTS_INIT(%s)" % parent_page, *args, **kwargs)
super(DefectsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_DEFECTS_CONTEXT", *args, **kwargs)
context = super(DefectsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
Displayed
\
All
\
'
context['report_columnrange_list'] = '\
Default
\
All
\
'
context['report_format_list'] = '\
Text (comma delimited)
\
CSV (tab delimited)
\
'
context['report_custom_list'] = '\
Defect name filter =
\
'
return context
def print_row(self,writer,is_header,is_full,defect):
if is_header:
if not is_full:
writer.writerow([
'Name',
'Summary',
'Priority',
'Status',
'Resolution',
'Release Version',
'Publish',
'Investigations',
'Product',
])
else:
writer.writerow([
'Name',
'Summary',
'Priority',
'Status',
'Resolution',
'Release Version',
'Publish',
'URL',
'Investigations',
'Product',
])
else:
defect_investigations = ''
for i,di in enumerate(defect.defect_to_investigation.all()):
if i > 0:
defect_investigations += ' '
defect_investigations += di.investigation.name
if not is_full:
writer.writerow([
defect.name,
defect.summary,
defect.get_priority_text,
defect.get_status_text,
defect.get_resolution_text,
defect.release_version,
defect.publish,
defect_investigations,
defect.product.long_name if defect.product else '',
])
else:
writer.writerow([
defect.name,
defect.summary,
defect.get_priority_text,
defect.get_status_text,
defect.get_resolution_text,
defect.release_version,
defect.publish,
defect.url,
defect_investigations,
defect.product.long_name if defect.product else '',
])
def exec_report(self, *args, **kwargs):
_log_args("REPORT_DEFECTS_EXEC", *args, **kwargs)
super(DefectsReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
range = request_POST.get('range', '')
columns = request_POST.get('columns', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
name_filter = request_POST.get('name_filter', '').upper()
report_name = '%s/defects_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
if 'csv' == format:
delimiter = '\t'
else:
delimiter = ','
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=delimiter,
quotechar='"', quoting=csv.QUOTE_MINIMAL)
if ('summary' == report_type):
self.print_row(writer,True,"all" == columns,None)
if 'displayed' == range:
for id in record_list.split(','):
if not id:
continue
defect = Defect.objects.get(id=id)
if not name_filter or (name_filter in defect.name):
self.print_row(writer,False,"all" == columns,defect)
elif 'all' == range:
if name_filter:
query = Defect.objects.filter(name__contains=name_filter).order_by('name')
else:
query = Defect.objects.all().order_by('name')
for defect in query:
self.print_row(writer,False,"all" == columns,defect)
return report_name,os.path.basename(report_name)
class ProductsReport(Report):
"""Report for the Products Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PRODUCTS_INIT(%s)" % parent_page, *args, **kwargs)
super(ProductsReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PRODUCTS_CONTEXT", *args, **kwargs)
context = super(ProductsReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
All
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PRODUCTS_EXEC", *args, **kwargs)
super(ProductsReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/products_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tVersion\tProfile\tCPE\tSRT SPE\tInvestigations\tDefects\n")
if 'txt' == format:
file.write("Report : Products Table\n")
file.write("\n")
file.write("Name,Version,Profile,CPE,SRT SPE,Investigations,Defects\n")
for product in Product.objects.all():
file.write("%s%s" % (product.name,tab))
file.write("%s%s" % (product.version,tab))
file.write("%s%s" % (product.profile,tab))
file.write("%s%s" % (product.cpe,tab))
file.write("%s%s" % (product.defect_tags,tab))
file.write("%s%s" % (product.product_tags,tab))
for i,pi in enumerate(product.product_investigation.all()):
if i > 0:
file.write(" ")
file.write("%s" % (pi.name))
file.write("%s" % tab)
for i,pd in enumerate(product.product_defect.all()):
if i > 0:
file.write(" ")
file.write("%s" % (pd.name))
#file.write("%s" % tab)
file.write("\n")
return report_name,os.path.basename(report_name)
class PublishCveReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PUBLISHCVE_INIT(%s)" % parent_page, *args, **kwargs)
super(PublishCveReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PUBLISHCVE_CONTEXT", *args, **kwargs)
context = super(PublishCveReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHCVE_EXEC", *args, **kwargs)
super(PublishCveReport, self).exec_report(*args, **kwargs)
_log("FOO1")
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
_log("FOO2 (%s,%s,%s" % (record_list,format,report_type))
report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
_log("FOO3")
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
_log("FOO4")
for id in record_list.split(','):
_log("FOO5:%s" % id)
if not id:
continue
try:
cve = Cve.objects.get(id=id)
file.write("%s%s" % (cve.name,tab))
file.write("%s%s" % (cve.get_status_text,tab))
file.write("%s%s" % (cve.cve_data_type,tab))
file.write("%s%s" % (cve.cve_data_format,tab))
file.write("%s%s" % (cve.cve_data_version,tab))
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
file.write(" ")
file.write("%s" % cv.vulnerability.name)
file.write("%s" % tab)
file.write("%s" % (cve.description))
file.write("\n")
except Exception as e:
_log("FOOX:%s" % e)
_log("FOO9:%s" % (report_name))
return report_name,os.path.basename(report_name)
class PublishPendingCveReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_INIT(%s)" % parent_page, *args, **kwargs)
super(PublishPendingCveReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_CONTEXT", *args, **kwargs)
context = super(PublishPendingCveReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = '1'
context['report_recordrange_list'] = '\
Selected
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
Text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_EXEC", *args, **kwargs)
super(PublishPendingCveReport, self).exec_report(*args, **kwargs)
_log("FOO1")
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
_log("FOO2 (%s,%s,%s" % (record_list,format,report_type))
report_name = '%s/cve_publish_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
with open(report_name, 'w') as file:
_log("FOO3")
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
if 'csv' == format:
file.write("Name\tStatus\tType\tFormat\tVersion\tVulnerabilities\tDescription\n")
if 'txt' == format:
file.write("Report : CVEs Table\n")
file.write("\n")
file.write("Name,Status,Type,Format,Version,Vulnerabilities,Description\n")
_log("FOO4")
for id in record_list.split(','):
if not id:
continue
_log("FOO5:%s" % id)
try:
cve = Cve.objects.get(id=id)
file.write("%s%s" % (cve.name,tab))
file.write("%s%s" % (cve.get_status_text,tab))
file.write("%s%s" % (cve.cve_data_type,tab))
file.write("%s%s" % (cve.cve_data_format,tab))
file.write("%s%s" % (cve.cve_data_version,tab))
for i,cv in enumerate(cve.cve_to_vulnerability.all()):
if i > 0:
file.write(" ")
file.write("%s" % cv.vulnerability.name)
file.write("%s" % tab)
file.write("%s" % (cve.description))
file.write("\n")
except Exception as e:
_log("FOOX:%s" % e)
_log("FOO9:%s" % (report_name))
return report_name,os.path.basename(report_name)
class PackageFiltersReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_PACKAGEFILTERSREPORT_INIT(%s)" % parent_page, *args, **kwargs)
super(PackageFiltersReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_PACKAGEFILTERSREPORT_CONTEXT", *args, **kwargs)
context = super(PackageFiltersReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
All
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_PUBLISHPENDINGCVE_EXEC", *args, **kwargs)
super(PackageFiltersReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/package_keywords.%s' % (SRT_REPORT_DIR,format)
with open(report_name, 'w') as file:
if 'csv' == format:
tab = "\t"
else:
tab = ","
if ('summary' == report_type):
with open(report_name, 'w', newline='') as csvfile:
writer = csv.writer(csvfile, delimiter=',',
quotechar='"', quoting=csv.QUOTE_MINIMAL)
writer.writerow(['Mode','Name','RealName','InvalidName','Weight'])
query = Package.objects.all().order_by('name')
for package in query:
if 0 == package.weight:
package.weight = 1
writer.writerow(['FOR' if (Package.FOR == package.mode) else 'AGAINST',package.name,package.realname,package.invalidname,package.weight])
return report_name,os.path.basename(report_name)
class CpesSrtoolReport(Report):
"""Report for the Publish Cve Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_CPESSRTOOLREPORT_INIT(%s)" % parent_page, *args, **kwargs)
super(CpesSrtoolReport, self).__init__(parent_page, *args, **kwargs)
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_CPESSRTOOLREPORT_CONTEXT", *args, **kwargs)
context = super(CpesSrtoolReport, self).get_context_data(*args, **kwargs)
context['report_type_list'] = '\
\
'
context['report_get_title'] = ''
context['report_recordrange_list'] = '\
All
\
Only packages against CVEs
\
'
context['report_columnrange_list'] = ''
context['report_format_list'] = '\
text
\
CSV
\
'
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_CPESSRTOOLREPORT_EXEC", *args, **kwargs)
super(CpesSrtoolReport, self).exec_report(*args, **kwargs)
request_POST = self.request.POST
records = request_POST.get('records', '')
format = request_POST.get('format', '')
title = request_POST.get('title', '')
report_type = request_POST.get('report_type', '')
record_list = request_POST.get('record_list', '')
report_name = '%s/cpes_srtool_%s_%s.%s' % (SRT_REPORT_DIR,report_type,datetime.today().strftime('%Y%m%d%H%M'),format)
reportfile = open(report_name, 'w', newline='')
if 'csv' == format:
writer = csv.writer(reportfile, delimiter=',',
quotechar='"', quoting=csv.QUOTE_MINIMAL)
writer.writerow(['Package','CVE','Vulnerability','Affected','Related'])
else:
reportfile.write("Package,CVE,Vulnerability,Affected,Related")
if ('summary' == report_type):
query = Package.objects.all().order_by('name')
for package in query:
name = package.name
cves = ''
for pc in package.package2cve.all():
cves += '%s ' % pc.cve.name
vulnerabilities = ''
for pc in package.package2cve.all():
for cv in pc.cve.cve_to_vulnerability.all():
vulnerabilities += '%s ' % cv.vulnerability.name
affected = ''
for pc in package.package2cve.all():
for cv in pc.cve.cve_to_vulnerability.all():
for vp in cv.vulnerability.affected_products.all():
if 0 == vp.relation:
affected += '%s ' % vp.investigation.name
related = ''
for pc in package.package2cve.all():
for cv in pc.cve.cve_to_vulnerability.all():
for vp in cv.vulnerability.affected_products.all():
if 1 == vp.relation:
related += '%s ' % vp.investigation.name
if ("cves" == records) and not cves:
continue
if 'csv' == format:
writer.writerow([name,cves.strip(),vulnerabilities.strip(),affected.strip(),related.strip()])
else:
reportfile.write("%s,%s,%s,%s,%s\n" % (name,cves.strip(),vulnerabilities.strip(),affected.strip(),related.strip()))
reportfile.close()
return report_name,os.path.basename(report_name)
class DefaultReport(Report):
"""Report for the Default Page"""
def __init__(self, parent_page, *args, **kwargs):
_log_args("REPORT_GENERIC_INIT(%s)" % parent_page, *args, **kwargs)
super(DefaultReport, self).__init__(parent_page, *args, **kwargs)
self.default_orderby = "name"
def get_context_data(self, *args, **kwargs):
_log_args("REPORT_GENERIC_CONTEXT", *args, **kwargs)
context = super(DefaultReport, self).get_context_data(*args, **kwargs)
context['report_enable_submit'] = ''
#context['report_recordrange_list'] = '\
# Selected
\
# all
\
#context['report_columnrange_list'] = ''
# Selected
# All
#context['report_format_list'] = '\
# Text
\
# CSV
\
# RTF
# XML
# CVE NIST JSON
return context
def exec_report(self, *args, **kwargs):
_log_args("REPORT_GENERIC_EXEC", *args, **kwargs)
super(DefaultReport, self).exec_report(*args, **kwargs)
return None
class ReportManager():
@staticmethod
def get_report_class(parent_page, *args, **kwargs):
if ('management' == parent_page) or ('manage' == parent_page):
return ManagementReport(parent_page, *args, **kwargs)
elif 'cve' == parent_page:
return CveReport(parent_page, *args, **kwargs)
elif 'vulnerability' == parent_page:
return VulnerabilityReport(parent_page, *args, **kwargs)
elif 'investigation' == parent_page:
return InvestigationReport(parent_page, *args, **kwargs)
elif 'defect' == parent_page:
return DefectReport(parent_page, *args, **kwargs)
elif 'cves' == parent_page:
return CvesReport(parent_page, *args, **kwargs)
elif 'select-cves' == parent_page:
return SelectCvesReport(parent_page, *args, **kwargs)
elif 'vulnerabilities' == parent_page:
return VulnerabilitiesReport(parent_page, *args, **kwargs)
elif 'investigations' == parent_page:
return InvestigationsReport(parent_page, *args, **kwargs)
elif 'defects' == parent_page:
return DefectsReport(parent_page, *args, **kwargs)
elif 'products' == parent_page:
return ProductsReport(parent_page, *args, **kwargs)
elif 'select-publish' == parent_page:
return PublishCveReport(parent_page, *args, **kwargs)
elif 'update-published' == parent_page:
return PublishPendingCveReport(parent_page, *args, **kwargs)
elif 'package-filters' == parent_page:
return PackageFiltersReport(parent_page, *args, **kwargs)
elif 'cpes_srtool' == parent_page:
return CpesSrtoolReport(parent_page, *args, **kwargs)
else:
return DefaultReport(parent_page, *args, **kwargs)
@staticmethod
def get_context_data(parent_page, *args, **kwargs):
reporter = ReportManager.get_report_class(parent_page, *args, **kwargs)
return reporter.get_context_data(*args, **kwargs)
@staticmethod
def exec_report(parent_page, *args, **kwargs):
reporter = ReportManager.get_report_class(parent_page, *args, **kwargs)
return reporter.exec_report(*args, **kwargs)