Mercurial > farol > farol
annotate farol/vulnerability.py @ 90:2201d0ea0bf3
Add deletion of Involvements
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Thu, 09 Oct 2014 15:56:43 +0200 |
parents | e558238cfdb2 |
children | 6a61c02f2156 |
rev | line source |
---|---|
0 | 1 # -*- encoding: utf-8 -*- |
2 # Description: | |
3 # Web stuff related to the Vulnerabilities | |
4 # | |
5 # Authors: | |
6 # BenoƮt Allard <benoit.allard@greenbone.net> | |
7 # | |
8 # Copyright: | |
9 # Copyright (C) 2014 Greenbone Networks GmbH | |
10 # | |
11 # This program is free software; you can redistribute it and/or | |
12 # modify it under the terms of the GNU General Public License | |
13 # as published by the Free Software Foundation; either version 2 | |
14 # of the License, or (at your option) any later version. | |
15 # | |
16 # This program is distributed in the hope that it will be useful, | |
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 # GNU General Public License for more details. | |
20 # | |
21 # You should have received a copy of the GNU General Public License | |
22 # along with this program; if not, write to the Free Software | |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | |
25 from flask import (Blueprint, render_template, abort, redirect, request, | |
26 url_for) | |
27 | |
28 from farolluz.parsers.cvrf import parseDate | |
29 from farolluz.cvrf import (CVRFVulnerability, CVRFVulnerabilityID, CVRFNote, | |
62
ce49bd1512dd
Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents:
61
diff
changeset
|
30 CVRFReference, CVRFCWE, CVRFInvolvement, CVRFThreat, CVRFProductStatus, |
ce49bd1512dd
Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents:
61
diff
changeset
|
31 CVRFCVSSSet, CVRFRemediation) |
0 | 32 from farolluz.renderer import utcnow |
33 | |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
34 from .controller import (update_note_from_request, create_note_from_request, |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
35 update_reference_from_request, create_reference_from_request, |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
36 update_acknowledgment_from_request, create_acknowledgment_from_request) |
0 | 37 from .session import document_required, get_current |
38 | |
39 | |
40 vulnerability = Blueprint('vulnerability', __name__) | |
41 | |
42 def get_vuln(ordinal): | |
43 for vulnerability in get_current()._vulnerabilities: | |
44 if vulnerability._ordinal != ordinal: | |
45 continue | |
46 return vulnerability | |
47 abort(404) | |
48 | |
49 def vuln_from_form(form, vuln=None): | |
50 if vuln is None: | |
51 vuln = CVRFVulnerability(int(form['ordinal'])) | |
52 else: | |
53 vuln._ordinal = int(form['ordinal']) | |
54 vuln.setTitle(form['title'] or None) | |
55 vuln_id = None | |
56 if form['systemname'] or form['id_value']: | |
57 vuln_id = CVRFVulnerabilityID(form['systemname'], form['id_value']) | |
58 vuln.setID(vuln_id) | |
59 date = None | |
60 if form['discoverydate']: | |
61 date = parseDate(form['discoverydate']) | |
62 vuln.setDiscoveryDate(date) | |
63 date = None | |
64 if form['releasedate']: | |
65 date = parseDate(form['releasedate']) | |
66 vuln.setReleaseDate(date) | |
67 vuln.setCVE(request.form['cve'] or None) | |
68 return vuln | |
69 | |
70 def get_groups(): | |
71 """ Return a list of tuple suitable for selectinput2 """ | |
72 cvrf = get_current() | |
73 groups = [] | |
74 if cvrf._producttree is not None: | |
75 groups = [(g.getTitle(), g._groupid) for g in cvrf._producttree._groups] | |
76 return groups | |
77 | |
78 @vulnerability.route('/<int:ordinal>') | |
79 @document_required | |
80 def view(ordinal): | |
81 return render_template('vulnerability/view.j2', vulnerability=get_vuln(ordinal)) | |
82 | |
83 @vulnerability.route('/<int:ordinal>/edit', methods=['GET', 'POST']) | |
84 @document_required | |
85 def edit(ordinal): | |
86 vuln = get_vuln(ordinal) | |
87 if request.method != 'POST': | |
88 return render_template('vulnerability/edit.j2', vulnerability=vuln, now=utcnow()) | |
89 | |
90 vuln_from_form(request.form, vuln) | |
91 return redirect(url_for('.view', ordinal=vuln._ordinal)) | |
92 | |
93 @vulnerability.route('/add', methods=['GET', 'POST']) | |
94 @document_required | |
95 def add(): | |
96 if request.method != 'POST': | |
97 next_ordinal=1 | |
98 vulns = get_current()._vulnerabilities | |
99 if vulns: | |
100 next_ordinal = vulns[-1]._ordinal + 1 | |
101 vuln = CVRFVulnerability(next_ordinal) | |
102 return render_template('vulnerability/edit.j2', vulnerability=vuln, now=utcnow(), action='Add') | |
103 | |
104 vuln=vuln_from_form(request.form) | |
105 get_current().addVulnerability(vuln) | |
106 return redirect(url_for('.view', ordinal=vuln._ordinal)) | |
107 | |
108 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>') | |
109 @document_required | |
110 def view_note(ordinal, note_ordinal): | |
59
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
111 note = get_vuln(ordinal).getNote(note_ordinal) |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
112 if note is None: |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
113 abort(404) |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
114 return render_template('vulnerability/view_note.j2', note=note, ordinal=ordinal) |
0 | 115 |
116 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>/edit', methods=['GET', 'POST']) | |
117 @document_required | |
118 def edit_note(ordinal, note_ordinal): | |
59
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
119 note = get_vuln(ordinal).getNote(note_ordinal) |
0 | 120 if note is None: |
121 abort(404) | |
122 if request.method != 'POST': | |
123 return render_template('vulnerability/edit_note.j2', note=note, ordinal=ordinal, types=note.TYPES) | |
124 | |
58
fbc413b8a46e
Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
125 update_note_from_request(note) |
0 | 126 return redirect(url_for('.view_note', ordinal=ordinal, note_ordinal=note._ordinal)) |
127 | |
128 @vulnerability.route('/<int:ordinal>/note/add', methods=['GET', 'POST']) | |
129 @document_required | |
130 def add_note(ordinal): | |
131 if request.method != 'POST': | |
132 next_ordinal = 1 | |
133 notes = get_vuln(ordinal)._notes | |
134 if notes: | |
135 next_ordinal = notes[-1]._ordinal + 1 | |
136 return render_template('vulnerability/edit_note.j2', ordinal=ordinal, note_ordinal=next_ordinal, types=CVRFNote.TYPES, action='Add') | |
137 | |
58
fbc413b8a46e
Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
138 note = create_note_from_request() |
0 | 139 get_vuln(ordinal).addNote(note) |
140 return redirect(url_for('.view', ordinal=ordinal)) | |
141 | |
89
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
142 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>/del', methods=['POST']) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
143 @document_required |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
144 def del_note(ordinal, note_ordinal): |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
145 vuln = get_vuln(ordinal) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
146 note = vuln.getNote(ordinal) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
147 if note is None: |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
148 flash('Note not found', 'danger') |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
149 abort(404) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
150 vuln._notes.remove(note) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
151 return redirect(url_for('.view', ordinal=ordinal)) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
152 |
0 | 153 |
154 @vulnerability.route('/<int:ordinal>/involvement/<int:index>') | |
155 @document_required | |
156 def view_involvement(ordinal, index): | |
157 try: | |
158 involvement = get_vuln(ordinal)._involvements[index] | |
159 except IndexError: | |
160 abort(404) | |
161 return render_template('vulnerability/view_involvement.j2', involvement=involvement, ordinal=ordinal, index=index) | |
162 | |
163 @vulnerability.route('/<int:ordinal>/involvement/add', methods=['GET', 'POST']) | |
164 @document_required | |
165 def add_involvement(ordinal): | |
166 if request.method != 'POST': | |
167 return render_template('vulnerability/edit_involvement.j2', ordinal=ordinal, parties=CVRFInvolvement.PARTIES, statuses=CVRFInvolvement.STATUSES, action='Add') | |
168 | |
169 inv = CVRFInvolvement(request.form['party'], request.form['status']) | |
170 inv._description = request.form['description'] or None | |
171 get_vuln(ordinal).addInvolvement(inv) | |
172 return redirect(url_for('.view', ordinal=ordinal)) | |
173 | |
174 @vulnerability.route('/<int:ordinal>/involvement/<int:index>/edit', methods=['GET', 'POST']) | |
175 @document_required | |
176 def edit_involvement(ordinal, index): | |
177 try: | |
178 involvement = get_vuln(ordinal)._involvements[index] | |
179 except IndexError: | |
180 abort(404) | |
181 if request.method != 'POST': | |
182 return render_template('vulnerability/edit_involvement.j2', ordinal=ordinal, index=index, party=involvement._party, status=involvement._status, description=involvement._description, parties=involvement.PARTIES, statuses=involvement.STATUSES) | |
183 | |
184 involvement._party = request.form['party'] | |
185 involvement._status = request.form['status'] | |
186 involvement._description = request.form['description'] or None | |
187 return redirect(url_for('.view_involvement', ordinal=ordinal, index=index)) | |
188 | |
90
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
189 @vulnerability.route('/<int:ordinal>/involvement/<int:index>/del', methods=['POST']) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
190 @document_required |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
191 def del_involvement(ordinal, index): |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
192 invls = get_vuln(ordinal)._involvements |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
193 if not ( 0 <= index < len(invls)): |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
194 flash('Involvement not found', 'danger') |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
195 abort(404) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
196 |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
197 del invls[index] |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
198 return redirect(url_for('.view', ordinal=ordinal)) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
199 |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
200 |
0 | 201 @vulnerability.route('/<int:ordinal>/cwe/<int:index>/edit', methods=['GET', 'POST']) |
202 @document_required | |
203 def edit_cwe(ordinal, index): | |
204 try: | |
205 cwe = get_vuln(ordinal)._cwes[index] | |
206 except IndexError: | |
207 abort(404) | |
208 if request.method != 'POST': | |
209 return render_template('vulnerability/edit_cwe.j2', ordinal=ordinal, _id=cwe._id, description=cwe._value) | |
210 | |
211 cwe._id = request.form['id'] | |
212 cwe._value = request.form['description'] | |
213 return redirect(url_for('.view', ordinal=ordinal)) | |
214 | |
215 | |
216 @vulnerability.route('/<int:ordinal>/cwe/add', methods=['GET', 'POST']) | |
217 @document_required | |
218 def add_cwe(ordinal): | |
219 if request.method != 'POST': | |
220 return render_template('vulnerability/edit_cwe.j2', ordinal=ordinal, action='Add') | |
221 | |
222 cwe = CVRFCWE(request.form['id'], request.form['description']) | |
223 get_vuln(ordinal).addCWE(cwe) | |
224 return redirect(url_for('.view', ordinal=ordinal)) | |
225 | |
226 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>') | |
227 @document_required | |
228 def view_status(ordinal, index): | |
229 try: | |
230 status = get_vuln(ordinal)._productstatuses[index] | |
231 except IndexError: | |
232 abort(404) | |
233 return render_template('vulnerability/view_productstatus.j2', ordinal=ordinal, index=index, status=status, cvrf=get_current()) | |
234 | |
235 @vulnerability.route('/<int:ordinal>/productstatus/add', methods=['GET', 'POST']) | |
236 @document_required | |
237 def add_status(ordinal): | |
238 if request.method != 'POST': | |
239 return render_template('vulnerability/edit_productstatus.j2', ordinal=ordinal, statuses=CVRFProductStatus.TYPES, action='Add') | |
240 | |
241 status = CVRFProductStatus(request.form['status']) | |
242 for productid in request.form.getlist('products'): | |
243 status.addProductID(productid) | |
244 get_vuln(ordinal).addProductStatus(status) | |
245 return redirect(url_for('.view', ordinal=ordinal)) | |
246 | |
247 | |
248 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>/edit', methods=['GET', 'POST']) | |
249 @document_required | |
250 def edit_status(ordinal, index): | |
251 try: | |
252 status = get_vuln(ordinal)._productstatuses[index] | |
253 except IndexError: | |
254 abort(404) | |
255 if request.method != 'POST': | |
256 return render_template('vulnerability/edit_productstatus.j2', ordinal=ordinal, index=index, status=status._type, productids=status._productids, statuses=status.TYPES) | |
257 | |
258 status._type = request.form['status'] | |
259 status._productids = [] | |
260 for productid in request.form.getlist('products'): | |
261 status.addProductID(productid) | |
262 return redirect(url_for('.view', ordinal=ordinal)) | |
263 | |
264 | |
265 @vulnerability.route('/<int:ordinal>/threat/<int:index>') | |
266 @document_required | |
267 def view_threat(ordinal, index): | |
268 try: | |
269 threat = get_vuln(ordinal)._threats[index] | |
270 except IndexError: | |
271 abort(404) | |
272 return render_template('vulnerability/view_threat.j2', ordinal=ordinal, index=index, threat=threat, cvrf=get_current()) | |
273 | |
274 @vulnerability.route('/<int:ordinal>/threat/add', methods=['GET', 'POST']) | |
275 @document_required | |
276 def add_threat(ordinal): | |
277 if request.method != 'POST': | |
278 return render_template('vulnerability/edit_threat.j2', | |
279 ordinal=ordinal, | |
280 types=CVRFThreat.TYPES, groups=get_groups(), now=utcnow(), | |
281 action='Add') | |
282 | |
283 threat = CVRFThreat(request.form['type'], request.form['description']) | |
284 if request.form['date']: | |
285 threat.setDate(parseDate(request.form['date'])) | |
286 for productid in request.form.getlist('products'): | |
287 threat.addProductID(productid) | |
288 for groupid in request.form.getlist('groups'): | |
289 threat.addGroupID(groupid) | |
290 get_vuln(ordinal).addThreat(threat) | |
291 return redirect(url_for('.view', ordinal=ordinal)) | |
292 | |
293 @vulnerability.route('/<int:ordinal>/threat/<int:index>/edit', methods=['GET', 'POST']) | |
294 @document_required | |
295 def edit_threat(ordinal, index): | |
296 try: | |
297 threat = get_vuln(ordinal)._threats[index] | |
298 except IndexError: | |
299 abort(404) | |
300 if request.method != 'POST': | |
301 return render_template('vulnerability/edit_threat.j2', | |
302 ordinal=ordinal, index=index, | |
303 type=threat._type, date=threat._date, description=threat._description, productids=threat._productids, groupids=threat._groupids, | |
304 types=threat.TYPES, groups=get_groups(), now=utcnow()) | |
305 | |
306 threat._type = request.form['type'] | |
307 threat._description = request.form['description'] | |
308 date = None | |
309 if request.form['date']: | |
310 date = parseDate(request.form['date']) | |
311 threat.setDate(date) | |
312 threat._productids = [] | |
313 threat._groupids = [] | |
314 for productid in request.form.getlist('products'): | |
315 threat.addProductID(productid) | |
316 for groupid in request.form.getlist('groups'): | |
317 threat.addGroupID(groupid) | |
318 return redirect(url_for('.view', ordinal=ordinal)) | |
319 | |
320 | |
321 @vulnerability.route('/<int:ordinal>/cvss/<int:index>') | |
322 @document_required | |
323 def view_cvss(ordinal, index): | |
324 try: | |
325 cvss = get_vuln(ordinal)._cvsss[index] | |
326 except IndexError: | |
327 abort(404) | |
328 return render_template('vulnerability/view_cvss.j2', ordinal=ordinal, index=index, cvss=cvss, cvrf=get_current()) | |
329 | |
330 @vulnerability.route('/<int:ordinal>/cvss/add', methods=['GET', 'POST']) | |
331 @document_required | |
332 def add_cvss(ordinal): | |
333 if request.method != 'POST': | |
334 return render_template('vulnerability/edit_cvss.j2', ordinal=ordinal, action='Add') | |
335 | |
336 cvss = CVRFCVSSSet(float(request.form['basescore'])) | |
337 tscore = None | |
338 if request.form['temporalscore']: | |
339 tscore = float(request.form['temporalscore']) | |
340 cvss.setTemporalScore(tscore) | |
341 escore = None | |
342 if request.form['environmentalscore']: | |
343 escore = float(request.form['environmentalscore']) | |
344 cvss.setEnvironmentalScore(escore) | |
345 cvss.setVector(request.form['vector'] or None) | |
346 get_vuln(ordinal).addCVSSSet(cvss) | |
347 return redirect(url_for('.view', ordinal=ordinal)) | |
348 | |
349 | |
350 @vulnerability.route('/<int:ordinal>/cvss/<int:index>/edit', methods=['GET', 'POST']) | |
351 @document_required | |
352 def edit_cvss(ordinal, index): | |
353 try: | |
354 cvss = get_vuln(ordinal)._cvsss[index] | |
355 except IndexError: | |
356 abort(404) | |
357 if request.method != 'POST': | |
358 return render_template('vulnerability/edit_cvss.j2', | |
359 ordinal=ordinal, index=index, | |
360 basescore=cvss._basescore, temporalscore=cvss._temporalscore, environmentalscore=cvss._environmentalscore, vector=cvss._vector) | |
361 | |
362 cvss._basescore = float(request.form['basescore']) | |
363 tscore = None | |
364 if request.form['temporalscore']: | |
365 tscore = float(request.form['temporalscore']) | |
366 cvss.setTemporalScore(tscore) | |
367 escore = None | |
368 if request.form['environmentalscore']: | |
369 escore = float(request.form['environmentalscore']) | |
370 cvss.setEnvironmentalScore(escore) | |
371 cvss.setVector(request.form['vector'] or None) | |
372 return redirect(url_for('.view', ordinal=ordinal)) | |
373 | |
374 | |
375 @vulnerability.route('/<int:ordinal>/remediation/<int:index>') | |
376 @document_required | |
377 def view_remediation(ordinal, index): | |
378 try: | |
379 remediation = get_vuln(ordinal)._remediations[index] | |
380 except IndexError: | |
381 abort(404) | |
382 return render_template('vulnerability/view_remediation.j2', | |
383 ordinal=ordinal, index=index, | |
384 remediation=remediation, | |
385 cvrf=get_current()) | |
386 | |
387 @vulnerability.route('/<int:ordinal>/remediation/add', methods=['GET', 'POST']) | |
388 @document_required | |
389 def add_remediation(ordinal): | |
390 if request.method != 'POST': | |
391 return render_template('vulnerability/edit_remediation.j2', | |
392 ordinal=ordinal, | |
393 types=CVRFRemediation.TYPES, groups=get_groups(), now=utcnow(), | |
394 action='Add') | |
395 | |
396 remediation = CVRFRemediation(request.form['type'], request.form['description']) | |
397 if request.form['date']: | |
398 remediation.setDate(parseDate(request.form['date'])) | |
399 if request.form['entitlement']: | |
400 remediation.setEntitlement(request.form['entitlement']) | |
401 if request.form['url']: | |
402 remediation.setURL(request.form['url']) | |
403 for productid in request.form.getlist('products'): | |
404 remediation.addProductID(productid) | |
405 for groupid in request.form.getlist('groups'): | |
406 remediation.addGroupID(groupid) | |
407 get_vuln(ordinal).addRemediation(remediation) | |
408 return redirect(url_for('.view', ordinal=ordinal)) | |
409 | |
410 @vulnerability.route('/<int:ordinal>/remediation/<int:index>/edit', methods=['GET', 'POST']) | |
411 @document_required | |
412 def edit_remediation(ordinal, index): | |
413 try: | |
414 remediation = get_vuln(ordinal)._remediations[index] | |
415 except IndexError: | |
416 abort(404) | |
417 if request.method != 'POST': | |
418 return render_template('vulnerability/edit_remediation.j2', | |
419 ordinal=ordinal, index=index, | |
420 type=remediation._type, date=remediation._date, description=remediation._description, entitlement=remediation._entitlement, url=remediation._url, productids=remediation._productids, groupids=remediation._groupids, | |
421 types=remediation.TYPES, groups=get_groups(), now=utcnow()) | |
422 | |
423 remediation._type = request.form['type'] | |
424 remediation._description = request.form['description'] | |
425 date = None | |
426 if request.form['date']: | |
427 date = parseDate(request.form['date']) | |
428 remediation.setDate(date) | |
429 remediation.setEntitlement(request.form['entitlement'] or None) | |
430 remediation.setURL(request.form['url'] or None) | |
431 remediation._productids = [] | |
432 remediation._groupids = [] | |
433 for productid in request.form.getlist('products'): | |
434 remediation.addProductID(productid) | |
435 for groupid in request.form.getlist('groups'): | |
436 remediation.addGroupID(groupid) | |
437 return redirect(url_for('.view', ordinal=ordinal)) | |
438 | |
439 | |
440 @vulnerability.route('/<int:ordinal>/reference/<int:index>/edit', methods=['GET', 'POST']) | |
441 @document_required | |
442 def edit_reference(ordinal, index): | |
443 try: | |
444 reference = get_vuln(ordinal)._references[index] | |
445 except IndexError: | |
446 abort(404) | |
447 if request.method != 'POST': | |
448 return render_template('vulnerability/edit_reference.j2', ordinal=ordinal, _type=reference._type, url=reference._url, description=reference._description, types=('',) + reference.TYPES) | |
449 | |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
450 update_reference_from_request(reference) |
0 | 451 return redirect(url_for('.view', ordinal=ordinal)) |
452 | |
453 @vulnerability.route('/<int:ordinal>/reference/add', methods=['GET', 'POST']) | |
454 @document_required | |
455 def add_reference(ordinal): | |
456 if request.method != 'POST': | |
457 return render_template('vulnerability/edit_reference.j2', action='Add', ordinal=ordinal, types=('',) + CVRFReference.TYPES) | |
458 | |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
459 ref = create_reference_from_request() |
0 | 460 get_vuln(ordinal).addReference(ref) |
461 return redirect(url_for('.view', ordinal=ordinal)) | |
462 | |
463 | |
464 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>') | |
465 @document_required | |
466 def view_acknowledgment(ordinal, index): | |
467 try: | |
468 ack = get_vuln(ordinal)._acknowledgments[index] | |
469 except IndexError: | |
470 abort(404) | |
64
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
471 return render_template('vulnerability/view_acknowledgment.j2', |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
472 ordinal=ordinal, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
473 acknowledgment=ack, index=index, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
474 action='Update') |
0 | 475 |
476 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>/edit', methods=['GET', 'POST']) | |
477 @document_required | |
478 def edit_acknowledgment(ordinal, index): | |
479 try: | |
480 ack = get_vuln(ordinal)._acknowledgments[index] | |
481 except IndexError: | |
482 abort(404) | |
483 if request.method != 'POST': | |
64
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
484 return render_template('vulnerability/edit_acknowledgment.j2', |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
485 ordinal=ordinal, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
486 names=ack._names, organizations=ack._organizations, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
487 description=ack._description, url=ack._url, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
488 action='Update') |
0 | 489 |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
490 update_acknowledgment_from_request(ack) |
0 | 491 return redirect(url_for('.view', ordinal=ordinal)) |
492 | |
493 @vulnerability.route('/<int:ordinal>/acknowledgment/add', methods=['GET', 'POST']) | |
494 @document_required | |
495 def add_acknowledgment(ordinal): | |
496 if request.method != 'POST': | |
497 return render_template('vulnerability/edit_acknowledgment.j2', action='Add', ordinal=ordinal) | |
498 | |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
499 ack = create_acknowledgment_from_request() |
0 | 500 get_vuln(ordinal).addAcknowledgment(ack) |
501 return redirect(url_for('.view', ordinal=ordinal)) |