Mercurial > farol > farol
annotate farol/vulnerability.py @ 92:33d6fd9a5e12
Add deletion of Product Statuses
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Thu, 09 Oct 2014 16:08:45 +0200 |
parents | 6a61c02f2156 |
children | 8e72f31d7392 |
rev | line source |
---|---|
0 | 1 # -*- encoding: utf-8 -*- |
2 # Description: | |
3 # Web stuff related to the Vulnerabilities | |
4 # | |
5 # Authors: | |
6 # BenoƮt Allard <benoit.allard@greenbone.net> | |
7 # | |
8 # Copyright: | |
9 # Copyright (C) 2014 Greenbone Networks GmbH | |
10 # | |
11 # This program is free software; you can redistribute it and/or | |
12 # modify it under the terms of the GNU General Public License | |
13 # as published by the Free Software Foundation; either version 2 | |
14 # of the License, or (at your option) any later version. | |
15 # | |
16 # This program is distributed in the hope that it will be useful, | |
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 # GNU General Public License for more details. | |
20 # | |
21 # You should have received a copy of the GNU General Public License | |
22 # along with this program; if not, write to the Free Software | |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | |
25 from flask import (Blueprint, render_template, abort, redirect, request, | |
26 url_for) | |
27 | |
28 from farolluz.parsers.cvrf import parseDate | |
29 from farolluz.cvrf import (CVRFVulnerability, CVRFVulnerabilityID, CVRFNote, | |
62
ce49bd1512dd
Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents:
61
diff
changeset
|
30 CVRFReference, CVRFCWE, CVRFInvolvement, CVRFThreat, CVRFProductStatus, |
ce49bd1512dd
Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents:
61
diff
changeset
|
31 CVRFCVSSSet, CVRFRemediation) |
0 | 32 from farolluz.renderer import utcnow |
33 | |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
34 from .controller import (update_note_from_request, create_note_from_request, |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
35 update_reference_from_request, create_reference_from_request, |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
36 update_acknowledgment_from_request, create_acknowledgment_from_request) |
0 | 37 from .session import document_required, get_current |
38 | |
39 | |
40 vulnerability = Blueprint('vulnerability', __name__) | |
41 | |
42 def get_vuln(ordinal): | |
43 for vulnerability in get_current()._vulnerabilities: | |
44 if vulnerability._ordinal != ordinal: | |
45 continue | |
46 return vulnerability | |
47 abort(404) | |
48 | |
49 def vuln_from_form(form, vuln=None): | |
50 if vuln is None: | |
51 vuln = CVRFVulnerability(int(form['ordinal'])) | |
52 else: | |
53 vuln._ordinal = int(form['ordinal']) | |
54 vuln.setTitle(form['title'] or None) | |
55 vuln_id = None | |
56 if form['systemname'] or form['id_value']: | |
57 vuln_id = CVRFVulnerabilityID(form['systemname'], form['id_value']) | |
58 vuln.setID(vuln_id) | |
59 date = None | |
60 if form['discoverydate']: | |
61 date = parseDate(form['discoverydate']) | |
62 vuln.setDiscoveryDate(date) | |
63 date = None | |
64 if form['releasedate']: | |
65 date = parseDate(form['releasedate']) | |
66 vuln.setReleaseDate(date) | |
67 vuln.setCVE(request.form['cve'] or None) | |
68 return vuln | |
69 | |
70 def get_groups(): | |
71 """ Return a list of tuple suitable for selectinput2 """ | |
72 cvrf = get_current() | |
73 groups = [] | |
74 if cvrf._producttree is not None: | |
75 groups = [(g.getTitle(), g._groupid) for g in cvrf._producttree._groups] | |
76 return groups | |
77 | |
78 @vulnerability.route('/<int:ordinal>') | |
79 @document_required | |
80 def view(ordinal): | |
81 return render_template('vulnerability/view.j2', vulnerability=get_vuln(ordinal)) | |
82 | |
83 @vulnerability.route('/<int:ordinal>/edit', methods=['GET', 'POST']) | |
84 @document_required | |
85 def edit(ordinal): | |
86 vuln = get_vuln(ordinal) | |
87 if request.method != 'POST': | |
88 return render_template('vulnerability/edit.j2', vulnerability=vuln, now=utcnow()) | |
89 | |
90 vuln_from_form(request.form, vuln) | |
91 return redirect(url_for('.view', ordinal=vuln._ordinal)) | |
92 | |
93 @vulnerability.route('/add', methods=['GET', 'POST']) | |
94 @document_required | |
95 def add(): | |
96 if request.method != 'POST': | |
97 next_ordinal=1 | |
98 vulns = get_current()._vulnerabilities | |
99 if vulns: | |
100 next_ordinal = vulns[-1]._ordinal + 1 | |
101 vuln = CVRFVulnerability(next_ordinal) | |
102 return render_template('vulnerability/edit.j2', vulnerability=vuln, now=utcnow(), action='Add') | |
103 | |
104 vuln=vuln_from_form(request.form) | |
105 get_current().addVulnerability(vuln) | |
106 return redirect(url_for('.view', ordinal=vuln._ordinal)) | |
107 | |
108 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>') | |
109 @document_required | |
110 def view_note(ordinal, note_ordinal): | |
59
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
111 note = get_vuln(ordinal).getNote(note_ordinal) |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
112 if note is None: |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
113 abort(404) |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
114 return render_template('vulnerability/view_note.j2', note=note, ordinal=ordinal) |
0 | 115 |
116 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>/edit', methods=['GET', 'POST']) | |
117 @document_required | |
118 def edit_note(ordinal, note_ordinal): | |
59
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
119 note = get_vuln(ordinal).getNote(note_ordinal) |
0 | 120 if note is None: |
121 abort(404) | |
122 if request.method != 'POST': | |
123 return render_template('vulnerability/edit_note.j2', note=note, ordinal=ordinal, types=note.TYPES) | |
124 | |
58
fbc413b8a46e
Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
125 update_note_from_request(note) |
0 | 126 return redirect(url_for('.view_note', ordinal=ordinal, note_ordinal=note._ordinal)) |
127 | |
128 @vulnerability.route('/<int:ordinal>/note/add', methods=['GET', 'POST']) | |
129 @document_required | |
130 def add_note(ordinal): | |
131 if request.method != 'POST': | |
132 next_ordinal = 1 | |
133 notes = get_vuln(ordinal)._notes | |
134 if notes: | |
135 next_ordinal = notes[-1]._ordinal + 1 | |
136 return render_template('vulnerability/edit_note.j2', ordinal=ordinal, note_ordinal=next_ordinal, types=CVRFNote.TYPES, action='Add') | |
137 | |
58
fbc413b8a46e
Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
138 note = create_note_from_request() |
0 | 139 get_vuln(ordinal).addNote(note) |
140 return redirect(url_for('.view', ordinal=ordinal)) | |
141 | |
89
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
142 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>/del', methods=['POST']) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
143 @document_required |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
144 def del_note(ordinal, note_ordinal): |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
145 vuln = get_vuln(ordinal) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
146 note = vuln.getNote(ordinal) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
147 if note is None: |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
148 flash('Note not found', 'danger') |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
149 abort(404) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
150 vuln._notes.remove(note) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
151 return redirect(url_for('.view', ordinal=ordinal)) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
152 |
0 | 153 |
154 @vulnerability.route('/<int:ordinal>/involvement/<int:index>') | |
155 @document_required | |
156 def view_involvement(ordinal, index): | |
157 try: | |
158 involvement = get_vuln(ordinal)._involvements[index] | |
159 except IndexError: | |
160 abort(404) | |
161 return render_template('vulnerability/view_involvement.j2', involvement=involvement, ordinal=ordinal, index=index) | |
162 | |
163 @vulnerability.route('/<int:ordinal>/involvement/add', methods=['GET', 'POST']) | |
164 @document_required | |
165 def add_involvement(ordinal): | |
166 if request.method != 'POST': | |
167 return render_template('vulnerability/edit_involvement.j2', ordinal=ordinal, parties=CVRFInvolvement.PARTIES, statuses=CVRFInvolvement.STATUSES, action='Add') | |
168 | |
169 inv = CVRFInvolvement(request.form['party'], request.form['status']) | |
170 inv._description = request.form['description'] or None | |
171 get_vuln(ordinal).addInvolvement(inv) | |
172 return redirect(url_for('.view', ordinal=ordinal)) | |
173 | |
174 @vulnerability.route('/<int:ordinal>/involvement/<int:index>/edit', methods=['GET', 'POST']) | |
175 @document_required | |
176 def edit_involvement(ordinal, index): | |
177 try: | |
178 involvement = get_vuln(ordinal)._involvements[index] | |
179 except IndexError: | |
180 abort(404) | |
181 if request.method != 'POST': | |
182 return render_template('vulnerability/edit_involvement.j2', ordinal=ordinal, index=index, party=involvement._party, status=involvement._status, description=involvement._description, parties=involvement.PARTIES, statuses=involvement.STATUSES) | |
183 | |
184 involvement._party = request.form['party'] | |
185 involvement._status = request.form['status'] | |
186 involvement._description = request.form['description'] or None | |
187 return redirect(url_for('.view_involvement', ordinal=ordinal, index=index)) | |
188 | |
90
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
189 @vulnerability.route('/<int:ordinal>/involvement/<int:index>/del', methods=['POST']) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
190 @document_required |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
191 def del_involvement(ordinal, index): |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
192 invls = get_vuln(ordinal)._involvements |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
193 if not ( 0 <= index < len(invls)): |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
194 flash('Involvement not found', 'danger') |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
195 abort(404) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
196 |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
197 del invls[index] |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
198 return redirect(url_for('.view', ordinal=ordinal)) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
199 |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
200 |
0 | 201 @vulnerability.route('/<int:ordinal>/cwe/<int:index>/edit', methods=['GET', 'POST']) |
202 @document_required | |
203 def edit_cwe(ordinal, index): | |
204 try: | |
205 cwe = get_vuln(ordinal)._cwes[index] | |
206 except IndexError: | |
207 abort(404) | |
208 if request.method != 'POST': | |
209 return render_template('vulnerability/edit_cwe.j2', ordinal=ordinal, _id=cwe._id, description=cwe._value) | |
210 | |
211 cwe._id = request.form['id'] | |
212 cwe._value = request.form['description'] | |
213 return redirect(url_for('.view', ordinal=ordinal)) | |
214 | |
215 @vulnerability.route('/<int:ordinal>/cwe/add', methods=['GET', 'POST']) | |
216 @document_required | |
217 def add_cwe(ordinal): | |
218 if request.method != 'POST': | |
219 return render_template('vulnerability/edit_cwe.j2', ordinal=ordinal, action='Add') | |
220 | |
221 cwe = CVRFCWE(request.form['id'], request.form['description']) | |
222 get_vuln(ordinal).addCWE(cwe) | |
223 return redirect(url_for('.view', ordinal=ordinal)) | |
224 | |
91
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
225 @vulnerability.route('/<int:ordinal>/cwe/<int:index>/del', methods=['POST']) |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
226 @document_required |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
227 def del_cwe(ordinal, index): |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
228 cwes = get_vuln(ordinal)._cwes |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
229 if not ( 0 <= index < len(cwes)): |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
230 flash('CWE not found', 'danger') |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
231 abort(404) |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
232 del cwes[index] |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
233 return redirect(url_for('.view', ordinal=ordinal)) |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
234 |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
235 |
0 | 236 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>') |
237 @document_required | |
238 def view_status(ordinal, index): | |
239 try: | |
240 status = get_vuln(ordinal)._productstatuses[index] | |
241 except IndexError: | |
242 abort(404) | |
243 return render_template('vulnerability/view_productstatus.j2', ordinal=ordinal, index=index, status=status, cvrf=get_current()) | |
244 | |
245 @vulnerability.route('/<int:ordinal>/productstatus/add', methods=['GET', 'POST']) | |
246 @document_required | |
247 def add_status(ordinal): | |
248 if request.method != 'POST': | |
249 return render_template('vulnerability/edit_productstatus.j2', ordinal=ordinal, statuses=CVRFProductStatus.TYPES, action='Add') | |
250 | |
251 status = CVRFProductStatus(request.form['status']) | |
252 for productid in request.form.getlist('products'): | |
253 status.addProductID(productid) | |
254 get_vuln(ordinal).addProductStatus(status) | |
255 return redirect(url_for('.view', ordinal=ordinal)) | |
256 | |
257 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>/edit', methods=['GET', 'POST']) | |
258 @document_required | |
259 def edit_status(ordinal, index): | |
260 try: | |
261 status = get_vuln(ordinal)._productstatuses[index] | |
262 except IndexError: | |
263 abort(404) | |
264 if request.method != 'POST': | |
265 return render_template('vulnerability/edit_productstatus.j2', ordinal=ordinal, index=index, status=status._type, productids=status._productids, statuses=status.TYPES) | |
266 | |
267 status._type = request.form['status'] | |
268 status._productids = [] | |
269 for productid in request.form.getlist('products'): | |
270 status.addProductID(productid) | |
271 return redirect(url_for('.view', ordinal=ordinal)) | |
272 | |
92
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
273 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>/del', methods=['POST']) |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
274 @document_required |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
275 def del_status(ordinal, index): |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
276 statuses = get_vuln(ordinal)._productstatuses |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
277 if not ( 0 <= index < len(statuses)): |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
278 flash('Product Status not found', 'danger') |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
279 abort(404) |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
280 |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
281 del statuses[index] |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
282 return redirect(url_for('.view', ordinal=ordinal)) |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
283 |
0 | 284 |
285 @vulnerability.route('/<int:ordinal>/threat/<int:index>') | |
286 @document_required | |
287 def view_threat(ordinal, index): | |
288 try: | |
289 threat = get_vuln(ordinal)._threats[index] | |
290 except IndexError: | |
291 abort(404) | |
292 return render_template('vulnerability/view_threat.j2', ordinal=ordinal, index=index, threat=threat, cvrf=get_current()) | |
293 | |
294 @vulnerability.route('/<int:ordinal>/threat/add', methods=['GET', 'POST']) | |
295 @document_required | |
296 def add_threat(ordinal): | |
297 if request.method != 'POST': | |
298 return render_template('vulnerability/edit_threat.j2', | |
299 ordinal=ordinal, | |
300 types=CVRFThreat.TYPES, groups=get_groups(), now=utcnow(), | |
301 action='Add') | |
302 | |
303 threat = CVRFThreat(request.form['type'], request.form['description']) | |
304 if request.form['date']: | |
305 threat.setDate(parseDate(request.form['date'])) | |
306 for productid in request.form.getlist('products'): | |
307 threat.addProductID(productid) | |
308 for groupid in request.form.getlist('groups'): | |
309 threat.addGroupID(groupid) | |
310 get_vuln(ordinal).addThreat(threat) | |
311 return redirect(url_for('.view', ordinal=ordinal)) | |
312 | |
313 @vulnerability.route('/<int:ordinal>/threat/<int:index>/edit', methods=['GET', 'POST']) | |
314 @document_required | |
315 def edit_threat(ordinal, index): | |
316 try: | |
317 threat = get_vuln(ordinal)._threats[index] | |
318 except IndexError: | |
319 abort(404) | |
320 if request.method != 'POST': | |
321 return render_template('vulnerability/edit_threat.j2', | |
322 ordinal=ordinal, index=index, | |
323 type=threat._type, date=threat._date, description=threat._description, productids=threat._productids, groupids=threat._groupids, | |
324 types=threat.TYPES, groups=get_groups(), now=utcnow()) | |
325 | |
326 threat._type = request.form['type'] | |
327 threat._description = request.form['description'] | |
328 date = None | |
329 if request.form['date']: | |
330 date = parseDate(request.form['date']) | |
331 threat.setDate(date) | |
332 threat._productids = [] | |
333 threat._groupids = [] | |
334 for productid in request.form.getlist('products'): | |
335 threat.addProductID(productid) | |
336 for groupid in request.form.getlist('groups'): | |
337 threat.addGroupID(groupid) | |
338 return redirect(url_for('.view', ordinal=ordinal)) | |
339 | |
340 | |
341 @vulnerability.route('/<int:ordinal>/cvss/<int:index>') | |
342 @document_required | |
343 def view_cvss(ordinal, index): | |
344 try: | |
345 cvss = get_vuln(ordinal)._cvsss[index] | |
346 except IndexError: | |
347 abort(404) | |
348 return render_template('vulnerability/view_cvss.j2', ordinal=ordinal, index=index, cvss=cvss, cvrf=get_current()) | |
349 | |
350 @vulnerability.route('/<int:ordinal>/cvss/add', methods=['GET', 'POST']) | |
351 @document_required | |
352 def add_cvss(ordinal): | |
353 if request.method != 'POST': | |
354 return render_template('vulnerability/edit_cvss.j2', ordinal=ordinal, action='Add') | |
355 | |
356 cvss = CVRFCVSSSet(float(request.form['basescore'])) | |
357 tscore = None | |
358 if request.form['temporalscore']: | |
359 tscore = float(request.form['temporalscore']) | |
360 cvss.setTemporalScore(tscore) | |
361 escore = None | |
362 if request.form['environmentalscore']: | |
363 escore = float(request.form['environmentalscore']) | |
364 cvss.setEnvironmentalScore(escore) | |
365 cvss.setVector(request.form['vector'] or None) | |
366 get_vuln(ordinal).addCVSSSet(cvss) | |
367 return redirect(url_for('.view', ordinal=ordinal)) | |
368 | |
369 | |
370 @vulnerability.route('/<int:ordinal>/cvss/<int:index>/edit', methods=['GET', 'POST']) | |
371 @document_required | |
372 def edit_cvss(ordinal, index): | |
373 try: | |
374 cvss = get_vuln(ordinal)._cvsss[index] | |
375 except IndexError: | |
376 abort(404) | |
377 if request.method != 'POST': | |
378 return render_template('vulnerability/edit_cvss.j2', | |
379 ordinal=ordinal, index=index, | |
380 basescore=cvss._basescore, temporalscore=cvss._temporalscore, environmentalscore=cvss._environmentalscore, vector=cvss._vector) | |
381 | |
382 cvss._basescore = float(request.form['basescore']) | |
383 tscore = None | |
384 if request.form['temporalscore']: | |
385 tscore = float(request.form['temporalscore']) | |
386 cvss.setTemporalScore(tscore) | |
387 escore = None | |
388 if request.form['environmentalscore']: | |
389 escore = float(request.form['environmentalscore']) | |
390 cvss.setEnvironmentalScore(escore) | |
391 cvss.setVector(request.form['vector'] or None) | |
392 return redirect(url_for('.view', ordinal=ordinal)) | |
393 | |
394 | |
395 @vulnerability.route('/<int:ordinal>/remediation/<int:index>') | |
396 @document_required | |
397 def view_remediation(ordinal, index): | |
398 try: | |
399 remediation = get_vuln(ordinal)._remediations[index] | |
400 except IndexError: | |
401 abort(404) | |
402 return render_template('vulnerability/view_remediation.j2', | |
403 ordinal=ordinal, index=index, | |
404 remediation=remediation, | |
405 cvrf=get_current()) | |
406 | |
407 @vulnerability.route('/<int:ordinal>/remediation/add', methods=['GET', 'POST']) | |
408 @document_required | |
409 def add_remediation(ordinal): | |
410 if request.method != 'POST': | |
411 return render_template('vulnerability/edit_remediation.j2', | |
412 ordinal=ordinal, | |
413 types=CVRFRemediation.TYPES, groups=get_groups(), now=utcnow(), | |
414 action='Add') | |
415 | |
416 remediation = CVRFRemediation(request.form['type'], request.form['description']) | |
417 if request.form['date']: | |
418 remediation.setDate(parseDate(request.form['date'])) | |
419 if request.form['entitlement']: | |
420 remediation.setEntitlement(request.form['entitlement']) | |
421 if request.form['url']: | |
422 remediation.setURL(request.form['url']) | |
423 for productid in request.form.getlist('products'): | |
424 remediation.addProductID(productid) | |
425 for groupid in request.form.getlist('groups'): | |
426 remediation.addGroupID(groupid) | |
427 get_vuln(ordinal).addRemediation(remediation) | |
428 return redirect(url_for('.view', ordinal=ordinal)) | |
429 | |
430 @vulnerability.route('/<int:ordinal>/remediation/<int:index>/edit', methods=['GET', 'POST']) | |
431 @document_required | |
432 def edit_remediation(ordinal, index): | |
433 try: | |
434 remediation = get_vuln(ordinal)._remediations[index] | |
435 except IndexError: | |
436 abort(404) | |
437 if request.method != 'POST': | |
438 return render_template('vulnerability/edit_remediation.j2', | |
439 ordinal=ordinal, index=index, | |
440 type=remediation._type, date=remediation._date, description=remediation._description, entitlement=remediation._entitlement, url=remediation._url, productids=remediation._productids, groupids=remediation._groupids, | |
441 types=remediation.TYPES, groups=get_groups(), now=utcnow()) | |
442 | |
443 remediation._type = request.form['type'] | |
444 remediation._description = request.form['description'] | |
445 date = None | |
446 if request.form['date']: | |
447 date = parseDate(request.form['date']) | |
448 remediation.setDate(date) | |
449 remediation.setEntitlement(request.form['entitlement'] or None) | |
450 remediation.setURL(request.form['url'] or None) | |
451 remediation._productids = [] | |
452 remediation._groupids = [] | |
453 for productid in request.form.getlist('products'): | |
454 remediation.addProductID(productid) | |
455 for groupid in request.form.getlist('groups'): | |
456 remediation.addGroupID(groupid) | |
457 return redirect(url_for('.view', ordinal=ordinal)) | |
458 | |
459 | |
460 @vulnerability.route('/<int:ordinal>/reference/<int:index>/edit', methods=['GET', 'POST']) | |
461 @document_required | |
462 def edit_reference(ordinal, index): | |
463 try: | |
464 reference = get_vuln(ordinal)._references[index] | |
465 except IndexError: | |
466 abort(404) | |
467 if request.method != 'POST': | |
468 return render_template('vulnerability/edit_reference.j2', ordinal=ordinal, _type=reference._type, url=reference._url, description=reference._description, types=('',) + reference.TYPES) | |
469 | |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
470 update_reference_from_request(reference) |
0 | 471 return redirect(url_for('.view', ordinal=ordinal)) |
472 | |
473 @vulnerability.route('/<int:ordinal>/reference/add', methods=['GET', 'POST']) | |
474 @document_required | |
475 def add_reference(ordinal): | |
476 if request.method != 'POST': | |
477 return render_template('vulnerability/edit_reference.j2', action='Add', ordinal=ordinal, types=('',) + CVRFReference.TYPES) | |
478 | |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
479 ref = create_reference_from_request() |
0 | 480 get_vuln(ordinal).addReference(ref) |
481 return redirect(url_for('.view', ordinal=ordinal)) | |
482 | |
483 | |
484 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>') | |
485 @document_required | |
486 def view_acknowledgment(ordinal, index): | |
487 try: | |
488 ack = get_vuln(ordinal)._acknowledgments[index] | |
489 except IndexError: | |
490 abort(404) | |
64
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
491 return render_template('vulnerability/view_acknowledgment.j2', |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
492 ordinal=ordinal, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
493 acknowledgment=ack, index=index, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
494 action='Update') |
0 | 495 |
496 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>/edit', methods=['GET', 'POST']) | |
497 @document_required | |
498 def edit_acknowledgment(ordinal, index): | |
499 try: | |
500 ack = get_vuln(ordinal)._acknowledgments[index] | |
501 except IndexError: | |
502 abort(404) | |
503 if request.method != 'POST': | |
64
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
504 return render_template('vulnerability/edit_acknowledgment.j2', |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
505 ordinal=ordinal, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
506 names=ack._names, organizations=ack._organizations, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
507 description=ack._description, url=ack._url, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
508 action='Update') |
0 | 509 |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
510 update_acknowledgment_from_request(ack) |
0 | 511 return redirect(url_for('.view', ordinal=ordinal)) |
512 | |
513 @vulnerability.route('/<int:ordinal>/acknowledgment/add', methods=['GET', 'POST']) | |
514 @document_required | |
515 def add_acknowledgment(ordinal): | |
516 if request.method != 'POST': | |
517 return render_template('vulnerability/edit_acknowledgment.j2', action='Add', ordinal=ordinal) | |
518 | |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
519 ack = create_acknowledgment_from_request() |
0 | 520 get_vuln(ordinal).addAcknowledgment(ack) |
521 return redirect(url_for('.view', ordinal=ordinal)) |