Mercurial > farol > farol
annotate farol/vulnerability.py @ 119:be6553a438fa
Added tag 0.2.1 for changeset 5d19b3158538
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Fri, 17 Oct 2014 16:01:04 +0200 |
parents | 5535ac5fef37 |
children |
rev | line source |
---|---|
0 | 1 # -*- encoding: utf-8 -*- |
2 # Description: | |
3 # Web stuff related to the Vulnerabilities | |
4 # | |
5 # Authors: | |
6 # BenoƮt Allard <benoit.allard@greenbone.net> | |
7 # | |
8 # Copyright: | |
9 # Copyright (C) 2014 Greenbone Networks GmbH | |
10 # | |
11 # This program is free software; you can redistribute it and/or | |
12 # modify it under the terms of the GNU General Public License | |
13 # as published by the Free Software Foundation; either version 2 | |
14 # of the License, or (at your option) any later version. | |
15 # | |
16 # This program is distributed in the hope that it will be useful, | |
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 # GNU General Public License for more details. | |
20 # | |
21 # You should have received a copy of the GNU General Public License | |
22 # along with this program; if not, write to the Free Software | |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | |
25 from flask import (Blueprint, render_template, abort, redirect, request, | |
26 url_for) | |
27 | |
28 from farolluz.cvrf import (CVRFVulnerability, CVRFVulnerabilityID, CVRFNote, | |
62
ce49bd1512dd
Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents:
61
diff
changeset
|
29 CVRFReference, CVRFCWE, CVRFInvolvement, CVRFThreat, CVRFProductStatus, |
ce49bd1512dd
Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents:
61
diff
changeset
|
30 CVRFCVSSSet, CVRFRemediation) |
0 | 31 from farolluz.renderer import utcnow |
32 | |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
33 from .controller import (update_note_from_request, create_note_from_request, |
100
5535ac5fef37
Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents:
98
diff
changeset
|
34 update_reference_from_request, create_reference_from_request, parseDate, |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
35 update_acknowledgment_from_request, create_acknowledgment_from_request) |
0 | 36 from .session import document_required, get_current |
37 | |
38 | |
39 vulnerability = Blueprint('vulnerability', __name__) | |
40 | |
41 def get_vuln(ordinal): | |
42 for vulnerability in get_current()._vulnerabilities: | |
43 if vulnerability._ordinal != ordinal: | |
44 continue | |
45 return vulnerability | |
46 abort(404) | |
47 | |
48 def vuln_from_form(form, vuln=None): | |
49 if vuln is None: | |
50 vuln = CVRFVulnerability(int(form['ordinal'])) | |
51 else: | |
52 vuln._ordinal = int(form['ordinal']) | |
53 vuln.setTitle(form['title'] or None) | |
54 vuln_id = None | |
55 if form['systemname'] or form['id_value']: | |
56 vuln_id = CVRFVulnerabilityID(form['systemname'], form['id_value']) | |
57 vuln.setID(vuln_id) | |
58 date = None | |
59 if form['discoverydate']: | |
60 date = parseDate(form['discoverydate']) | |
61 vuln.setDiscoveryDate(date) | |
62 date = None | |
63 if form['releasedate']: | |
64 date = parseDate(form['releasedate']) | |
65 vuln.setReleaseDate(date) | |
66 vuln.setCVE(request.form['cve'] or None) | |
67 return vuln | |
68 | |
69 def get_groups(): | |
70 """ Return a list of tuple suitable for selectinput2 """ | |
71 cvrf = get_current() | |
72 groups = [] | |
73 if cvrf._producttree is not None: | |
74 groups = [(g.getTitle(), g._groupid) for g in cvrf._producttree._groups] | |
75 return groups | |
76 | |
77 @vulnerability.route('/<int:ordinal>') | |
78 @document_required | |
79 def view(ordinal): | |
80 return render_template('vulnerability/view.j2', vulnerability=get_vuln(ordinal)) | |
81 | |
82 @vulnerability.route('/<int:ordinal>/edit', methods=['GET', 'POST']) | |
83 @document_required | |
84 def edit(ordinal): | |
85 vuln = get_vuln(ordinal) | |
86 if request.method != 'POST': | |
87 return render_template('vulnerability/edit.j2', vulnerability=vuln, now=utcnow()) | |
88 | |
89 vuln_from_form(request.form, vuln) | |
90 return redirect(url_for('.view', ordinal=vuln._ordinal)) | |
91 | |
92 @vulnerability.route('/add', methods=['GET', 'POST']) | |
93 @document_required | |
94 def add(): | |
95 if request.method != 'POST': | |
96 next_ordinal=1 | |
97 vulns = get_current()._vulnerabilities | |
98 if vulns: | |
99 next_ordinal = vulns[-1]._ordinal + 1 | |
100 vuln = CVRFVulnerability(next_ordinal) | |
101 return render_template('vulnerability/edit.j2', vulnerability=vuln, now=utcnow(), action='Add') | |
102 | |
103 vuln=vuln_from_form(request.form) | |
104 get_current().addVulnerability(vuln) | |
105 return redirect(url_for('.view', ordinal=vuln._ordinal)) | |
106 | |
98
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
107 @vulnerability.route('/<int:ordinal>/del', methods=['POST']) |
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
108 @document_required |
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
109 def delete(ordinal): |
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
110 vuln = get_vuln(ordinal) |
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
111 get_current()._vulnerabilities.remove(vuln) |
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
112 return redirect(url_for('document.view')) |
9b525f33080a
Add deletion of Vulnerabilities as a whole
Benoît Allard <benoit.allard@greenbone.net>
parents:
97
diff
changeset
|
113 |
0 | 114 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>') |
115 @document_required | |
116 def view_note(ordinal, note_ordinal): | |
59
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
117 note = get_vuln(ordinal).getNote(note_ordinal) |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
118 if note is None: |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
119 abort(404) |
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
120 return render_template('vulnerability/view_note.j2', note=note, ordinal=ordinal) |
0 | 121 |
122 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>/edit', methods=['GET', 'POST']) | |
123 @document_required | |
124 def edit_note(ordinal, note_ordinal): | |
59
64403f1b424e
Make use of the new getNote methods on CVRFVulnerability
Benoît Allard <benoit.allard@greenbone.net>
parents:
58
diff
changeset
|
125 note = get_vuln(ordinal).getNote(note_ordinal) |
0 | 126 if note is None: |
127 abort(404) | |
128 if request.method != 'POST': | |
129 return render_template('vulnerability/edit_note.j2', note=note, ordinal=ordinal, types=note.TYPES) | |
130 | |
58
fbc413b8a46e
Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
131 update_note_from_request(note) |
0 | 132 return redirect(url_for('.view_note', ordinal=ordinal, note_ordinal=note._ordinal)) |
133 | |
134 @vulnerability.route('/<int:ordinal>/note/add', methods=['GET', 'POST']) | |
135 @document_required | |
136 def add_note(ordinal): | |
137 if request.method != 'POST': | |
138 next_ordinal = 1 | |
139 notes = get_vuln(ordinal)._notes | |
140 if notes: | |
141 next_ordinal = notes[-1]._ordinal + 1 | |
142 return render_template('vulnerability/edit_note.j2', ordinal=ordinal, note_ordinal=next_ordinal, types=CVRFNote.TYPES, action='Add') | |
143 | |
58
fbc413b8a46e
Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
144 note = create_note_from_request() |
0 | 145 get_vuln(ordinal).addNote(note) |
146 return redirect(url_for('.view', ordinal=ordinal)) | |
147 | |
89
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
148 @vulnerability.route('/<int:ordinal>/note/<int:note_ordinal>/del', methods=['POST']) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
149 @document_required |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
150 def del_note(ordinal, note_ordinal): |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
151 vuln = get_vuln(ordinal) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
152 note = vuln.getNote(ordinal) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
153 if note is None: |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
154 flash('Note not found', 'danger') |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
155 abort(404) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
156 vuln._notes.remove(note) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
157 return redirect(url_for('.view', ordinal=ordinal)) |
e558238cfdb2
Add deletion of Vulnerabilities'Notes
Benoît Allard <benoit.allard@greenbone.net>
parents:
64
diff
changeset
|
158 |
0 | 159 |
160 @vulnerability.route('/<int:ordinal>/involvement/<int:index>') | |
161 @document_required | |
162 def view_involvement(ordinal, index): | |
163 try: | |
164 involvement = get_vuln(ordinal)._involvements[index] | |
165 except IndexError: | |
166 abort(404) | |
167 return render_template('vulnerability/view_involvement.j2', involvement=involvement, ordinal=ordinal, index=index) | |
168 | |
169 @vulnerability.route('/<int:ordinal>/involvement/add', methods=['GET', 'POST']) | |
170 @document_required | |
171 def add_involvement(ordinal): | |
172 if request.method != 'POST': | |
173 return render_template('vulnerability/edit_involvement.j2', ordinal=ordinal, parties=CVRFInvolvement.PARTIES, statuses=CVRFInvolvement.STATUSES, action='Add') | |
174 | |
175 inv = CVRFInvolvement(request.form['party'], request.form['status']) | |
176 inv._description = request.form['description'] or None | |
177 get_vuln(ordinal).addInvolvement(inv) | |
178 return redirect(url_for('.view', ordinal=ordinal)) | |
179 | |
180 @vulnerability.route('/<int:ordinal>/involvement/<int:index>/edit', methods=['GET', 'POST']) | |
181 @document_required | |
182 def edit_involvement(ordinal, index): | |
183 try: | |
184 involvement = get_vuln(ordinal)._involvements[index] | |
185 except IndexError: | |
186 abort(404) | |
187 if request.method != 'POST': | |
188 return render_template('vulnerability/edit_involvement.j2', ordinal=ordinal, index=index, party=involvement._party, status=involvement._status, description=involvement._description, parties=involvement.PARTIES, statuses=involvement.STATUSES) | |
189 | |
190 involvement._party = request.form['party'] | |
191 involvement._status = request.form['status'] | |
192 involvement._description = request.form['description'] or None | |
193 return redirect(url_for('.view_involvement', ordinal=ordinal, index=index)) | |
194 | |
90
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
195 @vulnerability.route('/<int:ordinal>/involvement/<int:index>/del', methods=['POST']) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
196 @document_required |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
197 def del_involvement(ordinal, index): |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
198 invls = get_vuln(ordinal)._involvements |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
199 if not ( 0 <= index < len(invls)): |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
200 flash('Involvement not found', 'danger') |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
201 abort(404) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
202 |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
203 del invls[index] |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
204 return redirect(url_for('.view', ordinal=ordinal)) |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
205 |
2201d0ea0bf3
Add deletion of Involvements
Benoît Allard <benoit.allard@greenbone.net>
parents:
89
diff
changeset
|
206 |
0 | 207 @vulnerability.route('/<int:ordinal>/cwe/<int:index>/edit', methods=['GET', 'POST']) |
208 @document_required | |
209 def edit_cwe(ordinal, index): | |
210 try: | |
211 cwe = get_vuln(ordinal)._cwes[index] | |
212 except IndexError: | |
213 abort(404) | |
214 if request.method != 'POST': | |
215 return render_template('vulnerability/edit_cwe.j2', ordinal=ordinal, _id=cwe._id, description=cwe._value) | |
216 | |
217 cwe._id = request.form['id'] | |
218 cwe._value = request.form['description'] | |
219 return redirect(url_for('.view', ordinal=ordinal)) | |
220 | |
221 @vulnerability.route('/<int:ordinal>/cwe/add', methods=['GET', 'POST']) | |
222 @document_required | |
223 def add_cwe(ordinal): | |
224 if request.method != 'POST': | |
225 return render_template('vulnerability/edit_cwe.j2', ordinal=ordinal, action='Add') | |
226 | |
227 cwe = CVRFCWE(request.form['id'], request.form['description']) | |
228 get_vuln(ordinal).addCWE(cwe) | |
229 return redirect(url_for('.view', ordinal=ordinal)) | |
230 | |
91
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
231 @vulnerability.route('/<int:ordinal>/cwe/<int:index>/del', methods=['POST']) |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
232 @document_required |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
233 def del_cwe(ordinal, index): |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
234 cwes = get_vuln(ordinal)._cwes |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
235 if not ( 0 <= index < len(cwes)): |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
236 flash('CWE not found', 'danger') |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
237 abort(404) |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
238 del cwes[index] |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
239 return redirect(url_for('.view', ordinal=ordinal)) |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
240 |
6a61c02f2156
Add deletion of CWEs
Benoît Allard <benoit.allard@greenbone.net>
parents:
90
diff
changeset
|
241 |
0 | 242 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>') |
243 @document_required | |
244 def view_status(ordinal, index): | |
245 try: | |
246 status = get_vuln(ordinal)._productstatuses[index] | |
247 except IndexError: | |
248 abort(404) | |
249 return render_template('vulnerability/view_productstatus.j2', ordinal=ordinal, index=index, status=status, cvrf=get_current()) | |
250 | |
251 @vulnerability.route('/<int:ordinal>/productstatus/add', methods=['GET', 'POST']) | |
252 @document_required | |
253 def add_status(ordinal): | |
254 if request.method != 'POST': | |
255 return render_template('vulnerability/edit_productstatus.j2', ordinal=ordinal, statuses=CVRFProductStatus.TYPES, action='Add') | |
256 | |
257 status = CVRFProductStatus(request.form['status']) | |
258 for productid in request.form.getlist('products'): | |
259 status.addProductID(productid) | |
260 get_vuln(ordinal).addProductStatus(status) | |
261 return redirect(url_for('.view', ordinal=ordinal)) | |
262 | |
263 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>/edit', methods=['GET', 'POST']) | |
264 @document_required | |
265 def edit_status(ordinal, index): | |
266 try: | |
267 status = get_vuln(ordinal)._productstatuses[index] | |
268 except IndexError: | |
269 abort(404) | |
270 if request.method != 'POST': | |
271 return render_template('vulnerability/edit_productstatus.j2', ordinal=ordinal, index=index, status=status._type, productids=status._productids, statuses=status.TYPES) | |
272 | |
273 status._type = request.form['status'] | |
274 status._productids = [] | |
275 for productid in request.form.getlist('products'): | |
276 status.addProductID(productid) | |
277 return redirect(url_for('.view', ordinal=ordinal)) | |
278 | |
92
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
279 @vulnerability.route('/<int:ordinal>/productstatus/<int:index>/del', methods=['POST']) |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
280 @document_required |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
281 def del_status(ordinal, index): |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
282 statuses = get_vuln(ordinal)._productstatuses |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
283 if not ( 0 <= index < len(statuses)): |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
284 flash('Product Status not found', 'danger') |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
285 abort(404) |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
286 |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
287 del statuses[index] |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
288 return redirect(url_for('.view', ordinal=ordinal)) |
33d6fd9a5e12
Add deletion of Product Statuses
Benoît Allard <benoit.allard@greenbone.net>
parents:
91
diff
changeset
|
289 |
0 | 290 |
291 @vulnerability.route('/<int:ordinal>/threat/<int:index>') | |
292 @document_required | |
293 def view_threat(ordinal, index): | |
294 try: | |
295 threat = get_vuln(ordinal)._threats[index] | |
296 except IndexError: | |
297 abort(404) | |
298 return render_template('vulnerability/view_threat.j2', ordinal=ordinal, index=index, threat=threat, cvrf=get_current()) | |
299 | |
300 @vulnerability.route('/<int:ordinal>/threat/add', methods=['GET', 'POST']) | |
301 @document_required | |
302 def add_threat(ordinal): | |
303 if request.method != 'POST': | |
304 return render_template('vulnerability/edit_threat.j2', | |
305 ordinal=ordinal, | |
306 types=CVRFThreat.TYPES, groups=get_groups(), now=utcnow(), | |
307 action='Add') | |
308 | |
309 threat = CVRFThreat(request.form['type'], request.form['description']) | |
310 if request.form['date']: | |
311 threat.setDate(parseDate(request.form['date'])) | |
312 for productid in request.form.getlist('products'): | |
313 threat.addProductID(productid) | |
314 for groupid in request.form.getlist('groups'): | |
315 threat.addGroupID(groupid) | |
316 get_vuln(ordinal).addThreat(threat) | |
317 return redirect(url_for('.view', ordinal=ordinal)) | |
318 | |
319 @vulnerability.route('/<int:ordinal>/threat/<int:index>/edit', methods=['GET', 'POST']) | |
320 @document_required | |
321 def edit_threat(ordinal, index): | |
322 try: | |
323 threat = get_vuln(ordinal)._threats[index] | |
324 except IndexError: | |
325 abort(404) | |
326 if request.method != 'POST': | |
327 return render_template('vulnerability/edit_threat.j2', | |
328 ordinal=ordinal, index=index, | |
329 type=threat._type, date=threat._date, description=threat._description, productids=threat._productids, groupids=threat._groupids, | |
330 types=threat.TYPES, groups=get_groups(), now=utcnow()) | |
331 | |
332 threat._type = request.form['type'] | |
333 threat._description = request.form['description'] | |
334 date = None | |
335 if request.form['date']: | |
336 date = parseDate(request.form['date']) | |
337 threat.setDate(date) | |
338 threat._productids = [] | |
339 threat._groupids = [] | |
340 for productid in request.form.getlist('products'): | |
341 threat.addProductID(productid) | |
342 for groupid in request.form.getlist('groups'): | |
343 threat.addGroupID(groupid) | |
344 return redirect(url_for('.view', ordinal=ordinal)) | |
345 | |
93
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
346 @vulnerability.route('/<int:ordinal>/threat/<int:index>/del', methods=['POST']) |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
347 @document_required |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
348 def del_threat(ordinal, index): |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
349 threats = get_vuln(ordinal)._threats |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
350 if not (0 <= index < len(threats)): |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
351 flash('Threat not found', 'danger') |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
352 abort(404) |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
353 |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
354 del threats[index] |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
355 return redirect(url_for('.view', ordinal=ordinal)) |
8e72f31d7392
Add deletion of Threats
Benoît Allard <benoit.allard@greenbone.net>
parents:
92
diff
changeset
|
356 |
0 | 357 |
358 @vulnerability.route('/<int:ordinal>/cvss/<int:index>') | |
359 @document_required | |
360 def view_cvss(ordinal, index): | |
361 try: | |
362 cvss = get_vuln(ordinal)._cvsss[index] | |
363 except IndexError: | |
364 abort(404) | |
365 return render_template('vulnerability/view_cvss.j2', ordinal=ordinal, index=index, cvss=cvss, cvrf=get_current()) | |
366 | |
367 @vulnerability.route('/<int:ordinal>/cvss/add', methods=['GET', 'POST']) | |
368 @document_required | |
369 def add_cvss(ordinal): | |
370 if request.method != 'POST': | |
371 return render_template('vulnerability/edit_cvss.j2', ordinal=ordinal, action='Add') | |
372 | |
373 cvss = CVRFCVSSSet(float(request.form['basescore'])) | |
374 tscore = None | |
375 if request.form['temporalscore']: | |
376 tscore = float(request.form['temporalscore']) | |
377 cvss.setTemporalScore(tscore) | |
378 escore = None | |
379 if request.form['environmentalscore']: | |
380 escore = float(request.form['environmentalscore']) | |
381 cvss.setEnvironmentalScore(escore) | |
382 cvss.setVector(request.form['vector'] or None) | |
383 get_vuln(ordinal).addCVSSSet(cvss) | |
384 return redirect(url_for('.view', ordinal=ordinal)) | |
385 | |
386 @vulnerability.route('/<int:ordinal>/cvss/<int:index>/edit', methods=['GET', 'POST']) | |
387 @document_required | |
388 def edit_cvss(ordinal, index): | |
389 try: | |
390 cvss = get_vuln(ordinal)._cvsss[index] | |
391 except IndexError: | |
392 abort(404) | |
393 if request.method != 'POST': | |
394 return render_template('vulnerability/edit_cvss.j2', | |
395 ordinal=ordinal, index=index, | |
396 basescore=cvss._basescore, temporalscore=cvss._temporalscore, environmentalscore=cvss._environmentalscore, vector=cvss._vector) | |
397 | |
398 cvss._basescore = float(request.form['basescore']) | |
399 tscore = None | |
400 if request.form['temporalscore']: | |
401 tscore = float(request.form['temporalscore']) | |
402 cvss.setTemporalScore(tscore) | |
403 escore = None | |
404 if request.form['environmentalscore']: | |
405 escore = float(request.form['environmentalscore']) | |
406 cvss.setEnvironmentalScore(escore) | |
407 cvss.setVector(request.form['vector'] or None) | |
408 return redirect(url_for('.view', ordinal=ordinal)) | |
409 | |
94
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
410 @vulnerability.route('/<int:ordinal>/cvss/<int:index>/del', methods=['POST']) |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
411 @document_required |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
412 def del_cvss(ordinal, index): |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
413 cvsss = get_vuln(ordinal)._cvsss |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
414 if not ( 0 <= index < len(cvsss)): |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
415 flash('CVSS not found', 'danger') |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
416 abort(404) |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
417 |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
418 del cvsss[index] |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
419 return redirect(url_for('.view', ordinal=ordinal)) |
1ca989387aeb
Add deletion of CVSS
Benoît Allard <benoit.allard@greenbone.net>
parents:
93
diff
changeset
|
420 |
0 | 421 |
422 @vulnerability.route('/<int:ordinal>/remediation/<int:index>') | |
423 @document_required | |
424 def view_remediation(ordinal, index): | |
425 try: | |
426 remediation = get_vuln(ordinal)._remediations[index] | |
427 except IndexError: | |
428 abort(404) | |
429 return render_template('vulnerability/view_remediation.j2', | |
430 ordinal=ordinal, index=index, | |
431 remediation=remediation, | |
432 cvrf=get_current()) | |
433 | |
434 @vulnerability.route('/<int:ordinal>/remediation/add', methods=['GET', 'POST']) | |
435 @document_required | |
436 def add_remediation(ordinal): | |
437 if request.method != 'POST': | |
438 return render_template('vulnerability/edit_remediation.j2', | |
439 ordinal=ordinal, | |
440 types=CVRFRemediation.TYPES, groups=get_groups(), now=utcnow(), | |
441 action='Add') | |
442 | |
443 remediation = CVRFRemediation(request.form['type'], request.form['description']) | |
444 if request.form['date']: | |
445 remediation.setDate(parseDate(request.form['date'])) | |
446 if request.form['entitlement']: | |
447 remediation.setEntitlement(request.form['entitlement']) | |
448 if request.form['url']: | |
449 remediation.setURL(request.form['url']) | |
450 for productid in request.form.getlist('products'): | |
451 remediation.addProductID(productid) | |
452 for groupid in request.form.getlist('groups'): | |
453 remediation.addGroupID(groupid) | |
454 get_vuln(ordinal).addRemediation(remediation) | |
455 return redirect(url_for('.view', ordinal=ordinal)) | |
456 | |
457 @vulnerability.route('/<int:ordinal>/remediation/<int:index>/edit', methods=['GET', 'POST']) | |
458 @document_required | |
459 def edit_remediation(ordinal, index): | |
460 try: | |
461 remediation = get_vuln(ordinal)._remediations[index] | |
462 except IndexError: | |
463 abort(404) | |
464 if request.method != 'POST': | |
465 return render_template('vulnerability/edit_remediation.j2', | |
466 ordinal=ordinal, index=index, | |
467 type=remediation._type, date=remediation._date, description=remediation._description, entitlement=remediation._entitlement, url=remediation._url, productids=remediation._productids, groupids=remediation._groupids, | |
468 types=remediation.TYPES, groups=get_groups(), now=utcnow()) | |
469 | |
470 remediation._type = request.form['type'] | |
471 remediation._description = request.form['description'] | |
472 date = None | |
473 if request.form['date']: | |
474 date = parseDate(request.form['date']) | |
475 remediation.setDate(date) | |
476 remediation.setEntitlement(request.form['entitlement'] or None) | |
477 remediation.setURL(request.form['url'] or None) | |
478 remediation._productids = [] | |
479 remediation._groupids = [] | |
480 for productid in request.form.getlist('products'): | |
481 remediation.addProductID(productid) | |
482 for groupid in request.form.getlist('groups'): | |
483 remediation.addGroupID(groupid) | |
484 return redirect(url_for('.view', ordinal=ordinal)) | |
485 | |
95
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
486 @vulnerability.route('/<int:ordinal>/remediation/<int:index>/del', methods=['POST']) |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
487 @document_required |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
488 def del_remediation(ordinal, index): |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
489 rems = get_vuln(ordinal)._remediations |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
490 if not ( 0 <= index < len(rems)): |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
491 flash('Remediation not found', 'danger') |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
492 abort(404) |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
493 |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
494 del rems[index] |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
495 return redirect(url_for('.view', ordinal=ordinal)) |
0b64dc3f50eb
Add deletion of Remediations
Benoît Allard <benoit.allard@greenbone.net>
parents:
94
diff
changeset
|
496 |
0 | 497 |
498 @vulnerability.route('/<int:ordinal>/reference/<int:index>/edit', methods=['GET', 'POST']) | |
499 @document_required | |
500 def edit_reference(ordinal, index): | |
501 try: | |
502 reference = get_vuln(ordinal)._references[index] | |
503 except IndexError: | |
504 abort(404) | |
505 if request.method != 'POST': | |
506 return render_template('vulnerability/edit_reference.j2', ordinal=ordinal, _type=reference._type, url=reference._url, description=reference._description, types=('',) + reference.TYPES) | |
507 | |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
508 update_reference_from_request(reference) |
0 | 509 return redirect(url_for('.view', ordinal=ordinal)) |
510 | |
511 @vulnerability.route('/<int:ordinal>/reference/add', methods=['GET', 'POST']) | |
512 @document_required | |
513 def add_reference(ordinal): | |
514 if request.method != 'POST': | |
515 return render_template('vulnerability/edit_reference.j2', action='Add', ordinal=ordinal, types=('',) + CVRFReference.TYPES) | |
516 | |
61
55b72057b066
Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
60
diff
changeset
|
517 ref = create_reference_from_request() |
0 | 518 get_vuln(ordinal).addReference(ref) |
519 return redirect(url_for('.view', ordinal=ordinal)) | |
520 | |
96
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
521 @vulnerability.route('/<int:ordinal>/reference/<int:index>/del', methods=['POST']) |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
522 @document_required |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
523 def del_reference(ordinal, index): |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
524 refs = get_vuln(ordinal)._references |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
525 if not ( 0 <= index < len(refs)): |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
526 flash('Reference not found', 'danger') |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
527 abort(404) |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
528 |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
529 del refs[index] |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
530 return redirect(url_for('.view', ordinal=ordinal)) |
3848faa88cd5
Add deletion of Vulnerability's References
Benoît Allard <benoit.allard@greenbone.net>
parents:
95
diff
changeset
|
531 |
0 | 532 |
533 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>') | |
534 @document_required | |
535 def view_acknowledgment(ordinal, index): | |
536 try: | |
537 ack = get_vuln(ordinal)._acknowledgments[index] | |
538 except IndexError: | |
539 abort(404) | |
64
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
540 return render_template('vulnerability/view_acknowledgment.j2', |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
541 ordinal=ordinal, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
542 acknowledgment=ack, index=index, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
543 action='Update') |
0 | 544 |
545 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>/edit', methods=['GET', 'POST']) | |
546 @document_required | |
547 def edit_acknowledgment(ordinal, index): | |
548 try: | |
549 ack = get_vuln(ordinal)._acknowledgments[index] | |
550 except IndexError: | |
551 abort(404) | |
552 if request.method != 'POST': | |
64
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
553 return render_template('vulnerability/edit_acknowledgment.j2', |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
554 ordinal=ordinal, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
555 names=ack._names, organizations=ack._organizations, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
556 description=ack._description, url=ack._url, |
aad7db3f93b6
Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
557 action='Update') |
0 | 558 |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
559 update_acknowledgment_from_request(ack) |
0 | 560 return redirect(url_for('.view', ordinal=ordinal)) |
561 | |
562 @vulnerability.route('/<int:ordinal>/acknowledgment/add', methods=['GET', 'POST']) | |
563 @document_required | |
564 def add_acknowledgment(ordinal): | |
565 if request.method != 'POST': | |
566 return render_template('vulnerability/edit_acknowledgment.j2', action='Add', ordinal=ordinal) | |
567 | |
60
c6e7175ff28c
Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
59
diff
changeset
|
568 ack = create_acknowledgment_from_request() |
0 | 569 get_vuln(ordinal).addAcknowledgment(ack) |
570 return redirect(url_for('.view', ordinal=ordinal)) | |
97
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
571 |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
572 @vulnerability.route('/<int:ordinal>/acknowledgment/<int:index>/del', methods=['POST']) |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
573 @document_required |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
574 def del_acknowledgment(ordinal, index): |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
575 acks = get_vuln(ordinal)._acknowledgments |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
576 if not( 0 <= index < len(acks)): |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
577 flash('Acknowledgment not found', 'danger') |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
578 abort(404) |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
579 |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
580 del acks[index] |
4ec281e68821
Add deletion of Vulnerability's Acknowledgments
Benoît Allard <benoit.allard@greenbone.net>
parents:
96
diff
changeset
|
581 return redirect(url_for('.view', ordinal=ordinal)) |