diff --git a/dojo/engagement/urls.py b/dojo/engagement/urls.py index cbe672736d..7f127433ef 100644 --- a/dojo/engagement/urls.py +++ b/dojo/engagement/urls.py @@ -23,7 +23,7 @@ re_path(r'^engagement/(?P\d+)/add_tests$', views.add_tests, name='add_tests'), re_path(r'^engagement/(?P\d+)/import_scan_results$', - views.import_scan_results, name='import_scan_results'), + views.ImportScanResultsView.as_view(), name='import_scan_results'), re_path(r'^engagement/(?P\d+)/close$', views.close_eng, name='close_engagement'), re_path(r'^engagement/(?P\d+)/reopen$', views.reopen_eng, diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index e4d56c4414..635248f0f2 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -1,6 +1,7 @@ import logging import csv import re +from django.views import View from openpyxl import Workbook from openpyxl.styles import Font from tempfile import NamedTemporaryFile @@ -573,31 +574,77 @@ def add_tests(request, eid): }) -# Cant use the easy decorator because of the potential for either eid/pid being used -def import_scan_results(request, eid=None, pid=None): - environment = Development_Environment.objects.filter(name='Development').first() # If 'Development' was removed, None is used - engagement = None - form = ImportScanForm(initial={'environment': environment}) - cred_form = CredMappingForm() - finding_count = 0 - jform = None - user = request.user - - if eid: - engagement = get_object_or_404(Engagement, id=eid) - engagement_or_product = engagement - cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') - elif pid: - product = get_object_or_404(Product, id=pid) - engagement_or_product = product - else: - raise Exception('Either Engagement or Product has to be provided') +class ImportScanResultsView(View): + def get(self, request, eid=None, pid=None): + environment = Development_Environment.objects.filter(name='Development').first() + engagement = None + form = ImportScanForm(initial={'environment': environment}) + cred_form = CredMappingForm() + jform = None + user = request.user + + if eid: + engagement = get_object_or_404(Engagement, id=eid) + engagement_or_product = engagement + cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') + elif pid: + product = get_object_or_404(Product, id=pid) + engagement_or_product = product + else: + raise Exception('Either Engagement or Product has to be provided') + + user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) + + push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) + custom_breadcrumb = None + title = "Import Scan Results" + if engagement: + product_tab = Product_Tab(engagement.product, title=title, tab="engagements") + product_tab.setEngagement(engagement) + else: + custom_breadcrumb = {"", ""} + product_tab = Product_Tab(product, title=title, tab="findings") + + if jira_helper.get_jira_project(engagement_or_product): + jform = JIRAImportScanForm(push_all=push_all_jira_issues, prefix='jiraform') + + form.fields['endpoints'].queryset = Endpoint.objects.filter(product__id=product_tab.product.id) + form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id) + + return render(request, + 'dojo/import_scan_results.html', + {'form': form, + 'product_tab': product_tab, + 'engagement_or_product': engagement_or_product, + 'custom_breadcrumb': custom_breadcrumb, + 'title': title, + 'cred_form': cred_form, + 'jform': jform, + 'scan_types': get_scan_types_sorted(), + }) - user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) + def post(self, request, eid=None, pid=None): + environment = Development_Environment.objects.filter(name='Development').first() # If 'Development' was removed, None is used + engagement = None + form = ImportScanForm(initial={'environment': environment}) + cred_form = CredMappingForm() + finding_count = 0 + jform = None + user = request.user + + if eid: + engagement = get_object_or_404(Engagement, id=eid) + engagement_or_product = engagement + cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') + elif pid: + product = get_object_or_404(Product, id=pid) + engagement_or_product = product + else: + raise Exception('Either Engagement or Product has to be provided') - push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) + user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) - if request.method == "POST": + push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) form = ImportScanForm(request.POST, request.FILES) cred_form = CredMappingForm(request.POST) cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter( @@ -722,32 +769,7 @@ def import_scan_results(request, eid=None, pid=None): return HttpResponseRedirect( reverse('view_test', args=(test.id, ))) - prod_id = None - custom_breadcrumb = None - title = "Import Scan Results" - if engagement: - product_tab = Product_Tab(engagement.product, title=title, tab="engagements") - product_tab.setEngagement(engagement) - else: - custom_breadcrumb = {"", ""} - product_tab = Product_Tab(product, title=title, tab="findings") - - if jira_helper.get_jira_project(engagement_or_product): - jform = JIRAImportScanForm(push_all=push_all_jira_issues, prefix='jiraform') - - form.fields['endpoints'].queryset = Endpoint.objects.filter(product__id=product_tab.product.id) - form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id) - return render(request, - 'dojo/import_scan_results.html', - {'form': form, - 'product_tab': product_tab, - 'engagement_or_product': engagement_or_product, - 'custom_breadcrumb': custom_breadcrumb, - 'title': title, - 'cred_form': cred_form, - 'jform': jform, - 'scan_types': get_scan_types_sorted(), - }) + return HttpResponseRedirect(reverse('view_test', args=(test.id, ))) @user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') diff --git a/dojo/product/urls.py b/dojo/product/urls.py index cfee2111cc..263d87b66f 100644 --- a/dojo/product/urls.py +++ b/dojo/product/urls.py @@ -1,6 +1,7 @@ from django.urls import re_path from dojo.product import views +from dojo.engagement import views as dojo_engagement_views urlpatterns = [ # product @@ -12,7 +13,7 @@ re_path(r'^product/(?P\d+)/engagements$', views.view_engagements, name='view_engagements'), re_path(r'^product/(?P\d+)/import_scan_results$', - views.import_scan_results_prod, name='import_scan_results_prod'), + dojo_engagement_views.ImportScanResultsView.as_view(), name='import_scan_results_prod'), re_path(r'^product/(?P\d+)/metrics$', views.view_product_metrics, name='view_product_metrics'), re_path(r'^product/(?P\d+)/async_burndown_metrics$', views.async_burndown_metrics,