Class based reports views

[dogboat]

This patch makes some reports-related updates. Primarily it converts the reports builder and custom reports generator endpoints to class-based views. It also adds some new fields to filter findings on, removes some unused variables, and places the reports navbar entry in a template block.

[sc-5731]

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	3 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 finding

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request focus on improving the functionality and security of the report generation
capabilities in the Dojo application. The key changes include:

1. Conversion of function-based views to class-based views for the ReportBuilder and CustomReport
   functionality, which can improve maintainability and extensibility.
2. Removal of potentially sensitive parameters, such as user_id and host, from the report widgets,
   reducing the exposure of sensitive information.
3. Consistent handling of report options, such as finding notes and finding images, across different
   report widgets, promoting a more cohesive and configurable report generation process.
4. Simplification of the report_widget_factory function by directly using the request.user to
   filter the endpoints queryset, reducing the potential for unnecessary data exposure or access
   control issues.
5. Improvements to the report generation views, including the use of appropriate permissions and
   authorization checks, data sanitization, and support for both AsciiDoc and HTML report formats.

While the changes do not introduce any obvious security concerns, it's important to review the
implementation of the report generation functionality to ensure that it follows best practices for
secure coding, data handling, and access control.

Files Changed:

• dojo/reports/urls.py: The changes replace the function-based views for ReportBuilder and
  CustomReport with class-based views, which can improve maintainability and extensibility.
• dojo/reports/widgets.py: The changes remove the user_id and host parameters from the
  FindingList and EndpointList widgets, reducing the potential exposure of sensitive information.
  The code also introduces the ReportOptions widget to consistently handle report options across
  different widgets.
• dojo/reports/views.py: The changes in this file focus on the report generation functionality,
  including the ReportBuilder, CustomReport, generate_report, CSVExportView, and
  ExcelExportView views. The code implements various security-related features, such as
  permissions and authorization checks, data sanitization, and support for both AsciiDoc and
  HTML report formats.
• dojo/templates/base.html: The changes introduce a customizable {% block reports_tab %}
  around the "Reports" tab in the navigation menu, allowing other parts of the application to
  override or modify the content and behavior of this tab.
• dojo/filters.py: This file contains a comprehensive set of filters for various aspects of
  the Dojo application, including Findings, Engagements, Products, Endpoints, and more. The
  filters help ensure that users can effectively search and retrieve data based on their specific
  needs.

Powered by DryRun Security