Skip to content
This repository has been archived by the owner on Sep 17, 2021. It is now read-only.

Commit

Permalink
Fixing issue #844. Optionally removing fixed and justified issues fro…
Browse files Browse the repository at this point in the history
…m email reports. (#845)

* Fixing issue #844. Removing fixed and justified issues from email reports.

* Making a configuration option to have email reports send justified issues.

* Only emailing issues where auditor_settings is not disabled

* Only sending relevant issues to the jinja template.
  • Loading branch information
Patrick Kelley committed Oct 19, 2017
1 parent e261f7c commit 3f28dc7
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 18 deletions.
3 changes: 3 additions & 0 deletions env-config/config-docker.py
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,9 @@ def env_to_bool(input):
# This address gets all change notifications (i.e. 'securityteam@example.com')
SECURITY_TEAM_EMAIL = os.getenv('SECURITY_MONKEY_SECURITY_TEAM_EMAIL', [])

# If you would prefer the email reports to exclude justified issues, set this to False
EMAIL_AUDIT_REPORTS_INCLUDE_JUSTIFIED = True

# These are only required if using SMTP instead of SES
EMAILS_USE_SMTP = env_to_bool(os.getenv('SECURITY_MONKEY_SMTP', True)) # Otherwise, Use SES
SES_REGION = os.getenv('SECURITY_MONKEY_SES_REGION', 'us-east-1')
Expand Down
3 changes: 3 additions & 0 deletions env-config/config-local.py
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@
# This address gets all change notifications (i.e. 'securityteam@example.com')
SECURITY_TEAM_EMAIL = []

# If you would prefer the email reports to exclude justified issues, set this to False
EMAIL_AUDIT_REPORTS_INCLUDE_JUSTIFIED = True

# These are only required if using SMTP instead of SES
EMAILS_USE_SMTP = False # Otherwise, Use SES
SES_REGION = 'us-east-1'
Expand Down
3 changes: 3 additions & 0 deletions env-config/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@
# This address gets all change notifications (i.e. 'securityteam@example.com')
SECURITY_TEAM_EMAIL = []

# If you would prefer the email reports to exclude justified issues, set this to False
EMAIL_AUDIT_REPORTS_INCLUDE_JUSTIFIED = True

# These are only required if using SMTP instead of SES
EMAILS_USE_SMTP = False # Otherwise, Use SES
SES_REGION = 'us-east-1'
Expand Down
30 changes: 15 additions & 15 deletions security_monkey/auditor.py
Original file line number Diff line number Diff line change
Expand Up @@ -714,24 +714,24 @@ def create_report(self):
"""
jenv = get_jinja_env()
template = jenv.get_template('jinja_audit_email.html')
# This template expects a list of items that have been sorted by total score in
# descending order.

for item in self.items:
item.totalscore = 0
item.reportable_issues = list()
item.score = 0
for issue in item.db_item.issues:
item.totalscore = item.totalscore + issue.score
sorted_list = sorted(self.items, key=lambda item: item.totalscore)
sorted_list.reverse()
report_list = []
for item in sorted_list:
if item.totalscore > 0:
report_list.append(item)
else:
break
if len(report_list) > 0:
if issue.fixed or issue.auditor_setting.disabled:
continue
if not app.config.get('EMAIL_AUDIT_REPORTS_INCLUDE_JUSTIFIED', True) and issue.justified:
continue
item.reportable_issues.append(issue)
item.score += issue.score

sorted_list = sorted(self.items, key=lambda item: item.score, reverse=True)
report_list = [item for item in sorted_list if item.score > 0]

if report_list:
return template.render({'items': report_list})
else:
return False
return False

def applies_to_account(self, account):
"""
Expand Down
7 changes: 4 additions & 3 deletions security_monkey/templates/jinja_audit_email.html
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,10 @@
</tr>
{% for item in items %}
<tr>
<td rowspan='{{ item.db_item.issues | count }}'>{{ item.account }} / {{ item.region }} / {{item.index}} / {{item.name }}</td>
<td rowspan='{{ item.db_item.issues | length }}'>{{ item.totalscore }}</td>
{% for issue in item.db_item.issues %}
<td rowspan='{{ item.reportable_issues | count }}'>{{ item.account }} / {{ item.region }} / {{item.index}} / {{item.name }}</td>
<td rowspan='{{ item.reportable_issues | count }}'>Total: {{ item.db_item.score }} Unjustified: {{ item.db_item.unjustified_score }}</td>
{% for issue in item.reportable_issues %}

{% if loop.index > 1 %}
<tr>
{% endif %}
Expand Down

0 comments on commit 3f28dc7

Please sign in to comment.