Skip to content
This repository has been archived by the owner on Sep 16, 2022. It is now read-only.

Display N/A if no data for Vulnerable Packages and Audit fields. #465

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 6 additions & 9 deletions backend/device_registry/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -105,13 +105,6 @@ class Device(models.Model):
deb_packages_hash = models.CharField(max_length=32, blank=True)
audit_files = JSONField(blank=True, default=list)

# TODO: to improve when we support saving full distro info.
def liable_for_vulnerable_packages_check(self):
if self.deb_packages_hash and self.deb_packages.exists() and \
self.deb_packages.first().os_release_codename in DEBIAN_SUITES:
return True
return False

def sshd_issues(self):
if self.audit_files:
for file_info in self.audit_files:
Expand Down Expand Up @@ -233,7 +226,7 @@ def hostname(self):
def actions_count(self):
return sum((self.deviceinfo.default_password is True,
self.firewallstate.policy != FirewallState.POLICY_ENABLED_BLOCK,
self.vulnerable_packages().exists(),
bool(self.vulnerable_packages and self.vulnerable_packages.exists()),
bool(self.insecure_services),
bool(self.sshd_issues())))

Expand Down Expand Up @@ -309,8 +302,12 @@ def set_meta_tags(self):
if self.deviceinfo.get_hardware_type() == 'Raspberry Pi' and raspberry_pi_tag not in self.tags:
self.tags.add(raspberry_pi_tag)

@property
def vulnerable_packages(self):
return self.deb_packages.filter(vulnerabilities__isnull=False).distinct().order_by('name')
if self.deb_packages_hash and self.deb_packages.exists() and \
self.deb_packages.first().os_release_codename in DEBIAN_SUITES:
# FIXME: should use self.os_release_codename instead of a first deb package
return self.deb_packages.filter(vulnerabilities__isnull=False).distinct().order_by('name')

class Meta:
ordering = ('created',)
Expand Down
36 changes: 21 additions & 15 deletions backend/device_registry/templates/device_info_security.html
Original file line number Diff line number Diff line change
Expand Up @@ -23,22 +23,22 @@ <h4 class="tab-title">Security</h4>
<tr>
<th scope="row">Vulnerable Packages</th>
<td>
{% if object.liable_for_vulnerable_packages_check %}
{% with object.vulnerable_packages as vulnerable_packages %}
{% if vulnerable_packages %}
<ul>
{% for package in vulnerable_packages %}
<li>{{ package.name }} / {{ package.version }}
({% for v in package.vulnerabilities.all %}<a href="https://security-tracker.debian.org/tracker/{{ v.name }}"
target="_blank">{{ v.name }}</a>{% if not forloop.last %}, {% endif %}{% endfor %})
</li>
{% endfor %}
</ul>
{% endif %}
{% endwith %}
{% else %}
{% with object.vulnerable_packages as vulnerable_packages %}
{% if vulnerable_packages is None %}
N/A
{% elif vulnerable_packages.exists %}
<ul>
{% for package in vulnerable_packages %}
<li>{{ package.name }} / {{ package.version }}
({% for v in package.vulnerabilities.all %}<a href="https://security-tracker.debian.org/tracker/{{ v.name }}"
target="_blank">{{ v.name }}</a>{% if not forloop.last %}, {% endif %}{% endfor %})
</li>
{% endfor %}
</ul>
{% else %}
{% include "badge.html" with icon="check" color="success" %}
{% endif %}
{% endwith %}
</td>
</tr>
<tr>
Expand Down Expand Up @@ -81,14 +81,18 @@ <h4 class="tab-title">Security</h4>
</tr>
{% endfor %}
</table>
{% else %}
N/A
{% endif %}
</td>
</tr>
<tr>
<th scope="row">Configuration Audit</th>
<td>
{% with object.sshd_issues as sshd_issues %}
{% if sshd_issues %}
{% if sshd_issues is None %}
a-martynovich marked this conversation as resolved.
Show resolved Hide resolved
N/A
{% elif sshd_issues %}
<h5>OpenSSH</h5>
<ul style="list-style-type:none; padding: 0;">
{% for issue in sshd_issues %}
Expand All @@ -97,6 +101,8 @@ <h5>OpenSSH</h5>
</li>
{% endfor %}
</ul>
{% else %}
{% include "badge.html" with icon="check" color="success" %}
{% endif %}
{% endwith %}
</td>
Expand Down
47 changes: 47 additions & 0 deletions backend/device_registry/tests/test_all.py
Original file line number Diff line number Diff line change
Expand Up @@ -645,6 +645,53 @@ def test_insecure_services(self):
{'name': 'fingerd', 'version': 'VERSION', 'arch': 'i386',
'os_release_codename': 'jessie'}])

def test_vulnerable_packages_render(self):
self.client.login(username='test', password='123')
url = reverse('device-detail-security', kwargs={'pk': self.device.pk})

# No packages - should render N/A
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
self.assertInHTML('''
<th scope="row">
Vulnerable Packages
</th>
<td>
N/A
</td>''', response.rendered_content)

self.device.deb_packages_hash = 'aabbccdd'
self.device.save()
self.device.set_deb_packages([
{'name': 'python2', 'version': 'VERSION', 'source_name': 'python2', 'source_version': 'abcd',
'arch': 'i386'},
{'name': 'python3', 'version': 'VERSION', 'source_name': 'python3', 'source_version': 'abcd',
'arch': 'i386'}
], os_info={'codename': 'stretch'})
# No vulnerable packages - green check mark
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
self.assertInHTML('''
<th scope="row">
Vulnerable Packages
</th>
<td>
<span class="p-1 text-success">
<i class="fas fa-check" ></i>
</span>
</td>
''', response.rendered_content)

v = Vulnerability.objects.create(name='CVE-123', package='python2', is_binary=False, other_versions=[],
urgency=Vulnerability.Urgency.NONE, fix_available=True)
self.device.deb_packages.get(name='python2').vulnerabilities.add(v)

# Has vulnerable packages - should render them
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
self.assertContains(response, 'python2')
self.assertContains(response, 'CVE-123')


class PairingKeysView(TestCase):
def setUp(self):
Expand Down
2 changes: 1 addition & 1 deletion backend/device_registry/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@ def actions_view(request, device_pk=None):
text_blocks = []
for dev in devices_with_vuln_packages:
device_text_block = f'<a href="{reverse("device-detail", kwargs={"pk": dev.pk})}">{dev.get_name()}</a>' \
f'({dev.vulnerable_packages().count()} packages)'
f'({dev.vulnerable_packages.count()} packages)'
text_blocks.append(device_text_block)
full_string = ', '.join(text_blocks)
action = Action(
Expand Down