Skip to content

Commit

Permalink
Merge branch 'dev' into nosey-parker
Browse files Browse the repository at this point in the history
  • Loading branch information
@tpat13
tpat13 committed Feb 27, 2024
2 parents 3206c2c + cd30f42 commit b387b19
Show file tree
Hide file tree
Showing 26 changed files with 210 additions and 32 deletions.
2 changes: 1 addition & 1 deletion dojo/reports/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@ def product_endpoint_report(request, pid):
'verified_findings': verified_findings,
'engagement': None,
'test': None,
'endpoints': endpoints,
'endpoints': endpoints.qs,
'endpoint': None,
'findings': None,
'include_finding_notes': include_finding_notes,
Expand Down
15 changes: 14 additions & 1 deletion dojo/templates/dojo/asciidoc_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,12 +222,13 @@ <h3 id="test_notes">== Test Notes ==</h3>
{% if engagement.risk_acceptance.count %}
<h3 id="risk_acceptance">== ?Risk Accepted Findings ==</h3>
|===<br>
|Name |Date |Severity<br>
|Name |Date |Severity |EPSS Score / Percentile<br>
{% for risk in engagement.risk_acceptance.all %}
{% for finding in risk.accepted_findings.all %}
|{{ finding.title }}<br>
|{{ finding.date }}<br>
|{{ finding.severity }}<br>
|{{ finding.epss_score|format_epss }} / {{ finding.epss_percentile|format_epss }}<br>
{% endfor %}
{% endfor %}
|===<br>
Expand Down Expand Up @@ -279,6 +280,12 @@ <h4>==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat
{{ find.severity }} ({{ find.numerical_severity }})
</span>
</p>
<br>
<p><b>==== EPSS Score / Percentile: ====</b>
<br>
{{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }}
</p>
<br>
<p><b>==== Description / Exploit: ====</b>
<br>
{{ find.description|linebreaksbr }}
Expand Down Expand Up @@ -432,6 +439,12 @@ <h5>==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat
{{ find.severity }} ({{ find.numerical_severity }})
</span>
</p>
<br>
<p><b>==== EPSS Score / Percentile: ====</b>
<br>
{{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }}
</p>
<br>
<p><b>==== Description / Exploit: ====</b>
<br>
{{ find.description|linebreaksbr }}
Expand Down
7 changes: 7 additions & 0 deletions dojo/templates/dojo/custom_asciidoc_report_endpoints.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ <h5>==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat
<br>
{{ find.status }}
</p>
<br>
<p><b>==== CVSSv3: ====</b>
<br>
{{ find.cvssv3|linebreaksbr }}
Expand All @@ -47,6 +48,12 @@ <h5>==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat
{{ find.severity }} ({{ find.numerical_severity }})
</span>
</p>
<br>
<p><b>==== EPSS Score / Percentile: ====</b>
<br>
{{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }}
</p>
<br>
<p><b>==== Description / Exploit: ====</b>
<br>
{{ find.description|linebreaksbr }}
Expand Down
6 changes: 6 additions & 0 deletions dojo/templates/dojo/custom_asciidoc_report_findings.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@ <h4>==== {{ find.title | nice_title }} {% if find.mitigated %}
{{ find.severity }} ({{ find.numerical_severity }})
</span>
</p>
<br>
<p><b>==== EPSS Score / Percentile: ====</b>
<br>
{{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }}
</p>
<br>
<p><b>==== Description / Exploit: ====</b>
<br>
{{ find.description|linebreaksbr }}
Expand Down
6 changes: 6 additions & 0 deletions dojo/templates/dojo/custom_html_report_endpoint_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ <h5>
<table id="heading" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand All @@ -75,6 +76,11 @@ <h5>
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
<td>
Expand Down
4 changes: 4 additions & 0 deletions dojo/templates/dojo/custom_html_report_finding_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ <h5>
<table id="heading" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand Down Expand Up @@ -66,6 +67,9 @@ <h5>
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }} / {{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
<td>
Expand Down
6 changes: 6 additions & 0 deletions dojo/templates/dojo/endpoint_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ <h5>
<table id="notes" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand All @@ -137,6 +138,11 @@ <h5>
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
<td>
Expand Down
14 changes: 14 additions & 0 deletions dojo/templates/dojo/engagement_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,13 +194,21 @@ <h3 id="risk_acceptance">Risk Accepted Findings</h3>
<th style="text-align: center;padding: 4px;vertical-align: top;border: 1px solid #DDDDDD;">
Severity
</th>
<th style="text-align: center;padding: 4px;vertical-align: top;border: 1px solid #DDDDDD;">
EPSS Score / Percentile
</th>
</tr>
{% for risk in engagement.risk_acceptance.all %}
{% for finding in risk.accepted_findings.all %}
<tr>
<td style="padding: 4px;vertical-align: top;border: 1px solid #DDDDDD;">{{ finding.title }}</td>
<td style="padding: 4px;vertical-align: top;border: 1px solid #DDDDDD;">{{ finding.date }}</td>
<td style="padding: 4px;vertical-align: top;border: 1px solid #DDDDDD;">{{ finding.severity }}</td>
<td style="padding: 4px;vertical-align: top;border: 1px solid #DDDDDD;">
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
</tr>
{% endfor %}
{% endfor %}
Expand Down Expand Up @@ -236,6 +244,7 @@ <h5>
<table id="notes" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand All @@ -262,6 +271,11 @@ <h5>
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
<td>
Expand Down
6 changes: 6 additions & 0 deletions dojo/templates/dojo/finding_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ <h5>
<table id="notes" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand All @@ -113,6 +114,11 @@ <h5>
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
<td>
Expand Down
6 changes: 4 additions & 2 deletions dojo/templates/dojo/finding_related_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
{% include "dojo/paging_snippet.html" with page=finding_list prefix=prefix page_size=True %}
</div>
<table id="{{prefix}}_findings_table" class="table table-striped table-hover centered no-bottom-margin">
<tr>
<thead>
<th>Relationship</th>
<th>Severity</th>
<th>Title</th>
Expand All @@ -15,12 +15,14 @@
<th>Product</th>
<th>CWE</th>
<th>Vulnerability Id</th>
<th>EPSS Score</th>
<th>EPSS Percentile</th>
<th>File</th>
{% if system_settings.enable_jira %}
<th>JIRA</th>
{% endif %}
<th>Action</th>
</tr>
</thead>

{% if finding_first_related %}
{% include "dojo/finding_related_row.html" with similar_finding=finding_first_related finding_context=finding %}
Expand Down
2 changes: 2 additions & 0 deletions dojo/templates/dojo/finding_related_row.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@
{% endif %}
</td>
<td>{{ similar_finding.cve }}</td>
<td>{{ similar_finding.epss_score|format_epss }}</td>
<td>{{ similar_finding.epss_percentile|format_epss }}</td>
{% if similar_finding.file_path %}
<td title="{{similar_finding.file_path}}{% if similar_finding.line > 0 %} (Line {{ similar_finding.line }}){% endif %}">
{{ similar_finding.file_path|truncatechars_html:20 }}{% if similar_finding.line > 0 %} (Line {{ similar_finding.line }}){% endif %}
Expand Down
30 changes: 16 additions & 14 deletions dojo/templates/dojo/findings_list_snippet.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
{% load display_tags %}
{% load authorization_tags %}
{% load get_endpoint_status %}
{% load multiply %}
{% load static %}
{% load i18n %}
{% block findings_list %}
Expand Down Expand Up @@ -324,7 +323,10 @@ <h3 class="has-filters">
{% trans "Vulnerability Id" %}
</th>
<th>
{% trans "EPSS Score" %} / {% trans "Percentile" %}
{% trans "EPSS Score" %}
</th>
<th>
{% trans "EPSS Percentile" %}
</th>
<th class="nowrap">
{% if filter_name == 'Closed' %}
Expand Down Expand Up @@ -598,17 +600,10 @@ <h3 class="has-filters">
{% endwith %}
</td>
<td class="nowrap">
{% if finding.epss_score is not None %}
{{ finding.epss_score|multiply:100|floatformat:"2" }}%
{% else %}
N.A.
{% endif %}
/
{% if finding.epss_percentile is not None %}
{{ finding.epss_percentile|multiply:100|floatformat:"2" }}%
{% else %}
N.A.
{% endif %}
{{ finding.epss_score|format_epss }}
</td>
<td class="nowrap">
{{ finding.epss_percentile|format_epss }}
</td>
<td class="nowrap">
{% if filter_name == 'Closed' %}
Expand Down Expand Up @@ -727,6 +722,12 @@ <h3 class="has-filters">
<script type="application/javascript" src="{% static "chosen-js/chosen.jquery.min.js" %}"></script>
<script type="application/javascript">
{% block datatables_columns %}
var percentSort = function(data, type, row, meta) {
if(type === 'sort') {
return (data && data.endsWith("%")) ? parseFloat(data.slice(0, -1)) : -1.00;
}
return data;
}
var datatables_columns = [
{% if not product_tab or product_tab and product_tab.product|has_object_permission:"Finding_Edit" %}
{ "data": "checkbox" },
Expand All @@ -738,7 +739,8 @@ <h3 class="has-filters">
}},
{ "data": "cwe" },
{ "data": "cve" },
{ "data": "epss"},
{ "data": "epss_score", "type": "num", "render": percentSort },
{ "data": "epss_percentile", "type": "num", "render": percentSort },
{ "data": "found_date" },
{ "data": "finding_age" },
{% if system_settings.enable_finding_sla %}
Expand Down
6 changes: 6 additions & 0 deletions dojo/templates/dojo/metrics.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,7 @@ <h3>{% trans "Metric Counts" %}</h3>
<th class="nowrap">{% trans "Team" %}</th>
<th class="">{% trans "Product" %}</th>
<th>{% trans "Severity" %}</th>
<th>{% trans "EPSS Score / Percentile" %}</th>
<th>{% trans "Description" %}</th>
<th class="nowrap">{% trans "Days<br/>Open" %}</th>
<th class="nowrap">{% trans "Status" %}</th>
Expand All @@ -350,6 +351,11 @@ <h3>{% trans "Metric Counts" %}</h3>
</span>
</td>
<td>{{ finding.severity_display }}</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td><a href="{% url 'view_finding' finding.id %}"
title="{{ finding.title }}">{{ finding.title|truncatechars_html:20 }}</a>
</td>
Expand Down
20 changes: 13 additions & 7 deletions dojo/templates/dojo/product_endpoint_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ <h5>
<table id="notes" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand All @@ -177,13 +178,18 @@ <h5>
</tr>
<tr>
<td>
<span class="label severity severity-{{ finding.severity }}">
{% if finding.severity %}
{{ finding.severity }}
{% else %}
Unknown
{% endif %}
</span>
<span class="label severity severity-{{ finding.severity }}">
{% if finding.severity %}
{{ finding.severity }}
{% else %}
Unknown
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
Expand Down
6 changes: 6 additions & 0 deletions dojo/templates/dojo/product_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ <h5>
<table id="notes" class="table-striped table table-condensed table-hover centered">
<tr>
<th>Severity</th>
<th>EPSS Score / Percentile</th>
<th>Status</th>
{% if finding.risk_acceptance_set.all %}
<th>Acceptance</th>
Expand All @@ -242,6 +243,11 @@ <h5>
{% endif %}
</span>
</td>
<td>
{{ finding.epss_score|format_epss }}
/
{{ finding.epss_percentile|format_epss }}
</td>
<td>{{ finding.status }}</td>
{% if finding.risk_acceptance_set.all %}
<td>
Expand Down
Loading

0 comments on commit b387b19

Please sign in to comment.