Skip to content

Commit

Permalink
Merge pull request #82 from gerosecurity/development
Browse files Browse the repository at this point in the history 
Allow Invalid - In Review
  • Loading branch information
@VGR6479
VGR6479 authored May 22, 2024
2 parents 494d35c + 2c4ce05 commit 7435f1d
Show file tree
Hide file tree
Showing 7 changed files with 138 additions and 40 deletions.
3 changes: 3 additions & 0 deletions gerobug_dashboard/dashboards/forms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ class Requestform(forms.Form):
class CompleteRequestform(forms.Form):
completereasons = forms.CharField(widget=forms.Textarea(attrs={"id":"completereasons","name":"completereasons","placeholder":"Write the reason here ..."}),required=True)

class Invalidform(forms.Form):
invalidreasons = forms.CharField(widget=forms.Textarea(attrs={"id":"invalidreasons","name":"invalidreasons","placeholder":"Write the reason here ..."}),required=True)

class RulesGuidelineForm(forms.ModelForm):
class Meta:
model = StaticRules
Expand Down
3 changes: 2 additions & 1 deletion gerobug_dashboard/dashboards/urls.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from django.urls import path
from .views import LogoutForm, ReportFiles, ReportStatusView, ReportUpdateStatus, FormHandler, AdminSetting, OWASPCalculator, CVSSCalculator, ManageRoles, ReviewerDelete, NotificationDelete, RenderDashboardAdmin, ReportDetails, UpdateDetails, AppealDetails, NDADetails, ReportUpdate, ReportDelete
from .views import LogoutForm, ReportFiles, ReportStatusView, ReportUpdateStatus, FormHandler, InvalidHandler, AdminSetting, OWASPCalculator, CVSSCalculator, ManageRoles, ReviewerDelete, NotificationDelete, RenderDashboardAdmin, ReportDetails, UpdateDetails, AppealDetails, NDADetails, ReportUpdate, ReportDelete

urlpatterns = [
path("", RenderDashboardAdmin.as_view(), name="dashboard"),
Expand All @@ -17,6 +17,7 @@

path("report-files/<str:id>", ReportFiles, name="report_files"),
path("form-handling/<str:id>/<str:complete>", FormHandler, name="form_handler"),
path("invalid-handling/<str:id>", InvalidHandler, name="invalid_handler"),
path("review-delete/<str:id>", ReviewerDelete,name="reviewer_handler"),
path("notification-delete/<str:service>", NotificationDelete,name="notification_handler"),

Expand Down
68 changes: 48 additions & 20 deletions gerobug_dashboard/dashboards/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
from django.middleware.csrf import get_token
from prerequisites.models import MailBox, Webhook
from .models import BugHunter, BugReport, BugReportUpdate, BugReportAppeal, BugReportNDA, ReportStatus, StaticRules, BlacklistRule, CertificateData, Personalization
from .forms import Requestform, RulesGuidelineForm, CompleteRequestform, MailboxForm, AccountForm, ReviewerForm, WebhookForm, BlacklistForm, TemplateReportForm, TemplateNDAForm, TemplateCertForm, CertDataForm, PersonalizationForm, CompanyIdentityForm
from .forms import Requestform, RulesGuidelineForm, CompleteRequestform, MailboxForm, AccountForm, ReviewerForm, WebhookForm, BlacklistForm, TemplateReportForm, TemplateNDAForm, TemplateCertForm, CertDataForm, PersonalizationForm, CompanyIdentityForm, Invalidform
from sys import platform
from geromail import geromailer, gerofilter, geroparser, gerocalculator
from gerobug.settings import MEDIA_ROOT, BASE_DIR
Expand Down Expand Up @@ -68,6 +68,7 @@ def get_context_data(self, **kwargs):
context = super(ReportDetails, self).get_context_data(**kwargs)
context['reportstatus'] = ReportStatus.objects.filter(status_id=BugReport.objects.get(report_id=self.kwargs.get('pk')).report_status)[0].status_name
context['requestform'] = Requestform()
context['invalidform'] = Invalidform()
context['completeform'] = CompleteRequestform()
return context

Expand Down Expand Up @@ -214,23 +215,7 @@ def FormHandler(request, id, complete):
if form.is_valid():
reasons = form.cleaned_data.get('reasons')
code = 0
if status == "Need to Review" and complete == "0":
# MARK AS INVALID
report.report_status = 0
report.save()

logging.getLogger("Gerologger").info("REPORT "+str(id)+" STATUS UPDATED (INVALID) BY "+str(request.user.username))

def trigger_geromailer(report):
payload = [report.report_id, report.report_title, report.report_status, reasons, report.report_severity]
destination = report.hunter_email
geromailer.notify(destination, payload) # TRIGGER GEROMAILER TO SEND UPDATE NOTIFICATION

# SEND NOTIFICATION AND REASON WITH THREADING
trigger = threading.Thread(target=trigger_geromailer, args=(report,))
trigger.start()

elif (status == "In Review" or status == "Fixing" or status == "Fixing (Retest)") and complete == "0":
if (status == "In Review" or status == "Fixing" or status == "Fixing (Retest)") and complete == "0":
code = 701 #REQUEST AMEND
logging.getLogger("Gerologger").info("REPORT "+str(id)+" REQUESTED AMEND BY "+str(request.user.username))

Expand All @@ -256,12 +241,55 @@ def trigger_company_action(report):
trigger.start()

return redirect('dashboard')
else:
messages.error(request,"Form invalid. Please report to the Admin for checking the logs.")
logging.getLogger("Gerologger").error("Form invalid: "+str(request))

return redirect('dashboard')

else:
messages.error(request,"Something's wrong with form handler. Please report to the Admin for checking the logs.")
logging.getLogger("Gerologger").error("Something's wrong with form handler: "+str(request))
return redirect('dashboard')


@login_required
def InvalidHandler(request, id):
if gerofilter.validate_id(id):
report = BugReport.objects.get(report_id=id)
status = ReportStatus.objects.get(status_id=report.report_status)
status = status.status_name

if request.method == "POST":
form = Invalidform(request.POST)
if form.is_valid():
reasons = form.cleaned_data.get('reasons')

# MARK AS INVALID
report.report_status = 0
report.save()

logging.getLogger("Gerologger").info("REPORT "+str(id)+" MARKED AS INVALID BY "+str(request.user.username))

def trigger_geromailer(report):
payload = [report.report_id, report.report_title, report.report_status, reasons, report.report_severity]
destination = report.hunter_email
geromailer.notify(destination, payload) # TRIGGER GEROMAILER TO SEND UPDATE NOTIFICATION

# SEND NOTIFICATION AND REASON WITH THREADING
trigger = threading.Thread(target=trigger_geromailer, args=(report,))
trigger.start()

messages.success(request,"Email is successfully being processed and sent to the bug hunter with your reason.")
else:
messages.error(request,"Form invalid. Please report to the Admin for checking the logs.")
logging.getLogger("Gerologger").error("Form invalid: "+str(request))

return redirect('dashboard')

else:
messages.error(request,"Something's wrong. Please report to the Admin for checking the logs.")
logging.getLogger("Gerologger").error(str(request))
messages.error(request,"Something's wrong with invalid handler. Please report to the Admin for checking the logs.")
logging.getLogger("Gerologger").error("Something's wrong with invalid handler: "+str(request))
return redirect('dashboard')


Expand Down
6 changes: 3 additions & 3 deletions gerobug_dashboard/geromail/gerofilter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,22 +159,22 @@ def parse_body(body):
summary = ''

try:
type = re.search('(TYPE=|TYPE =|TYPE)((.|\n)*)(ENDPOINT=|ENDPOINT =|ENDPOINT)', body)
type = re.search('(TYPE=|TYPE =|TYPE)((.|\n)*)(ENDPOINT=|ENDPOINT =|ENDPOINT)', body.replace('*', ''))
if type != None:
type = type.group(2)
type = str(type.replace("\n",""))
else:
type = ''

endpoint = re.search('(ENDPOINT=|ENDPOINT =|ENDPOINT)((.|\n)*)(SUMMARY=|SUMMARY =|SUMMARY)', body)
endpoint = re.search('(ENDPOINT=|ENDPOINT =|ENDPOINT)((.|\n)*)(SUMMARY=|SUMMARY =|SUMMARY)', body.replace('*', ''))
if endpoint != None:
endpoint = endpoint.group(2)
endpoint = re.sub(r"<.*>", "", str(endpoint))
endpoint = str(endpoint.replace("\n",""))
else:
endpoint = ''

summary = re.search('(SUMMARY=|SUMMARY =|SUMMARY)(.*)', body.replace('\n', ' '))
summary = re.search('(SUMMARY=|SUMMARY =|SUMMARY)(.*)', body.replace('\n', ' ').replace('*', ''))
if summary != None:
summary = summary.group(2)
else:
Expand Down
12 changes: 12 additions & 0 deletions gerobug_dashboard/static/css/reportDetail.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,18 @@ label {
padding-right: 10px;
}

.delete-btn{
background-color: red;
border-width: 0;
color: #f9f3f3;
border-radius: 20px;
margin: 28px;
height: 42px;
min-width: 150px;
padding-left: 10px;
padding-right: 10px;
}

.update-btn{
background-color: var(--button-1);
border-width: 0;
Expand Down
81 changes: 65 additions & 16 deletions gerobug_dashboard/templates/dashboard_varieties/detail_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,28 @@
</head>

<body>
<script>
$(document).ready(function () {
$("#invalid-button").click(function () {
var patched = "{% url 'invalid_handler' 0 %}".replace('0', "{{object.pk}}");
$.ajax({
type: 'POST',
url: patched,
data: {
csrfmiddlewaretoken: '{{ csrf_token }}',
invalidreasons: $("#invalidreasons").val(),
},
success: function (data) {
console.log(data)
},
error: function (error) {
console.log(error)
},
});

});
});
</script>
<script>
$(document).ready(function () {
$("#reasons-button").click(function () {
Expand Down Expand Up @@ -289,28 +311,55 @@ <h1 class="modal-title fs-5" id="staticBackdropLabel">Important!</h1>
</div>

<div id="report-download">
<!-- INVALID BUTTON -->
{% if reportstatus == 'Need to Review' or reportstatus == 'In Review'%}
<button class="delete-btn" data-bs-toggle="modal" type="button" data-bs-target="#invalid_button">Mark as Invalid</button>
{% endif %}

<!-- INVALID BUTTON MODAL -->
<div class="modal fade" id="invalid_button" data-bs-backdrop="static"
data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel"
aria-hidden="true">
{% if reportstatus != 'Not Valid' %}
<div class="modal-dialog modal-dialog-centered">
<div class="modal-content">
<div class="modal-header">
<h1 class="modal-title fs-5" id="staticBackdropLabel">Mark as Invalid</h1>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<form method="POST" action="{% url 'invalid_handler' object.pk %}">
{% csrf_token %}
{{ invalidform.invalidreasons }}
</form>
</div>
<div class="modal-footer">
<button type="button" id="invalid-button" class="ok-btn" data-bs-dismiss="modal">OK</button>
<button type="button" class="cancel-btn" data-bs-dismiss="modal">CANCEL</button>
</div>
</div>
</div>
{% endif %}
</div>

<!-- REQUEST BUTTON -->
{% if reportstatus == 'Need to Review' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropLeft">Mark as Invalid</button>
{% elif reportstatus == 'In Review' or reportstatus == 'Fixing' or reportstatus == 'Fixing (Retest)' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropLeft">Request Amend</button>
{% if reportstatus == 'In Review' or reportstatus == 'Fixing' or reportstatus == 'Fixing (Retest)' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#request_button">Request Amend</button>
{% elif reportstatus == 'Bounty Calculation' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropLeft">Send Calculations</button>
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#request_button">Send Calculations</button>
{% elif reportstatus == 'Bounty in Process' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropLeft">Request NDA</button>
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#request_button">Request NDA</button>
{% endif %}

<!-- REQUEST BUTTON MODAL -->
<div class="modal fade" id="staticBackdropLeft" data-bs-backdrop="static"
<div class="modal fade" id="request_button" data-bs-backdrop="static"
data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel"
aria-hidden="true">
{% if reportstatus != 'Not Valid' %}
<div class="modal-dialog modal-dialog-centered">
<div class="modal-content">
<div class="modal-header">
{% if reportstatus == 'Need to Review' %}
<h1 class="modal-title fs-5" id="staticBackdropLabel">Mark as Invalid</h1>
{% elif reportstatus == 'In Review' or reportstatus == 'Fixing' or reportstatus == 'Fixing (Retest)' %}
{% if reportstatus == 'In Review' or reportstatus == 'Fixing' or reportstatus == 'Fixing (Retest)' %}
<h1 class="modal-title fs-5" id="staticBackdropLabel">Request Amend</h1>
{% elif reportstatus == 'Bounty Calculation' %}
<h1 class="modal-title fs-5" id="staticBackdropLabel">Send Calculations</h1>
Expand All @@ -336,8 +385,8 @@ <h1 class="modal-title fs-5" id="staticBackdropLabel">Request NDA</h1>

<!-- COMPLETE BUTTON -->
{% if reportstatus == 'Bounty in Process' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropRight">Complete</button>
<div class="modal fade" id="staticBackdropRight" data-bs-backdrop="static"
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#close_button">Complete</button>
<div class="modal fade" id="close_button" data-bs-backdrop="static"
data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel"
aria-hidden="true">
<div class="modal-dialog modal-dialog-centered">
Expand All @@ -361,8 +410,8 @@ <h1 class="modal-title fs-5" id="staticBackdropLabel">Complete</h1>
</div>

{% elif reportstatus == 'Not Valid' %}
<button class="amend-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropRight">Delete</button>
<div class="modal fade" id="staticBackdropRight" data-bs-backdrop="static"
<button class="delete-btn" data-bs-toggle="modal" type="button" data-bs-target="#close_button">Delete</button>
<div class="modal fade" id="close_button" data-bs-backdrop="static"
data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel"
aria-hidden="true">
<div class="modal-dialog modal-dialog-centered">
Expand All @@ -386,8 +435,8 @@ <h1 class="modal-title fs-5" id="staticBackdropLabel">Not Valid</h1>

<!-- MOVE BUTTON -->
{% elif reportstatus == 'Need to Review' or reportstatus == 'In Review' or reportstatus == 'Fixing' or reportstatus == 'Fixing (Retest)' %}
<button class="update-btn" data-bs-toggle="modal" type="button" data-bs-target="#staticBackdropRight">Move</button>
<div class="modal fade" id="staticBackdropRight" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true">
<button class="update-btn" data-bs-toggle="modal" type="button" data-bs-target="#move_button">Move</button>
<div class="modal fade" id="move_button" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true">
<div class="modal-dialog modal-dialog-centered">
<div class="modal-content">
<div class="modal-header">
Expand Down
5 changes: 5 additions & 0 deletions update.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,11 @@ echo "BACKUP CURRENT FILES"
echo "=========================="
GEROBUG_DASHBOARD=$(docker container ls | grep 'gerobug_dashboard' | awk '{print $1}')

if [[ $GEROBUG_DASHBOARD == "" ]]; then
echo "No running Gerobug container found, use run.sh instead."
exit 1
fi

rm gerobug_web/static/logo.png
rm gerobug_dashboard/static/logo.png
rm -rf gerobug_dashboard/static/templates
Expand Down

0 comments on commit 7435f1d

Please sign in to comment.