feat(cross): #1633 historic treatment (7913964c) · Commits · Fluid Attacks / product-old

django-apps/integrates-back/backend/api/dataloaders/finding.py

+1 −7

Original line number	Diff line number	Diff line
		@@ -13,10 +13,6 @@ def _batch_load_fn(finding_ids):

		for finding in finding_domain.get_findings(finding_ids):
		findings[finding['findingId']] = Finding(
		acceptance_date=finding.get('acceptanceDate', ''),
		acceptation_approval=finding.get('acceptationApproval', ''),
		acceptation_justification=finding.get('acceptationJustification', ''),
		acceptation_user=finding.get('acceptationUser', ''),
		actor=finding.get('actor', ''),
		affected_systems=finding.get('affectedSystems', ''),
		age=finding.get('age', 0),
		@@ -46,11 +42,9 @@ def _batch_load_fn(finding_ids):
		severity_score=finding.get('severityCvss', 0.0),
		threat=finding.get('threat', ''),
		title=finding.get('finding', ''),
		treatment=finding.get('treatment', ''),
		treatment_justification=finding.get(
		'treatmentJustification', ''),
		type=finding.get('findingType', ''),
		historic_state=finding.get('historicState', []),
		historic_treatment=finding.get('historicTreatment', []),
		current_state=finding.get(
		'historicState', [{}])[-1].get('state', '')
		)

django-apps/integrates-back/backend/domain/finding.py

+43 −18

Original line number	Diff line number	Diff line
		@@ -276,17 +276,18 @@ def send_remediation_email(user_email, finding_id, finding_name,


		def handle_acceptation(finding_id, observations, user_mail, response):
		new_state = {
		'acceptance_status': response,
		'treatment': 'ACCEPTED_UNDEFINED',
		'justification': observations,
		'user': user_mail,
		}
		historic_treatment = [new_state]
		if response == 'REJECTED':
		tzn = pytz.timezone(settings.TIME_ZONE)
		today = datetime.now(tz=tzn).today().strftime('%Y-%m-%d %H:%M:%S')
		return (
		finding_dal.update(finding_id, {
		'acceptation_approval': response,
		'treatment': 'ACCEPTED' if response == 'APPROVED' else 'NEW',
		'observations': observations,
		'acceptance_date': today if response == 'APPROVED' else '-',
		'acceptation_justification': observations,
		'acceptation_user': user_mail})
		)
		historic_treatment.append({'treatment': 'NEW', 'date': today})
		return finding_dal.update(finding_id, {'historic_treatment': historic_treatment})


		def request_verification(finding_id, user_email, user_fullname, justification):
		@@ -385,22 +386,46 @@ def update_treatment_in_vuln(finding_id, updated_values):
		return True


		def update_treatment(finding_id, updated_values):
		def update_treatment(finding_id, updated_values, user_mail):
		valid_update_values = util.update_treatment_values(updated_values)
		return validate_update_treatment(finding_id, valid_update_values)
		return validate_update_treatment(finding_id, valid_update_values, user_mail)


		def validate_update_treatment(finding_id, updated_values):
		def validate_update_treatment(finding_id, updated_values, user_mail):
		new_treatment = updated_values['treatment']
		new_state = {
		'user': user_mail,
		'treatment': new_treatment
		}
		if new_treatment != 'NEW':
		new_state['justification'] = updated_values['justification']
		if new_treatment != 'ACCEPTED_UNDEFINED':
		tzn = pytz.timezone(settings.TIME_ZONE)
		today = datetime.now(tz=tzn).today().strftime('%Y-%m-%d %H:%M:%S')
		new_state['date'] = today
		if new_treatment == 'ACCEPTED':
		new_state['acceptance_date'] = updated_values['acceptance_date']
		else:
		new_state['acceptance_status'] = updated_values['acceptance_status']
		if get_finding(finding_id).get('historicTreatment'):
		historic_treatment = get_finding(finding_id).get('historicTreatment')
		historic_treatment.append(new_state)
		else:
		historic_treatment = [new_state]
		new_state = {
		'external_bts': updated_values['external_bts'],
		'historic_treatment': historic_treatment
		}
		result_update_finding = integrates_dal.update_mult_attrs_dynamo(
		'FI_findings',
		{'finding_id': finding_id},
		updated_values
		new_state
		)
		result_update_vuln = update_treatment_in_vuln(finding_id, updated_values)
		result_update_vuln = update_treatment_in_vuln(finding_id, new_state)
		if result_update_finding and result_update_vuln:
		if updated_values['treatment'] == 'ACCEPTED':
		send_accepted_email(finding_id,
		updated_values.get('treatment_justification'))
		updated_values.get('justification'))
		if updated_values['treatment'] == 'ACCEPTED_UNDEFINED':
		send_accepted_email(finding_id,
		'Treatment state approval is pending for finding '
		@@ -892,7 +917,7 @@ def mask_finding(finding_id):
		attrs_to_mask = [
		'affected_systems', 'attack_vector_desc', 'effect_solution',
		'related_findings', 'risk', 'threat', 'treatment',
		'treatment_justification', 'treatment_manager', 'vulnerability'
		'treatment_manager', 'vulnerability'
		]
		finding_result = finding_dal.update(finding_id, {
		attr: 'Masked' for attr in attrs_to_mask

django-apps/integrates-back/backend/entity/finding.py

+7 −36

Original line number	Diff line number	Diff line
		@@ -30,10 +30,6 @@ from backend.dal import integrates_dal
		class Finding(ObjectType): # noqa pylint: disable=too-many-instance-attributes
		"""Finding Class."""

		acceptance_date = String()
		acceptation_approval = String()
		acceptation_justification = String()
		acceptation_user = String()
		actor = String()
		affected_systems = String()
		age = Int()
		@@ -68,11 +64,10 @@ class Finding(ObjectType): # noqa pylint: disable=too-many-instance-attributes
		severity_score = Float()
		state = String()
		historic_state = List(GenericScalar)
		historic_treatment = List(GenericScalar)
		threat = String()
		title = String()
		tracking = List(GenericScalar)
		treatment = String()
		treatment_justification = String()
		type = String()
		vulnerabilities = List(Vulnerability, vuln_type=String(), state=String(),
		approval_status=String())
		@@ -291,17 +286,6 @@ class Finding(ObjectType): # noqa pylint: disable=too-many-instance-attributes
		del info
		return self.bts_url

		@get_entity_cache
		def resolve_treatment(self, info):
		""" Resolve treatment attribute """
		del info
		return self.treatment

		def resolve_treatment_justification(self, info):
		""" Resolve treatment_justification attribute """
		del info
		return self.treatment_justification

		def resolve_risk(self, info):
		""" Resolve risk attribute """
		del info
		@@ -363,22 +347,9 @@ class Finding(ObjectType): # noqa pylint: disable=too-many-instance-attributes
		del info
		return self.analyst

		def resolve_acceptance_date(self, info):
		""" Resolve acceptance_date attribute """
		def resolve_historic_treatment(self, info):
		del info
		return self.acceptance_date

		def resolve_acceptation_approval(self, info):
		del info
		return self.acceptation_approval

		def resolve_acceptation_user(self, info):
		del info
		return self.acceptation_user

		def resolve_acceptation_justification(self, info):
		del info
		return self.acceptation_justification
		return self.historic_treatment

		def resolve_current_state(self, info):
		"""Resolve vulnerabilities attribute."""
		@@ -726,8 +697,8 @@ class UpdateTreatment(Mutation):
		bts_url = String()
		finding_id = String(required=True)
		treatment = String(required=True)
		treatment_justification = String(required=True)
		acceptation_approval = String()
		justification = String(required=True)
		acceptance_status = String()
		success = Boolean()
		finding = Field(Finding)

		@@ -736,8 +707,8 @@ class UpdateTreatment(Mutation):
		@require_finding_access
		def mutate(self, info, finding_id, **parameters):
		project_name = finding_domain.get_finding(finding_id)['projectName']
		success = finding_domain.update_treatment(finding_id,
		parameters)
		user_mail = util.get_jwt_content(info.context)['user_email']
		success = finding_domain.update_treatment(finding_id, parameters, user_mail)
		if success:
		util.invalidate_cache(finding_id)
		util.invalidate_cache(project_name)

django-apps/integrates-back/backend/scheduler.py

+2 −2

Original line number	Diff line number	Diff line
		@@ -514,5 +514,5 @@ def reset_expired_accepted_findings():
		finding_id = finding.get('findingId')
		date = finding.get('acceptanceDate', today)
		if date < today:
		treatment = {'treatment': 'NEW'}
		finding_domain.update_treatment(finding_id, treatment)
		updated_values = {'treatment': 'NEW', 'bts_url': 'test'}
		finding_domain.update_treatment(finding_id, updated_values, '')

django-apps/integrates-back/backend/util.py

+1 −1

Original line number	Diff line number	Diff line
		@@ -451,7 +451,7 @@ def update_treatment_values(updated_values):
		or updated_values.get('acceptance_date') > date.strftime('%Y-%m-%d %H:%M:%S'):
		raise InvalidDate()
		if updated_values['treatment'] == 'ACCEPTED_UNDEFINED':
		updated_values['acceptation_approval'] = 'PENDING'
		updated_values['acceptation_approval'] = 'SUBMITTED'
		today = datetime.now()
		days = [
		today + timedelta(x + 1) for x in range((today + timedelta(days=5) - today).days)]