Skip to content

Commit 8034a76

Browse files
dogboatdogboat
committed
fix the way bulk update endpoints in finding view works when v3 is enabled
1 parent db8b6c6 commit 8034a76

3 files changed

Lines changed: 74 additions & 62 deletions

File tree

dojo/templates/dojo/snippets/endpoints.html

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ <h6> Location </h6>
147147
<div class="col-md-12">
148148
<div class="panel panel-default table-responsive">
149149
<div class="panel-heading">
150-
<h4>Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }}) </h4>
150+
<h4>Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})
151151
<span class="pull-right"><a data-toggle="collapse" href="#vuln_endpoints"><i
152152
class="glyphicon glyphicon-chevron-up"></i></a></span>
153153
</h4>
@@ -255,7 +255,7 @@ <h4>Mitigated Endpoints / Systems ({{ finding.mitigated_endpoint_count }})
255255
<a data-toggle="tooltip" data-placement="top" data-original-title="{{ endpoint.location }}" title="{{ endpoint.location }}" href="{% url 'view_endpoint' endpoint.object_id %}">{{ endpoint.location|url_shortener }}{% if endpoint.is_broken %} <span data-toggle="tooltip" title="Endpoint is broken. Check documentation to look for fix process" >&#128681;</span>{% endif %}</a>
256256
{% include "dojo/snippets/tags.html" with tags=endpoint.location.tags.all %}
257257
</td>
258-
<td>{{ endpoint.status }}</td>
258+
<td>{{ endpoint.get_status_display }}</td>
259259
<td>{{ endpoint.auditor|safe }}</td>
260260
<td>{{ endpoint.audit_time|date }}</td>
261261
{% else %}

dojo/templates/dojo/view_finding.html

Lines changed: 66 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -758,48 +758,6 @@ <h4 class="has-filters">Similar Findings ({{ similar_findings.paginator.count }}
758758
<input type="hidden" name="return_url" value="{{ request.get_full_path }}" />
759759
</form>
760760

761-
<div class="hidden" style="padding-bottom: 5px;" id="bulk_edit_menu">
762-
<div class="btn-toolbar" role="toolbar" aria-label="Toolbar with button groups">
763-
<div class="btn-group mr-2" role="group" aria-label="Second group">
764-
<button class="btn btn-sm btn-primary dropdown-toggle" type="button" id="dropdownMenu2"
765-
data-toggle="dropdown" aria-haspopup="true" aria-expanded="true" aria-label="Bulk Edit">
766-
Bulk Edit
767-
<span class="caret"></span>
768-
</button>
769-
<ul class="dropdown-menu" aria-labelledby="dropdownMenu1" id="bulk_edit">
770-
<li style="padding-left: 8px;">
771-
<form action="{% url 'endpoints_status_bulk' finding.id %}" method="post" id="bulk_change_form">
772-
{% csrf_token %}
773-
<input type="hidden" name="return_url" value="{{ request.get_full_path }}" />
774-
<label style="font-size: 80%; font-weight: normal; display: block">
775-
<input id="id_bulk_active" label="active "name="active" type="checkbox"/>
776-
<span>Active</span>
777-
</label>
778-
<label style="font-size: 80%; font-weight: normal; display: block">
779-
<input id="id_bulk_false_p" label="false_positive" name="false_positive" type="checkbox"/>
780-
<span>False Positive</span>
781-
</label>
782-
<label style="font-size: 80%; font-weight: normal; display: block">
783-
<input id="id_bulk_out_of_scope" label="out_of_scope" name="out_of_scope" type="checkbox"/>
784-
<span>Out of scope</span>
785-
</label>
786-
<label style="font-size: 80%; font-weight: normal; display: block">
787-
<input id="id_bulk_mitigated" label="mitigated" name="mitigated" type="checkbox"/>
788-
<span>Mitigated</span>
789-
</label>
790-
<label style="font-size: 80%; font-weight: normal; display: block">
791-
<input id="id_bulk_risk_accepted" label="risk_accepted" name="risk_accepted" type="checkbox"/>
792-
<span>Risk Accepted</span>
793-
</label>
794-
<br/>
795-
<input type="submit" class="btn btn-sm btn-primary" label="Submit" name="Submit" value="Submit"/>
796-
</form>
797-
</li>
798-
</ul>
799-
</div>
800-
</div>
801-
</div>
802-
803761
<!--Import History begin -->
804762
{% if 'TRACK_IMPORT_HISTORY'|setting_enabled and latest_test_import_finding_action %}
805763
<div class="panel panel-default collapse in">
@@ -907,6 +865,72 @@ <h4 class="has-filters">
907865
{% endif %}
908866
<!--Import activity end -->
909867

868+
<div class="hidden" style="padding-bottom: 5px;" id="bulk_edit_menu">
869+
<div class="btn-toolbar" role="toolbar" aria-label="Toolbar with button groups">
870+
<div class="btn-group mr-2" role="group" aria-label="Second group">
871+
<button class="btn btn-sm btn-primary dropdown-toggle" type="button" id="dropdownMenu2"
872+
data-toggle="dropdown" aria-haspopup="true" aria-expanded="true" aria-label="Bulk Edit">
873+
Bulk Edit
874+
<span class="caret"></span>
875+
</button>
876+
<ul class="dropdown-menu" aria-labelledby="dropdownMenu1" id="bulk_edit">
877+
<li style="padding-left: 8px;">
878+
<form action="{% url 'endpoints_status_bulk' finding.id %}" method="post" id="bulk_change_form">
879+
{% csrf_token %}
880+
<input type="hidden" name="return_url" value="{{ request.get_full_path }}" />
881+
{% if V3_FEATURE_LOCATIONS %}
882+
<label style="font-size: 80%; font-weight: normal; display: block">
883+
<input id="id_bulk_active_location" name="bulk_status" type="radio" value="Active"/>
884+
<span>Active</span>
885+
</label>
886+
<label style="font-size: 80%; font-weight: normal; display: block">
887+
<input id="id_bulk_false_p_location" name="bulk_status" type="radio" value="FalsePositive"/>
888+
<span>False Positive</span>
889+
</label>
890+
<label style="font-size: 80%; font-weight: normal; display: block">
891+
<input id="id_bulk_out_of_scope_location" name="bulk_status" type="radio" value="OutOfScope"/>
892+
<span>Out of scope</span>
893+
</label>
894+
<label style="font-size: 80%; font-weight: normal; display: block">
895+
<input id="id_bulk_mitigated_location" name="bulk_status" type="radio" value="Mitigated"/>
896+
<span>Mitigated</span>
897+
</label>
898+
<label style="font-size: 80%; font-weight: normal; display: block">
899+
<input id="id_bulk_risk_accepted_location" name="bulk_status" type="radio" value="RiskAccepted"/>
900+
<span>Risk Accepted</span>
901+
</label>
902+
{% else %}
903+
{% comment %} TODO: Delete this after the move to Locations {% endcomment %}
904+
<label style="font-size: 80%; font-weight: normal; display: block">
905+
<input id="id_bulk_active" label="active" name="active" type="checkbox"/>
906+
<span>Active</span>
907+
</label>
908+
<label style="font-size: 80%; font-weight: normal; display: block">
909+
<input id="id_bulk_false_p" label="false_positive" name="false_positive" type="checkbox"/>
910+
<span>False Positive</span>
911+
</label>
912+
<label style="font-size: 80%; font-weight: normal; display: block">
913+
<input id="id_bulk_out_of_scope" label="out_of_scope" name="out_of_scope" type="checkbox"/>
914+
<span>Out of scope</span>
915+
</label>
916+
<label style="font-size: 80%; font-weight: normal; display: block">
917+
<input id="id_bulk_mitigated" label="mitigated" name="mitigated" type="checkbox"/>
918+
<span>Mitigated</span>
919+
</label>
920+
<label style="font-size: 80%; font-weight: normal; display: block">
921+
<input id="id_bulk_risk_accepted" label="risk_accepted" name="risk_accepted" type="checkbox"/>
922+
<span>Risk Accepted</span>
923+
</label>
924+
{% endif %}
925+
<br/>
926+
<input type="submit" class="btn btn-sm btn-primary" label="Submit" name="Submit" value="Submit"/>
927+
</form>
928+
</li>
929+
</ul>
930+
</div>
931+
</div>
932+
</div>
933+
910934
{% include "dojo/snippets/endpoints.html" with finding=finding destination="UI" %}
911935

912936
<div class="view-finding">

dojo/url/ui/views.py

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -559,26 +559,14 @@ def finding_location_bulk_update(request, finding_id):
559559
if request.method == "POST":
560560
# Get the list of endpoint IDs to update and the statuses to enable
561561
finding_locations_to_update = request.POST.getlist("endpoints_to_update")
562-
status_list = FindingLocationStatus.values
563-
enable = [item for item in status_list if item in list(request.POST.keys())]
562+
# Get the status
563+
status = request.POST.get("bulk_status")
564564
# Check that endpoints and statuses are selected before proceeding
565-
if finding_locations_to_update and len(enable) > 0:
565+
if finding_locations_to_update and status in FindingLocationStatus:
566566
# Iterate over selected locations and update their finding location references
567-
for location in Location.objects.filter(id__in=finding_locations_to_update):
568-
finding_location = LocationFindingReference.objects.get(location=location, finding__id=finding_id)
569-
for status in status_list:
570-
# Set the status attribute based on whether it is enabled in the POST request
571-
if status in enable:
572-
# Enable this status
573-
finding_location.__setattr__(status, True) # noqa: PLC2801
574-
# If the status is 'Mitigated', record the auditor and audit time
575-
if status == FindingLocationStatus.Mitigated:
576-
finding_location.auditor = request.user
577-
finding_location.audit_time = timezone.now()
578-
else:
579-
# Disable this status
580-
finding_location.__setattr__(status, False) # noqa: PLC2801
581-
finding_location.save()
567+
for location_ref in LocationFindingReference.objects.filter(location__in=finding_locations_to_update, finding__id=finding_id):
568+
# Set the status
569+
location_ref.set_status(FindingLocationStatus(status), request.user, timezone.now())
582570
# Add a success message after bulk editing endpoints
583571
messages.add_message(
584572
request,

0 commit comments

Comments
 (0)