changing names and finding_group logic

Author: LeoOMaia

dojo/filters.py

@@ -2088,15 +2088,15 @@ class DynamicFindingGroupsFindingsFilter(FilterSet):
         ],
         label="Severity",
     )
-    script_id = CharFilter(lookup_expr="icontains", label="Script ID")
+    vuln_id_from_tool = CharFilter(lookup_expr="icontains", label="Vulnerability Id From Tool")
     reporter = ModelMultipleChoiceFilter(queryset=Dojo_User.objects.none(), label="Reporter")
-    status = ChoiceFilter(choices=[("Yes", "Yes"), ("No", "No")], label="Active")
+    active = ChoiceFilter(choices=[("Yes", "Yes"), ("No", "No")], label="Active")
     engagement = ModelMultipleChoiceFilter(queryset=Engagement.objects.none(), label="Engagement")
     product = ModelMultipleChoiceFilter(queryset=Product.objects.none(), label="Product")
 
     class Meta:
         model = Finding
-        fields = ["name", "severity", "script_id", "reporter", "status", "engagement", "product"]
+        fields = ["name", "severity", "vuln_id_from_tool", "reporter", "active", "engagement", "product"]
 
     def __init__(self, *args, **kwargs):
         self.user = kwargs.pop("user", None)

dojo/finding_group/redis.py

@@ -10,23 +10,16 @@
 
 import redis
 from django.conf import settings
-from django.utils.safestring import mark_safe
+from django.utils.functional import cached_property
 
 from dojo.models import Finding
 
 logger = logging.getLogger(__name__)
 
 DD_TEST = os.getenv("DD_TEST", "False").lower() == "true"
-SEVERITY_ORDER = {
-    "Critical": 5,
-    "High": 4,
-    "Medium": 3,
-    "Low": 2,
-    "Info": 1,
-}
 USER_MODES_KEY = "finding_groups_user_modes"
-SYSTEM_CHANGE = "finding_groups_last_finding_change"
-LAST_UPDATE = "finding_groups_last_update"
+LAST_FINDING_CHANGE = "finding_groups_last_finding_change"
+LAST_FINDING_UPDATE = "finding_groups_last_update"
 
 
 class GroupMode(StrEnum):
@@ -41,7 +34,6 @@ class DynamicFindingGroups:
     name: str = ""
     severity: str = "Info"
     main_finding_id: int | None = None
-    sla_finding_id: int | None = None
     finding_ids: set[int] = field(default_factory=set)
 
     def to_dict(self) -> dict:
@@ -63,12 +55,9 @@ def load_from_id(finding_group_id: str, fg_key: str) -> Self | None:
         return None
 
     def update_sev_sla(self, finding: Finding) -> None:
-        if SEVERITY_ORDER[finding.severity] > SEVERITY_ORDER[self.severity]:
+        if Finding.get_number_severity(finding.severity) > Finding.get_number_severity(self.severity):
             self.severity = finding.severity
             self.main_finding_id = finding.id
-        if finding.active and finding.sla_days_remaining():
-            if not self.sla_finding_id or finding.sla_days_remaining() < Finding.objects.get(id=self.sla_finding_id).sla_days_remaining():
-                self.sla_finding_id = finding.id
 
     def add(self, finding: Finding) -> None:
         self.update_sev_sla(finding)
@@ -77,21 +66,23 @@ def add(self, finding: Finding) -> None:
     # This method is used when we filter findings in a finding group
     def reconfig_finding_group(self) -> None:
         self.severity = "Info"
-        self.sla_finding_id = None
         findings = Finding.objects.filter(id__in=self.finding_ids)
         for finding in findings:
             self.update_sev_sla(finding)
 
     @staticmethod
     def get_group_names(finding: Finding, mode: GroupMode) -> list[str] | None:
         if mode == GroupMode.VULN_ID_FROM_TOOL:
-            return [finding.vuln_id_from_tool]
+            if finding.vuln_id_from_tool:
+                return [finding.vuln_id_from_tool]
         if mode == GroupMode.TITLE:
-            return [finding.title]
+            if finding.title:
+                return [finding.title]
         if mode == GroupMode.CVE:
-            cves = list(
-                finding.vulnerability_id_set.values_list("vulnerability_id", flat=True),
-            )
+            cves = [
+                cve for cve in finding.vulnerability_id_set.values_list("vulnerability_id", flat=True)
+                if cve
+            ]
             if cves:
                 return cves
         return None
@@ -110,14 +101,14 @@ def set_last_finding_change() -> None:
             logger.info("Redis is not used in test environment, skipping.")
             return
         redis_client = get_redis_client()
-        redis_client.set(SYSTEM_CHANGE, datetime.now().isoformat())
+        redis_client.set(LAST_FINDING_CHANGE, datetime.now().isoformat())
 
     @staticmethod
     def set_last_update(mode: GroupMode, timestamp: datetime | None = None) -> None:
         if timestamp is None:
             return
         redis_client = get_redis_client()
-        redis_client.hset(LAST_UPDATE, mode.value, timestamp.isoformat())
+        redis_client.hset(LAST_FINDING_UPDATE, mode.value, timestamp.isoformat())
 
     @staticmethod
     def add_finding(finding: Finding, mode: GroupMode) -> None:
@@ -147,37 +138,16 @@ def add_finding(finding: Finding, mode: GroupMode) -> None:
                 group_ids.append(finding_group_id)
             redis_client.hset(id_map_key, finding.id, json.dumps(group_ids))
 
-    # This method is used in finding_groups table to show SLA
-    def get_days_remaining(self) -> str:
-        if self.sla_finding_id:
-            finding = Finding.objects.filter(id=self.sla_finding_id).first()
-            days_remaining = finding.sla_days_remaining()
-            severity = finding.severity
-            sla_start_date = finding.get_sla_start_date().strftime("%b %d, %Y")
-            status = "age-green"
-            status_text = f"Remediation for {severity.lower()} findings due in {days_remaining} days or less (started {sla_start_date})"
-            if days_remaining and days_remaining < 0:
-                status = "age-red"
-                status_text = f"Overdue: Remediation for {severity.lower()} findings overdue {days_remaining} days (started {sla_start_date})"
-                days_remaining = abs(days_remaining)
-        elif any(
-            Finding.objects.filter(
-                id__in=self.finding_ids,
-                active=True,
-            ),
-        ):
-            status = "severity-Info"
-            status_text = "No SLA set, but at least one finding is active"
-            days_remaining = "No SLA"
-        else:
-            status = "age-blue"
-            status_text = "No active finding"
-            days_remaining = "Concluded"
-        title = (
-            f'<a class="has-popover" data-toggle="tooltip" data-placement="bottom" title="" href="#" data-content="{status_text}">'
-            f'<span class="label severity {status}">{days_remaining}</span></a>'
-        )
-        return mark_safe(title)
+    @cached_property
+    def sla_days_remaining_internal(self):
+        findings = Finding.objects.filter(id__in=self.finding_ids, active=True)
+        if not findings:
+            return None
+        return min([find.sla_days_remaining() for find in findings if find.sla_days_remaining()], default=None)
+
+    @property
+    def sla_days_remaining(self) -> int | None:
+        return self.sla_days_remaining_internal
 
 
 @lru_cache(maxsize=1)
@@ -208,22 +178,22 @@ def load_or_rebuild_finding_groups(mode: GroupMode) -> dict[str, DynamicFindingG
     fg_key = DynamicFindingGroups.get_fg_key(mode)
     id_map_key = DynamicFindingGroups.get_id_map_key(mode)
 
-    if not redis_client.exists(SYSTEM_CHANGE):
+    if not redis_client.exists(LAST_FINDING_CHANGE):
         DynamicFindingGroups.set_last_finding_change()
-    last_finding_change_raw = redis_client.get(SYSTEM_CHANGE)
+    last_finding_change_raw = redis_client.get(LAST_FINDING_CHANGE)
     try:
         last_finding_change_time = datetime.fromisoformat(last_finding_change_raw)
     except ValueError:
-        logger.warning(f"Invalid datetime format in Redis for {SYSTEM_CHANGE}: {last_finding_change_raw}, resetting last finding change.")
+        logger.warning(f"Invalid datetime format in Redis for {LAST_FINDING_CHANGE}: {last_finding_change_raw}, resetting last finding change.")
         DynamicFindingGroups.set_last_finding_change()
-        last_finding_change_raw = redis_client.get(SYSTEM_CHANGE)
+        last_finding_change_raw = redis_client.get(LAST_FINDING_CHANGE)
         last_finding_change_time = datetime.fromisoformat(last_finding_change_raw) if last_finding_change_raw else None
 
     try:
-        last_groups_update_time = redis_client.hget(LAST_UPDATE, mode.value)
+        last_groups_update_time = redis_client.hget(LAST_FINDING_UPDATE, mode.value)
         last_groups_update_time = datetime.fromisoformat(last_groups_update_time) if last_groups_update_time else None
     except ValueError:
-        logger.warning(f"Invalid datetime format in Redis for {LAST_UPDATE}: {last_groups_update_time}")
+        logger.warning(f"Invalid datetime format in Redis for {LAST_FINDING_UPDATE}: {last_groups_update_time}")
         last_groups_update_time = None
 
     # Check if finding_groups and id_map exist in Redis

dojo/finding_group/views_dynamic.py

@@ -8,7 +8,6 @@
 from dojo.authorization.roles_permissions import Permissions
 from dojo.filters import DynamicFindingGroupsFilter, DynamicFindingGroupsFindingsFilter
 from dojo.finding_group.redis import (
-    SEVERITY_ORDER,
     GroupMode,
     get_user_mode,
     load_or_rebuild_finding_groups,
@@ -68,7 +67,7 @@ def filter_finding_group(self, finding_group, request: HttpRequest):
         finding_group.reconfig_finding_group()
         if name_filter and name_filter not in finding_group.name.lower():
             add_finding_group = False
-        if min_severity_filter and SEVERITY_ORDER.get(finding_group.severity) < SEVERITY_ORDER[min_severity_filter]:
+        if min_severity_filter and Finding.get_number_severity(finding_group.severity) < Finding.get_number_severity(min_severity_filter):
             add_finding_group = False
         if not finding_group.finding_ids:
             add_finding_group = False
@@ -89,6 +88,19 @@ def get_findings(self, products):
         return user_fids, active_fids
 
     def get_finding_groups(self, request: HttpRequest, products=None):
+        """
+        Retrieve all dynamic finding groups for the current user.
+
+        Steps:
+        1. Retrieve finding IDs relevant for the user (optionally filtered by products).
+        2. Iterate over all finding groups in self.finding_groups_map.
+        3. For each group:
+        - Restrict the group's findings to those the user can see.
+        - Apply additional filters based on the request.
+        - No additional filtering for active findings.
+        4. Append groups that pass all filters to the result list.
+        5. Order the resulting list according to the request via order_field and return.
+        """
         user_fids, _ = self.get_findings(products)
         list_finding_group = []
         for finding_group in self.finding_groups_map.values():
@@ -134,6 +146,19 @@ class ListOpenDynamicFindingGroups(ListDynamicFindingGroups):
     filter_name = "Open"
 
     def get_finding_groups(self, request: HttpRequest, products=None):
+        """
+        Retrieve dynamic finding groups containing at least one active finding.
+
+        Steps:
+        1. Retrieve finding IDs relevant for the user and the active subset.
+        2. Iterate over all finding groups in self.finding_groups_map.
+        3. For each group:
+        - Restrict the group's findings to those the user can see.
+        - Apply additional filters based on the request.
+        - Keep only groups with at least one active finding.
+        4. Append groups that pass all filters to the result list.
+        5. Order the resulting list according to the request via order_field and return.
+        """
         user_fids, active_fids = self.get_findings(products)
         list_finding_group = []
         for finding_group in self.finding_groups_map.values():
@@ -148,6 +173,19 @@ class ListClosedDynamicFindingGroups(ListDynamicFindingGroups):
     filter_name = "Closed"
 
     def get_finding_groups(self, request: HttpRequest, products=None):
+        """
+        Retrieve dynamic finding groups containing no active findings.
+
+        Steps:
+        1. Retrieve finding IDs relevant for the user and the active subset.
+        2. Iterate over all finding groups in self.finding_groups_map.
+        3. For each group:
+        - Restrict the group's findings to those the user can see.
+        - Apply additional filters based on the request.
+        - Keep only groups with no active findings.
+        4. Append groups that pass all filters to the result list.
+        5. Order the resulting list according to the request via order_field and return.
+        """
         user_fids, active_fids = self.get_findings(products)
         list_finding_group = []
         for finding_group in self.finding_groups_map.values():
@@ -177,26 +215,26 @@ def order_field(self, request: HttpRequest, finding_groups_findings_list):
     def filters(self, request: HttpRequest):
         name_filter = request.GET.get("name", "").lower()
         severity_filter = request.GET.getlist("severity")
-        script_id_filter = request.GET.get("script_id")
+        vuln_id_from_tool_filter = request.GET.get("vuln_id_from_tool")
         reporter_filter = request.GET.getlist("reporter")
-        status_filter = request.GET.get("status")
+        active_filter = request.GET.get("active")
         engagement_filter = request.GET.getlist("engagement")
         product_filter = request.GET.getlist("product")
-        return name_filter, severity_filter, script_id_filter, reporter_filter, status_filter, engagement_filter, product_filter
+        return name_filter, severity_filter, vuln_id_from_tool_filter, reporter_filter, active_filter, engagement_filter, product_filter
 
     def filter_findings(self, findings, request: HttpRequest):
-        name_filter, severity_filter, script_id_filter, reporter_filter, status_filter, engagement_filter, product_filter = self.filters(request)
+        name_filter, severity_filter, vuln_id_from_tool_filter, reporter_filter, active_filter, engagement_filter, product_filter = self.filters(request)
         filter_kwargs = {}
         if name_filter:
             filter_kwargs["title__icontains"] = name_filter
         if severity_filter:
             filter_kwargs["severity__in"] = severity_filter
-        if script_id_filter:
-            filter_kwargs["vuln_id_from_tool__icontains"] = script_id_filter
+        if vuln_id_from_tool_filter:
+            filter_kwargs["vuln_id_from_tool__icontains"] = vuln_id_from_tool_filter
         if reporter_filter:
             filter_kwargs["reporter__id__in"] = reporter_filter
-        if status_filter:
-            filter_kwargs["active"] = (status_filter == "Yes")
+        if active_filter:
+            filter_kwargs["active"] = (active_filter == "Yes")
         if engagement_filter:
             filter_kwargs["test__engagement__id__in"] = engagement_filter
         if product_filter:

dojo/templates/dojo/finding_group_dynamic_findings_list_snippet.html

@@ -292,7 +292,7 @@ <h3 class="has-filters">
                                         {% trans "Severity" %}
                                     </th>
                                     <th>{% trans "SLA" %}</th>
-                                    <th>{% trans "Script ID" %}</th>
+                                    <th>{% trans "Vulnerability Id From Tool" %}</th>
                                     <th>{% trans "Reporter" %}</th>
                                     <th>{% dojo_sort request "Found By" "found_by" %}</th>
                                     <th>{% trans "Status" %}</th>

dojo/templates/dojo/finding_groups_dynamic_list_snippet.html

@@ -66,7 +66,7 @@ <h3 class="has-filters">
                                     </span>
                                 </td>
                                 <td class="centered">
-                                    {{ finding_group.get_days_remaining }}
+                                    {{ finding_group.sla_days_remaining }}
                                 </td>
                                 <td class="centered">
                                     {{ finding_group.finding_ids|length }}