Merge pull request DefectDojo#1012 from valentijnscholten/feature/jira-improvements

devGregA · web-flow · commit 17587d935690 · 2019-04-08T08:25:26.000-05:00
jira integration improvements including bulk push to jira
diff --git a/.gitignore b/.gitignore
@@ -101,3 +101,6 @@ venv/
 ENV/
 quick.bash
 *.tgz
+
+#visual studio code
+*.code-workspace
diff --git a/dojo/finding/views.py b/dojo/finding/views.py
@@ -34,7 +34,7 @@
     FindingImageAccessToken, JIRA_Issue, JIRA_PKey, Dojo_User, Cred_Mapping, Test, Product, User
 from dojo.utils import get_page_items, add_breadcrumb, FileIterWrapper, process_notifications, \
     add_comment, jira_get_resolution_id, jira_change_resolution_id, get_jira_connection, \
-    get_system_setting, create_notification, apply_cwe_to_template, Product_Tab, calculate_grade
+    get_system_setting, create_notification, apply_cwe_to_template, Product_Tab, calculate_grade, log_jira_alert
 
 from dojo.tasks import add_issue_task, update_issue_task, add_comment_task
 from django.template.defaultfilters import pluralize
@@ -1471,6 +1471,17 @@ def finding_bulk_update_all(request, pid=None):
                             calculate_grade(finding.test.engagement.product)
                             prev_prod = finding.test.engagement.product.id
 
+                for finding in finds:
+                    if JIRA_PKey.objects.filter(product=finding.test.engagement.product).count() == 0:
+                        log_jira_alert('Finding cannot be pushed to jira as there is no jira configuration for this product.', finding)
+                    else:
+                        old_status = finding.status()
+                        if form.cleaned_data['push_to_jira']:
+                            if JIRA_Issue.objects.filter(finding=finding).exists():
+                                update_issue_task.delay(finding, old_status, True)
+                            else:
+                                add_issue_task.delay(finding, True)
+
                 messages.add_message(request,
                                      messages.SUCCESS,
                                      'Bulk edit of findings was successful.  Check to make sure it is what you intended.',
diff --git a/dojo/forms.py b/dojo/forms.py
@@ -951,6 +951,7 @@ class Meta:
 
 class FindingBulkUpdateForm(forms.ModelForm):
     status = forms.BooleanField(required=False)
+    push_to_jira = forms.BooleanField(required=False)
 
     def __init__(self, *args, **kwargs):
         super(FindingBulkUpdateForm, self).__init__(*args, **kwargs)
diff --git a/dojo/models.py b/dojo/models.py
@@ -1208,7 +1208,15 @@ def long_desc(self):
         long_desc = ''
         long_desc += '*' + self.title + '*\n\n'
         long_desc += '*Severity:* ' + self.severity + '\n\n'
-        long_desc += '*Systems*: \n'
+        long_desc += '*Product/Engagement:* ' + self.test.engagement.product.name + ' / ' + self.test.engagement.name + '\n\n'
+        if self.test.engagement.branch_tag:
+            long_desc += '*Branch/Tag:* ' + self.test.engagement.branch_tag + '\n\n'
+        if self.test.engagement.build_id:
+            long_desc += '*BuildID:* ' + self.test.engagement.build_id + '\n\n'
+        if self.test.engagement.commit_hash:
+            long_desc += '*Commit hash:* ' + self.test.engagement.commit_hash + '\n\n'
+        long_desc += '*Systems*: \n\n'
+
         for e in self.endpoints.all():
             long_desc += str(e) + '\n\n'
         long_desc += '*Description*: \n' + self.description + '\n\n'
diff --git a/dojo/templates/dojo/findings_list.html b/dojo/templates/dojo/findings_list.html
@@ -57,6 +57,9 @@ <h3 class="has-filters">
                                     <input id="id_out_of_scope" name="out_of_scope" type="checkbox" disabled/>
                                     <span>Out of scope</span>
                                 </label>
+                                {% if "enable_jira"|get_system_setting %}
+                                <b>Push to JIRA</b> <input id="id_push_tojira" name="push_to_jira" type="checkbox" alt="Select to push to JIRA"/><br/>
+                                {% endif %}
                                 <input type="submit" class="btn btn-sm btn-primary" value="Submit"/>
                             </form>
                         </li>
@@ -285,7 +288,8 @@ <h3 class="has-filters">
                                 <td class="nowrap">
                                   {% if "enable_jira"|get_system_setting %}
                                     {% if finding.jira.jira_key %}
-                                      <a href="{{finding.jira_conf.url}}/browse/{{finding.jira.jira_key}}" target="_blank" alt="Jira Bug - {{finding.jira.jira_key}}"><i class="fa fa-bug fa-fw"></i></a>
+                                      <a href="{{finding.jira_conf.url}}/browse/{{finding.jira.jira_key}}" target="_blank" 
+                                           alt="Jira Bug - {{finding.jira.jira_key}}" data-toggle="tooltip" data-placement="bottom" title="{{finding.jira.jira_key}}"><i class="fa fa-bug fa-fw"></i></a>
                                     {% endif %}
                                     {% if finding.notes.count %}
                                       <a href="{% url 'view_finding' finding.id %}#vuln_notes" alt="{{ finding.notes.count }} comment{{ finding.notes.count|pluralize }}">
diff --git a/dojo/templates/dojo/view_test.html b/dojo/templates/dojo/view_test.html
@@ -182,6 +182,9 @@ <h4>Details <span class="pull-right"><a data-toggle="collapse" href="#vuln_desc"
                           <input id="id_out_of_scope" name="out_of_scope" type="checkbox" disabled/>
                           <span>Out of scope</span>
                       </label>
+                      {% if "enable_jira"|get_system_setting %}
+                      <b>Push to JIRA</b> <input id="id_push_tojira" name="push_to_jira" type="checkbox" alt="Select to push to JIRA"/><br/>
+                      {% endif %}
                       <input type="submit" class="btn btn-sm btn-primary" value="Submit"/>
                   </form>
               </li>
diff --git a/dojo/test/views.py b/dojo/test/views.py
@@ -20,10 +20,10 @@
 from dojo.forms import NoteForm, TestForm, FindingForm, \
     DeleteTestForm, AddFindingForm, \
     ImportScanForm, ReImportScanForm, FindingBulkUpdateForm, JIRAFindingForm
-from dojo.models import Product, Finding, Test, Notes, BurpRawRequestResponse, Endpoint, Stub_Finding, Finding_Template, JIRA_PKey, Cred_Mapping, Dojo_User
+from dojo.models import Product, Finding, Test, Notes, BurpRawRequestResponse, Endpoint, Stub_Finding, Finding_Template, JIRA_PKey, Cred_Mapping, Dojo_User, JIRA_Issue
 from dojo.tools.factory import import_parser_factory
-from dojo.utils import get_page_items, add_breadcrumb, get_cal_event, message, process_notifications, get_system_setting, create_notification, Product_Tab, calculate_grade
-from dojo.tasks import add_issue_task
+from dojo.utils import get_page_items, add_breadcrumb, get_cal_event, message, process_notifications, get_system_setting, create_notification, Product_Tab, calculate_grade, log_jira_alert
+from dojo.tasks import add_issue_task, update_issue_task
 
 logger = logging.getLogger(__name__)
 
@@ -443,6 +443,17 @@ def finding_bulk_update(request, tid):
                 if form.cleaned_data['severity'] or form.cleaned_data['status']:
                     calculate_grade(test.engagement.product)
 
+                for finding in finds:
+                    if JIRA_PKey.objects.filter(product=finding.test.engagement.product).count() == 0:
+                        log_jira_alert('Finding cannot be pushed to jira as there is no jira configuration for this product.', finding)
+                    else:
+                        old_status = finding.status()
+                        if form.cleaned_data['push_to_jira']:
+                            if JIRA_Issue.objects.filter(finding=finding).exists():
+                                update_issue_task.delay(finding, old_status, True)
+                            else:
+                                add_issue_task.delay(finding, True)
+
                 messages.add_message(request,
                                      messages.SUCCESS,
                                      'Bulk edit of findings was successful.  Check to make sure it is what you intended.',
diff --git a/dojo/utils.py b/dojo/utils.py
@@ -991,8 +991,14 @@ def jira_long_description(find_description, find_id, jira_conf_finding_text):
 
 
 def add_issue(find, push_to_jira):
+    logger.debug('adding issue: ' + str(find))
     eng = Engagement.objects.get(test=find.test)
     prod = Product.objects.get(engagement=eng)
+
+    if JIRA_PKey.objects.filter(product=prod).count() == 0:
+        log_jira_alert('Finding cannot be pushed to jira as there is no jira configuration for this product.', find)
+        return
+
     jpkey = JIRA_PKey.objects.get(product=prod)
     jira_conf = jpkey.conf
 
@@ -1001,8 +1007,10 @@ def add_issue(find, push_to_jira):
             if ((jpkey.push_all_issues and Finding.get_number_severity(
                     System_Settings.objects.get().jira_minimum_severity) >
                  Finding.get_number_severity(find.severity))):
-                pass
+                log_jira_alert('Finding below jira_minimum_severity threshold.', find)
+
             else:
+                logger.debug('Trying to create a new JIRA issue')
                 try:
                     JIRAError.log_to_tempfile = False
                     jira = JIRA(
@@ -1055,7 +1063,7 @@ def add_issue(find, push_to_jira):
                 except JIRAError as e:
                     log_jira_alert(e.text, find)
         else:
-            log_jira_alert("Finding not active, verified, or over threshold.",
+            log_jira_alert("Finding not active or not verified.",
                            find)
 
 
