Improving logging notifications for PDF reports and jira exceptions.

Author: aaronweaver

dojo/engagement/views.py

@@ -117,7 +117,7 @@ def edit_engagement(request, eid):
         form = EngForm2(request.POST, instance=eng)
         if 'jiraform-push_to_jira' in request.POST:
             jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=True)
-        if form.is_valid():
+        if form.is_valid() and jform and jform.is_valid():
             if 'jiraform-push_to_jira' in request.POST:
                 try:
                     jissue = JIRA_Issue.objects.get(engagement=eng)

dojo/tasks.py

@@ -30,6 +30,11 @@
 
 logger = get_task_logger(__name__)
 
+# Logs the error to the alerts table, which appears in the notification toolbar
+def log_generic_alert(source, title, description):
+    create_notification(event='other', title=title, description=description,
+                       icon='bullseye', source=source)
+
 @app.task(bind=True)
 def add_alerts(self, runinterval):
     now = timezone.now()
@@ -72,8 +77,8 @@ def async_pdf_report(self,
     cover = context['host'] + reverse(
         'report_cover_page') + "?" + x
 
-    config = pdfkit.configuration(wkhtmltopdf=settings.WKHTMLTOPDF_PATH)
     try:
+        config = pdfkit.configuration(wkhtmltopdf=settings.WKHTMLTOPDF_PATH)
         report.task_id = async_pdf_report.request.id
         report.save()
         bytes = render_to_string(template, context)
@@ -102,8 +107,7 @@ def async_pdf_report(self,
     except Exception as e:
         report.status = 'error'
         report.save()
-        # email_requester(report, uri, error=e)
-        raise e
+        log_generic_alert("PDF Report", "Report Creation Failure", "Make sure WKHTMLTOPDF is installed. " + str(e))
     return True
 
 
@@ -187,7 +191,8 @@ def async_custom_pdf_report(self,
         report.status = 'error'
         report.save()
         # email_requester(report, uri, error=e)
-        raise e
+        #raise e
+        log_generic_alert("PDF Report", "Report Creation Failure", "Make sure WKHTMLTOPDF is installed. " + str(e))
     finally:
         if temp is not None:
             # deleting temp xsl file

dojo/templates/dojo/view_product.html

@@ -12,7 +12,7 @@
             <div class="clearfix">
                 <h3 class="pull-left">
                     {{ prod }}
-                    {% if system_settings.enable_benchmark%}
+                    {% if system_settings.enable_benchmark %}
                       {% for benchmark in benchmarks%}
                         <sup><span class="fa fa-bookmark has-popover" data-trigger="hover" data-content="{{ benchmark|asvs_level }}"></label></span>
                         {{ benchmark.desired_level }}</sup>

dojo/tools/checkmarx/parser.py

@@ -17,8 +17,8 @@ def __init__(self, filename, test):
         for query in root.findall('Query'):
             categories = ''
             language = ''
-            mitigation = ''
-            impact = ''
+            mitigation = 'N/A'
+            impact = 'N/A'
             references = ''
             findingdetail = ''
             title = ''
@@ -69,8 +69,7 @@ def __init__(self, filename, test):
                         title = query.get('name').replace('_', ' ') + ' (' + path.get('PathId') + ')'
                         for pathnode in path.findall('PathNode'):
                             findingdetail += 'Source Object: %s\n' % (pathnode.find('Name').text)
-                            #findingdetail += 'Filename: %s\n' % (pathnode.find('FileName').text)
-                            #findingdetail += 'Line Number: %s\n' % (pathnode.find('Line').text)
+
                             for codefragment in pathnode.findall('Snippet/Line'):
                                 findingdetail += 'Code: %s\n' % (codefragment.find('Code').text.strip())
 

dojo/utils.py

@@ -701,6 +701,11 @@ def jira_get_resolution_id(jira, issue, status):
 def jira_change_resolution_id(jira, issue, id):
     jira.transition_issue(issue, id)
 
+# Logs the error to the alerts table, which appears in the notification toolbar
+def log_jira_generic_alert(title, description):
+    create_notification(event='jira_update', title=title, description=description,
+                       icon='bullseye', source='Jira')
+
 # Logs the error to the alerts table, which appears in the notification toolbar
 def log_jira_alert(error, finding):
     create_notification(event='jira_update', title='Jira update issue', description='Finding: ' + str(finding.id) + ', ' + error,
@@ -856,22 +861,30 @@ def close_epic(eng, push_to_jira):
     jpkey = JIRA_PKey.objects.get(product=prod)
     jira_conf = jpkey.conf
     if jpkey.enable_engagement_epic_mapping and push_to_jira:
-        j_issue = JIRA_Issue.objects.get(engagement=eng)
-        req_url = jira_conf.url+'/rest/api/latest/issue/'+ j_issue.jira_id+'/transitions'
-        j_issue = JIRA_Issue.objects.get(engagement=eng)
-        json_data = {'transition':{'id':jira_conf.close_status_key}}
-        r = requests.post(url=req_url, auth=HTTPBasicAuth(jira_conf.username, jira_conf.password), json=json_data)
+        try:
+            j_issue = JIRA_Issue.objects.get(engagement=eng)
+            req_url = jira_conf.url+'/rest/api/latest/issue/'+ j_issue.jira_id+'/transitions'
+            j_issue = JIRA_Issue.objects.get(engagement=eng)
+            json_data = {'transition':{'id':jira_conf.close_status_key}}
+            r = requests.post(url=req_url, auth=HTTPBasicAuth(jira_conf.username, jira_conf.password), json=json_data)
+        except Exception as e:
+            log_jira_generic_alert('Jira Engagement/Epic Close Error', e)
+            pass
 
 def update_epic(eng, push_to_jira):
     engagement = eng
     prod = Product.objects.get(engagement=engagement)
     jpkey = JIRA_PKey.objects.get(product=prod)
     jira_conf = jpkey.conf
     if jpkey.enable_engagement_epic_mapping and push_to_jira:
-        jira = JIRA(server=jira_conf.url, basic_auth=(jira_conf.username, jira_conf.password))
-        j_issue = JIRA_Issue.objects.get(engagement=eng)
-        issue = jira.issue(j_issue.jira_id)
-        issue.update(summary=eng.name, description=eng.name)
+        try:
+            jira = JIRA(server=jira_conf.url, basic_auth=(jira_conf.username, jira_conf.password))
+            j_issue = JIRA_Issue.objects.get(engagement=eng)
+            issue = jira.issue(j_issue.jira_id)
+            issue.update(summary=eng.name, description=eng.name)
+        except Exception as e:
+            log_jira_generic_alert('Jira Engagement/Epic Update Error', e)
+            pass
 
 def add_epic(eng, push_to_jira):
     engagement = eng
@@ -886,19 +899,27 @@ def add_epic(eng, push_to_jira):
             'issuetype': {'name': 'Epic'},
             'customfield_' + str(jira_conf.epic_name_id) : engagement.name,
             }
-        jira = JIRA(server=jira_conf.url, basic_auth=(jira_conf.username, jira_conf.password))
-        new_issue = jira.create_issue(fields=issue_dict)
-        j_issue = JIRA_Issue(jira_id=new_issue.id, jira_key=new_issue, engagement=engagement)
-        j_issue.save()
+        try:
+            jira = JIRA(server=jira_conf.url, basic_auth=(jira_conf.username, jira_conf.password))
+            new_issue = jira.create_issue(fields=issue_dict)
+            j_issue = JIRA_Issue(jira_id=new_issue.id, jira_key=new_issue, engagement=engagement)
+            j_issue.save()
+        except Exception as e:
+            log_jira_generic_alert('Jira Engagement/Epic Creation Error', e)
+            pass
 
 def add_comment(find, note, force_push=False):
     prod = Product.objects.get(engagement=Engagement.objects.get(test=find.test))
     jpkey = JIRA_PKey.objects.get(product=prod)
     jira_conf = jpkey.conf
     if jpkey.push_notes or force_push == True:
-        jira = JIRA(server=jira_conf.url, basic_auth=(jira_conf.username, jira_conf.password))
-        j_issue = JIRA_Issue.objects.get(finding=find)
-        jira.add_comment(j_issue.jira_id, '(%s): %s' % (note.author.get_full_name(), note.entry))
+        try:
+            jira = JIRA(server=jira_conf.url, basic_auth=(jira_conf.username, jira_conf.password))
+            j_issue = JIRA_Issue.objects.get(finding=find)
+            jira.add_comment(j_issue.jira_id, '(%s): %s' % (note.author.get_full_name(), note.entry))
+        except Exception as e:
+            log_jira_generic_alert('Jira Add Comment Error', e)
+            pass
 
 def send_review_email(request, user, finding, users, new_note):
     recipients = [u.email for u in users]
@@ -1062,15 +1083,15 @@ def create_notification_message(event, notification_type):
         return notification
 
     def send_slack_notification(channel):
-        #try:
-        res = requests.request(method='POST', url='https://slack.com/api/chat.postMessage',
-                         data={'token':get_system_setting('slack_token'),
-                               'channel':channel,
-                               'username':get_system_setting('slack_username'),
-                               'text':create_notification_message(event, 'slack')})
-        #except Exception as e:
-        #    log_alert(e)
-        #    pass
+        try:
+            res = requests.request(method='POST', url='https://slack.com/api/chat.postMessage',
+                             data={'token':get_system_setting('slack_token'),
+                                   'channel':channel,
+                                   'username':get_system_setting('slack_username'),
+                                   'text':create_notification_message(event, 'slack')})
+        except Exception as e:
+            log_alert(e)
+            pass
 
     def send_hipchat_notification(channel):
         try:
@@ -1079,7 +1100,6 @@ def send_hipchat_notification(channel):
                             url='https://%s/v2/room/%s/notification?auth_token=%s' % (get_system_setting('hipchat_site'), channel, get_system_setting('hipchat_token')),
                             data={'message':create_notification_message(event, 'slack'),
                                   'message_format':'text'})
-            print res
         except Exception as e:
             log_alert(e)
             pass
@@ -1110,8 +1130,10 @@ def send_alert_notification(user=None):
 
 
     def log_alert(e):
-        alert = Alerts(user_id=Dojo_User.objects.get(is_superuser=True), title='Notification issue', description="%s" % e, icon="exclamation-triangle", source="Notifications")
-        alert.save()
+        users = Dojo_User.objects.filter(is_superuser=True)
+        for user in users:
+            alert = Alerts(user_id=user, url=kwargs.get('url', reverse('alerts')), title='Notification issue', description="%s" % e, icon="exclamation-triangle", source="Notifications")
+            alert.save()
 
     # Global notifications
     try: