Fixes #174

devEricA · devEricA · commit 6c37be2079ef · 2017-07-11T21:08:37.000-05:00
diff --git a/dojo/forms.py b/dojo/forms.py
@@ -645,7 +645,7 @@ class AdHocFindingForm(forms.ModelForm):
 
     def clean(self):
         # self.fields['endpoints'].queryset = Endpoint.objects.all()
-        cleaned_data = super(AddFindingForm, self).clean()
+        cleaned_data = super(AdHocFindingForm, self).clean()
         if ((cleaned_data['active'] or cleaned_data['verified'])
             and cleaned_data['duplicate']):
             raise forms.ValidationError('Duplicate findings cannot be'
diff --git a/dojo/product/views.py b/dojo/product/views.py
@@ -20,7 +20,7 @@
 from dojo.filters import ProductFilter, ProductFindingFilter
 from dojo.forms import ProductForm, EngForm, DeleteProductForm, ProductMetaDataForm, JIRAPKeyForm, JIRAFindingForm, AdHocFindingForm
 from dojo.models import Product_Type, Finding, Product, Engagement, ScanSettings, Risk_Acceptance, Test, JIRA_PKey, \
-    Tool_Product_Settings, Cred_User, Cred_Mapping, Finding_Template, Endpoint
+    Tool_Product_Settings, Cred_User, Cred_Mapping, Finding_Template, Endpoint, Test_Type
 from dojo.utils import get_page_items, add_breadcrumb, get_punchcard_data
 from custom_field.models import CustomFieldValue, CustomField
 from  dojo.tasks import add_epic_task, add_issue_task
@@ -569,8 +569,25 @@ def edit_meta_data(request, pid):
 
 @user_passes_test(lambda u: u.is_staff)
 def ad_hoc_finding(request, pid):
-    eng=Engagement()
-    test = Test()
+    prod = Product.objects.get(id=pid)
+    test = None
+    try:
+        eng = Engagement.objects.get(product=prod, name="Ad Hoc Engagement")
+        tests = Test.objects.filter(engagement=eng)
+
+        if len(tests) != 0:
+            test = tests[0]
+        else:
+            test = Test(engagement=eng, test_type=Test_Type.objects.get(name="Pen Test"),
+                        target_start=datetime.now(tz=localtz), target_end=datetime.now(tz=localtz))
+            test.save()
+    except:
+        eng = Engagement(name="Ad Hoc Engagement", target_start=datetime.now(tz=localtz),
+                         target_end=datetime.now(tz=localtz), active=False, product=prod)
+        eng.save()
+        test = Test(engagement=eng, test_type=Test_Type.objects.get(name="Pen Test"),
+                    target_start=datetime.now(tz=localtz), target_end=datetime.now(tz=localtz))
+        test.save()
     form_error = False
     enabled = False
     jform = None
@@ -643,11 +660,12 @@ def ad_hoc_finding(request, pid):
                                  messages.ERROR,
                                  'The form has errors, please correct them below.',
                                  extra_tags='alert-danger')
-    add_breadcrumb(parent=test, title="Add Finding", top_level=False, request=request)
-    return render(request, 'dojo/add_findings.html',
+    add_breadcrumb(parent=prod, title="Add Finding", top_level=False, request=request)
+    return render(request, 'dojo/ad_hoc_findings.html',
                   {'form': form,
                    'temp': False,
-                   'tid': tid,
+                   'tid' : test.id,
+                   'pid': pid,
                    'form_error': form_error,
                    'jform': jform,
                    })
diff --git a/dojo/templates/dojo/ad_hoc_findings.html b/dojo/templates/dojo/ad_hoc_findings.html
@@ -0,0 +1,38 @@
+{% extends "base.html" %}
+{% load event_tags %}
+{% load static from staticfiles %}
+{% block content %}
+    <div>
+        <h3> Add findings to a test</h3>
+    </div>
+    <div>
+        <form class="form-horizontal" action="{% url 'ad_hoc_finding' pid %}" method="post">
+            {% csrf_token %}
+            {% include "dojo/form_fields.html" with form=form %}
+            {%  if jform %}
+                <h4> JIRA </h4>
+                <hr>
+                {% include "dojo/form_fields.html" with form=jform %}
+            {% endif %}
+            <div class="form-group">
+                <div class="col-sm-offset-2 col-sm-10">
+                    <input class="btn btn-primary" type="submit" value="Add Another Finding"/>
+                    <input class="btn btn-primary" name="_Finished" type="submit" value="Finished"/>
+                </div>
+            </div>
+        </form>
+    </div>
+{% endblock %}
+{% block postscript %}
+    <script type="text/javascript" src="{% static "admin/js/jquery.init.js"%}"></script>
+    <script type="application/javascript" src="{% static "admin/js/admin/RelatedObjectLookups.js" %}"></script>
+    <script type="application/javascript">
+        $ = django.jQuery;
+        $('#add_id_endpoints').attr('href', "{% url 'add_endpoint' pid %}?_popup");
+        {% if not form_error %}
+            $('#id_endpoints').find('option').remove();
+        {% endif %}
+    </script>
+
+
+{% endblock %}
