Fix Report generation issue (pic_token template tag) (#10153)

* Revert "class-based-reports-views clean up some variables" This reverts commit f4396c0. * fix-pic-token Fix template reference
DefectDojo · May 8, 2024 · 963ebed · 963ebed
1 parent 2cc7812
commit 963ebed
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 12 deletions.
diff --git a/dojo/reports/views.py b/dojo/reports/views.py
@@ -119,12 +119,13 @@ def post(self, request: HttpRequest) -> HttpResponse:
 
     def _set_state(self, request: HttpRequest):
         self.request = request
+        self.host = report_url_resolver(request)
         self.selected_widgets = self.get_selected_widgets(request)
         self.widgets = list(self.selected_widgets.values())
 
     def get_selected_widgets(self, request):
-        selected_widgets = report_widget_factory(json_data=request.POST['json'], request=request, finding_notes=False,
-                                                 finding_images=False)
+        selected_widgets = report_widget_factory(json_data=request.POST['json'], request=request, host=self.host,
+                                                      user=self.request.user, finding_notes=False, finding_images=False)
 
         if options := selected_widgets.get('report-options', None):
             self.report_format = options.report_type
@@ -135,8 +136,9 @@ def get_selected_widgets(self, request):
             self.finding_notes = True
             self.finding_images = True
 
-        return report_widget_factory(json_data=request.POST['json'], request=request, finding_notes=self.finding_notes,
-                                     finding_images=self.finding_images)
+        return report_widget_factory(json_data=request.POST['json'], request=request, host=self.host,
+                              user=request.user, finding_notes=self.finding_notes,
+                              finding_images=self.finding_images)
 
     def get_form(self, request):
         return CustomReportJsonForm(request.POST)
@@ -152,8 +154,10 @@ def get_template(self):
     def get_context(self):
         return {
             "widgets": self.widgets,
+            "host": self.host,
             "finding_notes": self.finding_notes,
-            "finding_images": self.finding_images, }
+            "finding_images": self.finding_images,
+            "user_id": self.request.user.id, }
 
 
 def report_findings(request):

diff --git a/dojo/reports/widgets.py b/dojo/reports/widgets.py
@@ -247,6 +247,11 @@ class FindingList(Widget):
     def __init__(self, *args, **kwargs):
         if 'request' in kwargs:
             self.request = kwargs.get('request')
+        if 'user_id' in kwargs:
+            self.user_id = kwargs.get('user_id')
+
+        if 'host' in kwargs:
+            self.host = kwargs.get('host')
 
         if 'findings' in kwargs:
             self.findings = kwargs.get('findings')
@@ -285,16 +290,20 @@ def __init__(self, *args, **kwargs):
     def get_asciidoc(self):
         asciidoc = render_to_string("dojo/custom_asciidoc_report_findings.html",
                                     {"findings": self.findings.qs,
+                                     "host": self.host,
                                      "include_finding_notes": self.finding_notes,
-                                     "include_finding_images": self.finding_images, })
+                                     "include_finding_images": self.finding_images,
+                                     "user_id": self.user_id})
         return mark_safe(asciidoc)
 
     def get_html(self):
         html = render_to_string("dojo/custom_html_report_finding_list.html",
                                 {"title": self.title,
                                  "findings": self.findings.qs,
                                  "include_finding_notes": self.finding_notes,
-                                 "include_finding_images": self.finding_images, })
+                                 "include_finding_images": self.finding_images,
+                                 "host": self.host,
+                                 "user_id": self.user_id})
         return mark_safe(html)
 
     def get_option_form(self):
@@ -314,6 +323,11 @@ class EndpointList(Widget):
     def __init__(self, *args, **kwargs):
         if 'request' in kwargs:
             self.request = kwargs.get('request')
+        if 'user_id' in kwargs:
+            self.user_id = kwargs.get('user_id')
+
+        if 'host' in kwargs:
+            self.host = kwargs.get('host')
 
         if 'endpoints' in kwargs:
             self.endpoints = kwargs.get('endpoints')
@@ -349,14 +363,18 @@ def get_html(self):
                                 {"title": self.title,
                                  "endpoints": self.endpoints.qs,
                                  "include_finding_notes": self.finding_notes,
-                                 "include_finding_images": self.finding_images, })
+                                 "include_finding_images": self.finding_images,
+                                 "host": self.host,
+                                 "user_id": self.user_id})
         return mark_safe(html)
 
     def get_asciidoc(self):
         asciidoc = render_to_string("dojo/custom_asciidoc_report_endpoints.html",
                                     {"endpoints": self.endpoints.qs,
+                                     "host": self.host,
                                      "include_finding_notes": self.finding_notes,
-                                     "include_finding_images": self.finding_images, })
+                                     "include_finding_images": self.finding_images,
+                                     "user_id": self.user_id})
         return mark_safe(asciidoc)
 
     def get_option_form(self):
@@ -370,7 +388,8 @@ def get_option_form(self):
         return mark_safe(html)
 
 
-def report_widget_factory(json_data=None, request=None, finding_notes=False, finding_images=False):
+def report_widget_factory(json_data=None, request=None, user=None, finding_notes=False, finding_images=False,
+                          host=None):
     selected_widgets = OrderedDict()
     widgets = json.loads(json_data)
     for idx, widget in enumerate(widgets):
@@ -394,8 +413,9 @@ def report_widget_factory(json_data=None, request=None, finding_notes=False, fin
             filter_string_matching = get_system_setting("filter_string_matching", False)
             filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter
             endpoints = filter_class(d, queryset=endpoints, user=request.user)
+            user_id = user.id if user is not None else None
             endpoints = EndpointList(request=request, endpoints=endpoints, finding_notes=finding_notes,
-                                     finding_images=finding_images)
+                                     finding_images=finding_images, host=host, user_id=user_id)
 
             selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = endpoints
 
@@ -409,9 +429,11 @@ def report_widget_factory(json_data=None, request=None, finding_notes=False, fin
                     d[item['name']] = item['value']
 
             findings = ReportFindingFilter(d, queryset=findings)
+            user_id = user.id if user is not None else None
             selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = FindingList(request=request, findings=findings,
                                                                               finding_notes=finding_notes,
-                                                                              finding_images=finding_images)
+                                                                              finding_images=finding_images,
+                                                                              host=host, user_id=user_id)
 
         if list(widget.keys())[0] == 'wysiwyg-content':
             wysiwyg_content = WYSIWYGContent(request=request)