Skip to content

Commit

Permalink
merge white/dev
Browse files Browse the repository at this point in the history
  • Loading branch information
Nicolas Rebagliati committed Dec 2, 2021
2 parents 5529c75 + e9966ae commit 5549987
Show file tree
Hide file tree
Showing 6 changed files with 399 additions and 72 deletions.
39 changes: 23 additions & 16 deletions faraday/migrations/versions/15d70093d262_severities_histogram_model.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@


# revision identifiers, used by Alembic.
from sqlalchemy import func
from sqlalchemy import func, case

from faraday.server.models import VulnerabilityGeneric, SeveritiesHistogram, Workspace

Expand All @@ -29,6 +29,7 @@ def upgrade():
sa.Column('medium', sa.Integer(), nullable=False),
sa.Column('high', sa.Integer(), nullable=False),
sa.Column('critical', sa.Integer(), nullable=False),
sa.Column('confirmed', sa.Integer(), nullable=False),
sa.ForeignKeyConstraint(['workspace_id'], ['workspace.id'], ),
sa.PrimaryKeyConstraint('id')
)
Expand All @@ -40,24 +41,30 @@ def upgrade():
session = sa.orm.Session(bind=bind)
workspaces = session.query(Workspace).all()
for workspace in workspaces:
vulnerabilities = session.query(VulnerabilityGeneric)\
.with_entities(func.date_trunc('day', VulnerabilityGeneric.create_date), VulnerabilityGeneric.severity, func.count(VulnerabilityGeneric.severity))\
.filter(VulnerabilityGeneric.workspace_id == workspace.id, VulnerabilityGeneric.status.notin_(['closed', 'risk-accepted']),
vulnerabilities = session.query(VulnerabilityGeneric) \
.with_entities(func.date_trunc('day', VulnerabilityGeneric.create_date),
VulnerabilityGeneric.severity,
func.count(VulnerabilityGeneric.severity),
func.sum(case([(VulnerabilityGeneric.confirmed, 1)], else_=0)))\
.filter(VulnerabilityGeneric.workspace_id == workspace.id,
VulnerabilityGeneric.status.notin_(['closed', 'risk-accepted']),
VulnerabilityGeneric.severity.in_(['medium', 'high', 'critical']))\
.group_by(func.date_trunc('day', VulnerabilityGeneric.create_date), VulnerabilityGeneric.severity).all()
for vulnerability in vulnerabilities:
sh = session.query(SeveritiesHistogram).filter(SeveritiesHistogram.date == vulnerability[0],
SeveritiesHistogram.workspace_id == workspace.id).first()
if sh is None:
sh = SeveritiesHistogram(date=vulnerability[0], workspace=workspace, medium=0, high=0, critical=0)
session.add(sh)
for histogram_date, severity_type, severity_count, confirmed_count in vulnerabilities:
severity_histogram = session.query(SeveritiesHistogram)\
.filter(SeveritiesHistogram.date == histogram_date,
SeveritiesHistogram.workspace_id == workspace.id).first()
if severity_histogram is None:
severity_histogram = SeveritiesHistogram(date=histogram_date, workspace=workspace, medium=0, high=0, critical=0, confirmed=0)
session.add(severity_histogram)
session.commit()
if vulnerability[1] == 'medium':
sh.medium = vulnerability[2]
if vulnerability[1] == 'high':
sh.high = vulnerability[2]
if vulnerability[1] == 'critical':
sh.critical = vulnerability[2]
if severity_type == 'medium':
severity_histogram.medium = severity_count
if severity_type == 'high':
severity_histogram.high = severity_count
if severity_type == 'critical':
severity_histogram.critical = severity_count
severity_histogram.confirmed += confirmed_count
session.commit()


Expand Down
14 changes: 10 additions & 4 deletions faraday/server/api/modules/workspaces.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ class HistogramSchema(Schema):
medium = fields.Integer(dump_only=True, attribute='medium')
high = fields.Integer(dump_only=True, attribute='high')
critical = fields.Integer(dump_only=True, attribute='critical')
confirmed = fields.Integer(dump_only=True, attribute='confirmed')


class WorkspaceDurationSchema(Schema):
Expand Down Expand Up @@ -119,7 +120,8 @@ def init_date_range(from_day, days):
date_list = [{'date': from_day - timedelta(days=x),
Vulnerability.SEVERITY_MEDIUM: 0,
Vulnerability.SEVERITY_HIGH: 0,
Vulnerability.SEVERITY_CRITICAL: 0} for x in range(days)]
Vulnerability.SEVERITY_CRITICAL: 0,
'confirmed': 0} for x in range(days)]
return date_list


Expand All @@ -142,7 +144,8 @@ def generate_histogram(from_date, days_before):
first_date = d.date
ws_histogram[ws_name][d.date] = {Vulnerability.SEVERITY_MEDIUM: d.medium,
Vulnerability.SEVERITY_HIGH: d.high,
Vulnerability.SEVERITY_CRITICAL: d.critical}
Vulnerability.SEVERITY_CRITICAL: d.critical,
'confirmed': d.confirmed}

# fix histogram gaps
if (date.today() - first_date).days < days_before:
Expand All @@ -151,20 +154,23 @@ def generate_histogram(from_date, days_before):
histogram_dict[ws_name] = [{'date': first_date + timedelta(days=x),
Vulnerability.SEVERITY_MEDIUM: 0,
Vulnerability.SEVERITY_HIGH: 0,
Vulnerability.SEVERITY_CRITICAL: 0}
Vulnerability.SEVERITY_CRITICAL: 0,
'confirmed': 0}
for x in range((date.today() - first_date).days + 1)]

# merge counters with days required
high = medium = critical = 0
confirmed = high = medium = critical = 0
for current_workspace_histogram_counters in histogram_dict[ws_name]:
current_date = current_workspace_histogram_counters['date']
if current_date in ws_histogram[ws_name]:
medium += ws_histogram[ws_name][current_date][Vulnerability.SEVERITY_MEDIUM]
high += ws_histogram[ws_name][current_date][Vulnerability.SEVERITY_HIGH]
critical += ws_histogram[ws_name][current_date][Vulnerability.SEVERITY_CRITICAL]
confirmed += ws_histogram[ws_name][current_date]['confirmed']
current_workspace_histogram_counters[Vulnerability.SEVERITY_MEDIUM] = medium
current_workspace_histogram_counters[Vulnerability.SEVERITY_HIGH] = high
current_workspace_histogram_counters[Vulnerability.SEVERITY_CRITICAL] = critical
current_workspace_histogram_counters['confirmed'] = confirmed
histogram_dict[ws_name] = histogram_dict[ws_name][-days_before:]

return histogram_dict
Expand Down
Loading

0 comments on commit 5549987

Please sign in to comment.