Merge pull request #131 from sei-vsarvepalli/version-2.1.9

Updates to VINCE 2.1.9

CHANGELOG.md

@@ -1,5 +1,23 @@
 # VINCE Changelog
 
+
+Version 2.1.9  2023-12-07
+
+* Dependabot update recommendations: `cryptography` 41.0.3 to 41.0.6
+* Fixed bug that prevented "Add Vulnerability" button from rerouting user to appropriate pages upon submission
+* Integrated custom metrics into weekly reports on VINCE activity
+
+Version 2.1.8  2023-11-08
+
+* Dependabot update recommendations: `django` 3.2.20 to 3.2.23
+* Restructured vendors tab on VINCE Track case page so that vendors table is paginated rather than indefinitely scrollable
+
+Version 2.1.7  2023-10-30
+
+* Added customization of MFA
+* Added code to catch and correct Vul Note Reviews with data omissions that led to page load failures in certain circumstances
+
+
 Version 2.1.6  2023-10-25
 
 * Fixed bug that interfered in certain circumstances with the operation of the vendor filter button on the VINCEComm case page

bigvince/settings_.py

@@ -56,7 +56,7 @@
 ROOT_DIR = environ.Path(__file__) - 3
 
 # any change that requires database migrations is a minor release
-VERSION = "2.1.6"
+VERSION = "2.1.9"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

requirements.txt

@@ -19,11 +19,11 @@ chardet==5.0.0
 charset-normalizer==2.1.1
 click==8.1.3
 colorama==0.4.4
-cryptography==41.0.3
+cryptography==41.0.6
 cvelib==1.1.0
 Deprecated==1.2.13
 dictdiffer==0.9.0
-Django==3.2.20
+Django==3.2.23
 django-appconf==1.0.5
 django-countries==7.4.2
 django-environ==0.9.0

vince/lib.py

@@ -50,7 +50,7 @@
 # from vince.models import Attachment, EmailTemplate, ArtifactAttachment, TicketArtifact
 from vince.models import *
 from vinny.models import Message, Case, Post, PostRevision, VinceCommContact, GroupContact, CaseMember, CaseMemberStatus, CaseStatement, CaseVulnerability, VTCaseRequest, VinceCommCaseAttachment, ReportAttachment, VinceCommInvitedUsers, CRFollowUp, VCVUReport, VendorAction, VendorStatusChange, CaseCoordinator, ContactInfoChange, CaseViewed, CaseVulExploit, CaseVulCVSS, CoordinatorSettings, VINCEEmailNotification
-from vince.mailer import send_newticket_mail, send_daily_digest_mail, send_reset_mfa_email, get_mail_content, send_weekly_report_mail
+from vince.mailer import send_newticket_mail, send_daily_digest_mail, send_reset_mfa_email, get_mail_content, send_weekly_report_mail, send_alert_email
 from .permissions import *
 import email
 import email.header
@@ -63,6 +63,7 @@
 logger.setLevel(logging.DEBUG)
 from vince.settings import VINCE_ASSIGN_TRIAGE, VINCE_IGNORE_TRANSIENT_BOUNCES
 from vince.permissions import get_case_case_queue, get_user_case_queue, get_user_gen_queue
+from lib.vince.utils import deepGet
 
 def md5_file(f):
     hash_md5 = hashlib.md5()
@@ -2681,14 +2682,12 @@ def publish_vul_note(vu_dict, key):
 def prepare_and_send_weekly_report():
 
     # get time info
-    context = {}
+
     oneweekago = date.today() - timedelta(days=7)
     year = oneweekago.isocalendar()[0]
     week = oneweekago.isocalendar()[1]
     weekstartdate = date.fromisocalendar(year, week, 1)
-    context['weekstartdate'] = weekstartdate
     weekenddate = date.fromisocalendar(year, week, 7)
-    context['weekenddate'] = weekenddate
     daterangeend = weekenddate + timedelta(days=1)
 
     # examine the GroupSettings model, looking for groups that have weekly="on"
@@ -2699,6 +2698,15 @@ def prepare_and_send_weekly_report():
     recipients = []
     groupid = 0
     for groupplussettings in groupsplussettings:
+        context = {}
+        context['weekstartdate'] = weekstartdate
+        context['weekenddate'] = weekenddate
+
+        # This is just for testing:
+        # weekstartdate = date.today()
+        # daterangeend = weekstartdate + timedelta(days=1)
+        # context['weekstartdate'] = weekstartdate
+        # context['weekenddate'] = weekstartdate + timedelta(days=1)
 
         # get recipients data as a list
         recipients = groupplussettings.metadata["reports"]["recipients"].split(',')
@@ -2726,20 +2734,60 @@ def prepare_and_send_weekly_report():
                                         'active_cases': active_cases,
                                         'deactive_cases': deactive_cases,
                                         'to_active_cases': to_active_cases}})
+        if groupid == 1:
+            ai_ml_boolean = False
+            # looks like this works:
+            context['total_ai_ml_crs'] = CaseRequest.objects.annotate(n=Cast(F("metadata__ai_ml_system"),models.TextField())).filter(n__icontains="True", queue__in=my_queues, created__range=[weekstartdate, daterangeend]).count()
+            if context['total_ai_ml_crs'] > 0:
+                ai_ml_boolean = True
+            ai_ml_new_cases = 0
+            ai_ml_active_cases = 0
+            ai_ml_deactive_cases = 0
+            ai_ml_to_active_cases = 0
+            for case in new_cases:
+                if deepGet(case,'case_request.caserequest.metadata.ai_ml_system') == True:
+                    ai_ml_new_cases += 1
+                    ai_ml_boolean = True
+            for case in active_cases:
+                if deepGet(case,'case_request.caserequest.metadata.ai_ml_system') == True:
+                    ai_ml_active_cases += 1
+                    ai_ml_boolean = True
+            for case in deactive_cases:
+                if deepGet(case.case,'case_request.caserequest.metadata.ai_ml_system') == True:
+                    ai_ml_deactive_cases += 1
+                    ai_ml_boolean = True
+            for case in to_active_cases:
+                if deepGet(case.case,'case_request.caserequest.metadata.ai_ml_system') == True:
+                    ai_ml_to_active_cases += 1
+                    ai_ml_boolean = True
+            context.update({'ai_ml_case_stats': {'ai_ml_new_cases':ai_ml_new_cases,
+                                'ai_ml_active_cases': ai_ml_active_cases,
+                                'ai_ml_deactive_cases': ai_ml_deactive_cases,
+                                'ai_ml_to_active_cases': ai_ml_to_active_cases}})
+            context['total_ai_ml_activity'] = context['total_ai_ml_crs'] + ai_ml_new_cases
+            context['ai_ml_boolean'] = ai_ml_boolean
         context['new_users'] = User.objects.using('vincecomm').filter(date_joined__range=[weekstartdate, daterangeend]).count()
         context['total_users'] = User.objects.using('vincecomm').all().count()
         vendor_group_dict = {group.name:group.user_set.count() for group in Group.objects.using('vincecomm').exclude(groupcontact__isnull=True) if group.user_set.count() > 0}
         context['vendors'] = len(vendor_group_dict)
         vendor_groups = Group.objects.using('vincecomm').exclude(groupcontact__isnull=True)
         context['vendor_users'] = User.objects.using('vincecomm').filter(groups__in=vendor_groups).distinct().count()
         context['fwd_reports'] = FollowUp.objects.filter(title__icontains="Successfully forwarded", date__range=[weekstartdate, daterangeend], ticket__queue__in=my_queues)
+        logger.debug(f'the context for the weekly reports email currently underway is {context}')
 
         # render the template with the data
         html_content = render_to_string('vince/printweeklyreport.html', context) + ""
 
         # send it to mailer.py for final pre-processing
         send_weekly_report_mail(recipients, my_team, html_content)
 
+def prepare_and_send_alert_email(cr):
+    logger.debug('prepare_and_send_alert_email has been correctly triggered')
+    recipients = ['[email protected]', '[email protected]']
+    crlink = f"{settings.SERVER_NAME}{reverse('vince:cr', args=[cr.id])}"
+    logger.debug(f'crlink is {crlink}')
+    send_alert_email(recipients, crlink)
+
 def send_vt_daily_digest(user):
 
     text = "" 

vince/mailer.py

@@ -724,6 +724,8 @@ def send_templated_mail(template_name,
             bcc = list(set(bcc) - set(bouncers))
             recipients = list(set(recipients) - set(bouncers))
     except Exception as e:
+        # Note: if the following error turns up in the logs, that does not mean that anything is malfunctioning. It may just mean that the line "bcc = list(set(bcc) - set(bouncers))"
+        # above failed because no bouncers were found, which is what is supposed to happen.
         logger.debug(f"Could not execute query against bounce list error {e}")
 
     if replyto:
@@ -1213,6 +1215,24 @@ def send_weekly_report_mail(recipients, my_team, html_content):
         html=True
     )
 
+def send_alert_email(recipients, crlink):
+    subject = 'VINCE Alert'
+
+    context = {
+        'crlink': crlink,
+        'subject': subject,
+        'login_url': f"{settings.SERVER_NAME}"
+    }
+
+    send_templated_mail(
+        'ai_ml_system_email',
+        context,
+        recipients=recipients,
+        fail_silently=True,
+        files=None,
+        html=True
+    )
+
 def send_email_to_all(to_group, subject, content, from_user, ticket):
     if to_group == '1':
         # get all vendors = get all groups with contacts

vince/models.py

@@ -4618,3 +4618,26 @@ class BounceEmailNotification(models.Model):
         default = False)
 
 
+class VinceAlerts(models.Model):
+    unique_id = models.AutoField(
+        primary_key=True,
+    )
+
+    trigger = models.TextField(
+        blank=False,
+        null=False,
+        default='CaseRequest.metadata.ai_ml_system',
+        unique=True,
+    )
+
+    alert_recipients = models.TextField(
+        blank=False,
+        null=False,
+    )
+
+    metadata = OldJSONField(
+        # This is where someday we will add "alert_type", which has the information about whether the email should include all info from the vul report or just a link
+        # or maybe something else
+        blank=True,
+        null=True,
+    )

vince/static/vince/css/style.css

@@ -140,7 +140,7 @@ h1.vince_login_logo {
     font-size: .5em; /*whatever em or rem size needed to get to this*/
     font-weight: 700;
 }
-    
+
 .site-wrapper {
 /*    display: flex;
     flex-direction: column;*/