VINCE upgrade to 2.1.6

CHANGELOG.md

@@ -1,5 +1,17 @@
 # VINCE Changelog
 
+Version 2.1.6  2023-10-25
+
+* Fixed bug that interfered in certain circumstances with the operation of the vendor filter button on the VINCEComm case page
+* Dependabot update recommendations: `urllib3` 1.26.12 to 1.26.18
+* Fixed bug that obstrcuted case assignment process for VINCETrack users with identical preferred usernames
+* Adjusted code for asynchronous loading on ticket page to ensure it works on all ticket pages, including case request tickets
+* Set up periodic autorefresh feature for VINCE Track ticket page
+* Reformulated misleading UI labels for case transfer request process
+* Resolved Issue by simpifying/correcting search code & disambiguating labels in report views
+* Added AI/ML systems checkbox to public & VINCE Comm vul report form, routing of AI/ML-related tickets
+
+
 Version 2.1.5  2023-09-21
 
 * Enhanced operation of VINCEComm case discussion section, moving focus to editable div when the user chooses to edit a post

bigvince/settings_.py

@@ -56,7 +56,7 @@
 ROOT_DIR = environ.Path(__file__) - 3
 
 # any change that requires database migrations is a minor release
-VERSION = "2.1.5"
+VERSION = "2.1.6"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

requirements.txt

@@ -19,7 +19,7 @@ chardet==5.0.0
 charset-normalizer==2.1.1
 click==8.1.3
 colorama==0.4.4
-cryptography==41.0.4
+cryptography==41.0.3
 cvelib==1.1.0
 Deprecated==1.2.13
 dictdiffer==0.9.0
@@ -75,7 +75,7 @@ six==1.16.0
 soupsieve==2.3.2.post1
 sqlparse==0.4.4
 typing_extensions==4.4.0
-urllib3==1.26.12
+urllib3==1.26.18
 vine==5.0.0
 watchtower==3.0.0
 webencodings==0.5.1

vince/lib.py

@@ -397,6 +397,7 @@ def update_vinny_cr(instance):
         vtcr.vendor_communication = cr.vendor_communication
         vtcr.product_name = cr.product_name
         vtcr.ics_impact = cr.ics_impact
+        vtcr.metadata = cr.metadata
         vtcr.product_version = cr.product_version
         vtcr.vul_description = cr.vul_description
         vtcr.vul_exploit = cr.vul_exploit
@@ -1678,7 +1679,7 @@ def parse_attachment(message_part):
 
 def create_ticket_for_error_email(filename, bucket, queue=None, from_email=None, body=None, cert_id=None, case=None):
     if queue == None:
-        queue = TicketQueue.objects.filter(queue_type=1, from_email=bucket).first()
+        queue = TicketQueue.objects.filter(queue_type=TicketQueue.GENERAL_TICKET_QUEUE, from_email=bucket).first()
 
     if len(body) > 5000:
         #truncate long bodies
@@ -2176,7 +2177,7 @@ def create_ticket_from_email(filename, body, bucket):
     logger.debug(rq)
 
     #this is the default queue - the general queue for this bucket
-    queue = TicketQueue.objects.filter(from_email=bucket, queue_type=1).first()
+    queue = TicketQueue.objects.filter(from_email=bucket, queue_type=TicketQueue.GENERAL_TICKET_QUEUE).first()
     if queue == None:
         # this is misconfigured!
         send_error_sns("ticket queues", "misconfiguration",

vince/mailer.py

@@ -516,7 +516,7 @@ def send_updatecase_mail(action, new_user=None):
         # cut a new ticket to alert
         if case.team_owner:
             tq = get_team_queues(case.team_owner)
-            queue = tq.filter(queue_type=2).first()
+            queue = tq.filter(queue_type=TicketQueue.CASE_REQUEST_QUEUE).first()
         else:
             queue = get_case_case_queue(case)
 

vince/models.py

@@ -55,17 +55,6 @@
 
 logger.setLevel(logging.DEBUG)
 
-GENERAL_TICKET_QUEUE = 1
-CASE_REQUEST_QUEUE = 2
-CASE_TASK_QUEUE = 3
-OTHER_QUEUE = 4
-QUEUE_TYPE = (
-    (GENERAL_TICKET_QUEUE, _('General Ticket')),
-    (CASE_REQUEST_QUEUE, _('Case Request Queue')),
-    (CASE_TASK_QUEUE, _('Case Task Queue')),
-    (OTHER_QUEUE, _('Other Queue'))
-)
-
 class OldJSONField(JSONField):
     """ This was due to legacy support in Django 2.2. from_db_value
     should be explicitily sepcified when extending JSONField """
@@ -161,7 +150,7 @@ class GroupSettings(models.Model):
 
     def _get_triage(self):
         #get cr wueue
-        queue = TicketQueue.objects.filter(queue_type=2, team=self.group).first()
+        queue = TicketQueue.objects.filter(queue_type=TicketQueue.CASE_REQUEST_QUEUE, team=self.group).first()
         return queue
 
     triage = property(_get_triage)
@@ -539,6 +528,17 @@ class TicketQueue(models.Model):
     a queue for each of Accounts, Pre-Sales, and Support.
     """
 
+    GENERAL_TICKET_QUEUE = 1
+    CASE_REQUEST_QUEUE = 2
+    CASE_TASK_QUEUE = 3
+    OTHER_QUEUE = 4
+    QUEUE_TYPE = (
+        (GENERAL_TICKET_QUEUE, _('General Ticket')),
+        (CASE_REQUEST_QUEUE, _('Case Request Queue')),
+        (CASE_TASK_QUEUE, _('Case Task Queue')),
+        (OTHER_QUEUE, _('Other Queue'))
+    )
+
     title = models.CharField(_('Title'),
                              max_length=100)
 
@@ -1924,6 +1924,11 @@ class CaseRequest(Ticket):
     vendor_communication = models.TextField(blank=True, null=True)
     product_name = models.CharField(max_length=500)
     product_version = models.CharField(max_length=100, blank=True, null=True)
+    metadata = OldJSONField(
+        help_text=_('Extensible, currently used to specify relevance to AI/ML systems'),
+        blank=True,
+        null=True
+    )
     ics_impact = models.BooleanField(default=False)
     vul_description = models.TextField(blank=True, null=True)
     vul_exploit = models.TextField(blank=True, null=True)

vince/permissions.py

@@ -79,23 +79,27 @@ def get_r_queues(user):
     queues = QueuePermissions.objects.filter(group__in=user_groups, group_read=True).values_list('queue', flat=True)
     return queues
 
-def get_case_case_queue(case):
-    groups = CasePermissions.objects.filter(case=case, group_write=True).exclude(group__groupsettings__contact__isnull=True).values_list('group', flat=True)
-    qperm = QueuePermissions.objects.filter(group__in=groups, group_write=True, queue__queue_type=3).first()
-    if qperm:
-        return qperm.queue
+def get_case_case_queue(case, user=None):
+    if user:
+        groups = CasePermissions.objects.filter(case=case, group_write=True,group__in=user.groups.all()).exclude(group__groupsettings__contact__isnull=True).values_list('group', flat=True)
+    else:
+        groups = CasePermissions.objects.filter(case=case, group_write=True).exclude(group__groupsettings__contact__isnull=True).values_list('group', flat=True)
+    if groups:
+        qperm = QueuePermissions.objects.filter(group__in=groups, group_write=True, queue__queue_type=TicketQueue.CASE_TASK_QUEUE).first()
+        if qperm:
+            return qperm.queue
     return TicketQueue.objects.get(slug='case')
 
 def get_user_case_queue(user):
     user_groups = user.groups.exclude(groupsettings__contact__isnull=True)
-    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=3).first()
+    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=TicketQueue.CASE_TASK_QUEUE).first()
     if perms:
         return perms.queue
     return TicketQueue.objects.get(slug='case')
 
 def get_user_gen_queue(user):
     user_groups = user.groups.exclude(groupsettings__contact__isnull=True)
-    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=1).first()
+    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=TicketQueue.GENERAL_TICKET_QUEUE).first()
     if perms:
         return perms.queue
     return TicketQueue.objects.get(slug='gen')
@@ -112,14 +116,14 @@ def get_vendor_queue(user):
 
 def get_user_cr_queue(user):
     user_groups = user.groups.exclude(groupsettings__contact__isnull=True)
-    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=2).first()
+    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=TicketQueue.CASE_REQUEST_QUEUE).first()
     if perms:
         return perms.queue
     return TicketQueue.objects.get(slug='cr')
 
 def get_all_cr_queue(user):
     user_groups = user.groups.exclude(groupsettings__contact__isnull=True)
-    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=2).values_list('queue', flat=True)
+    perms = QueuePermissions.objects.filter(group__in=user_groups, group_read=True, group_write=True, queue__queue_type=TicketQueue.CASE_REQUEST_QUEUE).values_list('queue', flat=True)
     if perms:
         return TicketQueue.objects.filter(id__in=perms)
     return None