From cd30f4203e720eb91bdfc633fb4cbfd88a34c57c Mon Sep 17 00:00:00 2001 From: dogboat Date: Tue, 27 Feb 2024 00:12:29 -0500 Subject: [PATCH] EPSS Data Displayed Everywhere (#9621) * On Findings list, separate EPSS scores and percentiles into separate columns for sorting. Specify the sort function for datatables to use. * On Test view Findings list, show EPSS scores and percentiles. * Show EPSS score/percentile on similar Findings listing * Show EPSS info on Finding listing on Endpoint view * Add a template tag for formatting EPSS values; use that when displaying EPSS-related values * Show EPSS score/percentile on product tag/type count metrics views * Show EPPS info on vulnerabilities section of simple search * Remove repeated "%" sign from EPSS outputs * Add EPSS data to report builder findings list and html report * Show EPSS data on product endpoint report * Show EPSS data on product report request findings table * Show EPSS data on product report * Show EPSS data on product type report * Remove unneeded % suffix from test findings list * Show EPSS data on view risk acceptance findings list * Show EPSS data in Test report * Add EPSS data to finding report * Show EPSS data on engagement report * Show EPSS data on asciidoc report * Show EPSS data on asciidoc report: endpoints * Show EPSS data on endpoint pdf report * Show EPSS data on custom report endpoint list * Spacing on asciidoc report * Show EPSS data on custom asciidoc reports * Fix custom report endpoint list to remove unneeded nested * Show EPSS data on metrics page --- dojo/reports/views.py | 2 +- dojo/templates/dojo/asciidoc_report.html | 15 +++++++++- .../custom_asciidoc_report_endpoints.html | 7 +++++ .../dojo/custom_asciidoc_report_findings.html | 6 ++++ .../custom_html_report_endpoint_list.html | 6 ++++ .../dojo/custom_html_report_finding_list.html | 4 +++ dojo/templates/dojo/endpoint_pdf_report.html | 6 ++++ .../templates/dojo/engagement_pdf_report.html | 14 +++++++++ dojo/templates/dojo/finding_pdf_report.html | 6 ++++ dojo/templates/dojo/finding_related_list.html | 6 ++-- dojo/templates/dojo/finding_related_row.html | 2 ++ .../templates/dojo/findings_list_snippet.html | 30 ++++++++++--------- dojo/templates/dojo/metrics.html | 6 ++++ .../dojo/product_endpoint_pdf_report.html | 20 ++++++++----- dojo/templates/dojo/product_pdf_report.html | 6 ++++ .../dojo/product_type_pdf_report.html | 20 ++++++++----- dojo/templates/dojo/pt_counts.html | 6 ++++ dojo/templates/dojo/report_findings.html | 5 ++++ dojo/templates/dojo/request_report.html | 7 +++++ dojo/templates/dojo/simple_search.html | 6 ++++ dojo/templates/dojo/test_pdf_report.html | 14 +++++++++ dojo/templates/dojo/view_endpoint.html | 7 +++++ dojo/templates/dojo/view_finding.html | 8 +++++ dojo/templates/dojo/view_risk_acceptance.html | 6 ++++ dojo/templates/dojo/view_test.html | 20 +++++++++++++ dojo/templatetags/display_tags.py | 7 +++++ 26 files changed, 210 insertions(+), 32 deletions(-) diff --git a/dojo/reports/views.py b/dojo/reports/views.py index d4697dd2dd9..b40efb85ffc 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -288,7 +288,7 @@ def product_endpoint_report(request, pid): 'verified_findings': verified_findings, 'engagement': None, 'test': None, - 'endpoints': endpoints, + 'endpoints': endpoints.qs, 'endpoint': None, 'findings': None, 'include_finding_notes': include_finding_notes, diff --git a/dojo/templates/dojo/asciidoc_report.html b/dojo/templates/dojo/asciidoc_report.html index 0327ad9f731..5ec7cd584a5 100644 --- a/dojo/templates/dojo/asciidoc_report.html +++ b/dojo/templates/dojo/asciidoc_report.html @@ -222,12 +222,13 @@

== Test Notes ==

{% if engagement.risk_acceptance.count %}

== ?Risk Accepted Findings ==

|===
- |Name |Date |Severity
+ |Name |Date |Severity |EPSS Score / Percentile
{% for risk in engagement.risk_acceptance.all %} {% for finding in risk.accepted_findings.all %} |{{ finding.title }}
|{{ finding.date }}
|{{ finding.severity }}
+ |{{ finding.epss_score|format_epss }} / {{ finding.epss_percentile|format_epss }}
{% endfor %} {% endfor %} |===
@@ -279,6 +280,12 @@

==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat {{ find.severity }} ({{ find.numerical_severity }})

+
+

==== EPSS Score / Percentile: ==== +
+ {{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }} +

+

==== Description / Exploit: ====
{{ find.description|linebreaksbr }} @@ -432,6 +439,12 @@

==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat {{ find.severity }} ({{ find.numerical_severity }})

+
+

==== EPSS Score / Percentile: ==== +
+ {{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }} +

+

==== Description / Exploit: ====
{{ find.description|linebreaksbr }} diff --git a/dojo/templates/dojo/custom_asciidoc_report_endpoints.html b/dojo/templates/dojo/custom_asciidoc_report_endpoints.html index 6fba89de8a4..1b4840a458c 100644 --- a/dojo/templates/dojo/custom_asciidoc_report_endpoints.html +++ b/dojo/templates/dojo/custom_asciidoc_report_endpoints.html @@ -31,6 +31,7 @@

==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat
{{ find.status }}

+

==== CVSSv3: ====
{{ find.cvssv3|linebreaksbr }} @@ -47,6 +48,12 @@

==== Finding {{ find.id }}: {{ find.title | nice_title }} {% if find.mitigat {{ find.severity }} ({{ find.numerical_severity }})

+
+

==== EPSS Score / Percentile: ==== +
+ {{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }} +

+

==== Description / Exploit: ====
{{ find.description|linebreaksbr }} diff --git a/dojo/templates/dojo/custom_asciidoc_report_findings.html b/dojo/templates/dojo/custom_asciidoc_report_findings.html index 8f23f3cb005..2482545f3d2 100644 --- a/dojo/templates/dojo/custom_asciidoc_report_findings.html +++ b/dojo/templates/dojo/custom_asciidoc_report_findings.html @@ -48,6 +48,12 @@

==== {{ find.title | nice_title }} {% if find.mitigated %} {{ find.severity }} ({{ find.numerical_severity }})

+
+

==== EPSS Score / Percentile: ==== +
+ {{ find.epss_score|format_epss }} / {{ find.epss_percentile|format_epss }} +

+

==== Description / Exploit: ====
{{ find.description|linebreaksbr }} diff --git a/dojo/templates/dojo/custom_html_report_endpoint_list.html b/dojo/templates/dojo/custom_html_report_endpoint_list.html index 00832acac48..9d1614605f8 100644 --- a/dojo/templates/dojo/custom_html_report_endpoint_list.html +++ b/dojo/templates/dojo/custom_html_report_endpoint_list.html @@ -49,6 +49,7 @@

+ {% if finding.risk_acceptance_set.all %} @@ -75,6 +76,11 @@
{% endif %} +
{% if finding.risk_acceptance_set.all %}
SeverityEPSS Score / Percentile StatusAcceptance + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} + {{ finding.status }} diff --git a/dojo/templates/dojo/custom_html_report_finding_list.html b/dojo/templates/dojo/custom_html_report_finding_list.html index a74ef42f4f9..631461c585d 100644 --- a/dojo/templates/dojo/custom_html_report_finding_list.html +++ b/dojo/templates/dojo/custom_html_report_finding_list.html @@ -34,6 +34,7 @@
+ {% if finding.risk_acceptance_set.all %} @@ -66,6 +67,9 @@
{% endif %} +
{% if finding.risk_acceptance_set.all %}
SeverityEPSS Score / Percentile StatusAcceptance + {{ finding.epss_score|format_epss }} / {{ finding.epss_percentile|format_epss }} + {{ finding.status }} diff --git a/dojo/templates/dojo/endpoint_pdf_report.html b/dojo/templates/dojo/endpoint_pdf_report.html index b53c8337422..55322e80eef 100644 --- a/dojo/templates/dojo/endpoint_pdf_report.html +++ b/dojo/templates/dojo/endpoint_pdf_report.html @@ -112,6 +112,7 @@
+ {% if finding.risk_acceptance_set.all %} @@ -137,6 +138,11 @@
{% endif %} +
{% if finding.risk_acceptance_set.all %} + {% for risk in engagement.risk_acceptance.all %} {% for finding in risk.accepted_findings.all %} @@ -201,6 +204,11 @@

Risk Accepted Findings

+ {% endfor %} {% endfor %} @@ -236,6 +244,7 @@
SeverityEPSS Score / Percentile StatusAcceptance + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} + {{ finding.status }} diff --git a/dojo/templates/dojo/engagement_pdf_report.html b/dojo/templates/dojo/engagement_pdf_report.html index 154f79130e1..108cb4fc8d9 100644 --- a/dojo/templates/dojo/engagement_pdf_report.html +++ b/dojo/templates/dojo/engagement_pdf_report.html @@ -194,6 +194,9 @@

Risk Accepted Findings

 Severity + EPSS Score / Percentile +
{{ finding.title }} {{ finding.date }} {{ finding.severity }} + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} +
+ {% if finding.risk_acceptance_set.all %} @@ -262,6 +271,11 @@
{% endif %} +
{% if finding.risk_acceptance_set.all %}
SeverityEPSS Score / Percentile StatusAcceptance + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} + {{ finding.status }} diff --git a/dojo/templates/dojo/finding_pdf_report.html b/dojo/templates/dojo/finding_pdf_report.html index a37b0faf71b..8a229b072ac 100644 --- a/dojo/templates/dojo/finding_pdf_report.html +++ b/dojo/templates/dojo/finding_pdf_report.html @@ -88,6 +88,7 @@
+ {% if finding.risk_acceptance_set.all %} @@ -113,6 +114,11 @@
{% endif %} +
{% if finding.risk_acceptance_set.all %}
SeverityEPSS Score / Percentile StatusAcceptance + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} + {{ finding.status }} diff --git a/dojo/templates/dojo/finding_related_list.html b/dojo/templates/dojo/finding_related_list.html index 8cac161abeb..5354346a5fb 100644 --- a/dojo/templates/dojo/finding_related_list.html +++ b/dojo/templates/dojo/finding_related_list.html @@ -4,7 +4,7 @@ {% include "dojo/paging_snippet.html" with page=finding_list prefix=prefix page_size=True %} - + @@ -15,12 +15,14 @@ + + {% if system_settings.enable_jira %} {% endif %} - + {% if finding_first_related %} {% include "dojo/finding_related_row.html" with similar_finding=finding_first_related finding_context=finding %} diff --git a/dojo/templates/dojo/finding_related_row.html b/dojo/templates/dojo/finding_related_row.html index f3659364ac7..204e2875375 100644 --- a/dojo/templates/dojo/finding_related_row.html +++ b/dojo/templates/dojo/finding_related_row.html @@ -49,6 +49,8 @@ {% endif %} + + {% if similar_finding.file_path %} + +
Relationship Severity TitleProduct CWE Vulnerability IdEPSS ScoreEPSS Percentile FileJIRAAction
{{ similar_finding.cve }}{{ similar_finding.epss_score|format_epss }}{{ similar_finding.epss_percentile|format_epss }} {{ similar_finding.file_path|truncatechars_html:20 }}{% if similar_finding.line > 0 %} (Line {{ similar_finding.line }}){% endif %} diff --git a/dojo/templates/dojo/findings_list_snippet.html b/dojo/templates/dojo/findings_list_snippet.html index 514c6e1a96c..85a5d45862d 100644 --- a/dojo/templates/dojo/findings_list_snippet.html +++ b/dojo/templates/dojo/findings_list_snippet.html @@ -2,7 +2,6 @@ {% load display_tags %} {% load authorization_tags %} {% load get_endpoint_status %} -{% load multiply %} {% load static %} {% load i18n %} {% block findings_list %} @@ -324,7 +323,10 @@

{% trans "Vulnerability Id" %}

- {% trans "EPSS Score" %} / {% trans "Percentile" %} + {% trans "EPSS Score" %} + + {% trans "EPSS Percentile" %} {% if filter_name == 'Closed' %} @@ -598,17 +600,10 @@

{% endwith %}

- {% if finding.epss_score is not None %} - {{ finding.epss_score|multiply:100|floatformat:"2" }}% - {% else %} - N.A. - {% endif %} - / - {% if finding.epss_percentile is not None %} - {{ finding.epss_percentile|multiply:100|floatformat:"2" }}% - {% else %} - N.A. - {% endif %} + {{ finding.epss_score|format_epss }} + + {{ finding.epss_percentile|format_epss }} {% if filter_name == 'Closed' %} @@ -727,6 +722,12 @@