Skip to content

Commit

Permalink
Merge pull request #95 from sei-vsarvepalli/version-2.0.7
Browse files Browse the repository at this point in the history
Version 2.0.7 updates and enhancements.
  • Loading branch information
sei-vsarvepalli authored Mar 20, 2023
2 parents 9a4431c + 0777474 commit 9728c05
Show file tree
Hide file tree
Showing 28 changed files with 961 additions and 295 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# VINCE Changelog

Version 2.0.7 2023-03-20

* Security updates Django to 3.2.18 CVE-2023-24580, Remove python-futures (no longer used) GH Issues #91 #90 (Dependabot)
* Support User Approve Request (UAR) new workflow for User joining Vendor Group GH Issue #94
* Allow Tracking ID's to be added to Cases when user belongs to multiple groups (CaseTracking) reported by VINCE user.
* Move from initial to instance on Form Class inits() to modify existing data in Models/Forms pair
* Move more browser UI information to async data requests, less templates.
* Remove `marquee`, `command` and `style` tags from supported markdown_helpers lib.vince.markdown_helpers - reported by VINCE user.


Version 2.0.6 2023-01-23

* Removed Edit Vulnerability button superfluous GHIssue #77
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ VINCEPUB application provides publicly available publications and reports that u
users. Each application can also be further protected by network access controls as desired to
reduce the risk of exposure.

[<img src="VINCE_Infrastructure.png" width="100%"></A>](./VINCE_Infrastructure.png)
[<img src="https://github.com/CERTCC/VINCE/raw/main/Vince_Infrastructure.png" width="100%"></A>](https://github.com/CERTCC/VINCE/raw/main/Vince_Infrastructure.png)


### Local Install
Expand All @@ -81,7 +81,7 @@ reduce the risk of exposure.
2. Create a virtual environment and install requirements
```
cd bigvince
mkvirtualenv --python=/usr/local/bin/python3.6 bigvince (python3 -m venv env)
mkvirtualenv bigvince
source env/bin/activate
pip install -r requirements.txt
```
Expand Down
2 changes: 1 addition & 1 deletion bigvince/settings_.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
ROOT_DIR = environ.Path(__file__) - 3

# any change that requires database migrations is a minor release
VERSION = "2.0.6"
VERSION = "2.0.7"

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/
Expand Down
8 changes: 4 additions & 4 deletions cdk/lambda/CreateDatabases/requests/__version__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@

__title__ = 'requests'
__description__ = 'Python HTTP for Humans.'
__url__ = 'http://python-requests.org'
__version__ = '2.22.0'
__build__ = 0x022200
__url__ = 'https://requests.readthedocs.io'
__version__ = '2.27.1'
__build__ = 0x022701
__author__ = 'Kenneth Reitz'
__author_email__ = '[email protected]'
__license__ = 'Apache 2.0'
__copyright__ = 'Copyright 2019 Kenneth Reitz'
__copyright__ = 'Copyright 2023 Kenneth Reitz'
__cake__ = u'\u2728 \U0001f370 \u2728'
4 changes: 4 additions & 0 deletions lib/vince/markdown_helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@
import logging
from bs4 import BeautifulSoup


unsafe = {"style","marquee","command"}
generally_xss_safe = [v for v in generally_xss_safe if not v in unsafe]

logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)

Expand Down
15 changes: 15 additions & 0 deletions vince/static/vince/css/overrides.css
Original file line number Diff line number Diff line change
Expand Up @@ -119,3 +119,18 @@ nav.cdown li.not_affected {
background-color: #3adb76;
}

.new-vendor {
padding-left: 4px;
}
.p-inline-block {
display:inline-block;
}
.p-inline {
display:inline;
}
span.trackorg::before {
content: "[";
}
span.trackorg::after {
content: "]";
}
5 changes: 3 additions & 2 deletions vince/static/vince/css/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -714,7 +714,7 @@ ul {

#login-footer{
height:70px;
background-color:#FFF;
background-color:#525356;
border: solid 1px white;
max-width: 600px;
width: 100%;
Expand Down Expand Up @@ -3730,6 +3730,7 @@ h4 a i {
padding: 0 .25em;
font-size: 14px;
color: #666;
cursor:pointer;
}

.edit-delete-hover {
Expand All @@ -3756,7 +3757,7 @@ h4 a i {
}

.sent-by-me {
background-color: #7eb3af;
background-color: #777;
color: #fff;
}

Expand Down
13 changes: 12 additions & 1 deletion vince/static/vince/js/email.js
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,18 @@ $(document).ready(function() {
$('form').submit(function () {
window.removeEventListener('beforeunload', onBeforeUnload);
});

$('#emailform').on('submit', function() {
let emails = $('input[name="to"]').val().split(",");
let remail = /^([\w-\.]+@([\w-]+\.)+[\w-]{2,4})?$/;
for(let i = 0; i < emails.length; i++) {
if(!remail.test(emails[i])) {
alert("Email entry " + emails[i] + " is invalid! \n" +
"Enter valid email address before submitting.");
return false;
}
}
return true;
});

var options = {}
var selector = 'input[id^=id_contact]'
Expand Down
31 changes: 28 additions & 3 deletions vince/static/vince/js/tickets.js
Original file line number Diff line number Diff line change
Expand Up @@ -583,7 +583,11 @@ $(document).ready(function() {
$("#msgvendor").removeClass("hidden");
} else if (data['action_link']) {
$("#msgvendor").addClass("hidden");
$("#msgabutton").replaceWith("<a href=\""+data['action_link']+"\" class=\"button primary\">Send Email</a>");
let send_email = $("<div>")
.append($("<a>").addClass("button primary")
.prop("href",data.action_link)
.html("Send Email")).html()
$("#msgabutton").replaceWith(send_email);
} else {
$("#msgvendor").addClass("hidden");
$("#msgabutton").prop("disabled", true);
Expand Down Expand Up @@ -615,8 +619,28 @@ $(document).ready(function() {
}
});
}


function msgadminform_async() {
$('#msgadminform').on('submit',function(e) {
e.preventDefault();
$('body').css({opacity: 0.5});
$.post(this.action,$(this).serialize(),function(d) {
console.log(d);
$('#msgadminform .modal-body').html('<h2>Submit completed</h2>')
.append(JSON.stringify(d,null,'\t'));
}).fail(function() {
$('#msgadminform .modal-body').html('<h2>Submission Failed!<h2>')
.append("See console log for details");
console.log(arguments);
}).done(function() {
$('#msgadminform .modal-footer').html('');
setTimeout(function() {
$("#adddependency").foundation('close');
location.reload();
}, 900);
});
return false;
});
}
$(document).on("click", "#msgadmin", function(event) {
event.preventDefault();
var url = $(this).attr("href");
Expand All @@ -628,6 +652,7 @@ $(document).ready(function() {
adddepmodal.html(data).foundation('open');
$.getJSON("/vince/api/vendors/", function(data) {
vend_auto(data);
msgadminform_async();
});
},
error: function(xhr, status) {
Expand Down
6 changes: 5 additions & 1 deletion vince/templates/vince/include/changelog.html
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,11 @@

{% for revision in revisions %}
<div class="panel-group">
<div class="callout secondary" id="accordion{{ revision.revision_number }}">
{% if revision == vulnote.current_revision %}
<div class="callout success" id="accordion{{ revision.revision_number }}">
{% else %}
<div class="callout secondary" id="accordion{{ revision.revision_number }}">
{% endif %}
<div class="callout-heading">
<a class="callout-toggle" style="float: left;" data-toggle="collapse{{ revision.revision_number }}" href="{% url 'vince:diff' revision.id %}">
{% if revision == vulnote.current_revision %}
Expand Down
2 changes: 1 addition & 1 deletion vince/templates/vince/new_email.html
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ <h2>New Email</h2>

<div class="row">
<div class="small-12 large-12 columns">
<form method="post" enctype="multipart/form-data">{% csrf_token %}
<form method="post" id="emailForm" enctype="multipart/form-data">{% csrf_token %}
{% if form.errors %}
<p class="errornote">
{% if form.errors.items|length == 1 %}Please correct the error below.{% else %}Please correct the errors below.{% endif %}
Expand Down
2 changes: 1 addition & 1 deletion vince/templates/vince/teams.html
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ <h2>Coordination Teams</h2>
<div class="masonry-css-item">
<div class="callout text-center">
<div class="card-user-avatar">
<div class="card-profile-stats-intro">
<div class="card-profile-stats-intro card-profile">
{% autoescape off %}{{ team|teamlogo:"card-profile-stats-intro-pic" }}{% endautoescape %}
</div>
<div class="links">
Expand Down
4 changes: 3 additions & 1 deletion vince/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
from django.contrib import admin
from django.views.generic import TemplateView, RedirectView
from cogauth import views as cogauth_views

from vinny.views import userapproverequest

# DO NOT USE "vuls" or "comm" in the URL Path... these are special keywords in the
# database router that change the request variable to use a different database
Expand Down Expand Up @@ -325,6 +325,8 @@
re_path('^manage/cve/(?P<pk>[0-9]+)/key/', views.CVEAccountViewKey.as_view(), name='cveviewkey'),
re_path('^manage/cve/delete/(?P<pk>[0-9]+)/', views.CVEServicesDeleteAccount.as_view(), name='cve_services_delete'),
path('manage/bounces/', views.VINCEBounceManager.as_view(), name='bouncemanager'),
#Cross applications app url views from vinny.views
path('api/userapprove/', userapproverequest, {"caller": "vince"}, name='userapprove'),
]
try:
if settings.MULTIURL_CONFIG:
Expand Down
3 changes: 2 additions & 1 deletion vince/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -10342,7 +10342,7 @@ def get_context_data(self, **kwargs):
'pgp_formset': self.PgPFormSet(prefix='pgp', queryset=pgp, instance=contact)}
#'email_formset': self.EmailFormSet(prefix='email', queryset=email, instance=contact)}
context['groups'] = GroupMember.objects.filter(contact=self.kwargs['pk'])
context['form'] = self.form_class(initial=contact)
context['form'] = self.form_class(instance=contact)
context['form'].fields['vtype'].choices = [('User', 'User'), ('Vendor', 'Vendor'), ('Coordinator', 'Coordinator')]
context['form'].fields['vtype'].initial = contact.vendor_type
context['contact'] = contact
Expand Down Expand Up @@ -13478,6 +13478,7 @@ def get_context_data(self, **kwargs):
context['my_team'] = context['my_teams'][0]
return context


class VinceTeamSettingsView(LoginRequiredMixin, TokenMixin, UserPassesTestMixin, generic.TemplateView):
login_url = "vince:login"
template_name = "vince/teamsettings.html"
Expand Down
Loading

0 comments on commit 9728c05

Please sign in to comment.