summaryrefslogtreecommitdiff
path: root/pgweb/security/admin.py
blob: d045e3a8bc25568706644172175f19262b1d714f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

from django.contrib import admin
from django import forms
from django.conf import settings
from django.utils.safestring import mark_safe

from pgweb.core.models import Version
from pgweb.news.models import NewsArticle
from .models import SecurityPatch, SecurityPatchVersion


class VersionChoiceField(forms.ModelChoiceField):
    def label_from_instance(self, obj):
        return obj.numtree


class SecurityPatchVersionAdminForm(forms.ModelForm):
    model = SecurityPatchVersion
    version = VersionChoiceField(queryset=Version.objects.filter(tree__gt=0), required=True)


class SecurityPatchVersionAdmin(admin.TabularInline):
    model = SecurityPatchVersion
    extra = 2
    form = SecurityPatchVersionAdminForm


class SecurityPatchForm(forms.ModelForm):
    model = SecurityPatch
    newspost = forms.ModelChoiceField(queryset=NewsArticle.objects.filter(org=settings.PGDG_ORG_ID), required=False)

    def clean(self):
        d = super(SecurityPatchForm, self).clean()
        vecs = [v for k, v in list(d.items()) if k.startswith('vector_')]
        empty = [v for v in vecs if v == '']
        if len(empty) != len(vecs) and len(empty) != 0:
            for k in list(d.keys()):
                if k.startswith('vector_'):
                    self.add_error(k, 'Either specify all vector values or none')
        return d


class SecurityPatchAdmin(admin.ModelAdmin):
    form = SecurityPatchForm
    exclude = ['cvenumber', ]
    inlines = (SecurityPatchVersionAdmin, )
    list_display = ('cve', 'public', 'cvssscore', 'legacyscore', 'cvssvector', 'description')
    actions = ['make_public', 'make_unpublic']

    def cvssvector(self, obj):
        if not obj.cvssvector:
            return ''
        return mark_safe('<a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector={0}">{0}</a>'.format)(
            obj.cvssvector)
    cvssvector.allow_tags = True
    cvssvector.short_description = "CVSS vector link"

    def cvssscore(self, obj):
        return obj.cvssscore
    cvssscore.short_description = "CVSS score"

    def make_public(self, request, queryset):
        self.do_public(queryset, True)

    def make_unpublic(self, request, queryset):
        self.do_public(queryset, False)

    def do_public(self, queryset, val):
        # Intentionally loop and do manually, so we generate change notices
        for p in queryset.all():
            p.public = val
            p.save()


admin.site.register(SecurityPatch, SecurityPatchAdmin)
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-20 12:06:33 +0000