diff --git a/dojo/finding/urls.py b/dojo/finding/urls.py index fa442df384c..75ab68303a4 100644 --- a/dojo/finding/urls.py +++ b/dojo/finding/urls.py @@ -142,6 +142,8 @@ name="choose_finding_template_options"), re_path(r"^finding/(?P\d+)/(?P\d+)/apply_template_to_finding$", views.apply_template_to_finding, name="apply_template_to_finding"), + re_path(r"^finding/(?P\d+)/verify$", views.verify_finding, + name="verify_finding"), re_path(r"^finding/(?P\d+)/close$", views.close_finding, name="close_finding"), re_path(r"^finding/(?P\d+)/defect_review$", diff --git a/dojo/finding/views.py b/dojo/finding/views.py index 5dfd50d601b..3d884bb89f0 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -1223,6 +1223,72 @@ def close_finding(request, fid): ) +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") +def verify_finding(request, fid): + finding = get_object_or_404(Finding, id=fid) + + if finding.verified: + messages.add_message( + request, + messages.INFO, + "Finding already verified.", + extra_tags="alert-info", + ) + return redirect_to_return_url_or_else( + request, + reverse("view_finding", args=(finding.id,)), + ) + + form = NoteForm(data=request.POST or None) + form.fields["entry"].required = False + form.fields["entry"].label = _("Comment (optional)") + + if request.method == "POST" and form.is_valid(): + entry = form.cleaned_data.get("entry", "").strip() + if entry: + note = form.save(commit=False) + note.author = request.user + note.save() + finding.notes.add(note) + + now_time = timezone.now() + finding.verified = True + finding.last_reviewed = now_time + finding.last_reviewed_by = request.user + finding.last_status_update = now_time + finding.save(push_to_jira=False) + + messages.add_message( + request, + messages.SUCCESS, + "Finding verified.", + extra_tags="alert-success", + ) + + return redirect_to_return_url_or_else( + request, + reverse("view_finding", args=(finding.id,)), + ) + + product_tab = Product_Tab( + finding.test.engagement.product, + title="Verify Finding", + tab="findings", + ) + + return render( + request, + "dojo/verify_finding.html", + { + "finding": finding, + "product_tab": product_tab, + "user": request.user, + "form": form, + "active_tab": "findings", + }, + ) + + @user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def defect_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) diff --git a/dojo/templates/dojo/verify_finding.html b/dojo/templates/dojo/verify_finding.html new file mode 100644 index 00000000000..f07cca04143 --- /dev/null +++ b/dojo/templates/dojo/verify_finding.html @@ -0,0 +1,18 @@ +{% extends "base.html" %} +{% load i18n %} + +{% block content %} + {{ block.super }} +

{% trans "Verify Finding" %}

+

{{ finding.title }}

+

{% trans "Use this form to mark the finding as verified. Adding a comment is optional." %}

+
+ {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
+
+ +
+
+
+{% endblock %} diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html index bae3abbe8b8..ae15a8ae17b 100755 --- a/dojo/templates/dojo/view_finding.html +++ b/dojo/templates/dojo/view_finding.html @@ -126,6 +126,13 @@

{% else %} + {% if not finding.verified %} +
  • + + Verify Finding + +
    • + {% endif %}
  • Close Finding