From baaecd06fe397242b90a1ca674fc1fa3daa41ccd Mon Sep 17 00:00:00 2001
From: Jan Polonsky <jan.polonsky@nbu.gov.sk>
Date: Fri, 24 Nov 2023 15:58:26 +0100
Subject: [PATCH] Update presenters 2 - replace png with new svg image -
 updated pdf_template.html - add script to change existing DB settings

---
 .../d776f47ce040_update_pdf_template_path.py  |  83 ++++++
 src/presenters/templates/images/taranis.svg   |  16 ++
 src/presenters/templates/pdf_template.html    | 267 ++++++++++++++++++
 3 files changed, 366 insertions(+)
 create mode 100644 src/core/migrations/versions/d776f47ce040_update_pdf_template_path.py
 create mode 100644 src/presenters/templates/images/taranis.svg
 create mode 100644 src/presenters/templates/pdf_template.html

diff --git a/src/core/migrations/versions/d776f47ce040_update_pdf_template_path.py b/src/core/migrations/versions/d776f47ce040_update_pdf_template_path.py
new file mode 100644
index 000000000..7357d6a3f
--- /dev/null
+++ b/src/core/migrations/versions/d776f47ce040_update_pdf_template_path.py
@@ -0,0 +1,83 @@
+"""Correct old presenter template details
+
+Revision ID: d776f47ce040
+Revises: 1c4eed243364
+Create Date: 2023-11-24 12:58:32.377642
+
+"""
+from alembic import op
+from sqlalchemy import orm, Column, ForeignKey, String, Integer, Boolean, text
+from sqlalchemy.ext.declarative import declarative_base
+import sqlalchemy as sa
+
+Base = declarative_base()
+
+# revision identifiers, used by Alembic.
+revision = 'd776f47ce040'
+down_revision = '1c4eed243364'
+branch_labels = None
+depends_on = None
+
+class Presenter_d776f47ce040(Base):
+    __tablename__ = 'presenter'
+    id = Column(String(64), primary_key=True)
+    type = Column(String, nullable=False)
+
+class PresenterParameter_d776f47ce040(Base):
+    __tablename__ = 'presenter_parameter'
+    presenter_id = Column(String(64), ForeignKey('presenter.id'), primary_key=True, nullable=False)
+    parameter_id = Column(Integer, ForeignKey('parameter.id'), primary_key=True, nullable=False)
+
+class Parameter_d776f47ce040(Base):
+    __tablename__ = 'parameter'
+    id = Column(Integer, primary_key=True, server_default=text("nextval('parameter_id_seq'::regclass)"))
+    key = Column(String, nullable=False)
+    name = Column(String, nullable=False)
+    description = Column(String)
+
+class ParameterValue_d776f47ce040(Base):
+    __tablename__ = 'parameter_value'
+    id = Column(Integer, primary_key=True, server_default=text("nextval('parameter_value_id_seq'::regclass)"))
+    value = Column(String, nullable=False)
+    parameter_id = Column(ForeignKey('parameter.id'))
+
+def upgrade():
+    bind = op.get_bind()
+    session = orm.Session(bind=bind)
+
+    # add cascade delete
+    delete_previous()
+    # parameter -> presenter_parameter
+    op.create_foreign_key('presenter_parameter_parameter_id_fkey', 'presenter_parameter', 'parameter', ['parameter_id'], ['id'], ondelete='CASCADE')
+
+    # Correct old presenter template details
+    presenters = session.query(Presenter_d776f47ce040).filter_by(type = 'PDF_PRESENTER').all()
+    for pres in presenters:
+        presenterParameters = session.query(PresenterParameter_d776f47ce040).filter_by(presenter_id = pres.id).all()
+        for presParam in presenterParameters:
+            parameters = session.query(Parameter_d776f47ce040).filter_by(id = presParam.parameter_id).all()
+            for param in parameters:
+                if param.key == "HEADER_TEMPLATE_PATH" or param.key == "FOOTER_TEMPLATE_PATH":
+                    session.delete(param)
+                    print(f"Old parameter deleted... ({param.key})", flush=True)
+                elif param.key == "BODY_TEMPLATE_PATH":
+                    param.key = "PDF_TEMPLATE_PATH"
+                    param.name = "PDF template with its path"
+                    param.description = "Path of pdf template file"
+                    session.add(param)
+                    val = session.query(ParameterValue_d776f47ce040).filter_by(parameter_id = param.id).first()
+                    if val:
+                        val.value = val.value.replace("pdf_body_template.html", "pdf_template.html")
+                        session.add(val)
+                        print(f"Old parameter updated... ({param.key})", flush=True)
+                session.commit()
+
+def downgrade():
+    delete_previous()
+    # parameter -> presenter_parameter
+    op.create_foreign_key('presenter_parameter_parameter_id_fkey', 'presenter_parameter', 'parameter', ['parameter_id'], ['id'])
+
+def delete_previous():
+    print("Deleting previous constraints...", flush=True)
+    op.drop_constraint('presenter_parameter_parameter_id_fkey', 'presenter_parameter', type_='foreignkey')
+    print("Adding new constraints...", flush=True)
\ No newline at end of file
diff --git a/src/presenters/templates/images/taranis.svg b/src/presenters/templates/images/taranis.svg
new file mode 100644
index 000000000..2801b9584
--- /dev/null
+++ b/src/presenters/templates/images/taranis.svg
@@ -0,0 +1,16 @@
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="50" viewBox="0 0 435 84"
+     style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g id="taranis-logo" >
+        <path id="Taranis"
+            d="M355.998,61.705l-32,0l-4,-4l0,-8l8,0l0,4l24,0l0,-8l-28,0l-4,-4l0,-16l4,-4l32,0l4,4l0,8l-8,0l0,-4l-24,0l0,8l28,0l4,4l0,16l-4,4Zm-42,0l-8,0l0,-40l8,0l0,40Zm-92,0l-8,0l0,-40l26,0l14,14l0,26l-8,0l0,-8l-24,0l0,8Zm-60,0l-8,0l0,-8l-24,0l0,8l-8,0l0,-26l14,-14l26,0l0,40Zm106,0l-8,0l0,-40l8,0l24,28l0,-28l8,0l0,40l-8,0l-24,-28l0,28Zm-92,0l-8,0l0,-40l32,0l8,8l0,16l-4,4l4,4l0,8l-8,0l0,-4l-4,-4l-20,0l0,8Zm-54,-32l-16,0l0,32l-8,0l0,-32l-16,0l0,-8l40,0l0,8Zm302.795,-2c1.217,0 2.205,0.988 2.205,2.205l0,23.591c0,1.216 -0.988,2.204 -2.205,2.204l-45.591,0c-1.216,0 -2.204,-0.988 -2.204,-2.204l0,-23.591c0,-1.217 0.988,-2.205 2.204,-2.205l45.591,0Zm-270.795,2l-14,0l-10,10l0,6l24,0l0,-16Zm42,0l-20,0l0,16l20,0l4,-4l0,-8l-4,-4Zm40,0l-14,0l0,16l24,0l0,-6l-10,-10Z"
+        />
+        <path id="NG"
+            d="M420.998,31.705l2,2l0,4l-4,0l0,-2l-12,0l0,12l12,0l0,-4l-6,0l0,-4l10,0l0,12l-18,0l-2,-2l0,-16l2,-2l16,0Zm-36,20l-4,0l0,-20l4,0l12,14l0,-14l4,0l0,20l-4,0l-12,-14l0,14Z"
+            style="fill:#fff;"
+        />
+        <path id="Logo"
+            d="M51.249,31.04c-1.668,-2.343 -1.452,-5.619 0.648,-7.72c2.342,-2.341 6.144,-2.341 8.486,0c2.341,2.342 2.341,6.144 0,8.486c-2.101,2.1 -5.377,2.316 -7.72,0.648l-4.345,4.345c2.238,2.877 2.238,6.935 0,9.812l4.345,4.345c2.343,-1.668 5.619,-1.452 7.72,0.649c2.341,2.341 2.341,6.143 0,8.485c-2.101,2.101 -5.377,2.317 -7.72,0.648l-4.345,4.346c2.441,3.137 2.219,7.68 -0.663,10.562c-3.122,3.122 -8.192,3.122 -11.314,0c-3.122,-3.122 -3.122,-8.191 0,-11.313c2.883,-2.883 7.426,-3.104 10.563,-0.664l4.345,-4.345c-1.477,-2.074 -1.477,-4.88 0,-6.953l-4.345,-4.346c-3.137,2.441 -7.68,2.22 -10.563,-0.663c-1.306,-1.306 -2.066,-2.954 -2.279,-4.657l-12.412,0c-0.213,1.703 -0.973,3.351 -2.28,4.657c-3.122,3.122 -8.191,3.122 -11.313,0c-3.122,-3.122 -3.122,-8.192 0,-11.314c3.122,-3.122 8.191,-3.122 11.313,0c1.307,1.307 2.067,2.954 2.28,4.657l12.412,0c0.213,-1.703 0.973,-3.35 2.279,-4.657c2.883,-2.882 7.426,-3.103 10.563,-0.663l4.345,-4.345Zm-13.494,34.707c2.342,-2.342 6.144,-2.342 8.486,0c2.341,2.341 2.341,6.144 0,8.485c-2.342,2.342 -6.144,2.342 -8.486,0c-2.341,-2.341 -2.341,-6.144 0,-8.485Zm-15.556,-15.557c3.122,-3.122 8.192,-3.122 11.314,0c3.122,3.123 3.122,8.192 0,11.314c-3.122,3.122 -8.192,3.122 -11.314,0c-3.122,-3.122 -3.122,-8.191 0,-11.314Zm1.414,1.415c2.342,-2.342 6.144,-2.342 8.485,0c2.342,2.341 2.342,6.143 0,8.485c-2.341,2.342 -6.143,2.342 -8.485,0c-2.341,-2.342 -2.341,-6.144 0,-8.485Zm41.012,-15.557c3.122,-3.122 8.192,-3.122 11.314,0c3.122,3.122 3.122,8.192 0,11.314c-3.122,3.122 -8.192,3.122 -11.314,0c-3.122,-3.122 -3.122,-8.192 0,-11.314Zm1.415,1.415c2.341,-2.342 6.143,-2.342 8.485,0c2.341,2.341 2.341,6.143 0,8.485c-2.342,2.341 -6.144,2.341 -8.485,0c-2.342,-2.342 -2.342,-6.144 0,-8.485Zm-28.285,0c2.342,-2.342 6.144,-2.342 8.486,0c2.341,2.341 2.341,6.143 0,8.485c-2.342,2.341 -6.144,2.341 -8.486,0c-2.341,-2.342 -2.341,-6.144 0,-8.485Zm-28.284,0c2.342,-2.342 6.144,-2.342 8.485,0c2.342,2.341 2.342,6.143 0,8.485c-2.341,2.341 -6.143,2.341 -8.485,0c-2.342,-2.342 -2.342,-6.144 0,-8.485Zm26.207,-19.136c-2.441,-3.137 -2.22,-7.68 0.663,-10.563c3.122,-3.122 8.192,-3.122 11.314,0c3.122,3.122 3.122,8.192 0,11.314c-2.883,2.882 -7.426,3.104 -10.563,0.663l-4.345,4.345c1.668,2.343 1.452,5.619 -0.649,7.72c-2.341,2.341 -6.143,2.341 -8.485,0c-2.341,-2.342 -2.341,-6.144 0,-8.486c2.101,-2.1 5.377,-2.316 7.72,-0.648l4.345,-4.345Zm2.077,-9.149c2.342,-2.341 6.144,-2.341 8.486,0c2.341,2.342 2.341,6.144 0,8.486c-2.342,2.341 -6.144,2.341 -8.486,0c-2.341,-2.342 -2.341,-6.144 0,-8.486Z"
+            style="fill:#3f92dd;fill-rule:evenodd;"
+        />
+    </g>
+</svg>
\ No newline at end of file
diff --git a/src/presenters/templates/pdf_template.html b/src/presenters/templates/pdf_template.html
new file mode 100644
index 000000000..45d55fd2e
--- /dev/null
+++ b/src/presenters/templates/pdf_template.html
@@ -0,0 +1,267 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <title></title>
+    <link rel="stylesheet" type="text/css" href="/app/templates/css/bootstrap.css">
+    <link rel="stylesheet" type="text/css" href="/app/templates/css/custom.css">
+</head>
+
+<body>
+    <div>
+        <table class="table table-borderless">
+            <tr>
+                <td class="w20"><img src="/app/templates/images/taranis.svg"></td>
+                <td class="text-center align-middle sw_title">VULNERABILITY REPORT</td>
+            </tr>
+        </table>
+    </div>
+    <div>
+        {% for report_item in data.report_items %}
+        <table class="table table-bordered header_info" style="width: 100%">
+
+            <tr>
+                <th colspan="6" class="th_data" style="color:white; background-color: #256ec2 !important">
+                    CONFIDENTIALITY, DISTRIBUTION, SEVERITY</th>
+            </tr>
+            <tr class="table-row">
+                <td class="w25 py-0">
+                    <div class="mt-2 text_bold">Confidentiality</div>
+                </td>
+                <td class="w15 py-0">
+                    <div class="mt-2">
+                        <label class="checkbox-button">
+                            <input type="checkbox" class="checkbox-button__input" id="low" name="low" {% if
+                                report_item.attrs.confidentiality=='UNRESTRICTED' %}checked{% endif %}>
+                            <span class="checkbox-button__control"></span>
+                            <span class="checkbox-button__label">Unrestricted</span>
+                        </label>
+                    </div>
+                </td>
+                <td class="w15 py-0">
+                    <div class="mt-2">
+                        <label class="checkbox-button">
+                            <input type="checkbox" class="checkbox-button__input" id="middle" name="middle" {% if
+                                report_item.attrs.confidentiality=='CLASSIFIED' %}checked{% endif %}>
+                            <span class="checkbox-button__control"></span>
+                            <span class="checkbox-button__label">Classified</span>
+                        </label>
+                    </div>
+                </td>
+                <td class="w15 py-0">
+                    <div class="mt-2">
+                        <label class="checkbox-button">
+                            <input type="checkbox" class="checkbox-button__input" id="high" name="high" {% if
+                                report_item.attrs.confidentiality=='CONFIDENTIAL' %}checked{% endif %}>
+                            <span class="checkbox-button__control"></span>
+                            <span class="checkbox-button__label">Confidential</span>
+                        </label>
+                    </div>
+                </td>
+                <td class="w15 py-0">
+                    <div class="mt-2">
+                        <label class="checkbox-button">
+                            <input type="checkbox" class="checkbox-button__input" id="critical" name="critical" {% if
+                                report_item.attrs.confidentiality=='SECRET' %}checked{% endif %}>
+                            <span class="checkbox-button__control"></span>
+                            <span class="checkbox-button__label">Secret</span>
+                        </label>
+                    </div>
+                </td>
+                <td class="w15 py-0">
+                    <div class="mt-2">
+                        <label class="checkbox-button">
+                            <input type="checkbox" class="checkbox-button__input" id="critical" name="critical" {% if
+                                report_item.attrs.confidentiality=='TOP SECRET' %}checked{% endif %}>
+                            <span class="checkbox-button__control"></span>
+                            <span class="checkbox-button__label">Top Secret</span>
+                        </label>
+                    </div>
+                </td>
+            </tr>
+            <tr>
+                <td class="w25 py-0">
+                    <div class="mt-2 text_bold">TLP</div>
+                </td>
+                <td class="mt-2" colspan="5">
+                    {% if report_item.attrs.tlp == 'CLEAR' or report_item.attrs.tlp == 'WHITE' %}
+                    <span
+                        style="padding: 4px; background-color: black !important; color:white; font-weight: 700">TLP:CLEAR</span>
+                    {% endif %}
+                    {% if report_item.attrs.tlp == 'GREEN' %}
+                    <span
+                        style="padding: 4px; background-color: black !important; color:#33ff00; font-weight: 700">TLP:GREEN</span>
+                    {% endif %}
+                    {% if report_item.attrs.tlp == 'AMBER' %}
+                    <span
+                        style="padding: 4px; background-color: black !important; color:#ffc000; font-weight: 700">TLP:AMBER</span>
+                    {% endif %}
+                    {% if report_item.attrs.tlp == 'AMBER+STRICT' %}
+                    <span
+                        style="padding: 4px; background-color: black !important; color:#ffc000; font-weight: 700">TLP:AMBER+STRICT</span>
+                    {% endif %}
+                    {% if report_item.attrs.tlp == 'RED' %}
+                    <span
+                        style="padding: 4px; background-color: black !important; color:#ff2b2b; font-weight: 700">TLP:RED</span>
+                    {% endif %}
+                </td>
+            </tr>
+            <tr>
+                <td class="w25 py-0">
+                    <div class="mt-2 text_bold">CVSS vector</div>
+                </td>
+                <td class="py-0" colspan="5">
+                    <div class="mt-2"><span class="cvss">{{ report_item.attrs.cvss|e }} </span></div>
+                </td>
+            </tr>
+        </table>
+
+        <br>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">DESCRIPTION</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {{ report_item.attrs.description|e }}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">PUBLISHED</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {{ report_item.attrs.exposure_date }}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">UPDATED</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {{ report_item.attrs.update_date }}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">CVE</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {% if report_item.attrs.cve %}
+                    {% for i in report_item.attrs.cve %}
+                    <div>{{ i|e }}</div>
+                    {% endfor %}
+                    {% endif %}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">IMPACT</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {% if report_item.attrs.impact %}
+                    {% for i in report_item.attrs.impact %}
+                    <div>{{ i|e }}</div>
+                    {% endfor %}
+                    {% endif %}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">IOC</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {% if report_item.attrs.ioc %}
+                    {% for i in report_item.attrs.ioc %}
+                    <div>{{ i|e }}</div>
+                    {% endfor %}
+                    {% endif %}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">AFFECTED SYSTEMS</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {% if report_item.attrs.affected_systems %}
+                    {% for i in report_item.attrs.affected_systems %}
+                    <div>{{ i|e }}</div>
+                    {% endfor %}
+                    {% endif %}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">RECOMMENDATIONS</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    {{ report_item.attrs.recommendations }}
+                </td>
+            </tr>
+        </table>
+
+        <table class="table table-bordered">
+            <tr>
+                <th class="th_data" style="color:white; background-color: #256ec2 !important">LINKS</th>
+            </tr>
+            <tr>
+                <td class="text-justify text_in_tab">
+                    <ul class="list-unstyled">
+                        {% if report_item.attrs.links %}
+                        {% for i in report_item.attrs.links %}
+                        <div>{{ i|e }}</div>
+                        {% endfor %}
+                        {% endif %}
+                    </ul>
+                </td>
+            </tr>
+        </table>
+        {% endfor %}
+    </div>
+    <div>
+        <br>
+        <table class="table table-borderless">
+            <tr class="footer_text footer_color">
+                <td class="w30 py-0 text_bold">Created by Taranis NG</td>
+                <td class="w40 py-0 text-center info">Repo: <a
+                        href="https://github.com/SK-CERT/Taranis-NG/">github.com/SK-CERT/Taranis-NG</a></td>
+                <td class="w30 py-0 text-right text_bold">Company name</td>
+            </tr>
+            <tr class="footer_text">
+                <td class="w30 py-0">OSINT analysis tool</td>
+                <td class="w40 py-0 text-center info">E-mail: sk-cert@nbu.gov.sk</td>
+                <td class="w30 py-0 text-right">Company address</td>
+            </tr>
+            <tr class="footer_text">
+                <td class="w30 py-0">for CSIRT community</td>
+                <td class="w40 py-0 text-center info">Web: <a href="https://www.sk-cert.sk">www.sk-cert.sk</a></td>
+                <td class="w30 py-0 text-right">City name</td>
+            </tr>
+        </table>
+    </div>
+</body>
+
+</html>