Updates to 2.0.6 related updates (#81)

squashing and merging

CHANGELOG.md

@@ -1,5 +1,12 @@
 # VINCE Changelog
 
+Version 2.0.6  2023-01-23
+
+* Removed Edit Vulnerability button superfluous GHIssue #77
+* Updates to CVE publish buttons and automatic close of CVE modal on error
+* Modify CVEAffectedProduct.version_affected vince models.py for CVE5JSON
+* Bug fix newcomment not new_comment in vince/views.py
+* Add "Notify anyway" button routine for already notified vendor.
 
 ## Version 2.0.5  2023-01-04
 

bigvince/settings_.py

@@ -56,7 +56,7 @@
 ROOT_DIR = environ.Path(__file__) - 3
 
 # any change that requires database migrations is a minor release
-VERSION = "2.0.5"
+VERSION = "2.0.6"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

vince/models.py

@@ -3844,7 +3844,7 @@ class CVEAffectedProduct(models.Model):
         _('Version Range Type'),
         blank=True,
         null=True,
-        max_length=10)
+        max_length=25)
 
     version_value = models.CharField(
         _('Affected Version or Start'),

vince/static/vince/js/case.js

@@ -463,7 +463,6 @@ $(document).ready(function() {
     var largemodal = $("#largemodal");
 
     $(document).on("submit", '#addvendorform', function(event) {
-	/* the jquery autocomplete should use UUID or PKIDs*/
 	event.preventDefault();
 	var reload = $(this).attr("reload");
 	var vendors = [];
@@ -1680,8 +1679,7 @@ $(document).ready(function() {
     }
     vendors_table = Tabulator.prototype.findTable("#vendors-table")[0]
     approvemodal = $("#approvenote");
-    $(document).off("click", '#notifyvendors')
-    $(document).on("click", '#notifyvendors', function(event) {
+    function notify_vendors(event,bypass) {
 	event.preventDefault();
 	var vendors = [];
         var selectedRows = vendors_table.getSelectedRows();
@@ -1691,21 +1689,31 @@ $(document).ready(function() {
 	if (selectedRows.length > 0) {
 	    for (i=0; i < selectedRows.length; i++) {
 		var v = selectedRows[i].getData();
-		if(v.contact_date) {
+		if(v.contact_date && (!bypass)) {
 		    exceptions += "<h5>Skipping Vendor <u>"+ v.vendor +
 			"</u> Already notified on <i>"+ v.contact_date +
 			"</i></h5>";
 		    continue;
 		}
 		vendors.push(v.id)
 	    }
-
-	}
-	if (vendors.length < 1) {
-	    alertmodal(approvemodal, "<h4><strong>No valid vendors to " +
-		       "notify!</strong></h4><h5>All vendors have been " +
-		       "notified or none were selected that can be "+
-		       "notified.</h5>");
+	    if (vendors.length < 1) {
+		alertmodal(approvemodal, "<h4><strong>No valid vendors to " +
+			   "notify!</strong></h4><h5>All vendors have been " +
+			   "notified or none were selected that can be "+
+			   "notified.</h5>");
+		approvemodal.find(".modal-footer")
+		    .prepend("&nbsp;")
+		    .prepend($("<button>").addClass("button cmu")
+			    .html("Notify anyway!")
+			    .on("click",function(e) {
+				notify_vendors(e,true);
+			    }));
+		return;
+	    }
+	} else {
+	    alertmodal(approvemodal, "<h4><strong>Select a vendor to be " +
+		       "notified!");
 	    return;
 	}
 	if(exceptions != "") {
@@ -1722,6 +1730,10 @@ $(document).ready(function() {
                 permissionDenied(addmodal);
             });
 
+    }
+    $(document).off("click", '#notifyvendors');
+    $(document).on("click", '#notifyvendors', function(event) {
+	notify_vendors(event,false);
     });
 
     $(document).on("click", "#submit_vendors", function(event) {

vince/views.py

@@ -10272,8 +10272,8 @@ def form_valid(self, form):
             if getattr(contact,pvar) != self.request.POST.get(pvar,getattr(contact,pvar)):
                 _add_activity(self.request.user, 3, contact, f"modified {pvar}")
                 some_changes=True
-        new_comment = self.request.POST.get('comment',"")
-        if contact.comment != new_comment:
+        newcomment = self.request.POST.get('comment',"")
+        if contact.comment != newcomment:
             if not((contact.comment == None) and (newcomment == '')):
                 if newcomment == "":
                     _add_activity(self.request.user, 3, contact, f"removed comment: {contact.comment}")

vinny/static/vinny/js/vincecomm.js

@@ -8,9 +8,10 @@
   # INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON
   # UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
   # AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR
-  # PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE
-  # MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND
-  # WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
+  # PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF 
+  # THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY
+  # KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT
+  # INFRINGEMENT.
   #
   # Released under a MIT (SEI)-style license, please see license.txt or contact
   # permission@sei.cmu.edu for full terms.
@@ -22,8 +23,8 @@
   # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the
   # U.S. Patent and Trademark Office by Carnegie Mellon University.
   #
-  # This Software includes and/or makes use of Third-Party Software each subject
-  # to its own license.
+  # This Software includes and/or makes use of Third-Party Software each 
+  # subject to its own license.
   #
   # DM21-1126
   ########################################################################
@@ -34,10 +35,10 @@ function getCookie(name) {
         var cookies = document.cookie.split(';');
         for (var i = 0; i < cookies.length; i++) {
             var cookie = jQuery.trim(cookies[i]);
-            // Does this cookie string begin with the name we want?                                                                \
-
+            // Does this cookie string begin with the name we want?
             if (cookie.substring(0, name.length + 1) === (name + '=')) {
-                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                cookieValue = decodeURIComponent(cookie
+						 .substring(name.length + 1));
                 break;
             }
         }
@@ -254,9 +255,17 @@ $(function () {
 	    .prop('checked',$(e.target).prop('checked'));
     });
     function filter_navli(e) {
-	let li = $(e.target || e.srcElement);
+	let li = $(e.currentTarget || e.target || e.srcElement);
 	li.parent().find('.fa-check').css('opacity',0);
 	li.find('.fa-check').css('opacity',1);
+	let rowdiv = li.closest('div.row');
+	let statusd = "[" + li.html() + "]";
+	if(rowdiv.find('.statusd_view').length) {
+	    rowdiv.find('.statusd_view').html(statusd);
+	} else {
+	    rowdiv.append($('<div>').addClass('statusd_view').html(statusd));
+	}
+	rowdiv.find('.statusd_view i').addClass('fa-filter');
 	let partdiv = li.closest('.participant_type');
 	let all = partdiv.find('.participant').not('.pheader');
 	let moreless = partdiv.find(".moreless");