Web Mixins

This module covers useful mixins for views that are used for displayed the web-frontend. All views that should only be accessible after a user login should extend the ContextMixinBase class to apply default context data automatically.

View Classes

class mastf.MASTF.mixins.TemplateAPIView(**kwargs)[source]

Base class for all Django views that use templates to render HTML responses.

This class is a subclass of Django’s built-in TemplateView class, and provides additional functionality explicitly for web views. Specifically, the TemplateAPIView class includes methods for serializing and deserializing data to and from HTML templates, which can be used to build custom HTML forms or display data in a structured way.

To use this class, simply subclass it in your Django views and specify the template file to use via the template_name attribute. You can then use the get_context_data method to pass additional context variables to the template, and the render_to_response method to render the response using the specified template.

In addition, this view implements permission checks that will be applied before any incoming request will be handled. Simply specify permission classes or use BoundPermission objects in a list within the permission_classes attribute.

For example:

1from rest_framework.permissions import IsAdmin
2
3class MyWebView(TemplateAPIView):
4    template_name =  'my_template.html'
5    permission_classes = [ IsAdmin ]

This class also includes a default_redirect attribute, which can be set to a view name that the view will redirect to if an error occurs during processing. If ‘default_redirect’ is not set, the view will redirect to the dashboard page.

check_object_permissions(request, obj) bool[source]

Validates if the current user has appropriate permissions to access the given object.

check_permissions(request)[source]

Validates whether the request’s user has permissions to access this view.

default_redirect = 'Dashboard'

Redirect view name to render if an error occurs.

get_object(model, pk_field: str)[source]

Returns a project mapped to a given primary key

Returns:

the instance of the desired model

Return type:

? extends Model

keep_redirect_kwargs = True

Tell the API view to keep args on redirect.

on_dispatch_error()[source]

Redirects to a default page if an exception was raised

permission_classes = None

Object or request-level permission classes.

Type:

list | tuple | Iterable[type | BoundPermission]

Mixin Classes

class mastf.MASTF.mixins.ContextMixinBase[source]

A Django mixin that provides additional context variables to a view.

This mixin adds the following context variables to the view:

  • debug: a boolean value indicating whether the application has been started

    in debug mode.

  • today: a datetime object representing today’s date.

  • user_role: a string representing the user’s role.

To use this mixin, simply include it in your Django view by subclassing it in your view class and adding it to the list of mixins in the class definition. For example:

1from mastf.MASTF.mixins import ContextMixinBase, TemplateAPIView
2
3class MyView(ContextMixinBase, TemplateAPIView):
4    template_name = "my_template.html"

You can then access the added context variables in your template as usual, for instance:

 1{% if debug %}
 2<p>Debug mode is enabled.</p>
 3{% endif %}
 4<p>Today's date is {{ today|date:"F j, Y" }}.</p>
 5
 6{% if user_role == "admin" %}
 7<p>You have administrative privileges.</p>
 8{% else %}
 9<p>You do not have administrative privileges.</p>
10{% endif %}

For more information on how to use context variables this class provides, see the Django’s documentation on templates and context processors.

login_url = '/web/login'

Default login URL.

prepare_context_data(request: HttpRequest, **kwargs) dict[source]

Inserts additional fields into the context of this view.

class mastf.MASTF.mixins.VulnContextMixin[source]

Mixin that applies vulnerability statistics to the context of a view.

apply_vuln_context(context: dict, vuln: dict) None[source]

Inserts vulnerability data according to the given input stats.

Parameters:

  • context (dict) – the view’s context

  • vuln (dict) – the vulnerability stats aquired via AbstractBaseFinding.stats(...)

get_vuln_context(stats: dict, name: str, bg: str) dict[source]

Returns HTML information about a vulnerability statistic.

The returned object has the following structure:

{
    "name": "...",
    "color": "bg-${color}",
    "percent": "...",
    "count": "..."
}
Parameters:

  • stats (dict) – single vulnerablity statistics according to severity

  • name (str) – severity name

  • bg (str) – the background color

Returns:

a dictionary storing data for HTML templates

Return type:

dict

class mastf.MASTF.mixins.UserProjectMixin[source]

Mixin that adds project-related context variables to a view.

This mixin provides the apply_project_context method, which adds the following context variables to the view:

  • project: the Project object corresponding to the project_uuid URL parameter.

  • scanners: a list of available scanner plugins.

To use this mixin, include it in your Django view by subclassing it in your view class and adding it to the list of mixins in the class definition. For example:

 1from django.views.generic import DetailView
 2from mastf.MASTF.mixins import UserProjectMixin, TemplateAPIView
 3from mastf.MASTF.models import Project
 4
 5class MyDetailView(UserProjectMixin, TemplateAPIView):
 6    model = Project
 7    template_name = "project_detail.html"
 8
 9    def get_context_data(self, **kwargs):
10        context = super().get_context_data(**kwargs)
11        self.apply_project_context(context)
12        # add additional context variables here if needed
13        return context

You can then access the added context variables in your template as usual:

1<h1>Project: {{ project.name }}</h1>
2<p>Available scanners:</p>
3<ul>
4    {% for scanner in scanners %}
5        <li>{{ scanner.name }}</li>
6    {% endfor %}
7</ul>
class mastf.MASTF.mixins.TopVulnerableProjectsMixin[source]

Mixin that filters for the most vulnerable project.

Returns a namespace object (dictionary) that includes the following attribures:

  • top_vuln_first (optional): the most vulnerable project (object)

  • top_vuln_second (optional): the second most vulnerable project (object)

  • top_vuln_third (optional): the third most vulnerable project (object)

get_top_vulnerable_projects(projects: list) namespace[source]

Returns up to three top vulnerable projects of the given list.

Parameters:

projects (list) – the projects (actual project objects)

Returns:

a dictionary covering the most vulnerable projects.

Return type:

namespace

class mastf.MASTF.mixins.ScanTimelineMixin[source]

Simple mixin class that provides a function to collect scan data.

The returned data may be used as timeline data or display values in a table. Note that the number of included scans can be reduced with the following GET parameters:

  • public: should be true to include public projects

  • private: should be true to include private projects

  • internal: should be true to include projects a user has access to

get_scan_timeline(projects)[source]

Collects information about scans from the given projects.

Parameters:

projects (list[Project]) – the initial project list

Returns:

a list storing all scans with additional vulnerability stats

Return type:

list[namespace]