From 34698eab94f4c42d3b1cd189d287c5bfae9ba610 Mon Sep 17 00:00:00 2001
From: Thierry Beauquier <thierry.beauquier@ericsson.com>
Date: Thu, 14 Apr 2016 09:15:47 -0400
Subject: [PATCH 01/46] Add severity for no port vulnerability

---
 plugins/repo/openvas/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/repo/openvas/plugin.py b/plugins/repo/openvas/plugin.py
index ad81b9ab73e..03749c20e55 100644
--- a/plugins/repo/openvas/plugin.py
+++ b/plugins/repo/openvas/plugin.py
@@ -251,7 +251,7 @@ def parseOutputString(self, output, debug = False):
                     
                 if item.port == "None":
                     v_id = self.createAndAddVulnToHost(h_id,item.name.encode("utf-8"),desc=item.description.encode("utf-8"),
-                                                       ref=ref)
+                                                       severity=item.severity.encode("utf-8"),ref=ref)
                 else:
                     
                     if item.service:

From 9c44741521b02ecfb48556eb548b8fa70d212ceb Mon Sep 17 00:00:00 2001
From: robertfiz <robertfiz@users.noreply.github.com>
Date: Fri, 3 Mar 2017 16:12:12 -0300
Subject: [PATCH 02/46] eliminar slash

output= output.replace('\\$', '')
        r = re.search(
            "Whoah, it worked - misconfigured DNS server found:([^$]+)\There isn't much point continuing, you have  everything.",
---
 plugins/repo/fierce/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/repo/fierce/plugin.py b/plugins/repo/fierce/plugin.py
index 65c7c44da07..65fb56fd9af 100644
--- a/plugins/repo/fierce/plugin.py
+++ b/plugins/repo/fierce/plugin.py
@@ -67,9 +67,9 @@ def __init__(self, output):
                     self.items.append(item)
 
         self.isZoneVuln = False
+        output= output.replace('\\$', '')
         r = re.search(
-            "Whoah, it worked - misconfigured DNS server found:\r\n([^$]+)There isn't much point continuing, you have everything.",
-            output)
+            "Whoah, it worked - misconfigured DNS server found:([^$]+)\There isn't much point continuing, you have  everything.",
 
         if r is not None:
 

From 09459056cea2b02b87a678e562a5a38c5b6d4b3a Mon Sep 17 00:00:00 2001
From: robertfiz <robertfiz@users.noreply.github.com>
Date: Fri, 3 Mar 2017 16:13:26 -0300
Subject: [PATCH 03/46] Update plugin.py

---
 plugins/repo/fierce/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/repo/fierce/plugin.py b/plugins/repo/fierce/plugin.py
index 65fb56fd9af..ed8241d330d 100644
--- a/plugins/repo/fierce/plugin.py
+++ b/plugins/repo/fierce/plugin.py
@@ -69,7 +69,7 @@ def __init__(self, output):
         self.isZoneVuln = False
         output= output.replace('\\$', '')
         r = re.search(
-            "Whoah, it worked - misconfigured DNS server found:([^$]+)\There isn't much point continuing, you have  everything.",
+            "Whoah, it worked - misconfigured DNS server found:([^$]+)\There isn't much point continuing, you have  everything.", output)
 
         if r is not None:
 

From 7ccac77171f608acbe68066aefb648cd5a1a9dbf Mon Sep 17 00:00:00 2001
From: Endrigo Antonini <git@endrigo.com.br>
Date: Mon, 17 Apr 2017 16:32:10 -0300
Subject: [PATCH 04/46] Added some validations on objects that didn't exists on
 the output XML from IBM AppScan.

---
 plugins/repo/appscan/plugin.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/plugins/repo/appscan/plugin.py b/plugins/repo/appscan/plugin.py
index 266721d3511..9e2e78d3a35 100644
--- a/plugins/repo/appscan/plugin.py
+++ b/plugins/repo/appscan/plugin.py
@@ -44,7 +44,6 @@ def __init__(self, output):
         self.obj_xml = objectify.fromstring(output)
 
     def parse_issues(self):
-
         for issue in self.obj_xml["issue-type-group"]["item"]:
             url_list = []
             obj_issue = {}
@@ -52,7 +51,7 @@ def parse_issues(self):
             obj_issue["name"] = issue["name"].text
             obj_issue['advisory'] = issue["advisory"]["ref"].text
 
-            if(issue["cve"]):
+            if("cve" in issue):
                 obj_issue['cve'] = issue["cve"].text
 
             for threat in self.obj_xml["url-group"]["item"]:
@@ -65,7 +64,7 @@ def parse_issues(self):
                     for item in self.obj_xml["issue-group"]["item"]:
 
                         if int(item["url"]["ref"]) == int(threat.get('id')):
-                            if item["issue-type"]["ref"] == threat['issue-type']:
+                            if "test-http-traffic" in item["variant-group"]["item"] and item["issue-type"]["ref"] == threat['issue-type']:
 
                                 http_traffic = item["variant-group"]["item"]["test-http-traffic"].text.split("\n\n")
 
@@ -76,7 +75,8 @@ def parse_issues(self):
 
                             obj_issue["severity"] = item["severity"].text
                             obj_issue["cvss_score"] = item["cvss-score"].text
-                            obj_issue["issue_description"] = item["variant-group"]["item"]["issue-information"]["issue-tip"].text
+                            if ("issue-tip" in item["variant-group"]["item"]["issue-information"]):
+                                obj_issue["issue_description"] = item["variant-group"]["item"]["issue-information"]["issue-tip"].text
                             break
 
             for recomendation in self.obj_xml["fix-recommendation-group"]["item"]:

From 131b00b094cca2442533fb0bcebab324e0dded2b Mon Sep 17 00:00:00 2001
From: Thierry Beauquier <lmcthbe@gmail.com>
Date: Mon, 8 May 2017 11:28:03 -0400
Subject: [PATCH 05/46] Adding plugin for junit xml parsing

---
 plugins/repo/junit/__init__.py |   6 ++
 plugins/repo/junit/plugin.py   | 158 +++++++++++++++++++++++++++++++++
 2 files changed, 164 insertions(+)
 create mode 100644 plugins/repo/junit/__init__.py
 create mode 100644 plugins/repo/junit/plugin.py

diff --git a/plugins/repo/junit/__init__.py b/plugins/repo/junit/__init__.py
new file mode 100644
index 00000000000..004c49be6c6
--- /dev/null
+++ b/plugins/repo/junit/__init__.py
@@ -0,0 +1,6 @@
+'''
+Faraday Penetration Test IDE
+Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+See the file 'doc/LICENSE' for the license information
+
+'''
diff --git a/plugins/repo/junit/plugin.py b/plugins/repo/junit/plugin.py
new file mode 100644
index 00000000000..b5c33a7461d
--- /dev/null
+++ b/plugins/repo/junit/plugin.py
@@ -0,0 +1,158 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+'''
+Faraday Penetration Test IDE
+Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+See the file 'doc/LICENSE' for the license information
+
+'''
+from __future__ import with_statement
+from plugins import core
+from model import api
+import re
+import os
+import pprint
+import sys
+from lxml import etree
+
+try:
+    import xml.etree.cElementTree as ET
+    import xml.etree.ElementTree as ET_ORIG
+    ETREE_VERSION = ET_ORIG.VERSION
+except ImportError:
+    import xml.etree.ElementTree as ET
+    ETREE_VERSION = ET.VERSION
+
+ETREE_VERSION = [int(i) for i in ETREE_VERSION.split(".")]
+
+current_path = os.path.abspath(os.getcwd())
+
+__author__ = "Thierry Beauquier"
+__license__ = ""
+__version__ = "1.0.0"
+__maintainer__ = "Thierry Beauquier"
+__email__ = "thierry.beauquier@ericsson.com"
+__status__ = "Development"
+
+'''
+This plugin has been designed to be used with python-unittest2/paramiko script to perform security compliancy verification. It enables to have displayed both security scans results (nmap,
+nessus, ..) and security verification compliancy (CIS-CAT, compagny's product security requirement) by Faraday-IPE
+
+This plugin requires that a element "host" is added to <testcase/> (sed -i 's/<testcase/<testcase host=\"192.168.1.1\"/' junit.xml) 
+
+ <testsuite errors="0" failures="1" name="AccountsWithSuperuserPrivilegesShallBeDisabledByDefault-20170118090010" skipped="0" tests="1" time="0.144">
+                <testcase host="192.168.1.1" classname="AccountsWithSuperuserPrivilegesShallBeDisabledByDefault" name="test_sshdRootLogin" time="0.144">
+                        <failure message="SSH for root account is not disabled: '' matches '' in ''" type="AssertionError">
+<![CDATA[Traceback (most recent call last):
+  File "bsr-ci.py", line 514, in test_sshdRootLogin
+    self.assertNotRegexpMatches(_ssh('cat /etc/ssh/sshd_config | egrep "^PermitRootLogin" | awk \'{print $2}\' | egrep "no|No|NO"',host),'', 'SSH for root account is not disabled')
+AssertionError: SSH for root account is not disabled: '' matches '' in ''
+]]>                     </failure>
+                </testcase>
+                <system-out>
+<![CDATA[]]>            </system-out>
+                <system-err>
+<![CDATA[]]>            </system-err>
+  </testsuite>
+
+
+'''
+
+class JunitXmlParser(object):
+    """
+    The objective of this class is to parse an xml file generated by the junit.
+
+    @param junit_xml_filepath A proper xml generated by junit
+    """
+
+    def __init__(self, xml_output):
+
+        tree = self.parse_xml(xml_output)
+        if tree:
+            self.items = [data for data in self.get_items(tree)]
+        else:
+            self.items = []
+    
+    def parse_xml(self, xml_output):
+        """
+        Open and parse an xml file.
+
+        @return xml_tree An xml tree instance. None if error.
+        """
+        try:
+#             return ET.fromstring(xml_output)
+            tree = etree.fromstring(xml_output)
+        except SyntaxError, err:
+            print "SyntaxError: %s. %s" % (err, xml_output)
+            return None
+        return tree
+
+    def get_items(self, tree):
+        """
+        @return items A list of Failure instances
+        """
+
+        for node in tree.findall('testsuite/testcase/failure'):
+            yield Testsuite(node)
+
+
+class Testsuite(object):
+
+    def __init__(self, testsuite_node):
+        self.node = testsuite_node
+
+        self.parent = self.node.getparent()
+        self.name = self.parent.get('name')
+        self.host = self.parent.get('host')
+        if self.host is None:
+            print 'host element is missing'
+            self.host = ''
+
+        self.message = self.get_text_from_subnode('message')
+
+    def get_text_from_subnode(self, subnode_xpath_expr):
+        """
+        Finds a subnode in the host node and the retrieves a value from it.
+
+        @return An attribute value
+        """
+        sub_node = self.node.get(subnode_xpath_expr)
+        if sub_node is not None:
+            return sub_node
+
+        return None
+ 
+class JunitPlugin(core.PluginBase):
+    """
+    Example plugin to parse junit output.
+    """
+
+    def __init__(self):
+        core.PluginBase.__init__(self)
+        self.id = "Junit"
+        self.name = "Junit XML Output Plugin"
+        self.plugin_version = "0.0.1"
+        self.version = ""
+        self.framework_version = "1.0.0"
+        self.options = None
+        self._current_output = None
+        self._command_regex = None 
+
+    def parseOutputString(self, output, debug=False):
+
+        parser = JunitXmlParser(output)
+        for item in parser.items:
+            h_id = self.createAndAddHost(item.host, os="Linux")
+            i_id = self.createAndAddInterface(h_id, item.host, ipv4_address=item.host)
+            self.createAndAddVulnToHost(h_id, name=item.name, desc=item.message, ref=[], severity="High")
+        del parser
+
+def createPlugin():
+    return JunitPlugin()
+
+if __name__ == '__main__':
+    parser = JunitXmlParser(sys.argv[1])
+    for item in parser.items:
+        if item.status == 'up':
+            print item

From db82e9a62a8fcd11f68c0a8465c47fcda47709ed Mon Sep 17 00:00:00 2001
From: robertfiz <robertfiz@users.noreply.github.com>
Date: Sun, 14 May 2017 22:41:34 -0300
Subject: [PATCH 06/46] agregue esta linea porque no creaba el servicio

    #linea 59
                if len(vals)==3:
---
 plugins/repo/arp-scan/plugin.py | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/plugins/repo/arp-scan/plugin.py b/plugins/repo/arp-scan/plugin.py
index 324cbec4b80..a0c2db2479d 100644
--- a/plugins/repo/arp-scan/plugin.py
+++ b/plugins/repo/arp-scan/plugin.py
@@ -55,15 +55,18 @@ def parseOutputString(self, output, debug=False):
 
             for line in output.split('\n'):
                 vals = line.split("\t")
-
-                if len(vals[0].split(".")) == 4:
-
-                    host = vals[0]
-                    h_id = self.createAndAddHost(host)
-                    i_id = self.createAndAddInterface(
-                        h_id, host, ipv4_address=host, mac=vals[1])
-                    n_id = self.createAndAddNoteToHost(
-                        h_id, "NIC VENDOR:", vals[2])
+                
+                #agregue esta linea porque no creaba el servicio
+                if len(vals)==3:
+
+                    if len(vals[0].split(".")) == 4:
+
+                        host = vals[0]
+                        h_id = self.createAndAddHost(host)
+                        i_id = self.createAndAddInterface(
+                            h_id, host, ipv4_address=host, mac=vals[1])
+                            n_id = self.createAndAddNoteToHost(
+                            h_id, "NIC VENDOR:", vals[2])
 
         return True
 

From 64a399e502de5273840bfce8348380577f0d40d5 Mon Sep 17 00:00:00 2001
From: Leonardo Lazzaro <leonardol@infobytesec.com>
Date: Tue, 23 May 2017 16:43:06 -0300
Subject: [PATCH 07/46] fix missing import. some PEP8 fixes

---
 server/api/modules/workspaces.py | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/server/api/modules/workspaces.py b/server/api/modules/workspaces.py
index 7a0059add93..0d1a8d9c784 100644
--- a/server/api/modules/workspaces.py
+++ b/server/api/modules/workspaces.py
@@ -11,8 +11,17 @@
 from server.dao.service import ServiceDAO
 from server.dao.interface import InterfaceDAO
 from server.dao.note import NoteDAO
-from server.utils.web import gzipped, validate_workspace, get_basic_auth, validate_admin_perm, validate_database, build_bad_request_response
-from server.couchdb import list_workspaces_as_user, get_workspace, get_auth_info
+from server.utils.web import (
+    gzipped,
+    validate_workspace,
+    get_basic_auth,
+    validate_admin_perm,
+    build_bad_request_response
+)
+from server.couchdb import (
+    list_workspaces_as_user,
+    get_workspace
+)
 from server.database import get_manager
 
 
@@ -23,6 +32,7 @@ def workspace_list():
         list_workspaces_as_user(
             flask.request.cookies, get_basic_auth()))
 
+
 @app.route('/ws/<workspace>/summary', methods=['GET'])
 @gzipped
 def workspace_summary(workspace=None):
@@ -48,6 +58,7 @@ def workspace_summary(workspace=None):
 
     return flask.jsonify(response)
 
+
 @app.route('/ws/<workspace>', methods=['GET'])
 @gzipped
 def workspace(workspace):
@@ -56,10 +67,13 @@ def workspace(workspace):
         flask.request.cookies, get_basic_auth())['workspaces']
     ws = get_workspace(workspace, flask.request.cookies, get_basic_auth()) if workspace in workspaces else None
     # TODO: When the workspace DAO is ready, we have to remove this next line
-    if not ws.get('fdate') and ws.get('duration'): ws['fdate'] = ws.get('duration').get('end')
-    if not ws.get('description'): ws['description'] = ''
+    if not ws.get('fdate') and ws.get('duration'):
+        ws['fdate'] = ws.get('duration').get('end')
+    if not ws.get('description'):
+        ws['description'] = ''
     return flask.jsonify(ws)
 
+
 @app.route('/ws/<workspace>', methods=['PUT'])
 @gzipped
 def workspace_create_or_update(workspace):
@@ -87,7 +101,7 @@ def workspace_create_or_update(workspace):
     elif workspace not in db_manager and not is_update_request:
         res = db_manager.create_workspace(document)
     else:
-        abort(400)
+        flask.abort(400)
 
     if not res:
         response = flask.jsonify({'error': "There was an error {0} the workspace".format("updating" if is_update_request else "creating")})
@@ -96,6 +110,7 @@ def workspace_create_or_update(workspace):
 
     return flask.jsonify({'ok': True})
 
+
 @app.route('/ws/<workspace>', methods=['DELETE'])
 @gzipped
 def workspace_delete(workspace):

From 0cb794d9851f269a82185c8496dc64ad60586c70 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Fri, 26 May 2017 11:38:43 -0300
Subject: [PATCH 08/46] Add empty "TBA" item in RELEASE.md

---
 RELEASE.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE.md b/RELEASE.md
index 2d89f01d4e2..5ea120214b1 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -8,6 +8,10 @@ Make sure you run ```./faraday.py --update``` the first time after an update!
 New features in the latest update
 =====================================
 
+TBA:
+---
+
+
 May 24, 2017:
 ---
 * Fixed bug when editing workspaces created in GTK

From b8209e7f7d35b7a971c3b0ed23b65361dff0751d Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Mon, 29 May 2017 18:45:04 -0300
Subject: [PATCH 09/46] Add new field "Policy Violations"

---
 persistence/server/models.py                  | 12 +++++-
 server/dao/vuln.py                            |  7 +++-
 server/models.py                              |  2 +
 server/www/estilos.css                        |  2 +-
 .../statusReport/controllers/modalEdit.js     | 31 +++++++++++++++-
 .../statusReport/controllers/modalNew.js      | 37 ++++++++++++++++---
 .../statusReport/controllers/statusReport.js  | 30 ++++++++++++++-
 .../statusReport/partials/modalEdit.html      | 16 ++++++++
 .../statusReport/partials/modalNew.html       | 16 ++++++++
 .../statusReport/partials/statusReport.html   |  1 +
 .../columns/policyviolationscolumn.html       |  6 +++
 server/www/scripts/vulns/providers/vuln.js    |  9 +++--
 12 files changed, 152 insertions(+), 17 deletions(-)
 create mode 100644 server/www/scripts/statusReport/partials/ui-grid/columns/policyviolationscolumn.html

diff --git a/persistence/server/models.py b/persistence/server/models.py
index 3f84abc7d36..d0808f0a0b4 100644
--- a/persistence/server/models.py
+++ b/persistence/server/models.py
@@ -1029,6 +1029,7 @@ def __init__(self, vuln, workspace_name):
         self.confirmed = vuln.get('confirmed', False)
         self.resolution = vuln.get('resolution')
         self.status = vuln.get('status', "opened")
+        self.policyviolations = vuln.get('policyviolations', list())
 
     def setID(self, parent_id):
         ModelBase.setID(self, parent_id, self.name, self.description)
@@ -1100,7 +1101,7 @@ def align_string_based_vulns(severity):
         return severity
 
     def updateAttributes(self, name=None, desc=None, data=None,
-                         severity=None, resolution=None, refs=None, status=None):
+                         severity=None, resolution=None, refs=None, status=None, policyviolations=None):
         if name is not None:
             self.name = name
         if desc is not None:
@@ -1115,6 +1116,8 @@ def updateAttributes(self, name=None, desc=None, data=None,
             self.refs = refs
         if status is not None:
             self.setStatus(status)
+        if policyviolations is not None:
+            self.policyviolations = policyviolations
 
     def getID(self): return self.id
     def getDesc(self): return self.desc
@@ -1124,6 +1127,7 @@ def getRefs(self): return self.refs
     def getConfirmed(self): return self.confirmed
     def getResolution(self): return self.resolution
     def getStatus(self): return self.status
+    def getPolicyViolations(self): return self.policyviolations
 
     def setStatus(self, status):
         self.status = status
@@ -1155,6 +1159,7 @@ def __init__(self, vuln_web, workspace_name):
         self.tags = vuln_web.get('tags')
         self.target = vuln_web.get('target')
         self.parent = vuln_web.get('parent')
+        self.policyviolations = vuln_web.get('policyviolations', list())
 
     def setID(self, parent_id):
         ModelBase.setID(self, parent_id, self.name, self.website, self.path, self.description)
@@ -1178,7 +1183,7 @@ def publicattrsrefs():
 
     def updateAttributes(self, name=None, desc=None, data=None, website=None, path=None, refs=None,
                         severity=None, resolution=None, request=None,response=None, method=None,
-                        pname=None, params=None, query=None, category=None, status=None):
+                        pname=None, params=None, query=None, category=None, status=None, policyviolations=None):
 
         super(self.__class__, self).updateAttributes(name, desc, data, severity, resolution, refs, status)
 
@@ -1200,6 +1205,8 @@ def updateAttributes(self, name=None, desc=None, data=None, website=None, path=N
             self.query = query
         if category is not None:
             self.category = category
+        if policyviolations is not None:
+            self.policyviolations = policyviolations
 
     def getDescription(self): return self.description
     def getPath(self): return self.path
@@ -1220,6 +1227,7 @@ def getStatus(self): return self.status
     def getTags(self): return self.tags
     def getTarget(self): return self.target
     def getParent(self): return self.parent
+    def getPolicyViolations(self): return self.policyviolations
 
     def tieBreakable(self, key):
         """
diff --git a/server/dao/vuln.py b/server/dao/vuln.py
index e08eab119a7..a2376ba2c29 100644
--- a/server/dao/vuln.py
+++ b/server/dao/vuln.py
@@ -51,7 +51,8 @@ class VulnerabilityDAO(FaradayDAO):
         "web":              [],
         "issuetracker":     [],
         "creator":          [EntityMetadata.creator],
-        "command_id":       [EntityMetadata.command_id]
+        "command_id":       [EntityMetadata.command_id],
+        "policyviolations":  [Vulnerability.policyviolations]
     }
 
     STRICT_FILTERING = ["type", "service", "couchid", "hostid", "serviceid", 'interfaceid', 'id', 'status', 'command_id']
@@ -80,7 +81,8 @@ def __query_database(self, search=None, page=0, page_size=0, order_by=None, orde
             Vulnerability.method, Vulnerability.params, Vulnerability.pname, Vulnerability.query,\
             EntityMetadata.couchdb_id, EntityMetadata.revision, EntityMetadata.create_time, EntityMetadata.creator,\
             EntityMetadata.owner, EntityMetadata.update_action, EntityMetadata.update_controller_action,\
-            EntityMetadata.update_time, EntityMetadata.update_user, EntityMetadata.document_type, EntityMetadata.command_id, Vulnerability.attachments)
+            EntityMetadata.update_time, EntityMetadata.update_user, EntityMetadata.document_type, EntityMetadata.command_id, \
+            Vulnerability.attachments, Vulnerability.policyviolations)
         service_bundle = Bundle('service', Service.name.label('s_name'), Service.ports, Service.protocol, Service.id)
         host_bundle = Bundle('host', Host.name)
 
@@ -172,6 +174,7 @@ def get_parent_id(couchdb_id):
                 'owned': vuln.owned,
                 'owner': vuln.owner,
                 'parent': get_parent_id(vuln.couchdb_id),
+                'policyviolations': json.loads(vuln.policyviolations),
                 'refs': json.loads(vuln.refs),
                 'status': vuln.status,
                 'website': vuln.website,
diff --git a/server/models.py b/server/models.py
index 0bb295ed3e0..2727c39db63 100644
--- a/server/models.py
+++ b/server/models.py
@@ -309,6 +309,7 @@ class Vulnerability(FaradayEntity, Base):
     severity = Column(String(50))
     owned = Column(Boolean)
     attachments = Column(Text(), nullable=True)
+    policyviolations = Column(Text())
 
     impact_accountability = Column(Boolean)
     impact_availability = Column(Boolean)
@@ -347,6 +348,7 @@ def update_from_document(self, document):
         self.severity=document.get('severity')
         self.owned=document.get('owned', False)
         self.attachments = json.dumps(document.get('_attachments', {}))
+        self.policyviolations = json.dumps(document.get('policyviolations', []))
         self.impact_accountability=document.get('impact', {}).get('accountability')
         self.impact_availability=document.get('impact', {}).get('availability')
         self.impact_confidentiality=document.get('impact', {}).get('confidentiality')
diff --git a/server/www/estilos.css b/server/www/estilos.css
index 4273e2be327..b9a59f701f7 100644
--- a/server/www/estilos.css
+++ b/server/www/estilos.css
@@ -794,7 +794,7 @@ input.form-control.vuln_per_page{width: 10%;margin: auto}
 .reference{margin-top: 5px;}
 div.form-group.editArray{margin-bottom: 0px}
 div.modal-footer.editArray{margin-top: 0px}
-input#vuln-refs{border-radius: 5px 0 0 5px}
+input#vuln-refs, input#vuln-policyviolations {border-radius: 5px 0 0 5px}
 i.fa.fa-plus-circle{color: green;}
 i.fa.fa-minus-circle{color: red;cursor: pointer;}
 span.input-group-addon.button-radius{
diff --git a/server/www/scripts/statusReport/controllers/modalEdit.js b/server/www/scripts/statusReport/controllers/modalEdit.js
index 72f9e73346f..99d27a90a9a 100644
--- a/server/www/scripts/statusReport/controllers/modalEdit.js
+++ b/server/www/scripts/statusReport/controllers/modalEdit.js
@@ -11,6 +11,7 @@ angular.module('faradayApp')
         vm.saveAsModelDisabled = false;
         vm.easeofresolution;
         vm.new_ref;
+        vm.new_policyviolation;
         vm.icons;
         vm.cweList;
         vm.cweLimit;
@@ -27,6 +28,7 @@ angular.module('faradayApp')
             vm.severities = severities;
             vm.statuses = STATUSES;
             vm.new_ref = "";
+            vm.new_policyviolation = "";
             vm.icons = {};
 
             vm.cweList = [];
@@ -63,6 +65,7 @@ angular.module('faradayApp')
                 response: "",
                 website: "",
                 status: "opened",
+                policyviolations: []
             };
 
             vm.vuln = angular.copy(vuln);
@@ -111,6 +114,15 @@ angular.module('faradayApp')
                 refs.push(ref.value);
             });
             vm.data.refs = refs;
+
+            // add the policy violation in new_policyviolation, if there's any
+            vm.newPolicyViolation();
+            // convert policy violations to an array of strings
+            var policyviolations = [];
+            vm.data.policyviolations.forEach(function(policyviolation) {
+                policyviolations.push(policyviolation.value);
+            });
+            vm.data.policyviolations = policyviolations;
             $modalInstance.close(vm.data);
         };
 
@@ -128,9 +140,19 @@ angular.module('faradayApp')
             }
         }
 
+        vm.newPolicyViolation = function() {
+            if (vm.new_policyviolation != "") {
+                // we need to check if the policy violation already exists
+                if (vm.data.policyviolations.filter(function(policyviolation) {return policyviolation.value === vm.new_policyviolation}).length == 0) {
+                    vm.data.policyviolations.push({value: vm.new_policyviolation});
+                    vm.new_policyviolation = "";
+                }
+            }
+        }
+
         vm.populate = function(item) {
             for (var key in vm.data) {
-                if (key != "refs" && item.hasOwnProperty(key) && vm.data.hasOwnProperty(key)) {
+                if (key != "refs" && key != "policyviolations" && item.hasOwnProperty(key) && vm.data.hasOwnProperty(key)) {
                     vm.data[key] = item[key];
                 }
             }
@@ -140,6 +162,13 @@ angular.module('faradayApp')
                 refs.push({value: ref});
             });
             vm.data.refs = refs;
+
+            // convert policyviolations to an array of objects
+            var policyviolations = [];
+            item.policyviolations.forEach(function(policyviolation) {
+                policyviolations.push({value: policyviolation});
+            });
+            vm.data.policyviolations = policyviolations;
         }
 
         init();
diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index ec41b848fc3..abc0c59f3b1 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -13,6 +13,7 @@ angular.module('faradayApp')
         vm.easeofresolution;
         vm.workspace;
         vm.new_ref;
+        vm.new_policyviolation;
         vm.icons;
         vm.cweList;
         vm.cweLimit;
@@ -38,6 +39,7 @@ angular.module('faradayApp')
             vm.severities = severities;
             vm.workspace = workspace;
             vm.new_ref = "";
+            vm.new_policyviolation = "";
             vm.icons = {};
 
             vm.cweList = [];
@@ -71,14 +73,15 @@ angular.module('faradayApp')
                 refs: [],
                 resolution: "",
                 severity: undefined,
-                method: "", 
-                path: "", 
-                pname: "", 
+                method: "",
+                path: "",
+                pname: "",
                 params: "",
-                query: "", 
+                query: "",
                 request: "",
                 response: "",
-                website: ""
+                website: "",
+                policyviolations: []
             };
 
             vm.targets = [];
@@ -122,6 +125,12 @@ angular.module('faradayApp')
                 });
                 vm.data.refs = refs;
 
+                var policyviolations = [];
+                vm.data.policyviolations.forEach(function(violation) {
+                    policyviolations.push(violation.value);
+                });
+                vm.data.policyviolations = policyviolations;
+
                 // delete selection
                 delete vm.data.parent.selected_modalNewCtrl;
 
@@ -161,10 +170,20 @@ angular.module('faradayApp')
             }
         }
 
+        vm.newPolicyviolation = function() {
+            if (vm.new_policyviolation != "") {
+                // we need to check if the policy violation already exists
+                if (vm.data.policyviolations.filter(function(policyviolation) {return policyviolation.value === vm.new_policyviolation}).length == 0) {
+                    vm.data.policyviolations.push({value: vm.new_policyviolation});
+                    vm.new_policyviolation = "";
+                }
+            }
+        }
+
         vm.populate = function(item, model, label) {
 
             for (var key in item) {
-                if (key != "refs" && vm.data.hasOwnProperty(key)) {
+                if(key != "refs" && key != "policyviolations" && vm.data.hasOwnProperty(key)) {
                     vm.data[key] = item[key];
                 }
             }
@@ -175,6 +194,12 @@ angular.module('faradayApp')
                 refs.push({value: ref});
             });
             vm.data.refs = refs;
+
+            var policyviolations = [];
+            item.policyviolations.forEach(function(policyviolation) {
+                policyviolations.push({value: policyviolation});
+            });
+            vm.data.policyviolations = policyviolations;
         }
 
         init();
diff --git a/server/www/scripts/statusReport/controllers/statusReport.js b/server/www/scripts/statusReport/controllers/statusReport.js
index ac6a7c5f5c2..a2cb6c1f083 100644
--- a/server/www/scripts/statusReport/controllers/statusReport.js
+++ b/server/www/scripts/statusReport/controllers/statusReport.js
@@ -175,7 +175,8 @@ angular.module('faradayApp')
                 "query":            false,
                 "response":         false,
                 "web":              false,
-                "creator":          false
+                "creator":          false,
+                "policyviolations":  false
             };
 
             // created object for columns cookie columns
@@ -394,6 +395,14 @@ angular.module('faradayApp')
                 sort: getColumnSort('metadata.creator'),
                 visible: $scope.columns["creator"]
             });
+            $scope.gridOptions.columnDefs.push({ name : 'policyviolations',
+                displayName : "policy violations",
+                cellTemplate: 'scripts/statusReport/partials/ui-grid/columns/policyviolationscolumn.html',
+                headerCellTemplate: header,
+                width: '100',
+                sort: getColumnSort('policyviolations'),
+                visible: $scope.columns["policyviolations"]
+            });
         };
 
 
@@ -736,6 +745,25 @@ angular.module('faradayApp')
                 {options: EASEOFRESOLUTION});
         };
 
+        $scope.editPolicyviolations = function() {
+            editProperty(
+                'scripts/commons/partials/editArray.html',
+                'commonsModalEditArray',
+                'Enter the new policy violations:',
+                'policyviolations',
+                {callback: function (vuln, policyviolations) {
+                    var violations = vuln.policyviolations.concat([]);
+                    policyviolations.forEach(function(policyviolation) {
+                        if(vuln.policyviolations.indexOf(policyviolation) == -1){
+                            violations.push(policyviolation);
+                        }
+                    });
+
+                    return {'policyviolations': violations};
+                }}
+                );
+        };
+
         $scope.editReferences = function() {
             editProperty(
                 'scripts/commons/partials/editArray.html',
diff --git a/server/www/scripts/statusReport/partials/modalEdit.html b/server/www/scripts/statusReport/partials/modalEdit.html
index ac54de8641b..c9d06bb85c4 100644
--- a/server/www/scripts/statusReport/partials/modalEdit.html
+++ b/server/www/scripts/statusReport/partials/modalEdit.html
@@ -85,6 +85,22 @@ <h5>Confirmed</h5>
                     <label class="sr-only" for="vuln-resolution">Vuln Resolution</label>
                     <textarea class="form-control" id="vuln-resolution" placeholder="Resolution" ng-model="modal.data.resolution"></textarea>
                 </div>
+            </div><!-- .form-group -->
+                        <div class="form-group">
+                <div class="col-md-12">
+                    <div class="input-group margin-bottom-sm">
+                        <label class="sr-only" for="vuln-policyviolations">Policy Violations</label>
+                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violations" ng-model="modal.new_policyviolation"/>
+                        <span class="input-group-addon cursor" ng-click="modal.newPolicyviolation()"><i class="fa fa-plus-circle"></i></span>
+                    </div>
+                </div>
+                <div class="col-md-12 reference" ng-repeat="policyviolation in modal.data.policyviolations">
+                    <div class="input-group margin-bottom-sm">
+                        <label class="sr-only" for="vuln-policyviolations">Policy Violation</label>
+                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violation" ng-model="policyviolation.value"/>
+                        <span class="input-group-addon cursor" ng-click="modal.data.policyviolations.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
+                    </div>
+                </div>
             </div><!-- .form-group -->
             <div ng-if="modal.vuln.type === 'VulnerabilityWeb'">
                 <div class="form-group">
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index 8a5568fb69c..bb02fe84529 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -127,6 +127,22 @@ <h5>Ease of Resolution</h5>
                     <textarea class="form-control" id="vuln-resolution" placeholder="Resolution" ng-model="modal.data.resolution"></textarea>
                 </div>
             </div><!-- .form-group -->
+            <div class="form-group">
+                <div class="col-md-12">
+                    <div class="input-group margin-bottom-sm">
+                        <label class="sr-only" for="vuln-policyviolations">Policy Violations</label>
+                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violations" ng-model="modal.new_policyviolation"/>
+                        <span class="input-group-addon cursor" ng-click="modal.newPolicyviolation()"><i class="fa fa-plus-circle"></i></span>
+                    </div>
+                </div>
+                <div class="col-md-12 reference" ng-repeat="policyviolation in modal.data.policyviolations">
+                    <div class="input-group margin-bottom-sm">
+                        <label class="sr-only" for="vuln-policyviolations">Policy Violation</label>
+                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violation" ng-model="policyviolation.value"/>
+                        <span class="input-group-addon cursor" ng-click="modal.data.policyviolations.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
+                    </div>
+                </div>
+            </div><!-- .form-group -->
         </div>
 
         <div class="animate-switch-container" ng-switch on="modal.data.type">
diff --git a/server/www/scripts/statusReport/partials/statusReport.html b/server/www/scripts/statusReport/partials/statusReport.html
index d17d0b02f67..cbeaff33672 100644
--- a/server/www/scripts/statusReport/partials/statusReport.html
+++ b/server/www/scripts/statusReport/partials/statusReport.html
@@ -59,6 +59,7 @@ <h2><span id="ws-name" title="Current workspace">Status report for {{ workspace
                         <li><a class="ws" ng-click="editReferences()">Add references</a></li>
                         <li><a class="ws" ng-click="editImpact()">Edit impact</a></li>
                         <li><a class="ws" ng-click="editStatus()">Edit status</a></li>
+                        <li><a class="ws" ng-click="editPolicyviolations()">Edit policy violations</a></li>
                         <li><a class="ws" ng-click="editConfirm()">Confirm/Change to false positive</a></li>
                         <li ng-show="vulnWebSelected" role="separator" class="divider"></li>
                         <li ng-show="vulnWebSelected"><a class="ws" ng-click="editString('method')">Edit method</a></li>
diff --git a/server/www/scripts/statusReport/partials/ui-grid/columns/policyviolationscolumn.html b/server/www/scripts/statusReport/partials/ui-grid/columns/policyviolationscolumn.html
new file mode 100644
index 00000000000..a1460537bcf
--- /dev/null
+++ b/server/www/scripts/statusReport/partials/ui-grid/columns/policyviolationscolumn.html
@@ -0,0 +1,6 @@
+<div ng-if="row.entity._id != undefined">
+    <div class="ui-grid-cell-contents center overflow-cell">
+        <p ng-repeat="policyviolation in COL_FIELD" class='pos-middle crop-text'><a href='{{grid.appScope.processReference(policyviolation)}}' target="_blank">{{policyviolation}}</a></p>
+    </div>
+</div>
+<div ng-if="row.groupHeader && col.grouping.groupPriority !== undefined" class="ui-grid-cell-contents white-space">{{COL_FIELD.split('(')[0] !== ' ' ? COL_FIELD : 'EMPTY' + COL_FIELD}}</div>
\ No newline at end of file
diff --git a/server/www/scripts/vulns/providers/vuln.js b/server/www/scripts/vulns/providers/vuln.js
index aa6a0c34a88..c7be5144c42 100644
--- a/server/www/scripts/vulns/providers/vuln.js
+++ b/server/www/scripts/vulns/providers/vuln.js
@@ -45,6 +45,7 @@ angular.module('faradayApp')
             this.type = "Vulnerability";
             this.ws = "";
             this.status = "opened";
+            this.policyviolations = "";
 
             if(data) {
                 if(data.name === undefined || data.name === "") {
@@ -55,9 +56,9 @@ angular.module('faradayApp')
         };
 
         var public_properties = [
-            '_attachments', 'confirmed', 'data', 'desc', 'easeofresolution', 
-            'impact', 'name', 'owned', 'refs', 'resolution', 'severity',
-            'status',
+            '_attachments', 'confirmed', 'data', 'desc', 'easeofresolution',
+            'impact', 'name', 'owned', 'policyviolations', 'refs', 'resolution',
+            'severity', 'status',
         ];
 
         var saved_properties = public_properties.concat(
@@ -86,7 +87,7 @@ angular.module('faradayApp')
 
                 if(data.owner !== undefined) self.owner = data.owner;
                 self.ws = ws;
-                if(data.parent !== undefined) self.parent = data.parent; 
+                if(data.parent !== undefined) self.parent = data.parent;
 
                 self.public_properties.forEach(function(property) {
                     if(data[property] !== undefined) self[property] = data[property];

From f57522764b25dac525dc63cb455b36a512d51f64 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Mon, 29 May 2017 19:12:32 -0300
Subject: [PATCH 10/46] Add new field to CouchDB view

---
 .../_attachments/views/vulns/views/all/map.js     | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/views/reports/_attachments/views/vulns/views/all/map.js b/views/reports/_attachments/views/vulns/views/all/map.js
index 8c222c18e2e..2c3aa9039d9 100644
--- a/views/reports/_attachments/views/vulns/views/all/map.js
+++ b/views/reports/_attachments/views/vulns/views/all/map.js
@@ -10,6 +10,7 @@ function(doc) {
             "confidentiality": false,
             "integrity": false
         },
+        policyviolations = [],
         resolution = "",
         confirmed = false;
         if(doc.easeofresolution !== undefined) {
@@ -18,6 +19,9 @@ function(doc) {
         if(doc.impact !== undefined) {
             impact = doc.impact;
         }
+        if(doc.policyviolations !== undefined) {
+            policyviolations = doc.policyviolations;
+        }
         if(doc.resolution !== undefined) {
             resolution = doc.resolution;
         }
@@ -28,19 +32,20 @@ function(doc) {
             "_attachments":     doc._attachments,
             "confirmed":        doc.confirmed || confirmed,
             "data":             doc.data,
-            "desc":             doc.desc, 
+            "desc":             doc.desc,
             "easeofresolution": easeofresolution,
             "impact":           impact,
             "metadata":         doc.metadata,
-            "name":             doc.name, 
+            "name":             doc.name,
             "obj_id":           doc.obj_id,
             "owned":            doc.owned,
             "owner":            doc.owner,
-            "parent":           doc.parent, 
+            "parent":           doc.parent,
+            "policyviolations": policyviolations,
             "refs":             doc.refs,
             "resolution":       resolution,
-            "severity":         doc.severity, 
-            "type":             doc.type,
+            "severity":         doc.severity,
+            "type":             doc.type
         };
 
         if(doc.type == "VulnerabilityWeb") {

From b2a4ce2ba7b7e8cbafa3e584f40b7eac7026885a Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Mon, 29 May 2017 19:12:45 -0300
Subject: [PATCH 11/46] Add RELEASE information for #3849

---
 RELEASE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..621fbc8808b 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,6 +10,7 @@ New features in the latest update
 
 TBA:
 ---
+* Added "Policy Violations" field for Vulnerabilities
 
 
 May 24, 2017:

From 5cfed2f1cd98a603b238d19fad2a83a571cbb472 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Thu, 1 Jun 2017 13:25:47 -0300
Subject: [PATCH 12/46] Add RELEASE INFORMATION for #3855

---
 RELEASE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..3b45dfd7cb0 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,6 +10,7 @@ New features in the latest update
 
 TBA:
 ---
+* Merged PR #182 - problems with zonatransfer.me
 
 
 May 24, 2017:

From 91f7832bc5d442e63f637e76c6421f186909bcf7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Thu, 1 Jun 2017 17:56:28 -0300
Subject: [PATCH 13/46] Fix DOM-based XSS in Dashboard Top Services

Service names could contain javascript code and be executed when users
pass the mouse over the Top Services widget in the dashboard
---
 server/www/scripts/d3/directives/treemap.js | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/server/www/scripts/d3/directives/treemap.js b/server/www/scripts/d3/directives/treemap.js
index 1a8ebcec995..9be0f383d67 100644
--- a/server/www/scripts/d3/directives/treemap.js
+++ b/server/www/scripts/d3/directives/treemap.js
@@ -3,7 +3,7 @@
 // See the file 'doc/LICENSE' for the license information
 
 angular.module('faradayApp')
-  .directive('d3Treemap', ['d3Service', 
+  .directive('d3Treemap', ['d3Service',
   function(d3Service) {
     return {
       restrict: 'EA',
@@ -79,11 +79,17 @@ angular.module('faradayApp')
                 }
               })
               .on('mouseover', function(d){
-                if (!data.width){
-                  document.getElementById("treemapText").innerHTML = "<div style='background-color:" + d.color + "'>" + d.name + '</div>' + d.count;
-                }else{
-                  document.getElementById("treemapTextModel").innerHTML = "<div style='background-color:" + d.color + "'>" + d.name + '</div>' + d.count;
-                }
+                  if (!data.width){
+                    var element = document.getElementById("treemapText");
+                      //.innerHTML = "<div style='background-color:" + d.color + "'>" + d.name + '</div>' + d.count;
+                  }else{
+                    var element = document.getElementById("treemapTextModel");
+                  }
+                  var colored = document.createElement('div');
+                  colored.style = "background-color:" + d.color; // Color is safe (its value is in a whitelist)
+                  colored.innerText = d.name;
+                  element.appendChild(colored);
+                  element.appendChild(document.createTextNode(d.count));
               })
               .on('mouseenter', function(d) {
                 var line = d3.select('.tm-'+d.name)

From 4f07e2353b64efec2f9e9b101f61073fff80e2ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Thu, 1 Jun 2017 18:33:05 -0300
Subject: [PATCH 14/46] Fix dom-based xss in not used directives

---
 server/www/scripts/d3/directives/bar.js  | 7 ++++++-
 server/www/scripts/d3/directives/cake.js | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/server/www/scripts/d3/directives/bar.js b/server/www/scripts/d3/directives/bar.js
index 39f013a92cf..d1199b5648f 100644
--- a/server/www/scripts/d3/directives/bar.js
+++ b/server/www/scripts/d3/directives/bar.js
@@ -80,7 +80,12 @@ angular.module('faradayApp')
                     var hurl    = "/" + workspace + "/_design/hosts/_view/hosts";
                     hosts    = get_obj(hurl);
                     var name = hosts[d.key].name;
-                    document.getElementById("barText").innerHTML =  "<div style='background-color:" + d.color + "'><b>" + name + '</b></div>' + d.value;
+                    var element = document.getElementById("barText");
+                    var colored = document.createElement('div');
+                    colored.style = "background-color:" + d.color; // Color is safe (its value is in a whitelist)
+                    colored.innerText = name;
+                    element.appendChild(colored);
+                    element.appendChild(document.createTextNode(d.value));
                 })
                 .on('mouseenter', function(d) {
                     var line = d3.select('.id-'+d.key)
diff --git a/server/www/scripts/d3/directives/cake.js b/server/www/scripts/d3/directives/cake.js
index 019a8dbe7d9..79ab0161d11 100644
--- a/server/www/scripts/d3/directives/cake.js
+++ b/server/www/scripts/d3/directives/cake.js
@@ -100,7 +100,12 @@ angular.module('faradayApp')
                 .style("stroke-width", "0.5")
                 .style("opacity", 0)
                 .on('mouseover', function(d) {
-                    document.getElementById("cakeText").innerHTML = "<div style='background-color:" + d.color + "'><b>" + d.key + '</b></div>' + d.value;
+                    var element = document.getElementById("cakeText");
+                    var colored = document.createElement('div');
+                    colored.style = "background-color:" + d.color; // Color is safe (its value is in a whitelist)
+                    colored.innerText = d.key;
+                    element.appendChild(colored);
+                    element.appendChild(document.createTextNode(d.value));
                 })
                 .on('mouseenter', function(d) {
                     var slice = d3.select('.cake-'+d.key)

From ece6d0d5e09263c90351f5b4d6db17c665d79f54 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 1 Jun 2017 22:14:07 -0300
Subject: [PATCH 15/46] Add the possibility to select more than one target

When creating a vuln manually from the Web UI, the targets list is now
multi-clickable.

Also added buttons to select and deselect all targets.
---
 .../statusReport/controllers/modalNew.js      | 85 ++++++++++++-------
 .../statusReport/partials/modalNew.html       | 54 +++++++-----
 server/www/scripts/vulns/providers/vulns.js   | 23 +++--
 3 files changed, 103 insertions(+), 59 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index ec41b848fc3..b7fd8a96f7f 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -24,11 +24,14 @@ angular.module('faradayApp')
         vm.newCurrentPage;
         vm.pageSize;
 
-        vm.targets; 
+        vm.targets;
         vm.target_filter;
 
         vm.data;
 
+        // true if all the parents in data.parents are type Host
+        vm.host_parents;
+
         init = function() {
             vm.vuln_types = [
                 {name:'Vulnerability', value:'Vulnerability'},
@@ -40,6 +43,8 @@ angular.module('faradayApp')
             vm.new_ref = "";
             vm.icons = {};
 
+            vm.host_parents = false;
+
             vm.cweList = [];
             cweFact.get().then(function(data) {
                 vm.cweList = data;
@@ -48,14 +53,13 @@ angular.module('faradayApp')
             vm.cwe_filter = "";
 
             vm.file_name_error = false;
- 
+
             vm.pageSize = 5;
             vm.currentPage = 0;
             vm.newCurrentPage = 0;
 
             vm.data = {
                 _attachments: {},
-                type: "Vulnerability",
                 data: "",
                 desc: "",
                 easeofresolution: undefined,
@@ -65,19 +69,20 @@ angular.module('faradayApp')
                     confidentiality: false,
                     integrity: false
                 },
+                method: "",
                 name: "",
                 owned: false,
-                parent: undefined,
-                refs: [],
-                resolution: "",
-                severity: undefined,
-                method: "", 
-                path: "", 
-                pname: "", 
                 params: "",
-                query: "", 
+                parents: [],
+                path: "",
+                pname: "",
+                query: "",
+                refs: [],
                 request: "",
+                resolution: "",
                 response: "",
+                severity: undefined,
+                type: "Vulnerability",
                 website: ""
             };
 
@@ -111,36 +116,56 @@ angular.module('faradayApp')
         };
 
         vm.ok = function() {
-            if (!(vm.data.type === "VulnerabilityWeb" && vm.data.parent.type === "Host")) {
-                // add the ref in new_ref, if there's any
-                vm.newReference();
-
-                // convert refs to an array of strings
-                var refs = [];
-                vm.data.refs.forEach(function(ref) {
-                    refs.push(ref.value);
-                });
-                vm.data.refs = refs;
+            // add the ref in new_ref, if there's any
+            vm.newReference();
 
-                // delete selection
-                delete vm.data.parent.selected_modalNewCtrl;
+            // convert refs to an array of strings
+            var refs = [];
+            vm.data.refs.forEach(function(ref) {
+                refs.push(ref.value);
+            });
+            vm.data.refs = refs;
 
-                vm.data.parent = vm.data.parent._id;
+            var parents = vm.data.parents;
+            vm.data.parents = [];
+            parents.forEach(function(parent) {
+                vm.data.parents.push(parent._id);
+            });
 
-                $modalInstance.close(vm.data);
-            }
+            $modalInstance.close(vm.data);
         };
 
         vm.cancel = function() {
             $modalInstance.dismiss('cancel');
         };
 
+        vm.resetTarget = function () {
+            vm.data.parents = [];
+            vm.host_parents = false;
+        };
+
+        vm.setAllTargets = function() {
+            vm.data.parents = vm.targets;
+            vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
+                return elem.type === 'Host';
+            });
+        };
+
         vm.setTarget = function(target) {
-            if (vm.data.parent != undefined) {
-                delete vm.data.parent.selected_modalNewCtrl;
+            var index = vm.data.parents.indexOf(target);
+
+            if(index >= 0) {
+                // if target already selected, user is deselecting
+                vm.data.parents.splice(index, 1);
+            } else {
+                // else, add to parents list
+                vm.data.parents.push(target);
             }
-            target.selected_modalNewCtrl = true;
-            vm.data.parent = target;
+
+            // refresh host_parents var
+            vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
+                return elem.type === 'Host';
+            });
         }
 
         vm.go = function() {
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index 8a5568fb69c..0edae8b458d 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -5,28 +5,36 @@
 <form name="form" novalidate>
     <div class="modal-header">
         <div class="modal-button">
-            <button class="btn btn-success" ng-click="modal.ok()" ng-disabled="form.$invalid || modal.data.severity === undefined">OK</button>
+            <button class="btn btn-success" ng-click="modal.ok()" ng-disabled="form.$invalid || modal.data.severity === undefined || (modal.data.type === 'VulnerabilityWeb' && modal.host_parents)">OK</button>
             <button class="btn btn-danger" ng-click="modal.cancel()">Cancel</button>
         </div>
         <h3 class="modal-title">Vulnerability creation</h3>
     </div>
     <div class="modal-body">
         <div class="form-horizontal">
+            <h5>Target</h5>
             <div class="form-group">
-                <div class="col-md-12">
+                <div class="col-md-9">
                     <div class="form-group input-accordion">
-                        <input type="text" ng-model="modal.target_filter" class="form-control input-sm" placeholder="Search" ng-change="modal.currentPage = 0">
+                        <input type="text" ng-model="modal.target_filter" class="form-control input-sm" placeholder="Search targets" ng-change="modal.currentPage = 0">
                     </div>
+                </div>
+                <div class="col-md-3">
+                    <input class="btn btn-default btn-sm" type="button" value="Deselect all" ng-click="modal.resetTarget()">
+                    <input class="btn btn-default btn-sm" type="button" value="Select all" ng-click="modal.setAllTargets()">
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="col-md-12">
                     <uib-accordion close-others="true">
                         <uib-accordion-group is-open="isopen" ng-repeat="host in modal.targets_filtered = (modal.targets | filter:modal.target_filter) | startFrom:modal.currentPage*modal.pageSize | limitTo:modal.pageSize">
-                        <uib-accordion-heading>
-                        <a ng-click="modal.setTarget(host)" ng-class="{'multi-selected': host.selected_modalNewCtrl == true}">{{host.name}} ({{host.hostnames[0]}})</a>
-                        <i class="pull-right glyphicon"
-                        ng-class="{'glyphicon glyphicon-minus-sign': isopen, 'glyphicon glyphicon-plus-sign': !isopen}"></i>
-                        </uib-accordion-heading>
-                        <div class="panel-body" ng-repeat="service in host.services">
-                            <a ng-model="service" ng-click="modal.setTarget(service)" ng-class="{'multi-selected': service.selected_modalNewCtrl == true}">{{service.name}}  {{service.ports}}</a>
-                        </div>
+                            <uib-accordion-heading>
+                                <a ng-click="modal.setTarget(host)" ng-class="{'multi-selected': modal.data.parents.indexOf(host) >= 0}">{{host.name}} ({{host.hostnames[0]}})</a>
+                                <i class="pull-right glyphicon" ng-class="{'glyphicon glyphicon-minus-sign': isopen, 'glyphicon glyphicon-plus-sign': !isopen}"></i>
+                            </uib-accordion-heading>
+                            <div class="panel-body" ng-repeat="service in host.services">
+                                <a ng-model="service" ng-click="modal.setTarget(service)" ng-class="{'multi-selected': modal.data.parents.indexOf(service) >= 0}">{{service.name}}  {{service.ports}}</a>
+                            </div>
                         </uib-accordion-group>
                     </uib-accordion>
                     <div class="showPagination" ng-show="modal.targets_filtered.length > modal.pageSize">
@@ -46,22 +54,22 @@ <h3 class="modal-title">Vulnerability creation</h3>
                     </div>
                 </div>
             </div>
-        </div>
-
-        <div class="alert alert-danger target_not_selected" role="alert" ng-hide="modal.data.parent != undefined">
-            <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
-            <span class="sr-only">Error:</span>
-            There is no target selected
+            <div class="alert alert-danger target_not_selected" role="alert" ng-hide="modal.data.parents.length > 0">
+                <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
+                <span class="sr-only">Error:</span>
+                There is no target selected
+                </div>
+            <div class="alert alert-danger target_not_selected" role="alert" ng-show="modal.data.type === 'VulnerabilityWeb' && modal.host_parents">
+                <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
+                <span class="sr-only">Error:</span>
+                Trying to create a Web Vulnerability with one or more Host parents. Please deselect the Host targets or <a href="" ng-click="modal.resetTarget()">click here to deselect all targets</a>
             </div>
-        <div class="alert alert-danger target_not_selected" role="alert" ng-show="modal.data.type === 'VulnerabilityWeb' && modal.data.parent.type === 'Host'">
-            <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
-            <span class="sr-only">Error:</span>
-            Vulnerability incompatible with host target, please select a service
         </div>
+
         <div class="form-horizontal">
             <div class="form-group">
                 <div class="col-md-12">
-                    <h5>Search vulnerability database templates <a href="https://github.com/infobyte/faraday/wiki/vulnerabilities-database" target="_blank"><span class="glyphicon glyphicon-question-sign" title="Read more about vulnerability templates in Faraday Documentation"></span></a></h5>
+                    <h5>Search vulnerability database templates <a href="https://github.com/infobyte/faraday/wiki/vulnerabilities-database" target="_blank"><span class="glyphicon glyphicon-question-sign" title="Read more about vulnerability templates in the official Faraday Documentation"></span></a></h5>
                     <input type="text" ng-model="modal.cwe_selected" class="form-control input-sm" placeholder="Search for vulnerability templates" uib-typeahead="cwe as cwe.name for cwe in modal.cweList | filter:{name: $viewValue} | limitTo:10" typeahead-on-select="modal.populate($item, $model, $label)">
                 </div>
             </div>
@@ -209,7 +217,7 @@ <h4>Evidence</h4>
     </div><!-- .modal-body -->
     <div class="modal-footer">
         <div class="modal-button">
-            <button class="btn btn-success" ng-click="modal.ok()" ng-disabled="form.$invalid || modal.data.severity === undefined">OK</button>
+            <button class="btn btn-success" ng-click="modal.ok()" ng-disabled="form.$invalid || modal.data.severity === undefined || (modal.data.type === 'VulnerabilityWeb' && modal.host_parents)">OK</button>
             <button class="btn btn-danger" ng-click="modal.cancel()">Cancel</button>
         </div>
     </div>
diff --git a/server/www/scripts/vulns/providers/vulns.js b/server/www/scripts/vulns/providers/vulns.js
index 9546855cfa3..3de89b6045d 100644
--- a/server/www/scripts/vulns/providers/vulns.js
+++ b/server/www/scripts/vulns/providers/vulns.js
@@ -9,13 +9,24 @@ angular.module('faradayApp')
         var vulnsManager = {};
 
         vulnsManager.createVuln = function(ws, data) {
-            if(data.type == "Vulnerability") {
-                var vuln = new Vuln(ws, data);
-            } else {
-                var vuln = new WebVuln(ws, data);
-            }
+            var parents = data.parents,
+            promises = [];
 
-            return vuln.save();
+            delete data.parents;
+
+            parents.forEach(function(parent_id) {
+                data.parent = parent_id;
+
+                if(data.type == "Vulnerability") {
+                    var vuln = new Vuln(ws, data);
+                } else {
+                    var vuln = new WebVuln(ws, data);
+                }
+
+                promises.push(vuln.save());
+            });
+
+            return $q.all(promises);
         };
 
         vulnsManager.deleteVuln = function(vuln) {

From 4de86937907a1fa2cc441f13443040b5598c9069 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 1 Jun 2017 22:15:50 -0300
Subject: [PATCH 16/46] Add RELEASE information for #4011

---
 RELEASE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..40d492a3710 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,6 +10,7 @@ New features in the latest update
 
 TBA:
 ---
+* Added the ability to select more than one target when creating a vuln in the Web UI
 
 
 May 24, 2017:

From 52d0c1d7a4c2e2499a2f0744d469a90b776be230 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Fri, 2 Jun 2017 14:37:21 -0300
Subject: [PATCH 17/46] Sanitize class name on top services

To avoid potential XSS (probably not possible) and usability bugs. Also
fix issues with "undefined" type. Add release information.
QA #4016
---
 RELEASE.md                                  |  1 +
 server/www/scripts/d3/directives/treemap.js | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..866f850c577 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,6 +10,7 @@ New features in the latest update
 
 TBA:
 ---
+* Fixed DOM-based XSS in the Top Services widget of the dashboard
 
 
 May 24, 2017:
diff --git a/server/www/scripts/d3/directives/treemap.js b/server/www/scripts/d3/directives/treemap.js
index 9be0f383d67..05f92e44b4a 100644
--- a/server/www/scripts/d3/directives/treemap.js
+++ b/server/www/scripts/d3/directives/treemap.js
@@ -61,12 +61,18 @@ angular.module('faradayApp')
               .sticky(true)
               .value(function(d) {return d.count});
 
+            function nameToClassSafeName(name) {
+              // Remove non alphanumeric characters to safely use the (modified)
+              // name as a class name
+              return name.replace(/[^0-9a-zA-Z]/g, '');
+            }
+
             var node = div.datum(data_cp).selectAll(".node")
               .data(treemap.nodes)
             .enter().append("div")
               .attr("class", function(d) {
                   var ret = "node treemap-tooltip";
-                  if(d.name) ret += " tm-" + d.name;
+                  if(d.name) ret += " tm-" + nameToClassSafeName(d.name);
                   return ret;
               })
               .call(position)
@@ -79,6 +85,7 @@ angular.module('faradayApp')
                 }
               })
               .on('mouseover', function(d){
+                  if(typeof(d.name) === 'undefined') return; // I don't know why this happens
                   if (!data.width){
                     var element = document.getElementById("treemapText");
                       //.innerHTML = "<div style='background-color:" + d.color + "'>" + d.name + '</div>' + d.count;
@@ -92,11 +99,13 @@ angular.module('faradayApp')
                   element.appendChild(document.createTextNode(d.count));
               })
               .on('mouseenter', function(d) {
-                var line = d3.select('.tm-'+d.name)
+                if(typeof(d.name) === 'undefined') return; // I don't know why this happens
+                var line = d3.select('.tm-'+nameToClassSafeName(d.name))
                     .style("opacity", 1);
               })
               .on('mouseleave', function(d) {
-                var line = d3.select('.tm-'+d.name)
+                if(typeof(d.name) === 'undefined') return; // I don't know why this happens
+                var line = d3.select('.tm-'+nameToClassSafeName(d.name))
                     .style("opacity", 0.8);
                 document.getElementById("treemapText").innerHTML = "";
               })

From 3c609a172ad277eb593fe7fca67768f6e95daafe Mon Sep 17 00:00:00 2001
From: EzequielTBH <ezequieltbh@infobytesec.com>
Date: Fri, 2 Jun 2017 19:44:49 -0300
Subject: [PATCH 18/46] Add to AUTHORS and RELEASE, fix Appscan plugin

---
 AUTHORS    | 1 +
 RELEASE.md | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index 487ad43f1e6..6a8d7e1136c 100755
--- a/AUTHORS
+++ b/AUTHORS
@@ -33,3 +33,4 @@ Project contributors
     * tsxltjecwb
     * Ulisses Albuquerque
     * xtr4nge
+    * Endrigo Antonini
diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..60e79dabff6 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,7 +10,7 @@ New features in the latest update
 
 TBA:
 ---
-
+Fix in AppScan plugin.
 
 May 24, 2017:
 ---

From afe25856c424ce6543b40bcf0cb0d26c251f2d0f Mon Sep 17 00:00:00 2001
From: EzequielTBH <ezequieltbh@infobytesec.com>
Date: Fri, 2 Jun 2017 19:47:05 -0300
Subject: [PATCH 19/46] Add RELEASE.md, new plugin Junit XML

---
 RELEASE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..449cf594d93 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,7 +10,7 @@ New features in the latest update
 
 TBA:
 ---
-
+* Add new plugin: Junit XML
 
 May 24, 2017:
 ---

From cb8243d7f20a8a8447e47ba2b0e6f53c366043ee Mon Sep 17 00:00:00 2001
From: Federico Lopez L <flopezluksenberg@gmail.com>
Date: Fri, 2 Jun 2017 20:00:52 -0300
Subject: [PATCH 20/46] Fix csv status report download for old versions of
 mozilla firefox

---
 server/www/scripts/fileExporter/directives/download.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/www/scripts/fileExporter/directives/download.js b/server/www/scripts/fileExporter/directives/download.js
index 8d7128ca0e1..a9dc726a04c 100644
--- a/server/www/scripts/fileExporter/directives/download.js
+++ b/server/www/scripts/fileExporter/directives/download.js
@@ -32,7 +32,10 @@ angular.module('faradayApp')
                 a_href = element.find('a')[0];
                 
                 $click.on(a_href);
-                $timeout(function() {$blob.revoke(url);});
+
+                //Delay is necesary only for old versions of firefox browser.
+                //Ref: https://stackoverflow.com/questions/30694453/blob-createobjecturl-download-not-working-in-firefox-but-works-when-debugging
+                $timeout(function() {$blob.revoke(url);}, 1000);
                 
                 element[0].removeChild(a_href);
               });

From ee161fffefc92de9d715cf148986a8bf048656d6 Mon Sep 17 00:00:00 2001
From: Federico Lopez L <flopezluksenberg@gmail.com>
Date: Sat, 3 Jun 2017 10:57:44 -0300
Subject: [PATCH 21/46] Update requirements_server.txt

---
 requirements_server.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements_server.txt b/requirements_server.txt
index 117bf842227..7fe736a1fcb 100644
--- a/requirements_server.txt
+++ b/requirements_server.txt
@@ -6,3 +6,4 @@ twisted>=16.1.1
 sqlalchemy>=1.0.12
 pyopenssl>=16.0.0
 service_identity>=16.0.0
+pyasn1-modules

From 2fd927bb690297f9e5628571e95b33e44aa08c6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Mon, 5 Jun 2017 12:00:34 -0300
Subject: [PATCH 22/46] Patch formula injection in CSV export

Prepend Excel formulas with an apostrophe.
See https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/ for further information.
QA #3895
---
 server/www/scripts/csv/providers/csv.js | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/server/www/scripts/csv/providers/csv.js b/server/www/scripts/csv/providers/csv.js
index 80a85500f9f..4b91c6aa9d5 100644
--- a/server/www/scripts/csv/providers/csv.js
+++ b/server/www/scripts/csv/providers/csv.js
@@ -34,7 +34,7 @@ angular.module('faradayApp')
                         object[prop] = "";
                     }
                     if(prop === "date") object[prop] = parseDate(v["metadata"]["create_time"] * 1000);
-                    if(prop === "creator") object[prop] = v["metadata"]["creator"];
+                    if(prop === "creator") object[prop] = excelEscape(v["metadata"]["creator"]);
                     if(prop === "web") {
                         if(v.type === "Vulnerability") {
                             object[prop] = false;
@@ -59,7 +59,7 @@ angular.module('faradayApp')
         };
 
         cleanCSV = function(field) {
-            return field.replace(/\"/g, "\"\"");
+            return excelEscape(field.replace(/\"/g, "\"\""));
         };
 
         parseObject = function(object) {
@@ -77,13 +77,25 @@ angular.module('faradayApp')
                 });
             }
             parsedData = parsedData.substring(0, parsedData.length - 1);
-            return parsedData;
+            return excelEscape(parsedData);
         };
 
         parseDate = function(date) {
             var d = new Date(date);
-            return d.getMonth()+1 +"/" + d.getDate() + "/" + d.getFullYear();
+            return excelEscape(d.getMonth()+1 +"/" + d.getDate() + "/" + d.getFullYear());
         };
 
+        excelEscape = function(data){
+            // Patch possible formula injection attacks
+            // See https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/ for more info.
+            if(data.startsWith('=') || data.startsWith('+')
+                                    || data.startsWith('-')
+                                    || data.startsWith('@')){
+                return "'" + data
+            }else{
+                return data
+            }
+        }
+
         return csvService;
     });

From c84ccfa617eaad224d5f312c2c9cfa0142bb2067 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Mon, 5 Jun 2017 14:13:26 -0300
Subject: [PATCH 23/46] Start pagination indexing in 1 in new vuln modal

---
 server/www/scripts/statusReport/controllers/modalNew.js | 6 +++---
 server/www/scripts/statusReport/partials/modalNew.html  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index ec41b848fc3..b3e65dc1fa0 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -145,9 +145,9 @@ angular.module('faradayApp')
 
         vm.go = function() {
             vm.currentPage = 0;
-            if(vm.newCurrentPage <= parseInt(vm.targets.length/vm.pageSize)
-                    && vm.newCurrentPage > -1) {
-                vm.currentPage = vm.newCurrentPage;
+            if((vm.newCurrentPage-1) <= parseInt(vm.targets.length/vm.pageSize)
+                    && (vm.newCurrentPage-1) > -1) {
+                vm.currentPage = (vm.newCurrentPage-1);
             }
         }
 
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index 8a5568fb69c..988a7c6d1bf 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -33,7 +33,7 @@ <h3 class="modal-title">Vulnerability creation</h3>
                         <div class="form-group">
                             <ul class="pagination">
                                 <li><a ng-hide="modal.currentPage <= 0" ng-click="modal.currentPage = modal.currentPage - 1"><span aria-hidden="true">&laquo;</span><span class="sr-only">Previous</span></a></li>
-                                <li><a>{{modal.currentPage}}/{{ ((modal.targets_filtered.length / modal.pageSize) | integer)}}</a></li>
+                                <li><a>{{modal.currentPage+1}}/{{ ((modal.targets_filtered.length / modal.pageSize) | integer) + 1}}</a></li>
                                 <li><a ng-hide="modal.currentPage >= ((modal.targets_filtered.length / modal.pageSize) | integer)" ng-click="modal.currentPage = modal.currentPage + 1"><span aria-hidden="true">&raquo;</span><span class="sr-only">Next</span></a></li>
                             </ul>
                             <ng-form name="goToPage">

From 552892fe46f47da8326ffd16174d6fa1fc1a8ed0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Mon, 5 Jun 2017 14:18:11 -0300
Subject: [PATCH 24/46] Add release information for #4030

QA #4030
---
 RELEASE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..c6138f09591 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,6 +10,7 @@ New features in the latest update
 
 TBA:
 ---
+* Improved pagination in new vuln modal of status report
 
 
 May 24, 2017:

From d611a1c64d5581ebf84084209fea358a999ffa38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Mon, 5 Jun 2017 14:21:31 -0300
Subject: [PATCH 25/46] Add release information for #3895

---
 RELEASE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RELEASE.md b/RELEASE.md
index 5ea120214b1..245998beef2 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,6 +10,7 @@ New features in the latest update
 
 TBA:
 ---
+* Fixed formula injection vulnerability in export to CSV feature
 
 
 May 24, 2017:

From aa917db0c0ec953302861dceff410f4ae590b0d8 Mon Sep 17 00:00:00 2001
From: Leonardo Lazzaro <leonardol@infobytesec.com>
Date: Mon, 12 Jun 2017 11:50:27 -0300
Subject: [PATCH 26/46] ADD commonsfact htmlentities filter

---
 server/www/scripts/cwe/providers/CweService.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/www/scripts/cwe/providers/CweService.js b/server/www/scripts/cwe/providers/CweService.js
index 2d915967d52..e0fda750f6e 100644
--- a/server/www/scripts/cwe/providers/CweService.js
+++ b/server/www/scripts/cwe/providers/CweService.js
@@ -3,7 +3,7 @@
 // See the file 'doc/LICENSE' for the license information
 
 angular.module('faradayApp')
-    .factory('cweFact', ['BASEURL', '$http', '$q', 'vulnModelsManager', function(BASEURL, $http, $q, vulnModelsManager) {
+    .factory('cweFact', ['BASEURL', '$http', '$q', 'vulnModelsManager', 'commonsFact', function(BASEURL, $http, $q, vulnModelsManager, commonsFact) {
         var cweFact = {};
 
         // XXX: this is still not using the server
@@ -20,8 +20,8 @@ angular.module('faradayApp')
                     var c = {
                         id: obj.id,
                         cwe: obj.doc.cwe,
-                        name: obj.doc.name,
-                        desc: description,
+                        name: commonsFact.htmlentities(obj.doc.name),
+                        desc: commonsFact.htmlentities(description),
                         resolution: obj.doc.resolution,
                         exploitation: obj.doc.exploitation,
                         refs: obj.doc.references

From e394fa2827e90ccfe6f3610fd7113cebba8349f7 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Fri, 16 Jun 2017 16:19:12 -0300
Subject: [PATCH 27/46] Update DB version number

---
 server/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/models.py b/server/models.py
index 2727c39db63..145e142d5fc 100644
--- a/server/models.py
+++ b/server/models.py
@@ -9,7 +9,7 @@
 from sqlalchemy.ext.declarative import declarative_base
 
 
-SCHEMA_VERSION = 'W.2.5.0'
+SCHEMA_VERSION = 'W.2.6.0'
 
 Base = declarative_base()
 

From 1ea44d48a92d8fd208da477cc07c30e88305d748 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Fri, 16 Jun 2017 16:54:50 -0300
Subject: [PATCH 28/46] Fix bug when editing Policy Violations

The user was unable to add more violations in the edit modal.

Also disabled the existing violations and references to avoid
duplication.
---
 server/www/scripts/statusReport/controllers/modalEdit.js | 4 ++--
 server/www/scripts/statusReport/controllers/modalNew.js  | 2 +-
 server/www/scripts/statusReport/partials/modalEdit.html  | 6 +++---
 server/www/scripts/statusReport/partials/modalNew.html   | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalEdit.js b/server/www/scripts/statusReport/controllers/modalEdit.js
index 99d27a90a9a..111e004a6f2 100644
--- a/server/www/scripts/statusReport/controllers/modalEdit.js
+++ b/server/www/scripts/statusReport/controllers/modalEdit.js
@@ -93,7 +93,7 @@ angular.module('faradayApp')
                     vm.file_name_error = true;
                 }
             });
-            vm.icons = commons.loadIcons(vm._attachments); 
+            vm.icons = commons.loadIcons(vm._attachments);
         }
 
         vm.removeEvidence = function(name) {
@@ -104,7 +104,7 @@ angular.module('faradayApp')
         vm.toggleImpact = function(key) {
             vm.data.impact[key] = !vm.data.impact[key];
         };
-        
+
         vm.ok = function() {
             // add the ref in new_ref, if there's any
             vm.newReference();
diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index abc0c59f3b1..882fce192eb 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -170,7 +170,7 @@ angular.module('faradayApp')
             }
         }
 
-        vm.newPolicyviolation = function() {
+        vm.newPolicyViolation = function() {
             if (vm.new_policyviolation != "") {
                 // we need to check if the policy violation already exists
                 if (vm.data.policyviolations.filter(function(policyviolation) {return policyviolation.value === vm.new_policyviolation}).length == 0) {
diff --git a/server/www/scripts/statusReport/partials/modalEdit.html b/server/www/scripts/statusReport/partials/modalEdit.html
index c9d06bb85c4..acab6c1fc77 100644
--- a/server/www/scripts/statusReport/partials/modalEdit.html
+++ b/server/www/scripts/statusReport/partials/modalEdit.html
@@ -75,7 +75,7 @@ <h5>Confirmed</h5>
                 <div class="col-md-12 reference" ng-repeat="reference in modal.data.refs">
                     <div class="input-group margin-bottom-sm">
                         <label class="sr-only" for="vuln-refs">References</label>
-                        <input type="text" class="form-control" id="vuln-refs" placeholder="Reference" ng-model="reference.value"/>
+                        <input type="text" class="form-control" id="vuln-refs" placeholder="Reference" ng-model="reference.value" disabled/>
                         <span class="input-group-addon cursor" ng-click="modal.data.refs.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
                     </div>
                 </div>
@@ -91,13 +91,13 @@ <h5>Confirmed</h5>
                     <div class="input-group margin-bottom-sm">
                         <label class="sr-only" for="vuln-policyviolations">Policy Violations</label>
                         <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violations" ng-model="modal.new_policyviolation"/>
-                        <span class="input-group-addon cursor" ng-click="modal.newPolicyviolation()"><i class="fa fa-plus-circle"></i></span>
+                        <span class="input-group-addon cursor" ng-click="modal.newPolicyViolation()"><i class="fa fa-plus-circle"></i></span>
                     </div>
                 </div>
                 <div class="col-md-12 reference" ng-repeat="policyviolation in modal.data.policyviolations">
                     <div class="input-group margin-bottom-sm">
                         <label class="sr-only" for="vuln-policyviolations">Policy Violation</label>
-                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violation" ng-model="policyviolation.value"/>
+                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violation" ng-model="policyviolation.value" disabled/>
                         <span class="input-group-addon cursor" ng-click="modal.data.policyviolations.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
                     </div>
                 </div>
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index bb02fe84529..13bbc07dbe2 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -116,7 +116,7 @@ <h5>Ease of Resolution</h5>
                 <div class="col-md-12 reference" ng-repeat="reference in modal.data.refs">
                     <div class="input-group margin-bottom-sm">
                         <label class="sr-only" for="vuln-refs">References</label>
-                        <input type="text" class="form-control" id="vuln-refs" placeholder="Reference" ng-model="reference.value"/>
+                        <input type="text" class="form-control" id="vuln-refs" placeholder="Reference" ng-model="reference.value" disabled/>
                         <span class="input-group-addon cursor" ng-click="modal.data.refs.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
                     </div>
                 </div>
@@ -132,13 +132,13 @@ <h5>Ease of Resolution</h5>
                     <div class="input-group margin-bottom-sm">
                         <label class="sr-only" for="vuln-policyviolations">Policy Violations</label>
                         <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violations" ng-model="modal.new_policyviolation"/>
-                        <span class="input-group-addon cursor" ng-click="modal.newPolicyviolation()"><i class="fa fa-plus-circle"></i></span>
+                        <span class="input-group-addon cursor" ng-click="modal.newPolicyViolation()"><i class="fa fa-plus-circle"></i></span>
                     </div>
                 </div>
                 <div class="col-md-12 reference" ng-repeat="policyviolation in modal.data.policyviolations">
                     <div class="input-group margin-bottom-sm">
                         <label class="sr-only" for="vuln-policyviolations">Policy Violation</label>
-                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violation" ng-model="policyviolation.value"/>
+                        <input type="text" class="form-control" id="vuln-policyviolations" placeholder="Policy Violation" ng-model="policyviolation.value" disabled/>
                         <span class="input-group-addon cursor" ng-click="modal.data.policyviolations.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
                     </div>
                 </div>

From 337a73131849ebe5b5bbb3dc8a88cf785acf148c Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Fri, 16 Jun 2017 17:18:07 -0300
Subject: [PATCH 29/46] Add disabled to policy violations in batch edit

---
 server/www/scripts/commons/partials/editArray.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/www/scripts/commons/partials/editArray.html b/server/www/scripts/commons/partials/editArray.html
index 31921480a76..cb7f84d9be3 100644
--- a/server/www/scripts/commons/partials/editArray.html
+++ b/server/www/scripts/commons/partials/editArray.html
@@ -12,7 +12,7 @@ <h5>{{msg}}</h5>
 	        <span class="input-group-addon cursor" ng-click="newValue()"><i class="fa fa-plus-circle"></i></span>
 	    </div>
 	    <div class="input-group margin-bottom-sm reference" ng-repeat="v in data.property">
-	        <input type="text" class="form-control" ng-model="v.value"/>
+	        <input type="text" class="form-control" ng-model="v.value" disabled/>
 	        <span class="input-group-addon cursor" ng-click="data.property.splice($index, 1)"><i class="fa fa-minus-circle"></i></span>
 	    </div>
 	</div>

From f4ea59731a2ba989f98be61464b6603ffeb7729a Mon Sep 17 00:00:00 2001
From: EzequielTBH <ezequieltbh@infobytesec.com>
Date: Fri, 16 Jun 2017 17:25:15 -0300
Subject: [PATCH 30/46] Add RELEASE.md entry.

---
 RELEASE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RELEASE.md b/RELEASE.md
index c1f948defb9..170a51b061a 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -16,6 +16,7 @@ TBA:
 * Fixed formula injection vulnerability in export to CSV feature
 * Fixed DOM-based XSS in the Top Services widget of the dashboard
 * Fix in AppScan plugin.
+* Fix HTML injection in Vulnerability template.
 
 May 24, 2017:
 ---

From 108fdea882949dcd87326828208e8546ceb8307d Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Wed, 21 Jun 2017 18:14:28 -0300
Subject: [PATCH 31/46] Fix alphabetical order in properties

---
 .../scripts/statusReport/controllers/modalNew.js | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index 882fce192eb..2deef74080c 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -57,7 +57,6 @@ angular.module('faradayApp')
 
             vm.data = {
                 _attachments: {},
-                type: "Vulnerability",
                 data: "",
                 desc: "",
                 easeofresolution: undefined,
@@ -67,21 +66,22 @@ angular.module('faradayApp')
                     confidentiality: false,
                     integrity: false
                 },
+                method: "",
                 name: "",
                 owned: false,
+                params: "",
                 parent: undefined,
-                refs: [],
-                resolution: "",
-                severity: undefined,
-                method: "",
                 path: "",
                 pname: "",
-                params: "",
+                policyviolations: [],
                 query: "",
+                refs: [],
                 request: "",
+                resolution: "",
                 response: "",
-                website: "",
-                policyviolations: []
+                severity: undefined,
+                type: "Vulnerability",
+                website: ""
             };
 
             vm.targets = [];

From dbfd75e55d13b2ae1bc87d4b790c565bdea10547 Mon Sep 17 00:00:00 2001
From: EzequielTBH <ezequieltbh@infobytesec.com>
Date: Wed, 21 Jun 2017 19:00:29 -0300
Subject: [PATCH 32/46] Fix identation issue arp-scan plugin

---
 plugins/repo/arp-scan/plugin.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/plugins/repo/arp-scan/plugin.py b/plugins/repo/arp-scan/plugin.py
index a0c2db2479d..66375c39886 100644
--- a/plugins/repo/arp-scan/plugin.py
+++ b/plugins/repo/arp-scan/plugin.py
@@ -55,18 +55,15 @@ def parseOutputString(self, output, debug=False):
 
             for line in output.split('\n'):
                 vals = line.split("\t")
-                
-                #agregue esta linea porque no creaba el servicio
-                if len(vals)==3:
+
+                if len(vals) == 3:
 
                     if len(vals[0].split(".")) == 4:
 
                         host = vals[0]
                         h_id = self.createAndAddHost(host)
-                        i_id = self.createAndAddInterface(
-                            h_id, host, ipv4_address=host, mac=vals[1])
-                            n_id = self.createAndAddNoteToHost(
-                            h_id, "NIC VENDOR:", vals[2])
+                        i_id = self.createAndAddInterface(h_id, host, ipv4_address=host, mac=vals[1])
+                        n_id = self.createAndAddNoteToHost(h_id, "NIC VENDOR:", vals[2])
 
         return True
 

From 40193ddc2e78b3b4dfb32321c194d7f7110db409 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Fri, 23 Jun 2017 17:20:42 -0300
Subject: [PATCH 33/46] Fix clickable parent in accordion heading on new vulns

When creating a new vuln the targets are listed in an accordion. The
action to select a Host parent and to expand a Host to view its children
were bound to the same element, which was a bug.

Fixed it, now clicking on a Host only selects it, while clicking the
plus sign on its side expands the accordion.
---
 server/www/estilos.css                            |  6 ++++++
 .../statusReport/partials/accordion-group.html    | 15 +++++++++++++++
 .../scripts/statusReport/partials/modalNew.html   |  3 +--
 3 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 server/www/scripts/statusReport/partials/accordion-group.html

diff --git a/server/www/estilos.css b/server/www/estilos.css
index 4273e2be327..8ba90ae080c 100644
--- a/server/www/estilos.css
+++ b/server/www/estilos.css
@@ -1137,4 +1137,10 @@ a.button-disable{cursor: not-allowed;pointer-events: none;opacity: 0.5}
 .header_right {
     float: right;
     margin: 8px;
+}
+
+.accordion-expand-button {
+    color: #008000;
+    right: 10px;
+    top: -25px !important;
 }
\ No newline at end of file
diff --git a/server/www/scripts/statusReport/partials/accordion-group.html b/server/www/scripts/statusReport/partials/accordion-group.html
new file mode 100644
index 00000000000..e996ef2a310
--- /dev/null
+++ b/server/www/scripts/statusReport/partials/accordion-group.html
@@ -0,0 +1,15 @@
+<div class="panel panel-default">
+    <div role="tab" id="{{::headingId}}" aria-selected="{{isOpen}}" class="panel-heading" ng-keypress="toggleOpen($event)">
+        <h4 class="panel-title">
+            <span uib-accordion-transclude="heading" class="accordion-toggle" uib-tabindex-toggle>
+                <span uib-accordion-header ng-class="{'text-muted': isDisabled}">
+                    {{heading}}
+                </span>
+                <i class="pull-right glyphicon accordion-expand-button" ng-class="{'glyphicon glyphicon-minus-sign': isOpen, 'glyphicon glyphicon-plus-sign': !isOpen}" ng-disabled="isDisabled" role="button" data-toggle="collapse" href aria-expanded="{{isOpen}}" aria-controls="{{::panelId}}" tabindex="0" ng-click="toggleOpen()" ></i>
+            </span>
+        </h4>
+    </div>
+    <div id="{{::panelId}}" aria-labelledby="{{::headingId}}" aria-hidden="{{!isOpen}}" role="tabpanel" class="panel-collapse collapse" uib-collapse="!isOpen">
+        <div class="panel-body" ng-transclude></div>
+    </div>
+</div>
\ No newline at end of file
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index 0edae8b458d..bc7c0b29551 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -27,10 +27,9 @@ <h5>Target</h5>
             <div class="form-group">
                 <div class="col-md-12">
                     <uib-accordion close-others="true">
-                        <uib-accordion-group is-open="isopen" ng-repeat="host in modal.targets_filtered = (modal.targets | filter:modal.target_filter) | startFrom:modal.currentPage*modal.pageSize | limitTo:modal.pageSize">
+                        <uib-accordion-group is-open="isopen" ng-repeat="host in modal.targets_filtered = (modal.targets | filter:modal.target_filter) | startFrom:modal.currentPage*modal.pageSize | limitTo:modal.pageSize" template-url="scripts/statusReport/partials/accordion-group.html">
                             <uib-accordion-heading>
                                 <a ng-click="modal.setTarget(host)" ng-class="{'multi-selected': modal.data.parents.indexOf(host) >= 0}">{{host.name}} ({{host.hostnames[0]}})</a>
-                                <i class="pull-right glyphicon" ng-class="{'glyphicon glyphicon-minus-sign': isopen, 'glyphicon glyphicon-plus-sign': !isopen}"></i>
                             </uib-accordion-heading>
                             <div class="panel-body" ng-repeat="service in host.services">
                                 <a ng-model="service" ng-click="modal.setTarget(service)" ng-class="{'multi-selected': modal.data.parents.indexOf(service) >= 0}">{{service.name}}  {{service.ports}}</a>

From fa70cdb17077d45890468d084f3f7373e386bd8b Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Mon, 26 Jun 2017 12:50:02 -0300
Subject: [PATCH 34/46] Add "select page" button to target selection new vuln

When creating a new vulnerability, the "select all" button selects all
targets on all pages. Added a button to select only the current page,
whether its all paginated hosts or the result of a search.
---
 server/www/scripts/statusReport/controllers/modalNew.js | 9 +++++++++
 server/www/scripts/statusReport/partials/modalNew.html  | 5 +++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index b7fd8a96f7f..c02cd6e79e2 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -144,6 +144,15 @@ angular.module('faradayApp')
             vm.host_parents = false;
         };
 
+        vm.setPageTargets = function(start) {
+            var end = start + vm.pageSize;
+
+            vm.data.parents = vm.targets_filtered.slice(start, end);
+            vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
+                return elem.type === 'Host';
+            });
+        };
+
         vm.setAllTargets = function() {
             vm.data.parents = vm.targets;
             vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index bc7c0b29551..7ae356fc600 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -14,14 +14,15 @@ <h3 class="modal-title">Vulnerability creation</h3>
         <div class="form-horizontal">
             <h5>Target</h5>
             <div class="form-group">
-                <div class="col-md-9">
+                <div class="col-md-8">
                     <div class="form-group input-accordion">
                         <input type="text" ng-model="modal.target_filter" class="form-control input-sm" placeholder="Search targets" ng-change="modal.currentPage = 0">
                     </div>
                 </div>
-                <div class="col-md-3">
+                <div class="col-md-4">
                     <input class="btn btn-default btn-sm" type="button" value="Deselect all" ng-click="modal.resetTarget()">
                     <input class="btn btn-default btn-sm" type="button" value="Select all" ng-click="modal.setAllTargets()">
+                    <input class="btn btn-default btn-sm" type="button" value="Select page" ng-click="modal.setPageTargets(modal.currentPage*modal.pageSize)">
                 </div>
             </div>
             <div class="form-group">

From fc3f4579aa55d38b094b55416896e45ec0ef4ced Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Mon, 26 Jun 2017 14:54:40 -0300
Subject: [PATCH 35/46] Fix targets accordion bugs in new vuln

The target hosts that didn't have services still opened an empty
accordion panel, which didn't make sense. Removed the expand button for
those.

Also, the "select all" and "select page" buttons only selected Host
targets. Now they select both Host and Service targets.
---
 server/www/estilos.css                        |  4 ++++
 .../statusReport/controllers/modalNew.js      | 23 ++++++++++++-------
 .../partials/accordion-group.html             |  2 +-
 .../statusReport/partials/modalNew.html       |  6 ++---
 4 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/server/www/estilos.css b/server/www/estilos.css
index 8ba90ae080c..8ee1da0ca2f 100644
--- a/server/www/estilos.css
+++ b/server/www/estilos.css
@@ -1143,4 +1143,8 @@ a.button-disable{cursor: not-allowed;pointer-events: none;opacity: 0.5}
     color: #008000;
     right: 10px;
     top: -25px !important;
+}
+
+.accordion-expand-button-disabled {
+    display: none !important;
 }
\ No newline at end of file
diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index c02cd6e79e2..768ae1f1d73 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -144,17 +144,24 @@ angular.module('faradayApp')
             vm.host_parents = false;
         };
 
-        vm.setPageTargets = function(start) {
-            var end = start + vm.pageSize;
+        vm.setPageTargets = function(filter, start, size) {
+            var end = start + size,
+            targets = vm.targets;
 
-            vm.data.parents = vm.targets_filtered.slice(start, end);
-            vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
-                return elem.type === 'Host';
+            if(filter) {
+                targets = vm.targets_filtered;
+            }
+
+            targets = targets.slice(start, end);
+
+            vm.data.parents = targets;
+
+            vm.targets.forEach(function(target) {
+                if(target.type === 'Host' && target.services.length > 0) {
+                    vm.data.parents = vm.data.parents.concat(target.services);
+                }
             });
-        };
 
-        vm.setAllTargets = function() {
-            vm.data.parents = vm.targets;
             vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
                 return elem.type === 'Host';
             });
diff --git a/server/www/scripts/statusReport/partials/accordion-group.html b/server/www/scripts/statusReport/partials/accordion-group.html
index e996ef2a310..eda6bf222c7 100644
--- a/server/www/scripts/statusReport/partials/accordion-group.html
+++ b/server/www/scripts/statusReport/partials/accordion-group.html
@@ -5,7 +5,7 @@ <h4 class="panel-title">
                 <span uib-accordion-header ng-class="{'text-muted': isDisabled}">
                     {{heading}}
                 </span>
-                <i class="pull-right glyphicon accordion-expand-button" ng-class="{'glyphicon glyphicon-minus-sign': isOpen, 'glyphicon glyphicon-plus-sign': !isOpen}" ng-disabled="isDisabled" role="button" data-toggle="collapse" href aria-expanded="{{isOpen}}" aria-controls="{{::panelId}}" tabindex="0" ng-click="toggleOpen()" ></i>
+                <i class="pull-right glyphicon accordion-expand-button" ng-class="{'glyphicon glyphicon-minus-sign': isOpen, 'glyphicon glyphicon-plus-sign': !isOpen, 'accordion-expand-button-disabled': isDisabled}" ng-disabled="isDisabled" role="button" data-toggle="collapse" href aria-expanded="{{isOpen}}" aria-controls="{{::panelId}}" tabindex="0" ng-click="toggleOpen()"></i>
             </span>
         </h4>
     </div>
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index 7ae356fc600..a03ebd943d6 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -21,14 +21,14 @@ <h5>Target</h5>
                 </div>
                 <div class="col-md-4">
                     <input class="btn btn-default btn-sm" type="button" value="Deselect all" ng-click="modal.resetTarget()">
-                    <input class="btn btn-default btn-sm" type="button" value="Select all" ng-click="modal.setAllTargets()">
-                    <input class="btn btn-default btn-sm" type="button" value="Select page" ng-click="modal.setPageTargets(modal.currentPage*modal.pageSize)">
+                    <input class="btn btn-default btn-sm" type="button" value="Select all" ng-click="modal.setPageTargets(false, 0, modal.targets.length)">
+                    <input class="btn btn-default btn-sm" type="button" value="Select page" ng-click="modal.setPageTargets(true, modal.currentPage*modal.pageSize, modal.pageSize)">
                 </div>
             </div>
             <div class="form-group">
                 <div class="col-md-12">
                     <uib-accordion close-others="true">
-                        <uib-accordion-group is-open="isopen" ng-repeat="host in modal.targets_filtered = (modal.targets | filter:modal.target_filter) | startFrom:modal.currentPage*modal.pageSize | limitTo:modal.pageSize" template-url="scripts/statusReport/partials/accordion-group.html">
+                        <uib-accordion-group is-open="isopen" ng-repeat="host in modal.targets_filtered = (modal.targets | filter:modal.target_filter) | startFrom:modal.currentPage*modal.pageSize | limitTo:modal.pageSize" template-url="scripts/statusReport/partials/accordion-group.html" is-disabled="host.services.length < 1">
                             <uib-accordion-heading>
                                 <a ng-click="modal.setTarget(host)" ng-class="{'multi-selected': modal.data.parents.indexOf(host) >= 0}">{{host.name}} ({{host.hostnames[0]}})</a>
                             </uib-accordion-heading>

From 2503dd47ed740d6ab132431f2c73b465341d70c3 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Tue, 27 Jun 2017 18:36:40 -0300
Subject: [PATCH 36/46] Fix typo

---
 server/www/scripts/statusReport/controllers/modalNew.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index 768ae1f1d73..2644a180f7f 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -156,7 +156,7 @@ angular.module('faradayApp')
 
             vm.data.parents = targets;
 
-            vm.targets.forEach(function(target) {
+            targets.forEach(function(target) {
                 if(target.type === 'Host' && target.services.length > 0) {
                     vm.data.parents = vm.data.parents.concat(target.services);
                 }

From 6cd4e0c910b58ef6ce1d590a79cc284afaed1063 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 29 Jun 2017 10:18:51 -0300
Subject: [PATCH 37/46] Update target selection in new vuln modal

Collapse selection button in a dropdown button to avoid clutter.
---
 .../statusReport/partials/modalNew.html       | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index a03ebd943d6..53374fb8e9f 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -14,15 +14,31 @@ <h3 class="modal-title">Vulnerability creation</h3>
         <div class="form-horizontal">
             <h5>Target</h5>
             <div class="form-group">
-                <div class="col-md-8">
+                <div class="col-md-10">
                     <div class="form-group input-accordion">
                         <input type="text" ng-model="modal.target_filter" class="form-control input-sm" placeholder="Search targets" ng-change="modal.currentPage = 0">
                     </div>
                 </div>
-                <div class="col-md-4">
-                    <input class="btn btn-default btn-sm" type="button" value="Deselect all" ng-click="modal.resetTarget()">
-                    <input class="btn btn-default btn-sm" type="button" value="Select all" ng-click="modal.setPageTargets(false, 0, modal.targets.length)">
-                    <input class="btn btn-default btn-sm" type="button" value="Select page" ng-click="modal.setPageTargets(true, modal.currentPage*modal.pageSize, modal.pageSize)">
+                <div class="col-md-2">
+                    <div class="btn-group btn-small-margin">
+                        <button type="button" class="btn btn-default btn-sm" title="Select page" ng-click="modal.setPageTargets(true, modal.currentPage*modal.pageSize, modal.pageSize)">
+                            Select page
+                        </button>
+                        <button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown" title="Select options">
+                            <span class="caret"></span>
+                        </button>
+                        <ul class="dropdown-menu dropdown-menu-right" role="menu">
+                            <li ng-show="modal.target_filter && modal.targets_filtered.length > 0">
+                                <a class="ws" ng-click="modal.setPageTargets(true, 0, modal.targets_filtered.length)">Select all in search</a>
+                            </li>
+                            <li>
+                                <a class="ws" ng-click="modal.setPageTargets(false, 0, modal.targets.length)">Select all hosts</a>
+                            </li>
+                            <li>
+                                <a class="ws" ng-click="modal.resetTarget()">Deselect all</a>
+                            </li>
+                        </ul>
+                    </div><!-- .btn-group -->
                 </div>
             </div>
             <div class="form-group">

From 92cb4b2bdb6f7bc3efafbf7588b6f405b6d84866 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 29 Jun 2017 11:35:49 -0300
Subject: [PATCH 38/46] Fix target selection

---
 .../statusReport/controllers/modalNew.js        | 17 ++---------------
 .../scripts/statusReport/partials/modalNew.html |  8 ++++----
 2 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index 2644a180f7f..ec1df57cb51 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -139,12 +139,7 @@ angular.module('faradayApp')
             $modalInstance.dismiss('cancel');
         };
 
-        vm.resetTarget = function () {
-            vm.data.parents = [];
-            vm.host_parents = false;
-        };
-
-        vm.setPageTargets = function(filter, start, size) {
+        vm.setTargets = function(filter, start, size) {
             var end = start + size,
             targets = vm.targets;
 
@@ -152,15 +147,7 @@ angular.module('faradayApp')
                 targets = vm.targets_filtered;
             }
 
-            targets = targets.slice(start, end);
-
-            vm.data.parents = targets;
-
-            targets.forEach(function(target) {
-                if(target.type === 'Host' && target.services.length > 0) {
-                    vm.data.parents = vm.data.parents.concat(target.services);
-                }
-            });
+            vm.data.parents = targets.slice(start, end);
 
             vm.host_parents = vm.data.parents.some(function(elem, ind, arr) {
                 return elem.type === 'Host';
diff --git a/server/www/scripts/statusReport/partials/modalNew.html b/server/www/scripts/statusReport/partials/modalNew.html
index 53374fb8e9f..a619b6cf72f 100644
--- a/server/www/scripts/statusReport/partials/modalNew.html
+++ b/server/www/scripts/statusReport/partials/modalNew.html
@@ -21,7 +21,7 @@ <h5>Target</h5>
                 </div>
                 <div class="col-md-2">
                     <div class="btn-group btn-small-margin">
-                        <button type="button" class="btn btn-default btn-sm" title="Select page" ng-click="modal.setPageTargets(true, modal.currentPage*modal.pageSize, modal.pageSize)">
+                        <button type="button" class="btn btn-default btn-sm" title="Select page" ng-click="modal.setTargets(true, modal.currentPage*modal.pageSize, modal.pageSize)">
                             Select page
                         </button>
                         <button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown" title="Select options">
@@ -29,13 +29,13 @@ <h5>Target</h5>
                         </button>
                         <ul class="dropdown-menu dropdown-menu-right" role="menu">
                             <li ng-show="modal.target_filter && modal.targets_filtered.length > 0">
-                                <a class="ws" ng-click="modal.setPageTargets(true, 0, modal.targets_filtered.length)">Select all in search</a>
+                                <a class="ws" ng-click="modal.setTargets(true, 0, modal.targets_filtered.length)">Select all hosts in search</a>
                             </li>
                             <li>
-                                <a class="ws" ng-click="modal.setPageTargets(false, 0, modal.targets.length)">Select all hosts</a>
+                                <a class="ws" ng-click="modal.setTargets(false, 0, modal.targets.length)">Select all hosts</a>
                             </li>
                             <li>
-                                <a class="ws" ng-click="modal.resetTarget()">Deselect all</a>
+                                <a class="ws" ng-click="modal.setTargets(false, 0, 0)">Clear selection</a>
                             </li>
                         </ul>
                     </div><!-- .btn-group -->

From 90ab495a33d05bc9615605c703d2e00543f2e183 Mon Sep 17 00:00:00 2001
From: Leonardo Lazzaro <leonardol@infobytesec.com>
Date: Fri, 30 Jun 2017 15:47:31 -0300
Subject: [PATCH 39/46] Fix a problem with the path resolution

When faraday-server is executed from a path outside the FARADAY_BASE
some paths are incorrect.
---
 faraday-server.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/faraday-server.py b/faraday-server.py
index 6f462b5cd34..646a3993fa8 100755
--- a/faraday-server.py
+++ b/faraday-server.py
@@ -2,10 +2,10 @@
 # Faraday Penetration Test IDE
 # Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 # See the file 'doc/LICENSE' for the license information
-import argparse
 import os
-import subprocess
 import sys
+import argparse
+import subprocess
 
 import server.config
 import server.couchdb
@@ -13,6 +13,7 @@
 from server.utils import daemonize
 from utils import dependencies
 from utils.user_input import query_yes_no
+from faraday import FARADAY_BASE
 
 logger = server.utils.logger.get_logger(__name__)
 
@@ -87,6 +88,7 @@ def run_server(args):
 
 
 def main():
+    os.chdir(FARADAY_BASE)
     parser = argparse.ArgumentParser()
     parser.add_argument('--ssl', action='store_true', help='enable HTTPS')
     parser.add_argument('--debug', action='store_true', help='run Faraday Server in debug mode')

From 462c6523c9e8404eaf568c416e3ee3aa56ae9a0e Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Sat, 1 Jul 2017 14:12:06 -0300
Subject: [PATCH 40/46] Fix failed merge

Policy Violation and Multiple Targets branches created a conflict that
wasn't solved properly.

Also, there was a bug when a Policy Violation was added without clicking
the plus button, fixed it.
---
 server/www/scripts/statusReport/controllers/modalNew.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/server/www/scripts/statusReport/controllers/modalNew.js b/server/www/scripts/statusReport/controllers/modalNew.js
index 99020ec42f5..df9e4647382 100644
--- a/server/www/scripts/statusReport/controllers/modalNew.js
+++ b/server/www/scripts/statusReport/controllers/modalNew.js
@@ -121,6 +121,7 @@ angular.module('faradayApp')
         vm.ok = function() {
             // add the ref in new_ref, if there's any
             vm.newReference();
+            vm.newPolicyViolation();
 
             // convert refs to an array of strings
             var refs = [];
@@ -135,9 +136,6 @@ angular.module('faradayApp')
             });
             vm.data.policyviolations = policyviolations;
 
-            // delete selection
-            delete vm.data.parent.selected_modalNewCtrl;
-
             var parents = vm.data.parents;
             vm.data.parents = [];
             parents.forEach(function(parent) {

From 5ce2e76130202c15f59dfea1eabe95e9c9aa6353 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 6 Jul 2017 11:10:02 -0300
Subject: [PATCH 41/46] Update files for release

---
 AUTHORS            | 2 +-
 RELEASE.md         | 2 +-
 VERSION            | 2 +-
 config/default.xml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index 6a8d7e1136c..1270fe73451 100755
--- a/AUTHORS
+++ b/AUTHORS
@@ -20,6 +20,7 @@ Project contributors
     * Andres Tarantini
     * Brice Samulenok
     * Elian Gidoni
+    * Endrigo Antonini
     * Federico Fernandez
     * James Jara
     * Juan Urbano
@@ -33,4 +34,3 @@ Project contributors
     * tsxltjecwb
     * Ulisses Albuquerque
     * xtr4nge
-    * Endrigo Antonini
diff --git a/RELEASE.md b/RELEASE.md
index 0a908482233..04c7c56ec3c 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -8,7 +8,7 @@ Make sure you run ```./faraday.py --update``` the first time after an update!
 New features in the latest update
 =====================================
 
-TBA:
+July 7, 2017:
 ---
 * Added the ability to select more than one target when creating a vuln in the Web UI
 * Merged PR #182 - problems with zonatransfer.me
diff --git a/VERSION b/VERSION
index 437459cd94c..e70b4523ae7 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.5.0
+2.6.0
diff --git a/config/default.xml b/config/default.xml
index bc492f1033c..ee2f3f405e6 100644
--- a/config/default.xml
+++ b/config/default.xml
@@ -2,7 +2,7 @@
 <faraday>
 
     <appname>Faraday - Penetration Test IDE</appname>
-    <version>2.5.0</version>
+    <version>2.6.0</version>
     <debug_status>0</debug_status>
     <font>-Misc-Fixed-medium-r-normal-*-12-100-100-100-c-70-iso8859-1</font>
     <home_path>~/</home_path>

From 050266d6b08f0dd9bfabfb98dd5d1996a942787b Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 6 Jul 2017 16:13:07 -0300
Subject: [PATCH 42/46] Add links to Tasks feature from commercial versions

---
 server/www/scripts/app.js                           | 5 +++++
 server/www/scripts/commons/partials/home.html       | 8 ++++++++
 server/www/scripts/navigation/partials/leftBar.html | 5 +++++
 3 files changed, 18 insertions(+)

diff --git a/server/www/scripts/app.js b/server/www/scripts/app.js
index 9f415e8678c..dd6e84d5e92 100644
--- a/server/www/scripts/app.js
+++ b/server/www/scripts/app.js
@@ -261,6 +261,11 @@ faradayApp.config(['$routeProvider', 'ngClipProvider', '$uibTooltipProvider',
             templateUrl: 'scripts/commons/partials/commercial.html',
             controller: 'commercialCtrl'
         }).
+        when('/taskgroup', {
+            templateUrl: 'scripts/commons/partials/commercial.html',
+            controller: 'commercialCtrl',
+            title: 'Methodologies | '
+        }).
         otherwise({
             templateUrl: 'scripts/commons/partials/home.html'
         });
diff --git a/server/www/scripts/commons/partials/home.html b/server/www/scripts/commons/partials/home.html
index c0c4e7e2cb1..e52faa7995d 100644
--- a/server/www/scripts/commons/partials/home.html
+++ b/server/www/scripts/commons/partials/home.html
@@ -51,6 +51,14 @@ <h2 class="ws-label">
                         <strong>Manage reports</strong>
                     </small>
                 </a>
+                <a href="#/taskgroup" class="ws-link item animated flipInX">
+                        <i class="fa fa-tasks fa-4x icons-color-home"></i>
+                        <span class="ws-name">Tasks</span>
+                        <small>
+                            Control all your tasks.<br/>
+                            <strong>Plan your Job</strong>
+                        </small>
+                </a>
                 <a href="#/communication" class="ws-link item animated flipInX">
                     <img src="images/ico-communication.svg" />
                     <span class="ws-name">Chat</span>
diff --git a/server/www/scripts/navigation/partials/leftBar.html b/server/www/scripts/navigation/partials/leftBar.html
index e9296dd2702..70666631716 100644
--- a/server/www/scripts/navigation/partials/leftBar.html
+++ b/server/www/scripts/navigation/partials/leftBar.html
@@ -29,6 +29,11 @@
                     <img src="images/ico-executive-menu.svg" alt="Executive Report"/>
                 </a>
             </li>
+            <li>
+                <a href="#/taskgroup" class="executive-report" style="color: #ffffff !important" uib-tooltip="Tasks" tooltip-placement="right">
+                    <i class="fa fa-tasks host"></i>
+                </a>
+            </li>
             <li>
                 <a href="#/communication" class="executive-report" style="color: #ffffff !important" uib-tooltip="Chat" tooltip-placement="right">
                     <img src="images/ico-communication-menu.svg" alt="Communication"/>

From e90e428dae15b50aef13c5a57fe8b6b7ecbd955d Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 6 Jul 2017 17:02:37 -0300
Subject: [PATCH 43/46] Add people to AUTHORS

---
 AUTHORS | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index 1270fe73451..84d7816dfc5 100755
--- a/AUTHORS
+++ b/AUTHORS
@@ -9,9 +9,12 @@ The PRIMARY AUTHORS are:
     * Franco Linares
     * German Riera 
     * Joaquín López Pereyra
+    * Leonardo Lazzaro
     * Martín Rocha
     * Matias Ariel Ré Medina
+    * Matias Lang
     * Micaela Ranea Sánchez
+    * Sebastian Kulesz
 
 Project contributors
 
@@ -23,12 +26,12 @@ Project contributors
     * Endrigo Antonini
     * Federico Fernandez
     * James Jara
+    * Jorge Luis Gonzalez Iznaga
     * Juan Urbano
     * Korantin Auguste
     * Martin Tartarelli
     * Ronald Iraheta
     * Roberto Focke
-    * Sebastian Kulesz
     * Sliim
     * Thierry Beauquier
     * tsxltjecwb

From 85b5eb8bb45819c0d75aeaacef31a3e2c6b88786 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Thu, 6 Jul 2017 17:40:21 -0300
Subject: [PATCH 44/46] Fix version tooltip for the logo in the Web UI

The image title was overlapping with the tooltip.
---
 server/www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/www/index.html b/server/www/index.html
index 55d9dabd74b..070f187447c 100644
--- a/server/www/index.html
+++ b/server/www/index.html
@@ -65,7 +65,7 @@
     <div id="cont">
         <div class="wrapper" ng-controller="indexCtrl">
             <header class="head">
-                <a href="#" class="ws-dashboard" uib-tooltip="{{version}}" tooltip-placement="bottom"><img class="logo animated fadeInDown" title="{{version}}" src="images/logo-faraday.svg" alt="Faraday home | WS Dashboard"/></a>
+                <a href="#" class="ws-dashboard" uib-tooltip="{{version}}" tooltip-placement="bottom"><img class="logo animated fadeInDown" src="images/logo-faraday.svg" alt="Faraday home | WS Dashboard"/></a>
                 <div class="btn-group dropdown header_right" uib-dropdown="" is-open="status.isopen">
                     <button id="single-button" type="button" class="btn btn-default dropdown-toggle" uib-dropdown-toggle="" ng-disabled="disabled" aria-haspopup="true" aria-expanded="true">
                         <i class="fa fa-cog fa-lg"></i> <span class="caret"></span>

From d3f0cfbb774ac1cdac9c07cde68b9db4baa0f0c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Lang?= <matiasl@infobytesec.com>
Date: Thu, 6 Jul 2017 17:57:35 -0300
Subject: [PATCH 45/46] Fix top services modal bug

Service name wasn't cleared correctly
---
 server/www/scripts/d3/directives/bar.js     | 4 ++++
 server/www/scripts/d3/directives/cake.js    | 4 ++++
 server/www/scripts/d3/directives/treemap.js | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/server/www/scripts/d3/directives/bar.js b/server/www/scripts/d3/directives/bar.js
index d1199b5648f..8e839c67a24 100644
--- a/server/www/scripts/d3/directives/bar.js
+++ b/server/www/scripts/d3/directives/bar.js
@@ -84,6 +84,10 @@ angular.module('faradayApp')
                     var colored = document.createElement('div');
                     colored.style = "background-color:" + d.color; // Color is safe (its value is in a whitelist)
                     colored.innerText = name;
+                    while (element.firstChild) {
+                        // https://stackoverflow.com/questions/3955229/remove-all-child-elements-of-a-dom-node-in-javascript
+                        element.removeChild(element.firstChild);
+                    }
                     element.appendChild(colored);
                     element.appendChild(document.createTextNode(d.value));
                 })
diff --git a/server/www/scripts/d3/directives/cake.js b/server/www/scripts/d3/directives/cake.js
index 79ab0161d11..b056dce34d1 100644
--- a/server/www/scripts/d3/directives/cake.js
+++ b/server/www/scripts/d3/directives/cake.js
@@ -104,6 +104,10 @@ angular.module('faradayApp')
                     var colored = document.createElement('div');
                     colored.style = "background-color:" + d.color; // Color is safe (its value is in a whitelist)
                     colored.innerText = d.key;
+                    while (element.firstChild) {
+                        // https://stackoverflow.com/questions/3955229/remove-all-child-elements-of-a-dom-node-in-javascript
+                        element.removeChild(element.firstChild);
+                    }
                     element.appendChild(colored);
                     element.appendChild(document.createTextNode(d.value));
                 })
diff --git a/server/www/scripts/d3/directives/treemap.js b/server/www/scripts/d3/directives/treemap.js
index 05f92e44b4a..0583e8b3ef9 100644
--- a/server/www/scripts/d3/directives/treemap.js
+++ b/server/www/scripts/d3/directives/treemap.js
@@ -95,6 +95,10 @@ angular.module('faradayApp')
                   var colored = document.createElement('div');
                   colored.style = "background-color:" + d.color; // Color is safe (its value is in a whitelist)
                   colored.innerText = d.name;
+                  while (element.firstChild) {
+                      // https://stackoverflow.com/questions/3955229/remove-all-child-elements-of-a-dom-node-in-javascript
+                      element.removeChild(element.firstChild);
+                  }
                   element.appendChild(colored);
                   element.appendChild(document.createTextNode(d.count));
               })

From 9bccf7ea4a5bf0b38f6bc553b00f526ba8261851 Mon Sep 17 00:00:00 2001
From: micabot <mranea@infobytesec.com>
Date: Tue, 18 Jul 2017 19:48:16 -0300
Subject: [PATCH 46/46] Update release date

---
 RELEASE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RELEASE.md b/RELEASE.md
index 04c7c56ec3c..eab3833ae12 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -8,7 +8,7 @@ Make sure you run ```./faraday.py --update``` the first time after an update!
 New features in the latest update
 =====================================
 
-July 7, 2017:
+July 19, 2017:
 ---
 * Added the ability to select more than one target when creating a vuln in the Web UI
 * Merged PR #182 - problems with zonatransfer.me