def mutate(self, info, **parameters):
finding_id = parameters.get('finding_id')
project_name = get_finding_project_name(finding_id)
user_info = util.get_jwt_content(info.context)
success = verify_vulnerabilities(
finding_id, user_info['user_email'],
str.join(' ', [
user_info.get('first_name', ''),
user_info.get('last_name', '')
]), info, parameters)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Verified a request '
f'in finding_id: {finding_id}')
return VerifyRequestVuln(success=success)
def mutate(self, info, finding_id, **parameters):
project_name = finding_domain.get_finding(finding_id)['projectName']
user_mail = util.get_jwt_content(info.context)['user_email']
if parameters.get('acceptance_status') == '':
del parameters['acceptance_status']
historic_treatment = finding_domain.get_finding(
finding_id)['historicTreatment']
last_state = {
key: value
for key, value in historic_treatment[-1].items()
if key not in ['date', 'user']
}
new_state = {
key: value
for key, value in parameters.items() if key != 'bts_url'
}
bts_changed, treatment_changed = True, True
Status = namedtuple('Status', 'bts_changed treatment_changed')
if not finding_domain.compare_historic_treatments(
last_state, new_state):
treatment_changed = False
if ('externalBts' in finding_domain.get_finding(finding_id)
and parameters.get('bts_url')
== finding_domain.get_finding(finding_id)['externalBts']):
bts_changed = False
update = Status(bts_changed=bts_changed,
treatment_changed=treatment_changed)
if not any(list(update)):
raise GraphQLError(
'It cant be updated a finding with same values it already has')
success = finding_domain.update_client_description(
finding_id, parameters, user_mail, update)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Updated treatment in '
f'finding {finding_id} succesfully')
util.forces_trigger_deployment(project_name)
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to update '
f'treatment in finding {finding_id}')
findings_loader = info.context.loaders['finding']
return UpdateClientDescription(
finding=findings_loader.load(finding_id), success=success)
def mutate(self, info, finding_id: str, justification: str,
vulnerabilities: List) -> object:
project_name = get_finding_project_name(finding_id)
user_info = util.get_jwt_content(info.context)
success = request_verification(
finding_id, user_info['user_email'],
str.join(' ', [
user_info.get('first_name', ''),
user_info.get('last_name', '')
]), justification, cast(_List[str], vulnerabilities))
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Verified a request '
f'in finding_id: {finding_id}')
return RequestVerificationVuln(success=success)
def mutate(self, info, evidence_id, finding_id, file):
success = False
if finding_domain.validate_evidence(evidence_id, file):
success = finding_domain.update_evidence(finding_id, evidence_id,
file)
if success:
util.invalidate_cache(finding_id)
util.cloudwatch_log(
info.context, 'Security: Updated evidence in finding '
f'{finding_id} succesfully')
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to update evidence in '
f'finding {finding_id}')
return UpdateEvidence(success=success)
def mutate(self, info, finding_id, **parameters):
success = finding_domain.update_description(finding_id, parameters)
if success:
project_name = finding_domain.get_finding(
finding_id)['projectName']
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Updated description in\
finding {id} succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to update \
description in finding {id}'.format(id=finding_id))
findings_loader = info.context.loaders['finding']
ret = UpdateDescription(finding=findings_loader.load(finding_id),
success=success)
return ret
def project_to_pdf(request, lang, project, doctype):
"Export a project to a PDF"
assert project.strip()
if not has_access_to_project(request.session['username'],
project, request.session['role']):
util.cloudwatch_log(request, 'Security: Attempted to export project'
' pdf without permission')
return util.response([], 'Access denied', True)
else:
user = request.session['username'].split('@')[0]
validator = validation_project_to_pdf(request, lang, doctype)
if validator is not None:
return validator
findings = finding_domain.get_findings(
project_domain.list_findings(project.lower()))
findings = [cast_new_vulnerabilities(
get_open_vuln_by_type(finding['findingId'], request), finding)
for finding in findings]
description = project_domain.get_description(project.lower())
pdf_maker = CreatorPDF(lang, doctype)
secure_pdf = SecurePDF()
findings_ord = util.ord_asc_by_criticidad(findings)
findings = pdf_evidences(findings_ord)
report_filename = ''
if doctype == 'tech':
pdf_maker.tech(findings, project, description)
report_filename = secure_pdf.create_full(user,
pdf_maker.out_name,
project)
else:
return HttpResponse(
'Disabled report generation', content_type='text/html')
if not os.path.isfile(report_filename):
rollbar.report_message(
'Couldn\'t generate pdf report', 'error', request)
return HttpResponse(
'Couldn\'t generate pdf report', content_type='text/html')
with open(report_filename, 'rb') as document:
response = HttpResponse(document.read(),
content_type='application/pdf')
response['Content-Disposition'] = \
'inline;filename={}_IT.pdf'.format(project)
return response
def mutate(self, info, **query_args):
project_name = query_args.get('project_name')
success = False
user_data = util.get_jwt_content(info.context)
role = get_user_role(user_data)
new_user_data = {
'email': query_args.get('email'),
'organization': query_args.get('organization'),
'responsibility': query_args.get('responsibility', '-'),
'role': query_args.get('role'),
'phone_number': query_args.get('phone_number', '')
}
if (role == 'admin'
and new_user_data['role'] in ['admin', 'analyst', 'customer', 'customeradmin']) \
or (is_customeradmin(project_name, user_data['user_email'])
and new_user_data['role'] in ['customer', 'customeradmin']):
if create_new_user(info.context, new_user_data, project_name):
success = True
else:
rollbar.report_message(
'Error: Couldn\'t grant access to project', 'error',
info.context)
else:
rollbar.report_message(
'Error: Invalid role provided: ' + new_user_data['role'],
'error', info.context)
if success:
util.invalidate_cache(project_name)
util.invalidate_cache(query_args.get('email'))
util.cloudwatch_log(
info.context, 'Security: Given grant access to {user} \
in {project} project'.format(user=query_args.get('email'),
project=project_name))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to give grant \
access to {user} in {project} project'.format(
user=query_args.get('email'), project=project_name))
ret = \
GrantUserAccess(success=success,
granted_user=User(project_name,
new_user_data['email']))
return ret
def verify_and_call(*args, **kwargs):
context = args[1].context
user_data = util.get_jwt_content(context)
user_data['role'] = get_user_role(user_data)
project_name = resolve_project_name(args, kwargs)
project_data = resolve_project_data(project_name)
action = '{}.{}'.format(func.__module__, func.__qualname__)
action = action.replace('.', '_')
try:
if not ENFORCER_ACTION.enforce(user_data, project_data, action):
util.cloudwatch_log(
context, 'Security: \
Unauthorized role attempted to perform operation')
raise GraphQLError('Access denied')
except AttributeDoesNotExist:
util.cloudwatch_log(
context, 'Security: \
Unauthorized role attempted to perform operation')
raise GraphQLError('Access denied')
return func(*args, **kwargs)
def mutate(self, info, finding_id, evidence_id, description):
success = False
try:
success = finding_domain.update_evidence_description(
finding_id, evidence_id, description)
if success:
util.invalidate_cache(finding_id)
util.cloudwatch_log(
info.context, 'Security: Evidence description \
succesfully updated in finding ' + finding_id)
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to update \
evidence description in ' + finding_id)
except KeyError:
rollbar.report_message(
'Error: \
An error occurred updating evidence description', 'error', info.context)
return UpdateEvidenceDescription(success=success)
def mutate(self, info, **parameters):
finding_id = parameters.get('finding_id')
project = finding_domain.get_project(finding_id)
success = False
success = finding_domain.save_severity(parameters.get('data'))
findings_loader = info.context.loaders['finding']
ret = UpdateSeverity(finding=findings_loader.load(finding_id),
success=success)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project)
util.cloudwatch_log(
info.context, 'Security: Updated severity in\
finding {id} succesfully'.format(
id=parameters.get('finding_id')))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to update \
severity in finding {id}'.format(
id=parameters.get('finding_id')))
return ret
def mutate(self, info, project_name: str, user_email: str) -> object:
success = False
project_domain.remove_user_access(project_name, user_email,
'customeradmin')
success = project_domain.remove_access(user_email, project_name)
removed_email = user_email if success else None
if success:
util.invalidate_cache(project_name)
util.invalidate_cache(user_email)
util.cloudwatch_log(
info.context, 'Security: Removed user: {user} from {project} \
project succesfully'.format(user=user_email,
project=project_name))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to remove user: {user}\
from {project} project'.format(user=user_email,
project=project_name))
ret = RemoveUserAccess(success=success, removed_email=removed_email)
return ret
def mutate(self, info, **parameters):
user_info = util.get_jwt_content(info.context)
user_mail = user_info['user_email']
finding_id = parameters.get('finding_id')
historic_treatment = finding_domain.get_finding(finding_id).get(
'historicTreatment')
if historic_treatment[-1]['acceptance_status'] != 'SUBMITTED':
raise GraphQLError('It cant be approved/rejected a finding' +
'definite assumption without being requested')
success = finding_domain.handle_acceptation(
finding_id, parameters.get('observations'), user_mail,
parameters.get('response'))
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(parameters.get('project_name'))
util.cloudwatch_log(
info.context, 'Security: Verified a request '
f'in finding_id: {finding_id}')
ret = HandleAcceptation(success=success)
return ret
def project_to_xls(request, lang, project):
"Create the technical report"
username = request.session['username'].split("@")[0]
if project.strip() == "":
rollbar.report_message(
'Error: Empty fields in project', 'error', request)
return util.response([], 'Empty fields', True)
if not has_access_to_project(request.session['username'],
project, request.session['role']):
util.cloudwatch_log(
request,
'Security: Attempted to export project xls without permission')
return util.response([], 'Access denied', True)
if lang not in ["es", "en"]:
rollbar.report_message('Error: Unsupported language', 'error', request)
return util.response([], 'Unsupported language', True)
findings = finding_domain.get_findings(
project_domain.list_findings(project.lower()))
if findings:
findings = [cast_new_vulnerabilities(
get_open_vuln_by_type(finding['findingId'], request), finding)
for finding in findings]
else:
rollbar.report_message(
'Project {} does not have findings in dynamo'.format(project),
'warning',
request)
return util.response([], 'Empty fields', True)
data = util.ord_asc_by_criticidad(findings)
it_report = ITReport(project, data, username)
filepath = it_report.result_filename
reports.set_xlsx_password(filepath, time.strftime('%d%m%Y') + username)
with open(filepath, 'rb') as document:
response = HttpResponse(document.read())
response['Content-Type'] = ('application/vnd.openxmlformats'
'-officedocument.spreadsheetml.sheet')
response['Content-Disposition'] = 'inline;filename={}.xlsx'.format(
project)
return response
def mutate(self, info, **kwargs):
"""Delete vulnerability from database."""
finding_id = kwargs.get('finding_id')
uuid = kwargs.get('id')
justification = kwargs.get('justification')
project = get_finding_project_name(finding_id)
user_email = util.get_jwt_content(info.context)['user_email']
success = delete_vulnerability(finding_id, uuid, justification,
user_email)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project)
util.cloudwatch_log(
info.context, f'Security: Deleted vulnerability: {uuid} '
f'from {project} project succesfully')
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to delete vulnerability: '
f'{uuid} from {project} project')
ret = DeleteVulnerability(success=success)
return ret
def mutate(self, info, project_name, tag):
success = False
project_name = project_name.lower()
if project_domain.is_alive(project_name):
project_tags = project_domain.get_attributes(project_name, ['tag'])
project_tags.get('tag').remove(tag)
if project_tags.get('tag') == set():
project_tags['tag'] = None
tag_deleted = project_domain.update(project_name, project_tags)
if tag_deleted:
success = True
else:
rollbar.report_message('Error: \
An error occurred removing a tag', 'error', info.context)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, 'Security: Removed tag from \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to remove \
tag in {project} project'.format(project=project_name))
ret = RemoveTag(success=success, project=Project(project_name))
return ret
def mutate(_, info, envs: _List[Dict[str, str]],
project_name: str) -> object:
user_email = util.get_jwt_content(info.context)['user_email']
success = resources.create_resource(
envs, project_name, 'environment', user_email)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context,
f'Security: Added envs to {project_name} project succesfully')
resources.send_mail(
project_name, user_email, envs, 'added', 'environment')
else:
rollbar.report_message(
'An error occurred adding environments',
level='error',
payload_data=locals())
util.cloudwatch_log(
info.context,
f'Security: Attempted to add envs to {project_name} project')
return AddRepositories(success=success)
def mutate(self, info, draft_id):
reviewer_email = util.get_jwt_content(info.context)['user_email']
project_name = finding_domain.get_finding(draft_id)['projectName']
has_vulns = [
vuln for vuln in vuln_domain.list_vulnerabilities([draft_id])
if vuln['historic_state'][-1].get('state') != 'DELETED'
]
if not has_vulns:
raise GraphQLError('CANT_APPROVE_FINDING_WITHOUT_VULNS')
success, release_date = finding_domain.approve_draft(
draft_id, reviewer_email)
if success:
util.invalidate_cache(draft_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Approved draft in\
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to approve \
draft in {project} project'.format(project=project_name))
return ApproveDraft(release_date, success)
def resolve_remove_user_access(
_, info, project_name: str, user_email: str
) -> object:
"""Resolve remove_user_access mutation."""
success = False
project_domain.remove_user_access(
project_name, user_email, 'customeradmin'
)
success = project_domain.remove_access(user_email, project_name)
removed_email = user_email if success else None
if success:
util.invalidate_cache(project_name)
util.invalidate_cache(user_email)
util.cloudwatch_log(
info.context,
f'Security: Removed user: {user_email} from {project_name} \
project succesfully')
else:
util.cloudwatch_log(
info.context, f'Security: Attempted to remove user: {user_email}\
from {project_name} project')
return dict(success=success, removed_email=removed_email)
def download_vulnerabilities(request, findingid):
"""Download a file with all the vulnerabilities."""
if not has_access_to_finding(request.session['username'], findingid,
request.session['role']):
util.cloudwatch_log(request,
'Security: \
Attempted to retrieve vulnerabilities without permission')
return util.response([], 'Access denied', True)
else:
finding = get_vulnerabilities_by_type(findingid)
data_yml = {}
vuln_types = {'ports': dict, 'lines': dict, 'inputs': dict}
if finding:
for vuln_key, cast_fuction in list(vuln_types.items()):
if finding.get(vuln_key):
data_yml[vuln_key] = list(map(cast_fuction, list(finding.get(vuln_key))))
else:
# This finding does not have this type of vulnerabilities
pass
else:
# This finding does not have new vulnerabilities
pass
project = finding_domain.get_finding(findingid)['projectName']
file_name = '/tmp/{project}-{finding_id}.yaml'.format(
finding_id=findingid, project=project)
stream = open(file_name, 'w')
yaml.safe_dump(data_yml, stream, default_flow_style=False)
try:
with open(file_name, 'rb') as file_obj:
response = HttpResponse(file_obj.read(), content_type='text/x-yaml')
response['Content-Disposition'] = \
'attachment; filename="{project}-{finding_id}.yaml"'.format(
finding_id=findingid, project=project)
return response
except IOError:
rollbar.report_message('Error: Invalid vulnerabilities file format', 'error', request)
return util.response([], 'Invalid vulnerabilities file format', True)
def mutate(self, info, files_data: Dict[str, Any], project_name: str) -> object:
success = False
file_name = files_data.get('fileName')
user_email = util.get_jwt_content(info.context)['user_email']
remove_file = resources.remove_file(file_name, project_name)
if remove_file:
resources.send_mail(project_name,
user_email,
[files_data],
'removed',
'file')
success = True
else:
rollbar.report_message('Error: \
An error occurred removing file', 'error', info.context)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, 'Security: Removed Files from \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to remove files \
from {project} project'.format(project=project_name))
ret = RemoveFiles(success=success, resources=Resource(project_name))
return ret
def resolve_add_repositories(
_, info, repos: _List[Dict[str, str]], project_name: str
) -> object:
"""Resolve add_repositories mutation."""
user_email = util.get_jwt_content(info.context)['user_email']
success = resources.create_resource(
repos, project_name, 'repository', user_email)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context,
f'Security: Added repos to {project_name} project succesfully')
resources.send_mail(
project_name, user_email, repos, 'added', 'repository')
else:
rollbar.report_message(
'An error occurred adding repositories',
level='error',
payload_data=locals())
util.cloudwatch_log(
info.context,
f'Security: Attempted to add repos to {project_name} project')
return dict(success=success)
def mutate(self, info, **kwargs):
"""Process file input."""
finding_id = kwargs.get('finding_id')
origin = kwargs.get('origin', '')
project = finding_domain.get_project(finding_id)
file_input = info.context.FILES['1']
mime = Magic(mime=True)
if isinstance(file_input, TemporaryUploadedFile):
mime_type = mime.from_file(file_input.temporary_file_path())
elif isinstance(file_input, InMemoryUploadedFile):
mime_type = mime.from_buffer(file_input.file.getvalue())
else:
mime_type = ''
mib = 1048576
if (file_input
and mime_type in ['text/x-yaml', 'text/plain', 'text/html']):
if file_input.size < 1 * mib:
success = process_file(file_input, finding_id, info, origin)
else:
raise InvalidFileSize()
else:
raise InvalidFileType()
ret = UploadFile(success=success)
if success:
update_last_vuln_date(finding_id)
util.invalidate_cache(finding_id)
util.invalidate_cache(project)
util.cloudwatch_log(
info.context, 'Security: Uploaded file in {project} \
project succesfully'.format(project=project))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to delete file \
from {project} project'.format(project=project))
raise ErrorUploadingFileS3()
return ret
def mutate(self, info, **parameters):
if parameters.get('type') in ['comment', 'observation']:
user_data = util.get_jwt_content(info.context)
role = get_user_role(user_data)
if parameters.get('type') == 'observation' and \
role not in ['analyst', 'admin']:
util.cloudwatch_log(
info.context, 'Security: \
Unauthorized role attempted to add observation')
raise GraphQLError('Access denied')
user_email = user_data['user_email']
comment_id = int(round(time() * 1000))
comment_data = {
'user_id':
comment_id,
'comment_type':
parameters.get('type'),
'content':
parameters.get('content'),
'fullname':
str.join(' ',
[user_data['first_name'], user_data['last_name']]),
'parent':
int(parameters.get('parent')),
}
success = finding_domain.add_comment(
user_email=user_email,
comment_data=comment_data,
finding_id=parameters.get('finding_id'),
is_remediation_comment=False)
else:
raise GraphQLError('Invalid comment type')
if success:
util.invalidate_cache(parameters.get('finding_id'))
util.cloudwatch_log(
info.context, 'Security: Added comment in\
finding {id} succesfully'.format(
id=parameters.get('finding_id')))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to add \
comment in finding {id}'.format(
id=parameters.get('finding_id')))
ret = AddFindingComment(success=success, comment_id=comment_id)
return ret
def resolve_update_access_token(_, info, expiration_time):
"""Resolve update_access_token mutation."""
user_info = util.get_jwt_content(info.context)
email = user_info['user_email']
token_data = util.calculate_hash_token()
session_jwt = ''
success = False
if util.is_valid_expiration_time(expiration_time):
session_jwt = jwt.encode(
{
'user_email': email,
'company': user_domain.get_data(
email, 'company'),
'first_name': user_info['first_name'],
'last_name': user_info['last_name'],
'jti': token_data['jti'],
'iat': datetime.utcnow().timestamp(),
'exp': expiration_time
},
algorithm='HS512',
key=settings.JWT_SECRET_API
)
success = user_domain.update_access_token(email, token_data)
if success:
util.cloudwatch_log(
info.context, '{email} update access token'.format(
email=user_info['user_email']))
else:
util.cloudwatch_log(
info.context, '{email} attempted to update access token'
.format(email=user_info['user_email']))
else:
util.cloudwatch_log(
info.context, '{email} attempted to use expiration time \
greater than six months or minor than current time'
.format(email=user_info['user_email']))
raise InvalidExpirationTime()
return dict(success=success, session_jwt=session_jwt)
def resolve_set_alert(_, info, company, message, project_name):
"""Resolve set_alert mutation."""
success = alert_domain.set_company_alert(company, message, project_name)
if success:
util.cloudwatch_log(info.context, f'Security: Set alert of {company}')
return dict(success=success)
def update_treatment_vuln(vulnerabilities: List[str], finding_id: str,
updated_values: Dict[str,
FindingType], info) -> bool:
if updated_values.get('acceptance_date'):
del updated_values['acceptance_date']
del updated_values['finding_id']
user_email = util.get_jwt_content(info.context)['user_email']
updated_vuln_description = []
for vulnerability in vulnerabilities:
vuln_info = cast(List[Dict[str, FindingType]],
vuln_dal.get(finding_id, uuid=vulnerability))
new_info = copy.copy(updated_values)
if new_info.get('tag'):
new_info['tag'] = cast(List[str], vuln_info[0].get('tag', []))
for tag in str(updated_values['tag']).split(','):
validations.validate_field(cast(List[str], tag))
if tag.strip():
cast(List[str], new_info['tag']).append(tag.strip())
new_info['tag'] = cast(
# conflict between mypy and pylint -> 'github.com/PyCQA/pylint/issues/2377'
# pylint: disable=unsubscriptable-object
List[str],
list(set(cast(Iterable[Collection[str]], new_info['tag']))))
new_info['tag'] = [
html.unescape(tag) for tag in cast(List[str], new_info['tag'])
]
new_info = {
key: None if not value else value
for key, value in new_info.items()
}
new_info = {
util.camelcase_to_snakecase(k): new_info.get(k)
for k in new_info
}
result_update_vuln = \
vuln_dal.update(finding_id,
vulnerability,
new_info)
if 'lines' in str(vuln_info[0]['vuln_type']):
where = 'Path'
specific = 'Line'
elif 'ports' in str(vuln_info[0]['vuln_type']):
where = 'Host'
specific = 'Port'
else:
where = 'URL'
specific = 'Field'
mail_description =\
"<b>{where}:</b>{where_info} \
<b>{specific}:</b> {specific_info}"\
.format(where=where, where_info=vuln_info[0]['where'],
specific_info=vuln_info[0]['specific'], specific=specific)
updated_vuln_description.append(
{'updated_vuln_description': mail_description})
if not result_update_vuln:
util.cloudwatch_log(
info.context, 'Security: Attempted to update vulnerability\
:{id} from finding:{finding}'.format(id=vulnerability,
finding=finding_id))
return False
util.cloudwatch_log(
info.context, 'Security: Updated vulnerability:\
{id} from finding:{finding} succesfully'.format(id=vulnerability,
finding=finding_id))
if updated_values.get('treatment') != 'NEW':
send_updated_vuln_email(finding_id, user_email,
cast(Dict[str, str], updated_values),
str(updated_vuln_description))
return True
def _create_new_user(
context: Dict[str, Union[int, _List[str]]],
new_user_data: Dict[str, str],
project_name: str) -> bool:
analizable_list = list(new_user_data.values())[1:-1]
if (
all(validate_alphanumeric_field(field) for field in analizable_list) and
validate_phone_field(new_user_data['phone_number']) and
validate_email_address(new_user_data['email'])
):
email = new_user_data['email']
organization = new_user_data['organization']
responsibility = new_user_data['responsibility']
role = new_user_data['role']
phone_number = new_user_data['phone_number']
else:
return False
success = False
if not user_domain.get_data(email, 'email'):
user_domain.create(
email.lower(), {'company': organization.lower(),
'phone': phone_number})
if not user_domain.is_registered(email):
user_domain.register(email)
user_domain.assign_role(email, role)
user_domain.update(email, organization.lower(), 'company')
elif user_domain.is_registered(email):
user_domain.assign_role(email, role)
if project_name and responsibility and len(responsibility) <= 50:
project_domain.add_access(
email, project_name, 'responsibility', responsibility
)
else:
util.cloudwatch_log(
context,
'Security: {email} Attempted to add responsibility to project \
{project} without validation'.format(email=email,
project=project_name)
)
if phone_number and phone_number[1:].isdigit():
user_domain.add_phone_to_user(email, phone_number)
if project_name and role == 'customeradmin':
project_domain.add_user(project_name.lower(), email.lower(), role)
if project_name and user_domain.update_project_access(
email, project_name, True
):
description = project_domain.get_description(project_name.lower())
project_url = \
'https://fluidattacks.com/integrates/dashboard#!/project/' \
+ project_name.lower() + '/indicators'
mail_to = [email]
context = {
'admin': email,
'project': project_name,
'project_description': description,
'project_url': project_url,
}
email_send_thread = \
threading.Thread(name='Access granted email thread',
target=send_mail_access_granted,
args=(mail_to, context,))
email_send_thread.start()
success = True
return success
def resolve_event(_, info, identifier):
"""Resolve event query."""
util.cloudwatch_log(
info.context, f'Security: Access to Event: {identifier} succesfully')
return event_domain.get_event(identifier)
