def create_user(data):
log("A new user created", "MEDIUM", "PASS")
my_secure_rng = random.SystemRandom()
val_num(data.get('privilege'))
pincode = my_secure_rng.randrange(10000000, 99999999)
username = pincode
email = data.get('email')
access = "False"
activated = "False"
privilege_id = 0
# New users can only edit:read:delete
if data.get('privilege') == 1:
log("User triggered error creating new user", "MEDIUM", "FAIL")
return {'message': 'User could not be created'}
else:
privilege_id = data.get('privilege')
password = ""
user = users(privilege_id, pincode, username, password, access, activated, email)
db.session.add(user)
db.session.commit()
result = users.query.filter(users.email == email).one()
# Add user to default groupmember issue #422
groupmember = groupmembers.query.order_by(desc(groupmembers.memberID)).first()
groupmemberUser = groupmembers(groupmember.memberID + 1, result.userID, groupmember.groupID, groupmember.ownerID, None)
db.session.add(groupmemberUser)
db.session.commit()
return result
def get_comment_items(data):
log("User requested specific comment item", "LOW", "PASS")
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
result = comments.query.filter(comments.sprintID == sprint_id).filter(comments.checklistID == checklist_id).order_by(desc(comments.date)).paginate(1, 50, False)
return result
def get_checklist_items(id_checklist):
log("User requested list of checklist items", "LOW", "PASS")
val_num(id_checklist)
# 0 = ASVS
# 1 = MASVS
if (id_checklist == 0):
result = checklists_kb.query.filter(checklists_kb.kbID < 400).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
else:
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
return order_checklist_items(result, False, 0)
def get_checklist_items_lvl(lvl):
log("User requested list of checklist items based on level", "LOW", "PASS")
val_num(lvl)
if lvl == 1:
result = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 2:
result = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 3:
result = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
return result
def get_checklist_item(checklist_id, id_checklist):
log("User requested specific checklist item", "LOW", "PASS")
val_float(checklist_id)
val_num(id_checklist)
# 0 = ASVS
# 1 = MASVS
if (id_checklist == 0):
result = checklists_kb.query.filter((checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID < 400)).one()
else:
result = checklists_kb.query.filter((checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).one()
return result
def stats_sprint(project_id):
log("User requested specific project sprint stats", "MEDIUM", "PASS")
val_num(project_id)
sprint_info = ProjectSprint.query.filter(ProjectSprint.project_id == project_id).all()
sprint = []
for result in sprint_info:
sprint_id = result.sprint_id
sprint_desc = result.description
sprint_name = result.name
total = ChecklistResult.query.filter(ChecklistResult.sprint_id == sprint_id).count()
sprint.append({'sprint_id': sprint_id, 'sprint_desc': sprint_desc, 'title': sprint_name, 'sprint_items_total': total })
return sprint
def delete_checklist_result(id, user_id):
log("User deleted sprint", "MEDIUM", "PASS")
val_num(id)
val_num(user_id)
try:
result = ChecklistResult.query.get(id)
db.session.delete(result)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'checklist result successfully deleted'}
def update_code_item(code_id, data):
log("User requested updated specific code example item", "LOW", "PASS")
result = code_items.query.filter(code_items.codeID == code_id).one()
val_alpha_num(data.get('content'))
val_alpha_num(data.get('title'))
val_alpha(data.get('code_lang'))
result.title = data.get('title')
result.content = data.get('content')
result.code_lang = data.get('code_lang')
db.session.add(result)
db.session.commit()
return {'message': 'Code example item successfully updated'}
def update_sprint(sprint_id, data):
log("User updated sprint", "MEDIUM", "PASS")
try:
sprint = ProjectSprint.query.get(sprint_id)
sprint.name = data.get('name')
sprint.description = data.get('description')
db.session.add(sprint)
db.session.commit()
except:
db.session.rollback()
return abort(400, 'Sprint not successfully updated')
return {'message': 'Sprint successfully updated'}
def delete_sprint(sprint_id, user_id):
log("User deleted sprint", "MEDIUM", "PASS")
val_num(sprint_id)
val_num(user_id)
try:
result = ProjectSprint.query.get(sprint_id)
db.session.delete(result)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Sprint successfully deleted'}
def update_sprint(sprint_id, user_id, data):
log("User updated sprint", "MEDIUM", "PASS")
val_num(sprint_id)
val_num(user_id)
sprint = project_sprints.query.filter(
project_sprints.sprintID == sprint_id).one()
val_alpha_num_special(data.get('name'))
val_alpha_num_special(data.get('description'))
sprint.sprintName = data.get('name')
sprint.sprintDesc = data.get('description')
db.session.add(sprint)
db.session.commit()
return {'message': 'Sprint successfully updated'}
def update_project(id, data):
log("User requested update a specific project", "LOW", "PASS")
try:
project = Project.query.filter(Project.id == id).first()
project.name = data.get('name')
project.version = data.get('version')
project.description = data.get('description')
db.session.add(project)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'project successfully updated'}
def create_kb_item(data, category_id):
log("User requested creating a new kb item", "LOW", "PASS")
#grab highest kb_id value and +1 it for unique number as kb_id
item = KBItem.query.order_by(desc(KBItem.kb_id)).first()
try:
kb_item = KBItem(data.get('title'), data.get('content'), item.kb_id+1)
kb_item.checklist_category_id = category_id
db.session.add(kb_item)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'KB item successfully created'}
def get_labs_code_sol(solutions_id):
log("User requested list of code labs solution items", "LOW", "PASS")
count = LabItemCodeOptions.query.count()
sol_list = list(range(1, count))
if solutions_id in sol_list:
sol_list.remove(solutions_id)
rand_sol = random.sample(sol_list, 4)
result = LabItemCodeOptions.query.filter(
(LabItemCodeOptions.id == solutions_id)
| (LabItemCodeOptions.id == rand_sol[1])
| (LabItemCodeOptions.id == rand_sol[2])
| (LabItemCodeOptions.id == rand_sol[3])).paginate(1, 2500, False)
return result
def update_checklist_type(id, data):
log("User requested update checklist type", "LOW", "PASS")
checklist_type = ChecklistType.query.get(id)
checklist_type.name = data.get('name')
checklist_type.description = data.get('description')
checklist_type.visibility = data.get('visibility')
try:
db.session.add(checklist_type)
db.session.commit()
except Exception as e:
db.session.rollback()
raise
return {'message': 'Checklist item successfully updated'}
def update_checklist_result(id, data):
log("User deleted sprint", "MEDIUM", "PASS")
resolved = convert_boolean_type(data.get("resolved"))
try:
result = ChecklistResult.query.get(id)
result.evidence = data.get("evidence")
result.resolved = resolved
db.session.add(result)
db.session.commit()
except:
db.session.rollback()
return abort(400, 'checklist result not successfully updated')
return {'message': 'checklist result successfully updated'}
def update_question(id_question, data):
log("User updated sprint question item", "MEDIUM", "PASS")
val_num(id_question)
val_num(data.get('checklist_type'))
val_alpha_num_special(data.get('question'))
sprint_question = data.get('question')
sprint_checklist_type = data.get('checklist_type')
sprint = Question.query.filter(Question.id == id_question).one()
sprint.question = sprint_question
sprint.checklist_type = sprint_checklist_type
db.session.add(sprint)
db.session.commit()
return {'message': 'Question successfully updated'}
def get_checklist_items(id_checklist):
log("User requested list of checklist items", "LOW", "PASS")
val_num(id_checklist)
# 0 = ASVS
# 1 = MASVS
if (id_checklist == 0):
result = checklists_kb.query.filter(checklists_kb.kbID < 400).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
else:
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
return order_checklist_items(result, False, 0)
def update_code_item(code_id, data):
log("User requested updated specific code example item", "LOW", "PASS")
result = CodeItem.query.filter(CodeItem.id == code_id).one()
result.title = data.get('title')
result.content = data.get('content')
result.code_lang = data.get('code_lang')
try:
db.session.add(result)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Code example item successfully updated'}
def manage_user(user_id, data):
log("Manage user triggered", "HIGH", "PASS")
user = get_user_result_by_id(user_id)
user.access = data.get('active').lower() == 'true'
try:
db.session.add(user)
db.session.commit()
except Exception as e:
db.session.rollback()
log("User triggered error managing failed: {}".format(e), "HIGH",
"FAIL")
return {'message': 'User could not be managed'}
return {'message': 'User successfully managed'}
def new_project(user_id, data):
log("User created new project", "MEDIUM", "PASS")
now = datetime.datetime.now()
timestamp = now.strftime("%Y-%m-%d %H:%M")
try:
project = Project(data.get('name'), data.get('version'),
data.get('description'), timestamp)
db.session.add(project)
db.session.commit()
except:
db.session.rollback()
return abort(400, 'Project not created')
result = Project.query.filter(Project.name == data.get('name')).first()
return {'project_id': result.id, 'message': 'Project successfully created'}
def update_checklist_question_correlation(checklist_id, question_id):
log("User requested update a specific checklist question correlation",
"LOW", "PASS")
question_id = convert_question_id_to_none(question_id)
result_checklist_kb = ChecklistKB.query.filter(
ChecklistKB.id == checklist_id).one()
result_checklist_kb.question_id = question_id
try:
db.session.add(result_checklist_kb)
db.session.commit()
except Exception as e:
db.session.rollback
raise
return {'message': 'Checklist item successfully updated'}
def delete_code_item(code_id, user_id):
log("User deleted code item", "MEDIUM", "PASS")
val_num(code_id)
val_num(user_id)
codeItem = (CodeItem.query.filter(CodeItem.id == code_id).one())
try:
db.session.delete(codeItem)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'code item successfully deleted'}
def manage_user(user_id, data):
log("Manage user triggered", "HIGH", "PASS")
val_num(user_id)
val_alpha(data.get('active'))
status_activated = data.get('active')
result = users.query.filter(users.userID == user_id).one()
if users.query.filter(users.userID == user_id).one():
result.access = status_activated
db.session.add(result)
db.session.commit()
return {'message': 'User successfully managed'}
else:
log("User triggered error managing failed", "HIGH", "FAIL")
return {'message': 'User could not be managed'}
def manage_user(user_id, data):
log("Manage user triggered", "HIGH", "PASS")
val_num(user_id)
val_alpha(data.get('active'))
status_activated = data.get('active')
result = users.query.filter(users.userID == user_id).one()
if users.query.filter(users.userID == user_id).one():
result.access = status_activated
db.session.add(result)
db.session.commit()
return {'message': 'User successfully managed'}
else:
log("User triggered error managing failed", "HIGH", "FAIL")
return {'message': 'User could not be managed'}
def create_code_item(data):
log("User requested creating a new code item", "LOW", "PASS")
val_alpha_num_special(data.get('title'))
val_alpha_num(data.get('code_lang'))
title = data.get('title')
content = data.get('content')
code_lang = data.get('code_lang')
result = CodeItem(content, title, code_lang)
try:
db.session.add(result)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Code example item successfully created'}
def get_checklist_item(checklist_id, id_checklist):
log("User requested specific checklist item", "LOW", "PASS")
val_float(checklist_id)
val_num(id_checklist)
# 0 = ASVS
# 1 = MASVS
if (id_checklist == 0):
result = checklists_kb.query.filter(
(checklists_kb.checklistID == checklist_id)
& (checklists_kb.kbID < 400)).one()
else:
result = checklists_kb.query.filter(
(checklists_kb.checklistID == checklist_id)
& (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).one()
return result
def create_kb_item(data):
log("User requested creating a new kb item", "LOW", "PASS")
val_alpha_num_special(data.get('title'))
content = data.get('content')
title = data.get('title')
#grab highest kb_id value and +1 it for unique number as kb_id
item = KBItem.query.order_by(desc(KBItem.kb_id)).first()
try:
kb_item = KBItem(title, content, item.kb_id + 1)
db.session.add(kb_item)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'KB item successfully created'}
def delete_checklist_item(checklist_id, checklist_type):
log("User deleted checklist item", "MEDIUM", "PASS")
val_num(checklist_type)
val_alpha_num_special(checklist_id)
try:
checklist = ChecklistKB.query.filter((ChecklistKB.checklist_id == checklist_id) & (ChecklistKB.checklist_type == checklist_type)).one()
db.session.delete(checklist)
db.session.commit()
except Exception as e:
db.session.rollback()
raise
return {'message': 'Checklist item successfully deleted'}
def delete_code_item_checklist_kb(checklist_kb_id, code_items_id):
log("User deleted code item", "MEDIUM", "PASS")
val_num(code_items_id)
val_num(checklist_kb_id)
codeItem = (ChecklistKBCodeItem.query \
.filter(ChecklistKBCodeItem.checklist_kb_id == checklist_kb_id) \
.filter(ChecklistKBCodeItem.code_items_id == code_items_id) \
.one())
try:
db.session.delete(codeItem)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Code example item successfully deleted'}
def create_checklist_type(data):
log("User requested create a new checklist type", "LOW", "PASS")
val_alpha_num_special(data.get('name'))
val_alpha_num_special(data.get('description'))
checklist_name = data.get('name')
checklist_description = data.get('description')
visibility = data.get('visibility')
checklist_type = ChecklistType(checklist_name, checklist_description, visibility)
try:
db.session.add(checklist_type)
db.session.commit()
except:
db.rollback()
raise
return {'message': 'Checklist type successfully created'}
def new_sprint(user_id, data):
log("User created new sprint", "MEDIUM", "PASS")
val_alpha_num_special(data.get('name'))
val_alpha_num_special(data.get('description'))
val_num(data.get('projectID'))
sprintName = data.get('name')
sprintDesc = data.get('description')
projectID = data.get('projectID')
groupmember = groupmembers.query.filter(groupmembers.userID == user_id).one()
groupID = groupmember.groupID
sprintAdd = project_sprints(sprintName, sprintDesc, groupID, projectID)
db.session.add(sprintAdd)
db.session.commit()
result = project_sprints.query.filter(project_sprints.groupID == groupID).order_by(desc(project_sprints.sprintID)).first()
return {'sprintID': result.sprintID, 'message': 'Sprint successfully created'}
def update_pre_questions(project_id, user_id, data):
log("User updated pre question list", "MEDIUM", "PASS")
val_num(user_id)
val_num(project_id)
clear_question_pre_rows = db.session.query(question_pre_results).filter(question_pre_results.projectID == project_id)
clear_question_pre_rows.delete(synchronize_session=False)
clear_checklists_results_rows = db.session.query(checklists_results).filter(checklists_results.preItem == 'True').filter(checklists_results.projectID == project_id)
clear_checklists_results_rows.delete(synchronize_session=False)
db.session.commit()
project_results = project_sprints.query.filter(project_sprints.projectID == project_id).one()
sprint_id = project_results.sprintID
projects_result = projects.query.filter(projects.projectID == project_id).one()
project_lvl = projects_result.level
status = 1
pre_item = "True"
for result in data.get('questions'):
val_num(result['question_pre_ID'])
val_alpha(result['result'])
question_pre_ID = result['question_pre_ID']
question_result = result['result']
questions = question_pre_results(project_id, question_pre_ID, question_result)
db.session.add(questions)
db.session.commit()
questions_results = question_pre_results.query.filter(question_pre_results.projectID == project_id).filter(question_pre_results.result == "False").all()
for results in questions_results:
projectID = results.projectID
questionpreID = results.question_pre_ID
if project_lvl == 1:
checklists = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 2:
checklists = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 3:
checklists = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
for row in checklists:
checklists_query = checklists_results(row.checklistID, projectID, sprint_id, status, pre_item, row.kbID)
db.session.add(checklists_query)
db.session.commit()
if project_lvl == 1:
checklists_first = checklists_kb.query.filter(checklists_kb.include_first == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 2:
checklists_first = checklists_kb.query.filter(checklists_kb.include_first == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 3:
checklists_first = checklists_kb.query.filter(checklists_kb.include_first == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
for row in checklists_first:
checklists_query_first = checklists_results(row.checklistID, projectID, sprint_id, status, pre_item, row.kbID)
db.session.add(checklists_query_first)
db.session.commit()
return {'message': 'Pre questions successfully updated'}
def stats_sprint(project_id):
log("User requested specific project sprint stats", "MEDIUM", "PASS")
val_num(project_id)
sprint_info = (project_sprints.query.filter(
project_sprints.projectID == project_id).all())
sprint = []
for result in sprint_info:
sprint_id = result.sprintID
sprint_desc = result.sprintDesc
sprint_name = result.sprintName
sprint_open = (checklists_results.query.filter(
checklists_results.sprintID == sprint_id).filter(
checklists_results.status == 1).group_by(
checklists_results.checklistID).group_by(
checklists_results.checklistID).count())
sprint_closed = (checklists_results.query.filter(
checklists_results.sprintID == sprint_id).filter(
checklists_results.status == 2).group_by(
checklists_results.checklistID).group_by(
checklists_results.checklistID).count())
sprint_accepted = (checklists_results.query.filter(
checklists_results.sprintID == sprint_id).filter(
checklists_results.status == 3).group_by(
checklists_results.checklistID).group_by(
checklists_results.checklistID).count())
sprint_sec_ack = (checklists_results.query.filter(
checklists_results.sprintID == sprint_id).filter(
checklists_results.status == 4).group_by(
checklists_results.checklistID).group_by(
checklists_results.checklistID).count())
sprint_sec_fail = (checklists_results.query.filter(
checklists_results.sprintID == sprint_id).filter(
checklists_results.status == 5).group_by(
checklists_results.checklistID).group_by(
checklists_results.checklistID).count())
total = sprint_open + sprint_closed + sprint_accepted + sprint_sec_ack + sprint_sec_fail
sprint.append({
'sprint_id': sprint_id,
'sprint_desc': sprint_desc,
'sprint_name': sprint_name,
'sprint_open': sprint_open,
'sprint_closed': sprint_closed,
'sprint_accepted': sprint_accepted,
'sprint_sec_ack': sprint_sec_ack,
'sprint_sec_fail': sprint_sec_fail,
'sprint_items_total': total
})
return sprint
def get_checklist_items_lvl(lvl):
log("User requested list of checklist items based on level", "LOW", "PASS")
val_num(lvl)
# ASVS kbID's below 400
# MASVS kbID's between 400 and 799
if lvl == 1: # ASVS Level 1
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400)
& (checklists_kb.checklist_items.has(level=0)
| checklists_kb.checklist_items.has(level=1))).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 2: # ASVS Level 2
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400)
& (checklists_kb.checklist_items.has(level=0)
| checklists_kb.checklist_items.has(level=1)
| checklists_kb.checklist_items.has(level=2))).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 3: # ASVS Level 3
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400)
& (checklists_kb.checklist_items.has(level=0)
| checklists_kb.checklist_items.has(level=1)
| checklists_kb.checklist_items.has(level=2)
| checklists_kb.checklist_items.has(level=3))).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 4: # MASVS Level 1
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000)
& (checklists_kb.checklist_items.has(level=0)
| checklists_kb.checklist_items.has(level=1))).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 5: # MASVS Level 2
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000)
& (checklists_kb.checklist_items.has(level=0)
| checklists_kb.checklist_items.has(level=1)
| checklists_kb.checklist_items.has(level=2))).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 6: # MASVS Level R
result = checklists_kb.query.filter(
(checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000)
& (checklists_kb.checklist_items.has(level=0)
| checklists_kb.checklist_items.has(level=1)
| checklists_kb.checklist_items.has(level=2)
| checklists_kb.checklist_items.has(level='R'))).group_by(
checklists_kb.checklistID).paginate(1, 1500, False)
return order_checklist_items(result, True, lvl)
def delete_kb_item(kb_id, user_id):
log("User deleted kb item", "MEDIUM", "PASS")
val_num(kb_id)
val_num(user_id)
try:
kb_item = KBItem.query.filter(KBItem.kb_id == kb_id).first()
db.session.delete(kb_item)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'KB item successfully deleted'}
def create_user(data):
log("A new user created", "MEDIUM", "PASS")
my_secure_rng = random.SystemRandom()
try:
user = User(data.get('email'))
user.privilege_id = data.get('privilege_id')
user.username = data.get('username')
user.accessToken = my_secure_rng.randrange(10000000, 99999999)
user.group_id = 0
db.session.add(user)
db.session.commit()
except:
db.session.rollback()
return abort(400, 'User could not be created')
result = User.query.filter(User.email == data.get('email')).one()
return result
def login_user(data):
log("User successfully logedin", "HIGH", "PASS")
val_alpha_num(data.get('username'))
username = data.get('username')
try:
if (users.query.filter(users.userName == username).one()):
user = users.query.filter(users.userName == username).one()
if (user.activated == "True"):
if (user.access == "True"):
if check_password_hash(user.password,
data.get('password')):
priv_user = privileges.query.filter(
privileges.privilegeID == str(
user.privilegeID)).first()
payload = {
# userid
'UserId': user.userID,
#issued at
'iat': datetime.utcnow(),
#privileges
'privilege': priv_user.privilege,
#expiry
'exp': datetime.utcnow() + timedelta(minutes=120)
#claims for access api calls
#'claims': 'kb/items/update,project/items,non/existing/bla,'
}
token_raw = jwt.encode(payload,
settings.JWT_SECRET,
algorithm='HS256')
token = str(token_raw, 'utf-8')
return {
'Authorization token': token,
'username': username
}
else:
log("User triggered error login failed", "HIGH",
"FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
except NoResultFound:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
def store_sprint_questions(user_id, data):
log("User stored new sprint question list", "MEDIUM", "PASS")
val_num(user_id)
for result in data.get('questions'):
val_num(result['question_sprint_ID'])
val_alpha(result['result'])
val_num(result['projectID'])
val_num(result['sprintID'])
question_sprint_ID = result['question_sprint_ID']
question_result = result['result']
question_project_id = result['projectID']
sprint_id = result['sprintID']
questions = question_sprint_results(question_project_id, sprint_id, question_sprint_ID, question_result)
db.session.add(questions)
db.session.commit()
projects_result = projects.query.filter(projects.projectID == question_project_id).one()
project_lvl = projects_result.level
status = 1
pre_item = "False"
questions_results = question_sprint_results.query.filter(question_sprint_results.sprintID == sprint_id).filter(question_sprint_results.projectID == question_project_id).filter(question_sprint_results.result == "True").all()
for results in questions_results:
projectID = results.projectID
questionsprintID = results.question_sprint_ID
if project_lvl == 1:
checklists = checklists_kb.query.filter(checklists_kb.question_pre_ID == 0).filter(checklists_kb.question_sprint_ID == questionsprintID).filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 2:
checklists = checklists_kb.query.filter(checklists_kb.question_pre_ID == 0).filter(checklists_kb.question_sprint_ID == questionsprintID).filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 3:
checklists = checklists_kb.query.filter(checklists_kb.question_pre_ID == 0).filter(checklists_kb.question_sprint_ID == questionsprintID).filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
for row in checklists:
checkID = row.checklistID
checklists_query = checklists_results(checkID, projectID, sprint_id, status, pre_item, row.kbID)
db.session.add(checklists_query)
db.session.commit()
if project_lvl == 1:
checklists_always = checklists_kb.query.filter(checklists_kb.include_always == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 2:
checklists_always = checklists_kb.query.filter(checklists_kb.include_always == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
elif project_lvl == 3:
checklists_always = checklists_kb.query.filter(checklists_kb.include_always == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all()
for row in checklists_always:
checklists_query_always = checklists_results(row.checklistID, question_project_id, sprint_id, status, pre_item, row.kbID)
db.session.add(checklists_query_always)
db.session.commit()
return {'message': 'Sprint questions successfully created'}
def get_checklist_items_lvl(lvl):
log("User requested list of checklist items based on level", "LOW", "PASS")
val_num(lvl)
# ASVS kbID's below 400
# MASVS kbID's between 400 and 799
if lvl == 1: # ASVS Level 1
result = checklists_kb.query.filter((checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1))).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 2: # ASVS Level 2
result = checklists_kb.query.filter((checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2))).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 3: # ASVS Level 3
result = checklists_kb.query.filter((checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3))).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 4: # MASVS Level 1
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1))).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 5: # MASVS Level 2
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2))).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
elif lvl == 6: # MASVS Level R
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 'R'))).group_by(checklists_kb.checklistID).paginate(1, 1500, False)
return order_checklist_items(result, True, lvl)
def store_post_questions(user_id, data):
log("User stored new post question list", "MEDIUM", "PASS")
val_num(user_id)
for result in data.get('questions'):
val_alpha_num(result['checklistID'])
val_num(result['status'])
val_num(result['projectID'])
val_num(result['sprintID'])
val_num(result['kbID'])
post_checklist_id = result['checklistID']
post_result = result['status']
post_project_id = result['projectID']
post_sprint_id = result['sprintID']
post_kb_id = result['kbID']
post = checklists_post(post_checklist_id, post_project_id, post_sprint_id, post_result, post_kb_id)
db.session.add(post)
db.session.commit()
return {'message': 'Post questions successfully stored'}
def login_user(data):
log("User successfully logedin", "HIGH", "PASS")
val_alpha_num(data.get('username'))
username = data.get('username')
try:
if (users.query.filter(users.userName == username).one()):
user = users.query.filter(users.userName == username).one()
if (user.activated == "True"):
if (user.access == "True"):
if check_password_hash(user.password, data.get('password')):
priv_user = privileges.query.filter(privileges.privilegeID == str(user.privilegeID)).first()
payload = {
# userid
'UserId': user.userID,
#issued at
'iat': datetime.utcnow(),
#privileges
'privilege': priv_user.privilege,
#expiry
'exp': datetime.utcnow() + timedelta(minutes=120)
#claims for access api calls
#'claims': 'kb/items/update,project/items,non/existing/bla,'
}
token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256')
if sys.version_info.major == 3:
unicode = str
token = unicode(token_raw,'utf-8')
return {'Authorization token': token, 'username': username}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
except NoResultFound:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
def create_user(data):
log("A new user created", "MEDIUM", "PASS")
my_secure_rng = secrets.SystemRandom()
val_num(data.get('privilege'))
pincode = my_secure_rng.randrange(10000000, 99999999)
username = pincode
email = data.get('email')
access = "False"
activated = "False"
privilege_id = 0
# New users can only edit:read:delete
if data.get('privilege') == 1:
log("User triggered error creating new user", "MEDIUM", "FAIL")
return {'message': 'User could not be created'}
else:
privilege_id = data.get('privilege')
password = ""
user = users(privilege_id, pincode, username, password, access, activated, email)
db.session.add(user)
db.session.commit()
result = users.query.filter(users.email == email).one()
return result
def new_comment_item(user_id, data):
log("User requested update a specific comment item", "LOW", "PASS")
val_num(user_id)
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
val_num(data.get('status'))
val_alpha_num_special(data.get('comment'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
status = data.get('status')
comment = data.get('comment')
now = datetime.datetime.now()
dateLog = now.strftime("%Y-%m-%d %H:%M:%S")
result = comments(sprint_id, checklist_id, user_id, status, comment, dateLog)
db.session.add(result)
db.session.commit()
result = checklists_results.query.filter(checklists_results.sprintID == sprint_id).filter(checklists_results.checklistID == checklist_id).all()
for row in result:
row.status = status
db.session.add(row)
db.session.commit()
return {'message': 'Comment item successfully created'}
def activate_user(user_id, data):
log("User is activated", "HIGH", "PASS")
val_num(user_id)
val_num(data.get('accessToken'))
val_alpha_num(data.get('username'))
username = data.get('username')
username = username.replace(" ", "")
result = users.query.filter(users.userID == user_id).one()
if result.activated == "False":
if result.email == data.get('email'):
if data.get('password') == data.get('repassword'):
if data.get('accessToken') == result.accessToken:
pw_hash = generate_password_hash(data.get('password')).decode('utf-8')
result.password = pw_hash
result.access = "True"
result.activated = "True"
result.userName = username
db.session.add(result)
db.session.commit()
return {'message': 'User successfully activated'}
else:
log("User triggered error activation failed", "HIGH", "FAIL")
return {'message': 'User could not be activated'}
def list_users():
log("Overview of list users triggered", "HIGH", "PASS")
result = users.query.paginate(1, 50, False)
return result
def get_code_item(code_id):
log("User requested code item", "LOW", "PASS")
val_num(code_id)
result = code_items.query.filter(code_items.codeID == code_id).one()
return result
def get_checklist_item(checklist_id):
log("User requested specific checklist item", "LOW", "PASS")
val_float(checklist_id)
result = checklists_kb.query.filter(checklists_kb.checklistID == checklist_id).one()
return result
def get_code_items_lang(code_lang):
log("User requested code lang items", "LOW", "PASS")
val_alpha(code_lang)
result = code_items.query.filter(code_items.code_lang == code_lang).paginate(1, 500, False)
return result
def get_checklist_items():
log("User requested list of checklist items", "LOW", "PASS")
result = checklists_kb.query.group_by(checklists_kb.checklistID).paginate(1, 1500, False)
return result
def get_code_items():
log("User requested list of code items", "LOW", "PASS")
result = code_items.query.paginate(1, 500, False)
return result
def list_privileges():
log("User requested privileges items", "MEDIUM", "PASS")
result = privileges.query.filter(privileges.privilegeID != "1").paginate(1, 500, False)
return result
def get_post_items(sprint_id):
log("User requested list of question post items", "LOW", "PASS")
result = checklists_post.query.filter(checklists_post.sprintID == sprint_id).filter(checklists_post.status == 1).paginate(1, 500, False)
return result
def get_sprint_items():
log("User requested list of question sprint items", "LOW", "PASS")
result = questions_sprint.query.paginate(1, 500, False)
return result
def get_pre_items():
log("User requested list of question pre items", "LOW", "PASS")
result = questions_pre.query.paginate(1, 500, False)
return result
