def on_post(self, req, resp, organization_code):
"""Adds a security threat to an organization.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param organization_code: The code of the organization.
"""
session = Session()
try:
organization = session.query(Organization).get(organization_code)
if organization is None:
raise falcon.HTTPNotFound()
errors = validate_post(req.media, organization_code, session)
if errors:
raise HTTPUnprocessableEntity(errors)
item = OrganizationSecurityThreat()
item.organization_id = organization_code
item.security_threat_id = req.media.get('security_threat_id')
item.threat_level_id = req.media.get('threat_level_id')
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': custom_asdict(item)}
finally:
session.close()
def on_post(self, req, resp, organization_code, it_asset_instance_id):
"""Adds a control to an IT asset in order to decrease vulnerability against a security threat.
However, the security threat against which the control is effective is not relevant here.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param organization_code: The code of the organization.
:param it_asset_instance_id: The id of the IT asset instance.
"""
session = Session()
try:
organization_it_asset = find_organization_it_asset(it_asset_instance_id, organization_code, session)
if organization_it_asset is None:
raise falcon.HTTPNotFound()
errors = validate_post(req.media, it_asset_instance_id, organization_code, session)
if errors:
raise HTTPUnprocessableEntity(errors)
accepted_fields = ['mitigation_control_id', 'description']
item = OrganizationItAssetControl().fromdict(req.media, only=accepted_fields)
item.organization_it_asset_id = it_asset_instance_id
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': custom_asdict(item)}
finally:
session.close()
def on_post(self, req, resp):
"""Creates a new system user.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
"""
session = Session()
try:
errors = validate_post(req.media, session)
if errors:
raise HTTPUnprocessableEntity(errors)
# Copy fields from request to a SystemUser object
item = SystemUser().fromdict(req.media,
only=['email', 'full_name'])
# Get password and hash it
password = req.media.get('password')
item.hashed_password = bcrypt.hashpw(password.encode('UTF-8'),
bcrypt.gensalt())
# Add roles to user being created when informed
add_roles(item, req.media.get('roles'))
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': custom_asdict(item)}
finally:
session.close()
def on_put(self, req, resp, user_id, role_id):
"""Adds a role to a system user.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param user_id: The id of user.
:param role_id: The id of role to be added.
"""
session = Session()
try:
user = session.query(SystemUser).get(user_id)
if user is None:
raise falcon.HTTPNotFound()
errors = validate_put(req.media, user_id, role_id, session)
if errors:
raise HTTPUnprocessableEntity(errors)
# Add role if not already there
user_role = find_user_role(user_id, role_id, session)
if not user_role:
user_role = SystemUserRole(user_id=user_id, role_id=role_id)
session.add(user_role)
session.commit()
resp.status = falcon.HTTP_OK
resp.media = {'data': custom_asdict(user_role)}
finally:
session.close()
def on_post(self, req, resp, organization_code):
"""Adds a IT asset to an organization's IT service.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param organization_code: The code of the organization.
"""
session = Session()
try:
organization = session.query(Organization).get(organization_code)
if organization is None:
raise falcon.HTTPNotFound()
errors = validate_post(req.media, organization_code, session)
if errors:
raise HTTPUnprocessableEntity(errors)
accepted_fields = ['it_asset_id', 'external_identifier']
item = OrganizationITAsset().fromdict(req.media,
only=accepted_fields)
item.organization_id = organization_code
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.instance_id}'
resp.media = {'data': custom_asdict(item)}
finally:
session.close()
def on_post(self, req, resp, organization_code, it_service_instance_id):
"""Adds an instance of IT asset to an organization IT service.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param organization_code: The code of the organization.
:param it_service_instance_id: The id of the IT service instance.
"""
session = Session()
try:
it_service_instance = find_it_service_instance(
it_service_instance_id, organization_code, session)
if it_service_instance is None:
raise falcon.HTTPNotFound()
errors = validate_post(req.media, organization_code,
it_service_instance_id, session)
if errors:
raise HTTPUnprocessableEntity(errors)
accepted_fields = ['it_asset_instance_id', 'relevance_level_id']
item = OrganizationITServiceITAsset().fromdict(
req.media, only=accepted_fields)
item.it_service_instance = it_service_instance
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.it_asset_instance_id}'
resp.media = {'data': custom_asdict(item)}
finally:
session.close()
def on_post(self, req, resp, organization_code, it_asset_instance_id):
"""Adds a vulnerability to an IT asset of an organization.
This represents how vulnerable an IT asset is to a security threat.
The security threat must be previously registered for organization.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param organization_code: The code of the organization.
:param it_asset_instance_id: The id of the IT asset instance.
"""
session = Session()
try:
it_asset_instance = find_it_asset_instance(it_asset_instance_id,
organization_code,
session)
if it_asset_instance is None:
raise falcon.HTTPNotFound()
errors = validate_post(req.media, organization_code,
it_asset_instance_id, session)
if errors:
raise HTTPUnprocessableEntity(errors)
# Get the entry of organization security threat from security threat id supplied
security_threat_id = req.media['security_threat_id']
organization_security_threat = find_organization_security_threat(
security_threat_id, organization_code, session)
item = OrganizationITAssetVulnerability()
item.organization_security_threat_id = organization_security_threat.id
item.it_asset_instance_id = it_asset_instance_id
item.vulnerability_level_id = req.media['vulnerability_level_id']
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': custom_asdict(item)}
finally:
session.close()
def on_post(self, req, resp, organization_code):
"""Creates a new analysis for the organization considering the already filled values
for relevance, vulnerability and security threat levels in processes, IT services,
IT assets and security threats.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
:param organization_code: The code of the organization.
"""
session = Session()
try:
organization = session.query(Organization).get(organization_code)
if organization is None:
raise falcon.HTTPNotFound()
errors = validate_post(req.media)
if errors:
raise HTTPUnprocessableEntity(errors)
scopes = remove_redundant_scopes(req.media.get('scopes'))
accepted_fields = ['description']
item = OrganizationAnalysis().fromdict(req.media,
only=accepted_fields)
item.organization_id = organization_code
item.total_processed_items = process_analysis(
session, item, organization_code, scopes)
if item.total_processed_items == 0:
raise HTTPUnprocessableEntity(
[build_error(Message.ERR_NO_ITEMS_TO_ANALYZE)])
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': create_response_asdict(item)}
finally:
session.close()
def on_post(self, req, resp):
"""Creates a new security threat in catalog.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
"""
session = Session()
try:
errors = validate_post(req.media, session)
if errors:
raise HTTPUnprocessableEntity(errors)
# Copy fields from request to a SecurityThreat object
item = SecurityThreat().fromdict(req.media, only=['name', 'description'])
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': item.asdict()}
finally:
session.close()
def on_post(self, req, resp):
"""Creates a new organization.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
"""
session = Session()
try:
errors = validate_post(req.media, session)
if errors:
raise HTTPUnprocessableEntity(errors)
# Copy fields from request to an Organization object
accepted_fields = ['tax_id', 'legal_name', 'trade_name']
item = Organization().fromdict(req.media, only=accepted_fields)
session.add(item)
session.commit()
resp.status = falcon.HTTP_CREATED
resp.location = req.relative_uri + f'/{item.id}'
resp.media = {'data': item.asdict()}
finally:
session.close()
def on_post(self, req, resp):
"""Process login request and return access token if successful.
:param req: See Falcon Request documentation.
:param resp: See Falcon Response documentation.
"""
session = Session()
try:
errors = validate_post(req.media)
if errors:
raise HTTPUnprocessableEntity(errors)
errors, user = authenticate_user(req.media, session)
# If user was found let's save some info whether the are errors or not
if user:
user_login = SystemUserLogin()
user_login.system_user_id = user.id
user_login.attempted_on = datetime.utcnow()
user_login.was_successful = False if errors else True
session.add(user_login)
session.commit()
# Now errors can be evaluated
if errors:
raise HTTPUnauthorized(errors)
# Login successful
id_token = generate_id_token(user)
access_token = generate_access_token(user)
resp.media = {
'id_token': id_token,
'access_token': access_token
}
finally:
session.close()
