Ejemplo n.º 1
0
def get_or_add_objects(api_root, id_):
    # TODO: Check if user has access to read or write objects in collection - right now just check for permissions on the collection.

    if request.method == "GET":
        if permission_to_read(api_root, id_):
            objects = get_backend().get_objects(api_root, id_, request.args,
                                                ("id", "type", "version"))
            if objects:
                return Response(response=flask.json.dumps(objects),
                                status=200,
                                mimetype=MEDIA_TYPE_STIX_V20)
            else:
                abort(404)
        else:
            abort(403)
    elif request.method == "POST":
        if permission_to_write(api_root, id_):
            # can't I get this from the request itself?
            request_time = common.format_datetime(common.get_timestamp())
            status = get_backend().add_objects(api_root, id_,
                                               request.get_json(force=True),
                                               request_time)
            return Response(response=flask.json.dumps(status),
                            status=202,
                            mimetype=MEDIA_TYPE_TAXII_V20)
        else:
            abort(403)
Ejemplo n.º 2
0
def server_discovery():
    # Having access to the discovery method is only related to having a credentials on the server
    # The metadata returned might be different depending upon the credentials

    return Response(response=flask.json.dumps(
        get_backend().server_discovery()),
                    status=200,
                    mimetype=MEDIA_TYPE_TAXII_V20)
Ejemplo n.º 3
0
def get_status(api_root, id_):
    # TODO: Check if user has access to objects in collection.
    status = get_backend().get_status(api_root, id_)

    if status:
        return Response(response=flask.json.dumps(status),
                        status=200,
                        mimetype=MEDIA_TYPE_TAXII_V20)
    abort(404)
Ejemplo n.º 4
0
def get_collection(api_root, id_):
    # TODO: Check if user has access to the collection's metadata - unrelated to can_read, can_write attributes

    collection = get_backend().get_collection(api_root, id_)
    if collection:
        return Response(response=flask.json.dumps(collection),
                        status=200,
                        mimetype=MEDIA_TYPE_TAXII_V20)
    abort(404)
Ejemplo n.º 5
0
def get_api_root_information(api_root):
    # TODO: Check if user has access to objects in collection.

    root_info = get_backend().get_api_root_information(api_root)

    if root_info:
        return Response(response=flask.json.dumps(root_info),
                        status=200,
                        mimetype=MEDIA_TYPE_TAXII_V20)
    abort(404)
Ejemplo n.º 6
0
def get_object_manifest(api_root, id_):
    # TODO: Check if user has access to objects in collection.

    manifest = get_backend().get_object_manifest(api_root, id_, request.args,
                                                 ("id", "type", "version"))
    if manifest:
        return Response(response=flask.json.dumps({"objects": manifest}),
                        status=200,
                        mimetype=MEDIA_TYPE_TAXII_V20)
    abort(404)
Ejemplo n.º 7
0
def backend():
    reset_db()
    init({
        "backend": {
            "type": "mongodb",
            "url": "mongodb://localhost:27017/"
        },
        "users": []
    })
    return get_backend()
Ejemplo n.º 8
0
def test_client_object_versioning(backend):
    new_id = "indicator--%s" % uuid.uuid4()
    new_bundle = copy.deepcopy(API_OBJECTS_2)
    new_bundle["objects"][0]["id"] = new_id
    resp = backend.add_objects("trustgroup1",
                               "91a7b528-80eb-42ed-a74d-c6fbd5a26116",
                               new_bundle,
                               common.format_datetime(common.get_timestamp()))
    for i in range(0, 5):
        new_bundle = copy.deepcopy(API_OBJECTS_2)
        new_bundle["objects"][0]["id"] = new_id
        new_bundle["objects"][0]["modified"] = common.format_datetime(
            common.get_timestamp())
        resp = backend.add_objects(
            "trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", new_bundle,
            common.format_datetime(common.get_timestamp()))
        time.sleep(1)
    objs = backend.get_objects("trustgroup1",
                               "91a7b528-80eb-42ed-a74d-c6fbd5a26116", {
                                   "match[id]": new_id,
                                   "match[version]": "all"
                               }, ("id", "type", "version"))
    assert objs["objects"][0]["id"] == new_id
    assert objs["objects"][-1]["modified"] == new_bundle["objects"][0][
        "modified"]
    objs = backend.get_objects("trustgroup1",
                               "91a7b528-80eb-42ed-a74d-c6fbd5a26116", {
                                   "match[id]": new_id,
                                   "match[version]": "first"
                               }, ("id", "type", "version"))
    assert objs["objects"][0]["id"] == new_id
    assert objs["objects"][0]["modified"] == "2017-01-27T13:49:53.935Z"
    objs = backend.get_objects("trustgroup1",
                               "91a7b528-80eb-42ed-a74d-c6fbd5a26116", {
                                   "match[id]": new_id,
                                   "match[version]": "last"
                               }, ("id", "type", "version"))
    assert objs["objects"][0]["id"] == new_id
    assert objs["objects"][0]["modified"] == new_bundle["objects"][0][
        "modified"]
    objs = backend.get_objects("trustgroup1",
                               "91a7b528-80eb-42ed-a74d-c6fbd5a26116", {
                                   "match[id]": new_id,
                                   "match[version]": "2017-01-27T13:49:53.935Z"
                               }, ("id", "type", "version"))
    assert objs["objects"][0]["id"] == new_id
    assert objs["objects"][0]["modified"] == "2017-01-27T13:49:53.935Z"
    resp2 = get_backend().get_status("trustgroup1", resp["id"])
    assert resp2["success_count"] == 1
    mani = backend.get_object_manifest("trustgroup1",
                                       "91a7b528-80eb-42ed-a74d-c6fbd5a26116",
                                       {"match[id]": new_id},
                                       ("id", "type", "version"))
    assert mani[0]["id"] == new_id
    assert mani[0]["versions"][0] == new_bundle["objects"][0]["modified"]
Ejemplo n.º 9
0
def get_object(api_root, id_, object_id):
    # TODO: Check if user has access to objects in collection - right now just check for permissions on the collection

    if permission_to_read(api_root, id_):
        objects = get_backend().get_object(api_root, id_, object_id,
                                           request.args, ("version", ))
        if objects:
            return Response(response=flask.json.dumps(objects),
                            status=200,
                            mimetype=MEDIA_TYPE_STIX_V20)
        abort(404)
    else:

        abort(403)
Ejemplo n.º 10
0
def test_saving_data_file(backend):
    new_bundle = copy.deepcopy(API_OBJECTS_2)
    new_id = "indicator--%s" % uuid.uuid4()
    new_bundle["objects"][0]["id"] = new_id

    with tempfile.NamedTemporaryFile() as f:
        backend.add_objects("trustgroup1",
                            "91a7b528-80eb-42ed-a74d-c6fbd5a26116",
                            new_bundle,
                            common.format_datetime(common.get_timestamp()))
        backend.save_data_to_file(f.name)
        assert os.path.isfile(f.name)

        init({"backend": {"type": "memory", "data_file": f.name}, "users": []})
        backend2 = get_backend()
        obj = backend2.get_object("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", new_id, None, ("version",))
        assert obj["objects"][0]["id"] == new_id
Ejemplo n.º 11
0
def backend(data_file=DATA_FILE):
    init_backend({"type": "memory", "data_file": data_file})
    return get_backend()
Ejemplo n.º 12
0
def backend():
    reset_db()
    init_backend({"type": "mongodb", "url": "mongodb://localhost:27017/"})
    return get_backend()
Ejemplo n.º 13
0
def permission_to_write(api_root, collection_id):
    collection_info = get_backend().get_collection(api_root, collection_id)
    return collection_info["can_write"]
Ejemplo n.º 14
0
def backend(data_file=DATA_FILE):
    init({"backend": {"type": "memory", "data_file": data_file}, "users": []})
    return get_backend()