def create_user(data): log("A new user created", "MEDIUM", "PASS") my_secure_rng = random.SystemRandom() val_num(data.get('privilege')) pincode = my_secure_rng.randrange(10000000, 99999999) username = pincode email = data.get('email') access = "False" activated = "False" privilege_id = 0 # New users can only edit:read:delete if data.get('privilege') == 1: log("User triggered error creating new user", "MEDIUM", "FAIL") return {'message': 'User could not be created'} else: privilege_id = data.get('privilege') password = "" user = users(privilege_id, pincode, username, password, access, activated, email) db.session.add(user) db.session.commit() result = users.query.filter(users.email == email).one() # Add user to default groupmember issue #422 groupmember = groupmembers.query.order_by(desc(groupmembers.memberID)).first() groupmemberUser = groupmembers(groupmember.memberID + 1, result.userID, groupmember.groupID, groupmember.ownerID, None) db.session.add(groupmemberUser) db.session.commit() return result
def get_comment_items(data): log("User requested specific comment item", "LOW", "PASS") val_alpha_num(data.get('checklistID')) val_num(data.get('sprintID')) sprint_id = data.get('sprintID') checklist_id = data.get('checklistID') result = comments.query.filter(comments.sprintID == sprint_id).filter(comments.checklistID == checklist_id).order_by(desc(comments.date)).paginate(1, 50, False) return result
def get_checklist_items(id_checklist): log("User requested list of checklist items", "LOW", "PASS") val_num(id_checklist) # 0 = ASVS # 1 = MASVS if (id_checklist == 0): result = checklists_kb.query.filter(checklists_kb.kbID < 400).group_by(checklists_kb.checklistID).paginate(1, 1500, False) else: result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) return order_checklist_items(result, False, 0)
def get_checklist_items_lvl(lvl): log("User requested list of checklist items based on level", "LOW", "PASS") val_num(lvl) if lvl == 1: result = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 2: result = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 3: result = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) return result
def get_checklist_item(checklist_id, id_checklist): log("User requested specific checklist item", "LOW", "PASS") val_float(checklist_id) val_num(id_checklist) # 0 = ASVS # 1 = MASVS if (id_checklist == 0): result = checklists_kb.query.filter((checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID < 400)).one() else: result = checklists_kb.query.filter((checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).one() return result
def stats_sprint(project_id): log("User requested specific project sprint stats", "MEDIUM", "PASS") val_num(project_id) sprint_info = ProjectSprint.query.filter(ProjectSprint.project_id == project_id).all() sprint = [] for result in sprint_info: sprint_id = result.sprint_id sprint_desc = result.description sprint_name = result.name total = ChecklistResult.query.filter(ChecklistResult.sprint_id == sprint_id).count() sprint.append({'sprint_id': sprint_id, 'sprint_desc': sprint_desc, 'title': sprint_name, 'sprint_items_total': total }) return sprint
def delete_checklist_result(id, user_id): log("User deleted sprint", "MEDIUM", "PASS") val_num(id) val_num(user_id) try: result = ChecklistResult.query.get(id) db.session.delete(result) db.session.commit() except: db.session.rollback() raise return {'message': 'checklist result successfully deleted'}
def update_code_item(code_id, data): log("User requested updated specific code example item", "LOW", "PASS") result = code_items.query.filter(code_items.codeID == code_id).one() val_alpha_num(data.get('content')) val_alpha_num(data.get('title')) val_alpha(data.get('code_lang')) result.title = data.get('title') result.content = data.get('content') result.code_lang = data.get('code_lang') db.session.add(result) db.session.commit() return {'message': 'Code example item successfully updated'}
def update_sprint(sprint_id, data): log("User updated sprint", "MEDIUM", "PASS") try: sprint = ProjectSprint.query.get(sprint_id) sprint.name = data.get('name') sprint.description = data.get('description') db.session.add(sprint) db.session.commit() except: db.session.rollback() return abort(400, 'Sprint not successfully updated') return {'message': 'Sprint successfully updated'}
def delete_sprint(sprint_id, user_id): log("User deleted sprint", "MEDIUM", "PASS") val_num(sprint_id) val_num(user_id) try: result = ProjectSprint.query.get(sprint_id) db.session.delete(result) db.session.commit() except: db.session.rollback() raise return {'message': 'Sprint successfully deleted'}
def update_sprint(sprint_id, user_id, data): log("User updated sprint", "MEDIUM", "PASS") val_num(sprint_id) val_num(user_id) sprint = project_sprints.query.filter( project_sprints.sprintID == sprint_id).one() val_alpha_num_special(data.get('name')) val_alpha_num_special(data.get('description')) sprint.sprintName = data.get('name') sprint.sprintDesc = data.get('description') db.session.add(sprint) db.session.commit() return {'message': 'Sprint successfully updated'}
def update_project(id, data): log("User requested update a specific project", "LOW", "PASS") try: project = Project.query.filter(Project.id == id).first() project.name = data.get('name') project.version = data.get('version') project.description = data.get('description') db.session.add(project) db.session.commit() except: db.session.rollback() raise return {'message': 'project successfully updated'}
def create_kb_item(data, category_id): log("User requested creating a new kb item", "LOW", "PASS") #grab highest kb_id value and +1 it for unique number as kb_id item = KBItem.query.order_by(desc(KBItem.kb_id)).first() try: kb_item = KBItem(data.get('title'), data.get('content'), item.kb_id+1) kb_item.checklist_category_id = category_id db.session.add(kb_item) db.session.commit() except: db.session.rollback() raise return {'message': 'KB item successfully created'}
def get_labs_code_sol(solutions_id): log("User requested list of code labs solution items", "LOW", "PASS") count = LabItemCodeOptions.query.count() sol_list = list(range(1, count)) if solutions_id in sol_list: sol_list.remove(solutions_id) rand_sol = random.sample(sol_list, 4) result = LabItemCodeOptions.query.filter( (LabItemCodeOptions.id == solutions_id) | (LabItemCodeOptions.id == rand_sol[1]) | (LabItemCodeOptions.id == rand_sol[2]) | (LabItemCodeOptions.id == rand_sol[3])).paginate(1, 2500, False) return result
def update_checklist_type(id, data): log("User requested update checklist type", "LOW", "PASS") checklist_type = ChecklistType.query.get(id) checklist_type.name = data.get('name') checklist_type.description = data.get('description') checklist_type.visibility = data.get('visibility') try: db.session.add(checklist_type) db.session.commit() except Exception as e: db.session.rollback() raise return {'message': 'Checklist item successfully updated'}
def update_checklist_result(id, data): log("User deleted sprint", "MEDIUM", "PASS") resolved = convert_boolean_type(data.get("resolved")) try: result = ChecklistResult.query.get(id) result.evidence = data.get("evidence") result.resolved = resolved db.session.add(result) db.session.commit() except: db.session.rollback() return abort(400, 'checklist result not successfully updated') return {'message': 'checklist result successfully updated'}
def update_question(id_question, data): log("User updated sprint question item", "MEDIUM", "PASS") val_num(id_question) val_num(data.get('checklist_type')) val_alpha_num_special(data.get('question')) sprint_question = data.get('question') sprint_checklist_type = data.get('checklist_type') sprint = Question.query.filter(Question.id == id_question).one() sprint.question = sprint_question sprint.checklist_type = sprint_checklist_type db.session.add(sprint) db.session.commit() return {'message': 'Question successfully updated'}
def get_checklist_items(id_checklist): log("User requested list of checklist items", "LOW", "PASS") val_num(id_checklist) # 0 = ASVS # 1 = MASVS if (id_checklist == 0): result = checklists_kb.query.filter(checklists_kb.kbID < 400).group_by( checklists_kb.checklistID).paginate(1, 1500, False) else: result = checklists_kb.query.filter( (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).group_by( checklists_kb.checklistID).paginate(1, 1500, False) return order_checklist_items(result, False, 0)
def update_code_item(code_id, data): log("User requested updated specific code example item", "LOW", "PASS") result = CodeItem.query.filter(CodeItem.id == code_id).one() result.title = data.get('title') result.content = data.get('content') result.code_lang = data.get('code_lang') try: db.session.add(result) db.session.commit() except: db.session.rollback() raise return {'message': 'Code example item successfully updated'}
def manage_user(user_id, data): log("Manage user triggered", "HIGH", "PASS") user = get_user_result_by_id(user_id) user.access = data.get('active').lower() == 'true' try: db.session.add(user) db.session.commit() except Exception as e: db.session.rollback() log("User triggered error managing failed: {}".format(e), "HIGH", "FAIL") return {'message': 'User could not be managed'} return {'message': 'User successfully managed'}
def new_project(user_id, data): log("User created new project", "MEDIUM", "PASS") now = datetime.datetime.now() timestamp = now.strftime("%Y-%m-%d %H:%M") try: project = Project(data.get('name'), data.get('version'), data.get('description'), timestamp) db.session.add(project) db.session.commit() except: db.session.rollback() return abort(400, 'Project not created') result = Project.query.filter(Project.name == data.get('name')).first() return {'project_id': result.id, 'message': 'Project successfully created'}
def update_checklist_question_correlation(checklist_id, question_id): log("User requested update a specific checklist question correlation", "LOW", "PASS") question_id = convert_question_id_to_none(question_id) result_checklist_kb = ChecklistKB.query.filter( ChecklistKB.id == checklist_id).one() result_checklist_kb.question_id = question_id try: db.session.add(result_checklist_kb) db.session.commit() except Exception as e: db.session.rollback raise return {'message': 'Checklist item successfully updated'}
def delete_code_item(code_id, user_id): log("User deleted code item", "MEDIUM", "PASS") val_num(code_id) val_num(user_id) codeItem = (CodeItem.query.filter(CodeItem.id == code_id).one()) try: db.session.delete(codeItem) db.session.commit() except: db.session.rollback() raise return {'message': 'code item successfully deleted'}
def manage_user(user_id, data): log("Manage user triggered", "HIGH", "PASS") val_num(user_id) val_alpha(data.get('active')) status_activated = data.get('active') result = users.query.filter(users.userID == user_id).one() if users.query.filter(users.userID == user_id).one(): result.access = status_activated db.session.add(result) db.session.commit() return {'message': 'User successfully managed'} else: log("User triggered error managing failed", "HIGH", "FAIL") return {'message': 'User could not be managed'}
def create_code_item(data): log("User requested creating a new code item", "LOW", "PASS") val_alpha_num_special(data.get('title')) val_alpha_num(data.get('code_lang')) title = data.get('title') content = data.get('content') code_lang = data.get('code_lang') result = CodeItem(content, title, code_lang) try: db.session.add(result) db.session.commit() except: db.session.rollback() raise return {'message': 'Code example item successfully created'}
def get_checklist_item(checklist_id, id_checklist): log("User requested specific checklist item", "LOW", "PASS") val_float(checklist_id) val_num(id_checklist) # 0 = ASVS # 1 = MASVS if (id_checklist == 0): result = checklists_kb.query.filter( (checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID < 400)).one() else: result = checklists_kb.query.filter( (checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).one() return result
def create_kb_item(data): log("User requested creating a new kb item", "LOW", "PASS") val_alpha_num_special(data.get('title')) content = data.get('content') title = data.get('title') #grab highest kb_id value and +1 it for unique number as kb_id item = KBItem.query.order_by(desc(KBItem.kb_id)).first() try: kb_item = KBItem(title, content, item.kb_id + 1) db.session.add(kb_item) db.session.commit() except: db.session.rollback() raise return {'message': 'KB item successfully created'}
def delete_checklist_item(checklist_id, checklist_type): log("User deleted checklist item", "MEDIUM", "PASS") val_num(checklist_type) val_alpha_num_special(checklist_id) try: checklist = ChecklistKB.query.filter((ChecklistKB.checklist_id == checklist_id) & (ChecklistKB.checklist_type == checklist_type)).one() db.session.delete(checklist) db.session.commit() except Exception as e: db.session.rollback() raise return {'message': 'Checklist item successfully deleted'}
def delete_code_item_checklist_kb(checklist_kb_id, code_items_id): log("User deleted code item", "MEDIUM", "PASS") val_num(code_items_id) val_num(checklist_kb_id) codeItem = (ChecklistKBCodeItem.query \ .filter(ChecklistKBCodeItem.checklist_kb_id == checklist_kb_id) \ .filter(ChecklistKBCodeItem.code_items_id == code_items_id) \ .one()) try: db.session.delete(codeItem) db.session.commit() except: db.session.rollback() raise return {'message': 'Code example item successfully deleted'}
def create_checklist_type(data): log("User requested create a new checklist type", "LOW", "PASS") val_alpha_num_special(data.get('name')) val_alpha_num_special(data.get('description')) checklist_name = data.get('name') checklist_description = data.get('description') visibility = data.get('visibility') checklist_type = ChecklistType(checklist_name, checklist_description, visibility) try: db.session.add(checklist_type) db.session.commit() except: db.rollback() raise return {'message': 'Checklist type successfully created'}
def new_sprint(user_id, data): log("User created new sprint", "MEDIUM", "PASS") val_alpha_num_special(data.get('name')) val_alpha_num_special(data.get('description')) val_num(data.get('projectID')) sprintName = data.get('name') sprintDesc = data.get('description') projectID = data.get('projectID') groupmember = groupmembers.query.filter(groupmembers.userID == user_id).one() groupID = groupmember.groupID sprintAdd = project_sprints(sprintName, sprintDesc, groupID, projectID) db.session.add(sprintAdd) db.session.commit() result = project_sprints.query.filter(project_sprints.groupID == groupID).order_by(desc(project_sprints.sprintID)).first() return {'sprintID': result.sprintID, 'message': 'Sprint successfully created'}
def update_pre_questions(project_id, user_id, data): log("User updated pre question list", "MEDIUM", "PASS") val_num(user_id) val_num(project_id) clear_question_pre_rows = db.session.query(question_pre_results).filter(question_pre_results.projectID == project_id) clear_question_pre_rows.delete(synchronize_session=False) clear_checklists_results_rows = db.session.query(checklists_results).filter(checklists_results.preItem == 'True').filter(checklists_results.projectID == project_id) clear_checklists_results_rows.delete(synchronize_session=False) db.session.commit() project_results = project_sprints.query.filter(project_sprints.projectID == project_id).one() sprint_id = project_results.sprintID projects_result = projects.query.filter(projects.projectID == project_id).one() project_lvl = projects_result.level status = 1 pre_item = "True" for result in data.get('questions'): val_num(result['question_pre_ID']) val_alpha(result['result']) question_pre_ID = result['question_pre_ID'] question_result = result['result'] questions = question_pre_results(project_id, question_pre_ID, question_result) db.session.add(questions) db.session.commit() questions_results = question_pre_results.query.filter(question_pre_results.projectID == project_id).filter(question_pre_results.result == "False").all() for results in questions_results: projectID = results.projectID questionpreID = results.question_pre_ID if project_lvl == 1: checklists = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 2: checklists = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 3: checklists = checklists_kb.query.filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() for row in checklists: checklists_query = checklists_results(row.checklistID, projectID, sprint_id, status, pre_item, row.kbID) db.session.add(checklists_query) db.session.commit() if project_lvl == 1: checklists_first = checklists_kb.query.filter(checklists_kb.include_first == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 2: checklists_first = checklists_kb.query.filter(checklists_kb.include_first == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 3: checklists_first = checklists_kb.query.filter(checklists_kb.include_first == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() for row in checklists_first: checklists_query_first = checklists_results(row.checklistID, projectID, sprint_id, status, pre_item, row.kbID) db.session.add(checklists_query_first) db.session.commit() return {'message': 'Pre questions successfully updated'}
def stats_sprint(project_id): log("User requested specific project sprint stats", "MEDIUM", "PASS") val_num(project_id) sprint_info = (project_sprints.query.filter( project_sprints.projectID == project_id).all()) sprint = [] for result in sprint_info: sprint_id = result.sprintID sprint_desc = result.sprintDesc sprint_name = result.sprintName sprint_open = (checklists_results.query.filter( checklists_results.sprintID == sprint_id).filter( checklists_results.status == 1).group_by( checklists_results.checklistID).group_by( checklists_results.checklistID).count()) sprint_closed = (checklists_results.query.filter( checklists_results.sprintID == sprint_id).filter( checklists_results.status == 2).group_by( checklists_results.checklistID).group_by( checklists_results.checklistID).count()) sprint_accepted = (checklists_results.query.filter( checklists_results.sprintID == sprint_id).filter( checklists_results.status == 3).group_by( checklists_results.checklistID).group_by( checklists_results.checklistID).count()) sprint_sec_ack = (checklists_results.query.filter( checklists_results.sprintID == sprint_id).filter( checklists_results.status == 4).group_by( checklists_results.checklistID).group_by( checklists_results.checklistID).count()) sprint_sec_fail = (checklists_results.query.filter( checklists_results.sprintID == sprint_id).filter( checklists_results.status == 5).group_by( checklists_results.checklistID).group_by( checklists_results.checklistID).count()) total = sprint_open + sprint_closed + sprint_accepted + sprint_sec_ack + sprint_sec_fail sprint.append({ 'sprint_id': sprint_id, 'sprint_desc': sprint_desc, 'sprint_name': sprint_name, 'sprint_open': sprint_open, 'sprint_closed': sprint_closed, 'sprint_accepted': sprint_accepted, 'sprint_sec_ack': sprint_sec_ack, 'sprint_sec_fail': sprint_sec_fail, 'sprint_items_total': total }) return sprint
def get_checklist_items_lvl(lvl): log("User requested list of checklist items based on level", "LOW", "PASS") val_num(lvl) # ASVS kbID's below 400 # MASVS kbID's between 400 and 799 if lvl == 1: # ASVS Level 1 result = checklists_kb.query.filter( (checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level=0) | checklists_kb.checklist_items.has(level=1))).group_by( checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 2: # ASVS Level 2 result = checklists_kb.query.filter( (checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level=0) | checklists_kb.checklist_items.has(level=1) | checklists_kb.checklist_items.has(level=2))).group_by( checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 3: # ASVS Level 3 result = checklists_kb.query.filter( (checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level=0) | checklists_kb.checklist_items.has(level=1) | checklists_kb.checklist_items.has(level=2) | checklists_kb.checklist_items.has(level=3))).group_by( checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 4: # MASVS Level 1 result = checklists_kb.query.filter( (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level=0) | checklists_kb.checklist_items.has(level=1))).group_by( checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 5: # MASVS Level 2 result = checklists_kb.query.filter( (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level=0) | checklists_kb.checklist_items.has(level=1) | checklists_kb.checklist_items.has(level=2))).group_by( checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 6: # MASVS Level R result = checklists_kb.query.filter( (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level=0) | checklists_kb.checklist_items.has(level=1) | checklists_kb.checklist_items.has(level=2) | checklists_kb.checklist_items.has(level='R'))).group_by( checklists_kb.checklistID).paginate(1, 1500, False) return order_checklist_items(result, True, lvl)
def delete_kb_item(kb_id, user_id): log("User deleted kb item", "MEDIUM", "PASS") val_num(kb_id) val_num(user_id) try: kb_item = KBItem.query.filter(KBItem.kb_id == kb_id).first() db.session.delete(kb_item) db.session.commit() except: db.session.rollback() raise return {'message': 'KB item successfully deleted'}
def create_user(data): log("A new user created", "MEDIUM", "PASS") my_secure_rng = random.SystemRandom() try: user = User(data.get('email')) user.privilege_id = data.get('privilege_id') user.username = data.get('username') user.accessToken = my_secure_rng.randrange(10000000, 99999999) user.group_id = 0 db.session.add(user) db.session.commit() except: db.session.rollback() return abort(400, 'User could not be created') result = User.query.filter(User.email == data.get('email')).one() return result
def login_user(data): log("User successfully logedin", "HIGH", "PASS") val_alpha_num(data.get('username')) username = data.get('username') try: if (users.query.filter(users.userName == username).one()): user = users.query.filter(users.userName == username).one() if (user.activated == "True"): if (user.access == "True"): if check_password_hash(user.password, data.get('password')): priv_user = privileges.query.filter( privileges.privilegeID == str( user.privilegeID)).first() payload = { # userid 'UserId': user.userID, #issued at 'iat': datetime.utcnow(), #privileges 'privilege': priv_user.privilege, #expiry 'exp': datetime.utcnow() + timedelta(minutes=120) #claims for access api calls #'claims': 'kb/items/update,project/items,non/existing/bla,' } token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256') token = str(token_raw, 'utf-8') return { 'Authorization token': token, 'username': username } else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} except NoResultFound: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''}
def store_sprint_questions(user_id, data): log("User stored new sprint question list", "MEDIUM", "PASS") val_num(user_id) for result in data.get('questions'): val_num(result['question_sprint_ID']) val_alpha(result['result']) val_num(result['projectID']) val_num(result['sprintID']) question_sprint_ID = result['question_sprint_ID'] question_result = result['result'] question_project_id = result['projectID'] sprint_id = result['sprintID'] questions = question_sprint_results(question_project_id, sprint_id, question_sprint_ID, question_result) db.session.add(questions) db.session.commit() projects_result = projects.query.filter(projects.projectID == question_project_id).one() project_lvl = projects_result.level status = 1 pre_item = "False" questions_results = question_sprint_results.query.filter(question_sprint_results.sprintID == sprint_id).filter(question_sprint_results.projectID == question_project_id).filter(question_sprint_results.result == "True").all() for results in questions_results: projectID = results.projectID questionsprintID = results.question_sprint_ID if project_lvl == 1: checklists = checklists_kb.query.filter(checklists_kb.question_pre_ID == 0).filter(checklists_kb.question_sprint_ID == questionsprintID).filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 2: checklists = checklists_kb.query.filter(checklists_kb.question_pre_ID == 0).filter(checklists_kb.question_sprint_ID == questionsprintID).filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 3: checklists = checklists_kb.query.filter(checklists_kb.question_pre_ID == 0).filter(checklists_kb.question_sprint_ID == questionsprintID).filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() for row in checklists: checkID = row.checklistID checklists_query = checklists_results(checkID, projectID, sprint_id, status, pre_item, row.kbID) db.session.add(checklists_query) db.session.commit() if project_lvl == 1: checklists_always = checklists_kb.query.filter(checklists_kb.include_always == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 2: checklists_always = checklists_kb.query.filter(checklists_kb.include_always == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() elif project_lvl == 3: checklists_always = checklists_kb.query.filter(checklists_kb.include_always == "True").filter(checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).group_by(checklists_kb.checklistID).order_by(checklists_kb.checklistID).all() for row in checklists_always: checklists_query_always = checklists_results(row.checklistID, question_project_id, sprint_id, status, pre_item, row.kbID) db.session.add(checklists_query_always) db.session.commit() return {'message': 'Sprint questions successfully created'}
def get_checklist_items_lvl(lvl): log("User requested list of checklist items based on level", "LOW", "PASS") val_num(lvl) # ASVS kbID's below 400 # MASVS kbID's between 400 and 799 if lvl == 1: # ASVS Level 1 result = checklists_kb.query.filter((checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 2: # ASVS Level 2 result = checklists_kb.query.filter((checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 3: # ASVS Level 3 result = checklists_kb.query.filter((checklists_kb.kbID >= 0) & (checklists_kb.kbID < 400) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 4: # MASVS Level 1 result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 5: # MASVS Level 2 result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) elif lvl == 6: # MASVS Level R result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 'R'))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) return order_checklist_items(result, True, lvl)
def store_post_questions(user_id, data): log("User stored new post question list", "MEDIUM", "PASS") val_num(user_id) for result in data.get('questions'): val_alpha_num(result['checklistID']) val_num(result['status']) val_num(result['projectID']) val_num(result['sprintID']) val_num(result['kbID']) post_checklist_id = result['checklistID'] post_result = result['status'] post_project_id = result['projectID'] post_sprint_id = result['sprintID'] post_kb_id = result['kbID'] post = checklists_post(post_checklist_id, post_project_id, post_sprint_id, post_result, post_kb_id) db.session.add(post) db.session.commit() return {'message': 'Post questions successfully stored'}
def login_user(data): log("User successfully logedin", "HIGH", "PASS") val_alpha_num(data.get('username')) username = data.get('username') try: if (users.query.filter(users.userName == username).one()): user = users.query.filter(users.userName == username).one() if (user.activated == "True"): if (user.access == "True"): if check_password_hash(user.password, data.get('password')): priv_user = privileges.query.filter(privileges.privilegeID == str(user.privilegeID)).first() payload = { # userid 'UserId': user.userID, #issued at 'iat': datetime.utcnow(), #privileges 'privilege': priv_user.privilege, #expiry 'exp': datetime.utcnow() + timedelta(minutes=120) #claims for access api calls #'claims': 'kb/items/update,project/items,non/existing/bla,' } token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256') if sys.version_info.major == 3: unicode = str token = unicode(token_raw,'utf-8') return {'Authorization token': token, 'username': username} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} except NoResultFound: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''}
def create_user(data): log("A new user created", "MEDIUM", "PASS") my_secure_rng = secrets.SystemRandom() val_num(data.get('privilege')) pincode = my_secure_rng.randrange(10000000, 99999999) username = pincode email = data.get('email') access = "False" activated = "False" privilege_id = 0 # New users can only edit:read:delete if data.get('privilege') == 1: log("User triggered error creating new user", "MEDIUM", "FAIL") return {'message': 'User could not be created'} else: privilege_id = data.get('privilege') password = "" user = users(privilege_id, pincode, username, password, access, activated, email) db.session.add(user) db.session.commit() result = users.query.filter(users.email == email).one() return result
def new_comment_item(user_id, data): log("User requested update a specific comment item", "LOW", "PASS") val_num(user_id) val_alpha_num(data.get('checklistID')) val_num(data.get('sprintID')) val_num(data.get('status')) val_alpha_num_special(data.get('comment')) sprint_id = data.get('sprintID') checklist_id = data.get('checklistID') status = data.get('status') comment = data.get('comment') now = datetime.datetime.now() dateLog = now.strftime("%Y-%m-%d %H:%M:%S") result = comments(sprint_id, checklist_id, user_id, status, comment, dateLog) db.session.add(result) db.session.commit() result = checklists_results.query.filter(checklists_results.sprintID == sprint_id).filter(checklists_results.checklistID == checklist_id).all() for row in result: row.status = status db.session.add(row) db.session.commit() return {'message': 'Comment item successfully created'}
def activate_user(user_id, data): log("User is activated", "HIGH", "PASS") val_num(user_id) val_num(data.get('accessToken')) val_alpha_num(data.get('username')) username = data.get('username') username = username.replace(" ", "") result = users.query.filter(users.userID == user_id).one() if result.activated == "False": if result.email == data.get('email'): if data.get('password') == data.get('repassword'): if data.get('accessToken') == result.accessToken: pw_hash = generate_password_hash(data.get('password')).decode('utf-8') result.password = pw_hash result.access = "True" result.activated = "True" result.userName = username db.session.add(result) db.session.commit() return {'message': 'User successfully activated'} else: log("User triggered error activation failed", "HIGH", "FAIL") return {'message': 'User could not be activated'}
def list_users(): log("Overview of list users triggered", "HIGH", "PASS") result = users.query.paginate(1, 50, False) return result
def get_code_item(code_id): log("User requested code item", "LOW", "PASS") val_num(code_id) result = code_items.query.filter(code_items.codeID == code_id).one() return result
def get_checklist_item(checklist_id): log("User requested specific checklist item", "LOW", "PASS") val_float(checklist_id) result = checklists_kb.query.filter(checklists_kb.checklistID == checklist_id).one() return result
def get_code_items_lang(code_lang): log("User requested code lang items", "LOW", "PASS") val_alpha(code_lang) result = code_items.query.filter(code_items.code_lang == code_lang).paginate(1, 500, False) return result
def get_checklist_items(): log("User requested list of checklist items", "LOW", "PASS") result = checklists_kb.query.group_by(checklists_kb.checklistID).paginate(1, 1500, False) return result
def get_code_items(): log("User requested list of code items", "LOW", "PASS") result = code_items.query.paginate(1, 500, False) return result
def list_privileges(): log("User requested privileges items", "MEDIUM", "PASS") result = privileges.query.filter(privileges.privilegeID != "1").paginate(1, 500, False) return result
def get_post_items(sprint_id): log("User requested list of question post items", "LOW", "PASS") result = checklists_post.query.filter(checklists_post.sprintID == sprint_id).filter(checklists_post.status == 1).paginate(1, 500, False) return result
def get_sprint_items(): log("User requested list of question sprint items", "LOW", "PASS") result = questions_sprint.query.paginate(1, 500, False) return result
def get_pre_items(): log("User requested list of question pre items", "LOW", "PASS") result = questions_pre.query.paginate(1, 500, False) return result