def mutate(self, info, finding_id, **parameters):
user_email = util.get_jwt_content(info.context)['user_email']
project_name = get_project_name(finding_id)
if parameters['treatment'] == 'IN PROGRESS':
if parameters.get('treatment_manager'):
project_users = [user[0]
for user in integrates_dao.get_project_users(project_name)
if user[1] == 1]
customer_roles = ["customer", "customeradmin"]
customer_users = [user
for user in project_users
if integrates_dao.get_role_dao(user) in customer_roles]
if parameters.get('treatment_manager') not in customer_users:
raise GraphQLError('Invalid treatment manager')
else:
raise GraphQLError('Invalid treatment manager')
elif parameters['treatment'] == 'ACCEPTED':
parameters['treatment_manager'] = user_email
success = update_treatment(finding_id, parameters, user_email)
if success:
util.cloudwatch_log(info.context, 'Security: Updated treatment in\
finding {id} succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to update \
treatment in finding {id}'.format(id=finding_id))
ret = UpdateTreatment(success=success,
finding=Finding(finding_id))
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
return ret
def mutate(self, info, project_name, tags):
success = False
project_name = project_name.lower()
if validate_project(project_name):
primary_keys = ['project_name', project_name]
table_name = 'FI_projects'
if validate_tags(tags):
tags_added = integrates_dao.add_set_element_dynamo(
table_name, primary_keys, 'tag', tags)
if tags_added:
success = True
else:
rollbar.report_message('Error: \
An error occurred adding tags', 'error', info.context)
else:
util.cloudwatch_log(info.context,
'Security: \
Attempted to upload tags without the allowed structure')
else:
util.cloudwatch_log(info.context,
'Security: \
Attempted to upload tags without the allowed validations')
ret = AddTags(success=success, project=Project(project_name))
util.invalidate_cache(project_name)
return ret
def mutate(self, info, **parameters):
project_name = parameters.get('project_name').lower()
email = util.get_jwt_content(info.context)["user_email"]
current_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
comment_id = int(round(time.time() * 1000))
comment_data = {
'user_id': comment_id,
'content': parameters.get('content'),
'created': current_time,
'fullname':
str.join(' ', [info.context.session['first_name'],
info.context.session['last_name']]),
'modified': current_time,
'parent': int(parameters.get('parent'))
}
success = add_comment(project_name, email, comment_data)
if success:
util.cloudwatch_log(info.context, 'Security: Added comment to \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add \
comment in {project} project'.format(project=project_name))
ret = AddProjectComment(success=success, comment_id=comment_id)
util.invalidate_cache(project_name)
return ret
def mutate(self, info, **parameters):
user_email = util.get_jwt_content(info.context)['user_email']
success = verify_finding(
finding_id=parameters.get('finding_id'),
user_email=user_email
)
util.cloudwatch_log(info.context, 'Security: Verified the finding_id:\
{id}'.format(id=parameters.get('finding_id')))
ret = VerifyFinding(success=success)
util.invalidate_cache(parameters.get('finding_id'))
return ret
def mutate(self, info, **parameters):
success = False
uploaded_file = info.context.FILES.get('document', '')
project_name = get_project_name(parameters.get('finding_id')).lower()
if util.assert_uploaded_file_mime(uploaded_file,
['image/gif',
'image/png',
'text/x-python',
'text/x-objective-c',
'text/x-c',
'text/plain',
'text/html']):
if evidence_exceeds_size(uploaded_file, int(parameters.get('id'))):
util.cloudwatch_log(info.context,
'Security: Attempted to upload evidence file \
heavier than allowed in {project} project'
.format(project=project_name))
raise GraphQLError('File exceeds the size limits')
else:
field_num = FindingDTO()
fieldname = [
['animation', field_num.ANIMATION],
['exploitation', field_num.EXPLOTATION],
['evidence_route_1', field_num.DOC_ACHV1],
['evidence_route_2', field_num.DOC_ACHV2],
['evidence_route_3', field_num.DOC_ACHV3],
['evidence_route_4', field_num.DOC_ACHV4],
['evidence_route_5', field_num.DOC_ACHV5],
['exploit', field_num.EXPLOIT],
['fileRecords', field_num.REG_FILE]
]
file_id = '{project}/{finding_id}/{project}-{finding_id}'.format(
project=project_name,
finding_id=parameters.get('finding_id')
)
migrate_all_files(parameters, file_id, info.context)
success = update_file_to_s3(parameters,
fieldname[int(parameters.get('id'))][1],
fieldname[int(parameters.get('id'))][0],
uploaded_file, file_id)
else:
util.cloudwatch_log(info.context,
'Security: Attempted to upload evidence file with a \
non-allowed format in {project} project'
.format(project=project_name))
raise GraphQLError('Extension not allowed')
ret = UpdateEvidence(success=success,
finding=Finding(parameters.get('finding_id')))
util.invalidate_cache(parameters.get('finding_id'))
return ret
def mutate(self, info, draft_id):
try:
project_name = get_project_name(draft_id)
success, release_date = approve_draft(draft_id, project_name)
util.invalidate_cache(draft_id)
util.invalidate_cache(project_name)
except KeyError:
raise GraphQLError('DRAFT_NOT_FOUND')
if success:
util.cloudwatch_log(info.context, 'Security: Approved draft in\
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to approve \
draft in {project} project'.format(project=project_name))
return ApproveDraft(release_date, success)
def mutate(self, info, finding_id, **parameters):
success = update_description(finding_id, parameters)
if success:
util.cloudwatch_log(info.context, 'Security: Updated description in\
finding {id} succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to update \
description in finding {id}'.format(id=finding_id))
ret = \
UpdateDescription(success=success,
finding=Finding(finding_id))
project_name = get_project_name(finding_id)
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
return ret
def mutate(self, info, finding_id, justification):
try:
project_name = get_project_name(finding_id)
success = delete_finding(finding_id, project_name, justification)
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
except KeyError:
raise GraphQLError('FINDING_NOT_FOUND')
if success:
util.cloudwatch_log(info.context, 'Security: Deleted finding: {id}\
succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to delete \
finding: {id}'.format(id=finding_id))
return DeleteFinding(success=success)
def mutate(self, info, finding_id, justification):
user_email = util.get_jwt_content(info.context)['user_email']
success = request_verification(
finding_id=finding_id,
user_email=user_email,
user_fullname=str.join(' ',
[info.context.session['first_name'],
info.context.session['last_name']]),
justification=justification
)
util.cloudwatch_log(info.context, 'Security: Verified a request in finding_id:\
{id}'.format(id=finding_id))
ret = RequestVerification(success=success)
util.invalidate_cache(finding_id)
return ret
def mutate(self, info, **parameters):
finding_id = parameters.get('finding_id')
project = integrates_dao.get_finding_project(finding_id)
success = False
success = save_severity(parameters.get('data'))
ret = UpdateSeverity(success=success,
finding=Finding(finding_id))
util.invalidate_cache(finding_id)
util.invalidate_cache(project)
if success:
util.cloudwatch_log(info.context, 'Security: Updated severity in\
finding {id} succesfully'.format(id=parameters.get('finding_id')))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to update \
severity in finding {id}'.format(id=parameters.get('finding_id')))
return ret
def mutate(self, info, finding_id):
reviewer_email = util.get_jwt_content(info.context)['user_email']
try:
project_name = get_project_name(finding_id)
success = reject_draft(finding_id, reviewer_email, project_name)
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
except KeyError:
raise GraphQLError('DRAFT_NOT_FOUND')
if success:
util.cloudwatch_log(info.context, 'Security: Deleted draft in\
finding {id} succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to delete \
draft in finding {id}'.format(id=finding_id))
return DeleteDraft(success=success)
def mutate(self, info, finding_id, field, description):
success = False
try:
description_parse = {
'evidence2_description': 'evidence_route_1',
'evidence3_description': 'evidence_route_2',
'evidence4_description': 'evidence_route_3',
'evidence5_description': 'evidence_route_4',
'evidence6_description': 'evidence_route_5',
}
has_migrated_description = has_migrated_evidence(finding_id)
if not has_migrated_description:
generic_dto = FindingDTO()
api = FormstackAPI()
submission_data = api.get_submission(finding_id)
if submission_data is None or 'error' in submission_data:
return util.response([], 'error', True)
else:
finding = generic_dto.parse_evidence_info(submission_data, finding_id)
finding['id'] = finding_id
migrate_evidence_description(finding)
success = add_file_attribute(
finding_id,
description_parse[field],
'description',
description)
if success:
util.cloudwatch_log(info.context, 'Security: Evidence description \
succesfully updated in finding ' + finding_id)
else:
util.cloudwatch_log(info.context, 'Security: Attempted to update \
evidence description in ' + finding_id)
except KeyError:
rollbar.report_message('Error: \
An error occurred updating evidence description', 'error', info.context)
ret = \
UpdateEvidenceDescription(success=success,
finding=Finding(finding_id))
util.invalidate_cache(finding_id)
return ret
def mutate(self, info, **parameters):
if parameters.get('type') in ['comment', 'observation']:
user_data = util.get_jwt_content(info.context)
if parameters.get('type') == 'observation' and user_data['user_role'] not in \
['analyst', 'admin']:
util.cloudwatch_log(info.context, 'Security: \
Unauthorized role attempted to add observation')
raise GraphQLError('Access denied')
user_email = user_data['user_email']
comment_id = int(round(time() * 1000))
success = add_comment(
user_email=user_email,
user_fullname=str.join(' ', [info.context.session['first_name'],
info.context.session['last_name']]),
parent=parameters.get('parent'),
content=parameters.get('content'),
comment_type=parameters.get('type'),
comment_id=comment_id,
finding_id=parameters.get('finding_id'),
is_remediation_comment=False
)
else:
raise GraphQLError('Invalid comment type')
if success:
util.cloudwatch_log(info.context, 'Security: Added comment in\
finding {id} succesfully'.format(id=parameters.get('finding_id')))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add \
comment in finding {id}'.format(id=parameters.get('finding_id')))
ret = AddFindingComment(success=success, comment_id=comment_id)
util.invalidate_cache(parameters.get('finding_id'))
return ret
def mutate(self, info, project_name, tag):
success = False
project_name = project_name.lower()
if validate_project(project_name):
primary_keys = ['project_name', project_name.lower()]
table_name = 'FI_projects'
tag_deleted = integrates_dao.remove_set_element_dynamo(
table_name, primary_keys, 'tag', tag)
if tag_deleted:
success = True
else:
rollbar.report_message('Error: \
An error occurred removing a tag', 'error', info.context)
if success:
util.cloudwatch_log(info.context, 'Security: Removed tag from \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to remove \
tag in {project} project'.format(project=project_name))
ret = RemoveTag(success=success, project=Project(project_name))
util.invalidate_cache(project_name)
return ret
def resolve_resources(self, info, project_name):
""" Resolve for project resources """
util.cloudwatch_log(info.context, 'Security: Access to \
resources: {resources_id} succesfully'.format(resources_id=project_name))
return Resource(project_name)
def resolve_project(self, info, project_name):
"""Resolve for projects."""
util.cloudwatch_log(info.context, 'Security: Access to \
project: {project} succesfully'.format(project=project_name))
return Project(project_name)
def resolve_event(self, info, identifier=None):
""" Resolve for event """
util.cloudwatch_log(info.context, 'Security: Access to \
Event: {event_id} succesfully'.format(event_id=identifier))
return Events(identifier)
def resolve_finding(self, info, identifier=None):
"""Resolve for finding."""
util.cloudwatch_log(info.context, 'Security: Access to \
finding: {finding_id} succesfully'.format(finding_id=identifier))
return Finding(identifier)
