def get(self, environment): session_id = get_session_id(session, request) dao = RiskDAO(session_id) element_names = dao.risk_model_elements(environment) resp = make_response(json_serialize(element_names, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, environment, asset):
session_id = get_session_id(session, request)
hide_concerns = request.args.get("hide_concerns", "1")
if hide_concerns == "0" or hide_concerns == 0:
hide_concerns = False
else:
hide_concerns = True
if asset == "all":
asset = ""
model_generator = get_model_generator()
dao = AssetDAO(session_id)
dot_code = dao.get_asset_model(environment, asset, hide_concerns=hide_concerns)
dao.close()
if not isinstance(dot_code, str):
raise ObjectNotFoundHTTPError("The model")
resp = make_response(model_generator.generate(dot_code, renderer="dot"), httplib.OK)
accept_header = request.headers.get("Accept", "image/svg+xml")
if accept_header.find("text/plain") > -1:
resp.headers["Content-type"] = "text/plain"
else:
resp.headers["Content-type"] = "image/svg+xml"
return resp
def get(self,doc_type,doc_format):
session_id = get_session_id(session, request)
fileName = request.args.get('filename', 'report')
dao = DocumentationDAO(session_id)
sectionFlags = [1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
if (doc_format == 'PDF'):
filePostfix = 'pdf'
doc_format = [0,0,1]
else:
filePostfix = 'rtf'
doc_format = [0,1,0]
b = Borg()
reportName = b.tmpDir + '/' + fileName + '.' + filePostfix
dao.generate_documentation(fileName,doc_type,sectionFlags,doc_format)
dao.close()
if os.path.isfile(reportName):
binary_pdf = open(reportName,'rb').read()
resp = make_response(binary_pdf)
resp.headers['Content-Type'] = 'application/' + filePostfix
resp.headers['Content-Disposition'] = 'Attachment; filename=' + fileName + '.' + filePostfix
return resp
else:
raise CairisHTTPError(status_code=500,message='report file not found',status='Unknown error')
def post(self):
session_id = get_session_id(session, request)
if session_id is None:
raise CairisHTTPError(
status_code=httplib.BAD_REQUEST,
message="The session is neither started or no session ID is provided with the request.",
)
content_length = request.content_length
max_length = 10 * 1024 * 1024
if content_length > max_length:
raise MissingParameterHTTPError(exception=RuntimeError("File exceeded maximum size (10MB)"))
try:
file = request.files["file"]
except LookupError as ex:
raise MissingParameterHTTPError(param_names=["file"])
except Exception as ex:
raise CairisHTTPError(status_code=httplib.CONFLICT, message=str(ex.message), status="Unknown error")
dao = UploadDAO(session_id)
filename = dao.upload_image(file)
resp_dict = {"message": "File successfully uploaded", "filename": filename}
resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK)
resp.contenttype = "application/json"
return resp
def post(self):
session_id = get_session_id(session, request)
if session_id is None:
raise CairisHTTPError(
status_code=BAD_REQUEST,
message='The session is neither started or no session ID is provided with the request.'
)
content_length = request.content_length
max_length = 10*1024*1024
if content_length > max_length:
raise MissingParameterHTTPError(exception=RuntimeError('File exceeded maximum size (10MB)'))
try:
file = request.files['file']
except LookupError as ex:
raise MissingParameterHTTPError(param_names=['file'])
except Exception as ex:
raise CairisHTTPError(
status_code=CONFLICT,
message=str(ex.message),
status='Unknown error'
)
dao = UploadDAO(session_id)
dao.set_image(file.filename,file.stream.read(),file.mimetype)
resp_dict = {'message': 'File successfully uploaded', 'filename': file.filename}
resp = make_response(json_serialize(resp_dict, session_id=session_id), OK)
resp.contenttype = 'application/json'
return resp
def get(self, task,environment): session_id = get_session_id(session, request) dao = TaskDAO(session_id) cmLoad = dao.task_hindrance_by_name_environment(task,environment) dao.close() resp = make_response(json_serialize(cmLoad, session_id=session_id), httplib.OK) return resp
def post(self):
session_id = get_session_id(session, request)
content_length = request.content_length
max_length = 30*1024*1024
if content_length > max_length:
raise MissingParameterHTTPError(exception=RuntimeError('File exceeded maximum size (30MB)'))
try:
package = request.files['file']
except LookupError as ex:
raise MissingParameterHTTPError(param_names=['file'])
except Exception as ex:
raise CairisHTTPError(status_code=CONFLICT, message=str(ex.message), status='Unknown error')
try:
dao = ImportDAO(session_id)
dao.package_import(package.stream.read())
dao.close()
except DatabaseProxyException as ex:
raise ARMHTTPError(ex)
except ARMException as ex:
raise ARMHTTPError(ex)
except Exception as ex:
raise CairisHTTPError(status_code=500,message=str(ex.message),status='Unknown error')
resp_dict = {'message': 'Package successfully imported'}
resp = make_response(json_serialize(resp_dict, session_id=session_id), OK)
resp.contenttype = 'application/json'
return resp
def get(self, task,environment): session_id = get_session_id(session, request) dao = TaskDAO(session_id) taskScore = dao.task_score_by_name_environment(task,environment) dao.close() resp = make_response(json_serialize(taskScore, session_id=session_id), httplib.OK) return resp
def get(self, environment):
session_id = get_session_id(session, request)
model_generator = get_model_generator()
dim_name = request.args.get('dimension_name', '')
obj_name = request.args.get('object_name', '')
model_layout = request.args.get('layout','Hierarchical')
if dim_name == 'all': dim_name = ''
if obj_name == 'all': obj_name = ''
if model_layout == 'Hierarchical':
renderer = 'dot'
elif model_layout == 'Spring':
renderer = 'fdp'
elif model_layout == 'Radial':
renderer = 'twopi'
else:
renderer = 'circo'
dao = RiskDAO(session_id)
dot_code = dao.get_risk_analysis_model(environment, dim_name, obj_name, renderer)
dao.close()
resp = make_response(model_generator.generate(dot_code, model_type='risk', renderer=renderer), httplib.OK)
accept_header = request.headers.get('Accept', 'image/svg+xml')
if accept_header.find('text/plain') > -1:
resp.headers['Content-type'] = 'text/plain'
else:
resp.headers['Content-type'] = 'image/svg+xml'
return resp
def get(self, task,environment): session_id = get_session_id(session, request) dao = TaskDAO(session_id) taskLoad = dao.task_load_by_name_environment(task,environment) dao.close() resp = make_response(json_serialize(taskLoad, session_id=session_id), OK) return resp
def get(self, environment,asset):
session_id = get_session_id(session, request)
hide_concerns = request.args.get('hide_concerns', '1')
if hide_concerns == '0' or hide_concerns == 0:
hide_concerns = False
else:
hide_concerns = True
if asset == 'all':
asset = ''
model_generator = get_model_generator()
dao = AssetDAO(session_id)
dot_code = dao.get_asset_model(environment, asset, hide_concerns=hide_concerns)
dao.close()
if not isinstance(dot_code, str):
raise ObjectNotFoundHTTPError('The model')
resp = make_response(model_generator.generate(dot_code,renderer='dot'), OK)
accept_header = request.headers.get('Accept', 'image/svg+xml')
if accept_header.find('text/plain') > -1:
resp.headers['Content-type'] = 'text/plain'
else:
resp.headers['Content-type'] = 'image/svg+xml'
return resp
def get(self, name): session_id = get_session_id(session, request) dao = CountermeasureDAO(session_id) spNames = dao.countermeasure_patterns(name) dao.close() resp = make_response(json_serialize(spNames, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) dao = ExportDAO(session_id) modelBuf = dao.file_export() dao.close() resp = make_response(json_serialize(modelBuf, session_id=session_id), httplib.OK) resp.headers['Content-Type'] = 'application/json' return resp
def get(self,name): session_id = get_session_id(session, request) dao = ArchitecturalPatternDAO(session_id) ap = dao.get_architectural_pattern(name) dao.close() resp = make_response(json_serialize(ap, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self,architectural_pattern_name,environment_name): session_id = get_session_id(session, request) dao = ArchitecturalPatternDAO(session_id) cwm = dao.get_weakness_analysis(architectural_pattern_name,environment_name) dao.close() resp = make_response(json_serialize(cwm, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self,search_string): session_id = get_session_id(session, request) dao = FindDAO(session_id) objts = dao.search_model(search_string) dao.close() resp = make_response(json_serialize(objts, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self): session_id = get_session_id(session, request) dao = PersonaCharacteristicDAO(session_id) objts = dao.get_persona_characteristics_summary() dao.close() resp = make_response(json_serialize(objts, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self, name): session_id = get_session_id(session, request) dao = RoleDAO(session_id) props = dao.get_role_props(name) dao.close() resp = make_response(json_serialize(props, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = RoleDAO(session_id) found_role = dao.get_role_by_name(name) dao.close() resp = make_response(json_serialize(found_role, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self, name): session_id = get_session_id(session, request) dao = ResponseDAO(session_id) found_response = dao.get_response_by_name(name) dao.close() resp = make_response(json_serialize(found_response, session_id=session_id), OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = ResponseDAO(session_id)
responses = dao.get_responses(constraint_id)
resp = make_response(json_serialize(responses, session_id=session_id), OK)
resp.contenttype = 'application/json'
return resp
def get(self,environment_name,head_name,tail_name): session_id = get_session_id(session, request) dao = AssetAssociationDAO(session_id) assoc = dao.get_asset_association(environment_name,head_name,tail_name) dao.close() resp = make_response(json_serialize(assoc, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self): session_id = get_session_id(session, request) dao = VersionDAO(session_id) objts = dao.cairis_version() dao.close() resp = make_response(json_serialize(objts, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self): session_id = get_session_id(session, request) dao = ProjectDAO(session_id) dbs = dao.show_databases() dao.close() resp = make_response(json_serialize(dbs, session_id=session_id), OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) dao = TrustBoundaryDAO(session_id) tbs = dao.get_trust_boundaries() dao.close() resp = make_response(json_serialize(tbs, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self,name): session_id = get_session_id(session, request) dao = SecurityPatternDAO(session_id) sp = dao.get_security_pattern(name) dao.close() resp = make_response(json_serialize(sp, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) dao = PersonaDAO(session_id) pTypes = dao.get_persona_types() dao.close() resp = make_response(json_serialize(pTypes, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self,environment_name): session_id = get_session_id(session, request) dao = ThreatDAO(session_id) model = dao.get_threat_model(environment_name) dao.close() resp = make_response(json_serialize(model, session_id=session_id), OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) dao = ThreatDAO(session_id) objts = dao.get_threats_summary() dao.close() resp = make_response(json_serialize(objts, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self, persona_name): session_id = get_session_id(session, request) dao = PersonaDAO(session_id) persona_props = dao.get_persona_props(name=persona_name) dao.close() resp = make_response(json_serialize(asset_props, session_id=session_id)) resp.contenttype = 'application/json' return resp
def put(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
settings = dao.from_json(request)
dao.apply_settings(settings)
resp_dict = {'message': 'Project settings successfully updated'}
resp = make_response(json_serialize(resp_dict, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, threat, vulnerability):
session_id = get_session_id(session, request)
dao = EnvironmentDAO(session_id)
environments = dao.get_environment_names_by_threat_vulnerability(
threat, vulnerability)
dao.close()
resp = make_response(
json_serialize(environments, session_id=session_id), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = TaskCharacteristicDAO(session_id)
upd_tc = dao.from_json(request)
dao.update_task_characteristic(upd_tc, name)
dao.close()
resp_dict = {'message': upd_tc.characteristic() + ' updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = GoalAssociationDAO(session_id)
assoc = dao.from_json(request)
dao.add_goal_association(assoc)
dao.close()
resp_dict = {'message': 'Goal Association successfully added'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = GoalDAO(session_id)
upd_goal = dao.from_json(request)
dao.update_goal(upd_goal, unquote(name))
dao.close()
resp_dict = {'message': upd_goal.name() + ' updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = AttackerDAO(session_id)
req = dao.from_json(request)
dao.update_attacker(req, name=name)
dao.close()
resp_dict = {'message': req.name() + ' updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, environment_name, goal_name, subgoal_name):
session_id = get_session_id(session, request)
dao = GoalAssociationDAO(session_id)
assoc = dao.get_goal_association(unquote(environment_name),
unquote(goal_name),
unquote(subgoal_name))
dao.close()
resp = make_response(json_serialize(assoc, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = DocumentReferenceDAO(session_id)
upd_dr = dao.from_json(request)
dao.update_document_reference(upd_dr, name)
dao.close()
resp_dict = {'message': upd_dr.name() + ' updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = PersonaCharacteristicDAO(session_id)
upd_pc = dao.from_json(request)
dao.update_persona_characteristic(upd_pc, name)
dao.close()
resp_dict = {'message': 'Persona Characteristic successfully updated'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = TemplateGoalDAO(session_id)
upd_tg = dao.from_json(request)
dao.update_template_goal(upd_tg, name)
dao.close()
resp_dict = {'message': 'Template Goal successfully updated'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = DataFlowDAO(session_id)
new_dataflow = dao.from_json(request)
dao.add_dataflow(new_dataflow)
dao.close()
resp_dict = {'message': new_dataflow.name() + ' created'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = ObstacleDAO(session_id)
upd_obs = dao.from_json(request)
dao.update_obstacle(upd_obs, name)
dao.close()
resp_dict = {'message': 'Obstacle successfully updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def delete(self, p1, p2, p3):
session_id = get_session_id(session, request)
dao = self.DAOModule(session_id)
pathValues = []
for parameterName, defaultValue in self.thePathParameters:
pathValues.append(request.args.get(parameterName, defaultValue))
getattr(dao, self.theDelMethod)(p1, p2, p3, pathValues)
resp_dict = {'message': p1 + ' / ' + p2 + ' / ' + p3 + ' deleted'}
resp = make_response(json_serialize(resp_dict, session_id=session_id),
OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraintsId = request.args.get('constraints_id', -1)
dao = EnvironmentDAO(session_id)
environments = dao.get_environments(constraintsId)
dao.close()
resp = make_response(
json_serialize(environments, session_id=session_id), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
dao.create_new_project()
dao.close()
resp_dict = {'message': 'New project successfully created'}
resp = make_response(json_serialize(resp_dict, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, name, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_value = dao.get_asset_value_by_name(
name=name, environment_name=environment_name)
dao.close()
resp = make_response(
json_serialize(asset_value, session_id=session_id), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def delete(self, name):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AttackerDAO(session_id)
dao.delete_attacker_motivation(name=name, environment_name=environment_name)
dao.close()
resp_dict = {'message': 'Attacker motivation successfully deleted'}
resp = make_response(json_serialize(resp_dict), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.from_json(request)
new_id = dao.add_asset(asset)
dao.close()
resp_dict = {'asset_id': new_id}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def post(self,environment_name,step_name,exception_name):
session_id = get_session_id(session, request)
dao = UseCaseDAO(session_id)
uc,ucContribs = dao.from_json(request)
dao.generate_obstacle_from_usecase(uc,environment_name,step_name,exception_name)
dao.close()
resp_dict = {'message': 'Obstacle generated from exception'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.from_json(request)
dao.update_asset(asset, name=name)
dao.close()
resp_dict = {'message': 'Update successful'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, environment_name, goal_name, subgoal_name):
session_id = get_session_id(session, request)
dao = GoalAssociationDAO(session_id)
assoc = dao.from_json(request)
dao.update_goal_association(assoc, unquote(environment_name),
unquote(goal_name), unquote(subgoal_name))
dao.close()
resp_dict = {'message': 'Goal Association successfully updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = DomainPropertyDAO(session_id)
req = dao.from_json(request)
dao.update_domain_property(req, name=name)
dao.close()
resp_dict = {'message': 'DomainProperty successfully updated'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
coloured = request.args.get('coloured', False)
dao = GoalDAO(session_id)
found_goal = dao.get_goal_by_name(unquote(name),
coloured=(coloured == '1'))
dao.close()
resp = make_response(json_serialize(found_goal, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = VulnerabilityDAO(session_id)
assets = dao.get_vulnerability_types(environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = DomainPropertyDAO(session_id)
new_domain_property = dao.from_json(request)
dao.add_domain_property(new_domain_property)
dao.close()
resp_dict = {'message': 'DomainProperty successfully added'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, p1, p2, p3, p4, p5, p6):
session_id = get_session_id(session, request)
dao = self.DAOModule(session_id)
pathValues = []
for parameterName, defaultValue in self.thePathParameters:
pathValues.append(request.args.get(parameterName, defaultValue))
objts = getattr(dao, self.theGetMethod)(p1, p2, p3, p4, p5, p6,
pathValues)
dao.close()
resp = make_response(json_serialize(objts, session_id=session_id), OK)
resp.contenttype = 'application/json'
return resp
def put(self, persona_name):
session_id = get_session_id(session, request)
dao = PersonaDAO(session_id)
persona_prop = dao.from_json(request, to_props=True)
dao.update_persona_properties(persona_prop, name=persona_name)
dao.close()
resp_dict = {
'message': 'The persona properties were successfully updated.'
}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = PersonaDAO(session_id)
personas = dao.get_personas(constraint_id=constraint_id)
dao.close()
resp = make_response(json_serialize(personas, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = VulnerabilityDAO(session_id)
vulnerabilities = dao.get_vulnerabilities(constraint_id=constraint_id)
dao.close()
resp = make_response(
json_serialize(vulnerabilities, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, environment, depender, dependee, dependency):
session_id = get_session_id(session, request)
dao = DependencyDAO(session_id)
found_dependency = dao.get_dependency_by_name(environment=environment,
depender=depender,
dependee=dependee,
dependency=dependency)
dao.close()
resp = make_response(
json_serialize(found_dependency, session_id=session_id), OK)
resp.headers['Content-type'] = 'application/json'
return resp
