def delete(self, project_id: int) -> Tuple[dict, int]:
drop_project_databases(project_id)
Project.apply_full_delete_by_pk(pk=project_id)
remove_project_space(project_id)
return {
"message": f"Project with id {project_id} was successfully deleted"
}, 200
def post(self, project_id, test_id):
project = Project.get_or_404(project_id)
args = self.post_parser.parse_args(strict=False)
if isinstance(test_id, int):
_filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.id == test_id)
else:
_filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.test_uid == test_id)
task = UIPerformanceTests.query.filter(_filter).first()
event = list()
execution = True if args['type'] and args["type"] == "config" else False
for browser in list(map(lambda x: x.strip(), task.browser.split(","))):
event.append(task.configure_execution_json(output='cc',
browser=browser,
test_type=args.get("test_type"),
params=loads(args.get("params", None)),
env_vars=loads(args.get("env_vars", None)),
reporting=args.get("reporter", None),
customization=loads(args.get("customization", None)),
cc_env_vars=loads(args.get("cc_env_vars", None)),
parallel=args.get("parallel", None),
execution=execution))
current_app.logger.error(f"Observer event sent {event}")
if args['type'] and args["type"] == "config":
return event[0]
response = run_task(project.id, event)
response["redirect"] = f'/task/{response["task_id"]}/results'
statistic = Statistic.query.filter_by(project_id=project_id).first()
statistic.ui_performance_test_runs += 1
statistic.commit()
return response
def put(self, project_id, test_id):
default_params = ["influx.port", "influx.host", "galloper_url", "influx.db", "test_name", "comparison_db",
"loki_host", "loki_port", "test.type", "test_type"]
project = Project.get_or_404(project_id)
args = self.put_parser.parse_args(strict=False)
if isinstance(test_id, int):
_filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.id == test_id)
else:
_filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.test_uid == test_id)
task = UIPerformanceTests.query.filter(_filter).first()
for each in ["params", "env_vars", "customization", "cc_env_vars"]:
params = deepcopy(getattr(task, each))
for key in list(params.keys()):
if key not in loads(args.get(each)).keys() and key not in default_params:
del params[key]
for key, value in loads(args.get(each)).items():
if key not in params or params[key] != value:
params[key] = value
setattr(task, each, params)
task.reporting = args["reporter"]
task.loops = args['loops']
task.aggregation = args['aggregation']
task.browser = args['browser']
task.entrypoint = args['entrypoint']
task.commit()
return task.to_json()
def get(self, project_id: int):
args = self._parser_get.parse_args(strict=False)
project = Project.get_or_404(project_id)
threshold = SecurityThresholds.query.filter(
and_(SecurityThresholds.test_uid == args['test_uid'],
SecurityThresholds.project_id == project.id)).first()
return threshold.to_json(exclude_fields=("id"))
def post(self, project_id, test_id):
project = Project.get_or_404(project_id)
args = self.post_parser.parse_args(strict=False)
if isinstance(test_id, int):
_filter = and_(PerformanceTests.project_id == project.id,
PerformanceTests.id == test_id)
else:
_filter = and_(PerformanceTests.project_id == project.id,
PerformanceTests.test_uid == test_id)
task = PerformanceTests.query.filter(_filter).first()
event = list()
execution = True if args['type'] and args["type"] == "config" else False
event.append(
task.configure_execution_json(
output='cc',
test_type=args.get("test_type"),
params=loads(args.get("params", None)),
env_vars=loads(args.get("env_vars", None)),
reporting=args.get("reporter", None),
customization=loads(args.get("customization", None)),
cc_env_vars=loads(args.get("cc_env_vars", None)),
parallel=args.get("parallel", None),
region=args.get("region", "default"),
execution=execution,
emails=args.get("emails", None)))
if args['type'] and args["type"] == "config":
return event[0]
for each in event:
each["test_id"] = task.test_uid
response = run_task(project.id, event)
response["redirect"] = f'/task/{response["task_id"]}/results'
return response
def get(self, project_id, test_id):
args = self.get_parser.parse_args(strict=False)
project = Project.get_or_404(project_id)
if isinstance(test_id, int):
_filter = and_(PerformanceTests.project_id == project.id,
PerformanceTests.id == test_id)
else:
_filter = and_(PerformanceTests.project_id == project.id,
PerformanceTests.test_uid == test_id)
test = PerformanceTests.query.filter(_filter).first()
if test.git and type(test.git) is dict and test.git[
'repo_pass'] is not None and len(
test.git['repo_pass']) and args["source"] == "galloper":
if not test.git['repo_pass'].startswith(
"{{") and not test.git['repo_pass'].endswith("}}"):
test.git['repo_pass'] = "******"
if args.raw:
return test.to_json([
"influx.port", "influx.host", "galloper_url", "influx.db",
"comparison_db", "telegraf_db", "loki_host", "loki_port",
"influx.username", "influx.password"
])
if args["type"] == "docker":
message = test.configure_execution_json(args.get("type"),
execution=args.get("exec"))
else:
message = [{"test_id": test.test_uid}]
return {"config": message} # this is cc format
def get(self, project_id, test_uuid):
project = Project.get_or_404(project_id)
job_type = "not_found"
# check if APIPerformanceTests
_filter = and_(PerformanceTests.project_id == project.id,
PerformanceTests.test_uid == test_uuid)
test = PerformanceTests.query.filter(_filter).first()
if test:
job_type = test.job_type
_filter = and_(UIPerformanceTests.project_id == project.id,
UIPerformanceTests.test_uid == test_uuid)
test = UIPerformanceTests.query.filter(_filter).first()
if test:
job_type = test.job_type
_filter = and_(SecurityTestsDAST.project_id == project.id,
SecurityTestsDAST.test_uid == test_uuid)
test = SecurityTestsDAST.query.filter(_filter).first()
if test:
job_type = "dast"
_filter = and_(SecurityTestsSAST.project_id == project.id,
SecurityTestsSAST.test_uid == test_uuid)
test = SecurityTestsSAST.query.filter(_filter).first()
if test:
job_type = "sast"
return {"job_type": job_type}
def post(self, project_id: int):
args = self.post_parser.parse_args(strict=False)
project = Project.get_or_404(project_id)
file_name = args["file"].filename
bucket = "tests"
upload_file(bucket, args["file"], project, create_if_not_exists=True)
browser = args["browser"]
runner = "getcarrier/observer:latest"
job_type = "observer"
env_vars = loads(args["env_vars"])
if "ENV" not in env_vars.keys():
env_vars['ENV'] = 'Default'
test = UIPerformanceTests(project_id=project.id,
test_uid=str(uuid4()),
name=args["name"],
bucket=bucket,
file=file_name,
entrypoint=args["entrypoint"],
runner=runner,
browser=browser,
parallel=1,
reporting=args["reporter"].split(","),
params=loads(args["params"]),
env_vars=env_vars,
customization=loads(args["customization"]),
cc_env_vars=loads(args["cc_env_vars"]),
job_type=job_type,
loops=args['loops'],
aggregation=args['aggregation']
)
test.insert()
current_app.logger.info(test.to_json())
return test.to_json(exclude_fields=("id",))
def get(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=R0201,C0111
# Check project_id for validity
project = Project.get_or_404(project_id)
# Get secret
secrets = get_project_secrets(project.id)
_secret = secrets.get(secret) if secrets.get(secret) else get_project_hidden_secrets(project.id).get(secret)
return {"secret": _secret}, 200
def get(self, project_id: int, report_id, action: Optional[str] = "table"):
args = self._parser_get.parse_args(strict=False)
_action_mapping = {"table": [], "chart": {"nodes": [], "edges": []}}
if isinstance(report_id, int):
report = UIReport.query.get_or_404(report_id)
results = UIResult.query.filter_by(project_id=project_id,
report_uid=report.uid).order_by(
UIResult.session_id,
UIResult.id).all()
else:
report = UIReport.query.filter_by(project_id=project_id,
uid=report_id).first_or_404()
results = UIResult.query.filter_by(project_id=project_id,
report_uid=report_id).order_by(
UIResult.session_id,
UIResult.id).all()
if action == 'recalculate':
project = Project.get_or_404(project_id)
return self.recalculate(project, results)
nodes, edges = self.build_graph(project_id, results,
report.aggregation, report.loops,
args["metric"])
_action_mapping["chart"]["nodes"] = nodes
_action_mapping["chart"]["edges"] = edges
_action_mapping["table"] = self.build_table(results, report.base_url)
return _action_mapping[action]
def get(self, project_id: int, task_id: str):
args = self.get_parser.parse_args(strict=False)
task = Task.query.filter_by(task_id=task_id).first()
project = Project.get_or_404(project_id)
if args.get("exec"):
return unsecret(task.to_json(), project_id=project.id)
return task.to_json()
def post(self, project_id, test_id):
""" Run test """
args = self.post_parser.parse_args(strict=False)
project = Project.get_or_404(project_id)
#
if isinstance(test_id, int):
_filter = and_(SecurityTestsSAST.project_id == project.id,
SecurityTestsSAST.id == test_id)
else:
_filter = and_(SecurityTestsSAST.project_id == project.id,
SecurityTestsSAST.test_uid == test_id)
task = SecurityTestsSAST.query.filter(_filter).first()
#
execution = bool(args["type"] and args["type"] == "config")
#
event = list()
event.append(task.configure_execution_json("cc", execution=execution))
#
if args["type"] and args["type"] == "config":
return event[0]
#
response = run_task(project.id, event)
response["redirect"] = f"/task/{response['task_id']}/results"
#
statistic = Statistic.query.filter_by(project_id=project_id).first()
statistic.sast_scans += 1
statistic.commit()
#
return response
def put(self, project_id: int):
args = self._parser_put.parse_args(strict=False)
project = Project.get_or_404(project_id)
test_data = get_test_details(build_id=args["build_id"],
test_name=args["test_name"],
lg_type=args["lg_type"])
report = APIReport.query.filter(
and_(APIReport.project_id == project.id,
APIReport.build_id == args["build_id"])).first()
report.end_time = test_data["end_time"]
report.start_time = test_data["start_time"]
report.failures = test_data["failures"]
report.total = test_data["total"]
report.thresholds_missed = args.get("missed", 0)
report.throughput = test_data["throughput"]
report.pct95 = test_data["pct95"]
report.onexx = test_data["1xx"]
report.twoxx = test_data["2xx"]
report.threexx = test_data["3xx"]
report.fourxx = test_data["4xx"]
report.fivexx = test_data["5xx"]
report.requests = ";".join(test_data["requests"])
report.status = args["status"]
report.vusers = args["vusers"]
report.duration = args["duration"]
report.commit()
return {"message": "updated"}
def get(self, project_id: int):
args = self._parser_get.parse_args(strict=False)
project = Project.get_or_404(project_id)
if args.get("type") == "ui":
return self._get_ui_pages(project.id, args.get("name"))
else:
return self._get_backend_requests(project.id, args.get("name"))
def post(self, project_id: int):
args = self._parser_post.parse_args(strict=False)
project = Project.get_or_404(project_id)
threshold = SecurityThresholds.query.filter(and_(SecurityThresholds.test_uid == args['test_uid'],
SecurityThresholds.project_id == project.id)).first()
if not threshold:
test_name = SecurityTestsSAST.query.filter(and_(SecurityTestsSAST.test_uid == args['test_uid'],
SecurityTestsSAST.project_id == project.id)).first()
if test_name:
name = test_name.name
else:
test_name = SecurityTestsDAST.query.filter(and_(SecurityTestsDAST.test_uid == args['test_uid'],
SecurityTestsDAST.project_id == project.id)).first()
name = test_name.name
threshold = SecurityThresholds(project_id=project.id, test_name=name,
test_uid=args["test_uid"], critical=-1,
high=-1, medium=-1, low=-1, info=-1,
critical_life=-1, high_life=-1, medium_life=-1,
low_life=-1, info_life=-1)
op = threshold.insert
else:
op = threshold.commit
threshold.critical = args['critical']
threshold.high = args['high']
threshold.medium = args['medium']
threshold.low = args['low']
threshold.info = args['info']
op()
return threshold.to_json(exclude_fields=("id"))
def put(self, project_id: Optional[int] = None) -> Tuple[dict, int]:
data = self._parser_post.parse_args()
if not project_id:
return {"message": "Specify project id"}, 400
project = Project.get_or_404(project_id)
project.name = data["name"]
project.project_owner = data["owner"]
package = data["package"].lower()
project.dast_enabled = False if data[
"dast_enabled"] == "disabled" else True
project.sast_enabled = False if data[
"sast_enabled"] == "disabled" else True
project.performance_enabled = False if data[
"performance_enabled"] == "disabled" else True
project.package = package
project.commit()
if package == "custom":
getattr(project_quota, "custom")(
project.id, data["perf_tests_limit"],
data["ui_perf_tests_limit"], data["sast_scans_limit"],
data["dast_scans_limit"], -1, data["storage_space_limit"],
data["data_retention_limit"], data["tasks_count_limit"],
data["task_executions_limit"])
else:
getattr(project_quota, package)(project.id)
return project.to_json(exclude_fields=Project.API_EXCLUDE_FIELDS)
def get(self, project_id):
project = Project.get_or_404(project_id)
args = self.get_parser.parse_args(strict=False)
if args['name'] not in ['post_processor', 'control_tower', 'all']:
return {"message": "go away", "code": 400}, 400
secrets = get_project_hidden_secrets(project.id)
project_secrets = {}
if args['name'] == 'post_processor':
secrets = self._create_pp(project, secrets)
elif args['name'] == 'control_tower':
secrets = self._create_cc(project, secrets)
elif args['name'] == 'all':
secrets = self._create_pp(project, secrets)
secrets = self._create_cc(project, secrets)
project_secrets["galloper_url"] = APP_HOST
project_secrets["project_id"] = project.id
secrets["redis_host"] = APP_IP
secrets["loki_host"] = EXTERNAL_LOKI_HOST.replace(
"https://", "http://")
secrets["influx_ip"] = APP_IP
secrets["influx_port"] = INFLUX_PORT
secrets["loki_port"] = LOKI_PORT
secrets["redis_password"] = REDIS_PASSWORD
set_project_secrets(project.id, project_secrets)
else:
return {"message": "go away", "code": 400}, 400
set_project_hidden_secrets(project.id, secrets)
return {"message": "Done", "code": 200}
def post(self, project_id: int) -> Tuple[dict, int]: # pylint: disable=C0111
data = self._parser_post.parse_args()
# Check project_id for validity
project = Project.get_or_404(project_id)
# Set secrets
set_project_secrets(project.id, data["secrets"])
return {"message": f"Project secrets were saved"}, 200
def get(self, project_id: int, seed: str):
""" Get config for seed """
args = self.get_parser.parse_args(strict=False)
project = Project.get_or_404(project_id)
#
test_type = seed.split("_")[0]
test_id = seed.split("_")[1]
#
if test_type == "dast":
_filter = and_(SecurityTestsDAST.project_id == project.id,
SecurityTestsDAST.test_uid == test_id)
test = SecurityTestsDAST.query.filter(_filter).first()
#
if test_type == "sast":
_filter = and_(SecurityTestsSAST.project_id == project.id,
SecurityTestsSAST.test_uid == test_id)
test = SecurityTestsSAST.query.filter(_filter).first()
#
try:
thresholds = SecurityThresholds.query.filter(
SecurityThresholds.test_uid == test_id).first().to_json(
exclude_fields=("id", "project_id", "test_name",
"test_uid"))
current_app.logger.info(thresholds)
except AttributeError:
thresholds = {}
return test.configure_execution_json(args.get("type"),
execution=True,
thresholds=thresholds)
def post(self, project_id: int):
""" Create new test """
current_app.logger.info(request.form)
args = self.post_parser.parse_args(strict=False)
project = Project.get_or_404(project_id)
test = SecurityTestsSAST(
project_id=project.id,
test_uid=str(uuid4()),
name=args["name"],
region=args["region"],
sast_settings={
"project_name": project.name,
**loads(args["sast_settings"]),
},
)
test.insert()
threshold = SecurityThresholds(
project_id=project.id,
test_name=args["name"],
test_uid=test.test_uid,
critical=-1,
high=-1,
medium=-1,
low=-1,
info=-1,
critical_life=-1,
high_life=-1,
medium_life=-1,
low_life=-1,
info_life=-1,
)
threshold.insert()
current_app.logger.info(test.to_json())
return test.to_json(exclude_fields=("id", ))
def delete(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111
project = Project.get_or_404(project_id)
secrets = get_project_secrets(project.id)
if secret in secrets:
del secrets[secret]
set_project_secrets(project.id, secrets)
return {"message": "deleted"}, 200
def get(self, project_id: int):
args = self._parser_get.parse_args(strict=False)
project = Project.get_or_404(project_id)
report = APIReport.query.filter_by(project_id=project.id,
build_id=args["build_id"]).first()
return {"status": report.status}
def get(
self,
project_id: Optional[int] = None
) -> Union[Tuple[dict, int], Tuple[list, int]]:
args = self._parser_get.parse_args()
offset_ = args["offset"]
limit_ = args["limit"]
search_ = args["search"]
allowed_project_ids = only_users_projects()
_filter = None
if "all" not in allowed_project_ids:
_filter = Project.id.in_(allowed_project_ids)
if project_id:
project = Project.get_or_404(project_id)
return project.to_json(
exclude_fields=Project.API_EXCLUDE_FIELDS), 200
elif search_:
filter_ = Project.name.ilike(f"%{search_}%")
if _filter is not None:
filter_ = and_(_filter, filter_)
projects = Project.query.filter(filter_).limit(limit_).offset(
offset_).all()
else:
if _filter is not None:
projects = Project.query.filter(_filter).limit(limit_).offset(
offset_).all()
else:
projects = Project.query.limit(limit_).offset(offset_).all()
total = self.__get_project_count(_filter)
project_list = [
project.to_json(exclude_fields=Project.API_EXCLUDE_FIELDS)
for project in projects
]
return {"total": total, "rows": project_list}, 200
def delete(self, project_id: int) -> Tuple[dict, int]:
project = Project.get_or_404(project_id)
if SessionProject.get() == project.id:
SessionProject.pop()
return {
"message":
f"Project with id {project.id} was successfully unselected"
}, 200
def get(self, project_id: Optional[int] = None) -> Tuple[dict, int]:
if not project_id:
project_id = SessionProject.get()
if project_id:
project = Project.get_or_404(project_id)
return project.to_json(
exclude_fields=Project.API_EXCLUDE_FIELDS), 200
return {"message": "No project selected in session"}, 404
def put(self, project_id: int, report_type: str, report_id: int):
args = self._parser_put.parse_args(strict=False)
project = Project.get_or_404(project_id)
report = REPORTS_MAPPER.get(report_type).query.filter_by(
project_id=project.id, id=report_id).first()
report.status = args["status"]
report.commit()
return {"message": f"status changed to {args['status']}"}
def get(self, project_id: int):
project = Project.get_or_404(project_id)
args = self._parser_get.parse_args(strict=False)
res = APIThresholds.query.filter().filter(
and_(APIThresholds.project_id == project.id,
APIThresholds.test == args.get("name"),
APIThresholds.environment == args.get("environment"))).all()
return [th.to_json() for th in res]
def post(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111
data = self._parser_post.parse_args()
# Check project_id for validity
project = Project.get_or_404(project_id)
# Set secret
secrets = get_project_secrets(project.id)
secrets[secret] = data["secret"]
set_project_secrets(project.id, secrets)
return {"message": f"Project secret was saved"}, 200
def delete(self, project_id: int):
args = self.delete_parser.parse_args(strict=False)
project = Project.get_or_404(project_id)
query_result = UIPerformanceTests.query.filter(
and_(UIPerformanceTests.project_id == project.id,
UIPerformanceTests.id.in_(args["id[]"]))).all()
for each in query_result:
each.delete()
return {"message": "deleted"}
def get(self, project_id: int) -> Tuple[dict, int]: # pylint: disable=R0201,C0111
# Check project_id for validity
project = Project.get_or_404(project_id)
# Get secrets
secrets_dict = get_project_secrets(project.id)
resp = []
for key in secrets_dict.keys():
resp.append({"name": key, "secret": "******"})
return resp
