def post(self): session_id = get_session_id(session, request) if session_id is None: raise CairisHTTPError( status_code=httplib.BAD_REQUEST, message='The session is neither started or no session ID is provided with the request.' ) content_length = request.content_length max_length = 10*1024*1024 if content_length > max_length: raise MissingParameterHTTPError(exception=RuntimeError('File exceeded maximum size (10MB)')) try: file = request.files['file'] except LookupError as ex: raise MissingParameterHTTPError(param_names=['file']) except Exception as ex: raise CairisHTTPError( status_code=httplib.CONFLICT, message=str(ex.message), status='Unknown error' ) dao = UploadDAO(session_id) filename = dao.upload_image(file) resp_dict = {'message': 'File successfully uploaded', 'filename': filename} resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) dao = ProjectDAO(session_id) settings = dao.get_settings() resp = make_response(json_serialize(settings, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, threat, vulnerability, environment): session_id = get_session_id(session, request) dao = RiskDAO(session_id) risk_rating = dao.get_risk_rating_by_tve(threat, vulnerability, environment) resp = make_response(json_serialize(risk_rating, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, environment): session_id = get_session_id(session, request) dao = AssetDAO(session_id) assets = dao.get_asset_names(environment=environment) dao.close() resp = make_response(json_serialize(assets, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self, environment_name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) assets = dao.get_asset_values(environment_name=environment_name) dao.close() resp = make_response(json_serialize(assets, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def post(self): session_id = get_session_id(session, request) dao = ProjectDAO(session_id) dao.create_new_project() resp_dict = {'message': 'New project successfully created'} resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = VulnerabilityDAO(session_id) vulnerability = dao.get_vulnerability_by_name(name=name) dao.close() resp = make_response(json_serialize(vulnerability, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = ResponseDAO(session_id) found_response = dao.get_response_by_name(name) dao.close() resp = make_response(json_serialize(found_response, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, threat, vulnerability): session_id = get_session_id(session, request) dao = EnvironmentDAO(session_id) environments = dao.get_environment_names_by_threat_vulnerability(threat, vulnerability) dao.close() resp = make_response(json_serialize(environments, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, asset_name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset_props = dao.get_asset_props(name=asset_name) dao.close() resp = make_response(json_serialize(asset_props, session_id=session_id)) resp.contenttype = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = RoleDAO(session_id) props = dao.get_role_props(name) dao.close() resp = make_response(json_serialize(props, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = AttackerDAO(session_id) attacker = dao.get_attacker_by_name(name=name) dao.close() resp = make_response(json_serialize(attacker, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = RoleDAO(session_id) found_role = dao.get_role_by_name(name) dao.close() resp = make_response(json_serialize(found_role, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self): session_id = get_session_id(session, request) constraint_id = request.args.get('constraint_id', -1) dao = ResponseDAO(session_id) responses = dao.get_responses(constraint_id) resp = make_response(json_serialize(responses, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, id): session_id = get_session_id(session, request) dao = RoleDAO(session_id) found_role = dao.get_role_by_id(id) dao.close() resp = make_response(json_serialize(found_role, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self, name, environment_name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset_value = dao.get_asset_value_by_name(name=name, environment_name=environment_name) dao.close() resp = make_response(json_serialize(asset_value, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) found_asset = dao.get_asset_by_name(name) dao.close() resp = make_response(json_serialize(found_asset, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self): session_id = get_session_id(session, request) dao = EnvironmentDAO(session_id) environment_names = dao.get_environment_names() dao.close() resp = make_response(json_serialize(environment_names, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self): constraint_id = request.args.get('constraint_id', -1) session_id = get_session_id(session, request) dao = AssetDAO(session_id) assets = dao.get_assets(constraint_id=constraint_id) dao.close() resp = make_response(json_serialize(assets, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def put(self): session_id = get_session_id(session, request) dao = ProjectDAO(session_id) settings = dao.from_json(request) dao.apply_settings(settings) resp_dict = {'message': 'Project settings successfully updated'} resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def post(self): session_id = get_session_id(session, request) dao = ResponseDAO(session_id) response = dao.from_json(request) response_id = dao.add_response(response) resp_dict = {'message': 'Response successfully added', 'response_id': response_id} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.contenttype = 'application/json' return resp
def delete(self, name): session_id = get_session_id(session, request) dao = ResponseDAO(session_id) dao.delete_response(name) dao.close() resp_dict = {'message': 'Response successfully deleted'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) dao = RiskDAO(session_id) found_risk = dao.get_risk_by_name(name) dao.close() resp = make_response(json_serialize(found_risk, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def delete(self, name): session_id = get_session_id(session, request) dao = GoalDAO(session_id) dao.delete_goal(name) dao.close() resp_dict = {'message': 'Goal successfully deleted'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) coloured = request.args.get('coloured', False) dao = GoalDAO(session_id) found_goal = dao.get_goal_by_name(name, coloured=(coloured == '1')) dao.close() resp = make_response(json_serialize(found_goal, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get(self): session_id = get_session_id(session, request) constraint_id = request.args.get('constraint_id', -1) dao = RoleDAO(session_id) roles = dao.get_roles(constraint_id) dao.close() resp = make_response(json_serialize(roles, session_id=session_id)) resp.contenttype = "application/json" return resp
def get(self): session_id = get_session_id(session, request) constraint_id = request.args.get('constraint_id', -1) dao = RiskDAO(session_id) risks = dao.get_risks(constraint_id) resp = make_response(json_serialize(risks, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def delete(self, id): session_id = get_session_id(session, request) dao = RoleDAO(session_id) dao.delete_role(role_id=id) dao.close() resp_dict = {'message': 'Role successfully deleted'} resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def post(self): session_id = get_session_id(session, request) dao = RiskDAO(session_id) risk = dao.from_json(request) risk_id = dao.add_risk(risk) resp_dict = {'message': 'Risk successfully added', 'risk_id': risk_id} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) constraintsId = request.args.get('constraint_id', '') dao = DependencyDAO(session_id) dependencies = dao.get_dependencies(constraintsId) dao.close() resp = make_response(json_serialize(dependencies, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, threat, vulnerability, environment): session_id = get_session_id(session, request) dao = RiskDAO(session_id) risk_rating = dao.get_risk_rating_by_tve(threat, vulnerability, environment) resp = make_response( json_serialize(risk_rating, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) constraintsId = request.args.get('constraints_id', -1) dao = RiskDAO(session_id) misuse_cases = dao.get_misuse_cases(constraintsId) dao.close() resp = make_response(json_serialize(misuse_cases, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, shortcode): session_id = get_session_id(session, request) dao = RequirementDAO(session_id) req = dao.get_requirement_by_shortcode(shortcode) dao.close() resp = make_response(json_serialize(req, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def delete(self, name): session_id = get_session_id(session, request) dao = EnvironmentDAO(session_id) dao.delete_environment(name=name) dao.close() resp_dict = {'message': 'Environment successfully deleted'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) constraintsId = request.args.get('constraints_id', -1) dao = EnvironmentDAO(session_id) environments = dao.get_environments(constraintsId) dao.close() resp = make_response(json_serialize(environments, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) environment_name = request.args.get('environment', '') dao = AttackerDAO(session_id) attacker_motivation = dao.get_attacker_motivation_by_name(name=name, environment_name=environment_name) dao.close() resp = make_response(json_serialize(attacker_motivation, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) constraint_id = request.args.get('constraint_id', -1) dao = AttackerDAO(session_id) attackers = dao.get_attackers(constraint_id=constraint_id) dao.close() resp = make_response(json_serialize(attackers, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) environment_name = request.args.get('environment', '') dao = AttackerDAO(session_id) assets = dao.get_attacker_motivations(environment_name=environment_name) dao.close() resp = make_response(json_serialize(assets, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self): session_id = get_session_id(session, request) constraint_id = request.args.get('constraint_id', -1) dao = VulnerabilityDAO(session_id) vulnerabilities = dao.get_vulnerabilities(constraint_id=constraint_id) dao.close() resp = make_response(json_serialize(vulnerabilities, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def get(self, name): session_id = get_session_id(session, request) environment_name = request.args.get('environment', '') dao = VulnerabilityDAO(session_id) vulnerability_type = dao.get_vulnerability_type_by_name(name=name, environment_name=environment_name) dao.close() resp = make_response(json_serialize(vulnerability_type, session_id=session_id), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def post(self): session_id = get_session_id(session, request) dao = EnvironmentDAO(session_id) new_environment = dao.from_json(request) new_environment_id = dao.add_environment(new_environment) dao.close() resp_dict = {'message': 'Environment successfully added', 'environment_id': new_environment_id} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def post(self): session_id = get_session_id(session, request) dao = GoalDAO(session_id) new_goal = dao.from_json(request) new_goal_id = dao.add_goal(new_goal) dao.close() resp_dict = {'message': 'Goal successfully added', 'goal_id': new_goal_id} resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK) resp.contenttype = 'application/json' return resp
def put(self, name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset = dao.from_json(request) dao.update_asset(asset, name=name) dao.close() resp_dict = {'message': 'Update successful'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.contenttype = 'application/json' return resp
def delete(self, name): session_id = get_session_id(session, request) environment_name = request.args.get('environment', '') dao = AttackerDAO(session_id) dao.delete_attacker_motivation(name=name, environment_name=environment_name) dao.close() resp_dict = {'message': 'Attacker motivation successfully deleted'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def get(self, id): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset = dao.get_asset_by_id(id) dao.close() if asset is None: raise ObjectNotFoundHTTPError('The asset') resp = make_response(json_serialize(asset, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def put(self, asset_name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset_prop = dao.from_json(request, to_props=True) dao.update_asset_properties(asset_prop, name=asset_name) dao.close() resp_dict = {'message': 'The asset properties were successfully updated.'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.contenttype = 'application/json' return resp
def delete(self, name): session_id = get_session_id(session, request) environment_name = request.args.get('environment', '') dao = AssetDAO(session_id) dao.delete_asset_type(name=name, environment_name=environment_name) dao.close() resp_dict = {'message': 'Asset type successfully deleted'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp
def post(self): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset = dao.from_json(request) new_id = dao.add_asset(asset) dao.close() resp_dict = {'asset_id': new_id} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.contenttype = 'application/json' return resp
def put(self, name, environment_name): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset_value = dao.type_from_json(request) dao.update_asset_value(asset_value, name=name, environment_name=environment_name) dao.close() resp_dict = {'message': 'Asset type successfully updated'} resp = make_response(json_serialize(resp_dict), httplib.OK) resp.headers['Content-type'] = 'application/json' return resp