def verify_and_call(*args, **kwargs): context = args[1].context event_id = kwargs.get('event_id') \ if kwargs.get('identifier') is None else kwargs.get('identifier') user_data = util.get_jwt_content(context) user_data['subscribed_projects'] = \ user_domain.get_projects(user_data['user_email']) user_data['subscribed_projects'] += \ user_domain.get_projects(user_data['user_email'], active=False) user_data['role'] = get_user_role(user_data) event_project = event_domain.get_event(event_id).get('project_name') if not re.match('^[0-9]*$', event_id): rollbar.report_message('Error: Invalid event id format', 'error', context) raise GraphQLError('Invalid event id format') try: if not ENFORCER_BASIC.enforce(user_data, event_project.lower()): util.cloudwatch_log( context, 'Security: \ Attempted to retrieve event-related info without permission') raise GraphQLError('Access denied') except AttributeDoesNotExist: return GraphQLError('Access denied: Missing attributes') return func(*args, **kwargs)
def verify_and_call(*args, **kwargs): context = args[1].context project_name = kwargs.get('project_name') user_data = util.get_jwt_content(context) user_data['subscribed_projects'] = \ user_domain.get_projects(user_data['user_email']) user_data['subscribed_projects'] += \ user_domain.get_projects(user_data['user_email'], active=False) user_data['role'] = get_user_role(user_data) if not project_name: rollbar.report_message('Error: Empty fields in project', 'error', context) raise GraphQLError('Access denied') try: if not ENFORCER_BASIC.enforce(user_data, project_name.lower()): util.cloudwatch_log( context, 'Security: \ Attempted to retrieve {project} project info without permission'.format( project=kwargs.get('project_name'))) raise GraphQLError('Access denied') util.cloudwatch_log( context, 'Security: Access to {project} project'.format( project=kwargs.get('project_name'))) except AttributeDoesNotExist: return GraphQLError('Access denied') return func(*args, **kwargs)
def __init__(self, project_name: str, user_email: str, role: str = None): self.email: str = user_email self.role: str = '' self.responsibility: str = '' self.phone_number: str = '' self.organization: str = '' self.first_login: str = '-' self.last_login: _List[int] = [-1, -1] self.list_projects: _List[int] = [] if not project_name: projs_active = \ ['{proj}: {description} - Active'.format( proj=proj, description=project_domain.get_description(proj)) for proj in user_domain.get_projects(self.email)] projs_suspended = \ ['{proj}: {description} - Suspended'.format( proj=proj, description=project_domain.get_description(proj)) for proj in user_domain.get_projects( self.email, active=False)] self.list_projects = projs_active + projs_suspended last_login = user_domain.get_data(user_email, 'last_login') if last_login == '1111-1-1 11:11:11' or not last_login: self.last_login = [-1, -1] else: dates_difference = \ datetime.now() - datetime.strptime(last_login, '%Y-%m-%d %H:%M:%S') diff_last_login = [dates_difference.days, dates_difference.seconds] self.last_login = diff_last_login self.first_login = user_domain.get_data(user_email, 'date_joined') organization = user_domain.get_data(user_email, 'company') self.organization = organization.title() self.responsibility = has_responsibility( project_name, user_email) if project_name else '' self.phone_number = has_phone_number(user_email) user_role = user_domain.get_data(user_email, 'role') if project_name and is_customeradmin(project_name, user_email): self.role = 'customer_admin' elif user_role == 'customeradmin': self.role = 'customer' else: self.role = user_role if project_name and role: if role == 'admin': has_access = has_access_to_project(user_email, project_name, self.role) else: has_access = user_domain.get_project_access( user_email, project_name) if not user_domain.get_data(user_email, 'email') or \ not has_access: raise UserNotFound()
def _get_list_projects(email, project_name): """Get list projects.""" list_projects = list() if not project_name: projs_active = \ ['{proj}: {description} - Active'.format( proj=proj, description=project_domain.get_description(proj)) for proj in user_domain.get_projects(email)] projs_suspended = \ ['{proj}: {description} - Suspended'.format( proj=proj, description=project_domain.get_description(proj)) for proj in user_domain.get_projects( email, active=False)] list_projects = projs_active + projs_suspended return dict(list_projects=list_projects)
def resolve_projects(self, info): jwt_content = util.get_jwt_content(info.context) user_email = jwt_content.get('user_email') for project in user_domain.get_projects(user_email): self.projects.append( Project(project_name=project, description=project_domain.get_description(project))) return self.projects
def _get_projects(jwt_content): """Get projects.""" projects = [] user_email = jwt_content.get('user_email') for project in user_domain.get_projects(user_email): description = project_domain.get_description(project) projects.append( dict(name=project, description=description) ) return dict(projects=projects)
def generate_complete_report(request): user_data = util.get_jwt_content(request) projects = user_domain.get_projects(user_data['user_email']) book = load_workbook('/usr/src/app/app/techdoc/templates/COMPLETE.xlsx') sheet = book.active project_col = 1 finding_col = 2 vuln_where_col = 3 vuln_specific_col = 4 treatment_col = 5 treatment_mgr_col = 6 row_offset = 2 row_index = row_offset for project in projects: findings = project_domain.get_released_findings( project, 'finding_id, finding, treatment') for finding in findings: vulns = finding_dal.get_vulnerabilities(finding['finding_id']) for vuln in vulns: sheet.cell(row_index, vuln_where_col, vuln['where']) sheet.cell(row_index, vuln_specific_col, vuln['specific']) sheet.cell(row_index, project_col, project.upper()) sheet.cell(row_index, finding_col, '{name!s} (#{id!s})'.format( name=finding['finding'].encode('utf-8'), id=finding['finding_id'])) sheet.cell(row_index, treatment_col, finding['treatment']) sheet.cell(row_index, treatment_mgr_col, vuln.get('treatment_manager', 'Unassigned')) row_index += 1 username = user_data['user_email'].split('@')[0].encode('utf8', 'ignore') filename = 'complete_report.xlsx' filepath = '/tmp/{username}-{filename}'.format(filename=filename, username=username) book.save(filepath) with open(filepath, 'rb') as document: response = HttpResponse(document.read()) response['Content-Type'] = 'application/vnd.openxmlformats\ -officedocument.spreadsheetml.sheet' response['Content-Disposition'] = 'inline;filename={filename}'.format( filename=filename) return response