def mutate(self, info, **parameters):
success = False
files_data = parameters['files_data']
uploaded_file = info.context.FILES['1']
project_name = parameters['project_name']
user_email = util.get_jwt_content(info.context)['user_email']
add_file = resources.create_file(files_data,
uploaded_file,
project_name,
user_email)
if add_file:
resources.send_mail(project_name,
user_email,
files_data,
'added',
'file')
success = True
else:
rollbar.report_message('Error: \
An error occurred uploading file', 'error', info.context)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, 'Security: Added evidence files to \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add evidence files \
from {project} project'.format(project=project_name))
ret = AddFiles(success=success, resources=Resource(project_name))
return ret
def mutate(self,
info, resource_data: Dict[str, Any], project_name: str, res_type: str) -> object:
success = False
user_email = util.get_jwt_content(info.context)['user_email']
update_res = resources.update_resource(resource_data, project_name, res_type, user_email)
if update_res:
resources.send_mail(project_name,
user_email,
[resource_data],
'activated'
if resource_data.get('state') == 'INACTIVE'
else 'deactivated',
res_type)
success = True
else:
rollbar.report_message('Error: \
An error occurred updating resource', 'error', info.context)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, 'Security: Updated resources from \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to update resources \
from {project} project'.format(project=project_name))
ret = UpdateResources(success=success,
resources=Resource(project_name))
return ret
def mutate(_, info, project_name: str, repo: Dict[str, str],
state: str) -> object:
user_email = util.get_jwt_content(info.context)['user_email']
success = resources.update_resource(
repo, project_name, 'repository', user_email)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context,
f'Security: Updated repository state in {project_name} '
'project succesfully')
action = 'activated' if state == 'ACTIVE' else 'deactivated'
resources.send_mail(
project_name, user_email, [repo], action, 'repository')
else:
rollbar.report_message(
'An error occurred updating repository state',
level='error',
payload_data=locals())
util.cloudwatch_log(
info.context,
'Security: Attempted to update repository state in '
f'{project_name} project')
return UpdateRepository(success=success)
def mutate(self, info, project_name, tags):
success = False
project_name = project_name.lower()
if project_domain.is_alive(project_name):
if project_domain.validate_tags(project_name, tags):
project_tags = project_domain.get_attributes(project_name, ['tag'])
if not project_tags:
project_tags = {'tag': set(tag for tag in tags)}
else:
project_tags.get('tag').update(tags)
tags_added = project_domain.update(project_name, project_tags)
if tags_added:
success = True
else:
rollbar.report_message('Error: \
An error occurred adding tags', 'error', info.context)
else:
util.cloudwatch_log(info.context,
'Security: \
Attempted to upload tags without the allowed structure')
else:
util.cloudwatch_log(info.context,
'Security: \
Attempted to upload tags without the allowed validations')
if success:
util.invalidate_cache(project_name)
ret = AddTags(success=success, project=Project(project_name))
return ret
def mutate(self, info, **parameters):
project_name = parameters.get('project_name').lower()
user_info = util.get_jwt_content(info.context)
current_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
comment_id = int(round(time.time() * 1000))
comment_data = {
'user_id': comment_id,
'content': parameters.get('content'),
'created': current_time,
'fullname':
str.join(' ', [user_info['first_name'],
user_info['last_name']]),
'modified': current_time,
'parent': int(parameters.get('parent'))
}
success = project_domain.add_comment(
project_name, user_info['user_email'], comment_data)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, 'Security: Added comment to \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add \
comment in {project} project'.format(project=project_name))
ret = AddProjectComment(success=success, comment_id=comment_id)
return ret
def mutate(self,
info,
finding_id: str,
approval_status: str,
uuid: str = '') -> object:
project_name = get_finding_project_name(finding_id)
success = False
if uuid:
success = update_approval_status(finding_id, uuid, approval_status)
else:
success = update_all_pending_vulns(finding_id, approval_status)
if success:
update_last_vuln_date(finding_id)
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Approve vulnerability from {project}\
project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to approve\
vulnerability from {project} project'.format(
project=project_name))
ret = ApproveVulnerability(success=success)
return ret
def mutate(self,
info, resource_data: Dict[str, Any], project_name: str, res_type: str) -> object:
success = False
user_email = util.get_jwt_content(info.context)['user_email']
add_res = resources.create_resource(resource_data, project_name, res_type, user_email)
if add_res:
resources.send_mail(project_name,
user_email,
resource_data,
'added',
res_type)
success = True
else:
rollbar.report_message('Error: \
An error occurred adding resource', 'error', info.context)
if success:
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, 'Security: Added resources to \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add resources \
from {project} project'.format(project=project_name))
ret = AddResources(success=success,
resources=Resource(project_name))
return ret
def mutate(self, info, project_name):
success = project_domain.add_all_access_to_project(project_name)
if success:
util.cloudwatch_log(
info.context,
f'Security: Add all project access of {project_name}')
util.invalidate_cache(project_name)
return AddAllProjectAccess(success=success)
def mutate(self, info, project_name):
success = project_domain.remove_all_project_access(project_name)
if success:
util.cloudwatch_log(
info.context,
f'Security: Remove all project access of {project_name}')
util.invalidate_cache(project_name)
return RemoveAllProjectAccess(success=success)
def resolve_remove_event_evidence(_, info, event_id, evidence_type):
"""Resolve remove_event_evidence mutation."""
success = event_domain.remove_evidence(evidence_type, event_id)
if success:
util.cloudwatch_log(info.context,
f'Security: Removed evidence in event {event_id}')
util.invalidate_cache(event_id)
return dict(success=success)
def mutate(_, info, event_id, evidence_type):
success = event_domain.remove_evidence(evidence_type, event_id)
if success:
util.cloudwatch_log(
info.context,
f'Security: Removed evidence in event {event_id}')
util.invalidate_cache(event_id)
return RemoveEventEvidence(success=success)
def mutate(_, info, finding_id: str, vulnerabilities: List) -> object:
project_name = get_finding_project_name(finding_id)
success = delete_tags(finding_id, cast(_List[str], vulnerabilities))
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context, f'Delete tags from {finding_id}')
return DeleteTags(success=success)
def resolve_update_event(_, info, event_id, **kwargs):
"""Resolve update_event mutation."""
success = event_domain.update_event(event_id, **kwargs)
if success:
project_name = event_domain.get_event(event_id).get('project_name')
util.invalidate_cache(event_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context,
f'Security: Updated event {event_id} succesfully')
return dict(success=success)
def mutate(self, info, finding_id):
analyst_email = util.get_jwt_content(info.context)['user_email']
success = finding_domain.submit_draft(finding_id, analyst_email)
if success:
util.invalidate_cache(finding_id)
util.cloudwatch_log(
info.context, 'Security: Submitted draft '
'{} succesfully'.format(finding_id))
return SubmitDraft(success=success)
def mutate(self, info, project_name):
user_info = util.get_jwt_content(info.context)
success = project_domain.reject_deletion(project_name, user_info['user_email'])
if success:
project = project_name.lower()
util.invalidate_cache(project)
util.cloudwatch_log(
info.context,
f'Security: Reject project {project} deletion succesfully')
return RejectRemoveProject(success=success)
def resolve_create_event(_, info, project_name, image=None, file=None, **kwa):
"""Resolve create_event mutation."""
analyst_email = util.get_jwt_content(info.context)['user_email']
success = event_domain.create_event(analyst_email, project_name.lower(),
file, image, **kwa)
if success:
util.cloudwatch_log(
info.context, 'Security: Created event in '
f'{project_name} project succesfully')
util.invalidate_cache(project_name)
return dict(success=success)
def resolve_invalidate_cache(_, info, pattern):
"""Resolve invalidate_cache."""
success = False
regex = r'^\w+$'
if re.match(regex, pattern):
util.invalidate_cache(pattern)
success = True
util.cloudwatch_log(
info.context,
f'Security: Pattern {pattern} was removed from cache')
return dict(success=success)
def mutate(self, info, evidence_id, finding_id):
success = finding_domain.remove_evidence(evidence_id, finding_id)
if success:
util.cloudwatch_log(
info.context,
f'Security: Removed evidence in finding {finding_id}')
util.invalidate_cache(finding_id)
findings_loader = info.context.loaders['finding']
ret = RemoveEvidence(finding=findings_loader.load(finding_id),
success=success)
return ret
def mutate(_, info, pattern):
regex = r'^\w+$'
if re.match(regex, pattern):
util.invalidate_cache(pattern)
success = True
util.cloudwatch_log(
info.context,
f'Security: Pattern {pattern} was removed from cache')
else:
success = False
return InvalidateCache(success=success)
def mutate(self, info, **kwargs):
user_data = util.get_jwt_content(info.context)
user_role = get_user_role(user_data)
success = project_domain.create_project(
user_data['user_email'], user_role, **kwargs)
if success:
project = kwargs.get('project_name').lower()
util.invalidate_cache(user_data['user_email'])
util.cloudwatch_log(
info.context,
f'Security: Created project {project} succesfully')
return CreateProject(success=success)
def delete_project(project):
"""Delete project information."""
project = project.lower()
are_users_removed = remove_all_users_access(project)
are_findings_masked = [
finding_domain.mask_finding(finding_id)
for finding_id in project_domain.list_findings(project)]
update_project_state_db = project_domain.update(project, {'project_status': 'FINISHED'})
is_project_deleted = all([
are_findings_masked, are_users_removed, update_project_state_db])
util.invalidate_cache(project)
return is_project_deleted
def mutate(self, info, finding_id, justification):
project_name = project_domain.get_finding_project_name(finding_id)
user_info = util.get_jwt_content(info.context)
success = finding_domain.verify_finding(
finding_id, user_info['user_email'], justification,
str.join(' ', [user_info['first_name'], user_info['last_name']]))
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Verified the '
f'finding_id: {finding_id}')
ret = VerifyFinding(success=success)
return ret
def delete_pending_projects():
""" Delete pending to delete projects """
rollbar.report_message('Warning: Function to delete projects if '
'deletion_date expires is running', 'warning')
today = datetime.now()
projects = project_domain.get_pending_to_delete()
for project in projects:
historic_deletion = project.get('historic_deletion', [{}])
last_state = historic_deletion[-1]
deletion_date = last_state.get(
'deletion_date', today.strftime('%Y-%m-%d %H:%M:%S'))
deletion_date = datetime.strptime(deletion_date, '%Y-%m-%d %H:%M:%S')
if deletion_date < today:
project_domain.remove_project(project.get('project_name'), '')
util.invalidate_cache(project.get('project_name'))
def resolve_add_event_comment(_, info, content, event_id, parent):
"""Resolve add_event_comment mutation."""
user_info = util.get_jwt_content(info.context)
comment_id, success = event_domain.add_comment(content, event_id, parent,
user_info)
if success:
util.invalidate_cache(event_id)
util.cloudwatch_log(
info.context,
f'Security: Added comment to event {event_id} succesfully')
else:
util.cloudwatch_log(
info.context,
f'Security: Attempted to add comment in event {event_id}')
return dict(success=success, comment_id=comment_id)
def resolve_solve_event(_, info, event_id, affectation, date):
"""Resolve solve_event mutation."""
analyst_email = util.get_jwt_content(info.context)['user_email']
success = event_domain.solve_event(event_id, affectation, analyst_email,
date)
if success:
project_name = event_domain.get_event(event_id).get('project_name')
util.invalidate_cache(event_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(info.context,
f'Security: Solved event {event_id} succesfully')
else:
util.cloudwatch_log(info.context,
f'Security: Attempted to solve event {event_id}')
return dict(success=success)
def resolve_update_event_evidence(_, info, event_id, evidence_type, file):
"""Resolve update_event_evidence mutation."""
success = False
if event_domain.validate_evidence(evidence_type, file):
success = event_domain.update_evidence(event_id, evidence_type, file)
if success:
util.invalidate_cache(event_id)
util.cloudwatch_log(
info.context,
f'Security: Updated evidence in event {event_id} succesfully')
else:
util.cloudwatch_log(
info.context,
f'Security: Attempted to update evidence in event {event_id}')
return dict(success=success)
def mutate(self, info, **query_args):
project_name = query_args.get('project_name')
success = False
user_data = util.get_jwt_content(info.context)
role = get_user_role(user_data)
modified_user_data = {
'email': query_args.get('email'),
'organization': query_args.get('organization'),
'responsibility': query_args.get('responsibility'),
'role': query_args.get('role'),
'phone_number': query_args.get('phone_number')
}
if (role == 'admin'
and modified_user_data['role'] in ['admin', 'analyst',
'customer', 'customeradmin']) \
or (is_customeradmin(project_name, user_data['user_email'])
and modified_user_data['role'] in ['customer', 'customeradmin']):
if user_domain.assign_role(modified_user_data['email'],
modified_user_data['role']):
modify_user_information(info.context, modified_user_data,
project_name)
success = True
else:
rollbar.report_message('Error: Couldn\'t update user role',
'error', info.context)
else:
rollbar.report_message(
'Error: Invalid role provided: ' + modified_user_data['role'],
'error', info.context)
if success:
util.invalidate_cache(project_name)
util.invalidate_cache(query_args.get('email'))
util.cloudwatch_log(
info.context, 'Security: Modified user data:{user} \
in {project} project succesfully'.format(
user=query_args.get('email'), project=project_name))
else:
util.cloudwatch_log(
info.context, 'Security: Attempted to modify user \
data:{user} in {project} project'.format(
user=query_args.get('email'), project=project_name))
ret = \
EditUser(success=success,
modified_user=User(project_name,
modified_user_data['email']))
return ret
def mutate(self, info, finding_id):
reviewer_email = util.get_jwt_content(info.context)['user_email']
project_name = finding_domain.get_finding(finding_id)['projectName']
success = finding_domain.reject_draft(finding_id, reviewer_email)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context,
'Security: Draft {} rejected succesfully'.format(finding_id))
else:
util.cloudwatch_log(
info.context,
'Security: Attempted to reject draft {}'.format(finding_id))
return RejectDraft(success=success)
def mutate(self, info, finding_id, justification):
project_name = finding_domain.get_finding(finding_id)['projectName']
success = finding_domain.delete_finding(finding_id, project_name,
justification, info.context)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context,
f'Security: Deleted finding: {finding_id} succesfully')
else:
util.cloudwatch_log(
info.context,
f'Security: Attempted to delete finding: {finding_id}')
return DeleteFinding(success=success)
def mutate(self, info, **parameters):
finding_id = parameters.get('finding_id')
project_name = get_finding_project_name(finding_id)
user_info = util.get_jwt_content(info.context)
success = verify_vulnerabilities(
finding_id, user_info['user_email'],
str.join(' ', [
user_info.get('first_name', ''),
user_info.get('last_name', '')
]), info, parameters)
if success:
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
util.cloudwatch_log(
info.context, 'Security: Verified a request '
f'in finding_id: {finding_id}')
return VerifyRequestVuln(success=success)
