def get_attacker_motivation_by_name(self, name, environment_name=''): """ :rtype: ValueType :raise ObjectNotFoundHTTPError: """ found_motivation = None attacker_motivations = self.get_attacker_motivations( environment_name=environment_name) if attacker_motivations is None or len(attacker_motivations) < 1: self.close() raise ObjectNotFoundHTTPError('Attacker motivations') idx = 0 while found_motivation is None and idx < len(attacker_motivations): if attacker_motivations[idx].theName == name: found_motivation = attacker_motivations[idx] idx += 1 if found_motivation is None: self.close() raise ObjectNotFoundHTTPError( 'The provided attacker motivation name') return found_motivation
def get_goal_value_by_name(self, name, environment_name=''): found_value = None goal_values = self.get_goal_values(environment_name=environment_name) if goal_values is None or len(goal_values) < 1: raise ObjectNotFoundHTTPError('Goal values') idx = 0 while found_value is None and idx < len(goal_values): if goal_values[idx].theName == name: found_value = goal_values[idx] idx += 1 if found_value is None: raise ObjectNotFoundHTTPError('The provided goal value name') return found_value
def get_asset_value_by_name(self, name, environment_name=''): found_value = None asset_values = self.get_asset_values(environment_name=environment_name) if asset_values is None or len(asset_values) < 1: self.close() raise ObjectNotFoundHTTPError('Asset values') idx = 0 while found_value is None and idx < len(asset_values): if asset_values[idx].theName == name: found_value = asset_values[idx] idx += 1 if found_value is None: self.close() raise ObjectNotFoundHTTPError('The provided asset value name') return found_value
def get_environment_by_id(self, env_id, simplify=True): """ :rtype: Environment :raise ObjectNotFoundHTTPError: """ found_environment = None try: environments = self.db_proxy.getEnvironments() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) if environments is not None: found_environment = None idx = 0 while found_environment is None and idx < len(environments): if environments.values()[idx].theId == env_id: found_environment = environments.values()[idx] idx += 1 if found_environment is None: self.close() raise ObjectNotFoundHTTPError('The provided environment name') if simplify: found_environment = self.simplify(found_environment) return found_environment
def update_role(self, role, name=None, role_id=-1): if name is not None: old_role = self.get_role_by_name(name, simplify=False) if role is None: self.close() raise ObjectNotFoundHTTPError('The asset') role_id = old_role.theId if role_id > -1: params = RoleParameters( name=role.theName, rType=role.theType, sCode=role.theShortCode, desc=role.theDescription, cProperties=[] ) params.setId(role_id) try: self.db_proxy.updateRole(params) except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) else: self.close() raise MissingParameterHTTPError(param_names=['id'])
def get_misuse_case_by_risk_name(self, risk_name, simplify=True): found_risk = self.get_risk_by_name(risk_name, skip_misuse=True) try: misuse_case = self.db_proxy.riskMisuseCase(found_risk.theId) except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex) if not misuse_case: self.close() raise ObjectNotFoundHTTPError( 'The misuse case associated with the risk') assert isinstance(misuse_case, MisuseCase) misuse_case = self.expand_mc_props(misuse_case) if simplify: misuse_case = self.simplify(misuse_case) return misuse_case
def get_threat_type_by_name(self, name, environment_name=''): found_type = None threat_types = self.get_threat_types(environment_name=environment_name) if threat_types is None or len(threat_types) < 1: self.close() raise ObjectNotFoundHTTPError('Threat types') idx = 0 while found_type is None and idx < len(threat_types): if threat_types[idx].theName == name: found_type = threat_types[idx] idx += 1 if found_type is None: self.close() raise ObjectNotFoundHTTPError('The provided threat type name') return found_type
def get_dependency_by_name(self, dep_name): """ :rtype : Dependency """ dependencies = self.get_dependencies() found_dependency = dependencies.get(dep_name, None) if not found_dependency: raise ObjectNotFoundHTTPError('The provided dependency name') return found_dependency
def get_vulnerability_type_by_name(self, name, environment_name=''): found_type = None vulnerability_types = self.get_vulnerability_types( environment_name=environment_name) if vulnerability_types is None or len(vulnerability_types) < 1: self.close() raise ObjectNotFoundHTTPError('Vulnerability types') idx = 0 while found_type is None and idx < len(vulnerability_types): if vulnerability_types[idx].theName == name: found_type = vulnerability_types[idx] idx += 1 if found_type is None: self.close() raise ObjectNotFoundHTTPError( 'The provided vulnerability type name') return found_type
def get(self, id): session_id = get_session_id(session, request) dao = AssetDAO(session_id) asset = dao.get_asset_by_id(id) dao.close() if asset is None: raise ObjectNotFoundHTTPError('The asset') resp = make_response(json_serialize(asset, session_id=session_id)) resp.headers['Content-Type'] = "application/json" return resp
def get_risk_by_name(self, name, simplify=True, skip_misuse=False): """ :rtype : Risk """ risks = self.get_risks(simplify=simplify, skip_misuse=skip_misuse) found_risk = risks.get(name, None) if found_risk is None: self.close() raise ObjectNotFoundHTTPError(obj='The provided risk name') return found_risk
def get_attacker_by_name(self, name, simplify=True): """ :rtype: Attacker :raise ObjectNotFoundHTTPError: """ attackers = self.get_attackers(simplify=simplify) found_attacker = attackers.get(name, None) if found_attacker is None: self.close() raise ObjectNotFoundHTTPError('The provided attacker name') return found_attacker
def get_goal_by_name(self, name, coloured=False, simplify=True): found_goal = None goals = self.get_goals(coloured=coloured, simplify=False) if goals is not None: found_goal = goals.get(name) if found_goal is None: self.close() raise ObjectNotFoundHTTPError('The provided goal name') if simplify: found_goal = self.simplify(found_goal) return found_goal
def get_attacker_capability_by_name(self, name, environment_name=''): """ :rtype : ValueType """ found_capability = None attacker_capabilities = self.get_attacker_capabilities( environment_name=environment_name) if attacker_capabilities is None or len(attacker_capabilities) < 1: self.close() raise ObjectNotFoundHTTPError('Attacker capabilities') idx = 0 while found_capability is None and idx < len(attacker_capabilities): if attacker_capabilities[idx].theName == name: found_capability = attacker_capabilities[idx] idx += 1 if found_capability is None: self.close() raise ObjectNotFoundHTTPError( 'The provided attacker capability name') return found_capability
def get_role_by_name(self, name, simplify=True): found_role = None roles = self.db_proxy.getRoles() if roles is not None: found_role = roles.get(name) if found_role is None: self.close() raise ObjectNotFoundHTTPError('The provided role name') if simplify: found_role = self.simplify(found_role) return found_role
def get_role_by_id(self, role_id, simplify=True): found_role = None roles = self.db_proxy.getRoles() idx = 0 while found_role is None and idx < len(roles): if roles.values()[idx].theId == role_id: found_role = roles.values()[idx] idx += 1 if found_role is None: self.close() raise ObjectNotFoundHTTPError('The provided role name') if simplify: found_role = self.simplify(found_role) return found_role
def get_vulnerability_by_name(self, name, simplify=True): found_vulnerability = None try: vulnerabilities = self.db_proxy.getVulnerabilities() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) if vulnerabilities is not None: found_vulnerability = vulnerabilities.get(name) if found_vulnerability is None: self.close() raise ObjectNotFoundHTTPError('The provided vulnerability name') if simplify: found_vulnerability = self.simplify(found_vulnerability) return found_vulnerability
def delete_environment(self, name=None, env_id=None): if name is not None: found_environment = self.get_environment_by_name(name, simplify=False) if found_environment is None: raise ObjectNotFoundHTTPError('The provided environment name') env_id = found_environment.theId if env_id is not None and env_id > -1: try: self.db_proxy.deleteEnvironment(env_id) except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex) else: self.close() raise MissingParameterHTTPError(param_names=['id'])
def get_threat_by_name(self, name, simplify=True): found_threat = None try: threats = self.db_proxy.getThreats() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) if threats is not None: found_threat = threats.get(name) if found_threat is None: self.close() raise ObjectNotFoundHTTPError('The provided threat name') if simplify: found_threat = self.simplify(found_threat) return found_threat
def get_risk_rating_by_tve(self, threat_name, vulnerability_name, environment_name): """ :rtype: RiskRating """ try: rating = self.db_proxy.riskRating(threat_name, vulnerability_name, environment_name) risk_rating = RiskRating(threat_name, vulnerability_name, environment_name, rating) return risk_rating except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex) except TypeError: self.close() raise ObjectNotFoundHTTPError(obj='A rating for the risk')
def delete_role(self, name=None, role_id=-1): if name is not None: found_role = self.get_role_by_name(name) elif role_id > -1: found_role = self.get_role_by_id(role_id) else: self.close() raise MissingParameterHTTPError(param_names=['name']) if found_role is None or not isinstance(found_role, Role): self.close() raise ObjectNotFoundHTTPError('The provided role name') try: self.db_proxy.deleteRole(found_role.theId) except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex)
def delete_asset(self, name=None, asset_id=-1): if name is not None: found_asset = self.get_asset_by_name(name) elif asset_id > -1: found_asset = self.get_asset_by_id(asset_id) else: self.close() raise MissingParameterHTTPError(param_names=['name']) if found_asset is None or not isinstance(found_asset, Asset): self.close() raise ObjectNotFoundHTTPError('The provided asset name') try: self.db_proxy.deleteAsset(found_asset.theId) except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex)
def get_threat_by_id(self, threat_id, simplify=True): found_threat = None try: threats = self.db_proxy.getThreats() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) idx = 0 while found_threat is None and idx < len(threats): if threats.values()[idx].theId == threat_id: found_threat = threats.values()[idx] idx += 1 if found_threat is None: self.close() raise ObjectNotFoundHTTPError('The provided threat ID') if simplify: found_threat = self.simplify(found_threat) return found_threat
def get_asset_by_name(self, name, simplify=True): found_asset = None try: assets = self.db_proxy.getAssets() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex) if assets is not None: found_asset = assets.get(name) if found_asset is None: self.close() raise ObjectNotFoundHTTPError('The provided asset name') if simplify: found_asset = self.simplify(found_asset) return found_asset
def get_vulnerability_by_id(self, vuln_id, simplify=True): found_vulnerability = None try: vulnerabilities = self.db_proxy.getVulnerabilities() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) idx = 0 while found_vulnerability is None and idx < len(vulnerabilities): if vulnerabilities.values()[idx].theId == vuln_id: found_vulnerability = vulnerabilities.values()[idx] idx += 1 if found_vulnerability is None: self.close() raise ObjectNotFoundHTTPError('The provided vulnerability ID') if simplify: found_vulnerability = self.simplify(found_vulnerability) return found_vulnerability
def expand_mc_props(self, misuse_case): # Fetch threat and vulnerability name try: threat_name, vuln_name = self.db_proxy.misuseCaseRiskComponents( misuse_case.theName) misuse_case.theThreatName = threat_name misuse_case.theVulnerabilityName = vuln_name except ARM.DatabaseProxyException as ex: self.close() if ex.value.find( 'Error obtaining risk components associated with Misuse Case' ): raise ObjectNotFoundHTTPError( 'The associated threat and vulnerability name') else: raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex) # Add objective, likelihood, severity and risk rating for idx in range(0, len(misuse_case.theEnvironmentProperties)): env_prop = misuse_case.theEnvironmentProperties[idx] assert isinstance(env_prop, MisuseCaseEnvironmentProperties) env_prop.theObjective, env_prop.theAssets = self.get_misuse_case_obj_and_assets( misuse_case.theThreatName, misuse_case.theVulnerabilityName, env_prop.theEnvironmentName) env_prop.theLikelihood = self.get_misuse_case_likelihood( threat_name, env_prop.theEnvironmentName) env_prop.theSeverity = self.get_misuse_case_severity( vuln_name, env_prop.theEnvironmentName) env_prop.theRiskRating = self.get_risk_rating_by_tve( threat_name, vuln_name, env_prop.theEnvironmentName) env_prop.theAttackers = self.get_misuse_case_attackers( threat_name, env_prop.theEnvironmentName) misuse_case.theEnvironmentProperties[idx] = env_prop return misuse_case
def get_risk_analysis_model(self, environment_name, dim_name, obj_name): fontName, fontSize, apFontName = get_fonts(session_id=self.session_id) try: riskAnalysisModel = self.db_proxy.riskAnalysisModel( environment_name, dim_name, obj_name) tLinks = EnvironmentModel(riskAnalysisModel, environment_name, self.db_proxy, fontName=fontName, fontSize=fontSize) dot_code = tLinks.graph() if not dot_code: raise ObjectNotFoundHTTPError('The risk analysis model') return dot_code except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARM.ARMException as ex: self.close() raise ARMHTTPError(ex) except Exception as ex: self.close() print(ex)
def get(self, environment): session_id = get_session_id(session, request) with_concerns = request.args.get('with_concerns', True) if with_concerns == '0' or with_concerns == 0: with_concerns = False model_generator = get_model_generator() dao = AssetDAO(session_id) dot_code = dao.get_asset_model(environment, with_concerns=with_concerns) dao.close() if not isinstance(dot_code, str): raise ObjectNotFoundHTTPError('The model') resp = make_response(model_generator.generate(dot_code), httplib.OK) accept_header = request.headers.get('Accept', 'image/svg+xml') if accept_header.find('text/plain') > -1: resp.headers['Content-type'] = 'text/plain' else: resp.headers['Content-type'] = 'image/svg+xml' return resp
def get_environment_by_name(self, name, simplify=True): """ :rtype: Environment :raise ObjectNotFoundHTTPError: """ found_environment = None try: environments = self.db_proxy.getEnvironments() except ARM.DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) if environments is not None: found_environment = environments.get(name) if found_environment is None: self.close() raise ObjectNotFoundHTTPError('The provided environment name') if simplify: found_environment = self.simplify(found_environment) return found_environment
def check_environment(environment_name, session, session_id): db_proxy = validate_proxy(session, session_id) environment_names = db_proxy.getEnvironmentNames() if not environment_name in environment_names: raise ObjectNotFoundHTTPError('The specified environment')