def mutate(self, info, **parameters): success = False files_data = parameters['files_data'] uploaded_file = info.context.FILES['1'] project_name = parameters['project_name'] user_email = util.get_jwt_content(info.context)['user_email'] add_file = resources.create_file(files_data, uploaded_file, project_name, user_email) if add_file: resources.send_mail(project_name, user_email, files_data, 'added', 'file') success = True else: rollbar.report_message('Error: \ An error occurred uploading file', 'error', info.context) if success: util.invalidate_cache(project_name) util.cloudwatch_log(info.context, 'Security: Added evidence files to \ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log(info.context, 'Security: Attempted to add evidence files \ from {project} project'.format(project=project_name)) ret = AddFiles(success=success, resources=Resource(project_name)) return ret
def mutate(self, info, resource_data: Dict[str, Any], project_name: str, res_type: str) -> object: success = False user_email = util.get_jwt_content(info.context)['user_email'] update_res = resources.update_resource(resource_data, project_name, res_type, user_email) if update_res: resources.send_mail(project_name, user_email, [resource_data], 'activated' if resource_data.get('state') == 'INACTIVE' else 'deactivated', res_type) success = True else: rollbar.report_message('Error: \ An error occurred updating resource', 'error', info.context) if success: util.invalidate_cache(project_name) util.cloudwatch_log(info.context, 'Security: Updated resources from \ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log(info.context, 'Security: Attempted to update resources \ from {project} project'.format(project=project_name)) ret = UpdateResources(success=success, resources=Resource(project_name)) return ret
def mutate(_, info, project_name: str, repo: Dict[str, str], state: str) -> object: user_email = util.get_jwt_content(info.context)['user_email'] success = resources.update_resource( repo, project_name, 'repository', user_email) if success: util.invalidate_cache(project_name) util.cloudwatch_log( info.context, f'Security: Updated repository state in {project_name} ' 'project succesfully') action = 'activated' if state == 'ACTIVE' else 'deactivated' resources.send_mail( project_name, user_email, [repo], action, 'repository') else: rollbar.report_message( 'An error occurred updating repository state', level='error', payload_data=locals()) util.cloudwatch_log( info.context, 'Security: Attempted to update repository state in ' f'{project_name} project') return UpdateRepository(success=success)
def mutate(self, info, project_name, tags): success = False project_name = project_name.lower() if project_domain.is_alive(project_name): if project_domain.validate_tags(project_name, tags): project_tags = project_domain.get_attributes(project_name, ['tag']) if not project_tags: project_tags = {'tag': set(tag for tag in tags)} else: project_tags.get('tag').update(tags) tags_added = project_domain.update(project_name, project_tags) if tags_added: success = True else: rollbar.report_message('Error: \ An error occurred adding tags', 'error', info.context) else: util.cloudwatch_log(info.context, 'Security: \ Attempted to upload tags without the allowed structure') else: util.cloudwatch_log(info.context, 'Security: \ Attempted to upload tags without the allowed validations') if success: util.invalidate_cache(project_name) ret = AddTags(success=success, project=Project(project_name)) return ret
def mutate(self, info, **parameters): project_name = parameters.get('project_name').lower() user_info = util.get_jwt_content(info.context) current_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S') comment_id = int(round(time.time() * 1000)) comment_data = { 'user_id': comment_id, 'content': parameters.get('content'), 'created': current_time, 'fullname': str.join(' ', [user_info['first_name'], user_info['last_name']]), 'modified': current_time, 'parent': int(parameters.get('parent')) } success = project_domain.add_comment( project_name, user_info['user_email'], comment_data) if success: util.invalidate_cache(project_name) util.cloudwatch_log(info.context, 'Security: Added comment to \ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log(info.context, 'Security: Attempted to add \ comment in {project} project'.format(project=project_name)) ret = AddProjectComment(success=success, comment_id=comment_id) return ret
def mutate(self, info, finding_id: str, approval_status: str, uuid: str = '') -> object: project_name = get_finding_project_name(finding_id) success = False if uuid: success = update_approval_status(finding_id, uuid, approval_status) else: success = update_all_pending_vulns(finding_id, approval_status) if success: update_last_vuln_date(finding_id) util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Approve vulnerability from {project}\ project succesfully'.format(project=project_name)) else: util.cloudwatch_log( info.context, 'Security: Attempted to approve\ vulnerability from {project} project'.format( project=project_name)) ret = ApproveVulnerability(success=success) return ret
def mutate(self, info, resource_data: Dict[str, Any], project_name: str, res_type: str) -> object: success = False user_email = util.get_jwt_content(info.context)['user_email'] add_res = resources.create_resource(resource_data, project_name, res_type, user_email) if add_res: resources.send_mail(project_name, user_email, resource_data, 'added', res_type) success = True else: rollbar.report_message('Error: \ An error occurred adding resource', 'error', info.context) if success: util.invalidate_cache(project_name) util.cloudwatch_log(info.context, 'Security: Added resources to \ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log(info.context, 'Security: Attempted to add resources \ from {project} project'.format(project=project_name)) ret = AddResources(success=success, resources=Resource(project_name)) return ret
def mutate(self, info, project_name): success = project_domain.add_all_access_to_project(project_name) if success: util.cloudwatch_log( info.context, f'Security: Add all project access of {project_name}') util.invalidate_cache(project_name) return AddAllProjectAccess(success=success)
def mutate(self, info, project_name): success = project_domain.remove_all_project_access(project_name) if success: util.cloudwatch_log( info.context, f'Security: Remove all project access of {project_name}') util.invalidate_cache(project_name) return RemoveAllProjectAccess(success=success)
def resolve_remove_event_evidence(_, info, event_id, evidence_type): """Resolve remove_event_evidence mutation.""" success = event_domain.remove_evidence(evidence_type, event_id) if success: util.cloudwatch_log(info.context, f'Security: Removed evidence in event {event_id}') util.invalidate_cache(event_id) return dict(success=success)
def mutate(_, info, event_id, evidence_type): success = event_domain.remove_evidence(evidence_type, event_id) if success: util.cloudwatch_log( info.context, f'Security: Removed evidence in event {event_id}') util.invalidate_cache(event_id) return RemoveEventEvidence(success=success)
def mutate(_, info, finding_id: str, vulnerabilities: List) -> object: project_name = get_finding_project_name(finding_id) success = delete_tags(finding_id, cast(_List[str], vulnerabilities)) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log(info.context, f'Delete tags from {finding_id}') return DeleteTags(success=success)
def resolve_update_event(_, info, event_id, **kwargs): """Resolve update_event mutation.""" success = event_domain.update_event(event_id, **kwargs) if success: project_name = event_domain.get_event(event_id).get('project_name') util.invalidate_cache(event_id) util.invalidate_cache(project_name) util.cloudwatch_log(info.context, f'Security: Updated event {event_id} succesfully') return dict(success=success)
def mutate(self, info, finding_id): analyst_email = util.get_jwt_content(info.context)['user_email'] success = finding_domain.submit_draft(finding_id, analyst_email) if success: util.invalidate_cache(finding_id) util.cloudwatch_log( info.context, 'Security: Submitted draft ' '{} succesfully'.format(finding_id)) return SubmitDraft(success=success)
def mutate(self, info, project_name): user_info = util.get_jwt_content(info.context) success = project_domain.reject_deletion(project_name, user_info['user_email']) if success: project = project_name.lower() util.invalidate_cache(project) util.cloudwatch_log( info.context, f'Security: Reject project {project} deletion succesfully') return RejectRemoveProject(success=success)
def resolve_create_event(_, info, project_name, image=None, file=None, **kwa): """Resolve create_event mutation.""" analyst_email = util.get_jwt_content(info.context)['user_email'] success = event_domain.create_event(analyst_email, project_name.lower(), file, image, **kwa) if success: util.cloudwatch_log( info.context, 'Security: Created event in ' f'{project_name} project succesfully') util.invalidate_cache(project_name) return dict(success=success)
def resolve_invalidate_cache(_, info, pattern): """Resolve invalidate_cache.""" success = False regex = r'^\w+$' if re.match(regex, pattern): util.invalidate_cache(pattern) success = True util.cloudwatch_log( info.context, f'Security: Pattern {pattern} was removed from cache') return dict(success=success)
def mutate(self, info, evidence_id, finding_id): success = finding_domain.remove_evidence(evidence_id, finding_id) if success: util.cloudwatch_log( info.context, f'Security: Removed evidence in finding {finding_id}') util.invalidate_cache(finding_id) findings_loader = info.context.loaders['finding'] ret = RemoveEvidence(finding=findings_loader.load(finding_id), success=success) return ret
def mutate(_, info, pattern): regex = r'^\w+$' if re.match(regex, pattern): util.invalidate_cache(pattern) success = True util.cloudwatch_log( info.context, f'Security: Pattern {pattern} was removed from cache') else: success = False return InvalidateCache(success=success)
def mutate(self, info, **kwargs): user_data = util.get_jwt_content(info.context) user_role = get_user_role(user_data) success = project_domain.create_project( user_data['user_email'], user_role, **kwargs) if success: project = kwargs.get('project_name').lower() util.invalidate_cache(user_data['user_email']) util.cloudwatch_log( info.context, f'Security: Created project {project} succesfully') return CreateProject(success=success)
def delete_project(project): """Delete project information.""" project = project.lower() are_users_removed = remove_all_users_access(project) are_findings_masked = [ finding_domain.mask_finding(finding_id) for finding_id in project_domain.list_findings(project)] update_project_state_db = project_domain.update(project, {'project_status': 'FINISHED'}) is_project_deleted = all([ are_findings_masked, are_users_removed, update_project_state_db]) util.invalidate_cache(project) return is_project_deleted
def mutate(self, info, finding_id, justification): project_name = project_domain.get_finding_project_name(finding_id) user_info = util.get_jwt_content(info.context) success = finding_domain.verify_finding( finding_id, user_info['user_email'], justification, str.join(' ', [user_info['first_name'], user_info['last_name']])) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Verified the ' f'finding_id: {finding_id}') ret = VerifyFinding(success=success) return ret
def delete_pending_projects(): """ Delete pending to delete projects """ rollbar.report_message('Warning: Function to delete projects if ' 'deletion_date expires is running', 'warning') today = datetime.now() projects = project_domain.get_pending_to_delete() for project in projects: historic_deletion = project.get('historic_deletion', [{}]) last_state = historic_deletion[-1] deletion_date = last_state.get( 'deletion_date', today.strftime('%Y-%m-%d %H:%M:%S')) deletion_date = datetime.strptime(deletion_date, '%Y-%m-%d %H:%M:%S') if deletion_date < today: project_domain.remove_project(project.get('project_name'), '') util.invalidate_cache(project.get('project_name'))
def resolve_add_event_comment(_, info, content, event_id, parent): """Resolve add_event_comment mutation.""" user_info = util.get_jwt_content(info.context) comment_id, success = event_domain.add_comment(content, event_id, parent, user_info) if success: util.invalidate_cache(event_id) util.cloudwatch_log( info.context, f'Security: Added comment to event {event_id} succesfully') else: util.cloudwatch_log( info.context, f'Security: Attempted to add comment in event {event_id}') return dict(success=success, comment_id=comment_id)
def resolve_solve_event(_, info, event_id, affectation, date): """Resolve solve_event mutation.""" analyst_email = util.get_jwt_content(info.context)['user_email'] success = event_domain.solve_event(event_id, affectation, analyst_email, date) if success: project_name = event_domain.get_event(event_id).get('project_name') util.invalidate_cache(event_id) util.invalidate_cache(project_name) util.cloudwatch_log(info.context, f'Security: Solved event {event_id} succesfully') else: util.cloudwatch_log(info.context, f'Security: Attempted to solve event {event_id}') return dict(success=success)
def resolve_update_event_evidence(_, info, event_id, evidence_type, file): """Resolve update_event_evidence mutation.""" success = False if event_domain.validate_evidence(evidence_type, file): success = event_domain.update_evidence(event_id, evidence_type, file) if success: util.invalidate_cache(event_id) util.cloudwatch_log( info.context, f'Security: Updated evidence in event {event_id} succesfully') else: util.cloudwatch_log( info.context, f'Security: Attempted to update evidence in event {event_id}') return dict(success=success)
def mutate(self, info, **query_args): project_name = query_args.get('project_name') success = False user_data = util.get_jwt_content(info.context) role = get_user_role(user_data) modified_user_data = { 'email': query_args.get('email'), 'organization': query_args.get('organization'), 'responsibility': query_args.get('responsibility'), 'role': query_args.get('role'), 'phone_number': query_args.get('phone_number') } if (role == 'admin' and modified_user_data['role'] in ['admin', 'analyst', 'customer', 'customeradmin']) \ or (is_customeradmin(project_name, user_data['user_email']) and modified_user_data['role'] in ['customer', 'customeradmin']): if user_domain.assign_role(modified_user_data['email'], modified_user_data['role']): modify_user_information(info.context, modified_user_data, project_name) success = True else: rollbar.report_message('Error: Couldn\'t update user role', 'error', info.context) else: rollbar.report_message( 'Error: Invalid role provided: ' + modified_user_data['role'], 'error', info.context) if success: util.invalidate_cache(project_name) util.invalidate_cache(query_args.get('email')) util.cloudwatch_log( info.context, 'Security: Modified user data:{user} \ in {project} project succesfully'.format( user=query_args.get('email'), project=project_name)) else: util.cloudwatch_log( info.context, 'Security: Attempted to modify user \ data:{user} in {project} project'.format( user=query_args.get('email'), project=project_name)) ret = \ EditUser(success=success, modified_user=User(project_name, modified_user_data['email'])) return ret
def mutate(self, info, finding_id): reviewer_email = util.get_jwt_content(info.context)['user_email'] project_name = finding_domain.get_finding(finding_id)['projectName'] success = finding_domain.reject_draft(finding_id, reviewer_email) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Draft {} rejected succesfully'.format(finding_id)) else: util.cloudwatch_log( info.context, 'Security: Attempted to reject draft {}'.format(finding_id)) return RejectDraft(success=success)
def mutate(self, info, finding_id, justification): project_name = finding_domain.get_finding(finding_id)['projectName'] success = finding_domain.delete_finding(finding_id, project_name, justification, info.context) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, f'Security: Deleted finding: {finding_id} succesfully') else: util.cloudwatch_log( info.context, f'Security: Attempted to delete finding: {finding_id}') return DeleteFinding(success=success)
def mutate(self, info, **parameters): finding_id = parameters.get('finding_id') project_name = get_finding_project_name(finding_id) user_info = util.get_jwt_content(info.context) success = verify_vulnerabilities( finding_id, user_info['user_email'], str.join(' ', [ user_info.get('first_name', ''), user_info.get('last_name', '') ]), info, parameters) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Verified a request ' f'in finding_id: {finding_id}') return VerifyRequestVuln(success=success)