def from_json(self, request): json = request.get_json(silent=True) if json is False or json is None: self.close() raise MalformedJSONHTTPError(data=request.get_data()) json_dict = json['object'] check_required_keys(json_dict, ProjectSettings.required) json_dict['__python_obj__'] = ProjectSettings.__module__+'.'+ProjectSettings.__name__ contrs = json_dict['contributions'] or [] if not isinstance(contrs, list): contrs = [] for idx in range(0, len(contrs)): try: check_required_keys(contrs[idx], Contributor.required) json_dict['contributions'][idx] = (contrs[idx]['firstName'], contrs[idx]['surname'], contrs[idx]['affiliation'], contrs[idx]['role']) except MissingParameterHTTPError: SilentHTTPError('A contribution did not contain all required fields. Skipping this one.') revisions = json_dict['revisions'] or [] if not isinstance(revisions, list): revisions = [] for idx in range(0, len(revisions)): try: check_required_keys(revisions[idx], Revision.required) json_dict['revisions'][idx] = (revisions[idx]['id'], revisions[idx]['date'], revisions[idx]['description']) except MissingParameterHTTPError: SilentHTTPError('A revision did not contain all required fields. Skipping this one.') settings = json_deserialize(json_dict) return settings
def get_misuse_case_severity(self, vulnerability_name, environment_name): severity_name = 'N/A' try: vulnerability_id = self.db_proxy.getDimensionId(vulnerability_name, 'vulnerability') environment_id = self.db_proxy.getDimensionId(environment_name, 'environment') severity_name = self.db_proxy.vulnerabilitySeverity(vulnerability_id, environment_id) except DatabaseProxyException as ex: SilentHTTPError(ex.value) except ARMException as ex: SilentHTTPError(str(ex.value)) return severity_name
def get_misuse_case_likelihood(self, threat_name, environment_name): likelihood_name = 'N/A' try: threat_id = self.db_proxy.getDimensionId(threat_name, 'threat') environment_id = self.db_proxy.getDimensionId(environment_name, 'environment') likelihood_name = self.db_proxy.threatLikelihood(threat_id, environment_id) except DatabaseProxyException as ex: SilentHTTPError(ex.value) except ARMException as ex: SilentHTTPError(str(ex.value)) return likelihood_name
def get_misuse_case_attackers(self, threat_name, environment_name): """ :rtype : list[str] """ attackers = [] try: threat_id = self.db_proxy.getDimensionId(threat_name, 'threat') environment_id = self.db_proxy.getDimensionId(environment_name, 'environment') attackers = self.db_proxy.threatAttackers(threat_id, environment_id) except DatabaseProxyException as ex: SilentHTTPError(ex.value) except ARMException as ex: SilentHTTPError(str(ex.value)) return attackers
def get_misuse_case_obj_and_assets(self, threat_name, vulnerability_name, environment_name): """ :rtype : str, list[Asset] """ dao = AssetDAO(self.session_id) threatened_assets = [] vulnerable_assets = [] try: threatened_assets = dao.get_threatened_assets( threat_name, environment_name) vulnerable_assets = dao.get_vulnerable_assets( vulnerability_name, environment_name) except ObjectNotFoundHTTPError as ex: SilentHTTPError(ex.message) objectiveText = 'Exploit vulnerabilities in ' for idx, vulAsset in enumerate(vulnerable_assets): objectiveText += vulAsset if (idx != (len(vulnerable_assets) - 1)): objectiveText += ',' objectiveText += ' to threaten ' for idx, thrAsset in enumerate(threatened_assets): objectiveText += thrAsset if (idx != (len(threatened_assets) - 1)): objectiveText += ',' objectiveText += '.' assets = set(threatened_assets + vulnerable_assets) return objectiveText, list(assets)