def sw(cID):
dbCon = None
try:
dbCon = conDB.newCon()
cursor = dbCon.cursor()
queryPrinciples = 'SELECT * FROM software;'
data = cursor.execute(queryPrinciples)
if int(cID) > 0:
queryPrinciples = 'SELECT s.id, s.description FROM software s ' \
'INNER JOIN softwareCountry sC on sC.softwareID = s.id ' \
'WHERE sC.countryID = ?'
data = cursor.execute(queryPrinciples, cID)
response = app.response_class(response=jsonParser.swJSON(
data.fetchall()),
status=200,
mimetype='application/json')
return response
except Exception as e:
abort(500, {'message': e})
finally:
if dbCon is not None:
try:
dbCon.close()
app.logger.info("dbcon closed {}".format(dbCon))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
def returnPDF(pdfID):
reportName = "/usr/src/app/pdfs/report-" + str(pdfID) + ".pdf"
if not os.path.exists(reportName):
#app.logger.error("buildpdf")
con = conDB.newCon()
data = conDB.getSelectedPDF(con, pdfID).fetchone()
with open(reportName, 'wb') as output_file:
output_file.write(data)
try:
#app.logger.error(os.path.exists(reportName))
return send_file(reportName,
attachment_filename='report-' + str(pdfID) + '.pdf')
except Exception as e:
return str(e)
def job_function():
con = conDB.newCon()
data = conDB.getPDFs(con).fetchall()
# ter em conta time out to job result
# ver se status é 0 o u 1 antes de chamar result
for i in data:
if i[6] == 0: # status for 0 faz call para obter resultado do job
job = Job.fetch(i[5], connection=redis_conn)
#ver se ja cabou ou n
if job.get_status() == "finished":
pdfName = job.result[1] # full path
with open(pdfName, 'rb') as input_file:
ablob = input_file.read()
conDB.insertPDF(i[0], pdfBLOB=ablob)
elif job.get_status() == "failed":
conDB.insertPDF(i[0], status=-1)
else:
continue
def getPDFs():
con = None
try:
con = conDB.newCon()
data = conDB.getPDFs(con)
response = app.response_class(response=jsonParser.pdfsJSON(
data.fetchall()),
status=200,
mimetype='application/json')
return response
except Exception as e:
print(e)
abort(500, {'message': e})
finally:
try:
con.close()
app.logger.info("dbcon closed {}".format(con))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
def principleH():
dbCon = None
try:
dbCon = conDB.newCon()
data = conDB.getPrincipleHeaders(dbCon)
response = app.response_class(response=jsonParser.phJSON(
data.fetchall()),
status=200,
mimetype='application/json')
return response
except Exception as e:
abort(500, {'message': e})
finally:
if dbCon is not None:
try:
dbCon.close()
app.logger.info("dbcon closed {}".format(dbCon))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
def country():
dbCon = None
try:
dbCon = conDB.newCon()
cursor = dbCon.cursor()
queryCountry = 'SELECT * from country;'
data = cursor.execute(queryCountry)
response = app.response_class(response=jsonParser.countryJSON(
data.fetchall()),
status=200,
mimetype='application/json')
return response
except Exception as e:
abort(500, {'message': e})
finally:
if dbCon is not None:
try:
dbCon.close()
app.logger.info("dbcon closed {}".format(dbCon))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
def parseData(self, data, path):
self.set_font('Arial', 'B', 15)
self.cell(0, 0, 'Principles', 0, 0, 'L')
principlesOUT = data["principle"]
html = ""
for pID in range(0, 8): # 8 = numero de principios definidos
principleHid = principlesOUT[pID]["pID"]
principleHname = ''
try:
con = conDB.newCon()
res = conDB.getPrincipleHname(con, principleHid)
for i in res:
principleHname = i[1]
except Exception as e:
raise
html += "<h2>" + principleHname + "</h2>"
rules = principlesOUT[pID]["rules"]
html += "<ul>"
if (len(rules)) > 0:
for i in range(0, len(rules)):
html += """<li>""" + rules[i]["ruleDef"] + """ ---> """
if rules[i]["ruleCheck"]:
html += "In compliance"
else:
html += "Not in compliance\n"
html += "<h6>Suggestions to be in compliance</h6>"
html += """
<ul>
<li>TODO</li>
</ul>
"""
html += """</li>"""
else:
html += "<li>No principles defined</li>"
html += "</ul>"
print(html)
self.write_html(html)
def rules(cID):
dbCon = None
try:
dbCon = conDB.newCon()
cursor = dbCon.cursor()
queryRulesCountry = 'SELECT id as rID, definition as rDefinition FROM rule ' \
'INNER JOIN ruleCountry rC ON rule.id = rC.ruleID ' \
'WHERE rC.countryID = ?'
data = cursor.execute(queryRulesCountry, cID)
response = app.response_class(response=jsonParser.rulesJSON(
data.fetchall()),
status=200,
mimetype='application/json')
return response
except Exception as e:
abort(500, {'message': e})
finally:
if dbCon is not None:
try:
dbCon.close()
app.logger.info("dbcon closed {}".format(dbCon))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
def postDataForm():
content = request.get_json()
swName = ''
nameCountry = ''
swPath = ''
dbCon = None
try:
dbCon = conDB.newCon()
cursor = dbCon.cursor()
querySW = 'SELECT description FROM software where id = ?;'
data = cursor.execute(querySW, str(content['sw']))
for i in data:
swName = i[0]
queryCountry = 'SELECT name FROM country where id = ?;'
data = cursor.execute(queryCountry, str(content['country']))
for i in data:
nameCountry = i[0]
# queryPATH = 'SELECT pathfiles FROM softwareCountry where softwareID = ? and countryID = ?;'
# data = cursor.execute(queryPATH, (str(content['sw']), str(content['country'])))
# for i in data:
# swPath = i[0]
except Exception as e:
abort(500, {'message': e})
finally:
if dbCon is not None:
try:
dbCon.close()
app.logger.info("dbcon closed {}".format(dbCon))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
print("Error closing con {}".format(e))
# build html for gdpr
htmlGDPR, timestamp = buildPDF.buildPDF(content, swName, nameCountry)
try:
# start security scans in bg
con = conDB.newCon()
idPDF = conDB.createPDFentry(
con, str(content['country']), str(content['sw']),
timestamp) # insere e retorna o id da inserção
app.logger.info("start job")
job = q.enqueue(doAllScans,
args=(htmlGDPR, timestamp, idPDF, content["doNMAP"],
content["doZAP"], str(content["ZAPurl"])),
job_timeout=3600 * 5)
jobID = str(job.get_id())
conDB.insertJobID(con, jobID, idPDF)
response = app.response_class(status=202)
return response
except Exception as e:
print(e)
abort(500, {'message': e})
finally:
if dbCon is not None:
try:
dbCon.close()
app.logger.info("dbcon closed {}".format(dbCon))
except Exception as e:
app.logger.error("Error closing con {}".format(e))
print("Error closing con {}".format(e))
def buildPDF(data, swName, nameCountry):
html = """
<!DOCTYPE html>
<html>
<body>
<h1>GDPR report for """ + swName + """ following the """ + nameCountry + """\'s specific rules</h1>
"""
principlesOUT = data["principle"]
allRules = 0
allNotComplianceRules = 0
for pID in range(0, 8): # 8 = numero de principios definidos
principleHid = principlesOUT[pID]["pID"]
principleHname = ''
con = None
try:
con = conDB.newCon()
res = conDB.getPrincipleHname(con, principleHid)
for i in res:
principleHname = i[1]
except Exception as e:
raise
finally:
if con is not None:
try:
con.close()
print("con closed {}".format(con))
except Exception as e:
print("Error closing con {}".format(e))
html += "<h2><font color=\"black\">" + principleHname + "</h2>"
rules = principlesOUT[pID]["rules"]
#organize rules into comply or not
inCompliance = []
not_inCompliance = []
for i in range(0, len(rules)):
if rules[i]["ruleCheck"]:
inCompliance.append(rules[i])
else:
not_inCompliance.append(rules[i])
if pID != 7:
allRules = allRules + len(rules)
allNotComplianceRules = allNotComplianceRules + len(
not_inCompliance)
#display rules
if (len(rules)) > 0:
html += "<h3><font color=\"green\"> In compliance with: </h2>"
html += "<ul>"
for i in range(0, len(inCompliance)):
html += """<li><font color=\"black\"> """ + inCompliance[i][
"ruleDef"] + "</li>"
html += "</ul>"
html += "<h3><font color=\"red\"> Not in compliance with: </h2>"
html += "<ul>"
for i in range(0, len(not_inCompliance)):
html += """<li><font color=\"black\"> """ + not_inCompliance[
i]["ruleDef"] + "</li>"
idDEF = not_inCompliance[i]["ruleID"]
con = None
try:
con = conDB.newCon()
if (pID != 7): # exclude rule for country
res = conDB.getSuggestion(con, idDEF).fetchall()
if len(res) == 0:
html += "<h5><font color=\"black\"> No suggestions available </font></h5>"
else:
html += "<h5><font color=\"black\"> Suggestions to be in compliance </font></h5>"
html += "<ul>"
for k in res:
html += """<li><font color=\"black\"> """ + k[
1] + "</li>"
html += "</ul>"
html += "<br>"
html += "<p></p>"
except Exception as e:
raise
finally:
if con is not None:
try:
con.close()
print("con closed {}".format(con))
except Exception as e:
print("Error closing con {}".format(e))
html += "</ul>"
else:
html += "No principles defined"
html += "<h3>The software " + swName + "does not comply with " + str(
allNotComplianceRules) + " rules from a total of " + str(
allRules) + "</h3>"
html += """
</body>
</html>
"""
curr = datetime.now()
timestamp = curr.strftime("%d/%m/%Y %H:%M:%S")
timestamp = timestamp.replace("/", "-").replace(":", "-")
return html, timestamp