def get(self, environment, asset):
session_id = get_session_id(session, request)
hide_concerns = request.args.get('hide_concerns', '1')
if hide_concerns == '0' or hide_concerns == 0:
hide_concerns = False
else:
hide_concerns = True
if asset == 'all':
asset = ''
model_generator = get_model_generator()
dao = AssetDAO(session_id)
dot_code = dao.get_asset_model(environment,
asset,
hide_concerns=hide_concerns)
dao.close()
if not isinstance(dot_code, str):
raise ObjectNotFoundHTTPError('The model')
resp = make_response(
model_generator.generate(dot_code, renderer='dot'), OK)
accept_header = request.headers.get('Accept', 'image/svg+xml')
if accept_header.find('text/plain') > -1:
resp.headers['Content-type'] = 'text/plain'
else:
resp.headers['Content-type'] = 'image/svg+xml'
return resp
def get_misuse_case_obj_and_assets(self, threat_name, vulnerability_name,
environment_name):
"""
:rtype : str, list[Asset]
"""
dao = AssetDAO(self.session_id)
threatened_assets = []
vulnerable_assets = []
try:
threatened_assets = dao.get_threatened_assets(
threat_name, environment_name)
vulnerable_assets = dao.get_vulnerable_assets(
vulnerability_name, environment_name)
except ObjectNotFoundHTTPError as ex:
SilentHTTPError(ex.message)
objectiveText = 'Exploit vulnerabilities in '
for idx, vulAsset in enumerate(vulnerable_assets):
objectiveText += vulAsset
if (idx != (len(vulnerable_assets) - 1)):
objectiveText += ','
objectiveText += ' to threaten '
for idx, thrAsset in enumerate(threatened_assets):
objectiveText += thrAsset
if (idx != (len(threatened_assets) - 1)):
objectiveText += ','
objectiveText += '.'
assets = set(threatened_assets + vulnerable_assets)
return objectiveText, list(assets)
def get(self):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
objts = dao.get_assets_summary()
dao.close()
resp = make_response(json_serialize(objts, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self):
constraint_id = request.args.get('constraint_id', -1)
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_assets(constraint_id=constraint_id)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_asset_values(environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id), OK)
resp.contenttype = 'application/json'
return resp
def get(self, environment):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_asset_names(environment=environment)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
found_asset = dao.get_asset_by_name(name)
dao.close()
resp = make_response(json_serialize(found_asset,
session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, asset_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_props = dao.get_asset_props(name=asset_name)
dao.close()
resp = make_response(json_serialize(asset_props,
session_id=session_id))
resp.contenttype = 'application/json'
return resp
def delete(self, name):
session_id = request.args.get('session_id', None)
dao = AssetDAO(session_id)
dao.delete_asset(name=name)
dao.close()
resp_dict = {'message': 'Asset successfully deleted'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = request.args.get('session_id', None)
dao = AssetDAO(session_id)
assets_names = dao.get_asset_names()
dao.close()
resp = make_response(
json_serialize(assets_names, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def post(self):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.from_json(request)
assetName = dao.add_asset(asset)
dao.close()
resp_dict = {'message': assetName + ' created'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.from_json(request)
dao.update_asset(asset, name=name)
dao.close()
resp_dict = {'message': 'Update successful'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.from_json(request)
new_id = dao.add_asset(asset)
dao.close()
resp_dict = {'asset_id': new_id}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AssetDAO(session_id)
assets = dao.get_asset_types(environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, name, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_value = dao.get_asset_value_by_name(
name=name, environment_name=environment_name)
dao.close()
resp = make_response(
json_serialize(asset_value, session_id=session_id), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, id):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.get_asset_by_id(id)
dao.close()
if asset is None:
raise ObjectNotFoundHTTPError('The asset')
resp = make_response(json_serialize(asset, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def delete(self, name):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AssetDAO(session_id)
dao.delete_asset_type(name=name, environment_name=environment_name)
dao.close()
resp_dict = {'message': 'Asset type successfully deleted'}
resp = make_response(json_serialize(resp_dict), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AssetDAO(session_id)
new_value_type = dao.type_from_json(request)
dao.add_asset_type(new_value_type, environment_name=environment_name)
dao.close()
resp_dict = {'message': 'Asset type successfully added'}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
def put(self, name, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_value = dao.type_from_json(request)
dao.update_asset_value(asset_value,
name=name,
environment_name=environment_name)
dao.close()
resp_dict = {'message': 'Asset type successfully updated'}
resp = make_response(json_serialize(resp_dict), OK)
resp.headers['Content-type'] = 'application/json'
return resp
def put(self, asset_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_prop = dao.from_json(request, to_props=True)
dao.update_asset_properties(asset_prop, name=asset_name)
dao.close()
resp_dict = {
'message': 'The asset properties were successfully updated.'
}
resp = make_response(json_serialize(resp_dict), OK)
resp.contenttype = 'application/json'
return resp
