def from_json(self, request):
"""
:rtype : Attacker
:raise MalformedJSONHTTPError:
"""
json = request.get_json(silent=True)
if json is False or json is None:
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
json_dict = json['object']
check_required_keys(json_dict, AttackerModel.required)
json_dict[
'__python_obj__'] = Attacker.__module__ + '.' + Attacker.__name__
attacker_props = self.convert_props(
fake_props=json_dict['theEnvironmentProperties'])
json_dict['theEnvironmentProperties'] = []
attacker = json_serialize(json_dict)
attacker = json_deserialize(attacker)
attacker.theEnvironmentProperties = attacker_props
if not isinstance(attacker, Attacker):
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
else:
return attacker
def from_json(self, request):
json = request.get_json(silent=True)
if json is False or json is None:
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
json_dict = json['object']
check_required_keys(json_dict, VulnerabilityModel.required)
json_dict[
'__python_obj__'] = Vulnerability.__module__ + '.' + Vulnerability.__name__
for idx in range(0, len(json_dict['theEnvironmentProperties'])):
property = json_dict['theEnvironmentProperties'][idx]
check_required_keys(
property, VulnerabilityEnvironmentPropertiesModel.required)
property[
'__python_obj__'] = VulnerabilityEnvironmentProperties.__module__ + '.' + VulnerabilityEnvironmentProperties.__name__
json_dict['theEnvironmentProperties'][idx] = property
vulnerability = json_serialize(json_dict)
vulnerability = json_deserialize(vulnerability)
if not isinstance(vulnerability, Vulnerability):
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
else:
return vulnerability
def post(self):
session_id = get_session_id(session, request)
if session_id is None:
raise CairisHTTPError(
status_code=httplib.BAD_REQUEST,
message='The session is neither started or no session ID is provided with the request.'
)
content_length = request.content_length
max_length = 10*1024*1024
if content_length > max_length:
raise MissingParameterHTTPError(exception=RuntimeError('File exceeded maximum size (10MB)'))
try:
file = request.files['file']
except LookupError as ex:
raise MissingParameterHTTPError(param_names=['file'])
except Exception as ex:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message=str(ex.message),
status='Unknown error'
)
dao = UploadDAO(session_id)
filename = dao.upload_image(file)
resp_dict = {'message': 'File successfully uploaded', 'filename': filename}
resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def from_json(self, request, to_props=False):
json = request.get_json(silent=True)
if json is False or json is None:
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
json_dict = json['object']
if to_props and isinstance(json_dict, list):
props = self.convert_props(fake_props=json_dict)
return props
else:
assert isinstance(json_dict, dict)
check_required_keys(json_dict, AssetModel.required)
json_dict[
'__python_obj__'] = Asset.__module__ + '.' + Asset.__name__
env_props = json_dict.pop('theEnvironmentProperties', [])
env_props = self.convert_props(fake_props=env_props)
json_dict.pop('theEnvironmentDictionary', None)
json_dict.pop('theAssetPropertyDictionary', None)
asset = json_serialize(json_dict)
asset = json_deserialize(asset)
if isinstance(asset, Asset):
asset.theEnvironmentProperties = env_props
return asset
else:
self.close()
raise MalformedJSONHTTPError()
def from_json(self, request):
json = request.get_json(silent=True)
if json is False or json is None:
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
json_dict = json['object']
assert isinstance(json_dict, dict)
check_required_keys(json_dict, EnvironmentModel.required)
json_dict['__python_obj__'] = Environment.__module__+'.'+Environment.__name__
if json_dict.has_key('theTensions'):
assert isinstance(json_dict['theTensions'], list)
tensions = json_dict['theTensions']
json_dict['theTensions'] = {}
for tension in tensions:
check_required_keys(tension, EnvironmentTensionModel.required)
key = tuple([tension['base_attr_id'], tension['attr_id']])
value = tuple([tension['value'], tension['rationale']])
json_dict['theTensions'][key] = value
new_json_environment = json_serialize(json_dict)
environment = json_deserialize(new_json_environment)
if not isinstance(environment, Environment):
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
else:
return environment
def from_json(self, request, to_props=False):
json = request.get_json(silent=True)
if json is False or json is None:
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
json_dict = json['object']
if to_props and isinstance(json_dict, list):
props = self.convert_props(fake_props=json_dict)
return props
else:
assert isinstance(json_dict, dict)
check_required_keys(json_dict, AssetModel.required)
json_dict['__python_obj__'] = Asset.__module__+'.'+Asset.__name__
env_props = json_dict.pop('theEnvironmentProperties', [])
env_props = self.convert_props(fake_props=env_props)
json_dict.pop('theEnvironmentDictionary', None)
json_dict.pop('theAssetPropertyDictionary', None)
asset = json_serialize(json_dict)
asset = json_deserialize(asset)
if isinstance(asset, Asset):
asset.theEnvironmentProperties = env_props
return asset
else:
self.close()
raise MalformedJSONHTTPError()
def get(self, threat, vulnerability, environment):
session_id = get_session_id(session, request)
dao = RiskDAO(session_id)
risk_rating = dao.get_risk_rating_by_tve(threat, vulnerability, environment)
resp = make_response(json_serialize(risk_rating, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
settings = dao.get_settings()
resp = make_response(json_serialize(settings, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = RoleDAO(session_id)
props = dao.get_role_props(name)
dao.close()
resp = make_response(json_serialize(props, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = RoleDAO(session_id)
found_role = dao.get_role_by_name(name)
dao.close()
resp = make_response(json_serialize(found_role, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, id):
session_id = get_session_id(session, request)
dao = RoleDAO(session_id)
found_role = dao.get_role_by_id(id)
dao.close()
resp = make_response(json_serialize(found_role, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
settings = dao.get_settings()
resp = make_response(json_serialize(settings, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, environment):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_asset_names(environment=environment)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = ResponseDAO(session_id)
found_response = dao.get_response_by_name(name)
dao.close()
resp = make_response(json_serialize(found_response, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = AttackerDAO(session_id)
attacker = dao.get_attacker_by_name(name=name)
dao.close()
resp = make_response(json_serialize(attacker, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
dao.create_new_project()
resp_dict = {'message': 'New project successfully created'}
resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, name, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_value = dao.get_asset_value_by_name(name=name, environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(asset_value, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = VulnerabilityDAO(session_id)
vulnerability = dao.get_vulnerability_by_name(name=name)
dao.close()
resp = make_response(json_serialize(vulnerability, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, threat, vulnerability):
session_id = get_session_id(session, request)
dao = EnvironmentDAO(session_id)
environments = dao.get_environment_names_by_threat_vulnerability(threat, vulnerability)
dao.close()
resp = make_response(json_serialize(environments, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
dao = EnvironmentDAO(session_id)
environment_names = dao.get_environment_names()
dao.close()
resp = make_response(json_serialize(environment_names, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self):
session_id = request.args.get('session_id', None)
dao = AssetDAO(session_id)
assets_names = dao.get_asset_names()
dao.close()
resp = make_response(json_serialize(assets_names, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, asset_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_props = dao.get_asset_props(name=asset_name)
dao.close()
resp = make_response(json_serialize(asset_props, session_id=session_id))
resp.contenttype = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
found_asset = dao.get_asset_by_name(name)
dao.close()
resp = make_response(json_serialize(found_asset, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_asset_values(environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, environment):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_asset_names(environment=environment)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = ResponseDAO(session_id)
responses = dao.get_responses(constraint_id)
resp = make_response(json_serialize(responses, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def delete(self, name):
session_id = request.args.get('session_id', None)
dao = AssetDAO(session_id)
dao.delete_asset(name=name)
dao.close()
resp_dict = {'message': 'Asset successfully deleted'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def from_json(self, request):
json_dict = super(DependencyDAO, self).from_json(request)
check_required_keys(json_dict, DependencyModel.required)
json_dict[
'__python_obj__'] = Dependency.__module__ + '.' + Dependency.__name__
dependency = json_deserialize(json_dict)
if isinstance(dependency, Dependency):
return dependency
else:
self.close()
raise MalformedJSONHTTPError(json_serialize(json_dict))
def post(self):
session_id = get_session_id(session, request)
dao = RiskDAO(session_id)
risk = dao.from_json(request)
risk_id = dao.add_risk(risk)
resp_dict = {'message': 'Risk successfully added', 'risk_id': risk_id}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def delete(self, id):
session_id = get_session_id(session, request)
dao = RoleDAO(session_id)
dao.delete_role(role_id=id)
dao.close()
resp_dict = {'message': 'Role successfully deleted'}
resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = ResponseDAO(session_id)
response = dao.from_json(request)
response_id = dao.add_response(response)
resp_dict = {'message': 'Response successfully added', 'response_id': response_id}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def delete(self, name):
session_id = get_session_id(session, request)
dao = ResponseDAO(session_id)
dao.delete_response(name)
dao.close()
resp_dict = {'message': 'Response successfully deleted'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = VulnerabilityDAO(session_id)
vulnerabilities = dao.get_vulnerabilities(constraint_id=constraint_id)
dao.close()
resp = make_response(json_serialize(vulnerabilities, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
constraint_id = request.args.get('constraint_id', -1)
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_assets(constraint_id=constraint_id)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, threat, vulnerability, environment):
session_id = get_session_id(session, request)
dao = RiskDAO(session_id)
risk_rating = dao.get_risk_rating_by_tve(threat, vulnerability,
environment)
resp = make_response(
json_serialize(risk_rating, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def delete(self, name):
session_id = get_session_id(session, request)
dao = GoalDAO(session_id)
dao.delete_goal(name)
dao.close()
resp_dict = {'message': 'Goal successfully deleted'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = RiskDAO(session_id)
risks = dao.get_risks(constraint_id)
resp = make_response(json_serialize(risks, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraintsId = request.args.get('constraints_id', -1)
dao = RiskDAO(session_id)
misuse_cases = dao.get_misuse_cases(constraintsId)
dao.close()
resp = make_response(json_serialize(misuse_cases, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
dao = RiskDAO(session_id)
found_risk = dao.get_risk_by_name(name)
dao.close()
resp = make_response(json_serialize(found_risk, session_id=session_id),
httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraintsId = request.args.get('constraint_id', '')
dao = DependencyDAO(session_id)
dependencies = dao.get_dependencies(constraintsId)
dao.close()
resp = make_response(json_serialize(dependencies, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
coloured = request.args.get('coloured', False)
dao = GoalDAO(session_id)
found_goal = dao.get_goal_by_name(name, coloured=(coloured == '1'))
dao.close()
resp = make_response(json_serialize(found_goal, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get(self, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
assets = dao.get_asset_values(environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
dao.create_new_project()
resp_dict = {'message': 'New project successfully created'}
resp = make_response(json_serialize(resp_dict, session_id=session_id),
httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = VulnerabilityDAO(session_id)
vulnerability_type = dao.get_vulnerability_type_by_name(name=name, environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(vulnerability_type, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = RoleDAO(session_id)
roles = dao.get_roles(constraint_id)
dao.close()
resp = make_response(json_serialize(roles, session_id=session_id))
resp.contenttype = "application/json"
return resp
def get(self):
session_id = get_session_id(session, request)
constraintsId = request.args.get('constraints_id', -1)
dao = EnvironmentDAO(session_id)
environments = dao.get_environments(constraintsId)
dao.close()
resp = make_response(json_serialize(environments, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def put(self):
session_id = get_session_id(session, request)
dao = ProjectDAO(session_id)
settings = dao.from_json(request)
dao.apply_settings(settings)
resp_dict = {'message': 'Project settings successfully updated'}
resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def delete(self, name):
session_id = get_session_id(session, request)
dao = EnvironmentDAO(session_id)
dao.delete_environment(name=name)
dao.close()
resp_dict = {'message': 'Environment successfully deleted'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self, name):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AttackerDAO(session_id)
attacker_motivation = dao.get_attacker_motivation_by_name(name=name, environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(attacker_motivation, session_id=session_id), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AttackerDAO(session_id)
assets = dao.get_attacker_motivations(environment_name=environment_name)
dao.close()
resp = make_response(json_serialize(assets, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def get(self):
session_id = get_session_id(session, request)
constraint_id = request.args.get('constraint_id', -1)
dao = AttackerDAO(session_id)
attackers = dao.get_attackers(constraint_id=constraint_id)
dao.close()
resp = make_response(json_serialize(attackers, session_id=session_id), httplib.OK)
resp.contenttype = 'application/json'
return resp
def delete(self, name):
session_id = get_session_id(session, request)
environment_name = request.args.get('environment', '')
dao = AssetDAO(session_id)
dao.delete_asset_type(name=name, environment_name=environment_name)
dao.close()
resp_dict = {'message': 'Asset type successfully deleted'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def put(self, name, environment_name):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset_value = dao.type_from_json(request)
dao.update_asset_value(asset_value, name=name, environment_name=environment_name)
dao.close()
resp_dict = {'message': 'Asset type successfully updated'}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.headers['Content-type'] = 'application/json'
return resp
def post(self):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.from_json(request)
new_id = dao.add_asset(asset)
dao.close()
resp_dict = {'asset_id': new_id}
resp = make_response(json_serialize(resp_dict), httplib.OK)
resp.contenttype = 'application/json'
return resp