def from_json(self, request):
json = request.get_json(silent=True)
if json is False or json is None:
self.close()
raise MalformedJSONHTTPError(data=request.get_data())
json_dict = json['object']
check_required_keys(json_dict, ProjectSettings.required)
json_dict['__python_obj__'] = ProjectSettings.__module__+'.'+ProjectSettings.__name__
contrs = json_dict['contributions'] or []
if not isinstance(contrs, list):
contrs = []
for idx in range(0, len(contrs)):
try:
check_required_keys(contrs[idx], Contributor.required)
json_dict['contributions'][idx] = (contrs[idx]['firstName'], contrs[idx]['surname'], contrs[idx]['affiliation'], contrs[idx]['role'])
except MissingParameterHTTPError:
SilentHTTPError('A contribution did not contain all required fields. Skipping this one.')
revisions = json_dict['revisions'] or []
if not isinstance(revisions, list):
revisions = []
for idx in range(0, len(revisions)):
try:
check_required_keys(revisions[idx], Revision.required)
json_dict['revisions'][idx] = (revisions[idx]['id'], revisions[idx]['date'], revisions[idx]['description'])
except MissingParameterHTTPError:
SilentHTTPError('A revision did not contain all required fields. Skipping this one.')
settings = json_deserialize(json_dict)
return settings
def get_misuse_case_severity(self, vulnerability_name, environment_name):
severity_name = 'N/A'
try:
vulnerability_id = self.db_proxy.getDimensionId(vulnerability_name, 'vulnerability')
environment_id = self.db_proxy.getDimensionId(environment_name, 'environment')
severity_name = self.db_proxy.vulnerabilitySeverity(vulnerability_id, environment_id)
except DatabaseProxyException as ex:
SilentHTTPError(ex.value)
except ARMException as ex:
SilentHTTPError(str(ex.value))
return severity_name
def get_misuse_case_likelihood(self, threat_name, environment_name):
likelihood_name = 'N/A'
try:
threat_id = self.db_proxy.getDimensionId(threat_name, 'threat')
environment_id = self.db_proxy.getDimensionId(environment_name, 'environment')
likelihood_name = self.db_proxy.threatLikelihood(threat_id, environment_id)
except DatabaseProxyException as ex:
SilentHTTPError(ex.value)
except ARMException as ex:
SilentHTTPError(str(ex.value))
return likelihood_name
def get_misuse_case_attackers(self, threat_name, environment_name):
"""
:rtype : list[str]
"""
attackers = []
try:
threat_id = self.db_proxy.getDimensionId(threat_name, 'threat')
environment_id = self.db_proxy.getDimensionId(environment_name, 'environment')
attackers = self.db_proxy.threatAttackers(threat_id, environment_id)
except DatabaseProxyException as ex:
SilentHTTPError(ex.value)
except ARMException as ex:
SilentHTTPError(str(ex.value))
return attackers
def get_misuse_case_obj_and_assets(self, threat_name, vulnerability_name,
environment_name):
"""
:rtype : str, list[Asset]
"""
dao = AssetDAO(self.session_id)
threatened_assets = []
vulnerable_assets = []
try:
threatened_assets = dao.get_threatened_assets(
threat_name, environment_name)
vulnerable_assets = dao.get_vulnerable_assets(
vulnerability_name, environment_name)
except ObjectNotFoundHTTPError as ex:
SilentHTTPError(ex.message)
objectiveText = 'Exploit vulnerabilities in '
for idx, vulAsset in enumerate(vulnerable_assets):
objectiveText += vulAsset
if (idx != (len(vulnerable_assets) - 1)):
objectiveText += ','
objectiveText += ' to threaten '
for idx, thrAsset in enumerate(threatened_assets):
objectiveText += thrAsset
if (idx != (len(threatened_assets) - 1)):
objectiveText += ','
objectiveText += '.'
assets = set(threatened_assets + vulnerable_assets)
return objectiveText, list(assets)
