def add_asset():
"""
Add a asset to the database
"""
add_asset = True
form = AssetForm()
if form.validate_on_submit():
asset = Asset(
comments=form.comments.data,
inventory_id=Inventory.query.first().id,
location=Location.query.first().id,
managed_by=current_user.id,
assigned_to=current_user.id,
certified_by=current_user.id,
)
try:
# add asset to the database
db.session.add(asset)
db.session.commit()
flash('You have successfully added a new Asset.')
except:
# in case asset name already exists
flash('Error: Asset cannot be created.')
# redirect to assets page
return redirect(url_for('assets.list_assets'))
# load department template
return render_template('assets/asset.html',
action="Add",
add_asset=add_asset,
form=form,
title="Add Asset")
def new_asset():
'''
Create new asset
'''
form = AssetForm()
if form.validate_on_submit():
my_asset = Asset()
form.populate_obj(my_asset)
db.session.add(my_asset)
try:
db.session.commit()
# User info
flash('Asset created correctly', 'success')
return redirect(url_for('assets'))
except:
db.session.rollback()
flash('Error generating asset.', 'danger')
return render_template('web/new_asset.html', form=form)
def edit_asset(id):
'''
Edit asset
:param id: Id from asset
'''
my_asset = Asset.query.filter_by(id=id).first()
form = AssetForm(obj=my_asset)
if form.validate_on_submit():
try:
# Update asset
form.populate_obj(my_asset)
db.session.add(my_asset)
db.session.commit()
# User info
flash('Saved successfully', 'success')
except:
db.session.rollback()
flash('Error update asset.', 'danger')
return render_template('web/edit_asset.html', form=form)
def add_asset(id):
"""
Add a asset to the database
"""
#check_admin
add_asset = True
form = AssetForm()
if form.validate_on_submit():
asset = Asset(
name=form.name.data,
description=form.description.data,
analyse_id=id,
sensitivity=form.sensitivity.data,
criticality=form.criticality.data,
)
try:
# add asset to the database
db.session.add(asset)
db.session.commit()
flash('You have successfully added a new asset.')
except:
# in case asset name already exists
flash('Error: asset name already exists.')
# redirect to the assets page
#return redirect(url_for('home.list_assets'))
return redirect(url_for('home.edit_analyse', id=id))
# load asset template
w, h = 4, 4
myscores = [[0 for x in range(w)] for y in range(h)]
# analyse = Analyse.query.get_or_404(id)
return render_template('home/assets/asset.html',
add_asset=add_asset,
myscores=myscores,
analyse_id=id,
form=form,
title='Add Asset')
def edit_asset(id):
"""
Edit an asset
"""
add_asset = False
asset = Asset.query.get_or_404(id)
form = AssetForm(obj=asset)
if form.validate_on_submit():
asset.comments = form.comments.data
db.session.commit()
flash('You have successfully edited the asset.')
# redirect to the departments page
return redirect(url_for('assets.list_assets'))
return render_template('assets/asset.html',
action="Edit",
add_asset=add_asset,
form=form,
asset=asset,
title="Edit Asset")
def edit_asset(id):
"""
Edit a asset
"""
#check_admin
add_asset = False
asset = Asset.query.get_or_404(id)
analyse = Analyse.query.get_or_404(asset.analyse_id)
attackers = Attacker.query.all()
form = AssetForm(obj=asset)
if form.validate_on_submit():
asset.name = form.name.data
asset.description = form.description.data
#asset.analyse_id = form.analyse_id.data
asset.criticality = form.criticality.data
asset.sensitivity = form.sensitivity.data
myexpsum = 0.0
myexparr = [0, 0, 0, 0]
for attacker in attackers:
myassetattacker = AssetAttacker.query.filter_by(
asset_id=id).filter_by(attacker_id=attacker.id).first()
myexparr[attacker.wert - 1] = max(myexparr[attacker.wert - 1],
myassetattacker.wert)
risk = myexparr[0] + myexparr[1] * 2 + myexparr[2] * 3 + myexparr[3] * 4
wu = max(form.criticality.data, form.sensitivity.data)
myexpsum = (int(wu) * risk)
asset.exposition = myexpsum / 10.0
db.session.add(asset)
db.session.commit()
#flash('You have successfully edited the asset.')
# redirect to the asset page
#return redirect(url_for('home.list_assets'))
#asset = Asset.query.get(assetattacker.asset_id)
return redirect(url_for('home.edit_analyse', id=asset.analyse_id))
form.description.data = asset.description
form.name.data = asset.name
#analyse = Analyse.query.get(asset.analyse_id)
#form.analyse.default = asset.analyse_id # trying to set default select value
form.sensitivity.data = str(asset.sensitivity)
form.criticality.data = str(asset.criticality)
form.exposition.data = asset.exposition
# add an assetattacker per asset and attackers
# get current asset.id id
w, h = 4, 4
myscores = [[0 for x in range(w)] for y in range(h)]
for attacker in attackers:
attacker.myassetattacker = AssetAttacker.query.filter_by(
asset_id=id).filter_by(attacker_id=attacker.id).first()
if not (attacker.myassetattacker):
mya = AssetAttacker()
mya.asset_id = id
mya.attacker_id = attacker.id
mya.wert = -1
db.session.add(mya)
db.session.commit()
try:
#myscores[ max((attacker.myassetattacker.wert-1),0) ][asset.wa-1] = "True"
for myassetattackervaluemax in range(
0, max((attacker.myassetattacker.wert), 0)):
myscores[max((attacker.wert - 1),
0)][myassetattackervaluemax] = "True"
except:
a = 2
return render_template('home/assets/asset.html',
add_asset=add_asset,
attackers=attackers,
form=form,
myscores=myscores,
analyse_id=analyse.id,
title="Edit Asset")
