def mutate(self, info, **parameters): finding_id = parameters.get('finding_id') project_name = get_finding_project_name(finding_id) user_info = util.get_jwt_content(info.context) success = verify_vulnerabilities( finding_id, user_info['user_email'], str.join(' ', [ user_info.get('first_name', ''), user_info.get('last_name', '') ]), info, parameters) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Verified a request ' f'in finding_id: {finding_id}') return VerifyRequestVuln(success=success)
def mutate(self, info, finding_id, **parameters): project_name = finding_domain.get_finding(finding_id)['projectName'] user_mail = util.get_jwt_content(info.context)['user_email'] if parameters.get('acceptance_status') == '': del parameters['acceptance_status'] historic_treatment = finding_domain.get_finding( finding_id)['historicTreatment'] last_state = { key: value for key, value in historic_treatment[-1].items() if key not in ['date', 'user'] } new_state = { key: value for key, value in parameters.items() if key != 'bts_url' } bts_changed, treatment_changed = True, True Status = namedtuple('Status', 'bts_changed treatment_changed') if not finding_domain.compare_historic_treatments( last_state, new_state): treatment_changed = False if ('externalBts' in finding_domain.get_finding(finding_id) and parameters.get('bts_url') == finding_domain.get_finding(finding_id)['externalBts']): bts_changed = False update = Status(bts_changed=bts_changed, treatment_changed=treatment_changed) if not any(list(update)): raise GraphQLError( 'It cant be updated a finding with same values it already has') success = finding_domain.update_client_description( finding_id, parameters, user_mail, update) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Updated treatment in ' f'finding {finding_id} succesfully') util.forces_trigger_deployment(project_name) else: util.cloudwatch_log( info.context, 'Security: Attempted to update ' f'treatment in finding {finding_id}') findings_loader = info.context.loaders['finding'] return UpdateClientDescription( finding=findings_loader.load(finding_id), success=success)
def mutate(self, info, finding_id: str, justification: str, vulnerabilities: List) -> object: project_name = get_finding_project_name(finding_id) user_info = util.get_jwt_content(info.context) success = request_verification( finding_id, user_info['user_email'], str.join(' ', [ user_info.get('first_name', ''), user_info.get('last_name', '') ]), justification, cast(_List[str], vulnerabilities)) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Verified a request ' f'in finding_id: {finding_id}') return RequestVerificationVuln(success=success)
def mutate(self, info, evidence_id, finding_id, file): success = False if finding_domain.validate_evidence(evidence_id, file): success = finding_domain.update_evidence(finding_id, evidence_id, file) if success: util.invalidate_cache(finding_id) util.cloudwatch_log( info.context, 'Security: Updated evidence in finding ' f'{finding_id} succesfully') else: util.cloudwatch_log( info.context, 'Security: Attempted to update evidence in ' f'finding {finding_id}') return UpdateEvidence(success=success)
def mutate(self, info, finding_id, **parameters): success = finding_domain.update_description(finding_id, parameters) if success: project_name = finding_domain.get_finding( finding_id)['projectName'] util.invalidate_cache(finding_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Updated description in\ finding {id} succesfully'.format(id=finding_id)) else: util.cloudwatch_log( info.context, 'Security: Attempted to update \ description in finding {id}'.format(id=finding_id)) findings_loader = info.context.loaders['finding'] ret = UpdateDescription(finding=findings_loader.load(finding_id), success=success) return ret
def project_to_pdf(request, lang, project, doctype): "Export a project to a PDF" assert project.strip() if not has_access_to_project(request.session['username'], project, request.session['role']): util.cloudwatch_log(request, 'Security: Attempted to export project' ' pdf without permission') return util.response([], 'Access denied', True) else: user = request.session['username'].split('@')[0] validator = validation_project_to_pdf(request, lang, doctype) if validator is not None: return validator findings = finding_domain.get_findings( project_domain.list_findings(project.lower())) findings = [cast_new_vulnerabilities( get_open_vuln_by_type(finding['findingId'], request), finding) for finding in findings] description = project_domain.get_description(project.lower()) pdf_maker = CreatorPDF(lang, doctype) secure_pdf = SecurePDF() findings_ord = util.ord_asc_by_criticidad(findings) findings = pdf_evidences(findings_ord) report_filename = '' if doctype == 'tech': pdf_maker.tech(findings, project, description) report_filename = secure_pdf.create_full(user, pdf_maker.out_name, project) else: return HttpResponse( 'Disabled report generation', content_type='text/html') if not os.path.isfile(report_filename): rollbar.report_message( 'Couldn\'t generate pdf report', 'error', request) return HttpResponse( 'Couldn\'t generate pdf report', content_type='text/html') with open(report_filename, 'rb') as document: response = HttpResponse(document.read(), content_type='application/pdf') response['Content-Disposition'] = \ 'inline;filename={}_IT.pdf'.format(project) return response
def mutate(self, info, **query_args): project_name = query_args.get('project_name') success = False user_data = util.get_jwt_content(info.context) role = get_user_role(user_data) new_user_data = { 'email': query_args.get('email'), 'organization': query_args.get('organization'), 'responsibility': query_args.get('responsibility', '-'), 'role': query_args.get('role'), 'phone_number': query_args.get('phone_number', '') } if (role == 'admin' and new_user_data['role'] in ['admin', 'analyst', 'customer', 'customeradmin']) \ or (is_customeradmin(project_name, user_data['user_email']) and new_user_data['role'] in ['customer', 'customeradmin']): if create_new_user(info.context, new_user_data, project_name): success = True else: rollbar.report_message( 'Error: Couldn\'t grant access to project', 'error', info.context) else: rollbar.report_message( 'Error: Invalid role provided: ' + new_user_data['role'], 'error', info.context) if success: util.invalidate_cache(project_name) util.invalidate_cache(query_args.get('email')) util.cloudwatch_log( info.context, 'Security: Given grant access to {user} \ in {project} project'.format(user=query_args.get('email'), project=project_name)) else: util.cloudwatch_log( info.context, 'Security: Attempted to give grant \ access to {user} in {project} project'.format( user=query_args.get('email'), project=project_name)) ret = \ GrantUserAccess(success=success, granted_user=User(project_name, new_user_data['email'])) return ret
def verify_and_call(*args, **kwargs): context = args[1].context user_data = util.get_jwt_content(context) user_data['role'] = get_user_role(user_data) project_name = resolve_project_name(args, kwargs) project_data = resolve_project_data(project_name) action = '{}.{}'.format(func.__module__, func.__qualname__) action = action.replace('.', '_') try: if not ENFORCER_ACTION.enforce(user_data, project_data, action): util.cloudwatch_log( context, 'Security: \ Unauthorized role attempted to perform operation') raise GraphQLError('Access denied') except AttributeDoesNotExist: util.cloudwatch_log( context, 'Security: \ Unauthorized role attempted to perform operation') raise GraphQLError('Access denied') return func(*args, **kwargs)
def mutate(self, info, finding_id, evidence_id, description): success = False try: success = finding_domain.update_evidence_description( finding_id, evidence_id, description) if success: util.invalidate_cache(finding_id) util.cloudwatch_log( info.context, 'Security: Evidence description \ succesfully updated in finding ' + finding_id) else: util.cloudwatch_log( info.context, 'Security: Attempted to update \ evidence description in ' + finding_id) except KeyError: rollbar.report_message( 'Error: \ An error occurred updating evidence description', 'error', info.context) return UpdateEvidenceDescription(success=success)
def mutate(self, info, **parameters): finding_id = parameters.get('finding_id') project = finding_domain.get_project(finding_id) success = False success = finding_domain.save_severity(parameters.get('data')) findings_loader = info.context.loaders['finding'] ret = UpdateSeverity(finding=findings_loader.load(finding_id), success=success) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project) util.cloudwatch_log( info.context, 'Security: Updated severity in\ finding {id} succesfully'.format( id=parameters.get('finding_id'))) else: util.cloudwatch_log( info.context, 'Security: Attempted to update \ severity in finding {id}'.format( id=parameters.get('finding_id'))) return ret
def mutate(self, info, project_name: str, user_email: str) -> object: success = False project_domain.remove_user_access(project_name, user_email, 'customeradmin') success = project_domain.remove_access(user_email, project_name) removed_email = user_email if success else None if success: util.invalidate_cache(project_name) util.invalidate_cache(user_email) util.cloudwatch_log( info.context, 'Security: Removed user: {user} from {project} \ project succesfully'.format(user=user_email, project=project_name)) else: util.cloudwatch_log( info.context, 'Security: Attempted to remove user: {user}\ from {project} project'.format(user=user_email, project=project_name)) ret = RemoveUserAccess(success=success, removed_email=removed_email) return ret
def mutate(self, info, **parameters): user_info = util.get_jwt_content(info.context) user_mail = user_info['user_email'] finding_id = parameters.get('finding_id') historic_treatment = finding_domain.get_finding(finding_id).get( 'historicTreatment') if historic_treatment[-1]['acceptance_status'] != 'SUBMITTED': raise GraphQLError('It cant be approved/rejected a finding' + 'definite assumption without being requested') success = finding_domain.handle_acceptation( finding_id, parameters.get('observations'), user_mail, parameters.get('response')) if success: util.invalidate_cache(finding_id) util.invalidate_cache(parameters.get('project_name')) util.cloudwatch_log( info.context, 'Security: Verified a request ' f'in finding_id: {finding_id}') ret = HandleAcceptation(success=success) return ret
def project_to_xls(request, lang, project): "Create the technical report" username = request.session['username'].split("@")[0] if project.strip() == "": rollbar.report_message( 'Error: Empty fields in project', 'error', request) return util.response([], 'Empty fields', True) if not has_access_to_project(request.session['username'], project, request.session['role']): util.cloudwatch_log( request, 'Security: Attempted to export project xls without permission') return util.response([], 'Access denied', True) if lang not in ["es", "en"]: rollbar.report_message('Error: Unsupported language', 'error', request) return util.response([], 'Unsupported language', True) findings = finding_domain.get_findings( project_domain.list_findings(project.lower())) if findings: findings = [cast_new_vulnerabilities( get_open_vuln_by_type(finding['findingId'], request), finding) for finding in findings] else: rollbar.report_message( 'Project {} does not have findings in dynamo'.format(project), 'warning', request) return util.response([], 'Empty fields', True) data = util.ord_asc_by_criticidad(findings) it_report = ITReport(project, data, username) filepath = it_report.result_filename reports.set_xlsx_password(filepath, time.strftime('%d%m%Y') + username) with open(filepath, 'rb') as document: response = HttpResponse(document.read()) response['Content-Type'] = ('application/vnd.openxmlformats' '-officedocument.spreadsheetml.sheet') response['Content-Disposition'] = 'inline;filename={}.xlsx'.format( project) return response
def mutate(self, info, **kwargs): """Delete vulnerability from database.""" finding_id = kwargs.get('finding_id') uuid = kwargs.get('id') justification = kwargs.get('justification') project = get_finding_project_name(finding_id) user_email = util.get_jwt_content(info.context)['user_email'] success = delete_vulnerability(finding_id, uuid, justification, user_email) if success: util.invalidate_cache(finding_id) util.invalidate_cache(project) util.cloudwatch_log( info.context, f'Security: Deleted vulnerability: {uuid} ' f'from {project} project succesfully') else: util.cloudwatch_log( info.context, 'Security: Attempted to delete vulnerability: ' f'{uuid} from {project} project') ret = DeleteVulnerability(success=success) return ret
def mutate(self, info, project_name, tag): success = False project_name = project_name.lower() if project_domain.is_alive(project_name): project_tags = project_domain.get_attributes(project_name, ['tag']) project_tags.get('tag').remove(tag) if project_tags.get('tag') == set(): project_tags['tag'] = None tag_deleted = project_domain.update(project_name, project_tags) if tag_deleted: success = True else: rollbar.report_message('Error: \ An error occurred removing a tag', 'error', info.context) if success: util.invalidate_cache(project_name) util.cloudwatch_log(info.context, 'Security: Removed tag from \ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log(info.context, 'Security: Attempted to remove \ tag in {project} project'.format(project=project_name)) ret = RemoveTag(success=success, project=Project(project_name)) return ret
def mutate(_, info, envs: _List[Dict[str, str]], project_name: str) -> object: user_email = util.get_jwt_content(info.context)['user_email'] success = resources.create_resource( envs, project_name, 'environment', user_email) if success: util.invalidate_cache(project_name) util.cloudwatch_log( info.context, f'Security: Added envs to {project_name} project succesfully') resources.send_mail( project_name, user_email, envs, 'added', 'environment') else: rollbar.report_message( 'An error occurred adding environments', level='error', payload_data=locals()) util.cloudwatch_log( info.context, f'Security: Attempted to add envs to {project_name} project') return AddRepositories(success=success)
def mutate(self, info, draft_id): reviewer_email = util.get_jwt_content(info.context)['user_email'] project_name = finding_domain.get_finding(draft_id)['projectName'] has_vulns = [ vuln for vuln in vuln_domain.list_vulnerabilities([draft_id]) if vuln['historic_state'][-1].get('state') != 'DELETED' ] if not has_vulns: raise GraphQLError('CANT_APPROVE_FINDING_WITHOUT_VULNS') success, release_date = finding_domain.approve_draft( draft_id, reviewer_email) if success: util.invalidate_cache(draft_id) util.invalidate_cache(project_name) util.cloudwatch_log( info.context, 'Security: Approved draft in\ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log( info.context, 'Security: Attempted to approve \ draft in {project} project'.format(project=project_name)) return ApproveDraft(release_date, success)
def resolve_remove_user_access( _, info, project_name: str, user_email: str ) -> object: """Resolve remove_user_access mutation.""" success = False project_domain.remove_user_access( project_name, user_email, 'customeradmin' ) success = project_domain.remove_access(user_email, project_name) removed_email = user_email if success else None if success: util.invalidate_cache(project_name) util.invalidate_cache(user_email) util.cloudwatch_log( info.context, f'Security: Removed user: {user_email} from {project_name} \ project succesfully') else: util.cloudwatch_log( info.context, f'Security: Attempted to remove user: {user_email}\ from {project_name} project') return dict(success=success, removed_email=removed_email)
def download_vulnerabilities(request, findingid): """Download a file with all the vulnerabilities.""" if not has_access_to_finding(request.session['username'], findingid, request.session['role']): util.cloudwatch_log(request, 'Security: \ Attempted to retrieve vulnerabilities without permission') return util.response([], 'Access denied', True) else: finding = get_vulnerabilities_by_type(findingid) data_yml = {} vuln_types = {'ports': dict, 'lines': dict, 'inputs': dict} if finding: for vuln_key, cast_fuction in list(vuln_types.items()): if finding.get(vuln_key): data_yml[vuln_key] = list(map(cast_fuction, list(finding.get(vuln_key)))) else: # This finding does not have this type of vulnerabilities pass else: # This finding does not have new vulnerabilities pass project = finding_domain.get_finding(findingid)['projectName'] file_name = '/tmp/{project}-{finding_id}.yaml'.format( finding_id=findingid, project=project) stream = open(file_name, 'w') yaml.safe_dump(data_yml, stream, default_flow_style=False) try: with open(file_name, 'rb') as file_obj: response = HttpResponse(file_obj.read(), content_type='text/x-yaml') response['Content-Disposition'] = \ 'attachment; filename="{project}-{finding_id}.yaml"'.format( finding_id=findingid, project=project) return response except IOError: rollbar.report_message('Error: Invalid vulnerabilities file format', 'error', request) return util.response([], 'Invalid vulnerabilities file format', True)
def mutate(self, info, files_data: Dict[str, Any], project_name: str) -> object: success = False file_name = files_data.get('fileName') user_email = util.get_jwt_content(info.context)['user_email'] remove_file = resources.remove_file(file_name, project_name) if remove_file: resources.send_mail(project_name, user_email, [files_data], 'removed', 'file') success = True else: rollbar.report_message('Error: \ An error occurred removing file', 'error', info.context) if success: util.invalidate_cache(project_name) util.cloudwatch_log(info.context, 'Security: Removed Files from \ {project} project succesfully'.format(project=project_name)) else: util.cloudwatch_log(info.context, 'Security: Attempted to remove files \ from {project} project'.format(project=project_name)) ret = RemoveFiles(success=success, resources=Resource(project_name)) return ret
def resolve_add_repositories( _, info, repos: _List[Dict[str, str]], project_name: str ) -> object: """Resolve add_repositories mutation.""" user_email = util.get_jwt_content(info.context)['user_email'] success = resources.create_resource( repos, project_name, 'repository', user_email) if success: util.invalidate_cache(project_name) util.cloudwatch_log( info.context, f'Security: Added repos to {project_name} project succesfully') resources.send_mail( project_name, user_email, repos, 'added', 'repository') else: rollbar.report_message( 'An error occurred adding repositories', level='error', payload_data=locals()) util.cloudwatch_log( info.context, f'Security: Attempted to add repos to {project_name} project') return dict(success=success)
def mutate(self, info, **kwargs): """Process file input.""" finding_id = kwargs.get('finding_id') origin = kwargs.get('origin', '') project = finding_domain.get_project(finding_id) file_input = info.context.FILES['1'] mime = Magic(mime=True) if isinstance(file_input, TemporaryUploadedFile): mime_type = mime.from_file(file_input.temporary_file_path()) elif isinstance(file_input, InMemoryUploadedFile): mime_type = mime.from_buffer(file_input.file.getvalue()) else: mime_type = '' mib = 1048576 if (file_input and mime_type in ['text/x-yaml', 'text/plain', 'text/html']): if file_input.size < 1 * mib: success = process_file(file_input, finding_id, info, origin) else: raise InvalidFileSize() else: raise InvalidFileType() ret = UploadFile(success=success) if success: update_last_vuln_date(finding_id) util.invalidate_cache(finding_id) util.invalidate_cache(project) util.cloudwatch_log( info.context, 'Security: Uploaded file in {project} \ project succesfully'.format(project=project)) else: util.cloudwatch_log( info.context, 'Security: Attempted to delete file \ from {project} project'.format(project=project)) raise ErrorUploadingFileS3() return ret
def mutate(self, info, **parameters): if parameters.get('type') in ['comment', 'observation']: user_data = util.get_jwt_content(info.context) role = get_user_role(user_data) if parameters.get('type') == 'observation' and \ role not in ['analyst', 'admin']: util.cloudwatch_log( info.context, 'Security: \ Unauthorized role attempted to add observation') raise GraphQLError('Access denied') user_email = user_data['user_email'] comment_id = int(round(time() * 1000)) comment_data = { 'user_id': comment_id, 'comment_type': parameters.get('type'), 'content': parameters.get('content'), 'fullname': str.join(' ', [user_data['first_name'], user_data['last_name']]), 'parent': int(parameters.get('parent')), } success = finding_domain.add_comment( user_email=user_email, comment_data=comment_data, finding_id=parameters.get('finding_id'), is_remediation_comment=False) else: raise GraphQLError('Invalid comment type') if success: util.invalidate_cache(parameters.get('finding_id')) util.cloudwatch_log( info.context, 'Security: Added comment in\ finding {id} succesfully'.format( id=parameters.get('finding_id'))) else: util.cloudwatch_log( info.context, 'Security: Attempted to add \ comment in finding {id}'.format( id=parameters.get('finding_id'))) ret = AddFindingComment(success=success, comment_id=comment_id) return ret
def resolve_update_access_token(_, info, expiration_time): """Resolve update_access_token mutation.""" user_info = util.get_jwt_content(info.context) email = user_info['user_email'] token_data = util.calculate_hash_token() session_jwt = '' success = False if util.is_valid_expiration_time(expiration_time): session_jwt = jwt.encode( { 'user_email': email, 'company': user_domain.get_data( email, 'company'), 'first_name': user_info['first_name'], 'last_name': user_info['last_name'], 'jti': token_data['jti'], 'iat': datetime.utcnow().timestamp(), 'exp': expiration_time }, algorithm='HS512', key=settings.JWT_SECRET_API ) success = user_domain.update_access_token(email, token_data) if success: util.cloudwatch_log( info.context, '{email} update access token'.format( email=user_info['user_email'])) else: util.cloudwatch_log( info.context, '{email} attempted to update access token' .format(email=user_info['user_email'])) else: util.cloudwatch_log( info.context, '{email} attempted to use expiration time \ greater than six months or minor than current time' .format(email=user_info['user_email'])) raise InvalidExpirationTime() return dict(success=success, session_jwt=session_jwt)
def resolve_set_alert(_, info, company, message, project_name): """Resolve set_alert mutation.""" success = alert_domain.set_company_alert(company, message, project_name) if success: util.cloudwatch_log(info.context, f'Security: Set alert of {company}') return dict(success=success)
def update_treatment_vuln(vulnerabilities: List[str], finding_id: str, updated_values: Dict[str, FindingType], info) -> bool: if updated_values.get('acceptance_date'): del updated_values['acceptance_date'] del updated_values['finding_id'] user_email = util.get_jwt_content(info.context)['user_email'] updated_vuln_description = [] for vulnerability in vulnerabilities: vuln_info = cast(List[Dict[str, FindingType]], vuln_dal.get(finding_id, uuid=vulnerability)) new_info = copy.copy(updated_values) if new_info.get('tag'): new_info['tag'] = cast(List[str], vuln_info[0].get('tag', [])) for tag in str(updated_values['tag']).split(','): validations.validate_field(cast(List[str], tag)) if tag.strip(): cast(List[str], new_info['tag']).append(tag.strip()) new_info['tag'] = cast( # conflict between mypy and pylint -> 'github.com/PyCQA/pylint/issues/2377' # pylint: disable=unsubscriptable-object List[str], list(set(cast(Iterable[Collection[str]], new_info['tag'])))) new_info['tag'] = [ html.unescape(tag) for tag in cast(List[str], new_info['tag']) ] new_info = { key: None if not value else value for key, value in new_info.items() } new_info = { util.camelcase_to_snakecase(k): new_info.get(k) for k in new_info } result_update_vuln = \ vuln_dal.update(finding_id, vulnerability, new_info) if 'lines' in str(vuln_info[0]['vuln_type']): where = 'Path' specific = 'Line' elif 'ports' in str(vuln_info[0]['vuln_type']): where = 'Host' specific = 'Port' else: where = 'URL' specific = 'Field' mail_description =\ "<b>{where}:</b>{where_info} \ <b>{specific}:</b> {specific_info}"\ .format(where=where, where_info=vuln_info[0]['where'], specific_info=vuln_info[0]['specific'], specific=specific) updated_vuln_description.append( {'updated_vuln_description': mail_description}) if not result_update_vuln: util.cloudwatch_log( info.context, 'Security: Attempted to update vulnerability\ :{id} from finding:{finding}'.format(id=vulnerability, finding=finding_id)) return False util.cloudwatch_log( info.context, 'Security: Updated vulnerability:\ {id} from finding:{finding} succesfully'.format(id=vulnerability, finding=finding_id)) if updated_values.get('treatment') != 'NEW': send_updated_vuln_email(finding_id, user_email, cast(Dict[str, str], updated_values), str(updated_vuln_description)) return True
def _create_new_user( context: Dict[str, Union[int, _List[str]]], new_user_data: Dict[str, str], project_name: str) -> bool: analizable_list = list(new_user_data.values())[1:-1] if ( all(validate_alphanumeric_field(field) for field in analizable_list) and validate_phone_field(new_user_data['phone_number']) and validate_email_address(new_user_data['email']) ): email = new_user_data['email'] organization = new_user_data['organization'] responsibility = new_user_data['responsibility'] role = new_user_data['role'] phone_number = new_user_data['phone_number'] else: return False success = False if not user_domain.get_data(email, 'email'): user_domain.create( email.lower(), {'company': organization.lower(), 'phone': phone_number}) if not user_domain.is_registered(email): user_domain.register(email) user_domain.assign_role(email, role) user_domain.update(email, organization.lower(), 'company') elif user_domain.is_registered(email): user_domain.assign_role(email, role) if project_name and responsibility and len(responsibility) <= 50: project_domain.add_access( email, project_name, 'responsibility', responsibility ) else: util.cloudwatch_log( context, 'Security: {email} Attempted to add responsibility to project \ {project} without validation'.format(email=email, project=project_name) ) if phone_number and phone_number[1:].isdigit(): user_domain.add_phone_to_user(email, phone_number) if project_name and role == 'customeradmin': project_domain.add_user(project_name.lower(), email.lower(), role) if project_name and user_domain.update_project_access( email, project_name, True ): description = project_domain.get_description(project_name.lower()) project_url = \ 'https://fluidattacks.com/integrates/dashboard#!/project/' \ + project_name.lower() + '/indicators' mail_to = [email] context = { 'admin': email, 'project': project_name, 'project_description': description, 'project_url': project_url, } email_send_thread = \ threading.Thread(name='Access granted email thread', target=send_mail_access_granted, args=(mail_to, context,)) email_send_thread.start() success = True return success
def resolve_event(_, info, identifier): """Resolve event query.""" util.cloudwatch_log( info.context, f'Security: Access to Event: {identifier} succesfully') return event_domain.get_event(identifier)