def delete(self, project_id: int) -> Tuple[dict, int]: drop_project_databases(project_id) Project.apply_full_delete_by_pk(pk=project_id) remove_project_space(project_id) return { "message": f"Project with id {project_id} was successfully deleted" }, 200
def post(self, project_id, test_id): project = Project.get_or_404(project_id) args = self.post_parser.parse_args(strict=False) if isinstance(test_id, int): _filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.id == test_id) else: _filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.test_uid == test_id) task = UIPerformanceTests.query.filter(_filter).first() event = list() execution = True if args['type'] and args["type"] == "config" else False for browser in list(map(lambda x: x.strip(), task.browser.split(","))): event.append(task.configure_execution_json(output='cc', browser=browser, test_type=args.get("test_type"), params=loads(args.get("params", None)), env_vars=loads(args.get("env_vars", None)), reporting=args.get("reporter", None), customization=loads(args.get("customization", None)), cc_env_vars=loads(args.get("cc_env_vars", None)), parallel=args.get("parallel", None), execution=execution)) current_app.logger.error(f"Observer event sent {event}") if args['type'] and args["type"] == "config": return event[0] response = run_task(project.id, event) response["redirect"] = f'/task/{response["task_id"]}/results' statistic = Statistic.query.filter_by(project_id=project_id).first() statistic.ui_performance_test_runs += 1 statistic.commit() return response
def put(self, project_id, test_id): default_params = ["influx.port", "influx.host", "galloper_url", "influx.db", "test_name", "comparison_db", "loki_host", "loki_port", "test.type", "test_type"] project = Project.get_or_404(project_id) args = self.put_parser.parse_args(strict=False) if isinstance(test_id, int): _filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.id == test_id) else: _filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.test_uid == test_id) task = UIPerformanceTests.query.filter(_filter).first() for each in ["params", "env_vars", "customization", "cc_env_vars"]: params = deepcopy(getattr(task, each)) for key in list(params.keys()): if key not in loads(args.get(each)).keys() and key not in default_params: del params[key] for key, value in loads(args.get(each)).items(): if key not in params or params[key] != value: params[key] = value setattr(task, each, params) task.reporting = args["reporter"] task.loops = args['loops'] task.aggregation = args['aggregation'] task.browser = args['browser'] task.entrypoint = args['entrypoint'] task.commit() return task.to_json()
def get(self, project_id: int): args = self._parser_get.parse_args(strict=False) project = Project.get_or_404(project_id) threshold = SecurityThresholds.query.filter( and_(SecurityThresholds.test_uid == args['test_uid'], SecurityThresholds.project_id == project.id)).first() return threshold.to_json(exclude_fields=("id"))
def post(self, project_id, test_id): project = Project.get_or_404(project_id) args = self.post_parser.parse_args(strict=False) if isinstance(test_id, int): _filter = and_(PerformanceTests.project_id == project.id, PerformanceTests.id == test_id) else: _filter = and_(PerformanceTests.project_id == project.id, PerformanceTests.test_uid == test_id) task = PerformanceTests.query.filter(_filter).first() event = list() execution = True if args['type'] and args["type"] == "config" else False event.append( task.configure_execution_json( output='cc', test_type=args.get("test_type"), params=loads(args.get("params", None)), env_vars=loads(args.get("env_vars", None)), reporting=args.get("reporter", None), customization=loads(args.get("customization", None)), cc_env_vars=loads(args.get("cc_env_vars", None)), parallel=args.get("parallel", None), region=args.get("region", "default"), execution=execution, emails=args.get("emails", None))) if args['type'] and args["type"] == "config": return event[0] for each in event: each["test_id"] = task.test_uid response = run_task(project.id, event) response["redirect"] = f'/task/{response["task_id"]}/results' return response
def get(self, project_id, test_id): args = self.get_parser.parse_args(strict=False) project = Project.get_or_404(project_id) if isinstance(test_id, int): _filter = and_(PerformanceTests.project_id == project.id, PerformanceTests.id == test_id) else: _filter = and_(PerformanceTests.project_id == project.id, PerformanceTests.test_uid == test_id) test = PerformanceTests.query.filter(_filter).first() if test.git and type(test.git) is dict and test.git[ 'repo_pass'] is not None and len( test.git['repo_pass']) and args["source"] == "galloper": if not test.git['repo_pass'].startswith( "{{") and not test.git['repo_pass'].endswith("}}"): test.git['repo_pass'] = "******" if args.raw: return test.to_json([ "influx.port", "influx.host", "galloper_url", "influx.db", "comparison_db", "telegraf_db", "loki_host", "loki_port", "influx.username", "influx.password" ]) if args["type"] == "docker": message = test.configure_execution_json(args.get("type"), execution=args.get("exec")) else: message = [{"test_id": test.test_uid}] return {"config": message} # this is cc format
def get(self, project_id, test_uuid): project = Project.get_or_404(project_id) job_type = "not_found" # check if APIPerformanceTests _filter = and_(PerformanceTests.project_id == project.id, PerformanceTests.test_uid == test_uuid) test = PerformanceTests.query.filter(_filter).first() if test: job_type = test.job_type _filter = and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.test_uid == test_uuid) test = UIPerformanceTests.query.filter(_filter).first() if test: job_type = test.job_type _filter = and_(SecurityTestsDAST.project_id == project.id, SecurityTestsDAST.test_uid == test_uuid) test = SecurityTestsDAST.query.filter(_filter).first() if test: job_type = "dast" _filter = and_(SecurityTestsSAST.project_id == project.id, SecurityTestsSAST.test_uid == test_uuid) test = SecurityTestsSAST.query.filter(_filter).first() if test: job_type = "sast" return {"job_type": job_type}
def post(self, project_id: int): args = self.post_parser.parse_args(strict=False) project = Project.get_or_404(project_id) file_name = args["file"].filename bucket = "tests" upload_file(bucket, args["file"], project, create_if_not_exists=True) browser = args["browser"] runner = "getcarrier/observer:latest" job_type = "observer" env_vars = loads(args["env_vars"]) if "ENV" not in env_vars.keys(): env_vars['ENV'] = 'Default' test = UIPerformanceTests(project_id=project.id, test_uid=str(uuid4()), name=args["name"], bucket=bucket, file=file_name, entrypoint=args["entrypoint"], runner=runner, browser=browser, parallel=1, reporting=args["reporter"].split(","), params=loads(args["params"]), env_vars=env_vars, customization=loads(args["customization"]), cc_env_vars=loads(args["cc_env_vars"]), job_type=job_type, loops=args['loops'], aggregation=args['aggregation'] ) test.insert() current_app.logger.info(test.to_json()) return test.to_json(exclude_fields=("id",))
def get(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=R0201,C0111 # Check project_id for validity project = Project.get_or_404(project_id) # Get secret secrets = get_project_secrets(project.id) _secret = secrets.get(secret) if secrets.get(secret) else get_project_hidden_secrets(project.id).get(secret) return {"secret": _secret}, 200
def get(self, project_id: int, report_id, action: Optional[str] = "table"): args = self._parser_get.parse_args(strict=False) _action_mapping = {"table": [], "chart": {"nodes": [], "edges": []}} if isinstance(report_id, int): report = UIReport.query.get_or_404(report_id) results = UIResult.query.filter_by(project_id=project_id, report_uid=report.uid).order_by( UIResult.session_id, UIResult.id).all() else: report = UIReport.query.filter_by(project_id=project_id, uid=report_id).first_or_404() results = UIResult.query.filter_by(project_id=project_id, report_uid=report_id).order_by( UIResult.session_id, UIResult.id).all() if action == 'recalculate': project = Project.get_or_404(project_id) return self.recalculate(project, results) nodes, edges = self.build_graph(project_id, results, report.aggregation, report.loops, args["metric"]) _action_mapping["chart"]["nodes"] = nodes _action_mapping["chart"]["edges"] = edges _action_mapping["table"] = self.build_table(results, report.base_url) return _action_mapping[action]
def get(self, project_id: int, task_id: str): args = self.get_parser.parse_args(strict=False) task = Task.query.filter_by(task_id=task_id).first() project = Project.get_or_404(project_id) if args.get("exec"): return unsecret(task.to_json(), project_id=project.id) return task.to_json()
def post(self, project_id, test_id): """ Run test """ args = self.post_parser.parse_args(strict=False) project = Project.get_or_404(project_id) # if isinstance(test_id, int): _filter = and_(SecurityTestsSAST.project_id == project.id, SecurityTestsSAST.id == test_id) else: _filter = and_(SecurityTestsSAST.project_id == project.id, SecurityTestsSAST.test_uid == test_id) task = SecurityTestsSAST.query.filter(_filter).first() # execution = bool(args["type"] and args["type"] == "config") # event = list() event.append(task.configure_execution_json("cc", execution=execution)) # if args["type"] and args["type"] == "config": return event[0] # response = run_task(project.id, event) response["redirect"] = f"/task/{response['task_id']}/results" # statistic = Statistic.query.filter_by(project_id=project_id).first() statistic.sast_scans += 1 statistic.commit() # return response
def put(self, project_id: int): args = self._parser_put.parse_args(strict=False) project = Project.get_or_404(project_id) test_data = get_test_details(build_id=args["build_id"], test_name=args["test_name"], lg_type=args["lg_type"]) report = APIReport.query.filter( and_(APIReport.project_id == project.id, APIReport.build_id == args["build_id"])).first() report.end_time = test_data["end_time"] report.start_time = test_data["start_time"] report.failures = test_data["failures"] report.total = test_data["total"] report.thresholds_missed = args.get("missed", 0) report.throughput = test_data["throughput"] report.pct95 = test_data["pct95"] report.onexx = test_data["1xx"] report.twoxx = test_data["2xx"] report.threexx = test_data["3xx"] report.fourxx = test_data["4xx"] report.fivexx = test_data["5xx"] report.requests = ";".join(test_data["requests"]) report.status = args["status"] report.vusers = args["vusers"] report.duration = args["duration"] report.commit() return {"message": "updated"}
def get(self, project_id: int): args = self._parser_get.parse_args(strict=False) project = Project.get_or_404(project_id) if args.get("type") == "ui": return self._get_ui_pages(project.id, args.get("name")) else: return self._get_backend_requests(project.id, args.get("name"))
def post(self, project_id: int): args = self._parser_post.parse_args(strict=False) project = Project.get_or_404(project_id) threshold = SecurityThresholds.query.filter(and_(SecurityThresholds.test_uid == args['test_uid'], SecurityThresholds.project_id == project.id)).first() if not threshold: test_name = SecurityTestsSAST.query.filter(and_(SecurityTestsSAST.test_uid == args['test_uid'], SecurityTestsSAST.project_id == project.id)).first() if test_name: name = test_name.name else: test_name = SecurityTestsDAST.query.filter(and_(SecurityTestsDAST.test_uid == args['test_uid'], SecurityTestsDAST.project_id == project.id)).first() name = test_name.name threshold = SecurityThresholds(project_id=project.id, test_name=name, test_uid=args["test_uid"], critical=-1, high=-1, medium=-1, low=-1, info=-1, critical_life=-1, high_life=-1, medium_life=-1, low_life=-1, info_life=-1) op = threshold.insert else: op = threshold.commit threshold.critical = args['critical'] threshold.high = args['high'] threshold.medium = args['medium'] threshold.low = args['low'] threshold.info = args['info'] op() return threshold.to_json(exclude_fields=("id"))
def put(self, project_id: Optional[int] = None) -> Tuple[dict, int]: data = self._parser_post.parse_args() if not project_id: return {"message": "Specify project id"}, 400 project = Project.get_or_404(project_id) project.name = data["name"] project.project_owner = data["owner"] package = data["package"].lower() project.dast_enabled = False if data[ "dast_enabled"] == "disabled" else True project.sast_enabled = False if data[ "sast_enabled"] == "disabled" else True project.performance_enabled = False if data[ "performance_enabled"] == "disabled" else True project.package = package project.commit() if package == "custom": getattr(project_quota, "custom")( project.id, data["perf_tests_limit"], data["ui_perf_tests_limit"], data["sast_scans_limit"], data["dast_scans_limit"], -1, data["storage_space_limit"], data["data_retention_limit"], data["tasks_count_limit"], data["task_executions_limit"]) else: getattr(project_quota, package)(project.id) return project.to_json(exclude_fields=Project.API_EXCLUDE_FIELDS)
def get(self, project_id): project = Project.get_or_404(project_id) args = self.get_parser.parse_args(strict=False) if args['name'] not in ['post_processor', 'control_tower', 'all']: return {"message": "go away", "code": 400}, 400 secrets = get_project_hidden_secrets(project.id) project_secrets = {} if args['name'] == 'post_processor': secrets = self._create_pp(project, secrets) elif args['name'] == 'control_tower': secrets = self._create_cc(project, secrets) elif args['name'] == 'all': secrets = self._create_pp(project, secrets) secrets = self._create_cc(project, secrets) project_secrets["galloper_url"] = APP_HOST project_secrets["project_id"] = project.id secrets["redis_host"] = APP_IP secrets["loki_host"] = EXTERNAL_LOKI_HOST.replace( "https://", "http://") secrets["influx_ip"] = APP_IP secrets["influx_port"] = INFLUX_PORT secrets["loki_port"] = LOKI_PORT secrets["redis_password"] = REDIS_PASSWORD set_project_secrets(project.id, project_secrets) else: return {"message": "go away", "code": 400}, 400 set_project_hidden_secrets(project.id, secrets) return {"message": "Done", "code": 200}
def post(self, project_id: int) -> Tuple[dict, int]: # pylint: disable=C0111 data = self._parser_post.parse_args() # Check project_id for validity project = Project.get_or_404(project_id) # Set secrets set_project_secrets(project.id, data["secrets"]) return {"message": f"Project secrets were saved"}, 200
def get(self, project_id: int, seed: str): """ Get config for seed """ args = self.get_parser.parse_args(strict=False) project = Project.get_or_404(project_id) # test_type = seed.split("_")[0] test_id = seed.split("_")[1] # if test_type == "dast": _filter = and_(SecurityTestsDAST.project_id == project.id, SecurityTestsDAST.test_uid == test_id) test = SecurityTestsDAST.query.filter(_filter).first() # if test_type == "sast": _filter = and_(SecurityTestsSAST.project_id == project.id, SecurityTestsSAST.test_uid == test_id) test = SecurityTestsSAST.query.filter(_filter).first() # try: thresholds = SecurityThresholds.query.filter( SecurityThresholds.test_uid == test_id).first().to_json( exclude_fields=("id", "project_id", "test_name", "test_uid")) current_app.logger.info(thresholds) except AttributeError: thresholds = {} return test.configure_execution_json(args.get("type"), execution=True, thresholds=thresholds)
def post(self, project_id: int): """ Create new test """ current_app.logger.info(request.form) args = self.post_parser.parse_args(strict=False) project = Project.get_or_404(project_id) test = SecurityTestsSAST( project_id=project.id, test_uid=str(uuid4()), name=args["name"], region=args["region"], sast_settings={ "project_name": project.name, **loads(args["sast_settings"]), }, ) test.insert() threshold = SecurityThresholds( project_id=project.id, test_name=args["name"], test_uid=test.test_uid, critical=-1, high=-1, medium=-1, low=-1, info=-1, critical_life=-1, high_life=-1, medium_life=-1, low_life=-1, info_life=-1, ) threshold.insert() current_app.logger.info(test.to_json()) return test.to_json(exclude_fields=("id", ))
def delete(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111 project = Project.get_or_404(project_id) secrets = get_project_secrets(project.id) if secret in secrets: del secrets[secret] set_project_secrets(project.id, secrets) return {"message": "deleted"}, 200
def get(self, project_id: int): args = self._parser_get.parse_args(strict=False) project = Project.get_or_404(project_id) report = APIReport.query.filter_by(project_id=project.id, build_id=args["build_id"]).first() return {"status": report.status}
def get( self, project_id: Optional[int] = None ) -> Union[Tuple[dict, int], Tuple[list, int]]: args = self._parser_get.parse_args() offset_ = args["offset"] limit_ = args["limit"] search_ = args["search"] allowed_project_ids = only_users_projects() _filter = None if "all" not in allowed_project_ids: _filter = Project.id.in_(allowed_project_ids) if project_id: project = Project.get_or_404(project_id) return project.to_json( exclude_fields=Project.API_EXCLUDE_FIELDS), 200 elif search_: filter_ = Project.name.ilike(f"%{search_}%") if _filter is not None: filter_ = and_(_filter, filter_) projects = Project.query.filter(filter_).limit(limit_).offset( offset_).all() else: if _filter is not None: projects = Project.query.filter(_filter).limit(limit_).offset( offset_).all() else: projects = Project.query.limit(limit_).offset(offset_).all() total = self.__get_project_count(_filter) project_list = [ project.to_json(exclude_fields=Project.API_EXCLUDE_FIELDS) for project in projects ] return {"total": total, "rows": project_list}, 200
def delete(self, project_id: int) -> Tuple[dict, int]: project = Project.get_or_404(project_id) if SessionProject.get() == project.id: SessionProject.pop() return { "message": f"Project with id {project.id} was successfully unselected" }, 200
def get(self, project_id: Optional[int] = None) -> Tuple[dict, int]: if not project_id: project_id = SessionProject.get() if project_id: project = Project.get_or_404(project_id) return project.to_json( exclude_fields=Project.API_EXCLUDE_FIELDS), 200 return {"message": "No project selected in session"}, 404
def put(self, project_id: int, report_type: str, report_id: int): args = self._parser_put.parse_args(strict=False) project = Project.get_or_404(project_id) report = REPORTS_MAPPER.get(report_type).query.filter_by( project_id=project.id, id=report_id).first() report.status = args["status"] report.commit() return {"message": f"status changed to {args['status']}"}
def get(self, project_id: int): project = Project.get_or_404(project_id) args = self._parser_get.parse_args(strict=False) res = APIThresholds.query.filter().filter( and_(APIThresholds.project_id == project.id, APIThresholds.test == args.get("name"), APIThresholds.environment == args.get("environment"))).all() return [th.to_json() for th in res]
def post(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111 data = self._parser_post.parse_args() # Check project_id for validity project = Project.get_or_404(project_id) # Set secret secrets = get_project_secrets(project.id) secrets[secret] = data["secret"] set_project_secrets(project.id, secrets) return {"message": f"Project secret was saved"}, 200
def delete(self, project_id: int): args = self.delete_parser.parse_args(strict=False) project = Project.get_or_404(project_id) query_result = UIPerformanceTests.query.filter( and_(UIPerformanceTests.project_id == project.id, UIPerformanceTests.id.in_(args["id[]"]))).all() for each in query_result: each.delete() return {"message": "deleted"}
def get(self, project_id: int) -> Tuple[dict, int]: # pylint: disable=R0201,C0111 # Check project_id for validity project = Project.get_or_404(project_id) # Get secrets secrets_dict = get_project_secrets(project.id) resp = [] for key in secrets_dict.keys(): resp.append({"name": key, "secret": "******"}) return resp