def on_post(self, req, resp, organization_code): """Adds a security threat to an organization. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param organization_code: The code of the organization. """ session = Session() try: organization = session.query(Organization).get(organization_code) if organization is None: raise falcon.HTTPNotFound() errors = validate_post(req.media, organization_code, session) if errors: raise HTTPUnprocessableEntity(errors) item = OrganizationSecurityThreat() item.organization_id = organization_code item.security_threat_id = req.media.get('security_threat_id') item.threat_level_id = req.media.get('threat_level_id') session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': custom_asdict(item)} finally: session.close()
def on_post(self, req, resp, organization_code, it_asset_instance_id): """Adds a control to an IT asset in order to decrease vulnerability against a security threat. However, the security threat against which the control is effective is not relevant here. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param organization_code: The code of the organization. :param it_asset_instance_id: The id of the IT asset instance. """ session = Session() try: organization_it_asset = find_organization_it_asset(it_asset_instance_id, organization_code, session) if organization_it_asset is None: raise falcon.HTTPNotFound() errors = validate_post(req.media, it_asset_instance_id, organization_code, session) if errors: raise HTTPUnprocessableEntity(errors) accepted_fields = ['mitigation_control_id', 'description'] item = OrganizationItAssetControl().fromdict(req.media, only=accepted_fields) item.organization_it_asset_id = it_asset_instance_id session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': custom_asdict(item)} finally: session.close()
def on_post(self, req, resp): """Creates a new system user. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. """ session = Session() try: errors = validate_post(req.media, session) if errors: raise HTTPUnprocessableEntity(errors) # Copy fields from request to a SystemUser object item = SystemUser().fromdict(req.media, only=['email', 'full_name']) # Get password and hash it password = req.media.get('password') item.hashed_password = bcrypt.hashpw(password.encode('UTF-8'), bcrypt.gensalt()) # Add roles to user being created when informed add_roles(item, req.media.get('roles')) session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': custom_asdict(item)} finally: session.close()
def on_put(self, req, resp, user_id, role_id): """Adds a role to a system user. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param user_id: The id of user. :param role_id: The id of role to be added. """ session = Session() try: user = session.query(SystemUser).get(user_id) if user is None: raise falcon.HTTPNotFound() errors = validate_put(req.media, user_id, role_id, session) if errors: raise HTTPUnprocessableEntity(errors) # Add role if not already there user_role = find_user_role(user_id, role_id, session) if not user_role: user_role = SystemUserRole(user_id=user_id, role_id=role_id) session.add(user_role) session.commit() resp.status = falcon.HTTP_OK resp.media = {'data': custom_asdict(user_role)} finally: session.close()
def on_post(self, req, resp, organization_code): """Adds a IT asset to an organization's IT service. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param organization_code: The code of the organization. """ session = Session() try: organization = session.query(Organization).get(organization_code) if organization is None: raise falcon.HTTPNotFound() errors = validate_post(req.media, organization_code, session) if errors: raise HTTPUnprocessableEntity(errors) accepted_fields = ['it_asset_id', 'external_identifier'] item = OrganizationITAsset().fromdict(req.media, only=accepted_fields) item.organization_id = organization_code session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.instance_id}' resp.media = {'data': custom_asdict(item)} finally: session.close()
def on_post(self, req, resp, organization_code, it_service_instance_id): """Adds an instance of IT asset to an organization IT service. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param organization_code: The code of the organization. :param it_service_instance_id: The id of the IT service instance. """ session = Session() try: it_service_instance = find_it_service_instance( it_service_instance_id, organization_code, session) if it_service_instance is None: raise falcon.HTTPNotFound() errors = validate_post(req.media, organization_code, it_service_instance_id, session) if errors: raise HTTPUnprocessableEntity(errors) accepted_fields = ['it_asset_instance_id', 'relevance_level_id'] item = OrganizationITServiceITAsset().fromdict( req.media, only=accepted_fields) item.it_service_instance = it_service_instance session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.it_asset_instance_id}' resp.media = {'data': custom_asdict(item)} finally: session.close()
def on_post(self, req, resp, organization_code, it_asset_instance_id): """Adds a vulnerability to an IT asset of an organization. This represents how vulnerable an IT asset is to a security threat. The security threat must be previously registered for organization. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param organization_code: The code of the organization. :param it_asset_instance_id: The id of the IT asset instance. """ session = Session() try: it_asset_instance = find_it_asset_instance(it_asset_instance_id, organization_code, session) if it_asset_instance is None: raise falcon.HTTPNotFound() errors = validate_post(req.media, organization_code, it_asset_instance_id, session) if errors: raise HTTPUnprocessableEntity(errors) # Get the entry of organization security threat from security threat id supplied security_threat_id = req.media['security_threat_id'] organization_security_threat = find_organization_security_threat( security_threat_id, organization_code, session) item = OrganizationITAssetVulnerability() item.organization_security_threat_id = organization_security_threat.id item.it_asset_instance_id = it_asset_instance_id item.vulnerability_level_id = req.media['vulnerability_level_id'] session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': custom_asdict(item)} finally: session.close()
def on_post(self, req, resp, organization_code): """Creates a new analysis for the organization considering the already filled values for relevance, vulnerability and security threat levels in processes, IT services, IT assets and security threats. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. :param organization_code: The code of the organization. """ session = Session() try: organization = session.query(Organization).get(organization_code) if organization is None: raise falcon.HTTPNotFound() errors = validate_post(req.media) if errors: raise HTTPUnprocessableEntity(errors) scopes = remove_redundant_scopes(req.media.get('scopes')) accepted_fields = ['description'] item = OrganizationAnalysis().fromdict(req.media, only=accepted_fields) item.organization_id = organization_code item.total_processed_items = process_analysis( session, item, organization_code, scopes) if item.total_processed_items == 0: raise HTTPUnprocessableEntity( [build_error(Message.ERR_NO_ITEMS_TO_ANALYZE)]) session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': create_response_asdict(item)} finally: session.close()
def on_post(self, req, resp): """Creates a new security threat in catalog. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. """ session = Session() try: errors = validate_post(req.media, session) if errors: raise HTTPUnprocessableEntity(errors) # Copy fields from request to a SecurityThreat object item = SecurityThreat().fromdict(req.media, only=['name', 'description']) session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': item.asdict()} finally: session.close()
def on_post(self, req, resp): """Creates a new organization. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. """ session = Session() try: errors = validate_post(req.media, session) if errors: raise HTTPUnprocessableEntity(errors) # Copy fields from request to an Organization object accepted_fields = ['tax_id', 'legal_name', 'trade_name'] item = Organization().fromdict(req.media, only=accepted_fields) session.add(item) session.commit() resp.status = falcon.HTTP_CREATED resp.location = req.relative_uri + f'/{item.id}' resp.media = {'data': item.asdict()} finally: session.close()
def on_post(self, req, resp): """Process login request and return access token if successful. :param req: See Falcon Request documentation. :param resp: See Falcon Response documentation. """ session = Session() try: errors = validate_post(req.media) if errors: raise HTTPUnprocessableEntity(errors) errors, user = authenticate_user(req.media, session) # If user was found let's save some info whether the are errors or not if user: user_login = SystemUserLogin() user_login.system_user_id = user.id user_login.attempted_on = datetime.utcnow() user_login.was_successful = False if errors else True session.add(user_login) session.commit() # Now errors can be evaluated if errors: raise HTTPUnauthorized(errors) # Login successful id_token = generate_id_token(user) access_token = generate_access_token(user) resp.media = { 'id_token': id_token, 'access_token': access_token } finally: session.close()