def delete(self, audit_id):
"""
.. http:delete:: /api/1/issues/1234/justification
Remove a justification on an audit issue on a specific item.
**Example Request**:
.. sourcecode:: http
DELETE /api/1/issues/1234/justification HTTP/1.1
Host: example.com
Accept: application/json
**Example Response**:
.. sourcecode:: http
HTTP/1.1 202 OK
Vary: Accept
Content-Type: application/json
{
"status": "deleted"
}
:statuscode 202: Accepted
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to delete justifications"}, 403
item = ItemAudit.query.filter(ItemAudit.id == audit_id).first()
if not item:
return {"Error": "Item with audit_id {} not found".format(audit_id)}, 404
item.justified_user_id = None
item.justified = False
item.justified_date = None
item.justification = None
db.session.add(item)
db.session.commit()
return {"status": "deleted"}, 202
def delete(self, account_id):
"""
.. http:delete:: /api/1/account/1
Delete an account.
**Example Request**:
.. sourcecode:: http
DELETE /api/1/account/1 HTTP/1.1
Host: example.com
Accept: application/json
**Example Response**:
.. sourcecode:: http
HTTP/1.1 202 Accepted
Vary: Accept
Content-Type: application/json
{
'status': 'deleted'
}
:statuscode 202: accepted
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit accounts"}, 403
# Need to unsubscribe any users first:
users = User.query.filter(User.accounts.any(Account.id == account_id)).all()
for user in users:
user.accounts = [account for account in user.accounts if not account.id == account_id]
db.session.add(user)
db.session.commit()
account = Account.query.filter(Account.id == account_id).first()
db.session.delete(account)
db.session.commit()
return {'status': 'deleted'}, 202
def put(self, as_id):
"""
.. http:put:: /api/1/auditorsettings/<int ID>
Update an AuditorSetting
**Example Request**:
.. sourcecode:: http
PUT /api/1/auditorsettings/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
account: "aws-account-name",
disabled: false,
id: 1,
issue: "User with password login.",
technology: "iamuser"
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Content-Type: application/json
:statuscode 200: no error
:statuscode 401: Authentication failure. Please login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit the auditor settings"}, 403
self.reqparse.add_argument('disabled', type=bool, required=True, location='json')
args = self.reqparse.parse_args()
disabled = args.pop('disabled', None)
results = AuditorSettings.query.get(as_id)
results.disabled = disabled
db.session.add(results)
db.session.commit()
return 200
def delete(self, item_id):
"""
.. http:delete:: /api/1/ignorelistentries/123
Delete a ignorelist entry.
**Example Request**:
.. sourcecode:: http
DELETE /api/1/ignorelistentries/123 HTTP/1.1
Host: example.com
Accept: application/json
**Example Response**:
.. sourcecode:: http
HTTP/1.1 202 Accepted
Vary: Accept
Content-Type: application/json
{
'status': 'deleted'
}
:statuscode 202: accepted
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit the ignore list"}, 403
IgnoreListEntry.query.filter(IgnoreListEntry.id == item_id).delete()
db.session.commit()
return {'status': 'deleted'}, 202
def put(self, account_id):
"""
.. http:put:: /api/1/account/1
Edit an existing account.
**Example Request**:
.. sourcecode:: http
PUT /api/1/account/1 HTTP/1.1
Host: example.com
Accept: application/json
{
'name': 'edited_account'
's3_name': 'edited_account',
'number': '0123456789',
'notes': 'this account is for ...',
'role_name': 'CustomRole',
'active': true,
'third_party': false
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json
{
'name': 'edited_account'
's3_name': 'edited_account',
'number': '0123456789',
'notes': 'this account is for ...',
'role_name': 'CustomRole',
'active': true,
'third_party': false
}
:statuscode 200: no error
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit accounts"}, 403
self.reqparse.add_argument('name', required=False, type=unicode, help='Must provide account name', location='json')
self.reqparse.add_argument('s3_name', required=False, type=unicode, help='Will use name if s3_name not provided.', location='json')
self.reqparse.add_argument('number', required=False, type=unicode, help='Add the account number if available.', location='json')
self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json')
self.reqparse.add_argument('role_name', required=False, type=unicode, help='Custom role name.', location='json')
self.reqparse.add_argument('active', required=False, type=bool, help='Determines whether this account should be interrogated by security monkey.', location='json')
self.reqparse.add_argument('third_party', required=False, type=bool, help='Determines whether this account is a known friendly third party account.', location='json')
args = self.reqparse.parse_args()
account = Account.query.filter(Account.id == account_id).first()
if not account:
return {'status': 'error. Account ID not found.'}, 404
account.name = args['name']
account.s3_name = args['s3_name']
account.number = args['number']
account.notes = args['notes']
account.role_name = args['role_name']
account.active = args['active']
account.third_party = args['third_party']
db.session.add(account)
db.session.commit()
db.session.refresh(account)
marshaled_account = marshal(account.__dict__, ACCOUNT_FIELDS)
marshaled_account['auth'] = self.auth_dict
return marshaled_account, 200
def put(self, item_id):
"""
.. http:get:: /api/1/ignorelistentries/<int:id>
Update the ignorelist entry with the given ID.
**Example Request**:
.. sourcecode:: http
PUT /api/1/ignorelistentries/123 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"id": 123,
"prefix": "noisy_",
"notes": "Security Monkey shouldn't track noisy_* objects",
"technology": "securitygroup"
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json
{
"id": 123,
"prefix": "noisy_",
"notes": "Security Monkey shouldn't track noisy_* objects",
"technology": "securitygroup",
auth: {
authenticated: true,
user: "******"
}
}
:statuscode 200: no error
:statuscode 404: item with given ID not found
:statuscode 401: Authentication failure. Please login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit the ignore list"}, 403
self.reqparse.add_argument('prefix', required=True, type=unicode, help='A prefix must be provided which matches the objects you wish to ignore.', location='json')
self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json')
self.reqparse.add_argument('technology', required=True, type=unicode, help='Network CIDR required.', location='json')
args = self.reqparse.parse_args()
prefix = args['prefix']
technology = args.get('technology', True)
notes = args.get('notes', None)
result = IgnoreListEntry.query.filter(IgnoreListEntry.id == item_id).first()
if not result:
return {"status": "Whitelist entry with the given ID not found."}, 404
result.prefix = prefix
result.notes = notes
technology = Technology.query.filter(Technology.name == technology).first()
if not technology:
return {"status": "Could not find a technology with the given name"}, 500
result.tech_id = technology.id
db.session.add(result)
db.session.commit()
db.session.refresh(result)
whitelistentry_marshaled = marshal(result.__dict__, IGNORELIST_FIELDS)
whitelistentry_marshaled['technology'] = result.technology.name
whitelistentry_marshaled['auth'] = self.auth_dict
return whitelistentry_marshaled, 200
def post(self):
"""
.. http:post:: /api/1/ignorelistentries
Create a new CIDR whitelist entry.
**Example Request**:
.. sourcecode:: http
POST /api/1/ignorelistentries HTTP/1.1
Host: example.com
Accept: application/json
{
"prefix": "noisy_",
"notes": "Security Monkey shouldn't track noisy_* objects",
"technology": "securitygroup"
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 201 Created
Vary: Accept
Content-Type: application/json
{
"id": 123,
"prefix": "noisy_",
"notes": "Security Monkey shouldn't track noisy_* objects",
"technology": "securitygroup"
}
:statuscode 201: created
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit the ignore list"}, 403
self.reqparse.add_argument('prefix', required=True, type=unicode, help='A prefix must be provided which matches the objects you wish to ignore.', location='json')
self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json')
self.reqparse.add_argument('technology', required=True, type=unicode, help='Network CIDR required.', location='json')
args = self.reqparse.parse_args()
prefix = args['prefix']
technology = args.get('technology', True)
notes = args.get('notes', None)
entry = IgnoreListEntry()
entry.prefix = prefix
if notes:
entry.notes = notes
technology = Technology.query.filter(Technology.name == technology).first()
if not technology:
return {"status": "Could not find a technology with the given name"}, 500
entry.tech_id = technology.id
db.session.add(entry)
db.session.commit()
db.session.refresh(entry)
ignorelistentry_marshaled = marshal(entry.__dict__, IGNORELIST_FIELDS)
ignorelistentry_marshaled['technology'] = entry.technology.name
ignorelistentry_marshaled['auth'] = self.auth_dict
return ignorelistentry_marshaled, 201
def post(self, audit_id):
"""
.. http:post:: /api/1/issues/1234/justification
Justify an audit issue on a specific item.
**Example Request**:
.. sourcecode:: http
POST /api/1/issues/1234/justification HTTP/1.1
Host: example.com
Accept: application/json
{
'justification': 'I promise not to abuse this.'
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 201 OK
Vary: Accept
Content-Type: application/json
{
"result": {
"justification": "I promise not to abuse this.",
"issue": "Example Issue",
"notes": "Example Notes",
"score": 0,
"item_id": 11890,
"justified_user": "******",
"justified": true,
"justified_date": "2014-06-19 21:45:58.779168",
"id": 1234
},
"auth": {
"authenticated": true,
"user": "******"
}
}
:statuscode 201: no error
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to justify issues"}, 403
self.reqparse.add_argument('justification', required=False, type=str, help='Must provide justification', location='json')
args = self.reqparse.parse_args()
item = ItemAudit.query.filter(ItemAudit.id == audit_id).first()
if not item:
return {"Error": "Item with audit_id {} not found".format(audit_id)}, 404
item.justified_user_id = current_user.id
item.justified = True
item.justified_date = datetime.datetime.utcnow()
item.justification = args['justification']
db.session.add(item)
db.session.commit()
db.session.refresh(item)
retdict = {'auth': self.auth_dict}
if item.user:
retdict['result'] = dict(
marshal(item.__dict__, AUDIT_FIELDS).items() +
{"justified_user": item.user.email}.items())
else:
retdict['result'] = dict(
marshal(item.__dict__, AUDIT_FIELDS).items() +
{"justified_user": None}.items())
return retdict, 200
def put(self, item_id):
"""
.. http:get:: /api/1/whitelistcidrs/<int:id>
Update the whitelist entry with the given ID.
**Example Request**:
.. sourcecode:: http
PUT /api/1/whitelistcidrs/123 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"id": 123,
"name": "Corp",
"notes": "Corporate Network - New",
"cidr": "2.2.0.0/16"
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json
{
"id": 123,
"name": "Corp",
"notes": "Corporate Network - New",
"cidr": "2.2.0.0/16",
auth: {
authenticated: true,
user: "******"
}
}
:statuscode 200: no error
:statuscode 404: item with given ID not found
:statuscode 401: Authentication failure. Please login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to edit the whitelist"}, 403
self.reqparse.add_argument(
"name", required=True, type=unicode, help="Must provide account name", location="json"
)
self.reqparse.add_argument("cidr", required=True, type=unicode, help="Network CIDR required.", location="json")
self.reqparse.add_argument("notes", required=False, type=unicode, help="Add context.", location="json")
args = self.reqparse.parse_args()
name = args["name"]
cidr = args.get("cidr", True)
notes = args.get("notes", None)
result = NetworkWhitelistEntry.query.filter(NetworkWhitelistEntry.id == item_id).first()
if not result:
return {"status": "Whitelist entry with the given ID not found."}, 404
result.name = name
result.cidr = cidr
result.notes = notes
db.session.add(result)
db.session.commit()
db.session.refresh(result)
whitelistentry_marshaled = marshal(result.__dict__, WHITELIST_FIELDS)
whitelistentry_marshaled["auth"] = self.auth_dict
return whitelistentry_marshaled, 200
def post(self):
"""
.. http:post:: /api/1/whitelistcidrs
Create a new CIDR whitelist entry.
**Example Request**:
.. sourcecode:: http
POST /api/1/whitelistcidrs HTTP/1.1
Host: example.com
Accept: application/json
{
"name": "Corp",
"notes": "Corporate Network",
"cidr": "1.2.3.4/22"
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 201 Created
Vary: Accept
Content-Type: application/json
{
"id": 123,
"name": "Corp",
"notes": "Corporate Network",
"cidr": "1.2.3.4/22"
}
:statuscode 201: created
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
if not __check_admin__():
return {"Error": "You must be an admin to change the whitelist"}, 403
self.reqparse.add_argument(
"name", required=True, type=unicode, help="Must provide account name", location="json"
)
self.reqparse.add_argument("cidr", required=True, type=unicode, help="Network CIDR required.", location="json")
self.reqparse.add_argument("notes", required=False, type=unicode, help="Add context.", location="json")
args = self.reqparse.parse_args()
name = args["name"]
cidr = args.get("cidr", True)
notes = args.get("notes", None)
whitelist_entry = NetworkWhitelistEntry()
whitelist_entry.name = name
whitelist_entry.cidr = cidr
if notes:
whitelist_entry.notes = notes
db.session.add(whitelist_entry)
db.session.commit()
db.session.refresh(whitelist_entry)
whitelistentry_marshaled = marshal(whitelist_entry.__dict__, WHITELIST_FIELDS)
whitelistentry_marshaled["auth"] = self.auth_dict
return whitelistentry_marshaled, 201
