Skip to content
Permalink
Browse files

Adding addtional API methods.

  • Loading branch information...
aaronweaver committed Feb 2, 2018
1 parent ff8b10e commit a5da2e90658a6e445433706dda03789d4d73b4a3
Showing with 266 additions and 5 deletions.
  1. +1 −1 app.json
  2. +243 −3 dojo/api.py
  3. +10 −0 dojo/forms.py
  4. +2 −0 dojo/models.py
  5. +10 −1 dojo/urls.py
@@ -1,5 +1,5 @@
{
"name": "Application Name",
"repository": "https://github.com/aaronweaver/django-DefectDojo",
"repository": "https://github.com/DefectDojo/django-DefectDojo",
"image": "appsecpipeline/django-defectdojo"
}
@@ -21,10 +21,13 @@
from dojo.models import Product, Engagement, Test, Finding, \
User, ScanSettings, IPScan, Scan, Stub_Finding, Risk_Acceptance, \
Finding_Template, Test_Type, Development_Environment, \
BurpRawRequestResponse, Endpoint, Notes
BurpRawRequestResponse, Endpoint, Notes, JIRA_PKey, JIRA_Conf, \
JIRA_Issue, Tool_Product_Settings, Tool_Configuration, Tool_Type
from dojo.forms import ProductForm, EngForm2, TestForm, \
ScanSettingsForm, FindingForm, StubFindingForm, FindingTemplateForm, \
ImportScanForm, SEVERITY_CHOICES
ImportScanForm, SEVERITY_CHOICES, JIRAForm, JIRA_PKeyForm, EditEndpointForm, \
AddEndpointForm, JIRA_IssueForm, ToolConfigForm, ToolProductSettingsForm, \
ToolTypeForm
from dojo.tools.factory import import_parser_factory
from dojo.utils import get_system_setting
from datetime import datetime
@@ -417,6 +420,244 @@ def dehydrate(self, bundle):
bundle.data['requester'] = bundle.obj.requester
return bundle

"""
/api/v1/tool_configurations/
GET [/id/], DELETE [/id/]
Expects: no params or id
Returns Tool_ConfigurationResource
Relevant apply filter ?test_type=?, ?id=?
POST, PUT, DLETE [/id/]
"""

class Tool_TypeResource(BaseModelResource):

class Meta:
resource_name = 'tool_types'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
queryset = Tool_Configuration.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'name': ALL,
'description': ALL,
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=ToolTypeForm, resource=Tool_TypeResource)

"""
/api/v1/tool_configurations/
GET [/id/], DELETE [/id/]
Expects: no params or id
Returns Tool_ConfigurationResource
Relevant apply filter ?test_type=?, ?id=?
POST, PUT, DLETE [/id/]
"""

class Tool_ConfigurationResource(BaseModelResource):

tool_type = fields.ForeignKey(Tool_TypeResource, 'tool_type',
full=False, null=False)
class Meta:
resource_name = 'tool_configurations'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
queryset = Tool_Configuration.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'name': ALL,
'tool_type': ALL_WITH_RELATIONS,
'name': ALL,
'tool_project_id': ALL,
'url': ALL,
'authentication_type': ALL,
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=ToolConfigForm, resource=Tool_ConfigurationResource)

"""
/api/v1/tool_product_settings/
GET [/id/], DELETE [/id/]
Expects: no params or id
Returns ToolProductSettingsResource
Relevant apply filter ?test_type=?, ?id=?
POST, PUT, DLETE [/id/]
"""

class ToolProductSettingsResource(BaseModelResource):

product = fields.ForeignKey(ProductResource, 'product',
full=False, null=False)
tool_configuration = fields.ForeignKey(Tool_ConfigurationResource, 'tool_configuration',
full=False, null=False)
class Meta:
resource_name = 'tool_product_settings'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
queryset = Tool_Product_Settings.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'name': ALL,
'product': ALL_WITH_RELATIONS,
'tool_configuration': ALL_WITH_RELATIONS,
'name': ALL,
'tool_project_id': ALL,
'url': ALL,
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=ToolProductSettingsForm, resource=ToolProductSettingsResource)


"""
/api/v1/endpoints/
GET [/id/], DELETE [/id/]
Expects: no params or endpoint id
Returns endpoint
Relevant apply filter ?test_type=?, ?id=?
POST, PUT, DLETE [/id/]
"""

class EndpointResource(BaseModelResource):

product = fields.ForeignKey(ProductResource, 'product',
full=False, null=False)

class Meta:
resource_name = 'endpoints'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
queryset = Endpoint.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'host': ALL,
'product': ALL_WITH_RELATIONS,
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=EditEndpointForm, resource=EndpointResource)

"""
/api/v1/jira_configurations/
GET [/id/], DELETE [/id/]
Expects: no params or JIRA_PKey
Returns jira configuration: ALL or by JIRA_PKey
POST, PUT [/id/]
"""

class JIRA_IssueResource(BaseModelResource):

class Meta:
resource_name = 'jira_finding_mappings'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
queryset = JIRA_Issue.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'jira_id': ALL,
'jira_key': ALL,
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=JIRA_IssueForm, resource=JIRA_IssueResource)

"""
/api/v1/jira_configurations/
GET [/id/], DELETE [/id/]
Expects: no params or JIRA_PKey
Returns jira configuration: ALL or by JIRA_PKey
POST, PUT [/id/]
"""

class JIRA_ConfResource(BaseModelResource):

class Meta:
resource_name = 'jira_configurations'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
queryset = JIRA_Conf.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'url': ALL
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=JIRAForm, resource=JIRA_ConfResource)

"""
/api/v1/jira/
GET [/id/], DELETE [/id/]
Expects: no params or jira product key
POST, PUT, DELETE [/id/]
"""

class JiraResource(BaseModelResource):
product = fields.ForeignKey(ProductResource, 'product',
full=False, null=False)
conf = fields.ForeignKey(JIRA_ConfResource, 'JIRA_Conf',
full=False, null=False)
class Meta:
resource_name = 'jira_product_configurations'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']

queryset = JIRA_PKey.objects.all()
include_resource_uri = True
filtering = {
'id': ALL,
'conf': ALL,
'product': ALL_WITH_RELATIONS,
'component': ALL,
'project_key': ALL,
'push_all_issues': ALL,
'enable_engagement_epic_mapping': ALL,
'push_notes': ALL
}
authentication = DojoApiKeyAuthentication()
authorization = DjangoAuthorization()
serializer = Serializer(formats=['json'])

@property
def validation(self):
return ModelFormValidation(form_class=JIRA_PKeyForm, resource=JiraResource)

"""
/api/v1/tests/
@@ -430,7 +671,6 @@ def dehydrate(self, bundle):
estimated_time, actual_time, percent_complete, notes
"""


class TestResource(BaseModelResource):
engagement = fields.ForeignKey(EngagementResource, 'engagement',
full=False, null=False)
@@ -1275,6 +1275,11 @@ class Meta:

FindingImageFormSet = modelformset_factory(FindingImage, extra=3, max_num=10, exclude=[''], can_delete=True)

class JIRA_IssueForm(forms.ModelForm):

class Meta:
model = JIRA_Issue
exclude = ['product']

class JIRAForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput, required=True)
@@ -1283,6 +1288,11 @@ class Meta:
model = JIRA_Conf
exclude = ['product']

class JIRA_PKeyForm(forms.ModelForm):

class Meta:
model = JIRA_PKey
exclude = ['product']

class ToolTypeForm(forms.ModelForm):
class Meta:
@@ -1259,6 +1259,8 @@ def __unicode__(self):
admin.site.register(IPScan)
admin.site.register(Alerts)
admin.site.register(JIRA_Issue)
admin.site.register(JIRA_Conf)
admin.site.register(JIRA_PKey)
admin.site.register(Tool_Configuration)
admin.site.register(Tool_Product_Settings)
admin.site.register(Tool_Type)
@@ -8,7 +8,9 @@
from dojo.api import UserResource, ProductResource, EngagementResource, \
TestResource, FindingResource, ScanSettingsResource, ScanResource, \
StubFindingResource, FindingTemplateResource, ImportScanResource, \
ReImportScanResource
ReImportScanResource, JiraResource, JIRA_ConfResource, EndpointResource, \
JIRA_IssueResource, ToolProductSettingsResource, Tool_ConfigurationResource, \
Tool_TypeResource
from dojo.utils import get_system_setting
from dojo.development_environment.urls import urlpatterns as dev_env_urls
from dojo.endpoint.urls import urlpatterns as endpoint_urls
@@ -50,6 +52,13 @@
v1_api.register(StubFindingResource())
v1_api.register(ImportScanResource())
v1_api.register(ReImportScanResource())
v1_api.register(EndpointResource())
v1_api.register(JiraResource())
v1_api.register(JIRA_ConfResource())
v1_api.register(JIRA_IssueResource())
v1_api.register(ToolProductSettingsResource())
v1_api.register(Tool_ConfigurationResource())
v1_api.register(Tool_TypeResource())
# v1_api.register(IPScanResource())


0 comments on commit a5da2e9

Please sign in to comment.
You can’t perform that action at this time.