{% if key == 'SMTP_PASSWORD' %}
-
+
{% else %}
{% endif %}
@@ -199,10 +199,10 @@
Jenkins Settings
{% elif key == 'JENKINS_KEY' %}
-
+
{% elif key == 'JENKINS_TOKEN' %}
-
+
{% else %}
@@ -229,10 +229,10 @@
ServiceNOW Settings
{% elif key == 'SNOW_CLIENT_SECRET' %}
-
+
{% elif key == 'SNOW_PASSWORD' %}
-
+
{% else %}
diff --git a/src/vr/vulns/web/findings.py b/src/vr/vulns/web/findings.py
index 8c9938c8..06d44322 100644
--- a/src/vr/vulns/web/findings.py
+++ b/src/vr/vulns/web/findings.py
@@ -25,7 +25,6 @@
import base64
from io import StringIO
from flask import Response
-from config_engine import ENV
from vr.functions.ml_functions import predict_vuln_validity
from vr.vulns.model.cvssbasescoresv3 import CVSSBaseScoresV3
from vr.vulns.model.cvssbasescoresv3extensions import CVSSBaseScoresV3Extensions
@@ -42,7 +41,7 @@
UNAUTH_STATUS = "403.html"
SERVER_ERR_STATUS = "500.html"
VULN_STATUS_IS_NOT_CLOSED = "Vulnerabilities.Status NOT LIKE 'Closed-%' AND Vulnerabilities.Status NOT LIKE 'Open-RiskAccepted-%'"
-test = ENV
+test = app.config['ENV']
if test == 'test':
ISO_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
else:
diff --git a/src/vr/vulns/web/testing.py b/src/vr/vulns/web/testing.py
index 32e604b8..c69f7122 100644
--- a/src/vr/vulns/web/testing.py
+++ b/src/vr/vulns/web/testing.py
@@ -11,8 +11,8 @@
from vr.vulns.model.vulnerabilityscans import VulnerabilityScans, VulnerabilityScansSchema
from vr.functions.table_functions import load_table, update_table
from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
+from vr import app
NAV = {
@@ -115,14 +115,14 @@ def on_demand_testing():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch,
'APP_NAME': app_name
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
return redirect(request.referrer)
From d0f7120c34e3a58c60e82404516a9b7282bbf59e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:48:21 -0700
Subject: [PATCH 075/197] Update run.py
---
src/run.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/run.py b/src/run.py
index 7f0f15c7..b67be678 100644
--- a/src/run.py
+++ b/src/run.py
@@ -4,10 +4,9 @@
import datetime
import os
from vr.admin.oauth2 import config_oauth
-from config_engine import ENV, INSECURE_OAUTH
-if ENV == 'test' or INSECURE_OAUTH:
+if app.config['ENV'] == 'test' or app.config['INSECURE_OAUTH']:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
else:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '0'
From e50317f5019c213fb9c44a9630aa0cc38be4b08b Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:54:52 -0700
Subject: [PATCH 076/197] Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
---
src/config_engine.py | 430 +++++++++++-----------
src/run.py | 3 +-
src/vr/__init__.py | 102 +++--
src/vr/admin/auth_functions.py | 4 +-
src/vr/admin/email_alerts.py | 8 +-
src/vr/admin/models.py | 9 +-
src/vr/admin/routes/forgotpw.py | 3 +-
src/vr/admin/routes/forgotun.py | 3 +-
src/vr/admin/routes/login.py | 15 +-
src/vr/admin/routes/logout.py | 6 +-
src/vr/admin/routes/register.py | 3 +-
src/vr/admin/routes/settings.py | 130 ++++---
src/vr/admin/routes/users.py | 3 +-
src/vr/api/integrations/servicenow.py | 13 +-
src/vr/api/vulns/jenkins_webhook.py | 6 +-
src/vr/api/vulns/vulnerabilities.py | 3 +-
src/vr/db_models/setup.py | 9 +-
src/vr/db_models/setup_2.py | 4 +-
src/vr/orchestration/web/pipeline_jobs.py | 7 +-
src/vr/templates/admin/settings.html | 12 +-
src/vr/vulns/web/findings.py | 3 +-
src/vr/vulns/web/testing.py | 8 +-
22 files changed, 421 insertions(+), 363 deletions(-)
diff --git a/src/config_engine.py b/src/config_engine.py
index 07400d06..7ee859ad 100644
--- a/src/config_engine.py
+++ b/src/config_engine.py
@@ -14,98 +14,229 @@
from settings import SET_SNOW_INSTANCE_NAME, SET_SNOW_CLIENT_ID, SET_SNOW_CLIENT_SECRET, SET_SNOW_USERNAME, SET_SNOW_PASSWORD, SET_SNOW_CLIENT_SECRET_REF, SET_SNOW_PASSWORD_REF
-VERSION = '0.1.0-beta'
-
-if os.getenv('AZURE_KEYVAULT_NAME'):
- AZURE_KEYVAULT_NAME = os.getenv('AZURE_KEYVAULT_NAME')
-else:
- AZURE_KEYVAULT_NAME = SET_AZURE_KEYVAULT_NAME
-
-if os.getenv('AUTH_TYPE'):
- AUTH_TYPE = os.getenv('AUTH_TYPE')
-else:
- AUTH_TYPE = SET_AUTH_TYPE
-
-if os.getenv('INSECURE_OAUTH'):
- INSECURE_OAUTH = os.getenv('INSECURE_OAUTH')
-else:
- INSECURE_OAUTH = SET_INSECURE_OAUTH
-
-if INSECURE_OAUTH:
- os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
-
-if os.getenv('APP_EXT_URL'):
- APP_EXT_URL = os.getenv('APP_EXT_URL')
-else:
- APP_EXT_URL = SET_APP_EXT_URL
-
-if os.getenv('SMTP_HOST'):
- SMTP_HOST = os.getenv('SMTP_HOST')
-else:
- SMTP_HOST = SET_SMTP_HOST
-
-if os.getenv('SMTP_USER'):
- SMTP_USER = os.getenv('SMTP_USER')
-else:
- SMTP_USER = SET_SMTP_USER
-
-if os.getenv('SMTP_ADMIN_EMAIL'):
- SMTP_ADMIN_EMAIL = os.getenv('SMTP_ADMIN_EMAIL')
-else:
- SMTP_ADMIN_EMAIL = SET_SMTP_ADMIN_EMAIL
-
-if os.getenv('LDAP_HOST'):
- LDAP_HOST = os.getenv('LDAP_HOST')
-else:
- LDAP_HOST = SET_LDAP_HOST
-
-if os.getenv('LDAP_PORT'):
- LDAP_PORT = os.getenv('LDAP_PORT')
-else:
- LDAP_PORT = SET_LDAP_PORT
-
-if os.getenv('LDAP_BASE_DN'):
- LDAP_BASE_DN = os.getenv('LDAP_BASE_DN')
-else:
- LDAP_BASE_DN = SET_LDAP_BASE_DN
-
-if os.getenv('LDAP_USER_DN'):
- LDAP_USER_DN = os.getenv('LDAP_USER_DN')
-else:
- LDAP_USER_DN = SET_LDAP_USER_DN
-
-if os.getenv('LDAP_GROUP_DN'):
- LDAP_GROUP_DN = os.getenv('LDAP_GROUP_DN')
-else:
- LDAP_GROUP_DN = SET_LDAP_GROUP_DN
-
-if os.getenv('LDAP_USER_RDN_ATTR'):
- LDAP_USER_RDN_ATTR = os.getenv('LDAP_USER_RDN_ATTR')
-else:
- LDAP_USER_RDN_ATTR = SET_LDAP_USER_RDN_ATTR
-
-if os.getenv('LDAP_USER_LOGIN_ATTR'):
- LDAP_USER_LOGIN_ATTR = os.getenv('LDAP_USER_LOGIN_ATTR')
-else:
- LDAP_USER_LOGIN_ATTR = SET_LDAP_USER_LOGIN_ATTR
-
-if os.getenv('LDAP_BIND_USER_DN'):
- LDAP_BIND_USER_DN = os.getenv('LDAP_BIND_USER_DN')
-else:
- LDAP_BIND_USER_DN = SET_LDAP_BIND_USER_DN
-
-if os.getenv('LDAP_BIND_USER_PASSWORD'):
- LDAP_BIND_USER_PASSWORD = os.getenv('LDAP_BIND_USER_PASSWORD')
-else:
- LDAP_BIND_USER_PASSWORD = SET_LDAP_BIND_USER_PASSWORD
+def getConfigs(config):
+ config['TEST_SETTING'] = 'set'
+
+ config['VERSION'] = '0.1.0-beta'
+
+ if os.getenv('AZURE_KEYVAULT_NAME'):
+ config['AZURE_KEYVAULT_NAME'] = os.getenv('AZURE_KEYVAULT_NAME')
+ else:
+ config['AZURE_KEYVAULT_NAME'] = SET_AZURE_KEYVAULT_NAME
+
+ if os.getenv('AUTH_TYPE'):
+ config['AUTH_TYPE'] = os.getenv('AUTH_TYPE')
+ else:
+ config['AUTH_TYPE'] = SET_AUTH_TYPE
+
+ if os.getenv('INSECURE_OAUTH'):
+ config['INSECURE_OAUTH'] = os.getenv('INSECURE_OAUTH')
+ else:
+ config['INSECURE_OAUTH'] = SET_INSECURE_OAUTH
+
+ if config['INSECURE_OAUTH']:
+ os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
+
+ if os.getenv('APP_EXT_URL'):
+ config['APP_EXT_URL'] = os.getenv('APP_EXT_URL')
+ else:
+ config['APP_EXT_URL'] = SET_APP_EXT_URL
+
+ if os.getenv('SMTP_HOST'):
+ config['SMTP_HOST'] = os.getenv('SMTP_HOST')
+ else:
+ config['SMTP_HOST'] = SET_SMTP_HOST
+
+ if os.getenv('SMTP_USER'):
+ config['SMTP_USER'] = os.getenv('SMTP_USER')
+ else:
+ config['SMTP_USER'] = SET_SMTP_USER
+
+ if os.getenv('SMTP_ADMIN_EMAIL'):
+ config['SMTP_ADMIN_EMAIL'] = os.getenv('SMTP_ADMIN_EMAIL')
+ else:
+ config['SMTP_ADMIN_EMAIL'] = SET_SMTP_ADMIN_EMAIL
+
+ if os.getenv('LDAP_HOST'):
+ config['LDAP_HOST'] = os.getenv('LDAP_HOST')
+ else:
+ config['LDAP_HOST'] = SET_LDAP_HOST
+
+ if os.getenv('LDAP_PORT'):
+ config['LDAP_PORT'] = os.getenv('LDAP_PORT')
+ else:
+ config['LDAP_PORT'] = SET_LDAP_PORT
+
+ if os.getenv('LDAP_BASE_DN'):
+ config['LDAP_BASE_DN'] = os.getenv('LDAP_BASE_DN')
+ else:
+ config['LDAP_BASE_DN'] = SET_LDAP_BASE_DN
+
+ if os.getenv('LDAP_USER_DN'):
+ config['LDAP_USER_DN'] = os.getenv('LDAP_USER_DN')
+ else:
+ config['LDAP_USER_DN'] = SET_LDAP_USER_DN
+
+ if os.getenv('LDAP_GROUP_DN'):
+ config['LDAP_GROUP_DN'] = os.getenv('LDAP_GROUP_DN')
+ else:
+ config['LDAP_GROUP_DN'] = SET_LDAP_GROUP_DN
+
+ if os.getenv('LDAP_USER_RDN_ATTR'):
+ config['LDAP_USER_RDN_ATTR'] = os.getenv('LDAP_USER_RDN_ATTR')
+ else:
+ config['LDAP_USER_RDN_ATTR'] = SET_LDAP_USER_RDN_ATTR
+
+ if os.getenv('LDAP_USER_LOGIN_ATTR'):
+ config['LDAP_USER_LOGIN_ATTR'] = os.getenv('LDAP_USER_LOGIN_ATTR')
+ else:
+ config['LDAP_USER_LOGIN_ATTR'] = SET_LDAP_USER_LOGIN_ATTR
+
+ if os.getenv('LDAP_BIND_USER_DN'):
+ config['LDAP_BIND_USER_DN'] = os.getenv('LDAP_BIND_USER_DN')
+ else:
+ config['LDAP_BIND_USER_DN'] = SET_LDAP_BIND_USER_DN
+
+ if os.getenv('LDAP_BIND_USER_PASSWORD'):
+ config['LDAP_BIND_USER_PASSWORD'] = os.getenv('LDAP_BIND_USER_PASSWORD')
+ else:
+ config['LDAP_BIND_USER_PASSWORD'] = SET_LDAP_BIND_USER_PASSWORD
+
+ ## CORE Config Variables ##
+ if os.getenv('ENV'):
+ config['ENV'] = os.getenv('ENV')
+ else:
+ config['ENV'] = SET_ENV
+
+ if config['ENV'] == 'prod':
+ if os.getenv('PROD_DB_URI_REF'):
+ config['PROD_DB_URI'] = KeyVaultManager(config).get_secret(os.getenv('PROD_DB_URI_REF'))
+ else:
+ config['PROD_DB_URI'] = KeyVaultManager(config).get_secret(SET_PROD_DB_URI_REF)
+ else:
+ config['PROD_DB_URI'] = SET_PROD_DB_URI
+
+ if config['AUTH_TYPE'] == 'azuread':
+ if os.getenv('AZAD_CLIENT_ID'):
+ config['AZAD_CLIENT_ID'] = os.getenv('AZAD_CLIENT_ID')
+ else:
+ config['AZAD_CLIENT_ID'] = SET_AZAD_CLIENT_ID
+ if os.getenv('AZAD_CLIENT_SECRET'):
+ config['AZAD_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(os.getenv('AZAD_CLIENT_SECRET'))
+ else:
+ config['AZAD_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(SET_AZAD_CLIENT_SECRET)
+ if os.getenv('AZAD_AUTHORITY'):
+ config['AZAD_AUTHORITY'] = os.getenv('AZAD_AUTHORITY')
+ else:
+ config['AZAD_AUTHORITY'] = SET_AZAD_AUTHORITY
+ else:
+ config['AZAD_CLIENT_ID'] = ""
+ config['AZAD_CLIENT_SECRET'] = ""
+ config['AZAD_AUTHORITY'] = ""
+
+ ## Email Variables ##
+ if config['ENV'] == 'prod':
+ if os.getenv('SMTP_PW_REF'):
+ config['SMTP_PASSWORD'] = KeyVaultManager(config).get_secret(os.getenv('SMTP_PW_REF'))
+ else:
+ config['SMTP_PASSWORD'] = KeyVaultManager(config).get_secret(SET_SMTP_PW_REF)
+ else:
+ config['SMTP_PASSWORD'] = SET_SMTP_PW
+
+ ##
+ ## GitHub to Jenkins Webhook ##
+ if os.getenv('JENKINS_ENABLED'):
+ config['JENKINS_ENABLED'] = os.getenv('JENKINS_ENABLED')
+ else:
+ config['JENKINS_ENABLED'] = SET_JENKINS_ENABLED
+ if config['JENKINS_ENABLED'] == 'yes':
+ if config['ENV'] == 'prod':
+ if os.getenv('JENKINS_USER'):
+ config['JENKINS_USER'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_USER'))
+ else:
+ config['JENKINS_USER'] = KeyVaultManager(config).get_secret(SET_JENKINS_USER_REF)
+ if os.getenv('JENKINS_KEY'):
+ config['JENKINS_KEY'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_KEY'))
+ else:
+ config['JENKINS_KEY'] = KeyVaultManager(config).get_secret(SET_JENKINS_KEY_REF)
+ if os.getenv('JENKINS_TOKEN'):
+ config['JENKINS_TOKEN'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_TOKEN'))
+ else:
+ config['JENKINS_TOKEN'] = KeyVaultManager(config).get_secret(SET_JENKINS_TOKEN_REF)
+ else:
+ config['JENKINS_USER'] = SET_JENKINS_USER
+ config['JENKINS_KEY'] = SET_JENKINS_KEY
+ config['JENKINS_TOKEN'] = SET_JENKINS_TOKEN
+
+ if os.getenv('JENKINS_PROJECT'):
+ config['JENKINS_PROJECT'] = os.getenv('JENKINS_PROJECT')
+ else:
+ config['JENKINS_PROJECT'] = SET_JENKINS_PROJECT
+
+ if os.getenv('JENKINS_HOST'):
+ config['JENKINS_HOST'] = os.getenv('JENKINS_HOST')
+ else:
+ config['JENKINS_HOST'] = SET_JENKINS_HOST
+
+ if os.getenv('JENKINS_STAGING_PROJECT'):
+ config['JENKINS_STAGING_PROJECT'] = os.getenv('JENKINS_STAGING_PROJECT')
+ else:
+ config['JENKINS_STAGING_PROJECT'] = SET_JENKINS_STAGING_PROJECT
+ else:
+ config['JENKINS_USER'] = ""
+ config['JENKINS_KEY'] = ""
+ config['JENKINS_TOKEN'] = ""
+ config['JENKINS_PROJECT'] = ""
+ config['JENKINS_HOST'] = ""
+ config['JENKINS_STAGING_PROJECT'] = ""
+
+ ## ServiceNOW Integration
+ if os.getenv('SNOW_ENABLED'):
+ config['SNOW_ENABLED'] = os.getenv('SNOW_ENABLED')
+ else:
+ config['SNOW_ENABLED'] = SET_SNOW_ENABLED
+ if config['SNOW_ENABLED'] == 'yes':
+ if config['ENV'] == 'prod':
+ if os.getenv('SNOW_PASSWORD'):
+ config['SNOW_PASSWORD'] = KeyVaultManager(config).get_secret(os.getenv('SNOW_PASSWORD'))
+ else:
+ config['SNOW_PASSWORD'] = KeyVaultManager(config).get_secret(SET_SNOW_PASSWORD_REF)
+ if os.getenv('SNOW_CLIENT_SECRET'):
+ config['SNOW_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(os.getenv('SNOW_CLIENT_SECRET'))
+ else:
+ config['SNOW_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(SET_SNOW_CLIENT_SECRET_REF)
+ if os.getenv('SNOW_INSTANCE_NAME'):
+ config['SNOW_INSTANCE_NAME'] = os.getenv('SNOW_INSTANCE_NAME')
+ else:
+ config['SNOW_INSTANCE_NAME'] = SET_SNOW_INSTANCE_NAME
+ if os.getenv('SNOW_CLIENT_ID'):
+ config['SNOW_CLIENT_ID'] = os.getenv('SNOW_CLIENT_ID')
+ else:
+ config['SNOW_CLIENT_ID'] = SET_SNOW_CLIENT_ID
+ if os.getenv('SNOW_USERNAME'):
+ config['SNOW_USERNAME'] = os.getenv('SNOW_USERNAME')
+ else:
+ config['SNOW_USERNAME'] = SET_SNOW_USERNAME
+ else:
+ config['SNOW_PASSWORD'] = SET_SNOW_PASSWORD
+ config['SNOW_CLIENT_SECRET'] = SET_SNOW_CLIENT_SECRET
+ config['SNOW_INSTANCE_NAME'] = SET_SNOW_INSTANCE_NAME
+ config['SNOW_CLIENT_ID'] = SET_SNOW_CLIENT_ID
+ config['SNOW_USERNAME'] = SET_SNOW_USERNAME
+ else:
+ config['SNOW_PASSWORD'] = ""
+ config['SNOW_CLIENT_SECRET'] = ""
+ config['SNOW_INSTANCE_NAME'] = ""
+ config['SNOW_CLIENT_ID'] = ""
+ config['SNOW_USERNAME'] = ""
class KeyVaultManager(object):
- def __init__(self):
+ def __init__(self, config=None):
if os.getenv('AZURE_KEYVAULT_NAME'):
key_vault_uri = f"https://{os.getenv('AZURE_KEYVAULT_NAME')}.vault.azure.net"
else:
- key_vault_uri = f"https://{AZURE_KEYVAULT_NAME}.vault.azure.net"
+ key_vault_uri = f"https://{config['AZURE_KEYVAULT_NAME']}.vault.azure.net"
if os.getenv('AZURE_AUTH_METHOD'):
if os.getenv('AZURE_AUTH_METHOD') == 'env':
self.credential = EnvironmentCredential(
@@ -162,130 +293,3 @@ def delete_cert(self, secret_name):
return deleted_secret
-## CORE Config Variables ##
-if os.getenv('ENV'):
- ENV = os.getenv('ENV')
-else:
- ENV = SET_ENV
-
-if ENV == 'prod':
- if os.getenv('PROD_DB_URI_REF'):
- PROD_DB_URI = KeyVaultManager().get_secret(os.getenv('PROD_DB_URI_REF'))
- else:
- PROD_DB_URI = KeyVaultManager().get_secret(SET_PROD_DB_URI_REF)
-else:
- PROD_DB_URI = SET_PROD_DB_URI
-
-if AUTH_TYPE == 'azuread':
- if os.getenv('AZAD_CLIENT_ID'):
- AZAD_CLIENT_ID = os.getenv('AZAD_CLIENT_ID')
- else:
- AZAD_CLIENT_ID = SET_AZAD_CLIENT_ID
- if os.getenv('AZAD_CLIENT_SECRET'):
- AZAD_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('AZAD_CLIENT_SECRET'))
- else:
- AZAD_CLIENT_SECRET = KeyVaultManager().get_secret(SET_AZAD_CLIENT_SECRET)
- if os.getenv('AZAD_AUTHORITY'):
- AZAD_AUTHORITY = os.getenv('AZAD_AUTHORITY')
- else:
- AZAD_AUTHORITY = SET_AZAD_AUTHORITY
-else:
- AZAD_CLIENT_ID = ""
- AZAD_CLIENT_SECRET = ""
- AZAD_AUTHORITY = ""
-
-## Email Variables ##
-if ENV == 'prod':
- if os.getenv('SMTP_PW_REF'):
- SMTP_PASSWORD = KeyVaultManager().get_secret(os.getenv('SMTP_PW_REF'))
- else:
- SMTP_PASSWORD = KeyVaultManager().get_secret(SET_SMTP_PW_REF)
-else:
- SMTP_PASSWORD = SET_SMTP_PW
-
-##
-## GitHub to Jenkins Webhook ##
-if os.getenv('JENKINS_ENABLED'):
- JENKINS_ENABLED = os.getenv('JENKINS_ENABLED')
-else:
- JENKINS_ENABLED = SET_JENKINS_ENABLED
-if JENKINS_ENABLED == 'yes':
- if ENV == 'prod':
- if os.getenv('JENKINS_USER'):
- JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
- else:
- JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
- if os.getenv('JENKINS_KEY'):
- JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
- else:
- JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
- if os.getenv('JENKINS_TOKEN'):
- JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
- else:
- JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
- else:
- JENKINS_USER = SET_JENKINS_USER
- JENKINS_KEY = SET_JENKINS_KEY
- JENKINS_TOKEN = SET_JENKINS_TOKEN
-
- if os.getenv('JENKINS_PROJECT'):
- JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
- else:
- JENKINS_PROJECT = SET_JENKINS_PROJECT
-
- if os.getenv('JENKINS_HOST'):
- JENKINS_HOST = os.getenv('JENKINS_HOST')
- else:
- JENKINS_HOST = SET_JENKINS_HOST
-
- if os.getenv('JENKINS_STAGING_PROJECT'):
- JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
- else:
- JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
-else:
- JENKINS_USER = ""
- JENKINS_KEY = ""
- JENKINS_TOKEN = ""
- JENKINS_PROJECT = ""
- JENKINS_HOST = ""
- JENKINS_STAGING_PROJECT = ""
-
-## ServiceNOW Integration
-if os.getenv('SNOW_ENABLED'):
- SNOW_ENABLED = os.getenv('SNOW_ENABLED')
-else:
- SNOW_ENABLED = SET_SNOW_ENABLED
-if SNOW_ENABLED == 'yes':
- if ENV == 'prod':
- if os.getenv('SNOW_PASSWORD'):
- SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
- else:
- SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
- if os.getenv('SNOW_CLIENT_SECRET'):
- SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
- else:
- SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
- if os.getenv('SNOW_INSTANCE_NAME'):
- SNOW_INSTANCE_NAME = os.getenv('SNOW_INSTANCE_NAME')
- else:
- SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
- if os.getenv('SNOW_CLIENT_ID'):
- SNOW_CLIENT_ID = os.getenv('SNOW_CLIENT_ID')
- else:
- SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
- if os.getenv('SNOW_USERNAME'):
- SNOW_USERNAME = os.getenv('SNOW_USERNAME')
- else:
- SNOW_USERNAME = SET_SNOW_USERNAME
- else:
- SNOW_PASSWORD = SET_SNOW_PASSWORD
- SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
- SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
- SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
- SNOW_USERNAME = SET_SNOW_USERNAME
-else:
- SNOW_PASSWORD = ""
- SNOW_CLIENT_SECRET = ""
- SNOW_INSTANCE_NAME = ""
- SNOW_CLIENT_ID = ""
- SNOW_USERNAME = ""
diff --git a/src/run.py b/src/run.py
index 7f0f15c7..b67be678 100644
--- a/src/run.py
+++ b/src/run.py
@@ -4,10 +4,9 @@
import datetime
import os
from vr.admin.oauth2 import config_oauth
-from config_engine import ENV, INSECURE_OAUTH
-if ENV == 'test' or INSECURE_OAUTH:
+if app.config['ENV'] == 'test' or app.config['INSECURE_OAUTH']:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
else:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '0'
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 42a86ea1..2f3ccf73 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -1,8 +1,6 @@
import datetime
import requests
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
- LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
- AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, JENKINS_ENABLED
+from config_engine import getConfigs
from flask import Flask
from flask_bootstrap import Bootstrap
from flask_login import LoginManager
@@ -11,8 +9,7 @@
from flask_wtf.csrf import CSRFProtect
from flaskext.markdown import Markdown
from vr.db_models.setup import _init_db
-if AUTH_TYPE == 'ldap':
- from flask_ldap3_login import LDAP3LoginManager
+
import base64
import logging
import sys
@@ -31,48 +28,41 @@
from requests.auth import HTTPBasicAuth
from vr.db_models.updates import createNewTables
-if AUTH_TYPE == 'azuread':
+
+app = Flask(__name__)
+
+getConfigs(app.config)
+
+if app.config['AUTH_TYPE'] == 'azuread':
from flask_session import Session
import msal
from flask import session, url_for
+if app.config['AUTH_TYPE'] == 'ldap':
+ from flask_ldap3_login import LDAP3LoginManager
-app = Flask(__name__)
moment = Moment(app)
Markdown(app)
csrf = CSRFProtect(app)
-app.config['APP_EXT_URL'] = APP_EXT_URL
-
-app.config['RUNTIME_ENV'] = ENV
+app.config['RUNTIME_ENV'] = app.config['ENV']
if app.config['RUNTIME_ENV'] == 'test':
DB_URI = 'sqlite:///database.db'
import sqlite3
else:
- DB_URI = PROD_DB_URI
+ DB_URI = app.config['PROD_DB_URI']
import mysql.connector
app.config['SQLALCHEMY_DATABASE_URI'] = DB_URI
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-if AUTH_TYPE == 'ldap':
- # LDAP Configuration
- app.config['LDAP_HOST'] = LDAP_HOST
- app.config['LDAP_PORT'] = LDAP_PORT
- app.config['LDAP_BASE_DN'] = LDAP_BASE_DN
- app.config['LDAP_USER_DN'] = LDAP_USER_DN
- app.config['LDAP_GROUP_DN'] = LDAP_GROUP_DN
- app.config['LDAP_USER_RDN_ATTR'] = LDAP_USER_RDN_ATTR
- app.config['LDAP_USER_LOGIN_ATTR'] = LDAP_USER_LOGIN_ATTR
- app.config['LDAP_BIND_USER_DN'] = LDAP_BIND_USER_DN
- app.config['LDAP_BIND_USER_PASSWORD'] = LDAP_BIND_USER_PASSWORD
-
+if app.config['AUTH_TYPE'] == 'ldap':
# Flask-LDAP3-Login Manager
ldap_manager = LDAP3LoginManager(app)
-elif AUTH_TYPE == 'azuread':
- app.config['CLIENT_ID'] = AZAD_CLIENT_ID
- app.config['CLIENT_SECRET'] = AZAD_CLIENT_SECRET
- app.config['AUTHORITY'] = AZAD_AUTHORITY
+elif app.config['AUTH_TYPE'] == 'azuread':
+ app.config['CLIENT_ID'] = app.config['AZAD_CLIENT_ID']
+ app.config['CLIENT_SECRET'] = app.config['AZAD_CLIENT_SECRET']
+ app.config['AUTHORITY'] = app.config['AZAD_AUTHORITY']
app.config['REDIRECT_PATH'] = "/getAToken"
app.config['ENDPOINT'] = 'https://graph.microsoft.com/v1.0/me/memberOf'
app.config['SCOPE'] = ["User.ReadBasic.All", "Group.Read.All", "Application.Read.All"]
@@ -151,7 +141,7 @@ def _get_token_from_cache(scope=None):
app.register_blueprint(api)
bootstrap = Bootstrap(app)
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
login_manager.init_app(app)
login_manager.login_view = 'admin.login'
@@ -162,9 +152,10 @@ def _get_token_from_cache(scope=None):
app.logger.addHandler(stdout_handler)
+
@app.template_filter('format_datetime')
def format_datetime(value):
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
try:
formatted = datetime.datetime.strptime(value, "%Y-%m-%dT%H:%M:%S.%f")
except:
@@ -185,6 +176,8 @@ def base64encode(value):
createNewTables(app)
## Cronjob-like tasks section ##
+
+
def train_model_every_six_hours():
scheduler = BackgroundScheduler()
scheduler.add_job(train_model, 'interval', hours=6)
@@ -220,6 +213,53 @@ def connect_to_db():
cur = db.cursor()
return cur, db
+def getPersistentConfig():
+ try:
+ cur, db = connect_to_db()
+ sql = 'SELECT * FROM AppConfig WHERE 1=1'
+ cur.execute(sql)
+ row = cur.fetchone()
+ if row[2]:
+ app.config['APP_EXT_URL'] = row[3]
+ app.config['AUTH_TYPE'] = row[4]
+ app.config['AZAD_AUTHORITY'] = row[5]
+ app.config['AZAD_CLIENT_ID'] = row[6]
+ app.config['AZAD_CLIENT_SECRET'] = row[7]
+ app.config['AZURE_KEYVAULT_NAME'] = row[8]
+ app.config['ENV'] = row[9]
+ app.config['INSECURE_OAUTH'] = row[10]
+ app.config['JENKINS_ENABLED'] = row[37]
+ app.config['JENKINS_HOST'] = row[11]
+ app.config['JENKINS_KEY'] = row[12]
+ app.config['JENKINS_PROJECT'] = row[13]
+ app.config['JENKINS_STAGING_PROJECT'] = row[14]
+ app.config['JENKINS_TOKEN'] = row[15]
+ app.config['JENKINS_USER'] = row[16]
+ app.config['LDAP_BASE_DN'] = row[17]
+ app.config['LDAP_BIND_USER_DN'] = row[18]
+ app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+ app.config['LDAP_GROUP_DN'] = row[20]
+ app.config['LDAP_HOST'] = row[21]
+ app.config['LDAP_PORT'] = row[22]
+ app.config['LDAP_USER_DN'] = row[23]
+ app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+ app.config['LDAP_USER_RDN_ATTR'] = row[25]
+ app.config['PROD_DB_URI'] = row[26]
+ app.config['SMTP_ADMIN_EMAIL'] = row[27]
+ app.config['SMTP_HOST'] = row[28]
+ app.config['SMTP_PASSWORD'] = row[29]
+ app.config['SMTP_USER'] = row[30]
+ app.config['SNOW_ENABLED'] = row[38]
+ app.config['SNOW_CLIENT_ID'] = row[31]
+ app.config['SNOW_CLIENT_SECRET'] = row[32]
+ app.config['SNOW_INSTANCE_NAME'] = row[33]
+ app.config['SNOW_PASSWORD'] = row[34]
+ app.config['SNOW_USERNAME'] = row[35]
+ app.config['VERSION'] = row[36]
+ except:
+ print('AppConfig Database table is either unreachable or not setup.')
+
+getPersistentConfig()
def train_model():
try:
@@ -337,7 +377,7 @@ def rsa_long_decrypt(priv_obj, msg, length=256):
def get_jenkins_data():
- user_check = JENKINS_USER
+ user_check = app.config['JENKINS_USER']
if user_check != 'changeme':
app.logger.info('Getting Jenkins Data')
cur, db = connect_to_db()
@@ -452,5 +492,5 @@ def get_jenkins_data():
# Call the Jobs Here #
train_model_every_six_hours()
-if JENKINS_ENABLED == 'yes':
+if app.config['JENKINS_ENABLED'] == 'yes':
get_jenkins_data_every_hour()
diff --git a/src/vr/admin/auth_functions.py b/src/vr/admin/auth_functions.py
index 20ddf7ca..885020c6 100644
--- a/src/vr/admin/auth_functions.py
+++ b/src/vr/admin/auth_functions.py
@@ -1,7 +1,7 @@
import jwt
from time import time
from vr.functions.mysql_db import connect_to_db
-from config_engine import ENV
+from vr import app
# Error handler
@@ -49,7 +49,7 @@ def create_api_key(user_id, otp_secret, expires_in=2592000):
def verify_api_key(token):
try:
cur, db = connect_to_db()
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=?'
else:
sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=%s'
diff --git a/src/vr/admin/email_alerts.py b/src/vr/admin/email_alerts.py
index a1c48da3..698b5138 100644
--- a/src/vr/admin/email_alerts.py
+++ b/src/vr/admin/email_alerts.py
@@ -1,7 +1,7 @@
import smtplib
from email.mime import multipart
from email.mime import text as mimetext
-from config_engine import SMTP_HOST, SMTP_USER, SMTP_PASSWORD, SMTP_ADMIN_EMAIL
+from vr import app
def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
@@ -11,9 +11,9 @@ def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
msg['To'] = msg_toaddr
msg['Subject'] = msg_subject
msg.attach(mimetext.MIMEText(message, 'html'))
- server = smtplib.SMTP(SMTP_HOST)
+ server = smtplib.SMTP(app.config['SMTP_HOST'])
server.starttls()
- server.login(SMTP_USER, SMTP_PASSWORD)
+ server.login(app.config['SMTP_USER'], app.config['SMTP_PASSWORD'])
server.ehlo()
text = msg.as_string()
server.sendmail(msg_fromaddr, msg_toaddr, text)
@@ -24,7 +24,7 @@ def send_registration_email(ext_url, username, first_name, last_name, token, ema
msg_subject = "SecuSphere User Registration"
msg_body = generate_registration_msg(ext_url, username, first_name, last_name, token)
try:
- send_email(SMTP_ADMIN_EMAIL, email_to, msg_subject, msg_body)
+ send_email(app.config['SMTP_ADMIN_EMAIL'], email_to, msg_subject, msg_body)
except:
return 'error'
diff --git a/src/vr/admin/models.py b/src/vr/admin/models.py
index 89785772..d5d5e4ad 100644
--- a/src/vr/admin/models.py
+++ b/src/vr/admin/models.py
@@ -3,7 +3,7 @@
from flask_login import UserMixin
from vr import db, app
from vr.functions.mysql_db import connect_to_db
-from datetime import datetime, timedelta
+from datetime import datetime
import jwt
from vr.admin.helper_functions import hash_password,verify_password
from vr.admin.functions import db_connection_handler
@@ -17,8 +17,7 @@
OAuth2AuthorizationCodeMixin,
OAuth2TokenMixin,
)
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
from vr import ldap_manager
if app.config['RUNTIME_ENV'] == 'test':
@@ -190,11 +189,11 @@ def verify_username_token(self, token, given_id):
else:
return
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
@login_manager.user_loader
def load_user(id):
return User.query.get(int(id))
-elif AUTH_TYPE == 'ldap':
+elif app.config['AUTH_TYPE'] == 'ldap':
# User Loader for LDAP
@login_manager.user_loader
def load_user(user_id):
diff --git a/src/vr/admin/routes/forgotpw.py b/src/vr/admin/routes/forgotpw.py
index 2d12cd59..f6d50228 100644
--- a/src/vr/admin/routes/forgotpw.py
+++ b/src/vr/admin/routes/forgotpw.py
@@ -6,7 +6,6 @@
from vr.admin.email_alerts import send_email, generate_evnt_msg
from vr.functions.timefunctions import return_datetime_now
from vr.admin.helper_functions import hash_password
-from config_engine import SMTP_ADMIN_EMAIL
from vr.admin.functions import db_connection_handler
@@ -32,7 +31,7 @@ def forgotpw():
action_list = [action]
st = 'n'
msg_body = generate_evnt_msg(msg_subject, now, evt_list, action_list, st)
- msg_fromaddr = SMTP_ADMIN_EMAIL
+ msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
try:
send_email(msg_fromaddr, email, msg_subject, msg_body)
warnmsg = ('pwresetemail', 'success')
diff --git a/src/vr/admin/routes/forgotun.py b/src/vr/admin/routes/forgotun.py
index 80c52425..d8a0d2fa 100644
--- a/src/vr/admin/routes/forgotun.py
+++ b/src/vr/admin/routes/forgotun.py
@@ -5,7 +5,6 @@
from vr.admin.models import User, LoginForm
from vr.admin.email_alerts import send_email, generate_evnt_msg
from vr.functions.timefunctions import return_datetime_now
-from config_engine import SMTP_ADMIN_EMAIL
NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
@@ -28,7 +27,7 @@ def forgotun():
action_list = [action]
st = 'n'
msg_body = generate_evnt_msg(msg_subject,now,evt_list,action_list,st)
- msg_fromaddr = SMTP_ADMIN_EMAIL
+ msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
try:
send_email(msg_fromaddr, email, msg_subject, msg_body)
warnmsg = ('pwresetemail', 'success')
diff --git a/src/vr/admin/routes/login.py b/src/vr/admin/routes/login.py
index 9eed58a7..d7f641f1 100644
--- a/src/vr/admin/routes/login.py
+++ b/src/vr/admin/routes/login.py
@@ -8,10 +8,9 @@
from vr.admin.models import User, LoginForm, AuthAttempts, AppConfig
from vr.admin.functions import _auth_user, _entity_permissions_filter, _entity_page_permissions_filter, check_lockout, log_failed_attempt
from vr.admin.functions import db_connection_handler
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
from flask_ldap3_login.forms import LDAPLoginForm
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
import requests
import msal
from vr import _build_auth_code_flow, _load_cache, _save_cache, _build_msal_app, _get_token_from_cache
@@ -35,7 +34,7 @@ def login():
return redirect(url_for('admin.register'))
ad_auth_url = None
warnmsg = ''
- if AUTH_TYPE == 'local':
+ if app.config['AUTH_TYPE'] == 'local':
if current_user.is_authenticated:
flash('You are already logged in.', 'danger')
return redirect(url_for('assets.all_applications'))
@@ -60,7 +59,7 @@ def login():
mfa_password = resp[2]
# attempt to log the user in
return _login_attempt(user, username, password, userid, form, mfa_password)
- elif AUTH_TYPE == 'ldap':
+ elif app.config['AUTH_TYPE'] == 'ldap':
form = LDAPLoginForm()
if form.validate_on_submit():
# Log the user in
@@ -71,15 +70,15 @@ def login():
# Print the form errors
print("Form validation failed with errors:", form.errors)
return render_template(LDAP_LOGIN_TEMPLATE, form=form, errors=form.errors)
- elif AUTH_TYPE == 'azuread':
+ elif app.config['AUTH_TYPE'] == 'azuread':
form = LoginForm(request.form)
session["flow"] = _build_auth_code_flow(scopes=app.config['SCOPE'])
ad_auth_url = session["flow"]["auth_uri"]
if form.errors:
warnmsg = (form.errors, 'danger')
- return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=AUTH_TYPE, auth_url=ad_auth_url)
+ return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=app.config['AUTH_TYPE'], auth_url=ad_auth_url)
-if AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'azuread':
@app.route(app.config['REDIRECT_PATH']) # Its absolute URL must match your app's redirect_uri set in AAD
def authorized():
try:
diff --git a/src/vr/admin/routes/logout.py b/src/vr/admin/routes/logout.py
index 218cd357..781302c9 100644
--- a/src/vr/admin/routes/logout.py
+++ b/src/vr/admin/routes/logout.py
@@ -1,20 +1,20 @@
from flask_login import logout_user, login_required
from flask import session, redirect, url_for
from vr.admin import admin
-from config_engine import AUTH_TYPE
+from vr import app
NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
-if AUTH_TYPE == 'local':
+if app.config['AUTH_TYPE'] == 'local':
@admin.route('/logout')
@login_required
def logout():
logout_user()
del session['username']
return redirect(url_for('admin.login'))
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
@admin.route('/logout')
def logout():
logout_user()
diff --git a/src/vr/admin/routes/register.py b/src/vr/admin/routes/register.py
index 38f0b3f8..1f6f38a8 100644
--- a/src/vr/admin/routes/register.py
+++ b/src/vr/admin/routes/register.py
@@ -13,7 +13,6 @@
from vr.admin.helper_functions import hash_password
from vr.admin.email_alerts import send_registration_email
from vr.functions.initial_setup import setup_core_db_tables, generate_key_pair
-from config_engine import ENV
from vr.db_models.setup_2 import _init_db
@@ -115,7 +114,7 @@ def register_submit():
_init_db(db=db)
generate_key_pair()
- setup_core_db_tables(ENV)
+ setup_core_db_tables(app.config['ENV'])
admin_role = UserRoles.query.filter_by(name='Admin').first()
ura = UserRoleAssignments(user_id=user.id, role_id=admin_role.id)
db.session.add(ura)
diff --git a/src/vr/admin/routes/settings.py b/src/vr/admin/routes/settings.py
index fea3e3b5..532ae0d5 100644
--- a/src/vr/admin/routes/settings.py
+++ b/src/vr/admin/routes/settings.py
@@ -5,16 +5,8 @@
# Start of Entity-specific Imports
from vr.admin import admin
from vr.admin.functions import _auth_user, check_menu_tour_init
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
- LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
- AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, AZURE_KEYVAULT_NAME, INSECURE_OAUTH, \
- JENKINS_HOST, JENKINS_KEY, JENKINS_PROJECT, JENKINS_STAGING_PROJECT, JENKINS_TOKEN, SMTP_ADMIN_EMAIL, \
- SMTP_HOST, SMTP_PASSWORD, SMTP_USER, SNOW_CLIENT_ID, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_PASSWORD, \
- SNOW_USERNAME, VERSION, JENKINS_ENABLED, SNOW_ENABLED
-from flask_sqlalchemy import SQLAlchemy
from vr.admin.models import AppConfig
from vr.admin.functions import db_connection_handler
-from sqlalchemy import text
NAV = {
@@ -44,7 +36,7 @@ def settings():
AppConfig.AZAD_CLIENT_ID: all["AZAD_CLIENT_ID"],
AppConfig.AZAD_CLIENT_SECRET: all["AZAD_CLIENT_SECRET"],
AppConfig.AZURE_KEYVAULT_NAME: all["AZURE_KEYVAULT_NAME"],
- AppConfig.ENV: ENV,
+ AppConfig.ENV: app.config['ENV'],
AppConfig.INSECURE_OAUTH: all["INSECURE_OAUTH"],
AppConfig.JENKINS_HOST: all["JENKINS_HOST"],
AppConfig.JENKINS_KEY: all["JENKINS_KEY"],
@@ -71,7 +63,7 @@ def settings():
AppConfig.SNOW_INSTANCE_NAME: all["SNOW_INSTANCE_NAME"],
AppConfig.SNOW_PASSWORD: all["SNOW_PASSWORD"],
AppConfig.SNOW_USERNAME: all["SNOW_USERNAME"],
- AppConfig.VERSION: VERSION,
+ AppConfig.VERSION: app.config['VERSION'],
}
if not app_config.settings_initialized:
update_json[AppConfig.settings_initialized] = True
@@ -88,7 +80,7 @@ def settings():
"AZAD_CLIENT_ID": all["AZAD_CLIENT_ID"],
"AZAD_CLIENT_SECRET": all["AZAD_CLIENT_SECRET"],
"AZURE_KEYVAULT_NAME": all["AZURE_KEYVAULT_NAME"],
- "ENV": ENV,
+ "ENV": app.config['ENV'],
"INSECURE_OAUTH": all["INSECURE_OAUTH"],
"JENKINS_HOST": all["JENKINS_HOST"],
"JENKINS_KEY": all["JENKINS_KEY"],
@@ -115,7 +107,7 @@ def settings():
"SNOW_INSTANCE_NAME": all["SNOW_INSTANCE_NAME"],
"SNOW_PASSWORD": all["SNOW_PASSWORD"],
"SNOW_USERNAME": all["SNOW_USERNAME"],
- "VERSION": VERSION,
+ "VERSION": app.config['VERSION'],
}
else:
app_config = AppConfig.query.first()
@@ -160,42 +152,42 @@ def settings():
}
else:
current_settings = {
- "JENKINS_ENABLED": JENKINS_ENABLED,
- "SNOW_ENABLED": SNOW_ENABLED,
- "APP_EXT_URL": APP_EXT_URL,
- "AUTH_TYPE": AUTH_TYPE,
- "AZAD_AUTHORITY":AZAD_AUTHORITY,
- "AZAD_CLIENT_ID": AZAD_CLIENT_ID,
- "AZAD_CLIENT_SECRET": AZAD_CLIENT_SECRET,
- "AZURE_KEYVAULT_NAME": AZURE_KEYVAULT_NAME,
- "ENV": ENV,
- "INSECURE_OAUTH": INSECURE_OAUTH,
- "JENKINS_HOST": JENKINS_HOST,
- "JENKINS_KEY": JENKINS_KEY,
- "JENKINS_PROJECT": JENKINS_PROJECT,
- "JENKINS_STAGING_PROJECT": JENKINS_STAGING_PROJECT,
- "JENKINS_USER": JENKINS_USER,
- "JENKINS_TOKEN": JENKINS_TOKEN,
- "LDAP_BASE_DN": LDAP_BASE_DN,
- "LDAP_BIND_USER_DN": LDAP_BIND_USER_DN,
- "LDAP_BIND_USER_PASSWORD": LDAP_BIND_USER_PASSWORD,
- "LDAP_GROUP_DN": LDAP_GROUP_DN,
- "LDAP_HOST": LDAP_HOST,
- "LDAP_PORT": LDAP_PORT,
- "LDAP_USER_DN": LDAP_USER_DN,
- "LDAP_USER_LOGIN_ATTR": LDAP_USER_LOGIN_ATTR,
- "LDAP_USER_RDN_ATTR": LDAP_USER_RDN_ATTR,
- "PROD_DB_URI": PROD_DB_URI,
- "SMTP_ADMIN_EMAIL": SMTP_ADMIN_EMAIL,
- "SMTP_HOST": SMTP_HOST,
- "SMTP_USER": SMTP_USER,
- "SMTP_PASSWORD": SMTP_PASSWORD,
- "SNOW_CLIENT_ID": SNOW_CLIENT_ID,
- "SNOW_CLIENT_SECRET": SNOW_CLIENT_SECRET,
- "SNOW_INSTANCE_NAME": SNOW_INSTANCE_NAME,
- "SNOW_USERNAME": SNOW_USERNAME,
- "SNOW_PASSWORD": SNOW_PASSWORD,
- "VERSION": VERSION,
+ "JENKINS_ENABLED": app.config['JENKINS_ENABLED'],
+ "SNOW_ENABLED": app.config['SNOW_ENABLED'],
+ "APP_EXT_URL": app.config['APP_EXT_URL'],
+ "AUTH_TYPE": app.config['AUTH_TYPE'],
+ "AZAD_AUTHORITY": app.config['AZAD_AUTHORITY'],
+ "AZAD_CLIENT_ID": app.config['AZAD_CLIENT_ID'],
+ "AZAD_CLIENT_SECRET": app.config['AZAD_CLIENT_SECRET'],
+ "AZURE_KEYVAULT_NAME": app.config['AZURE_KEYVAULT_NAME'],
+ "ENV": app.config['ENV'],
+ "INSECURE_OAUTH": app.config['INSECURE_OAUTH'],
+ "JENKINS_HOST": app.config['JENKINS_HOST'],
+ "JENKINS_KEY": app.config['JENKINS_KEY'],
+ "JENKINS_PROJECT": app.config['JENKINS_PROJECT'],
+ "JENKINS_STAGING_PROJECT": app.config['JENKINS_STAGING_PROJECT'],
+ "JENKINS_USER": app.config['JENKINS_USER'],
+ "JENKINS_TOKEN": app.config['JENKINS_TOKEN'],
+ "LDAP_BASE_DN": app.config['LDAP_BASE_DN'],
+ "LDAP_BIND_USER_DN": app.config['LDAP_BIND_USER_DN'],
+ "LDAP_BIND_USER_PASSWORD": app.config['LDAP_BIND_USER_PASSWORD'],
+ "LDAP_GROUP_DN": app.config['LDAP_GROUP_DN'],
+ "LDAP_HOST": app.config['LDAP_HOST'],
+ "LDAP_PORT": app.config['LDAP_PORT'],
+ "LDAP_USER_DN": app.config['LDAP_USER_DN'],
+ "LDAP_USER_LOGIN_ATTR": app.config['LDAP_USER_LOGIN_ATTR'],
+ "LDAP_USER_RDN_ATTR": app.config['LDAP_USER_RDN_ATTR'],
+ "PROD_DB_URI": app.config['PROD_DB_URI'],
+ "SMTP_ADMIN_EMAIL": app.config['SMTP_ADMIN_EMAIL'],
+ "SMTP_HOST": app.config['SMTP_HOST'],
+ "SMTP_USER": app.config['SMTP_USER'],
+ "SMTP_PASSWORD": app.config['SMTP_PASSWORD'],
+ "SNOW_CLIENT_ID": app.config['SNOW_CLIENT_ID'],
+ "SNOW_CLIENT_SECRET": app.config['SNOW_CLIENT_SECRET'],
+ "SNOW_INSTANCE_NAME": app.config['SNOW_INSTANCE_NAME'],
+ "SNOW_USERNAME": app.config['SNOW_USERNAME'],
+ "SNOW_PASSWORD": app.config['SNOW_PASSWORD'],
+ "VERSION": app.config['VERSION'],
}
cat_general = [
'APP_EXT_URL',
@@ -257,7 +249,7 @@ def set_env_variables(form):
os.environ['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
os.environ['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
os.environ['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
- os.environ['ENV'] = ENV
+ os.environ['ENV'] = app.config['ENV']
os.environ['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
os.environ['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
os.environ['JENKINS_HOST'] = form["JENKINS_HOST"]
@@ -286,7 +278,43 @@ def set_env_variables(form):
os.environ['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
os.environ['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
os.environ['SNOW_USERNAME'] = form["SNOW_USERNAME"]
- os.environ['VERSION'] = VERSION
+ os.environ['VERSION'] = app.config['VERSION']
+ app.config['APP_EXT_URL'] = form["APP_EXT_URL"]
+ app.config['AUTH_TYPE'] = form["AUTH_TYPE"]
+ app.config['AZAD_AUTHORITY'] = form["AZAD_AUTHORITY"]
+ app.config['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
+ app.config['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
+ app.config['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
+ app.config['ENV'] = app.config['ENV']
+ app.config['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
+ app.config['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
+ app.config['JENKINS_HOST'] = form["JENKINS_HOST"]
+ app.config['JENKINS_KEY'] = form["JENKINS_KEY"]
+ app.config['JENKINS_PROJECT'] = form["JENKINS_PROJECT"]
+ app.config['JENKINS_STAGING_PROJECT'] = form["JENKINS_STAGING_PROJECT"]
+ app.config['JENKINS_TOKEN'] = form["JENKINS_TOKEN"]
+ app.config['JENKINS_USER'] = form["JENKINS_USER"]
+ app.config['LDAP_BASE_DN'] = form["LDAP_BASE_DN"]
+ app.config['LDAP_BIND_USER_DN'] = form["LDAP_BIND_USER_DN"]
+ app.config['LDAP_BIND_USER_PASSWORD'] = form["LDAP_BIND_USER_PASSWORD"]
+ app.config['LDAP_GROUP_DN'] = form["LDAP_GROUP_DN"]
+ app.config['LDAP_HOST'] = form["LDAP_HOST"]
+ app.config['LDAP_PORT'] = form["LDAP_PORT"]
+ app.config['LDAP_USER_DN'] = form["LDAP_USER_DN"]
+ app.config['LDAP_USER_LOGIN_ATTR'] = form["LDAP_USER_LOGIN_ATTR"]
+ app.config['LDAP_USER_RDN_ATTR'] = form["LDAP_USER_RDN_ATTR"]
+ app.config['PROD_DB_URI'] = form["PROD_DB_URI"]
+ app.config['SMTP_ADMIN_EMAIL'] = form["SMTP_ADMIN_EMAIL"]
+ app.config['SMTP_HOST'] = form["SMTP_HOST"]
+ app.config['SMTP_PASSWORD'] = form["SMTP_PASSWORD"]
+ app.config['SMTP_USER'] = form["SMTP_USER"]
+ app.config['SNOW_ENABLED'] = form["SNOW_ENABLED"]
+ app.config['SNOW_CLIENT_ID'] = form["SNOW_CLIENT_ID"]
+ app.config['SNOW_CLIENT_SECRET'] = form["SNOW_CLIENT_SECRET"]
+ app.config['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
+ app.config['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
+ app.config['SNOW_USERNAME'] = form["SNOW_USERNAME"]
+ app.config['VERSION'] = app.config['VERSION']
@admin.route('/dangerous/delete_all', methods=['POST'])
@@ -300,7 +328,7 @@ def delete_all_data():
nav_subsubcat='', nav_curpage={"name": "Unauthorized"})
try:
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
# Ensure all connections to the database are closed
db.session.close()
db.engine.dispose()
diff --git a/src/vr/admin/routes/users.py b/src/vr/admin/routes/users.py
index 5e461b33..95f12ae3 100644
--- a/src/vr/admin/routes/users.py
+++ b/src/vr/admin/routes/users.py
@@ -8,7 +8,6 @@
from sqlalchemy import text
from flask import request, render_template, session, redirect, url_for, json
from flask_login import login_required
-from config_engine import AUTH_TYPE
from vr.functions.table_functions import load_table, update_table
from vr.admin.email_alerts import send_registration_email
from vr.assets.model.businessapplications import BusinessApplications
@@ -296,7 +295,7 @@ def add_new_user():
first_name=firstname,
last_name=lastname,
is_active=False,
- auth_type=AUTH_TYPE,
+ auth_type=app.config['AUTH_TYPE'],
otp_secret=otp_secret,
user_type='system',
avatar_path='/static/images/default_profile_avatar.jpg'
diff --git a/src/vr/api/integrations/servicenow.py b/src/vr/api/integrations/servicenow.py
index 5f76555a..ec06d99f 100644
--- a/src/vr/api/integrations/servicenow.py
+++ b/src/vr/api/integrations/servicenow.py
@@ -1,13 +1,12 @@
from flask import jsonify, request
import requests
import json
+from vr import app
from vr.api import api
from vr.admin.oauth2 import require_oauth
from authlib.integrations.flask_oauth2 import current_token
from vr.admin.auth_functions import verify_api_key, get_token_auth_header
from vr.functions.routing_functions import check_entity_permissions
-from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
-from config_engine import SNOW_PASSWORD, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_CLIENT_ID, SNOW_USERNAME
ERROR_RESP = "Error: Invalid API Request"
@@ -184,11 +183,11 @@ def create_new_collaboration_tools(snow_obj, app_name, app_desc):
return sys_id_map
# ServiceNow instance details
-INSTANCE_NAME = SNOW_INSTANCE_NAME
-CLIENT_ID = SNOW_CLIENT_ID
-CLIENT_SECRET = SNOW_CLIENT_SECRET
-USERNAME = SNOW_USERNAME
-PASSWORD = SNOW_PASSWORD
+INSTANCE_NAME = app.config['SNOW_INSTANCE_NAME']
+CLIENT_ID = app.config['SNOW_CLIENT_ID']
+CLIENT_SECRET = app.config['SNOW_CLIENT_SECRET']
+USERNAME = app.config['SNOW_USERNAME']
+PASSWORD = app.config['SNOW_PASSWORD']
TOKEN_URL = f'https://{INSTANCE_NAME}.service-now.com/oauth_token.do'
TOKEN_DATA = {
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 28f1824e..0b2e8b2d 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -2,10 +2,11 @@
import datetime
from threading import Thread
from flask import jsonify, request, json
-from vr import db
+from vr import db, app
from vr.api import api
from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
+# from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
+from config_engine import getConfigs
from vr.admin.oauth2 import require_oauth
from sqlalchemy import text
from vr.assets.model.cicdpipelinebuilds import CICDPipelineBuilds
@@ -25,6 +26,7 @@
@api.route('/api/jenkins_webhook', methods=['POST'])
@require_oauth('write:vulnerabilities')
def jenkins_webhook():
+ getConfigs(app.config)
all = request.form
payload_dict = json.loads(all['payload'])
ref = payload_dict['ref']
diff --git a/src/vr/api/vulns/vulnerabilities.py b/src/vr/api/vulns/vulnerabilities.py
index 68360c8b..b151f5bf 100644
--- a/src/vr/api/vulns/vulnerabilities.py
+++ b/src/vr/api/vulns/vulnerabilities.py
@@ -16,7 +16,6 @@
from vr.admin.oauth2 import require_oauth
from vr.admin.functions import db_connection_handler
from authlib.integrations.flask_oauth2 import current_token
-from config_engine import ENV
import re
@@ -295,7 +294,7 @@ def _add_new_vulns(new_vulns, engine):
def _setup_duplicate_vulns(source_type, dup_vulns):
sourced_dup_vulns = []
for vuln in dup_vulns:
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
vuln['LastModifiedDate'] = datetime.datetime.utcnow().replace(microsecond=0)
if vuln['ReleaseDate']:
vuln['ReleaseDate'] = datetime.datetime.strptime(vuln['ReleaseDate'], '%Y-%m-%d %H:%M:%S')
diff --git a/src/vr/db_models/setup.py b/src/vr/db_models/setup.py
index b36fdc22..cb37b344 100644
--- a/src/vr/db_models/setup.py
+++ b/src/vr/db_models/setup.py
@@ -1,11 +1,6 @@
from datetime import datetime
from sqlalchemy.types import TEXT, DECIMAL
from flask import jsonify
-from config_engine import ENV
-if ENV == 'test':
- from sqlalchemy.dialects.sqlite import TEXT as LONGTEXT
-else:
- from sqlalchemy.dialects.mysql import LONGTEXT
from flask_sqlalchemy import SQLAlchemy
from sqlalchemy.dialects import mysql
from flask_login import UserMixin
@@ -176,9 +171,9 @@ class TmControls(db.Model):
__tablename__ = 'TmControls'
ID = db.Column(db.Integer, primary_key=True)
AddDate = db.Column(db.DateTime, index=True, default=datetime.utcnow, nullable=False)
- Control = db.Column(LONGTEXT)
+ Control = db.Column(db.String(20000))
Type = db.Column(db.String(8))
- Description = db.Column(LONGTEXT)
+ Description = db.Column(db.String(20000))
Lambda = db.Column(db.String(1))
Process = db.Column(db.String(1))
Server = db.Column(db.String(1))
diff --git a/src/vr/db_models/setup_2.py b/src/vr/db_models/setup_2.py
index d47ba210..0d98c122 100644
--- a/src/vr/db_models/setup_2.py
+++ b/src/vr/db_models/setup_2.py
@@ -2,8 +2,8 @@
from sqlalchemy.types import TEXT, DECIMAL
from sqlalchemy import MetaData
from vr.admin.functions import db_connection_handler
-from config_engine import ENV
-if ENV == 'test':
+from vr import app
+if app.config['ENV'] == 'test':
from sqlalchemy.dialects.sqlite import TEXT as LONGTEXT
else:
from sqlalchemy.dialects.mysql import LONGTEXT
diff --git a/src/vr/orchestration/web/pipeline_jobs.py b/src/vr/orchestration/web/pipeline_jobs.py
index e9fcc7ee..2ef5390b 100644
--- a/src/vr/orchestration/web/pipeline_jobs.py
+++ b/src/vr/orchestration/web/pipeline_jobs.py
@@ -11,7 +11,6 @@
from vr.orchestration.model.cicdpipelines import CICDPipelines, CICDPipelinesSchema
from vr.orchestration.model.pipelinejobs import PipelineJobs, PipelineJobsSchema
from vr.orchestration.web.pipeline_stage_data import OPTS
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_STAGING_PROJECT, JENKINS_HOST, JENKINS_TOKEN
NAV = {
@@ -248,7 +247,7 @@ def validate_cicd_pipeline_stage(appid):
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'GIT_BRANCH': git_branch,
'APP_NAME': app_name,
@@ -261,8 +260,8 @@ def validate_cicd_pipeline_stage(appid):
'TARGET_URL': target_url
}
- url = f'{JENKINS_HOST}/job/{JENKINS_STAGING_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_STAGING_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
return str(200)
diff --git a/src/vr/templates/admin/settings.html b/src/vr/templates/admin/settings.html
index a7564e1a..f5da3318 100644
--- a/src/vr/templates/admin/settings.html
+++ b/src/vr/templates/admin/settings.html
@@ -134,7 +134,7 @@
General Settings
{% elif key == "PROD_DB_URI" %}
-
+
{% elif key == "ENV" or key == "VERSION" %}
{% else %}
@@ -176,7 +176,7 @@
SMTP Settings
{% if key == 'SMTP_PASSWORD' %}
-
+
{% else %}
{% endif %}
@@ -199,10 +199,10 @@
Jenkins Settings
{% elif key == 'JENKINS_KEY' %}
-
+
{% elif key == 'JENKINS_TOKEN' %}
-
+
{% else %}
@@ -229,10 +229,10 @@
ServiceNOW Settings
{% elif key == 'SNOW_CLIENT_SECRET' %}
-
+
{% elif key == 'SNOW_PASSWORD' %}
-
+
{% else %}
diff --git a/src/vr/vulns/web/findings.py b/src/vr/vulns/web/findings.py
index 8c9938c8..06d44322 100644
--- a/src/vr/vulns/web/findings.py
+++ b/src/vr/vulns/web/findings.py
@@ -25,7 +25,6 @@
import base64
from io import StringIO
from flask import Response
-from config_engine import ENV
from vr.functions.ml_functions import predict_vuln_validity
from vr.vulns.model.cvssbasescoresv3 import CVSSBaseScoresV3
from vr.vulns.model.cvssbasescoresv3extensions import CVSSBaseScoresV3Extensions
@@ -42,7 +41,7 @@
UNAUTH_STATUS = "403.html"
SERVER_ERR_STATUS = "500.html"
VULN_STATUS_IS_NOT_CLOSED = "Vulnerabilities.Status NOT LIKE 'Closed-%' AND Vulnerabilities.Status NOT LIKE 'Open-RiskAccepted-%'"
-test = ENV
+test = app.config['ENV']
if test == 'test':
ISO_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
else:
diff --git a/src/vr/vulns/web/testing.py b/src/vr/vulns/web/testing.py
index 32e604b8..c69f7122 100644
--- a/src/vr/vulns/web/testing.py
+++ b/src/vr/vulns/web/testing.py
@@ -11,8 +11,8 @@
from vr.vulns.model.vulnerabilityscans import VulnerabilityScans, VulnerabilityScansSchema
from vr.functions.table_functions import load_table, update_table
from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
+from vr import app
NAV = {
@@ -115,14 +115,14 @@ def on_demand_testing():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch,
'APP_NAME': app_name
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
return redirect(request.referrer)
From e5d1cc49f0be5bb59605abd342b8064b58e07c71 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:55:31 -0700
Subject: [PATCH 077/197] Release/0.1.0 beta/prod azure (#518)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
---
src/config_engine.py | 430 +++++++++++-----------
src/run.py | 3 +-
src/vr/__init__.py | 102 +++--
src/vr/admin/auth_functions.py | 4 +-
src/vr/admin/email_alerts.py | 8 +-
src/vr/admin/models.py | 9 +-
src/vr/admin/routes/forgotpw.py | 3 +-
src/vr/admin/routes/forgotun.py | 3 +-
src/vr/admin/routes/login.py | 15 +-
src/vr/admin/routes/logout.py | 6 +-
src/vr/admin/routes/register.py | 3 +-
src/vr/admin/routes/settings.py | 130 ++++---
src/vr/admin/routes/users.py | 3 +-
src/vr/api/integrations/servicenow.py | 13 +-
src/vr/api/vulns/jenkins_webhook.py | 6 +-
src/vr/api/vulns/vulnerabilities.py | 3 +-
src/vr/db_models/setup.py | 9 +-
src/vr/db_models/setup_2.py | 4 +-
src/vr/orchestration/web/pipeline_jobs.py | 7 +-
src/vr/templates/admin/settings.html | 12 +-
src/vr/vulns/web/findings.py | 3 +-
src/vr/vulns/web/testing.py | 8 +-
22 files changed, 421 insertions(+), 363 deletions(-)
diff --git a/src/config_engine.py b/src/config_engine.py
index 07400d06..7ee859ad 100644
--- a/src/config_engine.py
+++ b/src/config_engine.py
@@ -14,98 +14,229 @@
from settings import SET_SNOW_INSTANCE_NAME, SET_SNOW_CLIENT_ID, SET_SNOW_CLIENT_SECRET, SET_SNOW_USERNAME, SET_SNOW_PASSWORD, SET_SNOW_CLIENT_SECRET_REF, SET_SNOW_PASSWORD_REF
-VERSION = '0.1.0-beta'
-
-if os.getenv('AZURE_KEYVAULT_NAME'):
- AZURE_KEYVAULT_NAME = os.getenv('AZURE_KEYVAULT_NAME')
-else:
- AZURE_KEYVAULT_NAME = SET_AZURE_KEYVAULT_NAME
-
-if os.getenv('AUTH_TYPE'):
- AUTH_TYPE = os.getenv('AUTH_TYPE')
-else:
- AUTH_TYPE = SET_AUTH_TYPE
-
-if os.getenv('INSECURE_OAUTH'):
- INSECURE_OAUTH = os.getenv('INSECURE_OAUTH')
-else:
- INSECURE_OAUTH = SET_INSECURE_OAUTH
-
-if INSECURE_OAUTH:
- os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
-
-if os.getenv('APP_EXT_URL'):
- APP_EXT_URL = os.getenv('APP_EXT_URL')
-else:
- APP_EXT_URL = SET_APP_EXT_URL
-
-if os.getenv('SMTP_HOST'):
- SMTP_HOST = os.getenv('SMTP_HOST')
-else:
- SMTP_HOST = SET_SMTP_HOST
-
-if os.getenv('SMTP_USER'):
- SMTP_USER = os.getenv('SMTP_USER')
-else:
- SMTP_USER = SET_SMTP_USER
-
-if os.getenv('SMTP_ADMIN_EMAIL'):
- SMTP_ADMIN_EMAIL = os.getenv('SMTP_ADMIN_EMAIL')
-else:
- SMTP_ADMIN_EMAIL = SET_SMTP_ADMIN_EMAIL
-
-if os.getenv('LDAP_HOST'):
- LDAP_HOST = os.getenv('LDAP_HOST')
-else:
- LDAP_HOST = SET_LDAP_HOST
-
-if os.getenv('LDAP_PORT'):
- LDAP_PORT = os.getenv('LDAP_PORT')
-else:
- LDAP_PORT = SET_LDAP_PORT
-
-if os.getenv('LDAP_BASE_DN'):
- LDAP_BASE_DN = os.getenv('LDAP_BASE_DN')
-else:
- LDAP_BASE_DN = SET_LDAP_BASE_DN
-
-if os.getenv('LDAP_USER_DN'):
- LDAP_USER_DN = os.getenv('LDAP_USER_DN')
-else:
- LDAP_USER_DN = SET_LDAP_USER_DN
-
-if os.getenv('LDAP_GROUP_DN'):
- LDAP_GROUP_DN = os.getenv('LDAP_GROUP_DN')
-else:
- LDAP_GROUP_DN = SET_LDAP_GROUP_DN
-
-if os.getenv('LDAP_USER_RDN_ATTR'):
- LDAP_USER_RDN_ATTR = os.getenv('LDAP_USER_RDN_ATTR')
-else:
- LDAP_USER_RDN_ATTR = SET_LDAP_USER_RDN_ATTR
-
-if os.getenv('LDAP_USER_LOGIN_ATTR'):
- LDAP_USER_LOGIN_ATTR = os.getenv('LDAP_USER_LOGIN_ATTR')
-else:
- LDAP_USER_LOGIN_ATTR = SET_LDAP_USER_LOGIN_ATTR
-
-if os.getenv('LDAP_BIND_USER_DN'):
- LDAP_BIND_USER_DN = os.getenv('LDAP_BIND_USER_DN')
-else:
- LDAP_BIND_USER_DN = SET_LDAP_BIND_USER_DN
-
-if os.getenv('LDAP_BIND_USER_PASSWORD'):
- LDAP_BIND_USER_PASSWORD = os.getenv('LDAP_BIND_USER_PASSWORD')
-else:
- LDAP_BIND_USER_PASSWORD = SET_LDAP_BIND_USER_PASSWORD
+def getConfigs(config):
+ config['TEST_SETTING'] = 'set'
+
+ config['VERSION'] = '0.1.0-beta'
+
+ if os.getenv('AZURE_KEYVAULT_NAME'):
+ config['AZURE_KEYVAULT_NAME'] = os.getenv('AZURE_KEYVAULT_NAME')
+ else:
+ config['AZURE_KEYVAULT_NAME'] = SET_AZURE_KEYVAULT_NAME
+
+ if os.getenv('AUTH_TYPE'):
+ config['AUTH_TYPE'] = os.getenv('AUTH_TYPE')
+ else:
+ config['AUTH_TYPE'] = SET_AUTH_TYPE
+
+ if os.getenv('INSECURE_OAUTH'):
+ config['INSECURE_OAUTH'] = os.getenv('INSECURE_OAUTH')
+ else:
+ config['INSECURE_OAUTH'] = SET_INSECURE_OAUTH
+
+ if config['INSECURE_OAUTH']:
+ os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
+
+ if os.getenv('APP_EXT_URL'):
+ config['APP_EXT_URL'] = os.getenv('APP_EXT_URL')
+ else:
+ config['APP_EXT_URL'] = SET_APP_EXT_URL
+
+ if os.getenv('SMTP_HOST'):
+ config['SMTP_HOST'] = os.getenv('SMTP_HOST')
+ else:
+ config['SMTP_HOST'] = SET_SMTP_HOST
+
+ if os.getenv('SMTP_USER'):
+ config['SMTP_USER'] = os.getenv('SMTP_USER')
+ else:
+ config['SMTP_USER'] = SET_SMTP_USER
+
+ if os.getenv('SMTP_ADMIN_EMAIL'):
+ config['SMTP_ADMIN_EMAIL'] = os.getenv('SMTP_ADMIN_EMAIL')
+ else:
+ config['SMTP_ADMIN_EMAIL'] = SET_SMTP_ADMIN_EMAIL
+
+ if os.getenv('LDAP_HOST'):
+ config['LDAP_HOST'] = os.getenv('LDAP_HOST')
+ else:
+ config['LDAP_HOST'] = SET_LDAP_HOST
+
+ if os.getenv('LDAP_PORT'):
+ config['LDAP_PORT'] = os.getenv('LDAP_PORT')
+ else:
+ config['LDAP_PORT'] = SET_LDAP_PORT
+
+ if os.getenv('LDAP_BASE_DN'):
+ config['LDAP_BASE_DN'] = os.getenv('LDAP_BASE_DN')
+ else:
+ config['LDAP_BASE_DN'] = SET_LDAP_BASE_DN
+
+ if os.getenv('LDAP_USER_DN'):
+ config['LDAP_USER_DN'] = os.getenv('LDAP_USER_DN')
+ else:
+ config['LDAP_USER_DN'] = SET_LDAP_USER_DN
+
+ if os.getenv('LDAP_GROUP_DN'):
+ config['LDAP_GROUP_DN'] = os.getenv('LDAP_GROUP_DN')
+ else:
+ config['LDAP_GROUP_DN'] = SET_LDAP_GROUP_DN
+
+ if os.getenv('LDAP_USER_RDN_ATTR'):
+ config['LDAP_USER_RDN_ATTR'] = os.getenv('LDAP_USER_RDN_ATTR')
+ else:
+ config['LDAP_USER_RDN_ATTR'] = SET_LDAP_USER_RDN_ATTR
+
+ if os.getenv('LDAP_USER_LOGIN_ATTR'):
+ config['LDAP_USER_LOGIN_ATTR'] = os.getenv('LDAP_USER_LOGIN_ATTR')
+ else:
+ config['LDAP_USER_LOGIN_ATTR'] = SET_LDAP_USER_LOGIN_ATTR
+
+ if os.getenv('LDAP_BIND_USER_DN'):
+ config['LDAP_BIND_USER_DN'] = os.getenv('LDAP_BIND_USER_DN')
+ else:
+ config['LDAP_BIND_USER_DN'] = SET_LDAP_BIND_USER_DN
+
+ if os.getenv('LDAP_BIND_USER_PASSWORD'):
+ config['LDAP_BIND_USER_PASSWORD'] = os.getenv('LDAP_BIND_USER_PASSWORD')
+ else:
+ config['LDAP_BIND_USER_PASSWORD'] = SET_LDAP_BIND_USER_PASSWORD
+
+ ## CORE Config Variables ##
+ if os.getenv('ENV'):
+ config['ENV'] = os.getenv('ENV')
+ else:
+ config['ENV'] = SET_ENV
+
+ if config['ENV'] == 'prod':
+ if os.getenv('PROD_DB_URI_REF'):
+ config['PROD_DB_URI'] = KeyVaultManager(config).get_secret(os.getenv('PROD_DB_URI_REF'))
+ else:
+ config['PROD_DB_URI'] = KeyVaultManager(config).get_secret(SET_PROD_DB_URI_REF)
+ else:
+ config['PROD_DB_URI'] = SET_PROD_DB_URI
+
+ if config['AUTH_TYPE'] == 'azuread':
+ if os.getenv('AZAD_CLIENT_ID'):
+ config['AZAD_CLIENT_ID'] = os.getenv('AZAD_CLIENT_ID')
+ else:
+ config['AZAD_CLIENT_ID'] = SET_AZAD_CLIENT_ID
+ if os.getenv('AZAD_CLIENT_SECRET'):
+ config['AZAD_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(os.getenv('AZAD_CLIENT_SECRET'))
+ else:
+ config['AZAD_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(SET_AZAD_CLIENT_SECRET)
+ if os.getenv('AZAD_AUTHORITY'):
+ config['AZAD_AUTHORITY'] = os.getenv('AZAD_AUTHORITY')
+ else:
+ config['AZAD_AUTHORITY'] = SET_AZAD_AUTHORITY
+ else:
+ config['AZAD_CLIENT_ID'] = ""
+ config['AZAD_CLIENT_SECRET'] = ""
+ config['AZAD_AUTHORITY'] = ""
+
+ ## Email Variables ##
+ if config['ENV'] == 'prod':
+ if os.getenv('SMTP_PW_REF'):
+ config['SMTP_PASSWORD'] = KeyVaultManager(config).get_secret(os.getenv('SMTP_PW_REF'))
+ else:
+ config['SMTP_PASSWORD'] = KeyVaultManager(config).get_secret(SET_SMTP_PW_REF)
+ else:
+ config['SMTP_PASSWORD'] = SET_SMTP_PW
+
+ ##
+ ## GitHub to Jenkins Webhook ##
+ if os.getenv('JENKINS_ENABLED'):
+ config['JENKINS_ENABLED'] = os.getenv('JENKINS_ENABLED')
+ else:
+ config['JENKINS_ENABLED'] = SET_JENKINS_ENABLED
+ if config['JENKINS_ENABLED'] == 'yes':
+ if config['ENV'] == 'prod':
+ if os.getenv('JENKINS_USER'):
+ config['JENKINS_USER'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_USER'))
+ else:
+ config['JENKINS_USER'] = KeyVaultManager(config).get_secret(SET_JENKINS_USER_REF)
+ if os.getenv('JENKINS_KEY'):
+ config['JENKINS_KEY'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_KEY'))
+ else:
+ config['JENKINS_KEY'] = KeyVaultManager(config).get_secret(SET_JENKINS_KEY_REF)
+ if os.getenv('JENKINS_TOKEN'):
+ config['JENKINS_TOKEN'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_TOKEN'))
+ else:
+ config['JENKINS_TOKEN'] = KeyVaultManager(config).get_secret(SET_JENKINS_TOKEN_REF)
+ else:
+ config['JENKINS_USER'] = SET_JENKINS_USER
+ config['JENKINS_KEY'] = SET_JENKINS_KEY
+ config['JENKINS_TOKEN'] = SET_JENKINS_TOKEN
+
+ if os.getenv('JENKINS_PROJECT'):
+ config['JENKINS_PROJECT'] = os.getenv('JENKINS_PROJECT')
+ else:
+ config['JENKINS_PROJECT'] = SET_JENKINS_PROJECT
+
+ if os.getenv('JENKINS_HOST'):
+ config['JENKINS_HOST'] = os.getenv('JENKINS_HOST')
+ else:
+ config['JENKINS_HOST'] = SET_JENKINS_HOST
+
+ if os.getenv('JENKINS_STAGING_PROJECT'):
+ config['JENKINS_STAGING_PROJECT'] = os.getenv('JENKINS_STAGING_PROJECT')
+ else:
+ config['JENKINS_STAGING_PROJECT'] = SET_JENKINS_STAGING_PROJECT
+ else:
+ config['JENKINS_USER'] = ""
+ config['JENKINS_KEY'] = ""
+ config['JENKINS_TOKEN'] = ""
+ config['JENKINS_PROJECT'] = ""
+ config['JENKINS_HOST'] = ""
+ config['JENKINS_STAGING_PROJECT'] = ""
+
+ ## ServiceNOW Integration
+ if os.getenv('SNOW_ENABLED'):
+ config['SNOW_ENABLED'] = os.getenv('SNOW_ENABLED')
+ else:
+ config['SNOW_ENABLED'] = SET_SNOW_ENABLED
+ if config['SNOW_ENABLED'] == 'yes':
+ if config['ENV'] == 'prod':
+ if os.getenv('SNOW_PASSWORD'):
+ config['SNOW_PASSWORD'] = KeyVaultManager(config).get_secret(os.getenv('SNOW_PASSWORD'))
+ else:
+ config['SNOW_PASSWORD'] = KeyVaultManager(config).get_secret(SET_SNOW_PASSWORD_REF)
+ if os.getenv('SNOW_CLIENT_SECRET'):
+ config['SNOW_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(os.getenv('SNOW_CLIENT_SECRET'))
+ else:
+ config['SNOW_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(SET_SNOW_CLIENT_SECRET_REF)
+ if os.getenv('SNOW_INSTANCE_NAME'):
+ config['SNOW_INSTANCE_NAME'] = os.getenv('SNOW_INSTANCE_NAME')
+ else:
+ config['SNOW_INSTANCE_NAME'] = SET_SNOW_INSTANCE_NAME
+ if os.getenv('SNOW_CLIENT_ID'):
+ config['SNOW_CLIENT_ID'] = os.getenv('SNOW_CLIENT_ID')
+ else:
+ config['SNOW_CLIENT_ID'] = SET_SNOW_CLIENT_ID
+ if os.getenv('SNOW_USERNAME'):
+ config['SNOW_USERNAME'] = os.getenv('SNOW_USERNAME')
+ else:
+ config['SNOW_USERNAME'] = SET_SNOW_USERNAME
+ else:
+ config['SNOW_PASSWORD'] = SET_SNOW_PASSWORD
+ config['SNOW_CLIENT_SECRET'] = SET_SNOW_CLIENT_SECRET
+ config['SNOW_INSTANCE_NAME'] = SET_SNOW_INSTANCE_NAME
+ config['SNOW_CLIENT_ID'] = SET_SNOW_CLIENT_ID
+ config['SNOW_USERNAME'] = SET_SNOW_USERNAME
+ else:
+ config['SNOW_PASSWORD'] = ""
+ config['SNOW_CLIENT_SECRET'] = ""
+ config['SNOW_INSTANCE_NAME'] = ""
+ config['SNOW_CLIENT_ID'] = ""
+ config['SNOW_USERNAME'] = ""
class KeyVaultManager(object):
- def __init__(self):
+ def __init__(self, config=None):
if os.getenv('AZURE_KEYVAULT_NAME'):
key_vault_uri = f"https://{os.getenv('AZURE_KEYVAULT_NAME')}.vault.azure.net"
else:
- key_vault_uri = f"https://{AZURE_KEYVAULT_NAME}.vault.azure.net"
+ key_vault_uri = f"https://{config['AZURE_KEYVAULT_NAME']}.vault.azure.net"
if os.getenv('AZURE_AUTH_METHOD'):
if os.getenv('AZURE_AUTH_METHOD') == 'env':
self.credential = EnvironmentCredential(
@@ -162,130 +293,3 @@ def delete_cert(self, secret_name):
return deleted_secret
-## CORE Config Variables ##
-if os.getenv('ENV'):
- ENV = os.getenv('ENV')
-else:
- ENV = SET_ENV
-
-if ENV == 'prod':
- if os.getenv('PROD_DB_URI_REF'):
- PROD_DB_URI = KeyVaultManager().get_secret(os.getenv('PROD_DB_URI_REF'))
- else:
- PROD_DB_URI = KeyVaultManager().get_secret(SET_PROD_DB_URI_REF)
-else:
- PROD_DB_URI = SET_PROD_DB_URI
-
-if AUTH_TYPE == 'azuread':
- if os.getenv('AZAD_CLIENT_ID'):
- AZAD_CLIENT_ID = os.getenv('AZAD_CLIENT_ID')
- else:
- AZAD_CLIENT_ID = SET_AZAD_CLIENT_ID
- if os.getenv('AZAD_CLIENT_SECRET'):
- AZAD_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('AZAD_CLIENT_SECRET'))
- else:
- AZAD_CLIENT_SECRET = KeyVaultManager().get_secret(SET_AZAD_CLIENT_SECRET)
- if os.getenv('AZAD_AUTHORITY'):
- AZAD_AUTHORITY = os.getenv('AZAD_AUTHORITY')
- else:
- AZAD_AUTHORITY = SET_AZAD_AUTHORITY
-else:
- AZAD_CLIENT_ID = ""
- AZAD_CLIENT_SECRET = ""
- AZAD_AUTHORITY = ""
-
-## Email Variables ##
-if ENV == 'prod':
- if os.getenv('SMTP_PW_REF'):
- SMTP_PASSWORD = KeyVaultManager().get_secret(os.getenv('SMTP_PW_REF'))
- else:
- SMTP_PASSWORD = KeyVaultManager().get_secret(SET_SMTP_PW_REF)
-else:
- SMTP_PASSWORD = SET_SMTP_PW
-
-##
-## GitHub to Jenkins Webhook ##
-if os.getenv('JENKINS_ENABLED'):
- JENKINS_ENABLED = os.getenv('JENKINS_ENABLED')
-else:
- JENKINS_ENABLED = SET_JENKINS_ENABLED
-if JENKINS_ENABLED == 'yes':
- if ENV == 'prod':
- if os.getenv('JENKINS_USER'):
- JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
- else:
- JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
- if os.getenv('JENKINS_KEY'):
- JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
- else:
- JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
- if os.getenv('JENKINS_TOKEN'):
- JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
- else:
- JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
- else:
- JENKINS_USER = SET_JENKINS_USER
- JENKINS_KEY = SET_JENKINS_KEY
- JENKINS_TOKEN = SET_JENKINS_TOKEN
-
- if os.getenv('JENKINS_PROJECT'):
- JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
- else:
- JENKINS_PROJECT = SET_JENKINS_PROJECT
-
- if os.getenv('JENKINS_HOST'):
- JENKINS_HOST = os.getenv('JENKINS_HOST')
- else:
- JENKINS_HOST = SET_JENKINS_HOST
-
- if os.getenv('JENKINS_STAGING_PROJECT'):
- JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
- else:
- JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
-else:
- JENKINS_USER = ""
- JENKINS_KEY = ""
- JENKINS_TOKEN = ""
- JENKINS_PROJECT = ""
- JENKINS_HOST = ""
- JENKINS_STAGING_PROJECT = ""
-
-## ServiceNOW Integration
-if os.getenv('SNOW_ENABLED'):
- SNOW_ENABLED = os.getenv('SNOW_ENABLED')
-else:
- SNOW_ENABLED = SET_SNOW_ENABLED
-if SNOW_ENABLED == 'yes':
- if ENV == 'prod':
- if os.getenv('SNOW_PASSWORD'):
- SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
- else:
- SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
- if os.getenv('SNOW_CLIENT_SECRET'):
- SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
- else:
- SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
- if os.getenv('SNOW_INSTANCE_NAME'):
- SNOW_INSTANCE_NAME = os.getenv('SNOW_INSTANCE_NAME')
- else:
- SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
- if os.getenv('SNOW_CLIENT_ID'):
- SNOW_CLIENT_ID = os.getenv('SNOW_CLIENT_ID')
- else:
- SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
- if os.getenv('SNOW_USERNAME'):
- SNOW_USERNAME = os.getenv('SNOW_USERNAME')
- else:
- SNOW_USERNAME = SET_SNOW_USERNAME
- else:
- SNOW_PASSWORD = SET_SNOW_PASSWORD
- SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
- SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
- SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
- SNOW_USERNAME = SET_SNOW_USERNAME
-else:
- SNOW_PASSWORD = ""
- SNOW_CLIENT_SECRET = ""
- SNOW_INSTANCE_NAME = ""
- SNOW_CLIENT_ID = ""
- SNOW_USERNAME = ""
diff --git a/src/run.py b/src/run.py
index 7f0f15c7..b67be678 100644
--- a/src/run.py
+++ b/src/run.py
@@ -4,10 +4,9 @@
import datetime
import os
from vr.admin.oauth2 import config_oauth
-from config_engine import ENV, INSECURE_OAUTH
-if ENV == 'test' or INSECURE_OAUTH:
+if app.config['ENV'] == 'test' or app.config['INSECURE_OAUTH']:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
else:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '0'
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 42a86ea1..2f3ccf73 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -1,8 +1,6 @@
import datetime
import requests
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
- LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
- AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, JENKINS_ENABLED
+from config_engine import getConfigs
from flask import Flask
from flask_bootstrap import Bootstrap
from flask_login import LoginManager
@@ -11,8 +9,7 @@
from flask_wtf.csrf import CSRFProtect
from flaskext.markdown import Markdown
from vr.db_models.setup import _init_db
-if AUTH_TYPE == 'ldap':
- from flask_ldap3_login import LDAP3LoginManager
+
import base64
import logging
import sys
@@ -31,48 +28,41 @@
from requests.auth import HTTPBasicAuth
from vr.db_models.updates import createNewTables
-if AUTH_TYPE == 'azuread':
+
+app = Flask(__name__)
+
+getConfigs(app.config)
+
+if app.config['AUTH_TYPE'] == 'azuread':
from flask_session import Session
import msal
from flask import session, url_for
+if app.config['AUTH_TYPE'] == 'ldap':
+ from flask_ldap3_login import LDAP3LoginManager
-app = Flask(__name__)
moment = Moment(app)
Markdown(app)
csrf = CSRFProtect(app)
-app.config['APP_EXT_URL'] = APP_EXT_URL
-
-app.config['RUNTIME_ENV'] = ENV
+app.config['RUNTIME_ENV'] = app.config['ENV']
if app.config['RUNTIME_ENV'] == 'test':
DB_URI = 'sqlite:///database.db'
import sqlite3
else:
- DB_URI = PROD_DB_URI
+ DB_URI = app.config['PROD_DB_URI']
import mysql.connector
app.config['SQLALCHEMY_DATABASE_URI'] = DB_URI
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-if AUTH_TYPE == 'ldap':
- # LDAP Configuration
- app.config['LDAP_HOST'] = LDAP_HOST
- app.config['LDAP_PORT'] = LDAP_PORT
- app.config['LDAP_BASE_DN'] = LDAP_BASE_DN
- app.config['LDAP_USER_DN'] = LDAP_USER_DN
- app.config['LDAP_GROUP_DN'] = LDAP_GROUP_DN
- app.config['LDAP_USER_RDN_ATTR'] = LDAP_USER_RDN_ATTR
- app.config['LDAP_USER_LOGIN_ATTR'] = LDAP_USER_LOGIN_ATTR
- app.config['LDAP_BIND_USER_DN'] = LDAP_BIND_USER_DN
- app.config['LDAP_BIND_USER_PASSWORD'] = LDAP_BIND_USER_PASSWORD
-
+if app.config['AUTH_TYPE'] == 'ldap':
# Flask-LDAP3-Login Manager
ldap_manager = LDAP3LoginManager(app)
-elif AUTH_TYPE == 'azuread':
- app.config['CLIENT_ID'] = AZAD_CLIENT_ID
- app.config['CLIENT_SECRET'] = AZAD_CLIENT_SECRET
- app.config['AUTHORITY'] = AZAD_AUTHORITY
+elif app.config['AUTH_TYPE'] == 'azuread':
+ app.config['CLIENT_ID'] = app.config['AZAD_CLIENT_ID']
+ app.config['CLIENT_SECRET'] = app.config['AZAD_CLIENT_SECRET']
+ app.config['AUTHORITY'] = app.config['AZAD_AUTHORITY']
app.config['REDIRECT_PATH'] = "/getAToken"
app.config['ENDPOINT'] = 'https://graph.microsoft.com/v1.0/me/memberOf'
app.config['SCOPE'] = ["User.ReadBasic.All", "Group.Read.All", "Application.Read.All"]
@@ -151,7 +141,7 @@ def _get_token_from_cache(scope=None):
app.register_blueprint(api)
bootstrap = Bootstrap(app)
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
login_manager.init_app(app)
login_manager.login_view = 'admin.login'
@@ -162,9 +152,10 @@ def _get_token_from_cache(scope=None):
app.logger.addHandler(stdout_handler)
+
@app.template_filter('format_datetime')
def format_datetime(value):
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
try:
formatted = datetime.datetime.strptime(value, "%Y-%m-%dT%H:%M:%S.%f")
except:
@@ -185,6 +176,8 @@ def base64encode(value):
createNewTables(app)
## Cronjob-like tasks section ##
+
+
def train_model_every_six_hours():
scheduler = BackgroundScheduler()
scheduler.add_job(train_model, 'interval', hours=6)
@@ -220,6 +213,53 @@ def connect_to_db():
cur = db.cursor()
return cur, db
+def getPersistentConfig():
+ try:
+ cur, db = connect_to_db()
+ sql = 'SELECT * FROM AppConfig WHERE 1=1'
+ cur.execute(sql)
+ row = cur.fetchone()
+ if row[2]:
+ app.config['APP_EXT_URL'] = row[3]
+ app.config['AUTH_TYPE'] = row[4]
+ app.config['AZAD_AUTHORITY'] = row[5]
+ app.config['AZAD_CLIENT_ID'] = row[6]
+ app.config['AZAD_CLIENT_SECRET'] = row[7]
+ app.config['AZURE_KEYVAULT_NAME'] = row[8]
+ app.config['ENV'] = row[9]
+ app.config['INSECURE_OAUTH'] = row[10]
+ app.config['JENKINS_ENABLED'] = row[37]
+ app.config['JENKINS_HOST'] = row[11]
+ app.config['JENKINS_KEY'] = row[12]
+ app.config['JENKINS_PROJECT'] = row[13]
+ app.config['JENKINS_STAGING_PROJECT'] = row[14]
+ app.config['JENKINS_TOKEN'] = row[15]
+ app.config['JENKINS_USER'] = row[16]
+ app.config['LDAP_BASE_DN'] = row[17]
+ app.config['LDAP_BIND_USER_DN'] = row[18]
+ app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+ app.config['LDAP_GROUP_DN'] = row[20]
+ app.config['LDAP_HOST'] = row[21]
+ app.config['LDAP_PORT'] = row[22]
+ app.config['LDAP_USER_DN'] = row[23]
+ app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+ app.config['LDAP_USER_RDN_ATTR'] = row[25]
+ app.config['PROD_DB_URI'] = row[26]
+ app.config['SMTP_ADMIN_EMAIL'] = row[27]
+ app.config['SMTP_HOST'] = row[28]
+ app.config['SMTP_PASSWORD'] = row[29]
+ app.config['SMTP_USER'] = row[30]
+ app.config['SNOW_ENABLED'] = row[38]
+ app.config['SNOW_CLIENT_ID'] = row[31]
+ app.config['SNOW_CLIENT_SECRET'] = row[32]
+ app.config['SNOW_INSTANCE_NAME'] = row[33]
+ app.config['SNOW_PASSWORD'] = row[34]
+ app.config['SNOW_USERNAME'] = row[35]
+ app.config['VERSION'] = row[36]
+ except:
+ print('AppConfig Database table is either unreachable or not setup.')
+
+getPersistentConfig()
def train_model():
try:
@@ -337,7 +377,7 @@ def rsa_long_decrypt(priv_obj, msg, length=256):
def get_jenkins_data():
- user_check = JENKINS_USER
+ user_check = app.config['JENKINS_USER']
if user_check != 'changeme':
app.logger.info('Getting Jenkins Data')
cur, db = connect_to_db()
@@ -452,5 +492,5 @@ def get_jenkins_data():
# Call the Jobs Here #
train_model_every_six_hours()
-if JENKINS_ENABLED == 'yes':
+if app.config['JENKINS_ENABLED'] == 'yes':
get_jenkins_data_every_hour()
diff --git a/src/vr/admin/auth_functions.py b/src/vr/admin/auth_functions.py
index 20ddf7ca..885020c6 100644
--- a/src/vr/admin/auth_functions.py
+++ b/src/vr/admin/auth_functions.py
@@ -1,7 +1,7 @@
import jwt
from time import time
from vr.functions.mysql_db import connect_to_db
-from config_engine import ENV
+from vr import app
# Error handler
@@ -49,7 +49,7 @@ def create_api_key(user_id, otp_secret, expires_in=2592000):
def verify_api_key(token):
try:
cur, db = connect_to_db()
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=?'
else:
sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=%s'
diff --git a/src/vr/admin/email_alerts.py b/src/vr/admin/email_alerts.py
index a1c48da3..698b5138 100644
--- a/src/vr/admin/email_alerts.py
+++ b/src/vr/admin/email_alerts.py
@@ -1,7 +1,7 @@
import smtplib
from email.mime import multipart
from email.mime import text as mimetext
-from config_engine import SMTP_HOST, SMTP_USER, SMTP_PASSWORD, SMTP_ADMIN_EMAIL
+from vr import app
def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
@@ -11,9 +11,9 @@ def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
msg['To'] = msg_toaddr
msg['Subject'] = msg_subject
msg.attach(mimetext.MIMEText(message, 'html'))
- server = smtplib.SMTP(SMTP_HOST)
+ server = smtplib.SMTP(app.config['SMTP_HOST'])
server.starttls()
- server.login(SMTP_USER, SMTP_PASSWORD)
+ server.login(app.config['SMTP_USER'], app.config['SMTP_PASSWORD'])
server.ehlo()
text = msg.as_string()
server.sendmail(msg_fromaddr, msg_toaddr, text)
@@ -24,7 +24,7 @@ def send_registration_email(ext_url, username, first_name, last_name, token, ema
msg_subject = "SecuSphere User Registration"
msg_body = generate_registration_msg(ext_url, username, first_name, last_name, token)
try:
- send_email(SMTP_ADMIN_EMAIL, email_to, msg_subject, msg_body)
+ send_email(app.config['SMTP_ADMIN_EMAIL'], email_to, msg_subject, msg_body)
except:
return 'error'
diff --git a/src/vr/admin/models.py b/src/vr/admin/models.py
index 89785772..d5d5e4ad 100644
--- a/src/vr/admin/models.py
+++ b/src/vr/admin/models.py
@@ -3,7 +3,7 @@
from flask_login import UserMixin
from vr import db, app
from vr.functions.mysql_db import connect_to_db
-from datetime import datetime, timedelta
+from datetime import datetime
import jwt
from vr.admin.helper_functions import hash_password,verify_password
from vr.admin.functions import db_connection_handler
@@ -17,8 +17,7 @@
OAuth2AuthorizationCodeMixin,
OAuth2TokenMixin,
)
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
from vr import ldap_manager
if app.config['RUNTIME_ENV'] == 'test':
@@ -190,11 +189,11 @@ def verify_username_token(self, token, given_id):
else:
return
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
@login_manager.user_loader
def load_user(id):
return User.query.get(int(id))
-elif AUTH_TYPE == 'ldap':
+elif app.config['AUTH_TYPE'] == 'ldap':
# User Loader for LDAP
@login_manager.user_loader
def load_user(user_id):
diff --git a/src/vr/admin/routes/forgotpw.py b/src/vr/admin/routes/forgotpw.py
index 2d12cd59..f6d50228 100644
--- a/src/vr/admin/routes/forgotpw.py
+++ b/src/vr/admin/routes/forgotpw.py
@@ -6,7 +6,6 @@
from vr.admin.email_alerts import send_email, generate_evnt_msg
from vr.functions.timefunctions import return_datetime_now
from vr.admin.helper_functions import hash_password
-from config_engine import SMTP_ADMIN_EMAIL
from vr.admin.functions import db_connection_handler
@@ -32,7 +31,7 @@ def forgotpw():
action_list = [action]
st = 'n'
msg_body = generate_evnt_msg(msg_subject, now, evt_list, action_list, st)
- msg_fromaddr = SMTP_ADMIN_EMAIL
+ msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
try:
send_email(msg_fromaddr, email, msg_subject, msg_body)
warnmsg = ('pwresetemail', 'success')
diff --git a/src/vr/admin/routes/forgotun.py b/src/vr/admin/routes/forgotun.py
index 80c52425..d8a0d2fa 100644
--- a/src/vr/admin/routes/forgotun.py
+++ b/src/vr/admin/routes/forgotun.py
@@ -5,7 +5,6 @@
from vr.admin.models import User, LoginForm
from vr.admin.email_alerts import send_email, generate_evnt_msg
from vr.functions.timefunctions import return_datetime_now
-from config_engine import SMTP_ADMIN_EMAIL
NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
@@ -28,7 +27,7 @@ def forgotun():
action_list = [action]
st = 'n'
msg_body = generate_evnt_msg(msg_subject,now,evt_list,action_list,st)
- msg_fromaddr = SMTP_ADMIN_EMAIL
+ msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
try:
send_email(msg_fromaddr, email, msg_subject, msg_body)
warnmsg = ('pwresetemail', 'success')
diff --git a/src/vr/admin/routes/login.py b/src/vr/admin/routes/login.py
index 9eed58a7..d7f641f1 100644
--- a/src/vr/admin/routes/login.py
+++ b/src/vr/admin/routes/login.py
@@ -8,10 +8,9 @@
from vr.admin.models import User, LoginForm, AuthAttempts, AppConfig
from vr.admin.functions import _auth_user, _entity_permissions_filter, _entity_page_permissions_filter, check_lockout, log_failed_attempt
from vr.admin.functions import db_connection_handler
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
from flask_ldap3_login.forms import LDAPLoginForm
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
import requests
import msal
from vr import _build_auth_code_flow, _load_cache, _save_cache, _build_msal_app, _get_token_from_cache
@@ -35,7 +34,7 @@ def login():
return redirect(url_for('admin.register'))
ad_auth_url = None
warnmsg = ''
- if AUTH_TYPE == 'local':
+ if app.config['AUTH_TYPE'] == 'local':
if current_user.is_authenticated:
flash('You are already logged in.', 'danger')
return redirect(url_for('assets.all_applications'))
@@ -60,7 +59,7 @@ def login():
mfa_password = resp[2]
# attempt to log the user in
return _login_attempt(user, username, password, userid, form, mfa_password)
- elif AUTH_TYPE == 'ldap':
+ elif app.config['AUTH_TYPE'] == 'ldap':
form = LDAPLoginForm()
if form.validate_on_submit():
# Log the user in
@@ -71,15 +70,15 @@ def login():
# Print the form errors
print("Form validation failed with errors:", form.errors)
return render_template(LDAP_LOGIN_TEMPLATE, form=form, errors=form.errors)
- elif AUTH_TYPE == 'azuread':
+ elif app.config['AUTH_TYPE'] == 'azuread':
form = LoginForm(request.form)
session["flow"] = _build_auth_code_flow(scopes=app.config['SCOPE'])
ad_auth_url = session["flow"]["auth_uri"]
if form.errors:
warnmsg = (form.errors, 'danger')
- return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=AUTH_TYPE, auth_url=ad_auth_url)
+ return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=app.config['AUTH_TYPE'], auth_url=ad_auth_url)
-if AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'azuread':
@app.route(app.config['REDIRECT_PATH']) # Its absolute URL must match your app's redirect_uri set in AAD
def authorized():
try:
diff --git a/src/vr/admin/routes/logout.py b/src/vr/admin/routes/logout.py
index 218cd357..781302c9 100644
--- a/src/vr/admin/routes/logout.py
+++ b/src/vr/admin/routes/logout.py
@@ -1,20 +1,20 @@
from flask_login import logout_user, login_required
from flask import session, redirect, url_for
from vr.admin import admin
-from config_engine import AUTH_TYPE
+from vr import app
NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
-if AUTH_TYPE == 'local':
+if app.config['AUTH_TYPE'] == 'local':
@admin.route('/logout')
@login_required
def logout():
logout_user()
del session['username']
return redirect(url_for('admin.login'))
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
@admin.route('/logout')
def logout():
logout_user()
diff --git a/src/vr/admin/routes/register.py b/src/vr/admin/routes/register.py
index 38f0b3f8..1f6f38a8 100644
--- a/src/vr/admin/routes/register.py
+++ b/src/vr/admin/routes/register.py
@@ -13,7 +13,6 @@
from vr.admin.helper_functions import hash_password
from vr.admin.email_alerts import send_registration_email
from vr.functions.initial_setup import setup_core_db_tables, generate_key_pair
-from config_engine import ENV
from vr.db_models.setup_2 import _init_db
@@ -115,7 +114,7 @@ def register_submit():
_init_db(db=db)
generate_key_pair()
- setup_core_db_tables(ENV)
+ setup_core_db_tables(app.config['ENV'])
admin_role = UserRoles.query.filter_by(name='Admin').first()
ura = UserRoleAssignments(user_id=user.id, role_id=admin_role.id)
db.session.add(ura)
diff --git a/src/vr/admin/routes/settings.py b/src/vr/admin/routes/settings.py
index fea3e3b5..532ae0d5 100644
--- a/src/vr/admin/routes/settings.py
+++ b/src/vr/admin/routes/settings.py
@@ -5,16 +5,8 @@
# Start of Entity-specific Imports
from vr.admin import admin
from vr.admin.functions import _auth_user, check_menu_tour_init
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
- LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
- AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, AZURE_KEYVAULT_NAME, INSECURE_OAUTH, \
- JENKINS_HOST, JENKINS_KEY, JENKINS_PROJECT, JENKINS_STAGING_PROJECT, JENKINS_TOKEN, SMTP_ADMIN_EMAIL, \
- SMTP_HOST, SMTP_PASSWORD, SMTP_USER, SNOW_CLIENT_ID, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_PASSWORD, \
- SNOW_USERNAME, VERSION, JENKINS_ENABLED, SNOW_ENABLED
-from flask_sqlalchemy import SQLAlchemy
from vr.admin.models import AppConfig
from vr.admin.functions import db_connection_handler
-from sqlalchemy import text
NAV = {
@@ -44,7 +36,7 @@ def settings():
AppConfig.AZAD_CLIENT_ID: all["AZAD_CLIENT_ID"],
AppConfig.AZAD_CLIENT_SECRET: all["AZAD_CLIENT_SECRET"],
AppConfig.AZURE_KEYVAULT_NAME: all["AZURE_KEYVAULT_NAME"],
- AppConfig.ENV: ENV,
+ AppConfig.ENV: app.config['ENV'],
AppConfig.INSECURE_OAUTH: all["INSECURE_OAUTH"],
AppConfig.JENKINS_HOST: all["JENKINS_HOST"],
AppConfig.JENKINS_KEY: all["JENKINS_KEY"],
@@ -71,7 +63,7 @@ def settings():
AppConfig.SNOW_INSTANCE_NAME: all["SNOW_INSTANCE_NAME"],
AppConfig.SNOW_PASSWORD: all["SNOW_PASSWORD"],
AppConfig.SNOW_USERNAME: all["SNOW_USERNAME"],
- AppConfig.VERSION: VERSION,
+ AppConfig.VERSION: app.config['VERSION'],
}
if not app_config.settings_initialized:
update_json[AppConfig.settings_initialized] = True
@@ -88,7 +80,7 @@ def settings():
"AZAD_CLIENT_ID": all["AZAD_CLIENT_ID"],
"AZAD_CLIENT_SECRET": all["AZAD_CLIENT_SECRET"],
"AZURE_KEYVAULT_NAME": all["AZURE_KEYVAULT_NAME"],
- "ENV": ENV,
+ "ENV": app.config['ENV'],
"INSECURE_OAUTH": all["INSECURE_OAUTH"],
"JENKINS_HOST": all["JENKINS_HOST"],
"JENKINS_KEY": all["JENKINS_KEY"],
@@ -115,7 +107,7 @@ def settings():
"SNOW_INSTANCE_NAME": all["SNOW_INSTANCE_NAME"],
"SNOW_PASSWORD": all["SNOW_PASSWORD"],
"SNOW_USERNAME": all["SNOW_USERNAME"],
- "VERSION": VERSION,
+ "VERSION": app.config['VERSION'],
}
else:
app_config = AppConfig.query.first()
@@ -160,42 +152,42 @@ def settings():
}
else:
current_settings = {
- "JENKINS_ENABLED": JENKINS_ENABLED,
- "SNOW_ENABLED": SNOW_ENABLED,
- "APP_EXT_URL": APP_EXT_URL,
- "AUTH_TYPE": AUTH_TYPE,
- "AZAD_AUTHORITY":AZAD_AUTHORITY,
- "AZAD_CLIENT_ID": AZAD_CLIENT_ID,
- "AZAD_CLIENT_SECRET": AZAD_CLIENT_SECRET,
- "AZURE_KEYVAULT_NAME": AZURE_KEYVAULT_NAME,
- "ENV": ENV,
- "INSECURE_OAUTH": INSECURE_OAUTH,
- "JENKINS_HOST": JENKINS_HOST,
- "JENKINS_KEY": JENKINS_KEY,
- "JENKINS_PROJECT": JENKINS_PROJECT,
- "JENKINS_STAGING_PROJECT": JENKINS_STAGING_PROJECT,
- "JENKINS_USER": JENKINS_USER,
- "JENKINS_TOKEN": JENKINS_TOKEN,
- "LDAP_BASE_DN": LDAP_BASE_DN,
- "LDAP_BIND_USER_DN": LDAP_BIND_USER_DN,
- "LDAP_BIND_USER_PASSWORD": LDAP_BIND_USER_PASSWORD,
- "LDAP_GROUP_DN": LDAP_GROUP_DN,
- "LDAP_HOST": LDAP_HOST,
- "LDAP_PORT": LDAP_PORT,
- "LDAP_USER_DN": LDAP_USER_DN,
- "LDAP_USER_LOGIN_ATTR": LDAP_USER_LOGIN_ATTR,
- "LDAP_USER_RDN_ATTR": LDAP_USER_RDN_ATTR,
- "PROD_DB_URI": PROD_DB_URI,
- "SMTP_ADMIN_EMAIL": SMTP_ADMIN_EMAIL,
- "SMTP_HOST": SMTP_HOST,
- "SMTP_USER": SMTP_USER,
- "SMTP_PASSWORD": SMTP_PASSWORD,
- "SNOW_CLIENT_ID": SNOW_CLIENT_ID,
- "SNOW_CLIENT_SECRET": SNOW_CLIENT_SECRET,
- "SNOW_INSTANCE_NAME": SNOW_INSTANCE_NAME,
- "SNOW_USERNAME": SNOW_USERNAME,
- "SNOW_PASSWORD": SNOW_PASSWORD,
- "VERSION": VERSION,
+ "JENKINS_ENABLED": app.config['JENKINS_ENABLED'],
+ "SNOW_ENABLED": app.config['SNOW_ENABLED'],
+ "APP_EXT_URL": app.config['APP_EXT_URL'],
+ "AUTH_TYPE": app.config['AUTH_TYPE'],
+ "AZAD_AUTHORITY": app.config['AZAD_AUTHORITY'],
+ "AZAD_CLIENT_ID": app.config['AZAD_CLIENT_ID'],
+ "AZAD_CLIENT_SECRET": app.config['AZAD_CLIENT_SECRET'],
+ "AZURE_KEYVAULT_NAME": app.config['AZURE_KEYVAULT_NAME'],
+ "ENV": app.config['ENV'],
+ "INSECURE_OAUTH": app.config['INSECURE_OAUTH'],
+ "JENKINS_HOST": app.config['JENKINS_HOST'],
+ "JENKINS_KEY": app.config['JENKINS_KEY'],
+ "JENKINS_PROJECT": app.config['JENKINS_PROJECT'],
+ "JENKINS_STAGING_PROJECT": app.config['JENKINS_STAGING_PROJECT'],
+ "JENKINS_USER": app.config['JENKINS_USER'],
+ "JENKINS_TOKEN": app.config['JENKINS_TOKEN'],
+ "LDAP_BASE_DN": app.config['LDAP_BASE_DN'],
+ "LDAP_BIND_USER_DN": app.config['LDAP_BIND_USER_DN'],
+ "LDAP_BIND_USER_PASSWORD": app.config['LDAP_BIND_USER_PASSWORD'],
+ "LDAP_GROUP_DN": app.config['LDAP_GROUP_DN'],
+ "LDAP_HOST": app.config['LDAP_HOST'],
+ "LDAP_PORT": app.config['LDAP_PORT'],
+ "LDAP_USER_DN": app.config['LDAP_USER_DN'],
+ "LDAP_USER_LOGIN_ATTR": app.config['LDAP_USER_LOGIN_ATTR'],
+ "LDAP_USER_RDN_ATTR": app.config['LDAP_USER_RDN_ATTR'],
+ "PROD_DB_URI": app.config['PROD_DB_URI'],
+ "SMTP_ADMIN_EMAIL": app.config['SMTP_ADMIN_EMAIL'],
+ "SMTP_HOST": app.config['SMTP_HOST'],
+ "SMTP_USER": app.config['SMTP_USER'],
+ "SMTP_PASSWORD": app.config['SMTP_PASSWORD'],
+ "SNOW_CLIENT_ID": app.config['SNOW_CLIENT_ID'],
+ "SNOW_CLIENT_SECRET": app.config['SNOW_CLIENT_SECRET'],
+ "SNOW_INSTANCE_NAME": app.config['SNOW_INSTANCE_NAME'],
+ "SNOW_USERNAME": app.config['SNOW_USERNAME'],
+ "SNOW_PASSWORD": app.config['SNOW_PASSWORD'],
+ "VERSION": app.config['VERSION'],
}
cat_general = [
'APP_EXT_URL',
@@ -257,7 +249,7 @@ def set_env_variables(form):
os.environ['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
os.environ['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
os.environ['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
- os.environ['ENV'] = ENV
+ os.environ['ENV'] = app.config['ENV']
os.environ['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
os.environ['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
os.environ['JENKINS_HOST'] = form["JENKINS_HOST"]
@@ -286,7 +278,43 @@ def set_env_variables(form):
os.environ['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
os.environ['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
os.environ['SNOW_USERNAME'] = form["SNOW_USERNAME"]
- os.environ['VERSION'] = VERSION
+ os.environ['VERSION'] = app.config['VERSION']
+ app.config['APP_EXT_URL'] = form["APP_EXT_URL"]
+ app.config['AUTH_TYPE'] = form["AUTH_TYPE"]
+ app.config['AZAD_AUTHORITY'] = form["AZAD_AUTHORITY"]
+ app.config['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
+ app.config['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
+ app.config['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
+ app.config['ENV'] = app.config['ENV']
+ app.config['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
+ app.config['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
+ app.config['JENKINS_HOST'] = form["JENKINS_HOST"]
+ app.config['JENKINS_KEY'] = form["JENKINS_KEY"]
+ app.config['JENKINS_PROJECT'] = form["JENKINS_PROJECT"]
+ app.config['JENKINS_STAGING_PROJECT'] = form["JENKINS_STAGING_PROJECT"]
+ app.config['JENKINS_TOKEN'] = form["JENKINS_TOKEN"]
+ app.config['JENKINS_USER'] = form["JENKINS_USER"]
+ app.config['LDAP_BASE_DN'] = form["LDAP_BASE_DN"]
+ app.config['LDAP_BIND_USER_DN'] = form["LDAP_BIND_USER_DN"]
+ app.config['LDAP_BIND_USER_PASSWORD'] = form["LDAP_BIND_USER_PASSWORD"]
+ app.config['LDAP_GROUP_DN'] = form["LDAP_GROUP_DN"]
+ app.config['LDAP_HOST'] = form["LDAP_HOST"]
+ app.config['LDAP_PORT'] = form["LDAP_PORT"]
+ app.config['LDAP_USER_DN'] = form["LDAP_USER_DN"]
+ app.config['LDAP_USER_LOGIN_ATTR'] = form["LDAP_USER_LOGIN_ATTR"]
+ app.config['LDAP_USER_RDN_ATTR'] = form["LDAP_USER_RDN_ATTR"]
+ app.config['PROD_DB_URI'] = form["PROD_DB_URI"]
+ app.config['SMTP_ADMIN_EMAIL'] = form["SMTP_ADMIN_EMAIL"]
+ app.config['SMTP_HOST'] = form["SMTP_HOST"]
+ app.config['SMTP_PASSWORD'] = form["SMTP_PASSWORD"]
+ app.config['SMTP_USER'] = form["SMTP_USER"]
+ app.config['SNOW_ENABLED'] = form["SNOW_ENABLED"]
+ app.config['SNOW_CLIENT_ID'] = form["SNOW_CLIENT_ID"]
+ app.config['SNOW_CLIENT_SECRET'] = form["SNOW_CLIENT_SECRET"]
+ app.config['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
+ app.config['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
+ app.config['SNOW_USERNAME'] = form["SNOW_USERNAME"]
+ app.config['VERSION'] = app.config['VERSION']
@admin.route('/dangerous/delete_all', methods=['POST'])
@@ -300,7 +328,7 @@ def delete_all_data():
nav_subsubcat='', nav_curpage={"name": "Unauthorized"})
try:
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
# Ensure all connections to the database are closed
db.session.close()
db.engine.dispose()
diff --git a/src/vr/admin/routes/users.py b/src/vr/admin/routes/users.py
index 5e461b33..95f12ae3 100644
--- a/src/vr/admin/routes/users.py
+++ b/src/vr/admin/routes/users.py
@@ -8,7 +8,6 @@
from sqlalchemy import text
from flask import request, render_template, session, redirect, url_for, json
from flask_login import login_required
-from config_engine import AUTH_TYPE
from vr.functions.table_functions import load_table, update_table
from vr.admin.email_alerts import send_registration_email
from vr.assets.model.businessapplications import BusinessApplications
@@ -296,7 +295,7 @@ def add_new_user():
first_name=firstname,
last_name=lastname,
is_active=False,
- auth_type=AUTH_TYPE,
+ auth_type=app.config['AUTH_TYPE'],
otp_secret=otp_secret,
user_type='system',
avatar_path='/static/images/default_profile_avatar.jpg'
diff --git a/src/vr/api/integrations/servicenow.py b/src/vr/api/integrations/servicenow.py
index 5f76555a..ec06d99f 100644
--- a/src/vr/api/integrations/servicenow.py
+++ b/src/vr/api/integrations/servicenow.py
@@ -1,13 +1,12 @@
from flask import jsonify, request
import requests
import json
+from vr import app
from vr.api import api
from vr.admin.oauth2 import require_oauth
from authlib.integrations.flask_oauth2 import current_token
from vr.admin.auth_functions import verify_api_key, get_token_auth_header
from vr.functions.routing_functions import check_entity_permissions
-from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
-from config_engine import SNOW_PASSWORD, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_CLIENT_ID, SNOW_USERNAME
ERROR_RESP = "Error: Invalid API Request"
@@ -184,11 +183,11 @@ def create_new_collaboration_tools(snow_obj, app_name, app_desc):
return sys_id_map
# ServiceNow instance details
-INSTANCE_NAME = SNOW_INSTANCE_NAME
-CLIENT_ID = SNOW_CLIENT_ID
-CLIENT_SECRET = SNOW_CLIENT_SECRET
-USERNAME = SNOW_USERNAME
-PASSWORD = SNOW_PASSWORD
+INSTANCE_NAME = app.config['SNOW_INSTANCE_NAME']
+CLIENT_ID = app.config['SNOW_CLIENT_ID']
+CLIENT_SECRET = app.config['SNOW_CLIENT_SECRET']
+USERNAME = app.config['SNOW_USERNAME']
+PASSWORD = app.config['SNOW_PASSWORD']
TOKEN_URL = f'https://{INSTANCE_NAME}.service-now.com/oauth_token.do'
TOKEN_DATA = {
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 28f1824e..0b2e8b2d 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -2,10 +2,11 @@
import datetime
from threading import Thread
from flask import jsonify, request, json
-from vr import db
+from vr import db, app
from vr.api import api
from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
+# from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
+from config_engine import getConfigs
from vr.admin.oauth2 import require_oauth
from sqlalchemy import text
from vr.assets.model.cicdpipelinebuilds import CICDPipelineBuilds
@@ -25,6 +26,7 @@
@api.route('/api/jenkins_webhook', methods=['POST'])
@require_oauth('write:vulnerabilities')
def jenkins_webhook():
+ getConfigs(app.config)
all = request.form
payload_dict = json.loads(all['payload'])
ref = payload_dict['ref']
diff --git a/src/vr/api/vulns/vulnerabilities.py b/src/vr/api/vulns/vulnerabilities.py
index 68360c8b..b151f5bf 100644
--- a/src/vr/api/vulns/vulnerabilities.py
+++ b/src/vr/api/vulns/vulnerabilities.py
@@ -16,7 +16,6 @@
from vr.admin.oauth2 import require_oauth
from vr.admin.functions import db_connection_handler
from authlib.integrations.flask_oauth2 import current_token
-from config_engine import ENV
import re
@@ -295,7 +294,7 @@ def _add_new_vulns(new_vulns, engine):
def _setup_duplicate_vulns(source_type, dup_vulns):
sourced_dup_vulns = []
for vuln in dup_vulns:
- if ENV == 'test':
+ if app.config['ENV'] == 'test':
vuln['LastModifiedDate'] = datetime.datetime.utcnow().replace(microsecond=0)
if vuln['ReleaseDate']:
vuln['ReleaseDate'] = datetime.datetime.strptime(vuln['ReleaseDate'], '%Y-%m-%d %H:%M:%S')
diff --git a/src/vr/db_models/setup.py b/src/vr/db_models/setup.py
index b36fdc22..cb37b344 100644
--- a/src/vr/db_models/setup.py
+++ b/src/vr/db_models/setup.py
@@ -1,11 +1,6 @@
from datetime import datetime
from sqlalchemy.types import TEXT, DECIMAL
from flask import jsonify
-from config_engine import ENV
-if ENV == 'test':
- from sqlalchemy.dialects.sqlite import TEXT as LONGTEXT
-else:
- from sqlalchemy.dialects.mysql import LONGTEXT
from flask_sqlalchemy import SQLAlchemy
from sqlalchemy.dialects import mysql
from flask_login import UserMixin
@@ -176,9 +171,9 @@ class TmControls(db.Model):
__tablename__ = 'TmControls'
ID = db.Column(db.Integer, primary_key=True)
AddDate = db.Column(db.DateTime, index=True, default=datetime.utcnow, nullable=False)
- Control = db.Column(LONGTEXT)
+ Control = db.Column(db.String(20000))
Type = db.Column(db.String(8))
- Description = db.Column(LONGTEXT)
+ Description = db.Column(db.String(20000))
Lambda = db.Column(db.String(1))
Process = db.Column(db.String(1))
Server = db.Column(db.String(1))
diff --git a/src/vr/db_models/setup_2.py b/src/vr/db_models/setup_2.py
index d47ba210..0d98c122 100644
--- a/src/vr/db_models/setup_2.py
+++ b/src/vr/db_models/setup_2.py
@@ -2,8 +2,8 @@
from sqlalchemy.types import TEXT, DECIMAL
from sqlalchemy import MetaData
from vr.admin.functions import db_connection_handler
-from config_engine import ENV
-if ENV == 'test':
+from vr import app
+if app.config['ENV'] == 'test':
from sqlalchemy.dialects.sqlite import TEXT as LONGTEXT
else:
from sqlalchemy.dialects.mysql import LONGTEXT
diff --git a/src/vr/orchestration/web/pipeline_jobs.py b/src/vr/orchestration/web/pipeline_jobs.py
index e9fcc7ee..2ef5390b 100644
--- a/src/vr/orchestration/web/pipeline_jobs.py
+++ b/src/vr/orchestration/web/pipeline_jobs.py
@@ -11,7 +11,6 @@
from vr.orchestration.model.cicdpipelines import CICDPipelines, CICDPipelinesSchema
from vr.orchestration.model.pipelinejobs import PipelineJobs, PipelineJobsSchema
from vr.orchestration.web.pipeline_stage_data import OPTS
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_STAGING_PROJECT, JENKINS_HOST, JENKINS_TOKEN
NAV = {
@@ -248,7 +247,7 @@ def validate_cicd_pipeline_stage(appid):
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'GIT_BRANCH': git_branch,
'APP_NAME': app_name,
@@ -261,8 +260,8 @@ def validate_cicd_pipeline_stage(appid):
'TARGET_URL': target_url
}
- url = f'{JENKINS_HOST}/job/{JENKINS_STAGING_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_STAGING_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
return str(200)
diff --git a/src/vr/templates/admin/settings.html b/src/vr/templates/admin/settings.html
index a7564e1a..f5da3318 100644
--- a/src/vr/templates/admin/settings.html
+++ b/src/vr/templates/admin/settings.html
@@ -134,7 +134,7 @@
General Settings
{% elif key == "PROD_DB_URI" %}
-
+
{% elif key == "ENV" or key == "VERSION" %}
{% else %}
@@ -176,7 +176,7 @@
SMTP Settings
{% if key == 'SMTP_PASSWORD' %}
-
+
{% else %}
{% endif %}
@@ -199,10 +199,10 @@
Jenkins Settings
{% elif key == 'JENKINS_KEY' %}
-
+
{% elif key == 'JENKINS_TOKEN' %}
-
+
{% else %}
@@ -229,10 +229,10 @@
ServiceNOW Settings
{% elif key == 'SNOW_CLIENT_SECRET' %}
-
+
{% elif key == 'SNOW_PASSWORD' %}
-
+
{% else %}
diff --git a/src/vr/vulns/web/findings.py b/src/vr/vulns/web/findings.py
index 8c9938c8..06d44322 100644
--- a/src/vr/vulns/web/findings.py
+++ b/src/vr/vulns/web/findings.py
@@ -25,7 +25,6 @@
import base64
from io import StringIO
from flask import Response
-from config_engine import ENV
from vr.functions.ml_functions import predict_vuln_validity
from vr.vulns.model.cvssbasescoresv3 import CVSSBaseScoresV3
from vr.vulns.model.cvssbasescoresv3extensions import CVSSBaseScoresV3Extensions
@@ -42,7 +41,7 @@
UNAUTH_STATUS = "403.html"
SERVER_ERR_STATUS = "500.html"
VULN_STATUS_IS_NOT_CLOSED = "Vulnerabilities.Status NOT LIKE 'Closed-%' AND Vulnerabilities.Status NOT LIKE 'Open-RiskAccepted-%'"
-test = ENV
+test = app.config['ENV']
if test == 'test':
ISO_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
else:
diff --git a/src/vr/vulns/web/testing.py b/src/vr/vulns/web/testing.py
index 32e604b8..c69f7122 100644
--- a/src/vr/vulns/web/testing.py
+++ b/src/vr/vulns/web/testing.py
@@ -11,8 +11,8 @@
from vr.vulns.model.vulnerabilityscans import VulnerabilityScans, VulnerabilityScansSchema
from vr.functions.table_functions import load_table, update_table
from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
+from vr import app
NAV = {
@@ -115,14 +115,14 @@ def on_demand_testing():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch,
'APP_NAME': app_name
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
return redirect(request.referrer)
From ba8b3dc8fed4570fc4e9877a3cfae8a5e4260632 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:58:31 -0700
Subject: [PATCH 078/197] Update pipeline-config.yaml
---
pipeline-config.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pipeline-config.yaml b/pipeline-config.yaml
index 2a9eb073..d19730b0 100644
--- a/pipeline-config.yaml
+++ b/pipeline-config.yaml
@@ -9,7 +9,7 @@ stages:
branches:
- release
unitTesting:
- enabled: false
+ enabled: true
branches: []
secretScanning:
enabled: false
From 9edb485f6d54f026937b347d8069aa844047bf7f Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 08:04:28 -0700
Subject: [PATCH 079/197] Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
---
pipeline-config.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pipeline-config.yaml b/pipeline-config.yaml
index 2a9eb073..d19730b0 100644
--- a/pipeline-config.yaml
+++ b/pipeline-config.yaml
@@ -9,7 +9,7 @@ stages:
branches:
- release
unitTesting:
- enabled: false
+ enabled: true
branches: []
secretScanning:
enabled: false
From c58a7474a1d466043fe3ab3fc68fcfacf4ffbe2d Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 08:04:54 -0700
Subject: [PATCH 080/197] Release/0.1.0 beta/prod azure (#520)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
---
pipeline-config.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pipeline-config.yaml b/pipeline-config.yaml
index 2a9eb073..d19730b0 100644
--- a/pipeline-config.yaml
+++ b/pipeline-config.yaml
@@ -9,7 +9,7 @@ stages:
branches:
- release
unitTesting:
- enabled: false
+ enabled: true
branches: []
secretScanning:
enabled: false
From 42f91fddcc01ba9cb8c2be4fe8bd6ef1cdd8549a Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 10:30:49 -0700
Subject: [PATCH 081/197] Update __init__.py
---
src/vr/__init__.py | 85 ++++++++++++++++++++++------------------------
1 file changed, 41 insertions(+), 44 deletions(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 2f3ccf73..90fe1b09 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -214,50 +214,47 @@ def connect_to_db():
return cur, db
def getPersistentConfig():
- try:
- cur, db = connect_to_db()
- sql = 'SELECT * FROM AppConfig WHERE 1=1'
- cur.execute(sql)
- row = cur.fetchone()
- if row[2]:
- app.config['APP_EXT_URL'] = row[3]
- app.config['AUTH_TYPE'] = row[4]
- app.config['AZAD_AUTHORITY'] = row[5]
- app.config['AZAD_CLIENT_ID'] = row[6]
- app.config['AZAD_CLIENT_SECRET'] = row[7]
- app.config['AZURE_KEYVAULT_NAME'] = row[8]
- app.config['ENV'] = row[9]
- app.config['INSECURE_OAUTH'] = row[10]
- app.config['JENKINS_ENABLED'] = row[37]
- app.config['JENKINS_HOST'] = row[11]
- app.config['JENKINS_KEY'] = row[12]
- app.config['JENKINS_PROJECT'] = row[13]
- app.config['JENKINS_STAGING_PROJECT'] = row[14]
- app.config['JENKINS_TOKEN'] = row[15]
- app.config['JENKINS_USER'] = row[16]
- app.config['LDAP_BASE_DN'] = row[17]
- app.config['LDAP_BIND_USER_DN'] = row[18]
- app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
- app.config['LDAP_GROUP_DN'] = row[20]
- app.config['LDAP_HOST'] = row[21]
- app.config['LDAP_PORT'] = row[22]
- app.config['LDAP_USER_DN'] = row[23]
- app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
- app.config['LDAP_USER_RDN_ATTR'] = row[25]
- app.config['PROD_DB_URI'] = row[26]
- app.config['SMTP_ADMIN_EMAIL'] = row[27]
- app.config['SMTP_HOST'] = row[28]
- app.config['SMTP_PASSWORD'] = row[29]
- app.config['SMTP_USER'] = row[30]
- app.config['SNOW_ENABLED'] = row[38]
- app.config['SNOW_CLIENT_ID'] = row[31]
- app.config['SNOW_CLIENT_SECRET'] = row[32]
- app.config['SNOW_INSTANCE_NAME'] = row[33]
- app.config['SNOW_PASSWORD'] = row[34]
- app.config['SNOW_USERNAME'] = row[35]
- app.config['VERSION'] = row[36]
- except:
- print('AppConfig Database table is either unreachable or not setup.')
+ cur, db = connect_to_db()
+ sql = 'SELECT * FROM AppConfig WHERE 1=1'
+ cur.execute(sql)
+ row = cur.fetchone()
+ if row[2]:
+ app.config['APP_EXT_URL'] = row[3]
+ app.config['AUTH_TYPE'] = row[4]
+ app.config['AZAD_AUTHORITY'] = row[5]
+ app.config['AZAD_CLIENT_ID'] = row[6]
+ app.config['AZAD_CLIENT_SECRET'] = row[7]
+ app.config['AZURE_KEYVAULT_NAME'] = row[8]
+ app.config['ENV'] = row[9]
+ app.config['INSECURE_OAUTH'] = row[10]
+ app.config['JENKINS_ENABLED'] = row[37]
+ app.config['JENKINS_HOST'] = row[11]
+ app.config['JENKINS_KEY'] = row[12]
+ app.config['JENKINS_PROJECT'] = row[13]
+ app.config['JENKINS_STAGING_PROJECT'] = row[14]
+ app.config['JENKINS_TOKEN'] = row[15]
+ app.config['JENKINS_USER'] = row[16]
+ app.config['LDAP_BASE_DN'] = row[17]
+ app.config['LDAP_BIND_USER_DN'] = row[18]
+ app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+ app.config['LDAP_GROUP_DN'] = row[20]
+ app.config['LDAP_HOST'] = row[21]
+ app.config['LDAP_PORT'] = row[22]
+ app.config['LDAP_USER_DN'] = row[23]
+ app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+ app.config['LDAP_USER_RDN_ATTR'] = row[25]
+ app.config['PROD_DB_URI'] = row[26]
+ app.config['SMTP_ADMIN_EMAIL'] = row[27]
+ app.config['SMTP_HOST'] = row[28]
+ app.config['SMTP_PASSWORD'] = row[29]
+ app.config['SMTP_USER'] = row[30]
+ app.config['SNOW_ENABLED'] = row[38]
+ app.config['SNOW_CLIENT_ID'] = row[31]
+ app.config['SNOW_CLIENT_SECRET'] = row[32]
+ app.config['SNOW_INSTANCE_NAME'] = row[33]
+ app.config['SNOW_PASSWORD'] = row[34]
+ app.config['SNOW_USERNAME'] = row[35]
+ app.config['VERSION'] = row[36]
getPersistentConfig()
From 76926b35975dcf8330a2d17ec2bc87fec6fa4605 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 10:37:27 -0700
Subject: [PATCH 082/197] Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
---
src/vr/__init__.py | 85 ++++++++++++++++++++++------------------------
1 file changed, 41 insertions(+), 44 deletions(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 2f3ccf73..90fe1b09 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -214,50 +214,47 @@ def connect_to_db():
return cur, db
def getPersistentConfig():
- try:
- cur, db = connect_to_db()
- sql = 'SELECT * FROM AppConfig WHERE 1=1'
- cur.execute(sql)
- row = cur.fetchone()
- if row[2]:
- app.config['APP_EXT_URL'] = row[3]
- app.config['AUTH_TYPE'] = row[4]
- app.config['AZAD_AUTHORITY'] = row[5]
- app.config['AZAD_CLIENT_ID'] = row[6]
- app.config['AZAD_CLIENT_SECRET'] = row[7]
- app.config['AZURE_KEYVAULT_NAME'] = row[8]
- app.config['ENV'] = row[9]
- app.config['INSECURE_OAUTH'] = row[10]
- app.config['JENKINS_ENABLED'] = row[37]
- app.config['JENKINS_HOST'] = row[11]
- app.config['JENKINS_KEY'] = row[12]
- app.config['JENKINS_PROJECT'] = row[13]
- app.config['JENKINS_STAGING_PROJECT'] = row[14]
- app.config['JENKINS_TOKEN'] = row[15]
- app.config['JENKINS_USER'] = row[16]
- app.config['LDAP_BASE_DN'] = row[17]
- app.config['LDAP_BIND_USER_DN'] = row[18]
- app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
- app.config['LDAP_GROUP_DN'] = row[20]
- app.config['LDAP_HOST'] = row[21]
- app.config['LDAP_PORT'] = row[22]
- app.config['LDAP_USER_DN'] = row[23]
- app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
- app.config['LDAP_USER_RDN_ATTR'] = row[25]
- app.config['PROD_DB_URI'] = row[26]
- app.config['SMTP_ADMIN_EMAIL'] = row[27]
- app.config['SMTP_HOST'] = row[28]
- app.config['SMTP_PASSWORD'] = row[29]
- app.config['SMTP_USER'] = row[30]
- app.config['SNOW_ENABLED'] = row[38]
- app.config['SNOW_CLIENT_ID'] = row[31]
- app.config['SNOW_CLIENT_SECRET'] = row[32]
- app.config['SNOW_INSTANCE_NAME'] = row[33]
- app.config['SNOW_PASSWORD'] = row[34]
- app.config['SNOW_USERNAME'] = row[35]
- app.config['VERSION'] = row[36]
- except:
- print('AppConfig Database table is either unreachable or not setup.')
+ cur, db = connect_to_db()
+ sql = 'SELECT * FROM AppConfig WHERE 1=1'
+ cur.execute(sql)
+ row = cur.fetchone()
+ if row[2]:
+ app.config['APP_EXT_URL'] = row[3]
+ app.config['AUTH_TYPE'] = row[4]
+ app.config['AZAD_AUTHORITY'] = row[5]
+ app.config['AZAD_CLIENT_ID'] = row[6]
+ app.config['AZAD_CLIENT_SECRET'] = row[7]
+ app.config['AZURE_KEYVAULT_NAME'] = row[8]
+ app.config['ENV'] = row[9]
+ app.config['INSECURE_OAUTH'] = row[10]
+ app.config['JENKINS_ENABLED'] = row[37]
+ app.config['JENKINS_HOST'] = row[11]
+ app.config['JENKINS_KEY'] = row[12]
+ app.config['JENKINS_PROJECT'] = row[13]
+ app.config['JENKINS_STAGING_PROJECT'] = row[14]
+ app.config['JENKINS_TOKEN'] = row[15]
+ app.config['JENKINS_USER'] = row[16]
+ app.config['LDAP_BASE_DN'] = row[17]
+ app.config['LDAP_BIND_USER_DN'] = row[18]
+ app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+ app.config['LDAP_GROUP_DN'] = row[20]
+ app.config['LDAP_HOST'] = row[21]
+ app.config['LDAP_PORT'] = row[22]
+ app.config['LDAP_USER_DN'] = row[23]
+ app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+ app.config['LDAP_USER_RDN_ATTR'] = row[25]
+ app.config['PROD_DB_URI'] = row[26]
+ app.config['SMTP_ADMIN_EMAIL'] = row[27]
+ app.config['SMTP_HOST'] = row[28]
+ app.config['SMTP_PASSWORD'] = row[29]
+ app.config['SMTP_USER'] = row[30]
+ app.config['SNOW_ENABLED'] = row[38]
+ app.config['SNOW_CLIENT_ID'] = row[31]
+ app.config['SNOW_CLIENT_SECRET'] = row[32]
+ app.config['SNOW_INSTANCE_NAME'] = row[33]
+ app.config['SNOW_PASSWORD'] = row[34]
+ app.config['SNOW_USERNAME'] = row[35]
+ app.config['VERSION'] = row[36]
getPersistentConfig()
From 626a225ce24f5f8230894059174b22693027f48e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 10:38:31 -0700
Subject: [PATCH 083/197] Release/0.1.0 beta/prod azure (#522)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
---
src/vr/__init__.py | 85 ++++++++++++++++++++++------------------------
1 file changed, 41 insertions(+), 44 deletions(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 2f3ccf73..90fe1b09 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -214,50 +214,47 @@ def connect_to_db():
return cur, db
def getPersistentConfig():
- try:
- cur, db = connect_to_db()
- sql = 'SELECT * FROM AppConfig WHERE 1=1'
- cur.execute(sql)
- row = cur.fetchone()
- if row[2]:
- app.config['APP_EXT_URL'] = row[3]
- app.config['AUTH_TYPE'] = row[4]
- app.config['AZAD_AUTHORITY'] = row[5]
- app.config['AZAD_CLIENT_ID'] = row[6]
- app.config['AZAD_CLIENT_SECRET'] = row[7]
- app.config['AZURE_KEYVAULT_NAME'] = row[8]
- app.config['ENV'] = row[9]
- app.config['INSECURE_OAUTH'] = row[10]
- app.config['JENKINS_ENABLED'] = row[37]
- app.config['JENKINS_HOST'] = row[11]
- app.config['JENKINS_KEY'] = row[12]
- app.config['JENKINS_PROJECT'] = row[13]
- app.config['JENKINS_STAGING_PROJECT'] = row[14]
- app.config['JENKINS_TOKEN'] = row[15]
- app.config['JENKINS_USER'] = row[16]
- app.config['LDAP_BASE_DN'] = row[17]
- app.config['LDAP_BIND_USER_DN'] = row[18]
- app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
- app.config['LDAP_GROUP_DN'] = row[20]
- app.config['LDAP_HOST'] = row[21]
- app.config['LDAP_PORT'] = row[22]
- app.config['LDAP_USER_DN'] = row[23]
- app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
- app.config['LDAP_USER_RDN_ATTR'] = row[25]
- app.config['PROD_DB_URI'] = row[26]
- app.config['SMTP_ADMIN_EMAIL'] = row[27]
- app.config['SMTP_HOST'] = row[28]
- app.config['SMTP_PASSWORD'] = row[29]
- app.config['SMTP_USER'] = row[30]
- app.config['SNOW_ENABLED'] = row[38]
- app.config['SNOW_CLIENT_ID'] = row[31]
- app.config['SNOW_CLIENT_SECRET'] = row[32]
- app.config['SNOW_INSTANCE_NAME'] = row[33]
- app.config['SNOW_PASSWORD'] = row[34]
- app.config['SNOW_USERNAME'] = row[35]
- app.config['VERSION'] = row[36]
- except:
- print('AppConfig Database table is either unreachable or not setup.')
+ cur, db = connect_to_db()
+ sql = 'SELECT * FROM AppConfig WHERE 1=1'
+ cur.execute(sql)
+ row = cur.fetchone()
+ if row[2]:
+ app.config['APP_EXT_URL'] = row[3]
+ app.config['AUTH_TYPE'] = row[4]
+ app.config['AZAD_AUTHORITY'] = row[5]
+ app.config['AZAD_CLIENT_ID'] = row[6]
+ app.config['AZAD_CLIENT_SECRET'] = row[7]
+ app.config['AZURE_KEYVAULT_NAME'] = row[8]
+ app.config['ENV'] = row[9]
+ app.config['INSECURE_OAUTH'] = row[10]
+ app.config['JENKINS_ENABLED'] = row[37]
+ app.config['JENKINS_HOST'] = row[11]
+ app.config['JENKINS_KEY'] = row[12]
+ app.config['JENKINS_PROJECT'] = row[13]
+ app.config['JENKINS_STAGING_PROJECT'] = row[14]
+ app.config['JENKINS_TOKEN'] = row[15]
+ app.config['JENKINS_USER'] = row[16]
+ app.config['LDAP_BASE_DN'] = row[17]
+ app.config['LDAP_BIND_USER_DN'] = row[18]
+ app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+ app.config['LDAP_GROUP_DN'] = row[20]
+ app.config['LDAP_HOST'] = row[21]
+ app.config['LDAP_PORT'] = row[22]
+ app.config['LDAP_USER_DN'] = row[23]
+ app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+ app.config['LDAP_USER_RDN_ATTR'] = row[25]
+ app.config['PROD_DB_URI'] = row[26]
+ app.config['SMTP_ADMIN_EMAIL'] = row[27]
+ app.config['SMTP_HOST'] = row[28]
+ app.config['SMTP_PASSWORD'] = row[29]
+ app.config['SMTP_USER'] = row[30]
+ app.config['SNOW_ENABLED'] = row[38]
+ app.config['SNOW_CLIENT_ID'] = row[31]
+ app.config['SNOW_CLIENT_SECRET'] = row[32]
+ app.config['SNOW_INSTANCE_NAME'] = row[33]
+ app.config['SNOW_PASSWORD'] = row[34]
+ app.config['SNOW_USERNAME'] = row[35]
+ app.config['VERSION'] = row[36]
getPersistentConfig()
From 89ec1bae8abd87053f176526a1b7e07a73dabbab Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 11:12:34 -0700
Subject: [PATCH 084/197] Update __init__.py
---
src/vr/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 90fe1b09..e184511e 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -218,7 +218,7 @@ def getPersistentConfig():
sql = 'SELECT * FROM AppConfig WHERE 1=1'
cur.execute(sql)
row = cur.fetchone()
- if row[2]:
+ if row and row[2]:
app.config['APP_EXT_URL'] = row[3]
app.config['AUTH_TYPE'] = row[4]
app.config['AZAD_AUTHORITY'] = row[5]
From 7dd90fa11418004ade7ff847c0665f491aa17906 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 11:19:14 -0700
Subject: [PATCH 085/197] Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
---
src/vr/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 90fe1b09..e184511e 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -218,7 +218,7 @@ def getPersistentConfig():
sql = 'SELECT * FROM AppConfig WHERE 1=1'
cur.execute(sql)
row = cur.fetchone()
- if row[2]:
+ if row and row[2]:
app.config['APP_EXT_URL'] = row[3]
app.config['AUTH_TYPE'] = row[4]
app.config['AZAD_AUTHORITY'] = row[5]
From ff3b6970df0f0b0ed3bdd5b01b8e1dbb726e8c87 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 11:20:06 -0700
Subject: [PATCH 086/197] Release/0.1.0 beta/prod azure (#524)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
---
src/vr/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 90fe1b09..e184511e 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -218,7 +218,7 @@ def getPersistentConfig():
sql = 'SELECT * FROM AppConfig WHERE 1=1'
cur.execute(sql)
row = cur.fetchone()
- if row[2]:
+ if row and row[2]:
app.config['APP_EXT_URL'] = row[3]
app.config['AUTH_TYPE'] = row[4]
app.config['AZAD_AUTHORITY'] = row[5]
From 9f3a6d2a4b60d8629c1a5612e6f8fc67ae246a12 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 11:58:20 -0700
Subject: [PATCH 087/197] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0b2e8b2d..f5698ae3 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -219,14 +219,14 @@ def add_new_scan(git_url, branch_name, report_id):
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': stage_str,
'GIT_BRANCH': branch_name,
'REPORT_ID': report_id
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 3422a4fbc0aa6d05356c0add3ba0215a1f7bce38 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:04:13 -0700
Subject: [PATCH 088/197] Feature/jenkins updates (#525)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0b2e8b2d..f5698ae3 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -219,14 +219,14 @@ def add_new_scan(git_url, branch_name, report_id):
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': stage_str,
'GIT_BRANCH': branch_name,
'REPORT_ID': report_id
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From fc0f12b20793afeb6e3047a9d4046c8f8d5de602 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:04:42 -0700
Subject: [PATCH 089/197] Release/0.1.0 beta/prod azure (#526)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Feature/jenkins updates (#525)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0b2e8b2d..f5698ae3 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -219,14 +219,14 @@ def add_new_scan(git_url, branch_name, report_id):
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': stage_str,
'GIT_BRANCH': branch_name,
'REPORT_ID': report_id
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 68b71893ec0b35924933a7f14c79e0e7459ae4fd Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:11:40 -0700
Subject: [PATCH 090/197] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f5698ae3..0e7ca0aa 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -227,7 +227,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- response = jsonify({"Status": resp.status_code}), 200
+ # response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 07cb6a7147d9ab4e50c2e41bd291114b66e6d875 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:19:19 -0700
Subject: [PATCH 091/197] Feature/jenkins updates (#527)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f5698ae3..0e7ca0aa 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -227,7 +227,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- response = jsonify({"Status": resp.status_code}), 200
+ # response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From a2531bb2426b7811bcef69454148440b052b6d94 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:20:27 -0700
Subject: [PATCH 092/197] Release/0.1.0 beta/prod azure (#528)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Feature/jenkins updates (#525)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#527)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f5698ae3..0e7ca0aa 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -227,7 +227,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- response = jsonify({"Status": resp.status_code}), 200
+ # response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 685167e7145fb84729f151311d253651b2630e9f Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:01:12 -0700
Subject: [PATCH 093/197] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0e7ca0aa..f3c40868 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,6 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
+import time
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -46,13 +47,13 @@ def jenkins_webhook():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
else:
response = jsonify({"Status": "Not Applicable"}), 200
@@ -227,6 +228,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
+ time.sleep(10) # sleep for 10 seconds to allow time for response
# response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 7319eb2c4bd8f4e919cee517642f8136adedbd43 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:09:41 -0700
Subject: [PATCH 094/197] Feature/jenkins updates (#529)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0e7ca0aa..f3c40868 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,6 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
+import time
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -46,13 +47,13 @@ def jenkins_webhook():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
else:
response = jsonify({"Status": "Not Applicable"}), 200
@@ -227,6 +228,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
+ time.sleep(10) # sleep for 10 seconds to allow time for response
# response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 098111ccb6e5f9e68c7ad7e75523f8c41358053e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:11:20 -0700
Subject: [PATCH 095/197] Release/0.1.0 beta/prod azure (#530)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Feature/jenkins updates (#525)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#527)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#529)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0e7ca0aa..f3c40868 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,6 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
+import time
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -46,13 +47,13 @@ def jenkins_webhook():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
else:
response = jsonify({"Status": "Not Applicable"}), 200
@@ -227,6 +228,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
+ time.sleep(10) # sleep for 10 seconds to allow time for response
# response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 9f243931220ea066c4c50a368e336844e293fc63 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:40:52 -0700
Subject: [PATCH 096/197] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f3c40868..2411defe 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,7 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
-import time
+import logging
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -213,6 +213,9 @@ def add_application_sla_policy(app_id):
report_statuses = {}
def add_new_scan(git_url, branch_name, report_id):
+ # Configure logging
+ logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
headers = {
@@ -228,10 +231,14 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- time.sleep(10) # sleep for 10 seconds to allow time for response
- # response = jsonify({"Status": resp.status_code}), 200
+ # Log the response details
+ logging.info(f"Request URL: {url}")
+ logging.info(f"Response Status Code: {resp.status_code}")
+ logging.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- print('Processing Error')
+ logging.error('Processing Error: Timeout')
+ except Exception as e:
+ logging.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From e5e42edf41b978824cf6eb94a5c85a9c8dcac411 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:47:29 -0700
Subject: [PATCH 097/197] Feature/jenkins updates (#531)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f3c40868..2411defe 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,7 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
-import time
+import logging
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -213,6 +213,9 @@ def add_application_sla_policy(app_id):
report_statuses = {}
def add_new_scan(git_url, branch_name, report_id):
+ # Configure logging
+ logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
headers = {
@@ -228,10 +231,14 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- time.sleep(10) # sleep for 10 seconds to allow time for response
- # response = jsonify({"Status": resp.status_code}), 200
+ # Log the response details
+ logging.info(f"Request URL: {url}")
+ logging.info(f"Response Status Code: {resp.status_code}")
+ logging.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- print('Processing Error')
+ logging.error('Processing Error: Timeout')
+ except Exception as e:
+ logging.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From ce480bf435b6dae20b44a89cd33aae0726db2d8d Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:50:33 -0700
Subject: [PATCH 098/197] Release/0.1.0 beta/prod azure (#532)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Feature/jenkins updates (#525)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#527)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#529)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#531)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f3c40868..2411defe 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,7 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
-import time
+import logging
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -213,6 +213,9 @@ def add_application_sla_policy(app_id):
report_statuses = {}
def add_new_scan(git_url, branch_name, report_id):
+ # Configure logging
+ logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
headers = {
@@ -228,10 +231,14 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- time.sleep(10) # sleep for 10 seconds to allow time for response
- # response = jsonify({"Status": resp.status_code}), 200
+ # Log the response details
+ logging.info(f"Request URL: {url}")
+ logging.info(f"Response Status Code: {resp.status_code}")
+ logging.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- print('Processing Error')
+ logging.error('Processing Error: Timeout')
+ except Exception as e:
+ logging.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From a843f29df1c55176b2bb5520ca5a70fa1c36a3f4 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 14:49:15 -0700
Subject: [PATCH 099/197] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 2411defe..73a9bd23 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -212,9 +212,21 @@ def add_application_sla_policy(app_id):
# Global dictionary to keep track of report statuses
report_statuses = {}
+# Create a logger object for this module or function
+logger = logging.getLogger('add_new_scan')
+logger.setLevel(logging.INFO) # Set the desired log level
+
+# Create a stream handler to output logs to stdout
+stream_handler = logging.StreamHandler()
+stream_handler.setLevel(logging.INFO)
+
+# Optionally, set a formatter for the handler
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+stream_handler.setFormatter(formatter)
+
+# Add the handler to the logger
+logger.addHandler(stream_handler)
def add_new_scan(git_url, branch_name, report_id):
- # Configure logging
- logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
@@ -232,13 +244,13 @@ def add_new_scan(git_url, branch_name, report_id):
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
# Log the response details
- logging.info(f"Request URL: {url}")
- logging.info(f"Response Status Code: {resp.status_code}")
- logging.info(f"Response Text: {resp.text}")
+ logger.info(f"Request URL: {url}")
+ logger.info(f"Response Status Code: {resp.status_code}")
+ logger.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- logging.error('Processing Error: Timeout')
+ logger.error('Processing Error: Timeout')
except Exception as e:
- logging.error(f'Unexpected error: {str(e)}')
+ logger.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From feebb211ad46b657d52ea0dce0baa1911913f394 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 14:55:56 -0700
Subject: [PATCH 100/197] Feature/jenkins updates (#533)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 2411defe..73a9bd23 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -212,9 +212,21 @@ def add_application_sla_policy(app_id):
# Global dictionary to keep track of report statuses
report_statuses = {}
+# Create a logger object for this module or function
+logger = logging.getLogger('add_new_scan')
+logger.setLevel(logging.INFO) # Set the desired log level
+
+# Create a stream handler to output logs to stdout
+stream_handler = logging.StreamHandler()
+stream_handler.setLevel(logging.INFO)
+
+# Optionally, set a formatter for the handler
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+stream_handler.setFormatter(formatter)
+
+# Add the handler to the logger
+logger.addHandler(stream_handler)
def add_new_scan(git_url, branch_name, report_id):
- # Configure logging
- logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
@@ -232,13 +244,13 @@ def add_new_scan(git_url, branch_name, report_id):
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
# Log the response details
- logging.info(f"Request URL: {url}")
- logging.info(f"Response Status Code: {resp.status_code}")
- logging.info(f"Response Text: {resp.text}")
+ logger.info(f"Request URL: {url}")
+ logger.info(f"Response Status Code: {resp.status_code}")
+ logger.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- logging.error('Processing Error: Timeout')
+ logger.error('Processing Error: Timeout')
except Exception as e:
- logging.error(f'Unexpected error: {str(e)}')
+ logger.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From bb848956b6e69a1ae017f46b143ff168ea263b71 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 14:56:55 -0700
Subject: [PATCH 101/197] Release/0.1.0 beta/prod azure (#534)
* Update pipeline-config.yaml (#440)
* Update tox.ini (#441)
* Feature/fix toxi (#443)
* Update tox.ini
* fix unit test failures
* Feature/fix toxi (#445)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Feature/fix toxi (#447)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* Feature/fix toxi (#449)
* Update tox.ini
* fix unit test failures
* Update web_testing.py
* Update Jenkinsfile
* add dockerImg map for Container scans
* Update Jenkinsfile (#452)
* Feature/jenkinsfile updates (#453)
* Update Jenkinsfile
* added scores and grades api endpoint
* Feature/jenkinsfile updates (#455)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Feature/jenkinsfile updates (#457)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Feature/jenkinsfile updates (#459)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#461)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#463)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#465)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#467)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Feature/jenkinsfile updates (#469)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update values.yaml
* Update values.yaml
* Update Jenkinsfile
* Update values.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#473)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* Feature/jenkinsfile updates (#474)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Feature/jenkinsfile updates (#476)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Feature/jenkinsfile updates (#478)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#481)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* Feature/jenkinsfile updates (#483)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Feature/jenkinsfile updates (#485)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Feature/jenkinsfile updates (#487)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Feature/jenkinsfile updates (#490)
* Update Jenkinsfile
* added scores and grades api endpoint
* Update Jenkinsfile
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update sgglobalthresholds.py
* Update initial_setup.py
* add conditions for jenkins and snow integrations
* add settings for Jenkins
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile
* jenkins testing
* Update vulnerabilities.py
* Update pipeline-config.yaml
* Update Jenkinsfile
* Update pipeline-config.yaml
* Update Jenkinsfile (#493)
* Update security_quality_gate.py (#495)
* Feature/update jenkins config (#497)
* Update security_quality_gate.py
* Update Jenkinsfile
* Feature/update security gate config (#499)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* Feature/update settings function (#501)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* Feature/update release based db settings (#503)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* Feature/update release based db settings (#505)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#507)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Feature/fix db syntax (#509)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Feature/fix syntax error (#511)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#513)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Feature/fix syntax error (#515)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* Feature/fix syntax error (#517)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Feature/jenkins updates (#519)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Feature/jenkins updates (#521)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Feature/jenkins updates (#523)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Feature/jenkins updates (#525)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#527)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#529)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#531)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Feature/jenkins updates (#533)
* Update security_quality_gate.py
* Update Jenkinsfile
* Update security_quality_gate.py
* update settings and groups
* add function for table updates
* updated function for db updates
* Update updates.py
* Update updates.py
* Update updates.py
* Update settings.py
* update to settings update without restart
* Update run.py
* Update pipeline-config.yaml
* Update __init__.py
* Update __init__.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
* Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 2411defe..73a9bd23 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -212,9 +212,21 @@ def add_application_sla_policy(app_id):
# Global dictionary to keep track of report statuses
report_statuses = {}
+# Create a logger object for this module or function
+logger = logging.getLogger('add_new_scan')
+logger.setLevel(logging.INFO) # Set the desired log level
+
+# Create a stream handler to output logs to stdout
+stream_handler = logging.StreamHandler()
+stream_handler.setLevel(logging.INFO)
+
+# Optionally, set a formatter for the handler
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+stream_handler.setFormatter(formatter)
+
+# Add the handler to the logger
+logger.addHandler(stream_handler)
def add_new_scan(git_url, branch_name, report_id):
- # Configure logging
- logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
@@ -232,13 +244,13 @@ def add_new_scan(git_url, branch_name, report_id):
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
# Log the response details
- logging.info(f"Request URL: {url}")
- logging.info(f"Response Status Code: {resp.status_code}")
- logging.info(f"Response Text: {resp.text}")
+ logger.info(f"Request URL: {url}")
+ logger.info(f"Response Status Code: {resp.status_code}")
+ logger.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- logging.error('Processing Error: Timeout')
+ logger.error('Processing Error: Timeout')
except Exception as e:
- logging.error(f'Unexpected error: {str(e)}')
+ logger.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From c3d91bece57ac6eec9eed0418dbac1727ad2de8e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Sat, 23 Mar 2024 08:17:27 -0700
Subject: [PATCH 102/197] add new route for updating application profile
---
.../templates/vulns/application_profile.html | 20 ++++++---
src/vr/vulns/web/testing.py | 41 ++++++++++++++++++-
2 files changed, 54 insertions(+), 7 deletions(-)
diff --git a/src/vr/templates/vulns/application_profile.html b/src/vr/templates/vulns/application_profile.html
index 558b0f04..139c4e67 100644
--- a/src/vr/templates/vulns/application_profile.html
+++ b/src/vr/templates/vulns/application_profile.html
@@ -38,10 +38,6 @@
Application Profile
-
-
-
-
@@ -57,7 +53,18 @@
Update Application Profi
×
-