Generate assets from countermeasures in web app

cairis-platform · Jan 6, 2017 · 8094f14 · 8094f14
1 parent 9be360d
commit 8094f14
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 14 deletions.
diff --git a/cairis/controllers/CountermeasureController.py b/cairis/controllers/CountermeasureController.py
@@ -364,3 +364,49 @@ def get(self, environment):
     dao.close()
 
 
+class GenerateAssetAPI(Resource):
+  # region Swagger Docs
+  @swagger.operation(
+    notes='Generate asset based on countermeasure name',
+    nickname='countermeasure-generate-asset',
+    parameters=[
+      {
+        "name": "session_id",
+        "description": "The ID of the user's session",
+        "required": False,
+        "allowMultiple": False,
+        "dataType": str.__name__,
+        "paramType": "query"
+      }
+    ],
+    responseMessages=[
+      {
+        'code': httplib.BAD_REQUEST,
+        'message': 'One or more attributes are missing'
+      },
+      {
+        'code': httplib.CONFLICT,
+        'message': 'Some problems were found during the name check'
+      },
+      {
+        'code': httplib.CONFLICT,
+        'message': 'A database error has occurred'
+      },
+      {
+        'code': ARMHTTPError.status_code,
+        'message': ARMHTTPError.status
+      }
+    ]
+  )
+  # endregion
+  def post(self, name):
+    session_id = get_session_id(session, request)
+
+    dao = CountermeasureDAO(session_id)
+    dao.generate_asset(name)
+    dao.close()
+
+    resp_dict = {'message': 'Asset successfully generated'}
+    resp = make_response(json_serialize(resp_dict), httplib.OK)
+    resp.headers['Content-type'] = 'application/json'
+    return resp
diff --git a/cairis/core/AssetParametersFactory.py b/cairis/core/AssetParametersFactory.py
@@ -22,28 +22,31 @@
 from Response import Response
 from Borg import Borg
 
-def build(target):
+def build(target,dbProxy = None):
   if target.__class__.__name__ == 'Countermeasure':
-    return buildCMAsset(target)
+    return buildCMAsset(target,dbProxy)
 
-def buildCMAsset(target):
+def buildCMAsset(target,proxy):
   assetName = target.name() + ' CM'
   assetDesc = target.description()
   assetType = target.type()
   shortCode = 'XX'
   significanceText = 'Mitigates risk '
-  b = Borg()
-  proxy = b.dbProxy
+  if (proxy == None):
+    b = Borg()
+    proxy = b.dbProxy
   risks = proxy.mitigatedRisks(target.id())
   significanceText += risks[0]
   assetEnvironmentProperties = []
   for cProps in target.environmentProperties():
     assetEnvironmentProperties.append(AssetEnvironmentProperties(cProps.name(),cProps.properties(),cProps.rationale()))
   return AssetParameters(assetName,shortCode,assetDesc,significanceText,assetType,False,'',target.tags(),[],assetEnvironmentProperties)
 
-def buildFromTemplate(assetName,assetEnvs):
-  b = Borg()
-  taObjt = b.dbProxy.dimensionObject(assetName,'template_asset')
+def buildFromTemplate(assetName,assetEnvs,dbProxy = None):
+  if (dbProxy == None):
+    b = Borg()
+    dbProxy = b.dbProxy
+  taObjt = dbProxy.dimensionObject(assetName,'template_asset')
   assetDesc = taObjt.description()
   assetType = taObjt.type()
   shortCode = taObjt.shortCode()

diff --git a/cairis/daemon/main/views.py b/cairis/daemon/main/views.py
@@ -178,6 +178,7 @@ def get_image(path):
 # Countermeasure routes
 api.add_resource(CountermeasureController.CountermeasuresAPI, '/api/countermeasures',endpoint='countermeasures')
 api.add_resource(CountermeasureController.CountermeasureByNameAPI, '/api/countermeasures/name/<string:name>',endpoint='countermeasure')
+api.add_resource(CountermeasureController.GenerateAssetAPI, '/api/countermeasures/name/<string:name>/generate_asset',endpoint='countermeasure_generate_asset')
 api.add_resource(CountermeasureController.TargetsAPI, '/api/countermeasures/targets/environment/<string:environment>',endpoint='targets')
 api.add_resource(CountermeasureController.CountermeasureTasksAPI, '/api/countermeasures/tasks/environment/<string:environment>',endpoint='countermeasuretasks')
 

diff --git a/cairis/data/CountermeasureDAO.py b/cairis/data/CountermeasureDAO.py
@@ -16,6 +16,7 @@
 #  under the License.
 
 import numpy.core
+import cairis.core.AssetParametersFactory
 from numpy.core.multiarray import array
 from cairis.core.ARM import *
 from cairis.core.CountermeasureEnvironmentProperties import CountermeasureEnvironmentProperties
@@ -220,6 +221,19 @@ def get_countermeasure_tasks(self,roleList,envName):
       self.close()
       raise ARMHTTPError(ex)
 
+  def generate_asset(self,cmName):
+    try:
+      cm = self.get_countermeasure_by_name(cmName, simplify=False)
+      assetId = self.db_proxy.addAsset(cairis.core.AssetParametersFactory.build(cm,self.db_proxy))
+      self.db_proxy.addTrace('countermeasure_asset',cm.id(),assetId)
+    except DatabaseProxyException as ex:
+      self.close()
+      raise ARMHTTPError(ex)
+    except ARMException as ex:
+      self.close()
+      raise ARMHTTPError(ex)
+
+
 
   def from_json(self, request):
     """

diff --git a/cairis/test/test_CountermeasureAPI.py b/cairis/test/test_CountermeasureAPI.py
@@ -109,7 +109,6 @@ def test_post(self):
     self.assertIsNotNone(env_id, 'No countermeasure ID returned')
     self.assertGreater(env_id, 0, 'Invalid countermeasure ID returned [%d]' % env_id)
     self.logger.info('[%s] Countermeasure ID: %d\n', method, env_id)
-
     rv = self.app.delete('/api/countermeasures/name/%s?session_id=test' % quote(self.prepare_new_countermeasure().name()))
 
   def test_target_names(self):
@@ -172,9 +171,24 @@ def test_put(self):
     self.assertIsNotNone(upd_countermeasure, 'Unable to decode JSON data')
     self.logger.debug('[%s] Response data: %s', method, rv.data)
     self.logger.info('[%s] Countermeasure: %s [%d]\n', method, upd_countermeasure['theName'], upd_countermeasure['theId'])
-
     rv = self.app.delete('/api/countermeasures/name/%s?session_id=test' % quote(countermeasure_to_update.theName))
 
+  def test_generate_asset(self):
+    method = 'test_generate_asset'
+    url = '/api/countermeasures/name/' + quote(self.existing_countermeasure_name) + '/generate_asset?session_id=test'
+    self.logger.info('[%s] URL: %s', method, url)
+
+    rv = self.app.post(url, content_type='application/json',data=jsonpickle.encode({'session_id':'test'}))
+    self.assertIsNotNone(rv.data, 'No response')
+    self.logger.debug('[%s] Response data: %s', method, rv.data)
+    json_resp = jsonpickle.decode(rv.data)
+    self.assertIsNotNone(json_resp, 'No results after deserialization')
+    self.assertIsInstance(json_resp, dict)
+    message = json_resp.get('message', None)
+    self.assertIsNotNone(message, 'No message in response')
+    self.logger.info('[%s] Message: %s\n', method, message)
+    self.assertGreater(message.find('successfully generated'), -1, 'Countermeasure asset not generated')
+
   def prepare_new_countermeasure(self):
     new_countermeasure_props = [
       CountermeasureEnvironmentProperties(

diff --git a/cairis/web/dist/js/cairis/countermeasures.js b/cairis/web/dist/js/cairis/countermeasures.js
@@ -53,7 +53,7 @@ function createCountermeasuresTable(){
         textToInsert[i++] = "<tr>";
 
         textToInsert[i++] = '<td class="deleteCountermeasureButton"><i class="fa fa-minus" value="' + key + '"></i></td>';
-        textToInsert[i++] = '<td class="countermeasure-rows" name="theName">';
+        textToInsert[i++] = '<td class="countermeasure-row" name="theName">';
         textToInsert[i++] = key;
         textToInsert[i++] = '</td>';
 
@@ -68,10 +68,20 @@ function createCountermeasuresTable(){
       theTable.css("visibility","visible");
       $.contextMenu('destroy',$('.requirement-rows'));
       $("#reqTable").find("tbody").removeClass();
-
+      $("#reqTable").find("tbody").addClass('countermeasure-rows');
+      $('.countermeasure-rows').contextMenu({
+        selector: 'td',
+        items: {
+          "generateAsset": {
+            name: "Generate Asset",
+            callback: function(key, opt) {
+              generateAsset($(this).closest("tr").find("td").eq(1).html());
+            }
+          }
+        }
+      });
       activeElement("reqTable");
       sortTableByRow(0);
-
     },
     error: function (xhr, textStatus, errorThrown) {
       debugLogger(String(this.url));
@@ -82,7 +92,7 @@ function createCountermeasuresTable(){
 
 
 var mainContent = $("#objectViewer");
-$(document).on('click', "td.countermeasure-rows", function () {
+$(document).on('click', "td.countermeasure-row", function () {
   var cmName = $(this).text();
   viewCountermeasure(cmName);
 });
@@ -882,3 +892,33 @@ function updateCountermeasureTasks(envName,roleList) {
     }
   });
 }
+
+function generateAsset(cmName) {
+  var output = {};
+  output.session_id = $.session.get('sessionID');
+  output = JSON.stringify(output);
+  debugLogger(output);
+
+  $.ajax({
+    type: "POST",
+    dataType: "json",
+    contentType: "application/json",
+    accept: "application/json",
+    crossDomain: true,
+    processData: false,
+    origin: serverIP,
+    data: output,
+    url: serverIP + "/api/countermeasures/name/" + encodeURIComponent(cmName) + "/generate_asset?session_id=" + $.session.get('sessionID'),
+    success: function (data) {
+      showPopup(true);
+    },
+    error: function (xhr, textStatus, errorThrown) {
+      var error = JSON.parse(xhr.responseText);
+      showPopup(false, String(error.message));
+      debugLogger(String(this.url));
+      debugLogger("error: " + xhr.responseText +  ", textstatus: " + textStatus + ", thrown: " + errorThrown);
+    }
+  });
+
+
+}