Trace API

cairis/controllers/TraceController.py

@@ -0,0 +1,169 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+import httplib
+from flask import session, request, make_response
+from flask_restful_swagger import swagger
+from flask_restful import Resource
+from cairis.data.TraceDAO import TraceDAO
+from cairis.tools.JsonConverter import json_serialize
+from cairis.tools.MessageDefinitions import TraceMessage
+from cairis.tools.ModelDefinitions import TraceModel
+from cairis.tools.SessionValidator import get_session_id
+
+__author__ = 'Shamal Faily'
+
+
+class TraceByEnvironmentAPI(Resource):
+  #region Swagger Doc
+  @swagger.operation(
+    notes='Get all traces',
+    responseClass=TraceModel.__name__,
+    nickname='traces-get',
+    parameters=[
+      {
+        "name": "environment_name",
+        "description": "The relevant environment name",
+        "required": True,
+        "allowMultiple": False,
+        "dataType": str.__name__,
+        "paramType": "query"
+      },
+      {
+        "name": "session_id",
+        "description": "The ID of the user's session",
+        "required": False,
+        "allowMultiple": False,
+        "dataType": str.__name__,
+        "paramType": "query"
+      }
+    ],
+    responseMessages=[
+      {
+        "code": httplib.BAD_REQUEST,
+        "message": "The database connection was not properly set up"
+      }
+    ]
+  )
+  #endregion
+  def get(self,environment_name):
+    session_id = get_session_id(session, request)
+
+    dao = TraceDAO(session_id)
+    trs = dao.get_traces(environment_name)
+    dao.close()
+
+    resp = make_response(json_serialize(trs, session_id=session_id))
+    resp.headers['Content-Type'] = "application/json"
+    return resp
+
+
+class TracesAPI(Resource):
+  #region Swagger Doc
+  @swagger.operation(
+    notes='Creates a new trace',
+    nickname='trace-post',
+    parameters=[
+      {
+        "name": "body",
+        "description": "The serialized version of the new trace to be added",
+        "required": True,
+        "allowMultiple": False,
+        "type": TraceMessage.__name__,
+        "paramType": "body"
+      },
+      {
+        "name": "session_id",
+        "description": "The ID of the user's session",
+        "required": False,
+        "allowMultiple": False,
+        "dataType": str.__name__,
+        "paramType": "query"
+      }
+    ],
+    responseMessages=[
+      {
+        'code': httplib.BAD_REQUEST,
+        'message': 'One or more attributes are missing'
+      },
+      {
+        'code': httplib.CONFLICT,
+        'message': 'Some problems were found during the name check'
+      },
+      {
+        'code': httplib.CONFLICT,
+        'message': 'A database error has occurred'
+      }
+    ]
+  )
+  #endregion
+  def post(self):
+    session_id = get_session_id(session, request)
+
+    dao = TraceDAO(session_id)
+    new_tr = dao.from_json(request)
+    dao.add_trace(new_tr)
+    dao.close()
+
+    resp_dict = {'message': 'Trace successfully added'}
+    resp = make_response(json_serialize(resp_dict, session_id=session_id), httplib.OK)
+    resp.contenttype = 'application/json'
+    return resp
+
+
+class TraceByNameAPI(Resource):
+  #region Swagger Doc
+  @swagger.operation(
+    notes='Deletes an existing trace',
+    nickname='trace-by-id-delete',
+    parameters=[
+      {
+        "name": "session_id",
+        "description": "The ID of the user's session",
+        "required": False,
+        "allowMultiple": False,
+        "dataType": str.__name__,
+        "paramType": "query"
+      }
+    ],
+    responseMessages=[
+      {
+        'code': httplib.BAD_REQUEST,
+        'message': 'One or more attributes are missing'
+      },
+      {
+        'code': httplib.CONFLICT,
+        'message': 'Some problems were found during the name check'
+      },
+      {
+        'code': httplib.CONFLICT,
+        'message': 'A database error has occurred'
+      }
+    ]
+  )
+  #endregion
+  def delete(self, from_object,from_name,to_object,to_name):
+    session_id = get_session_id(session, request)
+
+    dao = TraceDAO(session_id)
+    dao.delete_trace(from_object,from_name,to_object,to_name)
+    dao.close()
+
+    resp_dict = {'message': 'Trace successfully deleted'}
+    resp = make_response(json_serialize(resp_dict), httplib.OK)
+    resp.contenttype = 'application/json'
+    return resp

cairis/daemon/main/views.py

@@ -29,7 +29,7 @@
     RequirementController, ResponseController, RiskController, RoleController, TaskController, ThreatController, \
     UploadController, VulnerabilityController, ObstacleController, CountermeasureController, DomainPropertyController, UseCaseController, \
     DependencyController, DocumentationController, FindController, ExternalDocumentController, DocumentReferenceController, \
-    PersonaCharacteristicController, ObjectDependencyController, ArchitecturalPatternController, ValueTypeController, TemplateGoalController, TemplateAssetController,TemplateRequirementController, LocationsController, RiskLevelController
+    PersonaCharacteristicController, ObjectDependencyController, ArchitecturalPatternController, ValueTypeController, TemplateGoalController, TemplateAssetController,TemplateRequirementController, LocationsController, RiskLevelController, TraceController
 from cairis.daemon.main import main, api
 
 __author__ = 'Robin Quetin, Shamal Faily'
@@ -342,6 +342,11 @@ def get_image(path):
 api.add_resource(ThreatController.ThreatTypesAPI, '/api/threats/types',endpoint='threat_types')
 api.add_resource(ThreatController.ThreatTypeByNameAPI, '/api/threats/types/name/<string:name>',endpoint='threat_type')
 
+# Trace routes
+api.add_resource(TraceController.TracesAPI, '/api/traces',endpoint='traces')
+api.add_resource(TraceController.TraceByEnvironmentAPI, '/api/traces/environment/<string:environment_name>',endpoint='traces_environment')
+api.add_resource(TraceController.TraceByNameAPI, '/api/traces/from_type/<string:from_object>/from_name/<string:from_name>/to_type/<string:to_object>/to_name/<string:to_name>',endpoint='traces_name')
+
 # Upload controller
 api.add_resource(UploadController.UploadImageAPI, '/api/upload/image',endpoint='upload')
 

cairis/data/TraceDAO.py

@@ -0,0 +1,90 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+from cairis.core.ARM import *
+from cairis.core.Trace import Trace
+from cairis.daemon.CairisHTTPError import ObjectNotFoundHTTPError, MalformedJSONHTTPError, ARMHTTPError, MissingParameterHTTPError, OverwriteNotAllowedHTTPError
+import cairis.core.armid
+from cairis.data.CairisDAO import CairisDAO
+from cairis.tools.ModelDefinitions import TraceModel
+from cairis.tools.SessionValidator import check_required_keys
+from cairis.tools.JsonConverter import json_serialize, json_deserialize
+
+__author__ = 'Shamal Faily'
+
+
+class TraceDAO(CairisDAO):
+  def __init__(self, session_id):
+    CairisDAO.__init__(self, session_id)
+
+  def get_traces(self,constraint_id):
+    """
+    :rtype: [Trace]
+    :return
+    :raise ARMHTTPError:
+    """
+    try:
+      trs = self.db_proxy.removableTraces(constraint_id)
+    except DatabaseProxyException as ex:
+      self.close()
+      raise ARMHTTPError(ex)
+    except ARMException as ex:
+      self.close()
+      raise ARMHTTPError(ex)
+    return self.simplify(trs)
+
+  def simplify(self,trs):
+    trList = []
+    for tr in trs:
+      trList.append(TraceModel(tr[0],tr[1],tr[2],tr[3]))
+    return trList
+
+  def add_trace(self, tr):
+    try:
+      trace_table = tr.theFromObject + '_' + tr.theToObject
+      fromId = self.db_proxy.getDimensionId(tr.theFromName,tr.theFromObject)
+      toId = self.db_proxy.getDimensionId(tr.theToName,tr.theToObject)
+      self.db_proxy.addTrace(trace_table,fromId,toId)
+    except ARMException as ex:
+      self.close()
+      raise ARMHTTPError(ex)
+
+
+  def delete_trace(self, fromObjt,fromName,toObjt,toName):
+    try:
+      self.db_proxy.deleteTrace(fromObjt,fromName,toObjt,toName)
+    except ARMException as ex:
+      self.close()
+      raise ARMHTTPError(ex)
+
+  def from_json(self, request):
+    json = request.get_json(silent=True)
+    if json is False or json is None:
+      self.close()
+      raise MalformedJSONHTTPError(data=request.get_data())
+
+    json_dict = json['object']
+    check_required_keys(json_dict, TraceModel.required)
+    json_dict['__python_obj__'] = Trace.__module__+'.'+ Trace.__name__
+    tr = json_serialize(json_dict)
+    tr = json_deserialize(tr)
+
+    if isinstance(tr, Trace):
+      return tr
+    else:
+      self.close()
+      raise MalformedJSONHTTPError()

cairis/test/test_TraceAPI.py

@@ -0,0 +1,78 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+import logging
+from urllib import quote
+from StringIO import StringIO
+import os
+import jsonpickle
+from cairis.core.Trace import Trace
+from cairis.test.CairisDaemonTestCase import CairisDaemonTestCase
+from cairis.mio.ModelImport import importModelFile
+from cairis.tools.JsonConverter import json_deserialize
+import os
+
+__author__ = 'Shamal Faily'
+
+class TraceAPITests(CairisDaemonTestCase):
+
+  @classmethod
+  def setUpClass(cls):
+    importModelFile(os.environ['CAIRIS_SRC'] + '/../examples/exemplars/NeuroGrid/NeuroGrid.xml',1,'test')
+
+
+  def setUp(self):
+    self.logger = logging.getLogger(__name__)
+    self.new_tr = Trace(
+      fObjt = 'requirement',
+      fName = 'AC-1',
+      tObjt = 'vulnerability',
+      tName = 'Certificate ubiquity')
+    self.new_tr_dict = {
+      'session_id' : 'test',
+      'object': self.new_tr
+    }
+
+  def test_get_all(self):
+    method = 'test_get_traces'
+    url = '/api/traces/environment/Psychosis?session_id=test'
+    self.logger.info('[%s] URL: %s', method, url)
+    rv = self.app.get(url)
+    trs = jsonpickle.decode(rv.data)
+    self.assertIsNotNone(trs, 'No results after deserialization')
+    self.assertGreater(len(trs), 0, 'No traces in the list')
+    self.logger.info('[%s] Traces found: %d', method, len(trs))
+    self.assertEquals(len(trs),7)
+
+  def test_post(self):
+    method = 'test_post_new'
+    rv = self.app.post('/api/traces', content_type='application/json', data=jsonpickle.encode(self.new_tr_dict))
+    self.logger.debug('[%s] Response data: %s', method, rv.data)
+    json_resp = json_deserialize(rv.data)
+    self.assertIsNotNone(json_resp, 'No results after deserialization')
+    ackMsg = json_resp.get('message', None)
+    self.assertEqual(ackMsg, 'Trace successfully added')
+
+  def test_delete(self):
+    method = 'test_delete'
+    rv = self.app.delete('/api/traces/from_type/requirement/from_name/AC-1/to_type/vulnerability/to_name/Certificate%20ubiquity?session_id=test', content_type='application/json')
+
+    self.logger.debug('[%s] Response data: %s', method, rv.data)
+    json_resp = json_deserialize(rv.data)
+    self.assertIsNotNone(json_resp, 'No results after deserialization')
+    ackMsg = json_resp.get('message', None)
+    self.assertEqual(ackMsg, 'Trace successfully deleted')

cairis/tools/MessageDefinitions.py

@@ -410,6 +410,18 @@ class LocationsMessage(DefaultMessage):
 )
 # endregion
 
+class TraceMessage(DefaultMessage):
+  resource_fields = gen_message_fields(ModelDefinitions.TraceModel)
+  required = DefaultMessage.required
+
+# region Swagger Doc
+@swagger.model
+@swagger.nested(
+  object=ModelDefinitions.TraceModel.__name__,
+)
+# endregion
+
+
 class TemplateRequirementMessage(DefaultMessage):
   resource_fields = gen_message_fields(ModelDefinitions.TemplateRequirementModel)
   required = DefaultMessage.required