1
|
|
|
from skf.api.security import log, val_num, val_float |
2
|
|
|
from skf.database.checklists import checklists |
3
|
|
|
from skf.database.checklists_kb import checklists_kb |
4
|
|
|
|
5
|
|
|
|
6
|
|
|
def get_checklist_item(checklist_id, id_checklist): |
7
|
|
|
log("User requested specific checklist item", "LOW", "PASS") |
8
|
|
|
val_float(checklist_id) |
9
|
|
|
val_num(id_checklist) |
10
|
|
|
|
11
|
|
|
# 0 = ASVS |
12
|
|
|
# 1 = MASVS |
13
|
|
|
if (id_checklist == 0): |
14
|
|
|
result = checklists_kb.query.filter((checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID < 400)).one() |
15
|
|
|
else: |
16
|
|
|
result = checklists_kb.query.filter((checklists_kb.checklistID == checklist_id) & (checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).one() |
17
|
|
|
return result |
18
|
|
|
|
19
|
|
|
def get_checklist_items(id_checklist): |
20
|
|
|
log("User requested list of checklist items", "LOW", "PASS") |
21
|
|
|
val_num(id_checklist) |
22
|
|
|
|
23
|
|
|
# 0 = ASVS |
24
|
|
|
# 1 = MASVS |
25
|
|
|
if (id_checklist == 0): |
26
|
|
|
result = checklists_kb.query.filter(checklists_kb.kbID < 400).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
27
|
|
|
else: |
28
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 800)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
29
|
|
|
return order_checklist_items(result, False, 0) |
30
|
|
|
|
31
|
|
|
|
32
|
|
|
def get_checklist_items_lvl(lvl): |
33
|
|
|
log("User requested list of checklist items based on level", "LOW", "PASS") |
34
|
|
|
val_num(lvl) |
35
|
|
|
# ASVS kbID's below 400 |
36
|
|
|
# MASVS kbID's between 400 and 799 |
37
|
|
|
if lvl == 1: # ASVS Level 1 |
38
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID < 400) & checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
39
|
|
|
elif lvl == 2: # ASVS Level 2 |
40
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID < 400) & checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
41
|
|
|
elif lvl == 3: # ASVS Level 3 |
42
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID < 400) & checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 3)).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
43
|
|
|
elif lvl == 4: # MASVS Level 1 |
44
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
45
|
|
|
elif lvl == 5: # MASVS Level 2 |
46
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
47
|
|
|
elif lvl == 6: # MASVS Level R |
48
|
|
|
result = checklists_kb.query.filter((checklists_kb.kbID >= 400) & (checklists_kb.kbID < 1000) & (checklists_kb.checklist_items.has(level = 0) | checklists_kb.checklist_items.has(level = 1) | checklists_kb.checklist_items.has(level = 2) | checklists_kb.checklist_items.has(level = 'R'))).group_by(checklists_kb.checklistID).paginate(1, 1500, False) |
49
|
|
|
return order_checklist_items(result, True, lvl) |
50
|
|
|
|
51
|
|
|
|
52
|
|
|
def order_checklist_items(checklist_items, get_checklist_items_lvl, lvl): |
53
|
|
|
ordered_checklist_items = [] |
54
|
|
|
for item in checklist_items.items: |
55
|
|
|
numbers = item.checklistID.split('.') |
56
|
|
|
category = int(numbers[0]) |
57
|
|
|
category_requirement = int(numbers[1]) |
58
|
|
|
if (len(ordered_checklist_items) == 0): |
59
|
|
|
ordered_checklist_items.append(item) |
60
|
|
|
else: |
61
|
|
|
y = 0 |
62
|
|
|
while y < len(ordered_checklist_items): |
63
|
|
|
numbers_ordered = ordered_checklist_items[y].checklistID.split('.') |
64
|
|
|
category_ordered = int(numbers_ordered[0]) |
65
|
|
|
category_requirement_ordered = int(numbers_ordered[1]) |
66
|
|
|
if (category < category_ordered): |
67
|
|
|
ordered_checklist_items.insert(y, item) |
68
|
|
|
break |
69
|
|
|
else: |
70
|
|
|
if (category == category_ordered): |
71
|
|
|
if (category_requirement < category_requirement_ordered): |
72
|
|
|
ordered_checklist_items.insert(y, item) |
73
|
|
|
break |
74
|
|
|
y = y + 1 |
75
|
|
|
if (y == len(ordered_checklist_items)): |
76
|
|
|
ordered_checklist_items.insert(y, item) |
77
|
|
|
|
78
|
|
|
if (get_checklist_items_lvl): |
79
|
|
|
if (not (lvl == 6)): |
80
|
|
|
i = 0 |
81
|
|
|
previousItemLevel = -1 |
82
|
|
|
orderedWithEmpties = [] |
83
|
|
|
for item in ordered_checklist_items: |
84
|
|
|
if ((item.checklist_items.level == 0 and previousItemLevel == 0) or (item.checklist_items.content == "Resiliency Against Reverse Engineering Requirements" and not (lvl == 6))): |
85
|
|
|
if (item.checklist_items.content == "Resiliency Against Reverse Engineering Requirements"): |
86
|
|
|
orderedWithEmpties.append(item) |
87
|
|
|
previousItemLevel = item.checklist_items.level |
88
|
|
|
checklist_empty = checklists("0.0", "Requirements of Reverse Engineering can be added to form a level " + str(lvl-3) + "+R.", -1, 0) |
89
|
|
|
checklists_kb_empty = checklists_kb("0.0", checklist_empty, 0, None) |
90
|
|
|
orderedWithEmpties.append(checklists_kb_empty) |
91
|
|
|
else: |
92
|
|
|
checklist_empty = checklists("0.0", "No items for this category in this checklist level", -1, 0) |
93
|
|
|
checklists_kb_empty = checklists_kb("0.0", checklist_empty, 0, None) |
94
|
|
|
orderedWithEmpties.append(checklists_kb_empty) |
95
|
|
|
orderedWithEmpties.append(item) |
96
|
|
|
previousItemLevel = item.checklist_items.level |
97
|
|
|
else: |
98
|
|
|
orderedWithEmpties.append(item) |
99
|
|
|
previousItemLevel = item.checklist_items.level |
100
|
|
|
i = i + 1; |
101
|
|
|
checklist_items.items = orderedWithEmpties |
102
|
|
|
else: |
103
|
|
|
orderedWithR6 = [] |
104
|
|
|
checklist_empty = checklists("0.0", "Using Requirements of Reverse Engineering you can form the levels L1+R or L2+R.", -1, 0) |
105
|
|
|
checklists_kb_empty = checklists_kb("0.0", checklist_empty, 0, None) |
106
|
|
|
orderedWithR6.append(checklists_kb_empty) |
107
|
|
|
for item in ordered_checklist_items: |
108
|
|
|
if (item.checklist_items.level == 'R'): |
109
|
|
|
checklist_modified = checklists(item.checklistID, item.checklist_items.content, 6, item.checklist_items.kbID) |
110
|
|
|
modifiedItem = checklists_kb(item.checklistID, checklist_modified, item.kbID, item.kb_items) |
111
|
|
|
orderedWithR6.append(modifiedItem) |
112
|
|
|
else: |
113
|
|
|
orderedWithR6.append(item) |
114
|
|
|
checklist_items.items = orderedWithR6 |
115
|
|
|
return checklist_items |
116
|
|
|
|