nishitkshah
diff --git a/‎app_node_proj/app_node_proj/__init__.py b/‎app_node_proj/app_node_proj/__init__.py
diff --git a/‎app_node_proj/app_node_proj/settings.py
+136 b/‎app_node_proj/app_node_proj/settings.py
+136
diff --git a/‎app_node_proj/app_node_proj/urls.py
+23 b/‎app_node_proj/app_node_proj/urls.py
+23
diff --git a/‎app_node_proj/app_node_proj/wsgi.py
+16 b/‎app_node_proj/app_node_proj/wsgi.py
+16
diff --git a/‎app_node_proj/manage.py
+15 b/‎app_node_proj/manage.py
+15
diff --git a/‎app_node_proj/vm_app/__init__.py b/‎app_node_proj/vm_app/__init__.py
diff --git a/‎app_node_proj/vm_app/admin.py
+3 b/‎app_node_proj/vm_app/admin.py
+3
diff --git a/‎app_node_proj/vm_app/apps.py
+5 b/‎app_node_proj/vm_app/apps.py
+5
diff --git a/‎app_node_proj/vm_app/choices.json
+9 b/‎app_node_proj/vm_app/choices.json
+9
diff --git a/‎app_node_proj/vm_app/migrations/__init__.py b/‎app_node_proj/vm_app/migrations/__init__.py
diff --git a/‎app_node_proj/vm_app/models.py
+49 b/‎app_node_proj/vm_app/models.py
+49
diff --git a/‎app_node_proj/vm_app/serializers.py
+26 b/‎app_node_proj/vm_app/serializers.py
+26
diff --git a/‎app_node_proj/vm_app/tests.py
+3 b/‎app_node_proj/vm_app/tests.py
+3
diff --git a/‎app_node_proj/vm_app/urls.py
+15 b/‎app_node_proj/vm_app/urls.py
+15
diff --git a/‎app_node_proj/vm_app/views.py
+85 b/‎app_node_proj/vm_app/views.py
+85
@@ -0,0 +1,136 @@
+"""
+Django settings for app_node_proj project.
+
+Generated by 'django-admin startproject' using Django 2.0.6.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.0/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/2.0/ref/settings/
+"""
+
+import os
+import mongoengine    # Update
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = '@@1aaaaaaa1aaaa@a@1aaaaaaa@@aaaaaa1a1@11@aa@aaa@aa@'    # Update
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = []
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+    'vm_app',
+    'rest_framework',
+    'rest_framework_mongoengine',
+]
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'app_node_proj.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'app_node_proj.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/2.0/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': '',    # Update
+    }
+}
+
+SESSION_ENGINE = 'mongoengine.django.sessions'    # Update
+_MONGO_USERNAME_ = ''
+_MONGO_PASSWORD_ = ''
+_MONGO_HOST_ = '127.0.0.1'
+_MONGO_PORT_ = '27017'
+_MONGO_DB_ = 'app_node_db'
+_MONGO_HOST_STRING_ = ''
+if _MONGO_USERNAME_:
+    _MONGO_HOST_STRING_ = 'mongodb://%s:%s@%s:%s/%s' % (_MONGO_USERNAME_, _MONGO_PASSWORD_, _MONGO_HOST_, _MONGO_PORT_, _MONGO_DB_)
+else:
+    _MONGO_HOST_STRING_ = 'mongodb://%s:%s/%s' % (_MONGO_HOST_, _MONGO_PORT_, _MONGO_DB_)
+
+mongoengine.connect(host=_MONGO_HOST_STRING_)
+
+# Password validation
+# https://docs.djangoproject.com/en/2.0/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/2.0/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/2.0/howto/static-files/
+
+STATIC_URL = '/static/'
@@ -0,0 +1,23 @@
+"""app_node_proj URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/2.0/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+from django.contrib import admin
+from django.urls import path
+from django.conf.urls import url, include
+
+urlpatterns = [
+    path('admin/', admin.site.urls),
+    url(r'^', include('vm_app.urls')),
+]
@@ -0,0 +1,16 @@
+"""
+WSGI config for app_node_proj project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app_node_proj.settings")
+
+application = get_wsgi_application()
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app_node_proj.settings")
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class VmAppConfig(AppConfig):
+    name = 'vm_app'
@@ -0,0 +1,9 @@
+{
+    "node_type": ["webserver", "dbserver", "router", "firewall"],
+    "node_name_type": ["ipaddress:port", "weburl"],
+    "os": ["Win10", "WinXP", "MacOSX", "Linux", "iOS", "Android", "iOS-router"],
+    "resource_type": ["webpage", "service", "os"],
+    "finding_severity": ["Very High", "High", "Moderate", "Low", "Negligible"],
+    "finding_code_type": ["c code", "py", "perl", "shellcode", "shell script"]
+}
+
@@ -0,0 +1,49 @@
+from mongoengine import *
+from bson.objectid import ObjectId
+import json
+
+CHOICES = None
+with open('vm_app/choices.json', 'r') as choices_file:
+    CHOICES = json.load(choices_file)
+
+class Finding(EmbeddedDocument):
+    finding_id = ObjectIdField(required=True, default=ObjectId, unique=True, primary_key=True)
+    finding_details = StringField()
+    finding_type = StringField(max_length=200)
+    finding_severity = StringField(max_length=200, choices=CHOICES["finding_severity"])
+    finding_score = IntField(required=True)
+    finding_code = StringField()
+    finding_code_type = StringField(max_length=200, choices=CHOICES["finding_code_type"])
+
+class Resource(EmbeddedDocument):
+    resource_id = ObjectIdField(required=True, default=ObjectId, unique=True, primary_key=True)
+    resource = StringField()
+    resource_criticality = IntField()
+    resource_type = StringField(max_length=200, choices=CHOICES["resource_type"])
+    findings = EmbeddedDocumentListField(Finding)
+
+    def risk_score(self):
+        score = 0
+        for finding in self.findings:
+            score += finding.finding_score
+        return self.resource_criticality*score
+
+class SystemDetails(EmbeddedDocument):
+    os = StringField(max_length=200, choices=CHOICES["os"])
+
+class Node(Document):
+    node_name = StringField()
+    node_type = StringField(max_length=200, choices=CHOICES["node_type"])
+    node_name_type = StringField(max_length=200, choices=CHOICES["node_name_type"])
+    node_system_details = EmbeddedDocumentField(SystemDetails)
+    node_resources = EmbeddedDocumentListField(Resource)
+
+    def __str__(self):
+        return self.nodename
+
+    def risk_score(self):
+        score = 0
+        for res in self.node_resources:
+            score += res.risk_score()
+        return score
+
@@ -0,0 +1,26 @@
+from rest_framework_mongoengine import serializers
+from rest_framework import serializers as drf_serializers
+from vm_app.models import Node, Resource, Finding
+
+class NodeSerializer(serializers.DocumentSerializer):
+    class Meta:
+        model = Node
+        fields = ('id', 'node_name', 'node_type', 'node_name_type', 'node_system_details', 'node_resources')
+
+class ResourceSerializer(serializers.EmbeddedDocumentSerializer):
+    class Meta:
+        model = Resource
+        fields = ('resource_id', 'resource', 'resource_criticality', 'resource_type', 'findings')
+
+class FindingSerializer(serializers.EmbeddedDocumentSerializer):
+    class Meta:
+        model = Finding
+        fields = ('finding_id', 'finding_details', 'finding_type', 'finding_severity', 'finding_score', 'finding_code', 'finding_code_type')
+
+class NewFindingRequestSerializer(drf_serializers.Serializer):
+    resource = drf_serializers.CharField()
+    finding_details = drf_serializers.CharField()
+    finding_type = drf_serializers.CharField(max_length=200)
+    finding_code = drf_serializers.CharField()
+    finding_code_type = drf_serializers.CharField(max_length=200)
+
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
@@ -0,0 +1,15 @@
+from django.conf.urls import url
+from rest_framework.urlpatterns import format_suffix_patterns
+from vm_app import views
+
+urlpatterns = [
+    url(r'^node/$', views.NodeList.as_view()),
+    url(r'^node/(?P<id>[a-fA-F0-9]+)/$', views.NodeDetails.as_view()),
+    url(r'^node/add_finding/(?P<id>[a-fA-F0-9]+)/$', views.NodeAddFinding.as_view()),
+    url(r'^node/risk_score/$', views.AllNodesRiskScore.as_view()),
+    url(r'^node/risk_score/(?P<id>[a-fA-F0-9]+)/$', views.NodeRiskScore.as_view()),
+    url(r'^node/risk_score/(?P<id>[a-fA-F0-9]+)/(?P<r_id>[a-fA-F0-9]+)/$', views.ResourceRiskScore.as_view()),
+]
+
+urlpatterns = format_suffix_patterns(urlpatterns)
+
@@ -0,0 +1,85 @@
+from vm_app.models import Node
+from vm_app.serializers import NodeSerializer, ResourceSerializer, FindingSerializer, NewFindingRequestSerializer
+from rest_framework_mongoengine import generics
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from rest_framework import status
+
+class NodeList(generics.ListCreateAPIView):
+    queryset = Node.objects.all()
+    serializer_class = NodeSerializer
+
+class NodeDetails(generics.RetrieveUpdateDestroyAPIView):
+    queryset = Node.objects.all()
+    serializer_class = NodeSerializer
+
+class NodeAddFinding(APIView):
+    def get_object(self, id):
+        return Node.objects.get(pk=id)
+
+    def patch(self, request, id, format=None):
+        node = self.get_object(id)
+        serializer = NewFindingRequestSerializer(data=request.data)
+        if not serializer.is_valid():
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+        req_resource = request.data['resource']
+        finding_data = request.data.copy()
+        del finding_data['resource']
+        serializer = FindingSerializer(data=finding_data)
+        if not serializer.is_valid():
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+        node.node_resources.get(resource=req_resource).findings.create(**finding_data)	#ToDo: Use res_id (objectid) instead
+        node.save()
+        return Response(serializer.data, status=status.HTTP_201_CREATED)
+
+class AllNodesRiskScore(APIView):
+    def get_object(self):
+        return Node.objects
+
+    def get(self, request, format=None):
+        nodes = self.get_object()
+        data = {"nodes": []}
+        for node in nodes:
+            node_data = {}
+            node_data["id"] = str(node.id)
+            node_data["node_name"] = node.node_name
+            node_data["risk_score"] = node.risk_score()
+            data["nodes"].append(node_data)
+        return Response(data, status=status.HTTP_200_OK)
+
+class NodeRiskScore(APIView):
+    def get_object(self, id):
+        return Node.objects.get(pk=id)
+
+    def get(self, request, id, format=None):
+        node = self.get_object(id)
+        data = {}
+        data["id"] = str(node.id)
+        data["node_name"] = node.node_name
+        data["risk_score"] = node.risk_score()
+        data["resources"] = []
+        for resource in node.node_resources:
+            serializer = ResourceSerializer(resource)
+            resource_data = serializer.data
+            del resource_data["findings"]
+            resource_data["risk_score"] = resource.risk_score()
+            data["resources"].append(resource_data)
+        return Response(data, status=status.HTTP_200_OK)
+
+class ResourceRiskScore(APIView):
+    def get_object(self, id, r_id):
+        return Node.objects.get(pk=id).node_resources.get(resource_id=r_id)
+
+    def get(self, request, id, r_id, format=None):
+        res = self.get_object(id, r_id)
+        data = {}
+        data["id"] = id
+        data["resource_id"] = str(res.resource_id)
+        data["risk_score"] = res.risk_score()
+        data["findings"] = []
+        for finding in res.findings:
+            serializer = FindingSerializer(finding)
+            finding_data = serializer.data
+            data["findings"].append(finding_data)
+        return Response(data, status=status.HTTP_200_OK)
+
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+from django.contrib import admin`
	`2`	`+`
	`3`	`+# Register your models here.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+from django.test import TestCase`
	`2`	`+`
	`3`	`+# Create your tests here.`