bmarsh9
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎WORKER.md
Lines changed: 14 additions & 2 deletions b/‎WORKER.md
Lines changed: 14 additions & 2 deletions
diff --git a/‎app/__init__.py
Lines changed: 7 additions & 2 deletions b/‎app/__init__.py
Lines changed: 7 additions & 2 deletions
diff --git a/‎app/api_v1/views.py
Lines changed: 38 additions & 18 deletions b/‎app/api_v1/views.py
Lines changed: 38 additions & 18 deletions
diff --git a/‎app/integrations/DEVELOPMENT.md
Lines changed: 3 additions & 0 deletions b/‎app/integrations/DEVELOPMENT.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎app/integrations/github/tasks.py
Lines changed: 1 addition & 1 deletion b/‎app/integrations/github/tasks.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/integrations/utils/decorators.py
Lines changed: 9 additions & 3 deletions b/‎app/integrations/utils/decorators.py
Lines changed: 9 additions & 3 deletions
diff --git a/‎app/main/views.py
Lines changed: 9 additions & 0 deletions b/‎app/main/views.py
Lines changed: 9 additions & 0 deletions
@@ -3,6 +3,7 @@ env/*
 migrations
 *pyc
 app/files/reports/*
+app/files/evidence/*
 # C extensions
 *.so
 
 
@@ -51,10 +51,11 @@ from app.models import *
 # create tenant
 user = User.query.get(1)
 tenant = Tenant.create(user, "demo", user.email)
+project = tenant.create_project("sample", user)
 
 # create integration and task
-integration = Integration(name="github", tenant_id=tenant.id)
-integration.add_task(name="get_users", cron="* * * * *")
+integration = project.add_integration(name="github")
+task = integration.add_task(name="get_users", cron="* * * * *")
 
 # create locker
 Locker.add("test","value", tenant.id)
@@ -69,3 +70,14 @@ bg_app.open()
 [print(i) for i in BgHelper().list_jobs()]
 ```
 
+###### Testing task
+
+```
+# create task in the import_path
+python3 manage.py shell
+from app.utils.bg_helper import BgHelper
+BgHelper().test_task("github:get_users")
+
+# open new shell
+INTEGRATION_IMPORT_PATHS="app.integrations.github.tasks" AS_WORKER=yes bash run.sh
+```
@@ -65,9 +65,14 @@ def internal_error(e):
         return render_template("layouts/errors/default.html", title="Internal error"), e.code
 
     @app.errorhandler(exc.SQLAlchemyError)
-    def handle_db_exceptions(error):
-        app.logger.warning("Rolling back database session in app")
+    def handle_db_exceptions(e):
+        error = str(e)
+        app.logger.warning(f"Rolling back database session in app: {error}")
         db.session.rollback()
+        if request.path.startswith("/api/"):
+            return jsonify({"ok":False, "message":error, "code":500}), 500
+        return render_template("layouts/errors/default.html", title="Internal error"), 500
+
 
     def to_pretty_json(value):
         return json.dumps(value, sort_keys=True,
 
@@ -12,6 +12,8 @@
 from app.utils.bg_helper import BgHelper
 from app.utils.reports import Report
 from app.utils.authorizer import Authorizer
+from werkzeug.utils import secure_filename
+import os
 
 
 @api.route('/health', methods=['GET'])
@@ -35,8 +37,7 @@ def set_session(id):
 @login_required
 def delete_tenant(id):
     result = Authorizer(current_user).can_user_admin_tenant(id)
-    db.session.delete(result["extra"]["tenant"])
-    db.session.commit()
+    result["extra"]["tenant"].delete()
     return jsonify({"message": "ok"})
 
 @api.route('/questionnaires/<int:qid>', methods=['GET'])
@@ -252,6 +253,24 @@ def get_comments_for_project(pid):
     data = [comment.as_dict() for comment in result["extra"]["project"].comments.order_by(models.ProjectComment.id.asc()).all()]
     return jsonify(data)
 
+@api.route('/projects/<int:pid>/findings', methods=['GET'])
+@login_required
+def get_findings_for_project(pid):
+    result = Authorizer(current_user).can_user_manage_project(pid)
+    data = [finding.as_dict() for finding in result["extra"]["project"].findings.all()]
+    return jsonify(data)
+
+@api.route('/projects/<int:pid>/integrations', methods=['GET'])
+@login_required
+def get_integrations_for_project(pid):
+    result = Authorizer(current_user).can_user_manage_project(pid)
+    # include all available integrations
+    summary = request.args.get("summary")
+    if summary == "yes":
+        return jsonify(result["extra"]["project"].get_integration_summary())
+    data = [integration.as_dict() for integration in result["extra"]["project"].integrations.all()]
+    return jsonify(data)
+
 @api.route('/projects/<int:pid>/matrix/summary', methods=['GET'])
 @login_required
 def get_resp_matrix_summary_for_project(pid):
@@ -649,33 +668,34 @@ def get_evidence(eid):
 @login_required
 def add_evidence_for_tenant(tid):
     result = Authorizer(current_user).can_user_manage_tenant(tid)
-    payload = request.get_json()
-    evidence = models.Evidence(name=payload["name"],
-        description=payload["description"],
-        content=payload["content"],owner_id=current_user.id,
-        collected_on=payload["collected"] or None)
+    evidence = models.Evidence(name=request.form.get("name"),
+        description=request.form.get("description"),
+        content=request.form.get("content"),owner_id=current_user.id,
+        collected_on=request.form.get("collected") or arrow.utcnow().format("MM/DD/YYYY"))
     result["extra"]["tenant"].evidence.append(evidence)
     db.session.commit()
+    evidence.diff_files_with_checks(request.files.getlist("file"), execute=True)
     return jsonify(evidence.as_dict())
 
 @api.route('/evidence/<int:eid>', methods=['PUT'])
 @login_required
 def update_evidence(eid):
     result = Authorizer(current_user).can_user_manage_evidence(eid)
-    payload = request.get_json()
-    result["extra"]["evidence"].name = payload["name"]
-    result["extra"]["evidence"].description = payload["description"]
-    result["extra"]["evidence"].content = payload["content"]
-    result["extra"]["evidence"].collected_on = payload["collected"]
+    evidence = result["extra"]["evidence"]
+    evidence.name = request.form.get("name")
+    evidence.description = request.form.get("description")
+    evidence.content = request.form.get("content")
+    if request.form.get("collected"):
+        evidence.collected_on = request.form.get("collected")
     db.session.commit()
-    return jsonify(result["extra"]["evidence"].as_dict())
+    evidence.diff_files_with_checks(request.files.getlist("file"), execute=True)
+    return jsonify(evidence.as_dict())
 
 @api.route('/evidence/<int:eid>', methods=['DELETE'])
 @login_required
 def delete_evidence(eid):
     result = Authorizer(current_user).can_user_manage_evidence(eid)
-    db.session.delete(result["extra"]["evidence"])
-    db.session.commit()
+    result["extra"]["evidence"].delete()
     return jsonify({"message": "ok"})
 
 @api.route('/evidence/<int:eid>/controls', methods=['PUT'])
@@ -1192,13 +1212,13 @@ def get_evidence_for_subcontrol(pid, sid):
 @login_required
 def add_evidence_for_subcontrol(pid, sid):
     result = Authorizer(current_user).can_user_manage_project_subcontrol(sid)
-    data = request.get_json()
-    evidence = models.Evidence(name=data["name"],
-        content=data["content"],description=data["description"],
+    evidence = models.Evidence(name=request.form.get("name"),
+        content=request.form.get("content"),description=request.form.get("description"),
         tenant_id=result["extra"]["subcontrol"].p_control.project.tenant_id,
         owner_id=current_user.id)
     result["extra"]["subcontrol"].evidence.append(evidence)
     db.session.commit()
+    evidence.diff_files_with_checks(request.files.getlist("file"), execute=True)
     return jsonify(evidence.as_dict())
 
 @api.route('/projects/<int:pid>/subcontrols/<int:sid>/evidence/<int:eid>', methods=["DELETE"])
 
@@ -30,6 +30,9 @@ task.sort_results(sort="version")
 
 # Get result by specific version
 task.get_result_by_version("1.1.1")
+
+# Add finding
+task.add_finding(title="testing the title2",risk=7,status="in progress")
 ```
 
 
 
@@ -1,7 +1,7 @@
 from app.integrations.utils.decorators import task
 from app.integrations.utils import shared
 from flask import current_app
-from app.models import Finding
+from app.models import Finding, Task
 from app import db
 
 # integration imports
 
@@ -12,9 +12,15 @@ def new_func(*job_args, **job_kwargs):
             add the Task object and the lockers that
             the task has access to
             """
-            task = Task.query.get(job_kwargs["id"])
-            lockers = task.integration.get_lockers()
-            lock = task.get_lock()
+            # testing a task
+            if job_kwargs["id"] == "test":
+                task = None
+                lockers = []
+                lock = "test"
+            else:
+                task = Task.query.get(job_kwargs["id"])
+                lockers = task.integration.get_lockers()
+                lock = task.get_lock()
 
             logging.info(f"Starting task: {lock}")
             result = func(task, lockers, *job_args, **job_kwargs)
 
@@ -63,6 +63,15 @@ def view_framework(name):
 def evidence():
     return render_template("evidence.html")
 
+@main.route('/evidence/<int:eid>/files/<string:name>', methods=['GET'])
+@login_required
+def view_file_for_evidence(eid, name):
+    result = Authorizer(current_user).can_user_read_evidence(eid)
+    if name.lower() not in result["extra"]["evidence"].get_files(basename=True):
+        abort(404)
+    return send_from_directory(directory=result["extra"]["evidence"].tenant.get_evidence_folder(),
+        path=name, as_attachment=True)
+
 @main.route('/policies', methods=['GET'])
 @login_required
 def policies():