gene1wood/scheduler.py.diff

## scheduler.py.diff
--- scheduler-ca556d328280eba6b53df8934a6d63eaf1eb7d86.py	2019-08-16 07:47:49.289601195 -0700
+++ scheduler-bd1b505fef48e69fab6a7e76538bbac8a9149013.py	2019-08-16 07:48:41.593548348 -0700
@@ -1,138 +1,143 @@
 """
-.. module: security_monkey.scheduler
+.. module: moz_security_monkey.scheduler
     :platform: Unix
     :synopsis: Runs watchers, auditors, or reports on demand or on a schedule

 .. version:: $$VERSION$$
 .. moduleauthor:: Patrick Kelley <pkelley@netflix.com> @monkeysecurity

 """

 from apscheduler.threadpool import ThreadPool
 from apscheduler.scheduler import Scheduler

 from security_monkey.datastore import Account
-from security_monkey.monitors import all_monitors, get_monitor
-from security_monkey.reporter import Reporter
+# from security_monkey.monitors import all_monitors, get_monitor
+# from security_monkey.reporter import Reporter
+from moz_security_monkey.monitors import all_monitors, get_monitor
+from moz_security_monkey.reporter import Reporter

 from security_monkey import app, db, handler

 import traceback
 import logging
 from datetime import datetime, timedelta

-
-def __prep_accounts__(accounts):
-    if accounts == 'all':
-        accounts = Account.query.filter(Account.third_party==False).filter(Account.active==True).all()
-        accounts = [account.name for account in accounts]
-        return accounts
-    else:
-        return accounts.split(',')
-
+from security_monkey.scheduler import __prep_accounts__
+from security_monkey.scheduler import _find_changes
+# from security_monkey.scheduler import _audit_changes
+from security_monkey.scheduler import pool
+from security_monkey.scheduler import scheduler
+from moz_security_monkey.common.utils.utils import publish_to_mozdef

 def __prep_monitor_names__(monitor_names):
     if monitor_names == 'all':
         return [monitor.index for monitor in all_monitors()]
     else:
         return monitor_names.split(',')

-
 def run_change_reporter(accounts, interval=None):
     """ Runs Reporter """
     accounts = __prep_accounts__(accounts)
     reporter = Reporter(accounts=accounts, alert_accounts=accounts, debug=True)
     for account in accounts:
         reporter.run(account, interval)

-
 def find_changes(accounts, monitor_names, debug=True):
     monitor_names = __prep_monitor_names__(monitor_names)
     for monitor_name in monitor_names:
         monitor = get_monitor(monitor_name)
         _find_changes(accounts, monitor, debug)

-
 def audit_changes(accounts, monitor_names, send_report, debug=True):
     monitor_names = __prep_monitor_names__(monitor_names)
     accounts = __prep_accounts__(accounts)
     auditors = []
     for monitor_name in monitor_names:
         monitor = get_monitor(monitor_name)
         if monitor.has_auditor():
             auditors.append(monitor.auditor_class(accounts=accounts, debug=True))
     if auditors:
         _audit_changes(accounts, auditors, send_report, debug)

-
-def _find_changes(accounts, monitor, debug=True):
-    """ Runs a watcher and auditor on changed items """
-    accounts = __prep_accounts__(accounts)
-    cw = monitor.watcher_class(accounts=accounts, debug=True)
-    (items, exception_map) = cw.slurp()
-    cw.find_changes(current=items, exception_map=exception_map)
-
-    # Audit these changed items
-    if monitor.has_auditor():
-        items_to_audit = [item for item in cw.created_items + cw.changed_items]
-
-        au = monitor.auditor_class(accounts=accounts, debug=True)
-        au.audit_these_objects(items_to_audit)
-        au.save_issues()
-
-    cw.save()
-    db.session.close()
-
-
 def _audit_changes(accounts, auditors, send_report, debug=True):
     """ Runs auditors on all items """
     for au in auditors:
         au.audit_all_objects()
         if send_report:
-            report = au.create_report()
-            au.email_report(report)
-        au.save_issues()

+            for item in au.items:
+                item.totalscore = 0
+                for issue in item.audit_issues:
+                    item.totalscore = item.totalscore + issue.score
+            sorted_list = sorted(au.items, key=lambda item: item.totalscore)
+            sorted_list.reverse()
+            report_list = []
+            for item in sorted_list:
+                if item.totalscore > 0:
+                    report_list.append(item)
+                else:
+                    break
+            if len(report_list) > 0:
+                subject = "Security Monkey {} Auditor Report".format(
+                    au.i_am_singular)
+                audit_report = [
+                    {'account': item.account,
+                     'region': item.region,
+                     'index': item.index,
+                     'name': item.name,
+                     'totalscore': item.totalscore,
+                     'audit_issues': [
+                         {'score': issue.score,
+                          'issue': issue.issue,
+                          'notes': issue.notes,
+                          'justification': {
+                              'justified': issue.justified,
+                              'user_name': (issue.user.name
+                                            if issue.user is not None
+                                            else None),
+                              'user_email': (issue.user.email
+                                             if issue.user is not None
+                                             else None),
+                              'date': issue.justified_date,
+                              'justification': issue.justification}}
+                         for issue in item.audit_issues]}
+                    for item in report_list]
+                result = publish_to_mozdef(
+                    summary=subject,
+                    details={'subject': subject,
+                             'audit_report': audit_report})
+                app.logger.info(
+                    "Auditor report published to MozDef with {} "
+                    "entries.".format(len(report_list)))
+        au.save_issues()
     db.session.close()


-pool = ThreadPool(
-    core_threads=app.config.get('CORE_THREADS', 25),
-    max_threads=app.config.get('MAX_THREADS', 30),
-    keepalive=0
-)
-scheduler = Scheduler(
-    standalone=True,
-    threadpool=pool,
-    coalesce=True,
-    misfire_grace_time=30
-)
-
-
 def setup_scheduler():
     """Sets up the APScheduler"""
     log = logging.getLogger('apscheduler')
     log.setLevel(app.config.get('LOG_LEVEL'))
     log.addHandler(handler)

     try:
         accounts = Account.query.filter(Account.third_party==False).filter(Account.active==True).all()
         accounts = [account.name for account in accounts]
         for account in accounts:
             print "Scheduler adding account {}".format(account)
             rep = Reporter(accounts=[account])
             for period in rep.get_intervals(account):
                 scheduler.add_interval_job(
                     run_change_reporter,
                     minutes=period,
                     start_date=datetime.now()+timedelta(seconds=2),
                     args=[account, period]
                 )
             auditors = [a for (_, a) in rep.get_watchauditors(account) if a]
             if auditors:
                 scheduler.add_cron_job(_audit_changes, hour=10, day_of_week="mon-fri", args=[account, auditors, True])

     except Exception as e:
         app.logger.warn("Scheduler Exception: {}".format(e))
         app.logger.warn(traceback.format_exc())
	--- scheduler-ca556d328280eba6b53df8934a6d63eaf1eb7d86.py 2019-08-16 07:47:49.289601195 -0700
	+++ scheduler-bd1b505fef48e69fab6a7e76538bbac8a9149013.py 2019-08-16 07:48:41.593548348 -0700
	@@ -1,138 +1,143 @@
	"""
	-.. module: security_monkey.scheduler
	+.. module: moz_security_monkey.scheduler
	:platform: Unix
	:synopsis: Runs watchers, auditors, or reports on demand or on a schedule

	.. version:: $$VERSION$$
	.. moduleauthor:: Patrick Kelley <pkelley@netflix.com> @monkeysecurity

	"""

	from apscheduler.threadpool import ThreadPool
	from apscheduler.scheduler import Scheduler

	from security_monkey.datastore import Account
	-from security_monkey.monitors import all_monitors, get_monitor
	-from security_monkey.reporter import Reporter
	+# from security_monkey.monitors import all_monitors, get_monitor
	+# from security_monkey.reporter import Reporter
	+from moz_security_monkey.monitors import all_monitors, get_monitor
	+from moz_security_monkey.reporter import Reporter

	from security_monkey import app, db, handler

	import traceback
	import logging
	from datetime import datetime, timedelta

	-
	-def __prep_accounts__(accounts):
	- if accounts == 'all':
	- accounts = Account.query.filter(Account.third_party==False).filter(Account.active==True).all()
	- accounts = [account.name for account in accounts]
	- return accounts
	- else:
	- return accounts.split(',')
	-
	+from security_monkey.scheduler import __prep_accounts__
	+from security_monkey.scheduler import _find_changes
	+# from security_monkey.scheduler import _audit_changes
	+from security_monkey.scheduler import pool
	+from security_monkey.scheduler import scheduler
	+from moz_security_monkey.common.utils.utils import publish_to_mozdef

	def __prep_monitor_names__(monitor_names):
	if monitor_names == 'all':
	return [monitor.index for monitor in all_monitors()]
	else:
	return monitor_names.split(',')

	-
	def run_change_reporter(accounts, interval=None):
	""" Runs Reporter """
	accounts = __prep_accounts__(accounts)
	reporter = Reporter(accounts=accounts, alert_accounts=accounts, debug=True)
	for account in accounts:
	reporter.run(account, interval)

	-
	def find_changes(accounts, monitor_names, debug=True):
	monitor_names = __prep_monitor_names__(monitor_names)
	for monitor_name in monitor_names:
	monitor = get_monitor(monitor_name)
	_find_changes(accounts, monitor, debug)

	-
	def audit_changes(accounts, monitor_names, send_report, debug=True):
	monitor_names = __prep_monitor_names__(monitor_names)
	accounts = __prep_accounts__(accounts)
	auditors = []
	for monitor_name in monitor_names:
	monitor = get_monitor(monitor_name)
	if monitor.has_auditor():
	auditors.append(monitor.auditor_class(accounts=accounts, debug=True))
	if auditors:
	_audit_changes(accounts, auditors, send_report, debug)

	-
	-def _find_changes(accounts, monitor, debug=True):
	- """ Runs a watcher and auditor on changed items """
	- accounts = __prep_accounts__(accounts)
	- cw = monitor.watcher_class(accounts=accounts, debug=True)
	- (items, exception_map) = cw.slurp()
	- cw.find_changes(current=items, exception_map=exception_map)
	-
	- # Audit these changed items
	- if monitor.has_auditor():
	- items_to_audit = [item for item in cw.created_items + cw.changed_items]
	-
	- au = monitor.auditor_class(accounts=accounts, debug=True)
	- au.audit_these_objects(items_to_audit)
	- au.save_issues()
	-
	- cw.save()
	- db.session.close()
	-
	-
	def _audit_changes(accounts, auditors, send_report, debug=True):
	""" Runs auditors on all items """
	for au in auditors:
	au.audit_all_objects()
	if send_report:
	- report = au.create_report()
	- au.email_report(report)
	- au.save_issues()

	+ for item in au.items:
	+ item.totalscore = 0
	+ for issue in item.audit_issues:
	+ item.totalscore = item.totalscore + issue.score
	+ sorted_list = sorted(au.items, key=lambda item: item.totalscore)
	+ sorted_list.reverse()
	+ report_list = []
	+ for item in sorted_list:
	+ if item.totalscore > 0:
	+ report_list.append(item)
	+ else:
	+ break
	+ if len(report_list) > 0:
	+ subject = "Security Monkey {} Auditor Report".format(
	+ au.i_am_singular)
	+ audit_report = [
	+ {'account': item.account,
	+ 'region': item.region,
	+ 'index': item.index,
	+ 'name': item.name,
	+ 'totalscore': item.totalscore,
	+ 'audit_issues': [
	+ {'score': issue.score,
	+ 'issue': issue.issue,
	+ 'notes': issue.notes,
	+ 'justification': {
	+ 'justified': issue.justified,
	+ 'user_name': (issue.user.name
	+ if issue.user is not None
	+ else None),
	+ 'user_email': (issue.user.email
	+ if issue.user is not None
	+ else None),
	+ 'date': issue.justified_date,
	+ 'justification': issue.justification}}
	+ for issue in item.audit_issues]}
	+ for item in report_list]
	+ result = publish_to_mozdef(
	+ summary=subject,
	+ details={'subject': subject,
	+ 'audit_report': audit_report})
	+ app.logger.info(
	+ "Auditor report published to MozDef with {} "
	+ "entries.".format(len(report_list)))
	+ au.save_issues()
	db.session.close()


	-pool = ThreadPool(
	- core_threads=app.config.get('CORE_THREADS', 25),
	- max_threads=app.config.get('MAX_THREADS', 30),
	- keepalive=0
	-)
	-scheduler = Scheduler(
	- standalone=True,
	- threadpool=pool,
	- coalesce=True,
	- misfire_grace_time=30
	-)
	-
	-
	def setup_scheduler():
	"""Sets up the APScheduler"""
	log = logging.getLogger('apscheduler')
	log.setLevel(app.config.get('LOG_LEVEL'))
	log.addHandler(handler)

	try:
	accounts = Account.query.filter(Account.third_party==False).filter(Account.active==True).all()
	accounts = [account.name for account in accounts]
	for account in accounts:
	print "Scheduler adding account {}".format(account)
	rep = Reporter(accounts=[account])
	for period in rep.get_intervals(account):
	scheduler.add_interval_job(
	run_change_reporter,
	minutes=period,
	start_date=datetime.now()+timedelta(seconds=2),
	args=[account, period]
	)
	auditors = [a for (_, a) in rep.get_watchauditors(account) if a]
	if auditors:
	scheduler.add_cron_job(_audit_changes, hour=10, day_of_week="mon-fri", args=[account, auditors, True])

	except Exception as e:
	app.logger.warn("Scheduler Exception: {}".format(e))
	app.logger.warn(traceback.format_exc())