Define risk metrics AmericanPublicPowerAssociation/asset-tracker-clie…

…nt#97
AmericanPublicPowerAssociation · Sep 12, 2019 · 5530cb5 · 5530cb5
1 parent bac0a15
commit 5530cb5
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 43 deletions.
diff --git a/client/index.js b/client/index.js
@@ -610,22 +610,22 @@ function (_PureComponent7) {
     value: function render() {
       var risks = this.props.risks;
       return _react["default"].createElement(_Table["default"], null, _ref7, _react["default"].createElement(_TableBody["default"], null, risks.map(function (risk, index) {
-        var assetName = risk.get('name');
+        var assetName = risk.get('assetName');
         var meterCount = risk.get('meterCount');
-        var threat = risk.get('threat');
-        var description = risk.get('description');
-        var url = risk.get('url');
-        var date = risk.get('date');
+        var threatScore = risk.get('threatScore');
+        var threatDescription = risk.get('threatDescription');
+        var vulnerabilityUrl = risk.get('vulnerabilityUrl');
+        var vulnerabilityDate = risk.get('vulnerabilityDate');
         return _react["default"].createElement(_TableRow["default"], {
           key: index
         }, _react["default"].createElement(_TableCell["default"], {
           component: "th",
           scope: "row"
-        }, assetName), _react["default"].createElement(_TableCell["default"], null, meterCount), _react["default"].createElement(_TableCell["default"], null, threat), _react["default"].createElement(_TableCell["default"], null, description), _react["default"].createElement(_TableCell["default"], null, _react["default"].createElement("a", {
+        }, assetName), _react["default"].createElement(_TableCell["default"], null, meterCount), _react["default"].createElement(_TableCell["default"], null, threatScore), _react["default"].createElement(_TableCell["default"], null, threatDescription), _react["default"].createElement(_TableCell["default"], null, _react["default"].createElement("a", {
           target: "_blank",
           rel: "noopener noreferrer",
-          href: url
-        }, date)), _ref8, _ref9);
+          href: vulnerabilityUrl
+        }, vulnerabilityDate)), _ref8, _ref9);
       })));
     }
   }]);

diff --git a/client/package.json b/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "asset-report-risks",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Identify potential risks by vendor and product",
   "main": "index.js",
   "scripts": {
@@ -43,7 +43,7 @@
     "@babel/preset-react": "^7.0.0",
     "@typescript-eslint/eslint-plugin": "^2.1.0",
     "@typescript-eslint/parser": "^2.1.0",
-    "babel-eslint": "^10.0.1",
+    "babel-eslint": "^10.0.3",
     "chai": "^4.2.0",
     "eslint": "^6.3.0",
     "eslint-config-react-app": "^5.0.1",
@@ -56,6 +56,6 @@
     "eslint-plugin-react-hooks": "^2.0.1",
     "mocha": "^6.1.4",
     "reify": "^0.20.12",
-    "typescript": "^3.4.5"
+    "typescript": "^3.6.3"
   }
 }
diff --git a/client/src/index.js b/client/src/index.js
@@ -399,21 +399,22 @@ class _RisksWindow extends PureComponent {
         </TableHead>
         <TableBody>
           {risks.map((risk, index) => {
-            const assetName = risk.get('name')
+            const assetName = risk.get('assetName')
             const meterCount = risk.get('meterCount')
-            const threat = risk.get('threat')
-            const description = risk.get('description')
-            const url = risk.get('url')
-            const date = risk.get('date')
+            const threatScore = risk.get('threatScore')
+            const threatDescription = risk.get('threatDescription')
+            const vulnerabilityUrl = risk.get('vulnerabilityUrl')
+            const vulnerabilityDate = risk.get('vulnerabilityDate')
             return (
               <TableRow key={index}>
                 <TableCell component='th' scope='row'>{assetName}</TableCell>
                 <TableCell>{meterCount}</TableCell>
-                <TableCell>{threat}</TableCell>
-                <TableCell>{description}</TableCell>
+                <TableCell>{threatScore}</TableCell>
+                <TableCell>{threatDescription}</TableCell>
                 <TableCell>
+                  {/* !!! USE LINK HERE */}
                   <a target='_blank' rel='noopener noreferrer'
-                    href={url}>{date}</a>
+                    href={vulnerabilityUrl}>{vulnerabilityDate}</a>
                 </TableCell>
                 <TableCell>Untreated</TableCell>
                 <TableCell>

diff --git a/server/CHANGES.md b/server/CHANGES.md
@@ -1 +1,10 @@
+# 0.2
+
+- Added get_risk_metrics_json
+
 # 0.1
+
+- Added get_vendor_names_json
+- Added get_product_names_json
+- Added get_product_versions_json
+- Added get_risks_json
diff --git a/server/asset_report_risks/macros/calculator.py b/server/asset_report_risks/macros/calculator.py
@@ -0,0 +1,5 @@
+def get_percent(partial_count, total_count, zero_value=0):
+    try:
+        return int(100 * partial_count / total_count)
+    except ZeroDivisionError:
+        return zero_value
diff --git a/server/asset_report_risks/routines.py b/server/asset_report_risks/routines.py
@@ -71,22 +71,22 @@ def get_risks(asset_ids):
         'vulnerabilities': 1,
     })
     risks = []
-    for result in results:
-        asset_id = result['id']
-        asset_name = result['name']
-        meter_count = result['meterCount']
-        for vulnerability in result['vulnerabilities']:
-            impact = vulnerability['impact']
-            texts = vulnerability['texts']
+    for r in results:
+        asset_id = r['id']
+        asset_name = r['name']
+        meter_count = r['meterCount']
+        for d in r['vulnerabilities']:
+            impact = d['impact']
+            texts = d['texts']
             risks.append({
                 'assetId': asset_id,
                 'assetName': asset_name,
                 'meterCount': meter_count,
-                'threat': impact * meter_count,
-                'description': '\n'.join(texts),
-                'uri': 'nvd:%s' % vulnerability['id'],
-                'url': vulnerability['url'],
-                'date': vulnerability['date'].strftime('%Y%m%d'),
+                'threatScore': impact * meter_count,
+                'threatDescription': '\n'.join(texts),
+                'vulnerabilityUri': 'nvd:%s' % d['id'],
+                'vulnerabilityUrl': d['url'],
+                'vulnerabilityDate': d['date'].strftime('%Y%m%d'),
             })
     return risks
 

diff --git a/server/asset_report_risks/views.py b/server/asset_report_risks/views.py
@@ -2,6 +2,7 @@
 from collections import defaultdict
 from pyramid.view import view_config
 
+from .macros.calculator import get_percent
 from .routines import (
     get_risks,
     get_similar_product_names,
@@ -85,7 +86,7 @@ def get_risk_metrics_json(request):
         return {}
 
     risks = get_risks(asset_ids)
-    reference_uris = [_['uri'] for _ in risks]
+    reference_uris = [_['vulnerabilityUri'] for _ in risks]
 
     db = request.db
     tasks = db.query(Task).filter(
@@ -96,7 +97,7 @@ def get_risk_metrics_json(request):
 
     open_risks = []
     for risk in risks:
-        uri = risk['uri']
+        uri = risk['vulnerabilityUri']
         if uri in closed_uris:
             continue
         open_risks.append(risk)
@@ -108,20 +109,31 @@ def get_risk_metrics_json(request):
 
     risks_by_uri = defaultdict(list)
     for risk in open_risks:
-        uri = risk['uri']
+        uri = risk['vulnerabilityUri']
         risks_by_uri[uri].append(risk)
-    greatest_threat = 0
+    greatest_threat_score = 0
     greatest_threat_description = None
-    for uri, risks in risks_by_uri.items():
-        threat = sum(_['threat'] for _ in risks)
-        if threat > greatest_threat:
-            greatest_threat = threat
-            greatest_threat_description = risks[0]['description']
+    for uri, uri_risks in risks_by_uri.items():
+        threat_score = sum(_['threatScore'] for _ in uri_risks)
+        if threat_score > greatest_threat_score:
+            greatest_threat_score = threat_score
+            greatest_threat_description = uri_risks[0]['threatDescription']
+
+    aggregated_threat_score = sum(_['threatScore'] for _ in risks)
+    downstream_meter_count = sum(_['meterCount'] for _ in risks)
+    meter_count = db.query(Asset.id).filter(
+        Asset.type_id.startswith('m'),
+        Asset.id.in_(asset_ids),
+    ).count()
 
     return {
         'impacted_asset_count': impacted_asset_count,
-        'impacted_asset_percent': int(
-            100 * impacted_asset_count / asset_count),
+        'impacted_asset_percent': get_percent(
+            impacted_asset_count, asset_count),
         'cyber_vulnerability_count': len(open_risks),
         'greatest_threat_description': greatest_threat_description,
+        'aggregated_threat_score': aggregated_threat_score,
+        'downstream_meter_count': downstream_meter_count,
+        'downstream_meter_percent': get_percent(
+            downstream_meter_count, meter_count),
     }
diff --git a/server/setup.py b/server/setup.py
@@ -24,7 +24,7 @@
 
 setup(
     name='asset-report-risks',
-    version='0.1',
+    version='0.2',
     description='Risks Report for Asset Tracker',
     long_description=DESCRIPTION,
     classifiers=APP_CLASSIFIERS,