Merge pull request #14 from in-toto/wizard-beta

Initial PR (complete layout tool)

.gitignore

@@ -0,0 +1,22 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+in-toto
+node_modules
+instance/
+
+# Exclude vendor JS file, copy them freshly using:
+# `gulp`
+static/vendor/*
+!static/vendor/.keep
+
+files/*
+!files/.keep
+
+# Exclude *.css files, compile them freshly using:
+# `sass static/scss/main.scss:static/css/main.scss.css`
+.sass-cache
+static/css/*
+!static/css/.keep

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 New York University
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,65 @@
+# in-toto Layout Creation Wizard
+
+A Flask-based web app to guide project owners through creating an
+*in-toto layout*.
+
+More information about *in-toto* and *in-toto layouts* can be found at the
+project website
+[in-toto.io](https://in-toto.io). A beta version of this web app is
+deployed at [in-toto.engineering.nyu.edu](https://in-toto.engineering.nyu.edu/) and mockups can be found at
+[`editor-and-wizard-wip/mockups`](https://github.com/in-toto/layout-web-tool/blob/editor-and-wizard-wip/mockups/layout-wizard.pdf).
+
+
+### Installation
+
+**Requirements**
+- [Python 2.7 (with development headers)](https://www.python.org) --
+backend
+- [npm](https://www.npmjs.com/) -- frontend dependencies
+- [Ruby](https://www.ruby-lang.org/en/documentation/installation/) and [SASS](http://sass-lang.com/install) -- CSS preprocessor
+- [MongoDB](https://docs.mongodb.com/manual/installation/) -- to persist
+user session data (for usage analysis)
+
+
+```shell
+# Start `mongod` (if not already running)
+# Note: `service` won't be available in the future
+sudo service mongod start
+
+# Install backend (c.f. requirements.txt)
+pip install -r requirements.txt
+
+# Install and vendorize frontend dependencies and compile scss
+# c.f. dependencies and scripts in package.json
+npm install
+```
+
+### Deployment
+- Add an [instance folder](http://flask.pocoo.org/docs/0.12/config/#instance-folders) with your
+deployment configuration, e.g.:
+```python
+# Example configuration in FLASK_APP_ROOT/instance/config.py
+DEBUG = False
+SECRET_KEY = '?\xbf,\xb4\x8d\xa3"<\x9c\xb0@\x0f5\xab,w\xee\x8d$0\x13\x8b83' #CHANGE THIS!!!!!
+
+```
+
+- Take a look at `wizard.wsgi` and [these`mod_wsgi` instructions](http://flask.pocoo.org/docs/0.12/deploying/mod_wsgi/)
+for further guidance.
+
+### Development Tips
+- Run the development server like this:
+```shell
+python wizard.py
+```
+- Run a `sass` watcher during development to automatically compile css on file change:
+```shell
+sass --watch static/scss/main.scss:static/css/main.scss.css
+```
+- Make extensive use of (e.g. chrome's) browser developer tools, e.g. [map
+DevTool files to your local workspace](https://developers.google.com/web/tools/setup/setup-workflow) to live edit `*.scss` and `*.js` files.
+
+## Acknowledgements
+This project is managed by Prof. Justin Cappos and other members of the
+[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the
+[NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity).

create_layout.py

@@ -0,0 +1,154 @@
+# -*- coding: utf-8 -*-
+#!/usr/bin/env python
+
+"""
+<Program Name>
+  create_layout.py
+
+<Author>
+  Lukas Puehringer <lukas.puehringer@nyu.edu>
+
+<Started>
+  March 23, 2017
+
+<Copyright>
+  See LICENSE for licensing information.
+
+<Purpose>
+  Creates a basic in-toto layout by reading an ordered list of step link files.
+
+  ** Infer layout fields: **
+    expires:
+            default value
+    keys:
+            FIXME: Keys are currently ignored in this module
+    steps:
+            add steps in the order of passed link files
+            name:
+                    link.name
+            expected_command:
+                    link.command
+            threshold:
+                    default value
+            material_matchrules/product_matchrules:
+                    currently uses simple approach (see below)
+                    FIXME: Should use more complex approach (see ideas below)
+            inspections:
+                    FIXME Inspections are currently ignored in this module
+            signatures:
+                    empty (use `in-toto-sign` command line utility)
+
+
+  ** Infer step artifact rules (simple approach) **
+    ** material_matchrules **
+
+      IF no materials were recorded
+        material_matchrules: [["DISALLOW", "*"]]
+
+      ELSE IF materials were recorded and it is the first step
+        material_matchrules: [["ALLOW", "*"]]
+
+      ELSE
+        material_matchrules: [["MATCH", "*", "WITH", "PRODUCTS", "FROM", <PREVIOUS STEP>]
+
+
+    ** product_matchrules **
+
+      IF no products were recorded
+        product_matchrules: [["DISALLOW", "*"]]
+
+      ELSE products were recorded:
+        product_matchrules: [["ALLOW", "*"]]
+
+
+  ** Ideas for more complexity: **
+    - explicitly, ALLOW or MATCH files by name instead of "*", e.g.:
+      material_matchrules = \
+          [["ALLOW", material] for material in links[index].materials.keys()]
+
+    - for MATCH rules
+      match only those that already were in the previous step
+      allow the rest by name
+
+
+  <Usage>
+
+    ```
+    # Create a layout given an ordered list of link file paths
+
+    links = []
+    for LINK_PATH in LINK_PATHS:
+      link = in_toto.models.link.Link.read_from_file(LINK_PATH)
+      links.append(link)
+
+    layout = create_layout_from_ordered_links(links)
+    layout.dump()
+
+    ```
+
+"""
+import os
+import in_toto.models.link
+import in_toto.models.layout
+
+def create_material_matchrules(links, index):
+  """Create generic material rules (3 variants)
+
+  * No materials recorded -> disallow any artifact
+  * Materials recorded (first step) -> allow artifacts that existed beforehand
+  * Materials recorded (latter step) -> match from previous products
+
+  Returns a list of material rules
+  NOTE: Read header docstring for ideas for more complexity.  """
+
+  material_matchrules = []
+
+  if not links[index].materials:
+    material_matchrules = [["DISALLOW", "*"]]
+
+  elif index == 0 and links[index].materials:
+    material_matchrules = [["ALLOW", "*"]]
+
+  else:
+    material_matchrules = [
+        ["MATCH", "*", "WITH", "PRODUCTS", "FROM", links[index - 1].name]]
+
+  return material_matchrules
+
+
+def create_product_matchrules(links, index):
+  """Create generic material rules (2 variants)
+
+  * No products recorded -> disallow any artifact
+  * Products recorded  -> allow all artifacts
+
+  Returns a list of product rules
+  NOTE: Read header docstring for ideas for more complexity.  """
+
+  if not links[index].products:
+    product_matchrules = [["DISALLOW", "*"]]
+
+  else:
+    product_matchrules = [["ALLOW", "*"]]
+
+  return product_matchrules
+
+
+def create_layout_from_ordered_links(links):
+  """Creates basic in-toto layout from an ordered list of in-toto link objects,
+  inferring material and product rules from the materials and products of the
+  passed links. """
+  # Create an empty layout
+  layout = in_toto.models.layout.Layout()
+  layout.keys = {}
+
+  for index, link in enumerate(links):
+    step_name = link.name
+    step = in_toto.models.layout.Step(name=step_name,
+      material_matchrules=create_material_matchrules(links, index),
+      product_matchrules=create_product_matchrules(links, index),
+      expected_command=link.command)
+
+    layout.steps.append(step)
+
+  return layout

gulpfile.js

@@ -0,0 +1,51 @@
+/*****************************************************************
+<File Name>
+  gulpfile.js
+
+<Author>
+  Lukas Puehringer <lukas.puehringer@nyu.edu>
+
+<Started>
+  May 05, 2017
+
+<Copyright>
+  See LICENSE for licensing information.
+
+<Purpose>
+  Front-end build tool used to copy third-party JS scripts to
+  static/vendor from where the app serves them.
+
+  TODO:
+  Add gulp task for scss (styles) compilation (on change)
+  Currently this is done with a separate command, i.e.
+  ```
+  sass --watch static/scss/main.scss:static/css/main.scss.css
+  ```
+  but it would be nice to have all in one place.
+
+<Usage>
+  ```
+  # Install front-end dependencies (in same directory)
+  npm install
+  # Run default gulp task
+  gulp
+  ```
+
+*****************************************************************/
+var gulp = require("gulp");
+
+gulp.task("default", function() {
+  var js = [
+    "node_modules/jquery/dist/jquery.js",
+    "node_modules/bootstrap/dist/js/bootstrap.js",
+    "node_modules/tether/dist/js/tether.js",
+    "node_modules/html5sortable/dist/html.sortable.js",
+    "node_modules/d3/d3.js",
+    "node_modules/dagre-d3/dist/dagre-d3.js",
+    "node_modules/dropzone/dist/dropzone.js",
+    "node_modules/select2/dist/js/select2.js"
+  ];
+  js.forEach(function() {
+    gulp.src(js).pipe(gulp.dest("./static/vendor/"));
+  });
+});

package.json

@@ -0,0 +1,16 @@
+{
+  "name": "in-toto-layout-tool",
+  "version": "1.0.0-beta.0",
+  "scripts": {
+    "postinstall": "gulp && sass static/scss/main.scss:static/css/main.scss.css"
+  },
+  "dependencies": {
+    "bootstrap": "4.0.0-alpha.6",
+    "d3": "^3.5.17",
+    "dagre-d3": "^0.4.17",
+    "dropzone": "^4.3.0",
+    "gulp": "^3.9.1",
+    "html5sortable": "^0.5.1",
+    "select2": "^4.0.3"
+  }
+}

requirements.txt

@@ -0,0 +1,4 @@
+Flask
+Flask-PyMongo
+Flask-WTF
+-e git://github.com/in-toto/in-toto.git@c39b04cec329bead34232a39742ebda5947633fd#egg=in-toto