This repository has been archived by the owner on Apr 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #14 from in-toto/wizard-beta
Initial PR (complete layout tool)
- Loading branch information
Showing
27 changed files
with
4,158 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
in-toto | ||
node_modules | ||
instance/ | ||
|
||
# Exclude vendor JS file, copy them freshly using: | ||
# `gulp` | ||
static/vendor/* | ||
!static/vendor/.keep | ||
|
||
files/* | ||
!files/.keep | ||
|
||
# Exclude *.css files, compile them freshly using: | ||
# `sass static/scss/main.scss:static/css/main.scss.css` | ||
.sass-cache | ||
static/css/* | ||
!static/css/.keep |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2017 New York University | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# in-toto Layout Creation Wizard | ||
|
||
A Flask-based web app to guide project owners through creating an | ||
*in-toto layout*. | ||
|
||
More information about *in-toto* and *in-toto layouts* can be found at the | ||
project website | ||
[in-toto.io](https://in-toto.io). A beta version of this web app is | ||
deployed at [in-toto.engineering.nyu.edu](https://in-toto.engineering.nyu.edu/) and mockups can be found at | ||
[`editor-and-wizard-wip/mockups`](https://github.com/in-toto/layout-web-tool/blob/editor-and-wizard-wip/mockups/layout-wizard.pdf). | ||
|
||
|
||
### Installation | ||
|
||
**Requirements** | ||
- [Python 2.7 (with development headers)](https://www.python.org) -- | ||
backend | ||
- [npm](https://www.npmjs.com/) -- frontend dependencies | ||
- [Ruby](https://www.ruby-lang.org/en/documentation/installation/) and [SASS](http://sass-lang.com/install) -- CSS preprocessor | ||
- [MongoDB](https://docs.mongodb.com/manual/installation/) -- to persist | ||
user session data (for usage analysis) | ||
|
||
|
||
```shell | ||
# Start `mongod` (if not already running) | ||
# Note: `service` won't be available in the future | ||
sudo service mongod start | ||
|
||
# Install backend (c.f. requirements.txt) | ||
pip install -r requirements.txt | ||
|
||
# Install and vendorize frontend dependencies and compile scss | ||
# c.f. dependencies and scripts in package.json | ||
npm install | ||
``` | ||
|
||
### Deployment | ||
- Add an [instance folder](http://flask.pocoo.org/docs/0.12/config/#instance-folders) with your | ||
deployment configuration, e.g.: | ||
```python | ||
# Example configuration in FLASK_APP_ROOT/instance/config.py | ||
DEBUG = False | ||
SECRET_KEY = '?\xbf,\xb4\x8d\xa3"<\x9c\xb0@\x0f5\xab,w\xee\x8d$0\x13\x8b83' #CHANGE THIS!!!!! | ||
|
||
``` | ||
|
||
- Take a look at `wizard.wsgi` and [these`mod_wsgi` instructions](http://flask.pocoo.org/docs/0.12/deploying/mod_wsgi/) | ||
for further guidance. | ||
|
||
### Development Tips | ||
- Run the development server like this: | ||
```shell | ||
python wizard.py | ||
``` | ||
- Run a `sass` watcher during development to automatically compile css on file change: | ||
```shell | ||
sass --watch static/scss/main.scss:static/css/main.scss.css | ||
``` | ||
- Make extensive use of (e.g. chrome's) browser developer tools, e.g. [map | ||
DevTool files to your local workspace](https://developers.google.com/web/tools/setup/setup-workflow) to live edit `*.scss` and `*.js` files. | ||
|
||
## Acknowledgements | ||
This project is managed by Prof. Justin Cappos and other members of the | ||
[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the | ||
[NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity). |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
# -*- coding: utf-8 -*- | ||
#!/usr/bin/env python | ||
|
||
""" | ||
<Program Name> | ||
create_layout.py | ||
<Author> | ||
Lukas Puehringer <lukas.puehringer@nyu.edu> | ||
<Started> | ||
March 23, 2017 | ||
<Copyright> | ||
See LICENSE for licensing information. | ||
<Purpose> | ||
Creates a basic in-toto layout by reading an ordered list of step link files. | ||
** Infer layout fields: ** | ||
expires: | ||
default value | ||
keys: | ||
FIXME: Keys are currently ignored in this module | ||
steps: | ||
add steps in the order of passed link files | ||
name: | ||
link.name | ||
expected_command: | ||
link.command | ||
threshold: | ||
default value | ||
material_matchrules/product_matchrules: | ||
currently uses simple approach (see below) | ||
FIXME: Should use more complex approach (see ideas below) | ||
inspections: | ||
FIXME Inspections are currently ignored in this module | ||
signatures: | ||
empty (use `in-toto-sign` command line utility) | ||
** Infer step artifact rules (simple approach) ** | ||
** material_matchrules ** | ||
IF no materials were recorded | ||
material_matchrules: [["DISALLOW", "*"]] | ||
ELSE IF materials were recorded and it is the first step | ||
material_matchrules: [["ALLOW", "*"]] | ||
ELSE | ||
material_matchrules: [["MATCH", "*", "WITH", "PRODUCTS", "FROM", <PREVIOUS STEP>] | ||
** product_matchrules ** | ||
IF no products were recorded | ||
product_matchrules: [["DISALLOW", "*"]] | ||
ELSE products were recorded: | ||
product_matchrules: [["ALLOW", "*"]] | ||
** Ideas for more complexity: ** | ||
- explicitly, ALLOW or MATCH files by name instead of "*", e.g.: | ||
material_matchrules = \ | ||
[["ALLOW", material] for material in links[index].materials.keys()] | ||
- for MATCH rules | ||
match only those that already were in the previous step | ||
allow the rest by name | ||
<Usage> | ||
``` | ||
# Create a layout given an ordered list of link file paths | ||
links = [] | ||
for LINK_PATH in LINK_PATHS: | ||
link = in_toto.models.link.Link.read_from_file(LINK_PATH) | ||
links.append(link) | ||
layout = create_layout_from_ordered_links(links) | ||
layout.dump() | ||
``` | ||
""" | ||
import os | ||
import in_toto.models.link | ||
import in_toto.models.layout | ||
|
||
def create_material_matchrules(links, index): | ||
"""Create generic material rules (3 variants) | ||
* No materials recorded -> disallow any artifact | ||
* Materials recorded (first step) -> allow artifacts that existed beforehand | ||
* Materials recorded (latter step) -> match from previous products | ||
Returns a list of material rules | ||
NOTE: Read header docstring for ideas for more complexity. """ | ||
|
||
material_matchrules = [] | ||
|
||
if not links[index].materials: | ||
material_matchrules = [["DISALLOW", "*"]] | ||
|
||
elif index == 0 and links[index].materials: | ||
material_matchrules = [["ALLOW", "*"]] | ||
|
||
else: | ||
material_matchrules = [ | ||
["MATCH", "*", "WITH", "PRODUCTS", "FROM", links[index - 1].name]] | ||
|
||
return material_matchrules | ||
|
||
|
||
def create_product_matchrules(links, index): | ||
"""Create generic material rules (2 variants) | ||
* No products recorded -> disallow any artifact | ||
* Products recorded -> allow all artifacts | ||
Returns a list of product rules | ||
NOTE: Read header docstring for ideas for more complexity. """ | ||
|
||
if not links[index].products: | ||
product_matchrules = [["DISALLOW", "*"]] | ||
|
||
else: | ||
product_matchrules = [["ALLOW", "*"]] | ||
|
||
return product_matchrules | ||
|
||
|
||
def create_layout_from_ordered_links(links): | ||
"""Creates basic in-toto layout from an ordered list of in-toto link objects, | ||
inferring material and product rules from the materials and products of the | ||
passed links. """ | ||
# Create an empty layout | ||
layout = in_toto.models.layout.Layout() | ||
layout.keys = {} | ||
|
||
for index, link in enumerate(links): | ||
step_name = link.name | ||
step = in_toto.models.layout.Step(name=step_name, | ||
material_matchrules=create_material_matchrules(links, index), | ||
product_matchrules=create_product_matchrules(links, index), | ||
expected_command=link.command) | ||
|
||
layout.steps.append(step) | ||
|
||
return layout |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
/***************************************************************** | ||
<File Name> | ||
gulpfile.js | ||
<Author> | ||
Lukas Puehringer <lukas.puehringer@nyu.edu> | ||
<Started> | ||
May 05, 2017 | ||
<Copyright> | ||
See LICENSE for licensing information. | ||
<Purpose> | ||
Front-end build tool used to copy third-party JS scripts to | ||
static/vendor from where the app serves them. | ||
TODO: | ||
Add gulp task for scss (styles) compilation (on change) | ||
Currently this is done with a separate command, i.e. | ||
``` | ||
sass --watch static/scss/main.scss:static/css/main.scss.css | ||
``` | ||
but it would be nice to have all in one place. | ||
<Usage> | ||
``` | ||
# Install front-end dependencies (in same directory) | ||
npm install | ||
# Run default gulp task | ||
gulp | ||
``` | ||
*****************************************************************/ | ||
var gulp = require("gulp"); | ||
|
||
gulp.task("default", function() { | ||
var js = [ | ||
"node_modules/jquery/dist/jquery.js", | ||
"node_modules/bootstrap/dist/js/bootstrap.js", | ||
"node_modules/tether/dist/js/tether.js", | ||
"node_modules/html5sortable/dist/html.sortable.js", | ||
"node_modules/d3/d3.js", | ||
"node_modules/dagre-d3/dist/dagre-d3.js", | ||
"node_modules/dropzone/dist/dropzone.js", | ||
"node_modules/select2/dist/js/select2.js" | ||
]; | ||
js.forEach(function() { | ||
gulp.src(js).pipe(gulp.dest("./static/vendor/")); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"name": "in-toto-layout-tool", | ||
"version": "1.0.0-beta.0", | ||
"scripts": { | ||
"postinstall": "gulp && sass static/scss/main.scss:static/css/main.scss.css" | ||
}, | ||
"dependencies": { | ||
"bootstrap": "4.0.0-alpha.6", | ||
"d3": "^3.5.17", | ||
"dagre-d3": "^0.4.17", | ||
"dropzone": "^4.3.0", | ||
"gulp": "^3.9.1", | ||
"html5sortable": "^0.5.1", | ||
"select2": "^4.0.3" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Flask | ||
Flask-PyMongo | ||
Flask-WTF | ||
-e git://github.com/in-toto/in-toto.git@c39b04cec329bead34232a39742ebda5947633fd#egg=in-toto |
Empty file.
Oops, something went wrong.