Hash primary keys on dump

intuitem · Jan 15, 2025 · 86124c8 · 86124c8
1 parent 573cea3
commit 86124c8
Show file tree

Hide file tree

Showing 5 changed files with 125 additions and 12 deletions.
diff --git a/backend/core/serializer_fields.py b/backend/core/serializer_fields.py
@@ -1,10 +1,26 @@
+from hashlib import sha256
 from typing import Any
+
 from django.db import models
 from rest_framework import serializers
 
 from iam.models import Folder
 
 
+class HashSlugRelatedField(serializers.SlugRelatedField):
+    """
+    A custom SlugRelatedField that hashes the slug value during serialization.
+    """
+
+    def to_representation(self, obj):
+        # Get the original slug value
+        value = super().to_representation(obj)
+        if value is None:
+            return None
+        # Hash the value
+        return sha256(str(value).encode()).hexdigest()[:12]
+
+
 class FieldsRelatedField(serializers.RelatedField):
     """
     Serializer relational field that represents the target of the relationship by a

diff --git a/backend/core/serializers.py b/backend/core/serializers.py
@@ -7,7 +7,7 @@
 
 from ciso_assistant.settings import EMAIL_HOST, EMAIL_HOST_RESCUE
 from core.models import *
-from core.serializer_fields import FieldsRelatedField
+from core.serializer_fields import FieldsRelatedField, HashSlugRelatedField
 from ebios_rm.models import EbiosRMStudy
 from iam.models import *
 
@@ -57,7 +57,8 @@ def _get_serializer_class(self, serializer_name: str):
 class BaseModelSerializer(serializers.ModelSerializer):
     def update(self, instance: models.Model, validated_data: Any) -> models.Model:
         if hasattr(instance, "urn") and getattr(instance, "urn"):
-            raise PermissionDenied({"urn": "Imported objects cannot be modified"})
+            raise PermissionDenied(
+                {"urn": "Imported objects cannot be modified"})
         try:
             object_updated = super().update(instance, validated_data)
             return object_updated
@@ -170,6 +171,10 @@ class Meta:
 
 
 class VulnerabilityImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    applied_controls = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
+
     class Meta:
         model = Vulnerability
         fields = [
@@ -218,6 +223,8 @@ class Meta:
 
 
 class ProjectImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = Project
         fields = [
@@ -247,8 +254,10 @@ class RiskAssessmentReadSerializer(AssessmentReadSerializer):
     str = serializers.CharField(source="__str__")
     project = FieldsRelatedField(["id", "folder"])
     folder = FieldsRelatedField()
-    risk_scenarios = FieldsRelatedField(many=True, fields=["id", "name", "ref_id"])
-    risk_scenarios_count = serializers.IntegerField(source="risk_scenarios.count")
+    risk_scenarios = FieldsRelatedField(
+        many=True, fields=["id", "name", "ref_id"])
+    risk_scenarios_count = serializers.IntegerField(
+        source="risk_scenarios.count")
     risk_matrix = FieldsRelatedField()
     ebios_rm_study = FieldsRelatedField(["id", "name"])
 
@@ -258,7 +267,12 @@ class Meta:
 
 
 class RiskAssessmentImportExportSerializer(BaseModelSerializer):
-    risk_matrix = serializers.SlugRelatedField(slug_field="urn", read_only=True)
+    risk_matrix = serializers.SlugRelatedField(
+        slug_field="urn", read_only=True)
+
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    project = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
 
     class Meta:
         model = RiskAssessment
@@ -323,6 +337,10 @@ class AssetReadSerializer(AssetWriteSerializer):
 
 
 class AssetImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    parent_assets = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
+
     class Meta:
         model = Asset
         fields = [
@@ -358,6 +376,8 @@ class Meta:
 class ReferenceControlImportExportSerializer(BaseModelSerializer):
     library = serializers.SlugRelatedField(slug_field="urn", read_only=True)
 
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = ReferenceControl
         fields = [
@@ -411,6 +431,8 @@ class Meta:
 class ThreatImportExportSerializer(BaseModelSerializer):
     library = serializers.SlugRelatedField(slug_field="urn", read_only=True)
 
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = Threat
         fields = [
@@ -459,7 +481,8 @@ class RiskScenarioReadSerializer(RiskScenarioWriteSerializer):
     residual_impact = serializers.JSONField(source="get_residual_impact")
     residual_level = serializers.JSONField(source="get_residual_risk")
 
-    strength_of_knowledge = serializers.JSONField(source="get_strength_of_knowledge")
+    strength_of_knowledge = serializers.JSONField(
+        source="get_strength_of_knowledge")
 
     applied_controls = FieldsRelatedField(many=True)
     existing_applied_controls = FieldsRelatedField(many=True)
@@ -471,7 +494,17 @@ class RiskScenarioImportExportSerializer(BaseModelSerializer):
     qualifications = serializers.SlugRelatedField(
         slug_field="urn", many=True, read_only=True
     )
-    threats = serializers.SlugRelatedField(slug_field="urn", many=True, read_only=True)
+
+    threats = HashSlugRelatedField(slug_field="pk", many=True, read_only=True)
+    risk_assessment = HashSlugRelatedField(slug_field="pk", read_only=True)
+    vulnerabilities = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
+    assets = HashSlugRelatedField(slug_field="pk", read_only=True, many=True)
+    existing_applied_controls = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True
+    )
+    applied_controls = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
 
     class Meta:
         model = RiskScenario
@@ -533,7 +566,10 @@ class Meta:
 
 
 class AppliedControlImportExportSerializer(BaseModelSerializer):
-    reference_control = serializers.SlugRelatedField(slug_field="urn", read_only=True)
+    reference_control = HashSlugRelatedField(slug_field="pk", read_only=True)
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    evidences = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
 
     class Meta:
         model = AppliedControl
@@ -716,9 +752,12 @@ class Meta:
 
 
 class FolderImportExportSerializer(BaseModelSerializer):
+    parent_folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = Folder
         fields = [
+            "parent_folder",
             "name",
             "description",
             "content_type",
@@ -808,6 +847,8 @@ class Meta:
 
 
 class EvidenceImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = Evidence
         fields = [
@@ -880,6 +921,9 @@ class Meta:
 class ComplianceAssessmentImportExportSerializer(BaseModelSerializer):
     framework = serializers.SlugRelatedField(slug_field="urn", read_only=True)
 
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    project = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = ComplianceAssessment
         fields = [
@@ -982,7 +1026,16 @@ class Meta:
 
 
 class RequirementAssessmentImportExportSerializer(BaseModelSerializer):
-    requirement = serializers.SlugRelatedField(slug_field="urn", read_only=True)
+    requirement = serializers.SlugRelatedField(
+        slug_field="urn", read_only=True)
+
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    compliance_assessment = HashSlugRelatedField(
+        slug_field="pk", read_only=True)
+    evidences = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
+    applied_controls = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True)
 
     class Meta:
         model = RequirementAssessment

diff --git a/backend/ebios_rm/serializers.py b/backend/ebios_rm/serializers.py
@@ -1,7 +1,7 @@
 from core.serializers import (
     BaseModelSerializer,
-    FieldsRelatedField,
 )
+from core.serializer_fields import FieldsRelatedField, HashSlugRelatedField
 from core.models import RiskMatrix
 from .models import (
     EbiosRMStudy,
@@ -50,6 +50,15 @@ class Meta:
 
 
 class EbiosRMStudyImportExportSerializer(BaseModelSerializer):
+    risk_matrix = serializers.SlugRelatedField(slug_field="urn", read_only=True)
+
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    assets = HashSlugRelatedField(slug_field="pk", read_only=True, many=True)
+    compliance_assessments = HashSlugRelatedField(
+        slug_field="pk", read_only=True, many=True
+    )
+    reference_entity = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = EbiosRMStudy
         fields = [
@@ -91,6 +100,14 @@ class Meta:
 
 
 class FearedEventImportExportSerializer(BaseModelSerializer):
+    qualifications = serializers.SlugRelatedField(
+        slug_field="urn", many=True, read_only=True
+    )
+
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
+    assets = HashSlugRelatedField(slug_field="pk", read_only=True, many=True)
+
     class Meta:
         model = FearedEvent
         fields = [
@@ -132,6 +149,10 @@ class Meta:
 
 
 class RoToImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
+    feared_events = HashSlugRelatedField(slug_field="pk", many=True, read_only=True)
+
     class Meta:
         model = RoTo
         fields = [
@@ -187,6 +208,11 @@ class Meta:
 
 
 class StakeholderImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
+    entity = HashSlugRelatedField(slug_field="pk", read_only=True)
+    applied_controls = HashSlugRelatedField(slug_field="pk", read_only=True, many=True)
+
     class Meta:
         model = Stakeholder
         fields = [
@@ -228,6 +254,10 @@ class Meta:
 
 
 class StrategicScenarioImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ro_to_couple = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = StrategicScenario
         fields = [
@@ -262,6 +292,11 @@ class Meta:
 
 
 class AttackPathImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
+    strategic_scenario = HashSlugRelatedField(slug_field="pk", read_only=True)
+    stakeholders = HashSlugRelatedField(slug_field="pk", read_only=True, many=True)
+
     class Meta:
         model = AttackPath
         fields = [
@@ -304,6 +339,11 @@ class Meta:
 
 
 class OperationalScenarioImportExportSerializer(BaseModelSerializer):
+    ebios_rm_study = HashSlugRelatedField(slug_field="pk", read_only=True)
+    attack_path = HashSlugRelatedField(slug_field="pk", read_only=True)
+    threats = HashSlugRelatedField(slug_field="pk", read_only=True, many=True)
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+
     class Meta:
         model = OperationalScenario
         fields = [

diff --git a/backend/serdes/serializers.py b/backend/serdes/serializers.py
@@ -12,6 +12,7 @@
 from django.conf import settings
 from django.db.models.query import QuerySet
 from rest_framework import serializers
+from hashlib import sha256
 
 from .utils import app_dot_model, import_export_serializer_class
 
@@ -126,7 +127,7 @@ def dump_data(scope: list[QuerySet]) -> dict:
                 objects.append(
                     {
                         "model": app_dot_model(queryset.model),
-                        "id": str(obj.id),
+                        "id": sha256(str(obj.id).encode()).hexdigest()[:12],
                         "fields": import_export_serializer_class(queryset.model)(
                             obj
                         ).data,

diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
@@ -2,7 +2,7 @@
 from ciso_assistant.settings import EMAIL_HOST, EMAIL_HOST_RESCUE
 from core.models import ComplianceAssessment, Framework
 
-from core.serializer_fields import FieldsRelatedField
+from core.serializer_fields import FieldsRelatedField, HashSlugRelatedField
 from core.serializers import BaseModelSerializer
 from core.utils import RoleCodename, UserGroupCodename
 from iam.models import Folder, Role, RoleAssignment, UserGroup
@@ -33,6 +33,9 @@ class Meta:
 
 
 class EntityImportExportSerializer(BaseModelSerializer):
+    folder = HashSlugRelatedField(slug_field="pk", read_only=True)
+    owned_folders = HashSlugRelatedField(slug_field="pk", many=True, read_only=True)
+
     class Meta:
         model = Entity
         fields = [