Skip to content
This repository has been archived by the owner on Jan 24, 2025. It is now read-only.

Querying and Updating Assets

Jump to bottom
Austin Songer, CISSP edited this page Dec 23, 2024 · 2 revisions

Assets are central to the POA&M management workflow as they represent the specific systems or resources affected by vulnerabilities. Below is a detailed explanation of how assets are queried and updated in the POA&M app.

Querying Assets

Assets can be queried based on their association with POA&M items or independently. Here's how it works:

  1. Query All Assets: Fetch all assets in the database:
  def get_all_assets():
      return Asset.query.all()
  1. Query Assets Linked to a Specific POA&M Item: Fetch assets associated with a specific POA&M item using its id:
  def get_assets_for_poam(poam_id):
      poam_item = POAM.query.get(poam_id)
      return poam_item.assets if poam_item else []

Example Usage:

  poam_id = 1
  linked_assets = get_assets_for_poam(poam_id)
  for asset in linked_assets:
      print(f"Asset Name: {asset.name}, Description: {asset.description}")
  1. Query a Specific Asset by Name or ID: Fetch an asset using its unique name or ID:
  def get_asset_by_name(name):
      return Asset.query.filter_by(name=name).first()
  
  def get_asset_by_id(asset_id):
      return Asset.query.get(asset_id)
  1. Query POA&M Items Linked to an Asset: Fetch all POA&M items linked to a specific asset:
  def get_poams_for_asset(asset_id):
      asset = Asset.query.get(asset_id)
      return asset.poam_items if asset else []

Updating Assets

Assets can be updated to reflect changes in their properties or associations. Here are some examples:

  1. Create a New Asset: Add a new asset to the database:
  def create_asset(name, description=None, owner=None, asset_type=None):
      new_asset = Asset(
          name=name,
          description=description,
          owner=owner,
          asset_type=asset_type
      )
      db.session.add(new_asset)
      db.session.commit()
      return new_asset
  1. Update Asset Details: Modify the properties of an existing asset:
  def update_asset(asset_id, name=None, description=None, owner=None, asset_type=None):
      asset = Asset.query.get(asset_id)
      if not asset:
          return None
      
      if name:
          asset.name = name
      if description:
          asset.description = description
      if owner:
          asset.owner = owner
      if asset_type:
          asset.asset_type = asset_type
      
      db.session.commit()
      return asset
  1. Link an Asset to a POA&M Item: Associate an asset with a POA&M item:
  def link_asset_to_poam(poam_id, asset_data):
      poam_item = POAM.query.get(poam_id)
      if not poam_item:
          return None
  
      # Check if the asset already exists
      asset = Asset.query.filter_by(name=asset_data['name']).first()
      if not asset:
          # Create a new asset if it doesn't exist
          asset = Asset(name=asset_data['name'], description=asset_data.get('description'))
          db.session.add(asset)
  
      # Link the asset to the POA&M item
      poam_item.assets.append(asset)
      db.session.commit()
      return asset
  1. Unlink an Asset from a POA&M Item: Remove the association between an asset and a POA&M item:
  def unlink_asset_from_poam(poam_id, asset_id):
      poam_item = POAM.query.get(poam_id)
      if not poam_item:
          return False
  
      asset = Asset.query.get(asset_id)
      if asset in poam_item.assets:
          poam_item.assets.remove(asset)
          db.session.commit()
          return True
      return False
  1. Delete an Asset: Remove an asset entirely from the database:
  def delete_asset(asset_id):
      asset = Asset.query.get(asset_id)
      if asset:
          db.session.delete(asset)
          db.session.commit()
          return True
      return False

Example Usage

Querying Assets:

# Get all assets
all_assets = get_all_assets()
for asset in all_assets:
   print(f"Asset Name: {asset.name}, Owner: {asset.owner}")

# Get assets for a specific POA&M
assets_for_poam = get_assets_for_poam(1)
print(f"Assets linked to POA&M 1: {[asset.name for asset in assets_for_poam]}")

Updating Assets:

# Create a new asset
new_asset = create_asset(
   name="Database Server A",
   description="Critical production database server",
   owner="John Doe",
   asset_type="Database"
)
print(f"Created Asset: {new_asset.name}")

# Update an existing asset
updated_asset = update_asset(new_asset.id, owner="Jane Doe")
print(f"Updated Asset Owner: {updated_asset.owner}")

# Link an asset to a POA&M
linked_asset = link_asset_to_poam(1, {"name": "Database Server A", "description": "Production DB"})
print(f"Linked Asset: {linked_asset.name} to POA&M 1")

# Unlink an asset from a POA&M
unlink_success = unlink_asset_from_poam(1, new_asset.id)
print(f"Unlinked Asset: {unlink_success}")

# Delete an asset
delete_success = delete_asset(new_asset.id)
print(f"Deleted Asset: {delete_success}")
Clone this wiki locally