senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

#10 AI bira controle,dodate je dummy payment page

Browse Source
This commit is contained in:
Amir
2025-02-17 20:36:59 +01:00
parent a097590b62
commit 5ed323140f
11 changed files with 204 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
backend/accounts/tasks.py
View File

@@ -1,52 +1,63 @@
from celery import shared_task
from backend.core.models import Organization, Document, Risk, Control, DocumentRiskControl
from backend.core.utils import get_top_risk, get_controls_for_risk
from django.shortcuts import get_object_or_404, render
from django.shortcuts import get_object_or_404
from django.template import Template, Context
import yaml
from backend.core.models import DocumentTemplate
from .utils import send_payment_email
@shared_task
def create_document_for_organization(confirmation_email):
organization = get_object_or_404(Organization, email=confirmation_email)
top_risk_ids = get_top_risk(organization)
top_risks = Risk.objects.filter(risk_id__in=top_risk_ids)
organization.risks.set(top_risks)
document = Document.objects.create(organization=organization)
document.add_segment('h1', "Top 10 Risks Identified")
template = DocumentTemplate.objects.first()
template_content = template.content
risk_content = "\n\n".join([
f"Risk: {risk.risk_id} - {risk.risk_name} \n"
f"Category: {risk.category}\n"
f"Primary Impact: {risk.primary_impact} \n"
f"Secondary Impact: {risk.secondary_impact}\n"
f"Tertiary Impact: {risk.tretiary_impact} \n"
f"Detection Difficulty: {risk.detection_difficulty} \n"
f"Recovery Complexity: {risk.recovery_complexity} \n"
f"Business Impact Severity: {risk.businnes_impact_severity}\n"
for risk in top_risks
])
document.add_segment('body', f"Identified Risks: \n\n{risk_content}")
controls_content = "Mitigation Controls:\n\n"
risks_data = []
for risk in top_risks:
controls_content += f"Risk: {risk.risk_id} - {risk.risk_name}\n"
controls_data = []
selected_controls = get_controls_for_risk(risk, organization)
selected_controls = get_controls_for_risk(risk)
for control_id, weight in selected_controls:
control = Control.objects.filter(id=control_id).first()
control = Control.objects.filter(id=control_id).first()
if control:
document = Document.objects.create(organization=organization)
DocumentRiskControl.objects.create(
document=document,
risk=risk,
control=control,
weight=weight
weight=weight,
)
controls_content += f" - Control: {control.name} (Impact Weight: {weight}/10)\n"
controls_content += "\n"
document.add_segment('body', controls_content)
controls_data.append({
'name': control.name,
'weight': weight,
})
risks_data.append({
'name': risk.risk_name,
'description': risk.description,
'controls': controls_data,
})
context = {
'organization': organization,
'risks': risks_data,
}
django_template = Template(template_content)
rendered_content = django_template.render(Context(context))
document = Document.objects.create(organization=organization, content=rendered_content)
document.add_segment('title', f"{organization.name} Risk Assessment Report", 1)
document.add_segment('introduction', f"This document outlines the risks and controls for {organization.name}.", 2)
document.add_segment('body', rendered_content, 3)
send_payment_email(confirmation_email)
return document

6
backend/accounts/templates/accounts/confirmation_expired.html
View File

@@ -1,8 +1,10 @@
{% extends "base_login.html" %}
{%block content%}
<h2>Link has expired! </h2>
<form method="POST">
{% csrf_token %}
<button type="submit">Resend link</button>
</form>
</form>
{% endblock %}

12
backend/accounts/templates/accounts/confirmation_success.html
View File

@@ -1,5 +1,11 @@
{% extends "base_login.html" %}
{% extends "base.html" %}
{%block content%}
<div class="out-risk-management">
<div class="risk-management">
<h1>Email Confirmed!</h1>
<p>Your email {{ email }} has been successfully verified.</p>
</div>
</div>
<h1>Email Confirmed!</h1>
<p>Your email {{ email }} has been successfully verified.</p>
{%endblock%}

2
backend/accounts/utils.py
View File

@@ -6,8 +6,6 @@ from django.conf import settings
from django.utils.timezone import now
from backend.core.models import Document, Organization
def send_confirmation_email(email):
confirmation, created = EmailConfirmation.objects.get_or_create(email=email)

9
backend/accounts/views.py
View File

@@ -4,7 +4,7 @@ from backend.accounts.forms import SignupForm
from .models import EmailConfirmation
from django.shortcuts import get_object_or_404, render
from django.http import HttpResponse
from backend.accounts.utils import send_confirmation_email, send_payment_email
from backend.accounts.utils import send_confirmation_email
from .tasks import create_document_for_organization
class SignUpView(CreateView):
@@ -17,13 +17,10 @@ def confirm_email(request, uuid):
confirmation = get_object_or_404(EmailConfirmation, uuid=uuid)
if confirmation.is_expired():
return render(request, 'confirmation_expired.html', {'email': confirmation.email})
return render(request, 'accounts/confirmation_expired.html', {'email': confirmation.email})
task = create_document_for_organization.delay(confirmation.email)
send_payment_email(confirmation.email)
return HttpResponse("Email is confirmed")
return render(request, 'accounts/confirmation_success.html',{'email':confirmation.email})
def resend_confirmation(request,email):
if request.method == 'POST':

19
backend/core/templates/document_detail.html Normal file
View File

@@ -0,0 +1,19 @@
{% extends "base.html" %}
{% block content %}
<div class="container">
<h1>Document Preview</h1>
<h2>Organization: {{ organization.name }}</h2>
<p>{{ created_at }}</p>
<h3>Identified Risks and Controls</h3>
<ul>
{% for risk, controls in risks_with_controls.items %}
<li>
<h2>{{ risk.risk_name }}:</h2>
<p>{{ controls }} </p>
</li>
{% endfor %}
</ul>
</div>
{% endblock %}

17
backend/core/templates/payment.html
View File

@@ -1,11 +1,14 @@
{% extends 'base.html' %}
{% block content %}
<h2>Payment</h2>
<p>Click the button below to pay and access your document.</p>
<form method="post">
{% csrf_token %}
<button type="submit">Pay</button>
</form>
<div class="out-risk-management">
<div class="risk-management">
<h2>Payment</h2>
<p>Click the button below to pay and access your document.</p>
<form method="post">
{% csrf_token %}
<button class="btn-bl" type="submit">Pay</button>
</form>
</div>
</div>
{% endblock %}

2
backend/core/urls.py
View File

@@ -12,5 +12,5 @@ urlpatterns = [
path('document/<uuid:document_id>/', v.document, name='document'),
path('preview/<str:name>/', v.template_preview, name='template_preview'),
path("payment/", v.payment_page, name="payment_page"),
path('documentview/<uuid:document_id>/', v.docprew, name='generate_document_view'),
]

110
backend/core/utils.py
View File

@@ -1,7 +1,7 @@
from openai import OpenAI
from django.conf import settings
from .models import Risk, Control, Document, DocumentRiskControl
from django.shortcuts import get_object_or_404
import time
def extract_risk_factors(organization):
excluded_fields={"name","email"}
@@ -44,59 +44,101 @@ def get_top_risk(organization):
"""
response = client.chat.completions.create(
model="gpt-4",
model="gpt-4o-mini",
messages=[{"role": "system", "content": prompt}]
)
risk_ids = response.choices[0].message.content.strip().split(",")
print(f"Risks: {risk_ids}")
return [int(risk_id) for risk_id in risk_ids if risk_id.isdigit()]
def get_controls_for_risk(risk):
def get_controls_for_risk(risk, organization):
client = OpenAI(api_key=settings.OPENAI_API_KEY)
all_controls = Control.objects.all()
control_list = []
risk_factors = extract_risk_factors(organization)
valid_control_ids = {control.id for control in all_controls}
for control in all_controls:
control_list.append(f"Control ID: {control.id}, Control Name: {control.name}")
prompt = f"""
You are a cyber security expert. For the risk '{risk.risk_name}', select 10 relevant controls
from the following list and assign a weight (1-10) based on how much they reduce risks.
Available Controls (only respond with control IDs and weights):
You are an expert in cybersecurity risk management. Given the risk "{risk.risk_name}" and its associated factors "{risk_factors}",
your task is to select **exactly 10 unique controls** from the provided list that best mitigate this risk. Each control should be assigned a weight between **1 and 10** based on its effectiveness in reducing the risk.
### Rules:
1. **Each control ID must be unique** (no duplicates).
2. **Only return control IDs and weights** in the exact format below.
3. **Weights must be between 1 and 10** (1 = low impact, 10 = high impact).
4. **Do NOT add explanations, descriptions, or extra text.**
5. **Ensure that control IDs are randomly distributed and diverse across different categories.**
### Available Controls:
{control_list}
Respond only with control IDs (numbers) and their corresponding weights (1-10).
Format:
ID: <control_id> Weight: <weight>
Example:
1: 9
2: 6
3: 4
### Expected Response Format (STRICTLY FOLLOW THIS FORMAT):
```
<control_id> : <weight>
<control_id> : <weight>
```
### Example Correct Response (NO DUPLICATES):
```
12 : 8
45 : 7
```
⚠️ **If you provide duplicate control IDs, your response will be rejected. Ensure all control IDs are unique.**
⚠️ **Follow the response format exactly. Any deviation will be considered invalid.**
"""
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "system", "content": prompt}]
)
for attempt in range(5):
response = client.chat.completions.create(
model="gpt-4o-mini",
messages=[{"role": "system", "content": prompt}]
)
result = response.choices[0].message.content.strip()
print(f"AI Response (Attempt {attempt+1}):\n{result}")
result = response.choices[0].message.content.strip()
selected_controls = []
selected_controls = []
valid = True
control_ids_seen = set()
for line in result.split("\n"):
line = line.strip()
for line in result.split("\n"):
line = line.strip()
parts = line.split(":")
if len(parts) == 2:
control_id_str = parts[0].replace("ID:", "").replace("id:", "").replace("Id:", "").strip()
weight_str = parts[1].strip().replace("Weight:", "").replace("weight:", "").strip()
control_id_str = ''.join(filter(str.isdigit, control_id_str))
weight_str = ''.join(filter(str.isdigit, weight_str))
if control_id_str and weight_str:
control_id = int(control_id_str)
weight = int(weight_str)
if control_id in valid_control_ids and 1 <= weight <= 10:
if control_id in control_ids_seen:
valid = False
break
selected_controls.append((control_id, weight))
control_ids_seen.add(control_id)
else:
valid = False
break
if valid and len(selected_controls) == 10:
return selected_controls
print("Invalid response or duplicate control IDs found, retrying...\n")
time.sleep(2)
print("Failed to get a valid response after multiple attempts.")
return []
parts = line.split("Weight:")
if len(parts) == 2:
control_id_str = parts[0].replace("ID:", "").replace("id:", "").replace("Id:", "").strip()
weight_str = parts[1].strip().replace("Weight:", "").replace("weight:","").strip()
control_id_str = ''.join(filter(str.isdigit, control_id_str))
weight_str = ''.join(filter(str.isdigit, weight_str))
control_id = int(control_id_str)
weight = int(weight_str)
print(f"ID: {control_id}, Weight: {weight}")
control = Control.objects.filter(id=control_id).first()
if control:
selected_controls.append((control_id, weight))
return selected_controls[:10]

32
backend/core/views.py
View File

@@ -1,13 +1,13 @@
import logging
import yaml
from django.shortcuts import render, redirect , get_object_or_404
from .forms import OrganizationForm
from .models import Organization,Document,Risk, DocumentTemplate
from backend.core.utils import get_top_risk
from django.urls import reverse
from .models import Organization,Document,Risk, DocumentTemplate,DocumentRiskControl
from backend.accounts.utils import send_confirmation_email,send_document_email
from django.contrib.admin.views.decorators import staff_member_required
# @login_required
# def index(request):
# return HttpResponse('<h1>Django</h1><p>Página simples.</p>')
@@ -26,7 +26,6 @@ def signup(request):
if form.is_valid():
form.save()
send_confirmation_email(form.data['email'])
return render(request, 'thankyou.html', {
'email': form.data['email'],
})
@@ -69,3 +68,28 @@ def payment_page(request):
return redirect(document_link)
return render(request, "payment.html", {"email": email})
def docprew(request, document_id):
doc = get_object_or_404(Document, id=document_id)
org = doc.organization
document_risk_controls = DocumentRiskControl.objects.filter(document=doc)
unique_risks = Risk.objects.filter(id__in=document_risk_controls.values('risk_id')).distinct()
risks_with_controls = {}
for risk in unique_risks:
related_controls = DocumentRiskControl.objects.filter(risk=risk)
risk_controls = [control.control.name for control in related_controls]
risks_with_controls[risk] = ", ".join(risk_controls)
return render(request, 'document_detail.html', {
'document': doc,
'organization': org,
'created_at': doc.created_at,
'risks_with_controls': risks_with_controls,
})

12
start_services.sh Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
echo "Starting Django server..."
python3 manage.py runserver &
echo "Starting Celery worker..."
celery -A backend worker --loglevel=info &
echo "Starting Redis server on port 6380..."
redis-server --port 6380 &
wait