def __init__(self, data, *args, **kwargs):
rows = OrderedDict()
extra_columns = {}
for row in data:
if row.pk not in rows:
rows[row.pk] = {
'username': row.username,
'first_name': row.first_name,
'last_name': row.last_name,
'email': row.email,
'role': row.groups.first(),
'pk': row.pk
}
# because of AD inactive users, that create User but not SciriusUser
try:
SciriusUser.objects.get(user=row)
except SciriusUser.DoesNotExist:
SciriusUser.objects.create(user=row, timezone='UTC')
get_middleware_module('common').update_scirius_user_class(row, {})
rows[row.pk]['active'] = '✔' if row.is_active else '✘' # ignore_utf8_check: 10008 10004
if get_middleware_module('common').has_multitenant():
rows[row.pk]['tenants'] = ''
if row.sciriususer.has_no_tenant():
rows[row.pk]['tenants'] = 'No tenant\n'
if row.sciriususer.has_all_tenants():
rows[row.pk]['tenants'] += 'All tenants'
else:
rows[row.pk]['tenants'] += '\n'.join(row.sciriususer.get_tenants().values_list('name', flat=True))
extra_columns['tenants'] = tables.Column(verbose_name='Tenants', attrs={'td': {'style': 'white-space:pre-wrap;'}})
super().__init__(data=rows.values(), extra_columns=extra_columns.items(), *args, **kwargs)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
instance = kwargs.get('instance', None)
if not get_middleware_module('common').has_multitenant():
self.fields.pop('tenants')
self.fields.pop('no_tenant')
self.fields.pop('all_tenants')
else:
self.fields['tenants'].queryset = get_middleware_module(
'common').get_tenants()
if instance:
self.fields[
'tenants'].initial = instance.sciriususer.get_tenants()
self.fields[
'all_tenants'].initial = instance.sciriususer.has_all_tenants(
)
self.fields[
'no_tenant'].initial = instance.sciriususer.has_no_tenant(
)
self.fields['groups'].queryset = DjangoGroup.objects.order_by('name')
if instance:
# self.fields['groups'].initial does not work
self.initial['groups'] = instance.groups.first(
).pk if instance.groups.count() > 0 else ''
self.fields['timezone'].initial = instance.sciriususer.timezone
else:
self.fields['timezone'].initial = 'UTC'
self.initial['groups'] = Group.objects.order_by(
'-priority').first()
def create(self, validated_data):
user_data = validated_data.pop('user')
errors = {}
if 'username' not in user_data:
errors['username'] = ['This field is required.']
if 'password' not in user_data:
errors['password'] = ['This field is required.']
if len(errors) > 0:
raise serializers.ValidationError(errors)
if 'timezone' not in validated_data:
validated_data['timezone'] = 'UTC'
if validated_data['timezone'] not in pytz.all_timezones:
raise serializers.ValidationError(
{'timezone': ['Not a valid choice.']})
password = user_data.pop('password')
try:
password_validation.validate_password(password=password, user=User)
except exceptions.ValidationError as e:
raise serializers.ValidationError({'password': [e.message]})
user = User.objects.create(**user_data)
user.set_password(password)
user.save()
sciriususerapp_data = validated_data.pop('sciriususerapp', {})
sciriususer = SciriusUser.objects.create(user=user, **validated_data)
get_middleware_module('common').update_scirius_user_class(
user, sciriususerapp_data)
return sciriususer
def update(self, instance, validated_data):
user_data = validated_data.pop('user')
user = instance.user
for key, value in user_data.items():
if key == 'password':
raise PermissionDenied({
'password':
'******'
})
if hasattr(user, key):
if key != 'role':
setattr(user, key, value)
else:
user.groups.set(value)
timezone = validated_data.get('timezone', instance.timezone)
if timezone not in pytz.all_timezones:
# to avoid deadlock
if instance.timezone not in pytz.all_timezones:
instance.timezone = 'UTC'
instance.save()
raise serializers.ValidationError(
{'timezone': ['Not a valid choice.']})
instance.timezone = timezone
instance.save()
user.save()
get_middleware_module('common').update_scirius_user_class(
user, validated_data)
return instance
def validate(self, data):
from scirius.utils import get_middleware_module
if data.get('action', '') == 'threshold':
self.validate_rule_postprocessing(data, self.partial)
else:
get_middleware_module('common').validate_rule_postprocessing(
data, self.partial, self)
return data
def to_dict(self, json_compatible=False):
from scirius.utils import get_middleware_module
tenants = []
if self.has_all_tenants():
tenants = get_middleware_module(
'common').get_tenants().values_list('pk', flat=True)
else:
tenants = self.get_tenants()
if not isinstance(tenants, (list, tuple)):
tenants = tenants.values_list('pk', flat=True)
if json_compatible:
tenants = list(tenants)
res = {
"pk":
self.pk,
"timezone":
self.timezone,
"username":
self.user.username,
"first_name":
self.user.first_name,
"last_name":
self.user.last_name,
"is_active":
self.user.is_active,
"email":
self.user.email,
"date_joined":
self.user.date_joined
if not json_compatible else self.user.date_joined.isoformat(),
"perms": [
'rules.{}'.format(item[0]) for item in
self.user.groups.values_list('permissions__codename')
],
"role":
self.user.groups.first().name,
"no_tenant":
self.has_no_tenant(),
"all_tenant":
self.has_all_tenants(),
"tenants":
tenants
}
if get_middleware_module('common').has_extra_auth():
res.update({
'group':
Group.objects.filter(group__user=self.user).first().ldap_group
})
return res
def loginview(request, target):
if request.method == 'POST':
form = LoginForm(request.POST)
if not form.is_valid(): # All validation rules pass
form = LoginForm()
context = {'form': form, 'error': 'Invalid form'}
return scirius_render(request, 'accounts/login.html', context)
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
try:
sciriususer = SciriusUser.objects.get(user=user)
sciriususer.sciriususerapp
except (SciriusUser.DoesNotExist, AttributeError):
SciriusUser.objects.get_or_create(
user=user, defaults={'timezone': 'UTC'})
get_middleware_module('common').update_scirius_user_class(
user, form.cleaned_data)
if not form.cleaned_data['persistent']:
request.session.set_expiry(0)
logger = logging.getLogger('authentication')
logger.info("Successful login for '%s' from '%s'", username,
get_client_ip(request))
UserAction.create(action_type='login',
user=user,
force_insert=True)
return redirect("/" + target)
else:
form = LoginForm()
context = {'form': form, 'error': 'Disabled account'}
logger = logging.getLogger('authentication')
logger.error(
"Invalid login attempt for disabled account '%s' from '%s'",
username, get_client_ip(request))
return scirius_render(request, 'accounts/login.html', context)
else:
form = LoginForm()
context = {'form': form, 'error': 'Invalid login'}
logger = logging.getLogger('authentication')
logger.error("Invalid login attempt for '%s' from '%s'", username,
get_client_ip(request))
return scirius_render(request, 'accounts/login.html', context)
else:
form = LoginForm()
context = {'form': form}
return scirius_render(request, 'accounts/login.html', context)
def to_representation(self, instance):
if not instance.options:
from scirius.utils import get_middleware_module
instance = get_middleware_module(
'common').update_processing_filter_action_options(instance)
return super(RuleProcessingFilterSerializer,
self).to_representation(instance)
def __init__(self, data, *args, **kwargs):
rows = OrderedDict()
extra_columns = {}
# Superuser group has all custom permissions
# => Usefull to get our custom permissions
permissions = Permission.objects.filter(group__name='Superuser')
for row in data:
if row.pk not in rows:
rows[row.pk] = {
'name': row.name,
'pk': row.pk
}
if get_middleware_module('common').has_extra_auth():
rows[row.pk]['priority'] = str(row.group.priority)
extra_columns['priority'] = tables.Column(verbose_name='Priority')
rows[row.pk]['ldap_group'] = row.group.ldap_group
extra_columns['ldap_group'] = tables.Column(verbose_name='LDAP Group')
for permission in permissions:
if row.permissions.filter(pk=permission.pk).count() > 0:
rows[row.pk][permission.codename] = '✔' # ignore_utf8_check: 10008 10004
else:
rows[row.pk][permission.codename] = '✘' # ignore_utf8_check: 10008 10004
extra_columns[permission.codename] = tables.Column(verbose_name=permission.name)
super().__init__(data=rows.values(), extra_columns=extra_columns.items(), *args, **kwargs)
def check_perms(request, view, required_groups, no_tenant_check=False):
if request.user.is_anonymous:
return False
if get_middleware_module('common').has_multitenant():
# bypass tenant check on some ViewSet that does not handle tenants
if not getattr(view, 'no_tenant_check', False) and not no_tenant_check:
if {'rules.events_view', 'rules.events_edit'} & set(required_groups):
tenant = request.query_params.get('tenant', -1)
try:
tenant = int(tenant)
except (ValueError, TypeError):
return False
if tenant in (-1, 0):
if not request.user.sciriususer.has_no_tenant():
return False
elif tenant > 0:
if not request.user.sciriususer.has_all_tenants():
if tenant not in request.user.sciriususer.get_tenants().values_list('pk', flat=True):
return False
for group in required_groups:
if request.user.has_perm(group):
return True
return False
def to_internal_value(self, data):
from scirius.utils import get_middleware_module
options = data.get('options')
action = data.get('action')
action_options_serializer = get_middleware_module('common').update_processing_filter_action_options_serializer(ACTION_OPTIONS_SERIALIZER)
serializer = action_options_serializer.get(action)
if serializer:
serializer = serializer(data=options, context=self.context)
try:
serializer.is_valid(raise_exception=True)
except serializers.ValidationError as e:
raise serializers.ValidationError({'options': [e.detail]})
options = serializer.validated_data
else:
if options:
raise serializers.ValidationError({'options': ['Action "%s" does not accept options.' % action]})
options = {}
if not isinstance(serializer, serializers.ModelSerializer):
if self.partial:
if 'options' in data:
data['options'] = options
else:
data['options'] = options
else:
self.option_serializer = serializer
data.pop('options', None)
return super(RuleProcessingFilterSerializer, self).to_internal_value(data)
def _qfilter(self):
if self.qfilter:
return self.qfilter
query_filter = get_middleware_module('common').es_query_string(self.request)
if self.request and 'qfilter' in self.request.GET:
query_filter += ' AND ' + self.request.GET['qfilter']
return query_filter
def __init__(self, *args, **kwargs):
source = kwargs.get('instance', None)
super(SourceForm, self).__init__(*args, **kwargs)
from scirius.utils import get_middleware_module
choices = get_middleware_module('common').update_source_content_type(
Source.CONTENT_TYPE, source)
self.fields['datatype'] = forms.ChoiceField(choices=choices)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.fields['permissions'].queryset = DjangoGroup.objects.filter(
name='Superuser').first().permissions
self.fields['permissions'].choices = DjangoGroup.objects.filter(
name='Superuser').first().permissions.order_by('pk').values_list(
'pk', 'name')
self.mapping = dict(
DjangoGroup.objects.filter(
name='Superuser').first().permissions.values_list(
'pk', 'codename'))
if not get_middleware_module('common').has_extra_auth():
self.fields.pop('ldap_group')
self.fields.pop('priority')
instance = kwargs.get('instance', None)
if instance:
self.initial['permissions'] = instance.permissions.values_list(
'pk', flat=True)
self.initial['name'] = instance.name
self.initial['ldap_group'] = instance.group.ldap_group
if get_middleware_module('common').has_extra_auth():
priority = Group.objects.aggregate(
Max('priority'))['priority__max']
if not instance:
priority += 1
self.fields['priority'].widget = forms.NumberInput(
attrs={
'max': priority,
'min': len(self.DEFAULT_GROUPS)
})
self.fields[
'priority'].initial = instance.group.priority if instance else priority
# Put the comment field at the end of the self.fields ordered dict
comment = self.fields.pop('comment')
self.fields['comment'] = comment
if instance:
if instance.name in self.DEFAULT_GROUPS:
for key in self.fields.keys():
if key not in ('ldap_group', 'comment'):
self.fields[key].disabled = True
def test_actions(self, request):
from scirius.utils import get_middleware_module
fields_serializer = RuleProcessingTestActionsSerializer(
data=request.data)
fields_serializer.is_valid(raise_exception=True)
capabilities = get_middleware_module(
'common').get_processing_actions_capabilities(
fields_serializer.validated_data.get('fields'))
return Response({'actions': capabilities})
def test(self, request):
from scirius.utils import get_middleware_module
fields_serializer = RuleProcessingTestSerializer(data=request.data)
fields_serializer.is_valid(raise_exception=True)
capabilities = get_middleware_module(
'common').get_processing_filter_capabilities(
fields_serializer.validated_data['fields'],
fields_serializer.validated_data['action'])
return Response(capabilities)
def __init__(self, *args, **kwargs):
super(AddSourceForm, self).__init__(*args, **kwargs)
if 'rulesets' in self.fields:
self.fields['rulesets'].required = False
from scirius.utils import get_middleware_module
choices = get_middleware_module('common').update_source_content_type(
Source.CONTENT_TYPE)
self.fields['datatype'] = forms.ChoiceField(choices=choices)
def update_groups(sender, user, ldap_user, **kwargs):
'''
Update LDAP group each time a LDAP user login into scirius
'''
from scirius.utils import get_middleware_module
nb_items_max = 100
filters = models.Q()
group = None
stop_idx = len(ldap_user.group_dns)
for idx, ldap_group in enumerate(ldap_user.group_dns, 1):
filters |= models.Q(ldap_group__iexact=ldap_group)
if idx % nb_items_max == 0 or idx == stop_idx:
found_group = Group.objects.filter(filters).order_by(
'priority').first()
filters = models.Q()
if found_group:
if not group:
group = found_group
if group.priority > found_group.priority:
group = found_group
user.save()
user.groups.clear()
try:
sciriususer = SciriusUser.objects.get(user=user)
sciriususerapp = sciriususer.sciriususerapp
if sciriususerapp.is_from_ldap is False:
sciriususerapp.is_from_ldap = True
sciriususerapp.save()
except (SciriusUser.DoesNotExist, AttributeError):
SciriusUser.objects.get_or_create(user=user,
defaults={'timezone': 'UTC'})
get_middleware_module('common').update_scirius_user_class(
user, {'is_from_ldap': True})
if group is not None:
user.groups.add(group.group)
def save(self, commit=True):
if not commit:
raise NotImplementedError(
'This method does not support "commit=False"')
instance = super().save()
try:
sciriususer = instance.sciriususer
sciriususer.timezone = self.cleaned_data['timezone']
except AttributeError:
sciriususer = SciriusUser.objects.create(
user=instance,
timezone=self.cleaned_data['timezone'],
)
instance.save()
get_middleware_module('common').update_scirius_user_class(
instance, self.cleaned_data)
return instance
def to_internal_value(self, data):
data = data.copy()
timezone = data.pop('timezone', None)
user_serializer = UserSerializer(data=data)
user_serializer.is_valid(raise_exception=True)
res = {'user': user_serializer.validated_data}
if timezone is not None:
res['timezone'] = timezone
if 'tenants' in data:
if not isinstance(data['tenants'], (list, tuple)):
raise serializers.ValidationError(
{'tenants': ['Wrong format: it should be "[1, 4]"']})
all_tenants = get_middleware_module(
'common').get_tenants().values_list('pk', flat=True)
for tenant in data['tenants']:
if tenant not in all_tenants:
raise serializers.ValidationError(
{'tenants': ['pk "{}" does not exist'.format(tenant)]})
for item in ('no_tenant', 'all_tenants'):
if item in data:
if not isinstance(data[item], bool):
raise serializers.ValidationError(
{item: ['boolean value requested']})
if self.instance:
res.update({
'sciriususerapp': {
'tenants':
data.get(
'tenants',
self.instance.get_tenants().values_list('pk',
flat=True)),
'no_tenant':
data.get('no_tenant', self.instance.has_no_tenant()),
'all_tenants':
data.get('all_tenants', self.instance.has_all_tenants())
}
})
else:
res.update({
'sciriususerapp': {
'tenants': data.get('tenants', []),
'no_tenant': data.get('no_tenant', False),
'all_tenants': data.get('all_tenants', False)
}
})
return res
def __init__(self, *args, **kwargs):
super(RulesetForm, self).__init__(*args, **kwargs)
from scirius.utils import get_middleware_module
sourceatversion = SourceAtVersion.objects.exclude(
source__datatype__in=get_middleware_module(
'common').custom_source_datatype(True))
self.fields['sources'].queryset = sourceatversion
self.fields['action'].choices = Ruleset.get_transformation_choices(
key=Transformation.ACTION)
self.fields['lateral'].choices = Ruleset.get_transformation_choices(
key=Transformation.LATERAL)
self.fields['target'].choices = Ruleset.get_transformation_choices(
key=Transformation.TARGET)
def to_representation(self, instance):
data = super().to_representation(instance)
user = data.pop('user', None)
if user is not None:
user.pop('password', None)
data.update(user)
role = instance.user.groups.first()
data['role'] = role.name if role else ''
if get_middleware_module('common').has_multitenant():
data['tenants'] = instance.get_tenants().values_list('pk',
flat=True)
data['no_tenant'] = instance.has_no_tenant()
data['all_tenants'] = instance.has_all_tenants()
return data
def list_accounts(request):
template = 'accounts/accounts_list.html'
mapping = {'User': UserTable, 'Role': GroupTable}
klasses = (User, DjangoGroup)
data = {
'User': {
'size': 0,
'content': None,
'annotate': {
'role': F('groups__name')
},
'order_by': ('groups__group__priority', '-username')
},
'Role': {
'size': 0,
'content': None,
'order_by': ('group__priority', )
}
}
conf = tables.RequestConfig(request)
for klass in klasses:
klass_name = klass.__name__ if klass != DjangoGroup else 'Role'
objects = klass.objects.all()
if 'annotate' in data[klass_name]:
objects = objects.annotate(**data[klass_name]['annotate'])
objects = objects.order_by(*data[klass_name]['order_by'])
data[klass_name]['content'] = conf.configure(
mapping[klass_name](objects))
data[klass_name]['size'] = objects.count()
context = {
'objects': data,
'extra_auth': get_middleware_module('common').has_extra_auth()
}
return scirius_render(request, template, context)
def get_no_tenant_idx():
from scirius.utils import get_middleware_module
if get_middleware_module('common').has_multitenant():
return 0
return -1
def _es_bool_clauses(self):
if self.request:
return get_middleware_module('common').es_bool_clauses(self.request)
return ''
def _render_template(self, tmpl, dictionary, ignore_middleware=False):
hosts_list = ['*']
qfilter = None
if self.request:
if 'hosts' in self.request.GET:
hosts_list = self.request.GET['hosts'].split(',')
else:
if 'hosts' in dictionary:
hosts_list = dictionary['hosts'].split(',')
if 'qfilter' in self.request.GET:
qfilter = self.request.GET['qfilter']
else:
if 'qfilter' in dictionary:
qfilter = dictionary['qfilter']
hosts = None
hosts_filter = None
hosts = []
for host in hosts_list:
if host != '*':
host = json.dumps(host).replace('"', '\\"')
host = mark_safe(host)
hosts.append(host)
if hosts == ['*']:
# use _exists_ in case analyze_wildcard is false
hosts_filter = '_exists_:%s' % settings.ELASTICSEARCH_HOSTNAME
else:
hosts_filter = ['%s:%s' % (settings.ELASTICSEARCH_HOSTNAME, h) for h in hosts]
hosts_filter = mark_safe('(%s)' % ' '.join(hosts_filter))
query_filter = get_middleware_module('common').es_query_string(self.request)
if qfilter is not None:
query_filter += ' AND ' + qfilter
if query_filter:
# dump as json but remove quotes since the quotes are already set in templates
query_filter = mark_safe(json.dumps(query_filter)[1:-1])
if ignore_middleware:
bool_clauses = ''
else:
bool_clauses = get_middleware_module('common').es_bool_clauses(self.request)
templ = Template(tmpl)
context = Context(dictionary)
context.update({
'hosts': hosts,
'hosts_filter': hosts_filter,
'keyword': settings.ELASTICSEARCH_KEYWORD,
'hostname': settings.ELASTICSEARCH_HOSTNAME,
'timestamp': settings.ELASTICSEARCH_TIMESTAMP,
'from_date': self._from_date(dictionary),
'to_date': mark_safe(self._to_date(dictionary, es_format=True)), # mark quotes around "now" as safe
'query_filter': query_filter,
'bool_clauses': bool_clauses,
'interval': unicode(self._interval(dictionary)) + 'ms'
})
return bytearray(templ.render(context), encoding="utf-8")
class AccountSerializer(serializers.ModelSerializer):
user = UserSerializer(required=True, partial=True)
timezone = serializers.ChoiceField(required=True, choices=TIMEZONES)
role = serializers.CharField(required=True, source='user.groups')
no_tenant = serializers.BooleanField(required=False)
all_tenants = serializers.BooleanField(required=False)
tenants = serializers.PrimaryKeyRelatedField(
source='sciriususerapp.tenants',
queryset=get_middleware_module('common').get_tenants(),
many=True)
class Meta:
model = SciriusUser
fields = ('pk', 'user', 'timezone', 'role', 'no_tenant', 'all_tenants',
'tenants')
def to_representation(self, instance):
data = super().to_representation(instance)
user = data.pop('user', None)
if user is not None:
user.pop('password', None)
data.update(user)
role = instance.user.groups.first()
data['role'] = role.name if role else ''
if get_middleware_module('common').has_multitenant():
data['tenants'] = instance.get_tenants().values_list('pk',
flat=True)
data['no_tenant'] = instance.has_no_tenant()
data['all_tenants'] = instance.has_all_tenants()
return data
def to_internal_value(self, data):
data = data.copy()
timezone = data.pop('timezone', None)
user_serializer = UserSerializer(data=data)
user_serializer.is_valid(raise_exception=True)
res = {'user': user_serializer.validated_data}
if timezone is not None:
res['timezone'] = timezone
if 'tenants' in data:
if not isinstance(data['tenants'], (list, tuple)):
raise serializers.ValidationError(
{'tenants': ['Wrong format: it should be "[1, 4]"']})
all_tenants = get_middleware_module(
'common').get_tenants().values_list('pk', flat=True)
for tenant in data['tenants']:
if tenant not in all_tenants:
raise serializers.ValidationError(
{'tenants': ['pk "{}" does not exist'.format(tenant)]})
for item in ('no_tenant', 'all_tenants'):
if item in data:
if not isinstance(data[item], bool):
raise serializers.ValidationError(
{item: ['boolean value requested']})
if self.instance:
res.update({
'sciriususerapp': {
'tenants':
data.get(
'tenants',
self.instance.get_tenants().values_list('pk',
flat=True)),
'no_tenant':
data.get('no_tenant', self.instance.has_no_tenant()),
'all_tenants':
data.get('all_tenants', self.instance.has_all_tenants())
}
})
else:
res.update({
'sciriususerapp': {
'tenants': data.get('tenants', []),
'no_tenant': data.get('no_tenant', False),
'all_tenants': data.get('all_tenants', False)
}
})
return res
def create(self, validated_data):
user_data = validated_data.pop('user')
errors = {}
if 'username' not in user_data:
errors['username'] = ['This field is required.']
if 'password' not in user_data:
errors['password'] = ['This field is required.']
if len(errors) > 0:
raise serializers.ValidationError(errors)
if 'timezone' not in validated_data:
validated_data['timezone'] = 'UTC'
if validated_data['timezone'] not in pytz.all_timezones:
raise serializers.ValidationError(
{'timezone': ['Not a valid choice.']})
password = user_data.pop('password')
try:
password_validation.validate_password(password=password, user=User)
except exceptions.ValidationError as e:
raise serializers.ValidationError({'password': [e.message]})
user = User.objects.create(**user_data)
user.set_password(password)
user.save()
sciriususerapp_data = validated_data.pop('sciriususerapp', {})
sciriususer = SciriusUser.objects.create(user=user, **validated_data)
get_middleware_module('common').update_scirius_user_class(
user, sciriususerapp_data)
return sciriususer
def update(self, instance, validated_data):
user_data = validated_data.pop('user')
user = instance.user
for key, value in user_data.items():
if key == 'password':
raise PermissionDenied({
'password':
'******'
})
if hasattr(user, key):
if key != 'role':
setattr(user, key, value)
else:
user.groups.set(value)
timezone = validated_data.get('timezone', instance.timezone)
if timezone not in pytz.all_timezones:
# to avoid deadlock
if instance.timezone not in pytz.all_timezones:
instance.timezone = 'UTC'
instance.save()
raise serializers.ValidationError(
{'timezone': ['Not a valid choice.']})
instance.timezone = timezone
instance.save()
user.save()
get_middleware_module('common').update_scirius_user_class(
user, validated_data)
return instance
def validate(self, data):
from scirius.utils import get_middleware_module
get_middleware_module('common').validate_rule_postprocessing(
data, self.partial)
return data
def test_actions(self, request):
from scirius.utils import get_middleware_module
fields_serializer = RuleProcessingTestActionsSerializer(data=request.data)
fields_serializer.is_valid(raise_exception=True)
capabilities = get_middleware_module('common').get_processing_actions_capabilities(fields_serializer.validated_data.get('fields'))
return Response({'actions': capabilities})
def test(self, request):
from scirius.utils import get_middleware_module
fields_serializer = RuleProcessingTestSerializer(data=request.data)
fields_serializer.is_valid(raise_exception=True)
capabilities = get_middleware_module('common').get_processing_filter_capabilities(fields_serializer.validated_data['fields'], fields_serializer.validated_data['action'])
return Response(capabilities)
def validate(self, data):
from scirius.utils import get_middleware_module
get_middleware_module('common').validate_rule_postprocessing(data, self.partial)
return data
def get_tenants(self):
if not hasattr(self, 'sciriususerapp'):
from scirius.utils import get_middleware_module
return get_middleware_module('common').get_tenants(
empty_queryset=True)
return self.sciriususerapp.tenants.all()
def _render_template(self, tmpl, _dictionary, ignore_middleware=False):
dictionary = es_string_escape(_dictionary)
hosts = ['*']
qfilter = None
if self.request:
if 'hosts' in self.request.GET:
hosts = es_string_escape(self.request.GET['hosts']).split(',')
else:
if 'hosts' in dictionary:
hosts = dictionary['hosts'].split(',')
if 'qfilter' in self.request.GET:
qfilter = es_string_escape(self.request.GET['qfilter'])
else:
if 'qfilter' in dictionary:
qfilter = dictionary['qfilter']
hosts_filter = None
if hosts == ['*']:
# use _exists_ in case analyze_wildcard is false
hosts_filter = '_exists_:%s' % settings.ELASTICSEARCH_HOSTNAME
else:
hosts_filter = [
'%s:%s' % (settings.ELASTICSEARCH_HOSTNAME, h) for h in hosts
]
hosts_filter = mark_safe('(%s)' % ' '.join(hosts_filter))
query_filter = get_middleware_module('common').es_query_string(
self.request)
if qfilter is not None:
query_filter += ' AND ' + qfilter
query_filter = mark_safe(query_filter)
if ignore_middleware:
bool_clauses = ''
else:
bool_clauses = get_middleware_module('common').es_bool_clauses(
self.request)
templ = Template(tmpl)
context = Context(dictionary)
context.update({
'hosts':
hosts,
'hosts_filter':
hosts_filter,
'keyword':
settings.ELASTICSEARCH_KEYWORD,
'hostname':
settings.ELASTICSEARCH_HOSTNAME,
'timestamp':
settings.ELASTICSEARCH_TIMESTAMP,
'from_date':
self._from_date(dictionary),
'to_date':
mark_safe(self._to_date(
dictionary,
es_format=True)), # mark quotes around "now" as safe
'query_filter':
query_filter,
'bool_clauses':
bool_clauses,
'interval':
str(self._interval(dictionary)) + 'ms'
})
return bytearray(templ.render(context), encoding="utf-8")
