def get(self, request, group_name, rule_pk):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
comments = rule.yararulecomment_set.all()
serializer = self.serializer_class(comments, many=True)
return Response(serializer.data)
def delete(self, request, group_name, rule_pk, comment_pk):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
comment = get_object_or_404(rule.yararulecomment_set.all(),
pk=comment_pk)
comment.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
def delete(self, request, group_name, rule_pk, tag):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
if tag and tag in rule.tags:
rule.tags.remove(tag)
rule.save(update_fields=['tags'])
serializer = YaraRuleSerializer(rule)
return Response(serializer.data)
def delete(self, request, group_name, rule_pk, metakey):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
if metakey and metakey in rule.metadata:
rule.metadata.pop(metakey)
rule.save(update_fields=['metadata'])
serializer = YaraRuleSerializer(rule)
return Response(serializer.data)
def put(self, request, group_name, rule_pk):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
serializer = self.serializer_class(rule, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
def patch(self, request, group_name):
group_context = get_group_or_404(group_name)
if request.query_params:
# Filter and deconflict based on query params
queryset = get_queryset(group_context,
query_params=request.query_params)
else:
# Deconflict all
queryset = YaraRule.objects.filter(owner=group_context)
response_content = queryset.deconflict_logic()
return Response(response_content)
def post(self, request, group_name, rule_pk):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
serializer = self.serializer_class(data=request.data,
context={
'request': request,
'view': self
})
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
def get(self, request, group_name):
# Specify metadata of file object
file_meta = 'attachment; filename="RuleExport.yara"'
# Filter based on query params and float dependent rules towards bottom
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context,
query_params=request.query_params)
# Build rule file
rule_file = build_yarafile(queryset)
response = HttpResponse(content=rule_file.getvalue())
response['Content-Type'] = 'application/text'
response['Content-Disposition'] = file_meta
return response
def get(self, request, group_name):
response_content = {}
group_context = get_group_or_404(group_name)
serializer_context = {'group_context': group_context}
queryset = get_queryset(group_context,
query_params=request.query_params)
# Return only the stats that are being specifically filtered for
if 'filter' in request.query_params:
fields = set(request.query_params.getlist('filter'))
serializer = self.serializer_class(queryset,
fields=fields,
context=serializer_context)
# Return all available stats
else:
serializer = self.serializer_class(queryset,
context=serializer_context)
return Response(serializer.data)
def get(self, request, group_name):
# Filter based on query params and float dependent rules towards bottom
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context,
query_params=request.query_params)
rules = queryset.order_by('dependencies')
# Temporary rule file container
temp_file = io.StringIO()
# Build import search patterns
import_options = YaraParser.parserInterpreter.import_options
import_pattern = 'import \"(?:{})\"\n'.format('|'.join(import_options))
# Specify metadata of file object
file_meta = 'attachment; filename="RuleExport.yara"'
for rule in rules.iterator():
# name, tags, imports, metadata, strings, condition, scopes
formatted_rule = rule.format_rule()
temp_file.write(formatted_rule)
temp_file.write('\n\n')
present_imports = set(re.findall(import_pattern, temp_file.getvalue()))
importless_file = re.sub(import_pattern, '', temp_file.getvalue())
# Finalized rule file container
rule_file = io.StringIO()
for import_value in present_imports:
rule_file.write(import_value)
rule_file.write('\n\n')
rule_file.write(importless_file)
response = HttpResponse(content=rule_file.getvalue())
response['Content-Type'] = 'application/text'
response['Content-Disposition'] = file_meta
return response
def delete(self, request, group_name):
group_context = get_group_or_404(group_name)
if request.query_params:
# Filter based on query params
queryset = get_queryset(group_context,
query_params=request.query_params)
else:
# Do not allow method to occur by setting the queryset to none
queryset = YaraRule.objects.none()
rule_count = queryset.count()
rule_names = list(queryset.values_list('name', flat=True).distinct())
queryset.delete()
response_content = {
'deleted_rule_count': rule_count,
'deleted_rule_names': rule_names
}
return Response(response_content)
def patch(self, request, group_name):
group_context = get_group_or_404(group_name)
if request.query_params:
# Filter based on query params
queryset = get_queryset(group_context,
query_params=request.query_params)
else:
# Do not allow method to occur by setting the queryset to none
queryset = YaraRule.objects.none()
rule_count = queryset.count()
rule_names = list(queryset.values_list('name', flat=True).distinct())
update_feedback = queryset.bulk_update(request.data)
response_content = {
'modified_rule_count': rule_count,
'modified_rule_names': rule_names,
'errors': update_feedback['errors'],
'warnings': update_feedback['warnings']
}
return Response(response_content)
def get_queryset(self):
group_context = get_group_or_404(self.kwargs['group_name'])
queryset = YaraRule.objects.filter(owner=group_context)
return queryset
def post(self, request, group_name):
response_content = {
'errors': [],
'warnings': [],
'rule_upload_count': 0,
'rule_collision_count': 0
}
submitter = request.user
group_context = get_group_or_404(group_name)
# Retrieve submitted yara rule content
submissions = request.data.getlist('rule_content')
# Only owners and admins can specifically select the status
if group_admin(request):
status = request.data.get('status')
if status not in [
YaraRule.ACTIVE_STATUS, YaraRule.INACTIVE_STATUS,
YaraRule.PENDING_STATUS
]:
status = YaraRule.INACTIVE_STATUS
# Rules from others are automatically put into nonprivileged status
else:
status = group_context.groupmeta.nonprivileged_submission_status
# Check for source and category
source = request.data.get('source', '')
category = request.data.get('category', '')
# Check for in-line modifications
add_tags = request.data.get('add_tags', None)
prepend_name = request.data.get('prepend_name', None)
append_name = request.data.get('append_name', None)
add_metadata = {
metakey[13:]: metavalue
for metakey, metavalue in request.data.items()
if metakey.startswith('set_metadata_')
}
# Process each submission
for raw_submission in submissions:
submission_results = parse_rule_submission(raw_submission)
# Inspect the submission results
parsed_rules = submission_results['parsed_rules']
parsing_error = submission_results['parser_error']
# Identify any parsing errors that occur
if parsing_error:
response_content['errors'].append(parsing_error['message'])
else:
# Save successfully parsed rules
save_results = YaraRule.objects.process_parsed_rules(
parsed_rules,
source,
category,
submitter,
group_context,
status=status,
add_tags=add_tags,
add_metadata=add_metadata,
prepend_name=prepend_name,
append_name=append_name)
response_content['errors'].extend(save_results['errors'])
response_content['warnings'].extend(save_results['warnings'])
response_content['rule_upload_count'] += save_results[
'rule_upload_count']
response_content['rule_collision_count'] += save_results[
'rule_collision_count']
return Response(response_content)
def post(self, request, group_name):
response_content = {
'errors': [],
'warnings': [],
'rule_upload_count': 0,
'rule_collision_count': 0
}
submitter = request.user
group_context = get_group_or_404(group_name)
submissions = request.data.getlist('rule_content')
# Only owners and admins can submit ACTIVE or INACTIVE rules
if group_admin(request):
set_active = request.data.get('active')
if set_active:
status = YaraRule.ACTIVE_STATUS
else:
status = YaraRule.INACTIVE_STATUS
# Rules from others are automatically put into pending status
else:
status = YaraRule.PENDING_STATUS
source = request.data.get('source', '')
category = request.data.get('category', '')
if group_context.groupmeta.source_required and not source:
response_content['errors'].append('No source specified')
if group_context.groupmeta.category_required and not category:
response_content['errors'].append('No category specified')
if not submissions:
response_content['errors'].append('No yara content submitted')
# If no errors continue
if not response_content['errors']:
# Check for in-line modifications
add_tags = request.data.get('add_tags', None)
prepend_name = request.data.get('prepend_name', None)
append_name = request.data.get('append_name', None)
add_metadata = {
metakey[13:]: metavalue
for metakey, metavalue in request.data.items()
if metakey.startswith('set_metadata_')
}
# Process each submission
for raw_submission in submissions:
submission_results = parse_rule_submission(raw_submission)
# Inspect the submission results
parsed_rules = submission_results['parsed_rules']
parsing_error = submission_results['parser_error']
# Identify any parsing errors that occur
if parsing_error:
response_content['errors'].append(parsing_error)
else:
# Save successfully parsed rules
save_results = YaraRule.objects.process_parsed_rules(
parsed_rules,
source,
category,
submitter,
group_context,
status=status,
add_tags=add_tags,
add_metadata=add_metadata,
prepend_name=prepend_name,
append_name=append_name)
response_content['errors'] = save_results['errors']
response_content['warnings'] = save_results['warnings']
response_content['rule_upload_count'] += save_results[
'rule_upload_count']
response_content['rule_collision_count'] += save_results[
'rule_collision_count']
return Response(response_content)
def delete(self, request, group_name, rule_pk):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
rule.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
def get(self, request, group_name, rule_pk):
group_context = get_group_or_404(group_name)
queryset = get_queryset(group_context)
rule = get_object_or_404(queryset, pk=rule_pk)
serializer = self.serializer_class(rule)
return Response(serializer.data)
