def top_taxii(request):
debug_print('>>>top_taxii enter')
#method check
debug_print('>>>HTTP method:' + str(request.method))
if request.method != 'GET':
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r.status_code = 406
return r
#Accept check
debug_print('>>>request.META.has_key(HTTP_ACCEPT):' +
str(request.META.has_key('HTTP_ACCEPT')))
if request.META.has_key('HTTP_ACCEPT') == False:
print '>>>no HTTP_ACCEPT'
data = get_no_accept_json_data('No Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r.status_code = 406
return r
if check_http_accept(request) == True:
debug_print('>>>Invalid Accept')
data = get_no_accept_json_data('Invalid Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r.status_code = 406
return r
#Authenticate check
r = check_common_authorization(request)
if r is not None:
return r
data = {
'title': 'TAXII Server Under Test',
'description': 'This is a TAXII Server under test',
'contact': 'Please contact x-xxx-xxx-xxxx',
'default': '%s/%s/' % (TXS_HOST_PORT, API_ROOT_1),
'api_roots': ['%s/%s/' % (TXS_HOST_PORT, API_ROOT_1)]
}
return JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
def top(request):
debug_print('>>>top enter')
#method check
debug_print('>>>HTTP method:' + str(request.method))
if request.method != 'GET':
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r.status_code = 406
return r
#Accept check
debug_print('>>>request.META.has_key(HTTP_ACCEPT):' +
str(request.META.has_key('HTTP_ACCEPT')))
if request.META.has_key('HTTP_ACCEPT') == False:
print '>>>no HTTP_ACCEPT'
data = get_no_accept_json_data('No Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r.status_code = 406
return r
if check_http_accept(request) == True:
debug_print('>>>Invalid Accept')
data = get_no_accept_json_data('Invalid Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r.status_code = 406
return r
#Authenticate check
r = check_common_authorization(request)
if r is not None:
return r
data = {
'title': 'Sharing Group 1',
'description': 'This sharing group shares intelligence.',
'versions': ['taxii-2.0'],
'max_content_length': MAX_CONTENT_LENGTH
}
return JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
def get_read_collection_content():
debug_print('>>>enter get_read_collection_content')
j = []
for stix_file in StixFiles.objects(input_community=_community):
debug_print('>>>stix_file id: ' + str(stix_file.id))
content = stix_file.content.read()
j.append(json.loads(content))
return JsonResponse(j,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_STIX_JSON)
def misp_import(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
try:
package_id = request.POST['package_id']
control = MispUploadAdapterControl()
control.upload_misp(package_id)
resp = {'status': 'OK', 'message': 'Success'}
except Exception as e:
resp = {'status': 'NG', 'message': str(e)}
return JsonResponse(resp)
def publish(request):
stix_id = request.GET['stix_id']
taxii_id = request.GET['taxii_id']
protocol_version = request.GET['protocol_version']
stix = StixFiles.objects.get(id=stix_id)
if protocol_version.startswith('1.'):
taxii_client = TaxiiClients.objects.get(id=taxii_id)
client = Client(taxii_client=taxii_client)
else:
taxii_client = Taxii2Clients.objects.get(id=taxii_id)
client = Client(taxii2_client=taxii_client)
if not client._can_write:
resp = {'status': 'NG',
'message': 'This collection is not for publishing.'}
return JsonResponse(resp)
try:
msg = client.push(stix)
resp = {'status': 'OK',
'message': msg}
except Exception as e:
resp = {'status': 'NG',
'message': str(e)}
return JsonResponse(resp)
def publish(request):
# ajax parameter取得
stix_id = request.GET['stix_id']
taxii_id = request.GET['taxii_id']
# Publish (Push) する StixFile object
stix = StixFiles.objects.get(id=stix_id)
# Publish (Push) の時に使用する TaxiiClients object
client = Client(taxii_id=taxii_id)
# publish する
try:
client.push(stix)
resp = {'status': 'OK', 'message': 'Success'}
except Exception as e:
# traceback.print_exc()
resp = {'status': 'NG', 'message': str(e)}
return JsonResponse(resp)
def get_table_info(request):
iDisplayLength = int(request.GET['iDisplayLength'])
sEcho = request.GET['sEcho']
iDisplayStart = int(request.GET['iDisplayStart'])
sSearch = request.GET['sSearch']
sort_col = int(request.GET['iSortCol_0'])
sort_dir = request.GET['sSortDir_0']
order_query = None
if sort_col == 1:
order_query = 'produced'
elif sort_col == 2:
order_query = 'package_name'
elif sort_col == 3:
order_query = 'package_id'
elif sort_col == 4:
order_query = 'version'
if order_query is not None:
if sort_dir == 'desc':
order_query = '-' + order_query
s_input_communities = Communities.objects.filter(Q(name__icontains=sSearch))
s_via_choices = Vias.get_search_via_choices(sSearch)
s_uploaders = []
for uploader in STIPUser.objects.filter(QQ(screen_name__icontains=sSearch) | QQ(username__icontains=sSearch)):
s_uploaders.append(uploader.id)
s_vias = Vias.objects.filter(Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders) | Q(adapter_name__icontains=sSearch))
objects = StixFiles.objects \
.filter(
Q(package_name__icontains=sSearch)
| Q(package_id__icontains=sSearch)
| Q(version__icontains=sSearch)
| Q(input_community__in=s_input_communities)
| Q(via__in=s_vias)
)\
.order_by(order_query)
aaData = []
count = 0
for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]:
l = []
l.append('<input type="checkbox" file_id="%s"/ class="delete-checkbox">' % (d.id))
l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S'))
l.append(d.package_name)
l.append(d.package_id)
l.append(d.version)
try:
l.append(d.input_community.name)
except DoesNotExist:
l.append('<deleted>')
l.append(d.via.get_via_display())
l.append(d.via.get_uploader_screen_name())
link_str = ''
if d.version.startswith('1.'):
link_str += '<a href="/list/download?id=%s&version=%s">STIX %s (Original)</a><br/>' % (d.id, d.version, d.version)
link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id))
elif d.version == '2.0':
link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id))
link_str += ('<a href="/list/download?id=%s&version=2.0">STIX 2.0 (Original)</a><br/>' % (d.id))
link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id))
elif d.version == '2.1':
link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id))
link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1 (Original)</a>' % (d.id))
l.append(link_str)
if request.user.is_admin:
l.append('<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" data-file-id="%s" data-package-name="%s" data-package-id="%s" title="Publish to.."></span></a>' % (d.id, d.package_name, d.package_id))
else:
l.append('<span class="glyphicon glyphicon-ban-circle" disabled></span>')
link_str = ('<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>' % (d.package_id))
l.append(link_str)
aaData.append(l)
count += 1
resp = {}
all_count = StixFiles.objects.count()
resp['iTotalRecords'] = all_count
resp['iTotalDisplayRecords'] = objects.count()
resp['sEcho'] = sEcho
resp['aaData'] = aaData
return JsonResponse(resp)
def get_table_info(request):
#ajax parameter取得
iDisplayLength = int(request.GET['iDisplayLength'])
sEcho = request.GET['sEcho']
iDisplayStart = int(request.GET['iDisplayStart'])
sSearch = request.GET['sSearch']
sort_col = int(request.GET['iSortCol_0'])
sort_dir = request.GET['sSortDir_0']
order_query = None
if sort_col == 1:
order_query = 'produced'
elif sort_col == 2:
order_query = 'package_name'
elif sort_col == 3:
order_query = 'package_id'
elif sort_col == 4:
order_query = 'version'
if order_query is not None:
#descが降順
if sort_dir == 'desc':
order_query = '-' + order_query
#検索対象のcommunity
s_input_communities = Communities.objects.filter(
Q(name__icontains=sSearch))
#検索対象のvia_choice
s_via_choices = Vias.get_search_via_choices(sSearch)
#検索対象のUploader
s_uploaders = []
for uploader in STIPUser.objects.filter(
QQ(screen_name__icontains=sSearch)
| QQ(username__icontains=sSearch)):
s_uploaders.append(uploader.id)
#検索対象のvias
#viaとuploaderとadapter_nameが検索時対象
s_vias = Vias.objects.filter(
Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders)
| Q(adapter_name__icontains=sSearch))
#検索する
objects = StixFiles.objects \
.filter(
Q(package_name__icontains=sSearch) |
Q(package_id__icontains=sSearch)|
Q(version__icontains=sSearch)|
Q(input_community__in=s_input_communities) |
Q(via__in=s_vias)
)\
.order_by(order_query)
#検索結果から表示範囲のデータを抽出する
aaData = []
count = 0
for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]:
l = []
l.append(
'<input type="checkbox" file_id="%s"/ class="delete-checkbox">' %
(d.id))
l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S'))
l.append(d.package_name)
l.append(d.package_id)
l.append(d.version)
try:
l.append(d.input_community.name)
except DoesNotExist:
#commmunityが削除されたなどの理由でない場合
l.append('<deleted>')
l.append(d.via.get_via_display())
l.append(d.via.get_uploader_screen_name())
link_str = '<a href="/list/download?id=%s&version=%s">Original (%s)</a> ' % (
d.id, d.version, d.version)
if d.version != '2.0':
link_str += (
'<a href="/list/download?id=%s&version=2.0">Converted (2.0)</a>'
% (d.id))
else:
link_str += (
'<a href="/list/download?id=%s&version=1.2">Converted (1.2)</a>'
% (d.id))
l.append(link_str)
l.append(
'<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" file_id="%s" title="Publish to.."></span></a>'
% (d.id))
if d.version.startswith('1.') == True:
link_str = (
'<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>'
% (d.package_id))
else:
link_str = (
'<span class="glyphicon glyphicon-remove-sign"></span>')
l.append(link_str)
aaData.append(l)
count += 1
resp = {}
all_count = StixFiles.objects.count()
resp['iTotalRecords'] = all_count
resp['iTotalDisplayRecords'] = objects.count()
resp['sEcho'] = sEcho
resp['aaData'] = aaData
return JsonResponse(resp)
def collections_objects(request, id_):
debug_print('>>>collections_objects enter')
debug_print('>>>id_ :' + str(id_))
#Authenticate check
r = check_common_authorization(request)
if r is not None:
debug_print('>>>Invalid Authentication.')
return r
if id_ == READ_COLLECTION:
#Read Collection
debug_print('>>>Read Collection.')
if request.method != 'GET':
#ReadCollcetion 指定時に GET 以外はNG
debug_print('>>>Invalid HTTP Method:' + str(request.method))
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
#Accept check
if request.META.has_key('HTTP_ACCEPT') == False:
debug_print('>>>No HTTP_ACCEPT.')
data = get_no_accept_json_data('No Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
if check_http_accept(request) == True:
debug_print('>>>HTTP_ACCEPT Invalid:' +
str(request.META['HTTP_ACCEPT']))
data = get_no_accept_json_data('Invalid Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
return get_read_collection_content()
elif id_ == WRITE_COLLECTION:
#Write Collection
debug_print('>>>Write Collection.')
if request.method != 'POST':
#WirteCollcetion 指定時に POST 以外はNG
debug_print('>>>Invalid HTTP Method:' + str(request.method))
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
#max-content-length check
if int(request.META['CONTENT_LENGTH']) > MAX_CONTENT_LENGTH:
debug_print('>>>Too much content size:' +
str(request.META['CONTENT_LENGTH']))
data = get_no_accept_json_data('Too much content size')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
#Accept check
if request.META.has_key('HTTP_ACCEPT') == False:
debug_print('>>>No HTTP_ACCEPT.')
data = get_no_accept_json_data('No Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
if check_http_accept(request) == True:
debug_print('>>>HTTP_ACCEPT Invalid:' +
str(request.META['HTTP_ACCEPT']))
data = get_no_accept_json_data('Invalid Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
data = post_write_collection(request.body)
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON)
r.status_code = 202
return r
elif id_ == READ_WRITE_COLLECTION:
#ReadWrite Collection
debug_print('>>>ReadWrite Collection.')
if request.method == 'GET':
return get_read_collection_content()
elif request.method == 'POST':
#max-content-length check
if int(request.META['CONTENT_LENGTH']) > MAX_CONTENT_LENGTH:
debug_print('>>>Too much content size:' +
str(request.META['CONTENT_LENGTH']))
data = get_no_accept_json_data('Too much content size')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
data = post_write_collection(request.body)
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON)
r.status_code = 202
return r
else:
debug_print('>>>Invalid HTTP Method:' + str(request.method))
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
else:
#unmatched collection id
debug_print('>>>Unmatched Collection:' + str(id_))
data = {
'title': 'Incorrect Collection Get',
'description': 'An incorrect URL for a collection was accessed',
'error_id': 'To be determined',
'error_code': 'To be determined',
'http_status': '404',
'external_details': 'To be determined',
"details": {
"collection": id_,
}
}
j = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
j.status_code = 404
return j
return JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
def collections(request, id_):
debug_print('>>>collections enter')
debug_print('>>>id_ :' + str(id_))
#method check
if request.method != 'GET':
debug_print('>>>Invalid HTTP method:' + str(request.method))
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
#Authenticate check
r = check_common_authorization(request)
if r is not None:
debug_print('>>>Invalid Authentication.')
return r
#Accept check
if request.META.has_key('HTTP_ACCEPT') == False:
debug_print('>>>No HTTP_ACCEPT.')
data = get_no_accept_json_data('No Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
if check_http_accept(request) == True:
debug_print('>>>HTTP_ACCEPT Invalid:' +
str(request.META['HTTP_ACCEPT']))
data = get_no_accept_json_data('Invalid Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
if id_ == READ_COLLECTION:
data = {
'id': id_,
'title': 'Test Read Collection',
'description': 'This is Test Read Collection',
'can_read': True,
'can_write': False,
'media_types': [COLLECTION_MEDIA_TYPE]
}
elif id_ == WRITE_COLLECTION:
data = {
'id': id_,
'title': 'Test Write Collection',
'description': 'This is Test Write Collection',
'can_read': False,
'can_write': True,
'media_types': [COLLECTION_MEDIA_TYPE]
}
elif id_ == READ_WRITE_COLLECTION:
data = {
'id': id_,
'title': 'Test Read Write Collection',
'description': 'This is Test Read Write Collection',
'can_read': True,
'can_write': True,
'media_types': [COLLECTION_MEDIA_TYPE]
}
else:
#unmatched collection id
debug_print('>>>unmatched collection id:' + str(id_))
data = {
'title': 'Incorrect Collection Get',
'description': 'An incorrect URL for a collection was accessed',
'error_id': 'To be determined',
'error_code': 'To be determined',
'http_status': '404',
'external_details': 'To be determined',
"details": {
"collection": request.path,
}
}
j = JsonResponse(data,
safe=False,
content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
j.status_code = 404
return j
return JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON)
def collections_root(request):
debug_print('>>>collections enter')
#method check
if request.method != 'GET':
debug_print('>>>Invalid HTTP method:' + str(request.method))
data = get_no_accept_json_data('Invalid HTTP method')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
#Authenticate check
r = check_common_authorization(request)
if r is not None:
debug_print('>>>Invalid Authentication.')
return r
#Accept check
if request.META.has_key('HTTP_ACCEPT') == False:
debug_print('>>>No HTTP_ACCEPT.')
data = get_no_accept_json_data('No Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
if check_http_accept(request) == True:
debug_print('>>>HTTP_ACCEPT Invalid:' +
str(request.META['HTTP_ACCEPT']))
data = get_no_accept_json_data('Invalid Accept')
r = JsonResponse(data,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
r.status_code = 406
return r
collections = []
data = {
'id': READ_COLLECTION,
'title': 'Test Read Collection',
'description': 'This is Test Read Collection',
'can_read': True,
'can_write': False,
'media_types': [COLLECTION_MEDIA_TYPE]
}
collections.append(data)
data = {
'id': WRITE_COLLECTION,
'title': 'Test Write Collection',
'description': 'This is Test Write Collection',
'can_read': False,
'can_write': True,
'media_types': [COLLECTION_MEDIA_TYPE]
}
collections.append(data)
data = {
'id': READ_WRITE_COLLECTION,
'title': 'Test Read Write Collection',
'description': 'This is Test Read Write Collection',
'can_read': True,
'can_write': True,
'media_types': [COLLECTION_MEDIA_TYPE]
}
collections.append(data)
r = {}
r['collections'] = collections
return JsonResponse(r,
safe=False,
content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON)
