Example #1
0
def apply_standalone_template(request):
    logger.info("__ input_forms apply_standalone_template __")
    if "input_form_id" not in request.POST:
        logger.error("Did no find all required fields in request")
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]

    input_form = InputForm.objects.get(pk=input_form_id)

    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        if '.' in j["name"]:
            # this is a fancy variable name
            j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]]))
            context.update(j_dict)
        else:
            logger.debug("setting context %s" % j["name"])
            context[j["name"]] = str(request.POST[j["name"]])

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
    except TemplateSyntaxError as e:
        logger.error("Caught a template syntax error!")
        logger.error(str(e))
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    completed_template = str(compiled_template.render(context))

    logger.info(completed_template)
    action_name = config_template.action_provider
    logger.info(action_name)

    action_options = json.loads(config_template.action_provider_options)
    logger.info(action_options)

    for ao in action_options:
        if "action_options_" + str(ao) in request.POST:
            logger.debug("Found a customized action option!")
            new_val = request.POST["action_options_" + str(ao)]
            current_value = action_options[ao]["value"]
            action_options[ao]["value"] = re.sub("{{ .* }}", new_val, current_value)
            logger.debug(action_options[ao]["value"])

    action = action_provider.get_provider_instance(action_name, action_options)
    results = action.execute_template(completed_template)
    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #2
0
def apply_standalone_template(request):
    if "input_form_id" not in request.POST:
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]

    input_form = InputForm.objects.get(pk=input_form_id)

    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        print "setting context %s" % j["name"]
        context[j["name"]] = str(request.POST[j["name"]])

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
    except TemplateSyntaxError as e:
        print "Caught a template syntax error!"
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    completed_template = str(compiled_template.render(context))

    print completed_template
    action_name = config_template.action_provider
    print action_name

    action_options = json.loads(config_template.action_provider_options)
    print action_options

    for ao in action_options:
        if "action_options_" + str(ao) in request.POST:
            print "Found a customized action option!"
            new_val = request.POST["action_options_" + str(ao)]
            current_value = action_options[ao]["value"]
            action_options[ao]["value"] = re.sub("{{ .* }}", new_val, current_value)
            print action_options[ao]["value"]

    action = action_provider.get_provider_instance(action_name, action_options)
    results = action.execute_template(completed_template)
    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #3
0
def apply_template_to_queue(request):
    if "input_form_id" not in request.POST:
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoints = request.session["endpoint_queue"]
    input_form = InputForm.objects.get(pk=input_form_id)

    print input_form.json
    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        if '.' in j["name"]:
            # this is a json capable variable name
            j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]]))
            context.update(j_dict)
        else:
            print "setting context %s" % j["name"]
            context[j["name"]] = str(request.POST[j["name"]])

    print context

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
    except TemplateSyntaxError as e:
        print "Caught a template syntax error!"
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name
    print "action options are: " + str(action_options)

    action = action_provider.get_provider_instance(action_name, action_options)

    results = ""
    for endpoint in endpoints:
        if "username" not in endpoint or endpoint["username"] == "":
            if "global_username" in request.POST:
                endpoint["username"] = request.POST["global_username"]
            else:
                raise Exception("Authentication is required!")

        if "password" not in endpoint or endpoint["password"] == "":
            if "global_password" in request.POST:
                endpoint["password"] = request.POST["global_password"]
            else:
                raise Exception("Authentication is required!")

        context["af_endpoint_ip"] = endpoint["ip"]
        context["af_endpoint_username"] = endpoint["username"]
        context["af_endpoint_password"] = endpoint["password"]
        context["af_endpoint_type"] = endpoint["type"]

        completed_template = str(compiled_template.render(context))

        results += "================ %s ================\n" % endpoint["name"]
        action.set_endpoint(endpoint)
        result = action.execute_template(completed_template)
	if result == None:
		result=''
        results += result
        results += "\n"

    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #4
0
def apply_template(request):
    """

    :param request: HTTPRequest from the input form
    :return: results of the template execution

    """

    required_fields = set(["input_form_id", "endpoint_id", "group_id"])
    if not required_fields.issubset(request.POST):
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoint_id = request.POST["endpoint_id"]
    group_id = request.POST["group_id"]

    provider_instance = endpoint_provider.get_provider_instance_from_group(group_id)
    endpoint = provider_instance.get_endpoint_by_id(endpoint_id)

    if "username" not in endpoint or endpoint["username"] == "":
        if "global_username" in request.POST:
            endpoint["username"] = request.POST["global_username"]
        else:
            raise Exception("Authentication is required!")

    if "password" not in endpoint or endpoint["password"] == "":
        if "global_password" in request.POST:
            endpoint["password"] = request.POST["global_password"]
        else:
            raise Exception("Authentication is required!")

    input_form = InputForm.objects.get(pk=input_form_id)

    print input_form.json
    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        if '.' in j["name"]:
            # this is a json capable variable name
            j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]]))
            context.update(j_dict)
        else:
            print "setting context %s" % j["name"]
            context[j["name"]] = str(request.POST[j["name"]])

    context["af_endpoint_ip"] = endpoint["ip"]
    context["af_endpoint_username"] = endpoint["username"]
    context["af_endpoint_password"] = endpoint["password"]
    context["af_endpoint_type"] = endpoint["type"]

    print context

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
        completed_template = str(compiled_template.render(context))
    except TemplateSyntaxError as e:
        print "Caught a template syntax error!"
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    print "TEMPLATE IS:"
    print completed_template
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name

    action = action_provider.get_provider_instance(action_name, action_options)
    action.set_endpoint(endpoint)
    results = action.execute_template(completed_template)
    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #5
0
def apply_template_to_queue(request):
    if "input_form_id" not in request.POST:
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoints = request.session["endpoint_queue"]
    input_form = InputForm.objects.get(pk=input_form_id)

    print input_form.json
    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        print "setting context %s" % j["name"]
        context[j["name"]] = str(request.POST[j["name"]])

    print context

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
    except TemplateSyntaxError as e:
        print "Caught a template syntax error!"
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name
    print "action options are: " + str(action_options)

    action = action_provider.get_provider_instance(action_name, action_options)

    results = ""
    for endpoint in endpoints:
        if "username" not in endpoint or endpoint["username"] == "":
            if "global_username" in request.POST:
                endpoint["username"] = request.POST["global_username"]
            else:
                raise Exception("Authentication is required!")

        if "password" not in endpoint or endpoint["password"] == "":
            if "global_password" in request.POST:
                endpoint["password"] = request.POST["global_password"]
            else:
                raise Exception("Authentication is required!")

        context["af_endpoint_ip"] = endpoint["ip"]
        context["af_endpoint_username"] = endpoint["username"]
        context["af_endpoint_password"] = endpoint["password"]
        context["af_endpoint_type"] = endpoint["type"]

        completed_template = str(compiled_template.render(context))

        results += "================ %s ================\n" % endpoint["name"]
        action.set_endpoint(endpoint)
        result = action.execute_template(completed_template)
        results += result
        results += "\n"

    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #6
0
def apply_template(request):
    """

    :param request: HTTPRequest from the input form
    :return: results of the template execution

    """
    print "APPLY TEMPLATE"

    required_fields = set(["input_form_id", "endpoint_id", "group_id"])
    if not required_fields.issubset(request.POST):
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoint_id = request.POST["endpoint_id"]
    group_id = request.POST["group_id"]

    provider_instance = endpoint_provider.get_provider_instance_from_group(group_id)
    endpoint = provider_instance.get_endpoint_by_id(endpoint_id)

    if "username" not in endpoint or endpoint["username"] == "":
        if "global_username" in request.POST:
            endpoint["username"] = request.POST["global_username"]
        else:
            raise Exception("Authentication is required!")

    if "password" not in endpoint or endpoint["password"] == "":
        if "global_password" in request.POST:
            endpoint["password"] = request.POST["global_password"]
        else:
            raise Exception("Authentication is required!")

    input_form = InputForm.objects.get(pk=input_form_id)

    print input_form.json
    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        print "setting context %s" % j["name"]
        context[j["name"]] = str(request.POST[j["name"]])

    context["af_endpoint_ip"] = endpoint["ip"]
    context["af_endpoint_username"] = endpoint["username"]
    context["af_endpoint_password"] = endpoint["password"]
    context["af_endpoint_type"] = endpoint["type"]

    print context

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
        completed_template = str(compiled_template.render(context))
    except TemplateSyntaxError as e:
        print "Caught a template syntax error!"
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    print "TEMPLATE IS:"
    print completed_template
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name

    action = action_provider.get_provider_instance(action_name, action_options)
    action.set_endpoint(endpoint)
    results = action.execute_template(completed_template)
    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #7
0
def chain_template(request):
    """
    Populates the input_variables of one template from POSTed form data or json encoded http request body
    This allows you to chain the output of one template to another one
    if the input_variable of a template is in the form 'some.variable.with.periods'
    then the input json object will be searched for that value
    :param request: HTTPRequest either x-www-form-urlencoded or application/json
    :return: the output of the template specified by the template_id parameter
    """
    print(request.META["CONTENT_TYPE"])
    if request.META["CONTENT_TYPE"] == "application/json":
        try:
            data = json.loads(request.body)
            template_id = data["template_id"]
        except ValueError:
            error = {
                "output": "missing required template_id parameter",
                "status": 1
            }
            return HttpResponse(json.dumps(error),
                                content_type="application/json")

        try:
            config_template = ConfigTemplate.objects.get(pk=template_id)

            context = dict()
            # iterate over all the keys in the json object and set on the context
            # the template engine is smart enough to figure out what goes where
            for k in data:
                context[k] = data[k]

        except ObjectDoesNotExist:
            error = {"output": "Could not get config template", "status": 1}
            return HttpResponse(json.dumps(error),
                                content_type="application/json")

    else:
        # this must be a x-www-form-urlencoded request
        required_fields = set(["template_id"])
        if not required_fields.issubset(request.POST):
            error = {
                "output": "missing required template_id parameter",
                "status": 1
            }
            return HttpResponse(json.dumps(error),
                                content_type="application/json")

        template_id = request.POST["template_id"]
        config_template = ConfigTemplate.objects.get(pk=template_id)
        template_api = get_input_parameters_for_template(config_template)
        template_api['a_frame_url'] = '{}://{}/tools/execute_template'.format(
            request.scheme, request.get_host())
        context = dict()

        try:
            print(str(template_api["input_parameters"]))
            input_parameters = template_api["input_parameters"]

            for j in input_parameters:
                print("setting context %s" % j)
                context[j] = str(request.POST[j])

        except Exception as ex:
            print(str(ex))
            error = {"output": "missing required parameters", "status": 1}
            return HttpResponse(json.dumps(error),
                                content_type="application/json")

    compiled_template = engines['django'].from_string(config_template.template)
    # compiled_template = get_template_from_string(config_template.template)
    completed_template = str(compiled_template.render(context))

    print(completed_template)
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print("action name is: " + action_name)

    action = action_provider.get_provider_instance(action_name, action_options)
    if config_template.type == "per-endpoint":
        required_fields = ("af_endpoint_ip", "af_endpoint_username",
                           "af_endpoint_password", "af_endpoint_password")

        if not required_fields.issubset(request.POST):
            error = {
                "output": "missing required authentication parameters",
                "status": 1
            }
            return HttpResponse(json.dumps(error),
                                content_type="application/json")

        endpoint = dict()
        endpoint["ip"] = request.POST["af_endpoint_ip"]
        endpoint["username"] = request.POST["af_endpoint_username"]
        endpoint["password"] = request.POST["af_endpoint_password"]
        endpoint["type"] = request.POST["af_endpoint_type"]

        action.set_endpoint(endpoint)

    try:
        results = action.execute_template(completed_template.strip().replace(
            '\r\n', '\n'))
        response = {"output": results, "status": 0}

    except Exception as ex:
        print(str(ex))
        response = {"output": "Error executing template", "status": 1}

    return HttpResponse(json.dumps(response), content_type="application/json")
Example #8
0
def _configure_widget_options(j):
    '''
    Configures widget specific options if necessary
    :param j: input_form configuration object
    :return: configured input_form json object
    '''

    if "widget_config" in j:
        logger.debug("jsonifying widget config")
        j["widget_config_json"] = json.dumps(j["widget_config"])

    if j["widget"] == "preload_list" and "widget_config" in j:

        try:
            widget_config = j["widget_config"]
            template_name = widget_config["template_name"]
            key = widget_config["key_name"]
            value = widget_config["value_name"]
            config_template = ConfigTemplate.objects.get(name=template_name)

        except (ObjectDoesNotExist, KeyError):
            logger.error('Could not load preloaded_list template name!')
            return j

        action_name = config_template.action_provider

        try:
            action_options = json.loads(
                config_template.action_provider_options)
        except (ValueError, TypeError):
            logger.error(
                'Could not load action_provider_options from config_template!')
            return j

        # let's load any secrets if necessary
        provider_options = action_provider.get_options_for_provider(
            action_name)
        for opt in provider_options:
            if opt['type'] == 'secret':
                opt_name = opt['name']
                pw_lookup_key = action_options[opt_name]['value']
                pw_lookup_value = aframe_utils.lookup_secret(pw_lookup_key)
                action_options[opt_name]['value'] = pw_lookup_value

        action = action_provider.get_provider_instance(action_name,
                                                       action_options)

        try:
            results = action.execute_template(
                config_template.template.strip().replace('\r\n', '\n'))
            print results
            results_object = json.loads(results)
            print key
            print value
            d = aframe_utils.get_list_from_json(key, value, results_object,
                                                list(), 0)
            print d
            j["widget_data"] = d

        except Exception as ex:
            print str(ex)
            return j
Example #9
0
def apply_standalone_template(request):
    logger.info("__ input_forms apply_standalone_template __")
    if "input_form_id" not in request.POST:
        logger.error("Did no find all required fields in request")
        return render(request, "error.html",
                      {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]

    input_form = InputForm.objects.get(pk=input_form_id)

    json_object = json.loads(input_form.json)

    context = dict()
    for j in json_object:
        if '.' in j["name"]:
            # this is a fancy variable name
            j_dict = aframe_utils.generate_dict(j["name"],
                                                str(request.POST[j["name"]]))
            context.update(j_dict)
        else:
            logger.debug("setting context %s" % j["name"])
            print 'setting context %s' % j['name']
            context[j["name"]] = str(request.POST[j["name"]])

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(
            config_template.template)
    except TemplateSyntaxError as e:
        logger.error("Caught a template syntax error!")
        logger.error(str(e))
        return render(request, "error.html",
                      {"error": "Invalid Template Syntax: %s" % str(e)})

    completed_template = str(compiled_template.render(context))

    if "preview" in request.POST:
        if request.POST["preview"] == "yes_please":
            logger.info("Returning template Preview")
            pre_tags = "<html><body><pre>"
            post_tags = "</pre></body</html>"
            return HttpResponse(pre_tags + completed_template + post_tags)

    logger.info(completed_template)
    action_name = config_template.action_provider
    logger.info(action_name)

    action_options = json.loads(config_template.action_provider_options)
    logger.info(action_options)

    for ao in action_options:
        if "action_options_" + str(ao) in request.POST:
            logger.debug("Found a customized action option!")
            new_val = request.POST["action_options_" + str(ao)]
            print new_val
            current_value = action_options[ao]["value"]
            print current_value
            action_options[ao]["value"] = re.sub("{{ .* }}", new_val,
                                                 current_value)
            logger.debug(action_options[ao]["value"])

    # let's load any secrets if necessary
    provider_options = action_provider.get_options_for_provider(action_name)
    for opt in provider_options:
        print opt
        if opt['type'] == 'secret':
            opt_name = opt['name']
            pw_lookup_key = action_options[opt_name]['value']
            pw_lookup_value = aframe_utils.lookup_secret(pw_lookup_key)
            action_options[opt_name]['value'] = pw_lookup_value

    print "action name is: " + action_name

    action = action_provider.get_provider_instance(action_name, action_options)
    results = action.execute_template(completed_template)
    print type(results)
    # the action is passing back extra information about the type of response
    if type(results) is dict:
        if 'display_inline' in results and results['display_inline'] is False:
            if 'cache_key' in results:
                # set extra data on the context so we can use it to build a download link downstream
                context = {
                    'results': 'Binary data',
                    'cache_key': results['cache_key'],
                    'scheme': request.scheme,
                    'host': request.get_host()
                }
        else:
            # fixme to ensure contents is always present in results when display_inline is true
            # results['content'] is currently unimplemented!
            context = {'results': results['contents']}

    else:
        # results is just a string object, so send it through
        context = {"results": results}

    if "inline" in request.POST and request.POST["inline"] == 'yes_please':
        print "returning INLINE"
        context["input_form_name"] = input_form.name
        context["input_form_id"] = input_form_id
        return render(request, "overlay_results.html", context)
    else:
        print "returning full results"
        return render(request, "input_forms/results.html", context)
Example #10
0
def apply_per_endpoint_template(request):
    """

    :param request: HTTPRequest from the input form
    :return: results of the template execution

    """
    logger.info("__ input_forms apply_per_endpoint_template __")

    required_fields = set(["input_form_id", "endpoint_id", "group_id"])
    if not required_fields.issubset(request.POST):
        logger.error("Did no find all required fields in request")
        return render(request, "error.html",
                      {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoint_id = request.POST["endpoint_id"]
    group_id = request.POST["group_id"]

    provider_instance = endpoint_provider.get_provider_instance_from_group(
        group_id)
    endpoint = provider_instance.get_endpoint_by_id(endpoint_id)

    if "username" not in endpoint or endpoint["username"] == "":
        if "global_username" in request.POST:
            endpoint["username"] = request.POST["global_username"]
        else:
            raise Exception("Authentication is required!")

    if "password" not in endpoint or endpoint["password"] == "":
        if "global_password" in request.POST:
            endpoint["password"] = request.POST["global_password"]
        else:
            raise Exception("Authentication is required!")

    input_form = InputForm.objects.get(pk=input_form_id)

    logger.debug(input_form.json)
    json_object = json.loads(input_form.json)

    context = dict()
    for j in json_object:
        if '.' in j["name"]:
            # this is a json capable variable name
            j_dict = aframe_utils.generate_dict(
                j["name"], str(request.POST.get(j["name"], '')))
            context.update(j_dict)
        else:
            logger.debug("setting context %s" % j["name"])
            # don't worry about null values here
            context[j["name"]] = str(request.POST.get(j['name'], ''))

    context["af_endpoint_ip"] = endpoint["ip"]
    context["af_endpoint_id"] = endpoint["id"]
    context["af_endpoint_name"] = endpoint["name"]
    context["af_endpoint_username"] = endpoint["username"]
    context["af_endpoint_password"] = endpoint["password"]
    context["af_endpoint_type"] = endpoint["type"]

    logger.debug(context)

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(
            config_template.template)
        completed_template = str(compiled_template.render(context))
    except TemplateSyntaxError as e:
        logger.error("Caught a template syntax error!")
        return render(request, "error.html",
                      {"error": "Invalid Template Syntax: %s" % str(e)})

    logger.debug(completed_template)
    action_name = config_template.action_provider

    action_options = json.loads(config_template.action_provider_options)
    logger.debug(action_options)

    for ao in action_options:
        if "action_options_" + str(ao) in request.POST:
            logger.debug("Found a customized action option!")
            new_val = request.POST["action_options_" + str(ao)]
            current_value = action_options[ao]["value"]
            action_options[ao]["value"] = re.sub("{{.*}}", new_val,
                                                 current_value)
            logger.debug(action_options[ao]["value"])

    logger.debug("action name is: " + action_name)

    # let's load any secrets if necessary
    provider_options = action_provider.get_options_for_provider(action_name)
    for opt in provider_options:
        print opt
        if opt['type'] == 'secret':
            opt_name = opt['name']
            pw_lookup_key = action_options[opt_name]['value']
            pw_lookup_value = aframe_utils.lookup_secret(pw_lookup_key)
            action_options[opt_name]['value'] = pw_lookup_value

    action = action_provider.get_provider_instance(action_name, action_options)
    action.set_endpoint(endpoint)
    results = action.execute_template(completed_template)
    context = {"results": results}

    if "inline" in request.POST and request.POST["inline"] == 'yes_please':
        print "returning INLINE"
        context["input_form_name"] = input_form.name
        context["input_form_id"] = input_form_id
        return render(request, "overlay_results.html", context)

    return render(request, "input_forms/results.html", context)
Example #11
0
def execute_template(post_vars):
    """
    Refactored out of tools/views.py as this is used in a couple of different places (tools/views and screens/views)
    :param post_vars: copy of all variables passed in via the operation
    :return: response object of form {'output': whatever, 'status': 1 }
    """
    if 'template_id' not in post_vars and 'template_name' not in post_vars:
        error = {
            'output':
            'missing required template_id or template_name parameter',
            'status': 1
        }
        return error

    if 'template_id' in post_vars:
        template_id = int(post_vars['template_id'])
        config_template = ConfigTemplate.objects.get(pk=template_id)
    else:
        template_name = str(post_vars['template_name'])
        print("GETTING %s" % template_name)
        config_template = ConfigTemplate.objects.get(name=template_name)

    template_api = get_input_parameters_for_template(config_template)

    context = dict()

    try:
        print(str(template_api["input_parameters"]))
        input_parameters = template_api["input_parameters"]

        for j in input_parameters:
            print("setting context %s" % j)
            context[j] = str(post_vars[j])

    except Exception as ex:
        print(str(ex))
        error = {"output": "missing required parameters", "status": 1}
        return error

    compiled_template = engines['django'].from_string(config_template.template)
    # compiled_template = get_template_from_string(config_template.template)
    completed_template = str(compiled_template.render(context))

    print(completed_template)
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print(post_vars)

    for ao in action_options:
        print('checking ' + str(ao))
        if "action_options_" + str(ao) in post_vars:
            print("found a match!")
            new_val = post_vars["action_options_" + str(ao)]
            print(new_val)
            current_value = action_options[ao]["value"]
            print(current_value)
            action_options[ao]["value"] = re.sub("{{ .* }}", new_val,
                                                 current_value)
            print(action_options[ao]["value"])

    # let's load any secrets if necessary
    provider_options = action_provider.get_options_for_provider(action_name)
    for opt in provider_options:
        if opt['type'] == 'secret':
            opt_name = opt['name']
            pw_lookup_key = action_options[opt_name]['value']
            pw_lookup_value = lookup_secret(pw_lookup_key)
            action_options[opt_name]['value'] = pw_lookup_value

    print("action name is: " + action_name)

    action = action_provider.get_provider_instance(action_name, action_options)
    if config_template.type == "per-endpoint":

        if "af_endpoint_ip" not in post_vars or "af_endpoint_id" not in post_vars:
            error = {
                "output": "missing required authentication parameters",
                "status": 1
            }
            return error

        endpoint = dict()
        endpoint["id"] = post_vars.get("af_endpoint_id", "")
        endpoint["name"] = post_vars.get("af_endpoint_name", "")
        endpoint["ip"] = post_vars.get("af_endpoint_ip", "")
        endpoint["username"] = post_vars.get("af_endpoint_username", "")
        endpoint["password"] = post_vars.get("af_endpoint_password", "")
        endpoint["type"] = post_vars.get("af_endpoint_type", "")

        action.set_endpoint(endpoint)

    try:
        results = action.execute_template(completed_template.strip().replace(
            '\r\n', '\n'))
        response = {"output": results.strip(), "status": 0}

    except Exception as ex:
        print(str(ex))
        response = {"output": "Error executing template", "status": 1}

    return response
Example #12
0
def apply_template_to_queue(request):
    logger.info("__ input_forms apply_template_to_queue __")
    if "input_form_id" not in request.POST:
        logger.error("Did no find all required fields in request")
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoints = request.session["endpoint_queue"]
    input_form = InputForm.objects.get(pk=input_form_id)

    logger.debug(input_form.json)
    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        if '.' in j["name"]:
            # this is a json capable variable name
            j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]]))
            context.update(j_dict)
        else:
            logger.debug("setting context %s" % j["name"])
            context[j["name"]] = str(request.POST[j["name"]])

    logger.debug(context)

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
    except TemplateSyntaxError as e:
        logger.error("Caught a template syntax error!")
        logger.error(str(e))
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    logger.debug("action name is: %s" % action_name)
    logger.debug("action options are: %s" % action_options)

    action = action_provider.get_provider_instance(action_name, action_options)

    results = ""
    for endpoint in endpoints:
        if "username" not in endpoint or endpoint["username"] == "":
            if "global_username" in request.POST:
                endpoint["username"] = request.POST["global_username"]
            else:
                raise Exception("Authentication is required!")

        if "password" not in endpoint or endpoint["password"] == "":
            if "global_password" in request.POST:
                endpoint["password"] = request.POST["global_password"]
            else:
                raise Exception("Authentication is required!")

        context["af_endpoint_ip"] = endpoint["ip"]
        context["af_endpoint_username"] = endpoint["username"]
        context["af_endpoint_password"] = endpoint["password"]
        context["af_endpoint_type"] = endpoint["type"]

        completed_template = str(compiled_template.render(context))

        results += "================ %s ================\n" % endpoint["name"]
        action.set_endpoint(endpoint)
        result = action.execute_template(completed_template)
        results += result
        results += "\n"

    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #13
0
def apply_template(request):
    """

    :param request: HTTPRequest from the input form
    :return: results of the template execution

    """
    logger.info("__ input_forms apply_template __")

    required_fields = set(["input_form_id", "endpoint_id", "group_id"])
    if not required_fields.issubset(request.POST):
        logger.error("Did no find all required fields in request")
        return render(request, "error.html", {"error": "Invalid Parameters in POST"})

    input_form_id = request.POST["input_form_id"]
    endpoint_id = request.POST["endpoint_id"]
    group_id = request.POST["group_id"]

    provider_instance = endpoint_provider.get_provider_instance_from_group(group_id)
    endpoint = provider_instance.get_endpoint_by_id(endpoint_id)

    if "username" not in endpoint or endpoint["username"] == "":
        if "global_username" in request.POST:
            endpoint["username"] = request.POST["global_username"]
        else:
            raise Exception("Authentication is required!")

    if "password" not in endpoint or endpoint["password"] == "":
        if "global_password" in request.POST:
            endpoint["password"] = request.POST["global_password"]
        else:
            raise Exception("Authentication is required!")

    input_form = InputForm.objects.get(pk=input_form_id)

    logger.debug(input_form.json)
    json_object = json.loads(input_form.json)

    context = Context()
    for j in json_object:
        if '.' in j["name"]:
            # this is a json capable variable name
            j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]]))
            context.update(j_dict)
        else:
            logger.debug("setting context %s" % j["name"])
            context[j["name"]] = str(request.POST[j["name"]])

    context["af_endpoint_ip"] = endpoint["ip"]
    context["af_endpoint_username"] = endpoint["username"]
    context["af_endpoint_password"] = endpoint["password"]
    context["af_endpoint_type"] = endpoint["type"]

    logger.debug(context)

    config_template = input_form.script

    try:
        compiled_template = engines['django'].from_string(config_template.template)
        completed_template = str(compiled_template.render(context))
    except TemplateSyntaxError as e:
        logger.error("Caught a template syntax error!")
        return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)})

    logger.debug(completed_template)
    action_name = config_template.action_provider

    action_options = json.loads(config_template.action_provider_options)
    logger.debug(action_options)

    for ao in action_options:
        if "action_options_" + str(ao) in request.POST:
            logger.debug("Found a customized action option!")
            new_val = request.POST["action_options_" + str(ao)]
            current_value = action_options[ao]["value"]
            action_options[ao]["value"] = re.sub("{{ .* }}", new_val, current_value)
            logger.debug(action_options[ao]["value"])

    logger.debug("action name is: " + action_name)

    action = action_provider.get_provider_instance(action_name, action_options)
    action.set_endpoint(endpoint)
    results = action.execute_template(completed_template)
    context = {"results": results}
    return render(request, "input_forms/results.html", context)
Example #14
0
def execute_template(request):
    required_fields = set(["template_id"])
    if not required_fields.issubset(request.POST):
        error = {
            "output": "missing required template_id parameter",
            "status": 1
        }
        return HttpResponse(json.dumps(error), content_type="application/json")

    template_id = request.POST["template_id"]
    config_template = ConfigTemplate.objects.get(pk=template_id)
    template_api = get_input_parameters_for_template(config_template)

    context = Context()

    try:
        print str(template_api["input_parameters"])
        input_parameters = template_api["input_parameters"]

        for j in input_parameters:
            print "setting context %s" % j
            context[j] = str(request.POST[j])

    except Exception as ex:
        print str(ex)
        error = {"output": "missing required parameters", "status": 1}
        return HttpResponse(json.dumps(error), content_type="application/json")

    compiled_template = engines['django'].from_string(config_template.template)
    # compiled_template = get_template_from_string(config_template.template)
    completed_template = str(compiled_template.render(context))

    print completed_template
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name

    action = action_provider.get_provider_instance(action_name, action_options)
    if config_template.type == "per-endpoint":
        required_fields = set([
            "af_endpoint_ip", "af_endpoint_username", "af_endpoint_password",
            "af_endpoint_password"
        ])

        if not required_fields.issubset(request.POST):
            error = {
                "output": "missing required authentication parameters",
                "status": 1
            }
            return HttpResponse(json.dumps(error),
                                content_type="application/json")

        endpoint = dict()
        endpoint["ip"] = request.POST["af_endpoint_ip"]
        endpoint["username"] = request.POST["af_endpoint_username"]
        endpoint["password"] = request.POST["af_endpoint_password"]
        endpoint["type"] = request.POST["af_endpoint_type"]

        action.set_endpoint(endpoint)

    try:
        results = action.execute_template(completed_template.strip().replace(
            '\r\n', '\n'))
        response = {"output": results, "status": 0}

    except Exception as ex:
        print str(ex)
        response = {"output": "Error executing template", "status": 1}

    return HttpResponse(json.dumps(response), content_type="application/json")
Example #15
0
def execute_template(request):
    required_fields = set(["template_id"])
    if not required_fields.issubset(request.POST):
            error = {"output": "missing required template_id parameter", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

    template_id = request.POST["template_id"]
    config_template = ConfigTemplate.objects.get(pk=template_id)
    template_api = get_input_parameters_for_template(config_template)

    context = Context()

    try:
        print str(template_api["input_parameters"])
        input_parameters = template_api["input_parameters"]

        for j in input_parameters:
            print "setting context %s" % j
            context[j] = str(request.POST[j])

    except Exception as ex:
        print str(ex)
        error = {"output": "missing required parameters", "status": 1}
        return HttpResponse(json.dumps(error), content_type="application/json")

    compiled_template = get_template_from_string(config_template.template)
    completed_template = str(compiled_template.render(context))

    print completed_template
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name

    action = action_provider.get_provider_instance(action_name, action_options)
    if config_template.type == "per-endpoint":
        required_fields = set(["af_endpoint_ip", "af_endpoint_username",
                               "af_endpoint_password", "af_endpoint_password"]
                              )

        if not required_fields.issubset(request.POST):
            error = {"output": "missing required authentication parameters", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

        endpoint = dict()
        endpoint["ip"] = request.POST["af_endpoint_ip"]
        endpoint["username"] = request.POST["af_endpoint_username"]
        endpoint["password"] = request.POST["af_endpoint_password"]
        endpoint["type"] = request.POST["af_endpoint_type"]

        action.set_endpoint(endpoint)

    try:
        results = action.execute_template(completed_template.strip().replace('\r\n', '\n'))
        response = {"output": results, "status": 0}

    except Exception as ex:
        print str(ex)
        response = {"output": "Error executing template", "status": 1}

    return HttpResponse(json.dumps(response), content_type="application/json")
Example #16
0
def chain_template(request):
    """
    Populates the input_variables of one template from POSTed form data or json encoded http request body
    This allows you to chain the output of one template to another one
    if the input_variable of a template is in the form 'some.variable.with.periods'
    then the input json object will be searched for that value
    :param request: HTTPRequest either x-www-form-urlencoded or application/json
    :return: the output of the template specified by the template_id parameter
    """
    print request.META["CONTENT_TYPE"]
    if request.META["CONTENT_TYPE"] == "application/json":
        try:
            data = json.loads(request.body)
            template_id = data["template_id"]
        except ValueError:
            error = {"output": "missing required template_id parameter", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

        try:
            config_template = ConfigTemplate.objects.get(pk=template_id)

            context = Context()
            # iterate over all the keys in the json object and set on the context
            # the template engine is smart enough to figure out what goes where
            for k in data:
                context[k] = data[k]

        except ObjectDoesNotExist:
            error = {"output": "Could not get config template", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

    else:
        # this must be a x-www-form-urlencoded request
        required_fields = set(["template_id"])
        if not required_fields.issubset(request.POST):
            error = {"output": "missing required template_id parameter", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

        template_id = request.POST["template_id"]
        config_template = ConfigTemplate.objects.get(pk=template_id)
        template_api = get_input_parameters_for_template(config_template)

        context = Context()

        try:
            print str(template_api["input_parameters"])
            input_parameters = template_api["input_parameters"]

            for j in input_parameters:
                print "setting context %s" % j
                context[j] = str(request.POST[j])

        except Exception as ex:
            print str(ex)
            error = {"output": "missing required parameters", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

    compiled_template = engines['django'].from_string(config_template.template)
    # compiled_template = get_template_from_string(config_template.template)
    completed_template = str(compiled_template.render(context))

    print completed_template
    action_name = config_template.action_provider
    action_options = json.loads(config_template.action_provider_options)

    print "action name is: " + action_name

    action = action_provider.get_provider_instance(action_name, action_options)
    if config_template.type == "per-endpoint":
        required_fields = set(["af_endpoint_ip", "af_endpoint_username",
                               "af_endpoint_password", "af_endpoint_password"]
                              )

        if not required_fields.issubset(request.POST):
            error = {"output": "missing required authentication parameters", "status": 1}
            return HttpResponse(json.dumps(error), content_type="application/json")

        endpoint = dict()
        endpoint["ip"] = request.POST["af_endpoint_ip"]
        endpoint["username"] = request.POST["af_endpoint_username"]
        endpoint["password"] = request.POST["af_endpoint_password"]
        endpoint["type"] = request.POST["af_endpoint_type"]

        action.set_endpoint(endpoint)

    try:
        results = action.execute_template(completed_template.strip().replace('\r\n', '\n'))
        response = {"output": results, "status": 0}

    except Exception as ex:
        print str(ex)
        response = {"output": "Error executing template", "status": 1}

    return HttpResponse(json.dumps(response), content_type="application/json")