Example #1
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST" and request.is_ajax():
        config_form = ConfigForm(request.POST)
        analyst = request.user.username
        if config_form.is_valid():
            result = modify_configuration(config_form, analyst)
            message = {"message": result["message"]}
        else:
            message = {"message": "Invalid Form"}
        return HttpResponse(json.dumps(message), mimetype="application/json")
    else:
        return render_to_response("error.html", {"error": "Expected AJAX POST"}, RequestContext(request))
Example #2
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST" and request.is_ajax():
        config_form = ConfigForm(request.POST)
        analyst = request.user.username
        if config_form.is_valid():
            result = modify_configuration(config_form, analyst)
            message = {'message': result['message']}
        else:
            message = {'message': "Invalid Form"}
        return HttpResponse(json.dumps(message), mimetype="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))
Example #3
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """
    from django.forms.util import ErrorList

    # Get the current configuration, set as default unless user has permission to edit.
    crits_config = CRITsConfig.objects().first()
    config_data = crits_config.__dict__.get('_data')
    analyst = request.user.username
    user = request.user
    errors = []
    permission_error = False

    if request.method == "POST" and request.is_ajax():
        if user.has_access_to(GeneralACL.CONTROL_PANEL_GENERAL_EDIT):
            config_general_form = ConfigGeneralForm(request.POST)
        else:
            config_general_form = ConfigGeneralForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LDAP_EDIT):
            config_LDAP_form = ConfigLDAPForm(request.POST)
        else:
            config_LDAP_form = ConfigLDAPForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SECURITY_EDIT):
            config_security_form = ConfigSecurityForm(request.POST)
        else:
            new_allowed_hosts = []
            for host in config_data['allowed_hosts']:
                new_allowed_hosts.append(str(host))

            config_data['allowed_hosts'] = ','.join(new_allowed_hosts)

            config_security_form = ConfigSecurityForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LOGGING_EDIT):
            config_logging_form = ConfigLoggingForm(request.POST)
        else:
            config_logging_form = ConfigLoggingForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SYSTEM_SERVICES_EDIT):
            config_services_form = ConfigServicesForm(request.POST)
        else:
            new_service_dirs = []
            for directory in config_data['service_dirs']:
                new_service_dirs.append(str(directory))
            config_data['service_dirs'] = ','.join(new_service_dirs)

            config_services_form = ConfigServicesForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_DOWNLOADING_EDIT):
            config_download_form = ConfigDownloadForm(request.POST)
        else:
            config_download_form = ConfigDownloadForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_CRITS_EDIT):
            config_CRITs_form = ConfigCritsForm(request.POST)
        else:
            config_CRITs_form = ConfigCritsForm(config_data)
            permission_error = True

        forms = [
            config_general_form, config_LDAP_form, config_security_form,
            config_logging_form, config_services_form, config_download_form,
            config_CRITs_form
        ]
        #Used in defining the error message displayed to the user
        errorStringDict = {
            "ConfigGeneralForm": "General",
            "ConfigLDAPForm": "LDAP",
            "ConfigSecurityForm": "Security",
            "ConfigLoggingForm": "Logging",
            "ConfigServicesForm": "Services",
            "ConfigDownloadForm": "Downloading",
            "ConfigCritsForm": "CRITs",
        }

        #iterate over all the forms, checking if they're valid
        #if the form is valid, remove it from the errorStringDict
        for form in forms:
            if form.is_valid():
                formName = type(form).__name__
                errorStringDict.pop(formName, None)
            else:
                errors.extend(form.errors)

        #submit if the errorStringDict is empty
        if not errorStringDict and not permission_error:
            result = modify_configuration(forms, analyst)
            message = result['message']
        elif permission_error:
            message = "User does not have permission to edit form."
        elif len(errorStringDict) == 2:
            formsWithErrors = " and ".join(errorStringDict.values())
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        elif len(
                errorStringDict
        ) > 1:  #if there are multiple tabs with errors, pluralize the error message
            formsWithErrors = ", ".join(errorStringDict.values())
            lastWhiteSpace = formsWithErrors.rfind(" ")
            formsWithErrors = formsWithErrors[:
                                              lastWhiteSpace] + " and " + formsWithErrors[
                                                  lastWhiteSpace:]
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        else:  #if there is only one tab with errors, make the error message singular
            formsWithErrors = errorStringDict.values()[0]
            message = "Invalid Form: The " + formsWithErrors + " tab has errors."

        message = {'message': message, 'errors': errors}
        return HttpResponse(json.dumps(message),
                            content_type="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))
Example #4
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    # Get the current configuration, set as default unless user has permission to edit.
    crits_config = CRITsConfig.objects().first()
    config_data = crits_config.__dict__.get('_data')
    analyst = request.user.username
    user = request.user
    errors = []
    permission_error = False

    if request.method == "POST" and request.is_ajax():
        if user.has_access_to(GeneralACL.CONTROL_PANEL_GENERAL_EDIT):
            config_general_form = ConfigGeneralForm(request.POST)
        else:
            config_general_form = ConfigGeneralForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LDAP_EDIT):
            config_LDAP_form = ConfigLDAPForm(request.POST)
        else:
            config_LDAP_form = ConfigLDAPForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SECURITY_EDIT):
            config_security_form = ConfigSecurityForm(request.POST)
        else:
            new_allowed_hosts = []
            for host in config_data['allowed_hosts']:
                new_allowed_hosts.append(str(host))

            config_data['allowed_hosts'] = ','.join(new_allowed_hosts)


            config_security_form = ConfigSecurityForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LOGGING_EDIT):
            config_logging_form = ConfigLoggingForm(request.POST)
        else:
            config_logging_form = ConfigLoggingForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SYSTEM_SERVICES_EDIT):
            config_services_form = ConfigServicesForm(request.POST)
        else:
            new_service_dirs = []
            for directory in config_data['service_dirs']:
                new_service_dirs.append(str(directory))
            config_data['service_dirs'] = ','.join(new_service_dirs)

            config_services_form = ConfigServicesForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_DOWNLOADING_EDIT):
            config_download_form = ConfigDownloadForm(request.POST)
        else:
            config_download_form = ConfigDownloadForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_CRITS_EDIT):
            config_CRITs_form = ConfigCritsForm(request.POST)
        else:
            config_CRITs_form = ConfigCritsForm(config_data)
            permission_error = True

        forms = [config_general_form,
                 config_LDAP_form,
                 config_security_form,
                 config_logging_form,
                 config_services_form,
                 config_download_form,
                 config_CRITs_form]
        #Used in defining the error message displayed to the user
        errorStringDict = {
            "ConfigGeneralForm": "General",
            "ConfigLDAPForm": "LDAP",
            "ConfigSecurityForm": "Security",
            "ConfigLoggingForm": "Logging",
            "ConfigServicesForm": "Services",
            "ConfigDownloadForm": "Downloading",
            "ConfigCritsForm": "CRITs",
        }

        #iterate over all the forms, checking if they're valid
        #if the form is valid, remove it from the errorStringDict
        for form in forms:
            if form.is_valid():
                formName = type(form).__name__
                errorStringDict.pop(formName, None)
            else:
                errors.extend(form.errors)

        #submit if the errorStringDict is empty
        if not errorStringDict and not permission_error:
            result = modify_configuration(forms, analyst)
            message = result['message']
        elif permission_error:
            message = "User does not have permission to edit form."
        elif len(errorStringDict) == 2:
            formsWithErrors = " and ".join(errorStringDict.values())
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        elif len(errorStringDict) > 1:      #if there are multiple tabs with errors, pluralize the error message
            formsWithErrors = ", ".join(errorStringDict.values())
            lastWhiteSpace = formsWithErrors.rfind(" ")
            formsWithErrors = formsWithErrors[:lastWhiteSpace] + " and " + formsWithErrors[lastWhiteSpace:]
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        else:   #if there is only one tab with errors, make the error message singular
            formsWithErrors = errorStringDict.values()[0]
            message = "Invalid Form: The " + formsWithErrors + " tab has errors."

        message = {'message': message,
                   'errors': errors}
        return HttpResponse(json.dumps(message), content_type="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))
Example #5
0
File: views.py Project: 0x3a/crits
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST" and request.is_ajax():
        config_general_form = ConfigGeneralForm(request.POST)
        config_LDAP_form = ConfigLDAPForm(request.POST)
        config_security_form = ConfigSecurityForm(request.POST)
        config_logging_form = ConfigLoggingForm(request.POST)
        config_services_form = ConfigServicesForm(request.POST)
        config_download_form = ConfigDownloadForm(request.POST)
        config_CRITs_form = ConfigCritsForm(request.POST)

        forms = [config_general_form,
                 config_LDAP_form,
                 config_security_form,
                 config_logging_form,
                 config_services_form,
                 config_download_form,
                 config_CRITs_form]
        #Used in defining the error message displayed to the user
        errorStringDict = {
            "ConfigGeneralForm": "General",
            "ConfigLDAPForm": "LDAP",
            "ConfigSecurityForm": "Security",
            "ConfigLoggingForm": "Logging",
            "ConfigServicesForm": "Services",
            "ConfigDownloadForm": "Downloading",
            "ConfigCritsForm": "CRITs",
        }

        analyst = request.user.username
        errors = []
        #iterate over all the forms, checking if they're valid
        #if the form is valid, remove it from the errorStringDict
        for form in forms:
            if form.is_valid():
                formName = type(form).__name__
                errorStringDict.pop(formName, None)
            else:
                errors.extend(form.errors)

        #submit if the errorStringDict is empty
        if not errorStringDict:
            result = modify_configuration(forms, analyst)
            message = result['message']
        elif len(errorStringDict) == 2:
            formsWithErrors = " and ".join(errorStringDict.values())
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        elif len(errorStringDict) > 1:      #if there are multiple tabs with errors, pluralize the error message
            formsWithErrors = ", ".join(errorStringDict.values())
            lastWhiteSpace = formsWithErrors.rfind(" ")
            formsWithErrors = formsWithErrors[:lastWhiteSpace] + " and " + formsWithErrors[lastWhiteSpace:]
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        else:   #if there is only one tab with errors, make the error message singular
            formsWithErrors = errorStringDict.values()[0]
            message = "Invalid Form: The " + formsWithErrors + " tab has errors."

        message = {'message': message,
                   'errors': errors}
        return HttpResponse(json.dumps(message), mimetype="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))
Example #6
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST" and request.is_ajax():
        config_general_form = ConfigGeneralForm(request.POST)
        config_LDAP_form = ConfigLDAPForm(request.POST)
        config_security_form = ConfigSecurityForm(request.POST)
        config_logging_form = ConfigLoggingForm(request.POST)
        config_services_form = ConfigServicesForm(request.POST)
        config_download_form = ConfigDownloadForm(request.POST)
        config_CRITs_form = ConfigCritsForm(request.POST)

        forms = [
            config_general_form, config_LDAP_form, config_security_form,
            config_logging_form, config_services_form, config_download_form,
            config_CRITs_form
        ]
        #Used in defining the error message displayed to the user
        errorStringDict = {
            "ConfigGeneralForm": "General",
            "ConfigLDAPForm": "LDAP",
            "ConfigSecurityForm": "Security",
            "ConfigLoggingForm": "Logging",
            "ConfigServicesForm": "Services",
            "ConfigDownloadForm": "Downloading",
            "ConfigCritsForm": "CRITs",
        }

        analyst = request.user.username
        errors = []
        #iterate over all the forms, checking if they're valid
        #if the form is valid, remove it from the errorStringDict
        for form in forms:
            if form.is_valid():
                formName = type(form).__name__
                errorStringDict.pop(formName, None)
            else:
                errors.extend(form.errors)

        #submit if the errorStringDict is empty
        if not errorStringDict:
            result = modify_configuration(forms, analyst)
            message = result['message']
        elif len(errorStringDict) == 2:
            formsWithErrors = " and ".join(errorStringDict.values())
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        elif len(
                errorStringDict
        ) > 1:  #if there are multiple tabs with errors, pluralize the error message
            formsWithErrors = ", ".join(errorStringDict.values())
            lastWhiteSpace = formsWithErrors.rfind(" ")
            formsWithErrors = formsWithErrors[:
                                              lastWhiteSpace] + " and " + formsWithErrors[
                                                  lastWhiteSpace:]
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        else:  #if there is only one tab with errors, make the error message singular
            formsWithErrors = errorStringDict.values()[0]
            message = "Invalid Form: The " + formsWithErrors + " tab has errors."

        message = {'message': message, 'errors': errors}
        return HttpResponse(json.dumps(message),
                            content_type="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))