def get_object_list(self, request, klass, sources=True):
"""
Handle GET requests. This does all sorts of work to ensure the
results are sanitized and that source restriction is adhered to.
Adds the ability to limit results and the content of the results
through GET parameters.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param klass: The CRITs top-level object to get.
:type klass: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
:param sources: If we should limit by source.
:type sources: boolean
:returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
"""
querydict = {}
user = request.user
get_params = request.GET.copy()
regex = request.GET.get('regex', False)
only = request.GET.get('only', None)
exclude = request.GET.get('exclude', None)
source_list = user.get_sources_list()
no_sources = True
# Chop off trailing slash and split on remaining slashes.
# If last part of path is not the resource name, assume it is an
# object ID.
path = request.path[:-1].split('/')
if path[-1] != self.Meta.resource_name:
# If this is a valid object ID, convert it. Otherwise, use
# the string. The corresponding query will return 0.
if ObjectId.is_valid(path[-1]):
querydict['_id'] = ObjectId(path[-1])
else:
querydict['_id'] = path[-1]
do_or = False
for k,v in get_params.iteritems():
v = v.strip()
try:
v_int = int(v)
except:
# If can't be converted to an int use the string.
v_int = v
if k == "c-_id":
try:
querydict['_id'] = ObjectId(v)
except:
pass
if k.startswith("c-"):
field = k[2:]
# Attempt to discover query operators. We use django-style operators
# (same as MongoEngine). These also override regex.
try:
op_index = field.index("__")
op = "$%s" % field[op_index+2:]
field = field[:op_index]
except ValueError:
op_index = None
if op_index is not None:
if op in ('$gt', '$gte', '$lt', '$lte', '$ne', '$in', '$nin', '$exists'):
val = v
if field in ('created', 'modified'):
try:
val = parse(val, fuzzy=True)
except:
pass
if op in ('$in', '$nin'):
if field == 'source.name':
val = []
for i in v.split(','):
s = remove_quotes(i)
if s in source_list:
no_sources = False
val.append(s)
else:
val = [remove_quotes(i) for i in v.split(',')]
if op == '$exists':
if val in ('true', 'True', '1'):
val = 1
elif val in ('false', 'False', '0'):
val = 0
if field in ('size', 'schema_version'):
if isinstance(val, list):
v_f = []
for i in val:
try:
v_f.append(int(i))
except:
pass
val = v_f
else:
try:
val = int(val)
except:
val = None
if val or val == 0:
querydict[field] = {op: val}
elif field in ('size', 'schema_version'):
querydict[field] = v_int
elif field in ('created', 'modified'):
try:
querydict[field] = parse(v, fuzzy=True)
except:
querydict[field] = v
elif field == 'source.name':
v = remove_quotes(v)
if v in source_list:
no_sources = False
querydict[field] = v
elif regex:
querydict[field] = generate_regex(v)
else:
querydict[field] = remove_quotes(v)
if k == 'or':
do_or = True
if do_or:
tmp = {}
tmp['$or'] = [{x:y} for x,y in querydict.iteritems()]
querydict = tmp
if no_sources and sources:
querydict['source.name'] = {'$in': source_list}
if only or exclude:
required = [k for k,f in klass._fields.iteritems() if f.required]
if only:
fields = only.split(',')
if exclude:
excludes = exclude.split(',')
fields = [x for x in fields if x not in excludes]
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).only(*fields)
elif exclude:
fields = exclude.split(',')
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).exclude(*fields)
else:
results = klass.objects(__raw__=querydict)
# There has to be a better way to do this...
# Final scrub to remove results the user does not have access to
id_list = []
if not klass._meta['crits_type']:
return results
for result in results:
if user.check_source_tlp(result):
id_list.append(result.id)
results = klass.objects(id__in=id_list)
return results
def get_object_list(self, request, klass, sources=True):
"""
Handle GET requests. This does all sorts of work to ensure the
results are sanitized and that source restriction is adhered to.
Adds the ability to limit results and the content of the results
through GET parameters.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param klass: The CRITs top-level object to get.
:type klass: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
:param sources: If we should limit by source.
:type sources: boolean
:returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
"""
querydict = {}
get_params = request.GET.copy()
regex = request.GET.get('regex', False)
only = request.GET.get('only', None)
exclude = request.GET.get('exclude', None)
source_list = user_sources(request.user.username)
no_sources = True
for k,v in get_params.iteritems():
v = v.strip()
try:
v_int = int(v)
except:
pass
if k == "c-_id":
try:
querydict['_id'] = ObjectId(v)
except:
pass
if k.startswith("c-"):
field = k[2:]
# Attempt to discover query operators. We use django-style operators
# (same as MongoEngine). These also override regex.
try:
op_index = field.index("__")
op = "$%s" % field[op_index+2:]
field = field[:op_index]
except ValueError:
op_index = None
if op_index is not None:
if op in ('$gt', '$gte', '$lt', '$lte', '$ne', '$in', '$nin'):
val = v
if op in ('$in', '$nin'):
if field == 'source.name':
val = []
for i in v.split(','):
s = remove_quotes(i)
if s in source_list:
no_sources = False
val.append(s)
else:
val = [remove_quotes(i) for i in v.split(',')]
if field in ('size', 'schema_version'):
if isinstance(val, list):
v_f = []
for i in val:
try:
v_f.append(int(i))
except:
pass
val = v_f
else:
try:
val = int(val)
except:
val = None
if val:
querydict[field] = {op: val}
elif field in ('size', 'schema_version'):
querydict[field] = v_int
elif field == 'source.name':
v = remove_quotes(v)
if v in source_list:
no_sources = False
querydict[field] = v
elif regex:
querydict[field] = generate_regex(v)
else:
querydict[field] = remove_quotes(v)
if no_sources and sources:
querydict['source.name'] = {'$in': source_list}
if only or exclude:
required = [k for k,v in klass._fields.iteritems() if v.required]
if only:
fields = only.split(',')
if exclude:
excludes = exclude.split(',')
fields = [x for x in fields if x not in excludes]
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).only(*fields)
elif exclude:
fields = exclude.split(',')
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).exclude(*fields)
else:
results = klass.objects(__raw__=querydict)
return results
def get_object_list(self, request, klass, sources=True):
"""
Handle GET requests. This does all sorts of work to ensure the
results are sanitized and that source restriction is adhered to.
Adds the ability to limit results and the content of the results
through GET parameters.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param klass: The CRITs top-level object to get.
:type klass: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
:param sources: If we should limit by source.
:type sources: boolean
:returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
"""
querydict = {}
get_params = request.GET.copy()
regex = request.GET.get('regex', False)
only = request.GET.get('only', None)
exclude = request.GET.get('exclude', None)
source_list = user_sources(request.user.username)
no_sources = True
# Chop off trailing slash and split on remaining slashes.
# If last part of path is not the resource name, assume it is an
# object ID.
path = request.path[:-1].split('/')
if path[-1] != self.Meta.resource_name:
# If this is a valid object ID, convert it. Otherwise, use
# the string. The corresponding query will return 0.
if ObjectId.is_valid(path[-1]):
querydict['_id'] = ObjectId(path[-1])
else:
querydict['_id'] = path[-1]
do_or = False
for k, v in get_params.iteritems():
v = v.strip()
try:
v_int = int(v)
except:
# If can't be converted to an int use the string.
v_int = v
if k == "c-_id":
try:
querydict['_id'] = ObjectId(v)
except:
pass
if k.startswith("c-"):
field = k[2:]
# Attempt to discover query operators. We use django-style operators
# (same as MongoEngine). These also override regex.
try:
op_index = field.index("__")
op = "$%s" % field[op_index + 2:]
field = field[:op_index]
except ValueError:
op_index = None
if op_index is not None:
if op in ('$gt', '$gte', '$lt', '$lte', '$ne', '$in',
'$nin', '$exists'):
val = v
if field in ('created', 'modified'):
try:
val = parse(val, fuzzy=True)
except:
pass
if op in ('$in', '$nin'):
if field == 'source.name':
val = []
for i in v.split(','):
s = remove_quotes(i)
if s in source_list:
no_sources = False
val.append(s)
else:
val = [remove_quotes(i) for i in v.split(',')]
if op == '$exists':
if val in ('true', 'True', '1'):
val = 1
elif val in ('false', 'False', '0'):
val = 0
if field in ('size', 'schema_version'):
if isinstance(val, list):
v_f = []
for i in val:
try:
v_f.append(int(i))
except:
pass
val = v_f
else:
try:
val = int(val)
except:
val = None
if val or val == 0:
querydict[field] = {op: val}
elif field in ('size', 'schema_version'):
querydict[field] = v_int
elif field in ('created', 'modified'):
try:
querydict[field] = parse(v, fuzzy=True)
except:
querydict[field] = v
elif field == 'source.name':
v = remove_quotes(v)
if v in source_list:
no_sources = False
querydict[field] = v
elif regex:
querydict[field] = generate_regex(v)
else:
querydict[field] = remove_quotes(v)
if k == 'or':
do_or = True
if do_or:
tmp = {}
tmp['$or'] = [{x: y} for x, y in querydict.iteritems()]
querydict = tmp
if no_sources and sources:
querydict['source.name'] = {'$in': source_list}
if only or exclude:
required = [k for k, f in klass._fields.iteritems() if f.required]
if only:
fields = only.split(',')
if exclude:
excludes = exclude.split(',')
fields = [x for x in fields if x not in excludes]
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).only(*fields)
elif exclude:
fields = exclude.split(',')
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).exclude(*fields)
else:
results = klass.objects(__raw__=querydict)
return results
def get_object_list(self, request, klass, sources=True):
"""
Handle GET requests. This does all sorts of work to ensure the
results are sanitized and that source restriction is adhered to.
Adds the ability to limit results and the content of the results
through GET parameters.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param klass: The CRITs top-level object to get.
:type klass: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
:param sources: If we should limit by source.
:type sources: boolean
:returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
"""
querydict = {}
get_params = request.GET.copy()
regex = request.GET.get('regex', False)
only = request.GET.get('only', None)
exclude = request.GET.get('exclude', None)
source_list = user_sources(request.user.username)
no_sources = True
for k,v in get_params.iteritems():
v = v.strip()
try:
v_int = int(v)
except:
pass
if k == "c-_id":
try:
querydict['_id'] = ObjectId(v)
except:
pass
if k.startswith("c-"):
field = k[2:]
# Attempt to discover query operators. We use django-style operators
# (same as MongoEngine). These also override regex.
try:
op_index = field.index("__")
op = "$%s" % field[op_index+2:]
field = field[:op_index]
except ValueError:
op_index = None
if op_index is not None:
if op in ('$gt', '$gte', '$lt', '$lte', '$ne', '$in', '$nin'):
val = v
if op in ('$in', '$nin'):
if field == 'source.name':
val = []
for i in v.split(','):
s = remove_quotes(i)
if s in source_list:
no_sources = False
val.append(s)
else:
val = [remove_quotes(i) for i in v.split(',')]
if field in ('size', 'schema_version'):
if isinstance(val, list):
v_f = []
for i in val:
try:
v_f.append(int(i))
except:
pass
val = v_f
else:
try:
val = int(val)
except:
val = None
if val:
querydict[field] = {op: val}
elif field in ('size', 'schema_version'):
querydict[field] = v_int
elif field == 'source.name':
v = remove_quotes(v)
if v in source_list:
no_sources = False
querydict[field] = v
elif regex:
querydict[field] = generate_regex(v)
else:
querydict[field] = remove_quotes(v)
if no_sources and sources:
querydict['source.name'] = {'$in': source_list}
if only or exclude:
required = [k for k,v in klass._fields.iteritems() if v.required]
if only:
fields = only.split(',')
if exclude:
excludes = exclude.split(',')
fields = [x for x in fields if x not in excludes]
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).only(*fields)
elif exclude:
fields = exclude.split(',')
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).exclude(*fields)
else:
results = klass.objects(__raw__=querydict)
return results
def get_object_list(self, request, klass, sources=True):
"""
Handle GET requests. This does all sorts of work to ensure the
results are sanitized and that source restriction is adhered to.
Adds the ability to limit results and the content of the results
through GET parameters.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param klass: The CRITs top-level object to get.
:type klass: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
:param sources: If we should limit by source.
:type sources: boolean
:returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
"""
querydict = {}
get_params = request.GET.copy()
regex = request.GET.get("regex", False)
only = request.GET.get("only", None)
exclude = request.GET.get("exclude", None)
source_list = user_sources(request.user.username)
no_sources = True
# Chop off trailing slash and split on remaining slashes.
# If last part of path is not the resource name, assume it is an
# object ID.
path = request.path[:-1].split("/")
if path[-1] != self.Meta.resource_name:
# If this is a valid object ID, convert it. Otherwise, use
# the string. The corresponding query will return 0.
if ObjectId.is_valid(path[-1]):
querydict["_id"] = ObjectId(path[-1])
else:
querydict["_id"] = path[-1]
for k, v in get_params.iteritems():
v = v.strip()
try:
v_int = int(v)
except:
# If can't be converted to an int use the string.
v_int = v
if k == "c-_id":
try:
querydict["_id"] = ObjectId(v)
except:
pass
if k.startswith("c-"):
field = k[2:]
# Attempt to discover query operators. We use django-style operators
# (same as MongoEngine). These also override regex.
try:
op_index = field.index("__")
op = "$%s" % field[op_index + 2 :]
field = field[:op_index]
except ValueError:
op_index = None
if op_index is not None:
if op in ("$gt", "$gte", "$lt", "$lte", "$ne", "$in", "$nin", "$exists"):
val = v
if field in ("created", "modified"):
try:
val = parse(val, fuzzy=True)
except:
pass
if op in ("$in", "$nin"):
if field == "source.name":
val = []
for i in v.split(","):
s = remove_quotes(i)
if s in source_list:
no_sources = False
val.append(s)
else:
val = [remove_quotes(i) for i in v.split(",")]
if op == "$exists":
if val in ("true", "True", "1"):
val = 1
elif val in ("false", "False", "0"):
val = 0
if field in ("size", "schema_version"):
if isinstance(val, list):
v_f = []
for i in val:
try:
v_f.append(int(i))
except:
pass
val = v_f
else:
try:
val = int(val)
except:
val = None
if val or val == 0:
querydict[field] = {op: val}
elif field in ("size", "schema_version"):
querydict[field] = v_int
elif field in ("created", "modified"):
try:
querydict[field] = parse(v, fuzzy=True)
except:
querydict[field] = v
elif field == "source.name":
v = remove_quotes(v)
if v in source_list:
no_sources = False
querydict[field] = v
elif regex:
querydict[field] = generate_regex(v)
else:
querydict[field] = remove_quotes(v)
if no_sources and sources:
querydict["source.name"] = {"$in": source_list}
if only or exclude:
required = [k for k, f in klass._fields.iteritems() if f.required]
if only:
fields = only.split(",")
if exclude:
excludes = exclude.split(",")
fields = [x for x in fields if x not in excludes]
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).only(*fields)
elif exclude:
fields = exclude.split(",")
for r in required:
if r not in fields:
fields.append(r)
results = klass.objects(__raw__=querydict).exclude(*fields)
else:
results = klass.objects(__raw__=querydict)
return results
