def bulk_add_object(request):
"""
Bulk add objects.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
all_obj_type_choices = [
(c[0], c[0], {"datatype": c[1].keys()[0], "datatype_value": c[1].values()[0]})
for c in get_object_types(False, query={"datatype.file": {"$exists": 0}})
]
formdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
if request.method == "POST" and request.is_ajax():
response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict)
return HttpResponse(json.dumps(response, default=json_handler), mimetype="application/json")
else:
return render_to_response(
"bulk_add_default.html",
{"formdict": formdict, "title": "Bulk Add Objects", "table_name": "object"},
RequestContext(request),
)
def bulk_add_object(request):
"""
Bulk add objects.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False, query={'datatype.file':{'$exists':0}})]
formdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
if request.method == "POST" and request.is_ajax():
response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict)
return HttpResponse(json.dumps(response,
default=json_handler),
mimetype='application/json')
else:
return render_to_response('bulk_add_default.html',
{'formdict': formdict,
'title': "Bulk Add Objects",
'table_name': 'object'},
RequestContext(request))
def parse_row_to_bound_object_form(request, rowData, cache):
"""
Parse a row from mass object upload into an AddObjectForm.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:param rowData: The row data.
:type rowData: dict
:param cache: Cached data, typically for performance enhancements
during bulk operations.
:type cache: dict
:returns: :class:`crits.objects.forms.AddObjectForm`
"""
bound_form = None
# TODO fix the hardcoded strings and conversion of types
# TODO Add common method to convert data to string
object_type = rowData.get(form_consts.Object.OBJECT_TYPE, "")
value = rowData.get(form_consts.Object.VALUE, "")
source = rowData.get(form_consts.Object.SOURCE, "")
method = rowData.get(form_consts.Object.METHOD, "")
reference = rowData.get(form_consts.Object.REFERENCE, "")
otype = rowData.get(form_consts.Object.PARENT_OBJECT_TYPE, "")
oid = rowData.get(form_consts.Object.PARENT_OBJECT_ID, "")
is_add_indicator = convert_string_to_bool(
rowData.get(form_consts.Object.ADD_INDICATOR, "False"))
all_obj_type_choices = cache.get("object_types")
if all_obj_type_choices == None:
all_obj_type_choices = [(c[0], c[0], {
'datatype': c[1].keys()[0],
'datatype_value': c[1].values()[0]
}) for c in get_object_types(False)]
cache["object_types"] = all_obj_type_choices
data = {
'object_type': object_type,
'value': value,
'source': source,
'method': method,
'reference': reference,
'otype': otype,
'oid': oid,
'add_indicator': is_add_indicator
}
bound_form = cache.get("object_form")
if bound_form == None:
bound_form = AddObjectForm(request.user, all_obj_type_choices, data)
cache['object_form'] = bound_form
else:
bound_form.data = data
bound_form.full_clean()
return bound_form
def parse_row_to_bound_object_form(request, rowData, cache):
"""
Parse a row from mass object upload into an AddObjectForm.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:param rowData: The row data.
:type rowData: dict
:param cache: Cached data, typically for performance enhancements
during bulk operations.
:type cache: dict
:returns: :class:`crits.objects.forms.AddObjectForm`
"""
bound_form = None
# TODO fix the hardcoded strings and conversion of types
# TODO Add common method to convert data to string
object_type = rowData.get(form_consts.Object.OBJECT_TYPE, "")
value = rowData.get(form_consts.Object.VALUE, "")
source = rowData.get(form_consts.Object.SOURCE, "")
method = rowData.get(form_consts.Object.METHOD, "")
reference = rowData.get(form_consts.Object.REFERENCE, "")
otype = rowData.get(form_consts.Object.PARENT_OBJECT_TYPE, "")
oid = rowData.get(form_consts.Object.PARENT_OBJECT_ID, "")
is_add_indicator = convert_string_to_bool(rowData.get(form_consts.Object.ADD_INDICATOR, "False"))
all_obj_type_choices = cache.get("object_types")
if all_obj_type_choices == None:
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False)]
cache["object_types"] = all_obj_type_choices
data = {
'object_type': object_type,
'value': value,
'source': source,
'method': method,
'reference': reference,
'otype': otype,
'oid': oid,
'add_indicator': is_add_indicator
}
bound_form = cache.get("object_form")
if bound_form == None:
bound_form = AddObjectForm(request.user, all_obj_type_choices, data)
cache['object_form'] = bound_form
else:
bound_form.data = data
bound_form.full_clean()
return bound_form
def get_object_type_dropdown(request):
"""
Get the list of object types for UI dropdowns. Should be an AJAX POST.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
# NOTE: query is no longer a free-form ajax object that is passed onto mongo
# There was a Mongo Injection issue here before. get_object_types
# query is passed into mongo as a raw WHERE clause, permitting
# javascript injection into mongo.
# Only searches seen used so far is {datatype.file:{$exists:0}}, so this was changed around to
# only look for a query:'no_file' and sets the where clause for the handler to remove the
# exposure here
if request.method == 'POST' and request.is_ajax():
dd_types = ""
query = {}
if 'query' in request.POST and request.POST['query'] != "":
if request.POST['query'] == "no_file":
query = {'datatype.file':{'$exists':0}}
else:
message = "Invalid Query passed"
result = {'success': False, 'message': message}
return HttpResponse(json.dumps(result),
mimetype="application/json")
if 'all' in request.POST:
dd_types = get_object_types(False, query)
else:
dd_types = get_object_types(True, query)
dd_final = {}
for obj_type in dd_types:
dd_final[obj_type[0]] = obj_type
result = {'types': dd_final}
return HttpResponse(json.dumps(result),
mimetype="application/json")
else:
error = "Expected AJAX POST"
return render_to_response("error.html",
{"error" : error },
RequestContext(request))
def get_object_type_dropdown(request):
"""
Get the list of object types for UI dropdowns. Should be an AJAX POST.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
# NOTE: query is no longer a free-form ajax object that is passed onto mongo
# There was a Mongo Injection issue here before. get_object_types
# query is passed into mongo as a raw WHERE clause, permitting
# javascript injection into mongo.
# Only searches seen used so far is {datatype.file:{$exists:0}}, so this was changed around to
# only look for a query:'no_file' and sets the where clause for the handler to remove the
# exposure here
if request.method == 'POST' and request.is_ajax():
dd_types = ""
query = {}
if 'query' in request.POST and request.POST['query'] != "":
if request.POST['query'] == "no_file":
query = {'datatype.file':{'$exists':0}}
else:
message = "Invalid Query passed"
result = {'success': False, 'message': message}
return HttpResponse(json.dumps(result),
mimetype="application/json")
if 'all' in request.POST:
dd_types = get_object_types(False, query)
else:
dd_types = get_object_types(True, query)
dd_final = {}
for obj_type in dd_types:
dd_final[obj_type[0]] = obj_type
result = {'types': dd_final}
return HttpResponse(json.dumps(result),
mimetype="application/json")
else:
error = "Expected AJAX POST"
return render_to_response("error.html",
{"error" : error },
RequestContext(request))
def __init__(self, username, choices, *args, **kwargs):
super(AddObjectForm, self).__init__(*args, **kwargs)
if not choices:
choices = [(c[0], c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}) for c in get_object_types(True)]
self.fields['object_type'].choices = choices
self.fields['object_type'].widget.attrs = {'class':'object-types'}
self.fields['source'].choices = [(c.name,
c.name) for c in get_source_names(True,
True,
username)]
self.fields['source'].initial = get_user_organization(username)
def bulk_add_domain(request):
"""
Bulk add domains via a bulk upload form.
Args:
request: The Django context which contains information about the
session and key/value pairs for the bulk add domains request
Returns:
If the request is not a POST and not a Ajax call then:
Returns a rendered HTML form for a bulk add of domains
If the request is a POST and a Ajax call then:
Returns a response that contains information about the
status of the bulk uploaded domains. This may include information
such as domains that failed or successfully added. This may
also contain helpful status messages about each operation.
"""
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False)]
formdict = form_to_dict(AddDomainForm(request.user))
if request.method == "POST" and request.is_ajax():
response = process_bulk_add_domain(request, formdict);
return HttpResponse(json.dumps(response,
default=json_handler),
mimetype='application/json')
else:
objectformdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
return render_to_response('bulk_add_default.html',
{'formdict': formdict,
'objectformdict': objectformdict,
'title': "Bulk Add Domains",
'table_name': 'domain',
'local_validate_columns': [form_consts.Domain.DOMAIN_NAME],
'custom_js': "domain_handsontable.js",
'is_bulk_add_objects': True},
RequestContext(request));
def bulk_add_domain(request):
"""
Bulk add domains via a bulk upload form.
Args:
request: The Django context which contains information about the
session and key/value pairs for the bulk add domains request
Returns:
If the request is not a POST and not a Ajax call then:
Returns a rendered HTML form for a bulk add of domains
If the request is a POST and a Ajax call then:
Returns a response that contains information about the
status of the bulk uploaded domains. This may include information
such as domains that failed or successfully added. This may
also contain helpful status messages about each operation.
"""
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False)]
formdict = form_to_dict(AddDomainForm(request.user))
if request.method == "POST" and request.is_ajax():
response = process_bulk_add_domain(request, formdict);
return HttpResponse(json.dumps(response,
default=json_handler),
mimetype='application/json')
else:
objectformdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
return render_to_response('bulk_add_default.html',
{'formdict': formdict,
'objectformdict': objectformdict,
'title': "Bulk Add Domains",
'table_name': 'domain',
'local_validate_columns': [form_consts.Domain.DOMAIN_NAME],
'custom_js': "domain_handsontable.js",
'is_bulk_add_objects': True},
RequestContext(request));
def __init__(self, username, choices=None, *args, **kwargs):
super(UploadIndicatorForm, self).__init__(*args, **kwargs)
self.fields['source'].choices = [
(c.name, c.name) for c in get_source_names(True, True, username)
]
self.fields['source'].initial = get_user_organization(username)
if not choices:
#only valid types for indicators are those which don't require file upload
choices = [(c[0], c[0], {
'datatype': c[1].keys()[0],
'datatype_value': c[1].values()[0]
}) for c in get_object_types(active=True,
query={
'datatype.file': {
'$exists': 0
},
'datatype.enum': {
'$exists': 0
}
})]
self.fields['indicator_type'].choices = choices
self.fields['indicator_type'].widget.attrs = {'class': 'object-types'}
self.fields['campaign'].choices = [("", "")]
self.fields['campaign'].choices += [
(c.name, c.name) for c in get_item_names(Campaign, True)
]
self.fields['campaign_confidence'].choices = [("", ""), ("low", "low"),
("medium", "medium"),
("high", "high")]
self.fields['confidence'].choices = [("unknown", "unknown"),
("benign", "benign"),
("low", "low"),
("medium", "medium"),
("high", "high")]
self.fields['impact'].choices = [("unknown", "unknown"),
("benign", "benign"), ("low", "low"),
("medium", "medium"),
("high", "high")]
add_bucketlist_to_form(self)
add_ticket_to_form(self)
def __init__(self, username, choices=None, *args, **kwargs):
super(UploadIndicatorForm, self).__init__(*args, **kwargs)
self.fields['source'].choices = [(c.name,
c.name) for c in get_source_names(True,
True,
username)]
self.fields['source'].initial = get_user_organization(username)
if not choices:
#only valid types for indicators are those which don't require file upload
choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(active=True,
query={'datatype.file':{'$exists':0}})]
self.fields['indicator_type'].choices = choices
self.fields['indicator_type'].widget.attrs = {'class':'object-types'}
self.fields['campaign'].choices = [("","")]
self.fields['campaign'].choices += [(c.name,
c.name
) for c in get_item_names(Campaign,
True)]
self.fields['campaign_confidence'].choices = [("", ""),
("low", "low"),
("medium", "medium"),
("high", "high")]
self.fields['confidence'].choices = [("unknown", "unknown"),
("benign", "benign"),
("low", "low"),
("medium", "medium"),
("high", "high")]
self.fields['impact'].choices = [("unknown", "unknown"),
("benign", "benign"),
("low", "low"),
("medium", "medium"),
("high", "high")]
add_bucketlist_to_form(self)
add_ticket_to_form(self)
def upload_indicator(request):
"""
Upload new indicators (individual, blob, or CSV file).
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
:class:`django.http.HttpResponseRedirect`
"""
if request.method == "POST":
username = request.user.username
failed_msg = ""
result = None
if request.POST["svalue"] == "Upload CSV":
form = UploadIndicatorCSVForm(username, request.POST, request.FILES)
if form.is_valid():
result = handle_indicator_csv(
request.FILES["filedata"],
request.POST["source"],
request.POST["method"],
request.POST["reference"],
"file",
username,
add_domain=True,
)
if result["success"]:
message = {
"message": (
'<div>%s <a href="%s">Go to all'
" indicators</a></div>"
% (result["message"], reverse("crits.indicators.views.indicators_listing"))
)
}
else:
failed_msg = "<div>%s</div>" % result["message"]
if request.POST["svalue"] == "Upload Text":
form = UploadIndicatorTextForm(username, request.POST)
if form.is_valid():
result = handle_indicator_csv(
request.POST["data"],
request.POST["source"],
request.POST["method"],
request.POST["reference"],
"ti",
username,
add_domain=True,
)
if result["success"]:
message = {
"message": (
'<div>%s <a href="%s">Go to all'
" indicators</a></div>"
% (result["message"], reverse("crits.indicators.views.indicators_listing"))
)
}
else:
failed_msg = "<div>%s</div>" % result["message"]
if request.POST["svalue"] == "Upload Indicator":
all_ind_type_choices = [
(c[0], c[0], {"datatype": c[1].keys()[0], "datatype_value": c[1].values()[0]})
for c in get_object_types(active=False, query={"datatype.file": {"$exists": 0}})
]
form = UploadIndicatorForm(username, all_ind_type_choices, request.POST)
if form.is_valid():
result = handle_indicator_ind(
request.POST["value"],
request.POST["source"],
request.POST["indicator_type"],
username,
request.POST["method"],
request.POST["reference"],
add_domain=True,
campaign=request.POST["campaign"],
campaign_confidence=request.POST["campaign_confidence"],
confidence=request.POST["confidence"],
impact=request.POST["impact"],
bucket_list=request.POST[form_consts.Common.BUCKET_LIST_VARIABLE_NAME],
ticket=request.POST[form_consts.Common.TICKET_VARIABLE_NAME],
)
if result["success"]:
indicator_link = (
' - <a href="%s">Go to this ' 'indicator</a> or <a href="%s">all ' "indicators</a>.</div>"
) % (
reverse("crits.indicators.views.indicator", args=[result["objectid"]]),
reverse("crits.indicators.views.indicators_listing"),
)
if result.get("is_new_indicator", False) == False:
message = {"message": ("<div>Warning: Updated existing" " Indicator!" + indicator_link)}
else:
message = {"message": ("<div>Indicator added " "successfully!" + indicator_link)}
else:
failed_msg = result["message"] + " - "
if result == None or not result["success"]:
failed_msg += '<a href="%s"> Go to all indicators</a></div>' % reverse(
"crits.indicators.views.indicators_listing"
)
message = {"message": failed_msg, "form": form.as_table()}
elif result != None:
message["success"] = result["success"]
if request.is_ajax():
return HttpResponse(json.dumps(message), mimetype="application/json")
else: # file upload
return render_to_response(
"file_upload_response.html", {"response": json.dumps(message)}, RequestContext(request)
)
def add_new_object(request):
"""
Add a new object.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == 'POST':
analyst = "%s" % request.user
result = ""
message = ""
my_type = request.POST['otype']
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False)]
form = AddObjectForm(analyst,
all_obj_type_choices,
request.POST,
request.FILES)
if not form.is_valid() and not 'value' in request.FILES:
message = "Invalid Form: %s" % form.errors
form = form.as_table()
response = json.dumps({'message': message,
'form': form,
'success': False})
if request.is_ajax():
return HttpResponse(response, mimetype="application/json")
else:
return render_to_response("file_upload_response.html",
{'response':response},
RequestContext(request))
source = request.POST['source']
oid = request.POST['oid']
ot_array = request.POST['object_type'].split(" - ")
object_type = ot_array[0]
name = ot_array[1] if len(ot_array) == 2 else ot_array[0]
method = request.POST['method']
reference = request.POST['reference']
add_indicator = request.POST.get('add_indicator', None)
data = None
# if it was a file upload, handle the file appropriately
if 'value' in request.FILES:
data = request.FILES['value']
value = request.POST.get('value', None)
if isinstance(value, basestring):
value = value.strip()
results = add_object(my_type,
oid,
object_type,
name,
source,
method,
reference,
analyst,
value=value,
file_=data,
add_indicator=add_indicator,
is_sort_relationships=True)
if results['success']:
subscription = {
'type': my_type,
'id': oid
}
if results.get('relationships', None):
relationship = {'type': my_type,
'value': oid}
relationships = results['relationships']
html = render_to_string('objects_listing_widget.html',
{'objects': results['objects'],
'relationships': relationships,
'subscription': subscription},
RequestContext(request))
result = {'success': True,
'html': html,
'message': results['message']}
rel_msg = render_to_string('relationships_listing_widget.html',
{'relationship': relationship,
'nohide': True,
'relationships': relationships},
RequestContext(request))
result['rel_made'] = True
result['rel_msg'] = rel_msg
else:
html = render_to_string('objects_listing_widget.html',
{'objects': results['objects'],
'subscription': subscription},
RequestContext(request))
result = {'success': True,
'html': html,
'message': results['message']}
else:
message = "Error adding object: %s" % results['message']
result = {'success': False, 'message': message}
if request.is_ajax():
return HttpResponse(json.dumps(result),
mimetype="application/json")
else:
return render_to_response("file_upload_response.html",
{'response': json.dumps(result)},
RequestContext(request))
else:
error = "Expected POST"
return render_to_response("error.html",
{"error" : error },
RequestContext(request))
import re
from django import forms
from django.forms.util import ErrorList
from crits.campaigns.campaign import Campaign
from crits.core.forms import add_bucketlist_to_form, add_ticket_to_form
from crits.core.handlers import get_item_names, get_source_names
from crits.core.user_tools import get_user_organization
from crits.core.handlers import get_object_types
from crits.core import form_consts
ip_choices = [(c[0], c[0]) for c in get_object_types(
active=False,
query={
'type': 'Address',
'name': {
'$in': ['cidr', re.compile('^ipv')]
}
})]
class AddIPForm(forms.Form):
"""
Django form for adding an IP to CRITs.
"""
error_css_class = 'error'
required_css_class = 'required'
ip = forms.CharField(
required=True,
label=form_consts.IP.IP_ADDRESS,
Split the name and type into their separate parts.
:param full_name: The full name of the ObjectType.
:type full_name: str
:returns: list of [<name>, <type>]
"""
split_name = full_name.split(" - ")
# if len(split_name) == 1, name and type are the same
return split_name*2 if len(split_name) == 1 else split_name
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False)]
def validate_and_add_new_handler_object(data, rowData, request, errors, row_counter,
is_validate_only=False, is_sort_relationships=False,
cache={}, obj=None):
"""
Validate an object and then add it to the database.
:param data: The data for the object.
:type data: dict
:param rowData: Data from the row if using mass object upload.
:type rowData: dict
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:param errors: List of existing errors to append to.
:type errors: list
def add_new_object(request):
"""
Add a new object.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == 'POST':
analyst = "%s" % request.user
result = ""
message = ""
my_type = request.POST['otype']
all_obj_type_choices = [(c[0],
c[0],
{'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False)]
form = AddObjectForm(analyst,
all_obj_type_choices,
request.POST,
request.FILES)
if not form.is_valid() and not 'value' in request.FILES:
message = "Invalid Form: %s" % form.errors
form = form.as_table()
response = json.dumps({'message': message,
'form': form,
'success': False})
if request.is_ajax():
return HttpResponse(response, mimetype="application/json")
else:
return render_to_response("file_upload_response.html",
{'response':response},
RequestContext(request))
source = request.POST['source']
oid = request.POST['oid']
ot_array = request.POST['object_type'].split(" - ")
object_type = ot_array[0]
name = ot_array[1] if len(ot_array) == 2 else ot_array[0]
method = request.POST['method']
reference = request.POST['reference']
add_indicator = request.POST.get('add_indicator', None)
data = None
# if it was a file upload, handle the file appropriately
if 'value' in request.FILES:
data = request.FILES['value']
value = request.POST.get('value', None)
if isinstance(value, basestring):
value = value.strip()
results = add_object(my_type,
oid,
object_type,
name,
source,
method,
reference,
analyst,
value=value,
file_=data,
add_indicator=add_indicator,
is_sort_relationships=True)
if results['success']:
subscription = {
'type': my_type,
'id': oid
}
if results.get('relationships', None):
relationship = {'type': my_type,
'value': oid}
relationships = results['relationships']
html = render_to_string('objects_listing_widget.html',
{'objects': results['objects'],
'relationships': relationships,
'subscription': subscription},
RequestContext(request))
result = {'success': True,
'html': html,
'message': results['message']}
rel_msg = render_to_string('relationships_listing_widget.html',
{'relationship': relationship,
'nohide': True,
'relationships': relationships},
RequestContext(request))
result['rel_made'] = True
result['rel_msg'] = rel_msg
else:
html = render_to_string('objects_listing_widget.html',
{'objects': results['objects'],
'subscription': subscription},
RequestContext(request))
result = {'success': True,
'html': html,
'message': results['message']}
else:
message = "Error adding object: %s" % results['message']
result = {'success': False, 'message': message}
if request.is_ajax():
return HttpResponse(json.dumps(result),
mimetype="application/json")
else:
return render_to_response("file_upload_response.html",
{'response': json.dumps(result)},
RequestContext(request))
else:
error = "Expected POST"
return render_to_response("error.html",
{"error" : error },
RequestContext(request))
def bulk_add_object_inline(request):
"""
Bulk add objects inline.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
all_obj_type_choices = [(c[0], c[0], {'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False, query={'datatype.file':{'$exists':0}})]
formdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
if request.method == "POST" and request.is_ajax():
response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict)
secondary_data_array = response.get('secondary')
if secondary_data_array:
latest_secondary_data = secondary_data_array[-1]
class_type = class_from_id(latest_secondary_data['type'], latest_secondary_data['id'])
subscription = {'type': latest_secondary_data['type'],
'id': latest_secondary_data['id'],
'value': latest_secondary_data['id']}
object_listing_html = render_to_string('objects_listing_widget.html',
{'objects': class_type.sort_objects(),
'subscription': subscription},
RequestContext(request))
response['html'] = object_listing_html
is_relationship_made = False
for secondary_data in secondary_data_array:
if secondary_data.get('relationships'):
is_relationship_made = True
break
if is_relationship_made == True:
rel_html = render_to_string('relationships_listing_widget.html',
{'relationship': subscription,
'relationships': class_type.sort_relationships(request.user, meta=True)},
RequestContext(request))
response['rel_msg'] = rel_html
response['rel_made'] = True
return HttpResponse(json.dumps(response,
default=json_handler),
mimetype='application/json')
else:
is_prevent_initial_table = request.GET.get('isPreventInitialTable', False)
is_use_item_source = request.GET.get('useItemSource', False)
if is_use_item_source == True or is_use_item_source == "true":
otype = request.GET.get('otype')
oid = request.GET.get('oid')
# Get the item with the type and ID from the database
obj = class_from_id(otype, oid)
if obj:
source_field_name = get_source_field_for_class(otype)
if source_field_name:
# If the item has a source, then use the source value
# to set as the default source
if hasattr(obj, "source"):
source_field = get_field_from_label("source", formdict)
earliest_source = None
earliest_date = None
# Get the earliest source, compared by date
for source in obj.source:
for source_instance in source.instances:
if earliest_source == None or source_instance.date < earliest_date:
earliest_date = source_instance.date
earliest_source = source
if earliest_source:
source_field['initial'] = earliest_source.name
return render_to_response('bulk_add_object_inline.html',
{'formdict': formdict,
'title': "Bulk Add Objects",
'is_prevent_initial_table': is_prevent_initial_table,
'table_name': 'object_inline'},
RequestContext(request))
def upload_indicator(request):
"""
Upload new indicators (individual, blob, or CSV file).
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
:class:`django.http.HttpResponseRedirect`
"""
if request.method == "POST":
username = request.user.username
failed_msg = ''
result = None
if request.POST['svalue'] == "Upload CSV":
form = UploadIndicatorCSVForm(username, request.POST,
request.FILES)
if form.is_valid():
result = handle_indicator_csv(request.FILES['filedata'],
request.POST['source'],
request.POST['method'],
request.POST['reference'],
"file",
username,
add_domain=True)
if result['success']:
message = {
'message':
('<div>%s <a href="%s">Go to all indicators</a>'
'.</div>' %
(result['message'],
reverse('crits.indicators.views.indicators_listing'))
)
}
else:
failed_msg = '<div>%s</div>' % result['message']
if request.POST['svalue'] == "Upload Text":
form = UploadIndicatorTextForm(username, request.POST)
if form.is_valid():
result = handle_indicator_csv(request.POST['data'],
request.POST['source'],
request.POST['method'],
request.POST['reference'],
"ti",
username,
add_domain=True)
if result['success']:
message = {
'message':
('<div>%s <a href="%s">Go to all indicators</a>'
'.</div>' %
(result['message'],
reverse('crits.indicators.views.indicators_listing'))
)
}
else:
failed_msg = '<div>%s</div>' % result['message']
if request.POST['svalue'] == "Upload Indicator":
all_ind_type_choices = [(c[0], c[0], {
'datatype': c[1].keys()[0],
'datatype_value': c[1].values()[0]
}) for c in get_object_types(
active=False, query={'datatype.file': {
'$exists': 0
}})]
form = UploadIndicatorForm(username, all_ind_type_choices,
request.POST)
if form.is_valid():
result = handle_indicator_ind(
request.POST['value'],
request.POST['source'],
request.POST['reference'],
request.POST['indicator_type'],
username,
request.POST['method'],
add_domain=True,
campaign=request.POST['campaign'],
campaign_confidence=request.POST['campaign_confidence'],
confidence=request.POST['confidence'],
impact=request.POST['impact'],
bucket_list=request.POST[
form_consts.Common.BUCKET_LIST_VARIABLE_NAME],
ticket=request.POST[
form_consts.Common.TICKET_VARIABLE_NAME])
if result['success']:
indicator_link = '<a href=\"%s\">Go to this indicator</a> or <a href="%s">all indicators</a>.</div>' % (
reverse('crits.indicators.views.indicator',
args=[result['objectid']]),
reverse('crits.indicators.views.indicators_listing'))
if result.get('is_new_indicator', False) == False:
message = {
'message':
('<div>Warning: Updated indicator since indicator already exists! '
+ indicator_link)
}
else:
message = {
'message': ('<div>Indicator added successfully! ' +
indicator_link)
}
else:
failed_msg = result['message']
if result == None or not result['success']:
failed_msg += (
'<a href="%s">Go to all indicators</a>'
'.</div>' %
reverse('crits.indicators.views.indicators_listing'))
message = {'message': failed_msg, 'form': form.as_table()}
elif result != None:
message['success'] = result['success']
if request.is_ajax():
return HttpResponse(json.dumps(message),
mimetype="application/json")
else: #file upload
return render_to_response('file_upload_response.html',
{'response': json.dumps(message)},
RequestContext(request))
Split the name and type into their separate parts.
:param full_name: The full name of the ObjectType.
:type full_name: str
:returns: list of [<name>, <type>]
"""
split_name = full_name.split(" - ")
# if len(split_name) == 1, name and type are the same
return split_name * 2 if len(split_name) == 1 else split_name
all_obj_type_choices = [(c[0], c[0], {
'datatype': c[1].keys()[0],
'datatype_value': c[1].values()[0]
}) for c in get_object_types(False)]
def validate_and_add_new_handler_object(data,
rowData,
request,
errors,
row_counter,
is_validate_only=False,
is_sort_relationships=False,
cache={},
obj=None):
"""
Validate an object and then add it to the database.
:param data: The data for the object.
import re
from datetime import datetime
from django.conf import settings
from django import forms
from django.forms.util import ErrorList
from crits.campaigns.campaign import Campaign
from crits.core import form_consts
from crits.core.forms import add_bucketlist_to_form, add_ticket_to_form
from crits.core.widgets import CalWidget
from crits.core.handlers import get_source_names, get_item_names, get_object_types
from crits.core.user_tools import get_user_organization
from crits.domains.domain import Domain
ip_choices = [(c[0], c[0]) for c in get_object_types(active=False, query={'type':'Address', 'name':{'$in':['cidr', re.compile('^ipv')]}})]
class TLDUpdateForm(forms.Form):
"""
Django form for updating TLD entries.
"""
error_css_class = 'error'
required_css_class = 'required'
filedata = forms.FileField()
class AddDomainForm(forms.Form):
"""
Django form for adding a domain.
"""
def upload_indicator(request):
"""
Upload new indicators (individual, blob, or CSV file).
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
:class:`django.http.HttpResponseRedirect`
"""
if request.method == "POST":
username = request.user.username
failed_msg = ''
result = None;
if request.POST['svalue'] == "Upload CSV":
form = UploadIndicatorCSVForm(username,
request.POST,
request.FILES)
if form.is_valid():
result = handle_indicator_csv(request.FILES['filedata'],
request.POST['source'],
request.POST['method'],
request.POST['reference'],
"file",
username,
add_domain=True)
if result['success']:
message = {'message': ('<div>%s <a href="%s">Go to all indicators</a>'
'.</div>' % (result['message'],
reverse('crits.indicators.views.indicators_listing')))}
else:
failed_msg = '<div>%s</div>' % result['message']
if request.POST['svalue'] == "Upload Text":
form = UploadIndicatorTextForm(username,
request.POST)
if form.is_valid():
result = handle_indicator_csv(request.POST['data'],
request.POST['source'],
request.POST['method'],
request.POST['reference'],
"ti",
username,
add_domain=True)
if result['success']:
message = {'message': ('<div>%s <a href="%s">Go to all indicators</a>'
'.</div>' % (result['message'],
reverse('crits.indicators.views.indicators_listing')))}
else:
failed_msg = '<div>%s</div>' % result['message']
if request.POST['svalue'] == "Upload Indicator":
all_ind_type_choices = [(c[0],
c[0],
{'datatype': c[1].keys()[0],
'datatype_value': c[1].values()[0]}) for c in get_object_types(active=False, query={'datatype.file':{'$exists':0}})]
form = UploadIndicatorForm(username,
all_ind_type_choices,
request.POST)
if form.is_valid():
result = handle_indicator_ind(request.POST['value'],
request.POST['source'],
request.POST['reference'],
request.POST['indicator_type'],
username,
request.POST['method'],
add_domain=True,
campaign=request.POST['campaign'],
campaign_confidence=request.POST['campaign_confidence'],
confidence=request.POST['confidence'],
impact=request.POST['impact'],
bucket_list=request.POST[form_consts.Common.BUCKET_LIST_VARIABLE_NAME],
ticket=request.POST[form_consts.Common.TICKET_VARIABLE_NAME])
if result['success']:
indicator_link = '<a href=\"%s\">Go to this indicator</a> or <a href="%s">all indicators</a>.</div>' % (reverse('crits.indicators.views.indicator', args=[result['objectid']]), reverse('crits.indicators.views.indicators_listing'));
if result.get('is_new_indicator', False) == False:
message = {'message': ('<div>Warning: Updated indicator since indicator already exists! ' + indicator_link)}
else:
message = {'message': ('<div>Indicator added successfully! ' + indicator_link)}
else:
failed_msg = result['message']
if result == None or not result['success']:
failed_msg += ('<a href="%s">Go to all indicators</a>'
'.</div>' % reverse('crits.indicators.views.indicators_listing'))
message = {'message': failed_msg, 'form': form.as_table()}
elif result != None:
message['success'] = result['success']
if request.is_ajax():
return HttpResponse(json.dumps(message),
mimetype="application/json")
else: #file upload
return render_to_response('file_upload_response.html',
{'response': json.dumps(message)},
RequestContext(request))
def bulk_add_object_inline(request):
"""
Bulk add objects inline.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
all_obj_type_choices = [
(c[0], c[0], {"datatype": c[1].keys()[0], "datatype_value": c[1].values()[0]})
for c in get_object_types(False, query={"datatype.file": {"$exists": 0}})
]
formdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
if request.method == "POST" and request.is_ajax():
response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict)
secondary_data_array = response.get("secondary")
if secondary_data_array:
latest_secondary_data = secondary_data_array[-1]
class_type = class_from_id(latest_secondary_data["type"], latest_secondary_data["id"])
subscription = {
"type": latest_secondary_data["type"],
"id": latest_secondary_data["id"],
"value": latest_secondary_data["id"],
}
object_listing_html = render_to_string(
"objects_listing_widget.html",
{"objects": class_type.sort_objects(), "subscription": subscription},
RequestContext(request),
)
response["html"] = object_listing_html
is_relationship_made = False
for secondary_data in secondary_data_array:
if secondary_data.get("relationships"):
is_relationship_made = True
break
if is_relationship_made == True:
rel_html = render_to_string(
"relationships_listing_widget.html",
{
"relationship": subscription,
"relationships": class_type.sort_relationships(request.user, meta=True),
},
RequestContext(request),
)
response["rel_msg"] = rel_html
response["rel_made"] = True
return HttpResponse(json.dumps(response, default=json_handler), mimetype="application/json")
else:
is_prevent_initial_table = request.GET.get("isPreventInitialTable", False)
is_use_item_source = request.GET.get("useItemSource", False)
if is_use_item_source == True or is_use_item_source == "true":
otype = request.GET.get("otype")
oid = request.GET.get("oid")
# Get the item with the type and ID from the database
obj = class_from_id(otype, oid)
if obj:
source_field_name = get_source_field_for_class(otype)
if source_field_name:
# If the item has a source, then use the source value
# to set as the default source
if hasattr(obj, "source"):
source_field = get_field_from_label("source", formdict)
earliest_source = None
earliest_date = None
# Get the earliest source, compared by date
for source in obj.source:
for source_instance in source.instances:
if earliest_source == None or source_instance.date < earliest_date:
earliest_date = source_instance.date
earliest_source = source
if earliest_source:
source_field["initial"] = earliest_source.name
return render_to_response(
"bulk_add_object_inline.html",
{
"formdict": formdict,
"title": "Bulk Add Objects",
"is_prevent_initial_table": is_prevent_initial_table,
"table_name": "object_inline",
},
RequestContext(request),
)
def add_new_object(request):
"""
Add a new object.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST":
analyst = "%s" % request.user
result = ""
message = ""
my_type = request.POST["otype"]
all_obj_type_choices = [
(c[0], c[0], {"datatype": c[1].keys()[0], "datatype_value": c[1].values()[0]})
for c in get_object_types(False)
]
form = AddObjectForm(analyst, all_obj_type_choices, request.POST, request.FILES)
if not form.is_valid() and not "value" in request.FILES:
message = "Invalid Form: %s" % form.errors
form = form.as_table()
response = json.dumps({"message": message, "form": form, "success": False})
if request.is_ajax():
return HttpResponse(response, mimetype="application/json")
else:
return render_to_response("file_upload_response.html", {"response": response}, RequestContext(request))
source = request.POST["source"]
oid = request.POST["oid"]
ot_array = request.POST["object_type"].split(" - ")
object_type = ot_array[0]
name = ot_array[1] if len(ot_array) == 2 else ot_array[0]
method = request.POST["method"]
reference = request.POST["reference"]
add_indicator = request.POST.get("add_indicator", None)
data = None
# if it was a file upload, handle the file appropriately
if "value" in request.FILES:
data = request.FILES["value"]
value = request.POST.get("value", None)
if isinstance(value, basestring):
value = value.strip()
results = add_object(
my_type,
oid,
object_type,
name,
source,
method,
reference,
analyst,
value=value,
file_=data,
add_indicator=add_indicator,
is_sort_relationships=True,
)
if results["success"]:
subscription = {"type": my_type, "id": oid}
if results.get("relationships", None):
relationship = {"type": my_type, "value": oid}
relationships = results["relationships"]
html = render_to_string(
"objects_listing_widget.html",
{"objects": results["objects"], "relationships": relationships, "subscription": subscription},
RequestContext(request),
)
result = {"success": True, "html": html, "message": results["message"]}
rel_msg = render_to_string(
"relationships_listing_widget.html",
{"relationship": relationship, "nohide": True, "relationships": relationships},
RequestContext(request),
)
result["rel_made"] = True
result["rel_msg"] = rel_msg
else:
html = render_to_string(
"objects_listing_widget.html",
{"objects": results["objects"], "subscription": subscription},
RequestContext(request),
)
result = {"success": True, "html": html, "message": results["message"]}
else:
message = "Error adding object: %s" % results["message"]
result = {"success": False, "message": message}
if request.is_ajax():
return HttpResponse(json.dumps(result), mimetype="application/json")
else:
return render_to_response(
"file_upload_response.html", {"response": json.dumps(result)}, RequestContext(request)
)
else:
error = "Expected POST"
return render_to_response("error.html", {"error": error}, RequestContext(request))
def bulk_add_object_inline(request):
"""
Bulk add objects inline.
:param request: The Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
all_obj_type_choices = [(c[0], c[0], {'datatype':c[1].keys()[0],
'datatype_value':c[1].values()[0]}
) for c in get_object_types(False, query={'datatype.file':{'$exists':0}})]
formdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices))
if request.method == "POST" and request.is_ajax():
response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict)
secondary_data_array = response.get('secondary')
if secondary_data_array:
latest_secondary_data = secondary_data_array[-1]
class_type = class_from_id(latest_secondary_data['type'], latest_secondary_data['id'])
subscription = {'type': latest_secondary_data['type'],
'id': latest_secondary_data['id'],
'value': latest_secondary_data['id']}
object_listing_html = render_to_string('objects_listing_widget.html',
{'objects': class_type.sort_objects(),
'subscription': subscription},
RequestContext(request))
response['html'] = object_listing_html
is_relationship_made = False
for secondary_data in secondary_data_array:
if secondary_data.get('relationships'):
is_relationship_made = True
break
if is_relationship_made == True:
rel_html = render_to_string('relationships_listing_widget.html',
{'relationship': subscription,
'relationships': class_type.sort_relationships(request.user, meta=True)},
RequestContext(request))
response['rel_msg'] = rel_html
response['rel_made'] = True
return HttpResponse(json.dumps(response,
default=json_handler),
mimetype='application/json')
else:
is_prevent_initial_table = request.GET.get('isPreventInitialTable', False)
is_use_item_source = request.GET.get('useItemSource', False)
if is_use_item_source == True or is_use_item_source == "true":
otype = request.GET.get('otype')
oid = request.GET.get('oid')
# Get the item with the type and ID from the database
obj = class_from_id(otype, oid)
if obj:
source_field_name = get_source_field_for_class(otype)
if source_field_name:
# If the item has a source, then use the source value
# to set as the default source
if hasattr(obj, "source"):
source_field = get_field_from_label("source", formdict)
earliest_source = None
earliest_date = None
# Get the earliest source, compared by date
for source in obj.source:
for source_instance in source.instances:
if earliest_source == None or source_instance.date < earliest_date:
earliest_date = source_instance.date
earliest_source = source
if earliest_source:
source_field['initial'] = earliest_source.name
return render_to_response('bulk_add_object_inline.html',
{'formdict': formdict,
'title': "Bulk Add Objects",
'is_prevent_initial_table': is_prevent_initial_table,
'table_name': 'object_inline'},
RequestContext(request))
