def recover_site(file, params):
old_site = Site(json.load(file))
if params['domain'] is None:
print('Restoring {0}'.format(old_site.domain))
params['domain'] = old_site.domain
else:
print('Creating {0} from {1} template'.format(params['domain'],
old_site.domain))
result = create(params)
if int(result.get('res')) != 0:
logging.error('%s was not created, please review logs.' %
params['domain'])
err = IncapError(result)
err.log()
else:
new_site = Site(result) or None
print('Created: %s, ID: %s ' %
(new_site.get_domain(), str(new_site.get_id())))
acl = ACL(old_site.security, new_site.site_id)
acl.update()
sec = Security(old_site.security, new_site.site_id)
sec.update()
if old_site.incap_rules is not []:
for rule in old_site.incap_rules:
logging.debug('Incap Rule JSON Response: {}'.format(
json.dumps(rule, indent=4)))
incap_rule = IncapRule(rule)
incap_rule_params = incap_rule.set_param(new_site.site_id)
incap_rule.create_incap_rule(incap_rule_params)
def c_site(args):
output = 'Creating site: {0}'. format(args.domain)
logging.basicConfig(format='%(levelname)s - %(message)s', level=getattr(logging, args.log.upper()))
print(output)
param = {
"api_id": args.api_id,
"api_key": args.api_key,
"account_id": args.account_id,
"force_ssl": args.force_ssl,
"ref_id": args.ref_id,
"send_site_setup_emails": args.send_site_setup_emails,
"site_ip": args.site_ip,
"log_level": args.log_level,
"logs_account_id": args.logs_account_id,
"domain": args.domain
}
result = create(param)
if result.get('res') != 0:
err = IncapError(result)
err.log()
return err
else:
site = Site(result)
print('Created: %s, ID: %s ' % (site.get_domain(), str(site.get_id())))
return site
def u_security(args):
output = 'Update site {0} security configuration.'.format(args.site_id)
logging.basicConfig(format='%(levelname)s - %(message)s',
level=getattr(logging, args.log.upper()))
print(output)
if args.rule_id == 'ddos' and args.activation_mode == '':
logging.warning(
'Activation mode param is required:\n'
'activation_mode=api.threats.ddos.activation_mode.auto\n'
'activation_mode=api.threats.ddos.activation_mode.off\n'
'activation_mode=api.threats.ddos.activation_mode.on')
exit(0)
activation_mode = ''
rule_id = ''
security_rule_action = ''
if args.activation_mode:
activation_mode = 'api.threats.ddos.activation_mode.' + args.activation_mode
if args.rule_id:
rule_id = 'api.threats.' + args.rule_id
if args.security_rule_action:
security_rule_action = 'api.threats.action.' + args.security_rule_action
param = {
"api_id": args.api_id,
"api_key": args.api_key,
"site_id": args.site_id,
"rule_id": rule_id,
"block_bad_bots": args.block_bad_bots,
"challenge_suspected_bots": args.challenge_suspected_bots,
"activation_mode": activation_mode,
"security_rule_action": security_rule_action,
"quarantined_urls": args.quarantined_urls,
"ddos_traffic_threshold": args.ddos_traffic_threshold
}
result = update(param)
if result.get('res') != 0:
err = IncapError(result)
err.log()
else:
site = Site(result)
print('Updated {} Security(WAF) Rule for {}.'.format(
args.rule_id.replace('_', ' '), site.get_domain()))
return site
def r_site(args):
output = 'Get site status for ID = {0}'.format(args.site_id)
logging.basicConfig(format='%(levelname)s - %(message)s',
level=getattr(logging, args.log.upper()))
print(output)
param = {
"api_id": args.api_id,
"api_key": args.api_key,
"tests": args.tests,
"site_id": args.site_id
}
result = read(param)
if result.get('res') != 0:
err = IncapError(result)
err.log()
return err
else:
site = Site(result)
site.log()
return site
def u_whitelist(args):
output = 'Update whitelist rule ID={0}.'.format(args.rule_id)
logging.basicConfig(format='%(levelname)s - %(message)s',
level=getattr(logging, args.log.upper()))
print(output)
rule_id = ''
if "listed" in args.rule_id:
rule_id = 'api.acl.' + args.rule_id
else:
rule_id = 'api.threats.' + args.rule_id
param = {
"api_id": args.api_id,
"api_key": args.api_key,
"site_id": args.site_id,
"rule_id": rule_id,
"urls": args.urls,
"countries": args.countries,
"continents": args.continents,
"ips": args.ips,
"whitelist_id": args.whitelist_id,
"delete_whitelist": args.delete_whitelist,
"client_app_types": args.client_app_types,
"client_apps": args.client_apps,
"parameters": args.parameters,
"user_agents": args.user_agents
}
result = update(param)
if result.get('res') != 0:
err = IncapError(result)
err.log()
return err
else:
site = Site(result)
# for rule in site.waf_rules:
# logging.debug('Rule JSON: {}'.format(rule, indent=4))
# if rule['id'] == args.rule_id:
# logging.debug('WAF Rules: {}'.format(site.get_waf_rules()))
# print('WAF Rule Name: {} has the following exceptions:'.format(rule['name']))
# for exceptions in rule['exceptions']:
# logging.debug('Exception ID: {}'.format(exceptions['id']))
# for exception in exceptions['values']:
# value = IncapException(exception)
# print("Exception Type: {}".format(value.id.replace('api.rule_exception_type.', '').replace('_', ' ')))
#logging.debug('WAF Rules: {}'.format(site.get_waf_rules()))
print('Updated successful')
return site
def r_site(args):
output = 'Get site status for ID = {0}'.format(args.site_id)
logging.basicConfig(format='%(levelname)s - %(message)s',
level=getattr(logging, args.log.upper()))
print(output)
param = vars(args)
result = read(param)
if int(result.get('res')) != 0:
err = IncapError(result)
err.log()
return err
else:
#
# format_site = TableFormatter(headers=['domain', 'status', 'site_id', 'account_id',
# 'acceleration_level', 'site_creation_date', 'active',
# 'support_all_tls_versions', 'extended_ddos', 'log_level']
# , data=[result])
# PrintTable(label='Sites', data=format_site.headers).print_all()
site = Site(result)
site.log()
return site
def create_filename(filename, site):
site = Site(site)
if filename == "{site_id}_{domain}":
return "{}_{}".format(site.domain, site.site_id)
elif filename == "{domain}":
return "{}".format(site.domain)
elif filename == "{site_id}":
return "{}".format(site.site_id)
elif filename.startswith(
"{site_id}_{domain}") and not filename.endswith("_{date}"):
return "{}_{}_{}".format(
site.site_id, site.domain,
filename.replace("{site_id}_{domain}", '').replace('.', '_'))
else:
return "{}_{}_{}".format(site.site_id, site.domain,
time.strftime("%Y%m%d-%H%M%S"))
def u_acl(args):
param = vars(args)
#action = param['do']
output = 'Update ACL rule: {0}'. format(args.rule_id)
logging.basicConfig(format='%(levelname)s - %(message)s', level=getattr(logging, args.log.upper()))
print(output)
if args.rule_id == 'blacklisted_countries' and args.countries is None:
logging.warning("Black listing countries and/or continents requires --countries or --continent option.")
exit(0)
if args.rule_id == 'blacklisted_urls' and (args.url_patterns is None and args.urls != ''):
logging.warning("Black listing urls requires --url_patterns or --urls option.")
exit(0)
param['rule_id'] = 'api.acl.' + args.rule_id
# param = {
# "api_id": args.api_id,
# "api_key": args.api_key,
# "site_id": args.site_id,
# "rule_id": 'api.acl.' + args.rule_id,
# "urls": args.urls,
# "url_patterns": args.url_patterns,
# "countries": args.countries,
# "continents": args.continents,
# "ips": args.ips
# }
result = update(param)
if int(result.get('res')) != 0:
err = IncapError(result)
err.log()
else:
site = Site(result)
print('Updated {} ACL Rule for {}.'.format(args.rule_id.replace('_', ' '), site.domain))
return site
def u_whitelist(args):
param = vars(args)
#action = param['do']
output = 'Update whitelist rule ID={0}.'.format(args.rule_id)
logging.basicConfig(format='%(levelname)s - %(message)s',
level=getattr(logging, args.log.upper()))
print(output)
rule_id = ''
if "listed" in args.rule_id:
param['rule_id'] = 'api.acl.' + args.rule_id
else:
param['rule_id'] = 'api.threats.' + args.rule_id
result = update(param)
if int(result.get('res')) != 0:
err = IncapError(result)
err.log()
return err
else:
site = Site(result)
print('Updated successful')
return site
def export(args):
output = 'Export site(s).'
logging.basicConfig(format='%(levelname)s - %(message)s',
level=getattr(logging, args.log.upper()))
print(output)
if args.site_id is None:
page = 0
end_page = 0
param = vars(args)
param['page_size'] = 100
param['site_id'] = ''
while True:
param['page_num'] = page
from Sites.rSites import read
result = read(param)
if int(result.get('res')) != 0:
err = IncapError(result)
err.log()
return err
elif result['sites']:
start_page = (end_page + 1)
end_page += len(result['sites'])
print("Exporting pages from {} to {}".format(
start_page, end_page))
for site in result['sites']:
if args.path is None:
path = os.getenv(
"IMPV_REPO",
IncapConfigurations.get_config(
param["profile"], 'repo'))
if not path:
logging.warning('No path was provided.')
exit(0)
else:
path = args.path
filename = args.filename
export_site(site, path, filename, args)
page += 1
else:
break
else:
args.do = 'status'
result = Site.commit(args, True) # read(param)
if int(result.get('res')) != 0:
err = IncapError(result)
err.log()
return err
else:
if args.path is None:
path = os.getenv(
"IMPV_REPO",
IncapConfigurations.get_config(args.profile, 'repo'))
if not path:
logging.warning('No path was provided.')
exit(0)
else:
path = args.path
filename = args.filename
export_site(result, path, filename, args)