def export_threat_rulebase(package, layer, layer_uid, client): data_dict = {} debug_log("Exporting Threat Layer [" + layer + "]", True) layer_settings, _, rulebase_rules, general_objects = \ get_query_rulebase_data(client, "threat-rulebase", {"name": layer, "uid": layer_uid, "package": package}) if not layer_settings: return None, None exception_groups = [] object_dictionary, unexportable_objects, exportable_types = \ get_objects(general_objects, client.api_version) debug_log("Processing rules and exceptions", True) for rulebase_rule in rulebase_rules: replace_rule_field_uids_by_name(rulebase_rule, general_objects) if "exceptions" in rulebase_rule: exceptions_data_dict, exceptions_unexportable_objects = \ export_threat_exception_rulebase(package, layer, layer_uid, rulebase_rule, exception_groups, client) if not exceptions_data_dict: continue merge_data(data_dict, exceptions_data_dict) merge_data(unexportable_objects, exceptions_unexportable_objects) cleanse_object_dictionary(object_dictionary) for api_type in exportable_types: debug_log( "Exporting " + singular_to_plural_dictionary[client.api_version][api_type] + " from layer [" + layer + "]", True) export_general_objects(data_dict, api_type, object_dictionary[api_type], unexportable_objects, client) debug_log("Exporting threat rules from layer [" + layer + "]", True) format_and_merge_data(data_dict, rulebase_rules) debug_log("Exporting Exception-Groups used in layer [" + layer + "]", True) format_and_merge_exception_groups(data_dict, exception_groups) debug_log("Exporting placeholders for unexportable objects from layer [" + layer + "]", True) format_and_merge_unexportable_objects(data_dict, unexportable_objects) debug_log("Exporting layer settings of layer [" + layer + "]", True) format_and_merge_data(data_dict, [layer_settings]) debug_log("Done exporting layer '" + layer + "'.\n", True) clean_objects(data_dict) return data_dict, unexportable_objects
def export_threat_exception_rulebase(package, layer, threat_rule, exception_groups, client): data_dict = {} debug_log( "Exporting Exception-Rulebase from Threat-Rule #" + str(threat_rule["position"]) + " in Threat-Layer[" + layer + "]", True) layer_settings, rulebase_sections, rulebase_rules, general_objects = \ get_query_rulebase_data(client, "threat-rule-exception-rulebase", {"name": layer, "package": package, "rule-uid": threat_rule["uid"]}) if not layer_settings: return None, None object_dictionary, unexportable_objects, exportable_types = \ get_objects(general_objects, client.api_version) to_position = None debug_log("Processing exceptions", True) for rulebase_object in rulebase_sections + rulebase_rules: if "exception" in rulebase_object["type"]: replace_exception_data(rulebase_object, general_objects, layer=layer, rule_number=threat_rule["position"]) elif "section" in rulebase_object["type"]: position_in_group = 1 for rule in rulebase_object["rulebase"]: replace_exception_data(rule, general_objects, group=rulebase_object["name"], position_in_group=position_in_group) position_in_group += 1 if rulebase_object["name"] == "Global Exceptions": continue show_group_reply = client.api_call( "show-exception-group", payload={"name": rulebase_object["name"]}) if rulebase_object["from"]: group_position = rulebase_object["from"] else: group_position = to_position if to_position else "top" to_position = rulebase_object["to"] if rulebase_object[ "to"] else to_position if rulebase_object["name"] not in [ x["name"] for x in exception_groups ]: show_group_reply.data["positions"] = [] if show_group_reply.data[ "apply-on"] == "manually-select-threat-rules": show_group_reply.data["applied-threat-rules"] = [] exception_groups.append(show_group_reply.data) group_index = next(index for (index, d) in enumerate(exception_groups) if d['name'] == show_group_reply.data['name']) exception_groups[group_index]["positions"].append(group_position) if exception_groups[group_index][ "apply-on"] == "manually-select-threat-rules": exception_groups[group_index]["applied-threat-rules"].append({ "layer": layer, "rule-number": str(threat_rule["position"]) }) cleanse_object_dictionary(object_dictionary) for api_type in exportable_types: debug_log( "Exporting " + singular_to_plural_dictionary[client.api_version][api_type] + " from layer [" + layer + "]", True) export_general_objects(data_dict, api_type, object_dictionary[api_type], unexportable_objects, client) debug_log("Exporting threat exceptions from layer [" + layer + "]", True) format_and_merge_data(data_dict, rulebase_rules) debug_log( "Exporting placeholders for unexportable objects from layer [" + layer + "]", True) format_and_merge_unexportable_objects(data_dict, unexportable_objects) debug_log("Exporting layer settings of layer [" + layer + "]", True) format_and_merge_data(data_dict, [layer_settings]) debug_log("Done exporting layer '" + layer + "'.\n", True) clean_objects(data_dict) return data_dict, unexportable_objects
def export_access_rulebase(package, layer, layer_uid, client, timestamp, tar_file): data_dict = {} debug_log("Exporting Access Layer [" + layer + "]", True) layer_settings, rulebase_sections, rulebase_rules, general_objects = \ get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package}) if not layer_settings: return None, None object_dictionary, unexportable_objects, exportable_types = \ get_objects(general_objects, client.api_version) to_position = None debug_log("Processing rules and sections", True) for rulebase_item in rulebase_sections + rulebase_rules: if "rule" in rulebase_item["type"]: replace_rule_field_uids_by_name(rulebase_item, general_objects) elif "section" in rulebase_item["type"]: if "from" in rulebase_item: rulebase_item["position"] = rulebase_item["from"] else: rulebase_item[ "position"] = to_position if to_position else "top" to_position = rulebase_item[ "to"] if "to" in rulebase_item else to_position cleanse_object_dictionary(object_dictionary) if "access-layer" in object_dictionary: for access_layer in object_dictionary["access-layer"]: debug_log("Exporting Inline-Layer [" + access_layer["name"] + "]", True) inner_data_dict, inner_unexportable_objects = \ export_access_rulebase(package, access_layer["name"], access_layer["uid"], client, timestamp, tar_file) layer_tar_name = \ create_tar_file(access_layer, inner_data_dict, timestamp, ["access-rule", "access-section"], client.api_version) inner_data_dict.pop("access-rule", None) inner_data_dict.pop("access-section", None) merge_data(data_dict, inner_data_dict) merge_data(unexportable_objects, inner_unexportable_objects) tar_file.add(layer_tar_name) os.remove(layer_tar_name) for api_type in exportable_types: debug_log( "Exporting " + singular_to_plural_dictionary[client.api_version][api_type] + " from layer [" + layer + "]", True) export_general_objects(data_dict, api_type, object_dictionary[api_type], unexportable_objects, client) debug_log("Exporting access rules from layer [" + layer + "]", True) format_and_merge_data(data_dict, rulebase_rules) debug_log("Exporting access sections from layer [" + layer + "]", True) for rulebase_section in rulebase_sections: debug_log("rulebase_sections contains: " + (rulebase_section["name"] if "name" in rulebase_section else "no-name section")) format_and_merge_data(data_dict, rulebase_sections) debug_log( "Exporting placeholders for unexportable objects from layer [" + layer + "]", True) format_and_merge_unexportable_objects(data_dict, unexportable_objects) debug_log("Exporting layer settings of layer [" + layer + "]", True) format_and_merge_data(data_dict, [layer_settings]) debug_log("Done exporting layer '" + layer + "'.\n", True) clean_objects(data_dict) return data_dict, unexportable_objects