def process_rule(single_rule, rule_dict): # Break a rule down in to sections new_rule = Rule() new_rule.rule_name = single_rule.split('{')[0].replace('rule ', '') new_rule.rule_category = rule_dict['rule_category'] new_rule.rule_source = rule_dict['rule_source'] new_rule.rule_version = 1 new_rule.save() rule_id = new_rule.id # MetaData meta_list = re.findall('meta:(.*)strings:', single_rule, re.DOTALL) if len(meta_list) > 0: with transaction.commit_on_success(): for line in meta_list[0].split('\n'): if '=' in line: meta_lines = line.split('=') key = meta_lines[0] try: value = re.findall('"(.*)"', line)[0] except: value = meta_lines[1] rule_meta = MetaData(rule=new_rule, meta_key=key.strip(), meta_value=value.strip()) rule_meta.save() # Strings string_list = re.findall('strings:(.*)condition:', single_rule, re.DOTALL) if len(string_list) > 0: with transaction.commit_on_success(): for line in string_list[0].split('\n'): if '=' in line: string_type = False # get the string ID key = line.split('=')[0].strip() string_data = line.split('=')[1] string_nocase = string_wide = string_full = string_ascii = False if string_data.strip().startswith('"'): standard_string = re.findall('"(.*)"', line) if len(standard_string) != 0: string_type = 'String' string_value = standard_string[0] if 'nocase' in line.split('"')[-1]: string_nocase = True if 'wide' in line.split('"')[-1]: string_wide = True if 'fullword' in line.split('"')[-1]: string_full = True if 'ascii' in line.split('"')[-1]: string_ascii = True # Check for a hex string if not string_type and string_data.strip().startswith('{'): hex_string = re.findall('{(.*)}', line) if len(hex_string) != 0: string_type = 'Hex' string_value = hex_string[0] # Check for a regex # This has an annoying habbit of matching comments if not string_type and string_data.strip().startswith('/'): reg_string = re.findall('/(.*)/', line) if len(reg_string) != 0: if reg_string[0] not in ['', '/']: string_type = 'RegEx' string_value = reg_string[0] if string_type: rule_strings = RuleStrings(rule=new_rule, string_type=string_type, string_name=key, string_value=string_value, string_nocase=string_nocase, string_wide=string_wide, string_full=string_full, string_ascii=string_ascii) rule_strings.save() # Condition condition = re.findall('condition:(.*)}', single_rule, re.DOTALL) condition = condition[0].strip() cond_string = Condition(rule=new_rule, condition=condition) cond_string.save() # Store the category cat_list = [] for name in Category.objects.all(): cat_list.append(name.cat_name) if rule_dict['rule_category'] not in cat_list: cat = Category(cat_name=rule_dict['rule_category']) cat.save()
def post_data(request, add_type): """ Add Type is passed via the URI Valid Types and actions are: rule - new, update """ # If not authenticated if not request.user.is_authenticated(): error_line = "You need to be logged in to perform that action" return render(request, 'error.html', {'error': error_line}) # Get all the POST Vars action = request.POST['action'] if add_type == 'rule': rule_id = request.POST['rule_id'] if action == 'delete': Rule.objects.filter(id=rule_id).delete() return redirect('/') if action == 'new': # need to get the rule details in to post before i look at this. pass elif action == 'update': rule = Rule.objects.get(pk=rule_id) rule.rule_version += 1 rule_condition = Condition.objects.get(rule=rule) rule.save() else: error_line = "Not a valid Action Type" return render(request, 'error.html', {'error': error_line}) #meta data meta_ids = request.POST.getlist('meta_id') meta_values = request.POST.getlist('metaValues') meta_keys = request.POST.getlist('metaKeys') meta_save = [] for i in range(len(meta_values)): if meta_ids[i] == 'new': meta_data = MetaData() meta_data.rule = rule else: meta_data = MetaData.objects.get(pk=meta_ids[i]) meta_data.meta_key = meta_keys[i] meta_data.meta_value = meta_values[i] meta_data.save() meta_save.append(meta_data.id) # Delete Rows meta_db = rule.metadata_set.all() for obj in meta_db: if obj.id not in meta_save: print "dropping Meta with ID", obj.id MetaData.objects.filter(id=obj.id).delete() # Strings string_ids = request.POST.getlist('string_id') string_names = request.POST.getlist('stringName') string_values = request.POST.getlist('stringValues') string_nocases = request.POST.getlist('caseValues') string_wides = request.POST.getlist('wideValues') string_fulls = request.POST.getlist('fullValues') string_asciis = request.POST.getlist('asciiValues') # Collect the string vars string_save = [] for i in range(len(string_names)): if string_ids[i] == 'new': rule_strings = RuleStrings() rule_strings.rule = rule else: rule_strings = RuleStrings.objects.get(pk=string_ids[i]) rule_strings.string_name = string_names[i] rule_strings.string_value = string_values[i] rule_strings.string_nocase = True if string_nocases[i] == '1' else False rule_strings.string_wide = True if string_wides[i] == '1' else False rule_strings.string_full = True if string_fulls[i] == '1' else False rule_strings.string_ascii = True if string_asciis[i] == '1' else False rule_strings.save() string_save.append(rule_strings.id) # Delete Rows string_db = rule.rulestrings_set.all() for obj in string_db: if obj.id not in string_save: print "dropping String with ID", obj.id RuleStrings.objects.filter(id=obj.id).delete() return redirect('/rule/{0}'.format(rule_id)) # Add Rules if add_type == 'addfile': rule_file = request.FILES rule_source = request.POST['Source'] rule_category = request.POST['Category'] if rule_file and action == 'new': rule_file = rule_file['rule_file'] rule_data = rule_file.read() ruleparser.split_rules({'rule_data':rule_data, 'rule_source':rule_source, 'rule_category':rule_category}) return redirect('/')
def process_rule(single_rule, rule_dict): cat = AddNew_Tag(rule_dict['rule_category']) # Store the category # Break a rule down in to sections new_rule = Rule() # Unique hash body of rule new_rule.rule_hash = hashlib.sha256(single_rule.encode('utf8')).hexdigest() new_rule.rule_name = single_rule.split('{')[0].replace('rule ', '') new_rule.rule_source = rule_dict['rule_source'] new_rule.rule_version = 1 # With integrity error avoid duplicate try: new_rule.save() new_rule.rule_category.add(cat) except: # IntegrityError as e: return () rule_id = new_rule.id # MetaData meta_list = re.findall('meta:(.*)strings:', single_rule, re.DOTALL) if len(meta_list) > 0: with transaction.atomic(): for line in meta_list[0].split('\n'): if '=' in line: meta_lines = line.split('=') key = meta_lines[0] try: value = re.findall('"(.*)"', line)[0] except: value = meta_lines[1] rule_meta = MetaData(rule=new_rule, meta_key=key.strip(), meta_value=value.strip()) rule_meta.save() # Strings string_list = re.findall('strings:(.*)condition:', single_rule, re.DOTALL) if len(string_list) > 0: with transaction.atomic(): for line in string_list[0].split('\n'): if '=' in line: string_type = False # get the string ID key = line.split('=')[0].strip() string_data = line.split('=')[1] string_nocase = string_wide = string_full = string_ascii = False if string_data.strip().startswith('"'): standard_string = re.findall('"(.*)"', line) if len(standard_string) != 0: string_type = 'String' string_value = standard_string[0] if 'nocase' in line.split('"')[-1]: string_nocase = True if 'wide' in line.split('"')[-1]: string_wide = True if 'fullword' in line.split('"')[-1]: string_full = True if 'ascii' in line.split('"')[-1]: string_ascii = True # Check for a hex string if not string_type and string_data.strip().startswith('{'): hex_string = re.findall('{(.*)}', line) if len(hex_string) != 0: string_type = 'Hex' string_value = hex_string[0] # Check for a regex # This has an annoying habbit of matching comments if not string_type and string_data.strip().startswith('/'): reg_string = re.findall('/(.*)/', line) if len(reg_string) != 0: if reg_string[0] not in ['', '/']: string_type = 'RegEx' string_value = reg_string[0] if string_type: rule_strings = RuleStrings(rule=new_rule, string_type=string_type, string_name=key, string_value=string_value, string_nocase=string_nocase, string_wide=string_wide, string_full=string_full, string_ascii=string_ascii) rule_strings.save() # Condition condition = re.findall('condition:(.*)}', single_rule, re.DOTALL) condition = condition[0].strip() cond_string = Condition(rule=new_rule, condition=condition) cond_string.save()
def process_rule(single_rule, rule_dict): # Break a rule down in to sections new_rule = Rule() new_rule.rule_name = single_rule.split('{')[0].replace('rule ', '') new_rule.rule_category = rule_dict['rule_category'] new_rule.rule_source = rule_dict['rule_source'] new_rule.rule_version = 1 new_rule.save() rule_id = new_rule.id # MetaData meta_list = re.findall('meta:(.*)strings:', single_rule, re.DOTALL) if len(meta_list) > 0: with transaction.commit_on_success(): for line in meta_list[0].split('\n'): if '=' in line: meta_lines = line.split('=') key = meta_lines[0] try: value = re.findall('"(.*)"', line)[0] except: value = meta_lines[1] rule_meta = MetaData(rule=new_rule, meta_key=key.strip(), meta_value=value.strip()) rule_meta.save() # Strings string_list = re.findall('strings:(.*)condition:', single_rule, re.DOTALL) if len(string_list) > 0: with transaction.commit_on_success(): for line in string_list[0].split('\n'): if '=' in line: string_type = False # get the string ID key = line.split('=')[0].strip() string_data = line.split('=')[1] string_nocase = string_wide = string_full = string_ascii = False if string_data.strip().startswith('"'): standard_string = re.findall('"(.*)"', line) if len(standard_string) != 0: string_type = 'String' string_value = standard_string[0] if 'nocase' in line.split('"')[-1]: string_nocase = True if 'wide' in line.split('"')[-1]: string_wide = True if 'fullword' in line.split('"')[-1]: string_full = True if 'ascii' in line.split('"')[-1]: string_ascii = True # Check for a hex string if not string_type and string_data.strip().startswith('{'): hex_string = re.findall('{(.*)}', line) if len(hex_string) != 0: string_type = 'Hex' string_value = hex_string[0] # Check for a regex # This has an annoying habbit of matching comments if not string_type and string_data.strip().startswith('/'): reg_string = re.findall('/(.*)/', line) if len(reg_string) != 0: if reg_string[0] not in ['', '/']: string_type = 'RegEx' string_value = reg_string[0] if string_type: rule_strings = RuleStrings(rule=new_rule, string_type = string_type, string_name = key, string_value = string_value, string_nocase = string_nocase, string_wide = string_wide, string_full = string_full, string_ascii = string_ascii ) rule_strings.save() # Condition condition = re.findall('condition:(.*)}', single_rule, re.DOTALL) condition = condition[0].strip() cond_string = Condition(rule=new_rule, condition=condition) cond_string.save() # Store the category cat_list = [] for name in Category.objects.all(): cat_list.append(name.cat_name) if rule_dict['rule_category'] not in cat_list: cat = Category(cat_name=rule_dict['rule_category']) cat.save()