Esempio n. 1
0
def _objects_post(request, api_root_name, collection):
    try:
        if rh.get_version_from_content_type(request.META) < const.TAXII_VERSION:
            return taxii_resp.unsupported_media_type()
        stip_user = get_basic_auth(request.META)
        if not stip_user:
            return taxii_resp.unauhorized()
        content_length = rh.get_content_length(request.META)
        max_content_length = ApiRoot.get_max_content_length(api_root_name)
        if content_length > max_content_length:
            return taxii_resp.payload_too_large()
        try:
            community = collection.stip_meta['can_write_community']
        except Exception:
            return taxii_resp.server_error(Exception('No community for publish'))

        envelop = json.loads(request.body)
        taxii2_status = Status.create(envelop['objects'])

        args = [envelop, collection, taxii2_status, stip_user, community]
        th = threading.Thread(target=async_post, args=args)
        th.start()

        payload = taxii2_status.get_status()
        return taxii_resp.accepted(payload)
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 2
0
def object_(request, api_root_name, collection_id, object_id):
    try:
        if not ApiRoot.auth_check(request, api_root_name):
            return taxii_resp.unauhorized()
        collection = ApiRoot.get_collection(api_root_name, collection_id)
        if not collection:
            return taxii_resp.not_found()
        query = parse_query(request)
        if request.method == 'GET':
            if collection['can_read']:
                return _object_get(api_root_name, collection, object_id, query)
            else:
                return taxii_resp.forbidden()
        elif request.method == 'DELETE':
            if not collection['can_read'] and not collection['can_write']:
                return taxii_resp.not_found()
            if collection['can_read'] and not collection['can_write']:
                return taxii_resp.forbidden()
            if not collection['can_read'] and collection['can_write']:
                return taxii_resp.forbidden()
            return _object_delete(api_root_name, collection, object_id, query)
    except ApiRoot.DoesNotExist:
        return taxii_resp.not_found()
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 3
0
def _object_get(api_root_name, collection, object_id, query):
    try:
        envelop = {}
        envelop['more'] = False
        envelop['objects'] = []
        objects = []

        can_read_communities = _get_can_read_communities(collection)
        if StixObject.objects.filter(object_id=object_id, community__in=can_read_communities).count() == 0:
            return taxii_resp.not_found()

        query = _set_object_id_in_query(query, object_id)
        limit, next_ = _pagination_info(query)
        index = 0
        remaining, cursor = apply_filter(query, can_read_communities)
        for stix_object in cursor:
            if stix_object.deleted:
                continue
            objects.append(stix_object)
            envelop['objects'].append(stix_object.object_value)
            index += 1
            remaining -= 1
            if index == limit:
                if remaining > 0:
                    envelop['more'] = True
                    envelop['next'] = str(next_ + limit)
                break
        response_header = taxii_resp.get_response_header(objects)
        return taxii_resp.ok(envelop, response_header=response_header)
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 4
0
def _objects_get(api_root_name, collection, query):
    try:
        envelop = {}
        envelop['more'] = False
        envelop['objects'] = []
        objects = []

        limit, next_ = _pagination_info(query)
        index = 0
        remaining, cursor = apply_filter(
            query,
            _get_can_read_communities(collection))
        for stix_object in cursor:
            if stix_object.deleted:
                continue
            envelop['objects'].append(stix_object.object_value)
            objects.append(stix_object)
            index += 1
            remaining -= 1
            if index == limit:
                if remaining > 0:
                    envelop['more'] = True
                    envelop['next'] = str(next_ + limit)
                break
        response_header = taxii_resp.get_response_header(objects)
        return taxii_resp.ok(envelop, response_header=response_header)
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 5
0
def discovery(request):
    try:
        if not auth_check(request):
            return taxii_resp.unauhorized()
        payload = Discovery.get_discovery_response()
        return taxii_resp.ok(payload)
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 6
0
def api_root(request, api_root_name):
    try:
        if not ApiRoot.auth_check(request, api_root_name):
            return taxii_resp.unauhorized()
        api_root = ApiRoot.get_api_root(api_root_name)
        if api_root:
            return taxii_resp.ok(api_root)
        return taxii_resp.not_found()
    except ApiRoot.DoesNotExist:
        return taxii_resp.not_found()
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 7
0
def collection(request, api_root_name, collection_id):
    try:
        if not ApiRoot.auth_check(request, api_root_name):
            return taxii_resp.unauhorized()
        collection = ApiRoot.get_collection(api_root_name, collection_id)
        if collection:
            return taxii_resp.ok(collection.get_collection_info())
        return taxii_resp.not_found()
    except ApiRoot.DoesNotExist:
        return taxii_resp.not_found()
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 8
0
def collections(request, api_root_name):
    try:
        if not ApiRoot.auth_check(request, api_root_name):
            return taxii_resp.unauhorized()
        collections = ApiRoot.get_collections(api_root_name)
        if not collections:
            return taxii_resp.not_found()
        resp = {'collections': collections}
        return taxii_resp.ok(resp)
    except ApiRoot.DoesNotExist:
        return taxii_resp.not_found()
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 9
0
def versions(request, api_root_name, collection_id, object_id):
    try:
        if not ApiRoot.auth_check(request, api_root_name):
            return taxii_resp.unauhorized()
        collection = ApiRoot.get_collection(api_root_name, collection_id)
        if not collection:
            return taxii_resp.not_found()
        if not collection['can_read']:
            return taxii_resp.forbidden()

        can_read_communities = _get_can_read_communities(collection)
        if StixObject.objects.filter(object_id=object_id, community__in=can_read_communities).count() == 0:
            return taxii_resp.not_found()

        more = False
        query = parse_query(request)
        objects = []
        versions_list = []

        query = _set_object_id_in_query(query, object_id)
        limit, next_ = _pagination_info(query)
        index = 0
        remaining, cursor = apply_filter(query, can_read_communities)
        for doc in cursor:
            if doc.deleted:
                continue
            stix_objects = StixObject.objects.filter(
                object_id=doc.object_id,
                community__in=can_read_communities)
            for stix_object in stix_objects:
                if not stix_object.deleted:
                    objects.append(stix_object)
                    versions_list.append(stix_object.modified)
            index += 1
            remaining -= 1
            if index == limit:
                if remaining > 0:
                    more = True
                break

        versions = {}
        versions['more'] = more
        versions['versions'] = versions_list
        response_header = taxii_resp.get_response_header(objects)
        return taxii_resp.ok(versions, response_header=response_header)
    except ApiRoot.DoesNotExist:
        return taxii_resp.not_found()
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 10
0
def manifest(request, api_root_name, collection_id):
    try:
        if not ApiRoot.auth_check(request, api_root_name):
            return taxii_resp.unauhorized()
        collection = ApiRoot.get_collection(api_root_name, collection_id)
        if not collection:
            return taxii_resp.not_found()
        query = parse_query(request)
        if collection['can_read']:
            return _manifest_get(api_root_name, collection, query)
        else:
            return taxii_resp.forbidden()
    except ApiRoot.DoesNotExist:
        return taxii_resp.not_found()
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 11
0
def _object_delete(api_root_name, collection, object_id, query):
    try:
        query = _set_object_id_in_query(query, object_id)
        _, cursor = apply_filter(
            query,
            _get_can_write_communities(collection))
        for stix_object in cursor:
            modified = stix_object.modified
            stix_object.deleted = True
            stix_object.save()
            stix_manifest = StixManifest.objects.get(
                object_id=stix_object.object_id)
            stix_manifest.deleted_versions.append(modified)
            stix_manifest.versions.remove(modified)
            if len(stix_manifest.versions) == 0:
                stix_manifest.deleted = True
            stix_manifest.save()
        return taxii_resp.ok({})
    except Exception as e:
        return taxii_resp.server_error(e)
Esempio n. 12
0
def _manifest_get(api_root_name, collection, query):
    try:
        manifest_records = []
        objects = []

        limit, next_ = _pagination_info(query)
        index = 0
        more = False
        remaining, manifests = apply_filter(
            query,
            _get_can_read_communities(collection))
        for stix_object in manifests:
            if stix_object.deleted:
                continue
            stix_manifest = StixManifest.objects.get(
                object_id=stix_object.object_id)

            manifest_record = _get_manifest_record(
                stix_object,
                stix_manifest.media_types[0])
            manifest_records.append(manifest_record)
            objects.append(stix_object)
            index += 1
            remaining -= 1
            if index == limit:
                if remaining > 0:
                    more = True
        if len(manifest_records) == 0:
            return taxii_resp.ok({})
        manifest = {}
        manifest['more'] = more
        manifest['objects'] = manifest_records
        response_header = taxii_resp.get_response_header(objects)
        return taxii_resp.ok(manifest, response_header=response_header)
    except Exception as e:
        return taxii_resp.server_error(e)