def object_(request, api_root_name, collection_id, object_id):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
collection = ApiRoot.get_collection(api_root_name, collection_id)
if not collection:
return taxii_resp.not_found()
query = parse_query(request)
if request.method == 'GET':
if collection['can_read']:
return _object_get(api_root_name, collection, object_id, query)
else:
return taxii_resp.forbidden()
elif request.method == 'DELETE':
if not collection['can_read'] and not collection['can_write']:
return taxii_resp.not_found()
if collection['can_read'] and not collection['can_write']:
return taxii_resp.forbidden()
if not collection['can_read'] and collection['can_write']:
return taxii_resp.forbidden()
return _object_delete(api_root_name, collection, object_id, query)
except ApiRoot.DoesNotExist:
return taxii_resp.not_found()
except Exception as e:
return taxii_resp.server_error(e)
def _objects_post(request, api_root_name, collection):
try:
if rh.get_version_from_content_type(request.META) < const.TAXII_VERSION:
return taxii_resp.unsupported_media_type()
stip_user = get_basic_auth(request.META)
if not stip_user:
return taxii_resp.unauhorized()
content_length = rh.get_content_length(request.META)
max_content_length = ApiRoot.get_max_content_length(api_root_name)
if content_length > max_content_length:
return taxii_resp.payload_too_large()
try:
community = collection.stip_meta['can_write_community']
except Exception:
return taxii_resp.server_error(Exception('No community for publish'))
envelop = json.loads(request.body)
taxii2_status = Status.create(envelop['objects'])
args = [envelop, collection, taxii2_status, stip_user, community]
th = threading.Thread(target=async_post, args=args)
th.start()
payload = taxii2_status.get_status()
return taxii_resp.accepted(payload)
except Exception as e:
return taxii_resp.server_error(e)
def discovery(request):
try:
if not auth_check(request):
return taxii_resp.unauhorized()
payload = Discovery.get_discovery_response()
return taxii_resp.ok(payload)
except Exception as e:
return taxii_resp.server_error(e)
def status(request, api_root_name, status_id):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
status = Status.objects.get(status_id=status_id)
except Status.DoesNotExist:
return taxii_resp.not_found()
return taxii_resp.ok(status.get_status())
def api_root(request, api_root_name):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
api_root = ApiRoot.get_api_root(api_root_name)
if api_root:
return taxii_resp.ok(api_root)
return taxii_resp.not_found()
except ApiRoot.DoesNotExist:
return taxii_resp.not_found()
except Exception as e:
return taxii_resp.server_error(e)
def collection(request, api_root_name, collection_id):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
collection = ApiRoot.get_collection(api_root_name, collection_id)
if collection:
return taxii_resp.ok(collection.get_collection_info())
return taxii_resp.not_found()
except ApiRoot.DoesNotExist:
return taxii_resp.not_found()
except Exception as e:
return taxii_resp.server_error(e)
def collections(request, api_root_name):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
collections = ApiRoot.get_collections(api_root_name)
if not collections:
return taxii_resp.not_found()
resp = {'collections': collections}
return taxii_resp.ok(resp)
except ApiRoot.DoesNotExist:
return taxii_resp.not_found()
except Exception as e:
return taxii_resp.server_error(e)
def versions(request, api_root_name, collection_id, object_id):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
collection = ApiRoot.get_collection(api_root_name, collection_id)
if not collection:
return taxii_resp.not_found()
if not collection['can_read']:
return taxii_resp.forbidden()
can_read_communities = _get_can_read_communities(collection)
if StixObject.objects.filter(object_id=object_id, community__in=can_read_communities).count() == 0:
return taxii_resp.not_found()
more = False
query = parse_query(request)
objects = []
versions_list = []
query = _set_object_id_in_query(query, object_id)
limit, next_ = _pagination_info(query)
index = 0
remaining, cursor = apply_filter(query, can_read_communities)
for doc in cursor:
if doc.deleted:
continue
stix_objects = StixObject.objects.filter(
object_id=doc.object_id,
community__in=can_read_communities)
for stix_object in stix_objects:
if not stix_object.deleted:
objects.append(stix_object)
versions_list.append(stix_object.modified)
index += 1
remaining -= 1
if index == limit:
if remaining > 0:
more = True
break
versions = {}
versions['more'] = more
versions['versions'] = versions_list
response_header = taxii_resp.get_response_header(objects)
return taxii_resp.ok(versions, response_header=response_header)
except ApiRoot.DoesNotExist:
return taxii_resp.not_found()
except Exception as e:
return taxii_resp.server_error(e)
def manifest(request, api_root_name, collection_id):
try:
if not ApiRoot.auth_check(request, api_root_name):
return taxii_resp.unauhorized()
collection = ApiRoot.get_collection(api_root_name, collection_id)
if not collection:
return taxii_resp.not_found()
query = parse_query(request)
if collection['can_read']:
return _manifest_get(api_root_name, collection, query)
else:
return taxii_resp.forbidden()
except ApiRoot.DoesNotExist:
return taxii_resp.not_found()
except Exception as e:
return taxii_resp.server_error(e)