def l2_view_top(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_l2_view(request) if error_ is not None: return error_ try: # パラメタが指定されている場合は取得 package_id = get_l2_view_top_package_id(request) ipv4 = get_l2_view_top_ipv4_similarity(request) domain = get_l2_view_top_domain_similarity(request) replace_dict = get_common_replace_dict(request) try: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # ajax呼び出し packages = ctirs.get_package_list() replace_dict['packages'] = packages replace_dict['package_id'] = package_id replace_dict['ipv4'] = ipv4 replace_dict['domain'] = domain return render(request, 'l2.html', replace_dict) except Exception: # レンダリング return render(request, 'l2.html', replace_dict) except Exception: return error_page(request)
def sharing_view_top(request, info_msg=''): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_sharing_view(request) if error_ is not None: return error_ try: replace_dict = get_common_replace_dict(request) # Poclicyファイルからcommunity一覧を取得 communities = get_policy_communities().split(',') # policyセット(tableのheader部で使用) replace_dict['communities'] = communities # TAXII replace_dict['taxiis'] = Taxii.objects.all() # config replace_dict['config'] = Config.objects.get() # message replace_dict['info_msg'] = info_msg # languages replace_dict['languages'] = LANGUAGES # languages replace_dict['user'] = request.user try: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # rs_communities (Vendor Source) replace_dict['rs_communities'] = ctirs.get_rs_communities() except Exception: # レンダリング return render(request, 'sharing.html', replace_dict) # レンダリング return render(request, 'sharing.html', replace_dict) except Exception: return error_page(request)
def l2_view_top(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_l2_view(request) if error_ is not None: return error_ try: package_id = get_l2_view_top_package_id(request) ipv4 = get_l2_view_top_ipv4_similarity(request) domain = get_l2_view_top_domain_similarity(request) replace_dict = get_common_replace_dict(request) object_id = get_l2_view_top_object_id(request) ctirs = Ctirs(request) if len(package_id) == 0 and len(object_id) != 0: try: bundles = ctirs.get_bundle_from_object_id( object_id)['package_id_list'] package_id = bundles[0] except Exception: package_id = '' packages = ctirs.get_package_list() replace_dict['packages'] = packages replace_dict['package_id'] = package_id replace_dict['ipv4'] = ipv4 replace_dict['domain'] = domain return render(request, 'l2.html', replace_dict) except Exception: import traceback traceback.print_exc() return error_page(request)
def download_stix(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_l1_view(request) if error_ is not None: return error_ try: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # package_id取得 package_id = get_l1_package_id(request) # apiからcontent取得 dict_ = ctirs.get_stix_file_stix(package_id) stix_package = STIXPackage.from_dict(dict_) # XML変換した文字列をStringIO化する(その際にUNICODEに変換) output = io.StringIO() output.write(stix_package.to_xml()) filename = '%s.xml' % (package_id) # response作成 response = HttpResponse(output.getvalue(), content_type='application/xml') response['Content-Disposition'] = 'attachment; filename=%s' % ( filename) return response except Exception: # エラーページ return error_page(request)
def create_alias(request): request.session.set_expiry(SESSION_EXPIRY) if request.method != 'POST': return error_page_free_format(request, 'invalid method') error_ = check_allow_configuration_alias_view(request) if error_ is not None: return error_ try: pid = get_configuration_alias_id(request) setting_alias = get_configuration_alias_create_alias(request) if (setting_alias is None or len(setting_alias) == 0): return error_page_free_format(request, 'No Alias.') if (len(setting_alias) > 10240): return error_page_free_format(request, 'Exceeded the max length of Alias.') # alias作成 stip_user = request.user Aliases.objects.create(setting_alias, stip_user, pid) replace_dict = get_common_replace_dict(request) replace_dict['aliases'] = Aliases.objects.filter(user=stip_user) replace_dict['info_msg'] = 'Create or Modify Success!!' # レンダリング return render(request, 'alias.html', replace_dict) except Exception: # エラーページ return error_page(request)
def stix_upload(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_sharing_view(request) if error_ is not None: return error_ try: # post以外はエラー if request.method != 'POST': # エラー画面 raise Exception('Invalid HTTP Method') package_name = get_sharing_upload_package_name(request) if (len(package_name) > 100): return error_page_free_format( request, 'Exceeded the max length of Package name.') community_id = get_sharing_upload_vendor_id(request) if (community_id is not None and len(community_id) > 100): return error_page_free_format( request, 'Exceeded the max length of Vendor id.') stixes = get_sharing_stix(request) # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) ctirs.post_stix_files(community_id, package_name, stixes[0]) # レンダリング(sharingのトップページ) return sharing_view_top(request, 'Upload Success!!') except Exception: return error_page(request)
def stix_data_csv_download(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_sharing_view(request) if error_ is not None: return error_ try: # requestから値取得 package_id = get_sharing_csv_download_package_id(request) if (package_id is None or len(package_id) == 0): return error_page_free_format(request, 'No package_id.') l1_type_list = get_package_l1_info(request, package_id) # ファイルの中身を作成する contents = '' for l1_list in l1_type_list: type_, l_ = l1_list for value in l_: contents += '%s,%s\n' % (type_, value) # ダウンロードファイル名を生成 filename = package_id + '_observables.csv' # CSVデータをStringIO化する output = io.StringIO() output.write(contents) # response作成 response = HttpResponse(output.getvalue(), content_type='text/csv') response['Content-Disposition'] = 'attachment; filename=%s' % ( filename) return response except Exception: return error_page(request)
def delete_taxii(request): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # GET以外はエラー if request.method != 'GET': return error_page_free_format(request, 'invalid method') # activeユーザー以外はエラー if not stip_user.is_active: return HttpResponseForbidden('Your account is inactivate.') # adminユーザ以外はエラー if not stip_user.is_admin: return HttpResponseForbidden('You have no permission.') error_ = check_allow_configuration_view(request) if error_ is not None: return error_ try: display_name = get_configuration_taxii_delete_display_name(request) if(display_name is None or len(display_name) == 0): return error_page_free_format(request, 'No Display Name.') taxii = Taxii.objects.get(name=display_name) print(Config.objects.get().default_taxii) if Config.objects.get().default_taxii == taxii: return error_page_free_format(request, 'Cannot Delete A Default Taxii Setting.') taxii.delete() replace_dict = get_common_replace_dict(request) replace_dict['taxiis'] = Taxii.objects.all() replace_dict['info_msg'] = 'Delete Success!!' # レンダリング return render(request, 'taxii.html', replace_dict) except Exception: # エラーページ return error_page(request)
def change_screen_name(request): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # activeユーザー以外はエラー if not stip_user.is_active: return error_page_inactive(request) try: replace_dict = get_common_replace_dict(request) screen_name = get_profile_change_screen_name_screen_name(request) if (screen_name is None): replace_dict['error_change_screen_msg'] = 'No Screen Name.' return render(request, 'profile.html', replace_dict) if (len(screen_name) == 0): # スクリーン名長が0 return render(request, 'profile.html', replace_dict) if (len(screen_name) > 30): replace_dict[ 'error_change_screen_msg'] = 'Exceeded the max length of Screen Name.' return render(request, 'profile.html', replace_dict) stip_user.screen_name = screen_name stip_user.save() replace_dict['info_change_screen_msg'] = 'Change Screen Name Success!!' # レンダリング return render(request, 'profile.html', replace_dict) except Exception: # エラーページ return error_page(request)
def dashboard_view_top(request): request.session.set_expiry(SESSION_EXPIRY) # 認証されていない場合はログインページヘ if not request.user.is_authenticated(): return render(request, 'cover.html') stip_user = request.user # activeユーザー以外はエラー if not stip_user.is_active: return error_page_inactive(request) try: replace_dict = get_common_replace_dict(request) replace_dict['caution_msg'] = {} # username/passwordが'admin'の場合、password変更を促すメッセージを表示 try: change_pass_flag = request.session['change_pass_flag'] except KeyError: # SSO対応 # login 画面を跳ばした場合はchange_pass_flag がない # caution_msg はなしとする change_pass_flag = False if change_pass_flag: replace_dict[ 'caution_msg'] = 'Please change your administrator password from its default one.' request.session['change_pass_flag'] = False else: change_pass_flag = False replace_dict['caution_msg'] = {} try: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # count 情報を Repository System から取得する replace_dict['counts'] = ctirs.get_count_by_type() # 最新 CTI 情報を Repository System から取得する replace_dict['latest_packages'] = ctirs.get_package_list( limit=10, order_by='-created') # レンダリング return render(request, 'dashboard.html', replace_dict) except Exception: if ('caution_msg_ctirs_flag' in request.session ) and request.session['caution_msg_ctirs_flag']: # CTIRSの情報に接続できない旨通知するメッセージを表示 replace_dict[ 'caution_msg_ctirs'] = 'You missed the connection setting to CTIRS.' request.session['caution_msg_ctirs_flag'] = False # レンダリング return render(request, 'dashboard.html', replace_dict) except Exception: import traceback traceback.print_exc() # エラーページ return error_page(request, replace_dict['caution_msg'])
def system_modify(request): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # POST以外はエラー if request.method != 'POST': return error_page_free_format(request, 'invalid method') # activeユーザー以外はエラー if not stip_user.is_active: return HttpResponseForbidden('Your account is inactivate.') # adminユーザ以外はエラー if not stip_user.is_admin: return HttpResponseForbidden('You have no permission.') error_ = check_allow_configuration_view(request) if error_ is not None: return error_ try: default_taxii_name = get_configuration_system_default_taxii(request) path_sharing_policy_specifications = get_configuration_system_sharing_policy_specifications(request) path_bootstrap_css_dir = get_configuration_system_bootstrap_css_dir(request) rs_host = get_configuration_system_rs_host(request) # エラー発生時に更新前のデータを取得 replace_dict = get_success_replace_dict(request) if(len(default_taxii_name) > 100): replace_dict['error_msg'] = 'Exceeded the max length of Default Taxii.' return render(request, 'system.html', replace_dict) if(path_sharing_policy_specifications is None or len(path_sharing_policy_specifications) == 0): replace_dict['error_msg'] = 'No Sharing Policy Specifications File Path.' return render(request, 'system.html', replace_dict) if(len(path_sharing_policy_specifications) > 100): replace_dict['error_msg'] = 'Exceeded the max length of Sharing Policy Specifications File Path.' return render(request, 'system.html', replace_dict) if(rs_host is None or len(rs_host) == 0): replace_dict['error_msg'] = 'No RS: Host.' return render(request, 'system.html', replace_dict) if(path_bootstrap_css_dir is None or len(path_bootstrap_css_dir) == 0): replace_dict['error_msg'] = 'No Bootstrap CSS Directory.' return render(request, 'system.html', replace_dict) if(len(path_bootstrap_css_dir) > 100): replace_dict['error_msg'] = 'Exceeded the max length of Bootstrap CSS Directory.' return render(request, 'system.html', replace_dict) # Config更新 Config.objects.modify_system(default_taxii_name, path_sharing_policy_specifications, path_bootstrap_css_dir, rs_host) # データ更新後のデータを取得 replace_dict = get_success_replace_dict(request) # レンダリング replace_dict['info_msg'] = 'Modify Success!!' return render(request, 'system.html', replace_dict) except Exception: # エラーページ return error_page(request)
def change(request): request.session.set_expiry(SESSION_EXPIRY) # activeユーザー以外はエラー if not request.user.is_active: return error_page_inactive(request) try: # cssの変更を保存 stip_user = request.user user = stip_user.gv_auth_user user.css_thema = get_css_change_css_thema(request) user.save() return redirect('/') except Exception: # エラーページ return error_page(request)
def alias_view_top(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_configuration_alias_view(request) if error_ is not None: return error_ try: replace_dict = get_common_replace_dict(request) # ユーザIDで絞込みしたテーブル取得 stip_user = request.user replace_dict['aliases'] = Aliases.objects.filter(user=stip_user) # レンダリング return render(request, 'alias.html', replace_dict) except Exception: # エラーページ return error_page(request)
def change_password_top(request, msg=None): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # activeユーザー以外はエラー if not stip_user.is_active: return error_page_inactive(request) try: replace_dict = get_common_replace_dict(request) if msg is not None: replace_dict['error_change_password_msg'] = msg # レンダリング return render(request, 'profile.html', replace_dict) except Exception: # エラーページ return error_page(request)
def delete_package(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_sharing_view(request) if error_ is not None: return error_ try: # package ID取得 package_ids = get_sharing_delete_package_package_id(request).split(',') # REST API 経由で Repository Systeに削除要求 for package_id in package_ids: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) ctirs.delete_stix_files_id(package_id) return sharing_view_top(request, 'Delete Success!!') except Exception: import traceback traceback.print_exc() return error_page(request)
def l1_view_top(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_l1_view(request) if error_ is not None: return error_ try: # サーチタイプ取得 search_type = get_l1_search_type(request) replace_dict = get_common_replace_dict(request) # リストボックス情報取得 replace_dict['listbox_types'] = '' # サーチタイプリストボックス文言 if (search_type is not None and len(search_type) != 0): replace_dict['search_type'] = search_type # レンダリング return render(request, 'l1.html', replace_dict) except Exception: # エラーページ return error_page(request)
def system_view_top(request): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # GET以外はエラー if request.method != 'GET': return error_page_free_format(request, 'invalid method') # activeユーザー以外はエラー if not stip_user.is_active: return HttpResponseForbidden('Your account is inactivate.') # adminユーザ以外はエラー if not stip_user.is_admin: return HttpResponseForbidden('You have no permission.') error_ = check_allow_configuration_view(request) if error_ is not None: return error_ try: # レンダリング return render(request, 'system.html', get_success_replace_dict(request)) except Exception: # エラーページ return error_page(request)
def delete_alias(request): request.session.set_expiry(SESSION_EXPIRY) if request.method != 'GET': return error_page_free_format(request, 'invalid method') error_ = check_allow_configuration_alias_view(request) if error_ is not None: return error_ try: pid = get_configuration_alias_id(request) if (pid is None or len(pid) == 0): return error_page_free_format(request, 'No Id.') stip_user = request.user alias = Aliases.objects.get(pk=pid, user=stip_user) alias.delete() replace_dict = get_common_replace_dict(request) replace_dict['aliases'] = Aliases.objects.filter(user=stip_user) replace_dict['info_msg'] = 'Delete Success!!' # レンダリング return render(request, 'alias.html', replace_dict) except Exception: # エラーページ return error_page(request)
def change_password(request): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # activeユーザー以外はエラー if not stip_user.is_active: return error_page_inactive(request) try: replace_dict = get_common_replace_dict(request) old_password = get_profile_change_password_old_password(request) new_password = get_profile_change_password_new_password(request) # 古いパスワードが正しいかチェック if not stip_user.check_password(old_password): # 古いパスワードが間違っている replace_dict[ 'error_change_password_msg'] = 'Old Password is wrong!!' return render(request, 'profile.html', replace_dict) if (new_password is None or len(new_password) == 0): replace_dict['error_change_password_msg'] = 'No New Password.' return render(request, 'profile.html', replace_dict) if (len(new_password) > 30): replace_dict[ 'error_change_password_msg'] = 'Exceeded the max length of New Password.' return render(request, 'profile.html', replace_dict) # 新しいパスワードに変更 stip_user.set_password(new_password) if stip_user.username == 'admin': # build_in account のパスワード変更 STIPUser.change_build_password(new_password) stip_user.is_modified_password = True stip_user.save() # レンダリング return render(request, 'change_password_done.html', replace_dict) except Exception: # エラーページ return error_page(request)
def create_taxii(request): request.session.set_expiry(SESSION_EXPIRY) stip_user = request.user # POST以外はエラー if request.method != 'POST': return error_page_free_format(request, 'invalid method') # activeユーザー以外はエラー if not stip_user.is_active: return HttpResponseForbidden('Your account is inactivate.') # adminユーザ以外はエラー if not stip_user.is_admin: return HttpResponseForbidden('You have no permission.') error_ = check_allow_configuration_view(request) if error_ is not None: return error_ try: setting_name = get_configuration_taxii_create_display_name(request) if(setting_name is None or len(setting_name) == 0): return error_page_free_format(request, 'No Display Name.') if(len(setting_name) > 100): return error_page_free_format(request, 'Exceeded the max length of Display Name.') address = get_configuration_taxii_create_address(request) if(address is None or len(address) == 0): return error_page_free_format(request, 'No Address.') if(len(address) > 100): return error_page_free_format(request, 'Exceeded the max length of Address.') try: port = get_configuration_taxii_create_port(request) if(port < 0 or port > 65535): return error_page_free_format(request, 'Invalid port.') except ValueError: return error_page_free_format(request, 'Invalid port.') path = get_configuration_taxii_create_path(request) if(path is None or len(path) == 0): return error_page_free_format(request, 'No Path.') if(len(path) > 100): return error_page_free_format(request, 'Exceeded the max length of Path.') collection = get_configuration_taxii_create_collection(request) if(collection is None or len(collection) == 0): return error_page_free_format(request, 'No Collection.') if(len(collection) > 100): return error_page_free_format(request, 'Exceeded the max length of Collection.') login_id = get_configuration_taxii_create_login_id(request) if(login_id is None or len(login_id) == 0): return error_page_free_format(request, 'No Login ID.') if(len(login_id) > 100): return error_page_free_format(request, 'Exceeded the max length of Login ID.') login_password = get_configuration_taxii_create_login_password(request) if(len(login_password) > 100): return error_page_free_format(request, 'Exceeded the max length of Login Password.') ssl = get_configuration_taxii_create_ssl(request) # taxii作成 Taxii.objects.create(setting_name, address=address, port=port, ssl=ssl, path=path, collection=collection, login_id=login_id, login_password=login_password) replace_dict = get_common_replace_dict(request) replace_dict['taxiis'] = Taxii.objects.all() replace_dict['info_msg'] = 'Create or Modify Success!!' # レンダリング return render(request, 'taxii.html', replace_dict) except Exception: # エラーページ return error_page(request)