def object_(request, api_root_name, collection_id, object_id): try: if not ApiRoot.auth_check(request, api_root_name): return taxii_resp.unauhorized() collection = ApiRoot.get_collection(api_root_name, collection_id) if not collection: return taxii_resp.not_found() query = parse_query(request) if request.method == 'GET': if collection['can_read']: return _object_get(api_root_name, collection, object_id, query) else: return taxii_resp.forbidden() elif request.method == 'DELETE': if not collection['can_read'] and not collection['can_write']: return taxii_resp.not_found() if collection['can_read'] and not collection['can_write']: return taxii_resp.forbidden() if not collection['can_read'] and collection['can_write']: return taxii_resp.forbidden() return _object_delete(api_root_name, collection, object_id, query) except ApiRoot.DoesNotExist: return taxii_resp.not_found() except Exception as e: return taxii_resp.server_error(e)
def collection(request, api_root_name, collection_id): try: if not ApiRoot.auth_check(request, api_root_name): return taxii_resp.unauhorized() collection = ApiRoot.get_collection(api_root_name, collection_id) if collection: return taxii_resp.ok(collection.get_collection_info()) return taxii_resp.not_found() except ApiRoot.DoesNotExist: return taxii_resp.not_found() except Exception as e: return taxii_resp.server_error(e)
def collections(request, api_root_name): try: if not ApiRoot.auth_check(request, api_root_name): return taxii_resp.unauhorized() collections = ApiRoot.get_collections(api_root_name) if not collections: return taxii_resp.not_found() resp = {'collections': collections} return taxii_resp.ok(resp) except ApiRoot.DoesNotExist: return taxii_resp.not_found() except Exception as e: return taxii_resp.server_error(e)
def versions(request, api_root_name, collection_id, object_id): try: if not ApiRoot.auth_check(request, api_root_name): return taxii_resp.unauhorized() collection = ApiRoot.get_collection(api_root_name, collection_id) if not collection: return taxii_resp.not_found() if not collection['can_read']: return taxii_resp.forbidden() can_read_communities = _get_can_read_communities(collection) if StixObject.objects.filter(object_id=object_id, community__in=can_read_communities).count() == 0: return taxii_resp.not_found() more = False query = parse_query(request) objects = [] versions_list = [] query = _set_object_id_in_query(query, object_id) limit, next_ = _pagination_info(query) index = 0 remaining, cursor = apply_filter(query, can_read_communities) for doc in cursor: if doc.deleted: continue stix_objects = StixObject.objects.filter( object_id=doc.object_id, community__in=can_read_communities) for stix_object in stix_objects: if not stix_object.deleted: objects.append(stix_object) versions_list.append(stix_object.modified) index += 1 remaining -= 1 if index == limit: if remaining > 0: more = True break versions = {} versions['more'] = more versions['versions'] = versions_list response_header = taxii_resp.get_response_header(objects) return taxii_resp.ok(versions, response_header=response_header) except ApiRoot.DoesNotExist: return taxii_resp.not_found() except Exception as e: return taxii_resp.server_error(e)
def manifest(request, api_root_name, collection_id): try: if not ApiRoot.auth_check(request, api_root_name): return taxii_resp.unauhorized() collection = ApiRoot.get_collection(api_root_name, collection_id) if not collection: return taxii_resp.not_found() query = parse_query(request) if collection['can_read']: return _manifest_get(api_root_name, collection, query) else: return taxii_resp.forbidden() except ApiRoot.DoesNotExist: return taxii_resp.not_found() except Exception as e: return taxii_resp.server_error(e)
def _objects_post(request, api_root_name, collection): try: if rh.get_version_from_content_type(request.META) < const.TAXII_VERSION: return taxii_resp.unsupported_media_type() stip_user = get_basic_auth(request.META) if not stip_user: return taxii_resp.unauhorized() content_length = rh.get_content_length(request.META) max_content_length = ApiRoot.get_max_content_length(api_root_name) if content_length > max_content_length: return taxii_resp.payload_too_large() try: community = collection.stip_meta['can_write_community'] except Exception: return taxii_resp.server_error(Exception('No community for publish')) envelop = json.loads(request.body) taxii2_status = Status.create(envelop['objects']) args = [envelop, collection, taxii2_status, stip_user, community] th = threading.Thread(target=async_post, args=args) th.start() payload = taxii2_status.get_status() return taxii_resp.accepted(payload) except Exception as e: return taxii_resp.server_error(e)
def ready(self): _init_mongo() is_skip_sequnece = is_skip_sequence() if not is_skip_sequnece: print('>>> Start Auto Deploy') print('>>> Start collcect static --noinput') call_command('collectstatic', '--noinput') call_command('makemigrations') call_command('migrate') if Discovery.objects.count() == 0: col = Collection.update_or_create(str(uuid.uuid4()), 'Test Collection', 'This Collection is temporary.', 'Test_Collection_Alias', False, False, txs_const.DEFAULT_MEDIA_TYPES) api_root = ApiRoot.update_or_create( 'api_test', 'Test_APIRoot', 'This API Root is temporary.', txs_const.DEFAULT_VERSIONS, txs_const.DEFAULT_MAX_CONTENT_LENGTH) api_root.append_collection(col) discovery = Discovery.update_or_create( 'S-TIP TAXII2 Server', 'This service is not a production version.', 'Please change this contact information.') discovery.append_api_root(api_root, default=True) return
def create_modify(request): RESERVED_API_ROOT_NAMES = ['taxii', 'taxii2'] try: data = json.loads(request.POST['data']) api_root_name = data['api_root_name'] title = data['title'] description = data['description'] max_content_length = int(data['max_content_length']) action = data['action'] collections = data['collections'] users = data['users'] if action == 'create': versions = DEFAULT_VERSIONS else: versions = None if api_root_name in RESERVED_API_ROOT_NAMES: raise Exception('%s is reserved.' % (api_root_name)) api_root = ApiRoot.update_or_create(api_root_name, title, description, versions, max_content_length) api_root.set_collections(collections) api_root.set_users(users) if action == 'create': Discovery.append_api_root(api_root) return redirect('api_roots') except Exception as e: return error(request, str(e))
def status(request, api_root_name, status_id): try: if not ApiRoot.auth_check(request, api_root_name): return taxii_resp.unauhorized() status = Status.objects.get(status_id=status_id) except Status.DoesNotExist: return taxii_resp.not_found() return taxii_resp.ok(status.get_status())