def apply_standalone_template(request): logger.info("__ input_forms apply_standalone_template __") if "input_form_id" not in request.POST: logger.error("Did no find all required fields in request") return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] input_form = InputForm.objects.get(pk=input_form_id) json_object = json.loads(input_form.json) context = Context() for j in json_object: if '.' in j["name"]: # this is a fancy variable name j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]])) context.update(j_dict) else: logger.debug("setting context %s" % j["name"]) context[j["name"]] = str(request.POST[j["name"]]) config_template = input_form.script try: compiled_template = engines['django'].from_string(config_template.template) except TemplateSyntaxError as e: logger.error("Caught a template syntax error!") logger.error(str(e)) return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) completed_template = str(compiled_template.render(context)) logger.info(completed_template) action_name = config_template.action_provider logger.info(action_name) action_options = json.loads(config_template.action_provider_options) logger.info(action_options) for ao in action_options: if "action_options_" + str(ao) in request.POST: logger.debug("Found a customized action option!") new_val = request.POST["action_options_" + str(ao)] current_value = action_options[ao]["value"] action_options[ao]["value"] = re.sub("{{ .* }}", new_val, current_value) logger.debug(action_options[ao]["value"]) action = action_provider.get_provider_instance(action_name, action_options) results = action.execute_template(completed_template) context = {"results": results} return render(request, "input_forms/results.html", context)
def apply_template_to_queue(request): if "input_form_id" not in request.POST: return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] endpoints = request.session["endpoint_queue"] input_form = InputForm.objects.get(pk=input_form_id) print input_form.json json_object = json.loads(input_form.json) context = Context() for j in json_object: if '.' in j["name"]: # this is a json capable variable name j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]])) context.update(j_dict) else: print "setting context %s" % j["name"] context[j["name"]] = str(request.POST[j["name"]]) print context config_template = input_form.script try: compiled_template = engines['django'].from_string(config_template.template) except TemplateSyntaxError as e: print "Caught a template syntax error!" return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) action_name = config_template.action_provider action_options = json.loads(config_template.action_provider_options) print "action name is: " + action_name print "action options are: " + str(action_options) action = action_provider.get_provider_instance(action_name, action_options) results = "" for endpoint in endpoints: if "username" not in endpoint or endpoint["username"] == "": if "global_username" in request.POST: endpoint["username"] = request.POST["global_username"] else: raise Exception("Authentication is required!") if "password" not in endpoint or endpoint["password"] == "": if "global_password" in request.POST: endpoint["password"] = request.POST["global_password"] else: raise Exception("Authentication is required!") context["af_endpoint_ip"] = endpoint["ip"] context["af_endpoint_username"] = endpoint["username"] context["af_endpoint_password"] = endpoint["password"] context["af_endpoint_type"] = endpoint["type"] completed_template = str(compiled_template.render(context)) results += "================ %s ================\n" % endpoint["name"] action.set_endpoint(endpoint) result = action.execute_template(completed_template) if result == None: result='' results += result results += "\n" context = {"results": results} return render(request, "input_forms/results.html", context)
def apply_template(request): """ :param request: HTTPRequest from the input form :return: results of the template execution """ required_fields = set(["input_form_id", "endpoint_id", "group_id"]) if not required_fields.issubset(request.POST): return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] endpoint_id = request.POST["endpoint_id"] group_id = request.POST["group_id"] provider_instance = endpoint_provider.get_provider_instance_from_group(group_id) endpoint = provider_instance.get_endpoint_by_id(endpoint_id) if "username" not in endpoint or endpoint["username"] == "": if "global_username" in request.POST: endpoint["username"] = request.POST["global_username"] else: raise Exception("Authentication is required!") if "password" not in endpoint or endpoint["password"] == "": if "global_password" in request.POST: endpoint["password"] = request.POST["global_password"] else: raise Exception("Authentication is required!") input_form = InputForm.objects.get(pk=input_form_id) print input_form.json json_object = json.loads(input_form.json) context = Context() for j in json_object: if '.' in j["name"]: # this is a json capable variable name j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]])) context.update(j_dict) else: print "setting context %s" % j["name"] context[j["name"]] = str(request.POST[j["name"]]) context["af_endpoint_ip"] = endpoint["ip"] context["af_endpoint_username"] = endpoint["username"] context["af_endpoint_password"] = endpoint["password"] context["af_endpoint_type"] = endpoint["type"] print context config_template = input_form.script try: compiled_template = engines['django'].from_string(config_template.template) completed_template = str(compiled_template.render(context)) except TemplateSyntaxError as e: print "Caught a template syntax error!" return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) print "TEMPLATE IS:" print completed_template action_name = config_template.action_provider action_options = json.loads(config_template.action_provider_options) print "action name is: " + action_name action = action_provider.get_provider_instance(action_name, action_options) action.set_endpoint(endpoint) results = action.execute_template(completed_template) context = {"results": results} return render(request, "input_forms/results.html", context)
def apply_standalone_template(request): logger.info("__ input_forms apply_standalone_template __") if "input_form_id" not in request.POST: logger.error("Did no find all required fields in request") return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] input_form = InputForm.objects.get(pk=input_form_id) json_object = json.loads(input_form.json) context = dict() for j in json_object: if '.' in j["name"]: # this is a fancy variable name j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]])) context.update(j_dict) else: logger.debug("setting context %s" % j["name"]) print 'setting context %s' % j['name'] context[j["name"]] = str(request.POST[j["name"]]) config_template = input_form.script try: compiled_template = engines['django'].from_string( config_template.template) except TemplateSyntaxError as e: logger.error("Caught a template syntax error!") logger.error(str(e)) return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) completed_template = str(compiled_template.render(context)) if "preview" in request.POST: if request.POST["preview"] == "yes_please": logger.info("Returning template Preview") pre_tags = "<html><body><pre>" post_tags = "</pre></body</html>" return HttpResponse(pre_tags + completed_template + post_tags) logger.info(completed_template) action_name = config_template.action_provider logger.info(action_name) action_options = json.loads(config_template.action_provider_options) logger.info(action_options) for ao in action_options: if "action_options_" + str(ao) in request.POST: logger.debug("Found a customized action option!") new_val = request.POST["action_options_" + str(ao)] print new_val current_value = action_options[ao]["value"] print current_value action_options[ao]["value"] = re.sub("{{ .* }}", new_val, current_value) logger.debug(action_options[ao]["value"]) # let's load any secrets if necessary provider_options = action_provider.get_options_for_provider(action_name) for opt in provider_options: print opt if opt['type'] == 'secret': opt_name = opt['name'] pw_lookup_key = action_options[opt_name]['value'] pw_lookup_value = aframe_utils.lookup_secret(pw_lookup_key) action_options[opt_name]['value'] = pw_lookup_value print "action name is: " + action_name action = action_provider.get_provider_instance(action_name, action_options) results = action.execute_template(completed_template) print type(results) # the action is passing back extra information about the type of response if type(results) is dict: if 'display_inline' in results and results['display_inline'] is False: if 'cache_key' in results: # set extra data on the context so we can use it to build a download link downstream context = { 'results': 'Binary data', 'cache_key': results['cache_key'], 'scheme': request.scheme, 'host': request.get_host() } else: # fixme to ensure contents is always present in results when display_inline is true # results['content'] is currently unimplemented! context = {'results': results['contents']} else: # results is just a string object, so send it through context = {"results": results} if "inline" in request.POST and request.POST["inline"] == 'yes_please': print "returning INLINE" context["input_form_name"] = input_form.name context["input_form_id"] = input_form_id return render(request, "overlay_results.html", context) else: print "returning full results" return render(request, "input_forms/results.html", context)
def apply_per_endpoint_template(request): """ :param request: HTTPRequest from the input form :return: results of the template execution """ logger.info("__ input_forms apply_per_endpoint_template __") required_fields = set(["input_form_id", "endpoint_id", "group_id"]) if not required_fields.issubset(request.POST): logger.error("Did no find all required fields in request") return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] endpoint_id = request.POST["endpoint_id"] group_id = request.POST["group_id"] provider_instance = endpoint_provider.get_provider_instance_from_group( group_id) endpoint = provider_instance.get_endpoint_by_id(endpoint_id) if "username" not in endpoint or endpoint["username"] == "": if "global_username" in request.POST: endpoint["username"] = request.POST["global_username"] else: raise Exception("Authentication is required!") if "password" not in endpoint or endpoint["password"] == "": if "global_password" in request.POST: endpoint["password"] = request.POST["global_password"] else: raise Exception("Authentication is required!") input_form = InputForm.objects.get(pk=input_form_id) logger.debug(input_form.json) json_object = json.loads(input_form.json) context = dict() for j in json_object: if '.' in j["name"]: # this is a json capable variable name j_dict = aframe_utils.generate_dict( j["name"], str(request.POST.get(j["name"], ''))) context.update(j_dict) else: logger.debug("setting context %s" % j["name"]) # don't worry about null values here context[j["name"]] = str(request.POST.get(j['name'], '')) context["af_endpoint_ip"] = endpoint["ip"] context["af_endpoint_id"] = endpoint["id"] context["af_endpoint_name"] = endpoint["name"] context["af_endpoint_username"] = endpoint["username"] context["af_endpoint_password"] = endpoint["password"] context["af_endpoint_type"] = endpoint["type"] logger.debug(context) config_template = input_form.script try: compiled_template = engines['django'].from_string( config_template.template) completed_template = str(compiled_template.render(context)) except TemplateSyntaxError as e: logger.error("Caught a template syntax error!") return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) logger.debug(completed_template) action_name = config_template.action_provider action_options = json.loads(config_template.action_provider_options) logger.debug(action_options) for ao in action_options: if "action_options_" + str(ao) in request.POST: logger.debug("Found a customized action option!") new_val = request.POST["action_options_" + str(ao)] current_value = action_options[ao]["value"] action_options[ao]["value"] = re.sub("{{.*}}", new_val, current_value) logger.debug(action_options[ao]["value"]) logger.debug("action name is: " + action_name) # let's load any secrets if necessary provider_options = action_provider.get_options_for_provider(action_name) for opt in provider_options: print opt if opt['type'] == 'secret': opt_name = opt['name'] pw_lookup_key = action_options[opt_name]['value'] pw_lookup_value = aframe_utils.lookup_secret(pw_lookup_key) action_options[opt_name]['value'] = pw_lookup_value action = action_provider.get_provider_instance(action_name, action_options) action.set_endpoint(endpoint) results = action.execute_template(completed_template) context = {"results": results} if "inline" in request.POST and request.POST["inline"] == 'yes_please': print "returning INLINE" context["input_form_name"] = input_form.name context["input_form_id"] = input_form_id return render(request, "overlay_results.html", context) return render(request, "input_forms/results.html", context)
def apply_template_to_queue(request): logger.info("__ input_forms apply_template_to_queue __") if "input_form_id" not in request.POST: logger.error("Did no find all required fields in request") return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] endpoints = request.session["endpoint_queue"] input_form = InputForm.objects.get(pk=input_form_id) logger.debug(input_form.json) json_object = json.loads(input_form.json) context = Context() for j in json_object: if '.' in j["name"]: # this is a json capable variable name j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]])) context.update(j_dict) else: logger.debug("setting context %s" % j["name"]) context[j["name"]] = str(request.POST[j["name"]]) logger.debug(context) config_template = input_form.script try: compiled_template = engines['django'].from_string(config_template.template) except TemplateSyntaxError as e: logger.error("Caught a template syntax error!") logger.error(str(e)) return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) action_name = config_template.action_provider action_options = json.loads(config_template.action_provider_options) logger.debug("action name is: %s" % action_name) logger.debug("action options are: %s" % action_options) action = action_provider.get_provider_instance(action_name, action_options) results = "" for endpoint in endpoints: if "username" not in endpoint or endpoint["username"] == "": if "global_username" in request.POST: endpoint["username"] = request.POST["global_username"] else: raise Exception("Authentication is required!") if "password" not in endpoint or endpoint["password"] == "": if "global_password" in request.POST: endpoint["password"] = request.POST["global_password"] else: raise Exception("Authentication is required!") context["af_endpoint_ip"] = endpoint["ip"] context["af_endpoint_username"] = endpoint["username"] context["af_endpoint_password"] = endpoint["password"] context["af_endpoint_type"] = endpoint["type"] completed_template = str(compiled_template.render(context)) results += "================ %s ================\n" % endpoint["name"] action.set_endpoint(endpoint) result = action.execute_template(completed_template) results += result results += "\n" context = {"results": results} return render(request, "input_forms/results.html", context)
def apply_template(request): """ :param request: HTTPRequest from the input form :return: results of the template execution """ logger.info("__ input_forms apply_template __") required_fields = set(["input_form_id", "endpoint_id", "group_id"]) if not required_fields.issubset(request.POST): logger.error("Did no find all required fields in request") return render(request, "error.html", {"error": "Invalid Parameters in POST"}) input_form_id = request.POST["input_form_id"] endpoint_id = request.POST["endpoint_id"] group_id = request.POST["group_id"] provider_instance = endpoint_provider.get_provider_instance_from_group(group_id) endpoint = provider_instance.get_endpoint_by_id(endpoint_id) if "username" not in endpoint or endpoint["username"] == "": if "global_username" in request.POST: endpoint["username"] = request.POST["global_username"] else: raise Exception("Authentication is required!") if "password" not in endpoint or endpoint["password"] == "": if "global_password" in request.POST: endpoint["password"] = request.POST["global_password"] else: raise Exception("Authentication is required!") input_form = InputForm.objects.get(pk=input_form_id) logger.debug(input_form.json) json_object = json.loads(input_form.json) context = Context() for j in json_object: if '.' in j["name"]: # this is a json capable variable name j_dict = aframe_utils.generate_dict(j["name"], str(request.POST[j["name"]])) context.update(j_dict) else: logger.debug("setting context %s" % j["name"]) context[j["name"]] = str(request.POST[j["name"]]) context["af_endpoint_ip"] = endpoint["ip"] context["af_endpoint_username"] = endpoint["username"] context["af_endpoint_password"] = endpoint["password"] context["af_endpoint_type"] = endpoint["type"] logger.debug(context) config_template = input_form.script try: compiled_template = engines['django'].from_string(config_template.template) completed_template = str(compiled_template.render(context)) except TemplateSyntaxError as e: logger.error("Caught a template syntax error!") return render(request, "error.html", {"error": "Invalid Template Syntax: %s" % str(e)}) logger.debug(completed_template) action_name = config_template.action_provider action_options = json.loads(config_template.action_provider_options) logger.debug(action_options) for ao in action_options: if "action_options_" + str(ao) in request.POST: logger.debug("Found a customized action option!") new_val = request.POST["action_options_" + str(ao)] current_value = action_options[ao]["value"] action_options[ao]["value"] = re.sub("{{ .* }}", new_val, current_value) logger.debug(action_options[ao]["value"]) logger.debug("action name is: " + action_name) action = action_provider.get_provider_instance(action_name, action_options) action.set_endpoint(endpoint) results = action.execute_template(completed_template) context = {"results": results} return render(request, "input_forms/results.html", context)