def parse_row_to_bound_object_form(request, rowData, cache): """ Parse a row from mass object upload into an AddObjectForm. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :param rowData: The row data. :type rowData: dict :param cache: Cached data, typically for performance enhancements during bulk operations. :type cache: dict :returns: :class:`crits.objects.forms.AddObjectForm` """ bound_form = None # TODO fix the hardcoded strings and conversion of types # TODO Add common method to convert data to string object_type = rowData.get(form_consts.Object.OBJECT_TYPE, "") value = rowData.get(form_consts.Object.VALUE, "") source = rowData.get(form_consts.Object.SOURCE, "") method = rowData.get(form_consts.Object.METHOD, "") reference = rowData.get(form_consts.Object.REFERENCE, "") otype = rowData.get(form_consts.Object.PARENT_OBJECT_TYPE, "") oid = rowData.get(form_consts.Object.PARENT_OBJECT_ID, "") is_add_indicator = convert_string_to_bool( rowData.get(form_consts.Object.ADD_INDICATOR, "False")) all_obj_type_choices = cache.get("object_types") if all_obj_type_choices == None: all_obj_type_choices = [(c[0], c[0], { 'datatype': c[1].keys()[0], 'datatype_value': c[1].values()[0] }) for c in get_object_types(False)] cache["object_types"] = all_obj_type_choices data = { 'object_type': object_type, 'value': value, 'source': source, 'method': method, 'reference': reference, 'otype': otype, 'oid': oid, 'add_indicator': is_add_indicator } bound_form = cache.get("object_form") if bound_form == None: bound_form = AddObjectForm(request.user, all_obj_type_choices, data) cache['object_form'] = bound_form else: bound_form.data = data bound_form.full_clean() return bound_form
def parse_row_to_bound_object_form(request, rowData, cache): """ Parse a row from mass object upload into an AddObjectForm. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :param rowData: The row data. :type rowData: dict :param cache: Cached data, typically for performance enhancements during bulk operations. :type cache: dict :returns: :class:`crits.objects.forms.AddObjectForm` """ bound_form = None # TODO fix the hardcoded strings and conversion of types # TODO Add common method to convert data to string object_type = rowData.get(form_consts.Object.OBJECT_TYPE, "") value = rowData.get(form_consts.Object.VALUE, "") source = rowData.get(form_consts.Object.SOURCE, "") method = rowData.get(form_consts.Object.METHOD, "") reference = rowData.get(form_consts.Object.REFERENCE, "") otype = rowData.get(form_consts.Object.PARENT_OBJECT_TYPE, "") oid = rowData.get(form_consts.Object.PARENT_OBJECT_ID, "") is_add_indicator = convert_string_to_bool(rowData.get(form_consts.Object.ADD_INDICATOR, "False")) all_obj_type_choices = cache.get("object_types") if all_obj_type_choices == None: all_obj_type_choices = [(c[0], c[0], {'datatype':c[1].keys()[0], 'datatype_value':c[1].values()[0]} ) for c in get_object_types(False)] cache["object_types"] = all_obj_type_choices data = { 'object_type': object_type, 'value': value, 'source': source, 'method': method, 'reference': reference, 'otype': otype, 'oid': oid, 'add_indicator': is_add_indicator } bound_form = cache.get("object_form") if bound_form == None: bound_form = AddObjectForm(request.user, all_obj_type_choices, data) cache['object_form'] = bound_form else: bound_form.data = data bound_form.full_clean() return bound_form
def bulk_add_object(request): """ Bulk add objects. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): acl = get_acl_object(request.POST['otype']) user = request.user if user.has_access_to(acl.OBJECTS_ADD): response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) else: response = { 'success': False, 'message': 'User does not have permission to add objects' } return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: return render_to_response( 'bulk_add_default.html', { 'formdict': formdict, 'title': "Bulk Add Objects", 'table_name': 'object' }, RequestContext(request))
def bulk_add_object(request): """ Bulk add objects. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ all_obj_type_choices = [(c[0], c[0], {'datatype':c[1].keys()[0], 'datatype_value':c[1].values()[0]} ) for c in get_object_types(False, query={'datatype.file':{'$exists':0}})] formdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices)) if request.method == "POST" and request.is_ajax(): response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) return HttpResponse(json.dumps(response, default=json_handler), mimetype='application/json') else: return render_to_response('bulk_add_default.html', {'formdict': formdict, 'title': "Bulk Add Objects", 'table_name': 'object'}, RequestContext(request))
def validate_and_add_new_handler_object(data, rowData, request, errors, row_counter, is_validate_only=False, is_sort_relationships=False, cache={}, obj=None): """ Validate an object and then add it to the database. :param data: The data for the object. :type data: dict :param rowData: Data from the row if using mass object upload. :type rowData: dict :param request: The Django request. :type request: :class:`django.http.HttpRequest` :param errors: List of existing errors to append to. :type errors: list :param row_counter: Which row we are working on (for error tracking). :type row_counter: int :param is_validate_only: Only validate. :type is_validate_only: bool :param cache: Cached data, typically for performance enhancements during bulk operations. :type cache: dict :returns: tuple of (<result>, <errors>, <retVal>) """ result = False retVal = {} bound_form = parse_row_to_bound_object_form(request, rowData, cache) if bound_form.is_valid(): (result, retVal) = add_new_handler_object(data, rowData, request, obj=obj, is_validate_only=is_validate_only, is_sort_relationships=is_sort_relationships) if not result and 'message' in retVal: errors.append("%s #%s - %s" % (form_consts.Common.OBJECTS_DATA, str(row_counter), retVal['message'])) else: formdict = cache.get("object_formdict") if formdict == None: object_form = AddObjectForm(request.user) formdict = form_to_dict(object_form) cache['object_formdict'] = formdict for name, errorMessages in bound_form.errors.items(): entry = get_field_from_label(name, formdict) if entry == None: continue for message in errorMessages: errors.append("%s #%s - %s - %s" % (form_consts.Common.OBJECTS_DATA, str(row_counter), name, message)) result = False return result, errors, retVal
def bulk_add_domain(request): """ Bulk add domains via a bulk upload form. Args: request: The Django context which contains information about the session and key/value pairs for the bulk add domains request Returns: If the request is not a POST and not a Ajax call then: Returns a rendered HTML form for a bulk add of domains If the request is a POST and a Ajax call then: Returns a response that contains information about the status of the bulk uploaded domains. This may include information such as domains that failed or successfully added. This may also contain helpful status messages about each operation. """ formdict = form_to_dict(AddDomainForm(request.user)) user = request.user if request.method == "POST" and request.is_ajax(): if user.has_access_to(DomainACL.WRITE): response = process_bulk_add_domain(request, formdict) else: response = { "success": False, "message": "User does not have permission to add domains." } return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: if user.has_access_to(DomainACL.WRITE): objectformdict = form_to_dict(AddObjectForm(request.user)) return render_to_response( 'bulk_add_default.html', { 'formdict': formdict, 'objectformdict': objectformdict, 'title': "Bulk Add Domains", 'table_name': 'domain', 'local_validate_columns': [form_consts.Domain.DOMAIN_NAME], 'custom_js': "domain_handsontable.js", 'is_bulk_add_objects': True }, RequestContext(request)) else: response = { "success": False, "message": "User does not have permission to add domains." } return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json")
def bulk_add_domain(request): """ Bulk add domains via a bulk upload form. Args: request: The Django context which contains information about the session and key/value pairs for the bulk add domains request Returns: If the request is not a POST and not a Ajax call then: Returns a rendered HTML form for a bulk add of domains If the request is a POST and a Ajax call then: Returns a response that contains information about the status of the bulk uploaded domains. This may include information such as domains that failed or successfully added. This may also contain helpful status messages about each operation. """ all_obj_type_choices = [(c[0], c[0], {'datatype':c[1].keys()[0], 'datatype_value':c[1].values()[0]} ) for c in get_object_types(False)] formdict = form_to_dict(AddDomainForm(request.user)) if request.method == "POST" and request.is_ajax(): response = process_bulk_add_domain(request, formdict); return HttpResponse(json.dumps(response, default=json_handler), mimetype='application/json') else: objectformdict = form_to_dict(AddObjectForm(request.user, all_obj_type_choices)) return render_to_response('bulk_add_default.html', {'formdict': formdict, 'objectformdict': objectformdict, 'title': "Bulk Add Domains", 'table_name': 'domain', 'local_validate_columns': [form_consts.Domain.DOMAIN_NAME], 'custom_js': "domain_handsontable.js", 'is_bulk_add_objects': True}, RequestContext(request));
def bulk_add_md5_sample(request): """ Bulk add samples via a bulk upload form. Args: request: The Django context which contains information about the session and key/value pairs for the bulk add request Returns: If the request is not a POST and not a Ajax call then: Returns a rendered HTML form for a bulk add of domains If the request is a POST and a Ajax call then: Returns a response that contains information about the status of the bulk add. This may include information such as items that failed or successfully added. This may also contain helpful status messages about each operation. """ formdict = form_to_dict( UploadFileForm(request.user, request.POST, request.FILES)) objectformdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): response = process_bulk_add_md5_sample(request, formdict) return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: return render( request, 'bulk_add_default.html', { 'formdict': formdict, 'objectformdict': objectformdict, 'title': "Bulk Add Samples", 'table_name': 'sample', 'local_validate_columns': [form_consts.Sample.MD5], 'is_bulk_add_objects': True }, )
def bulk_add_object(request): """ Bulk add objects. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) return HttpResponse(json.dumps(response, default=json_handler), mimetype='application/json') else: return render_to_response( 'bulk_add_default.html', { 'formdict': formdict, 'title': "Bulk Add Objects", 'table_name': 'object' }, RequestContext(request))
def add_new_object(request): """ Add a new object. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': analyst = "%s" % request.user user = request.user result = "" message = "" my_type = request.POST['otype'] acl = get_acl_object(my_type) if user.has_access_to(acl.OBJECTS_ADD): form = AddObjectForm(user, request.POST, request.FILES) if not form.is_valid() and 'value' not in request.FILES: message = "Invalid Form: %s" % form.errors form = form.as_table() response = json.dumps({'message': message, 'form': form, 'success': False}) if request.is_ajax(): return HttpResponse(response, content_type="application/json") else: return render_to_response("file_upload_response.html", {'response':response}, RequestContext(request)) source = request.POST['source_name'] oid = request.POST['oid'] object_type = request.POST['object_type'] method = request.POST['source_method'] reference = request.POST['source_reference'] tlp = request.POST['source_tlp'] add_indicator = request.POST.get('add_indicator', None) data = None # if it was a file upload, handle the file appropriately if 'value' in request.FILES: data = request.FILES['value'] value = request.POST.get('value', None) if isinstance(value, basestring): value = value.strip() results = add_object(my_type, oid, object_type, source, method, reference, tlp, user.username, value=value, file_=data, add_indicator=add_indicator, is_sort_relationships=True) else: results = {'success':False, 'message':'User does not have permission to add object'} if results['success']: subscription = { 'type': my_type, 'id': oid } if results.get('relationships', None): relationship = {'type': my_type, 'value': oid} relationships = results['relationships'] html = render_to_string('objects_listing_widget.html', {'objects': results['objects'], 'relationships': relationships, 'subscription': subscription}, RequestContext(request)) result = {'success': True, 'html': html, 'message': results['message']} rel_msg = render_to_string('relationships_listing_widget.html', {'relationship': relationship, 'nohide': True, 'relationships': relationships}, RequestContext(request)) result['rel_made'] = True result['rel_msg'] = rel_msg else: html = render_to_string('objects_listing_widget.html', {'objects': results['objects'], 'subscription': subscription}, RequestContext(request)) result = {'success': True, 'html': html, 'message': results['message']} else: message = "Error adding object: %s" % results['message'] result = {'success': False, 'message': message} if request.is_ajax(): return HttpResponse(json.dumps(result), content_type="application/json") else: return render_to_response("file_upload_response.html", {'response': json.dumps(result)}, RequestContext(request)) else: error = "Expected POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def add_new_object(request): """ Add a new object. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': analyst = "%s" % request.user user = request.user result = "" message = "" my_type = request.POST['otype'] acl = get_acl_object(my_type) if user.has_access_to(acl.OBJECTS_ADD): form = AddObjectForm(user, request.POST, request.FILES) if not form.is_valid() and 'value' not in request.FILES: message = "Invalid Form: %s" % form.errors form = form.as_table() response = json.dumps({ 'message': message, 'form': form, 'success': False }) if request.is_ajax(): return HttpResponse(response, content_type="application/json") else: return render_to_response("file_upload_response.html", {'response': response}, RequestContext(request)) source = request.POST['source_name'] oid = request.POST['oid'] object_type = request.POST['object_type'] method = request.POST['source_method'] reference = request.POST['source_reference'] tlp = request.POST['source_tlp'] add_indicator = request.POST.get('add_indicator', None) data = None # if it was a file upload, handle the file appropriately if 'value' in request.FILES: data = request.FILES['value'] value = request.POST.get('value', None) if isinstance(value, basestring): value = value.strip() results = add_object(my_type, oid, object_type, source, method, reference, tlp, user.username, value=value, file_=data, add_indicator=add_indicator, is_sort_relationships=True) else: results = { 'success': False, 'message': 'User does not have permission to add object' } if results['success']: subscription = {'type': my_type, 'id': oid} if results.get('relationships', None): relationship = {'type': my_type, 'value': oid} relationships = results['relationships'] html = render_to_string( 'objects_listing_widget.html', { 'objects': results['objects'], 'relationships': relationships, 'subscription': subscription }, RequestContext(request)) result = { 'success': True, 'html': html, 'message': results['message'] } rel_msg = render_to_string( 'relationships_listing_widget.html', { 'relationship': relationship, 'nohide': True, 'relationships': relationships }, RequestContext(request)) result['rel_made'] = True result['rel_msg'] = rel_msg else: html = render_to_string('objects_listing_widget.html', { 'objects': results['objects'], 'subscription': subscription }, RequestContext(request)) result = { 'success': True, 'html': html, 'message': results['message'] } else: message = "Error adding object: %s" % results['message'] result = {'success': False, 'message': message} if request.is_ajax(): return HttpResponse(json.dumps(result), content_type="application/json") else: return render_to_response("file_upload_response.html", {'response': json.dumps(result)}, RequestContext(request)) else: error = "Expected POST" return render_to_response("error.html", {"error": error}, RequestContext(request))
def bulk_add_object_inline(request): """ Bulk add objects inline. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): user = request.user acl = get_acl_object(request.POST['otype']) if user.has_access_to(acl.OBJECTS_ADD): response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) secondary_data_array = response.get('secondary') if secondary_data_array: latest_secondary_data = secondary_data_array[-1] class_type = class_from_id(latest_secondary_data['type'], latest_secondary_data['id']) subscription = { 'type': latest_secondary_data['type'], 'id': latest_secondary_data['id'], 'value': latest_secondary_data['id'] } object_listing_html = render_to_string( 'objects_listing_widget.html', { 'objects': class_type.sort_objects(), 'subscription': subscription }, RequestContext(request)) response['html'] = object_listing_html is_relationship_made = False for secondary_data in secondary_data_array: if secondary_data.get('relationships'): is_relationship_made = True break if is_relationship_made == True: rel_html = render_to_string( 'relationships_listing_widget.html', { 'relationship': subscription, 'relationships': class_type.sort_relationships(request.user, meta=True) }, RequestContext(request)) response['rel_msg'] = rel_html response['rel_made'] = True return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: is_prevent_initial_table = request.GET.get('isPreventInitialTable', False) is_use_item_source = request.GET.get('useItemSource', False) if is_use_item_source == True or is_use_item_source == "true": otype = request.GET.get('otype') oid = request.GET.get('oid') # Get the item with the type and ID from the database obj = class_from_id(otype, oid) if obj: source_field_name = get_source_field_for_class(otype) if source_field_name: # If the item has a source, then use the source value # to set as the default source if hasattr(obj, "source"): source_field = get_field_from_label("source", formdict) earliest_source = None earliest_date = None # Get the earliest source, compared by date for source in obj.source: for source_instance in source.instances: if earliest_source == None or source_instance.date < earliest_date: earliest_date = source_instance.date earliest_source = source if earliest_source: source_field['initial'] = earliest_source.name return render_to_response( 'bulk_add_object_inline.html', { 'formdict': formdict, 'title': "Bulk Add Objects", 'is_prevent_initial_table': is_prevent_initial_table, 'table_name': 'object_inline' }, RequestContext(request))
def add_new_object(request): """ Add a new object. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': analyst = "%s" % request.user result = "" message = "" my_type = request.POST['otype'] all_obj_type_choices = [(c[0], c[0], {'datatype':c[1].keys()[0], 'datatype_value':c[1].values()[0]} ) for c in get_object_types(False)] form = AddObjectForm(analyst, all_obj_type_choices, request.POST, request.FILES) if not form.is_valid() and not 'value' in request.FILES: message = "Invalid Form: %s" % form.errors form = form.as_table() response = json.dumps({'message': message, 'form': form, 'success': False}) if request.is_ajax(): return HttpResponse(response, mimetype="application/json") else: return render_to_response("file_upload_response.html", {'response':response}, RequestContext(request)) source = request.POST['source'] oid = request.POST['oid'] ot_array = request.POST['object_type'].split(" - ") object_type = ot_array[0] name = ot_array[1] if len(ot_array) == 2 else ot_array[0] method = request.POST['method'] reference = request.POST['reference'] add_indicator = request.POST.get('add_indicator', None) data = None # if it was a file upload, handle the file appropriately if 'value' in request.FILES: data = request.FILES['value'] value = request.POST.get('value', None) if isinstance(value, basestring): value = value.strip() results = add_object(my_type, oid, object_type, name, source, method, reference, analyst, value=value, file_=data, add_indicator=add_indicator, is_sort_relationships=True) if results['success']: subscription = { 'type': my_type, 'id': oid } if results.get('relationships', None): relationship = {'type': my_type, 'value': oid} relationships = results['relationships'] html = render_to_string('objects_listing_widget.html', {'objects': results['objects'], 'relationships': relationships, 'subscription': subscription}, RequestContext(request)) result = {'success': True, 'html': html, 'message': results['message']} rel_msg = render_to_string('relationships_listing_widget.html', {'relationship': relationship, 'nohide': True, 'relationships': relationships}, RequestContext(request)) result['rel_made'] = True result['rel_msg'] = rel_msg else: html = render_to_string('objects_listing_widget.html', {'objects': results['objects'], 'subscription': subscription}, RequestContext(request)) result = {'success': True, 'html': html, 'message': results['message']} else: message = "Error adding object: %s" % results['message'] result = {'success': False, 'message': message} if request.is_ajax(): return HttpResponse(json.dumps(result), mimetype="application/json") else: return render_to_response("file_upload_response.html", {'response': json.dumps(result)}, RequestContext(request)) else: error = "Expected POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def add_new_object(request): """ Add a new object. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == "POST": analyst = "%s" % request.user result = "" message = "" my_type = request.POST["otype"] all_obj_type_choices = [ (c[0], c[0], {"datatype": c[1].keys()[0], "datatype_value": c[1].values()[0]}) for c in get_object_types(False) ] form = AddObjectForm(analyst, all_obj_type_choices, request.POST, request.FILES) if not form.is_valid() and not "value" in request.FILES: message = "Invalid Form: %s" % form.errors form = form.as_table() response = json.dumps({"message": message, "form": form, "success": False}) if request.is_ajax(): return HttpResponse(response, mimetype="application/json") else: return render_to_response("file_upload_response.html", {"response": response}, RequestContext(request)) source = request.POST["source"] oid = request.POST["oid"] ot_array = request.POST["object_type"].split(" - ") object_type = ot_array[0] name = ot_array[1] if len(ot_array) == 2 else ot_array[0] method = request.POST["method"] reference = request.POST["reference"] add_indicator = request.POST.get("add_indicator", None) data = None # if it was a file upload, handle the file appropriately if "value" in request.FILES: data = request.FILES["value"] value = request.POST.get("value", None) if isinstance(value, basestring): value = value.strip() results = add_object( my_type, oid, object_type, name, source, method, reference, analyst, value=value, file_=data, add_indicator=add_indicator, is_sort_relationships=True, ) if results["success"]: subscription = {"type": my_type, "id": oid} if results.get("relationships", None): relationship = {"type": my_type, "value": oid} relationships = results["relationships"] html = render_to_string( "objects_listing_widget.html", {"objects": results["objects"], "relationships": relationships, "subscription": subscription}, RequestContext(request), ) result = {"success": True, "html": html, "message": results["message"]} rel_msg = render_to_string( "relationships_listing_widget.html", {"relationship": relationship, "nohide": True, "relationships": relationships}, RequestContext(request), ) result["rel_made"] = True result["rel_msg"] = rel_msg else: html = render_to_string( "objects_listing_widget.html", {"objects": results["objects"], "subscription": subscription}, RequestContext(request), ) result = {"success": True, "html": html, "message": results["message"]} else: message = "Error adding object: %s" % results["message"] result = {"success": False, "message": message} if request.is_ajax(): return HttpResponse(json.dumps(result), mimetype="application/json") else: return render_to_response( "file_upload_response.html", {"response": json.dumps(result)}, RequestContext(request) ) else: error = "Expected POST" return render_to_response("error.html", {"error": error}, RequestContext(request))