def create_alias(request):
request.session.set_expiry(SESSION_EXPIRY)
if request.method != 'POST':
return error_page_free_format(request, 'invalid method')
error_ = check_allow_configuration_alias_view(request)
if error_ is not None:
return error_
try:
pid = get_configuration_alias_id(request)
setting_alias = get_configuration_alias_create_alias(request)
if (setting_alias is None or len(setting_alias) == 0):
return error_page_free_format(request, 'No Alias.')
if (len(setting_alias) > 10240):
return error_page_free_format(request,
'Exceeded the max length of Alias.')
# alias作成
stip_user = request.user
Aliases.objects.create(setting_alias, stip_user, pid)
replace_dict = get_common_replace_dict(request)
replace_dict['aliases'] = Aliases.objects.filter(user=stip_user)
replace_dict['info_msg'] = 'Create or Modify Success!!'
# レンダリング
return render(request, 'alias.html', replace_dict)
except Exception:
# エラーページ
return error_page(request)
def stix_upload(request):
request.session.set_expiry(SESSION_EXPIRY)
error_ = check_allow_sharing_view(request)
if error_ is not None:
return error_
try:
# post以外はエラー
if request.method != 'POST':
# エラー画面
raise Exception('Invalid HTTP Method')
package_name = get_sharing_upload_package_name(request)
if (len(package_name) > 100):
return error_page_free_format(
request, 'Exceeded the max length of Package name.')
community_id = get_sharing_upload_vendor_id(request)
if (community_id is not None and len(community_id) > 100):
return error_page_free_format(
request, 'Exceeded the max length of Vendor id.')
stixes = get_sharing_stix(request)
# Ctirsクラスのインスタンスを作成
ctirs = Ctirs(request)
ctirs.post_stix_files(community_id, package_name, stixes[0])
# レンダリング(sharingのトップページ)
return sharing_view_top(request, 'Upload Success!!')
except Exception:
return error_page(request)
def delete_taxii(request):
request.session.set_expiry(SESSION_EXPIRY)
stip_user = request.user
# GET以外はエラー
if request.method != 'GET':
return error_page_free_format(request, 'invalid method')
# activeユーザー以外はエラー
if not stip_user.is_active:
return HttpResponseForbidden('Your account is inactivate.')
# adminユーザ以外はエラー
if not stip_user.is_admin:
return HttpResponseForbidden('You have no permission.')
error_ = check_allow_configuration_view(request)
if error_ is not None:
return error_
try:
display_name = get_configuration_taxii_delete_display_name(request)
if(display_name is None or len(display_name) == 0):
return error_page_free_format(request, 'No Display Name.')
taxii = Taxii.objects.get(name=display_name)
print(Config.objects.get().default_taxii)
if Config.objects.get().default_taxii == taxii:
return error_page_free_format(request, 'Cannot Delete A Default Taxii Setting.')
taxii.delete()
replace_dict = get_common_replace_dict(request)
replace_dict['taxiis'] = Taxii.objects.all()
replace_dict['info_msg'] = 'Delete Success!!'
# レンダリング
return render(request, 'taxii.html', replace_dict)
except Exception:
# エラーページ
return error_page(request)
def stix_data_csv_download(request):
request.session.set_expiry(SESSION_EXPIRY)
error_ = check_allow_sharing_view(request)
if error_ is not None:
return error_
try:
# requestから値取得
package_id = get_sharing_csv_download_package_id(request)
if (package_id is None or len(package_id) == 0):
return error_page_free_format(request, 'No package_id.')
l1_type_list = get_package_l1_info(request, package_id)
# ファイルの中身を作成する
contents = ''
for l1_list in l1_type_list:
type_, l_ = l1_list
for value in l_:
contents += '%s,%s\n' % (type_, value)
# ダウンロードファイル名を生成
filename = package_id + '_observables.csv'
# CSVデータをStringIO化する
output = io.StringIO()
output.write(contents)
# response作成
response = HttpResponse(output.getvalue(), content_type='text/csv')
response['Content-Disposition'] = 'attachment; filename=%s' % (
filename)
return response
except Exception:
return error_page(request)
def system_modify(request):
request.session.set_expiry(SESSION_EXPIRY)
stip_user = request.user
# POST以外はエラー
if request.method != 'POST':
return error_page_free_format(request, 'invalid method')
# activeユーザー以外はエラー
if not stip_user.is_active:
return HttpResponseForbidden('Your account is inactivate.')
# adminユーザ以外はエラー
if not stip_user.is_admin:
return HttpResponseForbidden('You have no permission.')
error_ = check_allow_configuration_view(request)
if error_ is not None:
return error_
try:
default_taxii_name = get_configuration_system_default_taxii(request)
path_sharing_policy_specifications = get_configuration_system_sharing_policy_specifications(request)
path_bootstrap_css_dir = get_configuration_system_bootstrap_css_dir(request)
rs_host = get_configuration_system_rs_host(request)
# エラー発生時に更新前のデータを取得
replace_dict = get_success_replace_dict(request)
if(len(default_taxii_name) > 100):
replace_dict['error_msg'] = 'Exceeded the max length of Default Taxii.'
return render(request, 'system.html', replace_dict)
if(path_sharing_policy_specifications is None or len(path_sharing_policy_specifications) == 0):
replace_dict['error_msg'] = 'No Sharing Policy Specifications File Path.'
return render(request, 'system.html', replace_dict)
if(len(path_sharing_policy_specifications) > 100):
replace_dict['error_msg'] = 'Exceeded the max length of Sharing Policy Specifications File Path.'
return render(request, 'system.html', replace_dict)
if(rs_host is None or len(rs_host) == 0):
replace_dict['error_msg'] = 'No RS: Host.'
return render(request, 'system.html', replace_dict)
if(path_bootstrap_css_dir is None or len(path_bootstrap_css_dir) == 0):
replace_dict['error_msg'] = 'No Bootstrap CSS Directory.'
return render(request, 'system.html', replace_dict)
if(len(path_bootstrap_css_dir) > 100):
replace_dict['error_msg'] = 'Exceeded the max length of Bootstrap CSS Directory.'
return render(request, 'system.html', replace_dict)
# Config更新
Config.objects.modify_system(default_taxii_name, path_sharing_policy_specifications, path_bootstrap_css_dir, rs_host)
# データ更新後のデータを取得
replace_dict = get_success_replace_dict(request)
# レンダリング
replace_dict['info_msg'] = 'Modify Success!!'
return render(request, 'system.html', replace_dict)
except Exception:
# エラーページ
return error_page(request)
def delete_alias(request):
request.session.set_expiry(SESSION_EXPIRY)
if request.method != 'GET':
return error_page_free_format(request, 'invalid method')
error_ = check_allow_configuration_alias_view(request)
if error_ is not None:
return error_
try:
pid = get_configuration_alias_id(request)
if (pid is None or len(pid) == 0):
return error_page_free_format(request, 'No Id.')
stip_user = request.user
alias = Aliases.objects.get(pk=pid, user=stip_user)
alias.delete()
replace_dict = get_common_replace_dict(request)
replace_dict['aliases'] = Aliases.objects.filter(user=stip_user)
replace_dict['info_msg'] = 'Delete Success!!'
# レンダリング
return render(request, 'alias.html', replace_dict)
except Exception:
# エラーページ
return error_page(request)
def system_view_top(request):
request.session.set_expiry(SESSION_EXPIRY)
stip_user = request.user
# GET以外はエラー
if request.method != 'GET':
return error_page_free_format(request, 'invalid method')
# activeユーザー以外はエラー
if not stip_user.is_active:
return HttpResponseForbidden('Your account is inactivate.')
# adminユーザ以外はエラー
if not stip_user.is_admin:
return HttpResponseForbidden('You have no permission.')
error_ = check_allow_configuration_view(request)
if error_ is not None:
return error_
try:
# レンダリング
return render(request, 'system.html', get_success_replace_dict(request))
except Exception:
# エラーページ
return error_page(request)
def create_taxii(request):
request.session.set_expiry(SESSION_EXPIRY)
stip_user = request.user
# POST以外はエラー
if request.method != 'POST':
return error_page_free_format(request, 'invalid method')
# activeユーザー以外はエラー
if not stip_user.is_active:
return HttpResponseForbidden('Your account is inactivate.')
# adminユーザ以外はエラー
if not stip_user.is_admin:
return HttpResponseForbidden('You have no permission.')
error_ = check_allow_configuration_view(request)
if error_ is not None:
return error_
try:
setting_name = get_configuration_taxii_create_display_name(request)
if(setting_name is None or len(setting_name) == 0):
return error_page_free_format(request, 'No Display Name.')
if(len(setting_name) > 100):
return error_page_free_format(request, 'Exceeded the max length of Display Name.')
address = get_configuration_taxii_create_address(request)
if(address is None or len(address) == 0):
return error_page_free_format(request, 'No Address.')
if(len(address) > 100):
return error_page_free_format(request, 'Exceeded the max length of Address.')
try:
port = get_configuration_taxii_create_port(request)
if(port < 0 or port > 65535):
return error_page_free_format(request, 'Invalid port.')
except ValueError:
return error_page_free_format(request, 'Invalid port.')
path = get_configuration_taxii_create_path(request)
if(path is None or len(path) == 0):
return error_page_free_format(request, 'No Path.')
if(len(path) > 100):
return error_page_free_format(request, 'Exceeded the max length of Path.')
collection = get_configuration_taxii_create_collection(request)
if(collection is None or len(collection) == 0):
return error_page_free_format(request, 'No Collection.')
if(len(collection) > 100):
return error_page_free_format(request, 'Exceeded the max length of Collection.')
login_id = get_configuration_taxii_create_login_id(request)
if(login_id is None or len(login_id) == 0):
return error_page_free_format(request, 'No Login ID.')
if(len(login_id) > 100):
return error_page_free_format(request, 'Exceeded the max length of Login ID.')
login_password = get_configuration_taxii_create_login_password(request)
if(len(login_password) > 100):
return error_page_free_format(request, 'Exceeded the max length of Login Password.')
ssl = get_configuration_taxii_create_ssl(request)
# taxii作成
Taxii.objects.create(setting_name,
address=address,
port=port,
ssl=ssl,
path=path,
collection=collection,
login_id=login_id,
login_password=login_password)
replace_dict = get_common_replace_dict(request)
replace_dict['taxiis'] = Taxii.objects.all()
replace_dict['info_msg'] = 'Create or Modify Success!!'
# レンダリング
return render(request, 'taxii.html', replace_dict)
except Exception:
# エラーページ
return error_page(request)
