def patch(self, request, url_slug, format=None):
try:
project = Project.objects.get(url_slug=url_slug)
except Project.DoesNotExist:
return Response(
{'message': 'Project not found: {}'.format(url_slug)},
status=status.HTTP_404_NOT_FOUND)
if 'name' in request.data and request.data['name'] != project.name:
project.name = request.data['name']
project.url_slug = request.data['name'] + str(project.id)
if 'skills' in request.data:
for skill in project.skills.all():
if not skill.id in request.data['skills']:
logger.error("this skill needs to be deleted: " +
skill.name)
project.skills.remove(skill)
for skill_id in request.data['skills']:
try:
skill = Skill.objects.get(id=skill_id)
project.skills.add(skill)
except Skill.DoesNotExist:
logger.error("Passed skill id {} does not exists")
old_project_taggings = ProjectTagging.objects.filter(project=project)
old_project_tags = old_project_taggings.values('project_tag')
if 'project_tags' in request.data:
order = len(request.data['project_tags'])
for tag in old_project_tags:
if not tag['project_tag'] in request.data['project_tags']:
tag_to_delete = ProjectTags.objects.get(
id=tag['project_tag'])
ProjectTagging.objects.filter(
project=project, project_tag=tag_to_delete).delete()
for tag_id in request.data['project_tags']:
old_taggings = old_project_taggings.filter(project_tag=tag_id)
if not old_taggings.exists():
try:
tag = ProjectTags.objects.get(id=tag_id)
ProjectTagging.objects.create(project_tag=tag,
project=project,
order=order)
except ProjectTags.DoesNotExist:
logger.error("Passed proj tag id {} does not exists")
else:
old_tagging = old_taggings[0]
if not old_tagging.order == order:
old_tagging.order = int(order)
old_tagging.save()
order = order - 1
if 'image' in request.data:
project.image = get_image_from_data_url(request.data['image'])[0]
if 'thumbnail_image' in request.data:
project.thumbnail_image = get_image_from_data_url(
request.data['thumbnail_image'])[0]
if 'status' in request.data:
try:
project_status = ProjectStatus.objects.get(
id=int(request.data['status']))
except ProjectStatus.DoesNotExist:
raise NotFound('Project status not found.')
project.status = project_status
if 'start_date' in request.data:
project.start_date = parse(request.data['start_date'])
if 'end_date' in request.data:
project.end_date = parse(request.data['end_date'])
if 'short_description' in request.data:
project.short_description = request.data['short_description']
if 'description' in request.data:
project.description = request.data['description']
if 'country' in request.data:
project.country = request.data['country']
if 'city' in request.data:
project.city = request.data['city']
if 'is_draft' in request.data:
project.is_draft = False
if 'website' in request.data:
project.website = request.data['website']
if 'collaborators_welcome' in request.data:
project.collaborators_welcome = request.data[
'collaborators_welcome']
if 'helpful_connections' in request.data:
project.helpful_connections = request.data['helpful_connections']
if 'is_personal_project' in request.data:
if request.data['is_personal_project'] == True:
project_parents = ProjectParents.objects.get(project=project)
project_parents.parent_organization = None
project_parents.save()
if 'parent_organization' in request.data:
project_parents = ProjectParents.objects.get(project=project)
try:
organization = Organization.objects.get(
id=request.data['parent_organization'])
except Organization.DoesNotExist:
logger.error("Passed parent organization id {} does not exist")
project_parents.parent_organization = organization
project_parents.save()
project.save()
return Response(
{
'message': 'Project {} successfully updated'.format(
project.name),
'url_slug': project.url_slug
},
status=status.HTTP_200_OK)
def save(self):
alert_id = self.validated_data['id']
alert = Alert.objects.get(pk=alert_id)
dns_twisted = DnsTwisted.objects.get(pk=alert.dns_twisted.pk)
# Getting IOCs related to the new twisted domain
if Site.objects.filter(domain_name=dns_twisted.domain_name):
already_in_monitoring = True
site = Site.objects.get(domain_name=dns_twisted.domain_name)
# Store Event Id in database
DnsTwisted.objects.filter(pk=dns_twisted.pk).update(
misp_event_id=site.misp_event_id)
else:
already_in_monitoring = False
site = Site.objects.create(domain_name=dns_twisted.domain_name,
rtir=-999999999)
monitoring_init(site)
site = Site.objects.get(pk=site.pk)
# We now hav the IOCs related to the domain, we can remove it from monitoring
if not already_in_monitoring:
Site.objects.filter(pk=site.pk).delete()
if site.misp_event_id is None:
site.misp_event_id = dns_twisted.misp_event_id
# Test MISP instance connection
try:
requests.get(settings.MISP_URL, verify=settings.MISP_VERIFY_SSL)
except requests.exceptions.SSLError as e:
print(str(timezone.now()) + " - ", e)
raise AuthenticationFailed("SSL Error: " + settings.MISP_URL)
except requests.exceptions.RequestException as e:
print(str(timezone.now()) + " - ", e)
raise NotFound("Not Found: " + settings.MISP_URL)
misp_api = ExpandedPyMISP(settings.MISP_URL, settings.MISP_KEY,
settings.MISP_VERIFY_SSL)
if site.misp_event_id is not None:
# If the event already exist, then we update IOCs
update_attributes(misp_api, site)
else:
# If the event does not exist, then we create it
# Prepare MISP Event
event = MISPEvent()
event.distribution = 0
event.threat_level_id = 2
event.analysis = 0
event.info = "Suspicious domain name " + site.domain_name
event.tags = create_misp_tags(misp_api)
# Create MISP Event
print(str(timezone.now()) + " - " + 'Create MISP Event')
print('-----------------------------')
event = misp_api.add_event(event, pythonify=True)
# Store Event Id in database
DnsTwisted.objects.filter(pk=dns_twisted.pk).update(
misp_event_id=event.id)
if Site.objects.filter(domain_name=dns_twisted.domain_name):
Site.objects.filter(pk=site.pk).update(misp_event_id=event.id)
# Create MISP Attributes
create_attributes(misp_api, event.id, site)
def get_property(self):
try:
return Property.objects.get(pk=1)
except Property.DoesNotExist:
raise NotFound()
def get(self, request, *args, **kw):
# Process any get params that you may need
# If you don't need to process get params,
# you can skip this part
repo = self.kwargs['resource_id']
try:
specific_repo = repo_model.objects.get(id=repo)
except:
return Response({'detail': 'Repo not found'},
status=status.HTTP_404_NOT_FOUND)
this_repo = Repository(specific_repo.get_repo_path())
directory = ""
if 'directories' in self.kwargs:
directory = self.kwargs['directories']
dir_path = path.join(specific_repo.get_repo_path(), directory)
try:
os.chdir(dir_path)
except:
# returning Response() and raise NotFound is the same
# return Response(status=status.HTTP_404_NOT_FOUND)
raise NotFound(detail="No such dir or file", code=404)
index_tree = this_repo.index
tuplet = []
time2 = None
user = request.user
is_owner = False
is_editor = False
if specific_repo.owner == user:
is_owner = True
if user.is_superuser:
is_owner = True
for editor in specific_repo.editors.all():
if editor.id == user.id:
is_editor = True
empty = False
if this_repo.is_empty:
empty = True
try:
commit = this_repo.revparse_single('HEAD')
tree = commit.tree
folders = []
if directory != "":
item = tree.__getitem__(str(directory))
index_tree.read_tree(item.id)
for entry in index_tree:
name = entry.path
filemode = index_tree[entry.path].mode
type = ""
if filemode is '33188':
type = "tree"
if name in folders:
continue
folders.append(name)
else:
type = "blob"
if "/" in entry.path:
name = entry.path.split("/")[0]
filemode = '100644'
type = "tree"
if name in folders:
continue
folders.append(name)
tuplet.append({
'name': name,
'id': entry.hex,
'type': type,
'filemode': filemode
})
else:
for entry in tree:
tuplet.append({
'name': entry.name,
'id': entry.id.hex,
'type': entry.type,
'filemode': entry.filemode
})
date_handler = lambda obj: ( # noqa: E731
obj.isoformat()
if isinstance(obj,
(datetime.datetime, datetime.date)) else None)
time2 = json.dumps(datetime.datetime.fromtimestamp(
commit.commit_time),
default=date_handler)
dir_hier = directory
main_list = {
'files': tuplet,
'hex': commit.hex,
'message': commit.message,
'author': commit.author.name,
'committer': commit.committer.name,
'time': time2,
'branches': list(this_repo.branches),
'is_owner': is_owner,
'is_empty': empty,
'dir_hier': dir_hier,
'is_editor': is_editor
}
except:
# no files, no initial commit so no head hex
main_list = {
'files': tuplet,
'hex': None,
'message': None,
'author': None,
'committer': None,
'time': None,
'branches': [],
'is_owner': is_owner,
'is_empty': empty,
'is_editor': is_editor,
'dir_hier': None
}
return Response(main_list, status=status.HTTP_200_OK)
def get_pokemon(self, pk):
try:
return Pokemon.objects.get(pk=pk)
except Pokemon.DoesNotExist:
raise NotFound()
def get_object(self, *args, **kwargs):
try:
return models.Post.objects.only('id').get(pk=self.kwargs['pk'])
except models.Post.DoesNotExist:
raise NotFound()
def get_basket(self, pk):
try:
return Basket.objects.get(pk=pk)
except Basket.DoesNotExist:
raise NotFound()
def create(self, request, parent_lookup_question__flow=None):
serializer = FlowResponsesSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
try:
flow = Flow.objects.get(id=parent_lookup_question__flow)
except (Flow.DoesNotExist, ValidationError):
raise NotFound()
response_data = serializer.data["data"]["attributes"]["responses"]
errors = {}
answers = []
questions = {
question.id: question
for question in flow.flowquestion_set.all()
}
for i, response in enumerate(response_data):
(
timestamp,
row_id,
contact_id,
session_id,
question_id,
response_id,
response_metadata,
) = response
try:
question = questions[question_id]
except KeyError:
errors[i] = {
"question_id":
[f"Question with ID {question_id} not found"]
}
continue
answer = FlowResponse(
question=question,
flow=flow,
timestamp=timestamp,
row_id=row_id,
contact_id=contact_id,
session_id=session_id,
response=response_id,
response_metadata=response_metadata,
)
try:
# We've pulled question and flowfrom the database here, so we don't need
# to validate it. We also rely on database uniqueness checks instead.
# Both result in an extra database call.
answer.full_clean(exclude=["question", "flow"],
validate_unique=False)
except ValidationError as e:
errors[i] = flatten_errors(e.error_dict)
continue
answers.append(answer)
if errors:
raise DRFValidationError(
{"data": {
"attributes": {
"responses": errors
}
}})
try:
FlowResponse.objects.bulk_create(answers)
except IntegrityError:
raise DRFValidationError({
"data": {
"attributes": {
"responses":
["row_id is not unique for flow question"]
}
}
})
return Response(status=status.HTTP_204_NO_CONTENT)
def list(self, request, parent_lookup_question__flow=None):
try:
flow = Flow.objects.get(id=parent_lookup_question__flow)
except (Flow.DoesNotExist, ValidationError):
raise NotFound()
answers = FlowResponse.objects.filter(flow=flow).order_by("timestamp")
try:
start_filter = request.query_params["filter[start-timestamp]"]
start_filter = dateparse.parse_datetime(start_filter)
assert start_filter is not None
answers = answers.filter(timestamp__gt=start_filter)
except (KeyError, ValueError, AssertionError):
pass
try:
end_filter = request.query_params["filter[end-timestamp]"]
end_filter = dateparse.parse_datetime(end_filter)
assert end_filter is not None
answers = answers.filter(timestamp__lte=end_filter)
except (KeyError, ValueError, AssertionError):
pass
page_size = settings.REST_FRAMEWORK["PAGE_SIZE"]
try:
page_size = min(page_size, int(request.query_params["page[size]"]))
except (KeyError, ValueError):
pass
has_next = False
has_previous = False
reversed = False
try:
after = request.query_params["page[afterCursor]"]
after_answer = FlowResponse.objects.get(row_id_value=after,
flow=flow)
answers = answers.filter(timestamp__gt=after_answer.timestamp)
answers = answers.order_by("timestamp")
has_previous = True
except (KeyError, FlowResponse.DoesNotExist):
pass
try:
before = request.query_params["page[beforeCursor]"]
before_answer = FlowResponse.objects.get(row_id_value=before,
flow=flow)
answers = answers.filter(timestamp__lt=before_answer.timestamp)
answers = answers.order_by("-timestamp")
reversed = True
has_next = True
except (KeyError, FlowResponse.DoesNotExist):
pass
answers = answers[:page_size + 1].values_list(
"timestamp",
"row_id_value",
"row_id_type",
"contact_id_value",
"session_id_value",
"question__id",
"response_value",
"response_metadata",
)
if len(answers) > page_size:
answers = answers[:page_size]
if reversed:
has_previous = True
else:
has_next = True
if reversed:
answers = answers[::-1]
if has_next:
next_ = replace_query_param(request.build_absolute_uri(),
"page[afterCursor]", answers[-1][1])
next_ = remove_query_param(next_, "page[beforeCursor]")
else:
next_ = None
if has_previous:
previous = replace_query_param(request.build_absolute_uri(),
"page[beforeCursor]", answers[0][1])
previous = remove_query_param(previous, "page[afterCursor]")
else:
previous = None
return Response({
"data": {
"type": "flow-results-data",
"id": flow.id,
"attributes": {
"responses": [[
a[0],
int(a[1])
if a[2] == FlowResponse.Type.INTEGER else a[1],
*a[3:],
] for a in answers]
},
"relationships": {
"descriptor": {
"links": {
"self": request.build_absolute_uri()
}
},
"links": {
"self": request.build_absolute_uri(),
"next": next_,
"previous": previous,
},
},
}
})
def get_kanban(self, pk):
try:
return Kanban.objects.get(pk=pk)
except:
raise NotFound(detail='Kanban Not Found')
def get_health_plan_id(health_plan_id): try: return HealthPlan.objects.get(pk=health_plan_id) except HealthPlan.DoesNotExist: raise NotFound(detail='Health plan not found', code=status.HTTP_404_NOT_FOUND)
def post_uuid_exists(post_uuid):
if not Post.objects.filter(uuid=post_uuid).exists():
raise NotFound(
_('The post does not exist.'),
)
def get_object(self, user_id=None, movie_id=None):
try:
return self.queryset.get(user_id=user_id, movie_id=movie_id)
except Like.DoesNotExist:
raise NotFound()
def get_request(self, id):
try:
return StaffRequest.objects.get(id=id)
except StaffRequest.DoesNotExist:
raise NotFound(f'No request id related to {id} id number.')
def get_by_uuid(cls, doctor_uuid):
try:
return DoctorProfile.objects.get(uuid=doctor_uuid)
except DoctorProfile.DoesNotExist:
raise NotFound(**DOCTOR_NOT_FOUND)
def organization(self) -> Organization:
try:
return Organization.objects.get(id=self.organization_id)
except Organization.DoesNotExist:
raise NotFound(detail="Organization not found.")
def retrieve(self, request, **kwargs):
raise NotFound()
def get_queryset(self):
try:
question = Question.objects.get(id=self.kwargs.get('pk'))
except Question.DoesNotExist:
raise NotFound()
return question.answer_set.popular()
def get_one(self, pk):
try:
return Like.objects.get(pk=pk)
except Like.DoesNotExist:
raise NotFound()
def get_queryset(self):
try:
tag = self.model.objects.get(id=self.kwargs.get('pk'))
except self.model.DoesNotExist:
raise NotFound()
return tag.question_tags.popular()
def retrieve(self, request, *args, **kwargs):
try:
return super(OrderView, self).retrieve(request, *args, **kwargs)
except OrderModel.DoesNotExist:
raise NotFound("No order has been found for the current user.")
def user_username_exists(username):
if not User.user_with_username_exists(username=username):
raise NotFound("No user with the provided username exists.")
def _get_payment_type(self, label):
try:
return payment_registry.get(label)
except RegistryKeyError:
raise NotFound()
def get_order(pk):
try:
return Order.objects.get(pk=pk)
except Order.DoesNotExist:
raise NotFound()
def save(self):
alert_id = self.validated_data['id']
alert = Alert.objects.get(pk=alert_id)
dns_twisted = DnsTwisted.objects.get(pk=alert.dns_twisted.pk)
# Getting IOCs related to the new twisted domain
if Site.objects.filter(domain_name=dns_twisted.domain_name):
already_in_monitoring = True
site = Site.objects.get(domain_name=dns_twisted.domain_name)
# Save the case id in database
DnsTwisted.objects.filter(pk=dns_twisted.pk).update(
the_hive_case_id=site.the_hive_case_id)
else:
already_in_monitoring = False
site = Site.objects.create(domain_name=dns_twisted.domain_name,
rtir=-999999999)
monitoring_init(site)
site = Site.objects.get(pk=site.pk)
# We now hav the IOCs related to the domain, we can remove it from monitoring
if not already_in_monitoring:
Site.objects.filter(pk=site.pk).delete()
if site.the_hive_case_id is None:
site.the_hive_case_id = dns_twisted.the_hive_case_id
# Test The Hive instance connection
try:
requests.get(settings.THE_HIVE_URL)
except requests.exceptions.SSLError as e:
print(str(timezone.now()) + " - ", e)
raise AuthenticationFailed("SSL Error: " + settings.THE_HIVE_URL)
except requests.exceptions.RequestException as e:
print(str(timezone.now()) + " - ", e)
raise NotFound("Not Found: " + settings.THE_HIVE_URL)
hive_api = TheHiveApi(settings.THE_HIVE_URL,
settings.THE_HIVE_KEY,
cert=True)
if site.the_hive_case_id is not None:
# If the case already exist, then we update IOCs
update_observables(hive_api, site)
else:
# If the case does not exist, then we create it
# Prepare the case
case = Case(title='Suspicious domain name ' + site.domain_name,
owner=settings.THE_HIVE_CASE_ASSIGNEE,
severity=2,
tlp=2,
pap=2,
flag=False,
tags=[
'Watcher', 'Impersonation', 'Malicious Domain',
'Typosquatting'
],
description='Suspicious domain name ' +
site.domain_name)
# Create the case
print(str(timezone.now()) + " - " + 'Create Case')
print('-----------------------------')
response = hive_api.create_case(case)
if response.status_code == 201:
print(str(timezone.now()) + " - " + "OK")
case_id = response.json()['id']
# Save the case id in database
DnsTwisted.objects.filter(pk=dns_twisted.pk).update(
the_hive_case_id=case_id)
if Site.objects.filter(domain_name=dns_twisted.domain_name):
Site.objects.filter(pk=site.pk).update(
the_hive_case_id=case_id)
# Create all IOCs observables
create_observables(hive_api, case_id, site)
else:
print(
str(timezone.now()) + " - " +
'ko: {}/{}'.format(response.status_code, response.text))
data = {
'detail':
response.json()['type'] + ": " + response.json()['message']
}
raise serializers.ValidationError(data)
def get_user(pk):
try:
return User.objects.get(pk=pk)
except User.DoesNotExist:
raise NotFound()
def not_found(request):
raise NotFound('NotFound')
def get_by_username_or_email(cls, user_or_email):
try:
_filter = Q(user__username=user_or_email) | Q(user__email=user_or_email)
return DoctorProfile.objects.get(_filter)
except DoctorProfile.DoesNotExist:
raise NotFound(**DOCTOR_NOT_FOUND)
def get_paginated_response(self, data):
if not self.page.paginator.count:
raise NotFound()
return super(PartyAPIPagination, self).get_paginated_response(data)
def post(self, request):
if 'parent_organization' in request.data:
organization = check_organization(
int(request.data['parent_organization']))
else:
organization = None
required_params = [
'name', 'status', 'short_description', 'collaborators_welcome',
'team_members', 'project_tags', 'city', 'country', 'image'
]
for param in required_params:
if param not in request.data:
logger.error(
"Missing required information to create project:{}".format(
param))
return Response(
{
'message':
'Missing required information to create project:' +
param + ' Please contact administrator'
},
status=status.HTTP_400_BAD_REQUEST)
try:
ProjectStatus.objects.get(id=int(request.data["status"]))
except ProjectStatus.DoesNotExist:
return Response({
'message':
"Passed status {} does not exist".format(
request.data["status"])
})
project = create_new_project(request.data)
project_parents = ProjectParents.objects.create(
project=project, parent_user=request.user)
if organization:
project_parents.parent_organization = organization
project_parents.save()
if 'collaborating_organizations' in request.data:
for organization_id in request.data['collaborating_organizations']:
try:
collaborating_organization = Organization.objects.get(
id=int(organization_id))
ProjectCollaborators.objects.create(
project=project,
collaborating_organization=collaborating_organization)
except Organization.DoesNotExist:
logger.error(
"Passed collaborating organization id {} does not exist."
.format(organization_id))
# There are only certain roles user can have. So get all the roles first.
roles = Role.objects.all()
team_members = request.data['team_members']
if 'project_tags' in request.data:
order = len(request.data['project_tags'])
for project_tag_id in request.data['project_tags']:
try:
project_tag = ProjectTags.objects.get(
id=int(project_tag_id))
except ProjectTags.DoesNotExist:
logger.error(
"Passed project tag ID {} does not exists".format(
project_tag_id))
continue
if project_tag:
ProjectTagging.objects.create(project=project,
project_tag=project_tag,
order=order)
order = order - 1
logger.info(
"Project tagging created for project {}".format(
project.id))
for member in team_members:
user_role = roles.filter(id=int(member['role'])).first()
try:
user_availability = Availability.objects.filter(
id=int(member['availability'])).first()
except Availability.DoesNotExist:
raise NotFound(detail="Availability not found.",
code=status.HTTP_404_NOT_FOUND)
try:
user = User.objects.get(id=int(member['id']))
except User.DoesNotExist:
for user in User.objects.all():
logger.error(user.id)
logger.error(
"[CreateProjectView]Passed user id {} does not exists".
format(int(member['id'])))
continue
if user:
ProjectMember.objects.create(
project=project,
user=user,
role=user_role,
availability=user_availability,
role_in_project=member['role_in_project'])
logger.info("Project member created for user {}".format(
user.id))
return Response(
{
'message': 'Project {} successfully created'.format(
project.name),
'url_slug': project.url_slug
},
status=status.HTTP_201_CREATED)
