|
1
|
1 |
|
try: |
|
2
|
1 |
|
from urlparse import parse_qs |
|
3
|
|
|
except ImportError: # python3 |
|
4
|
|
|
from urllib.parse import parse_qs |
|
5
|
1 |
|
import logging |
|
6
|
1 |
|
from time import time |
|
7
|
|
|
|
|
8
|
1 |
|
from flask import Blueprint, render_template, request, redirect, flash, Response, url_for |
|
9
|
|
|
|
|
10
|
1 |
|
from spike.model import db |
|
11
|
1 |
|
from spike.model.naxsi_whitelist import NaxsiWhitelist |
|
12
|
1 |
|
from spike.model.naxsi_whitelistsets import NaxsiWhitelistSets |
|
13
|
1 |
|
from spike.model import naxsi_mz |
|
14
|
|
|
|
|
15
|
1 |
|
whitelists = Blueprint('whitelists', __name__) |
|
16
|
|
|
|
|
17
|
|
|
|
|
18
|
1 |
|
@whitelists.route("/") |
|
19
|
|
|
def index(): |
|
20
|
1 |
|
_wlist = NaxsiWhitelist.query.order_by(NaxsiWhitelist.wid.desc()).all() |
|
|
|
|
|
|
21
|
1 |
|
if not _wlist: |
|
22
|
|
|
flash("No whitelist found, please create one", "success") |
|
23
|
|
|
return redirect(url_for('whitelists.new')) |
|
24
|
1 |
|
return render_template("whitelists/index.html", whitelists=_wlist) |
|
25
|
|
|
|
|
26
|
|
|
|
|
27
|
1 |
|
@whitelists.route("/plain/<string:wid>", methods=["GET"]) |
|
28
|
|
|
def plain(wid): |
|
29
|
1 |
|
_wlist = NaxsiWhitelist.query.filter(NaxsiWhitelist.id == wid).first() |
|
|
|
|
|
|
30
|
1 |
|
if not _wlist: |
|
31
|
1 |
|
flash("No rules found, please create one", "error") |
|
32
|
1 |
|
return redirect(url_for('whitelists.index')) |
|
33
|
1 |
|
return Response(str(_wlist), mimetype='text/plain') |
|
34
|
|
|
|
|
35
|
|
|
|
|
36
|
1 |
|
@whitelists.route("/view/<int:wid>", methods=["GET"]) |
|
37
|
|
|
def view(wid): |
|
38
|
1 |
|
_wlist = NaxsiWhitelist.query.filter(NaxsiWhitelist.id == wid).first() |
|
|
|
|
|
|
39
|
1 |
|
if _wlist is None: |
|
40
|
1 |
|
flash("The whitelist %d was not found." % wid, "error") |
|
41
|
1 |
|
return redirect(url_for('whitelists.index')) |
|
42
|
|
|
return render_template("whitelists/view.html", whitelist=_wlist) |
|
43
|
|
|
|
|
44
|
|
|
|
|
45
|
1 |
|
@whitelists.route("/edit/<string:wid>", methods=["GET"]) |
|
46
|
|
|
def edit(wid): |
|
47
|
|
|
return redirect(url_for('whitelists.new')) |
|
48
|
|
|
|
|
49
|
|
|
|
|
50
|
1 |
View Code Duplication |
@whitelists.route("/del/<string:wid>", methods=["GET"]) |
|
|
|
|
|
|
51
|
|
|
def del_sid(wid): |
|
52
|
1 |
|
_wlist = NaxsiWhitelist.query.filter(NaxsiWhitelist.id == wid).first() |
|
|
|
|
|
|
53
|
1 |
|
if not _wlist: |
|
54
|
1 |
|
return redirect(url_for('whitelists.index')) |
|
55
|
|
|
|
|
56
|
1 |
|
db.session.delete(_wlist) |
|
57
|
1 |
|
db.session.commit() |
|
58
|
|
|
|
|
59
|
1 |
|
flash("Successfully deleted %s" % wid, "success") |
|
60
|
1 |
|
return redirect(url_for('whitelists.index')) |
|
61
|
|
|
|
|
62
|
|
|
|
|
63
|
1 |
|
@whitelists.route("/generate", methods=["GET", "POST"]) |
|
64
|
|
|
def generate(): |
|
65
|
1 |
|
if request.method == "GET": |
|
66
|
1 |
|
return render_template("misc/whitelist_generator.html") |
|
67
|
1 |
|
nxlogs = request.form.get('nxlogs', '') |
|
68
|
|
|
|
|
69
|
1 |
|
if not nxlogs: |
|
70
|
1 |
|
flash('Please input nxlogs') |
|
71
|
1 |
|
return render_template("misc/whitelist_generator.html") |
|
72
|
|
|
|
|
73
|
1 |
|
whitelist = list() |
|
74
|
1 |
|
for nxlog in nxlogs.split('\n'): |
|
75
|
1 |
|
if not nxlog: |
|
76
|
|
|
continue |
|
77
|
1 |
|
start = nxlog.find("ip=") |
|
78
|
1 |
|
if start < 0: |
|
79
|
1 |
|
flash('{} is an invalid extlog, string "ip=" not found.'.format(nxlog)) |
|
80
|
1 |
|
return render_template("misc/whitelist_generator.html", nxlogs=nxlogs) |
|
81
|
|
|
|
|
82
|
1 |
|
end = nxlog.find(", ") |
|
83
|
1 |
|
if end < 0: |
|
84
|
1 |
|
flash('{} is an invalid extlog, string "," not found.'.format(nxlog)) |
|
85
|
1 |
|
return render_template("misc/whitelist_generator.html", nxlogs=nxlogs) |
|
86
|
|
|
|
|
87
|
|
|
# Flatten the dict, since parse_qs is a bit annoying |
|
88
|
1 |
|
nxdic = parse_qs(nxlog[start:end]) |
|
89
|
1 |
|
for key, value in nxdic.items(): |
|
90
|
1 |
|
nxdic[key] = value[0] |
|
91
|
|
|
|
|
92
|
1 |
|
cpt = 0 |
|
93
|
1 |
View Code Duplication |
while "id{}".format(cpt) in nxdic: |
|
|
|
|
|
|
94
|
1 |
|
_id = "id{}".format(cpt) |
|
95
|
1 |
|
_var_name = "var_name{}".format(cpt) |
|
96
|
1 |
|
_zone = "zone{}".format(cpt) |
|
97
|
1 |
|
if "var_name{}".format(cpt) in nxdic: |
|
98
|
1 |
|
whitelist.append('BasicRule wl:{} "mz:{}:{}"'.format(nxdic[_id], nxdic[_var_name], nxdic[_zone])) |
|
99
|
|
|
else: |
|
100
|
|
|
whitelist.append('BasicRule wl:{} "mz:{}"'.format(nxdic[_id], nxdic[_var_name])) |
|
101
|
1 |
|
cpt += 1 |
|
102
|
1 |
|
return render_template("misc/whitelist_generator.html", whitelist='\n'.join(whitelist) + ';', nxlogs=nxlogs) |
|
103
|
|
|
|
|
104
|
|
|
|
|
105
|
1 |
|
@whitelists.route('/new', methods=["GET", "POST"]) |
|
106
|
|
|
def new(): |
|
107
|
1 |
|
if request.method == "GET": |
|
108
|
1 |
|
_whitelistesets = NaxsiWhitelistSets.query.all() |
|
|
|
|
|
|
109
|
1 |
|
return render_template('whitelists/new.html', matchzones=naxsi_mz, whitelistsets=_whitelistesets) |
|
110
|
|
|
|
|
111
|
1 |
|
logging.debug('Posted new request: %s', request.form) |
|
112
|
|
|
|
|
113
|
1 |
|
mz = "|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val"))) |
|
114
|
1 |
|
wid = request.form.get('wid', '') |
|
115
|
1 |
|
whitelistset = request.form.get("whitelistset", '') |
|
116
|
|
|
|
|
117
|
1 |
|
if not wid: |
|
118
|
1 |
|
flash('Please enter a wid', category='error') |
|
119
|
1 |
|
return render_template('whitelists/new.html') |
|
120
|
1 |
|
elif not whitelistset: |
|
121
|
1 |
|
flash('Please enter a whitelistset', category='error') |
|
122
|
1 |
|
return render_template('whitelists/new.html') |
|
123
|
|
|
|
|
124
|
1 |
|
wlist = NaxsiWhitelist(wid=wid, timestamp=int(time()), |
|
125
|
|
|
whitelistset=whitelistset, mz=mz, active=1, |
|
126
|
|
|
negative=request.form.get("negative", "") == 'checked') |
|
127
|
1 |
|
wlist.validate() |
|
128
|
|
|
|
|
129
|
1 |
|
if wlist.error: |
|
130
|
1 |
|
flash(",".join(wlist.error), 'error') |
|
131
|
1 |
|
return redirect(url_for('whitelists.new')) |
|
132
|
1 |
|
elif wlist.warnings: |
|
133
|
|
|
flash(",".join(wlist.warnings), 'warning') |
|
134
|
|
|
|
|
135
|
1 |
|
db.session.add(wlist) |
|
136
|
1 |
|
db.session.commit() |
|
137
|
|
|
|
|
138
|
|
|
return render_template('whitelists/index.html') |
|
139
|
|
|
|
nbs-system /
spike
Loading history...
This check looks for calls to members that are non-existent. These calls will fail.
The member could have been renamed or removed.