|
1
|
1 |
|
try: |
|
2
|
1 |
|
from urlparse import parse_qs |
|
3
|
|
|
except ImportError: # python3 |
|
4
|
|
|
from urllib.parse import parse_qs |
|
5
|
|
|
|
|
6
|
1 |
|
from flask import Blueprint, render_template, request, redirect, flash, url_for |
|
7
|
|
|
|
|
8
|
1 |
|
from spike.model.naxsi_rules import NaxsiRules |
|
9
|
1 |
|
from spike.model.naxsi_whitelist import NaxsiWhitelist |
|
10
|
|
|
|
|
11
|
1 |
|
sandbox = Blueprint('sandbox', __name__) |
|
12
|
|
|
|
|
13
|
|
|
|
|
14
|
1 |
|
@sandbox.route("/", methods=["GET"]) |
|
15
|
|
|
def index(): |
|
16
|
1 |
|
return render_template("misc/sandbox.html") |
|
17
|
|
|
|
|
18
|
|
|
|
|
19
|
1 |
|
@sandbox.route("/explain_rule/", methods=["GET", "POST"]) |
|
20
|
|
|
def explain_rule(): |
|
21
|
1 |
|
errors = warnings = list() |
|
22
|
1 |
|
rule_get = request.args.get('rule', '') |
|
23
|
1 |
|
rule_post = request.form.get("rule", '') |
|
24
|
1 |
|
if rule_get.isdigit(): # explain a rule by id |
|
25
|
1 |
|
_rule = NaxsiRules.query.filter(NaxsiRules.sid == rule_get).first() |
|
|
|
|
|
|
26
|
1 |
|
if _rule is None: |
|
27
|
1 |
|
flash('Not rule with id %s' % rule_get) |
|
28
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
29
|
1 |
|
elif rule_get is not '': |
|
30
|
1 |
|
flash('Please provide a numeric id') |
|
31
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
32
|
1 |
|
elif not rule_post: |
|
33
|
1 |
|
flash('Please provide a rule') |
|
34
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
35
|
|
|
else: |
|
36
|
1 |
|
_rule = NaxsiRules() |
|
37
|
1 |
|
errors, warnings, rdict = _rule.parse_rule(rule_post) |
|
38
|
1 |
|
_rule = NaxsiRules() |
|
39
|
1 |
|
_rule.from_dict(rdict) |
|
40
|
1 |
|
_rule.errors = errors |
|
41
|
1 |
|
_rule.warnings = warnings |
|
42
|
|
|
|
|
43
|
1 |
|
if _rule.errors: |
|
44
|
1 |
|
flash('You rule is wrong', 'error') |
|
45
|
1 |
|
return render_template("misc/sandbox.html") |
|
46
|
|
|
|
|
47
|
1 |
|
if 'visualise_rule' in request.form: |
|
48
|
1 |
|
if _rule.detection.startswith('rx:'): |
|
49
|
|
|
return redirect('https://regexper.com/#' + _rule.detection[3:]) |
|
50
|
|
|
else: |
|
51
|
1 |
|
flash('The rule is not a regexp, so you can not visualize it.', category='error') |
|
52
|
|
|
|
|
53
|
1 |
|
if errors: |
|
54
|
|
|
for error in errors: |
|
55
|
|
|
flash(error, category='error') |
|
56
|
1 |
|
if warnings: |
|
57
|
1 |
|
for warnings in warnings: |
|
58
|
1 |
|
flash(warnings, category='warning') |
|
59
|
|
|
|
|
60
|
1 |
|
return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule) |
|
61
|
|
|
|
|
62
|
|
|
|
|
63
|
1 |
|
@sandbox.route("/explain_whitelist/", methods=["GET", "POST"]) |
|
64
|
|
|
def explain_whitelist(): |
|
65
|
1 |
|
whitelist_get = request.args.get('whitelist', '') |
|
66
|
1 |
|
whitelist_post = request.form.get('whitelist', '') |
|
67
|
1 |
|
if whitelist_get.isdigit(): # explain a whitelist by id |
|
68
|
1 |
|
_wlist = NaxsiWhitelist.query.filter(NaxsiWhitelist.id == whitelist_get).first() |
|
|
|
|
|
|
69
|
1 |
|
if _wlist is None: |
|
70
|
1 |
|
flash('Not rule with id %s' % whitelist_get) |
|
71
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
72
|
1 |
|
elif whitelist_get is not '': |
|
73
|
1 |
|
flash('Please provide a numeric id') |
|
74
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
75
|
1 |
|
elif not whitelist_post: |
|
76
|
1 |
|
flash('Please provide a whitelist') |
|
77
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
78
|
|
|
else: |
|
79
|
1 |
|
_wlist = NaxsiWhitelist() |
|
80
|
1 |
|
_wlist.parse(whitelist_post) |
|
81
|
|
|
|
|
82
|
1 |
|
if hasattr(_wlist, 'error'): |
|
83
|
1 |
|
for error in _wlist.error: |
|
84
|
1 |
|
flash(error, category='error') |
|
85
|
1 |
|
if hasattr(_wlist, 'warning'): |
|
86
|
|
|
for warnings in _wlist.warnings: |
|
87
|
|
|
flash(warnings, category='warning') |
|
88
|
|
|
|
|
89
|
1 |
|
return render_template("misc/sandbox.html", whitelist_explaination=_wlist.explain(), whitelist=_wlist) |
|
90
|
|
|
|
|
91
|
|
|
|
|
92
|
1 |
|
@sandbox.route('/explain_nxlog/', methods=["POST"]) |
|
93
|
|
|
def explain_nxlog(): |
|
94
|
1 |
|
nxlog = request.form.get("nxlog", '') |
|
95
|
1 |
|
if not nxlog: |
|
96
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
97
|
|
|
|
|
98
|
1 |
|
start = nxlog.find("ip=") |
|
99
|
1 |
|
if start < 0: |
|
100
|
1 |
|
flash('{} is an invalid extlog, string "ip=" not found.'.format(nxlog)) |
|
101
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
102
|
|
|
|
|
103
|
1 |
|
end = nxlog.find(", ") |
|
104
|
1 |
|
if end < 0: |
|
105
|
1 |
|
flash('{} is an invalid extlog, string "," not found.'.format(nxlog)) |
|
106
|
1 |
|
return redirect(url_for("sandbox.index")) |
|
107
|
|
|
|
|
108
|
|
|
# Flatten the dict, since parse_qs is a bit annoying |
|
109
|
1 |
|
nxdic = parse_qs(nxlog[start:end]) |
|
110
|
1 |
|
for key, value in nxdic.items(): |
|
111
|
1 |
|
nxdic[key] = value[0] |
|
112
|
|
|
|
|
113
|
1 |
|
explain = "Peer <strong>{}</strong> performed a request to <strong>{}</strong> on URI <strong>{}</strong> ".format( |
|
114
|
|
|
nxdic['ip'], nxdic['server'], nxdic['uri']) |
|
115
|
|
|
|
|
116
|
1 |
|
scores = list() |
|
117
|
1 |
|
cpt = 0 |
|
118
|
1 |
|
while "cscore{}".format(cpt) in nxdic: |
|
119
|
1 |
View Code Duplication |
cscore = "cscore{}".format(cpt) |
|
|
|
|
|
|
120
|
1 |
|
score = "score{}".format(cpt) |
|
121
|
1 |
|
scores.append("that reached a <strong>{}</strong> score of <strong>{}</strong> ".format( |
|
122
|
|
|
nxdic[cscore], nxdic[score])) |
|
123
|
1 |
|
cpt += 1 |
|
124
|
1 |
|
explain += ' and '.join(scores) |
|
125
|
|
|
|
|
126
|
1 |
|
cpt = 0 |
|
127
|
1 |
|
named = list() |
|
128
|
1 |
|
while "id{}".format(cpt) in nxdic: |
|
129
|
1 |
|
_id = "id{}".format(cpt) |
|
130
|
1 |
|
_var_name = "var_name{}".format(cpt) |
|
131
|
1 |
|
_zone = "zone{}".format(cpt) |
|
132
|
1 |
|
if "var_name{}".format(cpt) in nxdic: |
|
133
|
1 |
|
named.append("id <strong>{}</strong> in var named <strong>{}</strong> of zone <strong>{}</strong>".format( |
|
134
|
|
|
nxdic[_id], nxdic[_var_name], nxdic[_zone])) |
|
135
|
|
|
else: |
|
136
|
|
|
named.append("id <strong>{}</strong> in zone <strong>{}</strong>".format(nxdic[_id], nxdic[_zone])) |
|
137
|
1 |
|
cpt += 1 |
|
138
|
1 |
|
explain += ' and '.join(named) |
|
139
|
|
|
|
|
140
|
|
|
return render_template("misc/sandbox.html", nxlog_explaination=explain, nxlog=nxlog) |
|
141
|
|
|
|
nbs-system /
spike
Loading history...
This check looks for calls to members that are non-existent. These calls will fail.
The member could have been renamed or removed.