|
1
|
|
|
import logging |
|
|
|
|
|
|
2
|
|
|
import os |
|
3
|
|
|
import re |
|
4
|
|
|
import string |
|
5
|
|
|
from bsddb import rnopen |
|
|
|
|
|
|
6
|
|
|
from glob import glob |
|
7
|
|
|
from time import time, localtime, strftime |
|
8
|
|
|
|
|
9
|
|
|
from flask import current_app, Blueprint, render_template, request, redirect, flash, Response |
|
|
|
|
|
|
10
|
|
|
|
|
11
|
|
|
from spike.model import NaxsiRules, NaxsiRuleSets, ValueTemplates |
|
12
|
|
|
from spike.model import check_constraint, db, check_or_get_latest_sid |
|
13
|
|
|
|
|
14
|
|
|
rules = Blueprint('rules', __name__, url_prefix='/rules') |
|
|
|
|
|
|
15
|
|
|
|
|
16
|
|
|
# TODO : merge `ruleset_plain` and `ruleset_view` |
|
|
|
|
|
|
17
|
|
|
|
|
18
|
|
|
@rules.route("/") |
|
19
|
|
|
def index(): |
|
|
|
|
|
|
20
|
|
|
_rules = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).all() |
|
21
|
|
|
if not _rules: |
|
22
|
|
|
flash("no rules found, please create one", "success") |
|
23
|
|
|
return redirect("/rules/new") |
|
24
|
|
|
return render_template("rules/index.html", rules=_rules) |
|
25
|
|
|
|
|
26
|
|
|
|
|
27
|
|
|
@rules.route("/rulesets/") |
|
28
|
|
|
def rulesets(): |
|
|
|
|
|
|
29
|
|
|
_rulesets = NaxsiRuleSets.query.order_by(NaxsiRuleSets.name).all() |
|
30
|
|
|
return render_template("rules/rulesets.html", rulesets=_rulesets) |
|
31
|
|
|
|
|
32
|
|
|
|
|
33
|
|
|
def __get_rules_for_ruleset(ruleset, with_header = True): |
|
|
|
|
|
|
34
|
|
|
|
|
35
|
|
|
_rules = NaxsiRules.query.filter( |
|
36
|
|
|
NaxsiRules.ruleset == ruleset.file, |
|
37
|
|
|
NaxsiRules.active == 1 |
|
38
|
|
|
).all() |
|
39
|
|
|
|
|
40
|
|
|
nxruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.file == ruleset.file).first() |
|
41
|
|
|
nxruleset.updated = 0 |
|
42
|
|
|
db.session.add(nxruleset) |
|
43
|
|
|
db.session.commit() |
|
44
|
|
|
text_rules = ''.join(map(__get_textual_representation_rule, _rules)) |
|
45
|
|
|
|
|
46
|
|
|
if with_header is False: |
|
47
|
|
|
return text_rules |
|
48
|
|
|
|
|
49
|
|
|
header = current_app.config["RULESET_HEADER"] |
|
50
|
|
|
header = header.replace("RULESET_DESC", ruleset.name) |
|
51
|
|
|
header = header.replace("RULESET_FILE", ruleset.file) |
|
52
|
|
|
header = header.replace( "RULESET_DATE", strftime("%F - %H:%M", localtime(time()))) |
|
|
|
|
|
|
53
|
|
|
|
|
54
|
|
|
return header + text_rules |
|
55
|
|
|
|
|
56
|
|
|
@rules.route("/rulesets/plain/") |
|
57
|
|
|
@rules.route("/rulesets/plain/<int:rid>") |
|
58
|
|
|
def ruleset_plain(rid=0): |
|
59
|
|
|
""" |
|
60
|
|
|
Show the rule `rid` in plain text |
|
61
|
|
|
:param int rid: Rule id |
|
62
|
|
|
""" |
|
63
|
|
|
if not rid: |
|
64
|
|
|
out = ''.join(map(__get_rules_for_ruleset, NaxsiRuleSets.query.all())) |
|
65
|
|
|
else: |
|
66
|
|
|
out = __get_rules_for_ruleset(NaxsiRuleSets.query.filter(NaxsiRuleSets.id == rid).first()) |
|
|
|
|
|
|
67
|
|
|
return Response(out, mimetype='text/plain') |
|
68
|
|
|
|
|
69
|
|
|
|
|
70
|
|
|
@rules.route("/rulesets/view/<int:rid>") |
|
71
|
|
|
def ruleset_view(rid=0): |
|
|
|
|
|
|
72
|
|
|
if not rid: |
|
73
|
|
|
return redirect("/rulesets/") |
|
74
|
|
|
ruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.id == rid).first() |
|
75
|
|
|
return render_template("rules/ruleset_view.html", r=ruleset, rout=__get_rules_for_ruleset(ruleset)) |
|
|
|
|
|
|
76
|
|
|
|
|
77
|
|
|
@rules.route("/rulesets/new", methods=["POST"]) |
|
78
|
|
|
def ruleset_new(): # TODO filter parameter |
|
|
|
|
|
|
79
|
|
|
rfile = request.form["rfile"].strip().lower() |
|
80
|
|
|
rname = request.form["rname"].strip().upper() |
|
81
|
|
|
|
|
82
|
|
|
cie = check_constraint("ruleset", rfile) |
|
83
|
|
|
if cie: |
|
84
|
|
|
flash("ERROR, ruleset exists: %s " % rfile, "error") |
|
85
|
|
|
return redirect("/rules/rulesets/") |
|
86
|
|
|
|
|
87
|
|
|
db.session.add(NaxsiRuleSets(rfile, rname, "naxsi-ruleset: %s" % rfile, 0, int(time()))) |
|
|
|
|
|
|
88
|
|
|
try: |
|
89
|
|
|
db.session.commit() |
|
90
|
|
|
except: |
|
|
|
|
|
|
91
|
|
|
db.session.rollback() |
|
92
|
|
|
flash("ERROR while trying to create ruleset: %s " % rfile, "error") |
|
93
|
|
|
|
|
94
|
|
|
flash("OK created: %s " % rfile, "success") |
|
95
|
|
|
return redirect("/rules/rulesets/") |
|
96
|
|
|
|
|
97
|
|
|
|
|
98
|
|
|
@rules.route("/select/<path:selector>", methods=["GET"]) |
|
99
|
|
|
def nx_select(selector=''): |
|
|
|
|
|
|
100
|
|
|
if not selector: |
|
101
|
|
|
return redirect("/rules/") |
|
102
|
|
|
|
|
103
|
|
|
sel = str(selector) |
|
104
|
|
|
logging.info("sel: %s ", sel) |
|
105
|
|
|
try: |
|
106
|
|
|
rs_val = sel.split(":")[1] |
|
107
|
|
|
except: |
|
|
|
|
|
|
108
|
|
|
return redirect("/rules/") |
|
109
|
|
|
|
|
110
|
|
|
if sel.startswith('r:'): |
|
111
|
|
|
_rules = NaxsiRules.query.filter(NaxsiRules.ruleset == rs_val).order_by(NaxsiRules.sid.desc()).all() |
|
|
|
|
|
|
112
|
|
|
selection = "Search ruleset: %s " % rs_val |
|
113
|
|
|
elif sel.startswith('id:'): |
|
114
|
|
|
_rules = NaxsiRules.query.filter(NaxsiRules.sid == rs_val).order_by(NaxsiRules.sid.desc()).all() |
|
|
|
|
|
|
115
|
|
|
selection = "Search sid: %s " % rs_val |
|
116
|
|
|
else: |
|
117
|
|
|
return redirect("/rules/") |
|
118
|
|
|
|
|
119
|
|
|
return render_template("rules/index.html", rules=_rules, selection=selection) |
|
120
|
|
|
|
|
121
|
|
|
|
|
122
|
|
|
@rules.route("/search/", methods=["GET"]) |
|
123
|
|
|
def search(): |
|
|
|
|
|
|
124
|
|
|
terms = request.args.get('s', '') |
|
125
|
|
|
|
|
126
|
|
|
if len(terms) < 2: |
|
127
|
|
|
return redirect('/rules') |
|
128
|
|
|
|
|
129
|
|
|
# No fancy injections |
|
130
|
|
|
whitelist = set(string.ascii_letters + string.digits + ':-_ ') |
|
131
|
|
|
filtered = ''.join(filter(whitelist.__contains__, terms)) |
|
132
|
|
|
|
|
133
|
|
|
if filtered.isdigit(): # get rule by id |
|
134
|
|
|
_rules = db.session.query(NaxsiRules).filter(NaxsiRules.sid == int(filtered)).all() |
|
|
|
|
|
|
135
|
|
|
else: |
|
136
|
|
|
expression = '%' + filtered + '%' |
|
137
|
|
|
_rules = db.session.query(NaxsiRules).filter( |
|
138
|
|
|
db.or_( |
|
139
|
|
|
NaxsiRules.msg.like(expression), |
|
140
|
|
|
NaxsiRules.rmks.like(expression), |
|
141
|
|
|
NaxsiRules.detection.like(expression) |
|
142
|
|
|
) |
|
143
|
|
|
).order_by(NaxsiRules.sid.desc()).all() |
|
144
|
|
|
return render_template("rules/index.html", rules=_rules, selection="Search: %s" % filtered, lsearch=terms) |
|
|
|
|
|
|
145
|
|
|
|
|
146
|
|
|
|
|
147
|
|
|
@rules.route("/new", methods=["GET", "POST"]) |
|
148
|
|
|
def new(): |
|
|
|
|
|
|
149
|
|
|
sid = check_or_get_latest_sid() |
|
150
|
|
|
|
|
151
|
|
|
if request.method == "GET": |
|
152
|
|
|
mz = ValueTemplates.query.filter(ValueTemplates.name == "naxsi_mz").all() |
|
|
|
|
|
|
153
|
|
|
_rulesets = NaxsiRuleSets.query.all() |
|
154
|
|
|
score = ValueTemplates.query.filter(ValueTemplates.name == "naxsi_score").all() |
|
155
|
|
|
return render_template("rules/new.html", mz=mz, rulesets=_rulesets, score=score, latestn=sid) |
|
|
|
|
|
|
156
|
|
|
|
|
157
|
|
|
# create new rule |
|
158
|
|
|
logging.debug('Posted new request: %s', request.form) |
|
159
|
|
|
|
|
160
|
|
|
detect = str(request.form["detection"]).strip() |
|
161
|
|
|
if not detect.startswith("str:") and not detect.startswith("rx:"): |
|
162
|
|
|
detect = "str:%s" % detect |
|
163
|
|
|
|
|
164
|
|
|
mz = "|".join(request.form.getlist("mz")) |
|
|
|
|
|
|
165
|
|
|
|
|
166
|
|
|
try: |
|
167
|
|
|
if request.form["custom_mz"] == "on": |
|
168
|
|
|
mz = "%s|%s" % (mz, request.form["custom_mz_val"]) |
|
|
|
|
|
|
169
|
|
|
except: |
|
|
|
|
|
|
170
|
|
|
pass |
|
|
|
|
|
|
171
|
|
|
|
|
172
|
|
|
score_raw = request.form["score"].strip() |
|
173
|
|
|
score_val = request.form["score_%s" % score_raw].strip() |
|
174
|
|
|
score = "%s:%s" % (score_raw, score_val) |
|
175
|
|
|
rmks = request.form["rmks"] |
|
176
|
|
|
ruleset = request.form["ruleset"] |
|
177
|
|
|
negative = 'negative' in request.form and request.form['negative'] == 'checked' |
|
178
|
|
|
|
|
179
|
|
|
nrule = NaxsiRules(request.form["msg"], detect, mz, score, sid, ruleset, rmks, "1", negative, int(time())) |
|
|
|
|
|
|
180
|
|
|
db.session.add(nrule) |
|
181
|
|
|
|
|
182
|
|
|
try: |
|
183
|
|
|
db.session.commit() |
|
184
|
|
|
flash("OK: created %s : %s" % (sid, request.form["msg"]), "success") |
|
185
|
|
|
return redirect("/rules/edit/%s" % sid) |
|
186
|
|
|
except: |
|
|
|
|
|
|
187
|
|
|
flash("ERROR while trying to create %s : %s" % (sid, request.form["msg"]), "error") |
|
|
|
|
|
|
188
|
|
|
|
|
189
|
|
|
return redirect("/rules/new") |
|
190
|
|
|
|
|
191
|
|
|
|
|
192
|
|
|
@rules.route("/edit/<path:sid>", methods=["GET", "POST"]) |
|
193
|
|
|
def edit(sid=''): |
|
|
|
|
|
|
194
|
|
|
if not sid: |
|
195
|
|
|
return redirect("/rules/") |
|
196
|
|
|
|
|
197
|
|
|
rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first() |
|
198
|
|
|
if not rinfo: |
|
199
|
|
|
return redirect("/rules/") |
|
200
|
|
|
|
|
201
|
|
|
mz = ValueTemplates.query.filter(ValueTemplates.name == "naxsi_mz").all() |
|
|
|
|
|
|
202
|
|
|
score = ValueTemplates.query.filter(ValueTemplates.name == "naxsi_score").all() |
|
203
|
|
|
_rulesets = NaxsiRuleSets.query.all() |
|
204
|
|
|
rruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == rinfo.ruleset).first() |
|
205
|
|
|
custom_mz = "" |
|
206
|
|
|
mz_check = rinfo.mz |
|
207
|
|
|
if re.search(r"^\$[A-Z]+:(.*)\|[A-Z]+", mz_check): |
|
208
|
|
|
custom_mz = mz_check |
|
209
|
|
|
rinfo.mz = "custom" |
|
210
|
|
|
return render_template("rules/edit.html", mz=mz, rulesets=_rulesets, score=score, rules_info=rinfo, |
|
|
|
|
|
|
211
|
|
|
rule_ruleset=rruleset, custom_mz=custom_mz) |
|
212
|
|
|
|
|
213
|
|
|
|
|
214
|
|
|
@rules.route("/save/<path:sid>", methods=["POST"]) |
|
215
|
|
|
def save(sid=''): # FIXME this is the exact same method as the `new` one. |
|
|
|
|
|
|
216
|
|
|
if not sid: |
|
217
|
|
|
return redirect("/rules/") |
|
218
|
|
|
|
|
219
|
|
|
# create new rule |
|
220
|
|
|
try: |
|
221
|
|
|
msg = request.form["msg"] |
|
222
|
|
|
detect = str(request.form["detection"]).strip() |
|
223
|
|
|
if not detect.startswith("str:") and not detect.startswith("rx:"): |
|
224
|
|
|
detect = "str:%s" % detect |
|
225
|
|
|
mz = "|".join(request.form.getlist("mz")) |
|
|
|
|
|
|
226
|
|
|
try: |
|
227
|
|
|
if request.form["custom_mz"] == "on": |
|
228
|
|
|
if len(mz) > 1: |
|
229
|
|
|
mz = "%s|%s" % (request.form["custom_mz_val"], mz) |
|
|
|
|
|
|
230
|
|
|
else: |
|
231
|
|
|
mz = "%s" % (request.form["custom_mz_val"]) |
|
|
|
|
|
|
232
|
|
|
except: |
|
|
|
|
|
|
233
|
|
|
pass |
|
|
|
|
|
|
234
|
|
|
score_raw = request.form["score"].strip() |
|
235
|
|
|
score_val = request.form["score_%s" % score_raw].strip() |
|
236
|
|
|
score = "%s:%s" % (score_raw, score_val) |
|
237
|
|
|
# sid = nr["sid"] |
|
238
|
|
|
rmks = request.form["rmks"] |
|
239
|
|
|
ruleset = request.form["ruleset"] |
|
240
|
|
|
active = request.form["active"] |
|
241
|
|
|
negative = 'negative' in request.form and request.form['negative'] == 'checked' |
|
242
|
|
|
except: |
|
|
|
|
|
|
243
|
|
|
flash('ERROR - please select MZ/Score <a href="javascript:alert(history.back)">Go Back</a>', "error") |
|
|
|
|
|
|
244
|
|
|
return redirect("/rules/edit/%s" % sid) |
|
245
|
|
|
|
|
246
|
|
|
nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first() |
|
247
|
|
|
nrule.msg = msg |
|
248
|
|
|
nrule.detection = detect |
|
249
|
|
|
nrule.mz = mz |
|
250
|
|
|
nrule.score = score |
|
251
|
|
|
nrule.ruleset = ruleset |
|
252
|
|
|
nrule.rmks = rmks |
|
253
|
|
|
nrule.active = active |
|
254
|
|
|
nrule.negative = negative |
|
255
|
|
|
nrule.timestamp = int(time()) |
|
256
|
|
|
db.session.add(nrule) |
|
257
|
|
|
nruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.file == nrule.ruleset).first() |
|
258
|
|
|
nruleset.updated = 1 |
|
259
|
|
|
db.session.add(nruleset) |
|
260
|
|
|
try: |
|
261
|
|
|
db.session.commit() |
|
262
|
|
|
flash("OK: updated %s : %s" % (sid, msg), "success") |
|
263
|
|
|
except: |
|
|
|
|
|
|
264
|
|
|
flash("ERROR while trying to update %s : %s" % (sid, msg), "error") |
|
265
|
|
|
return redirect("/rules/edit/%s" % sid) |
|
266
|
|
|
|
|
267
|
|
|
|
|
268
|
|
|
@rules.route("/view/<path:sid>", methods=["GET"]) |
|
269
|
|
|
def view(sid=''): |
|
|
|
|
|
|
270
|
|
|
if not sid: |
|
271
|
|
|
return redirect("/rules/") |
|
272
|
|
|
|
|
273
|
|
|
rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first() |
|
274
|
|
|
if not rinfo: |
|
275
|
|
|
return redirect("/rules/") |
|
276
|
|
|
|
|
277
|
|
|
return render_template("rules/view.html", rule=rinfo, rtext=__get_textual_representation_rule(rinfo, full=0)) |
|
|
|
|
|
|
278
|
|
|
|
|
279
|
|
|
|
|
280
|
|
|
@rules.route("/del/<path:sid>", methods=["GET"]) |
|
281
|
|
|
def del_sid(sid=''): |
|
|
|
|
|
|
282
|
|
|
if not sid: |
|
283
|
|
|
return redirect("/rules/") |
|
284
|
|
|
|
|
285
|
|
|
nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first() |
|
286
|
|
|
if not nrule: |
|
287
|
|
|
return redirect("/rules/") |
|
288
|
|
|
|
|
289
|
|
|
nruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.file == nrule.ruleset).first() |
|
290
|
|
|
nruleset.updated = 1 |
|
291
|
|
|
db.session.add(nruleset) |
|
292
|
|
|
db.session.delete(nrule) |
|
293
|
|
|
try: |
|
294
|
|
|
db.session.commit() |
|
295
|
|
|
flash("OK: deleted %s : %s" % (sid, nrule.msg), "success") |
|
296
|
|
|
except: |
|
|
|
|
|
|
297
|
|
|
flash("ERROR while trying to update %s : %s" % (sid, nrule.msg), "error") |
|
298
|
|
|
|
|
299
|
|
|
return redirect("/rules/") |
|
300
|
|
|
|
|
301
|
|
|
|
|
302
|
|
|
@rules.route("/deact/<path:sid>", methods=["GET"]) |
|
303
|
|
|
def deact_sid(sid=''): |
|
|
|
|
|
|
304
|
|
|
if not sid: |
|
305
|
|
|
return redirect("/rules/") |
|
306
|
|
|
|
|
307
|
|
|
nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first() |
|
308
|
|
|
if not nrule: |
|
309
|
|
|
return redirect("/rules/") |
|
310
|
|
|
|
|
311
|
|
|
if nrule.active == 0: |
|
312
|
|
|
nrule.active = 1 |
|
313
|
|
|
fm = "reactivate" |
|
|
|
|
|
|
314
|
|
|
else: |
|
315
|
|
|
nrule.active = 0 |
|
316
|
|
|
fm = "deactivate" |
|
|
|
|
|
|
317
|
|
|
|
|
318
|
|
|
db.session.add(nrule) |
|
319
|
|
|
try: |
|
320
|
|
|
db.session.commit() |
|
321
|
|
|
flash("OK: %s %sd : %s" % (fm, sid, nrule.msg), "success") |
|
322
|
|
|
except: |
|
|
|
|
|
|
323
|
|
|
flash("ERROR while trying to %s %s : %s" % (fm, sid, nrule.msg), "error") |
|
324
|
|
|
|
|
325
|
|
|
rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first() |
|
326
|
|
|
if not rinfo: |
|
327
|
|
|
return redirect("/rules/") |
|
328
|
|
|
|
|
329
|
|
|
mz = ValueTemplates.query.filter(ValueTemplates.name == "naxsi_mz").all() |
|
|
|
|
|
|
330
|
|
|
score = ValueTemplates.query.filter(ValueTemplates.name == "naxsi_score").all() |
|
331
|
|
|
_rulesets = NaxsiRuleSets.query.all() |
|
332
|
|
|
return render_template("rules/edit.html", mz=mz, rulesets=_rulesets, score=score, rules_info=rinfo) |
|
|
|
|
|
|
333
|
|
|
|
|
334
|
|
|
|
|
335
|
|
|
@rules.route("/import/", methods=["GET", "POST"]) |
|
336
|
|
|
def import_ruleset(): |
|
|
|
|
|
|
337
|
|
|
out_dir = current_app.config["RULES_EXPORT"] |
|
|
|
|
|
|
338
|
|
|
import_date = strftime("%F - %H:%M", localtime(time())) |
|
|
|
|
|
|
339
|
|
|
|
|
340
|
|
|
if request.method == "GET": |
|
341
|
|
|
return render_template("rules/import.html", rulesets=NaxsiRuleSets.query.all()) |
|
342
|
|
|
|
|
343
|
|
|
# create new rule |
|
344
|
|
|
ts = int(time()) |
|
|
|
|
|
|
345
|
|
|
nr = request.form |
|
|
|
|
|
|
346
|
|
|
rset = nr["ruleset"].strip().lower() |
|
347
|
|
|
rcust = nr["cruleset"].strip().lower() |
|
348
|
|
|
|
|
349
|
|
|
if len(rcust) > 4: |
|
350
|
|
|
rset = rcust |
|
351
|
|
|
flash("creating new ruleset for import: %s" % rcust, "success") |
|
352
|
|
|
rname = rset.split(".")[0].upper() |
|
353
|
|
|
rnew = NaxsiRuleSets(rset, rname, "naxsi-ruleset: %s" % rcust, ts, ts) |
|
354
|
|
|
db.session.add(rnew) |
|
355
|
|
|
db.session.commit() |
|
356
|
|
|
flash("OK created: %s " % rset, "success") |
|
357
|
|
|
|
|
358
|
|
|
for r in nr["rules"].split("\n"): |
|
|
|
|
|
|
359
|
|
|
r = r.strip() |
|
|
|
|
|
|
360
|
|
|
if len(r) < 30 or r.startswith("#") or not r.startswith("MainRule"): |
|
361
|
|
|
continue |
|
362
|
|
|
|
|
363
|
|
|
flash("importing: %s" % r, "success") |
|
364
|
|
|
msg = detect = mz = score = sid = 0 |
|
|
|
|
|
|
365
|
|
|
rs = r.split("\"") |
|
|
|
|
|
|
366
|
|
|
logging.debug('%s', rs) |
|
367
|
|
|
rmks = "imported: %s / %s" % (rset, strftime("%Y - %H:%M", localtime(float(ts)))) |
|
368
|
|
|
for sr in rs: |
|
|
|
|
|
|
369
|
|
|
# stripping leading/ending maskings " |
|
370
|
|
|
sr = sr.strip() |
|
|
|
|
|
|
371
|
|
|
if sr == "MainRule": |
|
372
|
|
|
continue |
|
373
|
|
|
try: |
|
374
|
|
|
z = sr.split(":") |
|
|
|
|
|
|
375
|
|
|
except: |
|
|
|
|
|
|
376
|
|
|
continue |
|
377
|
|
|
|
|
378
|
|
|
if len(z) < 2: |
|
379
|
|
|
continue |
|
380
|
|
|
if z[0] == "msg": |
|
381
|
|
|
msg = ":".join(z[1:]) |
|
382
|
|
|
elif z[0] == "str": |
|
383
|
|
|
detect = "str:%s" % ":".join(z[1:]) |
|
384
|
|
|
elif z[0] == "rx": |
|
385
|
|
|
detect = "rx:%s" % ":".join(z[1:]) |
|
386
|
|
|
elif z[0] == "s": |
|
387
|
|
|
score = ":".join(z[1:]) |
|
388
|
|
|
elif z[0] == "mz": |
|
389
|
|
|
mz = ":".join(z[1:]) |
|
|
|
|
|
|
390
|
|
|
elif z[0] == "id": |
|
391
|
|
|
sid = z[1].replace(";", "").strip() |
|
392
|
|
|
|
|
393
|
|
|
if NaxsiRules.query.filter(NaxsiRules.sid == sid).first(): |
|
394
|
|
|
old_sid = sid |
|
395
|
|
|
sid = check_or_get_latest_sid(sid) |
|
396
|
|
|
flash("changing sid: orig: %s / new: %s" % (old_sid, sid), "success") |
|
397
|
|
|
rmks = "%s \nchanged sid: orig: %s / new: %s " % (rmks, old_sid, sid) |
|
398
|
|
|
|
|
399
|
|
|
nrule = NaxsiRules(msg, detect, mz, score, sid, rset, rmks, "1", ts, ts) |
|
400
|
|
|
db.session.add(nrule) |
|
401
|
|
|
db.session.commit() |
|
402
|
|
|
flash("OK: created %s : %s" % (sid, msg), "success") |
|
403
|
|
|
|
|
404
|
|
|
return redirect("/rules/export/") |
|
405
|
|
|
|
|
406
|
|
|
|
|
407
|
|
|
@rules.route("/backup/", methods=["GET"]) |
|
408
|
|
|
def rules_backup_view(action="show"): |
|
|
|
|
|
|
409
|
|
|
out_dir = current_app.config["BACKUP_DIR"] |
|
410
|
|
|
|
|
411
|
|
|
if not os.path.isdir(out_dir): |
|
412
|
|
|
flash("ERROR while trying to access BACKUP_DIR: %s " % out_dir, "error") |
|
413
|
|
|
flash("you might want to adjust your <a href=\"/settings\">Settings</a> ", "error") |
|
|
|
|
|
|
414
|
|
|
return redirect("/rules/") |
|
415
|
|
|
|
|
416
|
|
|
bfiles = {} |
|
417
|
|
|
bfiles_in = glob("%s/*.sql.*" % out_dir) |
|
418
|
|
|
logging.debug('%s', bfiles_in) |
|
419
|
|
|
for b in bfiles_in: |
|
|
|
|
|
|
420
|
|
|
bx = b.split("/") |
|
|
|
|
|
|
421
|
|
|
logging.debug(bx) |
|
422
|
|
|
bname = bx[-1] |
|
423
|
|
|
bid = bx[-1].split(".")[-1] |
|
424
|
|
|
bdate = strftime("%F - %H:%M", localtime(float(bx[-1].split(".")[-1]))) # extension is nb sec since epoch |
|
|
|
|
|
|
425
|
|
|
bfiles[bid] = [bname, bdate] |
|
426
|
|
|
|
|
427
|
|
|
return render_template("rules/backups.html", bfiles=bfiles) |
|
428
|
|
|
|
|
429
|
|
|
|
|
430
|
|
|
@rules.route("/backup/<path:action>", methods=["GET"]) |
|
431
|
|
|
def rules_backup(action="show"): # FIXME this is full of duplicate code :/ |
|
|
|
|
|
|
432
|
|
|
out_dir = current_app.config["BACKUP_DIR"] |
|
433
|
|
|
sqlite_bin = current_app.config["SQLITE_BIN"] |
|
434
|
|
|
|
|
435
|
|
|
if not os.path.isdir(out_dir): |
|
436
|
|
|
flash("ERROR while trying to access BACKUP_DIR: %s " % out_dir, "error") |
|
437
|
|
|
flash("you might want to adjust your <a href=\"/settings\">Settings</a> ", "error") |
|
|
|
|
|
|
438
|
|
|
return redirect("/rules/") |
|
439
|
|
|
|
|
440
|
|
|
if action == "create": |
|
441
|
|
|
bdate = int(time()) |
|
442
|
|
|
bfile = "%s/rules.sql.%s" % (out_dir, bdate) |
|
443
|
|
|
rules_db = "spike/rules.db" |
|
444
|
|
|
if not os.path.isfile(sqlite_bin) or not os.access(sqlite_bin, os.X_OK): |
|
445
|
|
|
flash("ERROR, no sqlite_bin found in: %s " % sqlite_bin, "error") |
|
446
|
|
|
flash("you might want to adjust your <a href=\"/settings\">Settings</a> and install sqlite", "error") |
|
|
|
|
|
|
447
|
|
|
return redirect("/rules/backup") |
|
448
|
|
|
|
|
449
|
|
|
with open(bfile, "w") as f: |
|
|
|
|
|
|
450
|
|
|
f.write("-- spike-dump %s \n\n" % strftime("%F - %H:%M", localtime(float(bdate)))) |
|
|
|
|
|
|
451
|
|
|
|
|
452
|
|
|
try: |
|
453
|
|
|
os.system("%s %s .dump >> %s" % (sqlite_bin, rules_db, bfile)) |
|
454
|
|
|
flash("creating backup %s" % bdate, "success") |
|
455
|
|
|
flash("backup OK in %s" % bfile, "success") |
|
456
|
|
|
except: |
|
|
|
|
|
|
457
|
|
|
flash("ERRORwhile executing dump %s " % bfile, "error") |
|
458
|
|
|
|
|
459
|
|
|
elif action == "show": |
|
460
|
|
|
bfiles = {} |
|
461
|
|
|
bfiles_in = glob("%s/*.sql.*" % out_dir) |
|
462
|
|
|
logging.debug(bfiles_in) |
|
463
|
|
|
for b in bfiles_in: # this is duplicate |
|
|
|
|
|
|
464
|
|
|
bx = b.split("/") |
|
|
|
|
|
|
465
|
|
|
logging.debug('%s', bx) |
|
466
|
|
|
bname = bx[-1] |
|
467
|
|
|
bid = bx[-1].split(".")[-1] |
|
468
|
|
|
bdate = strftime("%F - %H:%M", localtime(float(bx[-1].split(".")[-1]))) |
|
469
|
|
|
bfiles[bid] = [bname, bdate] |
|
470
|
|
|
|
|
471
|
|
|
return render_template("rules/backups.html", bfiles=bfiles) |
|
472
|
|
|
|
|
473
|
|
|
elif action == "reload": |
|
474
|
|
|
try: |
|
475
|
|
|
bid = request.args.get('bid') |
|
476
|
|
|
except: |
|
|
|
|
|
|
477
|
|
|
flash("ERROR, no backup - id selected ", "error") |
|
478
|
|
|
return redirect("/rules/backup") |
|
479
|
|
|
|
|
480
|
|
|
bfile = "%s/rules.sql.%s" % (out_dir, bid) |
|
481
|
|
|
rules_db = "spike/rules.db" |
|
482
|
|
|
|
|
483
|
|
|
if not os.path.isfile(sqlite_bin) or not os.access(sqlite_bin, os.X_OK): |
|
484
|
|
|
flash("ERROR, no sqlite_bin found in: %s " % sqlite_bin, "error") |
|
485
|
|
|
flash("you might want to adjust your <a href=\"/settings\">Settings</a> and install sqlite", "error") |
|
|
|
|
|
|
486
|
|
|
return redirect("/rules/backup") |
|
487
|
|
|
|
|
488
|
|
|
try: |
|
489
|
|
|
os.unlink(rules_db) |
|
490
|
|
|
os.system("%s %s < %s" % (sqlite_bin, rules_db, bfile)) |
|
491
|
|
|
flash("restored db.backup < %s" % bfile, "success") |
|
492
|
|
|
except: |
|
|
|
|
|
|
493
|
|
|
flash("ERROR while executing dump %s " % bfile, "error") |
|
494
|
|
|
elif action == "display": |
|
495
|
|
|
try: |
|
496
|
|
|
bid = request.args.get('bid') |
|
497
|
|
|
except: |
|
|
|
|
|
|
498
|
|
|
flash("ERROR, no backup - id selected ", "error") |
|
499
|
|
|
return redirect("/rules/backup") |
|
500
|
|
|
|
|
501
|
|
|
if not os.path.isfile("%s/rules.sql.%s" % (out_dir, bid)): |
|
502
|
|
|
flash("ERROR, no backup found for id: %s" % bid, "error") |
|
503
|
|
|
return redirect("/rules/backup") |
|
504
|
|
|
|
|
505
|
|
|
return Response("".join(open("%s/rules.sql.%s" % (out_dir, bid), "r").readlines()), mimetype='text/plain') |
|
|
|
|
|
|
506
|
|
|
|
|
507
|
|
|
elif action == "delete": |
|
508
|
|
|
try: |
|
509
|
|
|
bid = request.args.get('bid') |
|
510
|
|
|
except: |
|
|
|
|
|
|
511
|
|
|
flash("ERROR, no backup - id selected ", "error") |
|
512
|
|
|
return redirect("/rules/backup") |
|
513
|
|
|
|
|
514
|
|
|
if not os.path.isfile("%s/rules.sql.%s" % (out_dir, bid)): |
|
515
|
|
|
flash("ERROR, no backup found for id: %s" % bid, "error") |
|
516
|
|
|
return redirect("/rules/backup") |
|
517
|
|
|
|
|
518
|
|
|
os.unlink("%s/rules.sql.%s" % (out_dir, bid)) |
|
519
|
|
|
flash("backup deleted: %s/rules.sql.%s" % (out_dir, bid), "success") |
|
520
|
|
|
else: |
|
521
|
|
|
flash("ERROR, no backup - action selected ", "error") |
|
522
|
|
|
|
|
523
|
|
|
return redirect("/rules/backup") |
|
524
|
|
|
|
|
525
|
|
|
|
|
526
|
|
|
def __get_textual_representation_rule(rule, full=1): |
|
|
|
|
|
|
527
|
|
|
rdate = strftime("%F - %H:%M", localtime(float(str(rule.timestamp)))) |
|
528
|
|
|
rmks = "# ".join(rule.rmks.strip().split("\n")) |
|
529
|
|
|
detect = rule.detection.lower() if rule.detection.startswith("str:") else rule.detection |
|
|
|
|
|
|
530
|
|
|
negate = 'negative' if rule.negative == 1 else '' |
|
531
|
|
|
|
|
532
|
|
|
if full == 1: |
|
533
|
|
|
nout = """ |
|
534
|
|
|
# |
|
535
|
|
|
# sid: %s | date: %s |
|
536
|
|
|
# |
|
537
|
|
|
# %s |
|
538
|
|
|
# |
|
539
|
|
|
MainRule %s "%s" "msg:%s" "mz:%s" "s:%s" id:%s ; |
|
540
|
|
|
|
|
541
|
|
|
""" % (rule.sid, rdate, rmks, negate, detect, rule.msg, rule.mz, rule.score, rule.sid) |
|
|
|
|
|
|
542
|
|
|
else: |
|
543
|
|
|
nout = """MainRule %s "%s" "msg:%s" "mz:%s" "s:%s" id:%s ;""" % \ |
|
544
|
|
|
(negate, rule.detection, rule.msg, rule.mz, rule.score, rule.sid) |
|
545
|
|
|
|
|
546
|
|
|
return nout |
|
547
|
|
|
|
nbs-system /
spike
Loading history...
The coding style of this project requires that you add a docstring to this code element. Below, you find an example for methods:
If you would like to know more about docstrings, we recommend to read PEP-257: Docstring Conventions.