|
1
|
|
|
try: |
|
2
|
|
|
from urlparse import parse_qs |
|
3
|
|
|
except ImportError: # python3 |
|
4
|
|
|
from urllib.parse import parse_qs |
|
5
|
|
|
|
|
6
|
|
|
from flask import Blueprint, render_template, request, redirect, flash |
|
7
|
|
|
|
|
8
|
|
|
from spike.model.naxsi_rules import NaxsiRules |
|
9
|
|
|
|
|
10
|
|
|
sandbox = Blueprint('sandbox', __name__) |
|
11
|
|
|
|
|
12
|
|
|
|
|
13
|
|
|
@sandbox.route("/", methods=["GET"]) |
|
14
|
|
|
def index(): |
|
15
|
|
|
return render_template("misc/sandbox.html") |
|
16
|
|
|
|
|
17
|
|
|
|
|
18
|
|
|
@sandbox.route("/rule", methods=["POST"]) |
|
19
|
|
|
def rule(): |
|
20
|
|
|
_textual_rule = request.form.get("rule", '') |
|
21
|
|
|
if not _textual_rule: |
|
22
|
|
|
return render_template("misc/sandbox.html") |
|
23
|
|
|
|
|
24
|
|
|
_rule = NaxsiRules() |
|
25
|
|
|
_rule.parse_rule(_textual_rule) |
|
26
|
|
|
|
|
27
|
|
|
if 'visualise_rule' in request.form: |
|
28
|
|
|
if _rule.detection.startswith('rx:'): |
|
29
|
|
|
return redirect('https://regexper.com/#' + _rule.detection[3:]) |
|
30
|
|
|
elif 'explain_rule' in request.form: |
|
31
|
|
|
return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule) |
|
32
|
|
|
|
|
33
|
|
|
if _rule.error: |
|
34
|
|
|
flash("ERROR: {0}".format(",".join(_rule.error))) |
|
35
|
|
|
if _rule.warnings: |
|
36
|
|
|
flash("WARNINGS: {0}".format(",".join(_rule.warnings)), 'warning') |
|
37
|
|
|
return render_template("misc/sandbox.html") |
|
38
|
|
|
|
|
39
|
|
|
|
|
40
|
|
|
@sandbox.route("/explain_rule/", methods=["GET", "POST"]) |
|
41
|
|
|
def explain_rule(): |
|
42
|
|
|
rule_get = request.args.get('rule', '') |
|
43
|
|
|
rule_post = request.form.get("rule", '') |
|
44
|
|
|
if rule_get.isdigit(): # explain a rule by id |
|
45
|
|
|
_rule = NaxsiRules.query.filter(NaxsiRules.sid == rule_get).first() |
|
|
|
|
|
|
46
|
|
|
if _rule is None: |
|
47
|
|
|
flash('Not rule with id %s' % rule_get) |
|
48
|
|
|
return redirect("/sandbox/") |
|
49
|
|
|
elif rule_get: |
|
50
|
|
|
flash('Please provide a numeric id') |
|
51
|
|
|
return redirect("/sandbox/") |
|
52
|
|
|
elif not rule_post: |
|
53
|
|
|
flash('Please provide a rule') |
|
54
|
|
|
return redirect("/sandbox/") |
|
55
|
|
|
else: |
|
56
|
|
|
_rule = NaxsiRules() |
|
57
|
|
|
_rule.parse_rule(rule_post) |
|
58
|
|
|
|
|
59
|
|
|
return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule) |
|
60
|
|
|
|
|
61
|
|
|
|
|
62
|
|
|
@sandbox.route('/explain_nxlog/', methods=["POST"]) |
|
63
|
|
|
def explain_nxlog(): |
|
64
|
|
|
nxlog = request.form.get("nxlog", '') |
|
65
|
|
|
if not nxlog: |
|
66
|
|
|
return redirect("/sandbox/") |
|
67
|
|
|
|
|
68
|
|
|
start = nxlog.find("ip=") |
|
69
|
|
|
if start < 0: |
|
70
|
|
|
flash('{} is an invalid extlog, string "ip=" not found.'.format(nxlog)) |
|
71
|
|
|
return redirect("/sandbox/") |
|
72
|
|
|
|
|
73
|
|
|
end = nxlog.find(", ") |
|
74
|
|
|
if end < 0: |
|
75
|
|
|
flash('{} is an invalid extlog, string "," not found.'.format(nxlog)) |
|
76
|
|
|
return redirect("/sandbox/") |
|
77
|
|
|
|
|
78
|
|
|
# Flatten the dict, since parse_qs is a bit annoying |
|
79
|
|
|
nxdic = parse_qs(nxlog[start:end]) |
|
80
|
|
|
for key, value in nxdic.items(): |
|
81
|
|
|
nxdic[key] = value[0] |
|
82
|
|
|
|
|
83
|
|
|
explain = "Peer <strong>{}</strong> performed a request to <strong>{}</strong> on URI <strong>{}</strong> ".format( |
|
84
|
|
|
nxdic['ip'], nxdic['server'], nxdic['uri']) |
|
85
|
|
|
|
|
86
|
|
|
scores = list() |
|
87
|
|
|
cpt = 0 |
|
88
|
|
|
while "cscore{}".format(cpt) in nxdic: |
|
89
|
|
|
cscore = "cscore{}".format(cpt) |
|
90
|
|
|
score = "score{}".format(cpt) |
|
91
|
|
|
scores.append("that reached a <strong>{}</strong> score of <strong>{}</strong> ".format( |
|
92
|
|
|
nxdic[cscore], nxdic[score])) |
|
93
|
|
|
cpt += 1 |
|
94
|
|
|
explain += ' and '.join(scores) |
|
95
|
|
|
|
|
96
|
|
|
cpt = 0 |
|
97
|
|
|
named = list() |
|
98
|
|
|
while "id{}".format(cpt) in nxdic: |
|
99
|
|
|
_id = "id{}".format(cpt) |
|
100
|
|
|
_var_name = "var_name{}".format(cpt) |
|
101
|
|
|
_zone = "zone{}".format(cpt) |
|
102
|
|
|
if "var_name{}".format(cpt) in nxdic: |
|
103
|
|
|
named.append("id <strong>{}</strong> in var named <strong>{}</strong> of zone <strong>{}</strong>".format( |
|
104
|
|
|
nxdic[_id], nxdic[_var_name], nxdic[_zone])) |
|
105
|
|
|
else: |
|
106
|
|
|
named.append("id <strong>{}</strong> in zone <strong>{}</strong>".format(nxdic[_id], nxdic[_zone])) |
|
107
|
|
|
cpt += 1 |
|
108
|
|
|
explain += ' and '.join(named) |
|
109
|
|
|
|
|
110
|
|
|
return render_template("misc/sandbox.html", nxlog_explaination=explain, nxlog=nxlog) |
|
111
|
|
|
|
nbs-system /
spike
This check looks for calls to members that are non-existent. These calls will fail.
The member could have been renamed or removed.