forked from certsocietegenerale/FIR
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathviews.py
More file actions
executable file
·146 lines (117 loc) · 5.22 KB
/
views.py
File metadata and controls
executable file
·146 lines (117 loc) · 5.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
from django.contrib.auth.decorators import login_required, user_passes_test
from django.shortcuts import render, get_object_or_404
from django.db.models import Q
from django.template import Context
from django.http import HttpResponse, HttpResponseBadRequest
from django.template import Template
from json import dumps
from incidents.authorization.decorator import authorization_required
from incidents.views import is_incident_handler
from incidents.models import Incident
from fir_artifacts.models import Artifact
from fir_email.helpers import send
from fir_abuse.models import AbuseTemplate, AbuseContact, EmailForm
from fir_artifacts_enrichment.models import ArtifactEnrichment
from fir_artifacts_enrichment.tasks import enrich_artifact
@login_required
def emailform(request):
email_form = EmailForm(auto_id='abuse_%s')
return render(request, 'fir_abuse/emailform.html', {'form': email_form})
@login_required
@user_passes_test(is_incident_handler)
def send_email(request):
if request.method == 'POST':
try:
send(
request,
to=request.POST['to'],
subject=request.POST['subject'],
body=request.POST['body'],
cc=request.POST['cc'],
bcc=request.POST['bcc']
)
return HttpResponse(dumps({'status': 'ok'}), content_type="application/json")
except Exception, e:
return HttpResponse(dumps({'status': 'ko', 'error': str(e)}), content_type="application/json")
return HttpResponseBadRequest(dumps({'status': 'ko'}), content_type="application/json")
@login_required
@user_passes_test(is_incident_handler)
def task_state(request, task_id):
if request.method == 'GET' and task_id:
task = enrich_artifact.AsyncResult(task_id)
return HttpResponse(dumps({'state': task.state}), content_type="application/json")
return HttpResponseBadRequest(dumps({'state': 'UNKNOWN'}), content_type="application/json")
@login_required
@authorization_required('incidents.handle_incidents', Incident, view_arg='incident_id')
def get_template(request, incident_id, artifact_id, authorization_target=None):
if authorization_target is None:
i = get_object_or_404(Incident.authorization.for_user(request.user, 'incidents.handle_incidents'),
pk=incident_id)
else:
i = authorization_target
artifact = Artifact.objects.get(pk=artifact_id)
try:
enrichment = ArtifactEnrichment.objects.get(artifact=artifact)
default_email = enrichment.email
abuse_template = get_best_record(artifact.type, i.category, AbuseTemplate)
for name in enrichment.name.split('\n'):
abuse_contact = get_best_record(artifact.type, i.category, AbuseContact, {'name': name})
if abuse_contact:
break
except ArtifactEnrichment.DoesNotExist:
default_email = ""
enrichment = None
abuse_contact = None
abuse_template = None
artifacts = {}
for a in i.artifacts.all():
if a.type not in artifacts:
artifacts[a.type] = []
artifacts[a.type].append(a.value.replace('http://', "hxxp://").replace('https://', 'hxxps://'))
c = Context({
'subject': i.subject.replace('http://', "hxxp://").replace('https://', 'hxxps://'),
'artifacts': artifacts,
'incident_id': i.id,
'bls': i.get_business_lines_names(),
'incident_category': i.category.name,
'artifact': artifact.value.replace('http://', "hxxp://").replace('https://', 'hxxps://'),
'enrichment': enrichment.raw if enrichment else ''
})
response = {
'to': abuse_contact.to if abuse_contact else default_email,
'cc': abuse_contact.cc if abuse_contact else '',
'bcc': abuse_contact.bcc if abuse_contact else '',
'subject': Template(abuse_template.subject).render(c) if abuse_template else "",
'body': Template(abuse_template.body).render(c) if abuse_template else "",
'trust': 1 if abuse_contact else 0,
'artifact': artifact.value.replace('http://', "hxxp://").replace('https://', 'hxxps://'),
}
if enrichment:
response['enrichment_names'] = enrichment.name.split('\n')
response['enrichment_emails'] = enrichment.email
response['enrichment_raw'] = enrichment.raw
return HttpResponse(dumps(response), content_type="application/json")
def get_best_record(artifact_type, category, model, filters={}):
if filters:
collection = model.objects.filter(**filters)
else:
collection = model.objects
q_type = Q(type=artifact_type) | Q(type='')
q_incident_category = Q(incident_category=category) | Q(incident_category=None)
result = None
score = 0
for record in collection.filter(q_type & q_incident_category):
if record.type and record.incident_category:
return record
elif record.type == '' and record.incident_category:
if score < 3:
result = record
score = 3
elif record.type and record.incident_category is None:
if score < 2:
result = record
score = 2
else:
if score == 0:
result = record
return result