| #!/usr/bin/env python3 |
| # -*- coding: utf-8 -*- |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| ######################################################################## |
| # OPENAPI-URI: /api/rules |
| ######################################################################## |
| # delete: |
| # requestBody: |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/Ruleset' |
| # description: Removes a rule entry |
| # required: true |
| # responses: |
| # '200': |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/ActionCompleted' |
| # description: Removal successful |
| # default: |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/Error' |
| # description: unexpected error |
| # security: |
| # - cookieAuth: [] |
| # summary: Remove a rule entry |
| # get: |
| # responses: |
| # '200': |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/Empty' |
| # description: 200 response |
| # default: |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/Error' |
| # description: unexpected error |
| # security: |
| # - cookieAuth: [] |
| # summary: Displays the current ruleset entries |
| # put: |
| # requestBody: |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/Ruleset' |
| # description: Ruleset to add/modify |
| # required: true |
| # responses: |
| # '200': |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/ActionCompleted' |
| # description: Ruleset added |
| # default: |
| # content: |
| # application/json: |
| # schema: |
| # $ref: '#/components/schemas/Error' |
| # description: unexpected error |
| # summary: Adds or overrides a ruleset |
| # |
| ######################################################################## |
| |
| |
| |
| |
| |
| """ |
| This is the ruleset handler for Blocky/2 |
| """ |
| |
| import json |
| import re |
| import time |
| import bcrypt |
| import hashlib |
| import plugins.worker |
| import uuid |
| |
| def run(API, environ, indata, session): |
| global WHITE_CACHE, WHITE_TS |
| method = environ['REQUEST_METHOD'] |
| |
| # Adding a new entry? |
| if method == "PUT": |
| rid = indata.get('rid') |
| submitter = environ.get('HTTP_PROXY_USER', 'Admin') |
| name = indata.get('name') |
| rtype = indata.get('type') |
| span = indata.get('span') |
| limit = indata.get('limit') |
| query = indata.get('query') |
| |
| # all good? Okay, add the entry then |
| entry = { |
| 'name': name, |
| 'type': rtype, |
| 'query': query, |
| 'span': span, |
| 'limit': limit |
| } |
| if not rid: |
| rid = str(uuid.uuid4()) |
| plugins.worker.addnote(session.DB, 'manual', "%s made a new ruleset %s (%s)" % (submitter, rid, name)) |
| else: |
| plugins.worker.addnote(session.DB, 'manual', "%s updated ruleset %s (%s)" % (submitter, rid, name)) |
| |
| session.DB.ES.index(index=session.DB.dbname, doc_type = 'rule', id = rid, body = entry, refresh = 'wait_for') |
| yield json.dumps({"message": "Ruleset added!"}) |
| return |
| |
| # Delete an entry |
| if method == "DELETE": |
| rid = indata.get('rid') |
| submitter = environ.get('HTTP_PROXY_USER', 'Admin') |
| if re.match(r"^[-a-f0-9]+$", rid): |
| if session.DB.ES.exists(index=session.DB.dbname, doc_type='rule', id = rid): |
| doc = session.DB.ES.get(index=session.DB.dbname, doc_type='rule', id = rid)['_source'] |
| plugins.worker.addnote(session.DB, 'manual', "Ruleset %s (%s) removed by %s" % (rid, doc.get('name', '??'), submitter)) |
| session.DB.ES.delete(index=session.DB.dbname, doc_type='rule', id = rid, refresh = 'wait_for') |
| yield json.dumps({"message": "Entry removed"}) |
| return |
| yield API.exception(400, "Invalid rule ID passed!") |
| |
| # Display the current ruleset entries |
| if method == "GET": |
| rules = [] |
| res = session.DB.ES.search( |
| index=session.DB.dbname, |
| doc_type="rule", |
| size = 5000, |
| body = { |
| 'query': { |
| 'match_all': {} |
| } |
| } |
| ) |
| |
| for hit in res['hits']['hits']: |
| doc = hit['_source'] |
| doc['rid'] = hit['_id'] |
| rules.append(doc) |
| JSON_OUT = { |
| 'rules': rules |
| } |
| yield json.dumps(JSON_OUT) |
| return |
| |
| # Finally, if we hit a method we don't know, balk! |
| yield API.exception(400, "I don't know this request method!!") |
| |
