django-restit 4.2.142__py3-none-any.whl → 4.2.143__py3-none-any.whl

{django_restit-4.2.142.dist-info → django_restit-4.2.143.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-restit
-Version: 4.2.142
+Version: 4.2.143
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.142.dist-info → django_restit-4.2.143.dist-info}/RECORD

@@ -96,6 +96,8 @@ inbox/utils/render.py,sha256=CU_F2qUBQE7mjb9Q6Dn9ro5CS_O_zEY-wDMHEClKkIA,4331
 inbox/utils/sending.py,sha256=BKelTZnbkdSLGpjOY6IRTrzj-Hnw2pPZ7RYQGwe-tqk,2179
 incident/README.md,sha256=4vbZTJj7uUmq8rogYngxqNYjFTlBOujfWUGheLoFKMc,1114
 incident/__init__.py,sha256=xgdt3z3z7ygjWv5HxhiWgBtB2W3IUJmmR88NSyUeHuo,3455
+incident/extra/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+incident/extra/abuse.py,sha256=TaNs1mF7L2ijoAl5iyEX1BaUgaOwsCeeF2_zwj4RSF0,4301
 incident/migrations/0001_initial.py,sha256=KmJRau3a2QFRaUwUrFUgY2p7FQZCODv3F-Sl0ZArpu0,9720
 incident/migrations/0002_event_component_event_component_id.py,sha256=Qfu3ndJKh4v7953ULTUZlSa3mVI-lnFIq9VFN1Rbs7Q,595
 incident/migrations/0003_rule_action.py,sha256=LNqV52qOjxxe3L8qEdln-Hd2voFcpyjOZ_cEsasrv7s,425
@@ -113,15 +115,15 @@ incident/migrations/0014_event_group_alter_rulecheck_index.py,sha256=v3gm5k0LVoa
 incident/migrations/0015_rule_title_template_alter_incident_state.py,sha256=FPUDhFwqBC39EjeknRT7BPddEf6ExCjsXVb9LMqIn3U,687
 incident/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 incident/models/__init__.py,sha256=NMphuhb0RTMf7Ov4QkNv7iv6_I8Wtr3xQ54yjX_a31M,209
-incident/models/event.py,sha256=LNKYdqOj_CO4aGvc2dNmy3K-S52Udi_gZ4-wintbs1s,7901
-incident/models/incident.py,sha256=_pzAyUC-RgwrCF-hOIOUDLhdG9koTqZK8pOltBZx48o,21143
+incident/models/event.py,sha256=mk5IQgxtwkLKJEpwIHwO0c45X4CfwqqIN-aI5lJPVBg,7944
+incident/models/incident.py,sha256=n5S-QzGvAOtJmlzbj3vPTY03avIknPjDMLUUq9FyTa0,21648
 incident/models/ossec.py,sha256=eUDRGawzuLWobKEVGKfdZisDnyjS_Hlxi0T_GCSLCCI,2252
 incident/models/rules.py,sha256=aRkJ0ZnTv87nAUC1sHVkPExfb3OJ8fgHQIhnCIpIbhQ,7001
 incident/models/ticket.py,sha256=S3kqGQpYLE6Y4M9IKu_60sgW-f592xNr8uufqHnvDoU,2302
 incident/parsers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 incident/parsers/ossec.py,sha256=fouUsSnrdkEuqDzJ-MxmCP7ny5pCGFS3Tyf6lQSMBc4,11609
 incident/periodic.py,sha256=eX1rQK6v65A9ugofTvJPSmAWei6C-3EYgzCMuGZ03jM,381
-incident/rpc.py,sha256=6JVWTTAr4CN2tAjjIUcXug1z3RhU_ar5CDLzedkduA4,8187
+incident/rpc.py,sha256=rCFVWhWjaRHBLvlpxs-TlnkCNLsP9n6V3tg4KpYNHfg,8747
 incident/templates/email/incident_change.html,sha256=tQYphypwLukkVdwH0TB2Szz2VEJ7GnsfRS3_ZJ-MYeE,13895
 incident/templates/email/incident_msg.html,sha256=MZdKhTddUF2MpiH8Z3RTQEmW_ko1n3ajeZ11KLtiLlU,13780
 incident/templates/email/incident_new.html,sha256=W6nwFQROnyDfMlXub8s02ws4hGnJp16pfgp9xTm_aEc,15185
@@ -377,7 +379,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
 rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
 rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
 rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
-rest/__init__.py,sha256=hlX0ysuPQS5x3bCShSkKyAOossCGUQyGZ4ReDK1NeLM,122
+rest/__init__.py,sha256=GJheIdY4xT-lMdgerrt-HFxPfsw3oPkVEAJYFBauwss,122
 rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
 rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
 rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
@@ -416,7 +418,7 @@ rest/models/metadata.py,sha256=1nQ7CYo9bJHoaXE_hVNaj1-Y7yqhHlf2ZlaD1IfTzic,12904
 rest/net.py,sha256=LcB2QV6VNRtsSdmiQvYZgwQUDwOPMn_VBdRiZ6OpI-I,2974
 rest/regexes.yaml,sha256=VoGb4E-P_K9f82Yzcpltgzekpt9usRtwu9PYlo46nUw,149463
 rest/requestex.py,sha256=N56056vV3zWkAP-QrYsCu7SdpPzE5kLuPoxGIuZAKt0,16127
-rest/rpc.py,sha256=fcOI84p8sK9MJBDRgjBwtPtylOTOZNUUhFmFtSSndB8,2919
+rest/rpc.py,sha256=CNQ2RtAPOYxZtpZxjh0sVzBmIGBYMP7n3CDEDwMENF0,2966
 rest/search.py,sha256=QVjk2b5tZLgf1zM2MHvJTyRjwUbY5ZD7HXSTmSPXtvU,8362
 rest/serializers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 rest/serializers/collection.py,sha256=V9O4qxw26VX9dSYdbsN0-RNnXEi347Ln8eFLZ003LhA,4646
@@ -503,9 +505,9 @@ wiki/tq.py,sha256=wvuBZ3OMV_D2o4kpJhVLIOwpEUfwlglqLJQvpncAwtk,313
 ws4redis/README.md,sha256=QvwdsauPKxx4qQqnJ991xeU8DgFQCj3CeQt-nCE4s-w,3624
 ws4redis/__init__.py,sha256=teNfv83A_ke1CBt9BB7NsnWCcFBhnUFPsPESjF554_k,46
 ws4redis/client.py,sha256=HTntgqlMzZU9MhBz3fn3fXDpzfaTDZx_9tIb5SU91hY,7077
-ws4redis/connection.py,sha256=rlzdmgyjmuqETxjNf3uZU3tfoBeQQTzD4ZFru_u3JAs,13738
+ws4redis/connection.py,sha256=HeRrQUxNYMJ-2SSSYB2XBHScKRbQRMCuQueDSUDJXXQ,13740
 ws4redis/exceptions.py,sha256=EGLoRTdqJVwz900pwhciqPuSjBBd08hhLgFu6umHrI4,636
-ws4redis/redis.py,sha256=fTNKrXPelowZrgji1XaijUoeQepV1ab1_Y3_tHsysww,6511
+ws4redis/redis.py,sha256=jHfwpUG0Nru_zSyD-xwJhX67gASqVtTFiAc3RwgTcJs,6542
 ws4redis/servers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ws4redis/servers/base.py,sha256=3nYZF5jSsQxNLbnLtKLFJ82xJs_Mc7N1H2kEOx8wT6o,3747
 ws4redis/servers/django.py,sha256=cKOE4U0cE8I3_rDaLgv-KuDb376RASdOzUn7MlDA4As,5900
@@ -513,7 +515,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=KKq00EwoGnz1yLwCZr5Dfoq2izivmAdsNEEM4EhZwN4,1610
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.142.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.142.dist-info/METADATA,sha256=ExBXdVbSrP8zJp7cm9D0SYaS6kTRjQXDmNdwHuzGviw,7663
-django_restit-4.2.142.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-django_restit-4.2.142.dist-info/RECORD,,
+django_restit-4.2.143.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.143.dist-info/METADATA,sha256=FpgN7kXRO3P4WCA8vaKZHxvyRcQRuhLyXH3la6TydgQ,7663
+django_restit-4.2.143.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+django_restit-4.2.143.dist-info/RECORD,,

incident/extra/abuse.py

@@ -0,0 +1,125 @@
+import requests
+import ipaddress
+from objict import objict
+from rest import settings
+from datetime import datetime
+from enum import Enum
+
+API_KEY = settings.get("ABUSEIPDB_KEY", "")
+
+DEFAULT_HEADERS = {
+    'Accept': 'application/json',
+    'Key': API_KEY
+}
+
+
+class AbuseCategory(Enum):
+    DNS_COMPROMISE = (1, "Altering DNS records resulting in improper redirection.")
+    DNS_POISONING = (2, "Falsifying domain server cache (cache poisoning).")
+    FRAUD_ORDERS = (3, "Fraudulent orders.")
+    DDOS_ATTACK = (4, "Participating in distributed denial-of-service (usually part of botnet).")
+    FTP_BRUTE_FORCE = (5, "FTP Brute-Force")
+    PING_OF_DEATH = (6, "Oversized IP packet.")
+    PHISHING = (7, "Phishing websites and/or email.")
+    FRAUD_VOIP = (8, "Fraud VoIP")
+    OPEN_PROXY = (9, "Open proxy, open relay, or Tor exit node.")
+    WEB_SPAM = (10, "Comment/forum spam, HTTP referer spam, or other CMS spam.")
+    EMAIL_SPAM = (11, "Spam email content, infected attachments, and phishing emails.")
+    BLOG_SPAM = (12, "CMS blog comment spam.")
+    VPN_IP = (13, "Conjunctive category.")
+    PORT_SCAN = (14, "Scanning for open ports and vulnerable services.")
+    HACKING = (15, "Hacking")
+    SQL_INJECTION = (16, "Attempts at SQL injection.")
+    SPOOFING = (17, "Email sender spoofing.")
+    BRUTE_FORCE = (18, "Credential brute-force attacks on webpage logins and services.")
+    BAD_WEB_BOT = (19, "Webpage scraping and crawlers that do not honor robots.txt.")
+    EXPLOITED_HOST = (20, "Host is likely infected with malware and being used for other attacks.")
+    WEB_APP_ATTACK = (21, "Attempts to probe for or exploit installed web applications.")
+    SSH = (22, "Secure Shell (SSH) abuse.")
+    IOT_TARGETED = (23, "Abuse targeted at an 'Internet of Things' type device.")
+
+    def __init__(self, code, description):
+        self.code = code
+        self.description = description
+
+    def __str__(self):
+        return f"{self.name} ({self.code}): {self.description}"
+
+
+def lookup(ip, max_days=0):
+    """
+    {
+      "data": {
+        "ipAddress": "118.25.6.39",
+        "isPublic": true,
+        "ipVersion": 4,
+        "isWhitelisted": false,
+        "abuseConfidenceScore": 100,
+        "countryCode": "CN",
+        "countryName": "China",
+        "usageType": "Data Center/Web Hosting/Transit",
+        "isp": "Tencent Cloud Computing (Beijing) Co. Ltd",
+        "domain": "tencent.com",
+        "hostnames": [],
+        "isTor": false,
+        "totalReports": 1,
+        "numDistinctUsers": 1,
+        "lastReportedAt": "2018-12-20T20:55:14+00:00",
+        "reports": [
+          {
+            "reportedAt": "2018-12-20T20:55:14+00:00",
+            "comment": "Dec 20 20:55:14 srv206 sshd[13937]: Invalid user oracle from 118.25.6.39",
+            "categories": [
+              18,
+              22
+            ],
+            "reporterId": 1,
+            "reporterCountryCode": "US",
+            "reporterCountryName": "United States"
+          }
+        ]
+      }
+    }
+    """
+    if not API_KEY:
+        return objict(errors=[{"detail": "Missing API KEY", "status": 401}])
+    url = 'https://api.abuseipdb.com/api/v2/check'
+    params = dict(ipAddress=ip)
+    if max_days:
+        params["maxAgeInDays"] = max_days
+    response = requests.request(
+        method='GET', url=url, headers=DEFAULT_HEADERS,
+        params=params)
+    return objict.fromJSON(response.text)
+
+
+def reportAbuse(ip, comment, categories):
+    """
+    {
+        "data": {
+            "ipAddress": "127.0.0.1",
+            "abuseConfidenceScore": 52
+        }
+    }
+    """
+    if not API_KEY:
+        return objict(errors=[{"detail": "Missing API KEY", "status": 401}])
+    url = 'https://api.abuseipdb.com/api/v2/report'
+    now_str = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+    params = dict(ip=ip, comment=comment, timestamp=now_str, categories=categories)
+    response = requests.request(
+        method='POST', url=url,
+        headers=DEFAULT_HEADERS, params=params)
+    return objict.fromJSON(response.text)
+
+
+def isPrivate(ip, ignore_errors=False):
+    if not ignore_errors:
+        ip_obj = ipaddress.ip_address(ip)
+        return ip_obj.is_private
+    try:
+        ip_obj = ipaddress.ip_address(ip)
+        return ip_obj.is_private
+    except Exception:
+        pass
+    return None

incident/models/event.py

@@ -193,6 +193,7 @@ class Event(JSONMetaData, rm.RestModel):
                     incident.description = self.description
             elif self.category == "ossec":
                 incident.description = f"{self.hostname}: {self.description}"
+                incident.updateAbuseInfo()
             else:
                 incident.description = self.description
             incident.save()

incident/models/incident.py

@@ -10,6 +10,7 @@ from datetime import datetime, timedelta
 from rest import log
 from ws4redis import client as ws4redis
 import time
+from incident.extra import abuse
 
 logger = log.getLogger("incident", filename="incident.log")
 
@@ -483,6 +484,19 @@ class Incident(models.Model, rm.RestModel, rm.MetaDataModel):
                     email_only=True,
                     from_email=INCIDENT_EMAIL_FROM)
 
+    def updateAbuseInfo(self, ip=None):
+        # for now we just check if this ip is in the abuse ip db
+        if ip is None:
+            ip = self.reporter_ip
+        is_priv = abuse.isPrivate(ip, ignore_errors=True)
+        if is_priv is not None:
+            self.setProperty("is_private_ip", is_priv)
+            if is_priv:
+                return
+        info = abuse.lookup(ip, 0)
+        if "errors" not in info:
+            self.setProperty("abuse_info", info)
+
     @classmethod
     def getBundled(cls, rule, event):
         # calculate our bundle start time

incident/rpc.py

@@ -3,6 +3,7 @@ from rest import views as rv
 from rest import helpers as rh
 from rest import settings
 from . import models as am
+from .extra import abuse 
 from .parsers import ossec
 from taskqueue.models import Task
 import incident
@@ -234,3 +235,20 @@ def rest_firewall_block(request):
 @rd.url('ticket/<int:pk>')
 def rest_on_ticket(request, pk=None):
     return am.Ticket.on_rest_request(request, pk)
+
+
+@rd.urlGET('abuse/lookup')
+@rd.requires_params(["ip"])
+def rest_on_abuse_ip_lookup(request):
+    resp = abuse.lookup(request.DATA.get("ip"), request.DATA.get("max_age", 0))
+    return rv.restReturn(request, resp)
+
+
+@rd.urlPOST('abuse/report')
+@rd.requires_params(["ip", "comment", "categories"])
+def rest_on_report_abuse(request):
+    resp = abuse.reportAbuse(
+        ip=request.DATA.get("ip"),
+        comment=request.DATA.get("comment"),
+        categories=request.DATA.get("categories"))
+    return rv.restReturn(request, resp)

rest/__init__.py

@@ -1,4 +1,4 @@
 from .uberdict import UberDict  # noqa: F401
 from .settings_helper import settings  # noqa: F401
 
-__version__ = "4.2.142"
+__version__ = "4.2.143"

rest/rpc.py

@@ -81,6 +81,7 @@ def on_get_system_info(request):
     out = hostinfo.getHostInfo(
         include_versions=request.DATA.get("versions") and SOFTWARE_VERSIONS,
         include_blocked=request.DATA.get("blocked"))
+    out["redist_pool"] = redis.getPoolStatus()
     return views.restGet(request, out)
 
 

ws4redis/connection.py

@@ -286,7 +286,7 @@ class WebsocketConnection():
             if bool(self.last_msg):
                 self.on_ws_msg(self.last_msg)
         except Exception:
-            logger.exception()
+            # logger.exception()
             logger.error("unable to recv on ws... flushing")
             self.websocket.flush()
 

ws4redis/redis.py

@@ -168,6 +168,7 @@ class RedisStore():
         if self.pubsub and self.pubsub.subscribed:
             self.pubsub.unsubscribe()
             self.pubsub.reset()
+        self.connection = None
 
     def __enter__(self):
         return self