django-restit 4.2.32__py3-none-any.whl → 4.2.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- account/models/member.py +1 -0
- account/rpc/auth.py +2 -2
- account/rpc/member.py +2 -2
- {django_restit-4.2.32.dist-info → django_restit-4.2.34.dist-info}/METADATA +1 -1
- {django_restit-4.2.32.dist-info → django_restit-4.2.34.dist-info}/RECORD +14 -14
- incident/models/event.py +1 -1
- incident/models/incident.py +3 -0
- incident/parsers/ossec.py +34 -3
- incident/rpc.py +4 -0
- rest/__init__.py +1 -1
- rest/models/base.py +6 -2
- rest/requestex.py +0 -3
- {django_restit-4.2.32.dist-info → django_restit-4.2.34.dist-info}/LICENSE.md +0 -0
- {django_restit-4.2.32.dist-info → django_restit-4.2.34.dist-info}/WHEEL +0 -0
account/models/member.py
CHANGED
|
@@ -683,6 +683,7 @@ class Member(User, RestModel, MetaDataModel):
|
|
|
683
683
|
if Member.objects.filter(auth_code=code).count() == 0:
|
|
684
684
|
self.auth_code = code
|
|
685
685
|
self.auth_code_expires = datetime.now() + timedelta(seconds=expires)
|
|
686
|
+
self.auditLog(f"auth_code generated '{code}'", "auth_code", level=21)
|
|
686
687
|
self.save()
|
|
687
688
|
return self.auth_code
|
|
688
689
|
return None
|
account/rpc/auth.py
CHANGED
|
@@ -242,7 +242,7 @@ def is_member_logged_in(request):
|
|
|
242
242
|
|
|
243
243
|
|
|
244
244
|
@rd.urlPOST('invite/validate')
|
|
245
|
-
@rd.
|
|
245
|
+
@rd.requires_params(["username"])
|
|
246
246
|
def member_invite_confirm(request):
|
|
247
247
|
username = request.DATA.get('username', None)
|
|
248
248
|
auth_code = request.DATA.get(["auth_token", "invite_token"], None)
|
|
@@ -256,7 +256,7 @@ def member_invite_confirm(request):
|
|
|
256
256
|
|
|
257
257
|
|
|
258
258
|
@rd.urlPOST('mfa/request_code')
|
|
259
|
-
@rd.
|
|
259
|
+
@rd.requires_params(["username"])
|
|
260
260
|
def member_request_code(request):
|
|
261
261
|
member, resp = get_member_from_request(request)
|
|
262
262
|
if resp is not None:
|
account/rpc/member.py
CHANGED
|
@@ -18,8 +18,8 @@ def member_me_action(request):
|
|
|
18
18
|
return restPermissionDenied(request, "not authenticated")
|
|
19
19
|
if request.method == "GET":
|
|
20
20
|
# request.session['ws4redis:memberof'] = request.member.getGroupUUIDs()
|
|
21
|
-
from rest import helpers as rh
|
|
22
|
-
rh.debug("user_platform", request.DATA.getUserAgentPlatform())
|
|
21
|
+
# from rest import helpers as rh
|
|
22
|
+
# rh.debug("user_platform", request.DATA.getUserAgentPlatform())
|
|
23
23
|
return request.member.on_rest_get(request)
|
|
24
24
|
elif request.method == "POST":
|
|
25
25
|
return request.member.on_rest_post(request)
|
|
@@ -24,7 +24,7 @@ account/models/device.py,sha256=XipNpByreGubB5-d4ZBOoIV5Xw14b2Btcgn6fXz8HAc,4105
|
|
|
24
24
|
account/models/feeds.py,sha256=FXqcZ1Qy4oYOLzai7-GL4WNd7iKPb5Y3ZqvKQunq1Yk,1861
|
|
25
25
|
account/models/group.py,sha256=krFO_Q7kas6j36eYIVpOalLkNfWd1Mj4IniPgENJay4,20628
|
|
26
26
|
account/models/legacy.py,sha256=zYdtv4LC0ooxPVqWM-uToPwV-lYWQLorSE6p6yn1xDw,2720
|
|
27
|
-
account/models/member.py,sha256=
|
|
27
|
+
account/models/member.py,sha256=IC-z-ZDzSBh9EYr8rfvHguttbubBNTKp2vYrQz9nUBQ,50129
|
|
28
28
|
account/models/membership.py,sha256=K2fd0TJYhfv58HPyjQVlahlOPz3Q6ZwrxVkguG-2Ej8,7806
|
|
29
29
|
account/models/notify.py,sha256=YnZujSHJHY7B09e6FIyZIEJRWLPYk1Sk1e92tFzB1IA,12078
|
|
30
30
|
account/models/passkeys.py,sha256=TJxITUi4DT4_1tW2K7ZlOcRjJuMVl2NtKz7pKQU8-Tw,1516
|
|
@@ -36,10 +36,10 @@ account/passkeys/__init__.py,sha256=FwXYJXwSJXfkLojGBcVpF1dFpgFhzDdd9N_3naYQ0cc,
|
|
|
36
36
|
account/passkeys/core.py,sha256=X8y1TCXupZZV-GF10nuPVmdpN0qYuzKe03RnaDlepP4,4116
|
|
37
37
|
account/periodic.py,sha256=-u0n-7QTJgDOkasGhBAPwHAwjpqWGA-MZLEFkVTqCGU,874
|
|
38
38
|
account/rpc/__init__.py,sha256=SGF0M_-H0dKh3b1apSX29BotNWAvITYccGQVC0MIjL8,336
|
|
39
|
-
account/rpc/auth.py,sha256=
|
|
39
|
+
account/rpc/auth.py,sha256=eywdJSjsi_Ds2pM4wnltPJUfjIQqf6r6e99eKS7q3BA,15593
|
|
40
40
|
account/rpc/device.py,sha256=fbbZFp3cUdhVXvD7gVFOqFWj4hKS3bjZKD_aF5fQxd8,2852
|
|
41
41
|
account/rpc/group.py,sha256=pr88ayqVUIBolR3FlWL0sb-JaH1PWH0ow39L7C6K6Rk,3466
|
|
42
|
-
account/rpc/member.py,sha256=
|
|
42
|
+
account/rpc/member.py,sha256=PU-Uz5KUI_BZFy-F-taDqAfnt_AwONYXSzUvfm7eyTw,1264
|
|
43
43
|
account/rpc/notify.py,sha256=Q2YWejP36egeF060Hih5uX4Psv_B8NWlLLPi7iDYlIw,3344
|
|
44
44
|
account/rpc/oauth.py,sha256=ISLVsR5HvKALANokaOFRvF4FTRxWtXPvVnZAYANKxpo,2864
|
|
45
45
|
account/rpc/passkeys.py,sha256=5x28nYILJUMMSwfVuWYL66hfoGUXahMqOwiHhM4I3Do,1729
|
|
@@ -102,15 +102,15 @@ incident/migrations/0013_rulecheck_is_required.py,sha256=cL7tOj5XGPpKd2f5BojIKfN
|
|
|
102
102
|
incident/migrations/0014_event_group_alter_rulecheck_index.py,sha256=v3gm5k0LVoas27qUDOt7el7YtK4yjFVLeEpuFUCoXaQ,724
|
|
103
103
|
incident/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
104
104
|
incident/models/__init__.py,sha256=NMphuhb0RTMf7Ov4QkNv7iv6_I8Wtr3xQ54yjX_a31M,209
|
|
105
|
-
incident/models/event.py,sha256=
|
|
106
|
-
incident/models/incident.py,sha256=
|
|
105
|
+
incident/models/event.py,sha256=CYyJHcTCRSkZuOynVNVBO6P9466OamMVV63jWEbDBZ8,7264
|
|
106
|
+
incident/models/incident.py,sha256=0M7QN32BwlHYRvnUWPqI4IIThSpActGDdbmbPjNcJ9A,18415
|
|
107
107
|
incident/models/ossec.py,sha256=p1ptr-8lnaj1EP_VmPR58b2LmaYBGaYYKAMqhWK5yZM,2227
|
|
108
108
|
incident/models/rules.py,sha256=uT5GhW6Flso287lJGphAlWwL20NRnHDAZoGrWBBQfeE,6260
|
|
109
109
|
incident/models/ticket.py,sha256=S3kqGQpYLE6Y4M9IKu_60sgW-f592xNr8uufqHnvDoU,2302
|
|
110
110
|
incident/parsers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
111
|
-
incident/parsers/ossec.py,sha256=
|
|
111
|
+
incident/parsers/ossec.py,sha256=Bc82n0AeXMBxMxzfAR-1puHyxldcikqeu5MeGRk1zMc,7142
|
|
112
112
|
incident/periodic.py,sha256=eX1rQK6v65A9ugofTvJPSmAWei6C-3EYgzCMuGZ03jM,381
|
|
113
|
-
incident/rpc.py,sha256=
|
|
113
|
+
incident/rpc.py,sha256=g91tUpD5FYfl_q044VVwVyomNRhQfMLC1LeB-RRH3jM,7908
|
|
114
114
|
incident/templates/email/incident_change.html,sha256=O_5ocWTsnqmmOuQhAtXEiE4rWecnZnJjoKU4MwV6ILo,14178
|
|
115
115
|
incident/templates/email/incident_new.html,sha256=IPX3CqIrvdrZSn13_jlR6sEb0If8ftvUrUpkzC5G2Gc,15173
|
|
116
116
|
incident/templates/email/incident_plain.html,sha256=fx4zsoldG1AQEBA6IYx5BJp_MAMizgjjx9EmuR5m4SQ,14727
|
|
@@ -359,7 +359,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
|
|
|
359
359
|
rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
|
|
360
360
|
rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
|
|
361
361
|
rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
|
|
362
|
-
rest/__init__.py,sha256=
|
|
362
|
+
rest/__init__.py,sha256=S_WfIhIPQUOluFpyXFWGT_zK5Q-hZklAhRvPWuqNO8s,121
|
|
363
363
|
rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
|
|
364
364
|
rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
|
|
365
365
|
rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
|
|
@@ -391,12 +391,12 @@ rest/middleware/request.py,sha256=JchRNy5L-bGd-7h-KFYekGRvREe2eCkZXKOYqIkP2hI,41
|
|
|
391
391
|
rest/middleware/session.py,sha256=zHSoQpIzRLmpqr_JvW406wzpvU3W3gDbm5JhtzLAMlE,10240
|
|
392
392
|
rest/middleware/session_store.py,sha256=1nSdeXK8PyuYgGgIufqrS6j6QpIrQ7zbMNT0ol75e6U,1901
|
|
393
393
|
rest/models/__init__.py,sha256=M8pvFDq-WCF-QcM58X7pMufYYe0aaQ3U0PwGe9TKbbY,130
|
|
394
|
-
rest/models/base.py,sha256=
|
|
394
|
+
rest/models/base.py,sha256=LNnlAEkKlwFME61Ek46jdLmF2dCRX6yn72U_st_YoN8,66944
|
|
395
395
|
rest/models/cacher.py,sha256=eKz8TINVhWEqKhJGMsRkKZTtBUIv5rN3NHbZwOC56Uk,578
|
|
396
396
|
rest/models/metadata.py,sha256=ui0962oaWbYGIbkNs7oaUGKyaca9epsW2H-ywgyH7rg,12631
|
|
397
397
|
rest/net.py,sha256=LTF4ip-ur8C2G7NETVOg7ioACegBGo4sDJA18PfF5kQ,1691
|
|
398
398
|
rest/regexes.yaml,sha256=VoGb4E-P_K9f82Yzcpltgzekpt9usRtwu9PYlo46nUw,149463
|
|
399
|
-
rest/requestex.py,sha256=
|
|
399
|
+
rest/requestex.py,sha256=dYXDIg1TLu44FYFjR9X-6AAr7E5yeeGySrlEBC7ZOcU,15677
|
|
400
400
|
rest/rpc.py,sha256=Z-0Q62VeMViZiS_9vBHKJmbERgemsfg8pnKFjV-DH-w,4200
|
|
401
401
|
rest/search.py,sha256=QVjk2b5tZLgf1zM2MHvJTyRjwUbY5ZD7HXSTmSPXtvU,8362
|
|
402
402
|
rest/serializers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -491,7 +491,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
|
|
|
491
491
|
ws4redis/settings.py,sha256=K0yBiLUuY81iDM4Yr-k8hbvjn5VVHu5zQhmMK8Dtz0s,1536
|
|
492
492
|
ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
|
|
493
493
|
ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
|
|
494
|
-
django_restit-4.2.
|
|
495
|
-
django_restit-4.2.
|
|
496
|
-
django_restit-4.2.
|
|
497
|
-
django_restit-4.2.
|
|
494
|
+
django_restit-4.2.34.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
|
|
495
|
+
django_restit-4.2.34.dist-info/METADATA,sha256=_MJaPQPmu76cBOsqmwpe8OYoBA6nIsRqsmuUOdXRDEk,7594
|
|
496
|
+
django_restit-4.2.34.dist-info/WHEEL,sha256=Zb28QaM1gQi8f4VCBhsUklF61CTlNYfs9YAZn-TOGFk,88
|
|
497
|
+
django_restit-4.2.34.dist-info/RECORD,,
|
incident/models/event.py
CHANGED
|
@@ -46,7 +46,7 @@ class Event(JSONMetaData, rm.RestModel):
|
|
|
46
46
|
class RestMeta:
|
|
47
47
|
POST_SAVE_FIELDS = ["level", "catagory"]
|
|
48
48
|
SEARCH_FIELDS = ["description", "hostname"]
|
|
49
|
-
VIEW_PERMS = ["view_incidents"]
|
|
49
|
+
VIEW_PERMS = ["view_incidents", "view_logs"]
|
|
50
50
|
CREATE_PERMS = None # allow anyone to create an event
|
|
51
51
|
GRAPHS = {
|
|
52
52
|
"default": {
|
incident/models/incident.py
CHANGED
|
@@ -168,6 +168,9 @@ class Incident(models.Model, rm.RestModel, rm.MetaDataModel):
|
|
|
168
168
|
self.triggerTask()
|
|
169
169
|
elif self.rule.action.startswith("group:"):
|
|
170
170
|
self.triggerGroup()
|
|
171
|
+
elif self.rule.action == "resolved":
|
|
172
|
+
self.state = INCIDENT_STATE_RESOLVED
|
|
173
|
+
self.save()
|
|
171
174
|
elif self.rule.action.startswith("firewall_block"):
|
|
172
175
|
if settings.FIREWALL_GLOBAL_BLOCK:
|
|
173
176
|
Task.Publish("incident", "firewall_block",
|
incident/parsers/ossec.py
CHANGED
|
@@ -22,6 +22,27 @@ def removeNonAscii(input_str):
|
|
|
22
22
|
return ''.join(char for char in cleaned_str if 32 <= ord(char) < 128)
|
|
23
23
|
|
|
24
24
|
|
|
25
|
+
def extractURL(text):
|
|
26
|
+
match = re.search(r"GET\s+(https?://[^\s]+)\s+HTTP/\d\.\d", text)
|
|
27
|
+
if match:
|
|
28
|
+
return match.group(1)
|
|
29
|
+
return None
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
def extractDomain(text):
|
|
33
|
+
match = re.search(r"https?://([^/:]+)", text)
|
|
34
|
+
if match:
|
|
35
|
+
return match.group(1)
|
|
36
|
+
return None
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
def extractUrlPath(text):
|
|
40
|
+
match = re.search(r"https?://[^/]+(/[^?]*)", text)
|
|
41
|
+
if match:
|
|
42
|
+
return match.group(1)
|
|
43
|
+
return None
|
|
44
|
+
|
|
45
|
+
|
|
25
46
|
def parseAlert(request, data):
|
|
26
47
|
# helpers.log_print(data)
|
|
27
48
|
try:
|
|
@@ -145,15 +166,25 @@ def parseAlert(request, data):
|
|
|
145
166
|
if m and m.groups():
|
|
146
167
|
alert.src_ip = m.group(1)
|
|
147
168
|
elif "web,accesslog," in data.text and "https:" in data.text:
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
169
|
+
alert.ssh_sig = extractURL(data.text)
|
|
170
|
+
if alert.ssh_sig:
|
|
171
|
+
alert.hostname = extractDomain(alert.ssh_sig)
|
|
151
172
|
|
|
152
173
|
if alert.ext_ip is None:
|
|
153
174
|
alert.ext_ip = alert.src_ip
|
|
154
175
|
if alert.src_ip is not None and len(alert.src_ip) > 6:
|
|
155
176
|
# lets do a lookup for the src
|
|
156
177
|
alert.geoip = GeoIP.lookup(alert.src_ip)
|
|
178
|
+
|
|
179
|
+
if irule == 31111:
|
|
180
|
+
url = alert.ssh_sig
|
|
181
|
+
hostname = alert.hostname
|
|
182
|
+
if url:
|
|
183
|
+
hostname = extractDomain(url)
|
|
184
|
+
if alert.geoip and alert.geoip.isp:
|
|
185
|
+
alert.title = f"Suspicious fetch of .js, {hostname} ISP: {alert.geoip.isp}"
|
|
186
|
+
else:
|
|
187
|
+
alert.title = f"Suspicious fetch of .js, {hostname}"
|
|
157
188
|
# finally here we change the alert level
|
|
158
189
|
if irule in LEVEL_REMAP_BY_RULE:
|
|
159
190
|
alert.level = LEVEL_REMAP_BY_RULE[irule]
|
incident/rpc.py
CHANGED
|
@@ -77,15 +77,19 @@ def ossec_alert_creat_from_request(request):
|
|
|
77
77
|
elif od.level <= 3:
|
|
78
78
|
level = 8
|
|
79
79
|
metadata = od.toDict(graph="default")
|
|
80
|
+
# we reuse the ssh_sig because it is a text field to store urls
|
|
80
81
|
ssh_sig = metadata.get("ssh_sig", None)
|
|
81
82
|
if ssh_sig is not None and ssh_sig.startswith("http"):
|
|
82
83
|
metadata.url = ssh_sig
|
|
84
|
+
metadata.domain = ossec.extractDomain(metadata.url)
|
|
85
|
+
metadata.path = ossec.extractUrlPath(metadata.url)
|
|
83
86
|
metadata.pop("ssh_sig")
|
|
84
87
|
if od.geoip:
|
|
85
88
|
metadata["country"] = od.geoip.country
|
|
86
89
|
metadata["city"] = od.geoip.city
|
|
87
90
|
metadata["province"] = od.geoip.state
|
|
88
91
|
metadata["isp"] = od.geoip.isp
|
|
92
|
+
|
|
89
93
|
am.Event.createFromDict(None, {
|
|
90
94
|
"hostname": od.hostname,
|
|
91
95
|
"description": od.title,
|
rest/__init__.py
CHANGED
rest/models/base.py
CHANGED
|
@@ -828,6 +828,8 @@ class RestModel(object):
|
|
|
828
828
|
request.member.auditLog(F"deleted {self.get_class_name(True)}:{self.pk}", "deleted", level=8)
|
|
829
829
|
|
|
830
830
|
def auditLog(self, message, action="log", path=None, level=0, group=None, method=None):
|
|
831
|
+
if group is None and hasattr(self, "group"):
|
|
832
|
+
group = self.group
|
|
831
833
|
PLOG = self.getModel("auditlog", "PersistentLog")
|
|
832
834
|
component = self.get_class_name(True)
|
|
833
835
|
PLOG.log(message=message, action=action, path=path, level=level, method=method, component=component, pkey=self.id, group=group)
|
|
@@ -880,9 +882,11 @@ class RestModel(object):
|
|
|
880
882
|
return_response = not as_dict
|
|
881
883
|
return GRAPH_HELPERS.restGet(request, self, return_httpresponse=return_response, **self.getGraph(graph))
|
|
882
884
|
|
|
883
|
-
def toDict(self, graph=None):
|
|
885
|
+
def toDict(self, graph=None, schema=None):
|
|
884
886
|
RestModel._setupGraphHelpers()
|
|
885
|
-
|
|
887
|
+
if schema is None:
|
|
888
|
+
return self.restGet(None, graph=graph, as_dict=True)
|
|
889
|
+
return GRAPH_HELPERS.restGet(None, self, return_httpresponse=False, **schema)
|
|
886
890
|
|
|
887
891
|
def __str__(self):
|
|
888
892
|
return f"<{self.get_class_name(True)}>"
|
rest/requestex.py
CHANGED
|
@@ -252,9 +252,6 @@ class RequestData(object):
|
|
|
252
252
|
def log(self, include_headers=True):
|
|
253
253
|
if not self.is_logged:
|
|
254
254
|
self.is_logged = True
|
|
255
|
-
track = self.get("track", None)
|
|
256
|
-
cardnumber = self.get(["cardnumber", "pan"], None)
|
|
257
|
-
password = self.get("password", None)
|
|
258
255
|
sanitized = UberDict.fromdict(self.toDict())
|
|
259
256
|
if include_headers:
|
|
260
257
|
headers = {}
|
|
File without changes
|
|
File without changes
|