firewall: add blacklist hook support

1de90b85 · Bach Dániel · 9f8191f1 · 1de90b85 · 1de90b85
Commit 1de90b85 authored Feb 27, 2015 by Bach Dániel
Show whitespace changes
Inline Side-by-side

Showing with 33 additions and 2 deletions

circle/circle/settings/base.py
+1 -0

circle/firewall/views.py
+32 -2

No files found.
--- a/circle/circle/settings/base.py
+++ b/circle/circle/settings/base.py
@@ -563,3 +563,4 @@ CLIENT_DOWNLOAD_URL = get_env_variable('CLIENT_DOWNLOAD_URL', 'http://circleclou
 ADMIN_ENABLED = False
 BLACKLIST_PASSWORD = get_env_variable("BLACKLIST_PASSWORD", "")
+BLACKLIST_HOOK_URL = get_env_variable("BLACKLIST_HOOK_URL", "")
--- a/circle/firewall/views.py
+++ b/circle/firewall/views.py
@@ -18,9 +18,12 @@
 from __future__ import absolute_import, unicode_literals
 from datetime import timedelta
+from json import dumps
 import logging
 from netaddr import AddrFormatError, IPAddress
+from requests import post
+from requests.exceptions import RequestException
 from django.core.exceptions import PermissionDenied
 from django.http import HttpResponse
@@ -36,6 +39,28 @@ from django.conf import settings
 logger = logging.getLogger(__name__)
+def send_request(obj):
+    data = {"ip": obj.ipv4,
+            "msg": obj.snort_message,
+            "reason": obj.reason,
+            "expires_at": str(obj.expires_at).split('.')[0],
+            "object_kind": "ban"}
+    if obj.host:
+        data.update({"hostname": obj.host.hostname,
+                     "username": obj.host.owner.username,
+                     "fullname": obj.host.owner.get_full_name()})
+    try:
+        r = post(settings.BLACKLIST_HOOK_URL, data=dumps(data, indent=2),
+                 timeout=3)
+        r.raise_for_status()
+    except RequestException as e:
+        logger.warning("Error in HTTP POST: %s. url: %s params: %s",
+                       str(e), settings.BLACKLIST_HOOK_URL, data)
+    else:
+        logger.info("Successful HTTP POST. url: %s params: %s",
+                    settings.BLACKLIST_HOOK_URL, data)
 @csrf_exempt
 @require_POST
 def add_blacklist_item(request):
@@ -48,7 +73,7 @@ def add_blacklist_item(request):
    try:
        address = request.POST.get('address')
-        IPAddress(address, version=4)
+        address_object = IPAddress(address, version=4)
    except (AddrFormatError, TypeError) as e:
        logger.warning("Invalid IP address: %s (%s)", address, str(e))
        return HttpResponse(_("Invalid IP address."))
@@ -56,13 +81,15 @@ def add_blacklist_item(request):
    obj, created = BlacklistItem.objects.get_or_create(ipv4=address)
    if created:
        try:
-            obj.host = Host.objects.get(ipv4=address)
+            db_format = '.'.join("%03d" % x for x in address_object.words)
+            obj.host = Host.objects.get(ipv4=db_format)
        except Host.DoesNotExist:
            pass
    now = timezone.now()
    can_update = ((obj.whitelisted and now > obj.expires_at) or
                  not obj.whitelisted)
+    is_new = created or (obj.expires_at and now > obj.expires_at)
    if created or can_update:
        obj.reason = request.POST.get('reason')
@@ -77,4 +104,7 @@ def add_blacklist_item(request):
    elif can_update:
        logger.info("Successfully modified blacklist item %s.", address)
+    if is_new and settings.BLACKLIST_HOOK_URL:
+        send_request(obj)
    return HttpResponse(unicode(_("OK")))