# Copyright 2014 Budapest University of Technology and Economics (BME IK) # # This file is part of CIRCLE Cloud. # # CIRCLE is free software: you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free # Software Foundation, either version 3 of the License, or (at your option) # any later version. # # CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more # details. # # You should have received a copy of the GNU General Public License along # with CIRCLE. If not, see <http://www.gnu.org/licenses/>. from __future__ import absolute_import, unicode_literals from datetime import timedelta from json import dumps import logging from netaddr import AddrFormatError, IPAddress from requests import post from requests.exceptions import RequestException from django.core.exceptions import PermissionDenied from django.http import HttpResponse from django.utils import timezone from django.utils.translation import ugettext_lazy as _ from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_POST from .models import BlacklistItem, Host from django.conf import settings logger = logging.getLogger(__name__) def send_request(obj): data = {"ip": obj.ipv4, "msg": obj.snort_message, "reason": obj.reason, "expires_at": str(obj.expires_at).split('.')[0], "object_kind": "ban"} if obj.host: data.update({"hostname": obj.host.hostname, "username": obj.host.owner.username, "fullname": obj.host.owner.get_full_name()}) try: r = post(settings.BLACKLIST_HOOK_URL, data=dumps(data, indent=2), timeout=3) r.raise_for_status() except RequestException as e: logger.warning("Error in HTTP POST: %s. url: %s params: %s", str(e), settings.BLACKLIST_HOOK_URL, data) else: logger.info("Successful HTTP POST. url: %s params: %s", settings.BLACKLIST_HOOK_URL, data) @csrf_exempt @require_POST def add_blacklist_item(request): password = request.POST.get('password') if (not settings.BLACKLIST_PASSWORD or password != settings.BLACKLIST_PASSWORD): logger.warning("Tried invalid password. Password: %s IP: %s", password, request.META["REMOTE_ADDR"]) raise PermissionDenied() try: address = request.POST.get('address') address_object = IPAddress(address, version=4) except (AddrFormatError, TypeError) as e: logger.warning("Invalid IP address: %s (%s)", address, str(e)) return HttpResponse(_("Invalid IP address.")) obj, created = BlacklistItem.objects.get_or_create(ipv4=address) if created: try: db_format = '.'.join("%03d" % x for x in address_object.words) obj.host = Host.objects.get(ipv4=db_format) except Host.DoesNotExist: pass now = timezone.now() can_update = ( (obj.whitelisted and obj.expires_at and now > obj.expires_at) or not obj.whitelisted) is_new = created or (obj.expires_at and now > obj.expires_at) if created or can_update: obj.reason = request.POST.get('reason') obj.snort_message = request.POST.get('snort_message') obj.whitelisted = False obj.expires_at = now + timedelta(weeks=1) obj.full_clean() obj.save() if created: logger.info("Successfully created blacklist item %s.", address) elif can_update: logger.info("Successfully modified blacklist item %s.", address) if is_new and settings.BLACKLIST_HOOK_URL: send_request(obj) return HttpResponse(unicode(_("OK")))