#1073 wip

LDO-CERT · Apr 11, 2024 · a639e87 · a639e87
1 parent be19539
commit a639e87
Show file tree

Hide file tree

Showing 15 changed files with 275 additions and 64 deletions.
diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12-slim-bookworm as common-base
+FROM python:3.12.2-slim-bookworm as common-base
 
 ENV DJANGO_SETTINGS_MODULE config.settings.local
 ENV PYTHONUNBUFFERED 1

diff --git a/orochi/api/models.py b/orochi/api/models.py
@@ -51,6 +51,9 @@ class SuccessResponse(Schema):
     message: str
 
 
+###################################################
+# Utils
+###################################################
 class DaskStatusOut(Schema):
     running: int = 0
 

diff --git a/orochi/api/routers/utils.py b/orochi/api/routers/utils.py
@@ -1,17 +1,62 @@
+import json
+from pathlib import Path
+from typing import Any
+
+import geoip2.database
 from dask.distributed import Client
 from django.conf import settings
+from geoip2.errors import GeoIP2Error
 from ninja import Router
 from ninja.security import django_auth
 
-from orochi.api.models import DaskStatusOut
+from orochi.api.models import DaskStatusOut, ErrorsOut
 
 router = Router()
 
 
+@router.get("changelog", auth=django_auth, response={200: Any, 400: ErrorsOut})
+def changelog(request):
+    """
+    Summary:
+    Endpoint to retrieve the changelog content.
+
+    Explanation:
+    Retrieves the content of the CHANGELOG.md file and returns it as a response. If an exception occurs during the process, it returns an error response.
+
+    Args:
+    - request: The request object.
+
+    Returns:
+    - Tuple[int, Dict[str, str]]: A tuple containing the status code and a dictionary with the changelog content.
+
+    Raises:
+    - ErrorsOut: If an exception occurs during the file reading process.
+    """
+    try:
+        changelog_path = Path("/app/CHANGELOG.md")
+        with open(changelog_path, "r") as f:
+            changelog_content = "".join(f.readlines())
+            return 200, {"note": changelog_content}
+    except Exception as excp:
+        return 400, ErrorsOut(errors=str(excp))
+
+
 @router.get(
-    "/dask_status", auth=django_auth, response=DaskStatusOut, url_name="dask_status"
+    "/dask_status",
+    auth=django_auth,
+    response=DaskStatusOut,
+    url_name="dask_status",
 )
 def dask_status(request):
+    """
+    Get the total number of running tasks on the Dask scheduler.
+
+    Args:
+        request: The request object.
+
+    Returns:
+        int: The total number of running tasks on the Dask scheduler.
+    """
     dask_client = Client(settings.DASK_SCHEDULER_URL)
     res = dask_client.run_on_scheduler(
         lambda dask_scheduler: {
@@ -21,3 +66,52 @@ def dask_status(request):
     )
     dask_client.close()
     return sum(len(running_tasks) for running_tasks in res.values())
+
+
+@router.get(
+    "/maxmind",
+    auth=django_auth,
+    url_name="maxmind",
+    response={200: Any, 400: ErrorsOut},
+)
+def maxmind(request, ip: str):
+    """
+    Retrieve geolocation data for the given IP address using MaxMind databases.
+
+    Args:
+        request: The request object.
+        ip (str): The IP address for which geolocation data is to be retrieved.
+
+    Returns:
+        tuple: A tuple containing the HTTP status code and the geolocation data as a dictionary.
+            The status code 200 indicates success, while 400 indicates an error.
+    """
+    if (
+        not Path("/maxmind/GeoLite2-ASN.mmdb").exists()
+        and not Path("/maxmind/GeoLite2-City.mmdb").exists()
+        and not Path("/maxmind/GeoLite2-Country.mmdb").exists()
+    ):
+        return 400, ErrorsOut(errors="Maxmind databases not found.")
+
+    try:
+        data = {}
+        if Path("/maxmind/GeoLite2-ASN.mmdb").exists():
+            with geoip2.database.Reader("/maxmind/GeoLite2-ASN.mmdb") as reader:
+                data |= reader.asn(ip).raw
+        if Path("/maxmind/GeoLite2-City.mmdb").exists():
+            with geoip2.database.Reader("/maxmind/GeoLite2-City.mmdb") as reader:
+                data |= reader.city(ip).raw
+        if Path("/maxmind/GeoLite2-Country.mmdb").exists():
+            with geoip2.database.Reader("/maxmind/GeoLite2-Country.mmdb") as reader:
+                data |= reader.country(ip).raw
+        return 200, data
+    except (GeoIP2Error, Exception) as excp:
+        return 400, ErrorsOut(errors=str(excp))
+
+
+@router.get("/vt", url_name="vt", response={200: Any, 400: ErrorsOut}, auth=django_auth)
+def get_extracted_dump_vt_report(request, path: str):
+    path = Path(path)
+    if path.exists():
+        return 200, json.loads(open(path, "r").read())
+    return 400, ErrorsOut(errors="File not found.")
diff --git a/orochi/static/js/handlebars/maxmind.js b/orochi/static/js/handlebars/maxmind.js
@@ -0,0 +1,37 @@
+(function() {
+  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
+templates['maxmind'] = template({"1":function(container,depth0,helpers,partials,data) {
+    var helper, lookupProperty = container.lookupProperty || function(parent, propertyName) {
+        if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
+          return parent[propertyName];
+        }
+        return undefined
+    };
+
+  return "    <div class=\"alert alert-danger m-4\" role=\"alert\">\n    "
+    + container.escapeExpression(((helper = (helper = lookupProperty(helpers,"errors") || (depth0 != null ? lookupProperty(depth0,"errors") : depth0)) != null ? helper : container.hooks.helperMissing),(typeof helper === "function" ? helper.call(depth0 != null ? depth0 : (container.nullContext || {}),{"name":"errors","hash":{},"data":data,"loc":{"start":{"line":8,"column":4},"end":{"line":8,"column":14}}}) : helper)))
+    + "\n    </div>\n";
+},"3":function(container,depth0,helpers,partials,data) {
+    var stack1, lookupProperty = container.lookupProperty || function(parent, propertyName) {
+        if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
+          return parent[propertyName];
+        }
+        return undefined
+    };
+
+  return "    <div id=\"js_received\" style=\"width: 100%; height: 100%;\"></div>\n    <script>\n        var options = {\n            mode: 'code',\n            modes: ['text', 'code', 'view'],\n            onEditable: function (node) {\n                if (!node.path) { return false; }\n            }\n        }\n        var json_viewer = document.getElementById(\"js_received\")\n        var json_container = new JSONEditor(json_viewer, options)\n        json_container.set("
+    + ((stack1 = (lookupProperty(helpers,"json")||(depth0 && lookupProperty(depth0,"json"))||container.hooks.helperMissing).call(depth0 != null ? depth0 : (container.nullContext || {}),(depth0 != null ? lookupProperty(depth0,"info") : depth0),{"name":"json","hash":{},"data":data,"loc":{"start":{"line":22,"column":27},"end":{"line":22,"column":44}}})) != null ? stack1 : "")
+    + ")\n    </script>\n";
+},"compiler":[8,">= 4.3.0"],"main":function(container,depth0,helpers,partials,data) {
+    var stack1, lookupProperty = container.lookupProperty || function(parent, propertyName) {
+        if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
+          return parent[propertyName];
+        }
+        return undefined
+    };
+
+  return "<div class=\"modal-header\">\n    <h5 class=\"modal-title\">Maxmind Report</h5>\n    <button type=\"button\" class=\"btn-close\" data-bs-dismiss=\"modal\" aria-label=\"Close\"></button>\n</div>\n<div class=\"modal-body\">\n"
+    + ((stack1 = lookupProperty(helpers,"if").call(depth0 != null ? depth0 : (container.nullContext || {}),(depth0 != null ? lookupProperty(depth0,"errors") : depth0),{"name":"if","hash":{},"fn":container.program(1, data, 0),"inverse":container.program(3, data, 0),"data":data,"loc":{"start":{"line":6,"column":4},"end":{"line":24,"column":11}}})) != null ? stack1 : "")
+    + "  </div>\n  <div class=\"modal-footer\">\n    <button type=\"button\" class=\"btn btn-secondary\" data-bs-dismiss=\"modal\">Close</button>\n  </div>\n</form>\n";
+},"useData":true});
+})();
diff --git a/orochi/static/js/handlebars/vt.js b/orochi/static/js/handlebars/vt.js
@@ -0,0 +1,37 @@
+(function() {
+  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
+templates['vt'] = template({"1":function(container,depth0,helpers,partials,data) {
+    var helper, lookupProperty = container.lookupProperty || function(parent, propertyName) {
+        if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
+          return parent[propertyName];
+        }
+        return undefined
+    };
+
+  return "    <div class=\"alert alert-danger m-4\" role=\"alert\">\n    "
+    + container.escapeExpression(((helper = (helper = lookupProperty(helpers,"errors") || (depth0 != null ? lookupProperty(depth0,"errors") : depth0)) != null ? helper : container.hooks.helperMissing),(typeof helper === "function" ? helper.call(depth0 != null ? depth0 : (container.nullContext || {}),{"name":"errors","hash":{},"data":data,"loc":{"start":{"line":8,"column":4},"end":{"line":8,"column":14}}}) : helper)))
+    + "\n    </div>\n";
+},"3":function(container,depth0,helpers,partials,data) {
+    var stack1, lookupProperty = container.lookupProperty || function(parent, propertyName) {
+        if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
+          return parent[propertyName];
+        }
+        return undefined
+    };
+
+  return "    <div id=\"js_received\" style=\"width: 100%; height: 100%;\"></div>\n    <script>\n        var options = {\n            mode: 'code',\n            modes: ['text', 'code', 'view'],\n            onEditable: function (node) {\n                if (!node.path) { return false; }\n            }\n        }\n        var json_viewer = document.getElementById(\"js_received\")\n        var json_container = new JSONEditor(json_viewer, options)\n        json_container.set("
+    + ((stack1 = (lookupProperty(helpers,"json")||(depth0 && lookupProperty(depth0,"json"))||container.hooks.helperMissing).call(depth0 != null ? depth0 : (container.nullContext || {}),(depth0 != null ? lookupProperty(depth0,"info") : depth0),{"name":"json","hash":{},"data":data,"loc":{"start":{"line":22,"column":27},"end":{"line":22,"column":44}}})) != null ? stack1 : "")
+    + ")\n    </script>\n";
+},"compiler":[8,">= 4.3.0"],"main":function(container,depth0,helpers,partials,data) {
+    var stack1, lookupProperty = container.lookupProperty || function(parent, propertyName) {
+        if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
+          return parent[propertyName];
+        }
+        return undefined
+    };
+
+  return "<div class=\"modal-header\">\n    <h5 class=\"modal-title\">VirusTotal Report</h5>\n    <button type=\"button\" class=\"btn-close\" data-bs-dismiss=\"modal\" aria-label=\"Close\"></button>\n</div>\n<div class=\"modal-body\">\n"
+    + ((stack1 = lookupProperty(helpers,"if").call(depth0 != null ? depth0 : (container.nullContext || {}),(depth0 != null ? lookupProperty(depth0,"errors") : depth0),{"name":"if","hash":{},"fn":container.program(1, data, 0),"inverse":container.program(3, data, 0),"data":data,"loc":{"start":{"line":6,"column":4},"end":{"line":24,"column":11}}})) != null ? stack1 : "")
+    + "  </div>\n  <div class=\"modal-footer\">\n    <button type=\"button\" class=\"btn btn-secondary\" data-bs-dismiss=\"modal\">Close</button>\n  </div>\n</form>\n";
+},"useData":true});
+})();
diff --git a/orochi/templates/base.html b/orochi/templates/base.html
@@ -20,6 +20,7 @@
   <link rel="stylesheet" type="text/css" href="{% static 'css/style.css' %}" />
   <link rel="stylesheet" type="text/css" href="{% static 'css/toast/toast.min.css'%}" />
   <link rel="stylesheet" type="text/css" href="{% static 'file_form/file_form.css' %}">
+  <link rel="stylesheet" type="text/css" href="{% static 'css/jsoneditor/jsoneditor.css' %}">
   {% endblock %}
 </head>
 
@@ -160,6 +161,8 @@
     <script defer src="{% static 'js/handlebars/handlebars.runtime.js' %}" type="text/javascript"
       language="javascript"></script>
     <script defer src="{% static 'js/handlebars/plugins.js' %}" type="text/javascript" language="javascript"></script>
+    <script defer src="{% static 'js/handlebars/maxmind.js' %}" type="text/javascript" language="javascript"></script>
+    <script defer src="{% static 'js/handlebars/vt.js' %}" type="text/javascript" language="javascript"></script>
     <script defer src="{% static 'js/fontawesome/all.min.js' %}" type="text/javascript" language="javascript"></script>
     <script src="{% static 'js/jquery-3.5.1.js' %}" type="text/javascript" language="javascript"></script>
     <script src="{% static 'js/bootstrap/bootstrap.bundle.min.js' %}" type="text/javascript"
@@ -176,6 +179,7 @@
     <script src="{% static 'js/toast/toast.js' %}" type="text/javascript" language="javascript"></script>
     <script src="{% static 'js/jscolor/jscolor.js' %}" type="text/javascript" language="javascript"></script>
     <script src="{% static 'js/marked/marked.min.js' %}" type="text/javascript" language="javascript"></script>
+    <script src="{% static 'js/jsoneditor/jsoneditor.min.js' %}"></script>
     <script type="text/javascript">
 
       $(document).ready(function () {
@@ -196,7 +200,7 @@
 
         // CHANGELOG
         $(document).on("click", "#changelog", function () {
-          $.get("{% url 'website:changelog' %}")
+          $.get("{% url 'api:changelog' %}")
             .done(function (data) {
               bootbox.alert({
                 message: marked.parse(data.note),

diff --git a/orochi/templates/handlebars/maxmind.handlebars b/orochi/templates/handlebars/maxmind.handlebars
@@ -0,0 +1,29 @@
+<div class="modal-header">
+    <h5 class="modal-title">Maxmind Report</h5>
+    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+</div>
+<div class="modal-body">
+    {{#if errors}}
+    <div class="alert alert-danger m-4" role="alert">
+    {{errors}}
+    </div>
+    {{else}}
+    <div id="js_received" style="width: 100%; height: 100%;"></div>
+    <script>
+        var options = {
+            mode: 'code',
+            modes: ['text', 'code', 'view'],
+            onEditable: function (node) {
+                if (!node.path) { return false; }
+            }
+        }
+        var json_viewer = document.getElementById("js_received")
+        var json_container = new JSONEditor(json_viewer, options)
+        json_container.set({{{ json info }}})
+    </script>
+    {{/if}}
+  </div>
+  <div class="modal-footer">
+    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+  </div>
+</form>
diff --git a/orochi/templates/handlebars/vt.handlebars b/orochi/templates/handlebars/vt.handlebars
@@ -0,0 +1,29 @@
+<div class="modal-header">
+    <h5 class="modal-title">VirusTotal Report</h5>
+    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+</div>
+<div class="modal-body">
+    {{#if errors}}
+    <div class="alert alert-danger m-4" role="alert">
+    {{errors}}
+    </div>
+    {{else}}
+    <div id="js_received" style="width: 100%; height: 100%;"></div>
+    <script>
+        var options = {
+            mode: 'code',
+            modes: ['text', 'code', 'view'],
+            onEditable: function (node) {
+                if (!node.path) { return false; }
+            }
+        }
+        var json_viewer = document.getElementById("js_received")
+        var json_container = new JSONEditor(json_viewer, options)
+        json_container.set({{{ json info }}})
+    </script>
+    {{/if}}
+  </div>
+  <div class="modal-footer">
+    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+  </div>
+</form>
diff --git a/orochi/templates/users/user_bookmarks.html b/orochi/templates/users/user_bookmarks.html
@@ -91,6 +91,7 @@
         type: 'get',
         dataType: 'json',
         beforeSend: function () {
+          $("#modal-update .modal-content").html('');
           $("#modal-update").modal("show");
           row = table.row($(btn).closest('tr')).index();
         },
@@ -210,4 +211,4 @@
 
   });
 </script>
-{% endblock javascript %}
+{% endblock javascript %}
diff --git a/orochi/templates/users/user_rules.html b/orochi/templates/users/user_rules.html
@@ -260,6 +260,7 @@
         dataType: 'json',
         beforeSend: function () {
           $("#modal-update .modal-dialog").removeClass('modal-xl');
+          $("#modal-update .modal-content").html('');
           $("#modal-update").modal("show");
         },
         success: function (data) {
@@ -310,6 +311,7 @@
         dataType: 'json',
         success: function (data) {
           $("#modal-update .modal-dialog").addClass('modal-xl');
+          $("#modal-update .modal-content").html('');
           $("#modal-update").modal("show");
           $("#modal-update .modal-content").html(data.html_form);
         },
@@ -386,4 +388,4 @@
 
   });
 </script>
-{% endblock javascript %}
+{% endblock javascript %}
diff --git a/orochi/templates/website/file_download.html b/orochi/templates/website/file_download.html
@@ -15,7 +15,7 @@
     </a>
     {% endif %}
     {% if vt %}
-    <a href="#" class="vt_report btn btn-primary btn-sm" data-path="{{down_path}}.vt.json" title="Virustotal Report">
+    <a href="#" class="vt-info btn btn-primary btn-sm" data-path="{{down_path}}.vt.json" title="Virustotal Report">
         <i class="fas fa-virus"></i>
     </a>
     {% endif %}