#1073

examples/local_api.ipynb → examples/dump.ipynb

@@ -88,7 +88,7 @@
    "outputs": [],
    "source": [
     "\n",
-    "files = {'upload': ('sorpresa.zip', open('/home/dadokkio/Insync/[email protected]/Google Drive/Lavoro/Agusta/DATA/AMF_MemorySamples/linux/sorpresa.zip','rb'))}\n",
+    "files = {'upload': ('sorpresa.zip', open('/AMF_MemorySamples/linux/sorpresa.zip','rb'))}\n",
     "data = {\n",
     "    'payload': '{\"operating_system\": \"Linux\", \"name\": \"sorpresa\", \"folder\": {\"name\": \"linux-samples\"}}'\n",
     "}\n",

examples/example1.yara

@@ -0,0 +1,9 @@
+rule Example_One
+{
+strings:
+$string1 = "pay"
+$string2 = "immediately"
+
+condition:
+($string1 and $string2)
+}

examples/example2.yara

@@ -0,0 +1,13 @@
+rule Example_Two
+{
+strings:
+$MaliciousWeb1 = "www.scamwebsite.com"
+$MaliciousWeb2 = "www.notrealwebsite.com"
+$Maliciousweb3 = "www.freemoney.com"
+$AttackerName1 = "hackx1203"
+$AttackerName2 = "Hackor"
+$AttackerName3 = "Hax"
+
+condition:
+any of them
+}

examples/rule.ipynb

@@ -0,0 +1,279 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": 33,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import json\n",
+    "import getpass\n",
+    "from requests import Session\n",
+    "from pprint import pprint\n",
+    "import urllib3\n",
+    "urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n",
+    "\n",
+    "url = \"https://localhost\"\n",
+    "user = input()\n",
+    "password = getpass.getpass()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# LOGIN"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "session = Session()\n",
+    "\n",
+    "first = session.get(f\"{url}\", verify=False)\n",
+    "csrftoken = first.cookies[\"csrftoken\"]\n",
+    "\n",
+    "data = json.dumps(\n",
+    "    {\"username\": user, \"password\": password, \"csrfmiddlewaretoken\": csrftoken}\n",
+    ")\n",
+    "\n",
+    "headers = {\n",
+    "    \"X-CSRFToken\": first.headers[\"Set-Cookie\"].split(\"=\")[1].split(\";\")[0],\n",
+    "    \"Referer\": url,\n",
+    "    \"X-Requested-With\": \"XMLHttpRequest\",\n",
+    "}\n",
+    "\n",
+    "req = session.post(\n",
+    "    f\"{url}/api/auth/\", data=data, cookies=first.cookies, headers=headers, verify=False\n",
+    ")\n",
+    "if req.status_code != 200:\n",
+    "    print(req.text)\n",
+    "    exit(1)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# GET RULE LIST"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "1 rules returned of 24004\n",
+      "{'headline': '',\n",
+      " 'id': 24313,\n",
+      " 'path_name': 'aaa6.yara',\n",
+      " 'ruleset_description': 'Your crafted ruleset',\n",
+      " 'ruleset_name': 'admin-Ruleset'}\n"
+     ]
+    }
+   ],
+   "source": [
+    "rules = session.get(f\"{url}/api/rules/?start=0&length=1&draw=0\", verify=False).json()\n",
+    "print(f\"{len(rules['data'])} rules returned of {rules['recordsTotal']}\")\n",
+    "if len(rules['data']) > 0: \n",
+    "    pprint(rules['data'][0])\n",
+    "    rule_pk = rules['data'][0]['id']"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# CREATE RULE"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "[{'compiled': False,\n",
+      "  'created': '2024-10-29T14:08:24.507Z',\n",
+      "  'enabled': True,\n",
+      "  'id': 24322,\n",
+      "  'path': '/yara/admin-Ruleset/example13.yar',\n",
+      "  'ruleset': 1,\n",
+      "  'updated': '2024-10-29T14:08:24.507Z'},\n",
+      " {'compiled': False,\n",
+      "  'created': '2024-10-29T14:08:24.514Z',\n",
+      "  'enabled': True,\n",
+      "  'id': 24323,\n",
+      "  'path': '/yara/admin-Ruleset/example24.yar',\n",
+      "  'ruleset': 1,\n",
+      "  'updated': '2024-10-29T14:08:24.514Z'}]\n"
+     ]
+    }
+   ],
+   "source": [
+    "\n",
+    "files = [\n",
+    "    ('files', ('example1.yar', open('./example1.yara','rb'))),\n",
+    "    ('files', ('example2.yar', open('./example2.yara','rb')))\n",
+    "]\n",
+    "res = session.post(f\"{url}/api/rules/\", files=files, cookies=first.cookies, headers=headers, verify=False)\n",
+    "if res.status_code == 200:\n",
+    "    data = res.json() or []\n",
+    "    pprint(res.json())\n",
+    "    rule_pks = [x['id'] for x in data]\n",
+    "else:\n",
+    "    print(res.status_code, res.text)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# BUILD RULE"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'message': 'Rule combined_rule created'}\n"
+     ]
+    }
+   ],
+   "source": [
+    "data = {\n",
+    "    \"rule_ids\": rule_pks,\n",
+    "    \"rulename\": \"combined_rule\"\n",
+    "}\n",
+    "res = session.post(f\"{url}/api/rules/build\", json=data, cookies=first.cookies, headers=headers, verify=False)\n",
+    "if res.status_code == 200:\n",
+    "    pprint(res.json())\n",
+    "else:\n",
+    "    print(res.status_code, res.text)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# EDIT RULE"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 41,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'message': 'Rule example13.yar updated.'}\n"
+     ]
+    }
+   ],
+   "source": [
+    "data = {\n",
+    "        \"text\": \"rule NewRule { condition: true }\"\n",
+    "    }\n",
+    "res = session.patch(f\"{url}/api/rules/{rule_pks[0]}\",  json=data, cookies=first.cookies, headers=headers, verify=False)\n",
+    "if res.status_code == 200:\n",
+    "    pprint(res.json())\n",
+    "else:\n",
+    "    print(res.status_code, res.text)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# DOWNLOAD RULE"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 44,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "'rule NewRule { condition: true }'\n"
+     ]
+    }
+   ],
+   "source": [
+    "res = session.get(f\"{url}/api/rules/{rule_pks[0]}/download\", cookies=first.cookies, headers=headers, verify=False)\n",
+    "if res.status_code == 200:\n",
+    "    pprint(res.text)\n",
+    "else:\n",
+    "    print(res.status_code, res.text)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# DELETE DUMP"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 45,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "200 {\"message\": \"2 rules deleted.\"}\n"
+     ]
+    }
+   ],
+   "source": [
+    "data = {\n",
+    "    \"rule_ids\": rule_pks\n",
+    "}\n",
+    "res = session.delete(f\"{url}/api/rules/\", json=data, cookies=first.cookies, headers=headers, verify=False)\n",
+    "print(res.status_code, res.text)   "
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "base",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.10.15"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}

orochi/api/models.py

@@ -1,13 +1,15 @@
 from enum import Enum
+from pathlib import Path
 from typing import Dict, List, Optional
 
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group
 from ninja import Field, ModelSchema, Schema
 from ninja.orm import create_schema
+from ninja.pagination import PaginationBase
 
 from orochi.website.defaults import OSEnum
-from orochi.website.models import Bookmark, CustomRule, Dump, Folder, Plugin, Result
+from orochi.website.models import Bookmark, CustomRule, Dump, Folder, Plugin
 from orochi.ya.models import Rule
 
 
@@ -271,8 +273,6 @@ class BookmarksInSchema(Schema):
 ###################################################
 # CustomRules
 ###################################################
-
-
 class User(ModelSchema):
 
     class Meta:
@@ -326,3 +326,57 @@ class ListStrAction(Schema):
 
 class RuleEditInSchena(Schema):
     text: str
+
+
+class RuleOut(Schema):
+    id: int
+    ruleset_name: str
+    ruleset_description: str
+    path_name: str
+    headline: Optional[str] = None
+
+
+class Order(Schema):
+    column: int = 1
+    dir: str = Field("asc", pattern="^(asc|desc)$")
+
+
+class RuleFilter(Schema):
+    search: str = None
+    order: Order = None
+
+
+class CustomPagination(PaginationBase):
+    class Input(Schema):
+        start: int
+        length: int
+
+    class Output(Schema):
+        draw: int
+        recordsTotal: int
+        recordsFiltered: int
+        data: List[RuleOut]
+
+    items_attribute: str = "data"
+
+    def paginate_queryset(self, queryset, pagination: Input, **params):
+        request = params["request"]
+        return {
+            "draw": request.draw,
+            "recordsTotal": request.total,
+            "recordsFiltered": queryset.count(),
+            "data": [
+                RuleOut(
+                    **{
+                        "id": x.pk,
+                        "ruleset_name": x.ruleset.name,
+                        "ruleset_description": x.ruleset.description,
+                        "path_name": Path(x.path).name,
+                        "headline": x.headline if request.search else "",
+                    }
+                )
+                for x in queryset[
+                    pagination.start : pagination.start + pagination.length
+                ]
+            ],
+        }