How to use the rules.models.Transformation function in rules
To help you get started, we’ve selected a few rules examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
StamusNetworks / scirius / rules / models.py View on Github 
def get_transformation(self, ruleset, key=Transformation.ACTION, override=False):
NONE = None
TYPE = None
if key == Transformation.ACTION:
NONE = Transformation.A_NONE
TYPE = Transformation.ActionTransfoType
elif key == Transformation.LATERAL:
NONE = Transformation.L_NO
TYPE = Transformation.LateralTransfoType
elif key == Transformation.TARGET:
NONE = Transformation.T_NONE
TYPE = Transformation.TargetTransfoType
else:
raise Exception("Key '%s' is unknown" % key)
if Rule.TRANSFORMATIONS is None:
rt = RuleTransformation.objects.filter(
key=key.value,
ruleset=ruleset,
rule_transformation=self).all()
if len(rt) > 0:
return TYPE(rt[0].value)
if override:def apply_transformation(self, content, key=Transformation.ACTION, value=None):
if key == Transformation.ACTION:
if value == Transformation.A_REJECT:
content = re.sub("^ *\S+", "reject", content)
elif value == Transformation.A_DROP:
content = re.sub("^ *\S+", "drop", content)
elif value == Transformation.A_FILESTORE:
content = re.sub("; *\)", "; filestore;)", content)
elif value == Transformation.A_BYPASS:
if 'noalert' in content:
content = re.sub("; noalert;", "; noalert; bypass;", content)
else:
content = re.sub("; *\)", "; noalert; bypass;)", content)
content = re.sub("^ *\S+", "pass", content)
elif key == Transformation.LATERAL or key == Transformation.TARGET:
content = self.apply_lateral_target_transfo(content, key, value)def index(request, error = None):
# try to get suricata from db
suri = get_suri()
if settings.SURICATA_NAME_IS_HOSTNAME:
suri.name = socket.gethostname()
if suri:
context = {'suricata': suri}
if error:
context['error'] = error
if suri.ruleset:
supp_rules = list(Rule.objects.filter(ruletransformation__ruleset=suri.ruleset, ruletransformation__key=Transformation.SUPPRESSED.value, ruletransformation__value=Transformation.S_SUPPRESSED.value))
if len(supp_rules):
suppressed = ",".join([ unicode(x.sid) for x in supp_rules])
context['suppressed'] = suppressed
if settings.USE_ELASTICSEARCH:
context['rules'] = True
return scirius_render(request, 'suricata/index.html', context)
else:
form = SuricataForm()
context = { 'creation': True , 'form': form}
missing = dependencies_check(Suricata)
if missing:
context['missing'] = missing
return scirius_render(request, 'suricata/edit.html', context)thresholds = RulesetThresholdTable(thresholds)
tables.RequestConfig(request).configure(thresholds)
context['thresholds'] = thresholds
suppress = Threshold.objects.filter(ruleset = ruleset, threshold_type = 'suppress')
if suppress:
suppress = RulesetSuppressTable(suppress)
tables.RequestConfig(request).configure(suppress)
context['suppress'] = suppress
# Error
if error:
context['error'] = error
S_SUPPRESSED = Transformation.S_SUPPRESSED
A_REJECT = Transformation.A_REJECT
A_DROP = Transformation.A_DROP
A_FILESTORE = Transformation.A_FILESTORE
for trans in (S_SUPPRESSED, A_REJECT, A_DROP, A_FILESTORE):
# Rules transformation
trans_rules = ruleset.rules_transformation.filter(ruletransformation__value=trans.value).all()
if len(trans_rules):
trans_rules_t = RuleTable(trans_rules.order_by('sid'))
tables.RequestConfig(request).configure(trans_rules_t)
ctx_lb = '%s_rules' % trans.value if trans != S_SUPPRESSED else 'disabled_rules'
context[ctx_lb] = trans_rules_t
# Categories Transformation
if trans != S_SUPPRESSED: # SUPPRESSED cannot be applied on categories
trans_categories = ruleset.categories_transformation.filter(categorytransformation__value=trans.value).all()
if len(trans_categories):if thresholds:
thresholds = RulesetThresholdTable(thresholds)
tables.RequestConfig(request).configure(thresholds)
context['thresholds'] = thresholds
suppress = Threshold.objects.filter(ruleset = ruleset, threshold_type = 'suppress')
if suppress:
suppress = RulesetSuppressTable(suppress)
tables.RequestConfig(request).configure(suppress)
context['suppress'] = suppress
# Error
if error:
context['error'] = error
S_SUPPRESSED = Transformation.S_SUPPRESSED
A_REJECT = Transformation.A_REJECT
A_DROP = Transformation.A_DROP
A_FILESTORE = Transformation.A_FILESTORE
for trans in (S_SUPPRESSED, A_REJECT, A_DROP, A_FILESTORE):
# Rules transformation
trans_rules = ruleset.rules_transformation.filter(ruletransformation__value=trans.value).all()
if len(trans_rules):
trans_rules_t = RuleTable(trans_rules.order_by('sid'))
tables.RequestConfig(request).configure(trans_rules_t)
ctx_lb = '%s_rules' % trans.value if trans != S_SUPPRESSED else 'disabled_rules'
context[ctx_lb] = trans_rules_t
# Categories Transformation
if trans != S_SUPPRESSED: # SUPPRESSED cannot be applied on categories
trans_categories = ruleset.categories_transformation.filter(categorytransformation__value=trans.value).all()def switch_rule(request, rule_id, operation = 'disable'):
rule_object = get_object_or_404(Rule, sid=rule_id)
if not request.user.is_staff:
context = { 'rule': rule_object, 'operation': operation, 'error': 'Unsufficient permissions' }
return scirius_render(request, 'rules/disable_rule.html', context)
if request.method == 'POST': # If the form has been submitted...
form = RulesetSuppressForm(request.POST)
if form.is_valid(): # All validation rules pass
rulesets = form.cleaned_data['rulesets']
for ruleset in rulesets:
suppressed_rules = ruleset.get_transformed_rules(key=Transformation.SUPPRESSED,
value=Transformation.S_SUPPRESSED).values_list('pk', flat=True)
if rule_object.pk not in suppressed_rules and operation == 'disable' :
rule_object.disable(ruleset, user = request.user, comment=form.cleaned_data['comment'])
elif rule_object.pk in suppressed_rules and operation == 'enable':
rule_object.enable(ruleset, user = request.user, comment=form.cleaned_data['comment'])
ruleset.save()
return redirect(rule_object)
else:
form = RulesetSuppressForm()
context = { 'rule': rule_object, 'form': form }
rulesets = Ruleset.objects.all()
for ruleset in rulesets:
ruleset.deps_rules = rule_object.get_dependant_rules(ruleset)
context['rulesets'] = rulesets
context['operation'] = operation
return scirius_render(request, 'rules/disable_rule.html', context)# TODO: move me in settings.RULESET_TRANSFORMATIONS
allowed_choices.append((A_BYPASS.value, A_BYPASS.name.title()))
allowed_choices.append((A_NONE.value, A_NONE.name.title()))
if key == TARGET:
CAT_DEFAULT = Transformation.T_CAT_DEFAULT
RULESET_DEFAULT = Transformation.T_RULESET_DEFAULT
allowed_choices = list(Transformation.TargetTransfoType.get_choices())
allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))
if key == LATERAL:
CAT_DEFAULT = Transformation.L_CAT_DEFAULT
RULESET_DEFAULT = Transformation.L_RULESET_DEFAULT
allowed_choices = list(Transformation.LateralTransfoType.get_choices())
allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))
L_YES = Transformation.L_YES
L_AUTO = Transformation.L_AUTO
return tuple(allowed_choices)def create(self, request, *args, **kwargs):
kwargs['fields'] = dict(self._fields)
kwargs['action_type'] = self._action_type
comment = request.data.get('comment', None)
key = request.data.get('transfo_type')
value = request.data.get('transfo_value')
trans_ok = key in Transformation.AVAILABLE_MODEL_TRANSFO and value in Transformation.AVAILABLE_MODEL_TRANSFO[key]
msg = ''
if trans_ok is False:
msg = '"%s" is not a valid choice.'
title = 'transfo_value'
type_ = value
values = Transformation.AVAILABLE_MODEL_TRANSFO.get(key, None)
if values is None:
title = 'transfo_type'
type_ = key
raise serializers.ValidationError({title: [msg % type_]})
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
# Check that transformation is allowed
if isinstance(self, RuleTransformationViewSet):
rule = serializer.validated_data['rule_transformation']
transfo_type = Transformation.Type(key)
choices_ = rule.get_transformation_choices(transfo_type)
choices = [choice[0] for choice in choices_]if key == Transformation.ACTION:
if value == Transformation.A_REJECT:
content = re.sub("^ *\S+", "reject", content)
elif value == Transformation.A_DROP:
content = re.sub("^ *\S+", "drop", content)
elif value == Transformation.A_FILESTORE:
content = re.sub("; *\)", "; filestore;)", content)
elif value == Transformation.A_BYPASS:
if 'noalert' in content:
content = re.sub("; noalert;", "; noalert; bypass;", content)
else:
content = re.sub("; *\)", "; noalert; bypass;)", content)
content = re.sub("^ *\S+", "pass", content)
elif key == Transformation.LATERAL or key == Transformation.TARGET:
content = self.apply_lateral_target_transfo(content, key, value)
return contentallowed_choices = []
if key == ACTION:
all_choices_set = set(Transformation.ActionTransfoType.get_choices())
allowed_choices = list(all_choices_set.intersection(set(settings.RULESET_TRANSFORMATIONS)))
A_BYPASS = Transformation.A_BYPASS
A_NONE = Transformation.A_NONE
# TODO: move me in settings.RULESET_TRANSFORMATIONS
allowed_choices.append((A_BYPASS.value, A_BYPASS.name.title()))
allowed_choices.append((A_NONE.value, A_NONE.name.title()))
if key == TARGET:
CAT_DEFAULT = Transformation.T_CAT_DEFAULT
RULESET_DEFAULT = Transformation.T_RULESET_DEFAULT
allowed_choices = list(Transformation.TargetTransfoType.get_choices())
allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))
if key == LATERAL:
CAT_DEFAULT = Transformation.L_CAT_DEFAULT
RULESET_DEFAULT = Transformation.L_RULESET_DEFAULT
allowed_choices = list(Transformation.LateralTransfoType.get_choices())
allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))
L_YES = Transformation.L_YES
L_AUTO = Transformation.L_AUTOrules
Awesome Django authorization, without the database
Package Health Score
77 / 100Popular rules functions
- rules.add_perm
- rules.ContextualRule.makeContextualRule
- rules.contrib.views.permission_required
- rules.contrib.views.PermissionRequiredMixin
- rules.emacs.Cmd.Cmd
- rules.emacs.Cmd.runEmacsCmd
- rules.emacs.common.emacsDefaults
- rules.emacs.common.emacsExtras
- rules.Location
- rules.logger.debug
- rules.logger.info
- rules.models.Category.objects.filter
- rules.models.Rule
- rules.models.Ruleset.objects.all
- rules.models.Transformation
- rules.models.UserAction.create
- rules.models.YaraRule
- rules.predicate
- rules.REST_filters.YaraRuleFilter
- rules.Rules