Merge pull request #433 from intelowlproject/develop

1.4.0

Author: mlodic

README.md

@@ -6,7 +6,6 @@
 [![Twitter Follow](https://img.shields.io/twitter/follow/intel_owl?style=social)](https://twitter.com/intel_owl)
 [![Linkedin](https://img.shields.io/badge/LinkedIn-0077B5?style=flat&logo=linkedin&logoColor=white)](https://www.linkedin.com/company/intelowl/)
 
-[![CodeFactor](https://www.codefactor.io/repository/github/intelowlproject/greedybear/badge)](https://www.codefactor.io/repository/github/intelowlproject/greedybear)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Imports: isort](https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat&labelColor=ef8336)](https://pycqa.github.io/isort/)
 [![CodeQL](https://github.com/intelowlproject/GreedyBear/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/intelowlproject/GreedyBear/actions/workflows/codeql-analysis.yml)

api/serializers.py

@@ -1,6 +1,8 @@
 import logging
 import re
+from functools import cache
 
+from django.core.exceptions import FieldDoesNotExist
 from greedybear.consts import REGEX_DOMAIN, REGEX_IP
 from greedybear.models import IOC, GeneralHoneypot
 from rest_framework import serializers
@@ -47,37 +49,85 @@ def validate(self, data):
         return data
 
 
-def feed_type_validation(feed_type):
-    feed_choices = ["log4j", "cowrie", "all"]
-    generalHoneypots = GeneralHoneypot.objects.all().filter(active=True)
-    feed_choices.extend([hp.name.lower() for hp in generalHoneypots])  # FEEDS
+def feed_type_validation(feed_type: str, valid_feed_types: frozenset) -> str:
+    """Validates that a given feed type exists in the set of valid feed types.
 
-    if feed_type not in feed_choices:
-        logger.info(f"Feed type {feed_type} not in feed_choices {feed_choices}")
-        raise serializers.ValidationError("Invalid feed_type")
+    Args:
+        feed_type (str): The feed type to validate
+        valid_feed_types (frozenset): Set of allowed feed type values
+
+    Returns:
+        str: The validated feed type string, unchanged
+
+    Raises:
+        serializers.ValidationError: If feed_type is not found in valid_feed_types
+    """
+    if feed_type not in valid_feed_types:
+        logger.info(f"Feed type {feed_type} not in feed_choices {valid_feed_types}")
+        raise serializers.ValidationError(f"Invalid feed_type: {feed_type}")
     return feed_type
 
 
-class FeedsSerializer(serializers.Serializer):
+@cache
+def ordering_validation(ordering: str) -> str:
+    """Validates that given ordering corresponds to a field in the IOC model.
+
+    Args:
+        ordering (str): The ordering to validate
+
+    Returns:
+        str: The validated ordering string, unchanged
+
+    Raises:
+        serializers.ValidationError: If ordering does not correspond to a field in the IOC model
+    """
+    if not ordering:
+        raise serializers.ValidationError("Invalid ordering: <empty string>")
+    # remove minus sign if present
+    field_name = ordering[1:] if ordering.startswith("-") else ordering
+    try:
+        IOC._meta.get_field(field_name)
+    except FieldDoesNotExist as exc:
+        raise serializers.ValidationError(f"Invalid ordering: {ordering}") from exc
+    return ordering
+
+
+class FeedsRequestSerializer(serializers.Serializer):
     feed_type = serializers.CharField(max_length=120)
     attack_type = serializers.ChoiceField(choices=["scanner", "payload_request", "all"])
-    age = serializers.ChoiceField(choices=["persistent", "recent"])
-    format = serializers.ChoiceField(choices=["csv", "json", "txt"], default="json")
+    max_age = serializers.IntegerField(min_value=1)
+    min_days_seen = serializers.IntegerField(min_value=1)
+    include_reputation = serializers.ListField(child=serializers.CharField(max_length=120))
+    exclude_reputation = serializers.ListField(child=serializers.CharField(max_length=120))
+    feed_size = serializers.IntegerField(min_value=1)
+    ordering = serializers.CharField(max_length=120)
+    verbose = serializers.ChoiceField(choices=["true", "false"])
+    paginate = serializers.ChoiceField(choices=["true", "false"])
+    format = serializers.ChoiceField(choices=["csv", "json", "txt"])
 
     def validate_feed_type(self, feed_type):
-        logger.debug(f"FeedsSerializer - Validation feed_type: '{feed_type}'")
-        return feed_type_validation(feed_type)
+        logger.debug(f"FeedsRequestSerializer - validation feed_type: '{feed_type}'")
+        return feed_type_validation(feed_type, self.context["valid_feed_types"])
+
+    def validate_ordering(self, ordering):
+        logger.debug(f"FeedsRequestSerializer - validation ordering: '{ordering}'")
+        return ordering_validation(ordering)
 
 
 class FeedsResponseSerializer(serializers.Serializer):
     feed_type = serializers.CharField(max_length=120)
-    value = serializers.CharField(max_length=120)
+    value = serializers.CharField(max_length=256)
     scanner = serializers.BooleanField()
     payload_request = serializers.BooleanField()
     first_seen = serializers.DateField(format="%Y-%m-%d")
     last_seen = serializers.DateField(format="%Y-%m-%d")
-    times_seen = serializers.IntegerField()
+    attack_count = serializers.IntegerField(min_value=1)
+    interaction_count = serializers.IntegerField(min_value=1)
+    ip_reputation = serializers.CharField(allow_blank=True, max_length=32)
+    asn = serializers.IntegerField(allow_null=True, min_value=1)
+    destination_port_count = serializers.IntegerField(min_value=0)
+    login_attempts = serializers.IntegerField(min_value=0)
 
     def validate_feed_type(self, feed_type):
         logger.debug(f"FeedsResponseSerializer - validation feed_type: '{feed_type}'")
-        return feed_type_validation(feed_type)
+        return feed_type_validation(feed_type, self.context["valid_feed_types"])

api/urls.py

@@ -1,6 +1,6 @@
 # This file is a part of GreedyBear https://github.com/honeynet/GreedyBear
 # See the file 'LICENSE' for copying permission.
-from api.views import StatisticsViewSet, enrichment_view, feeds, feeds_pagination, general_honeypot_list
+from api.views import StatisticsViewSet, enrichment_view, feeds, feeds_advanced, feeds_pagination, general_honeypot_list
 from django.urls import include, path
 from rest_framework import routers
 
@@ -11,6 +11,7 @@
 # These come after /api/..
 urlpatterns = [
     path("feeds/", feeds_pagination),
+    path("feeds/advanced/", feeds_advanced),
     path("feeds/<str:feed_type>/<str:attack_type>/<str:age>.<str:format_>", feeds),
     path("enrichment", enrichment_view),
     path("general_honeypot", general_honeypot_list),