forked from certsocietegenerale/FIR
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfiles.py
More file actions
102 lines (82 loc) · 3.43 KB
/
files.py
File metadata and controls
102 lines (82 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import mimetypes
import os
import zipfile
from io import BytesIO
from django.conf import settings
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse, Http404, HttpResponseRedirect
from django.shortcuts import get_object_or_404
from django.core.files import File as FileWrapper
from fir_artifacts import Hash
from fir_artifacts.models import File, Artifact
def do_upload_file(request, content_type, object_id):
if request.method == 'POST':
object_type = ContentType.objects.get(pk=content_type)
obj = get_object_or_404(object_type.model_class(), pk=object_id)
if not request.user.has_perm('incidents.handle_incidents', obj=obj):
raise PermissionDenied()
descriptions = request.POST.getlist('description')
files = request.FILES.getlist('file')
if len(descriptions) == len(files): # consider this as a valid upload form?
for i, file in enumerate(files):
handle_uploaded_file(file, descriptions[i], obj)
return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
def handle_uploaded_file(file, description, obj):
f = File()
f.description = description
f.file = file
f.content_object = obj
f.save()
hashes = f.get_hashes()
for h in hashes:
try:
a = Artifact.objects.get(value=hashes[h])
a.save()
except Exception:
a = Artifact()
a.type = Hash.key
a.value = hashes[h]
a.save()
a.relations.add(obj)
f.hashes.add(a)
f.save()
return f
def do_download(request, file_id):
f = get_object_or_404(File, pk=file_id)
if not request.user.has_perm('incidents.view_incidents', obj=f.get_related()):
raise PermissionDenied()
wrapper = FileWrapper(f.file)
content_type = mimetypes.guess_type(f.file.name)
response = HttpResponse(wrapper, content_type=content_type)
response['Content-Disposition'] = 'attachment; filename=%s' % (f.getfilename())
response['Content-Length'] = os.path.getsize(str(f.file.file))
return response
def do_download_archive(request, content_type, object_id):
object_type = ContentType.objects.get(pk=content_type)
obj = get_object_or_404(object_type.model_class(), pk=object_id)
if not request.user.has_perm('incidents.view_incidents', obj=obj):
raise PermissionDenied()
if obj.file_set.count() == 0:
raise Http404
temp = BytesIO()
with zipfile.ZipFile(temp, 'w', zipfile.ZIP_DEFLATED) as archive:
media_root = settings.MEDIA_ROOT
for file in obj.file_set.all():
path = os.path.join(media_root, file.file.path)
archive.write(path, os.path.basename(path))
file_size = temp.tell()
temp.seek(0)
wrapper = FileWrapper(temp)
response = HttpResponse(wrapper, content_type='application/zip')
response['Content-Disposition'] = 'attachment; filename=archive_%s_%s.zip' % (object_type.model, object_id)
response['Content-Length'] = file_size
return response
def do_remove_file(request, file_id):
if request.method == "POST":
f = get_object_or_404(File, pk=file_id)
if not request.user.has_perm('incidents.handle_incidents', obj=f.get_related()):
raise PermissionDenied()
f.file.delete()
f.delete()
return HttpResponseRedirect(request.META.get('HTTP_REFERER'))