def edit(ttp_id): logging_prefix = logger_prefix + "edit({}) - ".format(ttp_id) log.info(logging_prefix + "Starting") error = None try: editors = None search_form = forms.searchForm() if request.method == 'POST': form = forms.ttpForm(request.form) #trick the form validation into working with our dynamic drop downs for sub_form in form.ttp_class: sub_form.a_id.choices = fetch_child_data( 'tpx_classification', sub_form.a_family.data) #convert the field that lists the related_element_choices #choices = [] #rec = json.loads(form.related_element_choices.data) #for k,v in rec.items(): #choices.append((v,k)) if form.validate(): log.info(logging_prefix + "Edit Detected") #convert the form to ES format form_to_es(form, ttp_id) #rebuild the form from ES form, editors = es_to_form(ttp_id) flash("TTP Update Successful!", "success") else: #if there was an error print the error dictionary to the console # temporary help, these should also appear under the form field print(form.errors) else: form, editors = es_to_form(ttp_id) except Exception as e: error = "There was an error completing your request. Details: {}".format( e) flash(error, 'danger') log.exception(logging_prefix + error) form = forms.ttpForm() #render the template, passing the variables we need # templates live in the templates folder return render_template("ttp.html", page_title="Edit TTP", role="EDIT", ttp_id=ttp_id, form=form, editors=editors, search_form=search_form)
def view(ttp_id): logging_prefix = logger_prefix + "view({}) - ".format(ttp_id) log.info(logging_prefix + "Starting") editors = None try: form, editors = es_to_form(ttp_id) search_form = forms.searchForm() except Exception as e: error = "There was an error completing your request. Details: {}".format( e) flash(error, 'danger') log.exception(logging_prefix + error) form = forms.ttpForm() #render the template, passing the variables we need # templates live in the templates folder return render_template("ttp.html", page_title="View TTP", role="VIEW", ttp_id=ttp_id, form=form, editors=editors, search_form=search_form)
def es_to_form(ttp_id): form = forms.ttpForm() #get the values from ES results = get_es().get(ES_PREFIX + "threat_ttps", doc_type="ttp", id=ttp_id) #store certain fields from ES, so this form can be used in an update form.doc_index.data = results['_index'] form.doc_type.data = results['_type'] ttp_data = results['_source'] form.ttp_name.data = ttp_data['name'] form.ttp_first_observed.data = datetime.strptime(ttp_data['created_s'], "%Y-%m-%dT%H:%M:%S") form.ttp_description.data = ttp_data['description'] form.ttp_criticality.data = int(ttp_data['criticality']) idx = 0 for entry in range(len(form.ttp_class.entries)): form.ttp_class.pop_entry() for i in multikeysort(ttp_data['classification'], ['family', 'id']): ttp_class_form = forms.TPXClassificationForm() ttp_class_form.a_family = i['family'] ttp_class_form.a_id = i['id'] form.ttp_class.append_entry(ttp_class_form) #set the options since this select is dynamic form.ttp_class[idx].a_id.choices = fetch_child_data( 'tpx_classification', i['family']) idx += 1 if ttp_data['related_actor']: for entry in range(len(form.ttp_actors.entries)): form.ttp_actors.pop_entry() for i in multikeysort(ttp_data['related_actor'], ['name', 'id']): sub_form = forms.RelatedActorsForm() sub_form.data = i['id'] + ":::" + i['name'] form.ttp_actors.append_entry(sub_form) if ttp_data['related_report']: for entry in range(len(form.ttp_reports.entries)): form.ttp_reports.pop_entry() for i in multikeysort(ttp_data['related_report'], ['name', 'id']): sub_form = forms.RelatedReportsForm() sub_form.data = i['id'] + ":::" + i['name'] form.ttp_reports.append_entry(sub_form) if ttp_data['related_ttp']: for entry in range(len(form.ttp_ttps.entries)): form.ttp_ttps.pop_entry() for i in multikeysort(ttp_data['related_ttp'], ['name', 'id']): sub_form = forms.RelatedTTPsForm() sub_form.data = i['id'] + ":::" + i['name'] form.ttp_ttps.append_entry(sub_form) #convert editor dictionary of ids and times to names and times editors = get_editor_names(get_mysql(), ttp_data['editor']) return form, editors
def add(template=None): logging_prefix = logger_prefix + "add({}) - ".format(template) log.info(logging_prefix + "Starting") try: form = forms.ttpForm(request.form) search_form = forms.searchForm() if request.method == 'POST': #trick the form validation into working with our dynamic drop downs for sub_form in form.ttp_class: sub_form.a_id.choices = fetch_child_data( 'tpx_classification', sub_form.a_family.data) #convert the field that lists the related_element_choices #choices = [] #rec = json.loads(form.related_element_choices.data) #for k,v in rec.items(): #choices.append((v,k)) if form.validate(): log.info(logging_prefix + "Add Detected") #create a ttp id ttp_id = str(uuid.uuid4()) #convert the form to ES format form_to_es(form, ttp_id) #rebuild the form from ES form, editors = es_to_form(ttp_id) flash( Markup( '<a href="/ttp/view/' + ttp_id + '" style="text-decoration:none; color:#3c763d;">New TTP Successfully Added. Click here to view this TTP</a>' ), "success") else: #if there was an error print the error dictionary to the console # temporary help, these should also appear under the form field print(form.errors) elif template: form, editors = es_to_form(template) else: #populate certain fields with default data form.ttp_class[0].a_family.data = 'Actors' form.ttp_class[0].a_id.choices = fetch_child_data( 'tpx_classification', 'Actors') except Exception as e: error = "There was an error completing your request. Details: {}".format( e) flash(error, 'danger') log.exception(logging_prefix + error) return render_template("ttp.html", page_title="Add New TTP", role="ADD", form=form, search_form=search_form)