Beispiel #1
0
def migrate_exploits(self):
    """
    Create exploit objects from exploits on samples.
    """

    if not self.unsupported_attrs:
        return

    if 'exploit' not in self.unsupported_attrs:
        return

    from crits.exploits.handlers import add_new_exploit
    exploits = self.unsupported_attrs['exploit']
    for exp in exploits:

        # Create a new exploit object. Use the source and campaign from the
        # current sample. The "old" exploit format was a list of dictionaries
        # with the key of "cve" and a value that we will use for name and CVE.
        result = add_new_exploit(exp['cve'],
                                 cve=exp['cve'],
                                 source=self.source,
                                 campaign=self.campaign)
        if result['success']:
            self.add_relationship(result['object'],
                                  RelationshipTypes.RELATED_TO,
                                  rel_reason="Migrated")
            # Save the object after relationship was created.
            self.save()
        else:
            print "\n\tError migrating %s: %s" % (self.id, result['message'])
Beispiel #2
0
def migrate_exploits(self):
    """
    Create exploit objects from exploits on samples.
    """

    if not self.unsupported_attrs:
        return

    if 'exploit' not in self.unsupported_attrs:
        return

    from crits.exploits.handlers import add_new_exploit
    exploits = self.unsupported_attrs['exploit']
    for exp in exploits:
        print "Migrating exploit for %s" % self.id

        # Create a new exploit object. Use the source and campaign from the
        # current sample. The "old" exploit format was a list of dictionaries
        # with the key of "cve" and a value that we will use for name and CVE.
        result = add_new_exploit(exp['cve'],
                                 cve=exp['cve'],
                                 source=self.source,
                                 campaign=self.campaign)
        if result['success']:
            self.add_relationship(result['object'],
                                  "Related_To",
                                  rel_reason="Migrated")
            # Save the object after relationship was created.
            self.save()
        else:
            print "Error migrating %s: %s" % (self.id, result['message'])
Beispiel #3
0
    def obj_create(self, bundle, **kwargs):
        """
        Handles creating Exploits through the API.

        :param bundle: Bundle containing the information to create the Exploit.
        :type bundle: Tastypie Bundle object.
        :returns: HttpResponse object.
        """

        user = bundle.request.user
        data = bundle.data
        name = data.get('name', None)
        cve = data.get('cve', '')
        description = data.get('description', None)
        source = data.get('source', None)
        reference = data.get('reference', None)
        method = data.get('method', None)
        tlp = data.get('tlp', 'amber')
        campaign = data.get('campaign', None)
        confidence = data.get('confidence', None)
        bucket_list = data.get('bucket_list', None)
        ticket = data.get('ticket', None)

        if user.has_access_to(ExploitACL.WRITE):
            result = add_new_exploit(name,
                                     cve,
                                     description=description,
                                     source=source,
                                     source_method=method,
                                     source_reference=reference,
                                     source_tlp=tlp,
                                     campaign=campaign,
                                     confidence=confidence,
                                     user=user,
                                     bucket_list=bucket_list,
                                     ticket=ticket)
        else:
            result = {
                'success': False,
                'message': 'User does not have permission to create Object.'
            }

        content = {
            'return_code': 0,
            'type': 'Exploit',
            'message': result.get('message', ''),
            'id': result.get('id', '')
        }
        if result.get('id'):
            url = reverse('api_dispatch_detail',
                          kwargs={
                              'resource_name': 'exploits',
                              'api_name': 'v1',
                              'pk': result.get('id')
                          })
            content['url'] = url
        if not result['success']:
            content['return_code'] = 1
        self.crits_response(content)
Beispiel #4
0
def add_exploit(request):
    """
    Add a exploit. Should be an AJAX POST.

    :param request: Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST" and request.is_ajax():
        data = request.POST
        form = AddExploitForm(request.user, data)
        if form.is_valid():
            cleaned_data = form.cleaned_data
            name = cleaned_data['name']
            cve = cleaned_data['cve']
            description = cleaned_data['description']
            source = cleaned_data['source_name']
            reference = cleaned_data['source_reference']
            method = cleaned_data['source_method']
            tlp = cleaned_data['source_tlp']
            campaign = cleaned_data['campaign']
            confidence = cleaned_data['confidence']
            user = request.user
            bucket_list = cleaned_data.get(
                form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
            ticket = cleaned_data.get(form_consts.Common.TICKET_VARIABLE_NAME)
            related_id = cleaned_data['related_id']
            related_type = cleaned_data['related_type']
            relationship_type = cleaned_data['relationship_type']

            result = add_new_exploit(name,
                                     cve=cve,
                                     description=description,
                                     source=source,
                                     source_method=method,
                                     source_reference=reference,
                                     source_tlp=tlp,
                                     campaign=campaign,
                                     confidence=confidence,
                                     user=user,
                                     bucket_list=bucket_list,
                                     ticket=ticket,
                                     related_id=related_id,
                                     related_type=related_type,
                                     relationship_type=relationship_type)

            return HttpResponse(json.dumps(result, default=json_handler),
                                content_type="application/json")
        return HttpResponse(json.dumps({
            'success': False,
            'form': form.as_table()
        }),
                            content_type="application/json")
    return render_to_response("error.html", {'error': 'Expected AJAX/POST'},
                              RequestContext(request))
Beispiel #5
0
def add_exploit(request):
    """
    Add a exploit. Should be an AJAX POST.

    :param request: Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST" and request.is_ajax():
        data = request.POST
        form = AddExploitForm(request.user, data)
        if form.is_valid():
            cleaned_data = form.cleaned_data
            name = cleaned_data['name']
            cve = cleaned_data['cve']
            description = cleaned_data['description']
            source = cleaned_data['source_name']
            reference = cleaned_data['source_reference']
            method = cleaned_data['source_method']
            tlp = cleaned_data['source_tlp']
            campaign = cleaned_data['campaign']
            confidence = cleaned_data['confidence']
            user = request.user
            bucket_list = cleaned_data.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
            ticket = cleaned_data.get(form_consts.Common.TICKET_VARIABLE_NAME)
            related_id = cleaned_data['related_id']
            related_type = cleaned_data['related_type']
            relationship_type = cleaned_data['relationship_type']

            result = add_new_exploit(name,
                                     cve=cve,
                                     description=description,
                                     source=source,
                                     source_method=method,
                                     source_reference=reference,
                                     source_tlp=tlp,
                                     campaign=campaign,
                                     confidence=confidence,
                                     user=user,
                                     bucket_list=bucket_list,
                                     ticket=ticket,
                                     related_id=related_id,
                                     related_type=related_type,
                                     relationship_type=relationship_type)

            return HttpResponse(json.dumps(result, default=json_handler),
                                content_type="application/json")
        return HttpResponse(json.dumps({'success': False,
                                        'form':form.as_table()}),
                            content_type="application/json")
    return render_to_response("error.html",
                              {'error': 'Expected AJAX/POST'},
                              RequestContext(request))
Beispiel #6
0
    def obj_create(self, bundle, **kwargs):
        """
        Handles creating Exploits through the API.

        :param bundle: Bundle containing the information to create the Exploit.
        :type bundle: Tastypie Bundle object.
        :returns: HttpResponse object.
        """

        user = bundle.request.user
        data = bundle.data
        name = data.get('name', None)
        cve = data.get('cve', '')
        description = data.get('description', None)
        source = data.get('source', None)
        reference = data.get('reference', None)
        method = data.get('method', None)
        tlp = data.get('tlp', 'amber')
        campaign = data.get('campaign', None)
        confidence = data.get('confidence', None)
        bucket_list = data.get('bucket_list', None)
        ticket = data.get('ticket', None)

        if user.has_access_to(ExploitACL.WRITE):
            result = add_new_exploit(name,
                                     cve,
                                     description=description,
                                     source=source,
                                     source_method=method,
                                     source_reference=reference,
                                     source_tlp=tlp,
                                     campaign=campaign,
                                     confidence=confidence,
                                     user=user,
                                     bucket_list=bucket_list,
                                     ticket=ticket)
        else:
            result = {'success':False,
                      'message':'User does not have permission to create Object.'}

        content = {'return_code': 0,
                   'type': 'Exploit',
                   'message': result.get('message', ''),
                   'id': result.get('id', '')}
        if result.get('id'):
            url = reverse('api_dispatch_detail',
                          kwargs={'resource_name': 'exploits',
                                  'api_name': 'v1',
                                  'pk': result.get('id')})
            content['url'] = url
        if not result['success']:
            content['return_code'] = 1
        self.crits_response(content)