def get_or_create_domain_name_for_organization(db_session=None, name=None, added_by="user", org_uuid=None):
"""
Get a domain name representing the given input data as owned by the given organization. If a matching
domain name does not exist, then one is created.
:param db_session: A SQLAlchemy session.
:param name: The name to associate with the domain name.
:param added_by: How the domain was added to the database.
:param org_uuid: The UUID of the organization to get the domain from.
:return: A DomainName owned by the given organization representing the given data.
"""
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
name = ConversionHelper.string_to_unicode(name)
added_by = ConversionHelper.string_to_unicode(added_by)
new_domain_name = create_domain_for_organization(org_uuid=org_uuid, name=name, added_by=added_by)
try:
db_session.add(new_domain_name)
db_session.commit()
return new_domain_name
except sqlalchemy.exc.IntegrityError as e:
if not is_unique_constraint_exception(e):
raise e
db_session.rollback()
return get_domain_by_name_from_organization(
db_session=db_session,
name=name,
org_uuid=org_uuid,
)
def create_new_web_service(
network_service_uuid=None,
db_session=None,
host_name=None,
ip_address=None,
port=None,
use_ssl=None,
):
"""
Create a new WebService, populate it with the necessary fields, and return it.
:param network_service_uuid: The UUID of the NetworkService that this WebService is a parent of.
:param db_session: A SQLAlchemy session.
:param host_name: The hostname to associate with the Web Service.
:param ip_address: The IP address where the WebService resides.
:param port: The port where the WebService resides.
:param use_ssl: Whether or not the web service is accessed over SSL.
:return: The newly-created WebService.
"""
network_service_uuid = ConversionHelper.string_to_unicode(
network_service_uuid)
host_name = ConversionHelper.string_to_unicode(host_name)
new_service = WebService.new(
host_name=host_name,
network_service_id=network_service_uuid,
ip_address=ip_address,
port=port,
ssl_enabled=use_ssl,
scanning_status=False,
)
db_session.add(new_service)
return new_service
def get_domain_by_name_from_organization(db_session=None, name=None, org_uuid=None):
"""
Get a domain name owned by the given organization matching the given name.
:param db_session: A SQLAlchemy session.
:param name: The name of the domain to retrieve.
:param org_uuid: The UUID of the organization that owns the domain name.
:return: a domain name owned by the given organization matching the given name.
"""
name = ConversionHelper.string_to_unicode(name)
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
return db_session.query(DomainName)\
.filter(DomainName.name == name)\
.filter(DomainName.organization_id == org_uuid)\
.one()
def get_web_service_from_network_service(network_service_uuid=None, host_name=None, db_session=None, use_ssl=None):
"""
Get a WebService from the given NetworkService with the given hostname.
:param network_service_uuid: The UUID of the NetworkService to query against.
:param host_name: The hostname to look for.
:param db_session: A SQLAlchemy session.
:return: A WebService from the given NetworkService with the given hostname.
"""
network_service_uuid = ConversionHelper.string_to_unicode(network_service_uuid)
host_name = ConversionHelper.string_to_unicode(host_name)
return db_session.query(WebService)\
.filter(WebService.network_service_id == network_service_uuid)\
.filter(WebService.host_name == host_name)\
.filter(WebService.ssl_enabled == use_ssl)\
.one()
def get_or_create_network_for_organization(
db_session=None,
name=None,
added_by="user",
org_uuid=None,
address=None,
mask_length=None,
nest_transaction=False,
):
"""
Get or create a network for the given organization that matches the given address and CIDR
range.
:param db_session: A SQLAlchemy session to use to query the database.
:param name: The name to associate with the network.
:param added_by: A string depicting how the network was added.
:param org_uuid: The UUID of the organization to associate the network with.
:param address: The IP address to associate with the network.
:param mask_length: The CIDR mask length for the network.
:param nest_transaction: Whether or not to nest the SQLAlchemy transaction.
:return: A network representing the data passed to this method associated with the given
organization.
"""
if nest_transaction:
db_session.begin_nested()
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
name = ConversionHelper.string_to_unicode(name)
added_by = ConversionHelper.string_to_unicode(added_by)
new_network = create_network_for_organization(
name=name,
address=address,
mask_length=mask_length,
org_uuid=org_uuid,
added_by=added_by,
)
try:
db_session.add(new_network)
db_session.commit()
return new_network
except sqlalchemy.exc.IntegrityError as e:
if not is_unique_constraint_exception(e):
raise e
db_session.rollback()
return get_network_by_range_for_organization(
db_session=db_session,
address=address,
mask_length=mask_length,
org_uuid=org_uuid,
)
def get_latest_network_service_scan_uuids_for_organization(
org_uuid=None, db_session=None):
"""
Get a list of all of the most recent network service scans for the given organization.
:param org_uuid: The UUID of the organization to retrieve network service scans for.
:param db_session: A SQLAlchemy session.
:return: A list of all of the most recent network service scans for the given organization.
"""
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
results = db_session.query(NetworkServiceScan.uuid, NetworkServiceScan.ended_at)\
.join(NetworkService, NetworkServiceScan.network_service_id == NetworkService.uuid)\
.join(IpAddress, NetworkService.ip_address_id == IpAddress.uuid)\
.join(Network, IpAddress.network_id == Network.uuid)\
.join(Organization, Network.organization_id == Organization.uuid)\
.filter(Organization.uuid == org_uuid)\
.filter(NetworkServiceScan.ended_at != None)\
.all()
to_return = {}
for scan_uuid, scan_ended_time in results:
if scan_uuid not in to_return:
to_return[scan_uuid] = scan_ended_time
else:
if scan_ended_time > to_return[scan_uuid]:
to_return[scan_uuid] = scan_ended_time
return to_return.keys()
def create_network_for_organization(name=None,
address=None,
mask_length=None,
org_uuid=None):
"""
Create and return a new Network object that's been associated with the given organization.
:param name: The name to associate with the network.
:param address: The address to associate with the network.
:param mask_length: The mask length to associate with the network.
:param org_uuid: The UUID of the organization to add the network to.
:return: The newly-created Network.
"""
if name is None:
name = "Auto-gen Network %s" % (
RandomHelper.get_random_token_of_length(10))
cidr_wrapper = CidrRangeWrapper.from_cidr_range(address=address,
mask_length=mask_length)
address = ConversionHelper.ipv4_to_class_c_prefix(address)
return Network.new(
name=name,
address=address,
mask_length=mask_length,
organization_id=org_uuid,
scanning_enabled=True,
added_by="ws",
endpoint_count=pow(2, 32 - mask_length),
cidr_range=cidr_wrapper.parsed_cidr_range,
times_scanned=0,
)
def populate_from_x509_certificate(cls,
certificate=None,
cert_output_type=crypto.FILETYPE_PEM,
to_populate=None):
"""
Populate the contents of to_populate based on the contents of the given SSL certificate.
:param certificate: The SSL certificate to process.
:param cert_output_type: The SSL certificate type.
:param to_populate: The Elasticsearch model to populate.
:return: The updated model.
"""
cert_subject = certificate.get_subject()
certificate_contents = {
"country":
cert_subject.C,
"state":
cert_subject.ST,
"locality":
cert_subject.L,
"organization":
cert_subject.O,
"organizational_unit":
cert_subject.OU,
"common_name":
cert_subject.CN,
"certificate_hash":
ConversionHelper.ssl_certificate_to_hash(
certificate=certificate,
output_type=cert_output_type,
)
}
for k, v in certificate_contents.iteritems():
setattr(to_populate, k, v)
return to_populate
def get_organization_flags_by_applies_to(db_session=None,
applies_to=None,
org_uuid=None):
"""
Get all of the organization flag objects in the database that apply to the given string.
:param db_session: A SQLAlchemy session.
:param applies_to: A string describing the type of Elasticsearch data that the flags apply to.
:param org_uuid: The UUID of the organization to retrieve organization flags for.
:return: A list containing all of the organization flag objects in the database that apply to the
given string.
"""
applies_to = ConversionHelper.string_to_unicode(applies_to)
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
return db_session.query(OrganizationFlag) \
.filter(OrganizationFlag.applies_to == applies_to) \
.filter(OrganizationFlag.organization_id == org_uuid) \
.all()
def type(self):
"""
Get a constant representing the MIME type that the wrapped string represents.
:return: a constant representing the MIME type that the wrapped string represents.
"""
if self._type is None:
self._type = ConversionHelper.mime_wrapper_to_mime_type(self)
return self._type
def get_or_create_network_service_from_org_ip(
ip_uuid=None,
port=None,
protocol=None,
db_session=None,
discovered_by="network scan",
):
"""
Get an NetworkService from the given IpAddress matching the given port and
protocol if such an IP address object exists. If it does not, create and return it. This method makes
use of the database unique constraint to address race conditions.
:param ip_uuid: The UUID of the IpAddress to query.
:param port: The port to query.
:param protocol: The protocol to query.
:param db_session: A SQLAlchemy session.
:param discovered_by: How the network service was discovered.
:return: An IpAddress for the given port, protocol, and IpAddress.
"""
ip_uuid = ConversionHelper.string_to_unicode(ip_uuid)
protocol = ConversionHelper.string_to_unicode(protocol)
new_network_service = NetworkService.new(
ip_address_id=ip_uuid,
port=port,
protocol=protocol,
is_monitored=False,
scanning_status=False,
discovered_by=discovered_by,
)
try:
db_session.add(new_network_service)
db_session.commit()
return new_network_service
except sqlalchemy.exc.IntegrityError as e:
if not is_unique_constraint_exception(e):
raise e
db_session.rollback()
return get_network_service_from_org_ip(
ip_uuid=ip_uuid,
port=port,
protocol=protocol,
db_session=db_session,
)
def create_domain_scan_for_domain(domain_uuid):
"""
Create and return a new DomainNameScan object associated with the given domain name.
:param domain_uuid: The UUID of the DomainName to associate the scan with.
:return: The newly-created DomainNameScan object.
"""
domain_uuid = ConversionHelper.string_to_unicode(domain_uuid)
return DomainNameScan.new(
domain_name_id=domain_uuid,
started_at=DatetimeHelper.now(),
)
def get_user_by_username(username=None, db_session=None):
"""
Get the WsUser object by the given username.
:param username: The username of the user to retrieve.
:param db_session: A SQLALchemy session.
:return: The WsUser object corresponding to the given username.
"""
username = ConversionHelper.string_to_unicode(username)
return db_session.query(WsUser)\
.filter(WsUser.username == username)\
.one_or_none()
def _populate_dummy(cls, to_populate):
from lib import WsFaker, RandomHelper
to_populate.ssl_version = WsFaker.get_ssl_version_name()
to_populate.pyopenssl_protocol = ConversionHelper.pyopenssl_protocol_name_from_ssl_version(
to_populate.ssl_version)
to_populate.supported = RandomHelper.flip_coin()
to_populate.accepted_ciphers = WsFaker.get_words()
to_populate.rejected_ciphers = WsFaker.get_words()
to_populate.errored_ciphers = WsFaker.get_words()
to_populate.preferred_cipher = WsFaker.get_words(1)[0]
return to_populate
def get_networks_for_organization(org_uuid=None, db_session=None):
"""
Get a list of all the Network objects owned by the given Organization.
:param org_uuid: The UUID of the Organization to retrieve networks for.
:param db_session: A SQLAlchemy session.
:return: A list of all the Network objects owned by the given Organization.
"""
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
return db_session.query(Network)\
.filter(Network.organization_id == org_uuid)\
.all()
def create_ip_address_scan_for_ip(ip_address_uuid):
"""
Create and return a new IP address scan associated with the given IP address.
:param ip_address_uuid: The UUID of the IP address to associate the scan with.
:return: A newly-created IP address scan associated with the given IP address.
"""
ip_address_uuid = ConversionHelper.string_to_unicode(ip_address_uuid)
return IpAddressScan.new(
ip_address_id=ip_address_uuid,
started_at=DatetimeHelper.now(),
)
def get_zmap_config_by_name(name=None, db_session=None):
"""
Retrieve the ZmapConfig object referenced by the given name.
:param name: The name to query for.
:param db_session: A SQLAlchemy session.
:return: The ZmapConfig referenced by name.
"""
name = ConversionHelper.string_to_unicode(name)
return db_session.query(ZmapConfig)\
.filter(ZmapConfig.name == name)\
.one_or_none()
def get_class_c_networks(self):
"""
Get a list of IPNetwork objects that represent the minimum number of class C networks
that cover all of the IP addresses found in the referenced CSV file.
:return: A list of IPNetwork objects that represent the minimum number of class C networks
that cover all of the IP addresses found in the referenced CSV file.
"""
live_ips = self.get_live_ips()
live_networks = [
ConversionHelper.ipv4_to_class_c(live_ip) for live_ip in live_ips
]
return [IPNetwork(x) for x in set(live_networks)]
def get_hash_fingerprints_for_es_attribute(db_session=None, es_attr=None):
"""
Get all of the HashFingerprint objects in the database that are associated with the given Elasticsearch
attribute.
:param db_session: A SQLAlchemy session.
:param es_attr: The Elasticsearch attribute to search for.
:return: A list containing all of the HashFingerprint objects in the database that are associated
with the given Elasticsearch attribute.
"""
es_attr = ConversionHelper.string_to_unicode(es_attr)
return db_session.query(HashFingerprint).filter(
HashFingerprint.es_attribute == es_attr).all()
def does_hash_fingerprint_exist(db_session=None, sha256_hash=None):
"""
Check to see whether a HashFingeprint object matching the given sha256 hash already exists.
:param db_session: A SQLAlchemy session.
:param sha256_hash: The hash to check against.
:return: True if a hash matching the given hash already exists, False otherwise.
"""
sha256_hash = ConversionHelper.string_to_unicode(sha256_hash)
result = db_session.query(func.count(HashFingerprint.uuid))\
.filter(HashFingerprint.hash == sha256_hash)\
.one()
return result[0] > 0
def get_default_flags_by_applies_to(db_session=None, applies_to=None):
"""
Get all of the default flag objects in the database that apply to the given string.
:param db_session: A SQLAlchemy session.
:param applies_to: A string describing the type of Elasticsearch data that the flags apply to.
:return: A list containing all of the default flag objects in the database that apply to the
given string.
"""
applies_to = ConversionHelper.string_to_unicode(applies_to)
return db_session.query(DefaultFlag)\
.filter(DefaultFlag.applies_to == applies_to)\
.all()
def get_monitored_network_ranges_for_order(order_uuid=None, db_session=None):
"""
Get all of the network ranges for the OrderNetwork objects associated with the given order.
:param order_uuid: The UUID of the order to retrieve network ranges for.
:param db_session: A SQLAlchemy session.
:return: A list containing all of the network ranges associated with the given order.
"""
order_uuid = ConversionHelper.string_to_unicode(order_uuid)
results = db_session.query(OrderNetwork.network_cidr)\
.filter(OrderNetwork.order_id == order_uuid)\
.all()
return [x[0] for x in results]
def does_nmap_config_name_exist(name=None, db_session=None):
"""
Check to see whether a NmapConfig with the given name already exists.
:param name: The name to check for.
:param db_session: A SQLAlchemy session.
:return: True if an NmapConfig with the given name already exists, False otherwise.
"""
name = ConversionHelper.string_to_unicode(name)
result = db_session.query(func.count(NmapConfig.uuid))\
.filter(NmapConfig.name == name)\
.one()
return result[0] > 0
def get_address_from_ip_address(ip_address_uuid=None, db_session=None):
"""
Get the IP address from the database record referenced by ip_address_uuid.
:param ip_address_uuid: The UUID of the IpAddress to query.
:param db_session: A SQLAlchemy session.
:return: The IP address associated with the given IpAddress record.
"""
ip_address_uuid = ConversionHelper.string_to_unicode(ip_address_uuid)
result = db_session.query(IpAddress.address)\
.filter(IpAddress.uuid == ip_address_uuid)\
.one()
return result[0]
def get_name_from_domain(db_session=None, domain_uuid=None):
"""
Get the name associated with the given domain name object.
:param db_session: A SQLAlchemy session.
:param domain_uuid: The UUID of the domain name to retrieve the name from.
:return: A string representing the name associated with the given domain name.
"""
domain_uuid = ConversionHelper.string_to_unicode(domain_uuid)
result = db_session.query(DomainName.name)\
.filter(DomainName.uuid == domain_uuid)\
.one()
return result[0]
def get_user_activation_token(user_uuid=None, db_session=None):
"""
Get the activation token associated with the given user.
:param user_uuid: The UUID of the user to retrieve the activation token for.
:param db_session: A SQLAlchemy session.
:return: The activation token value associated with the given user.
"""
user_uuid = ConversionHelper.string_to_unicode(user_uuid)
result = db_session.query(WsUser.email_registration_code)\
.filter(WsUser.uuid == user_uuid)\
.one()
return result[0]
def get_organization_by_uuid(org_uuid=None, db_session=None):
"""
Get the organization referenced by the given UUID if such an organization exists, otherwise None.
:param org_uuid: The UUID of the organization to retrieve.
:param db_session: A SQLAlchemy session.
:return: The organization referenced by the given UUID if such an organization exists,
otherwise None.
"""
org_uuid = ConversionHelper.string_to_unicode(org_uuid)
return db_session.query(Organization)\
.filter(Organization.uuid == org_uuid)\
.one_or_none()
def get_web_service_report_from_web_service(web_service_uuid=None, db_session=None):
"""
Retrieve a WebServiceReport from the database that's related to the given web service.
:param web_service_uuid: The UUID of the web service to retrieve a WebServiceReport for.
:param db_session: A SQLAlchemy session.
:return: A WebServiceReport related to the given web service.
"""
web_service_uuid = ConversionHelper.string_to_unicode(web_service_uuid)
return db_session.query(WebServiceReport)\
.join(WebService, WebServiceReport.web_service_id == WebService.uuid)\
.filter(WebService.uuid == web_service_uuid)\
.one()
def get_user_uuid_by_username(username=None, db_session=None):
"""
Get the UUID of the given WsUser object by the given username.
:param username: The username of the user to retrieve the UUID for.
:param db_session: A SQLAlchemy session.
:return: The UUID of user corresponding to username if such a user exists, otherwise None.
"""
username = ConversionHelper.string_to_unicode(username)
results = db_session.query(WsUser.uuid)\
.filter(WsUser.username == username)\
.one_or_none()
return results[0] if results is not None else None
def get_or_create_ip_address_from_org_network(
network_uuid=None,
address=None,
address_type=None,
db_session=None,
):
"""
Get an IpAddress from the given network matching the given address and address_type if
such an IP address record exists. If it does not, create it. This method makes use of a database unique
constraint to address race conditions.
:param network_uuid: The UUID of the network to retrieve the IP address from.
:param address: The IP address.
:param address_type: The IP address type.
:param db_session: A SQLAlchemy session.
:return: An IpAddress for the given network with the given address and address type.
"""
network_uuid = ConversionHelper.string_to_unicode(network_uuid)
address = ConversionHelper.string_to_unicode(address)
address_type = ConversionHelper.string_to_unicode(address_type)
new_ip_address = IpAddress.new(
network_id=network_uuid,
address=address,
address_type=address_type,
is_monitored=False,
scanning_status=False,
)
try:
db_session.add(new_ip_address)
db_session.commit()
return new_ip_address
except sqlalchemy.exc.IntegrityError as e:
if not is_unique_constraint_exception(e):
raise e
db_session.rollback()
return get_ip_address_from_org_network(
network_uuid=network_uuid,
address=address,
address_type=address_type,
db_session=db_session,
)