Beispiel #1
0
 def test_10(self):
     """
     Test a query. Should match just the APT1 report.
     """
     test = tdq.Test(capability_id=tdq.CM_CORE,
                     relationship=R_EQUALS,
                     parameters={
                         P_VALUE: 'Unit 61398',
                         P_MATCH_TYPE: 'case_sensitive_string'
                     })
     criterion = tdq.Criterion(
         target=
         'STIX_Package/Threat_Actors/Threat_Actor/Identity/Specification/PartyName/OrganisationName/SubDivisionName',
         test=test)
     criteria = tdq.Criteria(OP_AND, criterion=[criterion])
     q = tdq.DefaultQuery(CB_STIX_XML_111, criteria)
     pp = tm11.PollParameters()
     pr = tm11.PollRequest(message_id=generate_message_id(),
                           collection_name='default',
                           poll_parameters=pp)
     #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
     msg = make_request('/services/test_poll_1/', pr.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_POLL_RESPONSE)
     if len(msg.content_blocks) != 1:
         raise ValueError('Got %s CBs' % len(msg.content_blocks))
Beispiel #2
0
def main():
    # Create the test portion of the query
    my_test = tdq.Test(capability_id=CM_CORE,
                       relationship=R_EQUALS,
                       parameters={P_VALUE: value,
                                   P_MATCH_TYPE: 'case_insensitive_string'}
                       )

    #Put the test into a Criterion
    my_criterion = tdq.Criterion(target=target, test=my_test)

    # Put the Criterion into a Criteria
    my_criteria = tdq.Criteria(operator=OP_AND,
                               criterion=[my_criterion], 
                               criteria=None)

    # Create a query with the criteria
    my_query = tdq.DefaultQuery(CB_STIX_XML_111, my_criteria)

    # Create a Poll Parameters that indicates
    # Only STIX 1.1.1 is accepted in response
    # and with the query created previously
    params = tm11.PollParameters(content_bindings=[tm11.ContentBinding(CB_STIX_XML_111)],
                                 query=my_query)

    poll_request = tm11.PollRequest(message_id=generate_message_id(),
                                    collection_name='file_hash_reputation',
                                    poll_parameters=params)

    print poll_request.to_xml(pretty_print=True)
def main():
    discovery_response = tm11.DiscoveryResponse(message_id=generate_message_id(),
                                                in_response_to='1')

    # Create a targeting expression info
    # indicating STIX XML 1.1.1 and that only
    # Hash Value targets are allowed
    my_tei = tdq.TargetingExpressionInfo(CB_STIX_XML_111,
                                         preferred_scope=['**/Simple_Hash_Value'],
                                         allowed_scope=None)

    my_supported_query = tdq.DefaultQueryInfo([my_tei], [CM_CORE])

    si = tm11.ServiceInstance(service_type=SVC_POLL,
                              services_version=VID_TAXII_SERVICES_11,
                              protocol_binding=VID_TAXII_HTTP_10,
                              service_address='http://example.com/poll-service/',
                              message_bindings=[VID_TAXII_XML_11],
                              available=True,
                              message='This is a File Hash Reputation Poll Service',
                              supported_query=[my_supported_query])

    discovery_response.service_instances.append(si)

    print discovery_response.to_xml(pretty_print=True)
    def handle_message(cls, inbox_service, inbox_message, django_request):
        """
        """

        collections = inbox_service.validate_destination_collection_names(None,  # Inbox 1.0 doesn't have a DCN
                                                                          inbox_message.message_id)

        # Store certain information about this Inbox Message in the database for bookkeeping
        inbox_message_db = models.InboxMessage.from_inbox_message_10(inbox_message,
                                                                     django_request,
                                                                     received_via=inbox_service)
        inbox_message_db.save()

        saved_blocks = 0
        for content_block in inbox_message.content_blocks:
            inbox_support_info = inbox_service.is_content_supported(content_block.content_binding)
            if inbox_support_info.is_supported is False:
                continue

            cls.save_content_block(content_block)
            saved_blocks += 1

        # Update the Inbox Message model with the number of ContentBlocks that were saved
        inbox_message_db.content_blocks_saved = saved_blocks
        inbox_message_db.save()

        # Create and return a Status Message indicating success
        status_message = tm11.StatusMessage(message_id=generate_message_id(),
                                            in_response_to=inbox_message.message_id,
                                            status_type=ST_SUCCESS)
        return status_message
    def handle_message(cls, inbox_service, inbox_message, django_request):
        """
        """

        collections = inbox_service.validate_destination_collection_names(
            None,  # Inbox 1.0 doesn't have a DCN
            inbox_message.message_id)

        # Store certain information about this Inbox Message in the database for bookkeeping
        inbox_message_db = models.InboxMessage.from_inbox_message_10(
            inbox_message, django_request, received_via=inbox_service)
        inbox_message_db.save()

        saved_blocks = 0
        for content_block in inbox_message.content_blocks:
            inbox_support_info = inbox_service.is_content_supported(
                content_block.content_binding)
            if inbox_support_info.is_supported is False:
                continue

            cls.save_content_block(content_block)
            saved_blocks += 1

        # Update the Inbox Message model with the number of ContentBlocks that were saved
        inbox_message_db.content_blocks_saved = saved_blocks
        inbox_message_db.save()

        # Create and return a Status Message indicating success
        status_message = tm11.StatusMessage(
            message_id=generate_message_id(),
            in_response_to=inbox_message.message_id,
            status_type=ST_SUCCESS)
        return status_message
Beispiel #6
0
 def test_01(self):
     """
     Sends an Inbox Message to an invalid URL. 
     Should get back a 404
     """
     inbox_message = tm11.InboxMessage(generate_message_id())
     msg = make_request(post_data = inbox_message.to_xml(), path='/Services/PathThatShouldNotWork/', expected_code = 404)
    def handle_message(cls, inbox_service, inbox_message, django_request):
        """
        Attempts to save all Content Blocks in the Inbox Message into the
        database.

        Workflow:
            #. Validate the request's Destination Collection Names against the InboxService model
            #. Create an InboxMessage model object for bookkeeping
            #. Iterate over each Content Block in the request:

             #. Identify which of the request's destination collections support the Content Block's Content Binding
             #. Call `save_content_block(tm11.ContentBlock, <list of Data Collections from 3a>)`

            #. Return Status Message with a Status Type of Success

        Raises:
            A StatusMessageException for errors
        """

        collections = inbox_service.validate_destination_collection_names(inbox_message.destination_collection_names,
                                                                          inbox_message.message_id)

        # Store certain information about this Inbox Message in the database for bookkeeping
        inbox_message_db = models.InboxMessage.from_inbox_message_11(inbox_message,
                                                                     django_request,
                                                                     received_via=inbox_service)
        inbox_message_db.save()

        # Iterate over the ContentBlocks in the InboxMessage and try to add
        # them to the database
        saved_blocks = 0
        for content_block in inbox_message.content_blocks:
            # 3a. Identify whether the InboxService supports the Content Block's Content Binding
            # TODO: Is this useful?
            inbox_support_info = inbox_service.is_content_supported(content_block.content_binding)

            supporting_collections = []
            for collection in collections:
                collection_support_info = collection.is_content_supported(content_block.content_binding)
                if collection_support_info.is_supported:
                    supporting_collections.append(collection)

            if len(supporting_collections) == 0 and not inbox_support_info.is_supported:
                # There's nothing to add this content block to
                continue

            cls.save_content_block(content_block, supporting_collections)

            saved_blocks += 1

        # Update the Inbox Message model with the number of ContentBlocks that were saved
        inbox_message_db.content_blocks_saved = saved_blocks
        inbox_message_db.save()

        # Create and return a Status Message indicating success
        status_message = tm11.StatusMessage(message_id=generate_message_id(),
                                            in_response_to=inbox_message.message_id,
                                            status_type=ST_SUCCESS)
        return status_message
Beispiel #8
0
 def test_01(self):
     """
     Send a collection information request, look to get a collection information response back
     """
     cir = tm11.CollectionInformationRequest(generate_message_id())
     msg = make_request(COLLECTION_MGMT_11_PATH, cir.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_COLLECTION_INFORMATION_RESPONSE)
Beispiel #9
0
    def create_poll_response(cls, poll_service, prp, content):
        """
        Creates a poll response.

        1. If the request's response type is "Count Only",
        a single poll response w/ more=False used.
        2. If the content size is less than the poll_service's
        max_result_size, a poll response w/ more=False is used.
        3. If the poll_service's max_result_size is blank,
        a poll response w/ more=False used.
        4. If the response type is "Full" and the total
        number of contents are greater than the
        poll_service's max_result_size, a ResultSet
        is created, and a PollResponse w/more=True is used.
        """

        content_count = len(content)

        # RT_COUNT_ONLY - Always use a single result
        # RT_FULL - Use a single response if
        #           poll_service.max_result_size is None or
        #           len(content) <= poll_service.max_result_size
        #           Use a Multi-Part response otherwise

        if (prp.response_type == RT_COUNT_ONLY
                or poll_service.max_result_size is None
                or content_count <= poll_service.max_result_size):

            poll_response = tm11.PollResponse(
                message_id=generate_message_id(),
                in_response_to=prp.message_id,
                collection_name=prp.collection.name,
                result_part_number=1,
                more=False,
                exclusive_begin_timestamp_label=prp.
                exclusive_begin_timestamp_label,
                inclusive_end_timestamp_label=prp.
                inclusive_end_timestamp_label,
                record_count=tm11.RecordCount(content_count, False))
            if prp.subscription:
                poll_response.subscription_id = prp.subscription.subscription_id

            if prp.response_type == RT_FULL:
                for c in content:
                    poll_response.content_blocks.append(
                        c.to_content_block_11())
        else:
            # Split into multiple result sets
            result_set = handlers.create_result_set(poll_service, prp, content)
            rsp_1 = models.ResultSetPart.objects.get(
                result_set__pk=result_set.pk, part_number=1)
            poll_response = rsp_1.to_poll_response_11(prp.message_id)
            result_set.last_part_returned = rsp_1
            result_set.save()
            response = poll_response

        return poll_response
Beispiel #10
0
 def test_01(self):
     """
     Send a collection information request, look to get a collection information response back
     """
     cir = tm11.CollectionInformationRequest(generate_message_id())
     msg = make_request(COLLECTION_MGMT_11_PATH, 
                           cir.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_COLLECTION_INFORMATION_RESPONSE)
Beispiel #11
0
 def test_01(self):
     """
     Sends an Inbox Message to an invalid URL. 
     Should get back a 404
     """
     inbox_message = tm11.InboxMessage(generate_message_id())
     msg = make_request(post_data=inbox_message.to_xml(),
                        path='/Services/PathThatShouldNotWork/',
                        expected_code=404)
Beispiel #12
0
    def test_01(self):
        """
        Send a feed information request, look to get a feed information response back
        """

        fir = tm10.FeedInformationRequest(generate_message_id())
        msg = make_request(COLLECTION_MGMT_11_PATH, fir.to_xml(),
                           get_headers(VID_TAXII_SERVICES_10, False),
                           MSG_FEED_INFORMATION_RESPONSE)
Beispiel #13
0
    def test_01(self):
        """
        Send a discovery request, look to get a discovery response back
        """

        dr = tm10.DiscoveryRequest(generate_message_id())
        msg = make_request(DISCOVERY_11_PATH, dr.to_xml(),
                           get_headers(VID_TAXII_SERVICES_10, False),
                           MSG_DISCOVERY_RESPONSE)
Beispiel #14
0
 def test_01(self):
     """
     Send a message to test_inbox_1 with a valid destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id(),
                               destination_collection_names=['default'])
     msg = make_request('/services/test_inbox_1/', inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE, ST_SUCCESS)
Beispiel #15
0
 def test_09(self):
     """
     Send a message to test_inbox_3 without a destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_3/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_SUCCESS)
Beispiel #16
0
 def test_13(self):
     """
     Send a TAXII 1.0 Inbox Message to /services/test_inbox_3/
     """
     inbox = tm10.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_3/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_10, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_SUCCESS)
Beispiel #17
0
 def test_01(self):
     """
     Send a discovery request, look to get a discovery response back
     """
     
     dr = tm10.DiscoveryRequest(generate_message_id())
     msg = make_request(DISCOVERY_11_PATH, 
                           dr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_10, False), 
                           MSG_DISCOVERY_RESPONSE)
Beispiel #18
0
 def test_01(self):
     """
     Send a feed information request, look to get a feed information response back
     """
     
     fir = tm10.FeedInformationRequest(generate_message_id())
     msg = make_request(COLLECTION_MGMT_11_PATH, 
                           fir.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_10, False), 
                           MSG_FEED_INFORMATION_RESPONSE)
Beispiel #19
0
 def test_09(self):
     """
     Send a message to test_inbox_3 without a destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_3/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_SUCCESS)
Beispiel #20
0
 def test_08(self):
     """
     Send a message to test_inbox_3 with a destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default'])
     msg = make_request('/services/test_inbox_3/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_DESTINATION_COLLECTION_ERROR)
Beispiel #21
0
 def test_04(self):
     """
     Send a message to test_inbox_2 with a valid destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default'])
     msg = make_request('/services/test_inbox_2/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_SUCCESS)
Beispiel #22
0
 def test_13(self):
     """
     Send a TAXII 1.0 Inbox Message to /services/test_inbox_3/
     """
     inbox = tm10.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_3/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_10, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_SUCCESS)
Beispiel #23
0
 def test_10(self):
     """
     Send an Inbox message with a Record Count
     """
     inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default'])
     inbox.record_count = tm11.RecordCount(0, True)
     msg = make_request('/services/test_inbox_1/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_SUCCESS)
Beispiel #24
0
 def test_11(self):
     """
     Send a TAXII 1.0 Inbox Message to /services/test_inbox_1/. Will always
     fail because /services/test_inbox_1/ requires a DCN and TAXII 1.0 cannot specify that.
     """
     inbox = tm10.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_1/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_10, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_FAILURE)
Beispiel #25
0
 def test_11(self):
     """
     Send a TAXII 1.0 Inbox Message to /services/test_inbox_1/. Will always
     fail because /services/test_inbox_1/ requires a DCN and TAXII 1.0 cannot specify that.
     """
     inbox = tm10.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_1/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_10, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_FAILURE)
Beispiel #26
0
 def test_05(self):
     """
     Send a message to test_inbox_2 with an invalid destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default_INVALID'])
     msg = make_request('/services/test_inbox_2/',
                           inbox.to_xml(),
                           get_headers(VID_TAXII_SERVICES_11, False),
                           MSG_STATUS_MESSAGE,
                           st=ST_NOT_FOUND,
                           sd_keys=[SD_ITEM])
Beispiel #27
0
 def test_08(self):
     """
     Send a message to test_inbox_3 with a destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id(),
                               destination_collection_names=['default'])
     msg = make_request('/services/test_inbox_3/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_DESTINATION_COLLECTION_ERROR)
Beispiel #28
0
 def test_03(self):
     """
     Send a message to test_inbox_1 without a destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_1/', 
                           inbox.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_DESTINATION_COLLECTION_ERROR, 
                           sd_keys=[SD_ACCEPTABLE_DESTINATION])
Beispiel #29
0
 def test_03(self):
     """
     Send a message to test_inbox_1 without a destination collection name
     """
     inbox = tm11.InboxMessage(generate_message_id())
     msg = make_request('/services/test_inbox_1/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_DESTINATION_COLLECTION_ERROR,
                        sd_keys=[SD_ACCEPTABLE_DESTINATION])
Beispiel #30
0
 def test_10(self):
     """
     Send an Inbox message with a Record Count
     """
     inbox = tm11.InboxMessage(generate_message_id(),
                               destination_collection_names=['default'])
     inbox.record_count = tm11.RecordCount(0, True)
     msg = make_request('/services/test_inbox_1/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_SUCCESS)
Beispiel #31
0
 def to_status_message_10(self):
     """
     Creates a TAXII 1.0 Status Message based on the
     properties of this object
     """
     sm = tm10.StatusMessage(message_id=generate_message_id(),
                             in_response_to=self.in_response_to,
                             extended_headers=self.extended_headers,
                             status_type=self.status_type,
                             status_detail=str(self.status_detail),
                             message=self.message)
     return sm
 def to_status_message_10(self):
     """
     Creates a TAXII 1.0 Status Message based on the
     properties of this object
     """
     sm = tm10.StatusMessage(message_id=generate_message_id(),
                             in_response_to=self.in_response_to,
                             extended_headers=self.extended_headers,
                             status_type=self.status_type,
                             status_detail=str(self.status_detail),
                             message=self.message)
     return sm
    def create_poll_response(cls, poll_service, prp, content):
        """
        Creates a poll response.

        1. If the request's response type is "Count Only",
        a single poll response w/ more=False used.
        2. If the content size is less than the poll_service's
        max_result_size, a poll response w/ more=False is used.
        3. If the poll_service's max_result_size is blank,
        a poll response w/ more=False used.
        4. If the response type is "Full" and the total
        number of contents are greater than the
        poll_service's max_result_size, a ResultSet
        is created, and a PollResponse w/more=True is used.
        """

        content_count = len(content)

        # RT_COUNT_ONLY - Always use a single result
        # RT_FULL - Use a single response if
        #           poll_service.max_result_size is None or
        #           len(content) <= poll_service.max_result_size
        #           Use a Multi-Part response otherwise

        if (prp.response_type == RT_COUNT_ONLY or
            poll_service.max_result_size is None or
            content_count <= poll_service.max_result_size):

            poll_response = tm11.PollResponse(message_id=generate_message_id(),
                                              in_response_to=prp.message_id,
                                              collection_name=prp.collection.name,
                                              result_part_number=1,
                                              more=False,
                                              exclusive_begin_timestamp_label=prp.exclusive_begin_timestamp_label,
                                              inclusive_end_timestamp_label=prp.inclusive_end_timestamp_label,
                                              record_count=tm11.RecordCount(content_count, False))
            if prp.subscription:
                    poll_response.subscription_id = prp.subscription.subscription_id

            if prp.response_type == RT_FULL:
                for c in content:
                    poll_response.content_blocks.append(c.to_content_block_11())
        else:
            # Split into multiple result sets
            result_set = handlers.create_result_set(poll_service, prp, content)
            rsp_1 = models.ResultSetPart.objects.get(result_set__pk=result_set.pk, part_number=1)
            poll_response = rsp_1.to_poll_response_11(prp.message_id)
            result_set.last_part_returned = rsp_1
            result_set.save()
            response = poll_response

        return poll_response
Beispiel #34
0
 def test_05(self):
     """
     Send a message to test_inbox_2 with an invalid destination collection name
     """
     inbox = tm11.InboxMessage(
         generate_message_id(),
         destination_collection_names=['default_INVALID'])
     msg = make_request('/services/test_inbox_2/',
                        inbox.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_NOT_FOUND,
                        sd_keys=[SD_ITEM])
Beispiel #35
0
 def test_03(self):
     """
     Test an invalid subscription ID
     """
     pr = tm11.PollRequest(message_id=generate_message_id(),
                           collection_name='default',
                           subscription_id='jdslkajdlksajdlksajld')
     msg = make_request('/services/test_poll_1/',
                        pr.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_NOT_FOUND,
                        sd_keys=[SD_ITEM])
Beispiel #36
0
 def create_request_message(self):
     if self.begin_timestamp:
         begin_ts = dateutil.parser.parse(self.begin_timestamp)
     # TODO: add support for end timestamp
     end_ts = None
     create_kwargs = {
         'message_id': generate_message_id(),
         'collection_name': self.collection_name,
         'exclusive_begin_timestamp_label': begin_ts,
         'inclusive_end_timestamp_label': end_ts
     }
     create_kwargs['poll_parameters'] = PollRequest.PollParameters()
     poll_req = PollRequest(**create_kwargs)
     return poll_req
Beispiel #37
0
    def create_request_message(self, args):
        if args.content_file is self.stix_watchlist:
            data = self.stix_watchlist
        else:
            with open(args.content_file, 'r') as f:
                data = f.read()

        cb = tm10.ContentBlock(args.content_binding, data)
        if args.subtype is not None:
            cb.content_binding.subtype_ids.append(args.subtype)

        inbox_message = tm10.InboxMessage(message_id=generate_message_id(), content_blocks=[cb])

        return inbox_message
Beispiel #38
0
 def test_03(self):
     """
     Test an invalid subscription ID
     """
     pr = tm11.PollRequest(
             message_id = generate_message_id(),
             collection_name = 'default',
             subscription_id = 'jdslkajdlksajdlksajld')
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_NOT_FOUND,
                           sd_keys=[SD_ITEM])
Beispiel #39
0
def exception_to_status(exception, format_version):
    data = dict(message_id=generate_message_id(),
                in_response_to=exception.in_response_to,
                extended_headers=exception.extended_headers,
                status_type=exception.status_type,
                status_detail=exception.status_details,
                message=exception.message)
    if format_version == VID_TAXII_XML_11:
        sm = tm11.StatusMessage(**data)
    elif format_version == VID_TAXII_XML_10:
        sm = tm10.StatusMessage(**data)
    else:
        raise ValueError("Unknown version: %s" % format_version)
    return sm
Beispiel #40
0
 def test_09(self):
     """
     Tests that a single PollRequest succeeds.
     """
     pp = tm11.PollParameters()
     pr = tm11.PollRequest(message_id=generate_message_id(),
                           collection_name='default',
                           poll_parameters=pp)
     msg = make_request('/services/test_poll_1/', pr.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_POLL_RESPONSE)
     #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
     if len(msg.content_blocks) != 5:
         raise ValueError('Got %s CBs' % len(msg.content_blocks))
Beispiel #41
0
    def create_pending_response(cls, poll_service, prp, content):
        """
        Arguments:
            poll_service (models.PollService) - The TAXII Poll Service being invoked
            prp (util.PollRequestProperties) - The Poll Request Properties of the Poll Request
            content - A list of content (nominally, models.ContentBlock objects).

        This method returns a StatusMessage with a Status Type
        of Pending OR raises a StatusMessageException
        based on the following table::

            asynch | Delivery_Params | can_push || Response Type
            ----------------------------------------------------
            True   | -               | -        || Pending - Asynch
            False  | Yes             | Yes      || Pending - Push
            False  | Yes             | No       || StatusMessageException
            False  | No              | -        || StatusMessageException
        """

        # Identify the Exception conditions first (e.g., rows #3 and #4)
        if (prp.allow_asynch is False and
            (prp.delivery_parameters is None or prp.can_push is False)):

            raise StatusMessageException(
                prp.message_id, ST_FAILURE,
                "The content was not available now and \
                                         the request had allow_asynch=False and no \
                                         Delivery Parameters were specified.")

        # Rows #1 and #2 are both Status Messages with a type of Pending
        result_set = cls.create_result_set(content, prp, poll_service)
        sm = tm11.StatusMessage(message_id=generate_message_id(),
                                in_response_to=prp.message_id,
                                status_type=ST_PENDING)
        if prp.allow_asynch:
            sm.status_details = {
                SD_ESTIMATED_WAIT: 300,
                SD_RESULT_ID: result_set.pk,
                SD_WILL_PUSH: False
            }
        else:
            # TODO: Check and see if the requested delivery parameters are supported
            sm.status_details = {
                SD_ESTIMATED_WAIT: 300,
                SD_RESULT_ID: result_set.pk,
                SD_WILL_PUSH: True
            }
            # TODO: Need to try pushing or something.
        return sm
Beispiel #42
0
 def test_04(self):
     """
     Test a Content Binding ID not supported by the server
     """
     pp = tm11.PollParameters(content_bindings=[tm11.ContentBinding('some_random_binding')])
     pr = tm11.PollRequest(
             message_id = generate_message_id(),
             collection_name = 'default',
             poll_parameters = pp)
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_UNSUPPORTED_CONTENT_BINDING,
                           sd_keys=[SD_SUPPORTED_CONTENT])
Beispiel #43
0
 def test_04(self):
     """
     Test a Content Binding ID not supported by the server
     """
     pp = tm11.PollParameters(
         content_bindings=[tm11.ContentBinding('some_random_binding')])
     pr = tm11.PollRequest(message_id=generate_message_id(),
                           collection_name='default',
                           poll_parameters=pp)
     msg = make_request('/services/test_poll_1/',
                        pr.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_UNSUPPORTED_CONTENT_BINDING,
                        sd_keys=[SD_SUPPORTED_CONTENT])
Beispiel #44
0
def exception_to_status(exception, format_version):
    data = dict(
        message_id=generate_message_id(),
        in_response_to=exception.in_response_to,
        extended_headers=exception.extended_headers,
        status_type=exception.status_type,
        status_detail=exception.status_details,
        message=exception.message)
    if format_version == VID_TAXII_XML_11:
        sm = tm11.StatusMessage(**data)
    elif format_version == VID_TAXII_XML_10:
        sm = tm10.StatusMessage(**data)
    else:
        raise ValueError("Unknown version: %s" % format_version)
    return sm
Beispiel #45
0
 def test_05(self):
     """
     Test a supported Content Binding ID with an unsupported subtype
     """
     pp = tm11.PollParameters(content_bindings=[tm11.ContentBinding(CB_STIX_XML_111, subtype_ids=['FakeSubtype'])])
     pr = tm11.PollRequest(
             message_id = generate_message_id(),
             collection_name = 'default',
             poll_parameters = pp)
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_UNSUPPORTED_CONTENT_BINDING,
                           sd_keys=[SD_SUPPORTED_CONTENT])
Beispiel #46
0
    def test_02(self):
        """
        Test a begin TS later than an end TS.
        """
        begin_ts = datetime.now(tzutc())
        end_ts = begin_ts - timedelta(days=-7)

        pp = tm11.PollParameters()
        pr = tm11.PollRequest(message_id=generate_message_id(),
                              collection_name='default',
                              poll_parameters=pp,
                              exclusive_begin_timestamp_label=begin_ts,
                              inclusive_end_timestamp_label=end_ts)
        msg = make_request('/services/test_poll_1/', pr.to_xml(),
                           get_headers(VID_TAXII_SERVICES_11, False),
                           ST_FAILURE)
Beispiel #47
0
 def test_09(self):
     """
     Tests that a single PollRequest succeeds.
     """
     pp = tm11.PollParameters()
     pr = tm11.PollRequest(
             message_id=generate_message_id(),
             collection_name='default',
             poll_parameters=pp)
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_POLL_RESPONSE)
     #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
     if len(msg.content_blocks) != 5:
         raise ValueError('Got %s CBs' % len(msg.content_blocks))
Beispiel #48
0
 def test_05(self):
     """
     Test a supported Content Binding ID with an unsupported subtype
     """
     pp = tm11.PollParameters(content_bindings=[
         tm11.ContentBinding(CB_STIX_XML_111, subtype_ids=['FakeSubtype'])
     ])
     pr = tm11.PollRequest(message_id=generate_message_id(),
                           collection_name='default',
                           poll_parameters=pp)
     msg = make_request('/services/test_poll_1/',
                        pr.to_xml(),
                        get_headers(VID_TAXII_SERVICES_11, False),
                        MSG_STATUS_MESSAGE,
                        st=ST_UNSUPPORTED_CONTENT_BINDING,
                        sd_keys=[SD_SUPPORTED_CONTENT])
Beispiel #49
0
    def test_01(self):
        """
        Test an invalid collection name
        """
        pp = tm11.PollParameters()
        pr = tm11.PollRequest(
            message_id=generate_message_id(),
            collection_name='INVALID_COLLECTION_NAME_13820198320',
            poll_parameters=pp)

        msg = make_request('/services/test_poll_1/',
                           pr.to_xml(),
                           get_headers(VID_TAXII_SERVICES_11, False),
                           MSG_STATUS_MESSAGE,
                           st=ST_NOT_FOUND,
                           sd_keys=[SD_ITEM])
Beispiel #50
0
 def test_01(self):
     """
     Test an invalid collection name
     """
     pp = tm11.PollParameters()
     pr = tm11.PollRequest(
             message_id = generate_message_id(),
             collection_name = 'INVALID_COLLECTION_NAME_13820198320',
             poll_parameters = pp)
     
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_STATUS_MESSAGE, 
                           st=ST_NOT_FOUND,
                           sd_keys=[SD_ITEM])
Beispiel #51
0
        def _wrapped_view(request, *args, **kwargs):

            if request.method != 'POST':
                raise StatusMessageException('0', ST_BAD_MESSAGE,
                                             'Request method was not POST!')

            # If requested, attempt to validate
            # TODO: Validation has changed!
            if do_validate:
                try:
                    validate(request)
                except Exception as e:
                    raise StatusMessageException('0', ST_BAD_MESSAGE,
                                                 e.message)

            # Attempt to deserialize
            try:
                message = deserialize(request)
            except Exception as e:
                raise StatusMessageException('0', ST_BAD_MESSAGE, e.message)

            try:
                if message_types is None:
                    pass  # No checking was requested
                elif isinstance(message_types, list):
                    if message.__class__ not in message_types:
                        raise ValueError(
                            'Message type not allowed. Must be one of: %s' %
                            message_types)
                elif isinstance(message_types, object):
                    if not isinstance(message, message_types):
                        raise ValueError(
                            'Message type not allowed. Must be: %s' %
                            message_types)
                elif message_types is not None:
                    raise ValueError(
                        'Something strange happened with message_types! Was not a list or object!'
                    )
            except ValueError as e:
                msg = tm11.StatusMessage(generate_message_id(),
                                         message.message_id,
                                         status_type='FAILURE',
                                         message=e.message)
                return HttpResponseTaxii(msg.to_xml(), response_headers)

            kwargs['taxii_message'] = message
            return view_func(request, *args, **kwargs)
Beispiel #52
0
 def test_02(self):
     """
     Test a begin TS later than an end TS.
     """
     begin_ts = datetime.now(tzutc())
     end_ts = begin_ts - timedelta(days=-7)
     
     pp = tm11.PollParameters()
     pr = tm11.PollRequest(
             message_id = generate_message_id(),
             collection_name = 'default',
             poll_parameters = pp,
             exclusive_begin_timestamp_label = begin_ts,
             inclusive_end_timestamp_label = end_ts)
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           ST_FAILURE)
Beispiel #53
0
 def test_10(self):
     """
     Test a query. Should match just the APT1 report.
     """
     test = tdq.Test(capability_id = tdq.CM_CORE, relationship=R_EQUALS, parameters={P_VALUE: 'Unit 61398', P_MATCH_TYPE: 'case_sensitive_string'} )
     criterion = tdq.Criterion(target='STIX_Package/Threat_Actors/Threat_Actor/Identity/Specification/PartyName/OrganisationName/SubDivisionName', test=test)
     criteria = tdq.Criteria(OP_AND, criterion=[criterion])
     q = tdq.DefaultQuery(CB_STIX_XML_111, criteria)
     pp = tm11.PollParameters()
     pr = tm11.PollRequest(
             message_id=generate_message_id(),
             collection_name='default',
             poll_parameters=pp)
     #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
     msg = make_request('/services/test_poll_1/', 
                           pr.to_xml(), 
                           get_headers(VID_TAXII_SERVICES_11, False), 
                           MSG_POLL_RESPONSE)
     if len(msg.content_blocks) != 1:
         raise ValueError('Got %s CBs' % len(msg.content_blocks))
    def create_pending_response(cls, poll_service, prp, content):
        """
        Arguments:
            poll_service (models.PollService) - The TAXII Poll Service being invoked
            prp (util.PollRequestProperties) - The Poll Request Properties of the Poll Request
            content - A list of content (nominally, models.ContentBlock objects).

        This method returns a StatusMessage with a Status Type
        of Pending OR raises a StatusMessageException
        based on the following table::

            asynch | Delivery_Params | can_push || Response Type
            ----------------------------------------------------
            True   | -               | -        || Pending - Asynch
            False  | Yes             | Yes      || Pending - Push
            False  | Yes             | No       || StatusMessageException
            False  | No              | -        || StatusMessageException
        """

        # Identify the Exception conditions first (e.g., rows #3 and #4)
        if (prp.allow_asynch is False and
            (prp.delivery_parameters is None or prp.can_push is False)):

            raise StatusMessageException(prp.message_id,
                                         ST_FAILURE,
                                         "The content was not available now and \
                                         the request had allow_asynch=False and no \
                                         Delivery Parameters were specified.")

        # Rows #1 and #2 are both Status Messages with a type of Pending
        result_set = cls.create_result_set(content, prp, poll_service)
        sm = tm11.StatusMessage(message_id=generate_message_id(),
                                in_response_to=prp.message_id,
                                status_type=ST_PENDING)
        if prp.allow_asynch:
            sm.status_details = {SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: False}
        else:
            # TODO: Check and see if the requested delivery parameters are supported
            sm.status_details = {SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: True}
            # TODO: Need to try pushing or something.
        return sm
Beispiel #55
0
    def run(self):
        client = tc.HttpClient()
        # TODO: handle authentication stuff
        #client.set_auth_type(tc.AUTH_NONE)
        client.set_use_https(False)

        r = CollectionInformationRequest(generate_message_id())
        col_xml = r.to_xml(pretty_print=True)

        if ':' in self.url.netloc:
            host = self.url.netloc.split(':')[0]
            server_port = self.url.netloc.split(':')[1]
        else:
            host = self.url.netloc
            server_port = None
        if server_port:
            http_resp = client.call_taxii_service2(host, self.url.path, VID_TAXII_XML_11, col_xml, port = server_port)
        else:
            http_resp = client.call_taxii_service2(host, self.url.path, VID_TAXII_XML_11, col_xml)
        taxii_message = t.get_message_from_http_response(http_resp, r.message_id)
        return taxii_message.to_dict()
def main():

    file_hash = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
    badness = 0 # Value between 0-100, or None if the badness is unknown

    sp = STIXPackage()
    sp.stix_header = STIXHeader()
    sp.stix_header.title = "File Hash Reputation for %s" % file_hash
    sp.stix_header.add_package_intent("Indicators - Malware Artifacts")
    sp.stix_header.information_source = InformationSource()
    sp.stix_header.information_source.identity = Identity()
    sp.stix_header.information_source.identity.name = "TAXII Service Profile: File Hash Reputation"

    file_obj = File()
    file_obj.add_hash(file_hash)
    file_obj.hashes[0].simple_hash_value.condition = "Equals"

    indicator = Indicator(title="File Hash Reputation")
    indicator.indicator_type = "File Hash Reputation"
    indicator.add_observable(file_obj)
    if badness is None:
        indicator.likely_impact = "Unknown"
    else:
        vs = VocabString(str(badness))
        vs.vocab_name = 'percentage'
        vs.vocab_reference = "http://en.wikipedia.org/wiki/Percentage"
        indicator.likely_impact = vs

    sp.add_indicator(indicator)

    stix_xml = sp.to_xml()

    poll_response = tm11.PollResponse(message_id=generate_message_id(),
                                      in_response_to="1234",
                                      collection_name='file_hash_reputation')
    cb = tm11.ContentBlock(content_binding=CB_STIX_XML_111,
                           content=stix_xml)
    poll_response.content_blocks.append(cb)
    print poll_response.to_xml(pretty_print=True)
    def create_poll_response(cls, poll_service, prp, content_blocks):
        """

        :param poll_service:
        :param prp:
        :param content_blocks:
        :return:
        """

        ietl = prp.exclusive_begin_timestamp_label
        if ietl is not None:
            ietl += timedelta(milliseconds=1)

        pr = tm10.PollResponse(message_id=generate_message_id(),
                               in_response_to=prp.message_id,
                               feed_name=prp.collection.name,
                               inclusive_begin_timestamp_label=ietl,
                               inclusive_end_timestamp_label=prp.inclusive_end_timestamp_label)

        for content_block in content_blocks:
            pr.content_blocks.append(content_block.to_content_block_10())

        return pr