def ui_yara():
"""
Yara signatures view.
"""
create_yara_form = YaraForm()
change_tlp_level_form = ChangeTLPForm()
rename_yara_form = RenameForm()
if create_yara_form.validate_on_submit():
ret = api.yaracontrol.create(
create_yara_form.yara_name.data,
create_yara_form.yara_raw.data,
create_yara_form.yara_tlp.data)
if ret is None:
flash("Error during yara creation", "error")
else:
flash("Created yara " + ret.name, "success")
elif change_tlp_level_form.validate_on_submit():
if change_tlp_level_form.item_id:
yar = api.get_elem_by_type("yara",
change_tlp_level_form.item_id.data)
api.yaracontrol.set_tlp_level(
change_tlp_level_form.level.data, yar)
elif rename_yara_form.validate_on_submit():
if rename_yara_form.item_id:
yar = api.get_elem_by_type("yara",
rename_yara_form.item_id.data)
api.yaracontrol.rename(rename_yara_form.newname.data, yar)
yaras = api.yaracontrol.get_all()
return render_template("signatures.html",
myyaras=yaras,
changetlpform=change_tlp_level_form,
renameform=rename_yara_form,
yaraform=create_yara_form)
def ui_yara():
"""
Yara signatures view.
"""
create_yara_form = YaraForm()
change_tlp_level_form = ChangeTLPForm()
rename_yara_form = RenameForm()
if create_yara_form.validate_on_submit():
ret = api.yaracontrol.create(
create_yara_form.yara_name.data,
create_yara_form.yara_raw.data,
create_yara_form.yara_tlp.data)
if ret is None:
flash("Error during yara creation", "error")
else:
flash("Created yara " + ret.name, "success")
elif change_tlp_level_form.validate_on_submit():
if change_tlp_level_form.item_id:
yar = api.get_elem_by_type("yara",
change_tlp_level_form.item_id.data)
api.yaracontrol.set_tlp_level(
change_tlp_level_form.level.data, yar)
elif rename_yara_form.validate_on_submit():
if rename_yara_form.item_id:
yar = api.get_elem_by_type("yara",
rename_yara_form.item_id.data)
api.yaracontrol.rename(rename_yara_form.newname.data, yar)
yaras = api.yaracontrol.get_all()
return render_template("signatures.html",
myyaras=yaras,
changetlpform=change_tlp_level_form,
renameform=rename_yara_form,
yaraform=create_yara_form)
def diff_samples(sample_id, sample2_id):
"""
Diff two samples using MACHOC. Maybe we could move this view in the sample
view, just as we did for the disassemble view?
"""
sample1 = api.get_elem_by_type("sample", sample_id)
sample2 = api.get_elem_by_type("sample", sample2_id)
sdiff = []
# POST request means that the samples names sharing has been submitted.
if request.method == "POST":
if not request.form.getlist("selectl"):
abort(500)
items = []
for i in request.form.getlist("selectl"):
n = i.split("_")
if len(n) == 2:
items.append((n[0], n[1]))
if not api.samplecontrol.sample_rename_from_diff(
items, sample1, sample2):
abort(500)
if not api.add_actions_fromfunc_infos(items, sample1, sample2):
abort(500)
return redirect("/sample/" + str(sample1.id) + "#poli_infos")
else:
sdiff = api.samplecontrol.machoc_get_similar_functions(
sample1, sample2)
return render_template("diff.html",
sample1=sample1,
sample2=sample2,
sdiff=sdiff)
def diff_samples(sample_id, sample2_id):
"""
Diff two samples using MACHOC. Maybe we could move this view in the sample
view, just as we did for the disassemble view?
"""
sample1 = api.get_elem_by_type("sample", sample_id)
sample2 = api.get_elem_by_type("sample", sample2_id)
sdiff = []
# POST request means that the samples names sharing has been submitted.
if request.method == "POST":
if not request.form.getlist("selectl"):
abort(500)
items = []
for i in request.form.getlist("selectl"):
n = i.split("_")
if len(n) == 2:
items.append((n[0], n[1]))
if not api.samplecontrol.sample_rename_from_diff(
items, sample1, sample2):
abort(500)
if not api.add_actions_fromfunc_infos(items, sample1, sample2):
abort(500)
return redirect("/sample/" + str(sample1.id) + "#poli_infos")
else:
sdiff = api.samplecontrol.machoc_get_similar_functions(
sample1, sample2)
return render_template("diff.html",
sample1=sample1,
sample2=sample2,
sdiff=sdiff)
def delete_family_item(family_id, item_id):
"""
Delete a family detection item.
"""
family = api.get_elem_by_type("family", family_id)
detection_item = api.get_elem_by_type("detection_item", item_id)
api.familycontrol.delete_detection_item(detection_item)
return redirect(url_for('webuiview.view_family', family_id=family.id))
def delete_family_file(family_id, file_id):
"""
Delete a family attached file.
"""
family = api.get_elem_by_type("family", family_id)
attachment = api.get_elem_by_type("family_file", file_id)
api.familycontrol.delete_file(attachment)
return redirect(url_for('webuiview.view_family', family_id=family.id))
def ui_sample_remove_family(sample_id, family_id):
"""
Add or remove the current user to the sample's users.
"""
sample = api.get_elem_by_type("sample", sample_id)
family = api.get_elem_by_type("family", family_id)
api.familycontrol.remove_sample(sample, family)
return redirect(url_for('view_sample', sample_id=sample_id))
def check_field(sample_id, checklist_id):
"""
Check or uncheck a checklist element.
"""
sample = api.get_elem_by_type("sample", sample_id)
checklist = api.get_elem_by_type("checklist", checklist_id)
api.samplecontrol.toggle_sample_checklist(sample, checklist)
return redirect(url_for('webuiview.view_sample', sample_id=sample_id))
def delete_family_file(family_id, file_id):
"""
Delete a family attached file.
"""
family = api.get_elem_by_type("family", family_id)
attachment = api.get_elem_by_type("family_file", file_id)
api.familycontrol.delete_file(attachment)
return redirect(url_for('view_family', family_id=family.id))
def delete_family_item(family_id, item_id):
"""
Delete a family detection item.
"""
family = api.get_elem_by_type("family", family_id)
detection_item = api.get_elem_by_type("detection_item", item_id)
api.familycontrol.delete_detection_item(detection_item)
return redirect(url_for('view_family', family_id=family.id))
def check_field(sample_id, checklist_id):
"""
Check or uncheck a checklist element.
"""
sample = api.get_elem_by_type("sample", sample_id)
checklist = api.get_elem_by_type("checklist", checklist_id)
api.samplecontrol.toggle_sample_checklist(sample, checklist)
return redirect(url_for('view_sample', sample_id=sample_id))
def ui_sample_remove_family(sample_id, family_id):
"""
Add or remove the current user to the sample's users.
"""
sample = api.get_elem_by_type("sample", sample_id)
family = api.get_elem_by_type("family", family_id)
api.familycontrol.remove_sample(sample, family)
return redirect(url_for('webuiview.view_sample', sample_id=sample_id))
def delete_yara_family(family_id, yara_id):
"""
Deletes an associated yara rule.
"""
family = api.get_elem_by_type("family", family_id)
yar = api.get_elem_by_type("yara", yara_id)
api.yaracontrol.remove_from_family(family, yar)
flash("Removed yara %s from family %s" % (yar.name, family.name),
"success")
return redirect(url_for("view_family", family_id=family_id))
def delete_yara_family(family_id, yara_id):
"""
Deletes an associated yara rule.
"""
family = api.get_elem_by_type("family", family_id)
yar = api.get_elem_by_type("yara", yara_id)
api.yaracontrol.remove_from_family(family, yar)
flash("Removed yara %s from family %s" % (yar.name, family.name),
"success")
return redirect(url_for('webuiview.view_family', family_id=family_id))
def api_family_export_detection_openioc(family_id, tlp_level):
"""
This endpoint format should be reimplemented
"""
my_family = api.get_elem_by_type("family", family_id)
return plain_text(
api.familycontrol.export_detection_openioc(my_family, tlp_level))
def api_family_export_detection_yara(family_id, tlp_level):
"""
This endpoint is ugly, should replace with tlp in argument
"""
my_family = api.get_elem_by_type("family", family_id)
return plain_text(
api.familycontrol.export_yara_ruleset(my_family, tlp_level))
def api_get_sample_abstract(sid):
"""
Returns the raw markdown sample abstract
"""
sample = api.get_elem_by_type("sample", sid)
result = sample.abstract
return jsonify({'abstract': result})
def api_get_yara_matches(sid):
"""
TODO : Get yara matches
"""
sample = api.get_elem_by_type("sample", sid)
result = None
return jsonify({'result': result})
def api_get_sample_abstract(sid):
"""
Returns the raw markdown sample abstract
"""
sample = api.get_elem_by_type("sample", sid)
result = sample.abstract
return jsonify({'abstract': result})
def api_post_sample_family(sid):
samp = api.get_elem_by_type("sample", sid)
if request.json is None:
abort(400, "JSON not provided")
fam = None
if "family_id" in request.json.keys():
fid = request.json['family_id']
fam = api.get_elem_by_type("family", fid)
elif "family_name" in request.json.keys():
fname = request.json['family_name']
fam = api.familycontrol.get_by_name(fname)
else:
return jsonify({'result': False})
result = api.familycontrol.add_sample(samp, fam)
return jsonify({'result': result})
def api_family_export_sampleszip(family_id, tlp_level):
my_family = api.get_elem_by_type("family", family_id)
zpath = api.familycontrol.generate_samples_zip_file(my_family, tlp_level)
if zpath is None:
return ""
return send_file("../" + zpath, as_attachment=True,
attachment_filename="export.tar.gz")
def api_get_yara_matches(sid):
"""
TODO : Get yara matches
"""
sample = api.get_elem_by_type("sample", sid)
result = None
return jsonify({'result': result})
def api_post_sample_family(sid):
samp = api.get_elem_by_type("sample", sid)
if request.json is None:
abort(400, "JSON not provided")
fam = None
if "family_id" in request.json.keys():
fid = request.json['family_id']
fam = api.get_elem_by_type("family", fid)
elif "family_name" in request.json.keys():
fname = request.json['family_name']
fam = api.familycontrol.get_by_name(fname)
else:
return jsonify({'result': False})
result = api.familycontrol.add_sample(samp, fam)
return jsonify({'result': result})
def ui_sample_upload():
"""
Sample creation from binary file.
"""
upload_form = UploadSampleForm()
families_choices = [(0, "None")]
families_choices += [(f.id, f.name) for f in Family.query.order_by('name')]
upload_form.family.choices = families_choices
if upload_form.validate_on_submit():
family_id = upload_form.family.data
zipflag = upload_form.zipflag.data
family = None
if family_id != 0:
family = api.get_elem_by_type("family", family_id)
for mfile in upload_form.files.raw_data:
file_data = mfile.stream
file_name = secure_filename(mfile.filename)
samples = api.dispatch_sample_creation(
file_data,
file_name,
g.user,
upload_form.level.data,
family,
zipflag)
if not samples:
flash("Error during sample creation", "error")
else:
for sample in samples:
flash("Created sample " + str(sample.id), "success")
return redirect(url_for('webuiview.index'))
def delete_sample(sample_id):
"""
Delete from DB.
"""
sample = api.get_elem_by_type("sample", sample_id)
api.samplecontrol.delete(sample)
return redirect(url_for('webuiview.index'))
def delete_sample(sample_id):
"""
Delete from DB.
"""
sample = api.get_elem_by_type("sample", sample_id)
api.samplecontrol.delete(sample)
return redirect(url_for('index'))
def ui_sample_upload():
"""
Sample creation from binary file.
"""
upload_form = UploadSampleForm()
families_choices = [(0, "None")]
families_choices += [(f.id, f.name) for f in Family.query.order_by('name')]
upload_form.family.choices = families_choices
if upload_form.validate_on_submit():
family_id = upload_form.family.data
zipflag = upload_form.zipflag.data
family = None
if family_id != 0:
family = api.get_elem_by_type("family", family_id)
for mfile in upload_form.files.raw_data:
file_data = mfile.stream
file_name = secure_filename(mfile.filename)
samples = api.dispatch_sample_creation(
file_data,
file_name,
g.user,
upload_form.level.data,
family,
zipflag)
if len(samples) == 0:
flash("Error during sample creation", "error")
else:
for sample in samples:
flash("Created sample " + str(sample.id), "success")
return redirect(url_for('index'))
def api_get_family_by_id(fid):
"""
Get family informations
"""
fam = api.get_elem_by_type("family", fid)
schema = FamilySchema()
result = schema.dump(fam).data
return jsonify({"family": result})
def api_suggest_func_names(sid):
"""
Returns a dictionary containing proposed function names
based on machoc matches.
"""
sample = api.get_elem_by_type("sample", sid)
proposed_funcs = api.samplecontrol.get_proposed_funcnames(sample)
return jsonify({'functions': proposed_funcs})
def api_suggest_func_names(sid):
"""
Returns a dictionary containing proposed function names
based on machoc matches.
"""
sample = api.get_elem_by_type("sample", sid)
proposed_funcs = api.samplecontrol.get_proposed_funcnames(sample)
return jsonify({'functions': proposed_funcs})
def ui_delete_yara(sig_id):
"""
Delete YARA rule.
"""
yar = api.get_elem_by_type("yara", sig_id)
name = yar.name
api.yaracontrol.delete(yar)
flash("Deleted rule " + name, "success")
return redirect(url_for('webuiview.ui_yara'))
def api_get_sample_file(sid):
"""
Return the sample binary
"""
sample = api.get_elem_by_type("sample", sid)
data_file = sample.storage_file
return send_file('../' + data_file,
as_attachment=True,
attachment_filename=os.path.basename(data_file))
def api_get_sample_file(sid):
"""
Return the sample binary
"""
sample = api.get_elem_by_type("sample", sid)
data_file = sample.storage_file
return send_file('../' + data_file,
as_attachment=True,
attachment_filename=os.path.basename(data_file))
def ui_delete_yara(sig_id):
"""
Delete YARA rule.
"""
yar = api.get_elem_by_type("yara", sig_id)
name = yar.name
api.yaracontrol.delete(yar)
flash("Deleted rule " + name, "success")
return redirect(url_for('ui_yara'))
def gen_sample_view(sample_id, graph=None, fctaddr=None):
"""
Generates a sample's view (template). We split the view because of the
disassembly view, which is directly included in the sample's view, but
not "by default".
"""
sample = api.get_elem_by_type("sample", sample_id)
machex_export_form = ExportMachexForm(sampleid=sample.id)
set_sample_abstract_form = SampleAbstractForm()
add_family_form = AddSampleToFamilyForm()
families_choices = [(f.id, f.name) for f in Family.query.order_by('name')]
add_family_form.parentfamily.choices = families_choices
change_tlp_level_form = ChangeTLPForm()
machoc_form = CompareMachocForm()
if add_family_form.validate_on_submit():
family_id = add_family_form.parentfamily.data
family = api.get_elem_by_type("family", family_id)
api.familycontrol.add_sample(sample, family)
if set_sample_abstract_form.validate_on_submit():
abstract = set_sample_abstract_form.abstract.data
api.samplecontrol.set_abstract(sample, abstract)
elif sample.abstract is not None:
set_sample_abstract_form.abstract.default = sample.abstract
set_sample_abstract_form.abstract.data = sample.abstract
if change_tlp_level_form.validate_on_submit():
level = change_tlp_level_form.level.data
api.samplecontrol.set_tlp_level(sample, level)
machoc_comparison_results = None
if machoc_form.validate_on_submit():
machoc_comparison_results = parse_machoc_form(sample, machoc_form)
return render_template("sample.html",
sample=sample,
abstractform=set_sample_abstract_form,
checklists=api.samplecontrol.get_all_checklists(),
changetlpform=change_tlp_level_form,
compareform=machoc_form,
expform=machex_export_form,
hresults=machoc_comparison_results,
addfamilyform=add_family_form,
graph=graph,
fctaddr=fctaddr)
def gen_sample_view(sample_id, graph=None, fctaddr=None):
"""
Generates a sample's view (template). We split the view because of the
disassembly view, which is directly included in the sample's view, but
not "by default".
"""
sample = api.get_elem_by_type("sample", sample_id)
machex_export_form = ExportMachexForm(sampleid=sample.id)
set_sample_abstract_form = SampleAbstractForm()
add_family_form = AddSampleToFamilyForm()
families_choices = [(f.id, f.name) for f in Family.query.order_by('name')]
add_family_form.parentfamily.choices = families_choices
change_tlp_level_form = ChangeTLPForm()
machoc_form = CompareMachocForm()
if add_family_form.validate_on_submit():
family_id = add_family_form.parentfamily.data
family = api.get_elem_by_type("family", family_id)
api.familycontrol.add_sample(sample, family)
if set_sample_abstract_form.validate_on_submit():
abstract = set_sample_abstract_form.abstract.data
api.samplecontrol.set_abstract(sample, abstract)
elif sample.abstract is not None:
set_sample_abstract_form.abstract.default = sample.abstract
set_sample_abstract_form.abstract.data = sample.abstract
if change_tlp_level_form.validate_on_submit():
level = change_tlp_level_form.level.data
api.samplecontrol.set_tlp_level(sample, level)
machoc_comparison_results = None
if machoc_form.validate_on_submit():
machoc_comparison_results = parse_machoc_form(sample, machoc_form)
return render_template("sample.html",
sample=sample,
abstractform=set_sample_abstract_form,
checklists=api.samplecontrol.get_all_checklists(),
changetlpform=change_tlp_level_form,
compareform=machoc_form,
expform=machex_export_form,
hresults=machoc_comparison_results,
addfamilyform=add_family_form,
graph=graph,
fctaddr=fctaddr)
def api_set_sample_abstract(sid):
"""
@arg: abstract Markdown for the abstract
"""
data = request.json
if data is None or 'abstract' not in data.keys():
abort(400, 'Invalid JSON data provided')
abstract = data['abstract']
samp = api.get_elem_by_type("sample", sid)
result = api.samplecontrol.set_abstract(samp, abstract)
return jsonify({'result': result})
def download_family_file(family_id, file_id):
"""
Family attachment download endpoint.
"""
attachment = api.get_elem_by_type("family_file", file_id)
data_file = attachment.filepath
if not os.path.exists(data_file):
abort(404)
return send_file('../' + data_file,
as_attachment=True,
attachment_filename=os.path.basename(data_file))
def api_set_sample_abstract(sid):
"""
@arg: abstract Markdown for the abstract
"""
data = request.json
if data is None or 'abstract' not in data.keys():
abort(400, 'Invalid JSON data provided')
abstract = data['abstract']
samp = api.get_elem_by_type("sample", sid)
result = api.samplecontrol.set_abstract(samp, abstract)
return jsonify({'result': result})
def delete_family(family_id):
"""
Delete a family.
"""
family = api.get_elem_by_type("family", family_id)
parentfamily = None
parentfamily = family.parents
api.familycontrol.delete(family)
flash("Deleted family", "success")
if parentfamily is not None:
return redirect(url_for('view_family', family_id=parentfamily.id))
return redirect(url_for('view_families'))
def delete_family(family_id):
"""
Delete a family.
"""
family = api.get_elem_by_type("family", family_id)
parentfamily = None
parentfamily = family.parents
api.familycontrol.delete(family)
flash("Deleted family", "success")
if parentfamily is not None:
return redirect(url_for('webuiview.view_family',
family_id=parentfamily.id))
return redirect(url_for('webuiview.view_families'))
def api_add_yara_to_family(fid):
"""
Add a yara rule to a family
"""
family = api.get_elem_by_type("family", fid)
try:
rule_name = request.json["rule_name"]
rule = api.yaracontrol.get_by_name(rule_name)
if rule is None:
raise KeyError
result = api.yaracontrol.add_to_family(family, rule)
except KeyError:
abort(400, "Unknown yara")
return jsonify({"result": result})
def api_set_family_abstract(fid):
"""
@arg abstract: The family abstract
"""
if request.json is None:
abort(400, "Missing JSON data")
try:
family = api.get_elem_by_type("family", fid)
abstract = request.json["abstract"]
result = api.familycontrol.set_abstract(family, abstract)
return jsonify({"result": result})
except KeyError:
abort(400, "Missing abstract data")
def machexport(sample_id):
"""
Machex export form handling.
"""
machex_export_form = ExportMachexForm()
sample = api.get_elem_by_type("sample", sample_id)
if machex_export_form.validate_on_submit():
fnamexp = False
fmachexp = False
fstringexp = False
fmeta = False
aabstract = False
sabstract = False
fullmachoc = False
if machex_export_form.machocfull.data:
fullmachoc = True
if machex_export_form.estrings.data:
fstringexp = True
if machex_export_form.metadata.data:
fmeta = True
if machex_export_form.fnames.data:
fnamexp = True
if machex_export_form.fmachoc.data:
fmachexp = True
if machex_export_form.abstracts.data:
sabstract = True
if machex_export_form.analysis_data.data:
aabstract = True
retv = api.samplecontrol.machexport(sample,
machocfull=fullmachoc,
strings=fstringexp,
metadata=fmeta,
fmachoc=fmachexp,
fname=fnamexp,
sabstract=sabstract,
aabstracts=aabstract)
return jsonify(retv)
return abort(400)
def machexport(sample_id):
"""
Machex export form handling.
"""
machex_export_form = ExportMachexForm()
sample = api.get_elem_by_type("sample", sample_id)
if machex_export_form.validate_on_submit():
fnamexp = False
fmachexp = False
fstringexp = False
fmeta = False
aabstract = False
sabstract = False
fullmachoc = False
if machex_export_form.machocfull.data:
fullmachoc = True
if machex_export_form.estrings.data:
fstringexp = True
if machex_export_form.metadata.data:
fmeta = True
if machex_export_form.fnames.data:
fnamexp = True
if machex_export_form.fmachoc.data:
fmachexp = True
if machex_export_form.abstracts.data:
sabstract = True
if machex_export_form.analysis_data.data:
aabstract = True
retv = api.samplecontrol.machexport(sample,
machocfull=fullmachoc,
strings=fstringexp,
metadata=fmeta,
fmachoc=fmachexp,
fname=fnamexp,
sabstract=sabstract,
aabstracts=aabstract)
return jsonify(retv)
return abort(400)
def view_family(family_id):
"""
Family view and forms handling.
"""
family = api.get_elem_by_type("family", family_id)
family_users = api.familycontrol.get_users_for_family(family)
export_form = ExportFamilyForm()
add_subfamily_form = AddSubFamilyForm()
add_yara_form = AddYaraToFamilyForm()
yara_choices = [(f.id, f.name) for f in YaraRule.query.order_by(
'name') if f not in family.yaras]
add_yara_form.yaraid.choices = yara_choices
family_abstract_form = FamilyAbstractForm()
add_detection_item_form = CreateDetectionItemForm()
change_status_form = ChangeStatusForm()
change_tlp_form = ChangeTLPForm()
add_attachment_form = UploadFamilyFileForm()
if add_subfamily_form.validate_on_submit():
newname = add_subfamily_form.familyname.data
newname = family.name + "." + newname
fid = api.familycontrol.create(name=newname, parentfamily=family)
if not fid:
abort(500)
if export_form.validate_on_submit():
family_manage_export_form(family.id, export_form)
if add_yara_form.validate_on_submit():
yar = api.get_elem_by_type("yara", add_yara_form.yaraid.data)
api.yaracontrol.add_to_family(family, yar)
if family_abstract_form.validate_on_submit():
abstract = family_abstract_form.abstract.data
api.familycontrol.set_abstract(family, abstract)
elif family.abstract is not None:
family_abstract_form.abstract.default = family.abstract
family_abstract_form.abstract.data = family.abstract
if change_tlp_form.validate_on_submit():
level = change_tlp_form.level.data
api.familycontrol.set_tlp_level(family, level)
if change_status_form.validate_on_submit():
status = change_status_form.newstatus.data
api.familycontrol.set_status(family, status)
if add_detection_item_form.validate_on_submit():
api.familycontrol.create_detection_item(
add_detection_item_form.item_abstract.data,
add_detection_item_form.name.data,
add_detection_item_form.tlp_level.data,
add_detection_item_form.item_type.data,
family)
if add_attachment_form.validate_on_submit():
data = add_attachment_form.file.data.read()
fname = secure_filename(add_attachment_form.file.data.filename)
api.familycontrol.add_file(data,
fname,
add_attachment_form.description.data,
add_attachment_form.level.data,
family)
return render_template("family.html",
family=family,
expform=export_form,
addsubfamform=add_subfamily_form,
uploadform=add_attachment_form,
abstractform=family_abstract_form,
createdetectionitemform=add_detection_item_form,
changestatusform=change_status_form,
changetlpform=change_tlp_form,
famusers=family_users,
yaraform=add_yara_form)
def api_family_export_samplesioc(family_id, tlp_level):
my_family = api.get_elem_by_type("family", family_id)
return plain_text(
api.familycontrol.export_samplesioc(my_family, tlp_level))
def api_family_export_detection_custom_elements(family_id, tlp_level):
my_family = api.get_elem_by_type("family", family_id)
return plain_text(
api.familycontrol.export_detection_custom(my_family, tlp_level))
def view_family(family_id):
"""
Family view and forms handling.
"""
family = api.get_elem_by_type("family", family_id)
family_users = api.familycontrol.get_users_for_family(family)
export_form = ExportFamilyForm()
add_subfamily_form = AddSubFamilyForm()
add_yara_form = AddYaraToFamilyForm()
yara_choices = [(f.id, f.name) for f in YaraRule.query.order_by(
'name') if f not in family.yaras]
add_yara_form.yaraid.choices = yara_choices
family_abstract_form = FamilyAbstractForm()
add_detection_item_form = CreateDetectionItemForm()
change_status_form = ChangeStatusForm()
change_tlp_form = ChangeTLPForm()
add_attachment_form = UploadFamilyFileForm()
if add_subfamily_form.validate_on_submit():
newname = add_subfamily_form.familyname.data
newname = family.name + "." + newname
fid = api.familycontrol.create(name=newname, parentfamily=family)
if not fid:
abort(500)
if export_form.validate_on_submit():
family_manage_export_form(family.id, export_form)
if add_yara_form.validate_on_submit():
yar = api.get_elem_by_type("yara", add_yara_form.yaraid.data)
api.yaracontrol.add_to_family(family, yar)
if family_abstract_form.validate_on_submit():
abstract = family_abstract_form.abstract.data
api.familycontrol.set_abstract(family, abstract)
elif family.abstract is not None:
family_abstract_form.abstract.default = family.abstract
family_abstract_form.abstract.data = family.abstract
if change_tlp_form.validate_on_submit():
level = change_tlp_form.level.data
api.familycontrol.set_tlp_level(family, level)
if change_status_form.validate_on_submit():
status = change_status_form.newstatus.data
api.familycontrol.set_status(family, status)
if add_detection_item_form.validate_on_submit():
api.familycontrol.create_detection_item(
add_detection_item_form.item_abstract.data,
add_detection_item_form.name.data,
add_detection_item_form.tlp_level.data,
add_detection_item_form.item_type.data,
family)
if add_attachment_form.validate_on_submit():
data = add_attachment_form.file.data.read()
fname = secure_filename(add_attachment_form.file.data.filename)
api.familycontrol.add_file(data,
fname,
add_attachment_form.description.data,
add_attachment_form.level.data,
family)
return render_template("family.html",
family=family,
expform=export_form,
addsubfamform=add_subfamily_form,
uploadform=add_attachment_form,
abstractform=family_abstract_form,
createdetectionitemform=add_detection_item_form,
changestatusform=change_status_form,
changetlpform=change_tlp_form,
famusers=family_users,
yaraform=add_yara_form)
