def get_vulnerabilities():
"""Return a paginated list of available vulnerabilities
For vulnerability details see
:http:get:`/api/1.0/vulnerabilities/(int:vuln_id)`
**Example request**:
.. sourcecode:: http
GET /api/1.0/vulnerabilities HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
{
"vulnerabilities": [
{
"check_string": "--></script><script>alert('Patatas')</script>",
"constituent": "CERT-EU",
"do": "Test Account",
"id": 1,
"reported": "2016-06-14T21:03:36",
"request_method": "GET",
"rtir_id": 24285,
"types": [
"XSS",
"CSRF"
],
"updated": "2016-06-14T21:03:36",
"url": "https://webgate.ec.europa.eu/europeaid/online-servic"
}
]
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:>json array items: List of available vulnerabilities
:>jsonarr integer id: Vulnerability unique ID
:>jsonarr string url: Vulnerable URL
:>jsonarr string check_string: Vulnerability check
:>jsonarr string constituent: Affected constituent abbreviation
:>jsonarr string do: Dutty officer
:>jsonarr string reported: Report date
:>jsonarr string request_method: ``GET``, ``POST`` or ``PUT``
:>jsonarr string rtir_id: RTIR investigation ID
:>jsonarr array types: One or more vulnerability types
:>jsonarr array updated: Last updated (last checked) date
:status 200: Vulnerabilities list
:status 404: Not found
"""
return ApiPagedResponse(Vulnerability.query)
def get_vxstream_analyses():
"""Return a paginated list of VxStream Sandbox JSON reports.
**Example request**:
.. sourcecode:: http
GET /api/1.0/analysis/vxstream?page=1 HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
Link: <.../api/1.0/analysis/vxstream?page=1&per_page=20>; rel="First",
<.../api/1.0/analysis/vxstream?page=0&per_page=20>; rel="Last"
{
"count": 3,
"items": [
{
"created": "2016-03-21T16:52:52",
"id": 4,
"report": "...",
"type": "Dynamic analysis"
},
{
"created": "2016-03-21T16:51:49",
"id": 3,
"report": "...",
"type": "Dynamic analysis"
},
{
"created": "2016-03-20T17:09:03",
"id": 2,
"report": "...",
"type": "Dynamic analysis"
}
],
"page": 1
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader Link: Describe relationship with other resources
:>json array items: VxStream reports
:>jsonarr integer id: AV scan unique ID
:>jsonarr string name: File name
:>jsonarr string sha256: SHA256 message-digest of file
:>json integer page: Current page number
:>json integer count: Total number of items
:status 200: Reports found
:status 404: Resource not found
"""
return ApiPagedResponse(Report.query.filter_by(type_id=3))
def get_nessus_scans():
"""Return a paginated list of Nessus scan reports.
**Example request**:
.. sourcecode:: http
GET /api/1.0/analysis/nessus?page=1 HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
Link: <.../api/1.0/analysis/nessus?page=1&per_page=20>; rel="First",
<.../api/1.0/analysis/nessus?page=0&per_page=20>; rel="Last"
{
"count": 3,
"items": [
{
"created": "2016-03-21T16:52:52",
"id": 4,
"report": "...",
"type": "Nessus scan"
},
{
"created": "2016-03-21T16:51:49",
"id": 3,
"report": "...",
"type": "Nessus scan"
},
{
"created": "2016-03-20T17:09:03",
"id": 2,
"report": "...",
"type": "Nessus scan"
}
],
"page": 1
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader Link: Describe relationship with other resources
:>json array items: Nessus scan reports
:>jsonarr integer id: Scan unique ID
:>jsonarr object report: Scan report
:>json integer page: Current page number
:>json integer count: Total number of items
:status 200: Reports found
:status 404: Resource not found
"""
return ApiPagedResponse(Report.query.filter_by(type_id=4))
def get_samples():
"""Return a paginated list of samples
**Example request**:
.. sourcecode:: http
GET /api/1.0/samples?page=1 HTTP/1.1
Host: cp.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
Link: <.../api/1.0/samples?page=1&per_page=20>; rel="First",
<.../api/1.0/samples?page=0&per_page=20>; rel="Last"
{
"count": 2,
"items": [
{
"created": "2016-03-21T16:09:47",
"ctph": "49152:77qzLl6EKvwkdB7qzLl6EKvwkTY40GfAHw7qzLl6EKv...",
"filename": "stux.zip",
"id": 2,
"sha256": "1eedab2b09a4bf6c87b273305c096fa2f597ff9e4bdd39bc..."
},
{
"created": "2016-03-20T16:58:09",
"ctph": "49152:77qzLl6EKvwkdB7qzLl6EKvwkTY40GfAHw7qzLl6EKv...",
"filename": "stux.zip",
"id": 1,
"sha256": "1eedab2b09a4bf6c87b273305c096fa2f597ff9e4bdd39bc45..."
}
],
"page": 1
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader Link: Describe relationship with other resources
:>json array items: Samples list
:>jsonarr integer id: Sample unique ID
:>jsonarr string created: Time of upload
:>jsonarr string sha256: SHA256 of file
:>jsonarr string ctph: CTPH (a.k.a. fuzzy hash) of file
:>jsonarr string filename: Filename (as provided by the client)
:>json integer page: Current page number
:>json integer count: Total number of items
:status 200: Files found
:status 404: Resource not found
"""
return ApiPagedResponse(Sample.query.filter_by(user_id=g.user.id))
def get_av_scans():
"""Return a paginated list of available AV scan reports
**Example request**:
.. sourcecode:: http
GET /api/1.0/analysis/av?page=1 HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
Link: <.../api/1.0/analysis/av?page=1&per_page=20>; rel="First",
<.../api/1.0/analysis/av?page=0&per_page=20>; rel="Last"
{
"count": 58,
"items": [
{
"id": 1,
"name": "otrs.txt",
"sha256": "403e0ef2ee6cb281ed294f84a8e417141caf4abdd46ceeedf3..."
}
],
"page": 1,
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader Link: Describe relationship with other resources
:>json array items: AV reports
:>jsonarr integer id: AV scan unique ID
:>jsonarr string name: File name
:>jsonarr string sha256: SHA256 message-digest of file
:>json integer page: Current page number
:>json integer count: Total number of items
:status 200: Reports found
:status 404: Resource not found
"""
return ApiPagedResponse(Report.query.filter_by(type_id=2))
def get_files():
"""Return a paginated list of available files
**Example request**:
.. sourcecode:: http
GET /api/1.0/files?page=1 HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
DO-Page-Next: http://do.cert.europa.eu/api/1.0/files?page=1
DO-Page-Prev: None
DO-Page-Current: 1
DO-Page-Item-Count: 8
{
"count": 8,
"first": "http://do.cert.europa.eu/api/1.0/files?per_page=20&page=1",
"items": [
{
"created": "2016-08-08T15:28:28",
"id": 2,
"name": "CIMBL-244-EU.zip",
"type": "CIMBL"
},
{
"created": "2016-08-08T10:36:31",
"id": 1,
"name": "CIMBL-244-EU.zip",
"type": "CIMBL"
}
],
"last": "http://127.0.0.1:5001/api/1.0/files?per_page=20&page=1",
"next": null,
"page": 1,
"per_page": 20,
"prev": null
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader DO-Page-Next: Next page URL
:resheader DO-Page-Prev: Previous page URL
:resheader DO-Page-Curent: Current page number
:resheader DO-Page-Item-Count: Total number of items
:>json array items: Files
:>jsonarr integer id: File unique ID
:>jsonarr string name: File name
:>jsonarr string type: Deliverable type
For the list of available types see :http:get:`/api/1.0/deliverables`
:>jsonarr string created: Creation date
:>json integer page: Current page number
:>json integer prev: Previous page number
:>json integer next: Next page number
:>json integer count: Total number of items
:status 200: File found
:status 404: Resource not found
"""
return ApiPagedResponse(DeliverableFile.query)
def get_samples():
"""Return a paginated list of samples
**Example request**:
.. sourcecode:: http
GET /api/1.0/samples?page=1 HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
DO-Page-Next: None
DO-Page-Prev: None
DO-Page-Current: 1
DO-Page-Item-Count: 2
{
"count": 2,
"files": [
{
"created": "2016-03-21T16:09:47",
"ctph": "49152:77qzLl6EKvwkdB7qzLl6EKvwkTY40GfAHw7qzLl6EKvwk...",
"filename": "stux.zip",
"id": 2,
"sha256": "1eedab2b09a4bf6c87b273305c096fa2f597ff9e4bdd39bc4..."
},
{
"created": "2016-03-20T16:58:09",
"ctph": "49152:77qzLl6EKvwkdB7qzLl6EKvwkTY40GfAHw7qzLl6EKvwk...",
"filename": "stux.zip",
"id": 1,
"sha256": "1eedab2b09a4bf6c87b273305c096fa2f597ff9e4bdd39bc45..."
}
],
"next": null,
"page": 1,
"prev": null
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader DO-Page-Next: Next page URL
:resheader DO-Page-Prev: Previous page URL
:resheader DO-Page-Curent: Current page number
:resheader DO-Page-Item-Count: Total number of items
:>json array items: Array of samples
:>jsonarr integer id: Sample unique ID
:>jsonarr string created: Time of upload
:>jsonarr string sha256: SHA256 of file
:>jsonarr string ctph: CTPH (a.k.a. fuzzy hash) of file
:>jsonarr string filename: Filename (as provided by the client)
:>json integer page: Current page number
:>json integer prev: Previous page number
:>json integer next: Next page number
:>json integer count: Total number of items
:status 200: Files found
:status 404: Resource not found
"""
return ApiPagedResponse(Sample.query)
def get_reports():
"""Return a paginated list of malware analysis reports
**Example request**:
.. sourcecode:: http
GET /api/1.0/reports HTTP/1.1
Host: do.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
DO-Page-Next: null
DO-Page-Prev: null
DO-Page-Current: 1
DO-Page-Item-Count: 17
{
"count": 17,
"next": null,
"page": 1,
"prev": null,
"reports": [
{
"created": "2016-03-20T17:09:03",
"id": 2,
"report": "...",
"type": "Static analysis"
},
{
"created": "2016-03-20T16:58:17",
"id": 1,
"report": "...",
"type": "AntiVirus scan"
}
]
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader DO-Page-Next: Next page URL
:resheader DO-Page-Prev: Previous page URL
:resheader DO-Page-Curent: Current page number
:resheader DO-Page-Item-Count: Total number of items
:>json array items: List of current page of reports
:>jsonarr integer id: Report unique ID
:>jsonarr string report: JSON string of report
:>jsonarr string created: Report date
:>jsonarr string type: Type of report. On of: Static analysis,
AntiVirus scan, Dynamic analysis
:status 200: IP ranges endpoint found, response may be empty
:status 404: Not found
"""
return ApiPagedResponse(Report.query)
def get_files():
"""Return a paginated list of available files
**Example request**:
.. sourcecode:: http
GET /api/1.0/files?page=1 HTTP/1.1
Host: cp.cert.europa.eu
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
Link: <.../api/1.0/files?page=1&per_page=20>; rel="First",
<.../api/1.0/files?page=2&per_page=20>; rel="Next"
<.../api/1.0/files?page=2&per_page=20>; rel="Last"
{
"count": 58,
"files": [
{
"deliverable": {
"id": 3,
"name": "CIMBL"
},
"id": 66,
"name": "test.gz"
},
{
"deliverable": {
"id": 3,
"name": "CIMBL"
},
"id": 65,
"name": "test.gz"
}
],
"page": 1
}
:reqheader Accept: Content type(s) accepted by the client
:resheader Content-Type: this depends on `Accept` header or request
:resheader Link: Describe relationship with other resources
:>json array files: Files
:>jsonarr integer id: File unique ID
:>jsonarr string name: File name
:>json object deliverable: Deliverable type
:>jsonobj string id: Deliverable unique ID
:>jsonobj string name: Deliverable name
:>json integer page: Current page number
:>json integer count: Total number of items
:status 200: File found
:status 404: Resource not found
"""
if current_user.can(Permission.SLAACTIONS):
deliverable_query = DeliverableFile.query
else:
deliverable_query = DeliverableFile.query.filter_by(is_sla=0)
return ApiPagedResponse(deliverable_query)
