def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRIPTs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`cripts.core.cripts_mongoengine.CriptsBaseAttributes`
"""
#Quick fail
if not _id or not type_:
return None
# doing this to avoid circular imports
from cripts.comments.comment import Comment
from cripts.core.cripts_mongoengine import Action
from cripts.core.source_access import SourceAccess
from cripts.core.user_role import UserRole
from cripts.events.event import Event
from cripts.usernames.username import UserName
from cripts.targets.target import Target
from cripts.hashes.hash import Hash
from cripts.datasets.dataset import Dataset
from cripts.email_addresses.email_address import EmailAddress
# make sure it's a string
_id = str(_id)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if not ObjectId.is_valid(_id.decode('utf8')):
return None
if type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'Action':
return Action.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
elif type_ == 'UserName':
return UserName.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'Hash':
return Hash.objects(id=_id).first()
elif type_ == 'Dataset':
return Dataset.objects(id=_id).first()
elif type_ == 'EmailAddress':
return EmailAddress.objects(id=_id).first()
else:
return None
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRIPTs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`cripts.core.cripts_mongoengine.CriptsBaseAttributes`
"""
#Quick fail
if not _id or not type_:
return None
# doing this to avoid circular imports
from cripts.comments.comment import Comment
from cripts.core.cripts_mongoengine import Action
from cripts.core.source_access import SourceAccess
from cripts.core.user_role import UserRole
from cripts.events.event import Event
from cripts.usernames.username import UserName
from cripts.targets.target import Target
from cripts.hashes.hash import Hash
from cripts.datasets.dataset import Dataset
from cripts.email_addresses.email_address import EmailAddress
# make sure it's a string
_id = str(_id)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if not ObjectId.is_valid(_id.decode('utf8')):
return None
if type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'Action':
return Action.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
elif type_ == 'UserName':
return UserName.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'Hash':
return Hash.objects(id=_id).first()
elif type_ == 'Dataset':
return Dataset.objects(id=_id).first()
elif type_ == 'EmailAddress':
return EmailAddress.objects(id=_id).first()
else:
return None
def class_from_value(type_, value):
"""
Return an instantiated class object.
:param type_: The CRIPTs top-level object type.
:type type_: str
:param value: The value to search for.
:type value: str
:returns: class which inherits from
:class:`cripts.core.cripts_mongoengine.CriptsBaseAttributes`
"""
#Quick fail
if not type_ or not value:
return None
# doing this to avoid circular imports
from cripts.comments.comment import Comment
from cripts.events.event import Event
from cripts.usernames.username import UserName
from cripts.targets.target import Target
from cripts.hashes.hash import Hash
from cripts.datasets.dataset import Dataset
from cripts.email_addresses.email_address import EmailAddress
# Make sure value is a string...
value = str(value)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if (type_ in [
'Comment', 'Event', 'UserName', 'Target', 'Hash', 'Dataset',
'EmailAddress'
] and not ObjectId.is_valid(value.decode('utf8'))):
return None
if type_ == 'Comment':
return Comment.objects(id=value).first()
elif type_ == 'Event':
return Event.objects(id=value).first()
elif type_ == 'UserName':
return UserName.objects(id=value).first()
elif type_ == 'Target':
return Target.objects(id=value).first()
elif type_ == 'Hash':
return Hash.objects(id=value).first()
elif type_ == 'Dataset':
return Dataset.objects(id=value).first()
elif type_ == 'EmailAddress':
return EmailAddress.objects(id=value).first()
else:
return None
def class_from_value(type_, value):
"""
Return an instantiated class object.
:param type_: The CRIPTs top-level object type.
:type type_: str
:param value: The value to search for.
:type value: str
:returns: class which inherits from
:class:`cripts.core.cripts_mongoengine.CriptsBaseAttributes`
"""
#Quick fail
if not type_ or not value:
return None
# doing this to avoid circular imports
from cripts.comments.comment import Comment
from cripts.events.event import Event
from cripts.usernames.username import UserName
from cripts.targets.target import Target
from cripts.hashes.hash import Hash
from cripts.datasets.dataset import Dataset
from cripts.email_addresses.email_address import EmailAddress
# Make sure value is a string...
value = str(value)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if (type_ in ['Comment','Event','UserName','Target','Hash','Dataset','EmailAddress'] and
not ObjectId.is_valid(value.decode('utf8'))):
return None
if type_ == 'Comment':
return Comment.objects(id=value).first()
elif type_ == 'Event':
return Event.objects(id=value).first()
elif type_ == 'UserName':
return UserName.objects(id=value).first()
elif type_ == 'Target':
return Target.objects(id=value).first()
elif type_ == 'Hash':
return Hash.objects(id=value).first()
elif type_ == 'Dataset':
return Dataset.objects(id=value).first()
elif type_ == 'EmailAddress':
return EmailAddress.objects(id=value).first()
else:
return None
def event_remove(_id, username):
"""
Remove an event from CRIPTs.
:param _id: The ObjectId of the Event to remove.
:type _id: str
:param username: The user removing this Event.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str)
"""
if is_admin(username):
event = Event.objects(id=_id).first()
if event:
event.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': 'Need to be admin'}
def event_remove(_id, username):
"""
Remove an event from CRIPTs.
:param _id: The ObjectId of the Event to remove.
:type _id: str
:param username: The user removing this Event.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str)
"""
if is_admin(username):
event = Event.objects(id=_id).first()
if event:
event.delete(username=username)
return {'success':True}
else:
return {'success':False,'message': 'Need to be admin'}
def update_event_type(event_id, type_, analyst):
"""
Update event type.
:param event_id: The ObjectId of the Event to update.
:type event_id: str
:param type_: The new type.
:type type_: str
:param analyst: The user updating this Event.
:type analyst: str
:returns: dict with keys "success" (boolean) and "message" (str)
"""
if not type_:
return {'success': False, 'message': "No event type to change"}
event = Event.objects(id=event_id).first()
event.set_event_type(type_)
try:
event.save(username=analyst)
return {'success': True}
except ValidationError, e:
return {'success': False, 'message': e}
def update_event_type(event_id, type_, analyst):
"""
Update event type.
:param event_id: The ObjectId of the Event to update.
:type event_id: str
:param type_: The new type.
:type type_: str
:param analyst: The user updating this Event.
:type analyst: str
:returns: dict with keys "success" (boolean) and "message" (str)
"""
if not type_:
return {'success': False, 'message': "No event type to change"}
event = Event.objects(id=event_id).first()
event.set_event_type(type_)
try:
event.save(username=analyst)
return {'success': True}
except ValidationError, e:
return {'success': False, 'message': e}
def get_event_details(event_id, analyst):
"""
Generate the data to render the Event details template.
:param event_id: The ObjectId of the Event to get details for.
:type event_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
event = Event.objects(id=event_id, source__name__in=sources).first()
if not event:
template = "error.html"
args = {'error': "ID does not exist or insufficient privs for source"}
return template, args
event.sanitize("%s" % analyst)
download_form = DownloadFileForm(initial={
"obj_type": 'Event',
"obj_id": event_id
})
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, event.id, 'Event')
# subscription
subscription = {
'type': 'Event',
'id': event.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id),
}
#objects
objects = event.sort_objects()
#relationships
relationships = event.sort_relationships("%s" % analyst, meta=True)
# Get count of related Events for each related Sample
for smp in relationships.get('Sample', []):
count = Event.objects(relationships__object_id=smp['id'],
source__name__in=sources).count()
smp['rel_smp_events'] = count
# relationship
relationship = {'type': 'Event', 'value': event.id}
#comments
comments = {'comments': event.get_comments(), 'url_key': event.id}
# favorites
favorite = is_user_favorite("%s" % analyst, 'Event', event.id)
# services
service_list = get_supported_services('Event')
# analysis results
service_results = event.get_analysis_results()
args = {
'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'event': event,
'service_results': service_results,
'download_form': download_form
}
return template, args
def add_sample_for_event(event_id,
data,
analyst,
filedata=None,
filename=None,
md5=None,
email_addr=None,
inherit_sources=False):
"""
Add a sample related to this Event.
:param event_id: The ObjectId of the Event to associate with.
:type event_id: str
:param data: The form data.
:type data: dict
:param analyst: The user adding this Sample.
:type analyst: str
:param filedata: The sample data.
:type filedata: file handle.
:param filename: The name of the file.
:type filename: str
:param md5: The MD5 of the file.
:type md5: str
:param email_addr: Email address to which to email the sample
:type email_addr: str
:param inherit_sources: 'True' if Sample should inherit Event's Source(s)
:type inherit_sources: bool
:returns: dict with keys "success" (boolean) and "message" (str)
"""
response = {
'success': False,
'message': 'Unknown error; unable to upload file.'
}
users_sources = user_sources(analyst)
event = Event.objects(id=event_id, source__name__in=users_sources).first()
if not event:
return {'success': False, 'message': "No matching event found"}
source = data['source']
reference = data['reference']
file_format = data['file_format']
bucket_list = data[form_consts.Common.BUCKET_LIST_VARIABLE_NAME]
ticket = data[form_consts.Common.TICKET_VARIABLE_NAME]
method = data['method']
if filename:
filename = filename.strip()
inherited_source = event.source if inherit_sources else None
try:
if filedata:
result = handle_uploaded_file(filedata,
source,
method,
reference,
file_format,
data['password'],
analyst,
related_id=event.id,
related_type='Event',
filename=filename,
bucket_list=bucket_list,
ticket=ticket,
inherited_source=inherited_source)
else:
result = handle_uploaded_file(None,
source,
method,
reference,
file_format,
None,
analyst,
related_id=event.id,
related_type='Event',
filename=filename,
md5=md5,
bucket_list=bucket_list,
ticket=ticket,
inherited_source=inherited_source,
is_return_only_md5=False)
except ZipFileError, zfe:
return {'success': False, 'message': zfe.value}
def get_event_details(event_id, analyst):
"""
Generate the data to render the Event details template.
:param event_id: The ObjectId of the Event to get details for.
:type event_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
event = Event.objects(id=event_id, source__name__in=sources).first()
if not event:
template = "error.html"
args = {'error': "ID does not exist or insufficient privs for source"}
return template, args
event.sanitize("%s" % analyst)
download_form = DownloadFileForm(initial={"obj_type": 'Event',
"obj_id": event_id})
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, event.id, 'Event')
# subscription
subscription = {
'type': 'Event',
'id': event.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Event', event.id),
}
#objects
objects = event.sort_objects()
#relationships
relationships = event.sort_relationships("%s" % analyst, meta=True)
# Get count of related Events for each related Sample
for smp in relationships.get('Sample', []):
count = Event.objects(relationships__object_id=smp['id'],
source__name__in=sources).count()
smp['rel_smp_events'] = count
# relationship
relationship = {
'type': 'Event',
'value': event.id
}
#comments
comments = {'comments': event.get_comments(), 'url_key': event.id}
# favorites
favorite = is_user_favorite("%s" % analyst, 'Event', event.id)
# services
service_list = get_supported_services('Event')
# analysis results
service_results = event.get_analysis_results()
args = {'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'event': event,
'service_results': service_results,
'download_form': download_form}
return template, args
def add_sample_for_event(event_id, data, analyst, filedata=None, filename=None,
md5=None, email_addr=None, inherit_sources=False):
"""
Add a sample related to this Event.
:param event_id: The ObjectId of the Event to associate with.
:type event_id: str
:param data: The form data.
:type data: dict
:param analyst: The user adding this Sample.
:type analyst: str
:param filedata: The sample data.
:type filedata: file handle.
:param filename: The name of the file.
:type filename: str
:param md5: The MD5 of the file.
:type md5: str
:param email_addr: Email address to which to email the sample
:type email_addr: str
:param inherit_sources: 'True' if Sample should inherit Event's Source(s)
:type inherit_sources: bool
:returns: dict with keys "success" (boolean) and "message" (str)
"""
response = {'success': False,
'message': 'Unknown error; unable to upload file.'}
users_sources = user_sources(analyst)
event = Event.objects(id=event_id, source__name__in=users_sources).first()
if not event:
return {'success': False,
'message': "No matching event found"}
source = data['source']
reference = data['reference']
file_format = data['file_format']
bucket_list = data[form_consts.Common.BUCKET_LIST_VARIABLE_NAME]
ticket = data[form_consts.Common.TICKET_VARIABLE_NAME]
method = data['method']
if filename:
filename = filename.strip()
inherited_source = event.source if inherit_sources else None
try:
if filedata:
result = handle_uploaded_file(filedata,
source,
method,
reference,
file_format,
data['password'],
analyst,
related_id=event.id,
related_type='Event',
filename=filename,
bucket_list=bucket_list,
ticket=ticket,
inherited_source=inherited_source)
else:
result = handle_uploaded_file(None,
source,
method,
reference,
file_format,
None,
analyst,
related_id=event.id,
related_type='Event',
filename=filename,
md5=md5,
bucket_list=bucket_list,
ticket=ticket,
inherited_source=inherited_source,
is_return_only_md5=False)
except ZipFileError, zfe:
return {'success': False, 'message': zfe.value}
