Ejemplo n.º 1
0
def add_new_signature_dependency(data_type, analyst):
    """
    Add a new signature dependency to CRITs.

    :param data_type: THe new dependency to add
    :type data_type: str
    :param analyst: The user adding the dependency.
    :type analyst: str
    :return: bool
    """

    if not data_type:
        return False

    data_type = str(data_type).strip();


    try:
        signature_dependency = SignatureDependency.objects(name=data_type).first()
        if signature_dependency:
            return False
        signature_dependency = SignatureDependency()
        signature_dependency.name = data_type
        signature_dependency.save(username=analyst)
        return True
    except ValidationError:
        return False
Ejemplo n.º 2
0
def get_dependency_autocomplete(term):
    """
    Get existing dependencies to autocomplete.

    :param term: The current term (string) to look for autocomplete options.
    :type term: str
    :returns: list
    """
    results = SignatureDependency.objects(name__istartswith=term)
    deps = [b.name for b in results]
    return HttpResponse(json.dumps(deps, default=json_handler), content_type="application/json")
Ejemplo n.º 3
0
def get_dependency_autocomplete(term):
    """
    Get existing dependencies to autocomplete.

    :param term: The current term (string) to look for autocomplete options.
    :type term: str
    :returns: list
    """
    results = SignatureDependency.objects(name__istartswith=term)
    deps = [b.name for b in results]
    return HttpResponse(json.dumps(deps, default=json_handler),
                        content_type='application/json')
Ejemplo n.º 4
0
def add_new_signature_dependency(data_type, analyst):
    """
    Add a new signature dependency to CRITs.

    :param data_type: THe new dependency to add
    :type data_type: str
    :param analyst: The user adding the dependency.
    :type analyst: str
    :return: bool
    """

    if not data_type:
        return False

    data_type = str(data_type).strip()

    try:
        signature_dependency = SignatureDependency.objects(
            name=data_type).first()
        if signature_dependency:
            return False
        signature_dependency = SignatureDependency()
        signature_dependency.name = data_type
        signature_dependency.save(username=analyst)
        return True
    except ValidationError:
        return False
Ejemplo n.º 5
0
def delete_signature_dependency(_id, username=None):
    """
    Delete Signature Dependency from CRITs.
    :param _id: The ObjectID of the signature dependency to delete.
    :param username: The user deleting this Signature dependency.
    :return: bool
    """
    signature_dependency = SignatureDependency.objects(id=_id).first()
    if signature_dependency:
        signature_dependency.delete(username=user.usernamename)
        return {'success': True}
    else:
        return {'success': False}
Ejemplo n.º 6
0
def delete_signature_dependency(_id, username=None):
    """
    Delete Signature Dependency from CRITs.
    :param _id: The ObjectID of the signature dependency to delete.
    :param username: The user deleting this Signature dependency.
    :return: bool
    """

    if is_admin(username):
        signature_dependency = SignatureDependency.objects(id=_id).first()
        if signature_dependency:
            signature_dependency.delete(username=username)
            return {'success': True}
        else:
            return {'success': False}
    else:
       return {'success': False}
Ejemplo n.º 7
0
def class_from_id(type_, _id):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param _id: The ObjectId to search for.
    :type _id: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.core.crits_mongoengine import Action
    from crits.core.source_access import SourceAccess
    from crits.core.user_role import UserRole
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData, RawDataType
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.signatures.signature import Signature, SignatureType, SignatureDependency
    from crits.targets.target import Target

    if not _id:
        return None

    # make sure it's a string
    _id = str(_id)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if not ObjectId.is_valid(_id.decode('utf8')):
        return None

    if type_ == 'Actor':
        return Actor.objects(id=_id).first()
    elif type_ == 'Backdoor':
        return Backdoor.objects(id=_id).first()
    elif type_ == 'ActorThreatIdentifier':
        return ActorThreatIdentifier.objects(id=_id).first()
    elif type_ == 'Campaign':
        return Campaign.objects(id=_id).first()
    elif type_ == 'Certificate':
        return Certificate.objects(id=_id).first()
    elif type_ == 'Comment':
        return Comment.objects(id=_id).first()
    elif type_ == 'Domain':
        return Domain.objects(id=_id).first()
    elif type_ == 'Email':
        return Email.objects(id=_id).first()
    elif type_ == 'Event':
        return Event.objects(id=_id).first()
    elif type_ == 'Exploit':
        return Exploit.objects(id=_id).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=_id).first()
    elif type_ == 'Action':
        return Action.objects(id=_id).first()
    elif type_ == 'IP':
        return IP.objects(id=_id).first()
    elif type_ == 'PCAP':
        return PCAP.objects(id=_id).first()
    elif type_ == 'RawData':
        return RawData.objects(id=_id).first()
    elif type_ == 'RawDataType':
        return RawDataType.objects(id=_id).first()
    elif type_ == 'Sample':
        return Sample.objects(id=_id).first()
    elif type_ == 'Signature':
        return Signature.objects(id=_id).first()
    elif type_ == 'SignatureType':
        return SignatureType.objects(id=_id).first()
    elif type_ == 'SignatureDependency':
        return SignatureDependency.objects(id=_id).first()
    elif type_ == 'SourceAccess':
        return SourceAccess.objects(id=_id).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=_id).first()
    elif type_ == 'Target':
        return Target.objects(id=_id).first()
    elif type_ == 'UserRole':
        return UserRole.objects(id=_id).first()
    else:
        return None
Ejemplo n.º 8
0
def class_from_id(type_, _id):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param _id: The ObjectId to search for.
    :type _id: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.core.crits_mongoengine import Action
    from crits.core.source_access import SourceAccess
    from crits.core.user_role import UserRole
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData, RawDataType
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.signatures.signature import Signature, SignatureType, SignatureDependency
    from crits.targets.target import Target

    if not _id:
        return None

    # make sure it's a string
    _id = str(_id)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if not ObjectId.is_valid(_id.decode('utf8')):
        return None

    if type_ == 'Actor':
        return Actor.objects(id=_id).first()
    elif type_ == 'Backdoor':
        return Backdoor.objects(id=_id).first()
    elif type_ == 'ActorThreatIdentifier':
        return ActorThreatIdentifier.objects(id=_id).first()
    elif type_ == 'Campaign':
        return Campaign.objects(id=_id).first()
    elif type_ == 'Certificate':
        return Certificate.objects(id=_id).first()
    elif type_ == 'Comment':
        return Comment.objects(id=_id).first()
    elif type_ == 'Domain':
        return Domain.objects(id=_id).first()
    elif type_ == 'Email':
        return Email.objects(id=_id).first()
    elif type_ == 'Event':
        return Event.objects(id=_id).first()
    elif type_ == 'Exploit':
        return Exploit.objects(id=_id).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=_id).first()
    elif type_ == 'Action':
        return Action.objects(id=_id).first()
    elif type_ == 'IP':
        return IP.objects(id=_id).first()
    elif type_ == 'PCAP':
        return PCAP.objects(id=_id).first()
    elif type_ == 'RawData':
        return RawData.objects(id=_id).first()
    elif type_ == 'RawDataType':
        return RawDataType.objects(id=_id).first()
    elif type_ == 'Sample':
        return Sample.objects(id=_id).first()
    elif type_ == 'Signature':
        return Signature.objects(id=_id).first()
    elif type_ == 'SignatureType':
        return SignatureType.objects(id=_id).first()
    elif type_ == 'SignatureDependency':
        return SignatureDependency.objects(id=_id).first()
    elif type_ == 'SourceAccess':
        return SourceAccess.objects(id=_id).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=_id).first()
    elif type_ == 'Target':
        return Target.objects(id=_id).first()
    elif type_ == 'UserRole':
        return UserRole.objects(id=_id).first()
    else:
        return None