def __init__(self, community=None, taxii_client=None, taxii2_client=None):
if taxii2_client:
taxii = taxii2_client
elif taxii_client:
taxii = taxii_client
self._name = taxii.name
self._protocol_version = taxii.protocol_version
self._username = taxii.login_id
self._password = taxii.login_password
self._jobs = taxii.jobs
self._interval_job = taxii.interval_schedule_job
self._can_read = taxii.can_read
self._can_write = taxii.can_write
if taxii.is_use_cert:
self._auth_type = clients.HttpClient.AUTH_CERT_BASIC
self._key_file = taxii.key_file
self._cert_file = taxii.cert_file
else:
self._auth_type = clients.HttpClient.AUTH_BASIC
if taxii2_client:
self._api_root = taxii.api_root
self._collection = taxii.collection
self._via = Vias.get_via_taxii_poll(taxii2_client=taxii,
uploader=taxii.uploader)
else:
self._address = taxii.address
self._port = taxii.port
self._path = taxii.path
self._collection_name = taxii.collection
self._via = Vias.get_via_taxii_poll(taxii_client=taxii,
uploader=taxii.uploader)
self._client = clients.HttpClient()
self._ssl = taxii.ssl
self._client.set_use_https(self._ssl)
self._client.set_auth_type(self._auth_type)
self._proxies = System.get_request_proxies()
if self._proxies is not None:
p = urlparse(self._address)
if p.scheme == 'https':
self._client.set_proxy(self._proxies['https'])
else:
self._client.set_proxy(self._proxies['http'])
try:
self._community = taxii.community
except BaseException:
self._community = None
self._taxii = taxii
self._start = None
self._end = None
self._schedule = CtirsScheduler()
def get_isight_stix(self, start_time=None, end_time=None):
#登録情報を取得
isight_adapter = isightAdapter.get()
community = isight_adapter.community
uploader = isight_adapter.uploader
via = Vias.get_via_adapter_isight(uploader)
try:
#範囲内のリストを取得する
l = self._get_isight_stix_report_list(start_time, end_time)
except Exception as e:
traceback.print_exc()
raise e
#last_requested更新
isight_adapter.modify_last_requested()
#リストの各要素をSTIXで取得してregistする
count = 0
for report_id in l:
try:
content = self._get_isight_stix_report(report_id)
#ファイル登録
#self._regist_isight_stix(content,community,via)
_regist_stix(content, community, via)
count += 1
except Exception as e:
#エラーが発生した場合はログを表示して処理は実行する
traceback.print_exc()
return count
def __init__(self,
taxii_name=None,
taxii_id=None,
community=None,
taxii_client=None):
taxii = None
if taxii_client is not None:
taxii = taxii_client
elif taxii_name is not None:
taxii = TaxiiClients.objects.get(name=taxii_name)
elif taxii_id is not None:
taxii = TaxiiClients.objects.get(id=taxii_id)
self._address = taxii.address
self._port = taxii.port
self._path = taxii.path
self._collection_name = taxii.collection
self._jobs = taxii.jobs
self._interval_job = taxii.interval_schedule_job
self._protocol_version = taxii.protocol_version
# taxii client設定
self._client = clients.HttpClient()
if taxii.is_use_cert:
self._auth_type = clients.HttpClient.AUTH_CERT_BASIC
self._key_file = taxii.key_file
self._cert_file = taxii.cert_file
else:
self._auth_type = clients.HttpClient.AUTH_BASIC
self._username = taxii.login_id
self._password = taxii.login_password
self._ssl = taxii.ssl
# proxy 設定があれば設定する
self._proxies = System.get_request_proxies()
if self._proxies is not None:
p = urlparse(self._address)
if p.scheme == 'https':
self._client.set_proxy(self._proxies['https'])
else:
self._client.set_proxy(self._proxies['http'])
try:
self._community = taxii.community
except BaseException:
self._community = None
self._via = Vias.get_via_taxii_poll(taxii, uploader=taxii.uploader)
self._taxii = taxii
self._start = None
self._end = None
self._schedule = CtirsScheduler()
# _scheduleのstartはschedule単位
# modify/resume/pauseはjob単位
# TAXII Protocol 1.1 なら Authentication 設定を行う
if self._protocol_version == '1.1':
self.set_taxii_11_authentication()
def get_misp_stix(self,
from_dt=None,
to_dt=None,
identity=default_identity_name):
# identity を更新
self.mc.identity_name = identity
# misp アダプタの設定を取得
misp_conf = MispAdapter.get()
url = misp_conf.url
stix_id_prefix = misp_conf.stix_id_prefix
apikey = misp_conf.apikey
published_only = misp_conf.published_only
# 登録情報を取得
community = misp_conf.community
uploader = misp_conf.uploader
via = Vias.get_via_adapter_misp(uploader)
# mispから取得
try:
if url[-1] != '/':
url += '/'
url = url + 'events/xml/download.json'
md = MISPDownloader(url, apikey)
text = md.get(from_dt=from_dt, to_dt=to_dt)
if text is None:
return 0
stix_packages = self.mc.convert(text=text.encode(),
published_only=published_only,
stix_id_prefix=stix_id_prefix)
except Exception as e:
traceback.print_exc()
raise e
# last_requested更新
misp_conf.modify_last_requested()
count = 0
# ひとつずつ取得する
for stix_package in stix_packages:
try:
# stix一つごとに登録処理
# 取得したSTIXを登録
try:
StixFiles.objects.get(package_id=stix_package.id_)
except DoesNotExist:
# 存在しない場合は登録する
_regist_stix(stix_package.to_xml(), community, via)
count += 1
except Exception as e:
# エラーが発生した場合はログを表示して処理は実行する
traceback.print_exc()
# 件数を返却
return count
def upload_stix_file(request):
ctirs_auth_user = api_root.authentication(request)
if ctirs_auth_user is None:
return api_root.error(Exception('You have no permission for this operation.'))
try:
via = Vias.get_via_rest_api_upload(uploader=ctirs_auth_user.id)
upload_common(request, via)
return api_root.get_put_normal_status()
except Exception as e:
import traceback
traceback.print_exc()
return api_root.error(e)
def get_misp_stix(self, from_dt=None, to_dt=None):
# misp アダプタの設定を取得
misp_conf = MispAdapter.get()
url = misp_conf.url
apikey = misp_conf.apikey
published_only = misp_conf.published_only
if misp_conf.stix_version.startswith('1.'):
stix_version = 'stix'
else:
stix_version = 'stix2'
# 登録情報を取得
community = misp_conf.community
uploader = misp_conf.uploader
via = Vias.get_via_adapter_misp(uploader)
# mispから取得
try:
if url[-1] != '/':
url += '/'
url = url + 'events/restSearch'
md = MISPDownloader(url, apikey)
stix_packages = md.get(from_dt=from_dt,
to_dt=to_dt,
published_only=published_only,
stix_version=stix_version)
except Exception as e:
traceback.print_exc()
raise e
# last_requested更新
misp_conf.modify_last_requested()
if stix_packages is None:
return 0
count = 0
# ひとつずつ取得する
for stix_package in stix_packages:
try:
if misp_conf.stix_version.startswith('1.'):
regist_flag = self._regist_12(stix_package, community, via)
elif misp_conf.stix_version.startswith('2.'):
regist_flag = self._regist_20(stix_package, community, via)
if regist_flag:
count += 1
except Exception:
# エラーが発生した場合はログを表示して処理は実行する
traceback.print_exc()
# 件数を返却
return count
def upload(request):
# activeユーザー以外はエラー
if not request.user.is_active:
return error_page_inactive(request)
# post以外はエラー
if request.method != 'POST':
# エラー画面
raise Exception('Invalid HTTP Method')
try:
# uploaderIDを取得する
uploader = int(request.user.id)
# viaを取得
via = Vias.get_via_file_upload(uploader=uploader)
# upload処理
upload_common(request, via)
replace_dict = get_common_replace_dict(request)
return render(request, 'success.html', replace_dict)
except Exception:
return error_page(request)
def get_otx_stix(self, mtimestamp=None):
# OTXアダプタの設定を取得
otx_conf = OtxAdapter.get()
key = otx_conf.apikey
# 登録情報を取得
community = otx_conf.community
uploader = otx_conf.uploader
via = Vias.get_via_adapter_otx(uploader)
# otxから取得
try:
proxies = System.get_request_proxies()
otx = OTXv2(key, proxies)
slices = otx.getsince(mtimestamp)
except Exception as e:
traceback.print_exc()
raise e
# last_requested更新
otx_conf.modify_last_requested()
count = 0
# ひとつずつ取得する
for slice_ in slices:
try:
# stix一つごとに登録処理
stix = StixExport(slice_)
stix.build()
content = stix.to_xml()
# 取得したSTIXを登録
_regist_stix(content, community, via)
count += 1
except Exception as e:
# エラーが発生した場合はログを表示して処理は実行する
traceback.print_exc()
# 件数を返却
return count
def post_language_contents(request, object_ref, ctirs_auth_user):
try:
j = json.loads(request.body)
# S-TIP Identity 作成する
stip_identity = _get_stip_identname(request.user)
# bundle 作成
bundle = Bundle(stip_identity)
# 参照元の obejct を取得
object_ = get_object(object_ref)
if object_ is None:
return error(
Exception('No document. (object_ref=%s)' % (object_ref)))
for language_content in j['language_contents']:
selector_str = language_content['selector']
content_value = language_content['content']
language = language_content['language']
try:
selector_elems = selector_str.split('.')
last_elem = object_
# selector の 要素をチェックする
if len(selector_elems) == 1:
# selector が . でつながられていない場合
last_selector = selector_str
last_elem = is_exist_objects(selector_str, last_elem)
else:
# selector が . でつながられている場合は最後までたどる
for selector in selector_elems[:-1]:
last_selector = selector
last_elem = is_exist_objects(selector, last_elem)
if last_elem is None:
raise Exception('selector is invalid: ' +
str(selector_str))
if isinstance(last_elem, list):
# 空要素で初期化し、該当 index の要素だけ上書きする
lc_lists = [''] * len(last_elem)
lc_lists[get_list_index_from_selector(
selector_elems[-1])] = content_value
content = lc_lists
selector = '.'.join(selector_elems[:-1])
elif isinstance(last_elem, dict):
# 空辞書で初期化し、該当 index の要素だけ上書きする
content = {}
content[selector_elems[-1]] = content_value
selector = '.'.join(selector_elems[:-1])
else:
# list ではない
content = content_value
selector = last_selector
except Exception as e:
traceback.print_exc()
raise e
contents = {}
contents[language] = {selector: content}
language_content = LanguageContent(
created_by_ref=stip_identity,
object_ref=object_ref,
object_modified=object_['modified'],
contents=contents)
bundle.objects.append(language_content)
# viaを取得
via = Vias.get_via_rest_api_upload(uploader=ctirs_auth_user.id)
community = Communities.get_default_community()
# stixファイルを一時ファイルに出力
stix_file_path = tempfile.mktemp(suffix='.json')
with open(stix_file_path, 'wb+') as fp:
fp.write(bundle.serialize(indent=4, ensure_ascii=False)).encode()
# 登録処理
regist(stix_file_path, community, via)
resp = get_normal_response_json()
bundle_json = json.loads(str(bundle))
resp['data'] = {'bundle': bundle_json}
return JsonResponse(resp, status=201, safe=False)
except Exception as e:
traceback.print_exc()
return error(e)
def get_table_info(request):
iDisplayLength = int(request.GET['iDisplayLength'])
sEcho = request.GET['sEcho']
iDisplayStart = int(request.GET['iDisplayStart'])
sSearch = request.GET['sSearch']
sort_col = int(request.GET['iSortCol_0'])
sort_dir = request.GET['sSortDir_0']
order_query = None
if sort_col == 1:
order_query = 'produced'
elif sort_col == 2:
order_query = 'package_name'
elif sort_col == 3:
order_query = 'package_id'
elif sort_col == 4:
order_query = 'version'
if order_query is not None:
if sort_dir == 'desc':
order_query = '-' + order_query
s_input_communities = Communities.objects.filter(Q(name__icontains=sSearch))
s_via_choices = Vias.get_search_via_choices(sSearch)
s_uploaders = []
for uploader in STIPUser.objects.filter(QQ(screen_name__icontains=sSearch) | QQ(username__icontains=sSearch)):
s_uploaders.append(uploader.id)
s_vias = Vias.objects.filter(Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders) | Q(adapter_name__icontains=sSearch))
objects = StixFiles.objects \
.filter(
Q(package_name__icontains=sSearch)
| Q(package_id__icontains=sSearch)
| Q(version__icontains=sSearch)
| Q(input_community__in=s_input_communities)
| Q(via__in=s_vias)
)\
.order_by(order_query)
aaData = []
count = 0
for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]:
l = []
l.append('<input type="checkbox" file_id="%s"/ class="delete-checkbox">' % (d.id))
l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S'))
l.append(d.package_name)
l.append(d.package_id)
l.append(d.version)
try:
l.append(d.input_community.name)
except DoesNotExist:
l.append('<deleted>')
l.append(d.via.get_via_display())
l.append(d.via.get_uploader_screen_name())
link_str = ''
if d.version.startswith('1.'):
link_str += '<a href="/list/download?id=%s&version=%s">STIX %s (Original)</a><br/>' % (d.id, d.version, d.version)
link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id))
elif d.version == '2.0':
link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id))
link_str += ('<a href="/list/download?id=%s&version=2.0">STIX 2.0 (Original)</a><br/>' % (d.id))
link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id))
elif d.version == '2.1':
link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id))
link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1 (Original)</a>' % (d.id))
l.append(link_str)
if request.user.is_admin:
l.append('<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" data-file-id="%s" data-package-name="%s" data-package-id="%s" title="Publish to.."></span></a>' % (d.id, d.package_name, d.package_id))
else:
l.append('<span class="glyphicon glyphicon-ban-circle" disabled></span>')
link_str = ('<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>' % (d.package_id))
l.append(link_str)
aaData.append(l)
count += 1
resp = {}
all_count = StixFiles.objects.count()
resp['iTotalRecords'] = all_count
resp['iTotalDisplayRecords'] = objects.count()
resp['sEcho'] = sEcho
resp['aaData'] = aaData
return JsonResponse(resp)
def get_table_info(request):
#ajax parameter取得
iDisplayLength = int(request.GET['iDisplayLength'])
sEcho = request.GET['sEcho']
iDisplayStart = int(request.GET['iDisplayStart'])
sSearch = request.GET['sSearch']
sort_col = int(request.GET['iSortCol_0'])
sort_dir = request.GET['sSortDir_0']
order_query = None
if sort_col == 1:
order_query = 'produced'
elif sort_col == 2:
order_query = 'package_name'
elif sort_col == 3:
order_query = 'package_id'
elif sort_col == 4:
order_query = 'version'
if order_query is not None:
#descが降順
if sort_dir == 'desc':
order_query = '-' + order_query
#検索対象のcommunity
s_input_communities = Communities.objects.filter(
Q(name__icontains=sSearch))
#検索対象のvia_choice
s_via_choices = Vias.get_search_via_choices(sSearch)
#検索対象のUploader
s_uploaders = []
for uploader in STIPUser.objects.filter(
QQ(screen_name__icontains=sSearch)
| QQ(username__icontains=sSearch)):
s_uploaders.append(uploader.id)
#検索対象のvias
#viaとuploaderとadapter_nameが検索時対象
s_vias = Vias.objects.filter(
Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders)
| Q(adapter_name__icontains=sSearch))
#検索する
objects = StixFiles.objects \
.filter(
Q(package_name__icontains=sSearch) |
Q(package_id__icontains=sSearch)|
Q(version__icontains=sSearch)|
Q(input_community__in=s_input_communities) |
Q(via__in=s_vias)
)\
.order_by(order_query)
#検索結果から表示範囲のデータを抽出する
aaData = []
count = 0
for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]:
l = []
l.append(
'<input type="checkbox" file_id="%s"/ class="delete-checkbox">' %
(d.id))
l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S'))
l.append(d.package_name)
l.append(d.package_id)
l.append(d.version)
try:
l.append(d.input_community.name)
except DoesNotExist:
#commmunityが削除されたなどの理由でない場合
l.append('<deleted>')
l.append(d.via.get_via_display())
l.append(d.via.get_uploader_screen_name())
link_str = '<a href="/list/download?id=%s&version=%s">Original (%s)</a> ' % (
d.id, d.version, d.version)
if d.version != '2.0':
link_str += (
'<a href="/list/download?id=%s&version=2.0">Converted (2.0)</a>'
% (d.id))
else:
link_str += (
'<a href="/list/download?id=%s&version=1.2">Converted (1.2)</a>'
% (d.id))
l.append(link_str)
l.append(
'<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" file_id="%s" title="Publish to.."></span></a>'
% (d.id))
if d.version.startswith('1.') == True:
link_str = (
'<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>'
% (d.package_id))
else:
link_str = (
'<span class="glyphicon glyphicon-remove-sign"></span>')
l.append(link_str)
aaData.append(l)
count += 1
resp = {}
all_count = StixFiles.objects.count()
resp['iTotalRecords'] = all_count
resp['iTotalDisplayRecords'] = objects.count()
resp['sEcho'] = sEcho
resp['aaData'] = aaData
return JsonResponse(resp)
#oasis:stip_kago
HTTP_AUTHORIZATION_VALUE = 'Basic b2FzaXM6c3RpcF9rYWdv'
MAX_CONTENT_LENGTH = 10000000
API_ROOT_1 = 'api1'
#TXSが登録するコミュニティの名前
_taxii2_community_name = 'taxii2'
#TXSが登録するユーザー名
_taxii_publisher = 'admin'
try:
_community = Communities.objects.get(name=_taxii2_community_name)
except:
_community = None
_via = Vias.get_via_taxii_publish(_taxii_publisher)
def get_no_accept_json_data(message,
error_id='To be determined',
error_code='To be determined'):
return {
'title': 'Incorrect Taxii Version',
'description': 'An incorrent Taxii version was used in the post',
'error_id': error_id,
'error_code': error_code,
'http_status': '406',
'external_details': message,
'details': {
'version': '1.0',
}
def __init__(self,
service_yaml_path,
community_name,
taxii_publisher,
black_account_list,
version_path):
with open(service_yaml_path, 'r', encoding='utf-8') as fp:
services = yaml.load(fp)
try:
with open(version_path, 'r', encoding='utf-8') as fp:
version = fp.readline().strip()
except IOError:
version = 'No version information.'
print('>>>>>: S-TIP TAXII Server Start: ' + str(version))
self.community = Communities.objects.get(name=community_name)
self.via = Vias.get_via_taxii_publish(taxii_publisher)
# opentaxii.taxii.entities.ServiceEntityのリスト作成
self.services = []
for service in services:
id = service['id']
type_ = service['type']
del service['id']
del service['type']
self.services.append(ServiceEntity(
type_,
service,
id=id))
# opentaxii.taxii.entities.CollectionEntityのリスト作成
self.collections = []
# collectionとserviceの連携を記録
self.service_to_collection = []
# account の blacklist を作成
if len(black_account_list) != 0:
self.black_account_list = black_account_list.split(',')
else:
self.black_account_list = []
# print '>>>black_account_list :' +str(self.black_account_list)
id = 0
for taxii_server in TaxiiServers.objects.all():
name = taxii_server.collection_name
description = None
type_ = 'DATA_FEED'
volume = None
accept_all_content = True
supported_content = None
available = True
ce = CollectionEntity(
name,
str(id),
description=description,
type=type_,
volume=volume,
accept_all_content=accept_all_content,
supported_content=supported_content,
available=available)
self.collections.append(ce)
# service_idとcollection_idの関連を検索
service_ids = ['collection_management', 'poll', 'inbox']
for service_id in service_ids:
for service in self.services:
if service.id == service_id:
d = {}
d[service_id] = str(id)
self.service_to_collection.append(d)
id += 1