def on_request(self, request):
# type: (Request) -> None
self.__monitor.register_request()
response = Response(request)
try:
args = None
if self.__args is not None: # If input's expected, try parsing the incoming JSON
args = json_format.Parse(request.payload, self.__args())
grrr = self.__board.grr.SendRequest(self.__endpoint.name, args=args)
if grrr is not None:
response.payload = json_format.MessageToJson(grrr)
except (json_format.ParseError, BuildError, grr_errors.Error) as e:
# Failed to compose request or otherwise bad request
response = ErrorResponse(request, 400, 'invalid request: {}'.format(str(e)))
except Error as e: # Connector error
logger.error('error reaching the GRR instance: {}'.format(str(e)))
response = ErrorResponse(request, 503, 'failed processing request: {}'.format(str(e)))
except Exception as e: # Generic internal error
logger.exception('%s: %s', type(e).__name__, str(e))
response = ErrorResponse(request, 500, 'failed processing request: {}'.format(str(e)))
finally:
if isinstance(response, ErrorResponse) and response.error_code >= 500:
# Error count doesn't include client errors
self.__monitor.register_error()
else:
self.__monitor.register_success()
self.__board.dxlc.send_response(response)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
request_payload = MessageUtils.json_payload_to_dict(request)
if request.destination_topic in self._callbacks:
try:
self._callbacks[request.destination_topic](request,
request_payload)
except Exception as ex:
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(
str(ex)))
self._client.send_response(err_res)
else:
err_res = ErrorResponse(
request,
error_code=0,
error_message=MessageUtils.encode("Unknown topic: " +
request.destination_topic))
self._client.send_response(err_res)
def on_request(self, request):
"""
Callback invoked when a request is received.
:param dxlclient.message.Request request: The request
"""
logger.info("Request received on topic '%s'",
request.destination_topic)
logger.debug("Payload for topic %s: %s", request.destination_topic,
request.payload)
try:
request_dict = MessageUtils.json_payload_to_dict(request) \
if request.payload else {}
if "event" in request_dict and \
type(request_dict["event"]).__name__ in ("str", "unicode") and \
request_dict["event"].isdigit():
request_dict["event"] = int(request_dict["event"])
response_data = self._api_method(**request_dict)
if isinstance(response_data, dict) and \
response_data.get("errors", None):
res = ErrorResponse(request,
error_message=str(
response_data["errors"][0]))
else:
res = Response(request)
MessageUtils.dict_to_json_payload(res, response_data)
except Exception as ex:
error_str = str(ex)
logger.exception("Error handling request: %s", error_str)
res = ErrorResponse(request,
error_message=MessageUtils.encode(error_str))
self._app.client.send_response(res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
request_payload = MessageUtils.json_payload_to_dict(request)
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic, request_payload))
if request.destination_topic in self._callbacks:
try:
self._callbacks[request.destination_topic](request,
request_payload)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, error_code=0,
error_message=MessageUtils.encode(
str(ex)))
self._app.client.send_response(err_res)
else:
logger.exception("Unknown topic: %s", request.destination_topic)
err_res = ErrorResponse(
request,
error_code=0,
error_message=MessageUtils.encode(
"Unknown topic: " + request.destination_topic))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '%s' with payload: '%s'",
request.destination_topic,
MessageUtils.decode_payload(request))
try:
res = Response(request)
request_dict = MessageUtils.json_payload_to_dict(request) \
if request.payload else {}
# Ensure required parameters are present
if self._required_params:
for name in self._required_params:
if name not in request_dict:
raise Exception(
"Required parameter not found: '{}'".format(name))
if "format" not in request_dict:
request_dict["format"] = "json"
elif request_dict["format"] not in ("json", "xml"):
raise Exception(
"Unsupported format requested: '{}'. {}".format(
request_dict["format"],
"Only 'json' and 'xml' are supported."))
# Invoke DomainTools API via client
dt_response = \
getattr(self._app.domaintools_api,
self._func_name)(**request_dict)
# Set response payload
response_data = dt_response.data()
if isinstance(response_data, dict):
MessageUtils.dict_to_json_payload(res, response_data)
else:
MessageUtils.encode_payload(res, response_data)
except ServiceException as ex:
logger.exception("Error handling request")
msg = "%s: %s" % (ex.__class__.__name__, ex.reason)
res = ErrorResponse(request,
error_message=MessageUtils.encode(msg))
except Exception as ex:
logger.exception("Error handling request")
msg = str(ex)
if not msg:
msg = ex.__class__.__name__
res = ErrorResponse(request,
error_message=MessageUtils.encode(msg))
# Send response
self._app.client.send_response(res)
def _request(self, dxl_request, path, request_fn, body=None):
"""
Make a request to TheHive server, delivering the response to the
DXL fabric.
:param dxlclient.message.Request dxl_request: DXL request containing
parameters to forward along in a request to TheHive server.
:param str path: URL subpath for the request to send to TheHive server.
:param function request_fn: Callback which is invoked to make
TheHive request.
:param str body: Request body to include in the request.
"""
try:
request_url = self._api_url + path
response = request_fn(request_url, body)
if 200 <= response.status_code <= 299:
# TheHive request was successful so forward the response
# along as-is to the DXL fabric.
res = Response(dxl_request)
MessageUtils.dict_to_json_payload(res, response.json())
else:
# TheHive request encountered an error. Attempt to decode
# an error message from the response body.
res = self._build_http_error_response(dxl_request, response)
except Exception as ex:
error_str = str(ex)
logger.exception("Error handling request: %s", error_str)
res = ErrorResponse(dxl_request,
error_message=MessageUtils.encode(error_str))
self._dxl_client.send_response(res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param dxlclient.message.Request request: The request message
"""
# Handle request
logger.debug("Request received on topic: '%s'",
request.destination_topic)
try:
# Create response
res = Response(request)
# Store the next segment.
result = self._store_manager.store_segment(request)
# Set payload
MessageUtils.dict_to_json_payload(res, result.to_dict())
# Send response
self._dxl_client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._dxl_client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic, MessageUtils.decode_payload(request)))
try:
# Parameters
nmap_params = MessageUtils.json_payload_to_dict(request)
logger.info("[1/2] Requested NMAP action ({0}) for request {1} is under processing...".format(
MessageUtils.decode_payload(request), request.message_id))
# Create a report from Nmap tool execution
nmap_response = self._do_nmap_scan(nmap_params, request)
logger.info("[2/2] Requested NMAP action was processed successfully for request {0}."
" Preparing response...".format(request.message_id))
# Create response
res = Response(request)
# Set payload
MessageUtils.dict_to_json_payload(res, nmap_response)
# Send response
self._app.client.send_response(res)
logger.info("Sending response for request {0}".format(request.message_id))
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
request_payload = MessageUtils.json_payload_to_dict(request)
try:
res = Response(request)
payload = {"code": 200, "body": {}}
if request_payload["target"] == "/v1/simple":
payload = self.v1_simple(request_payload, payload)
else:
payload = self.v1_complex(request_payload, payload)
MessageUtils.dict_to_json_payload(res, payload)
self._client.send_response(res)
except Exception as ex:
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._client.send_response(err_res)
def _generate_nmap_dict_report(self, targets, options, request):
"""
Executes the Nmap tool to scan/analyze a list of hosts (IPs) with the specific
(parameters) options.
:param targets: List of hosts (IPs) to scan/analyze.
:param options: Options required to execute Nmap tool.
:param request: The request message.
:return: The Nmap output information (formatted) based on the original Nmap XML report
information.
"""
# Create Nmap process and run it
nmproc = NmapProcess(targets, options)
try:
# Run the Nmap process
nmproc.run()
# Generate report
nmap_report = NmapParser.parse(nmproc.stdout)
# Parse Nmap report
parsed_report = self._parse_nmap_xml_report(nmap_report)
# Return the parse Nmap report
return parsed_report
except Exception as ex:
logger.exception("Nmap scan failed: {0}".format(nmproc.stderr))
err_res = ErrorResponse(request, MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def _pop_attribute_from_request(self, request, attr_name):
"""
Pop the value for a named attribute from the supplied request JSON
and return the remaining request body.
:param request:
:param attr_name:
:return:
:raises ValueError: if the named attribute does not appear in the
request.
:return: A tuple containing two elements: the value associated with
the attr_name parameter and the request body (minus the attr_name
attribute and its associated value), converted to a dict.
:rtype: tuple
"""
try:
request_body = MessageUtils.json_payload_to_dict(request)
attr_value = request_body.pop(attr_name, None)
if not attr_name:
raise ValueError("Attribute {} is missing".format(attr_name))
except Exception as ex:
request_body = {}
attr_value = None
error_str = str(ex)
logger.exception("Error handling request: %s", error_str)
res = ErrorResponse(request,
error_message=MessageUtils.encode(error_str))
self._dxl_client.send_response(res)
return (attr_value, request_body)
def on_request(self, request):
try:
# Build dictionary from the request payload
req_dict = json.loads(request.payload.decode(encoding=self.UTF_8))
# Determine the ePO command
if self.CMD_NAME_KEY not in req_dict:
raise Exception(
"A command name was not specified ('{0}')".format(
self.CMD_NAME_KEY))
command = req_dict[self.CMD_NAME_KEY]
# Help command received
if command == CORE_HELP_CMD_NAME:
self.help_command(request)
# System Find command
elif command == SYSTEM_FIND_CMD_NAME:
self.system_find_command(request)
# Unknown Command
else:
self.unknown_command(request, command)
except Exception as ex:
# Send error response
self._client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request):
try:
# Extract information from request
query = request.payload.decode(encoding="UTF-8")
logger.info("Service received request payload: " + query)
# Send HTTP request to OpenWeatherMap
req = urllib2.Request(
CURRENT_WEATHER_URL.format(query, API_KEY), None,
{'Content-Type': 'text/json'})
f = urllib2.urlopen(req)
weather_response = f.read()
f.close()
# Create the response message
response = Response(request)
# Populate the response payload
response.payload = weather_response.encode(encoding="UTF-8")
# Send the response
client.send_response(response)
except Exception as ex:
print str(ex)
# Send error response
client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding="UTF-8")))
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic,
MessageUtils.decode_payload(request)))
try:
# Create response
res = Response(request)
# Read DXL request payload into dictionary
params = MessageUtils.json_payload_to_dict(request)
# Invoke API call
if 'data' in params.keys() and params['data'] != "":
tide_data = params['data']
if 'type' in params.keys(): tide_type = params['type']
else: tide_type = get_ioc_type(tide_data, 'tide')
if 'rlimit' in params.keys(
) and params['max_rec'] < self._app.tide_max_rec:
tide_max_rec = params['max_rec']
else:
tide_max_rec = self._app.tide_max_rec #Error data is required
if 'format' in params.keys(): tide_format = params['format']
else:
tide_format = self._app.tide_format #Error data is required
http_res = requests.get(
"https://api.activetrust.net:8000/api/data/threats",
params={
"type": tide_type,
tide_type: tide_data,
"data_format": tide_format,
"rlimit": tide_max_rec
},
auth=(self._app.api_key, ''))
content = unicode(http_res.content, "utf-8")
else:
content = "{'status':'error','errorMessage':'The data field is required'}" #Error data is required
# Add web service response to DXL response payload
MessageUtils.encode_payload(res, content, enc='utf-8')
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
try:
res = Response(request)
result = self._store_manager.store_segment(request)
MessageUtils.dict_to_json_payload(res, result.to_dict())
self._dxl_client.send_response(res)
except Exception as ex:
err_res = ErrorResponse(request,
error_message=MessageUtils.encode(str(ex)))
self._dxl_client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '%s' with payload: '%s'",
request.destination_topic,
MessageUtils.decode_payload(request))
try:
# API URL
api_url = self._app.URL_VOID_API_URL_FORMAT.format(self._app.api_key)
command = request.destination_topic[self._app.SERVICE_TYPE_LENGTH + 1:]
params = {}
if request.payload:
params = MessageUtils.json_payload_to_dict(request)
if self._required_params:
self._validate(params)
if command == self._app.CMD_HOST_INFO:
host = params[self.PARAM_HOST]
api_url = "{0}{1}/{2}".format(api_url, self.PARAM_HOST, host)
elif command == self._app.CMD_HOST_RESCAN:
host = params[self.PARAM_HOST]
api_url = "{0}{1}/{2}/rescan".format(api_url, self.PARAM_HOST, host)
elif command == self._app.CMD_HOST_SCAN:
host = params[self.PARAM_HOST]
api_url = "{0}{1}/{2}/scan".format(api_url, self.PARAM_HOST, host)
elif command == self._app.CMD_STATS_REMAINED:
api_url = "{0}{1}".format(api_url, command)
# Invoke URLVoid API
url_void_api_response = requests.get(api_url)
# Check HTTP response code
url_void_api_response.raise_for_status()
# Create response
res = Response(request)
# Set payload
MessageUtils.encode_payload(res, url_void_api_response.text)
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
try:
query = request.payload.decode()
logger.info("Service received request payload: " + query)
response = Response(request)
response.payload = str(virustotal(jsonparse(query))).encode()
client.send_response(response)
print response
except Exception as ex:
print str(ex)
client.send_response(
ErrorResponse(request, error_message=str(ex).encode()))
def on_request(self, request):
self.__monitor.register_request()
response = Response(request)
try:
response = self.handle_request(request, response)
except BadRequest as e:
response = ErrorResponse(request, 400, str(e))
except ValueError:
response = ErrorResponse(request, 400, 'invalid request payload')
except Exception as e:
logger.exception('unknown exception %s of type %s', str(e),
type(e).__name__)
response = ErrorResponse(request, 500,
'unknown internal error occurred')
finally:
if isinstance(response,
ErrorResponse) and response.error_code >= 500:
# Error count doesn't include client errors
self.__monitor.register_error()
else:
self.__monitor.register_success()
self.service.dxl_conn.send_response(response)
def send_service_not_found_error_message(self, request):
"""
Sends a service not found error message response.
:param request: The request.
:return: None.
"""
# todo: error code via constants
error_response = ErrorResponse(request=request, error_code=0x80000001,
error_message="unable to locate service for request")
try:
self.__client.send_response(error_response)
except Exception, ex:
logger.error("Error sending service not found error message: " + str(ex))
def on_request(self, request):
self.__monitor.register_request()
response = Response(request)
try:
req = json.loads(request.payload)
args = {
'method': self.__config.type,
'url': self.__construct_url(req)
}
# Determine how to treat the rest of the parameters based on the request type
if self.__config.type == 'get':
args['params'] = req
else:
args['json'] = req
# Forward on the request and pass the response back
upstream = self.__sess.request(**args)
if upstream.status_code >= 400:
response = ErrorResponse(request, upstream.status_code,
upstream.text)
else:
try:
# Errors aren't always indicated with the proper HTTP status code, may need to inspect
res = upstream.json()
if res['error'] != 0:
response = ErrorResponse(request, res['error'],
upstream.text)
else:
response.payload = upstream.text
except (ValueError, KeyError):
response = ErrorResponse(request, 504,
'Invalid upstream response')
except ValueError:
response = ErrorResponse(
request, 400,
'request payload must be a well formed JSON string')
except KeyError as e:
response = ErrorResponse(
request, 400,
'missing required parameter {} from payload'.format(str(e)))
except Exception as e:
logger.exception('unknown exception of type %s: ' + str(e),
type(e).__name__)
response = ErrorResponse(request, 500,
'unknown internal error: ' + str(e))
finally:
if isinstance(response,
ErrorResponse) and 500 <= response.error_code < 600:
# Error count doesn't include client errors
self.__monitor.register_error()
else:
self.__monitor.register_success()
self.__switch.dxl.send_response(response)
def on_request(self, request):
try:
if not self.user_authorized:
return
# Build dictionary from the request payload
req_dict = json.loads(request.payload.decode(encoding=self.UTF_8))
if self.use_commands_service:
# Determine the ePO command
command = request.destination_topic[len(self.epo_request_topic
) - 1:].replace(
"/", ".")
# Determine the command parameters
params = req_dict
else:
# Determine the ePO command
if self.CMD_NAME_KEY not in req_dict:
raise Exception(
"A command name was not specified ('{0}')".format(
self.CMD_NAME_KEY))
command = req_dict[self.CMD_NAME_KEY]
# Determine the command parameters
params = req_dict[self.PARAMS_KEY]
# Help command received
if command == CORE_HELP_CMD_NAME:
self.help_command(request)
# System Find command
elif command == SYSTEM_FIND_CMD_NAME:
self.system_find_command(request, params)
# Unknown Command
else:
self.unknown_command(request, command)
except Exception as ex:
# Send error response
self._client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request):
"""
Invoked when a request is received
:param request: The request that was received
"""
try:
# Build dictionary from the request payload
req_dict = json.loads(request.payload.decode(encoding=self.UTF_8))
# Determine the ePO command
if self.CMD_NAME_KEY not in req_dict:
raise Exception(
"A command name was not specified ('{0}')".format(
self.CMD_NAME_KEY))
command = req_dict[self.CMD_NAME_KEY]
# Determine the request parameters
req_params = {}
if self.PARAMS_KEY in req_dict:
req_params = req_dict[self.PARAMS_KEY]
# Determine the output format
output = self.DEFAULT_OUTPUT
if self.OUTPUT_KEY in req_dict:
output = req_dict[self.OUTPUT_KEY]
# Get the ePO server to invoke the command on
epo = self._epo_by_topic[request.destination_topic]
# Execute the ePO Remote Command
result = epo.execute(command, output, req_params)
# Create the response, set payload, and deliver
response = Response(request)
response.payload = result
self._dxl_client.send_response(response)
except Exception as ex:
logger.exception("Error while processing request")
# Send error response
self._dxl_client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '%s' with payload: '%s'",
request.destination_topic,
MessageUtils.decode_payload(request))
try:
# Retrieve the parameters from the request
params = MessageUtils.json_payload_to_dict(request)
if self._PARAM_HOST not in params:
raise Exception(
"Required parameter not specified: '{0}'".format(
self._PARAM_HOST))
target = params[self._PARAM_HOST]
ipaddr = socket.gethostbyname(target)
logger.debug("IP to be located: %s", ipaddr)
# Lookup the IP/host
results = self._app.database.lookup_ip(ipaddr)
logger.debug(results)
# Create response
res = Response(request)
# Set payload
MessageUtils.dict_to_json_payload(res, results)
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def _build_http_error_response(dxl_request, response):
"""
Create a DXL ErrorResponse from the contents of an HTTP response
for a request sent to TheHive.
:param dxlclient.message.Request dxl_request: DXL request containing
parameters to forward along in a request to TheHive server.
:param requests.Response response: HTTP response received from TheHive.
:return: The error response to deliver to the DXL fabric.
:rtype: dxlclient.message.ErrorResponse
"""
response_dict = response.json()
error_message = response_dict.get("message")
if not error_message:
errors = response_dict.get("errors")
if errors:
first_error = errors[0]
if isinstance(first_error, dict):
error_message = first_error.get("message")
elif isinstance(first_error, list):
first_suberror = first_error[0]
if isinstance(first_suberror, dict):
error_message = first_suberror.get(
"message")
if error_message:
log_message = "Error handling request: {}".format(
error_message
)
else:
# Short error message could not be read from the
# response body, so just set a generic description for
# the error message in the DXL response.
error_message = "Error handling request"
log_message = error_message
logger.error(log_message)
res = ErrorResponse(
dxl_request,
error_message=error_message \
if error_message else "Error handling request",
error_code=response.status_code
)
MessageUtils.dict_to_json_payload(res, response_dict)
return res
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic,
MessageUtils.decode_payload(request)))
try:
# Create response
res = Response(request)
# Read DXL request payload into dictionary
params = MessageUtils.decode_payload(request)
headers = {'Content-Type': 'application/json'}
#print(params)
# Invoke API call
http_res = requests.post(
"https://api.activetrust.net:8000/api/services/intel/lookup/jobs?wait=true",
headers=headers,
data=params,
auth=(self._app.api_key, ''))
content = unicode(http_res.content, "utf-8")
# Add web service response to DXL response payload
MessageUtils.encode_payload(res, content, enc='utf-8')
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
try:
# Build dictionary from the request payload
req_dict = json.loads(request.payload.decode(encoding=self.UTF_8))
response = Response(request)
response.payload = '{"status": "failed (did not match any API call)"}'
if request.destination_topic == self.vt_basic_test_topic:
response.payload = self.basic_test()
elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_DOMAIN_REPORT:
response.payload = self.domain_report(req_dict)
elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_FILE_REPORT:
response.payload = self.file_report(req_dict)
elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_FILE_RESCAN:
response.payload = self.file_rescan(req_dict)
elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_IP_ADDRESS_REPORT:
response.payload = self.ip_report(req_dict)
elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_URL_SCAN:
response.payload = self.url_scan(req_dict)
elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_URL_REPORT:
response.payload = self.url_report(req_dict)
self._client.send_response(response)
except Exception as ex:
# Send error response
self._client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request): #pylint
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '%s' with payload: '%s'",
request.destination_topic,
MessageUtils.decode_payload(request))
try:
command = request.destination_topic[self._app.SERVICE_TYPE_LENGTH +
1:]
stats_remained = False
if self._app.REQ_TOPIC_SUFFIX_STATS in command:
stats_remained = True
command = command[:len(command) -
len(self._app.REQ_TOPIC_SUFFIX_STATS) - 1]
# API URL
api_url = self._app.API_VOID_URL_FORMAT.format(
command, self._app.KEY_PARAM_FORMAT.format(self._app.api_key))
if stats_remained:
api_url = "{0}&{1}".format(api_url, self.PARAM_STATS)
else:
params = {}
if request.payload:
params = MessageUtils.json_payload_to_dict(request)
if self._required_params:
self._validate(params)
if command == self._app.CMD_IP_REPUTATION:
ip_param = params[self.PARAM_IP]
api_url = "{0}&{1}={2}".format(api_url, self.PARAM_IP,
ip_param)
elif command == self._app.CMD_DOMAIN_REPUTATION:
host = params[self.PARAM_HOST]
api_url = "{0}&{1}={2}".format(api_url, self.PARAM_HOST,
host)
elif command == self._app.CMD_DNS_LOOKUP:
action = params[self.PARAM_ACTION]
host = params[self.PARAM_HOST]
api_url = "{0}&{1}={2}&{3}={4}".format(
api_url, self.PARAM_ACTION, action, self.PARAM_HOST,
host)
elif command in self._app.CMD_LIST:
host = params[self.PARAM_HOST]
api_url = "{0}&{1}={2}".format(api_url, self.PARAM_HOST,
host)
# Invoke URLVoid API
api_void_response = requests.get(api_url)
# Check HTTP response code
api_void_response.raise_for_status()
# Create response
res = Response(request)
# Set payload
MessageUtils.encode_payload(res, api_void_response.text)
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic,
MessageUtils.decode_payload(request)))
try:
# Create response
res = Response(request)
# Read DXL request payload into dictionary
params = MessageUtils.json_payload_to_dict(request)
# Invoke API call
if 'data' in params.keys() and params['data'] != "":
dossier_data = params['data']
if 'type' in params.keys(): dossier_type = params['type']
else: dossier_type = get_ioc_type(dossier_data, 'dossier')
if 'sources' in params.keys():
payload = {
"target": {
"one": {
"type": dossier_type,
"target": dossier_data,
"sources": params['sources']
}
}
}
else:
payload = {
"target": {
"one": {
"type": dossier_type,
"target": dossier_data
}
}
}
headers = {'Content-Type': 'application/json'}
http_res = requests.post(
"https://api.activetrust.net:8000/api/services/intel/lookup/jobs?wait=true",
json=payload,
auth=(self._app.api_key, ''))
content = unicode(http_res.content, "utf-8")
else:
content = "{'status':'error','errorMessage':'The data field is required'}" #Error data is required
# Add web service response to DXL response payload
MessageUtils.encode_payload(res, content, enc='utf-8')
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
request_payload = MessageUtils.json_payload_to_dict(request)
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic, request_payload))
try:
res = Response(request)
payload = {"code": 200,
"body": {}}
if request_payload["target"] == "/v1/simple":
if request_payload["method"] != 'POST':
payload = self._make_error_response(
405, "Unsupported method")
elif "body" not in request_payload or \
"projections" not in request_payload["body"]:
payload = self._make_error_response(
400, "Missing body or projections parameter")
else:
projections_as_str = self._get_projection_as_string(
request_payload["body"]["projections"])
if projections_as_str in self.PROJECTION_TO_ID:
search_id = str(uuid.uuid4()).replace("-", "")[:24]
self.SEARCHES[search_id] = {
"statusChecksUntilFinished": \
self._status_checks_until_finished,
"projectionId": self.PROJECTION_TO_ID[
projections_as_str]
}
payload["body"]["id"] = search_id
else:
payload = self._make_error_response(
501, "Unsupported projection")
else:
search_id_match = re.match(r".*/v1/(\w+)/.*",
request_payload["target"])
if search_id_match and search_id_match.group(1) in self.SEARCHES:
search_entry = self.SEARCHES[search_id_match.group(1)]
request_items = self.RESULTS[search_entry["projectionId"]]
if request_payload["target"].endswith("/status"):
if request_payload["method"] != 'GET':
payload = self._make_error_response(
405, "Unsupported method")
elif search_entry["statusChecksUntilFinished"]:
search_entry["statusChecksUntilFinished"] -= 1
payload["body"]["status"] = "RUNNING"
else:
payload["body"]["results"] = len(request_items)
payload["body"]["errors"] = 0
payload["body"]["hosts"] = 1
payload["body"]["subscribedHosts"] = 1
payload["body"]["status"] = "FINISHED"
elif request_payload["target"].endswith("/results"):
if request_payload["method"] != 'GET':
payload = self._make_error_response(
405, "Unsupported method")
elif "parameters" in request_payload and \
"$offset" in request_payload["parameters"] and \
"$limit" in request_payload["parameters"]:
offset = request_payload["parameters"]["$offset"]
limit = request_payload["parameters"]["$limit"]
payload["body"]["items"] = request_items[
offset:
offset + limit
]
else:
payload["body"]["items"] = request_items
else:
payload = self._make_error_response(
404, "Id not found")
MessageUtils.dict_to_json_payload(res, payload)
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic,
MessageUtils.decode_payload(request)))
try:
# API URL
api_url = self._app.VTAPI_URL_FORMAT.format(
request.destination_topic[self._app.SERVICE_TYPE_LENGTH:])
# Parameters
params = MessageUtils.json_payload_to_dict(request)
params["apikey"] = self._app.api_key
# Validate parameters
self._validate(params)
# Invoke VirusTotal API
if self._is_get:
vtapi_response = requests.get(api_url,
params=params,
headers=self._headers)
else:
vtapi_response = requests.post(api_url,
params=params,
headers=self._headers)
# Check HTTP response code
status_code = vtapi_response.status_code
if status_code != 200:
vtapi_response.raise_for_status()
http_message = self._get_http_error_message(status_code)
if http_message:
raise Exception("VirusTotal error, {0} ({1})".format(
http_message, str(status_code)))
else:
raise Exception(
"VirusTotal error, HTTP response code: {0}".format(
status_code))
# Create response
res = Response(request)
# Set payload
MessageUtils.dict_to_json_payload(res, vtapi_response.json())
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_message = str(ex)
err_message = err_message.replace(self._app.api_key, "--api-key--")
err_res = ErrorResponse(
request, error_message=MessageUtils.encode(err_message))
self._app.client.send_response(err_res)