Ejemplo n.º 1
0
    def __init__(self, id, name, description, status, weakness):
        tk.assertType(str,
                      id=id,
                      name=name,
                      description=description,
                      status=status,
                      weakness=weakness)

        self.id = id
        self.name = name
        self.description = description
        self.status = status
        self.weakness = weakness
        self.capec = None  # Populated with pointers at runtime
Ejemplo n.º 2
0
    def __init__(self, complexity, authentication, vector):
        tk.assertType(str,
                      complexity=complexity,
                      authentication=authentication,
                      vector=vector)

        if not (complexity.upper() in ["HIGH", "MEDIUM", "LOW"]
                and authentication.upper()
                in ["NONE", "SINGLE_INSTANCE", "MULTIPLE_INSTANCES"] and
                vector.upper() in ["NETWORK", "LOCAL", "ADJACENT_NETWORK"]):
            raise ValueError("incorrect values given")

        self.complexity = complexity.upper()
        self.authentication = authentication.upper()
        self.vector = vector.upper()
Ejemplo n.º 3
0
 def generate_full_query(self, f):
     query = self.generate_minimal_query(f)
     if current_user.is_authenticated():
         if f['blacklistSelect'] == "on":
             regexes = db.getRules('blacklist')
             if len(regexes) != 0:
                 exp = "^(?!" + "|".join(regexes) + ")"
                 query.append({
                     '$or': [{
                         'vulnerable_configuration': re.compile(exp)
                     }, {
                         'vulnerable_configuration': {
                             '$exists': False
                         }
                     }, {
                         'vulnerable_configuration': []
                     }]
                 })
         if f['whitelistSelect'] == "hide":
             regexes = db.getRules('whitelist')
             if len(regexes) != 0:
                 exp = "^(?!" + "|".join(regexes) + ")"
                 query.append({
                     '$or': [{
                         'vulnerable_configuration': re.compile(exp)
                     }, {
                         'vulnerable_configuration': {
                             '$exists': False
                         }
                     }, {
                         'vulnerable_configuration': []
                     }]
                 })
         if f['unlistedSelect'] == "hide":
             wlregexes = tk.compile(db.getRules('whitelist'))
             blregexes = tk.compile(db.getRules('blacklist'))
             query.append({
                 '$or': [{
                     'vulnerable_configuration': {
                         '$in': wlregexes
                     }
                 }, {
                     'vulnerable_configuration': {
                         '$in': blregexes
                     }
                 }]
             })
     return query
Ejemplo n.º 4
0
  def markCPEs(self, cve):
    blacklist = tk.compile(db.getRules('blacklist'))
    whitelist = tk.compile(db.getRules('whitelist'))

    for conf in cve['vulnerable_configuration']:
        conf['list'] = 'none'
        conf['match'] = 'none'
        for w in whitelist:
            if w.match(conf['id']):
                conf['list'] = 'white'
                conf['match'] = w
        for b in blacklist:
            if b.match(conf['id']):
                conf['list'] = 'black'
                conf['match'] = b
    return cve
Ejemplo n.º 5
0
        def JSON2HTMLTableFilter(data, stack=None):
            _return = ""
            if type(stack) == str: stack = [stack]

            if type(data) == list:
                if len(data) == 1:
                    _return += JSON2HTMLTableFilter(data[0], stack)
                else:
                    _return += '<ul class="via4">'
                    for item in data:
                        _return += ('<li>%s</li>' %
                                    JSON2HTMLTableFilter(item, stack))
                    _return += '</ul>'
            elif type(data) == dict:
                _return += '<table class="invisiTable">'
                for key, val in sorted(data.items()):
                    _return += '<tr><td><b>%s</b></td><td>%s</td></tr>' % (
                        key, JSON2HTMLTableFilter(val, stack + [key]))
                _return += '</table>'
            elif type(data) == str:
                if stack:
                    _return += "<a href='/link/" + doublequote('.'.join(
                        stack)) + "/" + doublequote(data) + "'>"  #link opening
                    _return += "<span class='glyphicon glyphicon-link' aria-hidden='true'></span> </a>"
                _return += "<a target='_blank' href='%s'>%s</a>" % (
                    data, data) if tk.isURL(data) else data
            _return += ""
            return _return
Ejemplo n.º 6
0
    def markCPEs(self, cve):
        blacklist = tk.compile(db.getRules('blacklist'))
        whitelist = tk.compile(db.getRules('whitelist'))

        for conf in cve['vulnerable_configuration']:
            conf['list'] = 'none'
            conf['match'] = 'none'
            for w in whitelist:
                if w.match(conf['id']):
                    conf['list'] = 'white'
                    conf['match'] = w
            for b in blacklist:
                if b.match(conf['id']):
                    conf['list'] = 'black'
                    conf['match'] = b
        return cve
Ejemplo n.º 7
0
def cvesForCPE(cpe):
  cpe  = tk.toStringFormattedCPE(cpe)
  data = []
  if cpe:
    cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
    for x in db.cvesForCPE(cpe):
        data.append(cvesp.getcve(x['id']))
  return data
Ejemplo n.º 8
0
    def __init__(self, confidentiality, integrity, availability):
        tk.assertType(str,
                      confidentiality=confidentiality,
                      integrity=integrity,
                      availability=availability)
        confidentiality = confidentiality.upper()
        integrity = integrity.upper()
        availability = availability.upper()

        ACCEPTED = ["COMPLETE", "PARTIAL", "NONE"]
        if (set(ACCEPTED + [confidentiality, integrity, availability]) !=
                set(ACCEPTED)):
            raise ValueError("incorrect values given")

        self.confidentiality = confidentiality
        self.integrity = integrity
        self.availability = availability
Ejemplo n.º 9
0
def cvesForCPE(cpe):
  cpe  = tk.toStringFormattedCPE(cpe)
  data = []
  if cpe:
    cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
    for x in db.cvesForCPE(cpe):
        data.append(cvesp.getcve(x['id']))
  return cves
Ejemplo n.º 10
0
 def list_mark(self, listed, cveList):
   if listed not in ['white', 'black']: return list(cves)
   items = tk.compile(db.getRules(listed+'list'))
   # check the cpes (full or partially) in the black/whitelist
   for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object
     for c in cve['vulnerable_configuration']:
       if any(regex.match(c) for regex in items):
         cveList[i][listed+'listed'] = 'yes'
   return cveList
Ejemplo n.º 11
0
 def  api_admin_get_cron(self):
     print(Advanced_API.getAuth())
     validator = Toolkit.requestValidation(request, Advanced_API.getAuth()[1])
     if not validator.check_is_master(): return validator.error
     values = validator.retrive_object_value('getcronforuser',validator.user, True)
     if not values:
         return validator.error
     else:
         return  values
Ejemplo n.º 12
0
 def list_mark(self, listed, cveList):
   if listed not in ['white', 'black']: return list(cves)
   items = tk.compile(db.getRules(listed+'list'))
   # check the cpes (full or partially) in the black/whitelist
   for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object
     for c in cve['vulnerable_configuration']:
       if any(regex.match(c) for regex in items):
         cveList[i][listed+'listed'] = 'yes'
   return cveList
Ejemplo n.º 13
0
 def api_admin_delete_user(self):
   mandatory = ['user']
   validator = Toolkit.requestValidation(request, Advanced_API.getAuth()[1] )
   if not validator.check_is_master(): return validator.error
   if  validator.check_if_json():
       if not validator.check_attributes(mandatory):
           return validator.error
       if  validator.check_object_exists("userExists", validator.content['user']):
               db.deleteUser(validator.content['user'])
               return make_response(jsonify(message="User {} deleted".format(validator.content['user'])))
   return validator.error
Ejemplo n.º 14
0
def summarycvesForCPE(cpe):
    cpe = tk.toStringFormattedCPE(cpe)
    data = []
    if cpe:
        cvesp = cves.last(rankinglookup=False,
                          namelookup=False,
                          via4lookup=True,
                          capeclookup=False)
        r = db.summarycvesForCPE(cpe)
        data = r['results']
    return data
Ejemplo n.º 15
0
def cvesForCPE(cpe):
    cpe = tk.toStringFormattedCPE(cpe)
    data = []
    if cpe:
        cvesp = cves.last(rankinglookup=False,
                          namelookup=False,
                          via4lookup=True,
                          capeclookup=False)
        r = db.cvesForCPE(cpe)
        for x in r["results"]:
            data.append(cvesp.getcve(x["id"]))
    return data
Ejemplo n.º 16
0
 def generate_full_query(self, f):
   query = self.generate_minimal_query(f)
   if current_user.is_authenticated():
       if f['blacklistSelect'] == "on":
           regexes = db.getRules('blacklist')
           if len(regexes) != 0:
               exp = "^(?!" + "|".join(regexes) + ")"
               query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                     {'vulnerable_configuration': {'$exists': False}},
                                     {'vulnerable_configuration': []} ]})
       if f['whitelistSelect'] == "hide":
           regexes = db.getRules('whitelist')
           if len(regexes) != 0:
               exp = "^(?!" + "|".join(regexes) + ")"
               query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                     {'vulnerable_configuration': {'$exists': False}},
                                     {'vulnerable_configuration': []} ]})
       if f['unlistedSelect'] == "hide":
           wlregexes = tk.compile(db.getRules('whitelist'))
           blregexes = tk.compile(db.getRules('blacklist'))
           query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
                                 {'vulnerable_configuration': {'$in': blregexes}}]})
   return query
Ejemplo n.º 17
0
 def api_admin_delete_update_cron(self):
     mandatory = ['name']
     validator = Toolkit.requestValidation(request, Advanced_API.getAuth()[1])
     if not validator.check_is_master(): return validator.error
     if validator.check_if_json():
         if not validator.check_attributes(mandatory):
             return validator.error
         if not validator.check_object_exists("checkcronexists", validator.content['name'], validator.user):
             return  validator.error
         else:
             db.deleteCronEntry(validator.content['name'], validator.user)
             return  make_response(jsonify(message='Cron {} deleted'.format(validator.content['name'])), 200)
     else:
         return validator.error
Ejemplo n.º 18
0
 def fetchAndStoreData(self):
   settings = self.db.readSettings()
   now      = calendar.timegm(time.gmtime())
   since    = "%sm"%int(math.ceil((now - settings["lastrun"])/60))
   lifespan = TK.lifeSpanToMinutes(settings["datalife"])
   since    = since if int(since[:-1])<int(lifespan[:-1]) else lifespan
   data     = self.MispEx.getMISPData(since)
   matches  = self.MispEx.extractData(data, settings["datatype"],
                                            settings["analysis_level"],
                                            settings["threat_level"])
   self.db.storeData(matches)
   s = self.db.readSettings()
   
   self.db.writeSettings(s["lastrun"], now, s["datatype"], 
                         s["datalife"], s["analysis_level"],
                         s["threat_level"])
   self.cleanOldRecords()
Ejemplo n.º 19
0
 def api_admin_create_user(self):
   mandatory = ['user', 'password']
   validator = Toolkit.requestValidation(request, Advanced_API.getAuth()[1])
   if not validator.check_is_master(): return validator.error
   if validator.check_if_json():
       if not validator.check_attributes(mandatory):
           return validator.error
       if not validator.check_object_exists("userExists", validator.content['user']):
           admin = True if 'admin' in validator.content.keys() else False
           hashed = True if 'hashed' in validator.content.keys() else False
           localonly = True if 'localonly' in validator.content.keys() else False
           db.addUser(user=validator.content['user'], pwd=validator.content['password'], admin=admin, localOnly=localonly, hashed=hashed)
           return make_response(jsonify(message="User {} created".format(validator.content['user'])))
       else:
           return validator.error
   else:
       return validator.error
Ejemplo n.º 20
0
 def api_admin_create_update_cron(self):
     mandatory = ['name']
     validator = Toolkit.requestValidation(request, Advanced_API.getAuth()[1])
     if not validator.check_is_master(): return validator.error
     if validator.check_if_json():
         if not validator.check_attributes(mandatory):
             return  validator.error
         else:
             if not validator.check_object_exists("checkcronexists", validator.content['name'], validator.user):
                 recure = "180" if 'repeat' not in validator.content.keys() else \
                   self.repeatevery[validator.content['repeat']]
                 when = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') if 'when' not in \
                   validator.content.keys() else validator.content['when']
                 description = "" if 'description' not in validator.content.keys() else validator.content['description']
                 db.createCronEntry(name=validator.content['name'], when=when, repeat=recure, owner= validator.user, \
                   isadmincron=True, description=description)
                 return make_response(jsonify(message="Cron {} created".format(validator.content['name'])), 200)
             else:
                 return validator.error
     else:
         return validator.error
Ejemplo n.º 21
0
    def __init__(self, id, name, summary, prerequisites, solutions,
                 weaknesses):
        tk.assertType(str,
                      id=id,
                      name=name,
                      summary=summary,
                      prerequisites=prerequisites,
                      solutions=solutions)
        tk.assertType((list, tuple), weaknesses=weaknesses)
        tk.assertTypeForAllIn(str, weaknesses)

        self.id = id
        self.name = name
        self.summary = summary
        self.prerequisites = prerequisites
        self.solutions = solutions
        self.weaknesses = list(weaknesses)
Ejemplo n.º 22
0
    def JSON2HTMLTableFilter(data, stack = None):
      _return = ""
      if type(stack) == str: stack = [stack]

      if   type(data) == list:
        if len(data) == 1:
          _return += JSON2HTMLTableFilter(data[0], stack)
        else:
          _return += '<ul class="via4">'
          for item in data:
            _return += ('<li>%s</li>'%JSON2HTMLTableFilter(item, stack))
          _return += '</ul>'
      elif type(data) == dict:
        _return += '<table class="invisiTable">'
        for key, val in sorted(data.items()):
          _return += '<tr><td><b>%s</b></td><td>%s</td></tr>'%(key, JSON2HTMLTableFilter(val, stack+[key])) 
        _return += '</table>'
      elif type(data) == str:
        if stack:
          _return += "<a href='/link/"+doublequote('.'.join(stack))+"/"+doublequote(data)+"'>" #link opening
          _return += "<span class='glyphicon glyphicon-link' aria-hidden='true'></span> </a>"
        _return += "<a target='_blank' href='%s'>%s</a>"%(data, data) if tk.isURL(data) else data
      _return += ""
      return _return
Ejemplo n.º 23
0
    def __init__(self,
                 id,
                 summary,
                 vulnerable_configuration,
                 published,
                 modified=None,
                 impact=None,
                 access=None,
                 cvss=None,
                 cwe=None,
                 references=None,
                 cvss_time=None):
        if not references: references = []
        tk.assertType(str, id=id, summary=summary)
        tk.assertType((float, str, None), cvss=cvss)
        tk.assertType(datetime, published=published)
        tk.assertType((datetime, None), modified=modified, cvss_time=cvss_time)
        tk.assertType(list,
                      vulnerable_configuration=vulnerable_configuration,
                      references=references)
        tk.assertType((Impact, None), impact=impact)
        tk.assertType((Access, None), access=access)
        tk.assertType((CWE, None), cwe=cwe)
        tk.assertTypeForAllIn(CPE, vulnerable_configuration)
        tk.assertTypeForAllIn(str, references)

        self.id = id.upper()
        self.cvss = cvss and float(cvss) or None
        self.summary = summary
        self.vulnerable_configuration = vulnerable_configuration
        self.published = published
        self.modified = modified
        self.impact = impact
        self.access = access
        self.cwe = cwe
        self.references = references
        self.cvss_time = cvss_time
Ejemplo n.º 24
0
 def api_cpe22(self, cpe):
   cpe = tk.toOldCPE(cpe)
   return cpe if cpe else "None"
Ejemplo n.º 25
0
    def __init__(self, id, title=None, references=None):
        if not references: references = []
        tk.assertType(str, id=id)
        tk.assertType((str, None), title=title)
        tk.assertType((list, tuple, None), references=references)
        if references:
            tk.assertTypeForAllIn(str, references)

        self.id = tk.toStringFormattedCPE(id)
        self.id_2_2 = tk.toOldCPE(id)
        self.title = title if title else tk.cpeTitle(self.id)
        self.references = references and list(references) or []
Ejemplo n.º 26
0
 def api_cpe22(self, cpe):
     cpe = tk.toOldCPE(cpe)
     return cpe if cpe else "None"
Ejemplo n.º 27
0
 def api_cpe23(self, cpe):
     cpe = tk.toStringFormattedCPE(cpe)
     return cpe if cpe else "None"
Ejemplo n.º 28
0
 def api_cpe23(self, cpe):
   cpe = tk.toStringFormattedCPE(cpe)
   return cpe if cpe else "None"
Ejemplo n.º 29
0
 def cleanOldRecords(self):
   settings = self.db.readSettings()
   now      = calendar.timegm(time.gmtime())
   lifespan = TK.lifeSpanToMinutes(settings["datalife"])
   oldest   = now - (int(lifespan[:-1]) * 60)
   self.db.removeData("age <  %s"%oldest)
Ejemplo n.º 30
0
        type=int,
        help='Analysis level (0: Initial, 1: Ongoing, 2: Completed)')
    argParser.add_argument(
        '-T',
        metavar="integer",
        type=int,
        help='Threat level (4: Undefined, 3: Low, 2: Medium, 1: High)')
    args = argParser.parse_args()

    if not (args.t or args.e or args.d):
        sys.exit("Please choose an option")

    MispEx = MispExtractor(key=args.k, url=args.u)

    data = MispEx.getMISPData(args.s)

    if args.t:
        print(json.dumps(MispEx.getTypes(data), indent=2, sort_keys=True))
    elif args.e:
        MispEx.getExample(data)
    elif args.d:
        search = args.d.lower()
        if search not in MispEx.searches.keys():
            sys.exit("Please use a valid search term")
        matches = MispEx.extractData(data,
                                     search,
                                     threat_level=args.T,
                                     analysis_level=args.A)
        output = TK.generateCSV(matches)
        _output(output)