def create_tool():
adversary_list = q.q_get_adversaries.get_adversaries()
if request.method == "POST":
tool_id = request.form['tool_id']
tool_name = request.form['tool_name']
tool_identifiers = request.form['tool_identifiers']
adversary_id = rast.literal_eval(request.form['related_adversary'])['db_id']
tool_description = request.form['description']
updated_date = time.strftime('%Y-%m-%d %H:%M:%S')
db = get_db()
db.execute(
'INSERT INTO tools (tool_id, tool_name, tool_description, tool_description, author_id)'
' VALUES (?, ?, ?, ?, ?)',
(tool_id, tool_name, tool_description, tool_description, g.user['id'])
)
db.commit()
q_insert_adversary_x_tool.insert_adversary_x_tool(adversary_id, tool_id)
message = 'Successfully created tool'
return render_template('maps/completed.html', message=message)
return render_template('maps/creation/create-tool.html', adversary_list=adversary_list)
def get_adversaries_techniques(adversary_id):
db = get_db()
db.row_factory = make_dicts
try:
query = db.execute(
'select t.tool_name as Tool, tec.technique_id as TechniqueID, \
tec.technique_name as Technique, null as SubtechniqueID, null as Subtechnique \
from adversaries_x_tools at \
inner join tools t on at.tool_id = t.id \
inner join tools_x_techniques tt on t.id = tt.tool_id \
inner join techniques tec on tec.id = tt.technique_id \
where at.adversary_id=? \
\
UNION ALL\
\
select t.tool_name as Tool , tec.technique_id, tec.technique_name, stec.subtechnique_id \
, stec.subtechnique_name from adversaries_x_tools at \
inner join tools t on at.tool_id = t.id \
inner join tools_x_subtechniques st on t.id = st.tool_id \
inner join techniques_x_subtechniques ts on st.subtechnique_id=ts.subtechnique_id \
inner join techniques tec on tec.id=ts.technique_id \
inner join subtechniques stec on stec.id = st.subtechnique_id \
where at.adversary_id=? \
ORDER BY t.tool_name, tec.technique_id, stec.subtechnique_id', (
adversary_id,
adversary_id,
))
result = query.fetchall()
return result
except TypeError:
return False
def create_adversary():
countries_list = q.q_get_countries.get_countries()
if request.method == "POST":
adversary_id = request.form['adversary_id']
adversary_name = request.form['adversary_name']
adversary_description = request.form['description']
adversary_identifiers = request.form['adversary_identifiers']
adversary_origin = request.form['sorigin']
error = None
if not adversary_name:
error = 'Adversary name is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO adversaries (adversary_id, adversary_name, adversary_description, adversary_identifiers, adversary_sorigin, author_id)'
' VALUES (?, ?, ?, ?, ?, ?)',
(adversary_id, adversary_name, adversary_description, adversary_identifiers, adversary_origin, g.user['id'])
)
db.commit()
message = 'Successfully created Adversary'
return render_template('maps/completed.html', message=message)
return render_template('maps/creation/create-adversary.html', countries_list=countries_list, request_adversary = '')
def edit_tactic():
try:
if request.method == 'POST':
edited = request.form
db_id = edited['db_id']
tactic_id = edited['adversary_id']
tactic_name = edited['adversary_name']
tactic_description = edited['description']
updated_date = time.strftime('%Y-%m-%d %H:%M:%S')
db = get_db()
db.execute(
'UPDATE tactics SET tactic_id=?, tactic_name=?, tactic_description=?, updated_date=?, updated_by=? WHERE id=?',
(
tactic_id,
tactic_name,
tactic_description,
updated_date,
g.user['id'],
db_id,
))
db.commit()
return redirect('/explore-tactics')
except:
return render_template('maps/404.html')
def create_technique():
tactics_list = q.q_get_tactics.get_tactics()
if request.method == "POST":
technique_id = request.form['id']
technique_name = request.form['name']
technique_description = request.form['description']
unprocessed_tactic = request.form['tactic']
processed_tactic_str =request.form['tactic'].replace('\'','\"')
technique_tactic = json.loads(processed_tactic_str)
tactic = technique_tactic['Name']
db = get_db()
result = db.execute(
'INSERT INTO techniques (technique_id, technique_name, technique_description, author_id)'
' VALUES (?, ?, ?, ?)',
(technique_id, technique_name, technique_description, g.user['id'])
)
db.commit()
technique_db_id = result.lastrowid
tactic_id = q.q_get_element_id.get_element_id('tactics', 'tactic_name', tactic)
q_insert_tactic_x_technique.insert_tactic_x_technique(tactic_id, technique_db_id)
message = 'Successfully created technique'
return render_template('maps/completed.html', message=message)
return render_template('maps/creation/create-technique.html', tactics_list=tactics_list)
def edit_technique():
try:
if request.method == 'POST':
edited = request.form
db_id = edited['db_id']
technique_id = edited['technique_id']
technique_name = edited['technique_name']
tactic_id = ast.literal_eval(
request.form['related_tactic'])['db_id']
technique_description = edited['description']
updated_date = time.strftime('%Y-%m-%d %H:%M:%S')
db = get_db()
db.execute(
'UPDATE tools SET technique_id=?, technique_name=?, technique_description=?, updated_date=?, updated_by=? WHERE id=?',
(
technique_id,
technique_name,
technique_description,
updated_date,
g.user['id'],
db_id,
))
db.commit()
q_insert_tactic_x_technique.insert_tactic_x_technique(
tactic_id, technique_db_id)
return redirect('/explore-techniques')
except:
return render_template('maps/404.html')
def edit_subtechnique():
try:
if request.method == 'POST':
edited = request.form
db_id = edited['db_id']
subtechnique_id = edited['subtechnique_id']
subtechnique_name = edited['subtechnique_name']
subtechnique_tactic = edited['subtechnique_tactic']
subtechnique_description = edited['description']
updated_date = time.strftime('%Y-%m-%d %H:%M:%S')
db = get_db()
db.execute(
'UPDATE techniques SET subtechnique_id=?, subtechnique_name=?, subtechnique_description=?, updated_date=?, updated_by=? WHERE id=?',
(
subtechnique_id,
subtechnique_name,
subtechnique_description,
updated_date,
g.user['id'],
db_id,
))
db.commit()
return redirect('/explore-subtechniques')
except:
return render_template('maps/404.html')
def edit_tool():
try:
if request.method == 'POST':
edited = request.form
db_id = edited['db_id']
tool_id = edited['tool_id']
tool_name = edited['tool_name']
tool_identifiers = edited['tool_identifiers']
adversary_id = ast.literal_eval(
request.form['related_adversary'])['db_id']
tool_description = edited['tool_description']
updated_date = time.strftime('%Y-%m-%d %H:%M:%S')
db = get_db()
db.execute(
'UPDATE tools SET tool_id=?, tool_name=?, tool_description=?, tool_identifiers=?, updated_date=?, updated_by=? WHERE id=?',
(
tool_id,
tool_name,
tool_description,
tool_identifiers,
updated_date,
g.user['id'],
db_id,
))
db.commit()
q_insert_adversary_x_tool.insert_adversary_x_tool(
adversary_id, tool_id)
return redirect('/explore-tools')
except:
return render_template('maps/404.html')
def edit_adversary():
try:
if request.method == 'POST':
edited = request.form
db_id = edited['db_id']
adversary_id = edited['adversary_id']
adversary_name = edited['adversary_name']
adversary_identifiers = edited['adversary_identifiers']
adversary_sorigin = edited['sorigin']
adversary_description = edited['description']
updated_date = time.strftime('%Y-%m-%d %H:%M:%S')
db = get_db()
db.execute(
'UPDATE adversaries SET adversary_id=?, adversary_name=?, adversary_description=?, adversary_identifiers=?, adversary_sorigin=?, updated_date=?, updated_by=? WHERE id=?',
(
adversary_id,
adversary_name,
adversary_description,
adversary_identifiers,
adversary_sorigin,
updated_date,
g.user['id'],
db_id,
))
db.commit()
message = 'Successfully created adversaries'
return render_template('maps/completed.html', message=message)
except:
return render_template('maps/404.html')
def create_subtechnique():
techniques_list = q.q_get_techniques.get_techniques()
if request.method == "POST":
subtechnique_id = request.form['db_id']
subtechnique_name = request.form['subtechnique_name']
technique_id = ast.literal_eval(request.form['related_technique'])['db_id']
subtechnique_description = request.form['description']
db = get_db()
result = db.execute(
'INSERT INTO subtechniques (subtechnique_id, subtechnique_name, subtechnique_description, author_id)'
' VALUES (?, ?, ?, ?)',
(subtechnique_id, subtechnique_name, subtechnique_description, g.user['id'])
)
db.commit()
subtechnique_db_id = result.lastrowid
insert_into_table = q.q_insert_relation_into_tables.insert_relation_into_tables('techniques_x_subtechniques', 'technique_id', 'subtechnique_id', technique_id, subtechnique_db_id)
message = 'Successfully created subtechnique'
return render_template('maps/completed.html', message=message)
return render_template('maps/creation/create-subtechnique.html', techniques_list=techniques_list)
def get_tools_x_subtechniques(subtechnique=''):
db = get_db()
db.row_factory = make_dicts
try:
if subtechnique:
query = db.execute(
'SELECT t.tool_id As \'ToolID\', t.tool_name as Tool, subtec.subtechnique_id as \'SubtechniqueID\', subtec.subtechnique_name as Subtechnique \
FROM tools t \
inner join adversaries_x_tools axt on axt.tool_id=t.id \
inner join tools_x_subtechniques txt on txt.subtechnique_id=t.id \
inner join subtechniques subtec on subtec.id=txt.subtechnique_id \
WHERE t.id=?', (subtechnique, )).fetchall()
return query
else:
query = db.execute(
'SELECT t.tool_id As \'ToolID\', t.tool_name as Tool, subtec.subtechnique_id as \'SubtechniqueID\', subtec.subtechnique_name as Subtechnique \
FROM tools t \
inner join adversaries_x_tools axt on axt.tool_id=t.id \
inner join tools_x_subtechniques txt on txt.subtechnique_id=t.id \
inner join subtechniques subtec on subtec.id=txt.subtechnique_id \
ORDER BY t.tool_name').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM users WHERE id = ?',
(user_id, )).fetchone()
def get_countries():
db = get_db()
try:
db.row_factory = lambda cursor, row: row[0]
query = db.execute(
'SELECT country FROM countries ORDER BY country').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_industries():
db = get_db()
try:
db.row_factory = make_dicts
query = db.execute(
'SELECT id as db_id, industry_name as Industry FROM industries ORDER BY industry_name ASC').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def insert_adversary_x_event(adversary_id, event_id):
author_id = g.user['id']
g.db = get_db()
query='INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format('adversaries_x_events', 'author_id', 'adversary_id', 'event_id')
result = g.db.execute(query, (author_id, adversary_id, event_id))
g.db.commit()
element_id = result.lastrowid
return element_id
def get_events():
db = get_db()
try:
db.row_factory = make_dicts
query = db.execute(
'SELECT event_name as Event, event_description as Description, event_url as URL FROM events'
).fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_adversaries_x_industry():
db = get_db()
try:
db.row_factory = make_dicts
#db.row_factory = lambda cursor, row: {row: row[0]}
query = db.execute(
'SELECT adversary_id as ID, adversary_name as Name, adversary_identifiers as Identifiers, adversary_description as Description FROM adversaries ORDER BY Name').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def insert_tactic_x_technique(tactic_id, technique_id):
author_id = g.user['id']
g.db = get_db()
query = 'INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format(
'tactics_x_techniques', 'author_id', 'tactic_id', 'technique_id')
result = g.db.execute(query, (author_id, tactic_id, technique_id))
g.db.commit()
element_id = result.lastrowid
return element_id
def insert_relation_into_tables(table, relation_name, element_name, related_id,
element_id):
author_id = g.user['id']
g.db = get_db()
query = 'INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format(
table, 'author_id', relation_name, element_name)
result = g.db.execute(query, (author_id, related_id, element_id))
g.db.commit()
element_id = result.lastrowid
return element_id
def insert_tool_x_techn(table, tool_id, technique_id):
try:
author_id = g.user['id']
except (NameError, TypeError) as error:
author_id = 1
g.db = get_db()
query='INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format(table, 'author_id', 'tool_id', 'technique_id')
result = g.db.execute(query, (author_id, tool_id, technique_id))
g.db.commit()
element_id = result.lastrowid
return element_id
def get_most_used_techniques():
db = get_db()
try:
db.row_factory = make_dicts
query = db.execute(
'SELECT t.technique_id as \'TechniqueID\', t.technique_name as Technique, count(*) as Hits FROM techniques t \
inner join tools_x_techniques txt on txt.technique_id=t.id \
GROUP by t.technique_name \
ORDER BY Hits Desc').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_adversaries_x_event():
db = get_db()
try:
db.row_factory = make_dicts
#db.row_factory = lambda cursor, row: {row: row[0]}
query = db.execute(
'select a.adversary_id, a.adversary_name, event_name, event_description from events e \
inner join adversaries_x_events ae on ae.event_id = e.id \
inner join adversaries a on a.id = ae.adversary_id ORDER BY adversary_name'
).fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_element_id(table, column,
value): #FROM MOBILE, TECHNIQUE 'COMPROMISE' needs fixing
value2 = value.replace('-', ' ').lower()
db = get_db()
try:
query = db.execute(
'SELECT id FROM {} WHERE lower({}) is ?'.format(table, column),
(value2, ))
result = query.fetchone()
return result['id']
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_events_x_industry():
db = get_db()
db.row_factory = make_dicts
try:
query = db.execute(
'select a.adversary_name, i.industry_name, e.event_name from events e \
inner join events_x_industries ei on e.id = ei.event_id \
inner join industries i on i.id = ei.industry_id \
inner join adversaries_x_events ae on ae.event_id = e.id \
inner join adversaries a on a.id = ae.adversary_id').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_adversaries_x_tool():
db = get_db()
try:
db.row_factory = make_dicts
query = db.execute(
"SELECT a.adversary_id As \'Adversary ID\', a.adversary_name as Adversary, t.tool_id as \'Tool ID\', t.tool_name as Tool \
FROM adversaries a \
inner join adversaries_x_tools axt on axt.adversary_id=a.id \
inner join tools t on axt.tool_id=t.id \
ORDER BY a.adversary_name").fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def insert_into_events(event_name, event_description, event_url):
author_id = g.user['id']
g.db = get_db()
query = 'INSERT INTO events ({}, {}, {}, {}) VALUES (?, ?, ?, ?)'.format(
'author_id', 'event_name', 'event_description', 'event_url')
result = g.db.execute(
query, (author_id, event_name, event_description, event_url))
g.db.commit()
element_id = result.lastrowid
return element_id
def get_adversaries_sorigin():
db = get_db()
try:
db.row_factory = make_dicts
#db.row_factory = lambda cursor, row: {row: row[0]}
query = db.execute(
'SELECT adversary_sorigin as \'Suspected Origin\', GROUP_CONCAT(adversary_name) as Adversary \
FROM adversaries \
where adversary_sorigin is not null \
GROUP BY adversary_sorigin;').fetchall()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_subtechniques(subtechnique=''):
db = get_db()
db.row_factory = make_dicts
try:
if not subtechnique:
query = db.execute(
'SELECT id as \'db_id\', subtechnique_id as ID, subtechnique_name as Subtechnique, subtechnique_description as Description FROM subtechniques ORDER BY subtechnique_name ASC'
).fetchall()
return query
else:
query = db.execute('SELECT * FROM subtechniques WHERE id is ?',
(subtechnique, )).fetchone()
return query
except TypeError:
return False #Change this for something more meaningful -- warning/alert
def get_tools(tool=''):
db = get_db()
db.row_factory = make_dicts
try:
if not tool:
query = db.execute(
'SELECT id as \'db_id\', tool_id as ID, tool_name as Tool, tool_description as Description, tool_identifiers as Identifiers FROM tools ORDER BY tool_name').fetchall()
return query
else:
query = db.execute( 'SELECT * FROM tools WHERE id is ?',
(tool,)
).fetchone()
return query
except TypeError:
#embed()
return False #Change this for something more meaningful -- warning/alert
def get_adversaries(adversary=''):
db = get_db()
db.row_factory = make_dicts
try:
if not adversary:
query = db.execute(
'SELECT id as db_id, adversary_id as ID, adversary_name as Adversary, adversary_identifiers as Identifiers, adversary_description as Description \
FROM adversaries ORDER BY adversary_name ASC').fetchall()
return query
else:
query = db.execute('SELECT * FROM adversaries WHERE id is ?',
(adversary, )).fetchone()
return query
except TypeError:
return False
