def graph_node(klass, id):
if klass == 'entity':
node = get_object_or_404(Entity, id=id)
else:
node = get_object_or_404(Observable, id=id)
investigation = Investigation().save()
investigation.add([], [node])
return render_template("graph.html", investigation=bson_renderer(investigation.info()))
def graph_node(self, klass, id):
if klass == 'entity':
node = get_object_or_404(Entity, id=id)
elif klass == 'indicator':
node = get_object_or_404(Indicator, id=id)
else:
node = get_object_or_404(Observable, id=id)
investigation = Investigation().save()
investigation.add([], [node])
return render_template("{}/graph.html".format(self.klass.__name__.lower()), investigation=bson_renderer(investigation.info()))
def deladmin(self):
gid = request.args.get("gid")
uid = request.args.get("uid")
user = get_object_or_404(User, id=uid)
group = get_object_or_404(Group, id=gid)
if group and current_user.has_role("admin") or \
Group.objects(admins__in=[current_user.id], id=gid, enabled=True):
#ToDo reload page
group.update(pull__admins=user.id)
flash(
"User: {} deleted from admins: {}".format(
user.username, group.groupname), "success")
return redirect(request.referrer)
def usertogroup(self):
gid = request.form.get("gid")
uid = request.form.get("uid")
user = get_object_or_404(User, id=uid)
group = get_object_or_404(Group, id=gid)
if user and current_user.has_role("admin") or \
Group.objects(admins__in=[current_user.id], id=gid, enabled=True):
group.update(add_to_set__members=user.id)
flash(
"Added user: {} to group: {}".format(user.username,
group.groupname),
"success")
return redirect(request.referrer)
def graph_node(self, klass, id):
if klass == 'entity':
node = get_object_or_404(Entity, id=id)
elif klass == 'indicator':
node = get_object_or_404(Indicator, id=id)
else:
node = get_object_or_404(Observable, id=id)
investigation = Investigation(created_by=current_user.username).save()
investigation.add([], [node])
return render_template(
"{}/graph.html".format(self.klass.__name__.lower()),
investigation=bson_renderer(investigation.info()))
def run(self, id):
"""Runs a One-Shot Analytics
Asynchronously runs a One-Shot Analytics against a given observable.
Returns an ``AnalyticsResults`` instance, which can then be used to fetch
the analytics results
:query ObjectID id: Analytics ID
:form ObjectID id: Observable ID
:>json object: JSON object representing the ``AnalyticsResults`` instance
"""
analytics = get_object_or_404(self.objectmanager, id=id)
observable = get_object_or_404(Observable, id=request.form.get('id'))
return render(analytics.run(observable, current_user.settings).to_mongo())
def import_wait(self, id):
results = get_object_or_404(ImportResults, id=id)
return render_template(
"{}/import_wait.html".format(self.klass.__name__.lower()),
import_results=results,
)
def change_password():
if current_user.has_role('admin') and request.args.get('id'):
u = get_object_or_404(User, id=request.args.get('id'))
else:
u = current_user
current = request.form.get("current", "")
new = request.form.get("new", "")
bis = request.form.get("bis", "")
if not current_user.has_role('admin'):
if not check_password_hash(u.password, current):
flash('Current password is invalid', 'danger')
return redirect(request.referrer)
if new != bis:
flash('Password confirmation differs from new password.', 'danger')
else:
u = set_password(u, new)
u.save()
# re-execute the login if the changes were made on current_user
if u.id == current_user.id:
login_user(u)
flash('Password was successfully changed.', 'success')
return redirect(request.referrer)
def run(self, id):
"""Runs a One-Shot Analytics
Asynchronously runs a One-Shot Analytics against a given observable.
Returns an ``AnalyticsResults`` instance, which can then be used to fetch
the analytics results
:query ObjectID id: Analytics ID
:form ObjectID id: Observable ID
:>json object: JSON object representing the ``AnalyticsResults`` instance
"""
analytics = get_object_or_404(self.objectmanager, id=id)
observable = get_object_or_404(Observable, id=request.form.get('id'))
return render(
analytics.run(observable, current_user.settings).to_mongo())
def bulk_add(self, id):
i = get_object_or_404(self.objectmanager, id=id)
data = loads(request.data)
nodes = []
response = {'status': 'ok', 'message': ''}
try:
for node in data['nodes']:
if node['type'] in globals() and issubclass(
globals()[node['type']], Observable):
_type = globals()[node['type']]
try:
n = _type.get_or_create(value=node['value'])
except ObservableValidationError as e:
logging.error((node, e))
continue
if node['new_tags']:
n.tag(node['new_tags'].split(', '))
nodes.append(n)
i.add([], nodes)
except Exception, e:
response = {'status': 'error', 'message': str(e)}
def export(self):
template = get_object_or_404(ExportTemplate, id=request.form['template'])
filepath = os.path.join(gettempdir(), 'yeti_{}.txt'.format(uuid4()))
template.render(self._get_queryset(request.form), filepath)
return send_file(filepath)
def profile(self):
if request.args.get('id') and current_user.has_role('admin'):
user = get_object_or_404(User, id=request.args.get('id'))
else:
user = current_user
if request.method == "POST":
for setting in request.form:
if request.form[setting]:
user.settings[setting] = request.form[setting]
user.save()
for setting in request.form:
if not request.form[setting]:
user.settings.pop(setting, None)
user.save()
if current_user.has_role('admin') and user.id != current_user.id:
return render_template(
"user/profile_admin.html",
available_settings=User.get_available_settings(),
user=user)
else:
return render_template(
"user/profile.html",
available_settings=User.get_available_settings(),
user=user)
def bulk_add(self, id):
i = get_object_or_404(self.objectmanager, id=id)
data = loads(request.data)
nodes = []
response = {"status": "ok", "message": ""}
try:
for node in data["nodes"]:
if node["type"] in globals() and issubclass(
globals()[node["type"]], Observable):
_type = globals()[node["type"]]
try:
n = _type.get_or_create(value=node["value"])
except ObservableValidationError as e:
logging.error((node, e))
continue
if node["new_tags"]:
n.tag(node["new_tags"].split(", "))
nodes.append(n)
i.add([], nodes)
except Exception as e:
response = {"status": "error", "message": str(e)}
return render(response)
def profile(self):
if request.args.get('id') and current_user.has_role('admin'):
user = get_object_or_404(User, id=request.args.get('id'))
else:
user = current_user
if request.method == "POST":
for setting in request.form:
if request.form[setting]:
user.settings[setting] = request.form[setting]
user.save()
for setting in request.form:
if not request.form[setting]:
user.settings.pop(setting, None)
user.save()
if current_user.has_role('admin') and user.id != current_user.id:
return render_template(
"user/profile_admin.html",
available_settings=User.get_available_settings(),
user=user)
else:
return render_template(
"user/profile.html",
available_settings=User.get_available_settings(),
user=user)
def get(self, id):
"""Get details on a specific element
:query ObjectID id: Element ID
"""
obj = get_object_or_404(self.objectmanager, id=id)
return render(obj, self.template_single)
def get(self, id):
"""Get details on a specific element
:query ObjectID id: Element ID
"""
obj = get_object_or_404(self.objectmanager, id=id)
return render(obj, self.template_single)
def change_password():
if current_user.has_role('admin') and request.args.get('id'):
u = get_object_or_404(User, id=request.args.get('id'))
else:
u = current_user
current = request.form.get("current", "")
new = request.form.get("new", "")
bis = request.form.get("bis", "")
if not current_user.has_role('admin'):
if not check_password_hash(u.password, current):
flash('Current password is invalid', 'danger')
return redirect(request.referrer)
if new != bis:
flash('Password confirmation differs from new password.', 'danger')
else:
u = set_password(u, new)
u.save()
# re-execute the login if the changes were made on current_user
if u.id == current_user.id:
login_user(u)
flash('Password was successfully changed.', 'success')
return redirect(request.referrer)
def new(self):
"""Create a new link
Create a new link from the JSON object passed in the ``POST`` data.
:<json object params: JSON object containing object ids to link
"""
type_map = {
"observable": observables.Observable,
"entity": entities.Entity,
"indicator": indicators.Indicator,
}
mandatory_params = ["type_src", "type_dst", "link_src", "link_dst"]
params = request.json
if not all(key in params for key in mandatory_params):
abort(400)
type_src = params["type_src"]
type_dst = params["type_dst"]
src_object_class = type_map.get(type_src)
dst_object_class = type_map.get(type_dst)
if not src_object_class or not dst_object_class:
abort(404)
src = get_object_or_404(src_object_class, id=params["link_src"])
dst = get_object_or_404(dst_object_class, id=params["link_dst"])
try:
if params.get("first_seen") and params.get("last_seen"):
link = src.link_to(
dst,
params.get("description"),
params.get("source"),
params["first_seen"],
params["last_seen"],
)
else:
link = src.active_link_to(dst, params.get("description"),
params.get("source"))
except Exception as e:
logging.error(e)
abort(400)
return render({"link": link})
def file_content(self, sha256):
"""Get a file's contents
:query string sha256: The file's SHA-256 hash
:response object files: Content of files, served as an attachment
"""
f = get_object_or_404(AttachedFile, sha256=sha256)
return make_response(send_file(f.filepath, as_attachment=True, attachment_filename=f.filename))
def export(self):
template = get_object_or_404(ExportTemplate,
id=request.form["template"])
filepath = path.join(gettempdir(), "yeti_{}.txt".format(uuid4()))
template.render(self._get_selected_observables(request.form), filepath)
return send_file(filepath, as_attachment=True)
def post(self, id=None, action=None):
if id is None or action is None:
return super(InvestigationApi, self).post(id)
else:
method = find_method(self, action, "action")
investigation = get_object_or_404(Investigation, id=id)
return method(investigation)
def import_from(self, id):
investigation = get_object_or_404(Investigation, id=id)
observables = Observable.from_string(investigation.import_text)
return render_template(
"{}/import_from.html".format(self.klass.__name__.lower()),
investigation=investigation,
observables=bson_renderer(observables))
def export(self):
template = get_object_or_404(ExportTemplate,
id=request.form['template'])
filepath = path.join(gettempdir(), 'yeti_{}.txt'.format(uuid4()))
template.render(self._get_queryset(request.form), filepath)
return send_file(filepath)
def file_content(self, sha256):
"""Get a file's contents
:query string sha256: The file's SHA-256 hash
:response object files: Content of files, served as an attachment
"""
f = get_object_or_404(AttachedFile, sha256=sha256)
return make_response(send_file(f.filepath, as_attachment=True, attachment_filename=f.filename))
def export(self):
template = get_object_or_404(
ExportTemplate, id=request.form['template'])
filepath = path.join(gettempdir(), 'yeti_{}.txt'.format(uuid4()))
template.render(self._get_selected_observables(request.form), filepath)
return send_file(filepath, as_attachment=True)
def graph(self, id):
investigation = get_object_or_404(Investigation, id=id)
if group_user_permission(investigation):
return render_template(
"{}/graph.html".format(self.klass.__name__.lower()),
investigation=bson_renderer(investigation.info()))
abort(403)
def attach_file(self, id):
if 'file' not in request.files:
abort(400)
e = get_object_or_404(self.klass, id=id)
f = AttachedFile.from_upload(request.files['file'])
if f:
f.attach(e)
return redirect(url_for('frontend.{}:get'.format(self.__class__.__name__), id=e.id))
def delete(self, id):
"""Deletes the corresponding entry from the database
:query ObjectID id: Element ID
:>json string deleted: The deleted element's ObjectID
"""
obj = get_object_or_404(self.objectmanager, id=id)
obj.delete()
return render({"deleted": id})
def delete(self, id):
"""Deletes the corresponding entry from the database
:query ObjectID id: Element ID
:>json string deleted: The deleted element's ObjectID
"""
obj = get_object_or_404(self.objectmanager, id=id)
obj.delete()
return render({"deleted": id})
def remove_context(self, id):
"""Removes context from an observable
:<json object context: Context JSON to be added. Must include a ``source`` key.
:>json object: The context object that was actually delete
"""
observable = get_object_or_404(self.objectmanager, id=id)
context = request.json.pop("context", {})
observable.remove_context(context)
return render(context)
def remove_context(self, id):
"""Removes context from an observable
:<json object context: Context JSON to be added. Must include a ``source`` key.
:>json object: The context object that was actually delete
"""
observable = get_object_or_404(self.objectmanager, id=id)
context = request.json.pop('context', {})
observable.remove_context(context)
return render(context)
def attach_file(self, id):
if 'file' not in request.files:
abort(400)
e = get_object_or_404(self.klass, id=id)
f = AttachedFile.from_upload(request.files['file'])
if f:
f.attach(e)
return redirect(
url_for('frontend.{}:get'.format(self.__class__.__name__), id=e.id))
def context(self, id):
"""Add context to an observable
:<json object context: Context JSON to be added. Must include a ``source`` key.
:<json string old_source: String defining the source to be replaced.
:>json object: The context object that was actually added
"""
observable = get_object_or_404(self.objectmanager, id=id)
context = request.json.pop('context', {})
old_source = request.json.pop('old_source', None)
observable.add_context(context, replace_source=old_source)
return render(context)
def context(self, id):
"""Add context to an observable
:<json object context: Context JSON to be added. Must include a ``source`` key.
:<json string old_source: String defining the source to be replaced.
:>json object: The context object that was actually added
"""
observable = get_object_or_404(self.objectmanager, id=id)
context = request.json.pop("context", {})
old_source = request.json.pop("old_source", None)
observable.add_context(context, replace_source=old_source)
return render(context)
def post(self, id):
"""Modify an element
Edit an existing element according to the JSON object passed in the ``POST`` data.
:query ObjectID id: Element ID
:<json object params: JSON object containing fields to set
"""
obj = get_object_or_404(self.objectmanager, id=id)
params = self._parse_request(request.json)
obj = obj.clean_update(**params)
return render(obj)
def post(self, id):
"""Modify an element
Edit an existing element according to the JSON object passed in the ``POST`` data.
:query ObjectID id: Element ID
:<json object params: JSON object containing fields to set
"""
obj = get_object_or_404(self.objectmanager, id=id)
params = self._parse_request(request.json)
obj = obj.clean_update(**params)
return render(obj)
def list_files(self, id):
"""List files attached to an element
:query ObjectID id: Element ID
:<json object files: JSON object containing a list of serialized AttachedFile objects
"""
l = []
entity = get_object_or_404(self.objectmanager, id=id)
for f in entity.attached_files:
i = f.info()
i['content_uri'] = url_for("api.Entity:file_content", sha256=f.sha256)
l.append(i)
return render(l)
def list_files(self, id):
"""List files attached to an element
:query ObjectID id: Element ID
:<json object files: JSON object containing a list of serialized AttachedFile objects
"""
l = []
entity = get_object_or_404(self.objectmanager, id=id)
for f in entity.attached_files:
i = f.info()
i['content_uri'] = url_for("api.Entity:file_content", sha256=f.sha256)
l.append(i)
return render(l)
def profile(self):
if request.args.get("id"):
gid = request.args.get("id")
group = get_object_or_404(Group, id=gid)
if current_user.has_role("admin") or \
Group.objects(admins__in=[current_user.id], id=gid, enabled=True):
return render_template(
"group/profile.html",
group=group,
users=User.objects.all(),
)
flash("Group not specified", "dangeros")
return redirect(request.referrer)
def toggle(self, id):
"""Toggles a One-shot Analytics
One-Shot Analytics can be individually disabled using this endpoint.
:query ObjectID id: Analytics ID
:>json ObjectID id: The Analytics's ObjectID
:>json boolean status: The result of the toggle operation (``true`` means the export has been enabled, ``false`` means it has been disabled)
"""
analytics = get_object_or_404(self.objectmanager, id=id)
analytics.enabled = not analytics.enabled
analytics.save()
return render({"id": analytics.id, "status": analytics.enabled})
def toggle(self, id):
"""Toggles a One-shot Analytics
One-Shot Analytics can be individually disabled using this endpoint.
:query ObjectID id: Analytics ID
:>json ObjectID id: The Analytics's ObjectID
:>json boolean status: The result of the toggle operation (``true`` means the export has been enabled, ``false`` means it has been disabled)
"""
analytics = get_object_or_404(self.objectmanager, id=id)
analytics.enabled = not analytics.enabled
analytics.save()
return render({"id": analytics.id, "status": analytics.enabled})
def permissions(self, id):
user = get_object_or_404(User, id=id)
permdict = {}
if request.method == "POST":
for object_name, permissions in user.permissions.items():
if not isinstance(permissions, dict):
permdict[object_name] = bool(request.form.get("{}".format(object_name), False))
else:
if object_name not in permdict:
permdict[object_name] = {}
for p in permissions:
permdict[object_name][p] = bool(request.form.get("{}_{}".format(object_name, p), False))
user.permissions = permdict
user.save()
flash("Permissions changed successfully", "success")
return redirect(request.referrer)
return render_template("user/permissions.html", user=user)
def status(self, id):
results = get_object_or_404(analytics.AnalyticsResults, id=id)
nodes_id = set()
nodes = list()
links = list()
for link in results.results:
for node in (link.src, link.dst):
if node.id not in nodes_id:
nodes_id.add(node.id)
nodes.append(node.to_mongo())
links.append(link.to_dict())
results = results.to_mongo()
results['results'] = {'nodes': nodes, 'links': links}
return render(results)
def permissions(self, id):
user = get_object_or_404(User, id=id)
permdict = {}
if request.method == "POST":
for object_name, permissions in user.permissions.items():
if not isinstance(permissions, dict):
permdict[object_name] = bool(
request.form.get("{}".format(object_name), False))
else:
if object_name not in permdict:
permdict[object_name] = {}
for p in permissions:
permdict[object_name][p] = bool(
request.form.get("{}_{}".format(object_name, p),
False))
user.permissions = permdict
user.save()
flash("Permissions changed successfully", "success")
return redirect(request.referrer)
return render_template("user/permissions.html", user=user)
def bulk_add(self, id):
i = get_object_or_404(self.objectmanager, id=id)
data = loads(request.data)
nodes = []
response = {'status': 'ok', 'message': ''}
try:
for node in data['nodes']:
if node['type'] in globals() and issubclass(
globals()[node['type']], Observable):
_type = globals()[node['type']]
n = _type.get_or_create(value=node['value'])
if node['new_tags']:
n.tag(node['new_tags'].split(', '))
nodes.append(n)
i.add([], nodes)
except Exception, e:
response = {'status': 'error', 'message': str(e)}
def profile(self):
if request.args.get("id") and current_user.has_role("admin"):
user = get_object_or_404(User, id=request.args.get("id"))
else:
user = current_user
if request.method == "POST":
for setting in request.form:
if request.form[setting]:
user.settings[setting] = request.form[setting]
user.save()
for setting in request.form:
if not request.form[setting]:
user.settings.pop(setting, None)
user.save()
groups = Group.objects(members__in=[user.id])
all_groups = Group.objects()
if current_user.has_role("admin") and user.id != current_user.id:
return render_template(
"user/profile_admin.html",
available_settings=User.get_available_settings(),
user=user,
groups=groups,
all_groups=all_groups,
)
else:
return render_template(
"user/profile.html",
available_settings=User.get_available_settings(),
user=user,
groups=groups,
all_groups=all_groups,
)
def import_results(self, id):
results = get_object_or_404(ImportResults, id=id)
return render(results.to_mongo())
def get(self, id):
f = get_object_or_404(AttachedFile, id=id)
return make_response(send_file(f.filepath))
def post(self, id, action):
method = find_method(self, action, "action")
analytics = get_object_or_404(OneShotAnalytics, id=id)
return method(analytics)
def rename(self, id):
i = get_object_or_404(self.objectmanager, id=id)
i.modify(name=request.json['name'], updated=datetime.utcnow())
return render("ok")
def graph(self, id):
investigation = get_object_or_404(Investigation, id=id)
return render_template("{}/graph.html".format(self.klass.__name__.lower()), investigation=bson_renderer(investigation.info()))
def run(self, analytics):
args = self.parser.parse_args()
observable = get_object_or_404(Observable, id=args["id"])
return render(analytics.run(observable).to_mongo())
def status(self, id):
results = get_object_or_404(analytics.AnalyticsResults, id=id)
results.pop('settings')
return render(self._analytics_results(results))
def remove(self, id):
i = get_object_or_404(self.objectmanager, id=id)
data = loads(request.data)
i.remove(iterify(data['links']), iterify(data['nodes']))
return render(i.info())
def reset_api(self, id):
user = get_object_or_404(User, id=id)
user.api_key = User.generate_api_key()
user.save()
flash("API key reset", "success")
return redirect(request.referrer)
def rename(self, id):
i = get_object_or_404(self.objectmanager, id=id)
i.modify(name=request.json['name'], updated=datetime.utcnow())
return render("ok")
def graph(id):
investigation = get_object_or_404(Investigation, id=id)
return render_template("graph.html", investigation=bson_renderer(investigation.info()))
def remove(self, id):
i = get_object_or_404(self.objectmanager, id=id)
data = loads(request.data)
i.remove(iterify(data['links']), iterify(data['nodes']))
return render(i.info())
def detach_file(self, id, fileid):
f = get_object_or_404(AttachedFile, id=fileid)
e = get_object_or_404(self.klass, id=id)
f.detach(e)
return redirect(url_for('frontend.{}:get'.format(self.__class__.__name__), id=id))
def detach_file(self, id, fileid):
f = get_object_or_404(AttachedFile, id=fileid)
e = get_object_or_404(self.klass, id=id)
f.detach(e)
return redirect(
url_for('frontend.{}:get'.format(self.__class__.__name__), id=id))
