def add_new_backdoor(name, version=None, aliases=None, description=None, source=None, source_method=None, source_reference=None, campaign=None, confidence=None, user=None, bucket_list=None, ticket=None): """ Add an Backdoor to CRITs. :param name: The name of the backdoor. :type name: str :param version: Version of the backdoor. :type version: str :param aliases: Aliases for the backdoor. :type aliases: list or str :param description: Description of the backdoor. :type description: str :param source: Name of the source which provided this information. :type source: str :param source_method: Method of acquiring this data. :type source_method: str :param source_reference: A reference to this data. :type source_reference: str :param campaign: A campaign to attribute to this backdoor. :type campaign: str :param confidence: Confidence level in the campaign attribution. :type confidence: str ("low", "medium", "high") :param user: The user adding this backdoor. :type user: str :param bucket_list: Buckets to assign to this backdoor. :type bucket_list: str :param ticket: Ticket to assign to this backdoor. :type ticket: str :returns: dict with keys: "success" (boolean), "message" (str), "id" (str), "object" (if successful) :class:`crits.backdoors.backdoor.Backdoor` """ retVal = {'success': False, 'message': ''} if isinstance(source, basestring): source = [create_embedded_source(source, reference=source_reference, method=source_method, analyst=user)] elif isinstance(source, EmbeddedSource): source = [source] if not source: retVal['message'] = "Missing source information." return retVal # When creating a backdoor object we can potentially create multiple # objects. If we are given a name but no version we will create an object # with just the name (called the "family backdoor"). If given a name and a # version we will create the family backdoor and the specific backdoor for # that given version. # In case we create more than one backdoor object, store the created ones # in this list. The list is walked later on and attributes applied to each # object. objs = [] # First check if we have the family (name and no version). family = Backdoor.objects(name=name, version='').first() if not family: # Family does not exist, new object. Details are handled later. family = Backdoor() family.name = name family.version = '' objs.append(family) # Now check if we have the specific instance for this name + version. backdoor = None if version: backdoor = Backdoor.objects(name=name, version=version).first() if not backdoor: # Backdoor does not exist, new object. Details are handled later. backdoor = Backdoor() backdoor.name = name backdoor.version = version objs.append(backdoor) # At this point we have a family object and potentially a specific object. # Add the common parameters to all objects in the list and save them. for backdoor in objs: for s in source: backdoor.add_source(s) # Don't overwrite existing description. if description and backdoor.description == '': backdoor.description = description.strip() if isinstance(campaign, basestring): c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=user) campaign = [c] if campaign: for camp in campaign: backdoor.add_campaign(camp) if aliases: if isinstance(aliases, basestring): aliases = aliases.split(',') for alias in aliases: alias = alias.strip() if alias not in backdoor.aliases: backdoor.aliases.append(alias) if bucket_list: backdoor.add_bucket_list(bucket_list, user) if ticket: backdoor.add_ticket(ticket, user) backdoor.save(username=user) # run backdoor triage backdoor.reload() run_triage(backdoor, user) # Because family objects are put in the list first we will always # return a link to the most specific object created. If there is only # one item in the list it will be the family object. resp_url = reverse('crits.backdoors.views.backdoor_detail', args=[backdoor.id]) retVal['message'] = 'Success: <a href="%s">%s</a>' % (resp_url, backdoor.name) retVal['object'] = backdoor retVal['id'] = str(backdoor.id) # If we have a family and specific object, attempt to relate the two. if len(objs) == 2: objs[0].add_relationship(objs[1], RelationshipTypes.RELATED_TO) objs[0].save() retVal['success'] = True return retVal