def email_outlook_add(request):
"""
Provides upload capability for Outlook .msg files (OLE2.0 format using
Compound File Streams). This function will import the email into CRITs and
upload any attachments as samples
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES)
json_reply = {
'form': outlook_form.as_table(),
'success': False
}
if request.method != "POST":
message = "Must submit via POST."
else:
if not outlook_form.is_valid():
message = "Form is invalid."
else:
form_data = outlook_form.cleaned_data
method = "Outlook MSG Upload"
if form_data['source_method']:
method = method + " - " + form_data['source_method']
result = handle_msg(request.FILES['msg_file'],
form_data['source'],
form_data['source_reference'],
request.user.username,
method,
form_data['password'],
form_data['campaign'],
form_data['campaign_confidence'],
form_data['bucket_list'],
form_data['ticket'],
form_data['related_id'],
form_data['related_type'],
form_data['relationship_type'])
if result['status']:
redirect = reverse('crits.emails.views.email_detail',
args=[result['obj_id']])
json_reply['success'] = True
message = 'Email uploaded successfully'
if result.get('reason'):
message += ', but %s' % result['reason']
message += ('. <a href="%s">View email.</a>' % redirect)
if 'message' in result:
message += "<br />Attachments:<br />%s" % result['message']
else:
message = result['reason']
json_reply['message'] = message
return render(request, 'file_upload_response.html',
{'response': json.dumps(json_reply)})
def email_outlook_add(request):
"""
Provides upload capability for Outlook .msg files (OLE2.0 format using
Compound File Streams). This function will import the email into CRITs and
upload any attachments as samples
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES)
json_reply = {
'form': outlook_form.as_table(),
'success': False,
'message': ""
}
if request.method != "POST":
json_reply['message'] = "Must submit via POST."
return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
if not outlook_form.is_valid():
json_reply['message'] = "Form is invalid."
return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
analyst = request.user.username
method = "Outlook MSG Upload"
if outlook_form.cleaned_data['source_method']:
method = method + " - " + outlook_form.cleaned_data['source_method']
source = outlook_form.cleaned_data['source']
source_reference = outlook_form.cleaned_data['source_reference']
password = outlook_form.cleaned_data['password']
campaign = outlook_form.cleaned_data['campaign']
campaign_confidence = outlook_form.cleaned_data['campaign_confidence']
result = handle_msg(request.FILES['msg_file'],
source,
source_reference,
analyst,
method,
password,
campaign,
campaign_confidence)
json_reply['success'] = result['status']
if not result['status']:
json_reply['message'] = result['reason']
else:
json_reply['message'] = 'Email uploaded successfully. <a href="%s">View email.</a>' % reverse('crits.emails.views.email_detail', args=[result['obj_id']])
if 'message' in result:
json_reply['message'] += "<br />Attachments:<br />%s" % result['message']
return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
def obj_create(self, bundle, **kwargs):
"""
Handles creating Emails through the API.
:param bundle: Bundle containing the information to create the Campaign.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse.
"""
analyst = bundle.request.user.username
type_ = bundle.data.get('upload_type', None)
content = {'return_code': 1,
'type': 'Email',
'message': ''}
if not type_:
content['message'] = 'You must specify the upload type.'
self.crits_response(content)
elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'):
content['message'] = 'Unknown or unsupported upload type.'
self.crits_response(content)
# Remove this so it doesn't get included with the fields upload
del bundle.data['upload_type']
result = None
# Extract common information
source = bundle.data.get('source', None)
method = bundle.data.get('method', '')
reference = bundle.data.get('reference', None)
campaign = bundle.data.get('campaign', None)
confidence = bundle.data.get('confidence', None)
if method:
method = " - " + method
if type_ == 'eml':
file_ = bundle.data.get('filedata', None)
if not file_:
content['message'] = 'No file uploaded.'
self.crits_response(content)
filedata = file_.read()
result = handle_eml(filedata, source, reference,
analyst, 'EML Upload' + method, campaign,
confidence)
if type_ == 'msg':
raw_email = bundle.data.get('filedata', None)
password = bundle.data.get('password', None)
result = handle_msg(raw_email,
source,
reference,
analyst,
'Outlook MSG Upload' + method,
password,
campaign,
confidence)
if type_ == 'raw':
raw_email = bundle.data.get('filedata', None)
result = handle_pasted_eml(raw_email,
source,
reference,
analyst,
'Raw Upload' + method,
campaign,
confidence)
if type_ == 'yaml':
yaml_data = bundle.data.get('filedata', None)
email_id = bundle.data.get('email_id', None)
save_unsupported = bundle.data.get('save_unsupported', False)
result = handle_yaml(yaml_data,
source,
reference,
analyst,
'YAML Upload' + method,
email_id,
save_unsupported,
campaign,
confidence)
if type_ == 'fields':
fields = bundle.data
# Strip these so they don't get put in unsupported_attrs.
del fields['username']
del fields['api_key']
result = handle_email_fields(fields,
analyst,
'Fields Upload')
if result.get('message'):
content['message'] = result.get('message')
if result.get('reason'):
content['message'] += result.get('reason')
if result.get('obj_id'):
content['id'] = result.get('obj_id', '')
elif result.get('object'):
content['id'] = str(result.get('object').id)
if content.get('id'):
url = reverse('api_dispatch_detail',
kwargs={'resource_name': 'emails',
'api_name': 'v1',
'pk': content.get('id')})
content['url'] = url
if result['status']:
content['return_code'] = 0
self.crits_response(content)
def obj_create(self, bundle, **kwargs):
"""
Handles creating Emails through the API.
:param bundle: Bundle containing the information to create the Campaign.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse.
"""
user = bundle.request.user
type_ = bundle.data.get('upload_type', None)
content = {'return_code': 1, 'type': 'Email', 'message': ''}
if not type_:
content['message'] = 'You must specify the upload type.'
self.crits_response(content)
elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'):
content['message'] = 'Unknown or unsupported upload type.'
self.crits_response(content)
# Remove this so it doesn't get included with the fields upload
del bundle.data['upload_type']
result = None
# Extract common information
source = bundle.data.get('source_name', None)
method = bundle.data.get('source_method', '')
reference = bundle.data.get('source_reference', None)
tlp = bundle.data.get('source_tlp', 'amber')
campaign = bundle.data.get('campaign', None)
confidence = bundle.data.get('confidence', None)
bucket_list = bundle.data.get('bucket_list', None)
ticket = bundle.data.get('ticket', None)
if method:
method = " - " + method
if not user.has_access_to(EmailACL.WRITE):
content['success'] = False
content[
'message'] = 'User does not have permission to create Object.'
self.crits_response(content)
if type_ == 'eml':
file_ = bundle.data.get('filedata', None)
if not file_:
content['message'] = 'No file uploaded.'
self.crits_response(content)
filedata = file_.read()
result = handle_eml(filedata,
source,
reference,
user,
'EML Upload' + method,
tlp=tlp,
campaign=campaign,
confidence=confidence,
bucket_list=bucket_list,
ticket=ticket)
if type_ == 'msg':
raw_email = bundle.data.get('filedata', None)
password = bundle.data.get('password', None)
result = handle_msg(raw_email,
source,
reference,
'Outlook MSG Upload' + method,
tlp,
user,
password,
campaign,
confidence,
bucket_list=bucket_list,
ticket=ticket)
if type_ == 'raw':
raw_email = bundle.data.get('filedata', None)
result = handle_pasted_eml(raw_email,
source,
reference,
'Raw Upload' + method,
tlp,
user,
campaign,
confidence,
bucket_list=bucket_list,
ticket=ticket)
if type_ == 'yaml':
yaml_data = bundle.data.get('filedata', None)
email_id = bundle.data.get('email_id', None)
save_unsupported = bundle.data.get('save_unsupported', False)
result = handle_yaml(yaml_data,
source,
reference,
'YAML Upload' + method,
tlp,
user,
email_id,
save_unsupported,
campaign,
confidence,
bucket_list=bucket_list,
ticket=ticket)
if type_ == 'fields':
fields = bundle.data
# Strip these so they don't get put in unsupported_attrs.
del fields['username']
del fields['api_key']
result = handle_email_fields(fields, user, 'Fields Upload')
if result.get('message'):
content['message'] = result.get('message')
if result.get('reason'):
content['message'] += result.get('reason')
if result.get('obj_id'):
content['id'] = str(result.get('obj_id', ''))
elif result.get('object'):
content['id'] = str(result.get('object').id)
if content.get('id'):
url = reverse('api_dispatch_detail',
kwargs={
'resource_name': 'emails',
'api_name': 'v1',
'pk': content.get('id')
})
content['url'] = url
if result['status']:
content['return_code'] = 0
self.crits_response(content)
def email_outlook_add(request):
"""
Provides upload capability for Outlook .msg files (OLE2.0 format using
Compound File Streams). This function will import the email into CRITs and
upload any attachments as samples
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES)
user = request.user
json_reply = {
'form': outlook_form.as_table(),
'success': False
}
if request.method != "POST":
message = "Must submit via POST."
else:
if not outlook_form.is_valid():
message = "Form is invalid."
elif not user.has_access_to(EmailACL.WRITE):
message = "User does not have permission to add email."
else:
form_data = outlook_form.cleaned_data
method = "Outlook MSG Upload"
if form_data['source_method']:
method = method + " - " + form_data['source_method']
result = handle_msg(request.FILES['msg_file'],
form_data['source_name'],
form_data['source_reference'],
form_data['source_method'],
form_data['source_tlp'],
request.user,
form_data['password'],
form_data['campaign'],
form_data['campaign_confidence'],
form_data['bucket_list'],
form_data['ticket'],
form_data['related_id'],
form_data['related_type'],
form_data['relationship_type'])
if result['status']:
redirect = reverse('crits.emails.views.email_detail',
args=[result['obj_id']])
json_reply['success'] = True
message = 'Email uploaded successfully'
if result.get('reason'):
message += ', but %s' % result['reason']
message += ('. <a href="%s">View email.</a>' % redirect)
if 'message' in result:
message += "<br />Attachments:<br />%s" % result['message']
else:
message = result['reason']
json_reply['message'] = message
return render(request, 'file_upload_response.html',
{'response': json.dumps(json_reply)})
def obj_create(self, bundle, **kwargs):
"""
Handles creating Emails through the API.
:param bundle: Bundle containing the information to create the Campaign.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse.
"""
analyst = bundle.request.user.username
type_ = bundle.data.get('upload_type', None)
content = {'return_code': 1,
'type': 'Email'}
if not type_:
content['message'] = 'You must specify the upload type.'
self.crits_response(content)
elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'):
content['message'] = 'Unknown or unsupported upload type.'
self.crits_response(content)
# Remove this so it doesn't get included with the fields upload
del bundle.data['upload_type']
result = None
# Extract common information
source = bundle.data.get('source', None)
reference = bundle.data.get('reference', None)
campaign = bundle.data.get('campaign', None)
confidence = bundle.data.get('confidence', None)
if type_ == 'eml':
file_ = bundle.data.get('filedata', None)
if not file_:
content['message'] = 'No file uploaded.'
self.crits_response(content)
filedata = file_.read()
result = handle_eml(filedata, source, reference,
analyst, 'Upload', campaign,
confidence)
if type_ == 'msg':
raw_email = bundle.data.get('filedata', None)
password = bundle.data.get('password', None)
result = handle_msg(raw_email,
source,
reference,
analyst,
'Upload',
password,
campaign,
confidence)
if type_ == 'raw':
raw_email = bundle.data.get('filedata', None)
result = handle_pasted_eml(raw_email,
source,
reference,
analyst,
'Upload',
campaign,
confidence)
if type_ == 'yaml':
yaml_data = bundle.data.get('filedata', None)
email_id = bundle.data.get('email_id', None)
save_unsupported = bundle.data.get('save_unsupported', False)
result = handle_yaml(yaml_data,
source,
reference,
analyst,
'Upload',
email_id,
save_unsupported,
campaign,
confidence)
if type_ == 'fields':
fields = bundle.data
# Strip these so they don't get put in unsupported_attrs.
del fields['username']
del fields['api_key']
result = handle_email_fields(fields,
analyst,
'Upload')
if result.get('message'):
content['message'] = result.get('message')
if result.get('obj_id'):
content['id'] = result.get('obj_id', '')
elif result.get('object'):
content['id'] = str(result.get('object').id)
if content.get('id'):
url = reverse('api_dispatch_detail',
kwargs={'resource_name': 'emails',
'api_name': 'v1',
'pk': content.get('id')})
content['url'] = url
if result['status']:
content['return_code'] = 0
self.crits_response(content)
def email_outlook_add(request):
"""
Provides upload capability for Outlook .msg files (OLE2.0 format using
Compound File Streams). This function will import the email into CRITs and
upload any attachments as samples
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES)
json_reply = {
'form': outlook_form.as_table(),
'success': False,
'message': ""
}
if request.method != "POST":
json_reply['message'] = "Must submit via POST."
return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
if not outlook_form.is_valid():
json_reply['message'] = "Form is invalid."
return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
analyst = request.user.username
method = "Outlook MSG Upload"
if outlook_form.cleaned_data['source_method']:
method = method + " - " + outlook_form.cleaned_data['source_method']
source = outlook_form.cleaned_data['source']
source_reference = outlook_form.cleaned_data['source_reference']
password = outlook_form.cleaned_data['password']
campaign = outlook_form.cleaned_data['campaign']
campaign_confidence = outlook_form.cleaned_data['campaign_confidence']
bucket_list = outlook_form.cleaned_data['bucket_list']
ticket = outlook_form.cleaned_data['ticket']
related_id = outlook_form.cleaned_data['related_id']
related_type = outlook_form.cleaned_data['related_type']
relationship_type = outlook_form.cleaned_data['relationship_type']
result = handle_msg(request.FILES['msg_file'],
source,
source_reference,
analyst,
method,
password,
campaign,
campaign_confidence,
bucket_list,
ticket,
related_id=related_id,
related_type=related_type,
relationship_type=relationship_type)
json_reply['success'] = result['status']
if not result['status']:
json_reply['message'] = result['reason']
else:
json_reply['message'] = 'Email uploaded successfully. <a href="%s">View email.</a>' % reverse('crits.emails.views.email_detail', args=[result['obj_id']])
if 'message' in result:
json_reply['message'] += "<br />Attachments:<br />%s" % result['message']
return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
def obj_create(self, bundle, **kwargs):
"""
Handles creating Emails through the API.
:param bundle: Bundle containing the information to create the Campaign.
:type bundle: Tastypie Bundle object.
:returns: Bundle object.
:raises BadRequest: If a type_ is not provided or creation fails.
"""
analyst = bundle.request.user.username
type_ = bundle.data.get('upload_type', None)
if not type_:
raise BadRequest('You must specify the upload type.')
elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'):
raise BadRequest('Unknown or unsupported upload type.')
# Remove this so it doesn't get included with the fields upload
del bundle.data['upload_type']
result = None
# Extract common information
source = bundle.data.get('source', None)
reference = bundle.data.get('reference', None)
campaign = bundle.data.get('campaign', None)
confidence = bundle.data.get('confidence', None)
if type_ == 'eml':
file_ = bundle.data.get('filedata', None)
if not file_:
raise BadRequest('No file uploaded.')
filedata = file_.read()
result = handle_eml(filedata, source, reference,
analyst, 'Upload', campaign,
confidence)
if type_ == 'msg':
raw_email = bundle.data.get('filedata', None)
password = bundle.data.get('password', None)
result = handle_msg(raw_email,
source,
reference,
analyst,
'Upload',
password,
campaign,
confidence)
if type_ == 'raw':
raw_email = bundle.data.get('filedata', None)
result = handle_pasted_eml(raw_email,
source,
reference,
analyst,
'Upload',
campaign,
confidence)
if type_ == 'yaml':
yaml_data = bundle.data.get('filedata', None)
email_id = bundle.data.get('email_id', None)
save_unsupported = bundle.data.get('save_unsupported', False)
result = handle_yaml(yaml_data,
source,
reference,
analyst,
'Upload',
email_id,
save_unsupported,
campaign,
confidence)
if type_ == 'fields':
fields = bundle.data
result = handle_email_fields(fields,
analyst,
'Upload')
if not result:
raise BadRequest('No upload type found.')
if not result['status']:
raise BadRequest(result['reason'])
else:
return bundle
