def email_outlook_add(request): """ Provides upload capability for Outlook .msg files (OLE2.0 format using Compound File Streams). This function will import the email into CRITs and upload any attachments as samples :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES) json_reply = { 'form': outlook_form.as_table(), 'success': False } if request.method != "POST": message = "Must submit via POST." else: if not outlook_form.is_valid(): message = "Form is invalid." else: form_data = outlook_form.cleaned_data method = "Outlook MSG Upload" if form_data['source_method']: method = method + " - " + form_data['source_method'] result = handle_msg(request.FILES['msg_file'], form_data['source'], form_data['source_reference'], request.user.username, method, form_data['password'], form_data['campaign'], form_data['campaign_confidence'], form_data['bucket_list'], form_data['ticket'], form_data['related_id'], form_data['related_type'], form_data['relationship_type']) if result['status']: redirect = reverse('crits.emails.views.email_detail', args=[result['obj_id']]) json_reply['success'] = True message = 'Email uploaded successfully' if result.get('reason'): message += ', but %s' % result['reason'] message += ('. <a href="%s">View email.</a>' % redirect) if 'message' in result: message += "<br />Attachments:<br />%s" % result['message'] else: message = result['reason'] json_reply['message'] = message return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
def email_outlook_add(request): """ Provides upload capability for Outlook .msg files (OLE2.0 format using Compound File Streams). This function will import the email into CRITs and upload any attachments as samples :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES) json_reply = { 'form': outlook_form.as_table(), 'success': False, 'message': "" } if request.method != "POST": json_reply['message'] = "Must submit via POST." return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)}) if not outlook_form.is_valid(): json_reply['message'] = "Form is invalid." return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)}) analyst = request.user.username method = "Outlook MSG Upload" if outlook_form.cleaned_data['source_method']: method = method + " - " + outlook_form.cleaned_data['source_method'] source = outlook_form.cleaned_data['source'] source_reference = outlook_form.cleaned_data['source_reference'] password = outlook_form.cleaned_data['password'] campaign = outlook_form.cleaned_data['campaign'] campaign_confidence = outlook_form.cleaned_data['campaign_confidence'] result = handle_msg(request.FILES['msg_file'], source, source_reference, analyst, method, password, campaign, campaign_confidence) json_reply['success'] = result['status'] if not result['status']: json_reply['message'] = result['reason'] else: json_reply['message'] = 'Email uploaded successfully. <a href="%s">View email.</a>' % reverse('crits.emails.views.email_detail', args=[result['obj_id']]) if 'message' in result: json_reply['message'] += "<br />Attachments:<br />%s" % result['message'] return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
def obj_create(self, bundle, **kwargs): """ Handles creating Emails through the API. :param bundle: Bundle containing the information to create the Campaign. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ analyst = bundle.request.user.username type_ = bundle.data.get('upload_type', None) content = {'return_code': 1, 'type': 'Email', 'message': ''} if not type_: content['message'] = 'You must specify the upload type.' self.crits_response(content) elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'): content['message'] = 'Unknown or unsupported upload type.' self.crits_response(content) # Remove this so it doesn't get included with the fields upload del bundle.data['upload_type'] result = None # Extract common information source = bundle.data.get('source', None) method = bundle.data.get('method', '') reference = bundle.data.get('reference', None) campaign = bundle.data.get('campaign', None) confidence = bundle.data.get('confidence', None) if method: method = " - " + method if type_ == 'eml': file_ = bundle.data.get('filedata', None) if not file_: content['message'] = 'No file uploaded.' self.crits_response(content) filedata = file_.read() result = handle_eml(filedata, source, reference, analyst, 'EML Upload' + method, campaign, confidence) if type_ == 'msg': raw_email = bundle.data.get('filedata', None) password = bundle.data.get('password', None) result = handle_msg(raw_email, source, reference, analyst, 'Outlook MSG Upload' + method, password, campaign, confidence) if type_ == 'raw': raw_email = bundle.data.get('filedata', None) result = handle_pasted_eml(raw_email, source, reference, analyst, 'Raw Upload' + method, campaign, confidence) if type_ == 'yaml': yaml_data = bundle.data.get('filedata', None) email_id = bundle.data.get('email_id', None) save_unsupported = bundle.data.get('save_unsupported', False) result = handle_yaml(yaml_data, source, reference, analyst, 'YAML Upload' + method, email_id, save_unsupported, campaign, confidence) if type_ == 'fields': fields = bundle.data # Strip these so they don't get put in unsupported_attrs. del fields['username'] del fields['api_key'] result = handle_email_fields(fields, analyst, 'Fields Upload') if result.get('message'): content['message'] = result.get('message') if result.get('reason'): content['message'] += result.get('reason') if result.get('obj_id'): content['id'] = result.get('obj_id', '') elif result.get('object'): content['id'] = str(result.get('object').id) if content.get('id'): url = reverse('api_dispatch_detail', kwargs={'resource_name': 'emails', 'api_name': 'v1', 'pk': content.get('id')}) content['url'] = url if result['status']: content['return_code'] = 0 self.crits_response(content)
def obj_create(self, bundle, **kwargs): """ Handles creating Emails through the API. :param bundle: Bundle containing the information to create the Campaign. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ user = bundle.request.user type_ = bundle.data.get('upload_type', None) content = {'return_code': 1, 'type': 'Email', 'message': ''} if not type_: content['message'] = 'You must specify the upload type.' self.crits_response(content) elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'): content['message'] = 'Unknown or unsupported upload type.' self.crits_response(content) # Remove this so it doesn't get included with the fields upload del bundle.data['upload_type'] result = None # Extract common information source = bundle.data.get('source_name', None) method = bundle.data.get('source_method', '') reference = bundle.data.get('source_reference', None) tlp = bundle.data.get('source_tlp', 'amber') campaign = bundle.data.get('campaign', None) confidence = bundle.data.get('confidence', None) bucket_list = bundle.data.get('bucket_list', None) ticket = bundle.data.get('ticket', None) if method: method = " - " + method if not user.has_access_to(EmailACL.WRITE): content['success'] = False content[ 'message'] = 'User does not have permission to create Object.' self.crits_response(content) if type_ == 'eml': file_ = bundle.data.get('filedata', None) if not file_: content['message'] = 'No file uploaded.' self.crits_response(content) filedata = file_.read() result = handle_eml(filedata, source, reference, user, 'EML Upload' + method, tlp=tlp, campaign=campaign, confidence=confidence, bucket_list=bucket_list, ticket=ticket) if type_ == 'msg': raw_email = bundle.data.get('filedata', None) password = bundle.data.get('password', None) result = handle_msg(raw_email, source, reference, 'Outlook MSG Upload' + method, tlp, user, password, campaign, confidence, bucket_list=bucket_list, ticket=ticket) if type_ == 'raw': raw_email = bundle.data.get('filedata', None) result = handle_pasted_eml(raw_email, source, reference, 'Raw Upload' + method, tlp, user, campaign, confidence, bucket_list=bucket_list, ticket=ticket) if type_ == 'yaml': yaml_data = bundle.data.get('filedata', None) email_id = bundle.data.get('email_id', None) save_unsupported = bundle.data.get('save_unsupported', False) result = handle_yaml(yaml_data, source, reference, 'YAML Upload' + method, tlp, user, email_id, save_unsupported, campaign, confidence, bucket_list=bucket_list, ticket=ticket) if type_ == 'fields': fields = bundle.data # Strip these so they don't get put in unsupported_attrs. del fields['username'] del fields['api_key'] result = handle_email_fields(fields, user, 'Fields Upload') if result.get('message'): content['message'] = result.get('message') if result.get('reason'): content['message'] += result.get('reason') if result.get('obj_id'): content['id'] = str(result.get('obj_id', '')) elif result.get('object'): content['id'] = str(result.get('object').id) if content.get('id'): url = reverse('api_dispatch_detail', kwargs={ 'resource_name': 'emails', 'api_name': 'v1', 'pk': content.get('id') }) content['url'] = url if result['status']: content['return_code'] = 0 self.crits_response(content)
def email_outlook_add(request): """ Provides upload capability for Outlook .msg files (OLE2.0 format using Compound File Streams). This function will import the email into CRITs and upload any attachments as samples :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES) user = request.user json_reply = { 'form': outlook_form.as_table(), 'success': False } if request.method != "POST": message = "Must submit via POST." else: if not outlook_form.is_valid(): message = "Form is invalid." elif not user.has_access_to(EmailACL.WRITE): message = "User does not have permission to add email." else: form_data = outlook_form.cleaned_data method = "Outlook MSG Upload" if form_data['source_method']: method = method + " - " + form_data['source_method'] result = handle_msg(request.FILES['msg_file'], form_data['source_name'], form_data['source_reference'], form_data['source_method'], form_data['source_tlp'], request.user, form_data['password'], form_data['campaign'], form_data['campaign_confidence'], form_data['bucket_list'], form_data['ticket'], form_data['related_id'], form_data['related_type'], form_data['relationship_type']) if result['status']: redirect = reverse('crits.emails.views.email_detail', args=[result['obj_id']]) json_reply['success'] = True message = 'Email uploaded successfully' if result.get('reason'): message += ', but %s' % result['reason'] message += ('. <a href="%s">View email.</a>' % redirect) if 'message' in result: message += "<br />Attachments:<br />%s" % result['message'] else: message = result['reason'] json_reply['message'] = message return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
def obj_create(self, bundle, **kwargs): """ Handles creating Emails through the API. :param bundle: Bundle containing the information to create the Campaign. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ analyst = bundle.request.user.username type_ = bundle.data.get('upload_type', None) content = {'return_code': 1, 'type': 'Email'} if not type_: content['message'] = 'You must specify the upload type.' self.crits_response(content) elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'): content['message'] = 'Unknown or unsupported upload type.' self.crits_response(content) # Remove this so it doesn't get included with the fields upload del bundle.data['upload_type'] result = None # Extract common information source = bundle.data.get('source', None) reference = bundle.data.get('reference', None) campaign = bundle.data.get('campaign', None) confidence = bundle.data.get('confidence', None) if type_ == 'eml': file_ = bundle.data.get('filedata', None) if not file_: content['message'] = 'No file uploaded.' self.crits_response(content) filedata = file_.read() result = handle_eml(filedata, source, reference, analyst, 'Upload', campaign, confidence) if type_ == 'msg': raw_email = bundle.data.get('filedata', None) password = bundle.data.get('password', None) result = handle_msg(raw_email, source, reference, analyst, 'Upload', password, campaign, confidence) if type_ == 'raw': raw_email = bundle.data.get('filedata', None) result = handle_pasted_eml(raw_email, source, reference, analyst, 'Upload', campaign, confidence) if type_ == 'yaml': yaml_data = bundle.data.get('filedata', None) email_id = bundle.data.get('email_id', None) save_unsupported = bundle.data.get('save_unsupported', False) result = handle_yaml(yaml_data, source, reference, analyst, 'Upload', email_id, save_unsupported, campaign, confidence) if type_ == 'fields': fields = bundle.data # Strip these so they don't get put in unsupported_attrs. del fields['username'] del fields['api_key'] result = handle_email_fields(fields, analyst, 'Upload') if result.get('message'): content['message'] = result.get('message') if result.get('obj_id'): content['id'] = result.get('obj_id', '') elif result.get('object'): content['id'] = str(result.get('object').id) if content.get('id'): url = reverse('api_dispatch_detail', kwargs={'resource_name': 'emails', 'api_name': 'v1', 'pk': content.get('id')}) content['url'] = url if result['status']: content['return_code'] = 0 self.crits_response(content)
def email_outlook_add(request): """ Provides upload capability for Outlook .msg files (OLE2.0 format using Compound File Streams). This function will import the email into CRITs and upload any attachments as samples :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ outlook_form = EmailOutlookForm(request.user, request.POST, request.FILES) json_reply = { 'form': outlook_form.as_table(), 'success': False, 'message': "" } if request.method != "POST": json_reply['message'] = "Must submit via POST." return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)}) if not outlook_form.is_valid(): json_reply['message'] = "Form is invalid." return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)}) analyst = request.user.username method = "Outlook MSG Upload" if outlook_form.cleaned_data['source_method']: method = method + " - " + outlook_form.cleaned_data['source_method'] source = outlook_form.cleaned_data['source'] source_reference = outlook_form.cleaned_data['source_reference'] password = outlook_form.cleaned_data['password'] campaign = outlook_form.cleaned_data['campaign'] campaign_confidence = outlook_form.cleaned_data['campaign_confidence'] bucket_list = outlook_form.cleaned_data['bucket_list'] ticket = outlook_form.cleaned_data['ticket'] related_id = outlook_form.cleaned_data['related_id'] related_type = outlook_form.cleaned_data['related_type'] relationship_type = outlook_form.cleaned_data['relationship_type'] result = handle_msg(request.FILES['msg_file'], source, source_reference, analyst, method, password, campaign, campaign_confidence, bucket_list, ticket, related_id=related_id, related_type=related_type, relationship_type=relationship_type) json_reply['success'] = result['status'] if not result['status']: json_reply['message'] = result['reason'] else: json_reply['message'] = 'Email uploaded successfully. <a href="%s">View email.</a>' % reverse('crits.emails.views.email_detail', args=[result['obj_id']]) if 'message' in result: json_reply['message'] += "<br />Attachments:<br />%s" % result['message'] return render(request, 'file_upload_response.html', {'response': json.dumps(json_reply)})
def obj_create(self, bundle, **kwargs): """ Handles creating Emails through the API. :param bundle: Bundle containing the information to create the Campaign. :type bundle: Tastypie Bundle object. :returns: Bundle object. :raises BadRequest: If a type_ is not provided or creation fails. """ analyst = bundle.request.user.username type_ = bundle.data.get('upload_type', None) if not type_: raise BadRequest('You must specify the upload type.') elif type_ not in ('eml', 'msg', 'raw', 'yaml', 'fields'): raise BadRequest('Unknown or unsupported upload type.') # Remove this so it doesn't get included with the fields upload del bundle.data['upload_type'] result = None # Extract common information source = bundle.data.get('source', None) reference = bundle.data.get('reference', None) campaign = bundle.data.get('campaign', None) confidence = bundle.data.get('confidence', None) if type_ == 'eml': file_ = bundle.data.get('filedata', None) if not file_: raise BadRequest('No file uploaded.') filedata = file_.read() result = handle_eml(filedata, source, reference, analyst, 'Upload', campaign, confidence) if type_ == 'msg': raw_email = bundle.data.get('filedata', None) password = bundle.data.get('password', None) result = handle_msg(raw_email, source, reference, analyst, 'Upload', password, campaign, confidence) if type_ == 'raw': raw_email = bundle.data.get('filedata', None) result = handle_pasted_eml(raw_email, source, reference, analyst, 'Upload', campaign, confidence) if type_ == 'yaml': yaml_data = bundle.data.get('filedata', None) email_id = bundle.data.get('email_id', None) save_unsupported = bundle.data.get('save_unsupported', False) result = handle_yaml(yaml_data, source, reference, analyst, 'Upload', email_id, save_unsupported, campaign, confidence) if type_ == 'fields': fields = bundle.data result = handle_email_fields(fields, analyst, 'Upload') if not result: raise BadRequest('No upload type found.') if not result['status']: raise BadRequest(result['reason']) else: return bundle