def on_request(self, request): # type: (Request) -> None self.__monitor.register_request() response = Response(request) try: args = None if self.__args is not None: # If input's expected, try parsing the incoming JSON args = json_format.Parse(request.payload, self.__args()) grrr = self.__board.grr.SendRequest(self.__endpoint.name, args=args) if grrr is not None: response.payload = json_format.MessageToJson(grrr) except (json_format.ParseError, BuildError, grr_errors.Error) as e: # Failed to compose request or otherwise bad request response = ErrorResponse(request, 400, 'invalid request: {}'.format(str(e))) except Error as e: # Connector error logger.error('error reaching the GRR instance: {}'.format(str(e))) response = ErrorResponse(request, 503, 'failed processing request: {}'.format(str(e))) except Exception as e: # Generic internal error logger.exception('%s: %s', type(e).__name__, str(e)) response = ErrorResponse(request, 500, 'failed processing request: {}'.format(str(e))) finally: if isinstance(response, ErrorResponse) and response.error_code >= 500: # Error count doesn't include client errors self.__monitor.register_error() else: self.__monitor.register_success() self.__board.dxlc.send_response(response)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request request_payload = MessageUtils.json_payload_to_dict(request) if request.destination_topic in self._callbacks: try: self._callbacks[request.destination_topic](request, request_payload) except Exception as ex: err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode( str(ex))) self._client.send_response(err_res) else: err_res = ErrorResponse( request, error_code=0, error_message=MessageUtils.encode("Unknown topic: " + request.destination_topic)) self._client.send_response(err_res)
def on_request(self, request): """ Callback invoked when a request is received. :param dxlclient.message.Request request: The request """ logger.info("Request received on topic '%s'", request.destination_topic) logger.debug("Payload for topic %s: %s", request.destination_topic, request.payload) try: request_dict = MessageUtils.json_payload_to_dict(request) \ if request.payload else {} if "event" in request_dict and \ type(request_dict["event"]).__name__ in ("str", "unicode") and \ request_dict["event"].isdigit(): request_dict["event"] = int(request_dict["event"]) response_data = self._api_method(**request_dict) if isinstance(response_data, dict) and \ response_data.get("errors", None): res = ErrorResponse(request, error_message=str( response_data["errors"][0])) else: res = Response(request) MessageUtils.dict_to_json_payload(res, response_data) except Exception as ex: error_str = str(ex) logger.exception("Error handling request: %s", error_str) res = ErrorResponse(request, error_message=MessageUtils.encode(error_str)) self._app.client.send_response(res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request request_payload = MessageUtils.json_payload_to_dict(request) logger.info( "Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, request_payload)) if request.destination_topic in self._callbacks: try: self._callbacks[request.destination_topic](request, request_payload) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode( str(ex))) self._app.client.send_response(err_res) else: logger.exception("Unknown topic: %s", request.destination_topic) err_res = ErrorResponse( request, error_code=0, error_message=MessageUtils.encode( "Unknown topic: " + request.destination_topic)) self._app.client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info("Request received on topic: '%s' with payload: '%s'", request.destination_topic, MessageUtils.decode_payload(request)) try: res = Response(request) request_dict = MessageUtils.json_payload_to_dict(request) \ if request.payload else {} # Ensure required parameters are present if self._required_params: for name in self._required_params: if name not in request_dict: raise Exception( "Required parameter not found: '{}'".format(name)) if "format" not in request_dict: request_dict["format"] = "json" elif request_dict["format"] not in ("json", "xml"): raise Exception( "Unsupported format requested: '{}'. {}".format( request_dict["format"], "Only 'json' and 'xml' are supported.")) # Invoke DomainTools API via client dt_response = \ getattr(self._app.domaintools_api, self._func_name)(**request_dict) # Set response payload response_data = dt_response.data() if isinstance(response_data, dict): MessageUtils.dict_to_json_payload(res, response_data) else: MessageUtils.encode_payload(res, response_data) except ServiceException as ex: logger.exception("Error handling request") msg = "%s: %s" % (ex.__class__.__name__, ex.reason) res = ErrorResponse(request, error_message=MessageUtils.encode(msg)) except Exception as ex: logger.exception("Error handling request") msg = str(ex) if not msg: msg = ex.__class__.__name__ res = ErrorResponse(request, error_message=MessageUtils.encode(msg)) # Send response self._app.client.send_response(res)
def _request(self, dxl_request, path, request_fn, body=None): """ Make a request to TheHive server, delivering the response to the DXL fabric. :param dxlclient.message.Request dxl_request: DXL request containing parameters to forward along in a request to TheHive server. :param str path: URL subpath for the request to send to TheHive server. :param function request_fn: Callback which is invoked to make TheHive request. :param str body: Request body to include in the request. """ try: request_url = self._api_url + path response = request_fn(request_url, body) if 200 <= response.status_code <= 299: # TheHive request was successful so forward the response # along as-is to the DXL fabric. res = Response(dxl_request) MessageUtils.dict_to_json_payload(res, response.json()) else: # TheHive request encountered an error. Attempt to decode # an error message from the response body. res = self._build_http_error_response(dxl_request, response) except Exception as ex: error_str = str(ex) logger.exception("Error handling request: %s", error_str) res = ErrorResponse(dxl_request, error_message=MessageUtils.encode(error_str)) self._dxl_client.send_response(res)
def on_request(self, request): """ Invoked when a request message is received. :param dxlclient.message.Request request: The request message """ # Handle request logger.debug("Request received on topic: '%s'", request.destination_topic) try: # Create response res = Response(request) # Store the next segment. result = self._store_manager.store_segment(request) # Set payload MessageUtils.dict_to_json_payload(res, result.to_dict()) # Send response self._dxl_client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._dxl_client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info("Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, MessageUtils.decode_payload(request))) try: # Parameters nmap_params = MessageUtils.json_payload_to_dict(request) logger.info("[1/2] Requested NMAP action ({0}) for request {1} is under processing...".format( MessageUtils.decode_payload(request), request.message_id)) # Create a report from Nmap tool execution nmap_response = self._do_nmap_scan(nmap_params, request) logger.info("[2/2] Requested NMAP action was processed successfully for request {0}." " Preparing response...".format(request.message_id)) # Create response res = Response(request) # Set payload MessageUtils.dict_to_json_payload(res, nmap_response) # Send response self._app.client.send_response(res) logger.info("Sending response for request {0}".format(request.message_id)) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ request_payload = MessageUtils.json_payload_to_dict(request) try: res = Response(request) payload = {"code": 200, "body": {}} if request_payload["target"] == "/v1/simple": payload = self.v1_simple(request_payload, payload) else: payload = self.v1_complex(request_payload, payload) MessageUtils.dict_to_json_payload(res, payload) self._client.send_response(res) except Exception as ex: err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._client.send_response(err_res)
def _generate_nmap_dict_report(self, targets, options, request): """ Executes the Nmap tool to scan/analyze a list of hosts (IPs) with the specific (parameters) options. :param targets: List of hosts (IPs) to scan/analyze. :param options: Options required to execute Nmap tool. :param request: The request message. :return: The Nmap output information (formatted) based on the original Nmap XML report information. """ # Create Nmap process and run it nmproc = NmapProcess(targets, options) try: # Run the Nmap process nmproc.run() # Generate report nmap_report = NmapParser.parse(nmproc.stdout) # Parse Nmap report parsed_report = self._parse_nmap_xml_report(nmap_report) # Return the parse Nmap report return parsed_report except Exception as ex: logger.exception("Nmap scan failed: {0}".format(nmproc.stderr)) err_res = ErrorResponse(request, MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def _pop_attribute_from_request(self, request, attr_name): """ Pop the value for a named attribute from the supplied request JSON and return the remaining request body. :param request: :param attr_name: :return: :raises ValueError: if the named attribute does not appear in the request. :return: A tuple containing two elements: the value associated with the attr_name parameter and the request body (minus the attr_name attribute and its associated value), converted to a dict. :rtype: tuple """ try: request_body = MessageUtils.json_payload_to_dict(request) attr_value = request_body.pop(attr_name, None) if not attr_name: raise ValueError("Attribute {} is missing".format(attr_name)) except Exception as ex: request_body = {} attr_value = None error_str = str(ex) logger.exception("Error handling request: %s", error_str) res = ErrorResponse(request, error_message=MessageUtils.encode(error_str)) self._dxl_client.send_response(res) return (attr_value, request_body)
def on_request(self, request): try: # Build dictionary from the request payload req_dict = json.loads(request.payload.decode(encoding=self.UTF_8)) # Determine the ePO command if self.CMD_NAME_KEY not in req_dict: raise Exception( "A command name was not specified ('{0}')".format( self.CMD_NAME_KEY)) command = req_dict[self.CMD_NAME_KEY] # Help command received if command == CORE_HELP_CMD_NAME: self.help_command(request) # System Find command elif command == SYSTEM_FIND_CMD_NAME: self.system_find_command(request) # Unknown Command else: self.unknown_command(request, command) except Exception as ex: # Send error response self._client.send_response( ErrorResponse( request, error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request): try: # Extract information from request query = request.payload.decode(encoding="UTF-8") logger.info("Service received request payload: " + query) # Send HTTP request to OpenWeatherMap req = urllib2.Request( CURRENT_WEATHER_URL.format(query, API_KEY), None, {'Content-Type': 'text/json'}) f = urllib2.urlopen(req) weather_response = f.read() f.close() # Create the response message response = Response(request) # Populate the response payload response.payload = weather_response.encode(encoding="UTF-8") # Send the response client.send_response(response) except Exception as ex: print str(ex) # Send error response client.send_response( ErrorResponse( request, error_message=str(ex).encode(encoding="UTF-8")))
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info( "Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, MessageUtils.decode_payload(request))) try: # Create response res = Response(request) # Read DXL request payload into dictionary params = MessageUtils.json_payload_to_dict(request) # Invoke API call if 'data' in params.keys() and params['data'] != "": tide_data = params['data'] if 'type' in params.keys(): tide_type = params['type'] else: tide_type = get_ioc_type(tide_data, 'tide') if 'rlimit' in params.keys( ) and params['max_rec'] < self._app.tide_max_rec: tide_max_rec = params['max_rec'] else: tide_max_rec = self._app.tide_max_rec #Error data is required if 'format' in params.keys(): tide_format = params['format'] else: tide_format = self._app.tide_format #Error data is required http_res = requests.get( "https://api.activetrust.net:8000/api/data/threats", params={ "type": tide_type, tide_type: tide_data, "data_format": tide_format, "rlimit": tide_max_rec }, auth=(self._app.api_key, '')) content = unicode(http_res.content, "utf-8") else: content = "{'status':'error','errorMessage':'The data field is required'}" #Error data is required # Add web service response to DXL response payload MessageUtils.encode_payload(res, content, enc='utf-8') # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): try: res = Response(request) result = self._store_manager.store_segment(request) MessageUtils.dict_to_json_payload(res, result.to_dict()) self._dxl_client.send_response(res) except Exception as ex: err_res = ErrorResponse(request, error_message=MessageUtils.encode(str(ex))) self._dxl_client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info("Request received on topic: '%s' with payload: '%s'", request.destination_topic, MessageUtils.decode_payload(request)) try: # API URL api_url = self._app.URL_VOID_API_URL_FORMAT.format(self._app.api_key) command = request.destination_topic[self._app.SERVICE_TYPE_LENGTH + 1:] params = {} if request.payload: params = MessageUtils.json_payload_to_dict(request) if self._required_params: self._validate(params) if command == self._app.CMD_HOST_INFO: host = params[self.PARAM_HOST] api_url = "{0}{1}/{2}".format(api_url, self.PARAM_HOST, host) elif command == self._app.CMD_HOST_RESCAN: host = params[self.PARAM_HOST] api_url = "{0}{1}/{2}/rescan".format(api_url, self.PARAM_HOST, host) elif command == self._app.CMD_HOST_SCAN: host = params[self.PARAM_HOST] api_url = "{0}{1}/{2}/scan".format(api_url, self.PARAM_HOST, host) elif command == self._app.CMD_STATS_REMAINED: api_url = "{0}{1}".format(api_url, command) # Invoke URLVoid API url_void_api_response = requests.get(api_url) # Check HTTP response code url_void_api_response.raise_for_status() # Create response res = Response(request) # Set payload MessageUtils.encode_payload(res, url_void_api_response.text) # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): try: query = request.payload.decode() logger.info("Service received request payload: " + query) response = Response(request) response.payload = str(virustotal(jsonparse(query))).encode() client.send_response(response) print response except Exception as ex: print str(ex) client.send_response( ErrorResponse(request, error_message=str(ex).encode()))
def on_request(self, request): self.__monitor.register_request() response = Response(request) try: response = self.handle_request(request, response) except BadRequest as e: response = ErrorResponse(request, 400, str(e)) except ValueError: response = ErrorResponse(request, 400, 'invalid request payload') except Exception as e: logger.exception('unknown exception %s of type %s', str(e), type(e).__name__) response = ErrorResponse(request, 500, 'unknown internal error occurred') finally: if isinstance(response, ErrorResponse) and response.error_code >= 500: # Error count doesn't include client errors self.__monitor.register_error() else: self.__monitor.register_success() self.service.dxl_conn.send_response(response)
def send_service_not_found_error_message(self, request): """ Sends a service not found error message response. :param request: The request. :return: None. """ # todo: error code via constants error_response = ErrorResponse(request=request, error_code=0x80000001, error_message="unable to locate service for request") try: self.__client.send_response(error_response) except Exception, ex: logger.error("Error sending service not found error message: " + str(ex))
def on_request(self, request): self.__monitor.register_request() response = Response(request) try: req = json.loads(request.payload) args = { 'method': self.__config.type, 'url': self.__construct_url(req) } # Determine how to treat the rest of the parameters based on the request type if self.__config.type == 'get': args['params'] = req else: args['json'] = req # Forward on the request and pass the response back upstream = self.__sess.request(**args) if upstream.status_code >= 400: response = ErrorResponse(request, upstream.status_code, upstream.text) else: try: # Errors aren't always indicated with the proper HTTP status code, may need to inspect res = upstream.json() if res['error'] != 0: response = ErrorResponse(request, res['error'], upstream.text) else: response.payload = upstream.text except (ValueError, KeyError): response = ErrorResponse(request, 504, 'Invalid upstream response') except ValueError: response = ErrorResponse( request, 400, 'request payload must be a well formed JSON string') except KeyError as e: response = ErrorResponse( request, 400, 'missing required parameter {} from payload'.format(str(e))) except Exception as e: logger.exception('unknown exception of type %s: ' + str(e), type(e).__name__) response = ErrorResponse(request, 500, 'unknown internal error: ' + str(e)) finally: if isinstance(response, ErrorResponse) and 500 <= response.error_code < 600: # Error count doesn't include client errors self.__monitor.register_error() else: self.__monitor.register_success() self.__switch.dxl.send_response(response)
def on_request(self, request): try: if not self.user_authorized: return # Build dictionary from the request payload req_dict = json.loads(request.payload.decode(encoding=self.UTF_8)) if self.use_commands_service: # Determine the ePO command command = request.destination_topic[len(self.epo_request_topic ) - 1:].replace( "/", ".") # Determine the command parameters params = req_dict else: # Determine the ePO command if self.CMD_NAME_KEY not in req_dict: raise Exception( "A command name was not specified ('{0}')".format( self.CMD_NAME_KEY)) command = req_dict[self.CMD_NAME_KEY] # Determine the command parameters params = req_dict[self.PARAMS_KEY] # Help command received if command == CORE_HELP_CMD_NAME: self.help_command(request) # System Find command elif command == SYSTEM_FIND_CMD_NAME: self.system_find_command(request, params) # Unknown Command else: self.unknown_command(request, command) except Exception as ex: # Send error response self._client.send_response( ErrorResponse( request, error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request): """ Invoked when a request is received :param request: The request that was received """ try: # Build dictionary from the request payload req_dict = json.loads(request.payload.decode(encoding=self.UTF_8)) # Determine the ePO command if self.CMD_NAME_KEY not in req_dict: raise Exception( "A command name was not specified ('{0}')".format( self.CMD_NAME_KEY)) command = req_dict[self.CMD_NAME_KEY] # Determine the request parameters req_params = {} if self.PARAMS_KEY in req_dict: req_params = req_dict[self.PARAMS_KEY] # Determine the output format output = self.DEFAULT_OUTPUT if self.OUTPUT_KEY in req_dict: output = req_dict[self.OUTPUT_KEY] # Get the ePO server to invoke the command on epo = self._epo_by_topic[request.destination_topic] # Execute the ePO Remote Command result = epo.execute(command, output, req_params) # Create the response, set payload, and deliver response = Response(request) response.payload = result self._dxl_client.send_response(response) except Exception as ex: logger.exception("Error while processing request") # Send error response self._dxl_client.send_response( ErrorResponse( request, error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info("Request received on topic: '%s' with payload: '%s'", request.destination_topic, MessageUtils.decode_payload(request)) try: # Retrieve the parameters from the request params = MessageUtils.json_payload_to_dict(request) if self._PARAM_HOST not in params: raise Exception( "Required parameter not specified: '{0}'".format( self._PARAM_HOST)) target = params[self._PARAM_HOST] ipaddr = socket.gethostbyname(target) logger.debug("IP to be located: %s", ipaddr) # Lookup the IP/host results = self._app.database.lookup_ip(ipaddr) logger.debug(results) # Create response res = Response(request) # Set payload MessageUtils.dict_to_json_payload(res, results) # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def _build_http_error_response(dxl_request, response): """ Create a DXL ErrorResponse from the contents of an HTTP response for a request sent to TheHive. :param dxlclient.message.Request dxl_request: DXL request containing parameters to forward along in a request to TheHive server. :param requests.Response response: HTTP response received from TheHive. :return: The error response to deliver to the DXL fabric. :rtype: dxlclient.message.ErrorResponse """ response_dict = response.json() error_message = response_dict.get("message") if not error_message: errors = response_dict.get("errors") if errors: first_error = errors[0] if isinstance(first_error, dict): error_message = first_error.get("message") elif isinstance(first_error, list): first_suberror = first_error[0] if isinstance(first_suberror, dict): error_message = first_suberror.get( "message") if error_message: log_message = "Error handling request: {}".format( error_message ) else: # Short error message could not be read from the # response body, so just set a generic description for # the error message in the DXL response. error_message = "Error handling request" log_message = error_message logger.error(log_message) res = ErrorResponse( dxl_request, error_message=error_message \ if error_message else "Error handling request", error_code=response.status_code ) MessageUtils.dict_to_json_payload(res, response_dict) return res
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info( "Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, MessageUtils.decode_payload(request))) try: # Create response res = Response(request) # Read DXL request payload into dictionary params = MessageUtils.decode_payload(request) headers = {'Content-Type': 'application/json'} #print(params) # Invoke API call http_res = requests.post( "https://api.activetrust.net:8000/api/services/intel/lookup/jobs?wait=true", headers=headers, data=params, auth=(self._app.api_key, '')) content = unicode(http_res.content, "utf-8") # Add web service response to DXL response payload MessageUtils.encode_payload(res, content, enc='utf-8') # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): try: # Build dictionary from the request payload req_dict = json.loads(request.payload.decode(encoding=self.UTF_8)) response = Response(request) response.payload = '{"status": "failed (did not match any API call)"}' if request.destination_topic == self.vt_basic_test_topic: response.payload = self.basic_test() elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_DOMAIN_REPORT: response.payload = self.domain_report(req_dict) elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_FILE_REPORT: response.payload = self.file_report(req_dict) elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_FILE_RESCAN: response.payload = self.file_rescan(req_dict) elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_IP_ADDRESS_REPORT: response.payload = self.ip_report(req_dict) elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_URL_SCAN: response.payload = self.url_scan(req_dict) elif request.destination_topic == VirusTotalApiClient._REQ_TOPIC_URL_REPORT: response.payload = self.url_report(req_dict) self._client.send_response(response) except Exception as ex: # Send error response self._client.send_response( ErrorResponse( request, error_message=str(ex).encode(encoding=self.UTF_8)))
def on_request(self, request): #pylint """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info("Request received on topic: '%s' with payload: '%s'", request.destination_topic, MessageUtils.decode_payload(request)) try: command = request.destination_topic[self._app.SERVICE_TYPE_LENGTH + 1:] stats_remained = False if self._app.REQ_TOPIC_SUFFIX_STATS in command: stats_remained = True command = command[:len(command) - len(self._app.REQ_TOPIC_SUFFIX_STATS) - 1] # API URL api_url = self._app.API_VOID_URL_FORMAT.format( command, self._app.KEY_PARAM_FORMAT.format(self._app.api_key)) if stats_remained: api_url = "{0}&{1}".format(api_url, self.PARAM_STATS) else: params = {} if request.payload: params = MessageUtils.json_payload_to_dict(request) if self._required_params: self._validate(params) if command == self._app.CMD_IP_REPUTATION: ip_param = params[self.PARAM_IP] api_url = "{0}&{1}={2}".format(api_url, self.PARAM_IP, ip_param) elif command == self._app.CMD_DOMAIN_REPUTATION: host = params[self.PARAM_HOST] api_url = "{0}&{1}={2}".format(api_url, self.PARAM_HOST, host) elif command == self._app.CMD_DNS_LOOKUP: action = params[self.PARAM_ACTION] host = params[self.PARAM_HOST] api_url = "{0}&{1}={2}&{3}={4}".format( api_url, self.PARAM_ACTION, action, self.PARAM_HOST, host) elif command in self._app.CMD_LIST: host = params[self.PARAM_HOST] api_url = "{0}&{1}={2}".format(api_url, self.PARAM_HOST, host) # Invoke URLVoid API api_void_response = requests.get(api_url) # Check HTTP response code api_void_response.raise_for_status() # Create response res = Response(request) # Set payload MessageUtils.encode_payload(res, api_void_response.text) # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info( "Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, MessageUtils.decode_payload(request))) try: # Create response res = Response(request) # Read DXL request payload into dictionary params = MessageUtils.json_payload_to_dict(request) # Invoke API call if 'data' in params.keys() and params['data'] != "": dossier_data = params['data'] if 'type' in params.keys(): dossier_type = params['type'] else: dossier_type = get_ioc_type(dossier_data, 'dossier') if 'sources' in params.keys(): payload = { "target": { "one": { "type": dossier_type, "target": dossier_data, "sources": params['sources'] } } } else: payload = { "target": { "one": { "type": dossier_type, "target": dossier_data } } } headers = {'Content-Type': 'application/json'} http_res = requests.post( "https://api.activetrust.net:8000/api/services/intel/lookup/jobs?wait=true", json=payload, auth=(self._app.api_key, '')) content = unicode(http_res.content, "utf-8") else: content = "{'status':'error','errorMessage':'The data field is required'}" #Error data is required # Add web service response to DXL response payload MessageUtils.encode_payload(res, content, enc='utf-8') # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ request_payload = MessageUtils.json_payload_to_dict(request) logger.info( "Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, request_payload)) try: res = Response(request) payload = {"code": 200, "body": {}} if request_payload["target"] == "/v1/simple": if request_payload["method"] != 'POST': payload = self._make_error_response( 405, "Unsupported method") elif "body" not in request_payload or \ "projections" not in request_payload["body"]: payload = self._make_error_response( 400, "Missing body or projections parameter") else: projections_as_str = self._get_projection_as_string( request_payload["body"]["projections"]) if projections_as_str in self.PROJECTION_TO_ID: search_id = str(uuid.uuid4()).replace("-", "")[:24] self.SEARCHES[search_id] = { "statusChecksUntilFinished": \ self._status_checks_until_finished, "projectionId": self.PROJECTION_TO_ID[ projections_as_str] } payload["body"]["id"] = search_id else: payload = self._make_error_response( 501, "Unsupported projection") else: search_id_match = re.match(r".*/v1/(\w+)/.*", request_payload["target"]) if search_id_match and search_id_match.group(1) in self.SEARCHES: search_entry = self.SEARCHES[search_id_match.group(1)] request_items = self.RESULTS[search_entry["projectionId"]] if request_payload["target"].endswith("/status"): if request_payload["method"] != 'GET': payload = self._make_error_response( 405, "Unsupported method") elif search_entry["statusChecksUntilFinished"]: search_entry["statusChecksUntilFinished"] -= 1 payload["body"]["status"] = "RUNNING" else: payload["body"]["results"] = len(request_items) payload["body"]["errors"] = 0 payload["body"]["hosts"] = 1 payload["body"]["subscribedHosts"] = 1 payload["body"]["status"] = "FINISHED" elif request_payload["target"].endswith("/results"): if request_payload["method"] != 'GET': payload = self._make_error_response( 405, "Unsupported method") elif "parameters" in request_payload and \ "$offset" in request_payload["parameters"] and \ "$limit" in request_payload["parameters"]: offset = request_payload["parameters"]["$offset"] limit = request_payload["parameters"]["$limit"] payload["body"]["items"] = request_items[ offset: offset + limit ] else: payload["body"]["items"] = request_items else: payload = self._make_error_response( 404, "Id not found") MessageUtils.dict_to_json_payload(res, payload) self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_res = ErrorResponse(request, error_code=0, error_message=MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def on_request(self, request): """ Invoked when a request message is received. :param request: The request message """ # Handle request logger.info( "Request received on topic: '{0}' with payload: '{1}'".format( request.destination_topic, MessageUtils.decode_payload(request))) try: # API URL api_url = self._app.VTAPI_URL_FORMAT.format( request.destination_topic[self._app.SERVICE_TYPE_LENGTH:]) # Parameters params = MessageUtils.json_payload_to_dict(request) params["apikey"] = self._app.api_key # Validate parameters self._validate(params) # Invoke VirusTotal API if self._is_get: vtapi_response = requests.get(api_url, params=params, headers=self._headers) else: vtapi_response = requests.post(api_url, params=params, headers=self._headers) # Check HTTP response code status_code = vtapi_response.status_code if status_code != 200: vtapi_response.raise_for_status() http_message = self._get_http_error_message(status_code) if http_message: raise Exception("VirusTotal error, {0} ({1})".format( http_message, str(status_code))) else: raise Exception( "VirusTotal error, HTTP response code: {0}".format( status_code)) # Create response res = Response(request) # Set payload MessageUtils.dict_to_json_payload(res, vtapi_response.json()) # Send response self._app.client.send_response(res) except Exception as ex: logger.exception("Error handling request") err_message = str(ex) err_message = err_message.replace(self._app.api_key, "--api-key--") err_res = ErrorResponse( request, error_message=MessageUtils.encode(err_message)) self._app.client.send_response(err_res)