def password_reset(user_id=None, expiration_ts=None, password_reset_hash=None):
logging_prefix = logger_prefix + "password_reset({},{},{}) - ".format(user_id, expiration_ts, password_reset_hash)
log.info(logging_prefix + "Starting")
try:
if sha256(SALTS['user'],user_id+expiration_ts) != password_reset_hash:
flash("There was an error completing your request", 'danger')
return redirect("/user/password/request_reset/")
form = forms.passwordPerformResetForm(request.form)
search_form = forms.searchForm()
now = int(time.time())
if now > int(expiration_ts): # passworD1!
flash("This link has expired", 'danger')
return redirect("/user/password/request_reset/")
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT COUNT(*) as count FROM password_reset_hashes WHERE hash = %s AND user_id = %s", (password_reset_hash,user_id))
result = conn.fetchone()
conn.close()
if not result:
flash("This link has expired", 'danger')
return redirect("/user/password/request_reset/")
if result['count'] == 0:
flash("This link has expired", 'danger')
return redirect("/user/password/request_reset/")
if request.method == 'POST':
if form.validate():
password = form.user_password.data
salted_password = sha256(SALTS['user'],password)
conn=get_mysql().cursor()
conn.execute("UPDATE users SET password = %s WHERE id = %s", (salted_password,user_id))
conn.execute("DELETE FROM password_reset_hashes WHERE user_id = %s", (user_id,))
get_mysql().commit()
conn.close()
flash("Your password has been updated", "success")
return redirect("/user/login")
else:
print(form.errors)
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
log.info(logging_prefix + "Rendering")
return render_template("password_reset.html",
page_title="Reset Your Password",
page_type="PERFORM",
form=form,
search_form=search_form
)
def edit_user_permissions(action,value,user_id,user_c):
logging_prefix = logger_prefix + "edit_user_permissions({},{},{},{}) - ".format(action,value,user_id,user_c)
log.info(logging_prefix + "Starting")
action_column_map = {}
action_column_map['approve'] = "approved"
action_column_map['write_perm'] = "write_permission"
action_column_map['delete_perm'] = "delete_permission"
action_column_map['admin_perm'] = "admin"
success = 1
try:
#make sure the value is valid
if value not in ["0","1"]:
raise Exception("Invald value: {}".format(value))
#make sure the action is valid
try:
column = action_column_map[action]
except Exception as f:
log.warning(logging_prefix + "Action '{}' not found in action_column_map".format(action))
raise f
#check the hash
if user_c == sha256(SALTS['user'], str(user_id)):
#if action is approve, emails need to be sent
if action == "approve":
conn = get_mysql().cursor(DictCursor)
conn.execute("SELECT name, email FROM users WHERE id = %s", (user_id,))
user = conn.fetchone()
conn.close()
if value == "1":
log.info(logging_prefix + "Setting approved=1 for user {}".format(user_id))
sendAccountApprovedEmail(user['email'])
else:
log.info(logging_prefix + "Setting approved=0 for user {}".format(user_id))
sendAccountDisapprovedEmail(user['email'])
#now update the desired setting
conn = get_mysql().cursor()
conn.execute("UPDATE users SET "+column+" = %s WHERE id = %s", (value,user_id))
get_mysql().commit()
conn.close()
log.info(logging_prefix + "Successfully update {} to {} for user id {}".format(column,value,user_id))
else:
log.warning(logging_prefix + "Hash mismatch {} {}".format(user_id, user_c))
except Exception as e:
success = 0
error = "There was an error completing your request. Details: {}".format(e)
log.exception(logging_prefix + error)
return jsonify({ "success" : success, "new_value" : value })
def password_request_reset():
logging_prefix = logger_prefix + "password_request_reset() - "
log.info(logging_prefix + "Starting")
try:
form = forms.userEmailForm(request.form)
search_form = forms.searchForm()
if request.method == 'POST':
if form.validate():
email = form.user_email.data
#make sure the email exists in the system
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT id FROM users WHERE email = %s", (email,))
user = conn.fetchone()
conn.close()
if user:
expiration_ts = int(time.time()) + 3600
password_reset_hash = sha256(SALTS['user'],str(user['id']) + str(expiration_ts))
#set this value in the database, so it can be expired after the password is changed
conn=get_mysql().cursor(DictCursor)
conn.execute("INSERT INTO password_reset_hashes (user_id,hash) VALUES (%s,%s)", (user['id'],password_reset_hash))
get_mysql().commit()
conn.close()
password_reset_link = "/user/password/reset/{}/{}/{}/".format(user['id'],expiration_ts,password_reset_hash)
sendPasswordResetEmail(email, password_reset_link)
flash("An email has been sent to '{}' with a link to reset your password. This link expires in 1 hour.".format(email),'success')
else:
flash("The email you entered was not found", "danger")
else:
print(form.errors)
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("password_reset.html",
page_title="Reset Your Password",
page_type="REQUEST",
form=form,
search_form=search_form
)
def user_delete(user_id, user_id_hash):
logging_prefix = logger_prefix + "user_delete({},{}) - ".format(user_id, user_id_hash)
log.info(logging_prefix + "Starting")
redirect_url = "/admin/"
try:
redirect_url = request.args.get("_r")
if not redirect_url:
log.warning(logging_prefix + "redirect_url not set, using default")
redirect_url = "/admin/"
#check user_id against user_id_hash and perform delete if match
if user_id_hash == sha256( SALTS['user'], user_id ):
#now delete the user
conn=get_mysql().cursor(DictCursor)
conn.execute("DELETE FROM users WHERE id=%s", (user_id,))
conn.close()
flash("The user has been deleted", "success")
else:
flash("Unable to delete user", "danger")
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return redirect(redirect_url)
def main():
logging_prefix = logger_prefix + "main() - "
log.info(logging_prefix + "Starting")
try:
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT id, name, email, company, justification, email_verified, approved, write_permission, delete_permission, admin, created, last_login FROM users ORDER BY created DESC")
users = conn.fetchall()
for user in users:
user['id_hash'] = sha256( SALTS['user'], str(user['id']) )
conn.close()
email_user_form = forms.sendUserEmailForm()
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("admin.html",
page_title="Admin",
url = "/admin/",
users=users,
email_user_form = email_user_form
)
def verify(email, verification_hash):
logging_prefix = logger_prefix + "verify() - "
log.info(logging_prefix + "Starting")
email = unquote_plus(email)
print(email)
print(verification_hash)
try:
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT id, email, name, company, justification FROM users WHERE verification_hash = %s", (verification_hash,))
r = conn.fetchone()
if not r:
log.error(logging_prefix + "User with email '{}' was not found".format(email))
flash("Your user was not found, try registering again",'danger')
elif r['email'] == email:
log.info(logging_prefix + "Successful validation of {}".format(email))
flash("Your email address have been verified, you will not be able to log in until you get approved by the Site Admin",'success')
#update the database marking this user active
user_id = r['id']
conn.execute("UPDATE users SET email_verified=1 WHERE id = %s", (user_id,))
get_mysql().commit()
#id, email, name, company
sendNewUserToApproveEmail(r['id'], r['email'],r['name'],r['company'],r['justification'])
else:
log.warning(logging_prefix + "Unsuccessful validation of {}".format(email))
flash("We were unable to verify your account",'danger')
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
finally:
conn.close()
return redirect("/", code=307)
def validate(self):
#flash("Password is still a string field, change this", "warning")
try:
rv = Form.validate(self)
if not rv:
return False
#check to see if user already exists
#theres probably still a race condition here, not sure how to prevent it
try:
conn = get_mysql().cursor()
conn.execute("SELECT id FROM users WHERE email = %s",
(self.user_email.data.strip(), ))
user_exists = (len(conn.fetchall()) != 0)
conn.close()
if user_exists:
self.user_email.errors.append(
'Email address is already registered')
return False
except Exception as s:
conn.close()
raise s
#check password complexity
pwd = self.user_password.data
# searching for digits
digit_error = re.search(r"\d", pwd) is None
# searching for uppercase
uppercase_error = re.search(r"[A-Z]", pwd) is None
# searching for lowercase
lowercase_error = re.search(r"[a-z]", pwd) is None
# searching for symbols
#NOTE: if viewing in sublime, this is correct below, the format is jacked
symbol_error = re.search(r"[ !#$%&'()*+,-./[\\\]^_`{|}~" + r'"]',
pwd) is None
if digit_error or uppercase_error or lowercase_error or symbol_error:
self.user_password.errors.append(
'Password must contain at least one number, one lowercase letter, one uppercase letter and one symbol'
)
return False
except Exception as e:
flash("Error validating form, details: {}".format(e))
return False
return True
def reverify():
logging_prefix = logger_prefix + "reverify() - "
log.info(logging_prefix + "Starting")
try:
form = forms.userEmailForm(request.form)
search_form = forms.searchForm()
if request.method == 'POST':
if form.validate():
email = form.user_email.data
#make sure the email exists in the system
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT verification_hash FROM users WHERE email = %s", (email,))
user = conn.fetchone()
conn.close()
if user:
sendAccountVerificationEmail(email, user['verification_hash'])
flash("A verification email has been sent to '{}' with a link to verify your account.".format(email),'success')
else:
flash("The email you entered was not found", "danger")
else:
print(form.errors)
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("account_reverify.html",
page_title="Verify Account",
form=form,
search_form=search_form
)
def es_to_form(report_id):
form = forms.reportForm()
# get the values from ES
results = get_es().get(ES_PREFIX + "threat_reports", doc_type="report", id=report_id)
# store certain fields from ES, so this form can be used in an update
form.doc_index.data = results["_index"]
form.doc_type.data = results["_type"]
report_data = results["_source"]
form.report_name.data = report_data["name"]
form.report_id.data = report_data["identifier"]
form.report_occurred_at.data = datetime.strptime(report_data["created_s"], "%Y-%m-%dT%H:%M:%S")
form.report_description.data = report_data["description"]
form.report_criticality.data = report_data["criticality"]
idx = 0
for entry in range(len(form.report_class.entries)):
form.report_class.pop_entry()
for i in multikeysort(report_data["classification"], ["family", "id"]):
report_class_form = forms.TPXClassificationForm()
report_class_form.a_family = i["family"]
report_class_form.a_id = i["id"]
form.report_class.append_entry(report_class_form)
# set the options since this select is dynamic
form.report_class[idx].a_id.choices = fetch_child_data("tpx_classification", i["family"])
idx += 1
form.report_tlp.data = int(report_data["tlp"])
for entry in range(len(form.report_sections.entries)):
form.report_sections.pop_entry()
for i in multikeysort(report_data["section"], ["order"]):
report_section_form = forms.ReportSectionsForm()
report_section_form.title = i["title"]
report_section_form.tlp = i["tlp"]
report_section_form.text = i["content"]
form.report_sections.append_entry(report_section_form)
form.report_source_reliability.data = report_data["source_reliability"]
form.report_info_reliability.data = report_data["info_reliability"]
for entry in range(len(form.report_sources.entries)):
form.report_sources.pop_entry()
for i in sorted(report_data["source"]):
report_source_form = forms.ReportSourcesForm()
report_source_form.source = i
form.report_sources.append_entry(report_source_form)
"""
Related element
"""
for entry in range(len(form.report_actors.entries)):
form.report_actors.pop_entry()
if report_data["related_actor"]:
idx = 0
for i in multikeysort(report_data["related_actor"], ["name", "id"]):
sub_form = forms.RelatedActorsForm()
sub_form.data = i["id"] + ":::" + i["name"]
has_related_elements = False
idx2 = 0
for entry in range(len(sub_form.related_elements.entries)):
sub_form.related_elements.pop_entry()
for j in multikeysort(report_data["related_element_choices"], ["display_text"]):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = j["value"] in i["elements"]
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j["value"]
sub_form.related_elements[idx2].element_text = j["display_text"]
if is_related:
has_related_elements = True
idx2 += 1
form.report_actors.append_entry(sub_form)
form.report_actors[idx].has_related_elements.data = has_related_elements
idx += 1
else:
sub_form = forms.RelatedActorsForm()
sub_form.data = "_NONE_"
form.report_actors.append_entry(sub_form)
for entry in range(len(form.report_reports.entries)):
form.report_reports.pop_entry()
if report_data["related_report"]:
idx = 0
for i in multikeysort(report_data["related_report"], ["name", "id"]):
sub_form = forms.RelatedReportsForm()
sub_form.data = i["id"] + ":::" + i["name"]
has_related_elements = False
idx2 = 0
for entry in range(len(sub_form.related_elements.entries)):
sub_form.related_elements.pop_entry()
for j in multikeysort(report_data["related_element_choices"], ["display_text"]):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = j["value"] in i["elements"]
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j["value"]
sub_form.related_elements[idx2].element_text = j["display_text"]
if is_related:
has_related_elements = True
idx2 += 1
form.report_reports.append_entry(sub_form)
form.report_reports[idx].has_related_elements.data = has_related_elements
idx += 1
else:
sub_form = forms.RelatedReportsForm()
sub_form.data = "_NONE_"
form.report_reports.append_entry(sub_form)
for entry in range(len(form.report_ttps.entries)):
form.report_ttps.pop_entry()
if report_data["related_ttp"]:
idx = 0
for i in multikeysort(report_data["related_ttp"], ["name", "id"]):
sub_form = forms.RelatedTTPsForm()
sub_form.data = i["id"] + ":::" + i["name"]
has_related_elements = False
idx2 = 0
for entry in range(len(sub_form.related_elements.entries)):
sub_form.related_elements.pop_entry()
for j in multikeysort(report_data["related_element_choices"], ["display_text"]):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = j["value"] in i["elements"]
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j["value"]
sub_form.related_elements[idx2].element_text = j["display_text"]
if is_related:
has_related_elements = True
idx2 += 1
form.report_ttps.append_entry(sub_form)
form.report_ttps[idx].has_related_elements.data = has_related_elements
idx += 1
else:
sub_form = forms.RelatedTTPsForm()
sub_form.data = "_NONE_"
form.report_ttps.append_entry(sub_form)
# convert editor dictionary of ids and times to names and times
editors = get_editor_names(get_mysql(), report_data["editor"])
return form, editors
def register():
logging_prefix = logger_prefix + "register() - "
log.info(logging_prefix + "Starting")
try:
form = forms.registerForm(request.form)
search_form = forms.searchForm()
if request.method == 'POST':
#verify captcha
perform_validate = True
try:
if RECAPTCHA_ENABLED:
captcha_value = request.form['g-recaptcha-response']
r = requests.post("https://www.google.com/recaptcha/api/siteverify", data={
'secret': RECAPTCHA_PRIVATE_KEY,
'response': request.form['g-recaptcha-response']
})
r_json = json.loads(r.text)
if not r_json['success']:
flash("Bots are not allowed",'danger')
perform_validate = False
except Exception as s:
log.exception(logging_prefix + "Error preforming captcha validation")
raise s
if perform_validate and form.validate():
log.info(logging_prefix + "Sign up Detected")
#get data from form
name = form.user_name.data
email = form.user_email.data
password = form.user_password.data
company = form.user_company.data
reason = form.user_reason.data
#create the necessary hashes
salted_password = sha256(SALTS['user'],password)
verification_hash = sha256(SALTS['email_verification'], email)
#insert data into mysql
insert = "INSERT INTO users (email, password, name, company, justification, email_verified, verification_hash) VALUES (%s,%s,%s,%s,%s,%s,%s)"
values = (email, salted_password, name, company, reason, 0, verification_hash)
log.info(logging_prefix + "Adding new user {}".format(values))
try:
conn=get_mysql().cursor()
conn.execute(insert, values)
get_mysql().commit()
conn.close()
except Exception as s:
conn.close()
raise s
#email the user to verify email
try:
sendAccountVerificationEmail(email, verification_hash)
except Exception as s:
log.exception(logging_prefix + "Unable to send email to {} with verification_hash {}".format(email, verification_hash))
raise s
flash("You have been registered. A verification email with an actviation link has been sent to {} from [email protected]".format(email),'success')
else:
print(form.errors)
else:
pass
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("register.html",
page_title="Register",
form=form,
recaptcha_enabled=RECAPTCHA_ENABLED,
recaptcha_key=RECAPTCHA_PUBLIC_KEY,
search_form=search_form
)
def login():
logging_prefix = logger_prefix + "login() - "
log.info(logging_prefix + "Starting")
try:
form = forms.loginForm(request.form)
search_form = forms.searchForm()
if request.method == 'POST':
if form.validate():
email = form.user_email.data
password = form.user_password.data
hashed_password = sha256(SALTS['user'], password)
conn=get_mysql().cursor(DictCursor)
#since email is unique
conn.execute("SELECT id, password, name, email_verified, approved, write_permission, delete_permission, admin FROM users WHERE email = %s", (email,))
user = conn.fetchone()
if user:
if user['password'] == hashed_password:
#we have found a valid user
if user['email_verified']==0:
#the user has not verified their email address
flash("Your email address has not been verified. Click here if you did not receive a verification email", "danger")
elif user['approved']==0:
#the user has not been approved, or their access has been disapproved
flash("Your account has been approved yet, you will receive an email when your account has been approved", "danger")
else:
#woohoo successful login, set up session variables
session['logged_in'] = True
session['id'] = user['id']
session['name'] = user['name']
session['email'] = email
session['approved'] = (user['approved'] == 1)
session['write'] = (user['write_permission'] == 1)
session['delete'] = (user['delete_permission'] == 1)
session['admin'] = (user['admin'] == 1)
session['expires'] = math.ceil(time.time()) + SESSION_EXPIRE
#now + 10 minutes of inactivity
#each time this user loads a page
#the expiration time gets now + 10m
#update last login timestamp
conn=get_mysql().cursor(DictCursor)
conn.execute("UPDATE users SET last_login=%s WHERE id = %s", (datetime.now(), user['id']))
get_mysql().commit()
conn.close()
flash("You have been logged in", "success")
if request.args.get("r"):
return redirect(request.args.get("r"))
else:
return redirect("/")
else:
log.warning(logging_prefix + "Invalid login attempt for {}".format(email))
flash("The username or password is incorrect", "danger")
else:
log.warning(logging_prefix + "Invalid login attempt for {}".format(email))
flash("The username or password is incorrect", "danger")
else:
print(form.errors)
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("login.html",
page_title="Login",
form=form,
search_form=search_form
)
def wrapped(*args, **kwargs):
r = quote_plus(request.url)
try:
if access_level != PUBLIC:
if 'logged_in' not in session:
flash("You must log in to continue", 'danger')
return redirect("/user/login/?r={}".format(r),
code=307)
elif not session['logged_in']:
flash("You must log in to continue", 'danger')
return redirect("/user/login/?r={}".format(r),
code=307)
elif session['expires'] < math.ceil(
time.time()) and SESSION_EXPIRE != -1:
flash(
"Your session has expired, log in below to continue",
'danger')
return redirect("/user/logout/?r={}".format(r),
code=307)
#since the user is logged in requery the database for their current permissons
if 'id' not in session:
log.error(logging_prefix -
"ID not in session: {}".format(session))
flash(
"Theres an issue with your session, please log in again. Error 001.",
'danger')
return redirect("/user/login/?r={}".format(r),
code=307)
conn = get_mysql().cursor(DictCursor)
conn.execute(
"SELECT email_verified, approved, write_permission, delete_permission, admin FROM users WHERE id = %s",
(session['id'], ))
user = conn.fetchone()
conn.close()
if not user:
log.error(logging_prefix -
"User not found: {}".format(session))
flash(
"Theres an issue with your session, please log in again. Error 002.",
'danger')
return redirect("/user/logout/?r={}".format(r),
code=307)
if user['email_verified'] != 1:
flash("Your email address has not been verified yet",
'danger')
return redirect("/user/logout/?r={}".format(r),
code=307)
session['approved'] = (user['approved'] == 1)
session['write'] = (user['write_permission'] == 1)
session['delete'] = (user['delete_permission'] == 1)
session['admin'] = (user['admin'] == 1)
#now that we know this user is logged in set the expiration to much later
session['expires'] = math.ceil(
time.time()) + SESSION_EXPIRE
#compare the users current access to the access level needed for this page
if not session['approved']:
#if read is not set, the users account has been disabled
flash("Your account has been disabled", 'danger')
return redirect("/user/logout/?r={}".format(r),
code=307)
elif access_level == WRITE and not session['write']:
return render_template("error_403.html")
elif access_level == DELETE and not session['delete']:
return render_template("error_403.html")
elif access_level == ADMIN and not session['admin']:
return render_template("error_403.html")
except Exception as e:
log.exception("Error performing user authentication")
flash(
"Your account could not be verified, please log in again",
'danger')
return redirect("/user/logout/?r={}".format(r), code=307)
return f(*args, **kwargs)
def es_to_form(actor_id):
form = forms.actorForm()
editors = []
#get the values from ES
results = get_es().get(ES_PREFIX + "threat_actors", doc_type="actor", id=actor_id)
#store certain fields from ES, so this form can be used in an update
form.doc_index.data = results['_index']
form.doc_type.data = results['_type']
actor_data = results['_source']
form.actor_name.data = actor_data['name']
form.actor_occurred_at.data = datetime.strptime(actor_data['created_s'],"%Y-%m-%dT%H:%M:%S")
form.actor_description.data = actor_data['description']
form.actor_criticality.data = actor_data['criticality']
#blank this field, and then add data
idx = 0
for entry in range(len(form.actor_class.entries)): form.actor_class.pop_entry()
for i in multikeysort(actor_data['classification'], ['family', 'id']):
actor_class_form = forms.TPXClassificationForm()
actor_class_form.a_family = i['family']
actor_class_form.a_id = i['id']
form.actor_class.append_entry(actor_class_form)
#set the options since this select is dynamic
form.actor_class[idx].a_id.choices = fetch_child_data('tpx_classification',i['family'])
idx += 1
form.actor_tlp.data = str(actor_data['tlp'])
for entry in range(len(form.actor_type.entries)): form.actor_type.pop_entry()
for i in sorted(actor_data['type']):
actor_type_form = forms.TypeForm()
actor_type_form.a_type = i
form.actor_type.append_entry(actor_type_form)
for entry in range(len(form.actor_motivations.entries)): form.actor_motivations.pop_entry()
for i in sorted(actor_data['motivation']):
actor_motivation_form = forms.MotivationForm()
actor_motivation_form.motivation = i
actor_motivation_form.motivation_other = ""
form.actor_motivations.append_entry(actor_motivation_form)
for entry in range(len(form.actor_aliases.entries)): form.actor_aliases.pop_entry()
for i in sorted(actor_data['alias']):
actor_alias_form = forms.AliasForm()
actor_alias_form.alias = i
form.actor_aliases.append_entry(actor_alias_form)
for entry in range(len(form.actor_comms.entries)): form.actor_comms.pop_entry()
for i in multikeysort(actor_data['communication_address'], ['type', 'value']):
actor_comms_form = forms.CommunicationsForm()
actor_comms_form.a_type = i['type']
actor_comms_form.a_type_other = ""
actor_comms_form.address = i['value']
form.actor_comms.append_entry(actor_comms_form)
for entry in range(len(form.actor_financials.entries)): form.actor_financials.pop_entry()
for i in multikeysort(actor_data['financial_account'], ['type', 'value']):
actor_fin_form = forms.FinancialsForm()
actor_fin_form.f_type = i['type']
actor_fin_form.f_type_other = ""
actor_fin_form.account = i['value']
form.actor_financials.append_entry(actor_fin_form)
for entry in range(len(form.actor_locations.entries)): form.actor_locations.pop_entry()
for i in sorted(actor_data['frequented_location']):
actor_locations_form = forms.LocationsForm()
actor_locations_form.location = i
form.actor_locations.append_entry(actor_locations_form)
for entry in range(len(form.actor_affliations.entries)): form.actor_affliations.pop_entry()
for i in sorted(actor_data['country_affiliation']):
actor_affil_form = forms.AffiliationsForm()
actor_affil_form.affiliation = i
actor_affil_form.affiliation_other = ""
form.actor_affliations.append_entry(actor_affil_form)
for entry in range(len(form.actor_known_targets.entries)): form.actor_known_targets.pop_entry()
for i in sorted(actor_data['known_target']):
actor_known_target_form = forms.KnownTargetsForm()
actor_known_target_form.target = i
actor_known_target_form.target_other = ""
form.actor_known_targets.append_entry(actor_known_target_form)
for entry in range(len(form.actor_origin.entries)): form.actor_origin.pop_entry()
#theres only one of these, at least there should be
actor_affil_form = forms.AffiliationsForm()
actor_affil_form.affiliation = actor_data['origin']
actor_affil_form.affiliation_other = ""
form.actor_origin.append_entry(actor_affil_form)
for entry in range(len(form.actor_infra_ipv4.entries)): form.actor_infra_ipv4.pop_entry()
for i in sorted(actor_data['infrastructure']['ipv4']):
actor_infra_ipv4_form = forms.InfrastructureIPv4Form()
actor_infra_ipv4_form.ipv4 = i
form.actor_infra_ipv4.append_entry(actor_infra_ipv4_form)
for entry in range(len(form.actor_infra_fqdn.entries)): form.actor_infra_fqdn.pop_entry()
for i in sorted(actor_data['infrastructure']['fqdn']):
actor_infra_fqdn_form = forms.InfrastructureIPv4Form()
actor_infra_fqdn_form.fqdn = i
form.actor_infra_fqdn.append_entry(actor_infra_fqdn_form)
form.actor_infra_action.data = actor_data['infrastructure']['action']
form.actor_infra_operation.data = actor_data['infrastructure']['operation']
form.actor_infra_status.data = actor_data['infrastructure']['status']
for entry in range(len(form.actor_infra_types.entries)): form.actor_infra_types.pop_entry()
for i in sorted(actor_data['infrastructure']['type']):
actor_infra_type_form = forms.InfrastructureTypesForm()
actor_infra_type_form.infra_type = i
form.actor_infra_types.append_entry(actor_infra_type_form)
for entry in range(len(form.actor_detections.entries)): form.actor_detections.pop_entry()
for i in multikeysort(actor_data['detection_rule'], ["type", "id"]):
actor_detection_form = forms.DetectionsForm()
actor_detection_form.d_type = i['type']
actor_detection_form.rule_id = i['id']
actor_detection_form.rule = i['value']
form.actor_detections.append_entry(actor_detection_form)
'''
Related element
'''
for entry in range(len(form.actor_actors.entries)): form.actor_actors.pop_entry()
if actor_data['related_actor']:
idx = 0
for i in multikeysort(actor_data['related_actor'], ['name', 'id']):
sub_form = forms.RelatedActorsForm()
sub_form.data = i['id'] + ":::" + i['name']
has_related_elements = False
idx2=0
for entry in range(len(sub_form.related_elements.entries)): sub_form.related_elements.pop_entry()
for j in multikeysort(actor_data['related_element_choices'],['display_text']):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = (j['value'] in i['elements'])
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j['value']
sub_form.related_elements[idx2].element_text = j['display_text']
if is_related:
has_related_elements = True
idx2 +=1
form.actor_actors.append_entry(sub_form)
form.actor_actors[idx].has_related_elements.data = has_related_elements
idx+=1
else:
sub_form = forms.RelatedActorsForm()
sub_form.data = "_NONE_"
form.actor_actors.append_entry(sub_form)
for entry in range(len(form.actor_reports.entries)): form.actor_reports.pop_entry()
if actor_data['related_report']:
idx = 0
for i in multikeysort(actor_data['related_report'], ['name', 'id']):
sub_form = forms.RelatedReportsForm()
sub_form.data = i['id'] + ":::" + i['name']
has_related_elements = False
idx2=0
for entry in range(len(sub_form.related_elements.entries)): sub_form.related_elements.pop_entry()
for j in multikeysort(actor_data['related_element_choices'],['display_text']):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = (j['value'] in i['elements'])
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j['value']
sub_form.related_elements[idx2].element_text = j['display_text']
if is_related:
has_related_elements = True
idx2 +=1
form.actor_reports.append_entry(sub_form)
form.actor_reports[idx].has_related_elements.data = has_related_elements
idx+=1
else:
sub_form = forms.RelatedReportsForm()
sub_form.data = "_NONE_"
form.actor_reports.append_entry(sub_form)
for entry in range(len(form.actor_ttps.entries)): form.actor_ttps.pop_entry()
if actor_data['related_ttp']:
idx = 0
for i in multikeysort(actor_data['related_ttp'], ['name', 'id']):
sub_form = forms.RelatedTTPsForm()
sub_form.data = i['id'] + ":::" + i['name']
has_related_elements = False
idx2=0
for entry in range(len(sub_form.related_elements.entries)): sub_form.related_elements.pop_entry()
for j in multikeysort(actor_data['related_element_choices'],['display_text']):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = (j['value'] in i['elements'])
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j['value']
sub_form.related_elements[idx2].element_text = j['display_text']
if is_related:
has_related_elements = True
idx2 +=1
form.actor_ttps.append_entry(sub_form)
form.actor_ttps[idx].has_related_elements.data = has_related_elements
idx+=1
else:
sub_form = forms.RelatedTTPsForm()
sub_form.data = "_NONE_"
form.actor_ttps.append_entry(sub_form)
#convert editor dictionary of ids and times to names and times
editors = get_editor_names(get_mysql(), actor_data['editor'])
return form, editors
def es_to_form(ttp_id):
form = forms.ttpForm()
#get the values from ES
results = get_es().get(ES_PREFIX + "threat_ttps",
doc_type="ttp",
id=ttp_id)
#store certain fields from ES, so this form can be used in an update
form.doc_index.data = results['_index']
form.doc_type.data = results['_type']
ttp_data = results['_source']
form.ttp_name.data = ttp_data['name']
form.ttp_first_observed.data = datetime.strptime(ttp_data['created_s'],
"%Y-%m-%dT%H:%M:%S")
form.ttp_description.data = ttp_data['description']
form.ttp_criticality.data = int(ttp_data['criticality'])
idx = 0
for entry in range(len(form.ttp_class.entries)):
form.ttp_class.pop_entry()
for i in multikeysort(ttp_data['classification'], ['family', 'id']):
ttp_class_form = forms.TPXClassificationForm()
ttp_class_form.a_family = i['family']
ttp_class_form.a_id = i['id']
form.ttp_class.append_entry(ttp_class_form)
#set the options since this select is dynamic
form.ttp_class[idx].a_id.choices = fetch_child_data(
'tpx_classification', i['family'])
idx += 1
if ttp_data['related_actor']:
for entry in range(len(form.ttp_actors.entries)):
form.ttp_actors.pop_entry()
for i in multikeysort(ttp_data['related_actor'], ['name', 'id']):
sub_form = forms.RelatedActorsForm()
sub_form.data = i['id'] + ":::" + i['name']
form.ttp_actors.append_entry(sub_form)
if ttp_data['related_report']:
for entry in range(len(form.ttp_reports.entries)):
form.ttp_reports.pop_entry()
for i in multikeysort(ttp_data['related_report'], ['name', 'id']):
sub_form = forms.RelatedReportsForm()
sub_form.data = i['id'] + ":::" + i['name']
form.ttp_reports.append_entry(sub_form)
if ttp_data['related_ttp']:
for entry in range(len(form.ttp_ttps.entries)):
form.ttp_ttps.pop_entry()
for i in multikeysort(ttp_data['related_ttp'], ['name', 'id']):
sub_form = forms.RelatedTTPsForm()
sub_form.data = i['id'] + ":::" + i['name']
form.ttp_ttps.append_entry(sub_form)
#convert editor dictionary of ids and times to names and times
editors = get_editor_names(get_mysql(), ttp_data['editor'])
return form, editors
def es_to_form(report_id):
form = forms.reportForm()
#get the values from ES
results = get_es().get(ES_PREFIX + "threat_reports",
doc_type="report",
id=report_id)
#store certain fields from ES, so this form can be used in an update
form.doc_index.data = results['_index']
form.doc_type.data = results['_type']
report_data = results['_source']
form.report_name.data = report_data['name']
form.report_id.data = report_data['identifier']
form.report_occurred_at.data = datetime.strptime(report_data['created_s'],
"%Y-%m-%dT%H:%M:%S")
form.report_description.data = report_data['description']
form.report_criticality.data = report_data['criticality']
idx = 0
for entry in range(len(form.report_class.entries)):
form.report_class.pop_entry()
for i in multikeysort(report_data['classification'], ['family', 'id']):
report_class_form = forms.TPXClassificationForm()
report_class_form.a_family = i['family']
report_class_form.a_id = i['id']
form.report_class.append_entry(report_class_form)
#set the options since this select is dynamic
form.report_class[idx].a_id.choices = fetch_child_data(
'tpx_classification', i['family'])
idx += 1
form.report_tlp.data = int(report_data['tlp'])
for entry in range(len(form.report_sections.entries)):
form.report_sections.pop_entry()
for i in multikeysort(report_data['section'], ['order']):
report_section_form = forms.ReportSectionsForm()
report_section_form.title = i['title']
report_section_form.tlp = i['tlp']
report_section_form.text = i['content']
form.report_sections.append_entry(report_section_form)
form.report_source_reliability.data = report_data["source_reliability"]
form.report_info_reliability.data = report_data["info_reliability"]
for entry in range(len(form.report_sources.entries)):
form.report_sources.pop_entry()
for i in sorted(report_data['source']):
report_source_form = forms.ReportSourcesForm()
report_source_form.source = i
form.report_sources.append_entry(report_source_form)
'''
Related element
'''
for entry in range(len(form.report_actors.entries)):
form.report_actors.pop_entry()
if report_data['related_actor']:
idx = 0
for i in multikeysort(report_data['related_actor'], ['name', 'id']):
sub_form = forms.RelatedActorsForm()
sub_form.data = i['id'] + ":::" + i['name']
has_related_elements = False
idx2 = 0
for entry in range(len(sub_form.related_elements.entries)):
sub_form.related_elements.pop_entry()
for j in multikeysort(report_data['related_element_choices'],
['display_text']):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = (j['value'] in i['elements'])
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j['value']
sub_form.related_elements[idx2].element_text = j[
'display_text']
if is_related:
has_related_elements = True
idx2 += 1
form.report_actors.append_entry(sub_form)
form.report_actors[
idx].has_related_elements.data = has_related_elements
idx += 1
else:
sub_form = forms.RelatedActorsForm()
sub_form.data = "_NONE_"
form.report_actors.append_entry(sub_form)
for entry in range(len(form.report_reports.entries)):
form.report_reports.pop_entry()
if report_data['related_report']:
idx = 0
for i in multikeysort(report_data['related_report'], ['name', 'id']):
sub_form = forms.RelatedReportsForm()
sub_form.data = i['id'] + ":::" + i['name']
has_related_elements = False
idx2 = 0
for entry in range(len(sub_form.related_elements.entries)):
sub_form.related_elements.pop_entry()
for j in multikeysort(report_data['related_element_choices'],
['display_text']):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = (j['value'] in i['elements'])
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j['value']
sub_form.related_elements[idx2].element_text = j[
'display_text']
if is_related:
has_related_elements = True
idx2 += 1
form.report_reports.append_entry(sub_form)
form.report_reports[
idx].has_related_elements.data = has_related_elements
idx += 1
else:
sub_form = forms.RelatedReportsForm()
sub_form.data = "_NONE_"
form.report_reports.append_entry(sub_form)
for entry in range(len(form.report_ttps.entries)):
form.report_ttps.pop_entry()
if report_data['related_ttp']:
idx = 0
for i in multikeysort(report_data['related_ttp'], ['name', 'id']):
sub_form = forms.RelatedTTPsForm()
sub_form.data = i['id'] + ":::" + i['name']
has_related_elements = False
idx2 = 0
for entry in range(len(sub_form.related_elements.entries)):
sub_form.related_elements.pop_entry()
for j in multikeysort(report_data['related_element_choices'],
['display_text']):
sub_sub_form = forms.ElementObservablesFrom()
sub_form.related_elements.append_entry(sub_sub_form)
is_related = (j['value'] in i['elements'])
sub_form.related_elements[idx2].element = is_related
sub_form.related_elements[idx2].element_value = j['value']
sub_form.related_elements[idx2].element_text = j[
'display_text']
if is_related:
has_related_elements = True
idx2 += 1
form.report_ttps.append_entry(sub_form)
form.report_ttps[
idx].has_related_elements.data = has_related_elements
idx += 1
else:
sub_form = forms.RelatedTTPsForm()
sub_form.data = "_NONE_"
form.report_ttps.append_entry(sub_form)
#convert editor dictionary of ids and times to names and times
editors = get_editor_names(get_mysql(), report_data['editor'])
return form, editors