def list_bucket_fields(bucket, **kwargs):
"""
List all available fields for a given bucket
Variables:
bucket => Which specific bucket you want to know the fields for
Arguments:
None
Data Block:
None
Result example:
{
"<<FIELD_NAME>>": { # For a given field
indexed: True, # Is the field indexed
stored: False, # Is the field stored
type: string # What type of data in the field
},
...
}
"""
if bucket in BUCKET_MAP or ():
return make_api_response(BUCKET_MAP[bucket].fields())
elif 'admin' in kwargs['user']['type'] and hasattr(STORAGE, bucket):
return make_api_response(getattr(STORAGE, bucket).fields())
elif bucket == "ALL":
return make_api_response(list_all_fields())
else:
return make_api_response("",
f"Not a valid bucket to search in: {bucket}",
400)
def list_index_fields(index, **kwargs):
"""
List all available fields for a given index
Variables:
index => Which specific index you want to know the fields for
Arguments:
None
Data Block:
None
Result example:
{
"<<FIELD_NAME>>": { # For a given field
indexed: True, # Is the field indexed
stored: False, # Is the field stored
type: string # What type of data in the field
},
...
}
"""
user = kwargs['user']
collection = get_collection(index, user)
if collection is not None:
return make_api_response(collection.fields())
elif index == "ALL":
return make_api_response(list_all_fields(user))
else:
return make_api_response("",
f"Not a valid index to search in: {index}",
400)
def search_help(**kwargs):
field_list = {
k: sorted([(x, y) for x, y in v.items()])
for k, v in list_all_fields().items()
}
lookup = {
"text_ws": "whitespace separated text",
"text_ws_dsplit": "dot and whitespace separated text",
"text_general": "tokenized text",
"text_fuzzy": "separated fuzzy patterns",
}
return custom_render("search_help.html",
field_list=field_list,
lookup=lookup,
**kwargs)
def who_am_i(**kwargs):
"""
Return the currently logged in user as well as the system configuration
Variables:
None
Arguments:
None
Data Block:
None
Result example:
{
"agrees_with_tos": None, # Date the user agreed with TOS
"avatar": "data:image/jpg...", # Avatar data block
"c12nDef": {}, # Classification definition block
"classification": "TLP:W", # Classification of the user
"configuration": { # Configuration block
"auth": { # Authentication Configuration
"allow_2fa": True, # Is 2fa Allowed for the user
"allow_apikeys": True, # Are APIKeys allowed for the user
"allow_extended_apikeys": True, # Allow user to generate extended access API Keys
"allow_security_tokens": True, # Are Security tokens allowed for the user
},
"submission": { # Submission Configuration
"dtl": 10, # Default number of days submission stay in the system
"max_dtl": 30, # Maximum number of days submission stay in the system
},
"system": { # System Configuration
"organisation": "ACME", # Organisation name
"type": "production", # Type of deployment
"version": "4.1" # Assemblyline version
},
"ui": { # UI Configuration
"alerting_meta": { # Alert metadata configuration
"important": [], # List of metadata fields that should always be displayed
"subject": [], # List of metadata fields where to fetch email subject
"url": [] # List of metadata fields where to fetch URLS
},
"allow_malicious_hinting": True, # Are users allowed to set the malicious flag before processing
"allow_raw_downloads": True, # Are users allowed to download files in their raw format?
"allow_zip_downloads": True, # Are users allowed to download files as password-protected ZIPs?
"allow_replay": False, # Are users allowed to continue submissions on another server
"allow_url_submissions": True, # Are URL submissions allowed
"apps": [], # List of apps shown in the apps switcher
"banner": None, # Banner displayed on the submit page
"banner_level": True, # Banner color (info, success, warning, error)
"read_only": False, # Is the interface to be displayed in read-only mode
"tos": True, # Are terms of service set in the system
"tos_lockout": False, # Will agreeing to TOS lockout the user
"tos_lockout_notify": False # Will admin be auto-notified when a user is locked out
}
},
"email": "*****@*****.**", # Email of the user
"groups": ["USERS"], # Groups the user if member of
"indexes": {}, # Search indexes definitions
"is_active": True, # Is the user active
"name": "Basic user", # Name of the user
"type": ["user", "admin"], # Roles the user is member of
"uname": "sgaron-cyber" # Username of the current user
}
"""
user_data = {k: v for k, v in kwargs['user'].items()
if k in ["agrees_with_tos", "classification", "email", "groups", "is_active", "name", "type", "uname"]}
user_data['avatar'] = STORAGE.user_avatar.get(kwargs['user']['uname'])
user_data['username'] = user_data.pop('uname')
user_data['is_admin'] = "admin" in user_data['type']
user_data['roles'] = user_data.pop('type')
# System configuration
user_data['c12nDef'] = classification_definition
user_data['configuration'] = {
"auth": {
"allow_2fa": config.auth.allow_2fa,
"allow_apikeys": config.auth.allow_apikeys,
"allow_extended_apikeys": config.auth.allow_extended_apikeys,
"allow_security_tokens": config.auth.allow_security_tokens,
},
"submission": {
"dtl": config.submission.dtl,
"max_dtl": config.submission.max_dtl
},
"system": {
"organisation": config.system.organisation,
"type": config.system.type,
"version": VERSION
},
"ui": {
"alerting_meta": {
"important": config.ui.alerting_meta.important,
"subject": config.ui.alerting_meta.subject,
"url": config.ui.alerting_meta.url
},
"allow_malicious_hinting": config.ui.allow_malicious_hinting,
"allow_raw_downloads": config.ui.allow_raw_downloads,
"allow_zip_downloads": config.ui.allow_zip_downloads,
"allow_replay": config.ui.allow_replay,
"allow_url_submissions": config.ui.allow_url_submissions,
"apps": [x for x in APPS_LIST['apps']
if CLASSIFICATION.is_accessible(kwargs['user']['classification'],
x['classification'] or CLASSIFICATION.UNRESTRICTED,
ignore_invalid=True)],
"banner": config.ui.banner,
"banner_level": config.ui.banner_level,
"read_only": config.ui.read_only,
"tos": config.ui.tos not in [None, ""],
"tos_lockout": config.ui.tos_lockout,
"tos_lockout_notify": config.ui.tos_lockout_notify not in [None, []]
},
}
user_data['indexes'] = list_all_fields(user_data)
user_data['settings'] = load_user_settings(kwargs['user'])
msg = UI_MESSAGING.get('system_message')
if msg:
user_data['system_message'] = msg
return make_api_response(user_data)
def who_am_i(**kwargs):
"""
Return the currently logged in user as well as the system configuration
Variables:
None
Arguments:
None
Data Block:
None
Result example:
{
"agrees_with_tos": None, # Date the user agreed with TOS
"avatar": "data:image/jpg...", # Avatar data block
"c12nDef": {}, # Classification definition block
"classification": "TLP:W", # Classification of the user
"configuration": { # Configuration block
"auth": { # Authentication Configuration
"allow_2fa": True, # Is 2fa Allowed for the user
"allow_apikeys": True, # Are APIKeys allowed for the user
"allow_security_tokens": True, # Are Security tokens allowed for the user
},
"ui": { # UI Configuration
"allow_url_submissions": True, # Are URL submissions allowed
"read_only": False, # Is the interface to be displayed in read-only mode
"tos": True, # Are terms of service set in the system
"tos_lockout": False, # Will agreeing to TOS lockout the user
"tos_lockout_notify": False # Will admin be auto-notified when a user is locked out
}
},
"email": "*****@*****.**", # Email of the user
"groups": ["USERS"], # Groups the user if member of
"indexes": {}, # Search indexes definitions
"is_active": True, # Is the user active
"name": "Basic user", # Name of the user
"type": ["user", "admin"], # Roles the user is member of
"uname": "sgaron-cyber" # Username of the current user
}
"""
user_data = {k: v for k, v in kwargs['user'].items()
if k in [
"agrees_with_tos",
"classification",
"email",
"groups",
"is_active",
"name",
"type",
"uname"]}
user_data['avatar'] = STORAGE.user_avatar.get(kwargs['user']['uname'])
user_data['username'] = user_data.pop('uname')
user_data['is_admin'] = "admin" in user_data['type']
user_data['roles'] = user_data.pop('type')
# System configuration
user_data['c12nDef'] = classification_definition
user_data['configuration'] = {
"auth": {
"allow_2fa": config.auth.allow_2fa,
"allow_apikeys": config.auth.allow_apikeys,
"allow_security_tokens": config.auth.allow_security_tokens,
},
"ui": {
"allow_url_submissions": config.ui.allow_url_submissions,
"read_only": config.ui.read_only,
"tos": config.ui.tos not in [None, ""],
"tos_lockout": config.ui.tos_lockout,
"tos_lockout_notify": config.ui.tos_lockout_notify not in [None, []]
},
}
user_data['indexes'] = list_all_fields()
user_data['settings'] = load_user_settings(kwargs['user'])
return make_api_response(user_data)