def get_base_path(self):
"""
Returns the base path for files (as specified in the configuration)
"""
try:
config = self.get_config_value('files', None)
if config:
return config
else:
raise HandlerException(u'Value files in handler configuration for {0} is not set'.format(self.__class__.__name__))
except ConfigException as error:
raise HandlerException(error)
def get_data(self, reference, definition, parameters):
if reference:
splitted = reference.value.split('|')
rel_path = splitted[0]
filename = splitted[1]
event = reference.report.event
user_can_download = can_user_download(event, self.user)
if not user_can_download:
raise cherrypy.HTTPError(
status=403,
message='User is not permitted to download files')
base_path = self.get_base_path()
if base_path and rel_path:
filepath = base_path + '/' + rel_path
if isfile(filepath):
# create zipfile
tmp_path = self.get_base_path()
tmp_path += '/' + basename(filepath) + '.zip'
# remove file if it should exist
try:
remove(tmp_path)
except OSError:
pass
# create zip file
zip_file = zipfile.ZipFile(tmp_path, mode='w')
# TODO: set password for zip file
zip_file.write(filepath, arcname=filename)
zip_file.close()
filename = u'{0}.zip'.format(filename)
filename = filename.encode('utf-8')
result = serve_file(tmp_path,
"application/x-download",
"attachment",
name=filename)
# clean up
try:
remove(tmp_path)
except OSError:
pass
return result
else:
raise HandlerException(
'The file was not found in "{0}"'.format(filepath))
else:
raise HandlerException('There was an error getting the file')
else:
return list()
def __init__(self):
GenericHandler.__init__(self)
url = self.get_config_value('rt_url', None)
usr = self.get_config_value('rt_user', None)
pwd = self.get_config_value('rt_password', None)
if url is None or usr is None or pwd is None:
raise HandlerException(u'RT handler is not configured.')
self.rt_system = RTTickets(url, usr, pwd)
def get_data(self, attribute, definition, parameters):
regex = definition.regex
if regex:
cb_values = CBValueHandler.__get_cb_values(regex)
result = list()
for item in cb_values:
result.append({'identifier': item, 'name': item})
return result
else:
raise HandlerException(u'Troubles getting regex')
def get_dest_folder(self, rel_folder):
"""
Returns the destination folder, and creates it when not existing
"""
try:
dest_path = self.get_base_path() + '/' + rel_folder
if not exists(dest_path):
makedirs(dest_path)
return dest_path
except TypeError as error:
raise HandlerException(error)
def create_instance(self):
"""
creates an instantiated object
"""
# instantiate
handler = self.clazz()
# check if handler base is implemented
if not isinstance(handler, HandlerBase):
raise HandlerException((u'{0} does not implement '
+ 'HandlerBase').format(self.module_classname))
return handler
def get_tmp_folder(self):
"""
Returns the temporary folder, and creates it when not existing
"""
try:
tmp_path = self.get_base_path() + '/tmp/' + hasher.hashSHA1('{0}'.format(datetime.utcnow()))
if not exists(tmp_path):
makedirs(tmp_path)
return tmp_path
except TypeError as error:
raise HandlerException(error)
def __check_vailidity_regex(regex):
"""
Checks if the regular expression is under the correct form
"""
val_regex = r'^(?:\^.+\$\|)+(?:\^.+\$)$'
valid = ValueValidator.validateRegex(regex, val_regex, '')
if not valid:
raise HandlerException(
('The regular expression of the definition is invalid.\n' +
'It should be under the form of:\n{0}\n' +
'Please fix the definition before using this definition.'
).format(val_regex))
def controller_factory(self, clazz):
if issubclass(clazz, BaseController):
classname = clazz.__name__
if classname in RestBaseHandler.controllers:
return RestBaseHandler.controllers[classname]
# need to create the broker
self.logger.debug('Create controller for {0}'.format(clazz))
instance = clazz(self.config)
RestBaseHandler.controllers[classname] = instance
return instance
else:
raise HandlerException('Class does not implement BaseController')
def insert(self, obj, user, json):
value = json.get('value', None)
if value:
definition = self.get_main_definition()
if isinstance(value, types.StringTypes):
values = self.__get_string_attribtues(value)
else:
values = value
if len(values) == 1:
value = values[0].strip('\n\r')
json['value'] = value
attribute = self.create_attribute(obj, definition, user, json)
return [attribute], None
else:
observables = list()
related_objects = list()
# check if create related objects or observables
create_observables = not obj.related_object_parent
for value in values:
value = value.strip('\n\r')
json['value'] = value
attribute = self.create_attribute(obj, definition, user, json, False)
if create_observables:
observable = self.create_observable(attribute)
sub_obj = self.create_object(observable, obj.definition, user, obj.to_dict(), True)
attribute.object_id = sub_obj.identifier
attribute.object = sub_obj
sub_obj.attributes.append(attribute)
observables.append(observable)
else:
# create related objects
sub_obj = self.create_object(obj.observable, obj.definition, user, obj.to_dict(), False)
sub_obj.parent = None
sub_obj.parent_id = None
attribute.object_id = sub_obj.identifier
attribute.object = sub_obj
sub_obj.attributes.append(attribute)
rel_obj = RelatedObject()
rel_obj.parent_id = obj.related_object_parent[0].parent.identifier
rel_obj.object = sub_obj
related_objects.append(rel_obj)
if observables:
return observables, None
else:
return None, related_objects
else:
raise HandlerException('No value found for handler {0}'.format(self.__class__.__name__))
def insert(self, report, user, json):
value = json.get('value', None)
filename = value.get('name', None)
data = value.get('data', None)
if isinstance(data, types.DictionaryType):
# Workaround for the webfront end
data = data.get('data', None)
if filename and data:
# save file to tmp folder
tmp_filename = hashMD5(datetime.utcnow())
binary_data = base64.b64decode(data)
tmp_folder = self.get_tmp_folder()
tmp_path = tmp_folder + '/' + tmp_filename
# create file in tmp
file_obj = open(tmp_path, "w")
file_obj.write(binary_data)
file_obj.close()
sha1 = hasher.fileHashSHA1(tmp_path)
rel_folder = self.get_rel_folder()
dest_path = self.get_dest_folder(rel_folder) + '/' + sha1
# move it to the correct place
move(tmp_path, dest_path)
# remove temp folder
rmtree(dirname(tmp_path))
# create attribtues
internal_json = json
# mainNone
main_definition = self.get_main_definition()
internal_json['value'] = rel_folder + '/' + sha1 + '|' + filename
main_attribute = self.create_reference(report, main_definition,
user, internal_json)
# secondary
attributes = list()
# filename_definition = self.get_reference_definition(CHK_SUM_FILE_NAME)
# internal_json['value'] = filename
# attribute = self.create_reference(report, filename_definition, user, internal_json)
# attributes.append(attribute)
return main_attribute, attributes, None
else:
raise HandlerException(
'Value is invalid format has to be {"name": <name>,"data": <base 64 encoded data> }'
)
def update(self, attribute, user, json):
raise HandlerException('FileHandler does not support updates')
def get_main_attribute(self, attributes):
main_def = self.get_main_definition()
for attr in attributes:
if attr.definition.uuid == main_def.uuid:
return attr
raise HandlerException('Main attribute cannot be found')
def __process_attribute(self, method, event, obj, requested_object,
details, inflated, json, headers):
try:
user = self.get_user()
if method == 'POST':
self.check_if_user_can_add(event)
# Get needed handler
definition = self.attribute_definition_controller.get_attribute_definitions_by_uuid(
json.get('definition_id', None))
handler_instance = self.__get_handler(definition)
# set provenace to handler
handler_instance.is_rest_insert = self.is_rest_insert(headers)
handler_instance.is_owner = self.is_event_owner(event, user)
# Ask handler to process the json for the new attributes/observables
# param 1 can be either a list of attributes or a list of observables
param_1, related_objects = handler_instance.insert(
obj, user, json)
is_observable = True
# checks for param 1:
event_permissions = self.get_event_user_permissions(
event, self.get_user())
if isinstance(param_1, ListType):
if len(param_1) > 0:
first_element = param_1[0]
if isinstance(first_element, Attribute):
is_observable = False
elif isinstance(first_element, Object):
is_observable = False
else:
raise RestHandlerException(
'Fist parameter is an empty list for handler {0}'.
format(definition.attribute_handler.classname))
else:
if not related_objects:
is_observable = False
raise RestHandlerException(
'Fist parameter and related_objects are not a list or are empty for handler {0}'
.format(definition.attribute_handler.classname))
modified_obj = False
if is_observable and param_1:
# make a composed observable for the observables gotten an the observable of the originating object
observable = obj.observable
# check if there is already a composed observable on top if there is add the observables
try:
test_composition = self.observable_controller.get_composition_by_observable(
observable)
except ControllerNothingFoundException:
test_composition = None
if test_composition:
composed_observable = test_composition
else:
if obj.attributes or obj.related_objects:
# then the references are done differently
# the object moves down into an other observable
observable.event = None
observable.event_id = None
# create a new observable
new_obs = Observable()
new_obs.event = event
new_obs.event_id = event.identifier
new_obs.parent = event
new_obs.parent_id = event.identifier
new_obs.dbcode = observable.dbcode
self.attribute_controller.set_extended_logging(
new_obs, user, event.owner_group, True)
composed_observable = ObservableComposition()
composed_observable.uuid = uuid4()
composed_observable.dbcode = observable.dbcode
composed_observable.parent = new_obs
new_obs.observable_composition = composed_observable
new_obs.observable_composition.observables.append(
observable)
self.observable_controller.insert_observable(
new_obs, user, commit=False)
first_obs = param_1.pop(0)
first_object = first_obs.object
for attr in first_object.attributes:
observable.object.attributes.append(attr)
else:
# if the the object has no attributes and no related objects create a composed observable
# if there exists none create composed observable
composed_observable = ObservableComposition()
composed_observable.uuid = uuid4()
composed_observable.dbcode = observable.dbcode
composed_observable.parent = observable
observable.observable_composition = composed_observable
db_user = user = self.attribute_controller.user_broker.get_by_id(
user.identifier)
for obs in param_1:
# enforce that no parent is set
obs.event = None
obs.event_id = None
obs.parent = event
obs.parent_id = event.identifier
# set extended logging
self.attribute_controller.set_extended_logging(
obs, db_user, event.owner_group, True)
composed_observable.observables.append(obs)
if test_composition:
self.observable_controller.update_observable_compositon(
composed_observable, user, commit=False)
else:
self.observable_controller.update_observable(
observable, user, commit=False)
param_1 = composed_observable.parent
else:
# process the attributes and related objects
# get the main attribtue
# Check if not elements were attached to the object
# TODO: find a way to check if the object has been changed
# TODO also check if there are no children attached
if True:
if param_1:
self.attribute_controller.insert_attributes(
param_1, user, False,
self.is_event_owner(event, user))
self.observable_controller.insert_handler_related_objects(
related_objects, user, False,
self.is_event_owner(event, user))
else:
# attach the related object to the parent object if there is any
if obj.related_object_parent:
# attach the related objects to the parent object!!
parent_obj = self.observable_controller.get_parent_object_by_object(
obj)
if not obj.attributes:
first_relObject = related_objects.pop(0)
for attr in first_relObject.object.attributes:
attr.object = obj
attr.object_id = obj.identifier
obj.attributes.append(attr)
modified_obj = True
for related_object in related_objects:
parent_obj.related_objects.append(
related_object)
self.observable_controller.update_object(
parent_obj, user, False)
# self.observable_controller.insert_handler_related_objects(related_objects, user, False, self.is_event_owner(event, user))
else:
raise RestHandlerException(
'The object is a root object, cannot process this. Please ask for assistance'
)
else:
raise RestHandlerException(
'The object has been modified by the handler {0} this cannot be'
.format(definition.attribute_handler.classname))
# return the attributes and related objects
# extract all the attributes to make relations
flat_attriutes = self.__get_all_attribtues(
param_1, related_objects, is_observable)
if modified_obj:
is_observable = True
param_1 = obj.observable
# make relations
# TODO: add flag to skip this step
self.relations_controller.generate_bulk_attributes_relations(
event, flat_attriutes, True)
result = self.__make_attribute_insert_return(
param_1, related_objects, is_observable, details, inflated,
event_permissions, user)
return result
else:
uuid = requested_object['object_uuid']
if method == 'GET':
if uuid:
attribute = self.attribute_controller.get_attribute_by_uuid(
uuid)
self.check_item_is_viewable(event, attribute)
return attribute.to_dict(details, inflated)
else:
result = list()
for attribute in obj.attributes:
if self.is_item_viewable(event, attribute):
result.append(
attribute.to_dict(details, inflated))
return result
else:
attribute = self.attribute_controller.get_attribute_by_uuid(
uuid)
if method == 'PUT':
old_attr = attribute
self.check_if_event_is_modifiable(event)
self.check_item_is_viewable(event, attribute)
self.check_if_user_can_set_validate_or_shared(
event, old_attr, user, json)
definition_uuid = json.get('definition_id', None)
if definition_uuid:
# check if it still is the same
if attribute.definition.uuid != definition_uuid:
raise HandlerException(
'It is not possible to change the definition of attribtues'
)
handler_instance = self.__get_handler(
attribute.definition)
handler_instance.is_rest_insert = self.is_rest_insert(
headers)
handler_instance.is_owner = self.is_event_owner(
event, user)
# Ask handler to process the json for the new attributes
attribute = handler_instance.update(
attribute, user, json)
if self.is_event_owner(event, user):
attribute.properties.is_validated = True
attribute.properties.is_proposal = False
else:
attribute.properties.is_validated = False
attribute.properties.is_proposal = True
self.logger.info(
u'User {0} changed attribute {1} from {2} to {3}'.
format(user.username, attribute.identifier,
old_attr.value, attribute.value))
# TODO: check if there are no children attached
self.attribute_controller.update_attribute(
attribute, user, True)
return attribute.to_dict(details, inflated)
elif method == 'DELETE':
self.check_if_event_is_deletable(event)
self.check_item_is_viewable(event, attribute)
self.attribute_controller.remove_attribute(
attribute, user, True)
return 'Deleted object'
except ValueException as error:
raise RestHandlerException(error)
def __process_reference(self, method, event, report, requested_object,
details, inflated, json, headers):
try:
user = self.get_user()
if method == 'POST':
self.check_if_user_can_add(event)
# Get needed handler
definition = self.report_controller.get_reference_definitions_by_uuid(
json.get('definition_id', None))
handler_instance = self.__get_handler(definition)
handler_instance.is_rest_insert = self.is_rest_insert(headers)
handler_instance.is_owner = self.is_event_owner(event, user)
# Ask handler to process the json for the new attributes
reference, additional_references, related_reports = handler_instance.insert(
report, user, json)
# Check if not elements were attached to the object
# TODO: find a way to check if the object has been changed
# TODO also check if there are no children attached
if True:
self.report_controller.insert_reference(
reference, additional_references, user, False,
self.is_event_owner(event, user))
if related_reports:
raise NotImplementedException(
'Related reports returned for handler {0} but the processing is not'
.format(definition.attribute_handler.classname))
self.report_controller.insert_handler_reports(
related_reports, user, True,
self.is_event_owner(event, user))
else:
raise RestHandlerException(
'The object has been modified by the handler {0} this cannot be'
.format(definition.attribute_handler.classname))
# Return the generated references as json
result_references = list()
result_references.append(reference.to_dict(details, inflated))
if additional_references:
for additional_reference in additional_references:
result_references.append(
additional_reference.to_dict(details, inflated))
result_reports = list()
if related_reports:
for related_object in related_reports:
result_reports.append(
related_object.to_dict(details, inflated))
return {
'references': result_references,
'related_reports': result_reports
}
else:
uuid = requested_object['object_uuid']
if method == 'GET':
if uuid:
reference = self.report_controller.get_reference_by_uuid(
uuid)
self.check_item_is_viewable(event, reference)
return reference.to_dict(details, inflated)
else:
result = list()
for reference in report.references:
if self.is_item_viewable(event, reference):
result.append(
reference.to_dict(details, inflated))
return result
else:
reference = self.report_controller.get_reference_by_uuid(
uuid)
if method == 'PUT':
old_ref = reference
self.check_if_event_is_modifiable(event)
self.check_item_is_viewable(event, reference)
definition_uuid = json.get('definition_id', None)
if definition_uuid:
# check if it still is the same
if not reference.definition.uuid == definition_uuid:
raise HandlerException(
'It is not possible to change the definition of references'
)
handler_instance = self.__get_handler(
reference.definition)
handler_instance.is_rest_insert = self.is_rest_insert(
headers)
handler_instance.is_owner = self.is_event_owner(
event, user)
self.check_if_user_can_set_validate_or_shared(
event, old_ref, user, json)
# Ask handler to process the json for the new attributes
reference = handler_instance.update(
reference, user, json)
self.logger.info(
u'User {0} changed reference {1} from {2} to {3}'.
format(user.username, old_ref.identifier,
old_ref.value, reference.value))
# TODO: check if there are no children attached
self.report_controller.update_reference(
reference, user, True)
return reference.to_dict(details, inflated)
elif method == 'DELETE':
self.check_if_event_is_deletable(event)
self.check_item_is_viewable(event, reference)
self.report_controller.remove_reference(
reference, user, True)
return 'Deleted object'
except ValueException as error:
raise RestHandlerException(error)
def insert(self, obj, user, json):
value = json.get('value', None)
filename = value.get('name', None)
data = value.get('data', None)
if isinstance(data, types.DictionaryType):
# Workaround for the webfront end
data = data.get('data', None)
if filename and data:
# save file to tmp folder
tmp_filename = hashMD5(datetime.utcnow())
binary_data = base64.b64decode(data)
tmp_folder = self.get_tmp_folder()
tmp_path = tmp_folder + '/' + tmp_filename
# create file in tmp
file_obj = open(tmp_path, "w")
file_obj.write(binary_data)
file_obj.close()
sha1 = hasher.fileHashSHA1(tmp_path)
rel_folder = self.get_rel_folder()
dest_path = self.get_dest_folder(rel_folder) + '/' + sha1
# move it to the correct place
move(tmp_path, dest_path)
# remove temp folder
rmtree(dirname(tmp_path))
# create attribtues
internal_json = json
# main
main_definition = self.get_main_definition()
internal_json['value'] = rel_folder + '/' + sha1
attributes = list()
main_attribute = self.create_attribute(obj, main_definition, user, internal_json)
# secondary
filename_definition = self.get_attriute_definition(CHK_SUM_FILE_NAME)
internal_json['value'] = filename
attribute = self.create_attribute(obj, filename_definition, user, internal_json)
attributes.append(attribute)
sha1_definition = self.get_attriute_definition(CHK_SUM_HASH_SHA1)
internal_json['value'] = sha1
attribute = self.create_attribute(obj, sha1_definition, user, internal_json)
attributes.append(attribute)
# set parent
for attribtue in attributes:
attribtue.parent = main_attribute
obj_def = self.get_object_definition(CHK_SUM_ARTEFACT)
childobj = self.create_object(obj.observable, obj_def, user, {}, False)
rel_obj = RelatedObject()
rel_obj.parent = obj
rel_obj.parent_id = obj.identifier
rel_obj.object = childobj
childobj.attributes.append(main_attribute)
# attributes.append(main_attribute)
childobjs = list()
childobjs.append(rel_obj)
return attributes, childobjs
else:
raise HandlerException('Value is invalid format has to be {"name": <name>,"data": <base 64 encoded data> }')
