Exemple #1
0
    def process_sandbox_infos(self, incident_report, html_report):
        errors = [e.text for e in incident_report.findall("./errors/error")]

        for error in errors:
            self._error(error)

        info = {
            "Report Id": incident_report.find("./id").text,
            "Joe Sandbox Version": incident_report.find("./version").text,
            "Architecture": incident_report.find("./arch").text,
            "System": incident_report.find("./system").text,
            "File Type": incident_report.find("./filetype").text,
        }

        # upload HTML report
        fp = io.BytesIO(html_report)
        fp.name = "report.html"
        ret = add_object(self.obj._meta['crits_type'], self.obj.id,
                         object_type=ObjectTypes.FILE_UPLOAD,
                         source=get_user_organization(self.current_task.user),
                         method=self.name,
                         reference=None,
                         file_=fp,
                         tlp=self.obj.tlp,
                         user=str(self.current_task.user))

        if ret['success']:
            md5 = hashlib.md5(html_report).hexdigest()
            info["md5"] = md5
        else:
            self._warning(ret["message"])

        self._add_result("Joe Sandbox Infos", "Report", info)
        self._notify()
Exemple #2
0
    def obj_create(self, bundle, **kwargs):
        """
        Handles adding objects through the API.

        :param bundle: Bundle containing the object to add.
        :type bundle: Tastypie Bundle object.
        :returns: Bundle object.
        :raises BadRequest: If necessary data is not provided or creation fails.

        """
        analyst = bundle.request.user.username
        crits_type = bundle.data.get('crits_type', None)
        crits_id = bundle.data.get('crits_id', None)
        object_type = bundle.data.get('object_type', None)

        if not object_type:
            raise BadRequest("You must provide an Object Type!")

        ot_array = object_type.split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]

        source = bundle.data.get('source', None)
        method = bundle.data.get('method', None)
        reference = bundle.data.get('reference', None)
        add_indicator = bundle.data.get('add_indicator', None)
        filedata = bundle.data.get('filedata', None)
        value = bundle.data.get('value', None)

        if not crits_type or not crits_id:
            raise BadRequest("You must provide a top-level object!")
        if not filedata and not value:
            raise BadRequest("You must provide a value or filedata!")


        result = add_object(crits_type,
                            crits_id,
                            object_type,
                            name,
                            source,
                            method,
                            reference,
                            analyst,
                            value=value,
                            file_=filedata,
                            add_indicator=add_indicator)
        if not result['success']:
            raise BadRequest(result['message'])
        else:
            return bundle
Exemple #3
0
    def obj_create(self, bundle, **kwargs):
        """
        Handles adding objects through the API.

        :param bundle: Bundle containing the object to add.
        :type bundle: Tastypie Bundle object.
        :returns: Bundle object.
        :raises BadRequest: If necessary data is not provided or creation fails.

        """
        analyst = bundle.request.user.username
        crits_type = bundle.data.get('crits_type', None)
        crits_id = bundle.data.get('crits_id', None)
        object_type = bundle.data.get('object_type', None)

        if not object_type:
            raise BadRequest("You must provide an Object Type!")

        ot_array = object_type.split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]

        source = bundle.data.get('source', None)
        method = bundle.data.get('method', None)
        reference = bundle.data.get('reference', None)
        add_indicator = bundle.data.get('add_indicator', None)
        filedata = bundle.data.get('filedata', None)
        value = bundle.data.get('value', None)

        if not crits_type or not crits_id:
            raise BadRequest("You must provide a top-level object!")
        if not filedata and not value:
            raise BadRequest("You must provide a value or filedata!")

        result = add_object(crits_type,
                            crits_id,
                            object_type,
                            name,
                            source,
                            method,
                            reference,
                            analyst,
                            value=value,
                            file_=filedata,
                            add_indicator=add_indicator)
        if not result['success']:
            raise BadRequest(result['message'])
        else:
            return bundle
Exemple #4
0
def add_new_object(request):
    """
    Add a new object.

    :param request: The Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == 'POST':
        analyst = "%s" % request.user
        user = request.user
        result = ""
        message = ""
        my_type = request.POST['otype']
        acl = get_acl_object(my_type)
        if user.has_access_to(acl.OBJECTS_ADD):
            form = AddObjectForm(user,
                                 request.POST,
                                 request.FILES)
            if not form.is_valid() and 'value' not in request.FILES:
                message = "Invalid Form: %s" % form.errors
                form = form.as_table()
                response = json.dumps({'message': message,
                                       'form': form,
                                       'success': False})
                if request.is_ajax():
                    return HttpResponse(response, content_type="application/json")
                else:
                    return render_to_response("file_upload_response.html",
                                              {'response':response},
                                              RequestContext(request))
            source = request.POST['source_name']
            oid = request.POST['oid']
            object_type = request.POST['object_type']
            method = request.POST['source_method']
            reference = request.POST['source_reference']
            tlp = request.POST['source_tlp']

            add_indicator = request.POST.get('add_indicator', None)
            data = None
            # if it was a file upload, handle the file appropriately
            if 'value' in request.FILES:
                data = request.FILES['value']
            value = request.POST.get('value', None)
            if isinstance(value, basestring):
                value = value.strip()
            results = add_object(my_type,
                                 oid,
                                 object_type,
                                 source,
                                 method,
                                 reference,
                                 tlp,
                                 user.username,
                                 value=value,
                                 file_=data,
                                 add_indicator=add_indicator,
                                 is_sort_relationships=True)

        else:
            results = {'success':False,
                       'message':'User does not have permission to add object'}
        if results['success']:
            subscription = {
                'type': my_type,
                'id': oid
            }

            if results.get('relationships', None):
                relationship = {'type': my_type,
                                'value': oid}
                relationships = results['relationships']

                html = render_to_string('objects_listing_widget.html',
                                        {'objects': results['objects'],
                                         'relationships': relationships,
                                         'subscription': subscription},
                                        RequestContext(request))
                result = {'success': True,
                          'html': html,
                          'message': results['message']}

                rel_msg  = render_to_string('relationships_listing_widget.html',
                                            {'relationship': relationship,
                                             'nohide': True,
                                             'relationships': relationships},
                                            RequestContext(request))
                result['rel_made'] = True
                result['rel_msg'] = rel_msg
            else:
                html = render_to_string('objects_listing_widget.html',
                                        {'objects': results['objects'],
                                         'subscription': subscription},
                                        RequestContext(request))
                result = {'success': True,
                          'html': html,
                          'message': results['message']}
        else:
            message = "Error adding object: %s" % results['message']
            result = {'success': False, 'message': message}
        if request.is_ajax():
            return HttpResponse(json.dumps(result),
                                content_type="application/json")
        else:
            return render_to_response("file_upload_response.html",
                                      {'response': json.dumps(result)},
                                      RequestContext(request))
    else:
        error = "Expected POST"
        return render_to_response("error.html",
                                  {"error" : error },
                                  RequestContext(request))
Exemple #5
0
def add_new_object(request):
    """
    Add a new object.

    :param request: The Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == 'POST':
        analyst = "%s" % request.user
        user = request.user
        result = ""
        message = ""
        my_type = request.POST['otype']
        acl = get_acl_object(my_type)
        if user.has_access_to(acl.OBJECTS_ADD):
            form = AddObjectForm(user, request.POST, request.FILES)
            if not form.is_valid() and 'value' not in request.FILES:
                message = "Invalid Form: %s" % form.errors
                form = form.as_table()
                response = json.dumps({
                    'message': message,
                    'form': form,
                    'success': False
                })
                if request.is_ajax():
                    return HttpResponse(response,
                                        content_type="application/json")
                else:
                    return render_to_response("file_upload_response.html",
                                              {'response': response},
                                              RequestContext(request))
            source = request.POST['source_name']
            oid = request.POST['oid']
            object_type = request.POST['object_type']
            method = request.POST['source_method']
            reference = request.POST['source_reference']
            tlp = request.POST['source_tlp']

            add_indicator = request.POST.get('add_indicator', None)
            data = None
            # if it was a file upload, handle the file appropriately
            if 'value' in request.FILES:
                data = request.FILES['value']
            value = request.POST.get('value', None)
            if isinstance(value, basestring):
                value = value.strip()
            results = add_object(my_type,
                                 oid,
                                 object_type,
                                 source,
                                 method,
                                 reference,
                                 tlp,
                                 user.username,
                                 value=value,
                                 file_=data,
                                 add_indicator=add_indicator,
                                 is_sort_relationships=True)

        else:
            results = {
                'success': False,
                'message': 'User does not have permission to add object'
            }
        if results['success']:
            subscription = {'type': my_type, 'id': oid}

            if results.get('relationships', None):
                relationship = {'type': my_type, 'value': oid}
                relationships = results['relationships']

                html = render_to_string(
                    'objects_listing_widget.html', {
                        'objects': results['objects'],
                        'relationships': relationships,
                        'subscription': subscription
                    }, RequestContext(request))
                result = {
                    'success': True,
                    'html': html,
                    'message': results['message']
                }

                rel_msg = render_to_string(
                    'relationships_listing_widget.html', {
                        'relationship': relationship,
                        'nohide': True,
                        'relationships': relationships
                    }, RequestContext(request))
                result['rel_made'] = True
                result['rel_msg'] = rel_msg
            else:
                html = render_to_string('objects_listing_widget.html', {
                    'objects': results['objects'],
                    'subscription': subscription
                }, RequestContext(request))
                result = {
                    'success': True,
                    'html': html,
                    'message': results['message']
                }
        else:
            message = "Error adding object: %s" % results['message']
            result = {'success': False, 'message': message}
        if request.is_ajax():
            return HttpResponse(json.dumps(result),
                                content_type="application/json")
        else:
            return render_to_response("file_upload_response.html",
                                      {'response': json.dumps(result)},
                                      RequestContext(request))
    else:
        error = "Expected POST"
        return render_to_response("error.html", {"error": error},
                                  RequestContext(request))
Exemple #6
0
def add_new_object(request):
    """
    Add a new object.

    :param request: The Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == 'POST':
        analyst = "%s" % request.user
        result = ""
        message = ""
        my_type = request.POST['otype']
        all_obj_type_choices = [(c[0],
                                 c[0],
                                 {'datatype':c[1].keys()[0],
                                  'datatype_value':c[1].values()[0]}
                                 ) for c in get_object_types(False)]
        form = AddObjectForm(analyst,
                             all_obj_type_choices,
                             request.POST,
                             request.FILES)
        if not form.is_valid() and not 'value' in request.FILES:
            message = "Invalid Form: %s" % form.errors
            form = form.as_table()
            response = json.dumps({'message': message,
                                   'form': form,
                                   'success': False})
            if request.is_ajax():
                return HttpResponse(response, mimetype="application/json")
            else:
                return render_to_response("file_upload_response.html",
                                          {'response':response},
                                          RequestContext(request))
        source = request.POST['source']
        oid = request.POST['oid']
        ot_array = request.POST['object_type'].split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]
        method = request.POST['method']
        reference = request.POST['reference']
        add_indicator = request.POST.get('add_indicator', None)
        data = None
        # if it was a file upload, handle the file appropriately
        if 'value' in request.FILES:
            data = request.FILES['value']
        value = request.POST.get('value', None)
        if isinstance(value, basestring):
            value = value.strip()
        results = add_object(my_type,
                             oid,
                             object_type,
                             name,
                             source,
                             method,
                             reference,
                             analyst,
                             value=value,
                             file_=data,
                             add_indicator=add_indicator,
                             is_sort_relationships=True)
        if results['success']:
            subscription = {
                'type': my_type,
                'id': oid
            }

            if results.get('relationships', None):
                relationship = {'type': my_type,
                                'value': oid}
                relationships = results['relationships']

                html = render_to_string('objects_listing_widget.html',
                                        {'objects': results['objects'],
                                         'relationships': relationships,
                                         'subscription': subscription},
                                        RequestContext(request))
                result = {'success': True,
                          'html': html,
                          'message': results['message']}

                rel_msg  = render_to_string('relationships_listing_widget.html',
                                            {'relationship': relationship,
                                             'nohide': True,
                                             'relationships': relationships},
                                            RequestContext(request))
                result['rel_made'] = True
                result['rel_msg'] = rel_msg
            else:
                html = render_to_string('objects_listing_widget.html',
                                        {'objects': results['objects'],
                                         'subscription': subscription},
                                        RequestContext(request))
                result = {'success': True,
                          'html': html,
                          'message': results['message']}
        else:
            message = "Error adding object: %s" % results['message']
            result = {'success': False, 'message': message}
        if request.is_ajax():
            return HttpResponse(json.dumps(result),
                                mimetype="application/json")
        else:
            return render_to_response("file_upload_response.html",
                                      {'response': json.dumps(result)},
                                      RequestContext(request))
    else:
        error = "Expected POST"
        return render_to_response("error.html",
                                  {"error" : error },
                                  RequestContext(request))
Exemple #7
0
    def obj_create(self, bundle, **kwargs):
        """
        Handles adding objects through the API.

        :param bundle: Bundle containing the object to add.
        :type bundle: Tastypie Bundle object.
        :returns: HttpResponse.

        """
        analyst = bundle.request.user.username
        crits_type = bundle.data.get('crits_type', None)
        crits_id = bundle.data.get('crits_id', None)
        object_type = bundle.data.get('object_type', None)

        content = {'return_code': 1,
                   'type': crits_type}

        if not object_type:
            content['message'] = "You must provide an Object Type!"
            self.crits_response(content)

        ot_array = object_type.split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]

        source = bundle.data.get('source', None)
        method = bundle.data.get('method', None)
        reference = bundle.data.get('reference', None)
        add_indicator = bundle.data.get('add_indicator', None)
        filedata = bundle.data.get('filedata', None)
        value = bundle.data.get('value', None)

        if not crits_type or not crits_id:
            content['message'] = "You must provide a top-level object!"
            self.crits_response(content)
        if not filedata and not value:
            content['message'] = "You must provide a value or filedata!"
            self.crits_response(content)

        result = add_object(crits_type,
                            crits_id,
                            object_type,
                            name,
                            source,
                            method,
                            reference,
                            analyst,
                            value=value,
                            file_=filedata,
                            add_indicator=add_indicator)

        if result.get('message'):
            content['message'] = result.get('message')

        content['id'] = crits_id

        rname = self.resource_name_from_type(crits_type)
        url = reverse('api_dispatch_detail',
                        kwargs={'resource_name': rname,
                                'api_name': 'v1',
                                'pk': crits_id})
        content['url'] = url
        if result['success']:
            content['return_code'] = 0
        self.crits_response(content)
Exemple #8
0
def add_new_object(request):
    """
    Add a new object.

    :param request: The Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == "POST":
        analyst = "%s" % request.user
        result = ""
        message = ""
        my_type = request.POST["otype"]
        all_obj_type_choices = [
            (c[0], c[0], {"datatype": c[1].keys()[0], "datatype_value": c[1].values()[0]})
            for c in get_object_types(False)
        ]
        form = AddObjectForm(analyst, all_obj_type_choices, request.POST, request.FILES)
        if not form.is_valid() and not "value" in request.FILES:
            message = "Invalid Form: %s" % form.errors
            form = form.as_table()
            response = json.dumps({"message": message, "form": form, "success": False})
            if request.is_ajax():
                return HttpResponse(response, mimetype="application/json")
            else:
                return render_to_response("file_upload_response.html", {"response": response}, RequestContext(request))
        source = request.POST["source"]
        oid = request.POST["oid"]
        ot_array = request.POST["object_type"].split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]
        method = request.POST["method"]
        reference = request.POST["reference"]
        add_indicator = request.POST.get("add_indicator", None)
        data = None
        # if it was a file upload, handle the file appropriately
        if "value" in request.FILES:
            data = request.FILES["value"]
        value = request.POST.get("value", None)
        if isinstance(value, basestring):
            value = value.strip()
        results = add_object(
            my_type,
            oid,
            object_type,
            name,
            source,
            method,
            reference,
            analyst,
            value=value,
            file_=data,
            add_indicator=add_indicator,
            is_sort_relationships=True,
        )
        if results["success"]:
            subscription = {"type": my_type, "id": oid}

            if results.get("relationships", None):
                relationship = {"type": my_type, "value": oid}
                relationships = results["relationships"]

                html = render_to_string(
                    "objects_listing_widget.html",
                    {"objects": results["objects"], "relationships": relationships, "subscription": subscription},
                    RequestContext(request),
                )
                result = {"success": True, "html": html, "message": results["message"]}

                rel_msg = render_to_string(
                    "relationships_listing_widget.html",
                    {"relationship": relationship, "nohide": True, "relationships": relationships},
                    RequestContext(request),
                )
                result["rel_made"] = True
                result["rel_msg"] = rel_msg
            else:
                html = render_to_string(
                    "objects_listing_widget.html",
                    {"objects": results["objects"], "subscription": subscription},
                    RequestContext(request),
                )
                result = {"success": True, "html": html, "message": results["message"]}
        else:
            message = "Error adding object: %s" % results["message"]
            result = {"success": False, "message": message}
        if request.is_ajax():
            return HttpResponse(json.dumps(result), mimetype="application/json")
        else:
            return render_to_response(
                "file_upload_response.html", {"response": json.dumps(result)}, RequestContext(request)
            )
    else:
        error = "Expected POST"
        return render_to_response("error.html", {"error": error}, RequestContext(request))
Exemple #9
0
    def obj_create(self, bundle, **kwargs):
        """
        Handles adding objects through the API.

        :param bundle: Bundle containing the object to add.
        :type bundle: Tastypie Bundle object.
        :returns: HttpResponse.

        """
        analyst = bundle.request.user.username
        crits_type = bundle.data.get('crits_type', None)
        crits_id = bundle.data.get('crits_id', None)
        object_type = bundle.data.get('object_type', None)

        content = {'return_code': 1, 'type': crits_type}

        if not object_type:
            content['message'] = "You must provide an Object Type!"
            self.crits_response(content)

        ot_array = object_type.split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]

        source = bundle.data.get('source', None)
        method = bundle.data.get('method', None)
        reference = bundle.data.get('reference', None)
        add_indicator = bundle.data.get('add_indicator', None)
        filedata = bundle.data.get('filedata', None)
        value = bundle.data.get('value', None)

        if not crits_type or not crits_id:
            content['message'] = "You must provide a top-level object!"
            self.crits_response(content)
        if not filedata and not value:
            content['message'] = "You must provide a value or filedata!"
            self.crits_response(content)

        result = add_object(crits_type,
                            crits_id,
                            object_type,
                            name,
                            source,
                            method,
                            reference,
                            analyst,
                            value=value,
                            file_=filedata,
                            add_indicator=add_indicator)

        if result.get('message'):
            content['message'] = result.get('message')

        content['id'] = crits_id

        rname = self.resource_name_from_type(crits_type)
        url = reverse('api_dispatch_detail',
                      kwargs={
                          'resource_name': rname,
                          'api_name': 'v1',
                          'pk': crits_id
                      })
        content['url'] = url
        if result['success']:
            content['return_code'] = 0
        self.crits_response(content)
Exemple #10
0
def add_new_object(request):
    """
    Add a new object.

    :param request: The Django request.
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    if request.method == 'POST':
        analyst = "%s" % request.user
        result = ""
        message = ""
        my_type = request.POST['otype']
        all_obj_type_choices = [(c[0],
                                 c[0],
                                 {'datatype':c[1].keys()[0],
                                  'datatype_value':c[1].values()[0]}
                                 ) for c in get_object_types(False)]
        form = AddObjectForm(analyst,
                             all_obj_type_choices,
                             request.POST,
                             request.FILES)
        if not form.is_valid() and not 'value' in request.FILES:
            message = "Invalid Form: %s" % form.errors
            form = form.as_table()
            response = json.dumps({'message': message,
                                   'form': form,
                                   'success': False})
            if request.is_ajax():
                return HttpResponse(response, mimetype="application/json")
            else:
                return render_to_response("file_upload_response.html",
                                          {'response':response},
                                          RequestContext(request))
        source = request.POST['source']
        oid = request.POST['oid']
        ot_array = request.POST['object_type'].split(" - ")
        object_type = ot_array[0]
        name = ot_array[1] if len(ot_array) == 2 else ot_array[0]
        method = request.POST['method']
        reference = request.POST['reference']
        add_indicator = request.POST.get('add_indicator', None)
        data = None
        # if it was a file upload, handle the file appropriately
        if 'value' in request.FILES:
            data = request.FILES['value']
        value = request.POST.get('value', None)
        if isinstance(value, basestring):
            value = value.strip()
        results = add_object(my_type,
                             oid,
                             object_type,
                             name,
                             source,
                             method,
                             reference,
                             analyst,
                             value=value,
                             file_=data,
                             add_indicator=add_indicator,
                             is_sort_relationships=True)
        if results['success']:
            subscription = {
                'type': my_type,
                'id': oid
            }

            if results.get('relationships', None):
                relationship = {'type': my_type,
                                'value': oid}
                relationships = results['relationships']

                html = render_to_string('objects_listing_widget.html',
                                        {'objects': results['objects'],
                                         'relationships': relationships,
                                         'subscription': subscription},
                                        RequestContext(request))
                result = {'success': True,
                          'html': html,
                          'message': results['message']}

                rel_msg  = render_to_string('relationships_listing_widget.html',
                                            {'relationship': relationship,
                                             'nohide': True,
                                             'relationships': relationships},
                                            RequestContext(request))
                result['rel_made'] = True
                result['rel_msg'] = rel_msg
            else:
                html = render_to_string('objects_listing_widget.html',
                                        {'objects': results['objects'],
                                         'subscription': subscription},
                                        RequestContext(request))
                result = {'success': True,
                          'html': html,
                          'message': results['message']}
        else:
            message = "Error adding object: %s" % results['message']
            result = {'success': False, 'message': message}
        if request.is_ajax():
            return HttpResponse(json.dumps(result),
                                mimetype="application/json")
        else:
            return render_to_response("file_upload_response.html",
                                      {'response': json.dumps(result)},
                                      RequestContext(request))
    else:
        error = "Expected POST"
        return render_to_response("error.html",
                                  {"error" : error },
                                  RequestContext(request))