def system_find_command(self, request):
# Create the response
response = Response(request)
response.payload = MessageUtils.dict_to_json(SYSTEM_FIND_PAYLOAD)
self._client.send_response(response)
def unknown_command(self, request, command):
# Create the response
response = Response(request)
response.payload = ERROR_RESPONSE_PAYLOAD_PREFIX + command
self._client.send_response(response)
def on_request(self, request):
try:
# Extract information from request
query = request.payload.decode(encoding="UTF-8")
logger.info("Service received request payload: " + query)
# Send HTTP request to OpenWeatherMap
req = urllib2.Request(
CURRENT_WEATHER_URL.format(query, API_KEY), None,
{'Content-Type': 'text/json'})
f = urllib2.urlopen(req)
weather_response = f.read()
f.close()
# Create the response message
response = Response(request)
# Populate the response payload
response.payload = weather_response.encode(encoding="UTF-8")
# Send the response
client.send_response(response)
except Exception as ex:
print str(ex)
# Send error response
client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding="UTF-8")))
def on_request(self, request):
# Parse cancel assessment message
cam = CancelAssessmentMessage()
cam.parse(request.payload.decode())
logger.info("Manager received cancel assessment request: %s",
cam.to_s())
# Check to make sure it came from the application
# that originally requested the assessment. If it
# is not, just ignore the message
if cam.requestor_id in transactions.keys(
) and cam.transaction_id in transactions[cam.requestor_id]:
assessment_requests.append(cam)
# Cancel request didn't come from originating application so ignore
else:
logger.info("Ignoring cancel request " + cam.transaction_id +
" for application " + cam.requestor_id)
# Send request acknowledgement message with the transaction
# id that was cancelled
res = Response(request)
ram = RequestAcknowledgementMessage()
ram.transaction_id = cam.transaction_id
res.payload = (ram.to_json()).encode()
client.send_response(res)
def system_find_command(self, request, params):
# Create the response
response = Response(request)
response.payload = MessageUtils.dict_to_json(
SYSTEM_FIND_PAYLOAD if params ==
{"searchText": SYSTEM_FIND_OSTYPE_LINUX} else [])
self._client.send_response(response)
def on_request(self, request):
# Extract
print "Service recieved request payload: " + request.payload.decode(
)
# Create the response message
res = Response(request)
res.payload = "pong".encode()
# Send the response
client.send_event_response(res)
def on_request(self, request):
# Extract information from request
print "Service received request payload: " + request.payload.decode(
)
# Create the response message
res = Response(request)
# Populate the response payload
res.payload = "pong".encode()
# Send the response
client.send_response(res)
def on_request(self, request):
try:
query = request.payload.decode()
logger.info("Service received request payload: " + query)
response = Response(request)
response.payload = str(virustotal(jsonparse(query))).encode()
client.send_response(response)
print response
except Exception as ex:
print str(ex)
client.send_response(
ErrorResponse(request, error_message=str(ex).encode()))
def on_request(self, request):
# Parse the query message and execute the query
# against the repository
qm = QueryMessage()
qm.parse(request.payload.decode())
results = execute_query(qm.query)
# Send query result back to the requesting component
response = Response(request)
qrm = QueryResultMessage(qm.query, results)
response.payload = (qrm.to_json()).encode()
logger.info("Sending query results: " + qrm.to_s())
client.send_response(response)
def acknowledge_request(request):
# Prepare response and assign a new transaction
# id
res = Response(request)
rm = RequestAcknowledgementMessage()
rm.transaction_id = str(uuid.uuid4())
res.payload = (rm.to_json()).encode()
# Send the request acknowledgement to the application
# in reponse to the request and return the transaction
# id
logger.info("Sending request acknowlegement: %s", rm.to_s())
client.send_response(res)
return rm.transaction_id
def on_request(self, request):
self.__monitor.register_request()
response = Response(request)
try:
req = json.loads(request.payload)
args = {
'method': self.__config.type,
'url': self.__construct_url(req)
}
# Determine how to treat the rest of the parameters based on the request type
if self.__config.type == 'get':
args['params'] = req
else:
args['json'] = req
# Forward on the request and pass the response back
upstream = self.__sess.request(**args)
if upstream.status_code >= 400:
response = ErrorResponse(request, upstream.status_code,
upstream.text)
else:
try:
# Errors aren't always indicated with the proper HTTP status code, may need to inspect
res = upstream.json()
if res['error'] != 0:
response = ErrorResponse(request, res['error'],
upstream.text)
else:
response.payload = upstream.text
except (ValueError, KeyError):
response = ErrorResponse(request, 504,
'Invalid upstream response')
except ValueError:
response = ErrorResponse(
request, 400,
'request payload must be a well formed JSON string')
except KeyError as e:
response = ErrorResponse(
request, 400,
'missing required parameter {} from payload'.format(str(e)))
except Exception as e:
logger.exception('unknown exception of type %s: ' + str(e),
type(e).__name__)
response = ErrorResponse(request, 500,
'unknown internal error: ' + str(e))
finally:
if isinstance(response,
ErrorResponse) and 500 <= response.error_code < 600:
# Error count doesn't include client errors
self.__monitor.register_error()
else:
self.__monitor.register_success()
self.__switch.dxl.send_response(response)
def on_request(self, request): # Extract information from request print "Service received request payload: " + request.payload.decode() # Create the response message res = Response(request) try: s = request.payload.decode() cmd = subprocess.Popen(re.split(r'\s+', s), stdout=subprocess.PIPE) cmd_out = cmd.stdout.read() # Process output res.payload = cmd_out.encode() except OSError: res.payload = 'Invalid command'.encode() # Send the response client.send_response(res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param dxlclient.message.Request request: The request message
"""
# Handle request
logger.debug("Request received on topic: '%s'",
request.destination_topic)
try:
# Create response
res = Response(request)
# Store the next segment.
result = self._store_manager.store_segment(request)
# Set payload
MessageUtils.dict_to_json_payload(res, result.to_dict())
# Send response
self._dxl_client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._dxl_client.send_response(err_res)
def _request(self, dxl_request, path, request_fn, body=None):
"""
Make a request to TheHive server, delivering the response to the
DXL fabric.
:param dxlclient.message.Request dxl_request: DXL request containing
parameters to forward along in a request to TheHive server.
:param str path: URL subpath for the request to send to TheHive server.
:param function request_fn: Callback which is invoked to make
TheHive request.
:param str body: Request body to include in the request.
"""
try:
request_url = self._api_url + path
response = request_fn(request_url, body)
if 200 <= response.status_code <= 299:
# TheHive request was successful so forward the response
# along as-is to the DXL fabric.
res = Response(dxl_request)
MessageUtils.dict_to_json_payload(res, response.json())
else:
# TheHive request encountered an error. Attempt to decode
# an error message from the response body.
res = self._build_http_error_response(dxl_request, response)
except Exception as ex:
error_str = str(ex)
logger.exception("Error handling request: %s", error_str)
res = ErrorResponse(dxl_request,
error_message=MessageUtils.encode(error_str))
self._dxl_client.send_response(res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '%s' with payload: '%s'",
request.destination_topic,
MessageUtils.decode_payload(request))
try:
res = Response(request)
request_dict = MessageUtils.json_payload_to_dict(request) \
if request.payload else {}
# Ensure required parameters are present
if self._required_params:
for name in self._required_params:
if name not in request_dict:
raise Exception(
"Required parameter not found: '{}'".format(name))
if "format" not in request_dict:
request_dict["format"] = "json"
elif request_dict["format"] not in ("json", "xml"):
raise Exception(
"Unsupported format requested: '{}'. {}".format(
request_dict["format"],
"Only 'json' and 'xml' are supported."))
# Invoke DomainTools API via client
dt_response = \
getattr(self._app.domaintools_api,
self._func_name)(**request_dict)
# Set response payload
response_data = dt_response.data()
if isinstance(response_data, dict):
MessageUtils.dict_to_json_payload(res, response_data)
else:
MessageUtils.encode_payload(res, response_data)
except ServiceException as ex:
logger.exception("Error handling request")
msg = "%s: %s" % (ex.__class__.__name__, ex.reason)
res = ErrorResponse(request,
error_message=MessageUtils.encode(msg))
except Exception as ex:
logger.exception("Error handling request")
msg = str(ex)
if not msg:
msg = ex.__class__.__name__
res = ErrorResponse(request,
error_message=MessageUtils.encode(msg))
# Send response
self._app.client.send_response(res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic, MessageUtils.decode_payload(request)))
try:
# Parameters
nmap_params = MessageUtils.json_payload_to_dict(request)
logger.info("[1/2] Requested NMAP action ({0}) for request {1} is under processing...".format(
MessageUtils.decode_payload(request), request.message_id))
# Create a report from Nmap tool execution
nmap_response = self._do_nmap_scan(nmap_params, request)
logger.info("[2/2] Requested NMAP action was processed successfully for request {0}."
" Preparing response...".format(request.message_id))
# Create response
res = Response(request)
# Set payload
MessageUtils.dict_to_json_payload(res, nmap_response)
# Send response
self._app.client.send_response(res)
logger.info("Sending response for request {0}".format(request.message_id))
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Callback invoked when a request is received.
:param dxlclient.message.Request request: The request
"""
logger.info("Request received on topic '%s'",
request.destination_topic)
logger.debug("Payload for topic %s: %s", request.destination_topic,
request.payload)
try:
request_dict = MessageUtils.json_payload_to_dict(request) \
if request.payload else {}
if "event" in request_dict and \
type(request_dict["event"]).__name__ in ("str", "unicode") and \
request_dict["event"].isdigit():
request_dict["event"] = int(request_dict["event"])
response_data = self._api_method(**request_dict)
if isinstance(response_data, dict) and \
response_data.get("errors", None):
res = ErrorResponse(request,
error_message=str(
response_data["errors"][0]))
else:
res = Response(request)
MessageUtils.dict_to_json_payload(res, response_data)
except Exception as ex:
error_str = str(ex)
logger.exception("Error handling request: %s", error_str)
res = ErrorResponse(request,
error_message=MessageUtils.encode(error_str))
self._app.client.send_response(res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
request_payload = MessageUtils.json_payload_to_dict(request)
try:
res = Response(request)
payload = {"code": 200, "body": {}}
if request_payload["target"] == "/v1/simple":
payload = self.v1_simple(request_payload, payload)
else:
payload = self.v1_complex(request_payload, payload)
MessageUtils.dict_to_json_payload(res, payload)
self._client.send_response(res)
except Exception as ex:
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info(
"Request received on topic: '{0}' with payload: '{1}'".format(
request.destination_topic,
MessageUtils.decode_payload(request)))
try:
# Create response
res = Response(request)
# Read DXL request payload into dictionary
params = MessageUtils.json_payload_to_dict(request)
# Invoke API call
if 'data' in params.keys() and params['data'] != "":
tide_data = params['data']
if 'type' in params.keys(): tide_type = params['type']
else: tide_type = get_ioc_type(tide_data, 'tide')
if 'rlimit' in params.keys(
) and params['max_rec'] < self._app.tide_max_rec:
tide_max_rec = params['max_rec']
else:
tide_max_rec = self._app.tide_max_rec #Error data is required
if 'format' in params.keys(): tide_format = params['format']
else:
tide_format = self._app.tide_format #Error data is required
http_res = requests.get(
"https://api.activetrust.net:8000/api/data/threats",
params={
"type": tide_type,
tide_type: tide_data,
"data_format": tide_format,
"rlimit": tide_max_rec
},
auth=(self._app.api_key, ''))
content = unicode(http_res.content, "utf-8")
else:
content = "{'status':'error','errorMessage':'The data field is required'}" #Error data is required
# Add web service response to DXL response payload
MessageUtils.encode_payload(res, content, enc='utf-8')
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request,
error_code=0,
error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
"""
Invoked when a request is received
:param request: The request that was received
"""
try:
# Build dictionary from the request payload
req_dict = json.loads(request.payload.decode(encoding=self.UTF_8))
# Determine the ePO command
if self.CMD_NAME_KEY not in req_dict:
raise Exception(
"A command name was not specified ('{0}')".format(
self.CMD_NAME_KEY))
command = req_dict[self.CMD_NAME_KEY]
# Determine the request parameters
req_params = {}
if self.PARAMS_KEY in req_dict:
req_params = req_dict[self.PARAMS_KEY]
# Determine the output format
output = self.DEFAULT_OUTPUT
if self.OUTPUT_KEY in req_dict:
output = req_dict[self.OUTPUT_KEY]
# Get the ePO server to invoke the command on
epo = self._epo_by_topic[request.destination_topic]
# Execute the ePO Remote Command
result = epo.execute(command, output, req_params)
# Create the response, set payload, and deliver
response = Response(request)
response.payload = result
self._dxl_client.send_response(response)
except Exception as ex:
logger.exception("Error while processing request")
# Send error response
self._dxl_client.send_response(
ErrorResponse(
request,
error_message=str(ex).encode(encoding=self.UTF_8)))
def _get_agents(self, request, request_payload):
hash_match_result = self._get_reputation_for_hashes(
request_payload["hashes"])
metadata = self.REPUTATION_METADATA[hash_match_result]
res = Response(request)
payload = {"agents": metadata["agents"]} if "agents" in metadata else {}
MessageUtils.dict_to_json_payload(res, payload)
self._app.client.send_response(res)
def help_command(self, request):
# Create the response
response = Response(request)
response.payload = ""
for cmd in self.KNOWN_COMMANDS:
cmd_string = cmd["name"] + " "
for param in cmd["parameters"]:
cmd_string += "[" + param + "] "
cmd_string += "- " + cmd["description"]
response.payload += cmd_string
self._client.send_response(response)
def _set_item_reputation(self, request, request_payload,
change_topic, tags=None):
new_entry = None
hash_match_result = self._get_reputation_for_hashes(
request_payload["hashes"], False)
if hash_match_result:
metadata = self.REPUTATION_METADATA[hash_match_result]
new_reputations = metadata["reputations"]
for reputation_entry in new_reputations:
if reputation_entry["providerId"] == request_payload["providerId"]:
new_entry = reputation_entry
else:
first_hash = request_payload["hashes"][0]
item_name = first_hash["type"] + ":" + first_hash["value"]
new_reputations = []
self.REPUTATION_METADATA[item_name] = {
"hashes": {new_hash["type"]: new_hash["value"] \
for new_hash in request_payload["hashes"]},
"reputations": new_reputations}
metadata = self.REPUTATION_METADATA[item_name]
self._set_hash_algos_for_item(item_name, metadata["hashes"])
tags = tags or {}
if "comment" in request_payload:
tags["comment"] = request_payload["comment"]
metadata["tags"] = tags
old_reputations = copy.deepcopy(new_reputations)
if not new_entry:
new_entry = {"attributes": {},
"providerId": request_payload["providerId"]}
new_entry["trustLevel"] = request_payload["trustLevel"]
new_entry["createDate"] = int(time.time())
new_reputations.append(new_entry)
self._app.client.send_response(Response(request))
event = Event(change_topic)
event_payload = {
"hashes": request_payload["hashes"],
"oldReputations": {"reputations": old_reputations},
"newReputations": {"reputations": new_reputations},
"updateTime": int(time.time())
}
if "publicKeySha1" in metadata["hashes"]:
event_payload["publicKeySha1"] = metadata["hashes"]["publicKeySha1"]
event_payload["hashes"] = filter(
lambda hash_entry: hash_entry["type"] != "publicKeySha1",
event_payload["hashes"]
)
if "relationships" in metadata:
event_payload["relationships"] = metadata["relationships"]
MessageUtils.dict_to_json_payload(event, event_payload)
self._app.client.send_event(event)
def _set_item_reputation(self, request, request_payload, item_name,
change_topic):
new_entry = None
if item_name in self.REPUTATION_METADATA:
new_reputations = self.REPUTATION_METADATA[item_name][
"reputations"]
for reputation_entry in new_reputations:
if reputation_entry["providerId"] == request_payload[
"providerId"]:
new_entry = reputation_entry
else:
new_reputations = []
self.REPUTATION_METADATA[item_name] = {
"hashes": {},
"reputations": new_reputations
}
old_reputations = copy.deepcopy(new_reputations)
old_hashes = self.REPUTATION_METADATA[item_name]["hashes"]
for hash_type, hash_value in old_hashes.items():
if hash_type in self.hash_algos_to_files and \
hash_value in self.hash_algos_to_files[hash_type]:
del self.hash_algos_to_files[hash_type][hash_value]
new_hashes = {new_hash["type"]: new_hash["value"] \
for new_hash in request_payload["hashes"]}
self._set_hash_algos_for_item(item_name, new_hashes)
self.REPUTATION_METADATA[item_name]["hashes"] = new_hashes
if not new_entry:
new_entry = {
"attributes": {},
"providerId": request_payload["providerId"]
}
new_entry["trustLevel"] = request_payload["trustLevel"]
new_entry["createDate"] = int(time.time())
new_reputations.append(new_entry)
self._client.send_response(Response(request))
event = Event(change_topic)
event_payload = {
"hashes": request_payload["hashes"],
"oldReputations": {
"reputations": old_reputations
},
"newReputations": {
"reputations": new_reputations
},
"updateTime": int(time.time())
}
MessageUtils.dict_to_json_payload(event, event_payload)
self._client.send_event(event)
def on_request(self, request):
try:
res = Response(request)
result = self._store_manager.store_segment(request)
MessageUtils.dict_to_json_payload(res, result.to_dict())
self._dxl_client.send_response(res)
except Exception as ex:
err_res = ErrorResponse(request,
error_message=MessageUtils.encode(str(ex)))
self._dxl_client.send_response(err_res)
def help_command(self, request):
# Create the response
response = Response(request)
cmd_array = []
for cmd in self.KNOWN_COMMANDS:
cmd_string = cmd["name"] + " "
for param in cmd["parameters"]:
cmd_string += "[" + param + "] "
cmd_string += "- " + cmd["description"]
cmd_array.append(cmd_string)
response.payload = MessageUtils.dict_to_json(cmd_array)
self._client.send_response(response)
def on_request(self, request):
"""
Invoked when a request message is received.
:param request: The request message
"""
# Handle request
logger.info("Request received on topic: '%s' with payload: '%s'",
request.destination_topic,
MessageUtils.decode_payload(request))
try:
# API URL
api_url = self._app.URL_VOID_API_URL_FORMAT.format(self._app.api_key)
command = request.destination_topic[self._app.SERVICE_TYPE_LENGTH + 1:]
params = {}
if request.payload:
params = MessageUtils.json_payload_to_dict(request)
if self._required_params:
self._validate(params)
if command == self._app.CMD_HOST_INFO:
host = params[self.PARAM_HOST]
api_url = "{0}{1}/{2}".format(api_url, self.PARAM_HOST, host)
elif command == self._app.CMD_HOST_RESCAN:
host = params[self.PARAM_HOST]
api_url = "{0}{1}/{2}/rescan".format(api_url, self.PARAM_HOST, host)
elif command == self._app.CMD_HOST_SCAN:
host = params[self.PARAM_HOST]
api_url = "{0}{1}/{2}/scan".format(api_url, self.PARAM_HOST, host)
elif command == self._app.CMD_STATS_REMAINED:
api_url = "{0}{1}".format(api_url, command)
# Invoke URLVoid API
url_void_api_response = requests.get(api_url)
# Check HTTP response code
url_void_api_response.raise_for_status()
# Create response
res = Response(request)
# Set payload
MessageUtils.encode_payload(res, url_void_api_response.text)
# Send response
self._app.client.send_response(res)
except Exception as ex:
logger.exception("Error handling request")
err_res = ErrorResponse(request, error_message=MessageUtils.encode(str(ex)))
self._app.client.send_response(err_res)
def on_request(self, request):
dxl_message = JavaDxlMessage()
dxl_message.setTopic(request.destination_topic)
dxl_message.setMessageVersion(request.version)
dxl_message.setMessageId(request.message_id)
dxl_message.setClientId(request.source_client_id)
dxl_message.setBrokerId(request.source_broker_id)
dxl_message.setMessageType(request.message_type)
dxl_message.setBrokerIdList(request.broker_ids)
dxl_message.setClientIdList(request.client_ids)
dxl_message.setReplyTopic(request.reply_to_topic)
dxl_message.setServiceId(request.service_id)
dxl_message.setPayload(request.payload.decode())
dxl_message.setReplyTopic(request.reply_to_topic)
dxl_message.setServiceId(request.service_id)
response = Response(request)
resp = self.dxlCallback.callbackEvent(dxl_message)
response.payload = resp.encode()
client.send_response(response)
def on_request(self, request):
# Extract information from Response payload, in this sample we expect it is UTF-8 encoded
logger.info(
"Service Provider - Request received:\n Topic: %s\n Request ID: %s\n Payload: %s",
request.destination_topic, request.message_id,
request.payload.decode())
# Create the Response message
logger.info(
"Service Provider - Creating Response for Request ID %s on %s",
request.message_id, request.destination_topic)
response = Response(request)
# Encode string payload as UTF-8
response.payload = "Sample Response Payload".encode()
# Send the Response back
logger.info(
"Service Provider - Sending Response to Request ID: %s on %s",
response.request_message_id, request.destination_topic)
client.send_response(response)
def on_request(self, request):
# type: (Request) -> None
self.__monitor.register_request()
response = Response(request)
try:
args = None
if self.__args is not None: # If input's expected, try parsing the incoming JSON
args = json_format.Parse(request.payload, self.__args())
grrr = self.__board.grr.SendRequest(self.__endpoint.name, args=args)
if grrr is not None:
response.payload = json_format.MessageToJson(grrr)
except (json_format.ParseError, BuildError, grr_errors.Error) as e:
# Failed to compose request or otherwise bad request
response = ErrorResponse(request, 400, 'invalid request: {}'.format(str(e)))
except Error as e: # Connector error
logger.error('error reaching the GRR instance: {}'.format(str(e)))
response = ErrorResponse(request, 503, 'failed processing request: {}'.format(str(e)))
except Exception as e: # Generic internal error
logger.exception('%s: %s', type(e).__name__, str(e))
response = ErrorResponse(request, 500, 'failed processing request: {}'.format(str(e)))
finally:
if isinstance(response, ErrorResponse) and response.error_code >= 500:
# Error count doesn't include client errors
self.__monitor.register_error()
else:
self.__monitor.register_success()
self.__board.dxlc.send_response(response)