def _optionRender(self, options, to_name_func): self.beginTable() self.newTableCol(0, _("Name"), header=True) self.newTableCol(0, _("Code"), header=True) self.newTableCol(0, _("Data length"), header=True) self.newTableCol(0, _("Data"), header=True) for option in options: dec = to_name_func(option[0]) idx = self.newTableRow() self.newTableCol(idx, dec[0]) self.newTableCol(idx, option[0]) if len(dec) == 2 and dec[1] != -1 and dec[1] != option[1]: self.newTableCol( idx, resource.HTMLSource( "<b style='color:red;'>%d</b> (expected %d)" % (option[1], dec[1]))) else: self.newTableCol(idx, "%d" % option[1]) if len(dec) == 3 and (dec[1] == -1 or dec[1] == option[1]): self.newTableCol(idx, "%s" % dec[2](option[2])) else: self.newTableCol(idx, resource.HTMLSource(" ")) self.endTable()
def _gen_option_list(iterator, selected): out = resource.HTMLSource() for name, path in iterator: if path in selected: out += resource.HTMLSource( "<option value='{0}' selected>{1}</option>").format( path, name) else: out += resource.HTMLSource( "<option value='{0}'>{1}</option>").format(path, name) return out
def buildTcpHeaderTable(self, alert): tcp = HeaderTable() tcp.register_static(_("Source port"), alert["source(0).service.port"]) tcp.register_static(_("Target port"), alert["target(0).service.port"]) tcp.register("Seq #", "tcp_seq") tcp.register("Ack #", "tcp_ack") tcp.register(_("Header length"), "tcp_off") tcp.register(_("Reserved"), "tcp_res") tcp.register(resource.HTMLSource("R<br/>1"), "tcp_flags", self._isFlagSet, (0x80, )) tcp.register(resource.HTMLSource("R<br/>2"), "tcp_flags", self._isFlagSet, (0x40, )) tcp.register(resource.HTMLSource("U<br/>R<br/>G"), "tcp_flags", self._isFlagSet, (0x20, )) tcp.register(resource.HTMLSource("A<br/>C<br/>K"), "tcp_flags", self._isFlagSet, (0x10, )) tcp.register(resource.HTMLSource("P<br/>S<br/>H"), "tcp_flags", self._isFlagSet, (0x08, )) tcp.register(resource.HTMLSource("R<br/>S<br/>T"), "tcp_flags", self._isFlagSet, (0x04, )) tcp.register(resource.HTMLSource("S<br/>Y<br/>N"), "tcp_flags", self._isFlagSet, (0x02, )) tcp.register(resource.HTMLSource("F<br/>I<br/>N"), "tcp_flags", self._isFlagSet, (0x01, )) tcp.register(_("Window"), "tcp_win") tcp.register(_("Checksum"), "tcp_sum") tcp.register(_("URP"), "tcp_urp") return tcp
def _toplayout_extra_content(self): if env.request.user and not env.request.web.input_cookie.get( "warning"): env.request.web.add_cookie("warning", "warning", 365 * 24 * 60 * 60) return next(hookmanager.trigger("HOOK_WARNING_CONTENT"), [resource.HTMLSource(self._template.render())])
def buildNode(self, node): if not node: return self.newTableEntry(_("Node location"), node["location"]) addr_list = [] node_name = None for addr in node["address"]: address = addr["address"] if not address: continue node_name = resolve.AddressResolve(address) if addr["category"] in ("ipv4-addr", "ipv6-addr", "ipv4-net", "ipv6-net") and env.enable_details: addr_list.append(self.getUrlLink(address, "%s?host=%s" % (env.host_details_url, address))) else: addr_list.append(address) if node["name"]: self.newTableEntry(_("Node name"), node["name"]) elif node_name is not None and node_name.resolve_succeed(): self.newTableEntry(_("Node name (resolved)"), node_name) if addr_list: self.newTableEntry(_("Node address"), resource.HTMLSource("<br/>").join(addr_list))
def get_html_select(selected_paths=None, default_paths=None, all_paths=True, max_paths=0): if default_paths is None: default_paths = env.dataprovider.get_common_paths("alert", index=True) if selected_paths is None: selected_paths = [] _html_default_value = _gen_option_list(default_paths, selected_paths) if all_paths: _html_all_value = _gen_option_list( ((i, i) for i in env.dataprovider.get_paths("alert") if i not in zip(default_paths)[1]), selected_paths) all_paths = resource.HTMLSource('<optgroup label="%s">%s</optgroup>' ) % (_("All paths"), _html_all_value) html = resource.HTMLSource(""" <link rel="stylesheet" type="text/css" href="prewikka/css/chosen.min.css"> <link rel="stylesheet" type="text/css" href="prewikka/css/bootstrap-chosen.css"> <select class="data-paths chosen-sortable form-control" %s name="selected_path" data-placeholder="%s"> <optgroup label="%s"> %s </optgroup> %s </select> <script type="text/javascript"> $LAB.script("prewikka/js/chosen.jquery.min.js").wait() .script("prewikka/js/jquery-chosen-sortable.js").wait(function() { $(".data-paths").chosen({ max_selected_options: %d, width: "100%%", search_contains: true }).chosenSortable(); $(".data-paths").chosenSetOrder(%s); }); </script> """) % (resource.HTMLSource('multiple') if max_paths != 1 else "", _("Select paths..."), _("Default paths"), _html_default_value, all_paths or "", max_paths, Markup(json.dumps(selected_paths))) return html
def _toplayout_extra_content(self): # Don't show the risk overview if the user is not logged in if not env.request.user: return return resource.HTMLSource( template.PrewikkaTemplate(__name__, "templates/riskoverview.mak").render())
def render(self, type, data, renderer=None, **kwargs): renderer = self._setup_renderer(type, renderer) classname = kwargs["class"] = "-".join((renderer, type)) cssid = kwargs["cssid"] = "-".join((classname, text_type(uuid.uuid4()))) try: data = self._renderer[renderer][type].render(data, **kwargs) htmls = resource.HTMLSource('<div id="%s" class="renderer-elem %s">%s</div>' % (cssid, classname, data.get("html", ""))) return {"html": htmls, "script": resource.HTMLSource(data.get("script", ""))} except RendererException as e: htmls = resource.HTMLSource('<div id="%s" class="renderer-elem renderer-elem-error %s"><div class="text-center-vh">%s</div></div>' % (cssid, classname, text_type(e))) return {"html": htmls, "script": None}
def buildIpHeaderTable(self, alert): ip = HeaderTable() ip.register(_("Version"), "ip_ver") ip.register(_("Header length"), "ip_hlen") ip.register(_("TOS"), "ip_tos") ip.register(_("Length"), "ip_len") ip.register(_("Id"), "ip_id") ip.register(resource.HTMLSource("R<br/>F"), "ip_off", self._isFlagSet, (0x8000, 15)) ip.register(resource.HTMLSource("D<br/>F"), "ip_off", self._isFlagSet, (0x4000, 14)) ip.register(resource.HTMLSource("M<br/>F"), "ip_off", self._isFlagSet, (0x2000, 13)) ip.register(_("Ip offset"), "ip_off", (lambda x: x & 0x1fff)) ip.register(_("TTL"), "ip_ttl") ip.register(_("Protocol"), "ip_proto") ip.register(_("Checksum"), "ip_sum") ip.register_static(_("Source address"), alert["source(0).node.address(0).address"]) ip.register_static(_("Target address"), alert["target(0).node.address(0).address"]) return ip
def buildAlertIdent(self, alert, parent): calist = {} for alertident in parent["alertident"]: # IDMEF draft 14 page 27 # If the "analyzerid" is not provided, the alert is assumed to have come # from the same analyzer that is sending the Alert. analyzerid = alertident["analyzerid"] if not analyzerid: for a in alert["analyzer"]: if a["analyzerid"]: analyzerid = a["analyzerid"] break calist.setdefault(analyzerid, []).append(alertident["alertident"]) for idx, (analyzerid, idents) in enumerate(calist.items()): content = "" results = [] total = 0 step = 50 limit = min(len(idents), 500) for i in range(0, limit, step): # FIXME #3250, #3251 # We execute several queries to avoid recursion errors criteria = Criterion() for ident in idents[i:i+step]: criteria |= self._get_alert_ident_criterion(analyzerid, ident) results.append(env.dataprovider.query(["alert.messageid", "alert.classification.text"], criteria)) for ident, classif in itertools.chain(*results): link = url_for(".render", analyzerid=analyzerid, messageid=ident) content += '<li><a title="%s" href="%s">%s</a></li>' % (_("Alert details"), link, html.escape(classif)) total += 1 missing = limit - total if missing > 0: content += "<li>" + (_("%d linked alerts missing (probably deleted)") % missing) + "</li>" omitted = len(idents) - limit if omitted > 0: content += "<li>" + (_("%d linked alerts omitted") % omitted) + "</li>" self.newTableCol(idx + 1, resource.HTMLSource("<ul style='padding: 0px; margin: 0px 0px 0px 10px;'>%s</ul>" % content)) linked_alerts = env.dataprovider.get(self._get_alert_ident_criterion(analyzerid, idents[0])) if linked_alerts: self.buildAnalyzer(linked_alerts[0]["alert.analyzer(-1)"]) else: self.newTableCol(1, None) self.newTableRow()
def buildAlertIdent(self, alert, parent): calist = {} for alertident in parent["alertident"]: # IDMEF draft 14 page 27 # If the "analyzerid" is not provided, the alert is assumed to have come # from the same analyzer that is sending the Alert. analyzerid = alertident["analyzerid"] if not analyzerid: for a in alert["analyzer"]: if a["analyzerid"]: analyzerid = a["analyzerid"] break if not analyzerid in calist: calist[analyzerid] = [] calist[analyzerid].append(alertident["alertident"]) idx = 1 for analyzerid in calist.keys(): content = "" missing = 0 for ident in calist[analyzerid]: criteria = Criterion("alert.analyzer.analyzerid", "=", analyzerid) & Criterion( "alert.messageid", "=", ident) results = env.dataprovider.get(criteria) if len(results) == 0: missing += 1 #content += "<li>" + _("Invalid 'analyzerid:messageid' pair, '%(analyzerid):%(messageid)'") % { "analyzerid": analyzerid, "messageid": ident } + "</li>" else: alert = results[0]["alert"] link = url_for(".", analyzerid=analyzerid, messageid=ident) content += '<li><a class="widget-link" title="%s" href="%s">%s</a></li>' % ( _("Alert details"), link, html.escape(alert["classification.text"])) if missing > 0: content += "<li>" + ( _("%d linked alerts missing (probably deleted)") % missing) + "</li>" self.newTableCol( idx, resource.HTMLSource( "<ul style='padding: 0px; margin: 0px 0px 0px 10px;'>%s</ul>" % content)) self.buildAnalyzer(alert["analyzer(-1)"]) self.newTableRow() idx += 1
def ajax_timeline(self): query = self.query_parser(env.request.parameters.get("query"), parent=self) data = query.chronology(height=200) return response.PrewikkaResponse( resource.HTMLSource(""" %s <script type="text/javascript">%s</script> """ % (data["html"], data["script"] or "")))
def compute_charts_infos(chart_infos, tooltips=None): cinfos = [] for title, categories, charts in chart_infos: s = sc = resource.HTMLSource("%s") % _(title) if categories: sub_info = resource.HTMLSource(", ").join( resource.HTMLNode("abbr", _(c), title=_(tooltips[c]), **{'data-toggle': 'tooltip'}) for c in categories) sub_info_c = resource.HTMLSource(", ").join( resource.HTMLSource("%s") % _(c) for c in categories) s += resource.HTMLSource(" (%s)") % sub_info sc += resource.HTMLSource(" (%s)") % sub_info_c cinfos += [{ 'title': s, 'title_c': sc, 'category': 'text', 'width': 12, 'height': 1 }] + charts return cinfos
def render(self, type, data, renderer=None, **kwargs): if renderer is None: renderer = self.get_default_backend(type) if renderer is None: raise error.PrewikkaUserError(N_("Renderer error"), N_("No backend supporting render type '%s'", type)) if renderer not in self._renderer: raise error.PrewikkaUserError(N_("Renderer error"), N_("No backend named '%s'", renderer)) if type not in self._renderer[renderer]: raise error.PrewikkaUserError(N_("Renderer error"), N_("Backend '%(backend)s' does not support render type '%(type)s'", {'backend': renderer, 'type': type})) if not "names_and_colors" in kwargs: kwargs["names_and_colors"] = COLOR_MAP classname = kwargs["class"] = "-".join((renderer, type)) cssid = kwargs["cssid"] = "-".join((classname, text_type(uuid.uuid4()))) try: data = self._renderer[renderer][type].render(data, **kwargs) html = resource.HTMLSource("""<div id="%s" class="renderer-elem %s">%s</div>""" % (cssid, classname, data.get("html", ""))) return {"html": html, "script": resource.HTMLSource(data.get("script", "")) } except RendererNoDataException as e: html = resource.HTMLSource("""<div id="%s" class="renderer-elem renderer-elem-error %s">%s</div>""" % (cssid, classname, text_type(e))) script = resource.HTMLSource(""" var size = prewikka_getRenderSize("#%s", %s); $("#%s").width(size[0]).css("height", size[1] + 'px').css("line-height", size[1] + 'px'); """ % (cssid, json.dumps(kwargs), cssid)) return {"html": html, "script": script}
def getUrlLink(self, name, url=None): if not name: return None if not url: if name.find("http://") != -1: url = name elif re.compile("\.[^\s]+\.[^\s+]").search(name): url = "http://" + name else: return name return resource.HTMLSource('<a target="%s" href="%s">%s</a>' % (env.external_link_target, html.escape(url), html.escape(name)))
def _filter_html_menu(self, ctype, parameters, **kwargs): filters = list(self._db.get_filters(env.request.user, ctype)) current_filter = parameters.get("filter") if current_filter not in [x.name for x in filters]: current_filter = None filter_categories = {} for fltr in filters: filter_categories.setdefault(fltr.category, []).append(fltr) dset = self._filter_menu_tmpl.dataset( current_filter=current_filter, filter_categories=filter_categories, **kwargs) return resource.HTMLSource(dset.render())
def _filter_html_menu(self, ctype): dset = self._filter_menu_tmpl.dataset() dset["current_filter"] = env.request.parameters.get("filter", "") dset["filter_list"] = (f.name for f in self._db.get_filters(env.request.user, ctype)) return resource.HTMLSource(dset.render())
def csrftoken(): return resource.HTMLSource( '<input type="hidden" name="%s" value="%s" />' % (csrf.CSRF_POST_KEY, csrf.get_token(env.request.web)))
def _toplayout_extra_content_hook(self): tmpl = template.PrewikkaTemplate(__name__, "templates/twitter.mak") return resource.HTMLSource( tmpl.render(account=self._account, widget_id=self._widget_id))
def buildAdditionalData(self, alert, ignore=[], ignored={}, ip_options=[], tcp_options=[]): self.beginSection(_("Additional data")) self.beginTable() self.newTableCol(0, _("Meaning"), header=True) self.newTableCol(0, _("Value"), header=True) index = 1 for ad in alert["additional_data"]: value = None meaning = ad["meaning"] if meaning == "ip_option_code": ip_options.append((ad["data"], 0, None)) ignored[meaning] = "" if meaning == "ip_option_data": data = ad["data"] ip_options[-1] = (ip_options[-1][0], len(data), data) ignored[meaning] = "" if meaning == "tcp_option_code": tcp_options.append((ad["data"], 0, None)) ignored[meaning] = "" if meaning == "tcp_option_data": data = ad["data"] tcp_options[-1] = (tcp_options[-1][0], len(data), data) ignored[meaning] = "" if ad["data"] != None: value = ad["data"] if ad["type"] == "byte-string" and meaning != "payload": value = utils.hexdump(value) for field in ignore: if meaning != None and meaning == field[0]: ignored[meaning] = value break links = [] for url, text in hookmanager.trigger( "HOOK_ALERTSUMMARY_MEANING_LINK", alert, meaning, value): if url: links.append("<a target='%s' href='%s'>%s</a>" % \ (env.external_link_target, html.escape(url), html.escape(text))) if links: meaning = "<a class='popup_menu_toggle'>%s</a><span class='popup_menu'>%s</span>" % \ (html.escape(meaning), "".join(links)) if not meaning in ignored: self.newTableCol( index, resource.HTMLSource(meaning or "Data content")) self.newTableCol(index, html.escape(value) if value else None) index += 1 self.endTable() self.endSection()
def _decodeOptionTimestamp(self, data): x = struct.unpack(b">LL", data) return resource.HTMLSource("TS Value (%d)<br/>TS Echo Reply (%d)") % (x[0], x[1])
def _isFlagSet(self, bits, flag, shift=0): if (bits & flag) >> shift: return "X" else: return resource.HTMLSource(" ")
def render(self, analyzerid=None, messageid=None): MessageSummary.render(self) alert = env.dataprovider.get( getUriCriteria("alert", analyzerid, messageid))[0]["alert"] env.request.dataset["sections"] = [] self.beginSection(self.getSectionName(alert)) self.buildTime(alert) self.beginTable() self.newTableEntry(_("MessageID"), alert["messageid"]) self.endTable() self.beginTable() self.buildClassification(alert) self.buildImpact(alert) self.endTable() self.beginSection(_("Actions")) for action in alert["assessment.action"]: self.buildAction(action) self.endSection() self.buildCorrelationAlert(alert) self.buildToolAlert(alert) self.buildReference(alert) self.beginSection(_("Analyzer #%d") % (len(alert["analyzer"]) - 1)) self.buildAnalyzer(alert["analyzer(-1)"]) self.buildAnalyzerList(alert) self.endSection() self.endSection() self.buildSourceTarget(alert) ip = self.buildIpHeaderTable(alert) tcp = self.buildTcpHeaderTable(alert) udp = self.buildUdpHeaderTable(alert) icmp = self.buildIcmpHeaderTable(alert) data = self.buildPayloadTable(alert) ignored_value = {} ip_options = [] tcp_options = [] group = ip.field_list + tcp.field_list + udp.field_list + icmp.field_list + data.field_list self.buildAdditionalData(alert, ignore=group, ignored=ignored_value, ip_options=ip_options, tcp_options=tcp_options) if len(ignored_value.keys()) > 0: def blah(b): if b >= 32 and b < 127: return chr(b) else: return "." self.beginSection(_("Network centric information")) self.beginTable(cl="table-borderless") ip.render_table(self, "IP", ignored_value) self.ipOptionRender(ip_options) tcp.render_table(self, "TCP", ignored_value) self.tcpOptionRender(tcp_options) udp.render_table(self, "UDP", ignored_value) icmp.render_table(self, "ICMP", ignored_value) if "payload" in ignored_value: val = {} payload = html.escape(utils.hexdump( ignored_value["payload"])).replace( " ", resource.HTMLSource(" ")) val["payload"] = resource.HTMLSource( "<span class='fixed'>%s</span>" % payload) data.render_table(self, _("Payload"), val) pset = set(string.printable) payload = ''.join((i if i in pset else '.' for i in ignored_value["payload"])) val["payload"] = resource.HTMLSource( "<div style='overflow: auto;'>%s</div>" % html.escape(payload).replace("\n", resource.HTMLSource("<br/>"))) data.render_table(self, _("ASCII Payload"), val) self.endTable() self.endSection()
def HTMLMainMenu(**kwargs): return resource.HTMLSource(_MainMenu(**kwargs).dataset.render())
def buildAdditionalData(self, msg, ptype, ignore=[], ignored={}, ip_options=[], tcp_options=[]): self.beginSection(_("Additional data")) self.beginTable() self.newTableCol(0, _("Meaning"), header=True) self.newTableCol(0, _("Value"), header=True) index = 1 for ad in msg["additional_data"]: value = None meaning = ad["meaning"] if meaning == "ip_option_code": ip_options.append((ad["data"], 0, None)) ignored[meaning] = "" if meaning == "ip_option_data": data = ad["data"] ip_options[-1] = (ip_options[-1][0], len(data), data) ignored[meaning] = "" if meaning == "tcp_option_code": tcp_options.append((ad["data"], 0, None)) ignored[meaning] = "" if meaning == "tcp_option_data": data = ad["data"] tcp_options[-1] = (tcp_options[-1][0], len(data), data) ignored[meaning] = "" if ad["data"] is not None: value = ad["data"] if ad["type"] == "byte-string" and meaning != "payload": value = html.escape(utils.hexdump(value)).replace(" ", resource.HTMLSource(" ")) value = resource.HTMLSource("<span class='fixed'>%s</span>" % value) for field in ignore: if meaning is not None and meaning == field[0]: ignored[meaning] = value break links = resource.HTMLSource() for obj in filter(None, hookmanager.trigger("HOOK_%sSUMMARY_MEANING_LINK" % ptype.upper(), msg, meaning, value)): links += obj if links: meaning = resource.HTMLNode("a", meaning, **{ "data-toggle": "popover", "data-placement": "bottom", "data-html": "true", "data-content": '<span class="popup-menu">%s</span>' % links, "data-template": POPOVER_HTML, }) if meaning not in ignored: self.newTableCol(index, resource.HTMLSource(meaning or "Data content")) self.newTableCol(index, html.escape(value) if value is not None else None) index += 1 self.endTable() self.endSection()
def _decodeOptionSack(self, data): x = struct.unpack(b">" + "L" * (len(data) / 4), data) return resource.HTMLSource("<br/>").join(text_type(i) for i in x)
def _toplayout_extra_content(self): if not env.request.web.input_cookie.get("sessionid"): return [ resource.HTMLSource(self._template.render()) ]
def render(self): return resource.HTMLSource(self.dataset.render())