def buildAdditionalData(self, alert, ignore=[], ignored={}, ip_options=[], tcp_options=[]):
self.beginSection(_("Additional data"))
self.beginTable()
self.newTableCol(0, _("Meaning"), header=True)
self.newTableCol(0, _("Value"), header=True)
index = 1
for ad in alert["additional_data"]:
value = None
meaning = ad["meaning"]
if meaning == "ip_option_code":
ip_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "ip_option_data":
data = ad["data"]
ip_options[-1] = (ip_options[-1][0], len(data), data)
ignored[meaning] = ""
if meaning == "tcp_option_code":
tcp_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "tcp_option_data":
data = ad["data"]
tcp_options[-1] = (tcp_options[-1][0], len(data), data)
ignored[meaning] = ""
if ad["data"] != None:
value = ad["data"]
if ad["type"] == "byte-string" and meaning != "payload":
value = utils.hexdump(value)
for field in ignore:
if meaning != None and meaning == field[0]:
ignored[meaning] = value
break
links = []
for url, text in env.hookmgr.trigger("HOOK_ALERTSUMMARY_MEANING_LINK", alert, meaning, value):
if url:
links.append("- <a target='%s' href='%s'>%s</a>" % \
(env.external_link_target, url, text))
if links:
meaning = "<a class='popup_menu_toggle'>%s</a><span class='popup_menu'>%s</span>" % \
(meaning, "<br/>".join(links))
if not ignored.has_key(meaning):
self.newTableCol(index, meaning or "Data content")
self.newTableCol(index, utils.escape_html_string(value) if value is not None else None)
index += 1
self.endTable()
self.endSection()
def _itemFromValue(self, value):
if isinstance(value, tuple):
return value
return value, None
if self._support_link:
return value[0], utils.escape_html_string(value[1])
else:
return value[0]
def _escape_idmef(self, obj):
if isinstance(obj, prelude.IDMEF):
return Message(obj, htmlsafe=True)
elif isinstance(obj, str):
return escape_html_string(obj)
elif isinstance(obj, tuple):
return tuple((self._escape_idmef(o) for o in obj))
return obj
def render(self):
cmd = self.parameters["command"]
try:
command = self.env.host_commands[cmd]
except KeyError:
raise Error("Attempt to execute unregistered command '%s'" % cmd)
command = command.replace("$host", self.parameters["host"]).split(" ")
output = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True).communicate()[0]
output = utils.toUnicode(output)
output = utils.escape_html_string(output).replace(" ", " ").replace("\n", "<br/>")
self.dataset["command_output"] = output
def addLabelValuesPair(self, label, values, total_link):
empty = True
for i in values.values():
if i != 0:
empty = False
break
if not self._got_value and empty:
# do not add 0 only values at the beginning of the chart
return
if self._support_link and total_link:
total_link = utils.escape_html_string(total_link)
self._labels.append(label)
clen = 0
if self._values:
clen = len(self._values.values()[0])
total = 0
for name in values.keys():
if not self._values.has_key(name):
if clen > 0:
self._values[name] = [(0, None) for i in range(0, clen)]
else:
self._values[name] = []
value = self._itemFromValue(values[name])
self._values[name].append(value)
total += value[0]
self._total.append((total, total_link))
for name in self._values.keys():
if not values.has_key(name):
self._values[name].append(self._itemFromValue(0))
self._got_value = True
def createInlineFilteredField(self, path, value, direction=None, real_value=None):
if type(path) is not list and type(path) is not tuple:
path = [ path ]
else:
if not path:
return { "value": None, "inline_filter": None, "already_filtered": False }
if type(value) is not list and type(value) is not tuple:
if not real_value:
real_value = value
value = [ value ]
extra = { }
alreadyf = None
for p, v in zip(path, value):
if direction:
if v is not None:
operator = "="
else:
operator = "!"
if alreadyf is not False:
alreadyf = self._isAlreadyFiltered(direction, p, operator, v or "")
index = self.parameters.max_index
extra["%s_object_%d" % (direction, index)] = p
extra["%s_operator_%d" % (direction, index)] = operator
extra["%s_value_%d" % (direction, index)] = v or ""
self.parameters.max_index += 1
else:
if alreadyf is not False and (self.parameters.has_key(p) and self.parameters[p] == [v]):
alreadyf = True
extra[p] = v or ""
link = utils.create_link(self.view_path, self.parameters + extra - [ "offset" ])
return { "value": utils.escape_html_string(real_value), "inline_filter": link, "already_filtered": alreadyf }
def escape_value(value):
if type(value) is str:
return escape_html_string(value)
return value
def render(self):
criteria = getUriCriteria(self.parameters)
if criteria is not None:
ident = env.idmef_db.getAlertIdents(criteria)[0]
else:
ident = self.parameters["ident"]
alert = env.idmef_db.getAlert(ident, htmlsafe=True)["alert"]
self.dataset["sections"] = [ ]
self.beginSection(self.getSectionName(alert))
self.buildTime(alert)
self.beginTable()
self.newTableEntry(_("MessageID"), alert["messageid"])
self.endTable()
self.beginTable()
self.buildClassification(alert)
self.buildImpact(alert)
self.endTable()
self.beginSection(_("Actions"))
for action in alert["assessment.action"]:
self.buildAction(action)
self.endSection()
self.buildCorrelationAlert(alert)
self.buildToolAlert(alert)
self.buildReference(alert)
self.beginSection(_("Analyzer #%d") % (len(alert["analyzer"]) - 1))
self.buildAnalyzer(alert["analyzer(-1)"])
self.buildAnalyzerList(alert)
self.endSection()
self.endSection()
self.buildSourceTarget(alert)
ip = self.buildIpHeaderTable(alert)
tcp = self.buildTcpHeaderTable(alert)
udp = self.buildUdpHeaderTable(alert)
icmp = self.buildIcmpHeaderTable(alert)
data = self.buildPayloadTable(alert)
ignored_value = {}
ip_options = []
tcp_options = []
group = ip.field_list + tcp.field_list + udp.field_list + icmp.field_list + data.field_list
self.buildAdditionalData(alert, ignore=group, ignored=ignored_value, ip_options=ip_options, tcp_options=tcp_options)
if len(ignored_value.keys()) > 0:
def blah(b):
if b >= 32 and b < 127:
return chr(b)
else:
return "."
self.beginSection(_("Network centric information"))
self.beginTable(cl="message_summary_no_border")
ip.render_table(self, "IP", ignored_value)
self.ipOptionRender(ip_options)
tcp.render_table(self, "TCP", ignored_value)
self.tcpOptionRender(tcp_options)
udp.render_table(self, "UDP", ignored_value)
icmp.render_table(self, "ICMP", ignored_value)
if ignored_value.has_key("payload"):
val = {}
payload = utils.escape_html_string(utils.hexdump(ignored_value["payload"])).replace(" ", " ")
val["payload"] = "<span class='fixed'>%s</span>" % payload
data.render_table(self, _("Payload"), val)
val["payload"] = "<div style='overflow: auto;'>%s</div>" % utils.escape_html_string(ignored_value["payload"]).replace("\n", "<br/>")
data.render_table(self, _("ASCII Payload"), val)
self.endTable()
self.endSection()
def _link_generator(cls, infos):
for urlname, url in cls._value_generator(infos):
yield '<a href="%(url)s" target="_%(urlname)s">%(urlname)s</a>' % {
"urlname": utils.escape_html_string(urlname),
"url": utils.escape_html_string(url)
}
def filter(self, val, **kw):
s = Filter.filter(self, val, **kw)
return utils.escape_html_string(s)
def addLabelValuePair(self, label, value, link=None):
self._labels.append(label)
if self._support_link:
self._values.append((value, utils.escape_html_string(link)))
else:
self._values.append(value)
def _setupDataSet(self, dataset, request, user, view=None, parameters={}):
init_dataset(dataset, self._env.config, request)
sections = prewikka.views.events_section, prewikka.views.agents_section, prewikka.views.stats_section, prewikka.views.settings_section, \
prewikka.views.about_section
section_to_tabs = { }
dataset["interface.sections"] = [ ]
for section_name, tabs in sections:
first_tab = None
for tab_name, views in tabs:
view_name = views[0]
if not user or user.has(self._views[view_name]["permissions"]):
if not first_tab:
first_tab = view_name
section_to_tabs[section_name] = []
section_to_tabs[section_name] += [ ((tab_name, utils.create_link(views[0]))) ]
if first_tab:
dataset["interface.sections"].append( (section_name, utils.create_link(first_tab)) )
if isinstance(parameters, prewikka.view.RelativeViewParameters) and parameters.has_key("origin"):
view_name = parameters["origin"]
elif view:
view_name = view["name"]
else:
view_name = None
if view_name and self._view_to_section.has_key(view_name):
active_section = self._view_to_section[view_name]
active_tab = self._view_to_tab[view_name]
tabs = section_to_tabs.get(active_section, [])
else:
active_section, tabs, active_tab = "", [ ], ""
dataset["interface.tabs"] = tabs
dataset["prewikka.user"] = user
if user:
dataset["prewikka.userlink"] = "<b><a href=\"%s\">%s</a></b>" % (utils.create_link("user_settings_display"), utils.escape_html_string(user.login))
dataset["interface.active_tab"] = active_tab
dataset["interface.active_section"] = active_section
dataset["prewikka.logout_link"] = (user and self._env.auth.canLogout()) and utils.create_link("logout") or None
def get_html_select(selected_paths=None, default_paths=None, all_paths=True, max_paths=0):
_default_paths = default_paths or {
"Source IP": "alert.source(0).node.address(0).address",
"Source Port": "alert.source(0).service.port",
"Target IP": "alert.target(0).node.address(0).address",
"Target Port": "alert.target(0).service.port",
"Classification": "alert.classification.text",
"Analyzer": "alert.analyzer(-1).name",
}
if selected_paths is None:
selected_paths = []
_html_default_value = _gen_option_list(_default_paths.items(), selected_paths)
html = """
<link rel="stylesheet" type="text/css" href="prewikka/css/chosen.min.css">
<link rel="stylesheet" type="text/css" href="prewikka/css/bootstrap-chosen.css">"""
html += (
"""<select class="data-paths chosen-sortable form-control" %s name="selected_path" data-placeholder="%s">"""
% ("multiple" if max_paths != 1 else "", escape_html_string(_("Select paths...")))
)
html += """
<optgroup label="%s">
%s
</optgroup>
""" % (
escape_html_string(_("Default paths")),
_html_default_value,
)
if all_paths:
_html_all_value = _gen_option_list(
((i, i) for i in _get_path_list() if i not in _default_paths.values()), selected_paths
)
html += """
<optgroup label="%s">
%s
</optgroup>""" % (
escape_html_string(_("All paths")),
_html_all_value,
)
html += """
</select>
<script type="text/javascript">
$LAB.script("prewikka/js/chosen.jquery.min.js").wait()
.script("prewikka/js/jquery-chosen-sortable.js").wait(function() {
$(".data-paths").chosen({
max_selected_options: %d,
width: "100%%",
search_contains: true
}).chosenSortable();
$(".data-paths").chosenSetOrder(%s);
});
</script>
""" % (
max_paths,
list(selected_paths),
)
return html
