def getDate():
_localized_month = [
_("January"),
_("February"),
_("March"),
_("April"),
_("May"),
_("June"),
_("July"),
_("August"),
_("September"),
_("November"),
_("October"),
_("December"),
]
_localized_weekday = [
_("Monday"),
_("Tuesday"),
_("Wednesday"),
_("Thursday"),
_("Friday"),
_("Saturday"),
_("Sunday"),
]
weekday, day, month, year = utils.toUnicode(time.strftime("%A %d %B %Y")).split()
return u" ".join((_(weekday).lower(), day, _(month).lower(), year))
def query(self, query):
try:
_table = preludedb_sql_query(self._sql, query.encode("utf8"))
if not _table:
return [ ]
columns = preludedb_sql_table_get_column_count(_table)
table = [ ]
while True:
_row = preludedb_sql_table_fetch_row(_table)
if not _row:
break
row = [ ]
table.append(row)
for col in range(columns):
_field = preludedb_sql_row_fetch_field(_row, col)
if _field:
row.append(utils.toUnicode(preludedb_sql_field_to_string(_field)))
else:
row.append(None)
preludedb_sql_table_destroy(_table)
except PreludeDBError, e:
raise PreludeDBError(e.errno)
def init_dataset(dataset, config, request):
interface = config.interface
dataset["document.title"] = "[PREWIKKA]"
dataset["document.charset"] = localization.getCurrentCharset()
dataset["document.css_files"] = [ "prewikka/css/style.css" ]
dataset["document.js_files"] = [ "prewikka/js/jquery.js", "prewikka/js/functions.js" ]
dataset["prewikka.title"] = interface.getOptionValue("title", " ")
dataset["prewikka.software"] = interface.getOptionValue("software", " ")
dataset["prewikka.place"] = interface.getOptionValue("place", " ")
dataset["prewikka.date"] = localization.getDate()
val = config.general.getOptionValue("external_link_new_window", "true")
if (not val and config.general.has_key("external_link_new_window")) or (val == None or val.lower() in ["true", "yes"]):
dataset["prewikka.external_link_target"] = "_blank"
else:
dataset["prewikka.external_link_target"] = "_self"
dataset["arguments"] = []
for name, value in request.arguments.items():
if name in ("_login", "_password"):
continue
if name == "view" and value == "logout":
continue
dataset["arguments"].append((name, utils.toUnicode(value)))
def _safeNgettext(singular, plural, num):
try:
return utils.toUnicode(_localized_thread.data.ngettext(singular, plural, num))
except:
if num <= 1:
return singular
else:
return plural
def getUser(self, request):
login = request.arguments.get("_login", None)
if not login:
login = utils.toUnicode(self.checkSession(request))
else:
del request.arguments["_login"]
password = utils.toUnicode(request.arguments.get("_password", ""))
try:
del request.arguments["_password"]
except KeyError:
pass
login = utils.toUnicode(login)
self.checkPassword(login, password)
self.createSession(request, login)
self.log.info("User login", request, login)
return self.db.getUser(login)
def buildAdditionalData(self, alert, ignore=[], ignored={}, ip_options=[], tcp_options=[]):
self.beginSection(_("Additional data"))
self.beginTable()
self.newTableCol(0, _("Meaning"), header=True)
self.newTableCol(0, _("Value"), header=True)
index = 1
for ad in alert["additional_data"]:
value = None
meaning = ad["meaning"]
if meaning == "ip_option_code":
ip_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "ip_option_data":
data = ad["data"]
ip_options[-1] = (ip_options[-1][0], len(data), data)
ignored[meaning] = ""
if meaning == "tcp_option_code":
tcp_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "tcp_option_data":
data = ad["data"]
tcp_options[-1] = (tcp_options[-1][0], len(data), data)
ignored[meaning] = ""
if ad["data"] != None:
if ad["type"] == "byte-string":
value = ad.get("data", htmlsafe=False)
if meaning != "payload":
value = utils.hexdump(value)
else:
value = ad.get("data")
if isinstance(value, str):
value = utils.toUnicode(value)
for field in ignore:
if meaning != None and meaning == field[0]:
ignored[meaning] = value
break
if not ignored.has_key(meaning):
self.newTableCol(index, meaning or "Data content")
self.newTableCol(index, value)
index += 1
self.endTable()
self.endSection()
def render(self):
cmd = self.parameters["command"]
try:
command = self.env.host_commands[cmd]
except KeyError:
raise Error("Attempt to execute unregistered command '%s'" % cmd)
command = command.replace("$host", self.parameters["host"]).split(" ")
output = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True).communicate()[0]
output = utils.toUnicode(output)
output = utils.escape_html_string(output).replace(" ", " ").replace("\n", "<br/>")
self.dataset["command_output"] = output
def __init__(self, config):
settings = preludedb_sql_settings_new()
for name, default in (("file", None),
("host", "localhost"),
("port", None),
("name", "prewikka"),
("user", "prewikka"),
("pass", None)):
value = config.get(name, default)
if value:
preludedb_sql_settings_set(settings, name.encode("utf8"), value.encode("utf8"))
db_type = config.get("type", "mysql")
self._sql = preludedb_sql_new(db_type.encode("utf8"), settings)
if config.has_key("log"):
preludedb_sql_enable_query_logging(self._sql, config["log"].encode("utf8"))
# check if the database has been created
try:
version = self.query("SELECT version FROM Prewikka_Version")[0][0]
except PreludeDBError, e:
raise DatabaseSchemaError(unicode(utils.toUnicode(e)))
def convert_idmef_value(value):
def get_time(value):
time = idmef_value_get_time(value)
if not time:
return None
return IDMEFTime(idmef_time_clone(time))
def get_enum(value):
return idmef_class_enum_to_string(idmef_value_get_class(value), idmef_value_get_enum(value))
try:
ret = {
IDMEF_VALUE_TYPE_INT8: idmef_value_get_int8,
IDMEF_VALUE_TYPE_UINT8: idmef_value_get_uint8,
IDMEF_VALUE_TYPE_INT16: idmef_value_get_int16,
IDMEF_VALUE_TYPE_UINT16: idmef_value_get_uint16,
IDMEF_VALUE_TYPE_INT32: idmef_value_get_int32,
IDMEF_VALUE_TYPE_UINT32: idmef_value_get_uint32,
IDMEF_VALUE_TYPE_INT64: idmef_value_get_int64,
IDMEF_VALUE_TYPE_UINT64: idmef_value_get_uint64,
IDMEF_VALUE_TYPE_FLOAT: idmef_value_get_float,
IDMEF_VALUE_TYPE_DOUBLE: idmef_value_get_double,
IDMEF_VALUE_TYPE_STRING: idmef_value_get_string,
IDMEF_VALUE_TYPE_DATA: idmef_value_get_data,
IDMEF_VALUE_TYPE_CLASS: idmef_value_get_object,
IDMEF_VALUE_TYPE_ENUM: get_enum,
IDMEF_VALUE_TYPE_TIME: get_time
}[idmef_value_get_type(value)](value)
except KeyError:
return None
if idmef_value_get_type(value) == IDMEF_VALUE_TYPE_STRING and isinstance(ret, str):
ret = toUnicode(ret)
return ret
def render(self):
criteria = getUriCriteria(self.parameters)
if criteria is not None:
ident = self.env.idmef_db.getAlertIdents(criteria)[0]
else:
ident = self.parameters["ident"]
alert = self.env.idmef_db.getAlert(ident, htmlsafe=True)
self.dataset["sections"] = [ ]
self.beginSection(self.getSectionName(alert))
self.buildTime(alert)
self.beginTable()
self.newTableEntry(_("MessageID"), alert["messageid"])
self.endTable()
self.beginTable()
self.buildClassification(alert)
self.buildImpact(alert)
self.endTable()
self.beginSection(_("Actions"))
for action in alert["assessment.action"]:
self.buildAction(action)
self.endSection()
self.buildCorrelationAlert(alert)
self.buildToolAlert(alert)
self.buildReference(alert)
self.beginSection(_("Analyzer #%d") % (len(alert["analyzer"]) - 1))
self.buildAnalyzer(alert["analyzer(-1)"])
self.buildAnalyzerList(alert)
self.endSection()
self.endSection()
self.buildSourceTarget(alert)
ip = self.buildIpHeaderTable(alert)
tcp = self.buildTcpHeaderTable(alert)
udp = self.buildUdpHeaderTable(alert)
icmp = self.buildIcmpHeaderTable(alert)
data = self.buildPayloadTable(alert)
ignored_value = {}
ip_options = []
tcp_options = []
group = ip.field_list + tcp.field_list + udp.field_list + icmp.field_list + data.field_list
self.buildAdditionalData(alert, ignore=group, ignored=ignored_value, ip_options=ip_options, tcp_options=tcp_options)
if len(ignored_value.keys()) > 0:
def blah(b):
if b >= 32 and b < 127:
return chr(b)
else:
return "."
self.beginSection(_("Network centric information"))
self.beginTable(cl="message_summary_no_border")
ip.render_table(self, "IP", ignored_value)
self.ipOptionRender(ip_options)
tcp.render_table(self, "TCP", ignored_value)
self.tcpOptionRender(tcp_options)
udp.render_table(self, "UDP", ignored_value)
icmp.render_table(self, "ICMP", ignored_value)
if ignored_value.has_key("payload"):
val = {}
payload = utils.escape_html_string(utils.hexdump(ignored_value["payload"])).replace(" ", " ")
val["payload"] = "<span class='fixed'>%s</span>" % payload
data.render_table(self, _("Payload"), val)
val["payload"] = "<div style='overflow: auto;'>%s</div>" % utils.escape_html_string(utils.toUnicode(ignored_value["payload"])).replace("\n", "<br/>")
data.render_table(self, _("ASCII Payload"), val)
self.endTable()
self.endSection()
def __init__(self, name, value, lineno, line):
self.name = utils.toUnicode(name)
self.value = utils.toUnicode(value)
self.lineno = lineno
self.line = line
def escape(self, data):
if data:
data = data.encode("utf8")
return utils.toUnicode(preludedb_sql_escape(self._sql, data))
def _safeGettext(s):
try:
return utils.toUnicode(_localized_thread.data.gettext(s))
except:
return s