def _get_generator(cls, url, to_dict=False, params=None):
        """
        Send the GET request and return a generator.

        :param url: The URL to send the GET request to.
        :type url: str
        :param to_dict: Return a dictionary instead of an instantiated class.
        :type to_dict: bool
        :param params: The GET parameters to send in the request.
        :type params: dict
        :returns: Generator, dict (using json.loads())
        """

        if not params:
            params = dict()

        members = Broker.get(url, params=params).get(t.DATA, [])
        total = len(members)
        if total == t.MIN_TOTAL:
            yield None
        else:
            for member in members:
                if to_dict:
                    yield member
                else:
                    yield Broker.get_new(cls, member)
Exemple #2
0
    def objects(cls, text=None, strict_text=False, type_=None, threat_type=None,
                fields=None, limit=None, since=None, until=None, __raw__=None,
                full_response=False, dict_generator=False, retries=None):
        """
        Get objects from ThreatExchange.

        :param text: The text used for limiting the search.
        :type text: str
        :param strict_text: Whether we should use strict searching.
        :type strict_text: bool, str, int
        :param type_: The Indicator type to limit to.
        :type type_: str
        :param threat_type: The Threat type to limit to.
        :type threat_type: str
        :param fields: Select specific fields to pull
        :type fields: str, list
        :param limit: The maximum number of objects to return.
        :type limit: int, str
        :param since: The timestamp to limit the beginning of the search.
        :type since: str
        :param until: The timestamp to limit the end of the search.
        :type until: str
        :param __raw__: Provide a dictionary to force as GET parameters.
                        Overrides all other arguments.
        :type __raw__: dict
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :returns: Generator, dict (using json.loads())
        """

        if __raw__:
            if isinstance(__raw__, dict):
                params = __raw__
            else:
                raise pytxValueError('__raw__ must be of type dict')
        else:
            params = Broker.build_get_parameters(
                text=text,
                strict_text=strict_text,
                type_=type_,
                threat_type=threat_type,
                fields=fields,
                limit=limit,
                since=since,
                until=until,
            )
        if full_response:
            return Broker.get(cls._URL, params=params, retries=retries)
        else:
            return Broker.get_generator(cls,
                                        cls._URL,
                                        to_dict=dict_generator,
                                        params=params,
                                        retries=retries)
    def expire(self,
               timestamp,
               retries=None,
               headers=None,
               proxies=None,
               verify=None):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        Broker.is_timestamp(timestamp)
        params = {
            td.EXPIRED_ON: timestamp
        }
        return Broker.post(self._DETAILS,
                           params=params,
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
    def _get_generator(cls, url, to_dict=False, params=None):
        """
        Send the GET request and return a generator.

        :param url: The URL to send the GET request to.
        :type url: str
        :param to_dict: Return a dictionary instead of an instantiated class.
        :type to_dict: bool
        :param params: The GET parameters to send in the request.
        :type params: dict
        :returns: Generator, dict (using json.loads())
        """

        if not params:
            params = dict()

        members = Broker.get(url, params=params).get(t.DATA, [])
        total = len(members)
        if total == t.MIN_TOTAL:
            yield None
        else:
            for member in members:
                if to_dict:
                    yield member
                else:
                    yield Broker.get_new(cls, member)
Exemple #5
0
    def expire(self,
               timestamp,
               retries=None,
               headers=None,
               proxies=None,
               verify=None):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        Broker.is_timestamp(timestamp)
        params = {
            td.EXPIRED_ON: timestamp
        }
        return Broker.post(self._DETAILS,
                           params=params,
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
Exemple #6
0
    def save(self):
        """
        Save this object. If it is a new object, use self._fields to build the
        POST and submit to the appropriate URL. If it is an update to an
        existing object, use self._changed to only submit the modified
        attributes in the POST.

        :returns: dict (using json.loads())
        """

        if self._new:
            params = dict(
                (n, getattr(self, n)) for n in self._fields if n != c.ID)
            if ti.PRIVACY_TYPE not in params:
                raise pytxValueError('Must provide a %s' % ti.PRIVACY_TYPE)
                pass
            else:
                if (params[ti.PRIVACY_TYPE] != pt.VISIBLE
                        and len(params[ti.PRIVACY_MEMBERS].split(',')) < 1):
                    raise pytxValueError('Must provide %s' %
                                         ti.PRIVACY_MEMBERS)
            result = Broker.post(self._URL, params=params)
            if r.ID in result:
                self.set(ti.ID, result[r.ID])
            return result
        else:
            params = dict(
                (n, getattr(self, n)) for n in self._changed if n != c.ID)
            if (ti.PRIVACY_TYPE in params
                    and params[ti.PRIVACY_TYPE] != pt.VISIBLE
                    and len(params[ti.PRIVACY_MEMBERS].split(',')) < 1):
                raise pytxValueError('Must provide %s' % ti.PRIVACY_MEMBERS)
            return Broker.post(self._DETAILS, params=params)
Exemple #7
0
    def send(cls_or_self, id_=None, params=None, type_=None):
        """
        Send custom params to the object URL. If `id` is provided it will be
        appended to the URL. If this is an uninstantiated class we will use the
        object type url (ex: /threat_descriptors/). If this is an instantiated
        object we will use the details URL. The type_ should be either GET or
        POST. We will default to GET if this is an uninstantiated class, and
        POST if this is an instantiated class.

        :param id_: ID of a graph object.
        :type id_: str
        :param params: Parameters to submit in the request.
        :type params: dict
        :param type_: GET or POST
        :type type_: str

        :returns: dict (using json.loads())
        """

        if isinstance(cls_or_self, type):
            url = cls_or_self._URL
            if type_ is None:
                type_ = 'GET'
        else:
            url = cls_or_self._DETAILS
            if type_ is None:
                type_ = 'POST'
        if id_ is not None and len(id_) > 0:
            url = url + id_ + '/'
        if params is None:
            params = {}
        if type_ == 'GET':
            return Broker.get(url, params=params)
        else:
            return Broker.post(url, params=params)
Exemple #8
0
    def save(self):
        """
        Save this object. If it is a new object, use self._fields to build the
        POST and submit to the appropriate URL. If it is an update to an
        existing object, use self._changed to only submit the modified
        attributes in the POST.

        :returns: dict (using json.loads())
        """

        if self._new:
            params = dict(
                (n, getattr(self, n)) for n in self._fields if n != c.ID
            )
            if ti.PRIVACY_TYPE not in params:
                raise pytxValueError('Must provide a %s' % ti.PRIVACY_TYPE)
                pass
            else:
                if (params[ti.PRIVACY_TYPE] != pt.VISIBLE and
                        len(params[ti.PRIVACY_MEMBERS].split(',')) < 1):
                    raise pytxValueError('Must provide %s' % ti.PRIVACY_MEMBERS)
            return Broker.post(self._URL, params=params)
        else:
            params = dict(
                (n, getattr(self, n)) for n in self._changed if n != c.ID
            )
            if (ti.PRIVACY_TYPE in params and
                    params[ti.PRIVACY_TYPE] != pt.VISIBLE and
                    len(params[ti.PRIVACY_MEMBERS].split(',')) < 1):
                raise pytxValueError('Must provide %s' % ti.PRIVACY_MEMBERS)
            return Broker.post(self._DETAILS, params=params)
Exemple #9
0
    def send(cls_or_self,
             id_=None,
             params=None,
             type_=None,
             retries=None,
             headers=None,
             proxies=None,
             verify=None):
        """
        Send custom params to the object URL. If `id` is provided it will be
        appended to the URL. If this is an uninstantiated class we will use the
        object type url (ex: /threat_descriptors/). If this is an instantiated
        object we will use the details URL. The type_ should be either GET or
        POST. We will default to GET if this is an uninstantiated class, and
        POST if this is an instantiated class.

        :param id_: ID of a graph object.
        :type id_: str
        :param params: Parameters to submit in the request.
        :type params: dict
        :param type_: GET or POST
        :type type_: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        if isinstance(cls_or_self, type):
            url = cls_or_self._URL
            if type_ is None:
                type_ = 'GET'
        else:
            url = cls_or_self._DETAILS
            if type_ is None:
                type_ = 'POST'
        if id_ is not None and len(id_) > 0:
            url = url + id_ + '/'
        if params is None:
            params = {}
        if type_ == 'GET':
            return Broker.get(url,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            return Broker.post(url,
                               params=params,
                               retries=retries,
                               headers=headers,
                               proxies=proxies,
                               verify=verify)
    def mine(cls,
             role=None,
             full_response=False,
             dict_generator=False,
             retries=None,
             headers=None,
             proxies=None,
             verify=None):
        """
        Find all of the Threat Privacy Groups that I am either the owner or a
        member.

        :param role: Whether you are an 'owner' or a 'member'
        :type role: str
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if role is None:
            raise pytxValueError('Must provide a role')
        app_id = get_app_id() + '/'
        if role == 'owner':
            role = t.THREAT_PRIVACY_GROUPS_OWNER
        elif role == 'member':
            role = t.THREAT_PRIVACY_GROUPS_MEMBER
        else:
            raise pytxValueError('Role must be "owner" or "member"')
        params = {'fields': ','.join(cls._fields)}
        url = t.URL + t.VERSION + app_id + role
        if full_response:
            return Broker.get(url,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            return Broker.get_generator(cls,
                                        url,
                                        params=params,
                                        to_dict=dict_generator,
                                        retries=retries,
                                        headers=headers,
                                        proxies=proxies,
                                        verify=verify)
    def mine(cls,
             role=None,
             full_response=False,
             dict_generator=False,
             retries=None,
             headers=None,
             proxies=None,
             verify=None):
        """
        Find all of the Threat Privacy Groups that I am either the owner or a
        member.

        :param role: Whether you are an 'owner' or a 'member'
        :type role: str
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if role is None:
            raise pytxValueError('Must provide a role')
        app_id = get_app_id() + '/'
        if role == 'owner':
            role = t.THREAT_PRIVACY_GROUPS_OWNER
        elif role == 'member':
            role = t.THREAT_PRIVACY_GROUPS_MEMBER
        else:
            raise pytxValueError('Role must be "owner" or "member"')
        params = {'fields': ','.join(cls._fields)}
        url = t.URL + t.VERSION + app_id + role
        if full_response:
            return Broker.get(url,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            return Broker.get_generator(cls,
                                        url,
                                        params=params,
                                        to_dict=dict_generator,
                                        retries=retries,
                                        headers=headers,
                                        proxies=proxies,
                                        verify=verify)
Exemple #12
0
    def expire(self, timestamp):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        """

        Broker.is_timestamp(timestamp)
        self.set(ti.EXPIRED_ON, timestamp)
        self.save()
Exemple #13
0
    def expire(self, timestamp):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        """

        Broker.is_timestamp(timestamp)
        self.set(ti.EXPIRED_ON, timestamp)
        self.save()
    def expire(self, timestamp):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        """

        Broker.is_timestamp(timestamp)
        params = {
            ti.EXPIRED_ON: timestamp
        }
        return Broker.post(self._DETAILS, params=params)
Exemple #15
0
    def expire(self, timestamp, retries=None):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        Broker.is_timestamp(timestamp)
        params = {td.EXPIRED_ON: timestamp}
        return Broker.post(self._DETAILS, params=params, retries=retries)
Exemple #16
0
    def delete_connection(self,
                          object_id,
                          retries=None,
                          proxies=None,
                          verify=None):
        """
        Use HTTP DELETE and remove the connection to another object.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        params = {t.RELATED_ID: object_id}
        return Broker.delete(self._RELATED,
                             params=params,
                             retries=retries,
                             proxies=proxies,
                             verify=verify)
    def save(self,
             params=None,
             retries=None,
             headers=None,
             proxies=None,
             verify=None):
        """
        Submit changes to the graph to update an object. We will determine the
        Details URL and submit there (used for updating an existing object). If
        no parameters are provided, we will try to use get_changed() which may
        or may not be accurate (you have been warned!).

        :param params: The parameters to submit.
        :type params: dict
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        if params is None:
            params = self.get_changed()
        return Broker.post(self._DETAILS,
                           params=params,
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
Exemple #18
0
    def new(cls, params, retries=None, proxies=None, verify=None):
        """
        Submit params to the graph to add an object. We will submit to the
        object URL used for creating new objects in the graph. When submitting
        new objects you must provide privacy type and privacy members if the
        privacy type is something other than visible.

        :param params: The parameters to submit.
        :type params: dict
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        if cls.__name__ != 'ThreatPrivacyGroup':
            if td.PRIVACY_TYPE not in params:
                raise pytxValueError('Must provide a %s' % td.PRIVACY_TYPE)
                pass
            else:
                if (params[td.PRIVACY_TYPE] != pt.VISIBLE
                        and len(params[td.PRIVACY_MEMBERS].split(',')) < 1):
                    raise pytxValueError('Must provide %s' %
                                         td.PRIVACY_MEMBERS)
        return Broker.post(cls._URL,
                           params=params,
                           retries=retries,
                           proxies=proxies,
                           verify=verify)
Exemple #19
0
    def new(cls, params, retries=None, proxies=None, verify=None):
        """
        Submit params to the graph to add an object. We will submit to the
        object URL used for creating new objects in the graph. When submitting
        new objects you must provide privacy type and privacy members if the
        privacy type is something other than visible.

        :param params: The parameters to submit.
        :type params: dict
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        if cls.__name__ != 'ThreatPrivacyGroup':
            if td.PRIVACY_TYPE not in params:
                raise pytxValueError('Must provide a %s' % td.PRIVACY_TYPE)
                pass
            else:
                if (params[td.PRIVACY_TYPE] != pt.VISIBLE and
                        len(params[td.PRIVACY_MEMBERS].split(',')) < 1):
                    raise pytxValueError('Must provide %s' % td.PRIVACY_MEMBERS)
        return Broker.post(cls._URL, params=params, retries=retries,
                           proxies=proxies, verify=verify)
Exemple #20
0
    def expire(self, timestamp, retries=None):
        """
        Expire by setting the 'expired_on' timestamp.

        :param timestamp: The timestamp to set for an expiration date.
        :type timestamp: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        Broker.is_timestamp(timestamp)
        params = {
            td.EXPIRED_ON: timestamp
        }
        return Broker.post(self._DETAILS, params=params, retries=retries)
    def get_members(self,
                    retries=None,
                    headers=None,
                    proxies=None,
                    verify=None):
        """
        Get the members of a Threat Privacy Group

        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: list
        """

        url = self._DETAILS + tpg.MEMBERS
        results = Broker.get(url,
                             retries=retries,
                             headers=headers,
                             proxies=proxies,
                             verify=verify)
        if t.DATA in results:
            return results[t.DATA]
        else:
            return []
Exemple #22
0
    def save(self, params=None, retries=None, proxies=None, verify=None):
        """
        Submit changes to the graph to update an object. We will determine the
        Details URL and submit there (used for updating an existing object). If
        no parameters are provided, we will try to use get_changed() which may
        or may not be accurate (you have been warned!).

        :param params: The parameters to submit.
        :type params: dict
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        if params is None:
            params = self.get_changed()
        return Broker.post(self._DETAILS,
                           params=params,
                           retries=retries,
                           proxies=proxies,
                           verify=verify)
    def save(cls_or_self, params):
        """
        Submit params to the graph to add/update an object. If this is an
        uninstantiated class then we will submit to the object URL (used for
        creating new objects in the graph). If this is an instantiated class
        object then we will determine the Details URL and submit there (used for
        updating an existing object).

        :param params: The parameters to submit.
        :type params: dict
        :returns: dict (using json.loads())
        """

        if isinstance(cls_or_self, type):
            url = t.URL + t.VERSION + id + '/'
        else:
            url = cls_or_self._DETAILS
        if ti.PRIVACY_TYPE not in params:
            raise pytxValueError('Must provide a %s' % ti.PRIVACY_TYPE)
            pass
        else:
            if (params[ti.PRIVACY_TYPE] != pt.VISIBLE and
                    len(params[ti.PRIVACY_MEMBERS].split(',')) < 1):
                raise pytxValueError('Must provide %s' % ti.PRIVACY_MEMBERS)
        return Broker.post(url, params=params)
    def delete_connection(self,
                          object_id,
                          retries=None,
                          headers=None,
                          proxies=None,
                          verify=None):
        """
        Use HTTP DELETE and remove the connection to another object.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        params = {
            t.RELATED_ID: object_id
        }
        return Broker.delete(self._RELATED,
                             params=params,
                             retries=retries,
                             headers=headers,
                             proxies=proxies,
                             verify=verify)
    def get_members(self,
                    retries=None,
                    headers=None,
                    proxies=None,
                    verify=None):
        """
        Get the members of a Threat Privacy Group

        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: list
        """

        url = self._DETAILS + tpg.MEMBERS
        results = Broker.get(url,
                             retries=retries,
                             headers=headers,
                             proxies=proxies,
                             verify=verify)
        if t.DATA in results:
            return results[t.DATA]
        else:
            return []
    def false_positive(self,
                       object_id,
                       retries=None,
                       headers=None,
                       proxies=None,
                       verify=None):
        """
        Mark an object as a false positive by setting the status to
        UNKNOWN.

        :param object_id: The object-id of the object to mark.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        params = {
            c.STATUS: s.UNKNOWN
        }
        return Broker.post(self._DETAILS,
                           params=params,
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
    def set_members(self,
                    members=None,
                    retries=None,
                    headers=None,
                    proxies=None,
                    verify=None):
        """
        Set the members of a Threat Privacy Group

        :param members: str or list of member IDs to add as members.
        :type members: str or list
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: list
        """

        if members is None:
            raise pytxValueError('Must provide members as a str or list')
        elif isinstance(members, list):
            members = ','.join(members)
        return Broker.post(self._DETAILS,
                           params={'members': members},
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
    def add_connection(self,
                       object_id,
                       retries=None,
                       headers=None,
                       proxies=None,
                       verify=None):
        """
        Use HTTP POST and add a connection between two objects.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        params = {
            t.RELATED_ID: object_id
        }
        return Broker.post(self._RELATED,
                           params=params,
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
    def set_members(self,
                    members=None,
                    retries=None,
                    headers=None,
                    proxies=None,
                    verify=None):
        """
        Set the members of a Threat Privacy Group

        :param members: str or list of member IDs to add as members.
        :type members: str or list
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: list
        """

        if members is None:
            raise pytxValueError('Must provide members as a str or list')
        elif isinstance(members, list):
            members = ','.join(members)
        return Broker.post(self._DETAILS,
                           params={'members': members},
                           retries=retries,
                           headers=headers,
                           proxies=proxies,
                           verify=verify)
Exemple #30
0
    def add_connection(self,
                       object_id,
                       retries=None,
                       proxies=None,
                       verify=None):
        """
        Use HTTP POST and add a connection between two objects.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        params = {t.RELATED_ID: object_id}
        return Broker.post(self._RELATED,
                           params=params,
                           retries=retries,
                           proxies=proxies,
                           verify=verify)
Exemple #31
0
    def false_positive(self,
                       object_id,
                       retries=None,
                       proxies=None,
                       verify=None):
        """
        Mark an object as a false positive by setting the status to
        UNKNOWN.

        :param object_id: The object-id of the object to mark.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        params = {c.STATUS: s.UNKNOWN}
        return Broker.post(self._DETAILS,
                           params=params,
                           retries=retries,
                           proxies=proxies,
                           verify=verify)
    def _get_generator(cls,
                       url,
                       to_dict=False,
                       params=None,
                       retries=None,
                       headers=None,
                       proxies=None,
                       verify=None):
        """
        Send the GET request and return a generator.

        :param url: The URL to send the GET request to.
        :type url: str
        :param to_dict: Return a dictionary instead of an instantiated class.
        :type to_dict: bool
        :param params: The GET parameters to send in the request.
        :type params: dict
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if not params:
            params = dict()

        members = Broker.get(url,
                             params=params,
                             retries=retries,
                             headers=headers,
                             proxies=proxies,
                             verify=verify).get(t.DATA, [])
        total = len(members)
        if total == t.MIN_TOTAL:
            yield None
        else:
            for member in members:
                if to_dict:
                    yield member
                else:
                    yield Broker.get_new(cls, member)
Exemple #33
0
    def _get_generator(cls,
                       url,
                       to_dict=False,
                       params=None,
                       retries=None,
                       headers=None,
                       proxies=None,
                       verify=None):
        """
        Send the GET request and return a generator.

        :param url: The URL to send the GET request to.
        :type url: str
        :param to_dict: Return a dictionary instead of an instantiated class.
        :type to_dict: bool
        :param params: The GET parameters to send in the request.
        :type params: dict
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if not params:
            params = dict()

        members = Broker.get(url,
                             params=params,
                             retries=retries,
                             headers=headers,
                             proxies=proxies,
                             verify=verify).get(t.DATA, [])
        total = len(members)
        if total == t.MIN_TOTAL:
            yield None
        else:
            for member in members:
                if to_dict:
                    yield member
                else:
                    yield Broker.get_new(cls, member)
Exemple #34
0
    def add_connection(self, object_id):
        """
        Use HTTP POST and add a connection between two objects.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :returns: dict (using json.loads())
        """

        params = {t.RELATED_ID: object_id}
        return Broker.post(self._RELATED, params=params)
Exemple #35
0
    def delete_connection(self, object_id):
        """
        Use HTTP DELETE and remove the connection to another object.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :returns: dict (using json.loads())
        """

        params = {t.RELATED_ID: object_id}
        return Broker.delete(self._RELATED, params=params)
Exemple #36
0
    def delete_connection(self, object_id):
        """
        Use HTTP DELETE and remove the connection to another object.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :returns: dict (using json.loads())
        """

        params = {
            t.RELATED_ID: object_id
        }
        return Broker.delete(self._RELATED, params=params)
    def false_positive(self, object_id):
        """
        Mark an object as a false positive by setting the status to
        UNKNOWN.

        :param object_id: The object-id of the object to mark.
        :type object_id: str
        """

        params = {
            c.STATUS: s.UNKNOWN
        }
        return Broker.post(self._DETAILS, params=params)
Exemple #38
0
    def add_connection(self, object_id):
        """
        Use HTTP POST and add a connection between two objects.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :returns: dict (using json.loads())
        """

        params = {
            t.RELATED_ID: object_id
        }
        return Broker.post(self._RELATED, params=params)
Exemple #39
0
    def delete_connection(self, object_id, retries=None):
        """
        Use HTTP DELETE and remove the connection to another object.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        params = {t.RELATED_ID: object_id}
        return Broker.delete(self._RELATED, params=params, retries=retries)
Exemple #40
0
    def add_connection(self, object_id, retries=None):
        """
        Use HTTP POST and add a connection between two objects.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        params = {t.RELATED_ID: object_id}
        return Broker.post(self._RELATED, params=params, retries=retries)
Exemple #41
0
    def false_positive(self, object_id, retries=None):
        """
        Mark an object as a false positive by setting the status to
        UNKNOWN.

        :param object_id: The object-id of the object to mark.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        params = {c.STATUS: s.UNKNOWN}
        return Broker.post(self._DETAILS, params=params, retries=retries)
Exemple #42
0
    def add_connection(self, object_id, retries=None):
        """
        Use HTTP POST and add a connection between two objects.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        params = {
            t.RELATED_ID: object_id
        }
        return Broker.post(self._RELATED, params=params, retries=retries)
Exemple #43
0
    def save(self, params=None):
        """
        Submit changes to the graph to update an object. We will determine the
        Details URL and submit there (used for updating an existing object). If
        no parameters are provided, we will try to use get_changed() which may
        or may not be accurate (you have been warned!).

        :param params: The parameters to submit.
        :type params: dict
        :returns: dict (using json.loads())
        """

        if params is None:
            params = self.get_changed()
        return Broker.post(self._DETAILS, params=params)
Exemple #44
0
    def delete_connection(self, object_id, retries=None):
        """
        Use HTTP DELETE and remove the connection to another object.

        :param object_id: The other object-id in the connection.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        params = {
            t.RELATED_ID: object_id
        }
        return Broker.delete(self._RELATED, params=params, retries=retries)
Exemple #45
0
    def false_positive(self, object_id, retries=None):
        """
        Mark an object as a false positive by setting the status to
        UNKNOWN.

        :param object_id: The object-id of the object to mark.
        :type object_id: str
        :param retries: Number of retries to submit before stopping.
        :type retries: int
        :returns: dict (using json.loads())
        """

        params = {
            c.STATUS: s.UNKNOWN
        }
        return Broker.post(self._DETAILS, params=params, retries=retries)
    def objects(cls, full_response=False, dict_generator=False):
        """
        Get a list of Threat Exchange Members

        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :returns: Generator, dict (using json.loads())
        """

        if full_response:
            return Broker.get(cls._URL)
        else:
            return cls._get_generator(cls._URL, to_dict=dict_generator)
    def objects(cls, full_response=False, dict_generator=False):
        """
        Get a list of Threat Exchange Members

        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :returns: Generator, dict (using json.loads())
        """

        if full_response:
            return Broker.get(cls._URL)
        else:
            return cls._get_generator(cls._URL,
                                      to_dict=dict_generator)
Exemple #48
0
    def new(cls, params):
        """
        Submit params to the graph to add an object. We will submit to the
        object URL used for creating new objects in the graph. When submitting
        new objects you must provide privacy type and privacy members if the
        privacy type is something other than visible.

        :param params: The parameters to submit.
        :type params: dict
        :returns: dict (using json.loads())
        """

        if td.PRIVACY_TYPE not in params:
            raise pytxValueError('Must provide a %s' % td.PRIVACY_TYPE)
            pass
        else:
            if (params[td.PRIVACY_TYPE] != pt.VISIBLE and
                    len(params[td.PRIVACY_MEMBERS].split(',')) < 1):
                raise pytxValueError('Must provide %s' % td.PRIVACY_MEMBERS)
        return Broker.post(cls._URL, params=params)
Exemple #49
0
    def objects(cls,
                full_response=False,
                dict_generator=False,
                retries=None,
                headers=None,
                proxies=None,
                verify=None):
        """
        Get a list of Threat Exchange Members

        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if full_response:
            return Broker.get(cls._URL,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            return cls._get_generator(cls._URL,
                                      to_dict=dict_generator,
                                      retries=retries,
                                      headers=headers,
                                      proxies=proxies,
                                      verify=verify)
    def objects(cls,
                full_response=False,
                dict_generator=False,
                retries=None,
                headers=None,
                proxies=None,
                verify=None):
        """
        Get a list of Threat Exchange Members

        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if full_response:
            return Broker.get(cls._URL,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            return cls._get_generator(cls._URL,
                                      to_dict=dict_generator,
                                      retries=retries,
                                      headers=headers,
                                      proxies=proxies,
                                      verify=verify)
Exemple #51
0
    def submit(cls, *args, **kwargs):
        """
        Submit batch request. All non-named args are considered to be
        dictionaries containing the following:

            type: The request type (GET, POST, etc.).
            url: The full or relative URL for the API call.
            body: If the type is POST this is the body that will be used.

        If you use "method" instead of "type" and/or "relative_urL" instead of
        "url" (which is accurate to the Graph API) we will use them
        appropriately.

        If you pass a named argument, we will consider the name as the name you
        wish to include in that specific request. This is useful for referencing
        a request in another request in the Batch (see FB documentation).

        The following named args are considered to be the options below.

        :param include_headers: Include headers in response.
        :type include_headers: bool
        :param omit_response: Omit response on success.
        :type omit_response: bool
        :param retries: Number of retries before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: dict (using json.loads())
        """

        batch = []
        retries = kwargs.get('retries', None)
        if retries:
            del kwargs['retries']
        headers = kwargs.get('headers', None)
        if headers:
            del kwargs['headers']
        proxies = kwargs.get('proxies', None)
        if proxies:
            del kwargs['proxies']
        verify = kwargs.get('verify', None)
        if verify:
            del kwargs['verify']
        include_headers = kwargs.get('include_headers', None)
        if include_headers:
            del kwargs['include_headers']
            include_headers = Broker.sanitize_bool(include_headers)
        omit_response = kwargs.get('omit_response', None)
        if omit_response:
            del kwargs['omit_response']
            omit_response = Broker.sanitize_bool(omit_response)

        for arg in args:
            batch.append(Batch.prepare_single_request(arg))
        for key, value in kwargs.iteritems():
            batch.append(Batch.prepare_single_request(value, name=key))
        params = {
            t.ACCESS_TOKEN: get_access_token(),
            t.BATCH: json.dumps(batch),
            t.INCLUDE_HEADERS: include_headers,
            t.OMIT_RESPONSE_ON_SUCCESS: omit_response
        }
        try:
            return Broker.post(t.URL,
                               params=params,
                               retries=retries,
                               headers=headers,
                               proxies=proxies,
                               verify=verify)
        except:
            raise pytxFetchError('Error with batch request.')
Exemple #52
0
    def details(cls_or_self,
                id=None,
                fields=None,
                connection=None,
                full_response=False,
                dict_generator=False,
                metadata=False):
        """
        Get object details. Allows you to limit the fields returned in the
        object's details. Also allows you to provide a connection. If a
        connection is provided, the related objects will be returned instead
        of the object itself.

        NOTE: This method can be used on both instantiated and uninstantiated
        classes like so:

            foo = ThreatIndicator(id='1234')
            foo.details()

            foo = ThreatIndicator.details(id='1234')


        BE AWARE: Due to the nature of ThreatExchange allowing you to query for
        an object by ID but not actually telling you the type of object returned
        to you, using an ID for an object of a different type (ex: ID for a
        Malware object using ThreatIndicator class) will result in the wrong
        object populated with only data that is common between the two objects.

        :param id: The ID of the object to get details for if the class is not
                   instantiated.
        :type id: str
        :param fields: The fields to limit the details to.
        :type fields: None, str, list
        :param connection: The connection to find other related objects with.
        :type connection: None, str
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param metadata: Get extra metadata in the response.
        :type metadata: bool
        :returns: Generator, dict, class
        """

        if isinstance(cls_or_self, type):
            url = t.URL + t.VERSION + id + '/'
        else:
            url = cls_or_self._DETAILS
        if connection:
            url = url + connection + '/'
        params = Broker.build_get_parameters()
        if isinstance(fields, basestring):
            fields = fields.split(',')
        if fields is not None and not isinstance(fields, list):
            raise pytxValueError('fields must be a list')
        if fields is not None:
            params[t.FIELDS] = ','.join(f.strip() for f in fields)
        if metadata:
            params[t.METADATA] = 1
        if full_response:
            return Broker.get(url, params=params)
        else:
            if connection:
                return Broker.get_generator(cls_or_self,
                                            url,
                                            t.NO_TOTAL,
                                            to_dict=dict_generator,
                                            params=params)
            else:
                if isinstance(cls_or_self, type):
                    return Broker.get_new(cls_or_self,
                                          Broker.get(url, params=params))
                else:
                    cls_or_self.populate(Broker.get(url, params=params))
Exemple #53
0
    def details(cls_or_self,
                id=None,
                fields=None,
                connection=None,
                full_response=False,
                dict_generator=False,
                retries=None,
                metadata=False):
        """
        Get object details. Allows you to limit the fields returned in the
        object's details. Also allows you to provide a connection. If a
        connection is provided, the related objects will be returned instead
        of the object itself.

        NOTE: This method can be used on both instantiated and uninstantiated
        classes like so:

            foo = ThreatIndicator(id='1234')
            foo.details()

            foo = ThreatIndicator.details(id='1234')


        BE AWARE: Due to the nature of ThreatExchange allowing you to query for
        an object by ID but not actually telling you the type of object returned
        to you, using an ID for an object of a different type (ex: ID for a
        Malware object using ThreatIndicator class) will result in the wrong
        object populated with only data that is common between the two objects.

        :param id: The ID of the object to get details for if the class is not
                   instantiated.
        :type id: str
        :param fields: The fields to limit the details to.
        :type fields: None, str, list
        :param connection: The connection to find other related objects with.
        :type connection: None, str
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param metadata: Get extra metadata in the response.
        :type metadata: bool
        :returns: Generator, dict, class
        """

        if isinstance(cls_or_self, type):
            url = t.URL + t.VERSION + id + '/'
        else:
            url = cls_or_self._DETAILS
        if connection:
            url = url + connection + '/'
        params = Broker.build_get_parameters()
        if isinstance(fields, basestring):
            fields = fields.split(',')
        if fields is not None and not isinstance(fields, list):
            raise pytxValueError('fields must be a list')
        if fields is not None:
            params[t.FIELDS] = ','.join(f.strip() for f in fields)
        if metadata:
            params[t.METADATA] = 1
        if full_response:
            return Broker.get(url, params=params, retries=retries)
        else:
            if connection:
                # Avoid circular imports
                from malware import Malware
                from malware_family import MalwareFamily
                from threat_indicator import ThreatIndicator
                from threat_descriptor import ThreatDescriptor
                conns = {
                    conn.DESCRIPTORS: ThreatDescriptor,
                    conn.DROPPED: Malware,
                    conn.DROPPED_BY: Malware,
                    conn.FAMILIES: MalwareFamily,
                    conn.MALWARE_ANALYSES: Malware,
                    conn.RELATED: ThreatIndicator,
                    conn.THREAT_INDICATORS: ThreatIndicator,
                    conn.VARIANTS: Malware,
                }
                klass = conns.get(connection, None)
                return Broker.get_generator(klass,
                                            url,
                                            to_dict=dict_generator,
                                            params=params,
                                            retries=retries)
            else:
                if isinstance(cls_or_self, type):
                    return Broker.get_new(
                        cls_or_self,
                        Broker.get(url, params=params, retries=retries))
                else:
                    cls_or_self.populate(
                        Broker.get(url, params=params, retries=retries))
                    cls_or_self._changed = []
Exemple #54
0
    def objects(cls,
                text=None,
                strict_text=False,
                type_=None,
                threat_type=None,
                fields=None,
                limit=None,
                since=None,
                until=None,
                __raw__=None,
                full_response=False,
                dict_generator=False,
                retries=None):
        """
        Get objects from ThreatExchange.

        :param text: The text used for limiting the search.
        :type text: str
        :param strict_text: Whether we should use strict searching.
        :type strict_text: bool, str, int
        :param type_: The Indicator type to limit to.
        :type type_: str
        :param threat_type: The Threat type to limit to.
        :type threat_type: str
        :param fields: Select specific fields to pull
        :type fields: str, list
        :param limit: The maximum number of objects to return.
        :type limit: int, str
        :param since: The timestamp to limit the beginning of the search.
        :type since: str
        :param until: The timestamp to limit the end of the search.
        :type until: str
        :param __raw__: Provide a dictionary to force as GET parameters.
                        Overrides all other arguments.
        :type __raw__: dict
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :returns: Generator, dict (using json.loads())
        """

        if __raw__:
            if isinstance(__raw__, dict):
                params = __raw__
            else:
                raise pytxValueError('__raw__ must be of type dict')
        else:
            params = Broker.build_get_parameters(
                text=text,
                strict_text=strict_text,
                type_=type_,
                threat_type=threat_type,
                fields=fields,
                limit=limit,
                since=since,
                until=until,
            )
        if full_response:
            return Broker.get(cls._URL, params=params, retries=retries)
        else:
            return Broker.get_generator(cls,
                                        cls._URL,
                                        to_dict=dict_generator,
                                        params=params,
                                        retries=retries)
Exemple #55
0
    def connections(cls_or_self,
                    id=None,
                    connection=None,
                    fields=None,
                    limit=None,
                    full_response=False,
                    dict_generator=False,
                    request_dict=False,
                    retries=None,
                    headers=None,
                    proxies=None,
                    verify=None,
                    metadata=False):
        """
        Get object connections. Allows you to limit the fields returned for the
        objects.

        NOTE: This method can be used on both instantiated and uninstantiated
        classes like so:

            foo = ThreatIndicator(id='1234')
            foo.connections(connections='foo')

            foo = ThreatIndicator.connetions(id='1234'
                                             connections='foo')

        :param id: The ID of the object to get connections for if the class is
                   not instantiated.
        :type id: str
        :param fields: The fields to limit the details to.
        :type fields: None, str, list
        :param limit: Limit the results.
        :type limit: None, int
        :param connection: The connection to find other related objects with.
        :type connection: None, str
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param request_dict: Return a request dictionary only.
        :type request_dict: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :param metadata: Get extra metadata in the response.
        :type metadata: bool
        :returns: Generator, dict, class, str
        """

        if isinstance(cls_or_self, type):
            url = t.URL + t.VERSION + id + '/'
        else:
            url = cls_or_self._DETAILS
        if connection:
            url = url + connection + '/'
        params = Broker.build_get_parameters(limit=limit)
        if isinstance(fields, basestring):
            fields = fields.split(',')
        if fields is not None and not isinstance(fields, list):
            raise pytxValueError('fields must be a list')
        if fields is not None:
            params[t.FIELDS] = ','.join(f.strip() for f in fields)
        if metadata:
            params[t.METADATA] = 1
        if request_dict:
            return Broker.request_dict('GET',
                                       url,
                                       params=params)
        if full_response:
            return Broker.get(url,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            # Avoid circular imports
            from malware import Malware
            from malware_family import MalwareFamily
            from threat_indicator import ThreatIndicator
            from threat_descriptor import ThreatDescriptor
            conns = {
                conn.DESCRIPTORS: ThreatDescriptor,
                conn.DROPPED: Malware,
                conn.DROPPED_BY: Malware,
                conn.FAMILIES: MalwareFamily,
                conn.MALWARE_ANALYSES: Malware,
                conn.RELATED: ThreatIndicator,
                conn.THREAT_INDICATORS: ThreatIndicator,
                conn.VARIANTS: Malware,
            }
            klass = conns.get(connection, None)
            return Broker.get_generator(klass,
                                        url,
                                        to_dict=dict_generator,
                                        params=params,
                                        retries=retries,
                                        headers=headers,
                                        proxies=proxies,
                                        verify=verify)
Exemple #56
0
    def objects(cls,
                text=None,
                strict_text=False,
                type_=None,
                threat_type=None,
                fields=None,
                limit=None,
                since=None,
                until=None,
                include_expired=False,
                max_confidence=None,
                min_confidence=None,
                owner=None,
                status=None,
                __raw__=None,
                full_response=False,
                dict_generator=False,
                retries=None,
                proxies=None,
                verify=None):
        """
        Get objects from ThreatExchange.

        :param text: The text used for limiting the search.
        :type text: str
        :param strict_text: Whether we should use strict searching.
        :type strict_text: bool, str, int
        :param type_: The Indicator type to limit to.
        :type type_: str
        :param threat_type: The Threat type to limit to.
        :type threat_type: str
        :param fields: Select specific fields to pull
        :type fields: str, list
        :param limit: The maximum number of objects to return.
        :type limit: int, str
        :param since: The timestamp to limit the beginning of the search.
        :type since: str
        :param until: The timestamp to limit the end of the search.
        :type until: str
        :param include_expired: Include expired content in your results.
        :type include_expired: bool
        :param max_confidence: The max confidence level to search for.
        :type max_confidence: int
        :param min_confidence: The min confidence level to search for.
        :type min_confidence: int
        :param owner: The owner to limit to. This can be comma-delimited to
                      include multiple owners.
        :type owner: str
        :param status: The status to limit to.
        :type status: str
        :param __raw__: Provide a dictionary to force as GET parameters.
                        Overrides all other arguments.
        :type __raw__: dict
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if __raw__:
            if isinstance(__raw__, dict):
                params = __raw__
            else:
                raise pytxValueError('__raw__ must be of type dict')
        else:
            params = Broker.build_get_parameters(
                text=text,
                strict_text=strict_text,
                type_=type_,
                threat_type=threat_type,
                fields=fields,
                limit=limit,
                since=since,
                until=until,
                include_expired=include_expired,
                max_confidence=max_confidence,
                min_confidence=min_confidence,
                owner=owner,
                status=status)
        if full_response:
            return Broker.get(cls._URL,
                              params=params,
                              retries=retries,
                              proxies=proxies,
                              verify=verify)
        else:
            return Broker.get_generator(cls,
                                        cls._URL,
                                        to_dict=dict_generator,
                                        params=params,
                                        retries=retries,
                                        proxies=proxies,
                                        verify=verify)
Exemple #57
0
    def details(cls_or_self,
                id=None,
                fields=None,
                full_response=False,
                dict_generator=False,
                retries=None,
                headers=None,
                proxies=None,
                verify=None,
                metadata=False):
        """
        Get object details. Allows you to limit the fields returned in the
        object's details.

        NOTE: This method can be used on both instantiated and uninstantiated
        classes like so:

            foo = ThreatIndicator(id='1234')
            foo.details()

            foo = ThreatIndicator.details(id='1234')


        BE AWARE: Due to the nature of ThreatExchange allowing you to query for
        an object by ID but not actually telling you the type of object returned
        to you, using an ID for an object of a different type (ex: ID for a
        Malware object using ThreatIndicator class) will result in the wrong
        object populated with only data that is common between the two objects.

        :param id: The ID of the object to get details for if the class is not
                   instantiated.
        :type id: str
        :param fields: The fields to limit the details to.
        :type fields: None, str, list
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :param metadata: Get extra metadata in the response.
        :type metadata: bool
        :returns: Generator, dict, class
        """

        if isinstance(cls_or_self, type):
            url = t.URL + t.VERSION + id + '/'
        else:
            url = cls_or_self._DETAILS
        params = Broker.build_get_parameters()
        if isinstance(fields, basestring):
            fields = fields.split(',')
        if fields is not None and not isinstance(fields, list):
            raise pytxValueError('fields must be a list')
        if fields is not None:
            params[t.FIELDS] = ','.join(f.strip() for f in fields)
        if metadata:
            params[t.METADATA] = 1
        if full_response:
            return Broker.get(url,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            if isinstance(cls_or_self, type):
                return Broker.get_new(cls_or_self,
                                      Broker.get(url,
                                                 params=params,
                                                 retries=retries,
                                                 headers=headers,
                                                 proxies=proxies,
                                                 verify=verify))
            else:
                cls_or_self.populate(Broker.get(url,
                                                params=params,
                                                retries=retries,
                                                headers=headers,
                                                proxies=proxies,
                                                verify=verify))
                cls_or_self._changed = []
    def details(cls_or_self,
                id=None,
                fields=None,
                connection=None,
                full_response=False,
                dict_generator=False,
                retries=None,
                headers=None,
                proxies=None,
                verify=None,
                metadata=False):
        """
        Get object details. Allows you to limit the fields returned in the
        object's details. Also allows you to provide a connection. If a
        connection is provided, the related objects will be returned instead
        of the object itself.

        NOTE: This method can be used on both instantiated and uninstantiated
        classes like so:

            foo = ThreatIndicator(id='1234')
            foo.details()

            foo = ThreatIndicator.details(id='1234')


        BE AWARE: Due to the nature of ThreatExchange allowing you to query for
        an object by ID but not actually telling you the type of object returned
        to you, using an ID for an object of a different type (ex: ID for a
        Malware object using ThreatIndicator class) will result in the wrong
        object populated with only data that is common between the two objects.

        :param id: The ID of the object to get details for if the class is not
                   instantiated.
        :type id: str
        :param fields: The fields to limit the details to.
        :type fields: None, str, list
        :param connection: The connection to find other related objects with.
        :type connection: None, str
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :param metadata: Get extra metadata in the response.
        :type metadata: bool
        :returns: Generator, dict, class
        """

        if isinstance(cls_or_self, type):
            url = t.URL + t.VERSION + id + '/'
        else:
            url = cls_or_self._DETAILS
        if connection:
            url = url + connection + '/'
        params = Broker.build_get_parameters()
        if isinstance(fields, basestring):
            fields = fields.split(',')
        if fields is not None and not isinstance(fields, list):
            raise pytxValueError('fields must be a list')
        if fields is not None:
            params[t.FIELDS] = ','.join(f.strip() for f in fields)
        if metadata:
            params[t.METADATA] = 1
        if full_response:
            return Broker.get(url,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            if connection:
                # Avoid circular imports
                from malware import Malware
                from malware_family import MalwareFamily
                from threat_indicator import ThreatIndicator
                from threat_descriptor import ThreatDescriptor
                conns = {
                    conn.DESCRIPTORS: ThreatDescriptor,
                    conn.DROPPED: Malware,
                    conn.DROPPED_BY: Malware,
                    conn.FAMILIES: MalwareFamily,
                    conn.MALWARE_ANALYSES: Malware,
                    conn.RELATED: ThreatIndicator,
                    conn.THREAT_INDICATORS: ThreatIndicator,
                    conn.VARIANTS: Malware,
                }
                klass = conns.get(connection, None)
                return Broker.get_generator(klass,
                                            url,
                                            to_dict=dict_generator,
                                            params=params,
                                            retries=retries,
                                            headers=headers,
                                            proxies=proxies,
                                            verify=verify)
            else:
                if isinstance(cls_or_self, type):
                    return Broker.get_new(cls_or_self,
                                          Broker.get(url,
                                                     params=params,
                                                     retries=retries,
                                                     headers=headers,
                                                     proxies=proxies,
                                                     verify=verify))
                else:
                    cls_or_self.populate(Broker.get(url,
                                                    params=params,
                                                    retries=retries,
                                                    headers=headers,
                                                    proxies=proxies,
                                                    verify=verify))
                    cls_or_self._changed = []
    def objects(cls,
                text=None,
                strict_text=False,
                type_=None,
                threat_type=None,
                fields=None,
                limit=None,
                since=None,
                until=None,
                include_expired=False,
                max_confidence=None,
                min_confidence=None,
                owner=None,
                status=None,
                __raw__=None,
                full_response=False,
                dict_generator=False,
                retries=None,
                headers=None,
                proxies=None,
                verify=None):
        """
        Get objects from ThreatExchange.

        :param text: The text used for limiting the search.
        :type text: str
        :param strict_text: Whether we should use strict searching.
        :type strict_text: bool, str, int
        :param type_: The Indicator type to limit to.
        :type type_: str
        :param threat_type: The Threat type to limit to.
        :type threat_type: str
        :param fields: Select specific fields to pull
        :type fields: str, list
        :param limit: The maximum number of objects to return.
        :type limit: int, str
        :param since: The timestamp to limit the beginning of the search.
        :type since: str
        :param until: The timestamp to limit the end of the search.
        :type until: str
        :param include_expired: Include expired content in your results.
        :type include_expired: bool
        :param max_confidence: The max confidence level to search for.
        :type max_confidence: int
        :param min_confidence: The min confidence level to search for.
        :type min_confidence: int
        :param owner: The owner to limit to. This can be comma-delimited to
                      include multiple owners.
        :type owner: str
        :param status: The status to limit to.
        :type status: str
        :param __raw__: Provide a dictionary to force as GET parameters.
                        Overrides all other arguments.
        :type __raw__: dict
        :param full_response: Return the full response instead of the generator.
                              Takes precedence over dict_generator.
        :type full_response: bool
        :param dict_generator: Return a dictionary instead of an instantiated
                               object.
        :type dict_generator: bool
        :param retries: Number of retries to fetch a page before stopping.
        :type retries: int
        :param headers: header info for requests.
        :type headers: dict
        :param proxies: proxy info for requests.
        :type proxies: dict
        :param verify: verify info for requests.
        :type verify: bool, str
        :returns: Generator, dict (using json.loads())
        """

        if __raw__:
            if isinstance(__raw__, dict):
                params = __raw__
            else:
                raise pytxValueError('__raw__ must be of type dict')
        else:
            params = Broker.build_get_parameters(
                text=text,
                strict_text=strict_text,
                type_=type_,
                threat_type=threat_type,
                fields=fields,
                limit=limit,
                since=since,
                until=until,
                include_expired=include_expired,
                max_confidence=max_confidence,
                min_confidence=min_confidence,
                owner=owner,
                status=status
            )
        if full_response:
            return Broker.get(cls._URL,
                              params=params,
                              retries=retries,
                              headers=headers,
                              proxies=proxies,
                              verify=verify)
        else:
            return Broker.get_generator(cls,
                                        cls._URL,
                                        to_dict=dict_generator,
                                        params=params,
                                        retries=retries,
                                        headers=headers,
                                        proxies=proxies,
                                        verify=verify)