def is_plugin_available(name, config):
module, classname = __get_module_classname(name)
try:
# first check if enabled
plugin_config = config.get_section('Plugins')
if plugin_config.get(classname.lower(), False):
# else check if instanciable
get_class(module, classname)
return True
else:
return False
except (ImportError, ConfigSectionNotFoundException, PluginException) as error:
raise PluginException(error)
def value(self, new_value):
"""
Plain value setter, somehow :)
"""
# check first if not already set
try:
value = self.plain_value
except Exception:
value = None
if value:
self.__set_value(new_value)
else:
if self.definition:
classname = getattr(self.definition, 'classname')
value_instance = get_class('ce1sus.brokers.valuebroker', classname)()
value_instance.attribute_id = self.identifier
value_instance.attribute = self
value_instance.value = new_value
if self.object:
value_instance.event = getattr(self.object, 'event')
else:
raise Exception(u'No object was specified')
# set the value
attr_name = classname.replace('V', '_v').lower()
setattr(self, attr_name, value_instance)
else:
raise Exception(u'No definition was specified')
def get_class_by_string(classname):
"""
returns class for the attribute
:param classname: the name of the class
:type classname: Class
"""
return get_class('ce1sus.db.classes.values',
u'{0}Value'.format(classname))
def create_attribute(self, obj, definition, user, json, set_parent=True):
"""
Creates the attribute
:param params: The parameters
:type params: Dictionary
:param obj: The object the attributes belongs to
:type obj: BASE object
:param definition: Attribute definition
:type definition: AttributeDefinition
:param user: The user creating the attribute
:type user: User
:returns: Attribute
"""
attribute = get_class('ce1sus.db.classes.attribute', 'Attribute')()
# Note first the definition has to be specified else the value cannot be assigned
attribute.definition = definition
# Note second the object has to be specified
attribute.object = obj
attribute.object_id = obj.identifier
# TODO create default value if value was not set for IOC and share
# set remaining stuff
attribute.populate(json)
# set definition id
# definition = self.get_attriute_definition_by_uuid(attribute.def_uuid)
# attribute.definition = definition
attribute.definition_id = definition.identifier
# set condition id
condition = self.get_condition_by_uuid(attribute.cond_uuid)
attribute.condition = condition
attribute.condition_id = condition.identifier
# TODO fix this -> should take into account the ones from json
attribute.owner_group_id = user.group.identifier
attribute.owner_group = user.group
attribute.creator_group_id = user.group.identifier
attribute.creator_group = user.group
attribute.modifier_group_id = user.group.identifier
attribute.modifier_group = user.group
attribute.originating_group_id = user.group.identifier
attribute.originating_group = user.group
attribute.creator_id = user.identifier
attribute.modifier = user
attribute.modifier_id = user.identifier
attribute.creator = user
self.set_provenance(attribute)
return attribute
def __set_value(self, new_value):
if self.definition:
try:
value_table = self.definition.value_table
except AttributeError as error:
raise error
classname = '{0}Value'.format(value_table)
attribute = '{0}_value'.format(value_table.lower())
# check if not a value has been assigned
value_instance = self.__get_value_instance()
if value_instance:
# update only
value_instance.value = new_value
else:
value_instance = get_class('ce1sus.db.classes.values',
classname)
value_instance = value_instance()
value_instance.attribute_id = self.identifier
value_instance.attribute = self
value_instance.value = new_value
value_instance.value_type_id = self.definition.value_type_id
if self.object:
if self.object.event or self.object.event_id:
event_id = self.object.event_id
if event_id:
value_instance.event_id = event_id
else:
event = self.object.event
if event:
value_instance.event = event
else:
raise ValueError(
u'Cannot set the attribute value as the event for of the parent object is not yet set.'
)
else:
raise ValueError(u'Parent of object was not set.')
else:
raise ValueError(
u'Cannot set the attribute value as the parent object is not yet set.'
)
setattr(self, attribute, value_instance)
else:
raise ValueError(
u'Cannot set the attribute value as the definition is not yet set.'
)
def get_plugin_function(name, method_name, config, type_):
module, classname = __get_module_classname(name)
try:
clazz = get_class(module, classname)
instance = clazz(config)
if isinstance(instance, BasePlugin):
method = getattr(instance, method_name)
if hasattr(method, type_):
return method
else:
raise PluginException('Method {0}.{1} is not defined as to be called from web applications'.format(classname, method_name))
else:
raise PluginException('Class {0} does not implement BasePlugin'.format(classname))
except (ImportError, AttributeError) as error:
raise PluginException(error)
def create_reference(self, report, definition, user, json):
reference = get_class('ce1sus.db.classes.report', 'Reference')()
# Note first the definition has to be specified else the value cannot be assigned
reference.uuid = uuid4()
reference.definition = definition
# Note second the object has to be specified
reference.report = report
reference.report_id = report.identifier
# TODO create default value if value was not set for IOC and share
# set remaining stuff
reference.populate(json)
# set the definition id as in the definition as it might get overwritten
reference.definition_id = definition.identifier
self.set_provenance(reference)
return reference
def create_object(self,
obsevable,
definition,
user,
json,
has_parent_observable=True):
# TODO recreate object to new setup
obj = get_class('ce1sus.db.classes.object', 'Object')()
obj.identifier = None
obj.populate(json)
obj.definition = definition
obj.definition_id = definition.identifier
obj.observable = obsevable
obj.observable_id = obsevable.identifier
if has_parent_observable:
obj.parent = obsevable
obj.parent_id = obsevable.identifier
# TODO create default value if value was not set for IOC and share
self.set_provenance(obj)
# TODO find a better way
obj.owner_group_id = user.group.identifier
obj.owner_group = user.group
obj.creator_group_id = user.group.identifier
obj.creator_group = user.group
obj.modifier_group_id = user.group.identifier
obj.modifier_group = user.group
obj.originating_group_id = user.group.identifier
obj.originating_group = user.group
obj.creator_id = user.identifier
obj.modifier = user
obj.modifier_id = user.identifier
obj.creator = user
return obj
def register_handler(self, modulename, type_='attributes', classname=None):
if not classname:
classname = modulename.title().replace('handler', 'Handler')
if self.verbose:
print 'Registering handler {0}'.format(classname)
modulename = u'{0}'.format(modulename)
clazz = get_class(u'ce1sus.handlers.{0}.{1}'.format(type_, modulename),
classname)
instance = clazz()
if isinstance(instance, HandlerBase):
if self.verbose:
print u'Adding handler {0}.{1}'.format(modulename, classname)
uuid = instance.get_uuid()
description = instance.get_description()
if type_ == 'attributes':
self.attribute_definition_controller.register_handler(
uuid, u'{0}.{1}'.format(modulename, classname),
description)
elif type_ == 'references':
self.reference_controller.register_handler(
uuid, u'{0}.{1}'.format(modulename, classname),
description)
else:
raise MaintenanceException(
'Type {0} for handlers is unknown'.format(type_))
return uuid
# TODO check if the required files are available
else:
raise MaintenanceException(
'Class {0}.{1} does not implement HandlerBase'.format(
modulename, classname))
def clazz(self):
clazz = get_class('ce1sus.handlers.attributes.{0}'.format(self.module),
self.classname)
return clazz
def create_object(self, ce1sus_object, event_permissions, user):
definition_name = ce1sus_object.definition.name
obj = Object()
identifier = 'ce1sus:Object-{0}'.format(ce1sus_object.uuid)
obj.id_ = identifier
# try to find automatic the object container
try:
clazz = get_class(
'cybox.objects.{0}_object'.format(definition_name.lower()),
definition_name)
instance = clazz()
if definition_name == 'Disk':
# TODO: check why this must be set stix bug?
setattr(instance, 'type_', None)
except ImportError:
if definition_name == 'WinEventLog':
instance = WinEventLog()
# TODO: check why this must be set stix bug?
setattr(instance, 'type_', None)
elif definition_name == 'UserAccount':
instance = UserAccount()
elif definition_name == 'WinService':
instance = WinService()
elif definition_name == 'WindowsRegistryKey':
instance = WinRegistryKey()
elif definition_name == 'NetworkConnection':
instance = NetworkConnection()
elif definition_name == 'WinVolume':
instance = WinVolume()
# TODO: check why this must be set stix bug?
setattr(instance, 'drive_type', None)
elif definition_name == 'WinKernelHook':
instance = WinKernelHook()
elif definition_name == 'WinDriver':
instance = WinDriver()
elif definition_name == 'DomainName':
instance = DomainName()
# TODO: try to map it manually
elif definition_name == 'email':
instance = EmailMessage()
else:
raise Ce1susStixMapperException(
'Required to map manually {0}'.format(definition_name))
obj.properties = instance
attributes = ce1sus_object.get_attributes_for_permissions(
event_permissions, user)
for attribute in attributes:
self.map_attribtue(instance, attribute)
rel_objects = ce1sus_object.get_related_objects_for_permissions(
event_permissions, user)
for rel_object in rel_objects:
ob = self.create_object(rel_object.object, event_permissions, user)
if ob:
rel_obj = self.create_related_object(rel_object,
event_permissions, user)
# cybox_rel_object = RelatedObject(properties=ob.properties, relationship=rel_object.relation)
obj.related_objects.append(rel_obj)
return obj