def add_results(object_type, object_id, analysis_id, result, type_, subtype,
analyst):
"""
Add multiple results to an analysis task.
:param object_type: The top-level object type.
:type object_type: str
:param object_id: The ObjectId to search for.
:type object_id: str
:param analysis_id: The ID of the task to update.
:type analysis_id: str
:param result: The list of result to append.
:type result: list of str
:param type_: The list of result types.
:type type_: list of str
:param subtype: The list of result subtypes.
:type subtype: list of str
:param analyst: The user updating the results.
:type analyst: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
res = {'success': False}
if not object_type or not object_id or not analysis_id:
res['message'] = "Must supply object id/type and analysis id."
return res
# Validate user can add service results to this TLO.
klass = class_from_type(object_type)
sources = user_sources(analyst)
obj = klass.objects(id=object_id, source__name__in=sources).first()
if not obj:
res['message'] = "Could not find object to add results to."
return res
if not(result and type_ and subtype):
res['message'] = "Need a result, type, and subtype to add a result."
return res
if not(len(result) == len(type_) == len(subtype)):
res['message'] = "result, type, and subtype need to be the same length."
return res
# Update analysis results
final_list = []
for key, r in enumerate(result):
final = {}
final['subtype'] = subtype[key]
final['result'] = r
tmp = ast.literal_eval(type_[key])
for k in tmp:
final[k] = tmp[k]
final_list.append(final)
ar = AnalysisResult.objects(analysis_id=analysis_id).first()
if ar:
AnalysisResult.objects(id=ar.id).update_one(push_all__results=final_list)
res['success'] = True
return res
def migrate_analysis_results(self):
from cripts.services.analysis_result import (AnalysisResult,
AnalysisConfig,
EmbeddedAnalysisResultLog)
old_results = getattr(self.unsupported_attrs, 'analysis', None)
if old_results:
for result in old_results:
ar = AnalysisResult()
ar.analysis_id = result.get('id')
if ar.analysis_id:
del result['id']
config = result.get('config', {})
ar.config = AnalysisConfig(**config)
if 'config' in result:
del result['config']
logs = result.get('log', None)
if logs:
for l in logs:
le = EmbeddedAnalysisResultLog(**l)
ar.log.append(le)
del result['log']
ar.merge(arg_dict=result)
ar.object_type = self._meta['cripts_type']
ar.object_id = str(self.id)
ar.save()
try:
del self.unsupported_attrs['analysis']
except:
pass
def migrate_analysis_results(self):
from cripts.services.analysis_result import AnalysisResult, AnalysisConfig, EmbeddedAnalysisResultLog
old_results = getattr(self.unsupported_attrs, "analysis", None)
if old_results:
for result in old_results:
ar = AnalysisResult()
ar.analysis_id = result.get("id")
if ar.analysis_id:
del result["id"]
config = result.get("config", {})
ar.config = AnalysisConfig(**config)
if "config" in result:
del result["config"]
logs = result.get("log", None)
if logs:
for l in logs:
le = EmbeddedAnalysisResultLog(**l)
ar.log.append(le)
del result["log"]
ar.merge(arg_dict=result)
ar.object_type = self._meta["cripts_type"]
ar.object_id = str(self.id)
ar.save()
try:
del self.unsupported_attrs["analysis"]
except:
pass
def delete_analysis(task_id, analyst):
"""
Delete analysis results.
"""
ar = AnalysisResult.objects(id=task_id).first()
if ar:
ar.delete(username=analyst)
def add_log(object_type, object_id, analysis_id, log_message, level, analyst):
"""
Add a log entry to an analysis task.
:param object_type: The top-level object type.
:type object_type: str
:param object_id: The ObjectId to search for.
:type object_id: str
:param analysis_id: The ID of the task to update.
:type analysis_id: str
:param log_message: The log entry to append.
:type log_message: dict
:param level: The log level.
:type level: str
:param analyst: The user updating the log.
:type analyst: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
results = {'success': False}
if not object_type or not object_id or not analysis_id:
results['message'] = "Must supply object id/type and analysis id."
return results
# Validate user can add service results to this TLO.
klass = class_from_type(object_type)
sources = user_sources(analyst)
obj = klass.objects(id=object_id, source__name__in=sources).first()
if not obj:
results['message'] = "Could not find object to add results to."
return results
# Update analysis log
le = EmbeddedAnalysisResultLog()
le.message = log_message
le.level = level
le.datetime = str(datetime.datetime.now())
ar = AnalysisResult.objects(analysis_id=analysis_id).first()
if ar:
AnalysisResult.objects(id=ar.id).update_one(push__log=le)
results['success'] = True
else:
results['message'] = "Could not find task to add log to."
return results
def finish_task(object_type, object_id, analysis_id, status, analyst):
"""
Finish a task by setting its status to "completed" and setting the finish
date.
:param object_type: The top-level object type.
:type object_type: str
:param object_id: The ObjectId to search for.
:type object_id: str
:param analysis_id: The ID of the task to update.
:type analysis_id: str
:param status: The status of the task.
:type status: str ("error", "completed")
:param analyst: The user updating the log.
:type analyst: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
results = {'success': False}
if not status:
status = "completed"
if status not in ('error', 'completed'):
status = "completed"
if not object_type or not object_id or not analysis_id:
results['message'] = "Must supply object id/type and analysis id."
return results
# Validate user can add service results to this TLO.
klass = class_from_type(object_type)
sources = user_sources(analyst)
obj = klass.objects(id=object_id, source__name__in=sources).first()
if not obj:
results['message'] = "Could not find object to add results to."
return results
# Update analysis log
date = str(datetime.datetime.now())
ar = AnalysisResult.objects(analysis_id=analysis_id).first()
if ar:
AnalysisResult.objects(id=ar.id).update_one(set__status=status,
set__finish_date=date)
results['success'] = True
return results
def refresh_services(request, cripts_type, identifier):
"""
Refresh the Analysis tab with the latest information.
"""
response = {}
# Verify user can see results.
sources = user_sources(request.user.username)
klass = class_from_type(cripts_type)
if not klass:
msg = 'Could not find object to refresh!'
response['success'] = False
response['html'] = msg
return HttpResponse(json.dumps(response),
content_type="application/json")
if hasattr(klass, 'source'):
obj = klass.objects(id=identifier, source__name__in=sources).first()
else:
obj = klass.objects(id=identifier).first()
if not obj:
msg = 'Could not find object to refresh!'
response['success'] = False
response['html'] = msg
return HttpResponse(json.dumps(response),
content_type="application/json")
# Get analysis results.
results = AnalysisResult.objects(object_type=cripts_type,
object_id=identifier)
relationship = {'type': cripts_type, 'value': identifier}
subscription = {'type': cripts_type, 'id': identifier}
service_list = get_supported_services(cripts_type)
response['success'] = True
response['html'] = render_to_string(
"services_analysis_listing.html", {
'relationship': relationship,
'subscription': subscription,
'service_results': results,
'cripts_type': cripts_type,
'identifier': identifier,
'service_list': service_list
}, RequestContext(request))
return HttpResponse(json.dumps(response), content_type="application/json")
def refresh_services(request, cripts_type, identifier):
"""
Refresh the Analysis tab with the latest information.
"""
response = {}
# Verify user can see results.
sources = user_sources(request.user.username)
klass = class_from_type(cripts_type)
if not klass:
msg = 'Could not find object to refresh!'
response['success'] = False
response['html'] = msg
return HttpResponse(json.dumps(response), content_type="application/json")
if hasattr(klass, 'source'):
obj = klass.objects(id=identifier,source__name__in=sources).first()
else:
obj = klass.objects(id=identifier).first()
if not obj:
msg = 'Could not find object to refresh!'
response['success'] = False
response['html'] = msg
return HttpResponse(json.dumps(response), content_type="application/json")
# Get analysis results.
results = AnalysisResult.objects(object_type=cripts_type,
object_id=identifier)
relationship = {'type': cripts_type,
'value': identifier}
subscription = {'type': cripts_type,
'id': identifier}
service_list = get_supported_services(cripts_type)
response['success'] = True
response['html'] = render_to_string("services_analysis_listing.html",
{'relationship': relationship,
'subscription': subscription,
'service_results': results,
'cripts_type': cripts_type,
'identifier': identifier,
'service_list': service_list},
RequestContext(request))
return HttpResponse(json.dumps(response), content_type="application/json")
def insert_analysis_results(task):
"""
Insert analysis results for this task.
"""
ar = AnalysisResult()
tdict = task.to_dict()
tdict['analysis_id'] = tdict['id']
del tdict['id']
ar.merge(arg_dict=tdict)
ar.save()
def analysis_result(request, analysis_id):
"""
Get the TLO type and object_id and redirect to the details page for that
TLO.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param analysis_id: The ObjectId of the AnalysisResult
:type analysis_id: str
:returns: :class:`django.http.HttpResponse`
"""
ar = AnalysisResult.objects(id=analysis_id).first()
if ar:
return HttpResponseRedirect(reverse('cripts.core.views.details',
args=(ar.object_type,ar.object_id)))
else:
return render_to_response('error.html',
{'error': "No TLO found to redirect to."})
def analysis_result(request, analysis_id):
"""
Get the TLO type and object_id and redirect to the details page for that
TLO.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param analysis_id: The ObjectId of the AnalysisResult
:type analysis_id: str
:returns: :class:`django.http.HttpResponse`
"""
ar = AnalysisResult.objects(id=analysis_id).first()
if ar:
return HttpResponseRedirect(
reverse('cripts.core.views.details',
args=(ar.object_type, ar.object_id)))
else:
return render_to_response('error.html',
{'error': "No TLO found to redirect to."})
def update_analysis_results(task):
"""
Update analysis results for this task.
"""
# If the task does not currently exist for the given sample in the
# database, add it.
found = False
ar = AnalysisResult.objects(analysis_id=task.task_id).first()
if ar:
found = True
if not found:
logger.warning("Tried to update a task that didn't exist.")
insert_analysis_results(task)
else:
# Otherwise, update it.
tdict = task.to_dict()
tdict['analysis_id'] = tdict['id']
del tdict['id']
#TODO: find a better way to do this.
new_dict = {}
for k in tdict.iterkeys():
new_dict['set__%s' % k] = tdict[k]
try:
AnalysisResult.objects(id=ar.id).update_one(**new_dict)
except Exception as e: # assume bad data in 'results'
task.status = 'error'
new_dict['set__results'] = []
le = EmbeddedAnalysisResultLog()
le.message = 'DB Update Failed: %s' % e
le.level = 'error'
le.datetime = str(datetime.datetime.now())
new_dict['set__log'].append(le)
try:
AnalysisResult.objects(id=ar.id).update_one(**new_dict)
except: # don't know what's wrong, try writing basic log only
AnalysisResult.objects(id=ar.id).update_one(set__log=[le])