def store_private_key(username):
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
db = database.initialise_db("root", "Narnia0102*")
query = "INSERT INTO private_keys VALUES ('" + username + "', '" + str(
pem) + "');"
print query
database.query(query, db)
def check_username_availability(username, password):
db = database.initialise_db("root", "Narnia0102*")
query = "SELECT password FROM login WHERE username = '******';"
result = database.query_select(query, db)
if (result == []):
print "The username does not exist"
register_new_user(username, password, db)
else:
print "The username is taken"
return False
def add_user(new_user, new_user_pass, admin_username, admin_password):
db = database.initialise_db(admin_username, admin_password)
query = "CREATE USER '" + new_user + "'@'localhost' IDENTIFIED BY '" + new_user_pass + "';"
database.query(query, db)
query = "USE HIDS;"
database.query(query, db)
query = "CREATE TABLE " + new_user + "_file_checksum( ID int, checksum VARCHAR(200));"
database.query(query, db)
query = "GRANT ALL ON HIDS." + new_user + "_file_checksum " + "TO '" + new_user + "'@'localhost';"
response = database.query(query, db)
def main(original_file, path, username, mode, mode2):
path = path.replace("'", "")
query1 = "SELECT password FROM login WHERE username = '******';"
query2 = 'SELECT salt FROM login WHERE username = \'' + username + "';"
db = database.initialise_db("root", "Narnia0102*")
hashed_password = database.query_select(query1, db)
salt = database.query_select(query2, db)
DK = hash.derive_secret_key(str(hashed_password), str(salt))
response = file_integrity(original_file, salt, hashed_password, username, path, db, DK, mode, mode2)
print 'res', response
return response
def add_file_for_tracking(username, original_file, file):
query1 = "SELECT password FROM login WHERE username = '******';"
query2 = "SELECT salt FROM login WHERE username = '******';"
db = database.initialise_db("root", "Narnia0102*")
hashed_password = database.query_select(query1, db)
salt = database.query_select(query2, db)
print "yes"
file_name = file
DK = hash.derive_secret_key(str(hashed_password), str(salt))
checksum = hash.generate_file_checksum(str(file_name), DK)
print checksum
query = "INSERT INTO " + username + "_file_checksum VALUES ('" + str(
original_file) + "' ,'" + checksum + "');"
database.query(query, db)
def validate_credentials(username, input_password):
db = database.initialise_db("root", "Narnia0102*")
query = "SELECT salt FROM login WHERE username = '******';"
salt = database.query_select(query, db)
salt = salt[0][0]
hashed_password = hash.generate_password_hash(input_password, str(salt))
query = "SELECT password FROM login WHERE username = '******';"
password_obtained = database.query_select(query, db)
print salt
print "hash obtained:", password_obtained[0][0]
print "hash generated:", hashed_password
if (password_obtained[0][0] == hashed_password):
print "You are logged in"
#login_to_user_database_table(username, hashed_password)
return True
def generate_key(username):
global key
query2 = "SELECT salt FROM login WHERE username = '******';"
db = database.initialise_db("root", "Narnia0102*")
salt = database.query_select(query2, db)
salt = salt[0][0]
#TODO get the key of the user from the database.
query = "SELECT AES_key FROM user_info WHERE user_name = '" + str(username) + "';"
key = database.query_select(query, db)
key = key[0][0]
print key
print type(key)
key = hash.generate_password_hash(key, salt)
print key
#truncating the output to 32 bytes.
key = key[:32]
print key
def test_if_database_insertion_passes(self):
#test initialisation
username = '******'
password = '******'
db = database.initialise_db(username, password)
hash_value = database.track_new_file_initialisation(
'/Users/nadianoormohamed/Desktop/Answers_to_SJT.docx', db, 'key')
sql_query = "SELECT * FROM file_checksum WHERE ID = '" + hash_value + "';"
response = database.query_select(sql_query, db)
#testing if row is added
assert str(response[0][0]) == hash_value
assert response[0][1] == 1
#delete row afterwards to prevent the table from getting too large
sql_query = "DELETE FROM file_checksum WHERE ID = '" + hash_value + "';"
database.query(sql_query, db)
def delete_virus(username, original_file, filename, signature, DK):
print 'for the malware file the dk is: ', DK
with open(filename, "rt") as file:
file_contents = file.read()
file.close()
file_contents = file_contents.replace(signature, "<Removed>")
with open(filename, 'w') as file:
file.write(file_contents)
file.close()
#Need to update the checksum of the original file after malware is deleted
checksum_new = hash.generate_file_checksum(filename, DK)
db = database.initialise_db('root', 'Narnia0102*')
query = 'UPDATE ' + str(username) + '_file_checksum SET ID = "' + str(
original_file) + '", ' + 'checksum = "' + str(
checksum_new) + '" WHERE ID = "' + str(original_file) + '" ;'
database.query(query, db)
print 'The new checksum is: ', checksum_new
def test_database_initialisation():
assert database.initialise_db() != None
def login_to_user_database_table(username, password):
db = database.initialise_db(username, password)
# print file
# count = count + 1
# for line in file:
# for word in collection.find({},{ "_id": 0, "name": 0}).limit(100000):
# word = word["signature"]
# search(word,line, 37)
# except:
# print "file does not exist"
#
#
#
#
# end = time.time()
# print("time elapsed: " , (end-start))
# sys.exit()
# set_up('/home/nadia/Desktop/Third_Year_Project/t_file_10')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_file')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_file_200')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_files_400')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_files_500')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_files_600')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_files_800')
# set_up('/home/nadia/Desktop/Third_Year_Project/t_fil_1000')
import database
query = "INSERT INTO private_keys (" + 'Nadia23' + ", " + 'hello' + ");"
query = "INSERT INTO private_keys VALUES ('" + 'Nadia23' + "', '" + 'hello' + "');"
print query
db = database.initialise_db("root", "Narnia0102*")
database.query(query, db)
def threaded_client(conn):
conn.send(str.encode('Hello from server\n'))
while True:
data = conn.recv(2048)
params = data.split("&-&")
print params
if (params[0] == 'file upload'):
print "file upload------------------"
global file
if (params[2] == 'Nadia23'):
file = 'file_to_scan_server'
if (params[2] == "Nadia32"):
file = 'file_to_scan_server_2'
f = open(file, 'w')
file_content = params[1]
while "EOF" not in file_content:
f.write(file_content)
file_content = conn.recv(2048)
print 'writing'
print "file content is 1: ", file_content
f.write(file_content)
print "file content is 2: ", file_content
print "finished writing"
#conn.sendall('done')
f.close()
#replace the EOF character at the end of the file with "", as has not use anymore
with open(file, 'r') as f:
filedata = f.read()
f.close()
filedata = filedata.replace('EOF', "")
with open(file, 'w') as f:
f.write(filedata)
f.close()
if (params[0] == 'register'):
print "in register server"
username = params[1]
password = params[2]
response = register_user.check_username_availability(
username, password)
print response
conn.send(str(response))
if (params[0] == 'get-quarantine-files'):
query = params[1]
#print "query ", query
db = database.initialise_db("root", "Narnia0102*")
response = database.query_select(query, db)
conn.send(str(response))
if (params[0] == 'get-quarantine-file_path'):
query = params[1]
#print "query", params[1]
db = database.initialise_db("root", "Narnia0102*")
response = database.query_select(query, db)
conn.send(str(response))
#Testing
if (params[0] == 'perform scan'):
if (params[1] == "Nadia23"):
thread2 = Thread(target=scan, args=(params, ))
thread2.start()
thread2.join()
if (params[1] == "Nadia32"):
thread3 = Thread(target=scan, args=(params, ))
thread3.start()
thread3.join()
def scan(params):
print "--------------performing scan"
#transfer the input from file_to_scan_server to the original file name - do not have to do that.
file1 = file
original_file = params[4]
print "The file being sent is: ", file, "for the original file, ", original_file
viruses_found = file_integrity_check.main(original_file, file1,
params[1], params[2],
params[3])
# print "The number of viruses found is: ", viruses_found
conn.send(str(viruses_found))
if (params[0] == 'delete-virus'):
global db
print "deleting the signatures from: ", file
username = str(params[2])
query1 = "SELECT password FROM login WHERE username = '******';"
query2 = 'SELECT salt FROM login WHERE username = \'' + str(
username) + "';"
db = database.initialise_db("root", "Narnia0102*")
hashed_password = database.query_select(query1, db)
salt = database.query_select(query2, db)
DK = hash.derive_secret_key(str(hashed_password), str(salt))
original_file = params[1]
#print "The original file is: ", params[1]
#calling function to delete the virus
print "The file being sent is: ", file, "for the original file, ", original_file
Aho_Corasick.check_file(username, original_file, file, "delete",
"none", DK)
#Sending the malware free file contents back to the client.
#Send the file to the client.
f = open(file, 'a')
f.write('EOF')
f.close()
f = open(file, 'rb')
file_content = f.read(2048)
print "file_content", file_content
while ('EOF' not in file_content):
conn.send(file_content)
conn.send(file_content)
f.close()
def generate_nonce(length):
return ''.join(
random.choice(string.ascii_letters) for m in xrange(length))
if (params[0] == "challenge"):
print "Sending challenge"
global nonce
nonce = str(generate_nonce(32))
conn.send(nonce)
#validation of the login credentials
if (params[0] == 'validate'):
#generate challenge for the client
print "currently validating"
username = params[1]
encrypted_password = params[2]
#Need to decrypt the password first using the private key of the user.
db = database.initialise_db("root", "Narnia0102*")
query = "SELECT pr_key FROM private_keys WHERE username = '******';"
key = database.query_select(query, db)
print key
print key[0][0]
key = key[0][0]
RSA.read_private_key(str(key))
password = RSA.decrypt(encrypted_password)
print password
password, received_nonce = password.split("^^^")
print "received nonce: ", received_nonce
print 'nonce', nonce
if (received_nonce == nonce):
response = check_login_details.validate_credentials(
str(username), str(password))
conn.sendall(str(response))
else:
return False
if (params[0] == 'logs'):
query = params[1]
db = database.initialise_db('root', 'Narnia0102*')
response = database.query_select(query, db)
print sys.getsizeof(response) * 8
time.sleep(1)
print "response is: ", response
conn.sendall(str(response))
#sets the user type to be a simple user.
if (params[0] == 'set-simple'):
print 'server set user to simple'
query = params[1]
db = database.initialise_db('root', 'Narnia0102*')
database.query(query, db)
if (params[0] == 'update_db_quarantine'):
print "Server is updating the quarantine details"
query = params[1]
db = database.initialise_db("root", "Narnia0102*")
database.query(query, db)
#sets the user type to be advanced.
if (params[0] == 'set-advanced'):
print 'Server set the user to advanced'
query = params[1]
db = database.initialise_db('root', 'Narnia0102*')
database.query(query, db)
if (params[0] == 'get-number-scanned'):
query = params[1]
db = database.initialise_db('root', 'Narnia0102*')
files_scanned = database.query_select(query, db)
print "number of files scanned is: ", files_scanned
conn.send(str(files_scanned))
if (params[0] == 'new-day-first-scan'):
print "no files scanned today, so inserting number of files scanned in first scan of day"
query = params[1]
db = database.initialise_db('root', 'Narnia0102*')
database.query(query, db)
if (params[0] == 'update-num-scanned-today'):
print "updating the number of files scanned"
query = params[1]
db = database.initialise_db('root', 'Narnia0102*')
database.query(query, db)
if (params[0] == 'save-scan-details'):
print "server is updating the details of scan just finished"
query = params[1]
db = database.initialise_db("root", "Narnia0102*")
database.query(query, db)
if (params[0] == 'Quarantine'):
print "currently in quarantine"
username = params[1]
print "The username is: " + username
AES_en_de.generate_key(username)
out_file = 'test_encrypted_file.aes'
AES_en_de.encrypt_file(file, out_file)
#send the encypted file back to the client
f = open(out_file, 'a')
f.write('EOF')
f.close()
f = open(out_file, 'r')
file_content = f.read(2048)
print "file_content", file_content
while ('EOF' not in file_content):
conn.send(file_content)
conn.send(file_content)
f.close()
if (params[0] == 'decrypt-file'):
'Decrypting file'
print file
print "currently in decrypt function"
username = params[1]
AES_en_de.generate_key(username)
out_file = 'test_decrypted_file.aes'
AES_en_de.decrypt_file(file, out_file)
#Add EOF to decrypted file
f = open(out_file, 'a')
f.write('EOF')
f.close()
#Send the file to the client.
f = open(out_file, 'r')
file_content = f.read(2048)
print "file_content", file_content
while ('EOF' not in file_content):
conn.send(file_content)
conn.send(file_content)
f.close()
if (params[0] == 'remove-from-quarantine-logs'):
query = params[1]
db = database.initialise_db("root", "Narnia0102*")
database.query(query, db)
if not data:
break
conn.close()
from flask import Flask, jsonify
from flask_restful import Api
import os
from services import initialise_routes, initialise_security
from database import initialise_db, initialise_serializer
app = Flask(__name__, template_folder="templates", static_folder="static")
api = Api(app) # binding with RESTful aPI
initialise_db(app) # set DB models ready for use
initialise_serializer(app) # sets the serializer for db query response
initialise_routes(api) # set the endpoints for customer availability
initialise_security(app)
if __name__ == '__main__':
app.run(port=5002, debug=True)
def test_database_initialisation(self):
username = '******'
password = '******'
assert database.initialise_db(username, password) != None