def push_11(taxii_client, stix_file_doc):
if stix_file_doc.version.startswith('2'):
try:
content = stix_file_doc.get_slide_12()
except Exception as e:
traceback.print_exc()
raise e
else:
with open(stix_file_doc.origin_path, 'r', encoding='utf-8') as fp:
content = fp.read()
auth_credentials_dict, cert_fd, key_fd = _get_auth_credentials_dict(
taxii_client)
taxii_client._client.set_auth_credentials(auth_credentials_dict)
try:
subscription_information = tm11.SubscriptionInformation(
collection_name=taxii_client._collection_name,
subscription_id='subscripiton_id')
cb = tm11.ContentBlock(const.CB_STIX_XML_11, content)
im = tm11.InboxMessage(
message_id=tm11.generate_message_id(),
destination_collection_names=[taxii_client._collection_name],
subscription_information=subscription_information,
content_blocks=[cb])
http_resp = taxii_client._client.call_taxii_service2(
taxii_client._address,
taxii_client._path,
const.VID_TAXII_XML_11,
im.to_xml(),
port=taxii_client._port)
taxii_message = libtaxii.get_message_from_http_response(
http_resp, im.message_id)
if taxii_message.status_type != 'SUCCESS':
raise Exception('taxii_message.status_type is not SUCCESS')
return 'Success !!'
except Exception as e:
traceback.print_exc()
raise e
finally:
if cert_fd is not None:
try:
os.close(cert_fd)
except Exception:
pass
if key_fd is not None:
try:
os.close(key_fd)
except Exception:
pass
if 'cert_file' in auth_credentials_dict:
try:
os.remove(auth_credentials_dict['cert_file'])
except Exception:
pass
if 'key_file' in auth_credentials_dict:
try:
os.remove(auth_credentials_dict['key_file'])
except Exception:
pass
def _get_inbox_message(self, cb):
return tm11.InboxMessage(
message_id=tm11.generate_message_id(),
destination_collection_names=[self._collection_name],
subscription_information=self._subscription_information,
content_blocks=[cb],
)
def push(s, collection, content, path="/"):
msg_id=tm11.generate_message_id()
content = tm11.ContentBlock(tm11.ContentBinding(t.CB_STIX_XML_11),
content)
# Create inbox request
req = tm11.InboxMessage(message_id=msg_id,
destination_collection_names=[collection],
content_blocks=[content])
# Convert to XML for request body
req_xml = req.to_xml()
# Create HTTP client
client = tc.HttpClient()
client.setProxy('noproxy')
# Call TAXII service, using the body
resp = client.callTaxiiService2(s.host, path, t.VID_TAXII_XML_11,
req_xml, s.port)
# Get response
resp = t.get_message_from_http_response(resp, '0')
if resp.status_type != tm11.ST_SUCCESS:
print("%s: %s" % (resp.status_type, resp.message))
def test_01(self):
"""
Sends an Inbox Message to an invalid URL.
Should get back a 404
"""
inbox_message = tm11.InboxMessage(generate_message_id())
msg = make_request(post_data=inbox_message.to_xml(),
path='/Services/PathThatShouldNotWork/',
expected_code=404)
def test_01(self):
"""
Send a message to test_inbox_1 with a valid destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(),
destination_collection_names=['default'])
msg = make_request('/services/test_inbox_1/', inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE, ST_SUCCESS)
def test_09(self):
"""
Send a message to test_inbox_3 without a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_08(self):
"""
Send a message to test_inbox_3 with a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(),
destination_collection_names=['default'])
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_DESTINATION_COLLECTION_ERROR)
def test_03(self):
"""
Send a message to test_inbox_1 without a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_DESTINATION_COLLECTION_ERROR,
sd_keys=[SD_ACCEPTABLE_DESTINATION])
def test_nonexistent_service_url(self):
"""
Sends an Inbox Message to an invalid URL.
Should get back a 404.
"""
# TODO: Why do we actually need a payload to return a 404? Shouldn't an
# empty message to a non-existent URL also return a 404?
inbox_msg = tm11.InboxMessage(tm11.generate_message_id())
path = '/Services/PathThatShouldNotWork/'
response = self.post(path, inbox_msg.to_xml())
self.assertEqual(404, response.status_code)
def test_10(self):
"""
Send an Inbox message with a Record Count
"""
inbox = tm11.InboxMessage(generate_message_id(),
destination_collection_names=['default'])
inbox.record_count = tm11.RecordCount(0, True)
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def taxii_inbox(config, dest, stix_package=None, src=None, crits_id=None):
'''inbox a stix package via taxii'''
if src and crits_id:
# check whether this has already been ingested
sync_state = config['db'].get_object_id(src, dest, crits_id=crits_id)
if sync_state and sync_state.get('crits_id', None):
if config['daemon']['debug']:
config['logger'].debug(
log.log_messages['object_already_ingested'].format(
src_type='crits', src_id=crits_id, src=src,
dest_type='edge', dest=dest, dest_id=sync_state['edge_id']))
return(True)
if stix_package:
stixroot = lxml.etree.fromstring(stix_package.to_xml())
client = tc.HttpClient()
client.setUseHttps(config['edge']['sites'][dest]['taxii']['ssl'])
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{'username':
config['edge']['sites'][dest]['taxii']['user'],
'password':
config['edge']['sites'][dest]['taxii']['pass']})
message = tm11.InboxMessage(message_id=tm11.generate_message_id())
content_block = tm11.ContentBlock(content_binding=t.CB_STIX_XML_11,
content=stixroot)
if config['edge']['sites'][dest]['taxii']['collection'] != \
'system.Default':
message.destination_collection_names = \
[config['edge']['sites'][dest]['taxii']['collection']]
message.content_blocks.append(content_block)
if config['daemon']['debug']:
config['logger'].debug(
log.log_messages[
'open_session'].format(type_='taxii', host=dest))
taxii_response = client.callTaxiiService2(
config['edge']['sites'][dest]['host'],
config['edge']['sites'][dest]['taxii']['path'],
t.VID_TAXII_XML_11, message.to_xml(),
port=config['edge']['sites'][dest]['taxii']['port'])
if taxii_response.code != 200 or taxii_response.msg != 'OK':
success = False
config['logger'].error(
log.log_messages[
'inbox_error'].format(type_='taxii', host=dest,
msg=taxii_response.msg))
else:
success = True
if config['daemon']['debug']:
config['logger'].debug(
log.log_messages['inbox_success'].format(type_='taxii',
host=dest))
return(success)
def push(self,
content,
content_binding,
collection_names=None,
timestamp=None,
uri=None):
"""Push content into Inbox Service.
if ``uri`` is not provided, client will try to discover
services and find Inbox Service among them.
:param str content: content to push
:param content_binding: content binding for a content
:type content_binding: string or
:py:class:`cabby.entities.ContentBinding`
:param list collection_names:
destination collection names
:param datetime timestamp: timestamp label of the content block
(current UTC time by default)
:param str uri: URI path to a specific Inbox Service
:raises ValueError:
if URI provided is invalid or schema is not supported
:raises `cabby.exceptions.HTTPError`:
if HTTP error happened
:raises `cabby.exceptions.UnsuccessfulStatusError`:
if Status Message received and status_type is not `SUCCESS`
:raises `cabby.exceptions.ServiceNotFoundError`:
if no service found
:raises `cabby.exceptions.AmbiguousServicesError`:
more than one service with type specified
:raises `cabby.exceptions.NoURIProvidedError`:
no URI provided and client can't discover services
"""
content_block = tm11.ContentBlock(
content=content,
content_binding=pack_content_binding(content_binding, version=11),
timestamp_label=timestamp or get_utc_now(),
)
inbox_message = tm11.InboxMessage(message_id=self._generate_id(),
content_blocks=[content_block])
if collection_names:
inbox_message.destination_collection_names.extend(collection_names)
self._execute_request(inbox_message,
uri=uri,
service_type=const.SVC_INBOX)
self.log.debug("Content block successfully pushed")
def make_inbox_message(version, blocks=None, dest_collection=None):
if version == 10:
inbox_message = tm10.InboxMessage(message_id=MESSAGE_ID, content_blocks=blocks)
elif version == 11:
inbox_message = tm11.InboxMessage(message_id=MESSAGE_ID, content_blocks=blocks)
if dest_collection:
inbox_message.destination_collection_names.append(dest_collection)
else:
raise ValueError('Unknown TAXII message version: %s' % version)
return inbox_message
def test_05(self):
"""
Send a message to test_inbox_2 with an invalid destination collection name
"""
inbox = tm11.InboxMessage(
generate_message_id(),
destination_collection_names=['default_INVALID'])
msg = make_request('/services/test_inbox_2/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def push_11(self, stix_file_doc):
self.debug_print('>>> push_11: enter')
# stix_file_doc の versionが 2.0 ならスライド
if stix_file_doc.version == '2.0':
try:
content = stix_file_doc.get_slide_1_x()
except Exception as e:
traceback.print_exc()
raise e
else:
with open(stix_file_doc.origin_path, 'r', encoding='utf-8') as fp:
content = fp.read()
# Subscription Information xml作成
subscription_information = tm11.SubscriptionInformation(
collection_name=self._collection_name,
subscription_id='subscripiton_id')
cb = tm11.ContentBlock(const.CB_STIX_XML_11, content)
im = tm11.InboxMessage(
message_id=tm11.generate_message_id(),
destination_collection_names=[self._collection_name],
subscription_information=subscription_information,
content_blocks=[cb])
try:
# push
self._address = '10.0.3.100'
# self.debug_print('>>> push_11: self._address:%s' %(self._address))
# self.debug_print('>>> push_11: self._path:%s' %(self._path))
# self.debug_print('>>> push_11: self._port:%d' %(self._port))
# self.debug_print('>>> push_11: self._collection_name:%s' %(self._collection_name))
# self.debug_print('>>> push_11: verify_server:%s' %(str(self._client.verify_server)))
# self.debug_print('>>> push_11: use_https:%s' %(str(self._client.use_https)))
http_resp = self._client.call_taxii_service2(
self._address,
self._path,
const.VID_TAXII_XML_11,
im.to_xml(),
port=self._port)
taxii_message = libtaxii.get_message_from_http_response(
http_resp, im.message_id)
if taxii_message.status_type != 'SUCCESS':
self.debug_print('taxii_message.status_type is not SUCCESS')
self.debug_print(taxii_message.to_xml(pretty_print=True))
raise Exception('taxii_message.status_type is not SUCCESS')
except Exception as e:
traceback.print_exc()
self.debug_print(e)
raise e
def gen_post(self, msg_type, xml):
content_block = tm11.ContentBlock(tm11.ContentBinding(Client.BINDING_STIX), xml)
if msg_type.lower() == 'inbox':
post = tm11.InboxMessage(tm11.generate_message_id())
post.content_blocks.append(content_block)
post.message = Client.CLIENT_MSG
if self.subscription:
post.subscription_id = self.subscription
if self.collection:
post.destination_collection_names.append(self.collection)
return post
def create_request_message(self, args):
if args.content_file is self.stix_watchlist:
data = self.stix_watchlist
else:
with open(args.content_file, 'r') as f:
data = f.read()
cb = tm11.ContentBlock(tm11.ContentBinding(args.content_binding), data)
if args.subtype is not None:
cb.content_binding.subtype_ids.append(args.subtype)
inbox_message = tm11.InboxMessage(message_id=tm11.generate_message_id(), content_blocks=[cb])
if args.dcn:
inbox_message.destination_collection_names.append(args.dcn)
return inbox_message
def main():
config = ConfigParser.ConfigParser()
config.read('app.conf')
dstHost = config.get('taxii', 'dstHost')
dstPort = config.get('taxii', 'dstPort')
dstPath = config.get('taxii', 'dstPath')
username = config.get('taxii', 'username')
password = config.get('taxii', 'password')
parser = argparse.ArgumentParser(description="Inbox Client")
parser.add_argument(
"--host",
dest="host",
default=dstHost,
help="Host where the Inbox Service is hosted. Defaults to " + dstHost)
parser.add_argument(
"--port",
dest="port",
default=dstPort,
help="Port where the Inbox Service is hosted. Defaults to " + dstPort)
parser.add_argument(
"--path",
dest="path",
default=dstPath,
help="Path where the Inbox Service is hosted. Defaults to " + dstPath)
parser.add_argument(
"--content-binding",
dest="content_binding",
default=t.CB_STIX_XML_11,
help="Content binding of the Content Block to send. Defaults to %s" %
t.CB_STIX_XML_11)
parser.add_argument(
"--content-file",
dest="content_file",
default=stixContent,
help="File name of the Content Block to send. Required.")
args = parser.parse_args()
if args.content_file is '':
parser.print_help()
sys.exit(1)
_l.info('Starting...')
c = open(args.content_file, 'r')
cb = tmsg.ContentBlock(tmsg.ContentBinding(args.content_binding), c.read())
c.close()
taxiiMsg = tmsg.InboxMessage(message_id=tmsg.generate_message_id(),
content_blocks=[cb])
taxiiMsgXml = taxiiMsg.to_xml()
# send it
_l.debug('Uploading content.')
client = tc.HttpClient()
client.setProxy('noproxy')
client.setAuthType(tc.HttpClient.AUTH_BASIC)
client.setAuthCredentials({'username': username, 'password': password})
resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_11,
taxiiMsgXml, args.port)
response_message = t.get_message_from_http_response(resp, '0')
_l.debug('Response was: ' + response_message.to_xml())
_l.info('Ended.')
