def load_client(context):
"""Get an instance of a loaded client."""
username = context.getTransformSetting('username')
api_key = context.getTransformSetting('aKey')
test_status = context.getTransformSetting('test_local')
if test_status and test_status == 'True':
server = context.getTransformSetting('server')
version = context.getTransformSetting('version')
return ActionsClient(username, api_key, server, version)
else:
return ActionsClient(username, api_key, headers=gen_debug(request))
def get_action(self, **kwargs):
client = ActionsClient(self.username, self.apikey)
keys = ['query', 'tags', 'classification', 'monitor', 'sinkhole',
'dynamic_dns', 'ever_compromised', 'metadata']
params = self._cleanup_params(keys, **kwargs)
res = None
if params.get('tags'):
params['tags'] = [tag.strip() for tag in params['tags'].split(',')]
if kwargs.get('add_tags'):
res = client.add_tags(**params)
elif kwargs.get('remove_tags'):
res = client.remove_tags(**params)
elif kwargs.get('set_tags'):
res = client.set_tags(**params)
else:
self.stoq.log.error("No tags provided.")
if params.get('classification'):
res = client.set_classification_status(**params)
if params.get('monitor'):
params['status'] = to_bool(params['monitor'])
res = client.set_monitor_status(**params)
if params.get('sinkhole'):
params['status'] = to_bool(params['sinkhole'])
res = client.set_sinkhole_status(**params)
if params.get('dynamic_dns'):
params['status'] = to_bool(params['dynamic_dns'])
res = client.set_dynamic_dns_status(**params)
if params.get('ever_compromised'):
params['status'] = to_bool(params['ever_compromised'])
res = client.set_ever_compromised_status(**params)
if params.get('metadata'):
res = client.get_metadata(**params)
return res
def call_actions(args):
"""Abstract call to actions-based queries."""
client = ActionsClient.from_config()
pruned = prune_args(
query=args.query,
tags=args.tags,
classification=args.classification,
monitor=args.monitor,
sinkhole=args.sinkhole,
dynamic_dns=args.dynamic_dns,
ever_compromised=args.ever_compromised,
metadata=args.metadata
)
if args.tags:
tag_values = [x.strip() for x in args.tags.split(',')]
pruned['tags'] = tag_values
if args.add_tags:
data = client.add_tags(**pruned)
elif args.remove_tags:
data = client.remove_tags(**pruned)
elif args.set_tags:
data = client.set_tags(**pruned)
else:
raise ValueError("Tag action required.")
if args.classification:
data = client.set_classification_status(**pruned)
if args.monitor:
pruned['status'] = to_bool(args.monitor)
data = client.set_monitor_status(**pruned)
if args.sinkhole:
pruned['status'] = to_bool(args.sinkhole)
data = client.set_sinkhole_status(**pruned)
if args.dynamic_dns:
pruned['status'] = to_bool(args.dynamic_dns)
data = client.set_dynamic_dns_status(**pruned)
if args.ever_compromised:
pruned['status'] = to_bool(args.ever_compromised)
data = client.set_ever_compromised_status(**pruned)
if args.metadata:
data = client.get_metadata(**pruned)
return data
def call_actions(args):
"""Abstract call to actions-based queries."""
client = ActionsClient.from_config()
pruned = prune_args(query=args.query,
tags=args.tags,
classification=args.classification,
monitor=args.monitor,
sinkhole=args.sinkhole,
dynamic_dns=args.dynamic_dns,
ever_compromised=args.ever_compromised,
metadata=args.metadata)
data = {}
if args.tags:
tag_values = [x.strip() for x in args.tags.split(',')]
pruned['tags'] = tag_values
if args.add_tags:
data = client.add_tags(**pruned)
elif args.remove_tags:
data = client.remove_tags(**pruned)
elif args.set_tags:
data = client.set_tags(**pruned)
else:
raise ValueError("Tag action required.")
if args.classification:
data = client.set_classification_status(**pruned)
if args.monitor:
pruned['status'] = to_bool(args.monitor)
data = client.set_monitor_status(**pruned)
if args.sinkhole:
pruned['status'] = to_bool(args.sinkhole)
data = client.set_sinkhole_status(**pruned)
if args.dynamic_dns:
pruned['status'] = to_bool(args.dynamic_dns)
data = client.set_dynamic_dns_status(**pruned)
if args.ever_compromised:
pruned['status'] = to_bool(args.ever_compromised)
data = client.set_ever_compromised_status(**pruned)
if args.metadata:
data = client.get_metadata(**pruned)
return ActionsResponse.process(data)
def setup_class(self):
self.patch_get = patch('passivetotal.api.Client._get', fake_request)
self.patch_set = patch('passivetotal.api.Client._send_data', fake_request)
self.patch_get.start()
self.patch_set.start()
self.client = ActionsClient('--No-User--', '--No-Key--')
class ActionsTestCase(unittest.TestCase):
"""Test case for action methods."""
def setup_class(self):
self.patch_get = patch('passivetotal.api.Client._get', fake_request)
self.patch_set = patch('passivetotal.api.Client._send_data', fake_request)
self.patch_get.start()
self.patch_set.start()
self.client = ActionsClient('--No-User--', '--No-Key--')
def teardown_class(self):
self.patch_get.stop()
self.patch_set.stop()
def test_dynamic_dns(self):
"""Test various actions for dynamic DNS."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_dynamic_dns_status(**payload)
assert not (response['dynamicDns'])
payload = {'query': 'passivetotal.org', 'status': 'false'}
response = self.client.set_dynamic_dns_status(**payload)
assert not (response['dynamicDns'])
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'passivetotal.org', 'no-status': 'false'}
self.client.set_dynamic_dns_status(**payload)
missing_field()
assert 'field is required' in str(excinfo.value)
def test_sinkhole(self):
"""Test various actions for sinkhole."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_sinkhole_status(**payload)
assert not (response['sinkhole'])
payload = {'query': 'passivetotal.org', 'status': 'false'}
response = self.client.set_sinkhole_status(**payload)
assert not (response['sinkhole'])
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'passivetotal.org', 'no-status': 'false'}
self.client.set_sinkhole_status(**payload)
missing_field()
assert 'field is required' in str(excinfo.value)
def test_ever_compromised(self):
"""Test various actions for ever compromised."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_ever_compromised_status(**payload)
assert not (response['everCompromised'])
payload = {'query': 'passivetotal.org', 'status': 'false'}
response = self.client.set_ever_compromised_status(**payload)
assert not (response['everCompromised'])
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'passivetotal.org', 'no-status': 'false'}
self.client.set_ever_compromised_status(**payload)
missing_field()
assert 'field is required' in str(excinfo.value)
def test_monitor(self):
"""Test various actions for monitors."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_monitor_status(**payload)
assert not (response['monitor'])
payload = {'query': 'passivetotal.org', 'status': 'false'}
response = self.client.set_monitor_status(**payload)
assert not (response['monitor'])
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'passivetotal.org', 'no-status': 'false'}
self.client.set_monitor_status(**payload)
missing_field()
assert 'field is required' in str(excinfo.value)
def test_classification(self):
"""Test various actions for classifications."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_classification_status(**payload)
assert (response['classification']) == 'non-malicious'
payload = {'query': 'passivetotal.org',
'classification': 'non-malicious'}
response = self.client.set_classification_status(**payload)
assert (response['classification']) == 'non-malicious'
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'passivetotal.org',
'no-classification': 'unknown'}
self.client.set_classification_status(**payload)
missing_field()
assert 'field is required' in str(excinfo.value)
with pytest.raises(INVALID_VALUE_TYPE) as excinfo:
def invalid_field():
payload = {'query': 'passivetotal.org', 'classification': '_'}
self.client.set_classification_status(**payload)
invalid_field()
assert 'must be one of the following' in str(excinfo.value)
def test_tags(self):
"""Test various actions for tags."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_tags(**payload)
assert (response['tags'])
assert ('security' in response['tags'])
payload = {'query': 'passivetotal.org', 'tags': 'vendor,security'}
response = self.client.add_tags(**payload)
assert (response['tags'])
response = self.client.remove_tags(**payload)
assert (response['tags'])
response = self.client.set_tags(**payload)
assert (response['tags'])
with pytest.raises(INVALID_VALUE_TYPE) as excinfo:
def invalid_field():
payload = {'query': 'passivetotal.org', 'tags': {}}
self.client.add_tags(**payload)
invalid_field()
assert 'must be a list' in str(excinfo.value)
logger.debug("Raw options: %s" % str(options))
configuration = get_config("passivetotal", "api-setup")
username = configuration.get('username', None)
api_key = configuration.get('apikey', None)
output_events = list()
enrichment = EnrichmentRequest(
username, api_key,
headers=build_headers()).get_enrichment(query=query_value)
if 'error' in enrichment:
raise Exception(
"Whoa there, looks like you reached your quota for today! Please come back tomorrow to resume your investigation or contact support for details on enterprise plans."
)
classification = ActionsClient(
username, api_key).get_classification_status(query=query_value,
headers=build_headers())
tmp = classification.get('classification', 'unknown').replace('_', '-')
if tmp == '':
tmp = 'unknown'
enrichment['tags'].append(tmp)
classification_lookup = {
'non-malicious': 1,
'suspicious': 2,
'malicious': 3,
'unknown': 0,
'': 0
}
enrichment['classification'] = classification_lookup[tmp]
logger.info(enrichment)
output_events.append(enrichment)
def get_action(self, **kwargs):
client = ActionsClient(self.username, self.apikey)
keys = ['query', 'tags', 'classification', 'monitor', 'sinkhole',
'dynamic_dns', 'ever_compromised', 'metadata']
params = self._cleanup_params(keys, **kwargs)
res = None
if params.get('tags'):
params['tags'] = [tag.strip() for tag in params['tags'].split(',')]
if kwargs.get('add_tags'):
res = client.add_tags(**params)
elif kwargs.get('remove_tags'):
res = client.remove_tags(**params)
elif kwargs.get('set_tags'):
res = client.set_tags(**params)
else:
self.log.error("No tags provided.")
if params.get('classification'):
res = client.set_classification_status(**params)
if params.get('monitor'):
params['status'] = to_bool(params['monitor'])
res = client.set_monitor_status(**params)
if params.get('sinkhole'):
params['status'] = to_bool(params['sinkhole'])
res = client.set_sinkhole_status(**params)
if params.get('dynamic_dns'):
params['status'] = to_bool(params['dynamic_dns'])
res = client.set_dynamic_dns_status(**params)
if params.get('ever_compromised'):
params['status'] = to_bool(params['ever_compromised'])
res = client.set_ever_compromised_status(**params)
if params.get('metadata'):
res = client.get_metadata(**params)
return res
