def ui_yara():
"""
Yara signatures view.
"""
create_yara_form = YaraForm()
change_tlp_level_form = ChangeTLPForm()
rename_yara_form = RenameForm()
if create_yara_form.validate_on_submit():
ret = api.yaracontrol.create(
create_yara_form.yara_name.data,
create_yara_form.yara_raw.data,
create_yara_form.yara_tlp.data)
if ret is None:
flash("Error during yara creation", "error")
else:
flash("Created yara " + ret.name, "success")
elif change_tlp_level_form.validate_on_submit():
if change_tlp_level_form.item_id:
yar = api.get_elem_by_type("yara",
change_tlp_level_form.item_id.data)
api.yaracontrol.set_tlp_level(
change_tlp_level_form.level.data, yar)
elif rename_yara_form.validate_on_submit():
if rename_yara_form.item_id:
yar = api.get_elem_by_type("yara",
rename_yara_form.item_id.data)
api.yaracontrol.rename(rename_yara_form.newname.data, yar)
yaras = api.yaracontrol.get_all()
return render_template("signatures.html",
myyaras=yaras,
changetlpform=change_tlp_level_form,
renameform=rename_yara_form,
yaraform=create_yara_form)
def ui_yara():
"""
Yara signatures view.
"""
create_yara_form = YaraForm()
change_tlp_level_form = ChangeTLPForm()
rename_yara_form = RenameForm()
if create_yara_form.validate_on_submit():
api.yaracontrol.create(create_yara_form.yara_name.data,
create_yara_form.yara_raw.data,
create_yara_form.yara_tlp.data)
if change_tlp_level_form.validate_on_submit():
if change_tlp_level_form.item_id:
yar = api.yaracontrol.get_by_id(change_tlp_level_form.item_id.data)
if yar is None:
abort(404)
api.yaracontrol.set_tlp_level(change_tlp_level_form.level.data,
yar)
if rename_yara_form.validate_on_submit():
if rename_yara_form.item_id:
yar = api.yaracontrol.get_by_id(rename_yara_form.item_id.data)
if yar is None:
abort(404)
api.yaracontrol.rename(rename_yara_form.newname.data, yar)
yaras = api.yaracontrol.get_all()
return render_template("signatures.html",
myyaras=yaras,
changetlpform=change_tlp_level_form,
renameform=rename_yara_form,
yaraform=create_yara_form)
def ui_yara():
"""
Yara signatures view.
"""
create_yara_form = YaraForm()
change_tlp_level_form = ChangeTLPForm()
rename_yara_form = RenameForm()
if create_yara_form.validate_on_submit():
ret = api.yaracontrol.create(
create_yara_form.yara_name.data,
create_yara_form.yara_raw.data,
create_yara_form.yara_tlp.data)
if ret is None:
flash("Error during yara creation", "error")
else:
flash("Created yara " + ret.name, "success")
elif change_tlp_level_form.validate_on_submit():
if change_tlp_level_form.item_id:
yar = api.get_elem_by_type("yara",
change_tlp_level_form.item_id.data)
api.yaracontrol.set_tlp_level(
change_tlp_level_form.level.data, yar)
elif rename_yara_form.validate_on_submit():
if rename_yara_form.item_id:
yar = api.get_elem_by_type("yara",
rename_yara_form.item_id.data)
api.yaracontrol.rename(rename_yara_form.newname.data, yar)
yaras = api.yaracontrol.get_all()
return render_template("signatures.html",
myyaras=yaras,
changetlpform=change_tlp_level_form,
renameform=rename_yara_form,
yaraform=create_yara_form)
def gen_sample_view(sample_id, graph=None, fctaddr=None):
"""
Generates a sample's view (template). We split the view because of the
disassembly view, which is directly included in the sample's view, but
not "by default".
"""
sample = api.samplecontrol.get_by_id(sample_id)
if sample is None:
abort(404)
machex_export_form = ExportMachexForm(sampleid=sample.id)
set_sample_abstract_form = SampleAbstractForm()
add_family_form = AddSampleToFamilyForm()
families_choices = [(f.id, f.name) for f in Family.query.order_by('name')]
add_family_form.parentfamily.choices = families_choices
change_tlp_level_form = ChangeTLPForm()
machoc_compare_form = CompareMachocForm()
sample_metadata = []
for i in sample.s_metadata:
sample_metadata.append(
{"type": SampleMetadataType.tostring(i.type_id), "value": i.value})
if add_family_form.validate_on_submit():
family_id = add_family_form.parentfamily.data
family = api.familycontrol.get_by_id(family_id)
if family is None:
abort(404)
api.familycontrol.add_sample(sample, family)
if set_sample_abstract_form.validate_on_submit():
abstract = set_sample_abstract_form.abstract.data
api.samplecontrol.set_abstract(sample, abstract)
elif sample.abstract is not None:
set_sample_abstract_form.abstract.default = sample.abstract
set_sample_abstract_form.abstract.data = sample.abstract
if change_tlp_level_form.validate_on_submit():
level = change_tlp_level_form.level.data
api.samplecontrol.set_tlp_level(sample, level)
machoc_comparison_results = None
if machoc_compare_form.validate_on_submit():
comparison_level = machoc_compare_form.percent.data
if comparison_level < 1:
comparison_level = 1
elif comparison_level > 100:
comparison_level = 100
comparison_level = float(comparison_level) / 100
machoc_comparison_results = api.samplecontrol.machoc_diff_with_all_samples(
sample, comparison_level)
return render_template("sample.html",
sample=sample,
abstractform=set_sample_abstract_form,
checklists=api.samplecontrol.get_all_checklists(),
changetlpform=change_tlp_level_form,
compareform=machoc_compare_form,
expform=machex_export_form,
hresults=machoc_comparison_results,
metasample=sample_metadata,
addfamilyform=add_family_form,
graph=graph,
fctaddr=fctaddr)
def gen_sample_view(sample_id, graph=None, fctaddr=None):
"""
Generates a sample's view (template). We split the view because of the
disassembly view, which is directly included in the sample's view, but
not "by default".
"""
sample = api.samplecontrol.get_by_id(sample_id)
if sample is None:
abort(404)
machex_export_form = ExportMachexForm(sampleid=sample.id)
set_sample_abstract_form = SampleAbstractForm()
add_family_form = AddSampleToFamilyForm()
families_choices = [(f.id, f.name) for f in Family.query.order_by('name')]
add_family_form.parentfamily.choices = families_choices
change_tlp_level_form = ChangeTLPForm()
machoc_form = CompareMachocForm()
if add_family_form.validate_on_submit():
family_id = add_family_form.parentfamily.data
family = api.familycontrol.get_by_id(family_id)
if family is None:
abort(404)
api.familycontrol.add_sample(sample, family)
if set_sample_abstract_form.validate_on_submit():
abstract = set_sample_abstract_form.abstract.data
api.samplecontrol.set_abstract(sample, abstract)
elif sample.abstract is not None:
set_sample_abstract_form.abstract.default = sample.abstract
set_sample_abstract_form.abstract.data = sample.abstract
if change_tlp_level_form.validate_on_submit():
level = change_tlp_level_form.level.data
api.samplecontrol.set_tlp_level(sample, level)
machoc_comparison_results = None
if machoc_form.validate_on_submit():
machoc_comparison_results = parse_machoc_form(sample, machoc_form)
return render_template("sample.html",
sample=sample,
abstractform=set_sample_abstract_form,
checklists=api.samplecontrol.get_all_checklists(),
changetlpform=change_tlp_level_form,
compareform=machoc_form,
expform=machex_export_form,
hresults=machoc_comparison_results,
addfamilyform=add_family_form,
graph=graph,
fctaddr=fctaddr)
def gen_sample_view(sample_id, graph=None, fctaddr=None):
"""
Generates a sample's view (template). We split the view because of the
disassembly view, which is directly included in the sample's view, but
not "by default".
"""
sample = api.get_elem_by_type("sample", sample_id)
machex_export_form = ExportMachexForm(sampleid=sample.id)
set_sample_abstract_form = SampleAbstractForm()
add_family_form = AddSampleToFamilyForm()
families_choices = [(f.id, f.name) for f in Family.query.order_by('name')]
add_family_form.parentfamily.choices = families_choices
change_tlp_level_form = ChangeTLPForm()
machoc_form = CompareMachocForm()
if add_family_form.validate_on_submit():
family_id = add_family_form.parentfamily.data
family = api.get_elem_by_type("family", family_id)
api.familycontrol.add_sample(sample, family)
if set_sample_abstract_form.validate_on_submit():
abstract = set_sample_abstract_form.abstract.data
api.samplecontrol.set_abstract(sample, abstract)
elif sample.abstract is not None:
set_sample_abstract_form.abstract.default = sample.abstract
set_sample_abstract_form.abstract.data = sample.abstract
if change_tlp_level_form.validate_on_submit():
level = change_tlp_level_form.level.data
api.samplecontrol.set_tlp_level(sample, level)
machoc_comparison_results = None
if machoc_form.validate_on_submit():
machoc_comparison_results = parse_machoc_form(sample, machoc_form)
return render_template("sample.html",
sample=sample,
abstractform=set_sample_abstract_form,
checklists=api.samplecontrol.get_all_checklists(),
changetlpform=change_tlp_level_form,
compareform=machoc_form,
expform=machex_export_form,
hresults=machoc_comparison_results,
addfamilyform=add_family_form,
graph=graph,
fctaddr=fctaddr)
def view_family(family_id):
"""
Family view and forms handling.
"""
family = api.get_elem_by_type("family", family_id)
family_users = api.familycontrol.get_users_for_family(family)
export_form = ExportFamilyForm()
add_subfamily_form = AddSubFamilyForm()
add_yara_form = AddYaraToFamilyForm()
yara_choices = [(f.id, f.name) for f in YaraRule.query.order_by(
'name') if f not in family.yaras]
add_yara_form.yaraid.choices = yara_choices
family_abstract_form = FamilyAbstractForm()
add_detection_item_form = CreateDetectionItemForm()
change_status_form = ChangeStatusForm()
change_tlp_form = ChangeTLPForm()
add_attachment_form = UploadFamilyFileForm()
if add_subfamily_form.validate_on_submit():
newname = add_subfamily_form.familyname.data
newname = family.name + "." + newname
fid = api.familycontrol.create(name=newname, parentfamily=family)
if not fid:
abort(500)
if export_form.validate_on_submit():
family_manage_export_form(family.id, export_form)
if add_yara_form.validate_on_submit():
yar = api.get_elem_by_type("yara", add_yara_form.yaraid.data)
api.yaracontrol.add_to_family(family, yar)
if family_abstract_form.validate_on_submit():
abstract = family_abstract_form.abstract.data
api.familycontrol.set_abstract(family, abstract)
elif family.abstract is not None:
family_abstract_form.abstract.default = family.abstract
family_abstract_form.abstract.data = family.abstract
if change_tlp_form.validate_on_submit():
level = change_tlp_form.level.data
api.familycontrol.set_tlp_level(family, level)
if change_status_form.validate_on_submit():
status = change_status_form.newstatus.data
api.familycontrol.set_status(family, status)
if add_detection_item_form.validate_on_submit():
api.familycontrol.create_detection_item(
add_detection_item_form.item_abstract.data,
add_detection_item_form.name.data,
add_detection_item_form.tlp_level.data,
add_detection_item_form.item_type.data,
family)
if add_attachment_form.validate_on_submit():
data = add_attachment_form.file.data.read()
fname = secure_filename(add_attachment_form.file.data.filename)
api.familycontrol.add_file(data,
fname,
add_attachment_form.description.data,
add_attachment_form.level.data,
family)
return render_template("family.html",
family=family,
expform=export_form,
addsubfamform=add_subfamily_form,
uploadform=add_attachment_form,
abstractform=family_abstract_form,
createdetectionitemform=add_detection_item_form,
changestatusform=change_status_form,
changetlpform=change_tlp_form,
famusers=family_users,
yaraform=add_yara_form)
def view_family(family_id):
"""
Family view and forms handling.
"""
family = api.familycontrol.get_by_id(family_id)
if family is None:
abort(404)
family_users = api.familycontrol.get_users_for_family(family)
export_form = ExportFamilyForm()
add_subfamily_form = AddSubFamilyForm()
add_yara_form = AddYaraToFamilyForm()
yara_choices = [(f.id, f.name) for f in YaraRule.query.order_by('name')
if f not in family.yaras]
add_yara_form.yaraid.choices = yara_choices
family_abstract_form = FamilyAbstractForm()
add_detection_item_form = CreateDetectionItemForm()
change_status_form = ChangeStatusForm()
change_tlp_form = ChangeTLPForm()
add_attachment_form = UploadFamilyFileForm()
if add_subfamily_form.validate_on_submit():
newname = add_subfamily_form.familyname.data
newname = family.name + "." + newname
fid = api.familycontrol.create(name=newname, parentfamily=family)
if not fid:
abort(500)
if export_form.validate_on_submit():
exptype = export_form.datatype.data
lvl = export_form.level.data
if exptype == 1:
return redirect(
url_for("apiview.api_family_export_detection_yara",
family_id=family.id,
tlp_level=lvl))
elif exptype == 2:
return redirect(
url_for("apiview.api_family_export_samplesioc",
family_id=family.id,
tlp_level=lvl))
elif exptype == 3:
return redirect(
url_for("apiview.api_family_export_detection_openioc",
family_id=family.id,
tlp_level=lvl))
elif exptype == 4:
return redirect(
url_for("apiview.api_family_export_detection_snort",
family_id=family.id,
tlp_level=lvl))
elif exptype == 5:
return redirect(
url_for("apiview.api_family_export_detection_custom_elements",
family_id=family.id,
tlp_level=lvl))
elif exptype == 6:
return redirect(
url_for("apiview.api_family_export_sampleszip",
family_id=family.id,
tlp_level=lvl))
if add_yara_form.validate_on_submit():
yar = api.yaracontrol.get_by_id(add_yara_form.yaraid.data)
if yar is not None:
api.yaracontrol.add_to_family(family, yar)
if family_abstract_form.validate_on_submit():
abstract = family_abstract_form.abstract.data
api.familycontrol.set_abstract(family, abstract)
elif family.abstract is not None:
family_abstract_form.abstract.default = family.abstract
family_abstract_form.abstract.data = family.abstract
if change_tlp_form.validate_on_submit():
level = change_tlp_form.level.data
api.familycontrol.set_tlp_level(family, level)
if change_status_form.validate_on_submit():
status = change_status_form.newstatus.data
api.familycontrol.set_status(family, status)
if add_detection_item_form.validate_on_submit():
api.familycontrol.create_detection_item(
add_detection_item_form.abstract.data,
add_detection_item_form.name.data,
add_detection_item_form.tlp_level.data,
add_detection_item_form.item_type.data, family)
if add_attachment_form.validate_on_submit():
data = add_attachment_form.file.data.read()
fname = secure_filename(add_attachment_form.file.data.filename)
api.familycontrol.add_file(data, fname,
add_attachment_form.description.data,
add_attachment_form.level.data, family)
return render_template("family.html",
family=family,
expform=export_form,
addsubfamform=add_subfamily_form,
uploadform=add_attachment_form,
abstractform=family_abstract_form,
createdetectionitemform=add_detection_item_form,
changestatusform=change_status_form,
changetlpform=change_tlp_form,
famusers=family_users,
yaraform=add_yara_form)
