def __init__(self, params):
self.initial_user_connector = ExpandedPyMISP(params['url'], params['key'], ssl=False, debug=False)
# Git pull
self.initial_user_connector.update_misp()
# Set the default role (id 3 on the VM is normal user)
self.initial_user_connector.set_default_role(3)
# Restart workers
self.initial_user_connector.restart_workers()
if not fast_mode:
# Load submodules
self.initial_user_connector.update_object_templates()
self.initial_user_connector.update_galaxies()
self.initial_user_connector.update_noticelists()
self.initial_user_connector.update_warninglists()
self.initial_user_connector.update_taxonomies()
self.initial_user_connector.toggle_global_pythonify()
# Create organisation
organisation = MISPOrganisation()
organisation.name = params['orgname']
self.test_org = self.initial_user_connector.add_organisation(organisation)
print(self.test_org.name, self.test_org.uuid)
# Create Site admin in new org
user = MISPUser()
user.email = params['email_site_admin']
user.org_id = self.test_org.id
user.role_id = 1 # Site admin
self.test_site_admin = self.initial_user_connector.add_user(user)
self.site_admin_connector = ExpandedPyMISP(params['url'], self.test_site_admin.authkey, ssl=False, debug=False)
self.site_admin_connector.toggle_global_pythonify()
# Create org admin
user = MISPUser()
user.email = params['email_admin']
user.org_id = self.test_org.id
user.role_id = 2 # Org admin
self.test_org_admin = self.site_admin_connector.add_user(user)
self.org_admin_connector = ExpandedPyMISP(params['url'], self.test_org_admin.authkey, ssl=False, debug=False)
self.org_admin_connector.toggle_global_pythonify()
# Create user
user = MISPUser()
user.email = params['email_user']
user.org_id = self.test_org.id
self.test_usr = self.org_admin_connector.add_user(user)
self.user_connector = ExpandedPyMISP(params['url'], self.test_usr.authkey, ssl=False, debug=False)
self.user_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting('MISP.external_baseurl', params['external_baseurl'], force=True)
# Setup baseurl
self.site_admin_connector.set_server_setting('MISP.baseurl', params['url'], force=True)
# Setup host org
self.site_admin_connector.set_server_setting('MISP.host_org_id', self.test_org.id)
self.external_base_url = params['external_baseurl']
self.sync = []
self.sync_servers = []
def setUpClass(cls):
warnings.simplefilter("ignore", ResourceWarning)
# Connect as admin
cls.admin_misp_connector = PyMISP(url, key)
cls.admin_misp_connector.set_server_setting('debug', 1, force=True)
cls.admin_misp_connector.global_pythonify = True
# Check if admin is really site admin
assert cls.admin_misp_connector._current_role.perm_site_admin
# Create advanced authkey, so connector will work even after advanced keys are required
cls.admin_advanced_authkey = cls.__create_advanced_authkey(
cls, cls.admin_misp_connector._current_user.id)
cls.admin_misp_connector.key = cls.admin_misp_connector.key + "," + cls.admin_advanced_authkey[
"authkey_raw"]
# Creates an org
organisation = MISPOrganisation()
organisation.name = 'Test Org ' + random() # make name always unique
cls.test_org = cls.admin_misp_connector.add_organisation(organisation)
check_response(cls.test_org)
# Creates org admin
org_admin = MISPUser()
org_admin.email = 'testorgadmin@user' + random(
) + '.local' # make name always unique
org_admin.org_id = cls.test_org.id
org_admin.role_id = 2 # Org admin role
cls.test_org_admin = cls.admin_misp_connector.add_user(org_admin)
check_response(cls.test_org_admin)
# Creates advanced auth key for org admin
cls.org_admin_advanced_authkey = cls.__create_advanced_authkey(
cls, cls.test_org_admin.id)
cls.org_admin_misp_connector = PyMISP(
url, cls.test_org_admin.authkey + "," +
cls.org_admin_advanced_authkey["authkey_raw"])
cls.org_admin_misp_connector.global_pythonify = True
# Creates an user
cls.test_usr_password = str(uuid.uuid4())
user = MISPUser()
user.email = 'testusr@user' + random(
) + '.local' # make name always unique
user.org_id = cls.test_org.id
user.role_id = 3 # User role
user.password = cls.test_usr_password
cls.test_usr = cls.admin_misp_connector.add_user(user)
check_response(cls.test_usr)
# Try to connect as user to check if everything works
PyMISP(url, cls.test_usr.authkey)
# Check if user can login with given password
assert login(url, cls.test_usr.email, cls.test_usr_password)
def test_event_alert_default_enabled(self):
user = MISPUser()
user.email = '*****@*****.**'
user.org_id = self.test_org.id
created_user = check_response(self.admin_misp_connector.add_user(user))
self.assertFalse(created_user.autoalert, created_user)
self.admin_misp_connector.delete_user(created_user)
with MISPSetting(self.admin_misp_connector, {"MISP.default_publish_alert": True}):
user = MISPUser()
user.email = '*****@*****.**'
user.org_id = self.test_org.id
created_user = check_response(self.admin_misp_connector.add_user(user))
self.assertTrue(created_user.autoalert, created_user)
self.admin_misp_connector.delete_user(created_user)
def create_sync_user(self, organisation):
sync_org = self.site_admin_connector.add_organisation(organisation)
short_org_name = sync_org.name.lower().replace(' ', '-')
user = MISPUser()
user.email = f"sync_user@{short_org_name}.local"
user.org_id = sync_org.id
user.role_id = 5 # Org admin
sync_user = self.site_admin_connector.add_user(user)
self.sync.append((sync_org, sync_user, self.external_base_url))
def test_add_user_by_org_admin_disabled(self):
with MISPSetting(self.admin_misp_connector, "MISP.disable_user_add",
True):
user = MISPUser()
user.email = 'testusr@user' + random(
) + '.local' # make name always unique
user.org_id = self.test_org.id
user.role_id = 3
created_user = self.org_admin_misp_connector.add_user(user)
assert_error_response(created_user)
def test_add_user_by_org_admin(self):
user = MISPUser()
user.email = 'testusr@user' + random(
) + '.local' # make name always unique
user.org_id = self.test_org.id
user.role_id = 3
created_user = self.org_admin_misp_connector.add_user(user)
check_response(created_user)
deleted = self.org_admin_misp_connector.delete_user(created_user)
check_response(deleted)
def create_sync_user(self, organisation):
sync_org = self.site_admin_connector.add_organisation(organisation)
short_org_name = sync_org.name.lower().replace(' ', '-')
user = MISPUser()
user.email = f"sync_user@{short_org_name}.local"
user.org_id = sync_org.id
user.role_id = 5 # Org admin
sync_user = self.site_admin_connector.add_user(user)
sync_user_connector = ExpandedPyMISP(self.site_admin_connector.root_url, sync_user.authkey, ssl=False, debug=False)
sync_server_config = sync_user_connector.get_sync_config(pythonify=True)
self.sync.append((sync_org, sync_user, sync_server_config))
def create_sync_user(self, organisation, hostname):
self.sync_org = self.create_or_update_organisation(organisation)
email = f"sync_user@{hostname}"
user = MISPUser()
user.email = email
user.org_id = self.sync_org.id
user.role_id = 5 # Sync user
sync_user = self.create_or_update_user(user)
sync_user.authkey = self.owner_site_admin.get_new_authkey(sync_user)
sync_user_connector = PyMISP(self.owner_site_admin.root_url, sync_user.authkey, ssl=secure_connection, debug=False)
return sync_user_connector.get_sync_config(pythonify=True)
def test_add_user_by_org_admin_to_different_org(self):
user = MISPUser()
user.email = 'testusr@user' + random(
) + '.local' # make name always unique
user.org_id = 1
user.role_id = 3
created_user = self.org_admin_misp_connector.add_user(user)
check_response(created_user)
# Org should be silently changed to correct org
self.assertEqual(created_user.org_id, self.test_org_admin.org_id)
deleted = self.org_admin_misp_connector.delete_user(created_user)
check_response(deleted)
def create_user(self, email, role_id):
user = MISPUser()
user.email = email
user.org_id = self.host_org.id
user.role_id = role_id
new_user = self.site_admin_connector.add_user(user)
if not isinstance(new_user, MISPUser):
users = self.site_admin_connector.users()
for user in users:
if user.email == email:
new_user = user
break
else:
raise Exception('Unable to find admin user')
return new_user
def init_default_user(self, email, password='******', role_id=1, org_id=None):
'''Default user is a local admin in the host org'''
user = MISPUser()
user.email = email
if org_id:
user.org_id = org_id
else:
for org in self.owner_site_admin.organisations():
if org.name == self.config['admin_orgname']:
user.org_id = org.id
break
else:
raise Exception('No default org found.')
user.role_id = role_id
user.password = password
self.create_or_update_user(user)
def setUpClass(cls):
cls.maxDiff = None
# Connect as admin
cls.admin_misp_connector = PyMISP(url, key, ssl=False, debug=False)
cls.admin_misp_connector.set_server_setting('debug', 1, force=True)
# Creates an org
organisation = MISPOrganisation()
organisation.name = 'Test Org'
cls.test_org = cls.admin_misp_connector.add_organisation(organisation, pythonify=True)
# Set the default role (id 3 on the VM)
cls.admin_misp_connector.set_default_role(3)
# Creates a user
user = MISPUser()
user.email = '*****@*****.**'
user.org_id = cls.test_org.id
cls.test_usr = cls.admin_misp_connector.add_user(user, pythonify=True)
cls.user_misp_connector = PyMISP(url, cls.test_usr.authkey, ssl=False, debug=True)
def __create_user(self,
org_id: int = None,
role_id: Union[int, ROLE] = None) -> MISPUser:
if isinstance(role_id, ROLE):
role_id = role_id.value
user = MISPUser()
user.email = 'test@' + random() + '.local' # make name always unique
if org_id:
user.org_id = org_id
if role_id:
user.role_id = role_id
user = self.admin_misp_connector.add_user(user)
check_response(user)
if org_id:
self.assertEqual(int(org_id), int(user.org_id))
if role_id:
self.assertEqual(int(role_id), int(user.role_id))
return user
def owner_orgadmin(self) -> PyMISP:
if self._owner_orgadmin:
return self._owner_orgadmin
for user in self.site_admin.users():
if user.email == self.config['email_orgadmin']:
break
else:
# The user doesn't exists
user = MISPUser()
user.email = self.config['email_orgadmin']
user.org_id = self.host_org.id
user.role_id = 2 # Site admin
user = self.create_or_update_user(user)
user.authkey = self.config.get('orgadmin_authkey')
dump_config = False
if not user.authkey: # type: ignore
dump_config = True
user.authkey = self.site_admin.get_new_authkey(user)
self.config['orgadmin_authkey'] = user.authkey # type: ignore
user.password = self.config.get('orgadmin_password')
if not user.password:
dump_config = True
if user.change_pw in ['1', True, 1]: # type: ignore
# Only change the password if the user never logged in.
user.password = ''.join(random.choices(string.ascii_uppercase + string.digits, k=16))
self.site_admin.update_user({'password': user.password, 'change_pw': 0}, user.id) # type: ignore
else:
user.password = '******'
self.config['orgadmin_password'] = user.password
# This user might have been disabled by the users
self._owner_orgadmin = PyMISP(self.baseurl, user.authkey, # type: ignore
ssl=secure_connection, debug=False, timeout=300)
self._owner_orgadmin.toggle_global_pythonify()
if dump_config:
with self.config_file.open('w') as f:
json.dump(self.config, f, indent=2)
return self._owner_orgadmin
def create_sync_user(self, organisation: MISPOrganisation) -> MISPServer:
sync_org = self.site_admin_connector.add_organisation(organisation)
if not isinstance(sync_org, MISPOrganisation):
# The organisation is probably already there
organisations = self.site_admin_connector.organisations(
scope='all')
for org in organisations:
if org.name == organisation.name:
if not org.local:
org.local = True
org = self.site_admin_connector.update_organisation(
org)
sync_org = org
break
else:
raise Exception('Unable to find sync organisation')
short_org_name = sync_org.name.lower().replace(' ', '-')
email = f"sync_user@{short_org_name}.local"
user = MISPUser()
user.email = email
user.org_id = sync_org.id
user.role_id = 5 # Sync user
sync_user = self.site_admin_connector.add_user(user)
if not isinstance(sync_user, MISPUser):
users = self.site_admin_connector.users()
for user in users:
if user.email == email:
sync_user = user
break
else:
raise Exception('Unable to find sync user')
sync_user_connector = PyMISP(self.site_admin_connector.root_url,
sync_user.authkey,
ssl=self.secure_connection,
debug=False)
return sync_user_connector.get_sync_config(pythonify=True)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import ExpandedPyMISP, MISPUser
from keys import misp_url, misp_key, misp_verifycert
import argparse
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Add a new user by setting the mandory fields.')
parser.add_argument("-e", "--email", required=True, help="Email linked to the account.")
parser.add_argument("-o", "--org_id", required=True, help="Organisation linked to the user.")
parser.add_argument("-r", "--role_id", required=True, help="Role linked to the user.")
args = parser.parse_args()
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, 'json')
user = MISPUser()
user.email = args.email
user.org_id = args.org_id
user.role_id = args.role_id
print(misp.add_user(user, pythonify=True))
def __init__(self, misp_instance_dir: Path, secure_connection: bool):
with (misp_instance_dir / 'config.json').open() as f:
self.instance_config = json.load(f)
print('Initialize', self.instance_config['admin_orgname'])
self.secure_connection = secure_connection
self.synchronisations = {}
self.name = self.instance_config['admin_orgname']
# NOTE: never use that user again after initial config.
initial_user_connector = PyMISP(self.instance_config['baseurl'],
self.instance_config['admin_key'],
ssl=self.secure_connection,
debug=False)
# Set the default role (id 3 is normal user)
initial_user_connector.set_default_role(3)
initial_user_connector.toggle_global_pythonify()
self.baseurl = self.instance_config['baseurl']
self.external_baseurl = self.instance_config['external_baseurl']
# Create organisation
organisation = MISPOrganisation()
organisation.name = self.instance_config['admin_orgname']
self.host_org = initial_user_connector.add_organisation(organisation)
if not isinstance(self.host_org, MISPOrganisation):
# The organisation is probably already there
organisations = initial_user_connector.organisations()
for organisation in organisations:
if organisation.name == self.instance_config['admin_orgname']:
self.host_org = organisation
break
else:
raise Exception('Unable to find admin organisation')
# Create Site admin in new org
user = MISPUser()
user.email = self.instance_config['email_site_admin']
user.org_id = self.host_org.id
user.role_id = 1 # Site admin
self.host_site_admin = initial_user_connector.add_user(user)
if not isinstance(self.host_site_admin, MISPUser):
users = initial_user_connector.users()
for user in users:
if user.email == self.instance_config['email_site_admin']:
self.host_site_admin = user
break
else:
raise Exception('Unable to find admin user')
self.site_admin_connector = PyMISP(self.baseurl,
self.host_site_admin.authkey,
ssl=self.secure_connection,
debug=False)
self.site_admin_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting('MISP.external_baseurl',
self.external_baseurl,
force=True)
# Setup baseurl
self.site_admin_connector.set_server_setting('MISP.baseurl',
self.baseurl,
force=True)
# Setup host org
self.site_admin_connector.set_server_setting('MISP.host_org_id',
self.host_org.id)
# create other useful users
self.orgadmin = self.create_user(
self.instance_config['email_orgadmin'], 2)
self.user = self.create_user(self.instance_config['email_user'], 3)
# And connectors
self.org_admin_connector = PyMISP(self.baseurl,
self.orgadmin.authkey,
ssl=self.secure_connection,
debug=False)
self.org_admin_connector.toggle_global_pythonify()
self.user_connector = PyMISP(self.baseurl,
self.user.authkey,
ssl=self.secure_connection,
debug=False)
self.user_connector.toggle_global_pythonify()
def test_Organisations(self):
"""
This test creats new organisations from the org.json file and adds user from the user.json file to it.
After all organisations and user are created the tests removes them and checks if they are correctly removed
"""
### Create organisations from org.json file
org_list = readInFile("samples/org.json")
tested_keys = [
'name', 'description', 'nationality', 'sector', 'uuid', 'contacts'
]
for item in org_list:
org = MISPOrganisation()
org.name = org_list[item]['name']
org.description = org_list[item]['description']
org.nationality = org_list[item]['nationality']
org.sector = org_list[item]['sector']
org.uuid = org_list[item]['uuid']
org.contacts = org_list[item]['contacts']
#org.local = org_list[item]['local']
logging.info("OrgManagement - try to create organization \"" +
org_list[item]['name'] + "\"")
response = self._misp.add_organisation(org, pythonify=True)
self.assertTrue(
org_list[item]['uuid'] in response.uuid,
msg="The created organisation has no or a wrong UUID")
self.assertTrue(
org_list[item]['name'] in response.name,
msg="The created organisation has no or a wrong name")
self.assertTrue(
org_list[item]['description'] in response.description,
msg="The created organisation has no or a wrong description")
self.assertTrue(
org_list[item]['nationality'] in response.nationality,
msg="The created organisation has no or a wrong nationality")
self.assertTrue(
response.local,
msg=
"The created organisation is not a local organisation but should be a local organisation"
)
self.assertTrue(
org_list[item]['sector'] in response.sector,
msg="The created organisation has no or a wrong sector")
response = self._misp.organisations(scope="local", pythonify=True)
logging.info(
"OrgManagement - check if the admin and both test organisations exist"
)
self.assertGreaterEqual(
len(response), 3,
"MISP responded with less then 3 existing organisations - there shold exactly be 3"
)
### Add new user from the user.json file
list_user = readInFile("samples/user.json")
users = self._misp.users(pythonify=True)
for item in list_user:
for org in response:
if org.name in list_user[item]['org_id']:
logging.info("OrgManagement - try to add user \"" +
list_user[item]['email'] + "\"")
usr = MISPUser()
usr.email = list_user[item]['email']
usr.org_id = org.id
usr.role_id = list_user[item]['role_id']
usr_response = self._misp.add_user(usr, pythonify=True)
# legnth of regular authkeys is 40 chars or longer
self.assertTrue(
usr_response.email in list_user[item]['email'],
msg="The created users has no or a wrong email")
self.assertTrue(
usr_response.role_id in list_user[item]['role_id'],
msg="The created users has no or a wrong role id")
self.assertGreaterEqual(
len(usr_response.authkey),
40,
msg=
"MISP responded with a wrong authkey - should be exactly 40 chars"
)
### An authentication test could be inserted here
### An user change role test could be inserted here
logging.info(
"OrgManagement - check if all user where created successfully")
response = self._misp.users(pythonify=True)
self.assertGreaterEqual(
len(response),
len(list_user),
msg=
"MISP responded with a wrong number of users - it seems that not all users could be created."
)
for item in response:
if item.org_id not in '1' or item.id not in '1':
logging.info("OrgManagement - try to delete user \"" +
item.email + "\"")
usr_response = self._misp.delete_user(item)
self.assertTrue("User deleted" in usr_response['message'],
msg="User could ne be deleted")
pass
logging.info(
"OrgManagement - check if user list now only contains the admin user"
)
response = self._misp.users(pythonify=True)
self.assertEqual(
len(response), 1,
"MISP responded with a wrong number of users - it seems that not all users could be deleted."
)
### Remove organisations
response = self._misp.organisations(pythonify=True)
for item in response:
if item.id not in "1":
logging.info("Try to remove organization: \"" + item.name +
"\"")
org_response = self._misp.delete_organisation(item)
self.assertTrue(
'deleted' in org_response['message'],
msg="Organisations could not be deleted from MISP")
pass
response = self._misp.organisations(pythonify=True)
logging.info("OrgManagement - check if only admin org exist")
self.assertEqual(
len(response),
1,
msg=
"MISP responded with a wrong number of organisations - it seems that not all organisations could be deleted."
)