import concurrent.futures
from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint
from assemblyline_ui.config import STORAGE
from assemblyline.common import forge
Classification = forge.get_classification()
SUB_API = 'heuristics'
heuristics_api = make_subapi_blueprint(SUB_API, api_version=4)
heuristics_api._doc = "View the different heuristics of the system"
@heuristics_api.route("/<heuristic_id>/", methods=["GET"])
@api_login(allow_readonly=False, required_priv=["R"])
def get_heuristic(heuristic_id, **kwargs):
"""
Get a specific heuristic's detail from the system
Variables:
heuristic_id => ID of the heuristic
Arguments:
None
Data Block:
None
Result example:
from flask import request
from assemblyline.datastore.exceptions import SearchException
from assemblyline_ui.config import STORAGE
from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint
SUB_API = 'error'
error_api = make_subapi_blueprint(SUB_API, api_version=4)
error_api._doc = "Perform operations on service errors"
@error_api.route("/<error_key>/", methods=["GET"])
@api_login(required_priv=['R'])
def get_error(error_key, **kwargs):
"""
Get the error details for a given error key
Variables:
error_key => Error key to get the details for
Arguments:
None
Data Block:
None
Result example:
{
KEY: VALUE, # All fields of an error in key/value pair
}
"""
from assemblyline.common import forge
from assemblyline.common.isotime import iso_to_epoch, now_as_iso
from assemblyline.common.memory_zip import InMemoryZip
from assemblyline.odm.models.signature import DEPLOYED_STATUSES, STALE_STATUSES, DRAFT_STATUSES
from assemblyline.remote.datatypes import get_client
from assemblyline.remote.datatypes.hash import Hash
from assemblyline.remote.datatypes.lock import Lock
from assemblyline_ui.api.base import api_login, make_api_response, make_file_response, make_subapi_blueprint
from assemblyline_ui.config import LOGGER, STORAGE
Classification = forge.get_classification()
config = forge.get_config()
SUB_API = 'signature'
signature_api = make_subapi_blueprint(SUB_API, api_version=4)
signature_api._doc = "Perform operations on signatures"
DEFAULT_CACHE_TTL = 24 * 60 * 60 # 1 Day
def _reset_service_updates(signature_type):
service_updates = Hash(
'service-updates',
get_client(
host=config.core.redis.persistent.host,
port=config.core.redis.persistent.port,
private=False,
))
for svc in service_updates.items():
from assemblyline.datastore.exceptions import MultiKeyError
from flask import request
from assemblyline.common import forge
from assemblyline.datastore import SearchException
from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint
from assemblyline_ui.config import STORAGE, LOGGER
from assemblyline_ui.helper.result import format_result
from assemblyline_ui.helper.submission import get_or_create_summary
Classification = forge.get_classification()
config = forge.get_config()
SUB_API = 'submission'
submission_api = make_subapi_blueprint(SUB_API, api_version=4)
submission_api._doc = "Perform operations on system submissions"
@submission_api.route("/<sid>/", methods=["DELETE"])
@api_login(required_priv=['W'], allow_readonly=False)
def delete_submission(sid, **kwargs):
"""
Delete a submission as well as all related
files, results and errors
Variables:
sid => Submission ID to be deleted
Arguments:
None
from flask import request
from assemblyline.common.isotime import now_as_iso
from assemblyline.common.uid import get_random_id
from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint
from assemblyline_ui.config import STORAGE, CLASSIFICATION
from assemblyline.odm.models.workflow import Workflow
SUB_API = 'workflow'
workflow_api = make_subapi_blueprint(SUB_API, api_version=4)
workflow_api._doc = "Manage the different workflows of the system"
# noinspection PyBroadException
def verify_query(query):
"""Ensure that a workflow query can be executed."""
try:
STORAGE.alert.search(query, rows=0)
except Exception: # If an error occurred in this block we are 100% blaming the user query
return False
return True
@workflow_api.route("/", methods=["PUT"])
@api_login(allow_readonly=False)
def add_workflow(**kwargs):
"""
Add a workflow to the system
Variables:
from assemblyline.common.dict_utils import get_recursive_delta
from assemblyline.odm.models.error import ERROR_TYPES
from assemblyline.odm.models.heuristic import Heuristic
from assemblyline.odm.models.service import Service
from assemblyline.odm.messages.changes import Operation
from assemblyline.remote.datatypes import get_client
from assemblyline.remote.datatypes.events import EventSender
from assemblyline.remote.datatypes.hash import Hash
from assemblyline_core.updater.helper import get_latest_tag_for_service
from assemblyline_ui.api.base import api_login, make_api_response, make_file_response, make_subapi_blueprint
from assemblyline_ui.api.v4.signature import _reset_service_updates
from assemblyline_ui.config import LOGGER, STORAGE, config, CLASSIFICATION as Classification
SUB_API = 'service'
service_api = make_subapi_blueprint(SUB_API, api_version=4)
service_api._doc = "Manage the different services"
latest_service_tags = Hash(
'service-tags',
get_client(
host=config.core.redis.persistent.host,
port=config.core.redis.persistent.port,
private=False,
))
service_update = Hash(
'container-update',
get_client(
host=config.core.redis.persistent.host,
port=config.core.redis.persistent.port,
import json
from flask import request
from io import StringIO
from assemblyline.datastore.exceptions import MultiKeyError
from assemblyline_ui.api.base import api_login, make_api_response, make_file_response, make_subapi_blueprint
from assemblyline_ui.config import STORAGE, LOGGER, FILESTORE, CLASSIFICATION as Classification, config
SUB_API = 'ontology'
ontology_api = make_subapi_blueprint(SUB_API, api_version=4)
ontology_api._doc = "Download ontology results from the system"
def generate_ontology_file(results, user, updates={}, fnames={}):
# Load ontology files
sio = StringIO()
for r in results:
for supp in r.get('response', {}).get('supplementary', {}):
if supp['name'].endswith('.ontology'):
try:
ontology = json.loads(FILESTORE.get(supp['sha256']))
sha256 = ontology['header']['sha256']
c12n = ontology['header']['classification']
if sha256 == r['sha256'] and Classification.is_accessible(
user['classification'], c12n):
# Update the ontology with the live values
ontology['header'].update(updates)
# Set filenames if any
if sha256 in fnames:
import concurrent.futures
from flask import request
from assemblyline.common.importing import load_module_by_path
from assemblyline.datasource.common import hash_type
from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint
from assemblyline_ui.config import LOGGER, config
SUB_API = 'hash_search'
hash_search_api = make_subapi_blueprint(SUB_API, api_version=4)
hash_search_api._doc = "Search hashes through multiple data sources"
class SkipDatasource(Exception):
pass
def create_query_datasource(ds):
def query_datasource(h, u):
return {
'error': None,
'items': ds.parse(ds.query(h, **u), **u)
}
return query_datasource
sources = {}
# noinspection PyBroadException
try:
for name, settings in config.datasources.items():
from fido2 import cbor
from fido2.client import ClientData
from fido2.ctap2 import AttestationObject, AttestedCredentialData
from fido2.server import U2FFido2Server
from fido2.utils import websafe_encode, websafe_decode
from fido2.webauthn import PublicKeyCredentialRpEntity
from flask import session, request
from assemblyline_ui.api.base import make_api_response, api_login, make_subapi_blueprint
from assemblyline_ui.config import STORAGE, config
SUB_API = 'webauthn'
webauthn_api = make_subapi_blueprint(SUB_API, api_version=4)
webauthn_api._doc = "Perfom 2-Factor authentication using webauthn protocol"
rp = PublicKeyCredentialRpEntity(config.ui.fqdn, "Assemblyline server")
server = U2FFido2Server(f"https://{config.ui.fqdn}", rp)
@webauthn_api.route("/authenticate/begin/<username>/", methods=["GET"])
def authenticate_begin(username, **_):
"""
Begin authentication procedure
Variables:
username user name of the user you want to login with
Arguments:
None
import hashlib
from flask import request
from assemblyline.common.isotime import now_as_iso
from assemblyline.remote.datatypes.lock import Lock
from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint
from assemblyline_ui.config import CLASSIFICATION, STORAGE
SUB_API = 'safelist'
safelist_api = make_subapi_blueprint(SUB_API, api_version=4)
safelist_api._doc = "Perform operations on safelisted hashes"
class InvalidSafehash(Exception):
pass
def _merge_safe_hashes(new, old):
try:
# Check if hash types match
if new['type'] != old['type']:
raise InvalidSafehash(
f"Safe hash type mismatch: {new['type']} != {old['type']}")
# Use max classification
old['classification'] = CLASSIFICATION.max_classification(
old['classification'], new['classification'])
# Update updated time
old['updated'] = now_as_iso()
