def render(self, root):
entries = _Element.render(self, root)
value = self._alert.get("%s.data" % root, escape=False)
if self._alert["%s.type" % root] == "byte-string":
value = utils.hexdump(value)
entries.append({"name": "Data", "value": value})
return entries
def buildAdditionalData(self, alert, ignore=[], ignored={}, ip_options=[], tcp_options=[]):
self.beginSection(_("Additional data"))
self.beginTable()
self.newTableCol(0, _("Meaning"), header=True)
self.newTableCol(0, _("Value"), header=True)
index = 1
for ad in alert["additional_data"]:
value = None
meaning = ad["meaning"]
if meaning == "ip_option_code":
ip_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "ip_option_data":
data = ad["data"]
ip_options[-1] = (ip_options[-1][0], len(data), data)
ignored[meaning] = ""
if meaning == "tcp_option_code":
tcp_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "tcp_option_data":
data = ad["data"]
tcp_options[-1] = (tcp_options[-1][0], len(data), data)
ignored[meaning] = ""
if ad["data"] != None:
value = ad["data"]
if ad["type"] == "byte-string" and meaning != "payload":
value = utils.hexdump(value)
for field in ignore:
if meaning != None and meaning == field[0]:
ignored[meaning] = value
break
links = []
for url, text in env.hookmgr.trigger("HOOK_ALERTSUMMARY_MEANING_LINK", alert, meaning, value):
if url:
links.append("- <a target='%s' href='%s'>%s</a>" % \
(env.external_link_target, url, text))
if links:
meaning = "<a class='popup_menu_toggle'>%s</a><span class='popup_menu'>%s</span>" % \
(meaning, "<br/>".join(links))
if not ignored.has_key(meaning):
self.newTableCol(index, meaning or "Data content")
self.newTableCol(index, utils.escape_html_string(value) if value is not None else None)
index += 1
self.endTable()
self.endSection()
def buildAdditionalData(self, alert, ignore=[], ignored={}, ip_options=[], tcp_options=[]):
self.beginSection(_("Additional data"))
self.beginTable()
self.newTableCol(0, _("Meaning"), header=True)
self.newTableCol(0, _("Value"), header=True)
index = 1
for ad in alert["additional_data"]:
value = None
meaning = ad["meaning"]
if meaning == "ip_option_code":
ip_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "ip_option_data":
data = ad["data"]
ip_options[-1] = (ip_options[-1][0], len(data), data)
ignored[meaning] = ""
if meaning == "tcp_option_code":
tcp_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "tcp_option_data":
data = ad["data"]
tcp_options[-1] = (tcp_options[-1][0], len(data), data)
ignored[meaning] = ""
if ad["data"] != None:
if ad["type"] == "byte-string":
value = ad.get("data", htmlsafe=False)
if meaning != "payload":
value = utils.hexdump(value)
else:
value = ad.get("data")
if isinstance(value, str):
value = utils.toUnicode(value)
for field in ignore:
if meaning != None and meaning == field[0]:
ignored[meaning] = value
break
if not ignored.has_key(meaning):
self.newTableCol(index, meaning or "Data content")
self.newTableCol(index, value)
index += 1
self.endTable()
self.endSection()
def render(self):
criteria = getUriCriteria(self.parameters)
if criteria is not None:
ident = env.idmef_db.getAlertIdents(criteria)[0]
else:
ident = self.parameters["ident"]
alert = env.idmef_db.getAlert(ident, htmlsafe=True)["alert"]
self.dataset["sections"] = [ ]
self.beginSection(self.getSectionName(alert))
self.buildTime(alert)
self.beginTable()
self.newTableEntry(_("MessageID"), alert["messageid"])
self.endTable()
self.beginTable()
self.buildClassification(alert)
self.buildImpact(alert)
self.endTable()
self.beginSection(_("Actions"))
for action in alert["assessment.action"]:
self.buildAction(action)
self.endSection()
self.buildCorrelationAlert(alert)
self.buildToolAlert(alert)
self.buildReference(alert)
self.beginSection(_("Analyzer #%d") % (len(alert["analyzer"]) - 1))
self.buildAnalyzer(alert["analyzer(-1)"])
self.buildAnalyzerList(alert)
self.endSection()
self.endSection()
self.buildSourceTarget(alert)
ip = self.buildIpHeaderTable(alert)
tcp = self.buildTcpHeaderTable(alert)
udp = self.buildUdpHeaderTable(alert)
icmp = self.buildIcmpHeaderTable(alert)
data = self.buildPayloadTable(alert)
ignored_value = {}
ip_options = []
tcp_options = []
group = ip.field_list + tcp.field_list + udp.field_list + icmp.field_list + data.field_list
self.buildAdditionalData(alert, ignore=group, ignored=ignored_value, ip_options=ip_options, tcp_options=tcp_options)
if len(ignored_value.keys()) > 0:
def blah(b):
if b >= 32 and b < 127:
return chr(b)
else:
return "."
self.beginSection(_("Network centric information"))
self.beginTable(cl="message_summary_no_border")
ip.render_table(self, "IP", ignored_value)
self.ipOptionRender(ip_options)
tcp.render_table(self, "TCP", ignored_value)
self.tcpOptionRender(tcp_options)
udp.render_table(self, "UDP", ignored_value)
icmp.render_table(self, "ICMP", ignored_value)
if ignored_value.has_key("payload"):
val = {}
payload = utils.escape_html_string(utils.hexdump(ignored_value["payload"])).replace(" ", " ")
val["payload"] = "<span class='fixed'>%s</span>" % payload
data.render_table(self, _("Payload"), val)
val["payload"] = "<div style='overflow: auto;'>%s</div>" % utils.escape_html_string(ignored_value["payload"]).replace("\n", "<br/>")
data.render_table(self, _("ASCII Payload"), val)
self.endTable()
self.endSection()
def buildAdditionalData(self,
alert,
ignore=[],
ignored={},
ip_options=[],
tcp_options=[]):
self.beginSection(_("Additional data"))
self.beginTable()
self.newTableCol(0, _("Meaning"), header=True)
self.newTableCol(0, _("Value"), header=True)
index = 1
for ad in alert["additional_data"]:
value = None
meaning = ad["meaning"]
if meaning == "ip_option_code":
ip_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "ip_option_data":
data = ad["data"]
ip_options[-1] = (ip_options[-1][0], len(data), data)
ignored[meaning] = ""
if meaning == "tcp_option_code":
tcp_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "tcp_option_data":
data = ad["data"]
tcp_options[-1] = (tcp_options[-1][0], len(data), data)
ignored[meaning] = ""
if ad["data"] != None:
value = ad["data"]
if ad["type"] == "byte-string" and meaning != "payload":
value = utils.hexdump(value)
for field in ignore:
if meaning != None and meaning == field[0]:
ignored[meaning] = value
break
links = []
for url, text in hookmanager.trigger(
"HOOK_ALERTSUMMARY_MEANING_LINK", alert, meaning, value):
if url:
links.append("<a target='%s' href='%s'>%s</a>" % \
(env.external_link_target, html.escape(url), html.escape(text)))
if links:
meaning = "<a class='popup_menu_toggle'>%s</a><span class='popup_menu'>%s</span>" % \
(html.escape(meaning), "".join(links))
if not meaning in ignored:
self.newTableCol(
index, resource.HTMLSource(meaning or "Data content"))
self.newTableCol(index, html.escape(value) if value else None)
index += 1
self.endTable()
self.endSection()
def render(self, analyzerid=None, messageid=None):
MessageSummary.render(self)
alert = env.dataprovider.get(
getUriCriteria("alert", analyzerid, messageid))[0]["alert"]
env.request.dataset["sections"] = []
self.beginSection(self.getSectionName(alert))
self.buildTime(alert)
self.beginTable()
self.newTableEntry(_("MessageID"), alert["messageid"])
self.endTable()
self.beginTable()
self.buildClassification(alert)
self.buildImpact(alert)
self.endTable()
self.beginSection(_("Actions"))
for action in alert["assessment.action"]:
self.buildAction(action)
self.endSection()
self.buildCorrelationAlert(alert)
self.buildToolAlert(alert)
self.buildReference(alert)
self.beginSection(_("Analyzer #%d") % (len(alert["analyzer"]) - 1))
self.buildAnalyzer(alert["analyzer(-1)"])
self.buildAnalyzerList(alert)
self.endSection()
self.endSection()
self.buildSourceTarget(alert)
ip = self.buildIpHeaderTable(alert)
tcp = self.buildTcpHeaderTable(alert)
udp = self.buildUdpHeaderTable(alert)
icmp = self.buildIcmpHeaderTable(alert)
data = self.buildPayloadTable(alert)
ignored_value = {}
ip_options = []
tcp_options = []
group = ip.field_list + tcp.field_list + udp.field_list + icmp.field_list + data.field_list
self.buildAdditionalData(alert,
ignore=group,
ignored=ignored_value,
ip_options=ip_options,
tcp_options=tcp_options)
if len(ignored_value.keys()) > 0:
def blah(b):
if b >= 32 and b < 127:
return chr(b)
else:
return "."
self.beginSection(_("Network centric information"))
self.beginTable(cl="table-borderless")
ip.render_table(self, "IP", ignored_value)
self.ipOptionRender(ip_options)
tcp.render_table(self, "TCP", ignored_value)
self.tcpOptionRender(tcp_options)
udp.render_table(self, "UDP", ignored_value)
icmp.render_table(self, "ICMP", ignored_value)
if "payload" in ignored_value:
val = {}
payload = html.escape(utils.hexdump(
ignored_value["payload"])).replace(
" ", resource.HTMLSource(" "))
val["payload"] = resource.HTMLSource(
"<span class='fixed'>%s</span>" % payload)
data.render_table(self, _("Payload"), val)
pset = set(string.printable)
payload = ''.join((i if i in pset else '.'
for i in ignored_value["payload"]))
val["payload"] = resource.HTMLSource(
"<div style='overflow: auto;'>%s</div>" %
html.escape(payload).replace("\n",
resource.HTMLSource("<br/>")))
data.render_table(self, _("ASCII Payload"), val)
self.endTable()
self.endSection()
def buildAdditionalData(self, msg, ptype, ignore=[], ignored={}, ip_options=[], tcp_options=[]):
self.beginSection(_("Additional data"))
self.beginTable()
self.newTableCol(0, _("Meaning"), header=True)
self.newTableCol(0, _("Value"), header=True)
index = 1
for ad in msg["additional_data"]:
value = None
meaning = ad["meaning"]
if meaning == "ip_option_code":
ip_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "ip_option_data":
data = ad["data"]
ip_options[-1] = (ip_options[-1][0], len(data), data)
ignored[meaning] = ""
if meaning == "tcp_option_code":
tcp_options.append((ad["data"], 0, None))
ignored[meaning] = ""
if meaning == "tcp_option_data":
data = ad["data"]
tcp_options[-1] = (tcp_options[-1][0], len(data), data)
ignored[meaning] = ""
if ad["data"] is not None:
value = ad["data"]
if ad["type"] == "byte-string" and meaning != "payload":
value = html.escape(utils.hexdump(value)).replace(" ", resource.HTMLSource(" "))
value = resource.HTMLSource("<span class='fixed'>%s</span>" % value)
for field in ignore:
if meaning is not None and meaning == field[0]:
ignored[meaning] = value
break
links = resource.HTMLSource()
for obj in filter(None, hookmanager.trigger("HOOK_%sSUMMARY_MEANING_LINK" % ptype.upper(), msg, meaning, value)):
links += obj
if links:
meaning = resource.HTMLNode("a", meaning, **{
"data-toggle": "popover",
"data-placement": "bottom",
"data-html": "true",
"data-content": '<span class="popup-menu">%s</span>' % links,
"data-template": POPOVER_HTML,
})
if meaning not in ignored:
self.newTableCol(index, resource.HTMLSource(meaning or "Data content"))
self.newTableCol(index, html.escape(value) if value is not None else None)
index += 1
self.endTable()
self.endSection()
