def download_stix(request): request.session.set_expiry(SESSION_EXPIRY) error_ = check_allow_l1_view(request) if error_ is not None: return error_ try: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # package_id取得 package_id = get_l1_package_id(request) # apiからcontent取得 dict_ = ctirs.get_stix_file_stix(package_id) stix_package = STIXPackage.from_dict(dict_) # XML変換した文字列をStringIO化する(その際にUNICODEに変換) output = io.StringIO() output.write(stix_package.to_xml()) filename = '%s.xml' % (package_id) # response作成 response = HttpResponse(output.getvalue(), content_type='application/xml') response['Content-Disposition'] = 'attachment; filename=%s' % ( filename) return response except Exception: # エラーページ return error_page(request)
def get_raw_stix(request): request.session.set_expiry(SESSION_EXPIRY) # GET以外はエラー if request.method != 'GET': r = {'status': 'NG', 'message': 'Invalid HTTP method'} return JsonResponse(r, safe=False) r = check_allow_sharing_view(request) if r is not None: return r try: # package_id取得 package_id = get_sharing_ajax_get_raw_stix_package_id(request) # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # STIXファイルの中身を取得 j = ctirs.get_stix_file_stix(package_id) # STIX 2.x であるかの判定を行う v2_flag = _is_stix2_(j) if v2_flag: # 返却json r = { 'status': 'OK', 'message': 'Success.', 'stix_version': '2.0', 'contents': j } else: stix_package = STIXPackage.from_dict(j) # 返却json xml = stix_package.to_xml() if isinstance(xml, bytes): xml = xml.decode() r = { 'status': 'OK', 'message': 'Success.', 'stix_version': '1.2', 'contents': xml } except Exception as e: traceback.print_exc() r = {'status': 'NG', 'message': str(e)} finally: return JsonResponse(r, safe=False)
def get_draw_data(request): request.session.set_expiry(SESSION_EXPIRY) # GET以外はエラー if request.method != 'GET': r = {'status': 'NG', 'message': 'Invalid HTTP method'} return JsonResponse(r, safe=False) r = check_allow_sharing_view(request) if r is not None: return r try: # package_id名取得 package_id = get_sharing_ajax_get_draw_data_package_id(request) # community名取得 community = get_sharing_ajax_get_draw_data_community(request) # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # GetPolicy相当呼び出し rules = get_policy(community) # REST_API から STIX の json イメージを取得 dict_ = ctirs.get_stix_file_stix(package_id) # STIX 2.x であるかの判定を行う v2_flag = _is_stix2_(dict_) r = {'status': 'OK', 'rules': rules, 'message': 'Success.'} if v2_flag: # STIX 2.x の場合 r['json'] = dict_ r['stix_version'] = '2.0' else: # STIX 1.x の場合 # json から XML イメージを返却 xml = STIXPackage.from_dict(dict_).to_xml() if isinstance(xml, bytes): xml = xml.decode() r['xml'] = xml r['stix_version'] = '1.2' except Exception as e: traceback.print_exc() r = {'status': 'NG', 'message': str(e)} finally: return JsonResponse(r, safe=False)
def get_package_info(request): request.session.set_expiry(SESSION_EXPIRY) # GET以外はエラー if request.method != 'GET': r = {'status': 'NG', 'message': 'Invalid HTTP method'} return JsonResponse(r, safe=False) # activeユーザー以外はエラー if not request.user.is_active: r = {'status': 'NG', 'message': 'You account is inactive.'} return JsonResponse(r, safe=False) try: # package_id取得 package_id = get_package_id(request) # l1情報取得 l1_type_list = get_package_l1_info(request, package_id) # description 取得 try: # Ctirsクラスのインスタンスを作成 ctirs = Ctirs(request) # STIXイメージ取得 dict_ = ctirs.get_stix_file_stix(package_id) stix_package = STIXPackage.from_dict(dict_) description = stix_package.stix_header.description.value except BaseException: # エラー時は空白 description = '' # 返却データ r = {'status': 'OK', 'description': description} # l1情報追加 for l1_type in l1_type_list: type_, values = l1_type r[type_] = values except Exception as e: print('Excepton:' + str(e)) r = {'status': 'NG', 'message': str(e)} finally: return JsonResponse(r, safe=False)
def set_alchemy_nodes(aj, content): if content['version'].startswith('2.'): is_stix_v2 = True else: is_stix_v2 = False package_name = content['package_name'] if is_stix_v2: if isinstance(content, dict): package = content['dict'] else: package = json.loads(content['dict']) else: package = STIXPackage.from_dict(content['dict']) if is_stix_v2: stix_header = None else: stix_header = package.stix_header if is_stix_v2: an_package_id = package['id'] else: an_package_id = convert_valid_node_id(package.id_) an_header_id = an_package_id if is_stix_v2: indicators = [] observables = [] campaigns = [] threat_actors = [] coas = [] identies = [] malwares = [] sightings = [] intrusion_sets = [] attack_patterns = [] relationships = [] reports = [] tools = [] vulnerabilities = [] custom_objects = [] locations = [] opinions = [] notes = [] language_contents = [] ''' x_stip_snses = [] ''' ttps = None ets = None incidents = None for o_ in package['objects']: object_type = o_['type'] if object_type == 'indicator': indicators.append(o_) elif object_type == 'identity': identies.append(o_) elif object_type == 'observed-data': observables.append(o_) elif object_type == 'malware': malwares.append(o_) elif object_type == 'sighting': sightings.append(o_) elif object_type == 'intrusion-set': intrusion_sets.append(o_) elif object_type == 'threat-actor': threat_actors.append(o_) elif object_type == 'attack-pattern': attack_patterns.append(o_) elif object_type == 'campaign': campaigns.append(o_) elif object_type == 'relationship': relationships.append(o_) elif object_type == 'course-of-action': coas.append(o_) elif object_type == 'report': reports.append(o_) elif object_type == 'tool': tools.append(o_) elif object_type == 'vulnerability': vulnerabilities.append(o_) elif object_type == 'location': locations.append(o_) elif object_type == 'opinion': opinions.append(o_) elif object_type == 'note': notes.append(o_) elif object_type == 'language-content': language_contents.append(o_) ''' elif object_type == 'x-stip-sns': x_stip_snses.append(o_) ''' if object_type == 'x-stip-sns': continue elif object_type.startswith('x-'): custom_objects.append(o_) else: indicators = package.indicators observables = package.observables campaigns = package.campaigns ttps = package.ttps threat_actors = package.threat_actors ets = package.exploit_targets coas = package.courses_of_action incidents = package.incidents identies = None malwares = None sightings = None intrusion_sets = None attack_patterns = None relationships = None reports = None tools = None vulnerabilities = None locations = None opinions = None notes = None language_contents = None custom_objects = None if not is_stix_v2: an = AlchemyNode(an_header_id, 'Header', package_name, stix_header.description, cluster=an_package_id) aj.add_json_node(an) if indicators is not None: if not is_stix_v2: an_indicators_id = an_package_id + '--indicators' else: an_indicators_id = None indicators_values = [] for indicator in indicators: l = set_alchemy_node_indicator(aj, indicator, an_indicators_id, is_stix_v2, an_package_id) indicators_values.extend(l) if not is_stix_v2: an = AlchemyNode(an_indicators_id, 'Indicators', 'Indicators', '', cluster=an_package_id) an.set_value(get_observable_value_string_from_list(indicators_values)) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_indicators_id, LABEL_EDGE) aj.add_json_edge(ae) if observables is not None: if not is_stix_v2: an_observables_id = an_package_id + '--observables' else: an_observables_id = None obsevables_values = [] for observed_data in observables: l = set_alchemy_node_observable(aj, observed_data, an_observables_id, is_stix_v2, an_package_id) obsevables_values.extend(l) if not is_stix_v2: an = AlchemyNode(an_observables_id, 'Observables', 'Observables', '', cluster=an_package_id) an.set_value(get_observable_value_string_from_list(obsevables_values)) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_observables_id, LABEL_EDGE) aj.add_json_edge(ae) if campaigns is not None: if not is_stix_v2: an_campaigns_id = an_package_id + '--campaigns' an = AlchemyNode(an_campaigns_id, 'Campaigns', 'Campaigns', '', cluster=an_package_id) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_campaigns_id, LABEL_EDGE) aj.add_json_edge(ae) else: an_campaigns_id = None for campaign in campaigns: set_alchemy_node_campaign(aj, campaign, an_campaigns_id, is_stix_v2, an_package_id) if threat_actors is not None: if not is_stix_v2: an_tas_id = an_package_id + '--tas' an = AlchemyNode(an_tas_id, 'Threat_Actors', 'Threat_Actors', '', cluster=an_package_id) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_tas_id, LABEL_EDGE) aj.add_json_edge(ae) else: an_tas_id = None for threat_actor in threat_actors: set_alchemy_node_threat_actor(aj, threat_actor, an_tas_id, is_stix_v2, an_package_id) if coas is not None: if not is_stix_v2: an_coas_id = an_package_id + '--coas' an = AlchemyNode(an_coas_id, 'Courses_Of_Action', 'Courses_Of_Action', '', cluster=an_package_id) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_coas_id, LABEL_EDGE) aj.add_json_edge(ae) else: an_coas_id = None for coa in coas: set_alchemy_node_coa(aj, coa, an_coas_id, is_stix_v2, an_package_id) if ttps is not None: an_ttps_id = an_package_id + '--ttps' an = AlchemyNode(an_ttps_id, 'TTPs', 'TTPs', '', cluster=an_package_id) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_ttps_id, LABEL_EDGE) aj.add_json_edge(ae) for ttp in ttps: set_alchemy_node_ttp(aj, ttp, an_ttps_id, an_package_id) if ets is not None: an_ets_id = an_package_id + '--ets' an = AlchemyNode(an_ets_id, 'Exploit_Targets', 'Exploit_Targets', '', cluster=an_package_id) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_ets_id, LABEL_EDGE) aj.add_json_edge(ae) for et in ets: set_alchemy_node_et(aj, et, an_ets_id, an_package_id) if incidents is not None: an_incidents_id = an_package_id + '--incidents' an = AlchemyNode(an_incidents_id, 'Incidents', 'Incidents', '', cluster=an_package_id) aj.add_json_node(an) ae = AlchemyEdge(an_header_id, an_incidents_id, LABEL_EDGE) aj.add_json_edge(ae) for incident in incidents: set_alchemy_node_incident(aj, incident, an_incidents_id, an_package_id) if identies is not None: for identity in identies: set_alchemy_node_identity(aj, identity, an_package_id) if malwares is not None: for malware in malwares: set_alchemy_node_malware(aj, malware, an_package_id) if sightings is not None: for sighting in sightings: set_alchemy_node_sighting(aj, sighting, an_package_id) if intrusion_sets is not None: for intrusion_set in intrusion_sets: set_alchemy_node_intrusion_set(aj, intrusion_set, an_package_id) if attack_patterns is not None: for attack_pattern in attack_patterns: set_alchemy_node_attack_pattern(aj, attack_pattern, an_package_id) if reports is not None: for report in reports: set_alchemy_node_report(aj, report, an_package_id) if tools is not None: for tool in tools: set_alchemy_node_tool(aj, tool, an_package_id) if vulnerabilities is not None: for vulnerability in vulnerabilities: set_alchemy_node_vulnerability(aj, vulnerability, an_package_id) if locations is not None: for location in locations: set_alchemy_node_location(aj, location, an_package_id) if opinions is not None: for opinion in opinions: set_alchemy_node_opinion(aj, opinion, an_package_id) if notes is not None: for note in notes: set_alchemy_node_note(aj, note, an_package_id) if custom_objects is not None: for custom_object in custom_objects: set_alchemy_node_custom_object(aj, custom_object, an_package_id) ''' if x_stip_snses is not None: for x_stip_sns in x_stip_snses: set_alchemy_node_x_stip_sns(aj, x_stip_sns, an_package_id) ''' if relationships is not None: for relationship in relationships: set_alchemy_node_relationship(aj, relationship, an_package_id) return