def get_cluster_config(name, **kwargs):
data = STORAGE.get_blob("prov_conf_%s" % name)
if not data:
return make_api_response({},
"Provisionning config %s not found." % name,
404)
return make_api_response(data)
def save_seed(**kwargs):
"""
Save the configuration seed to the system
Variables:
None
Arguments:
None
Data Block:
{
"KEY": "value", # Dictionary of key/value pair
...
}
Result example:
{
"success": true # Was the update successful?
}
"""
seed = request.json
old_seed = STORAGE.get_blob("seed")
STORAGE.save_blob("previous_seed", old_seed)
STORAGE.save_blob("seed", seed)
return make_api_response({"success": True})
def get_source_seed(**kwargs):
"""
Get the default configuration seed
Variables:
None
Arguments:
None
Data Block:
None
Result example:
{
"KEY": "value", # Dictionary of key/value pair
...
}
"""
seed_module = STORAGE.get_blob("seed_module")
if not seed_module:
return make_api_response({})
seed = module_attribute_by_name(seed_module)
services_to_register = seed['services']['master_list']
for service, svc_detail in services_to_register.iteritems():
seed['services']['master_list'][service] = get_merged_svc_config(service, svc_detail, LOGGER)
return make_api_response(seed)
def signature_statistics(**kwargs):
"""
Gather all signatures stats in system
Variables:
None
Arguments:
None
Data Block:
None
Result example:
{"total": 201, # Total heuristics found
"timestamp": # Timestamp of last signatures stats
"items": # List of Signatures
[{"id": "ORG_000000", # Signature ID
"name": "Signature Name" # Signature name
"count": "100", # Count of times signatures seen
"min": 0, # Lowest score found
"avg": 172, # Average of all scores
"max": 780, # Highest score found
},
...
"""
user = kwargs['user']
output = {"total": 0, "items": [], "timestamp": None}
sig_blob = STORAGE.get_blob("signature_stats")
if sig_blob:
cleared = []
try:
for k, v in sig_blob["stats"].iteritems():
sig_id, rev = k.rsplit("r.", 1)
if user and Classification.is_accessible(user['classification'], v[1]):
cleared.append({
"id": sig_id,
"rev": rev,
"name": v[0],
"count": v[2],
"min": v[3],
"avg": int(v[4]),
"max": v[5],
"classification": v[1]
})
except AttributeError:
pass
output["items"] = cleared
output["total"] = len(cleared)
output["timestamp"] = sig_blob["timestamp"]
return make_api_response(output)
def list_heuritics_stats(**kwargs):
"""
Gather all heuristics stats in system
Variables:
None
Arguments:
None
Data Block:
None
Result example:
{"total": 201, # Total heuristics found
"timestamp": # Timestamp of last heuristics stats
"items": # List of heuristics
[{"id": "AL_HEUR_001", # Heuristics ID
"count": "100", # Count of times heuristics seen
"min": 0, # Lowest score found
"avg": 172, # Average of all scores
"max": 780, # Highest score found
},
...
"""
user = kwargs['user']
output = {"total": 0, "items": [], "timestamp": None}
heur_blob = STORAGE.get_blob("heuristics_stats")
if heur_blob:
cleared = []
try:
for k, v in heur_blob["stats"].iteritems():
heur_id = k
if heur_id in HEUR_MAP:
if user and Classification.is_accessible(user['classification'],
HEUR_MAP[heur_id]['classification']) and v[0] != 0:
cleared.append({
"id": heur_id,
"count": v[0],
"min": v[1],
"avg": int(v[2]),
"max": v[3],
"classification": HEUR_MAP[heur_id]['classification']
})
except AttributeError:
pass
output["items"] = cleared
output["total"] = len(cleared)
output["timestamp"] = heur_blob["timestamp"]
return make_api_response(output)
def login():
if request.environ.get("HTTP_X_REMOTE_CERT_VERIFIED",
"FAILURE") == "SUCCESS":
dn = ",".join(
request.environ.get("HTTP_X_REMOTE_DN").split("/")[::-1][:-1])
else:
dn = ""
avatar = None
username = ''
alternate_login = '******'
if dn:
u_list = STORAGE.advanced_search('user',
'dn:"%s"' % dn,
args=[('fl', '_yz_rk')
])['response']['docs']
if len(u_list):
username = u_list[0]['_yz_rk']
avatar = STORAGE.get_user_avatar(
username) or "/static/images/user_default.png"
alternate_login = '******'
else:
try:
username = dn.rsplit('CN=', 1)[1]
except IndexError:
username = dn
avatar = "/static/images/user_default.png"
alternate_login = '******'
if config.auth.get('encrypted_login', True):
public_key = STORAGE.get_blob('id_rsa.pub')
if not public_key:
public_key, private_key = generate_async_keys(
key_size=config.ui.get('rsa_key_size', 2048))
STORAGE.save_blob('id_rsa.pub', public_key)
STORAGE.save_blob('id_rsa', private_key)
else:
public_key = None
next_url = angular_safe(request.args.get('next', "/"))
return custom_render("login.html",
next=next_url,
public_key=public_key,
avatar=avatar,
username=username,
alternate_login=alternate_login)
def get_heuristic(heuristic_id, **kwargs):
"""
Get a specific heuristic's detail from the system
Variables:
heuristic_id => ID of the heuristic
Arguments:
None
Data Block:
None
Result example:
{"id": "AL_HEUR_001", # Heuristics ID
"filetype": ".*", # Target file type
"name": "HEURISTICS_NAME", # Heuristics name
"description": ""} # Heuristics description
"""
user = kwargs['user']
h = deepcopy(HEUR_MAP.get(heuristic_id, None))
if not h:
return make_api_response("", "Not found", 404)
# Add counters
h["count"] = 0
h["min"] = 0
h["avg"] = 0
h["max"] = 0
heur_blob = STORAGE.get_blob("heuristics_stats")
if heur_blob:
data = heur_blob.get('stats', {}).get(heuristic_id, None)
if data:
h["count"] = data[0]
h["min"] = data[1]
h["avg"] = data[2]
h["max"] = data[3]
if user and Classification.is_accessible(user['classification'], h['classification']):
return make_api_response(h)
else:
return make_api_response("", "You are not allowed to see this heuristic...", 403)
def get_previous_seed(**kwargs):
"""
Get the previous configuration seed
Variables:
None
Arguments:
None
Data Block:
None
Result example:
{
"KEY": "value", # Dictionary of key/value pair
...
}
"""
return make_api_response(STORAGE.get_blob("previous_seed") or {})
def init(**_):
"""
Initialize secured handshake by downloading the server public
key to encrypt the password
Variables:
None
Arguments:
None
Data Block:
None
Result example:
-----BEGIN PUBLIC KEY----- ....
"""
if config.auth.get('encrypted_login', True):
return make_api_response(STORAGE.get_blob('id_rsa.pub'))
else:
return make_api_response(None)
def login(**_):
"""
Login the user onto the system
Variables:
None
Arguments:
None
Data Block:
{
"user": <UID>,
"password": <ENCRYPTED_PASSWORD>,
"otp": <OTP_TOKEN>,
"apikey": <ENCRYPTED_APIKEY>,
"u2f_response": <RESPONSE_TO_CHALLENGE_FROM_U2F_TOKEN>
}
Result example:
{
"username": <Logged in user>, # Username for the logged in user
"privileges": ["R", "W"], # Different privileges that the user will get for this session
"session_duration": 60 # Time after which this session becomes invalid
# Note: The timer reset after each call
}
"""
data = request.json
if not data:
data = request.values
user = data.get('user', None)
password = data.get('password', None)
apikey = data.get('apikey', None)
u2f_response = data.get('u2f_response', None)
if config.auth.get('encrypted_login', True):
private_key = load_async_key(STORAGE.get_blob('id_rsa'), use_pkcs=True)
if password and private_key:
password = private_key.decrypt(base64.b64decode(password), "ERROR")
if apikey and private_key:
apikey = private_key.decrypt(base64.b64decode(apikey), "ERROR")
try:
otp = int(data.get('otp', 0) or 0)
except Exception:
raise AuthenticationException('Invalid OTP token')
if request.environ.get("HTTP_X_REMOTE_CERT_VERIFIED", "FAILURE") == "SUCCESS":
dn = request.environ.get("HTTP_X_REMOTE_DN")
else:
dn = False
if (user and password) or dn or (user and apikey):
auth = {
'username': user,
'password': password,
'otp': otp,
'u2f_response': u2f_response,
'dn': dn,
'apikey': apikey
}
try:
logged_in_uname, priv = default_authenticator(auth, request, flsk_session, STORAGE)
session_duration = config.ui.get('session_duration', 3600)
cur_time = now()
xsrf_token = generate_random_secret()
current_session = {
'duration': session_duration,
'ip': request.headers.get("X-Forward-For", request.remote_addr),
'privileges': priv,
'time': int(cur_time) - (int(cur_time) % session_duration),
'user_agent': request.headers.get("User-Agent", "Unknown user agent"),
'username': logged_in_uname,
'xsrf_token': xsrf_token
}
session_id = hashlib.sha512(str(current_session)).hexdigest()
current_session['expire_at'] = cur_time + session_duration
flsk_session['session_id'] = session_id
KV_SESSION.add(session_id, current_session)
return make_api_response({
"username": logged_in_uname,
"privileges": priv,
"session_duration": config.ui.get('session_duration', 3600)
}, cookies={'XSRF-TOKEN': xsrf_token})
except AuthenticationException as wpe:
return make_api_response("", wpe.message, 401)
return make_api_response("", "Not enough information to proceed with authentication", 401)