import concurrent.futures from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint from assemblyline_ui.config import STORAGE from assemblyline.common import forge Classification = forge.get_classification() SUB_API = 'heuristics' heuristics_api = make_subapi_blueprint(SUB_API, api_version=4) heuristics_api._doc = "View the different heuristics of the system" @heuristics_api.route("/<heuristic_id>/", methods=["GET"]) @api_login(allow_readonly=False, required_priv=["R"]) def get_heuristic(heuristic_id, **kwargs): """ Get a specific heuristic's detail from the system Variables: heuristic_id => ID of the heuristic Arguments: None Data Block: None Result example:
from flask import request from assemblyline.datastore.exceptions import SearchException from assemblyline_ui.config import STORAGE from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint SUB_API = 'error' error_api = make_subapi_blueprint(SUB_API, api_version=4) error_api._doc = "Perform operations on service errors" @error_api.route("/<error_key>/", methods=["GET"]) @api_login(required_priv=['R']) def get_error(error_key, **kwargs): """ Get the error details for a given error key Variables: error_key => Error key to get the details for Arguments: None Data Block: None Result example: { KEY: VALUE, # All fields of an error in key/value pair } """
from assemblyline.common import forge from assemblyline.common.isotime import iso_to_epoch, now_as_iso from assemblyline.common.memory_zip import InMemoryZip from assemblyline.odm.models.signature import DEPLOYED_STATUSES, STALE_STATUSES, DRAFT_STATUSES from assemblyline.remote.datatypes import get_client from assemblyline.remote.datatypes.hash import Hash from assemblyline.remote.datatypes.lock import Lock from assemblyline_ui.api.base import api_login, make_api_response, make_file_response, make_subapi_blueprint from assemblyline_ui.config import LOGGER, STORAGE Classification = forge.get_classification() config = forge.get_config() SUB_API = 'signature' signature_api = make_subapi_blueprint(SUB_API, api_version=4) signature_api._doc = "Perform operations on signatures" DEFAULT_CACHE_TTL = 24 * 60 * 60 # 1 Day def _reset_service_updates(signature_type): service_updates = Hash( 'service-updates', get_client( host=config.core.redis.persistent.host, port=config.core.redis.persistent.port, private=False, )) for svc in service_updates.items():
from assemblyline.datastore.exceptions import MultiKeyError from flask import request from assemblyline.common import forge from assemblyline.datastore import SearchException from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint from assemblyline_ui.config import STORAGE, LOGGER from assemblyline_ui.helper.result import format_result from assemblyline_ui.helper.submission import get_or_create_summary Classification = forge.get_classification() config = forge.get_config() SUB_API = 'submission' submission_api = make_subapi_blueprint(SUB_API, api_version=4) submission_api._doc = "Perform operations on system submissions" @submission_api.route("/<sid>/", methods=["DELETE"]) @api_login(required_priv=['W'], allow_readonly=False) def delete_submission(sid, **kwargs): """ Delete a submission as well as all related files, results and errors Variables: sid => Submission ID to be deleted Arguments: None
from flask import request from assemblyline.common.isotime import now_as_iso from assemblyline.common.uid import get_random_id from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint from assemblyline_ui.config import STORAGE, CLASSIFICATION from assemblyline.odm.models.workflow import Workflow SUB_API = 'workflow' workflow_api = make_subapi_blueprint(SUB_API, api_version=4) workflow_api._doc = "Manage the different workflows of the system" # noinspection PyBroadException def verify_query(query): """Ensure that a workflow query can be executed.""" try: STORAGE.alert.search(query, rows=0) except Exception: # If an error occurred in this block we are 100% blaming the user query return False return True @workflow_api.route("/", methods=["PUT"]) @api_login(allow_readonly=False) def add_workflow(**kwargs): """ Add a workflow to the system Variables:
from assemblyline.common.dict_utils import get_recursive_delta from assemblyline.odm.models.error import ERROR_TYPES from assemblyline.odm.models.heuristic import Heuristic from assemblyline.odm.models.service import Service from assemblyline.odm.messages.changes import Operation from assemblyline.remote.datatypes import get_client from assemblyline.remote.datatypes.events import EventSender from assemblyline.remote.datatypes.hash import Hash from assemblyline_core.updater.helper import get_latest_tag_for_service from assemblyline_ui.api.base import api_login, make_api_response, make_file_response, make_subapi_blueprint from assemblyline_ui.api.v4.signature import _reset_service_updates from assemblyline_ui.config import LOGGER, STORAGE, config, CLASSIFICATION as Classification SUB_API = 'service' service_api = make_subapi_blueprint(SUB_API, api_version=4) service_api._doc = "Manage the different services" latest_service_tags = Hash( 'service-tags', get_client( host=config.core.redis.persistent.host, port=config.core.redis.persistent.port, private=False, )) service_update = Hash( 'container-update', get_client( host=config.core.redis.persistent.host, port=config.core.redis.persistent.port,
import json from flask import request from io import StringIO from assemblyline.datastore.exceptions import MultiKeyError from assemblyline_ui.api.base import api_login, make_api_response, make_file_response, make_subapi_blueprint from assemblyline_ui.config import STORAGE, LOGGER, FILESTORE, CLASSIFICATION as Classification, config SUB_API = 'ontology' ontology_api = make_subapi_blueprint(SUB_API, api_version=4) ontology_api._doc = "Download ontology results from the system" def generate_ontology_file(results, user, updates={}, fnames={}): # Load ontology files sio = StringIO() for r in results: for supp in r.get('response', {}).get('supplementary', {}): if supp['name'].endswith('.ontology'): try: ontology = json.loads(FILESTORE.get(supp['sha256'])) sha256 = ontology['header']['sha256'] c12n = ontology['header']['classification'] if sha256 == r['sha256'] and Classification.is_accessible( user['classification'], c12n): # Update the ontology with the live values ontology['header'].update(updates) # Set filenames if any if sha256 in fnames:
import concurrent.futures from flask import request from assemblyline.common.importing import load_module_by_path from assemblyline.datasource.common import hash_type from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint from assemblyline_ui.config import LOGGER, config SUB_API = 'hash_search' hash_search_api = make_subapi_blueprint(SUB_API, api_version=4) hash_search_api._doc = "Search hashes through multiple data sources" class SkipDatasource(Exception): pass def create_query_datasource(ds): def query_datasource(h, u): return { 'error': None, 'items': ds.parse(ds.query(h, **u), **u) } return query_datasource sources = {} # noinspection PyBroadException try: for name, settings in config.datasources.items():
from fido2 import cbor from fido2.client import ClientData from fido2.ctap2 import AttestationObject, AttestedCredentialData from fido2.server import U2FFido2Server from fido2.utils import websafe_encode, websafe_decode from fido2.webauthn import PublicKeyCredentialRpEntity from flask import session, request from assemblyline_ui.api.base import make_api_response, api_login, make_subapi_blueprint from assemblyline_ui.config import STORAGE, config SUB_API = 'webauthn' webauthn_api = make_subapi_blueprint(SUB_API, api_version=4) webauthn_api._doc = "Perfom 2-Factor authentication using webauthn protocol" rp = PublicKeyCredentialRpEntity(config.ui.fqdn, "Assemblyline server") server = U2FFido2Server(f"https://{config.ui.fqdn}", rp) @webauthn_api.route("/authenticate/begin/<username>/", methods=["GET"]) def authenticate_begin(username, **_): """ Begin authentication procedure Variables: username user name of the user you want to login with Arguments: None
import hashlib from flask import request from assemblyline.common.isotime import now_as_iso from assemblyline.remote.datatypes.lock import Lock from assemblyline_ui.api.base import api_login, make_api_response, make_subapi_blueprint from assemblyline_ui.config import CLASSIFICATION, STORAGE SUB_API = 'safelist' safelist_api = make_subapi_blueprint(SUB_API, api_version=4) safelist_api._doc = "Perform operations on safelisted hashes" class InvalidSafehash(Exception): pass def _merge_safe_hashes(new, old): try: # Check if hash types match if new['type'] != old['type']: raise InvalidSafehash( f"Safe hash type mismatch: {new['type']} != {old['type']}") # Use max classification old['classification'] = CLASSIFICATION.max_classification( old['classification'], new['classification']) # Update updated time old['updated'] = now_as_iso()