def check_if_owner(self, event):
user = self.get_user()
owner = is_event_owner(event, user)
if not owner:
raise cherrypy.HTTPError(
403, 'User/group {0}/{1} does not own event {2}'.format(
user.username, user.group.name, event.identifier))
def __pull(self, item):
if item.server_details:
# do the sync only for this server
if item.server_details.type == 'MISP':
# set the parameters for misp
self.misp_converter.api_key = item.server_details.user.api_key
self.misp_converter.api_url = item.server_details.baseurl
self.misp_converter.tag = item.server_details.name
# fetch one event from misp
misp_event_xml = self.misp_converter.get_xml_event(
item.event_uuid)
# make insert/merge
try:
self.misp_ctrl.ins_merg_event(item.server_details,
misp_event_xml,
item.server_details.user,
self.user)
self.process_controller.process_finished_success(
item, self.user)
except MISPAdapterException as error:
raise SchedulerException(error)
# TODO dump xml or log it in browser
elif item.server_details.type.lower() == 'ce1sus':
self.ce1sus_adapter.server_details = item.server_details
self.ce1sus_adapter.login()
rem_json = self.ce1sus_adapter.get_event_by_uuid(
item.event_uuid, True, True, True, True)
# check if event exists
try:
event = self.event_controller.get_event_by_uuid(
item.event_uuid)
# merge the event fetched
owner = is_event_owner(event, item.server_details.user)
event = self.ce1sus_adapter.assembler.update_event(
event, rem_json, item.server_details.user, owner, True)
self.__insert_provenance_report(event, item.server_details)
self.event_controller.update_event(self.user, event, True,
True)
except ControllerNothingFoundException:
event = self.ce1sus_adapter.assembler.assemble_event(
rem_json, item.server_details.user, True, True, False)
event.properties.is_validated = False
self.__insert_provenance_report(event, item.server_details)
self.event_controller.insert_event(self.user, event, True,
True)
except ControllerException as error:
self.ce1sus_adapter.logout()
raise SchedulerException(error)
self.ce1sus_adapter.logout()
self.process_controller.process_finished_success(
item, self.user)
pass
else:
raise SchedulerException('Server type {0} is unkown'.format(
item.server_details.type))
else:
# do the sync for all servers which are pull servers
pass
def check_if_user_can_add(self, event):
user = self.get_user()
result = is_event_owner(event, user)
if not result:
result = self.is_user_allowed_to_perform(event, 'can_add', user)
if not result:
result = self.is_user_allowed_to_perform(
event, 'can_propose', user)
if not result:
raise cherrypy.HTTPError(
403, 'User {0}/{1} can not add contents to event {2}'.format(
user.username, user.group.name, event.identifier))
def is_event_owner(self, event, user):
self.logger.debug(
u'Checking if user/group {0}/{1} owns event {2}'.format(
user.username, user.group.name, event.identifier))
result = is_event_owner(event, user)
if result:
self.logger.info(u'User/group {0}/{1} owns of event {2}'.format(
user.username, user.group.name, event.identifier))
else:
self.logger.info(
u'User/group {0}/{1} does not own of event {2}'.format(
user.username, user.group.name, event.identifier))
return result
def update_event(self, event, complete=False, inflated=False):
url = '/event/{0}'.format(event.uuid)
url = self.__set_complete_inflated(url, complete, inflated)
event_permissions = self.event_controller.get_event_user_permissions(
event, self.server_details.user)
json = self.__request(url,
'PUT',
data=event.to_dict(True, True, event_permissions,
self.server_details.user))
owner = is_event_owner(event, self.server_details.user)
event = self.assembler.update_event(event, json,
self.server_details.user, owner,
True)
return event
def __push(self, item):
if item.server_details:
# do the sync only for this server
if item.server_details.type == 'MISP':
event = self.event_controller.get_event_by_uuid(
item.event_uuid)
self.__push_misp(item, event)
elif item.server_details.type == 'Ce1sus':
self.ce1sus_adapter.server_details = item.server_details
self.ce1sus_adapter.login()
event = self.event_controller.get_event_by_uuid(
item.event_uuid)
try:
try:
rem_event = self.ce1sus_adapter.get_event_by_uuid(
item.event_uuid, False, False, False, False)
self.__insert_provenance_report(
event, item.server_details)
owner = is_event_owner(event, item.server_details.user)
event = self.ce1sus_adapter.assembler.update_event(
event, rem_event, item.server_details.user, owner,
True)
self.__insert_provenance_report(
event, item.server_details)
self.ce1sus_adapter.update_event(event, True, True)
except Ce1susAdapterNothingFoundException:
event.properties.validated = False
self.__insert_provenance_report(
event, item.server_details)
self.ce1sus_adapter.insert_event(event, True, True)
self.process_controller.process_finished_success(
item, item.server_details.user)
except (BrokerException, ControllerException,
Ce1susAdapterException) as error:
raise SchedulerException(error)
finally:
self.ce1sus_adapter.logout()
else:
raise SchedulerException('Server type {0} is unkown'.format(
item.server_details.type))
else:
# do the sync for all servers which are push servers
pass
def is_user_allowed_set_share(self, event, old_instance, user, json):
properties = json.get('properties', None)
if properties:
shared = properties.get('shared', None)
if shared is not None:
if is_event_owner(event, user):
return True
else:
if old_instance.originating_group.identifier == user.group_id:
# User owns instance
return True
else:
if old_instance.properties.is_shareable == shared:
return True
else:
self.logger.info(
u'User/group {0}/{1} has no right to share elements of event {2}'
.format(user.username, user.group.name,
event.identifier))
return False
return True
def get_event_user_permissions(self, event, user):
try:
user = self.user_broker.getUserByUserName(user.username)
# If is admin => give all rights the same is valid for the owenr
isowner = is_event_owner(event, user)
if isowner:
permissions = EventPermissions('0')
permissions.set_all()
return permissions
else:
permissions = self.event_broker.get_event_user_permissions(
event, user)
if hasattr(permissions, 'permissions'):
permissions = permissions.permissions
return permissions
else:
return None
except NothingFoundException as error:
# The group was not associated to the event
self.logger.debug(error)
# if the event is still not visible the event has to have a lower or equal tlp level
user_tlp = user.group.tlp_lvl
result = event.tlp_level_id >= user_tlp
if result:
# Get the defaults for this group
usr_grp = user.group
permissions = usr_grp.default_permissions
else:
permissions = EventPermissions('0')
return permissions
except BrokerException as error:
permissions = EventPermissions('0')
return permissions
def to_dict(self, complete=True, inflated=False, event_permissions=None, user=None):
if inflated:
observables = list()
for observable in self.get_observables_for_permissions(event_permissions, user):
observables.append(observable.to_dict(complete, inflated, event_permissions, user))
observables_count = len(observables)
indicators = list()
for indicator in self.get_indicators_for_permissions(event_permissions, user):
indicators.append(indicator.to_dict(complete, inflated, event_permissions, user))
indicators_count = len(indicators)
reports = list()
for report in self.get_reports_for_permissions(event_permissions, user):
reports.append(report.to_dict(complete, inflated, event_permissions, user))
reports_count = len(reports)
else:
observables = None
# observables_count = self.observables_count_for_permissions(event_permissions)
observables_count = -1
reports = None
# reports_count = self.reports_count_for_permissions(event_permissions)
reports_count = -1
indicators = None
indicators_count = -1
if complete:
comments = list()
if is_event_owner(self, user):
for comment in self.comments:
comments.append(comment.to_dict())
groups = list()
for group in self.groups:
groups.append(group.to_dict(complete, False))
result = {'identifier': self.convert_value(self.uuid),
'int_id': self.convert_value(self.identifier),
'title': self.convert_value(self.title),
'description': self.convert_value(self.description),
'last_publish_date': self.convert_value(self.last_publish_date),
'risk': self.convert_value(self.risk),
'status': self.convert_value(self.status),
'tlp': self.convert_value(self.tlp),
'analysis': self.convert_value(self.analysis),
'creator_group': self.creator_group.to_dict(complete, False),
'modifier_group': self.modifier.group.to_dict(complete, False),
'originating_group': self.originating_group.to_dict(complete, False),
'created_at': self.convert_value(self.created_at),
'published': self.convert_value(self.properties.is_shareable),
'modified_on': self.convert_value(self.modified_on),
'reports': reports,
'reports_count': reports_count,
'first_seen': self.convert_value(None),
'last_seen': self.convert_value(None),
'observables': observables,
'observables_count': observables_count,
'indicators': indicators,
'indicators_count': indicators_count,
'comments': comments,
'properties': self.properties.to_dict(),
'groups': groups,
'last_seen': self.convert_value(self.last_seen),
'first_seen': self.convert_value(self.first_seen)
}
else:
result = {'identifier': self.convert_value(self.uuid),
'int_id': self.convert_value(self.identifier),
'title': self.convert_value(self.title),
'created_at': self.convert_value(self.created_at),
'published': self.convert_value(self.properties.is_shareable),
'modified_on': self.convert_value(self.modified_on),
'observables': observables,
'observables_count': observables_count,
'indicators': indicators,
'indicators_count': indicators_count,
'reports': reports,
'reports_count': reports_count,
'risk': self.convert_value(self.risk),
'status': self.convert_value(self.status),
'tlp': self.convert_value(self.tlp),
'analysis': self.convert_value(self.analysis),
'creator_group': self.creator_group.to_dict(complete, False),
'modifier_group': self.modifier.group.to_dict(complete, False),
'originating_group': self.originating_group.to_dict(complete, False),
'last_seen': self.convert_value(self.last_seen),
'first_seen': self.convert_value(self.first_seen),
'comments': None,
'properties': self.properties.to_dict()
}
return result
