def get_by_attribute(self, attribute): """ fetches one Value instance with the information of the given attribute :param attribute: the attribute in context :type attribute: Attribute :returns : Value """ self.__set_class_by_attribute(attribute) try: clazz = self.get_broker_class() result = self.session.query(clazz).filter( clazz.attribute_id == attribute.identifier).one() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException( u'No value found with ID :{0} in {1}'.format( attribute.identifier, self.get_broker_class())) except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException( 'Too many value found for ID :{0} in {1}'.format( attribute.identifier, self.get_broker_class())) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error) return result
def get_all_limited_for_user(self, limit, offset, user, parameters=None): """Returns only a subset of entries""" try: group_ids = self.__get_all_group_ids_of_user(user) tlp = get_max_tlp(user.group) # TODO: events for user # TODO add validation and published checks # result = self.session.query(self.get_broker_class()).filter(Event.dbcode.op('&')(4) == 4).order_by(Event.created_at.desc()).limit(limit).offset(offset).all() # , Event.tlp_level_id >= tlp result = self.session.query(Event).distinct().join( EventGroupPermission).filter( and_( Event.dbcode.op('&')(4) == 4, or_(Event.tlp_level_id >= tlp, EventGroupPermission.group_id.in_(group_ids), Event.owner_group_id == user.group_id))) result = self.__set_parameters(result, parameters) result = result.limit(limit).offset(offset).all() # remove all the no viewable except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'Nothing found') except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error) return result
def __look_for_value(self, needle, operand, bypass_validation=False): if bypass_validation: code = 0 else: code = 4 try: if operand == '==': return self.session.query(Reference).filter( Reference.value == needle, Reference.dbcode.op('&')(code) == code).all() if operand == '<': return self.session.query(Reference).filter( Reference.value < needle, Reference.dbcode.op('&')(code) == code).all() if operand == '>': return self.session.query(Reference).filter( Reference.value > needle, Reference.dbcode.op('&')(code) == code).all() if operand == '<=': return self.session.query(Reference).filter( Reference.value <= needle, Reference.dbcode.op('&')(code) == code).all() if operand == '>=': return self.session.query(Reference).filter( Reference.value >= needle, Reference.dbcode.op('&')(code) == code).all() if operand == 'like': return self.session.query(Reference).filter( Reference.value.like('%{0}%'.format(needle)), Reference.dbcode.op('&')(code) == code).all() except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def remove_object_from_attribute(self, attr_id, obj_id, commit=True): """ Removes an attribute from an object :param obj_id: Identifier of the object :type obj_id: Integer :param attr_id: Identifier of the attribute :type attr_id: Integer """ try: obj = self.session.query(ObjectDefinition).filter(ObjectDefinition.identifier == obj_id).one() attribute = self.session.query(AttributeDefinition).filter(AttributeDefinition.identifier == attr_id).one() # check if chksum is not required required_chksums = self.findallchksums(obj) # remove self existing = required_chksums.get(attribute.chksum, None) if existing: raise IntegrityException((u'Attribute {0} is still required by attribute {1}.' + ' Please remove {1} first.').format(existing[1], existing[0])) else: attribute.remove_object(obj) self.do_commit(commit) except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'Attribute or Object not found') except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_objects_by_attribute(self, identifier, belong_in=True): """ returns all objects belonging to an attribute with the given identifier Note: If nothing is found an empty list is returned :param identifier: identifier of the object :type identifier: Integer :param belong_in: If set returns all the attributes of the object else all the attributes not belonging to the object :type belong_in: Boolean :returns: list of ObjectDefinitons """ try: objects = self.session.query(ObjectDefinition).join(AttributeDefinition.objects).filter(AttributeDefinition.identifier == identifier).order_by(ObjectDefinition.name.asc()).all() if not belong_in: obj_ids = list() for obj in objects: obj_ids.append(obj.identifier) objects = self.session.query(ObjectDefinition).filter(~ObjectDefinition.identifier.in_(obj_ids)).order_by(ObjectDefinition.name.asc()).all() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'Nothing found for ID: {0}', format(identifier)) except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error) return objects
def get_defintion_by_chksums(self, chksums): """ Returns the attribute definition object with the given name Note: raises a NothingFoundException or a TooManyResultsFound Exception :param identifier: the id of the requested user object :type identifier: integer :returns: Object """ try: definitions = self.session.query(self.get_broker_class()).filter( getattr(self.get_broker_class(), 'chksum').in_(chksums)).all() if definitions: return definitions else: return list() except NoResultFound: raise NothingFoundException( u'No {0} not found for CHKSUMS {1}'.format( self.get_broker_class().__class__.__name__, chksums)) except SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def add_object_to_attribute(self, attr_id, obj_id, commit=True): """ Add an attribute to an object :param obj_id: Identifier of the object :type obj_id: Integer :param attr_id: Identifier of the attribute :type attr_id: Integer """ try: obj = self.session.query(ObjectDefinition).filter(ObjectDefinition.identifier == obj_id).one() attribute = self.session.query(AttributeDefinition).filter(AttributeDefinition.identifier == attr_id).one() attribute.add_object(obj) additional_attributes_chksums = attribute.handler.get_additinal_attribute_chksums() if additional_attributes_chksums: # collect all required attributes and add them additional_attributes = self.get_defintion_by_chksums(additional_attributes_chksums) for additional_attribute in additional_attributes: obj.add_attribute(additional_attribute) self.do_commit(commit) except sqlalchemy.orm.exc.NoResultFound as error: raise NothingFoundException(u'Attribute or Object not found') except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_parent_object_by_object(self, obj): try: result = self.session.query(RelatedObject).filter(RelatedObject.child_id == obj.identifier).one() return result.parent except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException('No parent found for object with ID {0} in {1}'.format(obj.identifier, self.__class__.__name__)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_all_notifiable_groups(self): try: result = self.session.query(Group).filter(Group.notifications == 1, Group.email != None).all() return result except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'No notifiable users found') except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_all_from(self, from_datetime): try: result = self.session.query(Event).filter( Event.created_at >= from_datetime).all() return result except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_by_uuids(self, ids): try: result = self.session.query(Event).filter( Event.uuid.in_(ids)).all() return result except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error) return result
def get_related_object_by_child_object_id(self, identifier): try: return self.session.query(RelatedObject).filter(RelatedObject.child_id == identifier).one() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException('Nothing found with ID :{0} in {1}'.format(identifier, self.__class__.__name__)) except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException('Too many results found for ID :{0}'.format(identifier)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_all_by_observable_id(self, identifier): try: result = self.session.query(Object).filter(Object.observable_id == identifier).all() return result except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException('Nothing found with ID :{0} in {1}'.format(identifier, self.__class__.__name__)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def remove_group_permission_by_id(self, identifier, commit=True): try: self.session.query(EventGroupPermission).filter( EventGroupPermission.identifier == identifier).delete( synchronize_session='fetch') self.do_commit(commit) except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_group_by_uuid(self, uuid): try: result = self.session.query(EventGroupPermission).filter( EventGroupPermission.uuid == uuid).one() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'Nothing found') except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error) return result
def get_scheduled_process_items(self): try: process_id = ProcessStatus.SCHEDULED result = self.session.query(ProcessItem).filter( ProcessItem.db_status == process_id) return result.all() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException('Nothing found') except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_relations_by_event(self, event, unique_events=True): """ Returns the relations for a given event :param event: :type event: Event :param unique_events: :type unique_event: Boolean :returns: List of Relations """ try: if unique_events: querry = self.session.query(Relation).distinct( Relation.event_id, Relation.rel_event_id).group_by( Relation.event_id, Relation.rel_event_id).filter( or_(Relation.event_id == event.identifier, Relation.rel_event_id == event.identifier)) else: querry = self.session.query(Relation).filter( or_(Relation.event_id == event.identifier, Relation.rel_event_id == event.identifier)) relations = querry.all() # convert to event -> relation results = list() seen_events = list() for relation in relations: match = Relation() # check if event-> rel_event if relation.event_id == event.identifier: match = relation else: # else flip data match.identifier = relation.identifier match.event_id = relation.rel_event_id match.event = relation.rel_event match.rel_event_id = relation.event_id match.rel_event = relation.event match.attribute_id = relation.rel_attribute_id match.attribute = relation.rel_attribute match.rel_attribute_id = relation.attribute_id match.rel_attribute = relation.attribute if unique_events: if relation.rel_event_id not in seen_events: results.append(match) seen_events.append(match.rel_event_id) else: results.append(match) return results except sqlalchemy.orm.exc.NoResultFound: return list() except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_by_name(self, name): try: result = self.session.query(Group).filter(Group.name == name).one() return result except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException('Nothing found with name :{0}'.format(name)) except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException('Too many results found for name :{0}'.format(name)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_by_id_and_event_id(self, identifier, event_id): try: result = self.session.query(Observable).filter(and_(Observable.identifier == identifier, Observable.event_id == event_id)).one() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException('No observable found with ID :{0} in event with ID {1}'.format(identifier, event_id)) except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException('Too many results found for observable with ID {0} in event with ID {1}'.format(identifier, event_id)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error) return result
def get_condition_by_value(self, value): try: if value == None: value = 'Equals' return self.session.query(Condition).filter(Condition.value == value).one() except NoResultFound: raise NothingFoundException('Nothing found with ID :{0} in {1}'.format(value, self.__class__.__name__)) except MultipleResultsFound: raise TooManyResultsFoundException('Too many results found for ID :{0}'.format(value)) except SQLAlchemyError as error: raise BrokerException(error)
def get_total_events(self, parameters=None): try: # TODO add validation and published checks result = self.session.query(Event) result = self.__set_parameters(result, parameters) result = result.count() # result = self.session.query(self.get_broker_class()).count() return result except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_all_misp_references(self, bypass_validation=False): if bypass_validation: code = 0 else: code = 4 try: return self.session.query(Reference).filter( Reference.value.like('%{0}%'.format('Event ID')), Reference.dbcode.op('&')(code) == code).all() except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_all_unvalidated_total(self, parameters=None): try: result = self.session.query(Event).filter( Event.dbcode.op('&')(4) != 4) result = self.__set_parameters(result, parameters) result = result.count() except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'Nothing found') except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error) return result
def get_all_relationable_definitions(self): try: definitions = self.session.query(AttributeDefinition).filter(AttributeDefinition.relation == 1).all() if definitions: return definitions else: raise sqlalchemy.orm.exc.NoResultFound except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException(u'No {0} is set as relationable'.format(self.get_broker_class().__class__.__name__)) except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_by_parent(self, observable): try: result = self.session.query(ObservableComposition).filter( ObservableComposition.parent_id == observable.identifier).all() return result except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException( 'No observables found in composed observable with ID {1}'. format(observable.identifier)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def remove_relations_for_event(self, event): try: self.session.query(Relation).filter( or_(Relation.event_id == event.identifier, Relation.rel_event_id == event.identifier)).delete( synchronize_session='fetch') except sqlalchemy.exc.IntegrityError as error: self.session.rollback() raise IntegrityException(error) except sqlalchemy.exc.SQLAlchemyError as error: self.session.rollback() raise BrokerException(error)
def get_definition_by_name(self, name): try: return self.session.query(ReferenceDefinition).filter( ReferenceDefinition.name == name).one() except NoResultFound: raise NothingFoundException( 'Nothing found with ID :{0} in {1}'.format( name, self.__class__.__name__)) except MultipleResultsFound: raise TooManyResultsFoundException( 'Too many results found for ID :{0}'.format(name)) except SQLAlchemyError as error: raise BrokerException(error)
def get_user_by_api_key(self, api_key): # check if api key exists try: result = self.session.query(User).filter( User.api_key == api_key).one() return result except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException( u'Nothing found with apikey :{0}'.format(api_key)) except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException( 'Too many results found for apikey :{0}'.format(api_key)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_user_by_act_str(self, activation_str): try: result = self.session.query(User).filter( User.activation_str == activation_str).one() return result except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException( u'Nothing found for activation_str {0}'.format(activation_str)) except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException( 'Too many results found for activation_str :{0}'.format( activation_str)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)
def get_event_group_permissions(self, event, group): try: return self.session.query(EventGroupPermission).filter( and_(EventGroupPermission.event_id == event.identifier, EventGroupPermission.group_id == group.identifier)).one() except sqlalchemy.orm.exc.MultipleResultsFound: raise TooManyResultsFoundException( 'Too many results found for this cannot happen') except sqlalchemy.orm.exc.NoResultFound: raise NothingFoundException( 'Group {0} was not associated to event {1}'.format( group.identifier, event.identifier)) except sqlalchemy.exc.SQLAlchemyError as error: raise BrokerException(error)