def test_cmd_file():
gen = """{
"action": "delete",
"target": {
"file": {
"name": "File name",
"path": "File path",
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
}
}
}
}"""
foo = openc2.parse(gen)
assert foo.action == "delete"
assert isinstance(foo.target, openc2.v10.File)
assert foo.target.name == "File name"
assert foo.target.path == "File path"
assert foo.target.hashes
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_device():
gen = """{
"action": "allow",
"target": {
"device": {
"hostname": "device hostname",
"idn_hostname": "device idn hostname",
"device_id": "Device id"
}
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "allow"
assert isinstance(foo.target, openc2.v10.Device)
assert foo.target.hostname == "device hostname"
assert foo.target.idn_hostname == "device idn hostname"
assert foo.target.device_id == "Device id"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_features():
gen = """{
"action": "create",
"target": {
"features": [
"versions",
"profiles",
"pairs",
"rate_limit"
]
}
}"""
foo = openc2.parse(gen)
assert foo.action == "create"
assert isinstance(foo.target, openc2.v10.Features)
assert foo.target.features == [
"versions", "profiles", "pairs", "rate_limit"
]
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_readme():
import openc2
import stix2
# encode
cmd = openc2.v10.Command(
action="deny",
target=openc2.v10.IPv4Address(ipv4_net="1.2.3.4"),
args=openc2.v10.Args(response_requested="complete"),
)
msg = cmd.serialize()
# decode
cmd = openc2.parse(msg)
if cmd.action == "deny" and cmd.target.type == "ipv4_net":
if cmd.args.response_requested == "complete":
resp = openc2.v10.Response(status=200)
msg = resp.serialize()
# custom actuator
@openc2.v10.CustomActuator(
"x-acme-widget",
[
("name", openc2.properties.StringProperty(required=True)),
("version", stix2.properties.FloatProperty()),
],
)
class AcmeWidgetActuator(object):
def __init__(self, version=None, **kwargs):
if version and version < 1.0:
raise ValueError("'%f' is not a supported version." % version)
widget = AcmeWidgetActuator(name="foo", version=1.1)
assert widget.serialize() == '{"x-acme-widget": {"name": "foo", "version": 1.1}}'
def test_cmd_custom_actuator():
@openc2.v10.CustomActuator(
"x-acme-widget",
[
("name", openc2.properties.StringProperty(required=True)),
("version", openc2.properties.FloatProperty()),
],
)
class AcmeWidgetActuator(object):
def __init__(self, version=None, **kwargs):
if version and version < 1.0:
raise ValueError("'%f' is not a supported version." % version)
widget = AcmeWidgetActuator(name="foo", version=1.1)
foo = openc2.v10.Command(action="query",
target=openc2.v10.Features(),
actuator=widget)
assert foo
assert foo.action == "query"
assert foo.actuator.name == "foo"
assert foo.actuator.version == 1.1
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert bar == foo
bar = openc2.parse(foo.serialize())
assert foo == bar
def test_cmd_create():
with pytest.raises(openc2.exceptions.MissingPropertiesError):
openc2.v10.Command()
with pytest.raises(openc2.exceptions.MissingPropertiesError):
openc2.v10.Command(action="query")
with pytest.raises(openc2.exceptions.MissingPropertiesError):
openc2.v10.Command(target=openc2.v10.Features())
foo = openc2.v10.Command(action="query", target=openc2.v10.Features())
assert foo
assert foo.action == "query"
assert foo.target.features == []
assert '"action": "query"' in foo.serialize()
assert '"target": {"features": []}' in foo.serialize()
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert bar == foo
bar = openc2.parse(foo.serialize())
assert foo == bar
d = json.loads(foo.serialize())
foo = openc2.utils.dict_to_openc2(d)
d["invalid"] = {"bad": "value"}
with pytest.raises(openc2.exceptions.ExtraPropertiesError):
openc2.utils.dict_to_openc2(d)
with pytest.raises(openc2.exceptions.InvalidValueError):
openc2.v10.Command(action="invalid", target=openc2.v10.Features())
with pytest.raises(openc2.exceptions.InvalidValueError):
openc2.v10.Command(action="query", target=openc2.v10.Args())
def test_cmd_custom():
@openc2.properties.CustomProperty(
"x-thing",
[
("uid", openc2.properties.StringProperty()),
("name", openc2.properties.StringProperty()),
("version", openc2.properties.StringProperty()),
],
)
class CustomTargetProperty(object):
pass
@openc2.v10.CustomTarget("x-thing:id", [("id", CustomTargetProperty())])
class CustomTarget(object):
pass
@openc2.v10.CustomArgs("whatever-who-cares",
[("custom_args", CustomTargetProperty())])
class CustomArgs(object):
pass
@openc2.v10.CustomActuator(
"x-acme-widget",
[
("name", openc2.properties.StringProperty(required=True)),
("version", CustomTargetProperty()),
],
)
class AcmeWidgetActuator(object):
pass
tp = CustomTargetProperty(name="target")
t = CustomTarget(id=tp)
args = CustomArgs(custom_args=CustomTargetProperty(name="args"))
act = AcmeWidgetActuator(name="hello",
version=CustomTargetProperty(name="actuator"))
cmd = openc2.v10.Command(action="query", target=t, args=args, actuator=act)
bar = openc2.parse(cmd.serialize())
assert cmd == bar
bar = openc2.parse(json.loads(cmd.serialize()))
assert cmd == bar
bar = openc2.v10.Command(**json.loads(cmd.serialize()))
assert cmd == bar
def test_cmd_domain():
gen = """{
"action": "cancel",
"target": {
"domain_name": "Domain name"
}
}"""
foo = openc2.parse(gen)
assert foo.action == "cancel"
assert isinstance(foo.target, openc2.v10.DomainName)
assert foo.target.domain_name == "Domain name"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_email():
gen = """{
"action": "copy",
"target": {
"email_addr": "Email address"
}
}"""
foo = openc2.parse(gen)
assert foo.action == "copy"
assert isinstance(foo.target, openc2.v10.EmailAddress)
assert foo.target.email_addr == "Email address"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_uri():
gen = """{
"action": "set",
"target": {
"uri": "www.myuri.com"
}
}"""
foo = openc2.parse(gen)
assert foo.action == "set"
assert isinstance(foo.target, openc2.v10.URI)
assert foo.target.uri == "www.myuri.com"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_iri():
gen = """{
"action": "remediate",
"target": {
"iri": "My IRI identifier"
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "remediate"
assert isinstance(foo.target, openc2.v10.IRI)
assert foo.target.iri == "My IRI identifier"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_mac():
gen = """{
"action": "restart",
"target": {
"mac_addr": "VGhpcyBpcyBteSBtYWMgYWRkcmVzcw=="
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "restart"
assert isinstance(foo.target, openc2.v10.MACAddress)
assert foo.target.mac_addr == "VGhpcyBpcyBteSBtYWMgYWRkcmVzcw=="
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_cmd_process():
gen = """{
"action": "restore",
"target": {
"process": {
"pid": 12354,
"name": "Process name",
"cwd": "Process CWD",
"executable": {
"name": "File name",
"path": "File path",
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
}
},
"parent": {
"pid": 43521,
"name": "Process parent name",
"cwd": "Process parent CWD"
},
"command_line": "Process command line statement"
}
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "restore"
assert isinstance(foo.target, openc2.v10.Process)
assert foo.target.pid == 12354
assert foo.target.name == "Process name"
assert foo.target.cwd == "Process CWD"
assert foo.target.executable
assert foo.target.parent
assert foo.target.command_line == "Process command line statement"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def openc2_aws_sg():
if request.headers['Content-Type'] == 'application/json':
cmd = parse(request.get_json())
try:
naclap = AWSNACL(**cmd)
except Exception as e:
resp = Response(
status=400,
status_text="Invalid command format/arguments (%s)" % str(e))
return resp.serialize()
session = boto3.Session(profile_name=naclap.actuator.aws_account_id)
ec2 = session.client('ec2', region_name=naclap.actuator.aws_region)
try:
if naclap.action == 'delete':
data = ec2.delete_network_acl_entry(
NetworkAclId=naclap.actuator.aws_nacl_id,
RuleNumber=naclap.target.splf.rule_id,
Egress=naclap.clean(naclap.args.slpf.direction, {
'ingress': False,
'egress': True
}),
RuleNumber=naclap.target.slpf.rule_number)
else:
data = ec2.create_network_acl_entry(
NetworkAclId=naclap.actuator.aws_nacl_id,
CidrBlock=naclap.target.src_addr,
Egress=naclap.clean(naclap.args.slpf.direction, {
'ingress': False,
'egress': True
}),
PortRange={
'From': naclap.target.dst_port,
'To': naclap.target.dst_port
},
Protocol=naclap.clean(naclap.target.protocol, {
'tcp': 6,
'udp': 17,
'icmp': 1
}),
RuleAction=naclap.action,
RuleNumber=naclap.args.slpf.insert_rule)
except Exception as e:
#todo: parse boto3 for http code and resp
resp = Response(status=400, status_text=str(e))
return resp.serialize()
else:
resp = Response(status=200, results={"x-aws-nacl": data})
return resp.serialize()
else:
resp = Response(status=425, status_text="Unsupported Media Type")
return resp.serialize()
def test_response_create():
with pytest.raises(openc2.exceptions.MissingPropertiesError):
openc2.v10.Response()
with pytest.raises(openc2.exceptions.MissingPropertiesError):
openc2.v10.Response(results={})
with pytest.raises(openc2.exceptions.MissingPropertiesError):
openc2.v10.Response(status_text="Ok.")
foo = openc2.v10.Response(status=200)
assert foo
assert foo.status == 200
assert foo.serialize() == '{"status": 200}'
bar = openc2.v10.Response(**json.loads(foo.serialize()))
assert bar == foo
bar = openc2.parse({"status": 200})
assert foo == bar
bar = openc2.parse(foo.serialize())
assert foo == bar
def test_cmd_properties():
gen = """{
"action": "scan",
"target": {
"properties": [
"Tag1",
"Tag2",
"Tag3",
"Tag4"
]
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "scan"
assert isinstance(foo.target, openc2.v10.Properties)
assert foo.target.properties == ["Tag1", "Tag2", "Tag3", "Tag4"]
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def main():
ms = sys.stdin
msg = json.load(ms)
openc2_cmd = openc2.parse(msg)
openc2_cmd.check_object_constraints()
try:
msg["target"]["db:db_name"]
target = "172.30.0.3"
except:
target = "172.30.0.6"
msg = openc2_cmd.serialize()
headers = {'content-type': 'application/json'}
response = requests.post('https://' + target + ':443/openc2.php',
data=msg,
headers=headers,
verify=False)
print(response.json)
def test_cmd_slpf_actuator():
widget = openc2.v10.SLPFActuator(hostname="localhost")
foo = openc2.v10.Command(action="query",
target=openc2.v10.Features(),
actuator=widget)
assert foo
assert foo.action == "query"
assert foo.actuator.hostname == "localhost"
assert '"action": "query"' in foo.serialize()
assert '"target": {"features": []}' in foo.serialize()
assert '"actuator": {"slpf": {"hostname": "localhost"}}' in foo.serialize()
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert bar == foo
bar = openc2.parse(foo.serialize())
assert foo == bar
def main():
ms = sys.stdin
msg = json.load(ms)
openc2_cmd = openc2.parse(msg)
openc2_cmd.check_object_constraints()
action = openc2_cmd["action"]
db_name = msg["target"]["db:db_name"]
try :
db_date = msg["args"]["date"]
except :
db_date = date.today().strftime("%d%m%Y")
if action == "copy" :
mysql_cmd = "mysqldump -u root --password=toor --databases " + db_name + " > " + "/var/www/backups/" + date.today().strftime("%d%m%Y") + "-" + db_name + ".sql"
elif action == "restore" :
mysql_cmd = "mysql -u root --password=toor < " + "/var/www/backups/" + db_date + "-" + db_name + ".sql"
elif action == "delete" :
mysql_cmd = "rm " + "/var/www/backups/" + db_date + "-" + db_name + ".sql"
os.system(mysql_cmd)
def openc2_aws_sg():
if request.headers['Content-Type'] == 'application/json':
cmd = parse(request.get_json())
try:
sgap = AWSSecurityGroup(**cmd)
except Exception as e:
resp = Response(status=400,
status_text="Invalid command format/arguments (%s)"%str(e))
return resp.serialize()
session = boto3.Session(profile_name=sgap.actuator.aws_account_id)
ec2 = session.client('ec2',region_name=sgap.actuator.aws_region)
if sgap.action == "allow":
try:
data = ec2.authorize_security_group_ingress( GroupId=sgap.actuator.aws_resource_id, IpProtocol=sgap.target.protocol,
FromPort=sg.target.dst_port, ToPort=sg.target.dst_port, CidrIp=sg.target.src_addr)
except Exception as e:
#todo: parse boto3 for http code and resp
resp = Response(status=400,
status_text=str(e))
return resp.serialize()
else:
resp = Response(status=200,
results = {"x-aws-sg":data})
return resp.serialize()
elif sgap.action == "delete":
try:
data = ec2.revoke_security_group_ingress( GroupId=sgap.actuator.aws_sg_id, IpProtocol=sgap.target.protocol,
FromPort=sgap.target.dst_port, ToPort=sgap.target.dst_port, CidrIp=sgap.target.src_addr )
except Exception as e:
#todo: parse boto3 for http code and resp
resp = Response(status=400,
status_text=str(e))
return resp.serialize()
else:
resp = Response(status=200,
results = {"x-aws-sg":data})
return resp.serialize()
else:
resp = Response(status=425,
status_text="Unsupported Media Type")
return resp.serialize()
def test_cmd_idn():
gen = """{
"action": "deny",
"target": {
"idn_domain_name": "IDN Domain name"
}
}"""
foo = openc2.parse(gen)
assert foo.action == "deny"
assert isinstance(foo.target, openc2.v10.InternationalizedDomainName)
assert foo.target.idn_domain_name == "IDN Domain name"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
gen = """{
"action": "detonate",
"target": {
"idn_email_addr": "IDN Email address"
}
}"""
foo = openc2.parse(gen)
assert foo.action == "detonate"
assert isinstance(foo.target, openc2.v10.InternationalizedEmailAddress)
assert foo.target.idn_email_addr == "IDN Email address"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
import sys, json
from openc2 import parse
# read in json file and attempt to parse
with open(sys.argv[1], "r") as IN:
msg = json.load(IN)
cmd = parse(msg)
print(cmd)
def test_cmd_generated():
generated = []
generated.append("""{
"action": "contain",
"target": {
"artifact": {
"payload": {
"url": "www.testurl.com"
},
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
},
"mime_type": "My MIME Type"
}
}
}
""")
generated.append("""{
"action": "start",
"target": {
"artifact": {
"payload": {
"url": "www.testurl.com"
},
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
},
"mime_type": "My MIME Type"
}
},
"args": {
"start_time": 1568209029693,
"stop_time": 1568209059693,
"response_requested": "complete"
}
}
""")
generated.append("""{
"action": "start",
"target": {
"artifact": {
"payload": {
"url": "www.testurl.com"
},
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
},
"mime_type": "My MIME Type"
}
},
"args": {
"duration": 30000,
"start_time": 1568209029693,
"response_requested": "complete"
}
}
""")
generated.append("""{
"action": "stop",
"target": {
"artifact": {
"payload": {
"bin": "YmluIGRhdGE="
},
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
},
"mime_type": "My MIME Type"
}
}
}
""")
generated.append("""{
"action": "update",
"target": {
"artifact": {
"payload": {
"url": "www.testurl.com"
},
"hashes": {
"sha1": "1234567890ABCDEF1234567890ABCDEF12345678",
"sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1",
"md5": "1234567890ABCDEF1234567890ABCDEF"
},
"mime_type": "My MIME Type"
}
}
}
""")
for gen in generated:
foo = openc2.parse(gen)
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def test_custom_target():
@openc2.v10.CustomTarget("x-thing:id", [("id", stix2.properties.StringProperty())])
class CustomTarget(object):
pass
one = CustomTarget()
assert one != None # for some reason `assert one` fails
with pytest.raises(openc2.exceptions.ExtraPropertiesError):
CustomTarget(bad="id")
one = CustomTarget(id="uuid")
assert one
assert one.id == "uuid"
two = CustomTarget(id=(json.loads(one.serialize())["x-thing:id"]))
assert one == two
with pytest.raises(openc2.exceptions.ParseError):
openc2.parse(one.serialize())
with pytest.raises(ValueError):
@openc2.v10.CustomTarget(
"x-invalid", [("id", stix2.properties.StringProperty())]
)
class CustomTargetInvalid(object):
pass
with pytest.raises(ValueError):
@openc2.v10.CustomTarget(
"invalid_target", [("id", stix2.properties.StringProperty())]
)
class CustomTargetInvalid(object):
pass
with pytest.raises(ValueError):
@openc2.v10.CustomTarget(
"over_16_chars_long_aaaaaaaaaaaaaaaaaaaa123",
[("id", openc2.properties.StringProperty())],
)
class CustomTargetInvalid(object):
pass
with pytest.raises(TypeError):
@openc2.v10.CustomTarget(
"x-custom:id", ("id", stix2.properties.StringProperty()),
)
class CustomTargetInvalid(object):
pass
with pytest.raises(TypeError):
@openc2.v10.CustomTarget("x-custom:id")
class CustomTargetInvalid(object):
pass
with pytest.raises(ValueError):
@openc2.v10.CustomTarget(
"x-over_16_chars_long_aaaaaaaaaaaaaaaaaaaa:id",
[("id", openc2.properties.StringProperty())],
)
class CustomTargetInvalid(object):
pass
with pytest.raises(ValueError):
@openc2.v10.CustomTarget("x-thing:noprops", [])
class CustomTargetInvalid(object):
pass
with pytest.raises(openc2.exceptions.InvalidValueError):
v = """{ "target": {"x-custom": "value"}, "action":"query"}"""
openc2.utils.parse(v)
with pytest.raises(openc2.exceptions.InvalidValueError):
v = """{ "target": {"x-custom:id": "value"}, "action":"query"}"""
openc2.utils.parse(v)
with pytest.raises(openc2.exceptions.InvalidValueError):
v = """{ "target": {}, "action":"query"}"""
openc2.utils.parse(v)
def main():
ms = sys.stdin
msg = json.load(ms)
openc2_cmd = openc2.parse(msg)
openc2_cmd.check_object_constraints()
action = openc2_cmd["action"]
addr1 = msg["target"]["ipsec_targets"]["addr1"]
addr2 = msg["target"]["ipsec_targets"]["addr2"]
try:
socket.inet_aton(addr1)
except socket.error:
print("Error: addr1 is invalid")
sys.exit(1)
try:
socket.inet_aton(addr2)
except socket.error:
print("Error: addr2 is invalid")
sys.exit(1)
gateway = subprocess.Popen(
"ip route | grep default | cut -f3 -d' '",
shell=True,
stdout=subprocess.PIPE).communicate()[0].strip().decode('ascii')
if addr1 == gateway:
addr1, addr2 = addr2, addr1
try:
ike_encryption = msg["args"]["ike_encryption"]
except:
ike_encryption = "aes128"
try:
ike_hash = msg["args"]["ike_hash"]
except:
ike_hash = "sha1"
try:
esp_encryption = msg["args"]["esp_encryption"]
except:
esp_encryption = "aes128"
try:
esp_hash = msg["args"]["esp_hash"]
except:
esp_hash = "sha1"
try:
shared_secret = msg["args"]["shared_secret"]
except:
shared_secret = "secret"
if action == "start":
cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/start_ipsec.sh"
cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/start_ipsec.sh"
os.system(cmd1)
os.system(cmd2)
elif action == "stop":
cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/stop_ipsec.sh"
cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/stop_ipsec.sh"
os.system(cmd1)
os.system(cmd2)
elif action == "create":
cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/create_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption
cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/create_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption
cmd3 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh"
cmd4 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh"
os.system(cmd1)
os.system(cmd2)
os.system(cmd3)
os.system(cmd4)
elif action == "set":
cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/set_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption
cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/set_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption
cmd3 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh"
cmd4 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh"
os.system(cmd1)
os.system(cmd2)
os.system(cmd3)
os.system(cmd4)
def test_cmd_ip():
gen = """{
"action": "investigate",
"target": {
"ipv4_connection": {
"src_addr": "10.0.0.0/24",
"src_port": 8443,
"dst_addr": "10.0.0.0/24",
"dst_port": 9443,
"protocol": "tcp"
}
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "investigate"
assert isinstance(foo.target, openc2.v10.IPv4Connection)
assert foo.target.src_addr == "10.0.0.0/24"
assert foo.target.src_port == 8443
assert foo.target.dst_addr == "10.0.0.0/24"
assert foo.target.dst_port == 9443
assert foo.target.protocol == "tcp"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
gen = """{
"action": "locate",
"target": {
"ipv4_net": "10.0.0.0/24"
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "locate"
assert isinstance(foo.target, openc2.v10.IPv4Address)
assert foo.target.ipv4_net == "10.0.0.0/24"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
gen = """{
"action": "query",
"target": {
"ipv6_connection": {
"src_addr": "AE:00:E4:F1:04:65/24",
"src_port": 8443,
"dst_addr": "AE:00:E4:F1:04:65/24",
"dst_port": 9443,
"protocol": "tcp"
}
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "query"
assert isinstance(foo.target, openc2.v10.IPv6Connection)
assert foo.target.src_addr == "AE:00:E4:F1:04:65/24"
assert foo.target.src_port == 8443
assert foo.target.dst_addr == "AE:00:E4:F1:04:65/24"
assert foo.target.dst_port == 9443
assert foo.target.protocol == "tcp"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
gen = """{
"action": "locate",
"target": {
"ipv6_net": "AE:00:E4:F1:04:65/24"
}
}
"""
foo = openc2.parse(gen)
assert foo.action == "locate"
assert isinstance(foo.target, openc2.v10.IPv6Address)
assert foo.target.ipv6_net == "AE:00:E4:F1:04:65/24"
bar = openc2.parse(foo.serialize())
assert foo == bar
bar = openc2.parse(json.loads(foo.serialize()))
assert foo == bar
bar = openc2.v10.Command(**json.loads(foo.serialize()))
assert foo == bar
def _deseropenc2(msg): return openc2.parse(msg)
import openc2
import stix2
cmd = openc2.v10.ROUTER(
action="create",
target=openc2.v10.ROUTERTarget(addr1="aaa", addr2="aaa"),
args=openc2.v10.ROUTERArgs(shared_secret="",
ike_hash="",
esp_hash="",
esp_encryption="",
ike_encryption=""),
)
msg = cmd.serialize()
print(cmd)
cmd = openc2.parse(msg)
print(cmd)
