def ui_yara(): """ Yara signatures view. """ create_yara_form = YaraForm() change_tlp_level_form = ChangeTLPForm() rename_yara_form = RenameForm() if create_yara_form.validate_on_submit(): ret = api.yaracontrol.create( create_yara_form.yara_name.data, create_yara_form.yara_raw.data, create_yara_form.yara_tlp.data) if ret is None: flash("Error during yara creation", "error") else: flash("Created yara " + ret.name, "success") elif change_tlp_level_form.validate_on_submit(): if change_tlp_level_form.item_id: yar = api.get_elem_by_type("yara", change_tlp_level_form.item_id.data) api.yaracontrol.set_tlp_level( change_tlp_level_form.level.data, yar) elif rename_yara_form.validate_on_submit(): if rename_yara_form.item_id: yar = api.get_elem_by_type("yara", rename_yara_form.item_id.data) api.yaracontrol.rename(rename_yara_form.newname.data, yar) yaras = api.yaracontrol.get_all() return render_template("signatures.html", myyaras=yaras, changetlpform=change_tlp_level_form, renameform=rename_yara_form, yaraform=create_yara_form)
def ui_yara(): """ Yara signatures view. """ create_yara_form = YaraForm() change_tlp_level_form = ChangeTLPForm() rename_yara_form = RenameForm() if create_yara_form.validate_on_submit(): api.yaracontrol.create(create_yara_form.yara_name.data, create_yara_form.yara_raw.data, create_yara_form.yara_tlp.data) if change_tlp_level_form.validate_on_submit(): if change_tlp_level_form.item_id: yar = api.yaracontrol.get_by_id(change_tlp_level_form.item_id.data) if yar is None: abort(404) api.yaracontrol.set_tlp_level(change_tlp_level_form.level.data, yar) if rename_yara_form.validate_on_submit(): if rename_yara_form.item_id: yar = api.yaracontrol.get_by_id(rename_yara_form.item_id.data) if yar is None: abort(404) api.yaracontrol.rename(rename_yara_form.newname.data, yar) yaras = api.yaracontrol.get_all() return render_template("signatures.html", myyaras=yaras, changetlpform=change_tlp_level_form, renameform=rename_yara_form, yaraform=create_yara_form)
def gen_sample_view(sample_id, graph=None, fctaddr=None): """ Generates a sample's view (template). We split the view because of the disassembly view, which is directly included in the sample's view, but not "by default". """ sample = api.samplecontrol.get_by_id(sample_id) if sample is None: abort(404) machex_export_form = ExportMachexForm(sampleid=sample.id) set_sample_abstract_form = SampleAbstractForm() add_family_form = AddSampleToFamilyForm() families_choices = [(f.id, f.name) for f in Family.query.order_by('name')] add_family_form.parentfamily.choices = families_choices change_tlp_level_form = ChangeTLPForm() machoc_compare_form = CompareMachocForm() sample_metadata = [] for i in sample.s_metadata: sample_metadata.append( {"type": SampleMetadataType.tostring(i.type_id), "value": i.value}) if add_family_form.validate_on_submit(): family_id = add_family_form.parentfamily.data family = api.familycontrol.get_by_id(family_id) if family is None: abort(404) api.familycontrol.add_sample(sample, family) if set_sample_abstract_form.validate_on_submit(): abstract = set_sample_abstract_form.abstract.data api.samplecontrol.set_abstract(sample, abstract) elif sample.abstract is not None: set_sample_abstract_form.abstract.default = sample.abstract set_sample_abstract_form.abstract.data = sample.abstract if change_tlp_level_form.validate_on_submit(): level = change_tlp_level_form.level.data api.samplecontrol.set_tlp_level(sample, level) machoc_comparison_results = None if machoc_compare_form.validate_on_submit(): comparison_level = machoc_compare_form.percent.data if comparison_level < 1: comparison_level = 1 elif comparison_level > 100: comparison_level = 100 comparison_level = float(comparison_level) / 100 machoc_comparison_results = api.samplecontrol.machoc_diff_with_all_samples( sample, comparison_level) return render_template("sample.html", sample=sample, abstractform=set_sample_abstract_form, checklists=api.samplecontrol.get_all_checklists(), changetlpform=change_tlp_level_form, compareform=machoc_compare_form, expform=machex_export_form, hresults=machoc_comparison_results, metasample=sample_metadata, addfamilyform=add_family_form, graph=graph, fctaddr=fctaddr)
def gen_sample_view(sample_id, graph=None, fctaddr=None): """ Generates a sample's view (template). We split the view because of the disassembly view, which is directly included in the sample's view, but not "by default". """ sample = api.samplecontrol.get_by_id(sample_id) if sample is None: abort(404) machex_export_form = ExportMachexForm(sampleid=sample.id) set_sample_abstract_form = SampleAbstractForm() add_family_form = AddSampleToFamilyForm() families_choices = [(f.id, f.name) for f in Family.query.order_by('name')] add_family_form.parentfamily.choices = families_choices change_tlp_level_form = ChangeTLPForm() machoc_form = CompareMachocForm() if add_family_form.validate_on_submit(): family_id = add_family_form.parentfamily.data family = api.familycontrol.get_by_id(family_id) if family is None: abort(404) api.familycontrol.add_sample(sample, family) if set_sample_abstract_form.validate_on_submit(): abstract = set_sample_abstract_form.abstract.data api.samplecontrol.set_abstract(sample, abstract) elif sample.abstract is not None: set_sample_abstract_form.abstract.default = sample.abstract set_sample_abstract_form.abstract.data = sample.abstract if change_tlp_level_form.validate_on_submit(): level = change_tlp_level_form.level.data api.samplecontrol.set_tlp_level(sample, level) machoc_comparison_results = None if machoc_form.validate_on_submit(): machoc_comparison_results = parse_machoc_form(sample, machoc_form) return render_template("sample.html", sample=sample, abstractform=set_sample_abstract_form, checklists=api.samplecontrol.get_all_checklists(), changetlpform=change_tlp_level_form, compareform=machoc_form, expform=machex_export_form, hresults=machoc_comparison_results, addfamilyform=add_family_form, graph=graph, fctaddr=fctaddr)
def gen_sample_view(sample_id, graph=None, fctaddr=None): """ Generates a sample's view (template). We split the view because of the disassembly view, which is directly included in the sample's view, but not "by default". """ sample = api.get_elem_by_type("sample", sample_id) machex_export_form = ExportMachexForm(sampleid=sample.id) set_sample_abstract_form = SampleAbstractForm() add_family_form = AddSampleToFamilyForm() families_choices = [(f.id, f.name) for f in Family.query.order_by('name')] add_family_form.parentfamily.choices = families_choices change_tlp_level_form = ChangeTLPForm() machoc_form = CompareMachocForm() if add_family_form.validate_on_submit(): family_id = add_family_form.parentfamily.data family = api.get_elem_by_type("family", family_id) api.familycontrol.add_sample(sample, family) if set_sample_abstract_form.validate_on_submit(): abstract = set_sample_abstract_form.abstract.data api.samplecontrol.set_abstract(sample, abstract) elif sample.abstract is not None: set_sample_abstract_form.abstract.default = sample.abstract set_sample_abstract_form.abstract.data = sample.abstract if change_tlp_level_form.validate_on_submit(): level = change_tlp_level_form.level.data api.samplecontrol.set_tlp_level(sample, level) machoc_comparison_results = None if machoc_form.validate_on_submit(): machoc_comparison_results = parse_machoc_form(sample, machoc_form) return render_template("sample.html", sample=sample, abstractform=set_sample_abstract_form, checklists=api.samplecontrol.get_all_checklists(), changetlpform=change_tlp_level_form, compareform=machoc_form, expform=machex_export_form, hresults=machoc_comparison_results, addfamilyform=add_family_form, graph=graph, fctaddr=fctaddr)
def view_family(family_id): """ Family view and forms handling. """ family = api.get_elem_by_type("family", family_id) family_users = api.familycontrol.get_users_for_family(family) export_form = ExportFamilyForm() add_subfamily_form = AddSubFamilyForm() add_yara_form = AddYaraToFamilyForm() yara_choices = [(f.id, f.name) for f in YaraRule.query.order_by( 'name') if f not in family.yaras] add_yara_form.yaraid.choices = yara_choices family_abstract_form = FamilyAbstractForm() add_detection_item_form = CreateDetectionItemForm() change_status_form = ChangeStatusForm() change_tlp_form = ChangeTLPForm() add_attachment_form = UploadFamilyFileForm() if add_subfamily_form.validate_on_submit(): newname = add_subfamily_form.familyname.data newname = family.name + "." + newname fid = api.familycontrol.create(name=newname, parentfamily=family) if not fid: abort(500) if export_form.validate_on_submit(): family_manage_export_form(family.id, export_form) if add_yara_form.validate_on_submit(): yar = api.get_elem_by_type("yara", add_yara_form.yaraid.data) api.yaracontrol.add_to_family(family, yar) if family_abstract_form.validate_on_submit(): abstract = family_abstract_form.abstract.data api.familycontrol.set_abstract(family, abstract) elif family.abstract is not None: family_abstract_form.abstract.default = family.abstract family_abstract_form.abstract.data = family.abstract if change_tlp_form.validate_on_submit(): level = change_tlp_form.level.data api.familycontrol.set_tlp_level(family, level) if change_status_form.validate_on_submit(): status = change_status_form.newstatus.data api.familycontrol.set_status(family, status) if add_detection_item_form.validate_on_submit(): api.familycontrol.create_detection_item( add_detection_item_form.item_abstract.data, add_detection_item_form.name.data, add_detection_item_form.tlp_level.data, add_detection_item_form.item_type.data, family) if add_attachment_form.validate_on_submit(): data = add_attachment_form.file.data.read() fname = secure_filename(add_attachment_form.file.data.filename) api.familycontrol.add_file(data, fname, add_attachment_form.description.data, add_attachment_form.level.data, family) return render_template("family.html", family=family, expform=export_form, addsubfamform=add_subfamily_form, uploadform=add_attachment_form, abstractform=family_abstract_form, createdetectionitemform=add_detection_item_form, changestatusform=change_status_form, changetlpform=change_tlp_form, famusers=family_users, yaraform=add_yara_form)
def view_family(family_id): """ Family view and forms handling. """ family = api.familycontrol.get_by_id(family_id) if family is None: abort(404) family_users = api.familycontrol.get_users_for_family(family) export_form = ExportFamilyForm() add_subfamily_form = AddSubFamilyForm() add_yara_form = AddYaraToFamilyForm() yara_choices = [(f.id, f.name) for f in YaraRule.query.order_by('name') if f not in family.yaras] add_yara_form.yaraid.choices = yara_choices family_abstract_form = FamilyAbstractForm() add_detection_item_form = CreateDetectionItemForm() change_status_form = ChangeStatusForm() change_tlp_form = ChangeTLPForm() add_attachment_form = UploadFamilyFileForm() if add_subfamily_form.validate_on_submit(): newname = add_subfamily_form.familyname.data newname = family.name + "." + newname fid = api.familycontrol.create(name=newname, parentfamily=family) if not fid: abort(500) if export_form.validate_on_submit(): exptype = export_form.datatype.data lvl = export_form.level.data if exptype == 1: return redirect( url_for("apiview.api_family_export_detection_yara", family_id=family.id, tlp_level=lvl)) elif exptype == 2: return redirect( url_for("apiview.api_family_export_samplesioc", family_id=family.id, tlp_level=lvl)) elif exptype == 3: return redirect( url_for("apiview.api_family_export_detection_openioc", family_id=family.id, tlp_level=lvl)) elif exptype == 4: return redirect( url_for("apiview.api_family_export_detection_snort", family_id=family.id, tlp_level=lvl)) elif exptype == 5: return redirect( url_for("apiview.api_family_export_detection_custom_elements", family_id=family.id, tlp_level=lvl)) elif exptype == 6: return redirect( url_for("apiview.api_family_export_sampleszip", family_id=family.id, tlp_level=lvl)) if add_yara_form.validate_on_submit(): yar = api.yaracontrol.get_by_id(add_yara_form.yaraid.data) if yar is not None: api.yaracontrol.add_to_family(family, yar) if family_abstract_form.validate_on_submit(): abstract = family_abstract_form.abstract.data api.familycontrol.set_abstract(family, abstract) elif family.abstract is not None: family_abstract_form.abstract.default = family.abstract family_abstract_form.abstract.data = family.abstract if change_tlp_form.validate_on_submit(): level = change_tlp_form.level.data api.familycontrol.set_tlp_level(family, level) if change_status_form.validate_on_submit(): status = change_status_form.newstatus.data api.familycontrol.set_status(family, status) if add_detection_item_form.validate_on_submit(): api.familycontrol.create_detection_item( add_detection_item_form.abstract.data, add_detection_item_form.name.data, add_detection_item_form.tlp_level.data, add_detection_item_form.item_type.data, family) if add_attachment_form.validate_on_submit(): data = add_attachment_form.file.data.read() fname = secure_filename(add_attachment_form.file.data.filename) api.familycontrol.add_file(data, fname, add_attachment_form.description.data, add_attachment_form.level.data, family) return render_template("family.html", family=family, expform=export_form, addsubfamform=add_subfamily_form, uploadform=add_attachment_form, abstractform=family_abstract_form, createdetectionitemform=add_detection_item_form, changestatusform=change_status_form, changetlpform=change_tlp_form, famusers=family_users, yaraform=add_yara_form)