class SignatureFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(SignatureFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type self._properties = SignaturesProperties(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('signatures', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: # special case for download if method_name == 'add_id': method = getattr(FilterMethods, 'add_id_signature') setattr(self, method_name, types.MethodType(method, self)) else: method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
class BulkIndicatorFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(BulkIndicatorFilterObject, self).__init__(base_uri, tcl) self._owners = [] # pd('IndicatorFilterObject', header=True) # pd('indicator_type_enum', indicator_type_enum) self._properties = BulkIndicatorsProperties(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('indicators', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: # pd('method_name', method_name) method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def filter_associations(self, base_resource_type, identifier): """Get victims associated with base resource object GET /v2/groups/adversaries/747266/victims GET /v2/indicators/addresses/4.3.2.1/victims """ base_properties = ResourceProperties[base_resource_type.name].value() request_uri = base_properties.base_path + '/' request_uri += str(identifier) request_uri += '/victims' description = 'Get victim associations for {0} resource ({1}).'.format( base_resource_type.name.lower(), str(identifier)) filter_type = 'victim association' ro = RequestObject( filter_type, '{0}|{1}'.format(base_resource_type.name.lower(), identifier)) ro.set_description(description) ro.set_owner_allowed(False) ro.set_resource_pagination(True) ro.set_request_uri(request_uri) ro.set_resource_type(ResourceType.VICTIMS) self._add_request_objects(ro)
class BulkFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(BulkFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type # self._properties = BulkProperties(base_uri=self.base_uri) self._properties = None self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('groups', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed( self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination( self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(IndicatorFilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def load_security_labels(self): """ retrieve attributes for this indicator """ prop = self._resource_properties['load_security_labels'] ro = RequestObject() ro.set_description( 'load security labels for attribute {0} of object {1}'.format( self.id, self._container.id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) resource_uri = self._container._resource_properties['id']['uri'] try: resource_uri = resource_uri.format(self._container.indicator) except AttributeError: resource_uri = resource_uri.format(self._container.id) ro.set_request_uri(prop['uri'].format(resource_uri, self.id)) ro.set_resource_pagination(prop['pagination']) api_response = self._container._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': self._security_labels = [] data = api_response_dict['data']['securityLabel'] for item in data: self.__add_security_label(parse_security_label( item)) # add to main resource object
def upload(self, body): """ upload document """ if self._resource_type == ResourceType.DOCUMENTS: prop = self._resource_properties['document_upload'] elif self._resource_type == ResourceType.SIGNATURES: prop = self._resource_properties['signature_upload'] else: self._tc.tcl.error('Upload requested for wrong resource type.') raise AttributeError(ErrorCodes.e10330.value) ro = RequestObject() ro.set_body(body) ro.set_content_type('application/octet-stream') ro.set_description('upload document for "{0}"'.format(self._name)) # determine whether the file contents exist using phase (not 100%) if self.phase == 1: ro.set_http_method(prop['http_method']) else: ro.set_http_method('PUT') ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) success_callback = lambda request, response: self.set_contents(request.body) ro.set_success_callback(success_callback) self._resource_container.add_commit_queue(self.id, ro)
def log_to_api(self): if len(self.entries) > 0: # make api call ro = RequestObject() ro.set_http_method('POST') ro.set_owner_allowed(True) ro.set_resource_pagination(False) ro.set_request_uri('/v2/logs/app') ro.set_body(dumps(self.entries)) # retrieve and display the results; don't log during api request so we don't end up with duplicate info try: self.tc.api_request(ro, log=False) except RuntimeError as re: # can't really do anything if it fails error_data = { 'levelname': 'ERROR', 'created': time.time(), 'msg': 'API LOGGING FAILURE -- Unable to send log entries to api: {}' .format(self.entries) } lr = makeLogRecord(error_data) self.entries = [] self.emit(lr) self.entries = []
def add_id(self, data_int, asset_id=None): """ """ resource_type = ResourceType(self._resource_type.value - 5) properties = ResourceProperties[resource_type.name].value() if asset_id is not None: # resource_type = ResourceType(self._resource_type.value - 5) # properties = ResourceProperties[resource_type.name].value() uri_data = [data_int, asset_id] else: # properties = self._properties uri_data = [data_int] # validation of data input if not isinstance(data_int, int): self.add_error(ErrorCodes.e4020.value.format(data_int)) self._error = True else: filter_type = 'id' if asset_id is not None: filter_values = '{0}-{1}'.format(data_int, asset_id) else: filter_values = data_int ro = RequestObject(filter_type, filter_values) ro.set_owner_allowed(properties.id_owner_allowed) ro.set_resource_pagination(properties.resource_pagination) ro.set_request_uri(properties.id_path, uri_data) ro.set_resource_type(properties.resource_type) self._add_request_objects(ro)
def add_indicator(self, data, indicator_type = None): """ filter api results by indicator """ # validation indicator if not SharedMethods.validate_indicator(self.tc._indicators_regex, data): raise AttributeError(ErrorCodes.e5010.value.format(data)) # get indicator uri attribute if indicator_type is None: indicator_type = SharedMethods.get_resource_type(self.tc._indicators_regex, data) indicator_uri_attribute = ApiProperties.api_properties[indicator_type.name]['uri_attribute'] prop = self._resource_properties['indicator'] ro = RequestObject() ro.set_description('api filter by indicator id {0}'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) # TODO: Check this logic if self._resource_type == ResourceType.INDICATORS: ro.set_request_uri(prop['uri'], [indicator_uri_attribute, SharedMethods.urlsafe(data)]) else: ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(indicator_type) self._add_request_objects(ro)
class BulkFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(BulkFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type # self._properties = BulkProperties(base_uri=self.base_uri) self._properties = None self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('groups', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(IndicatorFilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def add_security_label(self, security_label_name): """ retrieve attributes for this indicator """ prop = self._resource_properties['add_security_label'] ro = RequestObject() ro.set_description( 'deleting security label {0} for attribute {1} of object {2}'. format(security_label_name, self.id, self._container.id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) resource_uri = self._container._resource_properties['id']['uri'] try: resource_uri = resource_uri.format(self._container.indicator) except AttributeError: resource_uri = resource_uri.format(self._container.id) ro.set_request_uri(prop['uri'].format(resource_uri, self.id, security_label_name)) ro.set_resource_pagination(prop['pagination']) callback = lambda status: self.__failed_add_security_label( security_label_name) ro.set_failure_callback(callback) self._container._resource_container.add_commit_queue( self._container.id, ro) security_label = SecurityLabelObject() security_label.set_name(security_label_name) self.__add_security_label(security_label)
class VictimAssetFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl, victim_asset_type_enum=None): """ """ super(VictimAssetFilterObject, self).__init__(base_uri, tcl) self._owners = [] # get resource type from indicator type if isinstance(victim_asset_type_enum, VictimAssetType): # get resource type from indicator type number resource_type = ResourceType(victim_asset_type_enum.value) # get resource properties from resource type name self._properties = ResourceProperties[resource_type.name].value(base_uri=self.base_uri) else: self._properties = ResourceProperties['VICTIM_ASSETS'].value(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('victimAssets', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def add_indicator(self, data, indicator_type=None): """ filter api results by indicator """ # validation indicator if not SharedMethods.validate_indicator(self.tc._indicators_regex, data): raise AttributeError(ErrorCodes.e5010.value.format(data)) # get indicator uri attribute if indicator_type is None: indicator_type = SharedMethods.get_resource_type( self.tc._indicators_regex, data) indicator_uri_attribute = ApiProperties.api_properties[ indicator_type.name]['uri_attribute'] prop = self._resource_properties['indicator'] ro = RequestObject() ro.set_description('api filter by indicator id {0}'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) # TODO: Check this logic if self._resource_type == ResourceType.INDICATORS: ro.set_request_uri( prop['uri'], [indicator_uri_attribute, SharedMethods.urlsafe(data)]) else: ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(indicator_type) self._add_request_objects(ro)
def add_tag(self, tag): """ add a tag to an indicator """ prop = self._resource_properties['tag_add'] ro = RequestObject() ro.set_description('add tag "{0}" to "{1}"'.format(tag, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, self._urlsafe(tag))) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def default_request_object(self): """ default request when no filters are provided """ resource_properties = ApiProperties.api_properties[self._resource_type.name]['properties'] # create default request object for non-filtered requests request_object = RequestObject() request_object.set_http_method(resource_properties['base']['http_method']) request_object.set_owner_allowed(resource_properties['base']['owner_allowed']) request_object.set_request_uri(resource_properties['base']['uri']) request_object.set_resource_pagination(resource_properties['base']['pagination']) request_object.set_resource_type(self._resource_type) return request_object
def default_request_object(self): """ default request when only a owner filter is provided """ request_object = RequestObject() request_object.set_description('filter by owner') request_object.set_http_method(self._resource_properties['base']['http_method']) request_object.set_owner_allowed(self._resource_properties['base']['owner_allowed']) request_object.set_request_uri(self._resource_properties['base']['uri']) request_object.set_resource_pagination(self._resource_properties['base']['pagination']) request_object.set_resource_type(self._resource_type) return request_object
def delete_tag(self, tag): """ delete tag from group """ prop = self._resource_properties['tag_delete'] ro = RequestObject() ro.set_description('delete tag "{0}" from "{1}"'.format(tag, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, self._urlsafe(tag))) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def delete_security_label(self, label): """ set the security label for this indicator """ prop = self._resource_properties['security_label_delete'] ro = RequestObject() ro.set_description('delete security label "{0}" from {1}'.format(label, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, self._urlsafe(label))) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def delete_attribute(self, attr_id): """ delete attribute from group by id """ prop = self._resource_properties['attribute_delete'] ro = RequestObject() ro.set_description('delete attribute id {0} from "{1}"'.format(attr_id, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, attr_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def add_indicator(self, data, data_type_enum=None): """ """ if data_type_enum is None: # use indicator value to get the resource type data_type_enum = _get_resource_type(data) else: # indicator type provided if isinstance(data_type_enum, IndicatorType): data_type_enum = ResourceType(data_type_enum.value) error = False # validation indicator if not validate_indicator(data): self.add_error(ErrorCodes.e5010.value.format(data)) self._error = True error = True # validation resource type if not isinstance(data_type_enum, ResourceType): self.add_error(ErrorCodes.e5011.value.format(data_type_enum)) self._error = True error = True if not error: # get properties for indicator # (e.g ADDRESSES is 515 and ADDRESS is 510. indicator_resource_type = ResourceType(data_type_enum.value - 5) indicator_properties = ResourceProperties[indicator_resource_type.name].value() indicator_type = indicator_properties.resource_uri_attribute # determine properties indicator_resources = [ 'INDICATORS', 'ADDRESSES', 'EMAIL_ADDRESSES', 'FILES', 'HOSTS', 'URLS'] if self._properties.resource_type.name in indicator_resources: # if the resource type is one of the above use the properties of that indicator properties = indicator_properties else: # otherwise use the properties of the resource properties = self._properties # url if data_type_enum == ResourceType.URLS: data = urllib.quote(data, safe='~') filter_type = data_type_enum.name.lower() ro = RequestObject(filter_type, data) ro.set_owner_allowed(properties.indicator_owner_allowed) ro.set_resource_pagination(properties.resource_pagination) ro.set_request_uri( properties.indicator_path, [indicator_type, data]) ro.set_resource_type(properties.resource_type) self._add_request_objects(ro)
def update_asset(self, asset_id, asset_obj): """ add a asset to a victim """ prop = self._resource_properties['asset_update'] ro = RequestObject() ro.set_body(asset_obj.gen_body) ro.set_description('update asset type {0} with to {1}'.format(asset_obj.resource_type, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, asset_obj.uri_attribute, asset_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
class VictimFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(VictimFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type self._properties = VictimsProperties(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('victims', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self)) # special case for indicator associations def filter_associations(self, base_resource_type, identifier): """Get victims associated with base resource object GET /v2/groups/adversaries/747266/victims GET /v2/indicators/addresses/4.3.2.1/victims """ base_properties = ResourceProperties[base_resource_type.name].value() request_uri = base_properties.base_path + '/' request_uri += str(identifier) request_uri += '/victims' description = 'Get victim associations for {0} resource ({1}).'.format( base_resource_type.name.lower(), str(identifier)) filter_type = 'victim association' ro = RequestObject( filter_type, '{0}|{1}'.format(base_resource_type.name.lower(), identifier)) ro.set_description(description) ro.set_owner_allowed(False) ro.set_resource_pagination(True) ro.set_request_uri(request_uri) ro.set_resource_type(ResourceType.VICTIMS) self._add_request_objects(ro)
def associate_group(self, resource_type, resource_id): """ associate a group to group by id """ prop = self._resource_properties['association_group_add'] ro = RequestObject() ro.set_description('associate group type "{0}" id {1} to "{2}"'.format( resource_type.name, resource_id, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) group_uri_attribute = ApiProperties.api_properties[resource_type.name]['uri_attribute'] ro.set_request_uri(prop['uri'].format(self._id, group_uri_attribute, resource_id)) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def add_tag(self, data): """ """ if not isinstance(data, str): raise AttributeError(ErrorCodes.e4070.value.format(data)) prop = self._resource_properties['tags'] ro = RequestObject() ro.set_description('api filter by tag "{0}"'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def associate_victim(self, resource_id): """ associate victim from group """ prop = self._resource_properties['association_victim_add'] ro = RequestObject() ro.set_description('associate victim id {0} from "{1}"'.format( resource_id, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, resource_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def associate_indicator(self, indicator_type, indicator): """ associate a group to group by id """ prop = self._resource_properties['association_indicator_add'] ro = RequestObject() ro.set_description('associate indicator {0} to "{1}"'.format( indicator, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) indicator_uri_attribute = ApiProperties.api_properties[indicator_type.name]['uri_attribute'] ro.set_request_uri(prop['uri'].format(indicator_uri_attribute, self._urlsafe(indicator), self.id)) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def add_victim_id(self, data_int): """ """ if not isinstance(data_int, int): raise AttributeError(ErrorCodes.e4090.value.format(data_int)) prop = self._resource_properties['victims'] ro = RequestObject() ro.set_description('api filter by victim id {0}'.format(data_int)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [data_int]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def add_tag(self, data): """ """ properties = self._properties if not isinstance(data, str): self.add_error(ErrorCodes.e4080.value.format(data)) self._error = True else: filter_type = 'tag' ro = RequestObject(filter_type, data) ro.set_owner_allowed(properties.tag_owner_allowed) ro.set_resource_pagination(properties.resource_pagination) ro.set_request_uri(properties.tag_path, [data]) ro.set_resource_type(properties.resource_type) self._add_request_objects(ro)
def update_attribute(self, attr_id, attr_value): """ update indicator attribute by id """ prop = self._resource_properties['attribute_update'] ro = RequestObject() ro.set_body(json.dumps({'value': attr_value})) ro.set_description('update attribute id {0} with value "{1}" on "{2}"'.format( attr_id, attr_value, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, attr_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def add_asset(self, asset_obj): """ add a asset to a victim """ prop = self._resource_properties['asset_add'] ro = RequestObject() ro.set_body(asset_obj.gen_body) ro.set_description('add asset type {0} with to {1}'.format( asset_obj.resource_type, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, asset_obj.uri_attribute)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def group_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_groups'] ro = RequestObject() ro.set_description('retrieve group associations for {0}'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) # ro.set_owner(self.owner_name) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro)['group']: yield threatconnect.GroupObject.parse_group(item, api_filter=ro.description, request_uri=ro.request_uri)
def add_threat_id(self, data_int): """ """ if not isinstance(data_int, int): raise AttributeError(ErrorCodes.e4080.value.format(data_int)) prop = self._resource_properties['groups'] ro = RequestObject() ro.set_description('api filter by threat id {0}'.format(data_int)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'], ['threats', data_int]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def commit(self): """ commit victim and related assets, associations """ r_id = self.id ro = RequestObject() ro.set_body(self.gen_body) ro.set_resource_type(self.resource_type) prop = self._resource_properties['add'] ro.set_description('adding batchjob') ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.empty_payload() if self._phase == 1: # validate all required fields are present if self.validate: api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': r_id = api_response_dict['data']['batchId'] else: self._tc.tcl.debug('Resource Object'.format(self)) raise RuntimeError('Cannot commit incomplete resource object') for ro in self._resource_container.commit_queue(self.id): # if self.owner_name is not None: # ro.set_owner(self.owner_name) # replace the id if self.id != r_id: request_uri = str( ro.request_uri.replace(str(self.id), str(r_id))) ro.set_request_uri(request_uri) self._tc.tcl.debug('Replacing {0} with {1}'.format( self.id, str(r_id))) self._tc.tcl.debug('RO {0}'.format(ro)) api_response2 = self._tc.api_request(ro) if api_response2.headers['content-type'] == 'application/json': api_response_dict2 = api_response2.json() if api_response_dict2['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format( ro.description)) self.set_id(r_id) self.set_phase(0) # return object return self
def add_security_label(self, data): """ filter api results by security label """ # validation of data input if not isinstance(data, str): raise AttributeError(ErrorCodes.e4050.value.format(data)) prop = self._resource_properties['security_labels'] ro = RequestObject() ro.set_description('api filter by security label "{0}"'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def delete(self): """ delete indicator """ prop = self._resource_properties['delete'] ro = RequestObject() ro.set_description('delete group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) if self.owner_name is not None: ro.set_owner(self.owner_name) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self.resource_type) self._tc.api_request(ro) self.set_phase(3)
def download_errors(self): prop = self._resource_properties['batch_error_download'] ro = RequestObject() ro.set_description('download errors for batchjob {0}'.format(self._id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] in ['application/octet-stream', 'text/plain']: self.set_errors(api_response.content)
def victim_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_victims'] ro = RequestObject() ro.set_description('retrieve victim associations for {0}'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_owner(self.owner_name) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro, 'victim'): yield parse_victim(item, api_filter=ro.description, request_uri=ro.request_uri)
def upload(self, body): """ upload batch job """ prop = self._resource_properties['batch_job_upload'] ro = RequestObject() ro.set_body(body) ro.set_content_type('application/octet-stream') ro.set_description('upload batch job for "{0}"'.format(self._id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) ro.empty_payload() self._resource_container.add_commit_queue(self.id, ro)
def add_email_id(self, data_int): """ filter api results by email id """ # validation of data input if not isinstance(data_int, int): raise AttributeError(ErrorCodes.e4030.value.format(data_int)) prop = self._resource_properties['groups'] ro = RequestObject() ro.set_description('api filter by email id {0}'.format(data_int)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'], ['emails', data_int]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def retrieve_mine(self): """ retrieve owner mine """ prop = ApiProperties.api_properties['OWNERS']['properties']['mine'] ro = RequestObject() ro.set_description('load owner mine') ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri']) ro.set_resource_type(ResourceType.OWNERS) data_set = self.tc.api_response_handler(self, ro) for obj in data_set: self.add_obj(obj)
def download_errors(self): prop = self._resource_properties['batch_error_download'] ro = RequestObject() ro.set_description('download errors for batchjob {0}'.format(self._id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] in [ 'application/octet-stream', 'text/plain' ]: self.set_errors(api_response.content)
def indicator_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_indicators'] ro = RequestObject() ro.set_description('retrieve indicator associations for {0}'.format(self._name)) ro.set_owner(self.owner_name) ro.set_http_method(prop['http_method']) ro.set_owner(self.owner_name) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro, 'indicator'): yield threatconnect.IndicatorObject.parse_indicator( item, api_filter=ro.description, request_uri=ro.request_uri, indicators_regex=self._tc._indicators_regex)
def default_request_object(self): """ default request when only a owner filter is provided """ request_object = RequestObject() request_object.set_description('filter by owner') request_object.set_http_method(self._resource_properties['base']['http_method']) request_object.set_owner_allowed(self._resource_properties['base']['owner_allowed']) request_object.set_request_uri(self._resource_properties['base']['uri']) request_object.set_resource_pagination(self._resource_properties['base']['pagination']) request_object.set_resource_type(self._resource_type) # modified since is only support on base (/v2/indicator) api call if self._modified_since is not None: request_object.set_modified_since(self._modified_since) request_object.set_description('Indicator Owner Filter modified since {0}'.format(self._modified_since)) return request_object