def list(self):
"""List enabled Processing modules
.. :quickref: Module; List enabled Processing modules
:>json list modules: list of enabled modules.
"""
modules = ModuleInfo.get_collection().find({
'enabled': True,
'type': 'Processing'
})
return render({'modules': clean_modules(list(modules))})
def list(self):
"""List enabled Processing and Preloading modules
.. :quickref: Module; List enabled Processing and Preloading modules
:>json list modules: list of enabled modules.
"""
modules = ModuleInfo.get_collection().find({
'enabled': True,
'type': {
'$in': ['Processing', 'Preloading']
}
})
return render(clean_modules(list(modules)))
def enable(self, id):
"""Enable a module
.. :quickref: Module; Enable a module
Requires the `manage_modules` permission.
If successful, will return the module in ``module``.
Otherwise, errors will be available in ``errors``.
:param id: id of the module to enable.
"""
module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id))
if 'error' in module:
flash(
"Cannot enable '{}' because of errors installing dependencies."
.format(module['name']), 'danger')
return validation_error(url_for('ModulesView:index'))
# See if module is properly configured
module_class = get_class(module['path'], module['class'])
module_class.info = module
try:
module_class()
except MissingConfiguration as e:
if e.name:
flash(
"You must configure '{}' before trying to enable '{}'".
format(e.name, module['name']), 'warning')
return validation_error(
url_for('ModulesView:configuration', id=e.id))
else:
flash(
"You must configure '{}' before trying to enable it.".
format(module['name']), 'warning')
return validation_error(
url_for('ModulesView:configure', id=module['_id']))
module.update_value('enabled', True)
dispatcher.reload()
readme = module.get_readme()
if readme:
flash(readme, 'persistent')
return redirect({'module': clean_modules(module)},
url_for('ModulesView:index'))
def disable(self, id):
"""Disable a module
.. :quickref: Module; Disable a module
Requires the `manage_modules` permission.
:param id: id of the module to disable.
:>json Module module: resulting module.
"""
module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id))
module.update_value('enabled', False)
dispatcher.reload()
return redirect({'module': clean_modules(module)},
url_for('ModulesView:index'))
def configure(self, id):
"""Configure a module.
.. :quickref: Module; Configure a module
Requires the `manage_modules` permission.
For each configuration available, you should set the value in a form
parameter named ``config_NAME``. For boolean values, any value not ``0``
or ``False`` is considered to be ``True``.
If the setting should be an option (be available per analysis), you have
to set ``config_NAME_option`` to any value but ``0`` or ``False``.
If successful, will return the module in ``module``.
Otherwise, errors will be available in ``errors``.
:param id: id of the named configuration.
:form acts_on: comma-delimited list of FAME types this module can act on
(only for Processing modules).
:form triggered_by: comma-delimited list of triggers (only for Processing
modules).
:form queue: name of the queue to use for this module (for Processing and
Preloading modules).
"""
module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id))
module['readme'] = module.get_readme()
if request.method == "POST":
if module['type'] == 'Filetype':
if 'acts_on' in request.form:
module.update_setting_value(
'acts_on', request.form.get('acts_on', ''))
elif module['type'] == 'Processing':
if 'acts_on' in request.form:
module.update_setting_value(
'acts_on', request.form.get('acts_on', ''))
if 'triggered_by' in request.form:
module.update_setting_value(
'triggered_by', request.form.get('triggered_by', ''))
if 'queue' in request.form:
update_queue(module, request.form.get('queue', ''))
elif module['type'] == "Preloading":
if 'queue' in request.form:
update_queue(module, request.form.get('queue', ''))
if 'priority' in request.form:
update_priority(module, request.form.get('priority', ''))
errors = update_config(module['config'],
options=(module['type']
in ['Preloading', 'Processing']))
if errors is not None:
return errors
module.save()
dispatcher.reload()
return redirect({'module': clean_modules(module)},
url_for('ModulesView:index'))
else:
return render({'module': clean_modules(module)},
'modules/module_configuration.html')
def index(self):
"""Get the list of modules.
.. :quickref: Module; Get the list of modules
Requires the `manage_modules` permission.
The response is a dict with several elements:
* ``modules``, which is a list of modules, sorted by type::
"modules": {
"Antivirus": [
...
],
"Preloading": [
...
],
"Processing": [
{
"_id": {
"$oid": "MODULE_ID"
},
"acts_on": [
ACTS_ON_FAME_TYPES
],
"class": "CLASS_NAME",
"config": [ CONFIG_OPTIONS ],
"description": "DESCRIPTION",
"enabled": false,
"generates": [GENERATES],
"name": "NAME",
"path": "MODULE_PATH",
"queue": "QUEUE",
"triggered_by": [
TRIGGERS
],
"type": "Processing"
},
...
],
"Reporting": [
...
],
"Threat Intelligence": [
...
],
"Filetype": [
...
]
}
* ``repositories``: list of configured repositories::
"repositories": [
{
"_id": {
"$oid": "ID"
},
"address": "[email protected]:certsocietegenerale/fame_modules.git",
"name": "community",
"private": false,
"status": "active"
},
...
]
* ``configs``: list of named configurations::
"configs": [
{
"_id": {
"$oid": "ID"
},
"config": [
{
"description": "List of patterns (strings) to look for in malware configurations. There should be one pattern per line.",
"name": "monitor",
"type": "text",
"value": null
}
],
"description": "Needed in order to be able to track malware targets",
"name": "malware_config"
},
...
]
"""
types = {
'Preloading': [],
'Processing': [],
'Reporting': [],
'Threat Intelligence': [],
'Antivirus': [],
'Virtualization': [],
'Filetype': []
}
for module in ModuleInfo.get_collection().find():
types[module['type']].append(clean_modules(module))
for type in types:
types[type] = sorted(types[type], key=get_name)
configs = Config.get_collection().find()
repositories = clean_repositories(
list(Repository.get_collection().find()))
return render(
{
'modules': types,
'configs': configs,
'repositories': repositories
}, 'modules/index.html')
class ModulesView(FlaskView, UIView):
@requires_permission('manage_modules')
def index(self):
"""Get the list of modules.
.. :quickref: Module; Get the list of modules
Requires the `manage_modules` permission.
The response is a dict with several elements:
* ``modules``, which is a list of modules, sorted by type::
"modules": {
"Antivirus": [
...
],
"Preloading": [
...
],
"Processing": [
{
"_id": {
"$oid": "MODULE_ID"
},
"acts_on": [
ACTS_ON_FAME_TYPES
],
"class": "CLASS_NAME",
"config": [ CONFIG_OPTIONS ],
"description": "DESCRIPTION",
"enabled": false,
"generates": [GENERATES],
"name": "NAME",
"path": "MODULE_PATH",
"queue": "QUEUE",
"triggered_by": [
TRIGGERS
],
"type": "Processing"
},
...
],
"Reporting": [
...
],
"Threat Intelligence": [
...
],
"Filetype": [
...
]
}
* ``repositories``: list of configured repositories::
"repositories": [
{
"_id": {
"$oid": "ID"
},
"address": "[email protected]:certsocietegenerale/fame_modules.git",
"name": "community",
"private": false,
"status": "active"
},
...
]
* ``configs``: list of named configurations::
"configs": [
{
"_id": {
"$oid": "ID"
},
"config": [
{
"description": "List of patterns (strings) to look for in malware configurations. There should be one pattern per line.",
"name": "monitor",
"type": "text",
"value": null
}
],
"description": "Needed in order to be able to track malware targets",
"name": "malware_config"
},
...
]
"""
types = {
'Preloading': [],
'Processing': [],
'Reporting': [],
'Threat Intelligence': [],
'Antivirus': [],
'Virtualization': [],
'Filetype': []
}
for module in ModuleInfo.get_collection().find():
types[module['type']].append(clean_modules(module))
for type in types:
types[type] = sorted(types[type], key=get_name)
configs = Config.get_collection().find()
repositories = clean_repositories(
list(Repository.get_collection().find()))
return render(
{
'modules': types,
'configs': configs,
'repositories': repositories
}, 'modules/index.html')
@requires_permission('manage_modules')
@route('/<id>/disable', methods=['POST'])
def disable(self, id):
"""Disable a module
.. :quickref: Module; Disable a module
Requires the `manage_modules` permission.
:param id: id of the module to disable.
:>json Module module: resulting module.
"""
module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id))
module.update_value('enabled', False)
dispatcher.reload()
return redirect({'module': clean_modules(module)},
url_for('ModulesView:index'))
@requires_permission('manage_modules')
@route('/<id>/enable', methods=['POST'])
def enable(self, id):
"""Enable a module
.. :quickref: Module; Enable a module
Requires the `manage_modules` permission.
If successful, will return the module in ``module``.
Otherwise, errors will be available in ``errors``.
:param id: id of the module to enable.
"""
module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id))
if 'error' in module:
flash(
"Cannot enable '{}' because of errors installing dependencies."
.format(module['name']), 'danger')
return validation_error(url_for('ModulesView:index'))
# See if module is properly configured
module_class = get_class(module['path'], module['class'])
module_class.info = module
try:
module_class()
except MissingConfiguration, e:
if e.name:
flash(
"You must configure '{}' before trying to enable '{}'".
format(e.name, module['name']), 'warning')
return validation_error(
url_for('ModulesView:configuration', id=e.id))
else:
flash(
"You must configure '{}' before trying to enable it.".
format(module['name']), 'warning')
return validation_error(
url_for('ModulesView:configure', id=module['_id']))
module.update_value('enabled', True)
dispatcher.reload()
readme = module.get_readme()
if readme:
flash(readme, 'persistent')
return redirect({'module': clean_modules(module)},
url_for('ModulesView:index'))
def configure(self, id):
"""Configure a module.
.. :quickref: Module; Configure a module
Requires the `manage_modules` permission.
For each configuration available, you should set the value in a form
parameter named ``config_NAME``. For boolean values, any value not ``0``
or ``False`` is considered to be ``True``.
If the setting should be an option (be available per analysis), you have
to set ``config_NAME_option`` to any value but ``0`` or ``False``.
If successful, will return the module in ``module``.
Otherwise, errors will be available in ``errors``.
:param id: id of the named configuration.
:form acts_on: comma-delimited list of FAME types this module can act on
(only for Processing modules).
:form triggered_by: comma-delimited list of triggers (only for Processing
modules).
:form queue: name of the queue to use for this module (only for Processing
modules).
"""
module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id))
if request.method == "POST":
if module['type'] == 'Processing':
if 'acts_on' in request.form:
module.update_setting_value(
'acts_on', request.form.get('acts_on', ''))
if 'triggered_by' in request.form:
module.update_setting_value(
'triggered_by', request.form.get('triggered_by', ''))
if 'queue' in request.form:
new_queue = request.form.get('queue')
if module['queue'] == '':
flash('queue cannot be empty', 'danger')
return validation_error()
else:
if module['queue'] != new_queue:
module.update_setting_value('queue', new_queue)
updates = Internals(
get_or_404(Internals.get_collection(),
name="updates"))
updates.update_value("last_update", time())
flash(
'Workers will reload once they are done with their current tasks',
'success')
errors = update_config(module['config'],
options=(module['type'] == 'Processing'))
if errors is not None:
return errors
module.save()
dispatcher.reload()
return redirect({'module': clean_modules(module)},
url_for('ModulesView:index'))
else:
return render({'module': clean_modules(module)},
'modules/module_configuration.html')
