Exemplo n.º 1
0
def exploit_remove(id_, username):
    """
    Remove an Exploit from CRITs.

    :param id_: The ObjectId of the Exploit to remove.
    :type id_: str
    :param username: The user removing this Exploit.
    :type username: str
    :returns: dict with keys "success" (boolean) and "message" (str) if failed.
    """

    exploit = Exploit.objects(id=id_).first()
    if exploit:
        exploit.delete(username=username)
        return {'success': True}
    else:
        return {'success': False, 'message': 'Could not find Exploit.'}
Exemplo n.º 2
0
def exploit_remove(id_, username):
    """
    Remove an Exploit from CRITs.

    :param id_: The ObjectId of the Exploit to remove.
    :type id_: str
    :param username: The user removing this Exploit.
    :type username: str
    :returns: dict with keys "success" (boolean) and "message" (str) if failed.
    """

    exploit = Exploit.objects(id=id_).first()
    if exploit:
        exploit.delete(username=username)
        return {'success': True}
    else:
        return {'success': False, 'message': 'Could not find Exploit.'}
Exemplo n.º 3
0
def update_exploit_cve(id_, cve, user, **kwargs):
    """
    Update CVE for a Exploit.

    :param id_: The ObjectId of the Exploit to update.
    :type id_: str
    :param cve: The CVE we are setting.
    :type CVE: str
    :param user: The user updating the CVE.
    :type user: str
    :returns: dict
    """

    sources = user_sources(user)
    exploit = Exploit.objects(id=id_, source__name__in=sources).first()
    if not exploit:
        return {'success': False, 'message': 'No exploit could be found.'}
    else:
        exploit.cve = cve
        exploit.save(username=user)
        return {'success': True}
Exemplo n.º 4
0
def update_exploit_cve(id_, cve, user, **kwargs):
    """
    Update CVE for a Exploit.

    :param id_: The ObjectId of the Exploit to update.
    :type id_: str
    :param cve: The CVE we are setting.
    :type CVE: str
    :param user: The user updating the CVE.
    :type user: str
    :returns: dict
    """

    sources = user_sources(user)
    exploit = Exploit.objects(id=id_, source__name__in=sources).first()
    if not exploit:
        return {'success': False,
                'message': 'No exploit could be found.'}
    else:
        exploit.cve = cve
        exploit.save(username=user)
        return {'success': True}
Exemplo n.º 5
0
def set_exploit_name(id_, name, user, **kwargs):
    """
    Set a Exploit name.

    :param id_: Exploit ObjectId.
    :type id_: str
    :param name: The new name.
    :type name: str
    :param user: The user updating the name.
    :type user: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
    """

    sources = user_sources(user)
    exploit = Exploit.objects(id=id_, source__name__in=sources).first()
    if not exploit:
        return {'success': False, 'message': "Could not find exploit"}

    exploit.name = name.strip()
    exploit.save(username=user)
    return {'success': True}
Exemplo n.º 6
0
def set_exploit_name(id_, name, user, **kwargs):
    """
    Set a Exploit name.

    :param id_: Exploit ObjectId.
    :type id_: str
    :param name: The new name.
    :type name: str
    :param user: The user updating the name.
    :type user: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
    """

    sources = user_sources(user)
    exploit = Exploit.objects(id=id_, source__name__in=sources).first()
    if not exploit:
        return {'success': False,
                'message': "Could not find exploit"}

    exploit.name = name.strip()
    exploit.save(username=user)
    return {'success': True}
Exemplo n.º 7
0
def add_new_exploit(name,
                    cve=None,
                    description=None,
                    source=None,
                    source_method=None,
                    source_reference=None,
                    source_tlp=None,
                    campaign=None,
                    confidence=None,
                    user=None,
                    bucket_list=None,
                    ticket=None,
                    related_id=None,
                    related_type=None,
                    relationship_type=None):
    """
    Add an Exploit to CRITs.

    :param name: The name of the exploit.
    :type name: str
    :param cve: CVE for the exploit.
    :type cve: str
    :param description: Description of the exploit.
    :type description: str
    :param source: Name of the source which provided this information.
    :type source: str
    :param source_method: Method of acquiring this data.
    :type source_method: str
    :param source_reference: A reference to this data.
    :type source_reference: str
    :param source_tlp: TLP value for this source
    :type source_reference: str
    :param campaign: A campaign to attribute to this exploit.
    :type campaign: str
    :param confidence: Confidence level in the campaign attribution.
    :type confidence: str ("low", "medium", "high")
    :param user: The user adding this exploit.
    :type user: str
    :param bucket_list: Buckets to assign to this exploit.
    :type bucket_list: str
    :param ticket: Ticket to assign to this exploit.
    :type ticket: str
    :param related_id: ID of object to create relationship with
    :type related_id: str
    :param related_type: Type of object to create relationship with
    :type related_type: str
    :param relationship_type: Type of relationship to create.
    :type relationship_type: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
              "object" (if successful) :class:`crits.exploits.exploit.Exploit`
    """

    is_item_new = False
    retVal = {}
    exploit = Exploit.objects(name=name).first()

    if not exploit:
        exploit = Exploit()
        exploit.name = name
        if description:
            exploit.description = description.strip()
        is_item_new = True

    username = user.username

    if isinstance(source, basestring):
        if user.check_source_write(source):
            source = [
                create_embedded_source(source,
                                       reference=source_reference,
                                       method=source_method,
                                       tlp=source_tlp,
                                       analyst=username)
            ]
        else:
            return {
                "success":
                False,
                "message":
                "User does not have permission to add object \
                                using source %s." % source
            }

    elif isinstance(source, EmbeddedSource):
        source = [source]

    if isinstance(campaign, basestring):
        c = EmbeddedCampaign(name=campaign,
                             confidence=confidence,
                             analyst=username)
        campaign = [c]

    if campaign:
        for camp in campaign:
            exploit.add_campaign(camp)

    if source:
        for s in source:
            exploit.add_source(s)
    else:
        return {"success": False, "message": "Missing source information."}

    exploit.cve = cve.strip()

    if bucket_list:
        exploit.add_bucket_list(bucket_list, user)

    if ticket:
        exploit.add_ticket(ticket, user)

    related_obj = None
    if related_id:
        related_obj = class_from_id(related_type, related_id)
        if not related_obj:
            retVal['success'] = False
            retVal['message'] = 'Related Object not found.'
            return retVal

    exploit.save(username=username)

    if related_obj and exploit and relationship_type:
        relationship_type = RelationshipTypes.inverse(
            relationship=relationship_type)
        exploit.add_relationship(related_obj,
                                 relationship_type,
                                 analyst=user,
                                 get_rels=False)
        exploit.save(username=username)

    # run exploit triage
    if is_item_new:
        exploit.reload()
        run_triage(exploit, username)

    resp_url = reverse('crits.exploits.views.exploit_detail',
                       args=[exploit.id])

    retVal['message'] = ('Success! Click here to view the new Exploit: '
                         '<a href="%s">%s</a>' % (resp_url, exploit.name))

    retVal['success'] = True
    retVal['object'] = exploit
    retVal['id'] = str(exploit.id)

    return retVal
Exemplo n.º 8
0
def get_exploit_details(id_, user):
    """
    Generate the data to render the Exploit details template.

    :param id_: The Exploit ObjectId to get details for.
    :type id_: str
    :param user: The user requesting this information.
    :type user: CRITsUser
    :returns: template (str), arguments (dict)
    """

    allowed_sources = user_sources(user)
    exploit = Exploit.objects(id=id_, source__name__in=allowed_sources).first()
    template = None
    args = {}

    if not user.check_source_tlp(exploit):
        exploit = None

    if not exploit:
        template = "error.html"
        error = ('Either no data exists for this Exploit or you do not have'
                 ' permission to view it.')
        args = {'error': error}
    else:
        exploit.sanitize("%s" % user)

        # remove pending notifications for user
        remove_user_from_notification("%s" % user, exploit.id, 'Exploit')

        # subscription
        subscription = {
            'type': 'Exploit',
            'id': exploit.id,
            'subscribed': is_user_subscribed("%s" % user, 'Exploit',
                                             exploit.id),
        }

        #objects
        objects = exploit.sort_objects()

        #relationships
        relationships = exploit.sort_relationships("%s" % user, meta=True)

        # relationship
        relationship = {'type': 'Exploit', 'value': exploit.id}

        #comments
        comments = {'comments': exploit.get_comments(), 'url_key': exploit.id}

        #screenshots
        screenshots = exploit.get_screenshots(user)

        # favorites
        favorite = is_user_favorite("%s" % user, 'Exploit', exploit.id)

        # services
        service_list = get_supported_services('Exploit')

        # analysis results
        service_results = exploit.get_analysis_results()

        args = {
            'objects': objects,
            'relationships': relationships,
            'relationship': relationship,
            'subscription': subscription,
            'favorite': favorite,
            'service_list': service_list,
            'service_results': service_results,
            'screenshots': screenshots,
            'exploit': exploit,
            'exploit_id': id_,
            'comments': comments,
            'ExploitACL': ExploitACL
        }
    return template, args
Exemplo n.º 9
0
def class_from_id(type_, _id):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param _id: The ObjectId to search for.
    :type _id: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.core.crits_mongoengine import Action
    from crits.core.source_access import SourceAccess
    from crits.core.user_role import UserRole
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData, RawDataType
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.signatures.signature import Signature, SignatureType, SignatureDependency
    from crits.targets.target import Target

    if not _id:
        return None

    # make sure it's a string
    _id = str(_id)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if not ObjectId.is_valid(_id.decode('utf8')):
        return None

    if type_ == 'Actor':
        return Actor.objects(id=_id).first()
    elif type_ == 'Backdoor':
        return Backdoor.objects(id=_id).first()
    elif type_ == 'ActorThreatIdentifier':
        return ActorThreatIdentifier.objects(id=_id).first()
    elif type_ == 'Campaign':
        return Campaign.objects(id=_id).first()
    elif type_ == 'Certificate':
        return Certificate.objects(id=_id).first()
    elif type_ == 'Comment':
        return Comment.objects(id=_id).first()
    elif type_ == 'Domain':
        return Domain.objects(id=_id).first()
    elif type_ == 'Email':
        return Email.objects(id=_id).first()
    elif type_ == 'Event':
        return Event.objects(id=_id).first()
    elif type_ == 'Exploit':
        return Exploit.objects(id=_id).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=_id).first()
    elif type_ == 'Action':
        return Action.objects(id=_id).first()
    elif type_ == 'IP':
        return IP.objects(id=_id).first()
    elif type_ == 'PCAP':
        return PCAP.objects(id=_id).first()
    elif type_ == 'RawData':
        return RawData.objects(id=_id).first()
    elif type_ == 'RawDataType':
        return RawDataType.objects(id=_id).first()
    elif type_ == 'Sample':
        return Sample.objects(id=_id).first()
    elif type_ == 'Signature':
        return Signature.objects(id=_id).first()
    elif type_ == 'SignatureType':
        return SignatureType.objects(id=_id).first()
    elif type_ == 'SignatureDependency':
        return SignatureDependency.objects(id=_id).first()
    elif type_ == 'SourceAccess':
        return SourceAccess.objects(id=_id).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=_id).first()
    elif type_ == 'Target':
        return Target.objects(id=_id).first()
    elif type_ == 'UserRole':
        return UserRole.objects(id=_id).first()
    else:
        return None
Exemplo n.º 10
0
def class_from_value(type_, value):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param value: The value to search for.
    :type value: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.signatures.signature import Signature
    from crits.targets.target import Target

    # Make sure value is a string...
    value = str(value)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if (type_ in [
            'Backdoor', 'Comment', 'Event', 'Exploit', 'Indicator',
            'Screenshot'
    ] and not ObjectId.is_valid(value.decode('utf8'))):
        return None

    if type_ == 'Actor':
        return Actor.objects(name=value).first()
    if type_ == 'Backdoor':
        return Backdoor.objects(id=value).first()
    elif type_ == 'ActorThreatIdentifier':
        return ActorThreatIdentifier.objects(name=value).first()
    elif type_ == 'Campaign':
        return Campaign.objects(name=value).first()
    elif type_ == 'Certificate':
        return Certificate.objects(md5=value).first()
    elif type_ == 'Comment':
        return Comment.objects(id=value).first()
    elif type_ == 'Domain':
        return Domain.objects(domain=value).first()
    elif type_ == 'Email':
        return Email.objects(message_id=value).first()
    elif type_ == 'Event':
        return Event.objects(id=value).first()
    elif type_ == 'Exploit':
        return Exploit.objects(id=value).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=value).first()
    elif type_ == 'IP':
        return IP.objects(ip=value).first()
    elif type_ == 'PCAP':
        return PCAP.objects(md5=value).first()
    elif type_ == 'RawData':
        return RawData.objects(md5=value).first()
    elif type_ == 'Sample':
        return Sample.objects(md5=value).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=value).first()
    elif type_ == 'Signature':
        return Signature.objects(md5=value).first()
    elif type_ == 'Target':
        target = Target.objects(email_address=value).first()
        if target:
            return target
        else:
            return Target.objects(email_address__iexact=value).first()
    else:
        return None
Exemplo n.º 11
0
def class_from_id(type_, _id):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param _id: The ObjectId to search for.
    :type _id: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.core.source_access import SourceAccess
    from crits.core.user_role import UserRole
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator, IndicatorAction
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData, RawDataType
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.targets.target import Target

    if not _id:
        return None

    # make sure it's a string
    _id = str(_id)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if not ObjectId.is_valid(_id.decode('utf8')):
        return None

    if type_ == 'Actor':
        return Actor.objects(id=_id).first()
    elif type_ == 'Backdoor':
        return Backdoor.objects(id=_id).first()
    elif type_ == 'ActorThreatIdentifier':
        return ActorThreatIdentifier.objects(id=_id).first()
    elif type_ == 'Campaign':
        return Campaign.objects(id=_id).first()
    elif type_ == 'Certificate':
        return Certificate.objects(id=_id).first()
    elif type_ == 'Comment':
        return Comment.objects(id=_id).first()
    elif type_ == 'Domain':
        return Domain.objects(id=_id).first()
    elif type_ == 'Email':
        return Email.objects(id=_id).first()
    elif type_ == 'Event':
        return Event.objects(id=_id).first()
    elif type_ == 'Exploit':
        return Exploit.objects(id=_id).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=_id).first()
    elif type_ == 'IndicatorAction':
        return IndicatorAction.objects(id=_id).first()
    elif type_ == 'IP':
        return IP.objects(id=_id).first()
    elif type_ == 'PCAP':
        return PCAP.objects(id=_id).first()
    elif type_ == 'RawData':
        return RawData.objects(id=_id).first()
    elif type_ == 'RawDataType':
        return RawDataType.objects(id=_id).first()
    elif type_ == 'Sample':
        return Sample.objects(id=_id).first()
    elif type_ == 'SourceAccess':
        return SourceAccess.objects(id=_id).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=_id).first()
    elif type_ == 'Target':
        return Target.objects(id=_id).first()
    elif type_ == 'UserRole':
        return UserRole.objects(id=_id).first()
    else:
        return None
Exemplo n.º 12
0
def class_from_value(type_, value):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param value: The value to search for.
    :type value: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.targets.target import Target

    # Make sure value is a string...
    value = str(value)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if (type_ in ['Backdoor', 'Comment', 'Email', 'Event', 'Exploit',
                  'Indicator', 'Screenshot'] and
       not ObjectId.is_valid(value.decode('utf8'))):
        return None

    if type_ == 'Actor':
        return Actor.objects(name=value).first()
    if type_ == 'Backdoor':
        return Backdoor.objects(id=value).first()
    elif type_ == 'ActorThreatIdentifier':
        return ActorThreatIdentifier.objects(name=value).first()
    elif type_ == 'Campaign':
        return Campaign.objects(name=value).first()
    elif type_ == 'Certificate':
        return Certificate.objects(md5=value).first()
    elif type_ == 'Comment':
        return Comment.objects(id=value).first()
    elif type_ == 'Domain':
        return Domain.objects(domain=value).first()
    elif type_ == 'Email':
        return Email.objects(id=value).first()
    elif type_ == 'Event':
        return Event.objects(id=value).first()
    elif type_ == 'Exploit':
        return Exploit.objects(id=value).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=value).first()
    elif type_ == 'IP':
        return IP.objects(ip=value).first()
    elif type_ == 'PCAP':
        return PCAP.objects(md5=value).first()
    elif type_ == 'RawData':
        return RawData.objects(md5=value).first()
    elif type_ == 'Sample':
        return Sample.objects(md5=value).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=value).first()
    elif type_ == 'Target':
        target = Target.objects(email_address=value).first()
        if target:
            return target
        else:
            return Target.objects(email_address__iexact=value).first()
    else:
        return None
Exemplo n.º 13
0
def add_new_exploit(name, cve=None, description=None, source=None,
                    source_method=None, source_reference=None, source_tlp=None,
                    campaign=None, confidence=None, user=None,
                    bucket_list=None, ticket=None,related_id=None,
                    related_type=None, relationship_type=None):
    """
    Add an Exploit to CRITs.

    :param name: The name of the exploit.
    :type name: str
    :param cve: CVE for the exploit.
    :type cve: str
    :param description: Description of the exploit.
    :type description: str
    :param source: Name of the source which provided this information.
    :type source: str
    :param source_method: Method of acquiring this data.
    :type source_method: str
    :param source_reference: A reference to this data.
    :type source_reference: str
    :param source_tlp: TLP value for this source
    :type source_reference: str
    :param campaign: A campaign to attribute to this exploit.
    :type campaign: str
    :param confidence: Confidence level in the campaign attribution.
    :type confidence: str ("low", "medium", "high")
    :param user: The user adding this exploit.
    :type user: str
    :param bucket_list: Buckets to assign to this exploit.
    :type bucket_list: str
    :param ticket: Ticket to assign to this exploit.
    :type ticket: str
    :param related_id: ID of object to create relationship with
    :type related_id: str
    :param related_type: Type of object to create relationship with
    :type related_type: str
    :param relationship_type: Type of relationship to create.
    :type relationship_type: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
              "object" (if successful) :class:`crits.exploits.exploit.Exploit`
    """

    is_item_new = False
    retVal = {}
    exploit = Exploit.objects(name=name).first()

    if not exploit:
        exploit = Exploit()
        exploit.name = name
        if description:
            exploit.description = description.strip()
        is_item_new = True

    username = user.username

    if isinstance(source, basestring):
        if user.check_source_write(source):
            source = [create_embedded_source(source,
                                             reference=source_reference,
                                             method=source_method,
                                             tlp=source_tlp,
                                             analyst=username)]
        else:
            return {"success": False,
                    "message": "User does not have permission to add object \
                                using source %s." % source}

    elif isinstance(source, EmbeddedSource):
        source = [source]

    if isinstance(campaign, basestring):
        c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=username)
        campaign = [c]

    if campaign:
        for camp in campaign:
            exploit.add_campaign(camp)

    if source:
        for s in source:
            exploit.add_source(s)
    else:
        return {"success" : False, "message" : "Missing source information."}

    exploit.cve = cve.strip()

    if bucket_list:
        exploit.add_bucket_list(bucket_list, user)

    if ticket:
        exploit.add_ticket(ticket, user)

    related_obj = None
    if related_id:
        related_obj = class_from_id(related_type, related_id)
        if not related_obj:
            retVal['success'] = False
            retVal['message'] = 'Related Object not found.'
            return retVal


    exploit.save(username=username)

    if related_obj and exploit and relationship_type:
        relationship_type=RelationshipTypes.inverse(relationship=relationship_type)
        exploit.add_relationship(related_obj,
                               relationship_type,
                               analyst=user,
                               get_rels=False)
        exploit.save(username=username)

    # run exploit triage
    if is_item_new:
        exploit.reload()
        run_triage(exploit, username)

    resp_url = reverse('crits-exploits-views-exploit_detail', args=[exploit.id])

    retVal['message'] = ('Success! Click here to view the new Exploit: '
                         '<a href="%s">%s</a>' % (resp_url, exploit.name))

    retVal['success'] = True
    retVal['object'] = exploit
    retVal['id'] = str(exploit.id)

    return retVal
Exemplo n.º 14
0
def get_exploit_details(id_, user):
    """
    Generate the data to render the Exploit details template.

    :param id_: The Exploit ObjectId to get details for.
    :type id_: str
    :param user: The user requesting this information.
    :type user: CRITsUser
    :returns: template (str), arguments (dict)
    """

    allowed_sources = user_sources(user)
    exploit = Exploit.objects(id=id_, source__name__in=allowed_sources).first()
    template = None
    args = {}

    if not user.check_source_tlp(exploit):
        exploit = None

    if not exploit:
        template = "error.html"
        error = ('Either no data exists for this Exploit or you do not have'
                 ' permission to view it.')
        args = {'error': error}
    else:
        exploit.sanitize("%s" % user)


        # remove pending notifications for user
        remove_user_from_notification("%s" % user, exploit.id, 'Exploit')

        # subscription
        subscription = {
            'type': 'Exploit',
            'id': exploit.id,
            'subscribed': is_user_subscribed("%s" % user,
                                             'Exploit',
                                             exploit.id),
        }

        #objects
        objects = exploit.sort_objects()

        #relationships
        relationships = exploit.sort_relationships("%s" % user, meta=True)

        # relationship
        relationship = {
            'type': 'Exploit',
            'value': exploit.id
        }

        #comments
        comments = {'comments': exploit.get_comments(),
                    'url_key': exploit.id}

        #screenshots
        screenshots = exploit.get_screenshots(user)

        # favorites
        favorite = is_user_favorite("%s" % user, 'Exploit', exploit.id)

        # services
        service_list = get_supported_services('Exploit')

        # analysis results
        service_results = exploit.get_analysis_results()

        args = {'objects': objects,
                'relationships': relationships,
                'relationship': relationship,
                'subscription': subscription,
                'favorite': favorite,
                'service_list': service_list,
                'service_results': service_results,
                'screenshots': screenshots,
                'exploit': exploit,
                'exploit_id': id_,
                'comments': comments,
                'ExploitACL': ExploitACL}
    return template, args
Exemplo n.º 15
0
def class_from_id(type_, _id):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param _id: The ObjectId to search for.
    :type _id: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # Quick fail
    if not _id or not type_:
        return None

    # doing this to avoid circular imports
    from crits.actors.actor import ActorThreatIdentifier, Actor
    from crits.backdoors.backdoor import Backdoor
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.core.crits_mongoengine import Action
    from crits.core.source_access import SourceAccess
    from crits.core.user_role import UserRole
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.exploits.exploit import Exploit
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData, RawDataType
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.signatures.signature import Signature, SignatureType, SignatureDependency
    from crits.targets.target import Target

    # make sure it's a string
    _id = str(_id)

    # Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
    # the queries below will raise a ValidationError exception.
    if not ObjectId.is_valid(_id.decode("utf8")):
        return None

    if type_ == "Actor":
        return Actor.objects(id=_id).first()
    elif type_ == "Backdoor":
        return Backdoor.objects(id=_id).first()
    elif type_ == "ActorThreatIdentifier":
        return ActorThreatIdentifier.objects(id=_id).first()
    elif type_ == "Campaign":
        return Campaign.objects(id=_id).first()
    elif type_ == "Certificate":
        return Certificate.objects(id=_id).first()
    elif type_ == "Comment":
        return Comment.objects(id=_id).first()
    elif type_ == "Domain":
        return Domain.objects(id=_id).first()
    elif type_ == "Email":
        return Email.objects(id=_id).first()
    elif type_ == "Event":
        return Event.objects(id=_id).first()
    elif type_ == "Exploit":
        return Exploit.objects(id=_id).first()
    elif type_ == "Indicator":
        return Indicator.objects(id=_id).first()
    elif type_ == "Action":
        return Action.objects(id=_id).first()
    elif type_ == "IP":
        return IP.objects(id=_id).first()
    elif type_ == "PCAP":
        return PCAP.objects(id=_id).first()
    elif type_ == "RawData":
        return RawData.objects(id=_id).first()
    elif type_ == "RawDataType":
        return RawDataType.objects(id=_id).first()
    elif type_ == "Sample":
        return Sample.objects(id=_id).first()
    elif type_ == "Signature":
        return Signature.objects(id=_id).first()
    elif type_ == "SignatureType":
        return SignatureType.objects(id=_id).first()
    elif type_ == "SignatureDependency":
        return SignatureDependency.objects(id=_id).first()
    elif type_ == "SourceAccess":
        return SourceAccess.objects(id=_id).first()
    elif type_ == "Screenshot":
        return Screenshot.objects(id=_id).first()
    elif type_ == "Target":
        return Target.objects(id=_id).first()
    elif type_ == "UserRole":
        return UserRole.objects(id=_id).first()
    else:
        return None
Exemplo n.º 16
0
def add_new_exploit(name, cve=None, description=None, source=None,
                    source_method=None, source_reference=None, campaign=None,
                    confidence=None, user=None, bucket_list=None,
                    ticket=None):
    """
    Add an Exploit to CRITs.

    :param name: The name of the exploit.
    :type name: str
    :param cve: CVE for the exploit.
    :type cve: str
    :param description: Description of the exploit.
    :type description: str
    :param source: Name of the source which provided this information.
    :type source: str
    :param source_method: Method of acquiring this data.
    :type source_method: str
    :param source_reference: A reference to this data.
    :type source_reference: str
    :param campaign: A campaign to attribute to this exploit.
    :type campaign: str
    :param confidence: Confidence level in the campaign attribution.
    :type confidence: str ("low", "medium", "high")
    :param user: The user adding this exploit.
    :type user: str
    :param bucket_list: Buckets to assign to this exploit.
    :type bucket_list: str
    :param ticket: Ticket to assign to this exploit.
    :type ticket: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
              "object" (if successful) :class:`crits.exploits.exploit.Exploit`
    """

    is_item_new = False
    retVal = {}
    exploit = Exploit.objects(name=name).first()

    if not exploit:
        exploit = Exploit()
        exploit.name = name
        if description:
            exploit.description = description.strip()
        is_item_new = True

    if isinstance(source, basestring):
        source = [create_embedded_source(source,
                                         reference=source_reference,
                                         method=source_method,
                                         analyst=user)]
    elif isinstance(source, EmbeddedSource):
        source = [source]

    if isinstance(campaign, basestring):
        c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=user)
        campaign = [c]

    if campaign:
        for camp in campaign:
            exploit.add_campaign(camp)

    if source:
        for s in source:
            exploit.add_source(s)
    else:
        return {"success" : False, "message" : "Missing source information."}

    exploit.cve = cve.strip()

    if bucket_list:
        exploit.add_bucket_list(bucket_list, user)

    if ticket:
        exploit.add_ticket(ticket, user)

    exploit.save(username=user)

    # run exploit triage
    if is_item_new:
        exploit.reload()
        run_triage(exploit, user)

    resp_url = reverse('crits.exploits.views.exploit_detail', args=[exploit.id])

    retVal['message'] = ('Success! Click here to view the new Exploit: '
                         '<a href="%s">%s</a>' % (resp_url, exploit.name))

    retVal['success'] = True
    retVal['object'] = exploit 
    retVal['id'] = str(exploit.id)

    return retVal