def inbox_service(request, inbox_name):
"""Handles TAXII Inbox Service requests."""
logger = logging.getLogger('yeti.taxii_services.views.inbox_service')
logger.debug('Entering Inbox service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation failed, return the response
try:
taxii_message = tm.get_message_from_xml(request.body)
except Exception as ex:
logger.debug('Unable to parse inbound message: %s', ex.message)
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
logger.debug('Inbox [%s] received TAXII message with id [%s] and type [%s]',
make_safe(inbox_name), make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
if taxii_message.message_type != tm.MSG_INBOX_MESSAGE:
logger.info('TAXII message with id [%s] was not Inbox type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to Inbox service did not have an inbox Message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.inbox_add_content(request, inbox_name, taxii_message)
return resp
def subscription_service(request):
"""Handles TAXII Subscription Service requests."""
logger = logging.getLogger("TAXIIApplication.taxii.views.subscription_service")
logger.debug('Entering subscription service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation failed, return the response
try:
taxii_message = tm_version.get_message_from_xml(request.body)
except Exception as ex:
logger.debug('Unable to parse inbound message: %s', str(ex))
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
logger.debug('Message received TAXII message with id [%s] and type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
if taxii_message.message_type != tm_version.MSG_MANAGE_FEED_SUBSCRIPTION_REQUEST:
logger.info('TAXII message with id [%s] was not Subscription Managment request [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
m = tm_version.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to feed managment service did not have a feed_managmen_request message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.feed_subscription_get_content(request, taxii_message)
logger.debug("We send the response to the client")
return resp
def get_message_from_urllib_addinfourl(http_response, in_response_to):
""" This function should not be called by libtaxii users directly. """
taxii_content_type = http_response.info().getheader('X-TAXII-Content-Type')
response_message = http_response.read()
if taxii_content_type is None: # Treat it as a Failure Status Message, per the spec
message = []
header_tuples = http_response.getheaders()
for k, v in header_tuples:
message.append(k + ': ' + v + '\r\n')
message.append('\r\n')
message.append(response_message)
m = ''.join(message)
return tm.StatusMessage(message_id='0', in_response_to=in_response_to, status_type=tm.ST_FAILURE, message=m)
elif taxii_content_type == VID_TAXII_XML_10: # It's a TAXII XML 1.0 message
return tm.get_message_from_xml(response_message)
elif taxii_content_type == VID_CERT_EU_JSON_10:
return tm.get_message_from_json(response_message)
else:
raise ValueError('Unsupported X-TAXII-Content-Type: %s' % taxii_content_type)
return None
def message_tests(taxii_message):
if not isinstance(taxii_message, tm.TAXIIMessage):
raise ValueError('taxii_message was not an instance of TAXIIMessage')
print '***** Message type = %s; id = %s' % (taxii_message.message_type, taxii_message.message_id)
xml_string = taxii_message.to_xml()
valid = tm.validate_xml(xml_string)
if not valid:
raise Exception('\tFailure of test #1 - XML not schema valid')
msg_from_xml = tm.get_message_from_xml(xml_string)
dictionary = taxii_message.to_dict()
msg_from_dict = tm.get_message_from_dict(dictionary)
if taxii_message != msg_from_xml:
print '\t Failure of test #2 - running equals w/ debug:'
taxii_message.__eq__(msg_from_xml, True)
raise Exception('Test #2 failed - taxii_message != msg_from_xml')
if taxii_message != msg_from_dict:
print '\t Failure of test #3 - running equals w/ debug:'
taxii_message.__eq__(msg_from_dict, True)
raise Exception('Test #3 failed - taxii_message != msg_from_dict')
if msg_from_xml != msg_from_dict:
print '\t Failure of test #4 - running equals w/ debug:'
msg_from_xml.__eq__(msg_from_dict, True)
raise Exception('Test #4 failed - msg_from_xml != msg_from_dict')
print '***** All tests completed!'
def obtener_remote_data_feeds(request):
#Given the id of a TAXII Service we make a FeedInformation request to that service address.
#The response is a list of the feed names of the TAXII client and a list of all protocol bindings, content binding and message binding.
feed_managment = TAXIIServices.objects.get(id = request.DATA.get('id'))
urlParsed = urlparse(feed_managment.feed_managment)
logger = logging.getLogger('TAXIIApplication.rest.tasks.obtener_remote_data_feeds')
logger.debug('We get the server data feeds')
logger.debug('Host: ' + urlParsed.hostname)
logger.debug('Path: ' + urlParsed.path)
logger.debug('Port: ' + str(urlParsed.port))
host = urlParsed.hostname
path = urlParsed.path
port = str(urlParsed.port)
feed_information = tm.FeedInformationRequest(message_id=tm.generate_message_id())
feed_info_xml = feed_information.to_xml()
logger.debug('The following message is sent: ' + feed_info_xml)
client = tc.HttpClient()
resp = client.callTaxiiService2(host, path, t.VID_TAXII_XML_10, feed_info_xml, port)
response_message = t.get_message_from_http_response(resp, '0')
logger.debug("The response was: " + response_message.to_xml())
try:
taxii_message = tm.get_message_from_xml(response_message.to_xml())
logger.debug("The JSON is: " + taxii_message.to_json())
feed_informations = taxii_message.feed_informations
feed_names = []
for feed in feed_informations:
feed_names.append({"name" : feed.feed_name})
protocolBindings = ProtocolBindingId.objects.all()
protocol_bindings = []
for proto in protocolBindings:
protocol_bindings.append({"binding_id" : proto.binding_id})
contentBindings = ContentBindingId.objects.all()
content_bindings = []
for content in contentBindings:
content_bindings.append({"binding_id" : content.binding_id})
messageBindings = MessageBindingId.objects.all()
message_bindings = []
for message in messageBindings:
message_bindings.append({"binding_id" : message.binding_id})
json_data = json.dumps({ "items" : feed_names, "protocol_bindings" : protocol_bindings, "content_bindings" : content_bindings, "message_bindings" : message_bindings })
logger.debug("The response is the following JSON: " + json_data)
return HttpResponse(json_data, content_type="application/json")
except Exception as ex:
logger.debug('The message could not be parsed:s', ex.message)
def get_message_from_urllib2_httperror(http_response, in_response_to):
taxii_content_type = http_response.info().getheader('X-TAXII-Content-Type')
response_message = http_response.read()
if taxii_content_type is None:
m = str(http_response.info()) + '\r\n' + response_message
return tm.StatusMessage(message_id='0', in_response_to=in_response_to, status_type=tm.ST_FAILURE, message=m)
elif taxii_content_type == VID_TAXII_XML_10: # It's a TAXII XML 1.0 message
return tm.get_message_from_xml(response_message)
elif taxii_content_type == VID_TAXII_JSON_10:
return tm.get_message_from_json(response_message)
else:
raise ValueError('Unsupported X-TAXII-Content-Type: %s' % taxii_content_type)
return None
def discovery_service(request):
"""Handles TAXII Discovery Service requests"""
logger = logging.getLogger('yeti.taxii_services.views.discovery_service')
logger.debug('entering discovery service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation fails, return the response
try:
taxii_message = tm.get_message_from_xml(request.body)
logger.debug('received taxii message [%s]' % (taxii_message.message_id))
except Exception as ex:
logger.debug('unable to parse inbound message: %s' % (ex.message))
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
if taxii_message.message_type != tm.MSG_DISCOVERY_REQUEST:
logger.info('Message [%s] was not discovery request [%s]' % (taxii_message.message_id,taxii_message.message_type))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to discovery service did not have a discovery request message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.discovery_get_services(request, taxii_message)
return resp
def get_message_from_httplib_http_response(http_response, in_response_to):
taxii_content_type = http_response.getheader('X-TAXII-Content-Type')
response_message = http_response.read()
if taxii_content_type is None: # Treat it as a Failure Status Message, per the spec
message = []
header_tuples = http_response.getheaders()
for k, v in header_tuples:
message.append(k + ': ' + v + '\r\n')
message.append('\r\n')
message.append(response_message)
m = ''.join(message)
return tm.StatusMessage(message_id='0', in_response_to=in_response_to, status_type=tm.ST_FAILURE, message=m)
elif taxii_content_type == VID_TAXII_XML_10: # It's a TAXII XML 1.0 message
return tm.get_message_from_xml(response_message)
else:
raise ValueError('Unsupported X-TAXII-Content-Type: %s' % taxii_content_type)
return None
def poll_service(request):
"""Handles TAXII Poll Service requests."""
logger = logging.getLogger("yeti.taxii_services.views.poll_service")
logger.debug('Entering poll service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation failed, return the response
try:
taxii_message = tm.get_message_from_xml(request.body)
except Exception as ex:
logger.debug('Unable to parse inbound message: %s', ex.message)
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
logger.debug('Poll service received TAXII message with id [%s] and type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
if taxii_message.message_type != tm.MSG_POLL_REQUEST:
logger.info('TAXII message with id [%s] was not Poll request [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to Poll service did not have a poll request message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.poll_get_content(request, taxii_message)
return resp
def registrar_remote_data_feeds(request):
#Given the id of a TAXII service we get the data feeds of the TAXII Client and copy them to the current system.
feed_managment = TAXIIServices.objects.get(id = request.DATA.get('id'))
urlParsed = urlparse(feed_managment.feed_managment)
logger = logging.getLogger('TAXIIApplication.rest.tasks.obtener_remote_data_feeds')
logger.debug('We get the server data feeds')
logger.debug('Host: ' + urlParsed.hostname)
logger.debug('Path: ' + urlParsed.path)
logger.debug('Port: ' + str(urlParsed.port))
host = urlParsed.hostname
path = urlParsed.path
port = str(urlParsed.port)
feed_information = tm.FeedInformationRequest(message_id=tm.generate_message_id())
feed_info_xml = feed_information.to_xml()
logger.debug('The following message is sent: ' + feed_info_xml)
client = tc.HttpClient()
resp = client.callTaxiiService2(host, path, t.VID_TAXII_XML_10, feed_info_xml, port)
response_message = t.get_message_from_http_response(resp, '0')
logger.debug("The response was: " + response_message.to_xml())
try:
taxii_message = tm.get_message_from_xml(response_message.to_xml())
logger.debug("Feed Information iteration")
feed_informations = taxii_message.feed_informations
for feed in feed_informations:
logger.debug("Create a new Remote Data Feed")
remote_df = RemoteDataFeed()
remote_df.name = feed.feed_name
logger.debug(feed.feed_name)
if feed.feed_description == None:
remote_df.description = "None"
else:
remote_df.description = feed.feed_description
remote_df.producer = host
remote_df.save()
i = 0
logger.debug('We get the subscription methods')
for sm in feed.subscription_methods:
protocol_binding = ProtocolBindingId(binding_id = sm.subscription_protocol)
protocol_binding.save()
dfsm = DataFeedSubscriptionMethod()
dfsm.title = feed.feed_name + "_"+str(i)
dfsm.address = sm.subscription_address
dfsm.protocol_binding=protocol_binding
dfsm.save()
for mb in sm.subscription_message_bindings:
msgb = MessageBindingId(binding_id = mb)
msgb.save()
dfsm.message_bindings.add(msgb)
dfsm.save()
remote_df.subscription_methods.add(dfsm)
logger.debug('We get the Content Bindings')
for sc in feed.supported_contents:
cb = ContentBindingId(binding_id = sc )
cb.save()
remote_df.supported_content_bindings.add(cb)
logger.debug('Obtengo los push methods')
for pm in feed.push_methods:
pb = ProtocolBindingId(binding_id = pm.push_protocol)
pb.save()
mb = MessageBindingId(binding_id = pm.push_message_bindings)
mb.save()
dpm = DataFeedPushMethod(protocol_binding = pb, message_binding = mb)
dpm.save()
remote_df.push_methods.add(dpm)
poll_service_instances = []
logger.debug('We get the Poll Service Instances')
for psi in feed.polling_service_instances:
rdfpi = RemoteDataFeedPollInformation()
rdfpi.address = psi.poll_address
pb = ProtocolBindingId(binding_id = psi.poll_protocol)
pb.save()
rdfpi.protocol_binding = pb
rdfpi.save()
logger.debug(psi.poll_message_bindings)
for msg in psi.poll_message_bindings:
msgb = MessageBindingId(binding_id = msg)
msgb.save()
rdfpi.message_bindings.add(msgb)
rdfpi.save()
remote_df.poll_service_instances.add(rdfpi)
logger.debug("Save the remote data feed")
remote_df.save()
return Response(status=status.HTTP_201_CREATED)
except Exception as ex:
logger.debug( ex)
return Response(status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def poll_request(collection_name, subscription_id, host, path, port):
#Given the collection name, subscription id, host, path and port we make a poll request to
#the client TAXII associated with the host, path and port for the subscription and collection given.
logger = logging.getLogger('TAXIIApplication.rest.tasks.poll_request')
logger.debug('Poll information starts')
logger.debug('Parameters are: ')
logger.debug('Collection Name: ' + collection_name)
logger.debug('Subscription Id: ' + str(subscription_id))
logger.debug('Host: ' + str(host))
logger.debug('Path: ' + path)
logger.debug('Port: ' + str(port))
begin_ts = None
end_ts = None
poll_req = tm11.PollRequest(message_id = tm11.generate_message_id(),
collection_name = collection_name,
exclusive_begin_timestamp_label = begin_ts,
inclusive_end_timestamp_label = end_ts,
subscription_id = subscription_id)
poll_req_xml = poll_req.to_xml()
logger.debug('The following Poll Request message was generated')
logger.debug('###########################################')
logger.debug(poll_req_xml)
logger.debug('###########################################')
client = tc.HttpClient()
resp = client.callTaxiiService2(host, path, t.VID_TAXII_XML_10, poll_req_xml, port)
response_message = t.get_message_from_http_response(resp, '0')
logger.debug('The response got from the sistem was: ')
logger.debug('#########################################')
logger.debug(response_message.to_xml())
logger.debug('#########################################')
try:
taxii_message = tm.get_message_from_xml(response_message.to_xml())
except Exception as ex:
logger.debug('The message could not be parsed:s', ex.message)
if taxii_message.message_type != tm.MSG_POLL_RESPONSE:
logger.debug('The message is not a TAXII response')
else:
logger.debug(taxii_message)
content_blocks = taxii_message.content_blocks
logger.debug('We process the Content Blocks')
for cb in content_blocks:
tree = etree.parse(StringIO(cb.content))
import stix.bindings.stix_core as stix_core_binding
stix_package_obj = stix_core_binding.STIXType().factory()
stix_package_obj.build(tree.getroot())
from stix.core import STIXPackage # resolve circular dependencies
stix_package = STIXPackage().from_obj(stix_package_obj)
logger.debug(stix_package.stix_header.description)
logger.debug('El id del stix es ' + str(stix_package._id))
info = ContentBlock.objects.filter(stix_id = stix_package._id)
if info.exists():
p = ContentBlock()
p.description = stix_package.stix_header.description
p.title = stix_package.stix_header.title
p.message_id = taxii_message.message_id
p.origen = collection_name + ' in ' + host
c = ContentBindingId(binding_id=cb.content_binding)
c.save()
p.content_binding = c
p.content = cb.content
p.save()
