def create_tool(): adversary_list = q.q_get_adversaries.get_adversaries() if request.method == "POST": tool_id = request.form['tool_id'] tool_name = request.form['tool_name'] tool_identifiers = request.form['tool_identifiers'] adversary_id = rast.literal_eval(request.form['related_adversary'])['db_id'] tool_description = request.form['description'] updated_date = time.strftime('%Y-%m-%d %H:%M:%S') db = get_db() db.execute( 'INSERT INTO tools (tool_id, tool_name, tool_description, tool_description, author_id)' ' VALUES (?, ?, ?, ?, ?)', (tool_id, tool_name, tool_description, tool_description, g.user['id']) ) db.commit() q_insert_adversary_x_tool.insert_adversary_x_tool(adversary_id, tool_id) message = 'Successfully created tool' return render_template('maps/completed.html', message=message) return render_template('maps/creation/create-tool.html', adversary_list=adversary_list)
def get_adversaries_techniques(adversary_id): db = get_db() db.row_factory = make_dicts try: query = db.execute( 'select t.tool_name as Tool, tec.technique_id as TechniqueID, \ tec.technique_name as Technique, null as SubtechniqueID, null as Subtechnique \ from adversaries_x_tools at \ inner join tools t on at.tool_id = t.id \ inner join tools_x_techniques tt on t.id = tt.tool_id \ inner join techniques tec on tec.id = tt.technique_id \ where at.adversary_id=? \ \ UNION ALL\ \ select t.tool_name as Tool , tec.technique_id, tec.technique_name, stec.subtechnique_id \ , stec.subtechnique_name from adversaries_x_tools at \ inner join tools t on at.tool_id = t.id \ inner join tools_x_subtechniques st on t.id = st.tool_id \ inner join techniques_x_subtechniques ts on st.subtechnique_id=ts.subtechnique_id \ inner join techniques tec on tec.id=ts.technique_id \ inner join subtechniques stec on stec.id = st.subtechnique_id \ where at.adversary_id=? \ ORDER BY t.tool_name, tec.technique_id, stec.subtechnique_id', ( adversary_id, adversary_id, )) result = query.fetchall() return result except TypeError: return False
def create_adversary(): countries_list = q.q_get_countries.get_countries() if request.method == "POST": adversary_id = request.form['adversary_id'] adversary_name = request.form['adversary_name'] adversary_description = request.form['description'] adversary_identifiers = request.form['adversary_identifiers'] adversary_origin = request.form['sorigin'] error = None if not adversary_name: error = 'Adversary name is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO adversaries (adversary_id, adversary_name, adversary_description, adversary_identifiers, adversary_sorigin, author_id)' ' VALUES (?, ?, ?, ?, ?, ?)', (adversary_id, adversary_name, adversary_description, adversary_identifiers, adversary_origin, g.user['id']) ) db.commit() message = 'Successfully created Adversary' return render_template('maps/completed.html', message=message) return render_template('maps/creation/create-adversary.html', countries_list=countries_list, request_adversary = '')
def edit_tactic(): try: if request.method == 'POST': edited = request.form db_id = edited['db_id'] tactic_id = edited['adversary_id'] tactic_name = edited['adversary_name'] tactic_description = edited['description'] updated_date = time.strftime('%Y-%m-%d %H:%M:%S') db = get_db() db.execute( 'UPDATE tactics SET tactic_id=?, tactic_name=?, tactic_description=?, updated_date=?, updated_by=? WHERE id=?', ( tactic_id, tactic_name, tactic_description, updated_date, g.user['id'], db_id, )) db.commit() return redirect('/explore-tactics') except: return render_template('maps/404.html')
def create_technique(): tactics_list = q.q_get_tactics.get_tactics() if request.method == "POST": technique_id = request.form['id'] technique_name = request.form['name'] technique_description = request.form['description'] unprocessed_tactic = request.form['tactic'] processed_tactic_str =request.form['tactic'].replace('\'','\"') technique_tactic = json.loads(processed_tactic_str) tactic = technique_tactic['Name'] db = get_db() result = db.execute( 'INSERT INTO techniques (technique_id, technique_name, technique_description, author_id)' ' VALUES (?, ?, ?, ?)', (technique_id, technique_name, technique_description, g.user['id']) ) db.commit() technique_db_id = result.lastrowid tactic_id = q.q_get_element_id.get_element_id('tactics', 'tactic_name', tactic) q_insert_tactic_x_technique.insert_tactic_x_technique(tactic_id, technique_db_id) message = 'Successfully created technique' return render_template('maps/completed.html', message=message) return render_template('maps/creation/create-technique.html', tactics_list=tactics_list)
def edit_technique(): try: if request.method == 'POST': edited = request.form db_id = edited['db_id'] technique_id = edited['technique_id'] technique_name = edited['technique_name'] tactic_id = ast.literal_eval( request.form['related_tactic'])['db_id'] technique_description = edited['description'] updated_date = time.strftime('%Y-%m-%d %H:%M:%S') db = get_db() db.execute( 'UPDATE tools SET technique_id=?, technique_name=?, technique_description=?, updated_date=?, updated_by=? WHERE id=?', ( technique_id, technique_name, technique_description, updated_date, g.user['id'], db_id, )) db.commit() q_insert_tactic_x_technique.insert_tactic_x_technique( tactic_id, technique_db_id) return redirect('/explore-techniques') except: return render_template('maps/404.html')
def edit_subtechnique(): try: if request.method == 'POST': edited = request.form db_id = edited['db_id'] subtechnique_id = edited['subtechnique_id'] subtechnique_name = edited['subtechnique_name'] subtechnique_tactic = edited['subtechnique_tactic'] subtechnique_description = edited['description'] updated_date = time.strftime('%Y-%m-%d %H:%M:%S') db = get_db() db.execute( 'UPDATE techniques SET subtechnique_id=?, subtechnique_name=?, subtechnique_description=?, updated_date=?, updated_by=? WHERE id=?', ( subtechnique_id, subtechnique_name, subtechnique_description, updated_date, g.user['id'], db_id, )) db.commit() return redirect('/explore-subtechniques') except: return render_template('maps/404.html')
def edit_tool(): try: if request.method == 'POST': edited = request.form db_id = edited['db_id'] tool_id = edited['tool_id'] tool_name = edited['tool_name'] tool_identifiers = edited['tool_identifiers'] adversary_id = ast.literal_eval( request.form['related_adversary'])['db_id'] tool_description = edited['tool_description'] updated_date = time.strftime('%Y-%m-%d %H:%M:%S') db = get_db() db.execute( 'UPDATE tools SET tool_id=?, tool_name=?, tool_description=?, tool_identifiers=?, updated_date=?, updated_by=? WHERE id=?', ( tool_id, tool_name, tool_description, tool_identifiers, updated_date, g.user['id'], db_id, )) db.commit() q_insert_adversary_x_tool.insert_adversary_x_tool( adversary_id, tool_id) return redirect('/explore-tools') except: return render_template('maps/404.html')
def edit_adversary(): try: if request.method == 'POST': edited = request.form db_id = edited['db_id'] adversary_id = edited['adversary_id'] adversary_name = edited['adversary_name'] adversary_identifiers = edited['adversary_identifiers'] adversary_sorigin = edited['sorigin'] adversary_description = edited['description'] updated_date = time.strftime('%Y-%m-%d %H:%M:%S') db = get_db() db.execute( 'UPDATE adversaries SET adversary_id=?, adversary_name=?, adversary_description=?, adversary_identifiers=?, adversary_sorigin=?, updated_date=?, updated_by=? WHERE id=?', ( adversary_id, adversary_name, adversary_description, adversary_identifiers, adversary_sorigin, updated_date, g.user['id'], db_id, )) db.commit() message = 'Successfully created adversaries' return render_template('maps/completed.html', message=message) except: return render_template('maps/404.html')
def create_subtechnique(): techniques_list = q.q_get_techniques.get_techniques() if request.method == "POST": subtechnique_id = request.form['db_id'] subtechnique_name = request.form['subtechnique_name'] technique_id = ast.literal_eval(request.form['related_technique'])['db_id'] subtechnique_description = request.form['description'] db = get_db() result = db.execute( 'INSERT INTO subtechniques (subtechnique_id, subtechnique_name, subtechnique_description, author_id)' ' VALUES (?, ?, ?, ?)', (subtechnique_id, subtechnique_name, subtechnique_description, g.user['id']) ) db.commit() subtechnique_db_id = result.lastrowid insert_into_table = q.q_insert_relation_into_tables.insert_relation_into_tables('techniques_x_subtechniques', 'technique_id', 'subtechnique_id', technique_id, subtechnique_db_id) message = 'Successfully created subtechnique' return render_template('maps/completed.html', message=message) return render_template('maps/creation/create-subtechnique.html', techniques_list=techniques_list)
def get_tools_x_subtechniques(subtechnique=''): db = get_db() db.row_factory = make_dicts try: if subtechnique: query = db.execute( 'SELECT t.tool_id As \'ToolID\', t.tool_name as Tool, subtec.subtechnique_id as \'SubtechniqueID\', subtec.subtechnique_name as Subtechnique \ FROM tools t \ inner join adversaries_x_tools axt on axt.tool_id=t.id \ inner join tools_x_subtechniques txt on txt.subtechnique_id=t.id \ inner join subtechniques subtec on subtec.id=txt.subtechnique_id \ WHERE t.id=?', (subtechnique, )).fetchall() return query else: query = db.execute( 'SELECT t.tool_id As \'ToolID\', t.tool_name as Tool, subtec.subtechnique_id as \'SubtechniqueID\', subtec.subtechnique_name as Subtechnique \ FROM tools t \ inner join adversaries_x_tools axt on axt.tool_id=t.id \ inner join tools_x_subtechniques txt on txt.subtechnique_id=t.id \ inner join subtechniques subtec on subtec.id=txt.subtechnique_id \ ORDER BY t.tool_name').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM users WHERE id = ?', (user_id, )).fetchone()
def get_countries(): db = get_db() try: db.row_factory = lambda cursor, row: row[0] query = db.execute( 'SELECT country FROM countries ORDER BY country').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_industries(): db = get_db() try: db.row_factory = make_dicts query = db.execute( 'SELECT id as db_id, industry_name as Industry FROM industries ORDER BY industry_name ASC').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def insert_adversary_x_event(adversary_id, event_id): author_id = g.user['id'] g.db = get_db() query='INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format('adversaries_x_events', 'author_id', 'adversary_id', 'event_id') result = g.db.execute(query, (author_id, adversary_id, event_id)) g.db.commit() element_id = result.lastrowid return element_id
def get_events(): db = get_db() try: db.row_factory = make_dicts query = db.execute( 'SELECT event_name as Event, event_description as Description, event_url as URL FROM events' ).fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_adversaries_x_industry(): db = get_db() try: db.row_factory = make_dicts #db.row_factory = lambda cursor, row: {row: row[0]} query = db.execute( 'SELECT adversary_id as ID, adversary_name as Name, adversary_identifiers as Identifiers, adversary_description as Description FROM adversaries ORDER BY Name').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def insert_tactic_x_technique(tactic_id, technique_id): author_id = g.user['id'] g.db = get_db() query = 'INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format( 'tactics_x_techniques', 'author_id', 'tactic_id', 'technique_id') result = g.db.execute(query, (author_id, tactic_id, technique_id)) g.db.commit() element_id = result.lastrowid return element_id
def insert_relation_into_tables(table, relation_name, element_name, related_id, element_id): author_id = g.user['id'] g.db = get_db() query = 'INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format( table, 'author_id', relation_name, element_name) result = g.db.execute(query, (author_id, related_id, element_id)) g.db.commit() element_id = result.lastrowid return element_id
def insert_tool_x_techn(table, tool_id, technique_id): try: author_id = g.user['id'] except (NameError, TypeError) as error: author_id = 1 g.db = get_db() query='INSERT INTO {} ({}, {}, {}) VALUES (?, ?, ?)'.format(table, 'author_id', 'tool_id', 'technique_id') result = g.db.execute(query, (author_id, tool_id, technique_id)) g.db.commit() element_id = result.lastrowid return element_id
def get_most_used_techniques(): db = get_db() try: db.row_factory = make_dicts query = db.execute( 'SELECT t.technique_id as \'TechniqueID\', t.technique_name as Technique, count(*) as Hits FROM techniques t \ inner join tools_x_techniques txt on txt.technique_id=t.id \ GROUP by t.technique_name \ ORDER BY Hits Desc').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_adversaries_x_event(): db = get_db() try: db.row_factory = make_dicts #db.row_factory = lambda cursor, row: {row: row[0]} query = db.execute( 'select a.adversary_id, a.adversary_name, event_name, event_description from events e \ inner join adversaries_x_events ae on ae.event_id = e.id \ inner join adversaries a on a.id = ae.adversary_id ORDER BY adversary_name' ).fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_element_id(table, column, value): #FROM MOBILE, TECHNIQUE 'COMPROMISE' needs fixing value2 = value.replace('-', ' ').lower() db = get_db() try: query = db.execute( 'SELECT id FROM {} WHERE lower({}) is ?'.format(table, column), (value2, )) result = query.fetchone() return result['id'] except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_events_x_industry(): db = get_db() db.row_factory = make_dicts try: query = db.execute( 'select a.adversary_name, i.industry_name, e.event_name from events e \ inner join events_x_industries ei on e.id = ei.event_id \ inner join industries i on i.id = ei.industry_id \ inner join adversaries_x_events ae on ae.event_id = e.id \ inner join adversaries a on a.id = ae.adversary_id').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_adversaries_x_tool(): db = get_db() try: db.row_factory = make_dicts query = db.execute( "SELECT a.adversary_id As \'Adversary ID\', a.adversary_name as Adversary, t.tool_id as \'Tool ID\', t.tool_name as Tool \ FROM adversaries a \ inner join adversaries_x_tools axt on axt.adversary_id=a.id \ inner join tools t on axt.tool_id=t.id \ ORDER BY a.adversary_name").fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def insert_into_events(event_name, event_description, event_url): author_id = g.user['id'] g.db = get_db() query = 'INSERT INTO events ({}, {}, {}, {}) VALUES (?, ?, ?, ?)'.format( 'author_id', 'event_name', 'event_description', 'event_url') result = g.db.execute( query, (author_id, event_name, event_description, event_url)) g.db.commit() element_id = result.lastrowid return element_id
def get_adversaries_sorigin(): db = get_db() try: db.row_factory = make_dicts #db.row_factory = lambda cursor, row: {row: row[0]} query = db.execute( 'SELECT adversary_sorigin as \'Suspected Origin\', GROUP_CONCAT(adversary_name) as Adversary \ FROM adversaries \ where adversary_sorigin is not null \ GROUP BY adversary_sorigin;').fetchall() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_subtechniques(subtechnique=''): db = get_db() db.row_factory = make_dicts try: if not subtechnique: query = db.execute( 'SELECT id as \'db_id\', subtechnique_id as ID, subtechnique_name as Subtechnique, subtechnique_description as Description FROM subtechniques ORDER BY subtechnique_name ASC' ).fetchall() return query else: query = db.execute('SELECT * FROM subtechniques WHERE id is ?', (subtechnique, )).fetchone() return query except TypeError: return False #Change this for something more meaningful -- warning/alert
def get_tools(tool=''): db = get_db() db.row_factory = make_dicts try: if not tool: query = db.execute( 'SELECT id as \'db_id\', tool_id as ID, tool_name as Tool, tool_description as Description, tool_identifiers as Identifiers FROM tools ORDER BY tool_name').fetchall() return query else: query = db.execute( 'SELECT * FROM tools WHERE id is ?', (tool,) ).fetchone() return query except TypeError: #embed() return False #Change this for something more meaningful -- warning/alert
def get_adversaries(adversary=''): db = get_db() db.row_factory = make_dicts try: if not adversary: query = db.execute( 'SELECT id as db_id, adversary_id as ID, adversary_name as Adversary, adversary_identifiers as Identifiers, adversary_description as Description \ FROM adversaries ORDER BY adversary_name ASC').fetchall() return query else: query = db.execute('SELECT * FROM adversaries WHERE id is ?', (adversary, )).fetchone() return query except TypeError: return False