def get_cluster_config(name, **kwargs): data = STORAGE.get_blob("prov_conf_%s" % name) if not data: return make_api_response({}, "Provisionning config %s not found." % name, 404) return make_api_response(data)
def save_seed(**kwargs): """ Save the configuration seed to the system Variables: None Arguments: None Data Block: { "KEY": "value", # Dictionary of key/value pair ... } Result example: { "success": true # Was the update successful? } """ seed = request.json old_seed = STORAGE.get_blob("seed") STORAGE.save_blob("previous_seed", old_seed) STORAGE.save_blob("seed", seed) return make_api_response({"success": True})
def get_source_seed(**kwargs): """ Get the default configuration seed Variables: None Arguments: None Data Block: None Result example: { "KEY": "value", # Dictionary of key/value pair ... } """ seed_module = STORAGE.get_blob("seed_module") if not seed_module: return make_api_response({}) seed = module_attribute_by_name(seed_module) services_to_register = seed['services']['master_list'] for service, svc_detail in services_to_register.iteritems(): seed['services']['master_list'][service] = get_merged_svc_config(service, svc_detail, LOGGER) return make_api_response(seed)
def signature_statistics(**kwargs): """ Gather all signatures stats in system Variables: None Arguments: None Data Block: None Result example: {"total": 201, # Total heuristics found "timestamp": # Timestamp of last signatures stats "items": # List of Signatures [{"id": "ORG_000000", # Signature ID "name": "Signature Name" # Signature name "count": "100", # Count of times signatures seen "min": 0, # Lowest score found "avg": 172, # Average of all scores "max": 780, # Highest score found }, ... """ user = kwargs['user'] output = {"total": 0, "items": [], "timestamp": None} sig_blob = STORAGE.get_blob("signature_stats") if sig_blob: cleared = [] try: for k, v in sig_blob["stats"].iteritems(): sig_id, rev = k.rsplit("r.", 1) if user and Classification.is_accessible(user['classification'], v[1]): cleared.append({ "id": sig_id, "rev": rev, "name": v[0], "count": v[2], "min": v[3], "avg": int(v[4]), "max": v[5], "classification": v[1] }) except AttributeError: pass output["items"] = cleared output["total"] = len(cleared) output["timestamp"] = sig_blob["timestamp"] return make_api_response(output)
def list_heuritics_stats(**kwargs): """ Gather all heuristics stats in system Variables: None Arguments: None Data Block: None Result example: {"total": 201, # Total heuristics found "timestamp": # Timestamp of last heuristics stats "items": # List of heuristics [{"id": "AL_HEUR_001", # Heuristics ID "count": "100", # Count of times heuristics seen "min": 0, # Lowest score found "avg": 172, # Average of all scores "max": 780, # Highest score found }, ... """ user = kwargs['user'] output = {"total": 0, "items": [], "timestamp": None} heur_blob = STORAGE.get_blob("heuristics_stats") if heur_blob: cleared = [] try: for k, v in heur_blob["stats"].iteritems(): heur_id = k if heur_id in HEUR_MAP: if user and Classification.is_accessible(user['classification'], HEUR_MAP[heur_id]['classification']) and v[0] != 0: cleared.append({ "id": heur_id, "count": v[0], "min": v[1], "avg": int(v[2]), "max": v[3], "classification": HEUR_MAP[heur_id]['classification'] }) except AttributeError: pass output["items"] = cleared output["total"] = len(cleared) output["timestamp"] = heur_blob["timestamp"] return make_api_response(output)
def login(): if request.environ.get("HTTP_X_REMOTE_CERT_VERIFIED", "FAILURE") == "SUCCESS": dn = ",".join( request.environ.get("HTTP_X_REMOTE_DN").split("/")[::-1][:-1]) else: dn = "" avatar = None username = '' alternate_login = '******' if dn: u_list = STORAGE.advanced_search('user', 'dn:"%s"' % dn, args=[('fl', '_yz_rk') ])['response']['docs'] if len(u_list): username = u_list[0]['_yz_rk'] avatar = STORAGE.get_user_avatar( username) or "/static/images/user_default.png" alternate_login = '******' else: try: username = dn.rsplit('CN=', 1)[1] except IndexError: username = dn avatar = "/static/images/user_default.png" alternate_login = '******' if config.auth.get('encrypted_login', True): public_key = STORAGE.get_blob('id_rsa.pub') if not public_key: public_key, private_key = generate_async_keys( key_size=config.ui.get('rsa_key_size', 2048)) STORAGE.save_blob('id_rsa.pub', public_key) STORAGE.save_blob('id_rsa', private_key) else: public_key = None next_url = angular_safe(request.args.get('next', "/")) return custom_render("login.html", next=next_url, public_key=public_key, avatar=avatar, username=username, alternate_login=alternate_login)
def get_heuristic(heuristic_id, **kwargs): """ Get a specific heuristic's detail from the system Variables: heuristic_id => ID of the heuristic Arguments: None Data Block: None Result example: {"id": "AL_HEUR_001", # Heuristics ID "filetype": ".*", # Target file type "name": "HEURISTICS_NAME", # Heuristics name "description": ""} # Heuristics description """ user = kwargs['user'] h = deepcopy(HEUR_MAP.get(heuristic_id, None)) if not h: return make_api_response("", "Not found", 404) # Add counters h["count"] = 0 h["min"] = 0 h["avg"] = 0 h["max"] = 0 heur_blob = STORAGE.get_blob("heuristics_stats") if heur_blob: data = heur_blob.get('stats', {}).get(heuristic_id, None) if data: h["count"] = data[0] h["min"] = data[1] h["avg"] = data[2] h["max"] = data[3] if user and Classification.is_accessible(user['classification'], h['classification']): return make_api_response(h) else: return make_api_response("", "You are not allowed to see this heuristic...", 403)
def get_previous_seed(**kwargs): """ Get the previous configuration seed Variables: None Arguments: None Data Block: None Result example: { "KEY": "value", # Dictionary of key/value pair ... } """ return make_api_response(STORAGE.get_blob("previous_seed") or {})
def init(**_): """ Initialize secured handshake by downloading the server public key to encrypt the password Variables: None Arguments: None Data Block: None Result example: -----BEGIN PUBLIC KEY----- .... """ if config.auth.get('encrypted_login', True): return make_api_response(STORAGE.get_blob('id_rsa.pub')) else: return make_api_response(None)
def login(**_): """ Login the user onto the system Variables: None Arguments: None Data Block: { "user": <UID>, "password": <ENCRYPTED_PASSWORD>, "otp": <OTP_TOKEN>, "apikey": <ENCRYPTED_APIKEY>, "u2f_response": <RESPONSE_TO_CHALLENGE_FROM_U2F_TOKEN> } Result example: { "username": <Logged in user>, # Username for the logged in user "privileges": ["R", "W"], # Different privileges that the user will get for this session "session_duration": 60 # Time after which this session becomes invalid # Note: The timer reset after each call } """ data = request.json if not data: data = request.values user = data.get('user', None) password = data.get('password', None) apikey = data.get('apikey', None) u2f_response = data.get('u2f_response', None) if config.auth.get('encrypted_login', True): private_key = load_async_key(STORAGE.get_blob('id_rsa'), use_pkcs=True) if password and private_key: password = private_key.decrypt(base64.b64decode(password), "ERROR") if apikey and private_key: apikey = private_key.decrypt(base64.b64decode(apikey), "ERROR") try: otp = int(data.get('otp', 0) or 0) except Exception: raise AuthenticationException('Invalid OTP token') if request.environ.get("HTTP_X_REMOTE_CERT_VERIFIED", "FAILURE") == "SUCCESS": dn = request.environ.get("HTTP_X_REMOTE_DN") else: dn = False if (user and password) or dn or (user and apikey): auth = { 'username': user, 'password': password, 'otp': otp, 'u2f_response': u2f_response, 'dn': dn, 'apikey': apikey } try: logged_in_uname, priv = default_authenticator(auth, request, flsk_session, STORAGE) session_duration = config.ui.get('session_duration', 3600) cur_time = now() xsrf_token = generate_random_secret() current_session = { 'duration': session_duration, 'ip': request.headers.get("X-Forward-For", request.remote_addr), 'privileges': priv, 'time': int(cur_time) - (int(cur_time) % session_duration), 'user_agent': request.headers.get("User-Agent", "Unknown user agent"), 'username': logged_in_uname, 'xsrf_token': xsrf_token } session_id = hashlib.sha512(str(current_session)).hexdigest() current_session['expire_at'] = cur_time + session_duration flsk_session['session_id'] = session_id KV_SESSION.add(session_id, current_session) return make_api_response({ "username": logged_in_uname, "privileges": priv, "session_duration": config.ui.get('session_duration', 3600) }, cookies={'XSRF-TOKEN': xsrf_token}) except AuthenticationException as wpe: return make_api_response("", wpe.message, 401) return make_api_response("", "Not enough information to proceed with authentication", 401)