Пример #1
0
    def post(self):
        if "file" in request.files:
            f = AttachedFile.from_upload(request.files["file"])
        else:
            data = loads(request.data)
            if "file" in data:
                f = AttachedFile.from_upload(data["file"])
            else:
                abort(400)

        return render({"filename": url_for("api.AttachedFiles:get", id=f.id)})
Пример #2
0
    def post(self):
        if 'file' in request.files:
            f = AttachedFile.from_upload(request.files['file'])
        else:
            data = loads(request.data)
            if 'file' in data:
                f = AttachedFile.from_upload(data['file'])
            else:
                abort(400)

        return render({'filename': url_for('api.AttachedFiles:get', id=f.id)})
Пример #3
0
    def post(self):
        if 'file' in request.files:
            f = AttachedFile.from_upload(request.files['file'])
        else:
            data = loads(request.data)
            if 'file' in data:
                f = AttachedFile.from_upload(data['file'])
            else:
                abort(400)

        return render({'filename': url_for('api.AttachedFiles:get', id=f.id)})
Пример #4
0
    def inv_import(self):
        if request.method == "GET":
            return render_template(
                "{}/import.html".format(self.klass.__name__.lower()))
        else:
            text = request.form.get('text')
            url = request.form.get('url')

            if text:
                investigation = Investigation(import_text=text)
                investigation.save()
                return redirect(
                    url_for(
                        'frontend.InvestigationView:import_from',
                        id=investigation.id))
            else:
                try:
                    if url:
                        import_method = ImportMethod.objects.get(acts_on="url")
                        results = import_method.run(url)
                    else:
                        target = AttachedFile.from_upload(request.files['file'])
                        import_method = ImportMethod.objects.get(
                            acts_on=target.content_type)
                        results = import_method.run(target)

                    return redirect(
                        url_for(
                            'frontend.InvestigationView:import_wait',
                            id=results.id))
                except DoesNotExist:
                    flash("This file type is not supported.", "danger")
                    return render_template(
                        "{}/import.html".format(self.klass.__name__.lower()))
Пример #5
0
    def attach_file(self, id):
        if 'file' not in request.files:
            abort(400)

        e = get_object_or_404(self.klass, id=id)
        f = AttachedFile.from_upload(request.files['file'])
        if f:
            f.attach(e)
        return redirect(url_for('frontend.{}:get'.format(self.__class__.__name__), id=e.id))
Пример #6
0
    def post_save(self, obj, request):
        obj.save_observables()

        file = request.files.get('vulscan-file')
        if file:
            file.filename = obj.updated.strftime(
                "%Y-%m-%d_%H:%M") + '.{}'.format(file.filename.split('.')[1])
            f = AttachedFile.from_upload(file)
            f.attach(obj)
Пример #7
0
    def attach_file(self, id):
        if 'file' not in request.files:
            abort(400)

        e = get_object_or_404(self.klass, id=id)
        f = AttachedFile.from_upload(request.files['file'])
        if f:
            f.attach(e)
        return redirect(
            url_for('frontend.{}:get'.format(self.__class__.__name__), id=e.id))
Пример #8
0
def save_file(uploaded_file, filename=None):
    value = "FILE:{}".format(stream_sha256(uploaded_file))
    mime_type = magic.from_buffer(uploaded_file.read(100), mime=True)
    uploaded_file.seek(0)
    body = AttachedFile.from_upload(uploaded_file, force_mime=mime_type)
    f = observables.File.get_or_create(value=value, body=body, mime_type=mime_type)

    if not filename:
        filename = uploaded_file.filename
    if filename not in f.filenames:
        f.filenames.append(filename)

    return f.save()
Пример #9
0
Файл: file.py Проект: tdr0/yeti
def save_file(uploaded_file, filename=None):
    value = "FILE:{}".format(stream_sha256(uploaded_file))
    mime_type = magic.from_buffer(uploaded_file.read(100), mime=True)
    uploaded_file.seek(0)
    body = AttachedFile.from_upload(uploaded_file, force_mime=mime_type)
    f = observables.File.get_or_create(
        value=value, body=body, mime_type=mime_type)

    if not filename:
        filename = uploaded_file.filename
    if filename not in f.filenames:
        f.filenames.append(filename)

    return f.save()
Пример #10
0
    def save_as_pdf(self, results, url):
        tmpdir = mkdtemp()

        try:
            options = {"load-error-handling": "ignore"}

            pdfkit.from_url(url, path.join(tmpdir, 'out.pdf'), options=options)

            with open(path.join(tmpdir, 'out.pdf'), 'rb') as pdf:
                pdf_import = AttachedFile.from_content(
                    pdf, 'import.pdf', 'application/pdf')

            results.investigation.update(import_document=pdf_import)
        except Exception, e:
            print e
Пример #11
0
    def save_as_pdf(self, results, url):
        tmpdir = mkdtemp()

        try:
            options = {"load-error-handling": "ignore"}

            pdfkit.from_url(url, path.join(tmpdir, 'out.pdf'), options=options)

            with open(path.join(tmpdir, 'out.pdf'), 'rb') as pdf:
                pdf_import = AttachedFile.from_content(pdf, 'import.pdf',
                                                       'application/pdf')

            results.investigation.update(import_document=pdf_import)
        except Exception, e:
            print e
Пример #12
0
    def from_data(cls, data, hash_sha256=None):
        """Creates a Certificate observable based on raw certificate data and
its hash_sha256 value.

        """
        if hash_sha256 is None:
            hash_sha256 = hashlib.sha256(data).hexdigest()
        body = AttachedFile.from_content(
            BytesIO(data),
            "cert.der",
            "application/pkix-cert",
        )
        return cls.get_or_create(
            value="CERT:{}".format(hash_sha256),
            body=body,
        )
Пример #13
0
    def do_import(self, results, url):
        response = requests.get(url, proxies=yeti_config.proxy)
        content_type = magic.from_buffer(response.content, mime=True)

        if content_type == "text/html":
            import_html(results, response.content)
            self.save_as_pdf(results, url)
        else:
            target = AttachedFile.from_content(
                StringIO(response.content), url, content_type)
            results.investigation.update(import_document=target)
            try:
                method = ImportMethod.objects.get(acts_on=content_type)
                method.do_import(results, target.filepath)
            except:
                raise ValueError(
                    "unsupported file type: '{}'".format(content_type))
Пример #14
0
    def do_import(self, results, url):
        response = requests.get(url, proxies=yeti_config.proxy)
        content_type = magic.from_buffer(response.content, mime=True)

        if content_type == "text/html":
            import_html(results, response.content)
            self.save_as_pdf(results, url)
        else:
            target = AttachedFile.from_content(StringIO(response.content), url,
                                               content_type)
            results.investigation.update(import_document=target)
            try:
                method = ImportMethod.objects.get(acts_on=content_type)
                method.do_import(results, target.filepath)
            except:
                raise ValueError(
                    "unsupported file type: '{}'".format(content_type))
Пример #15
0
    def inv_import(self):
        if request.method == "GET":
            return render_template(
                "{}/import.html".format(self.klass.__name__.lower()),
                groups=get_user_groups())
        else:
            text = request.form.get('text')
            url = request.form.get('url')
            sharing = request.form.get('sharing')

            if text:
                investigation = Investigation(
                    created_by=current_user.username, import_text=text)
                # set sharing permissions
                investigation.save()
                investigation.sharing_permissions(sharing)
                return redirect(
                    url_for(
                        'frontend.InvestigationView:import_from',
                        id=investigation.id))
            else:
                try:
                    if url:
                        import_method = ImportMethod.objects.get(acts_on="url")
                        results = import_method.run(url)
                    elif "file" in request.files:
                        target = AttachedFile.from_upload(request.files['file'])
                        import_method = ImportMethod.objects.get(
                            acts_on=target.content_type)
                        results = import_method.run(target)
                    else:
                        flash("You need to provide an input", "danger")
                        return redirect(request.referrer)
                    return redirect(
                        url_for(
                            'frontend.InvestigationView:import_wait',
                            id=results.id))
                except DoesNotExist:
                    flash("This file type is not supported.", "danger")
                    return render_template(
                        "{}/import.html".format(self.klass.__name__.lower()))
Пример #16
0
    def post(self):
        if 'file' not in request.files:
            abort(400)

        f = AttachedFile.from_upload(request.files['file'])
        return render({'filename': url_for('api.Files:get', id=f.id)})