def to_stix(self, data, options=None):
"""
Respond with STIX formatted data.
:param data: The data to be worked on.
:type data: dict for multiple objects,
:class:`tastypie.bundle.Bundle` for a single object.
:param options: Options to alter how this serializer works.
:type options: dict
:returns: str
"""
options = options or {}
get_binaries = 'stix_no_bin'
if 'binaries' in options:
try:
if int(options['binaries']):
get_binaries = 'stix'
except:
pass
# This is bad.
# Should probably find a better way to determine the user
# who is making this API call. However, the data to
# convert is already queried by the API using the user's
# source access list, so technically we should not be
# looping through any data the user isn't supposed to see,
# so this sources list is just a formality to get
# download_object_handler() to do what we want.
sources = [s.name for s in SourceAccess.objects()]
if hasattr(data, 'obj'):
objects = [(data.obj._meta['crits_type'], data.obj.id)]
object_types = [objects[0][0]]
elif 'objects' in data:
try:
objects = []
object_types = []
objs = data['objects']
data['objects'] = []
for obj_ in objs:
objects.append((obj_.obj._meta['crits_type'], obj_.obj.id))
object_types.append(obj_.obj._meta['crits_type'])
except Exception:
return ""
else:
return ""
try:
# Constants are here to make sure:
# 1: total limit of objects to return
# 0: depth limit - only want this object
# 0: relationship limit - don't get relationships
data = download_object_handler(1, 0, 0, get_binaries, 'raw',
object_types, objects, sources)
except Exception:
data = ""
if 'data' in data:
data = data['data']
return data
def add_source(self,
source,
read=False,
write=False,
tlp_red=False,
tlp_amber=False,
tlp_green=False):
"""
Add a source to this Role.
:param source: The name of the source.
:type source: str
"""
found = False
for s in self.sources:
if s.name == source:
found = True
break
if not found:
src = SourceAccess.objects(name=source).first()
if src:
new_src = EmbeddedSourceACL(name=source,
read=read,
write=write,
tlp_red=tlp_red,
tlp_amber=tlp_amber,
tlp_green=tlp_green)
self.sources.append(new_src)
def add_all_sources(self):
"""
Add all of the sources to this Role
"""
sources = SourceAccess.objects()
for s in sources:
self.add_source(s.name,read=True,write=True,tlp_red=True,tlp_amber=True,tlp_green=True)
def clean_db():
"""
Clean database for test.
"""
src = SourceAccess.objects(name=TSRC).first()
if src:
src.delete()
user = CRITsUser.objects(username=TUSER_NAME).first()
if user:
user.delete()
def add_all_sources(self):
"""
Add all of the sources to this Role
"""
sources = SourceAccess.objects()
for s in sources:
self.add_source(s.name,
read=True,
write=True,
tlp_red=True,
tlp_amber=True,
tlp_green=True)
def clean_db():
"""
Clean up the DB after testing.
"""
src = SourceAccess.objects(name=TSRC).first()
if src:
src.delete()
user = CRITsUser.objects(username=TUSER_NAME).first()
if user:
user.delete()
TestObject.drop_collection()
TestSourceObject.drop_collection()
CRITsConfig.drop_collection()
def clean_db():
"""
Clean up the DB after testing.
"""
src = SourceAccess.objects(name=TSRC).first()
if src:
src.delete()
user = CRITsUser.objects(username=TUSER_NAME).first()
if user:
user.delete()
TestObject.drop_collection()
TestSourceObject.drop_collection()
CRITsConfig.drop_collection()
def add_source(self, source, read=False, write=False,
tlp_red=False, tlp_amber=False, tlp_green=False):
"""
Add a source to this Role.
:param source: The name of the source.
:type source: str
"""
found = False
for s in self.sources:
if s.name == source:
found = True
break
if not found:
src = SourceAccess.objects(name=source).first()
if src:
new_src = EmbeddedSourceACL(name=source,
read=read,
write=write,
tlp_red=tlp_red,
tlp_amber=tlp_amber,
tlp_green=tlp_green)
self.sources.append(new_src)
def DelSource(self):
self.assertTrue(SourceAccess.objects(name=TSRC).first())
SourceAccess.objects(name=TSRC).first().delete()
self.assertFalse(SourceAccess.objects(name=TSRC).first())
def FindSource(self):
self.assertEqual(SourceAccess.objects(name=TSRC).first().name, TSRC)
def setUp(self):
src = SourceAccess.objects(name=TSRC).first()
if src:
src.delete()
def FindSource(self):
self.assertEqual(SourceAccess.objects(name=TSRC).first().name, TSRC)
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# doing this to avoid circular imports
from crits.actors.actor import ActorThreatIdentifier, Actor
from crits.backdoors.backdoor import Backdoor
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.core.source_access import SourceAccess
from crits.core.user_role import UserRole
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event
from crits.exploits.exploit import Exploit
from crits.indicators.indicator import Indicator, IndicatorAction
from crits.ips.ip import IP
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData, RawDataType
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.targets.target import Target
if not _id:
return None
# make sure it's a string
_id = str(_id)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if not ObjectId.is_valid(_id.decode('utf8')):
return None
if type_ == 'Actor':
return Actor.objects(id=_id).first()
elif type_ == 'Backdoor':
return Backdoor.objects(id=_id).first()
elif type_ == 'ActorThreatIdentifier':
return ActorThreatIdentifier.objects(id=_id).first()
elif type_ == 'Campaign':
return Campaign.objects(id=_id).first()
elif type_ == 'Certificate':
return Certificate.objects(id=_id).first()
elif type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Domain':
return Domain.objects(id=_id).first()
elif type_ == 'Email':
return Email.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'Exploit':
return Exploit.objects(id=_id).first()
elif type_ == 'Indicator':
return Indicator.objects(id=_id).first()
elif type_ == 'IndicatorAction':
return IndicatorAction.objects(id=_id).first()
elif type_ == 'IP':
return IP.objects(id=_id).first()
elif type_ == 'PCAP':
return PCAP.objects(id=_id).first()
elif type_ == 'RawData':
return RawData.objects(id=_id).first()
elif type_ == 'RawDataType':
return RawDataType.objects(id=_id).first()
elif type_ == 'Sample':
return Sample.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'Screenshot':
return Screenshot.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
else:
return None
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# doing this to avoid circular imports
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.core.crits_mongoengine import RelationshipType
from crits.core.source_access import SourceAccess
from crits.core.user_role import UserRole
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event, EventType
from crits.indicators.indicator import Indicator, IndicatorAction
from crits.ips.ip import IP
from crits.objects.object_type import ObjectType
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData, RawDataType
from crits.samples.backdoor import Backdoor
from crits.samples.exploit import Exploit
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.targets.target import Target
if not _id:
return None
# make sure it's a string
_id = str(_id)
if type_ == 'Backdoor':
return Backdoor.objects(id=_id).first()
if type_ == 'Campaign':
return Campaign.objects(id=_id).first()
elif type_ == 'Certificate':
return Certificate.objects(id=_id).first()
elif type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Domain':
return Domain.objects(id=_id).first()
elif type_ == 'Email':
return Email.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'EventType':
return EventType.objects(id=_id).first()
elif type_ == 'Exploit':
return Exploit.objects(id=_id).first()
elif type_ == 'Indicator':
return Indicator.objects(id=_id).first()
elif type_ == 'IndicatorAction':
return IndicatorAction.objects(id=_id).first()
elif type_ == 'IP':
return IP.objects(id=_id).first()
elif type_ == 'ObjectType':
return ObjectType.objects(id=_id).first()
elif type_ == 'PCAP':
return PCAP.objects(id=_id).first()
elif type_ == 'RawData':
return RawData.objects(id=_id).first()
elif type_ == 'RawDataType':
return RawDataType.objects(id=_id).first()
elif type_ == 'RelationshipType':
return RelationshipType.objects(id=_id).first()
elif type_ == 'Sample':
return Sample.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'Screenshot':
return Screenshot.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
else:
return None
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# doing this to avoid circular imports
from crits.actors.actor import ActorThreatIdentifier, Actor
from crits.backdoors.backdoor import Backdoor
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.core.crits_mongoengine import Action
from crits.core.source_access import SourceAccess
from crits.core.user_role import UserRole
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event
from crits.exploits.exploit import Exploit
from crits.indicators.indicator import Indicator
from crits.ips.ip import IP
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData, RawDataType
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.signatures.signature import Signature, SignatureType, SignatureDependency
from crits.targets.target import Target
if not _id:
return None
# make sure it's a string
_id = str(_id)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if not ObjectId.is_valid(_id.decode('utf8')):
return None
if type_ == 'Actor':
return Actor.objects(id=_id).first()
elif type_ == 'Backdoor':
return Backdoor.objects(id=_id).first()
elif type_ == 'ActorThreatIdentifier':
return ActorThreatIdentifier.objects(id=_id).first()
elif type_ == 'Campaign':
return Campaign.objects(id=_id).first()
elif type_ == 'Certificate':
return Certificate.objects(id=_id).first()
elif type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Domain':
return Domain.objects(id=_id).first()
elif type_ == 'Email':
return Email.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'Exploit':
return Exploit.objects(id=_id).first()
elif type_ == 'Indicator':
return Indicator.objects(id=_id).first()
elif type_ == 'Action':
return Action.objects(id=_id).first()
elif type_ == 'IP':
return IP.objects(id=_id).first()
elif type_ == 'PCAP':
return PCAP.objects(id=_id).first()
elif type_ == 'RawData':
return RawData.objects(id=_id).first()
elif type_ == 'RawDataType':
return RawDataType.objects(id=_id).first()
elif type_ == 'Sample':
return Sample.objects(id=_id).first()
elif type_ == 'Signature':
return Signature.objects(id=_id).first()
elif type_ == 'SignatureType':
return SignatureType.objects(id=_id).first()
elif type_ == 'SignatureDependency':
return SignatureDependency.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'Screenshot':
return Screenshot.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
else:
return None
def setUp(self):
src = SourceAccess.objects(name=TSRC).first()
if src:
src.delete()
def to_stix(self, data, options=None):
"""
Respond with STIX formatted data.
:param data: The data to be worked on.
:type data: dict for multiple objects,
:class:`tastypie.bundle.Bundle` for a single object.
:param options: Options to alter how this serializer works.
:type options: dict
:returns: str
"""
options = options or {}
get_binaries = 'stix_no_bin'
if 'binaries' in options:
try:
if int(options['binaries']):
get_binaries = 'stix'
except:
pass
# This is bad.
# Should probably find a better way to determine the user
# who is making this API call. However, the data to
# convert is already queried by the API using the user's
# source access list, so technically we should not be
# looping through any data the user isn't supposed to see,
# so this sources list is just a formality to get
# download_object_handler() to do what we want.
sources = [s.name for s in SourceAccess.objects()]
if hasattr(data, 'obj'):
objects = [(data.obj._meta['crits_type'],
data.obj.id)]
object_types = [objects[0][0]]
elif 'objects' in data:
try:
objects = []
object_types = []
objs = data['objects']
data['objects'] = []
for obj_ in objs:
objects.append((obj_.obj._meta['crits_type'],
obj_.obj.id))
object_types.append(obj_.obj._meta['crits_type'])
except Exception:
return ""
else:
return ""
try:
# Constants are here to make sure:
# 1: total limit of objects to return
# 0: depth limit - only want this object
# 0: relationship limit - don't get relationships
data = download_object_handler(1,
0,
0,
get_binaries,
'raw',
object_types,
objects,
sources)
except Exception:
data = ""
if 'data' in data:
data = data['data']
return data
def DelSource(self):
self.assertTrue(SourceAccess.objects(name=TSRC).first())
SourceAccess.objects(name=TSRC).first().delete()
self.assertFalse(SourceAccess.objects(name=TSRC).first())
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# Quick fail
if not _id or not type_:
return None
# doing this to avoid circular imports
from crits.actors.actor import ActorThreatIdentifier, Actor
from crits.backdoors.backdoor import Backdoor
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.core.crits_mongoengine import Action
from crits.core.source_access import SourceAccess
from crits.core.user_role import UserRole
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event
from crits.exploits.exploit import Exploit
from crits.indicators.indicator import Indicator
from crits.ips.ip import IP
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData, RawDataType
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.signatures.signature import Signature, SignatureType, SignatureDependency
from crits.targets.target import Target
# make sure it's a string
_id = str(_id)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if not ObjectId.is_valid(_id.decode("utf8")):
return None
if type_ == "Actor":
return Actor.objects(id=_id).first()
elif type_ == "Backdoor":
return Backdoor.objects(id=_id).first()
elif type_ == "ActorThreatIdentifier":
return ActorThreatIdentifier.objects(id=_id).first()
elif type_ == "Campaign":
return Campaign.objects(id=_id).first()
elif type_ == "Certificate":
return Certificate.objects(id=_id).first()
elif type_ == "Comment":
return Comment.objects(id=_id).first()
elif type_ == "Domain":
return Domain.objects(id=_id).first()
elif type_ == "Email":
return Email.objects(id=_id).first()
elif type_ == "Event":
return Event.objects(id=_id).first()
elif type_ == "Exploit":
return Exploit.objects(id=_id).first()
elif type_ == "Indicator":
return Indicator.objects(id=_id).first()
elif type_ == "Action":
return Action.objects(id=_id).first()
elif type_ == "IP":
return IP.objects(id=_id).first()
elif type_ == "PCAP":
return PCAP.objects(id=_id).first()
elif type_ == "RawData":
return RawData.objects(id=_id).first()
elif type_ == "RawDataType":
return RawDataType.objects(id=_id).first()
elif type_ == "Sample":
return Sample.objects(id=_id).first()
elif type_ == "Signature":
return Signature.objects(id=_id).first()
elif type_ == "SignatureType":
return SignatureType.objects(id=_id).first()
elif type_ == "SignatureDependency":
return SignatureDependency.objects(id=_id).first()
elif type_ == "SourceAccess":
return SourceAccess.objects(id=_id).first()
elif type_ == "Screenshot":
return Screenshot.objects(id=_id).first()
elif type_ == "Target":
return Target.objects(id=_id).first()
elif type_ == "UserRole":
return UserRole.objects(id=_id).first()
else:
return None