def test_10(self): """ Test a query. Should match just the APT1 report. """ test = tdq.Test(capability_id=tdq.CM_CORE, relationship=R_EQUALS, parameters={ P_VALUE: 'Unit 61398', P_MATCH_TYPE: 'case_sensitive_string' }) criterion = tdq.Criterion( target= 'STIX_Package/Threat_Actors/Threat_Actor/Identity/Specification/PartyName/OrganisationName/SubDivisionName', test=test) criteria = tdq.Criteria(OP_AND, criterion=[criterion]) q = tdq.DefaultQuery(CB_STIX_XML_111, criteria) pp = tm11.PollParameters() pr = tm11.PollRequest(message_id=generate_message_id(), collection_name='default', poll_parameters=pp) #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_POLL_RESPONSE) if len(msg.content_blocks) != 1: raise ValueError('Got %s CBs' % len(msg.content_blocks))
def main(): # Create the test portion of the query my_test = tdq.Test(capability_id=CM_CORE, relationship=R_EQUALS, parameters={P_VALUE: value, P_MATCH_TYPE: 'case_insensitive_string'} ) #Put the test into a Criterion my_criterion = tdq.Criterion(target=target, test=my_test) # Put the Criterion into a Criteria my_criteria = tdq.Criteria(operator=OP_AND, criterion=[my_criterion], criteria=None) # Create a query with the criteria my_query = tdq.DefaultQuery(CB_STIX_XML_111, my_criteria) # Create a Poll Parameters that indicates # Only STIX 1.1.1 is accepted in response # and with the query created previously params = tm11.PollParameters(content_bindings=[tm11.ContentBinding(CB_STIX_XML_111)], query=my_query) poll_request = tm11.PollRequest(message_id=generate_message_id(), collection_name='file_hash_reputation', poll_parameters=params) print poll_request.to_xml(pretty_print=True)
def main(): discovery_response = tm11.DiscoveryResponse(message_id=generate_message_id(), in_response_to='1') # Create a targeting expression info # indicating STIX XML 1.1.1 and that only # Hash Value targets are allowed my_tei = tdq.TargetingExpressionInfo(CB_STIX_XML_111, preferred_scope=['**/Simple_Hash_Value'], allowed_scope=None) my_supported_query = tdq.DefaultQueryInfo([my_tei], [CM_CORE]) si = tm11.ServiceInstance(service_type=SVC_POLL, services_version=VID_TAXII_SERVICES_11, protocol_binding=VID_TAXII_HTTP_10, service_address='http://example.com/poll-service/', message_bindings=[VID_TAXII_XML_11], available=True, message='This is a File Hash Reputation Poll Service', supported_query=[my_supported_query]) discovery_response.service_instances.append(si) print discovery_response.to_xml(pretty_print=True)
def handle_message(cls, inbox_service, inbox_message, django_request): """ """ collections = inbox_service.validate_destination_collection_names(None, # Inbox 1.0 doesn't have a DCN inbox_message.message_id) # Store certain information about this Inbox Message in the database for bookkeeping inbox_message_db = models.InboxMessage.from_inbox_message_10(inbox_message, django_request, received_via=inbox_service) inbox_message_db.save() saved_blocks = 0 for content_block in inbox_message.content_blocks: inbox_support_info = inbox_service.is_content_supported(content_block.content_binding) if inbox_support_info.is_supported is False: continue cls.save_content_block(content_block) saved_blocks += 1 # Update the Inbox Message model with the number of ContentBlocks that were saved inbox_message_db.content_blocks_saved = saved_blocks inbox_message_db.save() # Create and return a Status Message indicating success status_message = tm11.StatusMessage(message_id=generate_message_id(), in_response_to=inbox_message.message_id, status_type=ST_SUCCESS) return status_message
def handle_message(cls, inbox_service, inbox_message, django_request): """ """ collections = inbox_service.validate_destination_collection_names( None, # Inbox 1.0 doesn't have a DCN inbox_message.message_id) # Store certain information about this Inbox Message in the database for bookkeeping inbox_message_db = models.InboxMessage.from_inbox_message_10( inbox_message, django_request, received_via=inbox_service) inbox_message_db.save() saved_blocks = 0 for content_block in inbox_message.content_blocks: inbox_support_info = inbox_service.is_content_supported( content_block.content_binding) if inbox_support_info.is_supported is False: continue cls.save_content_block(content_block) saved_blocks += 1 # Update the Inbox Message model with the number of ContentBlocks that were saved inbox_message_db.content_blocks_saved = saved_blocks inbox_message_db.save() # Create and return a Status Message indicating success status_message = tm11.StatusMessage( message_id=generate_message_id(), in_response_to=inbox_message.message_id, status_type=ST_SUCCESS) return status_message
def test_01(self): """ Sends an Inbox Message to an invalid URL. Should get back a 404 """ inbox_message = tm11.InboxMessage(generate_message_id()) msg = make_request(post_data = inbox_message.to_xml(), path='/Services/PathThatShouldNotWork/', expected_code = 404)
def handle_message(cls, inbox_service, inbox_message, django_request): """ Attempts to save all Content Blocks in the Inbox Message into the database. Workflow: #. Validate the request's Destination Collection Names against the InboxService model #. Create an InboxMessage model object for bookkeeping #. Iterate over each Content Block in the request: #. Identify which of the request's destination collections support the Content Block's Content Binding #. Call `save_content_block(tm11.ContentBlock, <list of Data Collections from 3a>)` #. Return Status Message with a Status Type of Success Raises: A StatusMessageException for errors """ collections = inbox_service.validate_destination_collection_names(inbox_message.destination_collection_names, inbox_message.message_id) # Store certain information about this Inbox Message in the database for bookkeeping inbox_message_db = models.InboxMessage.from_inbox_message_11(inbox_message, django_request, received_via=inbox_service) inbox_message_db.save() # Iterate over the ContentBlocks in the InboxMessage and try to add # them to the database saved_blocks = 0 for content_block in inbox_message.content_blocks: # 3a. Identify whether the InboxService supports the Content Block's Content Binding # TODO: Is this useful? inbox_support_info = inbox_service.is_content_supported(content_block.content_binding) supporting_collections = [] for collection in collections: collection_support_info = collection.is_content_supported(content_block.content_binding) if collection_support_info.is_supported: supporting_collections.append(collection) if len(supporting_collections) == 0 and not inbox_support_info.is_supported: # There's nothing to add this content block to continue cls.save_content_block(content_block, supporting_collections) saved_blocks += 1 # Update the Inbox Message model with the number of ContentBlocks that were saved inbox_message_db.content_blocks_saved = saved_blocks inbox_message_db.save() # Create and return a Status Message indicating success status_message = tm11.StatusMessage(message_id=generate_message_id(), in_response_to=inbox_message.message_id, status_type=ST_SUCCESS) return status_message
def test_01(self): """ Send a collection information request, look to get a collection information response back """ cir = tm11.CollectionInformationRequest(generate_message_id()) msg = make_request(COLLECTION_MGMT_11_PATH, cir.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_COLLECTION_INFORMATION_RESPONSE)
def create_poll_response(cls, poll_service, prp, content): """ Creates a poll response. 1. If the request's response type is "Count Only", a single poll response w/ more=False used. 2. If the content size is less than the poll_service's max_result_size, a poll response w/ more=False is used. 3. If the poll_service's max_result_size is blank, a poll response w/ more=False used. 4. If the response type is "Full" and the total number of contents are greater than the poll_service's max_result_size, a ResultSet is created, and a PollResponse w/more=True is used. """ content_count = len(content) # RT_COUNT_ONLY - Always use a single result # RT_FULL - Use a single response if # poll_service.max_result_size is None or # len(content) <= poll_service.max_result_size # Use a Multi-Part response otherwise if (prp.response_type == RT_COUNT_ONLY or poll_service.max_result_size is None or content_count <= poll_service.max_result_size): poll_response = tm11.PollResponse( message_id=generate_message_id(), in_response_to=prp.message_id, collection_name=prp.collection.name, result_part_number=1, more=False, exclusive_begin_timestamp_label=prp. exclusive_begin_timestamp_label, inclusive_end_timestamp_label=prp. inclusive_end_timestamp_label, record_count=tm11.RecordCount(content_count, False)) if prp.subscription: poll_response.subscription_id = prp.subscription.subscription_id if prp.response_type == RT_FULL: for c in content: poll_response.content_blocks.append( c.to_content_block_11()) else: # Split into multiple result sets result_set = handlers.create_result_set(poll_service, prp, content) rsp_1 = models.ResultSetPart.objects.get( result_set__pk=result_set.pk, part_number=1) poll_response = rsp_1.to_poll_response_11(prp.message_id) result_set.last_part_returned = rsp_1 result_set.save() response = poll_response return poll_response
def test_01(self): """ Sends an Inbox Message to an invalid URL. Should get back a 404 """ inbox_message = tm11.InboxMessage(generate_message_id()) msg = make_request(post_data=inbox_message.to_xml(), path='/Services/PathThatShouldNotWork/', expected_code=404)
def test_01(self): """ Send a feed information request, look to get a feed information response back """ fir = tm10.FeedInformationRequest(generate_message_id()) msg = make_request(COLLECTION_MGMT_11_PATH, fir.to_xml(), get_headers(VID_TAXII_SERVICES_10, False), MSG_FEED_INFORMATION_RESPONSE)
def test_01(self): """ Send a discovery request, look to get a discovery response back """ dr = tm10.DiscoveryRequest(generate_message_id()) msg = make_request(DISCOVERY_11_PATH, dr.to_xml(), get_headers(VID_TAXII_SERVICES_10, False), MSG_DISCOVERY_RESPONSE)
def test_01(self): """ Send a message to test_inbox_1 with a valid destination collection name """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, ST_SUCCESS)
def test_09(self): """ Send a message to test_inbox_3 without a destination collection name """ inbox = tm11.InboxMessage(generate_message_id()) msg = make_request('/services/test_inbox_3/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_SUCCESS)
def test_13(self): """ Send a TAXII 1.0 Inbox Message to /services/test_inbox_3/ """ inbox = tm10.InboxMessage(generate_message_id()) msg = make_request('/services/test_inbox_3/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_10, False), MSG_STATUS_MESSAGE, st=ST_SUCCESS)
def test_08(self): """ Send a message to test_inbox_3 with a destination collection name """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) msg = make_request('/services/test_inbox_3/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_DESTINATION_COLLECTION_ERROR)
def test_04(self): """ Send a message to test_inbox_2 with a valid destination collection name """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) msg = make_request('/services/test_inbox_2/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_SUCCESS)
def test_10(self): """ Send an Inbox message with a Record Count """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) inbox.record_count = tm11.RecordCount(0, True) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_SUCCESS)
def test_11(self): """ Send a TAXII 1.0 Inbox Message to /services/test_inbox_1/. Will always fail because /services/test_inbox_1/ requires a DCN and TAXII 1.0 cannot specify that. """ inbox = tm10.InboxMessage(generate_message_id()) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_10, False), MSG_STATUS_MESSAGE, st=ST_FAILURE)
def test_05(self): """ Send a message to test_inbox_2 with an invalid destination collection name """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default_INVALID']) msg = make_request('/services/test_inbox_2/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def test_03(self): """ Send a message to test_inbox_1 without a destination collection name """ inbox = tm11.InboxMessage(generate_message_id()) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_DESTINATION_COLLECTION_ERROR, sd_keys=[SD_ACCEPTABLE_DESTINATION])
def to_status_message_10(self): """ Creates a TAXII 1.0 Status Message based on the properties of this object """ sm = tm10.StatusMessage(message_id=generate_message_id(), in_response_to=self.in_response_to, extended_headers=self.extended_headers, status_type=self.status_type, status_detail=str(self.status_detail), message=self.message) return sm
def create_poll_response(cls, poll_service, prp, content): """ Creates a poll response. 1. If the request's response type is "Count Only", a single poll response w/ more=False used. 2. If the content size is less than the poll_service's max_result_size, a poll response w/ more=False is used. 3. If the poll_service's max_result_size is blank, a poll response w/ more=False used. 4. If the response type is "Full" and the total number of contents are greater than the poll_service's max_result_size, a ResultSet is created, and a PollResponse w/more=True is used. """ content_count = len(content) # RT_COUNT_ONLY - Always use a single result # RT_FULL - Use a single response if # poll_service.max_result_size is None or # len(content) <= poll_service.max_result_size # Use a Multi-Part response otherwise if (prp.response_type == RT_COUNT_ONLY or poll_service.max_result_size is None or content_count <= poll_service.max_result_size): poll_response = tm11.PollResponse(message_id=generate_message_id(), in_response_to=prp.message_id, collection_name=prp.collection.name, result_part_number=1, more=False, exclusive_begin_timestamp_label=prp.exclusive_begin_timestamp_label, inclusive_end_timestamp_label=prp.inclusive_end_timestamp_label, record_count=tm11.RecordCount(content_count, False)) if prp.subscription: poll_response.subscription_id = prp.subscription.subscription_id if prp.response_type == RT_FULL: for c in content: poll_response.content_blocks.append(c.to_content_block_11()) else: # Split into multiple result sets result_set = handlers.create_result_set(poll_service, prp, content) rsp_1 = models.ResultSetPart.objects.get(result_set__pk=result_set.pk, part_number=1) poll_response = rsp_1.to_poll_response_11(prp.message_id) result_set.last_part_returned = rsp_1 result_set.save() response = poll_response return poll_response
def test_05(self): """ Send a message to test_inbox_2 with an invalid destination collection name """ inbox = tm11.InboxMessage( generate_message_id(), destination_collection_names=['default_INVALID']) msg = make_request('/services/test_inbox_2/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def test_03(self): """ Test an invalid subscription ID """ pr = tm11.PollRequest(message_id=generate_message_id(), collection_name='default', subscription_id='jdslkajdlksajdlksajld') msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def create_request_message(self): if self.begin_timestamp: begin_ts = dateutil.parser.parse(self.begin_timestamp) # TODO: add support for end timestamp end_ts = None create_kwargs = { 'message_id': generate_message_id(), 'collection_name': self.collection_name, 'exclusive_begin_timestamp_label': begin_ts, 'inclusive_end_timestamp_label': end_ts } create_kwargs['poll_parameters'] = PollRequest.PollParameters() poll_req = PollRequest(**create_kwargs) return poll_req
def create_request_message(self, args): if args.content_file is self.stix_watchlist: data = self.stix_watchlist else: with open(args.content_file, 'r') as f: data = f.read() cb = tm10.ContentBlock(args.content_binding, data) if args.subtype is not None: cb.content_binding.subtype_ids.append(args.subtype) inbox_message = tm10.InboxMessage(message_id=generate_message_id(), content_blocks=[cb]) return inbox_message
def test_03(self): """ Test an invalid subscription ID """ pr = tm11.PollRequest( message_id = generate_message_id(), collection_name = 'default', subscription_id = 'jdslkajdlksajdlksajld') msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def exception_to_status(exception, format_version): data = dict(message_id=generate_message_id(), in_response_to=exception.in_response_to, extended_headers=exception.extended_headers, status_type=exception.status_type, status_detail=exception.status_details, message=exception.message) if format_version == VID_TAXII_XML_11: sm = tm11.StatusMessage(**data) elif format_version == VID_TAXII_XML_10: sm = tm10.StatusMessage(**data) else: raise ValueError("Unknown version: %s" % format_version) return sm
def test_09(self): """ Tests that a single PollRequest succeeds. """ pp = tm11.PollParameters() pr = tm11.PollRequest(message_id=generate_message_id(), collection_name='default', poll_parameters=pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_POLL_RESPONSE) #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr) if len(msg.content_blocks) != 5: raise ValueError('Got %s CBs' % len(msg.content_blocks))
def create_pending_response(cls, poll_service, prp, content): """ Arguments: poll_service (models.PollService) - The TAXII Poll Service being invoked prp (util.PollRequestProperties) - The Poll Request Properties of the Poll Request content - A list of content (nominally, models.ContentBlock objects). This method returns a StatusMessage with a Status Type of Pending OR raises a StatusMessageException based on the following table:: asynch | Delivery_Params | can_push || Response Type ---------------------------------------------------- True | - | - || Pending - Asynch False | Yes | Yes || Pending - Push False | Yes | No || StatusMessageException False | No | - || StatusMessageException """ # Identify the Exception conditions first (e.g., rows #3 and #4) if (prp.allow_asynch is False and (prp.delivery_parameters is None or prp.can_push is False)): raise StatusMessageException( prp.message_id, ST_FAILURE, "The content was not available now and \ the request had allow_asynch=False and no \ Delivery Parameters were specified.") # Rows #1 and #2 are both Status Messages with a type of Pending result_set = cls.create_result_set(content, prp, poll_service) sm = tm11.StatusMessage(message_id=generate_message_id(), in_response_to=prp.message_id, status_type=ST_PENDING) if prp.allow_asynch: sm.status_details = { SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: False } else: # TODO: Check and see if the requested delivery parameters are supported sm.status_details = { SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: True } # TODO: Need to try pushing or something. return sm
def test_04(self): """ Test a Content Binding ID not supported by the server """ pp = tm11.PollParameters(content_bindings=[tm11.ContentBinding('some_random_binding')]) pr = tm11.PollRequest( message_id = generate_message_id(), collection_name = 'default', poll_parameters = pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_UNSUPPORTED_CONTENT_BINDING, sd_keys=[SD_SUPPORTED_CONTENT])
def test_04(self): """ Test a Content Binding ID not supported by the server """ pp = tm11.PollParameters( content_bindings=[tm11.ContentBinding('some_random_binding')]) pr = tm11.PollRequest(message_id=generate_message_id(), collection_name='default', poll_parameters=pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_UNSUPPORTED_CONTENT_BINDING, sd_keys=[SD_SUPPORTED_CONTENT])
def exception_to_status(exception, format_version): data = dict( message_id=generate_message_id(), in_response_to=exception.in_response_to, extended_headers=exception.extended_headers, status_type=exception.status_type, status_detail=exception.status_details, message=exception.message) if format_version == VID_TAXII_XML_11: sm = tm11.StatusMessage(**data) elif format_version == VID_TAXII_XML_10: sm = tm10.StatusMessage(**data) else: raise ValueError("Unknown version: %s" % format_version) return sm
def test_05(self): """ Test a supported Content Binding ID with an unsupported subtype """ pp = tm11.PollParameters(content_bindings=[tm11.ContentBinding(CB_STIX_XML_111, subtype_ids=['FakeSubtype'])]) pr = tm11.PollRequest( message_id = generate_message_id(), collection_name = 'default', poll_parameters = pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_UNSUPPORTED_CONTENT_BINDING, sd_keys=[SD_SUPPORTED_CONTENT])
def test_02(self): """ Test a begin TS later than an end TS. """ begin_ts = datetime.now(tzutc()) end_ts = begin_ts - timedelta(days=-7) pp = tm11.PollParameters() pr = tm11.PollRequest(message_id=generate_message_id(), collection_name='default', poll_parameters=pp, exclusive_begin_timestamp_label=begin_ts, inclusive_end_timestamp_label=end_ts) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), ST_FAILURE)
def test_09(self): """ Tests that a single PollRequest succeeds. """ pp = tm11.PollParameters() pr = tm11.PollRequest( message_id=generate_message_id(), collection_name='default', poll_parameters=pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_POLL_RESPONSE) #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr) if len(msg.content_blocks) != 5: raise ValueError('Got %s CBs' % len(msg.content_blocks))
def test_05(self): """ Test a supported Content Binding ID with an unsupported subtype """ pp = tm11.PollParameters(content_bindings=[ tm11.ContentBinding(CB_STIX_XML_111, subtype_ids=['FakeSubtype']) ]) pr = tm11.PollRequest(message_id=generate_message_id(), collection_name='default', poll_parameters=pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_UNSUPPORTED_CONTENT_BINDING, sd_keys=[SD_SUPPORTED_CONTENT])
def test_01(self): """ Test an invalid collection name """ pp = tm11.PollParameters() pr = tm11.PollRequest( message_id=generate_message_id(), collection_name='INVALID_COLLECTION_NAME_13820198320', poll_parameters=pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def test_01(self): """ Test an invalid collection name """ pp = tm11.PollParameters() pr = tm11.PollRequest( message_id = generate_message_id(), collection_name = 'INVALID_COLLECTION_NAME_13820198320', poll_parameters = pp) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def _wrapped_view(request, *args, **kwargs): if request.method != 'POST': raise StatusMessageException('0', ST_BAD_MESSAGE, 'Request method was not POST!') # If requested, attempt to validate # TODO: Validation has changed! if do_validate: try: validate(request) except Exception as e: raise StatusMessageException('0', ST_BAD_MESSAGE, e.message) # Attempt to deserialize try: message = deserialize(request) except Exception as e: raise StatusMessageException('0', ST_BAD_MESSAGE, e.message) try: if message_types is None: pass # No checking was requested elif isinstance(message_types, list): if message.__class__ not in message_types: raise ValueError( 'Message type not allowed. Must be one of: %s' % message_types) elif isinstance(message_types, object): if not isinstance(message, message_types): raise ValueError( 'Message type not allowed. Must be: %s' % message_types) elif message_types is not None: raise ValueError( 'Something strange happened with message_types! Was not a list or object!' ) except ValueError as e: msg = tm11.StatusMessage(generate_message_id(), message.message_id, status_type='FAILURE', message=e.message) return HttpResponseTaxii(msg.to_xml(), response_headers) kwargs['taxii_message'] = message return view_func(request, *args, **kwargs)
def test_02(self): """ Test a begin TS later than an end TS. """ begin_ts = datetime.now(tzutc()) end_ts = begin_ts - timedelta(days=-7) pp = tm11.PollParameters() pr = tm11.PollRequest( message_id = generate_message_id(), collection_name = 'default', poll_parameters = pp, exclusive_begin_timestamp_label = begin_ts, inclusive_end_timestamp_label = end_ts) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), ST_FAILURE)
def test_10(self): """ Test a query. Should match just the APT1 report. """ test = tdq.Test(capability_id = tdq.CM_CORE, relationship=R_EQUALS, parameters={P_VALUE: 'Unit 61398', P_MATCH_TYPE: 'case_sensitive_string'} ) criterion = tdq.Criterion(target='STIX_Package/Threat_Actors/Threat_Actor/Identity/Specification/PartyName/OrganisationName/SubDivisionName', test=test) criteria = tdq.Criteria(OP_AND, criterion=[criterion]) q = tdq.DefaultQuery(CB_STIX_XML_111, criteria) pp = tm11.PollParameters() pr = tm11.PollRequest( message_id=generate_message_id(), collection_name='default', poll_parameters=pp) #msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr) msg = make_request('/services/test_poll_1/', pr.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_POLL_RESPONSE) if len(msg.content_blocks) != 1: raise ValueError('Got %s CBs' % len(msg.content_blocks))
def create_pending_response(cls, poll_service, prp, content): """ Arguments: poll_service (models.PollService) - The TAXII Poll Service being invoked prp (util.PollRequestProperties) - The Poll Request Properties of the Poll Request content - A list of content (nominally, models.ContentBlock objects). This method returns a StatusMessage with a Status Type of Pending OR raises a StatusMessageException based on the following table:: asynch | Delivery_Params | can_push || Response Type ---------------------------------------------------- True | - | - || Pending - Asynch False | Yes | Yes || Pending - Push False | Yes | No || StatusMessageException False | No | - || StatusMessageException """ # Identify the Exception conditions first (e.g., rows #3 and #4) if (prp.allow_asynch is False and (prp.delivery_parameters is None or prp.can_push is False)): raise StatusMessageException(prp.message_id, ST_FAILURE, "The content was not available now and \ the request had allow_asynch=False and no \ Delivery Parameters were specified.") # Rows #1 and #2 are both Status Messages with a type of Pending result_set = cls.create_result_set(content, prp, poll_service) sm = tm11.StatusMessage(message_id=generate_message_id(), in_response_to=prp.message_id, status_type=ST_PENDING) if prp.allow_asynch: sm.status_details = {SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: False} else: # TODO: Check and see if the requested delivery parameters are supported sm.status_details = {SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: True} # TODO: Need to try pushing or something. return sm
def run(self): client = tc.HttpClient() # TODO: handle authentication stuff #client.set_auth_type(tc.AUTH_NONE) client.set_use_https(False) r = CollectionInformationRequest(generate_message_id()) col_xml = r.to_xml(pretty_print=True) if ':' in self.url.netloc: host = self.url.netloc.split(':')[0] server_port = self.url.netloc.split(':')[1] else: host = self.url.netloc server_port = None if server_port: http_resp = client.call_taxii_service2(host, self.url.path, VID_TAXII_XML_11, col_xml, port = server_port) else: http_resp = client.call_taxii_service2(host, self.url.path, VID_TAXII_XML_11, col_xml) taxii_message = t.get_message_from_http_response(http_resp, r.message_id) return taxii_message.to_dict()
def main(): file_hash = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' badness = 0 # Value between 0-100, or None if the badness is unknown sp = STIXPackage() sp.stix_header = STIXHeader() sp.stix_header.title = "File Hash Reputation for %s" % file_hash sp.stix_header.add_package_intent("Indicators - Malware Artifacts") sp.stix_header.information_source = InformationSource() sp.stix_header.information_source.identity = Identity() sp.stix_header.information_source.identity.name = "TAXII Service Profile: File Hash Reputation" file_obj = File() file_obj.add_hash(file_hash) file_obj.hashes[0].simple_hash_value.condition = "Equals" indicator = Indicator(title="File Hash Reputation") indicator.indicator_type = "File Hash Reputation" indicator.add_observable(file_obj) if badness is None: indicator.likely_impact = "Unknown" else: vs = VocabString(str(badness)) vs.vocab_name = 'percentage' vs.vocab_reference = "http://en.wikipedia.org/wiki/Percentage" indicator.likely_impact = vs sp.add_indicator(indicator) stix_xml = sp.to_xml() poll_response = tm11.PollResponse(message_id=generate_message_id(), in_response_to="1234", collection_name='file_hash_reputation') cb = tm11.ContentBlock(content_binding=CB_STIX_XML_111, content=stix_xml) poll_response.content_blocks.append(cb) print poll_response.to_xml(pretty_print=True)
def create_poll_response(cls, poll_service, prp, content_blocks): """ :param poll_service: :param prp: :param content_blocks: :return: """ ietl = prp.exclusive_begin_timestamp_label if ietl is not None: ietl += timedelta(milliseconds=1) pr = tm10.PollResponse(message_id=generate_message_id(), in_response_to=prp.message_id, feed_name=prp.collection.name, inclusive_begin_timestamp_label=ietl, inclusive_end_timestamp_label=prp.inclusive_end_timestamp_label) for content_block in content_blocks: pr.content_blocks.append(content_block.to_content_block_10()) return pr