def inbox_service(request, inbox_name):
"""Handles TAXII Inbox Service requests."""
logger = logging.getLogger('TAXIIApplication.taxii.views.inbox_service')
logger.debug('Entering Inbox service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation failed, return the response
try:
taxii_message = tm.get_message_from_xml(request.body)
except Exception as ex:
logger.debug('Unable to parse inbound message:s', ex.message)
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
logger.debug('Inbox [%s] received TAXII message with id [%s] and type [%s]',
make_safe(inbox_name), make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
if taxii_message.message_type != tm.MSG_INBOX_MESSAGE:
logger.info('TAXII message with id [%s] was not Inbox type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to Inbox service did not have an inbox Message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.inbox_add_content(request, inbox_name, taxii_message)
return resp
def subscription_service(request):
"""Handles TAXII Subscription Service requests."""
logger = logging.getLogger("TAXIIApplication.taxii.views.subscription_service")
logger.debug('Entering subscription service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation failed, return the response
try:
taxii_message = tm_version.get_message_from_xml(request.body)
except Exception as ex:
logger.debug('Unable to parse inbound message: %s', str(ex))
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
logger.debug('Message received TAXII message with id [%s] and type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
if taxii_message.message_type != tm_version.MSG_MANAGE_FEED_SUBSCRIPTION_REQUEST:
logger.info('TAXII message with id [%s] was not Subscription Managment request [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
m = tm_version.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to feed managment service did not have a feed_managmen_request message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.feed_subscription_get_content(request, taxii_message)
logger.debug("We send the response to the client")
return resp
def poll_get_content(request, taxii_message):
"""Returns a Poll response for a given Poll Request Message"""
logger = logging.getLogger('taxii.utils.handlers.poll_get_content')
logger.debug('Polling data from data feed [%s] - begin_ts: %s, end_ts: %s', taxii_message.collection_name,
taxii_message.exclusive_begin_timestamp_label, taxii_message.inclusive_end_timestamp_label)
try:
data_feed = DataFeed.objects.get(name=taxii_message.collection_name)
except:
logger.debug('Attempting to poll unknown data feed [%s]', make_safe(taxii_message.collection_name))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Data feed does not exist [%s]' % (make_safe(taxii_message.collection_name)))
return create_taxii_response(m, use_https=request.is_secure())
# build query for poll results
query_params = {}
if taxii_message.exclusive_begin_timestamp_label:
query_params['timestamp_label__gt'] = taxii_message.exclusive_begin_timestamp_label
current_datetime = datetime.datetime.now(tzutc())
if taxii_message.inclusive_end_timestamp_label and (taxii_message.inclusive_end_timestamp_label < current_datetime):
query_params['timestamp_label__lte'] = taxii_message.inclusive_end_timestamp_label
else:
query_params['timestamp_label__lte'] = current_datetime
content_blocks = data_feed.content_blocks.filter(**query_params).order_by('timestamp_label')
logger.debug('Returned [%d] content blocks from data feed [%s]', len(content_blocks), make_safe(data_feed.name))
# TAXII Poll Requests have exclusive begin timestamp label fields, while Poll Responses
# have *inclusive* begin timestamp label fields. To satisfy this, we add one millisecond
# to the Poll Request's begin timestamp label.
#
# This will be addressed in future versions of TAXII
inclusive_begin_ts = None
if taxii_message.exclusive_begin_timestamp_label:
inclusive_begin_ts = taxii_message.exclusive_begin_timestamp_label + datetime.timedelta(milliseconds=1)
# build poll response
poll_response_message = tm.PollResponse(tm.generate_message_id(),
taxii_message.message_id,
feed_name=data_feed.name,
inclusive_begin_timestamp_label=inclusive_begin_ts,
inclusive_end_timestamp_label=query_params['timestamp_label__lte'])
for content_block in content_blocks:
cb = tm.ContentBlock(content_block.content_binding.binding_id, content_block.content, content_block.timestamp_label)
if content_block.padding:
cb.padding = content_block.padding
poll_response_message.content_blocks.append(cb)
return create_taxii_response(poll_response_message, use_https=request.is_secure())
def poll_service(request):
"""Handles TAXII Poll Service requests."""
logger = logging.getLogger("TAXIIApplication.taxii.views.poll_service")
logger.debug('Entering poll service')
resp = handlers.validate_taxii_request(request)
if resp: return resp # if validation failed, return the response
try:
taxii_message = tm.get_message_from_xml(request.body)
except Exception as ex:
logger.debug('Unable to parse inbound message: %s', ex.message)
m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed')
return handlers.create_taxii_response(m, use_https=request.is_secure())
logger.debug('Poll service received TAXII message with id [%s] and type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
if taxii_message.message_type != tm.MSG_POLL_REQUEST:
logger.info('TAXII message with id [%s] was not Poll request [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to Poll service did not have a poll request message type')
return handlers.create_taxii_response(m, use_https=request.is_secure())
resp = handlers.poll_get_content(request, taxii_message)
return resp
def feed_subscription_get_content(request, taxii_message):
"""Returns a feed subscription response for a given subscription feed Message"""
logger = logging.getLogger('taxii.utils.handlers.feed_subscription_get_content')
logger.debug('Retriving data feed names')
f = tm.ACT_TYPES
#For now we only accept subscriptions
if taxii_message.action == f[0]:
try:
logger.debug('Getting the data feed [%s]', make_safe(taxii_message.feed_name))
data_feed = DataFeed.objects.get(name=taxii_message.feed_name)
except:
logger.debug('Attempting to subscribe to unknown data feed [%s]', make_safe(taxii_message.feed_name))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Data feed does not exist [%s]' % (make_safe(taxii_message.feed_name)))
return create_taxii_response(m, use_https=request.is_secure())
try:
binding_id = taxii_message.delivery_parameters.inbox_protocol
logger.debug('Getting the binding protocol [%s]', make_safe(binding_id))
protocol_binding = ProtocolBindingId.objects.get(title=binding_id)
message_binding = taxii_message.delivery_parameters.delivery_message_binding
logger.debug('Getting the binding message [%s]', make_safe(message_binding))
message_binding = MessageBindingId.objects.get(title=message_binding)
except:
logger.debug('Attempting to subscribe to use unknowon protocol or message bindings')
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Protocol or message bindings does not exist')
return create_taxii_response(m, use_https=request.is_secure())
logger.debug("Response message")
subscr_methods = DataFeedSubscriptionMethod()
subscr_methods.title = taxii_message.delivery_parameters.inbox_address
subscr_methods.description = taxii_message.delivery_parameters.inbox_address
subscr_methods.address = taxii_message.delivery_parameters.inbox_address
subscr_methods.protocol_binding = protocol_binding
subscr_methods.save()
subscr_methods.message_bindings.add(message_binding)
subscr_methods.save()
logger.debug("The information was correclty saved")
user = User.objects.get(id=1)
logger.debug("Get user")
data_feed_subscription = DataFeedSubscription()
data_feed_subscription.active = True
data_feed_subscription.expires = timezone.now() + datetime.timedelta(days=500)
data_feed_subscription.data_feed_method = subscr_methods
data_feed_subscription.data_feed = data_feed
data_feed_subscription.user = user
subscription_list = DataFeedSubscription.objects.all()
if len(subscription_list) == 0:
id_value = 1
else:
id_value = DataFeedSubscription.objects.latest('id').id + 1
data_feed_subscription.subscription_id = id_value
data_feed_subscription.save()
delivery_parameters = tm.DeliveryParameters(inbox_protocol=taxii_message.delivery_parameters.inbox_protocol,
inbox_address=taxii_message.delivery_parameters.inbox_address,
delivery_message_binding=taxii_message.delivery_parameters.delivery_message_binding,
content_bindings=taxii_message.delivery_parameters.content_bindings)
logger.debug("Return the Poll Service instances")
poll_instances = []
for poll_info in data_feed.poll_service_instances.all():
poll_inst = tm.ManageFeedSubscriptionResponse.PollInstance(poll_protocol = poll_info.protocol_binding.binding_id,
poll_address = poll_info.address)
mbindings = []
for mbinding_id in poll_info.message_bindings.all():
mbindings.append(mbinding_id.binding_id)
poll_inst.poll_message_bindings = mbindings
poll_instances.append(poll_inst)
subscription_instances = []
subscr_instance = tm.ManageFeedSubscriptionResponse.SubscriptionInstance(subscription_id = str(data_feed_subscription.id))
subscr_instance.delivery_parameters = [delivery_parameters]
subscr_instance.poll_instances = poll_instances
subscription_instances.append(subscr_instance)
logger.debug("Returns the response")
feed_subscription_response_message = tm.ManageFeedSubscriptionResponse(message_id = tm.generate_message_id(), in_response_to = taxii_message.message_id,
feed_name = taxii_message.feed_name, message='Subscription succeds', subscription_instances = subscription_instances)
return create_taxii_response(feed_subscription_response_message, use_https=request.is_secure())
else:
logger.debug('Modifing or deleteing subscription is not supported')
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Modifing subscriptions is not allowed')
return create_taxii_response(m, use_https=request.is_secure())
def inbox_add_content(request, inbox_name, taxii_message):
"""Adds content to inbox and associated data feeds"""
logger = logging.getLogger('taxii.utils.handlers.inbox_add_content')
logger.debug('Adding content to inbox [%s]', make_safe(inbox_name))
try:
inbox = Inbox.objects.get(name=inbox_name)
except:
logger.debug('Attempting to push content to unknown inbox [%s]', make_safe(inbox_name))
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Inbox does not exist [%s]' % (make_safe(inbox_name)))
return create_taxii_response(m, use_https=request.is_secure())
logger.debug('TAXII message [%s] contains [%d] content blocks', make_safe(taxii_message.message_id), len(taxii_message.content_blocks))
datafeed = taxii_message.subscription_information.collection_name
for content_block in taxii_message.content_blocks:
try:
content_binding_id = ContentBindingId.objects.filter(binding_id=content_block.content_binding)
except:
logger.debug('TAXII message [%s] contained unrecognized content binding [%s]', make_safe(taxii_message.message_id), make_safe(content_block.content_binding))
continue # cannot proceed - move on to the next content block
if content_binding_id[0] not in inbox.supported_content_bindings.all():
logger.debug('Inbox [%s] does not accept content with binding id [%s]', make_safe(inbox_name), make_safe(content_block.content_binding))
else:
tree = etree.parse(c.content)
import stix.bindings.stix_core as stix_core_binding
stix_package_obj = stix_core_binding.STIXType().factory()
stix_package_obj.build(tree.getroot())
from stix.core import STIXPackage # resolve circular dependencies
stix_package = STIXPackage().from_obj(stix_package_obj)
info = ContentBlock.objects.filter(stix_id = stix_package._id)
if info.exists():
c = ContentBlock()
c.origen = datafeed
c.message_id = taxii_message.message_id
c.content_binding = content_binding_id[0]
c.content = content_block.content
if content_block.padding:
c.padding = content_block.padding
if request.user.is_authenticated():
c.submitted_by = request.user
c.save()
inbox.content_blocks.add(c) # add content block to inbox
for data_feed in inbox.data_feeds.all():
if content_binding_id[0] in data_feed.supported_content_bindings.all():
data_feed.content_blocks.add(c)
data_feed.save()
else:
logger.debug('Inbox [%s] received data using content binding [%s] - '
'associated data feed [%s] does not support this binding.',
make_safe(inbox_name), make_safe(content_block.content_binding), make_safe(data_feed.name))
inbox.save()
m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type = tm.ST_SUCCESS)
return create_taxii_response(m, use_https=request.is_secure())
