def inbox_service(request, inbox_name): """Handles TAXII Inbox Service requests.""" logger = logging.getLogger('TAXIIApplication.taxii.views.inbox_service') logger.debug('Entering Inbox service') resp = handlers.validate_taxii_request(request) if resp: return resp # if validation failed, return the response try: taxii_message = tm.get_message_from_xml(request.body) except Exception as ex: logger.debug('Unable to parse inbound message:s', ex.message) m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed') return handlers.create_taxii_response(m, use_https=request.is_secure()) logger.debug('Inbox [%s] received TAXII message with id [%s] and type [%s]', make_safe(inbox_name), make_safe(taxii_message.message_id), make_safe(taxii_message.message_type)) if taxii_message.message_type != tm.MSG_INBOX_MESSAGE: logger.info('TAXII message with id [%s] was not Inbox type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type)) m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to Inbox service did not have an inbox Message type') return handlers.create_taxii_response(m, use_https=request.is_secure()) resp = handlers.inbox_add_content(request, inbox_name, taxii_message) return resp
def subscription_service(request): """Handles TAXII Subscription Service requests.""" logger = logging.getLogger("TAXIIApplication.taxii.views.subscription_service") logger.debug('Entering subscription service') resp = handlers.validate_taxii_request(request) if resp: return resp # if validation failed, return the response try: taxii_message = tm_version.get_message_from_xml(request.body) except Exception as ex: logger.debug('Unable to parse inbound message: %s', str(ex)) m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed') return handlers.create_taxii_response(m, use_https=request.is_secure()) logger.debug('Message received TAXII message with id [%s] and type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type)) if taxii_message.message_type != tm_version.MSG_MANAGE_FEED_SUBSCRIPTION_REQUEST: logger.info('TAXII message with id [%s] was not Subscription Managment request [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type)) m = tm_version.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to feed managment service did not have a feed_managmen_request message type') return handlers.create_taxii_response(m, use_https=request.is_secure()) resp = handlers.feed_subscription_get_content(request, taxii_message) logger.debug("We send the response to the client") return resp
def poll_get_content(request, taxii_message): """Returns a Poll response for a given Poll Request Message""" logger = logging.getLogger('taxii.utils.handlers.poll_get_content') logger.debug('Polling data from data feed [%s] - begin_ts: %s, end_ts: %s', taxii_message.collection_name, taxii_message.exclusive_begin_timestamp_label, taxii_message.inclusive_end_timestamp_label) try: data_feed = DataFeed.objects.get(name=taxii_message.collection_name) except: logger.debug('Attempting to poll unknown data feed [%s]', make_safe(taxii_message.collection_name)) m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Data feed does not exist [%s]' % (make_safe(taxii_message.collection_name))) return create_taxii_response(m, use_https=request.is_secure()) # build query for poll results query_params = {} if taxii_message.exclusive_begin_timestamp_label: query_params['timestamp_label__gt'] = taxii_message.exclusive_begin_timestamp_label current_datetime = datetime.datetime.now(tzutc()) if taxii_message.inclusive_end_timestamp_label and (taxii_message.inclusive_end_timestamp_label < current_datetime): query_params['timestamp_label__lte'] = taxii_message.inclusive_end_timestamp_label else: query_params['timestamp_label__lte'] = current_datetime content_blocks = data_feed.content_blocks.filter(**query_params).order_by('timestamp_label') logger.debug('Returned [%d] content blocks from data feed [%s]', len(content_blocks), make_safe(data_feed.name)) # TAXII Poll Requests have exclusive begin timestamp label fields, while Poll Responses # have *inclusive* begin timestamp label fields. To satisfy this, we add one millisecond # to the Poll Request's begin timestamp label. # # This will be addressed in future versions of TAXII inclusive_begin_ts = None if taxii_message.exclusive_begin_timestamp_label: inclusive_begin_ts = taxii_message.exclusive_begin_timestamp_label + datetime.timedelta(milliseconds=1) # build poll response poll_response_message = tm.PollResponse(tm.generate_message_id(), taxii_message.message_id, feed_name=data_feed.name, inclusive_begin_timestamp_label=inclusive_begin_ts, inclusive_end_timestamp_label=query_params['timestamp_label__lte']) for content_block in content_blocks: cb = tm.ContentBlock(content_block.content_binding.binding_id, content_block.content, content_block.timestamp_label) if content_block.padding: cb.padding = content_block.padding poll_response_message.content_blocks.append(cb) return create_taxii_response(poll_response_message, use_https=request.is_secure())
def poll_service(request): """Handles TAXII Poll Service requests.""" logger = logging.getLogger("TAXIIApplication.taxii.views.poll_service") logger.debug('Entering poll service') resp = handlers.validate_taxii_request(request) if resp: return resp # if validation failed, return the response try: taxii_message = tm.get_message_from_xml(request.body) except Exception as ex: logger.debug('Unable to parse inbound message: %s', ex.message) m = tm.StatusMessage(tm.generate_message_id(), '0', status_type=tm.ST_BAD_MESSAGE, message='Message received could not be parsed') return handlers.create_taxii_response(m, use_https=request.is_secure()) logger.debug('Poll service received TAXII message with id [%s] and type [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type)) if taxii_message.message_type != tm.MSG_POLL_REQUEST: logger.info('TAXII message with id [%s] was not Poll request [%s]', make_safe(taxii_message.message_id), make_safe(taxii_message.message_type)) m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Message sent to Poll service did not have a poll request message type') return handlers.create_taxii_response(m, use_https=request.is_secure()) resp = handlers.poll_get_content(request, taxii_message) return resp
def feed_subscription_get_content(request, taxii_message): """Returns a feed subscription response for a given subscription feed Message""" logger = logging.getLogger('taxii.utils.handlers.feed_subscription_get_content') logger.debug('Retriving data feed names') f = tm.ACT_TYPES #For now we only accept subscriptions if taxii_message.action == f[0]: try: logger.debug('Getting the data feed [%s]', make_safe(taxii_message.feed_name)) data_feed = DataFeed.objects.get(name=taxii_message.feed_name) except: logger.debug('Attempting to subscribe to unknown data feed [%s]', make_safe(taxii_message.feed_name)) m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Data feed does not exist [%s]' % (make_safe(taxii_message.feed_name))) return create_taxii_response(m, use_https=request.is_secure()) try: binding_id = taxii_message.delivery_parameters.inbox_protocol logger.debug('Getting the binding protocol [%s]', make_safe(binding_id)) protocol_binding = ProtocolBindingId.objects.get(title=binding_id) message_binding = taxii_message.delivery_parameters.delivery_message_binding logger.debug('Getting the binding message [%s]', make_safe(message_binding)) message_binding = MessageBindingId.objects.get(title=message_binding) except: logger.debug('Attempting to subscribe to use unknowon protocol or message bindings') m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Protocol or message bindings does not exist') return create_taxii_response(m, use_https=request.is_secure()) logger.debug("Response message") subscr_methods = DataFeedSubscriptionMethod() subscr_methods.title = taxii_message.delivery_parameters.inbox_address subscr_methods.description = taxii_message.delivery_parameters.inbox_address subscr_methods.address = taxii_message.delivery_parameters.inbox_address subscr_methods.protocol_binding = protocol_binding subscr_methods.save() subscr_methods.message_bindings.add(message_binding) subscr_methods.save() logger.debug("The information was correclty saved") user = User.objects.get(id=1) logger.debug("Get user") data_feed_subscription = DataFeedSubscription() data_feed_subscription.active = True data_feed_subscription.expires = timezone.now() + datetime.timedelta(days=500) data_feed_subscription.data_feed_method = subscr_methods data_feed_subscription.data_feed = data_feed data_feed_subscription.user = user subscription_list = DataFeedSubscription.objects.all() if len(subscription_list) == 0: id_value = 1 else: id_value = DataFeedSubscription.objects.latest('id').id + 1 data_feed_subscription.subscription_id = id_value data_feed_subscription.save() delivery_parameters = tm.DeliveryParameters(inbox_protocol=taxii_message.delivery_parameters.inbox_protocol, inbox_address=taxii_message.delivery_parameters.inbox_address, delivery_message_binding=taxii_message.delivery_parameters.delivery_message_binding, content_bindings=taxii_message.delivery_parameters.content_bindings) logger.debug("Return the Poll Service instances") poll_instances = [] for poll_info in data_feed.poll_service_instances.all(): poll_inst = tm.ManageFeedSubscriptionResponse.PollInstance(poll_protocol = poll_info.protocol_binding.binding_id, poll_address = poll_info.address) mbindings = [] for mbinding_id in poll_info.message_bindings.all(): mbindings.append(mbinding_id.binding_id) poll_inst.poll_message_bindings = mbindings poll_instances.append(poll_inst) subscription_instances = [] subscr_instance = tm.ManageFeedSubscriptionResponse.SubscriptionInstance(subscription_id = str(data_feed_subscription.id)) subscr_instance.delivery_parameters = [delivery_parameters] subscr_instance.poll_instances = poll_instances subscription_instances.append(subscr_instance) logger.debug("Returns the response") feed_subscription_response_message = tm.ManageFeedSubscriptionResponse(message_id = tm.generate_message_id(), in_response_to = taxii_message.message_id, feed_name = taxii_message.feed_name, message='Subscription succeds', subscription_instances = subscription_instances) return create_taxii_response(feed_subscription_response_message, use_https=request.is_secure()) else: logger.debug('Modifing or deleteing subscription is not supported') m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_FAILURE, message='Modifing subscriptions is not allowed') return create_taxii_response(m, use_https=request.is_secure())
def inbox_add_content(request, inbox_name, taxii_message): """Adds content to inbox and associated data feeds""" logger = logging.getLogger('taxii.utils.handlers.inbox_add_content') logger.debug('Adding content to inbox [%s]', make_safe(inbox_name)) try: inbox = Inbox.objects.get(name=inbox_name) except: logger.debug('Attempting to push content to unknown inbox [%s]', make_safe(inbox_name)) m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type=tm.ST_NOT_FOUND, message='Inbox does not exist [%s]' % (make_safe(inbox_name))) return create_taxii_response(m, use_https=request.is_secure()) logger.debug('TAXII message [%s] contains [%d] content blocks', make_safe(taxii_message.message_id), len(taxii_message.content_blocks)) datafeed = taxii_message.subscription_information.collection_name for content_block in taxii_message.content_blocks: try: content_binding_id = ContentBindingId.objects.filter(binding_id=content_block.content_binding) except: logger.debug('TAXII message [%s] contained unrecognized content binding [%s]', make_safe(taxii_message.message_id), make_safe(content_block.content_binding)) continue # cannot proceed - move on to the next content block if content_binding_id[0] not in inbox.supported_content_bindings.all(): logger.debug('Inbox [%s] does not accept content with binding id [%s]', make_safe(inbox_name), make_safe(content_block.content_binding)) else: tree = etree.parse(c.content) import stix.bindings.stix_core as stix_core_binding stix_package_obj = stix_core_binding.STIXType().factory() stix_package_obj.build(tree.getroot()) from stix.core import STIXPackage # resolve circular dependencies stix_package = STIXPackage().from_obj(stix_package_obj) info = ContentBlock.objects.filter(stix_id = stix_package._id) if info.exists(): c = ContentBlock() c.origen = datafeed c.message_id = taxii_message.message_id c.content_binding = content_binding_id[0] c.content = content_block.content if content_block.padding: c.padding = content_block.padding if request.user.is_authenticated(): c.submitted_by = request.user c.save() inbox.content_blocks.add(c) # add content block to inbox for data_feed in inbox.data_feeds.all(): if content_binding_id[0] in data_feed.supported_content_bindings.all(): data_feed.content_blocks.add(c) data_feed.save() else: logger.debug('Inbox [%s] received data using content binding [%s] - ' 'associated data feed [%s] does not support this binding.', make_safe(inbox_name), make_safe(content_block.content_binding), make_safe(data_feed.name)) inbox.save() m = tm.StatusMessage(tm.generate_message_id(), taxii_message.message_id, status_type = tm.ST_SUCCESS) return create_taxii_response(m, use_https=request.is_secure())