def validate(self, val):
try:
check_type = val["check_type"]
except KeyError:
return val
# disk checks
# make sure no duplicate diskchecks exist for an agent/policy
if check_type == "diskspace" and not self.instance: # only on create
checks = (Check.objects.filter(**self.context).filter(
check_type="diskspace").exclude(managed_by_policy=True))
if checks:
for check in checks:
if val["disk"] in check.disk:
raise serializers.ValidationError(
f"A disk check for Drive {val['disk']} already exists!"
)
# ping checks
if check_type == "ping":
if (not _v.ipv4(val["ip"]) and not _v.ipv6(val["ip"])
and not _v.domain(val["ip"])):
raise serializers.ValidationError(
"Please enter a valid IP address or domain name")
return val
def getAnonymizedIpOrDomain(value):
if validators.ipv4(value) or validators.ipv6(value):
return "<IPADDRESS:%s>" % hashlib.md5(value).hexdigest()
elif validators.domain(value):
return "<DOMAIN:%s>" % hashlib.md5(value).hexdigest()
else:
return "<NOTIPADDRESSORDOMAIN:%s>" % hashlib.md5(value).hexdigest()
def add(request):
msg = vmsg.msg()
all_instances = perms.instance_getall_by_group(request)
hostname_default = perms.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
if 'server' in request.POST:
if validators.ipv6(request.POST['server'].strip()) or validators.ipv4(
request.POST['server'].strip()) or validators.domain(
request.POST['server'].strip()):
v = vapi.set_ntp(hostname_default, request.POST['server'].strip())
if v.success == False:
msg.add_error("NTP server add fail - " + v.reason)
else:
msg.add_success("NTP server added")
else:
msg.add_error(
"ntp server add fail - insert only domains or IPv4 or IPv6")
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'is_superuser': is_superuser,
'username': request.user,
'msg': msg.get_all(),
}
return render(request, 'ntp/add.html', context)
def read_iocs(cb, file=sys.stdin):
iocs = defaultdict(list)
report_id = hashlib.md5()
report_id.update(str(time.time()).encode("utf-8"))
for idx, line in enumerate(sys.stdin):
line = line.rstrip("\r\n")
report_id.update(line.encode("utf-8"))
if validators.md5(line):
iocs["md5"].append(line)
elif validators.sha256(line):
eprint("line {}: sha256 provided but not yet supported by backend".format(idx + 1))
iocs["sha256"].append(line)
elif validators.ipv4(line):
iocs["ipv4"].append(line)
elif validators.ipv6(line):
iocs["ipv6"].append(line)
elif validators.domain(line):
iocs["dns"].append(line)
else:
if cb.validate_query(line):
query_ioc = {"search_query": line}
iocs["query"].append(query_ioc)
else:
eprint("line {}: invalid query".format(idx + 1))
return (report_id.hexdigest(), dict(iocs))
def getAnonymizedIpOrDomain(value):
if validators.ipv4(value) or validators.ipv6(value):
return "<IPADDRESS:%s>" % hashlib.md5(value).hexdigest()
elif validators.domain(value):
return "<DOMAIN:%s>" % hashlib.md5(value).hexdigest()
else:
return "<NOTIPADDRESSORDOMAIN:%s>" % hashlib.md5(value).hexdigest()
def __do_convert_url_pattern(self, result: Result, s: str,
is_allow: bool) -> None:
t = s
is_domain_suffix = True
if t.startswith("||"):
t = t[2:]
is_domain_suffix = True
if t.startswith("|"):
t = t[1:]
is_domain_suffix = False
if t.startswith("."):
t = t[1:]
is_domain_suffix = True
t = re.sub(r"^https?://", "", t)
t = t.lstrip("*.").rstrip("^/*")
ur = urllib.parse.urlparse("http://" + t)
if ur.fragment:
return
if ur.path and not self.ignore_path:
return
t = ur.netloc
t = re.sub(r":\d{2,5}$", "", t)
if validators.ipv4(t) or validators.ipv4_cidr(t):
result.add(result.ipv4_cidr, t, remove=is_allow)
elif validators.ipv6(t) or validators.ipv6_cidr(t):
result.add(result.ipv6_cidr, t, remove=is_allow)
else:
if validators.domain(t) and tld.get_fld(
t, fail_silently=True, fix_protocol=True):
if is_domain_suffix:
result.add(result.domain_suffix, t, remove=is_allow)
else:
result.add(result.domain, t, remove=is_allow)
def test_public_ip(agent):
error = []
if not validators.ipv4(agent.get_public_ip()) and not validators.ipv6(
agent.get_public_ip()):
error.append("not ipv4 or ipv6")
assert not error
def read_iocs(cb, file=sys.stdin):
iocs = defaultdict(list)
report_id = hashlib.md5()
report_id.update(str(time.time()).encode("utf-8"))
for idx, line in enumerate(sys.stdin):
line = line.rstrip("\r\n")
report_id.update(line.encode("utf-8"))
if validators.md5(line):
iocs["md5"].append(line)
elif validators.sha256(line):
eprint("line {}: sha256 provided but not yet supported by backend".
format(idx + 1))
iocs["sha256"].append(line)
elif validators.ipv4(line):
iocs["ipv4"].append(line)
elif validators.ipv6(line):
iocs["ipv6"].append(line)
elif validators.domain(line):
iocs["dns"].append(line)
else:
if cb.validate_query(line):
query_ioc = {"search_query": line}
iocs["query"].append(query_ioc)
else:
eprint("line {}: invalid query".format(idx + 1))
return (report_id.hexdigest(), dict(iocs))
def checkType(self, argument):
"""
Identify observable type
"""
if len(argument.strip()) == 0:
return None
elif argument[0] is '#':
return None
elif validators.url(argument):
return "URL"
elif validators.md5(argument):
return "MD5"
elif validators.sha1(argument):
return "SHA1"
elif validators.sha256(argument):
return "SHA256"
elif validators.sha512(argument):
return "SHA512"
elif validators.ipv4(argument):
return "IPv4"
elif validators.ipv6(argument):
return "IPv6"
elif validators.domain(argument):
return "domain"
else:
mod.display("MAIN", argument, "ERROR", "Unable to retrieve observable type")
return None
def is_mavlink_endpoint(cls: Type["Endpoint"], values: Any) -> Any:
connection_type, place, argument = (values.get("connection_type"),
values.get("place"),
values.get("argument"))
if connection_type in [
EndpointType.UDPServer,
EndpointType.UDPClient,
EndpointType.TCPServer,
EndpointType.TCPClient,
]:
if not (validators.domain(place) or validators.ipv4(place)
or validators.ipv6(place)):
raise ValueError(f"Invalid network address: {place}")
if not argument in range(1, 65536):
raise ValueError(
f"Ports must be in the range 1:65535. Received {argument}."
)
return values
if connection_type == EndpointType.Serial.value:
if not place.startswith("/") or place.endswith("/"):
raise ValueError(
f"Bad serial address: {place}. Make sure to use an absolute path."
)
if not argument in VALID_SERIAL_BAUDRATES:
raise ValueError(
f"Invalid serial baudrate: {argument}. Valid option are {VALID_SERIAL_BAUDRATES}."
)
return values
raise ValueError(
f"Invalid connection_type: {connection_type}. Valid types are: {[e.value for e in EndpointType]}."
)
def checkType(self, argument):
"""
Identify observable type
"""
if not argument or len(argument.strip()) == 0:
return None
elif argument[0] is '#':
return None
elif validators.url(argument):
return "URL"
elif validators.md5(argument):
return "MD5"
elif validators.sha1(argument):
return "SHA1"
elif validators.sha256(argument):
return "SHA256"
elif validators.sha512(argument):
return "SHA512"
elif validators.ipv4(argument):
return "IPv4"
elif validators.ipv6(argument):
return "IPv6"
elif validators.domain(argument):
return "domain"
else:
return None
def get_public_ip(self):
try:
ifconfig = requests.get("https://ifconfig.co/ip", timeout=5).text.strip()
if not validators.ipv4(ifconfig) and not validators.ipv6(ifconfig):
icanhaz = requests.get("https://icanhazip.com", timeout=7).text.strip()
if not validators.ipv4(icanhaz) and not validators.ipv6(icanhaz):
return "error"
else:
return icanhaz
else:
return ifconfig
except Exception as e:
self.logger.debug(e)
return "error"
def check_endpoint(self, endpoint):
is_ipv4 = validators.ipv4(endpoint)
is_ipv6 = validators.ipv6(endpoint)
if is_ipv4 or is_ipv6:
return False
if validators.domain(endpoint):
return True
raise CheckThirdpartEndpointFailed(msg="invalid endpoint")
def validate(self, val):
# hack: :: is a valid IPv6 address
if val == '::':
return True
try:
return validators.ipv4(val) or (validators.ipv6(val))
except validators.ValidationFailure:
pass
def url_from_host(host):
"""Get a URL with given host.
:param host: a host value to be used in the URL
:returns: a URL to be used during testing
"""
if ipv6(host):
host = '['+host+']'
return 'http://'+host
def _get_indicator_type(indicator):
if validators.ipv4(indicator):
return "IPv4"
elif validators.ipv6(indicator):
return "IPv6"
elif validators.url(indicator):
return "URL"
return "domain"
def url_from_host(host):
"""Get a URL with given host.
:param host: a host value to be used in the URL
:returns: a URL to be used during testing
"""
if ipv6(host):
host = '[' + host + ']'
return 'http://' + host
def do_print_report(self, line):
'''Prints to screen a readable output of the table as IP DOMAIN '''
invalid = []
master = target.master
for ip in sorted(master.keys()):
for fqdn in master[ip]['fqdns']:
if validators.ipv6(ip) or validators.ipv4(
ip) or 'arpa' in fqdn:
invalid.append('{}\t{}'.format(ip, fqdn))
else:
print("{}\t{}".format(str(ip), str(fqdn)))
def query(target):
if validators.ipv4(target) or validators.ipv6(target):
ip_whois = IPWhois(target)
return ip_whois.lookup_rdap(asn_methods=["dns", "whois", "http"],
inc_nir=True)
elif validators.domain(target):
result = whois.whois(target)
return result
else:
logging.error(f"[whois query] not valid target: {target}")
return None
def get_domain(self, var, default=NOTSET):
# type: (str, Union[str, NotSetType]) -> str
value = self.get(var, default=default)
if value == default:
return value
if not (validators.ipv4(value) or validators.ipv6(value) or validators.domain(value)):
raise VariableTypeError('Environment variable {var} with value {val} is not a valid hostname.'
.format(var=var, val=value))
return value
def get_ip(self, var, default=NOTSET):
# type: (str, Union[str, NotSetType]) -> str
value = self.get(var, default=default)
if value == default:
return value
if not (validators.ipv4(value) or validators.ipv6(value)):
raise VariableTypeError('Environment variable {var} with value {val} could not be converted into ipv4/ipv6.'
.format(var=var, val=value))
return value
def _get_kind(address: str):
if validators.ipv4(address):
return "IPv4Address"
elif validators.ipv6(address):
return "IPv6Address"
elif validators.ipv4_cidr(address):
return "IPv4Network"
raise PluginException(
cause=f"Kind not detected from address: {address}",
assistance="Check address input and try again. Allowed kind are: " "IPv4Address, IPv6Address, IPv4Network.",
)
def ipv6_address(value):
"""
Validate whether or not the given string is a valid IP version 6 address.
Args:
value (str): the value to validate.
Raises:
ValidationError: when the value is not a valid IP version 6 address.
"""
if not validators.ipv6(value):
raise ValidationError('{!r} is not a valid IPv6 address'.format(value))
def determine_resource_type(value):
if validators.ipv4(value) or validators.ipv6(value):
return 'ip'
if validators.domain(value):
return 'domain'
if validators.email(value):
return 'email'
if validators.mac_address(value):
return 'mac_address'
def _determine_address_type(address: str) -> str:
if validators.ipv4(address):
return "ipv4"
if validators.ipv6(address):
return "ipv6"
if validators.domain(address):
return "fqdn"
if re.search('/', address):
return "cidr"
raise PluginException(
cause="Unknown address type provided.",
assistance=f"{address} is not one of the following: IPv4, IPv6, CIDR or domain name."
)
def remove(request, server):
vinfo = viewinfo.prepare(request)
dnsresolver_srv = vapi.get_dnsresolver(vinfo.hostname_default)
if len(dnsresolver_srv.data['name-server']) == 0:
return redirect('dnsresolver:dnsresolver-list')
if dnsresolver_srv.success:
if 'name-server' in dnsresolver_srv.data:
if validators.ipv6(server.strip()) or validators.ipv4(server.strip()):
v = vapi.delete_dnsresolver(vinfo.hostname_default, server.strip())
return redirect('dnsresolver:dnsresolver-list')
def extract_urls(msg: str) -> list:
urls = re.findall(
r"(?m)\b(?:http(?:s)?:\/\/)?[\w.-]+(?:\.[\w\.-]+)+[\w\-\._~:\/?#[\]@!\$&'\(\)\*\+,;=.]+\b",
msg.lower()
)
normalized_urls = []
for url in urls:
if '@' in url or validators.ipv6(url) or validators.ipv4(url):
continue
normalized_urls.append(url)
return normalized_urls
def ip_in_url(urls):
for url in urls: #http://ufpel.edu.br/portal
try:
if(validators.url(url)): #if url is valid
netlocal = get_domain(url) #ufpel.edu.br
#return on first occurrence of ip in URL
if validators.ipv4(netlocal):
return True
if validators.ipv6(netlocal):
return True
except:
continue
return False
def get_data_type(indicator):
if validators.ipv4(indicator) or validators.ipv6(indicator):
return "IP"
elif validators.url(indicator):
return "URL"
elif validators.domain(indicator):
return "DOMAIN"
elif validators.sha1(indicator):
return "FILE_SHA1"
raise PluginException(
cause="Invalid indicator input provided.",
assistance="Supported indicators are IP, URL, domain and SHA1 hash."
)
def validate_url(value: str) -> bool:
if (validatorslib.url(value) or
validatorslib.domain(value) or
validatorslib.ipv4(value) or
validatorslib.ipv6(value) or
validatorslib.ipv4_cidr(value) or
validatorslib.ipv6_cidr(value) or
validatorslib.slug(value)):
return True
if DOMAIN_PORT_REGEX.match(value):
return True
return False
def parse_items(items: Optional[str]) -> List[Attr]:
parsed_items: List[Attr] = []
if not items:
return parsed_items
for item in items.split('\n'):
if item:
item = ''.join(item.split()) # Normalize whitespace
item = urllib.parse.unquote_plus(item)
if domain(item):
typ = AttrType.DOMAIN
search_types = [AttrType.DOMAIN]
report_types = [AttrType.DOMAIN]
elif url(item):
typ = AttrType.URL
search_types = [AttrType.URL]
report_types = [AttrType.URL]
# Remove arguments from URLs
item = get_canonical_url(item)
elif defanged_url(item):
typ = AttrType.URL
search_types = [AttrType.URL]
report_types = [AttrType.URL]
# MISP wants a correct URL, so replace hxx with htt
item = item.replace('hxx', 'htt', 1)
elif ipv4(item) or ipv6(item):
typ = AttrType.IP_SRC
search_types = [
AttrType.DOMAIN_IP,
AttrType.IP_SRC,
AttrType.IP_SRC_PORT,
AttrType.IP_DST,
AttrType.IP_DST_PORT,
]
report_types = [AttrType.IP_SRC]
elif md5(item):
typ = AttrType.MD5
search_types = [AttrType.MD5, AttrType.FILENAME_MD5]
report_types = [AttrType.MD5]
elif sha1(item):
typ = AttrType.SHA1
search_types = [AttrType.SHA1, AttrType.FILENAME_SHA1]
report_types = [AttrType.SHA1]
elif sha256(item):
typ = AttrType.SHA256
search_types = [AttrType.SHA256, AttrType.FILENAME_SHA256]
report_types = [AttrType.SHA256]
else:
raise ParseException(f'Could not parse {item}')
parsed_items.append(Attr(value=item, type=typ, search_types=search_types, report_types=report_types))
return parsed_items
def cheacking(inp):
k = validators.domain(inp)
if k is True:
return "Domain"
else:
k = validators.ipv4(inp)
h = validators.ipv6(inp)
if k is True or h is True:
return "IP"
else:
k = validators.url(inp)
if k is True:
return "URL"
else:
return "File_Hash"
def remove(request, server):
hostname_default = perms.get_hostname_prefered(request)
ntp_servers = vapi.get_ntp(hostname_default)
if len(ntp_servers.data['name-server']) == 0:
return redirect('ntp:ntp-list')
if ntp_servers.success:
if 'server' in ntp_servers.data:
if validators.ipv6(server.strip()) or validators.ipv4(
server.strip()) or validators.domain(server.strip()):
v = vapi.delete_ntp(hostname_default, server.strip())
return redirect('ntp:ntp-list')
def do_print_domains(self, line):
domains = []
# master = target.master.keys()
for ip in target.master.keys():
for domain in target.master[ip]['fqdns']:
if validators.ipv6(domain) or validators.ipv4(
domain) or 'arpa' in domain:
pass
else:
domains.append(domain)
unique_domains = set(domains)
for i in unique_domains:
print(i)
print("Total:\t{}").format(len(unique_domains))
def add_new_ip(self, ipaddr, source=""):
# global target
ip = ipaddr
# if is_ipv4(ip):
if validators.ipv6(ip) or validators.ipv4(ip):
if ip not in target.master.keys():
target.master[ip] = {}
target.master[ip]['source'] = ['{}'.format(source)]
target.master[ip]['fqdns'] = []
target.master[ip]['ports'] = []
target.master[ip]['cidr'] = []
target.master[ip]['netname'] = []
else:
print("{} already exists in the table".format(ip))
else:
print("{} is not a valid IPv4 or IPv6 address".format(ip))
def test_returns_true_on_valid_ipv4_address(address):
assert ipv6(address)
def isipv6(value):
try:
validators.ipv6(value)
except validators.ValidationFailure:
return False
return True
def test_returns_failed_validation_on_invalid_ipv6_address(address):
assert isinstance(ipv6(address), ValidationFailure)
def arg_validator(arg, vlist=None):
"""
检查数据,可对同一个数据进行多种检查
arg : 字符串,要验证的参数
vlist : 列表,验证列表,每个元素包含两项.
第一个项是检查类型(字符串),第二项是可选参数字典,类似:
[
("检查类型",{"可选参数1":参数值,"可选参数2":参数值...}),
("检查类型",{"可选参数1":参数值,"可选参数2":参数值...}),
...
]
返回: 双元组,第一项为True 或 False,第二项为验证失败的类型(第一项为True的话第二项就留空)
注意:
vlist 列表的第一项可以是字符串 "required",用于表示是必填项:
如果第一项不是,而且要验证的 arg 为空,会直接返回 True,不是的继续验证。
如果第一项是,就完全按照 vlist[1:] 的要求验证
vlist 的元素如果是验证整数/小数/email等不需要附加参数的可以直接传入验证类型字符串即可
用例(使用args_validator函数的,看这里vdict每个键值对的形式):
vdict = {
"token": ["required", "uuid"],
"username": ["required", ("length", {"min": 4, "max": 30}), "safe_str"],
"password": ["required", ("length", {"min": 4, "max": 20}), "safe_str"],
"captcha": ["required", ("length", {"min": 4, "max": 8}), "safe_str"],
}
form = args_validator(self.request.arguments, vdict)
"""
if not any((isinstance(vlist, list), isinstance(vlist, tuple))):
einfo = "不支持的数据类型!应使用列表或元组,但输入的是{}".format(type(vlist))
raise ValueError(einfo)
if vlist[0] == "required":
# 第一项不是 required 的,把第一项的 "required" 去掉
vlist = vlist[1:]
else:
# 第一项不是 required 的,如果 arg 是空的,直接返回 True,不是的继续验证
if not arg:
return True, None
# 待返回的验证结果
verification = None
failed_type = None # 验证失败的类型
# 开始检查,有一个不通过就返回 False
for i in vlist:
local_verification = None
if isinstance(i, str): # 如果是字符串的话就改为元组
i = (i, {})
if len(i) == 1: # 只有一个元素的,添加一个空字典
i = (i[0], {})
vtype = i[0] # 检查类型是第一项
vdict = i[1] # 检查类型所需的可选参数字典
# 在 validators 之外添加的
# 没有空白
if vtype == "no_space":
if not re.search(r"\s", arg):
local_verification = True
# 安全字符串,只包含 0-9a-zA-Z-空格和下划线
elif vtype == "safe_str":
if re.match(r"^[0-9a-zA-Z-_ ]+$", arg, flags=re.U):
local_verification = True
# 是否包含
elif vtype == "in":
# 迭代 vdict 的键值(所以键名无所谓)
for v in vdict.values():
if arg not in v:
local_verification = False
break
elif vtype == "not_in":
# 迭代 vdict 的键值(所以键名无所谓)
for v in vdict.values():
if arg in v:
local_verification = False
break
# 字符串形式的数字
elif vtype == "str_number":
if re.match(r"[+-]?\d+$", arg, flags=re.U) or \
re.match(r"[+-]?\d+\.\d+$", arg, flags=re.U):
local_verification = True
elif vtype == "str_int":
if re.match(r"[+-]?\d+$", arg, flags=re.U):
local_verification = True
elif vtype == "str_float":
if re.match(r"[+-]?\d+\.\d+$", arg, flags=re.U):
local_verification = True
# 数字
elif vtype == "number": # 整数或浮点数都可以
local_verification = isinstance(arg, int) or isinstance(arg, float)
elif vtype == "int":
local_verification = isinstance(arg, int)
elif vtype == "float":
local_verification = isinstance(arg, float)
# 直接调用 validators的
elif vtype == "length":
local_verification = validators.length(arg, **vdict)
elif vtype == "url":
local_verification = validators.url(arg, **vdict)
elif vtype == "email":
local_verification = validators.email(arg, **vdict)
elif vtype == "ip": # ipv4 或 ipv6都可以
local_verification = any((validators.ipv4(arg, **vdict),
validators.ipv6(arg, **vdict)))
elif vtype == "between":
local_verification = validators.between(arg, **vdict)
elif vtype == "uuid":
local_verification = validators.uuid(arg, **vdict)
elif vtype == "ipv4":
local_verification = validators.ipv4(arg, **vdict)
elif vtype == "ipv6":
local_verification = validators.ipv6(arg, **vdict)
elif vtype == "mac_address":
local_verification = validators.mac_address(arg, **vdict)
elif vtype == "iban":
local_verification = validators.iban(arg, **vdict)
elif vtype == "slug":
local_verification = validators.slug(arg, **vdict)
elif vtype == "truthy":
local_verification = validators.truthy(arg, **vdict)
# 对于验证不为真或没有验证的
# 不为真的时候返回的是: ValidationFailure(......)
if not local_verification:
verification = False
failed_type = vtype
break # 有一条不为 True, 直接返回 False
else:
verification = True
# 处理返回值
if verification not in(False, True):
verification = False
if not verification:
return verification, failed_type
else:
return True, None
