def handle_signature_file(data, source_name, user=None, description=None, title=None, data_type=None, data_type_min_version=None, data_type_max_version=None, data_type_dependency=None, link_id=None, source_method='', source_reference='', source_tlp='', copy_rels=False, bucket_list=None, ticket=None, related_id=None, related_type=None, relationship_type=None): """ Add Signature. :param data: The data of the Signature. :type data: str :param source_name: The source which provided this Signature. :type source_name: str, :class:`crits.core.crits_mongoengine.EmbeddedSource`, list of :class:`crits.core.crits_mongoengine.EmbeddedSource` :param user: The user adding the Signature. :type user: str :param description: Description of the Signature. :type description: str :param title: Title of the Signature. :type title: str :param data_type: Datatype of the Signature. :type data_type: str :param data_type: Datatype of the Signature. :type data_type_min_version: str :param data_type_min_version: Datatype tool minimum version. :type data_type_max_version: str :param data_type_max_version: Datatype tool maximum version. :type data_type_dependency: list :param data_type_dependency: Datatype tool dependency to be run :param link_id: LinkId to tie this to another Signature as a new version. :type link_id: str :param method: The method of acquiring this Signature. :type method: str :param reference: A reference to the source of this Signature. :type reference: str :param copy_rels: Copy relationships from the previous version to this one. :type copy_rels: bool :param bucket_list: Bucket(s) to add to this Signature :type bucket_list: str(comma separated) or list. :param ticket: Ticket(s) to add to this Signature :type ticket: str(comma separated) or list. :param related_id: ID of object to create relationship with :type related_id: str :param related_type: Type of object to create relationship with :type related_type: str :param relationship_type: Type of relationship to create. :type relationship_type: str :returns: dict with keys: 'success' (boolean), 'message' (str), '_id' (str) if successful. """ if not data or not title or not data_type: status = { 'success': False, 'message': 'No data object, title, or data type passed in' } return status if not source_name: return {"success": False, "message": "Missing source information."} rdt = SignatureType.objects(name=data_type).first() if not rdt: status = {'success': False, 'message': 'Invalid data type passed in'} return status if len(data) <= 0: status = {'success': False, 'message': 'Data length <= 0'} return status # generate md5 and timestamp md5 = hashlib.md5(data).hexdigest() timestamp = datetime.datetime.now() # generate signature signature = Signature() signature.created = timestamp signature.description = description signature.md5 = md5 signature.data = data signature.title = title signature.data_type = data_type signature.data_type_min_version = data_type_min_version signature.data_type_max_version = data_type_max_version if data_type_dependency: if type(data_type_dependency) == unicode: data_type_dependency = data_type_dependency.split(",") for item in data_type_dependency: if item: item = item.strip() signature.data_type_dependency.append(str(item)) else: data_type_dependency = [] # generate new source information and add to sample if isinstance(source_name, basestring) and len(source_name) > 0: if user.check_source_write(source_name): source = create_embedded_source(source_name, date=timestamp, method=source_method, reference=source_reference, tlp=source_tlp, analyst=user.username) # this will handle adding a new source, or an instance automatically signature.add_source(source) else: return { "success": False, "message": "User does not have permission to add object using source %s." % source_name } elif isinstance(source_name, EmbeddedSource): signature.add_source(source_name, method=source_method, reference=source_reference, tlp=source_tlp) elif isinstance(source_name, list) and len(source_name) > 0: for s in source_name: if isinstance(s, EmbeddedSource): signature.add_source(s, method=source_method, reference=source_reference, source_tlp=source_tlp) signature.version = len(Signature.objects(link_id=link_id)) + 1 if link_id: signature.link_id = link_id if copy_rels: rd2 = Signature.objects(link_id=link_id).first() if rd2: if len(rd2.relationships): signature.save(username=user.username) signature.reload() for rel in rd2.relationships: # Get object to relate to. rel_item = class_from_id(rel.rel_type, rel.object_id) if rel_item: signature.add_relationship( rel_item, rel.relationship, rel_date=rel.relationship_date, analyst=user.username) if bucket_list: signature.add_bucket_list(bucket_list, user) if ticket: signature.add_ticket(ticket, user) related_obj = None if related_id and related_type: related_obj = class_from_id(related_type, related_id) if not related_obj: status = {'success': False, 'message': 'Related Object not found.'} return status signature.save(username=user.username) if related_obj and signature and relationship_type: relationship_type = RelationshipTypes.inverse( relationship=relationship_type) signature.add_relationship(related_obj, relationship_type, analyst=user.username, get_rels=False) signature.save(username=user.username) signature.reload() # save signature signature.save(username=user.username) signature.reload() status = { 'success': True, 'message': 'Uploaded signature', '_id': signature.id, 'object': signature } return status
def handle_signature_file(data, source_name, user=None, description=None, title=None, data_type=None, data_type_min_version=None, data_type_max_version=None, data_type_dependency=None, link_id=None, method='', reference='', copy_rels=False, bucket_list=None, ticket=None): """ Add Signature. :param data: The data of the Signature. :type data: str :param source_name: The source which provided this Signature. :type source_name: str, :class:`crits.core.crits_mongoengine.EmbeddedSource`, list of :class:`crits.core.crits_mongoengine.EmbeddedSource` :param user: The user adding the Signature. :type user: str :param description: Description of the Signature. :type description: str :param title: Title of the Signature. :type title: str :param data_type: Datatype of the Signature. :type data_type: str :param data_type: Datatype of the Signature. :type data_type_min_version: str :param data_type_min_version: Datatype tool minimum version. :type data_type_max_version: str :param data_type_max_version: Datatype tool maximum version. :type data_type_dependency: list :param data_type_dependency: Datatype tool dependency to be run :param link_id: LinkId to tie this to another Signature as a new version. :type link_id: str :param method: The method of acquiring this Signature. :type method: str :param reference: A reference to the source of this Signature. :type reference: str :param copy_rels: Copy relationships from the previous version to this one. :type copy_rels: bool :param bucket_list: Bucket(s) to add to this Signature :type bucket_list: str(comma separated) or list. :param ticket: Ticket(s) to add to this Signature :type ticket: str(comma separated) or list. :returns: dict with keys: 'success' (boolean), 'message' (str), '_id' (str) if successful. """ if not data or not title or not data_type: status = { 'success': False, 'message': 'No data object, title, or data type passed in' } return status if not source_name: return {"success" : False, "message" : "Missing source information."} rdt = SignatureType.objects(name=data_type).first() if not rdt: status = { 'success': False, 'message': 'Invalid data type passed in' } return status if len(data) <= 0: status = { 'success': False, 'message': 'Data length <= 0' } return status # generate md5 and timestamp md5 = hashlib.md5(data).hexdigest() timestamp = datetime.datetime.now() # generate signature signature = Signature() signature.created = timestamp signature.description = description signature.md5 = md5 signature.data = data signature.title = title signature.data_type = data_type signature.data_type_min_version = data_type_min_version signature.data_type_max_version = data_type_max_version if data_type_dependency: if type(data_type_dependency) == unicode: data_type_dependency = data_type_dependency.split(",") for item in data_type_dependency: if item: item = item.strip() signature.data_type_dependency.append(str(item)) else: data_type_dependency = [] # generate new source information and add to sample if isinstance(source_name, basestring) and len(source_name) > 0: source = create_embedded_source(source_name, date=timestamp, method=method, reference=reference, analyst=user) # this will handle adding a new source, or an instance automatically signature.add_source(source) elif isinstance(source_name, EmbeddedSource): signature.add_source(source_name, method=method, reference=reference) elif isinstance(source_name, list) and len(source_name) > 0: for s in source_name: if isinstance(s, EmbeddedSource): signature.add_source(s, method=method, reference=reference) signature.version = len(Signature.objects(link_id=link_id)) + 1 if link_id: signature.link_id = link_id if copy_rels: rd2 = Signature.objects(link_id=link_id).first() if rd2: if len(rd2.relationships): signature.save(username=user) signature.reload() for rel in rd2.relationships: # Get object to relate to. rel_item = class_from_id(rel.rel_type, rel.object_id) if rel_item: signature.add_relationship(rel_item, rel.relationship, rel_date=rel.relationship_date, analyst=user) if bucket_list: signature.add_bucket_list(bucket_list, user) if ticket: signature.add_ticket(ticket, user); # save signature signature.save(username=user) signature.reload() status = { 'success': True, 'message': 'Uploaded signature', '_id': signature.id, 'object': signature } return status