def serviceAny_forceGovCloudAutoSelectFailure(self):
falcon = OAuth2(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret=os.environ["CROSS_DEBUG_SECRET"],
base_url="usgov1"
)
result = falcon.token()
if result["status_code"] == 201:
falcon = APIHarness(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret=os.environ["CROSS_DEBUG_SECRET"],
base_url="usgov1"
)
t_creds = {
"client_id": os.environ["CROSS_DEBUG_KEY"],
"client_secret": os.environ["CROSS_DEBUG_SECRET"],
}
result = falcon.command("oauth2AccessToken", data=t_creds, base_url="usgov1")
if result["status_code"] == 201:
falcon = CloudConnectAWS(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret=os.environ["CROSS_DEBUG_SECRET"],
base_url="usgov1"
)
result = falcon.auth_object.token()
if result["status_code"] == 429:
pytest.skip("Rate limit hit")
if result["status_code"] == 201:
return True
else:
return False
else:
return False
else:
return False
def uberCCAWS_BadAuthentication(self):
falcon = APIHarness()
if falcon.command("QueryAWSAccounts",
parameters={"limit":
1})["status_code"] in AllowedResponses:
return True
else:
return False
def uberCCAWS_DisableSSLVerify(self):
falcon = APIHarness(creds={
"client_id": config["falcon_client_id"],
"client_secret": config["falcon_client_secret"]
},
ssl_verify=False,
base_url=config["falcon_base_url"])
if falcon.command("QueryAWSAccounts",
parameters={"limit":
1})["status_code"] in AllowedResponses:
return True
else:
return False
def serviceAny_forceCrossCloudResponseFailure(self):
falcon = OAuth2(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret="will_not_work",
base_url="us1"
)
result = falcon.token()
if result["status_code"] == 403:
falcon = APIHarness(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret="will_not_work",
base_url="us1"
)
t_creds = {
"client_id": os.environ["CROSS_DEBUG_KEY"],
"client_secret": "shouldn't work",
}
result = falcon.command("oauth2AccessToken", data=t_creds, base_url="us1")
if result["status_code"] in [401, 403]:
return True
else:
return False
else:
return False
indicator = Indicator()
# Loop until success or error
while RUNNING == "running":
# Submission ID
submit_id = submit_response["body"]["resources"][0]["id"]
# Check the scan status
result = check_scan_status(submit_id)
if result["body"]["resources"]:
# Announce progress with our KITT indicator
inform(f"{indicator.display()} {running_time(start_time)}")
# Grab our latest status
RUNNING = result["body"]["resources"][0]["state"]
# We've finished, retrieve the report. There will only be one in this example.
analysis = falcon.command("GetReports",
ids=submit_id)["body"]["resources"][0]["sandbox"][0]
# Announce progress
inform(f"[ Delete ] {running_time(start_time)}")
# Remove our test file
delete_response = delete_file(sha)
# Display the analysis results
if "error_type" in analysis:
# Error occurred, display the detail
print(f"{analysis['error_type']}: {analysis['error_message']}")
else:
# No error, display the full analysis
print(f"Detonated on: {analysis['environment_description']}{' ' * 20}")
print(f"File type: {analysis['file_type']}")
try:
# Remove our download file if it is present before we begin
if os.path.exists(DOWN_FILENAME):
os.remove(DOWN_FILENAME)
# | |._ | _ _. _|
# |_||_)|(_)(_|(_|
# |
#
# Open the file for binary read, this will be our payload
with open(UP_FILENAME, "rb") as upload:
PAYLOAD = upload.read()
# Upload the file using the Sample Uploads API, name this file "newfile.jpg" in the sandbox
# Since we are using the Uber Class, we need to specify the cntent type
response = falcon.command('UploadSampleV3',
file_name="newfile.jpg",
data=PAYLOAD,
content_type="application/octet-stream")
# Display the results of the upload operation based upon the value of status_code
if response["status_code"] == 200:
# Grab the SHA256 unique identifier for the file we just uploaded from the response
sha = response["body"]["resources"][0]["sha256"]
print(f"File ({sha}) successfully uploaded to the sandbox.")
else:
raise SystemExit("Unable to upload file to the sandbox.")
# ,_
# | \ _ ._ | _ _. _|
# |_/(_)\/\/| ||(_)(_|(_|
#
# Download a copy of this file, use the SHA256 ID to retrieve it
FORMAT = "fancy_grid"
if args.format:
FORMAT = args.format
SHOW_ALL = False
if args.all:
SHOW_ALL = True
OSVER = ""
if args.osver:
OSVER = args.osver
# Login to the Falcon API and retrieve our list of sensors
falcon = APIHarness(client_id=CLIENTID, client_secret=CLIENTSECRET)
sensors = falcon.command(action="GetCombinedSensorInstallersByQuery",
filter=OS_FILTER)
if CMD in "list":
# List sensors
data = []
headers = {
"name": "Name",
"description": "Description",
"platform": "Platform",
"os": "OS",
"os_version": "OS Version",
"sha256": "File Hash",
"release_date": "Release Date",
"version": "Version",
"file_size": "File Size",
"file_type": "File Type"
}
ssl_verify=VERIFY_SSL_CONNECTIONS)
# Authenticate to the API
falcon.authenticate()
# Cry about our bad keys
if not falcon.authenticated:
status.status_write(
f"Failed to connect to the API on {BASE_URL}. Check base_url and ssl_verify configuration settings."
)
raise SystemExit(
f"Failed to connect to the API on {BASE_URL}. Check base_url and ssl_verify configuration settings."
)
# Retrieve our current CID (MSSP functionality) or add it to config?
# This method requires Sensor Install API, our fallback option uses the Hosts API but a device must exist
try:
current_cid = falcon.command(
"GetSensorInstallersCCIDByQuery")["body"]["resources"][0][:-3]
except KeyError:
try:
current_cid = falcon.command(
"GetDeviceDetails",
ids=falcon.command("QueryDevicesByFilter", limit=1)["body"]
["resources"][0])["body"]["resources"][0]["cid"]
except IndexError:
try:
current_cid = config["falcon_cid"]
except KeyError as no_cid:
status.status_write("Unable to retrieve CID")
raise SystemExit("Unable to retrieve CID") from no_cid
# Default to confirming this is an AWS alert
if "confirm_provider" not in config:
config["confirm_provider"] = True