def configuration(self, id): """Configure a named configuration. .. :quickref: Module; Configure a named configuration Requires the `manage_modules` permission. For each configuration available, you should set the value in a form parameter named ``config_NAME``. For boolean values, any value not ``0`` or ``False`` is considered to be ``True``. If successful, will return the named configuration in ``config``. Otherwise, errors will be available in ``errors``. :param id: id of the named configuration. """ config = Config(get_or_404(Config.get_collection(), _id=id)) if request.method == "POST": errors = update_config(config['config']) if errors is not None: return errors config.save() dispatcher.reload() return redirect({'config': config}, url_for('ModulesView:index')) else: return render({'config': config}, 'modules/configuration.html')
def enable(self, id): """Enable a module .. :quickref: Module; Enable a module Requires the `manage_modules` permission. If successful, will return the module in ``module``. Otherwise, errors will be available in ``errors``. :param id: id of the module to enable. """ module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id)) if 'error' in module: flash( "Cannot enable '{}' because of errors installing dependencies." .format(module['name']), 'danger') return validation_error(url_for('ModulesView:index')) # See if module is properly configured module_class = get_class(module['path'], module['class']) module_class.info = module try: module_class() except MissingConfiguration as e: if e.name: flash( "You must configure '{}' before trying to enable '{}'". format(e.name, module['name']), 'warning') return validation_error( url_for('ModulesView:configuration', id=e.id)) else: flash( "You must configure '{}' before trying to enable it.". format(module['name']), 'warning') return validation_error( url_for('ModulesView:configure', id=module['_id'])) module.update_value('enabled', True) dispatcher.reload() readme = module.get_readme() if readme: flash(readme, 'persistent') return redirect({'module': clean_modules(module)}, url_for('ModulesView:index'))
def repository_delete(self, id): """Delete a repository .. :quickref: Module; Delete repository Requires the `manage_modules` permission. Returns "ok". :param id: id of the repository. """ repository = Repository(get_or_404(Repository.get_collection(), _id=id)) repository.delete() dispatcher.reload() return redirect('ok', url_for('ModulesView:index'))
def disable(self, id): """Disable a module .. :quickref: Module; Disable a module Requires the `manage_modules` permission. :param id: id of the module to disable. :>json Module module: resulting module. """ module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id)) module.update_value('enabled', False) dispatcher.reload() return redirect({'module': clean_modules(module)}, url_for('ModulesView:index'))
def run_module(analysis_id, module): dispatcher.reload() analysis = Analysis(store.analysis.find_one({'_id': analysis_id})) analysis.run(module)
def configure(self, id): """Configure a module. .. :quickref: Module; Configure a module Requires the `manage_modules` permission. For each configuration available, you should set the value in a form parameter named ``config_NAME``. For boolean values, any value not ``0`` or ``False`` is considered to be ``True``. If the setting should be an option (be available per analysis), you have to set ``config_NAME_option`` to any value but ``0`` or ``False``. If successful, will return the module in ``module``. Otherwise, errors will be available in ``errors``. :param id: id of the named configuration. :form acts_on: comma-delimited list of FAME types this module can act on (only for Processing modules). :form triggered_by: comma-delimited list of triggers (only for Processing modules). :form queue: name of the queue to use for this module (for Processing and Preloading modules). """ module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id)) module['readme'] = module.get_readme() if request.method == "POST": if module['type'] == 'Filetype': if 'acts_on' in request.form: module.update_setting_value( 'acts_on', request.form.get('acts_on', '')) elif module['type'] == 'Processing': if 'acts_on' in request.form: module.update_setting_value( 'acts_on', request.form.get('acts_on', '')) if 'triggered_by' in request.form: module.update_setting_value( 'triggered_by', request.form.get('triggered_by', '')) if 'queue' in request.form: update_queue(module, request.form.get('queue', '')) elif module['type'] == "Preloading": if 'queue' in request.form: update_queue(module, request.form.get('queue', '')) if 'priority' in request.form: update_priority(module, request.form.get('priority', '')) errors = update_config(module['config'], options=(module['type'] in ['Preloading', 'Processing'])) if errors is not None: return errors module.save() dispatcher.reload() return redirect({'module': clean_modules(module)}, url_for('ModulesView:index')) else: return render({'module': clean_modules(module)}, 'modules/module_configuration.html')
class ModulesView(FlaskView, UIView): @requires_permission('manage_modules') def index(self): """Get the list of modules. .. :quickref: Module; Get the list of modules Requires the `manage_modules` permission. The response is a dict with several elements: * ``modules``, which is a list of modules, sorted by type:: "modules": { "Antivirus": [ ... ], "Preloading": [ ... ], "Processing": [ { "_id": { "$oid": "MODULE_ID" }, "acts_on": [ ACTS_ON_FAME_TYPES ], "class": "CLASS_NAME", "config": [ CONFIG_OPTIONS ], "description": "DESCRIPTION", "enabled": false, "generates": [GENERATES], "name": "NAME", "path": "MODULE_PATH", "queue": "QUEUE", "triggered_by": [ TRIGGERS ], "type": "Processing" }, ... ], "Reporting": [ ... ], "Threat Intelligence": [ ... ], "Filetype": [ ... ] } * ``repositories``: list of configured repositories:: "repositories": [ { "_id": { "$oid": "ID" }, "address": "[email protected]:certsocietegenerale/fame_modules.git", "name": "community", "private": false, "status": "active" }, ... ] * ``configs``: list of named configurations:: "configs": [ { "_id": { "$oid": "ID" }, "config": [ { "description": "List of patterns (strings) to look for in malware configurations. There should be one pattern per line.", "name": "monitor", "type": "text", "value": null } ], "description": "Needed in order to be able to track malware targets", "name": "malware_config" }, ... ] """ types = { 'Preloading': [], 'Processing': [], 'Reporting': [], 'Threat Intelligence': [], 'Antivirus': [], 'Virtualization': [], 'Filetype': [] } for module in ModuleInfo.get_collection().find(): types[module['type']].append(clean_modules(module)) for type in types: types[type] = sorted(types[type], key=get_name) configs = Config.get_collection().find() repositories = clean_repositories( list(Repository.get_collection().find())) return render( { 'modules': types, 'configs': configs, 'repositories': repositories }, 'modules/index.html') @requires_permission('manage_modules') @route('/<id>/disable', methods=['POST']) def disable(self, id): """Disable a module .. :quickref: Module; Disable a module Requires the `manage_modules` permission. :param id: id of the module to disable. :>json Module module: resulting module. """ module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id)) module.update_value('enabled', False) dispatcher.reload() return redirect({'module': clean_modules(module)}, url_for('ModulesView:index')) @requires_permission('manage_modules') @route('/<id>/enable', methods=['POST']) def enable(self, id): """Enable a module .. :quickref: Module; Enable a module Requires the `manage_modules` permission. If successful, will return the module in ``module``. Otherwise, errors will be available in ``errors``. :param id: id of the module to enable. """ module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id)) if 'error' in module: flash( "Cannot enable '{}' because of errors installing dependencies." .format(module['name']), 'danger') return validation_error(url_for('ModulesView:index')) # See if module is properly configured module_class = get_class(module['path'], module['class']) module_class.info = module try: module_class() except MissingConfiguration, e: if e.name: flash( "You must configure '{}' before trying to enable '{}'". format(e.name, module['name']), 'warning') return validation_error( url_for('ModulesView:configuration', id=e.id)) else: flash( "You must configure '{}' before trying to enable it.". format(module['name']), 'warning') return validation_error( url_for('ModulesView:configure', id=module['_id'])) module.update_value('enabled', True) dispatcher.reload() readme = module.get_readme() if readme: flash(readme, 'persistent') return redirect({'module': clean_modules(module)}, url_for('ModulesView:index'))
def configure(self, id): """Configure a module. .. :quickref: Module; Configure a module Requires the `manage_modules` permission. For each configuration available, you should set the value in a form parameter named ``config_NAME``. For boolean values, any value not ``0`` or ``False`` is considered to be ``True``. If the setting should be an option (be available per analysis), you have to set ``config_NAME_option`` to any value but ``0`` or ``False``. If successful, will return the module in ``module``. Otherwise, errors will be available in ``errors``. :param id: id of the named configuration. :form acts_on: comma-delimited list of FAME types this module can act on (only for Processing modules). :form triggered_by: comma-delimited list of triggers (only for Processing modules). :form queue: name of the queue to use for this module (only for Processing modules). """ module = ModuleInfo(get_or_404(ModuleInfo.get_collection(), _id=id)) if request.method == "POST": if module['type'] == 'Processing': if 'acts_on' in request.form: module.update_setting_value( 'acts_on', request.form.get('acts_on', '')) if 'triggered_by' in request.form: module.update_setting_value( 'triggered_by', request.form.get('triggered_by', '')) if 'queue' in request.form: new_queue = request.form.get('queue') if module['queue'] == '': flash('queue cannot be empty', 'danger') return validation_error() else: if module['queue'] != new_queue: module.update_setting_value('queue', new_queue) updates = Internals( get_or_404(Internals.get_collection(), name="updates")) updates.update_value("last_update", time()) flash( 'Workers will reload once they are done with their current tasks', 'success') errors = update_config(module['config'], options=(module['type'] == 'Processing')) if errors is not None: return errors module.save() dispatcher.reload() return redirect({'module': clean_modules(module)}, url_for('ModulesView:index')) else: return render({'module': clean_modules(module)}, 'modules/module_configuration.html')
def fame_init(): store.connect() dispatcher.reload()