def push_11(taxii_client, stix_file_doc): if stix_file_doc.version.startswith('2'): try: content = stix_file_doc.get_slide_12() except Exception as e: traceback.print_exc() raise e else: with open(stix_file_doc.origin_path, 'r', encoding='utf-8') as fp: content = fp.read() auth_credentials_dict, cert_fd, key_fd = _get_auth_credentials_dict( taxii_client) taxii_client._client.set_auth_credentials(auth_credentials_dict) try: subscription_information = tm11.SubscriptionInformation( collection_name=taxii_client._collection_name, subscription_id='subscripiton_id') cb = tm11.ContentBlock(const.CB_STIX_XML_11, content) im = tm11.InboxMessage( message_id=tm11.generate_message_id(), destination_collection_names=[taxii_client._collection_name], subscription_information=subscription_information, content_blocks=[cb]) http_resp = taxii_client._client.call_taxii_service2( taxii_client._address, taxii_client._path, const.VID_TAXII_XML_11, im.to_xml(), port=taxii_client._port) taxii_message = libtaxii.get_message_from_http_response( http_resp, im.message_id) if taxii_message.status_type != 'SUCCESS': raise Exception('taxii_message.status_type is not SUCCESS') return 'Success !!' except Exception as e: traceback.print_exc() raise e finally: if cert_fd is not None: try: os.close(cert_fd) except Exception: pass if key_fd is not None: try: os.close(key_fd) except Exception: pass if 'cert_file' in auth_credentials_dict: try: os.remove(auth_credentials_dict['cert_file']) except Exception: pass if 'key_file' in auth_credentials_dict: try: os.remove(auth_credentials_dict['key_file']) except Exception: pass
def _get_inbox_message(self, cb): return tm11.InboxMessage( message_id=tm11.generate_message_id(), destination_collection_names=[self._collection_name], subscription_information=self._subscription_information, content_blocks=[cb], )
def push(s, collection, content, path="/"): msg_id=tm11.generate_message_id() content = tm11.ContentBlock(tm11.ContentBinding(t.CB_STIX_XML_11), content) # Create inbox request req = tm11.InboxMessage(message_id=msg_id, destination_collection_names=[collection], content_blocks=[content]) # Convert to XML for request body req_xml = req.to_xml() # Create HTTP client client = tc.HttpClient() client.setProxy('noproxy') # Call TAXII service, using the body resp = client.callTaxiiService2(s.host, path, t.VID_TAXII_XML_11, req_xml, s.port) # Get response resp = t.get_message_from_http_response(resp, '0') if resp.status_type != tm11.ST_SUCCESS: print("%s: %s" % (resp.status_type, resp.message))
def test_01(self): """ Sends an Inbox Message to an invalid URL. Should get back a 404 """ inbox_message = tm11.InboxMessage(generate_message_id()) msg = make_request(post_data=inbox_message.to_xml(), path='/Services/PathThatShouldNotWork/', expected_code=404)
def test_01(self): """ Send a message to test_inbox_1 with a valid destination collection name """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, ST_SUCCESS)
def test_09(self): """ Send a message to test_inbox_3 without a destination collection name """ inbox = tm11.InboxMessage(generate_message_id()) msg = make_request('/services/test_inbox_3/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_SUCCESS)
def test_08(self): """ Send a message to test_inbox_3 with a destination collection name """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) msg = make_request('/services/test_inbox_3/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_DESTINATION_COLLECTION_ERROR)
def test_03(self): """ Send a message to test_inbox_1 without a destination collection name """ inbox = tm11.InboxMessage(generate_message_id()) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_DESTINATION_COLLECTION_ERROR, sd_keys=[SD_ACCEPTABLE_DESTINATION])
def test_nonexistent_service_url(self): """ Sends an Inbox Message to an invalid URL. Should get back a 404. """ # TODO: Why do we actually need a payload to return a 404? Shouldn't an # empty message to a non-existent URL also return a 404? inbox_msg = tm11.InboxMessage(tm11.generate_message_id()) path = '/Services/PathThatShouldNotWork/' response = self.post(path, inbox_msg.to_xml()) self.assertEqual(404, response.status_code)
def test_10(self): """ Send an Inbox message with a Record Count """ inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default']) inbox.record_count = tm11.RecordCount(0, True) msg = make_request('/services/test_inbox_1/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_SUCCESS)
def taxii_inbox(config, dest, stix_package=None, src=None, crits_id=None): '''inbox a stix package via taxii''' if src and crits_id: # check whether this has already been ingested sync_state = config['db'].get_object_id(src, dest, crits_id=crits_id) if sync_state and sync_state.get('crits_id', None): if config['daemon']['debug']: config['logger'].debug( log.log_messages['object_already_ingested'].format( src_type='crits', src_id=crits_id, src=src, dest_type='edge', dest=dest, dest_id=sync_state['edge_id'])) return(True) if stix_package: stixroot = lxml.etree.fromstring(stix_package.to_xml()) client = tc.HttpClient() client.setUseHttps(config['edge']['sites'][dest]['taxii']['ssl']) client.setAuthType(client.AUTH_BASIC) client.setAuthCredentials( {'username': config['edge']['sites'][dest]['taxii']['user'], 'password': config['edge']['sites'][dest]['taxii']['pass']}) message = tm11.InboxMessage(message_id=tm11.generate_message_id()) content_block = tm11.ContentBlock(content_binding=t.CB_STIX_XML_11, content=stixroot) if config['edge']['sites'][dest]['taxii']['collection'] != \ 'system.Default': message.destination_collection_names = \ [config['edge']['sites'][dest]['taxii']['collection']] message.content_blocks.append(content_block) if config['daemon']['debug']: config['logger'].debug( log.log_messages[ 'open_session'].format(type_='taxii', host=dest)) taxii_response = client.callTaxiiService2( config['edge']['sites'][dest]['host'], config['edge']['sites'][dest]['taxii']['path'], t.VID_TAXII_XML_11, message.to_xml(), port=config['edge']['sites'][dest]['taxii']['port']) if taxii_response.code != 200 or taxii_response.msg != 'OK': success = False config['logger'].error( log.log_messages[ 'inbox_error'].format(type_='taxii', host=dest, msg=taxii_response.msg)) else: success = True if config['daemon']['debug']: config['logger'].debug( log.log_messages['inbox_success'].format(type_='taxii', host=dest)) return(success)
def push(self, content, content_binding, collection_names=None, timestamp=None, uri=None): """Push content into Inbox Service. if ``uri`` is not provided, client will try to discover services and find Inbox Service among them. :param str content: content to push :param content_binding: content binding for a content :type content_binding: string or :py:class:`cabby.entities.ContentBinding` :param list collection_names: destination collection names :param datetime timestamp: timestamp label of the content block (current UTC time by default) :param str uri: URI path to a specific Inbox Service :raises ValueError: if URI provided is invalid or schema is not supported :raises `cabby.exceptions.HTTPError`: if HTTP error happened :raises `cabby.exceptions.UnsuccessfulStatusError`: if Status Message received and status_type is not `SUCCESS` :raises `cabby.exceptions.ServiceNotFoundError`: if no service found :raises `cabby.exceptions.AmbiguousServicesError`: more than one service with type specified :raises `cabby.exceptions.NoURIProvidedError`: no URI provided and client can't discover services """ content_block = tm11.ContentBlock( content=content, content_binding=pack_content_binding(content_binding, version=11), timestamp_label=timestamp or get_utc_now(), ) inbox_message = tm11.InboxMessage(message_id=self._generate_id(), content_blocks=[content_block]) if collection_names: inbox_message.destination_collection_names.extend(collection_names) self._execute_request(inbox_message, uri=uri, service_type=const.SVC_INBOX) self.log.debug("Content block successfully pushed")
def make_inbox_message(version, blocks=None, dest_collection=None): if version == 10: inbox_message = tm10.InboxMessage(message_id=MESSAGE_ID, content_blocks=blocks) elif version == 11: inbox_message = tm11.InboxMessage(message_id=MESSAGE_ID, content_blocks=blocks) if dest_collection: inbox_message.destination_collection_names.append(dest_collection) else: raise ValueError('Unknown TAXII message version: %s' % version) return inbox_message
def test_05(self): """ Send a message to test_inbox_2 with an invalid destination collection name """ inbox = tm11.InboxMessage( generate_message_id(), destination_collection_names=['default_INVALID']) msg = make_request('/services/test_inbox_2/', inbox.to_xml(), get_headers(VID_TAXII_SERVICES_11, False), MSG_STATUS_MESSAGE, st=ST_NOT_FOUND, sd_keys=[SD_ITEM])
def push_11(self, stix_file_doc): self.debug_print('>>> push_11: enter') # stix_file_doc の versionが 2.0 ならスライド if stix_file_doc.version == '2.0': try: content = stix_file_doc.get_slide_1_x() except Exception as e: traceback.print_exc() raise e else: with open(stix_file_doc.origin_path, 'r', encoding='utf-8') as fp: content = fp.read() # Subscription Information xml作成 subscription_information = tm11.SubscriptionInformation( collection_name=self._collection_name, subscription_id='subscripiton_id') cb = tm11.ContentBlock(const.CB_STIX_XML_11, content) im = tm11.InboxMessage( message_id=tm11.generate_message_id(), destination_collection_names=[self._collection_name], subscription_information=subscription_information, content_blocks=[cb]) try: # push self._address = '10.0.3.100' # self.debug_print('>>> push_11: self._address:%s' %(self._address)) # self.debug_print('>>> push_11: self._path:%s' %(self._path)) # self.debug_print('>>> push_11: self._port:%d' %(self._port)) # self.debug_print('>>> push_11: self._collection_name:%s' %(self._collection_name)) # self.debug_print('>>> push_11: verify_server:%s' %(str(self._client.verify_server))) # self.debug_print('>>> push_11: use_https:%s' %(str(self._client.use_https))) http_resp = self._client.call_taxii_service2( self._address, self._path, const.VID_TAXII_XML_11, im.to_xml(), port=self._port) taxii_message = libtaxii.get_message_from_http_response( http_resp, im.message_id) if taxii_message.status_type != 'SUCCESS': self.debug_print('taxii_message.status_type is not SUCCESS') self.debug_print(taxii_message.to_xml(pretty_print=True)) raise Exception('taxii_message.status_type is not SUCCESS') except Exception as e: traceback.print_exc() self.debug_print(e) raise e
def gen_post(self, msg_type, xml): content_block = tm11.ContentBlock(tm11.ContentBinding(Client.BINDING_STIX), xml) if msg_type.lower() == 'inbox': post = tm11.InboxMessage(tm11.generate_message_id()) post.content_blocks.append(content_block) post.message = Client.CLIENT_MSG if self.subscription: post.subscription_id = self.subscription if self.collection: post.destination_collection_names.append(self.collection) return post
def create_request_message(self, args): if args.content_file is self.stix_watchlist: data = self.stix_watchlist else: with open(args.content_file, 'r') as f: data = f.read() cb = tm11.ContentBlock(tm11.ContentBinding(args.content_binding), data) if args.subtype is not None: cb.content_binding.subtype_ids.append(args.subtype) inbox_message = tm11.InboxMessage(message_id=tm11.generate_message_id(), content_blocks=[cb]) if args.dcn: inbox_message.destination_collection_names.append(args.dcn) return inbox_message
def main(): config = ConfigParser.ConfigParser() config.read('app.conf') dstHost = config.get('taxii', 'dstHost') dstPort = config.get('taxii', 'dstPort') dstPath = config.get('taxii', 'dstPath') username = config.get('taxii', 'username') password = config.get('taxii', 'password') parser = argparse.ArgumentParser(description="Inbox Client") parser.add_argument( "--host", dest="host", default=dstHost, help="Host where the Inbox Service is hosted. Defaults to " + dstHost) parser.add_argument( "--port", dest="port", default=dstPort, help="Port where the Inbox Service is hosted. Defaults to " + dstPort) parser.add_argument( "--path", dest="path", default=dstPath, help="Path where the Inbox Service is hosted. Defaults to " + dstPath) parser.add_argument( "--content-binding", dest="content_binding", default=t.CB_STIX_XML_11, help="Content binding of the Content Block to send. Defaults to %s" % t.CB_STIX_XML_11) parser.add_argument( "--content-file", dest="content_file", default=stixContent, help="File name of the Content Block to send. Required.") args = parser.parse_args() if args.content_file is '': parser.print_help() sys.exit(1) _l.info('Starting...') c = open(args.content_file, 'r') cb = tmsg.ContentBlock(tmsg.ContentBinding(args.content_binding), c.read()) c.close() taxiiMsg = tmsg.InboxMessage(message_id=tmsg.generate_message_id(), content_blocks=[cb]) taxiiMsgXml = taxiiMsg.to_xml() # send it _l.debug('Uploading content.') client = tc.HttpClient() client.setProxy('noproxy') client.setAuthType(tc.HttpClient.AUTH_BASIC) client.setAuthCredentials({'username': username, 'password': password}) resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_11, taxiiMsgXml, args.port) response_message = t.get_message_from_http_response(resp, '0') _l.debug('Response was: ' + response_message.to_xml()) _l.info('Ended.')