AIL-framework/bin/lib/objects/abstract_object.py

340 lines
11 KiB
Python
Raw Normal View History

# -*-coding:UTF-8 -*
"""
Base Class for AIL Objects
"""
##################################
# Import External packages
##################################
import os
import logging.config
import sys
from abc import ABC, abstractmethod
from pymisp import MISPObject
# from flask import url_for
sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from lib import ail_logger
from lib import Tag
from lib.ConfigLoader import ConfigLoader
from lib import Duplicate
from lib.correlations_engine import get_nb_correlations, get_correlations, add_obj_correlation, delete_obj_correlation, delete_obj_correlations, exists_obj_correlation, is_obj_correlated, get_nb_correlation_by_correl_type, get_obj_inter_correlation
from lib.Investigations import is_object_investigated, get_obj_investigations, delete_obj_investigations
from lib.relationships_engine import get_obj_nb_relationships, add_obj_relationship
from lib.Tracker import is_obj_tracked, get_obj_trackers, delete_obj_trackers
logging.config.dictConfig(ail_logger.get_config(name='ail'))
config_loader = ConfigLoader()
# r_cache = config_loader.get_redis_conn("Redis_Cache")
r_object = config_loader.get_db_conn("Kvrocks_Objects")
config_loader = None
class AbstractObject(ABC):
"""
Abstract Object
"""
def __init__(self, obj_type, id, subtype=None):
""" Abstract for all the AIL object
:param obj_type: object type (item, ...)
:param id: Object ID
"""
self.id = id
self.type = obj_type
self.subtype = subtype
self.logger = logging.getLogger(f'{self.__class__.__name__}')
def get_id(self):
return self.id
def get_type(self):
return self.type
def get_subtype(self, r_str=False):
if not self.subtype:
if r_str:
return ''
return self.subtype
def get_global_id(self):
return f'{self.get_type()}:{self.get_subtype(r_str=True)}:{self.get_id()}'
def get_default_meta(self, tags=False, link=False):
dict_meta = {'id': self.get_id(),
'type': self.get_type(),
'subtype': self.get_subtype(r_str=True)}
if tags:
dict_meta['tags'] = self.get_tags()
if link:
dict_meta['link'] = self.get_link()
return dict_meta
def _get_field(self, field):
if self.subtype is None:
return r_object.hget(f'meta:{self.type}:{self.id}', field)
else:
return r_object.hget(f'meta:{self.type}:{self.get_subtype(r_str=True)}:{self.id}', field)
def _set_field(self, field, value):
if self.subtype is None:
return r_object.hset(f'meta:{self.type}:{self.id}', field, value)
else:
return r_object.hset(f'meta:{self.type}:{self.get_subtype(r_str=True)}:{self.id}', field, value)
## Tags ##
def get_tags(self, r_list=False):
tags = Tag.get_object_tags(self.type, self.id, self.get_subtype(r_str=True))
if r_list:
tags = list(tags)
return tags
def add_tag(self, tag):
Tag.add_object_tag(tag, self.type, self.id, subtype=self.get_subtype(r_str=True))
def is_tags_safe(self, tags=None):
if not tags:
tags = self.get_tags()
return Tag.is_tags_safe(tags)
## -Tags- ##
@abstractmethod
def get_content(self):
"""
Get Object Content
"""
pass
## Duplicates ##
def get_duplicates(self):
return Duplicate.get_obj_duplicates(self.type, self.get_subtype(r_str=True), self.id)
def add_duplicate(self, algo, similarity, id_2):
return Duplicate.add_obj_duplicate(algo, similarity, self.type, self.get_subtype(r_str=True), self.id, id_2)
## -Duplicates- ##
## Investigations ##
def is_investigated(self):
if not self.subtype:
is_investigated = is_object_investigated(self.id, self.type)
else:
is_investigated = is_object_investigated(self.id, self.type, self.subtype)
return is_investigated
def get_investigations(self):
if not self.subtype:
investigations = get_obj_investigations(self.id, self.type)
else:
investigations = get_obj_investigations(self.id, self.type, self.subtype)
return investigations
def delete_investigations(self):
if not self.subtype:
unregistered = delete_obj_investigations(self.id, self.type)
else:
unregistered = delete_obj_investigations(self.id, self.type, self.subtype)
return unregistered
## -Investigations- ##
## Trackers ##
def is_tracked(self):
return is_obj_tracked(self.type, self.subtype, self.id)
def get_trackers(self):
return get_obj_trackers(self.type, self.subtype, self.id)
def delete_trackers(self):
return delete_obj_trackers(self.type, self.subtype, self.id)
## -Trackers- ##
def _delete(self):
# DELETE TAGS
Tag.delete_object_tags(self.type, self.get_subtype(r_str=True), self.id)
# remove from tracker
self.delete_trackers()
# remove from retro hunt currently item only TODO
# remove from investigations
self.delete_investigations()
# Delete Correlations
delete_obj_correlations(self.type, self.get_subtype(r_str=True), self.id)
@abstractmethod
def delete(self):
"""
Delete Object: used for the Data Retention
"""
pass
@abstractmethod
def exists(self):
"""
Exists Object
"""
pass
@abstractmethod
def get_meta(self, options=set()):
"""
get Object metadata
"""
pass
@abstractmethod
def get_link(self, flask_context=False):
pass
@abstractmethod
def get_svg_icon(self):
"""
Get object svg icon
"""
pass
@abstractmethod
def get_misp_object(self):
pass
@staticmethod
def get_misp_object_tags(misp_obj):
"""
:type misp_obj: MISPObject
"""
if misp_obj.attributes:
misp_tags = misp_obj.attributes[0].tags
tags = []
for tag in misp_tags:
tags.append(tag.name)
return tags
else:
return []
## Correlation ##
def _get_external_correlation(self, req_type, req_subtype, req_id, obj_type):
"""
Get object correlation
"""
return get_correlations(req_type, req_subtype, req_id, filter_types=[obj_type])
def get_correlation(self, obj_type):
"""
Get object correlation
"""
return get_correlations(self.type, self.subtype, self.id, filter_types=[obj_type])
def get_correlations(self, filter_types=[], unpack=False):
2022-08-19 16:53:31 +02:00
"""
Get object correlations
"""
return get_correlations(self.type, self.subtype, self.id, filter_types=filter_types, unpack=unpack)
2022-08-19 16:53:31 +02:00
def get_nb_correlation(self, correl_type):
return get_nb_correlation_by_correl_type(self.type, self.get_subtype(r_str=True), self.id, correl_type)
2022-11-22 10:47:15 +01:00
def get_nb_correlations(self, filter_types=[]):
return get_nb_correlations(self.type, self.subtype, self.id, filter_types=filter_types)
2022-08-19 16:53:31 +02:00
def add_correlation(self, type2, subtype2, id2):
"""
Add object correlation
"""
add_obj_correlation(self.type, self.subtype, self.id, type2, subtype2, id2)
def exists_correlation(self, type2):
"""
Check if an object is correlated
"""
return exists_obj_correlation(self.type, self.subtype, self.id, type2)
def is_correlated(self, type2, subtype2, id2):
"""
Check if an object is correlated by another object
"""
return is_obj_correlated(self.type, self.subtype, self.id, type2, subtype2, id2)
def are_correlated(self, object2):
"""
Check if an object is correlated with another Object
:type object2 AbstractObject
"""
return is_obj_correlated(self.type, self.subtype, self.id,
object2.get_type(), object2.get_subtype(r_str=True), object2.get_id())
def get_correlation_iter(self, obj_type2, subtype2, obj_id2, correl_type):
return get_obj_inter_correlation(self.type, self.get_subtype(r_str=True), self.id, obj_type2, subtype2, obj_id2, correl_type)
def get_correlation_iter_obj(self, object2, correl_type):
return self.get_correlation_iter(object2.get_type(), object2.get_subtype(r_str=True), object2.get_id(), correl_type)
2022-08-19 16:53:31 +02:00
def delete_correlation(self, type2, subtype2, id2):
"""
Get object correlations
"""
delete_obj_correlation(self.type, self.subtype, self.id, type2, subtype2, id2)
## -Correlation- ##
## Relationship ##
def get_nb_relationships(self, filter=[]):
return get_obj_nb_relationships(self.get_global_id())
def add_relationship(self, obj2_global_id, relationship, source=True):
# is source
if source:
print(self.get_global_id(), obj2_global_id, relationship)
add_obj_relationship(self.get_global_id(), obj2_global_id, relationship)
# is target
else:
add_obj_relationship(obj2_global_id, self.get_global_id(), relationship)
## -Relationship- ##
## Parent ##
def is_parent(self):
return r_object.exists(f'child:{self.type}:{self.get_subtype(r_str=True)}:{self.id}')
def is_children(self):
return r_object.hexists(f'meta:{self.type}:{self.get_subtype(r_str=True)}:{self.id}', 'parent')
def get_parent(self):
return r_object.hget(f'meta:{self.type}:{self.get_subtype(r_str=True)}:{self.id}', 'parent')
2023-11-02 16:28:33 +01:00
def get_childrens(self):
return r_object.smembers(f'child:{self.type}:{self.get_subtype(r_str=True)}:{self.id}')
2023-11-02 16:28:33 +01:00
def set_parent(self, obj_type=None, obj_subtype=None, obj_id=None, obj_global_id=None): # TODO # REMOVE ITEM DUP
if not obj_global_id:
if obj_subtype is None:
obj_subtype = ''
obj_global_id = f'{obj_type}:{obj_subtype}:{obj_id}'
r_object.hset(f'meta:{self.type}:{self.get_subtype(r_str=True)}:{self.id}', 'parent', obj_global_id)
2023-11-06 14:08:23 +01:00
r_object.sadd(f'child:{obj_global_id}', self.get_global_id())
2023-11-02 16:28:33 +01:00
def add_children(self, obj_type=None, obj_subtype=None, obj_id=None, obj_global_id=None): # TODO # REMOVE ITEM DUP
if not obj_global_id:
if obj_subtype is None:
obj_subtype = ''
obj_global_id = f'{obj_type}:{obj_subtype}:{obj_id}'
r_object.sadd(f'child:{self.type}:{self.get_subtype(r_str=True)}:{self.id}', obj_global_id)
2023-11-06 14:08:23 +01:00
r_object.hset(f'meta:{obj_global_id}', 'parent', self.get_global_id())
2023-11-02 16:28:33 +01:00
## others objects ##
def add_obj_children(self, parent_global_id, son_global_id):
r_object.sadd(f'child:{parent_global_id}', son_global_id)
r_object.hset(f'meta:{son_global_id}', 'parent', parent_global_id)
## Parent ##