2022-03-07 15:12:01 +01:00
|
|
|
# -*-coding:UTF-8 -*
|
|
|
|
"""
|
|
|
|
Base Class for AIL Objects
|
|
|
|
"""
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# Import External packages
|
|
|
|
##################################
|
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
from abc import ABC, abstractmethod
|
2022-11-28 15:01:40 +01:00
|
|
|
from pymisp import MISPObject
|
2022-03-07 15:12:01 +01:00
|
|
|
|
2022-11-28 15:01:40 +01:00
|
|
|
# from flask import url_for
|
2022-03-07 15:12:01 +01:00
|
|
|
|
|
|
|
sys.path.append(os.environ['AIL_BIN'])
|
|
|
|
##################################
|
|
|
|
# Import Project packages
|
|
|
|
##################################
|
2022-09-01 14:04:00 +02:00
|
|
|
from lib import Tag
|
2022-07-13 15:10:27 +02:00
|
|
|
from lib import Duplicate
|
2023-05-04 16:35:56 +02:00
|
|
|
from lib.correlations_engine import get_nb_correlations, get_correlations, add_obj_correlation, delete_obj_correlation, delete_obj_correlations, exists_obj_correlation, is_obj_correlated, get_nb_correlation_by_correl_type
|
2022-07-08 09:47:47 +02:00
|
|
|
from lib.Investigations import is_object_investigated, get_obj_investigations, delete_obj_investigations
|
2023-05-04 16:35:56 +02:00
|
|
|
from lib.Tracker import is_obj_tracked, get_obj_trackers, delete_obj_trackers
|
2022-03-07 15:12:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
class AbstractObject(ABC):
|
|
|
|
"""
|
|
|
|
Abstract Object
|
|
|
|
"""
|
|
|
|
|
|
|
|
# first seen last/seen ??
|
|
|
|
# # TODO: - tags
|
2022-11-28 15:01:40 +01:00
|
|
|
# - handle + refactor correlations
|
2022-03-07 15:12:01 +01:00
|
|
|
# - creates others objects
|
|
|
|
|
|
|
|
def __init__(self, obj_type, id, subtype=None):
|
|
|
|
""" Abstract for all the AIL object
|
|
|
|
|
|
|
|
:param obj_type: object type (item, ...)
|
|
|
|
:param id: Object ID
|
|
|
|
"""
|
|
|
|
self.id = id
|
|
|
|
self.type = obj_type
|
|
|
|
self.subtype = subtype
|
|
|
|
|
|
|
|
def get_id(self):
|
|
|
|
return self.id
|
|
|
|
|
|
|
|
def get_type(self):
|
|
|
|
return self.type
|
|
|
|
|
|
|
|
def get_subtype(self, r_str=False):
|
|
|
|
if not self.subtype:
|
|
|
|
if r_str:
|
|
|
|
return ''
|
|
|
|
return self.subtype
|
|
|
|
|
2022-11-28 15:01:40 +01:00
|
|
|
def get_global_id(self):
|
|
|
|
return f'{self.get_type()}:{self.get_subtype(r_str=True)}:{self.get_id()}'
|
|
|
|
|
2022-03-07 15:12:01 +01:00
|
|
|
def get_default_meta(self, tags=False):
|
|
|
|
dict_meta = {'id': self.get_id(),
|
|
|
|
'type': self.get_type(),
|
|
|
|
'subtype': self.get_subtype()}
|
|
|
|
if tags:
|
|
|
|
dict_meta['tags'] = self.get_tags()
|
|
|
|
return dict_meta
|
|
|
|
|
|
|
|
## Tags ##
|
2022-09-20 16:11:48 +02:00
|
|
|
def get_tags(self, r_list=False):
|
2022-09-01 14:04:00 +02:00
|
|
|
tags = Tag.get_object_tags(self.type, self.id, self.get_subtype(r_str=True))
|
2022-09-20 16:11:48 +02:00
|
|
|
if r_list:
|
|
|
|
tags = list(tags)
|
2022-03-07 15:12:01 +01:00
|
|
|
return tags
|
|
|
|
|
|
|
|
## ADD TAGS ????
|
2022-09-01 14:04:00 +02:00
|
|
|
def add_tag(self, tag):
|
|
|
|
Tag.add_object_tag(tag, self.type, self.id, subtype=self.get_subtype(r_str=True))
|
2022-03-07 15:12:01 +01:00
|
|
|
|
2022-11-28 15:01:40 +01:00
|
|
|
def is_tags_safe(self, tags=None):
|
|
|
|
if not tags:
|
|
|
|
tags = self.get_tags()
|
|
|
|
return Tag.is_tags_safe(tags)
|
|
|
|
|
2022-03-07 15:12:01 +01:00
|
|
|
#- Tags -#
|
|
|
|
|
2023-05-04 16:35:56 +02:00
|
|
|
@abstractmethod
|
|
|
|
def get_content(self):
|
|
|
|
"""
|
|
|
|
Get Object Content
|
|
|
|
"""
|
|
|
|
pass
|
|
|
|
|
2022-11-29 16:01:01 +01:00
|
|
|
## Duplicates ##
|
|
|
|
def get_duplicates(self):
|
|
|
|
return Duplicate.get_obj_duplicates(self.type, self.get_subtype(r_str=True), self.id)
|
|
|
|
|
|
|
|
def add_duplicate(self, algo, similarity, id_2):
|
|
|
|
return Duplicate.add_obj_duplicate(algo, similarity, self.type, self.get_subtype(r_str=True), self.id, id_2)
|
|
|
|
# -Duplicates -#
|
|
|
|
|
2022-03-07 15:12:01 +01:00
|
|
|
## Investigations ##
|
|
|
|
# # TODO: unregister =====
|
|
|
|
|
|
|
|
def is_investigated(self):
|
|
|
|
if not self.subtype:
|
|
|
|
is_investigated = is_object_investigated(self.id, self.type)
|
|
|
|
else:
|
|
|
|
is_investigated = is_object_investigated(self.id, self.type, self.subtype)
|
|
|
|
return is_investigated
|
|
|
|
|
|
|
|
def get_investigations(self):
|
|
|
|
if not self.subtype:
|
|
|
|
investigations = get_obj_investigations(self.id, self.type)
|
|
|
|
else:
|
|
|
|
investigations = get_obj_investigations(self.id, self.type, self.subtype)
|
|
|
|
return investigations
|
2022-07-08 09:47:47 +02:00
|
|
|
|
|
|
|
def delete_investigations(self):
|
|
|
|
if not self.subtype:
|
2022-11-28 15:01:40 +01:00
|
|
|
unregistered = delete_obj_investigations(self.id, self.type)
|
2022-07-08 09:47:47 +02:00
|
|
|
else:
|
2022-11-28 15:01:40 +01:00
|
|
|
unregistered = delete_obj_investigations(self.id, self.type, self.subtype)
|
|
|
|
return unregistered
|
2022-07-08 09:47:47 +02:00
|
|
|
|
2022-03-07 15:12:01 +01:00
|
|
|
#- Investigations -#
|
|
|
|
|
2022-03-11 09:29:48 +01:00
|
|
|
## Trackers ##
|
|
|
|
|
|
|
|
def is_tracked(self):
|
|
|
|
return is_obj_tracked(self.type, self.subtype, self.id)
|
|
|
|
|
|
|
|
def get_trackers(self):
|
2023-05-04 16:35:56 +02:00
|
|
|
return get_obj_trackers(self.type, self.subtype, self.id)
|
2022-03-11 09:29:48 +01:00
|
|
|
|
2022-07-08 09:47:47 +02:00
|
|
|
def delete_trackers(self):
|
|
|
|
return delete_obj_trackers(self.type, self.subtype, self.id)
|
|
|
|
|
2022-11-28 15:01:40 +01:00
|
|
|
#- Trackers -#
|
2022-03-11 09:29:48 +01:00
|
|
|
|
2022-03-07 15:12:01 +01:00
|
|
|
def _delete(self):
|
|
|
|
# DELETE TAGS
|
2023-05-04 16:35:56 +02:00
|
|
|
Tag.delete_object_tags(self.type, self.get_subtype(r_str=True), self.id)
|
2022-07-08 09:47:47 +02:00
|
|
|
# remove from tracker
|
|
|
|
self.delete_trackers()
|
2023-05-04 16:35:56 +02:00
|
|
|
# remove from retro hunt currently item only TODO
|
2022-07-08 09:47:47 +02:00
|
|
|
# remove from investigations
|
|
|
|
self.delete_investigations()
|
2023-05-04 16:35:56 +02:00
|
|
|
# Delete Correlations
|
|
|
|
delete_obj_correlations(self.type, self.get_subtype(r_str=True), self.id)
|
2022-03-07 15:12:01 +01:00
|
|
|
|
|
|
|
@abstractmethod
|
|
|
|
def delete(self):
|
|
|
|
"""
|
|
|
|
Delete Object: used for the Data Retention
|
|
|
|
"""
|
|
|
|
pass
|
|
|
|
|
2022-09-20 16:11:48 +02:00
|
|
|
@abstractmethod
|
|
|
|
def exists(self):
|
|
|
|
"""
|
|
|
|
Exists Object
|
|
|
|
"""
|
|
|
|
pass
|
|
|
|
|
2022-09-01 14:04:00 +02:00
|
|
|
@abstractmethod
|
2022-10-25 16:25:19 +02:00
|
|
|
def get_meta(self, options=set()):
|
2022-09-01 14:04:00 +02:00
|
|
|
"""
|
|
|
|
get Object metadata
|
|
|
|
"""
|
|
|
|
pass
|
2022-03-07 15:12:01 +01:00
|
|
|
|
2022-07-08 09:47:47 +02:00
|
|
|
@abstractmethod
|
|
|
|
def get_link(self, flask_context=False):
|
|
|
|
pass
|
|
|
|
|
2022-03-07 15:12:01 +01:00
|
|
|
@abstractmethod
|
|
|
|
def get_svg_icon(self):
|
|
|
|
"""
|
|
|
|
Get object svg icon
|
|
|
|
"""
|
|
|
|
pass
|
|
|
|
|
|
|
|
@abstractmethod
|
2022-07-08 09:47:47 +02:00
|
|
|
def get_misp_object(self):
|
2022-03-07 15:12:01 +01:00
|
|
|
pass
|
|
|
|
|
2022-11-28 15:01:40 +01:00
|
|
|
@staticmethod
|
|
|
|
def get_misp_object_first_last_seen(misp_obj):
|
|
|
|
"""
|
|
|
|
:type misp_obj: MISPObject
|
|
|
|
"""
|
|
|
|
first_seen = misp_obj.get('first_seen')
|
|
|
|
last_seen = misp_obj.get('last_seen')
|
|
|
|
return first_seen, last_seen
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def get_misp_object_tags(misp_obj):
|
|
|
|
"""
|
|
|
|
:type misp_obj: MISPObject
|
|
|
|
"""
|
|
|
|
if misp_obj.attributes:
|
|
|
|
misp_tags = misp_obj.attributes[0].tags
|
|
|
|
tags = []
|
|
|
|
for tag in misp_tags:
|
|
|
|
tags.append(tag.name)
|
|
|
|
return tags
|
|
|
|
else:
|
|
|
|
return []
|
|
|
|
|
2022-10-25 16:25:19 +02:00
|
|
|
def _get_external_correlation(self, req_type, req_subtype, req_id, obj_type):
|
|
|
|
"""
|
|
|
|
Get object correlation
|
|
|
|
"""
|
|
|
|
return get_correlations(req_type, req_subtype, req_id, filter_types=[obj_type])
|
|
|
|
|
|
|
|
def get_correlation(self, obj_type):
|
|
|
|
"""
|
|
|
|
Get object correlation
|
|
|
|
"""
|
|
|
|
return get_correlations(self.type, self.subtype, self.id, filter_types=[obj_type])
|
|
|
|
|
2023-04-21 10:26:14 +02:00
|
|
|
def get_correlations(self, filter_types=[], unpack=False):
|
2022-08-19 16:53:31 +02:00
|
|
|
"""
|
|
|
|
Get object correlations
|
|
|
|
"""
|
2023-04-21 10:26:14 +02:00
|
|
|
return get_correlations(self.type, self.subtype, self.id, filter_types=filter_types, unpack=unpack)
|
2022-08-19 16:53:31 +02:00
|
|
|
|
2023-01-09 16:03:06 +01:00
|
|
|
def get_nb_correlation(self, correl_type):
|
|
|
|
return get_nb_correlation_by_correl_type(self.type, self.get_subtype(r_str=True), self.id, correl_type)
|
|
|
|
|
2022-11-22 10:47:15 +01:00
|
|
|
def get_nb_correlations(self, filter_types=[]):
|
|
|
|
return get_nb_correlations(self.type, self.subtype, self.id, filter_types=filter_types)
|
|
|
|
|
2022-08-19 16:53:31 +02:00
|
|
|
def add_correlation(self, type2, subtype2, id2):
|
|
|
|
"""
|
|
|
|
Add object correlation
|
|
|
|
"""
|
|
|
|
add_obj_correlation(self.type, self.subtype, self.id, type2, subtype2, id2)
|
|
|
|
|
|
|
|
def exists_correlation(self, type2):
|
|
|
|
"""
|
|
|
|
Check if an object is correlated
|
|
|
|
"""
|
|
|
|
return exists_obj_correlation(self.type, self.subtype, self.id, type2)
|
|
|
|
|
|
|
|
def is_correlated(self, type2, subtype2, id2):
|
|
|
|
"""
|
|
|
|
Check if an object is correlated by another object
|
|
|
|
"""
|
|
|
|
return is_obj_correlated(self.type, self.subtype, self.id, type2, subtype2, id2)
|
|
|
|
|
2023-01-16 16:27:49 +01:00
|
|
|
def are_correlated(self, object2):
|
|
|
|
"""
|
|
|
|
Check if an object is correlated with another Object
|
|
|
|
:type object2 AbstractObject
|
|
|
|
"""
|
|
|
|
return is_obj_correlated(self.type, self.subtype, self.id,
|
|
|
|
object2.get_type(), object2.get_subtype(r_str=True), object2.get_id())
|
|
|
|
|
2022-08-19 16:53:31 +02:00
|
|
|
def delete_correlation(self, type2, subtype2, id2):
|
|
|
|
"""
|
|
|
|
Get object correlations
|
|
|
|
"""
|
|
|
|
delete_obj_correlation(self.type, self.subtype, self.id, type2, subtype2, id2)
|
2022-03-07 15:12:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
# # TODO: get favicon
|
|
|
|
# # TODO: get url
|
|
|
|
# # TODO: get metadata
|