From 0cbcf288180029812cc9f3a02df6cde6a2f6dfc1 Mon Sep 17 00:00:00 2001 From: terrtia Date: Thu, 5 Sep 2024 16:40:24 +0200 Subject: [PATCH] chg: [UI + API] update endpoints ACL --- var/www/blueprints/ail_2_ail_sync.py | 2 +- var/www/blueprints/api_rest.py | 30 +++++++------- var/www/blueprints/chats_explorer.py | 6 +-- var/www/blueprints/correlation.py | 4 +- var/www/blueprints/crawler_splash.py | 40 +++++++++---------- var/www/blueprints/hunters.py | 16 ++++---- var/www/blueprints/import_export.py | 24 ++++++----- var/www/blueprints/investigations_b.py | 14 +++---- var/www/blueprints/languages_ui.py | 6 +-- var/www/blueprints/objects_cookie_name.py | 2 +- var/www/blueprints/objects_cve.py | 2 +- var/www/blueprints/objects_decoded.py | 21 +++++----- var/www/blueprints/objects_etag.py | 2 +- var/www/blueprints/objects_favicon.py | 2 +- var/www/blueprints/objects_hhhash.py | 2 +- var/www/blueprints/objects_image.py | 2 +- var/www/blueprints/objects_item.py | 18 ++++----- var/www/blueprints/objects_ocr.py | 2 +- var/www/blueprints/objects_subtypes.py | 2 +- var/www/blueprints/objects_title.py | 6 +-- var/www/blueprints/old_endpoints.py | 2 +- var/www/blueprints/root.py | 4 +- var/www/blueprints/settings_b.py | 4 +- var/www/blueprints/tags_ui.py | 32 +++++++-------- .../modules/PasteSubmit/Flask_PasteSubmit.py | 8 ++-- var/www/modules/Role_Manager.py | 4 +- var/www/modules/dashboard/Flask_dashboard.py | 2 +- var/www/modules/search/Flask_search.py | 6 +-- var/www/modules/sentiment/Flask_sentiment.py | 2 +- .../trendingcharts/Flask_trendingcharts.py | 2 +- .../trendingmodules/Flask_trendingmodules.py | 2 +- 31 files changed, 138 insertions(+), 133 deletions(-) diff --git a/var/www/blueprints/ail_2_ail_sync.py b/var/www/blueprints/ail_2_ail_sync.py index 9b930f3e..8d9fef3b 100644 --- a/var/www/blueprints/ail_2_ail_sync.py +++ b/var/www/blueprints/ail_2_ail_sync.py @@ -16,7 +16,7 @@ sys.path.append('modules') import Flask_config # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/api_rest.py b/var/www/blueprints/api_rest.py index aa2cf918..def6e28a 100644 --- a/var/www/blueprints/api_rest.py +++ b/var/www/blueprints/api_rest.py @@ -92,24 +92,24 @@ def create_json_response(data, status_code): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @api_rest.route("api/v1/ping", methods=['GET']) -@token_required('read_only') +@token_required('user') def v1_ping(): return create_json_response({'status': 'pong'}, 200) @api_rest.route("api/v1/uuid", methods=['GET']) -@token_required('read_only') +@token_required('user') def v1_uuid(): ail_uid = ail_core.get_ail_uuid() return create_json_response({'uuid': ail_uid}, 200) @api_rest.route("api/v1/version", methods=['GET']) -@token_required('read_only') +@token_required('user') def v1_version(): version = ail_updates.get_ail_version() return create_json_response({'version': version}, 200) @api_rest.route("api/v1/pyail/version", methods=['GET']) -@token_required('read_only') +@token_required('user') def v1_pyail_version(): ail_version = 'v1.0.0' return create_json_response({'version': ail_version}, 200) @@ -120,7 +120,7 @@ def v1_pyail_version(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # TODO: ADD RESULT JSON Response @api_rest.route("api/v1/add/crawler/task", methods=['POST']) # TODO V2 Migration -@token_required('analyst') +@token_required('user') def add_crawler_task(): data = request.get_json() user_token = get_auth_from_header() @@ -134,7 +134,7 @@ def add_crawler_task(): @api_rest.route("api/v1/add/crawler/capture", methods=['POST']) # TODO V2 Migration -@token_required('analyst') +@token_required('user') def add_crawler_capture(): data = request.get_json() user_token = get_auth_from_header() @@ -160,7 +160,7 @@ def import_json_item(): # # # # # # # # # # # # # # # OBJECTS # # # # # # # # # # # # # # # # # # # TODO LIST OBJ TYPES + SUBTYPES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @api_rest.route("api/v1/object", methods=['GET']) # TODO options -@token_required('read_only') +@token_required('user') def v1_object(): obj_gid = request.args.get('gid') if obj_gid: @@ -174,14 +174,14 @@ def v1_object(): @api_rest.route("api/v1/obj/gid/", methods=['GET']) # TODO REMOVE ME ???? -@token_required('read_only') +@token_required('user') def v1_object_global_id(object_global_id): r = ail_objects.api_get_object_global_id(object_global_id) return create_json_response(r[0], r[1]) # @api_rest.route("api/v1/object///", methods=['GET']) @api_rest.route("api/v1/obj//", methods=['GET']) # TODO REMOVE ME ???? -@token_required('read_only') +@token_required('user') def v1_object_type_id(object_type, object_id): r = ail_objects.api_get_object_type_id(object_type, object_id) return create_json_response(r[0], r[1]) @@ -191,7 +191,7 @@ def v1_object_type_id(object_type, object_id): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @api_rest.route("api/v1/chat/messages", methods=['GET']) -@token_required('analyst') +@token_required('user') def objects_chat_messages(): obj_subtype = request.args.get('subtype') obj_id = request.args.get('id') @@ -199,7 +199,7 @@ def objects_chat_messages(): return create_json_response(r[0], r[1]) @api_rest.route("api/v1/chat-subchannel/messages", methods=['GET']) -@token_required('analyst') +@token_required('user') def objects_chat_subchannel_messages(): obj_subtype = request.args.get('subtype') obj_id = request.args.get('id') @@ -207,7 +207,7 @@ def objects_chat_subchannel_messages(): return create_json_response(r[0], r[1]) @api_rest.route("api/v1/chat-thread/messages", methods=['GET']) -@token_required('analyst') +@token_required('user') def objects_chat_thread_messages(): obj_subtype = request.args.get('subtype') obj_id = request.args.get('id') @@ -219,14 +219,14 @@ def objects_chat_thread_messages(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @api_rest.route("api/v1/titles/download", methods=['GET']) # TODO RENAME ->api/v1/titles/domains -@token_required('analyst') +@token_required('user') def objects_titles_download(): return create_json_response(Titles.Titles().get_contents_ids(), 200) # TODO @api_rest.route("api/v1/titles/download/unsafe", methods=['GET']) # TODO RENAME ->api/v1/titles/domains/unsafe -@token_required('analyst') +@token_required('user') def objects_titles_download_unsafe(): all_titles = {} unsafe_tags = Tag.unsafe_tags @@ -249,7 +249,7 @@ def objects_titles_download_unsafe(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @api_rest.route("api/v1/investigation/", methods=['GET']) # TODO options -@token_required('read_only') +@token_required('user') def v1_investigation(investigation_uuid): user_token = get_auth_from_header() user_org, user_id, user_role = ail_api.get_basic_user_meta(user_token) diff --git a/var/www/blueprints/chats_explorer.py b/var/www/blueprints/chats_explorer.py index 7ac3db7a..b50a9e59 100644 --- a/var/www/blueprints/chats_explorer.py +++ b/var/www/blueprints/chats_explorer.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required, current_user # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only, login_user_no_api sys.path.append(os.environ['AIL_BIN']) ################################## @@ -246,7 +246,7 @@ def objects_message(): @chats_explorer.route("/objects/message/translate", methods=['POST']) @login_required -@login_read_only +@login_user_no_api def objects_message_translate(): message_id = request.form.get('id') source = request.form.get('language_target') @@ -265,7 +265,7 @@ def objects_message_translate(): @chats_explorer.route("/objects/message/detect/language", methods=['GET']) @login_required -@login_read_only +@login_user_no_api def objects_message_detect_language(): message_id = request.args.get('id') target = request.args.get('target') diff --git a/var/www/blueprints/correlation.py b/var/www/blueprints/correlation.py index 0674e0b2..278e2b6d 100644 --- a/var/www/blueprints/correlation.py +++ b/var/www/blueprints/correlation.py @@ -16,7 +16,7 @@ sys.path.append('modules') import Flask_config # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) @@ -206,7 +206,7 @@ def correlation_delete(): @correlation.route('/correlation/tags/add', methods=['POST']) @login_required -@login_analyst +@login_admin def correlation_tags_add(): obj_id = request.form.get('tag_obj_id') subtype = request.form.get('tag_subtype', '') diff --git a/var/www/blueprints/crawler_splash.py b/var/www/blueprints/crawler_splash.py index f18e246f..25def1d9 100644 --- a/var/www/blueprints/crawler_splash.py +++ b/var/www/blueprints/crawler_splash.py @@ -19,7 +19,7 @@ sys.path.append('modules') import Flask_config # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only, login_user_no_api +from Role_Manager import login_admin, login_user, login_user_no_api, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -110,7 +110,7 @@ def manual(): @crawler_splash.route("/crawlers/send_to_spider", methods=['POST']) @login_required -@login_analyst +@login_user_no_api def send_to_spider(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -222,7 +222,7 @@ def schedule_show(): @crawler_splash.route("/crawlers/schedule/delete", methods=['GET']) @login_required -@login_analyst +@login_admin def schedule_delete(): schedule_uuid = request.args.get('uuid') schedule = crawlers.CrawlerSchedule(schedule_uuid) @@ -235,7 +235,7 @@ def schedule_delete(): @crawler_splash.route("/crawlers/blacklist", methods=['GET']) @login_required -@login_analyst +@login_admin def crawler_blacklist(): domain = request.args.get('domain') if domain: @@ -258,7 +258,7 @@ def crawler_blacklist(): @crawler_splash.route("/crawlers/blacklist/delete", methods=['GET']) @login_required -@login_analyst +@login_admin def crawler_blacklist_delete(): domain = request.args.get('domain') res = crawlers.api_unblacklist_domain({'domain': domain}) @@ -540,7 +540,7 @@ def domains_search_languages_get(): @crawler_splash.route('/domains/name/search', methods=['GET']) @login_required -@login_analyst +@login_user def domains_search_name(): name = request.args.get('name') page = request.args.get('page') @@ -565,7 +565,7 @@ def domains_search_name(): @crawler_splash.route('/domains/date', methods=['GET']) @login_required -@login_analyst +@login_read_only def domains_search_date(): # TODO sanitize type + date dom_types = request.args.get('type') @@ -601,7 +601,7 @@ def domains_search_date(): @crawler_splash.route('/domains/date/post', methods=['POST']) @login_required -@login_analyst +@login_read_only def domains_search_date_post(): domain_type = request.form.get('type') date_from = request.form.get('date_from') @@ -614,7 +614,7 @@ def domains_search_date_post(): @crawler_splash.route('/domains/explorer/vanity', methods=['GET']) @login_required -@login_analyst +@login_read_only def domains_explorer_vanity_clusters(): nb_min = request.args.get('min', 4) if int(nb_min) < 0: @@ -625,7 +625,7 @@ def domains_explorer_vanity_clusters(): @crawler_splash.route('/domains/explorer/vanity/explore', methods=['GET']) @login_required -@login_analyst +@login_read_only def domains_explorer_vanity_explore(): vanity = request.args.get('vanity') nb_min = request.args.get('min', 2) # TODO SHOW DOMAINS OPTIONS + HARD CODED DOMAINS LIMIT FOR RENDER @@ -649,14 +649,14 @@ def domains_explorer_vanity_explore(): ## Cookiejar ## @crawler_splash.route('/crawler/cookiejar/add', methods=['GET']) @login_required -@login_analyst +@login_user_no_api def crawler_cookiejar_add(): return render_template("add_cookiejar.html") @crawler_splash.route('/crawler/cookiejar/add_post', methods=['POST']) @login_required -@login_analyst +@login_user_no_api def crawler_cookiejar_add_post(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -756,7 +756,7 @@ def crawler_cookiejar_cookie_delete(): @crawler_splash.route('/crawler/cookiejar/delete', methods=['GET']) @login_required -@login_analyst +@login_user_no_api def crawler_cookiejar_delete(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -771,7 +771,7 @@ def crawler_cookiejar_delete(): @crawler_splash.route('/crawler/cookiejar/edit', methods=['GET']) @login_required -@login_read_only +@login_user_no_api def crawler_cookiejar_edit(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -785,7 +785,7 @@ def crawler_cookiejar_edit(): @crawler_splash.route('/crawler/cookie/edit', methods=['GET']) @login_required -@login_read_only +@login_user_no_api def crawler_cookiejar_cookie_edit(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -798,7 +798,7 @@ def crawler_cookiejar_cookie_edit(): @crawler_splash.route('/crawler/cookie/edit_post', methods=['POST']) @login_required -@login_read_only +@login_user_no_api def crawler_cookiejar_cookie_edit_post(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -831,7 +831,7 @@ def crawler_cookiejar_cookie_edit_post(): @crawler_splash.route('/crawler/cookiejar/cookie/add', methods=['GET']) @login_required -@login_read_only +@login_user_no_api def crawler_cookiejar_cookie_add(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -845,7 +845,7 @@ def crawler_cookiejar_cookie_add(): @crawler_splash.route('/crawler/cookiejar/cookie/manual_add_post', methods=['POST']) @login_required -@login_read_only +@login_user_no_api def crawler_cookiejar_cookie_manual_add_post(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -877,7 +877,7 @@ def crawler_cookiejar_cookie_manual_add_post(): @crawler_splash.route('/crawler/cookiejar/cookie/json_add_post', methods=['POST']) @login_required -@login_read_only +@login_user_no_api def crawler_cookiejar_cookie_json_add_post(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -903,7 +903,7 @@ def crawler_cookiejar_cookie_json_add_post(): @crawler_splash.route('/crawler/settings', methods=['GET']) @login_required -@login_analyst +@login_admin def crawler_settings(): lacus_url = crawlers.get_lacus_url() api_key = crawlers.get_hidden_lacus_api_key() diff --git a/var/www/blueprints/hunters.py b/var/www/blueprints/hunters.py index c97eca89..9ed9c8e3 100644 --- a/var/www/blueprints/hunters.py +++ b/var/www/blueprints/hunters.py @@ -16,7 +16,7 @@ sys.path.append('modules') import Flask_config # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_user_no_api, login_read_only +from Role_Manager import login_admin, login_coordinator, login_user, login_user_no_api, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -294,7 +294,7 @@ def parse_add_edit_request(request_form): @hunters.route("/tracker/add", methods=['GET', 'POST']) @login_required -@login_analyst +@login_user_no_api def add_tracked_menu(): if request.method == 'POST': input_dict = parse_add_edit_request(request.form) @@ -356,7 +356,7 @@ def tracker_edit(): @hunters.route('/tracker/delete', methods=['GET']) @login_required -@login_analyst +@login_user_no_api def tracker_delete(): user_id = current_user.get_user_id() user_org = current_user.get_org() @@ -396,7 +396,7 @@ def get_json_tracker_graph(): @hunters.route('/tracker/object/add', methods=['GET']) @login_required -@login_admin +@login_user def tracker_object_add(): user_id = current_user.get_user_id() user_org = current_user.get_org() @@ -528,7 +528,7 @@ def retro_hunt_show_task(): @hunters.route('/retro_hunt/add', methods=['GET', 'POST']) @login_required -@login_analyst +@login_user def retro_hunt_add_task(): if request.method == 'POST': level = request.form.get("level", 1) @@ -631,7 +631,7 @@ def retro_hunt_add_task(): @hunters.route('/retro_hunt/task/pause', methods=['GET']) @login_required -@login_analyst +@login_user def retro_hunt_pause_task(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -644,7 +644,7 @@ def retro_hunt_pause_task(): @hunters.route('/retro_hunt/task/resume', methods=['GET']) @login_required -@login_analyst +@login_user def retro_hunt_resume_task(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -657,7 +657,7 @@ def retro_hunt_resume_task(): @hunters.route('/retro_hunt/task/delete', methods=['GET']) @login_required -@login_analyst +@login_coordinator def retro_hunt_delete_task(): user_org = current_user.get_org() user_id = current_user.get_id() diff --git a/var/www/blueprints/import_export.py b/var/www/blueprints/import_export.py index 4dd0dff7..a26d636d 100644 --- a/var/www/blueprints/import_export.py +++ b/var/www/blueprints/import_export.py @@ -15,7 +15,7 @@ from flask_login import login_required, current_user sys.path.append('modules') # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_coordinator, login_read_only, login_user_no_api sys.path.append(os.environ['AIL_BIN']) ################################## @@ -48,7 +48,7 @@ def create_json_response(data, status_code): # ============= ROUTES ============== @import_export.route('/import_export/import') @login_required -@login_analyst +@login_user_no_api def import_object(): return render_template("import_object.html") @@ -56,7 +56,7 @@ def import_object(): # TODO @import_export.route("/import_export/import_file", methods=['POST']) @login_required -@login_analyst +@login_admin def import_object_file(): error = None @@ -89,7 +89,7 @@ def import_object_file(): @import_export.route("/misp/objects/export", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def objects_misp_export(): user_id = current_user.get_user_id() object_types = ail_core.get_all_objects_with_subtypes_tuple() @@ -99,9 +99,10 @@ def objects_misp_export(): @import_export.route("/misp/objects/export/post", methods=['POST']) @login_required -@login_analyst +@login_user_no_api def objects_misp_export_post(): user_id = current_user.get_user_id() + user_role = current_user.get_role() # Get new added Object new_export = [] @@ -150,6 +151,11 @@ def objects_misp_export_post(): info = request.form.get('misp_event_info') publish = request.form.get('misp_event_info', False) + # TODO Refactor to use MISP user api key + if user_role != 'admin': + export = False + publish = False + objs = ail_objects.get_objects(objects) if not objs: return create_json_response({'error': 'Empty Event, nothing to export'}, 400) @@ -175,7 +181,7 @@ def objects_misp_export_post(): @import_export.route("/misp/objects/export/add", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def add_object_id_to_export(): user_id = current_user.get_user_id() obj_type = request.args.get('type') @@ -197,7 +203,7 @@ def add_object_id_to_export(): @import_export.route("/misp/objects/export/delete", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def delete_object_id_to_export(): user_id = current_user.get_user_id() obj_type = request.args.get('type') @@ -210,7 +216,7 @@ def delete_object_id_to_export(): @import_export.route("/investigation/misp/export", methods=['GET']) @login_required -@login_analyst +@login_coordinator def export_investigation(): investigation_uuid = request.args.get("uuid") investigation = Investigation(investigation_uuid) @@ -227,7 +233,7 @@ def export_investigation(): @import_export.route("/thehive/objects/case/export", methods=['POST']) @login_required -@login_analyst +@login_admin def create_thehive_case(): description = request.form['hive_description'] title = request.form['hive_case_title'] diff --git a/var/www/blueprints/investigations_b.py b/var/www/blueprints/investigations_b.py index f715ee9f..726f6759 100644 --- a/var/www/blueprints/investigations_b.py +++ b/var/www/blueprints/investigations_b.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required, current_user # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_user_no_api, login_read_only sys.path.append('modules') import Flask_config @@ -77,7 +77,7 @@ def show_investigation(): @investigations_b.route("/investigation/add", methods=['GET', 'POST']) @login_required -@login_analyst +@login_user_no_api def add_investigation(): if request.method == 'POST': user_id = current_user.get_user_id() @@ -119,7 +119,7 @@ def add_investigation(): @investigations_b.route("/investigation/edit", methods=['GET', 'POST']) @login_required -@login_analyst +@login_user_no_api def edit_investigation(): # TODO CHECK ACL if request.method == 'POST': user_org = current_user.get_org() @@ -171,7 +171,7 @@ def edit_investigation(): # TODO CHECK ACL @investigations_b.route("/investigation/delete", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def delete_investigation(): user_org = current_user.get_org() user_id = current_user.get_user_id() @@ -185,7 +185,7 @@ def delete_investigation(): @investigations_b.route("/investigation/object/register", methods=['GET']) @login_required -@login_read_only +@login_user_no_api def register_investigation(): user_id = current_user.get_user_id() user_org = current_user.get_org() @@ -210,7 +210,7 @@ def register_investigation(): @investigations_b.route("/investigation/object/unregister", methods=['GET']) @login_required -@login_read_only +@login_user_no_api def unregister_investigation(): user_id = current_user.get_user_id() user_org = current_user.get_org() @@ -245,7 +245,7 @@ def get_object_gid(): # # @investigations_b.route("/object/item") #completely shows the paste in a new tab # @login_required -# @login_analyst +# @login_user # def showItem(): # # TODO: support post # item_id = request.args.get('id') # if not item_id or not Item.exist_item(item_id): diff --git a/var/www/blueprints/languages_ui.py b/var/www/blueprints/languages_ui.py index b4be9c13..21019014 100644 --- a/var/www/blueprints/languages_ui.py +++ b/var/www/blueprints/languages_ui.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_user_no_api, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -38,7 +38,7 @@ def create_json_response(data, status_code): # ============= ROUTES ============== @languages_ui.route("/languages/object/translate", methods=['POST']) @login_required -@login_read_only +@login_user_no_api def translate_object(): obj_type = request.form.get('type') subtype = request.form.get('subtype') @@ -61,7 +61,7 @@ def translate_object(): @languages_ui.route("/languages/object/detect/language", methods=['GET']) @login_required -@login_read_only +@login_user_no_api def detect_object_language(): obj_type = request.args.get('type') subtype = request.args.get('subtype') diff --git a/var/www/blueprints/objects_cookie_name.py b/var/www/blueprints/objects_cookie_name.py index 53e0614e..0bea4936 100644 --- a/var/www/blueprints/objects_cookie_name.py +++ b/var/www/blueprints/objects_cookie_name.py @@ -12,7 +12,7 @@ from flask import render_template, jsonify, request, Blueprint, redirect, url_fo from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_cve.py b/var/www/blueprints/objects_cve.py index 1dec1f50..bba3532b 100644 --- a/var/www/blueprints/objects_cve.py +++ b/var/www/blueprints/objects_cve.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_decoded.py b/var/www/blueprints/objects_decoded.py index bc0d9b00..21085cab 100644 --- a/var/www/blueprints/objects_decoded.py +++ b/var/www/blueprints/objects_decoded.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -35,7 +35,7 @@ objects_decoded = Blueprint('objects_decoded', __name__, # ============= ROUTES ============== -@objects_decoded.route("/object/decodeds", methods=['GET', 'POST']) +@objects_decoded.route("/objects/decodeds", methods=['GET', 'POST']) @login_required @login_read_only def decodeds_dashboard(): @@ -80,15 +80,14 @@ def decodeds_dashboard(): algos=Decodeds.get_algos(), show_decoded=show_decoded, mimetypes=Decodeds.get_all_mimetypes()) -@objects_decoded.route("/object/decodeds/search", methods=['POST']) +@objects_decoded.route("/objects/decodeds/search", methods=['POST']) @login_required @login_read_only def decodeds_search(): decoded_id = request.form.get('object_id') - print(decoded_id) return redirect(url_for('correlation.show_correlation', type='decoded', id=decoded_id)) -@objects_decoded.route("/object/decoded/download") +@objects_decoded.route("/objects/decoded/download") @login_required @login_read_only def decoded_download(): @@ -105,7 +104,7 @@ def decoded_download(): abort(404) -@objects_decoded.route("/object/decoded/send_to_vt") +@objects_decoded.route("/objects/decoded/send_to_vt") @login_required @login_read_only def send_to_vt(): @@ -121,7 +120,7 @@ def send_to_vt(): abort(404) -@objects_decoded.route("/object/decoded/refresh_vt_report") +@objects_decoded.route("/objects/decoded/refresh_vt_report") @login_required @login_read_only def refresh_vt_report(): @@ -138,7 +137,7 @@ def refresh_vt_report(): # TODO -@objects_decoded.route("/object/decoded/algo_pie_chart/json", methods=['GET']) +@objects_decoded.route("/objects/decoded/algo_pie_chart/json", methods=['GET']) @login_required @login_read_only def decoder_pie_chart_json(): @@ -148,7 +147,7 @@ def decoder_pie_chart_json(): return jsonify(Decodeds.api_pie_chart_decoder_json(date_from, date_to, mimetype)) # TODO -@objects_decoded.route("/object/decoded/mimetype_pie_chart/json", methods=['GET']) +@objects_decoded.route("/objects/decoded/mimetype_pie_chart/json", methods=['GET']) @login_required @login_read_only def mimetype_pie_chart_json(): @@ -157,7 +156,7 @@ def mimetype_pie_chart_json(): algo = request.args.get('algo') return jsonify(Decodeds.api_pie_chart_mimetype_json(date_from, date_to, algo)) -@objects_decoded.route("/object/decoded/barchart/json", methods=['GET']) +@objects_decoded.route("/objects/decoded/barchart/json", methods=['GET']) @login_required @login_read_only def barchart_json(): @@ -166,7 +165,7 @@ def barchart_json(): mimetype = request.args.get('mimetype') return jsonify(Decodeds.api_barchart_range_json(date_from, date_to , mimetype)) -@objects_decoded.route("/object/decoded/graphline/json", methods=['GET']) +@objects_decoded.route("/objects/decoded/graphline/json", methods=['GET']) @login_required @login_read_only def graphline_json(): diff --git a/var/www/blueprints/objects_etag.py b/var/www/blueprints/objects_etag.py index e76adfcd..2c788810 100644 --- a/var/www/blueprints/objects_etag.py +++ b/var/www/blueprints/objects_etag.py @@ -12,7 +12,7 @@ from flask import render_template, jsonify, request, Blueprint, redirect, url_fo from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_favicon.py b/var/www/blueprints/objects_favicon.py index b24fd4ca..09c8fb03 100644 --- a/var/www/blueprints/objects_favicon.py +++ b/var/www/blueprints/objects_favicon.py @@ -12,7 +12,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only, no_cache +from Role_Manager import login_admin, login_read_only, no_cache sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_hhhash.py b/var/www/blueprints/objects_hhhash.py index 7d9a5279..6ba4a9dd 100644 --- a/var/www/blueprints/objects_hhhash.py +++ b/var/www/blueprints/objects_hhhash.py @@ -12,7 +12,7 @@ from flask import render_template, jsonify, request, Blueprint, redirect, url_fo from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_image.py b/var/www/blueprints/objects_image.py index d3638207..4a231ed8 100644 --- a/var/www/blueprints/objects_image.py +++ b/var/www/blueprints/objects_image.py @@ -12,7 +12,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only, no_cache +from Role_Manager import login_admin, login_read_only, no_cache sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_item.py b/var/www/blueprints/objects_item.py index 53adcbaa..a1aab5d8 100644 --- a/var/www/blueprints/objects_item.py +++ b/var/www/blueprints/objects_item.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required, current_user # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only, no_cache +from Role_Manager import login_admin, login_user, login_read_only, no_cache sys.path.append(os.environ['AIL_BIN']) ################################## @@ -58,7 +58,7 @@ def screenshot(filename): s = Screenshot(filename) return send_from_directory(SCREENSHOT_FOLDER, s.get_rel_path(add_extension=True), as_attachment=False, mimetype='image') -@objects_item.route("/object/item") +@objects_item.route("/objects/item") @login_required @login_read_only def showItem(): # # TODO: support post @@ -106,7 +106,7 @@ def showItem(): # # TODO: support post ## Dynamic Path FIX -@objects_item.route("/object/item/html2text") +@objects_item.route("/objects/item/html2text") @login_required @login_read_only def html2text(): # # TODO: support post @@ -116,7 +116,7 @@ def html2text(): # # TODO: support post item = Item(item_id) return item.get_html2text_content() -@objects_item.route("/object/item/raw_content") +@objects_item.route("/objects/item/raw_content") @login_required @login_read_only def item_raw_content(): # # TODO: support post @@ -126,7 +126,7 @@ def item_raw_content(): # # TODO: support post item = Item(item_id) return Response(item.get_content(), mimetype='text/plain') -@objects_item.route("/object/item/download") +@objects_item.route("/objects/item/download") @login_required @login_read_only def item_download(): # # TODO: support post @@ -136,7 +136,7 @@ def item_download(): # # TODO: support post item = Item(item_id) return send_file(item.get_raw_content(), download_name=item_id, as_attachment=True) -@objects_item.route("/object/item/content/more") +@objects_item.route("/objects/item/content/more") @login_required @login_read_only def item_content_more(): @@ -146,9 +146,9 @@ def item_content_more(): to_return = item_content[max_preview_modal-1:] return to_return -@objects_item.route("/object/item/diff") +@objects_item.route("/objects/item/diff") @login_required -@login_analyst +@login_user def object_item_diff(): id1 = request.args.get('s1', '') id2 = request.args.get('s2', '') @@ -166,7 +166,7 @@ def object_item_diff(): diff = htmldiff.make_file(lines1, lines2) return diff -@objects_item.route("/object/item/preview") +@objects_item.route("/objects/item/preview") @login_required @login_read_only def item_preview(): diff --git a/var/www/blueprints/objects_ocr.py b/var/www/blueprints/objects_ocr.py index 8e5babcb..20ffc2b4 100644 --- a/var/www/blueprints/objects_ocr.py +++ b/var/www/blueprints/objects_ocr.py @@ -15,7 +15,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only, no_cache +from Role_Manager import login_admin, login_read_only, no_cache sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_subtypes.py b/var/www/blueprints/objects_subtypes.py index d0bdb843..85944365 100644 --- a/var/www/blueprints/objects_subtypes.py +++ b/var/www/blueprints/objects_subtypes.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## diff --git a/var/www/blueprints/objects_title.py b/var/www/blueprints/objects_title.py index c01c426f..558103d7 100644 --- a/var/www/blueprints/objects_title.py +++ b/var/www/blueprints/objects_title.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_user, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -75,7 +75,7 @@ def objects_title_range_json(): @objects_title.route("/objects/title/search_post", methods=['POST']) @login_required -@login_analyst +@login_user def objects_title_search_post(): to_search = request.form.get('to_search') search_type = request.form.get('search_type', 'id') @@ -92,7 +92,7 @@ def objects_title_search_post(): @objects_title.route("/objects/title/search", methods=['GET']) @login_required -@login_analyst +@login_user def objects_title_search(): to_search = request.args.get('search') type_to_search = request.args.get('search_type', 'id') diff --git a/var/www/blueprints/old_endpoints.py b/var/www/blueprints/old_endpoints.py index 2361fa66..e1936d27 100644 --- a/var/www/blueprints/old_endpoints.py +++ b/var/www/blueprints/old_endpoints.py @@ -12,7 +12,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only # ============ BLUEPRINT ============ old_endpoints = Blueprint('old_endpoints', __name__, template_folder=os.path.join(os.environ['AIL_FLASK'], 'templates')) diff --git a/var/www/blueprints/root.py b/var/www/blueprints/root.py index 643fd0e4..e08b2f0e 100644 --- a/var/www/blueprints/root.py +++ b/var/www/blueprints/root.py @@ -19,7 +19,7 @@ from blueprints.settings_b import create_json_response sys.path.append('modules') # Import Role_Manager -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -308,6 +308,6 @@ def role(): @root.route('/searchbox/') @login_required -@login_analyst +@login_read_only def searchbox(): return render_template("searchbox.html") diff --git a/var/www/blueprints/settings_b.py b/var/www/blueprints/settings_b.py index c48604ee..0068c7ed 100644 --- a/var/www/blueprints/settings_b.py +++ b/var/www/blueprints/settings_b.py @@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required, current_user # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_user, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -162,7 +162,7 @@ def user_otp_reset(): # TODO ask for password ? @settings_b.route("/settings/user/api_key/new", methods=['GET']) @login_required -@login_read_only +@login_user def new_token_user_self(): user_id = current_user.get_user_id() r = ail_users.api_create_user_api_key_self(user_id, request.remote_addr) diff --git a/var/www/blueprints/tags_ui.py b/var/www/blueprints/tags_ui.py index 13074d75..e9df89bf 100644 --- a/var/www/blueprints/tags_ui.py +++ b/var/www/blueprints/tags_ui.py @@ -15,7 +15,7 @@ sys.path.append('modules') import Flask_config # Import Role_Manager -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_user_no_api, login_read_only sys.path.append(os.environ['AIL_BIN']) ################################## @@ -57,7 +57,7 @@ def tags_taxonomy(): @tags_ui.route('/tag/taxonomy/enable') @login_required -@login_read_only +@login_admin def taxonomy_enable(): taxonomy = request.args.get('taxonomy') res = Tag.api_enable_taxonomy_tags({'taxonomy': taxonomy}) @@ -68,7 +68,7 @@ def taxonomy_enable(): @tags_ui.route('/tag/taxonomy/disable') @login_required -@login_read_only +@login_admin def taxonomy_disable(): taxonomy = request.args.get('taxonomy') res = Tag.api_disable_taxonomy_tags({'taxonomy': taxonomy}) @@ -79,7 +79,7 @@ def taxonomy_disable(): @tags_ui.route('/tag/taxonomy/enable_tags') @login_required -@login_read_only +@login_admin def taxonomy_enable_tags(): taxonomy = request.args.get('taxonomy') tags = request.args.getlist('tags') @@ -119,7 +119,7 @@ def tags_galaxy_tag(): @tags_ui.route('/tag/galaxy/enable') @login_required -@login_read_only +@login_admin def galaxy_enable(): galaxy = request.args.get('galaxy') res = Tag.api_enable_galaxy_tags({'galaxy': galaxy}) @@ -130,7 +130,7 @@ def galaxy_enable(): @tags_ui.route('/tag/galaxy/disable') @login_required -@login_read_only +@login_admin def galaxy_disable(): galaxy = request.args.get('galaxy') res = Tag.api_disable_galaxy_tags({'galaxy': galaxy}) @@ -141,7 +141,7 @@ def galaxy_disable(): @tags_ui.route('/tag/galaxy/enable_tags') @login_required -@login_read_only +@login_admin def galaxy_enable_tags(): galaxy = request.args.get('galaxy') tags = request.args.getlist('tags') @@ -160,7 +160,7 @@ def get_all_tags_enabled(): @tags_ui.route('/tag/confirm') @login_required -@login_read_only +@login_user_no_api def tag_confirm(): tag = request.args.get('tag') obj_type = request.args.get('type') @@ -178,7 +178,7 @@ def tag_confirm(): @tags_ui.route('/tag/add_tags') @login_required -@login_analyst +@login_user_no_api def add_tags(): tags = request.args.get('tags') @@ -203,7 +203,7 @@ def add_tags(): @tags_ui.route('/tag/delete_tag') # TODO FIX REQUEST PARAMETER @login_required -@login_analyst +@login_user_no_api def delete_tag(): object_type = request.args.get('type') subtype = request.args.get('subtype', '') @@ -406,7 +406,7 @@ def get_obj_by_tags(): @tags_ui.route("/tags/auto_push") @login_required -@login_analyst +@login_admin def auto_push(): # TODO CHECK if misp or the hive connected @@ -420,7 +420,7 @@ def auto_push(): @tags_ui.route("/tags/auto_push_post", methods=['POST']) @login_required -@login_analyst +@login_admin def auto_push_post(): tag_enabled_misp = request.form.getlist('tag_enabled_misp') tag_enabled_hive = request.form.getlist('tag_enabled_hive') @@ -430,28 +430,28 @@ def auto_push_post(): @tags_ui.route("/tags/auto_push/misp/enable") @login_required -@login_analyst +@login_admin def enable_misp_auto_push(): Tag.enable_auto_push('misp') return redirect(url_for('tags_ui.auto_push')) @tags_ui.route("/tags/auto_push/misp/disable") @login_required -@login_analyst +@login_admin def disable_misp_auto_push(): Tag.disable_auto_push('misp') return redirect(url_for('tags_ui.auto_push')) @tags_ui.route("/tags/auto_push/thehive/enable") @login_required -@login_analyst +@login_admin def enable_hive_auto_push(): Tag.enable_auto_push('thehive') return redirect(url_for('tags_ui.auto_push')) @tags_ui.route("/tags/auto_push/thehive/disable") @login_required -@login_analyst +@login_admin def disable_hive_auto_push(): Tag.disable_auto_push('thehive') return redirect(url_for('tags_ui.auto_push')) diff --git a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py index 5adc59b9..b478cdb3 100644 --- a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py +++ b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py @@ -18,7 +18,7 @@ from functools import wraps # Flask from flask import render_template, jsonify, request, Blueprint, url_for, redirect, abort -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_user_no_api from flask_login import login_required @@ -93,7 +93,7 @@ def clean_filename(filename, whitelist=valid_filename_chars, replace=' '): @PasteSubmit.route("/PasteSubmit/", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def PasteSubmit_page(): # Get all active tags/galaxy active_taxonomies = Tag.get_active_taxonomies() @@ -108,7 +108,7 @@ def PasteSubmit_page(): @PasteSubmit.route("/PasteSubmit/submit", methods=['POST']) @login_required -@login_analyst +@login_user_no_api @limit_content_length() def submit(): logger.debug('submit') @@ -234,7 +234,7 @@ def submit(): @PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def submit_status(): UUID = request.args.get('UUID') diff --git a/var/www/modules/Role_Manager.py b/var/www/modules/Role_Manager.py index e62d1030..138e7bcb 100644 --- a/var/www/modules/Role_Manager.py +++ b/var/www/modules/Role_Manager.py @@ -41,12 +41,12 @@ def login_admin(func): return func(*args, **kwargs) return decorated_view -def login_analyst(func): +def login_coordinator(func): @wraps(func) def decorated_view(*args, **kwargs): if not current_user.is_authenticated: return login_manager.unauthorized() - elif not current_user.is_in_role('analyst'): + elif not current_user.is_in_role('coordinator'): return login_manager.unauthorized() return func(*args, **kwargs) return decorated_view diff --git a/var/www/modules/dashboard/Flask_dashboard.py b/var/www/modules/dashboard/Flask_dashboard.py index 74b39283..fd108fe6 100644 --- a/var/www/modules/dashboard/Flask_dashboard.py +++ b/var/www/modules/dashboard/Flask_dashboard.py @@ -13,7 +13,7 @@ import flask from flask import Flask, render_template, jsonify, request, Blueprint, url_for, stream_with_context -from Role_Manager import login_admin, login_analyst, login_read_only +from Role_Manager import login_admin, login_read_only from flask_login import login_required sys.path.append(os.environ['AIL_BIN']) diff --git a/var/www/modules/search/Flask_search.py b/var/www/modules/search/Flask_search.py index 306a9443..582f3cfd 100644 --- a/var/www/modules/search/Flask_search.py +++ b/var/www/modules/search/Flask_search.py @@ -10,7 +10,7 @@ import datetime import flask from flask import Flask, render_template, jsonify, request, Blueprint -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_user_no_api from flask_login import login_required from whoosh import index @@ -98,7 +98,7 @@ def to_iso_date(timestamp): @searches.route("/search", methods=['POST']) @login_required -@login_analyst +@login_user_no_api def search(): query = request.form['query'] q = [] @@ -176,7 +176,7 @@ def search(): @searches.route("/get_more_search_result", methods=['POST']) @login_required -@login_analyst +@login_user_no_api def get_more_search_result(): query = request.form['query'] q = [] diff --git a/var/www/modules/sentiment/Flask_sentiment.py b/var/www/modules/sentiment/Flask_sentiment.py index a11c7f23..ef845fd7 100644 --- a/var/www/modules/sentiment/Flask_sentiment.py +++ b/var/www/modules/sentiment/Flask_sentiment.py @@ -11,7 +11,7 @@ # import flask # from flask import Flask, render_template, jsonify, request, Blueprint # -# from Role_Manager import login_admin, login_analyst, login_read_only +# from Role_Manager import login_admin, login_read_only # from flask_login import login_required # # sys.path.append(os.environ['AIL_BIN']) diff --git a/var/www/modules/trendingcharts/Flask_trendingcharts.py b/var/www/modules/trendingcharts/Flask_trendingcharts.py index 9598c90c..f00a9bad 100644 --- a/var/www/modules/trendingcharts/Flask_trendingcharts.py +++ b/var/www/modules/trendingcharts/Flask_trendingcharts.py @@ -10,7 +10,7 @@ # import flask # from flask import Flask, render_template, jsonify, request, Blueprint # -# from Role_Manager import login_admin, login_analyst, login_read_only +# from Role_Manager import login_admin, login_read_only # from flask_login import login_required # # sys.path.append(os.environ['AIL_BIN']) diff --git a/var/www/modules/trendingmodules/Flask_trendingmodules.py b/var/www/modules/trendingmodules/Flask_trendingmodules.py index c9630a77..18e07ad4 100644 --- a/var/www/modules/trendingmodules/Flask_trendingmodules.py +++ b/var/www/modules/trendingmodules/Flask_trendingmodules.py @@ -10,7 +10,7 @@ # import flask # from flask import Flask, render_template, jsonify, request, Blueprint # -# from Role_Manager import login_admin, login_analyst, login_read_only +# from Role_Manager import login_admin, login_read_only # from flask_login import login_required # # sys.path.append(os.environ['AIL_BIN'])