CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

chg: [correlation] description: get message content + don't show etag, cookie_name and hhash by default

ocr
terrtia 2024-03-11 15:33:30 +01:00
parent 7acac4dc0c
commit 800098540b
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
5 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bin/lib/ail_core.py
View File

@ -22,6 +22,11 @@ AIL_OBJECTS = sorted({'chat', 'chat-subchannel', 'chat-thread', 'cookie-name', '
AIL_OBJECTS_WITH_SUBTYPES = {'chat', 'chat-subchannel', 'cryptocurrency', 'pgp', 'username', 'user-account'} AIL_OBJECTS_WITH_SUBTYPES = {'chat', 'chat-subchannel', 'cryptocurrency', 'pgp', 'username', 'user-account'}
# TODO by object TYPE ????
AIL_OBJECTS_CORRELATIONS_DEFAULT = sorted({'chat', 'chat-subchannel', 'chat-thread', 'cve', 'cryptocurrency', 'decoded',
'domain', 'favicon', 'file-name',
'item', 'image', 'message', 'pgp', 'screenshot', 'title', 'user-account', 'username'})
def get_ail_uuid(): def get_ail_uuid():
ail_uuid = r_serv_db.get('ail:uuid') ail_uuid = r_serv_db.get('ail:uuid')
if not ail_uuid: if not ail_uuid:
@ -69,6 +74,9 @@ def get_object_all_subtypes(obj_type): # TODO Dynamic subtype
return r_object.smembers(f'all_chat:subtypes') return r_object.smembers(f'all_chat:subtypes')
return [] return []
def get_default_correlation_objects():
return AIL_OBJECTS_CORRELATIONS_DEFAULT
def get_obj_queued(): def get_obj_queued():
return ['item', 'image'] return ['item', 'image']

3
bin/lib/objects/Images.py
View File

@ -71,6 +71,9 @@ class Image(AbstractDaterangeObject):
return file_content return file_content
def get_content(self, r_type='str'): def get_content(self, r_type='str'):
if r_type == 'str':
return None
else:
return self.get_file_content() return self.get_file_content()
def get_misp_object(self): def get_misp_object(self):

7
bin/lib/objects/ail_objects.py
View File

@ -12,7 +12,7 @@ from lib.exceptions import AILObjectUnknown
from lib.ConfigLoader import ConfigLoader from lib.ConfigLoader import ConfigLoader
from lib.ail_core import get_all_objects, get_object_all_subtypes, get_objects_with_subtypes from lib.ail_core import get_all_objects, get_object_all_subtypes, get_objects_with_subtypes, get_default_correlation_objects
from lib import correlations_engine from lib import correlations_engine
from lib import relationships_engine from lib import relationships_engine
from lib import btc_ail from lib import btc_ail
@ -53,12 +53,15 @@ def is_object_subtype(obj_type):
def is_valid_object_subtype(obj_type, subtype): def is_valid_object_subtype(obj_type, subtype):
return subtype in get_object_all_subtypes(obj_type) return subtype in get_object_all_subtypes(obj_type)
def sanitize_objs_types(objs): def sanitize_objs_types(objs, default=False):
l_types = [] l_types = []
for obj in objs: for obj in objs:
if is_valid_object_type(obj): if is_valid_object_type(obj):
l_types.append(obj) l_types.append(obj)
if not l_types: if not l_types:
if default:
l_types = get_default_correlation_objects()
else:
l_types = get_all_objects() l_types = get_all_objects()
return l_types return l_types

7
var/www/blueprints/correlation.py
View File

@ -165,7 +165,7 @@ def show_correlation():
related_btc = bool(request.args.get('related_btc', False)) related_btc = bool(request.args.get('related_btc', False))
filter_types = ail_objects.sanitize_objs_types(request.args.get('filter', '').split(',')) filter_types = ail_objects.sanitize_objs_types(request.args.get('filter', '').split(','), default=True)
# check if obj_id exist # check if obj_id exist
if not ail_objects.exists_obj(obj_type, subtype, obj_id): if not ail_objects.exists_obj(obj_type, subtype, obj_id):
@ -206,7 +206,10 @@ def get_description():
return Response(json.dumps({"status": "error", "reason": "404 Not Found"}, indent=2, sort_keys=True), mimetype='application/json'), 404 return Response(json.dumps({"status": "error", "reason": "404 Not Found"}, indent=2, sort_keys=True), mimetype='application/json'), 404
# object exist # object exist
else: else:
res = ail_objects.get_object_meta(obj_type, subtype, obj_id, options={'icon', 'tags', 'tags_safe'}, options = {'icon', 'tags', 'tags_safe'}
if obj_type == 'message':
options.add('content')
res = ail_objects.get_object_meta(obj_type, subtype, obj_id, options=options,
flask_context=True) flask_context=True)
if 'tags' in res: if 'tags' in res:
res['tags'] = list(res['tags']) res['tags'] = list(res['tags'])

2
var/www/templates/correlation/show_correlation.html
View File

@ -714,7 +714,9 @@ if (d.popover) {
} }
desc = desc + "</div></dd>" desc = desc + "</div></dd>"
} else if (key!="tags" && key!="id" && key!="img" && key!="icon" && key!="link" && key!="type") { } else if (key!="tags" && key!="id" && key!="img" && key!="icon" && key!="link" && key!="type") {
if (data[key]) {
desc = desc + "<dt class=\"col-sm-3 px-0\">" + sanitize_text(key) + "</dt><dd class=\"col-sm-9 px-0\">" + sanitize_text(data[key]) + "</dd>" desc = desc + "<dt class=\"col-sm-3 px-0\">" + sanitize_text(key) + "</dt><dd class=\"col-sm-9 px-0\">" + sanitize_text(data[key]) + "</dd>"
}
} }
}); });
desc = desc + "</dl>" desc = desc + "</dl>"