mirror of https://github.com/CIRCL/AIL-framework
chg: [PgpDump] fix graph + add new tags: pgp-signature pgp-public-key-block + avoid keys injection in pgp user_id
parent
7e8ba8cdaf
commit
9639a51abd
22
bin/Keys.py
22
bin/Keys.py
|
@ -25,13 +25,26 @@ from Helper import Process
|
|||
def search_key(paste):
|
||||
content = paste.get_p_content()
|
||||
find = False
|
||||
get_pgp_content = False
|
||||
if '-----BEGIN PGP MESSAGE-----' in content:
|
||||
publisher.warning('{} has a PGP enc message'.format(paste.p_name))
|
||||
|
||||
msg = 'infoleak:automatic-detection="pgp-message";{}'.format(message)
|
||||
p.populate_set_out(msg, 'Tags')
|
||||
get_pgp_content = True
|
||||
find = True
|
||||
|
||||
if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in content:
|
||||
msg = 'infoleak:automatic-detection="pgp-public-key-block";{}'.format(message)
|
||||
p.populate_set_out(msg, 'Tags')
|
||||
get_pgp_content = True
|
||||
|
||||
if '-----BEGIN PGP SIGNATURE-----' in content:
|
||||
msg = 'infoleak:automatic-detection="pgp-signature";{}'.format(message)
|
||||
p.populate_set_out(msg, 'Tags')
|
||||
get_pgp_content = True
|
||||
|
||||
|
||||
if '-----BEGIN CERTIFICATE-----' in content:
|
||||
publisher.warning('{} has a certificate message'.format(paste.p_name))
|
||||
|
||||
|
@ -108,13 +121,8 @@ def search_key(paste):
|
|||
p.populate_set_out(msg, 'Tags')
|
||||
find = True
|
||||
|
||||
if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in content:
|
||||
p.populate_set_out(message, 'PgpDump')
|
||||
|
||||
if '-----BEGIN PGP SIGNATURE-----' in content:
|
||||
p.populate_set_out(message, 'PgpDump')
|
||||
|
||||
if '-----BEGIN PGP MESSAGE-----' in content:
|
||||
# pgp content
|
||||
if get_pgp_content:
|
||||
p.populate_set_out(message, 'PgpDump')
|
||||
|
||||
if find :
|
||||
|
|
|
@ -68,6 +68,9 @@ def get_pgp_packet(save_path):
|
|||
def extract_id_from_output(pgp_dump_outpout):
|
||||
all_user_id = set(re.findall(regex_user_id, pgp_dump_outpout))
|
||||
for user_id in all_user_id:
|
||||
# avoid key injection in user_id:
|
||||
pgp_dump_outpout.replace(user_id, '', 1)
|
||||
|
||||
user_id = user_id.replace(user_id_str, '', 1)
|
||||
mail = None
|
||||
if ' <' in user_id:
|
||||
|
|
|
@ -1014,35 +1014,44 @@ def pgp_range_type_json():
|
|||
|
||||
return jsonify(range_type)
|
||||
|
||||
@hashDecoded.route('/decoded/pgp_by_type_json') ####################################
|
||||
@hashDecoded.route('/decoded/pgp_by_type_json') ## TODO: REFRACTOR
|
||||
def pgp_by_type_json():
|
||||
type_id = request.args.get('type_id')
|
||||
date_from = request.args.get('date_from')
|
||||
|
||||
if date_from is None:
|
||||
date_from = datetime.date.today().strftime("%Y%m%d")
|
||||
|
||||
#retrieve + char
|
||||
type_id = type_id.replace(' ', '+')
|
||||
default = False
|
||||
|
||||
if type_id is None:
|
||||
default = True
|
||||
all_type = ['key', 'name', 'mail']
|
||||
else:
|
||||
all_type = [ type_id ]
|
||||
|
||||
num_day_type = 30
|
||||
date_range = get_date_range(num_day_type)
|
||||
|
||||
#verify input
|
||||
if verify_pgp_type_id(type_id):
|
||||
if verify_pgp_type_id(type_id) or default:
|
||||
|
||||
r_serv_metadata.smembers('hash_all_type'):
|
||||
type_value = []
|
||||
all_decoder = r_serv_metadata.smembers('all_decoder')
|
||||
|
||||
range_decoder = []
|
||||
for date in date_range:
|
||||
day_decoder = {}
|
||||
day_decoder['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
||||
for decoder in all_decoder:
|
||||
num_day_decoder = r_serv_metadata.zscore(decoder+'_type:'+type, date)
|
||||
if num_day_decoder is None:
|
||||
num_day_decoder = 0
|
||||
day_decoder[decoder]= num_day_decoder
|
||||
range_decoder.append(day_decoder)
|
||||
|
||||
|
||||
day_type_id = {}
|
||||
day_type_id['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
||||
for type_pgp in all_type:
|
||||
all_vals_key = r_serv_metadata.hvals('pgp:{}:date'.format(type_id, date))
|
||||
num_day_type_id = 0
|
||||
if all_vals_key is not None:
|
||||
for val_key in all_vals_key:
|
||||
num_day_type_id += int(val_key)
|
||||
day_type_id[type_pgp]= num_day_type_id
|
||||
range_decoder.append(day_type_id)
|
||||
|
||||
return jsonify(range_decoder)
|
||||
else:
|
||||
|
|
|
@ -187,7 +187,7 @@
|
|||
{
|
||||
$('#date-range-from-input').val(s1);
|
||||
$('#date-range-to-input').val(s2);
|
||||
}
|
||||
},
|
||||
});
|
||||
$('#date-range-to').dateRangePicker({
|
||||
separator : ' to ',
|
||||
|
@ -202,18 +202,22 @@
|
|||
{
|
||||
$('#date-range-from-input').val(s1);
|
||||
$('#date-range-to-input').val(s2);
|
||||
}
|
||||
},
|
||||
});
|
||||
|
||||
$('#date-range-from').data('dateRangePicker').setDateRange('{{date_from}}','{{date_to}}');
|
||||
$('#date-range-to').data('dateRangePicker').setDateRange('{{date_from}}','{{date_to}}');
|
||||
|
||||
$('#tableb64').DataTable({
|
||||
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
|
||||
"iDisplayLength": 10,
|
||||
"order": [[ 3, "desc" ]]
|
||||
});
|
||||
|
||||
{% if type %}
|
||||
//chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_by_type_json') }}?type_id={{type}}", 'id');
|
||||
{% elif daily_type_chart %}
|
||||
{% if type_id %}
|
||||
//chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_by_type_json') }}?date_from={{daily_date}}&type_id={{type_id}}", 'id');
|
||||
chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}&type_id={{type_id}}", 'id');
|
||||
{% elif type_id or daily_type_chart %}
|
||||
chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{daily_date}}&date_to={{daily_date}}", 'id');
|
||||
{% else %}
|
||||
chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}", 'id');
|
||||
|
@ -243,7 +247,6 @@ function toggle_sidebar(){
|
|||
}
|
||||
</script>
|
||||
<script>
|
||||
//var data = [6,3,3,2,5,3,9];
|
||||
|
||||
// a sparklines plot
|
||||
function sparklines(id, points) {
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
</h5>
|
||||
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="{{url_for('hashDecoded.hashDecoded_page')}}" id="nav_dashboard_pgp">
|
||||
<a class="nav-link" href="{{url_for('hashDecoded.pgpdump_page')}}" id="nav_dashboard_pgp">
|
||||
<i class="fas fa-search"></i>
|
||||
<span>PGP Dumps</span>
|
||||
</a>
|
||||
|
|
Loading…
Reference in New Issue