mirror of https://github.com/CIRCL/AIL-framework
fix: [Retro Hunt] fix item directory
parent
1ddf5a73ce
commit
e54cbb3114
|
@ -16,6 +16,7 @@ from flask import escape
|
||||||
|
|
||||||
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages/'))
|
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages/'))
|
||||||
import Date
|
import Date
|
||||||
|
import Tag
|
||||||
|
|
||||||
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib/'))
|
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib/'))
|
||||||
import ConfigLoader
|
import ConfigLoader
|
||||||
|
@ -26,6 +27,8 @@ r_cache = config_loader.get_redis_conn("Redis_Cache")
|
||||||
|
|
||||||
r_serv_db = config_loader.get_redis_conn("ARDB_DB")
|
r_serv_db = config_loader.get_redis_conn("ARDB_DB")
|
||||||
r_serv_tracker = config_loader.get_redis_conn("ARDB_Tracker")
|
r_serv_tracker = config_loader.get_redis_conn("ARDB_Tracker")
|
||||||
|
|
||||||
|
items_dir = config_loader.get_config_str("Directories", "pastes").replace('/', '')
|
||||||
config_loader = None
|
config_loader = None
|
||||||
|
|
||||||
email_regex = r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}'
|
email_regex = r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}'
|
||||||
|
@ -248,7 +251,6 @@ def update_tracker_daterange(tracker_uuid, date, op='add'):
|
||||||
if op == 'del':
|
if op == 'del':
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def remove_tracked_item(item_id):
|
def remove_tracked_item(item_id):
|
||||||
item_date = item_basic.get_item_date(item_id)
|
item_date = item_basic.get_item_date(item_id)
|
||||||
for tracker_uuid in get_item_all_trackers_uuid(item_id):
|
for tracker_uuid in get_item_all_trackers_uuid(item_id):
|
||||||
|
@ -267,6 +269,11 @@ def is_obj_tracked(obj_type, subtype, id):
|
||||||
def get_obj_all_trackers(obj_type, subtype, id):
|
def get_obj_all_trackers(obj_type, subtype, id):
|
||||||
return r_serv_tracker.smembers(f'obj:trackers:{obj_type}:{obj_id}')
|
return r_serv_tracker.smembers(f'obj:trackers:{obj_type}:{obj_id}')
|
||||||
|
|
||||||
|
# # TODO: ADD all Objects + Subtypes
|
||||||
|
def delete_obj_trackers(obj_type, subtype, id):
|
||||||
|
if obj_type == 'item':
|
||||||
|
remove_tracked_item(id)
|
||||||
|
|
||||||
def get_email_subject(tracker_uuid):
|
def get_email_subject(tracker_uuid):
|
||||||
tracker_description = get_tracker_description(tracker_uuid)
|
tracker_description = get_tracker_description(tracker_uuid)
|
||||||
if not tracker_description:
|
if not tracker_description:
|
||||||
|
@ -1039,7 +1046,7 @@ def get_retro_hunt_dir_day_to_analyze(task_uuid, date, filter_last=False, source
|
||||||
|
|
||||||
# # TODO: move me
|
# # TODO: move me
|
||||||
def get_items_to_analyze(dir, last=None):
|
def get_items_to_analyze(dir, last=None):
|
||||||
full_dir = os.path.join(os.environ['AIL_HOME'], 'PASTES', dir) # # TODO: # FIXME: use item config dir
|
full_dir = os.path.join(os.environ['AIL_HOME'], items_dir, dir)
|
||||||
if os.path.isdir(full_dir):
|
if os.path.isdir(full_dir):
|
||||||
all_items = sorted([os.path.join(dir, f) for f in os.listdir(full_dir) if os.path.isfile(os.path.join(full_dir, f))])
|
all_items = sorted([os.path.join(dir, f) for f in os.listdir(full_dir) if os.path.isfile(os.path.join(full_dir, f))])
|
||||||
# remove processed items
|
# remove processed items
|
||||||
|
@ -1265,7 +1272,21 @@ def api_delete_retro_hunt_task(task_uuid):
|
||||||
else:
|
else:
|
||||||
return (delete_retro_hunt_task(task_uuid), 200)
|
return (delete_retro_hunt_task(task_uuid), 200)
|
||||||
|
|
||||||
# if __name__ == '__main__':
|
#### DB FIX ####
|
||||||
|
def get_trackers_custom_tags():
|
||||||
|
tags = set()
|
||||||
|
for tracker_uuid in get_all_tracker_uuid():
|
||||||
|
for tag in get_tracker_tags(tracker_uuid):
|
||||||
|
tags.add(tag)
|
||||||
|
for task_uuid in get_all_retro_hunt_tasks():
|
||||||
|
for tag in get_retro_hunt_task_tags(task_uuid):
|
||||||
|
tags.add(tag)
|
||||||
|
return tags
|
||||||
|
|
||||||
|
#### -- ####
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
print(get_trackers_custom_tags())
|
||||||
# fix_all_tracker_uuid_list()
|
# fix_all_tracker_uuid_list()
|
||||||
# res = get_all_tracker_uuid()
|
# res = get_all_tracker_uuid()
|
||||||
# print(len(res))
|
# print(len(res))
|
||||||
|
|
|
@ -65,11 +65,9 @@ class Retro_Hunt(AbstractModule):
|
||||||
# First launch
|
# First launch
|
||||||
# restart
|
# restart
|
||||||
rule = Tracker.get_retro_hunt_task_rule(task_uuid, r_compile=True)
|
rule = Tracker.get_retro_hunt_task_rule(task_uuid, r_compile=True)
|
||||||
rule_str = Tracker.get_retro_hunt_task_rule(task_uuid)
|
|
||||||
self.redis_logger.warning(f'{self.module_name}, Retro Hunt rule {rule_str}')
|
|
||||||
|
|
||||||
timeout = Tracker.get_retro_hunt_task_timeout(task_uuid)
|
timeout = Tracker.get_retro_hunt_task_timeout(task_uuid)
|
||||||
self.redis_logger.warning(f'{self.module_name}, Retro Hunt rule {task_uuid} timeout {timeout}')
|
self.redis_logger.debug(f'{self.module_name}, Retro Hunt rule {task_uuid} timeout {timeout}')
|
||||||
sources = Tracker.get_retro_hunt_task_sources(task_uuid, r_sort=True)
|
sources = Tracker.get_retro_hunt_task_sources(task_uuid, r_sort=True)
|
||||||
|
|
||||||
self.date_from = Tracker.get_retro_hunt_task_date_from(task_uuid)
|
self.date_from = Tracker.get_retro_hunt_task_date_from(task_uuid)
|
||||||
|
@ -90,7 +88,7 @@ class Retro_Hunt(AbstractModule):
|
||||||
# # TODO: Filter previous item
|
# # TODO: Filter previous item
|
||||||
for dir in dirs_date:
|
for dir in dirs_date:
|
||||||
print(dir)
|
print(dir)
|
||||||
self.redis_logger.warning(f'{self.module_name}, Retro Hunt searching in directory {dir}')
|
self.redis_logger.debug(f'{self.module_name}, Retro Hunt searching in directory {dir}')
|
||||||
l_obj = Tracker.get_items_to_analyze(dir)
|
l_obj = Tracker.get_items_to_analyze(dir)
|
||||||
for id in l_obj:
|
for id in l_obj:
|
||||||
#print(f'{dir} / {id}')
|
#print(f'{dir} / {id}')
|
||||||
|
@ -98,7 +96,7 @@ class Retro_Hunt(AbstractModule):
|
||||||
# save current item in cache
|
# save current item in cache
|
||||||
Tracker.set_cache_retro_hunt_task_id(task_uuid, id)
|
Tracker.set_cache_retro_hunt_task_id(task_uuid, id)
|
||||||
|
|
||||||
self.redis_logger.warning(f'{self.module_name}, Retro Hunt rule {task_uuid}, searching item {id}')
|
self.redis_logger.debug(f'{self.module_name}, Retro Hunt rule {task_uuid}, searching item {id}')
|
||||||
|
|
||||||
yara_match = rule.match(data=self.item.get_content(), callback=self.yara_rules_match, which_callbacks=yara.CALLBACK_MATCHES, timeout=timeout)
|
yara_match = rule.match(data=self.item.get_content(), callback=self.yara_rules_match, which_callbacks=yara.CALLBACK_MATCHES, timeout=timeout)
|
||||||
|
|
||||||
|
@ -147,7 +145,7 @@ class Retro_Hunt(AbstractModule):
|
||||||
#print(data)
|
#print(data)
|
||||||
task_uuid = data['namespace']
|
task_uuid = data['namespace']
|
||||||
|
|
||||||
self.redis_logger.warning(f'{self.module_name}, Retro hunt {task_uuid} match found: {id}')
|
self.redis_logger.info(f'{self.module_name}, Retro hunt {task_uuid} match found: {id}')
|
||||||
print(f'Retro hunt {task_uuid} match found: {id}')
|
print(f'Retro hunt {task_uuid} match found: {id}')
|
||||||
|
|
||||||
Tracker.save_retro_hunt_match(task_uuid, id)
|
Tracker.save_retro_hunt_match(task_uuid, id)
|
||||||
|
|
Loading…
Reference in New Issue