chg: [user_management endpoint] check user roles + add 503 template

pull/359/head
Terrtia 2019-06-19 17:02:09 +02:00
parent 6eec0aabfe
commit ef716f22e5
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
15 changed files with 225 additions and 7 deletions

View File

@ -34,6 +34,7 @@ import Flask_config
# Import Role_Manager
from Role_Manager import create_user_db, check_password_strength
from Role_Manager import login_admin, login_analyst
def flask_init():
# # TODO: move this to update
@ -211,7 +212,15 @@ def logout():
logout_user()
return redirect(url_for('login'))
# role error template
@app.route('/role', methods=['POST', 'GET'])
@login_required
def role():
return render_template("error/403.html"), 403
@app.route('/searchbox/')
@login_required
@login_analyst
def searchbox():
return render_template("searchbox.html")

View File

@ -6,6 +6,8 @@
'''
import redis
from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
import unicodedata
@ -275,6 +277,7 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
@PasteSubmit.route("/PasteSubmit/", methods=['GET'])
@login_required
@login_analyst
def PasteSubmit_page():
#active taxonomies
active_taxonomies = r_serv_tags.smembers('active_taxonomies')
@ -288,6 +291,7 @@ def PasteSubmit_page():
@PasteSubmit.route("/PasteSubmit/submit", methods=['POST'])
@login_required
@login_analyst
def submit():
#paste_name = request.form['paste_name']
@ -398,6 +402,7 @@ def submit():
@PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET'])
@login_required
@login_analyst
def submit_status():
UUID = request.args.get('UUID')
@ -465,6 +470,7 @@ def submit_status():
@PasteSubmit.route("/PasteSubmit/create_misp_event", methods=['POST'])
@login_required
@login_analyst
def create_misp_event():
distribution = int(request.form['misp_data[Event][distribution]'])
@ -488,6 +494,7 @@ def create_misp_event():
@PasteSubmit.route("/PasteSubmit/create_hive_case", methods=['POST'])
@login_required
@login_analyst
def create_hive_case():
hive_tlp = int(request.form['hive_tlp'])
@ -511,6 +518,7 @@ def create_hive_case():
@PasteSubmit.route("/PasteSubmit/edit_tag_export")
@login_required
@login_analyst
def edit_tag_export():
misp_auto_events = r_serv_db.get('misp:auto-events')
hive_auto_alerts = r_serv_db.get('hive:auto-alerts')
@ -576,6 +584,7 @@ def edit_tag_export():
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
@login_required
@login_analyst
def tag_export_edited():
tag_enabled_misp = request.form.getlist('tag_enabled_misp')
tag_enabled_hive = request.form.getlist('tag_enabled_hive')
@ -601,30 +610,35 @@ def tag_export_edited():
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
@login_required
@login_analyst
def enable_misp_auto_event():
r_serv_db.set('misp:auto-events', 1)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/disable_misp_auto_event")
@login_required
@login_analyst
def disable_misp_auto_event():
r_serv_db.set('misp:auto-events', 0)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/enable_hive_auto_alert")
@login_required
@login_analyst
def enable_hive_auto_alert():
r_serv_db.set('hive:auto-alerts', 1)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/disable_hive_auto_alert")
@login_required
@login_analyst
def disable_hive_auto_alert():
r_serv_db.set('hive:auto-alerts', 0)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/add_push_tag")
@login_required
@login_analyst
def add_push_tag():
tag = request.args.get('tag')
if tag is not None:
@ -643,6 +657,7 @@ def add_push_tag():
@PasteSubmit.route("/PasteSubmit/delete_push_tag")
@login_required
@login_analyst
def delete_push_tag():
tag = request.args.get('tag')

View File

@ -222,7 +222,7 @@ def update_tag_last_seen(tag, tag_first_seen, tag_last_seen):
@Tags.route("/tags/", methods=['GET'])
@login_required
@login_admin
@login_analyst
def Tags_page():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -357,6 +357,7 @@ def Tags_page():
@Tags.route("/Tags/get_all_tags")
@login_required
@login_analyst
def get_all_tags():
all_tags = r_serv_tags.smembers('list_tags')
@ -380,6 +381,7 @@ def get_all_tags():
@Tags.route("/Tags/get_all_tags_taxonomies")
@login_required
@login_analyst
def get_all_tags_taxonomies():
taxonomies = Taxonomies()
@ -398,6 +400,7 @@ def get_all_tags_taxonomies():
@Tags.route("/Tags/get_all_tags_galaxies")
@login_required
@login_analyst
def get_all_tags_galaxy():
active_galaxies = r_serv_tags.smembers('active_galaxies')
@ -412,6 +415,7 @@ def get_all_tags_galaxy():
@Tags.route("/Tags/get_tags_taxonomie")
@login_required
@login_analyst
def get_tags_taxonomie():
taxonomie = request.args.get('taxonomie')
@ -439,6 +443,7 @@ def get_tags_taxonomie():
@Tags.route("/Tags/get_tags_galaxy")
@login_required
@login_analyst
def get_tags_galaxy():
galaxy = request.args.get('galaxy')
@ -460,6 +465,7 @@ def get_tags_galaxy():
@Tags.route("/Tags/remove_tag")
@login_required
@login_analyst
def remove_tag():
#TODO verify input
@ -492,6 +498,7 @@ def confirm_tag():
@Tags.route("/Tags/tag_validation")
@login_required
@login_analyst
def tag_validation():
path = request.args.get('paste')
@ -513,6 +520,7 @@ def tag_validation():
@Tags.route("/Tags/addTags")
@login_required
@login_analyst
def addTags():
tags = request.args.get('tags')
@ -563,6 +571,7 @@ def addTags():
@Tags.route("/Tags/taxonomies")
@login_required
@login_analyst
def taxonomies():
active_taxonomies = r_serv_tags.smembers('active_taxonomies')
@ -600,6 +609,7 @@ def taxonomies():
@Tags.route("/Tags/edit_taxonomie")
@login_required
@login_analyst
def edit_taxonomie():
taxonomies = Taxonomies()
@ -649,6 +659,7 @@ def edit_taxonomie():
@Tags.route("/Tags/disable_taxonomie")
@login_required
@login_analyst
def disable_taxonomie():
taxonomies = Taxonomies()
@ -670,6 +681,7 @@ def disable_taxonomie():
@Tags.route("/Tags/active_taxonomie")
@login_required
@login_analyst
def active_taxonomie():
taxonomies = Taxonomies()
@ -690,6 +702,7 @@ def active_taxonomie():
@Tags.route("/Tags/edit_taxonomie_tag")
@login_required
@login_analyst
def edit_taxonomie_tag():
taxonomies = Taxonomies()
@ -733,6 +746,7 @@ def edit_taxonomie_tag():
@Tags.route("/Tags/galaxies")
@login_required
@login_analyst
def galaxies():
active_galaxies = r_serv_tags.smembers('active_galaxies')
@ -780,6 +794,7 @@ def galaxies():
@Tags.route("/Tags/edit_galaxy")
@login_required
@login_analyst
def edit_galaxy():
id = request.args.get('galaxy')
@ -848,6 +863,7 @@ def edit_galaxy():
@Tags.route("/Tags/active_galaxy")
@login_required
@login_analyst
def active_galaxy():
id = request.args.get('galaxy')
@ -893,6 +909,7 @@ def active_galaxy():
@Tags.route("/Tags/disable_galaxy")
@login_required
@login_analyst
def disable_galaxy():
id = request.args.get('galaxy')
@ -914,6 +931,7 @@ def disable_galaxy():
@Tags.route("/Tags/edit_galaxy_tag")
@login_required
@login_analyst
def edit_galaxy_tag():
arg1 = request.args.getlist('tag_enabled')
@ -987,6 +1005,7 @@ def edit_galaxy_tag():
@Tags.route("/Tags/tag_galaxy_info")
@login_required
@login_analyst
def tag_galaxy_info():
galaxy = request.args.get('galaxy')

View File

@ -13,6 +13,8 @@ import flask
from Date import Date
from flask import Flask, render_template, jsonify, request, Blueprint, url_for
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
# ============ VARIABLES ============
@ -111,11 +113,13 @@ def datetime_from_utc_to_local(utc_str):
@dashboard.route("/_logs")
@login_required
@login_analyst
def logs():
return flask.Response(event_stream(), mimetype="text/event-stream")
@dashboard.route("/_get_last_logs_json")
@login_required
@login_analyst
def get_last_logs_json():
date = datetime.datetime.now().strftime("%Y%m%d")
@ -158,12 +162,14 @@ def get_last_logs_json():
@dashboard.route("/_stuff", methods=['GET'])
@login_required
@login_analyst
def stuff():
return jsonify(row1=get_queues(r_serv))
@dashboard.route("/")
@login_required
@login_analyst
def index():
default_minute = cfg.get("Flask", "minute_processed_paste")
threshold_stucked_module = cfg.getint("Module_ModuleInformation", "threshold_stucked_module")

View File

@ -17,6 +17,7 @@ from hashlib import sha256
import requests
from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, send_file
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
# ============ VARIABLES ============
@ -476,6 +477,7 @@ def correlation_graph_node_json(correlation_type, type_id, key_id):
# ============= ROUTES ==============
@hashDecoded.route("/hashDecoded/all_hash_search", methods=['POST'])
@login_required
@login_analyst
def all_hash_search():
date_from = request.form.get('date_from')
date_to = request.form.get('date_to')
@ -486,6 +488,7 @@ def all_hash_search():
@hashDecoded.route("/hashDecoded/", methods=['GET'])
@login_required
@login_analyst
def hashDecoded_page():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -604,6 +607,7 @@ def hashDecoded_page():
@hashDecoded.route('/hashDecoded/hash_by_type')
@login_required
@login_analyst
def hash_by_type():
type = request.args.get('type')
type = 'text/plain'
@ -612,6 +616,7 @@ def hash_by_type():
@hashDecoded.route('/hashDecoded/hash_hash')
@login_required
@login_analyst
def hash_hash():
hash = request.args.get('hash')
return render_template('hash_hash.html')
@ -619,6 +624,7 @@ def hash_hash():
@hashDecoded.route('/hashDecoded/showHash')
@login_required
@login_analyst
def showHash():
hash = request.args.get('hash')
#hash = 'e02055d3efaad5d656345f6a8b1b6be4fe8cb5ea'
@ -673,6 +679,7 @@ def showHash():
@hashDecoded.route('/hashDecoded/downloadHash')
@login_required
@login_analyst
def downloadHash():
hash = request.args.get('hash')
# sanitize hash
@ -710,6 +717,7 @@ def downloadHash():
@hashDecoded.route('/hashDecoded/hash_by_type_json')
@login_required
@login_analyst
def hash_by_type_json():
type = request.args.get('type')
@ -744,6 +752,7 @@ def hash_by_type_json():
@hashDecoded.route('/hashDecoded/decoder_type_json')
@login_required
@login_analyst
def decoder_type_json():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -800,6 +809,7 @@ def decoder_type_json():
@hashDecoded.route('/hashDecoded/top5_type_json')
@login_required
@login_analyst
def top5_type_json():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -859,6 +869,7 @@ def top5_type_json():
@hashDecoded.route('/hashDecoded/daily_type_json')
@login_required
@login_analyst
def daily_type_json():
date = request.args.get('date')
@ -879,6 +890,7 @@ def daily_type_json():
@hashDecoded.route('/hashDecoded/range_type_json')
@login_required
@login_analyst
def range_type_json():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -936,6 +948,7 @@ def range_type_json():
@hashDecoded.route('/hashDecoded/hash_graph_line_json')
@login_required
@login_analyst
def hash_graph_line_json():
hash = request.args.get('hash')
date_from = request.args.get('date_from')
@ -966,6 +979,7 @@ def hash_graph_line_json():
@hashDecoded.route('/hashDecoded/hash_graph_node_json')
@login_required
@login_analyst
def hash_graph_node_json():
hash = request.args.get('hash')
@ -1034,6 +1048,7 @@ def hash_graph_node_json():
@hashDecoded.route('/hashDecoded/hash_types')
@login_required
@login_analyst
def hash_types():
date_from = 20180701
date_to = 20180706
@ -1042,6 +1057,7 @@ def hash_types():
@hashDecoded.route('/hashDecoded/send_file_to_vt_js')
@login_required
@login_analyst
def send_file_to_vt_js():
hash = request.args.get('hash')
@ -1066,6 +1082,7 @@ def send_file_to_vt_js():
@hashDecoded.route('/hashDecoded/update_vt_result')
@login_required
@login_analyst
def update_vt_result():
hash = request.args.get('hash')
@ -1102,6 +1119,8 @@ def update_vt_result():
############################ PGPDump ############################
@hashDecoded.route('/decoded/pgp_by_type_json') ## TODO: REFRACTOR
@login_required
@login_analyst
def pgp_by_type_json():
type_id = request.args.get('type_id')
date_from = request.args.get('date_from')
@ -1146,6 +1165,8 @@ def pgp_by_type_json():
############################ Correlation ############################
@hashDecoded.route("/correlation/pgpdump", methods=['GET'])
@login_required
@login_analyst
def pgpdump_page():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -1156,6 +1177,8 @@ def pgpdump_page():
return res
@hashDecoded.route("/correlation/cryptocurrency", methods=['GET'])
@login_required
@login_analyst
def cryptocurrency_page():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -1166,6 +1189,8 @@ def cryptocurrency_page():
return res
@hashDecoded.route("/correlation/all_pgpdump_search", methods=['POST'])
@login_required
@login_analyst
def all_pgpdump_search():
date_from = request.form.get('date_from')
date_to = request.form.get('date_to')
@ -1174,6 +1199,8 @@ def all_pgpdump_search():
return redirect(url_for('hashDecoded.pgpdump_page', date_from=date_from, date_to=date_to, type_id=type_id, show_decoded_files=show_decoded_files))
@hashDecoded.route("/correlation/all_cryptocurrency_search", methods=['POST'])
@login_required
@login_analyst
def all_cryptocurrency_search():
date_from = request.form.get('date_from')
date_to = request.form.get('date_to')
@ -1182,6 +1209,8 @@ def all_cryptocurrency_search():
return redirect(url_for('hashDecoded.cryptocurrency_page', date_from=date_from, date_to=date_to, type_id=type_id, show_decoded_files=show_decoded_files))
@hashDecoded.route('/correlation/show_pgpdump')
@login_required
@login_analyst
def show_pgpdump():
type_id = request.args.get('type_id')
key_id = request.args.get('key_id')
@ -1189,36 +1218,48 @@ def show_pgpdump():
@hashDecoded.route('/correlation/show_cryptocurrency')
@login_required
@login_analyst
def show_cryptocurrency():
type_id = request.args.get('type_id')
key_id = request.args.get('key_id')
return show_correlation('cryptocurrency', type_id, key_id)
@hashDecoded.route('/correlation/cryptocurrency_range_type_json')
@login_required
@login_analyst
def cryptocurrency_range_type_json():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
return correlation_type_range_type_json('cryptocurrency', date_from, date_to)
@hashDecoded.route('/correlation/pgpdump_range_type_json')
@login_required
@login_analyst
def pgpdump_range_type_json():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
return correlation_type_range_type_json('pgpdump', date_from, date_to)
@hashDecoded.route('/correlation/pgpdump_graph_node_json')
@login_required
@login_analyst
def pgpdump_graph_node_json():
type_id = request.args.get('type_id')
key_id = request.args.get('key_id')
return correlation_graph_node_json('pgpdump', type_id, key_id)
@hashDecoded.route('/correlation/cryptocurrency_graph_node_json')
@login_required
@login_analyst
def cryptocurrency_graph_node_json():
type_id = request.args.get('type_id')
key_id = request.args.get('key_id')
return correlation_graph_node_json('cryptocurrency', type_id, key_id)
@hashDecoded.route('/correlation/pgpdump_graph_line_json')
@login_required
@login_analyst
def pgpdump_graph_line_json():
type_id = request.args.get('type_id')
key_id = request.args.get('key_id')
@ -1251,6 +1292,8 @@ def correlation_graph_line_json(correlation_type, type_id, key_id, date_from, da
return jsonify()
@hashDecoded.route('/correlation/cryptocurrency_graph_line_json')
@login_required
@login_analyst
def cryptocurrency_graph_line_json():
type_id = request.args.get('type_id')
key_id = request.args.get('key_id')

View File

@ -12,6 +12,8 @@ import time
import json
from pyfaup.faup import Faup
from flask import Flask, render_template, jsonify, request, send_file, Blueprint, redirect, url_for
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
from Date import Date
@ -241,6 +243,7 @@ def delete_auto_crawler(url):
@hiddenServices.route("/crawlers/", methods=['GET'])
@login_required
@login_analyst
def dashboard():
crawler_metadata_onion = get_crawler_splash_status('onion')
crawler_metadata_regular = get_crawler_splash_status('regular')
@ -255,18 +258,15 @@ def dashboard():
crawler_metadata_regular=crawler_metadata_regular,
statDomains_onion=statDomains_onion, statDomains_regular=statDomains_regular)
@hiddenServices.route("/hiddenServices/2", methods=['GET'])
@login_required
def hiddenServices_page_test():
return render_template("Crawler_index.html")
@hiddenServices.route("/crawlers/manual", methods=['GET'])
@login_required
@login_analyst
def manual():
return render_template("Crawler_Splash_manual.html", crawler_enabled=crawler_enabled)
@hiddenServices.route("/crawlers/crawler_splash_onion", methods=['GET'])
@login_required
@login_analyst
def crawler_splash_onion():
type = 'onion'
last_onions = get_last_domains_crawled(type)
@ -285,6 +285,7 @@ def crawler_splash_onion():
@hiddenServices.route("/crawlers/Crawler_Splash_last_by_type", methods=['GET'])
@login_required
@login_analyst
def Crawler_Splash_last_by_type():
type = request.args.get('type')
# verify user input
@ -309,6 +310,7 @@ def Crawler_Splash_last_by_type():
@hiddenServices.route("/crawlers/blacklisted_domains", methods=['GET'])
@login_required
@login_analyst
def blacklisted_domains():
blacklist_domain = request.args.get('blacklist_domain')
unblacklist_domain = request.args.get('unblacklist_domain')
@ -344,6 +346,7 @@ def blacklisted_domains():
@hiddenServices.route("/crawler/blacklist_domain", methods=['GET'])
@login_required
@login_analyst
def blacklist_domain():
domain = request.args.get('domain')
type = request.args.get('type')
@ -366,6 +369,7 @@ def blacklist_domain():
@hiddenServices.route("/crawler/unblacklist_domain", methods=['GET'])
@login_required
@login_analyst
def unblacklist_domain():
domain = request.args.get('domain')
type = request.args.get('type')
@ -388,6 +392,7 @@ def unblacklist_domain():
@hiddenServices.route("/crawlers/create_spider_splash", methods=['POST'])
@login_required
@login_analyst
def create_spider_splash():
url = request.form.get('url_to_crawl')
automatic = request.form.get('crawler_type')
@ -475,6 +480,7 @@ def create_spider_splash():
@hiddenServices.route("/crawlers/auto_crawler", methods=['GET'])
@login_required
@login_analyst
def auto_crawler():
nb_element_to_display = 100
try:
@ -528,6 +534,7 @@ def auto_crawler():
@hiddenServices.route("/crawlers/remove_auto_crawler", methods=['GET'])
@login_required
@login_analyst
def remove_auto_crawler():
url = request.args.get('url')
page = request.args.get('page')
@ -538,6 +545,7 @@ def remove_auto_crawler():
@hiddenServices.route("/crawlers/crawler_dashboard_json", methods=['GET'])
@login_required
@login_analyst
def crawler_dashboard_json():
crawler_metadata_onion = get_crawler_splash_status('onion')
@ -555,6 +563,7 @@ def crawler_dashboard_json():
# # TODO: refractor
@hiddenServices.route("/hiddenServices/last_crawled_domains_with_stats_json", methods=['GET'])
@login_required
@login_analyst
def last_crawled_domains_with_stats_json():
last_onions = r_serv_onion.lrange('last_onion', 0 ,-1)
list_onion = []
@ -605,6 +614,7 @@ def last_crawled_domains_with_stats_json():
@hiddenServices.route("/hiddenServices/get_onions_by_daterange", methods=['POST'])
@login_required
@login_analyst
def get_onions_by_daterange():
date_from = request.form.get('date_from')
date_to = request.form.get('date_to')
@ -617,6 +627,7 @@ def get_onions_by_daterange():
@hiddenServices.route("/hiddenServices/show_domains_by_daterange", methods=['GET'])
@login_required
@login_analyst
def show_domains_by_daterange():
date_from = request.args.get('date_from')
date_to = request.args.get('date_to')
@ -722,6 +733,7 @@ def show_domains_by_daterange():
@hiddenServices.route("/crawlers/show_domain", methods=['GET'])
@login_required
@login_analyst
def show_domain():
domain = request.args.get('domain')
epoch = request.args.get('epoch')
@ -805,6 +817,8 @@ def show_domain():
domain_tags=domain_tags, screenshot=screenshot)
@hiddenServices.route("/crawlers/download_domain", methods=['GET'])
@login_required
@login_analyst
def download_domain():
domain = request.args.get('domain')
epoch = request.args.get('epoch')
@ -857,6 +871,7 @@ def download_domain():
@hiddenServices.route("/hiddenServices/onion_son", methods=['GET'])
@login_required
@login_analyst
def onion_son():
onion_domain = request.args.get('onion_domain')
@ -868,6 +883,7 @@ def onion_son():
# ============= JSON ==============
@hiddenServices.route("/hiddenServices/domain_crawled_7days_json", methods=['GET'])
@login_required
@login_analyst
def domain_crawled_7days_json():
type = 'onion'
## TODO: # FIXME: 404 error
@ -887,6 +903,7 @@ def domain_crawled_7days_json():
@hiddenServices.route('/hiddenServices/domain_crawled_by_type_json')
@login_required
@login_analyst
def domain_crawled_by_type_json():
current_date = request.args.get('date')
type = request.args.get('type')

View File

@ -6,6 +6,8 @@
'''
import redis
from flask import Flask, render_template, jsonify, request, Blueprint
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
# ============ VARIABLES ============
@ -24,6 +26,7 @@ def one():
@rawSkeleton.route("/rawSkeleton/", methods=['GET'])
@login_required
@login_analyst
def skeleton_page():
return render_template("rawSkeleton.html")

View File

@ -10,6 +10,8 @@ import os
import datetime
import flask
from flask import Flask, render_template, jsonify, request, Blueprint
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
import Paste
@ -95,6 +97,7 @@ def to_iso_date(timestamp):
@searches.route("/search", methods=['POST'])
@login_required
@login_analyst
def search():
query = request.form['query']
q = []
@ -183,6 +186,7 @@ def search():
@searches.route("/get_more_search_result", methods=['POST'])
@login_required
@login_analyst
def get_more_search_result():
query = request.form['query']
q = []

View File

@ -10,6 +10,8 @@ import calendar
from Date import Date
import flask
from flask import Flask, render_template, jsonify, request, Blueprint
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
import Paste
@ -41,12 +43,14 @@ def get_date_range(num_day):
@sentiments.route("/sentiment_analysis_trending/")
@login_required
@login_analyst
def sentiment_analysis_trending():
return render_template("sentiment_analysis_trending.html")
@sentiments.route("/sentiment_analysis_getplotdata/", methods=['GET'])
@login_required
@login_analyst
def sentiment_analysis_getplotdata():
# Get the top providers based on number of pastes
oneHour = 60*60
@ -98,6 +102,7 @@ def sentiment_analysis_getplotdata():
@sentiments.route("/sentiment_analysis_plot_tool/")
@login_required
@login_analyst
def sentiment_analysis_plot_tool():
return render_template("sentiment_analysis_plot_tool.html")
@ -105,6 +110,7 @@ def sentiment_analysis_plot_tool():
@sentiments.route("/sentiment_analysis_plot_tool_getdata/", methods=['GET'])
@login_required
@login_analyst
def sentiment_analysis_plot_tool_getdata():
getProviders = request.args.get('getProviders')

View File

@ -7,7 +7,8 @@
from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for
from flask_login import login_required, current_user
from Role_Manager import login_admin, login_analyst, create_user_db, edit_user_db, delete_user_db, check_password_strength
from Role_Manager import login_admin, login_analyst
from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength
import json
import secrets
@ -104,6 +105,7 @@ def get_all_roles():
@settings.route("/settings/", methods=['GET'])
@login_required
@login_analyst
def settings_page():
git_metadata = get_git_metadata()
current_version = r_serv_db.get('ail:version')
@ -114,18 +116,21 @@ def settings_page():
@settings.route("/settings/edit_profile", methods=['GET'])
@login_required
@login_analyst
def edit_profile():
user_metadata = get_user_metadata(current_user.get_id())
return render_template("edit_profile.html", user_metadata=user_metadata)
@settings.route("/settings/new_token", methods=['GET'])
@login_required
@login_analyst
def new_token():
generate_new_token(current_user.get_id())
return redirect(url_for('settings.edit_profile'))
@settings.route("/settings/new_token_user", methods=['GET'])
@login_required
@login_admin
def new_token_user():
user_id = request.args.get('user_id')
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
@ -134,6 +139,7 @@ def new_token_user():
@settings.route("/settings/create_user", methods=['GET'])
@login_required
@login_admin
def create_user():
user_id = request.args.get('user_id')
role = None
@ -146,6 +152,7 @@ def create_user():
@settings.route("/settings/create_user_post", methods=['POST'])
@login_required
@login_admin
def create_user_post():
email = request.form.get('username')
role = request.form.get('user_role')
@ -190,6 +197,7 @@ def create_user_post():
@settings.route("/settings/users_list", methods=['GET'])
@login_required
@login_admin
def users_list():
all_users = get_users_metadata(get_all_users())
new_user = request.args.get('new_user')
@ -202,12 +210,14 @@ def users_list():
@settings.route("/settings/edit_user", methods=['GET'])
@login_required
@login_admin
def edit_user():
user_id = request.args.get('user_id')
return redirect(url_for('settings.create_user', user_id=user_id))
@settings.route("/settings/delete_user", methods=['GET'])
@login_required
@login_admin
def delete_user():
user_id = request.args.get('user_id')
delete_user_db(user_id)
@ -216,6 +226,7 @@ def delete_user():
@settings.route("/settings/get_background_update_stats_json", methods=['GET'])
@login_required
@login_analyst
def get_background_update_stats_json():
# handle :end, error
update_stats = {}

View File

@ -9,6 +9,8 @@ import json
import os
import flask
from flask import Flask, render_template, jsonify, request, Blueprint, make_response, Response, send_from_directory, redirect, url_for
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
import difflib
@ -383,18 +385,21 @@ def show_item_min(requested_path , content_range=0):
@showsavedpastes.route("/showsavedpaste/") #completely shows the paste in a new tab
@login_required
@login_analyst
def showsavedpaste():
requested_path = request.args.get('paste', '')
return showpaste(0, requested_path)
@showsavedpastes.route("/showsaveditem_min/") #completely shows the paste in a new tab
@login_required
@login_analyst
def showsaveditem_min():
requested_path = request.args.get('paste', '')
return show_item_min(requested_path)
@showsavedpastes.route("/showsavedrawpaste/") #shows raw
@login_required
@login_analyst
def showsavedrawpaste():
requested_path = request.args.get('paste', '')
paste = Paste.Paste(requested_path)
@ -403,6 +408,7 @@ def showsavedrawpaste():
@showsavedpastes.route("/showpreviewpaste/")
@login_required
@login_analyst
def showpreviewpaste():
num = request.args.get('num', '')
requested_path = request.args.get('paste', '')
@ -411,6 +417,7 @@ def showpreviewpaste():
@showsavedpastes.route("/getmoredata/")
@login_required
@login_analyst
def getmoredata():
requested_path = request.args.get('paste', '')
paste = Paste.Paste(requested_path)
@ -420,6 +427,7 @@ def getmoredata():
@showsavedpastes.route("/showDiff/")
@login_required
@login_analyst
def showDiff():
s1 = request.args.get('s1', '')
s2 = request.args.get('s2', '')
@ -437,11 +445,13 @@ def showDiff():
@showsavedpastes.route('/screenshot/<path:filename>')
@login_required
@login_analyst
def screenshot(filename):
return send_from_directory(SCREENSHOT_FOLDER, filename+'.png', as_attachment=True)
@showsavedpastes.route('/send_file_to_vt/', methods=['POST'])
@login_required
@login_analyst
def send_file_to_vt():
b64_path = request.form['b64_path']
paste = request.form['paste']

View File

@ -11,6 +11,8 @@ import datetime
import calendar
import flask
from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
import re
@ -146,6 +148,7 @@ def save_tag_to_auto_push(list_tag):
@terms.route("/terms_management/")
@login_required
@login_analyst
def terms_management():
per_paste = request.args.get('per_paste')
if per_paste == "1" or per_paste is None:
@ -265,6 +268,7 @@ def terms_management():
@terms.route("/terms_management_query_paste/")
@login_required
@login_analyst
def terms_management_query_paste():
term = request.args.get('term')
paste_info = []
@ -298,6 +302,7 @@ def terms_management_query_paste():
@terms.route("/terms_management_query/")
@login_required
@login_analyst
def terms_management_query():
TrackedTermsDate_Name = "TrackedTermDate"
BlackListTermsDate_Name = "BlackListTermDate"
@ -321,6 +326,7 @@ def terms_management_query():
@terms.route("/terms_management_action/", methods=['GET'])
@login_required
@login_analyst
def terms_management_action():
today = datetime.datetime.now()
today = today.replace(microsecond=0)
@ -447,6 +453,7 @@ def terms_management_action():
@terms.route("/terms_management/delete_terms_tags", methods=['POST'])
@login_required
@login_analyst
def delete_terms_tags():
term = request.form.get('term')
tags_to_delete = request.form.getlist('tags_to_delete')
@ -460,6 +467,7 @@ def delete_terms_tags():
@terms.route("/terms_management/delete_terms_email", methods=['GET'])
@login_required
@login_analyst
def delete_terms_email():
term = request.args.get('term')
email = request.args.get('email')
@ -473,6 +481,7 @@ def delete_terms_email():
@terms.route("/terms_plot_tool/")
@login_required
@login_analyst
def terms_plot_tool():
term = request.args.get('term')
if term is not None:
@ -483,6 +492,7 @@ def terms_plot_tool():
@terms.route("/terms_plot_tool_data/")
@login_required
@login_analyst
def terms_plot_tool_data():
oneDay = 60*60*24
range_start = datetime.datetime.utcfromtimestamp(int(float(request.args.get('range_start')))) if request.args.get('range_start') is not None else 0;
@ -514,6 +524,7 @@ def terms_plot_tool_data():
@terms.route("/terms_plot_top/")
@login_required
@login_analyst
def terms_plot_top():
per_paste = request.args.get('per_paste')
per_paste = per_paste if per_paste is not None else 1
@ -522,6 +533,7 @@ def terms_plot_top():
@terms.route("/terms_plot_top_data/")
@login_required
@login_analyst
def terms_plot_top_data():
oneDay = 60*60*24
today = datetime.datetime.now()
@ -569,11 +581,13 @@ def terms_plot_top_data():
@terms.route("/credentials_tracker/")
@login_required
@login_analyst
def credentials_tracker():
return render_template("credentials_tracker.html")
@terms.route("/credentials_management_query_paste/", methods=['GET', 'POST'])
@login_required
@login_analyst
def credentials_management_query_paste():
cred = request.args.get('cred')
allPath = request.json['allPath']
@ -598,6 +612,7 @@ def credentials_management_query_paste():
@terms.route("/credentials_management_action/", methods=['GET'])
@login_required
@login_analyst
def cred_management_action():
supplied = request.args.get('term')

View File

@ -9,6 +9,8 @@ import datetime
from Date import Date
import flask
from flask import Flask, render_template, jsonify, request, Blueprint
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
# ============ VARIABLES ============
@ -38,6 +40,7 @@ def get_date_range(num_day):
@trendings.route("/_progressionCharts", methods=['GET'])
@login_required
@login_analyst
def progressionCharts():
attribute_name = request.args.get('attributeName')
trending_name = request.args.get('trendingName')
@ -64,6 +67,7 @@ def progressionCharts():
@trendings.route("/wordstrending/")
@login_required
@login_analyst
def wordstrending():
default_display = cfg.get("Flask", "default_display")
return render_template("Wordstrending.html", default_display = default_display)
@ -71,6 +75,7 @@ def wordstrending():
@trendings.route("/protocolstrending/")
@login_required
@login_analyst
def protocolstrending():
default_display = cfg.get("Flask", "default_display")
return render_template("Protocolstrending.html", default_display = default_display)
@ -78,6 +83,7 @@ def protocolstrending():
@trendings.route("/trending/")
@login_required
@login_analyst
def trending():
default_display = cfg.get("Flask", "default_display")
return render_template("Trending.html", default_display = default_display)

View File

@ -9,6 +9,8 @@ import datetime
from Date import Date
import flask
from flask import Flask, render_template, jsonify, request, Blueprint
from Role_Manager import login_admin, login_analyst
from flask_login import login_required
# ============ VARIABLES ============
@ -51,6 +53,7 @@ def get_date_range(num_day):
@trendingmodules.route("/_moduleCharts", methods=['GET'])
@login_required
@login_analyst
def modulesCharts():
keyword_name = request.args.get('keywordName')
module_name = request.args.get('moduleName')
@ -78,6 +81,7 @@ def modulesCharts():
@trendingmodules.route("/_providersChart", methods=['GET'])
@login_required
@login_analyst
def providersChart():
keyword_name = request.args.get('keywordName')
module_name = request.args.get('moduleName')
@ -125,6 +129,7 @@ def providersChart():
@trendingmodules.route("/moduletrending/")
@login_required
@login_analyst
def moduletrending():
return render_template("Moduletrending.html")

View File

@ -0,0 +1,49 @@
<!DOCTYPE html>
<html>
<head>
<title>403 - AIL</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
</head>
<body>
{% include 'nav_bar.html' %}
<div>
<br>
<br>
<h1 class="text-center">403 Forbidden</h1>
</div>
<br>
<br>
<br>
<br>
<div class="d-flex justify-content-center">
<pre>
,d8 ,a8888a, ad888888b,
,d888 ,8P"' `"Y8, d8" "88
,d8" 88 ,8P Y8, a8P
,d8" 88 88 88 aad8"
,d8" 88 88 88 ""Y8,
8888888888888 `8b d8' "8b
88 `8ba, ,ad8' Y8, a88
88 "Y8888P" "Y888888P'
88888888888 88 88 88 88
88 88 "" 88 88
88 88 88 88
88aaaaa ,adPPYba, 8b,dPPYba, 88,dPPYba, 88 ,adPPYb,88 ,adPPYb,88 ,adPPYba, 8b,dPPYba,
88""""" a8" "8a 88P' "Y8 88P' "8a 88 a8" `Y88 a8" `Y88 a8P_____88 88P' `"8a
88 8b d8 88 88 d8 88 8b 88 8b 88 8PP""""""" 88 88
88 "8a, ,a8" 88 88b, ,a8" 88 "8a, ,d88 "8a, ,d88 "8b, ,aa 88 88
88 `"YbbdP"' 88 8Y"Ybbd8"' 88 `"8bbdP"Y8 `"8bbdP"Y8 `"Ybbd8"' 88 88
</pre>
</div>
<body>
</html>