mirror of https://github.com/CIRCL/AIL-framework
New API Endpoint:
Fixed get_item_content_encoded_text Added get_item_sources Added get_check_item_source Added get_default_yara_rule_contentpull/586/head
parent
3c24c636f8
commit
fc817a5389
|
@ -9,6 +9,7 @@ import redis
|
||||||
import uuid
|
import uuid
|
||||||
import yara
|
import yara
|
||||||
import datetime
|
import datetime
|
||||||
|
import base64
|
||||||
|
|
||||||
from flask import escape
|
from flask import escape
|
||||||
|
|
||||||
|
@ -683,17 +684,36 @@ def api_get_default_rule_content(default_yara_rule):
|
||||||
yara_dir = get_yara_rules_default_dir()
|
yara_dir = get_yara_rules_default_dir()
|
||||||
filename = os.path.join(yara_dir, default_yara_rule)
|
filename = os.path.join(yara_dir, default_yara_rule)
|
||||||
filename = os.path.realpath(filename)
|
filename = os.path.realpath(filename)
|
||||||
|
|
||||||
# incorrect filename
|
|
||||||
if not os.path.commonprefix([filename, yara_dir]) == yara_dir:
|
if not os.path.commonprefix([filename, yara_dir]) == yara_dir:
|
||||||
return ({'status': 'error', 'reason': 'file transversal detected'}, 400)
|
return {'status': 'error', 'reason': 'file traversal detected'}, 400
|
||||||
|
|
||||||
if not os.path.isfile(filename):
|
if not os.path.isfile(filename):
|
||||||
return ({'status': 'error', 'reason': 'yara rule not found'}, 400)
|
return {'status': 'error', 'reason': 'yara rule not found'}, 400
|
||||||
|
|
||||||
with open(filename, 'r') as f:
|
with open(filename, 'r') as f:
|
||||||
rule_content = f.read()
|
rule_content = f.read()
|
||||||
return ({'rule_name': default_yara_rule, 'content': rule_content}, 200)
|
return {'rule_name': default_yara_rule, 'content': rule_content}, 200
|
||||||
|
|
||||||
|
|
||||||
|
def get_yara_rule_content_restapi(request_dict):
|
||||||
|
rule_name = request_dict.get('rule_name', None)
|
||||||
|
if not request_dict:
|
||||||
|
return {'status': 'error', 'reason': 'Malformed JSON'}, 400
|
||||||
|
if not rule_name:
|
||||||
|
return {'status': 'error', 'reason': 'Mandatory parameter(s) not provided'}, 400
|
||||||
|
yara_dir = get_yara_rules_dir()
|
||||||
|
filename = os.path.join(yara_dir, rule_name)
|
||||||
|
filename = os.path.realpath(filename)
|
||||||
|
if not os.path.commonprefix([filename, yara_dir]) == yara_dir:
|
||||||
|
return {'status': 'error', 'reason': 'File Path Traversal'}, 400
|
||||||
|
if not os.path.isfile(filename):
|
||||||
|
return {'status': 'error', 'reason': 'yara rule not found'}, 400
|
||||||
|
with open(filename, 'r') as f:
|
||||||
|
rule_content = f.read()
|
||||||
|
rule_content = base64.b64encode((rule_content.encode('utf-8'))).decode('UTF-8')
|
||||||
|
return {'status': 'success', 'content': rule_content}, 200
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##-- YARA --##
|
##-- YARA --##
|
||||||
|
|
||||||
|
|
|
@ -59,6 +59,9 @@ def get_item_date(item_id, add_separator=False):
|
||||||
def get_source(item_id):
|
def get_source(item_id):
|
||||||
return item_basic.get_source(item_id)
|
return item_basic.get_source(item_id)
|
||||||
|
|
||||||
|
def get_all_sources():
|
||||||
|
return item_basic.get_all_items_sources(r_list=True)
|
||||||
|
|
||||||
def get_item_basename(item_id):
|
def get_item_basename(item_id):
|
||||||
return os.path.basename(item_id)
|
return os.path.basename(item_id)
|
||||||
|
|
||||||
|
@ -87,14 +90,12 @@ def get_item_metadata(item_id, item_content=None):
|
||||||
# encoding
|
# encoding
|
||||||
# language
|
# language
|
||||||
# lines info
|
# lines info
|
||||||
|
item_metadata = {'date': get_item_date(item_id, add_separator=True),
|
||||||
item_metadata = {}
|
'source': get_source(item_id),
|
||||||
item_metadata['date'] = get_item_date(item_id, add_separator=True)
|
'size': get_item_size(item_id),
|
||||||
item_metadata['source'] = get_source(item_id)
|
'encoding': get_item_encoding(item_id),
|
||||||
item_metadata['size'] = get_item_size(item_id)
|
'lines': get_lines_info(item_id, item_content=item_content)
|
||||||
item_metadata['encoding'] = get_item_encoding(item_id)
|
}
|
||||||
item_metadata['lines'] = get_lines_info(item_id, item_content=item_content)
|
|
||||||
|
|
||||||
return item_metadata
|
return item_metadata
|
||||||
|
|
||||||
def get_item_parent(item_id):
|
def get_item_parent(item_id):
|
||||||
|
@ -223,18 +224,33 @@ def get_item(request_dict):
|
||||||
def get_item_content_encoded_text(request_dict):
|
def get_item_content_encoded_text(request_dict):
|
||||||
item_id = request_dict.get('id', None)
|
item_id = request_dict.get('id', None)
|
||||||
if not request_dict:
|
if not request_dict:
|
||||||
return {'status': 'error', 'reason': 'Malformed JSON'}, 400, 1
|
return {'status': 'error', 'reason': 'Malformed JSON'}, 400
|
||||||
if not item_id:
|
if not item_id:
|
||||||
return {'status': 'error', 'reason': 'Mandatory parameter(s) not provided'}, 400, 1
|
return {'status': 'error', 'reason': 'Mandatory parameter(s) not provided'}, 400
|
||||||
if not exist_item(item_id):
|
if not exist_item(item_id):
|
||||||
return {'status': 'error', 'reason': 'Item not found'}, 404, 1
|
return {'status': 'error', 'reason': 'Item not found'}, 404
|
||||||
|
|
||||||
item_content = get_item_content(item_id)
|
item_content = get_item_content(item_id)
|
||||||
base64_output = base64.b64encode((item_content.encode('utf-8')))
|
item_content = base64.b64encode((item_content.encode('utf-8'))).decode('UTF-8')
|
||||||
|
return {'status': 'success', 'content': item_content}, 200
|
||||||
return base64_output, 200, 0
|
|
||||||
|
|
||||||
|
|
||||||
|
def get_item_sources():
|
||||||
|
item_content = {'sources': get_all_sources()}
|
||||||
|
return item_content, 200
|
||||||
|
|
||||||
|
def check_item_source(request_dict):
|
||||||
|
source = request_dict.get('source', None)
|
||||||
|
if not request_dict:
|
||||||
|
return {'status': 'error', 'reason': 'Malformed JSON'}, 400
|
||||||
|
if not source:
|
||||||
|
return {'status': 'error', 'reason': 'Mandatory parameter(s) not provided'}, 400
|
||||||
|
|
||||||
|
all_sources = item_basic.get_all_items_sources()
|
||||||
|
|
||||||
|
if source not in all_sources:
|
||||||
|
return {'status': 'error', 'reason': 'Invalid source', 'provide': source}, 400
|
||||||
|
return {'status': 'success', 'reason': 'Valid source', 'provide': source}, 200
|
||||||
###
|
###
|
||||||
### correlation
|
### correlation
|
||||||
###
|
###
|
||||||
|
|
|
@ -23,6 +23,7 @@ import Item
|
||||||
import Paste
|
import Paste
|
||||||
import Tag
|
import Tag
|
||||||
import Term
|
import Term
|
||||||
|
import Tracker
|
||||||
|
|
||||||
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'import'))
|
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'import'))
|
||||||
import importer
|
import importer
|
||||||
|
@ -319,12 +320,25 @@ def get_item_content_encoded_text():
|
||||||
item_id = data.get('id', None)
|
item_id = data.get('id', None)
|
||||||
req_data = {'id': item_id}
|
req_data = {'id': item_id}
|
||||||
res = Item.get_item_content_encoded_text(req_data)
|
res = Item.get_item_content_encoded_text(req_data)
|
||||||
if res[2] == 1:
|
|
||||||
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||||
else:
|
|
||||||
return res[0], res[1]
|
|
||||||
|
|
||||||
|
|
||||||
|
@restApi.route("api/v1/get/item/sources", methods=['GET'])
|
||||||
|
@token_required('read_only')
|
||||||
|
def get_item_sources():
|
||||||
|
res = Item.get_item_sources()
|
||||||
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@restApi.route("api/v1/get/item/source/check", methods=['POST'])
|
||||||
|
@token_required('read_only')
|
||||||
|
def get_check_item_source():
|
||||||
|
data = request.get_json()
|
||||||
|
source = data.get('source', None)
|
||||||
|
req_data = {'source': source}
|
||||||
|
res = Item.check_item_source(req_data)
|
||||||
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||||
# # # # # # # # # # # # # # TAGS # # # # # # # # # # # # # # # # #
|
# # # # # # # # # # # # # # TAGS # # # # # # # # # # # # # # # # #
|
||||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||||
|
@ -376,6 +390,14 @@ def get_tracker_term_item():
|
||||||
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||||
|
|
||||||
|
|
||||||
|
@restApi.route("api/v1/get/tracker/yara/content", methods=['POST'])
|
||||||
|
@token_required('read_only')
|
||||||
|
def get_default_yara_rule_content():
|
||||||
|
data = request.get_json()
|
||||||
|
rule_name = data.get('rule_name', None)
|
||||||
|
req_data = {'rule_name': rule_name}
|
||||||
|
res = Tracker.get_yara_rule_content_restapi(req_data)
|
||||||
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||||
# # # # # # # # # # # # CRYPTOCURRENCY # # # # # # # # # # # # # #
|
# # # # # # # # # # # # CRYPTOCURRENCY # # # # # # # # # # # # # #
|
||||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||||
|
|
Loading…
Reference in New Issue