mirror of https://github.com/CIRCL/AIL-framework
				
				
				
			
		
			
				
	
	
		
			254 lines
		
	
	
		
			8.9 KiB
		
	
	
	
		
			Python
		
	
	
			
		
		
	
	
			254 lines
		
	
	
		
			8.9 KiB
		
	
	
	
		
			Python
		
	
	
| #!/usr/bin/env python3
 | |
| # -*-coding:UTF-8 -*
 | |
| 
 | |
| """
 | |
|     Blueprint Flask: MISP format import export
 | |
| """
 | |
| import io
 | |
| import os
 | |
| import sys
 | |
| import json
 | |
| 
 | |
| from flask import render_template, jsonify, request, Blueprint, redirect, url_for, Response, send_file, abort
 | |
| from flask_login import login_required, current_user
 | |
| 
 | |
| sys.path.append('modules')
 | |
| 
 | |
| # Import Role_Manager
 | |
| from Role_Manager import login_admin, login_org_admin, login_read_only, login_user_no_api
 | |
| 
 | |
| sys.path.append(os.environ['AIL_BIN'])
 | |
| ##################################
 | |
| # Import Project packages
 | |
| ##################################
 | |
| from exporter import MISPExporter
 | |
| from exporter import TheHiveExporter
 | |
| from lib.exceptions import MISPConnectionError
 | |
| from lib.objects import ail_objects
 | |
| from lib import ail_core
 | |
| from lib.Investigations import Investigation
 | |
| 
 | |
| # ============ BLUEPRINT ============
 | |
| import_export = Blueprint('import_export', __name__,
 | |
|                           template_folder=os.path.join(os.environ['AIL_FLASK'], 'templates/import_export'))
 | |
| 
 | |
| # ============ VARIABLES ============
 | |
| misp_exporter_objects = MISPExporter.MISPExporterAILObjects()
 | |
| misp_exporter_investigation = MISPExporter.MISPExporterInvestigation()
 | |
| 
 | |
| thehive_exporter_item = TheHiveExporter.TheHiveExporterItem()
 | |
| 
 | |
| 
 | |
| # ============ FUNCTIONS ============
 | |
| 
 | |
| def create_json_response(data, status_code):
 | |
|     return Response(json.dumps(data, indent=2, sort_keys=True), mimetype='application/json'), status_code
 | |
| 
 | |
| 
 | |
| # ============= ROUTES ==============
 | |
| @import_export.route('/import_export/import')
 | |
| @login_required
 | |
| @login_user_no_api
 | |
| def import_object():
 | |
|     return render_template("import_object.html")
 | |
| 
 | |
| 
 | |
| # TODO
 | |
| @import_export.route("/import_export/import_file", methods=['POST'])
 | |
| @login_required
 | |
| @login_admin
 | |
| def import_object_file():
 | |
|     error = None
 | |
| 
 | |
|     is_file = False
 | |
|     if 'file' in request.files:
 | |
|         file = request.files['file']
 | |
|         if file:
 | |
|             if file.filename:
 | |
|                 is_file = True
 | |
| 
 | |
|     all_imported_obj = []
 | |
|     if is_file:
 | |
|         filename = MispImport.sanitize_import_file_path(file.filename)
 | |
|         file.save(filename)
 | |
|         map_uuid_global_id = MispImport.import_objs_from_file(filename)
 | |
|         os.remove(filename)
 | |
|         for obj_uuid in map_uuid_global_id:
 | |
|             dict_obj = MispImport.get_global_id_from_id(map_uuid_global_id[obj_uuid])
 | |
|             obj = ail_objects.get_object(dict_obj['type'], dict_obj['subtype'], dict_obj['id'])
 | |
|             dict_obj['uuid'] = obj_uuid
 | |
|             dict_obj['url'] = obj.get_link(flask_context=True)
 | |
|             dict_obj['node'] = obj.get_svg_icon()
 | |
|             all_imported_obj.append(dict_obj)
 | |
| 
 | |
|         if not all_imported_obj:
 | |
|             error = "error: Empty or invalid JSON file"
 | |
| 
 | |
|     return render_template("import_object.html", all_imported_obj=all_imported_obj, error=error)
 | |
| 
 | |
| 
 | |
| @import_export.route("/misp/objects/export", methods=['GET'])
 | |
| @login_required
 | |
| @login_user_no_api
 | |
| def objects_misp_export():
 | |
|     user_id = current_user.get_user_id()
 | |
|     object_types = ail_core.get_all_objects_with_subtypes_tuple()
 | |
|     to_export = MISPExporter.get_user_misp_objects_to_export(user_id)
 | |
|     return render_template("export_object.html", object_types=object_types, to_export=to_export)
 | |
| 
 | |
| 
 | |
| @import_export.route("/misp/objects/export/post", methods=['POST'])
 | |
| @login_required
 | |
| @login_user_no_api
 | |
| def objects_misp_export_post():
 | |
|     user_id = current_user.get_user_id()
 | |
|     user_role = current_user.get_role()
 | |
| 
 | |
|     # Get new added Object
 | |
|     new_export = []
 | |
|     user_lvl_export = {}
 | |
|     for obj_tuple in list(request.form):
 | |
|         # GET NEW LEVEL
 | |
|         if obj_tuple[0] == '{':
 | |
|             obj_j = obj_tuple.replace("'", "\"")
 | |
|             obj_dict = json.loads(obj_j)  # TODO sanitize
 | |
|             lvl = int(request.form.getlist(obj_tuple)[0])
 | |
|             user_lvl_export[f"{obj_dict['type']}:{obj_dict['subtype']}:{obj_dict['id']}"] = lvl
 | |
| 
 | |
|         l_input = request.form.getlist(obj_tuple)
 | |
|         if len(l_input) == 3:
 | |
|             if l_input[0] != 'Object type...':
 | |
|                 new_type, new_subtype = l_input[0].split(':', 1)
 | |
|                 if not new_subtype:
 | |
|                     new_subtype = ''
 | |
|                 new_export.append({'type': new_type, 'subtype': new_subtype, 'id': l_input[1], 'lvl': l_input[2]})
 | |
| 
 | |
|     objects = []
 | |
|     invalid_obj = []
 | |
|     for obj in new_export:
 | |
|         if not ail_objects.exists_obj(obj['type'], obj['subtype'], obj['id']):
 | |
|             invalid_obj.append(obj)
 | |
|         else:
 | |
|             objects.append(obj)
 | |
|     for obj in MISPExporter.get_user_misp_objects_to_export(user_id):
 | |
|         if not ail_objects.exists_obj(obj['type'], obj['subtype'], obj['id']):
 | |
|             invalid_obj.append(obj)
 | |
|         else:
 | |
|             str_id = f"{obj['type']}:{obj['subtype']}:{obj['id']}"
 | |
|             if str_id in user_lvl_export:
 | |
|                 obj['lvl'] = user_lvl_export[str_id]
 | |
|             objects.append(obj)
 | |
| 
 | |
|     if invalid_obj:
 | |
|         object_types = ail_core.get_all_objects_with_subtypes_tuple()
 | |
|         return render_template("export_object.html", object_types=object_types,
 | |
|                                to_export=objects, l_obj_invalid=invalid_obj)
 | |
| 
 | |
|     export = request.form.get('export_to_misp', False)
 | |
|     distribution = request.form.get('misp_event_distribution')
 | |
|     threat_level = request.form.get('threat_level_id')
 | |
|     analysis = request.form.get('misp_event_analysis')
 | |
|     info = request.form.get('misp_event_info')
 | |
|     publish = request.form.get('misp_event_info', False)
 | |
| 
 | |
|     # TODO Refactor to use MISP user api key
 | |
|     if user_role != 'admin':
 | |
|         export = False
 | |
|         publish = False
 | |
| 
 | |
|     objs = ail_objects.get_objects(objects)
 | |
|     if not objs:
 | |
|         return create_json_response({'error': 'Empty Event, nothing to export'}, 400)
 | |
| 
 | |
|     try:
 | |
|         event = misp_exporter_objects.create_event(objs, distribution=distribution, threat_level=threat_level,
 | |
|                                                    analysis=analysis, info=info, export=export, publish=publish)
 | |
|     except MISPConnectionError as e:
 | |
|         return create_json_response({"error": e.message}, 400)
 | |
| 
 | |
|     MISPExporter.delete_user_misp_objects_to_export(user_id)
 | |
|     if not export:
 | |
|         event_uuid = event[10:46]
 | |
|         event = f'{{"Event": {event}}}'
 | |
|         # TODO ADD JAVASCRIPT REFRESH PAGE IF RESP == 200
 | |
|         return send_file(io.BytesIO(event.encode()), as_attachment=True,
 | |
|                          download_name=f'ail_export_{event_uuid}.json')
 | |
|     else:
 | |
|         object_types = ail_core.get_all_objects_with_subtypes_tuple()
 | |
|         return render_template("export_object.html", object_types=object_types,
 | |
|                                misp_url=event['url'])
 | |
| 
 | |
| 
 | |
| @import_export.route("/misp/objects/export/add", methods=['GET'])
 | |
| @login_required
 | |
| @login_user_no_api
 | |
| def add_object_id_to_export():
 | |
|     user_id = current_user.get_user_id()
 | |
|     obj_type = request.args.get('type')
 | |
|     obj_id = request.args.get('id')
 | |
|     obj_subtype = request.args.get('subtype')
 | |
|     obj_lvl = request.args.get('lvl')
 | |
| 
 | |
|     try:
 | |
|         obj_lvl = int(obj_lvl)
 | |
|     except:
 | |
|         obj_lvl = 0
 | |
| 
 | |
|     if not ail_objects.exists_obj(obj_type, obj_subtype, obj_id):
 | |
|         abort(404)
 | |
|     MISPExporter.add_user_misp_object_to_export(user_id, obj_type, obj_subtype, obj_id, lvl=obj_lvl)
 | |
|     # redirect
 | |
|     return redirect(url_for('import_export.objects_misp_export'))
 | |
| 
 | |
| 
 | |
| @import_export.route("/misp/objects/export/delete", methods=['GET'])
 | |
| @login_required
 | |
| @login_user_no_api
 | |
| def delete_object_id_to_export():
 | |
|     user_id = current_user.get_user_id()
 | |
|     obj_type = request.args.get('type')
 | |
|     obj_id = request.args.get('id')
 | |
|     obj_subtype = request.args.get('subtype')
 | |
| 
 | |
|     MISPExporter.delete_user_misp_object_to_export(user_id, obj_type, obj_subtype, obj_id)
 | |
|     return jsonify(success=True)
 | |
| 
 | |
| 
 | |
| @import_export.route("/investigation/misp/export", methods=['GET'])
 | |
| @login_required
 | |
| @login_org_admin
 | |
| def export_investigation():
 | |
|     investigation_uuid = request.args.get("uuid")
 | |
|     investigation = Investigation(investigation_uuid)
 | |
|     if not investigation.exists():
 | |
|         abort(404)
 | |
|     if misp_exporter_objects.ping_misp():
 | |
|         event = misp_exporter_investigation.export(investigation)
 | |
|         print(event)
 | |
|     else:
 | |
|         return Response(json.dumps({"error": "Can't reach MISP Instance"}, indent=2, sort_keys=True),
 | |
|                         mimetype='application/json'), 400
 | |
|     return redirect(url_for('investigations_b.show_investigation', uuid=investigation_uuid))
 | |
| 
 | |
| 
 | |
| @import_export.route("/thehive/objects/case/export", methods=['POST'])
 | |
| @login_required
 | |
| @login_admin
 | |
| def create_thehive_case():
 | |
|     description = request.form['hive_description']
 | |
|     title = request.form['hive_case_title']
 | |
|     threat_level = request.form['threat_level_hive']
 | |
|     tlp = request.form['hive_tlp']
 | |
|     item_id = request.form['obj_id']
 | |
| 
 | |
|     item = ail_objects.get_object('item', '', item_id)
 | |
|     if not item.exists():
 | |
|         abort(404)
 | |
| 
 | |
|     case_id = thehive_exporter_item.export(item.get_id(), description=description, title=title,
 | |
|                                            threat_level=threat_level, tlp=tlp)
 | |
|     if case_id:
 | |
|         return redirect(thehive_exporter_item.get_case_url(case_id))
 | |
|     else:
 | |
|         return 'error'
 |