chg: Improve MISP push

2021-05-31 13:27:25 -07:00 · 2021-05-31 13:27:25 -07:00 · 53ef253c94
parent 38eb797f6d
commit 53ef253c94
3 changed files with 32 additions and 13 deletions
--- a/lookyloo/modules.py
+++ b/lookyloo/modules.py
@ -58,7 +58,7 @@ class MISP():
    def get_fav_tags(self):
        return self.client.tags(pythonify=True, favouritesOnly=1)

-    def _prepare_push(self, to_push: Union[List[MISPEvent], MISPEvent], allow_duplicates: bool=False) -> Union[List[MISPEvent], MISPEvent, Dict]:
+    def _prepare_push(self, to_push: Union[List[MISPEvent], MISPEvent], allow_duplicates: bool=False, auto_publish: bool=False) -> Union[List[MISPEvent], Dict]:
        '''Adds the pre-configured information as required by the instance.
        If duplicates aren't allowed, they will be automatically skiped and the
        extends_uuid key in the next element in the list updated'''
@ -80,14 +80,16 @@ class MISP():

            for tag in self.default_tags:
                event.add_tag(tag)
-            if self.auto_publish:
+            if auto_publish:
                event.publish()
            events_to_push.append(event)
        return events_to_push

-    def push(self, to_push: Union[List[MISPEvent], MISPEvent], allow_duplicates: bool=False) -> Union[List[MISPEvent], Dict]:
+    def push(self, to_push: Union[List[MISPEvent], MISPEvent], allow_duplicates: bool=False, auto_publish: Optional[bool]=None) -> Union[List[MISPEvent], Dict]:
+        if auto_publish is None:
+            auto_publish = self.auto_publish
        if self.available and self.enable_push:
-            events = self._prepare_push(to_push, allow_duplicates)
+            events = self._prepare_push(to_push, allow_duplicates, auto_publish)
            if not events:
                return {'error': 'All the events are already on the MISP instance.'}
            if isinstance(events, Dict):
--- a/website/web/init.py
+++ b/website/web/init.py
@ -20,7 +20,7 @@ from flask_bootstrap import Bootstrap  # type: ignore
 import flask_login  # type: ignore
 from werkzeug.security import generate_password_hash, check_password_hash

-from pymisp import MISPEvent
+from pymisp import MISPEvent, MISPServerError

 from lookyloo.helpers import (get_homedir, update_user_agents, get_user_agents, get_config,
                              get_taxonomies, load_cookies, CaptureStatus)
@ -979,12 +979,20 @@ def web_misp_push_view(tree_uuid: str):
            for tag in tags:
                e.add_tag(tag)

-        new_events = lookyloo.misp.push(events)
-        if isinstance(new_events, dict):
-            flash(f'Unable to create event(s): {new_events}', 'error')
+        # Change the event info field of the last event in the chain
+        events[-1].info = request.form.get('event_info')
+
+        try:
+            new_events = lookyloo.misp.push(events, True if request.form.get('force_push') else False,
+                                            True if request.form.get('auto_publish') else False)
+        except MISPServerError:
+            flash(f'MISP returned an error, the event(s) might still have been created on {lookyloo.misp.client.root_url}', 'error')
        else:
-            for e in new_events:
-                flash(f'MISP event {e.id} created on {lookyloo.misp.client.root_url}', 'success')
+            if isinstance(new_events, dict):
+                flash(f'Unable to create event(s): {new_events}', 'error')
+            else:
+                for e in new_events:
+                    flash(f'MISP event {e.id} created on {lookyloo.misp.client.root_url}', 'success')
        return redirect(url_for('tree', tree_uuid=tree_uuid))
    else:
        # the 1st attribute in the event is the link to lookyloo
@ -994,7 +1002,7 @@ def web_misp_push_view(tree_uuid: str):
    cache = lookyloo.capture_cache(tree_uuid)

    return render_template('misp_push_view.html', tree_uuid=tree_uuid,
-                           event=event, fav_tags=fav_tags,
+                           event=event[0], fav_tags=fav_tags,
                           existing_event=existing_misp_url,
                           auto_publish=lookyloo.misp.auto_publish,
                           has_parent=True if cache and cache.parent else False,
--- a/website/web/templates/misp_push_view.html
+++ b/website/web/templates/misp_push_view.html
@ -1,8 +1,13 @@
 <div>
-  <p>Event to push: {{event.info}}</p>
-  <p>Auto Publish: {{auto_publish}}</p>
  <p>Default tags: {{', '.join(default_tags)}}</p>
  <form role="form" action="{{ url_for('web_misp_push_view', tree_uuid=tree_uuid) }}" method=post enctype=multipart/form-data>
+    <div class="form-group row">
+      <label for="url" class="col-sm-2 col-form-label">Event info:</label>
+      <div class="col-sm-10">
+        <input type="text" class="form-control" name="event_info" value="{{event.info}}">
+      </div>
+    </div>
+
    <div class="form-group row">
      <label for="tags" class="col-sm-2 col-form-label">Available tags:</label>
      <div class="col-sm-10">
@ -13,6 +18,10 @@
        </select>
      </div>
    </div>
+    <div class="form-check">
+      <input class="form-check-input" type="checkbox" name="auto_publish" {%if auto_publish %} checked {% endif %}></input>
+      <label for="auto_publish" class="form-check-label">Publish the event automatically</label>
+    </div>
    {% if existing_event %}
    <p>There is already an <a href="{{existing_event}}">event on your MISP instance</a> with this lookyloo capture.</p>
    <div class="form-check">