misp-modules/misp_modules/modules/expansion/assemblyline_submit.py

# -*- coding: utf-8 -*-
import json

from assemblyline_client import Client, ClientError
from urllib.parse import urljoin


moduleinfo = {
    'version': 1,
    'author': 'Christian Studer',
    'module-type': ['expansion'],
    'name': 'AssemblyLine Submit',
    'description': 'A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.',
    'logo': 'assemblyline.png',
    'requirements': ['assemblyline_client: Python library to query the AssemblyLine rest API.'],
    'features': 'The module requires the address of the AssemblyLine server you want to query as well as your credentials used for this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.\n\nIf the sample or url is correctly submitted, you get then the link of the submission.',
    'references': ['https://www.cyber.gc.ca/en/assemblyline'],
    'input': 'Sample, or url to submit to AssemblyLine.',
    'output': 'Link of the report generated in AssemblyLine.',
}
moduleconfig = ["apiurl", "user_id", "apikey", "password", "verifyssl"]
mispattributes = {"input": ["attachment", "malware-sample", "url"],
                  "output": ["link"]}


def parse_config(apiurl, user_id, config):
    error = {"error": "Please provide your AssemblyLine API key or Password."}
    if config.get('apikey'):
        try:
            return Client(apiurl, apikey=(user_id, config['apikey']), verify=config['verifyssl'])
        except ClientError as e:
            error['error'] = f'Error while initiating a connection with AssemblyLine: {e.__str__()}'
    if config.get('password'):
        try:
            return Client(apiurl, auth=(user_id, config['password']), verify=config['verifyssl'])
        except ClientError as e:
            error['error'] = f'Error while initiating a connection with AssemblyLine: {e.__str__()}'
    return error


def submit_content(client, filename, data):
    try:
        return client.submit(fname=filename, contents=data.encode())
    except Exception as e:
        return {'error': f'Error while submitting content to AssemblyLine: {e.__str__()}'}


def submit_request(client, request):
    if 'attachment' in request:
        return submit_content(client, request['attachment'], request['data'])
    if 'malware-sample' in request:
        return submit_content(client, request['malware-sample'].split('|')[0], request['data'])
    for feature in ('url', 'domain'):
        if feature in request:
            return submit_url(client, request[feature])
    return {"error": "No valid attribute type for this module has been provided."}


def submit_url(client, url):
    try:
        return client.submit(url=url)
    except Exception as e:
        return {'error': f'Error while submitting url to AssemblyLine: {e.__str__()}'}


def handler(q=False):
    if q is False:
        return q
    request = json.loads(q)
    if not request.get('config'):
        return {"error": "Missing configuration."}
    if not request['config'].get('apiurl'):
        return {"error": "No AssemblyLine server address provided."}
    apiurl = request['config']['apiurl']
    if not request['config'].get('user_id'):
        return {"error": "Please provide your AssemblyLine User ID."}
    user_id = request['config']['user_id']
    client = parse_config(apiurl, user_id, request['config'])
    if isinstance(client, dict):
        return client
    submission = submit_request(client, request)
    if 'error' in submission:
        return submission
    sid = submission['submission']['sid']
    return {
        "results": [{
            "types": "link",
            "categories": "External analysis",
            "values": urljoin(apiurl, f'submission_detail.html?sid={sid}')
        }]
    }


def introspection():
    return mispattributes


def version():
    moduleinfo["config"] = moduleconfig
    return moduleinfo
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 23:35:37 +01:00			`# -- coding: utf-8 --`
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 21:41:35 +01:00			`import json`

			`from assemblyline_client import Client, ClientError`
			`from urllib.parse import urljoin`


chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': 1,`
			`'author': 'Christian Studer',`
			`'module-type': ['expansion'],`
			`'name': 'AssemblyLine Submit',`
			`'description': 'A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.',`
			`'logo': 'assemblyline.png',`
			`'requirements': ['assemblyline_client: Python library to query the AssemblyLine rest API.'],`
			`'features': 'The module requires the address of the AssemblyLine server you want to query as well as your credentials used for this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.\n\nIf the sample or url is correctly submitted, you get then the link of the submission.',`
			`'references': ['https://www.cyber.gc.ca/en/assemblyline'],`
			`'input': 'Sample, or url to submit to AssemblyLine.',`
			`'output': 'Link of the report generated in AssemblyLine.',`
			`}`
Update assemblyline_submit.py 2021-02-02 13:22:27 +01:00			`moduleconfig = ["apiurl", "user_id", "apikey", "password", "verifyssl"]`
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 23:35:37 +01:00			`mispattributes = {"input": ["attachment", "malware-sample", "url"],`
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 21:41:35 +01:00			`"output": ["link"]}`


			`def parse_config(apiurl, user_id, config):`
			`error = {"error": "Please provide your AssemblyLine API key or Password."}`
			`if config.get('apikey'):`
			`try:`
Update assemblyline_submit.py 2021-02-02 13:26:02 +01:00			`return Client(apiurl, apikey=(user_id, config['apikey']), verify=config['verifyssl'])`
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 21:41:35 +01:00			`except ClientError as e:`
			`error['error'] = f'Error while initiating a connection with AssemblyLine: {e.__str__()}'`
			`if config.get('password'):`
			`try:`
Update assemblyline_submit.py 2021-02-02 13:26:02 +01:00			`return Client(apiurl, auth=(user_id, config['password']), verify=config['verifyssl'])`
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 21:41:35 +01:00			`except ClientError as e:`
			`error['error'] = f'Error while initiating a connection with AssemblyLine: {e.__str__()}'`
			`return error`

fix: Making pep8 happy 2019-11-20 16:13:51 +01:00
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 21:41:35 +01:00			`def submit_content(client, filename, data):`
			`try:`
			`return client.submit(fname=filename, contents=data.encode())`
			`except Exception as e:`
			`return {'error': f'Error while submitting content to AssemblyLine: {e.__str__()}'}`


			`def submit_request(client, request):`
			`if 'attachment' in request:`
			`return submit_content(client, request['attachment'], request['data'])`
			`if 'malware-sample' in request:`
			`return submit_content(client, request['malware-sample'].split('\|')[0], request['data'])`
			`for feature in ('url', 'domain'):`
			`if feature in request:`
			`return submit_url(client, request[feature])`
			`return {"error": "No valid attribute type for this module has been provided."}`


			`def submit_url(client, url):`
			`try:`
			`return client.submit(url=url)`
			`except Exception as e:`
			`return {'error': f'Error while submitting url to AssemblyLine: {e.__str__()}'}`


			`def handler(q=False):`
			`if q is False:`
			`return q`
			`request = json.loads(q)`
			`if not request.get('config'):`
			`return {"error": "Missing configuration."}`
			`if not request['config'].get('apiurl'):`
			`return {"error": "No AssemblyLine server address provided."}`
			`apiurl = request['config']['apiurl']`
			`if not request['config'].get('user_id'):`
			`return {"error": "Please provide your AssemblyLine User ID."}`
			`user_id = request['config']['user_id']`
			`client = parse_config(apiurl, user_id, request['config'])`
			`if isinstance(client, dict):`
			`return client`
			`submission = submit_request(client, request)`
			`if 'error' in submission:`
			`return submission`
			`sid = submission['submission']['sid']`
			`return {`
			`"results": [{`
			`"types": "link",`
			`"categories": "External analysis",`
			`"values": urljoin(apiurl, f'submission_detail.html?sid={sid}')`
			`}]`
			`}`


			`def introspection():`
			`return mispattributes`


			`def version():`
			`moduleinfo["config"] = moduleconfig`
			`return moduleinfo`