2019-09-11 13:33:04 +00:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
# -*-coding:UTF-8 -*
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
Flask functions and routes for tracked items
|
|
|
|
|
'''
|
2020-08-12 07:28:36 +00:00
|
|
|
import os
|
|
|
|
|
import sys
|
2019-09-11 13:33:04 +00:00
|
|
|
import json
|
|
|
|
|
import flask
|
2019-09-13 14:33:34 +00:00
|
|
|
from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect, Response, escape
|
2019-09-11 13:33:04 +00:00
|
|
|
|
2019-11-20 15:15:08 +00:00
|
|
|
from Role_Manager import login_admin, login_analyst, login_read_only
|
2019-09-11 13:33:04 +00:00
|
|
|
from flask_login import login_required, current_user
|
|
|
|
|
|
2022-11-28 14:01:40 +00:00
|
|
|
sys.path.append(os.environ['AIL_BIN'])
|
|
|
|
|
##################################
|
|
|
|
|
# Import Project packages
|
|
|
|
|
##################################
|
2023-05-04 14:35:56 +00:00
|
|
|
from lib.objects import ail_objects
|
2022-11-28 14:01:40 +00:00
|
|
|
from lib import item_basic
|
|
|
|
|
from lib import Tracker
|
|
|
|
|
from lib import Tag
|
2023-05-04 14:35:56 +00:00
|
|
|
from packages import Date
|
2019-09-11 13:33:04 +00:00
|
|
|
|
2022-06-24 14:50:21 +00:00
|
|
|
|
2019-09-11 13:33:04 +00:00
|
|
|
# ============ VARIABLES ============
|
|
|
|
|
import Flask_config
|
|
|
|
|
|
|
|
|
|
app = Flask_config.app
|
|
|
|
|
baseUrl = Flask_config.baseUrl
|
|
|
|
|
bootstrap_label = Flask_config.bootstrap_label
|
|
|
|
|
|
|
|
|
|
hunter = Blueprint('hunter', __name__, template_folder='templates')
|
|
|
|
|
|
|
|
|
|
# ============ FUNCTIONS ============
|
|
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
def create_json_response(data, status_code):
|
|
|
|
|
return Response(json.dumps(data, indent=2, sort_keys=True), mimetype='application/json'), status_code
|
2019-09-11 13:33:04 +00:00
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
# ============ ROUTES ============
|
2020-12-08 15:47:55 +00:00
|
|
|
|
|
|
|
|
@hunter.route("/tracker/edit", methods=['GET', 'POST'])
|
|
|
|
|
@login_required
|
|
|
|
|
@login_analyst
|
|
|
|
|
def edit_tracked_menu():
|
|
|
|
|
user_id = current_user.get_id()
|
|
|
|
|
tracker_uuid = request.args.get('uuid', None)
|
|
|
|
|
|
2022-07-11 09:37:16 +00:00
|
|
|
res = Tracker.api_is_allowed_to_edit_tracker(tracker_uuid, user_id) # check if is author or admin
|
|
|
|
|
if res[1] != 200: # invalid access
|
2020-12-08 15:47:55 +00:00
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
|
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
tracker = Tracker.Tracker(tracker_uuid)
|
|
|
|
|
dict_tracker = tracker.get_meta(options={'description', 'level', 'mails', 'sources', 'tags', 'user', 'webhook'})
|
2020-12-08 15:47:55 +00:00
|
|
|
dict_tracker['tags'] = ' '.join(dict_tracker['tags'])
|
|
|
|
|
dict_tracker['mails'] = ' '.join(dict_tracker['mails'])
|
|
|
|
|
|
|
|
|
|
if dict_tracker['type'] == 'set':
|
|
|
|
|
dict_tracker['tracker'], dict_tracker['nb_words'] = dict_tracker['tracker'].split(';')
|
|
|
|
|
dict_tracker['tracker'] = dict_tracker['tracker'].replace(',', ' ')
|
|
|
|
|
elif dict_tracker['type'] == 'yara': #is_valid_default_yara_rule
|
|
|
|
|
if Tracker.is_default_yara_rule(dict_tracker['tracker']):
|
|
|
|
|
dict_tracker['yara_file'] = dict_tracker['tracker'].split('/')
|
|
|
|
|
dict_tracker['yara_file'] = dict_tracker['yara_file'][-2] + '/' + dict_tracker['yara_file'][-1]
|
|
|
|
|
dict_tracker['content'] = None
|
|
|
|
|
else:
|
|
|
|
|
dict_tracker['yara_file'] = None
|
|
|
|
|
dict_tracker['content'] = Tracker.get_yara_rule_content(dict_tracker['tracker'])
|
|
|
|
|
|
|
|
|
|
return render_template("edit_tracker.html", dict_tracker=dict_tracker,
|
2021-06-18 13:23:18 +00:00
|
|
|
all_sources=item_basic.get_all_items_sources(r_list=True),
|
2020-12-08 15:47:55 +00:00
|
|
|
all_yara_files=Tracker.get_all_default_yara_files())
|
|
|
|
|
|
|
|
|
|
## TO EDIT
|
|
|
|
|
# word
|
|
|
|
|
# set of word + nb words
|
|
|
|
|
# regex
|
2023-05-04 14:35:56 +00:00
|
|
|
# yara custom
|
2020-12-08 15:47:55 +00:00
|
|
|
# yara default ???? => allow edit ?
|
|
|
|
|
|
|
|
|
|
#### EDIT SHow Trackers ??????????????????????????????????????????????????
|
2019-09-11 13:33:04 +00:00
|
|
|
|
|
|
|
|
@hunter.route("/tracker/show_tracker")
|
|
|
|
|
@login_required
|
2019-11-20 15:15:08 +00:00
|
|
|
@login_read_only
|
2019-09-11 13:33:04 +00:00
|
|
|
def show_tracker():
|
|
|
|
|
user_id = current_user.get_id()
|
2021-06-21 15:25:12 +00:00
|
|
|
tracker_uuid = request.args.get('uuid', None)
|
2022-07-11 09:37:16 +00:00
|
|
|
res = Tracker.api_is_allowed_to_edit_tracker(tracker_uuid, user_id)
|
|
|
|
|
if res[1] != 200: # invalid access
|
2019-09-11 13:33:04 +00:00
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
|
|
|
|
|
|
|
|
|
date_from = request.args.get('date_from')
|
|
|
|
|
date_to = request.args.get('date_to')
|
|
|
|
|
|
|
|
|
|
if date_from:
|
|
|
|
|
date_from = date_from.replace('-', '')
|
|
|
|
|
if date_to:
|
|
|
|
|
date_to = date_to.replace('-', '')
|
|
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
tracker = Tracker.Tracker(tracker_uuid)
|
|
|
|
|
meta = tracker.get_meta(options={'description', 'level', 'mails', 'filters', 'sparkline', 'tags',
|
|
|
|
|
'user', 'webhook'})
|
2019-09-11 13:33:04 +00:00
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
if meta['type'] == 'yara':
|
|
|
|
|
yara_rule_content = Tracker.get_yara_rule_content(meta['tracked'])
|
2020-08-19 09:37:51 +00:00
|
|
|
else:
|
|
|
|
|
yara_rule_content = None
|
2022-06-07 14:18:52 +00:00
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
if meta['type'] == 'typosquatting':
|
|
|
|
|
typo_squatting = Tracker.get_tracked_typosquatting_domains(meta['tracked'])
|
|
|
|
|
sorted(typo_squatting)
|
2022-06-07 14:18:52 +00:00
|
|
|
else:
|
2023-05-04 14:35:56 +00:00
|
|
|
typo_squatting = set()
|
2022-06-07 14:18:52 +00:00
|
|
|
|
2019-09-11 13:33:04 +00:00
|
|
|
if date_from:
|
2023-05-04 14:35:56 +00:00
|
|
|
date_from, date_to = Date.sanitise_daterange(meta['first_seen'], meta['last_seen'])
|
|
|
|
|
objs = tracker.get_objs_by_daterange(date_from, date_to)
|
|
|
|
|
meta['objs'] = ail_objects.get_objects_meta(objs, flask_context=True)
|
2019-09-11 13:33:04 +00:00
|
|
|
else:
|
2023-05-04 14:35:56 +00:00
|
|
|
date_from = ''
|
|
|
|
|
date_to = ''
|
|
|
|
|
meta['objs'] = []
|
2019-09-11 13:33:04 +00:00
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
meta['date_from'] = date_from
|
|
|
|
|
meta['date_to'] = date_to
|
|
|
|
|
print(meta['filters'])
|
|
|
|
|
meta['item_sources'] = sorted(meta['filters'].get('item', {}).get('sources', []))
|
2023-05-10 14:26:46 +00:00
|
|
|
# meta['filters'] = json.dumps(meta['filters'], indent=4)
|
2021-06-18 13:23:18 +00:00
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
return render_template("showTracker.html", tracker_metadata=meta,
|
2023-03-16 15:49:53 +00:00
|
|
|
yara_rule_content=yara_rule_content,
|
|
|
|
|
typo_squatting=typo_squatting,
|
|
|
|
|
bootstrap_label=bootstrap_label)
|
2019-09-11 13:33:04 +00:00
|
|
|
|
2019-09-13 14:33:34 +00:00
|
|
|
@hunter.route("/tracker/update_tracker_description", methods=['POST'])
|
|
|
|
|
@login_required
|
|
|
|
|
@login_analyst
|
|
|
|
|
def update_tracker_description():
|
|
|
|
|
user_id = current_user.get_id()
|
|
|
|
|
term_uuid = request.form.get('uuid')
|
2022-07-11 09:37:16 +00:00
|
|
|
res = Tracker.api_is_allowed_to_edit_tracker(term_uuid, user_id)
|
|
|
|
|
if res[1] != 200: # invalid access
|
2019-09-13 14:33:34 +00:00
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
|
|
|
|
description = escape( str(request.form.get('description', '')) )
|
|
|
|
|
Term.replace_tracker_description(term_uuid, description)
|
|
|
|
|
return redirect(url_for('hunter.show_tracker', uuid=term_uuid))
|
|
|
|
|
|
2019-09-11 13:33:04 +00:00
|
|
|
@hunter.route("/tracker/update_tracker_tags", methods=['POST'])
|
|
|
|
|
@login_required
|
|
|
|
|
@login_analyst
|
|
|
|
|
def update_tracker_tags():
|
|
|
|
|
user_id = current_user.get_id()
|
|
|
|
|
term_uuid = request.form.get('uuid')
|
2022-07-11 09:37:16 +00:00
|
|
|
res = Tracker.api_is_allowed_to_edit_tracker(term_uuid, user_id)
|
|
|
|
|
if res[1] != 200: # invalid access
|
2019-09-11 13:33:04 +00:00
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
|
|
|
|
tags = request.form.get('tags')
|
|
|
|
|
if tags:
|
|
|
|
|
tags = tags.split()
|
|
|
|
|
else:
|
|
|
|
|
tags = []
|
|
|
|
|
Term.replace_tracked_term_tags(term_uuid, tags)
|
|
|
|
|
return redirect(url_for('hunter.show_tracker', uuid=term_uuid))
|
|
|
|
|
|
|
|
|
|
@hunter.route("/tracker/update_tracker_mails", methods=['POST'])
|
|
|
|
|
@login_required
|
|
|
|
|
@login_analyst
|
|
|
|
|
def update_tracker_mails():
|
|
|
|
|
user_id = current_user.get_id()
|
|
|
|
|
term_uuid = request.form.get('uuid')
|
2022-07-11 09:37:16 +00:00
|
|
|
res = Tracker.api_is_allowed_to_edit_tracker(term_uuid, user_id)
|
|
|
|
|
if res[1] != 200: # invalid access
|
2019-09-11 13:33:04 +00:00
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
|
|
|
|
mails = request.form.get('mails')
|
|
|
|
|
if mails:
|
|
|
|
|
mails = mails.split()
|
|
|
|
|
else:
|
|
|
|
|
mails = []
|
|
|
|
|
res = Term.replace_tracked_term_mails(term_uuid, mails)
|
|
|
|
|
if res: # invalid mail
|
|
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
|
|
|
|
return redirect(url_for('hunter.show_tracker', uuid=term_uuid))
|
|
|
|
|
|
|
|
|
|
@hunter.route("/tracker/get_json_tracker_stats", methods=['GET'])
|
|
|
|
|
@login_required
|
2019-11-20 15:15:08 +00:00
|
|
|
@login_read_only
|
2019-09-11 13:33:04 +00:00
|
|
|
def get_json_tracker_stats():
|
2023-05-04 14:35:56 +00:00
|
|
|
user_id = current_user.get_id()
|
|
|
|
|
tracker_uuid = request.args.get('uuid')
|
|
|
|
|
res = Tracker.api_check_tracker_acl(tracker_uuid, user_id)
|
|
|
|
|
if res:
|
|
|
|
|
return create_json_response(res[0], res[1])
|
|
|
|
|
|
2019-09-11 13:33:04 +00:00
|
|
|
date_from = request.args.get('date_from')
|
|
|
|
|
date_to = request.args.get('date_to')
|
|
|
|
|
|
|
|
|
|
if date_from:
|
|
|
|
|
date_from = date_from.replace('-', '')
|
|
|
|
|
if date_to:
|
|
|
|
|
date_to = date_to.replace('-', '')
|
|
|
|
|
if date_from and date_to:
|
2023-05-04 14:35:56 +00:00
|
|
|
res = Tracker.get_trackers_graph_by_day([tracker_uuid], date_from=date_from, date_to=date_to)
|
2019-09-11 13:33:04 +00:00
|
|
|
else:
|
2023-05-04 14:35:56 +00:00
|
|
|
res = Tracker.get_trackers_graph_by_day([tracker_uuid])
|
2019-09-11 13:33:04 +00:00
|
|
|
return jsonify(res)
|
|
|
|
|
|
2020-09-03 14:33:10 +00:00
|
|
|
@hunter.route("/tracker/yara/default_rule/content", methods=['GET'])
|
|
|
|
|
@login_required
|
|
|
|
|
@login_read_only
|
|
|
|
|
def get_default_yara_rule_content():
|
|
|
|
|
default_yara_rule = request.args.get('rule_name')
|
|
|
|
|
res = Tracker.api_get_default_rule_content(default_yara_rule)
|
|
|
|
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
2020-08-12 07:28:36 +00:00
|
|
|
|
2023-05-04 14:35:56 +00:00
|
|
|
|
2019-09-11 13:33:04 +00:00
|
|
|
# ========= REGISTRATION =========
|
|
|
|
|
app.register_blueprint(hunter, url_prefix=baseUrl)
|
