chg: [Showpaste] check if tags are safe (img) + fix domain link

This commit is contained in:
Terrtia 2019-11-25 18:11:20 +01:00
parent bff9b45c26
commit 0af359e5e5
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 30 additions and 7 deletions

View file

@ -130,11 +130,11 @@ def is_tag_in_all_tag(tag):
def get_all_tags(): def get_all_tags():
return list(r_serv_tags.smembers('list_tags')) return list(r_serv_tags.smembers('list_tags'))
'''
Retun all the tags of a given item.
:param item_id: (Paste or domain)
'''
def get_item_tags(item_id): def get_item_tags(item_id):
'''
Retun all the tags of a given item.
:param item_id: (Paste or domain)
'''
tags = r_serv_metadata.smembers('tag:{}'.format(item_id)) tags = r_serv_metadata.smembers('tag:{}'.format(item_id))
if tags: if tags:
return list(tags) return list(tags)
@ -157,6 +157,11 @@ def get_min_tag(tag):
def get_item_tags_minimal(item_id): def get_item_tags_minimal(item_id):
return [ {"tag": tag, "min_tag": get_min_tag(tag)} for tag in get_item_tags(item_id) ] return [ {"tag": tag, "min_tag": get_min_tag(tag)} for tag in get_item_tags(item_id) ]
def unpack_str_tags_list(str_tags_list):
str_tags_list = str_tags_list.replace('"','\"')
return str_tags_list.split(',')
# TEMPLATE + API QUERY # TEMPLATE + API QUERY
def add_items_tag(tags=[], galaxy_tags=[], item_id=None): ## TODO: remove me def add_items_tag(tags=[], galaxy_tags=[], item_id=None): ## TODO: remove me
res_dict = {} res_dict = {}
@ -220,6 +225,7 @@ def add_items_tags(tags=[], galaxy_tags=[], item_id=None, item_type="paste"):
return (res_dict, 200) return (res_dict, 200)
def add_domain_tag(tag, domain, item_date): def add_domain_tag(tag, domain, item_date):
r_serv_tags.sadd('list_tags:domain', tag)
r_serv_metadata.sadd('tag:{}'.format(domain), tag) r_serv_metadata.sadd('tag:{}'.format(domain), tag)
r_serv_tags.sadd('domain:{}:{}'.format(tag, item_date), domain) r_serv_tags.sadd('domain:{}:{}'.format(tag, item_date), domain)

View file

@ -434,7 +434,7 @@ def addTags():
list_tag = tags.split(',') list_tag = tags.split(',')
list_tag_galaxies = tagsgalaxies.split(',') list_tag_galaxies = tagsgalaxies.split(',')
res = Tag.add_items_tag(list_tag, list_tag_galaxies, path) res = Tag.add_items_tags(list_tag, list_tag_galaxies, item_id=path)
print(res) print(res)
# error # error
if res[1] != 200: if res[1] != 200:

View file

@ -7,6 +7,7 @@
import redis import redis
import json import json
import os import os
import sys
import flask import flask
from flask import Flask, render_template, jsonify, request, Blueprint, make_response, Response, send_from_directory, redirect, url_for from flask import Flask, render_template, jsonify, request, Blueprint, make_response, Response, send_from_directory, redirect, url_for
@ -19,6 +20,14 @@ import ssdeep
import Paste import Paste
import requests import requests
from pyfaup.faup import Faup
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages/'))
import Tag
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib/'))
import Domain
# ============ VARIABLES ============ # ============ VARIABLES ============
import Flask_config import Flask_config
@ -39,6 +48,8 @@ vt_enabled = Flask_config.vt_enabled
PASTES_FOLDER = Flask_config.PASTES_FOLDER PASTES_FOLDER = Flask_config.PASTES_FOLDER
SCREENSHOT_FOLDER = Flask_config.SCREENSHOT_FOLDER SCREENSHOT_FOLDER = Flask_config.SCREENSHOT_FOLDER
faup = Faup()
showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates') showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
# ============ FUNCTIONS ============ # ============ FUNCTIONS ============
@ -136,6 +147,7 @@ def showpaste(content_range, requested_path):
active_taxonomies = r_serv_tags.smembers('active_taxonomies') active_taxonomies = r_serv_tags.smembers('active_taxonomies')
l_tags = r_serv_metadata.smembers('tag:'+requested_path) l_tags = r_serv_metadata.smembers('tag:'+requested_path)
tags_safe = Tag.is_tags_safe(l_tags)
#active galaxies #active galaxies
active_galaxies = r_serv_tags.smembers('active_galaxies') active_galaxies = r_serv_tags.smembers('active_galaxies')
@ -209,6 +221,11 @@ def showpaste(content_range, requested_path):
if 'infoleak:submission="crawler"' in l_tags: if 'infoleak:submission="crawler"' in l_tags:
crawler_metadata['get_metadata'] = True crawler_metadata['get_metadata'] = True
crawler_metadata['domain'] = r_serv_metadata.hget('paste_metadata:'+requested_path, 'domain') crawler_metadata['domain'] = r_serv_metadata.hget('paste_metadata:'+requested_path, 'domain')
faup.decode(crawler_metadata['domain'])
domain_unpack = faup.get()
crawler_metadata['domain'] = domain_unpack['domain']
if tags_safe:
tags_safe = Tag.is_tags_safe(Domain.get_domain_tags(crawler_metadata['domain']))
crawler_metadata['paste_father'] = r_serv_metadata.hget('paste_metadata:'+requested_path, 'father') crawler_metadata['paste_father'] = r_serv_metadata.hget('paste_metadata:'+requested_path, 'father')
crawler_metadata['real_link'] = r_serv_metadata.hget('paste_metadata:'+requested_path,'real_link') crawler_metadata['real_link'] = r_serv_metadata.hget('paste_metadata:'+requested_path,'real_link')
crawler_metadata['screenshot'] = get_item_screenshot_path(requested_path) crawler_metadata['screenshot'] = get_item_screenshot_path(requested_path)
@ -242,7 +259,7 @@ def showpaste(content_range, requested_path):
hive_url = hive_case_url.replace('id_here', hive_case) hive_url = hive_case_url.replace('id_here', hive_case)
return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list, return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
crawler_metadata=crawler_metadata, crawler_metadata=crawler_metadata, tags_safe=tags_safe,
l_64=l_64, vt_enabled=vt_enabled, misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url) l_64=l_64, vt_enabled=vt_enabled, misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url)
def get_item_basic_info(item): def get_item_basic_info(item):

View file

@ -461,7 +461,7 @@
<div class="panel-heading"> <div class="panel-heading">
<div class="row"> <div class="row">
<div class="col-md-8"> <div class="col-md-8">
<input class="center" id="blocks" type="range" min="1" max="50" value="13"> <input class="center" id="blocks" type="range" min="1" max="50" value="{%if tags_safe%}13{%else%}0{%endif%}">
</div> </div>
<div class="col-md-4"> <div class="col-md-4">
<button class="btn btn-primary btn-tags" onclick="blocks.value=50;pixelate();"> <button class="btn btn-primary btn-tags" onclick="blocks.value=50;pixelate();">