chg: [UI + API] update endpoints ACL

This commit is contained in:
terrtia 2024-09-05 16:40:24 +02:00
parent a05e1feed6
commit 0cbcf28818
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
31 changed files with 138 additions and 133 deletions

View file

@ -16,7 +16,7 @@ sys.path.append('modules')
import Flask_config
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -92,24 +92,24 @@ def create_json_response(data, status_code):
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@api_rest.route("api/v1/ping", methods=['GET'])
@token_required('read_only')
@token_required('user')
def v1_ping():
return create_json_response({'status': 'pong'}, 200)
@api_rest.route("api/v1/uuid", methods=['GET'])
@token_required('read_only')
@token_required('user')
def v1_uuid():
ail_uid = ail_core.get_ail_uuid()
return create_json_response({'uuid': ail_uid}, 200)
@api_rest.route("api/v1/version", methods=['GET'])
@token_required('read_only')
@token_required('user')
def v1_version():
version = ail_updates.get_ail_version()
return create_json_response({'version': version}, 200)
@api_rest.route("api/v1/pyail/version", methods=['GET'])
@token_required('read_only')
@token_required('user')
def v1_pyail_version():
ail_version = 'v1.0.0'
return create_json_response({'version': ail_version}, 200)
@ -120,7 +120,7 @@ def v1_pyail_version():
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # TODO: ADD RESULT JSON Response
@api_rest.route("api/v1/add/crawler/task", methods=['POST']) # TODO V2 Migration
@token_required('analyst')
@token_required('user')
def add_crawler_task():
data = request.get_json()
user_token = get_auth_from_header()
@ -134,7 +134,7 @@ def add_crawler_task():
@api_rest.route("api/v1/add/crawler/capture", methods=['POST']) # TODO V2 Migration
@token_required('analyst')
@token_required('user')
def add_crawler_capture():
data = request.get_json()
user_token = get_auth_from_header()
@ -160,7 +160,7 @@ def import_json_item():
# # # # # # # # # # # # # # # OBJECTS # # # # # # # # # # # # # # # # # # # TODO LIST OBJ TYPES + SUBTYPES
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@api_rest.route("api/v1/object", methods=['GET']) # TODO options
@token_required('read_only')
@token_required('user')
def v1_object():
obj_gid = request.args.get('gid')
if obj_gid:
@ -174,14 +174,14 @@ def v1_object():
@api_rest.route("api/v1/obj/gid/<path:object_global_id>", methods=['GET']) # TODO REMOVE ME ????
@token_required('read_only')
@token_required('user')
def v1_object_global_id(object_global_id):
r = ail_objects.api_get_object_global_id(object_global_id)
return create_json_response(r[0], r[1])
# @api_rest.route("api/v1/object/<object_type>/<object_subtype>/<path:object_id>", methods=['GET'])
@api_rest.route("api/v1/obj/<object_type>/<path:object_id>", methods=['GET']) # TODO REMOVE ME ????
@token_required('read_only')
@token_required('user')
def v1_object_type_id(object_type, object_id):
r = ail_objects.api_get_object_type_id(object_type, object_id)
return create_json_response(r[0], r[1])
@ -191,7 +191,7 @@ def v1_object_type_id(object_type, object_id):
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@api_rest.route("api/v1/chat/messages", methods=['GET'])
@token_required('analyst')
@token_required('user')
def objects_chat_messages():
obj_subtype = request.args.get('subtype')
obj_id = request.args.get('id')
@ -199,7 +199,7 @@ def objects_chat_messages():
return create_json_response(r[0], r[1])
@api_rest.route("api/v1/chat-subchannel/messages", methods=['GET'])
@token_required('analyst')
@token_required('user')
def objects_chat_subchannel_messages():
obj_subtype = request.args.get('subtype')
obj_id = request.args.get('id')
@ -207,7 +207,7 @@ def objects_chat_subchannel_messages():
return create_json_response(r[0], r[1])
@api_rest.route("api/v1/chat-thread/messages", methods=['GET'])
@token_required('analyst')
@token_required('user')
def objects_chat_thread_messages():
obj_subtype = request.args.get('subtype')
obj_id = request.args.get('id')
@ -219,14 +219,14 @@ def objects_chat_thread_messages():
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@api_rest.route("api/v1/titles/download", methods=['GET']) # TODO RENAME ->api/v1/titles/domains
@token_required('analyst')
@token_required('user')
def objects_titles_download():
return create_json_response(Titles.Titles().get_contents_ids(), 200)
# TODO
@api_rest.route("api/v1/titles/download/unsafe", methods=['GET']) # TODO RENAME ->api/v1/titles/domains/unsafe
@token_required('analyst')
@token_required('user')
def objects_titles_download_unsafe():
all_titles = {}
unsafe_tags = Tag.unsafe_tags
@ -249,7 +249,7 @@ def objects_titles_download_unsafe():
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@api_rest.route("api/v1/investigation/<investigation_uuid>", methods=['GET']) # TODO options
@token_required('read_only')
@token_required('user')
def v1_investigation(investigation_uuid):
user_token = get_auth_from_header()
user_org, user_id, user_role = ail_api.get_basic_user_meta(user_token)

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only, login_user_no_api
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -246,7 +246,7 @@ def objects_message():
@chats_explorer.route("/objects/message/translate", methods=['POST'])
@login_required
@login_read_only
@login_user_no_api
def objects_message_translate():
message_id = request.form.get('id')
source = request.form.get('language_target')
@ -265,7 +265,7 @@ def objects_message_translate():
@chats_explorer.route("/objects/message/detect/language", methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def objects_message_detect_language():
message_id = request.args.get('id')
target = request.args.get('target')

View file

@ -16,7 +16,7 @@ sys.path.append('modules')
import Flask_config
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
@ -206,7 +206,7 @@ def correlation_delete():
@correlation.route('/correlation/tags/add', methods=['POST'])
@login_required
@login_analyst
@login_admin
def correlation_tags_add():
obj_id = request.form.get('tag_obj_id')
subtype = request.form.get('tag_subtype', '')

View file

@ -19,7 +19,7 @@ sys.path.append('modules')
import Flask_config
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only, login_user_no_api
from Role_Manager import login_admin, login_user, login_user_no_api, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -110,7 +110,7 @@ def manual():
@crawler_splash.route("/crawlers/send_to_spider", methods=['POST'])
@login_required
@login_analyst
@login_user_no_api
def send_to_spider():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -222,7 +222,7 @@ def schedule_show():
@crawler_splash.route("/crawlers/schedule/delete", methods=['GET'])
@login_required
@login_analyst
@login_admin
def schedule_delete():
schedule_uuid = request.args.get('uuid')
schedule = crawlers.CrawlerSchedule(schedule_uuid)
@ -235,7 +235,7 @@ def schedule_delete():
@crawler_splash.route("/crawlers/blacklist", methods=['GET'])
@login_required
@login_analyst
@login_admin
def crawler_blacklist():
domain = request.args.get('domain')
if domain:
@ -258,7 +258,7 @@ def crawler_blacklist():
@crawler_splash.route("/crawlers/blacklist/delete", methods=['GET'])
@login_required
@login_analyst
@login_admin
def crawler_blacklist_delete():
domain = request.args.get('domain')
res = crawlers.api_unblacklist_domain({'domain': domain})
@ -540,7 +540,7 @@ def domains_search_languages_get():
@crawler_splash.route('/domains/name/search', methods=['GET'])
@login_required
@login_analyst
@login_user
def domains_search_name():
name = request.args.get('name')
page = request.args.get('page')
@ -565,7 +565,7 @@ def domains_search_name():
@crawler_splash.route('/domains/date', methods=['GET'])
@login_required
@login_analyst
@login_read_only
def domains_search_date():
# TODO sanitize type + date
dom_types = request.args.get('type')
@ -601,7 +601,7 @@ def domains_search_date():
@crawler_splash.route('/domains/date/post', methods=['POST'])
@login_required
@login_analyst
@login_read_only
def domains_search_date_post():
domain_type = request.form.get('type')
date_from = request.form.get('date_from')
@ -614,7 +614,7 @@ def domains_search_date_post():
@crawler_splash.route('/domains/explorer/vanity', methods=['GET'])
@login_required
@login_analyst
@login_read_only
def domains_explorer_vanity_clusters():
nb_min = request.args.get('min', 4)
if int(nb_min) < 0:
@ -625,7 +625,7 @@ def domains_explorer_vanity_clusters():
@crawler_splash.route('/domains/explorer/vanity/explore', methods=['GET'])
@login_required
@login_analyst
@login_read_only
def domains_explorer_vanity_explore():
vanity = request.args.get('vanity')
nb_min = request.args.get('min', 2) # TODO SHOW DOMAINS OPTIONS + HARD CODED DOMAINS LIMIT FOR RENDER
@ -649,14 +649,14 @@ def domains_explorer_vanity_explore():
## Cookiejar ##
@crawler_splash.route('/crawler/cookiejar/add', methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def crawler_cookiejar_add():
return render_template("add_cookiejar.html")
@crawler_splash.route('/crawler/cookiejar/add_post', methods=['POST'])
@login_required
@login_analyst
@login_user_no_api
def crawler_cookiejar_add_post():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -756,7 +756,7 @@ def crawler_cookiejar_cookie_delete():
@crawler_splash.route('/crawler/cookiejar/delete', methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def crawler_cookiejar_delete():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -771,7 +771,7 @@ def crawler_cookiejar_delete():
@crawler_splash.route('/crawler/cookiejar/edit', methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def crawler_cookiejar_edit():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -785,7 +785,7 @@ def crawler_cookiejar_edit():
@crawler_splash.route('/crawler/cookie/edit', methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def crawler_cookiejar_cookie_edit():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -798,7 +798,7 @@ def crawler_cookiejar_cookie_edit():
@crawler_splash.route('/crawler/cookie/edit_post', methods=['POST'])
@login_required
@login_read_only
@login_user_no_api
def crawler_cookiejar_cookie_edit_post():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -831,7 +831,7 @@ def crawler_cookiejar_cookie_edit_post():
@crawler_splash.route('/crawler/cookiejar/cookie/add', methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def crawler_cookiejar_cookie_add():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -845,7 +845,7 @@ def crawler_cookiejar_cookie_add():
@crawler_splash.route('/crawler/cookiejar/cookie/manual_add_post', methods=['POST'])
@login_required
@login_read_only
@login_user_no_api
def crawler_cookiejar_cookie_manual_add_post():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -877,7 +877,7 @@ def crawler_cookiejar_cookie_manual_add_post():
@crawler_splash.route('/crawler/cookiejar/cookie/json_add_post', methods=['POST'])
@login_required
@login_read_only
@login_user_no_api
def crawler_cookiejar_cookie_json_add_post():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -903,7 +903,7 @@ def crawler_cookiejar_cookie_json_add_post():
@crawler_splash.route('/crawler/settings', methods=['GET'])
@login_required
@login_analyst
@login_admin
def crawler_settings():
lacus_url = crawlers.get_lacus_url()
api_key = crawlers.get_hidden_lacus_api_key()

View file

@ -16,7 +16,7 @@ sys.path.append('modules')
import Flask_config
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_user_no_api, login_read_only
from Role_Manager import login_admin, login_coordinator, login_user, login_user_no_api, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -294,7 +294,7 @@ def parse_add_edit_request(request_form):
@hunters.route("/tracker/add", methods=['GET', 'POST'])
@login_required
@login_analyst
@login_user_no_api
def add_tracked_menu():
if request.method == 'POST':
input_dict = parse_add_edit_request(request.form)
@ -356,7 +356,7 @@ def tracker_edit():
@hunters.route('/tracker/delete', methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def tracker_delete():
user_id = current_user.get_user_id()
user_org = current_user.get_org()
@ -396,7 +396,7 @@ def get_json_tracker_graph():
@hunters.route('/tracker/object/add', methods=['GET'])
@login_required
@login_admin
@login_user
def tracker_object_add():
user_id = current_user.get_user_id()
user_org = current_user.get_org()
@ -528,7 +528,7 @@ def retro_hunt_show_task():
@hunters.route('/retro_hunt/add', methods=['GET', 'POST'])
@login_required
@login_analyst
@login_user
def retro_hunt_add_task():
if request.method == 'POST':
level = request.form.get("level", 1)
@ -631,7 +631,7 @@ def retro_hunt_add_task():
@hunters.route('/retro_hunt/task/pause', methods=['GET'])
@login_required
@login_analyst
@login_user
def retro_hunt_pause_task():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -644,7 +644,7 @@ def retro_hunt_pause_task():
@hunters.route('/retro_hunt/task/resume', methods=['GET'])
@login_required
@login_analyst
@login_user
def retro_hunt_resume_task():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -657,7 +657,7 @@ def retro_hunt_resume_task():
@hunters.route('/retro_hunt/task/delete', methods=['GET'])
@login_required
@login_analyst
@login_coordinator
def retro_hunt_delete_task():
user_org = current_user.get_org()
user_id = current_user.get_id()

View file

@ -15,7 +15,7 @@ from flask_login import login_required, current_user
sys.path.append('modules')
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_coordinator, login_read_only, login_user_no_api
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -48,7 +48,7 @@ def create_json_response(data, status_code):
# ============= ROUTES ==============
@import_export.route('/import_export/import')
@login_required
@login_analyst
@login_user_no_api
def import_object():
return render_template("import_object.html")
@ -56,7 +56,7 @@ def import_object():
# TODO
@import_export.route("/import_export/import_file", methods=['POST'])
@login_required
@login_analyst
@login_admin
def import_object_file():
error = None
@ -89,7 +89,7 @@ def import_object_file():
@import_export.route("/misp/objects/export", methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def objects_misp_export():
user_id = current_user.get_user_id()
object_types = ail_core.get_all_objects_with_subtypes_tuple()
@ -99,9 +99,10 @@ def objects_misp_export():
@import_export.route("/misp/objects/export/post", methods=['POST'])
@login_required
@login_analyst
@login_user_no_api
def objects_misp_export_post():
user_id = current_user.get_user_id()
user_role = current_user.get_role()
# Get new added Object
new_export = []
@ -150,6 +151,11 @@ def objects_misp_export_post():
info = request.form.get('misp_event_info')
publish = request.form.get('misp_event_info', False)
# TODO Refactor to use MISP user api key
if user_role != 'admin':
export = False
publish = False
objs = ail_objects.get_objects(objects)
if not objs:
return create_json_response({'error': 'Empty Event, nothing to export'}, 400)
@ -175,7 +181,7 @@ def objects_misp_export_post():
@import_export.route("/misp/objects/export/add", methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def add_object_id_to_export():
user_id = current_user.get_user_id()
obj_type = request.args.get('type')
@ -197,7 +203,7 @@ def add_object_id_to_export():
@import_export.route("/misp/objects/export/delete", methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def delete_object_id_to_export():
user_id = current_user.get_user_id()
obj_type = request.args.get('type')
@ -210,7 +216,7 @@ def delete_object_id_to_export():
@import_export.route("/investigation/misp/export", methods=['GET'])
@login_required
@login_analyst
@login_coordinator
def export_investigation():
investigation_uuid = request.args.get("uuid")
investigation = Investigation(investigation_uuid)
@ -227,7 +233,7 @@ def export_investigation():
@import_export.route("/thehive/objects/case/export", methods=['POST'])
@login_required
@login_analyst
@login_admin
def create_thehive_case():
description = request.form['hive_description']
title = request.form['hive_case_title']

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_user_no_api, login_read_only
sys.path.append('modules')
import Flask_config
@ -77,7 +77,7 @@ def show_investigation():
@investigations_b.route("/investigation/add", methods=['GET', 'POST'])
@login_required
@login_analyst
@login_user_no_api
def add_investigation():
if request.method == 'POST':
user_id = current_user.get_user_id()
@ -119,7 +119,7 @@ def add_investigation():
@investigations_b.route("/investigation/edit", methods=['GET', 'POST'])
@login_required
@login_analyst
@login_user_no_api
def edit_investigation(): # TODO CHECK ACL
if request.method == 'POST':
user_org = current_user.get_org()
@ -171,7 +171,7 @@ def edit_investigation(): # TODO CHECK ACL
@investigations_b.route("/investigation/delete", methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def delete_investigation():
user_org = current_user.get_org()
user_id = current_user.get_user_id()
@ -185,7 +185,7 @@ def delete_investigation():
@investigations_b.route("/investigation/object/register", methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def register_investigation():
user_id = current_user.get_user_id()
user_org = current_user.get_org()
@ -210,7 +210,7 @@ def register_investigation():
@investigations_b.route("/investigation/object/unregister", methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def unregister_investigation():
user_id = current_user.get_user_id()
user_org = current_user.get_org()
@ -245,7 +245,7 @@ def get_object_gid():
#
# @investigations_b.route("/object/item") #completely shows the paste in a new tab
# @login_required
# @login_analyst
# @login_user
# def showItem(): # # TODO: support post
# item_id = request.args.get('id')
# if not item_id or not Item.exist_item(item_id):

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_user_no_api, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -38,7 +38,7 @@ def create_json_response(data, status_code):
# ============= ROUTES ==============
@languages_ui.route("/languages/object/translate", methods=['POST'])
@login_required
@login_read_only
@login_user_no_api
def translate_object():
obj_type = request.form.get('type')
subtype = request.form.get('subtype')
@ -61,7 +61,7 @@ def translate_object():
@languages_ui.route("/languages/object/detect/language", methods=['GET'])
@login_required
@login_read_only
@login_user_no_api
def detect_object_language():
obj_type = request.args.get('type')
subtype = request.args.get('subtype')

View file

@ -12,7 +12,7 @@ from flask import render_template, jsonify, request, Blueprint, redirect, url_fo
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -35,7 +35,7 @@ objects_decoded = Blueprint('objects_decoded', __name__,
# ============= ROUTES ==============
@objects_decoded.route("/object/decodeds", methods=['GET', 'POST'])
@objects_decoded.route("/objects/decodeds", methods=['GET', 'POST'])
@login_required
@login_read_only
def decodeds_dashboard():
@ -80,15 +80,14 @@ def decodeds_dashboard():
algos=Decodeds.get_algos(), show_decoded=show_decoded,
mimetypes=Decodeds.get_all_mimetypes())
@objects_decoded.route("/object/decodeds/search", methods=['POST'])
@objects_decoded.route("/objects/decodeds/search", methods=['POST'])
@login_required
@login_read_only
def decodeds_search():
decoded_id = request.form.get('object_id')
print(decoded_id)
return redirect(url_for('correlation.show_correlation', type='decoded', id=decoded_id))
@objects_decoded.route("/object/decoded/download")
@objects_decoded.route("/objects/decoded/download")
@login_required
@login_read_only
def decoded_download():
@ -105,7 +104,7 @@ def decoded_download():
abort(404)
@objects_decoded.route("/object/decoded/send_to_vt")
@objects_decoded.route("/objects/decoded/send_to_vt")
@login_required
@login_read_only
def send_to_vt():
@ -121,7 +120,7 @@ def send_to_vt():
abort(404)
@objects_decoded.route("/object/decoded/refresh_vt_report")
@objects_decoded.route("/objects/decoded/refresh_vt_report")
@login_required
@login_read_only
def refresh_vt_report():
@ -138,7 +137,7 @@ def refresh_vt_report():
# TODO
@objects_decoded.route("/object/decoded/algo_pie_chart/json", methods=['GET'])
@objects_decoded.route("/objects/decoded/algo_pie_chart/json", methods=['GET'])
@login_required
@login_read_only
def decoder_pie_chart_json():
@ -148,7 +147,7 @@ def decoder_pie_chart_json():
return jsonify(Decodeds.api_pie_chart_decoder_json(date_from, date_to, mimetype))
# TODO
@objects_decoded.route("/object/decoded/mimetype_pie_chart/json", methods=['GET'])
@objects_decoded.route("/objects/decoded/mimetype_pie_chart/json", methods=['GET'])
@login_required
@login_read_only
def mimetype_pie_chart_json():
@ -157,7 +156,7 @@ def mimetype_pie_chart_json():
algo = request.args.get('algo')
return jsonify(Decodeds.api_pie_chart_mimetype_json(date_from, date_to, algo))
@objects_decoded.route("/object/decoded/barchart/json", methods=['GET'])
@objects_decoded.route("/objects/decoded/barchart/json", methods=['GET'])
@login_required
@login_read_only
def barchart_json():
@ -166,7 +165,7 @@ def barchart_json():
mimetype = request.args.get('mimetype')
return jsonify(Decodeds.api_barchart_range_json(date_from, date_to , mimetype))
@objects_decoded.route("/object/decoded/graphline/json", methods=['GET'])
@objects_decoded.route("/objects/decoded/graphline/json", methods=['GET'])
@login_required
@login_read_only
def graphline_json():

View file

@ -12,7 +12,7 @@ from flask import render_template, jsonify, request, Blueprint, redirect, url_fo
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -12,7 +12,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only, no_cache
from Role_Manager import login_admin, login_read_only, no_cache
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -12,7 +12,7 @@ from flask import render_template, jsonify, request, Blueprint, redirect, url_fo
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -12,7 +12,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only, no_cache
from Role_Manager import login_admin, login_read_only, no_cache
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only, no_cache
from Role_Manager import login_admin, login_user, login_read_only, no_cache
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -58,7 +58,7 @@ def screenshot(filename):
s = Screenshot(filename)
return send_from_directory(SCREENSHOT_FOLDER, s.get_rel_path(add_extension=True), as_attachment=False, mimetype='image')
@objects_item.route("/object/item")
@objects_item.route("/objects/item")
@login_required
@login_read_only
def showItem(): # # TODO: support post
@ -106,7 +106,7 @@ def showItem(): # # TODO: support post
## Dynamic Path FIX
@objects_item.route("/object/item/html2text")
@objects_item.route("/objects/item/html2text")
@login_required
@login_read_only
def html2text(): # # TODO: support post
@ -116,7 +116,7 @@ def html2text(): # # TODO: support post
item = Item(item_id)
return item.get_html2text_content()
@objects_item.route("/object/item/raw_content")
@objects_item.route("/objects/item/raw_content")
@login_required
@login_read_only
def item_raw_content(): # # TODO: support post
@ -126,7 +126,7 @@ def item_raw_content(): # # TODO: support post
item = Item(item_id)
return Response(item.get_content(), mimetype='text/plain')
@objects_item.route("/object/item/download")
@objects_item.route("/objects/item/download")
@login_required
@login_read_only
def item_download(): # # TODO: support post
@ -136,7 +136,7 @@ def item_download(): # # TODO: support post
item = Item(item_id)
return send_file(item.get_raw_content(), download_name=item_id, as_attachment=True)
@objects_item.route("/object/item/content/more")
@objects_item.route("/objects/item/content/more")
@login_required
@login_read_only
def item_content_more():
@ -146,9 +146,9 @@ def item_content_more():
to_return = item_content[max_preview_modal-1:]
return to_return
@objects_item.route("/object/item/diff")
@objects_item.route("/objects/item/diff")
@login_required
@login_analyst
@login_user
def object_item_diff():
id1 = request.args.get('s1', '')
id2 = request.args.get('s2', '')
@ -166,7 +166,7 @@ def object_item_diff():
diff = htmldiff.make_file(lines1, lines2)
return diff
@objects_item.route("/object/item/preview")
@objects_item.route("/objects/item/preview")
@login_required
@login_read_only
def item_preview():

View file

@ -15,7 +15,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only, no_cache
from Role_Manager import login_admin, login_read_only, no_cache
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_user, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -75,7 +75,7 @@ def objects_title_range_json():
@objects_title.route("/objects/title/search_post", methods=['POST'])
@login_required
@login_analyst
@login_user
def objects_title_search_post():
to_search = request.form.get('to_search')
search_type = request.form.get('search_type', 'id')
@ -92,7 +92,7 @@ def objects_title_search_post():
@objects_title.route("/objects/title/search", methods=['GET'])
@login_required
@login_analyst
@login_user
def objects_title_search():
to_search = request.args.get('search')
type_to_search = request.args.get('search_type', 'id')

View file

@ -12,7 +12,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
# ============ BLUEPRINT ============
old_endpoints = Blueprint('old_endpoints', __name__, template_folder=os.path.join(os.environ['AIL_FLASK'], 'templates'))

View file

@ -19,7 +19,7 @@ from blueprints.settings_b import create_json_response
sys.path.append('modules')
# Import Role_Manager
from Role_Manager import login_admin, login_analyst
from Role_Manager import login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -308,6 +308,6 @@ def role():
@root.route('/searchbox/')
@login_required
@login_analyst
@login_read_only
def searchbox():
return render_template("searchbox.html")

View file

@ -13,7 +13,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_user, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -162,7 +162,7 @@ def user_otp_reset(): # TODO ask for password ?
@settings_b.route("/settings/user/api_key/new", methods=['GET'])
@login_required
@login_read_only
@login_user
def new_token_user_self():
user_id = current_user.get_user_id()
r = ail_users.api_create_user_api_key_self(user_id, request.remote_addr)

View file

@ -15,7 +15,7 @@ sys.path.append('modules')
import Flask_config
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_user_no_api, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@ -57,7 +57,7 @@ def tags_taxonomy():
@tags_ui.route('/tag/taxonomy/enable')
@login_required
@login_read_only
@login_admin
def taxonomy_enable():
taxonomy = request.args.get('taxonomy')
res = Tag.api_enable_taxonomy_tags({'taxonomy': taxonomy})
@ -68,7 +68,7 @@ def taxonomy_enable():
@tags_ui.route('/tag/taxonomy/disable')
@login_required
@login_read_only
@login_admin
def taxonomy_disable():
taxonomy = request.args.get('taxonomy')
res = Tag.api_disable_taxonomy_tags({'taxonomy': taxonomy})
@ -79,7 +79,7 @@ def taxonomy_disable():
@tags_ui.route('/tag/taxonomy/enable_tags')
@login_required
@login_read_only
@login_admin
def taxonomy_enable_tags():
taxonomy = request.args.get('taxonomy')
tags = request.args.getlist('tags')
@ -119,7 +119,7 @@ def tags_galaxy_tag():
@tags_ui.route('/tag/galaxy/enable')
@login_required
@login_read_only
@login_admin
def galaxy_enable():
galaxy = request.args.get('galaxy')
res = Tag.api_enable_galaxy_tags({'galaxy': galaxy})
@ -130,7 +130,7 @@ def galaxy_enable():
@tags_ui.route('/tag/galaxy/disable')
@login_required
@login_read_only
@login_admin
def galaxy_disable():
galaxy = request.args.get('galaxy')
res = Tag.api_disable_galaxy_tags({'galaxy': galaxy})
@ -141,7 +141,7 @@ def galaxy_disable():
@tags_ui.route('/tag/galaxy/enable_tags')
@login_required
@login_read_only
@login_admin
def galaxy_enable_tags():
galaxy = request.args.get('galaxy')
tags = request.args.getlist('tags')
@ -160,7 +160,7 @@ def get_all_tags_enabled():
@tags_ui.route('/tag/confirm')
@login_required
@login_read_only
@login_user_no_api
def tag_confirm():
tag = request.args.get('tag')
obj_type = request.args.get('type')
@ -178,7 +178,7 @@ def tag_confirm():
@tags_ui.route('/tag/add_tags')
@login_required
@login_analyst
@login_user_no_api
def add_tags():
tags = request.args.get('tags')
@ -203,7 +203,7 @@ def add_tags():
@tags_ui.route('/tag/delete_tag') # TODO FIX REQUEST PARAMETER
@login_required
@login_analyst
@login_user_no_api
def delete_tag():
object_type = request.args.get('type')
subtype = request.args.get('subtype', '')
@ -406,7 +406,7 @@ def get_obj_by_tags():
@tags_ui.route("/tags/auto_push")
@login_required
@login_analyst
@login_admin
def auto_push():
# TODO CHECK if misp or the hive connected
@ -420,7 +420,7 @@ def auto_push():
@tags_ui.route("/tags/auto_push_post", methods=['POST'])
@login_required
@login_analyst
@login_admin
def auto_push_post():
tag_enabled_misp = request.form.getlist('tag_enabled_misp')
tag_enabled_hive = request.form.getlist('tag_enabled_hive')
@ -430,28 +430,28 @@ def auto_push_post():
@tags_ui.route("/tags/auto_push/misp/enable")
@login_required
@login_analyst
@login_admin
def enable_misp_auto_push():
Tag.enable_auto_push('misp')
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/misp/disable")
@login_required
@login_analyst
@login_admin
def disable_misp_auto_push():
Tag.disable_auto_push('misp')
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/thehive/enable")
@login_required
@login_analyst
@login_admin
def enable_hive_auto_push():
Tag.enable_auto_push('thehive')
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/thehive/disable")
@login_required
@login_analyst
@login_admin
def disable_hive_auto_push():
Tag.disable_auto_push('thehive')
return redirect(url_for('tags_ui.auto_push'))

View file

@ -18,7 +18,7 @@ from functools import wraps
# Flask
from flask import render_template, jsonify, request, Blueprint, url_for, redirect, abort
from Role_Manager import login_admin, login_analyst
from Role_Manager import login_admin, login_user_no_api
from flask_login import login_required
@ -93,7 +93,7 @@ def clean_filename(filename, whitelist=valid_filename_chars, replace=' '):
@PasteSubmit.route("/PasteSubmit/", methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def PasteSubmit_page():
# Get all active tags/galaxy
active_taxonomies = Tag.get_active_taxonomies()
@ -108,7 +108,7 @@ def PasteSubmit_page():
@PasteSubmit.route("/PasteSubmit/submit", methods=['POST'])
@login_required
@login_analyst
@login_user_no_api
@limit_content_length()
def submit():
logger.debug('submit')
@ -234,7 +234,7 @@ def submit():
@PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET'])
@login_required
@login_analyst
@login_user_no_api
def submit_status():
UUID = request.args.get('UUID')

View file

@ -41,12 +41,12 @@ def login_admin(func):
return func(*args, **kwargs)
return decorated_view
def login_analyst(func):
def login_coordinator(func):
@wraps(func)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated:
return login_manager.unauthorized()
elif not current_user.is_in_role('analyst'):
elif not current_user.is_in_role('coordinator'):
return login_manager.unauthorized()
return func(*args, **kwargs)
return decorated_view

View file

@ -13,7 +13,7 @@ import flask
from flask import Flask, render_template, jsonify, request, Blueprint, url_for, stream_with_context
from Role_Manager import login_admin, login_analyst, login_read_only
from Role_Manager import login_admin, login_read_only
from flask_login import login_required
sys.path.append(os.environ['AIL_BIN'])

View file

@ -10,7 +10,7 @@ import datetime
import flask
from flask import Flask, render_template, jsonify, request, Blueprint
from Role_Manager import login_admin, login_analyst
from Role_Manager import login_admin, login_user_no_api
from flask_login import login_required
from whoosh import index
@ -98,7 +98,7 @@ def to_iso_date(timestamp):
@searches.route("/search", methods=['POST'])
@login_required
@login_analyst
@login_user_no_api
def search():
query = request.form['query']
q = []
@ -176,7 +176,7 @@ def search():
@searches.route("/get_more_search_result", methods=['POST'])
@login_required
@login_analyst
@login_user_no_api
def get_more_search_result():
query = request.form['query']
q = []

View file

@ -11,7 +11,7 @@
# import flask
# from flask import Flask, render_template, jsonify, request, Blueprint
#
# from Role_Manager import login_admin, login_analyst, login_read_only
# from Role_Manager import login_admin, login_read_only
# from flask_login import login_required
#
# sys.path.append(os.environ['AIL_BIN'])

View file

@ -10,7 +10,7 @@
# import flask
# from flask import Flask, render_template, jsonify, request, Blueprint
#
# from Role_Manager import login_admin, login_analyst, login_read_only
# from Role_Manager import login_admin, login_read_only
# from flask_login import login_required
#
# sys.path.append(os.environ['AIL_BIN'])

View file

@ -10,7 +10,7 @@
# import flask
# from flask import Flask, render_template, jsonify, request, Blueprint
#
# from Role_Manager import login_admin, login_analyst, login_read_only
# from Role_Manager import login_admin, login_read_only
# from flask_login import login_required
#
# sys.path.append(os.environ['AIL_BIN'])