Главная Обзор Помощь
Войти
tum
/
soc
Следить 1
В избранное 0
Ответвить 0
Код Обсуждения 0 Запросы на слияние 0 Коммиты 35 Релизы 0 Вики

Нет описания

Дерево: 395c5c7e78
Ветки Метки
soc
/
iris-web
/
source
/
app
/
business
/
assets.py

assets.py 6.7KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. #  IRIS Source Code
    2. 

  2. #  Copyright (C) 2024 - DFIR-IRIS
    3. 

  3. #  contact@dfir-iris.org
    4. 

  4. #
    5. 

  5. #  This program is free software; you can redistribute it and/or
    6. 

  6. #  modify it under the terms of the GNU Lesser General Public
    7. 

  7. #  License as published by the Free Software Foundation; either
    8. 

  8. #  version 3 of the License, or (at your option) any later version.
    9. 

  9. #
    10. 

  10. #  This program is distributed in the hope that it will be useful,
    11. 

  11. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    13. 

  13. #  Lesser General Public License for more details.
    14. 

  14. #
    15. 

  15. #  You should have received a copy of the GNU Lesser General Public License
    16. 

  16. #  along with this program; if not, write to the Free Software Foundation,
    17. 

  17. #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
    18. 

  18. 

  19. from flask_login import current_user
    20. 

  20. from marshmallow.exceptions import ValidationError
    21. 

  21. from flask_sqlalchemy.pagination import Pagination
    22. 

  22. 

  23. from app import db
    24. 

  24. from app.business.errors import BusinessProcessingError
    25. 

  25. from app.business.errors import ObjectNotFoundError
    26. 

  26. from app.business.cases import cases_exists
    27. 

  27. from app.datamgmt.case.case_db import get_case_client_id
    28. 

  28. from app.datamgmt.manage.manage_users_db import get_user_cases_fast
    29. 

  29. from app.datamgmt.states import get_assets_state
    30. 

  30. from app.datamgmt.states import update_assets_state
    31. 

  31. from app.models.models import CaseAssets
    32. 

  32. from app.models.pagination_parameters import PaginationParameters
    33. 

  33. from app.datamgmt.case.case_assets_db import get_asset
    34. 

  34. from app.datamgmt.case.case_assets_db import get_assets
    35. 

  35. from app.datamgmt.case.case_assets_db import filter_assets
    36. 

  36. from app.datamgmt.case.case_assets_db import get_assets_ioc_links
    37. 

  37. from app.datamgmt.case.case_assets_db import get_similar_assets
    38. 

  38. from app.datamgmt.case.case_assets_db import case_assets_db_exists
    39. 

  39. from app.datamgmt.case.case_assets_db import create_asset
    40. 

  40. from app.datamgmt.case.case_assets_db import set_ioc_links
    41. 

  41. from app.datamgmt.case.case_assets_db import get_linked_iocs_finfo_from_asset
    42. 

  42. from app.datamgmt.case.case_assets_db import delete_asset
    43. 

  43. from app.iris_engine.module_handler.module_handler import call_modules_hook
    44. 

  44. from app.iris_engine.utils.tracker import track_activity
    45. 

  45. from app.schema.marshables import CaseAssetsSchema
    46. 

  46. 

  47. 

  48. def _load(request_data, **kwargs):
    49. 

  49.     try:
    50. 

  50.         add_assets_schema = CaseAssetsSchema()
    51. 

  51.         return add_assets_schema.load(request_data, **kwargs)
    52. 

  52.     except ValidationError as e:
    53. 

  53.         raise BusinessProcessingError('Data error', data=e.messages)
    54. 

  54. 

  55. 

  56. def assets_create(case_identifier, request_json):
    57. 

  57.     request_data = call_modules_hook('on_preload_asset_create', data=request_json, caseid=case_identifier)
    58. 

  58.     asset = _load(request_data)
    59. 

  59.     asset.case_id = case_identifier
    60. 

  60. 

  61.     if case_assets_db_exists(asset):
    62. 

  62.         raise BusinessProcessingError('Asset with same value and type already exists')
    63. 

  63.     asset = create_asset(asset=asset, caseid=case_identifier, user_id=current_user.id)
    64. 

  64.     # TODO should the custom attributes be set?
    65. 

  65.     if request_data.get('ioc_links'):
    66. 

  66.         errors, _ = set_ioc_links(request_data.get('ioc_links'), asset.asset_id)
    67. 

  67.         if errors:
    68. 

  68.             raise BusinessProcessingError('Encountered errors while linking IOC. Asset has still been created.')
    69. 

  69.     asset = call_modules_hook('on_postload_asset_create', data=asset, caseid=case_identifier)
    70. 

  70.     if asset:
    71. 

  71.         track_activity(f'added asset "{asset.asset_name}"', caseid=case_identifier)
    72. 

  72.         return 'Asset added', asset
    73. 

  73. 

  74.     raise BusinessProcessingError('Unable to create asset for internal reasons')
    75. 

  75. 

  76. 

  77. def assets_delete(asset: CaseAssets):
    78. 

  78.     call_modules_hook('on_preload_asset_delete', data=asset.asset_id)
    79. 

  79.     # Deletes an asset and the potential links with the IoCs from the database
    80. 

  80.     delete_asset(asset)
    81. 

  81.     call_modules_hook('on_postload_asset_delete', data=asset.asset_id, caseid=asset.case_id)
    82. 

  82.     track_activity(f'removed asset ID {asset.asset_name}', caseid=asset.case_id)
    83. 

  83. 

  84. 

  85. def assets_get(identifier) -> CaseAssets:
    86. 

  86.     asset = get_asset(identifier)
    87. 

  87.     if not asset:
    88. 

  88.         raise ObjectNotFoundError()
    89. 

  89. 

  90.     return asset
    91. 

  91. 

  92. 

  93. def assets_get_detailed(identifier):
    94. 

  94.     asset = assets_get(identifier)
    95. 

  95. 

  96.     # TODO this is a code smell: shouldn't have schemas in the business layer + the CaseAssetsSchema is instantiated twice
    97. 

  97.     case_assets_schema = CaseAssetsSchema()
    98. 

  98.     data = case_assets_schema.dump(asset)
    99. 

  99. 

  100.     asset_iocs = get_linked_iocs_finfo_from_asset(identifier)
    101. 

  101.     data['linked_ioc'] = [row._asdict() for row in asset_iocs]
    102. 

  102.     return data
    103. 

  103. 

  104. 

  105. def get_assets_case(case_identifier):
    106. 

  106.     assets = get_assets(case_identifier)
    107. 

  107.     customer_id = get_case_client_id(case_identifier)
    108. 

  108. 

  109.     ret = {'assets': []}
    110. 

  110. 

  111.     ioc_links_req = get_assets_ioc_links(case_identifier)
    112. 

  112. 

  113.     cache_ioc_link = {}
    114. 

  114.     for ioc in ioc_links_req:
    115. 

  115. 

  116.         if ioc.asset_id not in cache_ioc_link:
    117. 

  117.             cache_ioc_link[ioc.asset_id] = [ioc._asdict()]
    118. 

  118.         else:
    119. 

  119.             cache_ioc_link[ioc.asset_id].append(ioc._asdict())
    120. 

  120. 

  121.     cases_access = get_user_cases_fast(current_user.id)
    122. 

  122. 

  123.     for asset in assets:
    124. 

  124.         asset = asset._asdict()
    125. 

  125. 

  126.         if len(assets) < 300:
    127. 

  127.             # Find similar assets from other cases with the same customer
    128. 

  128.             asset['link'] = list(get_similar_assets(
    129. 

  129.                 asset['asset_name'], asset['asset_type_id'], case_identifier, customer_id, cases_access))
    130. 

  130.         else:
    131. 

  131.             asset['link'] = []
    132. 

  132. 

  133.         asset['ioc_links'] = cache_ioc_link.get(asset['asset_id'])
    134. 

  134. 

  135.         ret['assets'].append(asset)
    136. 

  136. 

  137.     ret['state'] = get_assets_state(case_identifier)
    138. 

  138.     return ret
    139. 

  139. 

  140. 

  141. def assets_filter(case_identifier, pagination_parameters: PaginationParameters) -> Pagination:
    142. 

  142.     if not cases_exists(case_identifier):
    143. 

  143.         raise ObjectNotFoundError()
    144. 

  144.     return filter_assets(case_identifier, pagination_parameters)
    145. 

  145. 

  146. 

  147. def assets_update(asset: CaseAssets, request_json):
    148. 

  148.     caseid = asset.case_id
    149. 

  149.     request_data = call_modules_hook('on_preload_asset_update', data=request_json, caseid=caseid)
    150. 

  150. 

  151.     request_data['asset_id'] = asset.asset_id
    152. 

  152. 

  153.     asset_schema = _load(request_data, instance=asset)
    154. 

  154. 

  155.     if case_assets_db_exists(asset_schema):
    156. 

  156.         raise BusinessProcessingError('Data error', data='Asset with same value and type already exists')
    157. 

  157. 

  158.     update_assets_state(caseid=caseid)
    159. 

  159.     db.session.commit()
    160. 

  160. 

  161.     if hasattr(asset_schema, 'ioc_links'):
    162. 

  162.         errors, _ = set_ioc_links(asset_schema.ioc_links, asset.asset_id)
    163. 

  163.         if errors:
    164. 

  164.             raise BusinessProcessingError('Encountered errors while linking IOC. Asset has still been updated.')
    165. 

  165. 

  166.     asset_schema = call_modules_hook('on_postload_asset_update', data=asset_schema, caseid=caseid)
    167. 

  167. 

  168.     if asset_schema:
    169. 

  169.         track_activity(f'updated asset "{asset_schema.asset_name}"', caseid=caseid)
    170. 

  170.         return asset_schema
    171. 

  171. 

  172.     raise BusinessProcessingError('Unable to update asset for internal reasons')
    173. 

  173.