c_meyer/KasperskyLab-TinyCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: c_meyer:main
Branches Tags
c_meyer:main
c_meyer:pixeebot/drip-2024-06-15-pixee-python/secure-random
c_meyer:pixeebot/drip-2024-05-30-pixee-python/add-requests-timeouts
c_meyer:pixeebot/drip-2024-05-02-pixee-python/requests-verify
c_meyer:pixeebot/drip-2024-04-16-pixee-python/limit-readline
c_meyer:ablesov/fix_field_name
c_meyer:imgbot
c_meyer:ablesov/add_diagnostics_script
c_meyer:ablesov/pwd_compare_fix
c_meyer:ablesov/fix_requirements
c_meyer:ablesov/fix_tinycheck_installation
c_meyer:opencti
c_meyer:dev
c_meyer:update-feature
c_meyer:v0.7-test
c_meyer:v0.6-test
c_meyer:v0.5-test
c_meyer:v0.4-test
c_meyer:v0.3-test
c_meyer:v0.2-test
c_meyer:v0.1-test
...
pull from: c_meyer:pixeebot/drip-2024-05-30-pixee-python/add-requests-timeouts
Branches Tags
c_meyer:main
c_meyer:pixeebot/drip-2024-06-15-pixee-python/secure-random
c_meyer:pixeebot/drip-2024-05-30-pixee-python/add-requests-timeouts
c_meyer:pixeebot/drip-2024-05-02-pixee-python/requests-verify
c_meyer:pixeebot/drip-2024-04-16-pixee-python/limit-readline
c_meyer:ablesov/fix_field_name
c_meyer:imgbot
c_meyer:ablesov/add_diagnostics_script
c_meyer:ablesov/pwd_compare_fix
c_meyer:ablesov/fix_requirements
c_meyer:ablesov/fix_tinycheck_installation
c_meyer:opencti
c_meyer:dev
c_meyer:update-feature
c_meyer:v0.7-test
c_meyer:v0.6-test
c_meyer:v0.5-test
c_meyer:v0.4-test
c_meyer:v0.3-test
c_meyer:v0.2-test
c_meyer:v0.1-test

1 Commits
main ... pixeebot/d

Author SHA1 Message Date
pixeebot[bot]
0a636e4a76
Add timeout to requests calls 2024-05-30 21:28:43 +00:00
2 changed files with 231 additions and 231 deletions
Show Stats Expand all files Collapse all files

298
server/backend/watchers.py
View File

@ -1,149 +1,149 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from app.utils import read_config
from app.classes.iocs import IOCs
from app.classes.whitelist import WhiteList
from app.classes.misp import MISP
import requests
import json
import urllib3
import time
from multiprocessing import Process
"""
This file is parsing the watchers present
in the configuration file. This in order to get
automatically new iocs / elements from remote
sources without user interaction.
"""
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def watch_iocs():
"""
Retrieve IOCs from the remote URLs defined in config/watchers.
For each IOC, add it to the DB.
"""
# Retrieve the URLs from the configuration
urls = read_config(("watchers", "iocs"))
watchers = [{"url": url, "status": False} for url in urls]
while True:
for w in watchers:
if w["status"] == False:
iocs = IOCs()
iocs_list = []
to_delete = []
try:
res = requests.get(w["url"], verify=False)
if res.status_code == 200:
content = json.loads(res.content)
iocs_list = content["iocs"] if "iocs" in content else []
to_delete = content["to_delete"] if "to_delete" in content else []
else:
w["status"] = False
except:
w["status"] = False
for ioc in iocs_list:
try:
iocs.add(ioc["type"], ioc["tag"],
ioc["tlp"], ioc["value"], "watcher")
w["status"] = True
except:
continue
for ioc in to_delete:
try:
iocs.delete_by_value(ioc["value"])
w["status"] = True
except:
continue
# If at least one URL haven't be parsed, let's retry in 1min.
if False in [w["status"] for w in watchers]:
time.sleep(60)
else:
break
def watch_whitelists():
"""
Retrieve whitelist elements from the remote URLs
defined in config/watchers. For each (new ?) element,
add it to the DB.
"""
urls = read_config(("watchers", "whitelists"))
watchers = [{"url": url, "status": False} for url in urls]
while True:
for w in watchers:
if w["status"] == False:
whitelist = WhiteList()
elements = []
to_delete = []
try:
res = requests.get(w["url"], verify=False)
if res.status_code == 200:
content = json.loads(res.content)
elements = content["elements"] if "elements" in content else []
to_delete = content["to_delete"] if "to_delete" in content else []
else:
w["status"] = False
except:
w["status"] = False
for elem in elements:
try:
whitelist.add(elem["type"], elem["element"], "watcher")
w["status"] = True
except:
continue
for elem in to_delete:
try:
whitelist.delete_by_value(elem["element"])
w["status"] = True
except:
continue
if False in [w["status"] for w in watchers]:
time.sleep(60)
else:
break
def watch_misp():
"""
Retrieve IOCs from misp instances. Each new element is
tested and then added to the database.
"""
iocs, misp = IOCs(), MISP()
instances = [i for i in misp.get_instances()]
while instances:
for i, ist in enumerate(instances):
status = misp.test_instance(ist["url"],
ist["apikey"],
ist["verifycert"])
if status:
for ioc in misp.get_iocs(ist["id"]):
iocs.add(ioc["type"], ioc["tag"], ioc["tlp"],
ioc["value"], "misp-{}".format(ist["id"]))
misp.update_sync(ist["id"])
instances.pop(i)
if instances: time.sleep(60)
p1 = Process(target=watch_iocs)
p2 = Process(target=watch_whitelists)
p3 = Process(target=watch_misp)
p1.start()
p2.start()
p3.start()
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from app.utils import read_config
from app.classes.iocs import IOCs
from app.classes.whitelist import WhiteList
from app.classes.misp import MISP
import requests
import json
import urllib3
import time
from multiprocessing import Process
"""
This file is parsing the watchers present
in the configuration file. This in order to get
automatically new iocs / elements from remote
sources without user interaction.
"""
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def watch_iocs():
"""
Retrieve IOCs from the remote URLs defined in config/watchers.
For each IOC, add it to the DB.
"""
# Retrieve the URLs from the configuration
urls = read_config(("watchers", "iocs"))
watchers = [{"url": url, "status": False} for url in urls]
while True:
for w in watchers:
if w["status"] == False:
iocs = IOCs()
iocs_list = []
to_delete = []
try:
res = requests.get(w["url"], verify=False, timeout=60)
if res.status_code == 200:
content = json.loads(res.content)
iocs_list = content["iocs"] if "iocs" in content else []
to_delete = content["to_delete"] if "to_delete" in content else []
else:
w["status"] = False
except:
w["status"] = False
for ioc in iocs_list:
try:
iocs.add(ioc["type"], ioc["tag"],
ioc["tlp"], ioc["value"], "watcher")
w["status"] = True
except:
continue
for ioc in to_delete:
try:
iocs.delete_by_value(ioc["value"])
w["status"] = True
except:
continue
# If at least one URL haven't be parsed, let's retry in 1min.
if False in [w["status"] for w in watchers]:
time.sleep(60)
else:
break
def watch_whitelists():
"""
Retrieve whitelist elements from the remote URLs
defined in config/watchers. For each (new ?) element,
add it to the DB.
"""
urls = read_config(("watchers", "whitelists"))
watchers = [{"url": url, "status": False} for url in urls]
while True:
for w in watchers:
if w["status"] == False:
whitelist = WhiteList()
elements = []
to_delete = []
try:
res = requests.get(w["url"], verify=False, timeout=60)
if res.status_code == 200:
content = json.loads(res.content)
elements = content["elements"] if "elements" in content else []
to_delete = content["to_delete"] if "to_delete" in content else []
else:
w["status"] = False
except:
w["status"] = False
for elem in elements:
try:
whitelist.add(elem["type"], elem["element"], "watcher")
w["status"] = True
except:
continue
for elem in to_delete:
try:
whitelist.delete_by_value(elem["element"])
w["status"] = True
except:
continue
if False in [w["status"] for w in watchers]:
time.sleep(60)
else:
break
def watch_misp():
"""
Retrieve IOCs from misp instances. Each new element is
tested and then added to the database.
"""
iocs, misp = IOCs(), MISP()
instances = [i for i in misp.get_instances()]
while instances:
for i, ist in enumerate(instances):
status = misp.test_instance(ist["url"],
ist["apikey"],
ist["verifycert"])
if status:
for ioc in misp.get_iocs(ist["id"]):
iocs.add(ioc["type"], ioc["tag"], ioc["tlp"],
ioc["value"], "misp-{}".format(ist["id"]))
misp.update_sync(ist["id"])
instances.pop(i)
if instances: time.sleep(60)
p1 = Process(target=watch_iocs)
p2 = Process(target=watch_whitelists)
p3 = Process(target=watch_misp)
p1.start()
p2.start()
p3.start()

164
server/frontend/app/classes/update.py
View File

@ -1,82 +1,82 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from app.utils import read_config
import subprocess as sp
import requests
import json
import os
import re
class Update(object):
def __init__(self):
self.project_url = "https://api.github.com/repos/KasperskyLab/TinyCheck/tags"
self.app_path = "/usr/share/tinycheck"
return None
def check_version(self):
"""
Check if a new version of TinyCheck is available
by quering the Github api and comparing the last
tag inside the VERSION file.
:return: dict containing the available versions.
"""
if read_config(("frontend", "update")):
try:
res = requests.get(self.project_url)
res = json.loads(res.content.decode("utf8"))
with open(os.path.join(self.app_path, "VERSION")) as f:
cv = f.read()
if cv != res[0]["name"]:
return {"status": True,
"message": "A new version is available",
"current_version": cv,
"next_version": res[0]["name"]}
else:
return {"status": True,
"message": "This is the latest version",
"current_version": cv}
except:
return {"status": False,
"message": "Something went wrong (no API access nor version file)"}
else:
return {"status": False,
"message": "You don't have rights to do this operation."}
def get_current_version(self):
"""
Get the current version of the TinyCheck instance
:return: dict containing the current version or error.
"""
if read_config(("frontend", "update")):
try:
with open(os.path.join(self.app_path, "VERSION")) as f:
return {"status": True,
"current_version": f.read()}
except:
return {"status": False,
"message": "Something went wrong - no version file ?"}
else:
return {"status": False,
"message": "You don't have rights to do this operation."}
def update_instance(self):
"""
Update the instance by executing the update script.
:return: dict containing the update status.
"""
if read_config(("frontend", "update")):
try:
os.chdir(self.app_path)
sp.Popen(["bash", os.path.join(self.app_path, "update.sh")])
return {"status": True,
"message": "Update successfully launched"}
except:
return {"status": False,
"message": "Issue during the update"}
else:
return {"status": False,
"message": "You don't have rights to do this operation."}
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from app.utils import read_config
import subprocess as sp
import requests
import json
import os
import re
class Update(object):
def __init__(self):
self.project_url = "https://api.github.com/repos/KasperskyLab/TinyCheck/tags"
self.app_path = "/usr/share/tinycheck"
return None
def check_version(self):
"""
Check if a new version of TinyCheck is available
by quering the Github api and comparing the last
tag inside the VERSION file.
:return: dict containing the available versions.
"""
if read_config(("frontend", "update")):
try:
res = requests.get(self.project_url, timeout=60)
res = json.loads(res.content.decode("utf8"))
with open(os.path.join(self.app_path, "VERSION")) as f:
cv = f.read()
if cv != res[0]["name"]:
return {"status": True,
"message": "A new version is available",
"current_version": cv,
"next_version": res[0]["name"]}
else:
return {"status": True,
"message": "This is the latest version",
"current_version": cv}
except:
return {"status": False,
"message": "Something went wrong (no API access nor version file)"}
else:
return {"status": False,
"message": "You don't have rights to do this operation."}
def get_current_version(self):
"""
Get the current version of the TinyCheck instance
:return: dict containing the current version or error.
"""
if read_config(("frontend", "update")):
try:
with open(os.path.join(self.app_path, "VERSION")) as f:
return {"status": True,
"current_version": f.read()}
except:
return {"status": False,
"message": "Something went wrong - no version file ?"}
else:
return {"status": False,
"message": "You don't have rights to do this operation."}
def update_instance(self):
"""
Update the instance by executing the update script.
:return: dict containing the update status.
"""
if read_config(("frontend", "update")):
try:
os.chdir(self.app_path)
sp.Popen(["bash", os.path.join(self.app_path, "update.sh")])
return {"status": True,
"message": "Update successfully launched"}
except:
return {"status": False,
"message": "Issue during the update"}
else:
return {"status": False,
"message": "You don't have rights to do this operation."}