forked from certsocietegenerale/FIR
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathartifacts.py
More file actions
executable file
·129 lines (95 loc) · 3.68 KB
/
artifacts.py
File metadata and controls
executable file
·129 lines (95 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import re
from django import template
from django.template.loader import get_template
from django.template import RequestContext
register = template.Library()
INSTALLED_ARTIFACTS = dict()
def install(artifact_class):
INSTALLED_ARTIFACTS[artifact_class.key] = artifact_class
def find(data):
from fir_artifacts.models import ArtifactBlacklistItem
result = dict()
for key in INSTALLED_ARTIFACTS:
blacklist = ArtifactBlacklistItem.objects.filter(type=key).values_list('value', flat=True)
values = INSTALLED_ARTIFACTS[key].find(data)
values = [v for v in values if v not in blacklist]
result[key] = values
return result
def after_save(type, value, event):
return INSTALLED_ARTIFACTS[type].after_save(value, event)
def incs_for_art(art_string):
from fir_artifacts.models import Artifact
artifacts = Artifact.objects.filter(value__contains=art_string)
incs = []
for a in artifacts:
incs.extend(a.relations.all())
return incs
def all_for_object(obj, raw=False, user=None):
result = []
total_count = 0
correlated_count = 0
if not hasattr(obj, "artifacts"):
return (result, total_count, correlated_count)
for artifact in INSTALLED_ARTIFACTS:
values = obj.artifacts.filter(type=artifact)
artifact_collection = INSTALLED_ARTIFACTS[artifact](values, obj, user=user)
total_count += values.count()
correlated_count += artifact_collection.correlated_count()
result.append(artifact_collection)
return (result, total_count, correlated_count)
class AbstractArtifact:
case_sensitive = False
template = 'fir_artifacts/default.html'
@classmethod
def find(cls, data):
results = []
for i in re.finditer(cls.regex, data):
if cls.case_sensitive:
results.append(i.group('search'))
else:
results.append(i.group('search').lower())
return results
@classmethod
def after_save(cls, value, event):
# Do nothing, allows for specific callback in subclasses
pass
def __init__(self, artifacts, event, user=None):
class ArtifactDisplay(object):
def __init__(self, artifact, user):
self.artifact = artifact
self.correlation_count = self.artifact.relations_for_user(user).count()
@property
def value(self):
return self.artifact.value
@property
def type(self):
return self.artifact.type
@property
def id(self):
return self.artifact.id
@property
def pk(self):
return self.artifact.pk
self._artifacts = [ArtifactDisplay(artifact, user) for artifact in artifacts]
self._event = event
self._correlated = []
for artifact in self._artifacts:
if artifact.correlation_count > 1:
self._correlated.append(artifact)
def json(self, request):
return self.display(request, correlated=False, json=True)
def display(self, request, correlated=False, json=False):
context = RequestContext(request)
template = get_template(self.__class__.template)
context['artifact_name'] = self.__class__.display_name
if correlated:
context['artifact_values'] = self._correlated
else:
context['artifact_values'] = self._artifacts
context['event'] = self._event
if not json:
return template.render(context.flatten(), request)
else:
return context.flatten()
def correlated_count(self):
return len(self._correlated)