Skip to content
This repository has been archived by the owner on Jun 17, 2023. It is now read-only.

fixes https://github.com/csirtgadgets/bearded-avenger/pull/278 #51

Merged
merged 1 commit into from
Mar 23, 2017
Merged

fixes https://github.com/csirtgadgets/bearded-avenger/pull/278 #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 25 additions & 6 deletions cifsdk/client/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
from argparse import ArgumentParser
from argparse import RawDescriptionHelpFormatter

from cifsdk.constants import CONFIG_PATH, REMOTE_ADDR, TOKEN, SEARCH_LIMIT, FORMAT, FEED_LIMIT, FEED_DAYS_LIMIT, COLUMNS
from cifsdk.constants import CONFIG_PATH, REMOTE_ADDR, TOKEN, SEARCH_LIMIT, FORMAT, FEED_LIMIT, FEED_DAYS_LIMIT, \
COLUMNS, ADVANCED
from cifsdk.exceptions import AuthError
from csirtg_indicator.format import FORMATS
from cifsdk.utils import setup_logging, get_argument_parser, read_config
Expand Down Expand Up @@ -91,9 +92,12 @@ def main():
p.add_argument('--cc')
p.add_argument('--asn-desc')
p.add_argument('--rdata')
p.add_argument('--no-feed')
p.add_argument('--no-feed', action='store_true')
p.add_argument('--region')

p.add_argument('--delete', action='store_true')
p.add_argument('--id')

args = p.parse_args()

setup_logging(args)
Expand Down Expand Up @@ -153,25 +157,29 @@ def main():
'itype': options['itype'],
'limit': options['limit'],
'provider': options.get('provider'),
'indicator': options.get('search'),
'indicator': options.get('search') or options.get('indicator'),
'nolog': options['nolog'],
'tags': options['tags'],
'confidence': options.get('confidence'),
'asn': options.get('asn'),
'asn_desc': options.get('asn_desc'),
'cc': options.get('cc'),
'region': options.get('region'),
'rdata': options.get('rdata')
'rdata': options.get('rdata'),
'reporttime': options.get('reporttime')
}

if args.last_day:
filters['days'] = '1'
del filters['reporttime']

if args.last_hour:
filters['hours'] = '1'
del filters['reporttime']

if args.days:
filters['days'] = args.days
del filters['reporttime']

if args.today:
now = arrow.utcnow()
Expand All @@ -181,11 +189,22 @@ def main():
logger.info('setting feed flag by default, use --no-feed to override')
options['feed'] = True

if options.get("delete"):
if args.id:
filters = {'id': args.id}

filters = {f: filters[f] for f in filters if filters.get(f)}
logger.info("deleting {0}".format(filters))
rv = cli.indicators_delete(filters)

logger.info('deleted: {}'.format(rv))
raise SystemExit

if options.get('feed'):
if not filters.get('itype'):
if not filters.get('itype') and not ADVANCED:
raise RuntimeError('missing --itype')

if not filters.get('tags'):
if not filters.get('tags') and not ADVANCED:
raise RuntimeError('missing --tags [phishing|malware|botnet|scanner|pdns|whitelist|...]')

if not filters.get('confidence'):
Expand Down
19 changes: 16 additions & 3 deletions cifsdk/client/http.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,17 @@ def _post(self, uri, data):

return json.loads(resp.content.decode('utf-8'))

def _delete(self, uri, data):
resp = self.session.delete(uri, data=json.dumps(data))
def _delete(self, uri, params={}):
params = {f: params[f] for f in params if params.get(f)}
if params.get('nolog'):
del params['nolog']

if params.get('limit'):
del params['limit']

resp = self.session.delete(uri, data=json.dumps(params), verify=self.verify_ssl)
self._check_status(resp)
return json.loads(resp.content)
return json.loads(resp.content.decode('utf-8'))

def _patch(self, uri, data):
resp = self.session.patch(uri, data=json.dumps(data))
Expand All @@ -128,6 +135,12 @@ def indicators_create(self, data):
rv = self._post(uri, data)
return rv["data"]

def indicators_delete(self, filters):
uri = "{0}/indicators".format(self.remote)
logger.debug(uri)
rv = self._delete(uri, params=filters)
return rv["data"]

def feed(self, filters):
rv = self._get('/feed', params=filters)
return rv['data']
Expand Down
8 changes: 8 additions & 0 deletions cifsdk/client/zeromq.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,5 +178,13 @@ def indicators_create(self, data, nowait=False, fireball=False):

return self._send(Msg.INDICATORS_CREATE, data, nowait=nowait)

def indicators_delete(self, data):
if isinstance(data, dict):
data = self._kv_to_indicator(data)

if not isinstance(data, str):
data = str(data)

return self._send(Msg.INDICATORS_DELETE, data)

Plugin = ZMQ
2 changes: 2 additions & 0 deletions cifsdk/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@
TOKEN = os.environ.get('CIF_TOKEN', None)
FORMAT = os.environ.get('CIF_FORMAT', 'table')

ADVANCED = os.getenv('CIF_ADVANCED')


PYVERSION = 2
if sys.version_info > (3,):
Expand Down
18 changes: 10 additions & 8 deletions cifsdk/msg.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,11 @@
2: 'ping_write',
3: 'indicators_create',
4: 'indicators_search',
5: 'tokens_search',
6: 'tokens_create',
7: 'tokens_delete',
8: 'tokens_edit',
5: 'indicators_delete',
6: 'tokens_search',
7: 'tokens_create',
8: 'tokens_delete',
9: 'tokens_edit',
}


Expand All @@ -30,10 +31,11 @@ class Msg(object):
PING_WRITE = 2
INDICATORS_CREATE = 3
INDICATORS_SEARCH = 4
TOKENS_SEARCH = 5
TOKENS_CREATE = 6
TOKENS_DELETE = 7
TOKENS_EDIT = 8
INDICATORS_DELETE = 5
TOKENS_SEARCH = 6
TOKENS_CREATE = 7
TOKENS_DELETE = 8
TOKENS_EDIT = 9

def __init__(self, *args, **kwargs):
for k in kwargs:
Expand Down