Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TAXII-2 Bug Fixes #279

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -7,6 +7,8 @@ __pycache__/

# Distribution / packaging
.Python
.venv/
.vscode/
env/
build/
develop-eggs/
19 changes: 19 additions & 0 deletions examples/data-configuration-accounts.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
accounts:
- username: user_read
password: user_read
permissions:
taxii1:
firstcollection: read
taxii2:
ea9cdf30-root-idc3-b308-bf658d865cae:
privCollectionAlias: read
- username: user_write
password: user_write
permissions:
taxii2:
ea9cdf30-root-idc3-b308-bf658d865cae:
privCollectionAlias: modify
- username: admin
password: admin
is_admin: yes
105 changes: 54 additions & 51 deletions examples/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,54 +1,57 @@
db:
image: postgres:9.4
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: opentaxii
version: '3'

authdb:
image: postgres:9.4
environment:
POSTGRES_USER: user1
POSTGRES_PASSWORD: password1
POSTGRES_DB: opentaxii1
services:
db:
image: postgres:9.4
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: opentaxii

opentaxii:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secret
OPENTAXII_DOMAIN: 192.168.59.103:9000
OPENTAXII_USER: user
OPENTAXII_PASS: pass
DATABASE_HOST: db
DATABASE_NAME: opentaxii
DATABASE_USER: user
DATABASE_PASS: password
AUTH_DATABASE_HOST: authdb
AUTH_DATABASE_NAME: opentaxii1
AUTH_DATABASE_USER: user1
AUTH_DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9000:9000
links:
- db:db
- authdb:authdb
authdb:
image: postgres:9.4
environment:
POSTGRES_USER: user1
POSTGRES_PASSWORD: password1
POSTGRES_DB: opentaxii1

opentaxii2:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secrettwo
OPENTAXII_DOMAIN: 192.168.59.103
OPENTAXII_USER: user1
OPENTAXII_PASS: pass1
DATABASE_HOST: authdb
DATABASE_NAME: opentaxii1
DATABASE_USER: user1
DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9001:9000
links:
- authdb:authdb
opentaxii:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secret
OPENTAXII_DOMAIN: 192.168.59.103:9000
OPENTAXII_USER: user
OPENTAXII_PASS: pass
DATABASE_HOST: db
DATABASE_NAME: opentaxii
DATABASE_USER: user
DATABASE_PASS: password
AUTH_DATABASE_HOST: authdb
AUTH_DATABASE_NAME: opentaxii1
AUTH_DATABASE_USER: user1
AUTH_DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9000:9000
links:
- db:db
- authdb:authdb

opentaxii2:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secrettwo
OPENTAXII_DOMAIN: 192.168.59.103
OPENTAXII_USER: user1
OPENTAXII_PASS: pass1
DATABASE_HOST: authdb
DATABASE_NAME: opentaxii1
DATABASE_USER: user1
DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9001:9000
links:
- authdb:authdb
174 changes: 174 additions & 0 deletions examples/pullpushsub.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
import json
import sys
import requests
from taxii2client.v21 import Server
from taxii2client.exceptions import AccessError
from uuid import uuid4
from time import sleep

# Define your TAXII server and collection details
OPENTAXII_URL = "http://localhost:9000/"
TAXII2_SERVER = OPENTAXII_URL + "taxii2/"
USERNAME = "user_write"
PASSWORD = "user_write"


def pull_data(api_root_url, collection):
# Pull data from the TAXII collection
try:
# Pull data from the collection
data = collection.get_objects()
print(f"Num objects pulled: {len(data.get('objects', []))}")
except AccessError:
print("[Pull Error] The user does not have write access")
return None

return data


def push_data(api_root_url, collection):
# load stix data and push it
with open("stix/nettool.stix.json", "r") as f:
stix_loaded = json.load(f)

stix_type = stix_loaded["type"]
stix_id = stix_type + "--" + str(uuid4())
stix_loaded["id"] = stix_id

envelope_data = {
"more": False,
"objects": [stix_loaded],
}
try:
# Push data to the collection
collection.add_objects(envelope_data)
print("Data pushed successfully.")
except AccessError:
print("[Push Error] The user does not have write access")


def subscribe(api_root_url, collection):
added_after = None

# Get Authentication Token
response = requests.post(
OPENTAXII_URL + "management/auth",
headers={
"Content-Type": "application/json",
},
json={
"username": USERNAME,
"password": PASSWORD,
},
)
auth_token = response.json().get("token", None)

while True:
if added_after is None:
url = api_root_url + "collections/" + collection.id + "/objects/"
else:
url = (
api_root_url
+ "collections/"
+ collection.id
+ f"/objects/?added_after={added_after}"
)

# Get all objects from added_after
response = requests.get(
url=url,
headers={
"Authorization": f"Bearer {auth_token}",
},
)
taxii_env = response.json()
objects = taxii_env.get("objects", [])

print(f"Read {len(objects)} objects from the TAXII2 server")
if len(objects) > 0:
added_after = response.headers.get("X-TAXII-Date-Added-Last", "")

sleep(3)


def not_an_action(collection):
print("That is not an option!")


def main():
server = Server(
TAXII2_SERVER,
user=USERNAME,
password=PASSWORD,
)
print(server.title)
print("=" * len(server.title))

print("Select an API Root:")
print(server.api_roots)
print()
for index, aroot in enumerate(server.api_roots, start=1):
print(f"{index}.")
try:
print(f"Title: {aroot.title}")
print(f"Description: {aroot.description}")
print(f"Versions: {aroot.versions}")
except Exception:
print(
"This API Root is not public.\nYou need to identify to see this API Root"
)
print()

aroot_choice = input("Enter the number of your choice: ")
try:
aroot_choice = int(aroot_choice)
selected_api_root = server.api_roots[aroot_choice - 1]
collections_l = selected_api_root.collections
except (ValueError, IndexError):
print("Invalid choice. Please enter a valid number.")
sys.exit()
except Exception as e:
print(e)
print("You cannot access this API Root. You need to authenticate.")
sys.exit()

for index, coll in enumerate(collections_l, start=1):
print(f"{index}.")
print(f"\tId: {coll.id}")
print(f"\tTitle: {coll.title}")
print(f"\tAlias: {coll.alias}")
print(f"\tDescription: {coll.description}")
print(f"\tMedia Types: {coll.media_types}")
print(f"\tCan Read: {coll.can_read}")
print(f"\tCan Write: {coll.can_write}")
print(f"\tObjects URL: {coll.objects_url}")
print(f"\tCustom Properties: {coll.custom_properties}")
print()

coll_choice = input("Enter the number of your choice: ")
try:
coll_choice = int(coll_choice)
selected_collection = selected_api_root.collections[coll_choice - 1]
except (ValueError, IndexError):
print("Invalid choice. Please enter a valid number.")
sys.exit()

actions_d = {
1: pull_data,
2: push_data,
3: subscribe,
}

while True:
print()
print("1: Pull")
print("2: Push")
print("3: Subscribe")
action_choice = int(input("Enter the number of your choice: "))
action_func = actions_d.get(action_choice, not_an_action)
action_func(selected_api_root.url, selected_collection)
print()


if __name__ == "__main__":
main()
11 changes: 11 additions & 0 deletions examples/stix/nettool.stix.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"modified": "2023-07-25T19:25:59.767Z",
"name": "Net",
"description": "The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft Net Utility)\n\n[Net](https://attack.mitre.org/software/S0039) has a great deal of functionality, (Citation: Savill 1999) much of which is useful for an adversary, such as gathering system and network information for Discovery, moving laterally through [SMB/Windows Admin Shares](https://attack.mitre.org/techniques/T1021/002) using <code>net use</code> commands, and interacting with services. The net1.exe utility is executed for certain functionality when net.exe is run and can be used directly in commands such as <code>net1 user</code>.",
"type": "tool",
"id": "tool--03342581-f790-4f03-ba41-e82e67392e25",
"created": "2017-05-31T21:32:31.601Z",
"revoked": false,
"external_references": [],
"spec_version": "2.1"
}
22 changes: 20 additions & 2 deletions opentaxii/auth/manager.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import structlog
from opentaxii.persistence.exceptions import DoesNotExistError

log = structlog.getLogger(__name__)

@@ -44,13 +45,30 @@ def update_account(self, account, password):
NOTE: Additional method that is only used in the helper scripts
shipped with OpenTAXII.
'''
for colname, permission in list(account.permissions.items()):
permission_collections = {}
# Check for taxii1 collections
for colname, permission in list(account.permissions.get("taxii1", {}).items()):
collection = self.server.servers.taxii1.persistence.get_collection(colname)
if not collection:
log.warning(
"update_account.unknown_collection",
collection=colname)
account.permissions.pop(colname)
else:
permission_collections[colname] = permission

# Check for taxii2 collections
for api_root, collections in list(account.permissions.get("taxii2", {}).items()):
for colname, permission in collections.items():
try:
collection = self.server.servers.taxii2.persistence.get_collection(api_root, colname)
except DoesNotExistError:
log.warning(
"update_account.unknown_collection",
api_root=api_root, collection=colname)
else:
permission_collections[str(collection.id)] = permission

account.permissions = permission_collections
account = self.api.update_account(account, password)
return account

1 change: 1 addition & 0 deletions opentaxii/cli/auth.py
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ def create_account(argv=None):
account = app.taxii_server.auth.api.create_account(
username=args.username,
password=args.password,
is_admin=args.admin
)
token = app.taxii_server.auth.authenticate(
username=account.username,
8 changes: 7 additions & 1 deletion opentaxii/cli/persistence.py
Original file line number Diff line number Diff line change
@@ -105,10 +105,16 @@ def add_api_root():
"--default", action="store_true", help="Set as default api root"
)

parser.add_argument(
"--public", action="store_true", help="Create a public api root"
)
args = parser.parse_args()
with app.app_context():
app.taxii_server.servers.taxii2.persistence.api.add_api_root(
title=args.title, description=args.description, default=args.default
title=args.title,
description=args.description,
default=args.default,
is_public=args.public,
)


Loading