// PostAction submits a MIG Action to the API and returns the reflected action with API ID
func (cli Client) PostAction(a mig.Action) (a2 mig.Action, err error) {
defer func() {
if e := recover(); e != nil {
err = fmt.Errorf("PostAction() -> %v", e)
}
}()
a.SyntaxVersion = mig.ActionVersion
// serialize
ajson, err := json.Marshal(a)
if err != nil {
panic(err)
}
actionstr := string(ajson)
data := url.Values{"action": {actionstr}}
r, err := http.NewRequest("POST", cli.Conf.API.URL+"action/create/", strings.NewReader(data.Encode()))
if err != nil {
panic(err)
}
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
resp, err := cli.Do(r)
if err != nil {
panic(err)
}
defer resp.Body.Close()
if err != nil {
panic(err)
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
panic(err)
}
if resp.StatusCode != 202 {
err = fmt.Errorf("error: HTTP %d. action creation failed.", resp.StatusCode)
panic(err)
}
var resource *cljs.Resource
err = json.Unmarshal(body, &resource)
if err != nil {
panic(err)
}
a2, err = ValueToAction(resource.Collection.Items[0].Data[0].Value)
if err != nil {
panic(err)
}
return
}
func main() {
var a2 mig.Action
a, err := mig.ActionFromFile(os.Args[1])
if err != nil {
panic(err)
}
a2 = a
a2.SyntaxVersion = 2
for i, op := range a.Operations {
if op.Module == "filechecker" {
input, err := json.Marshal(op.Parameters)
if err != nil {
panic(err)
}
a2.Operations[i].Parameters = filechecker.ConvertParametersV1toV2(input)
}
}
out, err := json.Marshal(a2)
if err != nil {
panic(err)
}
fmt.Printf("%s\n", out)
}
// actionLauncher prepares an action for launch, either by starting with an empty
// template, or by loading an existing action from the api or the local disk
func actionLauncher(tpl mig.Action, ctx Context) (err error) {
defer func() {
if e := recover(); e != nil {
err = fmt.Errorf("actionLauncher() -> %v", e)
}
}()
var a mig.Action
if tpl.ID == 0 {
fmt.Println("Entering action launcher with empty template")
a.SyntaxVersion = mig.ActionVersion
} else {
// reinit the fields that we don't reuse
a.Name = tpl.Name
a.Target = tpl.Target
a.Description = tpl.Description
a.Threat = tpl.Threat
a.Operations = tpl.Operations
a.SyntaxVersion = tpl.SyntaxVersion
fmt.Printf("Entering action launcher using template '%s'\n", a.Name)
}
hasTimes := false
hasSignatures := false
fmt.Println("Type \x1b[32;1mexit\x1b[0m or press \x1b[32;1mctrl+d\x1b[0m to leave. \x1b[32;1mhelp\x1b[0m may help.")
prompt := "\x1b[33;1mlauncher>\x1b[0m "
for {
// completion
var symbols = []string{"addoperation", "deloperation", "exit", "help", "init",
"json", "launch", "load", "details", "filechecker", "netstat",
"setname", "settarget", "settimes", "sign", "times"}
readline.Completer = func(query, ctx string) []string {
var res []string
for _, sym := range symbols {
if strings.HasPrefix(sym, query) {
res = append(res, sym)
}
}
return res
}
input, err := readline.String(prompt)
if err == io.EOF {
break
}
if err != nil {
fmt.Println("error: ", err)
break
}
orders := strings.Split(strings.TrimSpace(input), " ")
switch orders[0] {
case "addoperation":
if len(orders) != 2 {
fmt.Println("Wrong arguments. Expects 'addoperation <module_name>'")
fmt.Println("example: addoperation filechecker")
break
}
// attempt to call ParamsCreator from the requested module
// ParamsCreator takes care of retrieving using input
var operation mig.Operation
operation.Module = orders[1]
if _, ok := mig.AvailableModules[operation.Module]; ok {
// instanciate and call module parameters creation function
modRunner := mig.AvailableModules[operation.Module]()
if _, ok := modRunner.(mig.HasParamsCreator); !ok {
fmt.Println(operation.Module, "module does not provide a parameters creator.")
fmt.Println("You can write your action by hand and import it using 'load <file>'")
break
}
operation.Parameters, err = modRunner.(mig.HasParamsCreator).ParamsCreator()
if err != nil {
fmt.Printf("Parameters creation failed with error: %v\n", err)
break
}
a.Operations = append(a.Operations, operation)
opjson, err := json.MarshalIndent(operation, "", " ")
if err != nil {
panic(err)
}
fmt.Printf("Inserting %s operation with parameters:\n%s\n", operation.Module, opjson)
} else {
fmt.Println("Module", operation.Module, "is not available in this console...")
fmt.Println("You can write your action by hand and import it using 'load <file>'")
}
case "deloperation":
if len(orders) != 2 {
fmt.Println("Wrong arguments. Expects 'deloperation <opnum>'")
fmt.Println("example: deloperation 0")
break
}
opnum, err := strconv.Atoi(orders[1])
if err != nil || opnum < 0 || opnum > len(a.Operations)-1 {
fmt.Println("error: <opnum> must be a positive integer between 0 and", len(a.Operations)-1)
break
}
a.Operations = append(a.Operations[:opnum], a.Operations[opnum+1:]...)
case "details":
fmt.Printf("ID %.0f\nName %s\nTarget %s\nAuthor %s <%s>\n"+
"Revision %.0f\nURL %s\nThreat Type %s, Level %s, Family %s, Reference %s\n",
a.ID, a.Name, a.Target, a.Description.Author, a.Description.Email,
a.Description.Revision, a.Description.URL,
a.Threat.Type, a.Threat.Level, a.Threat.Family, a.Threat.Ref)
fmt.Printf("%d operations: ", len(a.Operations))
for i, op := range a.Operations {
fmt.Printf("%d=%s; ", i, op.Module)
}
fmt.Printf("\n")
case "exit":
fmt.Printf("exit\n")
goto exit
case "help":
fmt.Printf(`The following orders are available:
addoperation <module> append a new operation of type <module> to the action operations
deloperation <opnum> remove operation numbered <opnum> from operations array, count starts at zero
details display the action details
exit exit this mode
help show this help
json <pretty> show the json of the action
launch <nofollow> launch the action. to return before completion, add "nofollow"
load <path> load an action from a file at <path>
setname <name> set the name of the action
settarget <target> set the target
settimes <start> <stop> set the validity and expiration dates
sign PGP sign the action
times show the various timestamps of the action
`)
case "json":
ajson, err := json.MarshalIndent(a, "", " ")
if err != nil {
panic(err)
}
fmt.Printf("%s\n", ajson)
case "launch":
follow := true
if len(orders) > 1 {
if orders[1] == "nofollow" {
follow = false
} else {
fmt.Printf("Unknown option '%s'\n", orders[1])
}
}
if a.Name == "" {
fmt.Println("Action has no name. Define one using 'setname <name>'")
break
}
if a.Target == "" {
fmt.Println("Action has no target. Define one using 'settarget <target>'")
break
}
if !hasTimes {
fmt.Printf("Times are not defined. Setting validity from now until +%s\n", defaultExpiration)
// for immediate execution, set validity one minute in the past
a.ValidFrom = time.Now().Add(-60 * time.Second).UTC()
period, err := time.ParseDuration(defaultExpiration)
if err != nil {
panic(err)
}
a.ExpireAfter = a.ValidFrom.Add(period)
a.ExpireAfter = a.ExpireAfter.Add(60 * time.Second).UTC()
hasTimes = true
}
if !hasSignatures {
pgpsig, err := computeSignature(a, ctx)
if err != nil {
panic(err)
}
a.PGPSignatures = append(a.PGPSignatures, pgpsig)
hasSignatures = true
}
a, err = postAction(a, follow, ctx)
if err != nil {
panic(err)
}
fmt.Println("")
_ = actionReader(fmt.Sprintf("action %.0f", a.ID), ctx)
goto exit
case "load":
if len(orders) != 2 {
fmt.Println("Wrong arguments. Expects 'load <path_to_file>'")
break
}
a, err = mig.ActionFromFile(orders[1])
if err != nil {
panic(err)
}
fmt.Printf("Loaded action '%s' from %s\n", a.Name, orders[1])
case "sign":
if !hasTimes {
fmt.Println("Times must be set prior to signing")
break
}
pgpsig, err := computeSignature(a, ctx)
if err != nil {
panic(err)
}
a.PGPSignatures = append(a.PGPSignatures, pgpsig)
hasSignatures = true
case "setname":
if len(orders) < 2 {
fmt.Println("Wrong arguments. Must be 'setname <some_name>'")
break
}
a.Name = strings.Join(orders[1:], " ")
case "settarget":
if len(orders) < 2 {
fmt.Println("Wrong arguments. Must be 'settarget <some_target_string>'")
break
}
a.Target = strings.Join(orders[1:], " ")
case "settimes":
// set the dates
if len(orders) != 3 {
fmt.Println(`Invalid times. Expects settimes <start> <stop.)
examples:
settimes 2014-06-30T12:00:00.0Z 2014-06-30T14:00:00.0Z
settimes now +60m
`)
break
}
if orders[1] == "now" {
// for immediate execution, set validity one minute in the past
a.ValidFrom = time.Now().Add(-60 * time.Second).UTC()
period, err := time.ParseDuration(orders[2])
if err != nil {
fmt.Println("Failed to parse duration '%s': %v", orders[2], err)
break
}
a.ExpireAfter = a.ValidFrom.Add(period)
a.ExpireAfter = a.ExpireAfter.Add(60 * time.Second).UTC()
} else {
a.ValidFrom, err = time.Parse("2014-01-01T00:00:00.0Z", orders[1])
if err != nil {
fmt.Println("Failed to parse time '%s': %v", orders[1], err)
break
}
a.ExpireAfter, err = time.Parse("2014-01-01T00:00:00.0Z", orders[2])
if err != nil {
fmt.Println("Failed to parse time '%s': %v", orders[2], err)
break
}
}
hasTimes = true
case "times":
fmt.Printf("Valid from '%s' until '%s'\nStarted on '%s'\n"+
"Last updated '%s'\nFinished on '%s'\n",
a.ValidFrom, a.ExpireAfter, a.StartTime, a.LastUpdateTime, a.FinishTime)
case "":
break
default:
fmt.Printf("Unknown order '%s'. You are in action launcher mode. Try `help`.\n", orders[0])
}
readline.AddHistory(input)
}
exit:
fmt.Printf("\n")
return
}