// PostAction submits a MIG Action to the API and returns the reflected action with API ID func (cli Client) PostAction(a mig.Action) (a2 mig.Action, err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("PostAction() -> %v", e) } }() a.SyntaxVersion = mig.ActionVersion // serialize ajson, err := json.Marshal(a) if err != nil { panic(err) } actionstr := string(ajson) data := url.Values{"action": {actionstr}} r, err := http.NewRequest("POST", cli.Conf.API.URL+"action/create/", strings.NewReader(data.Encode())) if err != nil { panic(err) } r.Header.Set("Content-Type", "application/x-www-form-urlencoded") resp, err := cli.Do(r) if err != nil { panic(err) } defer resp.Body.Close() if err != nil { panic(err) } body, err := ioutil.ReadAll(resp.Body) if err != nil { panic(err) } if resp.StatusCode != 202 { err = fmt.Errorf("error: HTTP %d. action creation failed.", resp.StatusCode) panic(err) } var resource *cljs.Resource err = json.Unmarshal(body, &resource) if err != nil { panic(err) } a2, err = ValueToAction(resource.Collection.Items[0].Data[0].Value) if err != nil { panic(err) } return }
func main() { var a2 mig.Action a, err := mig.ActionFromFile(os.Args[1]) if err != nil { panic(err) } a2 = a a2.SyntaxVersion = 2 for i, op := range a.Operations { if op.Module == "filechecker" { input, err := json.Marshal(op.Parameters) if err != nil { panic(err) } a2.Operations[i].Parameters = filechecker.ConvertParametersV1toV2(input) } } out, err := json.Marshal(a2) if err != nil { panic(err) } fmt.Printf("%s\n", out) }
// actionLauncher prepares an action for launch, either by starting with an empty // template, or by loading an existing action from the api or the local disk func actionLauncher(tpl mig.Action, ctx Context) (err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("actionLauncher() -> %v", e) } }() var a mig.Action if tpl.ID == 0 { fmt.Println("Entering action launcher with empty template") a.SyntaxVersion = mig.ActionVersion } else { // reinit the fields that we don't reuse a.Name = tpl.Name a.Target = tpl.Target a.Description = tpl.Description a.Threat = tpl.Threat a.Operations = tpl.Operations a.SyntaxVersion = tpl.SyntaxVersion fmt.Printf("Entering action launcher using template '%s'\n", a.Name) } hasTimes := false hasSignatures := false fmt.Println("Type \x1b[32;1mexit\x1b[0m or press \x1b[32;1mctrl+d\x1b[0m to leave. \x1b[32;1mhelp\x1b[0m may help.") prompt := "\x1b[33;1mlauncher>\x1b[0m " for { // completion var symbols = []string{"addoperation", "deloperation", "exit", "help", "init", "json", "launch", "load", "details", "filechecker", "netstat", "setname", "settarget", "settimes", "sign", "times"} readline.Completer = func(query, ctx string) []string { var res []string for _, sym := range symbols { if strings.HasPrefix(sym, query) { res = append(res, sym) } } return res } input, err := readline.String(prompt) if err == io.EOF { break } if err != nil { fmt.Println("error: ", err) break } orders := strings.Split(strings.TrimSpace(input), " ") switch orders[0] { case "addoperation": if len(orders) != 2 { fmt.Println("Wrong arguments. Expects 'addoperation <module_name>'") fmt.Println("example: addoperation filechecker") break } // attempt to call ParamsCreator from the requested module // ParamsCreator takes care of retrieving using input var operation mig.Operation operation.Module = orders[1] if _, ok := mig.AvailableModules[operation.Module]; ok { // instanciate and call module parameters creation function modRunner := mig.AvailableModules[operation.Module]() if _, ok := modRunner.(mig.HasParamsCreator); !ok { fmt.Println(operation.Module, "module does not provide a parameters creator.") fmt.Println("You can write your action by hand and import it using 'load <file>'") break } operation.Parameters, err = modRunner.(mig.HasParamsCreator).ParamsCreator() if err != nil { fmt.Printf("Parameters creation failed with error: %v\n", err) break } a.Operations = append(a.Operations, operation) opjson, err := json.MarshalIndent(operation, "", " ") if err != nil { panic(err) } fmt.Printf("Inserting %s operation with parameters:\n%s\n", operation.Module, opjson) } else { fmt.Println("Module", operation.Module, "is not available in this console...") fmt.Println("You can write your action by hand and import it using 'load <file>'") } case "deloperation": if len(orders) != 2 { fmt.Println("Wrong arguments. Expects 'deloperation <opnum>'") fmt.Println("example: deloperation 0") break } opnum, err := strconv.Atoi(orders[1]) if err != nil || opnum < 0 || opnum > len(a.Operations)-1 { fmt.Println("error: <opnum> must be a positive integer between 0 and", len(a.Operations)-1) break } a.Operations = append(a.Operations[:opnum], a.Operations[opnum+1:]...) case "details": fmt.Printf("ID %.0f\nName %s\nTarget %s\nAuthor %s <%s>\n"+ "Revision %.0f\nURL %s\nThreat Type %s, Level %s, Family %s, Reference %s\n", a.ID, a.Name, a.Target, a.Description.Author, a.Description.Email, a.Description.Revision, a.Description.URL, a.Threat.Type, a.Threat.Level, a.Threat.Family, a.Threat.Ref) fmt.Printf("%d operations: ", len(a.Operations)) for i, op := range a.Operations { fmt.Printf("%d=%s; ", i, op.Module) } fmt.Printf("\n") case "exit": fmt.Printf("exit\n") goto exit case "help": fmt.Printf(`The following orders are available: addoperation <module> append a new operation of type <module> to the action operations deloperation <opnum> remove operation numbered <opnum> from operations array, count starts at zero details display the action details exit exit this mode help show this help json <pretty> show the json of the action launch <nofollow> launch the action. to return before completion, add "nofollow" load <path> load an action from a file at <path> setname <name> set the name of the action settarget <target> set the target settimes <start> <stop> set the validity and expiration dates sign PGP sign the action times show the various timestamps of the action `) case "json": ajson, err := json.MarshalIndent(a, "", " ") if err != nil { panic(err) } fmt.Printf("%s\n", ajson) case "launch": follow := true if len(orders) > 1 { if orders[1] == "nofollow" { follow = false } else { fmt.Printf("Unknown option '%s'\n", orders[1]) } } if a.Name == "" { fmt.Println("Action has no name. Define one using 'setname <name>'") break } if a.Target == "" { fmt.Println("Action has no target. Define one using 'settarget <target>'") break } if !hasTimes { fmt.Printf("Times are not defined. Setting validity from now until +%s\n", defaultExpiration) // for immediate execution, set validity one minute in the past a.ValidFrom = time.Now().Add(-60 * time.Second).UTC() period, err := time.ParseDuration(defaultExpiration) if err != nil { panic(err) } a.ExpireAfter = a.ValidFrom.Add(period) a.ExpireAfter = a.ExpireAfter.Add(60 * time.Second).UTC() hasTimes = true } if !hasSignatures { pgpsig, err := computeSignature(a, ctx) if err != nil { panic(err) } a.PGPSignatures = append(a.PGPSignatures, pgpsig) hasSignatures = true } a, err = postAction(a, follow, ctx) if err != nil { panic(err) } fmt.Println("") _ = actionReader(fmt.Sprintf("action %.0f", a.ID), ctx) goto exit case "load": if len(orders) != 2 { fmt.Println("Wrong arguments. Expects 'load <path_to_file>'") break } a, err = mig.ActionFromFile(orders[1]) if err != nil { panic(err) } fmt.Printf("Loaded action '%s' from %s\n", a.Name, orders[1]) case "sign": if !hasTimes { fmt.Println("Times must be set prior to signing") break } pgpsig, err := computeSignature(a, ctx) if err != nil { panic(err) } a.PGPSignatures = append(a.PGPSignatures, pgpsig) hasSignatures = true case "setname": if len(orders) < 2 { fmt.Println("Wrong arguments. Must be 'setname <some_name>'") break } a.Name = strings.Join(orders[1:], " ") case "settarget": if len(orders) < 2 { fmt.Println("Wrong arguments. Must be 'settarget <some_target_string>'") break } a.Target = strings.Join(orders[1:], " ") case "settimes": // set the dates if len(orders) != 3 { fmt.Println(`Invalid times. Expects settimes <start> <stop.) examples: settimes 2014-06-30T12:00:00.0Z 2014-06-30T14:00:00.0Z settimes now +60m `) break } if orders[1] == "now" { // for immediate execution, set validity one minute in the past a.ValidFrom = time.Now().Add(-60 * time.Second).UTC() period, err := time.ParseDuration(orders[2]) if err != nil { fmt.Println("Failed to parse duration '%s': %v", orders[2], err) break } a.ExpireAfter = a.ValidFrom.Add(period) a.ExpireAfter = a.ExpireAfter.Add(60 * time.Second).UTC() } else { a.ValidFrom, err = time.Parse("2014-01-01T00:00:00.0Z", orders[1]) if err != nil { fmt.Println("Failed to parse time '%s': %v", orders[1], err) break } a.ExpireAfter, err = time.Parse("2014-01-01T00:00:00.0Z", orders[2]) if err != nil { fmt.Println("Failed to parse time '%s': %v", orders[2], err) break } } hasTimes = true case "times": fmt.Printf("Valid from '%s' until '%s'\nStarted on '%s'\n"+ "Last updated '%s'\nFinished on '%s'\n", a.ValidFrom, a.ExpireAfter, a.StartTime, a.LastUpdateTime, a.FinishTime) case "": break default: fmt.Printf("Unknown order '%s'. You are in action launcher mode. Try `help`.\n", orders[0]) } readline.AddHistory(input) } exit: fmt.Printf("\n") return }