Exemple #1
0
// PostAction submits a MIG Action to the API and returns the reflected action with API ID
func (cli Client) PostAction(a mig.Action) (a2 mig.Action, err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("PostAction() -> %v", e)
		}
	}()
	a.SyntaxVersion = mig.ActionVersion
	// serialize
	ajson, err := json.Marshal(a)
	if err != nil {
		panic(err)
	}
	actionstr := string(ajson)
	data := url.Values{"action": {actionstr}}
	r, err := http.NewRequest("POST", cli.Conf.API.URL+"action/create/", strings.NewReader(data.Encode()))
	if err != nil {
		panic(err)
	}
	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	resp, err := cli.Do(r)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()
	if err != nil {
		panic(err)
	}
	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	if resp.StatusCode != 202 {
		err = fmt.Errorf("error: HTTP %d. action creation failed.", resp.StatusCode)
		panic(err)
	}
	var resource *cljs.Resource
	err = json.Unmarshal(body, &resource)
	if err != nil {
		panic(err)
	}
	a2, err = ValueToAction(resource.Collection.Items[0].Data[0].Value)
	if err != nil {
		panic(err)
	}
	return
}
Exemple #2
0
func main() {
	var a2 mig.Action
	a, err := mig.ActionFromFile(os.Args[1])
	if err != nil {
		panic(err)
	}
	a2 = a
	a2.SyntaxVersion = 2
	for i, op := range a.Operations {
		if op.Module == "filechecker" {
			input, err := json.Marshal(op.Parameters)
			if err != nil {
				panic(err)
			}
			a2.Operations[i].Parameters = filechecker.ConvertParametersV1toV2(input)
		}
	}
	out, err := json.Marshal(a2)
	if err != nil {
		panic(err)
	}
	fmt.Printf("%s\n", out)
}
Exemple #3
0
// actionLauncher prepares an action for launch, either by starting with an empty
// template, or by loading an existing action from the api or the local disk
func actionLauncher(tpl mig.Action, ctx Context) (err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("actionLauncher() -> %v", e)
		}
	}()
	var a mig.Action
	if tpl.ID == 0 {
		fmt.Println("Entering action launcher with empty template")
		a.SyntaxVersion = mig.ActionVersion
	} else {
		// reinit the fields that we don't reuse
		a.Name = tpl.Name
		a.Target = tpl.Target
		a.Description = tpl.Description
		a.Threat = tpl.Threat
		a.Operations = tpl.Operations
		a.SyntaxVersion = tpl.SyntaxVersion
		fmt.Printf("Entering action launcher using template '%s'\n", a.Name)
	}
	hasTimes := false
	hasSignatures := false

	fmt.Println("Type \x1b[32;1mexit\x1b[0m or press \x1b[32;1mctrl+d\x1b[0m to leave. \x1b[32;1mhelp\x1b[0m may help.")
	prompt := "\x1b[33;1mlauncher>\x1b[0m "
	for {
		// completion
		var symbols = []string{"addoperation", "deloperation", "exit", "help", "init",
			"json", "launch", "load", "details", "filechecker", "netstat",
			"setname", "settarget", "settimes", "sign", "times"}
		readline.Completer = func(query, ctx string) []string {
			var res []string
			for _, sym := range symbols {
				if strings.HasPrefix(sym, query) {
					res = append(res, sym)
				}
			}
			return res
		}

		input, err := readline.String(prompt)
		if err == io.EOF {
			break
		}
		if err != nil {
			fmt.Println("error: ", err)
			break
		}
		orders := strings.Split(strings.TrimSpace(input), " ")
		switch orders[0] {
		case "addoperation":
			if len(orders) != 2 {
				fmt.Println("Wrong arguments. Expects 'addoperation <module_name>'")
				fmt.Println("example: addoperation filechecker")
				break
			}
			// attempt to call ParamsCreator from the requested module
			// ParamsCreator takes care of retrieving using input
			var operation mig.Operation
			operation.Module = orders[1]
			if _, ok := mig.AvailableModules[operation.Module]; ok {
				// instanciate and call module parameters creation function
				modRunner := mig.AvailableModules[operation.Module]()
				if _, ok := modRunner.(mig.HasParamsCreator); !ok {
					fmt.Println(operation.Module, "module does not provide a parameters creator.")
					fmt.Println("You can write your action by hand and import it using 'load <file>'")
					break
				}
				operation.Parameters, err = modRunner.(mig.HasParamsCreator).ParamsCreator()
				if err != nil {
					fmt.Printf("Parameters creation failed with error: %v\n", err)
					break
				}
				a.Operations = append(a.Operations, operation)
				opjson, err := json.MarshalIndent(operation, "", "  ")
				if err != nil {
					panic(err)
				}
				fmt.Printf("Inserting %s operation with parameters:\n%s\n", operation.Module, opjson)
			} else {
				fmt.Println("Module", operation.Module, "is not available in this console...")
				fmt.Println("You can write your action by hand and import it using 'load <file>'")
			}
		case "deloperation":
			if len(orders) != 2 {
				fmt.Println("Wrong arguments. Expects 'deloperation <opnum>'")
				fmt.Println("example: deloperation 0")
				break
			}
			opnum, err := strconv.Atoi(orders[1])
			if err != nil || opnum < 0 || opnum > len(a.Operations)-1 {
				fmt.Println("error: <opnum> must be a positive integer between 0 and", len(a.Operations)-1)
				break
			}
			a.Operations = append(a.Operations[:opnum], a.Operations[opnum+1:]...)
		case "details":
			fmt.Printf("ID       %.0f\nName     %s\nTarget   %s\nAuthor   %s <%s>\n"+
				"Revision %.0f\nURL      %s\nThreat Type %s, Level %s, Family %s, Reference %s\n",
				a.ID, a.Name, a.Target, a.Description.Author, a.Description.Email,
				a.Description.Revision, a.Description.URL,
				a.Threat.Type, a.Threat.Level, a.Threat.Family, a.Threat.Ref)
			fmt.Printf("%d operations: ", len(a.Operations))
			for i, op := range a.Operations {
				fmt.Printf("%d=%s; ", i, op.Module)
			}
			fmt.Printf("\n")
		case "exit":
			fmt.Printf("exit\n")
			goto exit
		case "help":
			fmt.Printf(`The following orders are available:
addoperation <module>	append a new operation of type <module> to the action operations
deloperation <opnum>	remove operation numbered <opnum> from operations array, count starts at zero
details			display the action details
exit			exit this mode
help			show this help
json <pretty>		show the json of the action
launch <nofollow>	launch the action. to return before completion, add "nofollow"
load <path>		load an action from a file at <path>
setname <name>		set the name of the action
settarget <target>	set the target
settimes <start> <stop>	set the validity and expiration dates
sign			PGP sign the action
times			show the various timestamps of the action
`)
		case "json":
			ajson, err := json.MarshalIndent(a, "", "  ")
			if err != nil {
				panic(err)
			}
			fmt.Printf("%s\n", ajson)
		case "launch":
			follow := true
			if len(orders) > 1 {
				if orders[1] == "nofollow" {
					follow = false
				} else {
					fmt.Printf("Unknown option '%s'\n", orders[1])
				}
			}
			if a.Name == "" {
				fmt.Println("Action has no name. Define one using 'setname <name>'")
				break
			}
			if a.Target == "" {
				fmt.Println("Action has no target. Define one using 'settarget <target>'")
				break
			}
			if !hasTimes {
				fmt.Printf("Times are not defined. Setting validity from now until +%s\n", defaultExpiration)
				// for immediate execution, set validity one minute in the past
				a.ValidFrom = time.Now().Add(-60 * time.Second).UTC()
				period, err := time.ParseDuration(defaultExpiration)
				if err != nil {
					panic(err)
				}
				a.ExpireAfter = a.ValidFrom.Add(period)
				a.ExpireAfter = a.ExpireAfter.Add(60 * time.Second).UTC()
				hasTimes = true
			}
			if !hasSignatures {
				pgpsig, err := computeSignature(a, ctx)
				if err != nil {
					panic(err)
				}
				a.PGPSignatures = append(a.PGPSignatures, pgpsig)
				hasSignatures = true
			}
			a, err = postAction(a, follow, ctx)
			if err != nil {
				panic(err)
			}
			fmt.Println("")
			_ = actionReader(fmt.Sprintf("action %.0f", a.ID), ctx)
			goto exit
		case "load":
			if len(orders) != 2 {
				fmt.Println("Wrong arguments. Expects 'load <path_to_file>'")
				break
			}
			a, err = mig.ActionFromFile(orders[1])
			if err != nil {
				panic(err)
			}
			fmt.Printf("Loaded action '%s' from %s\n", a.Name, orders[1])
		case "sign":
			if !hasTimes {
				fmt.Println("Times must be set prior to signing")
				break
			}
			pgpsig, err := computeSignature(a, ctx)
			if err != nil {
				panic(err)
			}
			a.PGPSignatures = append(a.PGPSignatures, pgpsig)
			hasSignatures = true
		case "setname":
			if len(orders) < 2 {
				fmt.Println("Wrong arguments. Must be 'setname <some_name>'")
				break
			}
			a.Name = strings.Join(orders[1:], " ")
		case "settarget":
			if len(orders) < 2 {
				fmt.Println("Wrong arguments. Must be 'settarget <some_target_string>'")
				break
			}
			a.Target = strings.Join(orders[1:], " ")
		case "settimes":
			// set the dates
			if len(orders) != 3 {
				fmt.Println(`Invalid times. Expects settimes <start> <stop.)
examples:
settimes 2014-06-30T12:00:00.0Z 2014-06-30T14:00:00.0Z
settimes now +60m
`)
				break
			}
			if orders[1] == "now" {
				// for immediate execution, set validity one minute in the past
				a.ValidFrom = time.Now().Add(-60 * time.Second).UTC()
				period, err := time.ParseDuration(orders[2])
				if err != nil {
					fmt.Println("Failed to parse duration '%s': %v", orders[2], err)
					break
				}
				a.ExpireAfter = a.ValidFrom.Add(period)
				a.ExpireAfter = a.ExpireAfter.Add(60 * time.Second).UTC()
			} else {
				a.ValidFrom, err = time.Parse("2014-01-01T00:00:00.0Z", orders[1])
				if err != nil {
					fmt.Println("Failed to parse time '%s': %v", orders[1], err)
					break
				}
				a.ExpireAfter, err = time.Parse("2014-01-01T00:00:00.0Z", orders[2])
				if err != nil {
					fmt.Println("Failed to parse time '%s': %v", orders[2], err)
					break
				}
			}
			hasTimes = true
		case "times":
			fmt.Printf("Valid from   '%s' until '%s'\nStarted on   '%s'\n"+
				"Last updated '%s'\nFinished on  '%s'\n",
				a.ValidFrom, a.ExpireAfter, a.StartTime, a.LastUpdateTime, a.FinishTime)
		case "":
			break
		default:
			fmt.Printf("Unknown order '%s'. You are in action launcher mode. Try `help`.\n", orders[0])
		}
		readline.AddHistory(input)
	}
exit:
	fmt.Printf("\n")
	return
}