assemblyline-core 4.5.0.31__tar.gz → 4.5.0.33__tar.gz

{assemblyline-core-4.5.0.31 → assemblyline-core-4.5.0.33}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: assemblyline-core
-Version: 4.5.0.31
+Version: 4.5.0.33
 Summary: Assemblyline 4 - Core components
 Home-page: https://github.com/CybercentreCanada/assemblyline-core/
 Author: CCCS Assemblyline development team

assemblyline-core-4.5.0.33/assemblyline_core/VERSION

@@ -0,0 +1 @@
+4.5.0.33

{assemblyline-core-4.5.0.31 → assemblyline-core-4.5.0.33}/assemblyline_core/signature_client.py

@@ -17,12 +17,13 @@ CLASSIFICATION = forge.get_classification()
 class SignatureClient:
     """A helper class to simplify signature management for privileged services and service-server."""
 
-    def __init__(self, datastore: AssemblylineDatastore = None, config=None):
+    def __init__(self, datastore: AssemblylineDatastore = None, config=None, classification_replace_map={}):
         self.log = logging.getLogger('assemblyline.signature_client')
         self.config = config or forge.CachedObject(forge.get_config)
         self.datastore = datastore or forge.get_datastore(self.config)
         self.service_list = forge.CachedObject(self.datastore.list_all_services, kwargs=dict(as_obj=False, full=True))
         self.delimiters = forge.CachedObject(self._get_signature_delimiters)
+        self.classification_replace_map = classification_replace_map
 
     def _get_signature_delimiters(self):
         signature_delimiters = {}
@@ -39,6 +40,22 @@ class SignatureClient:
             delimiter = SIGNATURE_DELIMITERS.get(delimiter_type, '\n\n')
         return {'type': delimiter_type, 'delimiter': delimiter}
 
+    def _update_classification(self, signature):
+        classification = signature['classification']
+        # Update classification of signatures based on rewrite definition
+        for term, replacement in self.classification_replace_map.items():
+            if replacement.startswith('_'):
+                # Replace with known field in Signature model
+                # Otherwise replace with literal
+                if signature.get(replacement[1:]):
+                    replacement = signature[replacement[1:]]
+
+            classification = classification.replace(term, replacement)
+
+        # Save the (possibly) updated classfication
+        signature['classification'] = classification
+
+
     def add_update(self, data, dedup_name=True):
         if data.get('type', None) is None or data['name'] is None or data['data'] is None:
             raise ValueError("Signature id, name, type and data are mandatory fields.")
@@ -79,6 +96,8 @@ class SignatureClient:
             # Preserve signature stats
             data['stats'] = old['stats']
 
+        self._update_classification(data)
+
         # Save the signature
         success = self.datastore.signature.save(key, data)
         return success, key, op
@@ -126,6 +145,8 @@ class SignatureClient:
                 # Preserve signature stats
                 rule['stats'] = old_data[key]['stats']
 
+            self._update_classification(rule)
+
             plan.add_upsert_operation(key, rule)
 
         if not plan.empty:

{assemblyline-core-4.5.0.31 → assemblyline-core-4.5.0.33}/assemblyline_core/updater/helper.py

@@ -63,6 +63,39 @@ class DockerRegistry(ContainerRegistry):
             return resp_data['tags'] or []
         return []
 
+class AzureContainerRegistry(ContainerRegistry):
+    def _get_proprietary_registry_tags(self, server, image_name, auth, verify, proxies=None, token_server=None):
+        # Find latest tag for each types
+        url = f"https://{server}/v2/{image_name}/tags/list"
+
+        # Get tag list
+        headers = {}
+        if auth:
+            headers["Authorization"] = auth
+
+        # Attempt request with provided credentials alone
+        resp = self._perform_request(url, headers, verify, proxies)
+
+        if not resp:
+            # Authentication with just credentials failed, moving over to generating a bearer token
+
+            # Retrieve token for authentication: https://azure.github.io/acr/Token-BasicAuth.html#using-the-token-api
+            token_url = f"https://{server}/oauth2/token?scope=repository:{image_name}:metadata_read,pull&service={server}"
+            resp = self._perform_request(token_url, headers, verify, proxies)
+            if resp and resp.ok:
+                # Request to obtain token was successful, set Authorization header for registry API
+                token = resp.json().get('access_token')
+                headers["Authorization"] = f"Bearer {token}"
+
+                resp = self._perform_request(url, headers, verify, proxies)
+
+        # At this point, we should have a response from the API
+        if resp and resp.ok:
+            # Test for positive list of tags
+            resp_data = resp.json()
+            return resp_data['tags'] or []
+
+        return []
 
 class HarborRegistry(ContainerRegistry):
     def _get_proprietary_registry_tags(self, server, image_name, auth, verify, proxies=None, token_server=None):
@@ -160,7 +193,11 @@ def get_latest_tag_for_service(
         # We're assuming that if only a password is given, then this is a token
         auth = f"Bearer {service_config.docker_config.registry_password}"
 
-    registry = REGISTRY_TYPE_MAPPING[service_config.docker_config.registry_type]
+    if server.endswith(".azurecr.io"):
+        # This is an Azure Container Registry based on the server name
+        registry = AzureContainerRegistry()
+    else:
+        registry = REGISTRY_TYPE_MAPPING[service_config.docker_config.registry_type]
     token_server = None
     proxies = None
     for reg_conf in system_config.core.updater.registry_configs:

{assemblyline-core-4.5.0.31 → assemblyline-core-4.5.0.33}/assemblyline_core/updater/run_updater.py

@@ -337,6 +337,7 @@ class KubernetesUpdateInterface:
             priority_class_name=self.priority_class,
             service_account_name=docker_config.service_account or self.default_service_account or PRIVILEGED_SERVICE_ACCOUNT_NAME,
             affinity=selector_to_node_affinity(self.linux_node_selector),
+            tolerations=self.default_service_tolerations
         )
 
         if use_pull_secret:

{assemblyline-core-4.5.0.31 → assemblyline-core-4.5.0.33}/assemblyline_core.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: assemblyline-core
-Version: 4.5.0.31
+Version: 4.5.0.33
 Summary: Assemblyline 4 - Core components
 Home-page: https://github.com/CybercentreCanada/assemblyline-core/
 Author: CCCS Assemblyline development team

{assemblyline-core-4.5.0.31 → assemblyline-core-4.5.0.33}/test/test_signature_client.py

@@ -103,3 +103,16 @@ def test_download_signatures(client):
 def test_update_available(client):
     assert client.update_available()
     assert not client.update_available(since='2030-01-01T00:00:00.000000Z')
+
+def test_update_classification(client):
+    sig = client.datastore.signature.search("*", rows=1, as_obj=False)['items'][0]
+
+    # Update classification with literal string
+    client.classification_replace_map = {"TLP:C": "TLP:A//TEST"}
+    client._update_classification(sig)
+    assert sig['classification'] == "TLP:A//TEST"
+
+    # Update classification with value from another field within the signature
+    client.classification_replace_map = {"TEST": "_source"}
+    client._update_classification(sig)
+    assert sig['classification'] == f"TLP:A//{sig['source']}"

assemblyline-core-4.5.0.31/assemblyline_core/VERSION

@@ -1 +0,0 @@
-4.5.0.31