synapse 2.161.0__py311-none-any.whl → 2.163.0__py311-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of synapse might be problematic. Click here for more details.
- synapse/axon.py +48 -40
- synapse/cortex.py +4 -0
- synapse/daemon.py +7 -2
- synapse/lib/cell.py +70 -3
- synapse/lib/layer.py +20 -1
- synapse/lib/oauth.py +1 -7
- synapse/lib/rstorm.py +16 -0
- synapse/lib/schemas.py +10 -0
- synapse/lib/storm.py +17 -1
- synapse/lib/stormhttp.py +52 -28
- synapse/lib/stormlib/stix.py +6 -3
- synapse/lib/stormtypes.py +336 -26
- synapse/lib/version.py +2 -2
- synapse/lib/view.py +15 -2
- synapse/models/inet.py +9 -0
- synapse/models/infotech.py +28 -26
- synapse/models/orgs.py +3 -0
- synapse/models/proj.py +9 -2
- synapse/models/risk.py +32 -0
- synapse/telepath.py +2 -0
- synapse/tests/files/rstorm/testsvc.py +8 -1
- synapse/tests/files/stormpkg/testpkg.yaml +4 -0
- synapse/tests/test_axon.py +4 -4
- synapse/tests/test_cortex.py +8 -8
- synapse/tests/test_daemon.py +19 -0
- synapse/tests/test_lib_ast.py +17 -17
- synapse/tests/test_lib_grammar.py +4 -4
- synapse/tests/test_lib_rstorm.py +38 -2
- synapse/tests/test_lib_storm.py +15 -15
- synapse/tests/test_lib_stormhttp.py +182 -19
- synapse/tests/test_lib_stormlib_auth.py +3 -3
- synapse/tests/test_lib_stormlib_cell.py +1 -1
- synapse/tests/test_lib_stormlib_cortex.py +50 -2
- synapse/tests/test_lib_stormlib_json.py +2 -2
- synapse/tests/test_lib_stormlib_macro.py +1 -1
- synapse/tests/test_lib_stormlib_modelext.py +37 -37
- synapse/tests/test_lib_stormlib_oauth.py +20 -20
- synapse/tests/test_lib_stormlib_stix.py +3 -1
- synapse/tests/test_lib_stormtypes.py +159 -52
- synapse/tests/test_lib_stormwhois.py +1 -1
- synapse/tests/test_lib_trigger.py +11 -11
- synapse/tests/test_lib_view.py +23 -1
- synapse/tests/test_model_crypto.py +1 -1
- synapse/tests/test_model_inet.py +6 -0
- synapse/tests/test_model_orgs.py +2 -1
- synapse/tests/test_model_proj.py +6 -0
- synapse/tests/test_model_risk.py +10 -0
- synapse/tests/test_tools_storm.py +1 -1
- {synapse-2.161.0.dist-info → synapse-2.163.0.dist-info}/METADATA +3 -1
- {synapse-2.161.0.dist-info → synapse-2.163.0.dist-info}/RECORD +53 -53
- {synapse-2.161.0.dist-info → synapse-2.163.0.dist-info}/LICENSE +0 -0
- {synapse-2.161.0.dist-info → synapse-2.163.0.dist-info}/WHEEL +0 -0
- {synapse-2.161.0.dist-info → synapse-2.163.0.dist-info}/top_level.txt +0 -0
synapse/lib/stormhttp.py
CHANGED
|
@@ -13,6 +13,7 @@ import synapse.common as s_common
|
|
|
13
13
|
|
|
14
14
|
import synapse.lib.base as s_base
|
|
15
15
|
import synapse.lib.msgpack as s_msgpack
|
|
16
|
+
import synapse.lib.version as s_version
|
|
16
17
|
import synapse.lib.stormtypes as s_stormtypes
|
|
17
18
|
|
|
18
19
|
@s_stormtypes.registry.registerType
|
|
@@ -87,6 +88,14 @@ class WebSocket(s_base.Base, s_stormtypes.StormType):
|
|
|
87
88
|
class LibHttp(s_stormtypes.Lib):
|
|
88
89
|
'''
|
|
89
90
|
A Storm Library exposing an HTTP client API.
|
|
91
|
+
|
|
92
|
+
For APIs that accept an ssl_opts argument, the dictionary may contain the following values::
|
|
93
|
+
|
|
94
|
+
{
|
|
95
|
+
'verify': <bool> - Perform SSL/TLS verification. Is overridden by the ssl_verify argument.
|
|
96
|
+
'client_cert': <str> - PEM encoded full chain certificate for use in mTLS.
|
|
97
|
+
'client_key': <str> - PEM encoded key for use in mTLS. Alternatively, can be included in client_cert.
|
|
98
|
+
}
|
|
90
99
|
'''
|
|
91
100
|
_storm_locals = (
|
|
92
101
|
{'name': 'get', 'desc': 'Get the contents of a given URL.',
|
|
@@ -105,6 +114,9 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
105
114
|
'default': True},
|
|
106
115
|
{'name': 'proxy', 'type': ['bool', 'null', 'str'],
|
|
107
116
|
'desc': 'Set to a proxy URL string or $lib.false to disable proxy use.', 'default': None},
|
|
117
|
+
{'name': 'ssl_opts', 'type': 'dict',
|
|
118
|
+
'desc': 'Optional SSL/TLS options. See $lib.inet.http help for additional details.',
|
|
119
|
+
'default': None},
|
|
108
120
|
),
|
|
109
121
|
'returns': {'type': 'inet:http:resp', 'desc': 'The response object.'}}},
|
|
110
122
|
{'name': 'post', 'desc': 'Post data to a given URL.',
|
|
@@ -134,6 +146,9 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
134
146
|
'default': None},
|
|
135
147
|
{'name': 'proxy', 'type': ['bool', 'null', 'str'],
|
|
136
148
|
'desc': 'Set to a proxy URL string or $lib.false to disable proxy use.', 'default': None},
|
|
149
|
+
{'name': 'ssl_opts', 'type': 'dict',
|
|
150
|
+
'desc': 'Optional SSL/TLS options. See $lib.inet.http help for additional details.',
|
|
151
|
+
'default': None},
|
|
137
152
|
),
|
|
138
153
|
'returns': {'type': 'inet:http:resp', 'desc': 'The response object.'}}},
|
|
139
154
|
{'name': 'head', 'desc': 'Get the HEAD response for a URL.',
|
|
@@ -153,6 +168,9 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
153
168
|
'default': False},
|
|
154
169
|
{'name': 'proxy', 'type': ['bool', 'null', 'str'],
|
|
155
170
|
'desc': 'Set to a proxy URL string or $lib.false to disable proxy use.', 'default': None},
|
|
171
|
+
{'name': 'ssl_opts', 'type': 'dict',
|
|
172
|
+
'desc': 'Optional SSL/TLS options. See $lib.inet.http help for additional details.',
|
|
173
|
+
'default': None},
|
|
156
174
|
),
|
|
157
175
|
'returns': {'type': 'inet:http:resp', 'desc': 'The response object.'}}},
|
|
158
176
|
{'name': 'request', 'desc': 'Make an HTTP request using the given HTTP method to the url.',
|
|
@@ -183,6 +201,9 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
183
201
|
'default': None},
|
|
184
202
|
{'name': 'proxy', 'type': ['bool', 'null', 'str'],
|
|
185
203
|
'desc': 'Set to a proxy URL string or $lib.false to disable proxy use.', 'default': None},
|
|
204
|
+
{'name': 'ssl_opts', 'type': 'dict',
|
|
205
|
+
'desc': 'Optional SSL/TLS options. See $lib.inet.http help for additional details.',
|
|
206
|
+
'default': None},
|
|
186
207
|
),
|
|
187
208
|
'returns': {'type': 'inet:http:resp', 'desc': 'The response object.'}
|
|
188
209
|
}
|
|
@@ -201,6 +222,9 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
201
222
|
'default': None},
|
|
202
223
|
{'name': 'proxy', 'type': ['bool', 'null', 'str'],
|
|
203
224
|
'desc': 'Set to a proxy URL string or $lib.false to disable proxy use.', 'default': None},
|
|
225
|
+
{'name': 'ssl_opts', 'type': 'dict',
|
|
226
|
+
'desc': 'Optional SSL/TLS options. See $lib.inet.http help for additional details.',
|
|
227
|
+
'default': None},
|
|
204
228
|
),
|
|
205
229
|
'returns': {'type': 'inet:http:socket', 'desc': 'A websocket object.'}}},
|
|
206
230
|
{'name': 'urlencode', 'desc': '''
|
|
@@ -290,28 +314,31 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
290
314
|
return s_common.httpcodereason(code)
|
|
291
315
|
|
|
292
316
|
async def _httpEasyHead(self, url, headers=None, ssl_verify=True, params=None, timeout=300,
|
|
293
|
-
allow_redirects=False, proxy=None):
|
|
317
|
+
allow_redirects=False, proxy=None, ssl_opts=None):
|
|
294
318
|
return await self._httpRequest('HEAD', url, headers=headers, ssl_verify=ssl_verify, params=params,
|
|
295
|
-
timeout=timeout, allow_redirects=allow_redirects, proxy=proxy)
|
|
319
|
+
timeout=timeout, allow_redirects=allow_redirects, proxy=proxy, ssl_opts=ssl_opts)
|
|
296
320
|
|
|
297
321
|
async def _httpEasyGet(self, url, headers=None, ssl_verify=True, params=None, timeout=300,
|
|
298
|
-
allow_redirects=True, proxy=None):
|
|
322
|
+
allow_redirects=True, proxy=None, ssl_opts=None):
|
|
299
323
|
return await self._httpRequest('GET', url, headers=headers, ssl_verify=ssl_verify, params=params,
|
|
300
|
-
timeout=timeout, allow_redirects=allow_redirects, proxy=proxy)
|
|
324
|
+
timeout=timeout, allow_redirects=allow_redirects, proxy=proxy, ssl_opts=ssl_opts)
|
|
301
325
|
|
|
302
326
|
async def _httpPost(self, url, headers=None, json=None, body=None, ssl_verify=True,
|
|
303
|
-
params=None, timeout=300, allow_redirects=True, fields=None, proxy=None):
|
|
327
|
+
params=None, timeout=300, allow_redirects=True, fields=None, proxy=None, ssl_opts=None):
|
|
304
328
|
return await self._httpRequest('POST', url, headers=headers, json=json, body=body,
|
|
305
329
|
ssl_verify=ssl_verify, params=params, timeout=timeout,
|
|
306
|
-
allow_redirects=allow_redirects, fields=fields, proxy=proxy)
|
|
330
|
+
allow_redirects=allow_redirects, fields=fields, proxy=proxy, ssl_opts=ssl_opts)
|
|
307
331
|
|
|
308
|
-
async def inetHttpConnect(self, url, headers=None, ssl_verify=True, timeout=300,
|
|
332
|
+
async def inetHttpConnect(self, url, headers=None, ssl_verify=True, timeout=300,
|
|
333
|
+
params=None, proxy=None, ssl_opts=None):
|
|
309
334
|
|
|
310
335
|
url = await s_stormtypes.tostr(url)
|
|
311
336
|
headers = await s_stormtypes.toprim(headers)
|
|
312
337
|
timeout = await s_stormtypes.toint(timeout, noneok=True)
|
|
313
338
|
params = await s_stormtypes.toprim(params)
|
|
314
339
|
proxy = await s_stormtypes.toprim(proxy)
|
|
340
|
+
ssl_verify = await s_stormtypes.tobool(ssl_verify, noneok=True)
|
|
341
|
+
ssl_opts = await s_stormtypes.toprim(ssl_opts)
|
|
315
342
|
|
|
316
343
|
headers = self.strify(headers)
|
|
317
344
|
|
|
@@ -332,15 +359,7 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
332
359
|
if params:
|
|
333
360
|
kwargs['params'] = params
|
|
334
361
|
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
if ssl_verify is False:
|
|
338
|
-
kwargs['ssl'] = False
|
|
339
|
-
elif cadir:
|
|
340
|
-
kwargs['ssl'] = s_common.getSslCtx(cadir)
|
|
341
|
-
else:
|
|
342
|
-
# default aiohttp behavior
|
|
343
|
-
kwargs['ssl'] = None
|
|
362
|
+
kwargs['ssl'] = self.runt.snap.core.getCachedSslCtx(opts=ssl_opts, verify=ssl_verify)
|
|
344
363
|
|
|
345
364
|
try:
|
|
346
365
|
sess = await sock.enter_context(aiohttp.ClientSession(connector=connector, timeout=timeout))
|
|
@@ -374,7 +393,7 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
374
393
|
|
|
375
394
|
async def _httpRequest(self, meth, url, headers=None, json=None, body=None,
|
|
376
395
|
ssl_verify=True, params=None, timeout=300, allow_redirects=True,
|
|
377
|
-
fields=None, proxy=None):
|
|
396
|
+
fields=None, proxy=None, ssl_opts=None):
|
|
378
397
|
meth = await s_stormtypes.tostr(meth)
|
|
379
398
|
url = await s_stormtypes.tostr(url)
|
|
380
399
|
json = await s_stormtypes.toprim(json)
|
|
@@ -386,6 +405,7 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
386
405
|
ssl_verify = await s_stormtypes.tobool(ssl_verify, noneok=True)
|
|
387
406
|
allow_redirects = await s_stormtypes.tobool(allow_redirects)
|
|
388
407
|
proxy = await s_stormtypes.toprim(proxy)
|
|
408
|
+
ssl_opts = await s_stormtypes.toprim(ssl_opts)
|
|
389
409
|
|
|
390
410
|
kwargs = {'allow_redirects': allow_redirects}
|
|
391
411
|
if params:
|
|
@@ -399,12 +419,24 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
399
419
|
if fields:
|
|
400
420
|
if any(['sha256' in field for field in fields]):
|
|
401
421
|
self.runt.confirm(('storm', 'lib', 'axon', 'wput'))
|
|
422
|
+
|
|
423
|
+
kwargs = {}
|
|
424
|
+
axonvers = self.runt.snap.core.axoninfo['synapse']['version']
|
|
425
|
+
if axonvers >= s_stormtypes.AXON_MINVERS_PROXY:
|
|
426
|
+
kwargs['proxy'] = proxy
|
|
427
|
+
|
|
428
|
+
if ssl_opts is not None:
|
|
429
|
+
mesg = f'The ssl_opts argument requires an Axon Synapse version {s_stormtypes.AXON_MINVERS_SSLOPTS}, ' \
|
|
430
|
+
f'but the Axon is running {axonvers}'
|
|
431
|
+
s_version.reqVersion(axonvers, s_stormtypes.AXON_MINVERS_SSLOPTS, mesg=mesg)
|
|
432
|
+
kwargs['ssl_opts'] = ssl_opts
|
|
433
|
+
|
|
402
434
|
axon = self.runt.snap.core.axon
|
|
403
|
-
info = await axon.postfiles(fields, url, headers=headers, params=params,
|
|
404
|
-
|
|
435
|
+
info = await axon.postfiles(fields, url, headers=headers, params=params, method=meth,
|
|
436
|
+
ssl=ssl_verify, timeout=timeout, **kwargs)
|
|
405
437
|
return HttpResp(info)
|
|
406
438
|
|
|
407
|
-
|
|
439
|
+
kwargs['ssl'] = self.runt.snap.core.getCachedSslCtx(opts=ssl_opts, verify=ssl_verify)
|
|
408
440
|
|
|
409
441
|
if proxy is None:
|
|
410
442
|
proxy = await self.runt.snap.core.getConfOpt('http:proxy')
|
|
@@ -413,14 +445,6 @@ class LibHttp(s_stormtypes.Lib):
|
|
|
413
445
|
if proxy:
|
|
414
446
|
connector = aiohttp_socks.ProxyConnector.from_url(proxy)
|
|
415
447
|
|
|
416
|
-
if ssl_verify is False:
|
|
417
|
-
kwargs['ssl'] = False
|
|
418
|
-
elif cadir:
|
|
419
|
-
kwargs['ssl'] = s_common.getSslCtx(cadir)
|
|
420
|
-
else:
|
|
421
|
-
# default aiohttp behavior
|
|
422
|
-
kwargs['ssl'] = None
|
|
423
|
-
|
|
424
448
|
timeout = aiohttp.ClientTimeout(total=timeout)
|
|
425
449
|
|
|
426
450
|
async with aiohttp.ClientSession(connector=connector, timeout=timeout) as sess:
|
synapse/lib/stormlib/stix.py
CHANGED
|
@@ -247,7 +247,7 @@ _DefaultConfig = {
|
|
|
247
247
|
'name': '{+:name return(:name)} return($node.repr())',
|
|
248
248
|
'size': '+:size return(:size)',
|
|
249
249
|
'hashes': '''
|
|
250
|
-
init { $dict =
|
|
250
|
+
init { $dict = ({}) }
|
|
251
251
|
{ +:md5 $dict.MD5 = :md5 }
|
|
252
252
|
{ +:sha1 $dict."SHA-1" = :sha1 }
|
|
253
253
|
{ +:sha256 $dict."SHA-256" = :sha256 }
|
|
@@ -392,7 +392,7 @@ _DefaultConfig = {
|
|
|
392
392
|
'description': 'if (:desc) { return (:desc) }',
|
|
393
393
|
'created': 'return($lib.stix.export.timestamp(.created))',
|
|
394
394
|
'modified': 'return($lib.stix.export.timestamp(.created))',
|
|
395
|
-
'external_references': 'if :cve { $cve=:cve $cve=$cve.upper() $list=$lib.list(
|
|
395
|
+
'external_references': 'if :cve { $cve=:cve $cve=$cve.upper() $list=$lib.list(({"source_name": "cve", "external_id": $cve})) return($list) }'
|
|
396
396
|
},
|
|
397
397
|
'rels': (
|
|
398
398
|
|
|
@@ -1405,7 +1405,10 @@ class StixBundle(s_stormtypes.Prim):
|
|
|
1405
1405
|
|
|
1406
1406
|
async def _callStorm(self, text, node):
|
|
1407
1407
|
|
|
1408
|
-
|
|
1408
|
+
varz = self.runt.getScopeVars()
|
|
1409
|
+
varz['bundle'] = self
|
|
1410
|
+
|
|
1411
|
+
opts = {'vars': varz}
|
|
1409
1412
|
query = await self.runt.snap.core.getStormQuery(text)
|
|
1410
1413
|
async with self.runt.getCmdRuntime(query, opts=opts) as runt:
|
|
1411
1414
|
|