Changeset 1501
- Timestamp:
- 04/09/08 16:07:58 (5 months ago)
- Files:
-
- hive/trunk/data_webapp/app/controllers/clients_controller.rb (added)
- hive/trunk/data_webapp/app/controllers/data_controller.rb (modified) (2 diffs)
- hive/trunk/data_webapp/app/controllers/hc_database_controller.rb (modified) (6 diffs)
- hive/trunk/data_webapp/app/controllers/os_processes_controller.rb (added)
- hive/trunk/data_webapp/app/controllers/process_files_controller.rb (added)
- hive/trunk/data_webapp/app/controllers/queue_urls_controller.rb (added)
- hive/trunk/data_webapp/app/controllers/regkeys_controller.rb (added)
- hive/trunk/data_webapp/app/helpers/application_helper.rb (modified) (4 diffs)
- hive/trunk/data_webapp/app/helpers/clients_helper.rb (added)
- hive/trunk/data_webapp/app/helpers/data_helper.rb (modified) (1 diff)
- hive/trunk/data_webapp/app/helpers/history_urls_helper.rb (added)
- hive/trunk/data_webapp/app/views/clients (added)
- hive/trunk/data_webapp/app/views/clients/_client_pages.rhtml (added)
- hive/trunk/data_webapp/app/views/clients/_clients.rhtml (added)
- hive/trunk/data_webapp/app/views/clients/_history_url_pages.rhtml (added)
- hive/trunk/data_webapp/app/views/clients/_history_urls.rhtml (added)
- hive/trunk/data_webapp/app/views/clients/index.html.erb (added)
- hive/trunk/data_webapp/app/views/clients/index.rjs (added)
- hive/trunk/data_webapp/app/views/clients/show.html.erb (added)
- hive/trunk/data_webapp/app/views/clients/show.rjs (added)
- hive/trunk/data_webapp/app/views/data/_activity_graph.rhtml (added)
- hive/trunk/data_webapp/app/views/data/_blank.rhtml (added)
- hive/trunk/data_webapp/app/views/data/_recent_clients.rhtml (added)
- hive/trunk/data_webapp/app/views/data/_set_client_status.rhtml (added)
- hive/trunk/data_webapp/app/views/data/add_url.rhtml (deleted)
- hive/trunk/data_webapp/app/views/data/artifact_details.rhtml (deleted)
- hive/trunk/data_webapp/app/views/data/details.rhtml (deleted)
- hive/trunk/data_webapp/app/views/data/index.html.erb (added)
- hive/trunk/data_webapp/app/views/data/index.rhtml (deleted)
- hive/trunk/data_webapp/app/views/layouts/application.rhtml (modified) (1 diff)
- hive/trunk/data_webapp/app/views/os_processes (added)
- hive/trunk/data_webapp/app/views/os_processes/show.html.erb (added)
- hive/trunk/data_webapp/app/views/process_files (added)
- hive/trunk/data_webapp/app/views/process_files/show.html.erb (added)
- hive/trunk/data_webapp/app/views/queue_urls (added)
- hive/trunk/data_webapp/app/views/queue_urls/new.html.erb (added)
- hive/trunk/data_webapp/app/views/regkeys (added)
- hive/trunk/data_webapp/app/views/regkeys/show.html.erb (added)
- hive/trunk/data_webapp/config/routes.rb (modified) (2 diffs)
- hive/trunk/data_webapp/public/javascripts/application.js (modified) (1 diff)
- hive/trunk/data_webapp/public/javascripts/menu.js (deleted)
- hive/trunk/data_webapp/public/stylesheets/scaffold.css (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
hive/trunk/data_webapp/app/controllers/data_controller.rb
r1362 r1501 5 5 # List the latest client data 6 6 def index 7 @statuses = [''] 8 @statuses += Client.find(:all,:select=>"DISTINCT(status)").map(&:status).to_a 9 if request.post? 10 @status = params[:client][:status] 11 elsif not params[:status].nil? 12 @status = params[:status] 13 else 14 @status = nil 15 end 16 if @status.nil? 17 @clients = Client.paginate(:order => 'compromise DESC,start DESC',:page => params[:page],:per_page => 10) 18 else 19 @clients = Client.paginate(:conditions => {:status => @status},:order => 'compromise DESC,start DESC',:page => params[:page],:per_page => 10) 20 end 21 end 22 23 # Receive a url from the user interface and enqueue it 24 def add_url 25 @queue_urls = QueueUrl.paginate(:conditions => {:host_id => 0},:order => 'priority DESC, count DESC, created_at ASC',:page => params[:page],:per_page => 10) 26 if request.post? 27 url_hash = {params[:queue_url][:url] => params[:queue_url][:priority].to_i} 28 @queue_url = insert_queue_urls(url_hash) 29 if @queue_url > 0 30 flash[:notice] = "Url successfully submitted" 31 else 32 flash[:notice] = "Failed to Queue Url" 33 end 34 redirect_to "/data/add_url" 35 end 7 conditions = {:status => 'compromised'} 8 #@clients = Client.paginate(:conditions => {:status => @status},:order => 'compromise DESC,start DESC',:page => params[:page],:per_page => 10) 9 @url_pages,@clients = paginate :clients, :conditions => conditions,:order => 'compromise DESC,start DESC',:per_page => 10 36 10 end 37 11 … … 41 15 end 42 16 17 # Todo: Move this functionality to each object classs (eg. :controller => process_files, :action => show) 43 18 # Used to display a popup containing single compromise artifact details 44 19 def artifact_details hive/trunk/data_webapp/app/controllers/hc_database_controller.rb
r1474 r1501 41 41 # Insert a set of URLs into the queue. 42 42 def insert_queue_urls(obj_str) 43 logger.info "Trying to queue urls"44 43 if (obj_str.class.name == 'Hash') 45 44 obj_hash = obj_str … … 47 46 obj_hash = YAML.load(obj_str) 48 47 end 48 49 # Get source information 50 stype = obj_hash.delete("source_type") or "unknown" 51 sname = obj_hash.delete("source_name") 52 49 53 count = 0 50 51 54 obj_hash.each do |u,p| 52 url_obj = {"url" => u, "priority" => p} 55 url_obj = { 56 "url" => u, 57 "priority" => p, 58 "source_type" => stype, 59 "source_name" => sname 60 } 53 61 # Counts the number of urls successfully inserted OR modified 54 62 if insert(QueueUrl,url_obj) > 0 … … 71 79 client = Client.find(cid) 72 80 hid = client.host_id 73 count = 0 81 82 # Get source information 83 stype = obj_hash.delete("source_type") or "unknown" 84 sname = obj_hash.delete("source_name") 74 85 75 86 bee_work = {"cid" => client.cid, "urls" => []} … … 77 88 # Insert all visited and timed out URLs into the 78 89 # history. 90 count = 0 79 91 link_types = ["links_visited","links_timed_out"] 80 92 link_types.each do |l| … … 86 98 "status" => l.gsub("links_",""), 87 99 "client_id" => cid, 100 "source_type" => stype, 101 "source_name" => sname, 88 102 } 89 103 … … 142 156 143 157 insert(Client,obj_hash) 158 end 159 160 def flip_false_pos() 161 type = case params[:type] 162 when "OsProcess": 163 OsProcess 164 when "ProcessFile": 165 ProcessFile 166 when "Regkey": 167 Regkey 168 else 169 nil 170 end 171 if (type) 172 obj = type.find(params[:id]) 173 obj.false_positive = (obj.false_positive ? 0 : 1) 174 obj.save 175 end 176 if request.xml_http_request? 177 render :partial => "blank", :layout => false 178 end 179 end 180 181 def set_client_status() 182 Client.update(params[:id],{:status => params[:status]}) 183 if request.xml_http_request? 184 render :partial => "blank", :layout => false 185 end 144 186 end 145 187 hive/trunk/data_webapp/app/helpers/application_helper.rb
r1295 r1501 1 1 # Methods added to this helper will be available to all templates in the application. 2 2 module ApplicationHelper 3 def admin? 4 answer = self.current_user.admin ? true : false 5 end 6 3 7 def main_nav(cu) 4 8 if cu … … 8 12 <td> 9 13 #{link_to('User Admin', :controller => 'users', :action => 'index')} 10 </td>11 <td onmouseover="showmenu('tools')" onmouseout="hidemenu('tools')">12 Tools #{image_tag("drop_down.jpg", :size => "12x12")}13 <table class="menu" id="tools">14 #{menu_row('Client Data','data','index')}15 #{menu_row('Queue Url','data','add_url')}16 #{menu_row('Bee Status','status','index')}17 </table>18 14 </td> 19 15 AL … … 28 24 data=<<-EOD 29 25 #{which_link} 26 <td class="menu"> 27 Tools #{image_tag("drop_down.jpg", :size => "12x12")} 28 <table class="menu_hide" id="tools"> 29 #{menu_row('Client Data','clients','index')} 30 #{menu_row('Queue Url','queue_urls','new')} 31 #{menu_row('Bee Status','status','index')} 32 </table> 33 </td> 30 34 <td> 31 35 #{link_to('Logout', :controller => 'account', :action => 'logout')} … … 54 58 d.strftime("%Y-%m-%d %H:%M:%S") 55 59 end 60 61 def pagination_links_remote(paginator,url_options = {},window_size = 4) 62 page_options = {:window_size => window_size} 63 64 pagination_links_each(paginator, page_options) do |n| 65 url_options[:params] = params.merge({:page => n}) 66 options = { 67 :url => url_options, 68 :method => 'get' 69 #:update => 'url_table', 70 } 71 html_options = {:href => url_for(url_options)} 72 link_to_remote(n.to_s, options, html_options) 73 end 74 end 56 75 end hive/trunk/data_webapp/app/helpers/data_helper.rb
r1362 r1501 1 1 module DataHelper 2 3 def chart_url 4 time = Time.now.to_f 5 url_pts = [] 6 client_pts = [] 7 zero = [] 8 h = 3600 # hour in seconds 9 for num in (1..25) 10 conditions = "time_at > " + (time - num*h).to_s + " AND time_at <= " + (time - (num-1)*h).to_s 11 url_pts.unshift(HistoryUrl.count(:conditions => conditions)) 12 conditions = "compromise > " + (time - num*h).to_s + " AND compromise <= " + (time - (num-1)*h).to_s 13 client_pts.unshift((Client.count(:conditions => conditions))) 14 zero.push(0) 15 end 16 gc = GoogleChart::LineChart.new() #'450x300') 17 gc.data_encoding= :extended 18 # Set appearance options 19 gc.show_legend = false 2 20 3 def column_value(model,column) 4 model.send(column) 5 end 6 7 def column_row(model,column) 8 outty=<<-STR 9 <tr> 10 <td>#{column.human_name}:</td> 11 <td>#{model.send(column.name)}</td> 12 </tr> 13 STR 14 end 15 16 def details(title,instance) 17 if instance.nil? 18 return %{} 19 end 20 microfields = %w(start compromise time_at created stopped) 21 klass = instance.class 22 outty = %{<tr>} 23 outty += %{<td colspan="2" style="text-align:center; border-bottom: 1px solid #ccc; padding:5px; background:#333; color:#fff;"><b>#{title}</b></td>} 24 outty += %{</tr>} 25 klass.content_columns.each do |c| 26 outty += %{<tr>} 27 outty += %{<td><b>#{c.human_name}:</b></td>} 28 if microfields.include?(c.name) 29 outty += %{<td>#{ microseconds_to_string(instance.send(c.name)) }</td>} 30 else 31 outty += %{<td>#{instance.send(c.name)}</td>} 32 end 33 outty += %{</tr>} 34 end 35 outty 36 end 21 urls_max = url_pts.max + (1000 - url_pts.max%1000) 22 gc.max_value urls_max 23 # Try to prevent compromise line from hiding url line 24 clients_max = client_pts.max*3 25 client_pts.each_index {|i| client_pts[i] = client_pts[i]*(urls_max/clients_max)} 37 26 38 def table_cell(value) 39 %{<td>#{value}</td>} 40 end 41 42 def title_cell(title) 43 %{<td colspan="2">#{title}</td>} 44 end 45 46 def timestamp_cell(timestamp) 47 outty += %{<td>#{ microseconds_to_string(timestamp) }</td>} 48 end 49 50 def details_title_row(title) 51 outty = %{<tr class="dataTitle">} 52 outty += title_cell(title) 53 outty += %{</tr>} 54 end 55 56 def details_header_row(klass) 57 ignore_fields = %w(value start compromise time_at created stopped) 58 outty = %{<tr class="detailsHeader">} 59 klass.content_columns.each do |c| 60 if not ignore_fields.include?(c.name) 61 outty += table_cell(c.human_name) 62 end 63 end 64 outty += %{</tr>} 65 end 66 67 def details_data_row(instance) 68 microfields = %w(start compromise time_at created stopped) 69 ignore_fields = %w(value) 70 if instance.nil? 71 return 72 end 73 klass = instance.class 74 outty = %{} 75 row_def = %{<tr class="details" } 76 klass.content_columns.each do |c| 77 if not ignore_fields.include?(c.name) 78 if microfields.include?(c.name) 79 # outty += datetime_cell(instance.send(c.name)) 80 row_def += %{ title="#{ microseconds_to_string(instance.send(c.name)) }"} 81 else 82 outty += table_cell(instance.send(c.name)) 83 end 84 end 85 end 86 outty += %{</tr>} 87 row_def + %{>} + outty 88 end 89 90 def view_details_link(type,id) 91 link_to "View Details",{:action => 'artifact_details',:id => id,:type => type},:popup => ['Artifact Details','height=300,width=950'] 92 end 93 94 def view_details_cell(class_name,id) 95 cell = view_details_link(class_name,id) 96 %{<td style="white-space: nowrap;">#{cell}</td>} 97 end 98 99 def fingerprint_header_row(klass) 100 display_fields = %w(name event) 101 outty = %{<tr class="detailsHeader">} 102 klass.content_columns.each do |c| 103 if display_fields.include?(c.name) 104 outty += table_cell(c.human_name) 105 end 106 end 107 outty += table_cell(%{ }) 108 outty += %{</tr>} 109 end 110 111 def fingerprint_data_row(instance) 112 display_fields = %w(name event) 113 microfields = %w(time_at created) 114 if instance.nil? 115 return 116 end 117 klass = instance.class 118 outty = %{} 119 row_def = %{<tr} 120 klass.content_columns.each do |c| 121 if display_fields.include?(c.name) 122 outty += table_cell(instance.send(c.name)) 123 elsif c.name == "false_positive" 124 row_def += %{ class="} + (instance.send(c.name) == false ? %{positive} : %{falsePositive}) + %{"} 125 elsif microfields.include?(c.name) 126 row_def += %{ title="#{ microseconds_to_string(instance.send(c.name)) }"} 127 end 128 end 129 outty += view_details_cell(klass.name,instance.send("id")) 130 row_def + %{>} + outty + %{</tr>} 131 end 132 133 def url_row(u) 134 out = %{<tr class="details">} 135 out += table_cell(u.url) + table_cell(microseconds_to_string(u.time_at)) 136 out + %{</tr>} 27 # Set x and y axis and grid 28 gc.axis :x, :range => [0,24], :color => '000000', :font_size => 10, :alignment => :center, :labels => ['-24','-20','-16','-12','-8','-4','now'] 29 gc.axis :y, :range => [0,urls_max], :color => '0000cc', :font_size => 12, :alignment => :center 30 gc.axis :right, :range => [0,clients_max], :color => 'cc0000', :font_size => 12, :alignment => :center 31 gc.grid :x_step => 4.16, :y_step => 8.3, :length_segment => 1, :length_blank => 5 32 # Set chart data 33 gc.data "Links Visited",url_pts,'0000cc' 34 gc.fill_area('bbeeff',0,1) 35 gc.data "Clients Compromised",client_pts,'cc0000' 36 gc.data "Zero",zero,'000000' 37 gc.fill_area('ffaaaa',1,2) 38 gc.to_url 137 39 end 138 40 end hive/trunk/data_webapp/app/views/layouts/application.rhtml
r1295 r1501 6 6 <title>Hive Data</title> 7 7 <%= stylesheet_link_tag 'scaffold' %> 8 <%= javascript_include_tag 'menu'%>8 <%= javascript_include_tag :defaults %> 9 9 </head> 10 10 <body> hive/trunk/data_webapp/config/routes.rb
r1070 r1501 1 1 ActionController::Routing::Routes.draw do |map| 2 map.resources :history_urls, :collection => {:list => :get} 3 map.resources :queue_urls, :collection => {:list => :get} 4 map.resources :clients 5 map.resources :process_files 6 map.resources :regkeys 7 map.resources :os_processes 8 2 9 # The priority is based upon order of creation: first created -> highest priority. 3 10 … … 12 19 # You can have the root of your site routed by hooking up '' 13 20 # -- just remember to delete public/index.html. 14 map.connect '', :controller => " data"21 map.connect '', :controller => "clients" 15 22 16 23 # Allow downloading Web Service WSDL as a file with an extension hive/trunk/data_webapp/public/javascripts/application.js
r1070 r1501 1 1 // Place your application-specific JavaScript functions and classes here 2 2 // This file is automatically included by javascript_include_tag :defaults 3 4 function change_client_status(elt,id) { 5 if (elt.value == "false_positive") { 6 var pos_elts = getElementsByClassName("positive") 7 for(var i=0,j=pos_elts.length; i<j; i++) { 8 //removeClass(pos_elts[i],"positive"); 9 //addClass(pos_elts[i],"falsePositive"); 10 switch_false_pos(pos_elts[i]); 11 } 12 } 13 var url = "/data/set_client_status/" + id + "?status=" + elt.value; 14 new Ajax.Updater('data', url, {asynchronous:true, evalScripts:true}); 15 } 16 17 // Provide switching to and from false positives 18 function my_row(elt){ 19 //TODO: Generalize my_row function 20 if (elt.tagName.toLowerCase() == "tr") { 21 return elt; 22 } 23 cell = elt.parentNode; 24 return cell.parentNode; 25 } 26 function fingerprint_type(elt) { 27 if (hasClass(elt,"OsProcess")) return "OsProcess"; 28 if (hasClass(elt,"ProcessFile")) return "ProcessFile"; 29 if (hasClass(elt,"Regkey")) return "Regkey"; 30 return "broken"; 31 } 32 function switch_false_pos(elt){ 33 row = my_row(elt); 34 if (hasClass(row,"positive")) { 35 removeClass(row,"positive"); 36 addClass(row,"falsePositive"); 37 } 38 else { 39 removeClass(row,"falsePositive"); 40 addClass(row,"positive"); 41 } 42 // Alter value on the database side 43 var type = fingerprint_type(row); 44 var id = row.id.slice(type.length+1); 45 var url = "/data/flip_false_pos/" + id + "?type=" + type; 46 new Ajax.Updater('data', url, {asynchronous:true, evalScripts:true}); 47 } 48 49 // className Functions 50 function getElementsByClassName(classname, start_elt) { 51 if(!start_elt) start_elt = document.getElementsByTagName("body")[0]; 52 var a = []; 53 var re = new RegExp('\\b' + classname + '\\b'); 54 var elts = start_elt.getElementsByTagName("*"); 55 for(var i=0,j=elts.length; i<j; i++) 56 if(re.test(elts[i].className))a.push(elts[i]); 57 return a; 58 } 59 function hasClass(elt,classname) { 60 return elt.className.match(new RegExp('\\b'+classname+'\\b')); 61 } 62 function addClass(elt,classname) { 63 if (!this.hasClass(elt,classname)) elt.className += " "+classname; 64 } 65 function removeClass(elt,classname) { 66 if (hasClass(elt,classname)) { 67 var reg = new RegExp('\\b'+classname+'\\b'); 68 elt.className=elt.className.replace(reg,' '); 69 } 70 } hive/trunk/data_webapp/public/stylesheets/scaffold.css
r1305 r1501 57 57 } 58 58 59 td.menu { 60 width: 100px; 61 } 62 59 63 #tools { 60 visibility: hidden;61 64 padding: 0px; 62 65 background-color: #1f2d74; 63 66 } 64 65 td.menu { 67 td.menu table{ 68 display: none; 69 } 70 td.menu:hover table{ 71 display: block; 72 } 73 #tools td{ 66 74 background-color: #ccc; 67 75 }
