thinkst / canarytools-python Goto Github PK

Using example in the API docs, I ran into an error when calling console.incidents.all()

On MacOS 10.15.2, Python version 2.7.16

Code I ran:

console = canarytools.Console(api_key='excised api key', domain='excised domain')

console.incidents.all()

  File "canary.py", line 4, in <module>
    for incident in console.incidents.all():
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 29, in all
    return self.console.get('incidents/all', params, self.parse)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/console.py", line 158, in get
    return self.handle_response(resp.json(), parser)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/console.py", line 219, in handle_response
    return parser(response)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 184, in parse
    self.console, incident))
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 10, in parse
    return cls(console, data)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 220, in __init__
    super(Incident, self).__init__(console, data)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 23, in __init__
    setattr(self, attribute, value)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 243, in __setattr__
    self.__setattr__(attribute, val)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 237, in __setattr__
    events.append(Event.parse(self.console, event))
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 10, in parse
    return cls(console, data)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 369, in __init__
    super(Event, self).__init__(console, data)
  File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 22, in __init__
    for attribute, value in sorted(data.items()):
AttributeError: 'unicode' object has no attribute 'items'```

Issue

I've installed canarytools with pip install canarytools

When I try and run the following:

import canarytools

client = canarytools.Console()

console.devices.all()

I get the traceback

Traceback (most recent call last):
  File "canary.py", line 1, in <module>
    import canarytools
  File "/Users/daniellee/.virtualenvs/django/lib/python3.5/site-packages/canarytools/__init__.py", line 16, in <module>
    from models.databundles import DataBundle
ImportError: No module named 'models'

What is this module and how do I install it?

Describe the bug
The Python SDK does not have definitions for some CanaryTokens, I'm specifically affected by the missing cloned-css definition. expected_referrer is the required parameter (based on the behavior of the Canary Tools web console), but that parameter is not allowed by the CanaryTokens.create method in canarytools/models/canarytokens.py.

I have created a PR to address this issue

To Reproduce
Steps to reproduce the behavior:

1. Call the create method with valid arguments, eg create("Test Token", "cloned-css", flock_id="<some-flock-id>", expected_referrer="example.com")
2. Exception is thrown: TypeError: CanaryTokens.create() got an unexpected keyword argument 'expected_referrer'

Expected behavior
I expect to receive a confirmation that the token was created.

Screenshots
N/A

Desktop (please complete the following information):
N/A

Smartphone (please complete the following information):
N/A

Additional context
N/A

I can't match the documented token kind/type Custom exe

>>> vars(canarytools.models.canarytokens.CanaryTokenKinds)
mappingproxy({'__module__': 'canarytools.models.canarytokens', 'HTTP': 'http', 'DNS': 'dns', 'CLONED_WEB': 'cloned-web', 'DOC_MSWORD': 'doc-msword', 'WEB_IMAGE': 'web-image', 'WINDOWS_DIR': 'windows-dir', 'AWS': 'aws-id', '__dict__': <attribute '__dict__' of 'CanaryTokenKinds' objects>, '__weakref__': <attribute '__weakref__' of 'CanaryTokenKinds' objects>, '__doc__': None})

Other token kinds/types not listed via CanaryTokenKinds such as Google Sheets, SQL, etc. Is it possbile that the canarytools-python module is lagging/not in sync with the API's token kinds/types?

Expectation:

As a user of this python canarytools API wrapper, I'd expect that the list of tokens returned have at least a key or canarytoken (shorter unqualified key) attribute irrespective of token type.

Observation:

The last item returned does not seem to be a full/proper canary token object.

Example use:

tokens = console.tokens.all()
for t in tokens:
   print(t.canarytoken)

Observed exception when running the above:

Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
AttributeError: 'CanaryToken' object has no attribute 'canarytoken'

Inspecting the last object of the list returned vs the prior 2nd last object, it's clear many attributes in the last token object returned are not set.

>>> dir(tokens[-1])
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'console', 'delete', 'disable', 'enable', 'endpoints', 'parse', 'update']
>>> dir(tokens[-2])
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'canarytoken', 'console', 'created', 'created_printable', 'delete', 'disable', 'enable', 'enabled', 'exe_name', 'exe_type', 'flock_id', 'hostname', 'key', 'kind', 'memo', 'node_id', 'parse', 'triggered_count', 'update', 'url']

Workaround:

tokens = [t for t in console.tokens.all() if hasattr(t, 'canarytoken')]

I wanted to get unacknowledged incidents, export them in JSON format, and acknowledge them.

I did this:

console = canarytools.Console(api_key=token, domain=domain)
incidents = console.incidents.unacknowledged()
i = incidents[0]
d = i.to_dict()
# Pull out some fields of "d" into plain text, then "json.dumps(d)".
i.acknowledge()

However, the i.acknowledge() call fails with:

  File "/home/user/.local/lib/python3.11/site-packages/canarytools/models/incidents.py", line 300, in acknowledge
    r = self.console.post('incident/acknowledge', params)
        ^^^^^^^^^^^^
AttributeError: 'IncidentHTTPLogin' object has no attribute 'console'

This seems to be because the to_dict() method inadvertently destroys the console field of the Incident object when all it wants is not to return it:

What you probably want instead is to make a copy of self.__dict__ before editing it:

from copy import deepcopy

incident_dict = deepcopy(self.__dict__)

I've run a quick test of this, and it seems to work.

I might be missing something here, but does this not return Flock data for incidents when you poll the API for unacknowledged incidents? When we receive webhooks from the console, I can see the flock name in the return data. When I poll incidents via this tool, I don't see that same data. Or some of the other pertinent incident data, like the canary name, location, etc. Just the basics. Will this be updated to reflect the whole incident in the future?