thinkst / canarytools-python Goto Github PK
View Code? Open in Web Editor NEWPython client for the Thinkst Canary API
License: BSD 3-Clause "New" or "Revised" License
Python client for the Thinkst Canary API
License: BSD 3-Clause "New" or "Revised" License
Using example in the API docs, I ran into an error when calling console.incidents.all()
On MacOS 10.15.2, Python version 2.7.16
Code I ran:
console = canarytools.Console(api_key='excised api key', domain='excised domain')
console.incidents.all()
File "canary.py", line 4, in <module>
for incident in console.incidents.all():
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 29, in all
return self.console.get('incidents/all', params, self.parse)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/console.py", line 158, in get
return self.handle_response(resp.json(), parser)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/console.py", line 219, in handle_response
return parser(response)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 184, in parse
self.console, incident))
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 10, in parse
return cls(console, data)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 220, in __init__
super(Incident, self).__init__(console, data)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 23, in __init__
setattr(self, attribute, value)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 243, in __setattr__
self.__setattr__(attribute, val)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 237, in __setattr__
events.append(Event.parse(self.console, event))
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 10, in parse
return cls(console, data)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/incidents.py", line 369, in __init__
super(Event, self).__init__(console, data)
File "/Users/jmvazque/Library/Python/2.7/lib/python/site-packages/canarytools/models/base.py", line 22, in __init__
for attribute, value in sorted(data.items()):
AttributeError: 'unicode' object has no attribute 'items'```
I've installed canarytools with pip install canarytools
When I try and run the following:
import canarytools
client = canarytools.Console()
console.devices.all()
I get the traceback
Traceback (most recent call last):
File "canary.py", line 1, in <module>
import canarytools
File "/Users/daniellee/.virtualenvs/django/lib/python3.5/site-packages/canarytools/__init__.py", line 16, in <module>
from models.databundles import DataBundle
ImportError: No module named 'models'
What is this module and how do I install it?
Describe the bug
The Python SDK does not have definitions for some CanaryTokens, I'm specifically affected by the missing cloned-css
definition. expected_referrer
is the required parameter (based on the behavior of the Canary Tools web console), but that parameter is not allowed by the CanaryTokens.create
method in canarytools/models/canarytokens.py
.
I have created a PR to address this issue
To Reproduce
Steps to reproduce the behavior:
create
method with valid arguments, eg create("Test Token", "cloned-css", flock_id="<some-flock-id>", expected_referrer="example.com")
TypeError: CanaryTokens.create() got an unexpected keyword argument 'expected_referrer'
Expected behavior
I expect to receive a confirmation that the token was created.
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
N/A
I can't match the documented token kind/type Custom exe
>>> vars(canarytools.models.canarytokens.CanaryTokenKinds)
mappingproxy({'__module__': 'canarytools.models.canarytokens', 'HTTP': 'http', 'DNS': 'dns', 'CLONED_WEB': 'cloned-web', 'DOC_MSWORD': 'doc-msword', 'WEB_IMAGE': 'web-image', 'WINDOWS_DIR': 'windows-dir', 'AWS': 'aws-id', '__dict__': <attribute '__dict__' of 'CanaryTokenKinds' objects>, '__weakref__': <attribute '__weakref__' of 'CanaryTokenKinds' objects>, '__doc__': None})
Other token kinds/types not listed via CanaryTokenKinds
such as Google Sheets, SQL, etc. Is it possbile that the canarytools-python
module is lagging/not in sync with the API's token kinds/types?
Expectation:
As a user of this python canarytools API wrapper, I'd expect that the list of tokens returned have at least a key or canarytoken (shorter unqualified key) attribute irrespective of token type.
Observation:
The last item returned does not seem to be a full/proper canary token object.
Example use:
tokens = console.tokens.all()
for t in tokens:
print(t.canarytoken)
Observed exception when running the above:
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
AttributeError: 'CanaryToken' object has no attribute 'canarytoken'
Inspecting the last object of the list returned vs the prior 2nd last object, it's clear many attributes in the last token object returned are not set.
>>> dir(tokens[-1])
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'console', 'delete', 'disable', 'enable', 'endpoints', 'parse', 'update']
>>> dir(tokens[-2])
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'canarytoken', 'console', 'created', 'created_printable', 'delete', 'disable', 'enable', 'enabled', 'exe_name', 'exe_type', 'flock_id', 'hostname', 'key', 'kind', 'memo', 'node_id', 'parse', 'triggered_count', 'update', 'url']
Workaround:
tokens = [t for t in console.tokens.all() if hasattr(t, 'canarytoken')]
I wanted to get unacknowledged incidents, export them in JSON format, and acknowledge them.
I did this:
console = canarytools.Console(api_key=token, domain=domain)
incidents = console.incidents.unacknowledged()
i = incidents[0]
d = i.to_dict()
# Pull out some fields of "d" into plain text, then "json.dumps(d)".
i.acknowledge()
However, the i.acknowledge()
call fails with:
File "/home/user/.local/lib/python3.11/site-packages/canarytools/models/incidents.py", line 300, in acknowledge
r = self.console.post('incident/acknowledge', params)
^^^^^^^^^^^^
AttributeError: 'IncidentHTTPLogin' object has no attribute 'console'
This seems to be because the to_dict()
method inadvertently destroys the console
field of the Incident
object when all it wants is not to return it:
canarytools-python/canarytools/models/incidents.py
Lines 340 to 348 in 379638f
What you probably want instead is to make a copy of self.__dict__
before editing it:
from copy import deepcopy
incident_dict = deepcopy(self.__dict__)
I've run a quick test of this, and it seems to work.
I might be missing something here, but does this not return Flock data for incidents when you poll the API for unacknowledged incidents? When we receive webhooks from the console, I can see the flock name in the return data. When I poll incidents via this tool, I don't see that same data. Or some of the other pertinent incident data, like the canary name, location, etc. Just the basics. Will this be updated to reflect the whole incident in the future?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.