Merge branch 'develop-th4' into feature/indexBackend

TheHive-Project · Jan 23, 2021 · 0748719 · 0748719
2 parents 03632c3 + 69b951d
commit 0748719
Show file tree

Hide file tree

Showing 100 changed files with 3,864 additions and 407 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -8,7 +8,7 @@ steps:
   - name: submodules
     image: alpine/git
     commands:
-      - git submodule update --recursive --init --remote
+      - git submodule update --recursive --init
 
   # Restore cache of downloaded dependencies
   - name: restore-cache

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,21 +1,35 @@
 # Change Log
 
+## [4.0.4](https://github.com/TheHive-Project/TheHive/milestone/67) (2021-01-12)
+
+**Implemented enhancements:**
+
+- [Feature Request] Add alert observable API endpoints [\#1732](https://github.com/TheHive-Project/TheHive/issues/1732)
+- [Feature Request] Add alert import date property [\#1733](https://github.com/TheHive-Project/TheHive/issues/1733)
+- [Feature Request] Add handling duration properties to imported Alert type [\#1734](https://github.com/TheHive-Project/TheHive/issues/1734)
+
+**Fixed bugs:**
+
+- [Bug] TheHive doesn't start if cassandra is not ready [\#1725](https://github.com/TheHive-Project/TheHive/issues/1725)
+- [Bug] Alert imported multiple times (bis) [\#1738](https://github.com/TheHive-Project/TheHive/issues/1738)
+- [Bug] Cosmetic fix in alert observables list [\#1744](https://github.com/TheHive-Project/TheHive/issues/1744)
+
 ## [4.0.3](https://github.com/TheHive-Project/TheHive/milestone/66) (2020-12-22)
 
 **Implemented enhancements:**
 
 - Providing output details for Responders [\#1293](https://github.com/TheHive-Project/TheHive/issues/1293)
 - [Enhancement] Change artifacts by observables on the onMouseOver tooltip of the eye icon of observable [\#1695](https://github.com/TheHive-Project/TheHive/issues/1695)
-- [Bug] Enhance support of S3 for attachment storage [\#1705](https://github.com/TheHive-Project/TheHive/issues/1705)
-- Update the headers of basic info sections [\#1710](https://github.com/TheHive-Project/TheHive/issues/1710)
+- [Enhancement] Enhance support of S3 for attachment storage [\#1705](https://github.com/TheHive-Project/TheHive/issues/1705)
+- [Enhancement] Update the headers of basic info sections [\#1710](https://github.com/TheHive-Project/TheHive/issues/1710)
 - [Enhancement] Add poll duration config for UI Stream [\#1720](https://github.com/TheHive-Project/TheHive/issues/1720)
 
 **Fixed bugs:**
 
 - [Bug] MISP filters are not correctly implemented [\#1685](https://github.com/TheHive-Project/TheHive/issues/1685)
 - [Bug] The query "getObservable" doesn't work for alert observables [\#1691](https://github.com/TheHive-Project/TheHive/issues/1691)
-- Click analyzers mini-report does not load the full report [\#1694](https://github.com/TheHive-Project/TheHive/issues/1694)
-- [TH4] Import file observable in gui generate error [\#1697](https://github.com/TheHive-Project/TheHive/issues/1697)
+- [Bug] Click analyzers mini-report does not load the full report [\#1694](https://github.com/TheHive-Project/TheHive/issues/1694)
+- [Bug] Import file observable in gui generate error [\#1697](https://github.com/TheHive-Project/TheHive/issues/1697)
 - [Bug] Cannot search for alerts per observables [\#1707](https://github.com/TheHive-Project/TheHive/issues/1707)
 - [Bug] Serialization problem in cluster mode [\#1708](https://github.com/TheHive-Project/TheHive/issues/1708)
 - [Bug] Issue with sorting [\#1716](https://github.com/TheHive-Project/TheHive/issues/1716)

diff --git a/ScalliGraph b/ScalliGraph
diff --git a/build.sbt b/build.sbt
@@ -2,7 +2,7 @@ import Dependencies._
 import com.typesafe.sbt.packager.Keys.bashScriptDefines
 import org.thp.ghcl.Milestone
 
-val thehiveVersion         = "4.0.3-1"
+val thehiveVersion         = "4.0.4-1"
 val scala212               = "2.12.12"
 val scala213               = "2.13.1"
 val supportedScalaVersions = List(scala212, scala213)

diff --git a/dto/src/main/scala/org/thp/thehive/dto/v0/Tag.scala b/dto/src/main/scala/org/thp/thehive/dto/v0/Tag.scala
@@ -2,13 +2,13 @@ package org.thp.thehive.dto.v0
 
 import play.api.libs.json.{Json, OFormat, OWrites}
 
-case class InputTag(namespace: String, predicate: String, value: Option[String], description: Option[String], colour: Option[Int])
+case class InputTag(namespace: String, predicate: String, value: Option[String], description: Option[String], colour: Option[String])
 
 object InputTag {
   implicit val writes: OWrites[InputTag] = Json.writes[InputTag]
 }
 
-case class OutputTag(namespace: String, predicate: String, value: Option[String], description: Option[String], colour: Int)
+case class OutputTag(namespace: String, predicate: String, value: Option[String], description: Option[String], colour: String)
 
 object OutputTag {
   implicit val format: OFormat[OutputTag] = Json.format[OutputTag]

diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/CustomFieldValue.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/CustomFieldValue.scala
@@ -70,6 +70,7 @@ object InputCustomFieldValue {
         }
     case _ => Good(Nil)
   }
+
   implicit val writes: Writes[Seq[InputCustomFieldValue]] = Writes[Seq[InputCustomFieldValue]] { icfv =>
     val fields = icfv.map {
       case InputCustomFieldValue(name, Some(s: String), _)  => name -> JsString(s)

diff --git a/.../org/thp/thehive/dto/v1/Organistion.scala → ...org/thp/thehive/dto/v1/Organisation.scala b/.../org/thp/thehive/dto/v1/Organistion.scala → ...org/thp/thehive/dto/v1/Organisation.scala
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Pattern.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Pattern.scala
@@ -0,0 +1,107 @@
+package org.thp.thehive.dto.v1
+
+import play.api.libs.json.{Format, Json, Reads, Writes}
+
+import java.util.Date
+
+case class InputPattern(
+    external_id: String,
+    name: String,
+    description: Option[String],
+    kill_chain_phases: Seq[InputKillChainPhase],
+    url: String,
+    `type`: String,
+    x_mitre_platforms: Seq[String],
+    x_mitre_data_sources: Seq[String],
+    x_mitre_is_subtechnique: Option[Boolean],
+    x_mitre_version: Option[String]
+)
+
+case class InputReference(
+    source_name: String,
+    external_id: Option[String],
+    url: String
+)
+
+case class InputKillChainPhase(
+    kill_chain_name: String,
+    phase_name: String
+)
+
+object InputReference {
+  implicit val reads: Reads[InputReference] = Reads[InputReference] { json =>
+    for {
+      source_name <- (json \ "source_name").validate[String]
+      external_id <- (json \ "external_id").validateOpt[String]
+      url         <- (json \ "url").validate[String]
+    } yield InputReference(
+      source_name,
+      external_id,
+      url
+    )
+  }
+
+  implicit val writes: Writes[InputReference] = Json.writes[InputReference]
+}
+
+object InputKillChainPhase {
+  implicit val reads: Reads[InputKillChainPhase] = Json.reads[InputKillChainPhase]
+
+  implicit val writes: Writes[InputKillChainPhase] = Json.writes[InputKillChainPhase]
+}
+
+object InputPattern {
+  implicit val reads: Reads[InputPattern] = Reads[InputPattern] { json =>
+    for {
+      references <- (json \ "external_references").validate[Seq[InputReference]]
+      mitreReference = references.find(ref => isSourceNameValid(ref.source_name))
+      name                    <- (json \ "name").validate[String]
+      description             <- (json \ "description").validateOpt[String]
+      kill_chain_phases       <- (json \ "kill_chain_phases").validateOpt[Seq[InputKillChainPhase]]
+      techniqueType           <- (json \ "type").validate[String]
+      x_mitre_platforms       <- (json \ "x_mitre_platforms").validateOpt[Seq[String]]
+      x_mitre_data_sources    <- (json \ "x_mitre_data_sources").validateOpt[Seq[String]]
+      x_mitre_is_subtechnique <- (json \ "x_mitre_is_subtechnique").validateOpt[Boolean]
+      x_mitre_version         <- (json \ "x_mitre_version").validateOpt[String]
+    } yield InputPattern(
+      mitreReference.flatMap(_.external_id).getOrElse(""),
+      name,
+      description,
+      kill_chain_phases.getOrElse(Seq()),
+      mitreReference.map(_.url).getOrElse(""),
+      techniqueType,
+      x_mitre_platforms.getOrElse(Seq()),
+      x_mitre_data_sources.getOrElse(Seq()),
+      x_mitre_is_subtechnique,
+      x_mitre_version
+    )
+  }
+
+  private def isSourceNameValid(reference: String): Boolean =
+    reference == "mitre-attack"
+
+  implicit val writes: Writes[InputPattern] = Json.writes[InputPattern]
+}
+
+case class OutputPattern(
+    _id: String,
+    _type: String,
+    _createdBy: String,
+    _updatedBy: Option[String],
+    _createdAt: Date,
+    _updatedAt: Option[Date],
+    patternId: String,
+    name: String,
+    description: Option[String],
+    tactics: Set[String],
+    url: String,
+    patternType: String,
+    platforms: Seq[String],
+    dataSources: Seq[String],
+    version: Option[String],
+    parent: Option[String]
+)
+
+object OutputPattern {
+  implicit val format: Format[OutputPattern] = Json.format[OutputPattern]
+}
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Procedure.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Procedure.scala
@@ -0,0 +1,45 @@
+package org.thp.thehive.dto.v1
+
+import play.api.libs.json.{Format, Json, Reads, Writes}
+
+import java.util.Date
+
+case class InputProcedure(
+    description: String,
+    occurence: Date,
+    caseId: String,
+    patternId: String
+)
+
+object InputProcedure {
+  implicit val reads: Reads[InputProcedure] = Reads[InputProcedure] { json =>
+    for {
+      description <- (json \ "description").validate[String]
+      occurence   <- (json \ "occurence").validate[Date]
+      caseId      <- (json \ "caseId").validate[String]
+      patternId   <- (json \ "patternId").validate[String]
+    } yield InputProcedure(
+      description,
+      occurence,
+      caseId,
+      patternId
+    )
+  }
+
+  implicit val writes: Writes[InputProcedure] = Json.writes[InputProcedure]
+}
+
+case class OutputProcedure(
+    _id: String,
+    _createdAt: Date,
+    _createdBy: String,
+    _updatedAt: Option[Date],
+    _updatedBy: Option[String],
+    description: String,
+    occurence: Date,
+    patternId: String
+)
+
+object OutputProcedure {
+  implicit val format: Format[OutputProcedure] = Json.format[OutputProcedure]
+}
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Share.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Share.scala
@@ -0,0 +1,48 @@
+package org.thp.thehive.dto.v1
+
+import org.thp.thehive.dto.v1.ObservablesFilter.ObservablesFilter
+import org.thp.thehive.dto.v1.TasksFilter.TasksFilter
+import play.api.libs.json.{Format, Json, Writes}
+
+import java.util.Date
+
+case class InputShare(organisationName: String, profile: String, tasks: TasksFilter, observables: ObservablesFilter)
+
+object TasksFilter extends Enumeration {
+  type TasksFilter = Value
+
+  val all: TasksFilter  = Value("all")
+  val none: TasksFilter = Value("none")
+
+  implicit val format: Format[TasksFilter] = Json.formatEnum(TasksFilter)
+}
+
+object ObservablesFilter extends Enumeration {
+  type ObservablesFilter = Value
+
+  val all: ObservablesFilter  = Value("all")
+  val none: ObservablesFilter = Value("none")
+
+  implicit val format: Format[ObservablesFilter] = Json.formatEnum(ObservablesFilter)
+}
+
+object InputShare {
+  implicit val writes: Writes[InputShare] = Json.writes[InputShare]
+}
+
+case class OutputShare(
+    _id: String,
+    _type: String,
+    _createdBy: String,
+    _updatedBy: Option[String] = None,
+    _createdAt: Date,
+    _updatedAt: Option[Date] = None,
+    caseId: String,
+    profileName: String,
+    organisationName: String,
+    owner: Boolean
+)
+
+object OutputShare {
+  implicit val format: Format[OutputShare] = Json.format[OutputShare]
+}
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Tag.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Tag.scala
@@ -0,0 +1,15 @@
+package org.thp.thehive.dto.v1
+
+import play.api.libs.json.{Json, OFormat}
+
+case class OutputTag(
+  namespace: String,
+  predicate: String,
+  value: Option[String],
+  description: Option[String],
+  colour: String
+)
+
+object OutputTag {
+  implicit val format: OFormat[OutputTag] = Json.format[OutputTag]
+}
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Taxonomy.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Taxonomy.scala
@@ -0,0 +1,74 @@
+package org.thp.thehive.dto.v1
+
+import play.api.libs.json.{JsObject, Json, OFormat}
+
+import java.util.Date
+
+/*
+Format based on :
+https://tools.ietf.org/id/draft-dulaunoy-misp-taxonomy-format-04.html
+ */
+
+case class InputTaxonomy(
+    namespace: String,
+    description: String,
+    version: Int,
+    `type`: Option[Seq[String]],
+    exclusive: Option[Boolean],
+    predicates: Seq[InputPredicate],
+    values: Option[Seq[InputValue]]
+)
+
+case class InputPredicate(
+    value: String,
+    expanded: Option[String],
+    exclusive: Option[Boolean],
+    description: Option[String]
+)
+
+case class InputValue(
+    predicate: String,
+    entry: Seq[InputEntry]
+)
+
+case class InputEntry(
+    value: String,
+    expanded: Option[String],
+    colour: Option[String],
+    description: Option[String],
+    numerical_value: Option[Int]
+)
+
+object InputTaxonomy {
+  implicit val format: OFormat[InputTaxonomy] = Json.format[InputTaxonomy]
+}
+
+object InputPredicate {
+  implicit val format: OFormat[InputPredicate] = Json.format[InputPredicate]
+}
+
+object InputValue {
+  implicit val format: OFormat[InputValue] = Json.format[InputValue]
+}
+
+object InputEntry {
+  implicit val format: OFormat[InputEntry] = Json.format[InputEntry]
+}
+
+case class OutputTaxonomy(
+    _id: String,
+    _type: String,
+    _createdBy: String,
+    _updatedBy: Option[String] = None,
+    _createdAt: Date,
+    _updatedAt: Option[Date] = None,
+    namespace: String,
+    description: String,
+    version: Int,
+    tags: Seq[OutputTag],
+    extraData: JsObject
+)
+
+object OutputTaxonomy {
+  implicit val format: OFormat[OutputTaxonomy] = Json.format[OutputTaxonomy]
+}
+2 −1		core/src/main/scala/org/thp/scalligraph/query/Aggregation.scala
+0 −8		core/src/main/scala/org/thp/scalligraph/services/IntegrityCheckOps.scala
+9 −3		core/src/main/scala/org/thp/scalligraph/traversal/TraversalOps.scala