Skip to content

Commit

Permalink
#2305 Fix filters
Browse files Browse the repository at this point in the history
  • Loading branch information
@To-om
To-om committed Jan 7, 2022
1 parent be4009b commit 0cab8b2
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 38 deletions.
2 changes: 1 addition & 1 deletion build.sbt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import Dependencies._
import com.typesafe.sbt.packager.Keys.bashScriptDefines
import org.thp.ghcl.Milestone

val thehiveVersion = "4.1.17-RC1-1"
val thehiveVersion = "4.1.17-RC2-1"
val scala212 = "2.12.13"
val scala213 = "2.13.1"
val supportedScalaVersions = List(scala212, scala213)
Expand Down
4 changes: 2 additions & 2 deletions migration/src/main/scala/org/thp/thehive/migration/Migrate.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,11 +145,11 @@ object Migrate extends App with MigrationOps {
opt[String]("max-audit-age")
.valueName("<duration>")
.text("migrate only audits whose age is less than <duration>")
.action((v, c) => addConfig(c, "input.filter.minAuditAge", v)),
.action((v, c) => addConfig(c, "input.filter.maxAuditAge", v)),
opt[String]("min-audit-age")
.valueName("<duration>")
.text("migrate only audits whose age is greater than <duration>")
.action((v, c) => addConfig(c, "input.filter.maxAuditAge", v)),
.action((v, c) => addConfig(c, "input.filter.minAuditAge", v)),
opt[String]("audit-from-date")
.valueName("<date>")
.text("migrate only audits created from <date>")
Expand Down
15 changes: 12 additions & 3 deletions migration/src/main/scala/org/thp/thehive/migration/th3/ElasticDsl.scala
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package org.thp.thehive.migration.th3

import play.api.libs.json.{JsObject, JsString, JsValue, Json}
import play.api.libs.json.{JsNumber, JsObject, JsString, JsValue, Json}

object ElasticDsl {
def searchQuery(query: JsObject, sort: String*): JsObject = {
Expand All @@ -15,8 +15,17 @@ object ElasticDsl {
def termQuery(field: String, value: String): JsObject = Json.obj("term" -> Json.obj(field -> value))
def termsQuery(field: String, values: Iterable[String]): JsObject = Json.obj("terms" -> Json.obj(field -> values))
def idsQuery(ids: String*): JsObject = Json.obj("ids" -> Json.obj("values" -> ids))
def and(queries: JsValue*): JsObject = bool(queries)
def or(queries: JsValue*): JsObject = bool(Nil, queries)
def range[N](field: String, from: Option[N], to: Option[N])(implicit ev: N => BigDecimal) =
Json.obj(
"range" -> Json.obj(
field -> JsObject(
from.map(f => "gte" -> JsNumber(f)).toSeq ++
to.map(t => "lt" -> JsNumber(t)).toSeq
)
)
)
def and(queries: JsValue*): JsObject = bool(queries)
def or(queries: JsValue*): JsObject = bool(Nil, queries)
def bool(mustQueries: Seq[JsValue], shouldQueries: Seq[JsValue] = Nil, notQueries: Seq[JsValue] = Nil): JsObject =
Json.obj(
"bool" -> Json.obj(
Expand Down
36 changes: 4 additions & 32 deletions migration/src/main/scala/org/thp/thehive/migration/th3/Input.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,25 +77,11 @@ class Input @Inject() (configuration: Configuration, elaticClient: ElasticClient
def caseFilter(filter: Filter): Seq[JsObject] = {
val dateFilter =
if (filter.caseDateRange._1.isDefined || filter.caseDateRange._2.isDefined)
Seq(
Json.obj(
"createdAt" -> JsObject(
filter.caseDateRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++
filter.caseDateRange._2.map(d => "lt" -> JsNumber(d))
)
)
)
Seq(range("createdAt", filter.caseDateRange._1, filter.caseDateRange._2))
else Nil
val numberFilter =
if (filter.caseNumberRange._1.isDefined || filter.caseNumberRange._2.isDefined)
Seq(
Json.obj(
"caseId" -> JsObject(
filter.caseNumberRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++
filter.caseNumberRange._2.map(d => "lt" -> JsNumber(d))
)
)
)
Seq(range("caseId", filter.caseNumberRange._1, filter.caseNumberRange._2))
else Nil
dateFilter ++ numberFilter
}
Expand Down Expand Up @@ -175,14 +161,7 @@ class Input @Inject() (configuration: Configuration, elaticClient: ElasticClient
def alertFilter(filter: Filter): JsObject = {
val dateFilter =
if (filter.alertDateRange._1.isDefined || filter.alertDateRange._2.isDefined)
Seq(
Json.obj(
"createdAt" -> JsObject(
filter.alertDateRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++
filter.alertDateRange._2.map(d => "lt" -> JsNumber(d))
)
)
)
Seq(range("createdAt", filter.alertDateRange._1, filter.alertDateRange._2))
else Nil
val includeFilter = (if (filter.includeAlertTypes.nonEmpty) Seq(termsQuery("type", filter.includeAlertTypes)) else Nil) ++
(if (filter.includeAlertSources.nonEmpty) Seq(termsQuery("source", filter.includeAlertSources)) else Nil)
Expand Down Expand Up @@ -408,14 +387,7 @@ class Input @Inject() (configuration: Configuration, elaticClient: ElasticClient
def auditFilter(filter: Filter, objectIds: String*): JsObject = {
val dateFilter =
if (filter.auditDateRange._1.isDefined || filter.auditDateRange._2.isDefined)
Seq(
Json.obj(
"createdAt" -> JsObject(
filter.auditDateRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++
filter.auditDateRange._2.map(d => "lt" -> JsNumber(d))
)
)
)
Seq(range("createdAt", filter.auditDateRange._1, filter.auditDateRange._2))
else Nil

val objectIdFilter = if (objectIds.nonEmpty) Seq(termsQuery("objectId", objectIds)) else Nil
Expand Down

0 comments on commit 0cab8b2

Please sign in to comment.