From 0cab8b252e97739ddd3a5484319bb00d0371b9b3 Mon Sep 17 00:00:00 2001 From: To-om Date: Fri, 7 Jan 2022 18:20:51 +0100 Subject: [PATCH] #2305 Fix filters --- build.sbt | 2 +- .../org/thp/thehive/migration/Migrate.scala | 4 +-- .../thehive/migration/th3/ElasticDsl.scala | 15 ++++++-- .../org/thp/thehive/migration/th3/Input.scala | 36 +++---------------- 4 files changed, 19 insertions(+), 38 deletions(-) diff --git a/build.sbt b/build.sbt index 5bc2b0c216..7eef6d515b 100644 --- a/build.sbt +++ b/build.sbt @@ -2,7 +2,7 @@ import Dependencies._ import com.typesafe.sbt.packager.Keys.bashScriptDefines import org.thp.ghcl.Milestone -val thehiveVersion = "4.1.17-RC1-1" +val thehiveVersion = "4.1.17-RC2-1" val scala212 = "2.12.13" val scala213 = "2.13.1" val supportedScalaVersions = List(scala212, scala213) diff --git a/migration/src/main/scala/org/thp/thehive/migration/Migrate.scala b/migration/src/main/scala/org/thp/thehive/migration/Migrate.scala index 3b9cf32a62..bf9b572af9 100644 --- a/migration/src/main/scala/org/thp/thehive/migration/Migrate.scala +++ b/migration/src/main/scala/org/thp/thehive/migration/Migrate.scala @@ -145,11 +145,11 @@ object Migrate extends App with MigrationOps { opt[String]("max-audit-age") .valueName("") .text("migrate only audits whose age is less than ") - .action((v, c) => addConfig(c, "input.filter.minAuditAge", v)), + .action((v, c) => addConfig(c, "input.filter.maxAuditAge", v)), opt[String]("min-audit-age") .valueName("") .text("migrate only audits whose age is greater than ") - .action((v, c) => addConfig(c, "input.filter.maxAuditAge", v)), + .action((v, c) => addConfig(c, "input.filter.minAuditAge", v)), opt[String]("audit-from-date") .valueName("") .text("migrate only audits created from ") diff --git a/migration/src/main/scala/org/thp/thehive/migration/th3/ElasticDsl.scala b/migration/src/main/scala/org/thp/thehive/migration/th3/ElasticDsl.scala index 0c9097e86c..921da9c637 100644 --- a/migration/src/main/scala/org/thp/thehive/migration/th3/ElasticDsl.scala +++ b/migration/src/main/scala/org/thp/thehive/migration/th3/ElasticDsl.scala @@ -1,6 +1,6 @@ package org.thp.thehive.migration.th3 -import play.api.libs.json.{JsObject, JsString, JsValue, Json} +import play.api.libs.json.{JsNumber, JsObject, JsString, JsValue, Json} object ElasticDsl { def searchQuery(query: JsObject, sort: String*): JsObject = { @@ -15,8 +15,17 @@ object ElasticDsl { def termQuery(field: String, value: String): JsObject = Json.obj("term" -> Json.obj(field -> value)) def termsQuery(field: String, values: Iterable[String]): JsObject = Json.obj("terms" -> Json.obj(field -> values)) def idsQuery(ids: String*): JsObject = Json.obj("ids" -> Json.obj("values" -> ids)) - def and(queries: JsValue*): JsObject = bool(queries) - def or(queries: JsValue*): JsObject = bool(Nil, queries) + def range[N](field: String, from: Option[N], to: Option[N])(implicit ev: N => BigDecimal) = + Json.obj( + "range" -> Json.obj( + field -> JsObject( + from.map(f => "gte" -> JsNumber(f)).toSeq ++ + to.map(t => "lt" -> JsNumber(t)).toSeq + ) + ) + ) + def and(queries: JsValue*): JsObject = bool(queries) + def or(queries: JsValue*): JsObject = bool(Nil, queries) def bool(mustQueries: Seq[JsValue], shouldQueries: Seq[JsValue] = Nil, notQueries: Seq[JsValue] = Nil): JsObject = Json.obj( "bool" -> Json.obj( diff --git a/migration/src/main/scala/org/thp/thehive/migration/th3/Input.scala b/migration/src/main/scala/org/thp/thehive/migration/th3/Input.scala index 413101f8de..7347913c49 100644 --- a/migration/src/main/scala/org/thp/thehive/migration/th3/Input.scala +++ b/migration/src/main/scala/org/thp/thehive/migration/th3/Input.scala @@ -77,25 +77,11 @@ class Input @Inject() (configuration: Configuration, elaticClient: ElasticClient def caseFilter(filter: Filter): Seq[JsObject] = { val dateFilter = if (filter.caseDateRange._1.isDefined || filter.caseDateRange._2.isDefined) - Seq( - Json.obj( - "createdAt" -> JsObject( - filter.caseDateRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++ - filter.caseDateRange._2.map(d => "lt" -> JsNumber(d)) - ) - ) - ) + Seq(range("createdAt", filter.caseDateRange._1, filter.caseDateRange._2)) else Nil val numberFilter = if (filter.caseNumberRange._1.isDefined || filter.caseNumberRange._2.isDefined) - Seq( - Json.obj( - "caseId" -> JsObject( - filter.caseNumberRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++ - filter.caseNumberRange._2.map(d => "lt" -> JsNumber(d)) - ) - ) - ) + Seq(range("caseId", filter.caseNumberRange._1, filter.caseNumberRange._2)) else Nil dateFilter ++ numberFilter } @@ -175,14 +161,7 @@ class Input @Inject() (configuration: Configuration, elaticClient: ElasticClient def alertFilter(filter: Filter): JsObject = { val dateFilter = if (filter.alertDateRange._1.isDefined || filter.alertDateRange._2.isDefined) - Seq( - Json.obj( - "createdAt" -> JsObject( - filter.alertDateRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++ - filter.alertDateRange._2.map(d => "lt" -> JsNumber(d)) - ) - ) - ) + Seq(range("createdAt", filter.alertDateRange._1, filter.alertDateRange._2)) else Nil val includeFilter = (if (filter.includeAlertTypes.nonEmpty) Seq(termsQuery("type", filter.includeAlertTypes)) else Nil) ++ (if (filter.includeAlertSources.nonEmpty) Seq(termsQuery("source", filter.includeAlertSources)) else Nil) @@ -408,14 +387,7 @@ class Input @Inject() (configuration: Configuration, elaticClient: ElasticClient def auditFilter(filter: Filter, objectIds: String*): JsObject = { val dateFilter = if (filter.auditDateRange._1.isDefined || filter.auditDateRange._2.isDefined) - Seq( - Json.obj( - "createdAt" -> JsObject( - filter.auditDateRange._1.map(d => "gte" -> JsNumber(d)).toSeq ++ - filter.auditDateRange._2.map(d => "lt" -> JsNumber(d)) - ) - ) - ) + Seq(range("createdAt", filter.auditDateRange._1, filter.auditDateRange._2)) else Nil val objectIdFilter = if (objectIds.nonEmpty) Seq(termsQuery("objectId", objectIds)) else Nil