From 2e92e5e679699c9f0c76d041a7ac49ab98f575ce Mon Sep 17 00:00:00 2001 From: Robin Riclet Date: Tue, 27 Oct 2020 09:18:49 +0100 Subject: [PATCH] #1557 Correct format for detail.customFields in webhook --- .../org/thp/thehive/services/AlertSrv.scala | 21 ++++++++++--------- .../org/thp/thehive/services/AuditSrv.scala | 2 +- .../notification/notifiers/Webhook.scala | 11 ++++++++++ 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/thehive/app/org/thp/thehive/services/AlertSrv.scala b/thehive/app/org/thp/thehive/services/AlertSrv.scala index ddcf2d02e7..375ffc7960 100644 --- a/thehive/app/org/thp/thehive/services/AlertSrv.scala +++ b/thehive/app/org/thp/thehive/services/AlertSrv.scala @@ -273,20 +273,21 @@ class AlertSrv @Inject() ( def mergeInCase(alert: Alert with Entity, `case`: Case with Entity)(implicit graph: Graph, authContext: AuthContext): Try[Case with Entity] = { auditSrv.mergeAudits { - // No audit for markAsRead and observables - markAsRead(alert._id) - importObservables(alert, `case`) - importCustomFields(alert, `case`) - - // Audits for customFields, description and tags val customFields = get(alert).richCustomFields.toSeq.map(_.toOutput.toJson) val description = `case`.description + s"\n \n#### Merged with alert #${alert.sourceRef} ${alert.title}\n\n${alert.description.trim}" val tags = get(alert).tags.toSeq.map(_.toString) - caseSrv.get(`case`).update(_.description, description).getOrFail("Case") - caseSrv.addTags(`case`, tags.toSet) - Success(Json.obj("customFields" -> customFields, "description" -> description, "tags" -> tags)) - } (audits => auditSrv.alertToCase.merge(alert, `case`, Some(audits))) + for { + _ <- markAsRead(alert._id) + _ <- importObservables(alert, `case`) + _ <- importCustomFields(alert, `case`) + _ <- caseSrv.get(`case`).update(_.description, description).getOrFail("Case") + _ <- caseSrv.addTags(`case`, tags.toSet) + // No audit for markAsRead and observables + // Audits for customFields, description and tags + details <- Success(Json.obj("customFields" -> customFields, "description" -> description, "tags" -> tags)) + } yield details + } (details => auditSrv.alertToCase.merge(alert, `case`, Some(details))) caseSrv.get(`case`).getOrFail("Case") } diff --git a/thehive/app/org/thp/thehive/services/AuditSrv.scala b/thehive/app/org/thp/thehive/services/AuditSrv.scala index 077b177834..449335dc7a 100644 --- a/thehive/app/org/thp/thehive/services/AuditSrv.scala +++ b/thehive/app/org/thp/thehive/services/AuditSrv.scala @@ -174,7 +174,7 @@ class AuditSrv @Inject() ( auditSrv.create(Audit(Audit.delete, entity, None), context, None) def merge(entity: E with Entity, destination: C with Entity, details: Option[JsObject] = None)(implicit graph: Graph, authContext: AuthContext): Try[Unit] = - auditSrv.create(Audit(Audit.merge, destination, details.map(_.toString())), Some(destination), None) + auditSrv.create(Audit(Audit.merge, destination, details.map(_.toString())), Some(destination), Some(destination)) } class SelfContextObjectAudit[E <: Product] { diff --git a/thehive/app/org/thp/thehive/services/notification/notifiers/Webhook.scala b/thehive/app/org/thp/thehive/services/notification/notifiers/Webhook.scala index 757a9e91a3..de4e6d4c6f 100644 --- a/thehive/app/org/thp/thehive/services/notification/notifiers/Webhook.scala +++ b/thehive/app/org/thp/thehive/services/notification/notifiers/Webhook.scala @@ -184,6 +184,17 @@ class Webhook( customFieldSrv .getOrFail(EntityIdOrName(fieldName)) .fold(_ => keyValue, cf => "customFields" -> Json.obj(fieldName -> Json.obj(cf.`type`.toString -> value))) + case ("customFields", JsArray(cfs)) => + "customFields" -> cfs + .flatMap { cf => + for { + name <- (cf \ "name").asOpt[String] + tpe <- (cf \ "type").asOpt[String] + value = (cf \ "value").asOpt[JsValue] + order = (cf \ "order").asOpt[Int] + } yield Json.obj(name -> Json.obj(tpe -> value, "order" -> order)) + } + .foldLeft(JsObject.empty)(_ ++ _) case keyValue => keyValue }) }