Merge branch 'release/2.13.0'

CHANGELOG.md

@@ -1,7 +1,34 @@
 # Change Log
 
-## [2.12.1](https://github.com/CERT-BDF/TheHive/tree/2.12.1) (2017-08-01)
+## [2.13](https://github.com/CERT-BDF/TheHive/tree/2.13) (2017-09-15)
+
+[Full Changelog](https://github.com/CERT-BDF/TheHive/compare/2.12.1...2.13)
+
+**Implemented enhancements:**
+
+- Group ownership in Docker image prevents running on OpenShift [\#307](https://github.com/CERT-BDF/TheHive/issues/307)
+- Improve the content of alert flow items [\#304](https://github.com/CERT-BDF/TheHive/issues/304)
+- Add a basic support for webhooks [\#293](https://github.com/CERT-BDF/TheHive/issues/293)
+- Add basic authentication to Stream API [\#291](https://github.com/CERT-BDF/TheHive/issues/291)
+- Add Support for Play 2.6.x and Elasticsearch 5.x [\#275](https://github.com/CERT-BDF/TheHive/issues/275)
+- Fine grained user permissions for API access [\#263](https://github.com/CERT-BDF/TheHive/issues/263)
+- Alert Pane: Catch Incorrect Keywords [\#241](https://github.com/CERT-BDF/TheHive/issues/241)
+- Specify multiple AD servers in TheHive configuration [\#231](https://github.com/CERT-BDF/TheHive/issues/231)
+- Export cases in MISP events [\#52](https://github.com/CERT-BDF/TheHive/issues/52)
+
+**Fixed bugs:**
 
+- Download attachment with non-latin filename [\#302](https://github.com/CERT-BDF/TheHive/issues/302)
+- Undefined threat level from MISP events becomes severity "4" [\#300](https://github.com/CERT-BDF/TheHive/issues/300)
+- File name is not displayed in observable conflict dialog [\#295](https://github.com/CERT-BDF/TheHive/issues/295)
+- A colon punctuation mark in a search query results in 500 [\#285](https://github.com/CERT-BDF/TheHive/issues/285)
+- Previewing alerts fails with "too many substreams open" due to case similarity process [\#280](https://github.com/CERT-BDF/TheHive/issues/280)
+
+**Closed issues:**
+
+- Threat level/severity code inverted between The Hive and MISP [\#292](https://github.com/CERT-BDF/TheHive/issues/292)
+
+## [2.12.1](https://github.com/CERT-BDF/TheHive/tree/2.12.1) (2017-08-01)
 [Full Changelog](https://github.com/CERT-BDF/TheHive/compare/2.12.0...2.12.1)
 
 **Implemented enhancements:**
@@ -11,12 +38,12 @@
 
 **Fixed bugs:**
 
+- Cortex Connector Not Found [\#256](https://github.com/CERT-BDF/TheHive/issues/256)
 - Case similarity reports merged cases [\#272](https://github.com/CERT-BDF/TheHive/issues/272)
 - Closing a case with an open task does not dismiss task in "My tasks" [\#269](https://github.com/CERT-BDF/TheHive/issues/269)
 - API: cannot create alert if one alert artifact contains the IOC field set [\#268](https://github.com/CERT-BDF/TheHive/issues/268)
 - Can't get logs of a task via API [\#259](https://github.com/CERT-BDF/TheHive/issues/259)
 - Add multiple attachments in a single task log doesn't work [\#257](https://github.com/CERT-BDF/TheHive/issues/257)
-- Cortex Connector Not Found [\#256](https://github.com/CERT-BDF/TheHive/issues/256)
 - TheHive doesn't send the file name to Cortex [\#254](https://github.com/CERT-BDF/TheHive/issues/254)
 - Renaming of users does not work [\#249](https://github.com/CERT-BDF/TheHive/issues/249)
 

build.sbt

@@ -1,17 +1,21 @@
 name := "TheHive"
 
 lazy val thehiveBackend = (project in file("thehive-backend"))
+  .enablePlugins(PlayScala)
   .settings(publish := {})
 
 lazy val thehiveMetrics = (project in file("thehive-metrics"))
+  .enablePlugins(PlayScala)
   .dependsOn(thehiveBackend)
   .settings(publish := {})
 
 lazy val thehiveMisp = (project in file("thehive-misp"))
+  .enablePlugins(PlayScala)
   .dependsOn(thehiveBackend)
   .settings(publish := {})
 
 lazy val thehiveCortex = (project in file("thehive-cortex"))
+  .enablePlugins(PlayScala)
   .dependsOn(thehiveBackend)
   .settings(publish := {})
   .settings(SbtScalariform.scalariformSettings: _*)
@@ -26,14 +30,19 @@ lazy val thehive = (project in file("."))
   .settings(PublishToBinTray.settings: _*)
   .settings(Release.settings: _*)
 
+
+// Redirect logs from ElasticSearch (which uses log4j2) to slf4j
+libraryDependencies += "org.apache.logging.log4j" % "log4j-to-slf4j" % "2.9.0"
+excludeDependencies += "org.apache.logging.log4j" % "log4j-core"
+
 lazy val rpmPackageRelease = (project in file("package/rpm-release"))
   .enablePlugins(RpmPlugin)
   .settings(
     name := "thehive-project-release",
     maintainer := "TheHive Project <[email protected]>",
     version := "1.0.0",
     rpmRelease := "3",
-    rpmVendor in Rpm := "TheHive Project",
+    rpmVendor := "TheHive Project",
     rpmUrl := Some("http://thehive-project.org/"),
     rpmLicense := Some("AGPL"),
     maintainerScripts in Rpm := Map.empty,
@@ -125,7 +134,7 @@ linuxMakeStartScript in Debian := None
 
 // RPM //
 rpmRelease := "1"
-rpmVendor in Rpm := "TheHive Project"
+rpmVendor := "TheHive Project"
 rpmUrl := Some("http://thehive-project.org/")
 rpmLicense := Some("AGPL")
 rpmRequirements += "java-1.8.0-openjdk-headless"
@@ -163,12 +172,18 @@ mappings in Docker ~= (_.filterNot {
   case (_, filepath) => filepath == "/opt/thehive/conf/application.conf"
 })
 dockerCommands ~= { dc =>
-  val (dockerInitCmds, dockerTailCmds) = dc.splitAt(4)
+  val (dockerInitCmds, dockerTailCmds) = dc
+    .collect {
+      case ExecCmd("RUN", "chown", _*) => ExecCmd("RUN", "chown", "-R", "daemon:root", ".")
+      case other => other
+    }
+    .splitAt(4)
   dockerInitCmds ++
     Seq(
-      Cmd("ADD", "var", "/var"),
+        Cmd("ADD", "var", "/var"),
       Cmd("ADD", "etc", "/etc"),
-      ExecCmd("RUN", "chown", "-R", "daemon:daemon", "/var/log/thehive")) ++
+      ExecCmd("RUN", "chown", "-R", "daemon:root", "/var/log/thehive"),
+      ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint")) ++
     dockerTailCmds
 }
 

package/docker/entrypoint

@@ -59,7 +59,7 @@ then
 			SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
 		fi
 		echo Using secret: $SECRET
-		echo play.crypto.secret=\"$SECRET\" >> $CONFIG_FILE
+		echo play.http.secret.key=\"$SECRET\" >> $CONFIG_FILE
 	fi
 
 	if test $CONFIG_ES = 1

project/BuildSettings.scala

@@ -13,7 +13,7 @@ object BasicSettings extends AutoPlugin {
       "-deprecation", // Emit warning and location for usages of deprecated APIs.
       "-feature", // Emit warning and location for usages of features that should be imported explicitly.
       "-unchecked", // Enable additional warnings where generated code depends on assumptions.
-      "-Xfatal-warnings", // Fail the compilation if there are any warnings.
+      //"-Xfatal-warnings", // Fail the compilation if there are any warnings.
       "-Xlint", // Enable recommended additional warnings.
       "-Ywarn-adapted-args", // Warn if an argument list is modified to match the receiver.
       "-Ywarn-dead-code", // Warn when dead code is identified.

project/Dependencies.scala

@@ -1,17 +1,19 @@
 import sbt._
 
 object Dependencies {
-  val scalaVersion = "2.11.8"
+  val scalaVersion = "2.12.3"
 
   object Library {
 
     object Play {
       val version = play.core.PlayVersion.current
       val ws = "com.typesafe.play" %% "play-ws" % version
-      val cache = "com.typesafe.play" %% "play-cache" % version
+      val ahc = "com.typesafe.play" %% "play-ahc-ws" % version
+      val cache = "com.typesafe.play" %% "play-ehcache" % version
       val test = "com.typesafe.play" %% "play-test" % version
       val specs2 = "com.typesafe.play" %% "play-specs2" % version
       val filters = "com.typesafe.play" %% "filters-helpers" % version
+      val guice = "com.typesafe.play" %% "play-guice" % version
       object Specs2 {
         private val version = "3.6.6"
         val matcherExtra = "org.specs2" %% "specs2-matcher-extra" % version
@@ -20,16 +22,16 @@ object Dependencies {
     }
 
     object Specs2 {
-      private val version = "3.6.6"
+      private val version = "3.9.4"
       val core = "org.specs2" %% "specs2-core" % version
       val matcherExtra = "org.specs2" %% "specs2-matcher-extra" % version
       val mock = "org.specs2" %% "specs2-mock" % version
     }
-    val scalaGuice = "net.codingwell" %% "scala-guice" % "4.0.1"
-    val akkaTestkit = "com.typesafe.akka" %% "akka-testkit" % "2.4.7"
-    val reflections = "org.reflections" % "reflections" % "0.9.10"
+    val scalaGuice = "net.codingwell" %% "scala-guice" % "4.1.0"
+    val akkaTestkit = "com.typesafe.akka" %% "akka-testkit" % "2.5.4"
+    val reflections = "org.reflections" % "reflections" % "0.9.11"
     val zip4j = "net.lingala.zip4j" % "zip4j" % "1.3.2"
-    val akkaTest = "com.typesafe.akka" %% "akka-stream-testkit" % "2.4.4"
-    val elastic4play = "org.cert-bdf" %% "elastic4play" % "1.2.1"
+    val akkaTest = "com.typesafe.akka" %% "akka-stream-testkit" % "2.5.4"
+    val elastic4play = "org.cert-bdf" %% "elastic4play" % "1.3.0"
   }
 }

project/build.properties

@@ -1 +1 @@
-sbt.version=0.13.13
+sbt.version=0.13.16

project/plugins.sbt

@@ -1,7 +1,7 @@
 // Comment to get more information during initialization
 logLevel := Level.Info
 
-addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.14")
+addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3")
 
 addSbtPlugin("me.lessis" % "bintray-sbt" % "0.3.0")
 

thehive-backend/app/connectors/Connectors.scala

@@ -1,30 +1,34 @@
 package connectors
 
-import javax.inject.Inject
+import javax.inject.{ Inject, Singleton }
+
+import scala.collection.immutable
 
-import com.google.inject.AbstractModule
-import net.codingwell.scalaguice.{ ScalaModule, ScalaMultibinder }
 import play.api.libs.json.{ JsObject, Json }
-import play.api.mvc.{ Action, Handler, RequestHeader, Results }
+import play.api.mvc._
 import play.api.routing.sird.UrlContext
 import play.api.routing.{ Router, SimpleRouter }
 
-import scala.collection.immutable
+import com.google.inject.AbstractModule
+import net.codingwell.scalaguice.{ ScalaModule, ScalaMultibinder }
 
 trait Connector {
   val name: String
   val router: Router
   val status: JsObject = Json.obj("enabled" → true)
 }
 
-class ConnectorRouter @Inject() (connectors: immutable.Set[Connector]) extends SimpleRouter {
+@Singleton
+class ConnectorRouter @Inject() (
+    connectors: immutable.Set[Connector],
+    actionBuilder: DefaultActionBuilder) extends SimpleRouter {
   def get(connectorName: String): Option[Connector] = connectors.find(_.name == connectorName)
 
   def routes: PartialFunction[RequestHeader, Handler] = {
     case request @ p"/$connector/$path<.*>" ⇒
       get(connector)
         .flatMap(_.router.withPrefix(s"/$connector/").handlerFor(request))
-        .getOrElse(Action { _ ⇒ Results.NotFound(s"connector $connector not found") })
+        .getOrElse(actionBuilder { _ ⇒ Results.NotFound(s"connector $connector not found") })
   }
 }