#170 Parse and output JSON for data in alert artifacts

TheHive-Project · Apr 14, 2017 · 538547c · 538547c
1 parent 0e20519
commit 538547c
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
@@ -6,10 +6,11 @@ import models.JsonFormat.alertStatusFormat
 import org.elastic4play.models.{ Attribute, AttributeDef, BaseEntity, EntityDef, HiveEnumeration, ModelDef, AttributeFormat ⇒ F, AttributeOption ⇒ O }
 import org.elastic4play.utils.Hasher
 import play.api.Logger
-import play.api.libs.json.{ JsObject, JsString, Json }
+import play.api.libs.json._
 import services.AuditedModel
 
 import scala.concurrent.Future
+import scala.util.Try
 
 object AlertStatus extends Enumeration with HiveEnumeration {
   type Type = Value
@@ -72,6 +73,14 @@ class Alert(model: AlertModel, attributes: JsObject)
 
   override def artifactAttributes: Seq[Attribute[_]] = Nil
 
+  override def toJson = super.toJson +
+    ("artifacts" → JsArray(artifacts().map {
+      // for file artifact, parse data as Json
+      case a if (a \ "dataType").asOpt[String].contains("file") ⇒
+        Try(a + ("data" → Json.parse((a \ "data").as[String]))).getOrElse(a)
+      case a ⇒ a
+    }))
+
   def toCaseJson: JsObject = Json.obj(
     //"caseId" -> caseId,
     "title" → title(),