From 538547cdfc223bac1efda6a3ba80122b22059ae0 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 14 Apr 2017 16:01:05 +0200
Subject: [PATCH] #170 Parse and output JSON for data in alert artifacts

---
 thehive-backend/app/models/Alert.scala | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
index afa90000e3..362f51c9ae 100644
--- a/thehive-backend/app/models/Alert.scala
+++ b/thehive-backend/app/models/Alert.scala
@@ -6,10 +6,11 @@ import models.JsonFormat.alertStatusFormat
 import org.elastic4play.models.{ Attribute, AttributeDef, BaseEntity, EntityDef, HiveEnumeration, ModelDef, AttributeFormat ⇒ F, AttributeOption ⇒ O }
 import org.elastic4play.utils.Hasher
 import play.api.Logger
-import play.api.libs.json.{ JsObject, JsString, Json }
+import play.api.libs.json._
 import services.AuditedModel
 
 import scala.concurrent.Future
+import scala.util.Try
 
 object AlertStatus extends Enumeration with HiveEnumeration {
   type Type = Value
@@ -72,6 +73,14 @@ class Alert(model: AlertModel, attributes: JsObject)
 
   override def artifactAttributes: Seq[Attribute[_]] = Nil
 
+  override def toJson = super.toJson +
+    ("artifacts" → JsArray(artifacts().map {
+      // for file artifact, parse data as Json
+      case a if (a \ "dataType").asOpt[String].contains("file") ⇒
+        Try(a + ("data" → Json.parse((a \ "data").as[String]))).getOrElse(a)
+      case a ⇒ a
+    }))
+
   def toCaseJson: JsObject = Json.obj(
     //"caseId" -> caseId,
     "title" → title(),