Skip to content

Commit

Permalink
#1292 Fix file import from alert
Browse files Browse the repository at this point in the history
  • Loading branch information
@To-om
To-om committed Apr 24, 2020
1 parent acd3d47 commit 7fd7058
Showing 1 changed file with 30 additions and 18 deletions.
48 changes: 30 additions & 18 deletions thehive-backend/app/services/AlertSrv.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,31 +302,43 @@ class AlertSrv(
.flatMap { artifact
val tags = (artifact \ "tags").asOpt[Seq[JsString]].getOrElse(Nil) :+ JsString("src:" + alert.tpe())
val message = (artifact \ "message").asOpt[JsString].getOrElse(JsString(""))
(artifact \ "dataType").asOpt[String].flatMap {
case "file"
(artifact \ "data").asOpt[String].collect {
case dataExtractor(filename, contentType, data)
val f = Files.createTempFile("alert-", "-attachment")
Files.write(f, java.util.Base64.getDecoder.decode(data))
(artifact \ "dataType")
.asOpt[String]
.flatMap {
case "file" if !artifact.value.contains("attachment")
(artifact \ "data").asOpt[String].collect {
case dataExtractor(filename, contentType, data)
val f = Files.createTempFile("alert-", "-attachment")
Files.write(f, java.util.Base64.getDecoder.decode(data))
Fields(
artifact +
("tags" JsArray(tags)) +
("message" message)
).set("attachment", FileInputValue(filename, f, contentType))
.unset("data")
}
case "file"
Some(
Fields(
artifact +
("tags" JsArray(tags)) +
("message" message)
).set("attachment", FileInputValue(filename, f, contentType))
.unset("data")
}
case _ if artifact.value.contains("data")
Some(
Fields(
artifact +
("tags" JsArray(tags)) +
("message" message)
)
)
)
case _
case _ if artifact.value.contains("data")
Some(
Fields(
artifact +
("tags" JsArray(tags)) +
("message" message)
)
)
case _ None
}
.orElse {
logger.warn(s"Invalid artifact format: $artifact")
None
}
}
}

val updatedCase = artifactSrv
Expand Down

0 comments on commit 7fd7058

Please sign in to comment.