#982 Allow importing file observables generated by cortex analyzers

ui/app/index.html

@@ -217,6 +217,7 @@
     <script src="scripts/directives/utils/autofocus.js"></script>
     <script src="scripts/filters/ellipsis.js"></script>
     <script src="scripts/filters/fang.js"></script>
+    <script src="scripts/filters/filesize.js"></script>
     <script src="scripts/filters/filter-value.js"></script>
     <script src="scripts/filters/flattern-object.js"></script>
     <script src="scripts/filters/getField.js"></script>

ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js

@@ -48,7 +48,7 @@
                 CaseTabsSrv.activateTab(observableName);
             }, 0);
 
-            $scope.initScope = function (artifact) {                
+            $scope.initScope = function (artifact) {
 
                 // Get analyzers available for the observable's datatype
                 AnalyzerSrv.forDataType(artifact.dataType)

ui/app/scripts/controllers/case/ObservableCreationCtrl.js

@@ -5,7 +5,7 @@
     'use strict';
 
     angular.module('theHiveControllers').controller('ObservableCreationCtrl',
-        function($scope, $stateParams, $uibModalInstance, clipboard, CaseArtifactSrv, ListSrv, NotificationSrv, TagSrv, params, tags) {
+        function($scope, $stateParams, $uibModalInstance, clipboard, CaseArtifactSrv, ListSrv, NotificationSrv, TagSrv, params) {
 
             $scope.activeTlp = 'active';
             $scope.pendingAsync = false;
@@ -14,6 +14,7 @@
                 ioc: false,
                 sighted: false,
                 single: false,
+                isUpload: true,
                 isZip: false,
                 zipPassword: '',
                 data: '',
@@ -22,9 +23,8 @@
                 tags: [],
                 tagNames: ''
             };
-            $scope.tags = tags || [];
 
-            $scope.$watchCollection('tags', function(value) {
+            $scope.$watchCollection('params.tags', function(value) {
                 $scope.params.tagNames = _.pluck(value, 'text').join(',');
             });
 
@@ -75,25 +75,34 @@
                         sighted: params.sighted,
                         tlp: params.tlp,
                         message: params.message,
-                        tags: _.unique(_.pluck($scope.tags, 'text'))
+                        tags: _.unique(_.pluck(params.tags, 'text'))
                     };
 
-                var isFile = params.dataType === 'file';
+                var isFile = params.dataType === 'file' && params.isUpload;
+                var isAttachment = params.dataType === 'file' && !params.isUpload;
 
-                if (!isFile) {
-                    if(params.single === true) {
-                        postData.data = params.data;
-                    } else {
-                        postData.data = params.data.split('\n');
-                        count = postData.length;
-                    }
-                } else {
+                // TODO add support to the attachment case
+                if(isAttachment) {
+                    // Observable is an existing file
+                    postData.attachment = params.attachment;
+                    count = postData.length;
+
+                } else if(isFile) {
+                    // Observable is an uploaded file
                     postData.attachment = params.attachment;
 
                     if(params.isZip) {
                         postData.isZip = params.isZip;
                         postData.zipPassword = params.zipPassword;
                     }
+                } else {
+                    // Observable is anything else
+                    if(params.single === true) {
+                        postData.data = params.data;
+                    } else {
+                        postData.data = params.data.split('\n');
+                        count = postData.length;
+                    }
                 }
 
                 $scope.pendingAsync = true;

ui/app/scripts/directives/report-observables.js

@@ -74,6 +74,22 @@
                     ].join('\n');
 
                     _.each(toImport, function(list, key) {
+                        var params = {
+                            dataType: key,
+                            single: list.length === 1,
+                            ioc: false,
+                            sighted: false,
+                            tlp: 2,
+                            message: message,
+                            tags: [{text: 'src:' + $scope.analyzer}]
+                        };
+
+                        if(key === 'file') {
+                            params.attachment = _.pluck(list, 'attachment');
+                            params.isUpload = false;
+                        } else {
+                            params.data = _.pluck(list, 'data').join('\n');
+                        }
 
                         var modal = $uibModal.open({
                             animation: 'true',
@@ -82,20 +98,7 @@
                             size: 'lg',
                             resolve: {
                                 params: function() {
-                                    return {
-                                        dataType: key,
-                                        single: list.length === 1,
-                                        ioc: false,
-                                        sighted: false,
-                                        data: _.pluck(list, 'data').join('\n'),
-                                        tlp: 2,
-                                        message: message,
-                                        tags: [],
-                                        tagNames: ''
-                                    };
-                                },
-                                tags: function() {
-                                    return [{text: 'src:' + $scope.analyzer}];
+                                    return params;
                                 }
                             }
                         });

ui/app/scripts/filters/filesize.js

@@ -0,0 +1,38 @@
+(function() {
+    'use strict';
+
+    angular.module('theHiveFilters')
+        .filter('filesize', function() {
+            return function(size) {
+                if (isNaN(size)) {
+                    size = 0;
+                }
+
+                if (size < 1024) {
+                    return size + ' Bytes';
+                }
+
+                size /= 1024;
+
+                if (size < 1024) {
+                    return size.toFixed(2) + ' KB';
+                }
+
+                size /= 1024;
+
+                if (size < 1024) {
+                    return size.toFixed(2) + ' MB';
+                }
+
+                size /= 1024;
+
+                if (size < 1024) {
+                    return size.toFixed(2) + ' GB';
+                }
+
+                size /= 1024;
+
+                return size.toFixed(2) + ' TB';
+            };
+        });
+})();

ui/app/views/directives/report-observables.html

@@ -37,13 +37,24 @@
                 <tr ng-repeat="observable in pagination.data | orderBy:'id':true |
                         offset: (pagination.currentPage-1)*pagination.pageSize |
                         limitTo: pagination.pageSize ">
-                    <td><input type="checkbox" ng-model="observable.selected" ng-click="selectObservable(observable)" ng-disabled="observable.id"></td>
+                    <td><input type="checkbox" ng-model="observable.selected" ng-change="selectObservable(observable)" ng-disabled="observable.id"></td>
                     <td>
                         <span uib-tooltip="Observable already id" tooltip-popup-delay="500" tooltip-placement="bottom" ng-if="observable.id" class="glyphicon glyphicon-eye-open"></span>
                     </td>
                     <td>{{observable.dataType}}</td>
                     <td class="wrap">
-                        {{observable.data | fang | ellipsis:250}}
+                        <div ng-switch="observable.dataType" uib-tooltip="{{observable.message}}" tooltip-placement="top-left">
+                            <span ng-switch-when="file">{{observable.attachment.name | fang}}</span>
+                            <span ng-switch-default>{{observable.data | fang | ellipsis:250}}</span>
+                        </div>
+                        <div class="case-tags flexwrap mt-xxs">
+                            <span class="mr-xxxs text-muted"><i class="fa fa-tags"></i></span>
+                            <strong class="text-muted mr-xxxs" ng-if="!observable.tags || observable.tags.length === 0">None</strong>
+                            <span class="label label-primary mb-xxxs mr-xxxs pointer"
+                                ng-repeat="tag in observable.tags track by $index">
+                                {{tag}}
+                            </span>
+                        </div>
                     </td>
                     <td class="wrap">
                         <a ng-if="observable.id" href ui-sref="app.case.observables-item({caseId: caseId, itemId: observable.id})"><i class="fa fa-search"></i> View</a>

ui/app/views/partials/observables/creation/form.html

@@ -1,3 +1,4 @@
+
 <div class="form-group" ng-class="{ 'has-error' : observableForm.dataType.$invalid && !observableForm.dataType.$pristine }">
     <label class="col-md-3 control-label">Type <i class="fa fa-asterisk text-danger"></i></label>
     <div class="col-md-9">
@@ -14,11 +15,11 @@
     </div>
 </div>
 
-<!-- File observable -->
-<div class="form-group" ng-show="isFile()" ng-class="{ 'has-error' : observableForm.attachment.$invalid }">
+<!-- Uploaded File observable -->
+<div class="form-group" ng-show="params.isUpload === true && isFile()" ng-class="{ 'has-error' : observableForm.attachment.$invalid }">
     <label class="col-md-3 control-label">File <i class="fa fa-asterisk text-danger"></i></label>
     <div class="col-md-9">
-        <input type="hidden" name="attachment" ng-model="params.attachment.status" ng-required="isFile()">
+        <input type="hidden" name="attachment" ng-model="params.attachment.status" ng-required="params.isUpload && isFile()">
         <div file-chooser="" filemodel="params.attachment"></div>
         <div ng-show="params.attachment.upload.total === 0" class="mv-xxs p-xxs bg-warning">
             WARNING: This file seems to be empty
@@ -34,6 +35,27 @@
     </div>
 </div>
 
+<!-- Existing attachment observable -->
+<div class="form-group" ng-show="!params.isUpload && isFile()">
+    <label class="col-md-3 control-label">File <i class="fa fa-asterisk text-danger"></i></label>
+    <div class="col-md-9">
+        <table class="table table-striped">
+          <tr>
+            <th class="text-center" style="width: 10px">#</th>
+            <th>Filename</th>
+            <th>Type</th>
+            <th>Size</th>
+          </tr>
+          <tr ng-repeat="a in params.attachment track by $index">
+              <td class="text-center">#{{$index+1}}</td>
+              <td>{{a.name}}</td>
+              <td>{{a.contentType}}</td>
+              <td>{{a.size | filesize}}</td>
+          </tr>
+        </table>
+    </div>
+</div>
+
 <!-- Non file observable -->
 <div class="form-group" ng-show="!isFile()" ng-class="{ 'has-error' : observableForm.data.$invalid && !observableForm.data.$pristine }">
     <label class="col-md-3 control-label">Value <i class="fa fa-asterisk text-danger"></i></label>
@@ -98,7 +120,7 @@
     </label>
     <div class="col-md-9">
         <input type="hidden" name="tags" ng-model="params.tagNames" ng-required="!params.message.length"/>
-        <tags-input name="tagsInput" ng-model="tags" class="ti-input-sm" placeholder="Add tags" replace-spaces-with-dashes="false" min-length="2">
+        <tags-input name="tagsInput" ng-model="params.tags" class="ti-input-sm" placeholder="Add tags" replace-spaces-with-dashes="false" min-length="2">
             <auto-complete min-length="1" debounceDelay="400" source="getTags($query)"></auto-complete>
         </tags-input>
         <p class="help-block" ng-show="observableForm.tags.$invalid && !observableForm.tagsInput.$pristine">The observable(s) description or tags are required.</p>
@@ -108,7 +130,7 @@
 <div class="form-group" ng-class="{ 'has-error' : observableForm.description.$invalid && !observableForm.description.$pristine }">
     <label class="col-sm-3 control-label">Description <i class="fa fa-asterisk text-danger"></i><i class="fa fa-asterisk text-danger"></i></label>
     <div class="col-sm-9">
-        <textarea class="form-control" name="description" ng-model="params.message" placeholder="Observable(s) description" rows="3" ng-required="!params.tagNames.length"></textarea>
+        <textarea class="form-control" name="description" ng-model="params.message" placeholder="Observable(s) description" rows="3" ng-required="!params.tags.length"></textarea>
         <p class="help-block" ng-show="observableForm.description.$invalid && !observableForm.description.$pristine">The observable(s) description or tags are required.</p>
     </div>
 </div>

ui/app/views/partials/observables/observable.creation.html

@@ -8,7 +8,7 @@ <h3 class="modal-title">Create new observable(s)</h3>
 
     <div class="modal-footer text-left">
         <button class="btn btn-default" ng-click="cancel()" type="button">Cancel</button>
-        <button class="btn btn-primary pull-right" ng-show="step ==='error'" ng-click="copyToClipboard()" type="button"><i class="fa fa-copy"></i> Copy to clipboard</button>        
+        <button class="btn btn-primary pull-right" ng-show="step ==='error'" ng-click="copyToClipboard()" type="button"><i class="fa fa-copy"></i> Copy to clipboard</button>
         <button class="btn btn-primary pull-right" ng-show="step ==='form'" ng-disabled="observableForm.$invalid || pendingAsync" type="submit"><i class="fa fa-plus"></i> Create observable(s)</button>
     </div>
 </form>