#83 Display the password specified in the configuration file to prote…

…ct zipped observable files

thehive-backend/app/controllers/Status.scala

@@ -4,6 +4,7 @@ import javax.inject.{ Inject, Singleton }
 
 import scala.collection.immutable
 
+import play.api.Configuration
 import play.api.libs.json.Json
 import play.api.libs.json.Json.toJsFieldJsValueWrapper
 import play.api.mvc.{ Action, Controller }
@@ -23,6 +24,7 @@ import org.elastic4play.services.AuthSrv
 @Singleton
 class StatusCtrl @Inject() (
     connectors: immutable.Set[Connector],
+    configuration: Configuration,
     authSrv: AuthSrv) extends Controller {
 
   private[controllers] def getVersion(c: Class[_]) = Option(c.getPackage.getImplementationVersion).getOrElse("SNAPSHOT")
@@ -38,10 +40,11 @@ class StatusCtrl @Inject() (
         "ElasticSearch" → getVersion(classOf[org.elasticsearch.Build])),
       "connectors" → JsObject(connectors.map(c ⇒ c.name → c.status).toSeq),
       "config" → Json.obj(
+        "protectDownloadsWith" → configuration.getString("datastore.attachment.password").get,
         "authType" → (authSrv match {
           case multiAuthSrv: MultiAuthSrv ⇒ multiAuthSrv.authProviders.map { a ⇒ JsString(a.name) }
           case _                          ⇒ JsString(authSrv.name)
         }),
         "capabilities" → authSrv.capabilities.map(c ⇒ JsString(c.toString)))))
   }
-}
+}

ui/app/scripts/app.js

@@ -212,7 +212,12 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ui.bootstrap', 'ui.router
             .state('app.case.observables-item', {
                 url: '/observables/{itemId}',
                 templateUrl: 'views/partials/case/case.observables.item.html',
-                controller: 'CaseObservablesItemCtrl'
+                controller: 'CaseObservablesItemCtrl',
+                resolve: {
+                    appConfig: function(VersionSrv) {
+                        return VersionSrv.get();
+                    }
+                }
             })
             .state('app.misp-list', {
                 url: 'misp/list',

ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js

@@ -1,7 +1,7 @@
 (function () {
     'use strict';
     angular.module('theHiveControllers').controller('CaseObservablesItemCtrl',
-        function ($scope, $state, $stateParams, $q, CaseTabsSrv, CaseArtifactSrv, CortexSrv, PSearchSrv, AnalyzerSrv, JobSrv, AlertSrv, VersionSrv) {
+        function ($scope, $state, $stateParams, $q, CaseTabsSrv, CaseArtifactSrv, CortexSrv, PSearchSrv, AnalyzerSrv, JobSrv, AlertSrv, VersionSrv, appConfig) {
             var observableId = $stateParams.itemId,
                 observableName = 'observable-' + observableId;
 
@@ -20,6 +20,7 @@
             $scope.artifact = {};
             $scope.artifact.tlp = $scope.artifact.tlp || -1;
             $scope.analysisEnabled = VersionSrv.hasCortex();
+            $scope.protectDownloadsWith = appConfig.config.protectDownloadsWith;
 
             $scope.editorOptions = {
                 lineNumbers: true,
@@ -135,7 +136,7 @@
 
                 return CaseArtifactSrv.api().update({
                     artifactId: $scope.artifact.id
-                }, field, function (response) {                    
+                }, field, function (response) {
                     $scope.artifact = response.toJSON();
                 }, function (response) {
                     AlertSrv.error('artifactDetails', response.data, response.status);

ui/app/views/partials/case/case.observables.item.html

@@ -20,7 +20,7 @@ <h4>
                 <span class="glyphicon glyphicon-download"></span><br/>
                 <span class="wrap">{{artifact.attachment.name}}</span>
             </a><br/>
-            <small class="text-danger">Zip are protected with password "malware"</small>
+            <small class="text-danger">Zip are protected with password "{{protectDownloadsWith}}"</small>
         </div>
     </div>
     <!-- Observable analysers short reports -->