From 9b6bdfb4bb6328a9435ceab179a73d0f2c91b8b4 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Thu, 9 Feb 2017 15:06:01 +0100
Subject: [PATCH] #83 Display the password specified in the configuration file
 to protect zipped observable files

---
 thehive-backend/app/controllers/Status.scala               | 5 ++++-
 ui/app/scripts/app.js                                      | 7 ++++++-
 ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js | 5 +++--
 ui/app/views/partials/case/case.observables.item.html      | 2 +-
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/thehive-backend/app/controllers/Status.scala b/thehive-backend/app/controllers/Status.scala
index ddfd6d0839..6b2c6874b4 100644
--- a/thehive-backend/app/controllers/Status.scala
+++ b/thehive-backend/app/controllers/Status.scala
@@ -4,6 +4,7 @@ import javax.inject.{ Inject, Singleton }
 
 import scala.collection.immutable
 
+import play.api.Configuration
 import play.api.libs.json.Json
 import play.api.libs.json.Json.toJsFieldJsValueWrapper
 import play.api.mvc.{ Action, Controller }
@@ -23,6 +24,7 @@ import org.elastic4play.services.AuthSrv
 @Singleton
 class StatusCtrl @Inject() (
     connectors: immutable.Set[Connector],
+    configuration: Configuration,
     authSrv: AuthSrv) extends Controller {
 
   private[controllers] def getVersion(c: Class[_]) = Option(c.getPackage.getImplementationVersion).getOrElse("SNAPSHOT")
@@ -38,10 +40,11 @@ class StatusCtrl @Inject() (
         "ElasticSearch" → getVersion(classOf[org.elasticsearch.Build])),
       "connectors" → JsObject(connectors.map(c ⇒ c.name → c.status).toSeq),
       "config" → Json.obj(
+        "protectDownloadsWith" → configuration.getString("datastore.attachment.password").get,
         "authType" → (authSrv match {
           case multiAuthSrv: MultiAuthSrv ⇒ multiAuthSrv.authProviders.map { a ⇒ JsString(a.name) }
           case _                          ⇒ JsString(authSrv.name)
         }),
         "capabilities" → authSrv.capabilities.map(c ⇒ JsString(c.toString)))))
   }
-}
\ No newline at end of file
+}
diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
index b0193a48d6..2088f27a6b 100644
--- a/ui/app/scripts/app.js
+++ b/ui/app/scripts/app.js
@@ -212,7 +212,12 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ui.bootstrap', 'ui.router
             .state('app.case.observables-item', {
                 url: '/observables/{itemId}',
                 templateUrl: 'views/partials/case/case.observables.item.html',
-                controller: 'CaseObservablesItemCtrl'
+                controller: 'CaseObservablesItemCtrl',
+                resolve: {
+                    appConfig: function(VersionSrv) {
+                        return VersionSrv.get();
+                    }
+                }
             })
             .state('app.misp-list', {
                 url: 'misp/list',
diff --git a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
index ce604f5dd5..50fb510007 100644
--- a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
@@ -1,7 +1,7 @@
 (function () {
     'use strict';
     angular.module('theHiveControllers').controller('CaseObservablesItemCtrl',
-        function ($scope, $state, $stateParams, $q, CaseTabsSrv, CaseArtifactSrv, CortexSrv, PSearchSrv, AnalyzerSrv, JobSrv, AlertSrv, VersionSrv) {
+        function ($scope, $state, $stateParams, $q, CaseTabsSrv, CaseArtifactSrv, CortexSrv, PSearchSrv, AnalyzerSrv, JobSrv, AlertSrv, VersionSrv, appConfig) {
             var observableId = $stateParams.itemId,
                 observableName = 'observable-' + observableId;
 
@@ -20,6 +20,7 @@
             $scope.artifact = {};
             $scope.artifact.tlp = $scope.artifact.tlp || -1;
             $scope.analysisEnabled = VersionSrv.hasCortex();
+            $scope.protectDownloadsWith = appConfig.config.protectDownloadsWith;
 
             $scope.editorOptions = {
                 lineNumbers: true,
@@ -135,7 +136,7 @@
 
                 return CaseArtifactSrv.api().update({
                     artifactId: $scope.artifact.id
-                }, field, function (response) {                    
+                }, field, function (response) {
                     $scope.artifact = response.toJSON();
                 }, function (response) {
                     AlertSrv.error('artifactDetails', response.data, response.status);
diff --git a/ui/app/views/partials/case/case.observables.item.html b/ui/app/views/partials/case/case.observables.item.html
index 92bf7ecf06..33182d7a11 100644
--- a/ui/app/views/partials/case/case.observables.item.html
+++ b/ui/app/views/partials/case/case.observables.item.html
@@ -20,7 +20,7 @@ <h4>
                 <span class="glyphicon glyphicon-download"></span><br/>
                 <span class="wrap">{{artifact.attachment.name}}</span>
             </a><br/>
-            <small class="text-danger">Zip are protected with password "malware"</small>
+            <small class="text-danger">Zip are protected with password "{{protectDownloadsWith}}"</small>
         </div>
     </div>
     <!-- Observable analysers short reports -->