From b1783ac1b2093130a0e7910ee27bea57099ccf2d Mon Sep 17 00:00:00 2001 From: To-om Date: Wed, 18 Nov 2020 09:19:22 +0100 Subject: [PATCH] #1656 Filter initial flow with flow.maxAge --- .../org/thp/thehive/services/FlowActor.scala | 28 +++++++++++++------ thehive/conf/reference.conf | 2 ++ 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/thehive/app/org/thp/thehive/services/FlowActor.scala b/thehive/app/org/thp/thehive/services/FlowActor.scala index 44b6da1d26..5c3411498a 100644 --- a/thehive/app/org/thp/thehive/services/FlowActor.scala +++ b/thehive/app/org/thp/thehive/services/FlowActor.scala @@ -1,13 +1,17 @@ package org.thp.thehive.services +import java.util.Date + import akka.actor.{Actor, ActorRef, ActorSystem, PoisonPill, Props} import akka.cluster.singleton.{ClusterSingletonManager, ClusterSingletonManagerSettings, ClusterSingletonProxy, ClusterSingletonProxySettings} import com.google.inject.name.Names import com.google.inject.{Injector, Key => GuiceKey} import javax.inject.{Inject, Provider, Singleton} -import org.apache.tinkerpop.gremlin.process.traversal.Order +import org.apache.tinkerpop.gremlin.process.traversal.{Order, P} import org.thp.scalligraph.models.Database import org.thp.scalligraph.services.EventSrv +import org.thp.scalligraph.services.config.ApplicationConfig.finiteDurationFormat +import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem} import org.thp.scalligraph.traversal.TraversalOps._ import org.thp.scalligraph.{EntityId, EntityIdOrName} import org.thp.thehive.GuiceAkkaExtension @@ -15,6 +19,8 @@ import org.thp.thehive.services.AuditOps._ import org.thp.thehive.services.CaseOps._ import play.api.cache.SyncCacheApi +import scala.concurrent.duration.FiniteDuration + object FlowActor { case class FlowId(organisation: EntityIdOrName, caseId: Option[EntityIdOrName]) { override def toString: String = s"$organisation;${caseId.getOrElse("-")}" @@ -25,20 +31,26 @@ object FlowActor { class FlowActor extends Actor { import FlowActor._ - lazy val injector: Injector = GuiceAkkaExtension(context.system).injector - lazy val cache: SyncCacheApi = injector.getInstance(classOf[SyncCacheApi]) - lazy val auditSrv: AuditSrv = injector.getInstance(classOf[AuditSrv]) - lazy val caseSrv: CaseSrv = injector.getInstance(classOf[CaseSrv]) - lazy val db: Database = injector.getInstance(GuiceKey.get(classOf[Database], Names.named("with-thehive-schema"))) - lazy val eventSrv: EventSrv = injector.getInstance(classOf[EventSrv]) + lazy val injector: Injector = GuiceAkkaExtension(context.system).injector + lazy val cache: SyncCacheApi = injector.getInstance(classOf[SyncCacheApi]) + lazy val auditSrv: AuditSrv = injector.getInstance(classOf[AuditSrv]) + lazy val caseSrv: CaseSrv = injector.getInstance(classOf[CaseSrv]) + lazy val db: Database = injector.getInstance(GuiceKey.get(classOf[Database], Names.named("with-thehive-schema"))) + lazy val appConfig: ApplicationConfig = injector.getInstance(classOf[ApplicationConfig]) + lazy val maxAgeConfig: ConfigItem[FiniteDuration, FiniteDuration] = + appConfig.item[FiniteDuration]("flow.maxAge", "Max age of audit logs shown in initial flow") + def fromDate: Date = new Date(System.currentTimeMillis() - maxAgeConfig.get.toMillis) + lazy val eventSrv: EventSrv = injector.getInstance(classOf[EventSrv]) override def preStart(): Unit = eventSrv.subscribe(StreamTopic(), self) override def receive: Receive = { case flowId @ FlowId(organisation, caseId) => val auditIds = cache.getOrElseUpdate(flowId.toString) { db.roTransaction { implicit graph => caseId - .fold(auditSrv.startTraversal.has(_.mainAction, true).visible(organisation))(caseSrv.get(_).audits(organisation)) + .fold(auditSrv.startTraversal.has(_.mainAction, true).has(_._createdAt, P.gt(fromDate)).visible(organisation))( + caseSrv.get(_).audits(organisation) + ) .sort(_.by("_createdAt", Order.desc)) .range(0, 10) ._id diff --git a/thehive/conf/reference.conf b/thehive/conf/reference.conf index 1bce841547..f9f5bf54d3 100644 --- a/thehive/conf/reference.conf +++ b/thehive/conf/reference.conf @@ -9,6 +9,8 @@ storage { localfs.directory: /data/thehive } +flow.maxAge: 1 day + auth { providers: [ {name: session}