#1946 Add limited count query

TheHive-Project · Apr 9, 2021 · b685b77 · b685b77
1 parent 18d297d
commit b685b77
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 5 deletions.
diff --git a/ScalliGraph b/ScalliGraph
diff --git a/.../src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala b/.../src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala
@@ -5,6 +5,7 @@ import org.thp.scalligraph.auth.AuthContext
 import org.thp.scalligraph.controllers.FieldsParser
 import org.thp.scalligraph.models._
 import org.thp.scalligraph.query._
+import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem}
 import org.thp.scalligraph.traversal.Traversal
 import org.thp.scalligraph.traversal.TraversalOps._
 import org.thp.scalligraph.{BadRequestError, EntityIdOrName}
@@ -18,7 +19,8 @@ import javax.inject.{Inject, Singleton}
 import scala.reflect.runtime.{universe => ru}
 
 @Singleton
-class CortexQueryExecutor @Inject() (implicit
+class CortexQueryExecutor @Inject() (
+    appConfig: ApplicationConfig,
     override val db: Database,
     job: PublicJob,
     report: PublicAnalyzerTemplate,
@@ -27,6 +29,9 @@ class CortexQueryExecutor @Inject() (implicit
 ) extends QueryExecutor {
   lazy val controllers: List[PublicData] = action :: report :: job :: analyzerTemplate :: Nil
 
+  val limitedCountThresholdConfig: ConfigItem[Long, Long] = appConfig.item[Long]("query.limitedCountThreshold", "Maximum number returned by a count")
+  override val limitedCountThreshold: Long                = limitedCountThresholdConfig.get
+
   override lazy val publicProperties: PublicProperties = controllers.map(_.publicProperties).reduce(_ ++ _)
 
   override lazy val queries: Seq[ParamQuery[_]] =

diff --git a/thehive/app/org/thp/thehive/controllers/v0/TheHiveQueryExecutor.scala b/thehive/app/org/thp/thehive/controllers/v0/TheHiveQueryExecutor.scala
@@ -5,6 +5,7 @@ import org.thp.scalligraph.auth.AuthContext
 import org.thp.scalligraph.controllers.{FObject, Field, FieldsParser}
 import org.thp.scalligraph.models._
 import org.thp.scalligraph.query._
+import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem}
 import org.thp.scalligraph.traversal.Traversal
 import org.thp.scalligraph.traversal.TraversalOps._
 import org.thp.scalligraph.utils.RichType
@@ -37,6 +38,7 @@ object OutputParam {
 @Singleton
 class TheHiveQueryExecutor @Inject() (
     override val db: Database,
+    appConfig: ApplicationConfig,
     alert: PublicAlert,
     audit: PublicAudit,
     `case`: PublicCase,
@@ -57,6 +59,9 @@ class TheHiveQueryExecutor @Inject() (
   lazy val publicDatas: Seq[PublicData] =
     Seq(alert, audit, `case`, caseTemplate, customField, dashboard, log, observable, observableType, organisation, page, profile, tag, task, user)
 
+  val limitedCountThresholdConfig: ConfigItem[Long, Long] = appConfig.item[Long]("query.limitedCountThreshold", "Maximum number returned by a count")
+  override val limitedCountThreshold: Long                = limitedCountThresholdConfig.get
+
   def metaProperties: PublicProperties =
     PublicPropertyListBuilder
       .forType[Product](_ => true)

diff --git a/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala b/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala
@@ -3,6 +3,7 @@ package org.thp.thehive.controllers.v1
 import org.thp.scalligraph.controllers.{FObject, FieldsParser}
 import org.thp.scalligraph.models.Database
 import org.thp.scalligraph.query._
+import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem}
 
 import javax.inject.{Inject, Singleton}
 
@@ -21,6 +22,7 @@ object OutputParam {
 
 @Singleton
 class TheHiveQueryExecutor @Inject() (
+    appConfig: ApplicationConfig,
     alertCtrl: AlertCtrl,
     auditCtrl: AuditCtrl,
     caseCtrl: CaseCtrl,
@@ -66,6 +68,9 @@ class TheHiveQueryExecutor @Inject() (
       taxonomyCtrl
     )
 
+  val limitedCountThresholdConfig: ConfigItem[Long, Long] = appConfig.item[Long]("query.limitedCountThreshold", "Maximum number returned by a count")
+  override val limitedCountThreshold: Long                = limitedCountThresholdConfig.get
+
   override val version: (Int, Int) = 1 -> 1
 
   override lazy val publicProperties: PublicProperties = controllers.foldLeft(properties.metaProperties)(_ ++ _.publicProperties)

diff --git a/thehive/conf/reference.conf b/thehive/conf/reference.conf
@@ -12,6 +12,8 @@ db {
   initialisationTimeout: 1 hour
 }
 
+query.limitedCountThreshold: 1000
+
 storage {
   provider: localfs
   localfs.directory: /opt/thp/thehive/files

diff --git a/thehive/test/org/thp/thehive/controllers/v0/QueryTest.scala b/thehive/test/org/thp/thehive/controllers/v0/QueryTest.scala
@@ -13,8 +13,9 @@ class QueryTest extends PlaySpecification with Mockito {
   val publicTask = new PublicTask(mock[TaskSrv], mock[OrganisationSrv], mock[UserSrv])
 
   val queryExecutor: QueryExecutor = new QueryExecutor {
-    override val db: Database        = mock[Database]
-    override val version: (Int, Int) = 0 -> 0
+    override val limitedCountThreshold: Long = 1000
+    override val db: Database                = mock[Database]
+    override val version: (Int, Int)         = 0 -> 0
     override lazy val queries: Seq[ParamQuery[_]] =
       publicTask.initialQuery +: publicTask.getQuery +: publicTask.outputQuery +: publicTask.outputQuery +: publicTask.extraQueries
     override lazy val publicProperties: PublicProperties = publicTask.publicProperties
@@ -56,7 +57,7 @@ class QueryTest extends PlaySpecification with Mockito {
 
       val queryOrError = taskCtrl.statsParser(Field(input))
       queryOrError.isGood must beTrue.updateMessage(s => s"$s\n$queryOrError")
-      queryOrError.get must not be empty
+      queryOrError.get    must not be empty
     }
   }
 }
+3 −2		core-test/src/test/scala/org/thp/scalligraph/models/ModernQuery.scala
+10 −0		core/src/main/scala/org/thp/scalligraph/query/Query.scala
+3 −1		core/src/main/scala/org/thp/scalligraph/query/QueryExecutor.scala