#1766 Added play.json extension & capecId / capecUrl

TheHive-Project · Feb 5, 2021 · b819535 · b819535
1 parent e66665b
commit b819535
Show file tree

Hide file tree

Showing 11 changed files with 94 additions and 203 deletions.
diff --git a/build.sbt b/build.sbt
@@ -170,7 +170,10 @@ lazy val thehiveDto = (project in file("dto"))
   .dependsOn(scalligraph)
   .settings(
     name := "thehive-dto",
-    version := thehiveVersion
+    version := thehiveVersion,
+    libraryDependencies ++= Seq(
+      aix
+    )
   )
 
 lazy val thehiveClient = (project in file("client"))

diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Alert.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Alert.scala
@@ -1,10 +1,12 @@
 package org.thp.thehive.dto.v1
 
-import java.util.Date
-
+import ai.x.play.json.Encoders.encoder
+import ai.x.play.json.Jsonx
 import org.thp.scalligraph.controllers.WithParser
 import play.api.libs.json._
 
+import java.util.Date
+
 case class InputAlert(
     `type`: String,
     source: String,
@@ -54,87 +56,5 @@ case class OutputAlert(
 )
 
 object OutputAlert {
-  implicit val reads: Reads[OutputAlert] = Reads[OutputAlert] { json =>
-    for {
-      _id             <- (json \ "_id").validate[String]
-      _type           <- (json \ "_type").validate[String]
-      _createdBy      <- (json \ "_createdBy").validate[String]
-      _updatedBy      <- (json \ "_updatedBy").validateOpt[String]
-      _createdAt      <- (json \ "_createdAt").validate[Date]
-      _updatedAt      <- (json \ "_updatedAt").validateOpt[Date]
-      tpe             <- (json \ "type").validate[String]
-      source          <- (json \ "source").validate[String]
-      sourceRef       <- (json \ "sourceRef").validate[String]
-      externalLink    <- (json \ "externalLink").validateOpt[String]
-      title           <- (json \ "title").validate[String]
-      description     <- (json \ "description").validate[String]
-      severity        <- (json \ "severity").validate[Int]
-      date            <- (json \ "date").validate[Date]
-      tags            <- (json \ "tags").validate[Set[String]]
-      tlp             <- (json \ "tlp").validate[Int]
-      pap             <- (json \ "pap").validate[Int]
-      read            <- (json \ "read").validate[Boolean]
-      follow          <- (json \ "follow").validate[Boolean]
-      customFields    <- (json \ "customFields").validate[Seq[OutputCustomFieldValue]]
-      caseTemplate    <- (json \ "caseTemplate").validateOpt[String]
-      observableCount <- (json \ "observableCount").validate[Long]
-      caseId          <- (json \ "caseId").validateOpt[String]
-      extraData       <- (json \ "extraData").validate[JsObject]
-    } yield OutputAlert(
-      _id,
-      _type,
-      _createdBy,
-      _updatedBy,
-      _createdAt,
-      _updatedAt,
-      tpe,
-      source,
-      sourceRef,
-      externalLink,
-      title,
-      description,
-      severity,
-      date,
-      tags,
-      tlp,
-      pap,
-      read,
-      follow,
-      customFields,
-      caseTemplate,
-      observableCount,
-      caseId,
-      extraData
-    )
-  }
-  implicit val writes: OWrites[OutputAlert] = OWrites[OutputAlert] { outputAlert =>
-    Json.obj(
-      "_id"             -> outputAlert._id,
-      "_type"           -> outputAlert._type,
-      "_createdBy"      -> outputAlert._createdBy,
-      "_updatedBy"      -> outputAlert._updatedBy,
-      "_createdAt"      -> outputAlert._createdAt,
-      "_updatedAt"      -> outputAlert._updatedAt,
-      "type"            -> outputAlert.`type`,
-      "source"          -> outputAlert.source,
-      "sourceRef"       -> outputAlert.sourceRef,
-      "externalLink"    -> outputAlert.externalLink,
-      "title"           -> outputAlert.title,
-      "description"     -> outputAlert.description,
-      "severity"        -> outputAlert.severity,
-      "date"            -> outputAlert.date,
-      "tags"            -> outputAlert.tags,
-      "tlp"             -> outputAlert.tlp,
-      "pap"             -> outputAlert.pap,
-      "read"            -> outputAlert.read,
-      "follow"          -> outputAlert.follow,
-      "customFields"    -> outputAlert.customFields,
-      "caseTemplate"    -> outputAlert.caseTemplate,
-      "observableCount" -> outputAlert.observableCount,
-      "caseId"          -> outputAlert.caseId,
-      "extraData"       -> outputAlert.extraData
-    )
-  }
-
-  implicit val format: OFormat[OutputAlert] = OFormat(reads, writes)
+  implicit val format: OFormat[OutputAlert] = Jsonx.formatCaseClass[OutputAlert]
 }
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Case.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Case.scala
@@ -1,7 +1,9 @@
 package org.thp.thehive.dto.v1
 
-import java.util.Date
+import ai.x.play.json.Encoders.encoder
+import ai.x.play.json.Jsonx
 
+import java.util.Date
 import org.thp.scalligraph.controllers.WithParser
 import play.api.libs.json._
 
@@ -53,86 +55,5 @@ case class OutputCase(
 )
 
 object OutputCase {
-
-  val reads: Reads[OutputCase] = Reads[OutputCase] { json =>
-    for {
-      _id              <- (json \ "_id").validate[String]
-      _type            <- (json \ "_type").validate[String]
-      _createdBy       <- (json \ "_createdBy").validate[String]
-      _updatedBy       <- (json \ "_updatedBy").validateOpt[String]
-      _createdAt       <- (json \ "_createdAt").validate[Date]
-      _updatedAt       <- (json \ "_updatedAt").validateOpt[Date]
-      number           <- (json \ "number").validate[Int]
-      title            <- (json \ "title").validate[String]
-      description      <- (json \ "description").validate[String]
-      severity         <- (json \ "severity").validate[Int]
-      startDate        <- (json \ "startDate").validate[Date]
-      endDate          <- (json \ "endDate").validateOpt[Date]
-      tags             <- (json \ "tags").validate[Set[String]]
-      flag             <- (json \ "flag").validate[Boolean]
-      tlp              <- (json \ "tlp").validate[Int]
-      pap              <- (json \ "pap").validate[Int]
-      status           <- (json \ "status").validate[String]
-      summary          <- (json \ "summary").validateOpt[String]
-      impactStatus     <- (json \ "impactStatus").validateOpt[String]
-      resolutionStatus <- (json \ "resolutionStatus").validateOpt[String]
-      assignee         <- (json \ "assignee").validateOpt[String]
-      customFields     <- (json \ "customFields").validate[Seq[OutputCustomFieldValue]]
-      extraData        <- (json \ "extraData").validate[JsObject]
-    } yield OutputCase(
-      _id,
-      _type,
-      _createdBy,
-      _updatedBy,
-      _createdAt,
-      _updatedAt,
-      number,
-      title,
-      description,
-      severity,
-      startDate,
-      endDate,
-      tags,
-      flag,
-      tlp,
-      pap,
-      status,
-      summary,
-      impactStatus,
-      resolutionStatus,
-      assignee,
-      customFields,
-      extraData
-    )
-  }
-
-  val writes: OWrites[OutputCase] = OWrites[OutputCase] { outputCase =>
-    Json.obj(
-      "_id"              -> outputCase._id,
-      "_type"            -> outputCase._type,
-      "_createdBy"       -> outputCase._createdBy,
-      "_updatedBy"       -> outputCase._updatedBy,
-      "_createdAt"       -> outputCase._createdAt,
-      "_updatedAt"       -> outputCase._updatedAt,
-      "number"           -> outputCase.number,
-      "title"            -> outputCase.title,
-      "description"      -> outputCase.description,
-      "severity"         -> outputCase.severity,
-      "startDate"        -> outputCase.startDate,
-      "endDate"          -> outputCase.endDate,
-      "tags"             -> outputCase.tags,
-      "flag"             -> outputCase.flag,
-      "tlp"              -> outputCase.tlp,
-      "pap"              -> outputCase.pap,
-      "status"           -> outputCase.status,
-      "summary"          -> outputCase.summary,
-      "impactStatus"     -> outputCase.impactStatus,
-      "resolutionStatus" -> outputCase.resolutionStatus,
-      "assignee"         -> outputCase.assignee,
-      "customFields"     -> outputCase.customFields,
-      "extraData"        -> outputCase.extraData
-    )
-  }
-
-  implicit val format: OFormat[OutputCase] = OFormat(reads, writes)
+  implicit val format: OFormat[OutputCase] = Jsonx.formatCaseClass[OutputCase]
 }
diff --git a/dto/src/main/scala/org/thp/thehive/dto/v1/Pattern.scala b/dto/src/main/scala/org/thp/thehive/dto/v1/Pattern.scala
@@ -1,6 +1,8 @@
 package org.thp.thehive.dto.v1
 
-import play.api.libs.json.{Format, JsObject, Json, Reads, Writes}
+import ai.x.play.json.Encoders.encoder
+import ai.x.play.json.Jsonx
+import play.api.libs.json._
 
 import java.util.Date
 
@@ -11,6 +13,8 @@ case class InputPattern(
     kill_chain_phases: Seq[InputKillChainPhase],
     url: String,
     `type`: String,
+    capec_id: Option[String],
+    capec_url: Option[String],
     revoked: Boolean,
     x_mitre_data_sources: Seq[String],
     x_mitre_defense_bypassed: Seq[String],
@@ -60,7 +64,8 @@ object InputPattern {
   implicit val reads: Reads[InputPattern] = Reads[InputPattern] { json =>
     for {
       references <- (json \ "external_references").validate[Seq[InputReference]]
-      mitreReference = references.find(ref => isSourceNameValid(ref.source_name))
+      mitreReference = references.find(ref => isSourceNameMitre(ref.source_name))
+      capecReference = references.find(ref => isSourceNameCapec(ref.source_name))
       name                         <- (json \ "name").validate[String]
       description                  <- (json \ "description").validateOpt[String]
       kill_chain_phases            <- (json \ "kill_chain_phases").validateOpt[Seq[InputKillChainPhase]]
@@ -82,6 +87,8 @@ object InputPattern {
       kill_chain_phases.getOrElse(Seq()),
       mitreReference.flatMap(_.url).getOrElse(""),
       techniqueType,
+      capecReference.flatMap(_.external_id),
+      capecReference.flatMap(_.url),
       revoked.getOrElse(false),
       x_mitre_data_sources.getOrElse(Seq()),
       x_mitre_defense_bypassed.getOrElse(Seq()),
@@ -95,9 +102,12 @@ object InputPattern {
     )
   }
 
-  private def isSourceNameValid(reference: String): Boolean =
+  private def isSourceNameMitre(reference: String): Boolean =
     reference == "mitre-attack"
 
+  private def isSourceNameCapec(reference: String): Boolean =
+    reference == "capec"
+
   implicit val writes: Writes[InputPattern] = Json.writes[InputPattern]
 }
 
@@ -114,6 +124,8 @@ case class OutputPattern(
     tactics: Set[String],
     url: String,
     patternType: String,
+    capecId: Option[String],
+    capecUrl: Option[String],
     revoked: Boolean,
     dataSources: Seq[String],
     defenseBypassed: Seq[String],
@@ -127,5 +139,5 @@ case class OutputPattern(
 )
 
 object OutputPattern {
-  implicit val format: Format[OutputPattern] = Json.format[OutputPattern]
+  implicit val format: OFormat[OutputPattern] = Jsonx.formatCaseClass[OutputPattern]
 }
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -15,47 +15,48 @@ object Dependencies {
   lazy val akkaClusterTyped        = "com.typesafe.akka"        %% "akka-cluster-typed"                 % akkaVersion
   lazy val akkaHttp                = "com.typesafe.akka"        %% "akka-http"                          % "10.1.12"
   lazy val akkaHttpXml             = "com.typesafe.akka"        %% "akka-http-xml"                      % "10.1.12"
-  lazy val janusGraph              = "org.janusgraph"           % "janusgraph"                          % janusVersion
-  lazy val janusGraphCore          = "org.janusgraph"           % "janusgraph-core"                     % janusVersion
-  lazy val janusGraphBerkeleyDB    = "org.janusgraph"           % "janusgraph-berkeleyje"               % janusVersion
-  lazy val janusGraphHBase         = "org.janusgraph"           % "janusgraph-hbase"                    % janusVersion
-  lazy val janusGraphLucene        = "org.janusgraph"           % "janusgraph-lucene"                   % janusVersion
-  lazy val janusGraphElasticSearch = "org.janusgraph"           % "janusgraph-es"                       % janusVersion
-  lazy val janusGraphCassandra     = "org.janusgraph"           % "janusgraph-cql"                      % janusVersion
-  lazy val janusGraphInMemory      = "org.janusgraph"           % "janusgraph-inmemory"                 % janusVersion
-  lazy val janusGraphDriver        = "org.janusgraph"           % "janusgraph-driver"                   % janusVersion
-  lazy val tinkerpop               = "org.apache.tinkerpop"     % "gremlin-core"                        % "3.4.7"
+  lazy val janusGraph              = "org.janusgraph"            % "janusgraph"                         % janusVersion
+  lazy val janusGraphCore          = "org.janusgraph"            % "janusgraph-core"                    % janusVersion
+  lazy val janusGraphBerkeleyDB    = "org.janusgraph"            % "janusgraph-berkeleyje"              % janusVersion
+  lazy val janusGraphHBase         = "org.janusgraph"            % "janusgraph-hbase"                   % janusVersion
+  lazy val janusGraphLucene        = "org.janusgraph"            % "janusgraph-lucene"                  % janusVersion
+  lazy val janusGraphElasticSearch = "org.janusgraph"            % "janusgraph-es"                      % janusVersion
+  lazy val janusGraphCassandra     = "org.janusgraph"            % "janusgraph-cql"                     % janusVersion
+  lazy val janusGraphInMemory      = "org.janusgraph"            % "janusgraph-inmemory"                % janusVersion
+  lazy val janusGraphDriver        = "org.janusgraph"            % "janusgraph-driver"                  % janusVersion
+  lazy val tinkerpop               = "org.apache.tinkerpop"      % "gremlin-core"                       % "3.4.7"
   lazy val gremlinScala            = "com.michaelpollmeier"     %% "gremlin-scala"                      % "3.4.4.5"
-  lazy val gremlinOrientdb         = "com.orientechnologies"    % "orientdb-gremlin"                    % "3.0.18"
-  lazy val hbaseClient             = "org.apache.hbase"         % "hbase-shaded-client"                 % "1.4.9" exclude ("org.slf4j", "slf4j-log4j12")
+  lazy val gremlinOrientdb         = "com.orientechnologies"     % "orientdb-gremlin"                   % "3.0.18"
+  lazy val hbaseClient             = "org.apache.hbase"          % "hbase-shaded-client"                % "1.4.9" exclude ("org.slf4j", "slf4j-log4j12")
   lazy val scalactic               = "org.scalactic"            %% "scalactic"                          % "3.1.1"
   lazy val scalaGuice              = "net.codingwell"           %% "scala-guice"                        % "4.2.6"
   lazy val sangria                 = "org.sangria-graphql"      %% "sangria"                            % "1.4.2"
   lazy val sangriaPlay             = "org.sangria-graphql"      %% "sangria-play-json"                  % "1.0.5"
   lazy val shapeless               = "com.chuusai"              %% "shapeless"                          % "2.3.3"
-  lazy val bouncyCastle            = "org.bouncycastle"         % "bcprov-jdk15on"                      % "1.65"
-  lazy val neo4jGremlin            = "org.apache.tinkerpop"     % "neo4j-gremlin"                       % "3.3.4"
-  lazy val neo4jTinkerpop          = "org.neo4j"                % "neo4j-tinkerpop-api-impl"            % "0.7-3.2.3" exclude ("org.slf4j", "slf4j-nop")
-  lazy val apacheConfiguration     = "commons-configuration"    % "commons-configuration"               % "1.10"
-  lazy val macroParadise           = "org.scalamacros"          % "paradise"                            % "2.1.1" cross CrossVersion.full
+  lazy val bouncyCastle            = "org.bouncycastle"          % "bcprov-jdk15on"                     % "1.65"
+  lazy val neo4jGremlin            = "org.apache.tinkerpop"      % "neo4j-gremlin"                      % "3.3.4"
+  lazy val neo4jTinkerpop          = "org.neo4j"                 % "neo4j-tinkerpop-api-impl"           % "0.7-3.2.3" exclude ("org.slf4j", "slf4j-nop")
+  lazy val apacheConfiguration     = "commons-configuration"     % "commons-configuration"              % "1.10"
+  lazy val macroParadise           = "org.scalamacros"           % "paradise"                           % "2.1.1" cross CrossVersion.full
   lazy val chimney                 = "io.scalaland"             %% "chimney"                            % "0.4.0"
   lazy val elastic4sCore           = "com.sksamuel.elastic4s"   %% "elastic4s-core"                     % elastic4sVersion
   lazy val elastic4sHttpStreams    = "com.sksamuel.elastic4s"   %% "elastic4s-http-streams"             % elastic4sVersion
   lazy val elastic4sHttp           = "com.sksamuel.elastic4s"   %% "elastic4s-http"                     % elastic4sVersion
-  lazy val log4jOverSlf4j          = "org.slf4j"                % "log4j-over-slf4j"                    % "1.7.25"
-  lazy val log4jToSlf4j            = "org.apache.logging.log4j" % "log4j-to-slf4j"                      % "2.9.1"
-  lazy val reflections             = "org.reflections"          % "reflections"                         % "0.9.12"
-  lazy val hadoopClient            = "org.apache.hadoop"        % "hadoop-client"                       % "3.2.1"
-  lazy val zip4j                   = "net.lingala.zip4j"        % "zip4j"                               % "2.3.1"
+  lazy val log4jOverSlf4j          = "org.slf4j"                 % "log4j-over-slf4j"                   % "1.7.25"
+  lazy val log4jToSlf4j            = "org.apache.logging.log4j"  % "log4j-to-slf4j"                     % "2.9.1"
+  lazy val reflections             = "org.reflections"           % "reflections"                        % "0.9.12"
+  lazy val hadoopClient            = "org.apache.hadoop"         % "hadoop-client"                      % "3.2.1"
+  lazy val zip4j                   = "net.lingala.zip4j"         % "zip4j"                              % "2.3.1"
   lazy val alpakka                 = "com.lightbend.akka"       %% "akka-stream-alpakka-json-streaming" % "1.1.2"
-  lazy val handlebars              = "com.github.jknack"        % "handlebars"                          % "4.1.2"
+  lazy val handlebars              = "com.github.jknack"         % "handlebars"                         % "4.1.2"
   lazy val playMailer              = "com.typesafe.play"        %% "play-mailer"                        % "7.0.1"
   lazy val playMailerGuice         = "com.typesafe.play"        %% "play-mailer-guice"                  % "7.0.1"
-  lazy val jts                     = "com.vividsolutions"       % "jts"                                 % "1.13"
+  lazy val jts                     = "com.vividsolutions"        % "jts"                                % "1.13"
   lazy val pbkdf2                  = "io.github.nremond"        %% "pbkdf2-scala"                       % "0.6.5"
   lazy val alpakkaS3               = "com.lightbend.akka"       %% "akka-stream-alpakka-s3"             % "1.1.2"
-  lazy val commonCodec             = "commons-codec"            % "commons-codec"                       % "1.11"
+  lazy val commonCodec             = "commons-codec"             % "commons-codec"                      % "1.11"
   lazy val scopt                   = "com.github.scopt"         %% "scopt"                              % "4.0.0-RC2"
+  lazy val aix                     = "ai.x"                     %% "play-json-extensions"               % "0.42.0"
 
   def scalaReflect(scalaVersion: String)  = "org.scala-lang" % "scala-reflect"  % scalaVersion
   def scalaCompiler(scalaVersion: String) = "org.scala-lang" % "scala-compiler" % scalaVersion

diff --git a/thehive/app/org/thp/thehive/controllers/v1/Conversion.scala b/thehive/app/org/thp/thehive/controllers/v1/Conversion.scala
@@ -501,6 +501,8 @@ object Conversion {
         .withFieldRenamed(_.external_id, _.patternId)
         .withFieldComputed(_.tactics, _.kill_chain_phases.map(_.phase_name).toSet)
         .withFieldRenamed(_.`type`, _.patternType)
+        .withFieldRenamed(_.capec_id, _.capecId)
+        .withFieldRenamed(_.capec_url, _.capecUrl)
         .withFieldRenamed(_.x_mitre_data_sources, _.dataSources)
         .withFieldRenamed(_.x_mitre_defense_bypassed, _.defenseBypassed)
         .withFieldRenamed(_.x_mitre_detection, _.detection)