#1599 Add case metadata properties for alert similarity

TheHive-Project · Nov 13, 2020 · be08d98 · be08d98
1 parent 6badf58
commit be08d98
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 12 deletions.
diff --git a/thehive/app/org/thp/thehive/controllers/v1/AlertCtrl.scala b/thehive/app/org/thp/thehive/controllers/v1/AlertCtrl.scala
@@ -53,9 +53,10 @@ class AlertCtrl @Inject() (
           _.richAlertWithCustomRenderer(alertStatsRenderer(range.extraData)(authContext))
         )
   )
-  override val outputQuery: Query = Query.output[RichAlert, Traversal.V[Alert]](_.richAlert)
+  override val outputQuery: Query      = Query.output[RichAlert, Traversal.V[Alert]](_.richAlert)
+  val caseProperties: PublicProperties = properties.`case` ++ properties.metaProperties
   val caseFilterParser: FieldsParser[Option[InputQuery[Traversal.Unk, Traversal.Unk]]] =
-    FilterQuery.default(db, properties.`case`).paramParser(ru.typeOf[Traversal.V[Case]]).optional.on("caseFilter")
+    FilterQuery.default(db, caseProperties).paramParser(ru.typeOf[Traversal.V[Case]]).optional.on("caseFilter")
   override val extraQueries: Seq[ParamQuery[_]] = Seq(
     Query[Traversal.V[Alert], Traversal.V[Observable]]("observables", (alertSteps, _) => alertSteps.observables),
     Query[Traversal.V[Alert], Traversal.V[Case]]("case", (alertSteps, _) => alertSteps.`case`),
@@ -68,7 +69,7 @@ class AlertCtrl @Inject() (
       caseFilterParser,
       { (maybeCaseFilterQuery, alertSteps, authContext) =>
         val maybeCaseFilter: Option[Traversal.V[Case] => Traversal.V[Case]] =
-          maybeCaseFilterQuery.map(f => cases => f(db, properties.`case`, ru.typeOf[Traversal.V[Case]], cases.cast, authContext).cast)
+          maybeCaseFilterQuery.map(f => cases => f(db, caseProperties, ru.typeOf[Traversal.V[Case]], cases.cast, authContext).cast)
         alertSteps.similarCases(maybeCaseFilter)(authContext).domainMap(Json.toJson(_))
       }
     )

diff --git a/thehive/app/org/thp/thehive/controllers/v1/Properties.scala b/thehive/app/org/thp/thehive/controllers/v1/Properties.scala
@@ -37,6 +37,15 @@ class Properties @Inject() (
     @Named("with-thehive-schema") db: Database
 ) {
 
+  lazy val metaProperties: PublicProperties =
+    PublicPropertyListBuilder
+      .forType[Product](_ => true)
+      .property("_createdBy", UMapping.string)(_.field.readonly)
+      .property("_createdAt", UMapping.date)(_.field.readonly)
+      .property("_updatedBy", UMapping.string.optional)(_.field.readonly)
+      .property("_updatedAt", UMapping.date.optional)(_.field.readonly)
+      .build
+
   lazy val alert: PublicProperties =
     PublicPropertyListBuilder[Alert]
       .property("type", UMapping.string)(_.field.updatable)

diff --git a/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala b/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala
@@ -33,6 +33,7 @@ class TheHiveQueryExecutor @Inject() (
     taskCtrl: TaskCtrl,
     userCtrl: UserCtrl,
     //    dashboardCtrl: DashboardCtrl,
+    properties: Properties,
     @Named("with-thehive-schema") implicit val db: Database
 ) extends QueryExecutor {
 
@@ -57,15 +58,7 @@ class TheHiveQueryExecutor @Inject() (
 
   override val version: (Int, Int) = 1 -> 1
 
-  def metaProperties: PublicProperties =
-    PublicPropertyListBuilder[Product]
-      .property("_createdBy", UMapping.string)(_.field.readonly)
-      .property("_createdAt", UMapping.date)(_.field.readonly)
-      .property("_updatedBy", UMapping.string.optional)(_.field.readonly)
-      .property("_updatedAt", UMapping.date.optional)(_.field.readonly)
-      .build
-
-  override lazy val publicProperties: PublicProperties = controllers.foldLeft(metaProperties)(_ ++ _.publicProperties)
+  override lazy val publicProperties: PublicProperties = controllers.foldLeft(properties.metaProperties)(_ ++ _.publicProperties)
 
   override lazy val queries: Seq[ParamQuery[_]] =
     controllers.map(_.initialQuery) ++