Merge pull request #2 from TheHive-Project/develop

Develop

.drone.yml

@@ -159,6 +159,7 @@ steps:
       strip_components: 3
     when:
       branch: [develop]
+      event: {exclude: [pull_request]}
 
   - name: deploy binaries in integration environment
     image: appleboy/drone-ssh
@@ -170,6 +171,7 @@ steps:
         - ./start thehive ${DRONE_BUILD_NUMBER}
     when:
       branch: [develop]
+      event: {exclude: [pull_request]}
 
   # Deploy binaries in staging environment
   - name: copy binaries in staging environment
@@ -183,6 +185,7 @@ steps:
       strip_components: 3
     when:
       branch: [master]
+      event: {exclude: [pull_request]}
 
   - name: deploy binaries in staging environment
     image: appleboy/drone-ssh
@@ -194,6 +197,7 @@ steps:
         - ./start thehive ${DRONE_BUILD_NUMBER}
     when:
       branch: [master]
+      event: {exclude: [pull_request]}
 
 volumes:
   - name: cache

AUTHORS

@@ -11,7 +11,7 @@ Contributors
 
 * CERT Banque de France (CERT-BDF)
 
-Copyright (C) 2017-2018 Nabil Adouani
-Copyright (C) 2014-2018 Thomas Franco
-Copyright (C) 2014-2018 Saâd Kadhi
-Copyright (C) 2014-2018 Jérôme Leonard
+Copyright (C) 2017-2019 Nabil Adouani
+Copyright (C) 2014-2019 Thomas Franco
+Copyright (C) 2014-2019 Saâd Kadhi
+Copyright (C) 2014-2019 Jérôme Leonard

CHANGELOG.md

@@ -1,7 +1,38 @@
 # Change Log
 
-## [3.3.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC2) (2019-02-07)
+## [3.3.0-RC3](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC3) (2019-02-21)
+
+[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC2...3.3.0-RC3)
+
+**Implemented enhancements:**
+
+- Add a UI configuration admin section [\#888](https://github.com/TheHive-Project/TheHive/issues/888)
+- Add a Related Alerts link to case details view [\#884](https://github.com/TheHive-Project/TheHive/issues/884)
+- Update Copyright with year 2019 [\#879](https://github.com/TheHive-Project/TheHive/issues/879)
+- Provide a quick link to copy alert id [\#870](https://github.com/TheHive-Project/TheHive/issues/870)
+- \[BUG\] Audit trail for alert ignore [\#863](https://github.com/TheHive-Project/TheHive/issues/863)
+- Related artifacts: IOC/not IOC [\#838](https://github.com/TheHive-Project/TheHive/issues/838)
+- Feature: Add "auto-completion" to the UI [\#831](https://github.com/TheHive-Project/TheHive/issues/831)
+- Improvement: Upload of observables seem to fail "silently" [\#829](https://github.com/TheHive-Project/TheHive/issues/829)
+- Feature Request: link to and from Hive to MISP [\#820](https://github.com/TheHive-Project/TheHive/issues/820)
+- Disable clickable widgets in dashboard edit mode [\#485](https://github.com/TheHive-Project/TheHive/issues/485)
+- Ability to disable "New Case" -\> "Empty case" [\#449](https://github.com/TheHive-Project/TheHive/issues/449)
+
+**Fixed bugs:**
+
+- Drone build fails on pull-requests [\#882](https://github.com/TheHive-Project/TheHive/issues/882)
+- AKKA version missmatch [\#877](https://github.com/TheHive-Project/TheHive/issues/877)
+- Label Typo in Updated Alerts [\#874](https://github.com/TheHive-Project/TheHive/issues/874)
+- Log message related to MISP synchronization is confusing [\#871](https://github.com/TheHive-Project/TheHive/issues/871)
+- Cortex responders with DataType `thehive:case\_artifact` do not show up within thehive when attempting to run them for observables. [\#869](https://github.com/TheHive-Project/TheHive/issues/869)
+- Alert updates and tracking \(follow\) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
+
+**Merged pull requests:**
 
+- Update akka version [\#878](https://github.com/TheHive-Project/TheHive/pull/878) ([zpriddy](https://github.com/zpriddy))
+- Fix Update Label to Warning [\#873](https://github.com/TheHive-Project/TheHive/pull/873) ([zpriddy](https://github.com/zpriddy))
+
+## [3.3.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC2) (2019-02-07)
 [Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC1...3.3.0-RC2)
 
 **Fixed bugs:**

README.md

@@ -77,12 +77,24 @@ TheHive can be configured to import events from one or multiple [MISP](http://ww
 
 [Cortex](https://github.com/TheHive-Project/Cortex/) is the perfect companion for TheHive. Use one or several to analyze observables at scale and respond to incidents.
 
-### Integration with Digital Shadows
-TheHive Project provides [DigitalShadows2TH](https://github.com/TheHive-Project/DigitalShadows2TH), a free, open source [Digital Shadows](https://www.digitalshadows.com/) alert feeder for TheHive. You can use it to import Digital Shadows *incidents* and *intel-incidents* as alerts in TheHive, where they can be previewed and transformed into new cases using pre-defined incident response templates or added into existing ones.
+### Alert Feeders by TheHive Project
 
-### Integration with Zerofox
+#### DigitalShadows2TH
+[DigitalShadows2TH](https://github.com/TheHive-Project/DigitalShadows2TH) is a free, open source [Digital Shadows](https://www.digitalshadows.com/) alert feeder for TheHive. You can use it to import Digital Shadows *incidents* and *intel-incidents* as alerts in TheHive, where they can be previewed and transformed into new cases using pre-defined incident response templates or added into existing ones.
+
+#### Synapse
+[Synapse](https://github.com/TheHive-Project/Synapse) is a meta-alert feeder that allows you to centrally feed TheHive from multiple alert sources. It leverages TheHive's API to automate case and alert creation. Case creation from email or alert creation from SIEM event are typical use cases. Currently, Synapse allows you to integrate Exchange, O365 & QRadar.
+
+#### Zerofox2TH
 [Zerofox2TH](https://github.com/TheHive-Project/Zerofox2TH) is a free, open source [ZeroFOX](https://www.zerofox.com/) alert feeder for TheHive, written by TheHive Project. You can use it to feed ZeroFOX alerts into TheHive, where they can be previewed and transformed into new cases using pre-defined incident response templates or added into existing ones.
 
+### Alert Feeders from the User Community
+
+### Integration with Crowdstrike Falcon (WIP)
+[Crowdstrike2TH](https://github.com/xg5-simon/CrowdStrike2TH) is a [Crowdstrike Falcon](https://www.crowdstrike.com/endpoint-security-products/) alert feeder for TheHive, written by [Simon](https://github.com/xg5-simon). You can use it to feed Crowdstrike alerts into TheHive, where they can be previewed and transformed into new cases using pre-defined incident response templates or added into existing ones.
+
+**Note**: this is a work in progress. Currently, the code licensing is unclear. 
+
 ### Integration with FireEye iSIGHT
 [FireEye2TH](https://github.com/LDO-CERT/FireEye2TH) is a free, open source [FireEye iSIGHT](https://www.fireeye.com/) alert feeder for TheHive, written by LDO-CERT. You can use it to feed FireEye iSIGHT alerts into TheHive, where they can be previewed and transformed into new cases using pre-defined incident response templates or added into existing ones.
 

thehive-backend/app/controllers/ArtifactCtrl.scala

@@ -38,31 +38,35 @@ class ArtifactCtrl @Inject() (
   private[ArtifactCtrl] lazy val logger = Logger(getClass)
 
   // extract a file from the archive and make sure its size matches the header (to protect against zip bombs)
-  private def extractAndCheckSize(zipFile: ZipFile, header: FileHeader)(implicit authContext: AuthContext): FileInputValue = {
-    val file = tempSrv.newTemporaryFile(header.getFileName, "-fromZipFile")
-
-    val input = zipFile.getInputStream(header)
-    val size = header.getUncompressedSize
-    val sizedInput: FilterInputStream = new FilterInputStream(input) {
-      var totalRead = 0
-
-      override def read(): Int = {
-        if (totalRead < size) {
-          totalRead += 1
-          super.read()
+  private def extractAndCheckSize(zipFile: ZipFile, header: FileHeader)(implicit authContext: AuthContext): Option[FileInputValue] = {
+    val fileName = header.getFileName
+    if (fileName.contains('/')) None
+    else {
+      val file = tempSrv.newTemporaryFile(fileName, "-fromZipFile")
+
+      val input = zipFile.getInputStream(header)
+      val size = header.getUncompressedSize
+      val sizedInput: FilterInputStream = new FilterInputStream(input) {
+        var totalRead = 0
+
+        override def read(): Int = {
+          if (totalRead < size) {
+            totalRead += 1
+            super.read()
+          }
+          else throw BadRequestError("Error extracting file: output size doesn't match header")
         }
-        else throw BadRequestError("Error extracting file: output size doesn't match header")
       }
+      Files.delete(file)
+      val fileSize = Files.copy(sizedInput, file)
+      if (fileSize != size) {
+        file.toFile.delete()
+        throw InternalError("Error extracting file: output size doesn't match header")
+      }
+      input.close()
+      val contentType = Option(Files.probeContentType(file)).getOrElse("application/octet-stream")
+      Some(FileInputValue(header.getFileName, file, contentType))
     }
-    Files.delete(file)
-    val fileSize = Files.copy(sizedInput, file)
-    if (fileSize != size) {
-      file.toFile.delete()
-      throw InternalError("Error extracting file: output size doesn't match header")
-    }
-    input.close()
-    val contentType = Option(Files.probeContentType(file)).getOrElse("application/octet-stream")
-    FileInputValue(header.getFileName, file, contentType)
   }
 
   @Timed
@@ -91,7 +95,7 @@ class ArtifactCtrl @Inject() (
               }
 
               val multiFields = files.filterNot(_.isDirectory)
-                .map(extractAndCheckSize(zipFile, _))
+                .flatMap(extractAndCheckSize(zipFile, _))
                 .map { fiv ⇒
                   fields
                     .unset("isZip")

thehive-misp/app/connectors/misp/MispConnection.scala

@@ -106,11 +106,13 @@ case class MispConnection(
           "name" → name,
           "version" → version,
           "status" → "OK",
+          "url" → baseUrl,
           "purpose" → purpose.toString)
         case None ⇒ Json.obj(
           "name" → name,
           "version" → "",
           "status" → "ERROR",
+          "url" → baseUrl,
           "purpose" → purpose.toString)
       }
   }

ui/app/index.html

@@ -144,11 +144,13 @@
     <script src="scripts/controllers/admin/AdminMetricsCtrl.js"></script>
     <script src="scripts/controllers/admin/AdminObservablesCtrl.js"></script>
     <script src="scripts/controllers/admin/AdminReportTemplatesCtrl.js"></script>
+    <script src="scripts/controllers/admin/AdminUiSettingsCtrl.js"></script>
     <script src="scripts/controllers/admin/AdminUserDialogCtrl.js"></script>
     <script src="scripts/controllers/admin/AdminUsersCtrl.js"></script>
     <script src="scripts/controllers/alert/AlertEventCtrl.js"></script>
     <script src="scripts/controllers/alert/AlertListCtrl.js"></script>
     <script src="scripts/controllers/alert/AlertStatsCtrl.js"></script>
+    <script src="scripts/controllers/case/CaseAlertsCtrl.js"></script>
     <script src="scripts/controllers/case/CaseCloseModalCtrl.js"></script>
     <script src="scripts/controllers/case/CaseCreationCtrl.js"></script>
     <script src="scripts/controllers/case/CaseDeleteModalCtrl.js"></script>
@@ -268,6 +270,7 @@
     <script src="scripts/services/StreamStatSrv.js"></script>
     <script src="scripts/services/TagSrv.js"></script>
     <script src="scripts/services/TaskLogSrv.js"></script>
+    <script src="scripts/services/UiSettingsSrv.js"></script>
     <script src="scripts/services/UserInfoSrv.js"></script>
     <script src="scripts/services/UserSrv.js"></script>
     <script src="scripts/services/UtilsSrv.js"></script>

ui/app/scripts/app.js

@@ -34,8 +34,8 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
                 templateUrl: 'views/login.html',
                 resolve: {
                     appConfig: function(VersionSrv) {
-                                 return VersionSrv.get();
-                              }
+                       return VersionSrv.get();
+                    }
                 },
                 params: {
                     autoLogin: false
@@ -77,6 +77,10 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
                     appLayout: function($q, $rootScope, AppLayoutSrv) {
                         AppLayoutSrv.init();
                         return $q.resolve();
+                    },
+                    uiConfig: function($q, UiSettingsSrv) {
+                        UiSettingsSrv.all();
+                        return $q.resolve();
                     }
                 }
             })
@@ -215,6 +219,18 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
                 controller: 'AdminObservablesCtrl',
                 title: 'Observable administration'
             })
+            .state('app.administration.ui-settings', {
+                url: '/ui-settings',
+                templateUrl: 'views/partials/admin/ui-settings.html',
+                controller: 'AdminUiSettingsCtrl',
+                controllerAs: '$vm',
+                title: 'UI settings',
+                resolve: {
+                    uiConfig: function(UiSettingsSrv) {
+                        return UiSettingsSrv.all();
+                    }
+                }
+            })
             .state('app.case', {
                 abstract: true,
                 url: 'case/{caseId}',
@@ -263,6 +279,20 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
                 templateUrl: 'views/partials/case/case.links.html',
                 controller: 'CaseLinksCtrl'
             })
+            .state('app.case.alerts', {
+                url: '/alerts',
+                templateUrl: 'views/partials/case/case.alerts.html',
+                controller: 'CaseAlertsCtrl',
+                resolve: {
+                    alerts: function($stateParams, CaseSrv) {
+                        return CaseSrv.alerts({range: 'all'}, {
+                            query: {
+                              case: $stateParams.caseId
+                            }
+                        }).$promise;
+                    }
+                }
+            })
             .state('app.case.tasks-item', {
                 url: '/tasks/{itemId}',
                 templateUrl: 'views/partials/case/case.tasks.item.html',
@@ -299,6 +329,20 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
                 resolve: {
                     appConfig: function(VersionSrv) {
                         return VersionSrv.get();
+                    },
+                    artifact: function($q, $stateParams, CaseArtifactSrv, NotificationSrv) {
+                        var deferred = $q.defer();
+
+                        CaseArtifactSrv.api().get({
+                            'artifactId': $stateParams.itemId
+                        }).$promise.then(function(data) {
+                            deferred.resolve(data);
+                        }).catch(function(response) {
+                            deferred.reject(response);
+                            NotificationSrv.error('Observable Details', response.data, response.status);
+                        });
+
+                        return deferred.promise;
                     }
                 }
             })
@@ -433,7 +477,7 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ngSanitize', 'ui.bootstra
               var renderer = defaults.renderer;
               var linkRenderer = _.wrap(renderer.link, function(originalLink, href, title, text) {
                   var html = originalLink.call(renderer, href, title, text);
-                  return html.replace(/^<a /, '<a target="_blank" rel="nofollow" ')
+                  return html.replace(/^<a /, '<a target="_blank" rel="nofollow" ');
               });
 
               // Customize the link renderer

ui/app/scripts/controllers/RootCtrl.js

@@ -179,13 +179,16 @@ angular.module('theHiveControllers').controller('RootCtrl',
                 resolve: {
                     templates: function(){
                         return $scope.templates;
+                    },
+                    uiSettings: function(UiSettingsSrv) {
+                        return UiSettingsSrv.all();
                     }
                 }
             });
 
             modal.result.then(function(template) {
                 $scope.createNewCase(template);
-            })
+            });
         };
 
         $scope.aboutTheHive = function() {

ui/app/scripts/controllers/admin/AdminCustomFieldDialogCtrl.js

@@ -78,11 +78,11 @@
         self.clearUniqueReferenceError = function(form) {
             form.reference.$setValidity('unique', true);
             form.reference.$setPristine();
-        }
+        };
 
         self.cancel = function() {
             $uibModalInstance.dismiss();
-        }
+        };
 
         self.onNamechanged = function(form) {
             if (!self.customField.name) {

ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js

@@ -59,12 +59,12 @@
                     }
                 });
 
-                modalInstance.result.then(function(data) {
+                modalInstance.result.then(function(/*data*/) {
                     self.initCustomfields();
                     CustomFieldsCacheSrv.clearCache();
                     $scope.$emit('custom-fields:refresh');
                 });
-            }
+            };
 
             self.initCustomfields();
         });