Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 1543 #1601

Merged
merged 2 commits into from
Oct 29, 2020
+17 −24
Merged

Issue 1543 #1601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d72217d
#1543 Replaced soft delete by hard delete
rriclet Oct 28, 2020
0a2a54f
#1543 Updated the database's schema
rriclet Oct 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions thehive/app/org/thp/thehive/controllers/v0/CaseCtrl.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,17 +135,6 @@ class CaseCtrl @Inject() (
}

def delete(caseIdOrNumber: String): Action[AnyContent] =
entrypoint("delete case")
.authTransaction(db) { implicit request => implicit graph =>
caseSrv
.get(EntityIdOrName(caseIdOrNumber))
.can(Permissions.manageCase)
.update(_.status, CaseStatus.Deleted)
.getOrFail("Case")
.map(_ => Results.NoContent)
}

def realDelete(caseIdOrNumber: String): Action[AnyContent] =
entrypoint("delete case")
.authTransaction(db) { implicit request => implicit graph =>
for {
Expand Down
4 changes: 2 additions & 2 deletions thehive/app/org/thp/thehive/controllers/v0/Router.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,10 @@ class Router @Inject() (
case PATCH(p"/case/_bulk") => caseCtrl.bulkUpdate // Not used by the frontend
case PATCH(p"/case/$caseId") => caseCtrl.update(caseId) // Audit ok
case POST(p"/case/_merge/$caseIds") => caseCtrl.merge(caseIds) // Not implemented in backend and not used by frontend
case DELETE(p"/case/$caseId") => caseCtrl.delete(caseId) // Not used by frontend
case POST(p"/case/_search") => caseCtrl.search
case POST(p"/case/_stats") => caseCtrl.stats
case DELETE(p"/case/$caseId/force") => caseCtrl.realDelete(caseId) // Audit ok
case DELETE(p"/case/$caseId") => caseCtrl.delete(caseId) // Not used by the frontend
case DELETE(p"/case/$caseId/force") => caseCtrl.delete(caseId) // Audit ok
case GET(p"/case/$caseId/links") => caseCtrl.linkedCases(caseId)

case GET(p"/case/template") => caseTemplateCtrl.search
Expand Down
14 changes: 8 additions & 6 deletions thehive/app/org/thp/thehive/controllers/v1/CaseCtrl.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,12 +112,14 @@ class CaseCtrl @Inject() (
def delete(caseIdOrNumber: String): Action[AnyContent] =
entrypoint("delete case")
.authTransaction(db) { implicit request => implicit graph =>
caseSrv
.get(EntityIdOrName(caseIdOrNumber))
.can(Permissions.manageCase)
.update(_.status, CaseStatus.Deleted)
.getOrFail("Case")
.map(_ => Results.NoContent)
for {
c <-
caseSrv
.get(EntityIdOrName(caseIdOrNumber))
.can(Permissions.manageCase)
.getOrFail("Case")
_ <- caseSrv.remove(c)
} yield Results.NoContent
}

def merge(caseIdsOrNumbers: String): Action[AnyContent] =
Expand Down
1 change: 0 additions & 1 deletion thehive/app/org/thp/thehive/controllers/v1/Router.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ class Router @Inject() (
case DELETE(p"/case/$caseId") => caseCtrl.delete(caseId)
// case PATCH(p"api/case/_bulk") => caseCtrl.bulkUpdate()
// case POST(p"/case/_stats") => caseCtrl.stats()
// case DELETE(p"/case/$caseId/force") => caseCtrl.realDelete(caseId)
// case GET(p"/case/$caseId/links") => caseCtrl.linkedCases(caseId)

case GET(p"/caseTemplate") => caseTemplateCtrl.list
Expand Down
2 changes: 1 addition & 1 deletion thehive/app/org/thp/thehive/models/Case.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import org.thp.scalligraph.models.{DefineIndex, Entity, IndexType}
import play.api.libs.json.{Format, Json}

object CaseStatus extends Enumeration {
val Open, Resolved, Deleted, Duplicated = Value
val Open, Resolved, Duplicated = Value

implicit val format: Format[CaseStatus.Value] = Json.formatEnum(CaseStatus)
}
Expand Down
4 changes: 4 additions & 0 deletions thehive/app/org/thp/thehive/models/TheHiveSchemaDefinition.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@ class TheHiveSchemaDefinition @Inject() extends Schema with UpdatableSchema {
.noop // .addIndex("Tag", IndexType.unique, "namespace", "predicate", "value")
.noop // .addIndex("Audit", IndexType.basic, "requestId", "mainAction")
.rebuildIndexes
.updateGraph("Remove cases with a Deleted status", "Case") { traversal =>
traversal.unsafeHas("status", "Deleted").remove()
Success(())
}

val reflectionClasses = new Reflections(
new ConfigurationBuilder()
Expand Down
1 change: 0 additions & 1 deletion thehive/app/org/thp/thehive/services/notification/notifiers/Webhook.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import org.thp.scalligraph.traversal.{Converter, IdentityConverter, Traversal}
import org.thp.scalligraph.{BadConfigurationError, EntityIdOrName}
import org.thp.thehive.controllers.v0.AuditRenderer
import org.thp.thehive.controllers.v0.Conversion.fromObjectType
import org.thp.thehive.models.Audit._
import org.thp.thehive.models._
import org.thp.thehive.services.AlertOps._
import org.thp.thehive.services.AuditOps._
Expand Down
4 changes: 2 additions & 2 deletions thehive/test/org/thp/thehive/controllers/v0/CaseCtrlTest.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,7 @@ class CaseCtrlTest extends PlaySpecification with TestAppBuilder {
val requestSearch = FakeRequest("POST", s"/api/v0/case/_search?range=0-15&sort=-flag&sort=-startDate&nstats=true")
.withHeaders("user" -> "[email protected]")
.withJsonBody(
Json.parse("""{"query":{"_and":[{"_field":"customFields.boolean1","_value":true},{"_not":{"status":"Deleted"}}]}}""")
Json.parse("""{"query":{"_and":[{"_field":"customFields.boolean1","_value":true}]}}""")
)
val resultSearch = app[CaseCtrl].search()(requestSearch)
status(resultSearch) must equalTo(200).updateMessage(s => s"$s\n${contentAsString(resultSearch)}")
Expand Down Expand Up @@ -354,7 +354,7 @@ class CaseCtrlTest extends PlaySpecification with TestAppBuilder {

val requestDel = FakeRequest("DELETE", s"/api/v0/case/#1/force")
.withHeaders("user" -> "[email protected]")
val resultDel = app[CaseCtrl].realDelete("1")(requestDel)
val resultDel = app[CaseCtrl].delete("1")(requestDel)
status(resultDel) must equalTo(204).updateMessage(s => s"$s\n${contentAsString(resultDel)}")

app[Database].roTransaction { implicit graph =>
Expand Down