Feature taxonomy

.drone.yml

@@ -8,7 +8,7 @@ steps:
   - name: submodules
     image: alpine/git
     commands:
-      - git submodule update --recursive --init --remote
+      - git submodule update --recursive --init
 
   # Restore cache of downloaded dependencies
   - name: restore-cache

dto/src/main/scala/org/thp/thehive/dto/v1/CustomFieldValue.scala

@@ -70,6 +70,7 @@ object InputCustomFieldValue {
       }
     case _ => Good(Nil)
   }
+
   implicit val writes: Writes[Seq[InputCustomFieldValue]] = Writes[Seq[InputCustomFieldValue]] { icfv =>
     val fields = icfv.map {
       case InputCustomFieldValue(name, Some(s: String), _)  => name -> JsString(s)

dto/src/main/scala/org/thp/thehive/dto/v1/Tag.scala

@@ -0,0 +1,15 @@
+package org.thp.thehive.dto.v1
+
+import play.api.libs.json.{Json, OFormat}
+
+case class OutputTag(
+  namespace: String,
+  predicate: String,
+  value: Option[String],
+  description: Option[String],
+  colour: Int
+)
+
+object OutputTag {
+  implicit val format: OFormat[OutputTag] = Json.format[OutputTag]
+}

dto/src/main/scala/org/thp/thehive/dto/v1/Taxonomy.scala

@@ -0,0 +1,73 @@
+package org.thp.thehive.dto.v1
+
+import java.util.Date
+
+import play.api.libs.json.{Json, OFormat}
+
+/*
+Format based on :
+https://tools.ietf.org/id/draft-dulaunoy-misp-taxonomy-format-04.html
+*/
+
+case class InputTaxonomy(
+  namespace: String,
+  description: String,
+  version: Int,
+  `type`: Option[Seq[String]],
+  exclusive: Option[Boolean],
+  predicates: Seq[InputPredicate],
+  values: Option[Seq[InputValue]]
+)
+
+case class InputPredicate(
+  value: String,
+  expanded: Option[String],
+  exclusive: Option[Boolean],
+  description: Option[String]
+)
+
+case class InputValue(
+  predicate: String,
+  entry: Seq[InputEntry]
+)
+
+case class InputEntry(
+  value: String,
+  expanded: Option[String],
+  colour: Option[String],
+  description: Option[String],
+  numerical_value: Option[Int]
+)
+
+object InputTaxonomy {
+  implicit val format: OFormat[InputTaxonomy] = Json.format[InputTaxonomy]
+}
+
+object InputPredicate {
+  implicit val format: OFormat[InputPredicate] = Json.format[InputPredicate]
+}
+
+object InputValue {
+  implicit val format: OFormat[InputValue] = Json.format[InputValue]
+}
+
+object InputEntry {
+  implicit val format: OFormat[InputEntry] = Json.format[InputEntry]
+}
+
+case class OutputTaxonomy(
+  _id: String,
+  _type: String,
+  _createdBy: String,
+  _updatedBy: Option[String] = None,
+  _createdAt: Date,
+  _updatedAt: Option[Date] = None,
+  namespace: String,
+  description: String,
+  version: Int,
+  tags: Seq[OutputTag]
+)
+
+object OutputTaxonomy {
+  implicit val format: OFormat[OutputTaxonomy] = Json.format[OutputTaxonomy]
+}

thehive/app/org/thp/thehive/controllers/v0/CaseCtrl.scala

@@ -195,13 +195,17 @@ class PublicCase @Inject() (
     with CaseRenderer {
   override val entityName: String = "case"
   override val initialQuery: Query =
-    Query.init[Traversal.V[Case]]("listCase", (graph, authContext) => organisationSrv.get(authContext.organisation)(graph).cases)
-  override val getQuery: ParamQuery[EntityIdOrName] = Query.initWithParam[EntityIdOrName, Traversal.V[Case]](
-    "getCase",
-    FieldsParser[EntityIdOrName],
-    (idOrName, graph, authContext) => caseSrv.get(idOrName)(graph).visible(authContext)
-  )
-  override val pageQuery: ParamQuery[OutputParam] = Query.withParam[OutputParam, Traversal.V[Case], IteratorOutput](
+    Query.init[Traversal.V[Case]]("listCase", (graph, authContext) =>
+      organisationSrv.get(authContext.organisation)(graph).cases
+    )
+  override val getQuery: ParamQuery[EntityIdOrName] =
+    Query.initWithParam[EntityIdOrName, Traversal.V[Case]](
+      "getCase",
+      FieldsParser[EntityIdOrName],
+      (idOrName, graph, authContext) => caseSrv.get(idOrName)(graph).visible(authContext)
+    )
+  override val pageQuery: ParamQuery[OutputParam] =
+    Query.withParam[OutputParam, Traversal.V[Case], IteratorOutput](
     "page",
     FieldsParser[OutputParam],
     {
@@ -215,7 +219,10 @@ class PublicCase @Inject() (
           }
     }
   )
-  override val outputQuery: Query = Query.outputWithContext[RichCase, Traversal.V[Case]]((caseSteps, authContext) => caseSteps.richCase(authContext))
+  override val outputQuery:
+    Query = Query.outputWithContext[RichCase, Traversal.V[Case]]((caseSteps, authContext) =>
+      caseSteps.richCase(authContext)
+    )
   override val extraQueries: Seq[ParamQuery[_]] = Seq(
     Query[Traversal.V[Case], Traversal.V[Observable]]("observables", (caseSteps, authContext) => caseSteps.observables(authContext)),
     Query[Traversal.V[Case], Traversal.V[Task]]("tasks", (caseSteps, authContext) => caseSteps.tasks(authContext))

thehive/app/org/thp/thehive/controllers/v1/Conversion.scala

@@ -5,6 +5,7 @@ import java.util.Date
 import io.scalaland.chimney.dsl._
 import org.thp.scalligraph.controllers.Renderer
 import org.thp.scalligraph.models.Entity
+import org.thp.thehive.dto.v1.{InputTaxonomy, OutputTaxonomy}
 import org.thp.thehive.dto.v1._
 import org.thp.thehive.models._
 import play.api.libs.json.{JsObject, JsValue, Json}
@@ -251,6 +252,29 @@ object Conversion {
         .transform
     }
 
+  implicit class InputTaxonomyOps(inputTaxonomy: InputTaxonomy) {
+
+    def toTaxonomy: Taxonomy =
+      inputTaxonomy
+        .into[Taxonomy]
+        .transform
+  }
+
+  implicit val taxonomyOutput: Renderer.Aux[RichTaxonomy, OutputTaxonomy] =
+    Renderer.toJson[RichTaxonomy, OutputTaxonomy](
+      _.into[OutputTaxonomy]
+        .withFieldComputed(_._id, _._id.toString)
+        .withFieldConst(_._type, "Taxonomy")
+        .withFieldComputed(_.tags, _.tags.map(_.toOutput))
+        .transform
+    )
+
+  implicit val tagOutput: Renderer.Aux[Tag, OutputTag] =
+    Renderer.toJson[Tag, OutputTag](
+      _.into[OutputTag]
+        .transform
+    )
+
   implicit class InputUserOps(inputUser: InputUser) {
 
     def toUser: User =
@@ -335,6 +359,7 @@ object Conversion {
         .withFieldComputed(_.tlp, _.tlp.getOrElse(2))
         .transform
   }
+
   implicit val observableOutput: Renderer.Aux[RichObservable, OutputObservable] = Renderer.toJson[RichObservable, OutputObservable](richObservable =>
     richObservable
       .into[OutputObservable]

thehive/app/org/thp/thehive/controllers/v1/Properties.scala

@@ -375,4 +375,12 @@ class Properties @Inject() (
       .property("data", UMapping.string.optional)(_.select(_.data.value(_.data)).readonly)
       // TODO add attachment ?
       .build
+
+  lazy val taxonomy: PublicProperties =
+    PublicPropertyListBuilder[Taxonomy]
+      .property("namespace", UMapping.string)(_.field.readonly)
+      .property("description", UMapping.string)(_.field.readonly)
+      .property("version", UMapping.int)(_.field.readonly)
+      .build
+
 }

thehive/app/org/thp/thehive/controllers/v1/Router.scala

@@ -14,6 +14,7 @@ class Router @Inject() (
     taskCtrl: TaskCtrl,
     customFieldCtrl: CustomFieldCtrl,
     alertCtrl: AlertCtrl,
+    taxonomyCtrl: TaxonomyCtrl,
     auditCtrl: AuditCtrl,
     statusCtrl: StatusCtrl,
     authenticationCtrl: AuthenticationCtrl,
@@ -90,6 +91,13 @@ class Router @Inject() (
 //    DELETE   /alert/:alertId                      controllers.AlertCtrl.delete(alertId)
 //    POST     /alert/:alertId/merge/:caseId        controllers.AlertCtrl.mergeWithCase(alertId, caseId)
 
+    case POST(p"/taxonomy")                   => taxonomyCtrl.create
+    case POST(p"/taxonomy/import-zip")        => taxonomyCtrl.importZip
+    case GET(p"/taxonomy/$taxoId")            => taxonomyCtrl.get(taxoId)
+    case PUT(p"/taxonomy/$taxoId/activate")   => taxonomyCtrl.toggleActivation(taxoId, isActive = true)
+    case PUT(p"/taxonomy/$taxoId/deactivate") => taxonomyCtrl.toggleActivation(taxoId, isActive = false)
+    case DELETE(p"/taxonomy/$taxoId")         => taxonomyCtrl.delete(taxoId)
+
     case GET(p"/audit") => auditCtrl.flow
 //      GET      /flow                                controllers.AuditCtrl.flow(rootId: Option[String], count: Option[Int])
 //    GET      /audit                               controllers.AuditCtrl.find()