Skip to content

Commit

Permalink
[MRG] Merge pull request #335 from dfir-iris/v2.3.4-fb
Browse files Browse the repository at this point in the history 
Patch v2.3.4
  • Loading branch information
@whikernel
whikernel authored Nov 29, 2023
2 parents 2b12809 + 0cadf6f commit 3e1a13d
Show file tree
Hide file tree
Showing 48 changed files with 2,013 additions and 582 deletions.
2 changes: 1 addition & 1 deletion .bumpversion.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[bumpversion]
current_version = 2.3.3
current_version = 2.3.4
commit = True
tag = True
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(-(?P<release>.*)-(?P<build>\d+))?
Expand Down
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<p align="center">
Incident Response Investigation System
<br>
<i>Current Version v2.3.3</i>
<i>Current Version v2.3.4</i>
<br>
<a href="https://v200.beta.dfir-iris.org">Online Demonstration</a>
</p>
Expand Down Expand Up @@ -52,7 +52,7 @@ git clone https://github.com/dfir-iris/iris-web.git
cd iris-web

# Checkout to the last tagged version
git checkout v2.3.3
git checkout v2.3.4

# Copy the environment file
cp .env.model .env
Expand Down
8 changes: 4 additions & 4 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ services:
build:
context: docker/db
container_name: iriswebapp_db
image: iriswebapp_db:v2.3.3
image: iriswebapp_db:v2.3.4
restart: always
# Used for debugging purposes, should be deleted for production
ports:
Expand All @@ -47,7 +47,7 @@ services:
build:
context: .
dockerfile: docker/webApp/Dockerfile
image: iriswebapp_app:v2.3.3
image: iriswebapp_app:v2.3.4
container_name: iriswebapp_app
command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
volumes:
Expand Down Expand Up @@ -85,7 +85,7 @@ services:
build:
context: .
dockerfile: docker/webApp/Dockerfile
image: iriswebapp_app:v2.3.3
image: iriswebapp_app:v2.3.4
container_name: iriswebapp_worker
command: ['./wait-for-iriswebapp.sh', 'app:8000', './iris-entrypoint.sh', 'iris-worker']
volumes:
Expand Down Expand Up @@ -121,7 +121,7 @@ services:
args:
NGINX_CONF_GID: 1234
NGINX_CONF_FILE: nginx.conf
image: iriswebapp_nginx:v2.3.3
image: iriswebapp_nginx:v2.3.4
container_name: iriswebapp_nginx
environment:
- IRIS_UPSTREAM_SERVER
Expand Down
51 changes: 51 additions & 0 deletions source/app/alembic/versions/d207b4d13385_add_severity_to_cases.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
"""Add severity to cases
Revision ID: d207b4d13385
Revises: d6c49c5435c2
Create Date: 2023-11-28 11:50:08.136090
"""
from alembic import op
import sqlalchemy as sa

from app.alembic.alembic_utils import _table_has_column

# revision identifiers, used by Alembic.
revision = 'd207b4d13385'
down_revision = 'd6c49c5435c2'
branch_labels = None
depends_on = None


def upgrade():
if not _table_has_column('cases', 'severity_id'):
op.add_column(
'cases',
sa.Column('severity_id', sa.Integer, sa.ForeignKey('severities.severity_id'), nullable=True)
)

op.create_foreign_key(
None, 'cases', 'severities', ['severity_id'], ['severity_id']
)

conn = op.get_bind()
# Create the new severity if it doesn't exist already - we check first
res = conn.execute(
"SELECT severity_id FROM severities WHERE severity_name = 'Medium'"
).fetchone()

if res is None:
conn.execute(
"INSERT INTO severities (severity_name, severity_description) VALUES ('Medium', 'Medium')"
)

# Update the severity of all cases to the default severity
conn.execute(
"UPDATE cases SET severity_id = (SELECT severity_id FROM severities WHERE severity_name = 'Medium')"
)

pass


def downgrade():
pass
68 changes: 68 additions & 0 deletions source/app/alembic/versions/d6c49c5435c2_add_evidence_type_to_evidences.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
"""Add evidence type to evidences
Revision ID: d6c49c5435c2
Revises: 3a4d4f15bd69
Create Date: 2023-11-06 15:29:14.435562
"""
from alembic import op
import sqlalchemy as sa

from app.alembic.alembic_utils import _table_has_column

# revision identifiers, used by Alembic.
revision = 'd6c49c5435c2'
down_revision = '3a4d4f15bd69'
branch_labels = None
depends_on = None


def upgrade():
if not _table_has_column('case_received_file', 'type_id'):

op.add_column(
'case_received_file',
sa.Column('type_id', sa.Integer, sa.ForeignKey('evidence_type.id'), nullable=True)
)

op.create_foreign_key(
None, 'case_received_file', 'evidence_type', ['type_id'], ['id']
)

if not _table_has_column('case_received_file', 'acquisition_date'):

op.add_column(
'case_received_file',
sa.Column('acquisition_date', sa.DateTime, nullable=True),

)

if not _table_has_column('case_received_file', 'start_date'):

op.add_column(
'case_received_file',
sa.Column('start_date', sa.DateTime, nullable=True),

)

if not _table_has_column('case_received_file', 'end_date'):

op.add_column(
'case_received_file',
sa.Column('end_date', sa.DateTime, nullable=True),

)

if not _table_has_column('case_received_file', 'chain_of_custody'):

op.add_column(
'case_received_file',
sa.Column('chain_of_custody', sa.JSON, nullable=True),

)

pass


def downgrade():
pass
6 changes: 5 additions & 1 deletion source/app/blueprints/alerts/templates/alerts.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
<a class="dropdown-item" href="#" onclick="changeStatusBatchAlerts('Merged');">Merged</a>
</div>
</div>
<button type="button" class="btn btn-alert-danger btn-sm ml-2" onclick="closeBatchAlerts();">Close with note</button>
<button type="button" class="btn btn-alert-danger btn-sm ml-2" onclick="deleteBatchAlerts();"><i class="fa fa-trash mr-2"></i>Delete</button>
</div>
<button class="btn btn-sm mr-2" id="select-deselect-all" style="display:none;">Select all</button>
Expand Down Expand Up @@ -260,7 +261,10 @@ <h5 class="modal-title" id="closeAlertModalLabel"></h5>
<input type="radio" name="resolutionStatus" value="true_positive_with_impact" class="selectgroup-input">
<span class="selectgroup-button">True positive with impact</span>
</label>

<label class="selectgroup-item">
<input type="radio" name="resolutionStatus" value="unknown" class="selectgroup-input">
<span class="selectgroup-button">Unknown</span>
</label>
</div>
</div>
<div class="form-group">
Expand Down
6 changes: 3 additions & 3 deletions source/app/blueprints/case/case_rfiles_routes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def case_list_rfiles(caseid):
crf = get_rfiles(caseid)

ret = {
"evidences": [row._asdict() for row in crf],
"evidences": CaseEvidenceSchema().dump(crf, many=True),
"state": get_evidences_state(caseid=caseid)
}

Expand Down Expand Up @@ -111,8 +111,8 @@ def case_add_rfile(caseid):
evidence = evidence_schema.load(request_data)

crf = add_rfile(evidence=evidence,
user_id=current_user.id,
caseid=caseid
user_id=current_user.id,
caseid=caseid
)

crf = call_modules_hook('on_postload_evidence_create', data=crf, caseid=caseid)
Expand Down
9 changes: 8 additions & 1 deletion source/app/blueprints/case/case_routes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@
from app.models import UserActivity
from app.models.authorization import CaseAccessLevel
from app.models.authorization import User
from app.schema.marshables import TaskLogSchema, CaseSchema
from app.schema.marshables import TaskLogSchema, CaseSchema, CaseDetailsSchema
from app.util import ac_api_case_requires, add_obj_history_entry
from app.util import ac_case_requires
from app.util import ac_socket_requires
Expand Down Expand Up @@ -245,6 +245,13 @@ def export_case(caseid):
return response_success('', data=export_case_json(caseid))


@case_blueprint.route("/case/meta", methods=['GET'])
@ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
def meta_case(caseid):
case_details = get_case(caseid)
return response_success('', data= CaseDetailsSchema().dump(case_details))


@case_blueprint.route('/case/tasklog/add', methods=['POST'])
@ac_api_case_requires(CaseAccessLevel.full_access)
def case_add_tasklog(caseid):
Expand Down
54 changes: 30 additions & 24 deletions source/app/blueprints/case/templates/case.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,47 +23,53 @@
<div class="d-flex align-items-left align-items-md-center flex-column flex-md-row mt--3">
<div class="col">
<div class="row">
<h2 class="text-white pb-2 fw-bold case-name"> <i class="icon-big flaticon-network mr-2"></i> {{ case.name|unquote }}
</h2>
<div class="col">
<h2 class="text-white pb-2 fw-bold case-name"> {{ case.name|unquote }}
</h2>
</div>
</div>
<h5 class="text-white op-7 mb-1"><b>Open on</b> {{ case.open_date }} by {{ case.user.name }}</h5>
<h5 class="text-white op-7 mb-3"><b>Owned by</b> {{ case.owner.name }}</h5>
{% if case.close_date %}
<h5 class="text-warning mb-1">Closed on {{ case.close_date }}</h5>
{% endif %}

</div>
<div class="col mt-4">
<div class="row">
<span title="Case outcome" class="float-right btn btn-rounded badge-pill hidden-caret ml-auto btn-xs mr-2 mb-2 {% if case.status_id == 1%}badge-success{% elif case.status_id == 2 %}badge-danger{% else %}btn-light{% endif %}"
onclick="case_detail('{{ case.case_id }}', true);"
><i class="fa-solid fa-group-arrows-rotate mr-2"></i>{{ case.status_name }}</span>
<div class="row">
<div class="col">
<h5 class="text-white op-7 mb-1"><b>Open on</b> {{ case.open_date }} by {{ case.user.name }}</h5>
<h5 class="text-white op-7 mb-3"><b>Owned by</b> {{ case.owner.name }}</h5>
{% if case.close_date %}
<h5 class="text-warning mb-1">Closed on {{ case.close_date }}</h5>
{% endif %}
</div>
<div class="row">
<div class="ml-auto">
<div class="row">
<h5 class="text-white op-7 mb-2 float-right mr-4"><b>Customer</b> : {{ case.client.name }}</h5>
<div class="col mt-auto">
<div class="row">
{% if case.severity %}<span onclick="case_detail('{{ case.case_id }}', true);" class="btn btn-rounded badge-pill hidden-caret btn-sm ml-2 mb-2 ml-auto {% if case.severity.severity_id > 4 %} badge-danger {% elif case.severity.severity_id == 4 %} bg-warning-gradient text-dark {% else %} btn-light {% endif %} ml-2" title="Case severity"><i class="fa-solid fa-bolt mr-1"></i> {{ case.severity.severity_name }}</span>{% endif %}
<span title="Case outcome" class="float-right btn btn-rounded badge-pill hidden-caret btn-sm ml-2 mb-2 {% if case.status_id == 1%}badge-success{% elif case.status_id == 2 %}badge-danger{% else %}btn-light{% endif %}"
onclick="case_detail('{{ case.case_id }}', true);"
><i class="fa-solid fa-group-arrows-rotate mr-2"></i>{{ case.status_name }}</span>
</div>
<div class="row">
<div class="ml-auto">
<div class="row">
<h5 class="text-white op-7 mb-2 float-right mr-4"><b>Customer</b> : {{ case.client.name }}</h5>
</div>
<div class="row">
{% if case.soc_id %} <h5 class="text-white op-7 mb-2 mr-4"><b>SOC ID :</b> {{ case.soc_id }}</h5> {% endif %}
</div>
</div>
<div class="row">
{% if case.soc_id %} <h5 class="text-white op-7 mb-2 mr-4"><b>SOC ID :</b> {{ case.soc_id }}</h5> {% endif %}
</div>
</div>
</div>
</div>
</div>
</div>
<div class="row mt-2 mb--2">

<div class="ml-2 col">
<div class="row ml-1">
{% if case.state %}<h5 title="Case state" onclick="case_detail('{{ case.case_id }}', true);" style="cursor:pointer;"><span class="btn-rounded badge-pill hidden-caret btn-sm btn-light"><i class="fa-solid fa-business-time mr-1"></i> {{ case.state.state_name }}</span></h5>{% endif %}
{% if case.state %}<h5 title="Case state" onclick="case_detail('{{ case.case_id }}', true);" style="cursor:pointer;"><span class="btn-rounded badge-pill hidden-caret btn-sm btn-light" title="Case state"><i class="fa-solid fa-business-time mr-1"></i> {{ case.state.state_name }}</span></h5>{% endif %}
{% if case.classification %}<h5 title="Classification" onclick="case_detail('{{ case.case_id }}', true);" style="cursor:pointer;"><span class="btn-rounded badge-pill hidden-caret btn-sm btn-light ml-2"><i class="fa-solid fa-shield-virus mr-1"></i>{{ case.classification.name_expanded }}</span></h5>{% endif %}
{% if case.alerts| length > 0 %}<h5 title="Alerts"><a class="btn-rounded badge-pill hidden-caret btn-sm btn-dark ml-2 badge-warning" href="/alerts?cid={{ case.case_id }}&sort=desc&case_id={{ case.case_id }}" target="_blank" rel="noopener"><i class="fa-solid fa-bell mr-1"></i> {{ case.alerts| length }} related alerts</a></h5>{% endif %}
{% if case.alerts| length > 0 %}<h5 title="Alerts"><a class="btn-rounded badge-pill hidden-caret btn-sm btn-dark ml-2 bg-warning-gradient text-dark" href="/alerts?cid={{ case.case_id }}&sort=desc&case_id={{ case.case_id }}" target="_blank" rel="noopener"><i class="fa-solid fa-bell mr-1"></i> {{ case.alerts| length }} related alerts</a></h5>{% endif %}
{% if case.review_status.status_name == "Reviewed" %}
<h5 title="Reviewed"> <a class="text-white btn-rounded badge-pill hidden-caret btn-sm ml-2 badge-success"><i class="fa-regular fa-circle-check mr-2"></i>Case reviewed by {% if case.reviewer.id == current_user.id %} you {% else %} {{ case.reviewer.name }} {% endif %}</a></h5>
{% endif %}
</div>
</div>
<div class="col mr-2">
<div class="col mr-1">
{% if case.case_tags %}
{% for tag in case.case_tags %}
<span class="badge badge-pill badge-light ml-1 pull-right"><i class="fa fa-tag mr-1"></i> {{ tag }}</span>
Expand Down
2 changes: 1 addition & 1 deletion source/app/blueprints/case/templates/case_assets.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<div class="content">
{% if current_user.is_authenticated %}
{{ form.hidden_tag() }}
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
<div class="container-fluid">
<div class="collapse" id="search-nav">
<div id="tables_button"></div>
Expand Down
1 change: 0 additions & 1 deletion source/app/blueprints/case/templates/case_graph_timeline.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@
{% block javascripts %}

<script src="/static/assets/js/core/moments.min.js"></script>
<script src="/static/assets/js/core/bootstrap-datetimepicker.min.js"></script>

<script src="/static/assets/js/plugin/tagsinput/suggesttag.js"></script>
<script src="/static/assets/js/plugin/select/select2.js"></script>
Expand Down
2 changes: 1 addition & 1 deletion source/app/blueprints/case/templates/case_ioc.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

{% if current_user.is_authenticated %}
{{ form.hidden_tag() }}
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
<div class="container-fluid">
<div class="collapse" id="search-nav">
<div id="tables_button"></div>
Expand Down
2 changes: 1 addition & 1 deletion source/app/blueprints/case/templates/case_notes.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

{% if current_user.is_authenticated %}
{{ form.hidden_tag() }}
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
<div class="container-fluid">
<div class="collapse search-flex" id="search-nav">
<ul class="list-group list-group-bordered hidden-caret" id="notes_search_list"></ul>
Expand Down
9 changes: 5 additions & 4 deletions source/app/blueprints/case/templates/case_rfile.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

{% if current_user.is_authenticated %}
{{ form.hidden_tag() }}
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
<nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
<div class="container-fluid">
<div class="collapse" id="search-nav">
<div id="tables_button"></div>
Expand Down Expand Up @@ -53,7 +53,7 @@
<thead>
<tr>
<th>Name</th>
<th>Date</th>
<th>Type</th>
<th>Hash</th>
<th>Size (bytes)</th>
<th>Description</th>
Expand All @@ -63,7 +63,7 @@
<tfoot>
<tr>
<th>Name</th>
<th>Date</th>
<th>Type</th>
<th>Hash</th>
<th>Size(bytes)</th>
<th>Description</th>
Expand Down Expand Up @@ -97,7 +97,8 @@
{% endblock content %}
{% block javascripts %}
{% include 'includes/footer_case.html' %}

<script src="/static/assets/js/core/moments.min.js"></script>
<script src="/static/assets/js/core/bootstrap-datetimepicker.min.js"></script>
<script src="/static/assets/js/iris/case.rfiles.js"></script>
<script>
</script>
Expand Down
Loading

0 comments on commit 3e1a13d

Please sign in to comment.