From 27a1b29dbbbedaab566fa9a519450e1a92dab207 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 07:52:23 +0200 Subject: [PATCH 01/31] [IMP] Added rule for prefixing function names in codestyle. Started renaming --- CODESTYLE.md | 1 + source/app/blueprints/case/case_notes_routes.py | 3 +-- source/app/blueprints/graphql/iocs.py | 8 ++++---- .../app/blueprints/manage/manage_access_control.py | 4 ++-- source/app/business/cases.py | 14 +++++++------- source/app/business/iocs.py | 4 ++-- source/app/business/notes.py | 6 +++--- source/app/business/permissions.py | 6 +++--- source/app/business/users.py | 2 +- 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/CODESTYLE.md b/CODESTYLE.md index 921d4b434..4e56890be 100644 --- a/CODESTYLE.md +++ b/CODESTYLE.md @@ -61,6 +61,7 @@ New files should be prefixed by the following license header, where `${current_y This allows any code maintainer to immediately spot which code elements can be freely modified without having to worry about the external context. Note: private elements are only called within the modules in which they are defined. +* Function names should be prefixed by the module name they belong to. Example: `iocs_create` instead of `create` ## Javascript coding rules diff --git a/source/app/blueprints/case/case_notes_routes.py b/source/app/blueprints/case/case_notes_routes.py index 29cfdc488..54c8be787 100644 --- a/source/app/blueprints/case/case_notes_routes.py +++ b/source/app/blueprints/case/case_notes_routes.py @@ -224,8 +224,7 @@ def case_note_add(caseid): try: - note = create(request_json=request.get_json(), - case_identifier=caseid) + note = create(request_json=request.get_json(), case_identifier=caseid) return response_success(f"Note ID {note.note_id} created", data=addnote_schema.dump(note)) diff --git a/source/app/blueprints/graphql/iocs.py b/source/app/blueprints/graphql/iocs.py index c5128d347..6c853f953 100644 --- a/source/app/blueprints/graphql/iocs.py +++ b/source/app/blueprints/graphql/iocs.py @@ -24,7 +24,7 @@ from graphene import Float from graphene import String -from app.business.permissions import check_current_user_has_some_case_access_stricter +from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.models.authorization import CaseAccessLevel from app.models.models import Ioc from app.business.iocs import create @@ -74,7 +74,7 @@ def mutate(root, info, case_id, type_id, tlp_id, value, description=None, tags=N 'ioc_description': description, 'ioc_tags': tags } - check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) ioc, _ = create(request, case_id) return IOCCreate(ioc=ioc) @@ -101,7 +101,7 @@ class Arguments: @staticmethod def mutate(root, info, ioc_id, case_id, type_id=None, tlp_id=None, value=None, description=None, tags=None, ioc_misp=None, user_id=None, ioc_enrichment=None, modification_history=None): - check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) request = {} if type_id: @@ -136,7 +136,7 @@ class Arguments: @staticmethod def mutate(root, info, ioc_id, case_id): - check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) message = delete(ioc_id, case_id) return IOCDelete(message=message) diff --git a/source/app/blueprints/manage/manage_access_control.py b/source/app/blueprints/manage/manage_access_control.py index 45e937b6e..8d5e704e4 100644 --- a/source/app/blueprints/manage/manage_access_control.py +++ b/source/app/blueprints/manage/manage_access_control.py @@ -20,7 +20,7 @@ from flask_wtf import FlaskForm from werkzeug.utils import redirect -from app.business.users import _reset_user_mfa +from app.business.users import users_reset_mfa from app.iris_engine.access_control.utils import ac_recompute_all_users_effective_ac from app.iris_engine.access_control.utils import ac_recompute_effective_ac from app.iris_engine.access_control.utils import ac_trace_effective_user_permissions @@ -70,7 +70,7 @@ def manage_ac_compute_effective_ac(cur_id): @ac_api_requires(Permissions.server_administrator) def manage_ac_reset_mfa(cur_id): - _reset_user_mfa(cur_id) + users_reset_mfa(cur_id) return response_success('Updated') diff --git a/source/app/business/cases.py b/source/app/business/cases.py index fe41d1386..e7c8d1aef 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -53,12 +53,12 @@ from app.datamgmt.case.case_db import get_case from app.business.errors import BusinessProcessingError -from app.business.permissions import check_current_user_has_some_case_access -from app.business.permissions import check_current_user_has_some_permission +from app.business.permissions import permissions_check_current_user_has_some_case_access +from app.business.permissions import permissions_check_current_user_has_some_permission def get_case_by_identifier(case_identifier): - check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) return get_case(case_identifier) @@ -121,8 +121,8 @@ def create(request_json): def delete(case_identifier): - check_current_user_has_some_permission([Permissions.standard_user]) - check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_permission([Permissions.standard_user]) + permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) if case_identifier == 1: track_activity(f'tried to delete case {case_identifier}, but case is the primary case', @@ -144,8 +144,8 @@ def delete(case_identifier): def update(case_identifier, request_data): - check_current_user_has_some_permission([Permissions.standard_user]) - check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_permission([Permissions.standard_user]) + permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) case_i = get_case(case_identifier) if not case_i: diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 09884a026..0ae87f6bf 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -32,7 +32,7 @@ from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity from app.business.errors import BusinessProcessingError -from app.business.permissions import check_current_user_has_some_case_access_stricter +from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.datamgmt.case.case_iocs_db import get_ioc @@ -139,7 +139,7 @@ def delete(identifier, case_identifier): def get_iocs(case_identifier): - check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) return get_iocs_by_case(case_identifier) diff --git a/source/app/business/notes.py b/source/app/business/notes.py index df4985708..91b1763f2 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -21,7 +21,7 @@ from app import db, app from app.business.errors import BusinessProcessingError, UnhandledBusinessError -from app.business.permissions import check_current_user_has_some_case_access_stricter +from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.datamgmt.case.case_notes_db import get_note from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity @@ -95,7 +95,7 @@ def update(identifier: int = None, request_json: dict = None, case_identifier: i :param request_json: The request data. :param case_identifier: The case identifier. """ - check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) try: addnote_schema = CaseNoteSchema() @@ -224,7 +224,7 @@ def delete_note_revision(identifier: int = None, revision_number: int = None, ca :param revision_number: The revision number. :param case_identifier: The case identifier. """ - check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) try: note = get_note(identifier, caseid=case_identifier) diff --git a/source/app/business/permissions.py b/source/app/business/permissions.py index e3793940e..d79d449c8 100644 --- a/source/app/business/permissions.py +++ b/source/app/business/permissions.py @@ -38,7 +38,7 @@ def _deny_permission(): # When moving down permission checks from the REST layer into the business layer, # this method is used to replace manual calls to ac_fast_check_current_user_has_case_access -def check_current_user_has_some_case_access(case_identifier, access_levels): +def permissions_check_current_user_has_some_case_access(case_identifier, access_levels): if not ac_fast_check_current_user_has_case_access(case_identifier, access_levels): _deny_permission() @@ -47,7 +47,7 @@ def check_current_user_has_some_case_access(case_identifier, access_levels): # This one comes from ac_api_case_requires, whereas the other one comes from the way api_delete_case was written... # When moving down permission checks from the REST layer into the business layer, # this method is used to replace annotation ac_api_case_requires -def check_current_user_has_some_case_access_stricter(access_levels): +def permissions_check_current_user_has_some_case_access_stricter(access_levels): redir, caseid, has_access = get_case_access(request, access_levels, from_api=True) # TODO: do we really want to keep the details of the errors, when permission is denied => more work, more complex code? @@ -60,7 +60,7 @@ def check_current_user_has_some_case_access_stricter(access_levels): # When moving down permission checks from the REST layer into the business layer, # this method is used to replace annotation ac_api_requires -def check_current_user_has_some_permission(permissions): +def permissions_check_current_user_has_some_permission(permissions): if 'permissions' not in session: session['permissions'] = ac_get_effective_permissions_of_user(current_user) diff --git a/source/app/business/users.py b/source/app/business/users.py index a917c6cde..e089c7f9d 100644 --- a/source/app/business/users.py +++ b/source/app/business/users.py @@ -20,7 +20,7 @@ from app.datamgmt.manage.manage_users_db import get_user, get_active_user -def _reset_user_mfa(user_id: int = None): +def users_reset_mfa(user_id: int = None): """ Resets a user MFA by setting to none its MFA token """ From c549ee44b001f4af00493d9813d8defbf9bf0f09 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 07:59:30 +0200 Subject: [PATCH 02/31] [IMP] Added namespace prefix in notes --- .../app/blueprints/case/case_notes_routes.py | 46 ++++++++++--------- source/app/business/notes.py | 12 ++--- 2 files changed, 31 insertions(+), 27 deletions(-) diff --git a/source/app/blueprints/case/case_notes_routes.py b/source/app/blueprints/case/case_notes_routes.py index 54c8be787..9806a079b 100644 --- a/source/app/blueprints/case/case_notes_routes.py +++ b/source/app/blueprints/case/case_notes_routes.py @@ -17,9 +17,8 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. import marshmallow -# IMPORTS ------------------------------------------------ from datetime import datetime -from flask import Blueprint, jsonify +from flask import Blueprint from flask import redirect from flask import render_template from flask import request @@ -31,12 +30,18 @@ from app import db, socket_io, app from app.blueprints.case.case_comments import case_comment_update -from app.business.errors import BusinessProcessingError, UnhandledBusinessError -from app.business.notes import update, create, list_note_revisions, get_note_revision, delete_note_revision +from app.business.errors import BusinessProcessingError +from app.business.notes import notes_update +from app.business.notes import notes_create +from app.business.notes import notes_list_revisions +from app.business.notes import notes_get_revision +from app.business.notes import notes_delete_revision from app.datamgmt.case.case_db import case_get_desc_crc from app.datamgmt.case.case_db import get_case -from app.datamgmt.case.case_notes_db import add_comment_to_note, get_directories_with_note_count, get_directory, \ - delete_directory +from app.datamgmt.case.case_notes_db import add_comment_to_note +from app.datamgmt.case.case_notes_db import get_directories_with_note_count +from app.datamgmt.case.case_notes_db import get_directory +from app.datamgmt.case.case_notes_db import delete_directory from app.datamgmt.case.case_notes_db import delete_note from app.datamgmt.case.case_notes_db import delete_note_comment from app.datamgmt.case.case_notes_db import get_case_note_comment @@ -47,10 +52,13 @@ from app.iris_engine.utils.tracker import track_activity from app.models import Notes from app.models.authorization import CaseAccessLevel -from app.schema.marshables import CaseNoteDirectorySchema, CaseNoteRevisionSchema +from app.schema.marshables import CaseNoteDirectorySchema +from app.schema.marshables import CaseNoteRevisionSchema from app.schema.marshables import CaseNoteSchema from app.schema.marshables import CommentSchema -from app.util import ac_api_case_requires, ac_socket_requires, endpoint_deprecated, add_obj_history_entry +from app.util import ac_api_case_requires +from app.util import ac_socket_requires +from app.util import endpoint_deprecated from app.util import ac_case_requires from app.util import response_error from app.util import response_success @@ -61,7 +69,6 @@ template_folder='templates') -# CONTENT ------------------------------------------------ @case_notes_blueprint.route('/case/notes', methods=['GET']) @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access) def case_notes(caseid, url_redir): @@ -158,9 +165,7 @@ def case_note_save(cur_id, caseid): try: - note = update(identifier=cur_id, - request_json=request.get_json(), - case_identifier=caseid) + note = notes_update(identifier=cur_id, request_json=request.get_json(), case_identifier=caseid) return response_success(f"Note ID {cur_id} saved", data=addnote_schema.dump(note)) @@ -175,8 +180,7 @@ def case_note_list_history(cur_id, caseid): try: - note_version = list_note_revisions(identifier=cur_id, - case_identifier=caseid) + note_version = notes_list_revisions(identifier=cur_id, case_identifier=caseid) return response_success(f"ok", data=note_version_sc.dump(note_version)) @@ -191,9 +195,9 @@ def case_note_revision(cur_id, revision_id, caseid): try: - note_version = get_note_revision(identifier=cur_id, - revision_number=revision_id, - case_identifier=caseid) + note_version = notes_get_revision(identifier=cur_id, + revision_number=revision_id, + case_identifier=caseid) return response_success(f"ok", data=note_version_sc.dump(note_version)) @@ -207,9 +211,9 @@ def case_note_revision_delete(cur_id, revision_id, caseid): try: - delete_note_revision(identifier=cur_id, - revision_number=revision_id, - case_identifier=caseid) + notes_delete_revision(identifier=cur_id, + revision_number=revision_id, + case_identifier=caseid) return response_success(f"Revision {revision_id} of note {cur_id} deleted") @@ -224,7 +228,7 @@ def case_note_add(caseid): try: - note = create(request_json=request.get_json(), case_identifier=caseid) + note = notes_create(request_json=request.get_json(), case_identifier=caseid) return response_success(f"Note ID {note.note_id} created", data=addnote_schema.dump(note)) diff --git a/source/app/business/notes.py b/source/app/business/notes.py index 91b1763f2..cd65f4ec2 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -40,7 +40,7 @@ def _load(request_data, note_schema=None): raise BusinessProcessingError('Data error', e.messages) -def create(request_json, case_identifier): +def notes_create(request_json, case_identifier): """ Create a note. @@ -87,7 +87,7 @@ def create(request_json, case_identifier): raise BusinessProcessingError('Unexpected error server-side', e) -def update(identifier: int = None, request_json: dict = None, case_identifier: int = None): +def notes_update(identifier: int = None, request_json: dict = None, case_identifier: int = None): """ Update a note by its identifier. @@ -152,7 +152,7 @@ def update(identifier: int = None, request_json: dict = None, case_identifier: i raise UnhandledBusinessError('Unexpected error server-side', str(e)) -def list_note_revisions(identifier: int = None, case_identifier: int = None): +def notes_list_revisions(identifier: int = None, case_identifier: int = None): """ List the revisions of a note by its identifier. @@ -187,7 +187,7 @@ def list_note_revisions(identifier: int = None, case_identifier: int = None): raise UnhandledBusinessError('Unexpected error server-side', str(e)) -def get_note_revision(identifier: int = None, revision_number: int = None, case_identifier: int = None): +def notes_get_revision(identifier: int = None, revision_number: int = None, case_identifier: int = None): """ Get a note revision by its identifier and revision number. @@ -216,7 +216,7 @@ def get_note_revision(identifier: int = None, revision_number: int = None, case_ raise UnhandledBusinessError('Unexpected error server-side', str(e)) -def delete_note_revision(identifier: int = None, revision_number: int = None, case_identifier: int = None): +def notes_delete_revision(identifier: int = None, revision_number: int = None, case_identifier: int = None): """ Delete a note revision by its identifier and revision number. @@ -248,4 +248,4 @@ def delete_note_revision(identifier: int = None, revision_number: int = None, ca raise BusinessProcessingError('Data error', e.messages) except Exception as e: - raise UnhandledBusinessError('Unexpected error server-side', str(e)) \ No newline at end of file + raise UnhandledBusinessError('Unexpected error server-side', str(e)) From 3035f2f6c1c3e50585ad999e6f35da58ef52a439 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:04:56 +0200 Subject: [PATCH 03/31] [IMP] Added namespace prefix in iocs --- source/app/blueprints/case/case_ioc_routes.py | 14 +++---- source/app/blueprints/graphql/cases.py | 10 ++--- .../app/blueprints/graphql/graphql_route.py | 4 +- source/app/blueprints/graphql/iocs.py | 12 +++--- source/app/business/iocs.py | 38 +++++++++---------- source/app/datamgmt/datastore/datastore_db.py | 1 + source/app/datamgmt/reporter/report_db.py | 4 +- 7 files changed, 40 insertions(+), 43 deletions(-) diff --git a/source/app/blueprints/case/case_ioc_routes.py b/source/app/blueprints/case/case_ioc_routes.py index 51834f464..0fb690caa 100644 --- a/source/app/blueprints/case/case_ioc_routes.py +++ b/source/app/blueprints/case/case_ioc_routes.py @@ -16,7 +16,6 @@ # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# IMPORTS ------------------------------------------------ from datetime import datetime import csv @@ -61,9 +60,9 @@ from app.util import ac_case_requires from app.util import response_error from app.util import response_success -from app.business.iocs import create -from app.business.iocs import update -from app.business.iocs import delete +from app.business.iocs import iocs_create +from app.business.iocs import iocs_update +from app.business.iocs import iocs_delete from app.business.errors import BusinessProcessingError case_ioc_blueprint = Blueprint( @@ -73,7 +72,6 @@ ) -# CONTENT ------------------------------------------------ @case_ioc_blueprint.route('/case/ioc', methods=['GET']) @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access) def case_ioc(caseid, url_redir): @@ -130,7 +128,7 @@ def case_add_ioc(caseid): ioc_schema = IocSchema() try: - ioc, msg = create(request.get_json(), caseid) + ioc, msg = iocs_create(request.get_json(), caseid) return response_success(msg, data=ioc_schema.dump(ioc)) except BusinessProcessingError as e: return response_error(e.get_message(), data=e.get_data()) @@ -249,7 +247,7 @@ def case_add_ioc_modal(caseid): def case_delete_ioc(cur_id, caseid): try: - msg = delete(cur_id, caseid) + msg = iocs_delete(cur_id, caseid) return response_success(msg=msg) except BusinessProcessingError as e: @@ -297,7 +295,7 @@ def case_update_ioc(cur_id, caseid): ioc_schema = IocSchema() try: - ioc, msg = update(cur_id, request.get_json(), caseid) + ioc, msg = iocs_update(cur_id, request.get_json(), caseid) return response_success(msg, data=ioc_schema.dump(ioc)) except BusinessProcessingError as e: return response_error(e.get_message(), data=e.get_data()) diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py index 27667306f..ee32315fe 100644 --- a/source/app/blueprints/graphql/cases.py +++ b/source/app/blueprints/graphql/cases.py @@ -27,7 +27,7 @@ from graphene import Float from graphene import String -from app.business.iocs import build_filter_case_ioc_query +from app.business.iocs import iocs_build_filter_query from app.models.cases import Cases from app.business.cases import create from app.business.cases import delete @@ -48,10 +48,10 @@ class Meta: @staticmethod def resolve_iocs(root, info, ioc_id=None, ioc_uuid=None, ioc_value=None, ioc_type_id=None, ioc_description=None, ioc_tlp_id=None, ioc_tags=None, ioc_misp=None, user_id=None, Linked_cases=None, **kwargs): - return build_filter_case_ioc_query(ioc_id=ioc_id, ioc_uuid=ioc_uuid, ioc_value=ioc_value, - ioc_type_id=ioc_type_id, ioc_description=ioc_description, - ioc_tlp_id=ioc_tlp_id, ioc_tags=ioc_tags, ioc_misp=ioc_misp, - user_id=user_id, linked_cases=Linked_cases) + return iocs_build_filter_query(ioc_id=ioc_id, ioc_uuid=ioc_uuid, ioc_value=ioc_value, + ioc_type_id=ioc_type_id, ioc_description=ioc_description, + ioc_tlp_id=ioc_tlp_id, ioc_tags=ioc_tags, ioc_misp=ioc_misp, + user_id=user_id, linked_cases=Linked_cases) class CaseConnection(Connection): diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py index 42e0ca987..94916e4d0 100644 --- a/source/app/blueprints/graphql/graphql_route.py +++ b/source/app/blueprints/graphql/graphql_route.py @@ -43,7 +43,7 @@ from app.blueprints.graphql.iocs import IOCUpdate from app.blueprints.graphql.iocs import IOCDelete from app.business.cases import get_case_by_identifier -from app.business.iocs import get_ioc_by_identifier +from app.business.iocs import iocs_get_by_identifier from app.blueprints.graphql.cases import CaseCreate from app.blueprints.graphql.cases import CaseDelete from app.blueprints.graphql.cases import CaseUpdate @@ -73,7 +73,7 @@ def resolve_case(root, info, case_id): @staticmethod def resolve_ioc(root, info, ioc_id): - return get_ioc_by_identifier(ioc_id) + return iocs_get_by_identifier(ioc_id) class Mutation(ObjectType): diff --git a/source/app/blueprints/graphql/iocs.py b/source/app/blueprints/graphql/iocs.py index 6c853f953..8c3163086 100644 --- a/source/app/blueprints/graphql/iocs.py +++ b/source/app/blueprints/graphql/iocs.py @@ -27,9 +27,9 @@ from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.models.authorization import CaseAccessLevel from app.models.models import Ioc -from app.business.iocs import create -from app.business.iocs import update -from app.business.iocs import delete +from app.business.iocs import iocs_create +from app.business.iocs import iocs_update +from app.business.iocs import iocs_delete from graphene.relay import Connection @@ -76,7 +76,7 @@ def mutate(root, info, case_id, type_id, tlp_id, value, description=None, tags=N } permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) - ioc, _ = create(request, case_id) + ioc, _ = iocs_create(request, case_id) return IOCCreate(ioc=ioc) @@ -122,7 +122,7 @@ def mutate(root, info, ioc_id, case_id, type_id=None, tlp_id=None, value=None, d request['ioc_enrichment'] = ioc_enrichment if modification_history: request['modification_history'] = modification_history - ioc, _ = update(ioc_id, request, case_id) + ioc, _ = iocs_update(ioc_id, request, case_id) return IOCCreate(ioc=ioc) @@ -138,5 +138,5 @@ class Arguments: def mutate(root, info, ioc_id, case_id): permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) - message = delete(ioc_id, case_id) + message = iocs_delete(ioc_id, case_id) return IOCDelete(message=message) diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 0ae87f6bf..909e48db1 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -36,11 +36,6 @@ from app.datamgmt.case.case_iocs_db import get_ioc -def get_ioc_by_identifier(ioc_identifier): - - return get_ioc(ioc_identifier) - - def _load(request_data): try: add_ioc_schema = IocSchema() @@ -49,7 +44,11 @@ def _load(request_data): raise BusinessProcessingError('Data error', e.messages) -def create(request_json, case_identifier): +def iocs_get_by_identifier(ioc_identifier): + return get_ioc(ioc_identifier) + + +def iocs_create(request_json, case_identifier): # TODO ideally schema validation should be done before, outside the business logic in the REST API # for that the hook should be called after schema validation @@ -81,7 +80,7 @@ def create(request_json, case_identifier): # TODO most probably this method should not require a case_identifier... Since the IOC gets modified for all cases... -def update(identifier, request_json, case_identifier): +def iocs_update(identifier, request_json, case_identifier): try: ioc = get_ioc(identifier, caseid=case_identifier) @@ -120,7 +119,7 @@ def update(identifier, request_json, case_identifier): raise BusinessProcessingError('Unexpected error server-side', e) -def delete(identifier, case_identifier): +def iocs_delete(identifier, case_identifier): call_modules_hook('on_preload_ioc_delete', data=identifier, caseid=case_identifier) ioc = get_ioc(identifier, case_identifier) @@ -138,23 +137,22 @@ def delete(identifier, case_identifier): return f'IOC {identifier} deleted' -def get_iocs(case_identifier): +def iocs_get_by_case(case_identifier): permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) return get_iocs_by_case(case_identifier) -def build_filter_case_ioc_query(ioc_id: int = None, - ioc_uuid: str = None, - ioc_value: str = None, - ioc_type_id: int = None, - ioc_description: str = None, - ioc_tlp_id: int = None, - ioc_tags: str = None, - ioc_misp: str = None, - user_id: float = None, - linked_cases: float = None - ): +def iocs_build_filter_query(ioc_id: int = None, + ioc_uuid: str = None, + ioc_value: str = None, + ioc_type_id: int = None, + ioc_description: str = None, + ioc_tlp_id: int = None, + ioc_tags: str = None, + ioc_misp: str = None, + user_id: float = None, + linked_cases: float = None): """ Get a list of iocs from the database, filtered by the given parameters """ diff --git a/source/app/datamgmt/datastore/datastore_db.py b/source/app/datamgmt/datastore/datastore_db.py index 53c663d0b..e95e33979 100644 --- a/source/app/datamgmt/datastore/datastore_db.py +++ b/source/app/datamgmt/datastore/datastore_db.py @@ -54,6 +54,7 @@ def datastore_get_root(cid): return dsp_root + def ds_list_tree(cid): dsp_root = datastore_get_root(cid) diff --git a/source/app/datamgmt/reporter/report_db.py b/source/app/datamgmt/reporter/report_db.py index 51336cbf0..aa307a42e 100644 --- a/source/app/datamgmt/reporter/report_db.py +++ b/source/app/datamgmt/reporter/report_db.py @@ -20,7 +20,7 @@ from sqlalchemy import desc -from app.business.iocs import get_iocs +from app.business.iocs import iocs_get_by_case from app.datamgmt.case.case_notes_db import get_notes_from_group, get_case_note_comments from app.datamgmt.case.case_tasks_db import get_tasks_with_assignees from app.models import AnalysisStatus, CompromiseStatus, TaskAssignee, NotesGroupLink @@ -335,7 +335,7 @@ def export_case_tm_json(case_id): def export_case_iocs_json(case_id): - iocs = get_iocs(case_id) + iocs = iocs_get_by_case(case_id) iocs_serialized = IocSchema().dump(iocs, many=True) From c48f99161be6ef36f33aa7029e08634f3cf57908 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:08:21 +0200 Subject: [PATCH 04/31] [IMP] Added namespace prefix in cases --- source/app/blueprints/graphql/cases.py | 12 ++++++------ source/app/blueprints/graphql/graphql_route.py | 4 ++-- .../blueprints/manage/manage_cases_routes.py | 13 ++++++------- source/app/business/cases.py | 18 +++++++++--------- 4 files changed, 23 insertions(+), 24 deletions(-) diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py index ee32315fe..e95eb504d 100644 --- a/source/app/blueprints/graphql/cases.py +++ b/source/app/blueprints/graphql/cases.py @@ -29,9 +29,9 @@ from app.business.iocs import iocs_build_filter_query from app.models.cases import Cases -from app.business.cases import create -from app.business.cases import delete -from app.business.cases import update +from app.business.cases import cases_create +from app.business.cases import cases_delete +from app.business.cases import cases_update from app.blueprints.graphql.iocs import IOCConnection @@ -89,7 +89,7 @@ def mutate(root, info, name, description, client_id, soc_id=None, classification request['case_soc_id'] = soc_id if classification_id: request['classification_id'] = classification_id - case, _ = create(request) + case, _ = cases_create(request) return CaseCreate(case=case) @@ -102,7 +102,7 @@ class Arguments: @staticmethod def mutate(root, info, case_id): - delete(case_id) + cases_delete(case_id) class CaseUpdate(Mutation): @@ -150,5 +150,5 @@ def mutate(root, info, case_id, name=None, soc_id=None, classification_id=None, request['case_tags'] = tags if review_status_id: request['review_status_id'] = review_status_id - case, _ = update(case_id, request) + case, _ = cases_update(case_id, request) return CaseUpdate(case=case) diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py index 94916e4d0..683009582 100644 --- a/source/app/blueprints/graphql/graphql_route.py +++ b/source/app/blueprints/graphql/graphql_route.py @@ -42,7 +42,7 @@ from app.blueprints.graphql.iocs import IOCCreate from app.blueprints.graphql.iocs import IOCUpdate from app.blueprints.graphql.iocs import IOCDelete -from app.business.cases import get_case_by_identifier +from app.business.cases import cases_get_by_identifier from app.business.iocs import iocs_get_by_identifier from app.blueprints.graphql.cases import CaseCreate from app.blueprints.graphql.cases import CaseDelete @@ -69,7 +69,7 @@ def resolve_cases(root, info, classification_id=None, client_id=None, state_id=N @staticmethod def resolve_case(root, info, case_id): - return get_case_by_identifier(case_id) + return cases_get_by_identifier(case_id) @staticmethod def resolve_ioc(root, info, ioc_id): diff --git a/source/app/blueprints/manage/manage_cases_routes.py b/source/app/blueprints/manage/manage_cases_routes.py index 72878618a..19ca15237 100644 --- a/source/app/blueprints/manage/manage_cases_routes.py +++ b/source/app/blueprints/manage/manage_cases_routes.py @@ -67,9 +67,9 @@ from app.util import ac_requires from app.util import response_error from app.util import response_success -from app.business.cases import delete -from app.business.cases import update -from app.business.cases import create +from app.business.cases import cases_delete +from app.business.cases import cases_update +from app.business.cases import cases_create from app.business.errors import BusinessProcessingError from app.business.errors import PermissionDeniedError @@ -78,7 +78,6 @@ template_folder='templates') -# CONTENT ------------------------------------------------ @manage_cases_blueprint.route('/manage/cases', methods=['GET']) @ac_requires(Permissions.standard_user, no_cid_required=True) def manage_index_cases(caseid, url_redir): @@ -232,7 +231,7 @@ def manage_case_filter() -> Response: @ac_api_requires(Permissions.standard_user) def api_delete_case(cur_id): try: - delete(cur_id) + cases_delete(cur_id) return response_success('Case successfully deleted') except BusinessProcessingError as e: return response_error(e.get_message()) @@ -348,7 +347,7 @@ def api_add_case(): case_schema = CaseSchema() try: - case, msg = create(request.get_json()) + case, msg = cases_create(request.get_json()) return response_success(msg, data=case_schema.dump(case)) except BusinessProcessingError as e: return response_error(e.get_message(), data=e.get_data()) @@ -367,7 +366,7 @@ def api_list_case(): def update_case_info(cur_id): case_schema = CaseSchema() try: - case, msg = update(cur_id, request.get_json()) + case, msg = cases_update(cur_id, request.get_json()) return response_success(msg, data=case_schema.dump(case)) except BusinessProcessingError as e: return response_error(e.get_message(), data=e.get_data()) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index e7c8d1aef..0aea8da5e 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -57,12 +57,6 @@ from app.business.permissions import permissions_check_current_user_has_some_permission -def get_case_by_identifier(case_identifier): - permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) - - return get_case(case_identifier) - - def _load(request_data, **kwargs): try: add_case_schema = CaseSchema() @@ -71,7 +65,13 @@ def _load(request_data, **kwargs): raise BusinessProcessingError('Data error', e.messages) -def create(request_json): +def cases_get_by_identifier(case_identifier): + permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + + return get_case(case_identifier) + + +def cases_create(request_json): try: # TODO remove caseid doesn't seems to be useful for call_modules_hook => remove argument request_data = call_modules_hook('on_preload_case_create', request_json, None) @@ -120,7 +120,7 @@ def create(request_json): raise BusinessProcessingError('Error creating case - check server logs') -def delete(case_identifier): +def cases_delete(case_identifier): permissions_check_current_user_has_some_permission([Permissions.standard_user]) permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) @@ -143,7 +143,7 @@ def delete(case_identifier): raise BusinessProcessingError('Cannot delete the case. Please check server logs for additional informations') -def update(case_identifier, request_data): +def cases_update(case_identifier, request_data): permissions_check_current_user_has_some_permission([Permissions.standard_user]) permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) From 98371d7e74bce4952935bca52b5a0b618cc31c2f Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:48:26 +0200 Subject: [PATCH 05/31] [ADD] Started a markdown with a some architectural notes --- architecture.md | 50 ++++++++++++++++++++++++++++++++++++ source/app/business/notes.py | 3 ++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 architecture.md diff --git a/architecture.md b/architecture.md new file mode 100644 index 000000000..584431bd8 --- /dev/null +++ b/architecture.md @@ -0,0 +1,50 @@ +# Iris Architecture + +The IRIS coarse-grained architecture can be understood by looking at the docker-compose.yml file. The main elements are: + +* db: postgresql database to store all application data +* app: backend application +* worker: most operations are processed by the worker +* rabbitmq: message broker between the app and worker +* nginx: the front server to serve static files and dispatch requests to app + +## Code organisation + +This section explains how the code is organized within the major namespaces. +They reflect the layered architecture of the IRIS backend: + +* blueprints +* business +* datamgmt + +The IRIS backend is a Flask application. + +### blueprints + +This is the public API of the `app`. It contains all the endpoints: REST, GraphQL, Flask templates (pages and modals). +The requests payloads are converted to business objects from `models` and passed down to calls into the business layer. + +Forbidden imports in this layer: + +* `from app.datamgmt`, as everything should go through the business layer first + +### business + +This is where processing happens. The methods should exclusively manipulate business objects from the `models` namespace. + +Forbidden imports in this layer: + +* `from app import db`, as the business layer should not take case of persistence details but rather delegate to the + `datamgmt` layer + +### datamgmt + +This layer handles persistence. It should be the only layer with knowledge of the database engine. + +### models + +The description of all objects handled by IRIS `business` layer and persisted through `datamgt`. + +### alembic + +This namespace takes care of the database migration. diff --git a/source/app/business/notes.py b/source/app/business/notes.py index cd65f4ec2..b17f765be 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -19,7 +19,8 @@ from flask_login import current_user from marshmallow import ValidationError -from app import db, app +from app import db +from app import app from app.business.errors import BusinessProcessingError, UnhandledBusinessError from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.datamgmt.case.case_notes_db import get_note From 8477965b0152a80401f213f564f59444711208c7 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:55:15 +0200 Subject: [PATCH 06/31] [IMP] The roles of the worker and celery are not clear... --- architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index 584431bd8..ebc48cf4a 100644 --- a/architecture.md +++ b/architecture.md @@ -4,7 +4,7 @@ The IRIS coarse-grained architecture can be understood by looking at the docker- * db: postgresql database to store all application data * app: backend application -* worker: most operations are processed by the worker +* worker: most module hooks are processed by the worker * rabbitmq: message broker between the app and worker * nginx: the front server to serve static files and dispatch requests to app From 3d445cb871cf2aec7b924b0ebca2ed35cd9e0e06 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:02:32 +0200 Subject: [PATCH 07/31] [IMP] Moved up permissions_check_current_user_has_some_case_access_stricter into the graphql layer --- source/app/blueprints/graphql/cases.py | 7 ++++++- source/app/business/cases.py | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py index e95eb504d..a2724f574 100644 --- a/source/app/blueprints/graphql/cases.py +++ b/source/app/blueprints/graphql/cases.py @@ -27,11 +27,14 @@ from graphene import Float from graphene import String -from app.business.iocs import iocs_build_filter_query from app.models.cases import Cases +from app.models.authorization import Permissions + +from app.business.iocs import iocs_build_filter_query from app.business.cases import cases_create from app.business.cases import cases_delete from app.business.cases import cases_update +from app.business.permissions import permissions_check_current_user_has_some_permission from app.blueprints.graphql.iocs import IOCConnection @@ -102,6 +105,7 @@ class Arguments: @staticmethod def mutate(root, info, case_id): + permissions_check_current_user_has_some_permission([Permissions.standard_user]) cases_delete(case_id) @@ -150,5 +154,6 @@ def mutate(root, info, case_id, name=None, soc_id=None, classification_id=None, request['case_tags'] = tags if review_status_id: request['review_status_id'] = review_status_id + permissions_check_current_user_has_some_permission([Permissions.standard_user]) case, _ = cases_update(case_id, request) return CaseUpdate(case=case) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 0aea8da5e..5e419d7c0 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -121,7 +121,6 @@ def cases_create(request_json): def cases_delete(case_identifier): - permissions_check_current_user_has_some_permission([Permissions.standard_user]) permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) if case_identifier == 1: @@ -144,7 +143,6 @@ def cases_delete(case_identifier): def cases_update(case_identifier, request_data): - permissions_check_current_user_has_some_permission([Permissions.standard_user]) permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) case_i = get_case(case_identifier) From dd437cce6e58a699953e188d2c9956acd7c2cfcc Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:10:20 +0200 Subject: [PATCH 08/31] [IMP] Added another forbidden import in the architectural notes --- architecture.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/architecture.md b/architecture.md index ebc48cf4a..29ed2df59 100644 --- a/architecture.md +++ b/architecture.md @@ -41,6 +41,10 @@ Forbidden imports in this layer: This layer handles persistence. It should be the only layer with knowledge of the database engine. +Forbidden imports in this layer: + +* `from app.business`, as the business layer should call the persistence layer (not the other way around) + ### models The description of all objects handled by IRIS `business` layer and persisted through `datamgt`. From 81d98ce5fadf8aaf3c5e77e6569bc5a761274481 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:46:13 +0200 Subject: [PATCH 09/31] [IMP] Added another forbidden import in the architectural notes --- architecture.md | 1 + 1 file changed, 1 insertion(+) diff --git a/architecture.md b/architecture.md index 29ed2df59..d92d60adf 100644 --- a/architecture.md +++ b/architecture.md @@ -27,6 +27,7 @@ The requests payloads are converted to business objects from `models` and passed Forbidden imports in this layer: * `from app.datamgmt`, as everything should go through the business layer first +* `from sqlalchemy` ### business From 21745fb0ca2f470827df6715c5e4c2094e4ce802 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:50:58 +0200 Subject: [PATCH 10/31] [IMP] Moved up export_case_json in the business layer --- source/app/blueprints/case/case_routes.py | 17 +++++---- source/app/business/cases.py | 41 +++++++++++++++++++-- source/app/datamgmt/reporter/report_db.py | 41 +++++---------------- source/app/iris_engine/reporter/reporter.py | 10 +---- 4 files changed, 57 insertions(+), 52 deletions(-) diff --git a/source/app/blueprints/case/case_routes.py b/source/app/blueprints/case/case_routes.py index bc96748a5..b8e150b6d 100644 --- a/source/app/blueprints/case/case_routes.py +++ b/source/app/blueprints/case/case_routes.py @@ -18,7 +18,6 @@ import binascii import marshmallow -# IMPORTS ------------------------------------------------ import traceback from flask import Blueprint from flask import redirect @@ -54,19 +53,23 @@ from app.datamgmt.manage.manage_users_db import get_user from app.datamgmt.manage.manage_users_db import get_users_list_restricted_from_case from app.datamgmt.manage.manage_users_db import set_user_case_access -from app.datamgmt.reporter.report_db import export_case_json +from app.business.cases import export_case_json from app.forms import PipelinesCaseForm -from app.iris_engine.access_control.utils import ac_get_all_access_level, ac_fast_check_current_user_has_case_access, \ - ac_fast_check_user_has_case_access +from app.iris_engine.access_control.utils import ac_get_all_access_level +from app.iris_engine.access_control.utils import ac_fast_check_user_has_case_access from app.iris_engine.access_control.utils import ac_set_case_access_for_users from app.iris_engine.module_handler.module_handler import list_available_pipelines from app.iris_engine.utils.tracker import track_activity -from app.models import CaseStatus, ReviewStatusList +from app.models import CaseStatus +from app.models import ReviewStatusList from app.models import UserActivity from app.models.authorization import CaseAccessLevel from app.models.authorization import User -from app.schema.marshables import TaskLogSchema, CaseSchema, CaseDetailsSchema -from app.util import ac_api_case_requires, add_obj_history_entry +from app.schema.marshables import TaskLogSchema +from app.schema.marshables import CaseSchema +from app.schema.marshables import CaseDetailsSchema +from app.util import ac_api_case_requires +from app.util import add_obj_history_entry from app.util import ac_case_requires from app.util import ac_socket_requires from app.util import response_error diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 5e419d7c0..14f46627c 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -16,6 +16,7 @@ # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +import datetime import logging as log import traceback @@ -23,15 +24,13 @@ from marshmallow.exceptions import ValidationError -from app.schema.marshables import CaseSchema - from app import app from app import db from app.util import add_obj_history_entry +from app.schema.marshables import CaseSchema from app.models.authorization import CaseAccessLevel -from app.models.authorization import Permissions from app.models import ReviewStatusList from app.iris_engine.module_handler.module_handler import call_modules_hook @@ -51,10 +50,18 @@ from app.datamgmt.manage.manage_cases_db import map_alert_resolution_to_case_status from app.datamgmt.manage.manage_cases_db import close_case from app.datamgmt.case.case_db import get_case +from app.datamgmt.reporter.report_db import export_caseinfo_json +from app.datamgmt.reporter.report_db import process_md_images_links_for_report +from app.datamgmt.reporter.report_db import export_case_evidences_json +from app.datamgmt.reporter.report_db import export_case_tm_json +from app.datamgmt.reporter.report_db import export_case_iocs_json +from app.datamgmt.reporter.report_db import export_case_assets_json +from app.datamgmt.reporter.report_db import export_case_tasks_json +from app.datamgmt.reporter.report_db import export_case_comments_json +from app.datamgmt.reporter.report_db import export_case_notes_json from app.business.errors import BusinessProcessingError from app.business.permissions import permissions_check_current_user_has_some_case_access -from app.business.permissions import permissions_check_current_user_has_some_permission def _load(request_data, **kwargs): @@ -229,3 +236,29 @@ def cases_update(case_identifier, request_data): log.error(e.__str__()) log.error(traceback.format_exc()) raise BusinessProcessingError('Error updating case - check server logs') + + +def export_case_json(case_id): + """ + Fully export a case a JSON + """ + export = {} + case = export_caseinfo_json(case_id) + + if not case: + export['errors'] = ["Invalid case number"] + return export + + case['description'] = process_md_images_links_for_report(case['description']) + + export['case'] = case + export['evidences'] = export_case_evidences_json(case_id) + export['timeline'] = export_case_tm_json(case_id) + export['iocs'] = export_case_iocs_json(case_id) + export['assets'] = export_case_assets_json(case_id) + export['tasks'] = export_case_tasks_json(case_id) + export['comments'] = export_case_comments_json(case_id) + export['notes'] = export_case_notes_json(case_id) + export['export_date'] = datetime.datetime.utcnow() + + return export diff --git a/source/app/datamgmt/reporter/report_db.py b/source/app/datamgmt/reporter/report_db.py index aa307a42e..3967ddb63 100644 --- a/source/app/datamgmt/reporter/report_db.py +++ b/source/app/datamgmt/reporter/report_db.py @@ -21,19 +21,19 @@ from sqlalchemy import desc from app.business.iocs import iocs_get_by_case -from app.datamgmt.case.case_notes_db import get_notes_from_group, get_case_note_comments -from app.datamgmt.case.case_tasks_db import get_tasks_with_assignees -from app.models import AnalysisStatus, CompromiseStatus, TaskAssignee, NotesGroupLink +from app.datamgmt.case.case_notes_db import get_notes_from_group +from app.datamgmt.case.case_notes_db import get_case_note_comments +from app.models import AnalysisStatus +from app.models import CompromiseStatus +from app.models import TaskAssignee from app.models import AssetsType from app.models import CaseAssets from app.models import CaseEventsAssets from app.models import CaseEventsIoc from app.models import CaseReceivedFile -from app.models import CaseStatus from app.models import CaseTasks from app.models import Cases from app.models import CasesEvent -from app.models import Client from app.models import Comments from app.models import EventCategory from app.models import Ioc @@ -45,33 +45,10 @@ from app.models import TaskStatus from app.models import Tlp from app.models.authorization import User -from app.schema.marshables import CaseDetailsSchema, CommentSchema, CaseNoteSchema, IocSchema - - -def export_case_json(case_id): - """ - Fully export a case a JSON - """ - export = {} - case = export_caseinfo_json(case_id) - - if not case: - export['errors'] = ["Invalid case number"] - return export - - case['description'] = process_md_images_links_for_report(case['description']) - - export['case'] = case - export['evidences'] = export_case_evidences_json(case_id) - export['timeline'] = export_case_tm_json(case_id) - export['iocs'] = export_case_iocs_json(case_id) - export['assets'] = export_case_assets_json(case_id) - export['tasks'] = export_case_tasks_json(case_id) - export['comments'] = export_case_comments_json(case_id) - export['notes'] = export_case_notes_json(case_id) - export['export_date'] = datetime.datetime.utcnow() - - return export +from app.schema.marshables import CaseDetailsSchema +from app.schema.marshables import CommentSchema +from app.schema.marshables import CaseNoteSchema +from app.schema.marshables import IocSchema def export_case_json_for_report(case_id): diff --git a/source/app/iris_engine/reporter/reporter.py b/source/app/iris_engine/reporter/reporter.py index bcc791249..32a458d18 100644 --- a/source/app/iris_engine/reporter/reporter.py +++ b/source/app/iris_engine/reporter/reporter.py @@ -18,18 +18,10 @@ # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# IMPORTS ------------------------------------------------ - -# VARS --------------------------------------------------- - -# CONTENT ------------------------------------------------ import logging as log import os from datetime import datetime -import jinja2 -from jinja2.sandbox import SandboxedEnvironment - from app.datamgmt.reporter.report_db import export_case_json_for_report from app.iris_engine.utils.common import IrisJinjaEnv from docx_generator.docx_generator import DocxGenerator @@ -41,7 +33,7 @@ from app.datamgmt.activities.activities_db import get_auto_activities from app.datamgmt.activities.activities_db import get_manual_activities from app.datamgmt.case.case_db import case_get_desc_crc -from app.datamgmt.reporter.report_db import export_case_json +from app.business.cases import export_case_json from app.models import AssetsType from app.models import CaseAssets from app.models import CaseEventsAssets From 26c11a31b72098bbe591e88c37a8c59912a8ba90 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:54:06 +0200 Subject: [PATCH 11/31] [IMP] Moved up export_case_json_for_report in the business layer --- source/app/business/cases.py | 26 +++++++++++++++++++++ source/app/datamgmt/reporter/report_db.py | 26 --------------------- source/app/iris_engine/reporter/reporter.py | 10 ++++---- 3 files changed, 32 insertions(+), 30 deletions(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 14f46627c..971105f56 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -262,3 +262,29 @@ def export_case_json(case_id): export['export_date'] = datetime.datetime.utcnow() return export + + +def export_case_json_for_report(case_id): + """ + Fully export of a case for report generation + """ + export = {} + case = export_caseinfo_json(case_id) + + if not case: + export['errors'] = ["Invalid case number"] + return export + + case['description'] = process_md_images_links_for_report(case['description']) + + export['case'] = case + export['evidences'] = export_case_evidences_json(case_id) + export['timeline'] = export_case_tm_json(case_id) + export['iocs'] = export_case_iocs_json(case_id) + export['assets'] = export_case_assets_json(case_id) + export['tasks'] = export_case_tasks_json(case_id) + export['notes'] = export_case_notes_json(case_id) + export['comments'] = export_case_comments_json(case_id) + export['export_date'] = datetime.datetime.utcnow() + + return export diff --git a/source/app/datamgmt/reporter/report_db.py b/source/app/datamgmt/reporter/report_db.py index 3967ddb63..91bbe03c1 100644 --- a/source/app/datamgmt/reporter/report_db.py +++ b/source/app/datamgmt/reporter/report_db.py @@ -51,32 +51,6 @@ from app.schema.marshables import IocSchema -def export_case_json_for_report(case_id): - """ - Fully export of a case for report generation - """ - export = {} - case = export_caseinfo_json(case_id) - - if not case: - export['errors'] = ["Invalid case number"] - return export - - case['description'] = process_md_images_links_for_report(case['description']) - - export['case'] = case - export['evidences'] = export_case_evidences_json(case_id) - export['timeline'] = export_case_tm_json(case_id) - export['iocs'] = export_case_iocs_json(case_id) - export['assets'] = export_case_assets_json(case_id) - export['tasks'] = export_case_tasks_json(case_id) - export['notes'] = export_case_notes_json(case_id) - export['comments'] = export_case_comments_json(case_id) - export['export_date'] = datetime.datetime.utcnow() - - return export - - def export_case_json_extended(case_id): """ Export a case a JSON diff --git a/source/app/iris_engine/reporter/reporter.py b/source/app/iris_engine/reporter/reporter.py index 32a458d18..1afc7e1e2 100644 --- a/source/app/iris_engine/reporter/reporter.py +++ b/source/app/iris_engine/reporter/reporter.py @@ -21,19 +21,19 @@ import logging as log import os from datetime import datetime - -from app.datamgmt.reporter.report_db import export_case_json_for_report -from app.iris_engine.utils.common import IrisJinjaEnv from docx_generator.docx_generator import DocxGenerator from docx_generator.exceptions import rendering_error from flask_login import current_user from sqlalchemy import desc from app import app +from app.business.cases import export_case_json_for_report +from app.business.cases import export_case_json + from app.datamgmt.activities.activities_db import get_auto_activities from app.datamgmt.activities.activities_db import get_manual_activities from app.datamgmt.case.case_db import case_get_desc_crc -from app.business.cases import export_case_json + from app.models import AssetsType from app.models import CaseAssets from app.models import CaseEventsAssets @@ -43,7 +43,9 @@ from app.models import Ioc from app.models import IocAssetLink from app.models import IocLink + from app.iris_engine.reporter.ImageHandler import ImageHandler +from app.iris_engine.utils.common import IrisJinjaEnv LOG_FORMAT = '%(asctime)s :: %(levelname)s :: %(module)s :: %(funcName)s :: %(message)s' log.basicConfig(level=log.INFO, format=LOG_FORMAT) From b5a810ed599f9d031babe47b4cf035d67dc9dd72 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:59:16 +0200 Subject: [PATCH 12/31] [IMP] Moved up export_case_iocs_json in the business layer: no more imports of the business layer from the datamgmt layer --- source/app/business/cases.py | 8 ++++---- source/app/business/iocs.py | 8 ++++++++ source/app/datamgmt/reporter/report_db.py | 10 ---------- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 971105f56..06c81976c 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -33,6 +33,10 @@ from app.models.authorization import CaseAccessLevel from app.models import ReviewStatusList +from app.business.errors import BusinessProcessingError +from app.business.permissions import permissions_check_current_user_has_some_case_access +from app.business.iocs import export_case_iocs_json + from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity from app.iris_engine.access_control.utils import ac_set_new_case_access @@ -54,15 +58,11 @@ from app.datamgmt.reporter.report_db import process_md_images_links_for_report from app.datamgmt.reporter.report_db import export_case_evidences_json from app.datamgmt.reporter.report_db import export_case_tm_json -from app.datamgmt.reporter.report_db import export_case_iocs_json from app.datamgmt.reporter.report_db import export_case_assets_json from app.datamgmt.reporter.report_db import export_case_tasks_json from app.datamgmt.reporter.report_db import export_case_comments_json from app.datamgmt.reporter.report_db import export_case_notes_json -from app.business.errors import BusinessProcessingError -from app.business.permissions import permissions_check_current_user_has_some_case_access - def _load(request_data, **kwargs): try: diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 909e48db1..076d12f52 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -143,6 +143,14 @@ def iocs_get_by_case(case_identifier): return get_iocs_by_case(case_identifier) +def export_case_iocs_json(case_id): + iocs = iocs_get_by_case(case_id) + + iocs_serialized = IocSchema().dump(iocs, many=True) + + return iocs_serialized + + def iocs_build_filter_query(ioc_id: int = None, ioc_uuid: str = None, ioc_value: str = None, diff --git a/source/app/datamgmt/reporter/report_db.py b/source/app/datamgmt/reporter/report_db.py index 91bbe03c1..3b8806b23 100644 --- a/source/app/datamgmt/reporter/report_db.py +++ b/source/app/datamgmt/reporter/report_db.py @@ -20,7 +20,6 @@ from sqlalchemy import desc -from app.business.iocs import iocs_get_by_case from app.datamgmt.case.case_notes_db import get_notes_from_group from app.datamgmt.case.case_notes_db import get_case_note_comments from app.models import AnalysisStatus @@ -48,7 +47,6 @@ from app.schema.marshables import CaseDetailsSchema from app.schema.marshables import CommentSchema from app.schema.marshables import CaseNoteSchema -from app.schema.marshables import IocSchema def export_case_json_extended(case_id): @@ -285,14 +283,6 @@ def export_case_tm_json(case_id): return tim -def export_case_iocs_json(case_id): - iocs = iocs_get_by_case(case_id) - - iocs_serialized = IocSchema().dump(iocs, many=True) - - return iocs_serialized - - def export_case_tasks_json(case_id): res = CaseTasks.query.with_entities( CaseTasks.task_title, From 622a314e6e64048dcd29a20b46b22c2c47d00d1c Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:02:51 +0200 Subject: [PATCH 13/31] [IMP] Prefixed method by cases --- source/app/blueprints/case/case_routes.py | 4 ++-- source/app/business/cases.py | 2 +- source/app/iris_engine/reporter/reporter.py | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source/app/blueprints/case/case_routes.py b/source/app/blueprints/case/case_routes.py index b8e150b6d..0232c9e60 100644 --- a/source/app/blueprints/case/case_routes.py +++ b/source/app/blueprints/case/case_routes.py @@ -53,7 +53,7 @@ from app.datamgmt.manage.manage_users_db import get_user from app.datamgmt.manage.manage_users_db import get_users_list_restricted_from_case from app.datamgmt.manage.manage_users_db import set_user_case_access -from app.business.cases import export_case_json +from app.business.cases import cases_export_to_json from app.forms import PipelinesCaseForm from app.iris_engine.access_control.utils import ac_get_all_access_level from app.iris_engine.access_control.utils import ac_fast_check_user_has_case_access @@ -243,7 +243,7 @@ def activity_fetch(caseid): @case_blueprint.route("/case/export", methods=['GET']) @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access) def export_case(caseid): - return response_success('', data=export_case_json(caseid)) + return response_success('', data=cases_export_to_json(caseid)) @case_blueprint.route("/case/meta", methods=['GET']) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 06c81976c..771208fa6 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -238,7 +238,7 @@ def cases_update(case_identifier, request_data): raise BusinessProcessingError('Error updating case - check server logs') -def export_case_json(case_id): +def cases_export_to_json(case_id): """ Fully export a case a JSON """ diff --git a/source/app/iris_engine/reporter/reporter.py b/source/app/iris_engine/reporter/reporter.py index 1afc7e1e2..720759968 100644 --- a/source/app/iris_engine/reporter/reporter.py +++ b/source/app/iris_engine/reporter/reporter.py @@ -28,7 +28,7 @@ from app import app from app.business.cases import export_case_json_for_report -from app.business.cases import export_case_json +from app.business.cases import cases_export_to_json from app.datamgmt.activities.activities_db import get_auto_activities from app.datamgmt.activities.activities_db import get_manual_activities @@ -109,7 +109,7 @@ def _get_case_info(self): Retrieve information of the case :return: """ - case_info = export_case_json(self._caseid) + case_info = cases_export_to_json(self._caseid) # Get customer, user and case title case_info['doc_id'] = IrisReportMaker.get_docid() From 6445e7a2bc7ffdf7ba59416045bc51890a2e7a4d Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:03:41 +0200 Subject: [PATCH 14/31] [IMP] Prefixed method by cases --- source/app/business/cases.py | 2 +- source/app/iris_engine/reporter/reporter.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 771208fa6..eb3786924 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -264,7 +264,7 @@ def cases_export_to_json(case_id): return export -def export_case_json_for_report(case_id): +def cases_export_to_report_json(case_id): """ Fully export of a case for report generation """ diff --git a/source/app/iris_engine/reporter/reporter.py b/source/app/iris_engine/reporter/reporter.py index 720759968..5aa6e1870 100644 --- a/source/app/iris_engine/reporter/reporter.py +++ b/source/app/iris_engine/reporter/reporter.py @@ -27,7 +27,7 @@ from sqlalchemy import desc from app import app -from app.business.cases import export_case_json_for_report +from app.business.cases import cases_export_to_report_json from app.business.cases import cases_export_to_json from app.datamgmt.activities.activities_db import get_auto_activities @@ -355,7 +355,7 @@ def _get_case_info(self): Retrieve information of the case :return: """ - case_info = export_case_json_for_report(self._caseid) + case_info = cases_export_to_report_json(self._caseid) # Get customer, user and case title case_info['doc_id'] = IrisMakeDocReport.get_docid() From 17884a657f91d942bee32070855bee81c56ea0b1 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:04:35 +0200 Subject: [PATCH 15/31] [IMP] Inlined method --- source/app/business/iocs.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 076d12f52..d5dc32682 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -137,14 +137,9 @@ def iocs_delete(identifier, case_identifier): return f'IOC {identifier} deleted' -def iocs_get_by_case(case_identifier): - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) - - return get_iocs_by_case(case_identifier) - - def export_case_iocs_json(case_id): - iocs = iocs_get_by_case(case_id) + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + iocs = get_iocs_by_case(case_id) iocs_serialized = IocSchema().dump(iocs, many=True) From 5f38bafa520e9ef9416c667b05953a49327d4a2d Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:10:10 +0200 Subject: [PATCH 16/31] [IMP] Prefixed method by iocs_ --- source/app/business/cases.py | 6 +++--- source/app/business/iocs.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index eb3786924..5304f144e 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -35,7 +35,7 @@ from app.business.errors import BusinessProcessingError from app.business.permissions import permissions_check_current_user_has_some_case_access -from app.business.iocs import export_case_iocs_json +from app.business.iocs import iocs_exports_to_json from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity @@ -254,7 +254,7 @@ def cases_export_to_json(case_id): export['case'] = case export['evidences'] = export_case_evidences_json(case_id) export['timeline'] = export_case_tm_json(case_id) - export['iocs'] = export_case_iocs_json(case_id) + export['iocs'] = iocs_exports_to_json(case_id) export['assets'] = export_case_assets_json(case_id) export['tasks'] = export_case_tasks_json(case_id) export['comments'] = export_case_comments_json(case_id) @@ -280,7 +280,7 @@ def cases_export_to_report_json(case_id): export['case'] = case export['evidences'] = export_case_evidences_json(case_id) export['timeline'] = export_case_tm_json(case_id) - export['iocs'] = export_case_iocs_json(case_id) + export['iocs'] = iocs_exports_to_json(case_id) export['assets'] = export_case_assets_json(case_id) export['tasks'] = export_case_tasks_json(case_id) export['notes'] = export_case_notes_json(case_id) diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index d5dc32682..27d198fcb 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -137,7 +137,7 @@ def iocs_delete(identifier, case_identifier): return f'IOC {identifier} deleted' -def export_case_iocs_json(case_id): +def iocs_exports_to_json(case_id): permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) iocs = get_iocs_by_case(case_id) From 77883ec0c32000541cd1ecf2217a3b9535bfc079 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:18:13 +0200 Subject: [PATCH 17/31] [IMP] Moving up permission check --- source/app/business/cases.py | 5 +++++ source/app/business/iocs.py | 6 ++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 5304f144e..fd27b11da 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -35,6 +35,7 @@ from app.business.errors import BusinessProcessingError from app.business.permissions import permissions_check_current_user_has_some_case_access +from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.business.iocs import iocs_exports_to_json from app.iris_engine.module_handler.module_handler import call_modules_hook @@ -242,6 +243,8 @@ def cases_export_to_json(case_id): """ Fully export a case a JSON """ + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + export = {} case = export_caseinfo_json(case_id) @@ -268,6 +271,8 @@ def cases_export_to_report_json(case_id): """ Fully export of a case for report generation """ + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + export = {} case = export_caseinfo_json(case_id) diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 27d198fcb..bae103b5b 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -20,8 +20,8 @@ from marshmallow.exceptions import ValidationError from app import db -from app.models import Ioc, IocLink -from app.models.authorization import CaseAccessLevel +from app.models import Ioc +from app.models import IocLink from app.datamgmt.case.case_iocs_db import add_ioc from app.datamgmt.case.case_iocs_db import add_ioc_link from app.datamgmt.case.case_iocs_db import check_ioc_type_id @@ -32,7 +32,6 @@ from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity from app.business.errors import BusinessProcessingError -from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.datamgmt.case.case_iocs_db import get_ioc @@ -138,7 +137,6 @@ def iocs_delete(identifier, case_identifier): def iocs_exports_to_json(case_id): - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) iocs = get_iocs_by_case(case_id) iocs_serialized = IocSchema().dump(iocs, many=True) From 396e217ef0320402a3e352bbedaffd5e5dc81019 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:22:03 +0200 Subject: [PATCH 18/31] [IMP] Renamed method belonging to public API so that it does not start with _ --- source/app/blueprints/reports/reports_route.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/app/blueprints/reports/reports_route.py b/source/app/blueprints/reports/reports_route.py index c9c100515..b9a997710 100644 --- a/source/app/blueprints/reports/reports_route.py +++ b/source/app/blueprints/reports/reports_route.py @@ -87,7 +87,7 @@ def download_case_activity(report_id, caseid): @reports_blueprint.route("/case/report/generate-investigation/", methods=['GET']) @ac_api_requires() @ac_requires_case_identifier() -def _gen_report(report_id, caseid): +def generate_report(report_id, caseid): safe_mode = False From 58d29ac731df909b592576cc33d9e345a380d806 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:30:16 +0200 Subject: [PATCH 19/31] [IMP] Moved up permissions_check_current_user_has_some_case_access_stricter --- source/app/blueprints/reports/reports_route.py | 11 +++++++++++ source/app/business/cases.py | 2 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/source/app/blueprints/reports/reports_route.py b/source/app/blueprints/reports/reports_route.py index b9a997710..8bdd1b276 100644 --- a/source/app/blueprints/reports/reports_route.py +++ b/source/app/blueprints/reports/reports_route.py @@ -27,7 +27,12 @@ from app.iris_engine.reporter.reporter import IrisMakeDocReport from app.iris_engine.reporter.reporter import IrisMakeMdReport from app.iris_engine.utils.tracker import track_activity + from app.models import CaseTemplateReport +from app.models.authorization import CaseAccessLevel + +from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter + from app.util import FileRemover from app.util import ac_api_requires from app.util import ac_requires_case_identifier @@ -63,6 +68,9 @@ def download_case_activity(report_id, caseid): fpath, logs = mreport.generate_doc_report(doc_type="Activities") elif report_format == ".md" or report_format == ".html" : + # TODO should we move this up + # and replace by annotation @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)? + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) mreport = IrisMakeMdReport(tmp_dir, report_id, caseid, safe_mode) fpath, logs = mreport.generate_md_report(doc_type="Activities") @@ -103,6 +111,9 @@ def generate_report(report_id, caseid): _, report_format = os.path.splitext(report.internal_reference) if report_format == ".md" or report_format == ".html": + # TODO should we move this up + # and replace by annotation @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)? + permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) mreport = IrisMakeMdReport(tmp_dir, report_id, caseid, safe_mode) fpath, logs = mreport.generate_md_report(doc_type="Investigation") diff --git a/source/app/business/cases.py b/source/app/business/cases.py index fd27b11da..cf827dc6d 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -243,8 +243,6 @@ def cases_export_to_json(case_id): """ Fully export a case a JSON """ - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) - export = {} case = export_caseinfo_json(case_id) From 2193387c0ac52790db7ec6964313660325610817 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:40:06 +0200 Subject: [PATCH 20/31] [IMP] Moved up permissions_check_current_user_has_some_case_access_stricter --- source/app/blueprints/reports/reports_route.py | 18 ++++++++++-------- source/app/business/cases.py | 2 -- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/source/app/blueprints/reports/reports_route.py b/source/app/blueprints/reports/reports_route.py index 8bdd1b276..71f5aeba7 100644 --- a/source/app/blueprints/reports/reports_route.py +++ b/source/app/blueprints/reports/reports_route.py @@ -47,6 +47,10 @@ @ac_api_requires() @ac_requires_case_identifier() def download_case_activity(report_id, caseid): + # TODO should we move this up + # and replace by annotation @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)? + permissions_check_current_user_has_some_case_access_stricter( + [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) call_modules_hook('on_preload_activities_report_create', data=report_id, caseid=caseid) if report_id: @@ -61,16 +65,13 @@ def download_case_activity(report_id, caseid): # Get file extension _, report_format = os.path.splitext(report.internal_reference) - + # Depending on the template format, the generation process is different if report_format == ".docx": mreport = IrisMakeDocReport(tmp_dir, report_id, caseid, safe_mode) fpath, logs = mreport.generate_doc_report(doc_type="Activities") elif report_format == ".md" or report_format == ".html" : - # TODO should we move this up - # and replace by annotation @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)? - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) mreport = IrisMakeMdReport(tmp_dir, report_id, caseid, safe_mode) fpath, logs = mreport.generate_md_report(doc_type="Activities") @@ -96,6 +97,10 @@ def download_case_activity(report_id, caseid): @ac_api_requires() @ac_requires_case_identifier() def generate_report(report_id, caseid): + # TODO should we move this up + # and replace by annotation @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)? + permissions_check_current_user_has_some_case_access_stricter( + [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) safe_mode = False @@ -109,11 +114,8 @@ def generate_report(report_id, caseid): safe_mode = True _, report_format = os.path.splitext(report.internal_reference) - + if report_format == ".md" or report_format == ".html": - # TODO should we move this up - # and replace by annotation @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)? - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) mreport = IrisMakeMdReport(tmp_dir, report_id, caseid, safe_mode) fpath, logs = mreport.generate_md_report(doc_type="Investigation") diff --git a/source/app/business/cases.py b/source/app/business/cases.py index cf827dc6d..51da0a3e9 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -269,8 +269,6 @@ def cases_export_to_report_json(case_id): """ Fully export of a case for report generation """ - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access]) - export = {} case = export_caseinfo_json(case_id) From 70d66417bcedabc50ef588e10614e3e4d735d967 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:42:21 +0200 Subject: [PATCH 21/31] [IMP] Now removed unnecessary import --- source/app/business/cases.py | 1 - 1 file changed, 1 deletion(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 51da0a3e9..5304f144e 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -35,7 +35,6 @@ from app.business.errors import BusinessProcessingError from app.business.permissions import permissions_check_current_user_has_some_case_access -from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.business.iocs import iocs_exports_to_json from app.iris_engine.module_handler.module_handler import call_modules_hook From 16846a414e89fefb24abcffcb8588e7311ac155a Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:43:59 +0200 Subject: [PATCH 22/31] [IMP] Moved up permissions_check_current_user_has_some_case_access_stricter --- source/app/business/notes.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/source/app/business/notes.py b/source/app/business/notes.py index b17f765be..c2ec7a334 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -225,8 +225,6 @@ def notes_delete_revision(identifier: int = None, revision_number: int = None, c :param revision_number: The revision number. :param case_identifier: The case identifier. """ - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) - try: note = get_note(identifier, caseid=case_identifier) if not note: From 97e78b7f17ac892a69649baa5ccc1b948ebda8ec Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:45:03 +0200 Subject: [PATCH 23/31] [IMP] Moved up permissions_check_current_user_has_some_case_access_stricter --- source/app/business/notes.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source/app/business/notes.py b/source/app/business/notes.py index c2ec7a334..f1e262573 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -22,12 +22,11 @@ from app import db from app import app from app.business.errors import BusinessProcessingError, UnhandledBusinessError -from app.business.permissions import permissions_check_current_user_has_some_case_access_stricter from app.datamgmt.case.case_notes_db import get_note from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity from app.models import NoteRevisions -from app.models.authorization import CaseAccessLevel, User +from app.models.authorization import User from app.schema.marshables import CaseNoteSchema from app.util import add_obj_history_entry @@ -96,7 +95,6 @@ def notes_update(identifier: int = None, request_json: dict = None, case_identif :param request_json: The request data. :param case_identifier: The case identifier. """ - permissions_check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access]) try: addnote_schema = CaseNoteSchema() From f7824891c1a5a539a6627d8e058e62392dfbc09e Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:48:13 +0200 Subject: [PATCH 24/31] [IMP] Moved up permissions_check_current_user_has_some_case_access --- source/app/blueprints/graphql/cases.py | 7 +++++-- .../blueprints/manage/manage_cases_routes.py | 20 ++++++++++++------- source/app/business/cases.py | 2 -- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py index a2724f574..6509baf5a 100644 --- a/source/app/blueprints/graphql/cases.py +++ b/source/app/blueprints/graphql/cases.py @@ -29,12 +29,14 @@ from app.models.cases import Cases from app.models.authorization import Permissions +from app.models.authorization import CaseAccessLevel from app.business.iocs import iocs_build_filter_query from app.business.cases import cases_create from app.business.cases import cases_delete from app.business.cases import cases_update from app.business.permissions import permissions_check_current_user_has_some_permission +from app.business.permissions import permissions_check_current_user_has_some_case_access from app.blueprints.graphql.iocs import IOCConnection @@ -104,9 +106,10 @@ class Arguments: case = Field(CaseObject) @staticmethod - def mutate(root, info, case_id): + def mutate(root, info, case_identifier): permissions_check_current_user_has_some_permission([Permissions.standard_user]) - cases_delete(case_id) + permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) + cases_delete(case_identifier) class CaseUpdate(Mutation): diff --git a/source/app/blueprints/manage/manage_cases_routes.py b/source/app/blueprints/manage/manage_cases_routes.py index 19ca15237..b83d6582f 100644 --- a/source/app/blueprints/manage/manage_cases_routes.py +++ b/source/app/blueprints/manage/manage_cases_routes.py @@ -31,6 +31,17 @@ from werkzeug.utils import secure_filename from app import db + +from app.models.authorization import CaseAccessLevel +from app.models.authorization import Permissions + +from app.business.permissions import permissions_check_current_user_has_some_case_access +from app.business.cases import cases_delete +from app.business.cases import cases_update +from app.business.cases import cases_create +from app.business.errors import BusinessProcessingError +from app.business.errors import PermissionDeniedError + from app.datamgmt.alerts.alerts_db import get_alert_status_by_name from app.datamgmt.case.case_db import get_case from app.datamgmt.client.client_db import get_client_list @@ -56,8 +67,6 @@ from app.iris_engine.tasker.tasks import task_case_update from app.iris_engine.utils.common import build_upload_path from app.iris_engine.utils.tracker import track_activity -from app.models.authorization import CaseAccessLevel -from app.models.authorization import Permissions from app.schema.marshables import CaseSchema from app.schema.marshables import CaseDetailsSchema from app.util import add_obj_history_entry @@ -67,11 +76,6 @@ from app.util import ac_requires from app.util import response_error from app.util import response_success -from app.business.cases import cases_delete -from app.business.cases import cases_update -from app.business.cases import cases_create -from app.business.errors import BusinessProcessingError -from app.business.errors import PermissionDeniedError manage_cases_blueprint = Blueprint('manage_case', __name__, @@ -230,6 +234,8 @@ def manage_case_filter() -> Response: @manage_cases_blueprint.route('/manage/cases/delete/', methods=['POST']) @ac_api_requires(Permissions.standard_user) def api_delete_case(cur_id): + permissions_check_current_user_has_some_case_access(cur_id, [CaseAccessLevel.full_access]) + try: cases_delete(cur_id) return response_success('Case successfully deleted') diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 5304f144e..1cc3d062d 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -128,8 +128,6 @@ def cases_create(request_json): def cases_delete(case_identifier): - permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) - if case_identifier == 1: track_activity(f'tried to delete case {case_identifier}, but case is the primary case', caseid=case_identifier, ctx_less=True) From 5ae066fbec85614f9e1552b4c376571540b1d196 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:50:33 +0200 Subject: [PATCH 25/31] [IMP] Moved up permissions_check_current_user_has_some_case_access --- source/app/blueprints/graphql/graphql_route.py | 15 +++++++++++---- source/app/business/cases.py | 2 -- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py index 683009582..cc6f26e79 100644 --- a/source/app/blueprints/graphql/graphql_route.py +++ b/source/app/blueprints/graphql/graphql_route.py @@ -37,18 +37,22 @@ from app.util import is_user_authenticated from app.util import response_error +from app.models.authorization import CaseAccessLevel + from app.blueprints.graphql.cases import CaseObject from app.blueprints.graphql.iocs import IOCObject from app.blueprints.graphql.iocs import IOCCreate from app.blueprints.graphql.iocs import IOCUpdate from app.blueprints.graphql.iocs import IOCDelete -from app.business.cases import cases_get_by_identifier -from app.business.iocs import iocs_get_by_identifier from app.blueprints.graphql.cases import CaseCreate from app.blueprints.graphql.cases import CaseDelete from app.blueprints.graphql.cases import CaseUpdate from app.blueprints.graphql.cases import CaseConnection +from app.business.cases import cases_get_by_identifier +from app.business.iocs import iocs_get_by_identifier +from app.business.permissions import permissions_check_current_user_has_some_case_access + class Query(ObjectType): """This is the IRIS GraphQL queries documentation!""" @@ -68,8 +72,11 @@ def resolve_cases(root, info, classification_id=None, client_id=None, state_id=N case_tags=tags, case_open_since=open_since) @staticmethod - def resolve_case(root, info, case_id): - return cases_get_by_identifier(case_id) + def resolve_case(root, info, case_identifier): + permissions_check_current_user_has_some_case_access(case_identifier, + [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) + + return cases_get_by_identifier(case_identifier) @staticmethod def resolve_ioc(root, info, ioc_id): diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 1cc3d062d..7b96ee1d2 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -73,8 +73,6 @@ def _load(request_data, **kwargs): def cases_get_by_identifier(case_identifier): - permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) - return get_case(case_identifier) From e26396d5e231ca87a62368078d3dd65a33873683 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:52:35 +0200 Subject: [PATCH 26/31] [IMP] Moved up permissions_check_current_user_has_some_case_access --- source/app/blueprints/graphql/cases.py | 6 ++++-- source/app/blueprints/manage/manage_cases_routes.py | 2 ++ source/app/business/cases.py | 2 -- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py index 6509baf5a..c62550b71 100644 --- a/source/app/blueprints/graphql/cases.py +++ b/source/app/blueprints/graphql/cases.py @@ -132,7 +132,7 @@ class Arguments: case = Field(CaseObject) @staticmethod - def mutate(root, info, case_id, name=None, soc_id=None, classification_id=None, client_id=None, description=None, + def mutate(root, info, case_identifier, name=None, soc_id=None, classification_id=None, client_id=None, description=None, severity_id=None, owner_id=None, state_id=None, reviewer_id=None, tags=None, review_status_id=None): request = {} if name: @@ -158,5 +158,7 @@ def mutate(root, info, case_id, name=None, soc_id=None, classification_id=None, if review_status_id: request['review_status_id'] = review_status_id permissions_check_current_user_has_some_permission([Permissions.standard_user]) - case, _ = cases_update(case_id, request) + permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) + + case, _ = cases_update(case_identifier, request) return CaseUpdate(case=case) diff --git a/source/app/blueprints/manage/manage_cases_routes.py b/source/app/blueprints/manage/manage_cases_routes.py index b83d6582f..2c7d16735 100644 --- a/source/app/blueprints/manage/manage_cases_routes.py +++ b/source/app/blueprints/manage/manage_cases_routes.py @@ -370,6 +370,8 @@ def api_list_case(): @manage_cases_blueprint.route('/manage/cases/update/', methods=['POST']) @ac_api_requires(Permissions.standard_user) def update_case_info(cur_id): + permissions_check_current_user_has_some_case_access(cur_id, [CaseAccessLevel.full_access]) + case_schema = CaseSchema() try: case, msg = cases_update(cur_id, request.get_json()) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 7b96ee1d2..c670867a4 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -146,8 +146,6 @@ def cases_delete(case_identifier): def cases_update(case_identifier, request_data): - permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) - case_i = get_case(case_identifier) if not case_i: raise BusinessProcessingError('Case not found') From aa1b528939956512a0bb8ad5da4f4c99dac83f3c Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:52:58 +0200 Subject: [PATCH 27/31] [IMP] Removed unnecessary imports --- source/app/business/cases.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/source/app/business/cases.py b/source/app/business/cases.py index c670867a4..73241e427 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -30,11 +30,9 @@ from app.util import add_obj_history_entry from app.schema.marshables import CaseSchema -from app.models.authorization import CaseAccessLevel from app.models import ReviewStatusList from app.business.errors import BusinessProcessingError -from app.business.permissions import permissions_check_current_user_has_some_case_access from app.business.iocs import iocs_exports_to_json from app.iris_engine.module_handler.module_handler import call_modules_hook From 3b21ed9e03e2785454aee4bdc368fbc062449faf Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:58:32 +0200 Subject: [PATCH 28/31] [IMP] Catching PermissionDeniedError --- source/app/blueprints/manage/manage_cases_routes.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source/app/blueprints/manage/manage_cases_routes.py b/source/app/blueprints/manage/manage_cases_routes.py index 2c7d16735..7bd69ea14 100644 --- a/source/app/blueprints/manage/manage_cases_routes.py +++ b/source/app/blueprints/manage/manage_cases_routes.py @@ -234,15 +234,16 @@ def manage_case_filter() -> Response: @manage_cases_blueprint.route('/manage/cases/delete/', methods=['POST']) @ac_api_requires(Permissions.standard_user) def api_delete_case(cur_id): - permissions_check_current_user_has_some_case_access(cur_id, [CaseAccessLevel.full_access]) + try: + permissions_check_current_user_has_some_case_access(cur_id, [CaseAccessLevel.full_access]) + except PermissionDeniedError: + return ac_api_return_access_denied(caseid=cur_id) try: cases_delete(cur_id) return response_success('Case successfully deleted') except BusinessProcessingError as e: return response_error(e.get_message()) - except PermissionDeniedError: - return ac_api_return_access_denied(caseid=cur_id) @manage_cases_blueprint.route('/manage/cases/reopen/', methods=['POST']) From 10fcb178396d5a71a71796b124b2ca94f41dc4f4 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 11:24:59 +0200 Subject: [PATCH 29/31] [FIX] We can't change the parameter names of graphql queries --- source/app/blueprints/graphql/cases.py | 12 ++++++------ source/app/blueprints/graphql/graphql_route.py | 6 +++--- tests/tests.py | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py index c62550b71..bceb05572 100644 --- a/source/app/blueprints/graphql/cases.py +++ b/source/app/blueprints/graphql/cases.py @@ -106,10 +106,10 @@ class Arguments: case = Field(CaseObject) @staticmethod - def mutate(root, info, case_identifier): + def mutate(root, info, case_id): permissions_check_current_user_has_some_permission([Permissions.standard_user]) - permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) - cases_delete(case_identifier) + permissions_check_current_user_has_some_case_access(case_id, [CaseAccessLevel.full_access]) + cases_delete(case_id) class CaseUpdate(Mutation): @@ -132,7 +132,7 @@ class Arguments: case = Field(CaseObject) @staticmethod - def mutate(root, info, case_identifier, name=None, soc_id=None, classification_id=None, client_id=None, description=None, + def mutate(root, info, case_id, name=None, soc_id=None, classification_id=None, client_id=None, description=None, severity_id=None, owner_id=None, state_id=None, reviewer_id=None, tags=None, review_status_id=None): request = {} if name: @@ -158,7 +158,7 @@ def mutate(root, info, case_identifier, name=None, soc_id=None, classification_i if review_status_id: request['review_status_id'] = review_status_id permissions_check_current_user_has_some_permission([Permissions.standard_user]) - permissions_check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access]) + permissions_check_current_user_has_some_case_access(case_id, [CaseAccessLevel.full_access]) - case, _ = cases_update(case_identifier, request) + case, _ = cases_update(case_id, request) return CaseUpdate(case=case) diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py index cc6f26e79..dff808a67 100644 --- a/source/app/blueprints/graphql/graphql_route.py +++ b/source/app/blueprints/graphql/graphql_route.py @@ -72,11 +72,11 @@ def resolve_cases(root, info, classification_id=None, client_id=None, state_id=N case_tags=tags, case_open_since=open_since) @staticmethod - def resolve_case(root, info, case_identifier): - permissions_check_current_user_has_some_case_access(case_identifier, + def resolve_case(root, info, case_id): + permissions_check_current_user_has_some_case_access(case_id, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]) - return cases_get_by_identifier(case_identifier) + return cases_get_by_identifier(case_id) @staticmethod def resolve_ioc(root, info, ioc_id): diff --git a/tests/tests.py b/tests/tests.py index 942f8b341..826d580e9 100644 --- a/tests/tests.py +++ b/tests/tests.py @@ -546,7 +546,7 @@ def test_graphql_delete_case_should_not_fail(self): self._subject.execute_graphql_query(payload2) payload = { 'query': f''' mutation {{ - caseUpdate(caseId: {case_identifier}, name: "test_delete_case") {{ + caseUpdate(caseId: {case_identifier}, name: "test_delete_case") {{ case {{ name }} }} }}''' From 2e1cf8a88e2e47dc9a4c6aa236649e6daf8c8a72 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 11:25:51 +0200 Subject: [PATCH 30/31] [IMP] Mount source code in dev docker compose file to avoid having to rebuild the dockers after each modification --- docker-compose.dev.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 8be1806c0..8df0e079b 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -42,6 +42,8 @@ services: image: iriswebapp_app:v2.4.7 ports: - "127.0.0.1:8000:8000" + volumes: + - ./source/app:/iriswebapp/app worker: extends: @@ -51,6 +53,8 @@ services: context: . dockerfile: docker/webApp/Dockerfile image: iriswebapp_app:v2.4.7 + volumes: + - ./source/app:/iriswebapp/app nginx: extends: From 3207548ce8756f096b0fa121ad5bf943f20736d3 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Fri, 12 Jul 2024 11:43:37 +0200 Subject: [PATCH 31/31] [FIX] Some deepsources analysis issues --- source/app/blueprints/case/case_notes_routes.py | 2 +- source/app/blueprints/case/case_routes.py | 2 +- source/app/business/notes.py | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/source/app/blueprints/case/case_notes_routes.py b/source/app/blueprints/case/case_notes_routes.py index 9806a079b..c2cb3de76 100644 --- a/source/app/blueprints/case/case_notes_routes.py +++ b/source/app/blueprints/case/case_notes_routes.py @@ -528,7 +528,7 @@ def socket_ping_note(data): @socket_io.on('pong-note') @ac_socket_requires(CaseAccessLevel.full_access) -def socket_ping_note(data): +def socket_pong_note(data): emit('pong-note', {"user": current_user.name, "note_id": data['note_id']}, room=data['channel']) diff --git a/source/app/blueprints/case/case_routes.py b/source/app/blueprints/case/case_routes.py index 0232c9e60..07ff1cd80 100644 --- a/source/app/blueprints/case/case_routes.py +++ b/source/app/blueprints/case/case_routes.py @@ -171,7 +171,7 @@ def socket_summary_onsave(data): @socket_io.on('clear_buffer') @ac_socket_requires(CaseAccessLevel.full_access) -def socket_summary_onchange(message): +def socket_summary_on_clear_buffer(message): emit('clear_buffer', message) diff --git a/source/app/business/notes.py b/source/app/business/notes.py index f1e262573..96117d433 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -47,7 +47,6 @@ def notes_create(request_json, case_identifier): :param request_json: The request data. :param case_identifier: The case identifier. """ - try: request_data = call_modules_hook('on_preload_note_create', data=request_json, caseid=case_identifier) note_schema = CaseNoteSchema() @@ -95,7 +94,6 @@ def notes_update(identifier: int = None, request_json: dict = None, case_identif :param request_json: The request data. :param case_identifier: The case identifier. """ - try: addnote_schema = CaseNoteSchema()