chg: [UI + core] tag decoded items, fix: #455

bin/lib/Correlate_object.py

@@ -24,7 +24,7 @@ r_serv_metadata = config_loader.get_redis_conn("ARDB_Metadata")
 config_loader = None
 
 def is_valid_object_type(object_type):
-    if object_type in ['domain', 'item', 'image']:
+    if object_type in ['domain', 'item', 'image', 'decoded']:
         return True
     else:
         return False
@@ -60,13 +60,14 @@ def exist_object(object_type, correlation_id, type_id=None):
     else:
         return False
 
+# request_type => api or ui
 def get_object_metadata(object_type, correlation_id, type_id=None):
     if object_type == 'domain':
         return Domain.Domain(correlation_id).get_domain_metadata(tags=True)
     elif object_type == 'paste' or object_type == 'item':
         return Item.get_item({"id": correlation_id, "date": True, "date_separator": True, "tags": True})[0]
     elif object_type == 'decoded':
-        return Decoded.get_decoded_metadata(correlation_id, nb_seen=True, size=True, file_type=True)
+        return Decoded.get_decoded_metadata(correlation_id, nb_seen=True, size=True, file_type=True, tag=True)
     elif object_type == 'pgp':
         return Pgp.pgp.get_metadata(type_id, correlation_id)
     elif object_type == 'cryptocurrency':

bin/lib/Decoded.py

@@ -9,6 +9,7 @@ import redis
 sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages'))
 import Item
 import Date
+import Tag
 
 
 import ConfigLoader
@@ -42,7 +43,7 @@ def nb_decoded_item_size(sha1_string):
 def exist_decoded(sha1_string):
     return r_serv_metadata.exists('metadata_hash:{}'.format(sha1_string))
 
-def get_decoded_metadata(sha1_string, nb_seen=False, size=False, file_type=False):
+def get_decoded_metadata(sha1_string, nb_seen=False, size=False, file_type=False, tag=False):
     metadata_dict = {}
     metadata_dict['first_seen'] = r_serv_metadata.hget('metadata_hash:{}'.format(sha1_string), 'first_seen')
     metadata_dict['last_seen'] = r_serv_metadata.hget('metadata_hash:{}'.format(sha1_string), 'last_seen')
@@ -52,8 +53,13 @@ def get_decoded_metadata(sha1_string, nb_seen=False, size=False, file_type=False
         metadata_dict['size'] = nb_decoded_item_size(sha1_string)
     if file_type:
         metadata_dict['file_type'] = get_decoded_item_type(sha1_string)
+    if tag:
+        metadata_dict['tags'] = get_decoded_tag(sha1_string)
     return metadata_dict
 
+def get_decoded_tag(sha1_string):
+    return Tag.get_obj_tag(sha1_string)
+
 def get_list_nb_previous_hash(sha1_string, num_day):
     nb_previous_hash = []
     for date_day in Date.get_previous_date_list(num_day):

bin/packages/Tag.py

@@ -355,7 +355,7 @@ def api_add_obj_tags(tags=[], galaxy_tags=[], object_id=None, object_type="item"
         return ({'status': 'error', 'reason': 'object_id id not found'}, 404)
     if not tags and not galaxy_tags:
         return ({'status': 'error', 'reason': 'Tags or Galaxy not specified'}, 400)
-    if object_type not in ('item', 'domain', 'image'):  # # TODO: put me in another file
+    if object_type not in ('item', 'domain', 'image', 'decoded'):  # # TODO: put me in another file
         return ({'status': 'error', 'reason': 'Incorrect object_type'}, 400)
 
     # remove empty tags

var/www/blueprints/correlation.py

@@ -113,6 +113,7 @@ def get_card_metadata(object_type, correlation_id, type_id=None, expand_card=Fal
         card_dict["icon"] = Correlate_object.get_correlation_node_icon(object_type, value=correlation_id)
         card_dict["vt"] = Decoded.get_decoded_vt_report(correlation_id)
         card_dict["vt"]["status"] = vt_enabled
+        card_dict["add_tags_modal"] = Tag.get_modal_add_tags(correlation_id, object_type='decoded')
     elif object_type == 'domain':
         card_dict["icon"] = Correlate_object.get_correlation_node_icon(object_type, value=correlation_id)
         card_dict["tags"] = Domain.get_domain_tags(correlation_id)

var/www/blueprints/tags_ui.py

@@ -111,6 +111,14 @@ def tags_search_domains():
     dict_tagged = {"object_type":object_type, "object_name":object_type.title() + "s"}
     return render_template("tags/search_obj_by_tags.html", bootstrap_label=bootstrap_label, dict_tagged=dict_tagged)
 
+@tags_ui.route('/tag/search/decoded')
+@login_required
+@login_read_only
+def tags_search_decoded():
+    object_type = 'decoded'
+    dict_tagged = {"object_type":object_type, "object_name":object_type.title() + "s"}
+    return render_template("tags/search_obj_by_tags.html", bootstrap_label=bootstrap_label, dict_tagged=dict_tagged)
+
 @tags_ui.route('/tag/search/image')
 @login_required
 @login_read_only

var/www/templates/correlation/metadata_card_decoded.html

@@ -1,3 +1,12 @@
+<link href="{{ url_for('static', filename='css/tags.css') }}" rel="stylesheet" type="text/css" />
+<script src="{{ url_for('static', filename='js/tags.js') }}"></script>
+
+{% with modal_add_tags=dict_object['metadata_card']['add_tags_modal']%}
+	{% include 'modals/add_tags.html' %}
+{% endwith %}
+
+{% include 'modals/edit_tag.html' %}
+
 <div class="card my-3">
 	<div class="card-header" style="background-color:#d9edf7;font-size: 15px">
 		<h4 class="text-secondary">{{ dict_object["correlation_id"] }} :</h4>
@@ -41,6 +50,21 @@
 					</div>
 				</div>
 			</li>
+			<li class="list-group-item py-0">
+				<br>
+				<div class="mb-3">
+					Tags:
+					{% for tag in dict_object["metadata"]['tags'] %}
+						<button class="btn btn-{{ bootstrap_label[loop.index0 % 5] }}" data-toggle="modal" data-target="#edit_tags_modal"
+						data-tagid="{{ tag }}" data-objtype="decoded" data-objid="{{ dict_object["correlation_id"] }}">
+							{{ tag }}
+						</button>
+					{%  endfor %}
+					<button type="button" class="btn btn-light" data-toggle="modal" data-target="#add_tags_modal">
+          	<i class="far fa-plus-square"></i>
+          </button>
+				</div>
+			</li>
 		</ul>
 
 		{% if dict_object["metadata_card"]["vt"]["status"] %}

var/www/templates/tags/menu_sidebar.html

@@ -22,6 +22,12 @@
       	       	Search Domains by Tags
       	      </a>
       	    </li>
+            <li class="nav-item">
+      	      <a class="nav-link" href="{{ url_for('tags_ui.tags_search_decoded') }}" id="nav_tags_search_decoded">
+      					<i class="fab fa-html5"></i>
+      	       	Search Decoded Items by Tags
+      	      </a>
+      	    </li>
             <li class="nav-item">
       	      <a class="nav-link" href="{{ url_for('tags_ui.tags_search_images') }}" id="nav_tags_search_image">
       					<i class="fas fa-image"></i>

var/www/templates/tags/search_obj_by_tags.html

@@ -54,6 +54,13 @@
   				          <th>last check</th>
                     <th style="max-width: 800px;">Domain</th>
   				          <th>status</th>
+                  {%elif dict_tagged["object_type"]=="decoded"%}
+                    <th>Estimated type</th>
+                    <th>Hash</th>
+                    <th>First seen</th>
+                    <th>Last seen</th>
+                    <th>Nb seen</th>
+                    <th>Size</th>
                   {%elif dict_tagged["object_type"]=="image"%}
                     <th style="max-width: 800px;">Image</th>
                   {%elif dict_tagged["object_type"]=="item"%}
@@ -141,6 +148,28 @@
                       </td>
                     </tr>
                    {% endfor %}
+                {%elif dict_tagged["object_type"]=="decoded"%}
+                  {% for dict_obj in dict_tagged["tagged_obj"] %}
+                    <tr>
+                      <td class="pb-0">{{ dict_obj['file_type'] }}</td>
+                      <td class="pb-0">
+                        <a target="_blank" href="{{ url_for('correlation.show_correlation') }}?object_type={{dict_tagged['object_type']}}&correlation_id={{dict_obj['id']}}" class="text-secondary">
+                          <div style="line-height:0.9;">{{ dict_obj['id'] }}</div>
+                        </a>
+                        <div class="mb-2">
+                          {% for tag in dict_obj['tags'] %}
+                            <a href="{{ url_for('tags_ui.get_obj_by_tags') }}?object_type={{dict_tagged['object_type']}}&ltags={{ tag }}">
+                              <span class="badge badge-{{ bootstrap_label[loop.index0 % 5] }}">{{ tag }}</span>
+                            </a>
+                          {%  endfor %}
+                        </div>
+                      </td>
+                      <td class="pb-0">{{ dict_obj['first_seen'] }}</td>
+                      <td class="pb-0">{{ dict_obj['last_seen'] }}</td>
+                      <td class="pb-0">{{ dict_obj['nb_seen'] }}</td>
+                      <td class="pb-0">{{ dict_obj['size'] }}</td>
+                    </tr>
+                  {% endfor %}
                 {% endif %}
 				      </tbody>
 				    </table>