chg: [module extractor] check tracker and retro hunt acl

This commit is contained in:
terrtia 2024-09-03 16:27:02 +02:00
parent ce4a1a8df5
commit cb45e06ebc
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 37 additions and 13 deletions

View file

@ -217,6 +217,15 @@ class Tracker:
ail_orgs.remove_obj_to_org(old_org, 'tracker', self.uuid)
self.set_level(new_level, new_org_uuid)
def check_level(self, user_org, user_id):
level = self.get_level()
if level == 1:
return True
elif level == 0:
return self.get_user() == user_id
elif level == 2:
return self.get_org() == user_org
def is_level_user(self):
return self.get_level() == 0
@ -1454,7 +1463,7 @@ class RetroHunt:
def get_level(self):
level = int(self._get_field('level'))
if not level:
level = 0
level = 1
return int(level)
def set_level(self, level, org_uuid):
@ -1477,6 +1486,13 @@ class RetroHunt:
self.delete_level(old_level)
self.set_level(new_level, new_org_uuid)
def check_level(self, user_org):
level = self.get_level()
if level == 1:
return True
elif level == 2:
return self.get_org() == user_org
## ORG ##
def get_creator_org(self):

View file

@ -14,8 +14,8 @@ sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from lib.ail_users import get_user_org
from lib.objects import ail_objects
from lib.objects.Items import Item
from lib.objects.Titles import Title
from lib import correlations_engine
from lib import regex_helper
@ -140,13 +140,16 @@ def convert_byte_offset_to_string(b_content, offset):
# TODO RETRO HUNTS
# TODO TRACKER TYPE IN UI
def get_tracker_match(obj, content):
def get_tracker_match(user_org, user_id, obj, content):
extracted = []
extracted_yara = []
obj_gid = obj.get_global_id()
trackers = Tracker.get_obj_trackers(obj.type, obj.get_subtype(r_str=True), obj.id)
for tracker_uuid in trackers:
tracker = Tracker.Tracker(tracker_uuid)
if not tracker.check_level(user_org, user_id):
continue
tracker_type = tracker.get_type()
# print(tracker_type)
tracked = tracker.get_tracked()
@ -182,6 +185,9 @@ def get_tracker_match(obj, content):
retro_hunts = Tracker.get_obj_retro_hunts(obj.type, obj.get_subtype(r_str=True), obj.id)
for retro_uuid in retro_hunts:
retro_hunt = Tracker.RetroHunt(retro_uuid)
if not retro_hunt.check_level(user_org):
continue
rule = retro_hunt.get_rule(r_compile=True)
rule.match(data=content.encode(), callback=_get_yara_match,
which_callbacks=yara.CALLBACK_MATCHES, timeout=30)
@ -209,23 +215,25 @@ def get_tracker_match(obj, content):
# tag:iban
# tracker:uuid
# def extract(obj_id, content=None):
def extract(obj_type, subtype, obj_id, content=None):
def extract(user_id, obj_type, subtype, obj_id, content=None):
obj = ail_objects.get_object(obj_type, subtype, obj_id)
if not obj.exists():
return []
obj_gid = obj.get_global_id()
user_org = get_user_org(user_id)
# CHECK CACHE
cached = r_cache.get(f'extractor:cache:{obj_gid}')
cached = r_cache.get(f'extractor:cache:{obj_gid}:{user_org}:{user_id}')
# cached = None
if cached:
r_cache.expire(f'extractor:cache:{obj_gid}', 300)
r_cache.expire(f'extractor:cache:{obj_gid}:{user_org}:{user_id}', 300)
return json.loads(cached)
if not content:
content = obj.get_content()
extracted = get_tracker_match(obj, content)
extracted = get_tracker_match(user_org, user_id, obj, content)
# print(item.get_tags())
for tag in obj.get_tags():
@ -249,8 +257,8 @@ def extract(obj_type, subtype, obj_id, content=None):
# Save In Cache
if extracted:
extracted_dump = json.dumps(extracted)
r_cache.set(f'extractor:cache:{obj_gid}', extracted_dump)
r_cache.expire(f'extractor:cache:{obj_gid}', 300) # TODO Reduce CACHE ???????????????
r_cache.set(f'extractor:cache:{obj_gid}:{user_org}:{user_id}', extracted_dump)
r_cache.expire(f'extractor:cache:{obj_gid}:{user_org}:{user_id}', 300) # TODO Reduce CACHE ???????????????
return extracted

View file

@ -10,7 +10,7 @@ import sys
import json
from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, Response, abort
from flask_login import login_required
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
@ -236,7 +236,7 @@ def objects_message():
else:
message = message[0]
languages = Language.get_translation_languages()
extracted = module_extractor.extract('message', '', message['id'], content=message['content'])
extracted = module_extractor.extract(current_user.get_user_id(), 'message', '', message['id'], content=message['content'])
extracted_matches = module_extractor.get_extracted_by_match(extracted)
message['extracted'] = extracted
message['extracted_matches'] = extracted_matches

View file

@ -10,7 +10,7 @@ import os
import sys
from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, Response, abort, send_file, send_from_directory
from flask_login import login_required
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only, no_cache
@ -85,7 +85,7 @@ def showItem(): # # TODO: support post
else:
meta['investigations'] = []
extracted = module_extractor.extract('item', '', item.id, content=meta['content'])
extracted = module_extractor.extract(current_user.get_user_id(), 'item', '', item.id, content=meta['content'])
extracted_matches = module_extractor.get_extracted_by_match(extracted)
return render_template("show_item.html", bootstrap_label=bootstrap_label,