Merge pull request #1005 from LDO-CERT/nodump

Nodump
LDO-CERT · Feb 7, 2024 · 584cf23 · 584cf23
2 parents e54ae37 + 1bb7bc8
commit 584cf23
Show file tree

Hide file tree

Showing 37 changed files with 1,301 additions and 1,198 deletions.
diff --git a/.envs/.local/.django b/.envs/.local/.django
@@ -30,6 +30,15 @@ LOCAL_YARA_PATH=/yara
 DEFAULT_YARA_RULE_PATH=/yara/default.yara
 VOLATILITY_SYMBOL_DOWNLOAD_PATH=https://downloads.volatilityfoundation.org/volatility3/symbols
 
+# Ldap
+# ------------------------------------------------------------------------------
+AUTH_LDAP_SERVER_URI=
+AUTH_LDAP_BIND_DN=
+AUTH_LDAP_BIND_PASSWORD=
+AUTH_LDAP_USER_SEARCH_DN=
+AUTH_LDAP_USER_SEARCH_ALIAS=
+AUTH_LDAP_USER_ATTR_MAP=
+
 # Proxy
 # ------------------------------------------------------------------------------
 http_proxy=

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@ repos:
       - id: check-yaml
 
   - repo: https://github.com/psf/black
-    rev: 23.12.0
+    rev: 24.1.1
     hooks:
       - id: black
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,11 @@
 <details open>
   <summary><b>OROCHI 2.0.2 [WIP]</b></summary>
 
-  * Paginate analysis results in tree
+  * Symbols management [[#918](https://github.com/LDO-CERT/orochi/issues/918)]
+  * Store exctracted dump info in elastic [[#983](https://github.com/LDO-CERT/orochi/issues/983)]
+  * Add comment to dump [[#988](https://github.com/LDO-CERT/orochi/issues/988)]
+  * Ldap support [[#948](https://github.com/LDO-CERT/orochi/issues/948)]
+  * Run plugin on multiple images [[#951](https://github.com/LDO-CERT/orochi/issues/951)]
 </details>
 
 <details>

diff --git a/compose/local/dask/Dockerfile b/compose/local/dask/Dockerfile
@@ -1,13 +1,17 @@
-FROM daskdev/dask:dev-py3.11
+FROM daskdev/dask:2024.1.1-py3.11
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN apt-get --allow-releaseinfo-change update \
   # dependencies for building Python packages
-  && apt-get install --no-install-recommends -y build-essential \
-  # django minimal libs
-  libpq-dev gettext \
-  # zip
+  && apt-get install -y --no-install-recommends build-essential \
+  # ldap
+  libsasl2-dev python3-dev libldap2-dev libssl-dev \
+  # psycopg2 dependencies
+  libpq-dev \
+  # archive
   libmagic1 p7zip-full \
+  # Translations dependencies
+  gettext \
   # Clamav
   clamav-daemon clamav-freshclam clamav-unofficial-sigs \
   # requirement to compile yara

diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
@@ -7,6 +7,8 @@ ENV PYTHONDONTWRITEBYTECODE 1
 RUN apt-get update \
   # dependencies for building Python packages
   && apt-get install -y --no-install-recommends build-essential \
+  # ldap
+  libsasl2-dev python3-dev libldap2-dev libssl-dev \
   # psycopg2 dependencies
   libpq-dev \
   # archive
@@ -23,8 +25,7 @@ RUN mkdir -p /app
 
 FROM common-base as base-builder
 RUN apt-get update \
-  # ldap support
-  && apt-get install --no-install-recommends -y libsasl2-dev libldap2-dev libssl-dev \
+  && apt-get install --no-install-recommends -y \
   # utils
   curl unzip \
   # requirement to compile yara
@@ -47,7 +48,7 @@ RUN ./bootstrap.sh \
   && make install \
   && echo "Install yara-python..."
 WORKDIR /tmp
-RUN git clone --branch v4.2.x  --recursive https://github.com/VirusTotal/yara-python
+RUN git clone --branch v4.2.x --recursive https://github.com/VirusTotal/yara-python
 WORKDIR /tmp/yara-python
 RUN python setup.py build
 

diff --git a/config/api_router.py b/config/api_router.py
@@ -1,14 +1,9 @@
-from django.urls import path, include
 from django.conf import settings
+from django.urls import include, path
 from rest_framework_nested import routers
 
 from orochi.users.api.views import UserViewSet
-from orochi.website.api.views import (
-    DumpViewSet,
-    ResultViewSet,
-    PluginViewSet,
-    ExtractedDumpViewSet,
-)
+from orochi.website.api.views import DumpViewSet, PluginViewSet, ResultViewSet
 
 if settings.DEBUG:
     router = routers.DefaultRouter()
@@ -20,11 +15,7 @@
 router.register(r"plugin", PluginViewSet)
 dumps_router = routers.NestedSimpleRouter(router, r"dumps", lookup="dump")
 dumps_router.register(r"results", ResultViewSet, basename="dump-plugins")
-
 extdumps_router = routers.NestedSimpleRouter(dumps_router, r"results", lookup="result")
-extdumps_router.register(
-    r"ext-dumps", ExtractedDumpViewSet, basename="dump-plugins-ext"
-)
 
 app_name = "api"
 urlpatterns = [

diff --git a/config/settings/base.py b/config/settings/base.py
@@ -5,6 +5,8 @@
 from pathlib import Path
 
 import environ
+import ldap
+from django_auth_ldap.config import LDAPSearch
 
 ROOT_DIR = Path(__file__).resolve(strict=True).parent.parent.parent
 # orochi/
@@ -92,6 +94,20 @@
     "guardian.backends.ObjectPermissionBackend",
 ]
 
+
+if use_ldap := env.bool("USE_LDAP", False):
+    AUTHENTICATION_BACKENDS = [
+        "django_auth_ldap.backend.LDAPBackend"
+        "django.contrib.auth.backends.ModelBackend",
+        "guardian.backends.ObjectPermissionBackend",
+    ]
+else:
+    AUTHENTICATION_BACKENDS = [
+        "django.contrib.auth.backends.ModelBackend",
+        "allauth.account.auth_backends.AuthenticationBackend",
+        "guardian.backends.ObjectPermissionBackend",
+    ]
+
 AUTH_USER_MODEL = "users.User"
 LOGIN_REDIRECT_URL = "users:redirect"
 LOGIN_URL = "account_login"
@@ -259,13 +275,26 @@
 ASGI_APPLICATION = "config.routing.application"
 CHANNEL_LAYERS = {
     "default": {
-        "BACKEND": "channels_redis.core.RedisChannelLayer",
+        "BACKEND": "channels_redis.pubsub.RedisPubSubChannelLayer",
         "CONFIG": {
             "hosts": [(env("REDIS_SERVER"), env("REDIS_PORT"))],
         },
     },
 }
 
+# LDAP
+# ------------------------------------------------------------------------------
+if use_ldap:
+    AUTH_LDAP_SERVER_URI = env("AUTH_LDAP_SERVER_URI")
+    AUTH_LDAP_BIND_DN = env("AUTH_LDAP_BIND_DN")
+    AUTH_LDAP_BIND_PASSWORD = env("AUTH_LDAP_BIND_PASSWORD")
+    AUTH_LDAP_USER_SEARCH = LDAPSearch(
+        env("AUTH_LDAP_USER_SEARCH_DN"),
+        ldap.SCOPE_SUBTREE,
+        env("AUTH_LDAP_USER_SEARCH_ALIAS"),
+    )
+    AUTH_LDAP_USER_ATTR_MAP = env.dict("AUTH_LDAP_USER_ATTR_MAP")
+
 # REST FRAMEWORK
 # -------------------------------------------------------------------------------
 REST_FRAMEWORK = {

diff --git a/orochi/static/css/style.css b/orochi/static/css/style.css
@@ -120,10 +120,17 @@ main {
   transform: rotate(45deg);
 }
 
+
 /********************************************************
   DUMP MENU ICONS
 ********************************************************/
 
+.download-index{
+  color:#440b5d;
+}
+
+.error-index:hover,
+.download-index:hover,
 .restart-index:hover,
 .remove-index:hover,
 .hex-index:hover,
@@ -134,6 +141,8 @@ main {
   color: black;
 }
 
+.error-index,
+.download-index,
 .restart-index,
 .remove-index,
 .hex-index,
@@ -143,6 +152,8 @@ main {
   border: 0px;
 }
 
+.btn-sm.error-index:hover,
+.btn-sm.download-index:hover,
 .btn-sm.restart-index:hover,
 .btn-sm.remove-index:hover,
 .btn-sm.hex-index:hover,
@@ -156,6 +167,8 @@ main {
   color: black;
 }
 
+.btn-sm.error-index,
+.btn-sm.download-index,
 .btn-sm.restart-index,
 .btn-sm.remove-index,
 .btn-sm.hex-index,
@@ -169,47 +182,6 @@ main {
   border: 0px;
 }
 
-/********************************************************
-  BORDER FOR PLUGIN STATUS
-********************************************************/
-
-.bd-callout {
-  padding: 0.1rem;
-  margin-bottom: 0.25rem;
-  border: 1px solid #eee;
-  border-left-width: 1rem;
-  border-radius: 0.25rem;
-}
-
-.bd-callout p:last-child {
-  margin-bottom: 0;
-}
-
-.bd-callout + .bd-callout {
-  margin-top: -0.25rem;
-}
-
-.bd-callout-Empty,
-.bd-callout-Success {
-  border-left-color: #227722;
-}
-
-.bd-callout-Running {
-  border-left-color: #5bc0de;
-}
-
-.bd-callout-Unsatisfied {
-  border-left-color: #f0ad4e;
-}
-
-.bd-callout-Error {
-  border-left-color: #d9534f;
-}
-
-.bd-callout-Disabled {
-  border-left-color: #000000;
-}
-
 /********************************************************
   OROCHI LOGO
 ********************************************************/
@@ -219,13 +191,6 @@ main {
   padding-top: 10px;
 }
 
-/********************************************************
-  FLOATING WS BUTTON & NOTE SIDEBAR
-********************************************************/
-.header-button{
-  margin-top: 20px;
-  height:40px
-}
 
 /********************************************************
   TABLE

diff --git a/orochi/templates/base.html b/orochi/templates/base.html
@@ -36,31 +36,18 @@
       {% if request.user.is_authenticated %}
 
       <ul class="nav col-12 col-md-auto mb-2 justify-content-center mb-md-0">
-        <div class="btn-group" role="group">
-          <button class="btn btn-primary header-button" type="button" id="bookmark" disabled>
-            <i class=" fas fa-piggy-bank"></i>
-          </button>
-          <button class="btn btn-primary header-button" type="button" data-bs-toggle="offcanvas" id="toggle_note"
-            data-bs-target="#leftNote">
-            <i class=" fas fa-sticky-note"></i>
-          </button>
-          <button class="btn btn-primary header-button" type="button" data-toggle="tooltip" data-placement="top"
-            title="tasks running" disabled>
-            <span role="status" id="tasks_running">0</span>
-          </button>
-        </div>
-        {% if user.is_staff %}
         <li>
-          <a href="{% url 'admin:index' %}" class="nav-link link-body-emphasis">
-            <i class="fa fa-xl fa-crown bi d-block mx-auto mb-1"></i>{% trans "Admin"%}
+          <a href="{% url 'users:plugins' username=request.user.username %}" class="nav-link link-body-emphasis">
+            <i class="fa fa-xl fa-dice-d20 bi d-block mx-auto mb-1"></i>{% trans "Plugins"%}
           </a>
         </li>
-        {% endif %}
+
         <li>
-          <a href="{% url 'users:plugins' username=request.user.username %}" class="nav-link link-body-emphasis">
-            <i class="fa fa-xl fa-dice-d20 bi d-block mx-auto mb-1"></i>{% trans "Plugins"%}
+          <a href="{% url 'website:list_symbols' %}" class="nav-link link-body-emphasis">
+            <i class="fas fa-xl fa-dollar-sign bi d-block mx-auto mb-1"></i>{% trans "Symbols"%}
           </a>
         </li>
+
         <li>
           <a href="{% url 'users:rules' username=request.user.username %}" class="nav-link link-body-emphasis">
             <i class="fas fa-xl fa-ruler bi d-block mx-auto mb-1"></i>{% trans "Rules"%}
@@ -75,7 +62,7 @@
           <ul class="dropdown-menu text-small">
             <li>
               <a class="dropdown-item" href="{% url 'users:bookmarks' username=request.user.username %}">
-                {% trans "Bookmarks page"%}
+                <i class="fa fa-fire-alt"></i> {% trans "Bookmarks"%}
               </a>
             </li>
             {% if bookmarks %}
@@ -100,6 +87,13 @@
             <i class="fa fa-xl fa-dragon bi d-block mx-auto mb-1"></i>{{request.user}}
           </a>
           <ul class="dropdown-menu text-small">
+            {% if user.is_staff %}
+            <li>
+              <a href="{% url 'admin:index' %}" class="dropdown-item" target="_blank">
+                <i class="fa fa-crown"></i> {% trans "Admin"%}
+              </a>
+            </li>
+            {% endif %}
             <li>
               <a class="dropdown-item" href="#" id="about">
                 <i class="fa fa-people-pulling"></i> {% trans "About" %}
@@ -127,6 +121,16 @@
           </ul>
         </div>
       </ul>
+      <div class="btn-group-vertical">
+        <button class="btn btn-outline-warning btn-sm" style="text-align: left;" type="button"
+          data-bs-toggle="offcanvas" id="toggle_note" data-bs-target="#leftNote">
+          <i class="fas fa-sticky-note"></i> History Log
+        </button>
+        <button class="btn btn-outline-secondary btn-sm" style="text-align: left;" type="button" data-toggle="tooltip"
+          data-placement="top" title="tasks running" disabled>
+          <span role="status" id="tasks_running">0</span> Running Tasks
+        </button>
+      </div>
       {% endif %}
     </header>
 

diff --git a/orochi/templates/website/file_download.html b/orochi/templates/website/file_download.html
@@ -0,0 +1,22 @@
+<div class="btn-group" role="group" aria-label="Actions">
+    {% if down_path %}
+    <a href="#" class="download_obj btn btn-primary btn-sm" data-path="{{down_path}}" title="Download">
+        <i class="fas fa-file-download"></i>
+    </a>
+    {% endif %}
+    {% if misp_configured %}
+    <a href="#" class="misp_export btn btn-primary btn-sm" data-path="{{down_path}}" title="Misp Export">
+        <i class="fas fa-file-export"></i>
+    </a>
+    {% endif %}
+    {% if regipy %}
+    <a href="/json_view/{{down_path}}.regipy.json" target="_blank" class="btn btn-primary btn-sm" title="Regipy Report">
+        <i class="fas fa-external-link-alt"></i>
+    </a>
+    {% endif %}
+    {% if vt %}
+    <a href="#" class="vt_report btn btn-primary btn-sm" data-path="{{down_path}}.vt.json" title="Virustotal Report">
+        <i class="fas fa-virus"></i>
+    </a>
+    {% endif %}
+</div>