Merge pull request #978 from LDO-CERT/dj

2.0.1

CHANGELOG.md

@@ -1,44 +1,71 @@
-# OROCHI 2.0.0 [2024/01/09]
-- Update libs and UI
-- Re-Run default enabled plugins [[#950](https://github.com/LDO-CERT/orochi/issues/950)]
-- Pending task count [[#255](https://github.com/LDO-CERT/orochi/issues/255)]
-- Update vt python libs
-
-# OROCHI 1.3.1 [2022/01/17]
-- Unzip password protected file [#484](https://github.com/LDO-CERT/orochi/issues/484)
-- Md5 support for dumped files [#489](https://github.com/LDO-CERT/orochi/issues/489)
-- Improve elasticsearch details [#462](https://github.com/LDO-CERT/orochi/issues/462)
-- Add info for uploaded dumps [#488](https://github.com/LDO-CERT/orochi/issues/488)
-- HEX viewer [#495](https://github.com/LDO-CERT/orochi/issues/495)
-
-### OROCHI 1.3.0 [2021/10/02]
-- Manage custom plugins [#245](https://github.com/LDO-CERT/orochi/issues/245)
-- YARA rules management [#28](https://github.com/LDO-CERT/orochi/issues/28)
-- Manage results with more than 10k rows [#3](https://github.com/LDO-CERT/orochi/issues/3)
-- Added docker-compose for swarm [#252](https://github.com/LDO-CERT/orochi/issues/252) with documentation [#257](https://github.com/LDO-CERT/orochi/issues/257)
-- Improved search [#271](https://github.com/LDO-CERT/orochi/issues/271)
-- Use multi-stage builds [#242](https://github.com/LDO-CERT/orochi/issues/242)
-- Pre built images available on [ghcr](https://github.com/orgs/LDO-CERT/packages?repo_name=orochi) for a faster deployment
-
-### OROCHI 1.2.0  [2021/03/22]:
-- Yara management
-- Symbols support check for linux/mac
-- Symbols download helper for missing ones
-- Improved dask logging
-- Added Bookmarks
-- Added MISP export
-- Clear cache when worker start (useful in swarm mode)
-- Added page autorefresh control
-
-### OROCHI 1.1.0 [2020/10/29]:
-- API: dump workflow can be done from api
-- Volatility: support for new file interface
-
-### OROCHI 1.0.0 [2020/09/25]:
-- execute Volatility 3 plugins and show results in table
-- plugins parameters support
-- custom template for timeliner, pstree
-- compare multiple plugin results in tabular format
-- compare 2 plugin results in json diff
-- automatic scan dump files with clamav and virustotal
-- automatic parsing of hives with regipy
+## Changelog
+
+<details open>
+  <summary><b>WIP</b></summary>
+
+  * Add support for linux dump
+  * Paginate analysis result
+</details>
+
+<details>
+  <summary><b>OROCHI 2.0.0 [2024/01/09]</b></summary>
+
+  * Update libs and UI
+  * Re-Run default enabled plugins [[#950](https://github.com/LDO-CERT/orochi/issues/950)]
+  * Pending task count [[#255](https://github.com/LDO-CERT/orochi/issues/255)]
+  * Update vt python libs
+</details>
+
+<details>
+  <summary><b>OROCHI 1.3.1 [2022/01/17]</b></summary>
+
+  * Unzip password protected file [#484](https://github.com/LDO-CERT/orochi/issues/484)
+  * Md5 support for dumped files [#489](https://github.com/LDO-CERT/orochi/issues/489)
+  * Improve elasticsearch details [#462](https://github.com/LDO-CERT/orochi/issues/462)
+  * Add info for uploaded dumps [#488](https://github.com/LDO-CERT/orochi/issues/488)
+  * HEX viewer [#495](https://github.com/LDO-CERT/orochi/issues/495)
+</details>
+
+<details>
+  <summary><b>OROCHI 1.3.0 [2021/10/02]</b></summary>
+
+  * Manage custom plugins [#245](https://github.com/LDO-CERT/orochi/issues/245)
+  * YARA rules management [#28](https://github.com/LDO-CERT/orochi/issues/28)
+  * Manage results with more than 10k rows [#3](https://github.com/LDO-CERT/orochi/issues/3)
+  * Added docker-compose for swarm [#252](https://github.com/LDO-CERT/orochi/issues/252) with documentation [#257](https://github.com/LDO-CERT/orochi/issues/257)
+  * Improved search [#271](https://github.com/LDO-CERT/orochi/issues/271)
+  * Use multi-stage builds [#242](https://github.com/LDO-CERT/orochi/issues/242)
+  * Pre built images available on [ghcr](https://github.com/orgs/LDO-CERT/packages?repo_name=orochi) for a faster deployment
+</details>
+
+<details>
+  <summary><b>OROCHI 1.2.0  [2021/03/22]</b></summary>
+
+  * Yara management
+  * Symbols support check for linux/mac
+  * Symbols download helper for missing ones
+  * Improved dask logging
+  * Added Bookmarks
+  * Added MISP export
+  * Clear cache when worker start (useful in swarm mode)
+  * Added page autorefresh control
+</details>
+
+<details>
+  <summary><b>OROCHI 1.1.0 [2020/10/29]</b></summary>
+
+  * API: dump workflow can be done from api
+  * Volatility: support for new file interface
+</details>
+
+<details>
+  <summary><b>OROCHI 1.0.0 [2020/09/25]</b></summary>
+
+  * execute Volatility 3 plugins and show results in table
+  * plugins parameters support
+  * custom template for timeliner, pstree
+  * compare multiple plugin results in tabular format
+  * compare 2 plugin results in json diff
+  * automatic scan dump files with clamav and virustotal
+  * automatic parsing of hives with regipy
+</details>

compose/local/__init__.py

@@ -0,0 +1,140 @@
+# This file is Copyright 2019 Volatility Foundation and licensed under the Volatility Software License 1.0
+# which is available at https://www.volatilityfoundation.org/license/vsl-v1.0
+#
+"""Volatility 3 Constants.
+
+Stores all the constant values that are generally fixed throughout
+volatility This includes default scanning block sizes, etc.
+"""
+import enum
+import os.path
+import sys
+import warnings
+from typing import Callable, Optional
+
+import volatility3.framework.constants.linux
+import volatility3.framework.constants.windows
+
+PLUGINS_PATH = [
+    os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "plugins")),
+    os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "plugins")),
+]
+"""Default list of paths to load plugins from (volatility3/plugins and volatility3/framework/plugins)"""
+
+SYMBOL_BASEPATHS = [
+    os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "symbols")),
+    os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "symbols")),
+]
+"""Default list of paths to load symbols from (volatility3/symbols and volatility3/framework/symbols)"""
+
+ISF_EXTENSIONS = [".json", ".json.xz", ".json.gz", ".json.bz2"]
+"""List of accepted extensions for ISF files"""
+
+if hasattr(sys, "frozen") and sys.frozen:
+    # Ensure we include the executable's directory as the base for plugins and symbols
+    PLUGINS_PATH = [
+        os.path.abspath(os.path.join(os.path.dirname(sys.executable), "plugins"))
+    ] + PLUGINS_PATH
+    SYMBOL_BASEPATHS = [
+        os.path.abspath(os.path.join(os.path.dirname(sys.executable), "symbols"))
+    ] + SYMBOL_BASEPATHS
+
+BANG = "!"
+"""Constant used to delimit table names from type names when referring to a symbol"""
+
+# We use the SemVer 2.0.0 versioning scheme
+VERSION_MAJOR = 2  # Number of releases of the library with a breaking change
+VERSION_MINOR = 5  # Number of changes that only add to the interface
+VERSION_PATCH = 2  # Number of changes that do not change the interface
+VERSION_SUFFIX = ""
+
+# TODO: At version 2.0.0, remove the symbol_shift feature
+
+PACKAGE_VERSION = (
+    ".".join([str(x) for x in [VERSION_MAJOR, VERSION_MINOR, VERSION_PATCH]])
+    + VERSION_SUFFIX
+)
+"""The canonical version of the volatility3 package"""
+
+AUTOMAGIC_CONFIG_PATH = "automagic"
+"""The root section within the context configuration for automagic values"""
+
+LOGLEVEL_V = 9
+"""Logging level for a single -v"""
+LOGLEVEL_VV = 8
+"""Logging level for -vv"""
+LOGLEVEL_VVV = 7
+"""Logging level for -vvv"""
+LOGLEVEL_VVVV = 6
+"""Logging level for -vvvv"""
+
+CACHE_PATH = os.path.join(os.path.expanduser("~"), ".cache", "volatility3")
+"""Default path to store cached data"""
+
+SQLITE_CACHE_PERIOD = "-3 days"
+"""SQLite time modifier for how long each item is valid in the cache for"""
+
+if sys.platform == "win32":
+    CACHE_PATH = os.path.realpath(
+        os.path.join(os.environ.get("APPDATA", os.path.expanduser("~")), "volatility3")
+    )
+os.makedirs(CACHE_PATH, exist_ok=True)
+
+IDENTIFIERS_FILENAME = "identifier.cache"
+"""Default location to record information about available identifiers"""
+
+CACHE_SQLITE_SCHEMA_VERSION = 1
+"""Version for the sqlite3 cache schema"""
+
+BUG_URL = "https://github.com/volatilityfoundation/volatility3/issues"
+
+ProgressCallback = Optional[Callable[[float, str], None]]
+"""Type information for ProgressCallback objects"""
+
+OS_CATEGORIES = ["windows", "mac", "linux"]
+
+
+class Parallelism(enum.IntEnum):
+    """An enumeration listing the different types of parallelism applied to
+    volatility."""
+
+    Off = 0
+    Threading = 1
+    Multiprocessing = 2
+
+
+PARALLELISM = Parallelism.Off
+"""Default value to the parallelism setting used throughout volatility"""
+
+ISF_MINIMUM_SUPPORTED = (2, 0, 0)
+"""The minimum supported version of the Intermediate Symbol Format"""
+ISF_MINIMUM_DEPRECATED = (3, 9, 9)
+"""The highest version of the ISF that's deprecated (usually higher than supported)"""
+OFFLINE = False
+"""Whether to go online to retrieve missing/necessary JSON files"""
+
+REMOTE_ISF_URL = "https://github.com/Abyss-W4tcher/volatility3-symbols/raw/master/banners/banners.json"  # 'http://localhost:8000/banners.json'
+"""Remote URL to query for a list of ISF addresses"""
+
+###
+# DEPRECATED VALUES
+###
+
+_deprecated_LINUX_BANNERS_FILENAME = os.path.join(CACHE_PATH, "linux_banners.cache")
+"""This value is deprecated and is no longer used within volatility"""
+
+_deprecated_MAC_BANNERS_PATH = os.path.join(CACHE_PATH, "mac_banners.cache")
+"""This value is deprecated and is no longer used within volatility"""
+
+_deprecated_IDENTIFIERS_PATH = os.path.join(CACHE_PATH, IDENTIFIERS_FILENAME)
+"""This value is deprecated in favour of CACHE_PATH joined to IDENTIFIER_FILENAME"""
+
+
+def __getattr__(name):
+    deprecated_tag = "_deprecated_"
+    if name in [
+        x[len(deprecated_tag) :] for x in globals() if x.startswith(deprecated_tag)
+    ]:
+        warnings.warn(f"{name} is deprecated", FutureWarning)
+        return globals()[f"{deprecated_tag}{name}"]
+    return None

config/settings/base.py

@@ -279,7 +279,7 @@
 
 # django-cors-headers - https://github.com/adamchainz/django-cors-headers#setup
 CORS_URLS_REGEX = r"^/api/.*$"
-CSRF_TRUSTED_ORIGINS = env("CSRF_TRUSTED_ORIGINS")
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS")
 # OROCHI CONFIGURATIONS
 # -------------------------------------------------------------------------------
 

config/settings/local.py

@@ -29,6 +29,9 @@
 # ------------------------------------------------------------------------------
 EMAIL_HOST = env("EMAIL_HOST", default="mailhog")
 EMAIL_PORT = 1025
+EMAIL_USE_TLS = env("EMAIL_USE_TLS", default=True)
+EMAIL_HOST_USER = env("EMAIL_HOST_USER", default=None)
+EMAIL_HOST_PASSWORD = env("EMAIL_HOST_PASSWORD", default=None)
 
 # WhiteNoise
 # ------------------------------------------------------------------------------

docker-compose-swarm.yml

@@ -23,7 +23,7 @@ volumes:
     driver_opts:
       type: "nfs"
       o: "addr=nfs_server_ip,nolock,soft,rw,nfsvers=4"
-      device: ":/var/nfs/yara"      
+      device: ":/var/nfs/yara"
   cache_path:
     driver: local
     driver_opts:
@@ -71,6 +71,7 @@ services:
       - plugin_path:/src/volatility3/volatility3/framework/plugins/custom
       - yara_path:/yara
       - cache_path:/root/.cache/volatility3
+      - ./compose/local/__init__.py:/src/volatility3/volatility3/framework/constants/__init__.py
     env_file:
       - ./.envs/.local/.django
       - ./.envs/.local/.postgres
@@ -215,6 +216,7 @@ services:
       - plugin_path:/src/volatility3/volatility3/framework/plugins/custom
       - yara_path:/yara
       - cache_path:/root/.cache/volatility3
+      - ./compose/local/__init__.py:/src/volatility3/volatility3/framework/constants/__init__.py
     env_file:
       - ./.envs/.local/.django
       - ./.envs/.local/.postgres

docker-compose.yml

@@ -33,6 +33,7 @@ services:
       - plugin_path:/src/volatility3/volatility3/framework/plugins/custom
       - yara_path:/yara
       - cache_path:/root/.cache/volatility3
+      - ./compose/local/__init__.py:/src/volatility3/volatility3/framework/constants/__init__.py
     env_file:
       - ./.envs/.local/.django
       - ./.envs/.local/.postgres
@@ -177,6 +178,7 @@ services:
       - plugin_path:/src/volatility3/volatility3/framework/plugins/custom
       - yara_path:/yara
       - cache_path:/root/.cache/volatility3
+      - ./compose/local/__init__.py:/src/volatility3/volatility3/framework/constants/__init__.py
     env_file:
       - ./.envs/.local/.django
       - ./.envs/.local/.postgres