python3.12 - go1.22 - ws updates

LDO-CERT · Feb 26, 2024 · 7e6009b · 7e6009b
1 parent e7cf9f7
commit 7e6009b
Show file tree

Hide file tree

Showing 19 changed files with 294 additions and 275 deletions.
diff --git a/.envs/.local/.django b/.envs/.local/.django
@@ -52,4 +52,4 @@ no_proxy=
 
 # CSRF_TRUSTED_ORIGINS
 # ------------------------------------------------------------------------------
-CSRF_TRUSTED_ORIGINS=https://orochi.dev
+CSRF_TRUSTED_ORIGINS=https://orochi.dev,https://localhost
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@ repos:
       - id: check-yaml
 
   - repo: https://github.com/psf/black
-    rev: 24.1.1
+    rev: 24.2.0
     hooks:
       - id: black
 

diff --git a/compose/local/dask/Dockerfile b/compose/local/dask/Dockerfile
@@ -1,4 +1,4 @@
-FROM daskdev/dask:2024.1.1-py3.11
+FROM daskdev/dask:dev-py3.12
 ENV DEBIAN_FRONTEND noninteractive
 RUN echo "export VIRTUAL_ENV=`python -c 'import sys; print(sys.prefix)'`" >> /envfile
 

diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11-slim-buster as common-base
+FROM python:3.12-slim-bookworm as common-base
 
 ENV DJANGO_SETTINGS_MODULE config.settings.local
 ENV PYTHONUNBUFFERED 1
@@ -57,10 +57,8 @@ RUN python setup.py build
 
 FROM base-builder as go-builder
 WORKDIR /
-RUN curl https://dl.google.com/go/go1.15.2.linux-amd64.tar.gz --output go1.15.2.linux-amd64.tar.gz \
-  && tar -C /usr/local -xzf go1.15.2.linux-amd64.tar.gz
-RUN curl https://dl.google.com/go/go1.15.2.linux-amd64.tar.gz --output go1.15.2.linux-amd64.tar.gz \
-  && tar -C /usr/local -xzf go1.15.2.linux-amd64.tar.gz
+RUN curl https://dl.google.com/go/go1.22.0.linux-amd64.tar.gz --output go1.22.0.linux-amd64.tar.gz \
+  && tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz
 RUN git clone https://github.com/volatilityfoundation/dwarf2json.git
 WORKDIR /dwarf2json
 RUN /usr/local/go/bin/go build

diff --git a/compose/local/nginx/conf/default.conf b/compose/local/nginx/conf/default.conf
@@ -23,8 +23,8 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name orochi.dev;
 

diff --git a/config/routing.py b/config/routing.py
@@ -1,13 +1,15 @@
-import orochi.website.routing
-from django.core.asgi import get_asgi_application
 from channels.auth import AuthMiddlewareStack
 from channels.routing import ProtocolTypeRouter, URLRouter
+from channels.security.websocket import AllowedHostsOriginValidator
+from django.core.asgi import get_asgi_application
+
+import orochi.website.routing
 
 application = ProtocolTypeRouter(
     {
         "http": get_asgi_application(),
-        "websocket": AuthMiddlewareStack(
-            URLRouter(orochi.website.routing.websocket_urlpatterns)
+        "websocket": AllowedHostsOriginValidator(
+            AuthMiddlewareStack(URLRouter(orochi.website.routing.websocket_urlpatterns))
         ),
     }
 )
diff --git a/config/settings/base.py b/config/settings/base.py
@@ -276,7 +276,7 @@
 ASGI_APPLICATION = "config.routing.application"
 CHANNEL_LAYERS = {
     "default": {
-        "BACKEND": "channels_redis.pubsub.RedisPubSubChannelLayer",
+        "BACKEND": "channels_redis.core.RedisChannelLayer",
         "CONFIG": {
             "hosts": [(env("REDIS_SERVER"), env("REDIS_PORT"))],
         },

diff --git a/orochi/templates/website/index.html b/orochi/templates/website/index.html
@@ -148,7 +148,8 @@ <h5 class="offcanvas-title" id="leftNoteLabel">History Log</h5>
         });
 
         // WS, UPDATE NOTE
-        const chatSocket = new WebSocket(`ws://${window.location.host}/ws/notify/{{ user.pk }}/`);
+        var ws_scheme = window.location.protocol == "https:" ? "wss" : "ws";
+        const chatSocket = new WebSocket(`${ws_scheme}://${window.location.host}/ws/notify/{{ user.pk }}/`);
         chatSocket.onmessage = function (e) {
             const data = JSON.parse(e.data);
             const text = data.message.split("||")[1];

diff --git a/orochi/utils/volatility_dask_elk.py b/orochi/utils/volatility_dask_elk.py
@@ -21,15 +21,13 @@
 import requests
 import volatility3.plugins
 import vt
-from asgiref.sync import async_to_sync, sync_to_async
+from asgiref.sync import sync_to_async
 from bs4 import BeautifulSoup
-from channels.layers import DEFAULT_CHANNEL_LAYER, channel_layers
 from clamdpy import ClamdUnixSocket
 from distributed import fire_and_forget, get_client, rejoin, secede
 from django.conf import settings
 from elasticsearch import Elasticsearch, helpers
 from elasticsearch_dsl import Search
-from guardian.shortcuts import get_users_with_perms
 from regipy.registry import RegistryHive
 from volatility3 import cli, framework
 from volatility3.cli.text_renderer import (
@@ -56,7 +54,7 @@
     ListRequirement,
 )
 
-from orochi.website.models import (
+from orochi.website.defaults import (
     DUMP_STATUS_COMPLETED,
     DUMP_STATUS_ERROR,
     DUMP_STATUS_MISSING_SYMBOLS,
@@ -68,11 +66,8 @@
     RESULT_STATUS_SUCCESS,
     RESULT_STATUS_UNSATISFIED,
     SERVICE_VIRUSTOTAL,
-    CustomRule,
-    Dump,
-    Result,
-    Service,
 )
+from orochi.website.models import CustomRule, Dump, Result, Service
 
 BANNER_REGEX = r'^"?Linux version (?P<kernel>\S+) (?P<build>.+) \(((?P<gcc>gcc.+)) #(?P<number>\d+)(?P<info>.+)$"?'
 
@@ -83,16 +78,6 @@
     "Changed Date": "#FFFF00",
 }
 
-TOAST_COLORS = {
-    0: "blue",
-    1: "yellow",
-    2: "green",
-    3: "green",
-    4: "orange",
-    5: "red",
-    6: "black",
-}
-
 
 class MuteProgress(object):
     """
@@ -326,41 +311,6 @@ def run_regipy(filepath):
         logging.error(e)
 
 
-def send_to_ws(dump, result=None, plugin_name=None, message=None, color=None):
-    """
-    Notifies plugin result to websocket
-    """
-
-    users = get_users_with_perms(dump, only_with_perms_in=["can_see"])
-    channel_layer = channel_layers.make_backend(DEFAULT_CHANNEL_LAYER)
-    if not channel_layer:
-        return
-    for user in users:
-        if result and plugin_name:
-            async_to_sync(channel_layer.group_send)(
-                f"chat_{user.pk}",
-                {
-                    "type": "chat_message",
-                    "message": f"""{datetime.datetime.now().strftime("%d/%m/%Y %H:%M")}||"""
-                    f"""Plugin <b>{plugin_name}</b> on dump <b>{dump.name}</b> ended<br>"""
-                    f"""Status: <b style='color:{TOAST_COLORS[result.result]}'>{result.get_result_display()}</b>""",
-                },
-            )
-        elif message and color:
-            async_to_sync(channel_layer.group_send)(
-                f"chat_{user.pk}",
-                {
-                    "type": "chat_message",
-                    "message": f"""{datetime.datetime.now().strftime("%d/%m/%Y %H:%M")}||"""
-                    f"""Message on dump <b>{dump.name}</b><br><b style='color:{TOAST_COLORS[color]}'>{message}</b>""",
-                },
-            )
-    try:
-        channel_layer.close()
-    except RuntimeError as excp:
-        logging.error(str(excp))
-
-
 def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
     """
     Execute a single plugin on a dump with optional params.
@@ -599,7 +549,6 @@ def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
             result.save()
 
             logging.debug(f"[dump {dump_obj.pk} - plugin {plugin_obj.pk}] empty")
-        send_to_ws(dump_obj, result, plugin_obj.name)
         return 0
 
     except Exception as excp:
@@ -609,7 +558,6 @@ def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
         result.result = RESULT_STATUS_ERROR
         result.description = "\n".join(fulltrace)
         result.save()
-        send_to_ws(dump_obj, result, plugin_obj.name)
         logging.error(f"[dump {dump_obj.pk} - plugin {plugin_obj.pk}] generic error")
         return 0
 
@@ -910,9 +858,6 @@ def unzip_then_run(dump_pk, user_pk, password, restart, move):
             for result in tasks_list:
                 result.result = RESULT_STATUS_DISABLED
                 result.save()
-            send_to_ws(
-                dump, message="Missing symbols! All plugin are disabled", color=4
-            )
     except Exception as excp:
         logging.error(f"[dump {dump_pk}] - {excp}")
         dump.description = excp
@@ -926,6 +871,3 @@ def unzip_then_run(dump_pk, user_pk, password, restart, move):
         for result in tasks_list:
             result.result = RESULT_STATUS_DISABLED
             result.save()
-        send_to_ws(
-            dump, message="Error in file creation! All plugin are disabled", color=4
-        )
diff --git a/orochi/website/admin.py b/orochi/website/admin.py
@@ -1,19 +1,17 @@
 from allauth.socialaccount.models import SocialAccount, SocialApp, SocialToken
 from django.contrib import admin
 from django.contrib.auth.models import Group
-from django.db import models
 from django_admin_listfilter_dropdown.filters import RelatedDropdownFilter
 from django_admin_multiple_choice_list_filter.list_filters import (
     MultipleChoiceListFilter,
 )
 from django_file_form.model_admin import FileFormAdmin
 from django_file_form.models import TemporaryUploadedFile
-from django_json_widget.widgets import JSONEditorWidget
 from guardian.admin import GuardedModelAdmin
 
+from orochi.website.defaults import RESULT
 from orochi.website.forms import PluginCreateAdminForm, PluginEditAdminForm
 from orochi.website.models import (
-    RESULT,
     Bookmark,
     CustomRule,
     Dump,

diff --git a/orochi/website/api/views.py b/orochi/website/api/views.py
@@ -36,14 +36,8 @@
     ShortDumpSerializer,
     ShortResultSerializer,
 )
-from orochi.website.models import (
-    RESULT_STATUS_NOT_STARTED,
-    RESULT_STATUS_RUNNING,
-    Dump,
-    Plugin,
-    Result,
-    UserPlugin,
-)
+from orochi.website.defaults import RESULT_STATUS_NOT_STARTED, RESULT_STATUS_RUNNING
+from orochi.website.models import Dump, Plugin, Result, UserPlugin
 from orochi.website.views import index_f_and_f, plugin_f_and_f
 
 

diff --git a/orochi/website/consumers.py b/orochi/website/consumers.py
@@ -1,4 +1,5 @@
 import json
+import logging
 
 from channels.generic.websocket import AsyncWebsocketConsumer
 
@@ -7,25 +8,27 @@ class NotifyConsumer(AsyncWebsocketConsumer):
     async def connect(self):
         # User connects to his update channel
         self.room_name = self.scope["url_route"]["kwargs"]["user_id"]
-        self.room_group_name = f"chat_{self.room_name}"
-        await self.channel_layer.group_add(self.room_group_name, self.channel_name)
+        await self.channel_layer.group_add(f"chat_{self.room_name}", self.channel_name)
+        logging.info(f"User connected to chat_{self.room_name} - {self.channel_name}")
         await self.accept()
 
     async def disconnect(self, close_code):
         # User leaves room group
+        logging.info(
+            f"User disconnected from {self.room_group_name} - {self.channel_name}"
+        )
         await self.channel_layer.group_discard(self.room_group_name, self.channel_name)
 
     async def receive(self, text_data):
         # Receive message from WebSocket
         text_data_json = json.loads(text_data)
-        message = text_data_json["message"]
 
         # Send message to room group
         await self.channel_layer.group_send(
-            self.room_group_name, {"type": "chat_message", "message": message}
+            self.room_group_name,
+            {"type": "chat_message", "message": text_data_json["message"]},
         )
 
     async def chat_message(self, event):
         # Receive message from room group
-        message = event["message"]
-        await self.send(text_data=json.dumps({"message": message}))
+        await self.send(text_data=json.dumps({"message": event["message"]}))