[MRG] Merge pull request #430 from dfir-iris/develop

v2.4.6

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.4.5
+current_version = 2.4.6
 commit = True
 tag = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(-(?P<release>.*)-(?P<build>\d+))?

.github/workflows/ci.yml

@@ -0,0 +1,47 @@
+#  IRIS Source Code
+#  Copyright (C) 2023 - DFIR-IRIS
+#  [email protected]
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 3 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this program; if not, write to the Free Software Foundation,
+#  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+name: Continuous Integration
+on: push
+
+jobs:
+
+  tests:
+    name: API tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out iris
+        uses: actions/checkout@v4
+      - name: Build dockers
+        run: |
+          # TODO using the environment file from tests to build here. 
+          #      I am a bit uneasy with this choice.
+          #      For now this works, but if we come to have different .env files for different tests, it won't anymore.
+          #      Maybe the .env should be split to differentiate the variables used during the build from the variables used at runtime, 
+          #      or maybe the docker building phase should also be part of the tests 
+          #      and we should build different dockers according to the scenarios? This sounds like an issue to me...
+          cp tests/data/basic.env .env
+          docker-compose build
+      - name: Run tests
+        working-directory: tests
+        run: |
+          python -m venv venv
+          source venv/bin/activate
+          pip install -r requirements.txt
+          PYTHONUNBUFFERED=true python -m unittest --verbose
+

CODESTYLE.md

@@ -2,6 +2,29 @@
 
 If you wish to develop in DFIR-IRIS, please make sure to read the following tips.
 
+## Workflow
+
+- development is done on branch `develop`
+  ```
+  git switch develop
+  ```
+- safe and small modifications may be directly performed on branch `develop`
+- modifications which either imply more work or are risky, must be performed on a branch of their own
+  ```
+  git switch -c <branch-name>
+  git push --set-upstream origin <branch-name>
+  ```
+- when work on the branch is ready to be published, then a pull request (PR) is created from the github interface.
+  Do not forget to choose `develop` as the base branch (by default it is set to `master`,
+  more information [here](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request#changing-the-branch-range-and-destination-repository)).
+
+
+### Commits
+Try to follow the repository convention:
+
+- If it's not linked to an issue, use the format `[action] Commit message`, with `action` being a 3 letters action related to the commit, eg `ADD`for additions, `DEL` for deletions, `IMP` for improvements, etc.
+- If it's linked to an issue, prepend with the issue ID, i.e `[#issue_id][action] Commit message`
+
 ## License header
 
 New files should be prefixed by the following license header, where `${current_year}` is replaced by the current year
@@ -33,12 +56,6 @@ New files should be prefixed by the following license header, where `${current_y
 #!/usr/bin/env python3
 ```
 
-## Commits 
-Try to follow the repository convention : 
-
-- If it's not linked to an issue, use the format `[action] Commit message`, with `action` being a 3 letters action related to the commit, eg `ADD`for additions, `DEL` for deletions, `IMP` for improvements, etc.
-- If it's linked to an issue, prepend with the issue ID, i.e `[#issue_id][action] Commit message` 
-
 ## Code
 The code should be pretty easy to apprehend. It's not perfect but it will improve over time.   
 Some documentation about development is available [here](https://docs.dfir-iris.org/development/).   

README.md

@@ -6,7 +6,7 @@
 <p align="center">
   Incident Response Investigation System
   <br>
-  <i>Current Version v2.4.5</i>
+  <i>Current Version v2.4.6</i>
   <br>
   <a href="https://v200.beta.dfir-iris.org">Online Demonstration</a>
 </p>
@@ -52,7 +52,7 @@ git clone https://github.com/dfir-iris/iris-web.git
 cd iris-web
 
 # Checkout to the last tagged version 
-git checkout v2.4.5
+git checkout v2.4.6
 
 # Copy the environment file 
 cp .env.model .env

docker-compose.yml

@@ -20,14 +20,15 @@ services:
   rabbitmq:
       image: rabbitmq:3-management-alpine
       container_name: iriswebapp_rabbitmq
+      restart: always
       networks:
         - iris_backend
 
   db:
     build:
       context: docker/db
     container_name: iriswebapp_db
-    image: iriswebapp_db:v2.4.5
+    image: iriswebapp_db:v2.4.6
     restart: always
     # Used for debugging purposes, should be deleted for production
     ports:
@@ -47,7 +48,7 @@ services:
     build:
       context: .
       dockerfile: docker/webApp/Dockerfile
-    image: iriswebapp_app:v2.4.5
+    image: iriswebapp_app:v2.4.6
     container_name: iriswebapp_app
     command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
     volumes:
@@ -85,8 +86,9 @@ services:
     build:
       context: .
       dockerfile: docker/webApp/Dockerfile
-    image: iriswebapp_app:v2.4.5
+    image: iriswebapp_app:v2.4.6
     container_name: iriswebapp_worker
+    restart: always
     command: ['./wait-for-iriswebapp.sh', 'app:8000', './iris-entrypoint.sh', 'iris-worker']
     volumes:
       - ./certificates/rootCA/irisRootCACert.pem:/etc/irisRootCACert.pem:ro
@@ -121,7 +123,7 @@ services:
       args:
         NGINX_CONF_GID: 1234
         NGINX_CONF_FILE: nginx.conf
-    image: iriswebapp_nginx:v2.4.5
+    image: iriswebapp_nginx:v2.4.6
     container_name: iriswebapp_nginx
     environment:
       - IRIS_UPSTREAM_SERVER
@@ -137,7 +139,7 @@ services:
       - "${INTERFACE_HTTPS_PORT:-443}:${INTERFACE_HTTPS_PORT:-443}"
     volumes:
       - "./certificates/web_certificates/:/www/certs/:ro"
-    restart: on-failure:5
+    restart: always
     depends_on:
       - "app"
 

docker/db/Dockerfile

@@ -17,6 +17,6 @@
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 
-FROM postgres:12-alpine
+FROM postgres:16-alpine
 
 COPY create_user.sh   /docker-entrypoint-initdb.d/10-create_user.sh

source/app/__init__.py

@@ -90,6 +90,8 @@ def ac_current_user_has_manage_perms():
 app.jinja_env.filters['escape_dots'] = lambda u: u.replace('.', '[.]')
 app.jinja_env.globals.update(user_has_perm=ac_current_user_has_permission)
 app.jinja_env.globals.update(user_has_manage_perms=ac_current_user_has_manage_perms)
+app.jinja_options["autoescape"] = lambda _: True
+app.jinja_env.autoescape = True
 
 app.config.from_object('app.configuration.Config')
 

source/app/alembic/versions/9e4947a207a6_add_modification_history_to_case_objects.py

@@ -0,0 +1,40 @@
+"""Add modification history to case objects
+
+Revision ID: 9e4947a207a6
+Revises: 35c095f8be2b
+Create Date: 2024-02-16 15:22:17.780516
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+from app.alembic.alembic_utils import _table_has_column
+
+# revision identifiers, used by Alembic.
+revision = '9e4947a207a6'
+down_revision = '35c095f8be2b'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    tables = ['ioc', 'case_assets', 'case_received_file', 'case_tasks', 'notes', 'cases_events']
+    for table in tables:
+        if not _table_has_column(table, 'modification_history'):
+            op.add_column(table,
+                          sa.Column('modification_history', sa.JSON)
+                          )
+            t_ua = sa.Table(
+                table,
+                sa.MetaData(),
+                sa.Column('modification_history', sa.JSON)
+            )
+            conn = op.get_bind()
+            conn.execute(t_ua.update().values(
+                modification_history={}
+            ))
+    pass
+
+
+def downgrade():
+    pass

source/app/blueprints/alerts/alerts_routes.py

@@ -241,6 +241,9 @@ def alerts_get_route(caseid, alert_id) -> Response:
     if alert is None:
         return response_error('Alert not found')
 
+    if not user_has_client_access(current_user.id, alert.alert_customer_id):
+        return response_error('Alert not found')
+
     alert_dump = alert_schema.dump(alert)
 
     # Get similar alerts
@@ -271,6 +274,9 @@ def alerts_similarities_route(caseid, alert_id) -> Response:
     if alert is None:
         return response_error('Alert not found')
 
+    if not user_has_client_access(current_user.id, alert.alert_customer_id):
+        return response_error('Alert not found')
+
     open_alerts = request.args.get('open-alerts', 'false').lower() == 'true'
     open_cases = request.args.get('open-cases', 'false').lower() == 'true'
     closed_cases = request.args.get('closed-cases', 'false').lower() == 'true'
@@ -312,6 +318,9 @@ def alerts_update_route(alert_id, caseid) -> Response:
     if not alert:
         return response_error('Alert not found')
 
+    if not user_has_client_access(current_user.id, alert.alert_customer_id):
+        return response_error('User not entitled to update alerts for the client', status=403)
+
     alert_schema = AlertSchema()
 
     do_resolution_hook = False
@@ -339,10 +348,6 @@ def alerts_update_route(alert_id, caseid) -> Response:
 
                 activity_data.append(f"\"{key}\"")
 
-        # Check if the user has access to the client
-        if not user_has_client_access(current_user.id, alert.alert_customer_id):
-            return response_error('User not entitled to update alerts for the client', status=403)
-
         # Deserialize the JSON data into an Alert object
         updated_alert = alert_schema.load(data, instance=alert, partial=True)
         if data.get('alert_owner_id') is None and updated_alert.alert_owner_id is None:
@@ -922,6 +927,9 @@ def alert_comment_modal(cur_id, caseid, url_redir):
     if not alert:
         return response_error('Invalid alert ID')
 
+    if not user_has_client_access(current_user.id, alert.alert_customer_id):
+        return response_error('User not entitled to update alerts for the client', status=403)
+
     return render_template("modal_conversation.html", element_id=cur_id, element_type='alerts',
                            title=f" alert #{alert.alert_id}")
 

source/app/blueprints/case/case_notes_routes.py

@@ -48,7 +48,7 @@
 from app.schema.marshables import CaseNoteDirectorySchema
 from app.schema.marshables import CaseNoteSchema
 from app.schema.marshables import CommentSchema
-from app.util import ac_api_case_requires, ac_socket_requires, endpoint_deprecated
+from app.util import ac_api_case_requires, ac_socket_requires, endpoint_deprecated, add_obj_history_entry
 from app.util import ac_case_requires
 from app.util import response_error
 from app.util import response_success
@@ -168,6 +168,7 @@ def case_note_save(cur_id, caseid):
         note.update_date = datetime.utcnow()
         note.user_id = current_user.id
 
+        add_obj_history_entry(note, 'updated note', commit=True)
         note = call_modules_hook('on_postload_note_update', data=note, caseid=caseid)
 
     except marshmallow.exceptions.ValidationError as e:
@@ -202,6 +203,8 @@ def case_note_add(caseid):
         db.session.add(new_note)
         db.session.commit()
 
+        add_obj_history_entry(new_note, 'created note', commit=True)
+
         new_note = call_modules_hook('on_postload_note_create', data=new_note, caseid=caseid)
 
         if new_note:

source/app/blueprints/case/case_timeline_routes.py

@@ -59,6 +59,7 @@
 from app.datamgmt.states import update_timeline_state
 from app.forms import CaseEventForm
 from app.iris_engine.module_handler.module_handler import call_modules_hook
+from app.iris_engine.utils.collab import collab_notify
 from app.iris_engine.utils.common import parse_bf_date_format
 from app.iris_engine.utils.tracker import track_activity
 from app.models import CompromiseStatus
@@ -682,6 +683,8 @@ def case_delete_event(cur_id, caseid):
 
     call_modules_hook('on_postload_event_delete', data=cur_id, caseid=caseid)
 
+    collab_notify(caseid, 'events', 'deletion', cur_id)
+
     track_activity(f"deleted event \"{event.event_title}\" in timeline", caseid)
 
     return response_success('Event ID {} deleted'.format(cur_id))
@@ -697,6 +700,8 @@ def event_flag(cur_id, caseid):
     event.event_is_flagged = not event.event_is_flagged
     db.session.commit()
 
+    collab_notify(caseid, 'events', 'flagged' if event.event_is_flagged else "un-flagged", cur_id)
+
     return response_success("Event flagged" if event.event_is_flagged else "Event unflagged", data=event)
 
 
@@ -804,7 +809,14 @@ def case_edit_event(cur_id, caseid):
         event = call_modules_hook('on_postload_event_update', data=event, caseid=caseid)
 
         track_activity(f"updated event \"{event.event_title}\"", caseid=caseid)
-        return response_success("Event updated", data=event_schema.dump(event))
+        event_dump = event_schema.dump(event)
+        collab_notify(case_id=caseid,
+                      object_type='events',
+                      action_type='updated',
+                      object_id=cur_id,
+                      object_data=event_dump)
+
+        return response_success("Event updated", data=event_dump)
 
     except marshmallow.exceptions.ValidationError as e:
         return response_error(msg="Data error", data=e.normalized_messages(), status=400)