From c8d468a4ac9eb842fefe886f0c86e7eef43e9da6 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 08:29:07 +0000
Subject: [PATCH 01/16] add filter username in stopform

---
 embark/dashboard/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/embark/dashboard/views.py b/embark/dashboard/views.py
index 5f947a84..b91afa87 100644
--- a/embark/dashboard/views.py
+++ b/embark/dashboard/views.py
@@ -78,7 +78,7 @@ def service_dashboard(request):
     :return httpresp: html servicedashboard
     """
     form = StopAnalysisForm()
-    form.fields['analysis'].queryset = FirmwareAnalysis.objects.filter(finished=False)
+    form.fields['analysis'].queryset = FirmwareAnalysis.objects.filter(user=request.user).filter(finished=False)
     return render(request, 'dashboard/serviceDashboard.html', {'username': request.user.username, 'form': form, 'success_message': False})
 
 

From 1c21378ed22258402f06ec0b5bccfe3d51de97aa Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 08:53:35 +0000
Subject: [PATCH 02/16] seperate further

---
 embark/dashboard/views.py | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/embark/dashboard/views.py b/embark/dashboard/views.py
index b91afa87..5444bdad 100644
--- a/embark/dashboard/views.py
+++ b/embark/dashboard/views.py
@@ -27,7 +27,7 @@
 @login_required(login_url='/' + settings.LOGIN_URL)
 def main_dashboard(request):
     if request.user.is_authenticated:
-        if FirmwareAnalysis.objects.filter(finished=True, failed=False).count() > 0 and Result.objects.all().count() > 0:
+        if FirmwareAnalysis.objects.filter(finished=True, failed=False).count() > 0 and Result.objects.filter(restricted=False).count() > 0:
             return render(request, 'dashboard/mainDashboard.html', {'nav_switch': True, 'username': request.user.username})
         messages.info(request, "Redirected - There are no Results to display yet")
         return redirect('embark-uploader-home')
@@ -50,18 +50,21 @@ def stop_analysis(request):
         logger.debug("Posted Form is valid")
         # get id
         analysis = form.cleaned_data['analysis']
-        logger.info("Stopping analysis with id %s", analysis.id)
-        pid = FirmwareAnalysis.objects.get(id=analysis.id).pid
+        analysis_object_ = FirmwareAnalysis.objects.get(id=analysis.id)
+        # check if user auth
+        if request.user != analysis_object_.user:
+            return HttpResponseForbidden("You are not authorized!")
+        logger.info("Stopping analysis with id %s", analysis_object_.id)
+        pid = analysis_object_.pid
         logger.debug("PID is %s", pid)
         try:
             BoundedExecutor.submit_kill(analysis.id)
             os.killpg(os.getpgid(pid), signal.SIGTERM)  # kill proc group too
             form = StopAnalysisForm()
-            form.fields['analysis'].queryset = FirmwareAnalysis.objects.filter(finished=False)
+            form.fields['analysis'].queryset = FirmwareAnalysis.objects.filter(user=request.user).filter(finished=False)
             return render(request, 'dashboard/serviceDashboard.html', {'username': request.user.username, 'form': form, 'success_message': True, 'message': "Stopped successfully"})
         except builtins.Exception as error:
             logger.error("Error %s", error)
-            analysis_object_ = FirmwareAnalysis.objects.get(id=analysis.id)
             analysis_object_.failed = True
             analysis_object_.save(update_fields=["failed"])
             return HttpResponseServerError("Failed to stop process, but set its status to failed. Please handle EMBA process manually: PID=" + str(pid))
@@ -92,7 +95,7 @@ def report_dashboard(request):
 
     :return: rendered ReportDashboard
     """
-    firmwares = FirmwareAnalysis.objects.all()
+    firmwares = FirmwareAnalysis.objects.filter(hidden=False)
     return render(request, 'dashboard/reportDashboard.html', {'firmwares': firmwares, 'username': request.user.username})
 
 
@@ -122,6 +125,9 @@ def show_log(request, analysis_id):
     """
     logger.info("showing log for analyze_id: %s", analysis_id)
     firmware = FirmwareAnalysis.objects.get(id=analysis_id)
+    # check if user auth
+    if request.user != firmware.user:
+        return HttpResponseForbidden("You are not authorized!")
     # get the file path
     log_file_path_ = f"{Path(firmware.path_to_logs).parent}/emba_run.log"
     logger.debug("Taking file at %s and render it", log_file_path_)
@@ -145,6 +151,9 @@ def show_logviewer(request, analysis_id):
 
     logger.info("showing log viewer for analyze_id: %s", analysis_id)
     firmware = FirmwareAnalysis.objects.get(id=analysis_id)
+    # check if user auth
+    if request.user != firmware.user:
+        return HttpResponseForbidden("You are not authorized!")
     # get the file path
     log_file_path_ = f"{Path(firmware.path_to_logs).parent}/emba_run.log"
     logger.debug("Taking file at %s and render it", log_file_path_)
@@ -200,6 +209,9 @@ def archive_analysis(request, analysis_id):
     """
     logger.info("Archiving Analysis with id: %s", analysis_id)
     analysis = FirmwareAnalysis.objects.get(id=analysis_id)
+    # check if user auth
+    if request.user != analysis.user and not request.user.is_superuser:
+        return HttpResponseForbidden("You are not authorized!")
     if analysis.zip_file is None:
         # make archive for uuid
         _ = make_zip(request, analysis_id)

From ed510dc9d978c84eba5a0914a7d450bc84bb7bd2 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 09:34:04 +0000
Subject: [PATCH 03/16] add hide button and seperate further

---
 embark/dashboard/urls.py                      |  1 +
 embark/dashboard/views.py                     | 20 ++++++++++++-
 .../templates/dashboard/reportDashboard.html  | 29 ++++++++++++++++++-
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/embark/dashboard/urls.py b/embark/dashboard/urls.py
index 2cbe1417..4613d8dc 100644
--- a/embark/dashboard/urls.py
+++ b/embark/dashboard/urls.py
@@ -10,6 +10,7 @@
     path('dashboard/report/', views.report_dashboard, name='embark-ReportDashboard'),
     path('dashboard/report/deleteAnalysis/<uuid:analysis_id>', views.delete_analysis, name='embark-dashboard-delete-analysis'),
     path('dashboard/report/archive/<uuid:analysis_id>', views.archive_analysis, name='embark-dashboard-archive'),
+    path('dashboard/report/hide/<uuid:analysis_id>', views.hide_analysis, name='embark-dashboard-hide'),
     path('dashboard/individualReport/<uuid:analysis_id>', views.individual_report_dashboard, name='embark-IndividualReportDashboard'),
     path('dashboard/stop/', views.stop_analysis, name='embark-stop-analysis'),
     path('dashboard/log/<uuid:analysis_id>', views.show_log, name='embark-show-log'),
diff --git a/embark/dashboard/views.py b/embark/dashboard/views.py
index 5444bdad..1a11ef17 100644
--- a/embark/dashboard/views.py
+++ b/embark/dashboard/views.py
@@ -95,7 +95,8 @@ def report_dashboard(request):
 
     :return: rendered ReportDashboard
     """
-    firmwares = FirmwareAnalysis.objects.filter(hidden=False)
+    # show all not hidden by others and ALL of your own
+    firmwares = (FirmwareAnalysis.objects.filter(hidden=False) | FirmwareAnalysis.objects.filter(user=request.user)).distinct()
     return render(request, 'dashboard/reportDashboard.html', {'firmwares': firmwares, 'username': request.user.username})
 
 
@@ -219,3 +220,20 @@ def archive_analysis(request, analysis_id):
     analysis.archived = True
     analysis.save(update_fields=["archived"])
     return redirect('..')
+
+
+@login_required(login_url='/' + settings.LOGIN_URL)
+@require_http_methods(["GET"])
+def hide_analysis(request, analysis_id):
+    """
+    hides the analysis
+    checks user
+    """
+    logger.info("Hiding Analysis with id: %s", analysis_id)
+    analysis = FirmwareAnalysis.objects.get(id=analysis_id)
+    # check if user auth
+    if request.user != analysis.user and not request.user.is_superuser:
+        return HttpResponseForbidden("You are not authorized!")
+    analysis.hidden = True
+    analysis.save(update_fields=["hidden"])
+    return redirect('..')
diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index 32011cea..fe3aa6c6 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -62,6 +62,11 @@
                             <td>
                                 <!--ButtonRow with menue-->
                                 <div class="buttonRow">
+                                    {% if firmware.hidden is False %}
+                                        <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#Hide-{{ firmware.id }}">
+                                            Hide Analysis
+                                        </button>
+                                    {% endif %}
                                     {% if firmware.finished is False %}
                                         {% if firmware.failed is True %}
                                             <button class="btn btn-primary" type="button" disabled>
@@ -137,7 +142,7 @@ <h5 class="modal-title" id="DeleteModal-{{ firmware.id }}-Label">Delete Analysis
                                                 <div class="modal-footer">
                                                     <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">NO</button>
 
-                                                    <form action="{% url 'embark-dashboard-delete-analysis' firmware.id %}" method="get" id="delete-form-{{ firmware.id }}">
+                                                    <form action={% url 'embark-dashboard-delete-analysis' firmware.id %} method="get" id="delete-form-{{ firmware.id }}">
                                                         <button type="submit" class="btn btn-primary">YES</button>
                                                     </form>
 
@@ -145,6 +150,28 @@ <h5 class="modal-title" id="DeleteModal-{{ firmware.id }}-Label">Delete Analysis
                                             </div>
                                         </div>
                                     </div>
+                                    <div class="modal fade" id="#Hide-{{ firmware.id }}" tabindex="-1" role="dialog" aria-hidden="true">
+                                        <div class="modal-dialog" role="document">
+                                            <div class="modal-content">
+                                                <div class="modal-header">
+                                                    <h5 class="modal-title" id="#Hide-{{ firmware.id }}-Label">Hide {{ firmware.id }}</h5>
+                                                    <button type="button" class="close" data-bs-dismiss="modal" aria-label="Close">
+                                                        <span aria-hidden="true">Close</span>
+                                                    </button>
+                                                </div>
+                                                <div class="modal-body">
+                                                    Are you sure you want to hide this analysis of {{ firmware.firmware_name }}?
+                                                    -- This will make the analysis inaccessible for others!
+                                                </div>
+                                                <div class="modal-footer">
+                                                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">NO</button>
+                                                    <form action={% url 'embark-dashboard-hide' firmware.id %} method='get' id="hide-form-{{ firmware.id }}">
+                                                        <button type="submit" class="btn btn-primary" >YES</button>
+                                                    </form>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
                                 </div>  
                             </td>
                         </tr>

From 646a295711686949ad41959c38bdc7f1340a2985 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 10:27:54 +0000
Subject: [PATCH 04/16] add user seperation to uploader views

---
 embark/uploader/views.py | 41 ++++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 18 deletions(-)

diff --git a/embark/uploader/views.py b/embark/uploader/views.py
index a28acd3a..aa5a291f 100644
--- a/embark/uploader/views.py
+++ b/embark/uploader/views.py
@@ -1,10 +1,9 @@
-# pylint: disable=W0613,C0206
 import logging
 import os
 
 from django.conf import settings
 from django.shortcuts import render
-from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseServerError
+from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, HttpResponseServerError
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.http import require_http_methods
 from django.contrib import messages
@@ -23,8 +22,9 @@
 @login_required(login_url='/' + settings.LOGIN_URL)
 @require_http_methods(["GET"])
 def uploader_home(request):
-    if FirmwareFile.objects.all().count() > 0:
-        analysis_form = FirmwareAnalysisForm(initial={'firmware': FirmwareFile.objects.latest('upload_date')})
+    req_logger.info("User %s called uploader_home", request.user.username)
+    if FirmwareFile.objects.filter(user=request.user).count() > 0:
+        analysis_form = FirmwareAnalysisForm(initial={'firmware': FirmwareFile.objects.filter(user=request.user).latest('upload_date')})
         device_form = DeviceForm()
         label_form = LabelForm()
         vendor_form = VendorForm()
@@ -47,6 +47,7 @@ def save_file(request):
 
     :return: HttpResponse including the status
     """
+    req_logger.info("User %s called save_file", request.user.username)
     logger.info("User %s tryied to upload %s", request.user.username, request.FILES.getlist('file'))
     for file in request.FILES.getlist('file'):      # FIXME determin usecase for multi-file-upload in one request
         firmware_file = FirmwareFile.objects.create(file=file)
@@ -59,6 +60,7 @@ def save_file(request):
 @require_http_methods(["POST"])
 @login_required(login_url='/' + settings.LOGIN_URL)
 def device_setup(request):
+    req_logger.info("User %s called device_setup", request.user.username)
     # TODO redirect is static ? change to 200
     form = DeviceForm(request.POST)
     if form.is_valid():
@@ -80,6 +82,7 @@ def device_setup(request):
 @require_http_methods(["POST"])
 @login_required(login_url='/' + settings.LOGIN_URL)
 def vendor(request):
+    req_logger.info("User %s called vendor", request.user.username)
     form = VendorForm(request.POST)
     if form.is_valid():
         logger.info("User %s tryied to create vendor %s", request.user.username, request.POST['vendor_name'])
@@ -98,6 +101,7 @@ def vendor(request):
 @require_http_methods(["POST"])
 @login_required(login_url='/' + settings.LOGIN_URL)
 def label(request):
+    req_logger.info("User %s called label", request.user.username)
     form = LabelForm(request.POST)
     if form.is_valid():
         logger.info("User %s tryied to create label %s", request.user.username, request.POST['label_name'])
@@ -128,24 +132,22 @@ def start_analysis(request):
     Returns: redirect
 
     """
+    req_logger.info("User %s called start_analysis", request.user.username)
     if request.method == 'POST':
         form = FirmwareAnalysisForm(request.POST)
-        logger.debug("Form: %s", form.is_valid())
         logger.debug("Form: %s", form.errors)
         if form.is_valid():
-            logger.debug("Posted Form is valid")
             logger.info("Starting analysis with %s", form.Meta.model.id)
-
             new_analysis = form.save(commit=False)
-            new_analysis.user = request.user
+            # get the id of the firmware-file to submit
+            new_firmware_file = FirmwareFile.objects.get(id=new_analysis.firmware.id)
+            logger.debug("Firmware file: %s", new_firmware_file)
+            if request.user != new_firmware_file.user and not request.user.is_superuser:
+                return HttpResponseForbidden("You are not authorized!")
+            new_analysis.user = new_firmware_file.user
             logger.debug(" FILE_NAME is %s", new_analysis.firmware.file.name)
             new_analysis.firmware_name = os.path.basename(new_analysis.firmware.file.name)
             new_analysis = form.save()
-
-            # get the id of the firmware-file to submit
-            new_firmware_file = FirmwareFile.objects.get(id=new_analysis.firmware.id)
-            logger.info("Firmware file: %s", new_firmware_file)
-
             # inject into bounded Executor
             if BoundedExecutor.submit_firmware(firmware_flags=new_analysis, firmware_file=new_firmware_file):
                 return redirect('embark-dashboard-service')
@@ -153,8 +155,8 @@ def start_analysis(request):
             return HttpResponseServerError("Queue full")
         logger.error("Form invalid %s", request.POST)
         return HttpResponseBadRequest("Bad Request")
-    if FirmwareFile.objects.all().count() > 0:
-        analysis_form = FirmwareAnalysisForm(initial={'firmware': FirmwareFile.objects.latest('upload_date')})
+    if FirmwareFile.objects.filter(user=request.user).count() > 0:
+        analysis_form = FirmwareAnalysisForm(initial={'firmware': FirmwareFile.objects.filter(user=request.user).latest('upload_date')})
         return render(request, 'uploader/index.html', {'analysis_form': analysis_form})
     analysis_form = FirmwareAnalysisForm()
     device_form = DeviceForm()
@@ -166,8 +168,9 @@ def start_analysis(request):
 @require_http_methods(["GET"])
 @login_required(login_url='/' + settings.LOGIN_URL)
 def manage_file(request):
-    if FirmwareFile.objects.all().count() > 0:
-        form = DeleteFirmwareForm(initial={'firmware': FirmwareFile.objects.latest('upload_date').id})
+    req_logger.info("User %s called manage_file", request.user.username)
+    if FirmwareFile.objects.filter(user=request.user).count() > 0:
+        form = DeleteFirmwareForm(initial={'firmware': FirmwareFile.objects.filter(user=request.user).latest('upload_date').id})
         return render(request, 'uploader/manage.html', {'delete_form': form})
     form = DeleteFirmwareForm()
     return render(request, 'uploader/manage.html', {'delete_form': form})
@@ -184,6 +187,7 @@ def delete_fw_file(request):
 
     :return: HttpResponse including the status
     """
+    req_logger.info("User %s called delete_fw_file", request.user.username)
     form = DeleteFirmwareForm(request.POST)
 
     if form.is_valid():
@@ -191,7 +195,8 @@ def delete_fw_file(request):
 
         # get relevant data
         firmware_file = form.cleaned_data['firmware']
-        # if firmware_file.user is request.user:
+        if request.user != firmware_file.user and not request.user.is_superuser:
+            return HttpResponseForbidden("You are not authorized!")
         firmware_file.delete()
         messages.info(request, 'delete successful.')
         return redirect('..')

From fb700bb5e08b2c2d72bf27e9928efdcfe5aa8b19 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 11:28:24 +0000
Subject: [PATCH 05/16] add label column

---
 embark/templates/dashboard/reportDashboard.html | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index fe3aa6c6..2c9a7e57 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -28,6 +28,7 @@
                         <th scope="col">Version</th>
                         <th scope="col">Start Date</th>
                         <th scope="col">End Date</th>
+                        <th scope="col">Labels</th>
                         <th data-orderable="false" data-priority="1" scope="col">Actions</th>
                     </tr>
                     </thead>
@@ -46,11 +47,10 @@
                                 {% endfor %}
                             </td>
                             <td>{{ firmware.version }}</td>
-                            
-                            <td>{{ firmware.start_date}}</td>
+                            <td>{{ firmware.start_date }}</td>
                             <td>
                                 {% if firmware.end_date is not None %}
-                                    {{ firmware.end_date}}
+                                    {{ firmware.end_date }}
                                 {% else %}
                                     <form action={% url 'embark-show-logviewer' firmware.id %} method='get'>
                                         <button type="submit" class="btn btn-primary">
@@ -59,6 +59,14 @@
                                     </form>
                                 {% endif %}   
                             </td>
+                            <td>
+                                {% if firmware.archived is True %}
+                                    <button class="btn btn-primary" type="button" disabled>
+                                        <span class="badge badge-danger">Archived</span>
+                                    </button>
+                                {% endif %}
+                                <!--TODO {{ firmware.labels() }}-->
+                            </td>
                             <td>
                                 <!--ButtonRow with menue-->
                                 <div class="buttonRow">

From 149bb2b6c22d051d8a0558e1a36b8db9e68ab6db Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 12:57:51 +0000
Subject: [PATCH 06/16] fix issue of not using instance for http response

---
 embark/porter/views.py   | 2 +-
 embark/reporter/views.py | 4 ++--
 embark/tracker/views.py  | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/embark/porter/views.py b/embark/porter/views.py
index ac9cbd79..b176400f 100644
--- a/embark/porter/views.py
+++ b/embark/porter/views.py
@@ -88,7 +88,7 @@ def import_read(request):
         messages.error(request, 'import failed')
         return redirect('..')
     messages.error(request, 'form invalid')
-    return HttpResponseBadRequest
+    return HttpResponseBadRequest("invalid form")
 
 
 @login_required(login_url='/' + settings.LOGIN_URL)
diff --git a/embark/reporter/views.py b/embark/reporter/views.py
index d59dc7f8..98fbcc13 100644
--- a/embark/reporter/views.py
+++ b/embark/reporter/views.py
@@ -46,7 +46,7 @@ def html_report(request, analysis_id, html_file):
             logger.debug("html_report - analysis_id: %s html_file: %s", analysis_id, html_file)
             return HttpResponse(html_body.render({'embarkBackUrl': reverse('embark-ReportDashboard')}))
     logger.error("could  not get template - %s", request)
-    return HttpResponseBadRequest
+    return HttpResponseBadRequest("Bad Request")
 
 
 @require_http_methods(["GET"])
@@ -60,7 +60,7 @@ def html_report_path(request, analysis_id, html_path, html_file):
             logger.debug("html_report - analysis_id: %s path: %s html_file: %s", analysis_id, html_path, html_file)
             return HttpResponse(html_body.render({'embarkBackUrl': reverse('embark-ReportDashboard')}))
     logger.error("could  not get path - %s", request)
-    return HttpResponseBadRequest
+    return HttpResponseBadRequest("Bad Request")
 
 
 @require_http_methods(["GET"])
diff --git a/embark/tracker/views.py b/embark/tracker/views.py
index 5226d023..aa218fd8 100644
--- a/embark/tracker/views.py
+++ b/embark/tracker/views.py
@@ -118,7 +118,7 @@ def get_report_for_device(request, device_id):
         return render(request=request, template_name='tracker/device.html', context={'username': request.user.username, 'device_id': device_id, 'device': device, 'labels': label_list, 'data': data})
     logger.error("device id nonexistent: %s", device_id)
     logger.error("could  not get template - %s", request)
-    return HttpResponseBadRequest
+    return HttpResponseBadRequest("Bad Request")
 
 
 @require_http_methods(["GET"])
@@ -133,7 +133,7 @@ def tracker_time(request, time):
             data.append(Device.objects.filter(device_vendor=_vendor).count())
         device_table = SimpleDeviceTable(data=Device.objects.all(), template_name="django_tables2/bootstrap-responsive.html")
         return render(request=request, template_name='tracker/index.html', context={'username': request.user.username, 'table': device_table, 'labels': label_list, 'data': data})
-    return HttpResponseBadRequest
+    return HttpResponseBadRequest("Bad Request")
 
 
 @require_http_methods(["POST"])

From d1b5e298d601b1b64e7fd690f49e4e02b0745718 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 13:05:38 +0000
Subject: [PATCH 07/16] don't render that!

---
 embark/templates/dashboard/reportDashboard.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index 2c9a7e57..ee9215d3 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -65,7 +65,7 @@
                                         <span class="badge badge-danger">Archived</span>
                                     </button>
                                 {% endif %}
-                                <!--TODO {{ firmware.labels() }}-->
+                                <!--TODO firmware.labels() -->
                             </td>
                             <td>
                                 <!--ButtonRow with menue-->

From fce73819acdc8fee98e227f9b5cca9c4cec50594 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Fri, 24 Nov 2023 13:29:03 +0000
Subject: [PATCH 08/16] move hide button into dropdown

---
 embark/templates/dashboard/reportDashboard.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index ee9215d3..b1caf437 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -70,11 +70,6 @@
                             <td>
                                 <!--ButtonRow with menue-->
                                 <div class="buttonRow">
-                                    {% if firmware.hidden is False %}
-                                        <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#Hide-{{ firmware.id }}">
-                                            Hide Analysis
-                                        </button>
-                                    {% endif %}
                                     {% if firmware.finished is False %}
                                         {% if firmware.failed is True %}
                                             <button class="btn btn-primary" type="button" disabled>
@@ -127,6 +122,11 @@
                                                 <form action={% url 'embark-show-logviewer' firmware.id %} method='get'>
                                                     <button type="submit" class="btn buttonRowElem" >View Log</button>
                                                 </form>
+                                                {% if firmware.hidden is False %}
+                                                    <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#Hide-{{ firmware.id }}">
+                                                        Hide Analysis
+                                                    </button>
+                                                {% endif %}
                                                 <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#DeleteModal-{{ firmware.id }}">
                                                     Delete Analysis
                                                 </button>

From 6fbf31a1dcd8245e7eaa76390febba6572ba8ae3 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Mon, 27 Nov 2023 09:12:53 +0000
Subject: [PATCH 09/16] rework buttons and add some messages

---
 embark/dashboard/views.py                     |   2 +
 .../templates/dashboard/reportDashboard.html  | 204 +++++++++---------
 2 files changed, 105 insertions(+), 101 deletions(-)

diff --git a/embark/dashboard/views.py b/embark/dashboard/views.py
index 1a11ef17..876e4fe5 100644
--- a/embark/dashboard/views.py
+++ b/embark/dashboard/views.py
@@ -219,6 +219,7 @@ def archive_analysis(request, analysis_id):
     analysis.do_archive()
     analysis.archived = True
     analysis.save(update_fields=["archived"])
+    messages.success(request, 'Analysis: ' + str(analysis_id) + ' successfully archived')
     return redirect('..')
 
 
@@ -236,4 +237,5 @@ def hide_analysis(request, analysis_id):
         return HttpResponseForbidden("You are not authorized!")
     analysis.hidden = True
     analysis.save(update_fields=["hidden"])
+    messages.success(request, 'Analysis: ' + str(analysis_id) + ' successfully hidden')
     return redirect('..')
diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index b1caf437..a67d6e9e 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -60,127 +60,129 @@
                                 {% endif %}   
                             </td>
                             <td>
-                                {% if firmware.archived is True %}
-                                    <button class="btn btn-primary" type="button" disabled>
-                                        <span class="badge badge-danger">Archived</span>
-                                    </button>
-                                {% endif %}
-                                <!--TODO firmware.labels() -->
+                                <div class="container">
+                                    {% if firmware.archived is True %}
+                                        <button class="btn btn-primary" type="button" disabled>
+                                            <span class="badge badge-danger">Archived</span>
+                                        </button>
+                                    {% elif firmware.failed is True %}
+                                        <button class="btn btn-primary" type="button" disabled>
+                                            <span class="badge badge-danger">Failed/Error</span>
+                                        </button>
+                                    {% endif %}
+                                    <!--TODO grid with firmware.labels() -->
+                                </div>
                             </td>
                             <td>
-                                <!--ButtonRow with menue-->
-                                <div class="buttonRow">
+                                <!--menue button-->
+                                <div class="btn-group dropup">
                                     {% if firmware.finished is False %}
                                         {% if firmware.failed is True %}
-                                            <button class="btn btn-primary" type="button" disabled>
-                                                <span class="badge badge-danger">Failed/Error</span>
+                                            <button type="button" class="btn btn-secondary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                                                <span class="badge badge-danger">Analysis Failed</span>
                                             </button>
-                                            <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#DeleteModal-{{ firmware.id }}">
-                                                Delete Analysis
+                                        {% else %}
+                                            <button type="button" class="btn btn-secondary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                                                <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
+                                                Loading...
                                             </button>
                                         {% endif %}
-                                        <button class="btn btn-primary" type="button" disabled>
-                                            <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
-                                            Loading...
-                                        </button>
                                     {% else %}
-                                        {% if firmware.failed is True %}
-                                            <button class="btn btn-primary" type="button" disabled>
-                                                <span class="badge badge-danger">Analysis Failed</span>
-                                            </button>
-                                        {% endif %}
-                                        <div class="btn-group dropup">
-                                            <button type="button" class="btn btn-secondary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                                        <button type="button" class="btn btn-secondary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                                             Action-Menue
-                                            </button>
-                                            <div class="dropdown-menu">
-                                                {% if firmware.failed is False %}
-                                                    {% if firmware.zip_file is not None %}
-                                                        <form action={% url 'embark-download' firmware.id %} method='get'>
-                                                            <button type="submit" class="btn buttonRowElem" >Download Logs</button>
-                                                        </form>
-                                                    {% elif firmware.archived is False %}
-                                                        <form action={% url 'embark-make-zip' firmware.id %} method='get'>
-                                                            <button type="submit" class="btn buttonRowElem" >Make Zip Logs</button>
-                                                        </form>
-                                                    {% endif %}
-                                                    <form action={% url 'embark-html-report' firmware.id 'index.html' %} method='get'>
-                                                        <button type="submit" class="btn buttonRowElem" >Open Report</button>
-                                                    </form>
-                                                    <form action={% url 'embark-IndividualReportDashboard' firmware.id %} method='get'>
-                                                        <button type="submit" class="btn buttonRowElem" >Detail View</button>
-                                                    </form>
-                                                    <form action={% url 'embark-uploader-home' %} method='get'>
-                                                        <button type="submit" class="btn buttonRowElem" >Rescan/delete</button>
-                                                    </form>
-                                                    {% if firmware.archived is False %}
-                                                        <form action={% url 'embark-dashboard-archive' firmware.id %} method='get'>
-                                                            <button type="submit" class="btn buttonRowElem" >Archive</button>
-                                                        </form>
-                                                    {% endif %}
-                                                {% endif %}
-                                                <form action={% url 'embark-show-logviewer' firmware.id %} method='get'>
-                                                    <button type="submit" class="btn buttonRowElem" >View Log</button>
+                                        </button>
+                                    {% endif %}
+
+                                    <!--menue-->
+                                    <div class="dropdown-menu">
+                                        {% if firmware.failed is False %}
+                                            {% if firmware.zip_file is not None %}
+                                                <form action={% url 'embark-download' firmware.id %} method='get'>
+                                                    <button type="submit" class="btn buttonRowElem" >Download Logs</button>
                                                 </form>
-                                                {% if firmware.hidden is False %}
-                                                    <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#Hide-{{ firmware.id }}">
-                                                        Hide Analysis
-                                                    </button>
-                                                {% endif %}
-                                                <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#DeleteModal-{{ firmware.id }}">
-                                                    Delete Analysis
+                                            {% elif firmware.archived is False %}
+                                                <form action={% url 'embark-make-zip' firmware.id %} method='get'>
+                                                    <button type="submit" class="btn buttonRowElem" >Make Zip Logs</button>
+                                                </form>
+                                            {% endif %}
+                                            <form action={% url 'embark-html-report' firmware.id 'index.html' %} method='get'>
+                                                <button type="submit" class="btn buttonRowElem" >Open Report</button>
+                                            </form>
+                                            <form action={% url 'embark-IndividualReportDashboard' firmware.id %} method='get'>
+                                                <button type="submit" class="btn buttonRowElem" >Detail View</button>
+                                            </form>
+                                            <form action={% url 'embark-uploader-home' %} method='get'>
+                                                <button type="submit" class="btn buttonRowElem" >Rescan/delete</button>
+                                            </form>
+                                            {% if firmware.archived is False %}
+                                                <form action={% url 'embark-dashboard-archive' firmware.id %} method='get'>
+                                                    <button type="submit" class="btn buttonRowElem" >Archive</button>
+                                                </form>
+                                            {% endif %}
+                                        {% endif %}
+                                        <form action={% url 'embark-show-logviewer' firmware.id %} method='get'>
+                                            <button type="submit" class="btn buttonRowElem" >View Log</button>
+                                        </form>
+                                        {% if firmware.hidden is False %}
+                                            <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#HideModal-{{ firmware.id }}">
+                                                Hide Analysis
+                                            </button>
+                                        {% endif %}
+                                        <button type="button" class="btn buttonRowElem btn-danger" data-bs-toggle="modal" data-bs-target="#DeleteModal-{{ firmware.id }}">
+                                            Delete Analysis
+                                        </button>
+                                    </div>
+                                </div>
+
+
+
+                                <!-- Modals -->
+                                <div class="modal fade" id="DeleteModal-{{ firmware.id }}" tabindex="-1" role="dialog" aria-hidden="true">
+                                    <div class="modal-dialog" role="document">
+                                        <div class="modal-content">
+                                            <div class="modal-header">
+                                                <h5 class="modal-title" id="DeleteModal-{{ firmware.id }}-Label">Delete Analysis {{ firmware.id }}</h5>
+                                                <button type="button" class="close" data-bs-dismiss="modal" aria-label="Close">
+                                                    <span aria-hidden="true">Close</span>
                                                 </button>
                                             </div>
-                                        </div>
-                                    {% endif %}
-                                    <!-- Modals -->
-                                    <div class="modal fade" id="DeleteModal-{{ firmware.id }}" tabindex="-1" role="dialog" aria-hidden="true">
-                                        <div class="modal-dialog" role="document">
-                                            <div class="modal-content">
-                                                <div class="modal-header">
-                                                    <h5 class="modal-title" id="DeleteModal-{{ firmware.id }}-Label">Delete Analysis {{ firmware.id }}</h5>
-                                                    <button type="button" class="close" data-bs-dismiss="modal" aria-label="Close">
-                                                        <span aria-hidden="true">Close</span>
-                                                    </button>
-                                                </div>
-                                                <div class="modal-body">
-                                                    Are you sure you want to delete this analysis of {{ firmware.firmware_name }}?
-                                                    -- if the analysis is archived already, this will delete it from the archives,too!
-                                                </div>
-                                                <div class="modal-footer">
-                                                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">NO</button>
+                                            <div class="modal-body">
+                                                Are you sure you want to delete this analysis of {{ firmware.firmware_name }}?
+                                                -- if the analysis is archived already, this will delete it from the archives,too!
+                                            </div>
+                                            <div class="modal-footer">
+                                                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">NO</button>
 
-                                                    <form action={% url 'embark-dashboard-delete-analysis' firmware.id %} method="get" id="delete-form-{{ firmware.id }}">
-                                                        <button type="submit" class="btn btn-primary">YES</button>
-                                                    </form>
+                                                <form action={% url 'embark-dashboard-delete-analysis' firmware.id %} method="get" id="delete-form-{{ firmware.id }}">
+                                                    <button type="submit" class="btn btn-primary">YES</button>
+                                                </form>
 
-                                                </div>
                                             </div>
                                         </div>
                                     </div>
-                                    <div class="modal fade" id="#Hide-{{ firmware.id }}" tabindex="-1" role="dialog" aria-hidden="true">
-                                        <div class="modal-dialog" role="document">
-                                            <div class="modal-content">
-                                                <div class="modal-header">
-                                                    <h5 class="modal-title" id="#Hide-{{ firmware.id }}-Label">Hide {{ firmware.id }}</h5>
-                                                    <button type="button" class="close" data-bs-dismiss="modal" aria-label="Close">
-                                                        <span aria-hidden="true">Close</span>
-                                                    </button>
-                                                </div>
-                                                <div class="modal-body">
-                                                    Are you sure you want to hide this analysis of {{ firmware.firmware_name }}?
-                                                    -- This will make the analysis inaccessible for others!
-                                                </div>
-                                                <div class="modal-footer">
-                                                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">NO</button>
-                                                    <form action={% url 'embark-dashboard-hide' firmware.id %} method='get' id="hide-form-{{ firmware.id }}">
-                                                        <button type="submit" class="btn btn-primary" >YES</button>
-                                                    </form>
-                                                </div>
+                                </div>
+                                <div class="modal fade" id="HideModal-{{ firmware.id }}" tabindex="-1" role="dialog" aria-hidden="true">
+                                    <div class="modal-dialog" role="document">
+                                        <div class="modal-content">
+                                            <div class="modal-header">
+                                                <h5 class="modal-title" id="HideModal-{{ firmware.id }}-Label">Hide {{ firmware.id }}</h5>
+                                                <button type="button" class="close" data-bs-dismiss="modal" aria-label="Close">
+                                                    <span aria-hidden="true">Close</span>
+                                                </button>
+                                            </div>
+                                            <div class="modal-body">
+                                                Are you sure you want to hide this analysis of {{ firmware.firmware_name }}?
+                                                -- This will make the analysis inaccessible for others!
+                                            </div>
+                                            <div class="modal-footer">
+                                                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">NO</button>
+                                                <form action={% url 'embark-dashboard-hide' firmware.id %} method='get' id="hide-form-{{ firmware.id }}">
+                                                    <button type="submit" class="btn btn-primary" >YES</button>
+                                                </form>
                                             </div>
                                         </div>
                                     </div>
-                                </div>  
+                                </div>
                             </td>
                         </tr>
                     {% endfor %}

From 2c0d25cac8e37a581b8dd830926b3659bf9bc03e Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Mon, 27 Nov 2023 11:41:38 +0000
Subject: [PATCH 10/16] adjust to emba changes in dep check

---
 run-server.sh | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/run-server.sh b/run-server.sh
index c627ca30..2df3c155 100755
--- a/run-server.sh
+++ b/run-server.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # EMBArk - The firmware security scanning environment
 #
-# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2023 Siemens Energy AG
 # Copyright 2020-2022 Siemens AG
 #
 # EMBArk comes with ABSOLUTELY NO WARRANTY.
@@ -125,20 +125,8 @@ if ! [[ -d ./emba ]]; then
   echo -e "${RED}""${BOLD}""You are using the wrong installation and missing the EMBA subdirectory""${NC}"
 fi
 if ! (cd "${PWD}"/emba && ./emba -d 1); then
-  echo -e "${BLUE}""Trying auto-maintain""${NC}"
-  # automaintain
-  if ! [[ -d ./emba ]]; then
-    echo -e "${RED}""EMBA not installed""${NC}"
-    exit 1
-  fi
-  cd ./emba || exit 1
-  systemctl restart NetworkManager docker
-  ./emba -d 1 1>/dev/null
-  if [[ $? -eq 1 ]]; then
-    echo -e "${RED}""EMBA is not configured correctly""${NC}"
-    exit 1
-  fi
-  cd .. || exit 1
+  echo -e "${RED}""EMBA is not configured correctly""${NC}"
+  exit 1
 fi
 
 # check venv 
@@ -146,7 +134,7 @@ if ! [[ -d /var/www/.venv ]]; then
   echo -e "${RED}""${BOLD}""Pip-enviroment not found!""${NC}"
   exit 1
 fi
-if ! nc -zw1 google.com 443 &>/dev/null ; then
+if ! nc -zw1 pypi.org 443 &>/dev/null ; then
   (cd /var/www && pipenv check && pipenv verify)
 fi
 

From 9411f9059dae935ef4050b0ddb6c5cdb7b94e237 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Mon, 27 Nov 2023 15:33:50 +0000
Subject: [PATCH 11/16] add user check for emba report resources

---
 embark/reporter/views.py                      | 159 +++++++++---------
 .../templates/dashboard/reportDashboard.html  |   3 -
 2 files changed, 84 insertions(+), 78 deletions(-)

diff --git a/embark/reporter/views.py b/embark/reporter/views.py
index 98fbcc13..c261f01e 100644
--- a/embark/reporter/views.py
+++ b/embark/reporter/views.py
@@ -41,12 +41,13 @@ def html_report(request, analysis_id, html_file):
     report_path = Path(f'{settings.EMBA_LOG_ROOT}{request.path[10:]}')
     if FirmwareAnalysis.objects.filter(id=analysis_id).exists():
         analysis = FirmwareAnalysis.objects.get(id=analysis_id)
-        if analysis.user == request.user:
+        if analysis.hidden is False or analysis.user == request.user or request.user.is_superuser:
             html_body = get_template(report_path)
             logger.debug("html_report - analysis_id: %s html_file: %s", analysis_id, html_file)
             return HttpResponse(html_body.render({'embarkBackUrl': reverse('embark-ReportDashboard')}))
+        messages.error(request, "User not authorized")
     logger.error("could  not get template - %s", request)
-    return HttpResponseBadRequest("Bad Request")
+    return redirect("..")
 
 
 @require_http_methods(["GET"])
@@ -55,58 +56,63 @@ def html_report_path(request, analysis_id, html_path, html_file):
     report_path = Path(f'{settings.EMBA_LOG_ROOT}{request.path[10:]}')
     if FirmwareAnalysis.objects.filter(id=analysis_id).exists():
         analysis = FirmwareAnalysis.objects.get(id=analysis_id)
-        if analysis.user == request.user:
+        if analysis.hidden is False or analysis.user == request.user or request.user.is_superuser:
             html_body = get_template(report_path)
             logger.debug("html_report - analysis_id: %s path: %s html_file: %s", analysis_id, html_path, html_file)
             return HttpResponse(html_body.render({'embarkBackUrl': reverse('embark-ReportDashboard')}))
+        messages.error(request, "User not authorized")
     logger.error("could  not get path - %s", request)
-    return HttpResponseBadRequest("Bad Request")
+    return redirect("..")
 
 
 @require_http_methods(["GET"])
 @login_required(login_url='/' + settings.LOGIN_URL)
-def html_report_download(request, analysis_id, html_path, download_file):    # Needed for EMBA?
-    base_path = f"{settings.EMBA_LOG_ROOT}"
-    if request.path.startswith('/'):
-        file_path = request.path[1:]
-    else:
-        file_path = request.path[2:]
-    full_path = os.path.normpath(os.path.join(base_path, file_path))
-    if full_path.startswith(base_path):
-        with open(full_path, 'rb') as requested_file:
-            response = HttpResponse(requested_file.read(), content_type="text/plain")
-            response['Content-Disposition'] = 'attachment; filename=' + os.path.basename(full_path)
-            logger.info("html_report - analysis_id: %s html_path: %s download_file: %s", analysis_id, html_path,
-                        download_file)
-            return response
-    else:
-        response = Http404
+def html_report_download(request, analysis_id, html_path, download_file):    # TODO Needed for EMBA?
+    if FirmwareAnalysis.objects.filter(id=analysis_id).exists():
+        analysis = FirmwareAnalysis.objects.get(id=analysis_id)
+        if analysis.hidden is False or analysis.user == request.user or request.user.is_superuser:
+            base_path = f"{settings.EMBA_LOG_ROOT}"
+            if request.path.startswith('/'):
+                file_path = request.path[1:]
+            else:
+                file_path = request.path[2:]
+            full_path = os.path.normpath(os.path.join(base_path, file_path))
+            if full_path.startswith(base_path):
+                with open(full_path, 'rb') as requested_file:
+                    response = HttpResponse(requested_file.read(), content_type="text/plain")
+                    response['Content-Disposition'] = 'attachment; filename=' + os.path.basename(full_path)
+                    logger.info("html_report - analysis_id: %s html_path: %s download_file: %s", analysis_id, html_path,
+                                download_file)
+                    return response
+        response = Http404("Resource not found")
         return response
 
 
 @require_http_methods(["GET"])
 @login_required(login_url='/' + settings.LOGIN_URL)
 def html_report_resource(request, analysis_id, img_file):
-    content_type = "text/plain"
-
-    if img_file.endswith(".css"):
-        content_type = "text/css"
-    elif img_file.endswith(".svg"):
-        content_type = "image/svg+xml"
-    elif img_file.endswith(".png"):
-        content_type = "image/png"
-
-    resource_path = Path(f'{settings.EMBA_LOG_ROOT}{request.path[10:]}')
-    logger.info("html_report_resource - analysis_id: %s request.path: %s", analysis_id, request.path)
-
-    try:
-        # CodeQL issue is not relevant as the urls are defined via urls.py
-        with open(resource_path, "rb") as file_:
-            return HttpResponse(file_.read(), content_type=content_type)
-    except IOError as error:
-        logger.error(error)
-        logger.error(request.path)
-
+    if FirmwareAnalysis.objects.filter(id=analysis_id).exists():
+        analysis = FirmwareAnalysis.objects.get(id=analysis_id)
+        if analysis.hidden is False or analysis.user == request.user or request.user.is_superuser:
+            content_type = "text/plain"
+
+            if img_file.endswith(".css"):
+                content_type = "text/css"
+            elif img_file.endswith(".svg"):
+                content_type = "image/svg+xml"
+            elif img_file.endswith(".png"):
+                content_type = "image/png"
+
+            resource_path = Path(f'{settings.EMBA_LOG_ROOT}{request.path[10:]}')
+            logger.info("html_report_resource - analysis_id: %s request.path: %s", analysis_id, request.path)
+
+            try:
+                # CodeQL issue is not relevant as the urls are defined via urls.py
+                with open(resource_path, "rb") as file_:
+                    return HttpResponse(file_.read(), content_type=content_type)
+            except IOError as error:
+                logger.error(error)
+                logger.error(request.path)
     # just in case -> back to report intro
     report_path = Path(f'{settings.EMBA_LOG_ROOT}{request.path[10:]}')
     html_body = get_template(report_path)
@@ -119,42 +125,43 @@ def get_individual_report(request, analysis_id):
     """
     Get individual firmware report based on scan id (analysis_id)
     """
-    if not analysis_id:
-        logger.error('Bad request for get_individual_report')
-        return JsonResponse(data={'error': 'Bad request'}, status=HTTPStatus.BAD_REQUEST)
-    try:
+    if FirmwareAnalysis.objects.filter(id=analysis_id).exists():
         analysis_object = FirmwareAnalysis.objects.get(id=analysis_id)
-        result = Result.objects.get(firmware_analysis=analysis_object)
-
-        logger.debug("getting individual report for %s", result)
-
-        return_dict = model_to_dict(instance=result, exclude=['vulnerability'])
-
-        return_dict['firmware_name'] = analysis_object.firmware_name
-        if analysis_object.firmware:
-            return_dict['id'] = analysis_object.firmware.id
-        else:
-            return_dict['id'] = "Firmware was deleted"
-        return_dict['device_list'] = [str(_device) for _device in analysis_object.device.all()]
-        return_dict['start_date'] = analysis_object.start_date
-        return_dict['end_date'] = analysis_object.end_date
-        return_dict['duration'] = analysis_object.duration
-        return_dict['notes'] = analysis_object.notes
-        return_dict['version'] = analysis_object.version
-        return_dict['path_to_logs'] = analysis_object.path_to_logs
-        return_dict['strcpy_bin'] = json.loads(return_dict['strcpy_bin'])
-        # architecture
-        if isinstance(return_dict['architecture_verified'], dict):
-            arch_ = json.loads(return_dict['architecture_verified'])
-            for key_, value_ in arch_.items():
-                return_dict['architecture_verified'] += f"{key_}-{value_} "
-        else:
-            return_dict['architecture_verified'] = str(return_dict['architecture_verified'])
-
-        return JsonResponse(data=return_dict, status=HTTPStatus.OK)
-    except Result.DoesNotExist:
-        logger.error('Report for firmware_id: %s not found in database', analysis_id)
-        return JsonResponse(data={'error': 'Not Found'}, status=HTTPStatus.NOT_FOUND)
+        if analysis_object.hidden is False or analysis_object.user == request.user or request.user.is_superuser:
+            try:
+                result = Result.objects.get(firmware_analysis=analysis_object)
+
+                logger.debug("getting individual report for %s", result)
+
+                return_dict = model_to_dict(instance=result, exclude=['vulnerability'])
+
+                return_dict['firmware_name'] = analysis_object.firmware_name
+                if analysis_object.firmware:
+                    return_dict['id'] = analysis_object.firmware.id
+                else:
+                    return_dict['id'] = "Firmware was deleted"
+                return_dict['device_list'] = [str(_device) for _device in analysis_object.device.all()]
+                return_dict['start_date'] = analysis_object.start_date
+                return_dict['end_date'] = analysis_object.end_date
+                return_dict['duration'] = analysis_object.duration
+                return_dict['notes'] = analysis_object.notes
+                return_dict['version'] = analysis_object.version
+                return_dict['path_to_logs'] = analysis_object.path_to_logs
+                return_dict['strcpy_bin'] = json.loads(return_dict['strcpy_bin'])
+                # architecture
+                if isinstance(return_dict['architecture_verified'], dict):
+                    arch_ = json.loads(return_dict['architecture_verified'])
+                    for key_, value_ in arch_.items():
+                        return_dict['architecture_verified'] += f"{key_}-{value_} "
+                else:
+                    return_dict['architecture_verified'] = str(return_dict['architecture_verified'])
+
+                return JsonResponse(data=return_dict, status=HTTPStatus.OK)
+            except Result.DoesNotExist:
+                logger.error('Report for firmware_id: %s not found in database', analysis_id)
+                return JsonResponse(data={'error': 'Not Found'}, status=HTTPStatus.NOT_FOUND)
+    logger.error('Bad request for get_individual_report')
+    return JsonResponse(data={'error': 'Bad request'}, status=HTTPStatus.BAD_REQUEST)
 
 
 @require_http_methods(["GET"])
@@ -257,6 +264,7 @@ def download_zipped(request, analysis_id):
 
     :return: HttpResponse with zipped log directory on success or HttpResponse including error message
     """
+    # TODO only user can download zips
     logger.debug("entry download_zipped")
     try:
         firmware = FirmwareAnalysis.objects.get(id=analysis_id)
@@ -282,6 +290,7 @@ def make_zip(request, analysis_id):
     """
     submit analysis for zipping log directory
     """
+    # TODO only user can make zips
     try:
         analysis = FirmwareAnalysis.objects.get(id=analysis_id)
         # look for LogZipFile
diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index a67d6e9e..1d85bdaa 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -133,9 +133,6 @@
                                         </button>
                                     </div>
                                 </div>
-
-
-
                                 <!-- Modals -->
                                 <div class="modal fade" id="DeleteModal-{{ firmware.id }}" tabindex="-1" role="dialog" aria-hidden="true">
                                     <div class="modal-dialog" role="document">

From 8f2df91339de0553418174da0238cca2ad41bac6 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Mon, 27 Nov 2023 15:35:07 +0000
Subject: [PATCH 12/16] increase wait for db

---
 helper/helper_embark_general.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper/helper_embark_general.sh b/helper/helper_embark_general.sh
index 73a9ca2e..8560b08f 100644
--- a/helper/helper_embark_general.sh
+++ b/helper/helper_embark_general.sh
@@ -123,7 +123,7 @@ check_db() {
   echo -e "${BLUE}""${BOLD}""2. checking password""${NC}\\n"
   if ! mysql --host="${HOST_ENV}" --user="${USER_ENV}" --password="${PW_ENV}" -e"quit"; then
     echo -e "${ORANGE}""${BOLD}""[*] Retesting the mysql connection""${NC}"
-    sleep 35s
+    sleep 44s
     if ! mysql --host="${HOST_ENV}" --user="${USER_ENV}" --password="${PW_ENV}" -e"quit"; then
         echo -e "${ORANGE}""${BOLD}""Failed logging into database with password""${NC}"
         echo -e "---------------------------------------------------------------------------"

From 4b681cdbb0ffd3b841ab3997f506553aba5490f1 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <bennimail.4spam@gmail.com>
Date: Tue, 28 Nov 2023 05:23:32 +0000
Subject: [PATCH 13/16] fix linter

---
 embark/reporter/views.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/embark/reporter/views.py b/embark/reporter/views.py
index c261f01e..98043ebb 100644
--- a/embark/reporter/views.py
+++ b/embark/reporter/views.py
@@ -15,7 +15,7 @@
 from django.shortcuts import redirect
 from django.contrib import messages
 from django.template.loader import get_template
-from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse
+from django.http import HttpResponse, JsonResponse
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.http import require_http_methods
 from django.urls import reverse
@@ -68,6 +68,7 @@ def html_report_path(request, analysis_id, html_path, html_file):
 @require_http_methods(["GET"])
 @login_required(login_url='/' + settings.LOGIN_URL)
 def html_report_download(request, analysis_id, html_path, download_file):    # TODO Needed for EMBA?
+    response = Http404("Resource not found")
     if FirmwareAnalysis.objects.filter(id=analysis_id).exists():
         analysis = FirmwareAnalysis.objects.get(id=analysis_id)
         if analysis.hidden is False or analysis.user == request.user or request.user.is_superuser:
@@ -83,9 +84,7 @@ def html_report_download(request, analysis_id, html_path, download_file):    # T
                     response['Content-Disposition'] = 'attachment; filename=' + os.path.basename(full_path)
                     logger.info("html_report - analysis_id: %s html_path: %s download_file: %s", analysis_id, html_path,
                                 download_file)
-                    return response
-        response = Http404("Resource not found")
-        return response
+    return response
 
 
 @require_http_methods(["GET"])

From 111f1a6ef21881e006514e50679d11677c64cdfe Mon Sep 17 00:00:00 2001
From: BenediktMKuehne <bennimail.4spam@gmail.com>
Date: Tue, 28 Nov 2023 08:00:51 +0100
Subject: [PATCH 14/16] fix user for firmwarefile

---
 embark/uploader/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/embark/uploader/views.py b/embark/uploader/views.py
index aa5a291f..76c4395f 100644
--- a/embark/uploader/views.py
+++ b/embark/uploader/views.py
@@ -51,6 +51,7 @@ def save_file(request):
     logger.info("User %s tryied to upload %s", request.user.username, request.FILES.getlist('file'))
     for file in request.FILES.getlist('file'):      # FIXME determin usecase for multi-file-upload in one request
         firmware_file = FirmwareFile.objects.create(file=file)
+        firmware_file.user = request.user
         firmware_file.save()
     messages.info(request, 'upload successful.')
     return HttpResponse("successful upload")

From dee8e80c72d29e588be5c1fd66f2b760e996c9b7 Mon Sep 17 00:00:00 2001
From: BenediktMKuehne <bennimail.4spam@gmail.com>
Date: Tue, 28 Nov 2023 08:23:04 +0100
Subject: [PATCH 15/16] show buttons if

---
 embark/templates/dashboard/reportDashboard.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/embark/templates/dashboard/reportDashboard.html b/embark/templates/dashboard/reportDashboard.html
index 1d85bdaa..22806eec 100644
--- a/embark/templates/dashboard/reportDashboard.html
+++ b/embark/templates/dashboard/reportDashboard.html
@@ -95,7 +95,7 @@
 
                                     <!--menue-->
                                     <div class="dropdown-menu">
-                                        {% if firmware.failed is False %}
+                                        {% if firmware.failed is False and firmware.finished is True %}
                                             {% if firmware.zip_file is not None %}
                                                 <form action={% url 'embark-download' firmware.id %} method='get'>
                                                     <button type="submit" class="btn buttonRowElem" >Download Logs</button>

From c68dd39df711a630acbb1303f6895abcd3a76820 Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <62940240+BenediktMKuehne@users.noreply.github.com>
Date: Thu, 30 Nov 2023 13:11:59 +0100
Subject: [PATCH 16/16] Delete .github/FUNDING.yml

---
 .github/FUNDING.yml | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 .github/FUNDING.yml

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
deleted file mode 100644
index b82c504a..00000000
--- a/.github/FUNDING.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-# These are supported funding model platforms
-
-github: [e-m-b-a]