Merge pull request #18 from target/description-add

Adding Description Functionality
target · Nov 15, 2022 · b7f7429 · b7f7429
2 parents b25f21a + a095fec
commit b7f7429
Show file tree

Hide file tree

Showing 11 changed files with 61 additions and 199 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,14 @@
 # Changelog
 Changes to the project will be tracked in this file via the date of change.
 
+## 2022-11-15
+### Added
+- Ability to add description to uploaded files
+
+### Changed
+- Changing default docker-compose postgresdb name
+- Removing unnecessary directory
+
 ## 2022-11-04
 ### Changed
 - Bug fix for issues when loading scanners with uppercase names

diff --git a/app/blueprints/strelka.py b/app/blueprints/strelka.py
@@ -26,6 +26,7 @@ def submitFile():
     if file:
         try:
             submitted_at = str(datetime.datetime.utcnow())
+            submitted_description = request.form['description']
 
             succeeded, response, file_size = submit_file(
                 file, {"source": "fileshot-webui", "user_name": session.get("user_cn")}
@@ -50,6 +51,7 @@ def submitFile():
                     request.remote_addr,
                     request.headers.get("User-Agent"),
                     user_id,
+                    submitted_description,
                     submitted_at,
                     getRequestTime(response),
                 )
@@ -75,17 +77,15 @@ def submitFile():
 def getRequestID(response):
     return (
         response["request"]["id"]
-        if "request" in response
-        and "id" in response["request"]
+        if "request" in response and "id" in response["request"]
         else ""
     )
 
 
 def getRequestTime(response):
     return (
         str(datetime.datetime.fromtimestamp(response["request"]["time"]))
-        if "request" in response
-        and "time" in response["request"]
+        if "request" in response and "time" in response["request"]
         else ""
     )
 
@@ -102,28 +102,22 @@ def getMimeTypes(response):
 
 def getScannersRun(response):
     return (
-        response["file"]["scanners"]
-        if "file" in response
-        and "scanners" in response["file"]
+        response["file"]["scanner_list"]
+        if "file" in response and "scanner_list" in response["file"]
         else []
     )
 
 
 def getYaraHits(response):
     return (
-        response["scan"]["yara"]["matches"]
-        if "scan" in response
-        and "yara" in response["scan"]
-        and "matches" in response["scan"]["yara"]
+        response["scan_yara"]["matches"]
+        if "scan_yara" in response and "matches" in response["scan_yara"]
         else []
     )
 
 
 def getHashes(response):
-    hashes = response["scan"]["hash"].copy() \
-             if "scan" in response \
-             and "hash" in response["scan"] \
-             else {}
+    hashes = response["scan_hash"] if "scan_hash" in response else {}
     del hashes["elapsed"]
     return hashes.items()
 
@@ -133,6 +127,8 @@ def getScanStats():
     if not session.get('logged_in'):
         return "unauthenticated", 401
 
+    current_app.logger.info("fetching scan stats")
+
     all_time = db.session.query(FileSubmission).count()
     thirty_days = (
         db.session.query(FileSubmission)
@@ -166,12 +162,12 @@ def getScanStats():
 def getTimeDelta(days):
     return datetime.datetime.utcnow() - datetime.timedelta(days)
 
-
 @strelka.route("/scans/<id>")
 def getScan(id):
     if not session.get("logged_in"):
         return "unauthenticated", 401
 
+    current_app.logger.info("fetching scan by id: %s", id)
     submission = db.session.query(FileSubmission).options(joinedload(FileSubmission.user)).filter_by(file_id=id).first()
 
     if submission is not None:
@@ -191,13 +187,15 @@ def view():
 
     if (just_mine):
         user_id = session["user_id"]
+        current_app.logger.info("fetching scans for %s from page %s in batches of %s", user_id, page, per_page)
         submissions = (
             FileSubmission.query.options(joinedload(FileSubmission.user))
             .filter(FileSubmission.submitted_by_user_id == user_id)
             .order_by(FileSubmission.submitted_at.desc())
             .paginate(page, per_page, error_out=False)
         )
     else:
+        current_app.logger.info("fetching all scans from page %s in batches of %s", page, per_page)
         submissions = (
             FileSubmission.query.options(joinedload(FileSubmission.user))
             .order_by(FileSubmission.submitted_at.desc())
@@ -216,8 +214,7 @@ def view():
 
     return paginated_ui, 200
 
-
 def submissionsToJson(submission):
     val = submission.as_dict()
     val["user"] = submission.user.as_dict()
-    return val
+    return val
diff --git a/app/models.py b/app/models.py
@@ -6,26 +6,29 @@
 class FileSubmission(db.Model):
     __tablename__ = "file_submission"
 
+    # Database Metadata
     id = db.Column(db.Integer, primary_key=True)
 
+    # File Metadata
     file_id = db.Column(db.String(), unique=True)
     file_name = db.Column(db.String())
     file_size = db.Column(db.Integer())
 
+    # Strelka Metadata
     strelka_response = db.Column(db.JSON())
     mime_types = db.Column(db.ARRAY(db.String(), dimensions=1))
     yara_hits = db.Column(db.ARRAY(db.String(), dimensions=1))
     scanners_run = db.Column(db.ARRAY(db.String(), dimensions=1))
     hashes = db.Column(db.ARRAY(db.String(), dimensions=2))
 
+    # Submission Metadata
     submitted_from_ip = db.Column(db.String())
     submitted_from_client = db.Column(db.String())
-
+    submitted_description = db.Column(db.String())
     submitted_by_user_id = db.Column(
         db.ForeignKey("user.id"), nullable=False, index=True
     )
     user = relationship("User", back_populates="submissions")
-
     submitted_at = db.Column(db.DateTime(), default=db.func.now(), index=True)
     processed_at = db.Column(db.DateTime())
 
@@ -42,6 +45,7 @@ def __init__(
             submitted_from_ip,
             submitted_from_client,
             submitted_by_user_id,
+            submitted_description,
             submitted_at,
             processed_at,
     ):
@@ -56,6 +60,7 @@ def __init__(
         self.submitted_from_ip = submitted_from_ip
         self.submitted_from_client = submitted_from_client
         self.submitted_by_user_id = submitted_by_user_id
+        self.submitted_description = submitted_description
         self.submitted_at = submitted_at
         self.processed_at = processed_at
 

diff --git a/app/requirements.txt b/app/requirements.txt
@@ -32,7 +32,7 @@ Paste==3.5.0
 pathspec==0.9.0
 platformdirs==2.4.1
 protobuf==3.18.3
-psycopg2==2.8.6
+psycopg2-binary==2.9.4
 pyasn1==0.4.8
 pycparser==2.20
 PyJWT==2.4.0

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     networks:
       - strelkanet
     environment:
-      - DATABASE_HOST=postgresdb
+      - DATABASE_HOST=strelka-ui-postgresdb-1
       - DATABASE_NAME=strelka_ui
       - DATABASE_USERNAME=postgres
       - DATABASE_PASSWORD=postgres

diff --git a/migrations/README b/migrations/README
diff --git a/migrations/alembic.ini b/migrations/alembic.ini
diff --git a/migrations/env.py b/migrations/env.py
diff --git a/migrations/script.py.mako b/migrations/script.py.mako
diff --git a/ui/src/components/SubmissionTable.js b/ui/src/components/SubmissionTable.js
@@ -126,6 +126,13 @@ const SubmissionTable = ({ filesUploaded, page_size }) => {
         <Link to={`/submissions/${file_id}`}>{full.file_name}</Link>
       ),
     },
+    {
+      title: "Description",
+      dataIndex: "submitted_description",
+      key: "submitted_description",
+      width: 200,
+      render: (_, full) => <p style={{"overflow-wrap": "anywhere"}}>{full.submitted_description}</p>,
+    },
     {
       title: "Submitted by",
       dataIndex: "user.user_cn",