#12 Add custom fields in case and case template

Author: To-om

project/Dependencies.scala

@@ -30,6 +30,6 @@ object Dependencies {
     val reflections = "org.reflections" % "reflections" % "0.9.10"
     val zip4j = "net.lingala.zip4j" % "zip4j" % "1.3.2"
     val akkaTest = "com.typesafe.akka" %% "akka-stream-testkit" % "2.4.4"
-    val elastic4play = "org.cert-bdf" %% "elastic4play" % "1.1.6-SNAPSHOT"
+    val elastic4play = "org.cert-bdf" %% "elastic4play" % "1.2.0-SNAPSHOT"
   }
 }

thehive-backend/app/models/Case.scala

@@ -48,6 +48,7 @@ trait CaseAttributes { _: AttributeDef ⇒
   val summary: A[Option[String]] = optionalAttribute("summary", F.textFmt, "Summary of the case, to be provided when closing a case")
   val mergeInto: A[Option[String]] = optionalAttribute("mergeInto", F.stringFmt, "Id of the case created by the merge")
   val mergeFrom: A[Seq[String]] = multiAttribute("mergeFrom", F.stringFmt, "Id of the cases merged")
+  val customFields: A[Option[JsValue]] = optionalAttribute("customFields", F.customFields, "Custom fields")
 }
 
 @Singleton

thehive-backend/app/models/CaseTemplate.scala

@@ -2,7 +2,7 @@ package models
 
 import javax.inject.{ Inject, Singleton }
 
-import play.api.libs.json.JsObject
+import play.api.libs.json.{ JsObject, JsValue }
 import org.elastic4play.models.{ Attribute, AttributeDef, EntityDef, HiveEnumeration, ModelDef, AttributeFormat ⇒ F }
 import models.JsonFormat.caseTemplateStatusFormat
 
@@ -23,7 +23,7 @@ trait CaseTemplateAttributes { _: AttributeDef ⇒
   val tlp: A[Option[Long]] = optionalAttribute("tlp", F.numberFmt, "TLP level")
   val status: A[CaseTemplateStatus.Value] = attribute("status", F.enumFmt(CaseTemplateStatus), "Status of the case", CaseTemplateStatus.Ok)
   val metricNames: A[Seq[String]] = multiAttribute("metricNames", F.stringFmt, "List of acceptable metric name")
-  val customFieldNames: A[Seq[String]] = multiAttribute("customFieldNames", F.stringFmt, "List of acceptable custom field name")
+  val customFields: A[Option[JsValue]] = optionalAttribute("customFields", F.customFields, "List of acceptable custom fields")
   val tasks: A[Seq[JsObject]] = multiAttribute("tasks", F.objectFmt(taskAttributes), "List of created tasks")
 }
 

thehive-backend/app/models/Migration.scala

@@ -126,6 +126,7 @@ class Migration(
               "follow" → (misp \ "follow").as[JsBoolean])
         },
         removeEntity("audit")(o ⇒ (o \ "objectType").asOpt[String].contains("alert")))
+    case DatabaseState(9) ⇒ Nil
   }
 
   private val requestCounter = new java.util.concurrent.atomic.AtomicInteger(0)

thehive-backend/app/models/package.scala

@@ -1,5 +1,5 @@
 
 
 package object models {
-  val modelVersion = 9
+  val modelVersion = 10
 }

thehive-backend/app/services/CaseSrv.scala

@@ -31,9 +31,16 @@ class CaseSrv @Inject() (
   lazy val log = Logger(getClass)
 
   def applyTemplate(template: CaseTemplate, originalFields: Fields): Fields = {
+    def getJsObjectOrEmpty(value: Option[JsValue]) = value.fold(JsObject(Nil)) {
+      case obj: JsObject ⇒ obj
+      case _             ⇒ JsObject(Nil)
+    }
+
     val metricNames = (originalFields.getStrings("metricNames").getOrElse(Nil) ++ template.metricNames()).distinct
     val metrics = JsObject(metricNames.map(_ → JsNull))
     val tags = (originalFields.getStrings("tags").getOrElse(Nil) ++ template.tags()).distinct
+    val customFields = getJsObjectOrEmpty(template.customFields()) ++ getJsObjectOrEmpty(originalFields.getValue("customFields"))
+
     originalFields
       .set("title", originalFields.getString("title").map(t ⇒ JsString(template.titlePrefix().getOrElse("") + " " + t)))
       .set("description", originalFields.getString("description").orElse(template.description()).map(JsString))
@@ -42,6 +49,7 @@ class CaseSrv @Inject() (
       .set("flag", originalFields.getBoolean("flag").orElse(template.flag()).map(JsBoolean))
       .set("tlp", originalFields.getLong("tlp").orElse(template.tlp()).map(JsNumber(_)))
       .set("metrics", originalFields.getValue("metrics").flatMap(_.asOpt[JsObject]).getOrElse(JsObject(Nil)) ++ metrics)
+      .set("customFields", customFields)
   }
 
   def create(fields: Fields, template: Option[CaseTemplate] = None)(implicit authContext: AuthContext): Future[Case] = {