#234 Check mandatory attributes on nested object

Author: To-om

thehive-backend/app/models/Alert.scala

@@ -4,6 +4,8 @@ import java.util.Date
 import javax.inject.{ Inject, Singleton }
 
 import models.JsonFormat.alertStatusFormat
+import org.elastic4play.controllers.JsonInputValue
+import org.elastic4play.{ AttributeCheckingError, InvalidFormatAttributeError }
 import org.elastic4play.models.{ Attribute, AttributeDef, BaseEntity, EntityDef, HiveEnumeration, ModelDef, AttributeFormat ⇒ F, AttributeOption ⇒ O }
 import org.elastic4play.utils.Hasher
 import play.api.Logger
@@ -50,21 +52,35 @@ class AlertModel @Inject() (artifactModel: ArtifactModel)
   override val defaultSortBy: Seq[String] = Seq("-date")
   override val removeAttribute: JsObject = Json.obj("status" → AlertStatus.Ignored)
 
-  override def artifactAttributes: Seq[Attribute[_]] = artifactModel.attributes
+  override def artifactAttributes: Seq[Attribute[_]] = artifactModel
+    .attributes
+    .filter(_.isForm)
 
   override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] = {
-    Future.successful {
-      if (attrs.keys.contains("_id"))
-        attrs
-      else {
-        val hasher = Hasher("MD5")
-        val tpe = (attrs \ "tpe").asOpt[String].getOrElse("<null>")
-        val source = (attrs \ "source").asOpt[String].getOrElse("<null>")
-        val sourceRef = (attrs \ "sourceRef").asOpt[String].getOrElse("<null>")
-        val _id = hasher.fromString(s"$tpe|$source|$sourceRef").head.toString()
-        attrs + ("_id" → JsString(_id))
-      } - "lastSyncDate" - "case" - "status" - "follow"
-    }
+    // check if data attribute is present on all artifacts
+    val missingDataErrors = (attrs \ "artifacts")
+      .asOpt[Seq[JsValue]]
+      .getOrElse(Nil)
+      .filter { a ⇒
+        (a \ "data").toOption.isEmpty ||
+          ((a \ "tags").toOption.isEmpty && (a \ "message").toOption.isEmpty)
+      }
+      .map(v ⇒ InvalidFormatAttributeError("artifacts", "artifact", JsonInputValue(v)))
+    if (missingDataErrors.nonEmpty)
+      Future.failed(AttributeCheckingError("alert", missingDataErrors))
+    else
+      Future.successful {
+        if (attrs.keys.contains("_id"))
+          attrs
+        else {
+          val hasher = Hasher("MD5")
+          val tpe = (attrs \ "tpe").asOpt[String].getOrElse("<null>")
+          val source = (attrs \ "source").asOpt[String].getOrElse("<null>")
+          val sourceRef = (attrs \ "sourceRef").asOpt[String].getOrElse("<null>")
+          val _id = hasher.fromString(s"$tpe|$source|$sourceRef").head.toString()
+          attrs + ("_id" → JsString(_id))
+        } - "lastSyncDate" - "case" - "status" - "follow"
+      }
   }
 }
 

thehive-backend/app/models/Artifact.scala

@@ -28,7 +28,7 @@ trait ArtifactAttributes { _: AttributeDef ⇒
   val artifactId: A[String] = attribute("_id", F.stringFmt, "Artifact id", O.model)
   val data: A[Option[String]] = optionalAttribute("data", F.stringFmt, "Content of the artifact", O.readonly)
   val dataType: A[String] = attribute("dataType", F.listEnumFmt("artifactDataType")(dblists), "Type of the artifact", O.readonly)
-  val message: A[String] = attribute("message", F.textFmt, "Description of the artifact in the context of the case")
+  val message: A[Option[String]] = optionalAttribute("message", F.textFmt, "Description of the artifact in the context of the case")
   val startDate: A[Date] = attribute("startDate", F.dateFmt, "Creation date", new Date)
   val attachment: A[Option[Attachment]] = optionalAttribute("attachment", F.attachmentFmt, "Artifact file content", O.readonly)
   val tlp: A[Long] = attribute("tlp", F.numberFmt, "TLP level", 2L)
@@ -47,21 +47,46 @@ class ArtifactModel @Inject() (
     implicit val ec: ExecutionContext) extends ChildModelDef[ArtifactModel, Artifact, CaseModel, Case](caseModel, "case_artifact") with ArtifactAttributes with AuditedModel {
   override val removeAttribute: JsObject = Json.obj("status" → ArtifactStatus.Deleted)
 
-  override def apply(attributes: JsObject) = {
+  override def apply(attributes: JsObject): Artifact = {
     val tags = (attributes \ "tags").asOpt[Seq[JsString]].getOrElse(Nil).distinct
     new Artifact(this, attributes + ("tags" → JsArray(tags)))
   }
 
   // this method modify request in order to hash artifact and manager file upload
   override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] = {
     val keys = attrs.keys
+    println(s"keys=$keys")
+    println(s"attrs=$attrs")
+    if (!keys.contains("message") && (attrs \ "tags").asOpt[Seq[JsValue]].forall(_.isEmpty))
+      throw BadRequestError(s"Artifact must contain a message or on ore more tags")
     if (keys.contains("data") == keys.contains("attachment"))
       throw BadRequestError(s"Artifact must contain data or attachment (but not both)")
     computeId(parent, attrs).map { id ⇒
       attrs + ("_id" → JsString(id))
     }
   }
 
+  override def updateHook(entity: BaseEntity, updateAttrs: JsObject): Future[JsObject] = {
+    entity match {
+      case artifact: Artifact ⇒
+        val removeMessage = (updateAttrs \ "message").toOption.exists {
+          case JsNull       ⇒ true
+          case JsArray(Nil) ⇒ true
+          case _            ⇒ false
+        }
+        val removeTags = (updateAttrs \ "tags").toOption.exists {
+          case JsNull       ⇒ true
+          case JsArray(Nil) ⇒ true
+          case _            ⇒ false
+        }
+        if ((removeMessage && removeTags) ||
+          (removeMessage && artifact.tags().isEmpty) ||
+          (removeTags && artifact.message().isEmpty))
+          Future.failed(BadRequestError(s"Artifact must contain a message or on ore more tags"))
+        else
+          Future.successful(updateAttrs)
+    }
+  }
   def computeId(parent: Option[BaseEntity], attrs: JsObject): Future[String] = {
     // in order to make sure that there is no duplicated artifact, calculate its id from its content (dataType, data, attachment and parent)
     val mm = new MultiHash("MD5")

thehive-backend/app/models/Audit.scala

@@ -6,7 +6,7 @@ import javax.inject.{ Inject, Singleton }
 import scala.collection.immutable
 import play.api.{ Configuration, Logger }
 import play.api.libs.json.JsObject
-import org.elastic4play.models.{ Attribute, AttributeDef, EntityDef, EnumerationAttributeFormat, ModelDef, ObjectAttributeFormat, StringAttributeFormat, AttributeFormat ⇒ F, AttributeOption ⇒ O }
+import org.elastic4play.models.{ Attribute, AttributeDef, EntityDef, EnumerationAttributeFormat, ModelDef, MultiAttributeFormat, ObjectAttributeFormat, OptionalAttributeFormat, StringAttributeFormat, AttributeFormat ⇒ F, AttributeOption ⇒ O }
 import org.elastic4play.services.AuditableAction
 import org.elastic4play.services.JsonFormat.auditableActionFormat
 import services.AuditedModel
@@ -48,6 +48,11 @@ class AuditModel(
         case attr ⇒ Seq(attr)
       }
       .filter(_.isModel)
+      .map {
+        case attr @ Attribute(_, _, OptionalAttributeFormat(_), _, _, _) ⇒ attr
+        case attr @ Attribute(_, _, MultiAttributeFormat(_), _, _, _)    ⇒ attr
+        case attr                                                        ⇒ attr.toOptional
+      }
       .groupBy(_.name)
       .flatMap {
         // if only one attribute is found for a name, get it

thehive-backend/app/services/CaseMergeSrv.scala

@@ -34,6 +34,10 @@ class CaseMergeSrv @Inject() (
 
   import org.elastic4play.services.QueryDSL._
 
+  private[services] def concatOpt[E](entities: Seq[E], sep: String, getId: E ⇒ Long, getStr: E ⇒ Option[String]) = {
+    JsString(entities.flatMap(e ⇒ getStr(e).map(s ⇒ s"#${getId(e)}:$s")).mkString(sep))
+  }
+
   private[services] def concat[E](entities: Seq[E], sep: String, getId: E ⇒ Long, getStr: E ⇒ String) = {
     JsString(entities.map(e ⇒ s"#${getId(e)}:${getStr(e)}").mkString(sep))
   }
@@ -212,7 +216,7 @@ class CaseMergeSrv @Inject() (
         }
           .set("data", firstArtifact.data().map(JsString))
           .set("dataType", firstArtifact.dataType())
-          .set("message", concat[Artifact](sameArtifacts, "\n  \n", a ⇒ caseMap(a.parentId.get).caseId(), _.message()))
+          .set("message", concatOpt[Artifact](sameArtifacts, "\n  \n", a ⇒ caseMap(a.parentId.get).caseId(), _.message()))
           .set("startDate", firstDate(sameArtifacts.map(_.startDate())))
           .set("tlp", JsNumber(sameArtifacts.map(_.tlp()).min))
           .set("tags", JsArray(sameArtifacts.flatMap(_.tags()).distinct.map(JsString)))