Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Raw upload with Scan OOIS #3169

Merged
merged 29 commits into from
Aug 8, 2024
Merged

Raw upload with Scan OOIS #3169

merged 29 commits into from
Aug 8, 2024

Conversation

noamblitz
Copy link
Contributor

@noamblitz noamblitz commented Jul 1, 2024
edited
Loading

Changes

This PR has three main changes:

  1. A placeholder Scan OOI ensures that OOIs from a raw upload are eligible for garbage collection.
  2. Raw upload now has both an input OOI and a valid time, making exchanging raw files from ALL boefjes possible!
  3. Moving serialize() to Base OOI class, making it accessible in all services.

Closes: #3251

Demo

Please add some proof in the form of screenshots or screen recordings to show (off) new functionality, if there are interesting new features for end-users.

QA notes

Please test both the raw upload with different valid times, and the garbage collection of Scan OOIs.

Code Checklist

  • All the commits in this PR are properly PGP-signed and verified.
  • This PR only contains functionality relevant to the issue.
  • I have written unit tests for the changes or fixes I made.
  • I have checked the documentation and made changes where necessary.
  • I have performed a self-review of my code and refactored it to the best of my abilities.
  • Tickets have been created for newly discovered issues.
  • For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • I have included comments in the code to elaborate on what is not self-evident from the code itself, including references to issues and discussions online, or implicit behavior of an interface.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

@noamblitz noamblitz mentioned this pull request Jul 1, 2024
Closed
@underdarknl
Copy link
Contributor

related to #3050

@noamblitz noamblitz marked this pull request as ready for review July 3, 2024 14:40
@noamblitz noamblitz requested a review from a team as a code owner July 3, 2024 14:40
ammar92
ammar92 reviewed Jul 3, 2024
View reviewed changes
Copy link
Contributor

@ammar92 ammar92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work; just a few tiny remarks. Also, please do add some context to the PR next time.

octopoes/octopoes/models/__init__.py Show resolved Hide resolved
boefjes/boefjes/api.py Outdated Show resolved Hide resolved
rocky/tools/forms/upload_raw.py Outdated Show resolved Hide resolved
@noamblitz
Copy link
Contributor Author

Nice work; just a few tiny remarks. Also, please do add some context to the PR next time.

Heheh, sorry, finished the PR right at the end of the day and didn't have time for context yet. Tomorrow first thing promise ❤️

@ammar92
Copy link
Contributor

ammar92 commented Jul 3, 2024

Nice work; just a few tiny remarks. Also, please do add some context to the PR next time.

Heheh, sorry, finished the PR right at the end of the day and didn't have time for context yet. Tomorrow first thing promise ❤️

No worries! I noticed thanks to Jan that this was related to Burpsuite normalizer

underdarknl
underdarknl reviewed Jul 4, 2024
View reviewed changes
rocky/rocky/views/upload_raw.py
Comment on lines +102 to +104
options = [(o.primary_key, o.get_ooi_type()) for o in objects]

return options
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could yield these options one at a time, to avoid building up two giant lists in memory when loading many objects.

@underdarknl underdarknl added this to the OpenKAT v1.17 milestone Jul 8, 2024
ammar92
ammar92 previously approved these changes Jul 23, 2024
View reviewed changes
Copy link
Contributor

@ammar92 ammar92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@Donnype
Copy link
Contributor

Donnype commented Jul 30, 2024
edited
Loading

Good stuff! There is a small issue with choosing the input, see the details and suggestions below.

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.
  • I checked the logs for errors and/or warnings and made issues where necessary

What works:

  • I can manually add a Scan OOI
  • I can add a Raw File with an input OOI that I can fetch from the Bytes API
  • I cannot add OOIs when they were not created yet in the past, i.e. valid_time set too early
  • I can add a Raw File with a valid time in the past

UPDATE:

  • I can create a RawFile with the Scan OOI as input by copy pasting (or typing) the primary key myself

### What doesn't work:

- I cannot create a RawFile with the Scan OOI as input because it doesn't show up in the dropdown.
- I also cannot write the primary key myself (also not url encoded):
image

(It is going to be hard to do this dynamically somehow though..)

This wasn't working because of a valid time that was too old.

This suggestion is now just a nice-to-have:
Perhaps to resolve this we could add a button on the OOI detail page that says "Attach RawFile" and pre-fills the input OOI field? That could make it easier to add a file for the same OOI later. (If we could show all attached raw files for an OOI on the object detail page as well in the end, it would be even easier.)

Bug or feature?:

@underdarknl underdarknl merged commit a8feebe into main Aug 8, 2024
21 checks passed
@underdarknl underdarknl deleted the scan-oois branch August 8, 2024 09:01
jpbruinsslot added a commit that referenced this pull request Aug 8, 2024
@jpbruinsslot
Merge branch 'main' into feature/mula/refactor-queue
efb871a 
* main:
  Basic audit trails via logging (#3317)
  Raw upload with Scan OOIS (#3169)
  Fix Garbage collection and disappearing ports issue (#3214)
  Updated `Django` and `opentelemetry` packages (#3324)
jpbruinsslot added a commit that referenced this pull request Aug 8, 2024
@jpbruinsslot
Merge branch 'feature/mula/refactor-queue' into feature/rocky/schedules
8efbf8a 
* feature/mula/refactor-queue:
  Fix poetry
  Updates according to code review
  Basic audit trails via logging (#3317)
  Raw upload with Scan OOIS (#3169)
  Fix Garbage collection and disappearing ports issue (#3214)
  Formatting
  Formatting
  Fix formatting
  Updated `Django` and `opentelemetry` packages (#3324)
  Restructure scheduler development scripts (#3293)
  Change report flow to POST requests (#3174)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekkers dekkers dekkers left review comments

@Donnype Donnype Donnype left review comments

@underdarknl underdarknl underdarknl approved these changes

@ammar92 ammar92 ammar92 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
OpenKAT v1.17
Development

Successfully merging this pull request may close these issues.

Upload raw needs input_ooi (including Scan OOI)
6 participants
@noamblitz @underdarknl @ammar92 @Donnype @dekkers @stephanie0x00