From 0e330c7b91d835c19ae6bab711c07b9dd9988632 Mon Sep 17 00:00:00 2001 From: To-om Date: Fri, 1 Jul 2022 13:53:05 +0200 Subject: [PATCH 1/3] #2400 Use dedicated stream topic for stream dispatcher subscription --- thehive/app/org/thp/thehive/services/AuditSrv.scala | 2 +- thehive/app/org/thp/thehive/services/FlowActor.scala | 4 ++-- thehive/app/org/thp/thehive/services/StreamSrv.scala | 7 ++++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/thehive/app/org/thp/thehive/services/AuditSrv.scala b/thehive/app/org/thp/thehive/services/AuditSrv.scala index bc86e266e8..9a37e28765 100644 --- a/thehive/app/org/thp/thehive/services/AuditSrv.scala +++ b/thehive/app/org/thp/thehive/services/AuditSrv.scala @@ -105,7 +105,7 @@ class AuditSrv @Inject() ( case Status.COMMIT => logger.debug("Sending audit to stream bus and to notification actor") val auditIds = ids.map(_._2) - eventSrv.publish(StreamTopic())(AuditStreamMessage(auditIds: _*)) + eventSrv.publish(StreamTopic.dispatcher)(AuditStreamMessage(auditIds: _*)) notificationActor ! AuditNotificationMessage(auditIds: _*) case _ => } diff --git a/thehive/app/org/thp/thehive/services/FlowActor.scala b/thehive/app/org/thp/thehive/services/FlowActor.scala index 9fbd9883dc..b98dbe0123 100644 --- a/thehive/app/org/thp/thehive/services/FlowActor.scala +++ b/thehive/app/org/thp/thehive/services/FlowActor.scala @@ -50,8 +50,8 @@ class FlowActor extends Actor { def fromDate: Date = new Date(System.currentTimeMillis() - maxAgeConfig.get.toMillis) lazy val eventSrv: EventSrv = injector.getInstance(classOf[EventSrv]) - override def preStart(): Unit = eventSrv.subscribe(StreamTopic(), self) - override def postStop(): Unit = eventSrv.unsubscribe(StreamTopic(), self) + override def preStart(): Unit = eventSrv.subscribe(StreamTopic.dispatcher, self) + override def postStop(): Unit = eventSrv.unsubscribe(StreamTopic.dispatcher, self) def flowQuery( caseId: Option[EntityIdOrName] diff --git a/thehive/app/org/thp/thehive/services/StreamSrv.scala b/thehive/app/org/thp/thehive/services/StreamSrv.scala index 88a73c5d51..d4edb3d84d 100644 --- a/thehive/app/org/thp/thehive/services/StreamSrv.scala +++ b/thehive/app/org/thp/thehive/services/StreamSrv.scala @@ -1,6 +1,6 @@ package org.thp.thehive.services -import akka.actor.{actorRef2Scala, Actor, ActorIdentity, ActorRef, ActorSystem, Cancellable, Identify, PoisonPill, Props} +import akka.actor.{Actor, ActorIdentity, ActorRef, ActorSystem, Cancellable, Identify, PoisonPill, Props} import akka.pattern.{ask, AskTimeoutException} import akka.serialization.Serializer import akka.util.Timeout @@ -26,7 +26,8 @@ import scala.util.{Random, Try} sealed trait StreamMessage extends Serializable object StreamTopic { - def apply(streamId: String = ""): String = if (streamId.isEmpty) "stream" else s"stream-$streamId" + def apply(streamId: String): String = s"stream-$streamId" + val dispatcher: String = "stream" } case class AuditStreamMessage(id: EntityId*) extends StreamMessage @@ -192,7 +193,7 @@ class StreamSrv @Inject() ( ) logger.debug(s"Register stream actor ${streamActor.path}") eventSrv.subscribe(StreamTopic(streamId), streamActor) - eventSrv.subscribe(StreamTopic(), streamActor) + eventSrv.subscribe(StreamTopic.dispatcher, streamActor) streamId } From 1a20754094a36df0f1c3f5565c9ec01fa04c9853 Mon Sep 17 00:00:00 2001 From: To-om Date: Fri, 1 Jul 2022 15:33:03 +0200 Subject: [PATCH 2/3] #2401 Add checks on roles --- .../thp/thehive/cloner/IntegrityCheckApp.scala | 1 + .../org/thp/thehive/migration/th4/Output.scala | 1 + thehive/app/org/thp/thehive/TheHiveModule.scala | 1 + .../app/org/thp/thehive/services/RoleSrv.scala | 17 +++++++++++++++++ thehive/conf/reference.conf | 6 ++++++ .../test/org/thp/thehive/TestAppBuilder.scala | 3 ++- 6 files changed, 28 insertions(+), 1 deletion(-) diff --git a/migration/src/main/scala/org/thp/thehive/cloner/IntegrityCheckApp.scala b/migration/src/main/scala/org/thp/thehive/cloner/IntegrityCheckApp.scala index a4e09d7ada..edb6daf8cc 100644 --- a/migration/src/main/scala/org/thp/thehive/cloner/IntegrityCheckApp.scala +++ b/migration/src/main/scala/org/thp/thehive/cloner/IntegrityCheckApp.scala @@ -59,6 +59,7 @@ trait IntegrityCheckApp { integrityCheckOpsBindings.addBinding.to[TagIntegrityCheck] integrityCheckOpsBindings.addBinding.to[TaskIntegrityCheck] integrityCheckOpsBindings.addBinding.to[UserIntegrityCheck] + integrityCheckOpsBindings.addBinding.to[RoleIntegrityCheck] bind[Environment].toInstance(Environment.simple()) bind[ApplicationLifecycle].to[DefaultApplicationLifecycle] diff --git a/migration/src/main/scala/org/thp/thehive/migration/th4/Output.scala b/migration/src/main/scala/org/thp/thehive/migration/th4/Output.scala index 605f1f5dbc..2b4e6b7d8b 100644 --- a/migration/src/main/scala/org/thp/thehive/migration/th4/Output.scala +++ b/migration/src/main/scala/org/thp/thehive/migration/th4/Output.scala @@ -73,6 +73,7 @@ object Output { integrityCheckOpsBindings.addBinding.to[TagIntegrityCheck] integrityCheckOpsBindings.addBinding.to[TaskIntegrityCheck] integrityCheckOpsBindings.addBinding.to[UserIntegrityCheck] + integrityCheckOpsBindings.addBinding.to[RoleIntegrityCheck] val schemaBindings = ScalaMultibinder.newSetBinder[UpdatableSchema](binder) schemaBindings.addBinding.to[TheHiveSchemaDefinition] diff --git a/thehive/app/org/thp/thehive/TheHiveModule.scala b/thehive/app/org/thp/thehive/TheHiveModule.scala index b28ec07eec..7f585595b5 100644 --- a/thehive/app/org/thp/thehive/TheHiveModule.scala +++ b/thehive/app/org/thp/thehive/TheHiveModule.scala @@ -104,6 +104,7 @@ class TheHiveModule(environment: Environment, configuration: Configuration) exte integrityChecksBindings.addBinding.to[TaskIntegrityCheck] integrityChecksBindings.addBinding.to[ObservableIntegrityCheck] integrityChecksBindings.addBinding.to[LogIntegrityCheck] + integrityChecksBindings.addBinding.to[RoleIntegrityCheck] bind[TypedActorRef[IntegrityCheck.Request]].toProvider[IntegrityCheckActorProvider].asEagerSingleton() bind[TypedActorRef[CaseNumberActor.Request]].toProvider[CaseNumberActorProvider] diff --git a/thehive/app/org/thp/thehive/services/RoleSrv.scala b/thehive/app/org/thp/thehive/services/RoleSrv.scala index 7d58b977b3..005403ac4e 100644 --- a/thehive/app/org/thp/thehive/services/RoleSrv.scala +++ b/thehive/app/org/thp/thehive/services/RoleSrv.scala @@ -53,3 +53,20 @@ object RoleOps { } } + +@Singleton +class RoleIntegrityCheck @Inject() ( + val db: Database, + val service: RoleSrv, + profileSrv: ProfileSrv, + organisationSrv: OrganisationSrv, + roleSrv: RoleSrv +) extends GlobalCheck[Role] + with IntegrityCheckOps[Role] { + override def globalCheck(traversal: Traversal.V[Role])(implicit graph: Graph): Map[String, Long] = { + val orgOphanCount = service.startTraversal.filterNot(_.organisation).sideEffect(_.drop()).getCount + val userOrphanCount = service.startTraversal.filterNot(_.user).sideEffect(_.drop()).getCount + val profileOrphanCount = service.startTraversal.filterNot(_.profile).sideEffect(_.drop()).getCount + Map("orgOrphan" -> orgOphanCount, "userOrphan" -> userOrphanCount, "profileOrphan" -> profileOrphanCount) + } +} diff --git a/thehive/conf/reference.conf b/thehive/conf/reference.conf index 4e1dffaa8d..78ee933596 100644 --- a/thehive/conf/reference.conf +++ b/thehive/conf/reference.conf @@ -236,6 +236,12 @@ integrityCheck { minInterval: 30 minutes dedupStrategy: AfterAddition } + Role { + enabled: true + initialDelay: 30 seconds + minInterval: 1 minute + dedupStrategy: AfterAddition + } } } diff --git a/thehive/test/org/thp/thehive/TestAppBuilder.scala b/thehive/test/org/thp/thehive/TestAppBuilder.scala index 208fcaa035..2b26d249cc 100644 --- a/thehive/test/org/thp/thehive/TestAppBuilder.scala +++ b/thehive/test/org/thp/thehive/TestAppBuilder.scala @@ -58,7 +58,8 @@ trait TestAppBuilder { classOf[CaseTemplateIntegrityCheck], classOf[DataIntegrityCheck], classOf[CaseIntegrityCheck], - classOf[AlertIntegrityCheck] + classOf[AlertIntegrityCheck], + classOf[RoleIntegrityCheck] ) .bindActor[DummyActor]("config-actor") .bindActor[DummyActor]("notification-actor") From a0fd34fac44bdcdba8267bb7e4f6ffe4033ae17a Mon Sep 17 00:00:00 2001 From: To-om Date: Fri, 1 Jul 2022 15:34:43 +0200 Subject: [PATCH 3/3] Release 4.1.22 --- CHANGELOG.md | 10 ++++++++++ build.sbt | 2 +- frontend/bower.json | 2 +- frontend/package.json | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f3ed41931..6a0c8668bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Change Log +## [4.1.22](https://github.com/TheHive-Project/TheHive/milestone/93) (2022-07-01) + +**Implemented enhancements:** + +- [Enhancement] Add check on user role [\#2401](https://github.com/TheHive-Project/TheHive/issues/2401) + +**Fixed bugs:** + +- [Bug] Use dedicated stream topic for stream dispatcher subscription [\#2400](https://github.com/TheHive-Project/TheHive/issues/2400) + ## [4.1.21](https://github.com/TheHive-Project/TheHive/milestone/91) (2022-06-22) **Fixed bugs:** diff --git a/build.sbt b/build.sbt index 818ec7f067..225d4689c3 100644 --- a/build.sbt +++ b/build.sbt @@ -2,7 +2,7 @@ import Dependencies._ import com.typesafe.sbt.packager.Keys.bashScriptDefines import org.thp.ghcl.Milestone -val thehiveVersion = "4.1.21-1" +val thehiveVersion = "4.1.22-1" val scala212 = "2.12.13" val scala213 = "2.13.1" val supportedScalaVersions = List(scala212, scala213) diff --git a/frontend/bower.json b/frontend/bower.json index 3a05e18c12..ff070a27d9 100644 --- a/frontend/bower.json +++ b/frontend/bower.json @@ -1,6 +1,6 @@ { "name": "thehive", - "version": "4.1.21-1", + "version": "4.1.22-1", "license": "AGPL-3.0", "dependencies": { "jquery": "^3.4.1", diff --git a/frontend/package.json b/frontend/package.json index 7a5316e4e0..3db886b600 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "thehive", - "version": "4.1.21-1", + "version": "4.1.22-1", "license": "AGPL-3.0", "repository": { "type": "git",