Merge branch 'release/4.0.0' into master-th4

.drone.yml

@@ -15,9 +15,13 @@ steps:
     image: drillster/drone-volume-cache
     settings:
       restore: true
+      backend: "filesystem"
       mount:
         - .sbt
         - .ivy2
+        - .cache
+        - frontend/node_modules
+        - frontend/bower_components
     volumes: [{name: cache, path: /cache}]
 
   # Run project tests
@@ -31,11 +35,111 @@ steps:
     image: drillster/drone-volume-cache
     settings:
       rebuild: true
+      backend: "filesystem"
       mount:
         - .sbt
         - .ivy2
+        - .cache
+        - frontend/node_modules
+        - frontend/bower_components
     volumes: [{name: cache, path: /cache}]
 
+  # Build packages
+  - name: build-packages
+    image: thehiveproject/drone-scala-node
+    settings:
+      pgp_key:
+        from_secret: pgp_key
+    commands:
+      - |
+        V=$(sbt -no-colors --error "print thehive/version" | tail -1)
+        if ( echo $V | grep -qi snapshot)
+        then
+          exit 1
+        fi
+        . ~/.nvm/nvm.sh
+        [ -n "$PLUGIN_PGP_KEY" ] && gpg --batch --import - <<< $PLUGIN_PGP_KEY
+        sbt -Duser.home=$PWD docker:stage debian:packageBin rpm:packageBin universal:packageBin
+        if ( echo $V | grep -qi rc )
+        then
+          echo $( echo $V | sed -re 's/([0-9]+.[0-9]+.[0-9]+)-RC([0-9]+)-([0-9]+)/\1-RC\2,\1-RC\2-\3/' ) > .tags
+        else
+          echo $( echo $V | sed -re 's/([0-9]+).([0-9]+).([0-9]+)-([0-9]+)/\1,\1.\2,\1.\2.\3,\1.\2.\3-\4,latest/' ) > .tags
+        fi
+        echo $V > thehive-version.txt
+        mv target/rpm/RPMS/noarch/thehive*.rpm target/
+        mv target/universal/thehive*.zip target/
+    when:
+      event: [tag]
+
+  # Send packages using scp
+  - name: send packages
+    image: appleboy/drone-scp
+    settings:
+      host:
+        from_secret: scp_host
+      username:
+        from_secret: scp_user
+      key:
+        from_secret: scp_key
+      target:
+        from_secret: incoming_path
+      source:
+        - target/thehive*.deb
+        - target/thehive*.rpm
+        - target/thehive*.zip
+      strip_components: 1
+    when:
+      event: [tag]
+
+  # Publish packages
+  - name: publish packages
+    image: appleboy/drone-ssh
+    settings:
+      host:
+        from_secret: scp_host
+      user:
+        from_secret: scp_user
+      key:
+        from_secret: scp_key
+      publish_script:
+        from_secret: publish_script
+    commands:
+      - PLUGIN_SCRIPT="bash $PLUGIN_PUBLISH_SCRIPT thehive4 $(cat thehive-version.txt)" /bin/drone-ssh
+    when:
+      event: [tag]
+
+  # Publish docker image on Docker Hub
+  - name: docker
+    image: plugins/docker
+    settings:
+      context: target/docker/stage
+      dockerfile: target/docker/stage/Dockerfile
+      repo: thehiveproject/thehive4
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+    when:
+      event: [tag]
+
+  # Publish docker image on Harbor
+  - name: harbor
+    image: plugins/docker
+    settings:
+      context: target/docker/stage
+      dockerfile: target/docker/stage/Dockerfile
+      registry:
+        from_secret: harbor_server
+      repo:
+        from_secret: harbor_repo
+      username:
+        from_secret: harbor_username
+      password:
+        from_secret: harbor_password
+    when:
+      event: [tag]
+
 volumes:
   - name: cache
     host:

.gitignore

@@ -1,3 +1,4 @@
+dev
 logs
 bin
 conf/application.conf
@@ -35,3 +36,5 @@ tmp
 /.idea/**
 !/.idea/runConfigurations/
 !/.idea/runConfigurations/*
+
+dev

CHANGELOG.md

@@ -1,5 +1,63 @@
 # Change Log
 
+## [4.0.0](https://github.com/TheHive-Project/TheHive/milestone/59) (2020-07-24)
+
+**Implemented enhancements:**
+
+- No longer possible to force usage of a case template (ui setting is missing) [\#1239](https://github.com/TheHive-Project/TheHive/issues/1239)
+- Make user management list paginable and sortable with default sort of username [\#1332](https://github.com/TheHive-Project/TheHive/issues/1332)
+- Cursor is set wrong on new-Case -> severity [\#1373](https://github.com/TheHive-Project/TheHive/issues/1373)
+- [Enhancement] Prevent link with "admin" organisation [\#1395](https://github.com/TheHive-Project/TheHive/issues/1395)
+- [Enhancement] An user should not be able to lock himself [\#1396](https://github.com/TheHive-Project/TheHive/issues/1396)
+- Performance - Don't load stats if not displayed [\#1401](https://github.com/TheHive-Project/TheHive/issues/1401)
+- [RBAC] Add routes guard configuration to secure routes [\#1403](https://github.com/TheHive-Project/TheHive/issues/1403)
+- [Enhancement] Add checks for database integrity [\#1404](https://github.com/TheHive-Project/TheHive/issues/1404)
+- Use Query APIs in list pages [\#1410](https://github.com/TheHive-Project/TheHive/issues/1410)
+- Improve autocomplete queries for tags [\#1411](https://github.com/TheHive-Project/TheHive/issues/1411)
+- [Enhancement] Add ability to add tasks in case creation API [\#1414](https://github.com/TheHive-Project/TheHive/issues/1414)
+- Improve user details caching [\#1418](https://github.com/TheHive-Project/TheHive/issues/1418)
+- Add bulk edit in cases list [\#1423](https://github.com/TheHive-Project/TheHive/issues/1423)
+- Use a responder selector window instead of dynamic dropdown menues [\#1431](https://github.com/TheHive-Project/TheHive/issues/1431)
+- Show sharing summary in task and observable lists [\#1437](https://github.com/TheHive-Project/TheHive/issues/1437)
+- Add some quick filters in tasks list [\#1438](https://github.com/TheHive-Project/TheHive/issues/1438)
+- Use assignable users API to populate assignee options [\#1444](https://github.com/TheHive-Project/TheHive/issues/1444)
+- Migrate the stats widgets on listing pages [\#1446](https://github.com/TheHive-Project/TheHive/issues/1446)
+
+**Closed issues:**
+
+- Default Dashboards are missing [\#1240](https://github.com/TheHive-Project/TheHive/issues/1240)
+
+**Fixed bugs:**
+
+- [Bug] Migration issues from ES to Cassandra [\#1340](https://github.com/TheHive-Project/TheHive/issues/1340)
+- [Bug] Deleting and observable doesn't refresh the list [\#1355](https://github.com/TheHive-Project/TheHive/issues/1355)
+- [Bug] Limiting admin rights breaks front end [\#1368](https://github.com/TheHive-Project/TheHive/issues/1368)
+- [Bug] Imported Dashboards from TH3 doesn't work [\#1371](https://github.com/TheHive-Project/TheHive/issues/1371)
+- [Bug] Top 5 tags in Case -> Stats aren't correctly ordered [\#1372](https://github.com/TheHive-Project/TheHive/issues/1372)
+- [Bug] Migration of usernames from ES to Cassandra [\#1374](https://github.com/TheHive-Project/TheHive/issues/1374)
+- [Bug] Switching User Organisation failes using header variable authentication [\#1375](https://github.com/TheHive-Project/TheHive/issues/1375)
+- [Bug] Tags gets wrong renamed [\#1376](https://github.com/TheHive-Project/TheHive/issues/1376)
+- [Bug] MISP integration alert link generated incorrectly [\#1378](https://github.com/TheHive-Project/TheHive/issues/1378)
+- [Bug] CustomFields does not appear sorted in the case template [\#1383](https://github.com/TheHive-Project/TheHive/issues/1383)
+- [Bug] Users in Admin-Org are not allowed to switch to any other org [\#1385](https://github.com/TheHive-Project/TheHive/issues/1385)
+- [Bug] Custom Observable Types can be created multiple-times with the same name [\#1387](https://github.com/TheHive-Project/TheHive/issues/1387)
+- [Bug] Issues during Migration - Some Observables are missing [\#1388](https://github.com/TheHive-Project/TheHive/issues/1388)
+- [Bug] Proxy configuration is not correctly parsed [\#1392](https://github.com/TheHive-Project/TheHive/issues/1392)
+- [Bug] Handle 401 on route failure [\#1402](https://github.com/TheHive-Project/TheHive/issues/1402)
+- [Bug] Delete case api fails [\#1405](https://github.com/TheHive-Project/TheHive/issues/1405)
+- Fix the filter preview deletion button [\#1412](https://github.com/TheHive-Project/TheHive/issues/1412)
+- Fix OAuth redirect handling from Javascript [\#1420](https://github.com/TheHive-Project/TheHive/issues/1420)
+- [Bug] Error when exporting a case with severity Critical in MISP [\#1424](https://github.com/TheHive-Project/TheHive/issues/1424)
+- [Bug] Cases owned by non-linked organisations visible to all organisations, potential data leakage [\#1427](https://github.com/TheHive-Project/TheHive/issues/1427)
+- [Bug] TheHive doesn't start correctly [\#1429](https://github.com/TheHive-Project/TheHive/issues/1429)
+- [Bug] Permission is not correctly checked for MISP export [\#1432](https://github.com/TheHive-Project/TheHive/issues/1432)
+- Observable type deletion doesn't wait for the confirmation [\#1433](https://github.com/TheHive-Project/TheHive/issues/1433)
+- Fix rendering of jobs in search section [\#1434](https://github.com/TheHive-Project/TheHive/issues/1434)
+- Remove obsolete options in Search page [\#1436](https://github.com/TheHive-Project/TheHive/issues/1436)
+- [Bug] Click on dashboards to access filtered data [\#1445](https://github.com/TheHive-Project/TheHive/issues/1445)
+- [Bug] Pivoting from dashboard to search page is loosing the date filter [\#1448](https://github.com/TheHive-Project/TheHive/issues/1448)
+- [Bug] Series' filters in dashboard widgets are taken into account [\#1449](https://github.com/TheHive-Project/TheHive/issues/1449)
+
 ## [4.0.0-RC3](https://github.com/TheHive-Project/TheHive/milestone/58) (2020-05-27)
 
 **Implemented enhancements:**
@@ -26,7 +84,6 @@
 - [Bug] Read-only has options to edit task-logs [\#1334](https://github.com/TheHive-Project/TheHive/issues/1334)
 - [Bug] Adding a custom-field on an open case requires a reload, otherwise field is not visible [\#1336](https://github.com/TheHive-Project/TheHive/issues/1336)
 - [Bug] severity change when create new case don't work [\#1338](https://github.com/TheHive-Project/TheHive/issues/1338)
-- [Bug] Migration issues from ES to Cassandra [\#1340](https://github.com/TheHive-Project/TheHive/issues/1340)
 - [Bug] The filter operator "_child" is missing [\#1344](https://github.com/TheHive-Project/TheHive/issues/1344)
 - [Bug] Webhook compatibility issues on custom-fields [\#1345](https://github.com/TheHive-Project/TheHive/issues/1345)
 - [Bug] Object sent to responder doesn't contain parent [\#1348](https://github.com/TheHive-Project/TheHive/issues/1348)

app/org/thp/thehive/CustomServer.scala

@@ -1,9 +1,8 @@
 package org.thp.thehive
 
-import play.core.server.{AkkaHttpServer, ServerProvider}
-
 import akka.http.scaladsl.model.HttpMethod
 import akka.http.scaladsl.settings.ParserSettings
+import play.core.server.{AkkaHttpServer, ServerProvider}
 
 /** A custom Akka HTTP server with advanced configuration. */
 class CustomAkkaHttpServer(context: AkkaHttpServer.Context) extends AkkaHttpServer(context) {

build.sbt

@@ -2,7 +2,7 @@ import Dependencies._
 import com.typesafe.sbt.packager.Keys.bashScriptDefines
 import org.thp.ghcl.Milestone
 
-val thehiveVersion         = "4.0.0-RC3-3"
+val thehiveVersion         = "4.0.0-1"
 val scala212               = "2.12.11"
 val scala213               = "2.13.1"
 val supportedScalaVersions = List(scala212, scala213)
@@ -61,8 +61,8 @@ libraryDependencies in ThisBuild ++= {
   }
 }
 dependencyOverrides in ThisBuild ++= Seq(
-  "org.locationtech.spatial4j" % "spatial4j"                 % "0.6",
-  "org.elasticsearch.client"   % "elasticsearch-rest-client" % "6.7.2"
+//  "org.locationtech.spatial4j" % "spatial4j"                 % "0.6",
+  "org.elasticsearch.client" % "elasticsearch-rest-client" % "6.7.2"
 )
 PlayKeys.includeDocumentationInBinary := false
 milestoneFilter := ((milestone: Milestone) => milestone.title.startsWith("4"))
@@ -92,6 +92,20 @@ lazy val thehive = (project in file("."))
         case other                        => other
       }
     },
+    clean := {
+      (clean in scalligraph).value
+      (clean in thehiveCore).value
+      (clean in thehiveDto).value
+      (clean in thehiveClient).value
+      (clean in thehiveFrontend).value
+      (clean in thehiveCortex).value
+      (clean in thehiveMisp).value
+      (clean in cortexClient).value
+      (clean in mispClient).value
+      (clean in thehiveMigration).value
+      (clean in clientCommon).value
+      (clean in cortexDto).value
+    },
     test := {
       (test in Test in scalligraph).value
       (test in Test in thehiveCore).value
@@ -105,6 +119,20 @@ lazy val thehive = (project in file("."))
       (test in Test in thehiveMigration).value
       (test in Test in clientCommon).value
       (test in Test in cortexDto).value
+    },
+    testQuick := {
+      (testQuick in Test in scalligraph).evaluated
+      (testQuick in Test in thehiveCore).evaluated
+      (testQuick in Test in thehiveDto).evaluated
+      (testQuick in Test in thehiveClient).evaluated
+      (testQuick in Test in thehiveFrontend).evaluated
+      (testQuick in Test in thehiveCortex).evaluated
+      (testQuick in Test in thehiveMisp).evaluated
+      (testQuick in Test in cortexClient).evaluated
+      (testQuick in Test in mispClient).evaluated
+      (testQuick in Test in thehiveMigration).evaluated
+      (testQuick in Test in clientCommon).evaluated
+      (testQuick in Test in cortexDto).evaluated
     }
   )
 
@@ -310,7 +338,7 @@ lazy val thehiveMigration = (project in file("migration"))
       elastic4sCore,
       elastic4sHttpStreams,
       elastic4sHttp,
-      jts,
+//      jts,
       ehcache,
       scopt,
       specs % Test

client-common/src/main/scala/org/thp/client/BaseClient.scala

@@ -1,13 +1,13 @@
 package org.thp.client
 
-import scala.concurrent.{ExecutionContext, Future}
-import scala.util.{Failure, Success, Try}
-
 import play.api.Logger
 import play.api.http.Status
 import play.api.libs.json._
 import play.api.libs.ws.{WSClient, WSResponse}
 
+import scala.concurrent.{ExecutionContext, Future}
+import scala.util.{Failure, Success, Try}
+
 case class ApplicationError(status: Int, body: JsValue) extends Exception(s"ApplicationError($status):\n${Json.prettyPrint(body)}")
 
 object ApplicationError {