Merge branch 'release/3.0.0-RC3'

Author: To-om

.scalafmt.conf

@@ -0,0 +1,26 @@
+version = "2.0.0-RC7"
+align = more    # For pretty alignment.
+assumeStandardLibraryStripMargin = true
+style = defaultWithAlign
+maxColumn = 150
+
+align.openParenCallSite = false
+align.openParenDefnSite = false
+newlines.alwaysBeforeTopLevelStatements = true
+rewrite.rules = [
+  # ExpandImportSelectors
+  RedundantBraces
+  RedundantParens
+  SortModifiers
+  PreferCurlyFors
+  SortImports
+]
+
+includeCurlyBraceInSelectChains = true
+includeNoParensInSelectChains = true
+
+rewriteTokens {
+  "=>" : "⇒"
+  "<-" : "←"
+  "->": "→"
+}

.scalariform.conf

@@ -1,7 +1,20 @@
 # Change Log
 
-## [3.0.0-RC2](https://github.com/TheHive-Project/Cortex/tree/3.0.0-RC2) (2019-05-03)
+## [3.0.0-RC3](https://github.com/TheHive-Project/Cortex/tree/3.0.0-RC3) (2019-06-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0-RC2...3.0.0-RC3)
+
+**Implemented enhancements:**
+
+- Improve job details page [\#195](https://github.com/TheHive-Project/Cortex/issues/195)
+- Add support of ElasticSearch 6 [\#191](https://github.com/TheHive-Project/Cortex/issues/191)
+- Upgrade frontend libraries [\#190](https://github.com/TheHive-Project/Cortex/issues/190)
 
+**Fixed bugs:**
+
+- Get user detials via API is available to non-admin users [\#194](https://github.com/TheHive-Project/Cortex/issues/194)
+
+## [3.0.0-RC2](https://github.com/TheHive-Project/Cortex/tree/3.0.0-RC2) (2019-05-03)
 [Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0-RC1...3.0.0-RC2)
 
 **Fixed bugs:**

CHANGELOG.md

@@ -1,43 +1,47 @@
 package org.thp.cortex
 
+import java.lang.reflect.Modifier
+
 import com.google.inject.AbstractModule
-import net.codingwell.scalaguice.{ ScalaModule, ScalaMultibinder }
+import net.codingwell.scalaguice.{ScalaModule, ScalaMultibinder}
 import play.api.libs.concurrent.AkkaGuiceSupport
-import play.api.{ Configuration, Environment, Logger, Mode }
+import play.api.{Configuration, Environment, Logger, Mode}
 import scala.collection.JavaConverters._
 
 import com.google.inject.name.Names
 import org.reflections.Reflections
 import org.reflections.scanners.SubTypesScanner
 import org.reflections.util.ConfigurationBuilder
-import org.thp.cortex.models.{ AuditedModel, Migration }
+import org.thp.cortex.models.{AuditedModel, Migration}
 import org.thp.cortex.services._
 
 import org.elastic4play.models.BaseModelDef
 import org.elastic4play.services.auth.MultiAuthSrv
-import org.elastic4play.services.{ AuthSrv, MigrationOperations }
-import org.thp.cortex.controllers.{ AssetCtrl, AssetCtrlDev, AssetCtrlProd }
-import services.mappers.{ MultiUserMapperSrv, UserMapper }
+import org.elastic4play.services.{UserSrv ⇒ EUserSrv, AuthSrv, MigrationOperations}
+import org.thp.cortex.controllers.{AssetCtrl, AssetCtrlDev, AssetCtrlProd}
+import services.mappers.{MultiUserMapperSrv, UserMapper}
 
 class Module(environment: Environment, configuration: Configuration) extends AbstractModule with ScalaModule with AkkaGuiceSupport {
 
   private lazy val logger = Logger(s"module")
 
   override def configure(): Unit = {
-    val modelBindings = ScalaMultibinder.newSetBinder[BaseModelDef](binder)
+    val modelBindings        = ScalaMultibinder.newSetBinder[BaseModelDef](binder)
     val auditedModelBindings = ScalaMultibinder.newSetBinder[AuditedModel](binder)
-    val reflectionClasses = new Reflections(new ConfigurationBuilder()
-      .forPackages("org.elastic4play")
-      .addClassLoader(getClass.getClassLoader)
-      .addClassLoader(environment.getClass.getClassLoader)
-      .forPackages("org.thp.cortex")
-      .setExpandSuperTypes(false)
-      .setScanners(new SubTypesScanner(false)))
+    val reflectionClasses = new Reflections(
+      new ConfigurationBuilder()
+        .forPackages("org.elastic4play")
+        .addClassLoader(getClass.getClassLoader)
+        .addClassLoader(environment.getClass.getClassLoader)
+        .forPackages("org.thp.cortex")
+        .setExpandSuperTypes(false)
+        .setScanners(new SubTypesScanner(false))
+    )
 
     reflectionClasses
       .getSubTypesOf(classOf[BaseModelDef])
       .asScala
-      .filterNot(c ⇒ java.lang.reflect.Modifier.isAbstract(c.getModifiers))
+      .filterNot(c ⇒ Modifier.isAbstract(c.getModifiers))
       .foreach { modelClass ⇒
         logger.info(s"Loading model $modelClass")
         modelBindings.addBinding.to(modelClass)
@@ -50,7 +54,7 @@ class Module(environment: Environment, configuration: Configuration) extends Abs
     reflectionClasses
       .getSubTypesOf(classOf[AuthSrv])
       .asScala
-      .filterNot(c ⇒ java.lang.reflect.Modifier.isAbstract(c.getModifiers) || c.isMemberClass)
+      .filterNot(c ⇒ Modifier.isAbstract(c.getModifiers) || c.isMemberClass)
       .filterNot(c ⇒ c == classOf[MultiAuthSrv] || c == classOf[CortexAuthSrv])
       .foreach { authSrvClass ⇒
         logger.info(s"Loading authentication module $authSrvClass")
@@ -61,7 +65,7 @@ class Module(environment: Environment, configuration: Configuration) extends Abs
     reflectionClasses
       .getSubTypesOf(classOf[UserMapper])
       .asScala
-      .filterNot(c ⇒ java.lang.reflect.Modifier.isAbstract(c.getModifiers) || c.isMemberClass)
+      .filterNot(c ⇒ Modifier.isAbstract(c.getModifiers) || c.isMemberClass)
       .filterNot(c ⇒ c == classOf[MultiUserMapperSrv])
       .foreach(mapperCls ⇒ ssoMapperBindings.addBinding.to(mapperCls))
 
@@ -70,7 +74,7 @@ class Module(environment: Environment, configuration: Configuration) extends Abs
     else
       bind[AssetCtrl].to[AssetCtrlDev]
 
-    bind[org.elastic4play.services.UserSrv].to[UserSrv]
+    bind[EUserSrv].to[UserSrv]
     bind[Int].annotatedWith(Names.named("databaseVersion")).toInstance(models.modelVersion)
     bind[UserMapper].to[MultiUserMapperSrv]
 

app/org/thp/cortex/Module.scala

@@ -1,48 +1,56 @@
 package org.thp.cortex.controllers
 
-import javax.inject.{ Inject, Singleton }
-import scala.concurrent.{ ExecutionContext, Future }
+import javax.inject.{Inject, Singleton}
+import scala.concurrent.{ExecutionContext, Future}
 
 import play.api.libs.json.JsObject
-import play.api.mvc.{ AbstractController, Action, AnyContent, ControllerComponents }
+import play.api.mvc.{AbstractController, Action, AnyContent, ControllerComponents}
 
-import org.thp.cortex.models.{ BaseConfig, Roles }
-import org.thp.cortex.services.{ AnalyzerConfigSrv, UserSrv }
+import org.thp.cortex.models.{BaseConfig, Roles}
+import org.thp.cortex.services.{AnalyzerConfigSrv, UserSrv}
 
 import org.elastic4play.BadRequestError
-import org.elastic4play.controllers.{ Authenticated, Fields, FieldsBodyParser, Renderer }
+import org.elastic4play.controllers.{Authenticated, Fields, FieldsBodyParser, Renderer}
 
 @Singleton
-class AnalyzerConfigCtrl @Inject() (
+class AnalyzerConfigCtrl @Inject()(
     analyzerConfigSrv: AnalyzerConfigSrv,
     userSrv: UserSrv,
     authenticated: Authenticated,
     fieldsBodyParser: FieldsBodyParser,
     renderer: Renderer,
     components: ControllerComponents,
-    implicit val ec: ExecutionContext) extends AbstractController(components) {
+    implicit val ec: ExecutionContext
+) extends AbstractController(components) {
 
   def get(analyzerConfigName: String): Action[AnyContent] = authenticated(Roles.orgAdmin).async { request ⇒
-    analyzerConfigSrv.getForUser(request.userId, analyzerConfigName)
+    analyzerConfigSrv
+      .getForUser(request.userId, analyzerConfigName)
       .map(renderer.toOutput(OK, _))
   }
 
   def list(): Action[AnyContent] = authenticated(Roles.orgAdmin).async { request ⇒
-    analyzerConfigSrv.listConfigForUser(request.userId)
+    analyzerConfigSrv
+      .listConfigForUser(request.userId)
       .map { bc ⇒
-        renderer.toOutput(OK, bc.sortWith {
-          case (BaseConfig("global", _, _, _), _)               ⇒ true
-          case (_, BaseConfig("global", _, _, _))               ⇒ false
-          case (BaseConfig(a, _, _, _), BaseConfig(b, _, _, _)) ⇒ a.compareTo(b) < 0
-        })
+        renderer.toOutput(
+          OK,
+          bc.sortWith {
+            case (BaseConfig("global", _, _, _), _)               ⇒ true
+            case (_, BaseConfig("global", _, _, _))               ⇒ false
+            case (BaseConfig(a, _, _, _), BaseConfig(b, _, _, _)) ⇒ a.compareTo(b) < 0
+          }
+        )
       }
   }
 
   def update(analyzerConfigName: String): Action[Fields] = authenticated(Roles.orgAdmin).async(fieldsBodyParser) { implicit request ⇒
     request.body.getValue("config").flatMap(_.asOpt[JsObject]) match {
-      case Some(config) ⇒ analyzerConfigSrv.updateOrCreate(request.userId, analyzerConfigName, config)
-        .map(renderer.toOutput(OK, _))
+      case Some(config) ⇒
+        analyzerConfigSrv
+          .updateOrCreate(request.userId, analyzerConfigName, config)
+          .map(renderer.toOutput(OK, _))
       case None ⇒ Future.failed(BadRequestError("attribute config has invalid format"))
     }
   }
-}
+}

app/org/thp/cortex/controllers/AnalyzerConfigCtrl.scala

@@ -1,51 +1,52 @@
 package org.thp.cortex.controllers
 
-import scala.concurrent.{ ExecutionContext, Future }
+import scala.concurrent.{ExecutionContext, Future}
 
-import play.api.libs.json.{ JsObject, JsString, Json }
-import play.api.mvc.{ AbstractController, Action, AnyContent, ControllerComponents }
+import play.api.libs.json.{JsObject, JsString, Json}
+import play.api.mvc.{AbstractController, Action, AnyContent, ControllerComponents}
 
 import akka.stream.Materializer
-import javax.inject.{ Inject, Singleton }
-import org.thp.cortex.models.{ Roles, Worker }
-import org.thp.cortex.services.{ UserSrv, WorkerSrv }
+import javax.inject.{Inject, Singleton}
+import org.thp.cortex.models.{Roles, Worker}
+import org.thp.cortex.services.{UserSrv, WorkerSrv}
 
-import org.elastic4play.controllers.{ Authenticated, Fields, FieldsBodyParser, Renderer }
+import org.elastic4play.controllers.{Authenticated, Fields, FieldsBodyParser, Renderer}
 import org.elastic4play.services.JsonFormat.queryReads
-import org.elastic4play.services.{ QueryDSL, QueryDef }
+import org.elastic4play.services.{QueryDSL, QueryDef}
 
 @Singleton
-class AnalyzerCtrl @Inject() (
+class AnalyzerCtrl @Inject()(
     workerSrv: WorkerSrv,
     userSrv: UserSrv,
     authenticated: Authenticated,
     fieldsBodyParser: FieldsBodyParser,
     renderer: Renderer,
     components: ControllerComponents,
     implicit val ec: ExecutionContext,
-    implicit val mat: Materializer) extends AbstractController(components) {
+    implicit val mat: Materializer
+) extends AbstractController(components) {
 
   def find: Action[Fields] = authenticated(Roles.read).async(fieldsBodyParser) { request ⇒
-    val query = request.body.getValue("query").fold[QueryDef](QueryDSL.any)(_.as[QueryDef])
-    val range = request.body.getString("range")
-    val sort = request.body.getStrings("sort").getOrElse(Nil)
-    val isAdmin = request.roles.contains(Roles.orgAdmin)
+    val query                      = request.body.getValue("query").fold[QueryDef](QueryDSL.any)(_.as[QueryDef])
+    val range                      = request.body.getString("range")
+    val sort                       = request.body.getStrings("sort").getOrElse(Nil)
+    val isAdmin                    = request.roles.contains(Roles.orgAdmin)
     val (analyzers, analyzerTotal) = workerSrv.findAnalyzersForUser(request.userId, query, range, sort)
     renderer.toOutput(OK, analyzers.map(analyzerJson(isAdmin)), analyzerTotal)
   }
 
   def get(analyzerId: String): Action[AnyContent] = authenticated(Roles.read).async { request ⇒
     val isAdmin = request.roles.contains(Roles.orgAdmin)
-    workerSrv.getForUser(request.userId, analyzerId)
+    workerSrv
+      .getForUser(request.userId, analyzerId)
       .map(a ⇒ renderer.toOutput(OK, analyzerJson(isAdmin)(a)))
   }
 
-  private def analyzerJson(isAdmin: Boolean)(analyzer: Worker): JsObject = {
+  private def analyzerJson(isAdmin: Boolean)(analyzer: Worker): JsObject =
     if (isAdmin)
       analyzer.toJson + ("configuration" → Json.parse(analyzer.configuration())) + ("analyzerDefinitionId" → JsString(analyzer.workerDefinitionId()))
     else
       analyzer.toJson + ("analyzerDefinitionId" → JsString(analyzer.workerDefinitionId()))
-  }
 
   def listForType(dataType: String): Action[AnyContent] = authenticated(Roles.read).async { request ⇒
     import org.elastic4play.services.QueryDSL._
@@ -55,9 +56,9 @@ class AnalyzerCtrl @Inject() (
 
   def create(analyzerDefinitionId: String): Action[Fields] = authenticated(Roles.orgAdmin).async(fieldsBodyParser) { implicit request ⇒
     for {
-      organizationId ← userSrv.getOrganizationId(request.userId)
+      organizationId   ← userSrv.getOrganizationId(request.userId)
       workerDefinition ← Future.fromTry(workerSrv.getDefinition(analyzerDefinitionId))
-      analyzer ← workerSrv.create(organizationId, workerDefinition, request.body)
+      analyzer         ← workerSrv.create(organizationId, workerDefinition, request.body)
     } yield renderer.toOutput(CREATED, analyzerJson(isAdmin = false)(analyzer))
   }
 
@@ -74,14 +75,14 @@ class AnalyzerCtrl @Inject() (
   def delete(analyzerId: String): Action[AnyContent] = authenticated(Roles.orgAdmin, Roles.superAdmin).async { implicit request ⇒
     for {
       analyzer ← workerSrv.getForUser(request.userId, analyzerId)
-      _ ← workerSrv.delete(analyzer)
+      _        ← workerSrv.delete(analyzer)
     } yield NoContent
   }
 
   def update(analyzerId: String): Action[Fields] = authenticated(Roles.orgAdmin).async(fieldsBodyParser) { implicit request ⇒
     for {
-      analyzer ← workerSrv.getForUser(request.userId, analyzerId)
+      analyzer        ← workerSrv.getForUser(request.userId, analyzerId)
       updatedAnalyzer ← workerSrv.update(analyzer, request.body)
     } yield renderer.toOutput(OK, analyzerJson(isAdmin = true)(updatedAnalyzer))
   }
-}
+}

app/org/thp/cortex/controllers/AnalyzerCtrl.scala

@@ -1,9 +1,9 @@
 package org.thp.cortex.controllers
 
-import javax.inject.{ Inject, Singleton }
-import play.api.http.{ FileMimeTypes, HttpErrorHandler }
-import play.api.mvc.{ Action, AnyContent }
-import controllers.{ Assets, AssetsMetadata, ExternalAssets }
+import javax.inject.{Inject, Singleton}
+import play.api.http.{FileMimeTypes, HttpErrorHandler}
+import play.api.mvc.{Action, AnyContent}
+import controllers.{Assets, AssetsMetadata, ExternalAssets}
 import play.api.Environment
 
 import scala.concurrent.ExecutionContext
@@ -13,11 +13,13 @@ trait AssetCtrl {
 }
 
 @Singleton
-class AssetCtrlProd @Inject() (errorHandler: HttpErrorHandler, meta: AssetsMetadata) extends Assets(errorHandler, meta) with AssetCtrl {
+class AssetCtrlProd @Inject()(errorHandler: HttpErrorHandler, meta: AssetsMetadata) extends Assets(errorHandler, meta) with AssetCtrl {
   def get(file: String): Action[AnyContent] = at("/www", file)
 }
 
 @Singleton
-class AssetCtrlDev @Inject() (environment: Environment)(implicit ec: ExecutionContext, fileMimeTypes: FileMimeTypes) extends ExternalAssets(environment) with AssetCtrl {
+class AssetCtrlDev @Inject()(environment: Environment)(implicit ec: ExecutionContext, fileMimeTypes: FileMimeTypes)
+    extends ExternalAssets(environment)
+    with AssetCtrl {
   def get(file: String): Action[AnyContent] = at("www/dist", file)
-}
+}