dfir-iris · whikernel · Jun 18, 2024 · May 15, 2024 · May 15, 2024 · May 15, 2024
diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py
@@ -16,8 +16,6 @@
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-from base64 import b64decode
-
 from graphene_sqlalchemy import SQLAlchemyObjectType
 from graphene_sqlalchemy import SQLAlchemyConnectionField
 from graphene.relay import Node
@@ -29,42 +27,31 @@
 from graphene import Float
 from graphene import String
 
+from app.business.iocs import build_filter_case_ioc_query
 from app.models.cases import Cases
-from app.blueprints.graphql.iocs import IOCObject
 from app.business.cases import create
 from app.business.cases import delete
 from app.business.cases import update
 
 from app.blueprints.graphql.iocs import IOCConnection
-from app.blueprints.graphql.sliced_result import SlicedResult
 
 
 class CaseObject(SQLAlchemyObjectType):
     class Meta:
         model = Cases
         interfaces = [Node]
 
-    # TODO add filters
-    iocs = SQLAlchemyConnectionField(IOCConnection)
+    iocs = SQLAlchemyConnectionField(IOCConnection, ioc_id=Int(), ioc_uuid=String(), ioc_value=String(), ioc_type_id=Int(),
+                                     ioc_description=String(), ioc_tlp_id=Int(), ioc_tags=String(), ioc_misp=String(),
+                                     user_id=Float(), Linked_cases=Float())
 
     @staticmethod
-    def resolve_iocs(root, info, **kwargs):
-        query = IOCObject.get_query(info)
-        total = query.count()
-
-        first = kwargs.get('first')
-        if not first:
-            first = total
-
-        if kwargs.get('after'):
-            after = kwargs.get('after')
-            decode_after = b64decode(after)
-            start = int(decode_after[16:].decode())
-            start += 1
-        else:
-            start = 0
-        query_slice = query.slice(start, start + first).all()
-        return SlicedResult(query_slice, start, total)
+    def resolve_iocs(root, info, ioc_id=None, ioc_uuid=None, ioc_value=None, ioc_type_id=None, ioc_description=None, ioc_tlp_id=None, ioc_tags=None,
+                     ioc_misp=None, user_id=None, Linked_cases=None, **kwargs):
+        return build_filter_case_ioc_query(ioc_id=ioc_id, ioc_uuid=ioc_uuid, ioc_value=ioc_value,
+                                           ioc_type_id=ioc_type_id, ioc_description=ioc_description,
+                                           ioc_tlp_id=ioc_tlp_id, ioc_tags=ioc_tags, ioc_misp=ioc_misp,
+                                           user_id=user_id, linked_cases=Linked_cases)
 
 
 class CaseConnection(Connection):

diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py
@@ -21,6 +21,7 @@
 from flask import request
 from flask_wtf import FlaskForm
 from flask import Blueprint
+from flask_login import current_user
 
 from graphql_server.flask import GraphQLView
 from graphene import ObjectType
@@ -52,28 +53,19 @@
 class Query(ObjectType):
     """This is the IRIS GraphQL queries documentation!"""
 
-    cases = SQLAlchemyConnectionField(CaseConnection, classificationId=Float(), clientId=Float(), stateId=Int(),
-                                      ownerId=Float(), openDate=String(), name=String(), socId=String(),
-                                      severityId=Int())
+    cases = SQLAlchemyConnectionField(CaseConnection, classification_id=Float(), client_id=Float(), state_id=Int(),
+                                      owner_id=Float(), open_date=String(), name=String(), soc_id=String(),
+                                      severity_id=Int(), tags=String(), open_since=Int())
     case = Field(CaseObject, case_id=Float(), description='Retrieve a case by its identifier')
     ioc = Field(IOCObject, ioc_id=Float(), description='Retrieve an ioc by its identifier')
 
     @staticmethod
-    def resolve_cases(root, info, **kwargs):
-        case_classification_id = kwargs.get('classificationId')
-        case_client_id = kwargs.get('clientId')
-        case_state_id = kwargs.get('stateId')
-        case_owner_id = kwargs.get('ownerId')
-        start_open_date = kwargs.get('openDate')
-        case_name = kwargs.get('name')
-        case_soc_id = kwargs.get('socId')
-        case_severity_id = kwargs.get('severityId')
-        filtered_cases = build_filter_case_query(current_user_id=1, case_classification_id=case_classification_id,
-                                                 case_customer_id=case_client_id, case_state_id=case_state_id,
-                                                 case_owner_id=case_owner_id,  start_open_date=start_open_date,
-                                                 case_name=case_name, case_soc_id=case_soc_id,
-                                                 case_severity_id=case_severity_id)
-        return filtered_cases
+    def resolve_cases(root, info, classification_id=None, client_id=None, state_id=None, owner_id=None, open_date=None, name=None, soc_id=None,
+                      severity_id=None, tags=None, open_since=None, **kwargs):
+        return build_filter_case_query(current_user.id, start_open_date=open_date, end_open_date=None, case_customer_id=client_id, case_ids=None,
+                                       case_name=name, case_description=None, case_classification_id=classification_id, case_owner_id=owner_id,
+                                       case_opening_user_id=None, case_severity_id=severity_id, case_state_id=state_id, case_soc_id=soc_id,
+                                       case_tags=tags, case_open_since=open_since)
 
     @staticmethod
     def resolve_case(root, info, case_id):

diff --git a/source/app/blueprints/graphql/iocs.py b/source/app/blueprints/graphql/iocs.py
@@ -79,11 +79,11 @@ def mutate(root, info, case_id, type_id, tlp_id, value, description=None, tags=N
 class IOCUpdate(Mutation):
 
     class Arguments:
-        ioc_id = Float()
-        case_id = Float()
-        type_id = NonNull(Int)
-        tlp_id = NonNull(Int)
-        value = NonNull(String)
+        ioc_id = NonNull(Float)
+        case_id = NonNull(Float)
+        type_id = Int()
+        tlp_id = Int()
+        value = String()
         description = String()
         tags = String()
         ioc_misp = String()
@@ -95,12 +95,15 @@ class Arguments:
     ioc = Field(IOCObject)
 
     @staticmethod
-    def mutate(root, info, type_id, tlp_id, value, ioc_id=None, case_id=None, description=None, tags=None, ioc_misp=None, user_id=None, ioc_enrichment=None, modification_history=None):
-        request = {
-            'ioc_type_id': type_id,
-            'ioc_tlp_id': tlp_id,
-            'ioc_value': value
-        }
+    def mutate(root, info, ioc_id, case_id, type_id=None, tlp_id=None, value=None, description=None, tags=None,
+               ioc_misp=None, user_id=None, ioc_enrichment=None, modification_history=None):
+        request = {}
+        if type_id:
+            request['ioc_type_id'] = type_id
+        if tlp_id:
+            request['ioc_tlp_id'] = tlp_id
+        if value:
+            request['ioc_value'] = value
         if description:
             request['ioc_description'] = description
         if tags:

diff --git a/source/app/blueprints/#/#_routes.py b/source/app/blueprints/#/#_routes.py
@@ -139,22 +139,21 @@ def login():
 
 def wrap_login_user(user):
 
+    session['username'] = user.user
+
     if 'SERVER_SETTINGS' not in app.config:
         app.config['SERVER_SETTINGS'] = get_server_settings_as_dict()
 
     if app.config['SERVER_SETTINGS']['enforce_mfa']:
         if "mfa_verified" not in session or session["mfa_verified"] is False:
             return redirect(url_for('mfa_verify'))
 
-    print(session)
     login_user(user)
 
 
     #regenerate_session()
     #print(session)
 
-    session['username'] = user.user
-
     caseid = user.ctx_case
     session['permissions'] = ac_get_effective_permissions_of_user(user)
 
@@ -185,31 +184,26 @@ def wrap_login_user(user):
 
 
 @app.route('/auth/mfa-setup', methods=['GET', 'POST'])
-@login_required
 def mfa_setup():
-    user = current_user
+    user = _retrieve_user_by_username(username=session['username'])
     form = MFASetupForm()
 
-    if user.mfa_setup_complete:
-        return redirect(url_for('dashboard'))
-
     if form.submit() and form.validate():
-        # if not user.mfa_secrets:
-        #     user.mfa_secrets = pyotp.random_base32()
-        #     db.session.commit()
 
         token = form.token.data
         mfa_secret = form.mfa_secret.data
+        user_password = form.user_password.data
         totp = pyotp.TOTP(mfa_secret)
-        if totp.verify(token):
+        if totp.verify(token) and bc.check_password_hash(user.password, user_password):
             user.mfa_secrets = mfa_secret
             user.mfa_setup_complete = True
             db.session.commit()
             session["mfa_verified"] = False
-            track_activity(f'MFA setup successful for user {current_user.user}', ctx_less=True, display_in_ui=False)
+            track_activity(f'MFA setup successful for user {user.user}', ctx_less=True, display_in_ui=False)
             return wrap_login_user(user)
         else:
-            flash('Invalid token. Please try again.', 'danger')
+            track_activity(f'Failed MFA setup for user {user.user}. Invalid token.', ctx_less=True, display_in_ui=False)
+            flash('Invalid token or password. Please try again.', 'danger')
 
     temp_otp_secret = pyotp.random_base32()
     otp_uri = pyotp.TOTP(temp_otp_secret).provisioning_uri(user.email, issuer_name="IRIS")
@@ -219,22 +213,25 @@ def mfa_setup():
     img.save(buf, format='PNG')
     img_str = base64.b64encode(buf.getvalue()).decode()
 
-    return render_template('mfa_setup.html', form=form, img_data=img_str, otp_setup_key=user.mfa_secrets)
+    return render_template('mfa_setup.html', form=form, img_data=img_str, otp_setup_key=temp_otp_secret)
 
 
 @app.route('/auth/mfa-verify', methods=['GET', 'POST'])
 def mfa_verify():
     if 'username' not in session:
+
         return redirect(url_for('login.login'))
 
     user = _retrieve_user_by_username(username=session['username'])
 
     # Redirect user to MFA setup if MFA is not fully set up
     if not user.mfa_secrets or not user.mfa_setup_complete:
-        flash('MFA setup is required before verification.', 'warning')
+        track_activity(f'MFA setup required for user {user.user}', ctx_less=True, display_in_ui=False)
         return redirect(url_for('mfa_setup'))
 
     form = MFASetupForm()
+    form.user_password.data = 'not required for verification'
+
     if form.submit() and form.validate():
         token = form.token.data
         if not token:
@@ -245,8 +242,10 @@ def mfa_verify():
         if totp.verify(token):
             session.pop('username', None)
             session['mfa_verified'] = True
+            track_activity(f'MFA verification successful for user {user.user}', ctx_less=True, display_in_ui=False)
             return wrap_login_user(user)
         else:
+            track_activity(f'Failed MFA verification for user {user.user}. Invalid token.', ctx_less=True, display_in_ui=False)
             flash('Invalid token. Please try again.', 'danger')
 
     return render_template('mfa_verify.html', form=form)
diff --git a/source/app/blueprints/#/templates/mfa_setup.html b/source/app/blueprints/#/templates/mfa_setup.html
@@ -26,7 +26,7 @@ <h1 class="text-white mb-3">Setup MFA</h1>
             <div class=" col-xs-12 col-md-4">
                 <div class="d-flex flex-column justify-content-center align-items-center" style="height: 100%;">
                     <h3 class="login__form_title">Your organisation requires to setup MFA</h3>
-                    <p>Scan the QR code with your authenticator app and enter the token.</p>
+                    <p>Scan the QR code with your authenticator app and enter the token and your password.</p>
                       <form method="POST" action="">
                         <div class="col-md-12 col-lg-12 col-sm-12">
                           <div class="form-row ml-2">
@@ -35,6 +35,9 @@ <h3 class="login__form_title">Your organisation requires to setup MFA</h3>
                                 {{ form.mfa_secret(size=32, class="hidden", style="display:None;") }}
                                 <label for="token">Token</label>
                                 {{ form.token(size=32, class="form-control") }}
+
+                                <label for="token">Password</label>
+                                {{ form.user_password(class="form-control") }}
                             </div>
                           </div>
                           <div class="form-row ml-2">

diff --git a/source/app/blueprints/manage/manage_srv_settings_routes.py b/source/app/blueprints/manage/manage_srv_settings_routes.py
@@ -122,7 +122,6 @@ def manage_update_settings():
     try:
 
         original_settings = srv_settings_schema.dump(server_settings)
-
         new_settings = request.get_json()
 
         differences = list(diff(original_settings, new_settings))

diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py
@@ -20,6 +20,7 @@
 from marshmallow.exceptions import ValidationError
 
 from app import db
+from app.models import Ioc, IocLink
 from app.models.authorization import CaseAccessLevel
 from app.datamgmt.case.case_iocs_db import add_ioc
 from app.datamgmt.case.case_iocs_db import add_ioc_link
@@ -85,7 +86,7 @@ def update(identifier, request_json, case_identifier):
     check_current_user_has_some_case_access_stricter([CaseAccessLevel.full_access])
 
     try:
-        ioc = get_ioc(identifier, case_identifier)
+        ioc = get_ioc(identifier, caseid=case_identifier)
         if not ioc:
             raise BusinessProcessingError('Invalid IOC ID for this case')
 
@@ -96,13 +97,13 @@ def update(identifier, request_json, case_identifier):
         # validate before saving
         ioc_schema = IocSchema()
         request_data['ioc_id'] = identifier
-        ioc_sc = ioc_schema.load(request_data, instance=ioc)
+        ioc_sc = ioc_schema.load(request_data, instance=ioc, partial=True)
         ioc_sc.user_id = current_user.id
 
         if not check_ioc_type_id(type_id=ioc_sc.ioc_type_id):
             raise BusinessProcessingError('Not a valid IOC type')
 
-        update_ioc_state(caseid=case_identifier)
+        update_ioc_state(case_identifier)
         db.session.commit()
 
         ioc_sc = call_modules_hook('on_postload_ioc_update', data=ioc_sc, caseid=case_identifier)
@@ -141,3 +142,45 @@ def get_iocs(case_identifier):
     check_current_user_has_some_case_access_stricter([CaseAccessLevel.read_only, CaseAccessLevel.full_access])
 
     return get_iocs_by_case(case_identifier)
+
+
+def build_filter_case_ioc_query(ioc_id: int = None,
+                                ioc_uuid: str = None,
+                                ioc_value: str = None,
+                                ioc_type_id: int = None,
+                                ioc_description: str = None,
+                                ioc_tlp_id: int = None,
+                                ioc_tags: str = None,
+                                ioc_misp: str = None,
+                                user_id: float = None,
+                                linked_cases: float = None
+                                ):
+    """
+    Get a list of iocs from the database, filtered by the given parameters
+    """
+    conditions = []
+    if ioc_id is not None:
+        conditions.append(Ioc.ioc_id == ioc_id)
+    if ioc_uuid is not None:
+        conditions.append(Ioc.ioc_uuid == ioc_uuid)
+    if ioc_value is not None:
+        conditions.append(Ioc.ioc_value == ioc_value)
+    if ioc_type_id is not None:
+        conditions.append(Ioc.ioc_type_id == ioc_type_id)
+    if ioc_description is not None:
+        conditions.append(Ioc.ioc_description == ioc_description)
+    if ioc_tlp_id is not None:
+        conditions.append(Ioc.ioc_tlp_id == ioc_tlp_id)
+    if ioc_tags is not None:
+        conditions.append(Ioc.ioc_tags == ioc_tags)
+    if ioc_misp is not None:
+        conditions.append(Ioc.ioc_misp == ioc_misp)
+    if user_id is not None:
+        conditions.append(Ioc.user_id == user_id)
+
+    query = Ioc.query.filter(*conditions)
+
+    if linked_cases is not None:
+        return query.join(IocLink, Ioc.ioc_id == IocLink.ioc_id).filter(IocLink.case_id == linked_cases)
+
+    return query
diff --git a/source/app/configuration.py b/source/app/configuration.py
@@ -291,7 +291,7 @@ class Config:
     PERMANENT_SESSION_LIFETIME = timedelta(minutes=config.load('IRIS', 'SESSION_TIMEOUT', fallback=1440))
     SESSION_COOKIE_SAMESITE = 'Lax'
     SESSION_COOKIE_SECURE = True
-    MFA_ENABLED = config.load('IRIS', 'MFA_ENABLED', fallback=False)
+    MFA_ENABLED = config.load('IRIS', 'MFA_ENABLED', fallback=False) == 'True'
 
     PG_ACCOUNT = PG_ACCOUNT_
     PG_PASSWD = PG_PASSWD_
-Original file line number
+Diff line change
@@ Expand Up / @@ -122,7 +122,6 @@ def manage_update_settings(): @@
         try:
             original_settings = srv_settings_schema.dump(server_settings)
             new_settings = request.get_json()
             differences = list(diff(original_settings, new_settings))
@@ Expand Down @@