Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tn/add project vars #934

Merged
merged 21 commits into from
Oct 2, 2023
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions backend/database/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package database
import (
"database/sql"
"fmt"
"strings"
"time"

"github.com/ashirt-ops/ashirt-server/backend/logging"
Expand Down Expand Up @@ -160,6 +161,13 @@ func IsAlreadyExistsError(err error) bool {
return ok && mysqlErr.Number == 1062
}

// When updating a row using sq, the above function isAlreadyExistsError won't work
// (because extra text is appended to the error message)
// so this function manually checks for error code 1062
func IsAlreadyExistsErrorSq(err error) bool {
return strings.Contains(err.Error(), "1062")
}

func addDuplicatesClause(query squirrel.InsertBuilder, onDuplicates ...interface{}) (squirrel.InsertBuilder, error) {
if len(onDuplicates) == 0 {
return query, nil
Expand Down
12 changes: 12 additions & 0 deletions backend/database/seeding/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,18 @@ func newServiceWorkerGen(first int64) func(name, config string) models.ServiceWo
}
}

func newGlobalVarGen(first int64) func(name, value string) models.GlobalVar {
id := iotaLike(first)
return func(name, value string) models.GlobalVar {
return models.GlobalVar{
ID: id(),
Value: value,
Name: name,
CreatedAt: time.Now(),
}
}
}

// associateEvidenceToTag mirrors associateTagsToEvidence. Rather than associating multiple tags
// with a single piece of evidence this will instead associate a single tag to multiple evidence.
func associateEvidenceToTag(tag models.Tag, evis ...models.Evidence) []models.TagEvidenceMap {
Expand Down
11 changes: 11 additions & 0 deletions backend/database/seeding/hp_seed_data.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,9 @@ var HarryPotterSeedData = Seeder{
ServiceWorkers: []models.ServiceWorker{
DemoServiceWorker,
},
GlobalVars: []models.GlobalVar{
VarExpelliarmus, VarAlohomora, VarAscendio, VarImperio, VarLumos, VarObliviate,
},
}

var newHPUser = newUserGen(1, func(f, l string) string { return strings.ToLower(f + "." + strings.Replace(l, " ", "", -1)) })
Expand Down Expand Up @@ -361,3 +364,11 @@ var FindingBook2Robes = newHPFinding(OpChamberOfSecrets.ID, "find-uuid-robes", n

var newHPServiceWorker = newServiceWorkerGen(1)
var DemoServiceWorker = newHPServiceWorker("Demo", `{ "type": "web", "version": 1, "url": "http://demo:3001/process" }`)

var newGlobalVar = newGlobalVarGen(1)
var VarExpelliarmus = newGlobalVar("Expelliarmus", "disarm an opponent")
var VarAlohomora = newGlobalVar("Alohomora", "unlock doors")
var VarAscendio = newGlobalVar("Ascendio", "lifts the caster high into the air")
var VarImperio = newGlobalVar("Imperio", "control another person")
var VarLumos = newGlobalVar("Lumos", "creates a narrow beam of light")
var VarObliviate = newGlobalVar("Obliviate", "erases memories")
Comment on lines +368 to +374
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

haha I'm all about 1) honoring convention and 2) referencing media franchises from my childhood in my work

10 changes: 10 additions & 0 deletions backend/database/seeding/seeder.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ type Seeder struct {
EviFindingsMap []models.EvidenceFindingMap
Queries []models.Query
ServiceWorkers []models.ServiceWorker
GlobalVars []models.GlobalVar
}

// AllInitialTagIds is a (convenience) method version of the function TagIDsFromTags
Expand Down Expand Up @@ -262,6 +263,15 @@ func (seed Seeder) ApplyTo(db *database.Connection) error {
"deleted_at": seed.ServiceWorkers[i].DeletedAt,
}
})
tx.BatchInsert("global_vars", len(seed.GlobalVars), func(i int) map[string]interface{} {
return map[string]interface{}{
"id": seed.GlobalVars[i].ID,
"name": seed.GlobalVars[i].Name,
"value": seed.GlobalVars[i].Value,
"created_at": seed.GlobalVars[i].CreatedAt,
"updated_at": seed.GlobalVars[i].UpdatedAt,
}
})
})

return err
Expand Down
11 changes: 11 additions & 0 deletions backend/database/seeding/test_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ func ClearDB(db *database.Connection) error {
tx.Delete(sq.Delete("queries"))
tx.Delete(sq.Delete("operations"))
tx.Delete(sq.Delete("service_workers"))
tx.Delete(sq.Delete("global_vars"))
})
return err
}
Expand Down Expand Up @@ -605,6 +606,16 @@ func GetFavoriteForOperation(t *testing.T, db *database.Connection, slug string,
return isFavorite
}

func GetGlobalVarFromName(t *testing.T, db *database.Connection, globalVarName string) models.GlobalVar {
var globalVar models.GlobalVar

err := db.Get(&globalVar, sq.Select("*").
From("global_vars").
Where(sq.Eq{"name": globalVarName}))
require.NoError(t, err)
return globalVar
}

type TestOptions struct {
DatabasePath *string
DatabaseName *string
Expand Down
6 changes: 6 additions & 0 deletions backend/dtos/dtos.go
Original file line number Diff line number Diff line change
Expand Up @@ -230,3 +230,9 @@ type ActiveServiceWorker struct {
type Flags struct {
Flags []string `json:"flags"`
}

type GlobalVar struct {
ID int64 `json:"id"`
Name string `json:"name"`
Value string `json:"value"`
}
1 change: 1 addition & 0 deletions backend/dtos/gentypes/generate_typescript_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func main() {
gen(dtos.UserGroup{})
gen(dtos.UserGroupAdminView{})
gen(dtos.UserGroupOperationRole{})
gen(dtos.GlobalVar{})

// Since this file only contains typescript types, webpack doesn't pick up the
// changes unless there is some actual executable javascript referenced from
Expand Down
12 changes: 12 additions & 0 deletions backend/migrations/20230922175734-add-global-vars.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
-- +migrate Up
CREATE TABLE global_vars (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL UNIQUE,
value VARCHAR(255) NOT NULL,
Copy link
Contributor

@jkennedyvz jkennedyvz Sep 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is VARCHAR(255) large enough? What if* I wanted to pass an RSA key or longer document?

Maybe this isn't a huge deal for the first pass since we can grow the field later?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh that's a good point - yeah I can def change that

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed the type to TEXT - how does that sound?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just tested by adding a really long doc and the UI 'breaks' so I'll fix that as well

created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP,
PRIMARY KEY (id)
) ENGINE=INNODB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

-- +migrate Down
DROP TABLE global_vars;
9 changes: 9 additions & 0 deletions backend/models/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -237,3 +237,12 @@ type ServiceWorker struct {
UpdatedAt *time.Time `db:"updated_at"`
DeletedAt *time.Time `db:"deleted_at"`
}

// GlobalVar reflects the structure of the database table 'global_vars'
type GlobalVar struct {
ID int64 `db:"id"`
Name string `db:"name"`
Value string `db:"value"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt *time.Time `db:"updated_at"`
}
3 changes: 3 additions & 0 deletions backend/policy/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,6 @@ type CanModifyUserGroupOfOperation struct {
OperationID int64
UserGroupID int64
}

type CanDeleteGlobalVar struct{ GlobalVarID int64 }
type CanModifyGlobalVar struct{ GlobalVarID int64 }
24 changes: 21 additions & 3 deletions backend/schema.sql
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,24 @@ CREATE TABLE `findings` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Table structure for table `global_vars`
--

DROP TABLE IF EXISTS `global_vars`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `global_vars` (
`id` int NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`value` varchar(255) NOT NULL,
`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`updated_at` timestamp NULL DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Table structure for table `gorp_migrations`
--
Expand Down Expand Up @@ -490,7 +508,7 @@ CREATE TABLE `users` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2023-03-24 12:59:30
-- Dump completed on 2023-09-25 18:26:54
-- MySQL dump 10.13 Distrib 8.0.31, for Linux (aarch64)
--
-- Host: localhost Database: migrate_db
Expand All @@ -514,7 +532,7 @@ CREATE TABLE `users` (

LOCK TABLES `gorp_migrations` WRITE;
/*!40000 ALTER TABLE `gorp_migrations` DISABLE KEYS */;
INSERT INTO `gorp_migrations` VALUES ('20190705190058-create-users-table.sql','2023-03-24 12:59:29'),('20190708185420-create-operations-table.sql','2023-03-24 12:59:29'),('20190708185427-create-events-table.sql','2023-03-24 12:59:29'),('20190708185432-create-evidence-table.sql','2023-03-24 12:59:29'),('20190708185441-create-evidence-event-map-table.sql','2023-03-24 12:59:29'),('20190716190100-create-user-operation-map-table.sql','2023-03-24 12:59:29'),('20190722193434-create-tags-table.sql','2023-03-24 12:59:29'),('20190722193937-create-tag-event-map.sql','2023-03-24 12:59:29'),('20190909183500-add-short-name-to-users-table.sql','2023-03-24 12:59:29'),('20190909190416-add-short-name-index.sql','2023-03-24 12:59:29'),('20190926205116-evidence-name.sql','2023-03-24 12:59:29'),('20190930173342-add-saved-searches.sql','2023-03-24 12:59:29'),('20191001182541-evidence-tags.sql','2023-03-24 12:59:29'),('20191008005212-add-uuid-to-events-evidence.sql','2023-03-24 12:59:29'),('20191015235306-add-slug-to-operations.sql','2023-03-24 12:59:29'),('20191018172105-modular-auth.sql','2023-03-24 12:59:29'),('20191023170906-codeblock.sql','2023-03-24 12:59:29'),('20191101185207-replace-events-with-findings.sql','2023-03-24 12:59:30'),('20191114211948-add-operation-to-tags.sql','2023-03-24 12:59:30'),('20191205182830-create-api-keys-table.sql','2023-03-24 12:59:30'),('20191213222629-users-with-email.sql','2023-03-24 12:59:30'),('20200103194053-rename-short-name-to-slug.sql','2023-03-24 12:59:30'),('20200104013804-rework-ashirt-auth.sql','2023-03-24 12:59:30'),('20200116070736-add-admin-flag.sql','2023-03-24 12:59:30'),('20200130175541-fix-color-truncation.sql','2023-03-24 12:59:30'),('20200205200208-disable-user-support.sql','2023-03-24 12:59:30'),('20200215015330-optional-user-id.sql','2023-03-24 12:59:30'),('20200221195107-deletable-user.sql','2023-03-24 12:59:30'),('20200303215004-move-last-login.sql','2023-03-24 12:59:30'),('20200306221628-add-explicit-headless.sql','2023-03-24 12:59:30'),('20200331155258-finding-status.sql','2023-03-24 12:59:30'),('20200617193248-case-senitive-apikey.sql','2023-03-24 12:59:30'),('20200928160958-add-totp-secret-to-auth-table.sql','2023-03-24 12:59:30'),('20210120205510-create-email-queue-table.sql','2023-03-24 12:59:30'),('20210401220807-dynamic-categories.sql','2023-03-24 12:59:30'),('20210408212206-remove-findings-category.sql','2023-03-24 12:59:30'),('20210730170543-add-auth-type.sql','2023-03-24 12:59:30'),('20220211181557-add-default-tags.sql','2023-03-24 12:59:30'),('20220512174013-evidence-metadata.sql','2023-03-24 12:59:30'),('20220516163424-add-worker-services.sql','2023-03-24 12:59:30'),('20220811153414-webauthn-credentials.sql','2023-03-24 12:59:30'),('20220908193523-switch-to-username.sql','2023-03-24 12:59:30'),('20220912185024-add-is_favorite.sql','2023-03-24 12:59:30'),('20220916190855-remove-null-as-value-for-is_favorite.sql','2023-03-24 12:59:30'),('20221027152757-remove-operation-status.sql','2023-03-24 12:59:30'),('20221111221242-create-user-operation-preferences.sql','2023-03-24 12:59:30'),('20221121165342-add-groups.sql','2023-03-24 12:59:30'),('20221216195811-add-user-group-permissions-table.sql','2023-03-24 12:59:30'),('20230324124303-add-authn-id.sql','2023-03-24 12:59:31');
INSERT INTO `gorp_migrations` VALUES ('20190705190058-create-users-table.sql','2023-09-25 18:26:53'),('20190708185420-create-operations-table.sql','2023-09-25 18:26:53'),('20190708185427-create-events-table.sql','2023-09-25 18:26:53'),('20190708185432-create-evidence-table.sql','2023-09-25 18:26:53'),('20190708185441-create-evidence-event-map-table.sql','2023-09-25 18:26:53'),('20190716190100-create-user-operation-map-table.sql','2023-09-25 18:26:53'),('20190722193434-create-tags-table.sql','2023-09-25 18:26:53'),('20190722193937-create-tag-event-map.sql','2023-09-25 18:26:53'),('20190909183500-add-short-name-to-users-table.sql','2023-09-25 18:26:53'),('20190909190416-add-short-name-index.sql','2023-09-25 18:26:53'),('20190926205116-evidence-name.sql','2023-09-25 18:26:53'),('20190930173342-add-saved-searches.sql','2023-09-25 18:26:53'),('20191001182541-evidence-tags.sql','2023-09-25 18:26:53'),('20191008005212-add-uuid-to-events-evidence.sql','2023-09-25 18:26:53'),('20191015235306-add-slug-to-operations.sql','2023-09-25 18:26:53'),('20191018172105-modular-auth.sql','2023-09-25 18:26:53'),('20191023170906-codeblock.sql','2023-09-25 18:26:53'),('20191101185207-replace-events-with-findings.sql','2023-09-25 18:26:53'),('20191114211948-add-operation-to-tags.sql','2023-09-25 18:26:53'),('20191205182830-create-api-keys-table.sql','2023-09-25 18:26:53'),('20191213222629-users-with-email.sql','2023-09-25 18:26:53'),('20200103194053-rename-short-name-to-slug.sql','2023-09-25 18:26:53'),('20200104013804-rework-ashirt-auth.sql','2023-09-25 18:26:53'),('20200116070736-add-admin-flag.sql','2023-09-25 18:26:54'),('20200130175541-fix-color-truncation.sql','2023-09-25 18:26:54'),('20200205200208-disable-user-support.sql','2023-09-25 18:26:54'),('20200215015330-optional-user-id.sql','2023-09-25 18:26:54'),('20200221195107-deletable-user.sql','2023-09-25 18:26:54'),('20200303215004-move-last-login.sql','2023-09-25 18:26:54'),('20200306221628-add-explicit-headless.sql','2023-09-25 18:26:54'),('20200331155258-finding-status.sql','2023-09-25 18:26:54'),('20200617193248-case-senitive-apikey.sql','2023-09-25 18:26:54'),('20200928160958-add-totp-secret-to-auth-table.sql','2023-09-25 18:26:54'),('20210120205510-create-email-queue-table.sql','2023-09-25 18:26:54'),('20210401220807-dynamic-categories.sql','2023-09-25 18:26:54'),('20210408212206-remove-findings-category.sql','2023-09-25 18:26:54'),('20210730170543-add-auth-type.sql','2023-09-25 18:26:54'),('20220211181557-add-default-tags.sql','2023-09-25 18:26:54'),('20220512174013-evidence-metadata.sql','2023-09-25 18:26:54'),('20220516163424-add-worker-services.sql','2023-09-25 18:26:54'),('20220811153414-webauthn-credentials.sql','2023-09-25 18:26:54'),('20220908193523-switch-to-username.sql','2023-09-25 18:26:54'),('20220912185024-add-is_favorite.sql','2023-09-25 18:26:54'),('20220916190855-remove-null-as-value-for-is_favorite.sql','2023-09-25 18:26:54'),('20221027152757-remove-operation-status.sql','2023-09-25 18:26:54'),('20221111221242-create-user-operation-preferences.sql','2023-09-25 18:26:54'),('20221121165342-add-groups.sql','2023-09-25 18:26:54'),('20221216195811-add-user-group-permissions-table.sql','2023-09-25 18:26:54'),('20230324124303-add-authn-id.sql','2023-09-25 18:26:54'),('20230922175734-add-global-vars.sql','2023-09-25 18:26:54');
/*!40000 ALTER TABLE `gorp_migrations` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
Expand All @@ -527,4 +545,4 @@ UNLOCK TABLES;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2023-03-24 12:59:30
-- Dump completed on 2023-09-25 18:26:54
38 changes: 38 additions & 0 deletions backend/server/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -987,4 +987,42 @@ func bindServiceWorkerRoutes(r chi.Router, db *database.Connection) {
}
return nil, services.SetFavoriteOperation(r.Context(), db, i)
}))

route(r, "GET", "/globalvars", jsonHandler(func(r *http.Request) (interface{}, error) {
return services.ListGlobalVars(r.Context(), db)
}))

route(r, "POST", "/globalvars", jsonHandler(func(r *http.Request) (interface{}, error) {
dr := dissectJSONRequest(r)
i := services.CreateGlobalVarInput{
Name: dr.FromBody("name").Required().AsString(),
Value: dr.FromBody("value").AsString(),
}
if dr.Error != nil {
return nil, dr.Error
}
return services.CreateGlobalVar(r.Context(), db, i)
}))

route(r, "PUT", "/globalvars/{name}", jsonHandler(func(r *http.Request) (interface{}, error) {
dr := dissectJSONRequest(r)
i := services.UpdateGlobalVarInput{
GlobalVarName: dr.FromURL("name").Required().AsString(),
Value: dr.FromBody("value").AsString(),
NewName: dr.FromBody("newName").AsString(),
}
if dr.Error != nil {
return nil, dr.Error
}
return nil, services.UpdateGlobalVar(r.Context(), db, i)
}))

route(r, "DELETE", "/globalvars/{name}", jsonHandler(func(r *http.Request) (interface{}, error) {
dr := dissectJSONRequest(r)
name := dr.FromURL("name").Required().AsString()
if dr.Error != nil {
return nil, dr.Error
}
return nil, services.DeleteGlobalVar(r.Context(), db, name)
}))
}
Loading
Loading