Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tn/add project vars #934

Merged
merged 21 commits into from
Oct 2, 2023
Merged

Tn/add project vars #934

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
b446523
add global variables table
TylerNoblett Sep 25, 2023
6333911
set up global vars ui and backend
TylerNoblett Sep 26, 2023
d2d2055
add tests / test data
TylerNoblett Sep 26, 2023
c63dcdb
remove logs
TylerNoblett Sep 26, 2023
a805347
fix tests
TylerNoblett Sep 27, 2023
79a79d6
resolve TODOS
TylerNoblett Sep 27, 2023
e373ba6
add button to add new variables
TylerNoblett Sep 27, 2023
fcac94d
remove pagination
TylerNoblett Sep 27, 2023
dddddc1
change text
TylerNoblett Sep 27, 2023
cbabd0b
clean up outdated comments
TylerNoblett Sep 27, 2023
61e20c8
update copyright
TylerNoblett Sep 27, 2023
be5f371
remove ID from DTO
TylerNoblett Sep 27, 2023
f52a73c
delete unneeded permissions
TylerNoblett Sep 27, 2023
a0c1f6c
shorten name for brevity
TylerNoblett Sep 27, 2023
44c4050
shorten name for brevity lowercase
TylerNoblett Sep 27, 2023
7ecae28
add dash to match standard convention
TylerNoblett Sep 27, 2023
8cb3382
allow for longer documents
TylerNoblett Sep 28, 2023
f4a400d
remove copypasta
TylerNoblett Sep 28, 2023
cf84160
remove more copypasta
TylerNoblett Sep 28, 2023
71c9331
remove unused imports
TylerNoblett Sep 28, 2023
fd91886
remove values from main screen
TylerNoblett Oct 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 8 additions & 0 deletions backend/database/helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package database
import (
"database/sql"
"fmt"
"strings"
"time"

"github.com/ashirt-ops/ashirt-server/backend/logging"
Expand Down Expand Up @@ -160,6 +161,13 @@ func IsAlreadyExistsError(err error) bool {
return ok && mysqlErr.Number == 1062
}

// When updating a row using sq, the above function isAlreadyExistsError won't work
// (because extra text is appended to the error message)
// so this function manually checks for error code 1062
func IsAlreadyExistsErrorSq(err error) bool {
return strings.Contains(err.Error(), "1062")
}

func addDuplicatesClause(query squirrel.InsertBuilder, onDuplicates ...interface{}) (squirrel.InsertBuilder, error) {
if len(onDuplicates) == 0 {
return query, nil
Expand Down
12 changes: 12 additions & 0 deletions backend/database/seeding/helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,18 @@ func newServiceWorkerGen(first int64) func(name, config string) models.ServiceWo
}
}

func newGlobalVarGen(first int64) func(name, value string) models.GlobalVar {
id := iotaLike(first)
return func(name, value string) models.GlobalVar {
return models.GlobalVar{
ID: id(),
Value: value,
Name: name,
CreatedAt: time.Now(),
}
}
}

// associateEvidenceToTag mirrors associateTagsToEvidence. Rather than associating multiple tags
// with a single piece of evidence this will instead associate a single tag to multiple evidence.
func associateEvidenceToTag(tag models.Tag, evis ...models.Evidence) []models.TagEvidenceMap {
Expand Down
11 changes: 11 additions & 0 deletions backend/database/seeding/hp_seed_data.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,9 @@ var HarryPotterSeedData = Seeder{
ServiceWorkers: []models.ServiceWorker{
DemoServiceWorker,
},
GlobalVars: []models.GlobalVar{
VarExpelliarmus, VarAlohomora, VarAscendio, VarImperio, VarLumos, VarObliviate,
},
}

var newHPUser = newUserGen(1, func(f, l string) string { return strings.ToLower(f + "." + strings.Replace(l, " ", "", -1)) })
Expand Down Expand Up @@ -361,3 +364,11 @@ var FindingBook2Robes = newHPFinding(OpChamberOfSecrets.ID, "find-uuid-robes", n

var newHPServiceWorker = newServiceWorkerGen(1)
var DemoServiceWorker = newHPServiceWorker("Demo", `{ "type": "web", "version": 1, "url": "http://demo:3001/process" }`)

var newGlobalVar = newGlobalVarGen(1)
var VarExpelliarmus = newGlobalVar("Expelliarmus", "disarm an opponent")
var VarAlohomora = newGlobalVar("Alohomora", "unlock doors")
var VarAscendio = newGlobalVar("Ascendio", "lifts the caster high into the air")
var VarImperio = newGlobalVar("Imperio", "control another person")
var VarLumos = newGlobalVar("Lumos", "creates a narrow beam of light")
var VarObliviate = newGlobalVar("Obliviate", "erases memories")
Comment on lines +368 to +374
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

haha I'm all about 1) honoring convention and 2) referencing media franchises from my childhood in my work

10 changes: 10 additions & 0 deletions backend/database/seeding/seeder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ type Seeder struct {
EviFindingsMap []models.EvidenceFindingMap
Queries []models.Query
ServiceWorkers []models.ServiceWorker
GlobalVars []models.GlobalVar
}

// AllInitialTagIds is a (convenience) method version of the function TagIDsFromTags
Expand Down Expand Up @@ -262,6 +263,15 @@ func (seed Seeder) ApplyTo(db *database.Connection) error {
"deleted_at": seed.ServiceWorkers[i].DeletedAt,
}
})
tx.BatchInsert("global_vars", len(seed.GlobalVars), func(i int) map[string]interface{} {
return map[string]interface{}{
"id": seed.GlobalVars[i].ID,
"name": seed.GlobalVars[i].Name,
"value": seed.GlobalVars[i].Value,
"created_at": seed.GlobalVars[i].CreatedAt,
"updated_at": seed.GlobalVars[i].UpdatedAt,
}
})
})

return err
Expand Down
11 changes: 11 additions & 0 deletions backend/database/seeding/test_helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ func ClearDB(db *database.Connection) error {
tx.Delete(sq.Delete("queries"))
tx.Delete(sq.Delete("operations"))
tx.Delete(sq.Delete("service_workers"))
tx.Delete(sq.Delete("global_vars"))
})
return err
}
Expand Down Expand Up @@ -605,6 +606,16 @@ func GetFavoriteForOperation(t *testing.T, db *database.Connection, slug string,
return isFavorite
}

func GetGlobalVarFromName(t *testing.T, db *database.Connection, globalVarName string) models.GlobalVar {
var globalVar models.GlobalVar

err := db.Get(&globalVar, sq.Select("*").
From("global_vars").
Where(sq.Eq{"name": globalVarName}))
require.NoError(t, err)
return globalVar
}

type TestOptions struct {
DatabasePath *string
DatabaseName *string
Expand Down
6 changes: 6 additions & 0 deletions backend/dtos/dtos.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,3 +230,9 @@ type ActiveServiceWorker struct {
type Flags struct {
Flags []string `json:"flags"`
}

type GlobalVar struct {
ID int64 `json:"id"`
Name string `json:"name"`
Value string `json:"value"`
}
1 change: 1 addition & 0 deletions backend/dtos/gentypes/generate_typescript_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func main() {
gen(dtos.UserGroup{})
gen(dtos.UserGroupAdminView{})
gen(dtos.UserGroupOperationRole{})
gen(dtos.GlobalVar{})

// Since this file only contains typescript types, webpack doesn't pick up the
// changes unless there is some actual executable javascript referenced from
Expand Down
12 changes: 12 additions & 0 deletions backend/migrations/20230922175734-add-global-vars.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
-- +migrate Up
CREATE TABLE global_vars (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL UNIQUE,
value VARCHAR(255) NOT NULL,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is VARCHAR(255) large enough? What if* I wanted to pass an RSA key or longer document?

Maybe this isn't a huge deal for the first pass since we can grow the field later?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh that's a good point - yeah I can def change that

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed the type to TEXT - how does that sound?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just tested by adding a really long doc and the UI 'breaks' so I'll fix that as well

created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP,
PRIMARY KEY (id)
) ENGINE=INNODB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

-- +migrate Down
DROP TABLE global_vars;
9 changes: 9 additions & 0 deletions backend/models/models.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,3 +237,12 @@ type ServiceWorker struct {
UpdatedAt *time.Time `db:"updated_at"`
DeletedAt *time.Time `db:"deleted_at"`
}

// GlobalVar reflects the structure of the database table 'global_vars'
type GlobalVar struct {
ID int64 `db:"id"`
Name string `db:"name"`
Value string `db:"value"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt *time.Time `db:"updated_at"`
}
3 changes: 3 additions & 0 deletions backend/policy/permissions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,6 @@ type CanModifyUserGroupOfOperation struct {
OperationID int64
UserGroupID int64
}

type CanDeleteGlobalVar struct{ GlobalVarID int64 }
type CanModifyGlobalVar struct{ GlobalVarID int64 }
24 changes: 21 additions & 3 deletions backend/schema.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,24 @@ CREATE TABLE `findings` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Table structure for table `global_vars`
--

DROP TABLE IF EXISTS `global_vars`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `global_vars` (
`id` int NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`value` varchar(255) NOT NULL,
`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`updated_at` timestamp NULL DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Table structure for table `gorp_migrations`
--
Expand Down Expand Up @@ -490,7 +508,7 @@ CREATE TABLE `users` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2023-03-24 12:59:30
-- Dump completed on 2023-09-25 18:26:54
-- MySQL dump 10.13 Distrib 8.0.31, for Linux (aarch64)
--
-- Host: localhost Database: migrate_db
Expand All @@ -514,7 +532,7 @@ CREATE TABLE `users` (

LOCK TABLES `gorp_migrations` WRITE;
/*!40000 ALTER TABLE `gorp_migrations` DISABLE KEYS */;
INSERT INTO `gorp_migrations` VALUES ('20190705190058-create-users-table.sql','2023-03-24 12:59:29'),('20190708185420-create-operations-table.sql','2023-03-24 12:59:29'),('20190708185427-create-events-table.sql','2023-03-24 12:59:29'),('20190708185432-create-evidence-table.sql','2023-03-24 12:59:29'),('20190708185441-create-evidence-event-map-table.sql','2023-03-24 12:59:29'),('20190716190100-create-user-operation-map-table.sql','2023-03-24 12:59:29'),('20190722193434-create-tags-table.sql','2023-03-24 12:59:29'),('20190722193937-create-tag-event-map.sql','2023-03-24 12:59:29'),('20190909183500-add-short-name-to-users-table.sql','2023-03-24 12:59:29'),('20190909190416-add-short-name-index.sql','2023-03-24 12:59:29'),('20190926205116-evidence-name.sql','2023-03-24 12:59:29'),('20190930173342-add-saved-searches.sql','2023-03-24 12:59:29'),('20191001182541-evidence-tags.sql','2023-03-24 12:59:29'),('20191008005212-add-uuid-to-events-evidence.sql','2023-03-24 12:59:29'),('20191015235306-add-slug-to-operations.sql','2023-03-24 12:59:29'),('20191018172105-modular-auth.sql','2023-03-24 12:59:29'),('20191023170906-codeblock.sql','2023-03-24 12:59:29'),('20191101185207-replace-events-with-findings.sql','2023-03-24 12:59:30'),('20191114211948-add-operation-to-tags.sql','2023-03-24 12:59:30'),('20191205182830-create-api-keys-table.sql','2023-03-24 12:59:30'),('20191213222629-users-with-email.sql','2023-03-24 12:59:30'),('20200103194053-rename-short-name-to-slug.sql','2023-03-24 12:59:30'),('20200104013804-rework-ashirt-auth.sql','2023-03-24 12:59:30'),('20200116070736-add-admin-flag.sql','2023-03-24 12:59:30'),('20200130175541-fix-color-truncation.sql','2023-03-24 12:59:30'),('20200205200208-disable-user-support.sql','2023-03-24 12:59:30'),('20200215015330-optional-user-id.sql','2023-03-24 12:59:30'),('20200221195107-deletable-user.sql','2023-03-24 12:59:30'),('20200303215004-move-last-login.sql','2023-03-24 12:59:30'),('20200306221628-add-explicit-headless.sql','2023-03-24 12:59:30'),('20200331155258-finding-status.sql','2023-03-24 12:59:30'),('20200617193248-case-senitive-apikey.sql','2023-03-24 12:59:30'),('20200928160958-add-totp-secret-to-auth-table.sql','2023-03-24 12:59:30'),('20210120205510-create-email-queue-table.sql','2023-03-24 12:59:30'),('20210401220807-dynamic-categories.sql','2023-03-24 12:59:30'),('20210408212206-remove-findings-category.sql','2023-03-24 12:59:30'),('20210730170543-add-auth-type.sql','2023-03-24 12:59:30'),('20220211181557-add-default-tags.sql','2023-03-24 12:59:30'),('20220512174013-evidence-metadata.sql','2023-03-24 12:59:30'),('20220516163424-add-worker-services.sql','2023-03-24 12:59:30'),('20220811153414-webauthn-credentials.sql','2023-03-24 12:59:30'),('20220908193523-switch-to-username.sql','2023-03-24 12:59:30'),('20220912185024-add-is_favorite.sql','2023-03-24 12:59:30'),('20220916190855-remove-null-as-value-for-is_favorite.sql','2023-03-24 12:59:30'),('20221027152757-remove-operation-status.sql','2023-03-24 12:59:30'),('20221111221242-create-user-operation-preferences.sql','2023-03-24 12:59:30'),('20221121165342-add-groups.sql','2023-03-24 12:59:30'),('20221216195811-add-user-group-permissions-table.sql','2023-03-24 12:59:30'),('20230324124303-add-authn-id.sql','2023-03-24 12:59:31');
INSERT INTO `gorp_migrations` VALUES ('20190705190058-create-users-table.sql','2023-09-25 18:26:53'),('20190708185420-create-operations-table.sql','2023-09-25 18:26:53'),('20190708185427-create-events-table.sql','2023-09-25 18:26:53'),('20190708185432-create-evidence-table.sql','2023-09-25 18:26:53'),('20190708185441-create-evidence-event-map-table.sql','2023-09-25 18:26:53'),('20190716190100-create-user-operation-map-table.sql','2023-09-25 18:26:53'),('20190722193434-create-tags-table.sql','2023-09-25 18:26:53'),('20190722193937-create-tag-event-map.sql','2023-09-25 18:26:53'),('20190909183500-add-short-name-to-users-table.sql','2023-09-25 18:26:53'),('20190909190416-add-short-name-index.sql','2023-09-25 18:26:53'),('20190926205116-evidence-name.sql','2023-09-25 18:26:53'),('20190930173342-add-saved-searches.sql','2023-09-25 18:26:53'),('20191001182541-evidence-tags.sql','2023-09-25 18:26:53'),('20191008005212-add-uuid-to-events-evidence.sql','2023-09-25 18:26:53'),('20191015235306-add-slug-to-operations.sql','2023-09-25 18:26:53'),('20191018172105-modular-auth.sql','2023-09-25 18:26:53'),('20191023170906-codeblock.sql','2023-09-25 18:26:53'),('20191101185207-replace-events-with-findings.sql','2023-09-25 18:26:53'),('20191114211948-add-operation-to-tags.sql','2023-09-25 18:26:53'),('20191205182830-create-api-keys-table.sql','2023-09-25 18:26:53'),('20191213222629-users-with-email.sql','2023-09-25 18:26:53'),('20200103194053-rename-short-name-to-slug.sql','2023-09-25 18:26:53'),('20200104013804-rework-ashirt-auth.sql','2023-09-25 18:26:53'),('20200116070736-add-admin-flag.sql','2023-09-25 18:26:54'),('20200130175541-fix-color-truncation.sql','2023-09-25 18:26:54'),('20200205200208-disable-user-support.sql','2023-09-25 18:26:54'),('20200215015330-optional-user-id.sql','2023-09-25 18:26:54'),('20200221195107-deletable-user.sql','2023-09-25 18:26:54'),('20200303215004-move-last-login.sql','2023-09-25 18:26:54'),('20200306221628-add-explicit-headless.sql','2023-09-25 18:26:54'),('20200331155258-finding-status.sql','2023-09-25 18:26:54'),('20200617193248-case-senitive-apikey.sql','2023-09-25 18:26:54'),('20200928160958-add-totp-secret-to-auth-table.sql','2023-09-25 18:26:54'),('20210120205510-create-email-queue-table.sql','2023-09-25 18:26:54'),('20210401220807-dynamic-categories.sql','2023-09-25 18:26:54'),('20210408212206-remove-findings-category.sql','2023-09-25 18:26:54'),('20210730170543-add-auth-type.sql','2023-09-25 18:26:54'),('20220211181557-add-default-tags.sql','2023-09-25 18:26:54'),('20220512174013-evidence-metadata.sql','2023-09-25 18:26:54'),('20220516163424-add-worker-services.sql','2023-09-25 18:26:54'),('20220811153414-webauthn-credentials.sql','2023-09-25 18:26:54'),('20220908193523-switch-to-username.sql','2023-09-25 18:26:54'),('20220912185024-add-is_favorite.sql','2023-09-25 18:26:54'),('20220916190855-remove-null-as-value-for-is_favorite.sql','2023-09-25 18:26:54'),('20221027152757-remove-operation-status.sql','2023-09-25 18:26:54'),('20221111221242-create-user-operation-preferences.sql','2023-09-25 18:26:54'),('20221121165342-add-groups.sql','2023-09-25 18:26:54'),('20221216195811-add-user-group-permissions-table.sql','2023-09-25 18:26:54'),('20230324124303-add-authn-id.sql','2023-09-25 18:26:54'),('20230922175734-add-global-vars.sql','2023-09-25 18:26:54');
/*!40000 ALTER TABLE `gorp_migrations` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
Expand All @@ -527,4 +545,4 @@ UNLOCK TABLES;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2023-03-24 12:59:30
-- Dump completed on 2023-09-25 18:26:54
38 changes: 38 additions & 0 deletions backend/server/web.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -987,4 +987,42 @@ func bindServiceWorkerRoutes(r chi.Router, db *database.Connection) {
}
return nil, services.SetFavoriteOperation(r.Context(), db, i)
}))

route(r, "GET", "/globalvars", jsonHandler(func(r *http.Request) (interface{}, error) {
return services.ListGlobalVars(r.Context(), db)
}))

route(r, "POST", "/globalvars", jsonHandler(func(r *http.Request) (interface{}, error) {
dr := dissectJSONRequest(r)
i := services.CreateGlobalVarInput{
Name: dr.FromBody("name").Required().AsString(),
Value: dr.FromBody("value").AsString(),
}
if dr.Error != nil {
return nil, dr.Error
}
return services.CreateGlobalVar(r.Context(), db, i)
}))

route(r, "PUT", "/globalvars/{name}", jsonHandler(func(r *http.Request) (interface{}, error) {
dr := dissectJSONRequest(r)
i := services.UpdateGlobalVarInput{
GlobalVarName: dr.FromURL("name").Required().AsString(),
Value: dr.FromBody("value").AsString(),
NewName: dr.FromBody("newName").AsString(),
}
if dr.Error != nil {
return nil, dr.Error
}
return nil, services.UpdateGlobalVar(r.Context(), db, i)
}))

route(r, "DELETE", "/globalvars/{name}", jsonHandler(func(r *http.Request) (interface{}, error) {
dr := dissectJSONRequest(r)
name := dr.FromURL("name").Required().AsString()
if dr.Error != nil {
return nil, dr.Error
}
return nil, services.DeleteGlobalVar(r.Context(), db, name)
}))
}