Merge branch 'hotfix/4.1.15'

Author: To-om

.drone.yml

@@ -33,6 +33,9 @@ steps:
         nvm install 14
         npm install -g bower grunt
         sbt -Duser.home=$PWD test:compile test Universal/packageBin
+    when:
+      event:
+        exclude: [promote]
 
   # Build packages
   - name: build-packages
@@ -61,7 +64,7 @@ steps:
         mv target/rpm/RPMS/noarch/thehive*.rpm target/
         mv target/universal/thehive*.zip target/
     when:
-      event: [tag]
+      event: [promote]
 
   # Save external libraries in cache
   - name: save-cache
@@ -91,7 +94,7 @@ steps:
         - target/thehive*.zip
       strip_components: 1
     when:
-      event: [tag]
+      event: [promote]
 
   # Publish packages
   - name: publish packages
@@ -104,7 +107,7 @@ steps:
     commands:
       - PLUGIN_SCRIPT="bash $PLUGIN_PUBLISH_SCRIPT thehive4 $(cat thehive-version.txt)" /bin/drone-ssh
     when:
-      event: [tag]
+      event: [promote]
 
   # Publish docker image on Docker Hub
   - name: docker
@@ -116,7 +119,7 @@ steps:
       username: {from_secret: docker_username}
       password: {from_secret: docker_password}
     when:
-      event: [tag]
+      event: [promote]
 
   # Publish docker image on Harbor
 #  - name: harbor

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## [4.1.15](https://github.com/TheHive-Project/TheHive/milestone/85) (2021-12-06)
+
+**Implemented enhancements:**
+
+- [Feature Request] Add query to retrieve audit from an object [\#2266](https://github.com/TheHive-Project/TheHive/issues/2266)
+- [Feature Request] Sort similar Alerts by Observables [\#2270](https://github.com/TheHive-Project/TheHive/issues/2270)
+- [Enhancement] Add space after the title prefix from case template [\#2278](https://github.com/TheHive-Project/TheHive/issues/2278)
+
+**Fixed bugs:**
+
+- [Bug] Search without sort make queries slow [\#2261](https://github.com/TheHive-Project/TheHive/issues/2261)
+- [Bug] Marking an alert as read do not update it's "updatedAt" field [\#2262](https://github.com/TheHive-Project/TheHive/issues/2262)
+- [Bug] dataType removal doesn't work [\#2263](https://github.com/TheHive-Project/TheHive/issues/2263)
+- [Bug] Fix index creation and rebuild [\#2265](https://github.com/TheHive-Project/TheHive/issues/2265)
+
 ## [4.1.14](https://github.com/TheHive-Project/TheHive/milestone/84) (2021-11-19)
 
 **Implemented enhancements:**

ScalliGraph

@@ -2,7 +2,7 @@ import Dependencies._
 import com.typesafe.sbt.packager.Keys.bashScriptDefines
 import org.thp.ghcl.Milestone
 
-val thehiveVersion         = "4.1.14-1"
+val thehiveVersion         = "4.1.15-1"
 val scala212               = "2.12.13"
 val scala213               = "2.13.1"
 val supportedScalaVersions = List(scala212, scala213)
@@ -351,28 +351,3 @@ lazy val thehiveMigration = (project in file("migration"))
     ),
     normalizedName := "migrate"
   )
-
-lazy val rpmPackageRelease = (project in file("package/rpm-release"))
-  .enablePlugins(RpmPlugin)
-  .settings(
-    name := "thehive-project-release",
-    maintainer := "TheHive Project <[email protected]>",
-    version := "1.2.0",
-    rpmRelease := "1",
-    rpmVendor := "TheHive Project",
-    rpmUrl := Some("http://thehive-project.org/"),
-    rpmLicense := Some("AGPL"),
-    maintainerScripts in Rpm := Map.empty,
-    linuxPackageSymlinks in Rpm := Nil,
-    packageSummary := "TheHive-Project RPM repository",
-    packageDescription :=
-      """This package contains the TheHive-Project packages repository
-        |GPG key as well as configuration for yum.""".stripMargin,
-    linuxPackageMappings in Rpm := Seq(
-      packageMapping(
-        file("PGP-PUBLIC-KEY")                       -> "etc/pki/rpm-gpg/GPG-TheHive-Project",
-        file("package/rpm-release/thehive-rpm.repo") -> "/etc/yum.repos.d/thehive-rpm.repo",
-        file("LICENSE")                              -> "/usr/share/doc/thehive-project-release/LICENSE"
-      )
-    )
-  )

build.sbt

@@ -85,10 +85,11 @@ class PublicAction @Inject() (actionSrv: ActionSrv, organisationSrv: Organisatio
     "getAction",
     (idOrName, graph, authContext) => actionSrv.get(idOrName)(graph).visible(organisationSrv)(authContext)
   )
-  override val pageQuery: ParamQuery[OutputParam] = Query.withParam[OutputParam, Traversal.V[Action], IteratorOutput](
-    "page",
-    (range, actionSteps, _) => actionSteps.richPage(range.from, range.to, withTotal = true)(_.richAction)
-  )
+  override def pageQuery(limitedCountThreshold: Long): ParamQuery[OutputParam] =
+    Query.withParam[OutputParam, Traversal.V[Action], IteratorOutput](
+      "page",
+      (range, actionSteps, _) => actionSteps.richPage(range.from, range.to, withTotal = true, limitedCountThreshold)(_.richAction)
+    )
   override val outputQuery: Query = Query.output[RichAction, Traversal.V[Action]](_.richAction)
   val actionsQuery: Query = new Query {
     override val name: String = "actions"

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/ActionCtrl.scala

@@ -104,10 +104,10 @@ class PublicAnalyzerTemplate @Inject() (analyzerTemplateSrv: AnalyzerTemplateSrv
     "getReportTemplate",
     (idOrName, graph, _) => analyzerTemplateSrv.get(idOrName)(graph)
   )
-  override val pageQuery: ParamQuery[OutputParam] =
+  override def pageQuery(limitedCountThreshold: Long): ParamQuery[OutputParam] =
     Query.withParam[OutputParam, Traversal.V[AnalyzerTemplate], IteratorOutput](
       "page",
-      (range, analyzerTemplateTraversal, _) => analyzerTemplateTraversal.page(range.from, range.to, withTotal = true)
+      (range, analyzerTemplateTraversal, _) => analyzerTemplateTraversal.page(range.from, range.to, withTotal = true, limitedCountThreshold)
     )
   override val outputQuery: Query = Query.output[AnalyzerTemplate with Entity]
   override val publicProperties: PublicProperties = PublicPropertyListBuilder[AnalyzerTemplate]

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/AnalyzerTemplateCtrl.scala

@@ -37,7 +37,7 @@ class CortexQueryExecutor @Inject() (
   override lazy val queries: Seq[ParamQuery[_]] =
     controllers.map(_.initialQuery) :::
       controllers.map(_.getQuery) :::
-      controllers.map(_.pageQuery) :::
+      controllers.map(_.pageQuery(limitedCountThreshold)) ::: // FIXME the value of limitedCountThreshold is read only once. The value is not updated.
       controllers.map(_.outputQuery) :::
       controllers.flatMap(_.extraQueries)
 

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala

@@ -83,14 +83,16 @@ class PublicJob @Inject() (jobSrv: JobSrv) extends PublicData with JobRenderer {
     "getJob",
     (idOrName, graph, authContext) => jobSrv.get(idOrName)(graph).visible(authContext)
   )
-  override val pageQuery: ParamQuery[OutputParam] =
+  override def pageQuery(limitedCountThreshold: Long): ParamQuery[OutputParam] =
     Query.withParam[OutputParam, Traversal.V[Job], IteratorOutput](
       "page",
       {
         case (OutputParam(from, to, _, withParents), jobSteps, authContext) if withParents > 0 =>
-          jobSteps.richPage(from, to, withTotal = true)(_.richJobWithCustomRenderer(jobParents(_)(authContext))(authContext))
+          jobSteps.richPage(from, to, withTotal = true, limitedCountThreshold)(_.richJobWithCustomRenderer(jobParents(_)(authContext))(authContext))
         case (range, jobSteps, authContext) =>
-          jobSteps.richPage(range.from, range.to, withTotal = true)(_.richJob(authContext).domainMap((_, None: Option[(RichObservable, RichCase)])))
+          jobSteps.richPage(range.from, range.to, withTotal = true, limitedCountThreshold)(
+            _.richJob(authContext).domainMap((_, None: Option[(RichObservable, RichCase)]))
+          )
       }
     )
   override val outputQuery: Query = Query.outputWithContext[RichJob, Traversal.V[Job]]((jobSteps, authContext) => jobSteps.richJob(authContext))

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/JobCtrl.scala

@@ -35,7 +35,7 @@ class CortexSchemaDefinition @Inject() () extends Schema with UpdatableSchema {
       .map(modelClass => rm.reflectModule(rm.classSymbol(modelClass).companion.companion.asModule).instance)
       .collect {
         case hasModel: HasModel =>
-          logger.info(s"Loading model ${hasModel.model.label}")
+          logger.debug(s"Loading model ${hasModel.model.label}")
           hasModel.model
       }
       .toSeq

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/models/CortexSchemaDefinition.scala

@@ -72,7 +72,13 @@ class ActionOperationSrv @Inject() (
       case CloseTask() =>
         for {
           t <- relatedTask.fold[Try[Task with Entity]](Failure(InternalError("Unable to apply action CloseTask without task")))(Success(_))
-          _ <- taskSrv.get(t).update(_.status, TaskStatus.Completed).getOrFail("Task")
+          _ <-
+            taskSrv
+              .get(t)
+              .update(_.status, TaskStatus.Completed)
+              .update(_._updatedAt, Some(new Date))
+              .update(_._updatedBy, Some(authContext.userId))
+              .getOrFail("Task")
         } yield updateOperation(operation)
 
       case MarkAlertAsRead() =>