Merge branch 'hotfix/4.1.22'

Author: To-om

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change Log
 
+## [4.1.22](https://github.com/TheHive-Project/TheHive/milestone/93) (2022-07-01)
+
+**Implemented enhancements:**
+
+- [Enhancement] Add check on user role [\#2401](https://github.com/TheHive-Project/TheHive/issues/2401)
+
+**Fixed bugs:**
+
+- [Bug] Use dedicated stream topic for stream dispatcher subscription [\#2400](https://github.com/TheHive-Project/TheHive/issues/2400)
+
 ## [4.1.21](https://github.com/TheHive-Project/TheHive/milestone/91) (2022-06-22)
 
 **Fixed bugs:**

build.sbt

@@ -2,7 +2,7 @@ import Dependencies._
 import com.typesafe.sbt.packager.Keys.bashScriptDefines
 import org.thp.ghcl.Milestone
 
-val thehiveVersion         = "4.1.21-1"
+val thehiveVersion         = "4.1.22-1"
 val scala212               = "2.12.13"
 val scala213               = "2.13.1"
 val supportedScalaVersions = List(scala212, scala213)

frontend/bower.json

@@ -1,6 +1,6 @@
 {
   "name": "thehive",
-  "version": "4.1.21-1",
+  "version": "4.1.22-1",
   "license": "AGPL-3.0",
   "dependencies": {
     "jquery": "^3.4.1",

frontend/package.json

@@ -1,6 +1,6 @@
 {
     "name": "thehive",
-    "version": "4.1.21-1",
+    "version": "4.1.22-1",
     "license": "AGPL-3.0",
     "repository": {
         "type": "git",

migration/src/main/scala/org/thp/thehive/cloner/IntegrityCheckApp.scala

@@ -59,6 +59,7 @@ trait IntegrityCheckApp {
               integrityCheckOpsBindings.addBinding.to[TagIntegrityCheck]
               integrityCheckOpsBindings.addBinding.to[TaskIntegrityCheck]
               integrityCheckOpsBindings.addBinding.to[UserIntegrityCheck]
+              integrityCheckOpsBindings.addBinding.to[RoleIntegrityCheck]
 
               bind[Environment].toInstance(Environment.simple())
               bind[ApplicationLifecycle].to[DefaultApplicationLifecycle]

migration/src/main/scala/org/thp/thehive/migration/th4/Output.scala

@@ -73,6 +73,7 @@ object Output {
               integrityCheckOpsBindings.addBinding.to[TagIntegrityCheck]
               integrityCheckOpsBindings.addBinding.to[TaskIntegrityCheck]
               integrityCheckOpsBindings.addBinding.to[UserIntegrityCheck]
+              integrityCheckOpsBindings.addBinding.to[RoleIntegrityCheck]
 
               val schemaBindings = ScalaMultibinder.newSetBinder[UpdatableSchema](binder)
               schemaBindings.addBinding.to[TheHiveSchemaDefinition]

thehive/app/org/thp/thehive/TheHiveModule.scala

@@ -104,6 +104,7 @@ class TheHiveModule(environment: Environment, configuration: Configuration) exte
     integrityChecksBindings.addBinding.to[TaskIntegrityCheck]
     integrityChecksBindings.addBinding.to[ObservableIntegrityCheck]
     integrityChecksBindings.addBinding.to[LogIntegrityCheck]
+    integrityChecksBindings.addBinding.to[RoleIntegrityCheck]
     bind[TypedActorRef[IntegrityCheck.Request]].toProvider[IntegrityCheckActorProvider].asEagerSingleton()
     bind[TypedActorRef[CaseNumberActor.Request]].toProvider[CaseNumberActorProvider]
 

thehive/app/org/thp/thehive/services/AuditSrv.scala

@@ -105,7 +105,7 @@ class AuditSrv @Inject() (
           case Status.COMMIT =>
             logger.debug("Sending audit to stream bus and to notification actor")
             val auditIds = ids.map(_._2)
-            eventSrv.publish(StreamTopic())(AuditStreamMessage(auditIds: _*))
+            eventSrv.publish(StreamTopic.dispatcher)(AuditStreamMessage(auditIds: _*))
             notificationActor ! AuditNotificationMessage(auditIds: _*)
           case _ =>
         }

thehive/app/org/thp/thehive/services/FlowActor.scala

@@ -50,8 +50,8 @@ class FlowActor extends Actor {
   def fromDate: Date = new Date(System.currentTimeMillis() - maxAgeConfig.get.toMillis)
 
   lazy val eventSrv: EventSrv   = injector.getInstance(classOf[EventSrv])
-  override def preStart(): Unit = eventSrv.subscribe(StreamTopic(), self)
-  override def postStop(): Unit = eventSrv.unsubscribe(StreamTopic(), self)
+  override def preStart(): Unit = eventSrv.subscribe(StreamTopic.dispatcher, self)
+  override def postStop(): Unit = eventSrv.unsubscribe(StreamTopic.dispatcher, self)
 
   def flowQuery(
       caseId: Option[EntityIdOrName]

thehive/app/org/thp/thehive/services/RoleSrv.scala

@@ -53,3 +53,20 @@ object RoleOps {
 
   }
 }
+
+@Singleton
+class RoleIntegrityCheck @Inject() (
+    val db: Database,
+    val service: RoleSrv,
+    profileSrv: ProfileSrv,
+    organisationSrv: OrganisationSrv,
+    roleSrv: RoleSrv
+) extends GlobalCheck[Role]
+    with IntegrityCheckOps[Role] {
+  override def globalCheck(traversal: Traversal.V[Role])(implicit graph: Graph): Map[String, Long] = {
+    val orgOphanCount      = service.startTraversal.filterNot(_.organisation).sideEffect(_.drop()).getCount
+    val userOrphanCount    = service.startTraversal.filterNot(_.user).sideEffect(_.drop()).getCount
+    val profileOrphanCount = service.startTraversal.filterNot(_.profile).sideEffect(_.drop()).getCount
+    Map("orgOrphan" -> orgOphanCount, "userOrphan" -> userOrphanCount, "profileOrphan" -> profileOrphanCount)
+  }
+}

thehive/app/org/thp/thehive/services/StreamSrv.scala

@@ -1,6 +1,6 @@
 package org.thp.thehive.services
 
-import akka.actor.{actorRef2Scala, Actor, ActorIdentity, ActorRef, ActorSystem, Cancellable, Identify, PoisonPill, Props}
+import akka.actor.{Actor, ActorIdentity, ActorRef, ActorSystem, Cancellable, Identify, PoisonPill, Props}
 import akka.pattern.{ask, AskTimeoutException}
 import akka.serialization.Serializer
 import akka.util.Timeout
@@ -26,7 +26,8 @@ import scala.util.{Random, Try}
 sealed trait StreamMessage extends Serializable
 
 object StreamTopic {
-  def apply(streamId: String = ""): String = if (streamId.isEmpty) "stream" else s"stream-$streamId"
+  def apply(streamId: String): String = s"stream-$streamId"
+  val dispatcher: String              = "stream"
 }
 
 case class AuditStreamMessage(id: EntityId*) extends StreamMessage
@@ -192,7 +193,7 @@ class StreamSrv @Inject() (
       )
     logger.debug(s"Register stream actor ${streamActor.path}")
     eventSrv.subscribe(StreamTopic(streamId), streamActor)
-    eventSrv.subscribe(StreamTopic(), streamActor)
+    eventSrv.subscribe(StreamTopic.dispatcher, streamActor)
     streamId
   }
 

thehive/conf/reference.conf

@@ -236,6 +236,12 @@ integrityCheck {
       minInterval: 30 minutes
       dedupStrategy: AfterAddition
     }
+    Role {
+      enabled: true
+      initialDelay: 30 seconds
+      minInterval: 1 minute
+      dedupStrategy: AfterAddition
+    }
   }
 }
 

thehive/test/org/thp/thehive/TestAppBuilder.scala

@@ -58,7 +58,8 @@ trait TestAppBuilder {
         classOf[CaseTemplateIntegrityCheck],
         classOf[DataIntegrityCheck],
         classOf[CaseIntegrityCheck],
-        classOf[AlertIntegrityCheck]
+        classOf[AlertIntegrityCheck],
+        classOf[RoleIntegrityCheck]
       )
       .bindActor[DummyActor]("config-actor")
       .bindActor[DummyActor]("notification-actor")