Create a timeline item for each alert

Author: csavelief

app/Http/Procedures/NotesProcedure.php

@@ -30,7 +30,7 @@ public function create(Request $request): array
 
         /** @var User $user */
         $user = $request->user();
-        $item = TimelineItem::createNote($user->id, $params['note']);
+        $item = TimelineItem::createNote($user, $params['note']);
 
         return [
             "msg" => "Your note has been saved!",

app/Jobs/ProcessIncomingEmails.php

@@ -283,7 +283,7 @@ private function cyberBuddy(User $user, \Webklex\PHPIMAP\Message $message): void
 
     private function memex(User $user, \Webklex\PHPIMAP\Message $message): void
     {
-        $item = TimelineItem::createNote($user->id, $message->getTextBody(), $message->getSubject()[0] ?? '');
+        $item = TimelineItem::createNote($user, $message->getTextBody(), $message->getSubject()[0] ?? '');
         if ($message->hasAttachments()) {
             $collection = $this->getOrCreateCollection("privcol{$user->id}", 0);
             if ($collection) {

app/Listeners/DeleteAssetListener.php

@@ -5,6 +5,7 @@
 use App\Enums\AssetTypesEnum;
 use App\Events\DeleteAsset;
 use App\Models\Asset;
+use App\Models\TimelineItem;
 use App\Rules\IsValidAsset;
 use App\Rules\IsValidDomain;
 use App\Rules\IsValidIpAddress;
@@ -28,6 +29,8 @@ public static function execute(User $user, string $asset): bool
             $assetType = AssetTypesEnum::RANGE;
         }
 
+        TimelineItem::deleteAlerts($user->id, $asset);
+
         Asset::where('asset', $asset)
             ->where('type', $assetType)
             ->where('created_by', $user->id)

app/Listeners/EndVulnsScanListener.php

@@ -10,6 +10,7 @@
 use App\Models\Asset;
 use App\Models\Port;
 use App\Models\Scan;
+use App\Models\TimelineItem;
 use App\Models\YnhTrial;
 use Carbon\Carbon;
 use Illuminate\Auth\Passwords\PasswordBroker;
@@ -93,10 +94,10 @@ public static function sendEmailReport(YnhTrial $trial): void
 
                 $result = ApiUtils2::translate($alert->vulnerability);
 
-                if ($result ['error'] !== false) {
+                if ($result['error'] !== false) {
                     $vulnerability = $alert->vulnerability;
                 } else {
-                    $vulnerability = $result ['response'];
+                    $vulnerability = $result['response'];
                 }
                 return "
                     <h3>{$alert->title} {$level}</h3>
@@ -224,6 +225,7 @@ protected function handle2($event)
 
         if ($scan) {
 
+            $this->createTimelineItem($scan);
             /** @var Asset $asset */
             $asset = $scan->asset()->firstOrFail();
             /** @var YnhTrial $trial */
@@ -235,7 +237,7 @@ protected function handle2($event)
         }
     }
 
-    private function handle3($event): void
+    private function handle3(EndVulnsScan $event): void
     {
         $scan = $event->scan();
         $dropEvent = $event->drop();
@@ -301,6 +303,7 @@ private function handle3($event): void
         $product = $task['product'] ?? null;
         $ssl = $task['ssl'] ?? null;
 
+        /** @var Port $port */
         $port = $scan->port()->first();
         $port->service = $service;
         $port->product = $product;
@@ -449,4 +452,26 @@ private function taskOutput(string $taskId): array
     {
         return ApiUtils::task_get_scan_public($taskId);
     }
+
+    // Whatever happens during the ports scan, a vuln scan is triggered!
+    private function createTimelineItem(Scan $scan): void
+    {
+        if (!$scan->portsScanHasEnded() || !$scan->vulnsScanHasEnded()) {
+            Log::warning("Asset is still being scanned for scan {$scan->id}");
+        } else {
+            $scan->asset()
+                ->get()
+                ->map(function (Asset $asset) {
+                    TimelineItem::fetchAlerts($asset->created_by, null, null, 0, [
+                        [['asset_id', '=', $asset->id]],
+                    ])->each(function (TimelineItem $item) {
+                        $item->deleteItem();
+                        $item->save();
+                    });
+                    return $asset;
+                })
+                ->flatMap(fn(Asset $asset) => $asset->alerts()->get())
+                ->each(fn(Alert $alert) => TimelineItem::createAlert($alert->asset()->createdBy(), $scan, $alert));
+        }
+    }
 }

app/Models/TimelineItem.php

@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Helpers\ApiUtilsFacade as ApiUtils2;
 use App\User;
 use Carbon\Carbon;
 use Illuminate\Database\Eloquent\Model;
@@ -42,9 +43,113 @@ class TimelineItem extends Model
         'updated_at' => 'datetime',
     ];
 
-    public static function createNote(int $ownedBy, string $body, string $subject = ''): TimelineItem
+    public static function createAlert(User $user, Scan $scan, Alert $alert): TimelineItem
     {
-        return self::createItem($ownedBy, 'note', Carbon::now(), 0, [
+        $asset = $alert->asset();
+        $port = $alert->port();
+
+        if (empty($alert->title)) {
+            $title = '';
+        } else {
+            $result = ApiUtils2::translate($alert->title, 'fr');
+            if ($result['error'] !== false) {
+                $title = $alert->title;
+            } else {
+                $title = $result['response'];
+            }
+        }
+        if (empty($alert->vulnerability)) {
+            $vulnerability = '';
+        } else {
+            $result = ApiUtils2::translate($alert->vulnerability, 'fr');
+            if ($result['error'] !== false) {
+                $vulnerability = $alert->vulnerability;
+            } else {
+                $vulnerability = $result['response'];
+            }
+        }
+        if (empty($alert->remediation)) {
+            $remediation = '';
+        } else {
+            $result = ApiUtils2::translate($alert->remediation, 'fr');
+            if ($result['error'] !== false) {
+                $remediation = $alert->remediation;
+            } else {
+                $remediation = $result['response'];
+            }
+        }
+        return self::createItem($user->id, 'alert', Carbon::now(), 0, [
+
+            // Ids
+            'tenant_id' => $user->tenant_id,
+            'asset_id' => $asset->id,
+            'scan_id' => $scan->id,
+            'port_id' => $port->id,
+            'alert_id' => $alert->id,
+
+            // Asset
+            'asset_name' => $asset->asset,
+            'asset_type' => $asset->type->value,
+            'asset_tld' => $asset->tld() ?? '',
+            'asset_tags' => json_encode($asset->tags()->get()->pluck('tag')->unique()->sort()->values()->toArray()),
+            'asset_ip' => $port->ip,
+
+            // Port
+            'port_number' => $port->port,
+            'port_protocol' => $port->protocol,
+            'port_tags' => json_encode($port->tags()->get()->pluck('tag')->unique()->sort()->values()->toArray()),
+            'port_service' => $port->service ?? '',
+            'port_product' => $port->product ?? '',
+
+            // Hosting provider
+            'hosting_service_description' => $port->hosting_service_description ?? '',
+            'hosting_service_registry' => $port->hosting_service_registry ?? '',
+            'hosting_service_asn' => $port->hosting_service_asn ?? '',
+            'hosting_service_cidr' => $port->hosting_service_cidr ?? '',
+            'hosting_service_country_code' => $port->hosting_service_country_code ?? '',
+            'hosting_service_date' => $port->hosting_service_date ?? '',
+
+            // Vulnerability
+            'vuln_type' => $alert->type,
+            'vuln_vulnerability_en' => $alert->vulnerability ?? '',
+            'vuln_vulnerability_fr' => $vulnerability,
+            'vuln_remediation_en' => $alert->remediation ?? '',
+            'vuln_remediation_fr' => $remediation,
+            'vuln_level' => $alert->level ?? '',
+            'vuln_uid' => $alert->uid ?? '',
+            'vuln_cve_id' => $alert->cve_id ?? '',
+            'vuln_cve_cvss' => $alert->cve_cvss ?? '',
+            'vuln_cve_vendor' => $alert->cve_vendor ?? '',
+            'vuln_cve_product' => $alert->cve_product ?? '',
+            'vuln_title_en' => $alert->title ?? '',
+            'vuln_title_fr' => $title,
+
+            // Misc.
+            'country' => $port->country ?? '',
+            'ssl' => $port->ssl ?? false,
+        ]);
+    }
+
+    public static function fetchAlerts(?int $ownedBy = null, ?Carbon $createdAtOrAfter = null, ?Carbon $createdAtOrBefore = null, ?int $flags = null, array $ands = []): \Illuminate\Support\Collection
+    {
+        return self::fetchItems($ownedBy, 'alert', $createdAtOrAfter, $createdAtOrBefore, $flags, $ands);
+    }
+
+    public static function deleteAlerts(int $ownedBy, string $asset): void
+    {
+        TimelineItem::fetchAlerts($ownedBy, null, null, 0, [
+            [['asset_name', '=', $asset]],
+        ])->each(function (TimelineItem $item) {
+            DB::transaction(function () use ($item) {
+                $item->facts()->delete();
+                $item->delete();
+            });
+        });
+    }
+
+    public static function createNote(User $user, string $body, string $subject = ''): TimelineItem
+    {
+        return self::createItem($user->id, 'note', Carbon::now(), 0, [
             'body' => Str::limit(trim($body), 1000 - 3, '...'),
             'subject' => Str::limit(trim($subject), 1000 - 3, '...'),
         ]);

database/migrations/2025_05_12_190700_update_timeline_tables2.php

@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration {
+
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('t_facts', function (Blueprint $table) {
+            $table->string('value', 5000)->nullable()->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('t_facts', function (Blueprint $table) {
+            $table->string('value', 1000)->nullable()->change();
+        });
+    }
+};