Skip to content

Commit

Permalink
#2401 Add checks on roles
Browse files Browse the repository at this point in the history
  • Loading branch information
To-om committed Jul 1, 2022
1 parent 0e330c7 commit 1a20754
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ trait IntegrityCheckApp {
integrityCheckOpsBindings.addBinding.to[TagIntegrityCheck]
integrityCheckOpsBindings.addBinding.to[TaskIntegrityCheck]
integrityCheckOpsBindings.addBinding.to[UserIntegrityCheck]
integrityCheckOpsBindings.addBinding.to[RoleIntegrityCheck]

bind[Environment].toInstance(Environment.simple())
bind[ApplicationLifecycle].to[DefaultApplicationLifecycle]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ object Output {
integrityCheckOpsBindings.addBinding.to[TagIntegrityCheck]
integrityCheckOpsBindings.addBinding.to[TaskIntegrityCheck]
integrityCheckOpsBindings.addBinding.to[UserIntegrityCheck]
integrityCheckOpsBindings.addBinding.to[RoleIntegrityCheck]

val schemaBindings = ScalaMultibinder.newSetBinder[UpdatableSchema](binder)
schemaBindings.addBinding.to[TheHiveSchemaDefinition]
Expand Down
1 change: 1 addition & 0 deletions thehive/app/org/thp/thehive/TheHiveModule.scala
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ class TheHiveModule(environment: Environment, configuration: Configuration) exte
integrityChecksBindings.addBinding.to[TaskIntegrityCheck]
integrityChecksBindings.addBinding.to[ObservableIntegrityCheck]
integrityChecksBindings.addBinding.to[LogIntegrityCheck]
integrityChecksBindings.addBinding.to[RoleIntegrityCheck]
bind[TypedActorRef[IntegrityCheck.Request]].toProvider[IntegrityCheckActorProvider].asEagerSingleton()
bind[TypedActorRef[CaseNumberActor.Request]].toProvider[CaseNumberActorProvider]

Expand Down
17 changes: 17 additions & 0 deletions thehive/app/org/thp/thehive/services/RoleSrv.scala
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,20 @@ object RoleOps {

}
}

@Singleton
class RoleIntegrityCheck @Inject() (
val db: Database,
val service: RoleSrv,
profileSrv: ProfileSrv,
organisationSrv: OrganisationSrv,
roleSrv: RoleSrv
) extends GlobalCheck[Role]
with IntegrityCheckOps[Role] {
override def globalCheck(traversal: Traversal.V[Role])(implicit graph: Graph): Map[String, Long] = {
val orgOphanCount = service.startTraversal.filterNot(_.organisation).sideEffect(_.drop()).getCount
val userOrphanCount = service.startTraversal.filterNot(_.user).sideEffect(_.drop()).getCount
val profileOrphanCount = service.startTraversal.filterNot(_.profile).sideEffect(_.drop()).getCount
Map("orgOrphan" -> orgOphanCount, "userOrphan" -> userOrphanCount, "profileOrphan" -> profileOrphanCount)
}
}
6 changes: 6 additions & 0 deletions thehive/conf/reference.conf
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,12 @@ integrityCheck {
minInterval: 30 minutes
dedupStrategy: AfterAddition
}
Role {
enabled: true
initialDelay: 30 seconds
minInterval: 1 minute
dedupStrategy: AfterAddition
}
}
}

Expand Down
3 changes: 2 additions & 1 deletion thehive/test/org/thp/thehive/TestAppBuilder.scala
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,8 @@ trait TestAppBuilder {
classOf[CaseTemplateIntegrityCheck],
classOf[DataIntegrityCheck],
classOf[CaseIntegrityCheck],
classOf[AlertIntegrityCheck]
classOf[AlertIntegrityCheck],
classOf[RoleIntegrityCheck]
)
.bindActor[DummyActor]("config-actor")
.bindActor[DummyActor]("notification-actor")
Expand Down

0 comments on commit 1a20754

Please sign in to comment.