Merge pull request #25 from saferwall/feat/update-pe-data-keys

Feat/update pe data keys

.eslintrc.json

@@ -0,0 +1,13 @@
+{
+	"env": {
+		"browser": true,
+		"es2021": true,
+		"node": true
+	},
+	"extends": "standard-with-typescript",
+	"parserOptions": {
+		"ecmaVersion": "latest",
+		"sourceType": "module"
+	},
+	"rules": {}
+}

.github/workflows/release.yaml

@@ -25,8 +25,8 @@ jobs:
       - name: Generate build version
         id: prep
         run: |
-            version=$(cat VERSION)
-            echo "BUILD_VERSION=${version}" >>$GITHUB_OUTPUT
+          version=$(cat VERSION)
+          echo "BUILD_VERSION=${version}" >>$GITHUB_OUTPUT
 
       - name: Build and push
         id: docker_build

.prettierrc

@@ -3,12 +3,8 @@
 	"singleQuote": true,
 	"trailingComma": "none",
 	"printWidth": 100,
-	"plugins": [
-		"prettier-plugin-svelte"
-	],
-	"pluginSearchDirs": [
-		"."
-	],
+	"plugins": ["prettier-plugin-svelte"],
+	"pluginSearchDirs": ["."],
 	"overrides": [
 		{
 			"files": "*.svelte",
@@ -17,4 +13,4 @@
 			}
 		}
 	]
-}
+}

README.md

@@ -1,6 +1,6 @@
 # Saferwall UI
 
-This repository contains the frontend code for the Saferwall threat analysis platform. 
+This repository contains the frontend code for the Saferwall threat analysis platform.
 The Saferwall UI is built with SvelteKit, providing a modern and user-friendly interface for analyzing, triaging, and classifying threats.
 
 ## Features

package.json

@@ -21,13 +21,17 @@
 		"@sveltejs/adapter-node": "^1.2.4",
 		"@sveltejs/kit": "^1.0.0",
 		"@tailwindcss/typography": "^0.5.8",
-		"@typescript-eslint/eslint-plugin": "^5.45.0",
+		"@typescript-eslint/eslint-plugin": "^6.4.0",
 		"@typescript-eslint/parser": "^5.45.0",
 		"autoprefixer": "^10.4.13",
 		"cross-env": "^7.0.3",
 		"dotenv": "^16.1.3",
-		"eslint": "^8.28.0",
+		"eslint": "^8.0.1",
 		"eslint-config-prettier": "^8.5.0",
+		"eslint-config-standard-with-typescript": "^43.0.1",
+		"eslint-plugin-import": "^2.25.2",
+		"eslint-plugin-n": "^15.0.0 || ^16.0.0 ",
+		"eslint-plugin-promise": "^6.0.0",
 		"eslint-plugin-svelte3": "^4.0.0",
 		"miniflare": "^2.11.0",
 		"postcss": "^8.4.20",
@@ -38,7 +42,7 @@
 		"svelte-check": "^2.9.2",
 		"tailwindcss": "^3.2.4",
 		"tslib": "^2.4.1",
-		"typescript": "^4.9.3",
+		"typescript": "*",
 		"vite": "^4.0.0",
 		"vitest": "^0.25.3",
 		"wrangler": "^2.1.11"

postcss.config.cjs

@@ -1,6 +1,6 @@
 module.exports = {
-  plugins: {
-    tailwindcss: {},
-    autoprefixer: {},
-  },
-}
+	plugins: {
+		tailwindcss: {},
+		autoprefixer: {}
+	}
+};

src/app.d.ts

@@ -3,6 +3,7 @@
 // and what to do when importing types
 declare namespace App {
 	interface Error {
+		message?: string;
 		status?: number;
 	}
 

src/app.scss

@@ -47,3 +47,79 @@ a.link:not([href='']) {
 .bytemd-fullscreen {
 	@apply z-50;
 }
+
+.table-border {
+	@apply w-full overflow-hidden rounded-xl border border-gray-200;
+
+	table {
+		@apply w-full;
+
+		th {
+			@apply font-bold;
+		}
+
+		td,
+		th {
+			@apply px-4 border;
+		}
+
+		th {
+			@apply border-t-0;
+		}
+
+		th:first-child,
+		td:first-child {
+			@apply border-l-0 border-t-0;
+		}
+
+		th:last-child,
+		td:last-child,
+		tr:last-child td {
+			@apply border-b-0 border-r-0;
+		}
+	}
+}
+
+.boxes {
+	table.groups {
+		@apply pr-4 border-separate border-spacing-y-2 w-full;
+
+		thead th {
+			@apply font-bold;
+		}
+
+		tbody {
+			tr {
+				@apply relative z-0;
+
+				&.box__body:after {
+					@apply content-[''] absolute -z-10 -top-2 rounded-t-none left-0 border rounded w-full h-full border-neutral-200 border-t-0;
+				}
+
+				&.box:after {
+					@apply content-[''] absolute -z-10 top-0 left-0 border rounded w-full h-full border-neutral-200;
+				}
+
+				&.expanded:after {
+					@apply rounded-b-none border-b-0;
+				}
+
+				td {
+					@apply p-4 py-4 rounded;
+				}
+			}
+		}
+	}
+
+	table.items {
+		@apply w-full;
+
+		tbody tr {
+			@apply even:bg-gray-50;
+
+			td {
+				@apply py-3 w-1/4;
+			}
+		}
+	}
+}

src/hooks.server.ts

@@ -30,12 +30,18 @@ export const handle: Handle = (async ({ event, resolve }) => {
 			'member_since',
 			'admin',
 			'email'
-		].reduce((obj: any, key) => ((obj[key] = (user as any)[key]), obj), {});
+		].reduce(
+			(finalUserData, key) => ({
+				...finalUserData,
+				[key]: user[key as keyof typeof user]
+			}),
+			{} as Record<string, any>
+		);
 	} catch (error) {
 		console.error('hooks error: ', error);
 	}
 
-	return await resolve(event);
+	return resolve(event);
 }) satisfies Handle;
 
 export const handleError = (async ({ error, event }: any) => {
@@ -45,7 +51,7 @@ export const handleError = (async ({ error, event }: any) => {
 		path: '/'
 	});
 
-	console.error(error);
+	console.error('[hook] handle error', error);
 
 	return {
 		message: error?.message,

src/lib/clients/miniflare.ts

@@ -2,18 +2,18 @@ import { Miniflare, Log, LogLevel } from 'miniflare';
 import { dev } from '$app/environment';
 
 export const fallBackPlatformToMiniFlareInDev = async (_platform: App.Platform) => {
-    if (!dev) return _platform;
+	if (!dev) return _platform;
 
-    if (_platform) return _platform;
-    const mf = new Miniflare({
-        log: new Log(LogLevel.INFO),
-        kvPersist: './.kv-data', // Use filebase or in memory store
-        kvNamespaces: ['HOT_ACTIVITIES'], //Declare array with NameSpaces
-        globalAsyncIO: true,
-        globalTimers: true,
-        globalRandom: true,
+	if (_platform) return _platform;
+	const mf = new Miniflare({
+		log: new Log(LogLevel.INFO),
+		kvPersist: './.kv-data', // Use filebase or in memory store
+		kvNamespaces: ['HOT_ACTIVITIES'], //Declare array with NameSpaces
+		globalAsyncIO: true,
+		globalTimers: true,
+		globalRandom: true,
 
-        script: `
+		script: `
 		addEventListener("fetch", (event) => {
 			event.waitUntil(Promise.resolve(event.request.url));
 			event.respondWith(new Response(event.request.headers.get("X-Message")));
@@ -22,11 +22,11 @@ export const fallBackPlatformToMiniFlareInDev = async (_platform: App.Platform)
 			event.waitUntil(Promise.resolve(event.scheduledTime));
 		});
 		`
-    });
+	});
 
-    const env: any = await mf.getBindings();
+	const env: any = await mf.getBindings();
 
-    const platform: App.Platform = { env };
+	const platform: App.Platform = { env };
 
-    return platform;
-};
+	return platform;
+};

src/lib/clients/saferwall.ts

@@ -1,6 +1,5 @@
 import { env } from '$env/dynamic/public';
 import { DEFAULT_PAGINATION_ITEMS } from '$lib/config';
-
 import type {
 	ApiTraceBufferDto,
 	ChangePasswordDto,
@@ -41,9 +40,7 @@ export class SaferwallClient {
 			...args
 		};
 
-		this.setAuthHeaders(init);
-
-		const response: any = await fetch(url, init);
+		const response: any = await fetch(url, this.setAuthHeaders(init));
 
 		if (!response.ok) {
 			throw response;
@@ -93,29 +90,51 @@ export class SaferwallClient {
 
 	public async getFileMeta(hash: string) {
 		return this.request<Saferwall.File>(
-			`files/${hash}?fields=first_seen,submissions,sha256,last_scanned,multiav,file_format,pe.meta,liked`
+			`files/${hash}?fields=first_seen,submissions,sha256,last_scanned,multiav,file_format,pe.meta`
 		);
 	}
 
 	public async getFileSummary(hash: string) {
 		return this.request<Saferwall.File & Saferwall.Summary>(`files/${hash}/summary`);
 	}
 
-	public async getFileApiTrace(guid: string, pagination?: Pagination & Partial<{ pid: string[] }>) {
+	public async getFileApiTrace(
+		behaviorId: string,
+		pagination?: Pagination & Partial<{ pid: string[] }>
+	) {
 		return this.request<Saferwall.Pagination<Saferwall.Behaviors.ApiTrace.Item>>(
-			`behaviors/${guid}/api-trace?` + this.generatePaginateQuery(pagination)
+			`behaviors/${behaviorId}/api-trace?` + this.generatePaginateQuery(pagination)
 		);
 	}
 
-	public async getFileProcessTree(guid: string) {
+	public async getFileProcessTree(behaviorId: string) {
 		return this.request<{ proc_tree: Saferwall.Behaviors.ProcessItem[] }>(
-			`behaviors/${guid}?fields=proc_tree`
+			`behaviors/${behaviorId}?fields=proc_tree`
 		).then((res) => res.proc_tree ?? []);
 	}
 
-	public async getFileBuffData({ hash, guid, procName, pid, tid, buffId }: ApiTraceBufferDto) {
+	public async getFileSystemEvents(behaviorId: string) {
+		return this.request<Saferwall.Pagination<Saferwall.Behaviors.SystemEvent>>(
+			`behaviors/${behaviorId}/sys-events`
+		).then((res) => res.items ?? []);
+	}
+
+	public async getFileCapabilities(behaviorId: string) {
+		return this.request<{ capabilities: Saferwall.Behaviors.Capability[] }>(
+			`behaviors/${behaviorId}?fields=capabilities`
+		).then((res) => res.capabilities ?? []);
+	}
+
+	public async getFileBuffData({
+		hash,
+		behaviorId,
+		procName,
+		pid,
+		tid,
+		buffId
+	}: ApiTraceBufferDto) {
 		return this.request<Response>(
-			`${this.config.artifactsUrl}${hash}/${guid}/api-buffers/${procName}__${pid}__${tid}__${buffId}.buff`,
+			`${this.config.artifactsUrl}${hash}/${behaviorId}/api-buffers/${procName}__${pid}__${tid}__${buffId}.buff`,
 			{
 				headers: {}
 			},

src/lib/components/Activity.svelte

@@ -44,8 +44,8 @@
 							>{getActivityTitle(activity.type)}</a
 						>
 					</span>
-					<time class="activity__time" datetime={timeToDateISO(activity.date * 1000)}>
-						{timeSince(activity.date * 1000)}
+					<time class="activity__time" datetime={timeToDateISO(activity.date)}>
+						{timeSince(activity.date)}
 					</time>
 				</p>
 				<InputHash hash={activity.file?.hash} />