diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py index e503bbc..4843b9c 100644 --- a/core/lib/opensearch.py +++ b/core/lib/opensearch.py @@ -244,6 +244,7 @@ def run_main_query(client, user, query, custom_query=False, index=None, size=Non def parse_results(results): results_parsed = [] + stringify = ["host", "channel"] if "hits" in results.keys(): if "hits" in results["hits"]: for item in results["hits"]["hits"]: @@ -254,6 +255,9 @@ def parse_results(results): else: return False element = item[data_index] + for field in stringify: + if field in element: + element[field] = str(element[field]) # Why are fields in lists... if data_index == "fields": element = {k: v[0] for k, v in element.items() if len(v)} @@ -319,7 +323,7 @@ def query_results( denied_q = hash_lookup(request.user, query_params) denied.extend(denied_q) if tags: - denied_t = hash_lookup(request.user, tags) + denied_t = hash_lookup(request.user, tags, query_params) denied.extend(denied_t) message = "Permission denied: " diff --git a/core/views/helpers.py b/core/views/helpers.py index 8ce2dbc..b09124c 100644 --- a/core/views/helpers.py +++ b/core/views/helpers.py @@ -211,11 +211,19 @@ def hash_list(user, data, hash_keys=False): r.hmset(cache, hash_table) -def hash_lookup(user, data_dict): +def hash_lookup(user, data_dict, supplementary_data=None): cache = "cache.hash" hash_list = SortedSet() denied = [] for key, value in list(data_dict.items()): + print("DATA DICT", data_dict) + if "source" in data_dict: + if data_dict["source"] in settings.SAFE_SOURCES: + continue + if supplementary_data: + if "source" in supplementary_data: + if supplementary_data["source"] in settings.SAFE_SOURCES: + continue if key in settings.SEARCH_FIELDS_DENY: if not user.has_perm("core.bypass_hashing"): data_dict[key] = SearchDenied(key=key, value=data_dict[key]) diff --git a/core/views/ui/drilldown.py b/core/views/ui/drilldown.py index 2e6a6f2..64f7aa2 100644 --- a/core/views/ui/drilldown.py +++ b/core/views/ui/drilldown.py @@ -374,13 +374,14 @@ class DrilldownContextModal(APIView): return render(request, self.template_name, results) if settings.HASHING: # we probably want to see the tokens - if not request.user.has_perm("core.bypass_hashing"): - for index, item in enumerate(results["object_list"]): - if "tokens" in item: - results["object_list"][index]["msg"] = results["object_list"][ - index - ].pop("tokens") - # item["msg"] = item.pop("tokens") + if query_params["src"] not in settings.SAFE_SOURCES: + if not request.user.has_perm("core.bypass_hashing"): + for index, item in enumerate(results["object_list"]): + if "tokens" in item: + results["object_list"][index]["msg"] = results["object_list"][ + index + ].pop("tokens") + # item["msg"] = item.pop("tokens") # Make the time nicer # for index, item in enumerate(results["object_list"]):