From 38b712ac9a9b986a160346963c93a86dd47e73ad Mon Sep 17 00:00:00 2001
From: Mark Veidemanis <m@zm.is>
Date: Tue, 30 Aug 2022 10:00:26 +0100
Subject: [PATCH] Fix hashing with 4chan

---
 core/lib/opensearch.py     |  6 +++++-
 core/views/helpers.py      | 10 +++++++++-
 core/views/ui/drilldown.py | 15 ++++++++-------
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py
index e503bbc..4843b9c 100644
--- a/core/lib/opensearch.py
+++ b/core/lib/opensearch.py
@@ -244,6 +244,7 @@ def run_main_query(client, user, query, custom_query=False, index=None, size=Non
 
 def parse_results(results):
     results_parsed = []
+    stringify = ["host", "channel"]
     if "hits" in results.keys():
         if "hits" in results["hits"]:
             for item in results["hits"]["hits"]:
@@ -254,6 +255,9 @@ def parse_results(results):
                 else:
                     return False
                 element = item[data_index]
+                for field in stringify:
+                    if field in element:
+                        element[field] = str(element[field])
                 # Why are fields in lists...
                 if data_index == "fields":
                     element = {k: v[0] for k, v in element.items() if len(v)}
@@ -319,7 +323,7 @@ def query_results(
             denied_q = hash_lookup(request.user, query_params)
             denied.extend(denied_q)
             if tags:
-                denied_t = hash_lookup(request.user, tags)
+                denied_t = hash_lookup(request.user, tags, query_params)
                 denied.extend(denied_t)
 
     message = "Permission denied: "
diff --git a/core/views/helpers.py b/core/views/helpers.py
index 8ce2dbc..b09124c 100644
--- a/core/views/helpers.py
+++ b/core/views/helpers.py
@@ -211,11 +211,19 @@ def hash_list(user, data, hash_keys=False):
         r.hmset(cache, hash_table)
 
 
-def hash_lookup(user, data_dict):
+def hash_lookup(user, data_dict, supplementary_data=None):
     cache = "cache.hash"
     hash_list = SortedSet()
     denied = []
     for key, value in list(data_dict.items()):
+        print("DATA DICT", data_dict)
+        if "source" in data_dict:
+            if data_dict["source"] in settings.SAFE_SOURCES:
+                continue
+        if supplementary_data:
+            if "source" in supplementary_data:
+                if supplementary_data["source"] in settings.SAFE_SOURCES:
+                    continue
         if key in settings.SEARCH_FIELDS_DENY:
             if not user.has_perm("core.bypass_hashing"):
                 data_dict[key] = SearchDenied(key=key, value=data_dict[key])
diff --git a/core/views/ui/drilldown.py b/core/views/ui/drilldown.py
index 2e6a6f2..64f7aa2 100644
--- a/core/views/ui/drilldown.py
+++ b/core/views/ui/drilldown.py
@@ -374,13 +374,14 @@ class DrilldownContextModal(APIView):
             return render(request, self.template_name, results)
 
         if settings.HASHING:  # we probably want to see the tokens
-            if not request.user.has_perm("core.bypass_hashing"):
-                for index, item in enumerate(results["object_list"]):
-                    if "tokens" in item:
-                        results["object_list"][index]["msg"] = results["object_list"][
-                            index
-                        ].pop("tokens")
-                        # item["msg"] = item.pop("tokens")
+            if query_params["src"] not in settings.SAFE_SOURCES:
+                if not request.user.has_perm("core.bypass_hashing"):
+                    for index, item in enumerate(results["object_list"]):
+                        if "tokens" in item:
+                            results["object_list"][index]["msg"] = results["object_list"][
+                                index
+                            ].pop("tokens")
+                            # item["msg"] = item.pop("tokens")
 
         # Make the time nicer
         # for index, item in enumerate(results["object_list"]):