From ba3124bd694e8d2e15b079d07f0edc54cc71b238 Mon Sep 17 00:00:00 2001 From: Mark Veidemanis Date: Tue, 30 Aug 2022 10:30:17 +0100 Subject: [PATCH] Bypass obfuscation for safe sources --- core/lib/opensearch.py | 70 +++++++++++-------- core/templates/modals/context.html | 2 +- core/templates/modals/context_table.html | 4 +- .../ui/drilldown/table_results_partial.html | 4 +- core/views/helpers.py | 4 +- core/views/ui/drilldown.py | 32 ++++++--- 6 files changed, 70 insertions(+), 46 deletions(-) diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py index 4843b9c..57ec06d 100644 --- a/core/lib/opensearch.py +++ b/core/lib/opensearch.py @@ -351,6 +351,7 @@ def query_results( return {"message": message, "class": message_class} else: size = 20 + source = None if "source" in query_params: source = query_params["source"] if source not in settings.OPENSEARCH_MAIN_SOURCES: @@ -378,30 +379,36 @@ def query_results( if date_query: if settings.DELAY_RESULTS: - if request.user.has_perm("core.bypass_delay"): - add_top.append(range_query) - else: - delay_as_ts = datetime.now() - timedelta(days=settings.DELAY_DURATION) - lt_as_ts = datetime.strptime( - range_query["range"]["ts"]["lt"], "%Y-%m-%dT%H:%MZ" - ) - if lt_as_ts > delay_as_ts: - range_query["range"]["ts"]["lt"] = f"now-{settings.DELAY_DURATION}d" - add_top.append(range_query) + if source not in settings.SAFE_SOURCES: + if request.user.has_perm("core.bypass_delay"): + add_top.append(range_query) + else: + delay_as_ts = datetime.now() - timedelta( + days=settings.DELAY_DURATION + ) + lt_as_ts = datetime.strptime( + range_query["range"]["ts"]["lt"], "%Y-%m-%dT%H:%MZ" + ) + if lt_as_ts > delay_as_ts: + range_query["range"]["ts"][ + "lt" + ] = f"now-{settings.DELAY_DURATION}d" + add_top.append(range_query) else: add_top.append(range_query) else: if settings.DELAY_RESULTS: - if not request.user.has_perm("core.bypass_delay"): - range_query = { - "range": { - "ts": { - # "gt": , - "lt": f"now-{settings.DELAY_DURATION}d", + if source not in settings.SAFE_SOURCES: + if not request.user.has_perm("core.bypass_delay"): + range_query = { + "range": { + "ts": { + # "gt": , + "lt": f"now-{settings.DELAY_DURATION}d", + } } } - } - add_top.append(range_query) + add_top.append(range_query) if "sorting" in query_params: sorting = query_params["sorting"] @@ -571,17 +578,18 @@ def query_results( dedup_fields = ["msg", "nick", "ident", "host", "net", "channel"] results_parsed = dedup_list(results_parsed, dedup_fields) - if settings.ENCRYPTION: - encrypt_list(request.user, results_parsed, settings.ENCRYPTION_KEY) + if source not in settings.SAFE_SOURCES: + if settings.ENCRYPTION: + encrypt_list(request.user, results_parsed, settings.ENCRYPTION_KEY) - if settings.HASHING: - hash_list(request.user, results_parsed) + if settings.HASHING: + hash_list(request.user, results_parsed) - if settings.OBFUSCATION: - obfuscate_list(request.user, results_parsed) + if settings.OBFUSCATION: + obfuscate_list(request.user, results_parsed) - if settings.RANDOMISATION: - randomise_list(request.user, results_parsed) + if settings.RANDOMISATION: + randomise_list(request.user, results_parsed) # process_list(reqults) @@ -596,11 +604,13 @@ def query_results( if query: context["query"] = query if settings.DELAY_RESULTS: - if not request.user.has_perm("core.bypass_delay"): - context["delay"] = settings.DELAY_DURATION + if source not in settings.SAFE_SOURCES: + if not request.user.has_perm("core.bypass_delay"): + context["delay"] = settings.DELAY_DURATION if settings.RANDOMISATION: - if not request.user.has_perm("core.bypass_randomisation"): - context["randomised"] = True + if source not in settings.SAFE_SOURCES: + if not request.user.has_perm("core.bypass_randomisation"): + context["randomised"] = True return context diff --git a/core/templates/modals/context.html b/core/templates/modals/context.html index 19a58ef..8fec36d 100644 --- a/core/templates/modals/context.html +++ b/core/templates/modals/context.html @@ -72,7 +72,7 @@

Scrollback of {{ channel }} on {{ net }}{{ num }}

{% include 'modals/context_table.html' %} - {% if user.is_superuser and src == 'irc' %} + {% if user.is_superuser and source == 'irc' %}
diff --git a/core/templates/modals/context_table.html b/core/templates/modals/context_table.html index 16dded2..5dc6e6f 100644 --- a/core/templates/modals/context_table.html +++ b/core/templates/modals/context_table.html @@ -102,7 +102,7 @@ {% endif %} - {% if item.src == 'irc' %} + {% if item.source == 'irc' %} + href="/?modal=context&net={{row.cells.net|escapejs}}&num={{row.cells.num|escapejs}}&source={{row.cells.src|escapejs}}&channel={{row.cells.channel|urlsafe}}&time={{row.cells.time|escapejs}}&date={{row.cells.date|escapejs}}&index={{params.index}}&type={{row.cells.type}}&mtype={{row.cells.mtype}}&nick={{row.cells.mtype|escapejs}}"> {{ row.cells.msg }} diff --git a/core/views/helpers.py b/core/views/helpers.py index b09124c..1fb8ddc 100644 --- a/core/views/helpers.py +++ b/core/views/helpers.py @@ -216,10 +216,12 @@ def hash_lookup(user, data_dict, supplementary_data=None): hash_list = SortedSet() denied = [] for key, value in list(data_dict.items()): - print("DATA DICT", data_dict) if "source" in data_dict: if data_dict["source"] in settings.SAFE_SOURCES: continue + if "src" in data_dict: + if data_dict["src"] in settings.SAFE_SOURCES: + continue if supplementary_data: if "source" in supplementary_data: if supplementary_data["source"] in settings.SAFE_SOURCES: diff --git a/core/views/ui/drilldown.py b/core/views/ui/drilldown.py index 64f7aa2..9e0253e 100644 --- a/core/views/ui/drilldown.py +++ b/core/views/ui/drilldown.py @@ -292,7 +292,16 @@ class DrilldownContextModal(APIView): nicks_sensitive = None query = False # Create the query params from the POST arguments - mandatory = ["net", "channel", "num", "src", "index", "nick", "type", "mtype"] + mandatory = [ + "net", + "channel", + "num", + "source", + "index", + "nick", + "type", + "mtype", + ] invalid = [None, False, "—", "None"] query_params = {k: v for k, v in request.data.items() if v} @@ -306,8 +315,11 @@ class DrilldownContextModal(APIView): # Lookup the hash values but don't disclose them to the user if settings.HASHING: - SAFE_PARAMS = deepcopy(query_params) - hash_lookup(request.user, SAFE_PARAMS) + if query_params["source"] not in settings.SAFE_SOURCES: + SAFE_PARAMS = deepcopy(query_params) + hash_lookup(request.user, SAFE_PARAMS) + else: + SAFE_PARAMS = deepcopy(query_params) else: SAFE_PARAMS = query_params @@ -346,7 +358,7 @@ class DrilldownContextModal(APIView): SAFE_PARAMS["sorting"] = "desc" annotate = False - if query_params["src"] == "irc": + if query_params["source"] == "irc": if query_params["type"] not in ["znc", "auth"]: annotate = True # Create the query with the context helper @@ -354,7 +366,7 @@ class DrilldownContextModal(APIView): query_params["index"], SAFE_PARAMS["net"], SAFE_PARAMS["channel"], - query_params["src"], + query_params["source"], SAFE_PARAMS["num"], size, type=type, @@ -374,13 +386,13 @@ class DrilldownContextModal(APIView): return render(request, self.template_name, results) if settings.HASHING: # we probably want to see the tokens - if query_params["src"] not in settings.SAFE_SOURCES: + if query_params["source"] not in settings.SAFE_SOURCES: if not request.user.has_perm("core.bypass_hashing"): for index, item in enumerate(results["object_list"]): if "tokens" in item: - results["object_list"][index]["msg"] = results["object_list"][ - index - ].pop("tokens") + results["object_list"][index]["msg"] = results[ + "object_list" + ][index].pop("tokens") # item["msg"] = item.pop("tokens") # Make the time nicer @@ -390,7 +402,7 @@ class DrilldownContextModal(APIView): context = { "net": query_params["net"], "channel": query_params["channel"], - "src": query_params["src"], + "source": query_params["source"], "ts": f"{query_params['date']} {query_params['time']}", "object_list": results["object_list"], "time": query_params["time"],