Implement integer field randomisation

This commit is contained in:
Mark Veidemanis 2022-08-27 13:18:24 +01:00
parent 9b2d61831b
commit ba41a0b26b
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
6 changed files with 75 additions and 8 deletions

View File

@ -14,6 +14,7 @@ from core.views.helpers import (
hash_list,
hash_lookup,
obfuscate_list,
randomise_list,
)
# from json import dumps
@ -571,6 +572,9 @@ def query_results(
if settings.OBFUSCATION:
obfuscate_list(request.user, results_parsed)
if settings.RANDOMISATION:
randomise_list(request.user, results_parsed)
# process_list(reqults)
# IMPORTANT! - DO NOT PASS query_params to the user!
@ -586,6 +590,9 @@ def query_results(
if settings.DELAY_RESULTS:
if not request.user.has_perm("bypass_delay"):
context["delay"] = settings.DELAY_DURATION
if settings.RANDOMISATION:
if not request.user.has_perm("bypass_randomisation"):
context["randomised"] = True
return context

View File

@ -0,0 +1,17 @@
# Generated by Django 4.0.6 on 2022-08-27 12:05
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('core', '0008_alter_perms_options'),
]
operations = [
migrations.AlterModelOptions(
name='perms',
options={'permissions': (('bypass_hashing', 'Can bypass field hashing'), ('bypass_blacklist', 'Can bypass the blacklist'), ('bypass_encryption', 'Can bypass field encryption'), ('bypass_obfuscation', 'Can bypass field obfuscation'), ('bypass_delay', 'Can bypass data delay'), ('bypass_randomisation', 'Can bypass data randomisation'), ('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('query_search', 'Can search with query strings'), ('use_insights', 'Can use the Insights page'), ('index_int', 'Can use the internal index'), ('index_meta', 'Can use the meta index'))},
),
]

View File

@ -112,6 +112,7 @@ class Perms(models.Model):
("bypass_encryption", "Can bypass field encryption"),
("bypass_obfuscation", "Can bypass field obfuscation"),
("bypass_delay", "Can bypass data delay"),
("bypass_randomisation", "Can bypass data randomisation"),
("post_irc", "Can post to IRC"),
("post_discord", "Can post to Discord"),
("query_search", "Can search with query strings"),

View File

@ -28,7 +28,18 @@
{% endif %}
{% if delay is not None %}
<div class="nowrap-child">
<p>delayed by {{ delay }} days</p>
<div class="nowrap-child">
<i class="fa-solid fa-clock"></i>
</div>
delayed by {{ delay }} days
</div>
{% endif %}
{% if randomised is True %}
<div class="nowrap-child">
<div class="nowrap-child">
<i class="fa-solid fa-shuffle"></i>
</div>
integer fields randomised
</div>
{% endif %}
</div>

View File

@ -1,5 +1,6 @@
import re
from base64 import b64encode
from random import randint
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
from cryptography.hazmat.primitives.ciphers.modes import ECB
@ -87,6 +88,31 @@ def base36decode(number):
return int(number, 36)
def randomise_list(user, data):
"""
Randomise data in a list of dictionaries.
"""
if user.has_perm("bypass_randomisation"):
return
if isinstance(data, list):
for index, item in enumerate(data):
for key, value in item.items():
if key in settings.RANDOMISE_FIELDS:
if isinstance(value, int):
min_val = value - (value * settings.RANDOMISE_RATIO)
max_val = value + (value * settings.RANDOMISE_RATIO)
new_val = randint(int(min_val), int(max_val))
data[index][key] = new_val
elif isinstance(data, dict):
for key, value in data.items():
# if key in settings.RANDOMISE_FIELDS:
if isinstance(value, int):
min_val = value - (value * settings.RANDOMISE_RATIO)
max_val = value + (value * settings.RANDOMISE_RATIO)
new_val = randint(int(min_val), int(max_val))
data[key] = new_val
def obfuscate_list(user, data):
"""
Obfuscate data in a list of dictionaries.

View File

@ -19,7 +19,7 @@ from core.lib.threshold import (
get_chans,
get_users,
)
from core.views.helpers import hash_list, hash_lookup
from core.views.helpers import hash_list, hash_lookup, randomise_list
from core.views.ui.tables import DrilldownTable
@ -441,14 +441,19 @@ class ThresholdInfoModal(APIView):
inter_chans = get_chans(safe_net, users)
else:
inter_chans = []
hash_list(request.user, inter_chans)
hash_list(request.user, inter_users)
if settings.HASHING:
hash_list(request.user, inter_chans)
hash_list(request.user, inter_users)
hash_list(request.user, num_chans, hash_keys=True)
hash_list(request.user, num_users, hash_keys=True)
hash_list(request.user, num_chans, hash_keys=True)
hash_list(request.user, num_users, hash_keys=True)
hash_list(request.user, channels)
hash_list(request.user, users)
hash_list(request.user, channels)
hash_list(request.user, users)
if settings.RANDOMISATION:
randomise_list(request.user, num_chans)
randomise_list(request.user, num_users)
# SAFE BLOCK END #