Implement integer field randomisation
This commit is contained in:
parent
9b2d61831b
commit
ba41a0b26b
|
@ -14,6 +14,7 @@ from core.views.helpers import (
|
|||
hash_list,
|
||||
hash_lookup,
|
||||
obfuscate_list,
|
||||
randomise_list,
|
||||
)
|
||||
|
||||
# from json import dumps
|
||||
|
@ -571,6 +572,9 @@ def query_results(
|
|||
if settings.OBFUSCATION:
|
||||
obfuscate_list(request.user, results_parsed)
|
||||
|
||||
if settings.RANDOMISATION:
|
||||
randomise_list(request.user, results_parsed)
|
||||
|
||||
# process_list(reqults)
|
||||
|
||||
# IMPORTANT! - DO NOT PASS query_params to the user!
|
||||
|
@ -586,6 +590,9 @@ def query_results(
|
|||
if settings.DELAY_RESULTS:
|
||||
if not request.user.has_perm("bypass_delay"):
|
||||
context["delay"] = settings.DELAY_DURATION
|
||||
if settings.RANDOMISATION:
|
||||
if not request.user.has_perm("bypass_randomisation"):
|
||||
context["randomised"] = True
|
||||
return context
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
# Generated by Django 4.0.6 on 2022-08-27 12:05
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('core', '0008_alter_perms_options'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='perms',
|
||||
options={'permissions': (('bypass_hashing', 'Can bypass field hashing'), ('bypass_blacklist', 'Can bypass the blacklist'), ('bypass_encryption', 'Can bypass field encryption'), ('bypass_obfuscation', 'Can bypass field obfuscation'), ('bypass_delay', 'Can bypass data delay'), ('bypass_randomisation', 'Can bypass data randomisation'), ('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('query_search', 'Can search with query strings'), ('use_insights', 'Can use the Insights page'), ('index_int', 'Can use the internal index'), ('index_meta', 'Can use the meta index'))},
|
||||
),
|
||||
]
|
|
@ -112,6 +112,7 @@ class Perms(models.Model):
|
|||
("bypass_encryption", "Can bypass field encryption"),
|
||||
("bypass_obfuscation", "Can bypass field obfuscation"),
|
||||
("bypass_delay", "Can bypass data delay"),
|
||||
("bypass_randomisation", "Can bypass data randomisation"),
|
||||
("post_irc", "Can post to IRC"),
|
||||
("post_discord", "Can post to Discord"),
|
||||
("query_search", "Can search with query strings"),
|
||||
|
|
|
@ -28,7 +28,18 @@
|
|||
{% endif %}
|
||||
{% if delay is not None %}
|
||||
<div class="nowrap-child">
|
||||
<p>delayed by {{ delay }} days</p>
|
||||
<div class="nowrap-child">
|
||||
<i class="fa-solid fa-clock"></i>
|
||||
</div>
|
||||
delayed by {{ delay }} days
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if randomised is True %}
|
||||
<div class="nowrap-child">
|
||||
<div class="nowrap-child">
|
||||
<i class="fa-solid fa-shuffle"></i>
|
||||
</div>
|
||||
integer fields randomised
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import re
|
||||
from base64 import b64encode
|
||||
from random import randint
|
||||
|
||||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
|
||||
from cryptography.hazmat.primitives.ciphers.modes import ECB
|
||||
|
@ -87,6 +88,31 @@ def base36decode(number):
|
|||
return int(number, 36)
|
||||
|
||||
|
||||
def randomise_list(user, data):
|
||||
"""
|
||||
Randomise data in a list of dictionaries.
|
||||
"""
|
||||
if user.has_perm("bypass_randomisation"):
|
||||
return
|
||||
if isinstance(data, list):
|
||||
for index, item in enumerate(data):
|
||||
for key, value in item.items():
|
||||
if key in settings.RANDOMISE_FIELDS:
|
||||
if isinstance(value, int):
|
||||
min_val = value - (value * settings.RANDOMISE_RATIO)
|
||||
max_val = value + (value * settings.RANDOMISE_RATIO)
|
||||
new_val = randint(int(min_val), int(max_val))
|
||||
data[index][key] = new_val
|
||||
elif isinstance(data, dict):
|
||||
for key, value in data.items():
|
||||
# if key in settings.RANDOMISE_FIELDS:
|
||||
if isinstance(value, int):
|
||||
min_val = value - (value * settings.RANDOMISE_RATIO)
|
||||
max_val = value + (value * settings.RANDOMISE_RATIO)
|
||||
new_val = randint(int(min_val), int(max_val))
|
||||
data[key] = new_val
|
||||
|
||||
|
||||
def obfuscate_list(user, data):
|
||||
"""
|
||||
Obfuscate data in a list of dictionaries.
|
||||
|
|
|
@ -19,7 +19,7 @@ from core.lib.threshold import (
|
|||
get_chans,
|
||||
get_users,
|
||||
)
|
||||
from core.views.helpers import hash_list, hash_lookup
|
||||
from core.views.helpers import hash_list, hash_lookup, randomise_list
|
||||
from core.views.ui.tables import DrilldownTable
|
||||
|
||||
|
||||
|
@ -441,14 +441,19 @@ class ThresholdInfoModal(APIView):
|
|||
inter_chans = get_chans(safe_net, users)
|
||||
else:
|
||||
inter_chans = []
|
||||
hash_list(request.user, inter_chans)
|
||||
hash_list(request.user, inter_users)
|
||||
if settings.HASHING:
|
||||
hash_list(request.user, inter_chans)
|
||||
hash_list(request.user, inter_users)
|
||||
|
||||
hash_list(request.user, num_chans, hash_keys=True)
|
||||
hash_list(request.user, num_users, hash_keys=True)
|
||||
hash_list(request.user, num_chans, hash_keys=True)
|
||||
hash_list(request.user, num_users, hash_keys=True)
|
||||
|
||||
hash_list(request.user, channels)
|
||||
hash_list(request.user, users)
|
||||
hash_list(request.user, channels)
|
||||
hash_list(request.user, users)
|
||||
|
||||
if settings.RANDOMISATION:
|
||||
randomise_list(request.user, num_chans)
|
||||
randomise_list(request.user, num_users)
|
||||
|
||||
# SAFE BLOCK END #
|
||||
|
||||
|
|
Loading…
Reference in New Issue