Implement integer field randomisation

2 years ago · ba41a0b26b
parent 9b2d61831b
commit ba41a0b26b
6 changed files with 75 additions and 8 deletions
--- a/core/lib/opensearch.py
+++ b/core/lib/opensearch.py
@ -14,6 +14,7 @@ from core.views.helpers import (
    hash_list,
    hash_lookup,
    obfuscate_list,
+    randomise_list,
 )

 # from json import dumps
@ -571,6 +572,9 @@ def query_results(
    if settings.OBFUSCATION:
        obfuscate_list(request.user, results_parsed)

+    if settings.RANDOMISATION:
+        randomise_list(request.user, results_parsed)
+
    # process_list(reqults)

    # IMPORTANT! - DO NOT PASS query_params to the user!
@ -586,6 +590,9 @@ def query_results(
    if settings.DELAY_RESULTS:
        if not request.user.has_perm("bypass_delay"):
            context["delay"] = settings.DELAY_DURATION
+    if settings.RANDOMISATION:
+        if not request.user.has_perm("bypass_randomisation"):
+            context["randomised"] = True
    return context


--- a/core/migrations/0009_alter_perms_options.py
+++ b/core/migrations/0009_alter_perms_options.py
@ -0,0 +1,17 @@
+# Generated by Django 4.0.6 on 2022-08-27 12:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0008_alter_perms_options'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='perms',
+            options={'permissions': (('bypass_hashing', 'Can bypass field hashing'), ('bypass_blacklist', 'Can bypass the blacklist'), ('bypass_encryption', 'Can bypass field encryption'), ('bypass_obfuscation', 'Can bypass field obfuscation'), ('bypass_delay', 'Can bypass data delay'), ('bypass_randomisation', 'Can bypass data randomisation'), ('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('query_search', 'Can search with query strings'), ('use_insights', 'Can use the Insights page'), ('index_int', 'Can use the internal index'), ('index_meta', 'Can use the meta index'))},
+        ),
+    ]
--- a/core/models.py
+++ b/core/models.py
@ -112,6 +112,7 @@ class Perms(models.Model):
            ("bypass_encryption", "Can bypass field encryption"),
            ("bypass_obfuscation", "Can bypass field obfuscation"),
            ("bypass_delay", "Can bypass data delay"),
+            ("bypass_randomisation", "Can bypass data randomisation"),
            ("post_irc", "Can post to IRC"),
            ("post_discord", "Can post to Discord"),
            ("query_search", "Can search with query strings"),
--- a/core/templates/ui/drilldown/table_results.html
+++ b/core/templates/ui/drilldown/table_results.html
@ -28,7 +28,18 @@
    {% endif %}
    {% if delay is not None %}
      <div class="nowrap-child">
-        <p>delayed by {{ delay }} days</p>
+        <div class="nowrap-child">
+          <i class="fa-solid fa-clock"></i>
+        </div>
+        delayed by {{ delay }} days
+      </div>
+    {% endif %}
+    {% if randomised is True %}
+      <div class="nowrap-child">
+        <div class="nowrap-child">
+          <i class="fa-solid fa-shuffle"></i>
+        </div>
+        integer fields randomised
      </div>
    {% endif %}
  </div>
--- a/core/views/helpers.py
+++ b/core/views/helpers.py
@ -1,5 +1,6 @@
 import re
 from base64 import b64encode
+from random import randint

 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
 from cryptography.hazmat.primitives.ciphers.modes import ECB
@ -87,6 +88,31 @@ def base36decode(number):
    return int(number, 36)


+def randomise_list(user, data):
+    """
+    Randomise data in a list of dictionaries.
+    """
+    if user.has_perm("bypass_randomisation"):
+        return
+    if isinstance(data, list):
+        for index, item in enumerate(data):
+            for key, value in item.items():
+                if key in settings.RANDOMISE_FIELDS:
+                    if isinstance(value, int):
+                        min_val = value - (value * settings.RANDOMISE_RATIO)
+                        max_val = value + (value * settings.RANDOMISE_RATIO)
+                        new_val = randint(int(min_val), int(max_val))
+                        data[index][key] = new_val
+    elif isinstance(data, dict):
+        for key, value in data.items():
+            # if key in settings.RANDOMISE_FIELDS:
+            if isinstance(value, int):
+                min_val = value - (value * settings.RANDOMISE_RATIO)
+                max_val = value + (value * settings.RANDOMISE_RATIO)
+                new_val = randint(int(min_val), int(max_val))
+                data[key] = new_val
+
+
 def obfuscate_list(user, data):
    """
    Obfuscate data in a list of dictionaries.
--- a/core/views/ui/drilldown.py
+++ b/core/views/ui/drilldown.py
@ -19,7 +19,7 @@ from core.lib.threshold import (
    get_chans,
    get_users,
 )
-from core.views.helpers import hash_list, hash_lookup
+from core.views.helpers import hash_list, hash_lookup, randomise_list
 from core.views.ui.tables import DrilldownTable


@ -441,14 +441,19 @@ class ThresholdInfoModal(APIView):
            inter_chans = get_chans(safe_net, users)
        else:
            inter_chans = []
-        hash_list(request.user, inter_chans)
-        hash_list(request.user, inter_users)
+        if settings.HASHING:
+            hash_list(request.user, inter_chans)
+            hash_list(request.user, inter_users)
+
+            hash_list(request.user, num_chans, hash_keys=True)
+            hash_list(request.user, num_users, hash_keys=True)

-        hash_list(request.user, num_chans, hash_keys=True)
-        hash_list(request.user, num_users, hash_keys=True)
+            hash_list(request.user, channels)
+            hash_list(request.user, users)

-        hash_list(request.user, channels)
-        hash_list(request.user, users)
+        if settings.RANDOMISATION:
+            randomise_list(request.user, num_chans)
+            randomise_list(request.user, num_users)

        # SAFE BLOCK END #