diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py index 3a3be8e..b66c713 100644 --- a/core/lib/opensearch.py +++ b/core/lib/opensearch.py @@ -14,6 +14,7 @@ from core.views.helpers import ( hash_list, hash_lookup, obfuscate_list, + randomise_list, ) # from json import dumps @@ -571,6 +572,9 @@ def query_results( if settings.OBFUSCATION: obfuscate_list(request.user, results_parsed) + if settings.RANDOMISATION: + randomise_list(request.user, results_parsed) + # process_list(reqults) # IMPORTANT! - DO NOT PASS query_params to the user! @@ -586,6 +590,9 @@ def query_results( if settings.DELAY_RESULTS: if not request.user.has_perm("bypass_delay"): context["delay"] = settings.DELAY_DURATION + if settings.RANDOMISATION: + if not request.user.has_perm("bypass_randomisation"): + context["randomised"] = True return context diff --git a/core/migrations/0009_alter_perms_options.py b/core/migrations/0009_alter_perms_options.py new file mode 100644 index 0000000..66a05b7 --- /dev/null +++ b/core/migrations/0009_alter_perms_options.py @@ -0,0 +1,17 @@ +# Generated by Django 4.0.6 on 2022-08-27 12:05 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('core', '0008_alter_perms_options'), + ] + + operations = [ + migrations.AlterModelOptions( + name='perms', + options={'permissions': (('bypass_hashing', 'Can bypass field hashing'), ('bypass_blacklist', 'Can bypass the blacklist'), ('bypass_encryption', 'Can bypass field encryption'), ('bypass_obfuscation', 'Can bypass field obfuscation'), ('bypass_delay', 'Can bypass data delay'), ('bypass_randomisation', 'Can bypass data randomisation'), ('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('query_search', 'Can search with query strings'), ('use_insights', 'Can use the Insights page'), ('index_int', 'Can use the internal index'), ('index_meta', 'Can use the meta index'))}, + ), + ] diff --git a/core/models.py b/core/models.py index 72528ce..a18e3b3 100644 --- a/core/models.py +++ b/core/models.py @@ -112,6 +112,7 @@ class Perms(models.Model): ("bypass_encryption", "Can bypass field encryption"), ("bypass_obfuscation", "Can bypass field obfuscation"), ("bypass_delay", "Can bypass data delay"), + ("bypass_randomisation", "Can bypass data randomisation"), ("post_irc", "Can post to IRC"), ("post_discord", "Can post to Discord"), ("query_search", "Can search with query strings"), diff --git a/core/templates/ui/drilldown/table_results.html b/core/templates/ui/drilldown/table_results.html index 616c2d8..7917352 100644 --- a/core/templates/ui/drilldown/table_results.html +++ b/core/templates/ui/drilldown/table_results.html @@ -28,7 +28,18 @@ {% endif %} {% if delay is not None %}
-

delayed by {{ delay }} days

+
+ +
+ delayed by {{ delay }} days +
+ {% endif %} + {% if randomised is True %} +
+
+ +
+ integer fields randomised
{% endif %} diff --git a/core/views/helpers.py b/core/views/helpers.py index 4e51d2b..1e620db 100644 --- a/core/views/helpers.py +++ b/core/views/helpers.py @@ -1,5 +1,6 @@ import re from base64 import b64encode +from random import randint from cryptography.hazmat.primitives.ciphers import Cipher, algorithms from cryptography.hazmat.primitives.ciphers.modes import ECB @@ -87,6 +88,31 @@ def base36decode(number): return int(number, 36) +def randomise_list(user, data): + """ + Randomise data in a list of dictionaries. + """ + if user.has_perm("bypass_randomisation"): + return + if isinstance(data, list): + for index, item in enumerate(data): + for key, value in item.items(): + if key in settings.RANDOMISE_FIELDS: + if isinstance(value, int): + min_val = value - (value * settings.RANDOMISE_RATIO) + max_val = value + (value * settings.RANDOMISE_RATIO) + new_val = randint(int(min_val), int(max_val)) + data[index][key] = new_val + elif isinstance(data, dict): + for key, value in data.items(): + # if key in settings.RANDOMISE_FIELDS: + if isinstance(value, int): + min_val = value - (value * settings.RANDOMISE_RATIO) + max_val = value + (value * settings.RANDOMISE_RATIO) + new_val = randint(int(min_val), int(max_val)) + data[key] = new_val + + def obfuscate_list(user, data): """ Obfuscate data in a list of dictionaries. diff --git a/core/views/ui/drilldown.py b/core/views/ui/drilldown.py index 8dfb273..41b8ded 100644 --- a/core/views/ui/drilldown.py +++ b/core/views/ui/drilldown.py @@ -19,7 +19,7 @@ from core.lib.threshold import ( get_chans, get_users, ) -from core.views.helpers import hash_list, hash_lookup +from core.views.helpers import hash_list, hash_lookup, randomise_list from core.views.ui.tables import DrilldownTable @@ -441,14 +441,19 @@ class ThresholdInfoModal(APIView): inter_chans = get_chans(safe_net, users) else: inter_chans = [] - hash_list(request.user, inter_chans) - hash_list(request.user, inter_users) + if settings.HASHING: + hash_list(request.user, inter_chans) + hash_list(request.user, inter_users) + + hash_list(request.user, num_chans, hash_keys=True) + hash_list(request.user, num_users, hash_keys=True) - hash_list(request.user, num_chans, hash_keys=True) - hash_list(request.user, num_users, hash_keys=True) + hash_list(request.user, channels) + hash_list(request.user, users) - hash_list(request.user, channels) - hash_list(request.user, users) + if settings.RANDOMISATION: + randomise_list(request.user, num_chans) + randomise_list(request.user, num_users) # SAFE BLOCK END #