Implement integer field randomisation

core/lib/opensearch.py

@@ -14,6 +14,7 @@ from core.views.helpers import (
     hash_list,
     hash_lookup,
     obfuscate_list,
+    randomise_list,
 )
 
 # from json import dumps
@@ -571,6 +572,9 @@ def query_results(
     if settings.OBFUSCATION:
         obfuscate_list(request.user, results_parsed)
 
+    if settings.RANDOMISATION:
+        randomise_list(request.user, results_parsed)
+
     # process_list(reqults)
 
     # IMPORTANT! - DO NOT PASS query_params to the user!
@@ -586,6 +590,9 @@ def query_results(
     if settings.DELAY_RESULTS:
         if not request.user.has_perm("bypass_delay"):
             context["delay"] = settings.DELAY_DURATION
+    if settings.RANDOMISATION:
+        if not request.user.has_perm("bypass_randomisation"):
+            context["randomised"] = True
     return context
 
 

core/migrations/0009_alter_perms_options.py

@@ -0,0 +1,17 @@
+# Generated by Django 4.0.6 on 2022-08-27 12:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0008_alter_perms_options'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='perms',
+            options={'permissions': (('bypass_hashing', 'Can bypass field hashing'), ('bypass_blacklist', 'Can bypass the blacklist'), ('bypass_encryption', 'Can bypass field encryption'), ('bypass_obfuscation', 'Can bypass field obfuscation'), ('bypass_delay', 'Can bypass data delay'), ('bypass_randomisation', 'Can bypass data randomisation'), ('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('query_search', 'Can search with query strings'), ('use_insights', 'Can use the Insights page'), ('index_int', 'Can use the internal index'), ('index_meta', 'Can use the meta index'))},
+        ),
+    ]

core/models.py

@@ -112,6 +112,7 @@ class Perms(models.Model):
             ("bypass_encryption", "Can bypass field encryption"),
             ("bypass_obfuscation", "Can bypass field obfuscation"),
             ("bypass_delay", "Can bypass data delay"),
+            ("bypass_randomisation", "Can bypass data randomisation"),
             ("post_irc", "Can post to IRC"),
             ("post_discord", "Can post to Discord"),
             ("query_search", "Can search with query strings"),

core/templates/ui/drilldown/table_results.html

@@ -28,7 +28,18 @@
     {% endif %}
     {% if delay is not None %}
       <div class="nowrap-child">
-        <p>delayed by {{ delay }} days</p>
+        <div class="nowrap-child">
+          <i class="fa-solid fa-clock"></i>
+        </div>
+        delayed by {{ delay }} days
+      </div>
+    {% endif %}
+    {% if randomised is True %}
+      <div class="nowrap-child">
+        <div class="nowrap-child">
+          <i class="fa-solid fa-shuffle"></i>
+        </div>
+        integer fields randomised
       </div>
     {% endif %}
   </div>

core/views/helpers.py

@@ -1,5 +1,6 @@
 import re
 from base64 import b64encode
+from random import randint
 
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
 from cryptography.hazmat.primitives.ciphers.modes import ECB
@@ -87,6 +88,31 @@ def base36decode(number):
     return int(number, 36)
 
 
+def randomise_list(user, data):
+    """
+    Randomise data in a list of dictionaries.
+    """
+    if user.has_perm("bypass_randomisation"):
+        return
+    if isinstance(data, list):
+        for index, item in enumerate(data):
+            for key, value in item.items():
+                if key in settings.RANDOMISE_FIELDS:
+                    if isinstance(value, int):
+                        min_val = value - (value * settings.RANDOMISE_RATIO)
+                        max_val = value + (value * settings.RANDOMISE_RATIO)
+                        new_val = randint(int(min_val), int(max_val))
+                        data[index][key] = new_val
+    elif isinstance(data, dict):
+        for key, value in data.items():
+            # if key in settings.RANDOMISE_FIELDS:
+            if isinstance(value, int):
+                min_val = value - (value * settings.RANDOMISE_RATIO)
+                max_val = value + (value * settings.RANDOMISE_RATIO)
+                new_val = randint(int(min_val), int(max_val))
+                data[key] = new_val
+
+
 def obfuscate_list(user, data):
     """
     Obfuscate data in a list of dictionaries.

core/views/ui/drilldown.py

@@ -19,7 +19,7 @@ from core.lib.threshold import (
     get_chans,
     get_users,
 )
-from core.views.helpers import hash_list, hash_lookup
+from core.views.helpers import hash_list, hash_lookup, randomise_list
 from core.views.ui.tables import DrilldownTable
 
 
@@ -441,14 +441,19 @@ class ThresholdInfoModal(APIView):
             inter_chans = get_chans(safe_net, users)
         else:
             inter_chans = []
-        hash_list(request.user, inter_chans)
+        if settings.HASHING:
-        hash_list(request.user, inter_users)
+            hash_list(request.user, inter_chans)
+            hash_list(request.user, inter_users)
 
-        hash_list(request.user, num_chans, hash_keys=True)
+            hash_list(request.user, num_chans, hash_keys=True)
-        hash_list(request.user, num_users, hash_keys=True)
+            hash_list(request.user, num_users, hash_keys=True)
 
-        hash_list(request.user, channels)
+            hash_list(request.user, channels)
-        hash_list(request.user, users)
+            hash_list(request.user, users)
+
+        if settings.RANDOMISATION:
+            randomise_list(request.user, num_chans)
+            randomise_list(request.user, num_users)
 
         # SAFE BLOCK END #