Open lfreijo opened 6 hours ago
cccs-rs
commented
6 hours ago The task's min_classification should match the classification of the submission:
https://github.com/CybercentreCanada/assemblyline-core/blob/f6ecd48e1b47306df7f409abd0ec205a9e0d5961/assemblyline_core/dispatching/dispatcher.py#L783C25-L783C43
cccs-rs
commented
6 hours ago The classification you see in the UI might differ from the original submitted classification depending on the content displayed (ie. heuristics from a service at a much higher classification)
lfreijo
commented
6 hours ago Thanks for the fast response! That is what I initially thought, but it does not seem to be matching. Any classification I select always shows as "TLP:C". Perhaps there is something wrong with my classification yaml? The final report and submission appear to be marked correctly from the UI and API just not within the service.
cccs-rs
commented
3 hours ago Hmm... were there changes to the classification.yml? I wonder if one part of the system or another doesn't know how to interpret a new marking and it's just defaulting to TLP:C.
lfreijo
commented
2 hours ago Here is the classification.yml we are using. The changes are minimal from the example.
# This the default classification engine provided with Assemblyline,
# it showcases all the different features of the classification engine
# while providing a useful configuration
# Turn on/off classification enforcement. When this flag is off, this
# completely disables the classification engine, any documents added while
# the classification engine is off gets the default unrestricted value
enforce: true
# Turn on/off dynamic group creation. This feature allow you to dynamically create classification groups based on
# features from the user.
dynamic_groups: false
# Set the type of dynamic groups to be used
# email: groups will be based of the user's email domain
# group: groups will be created out the the user's group values
# all: groups will be created out of both the email domain and the group values
dynamic_groups_type: group
# List of Classification level:
# Graded list were a smaller number is less restricted then an higher number.
levels:
# List of alternate names for the current marking
- aliases:
- UNRESTRICTED
- UNCLASSIFIED
- U
- TLP:W
- TLP:WHITE
# Stylesheet applied in the UI for the different levels
css:
# Name of the color scheme used for display (default, primary, secondary, success, info, warning, error)
color: default
# Description of the classification level
description: Subject to standard copyright rules, TLP:CLEAR information may be distributed without restriction.
# Interger value of the Classification level (higher is more classified)
lvl: 100
# Long name of the classification item
name: TLP:CLEAR
# Short name of the classification item
short_name: TLP:C
# Hidden for display, The classification picker on the frontend will not show as a possible pick
is_hidden: false
- aliases: []
css:
color: success
description:
Recipients may share TLP:GREEN information with peers and partner organizations
within their sector or community, but not via publicly accessible channels. Information
in this category can be circulated widely within a particular community. TLP:GREEN
information may not be released outside of the community.
lvl: 110
name: TLP:GREEN
short_name: TLP:G
is_hidden: false
- aliases: []
css:
color: warning
description:
Recipients may only share TLP:AMBER information with members of their
own organization and with clients or customers who need to know the information
to protect themselves or prevent further harm.
lvl: 120
name: TLP:AMBER
short_name: TLP:A
is_hidden: false
- aliases:
- RESTRICTED
css:
color: warning
description:
Recipients may only share TLP:AMBER+STRICT information with members of their
own organization.
lvl: 125
name: TLP:AMBER+STRICT
short_name: TLP:A+S
is_hidden: false
- aliases:
- HIGHLYRESTRICTED
css:
color: error
description:
Recipients may not share any details
lvl: 130
name: TLP:RED
short_name: TLP:R
is_hidden: false
# Default restricted classification
restricted: TLP:RED
# Default unrestricted classification:
# When no classification are provided or that the classification engine is
# disabled, this is the classification value each items will get
unrestricted: TLP:CHmm... assuming the same classification file is mounted in the service on /etc/assemblyline/classfication.yml, it should be able to interpret the classification strings that the dispatcher is sending. Unless there's a bug in the dispatcher that's sending the wrong classification in the task to the service.
Would you be able to test this?
lfreijo
commented
49 minutes ago Ok. Thanks to your tip I was able to get it to work. Manually copying the config to /etc/assemblyline/classfication.yml in the service container made the values work as expected! So we are using a docker install right now to get our feet wet. I am guessing this is not an issue if we move to k8s. Is there a way to get the docker install to automatically mount this and any other config we need?
I'm writing a small service to connect assemblyline to an external api. I would like to be able to determine the classification of the submission to propagate that to the external service. This is a connector between two systems and the other system can also be accessed by users so I need to keep the classification in sync.
The only object that a service has available to it (as far as I can tell) is the ServiceRequest passed into execute(). This has the task with min_classification and service_default_result_classification. Neither of those match the classification I select when submitting a file. I can see that the API does support querying for the submission and returning the classification that way, but that seems like a clunky solution from within the service.
Is there any other way a service can access the request's classification?