search

dfir-iris / iris-web

Collaborative Incident Response platform
GNU Lesser General Public License v3.0
1.08k stars 185 forks source link

[FR] Provide the case identifier in the data associated to postload hooks #183

Open c8y3 opened 1 year ago

c8y3 commented 1 year ago

Is your feature request related to a problem? Please describe. We would like to develop a plugin which informs a REST API of all the modifications on the cases (see https://github.com/airbus-cyber/iris-httpsend-module). To do so, we plan to register the plugin on all postload hooks and convert the data received into a json thanks to the schemas in app.schema.marshables. Doing so, we noticed that some datas (note, ioc, evidence and task) did not provide the identifier of the case they are associated with.

Describe the solution you'd like Ideally, we would like objects app.models.models.Notes, app.models.models.Ioc, app.models.models.CaseReceivedFile and app.models.models.CaseTasks to include the identifier of the case they are related to.

Describe alternatives you've considered Maybe there is another way to play with the objects received in order to retrieve the identifier of the case they are related to. Maybe by requesting the database... If you have any advice, it would be greatly appreciated. Thank you.

whikernel commented 1 year ago

Hi @c8y3

You can actually get the case ID from the module directly.
The modules are inheriting the IrisInterface class which inherits from the Celery Task class. When IRIS calls the module, it adds multiple arguments (https://github.com/dfir-iris/iris-web/blob/be060f06c1e883387ed373284088976c75e7986c/source/app/iris_engine/module_handler/module_handler.py#L408).
These arguments are thus accessible from the module with self.request.args and self.request.kwargs, self being an inheritance of the Celery Task class.

Let me know if it helps, Cheers

c8y3 commented 1 year ago

Maybe I am doing this right, but it seems not to be working. To test this out, I added the following instruction to my module in the hooks_handler method:

self.log.info(f'with args {self.request.args}')

But it fails with the following stack trace:

iriswebapp_worker | [2023-03-10 13:07:44,640: CRITICAL/ForkPoolWorker-2] Failed to run hook on_postload_case_create with module iris_httpsend_module. Error 'NoneType' object has no attribute 'top'
iriswebapp_worker | [2023-03-10 13:07:44,640: ERROR/ForkPoolWorker-2] 'NoneType' object has no attribute 'top'
iriswebapp_worker | Traceback (most recent call last):
iriswebapp_worker |   File "/iriswebapp/app/iris_engine/module_handler/module_handler.py", line 480, in task_hook_wrapper
iriswebapp_worker |     task_status = mod_inst.hooks_handler(hook_name, hook_ui_name, data=_obj)
iriswebapp_worker |   File "/opt/venv/lib/python3.9/site-packages/iris_httpsend_module/IrisHttpSendInterface.py", line 90, in hooks_handler
iriswebapp_worker |     self.log.info(f'with args {self.request.args}')
iriswebapp_worker |   File "/opt/venv/lib/python3.9/site-packages/celery/app/task.py", line 1072, in _get_request
iriswebapp_worker |     req = self.request_stack.top
iriswebapp_worker | AttributeError: 'NoneType' object has no attribute 'top'