diff --git a/bin/packages/Term.py b/bin/packages/Term.py index 2f45c677..30911252 100755 --- a/bin/packages/Term.py +++ b/bin/packages/Term.py @@ -27,6 +27,21 @@ special_characters.add('\\s') tokenizer = RegexpTokenizer('[\&\~\:\;\,\.\(\)\{\}\|\[\]\\\\/\-/\=\'\"\%\$\?\@\+\#\_\^\<\>\!\*\n\r\t\s]+', gaps=True, discard_empty=True) +def is_valid_uuid_v4(UUID): + UUID = UUID.replace('-', '') + try: + uuid_test = uuid.UUID(hex=UUID, version=4) + return uuid_test.hex == UUID + except: + return False + +# # TODO: use new package => duplicate fct +def is_in_role(user_id, role): + if r_serv_db.sismember('user_role:{}'.format(role), user_id): + return True + else: + return False + def is_valid_mail(email): result = email_regex.match(email) if result: @@ -215,10 +230,25 @@ def add_tracked_term(term , term_type, user_id, level, tags, mails, dashboard=0) return term_uuid +def parse_tracked_term_to_delete(dict_input, user_id): + term_uuid = dict_input.get('uuid', None) + if not is_valid_uuid_v4(term_uuid): + return ({"status": "error", "reason": "Invalid uuid"}, 400) + level = r_serv_term.hget('tracked_term:{}'.format(term_uuid), 'level') + if not level: + return ({"status": "error", "reason": "Unknown uuid"}, 404) + if level == 0: + if r_serv_term.hget('tracked_term:{}'.format(term_uuid), 'user_id') != user_id: + if not is_in_role(user_id, 'admin'): + return ({"status": "error", "reason": "Unknown uuid"}, 404) + + delete_term(term_uuid) + return ({"uuid": term_uuid}, 200) + def delete_term(term_uuid): term = r_serv_term.hget('tracked_term:{}'.format(term_uuid), 'tracked') term_type = r_serv_term.hget('tracked_term:{}'.format(term_uuid), 'type') - term_level = r_serv_term.hget('tracked_term:{}'.format(term_uuid), 'level') + level = r_serv_term.hget('tracked_term:{}'.format(term_uuid), 'level') r_serv_term.srem('all:tracked_term_uuid:{}:{}'.format(term_type, term), term_uuid) # Term not tracked by other users if not r_serv_term.exists('all:tracked_term_uuid:{}:{}'.format(term_type, term)): @@ -243,7 +273,10 @@ def delete_term(term_uuid): r_serv_term.delete('tracked_term:mail:{}'.format(term_uuid)) # remove item set - r_serv_term.delete('tracked_term:item:{}'.format(term_uuid)) + all_item_date = r_serv_term.zrange('tracked_term:stat:{}'.format(term_uuid), 0, -1) + for date in all_item_date: + r_serv_term.delete('tracked_term:item:{}:{}'.format(term_uuid, date)) + r_serv_term.delete('tracked_term:stat:{}'.format(term_uuid)) def get_term_uuid_list(term, term_type): return list(r_serv_term.smembers('all:tracked_term_uuid:{}:{}'.format(term_type, term))) diff --git a/doc/README.md b/doc/README.md index 31f13cc3..764b4ff5 100644 --- a/doc/README.md +++ b/doc/README.md @@ -629,17 +629,13 @@ Add term tracker #### Example ``` -curl https://127.0.0.1:7000/api/v1/import/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input.json -X POST +curl https://127.0.0.1:7000/api/v1/add/tracker/term --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input.json -X POST ``` #### input.json Example ```json { - "type": "text", - "tags": [ - "infoleak:analyst-detection=\"private-key\"" - ], - "text": "text to import" + } ``` @@ -648,7 +644,7 @@ curl https://127.0.0.1:7000/api/v1/import/item --header "Authorization: iHc1_ChZ ```json { - "uuid": "0c3d7b34-936e-4f01-9cdf-2070184b6016" + } ``` @@ -656,10 +652,56 @@ curl https://127.0.0.1:7000/api/v1/import/item --header "Authorization: iHc1_ChZ **HTTP Status Code** : `400` ```json - {"status": "error", "reason": "Malformed JSON"} - {"status": "error", "reason": "No text supplied"} - {"status": "error", "reason": "Tags or Galaxy not enabled"} - {"status": "error", "reason": "Size exceeds default"} + +``` + + + + +### Delete term tracker: `api/v1/delete/tracker/term` + +#### Description +Delete term tracker + +**Method** : `DELETE` + +#### Parameters +- `uuid` + - tracked term uuid + - *uuid4* + - mandatory + +#### JSON response +- `uuid` + - deleted uuid + - *uuid4* + +#### Example +``` +curl https://127.0.0.1:7000/api/v1/add/tracker/term --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input.json -X POST +``` + +#### input.json Example +```json + { + + } +``` + +#### Expected Success Response +**HTTP Status Code** : `200` + +```json + { + + } +``` + +#### Expected Fail Response +**HTTP Status Code** : `400` + +```json + ``` diff --git a/var/www/modules/restApi/Flask_restApi.py b/var/www/modules/restApi/Flask_restApi.py index 864e7ed3..3544f705 100644 --- a/var/www/modules/restApi/Flask_restApi.py +++ b/var/www/modules/restApi/Flask_restApi.py @@ -314,16 +314,25 @@ def get_all_tags(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # TRACKER # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # -@restApi.route("api/v1/add/tracker/term", methods=['GET']) +@restApi.route("api/v1/add/tracker/term", methods=['POST']) @token_required('analyst') def add_tracker_term(): - #data = request.get_json() - data = {"term": "pi", 'type' : "word"} + data = request.get_json() user_token = get_auth_from_header() user_id = get_user_from_token(user_token) res = Term.parse_json_term_to_add(data, user_id) return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] +@restApi.route("api/v1/delete/tracker/term", methods=['DELETE']) +@token_required('analyst') +def delete_tracker_term(): + data = request.get_json() + user_token = get_auth_from_header() + user_id = get_user_from_token(user_token) + res = Term.parse_tracked_term_to_delete(data, user_id) + return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] + + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # IMPORT # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #