CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Remove hash lookup from rendering in the hostnode popup.

pull/1009/head
Raphaël Vinot 2024-12-04 16:17:59 +01:00
parent d4f04f1b53
commit 18dcdfe9b4
No known key found for this signature in database
GPG Key ID: 32E4E1C133B3792F
3 changed files with 1 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
website/web/__init__.py
View File

@ -462,35 +462,6 @@ def get_hhh_investigator(hhh: str, offset: int | None=None, limit: int | None=No
return total, captures
def hash_lookup(blob_hash: str, url: str, current_capture_uuid: str) -> tuple[int, dict[str, list[tuple[str, str, str, str, str]]]]:
'''Search all the captures a specific hash was seen.
If a URL is given, it splits the results if the hash is seen on the same URL or an other one.
Capture UUID avoids duplicates on the same capture'''
captures_list: dict[str, list[tuple[str, str, str, str, str]]] = {'same_url': [], 'different_url': []}
_, entries = get_indexing(flask_login.current_user).get_captures_body_hash(blob_hash, oldest_capture=datetime.now() - timedelta(**time_delta_on_index))
cached_captures = lookyloo.sorted_capture_cache(
[uuid for uuid, _ in entries],
cached_captures_only=True)
for cache in cached_captures:
if cache.uuid == current_capture_uuid:
continue
urlnodes = get_indexing(flask_login.current_user).get_capture_body_hash_nodes(cache.uuid, blob_hash)
for urlnode_uuid in urlnodes:
try:
urlnode = cache.tree.root_hartree.get_url_node_by_uuid(urlnode_uuid)
except IndexError:
continue
if url == urlnode.name:
captures_list['same_url'].append((cache.uuid, urlnode_uuid, cache.title, cache.timestamp.isoformat(), urlnode.hostname))
else:
captures_list['different_url'].append((cache.uuid, urlnode_uuid, cache.title, cache.timestamp.isoformat(), urlnode.hostname))
# Sort by timestamp by default
captures_list['same_url'].sort(key=lambda y: y[3])
captures_list['different_url'].sort(key=lambda y: y[3])
total_captures = get_indexing(flask_login.current_user).get_captures_body_hash_count(blob_hash)
return total_captures, captures_list
def get_hostnode_investigator(capture_uuid: str, /, node_uuid: str) -> tuple[HostNode, list[dict[str, Any]]]:
'''Gather all the informations needed to display the Hostnode investigator popup.'''
@ -535,9 +506,7 @@ def get_hostnode_investigator(capture_uuid: str, /, node_uuid: str) -> tuple[Hos
# Index lookup
# %%% Full body %%%
if freq := get_indexing(flask_login.current_user).get_captures_body_hash_count(url.body_hash):
to_append['body_hash_details'] = {'hash_freq': freq, 'other_captures': (freq, {'same_url': [], 'different_url': []})}
if freq > 1:
to_append['body_hash_details']['other_captures'] = hash_lookup(url.body_hash, url.name, capture_uuid)
to_append['body_hash_details'] = {'hash_freq': freq}
# %%% Embedded ressources %%%
if hasattr(url, 'embedded_ressources') and url.embedded_ressources:
@ -551,9 +520,6 @@ def get_hostnode_investigator(capture_uuid: str, /, node_uuid: str) -> tuple[Hos
'type': mimetype}
if freq := get_indexing(flask_login.current_user).get_captures_body_hash_count(h):
to_append['embedded_ressources'][h]['hash_freq'] = freq
to_append['embedded_ressources'][h]['other_captures'] = (freq, {'same_url': [], 'different_url': []})
if freq > 1:
to_append['embedded_ressources'][h]['other_captures'] = hash_lookup(h, url.name, capture_uuid)
for h in to_append['embedded_ressources'].keys():
known, legitimate = normalize_known_content(h, known_content, url)
if known:

10
website/web/templates/hostname_popup.html
View File

@ -1,7 +1,6 @@
{% extends "main.html" %}
{% from "macros.html" import known_content_details %}
{% from "macros.html" import ressource_legitimacy_details %}
{% from "macros.html" import indexed_hash %}
{% from "macros.html" import indexed_cookies %}
{% from "macros.html" import popup_icons_request %}
{% from "macros.html" import popup_icons_response %}
@ -258,12 +257,6 @@
This file can be found <b>{{ url['body_hash_details']['hash_freq'] }}</b> times
across all the captures on this lookyloo instance.
{# other captures related with the same content #}
{% if 'other_captures' in url['body_hash_details'] %}
</br>
{{ indexed_hash(url['body_hash_details']['other_captures'], url['url_object'].uuid) }}
{% endif %}
{# Link to list of captures with the same hash #}
<p>
<a href="{{ url_for('body_hash_details', body_hash=url['url_object'].body_hash, from_popup=True) }}">
Show more information about this response body.
@ -316,9 +309,6 @@
{{ context_form(tree_uuid, url['url_object'].uuid, hash, 'hostnode_popup') }}
{% endif %}
{% if 'other_captures' in details %}
{{ indexed_hash(details['other_captures'], url['url_object'].uuid + '_' + loop.index|string) }}
{% endif %}
<p><a href="{{ url_for('body_hash_details', body_hash=url['url_object'].body_hash, from_popup=True) }}">
Show more information about this embedded content.
</a></p>

86
website/web/templates/macros.html
View File

@ -188,92 +188,6 @@
{%endif%}
{% endmacro %}
{% macro indexed_hash(details, identifier_for_toggle) %}
{% set total_captures = details[0] %}
{% set other_captures = details[1] %}
{# Only show details if the hits are in an other capture #}
{% if total_captures > 1 %}
<p>
The same file was seen in <b>{{ total_captures - 1 }}</b> other captures.
</br>
<button class="btn btn-primary collapsed" type="button" data-bs-toggle="collapse"
data-bs-target="#captureslist_{{ identifier_for_toggle }}"
aria-expanded="false" aria-controls="collapseExample">
<span class="if-collapsed">Show other recent captures</span>
<span class="if-not-collapsed">Hide other recent captures</span>
</button>
</p>
{# Lists of other captures loading the same content... #}
<div class="collapse" id="captureslist_{{ identifier_for_toggle }}">
<div class="card card-body">
Note that only the most recent cached captures are displayed here, click on the link below to see more.
{% if other_captures['different_url']|length > 0 %}
{# ... on other URLs #}
<div>
<p>The following captures get the same file from a <b>different URL</b></p>
{{ other_captures_table(other_captures['different_url'], 20, identifier_for_toggle + '_same') }}
</div>
{% endif %}
</br>
{% if other_captures['same_url']|length > 0 %}
{# ... on the same URL #}
<div>
<p>The following captures get the same file from the <b>same URL</b></p>
{{ other_captures_table(other_captures['same_url'], 20, identifier_for_toggle + '_different') }}
</div>
{% endif %}
</div>
</div>
{% endif %}
{% endmacro %}
{% macro other_captures_table(entries, max_entries, identifier) %}
<script type="text/javascript" nonce="{{ csp_nonce() }}">
document.addEventListener("DOMContentLoaded", () => {
new DataTable('#table_other_captures_{{identifier}}', {
"order": [[ 1, "desc" ]],
"paging": false,
"info": false,
"columns": [
{ "orderable": false},
{ "orderable": false},
{ "orderable": false}
],
"columnDefs": [{
"targets": 1,
"render": (data) => {
const date = new Date(data);
return date.getFullYear() + '-' + (date.getMonth() + 1).toString().padStart(2, "0") + '-' + date.getDate().toString().padStart(2, "0") + ' ' + date.toTimeString();
}
}]
} );
});
</script>
<div>
<table id="table_other_captures_{{identifier}}" class="table table-striped" style="width:100%">
<thead>
<tr>
<th>Title</th>
<th>Timestamp</th>
<th>Domain</th>
</tr>
</thead>
<tbody>
{% for capture_uuid, urlnode_uuid, title, timestamp, hostname in entries[:max_entries] %}
<tr>
<td>
<button type="button" class="btn btn-link openNewTab" data-capture="{{capture_uuid}}" data-hostnode="{{urlnode_uuid}}">{{ title }}</button>
</td>
<td>{{ timestamp }}</td>
<td>{{ hostname }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% endmacro %}
{% macro indexed_cookies(header_text, button_text, cookies) %}
{% if cookies %}
<div>{{ header_text }}</div>