new: Tickbox to confirm notification

2 달 전 · 315a2733c3
--- a/config/generic.json.sample
+++ b/config/generic.json.sample
@ -28,7 +28,8 @@
    "to": "Investigation Team <investigation_unit@myorg.local>",
    "subject": "Capture from Lookyloo to review",
    "smtp_host": "localhost",
-    "smtp_port": "25"
+    "smtp_port": "25",
+    "confirm_message": "Message the users need to confirm before they submit a notification."
  },
  "priority": {
    "sources": {
--- a/website/web/init.py
+++ b/website/web/init.py
@ -148,6 +148,10 @@ max_depth = get_config('generic', 'max_depth')

 use_own_ua = get_config('generic', 'use_user_agents_users')
 enable_mail_notification = get_config('generic', 'enable_mail_notification')
+if enable_mail_notification:
+    confirm_message = get_config('generic', 'email').get('confirm_message')
+else:
+    confirm_message = ''
 enable_context_by_users = get_config('generic', 'enable_context_by_users')
 enable_categorization = get_config('generic', 'enable_categorization')
 enable_bookmark = get_config('generic', 'enable_bookmark')
@ -475,10 +479,11 @@ def cache_tree(tree_uuid: str):
 def send_mail(tree_uuid: str):
    if not enable_mail_notification:
        return redirect(url_for('tree', tree_uuid=tree_uuid))
-    if request.form.get('name'):
+    if request.form.get('name') or not request.form.get('confirm'):
        # got a bot.
        logging.info(f'{src_request_ip(request)} is a bot - {request.headers.get("User-Agent")}.')
        return redirect('https://www.youtube.com/watch?v=iwGFalTRHDA')
+
    email: str = request.form['email'] if request.form.get('email') else ''
    if '@' not in email:
        # skip clearly incorrect emails
@ -548,6 +553,7 @@ def tree(tree_uuid: str, node_uuid: Optional[str]=None):
                               misp_push=lookyloo.misp.available and lookyloo.misp.enable_push,
                               blur_screenshot=blur_screenshot, urlnode_uuid=hostnode_to_highlight,
                               auto_trigger_modules=auto_trigger_modules,
+                               confirm_message=confirm_message if confirm_message else 'Tick to confirm.',
                               has_redirects=True if cache.redirects else False)

    except NoValidHarFile as e:
--- a/website/web/templates/tree.html
+++ b/website/web/templates/tree.html
@ -498,9 +498,13 @@
              <label for="comment">Please write a comment (optional)</label>
              <textarea class="form-control" name="comment" id=comment rows="3"></textarea>
            </div>
+            <div class="form-check">
+                <input class="form-check-input" type="checkbox" name="confirm" onchange="document.getElementById('btn-notification').disabled = !this.checked;"></input>
+                <label for="force_push" class="form-check-label">{{ confirm_message }}</label>
+            </div>
          </div>
          <div class="modal-footer">
-              <button type="submit" class="btn btn-success">Send email</button>
+              <button type="submit" class="btn btn-success" id="btn-notification" disabled=true>Send email</button>
              <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
          </div>
      </div>