CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Document email notigication, disable URL entry points for disabled features 

Fix #121
pull/122/head
Raphaël Vinot 2020-11-05 15:38:34 +01:00
parent ea052c7c12
commit 8b00cf8801
2 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
website/web/__init__.py
View File

@ -48,6 +48,10 @@ time_delta_on_index = get_config('generic', 'time_delta_on_index')
blur_screenshot = get_config('generic', 'enable_default_blur_screenshot')
max_depth = get_config('generic', 'max_depth')
enable_mail_notification = get_config('generic', 'enable_mail_notification')
enable_context_by_users = get_config('generic', 'enable_context_by_users')
enable_categorization = get_config('generic', 'enable_categorization')
logging.basicConfig(level=get_config('generic', 'loglevel'))
@ -137,10 +141,6 @@ def hostnode_popup(tree_uuid: str, node_uuid: str):
keys_request = {
'request_cookie': "/static/cookie_read.png",
}
if get_config('generic', 'enable_context_by_users'):
enable_context_by_users = True
else:
enable_context_by_users = False
hostnode, urls = lookyloo.get_hostnode_investigator(tree_uuid, node_uuid)
@ -176,6 +176,8 @@ def trigger_modules(tree_uuid: str, force: int):
@app.route('/tree/<string:tree_uuid>/categories_capture/', defaults={'query': ''})
@app.route('/tree/<string:tree_uuid>/categories_capture/<string:query>', methods=['GET'])
def categories_capture(tree_uuid: str, query: str):
if not enable_categorization:
return redirect(url_for('tree', tree_uuid=tree_uuid))
current_categories = lookyloo.categories_capture(tree_uuid)
matching_categories = None
if query:
@ -192,6 +194,8 @@ def categories_capture(tree_uuid: str, query: str):
@app.route('/tree/<string:tree_uuid>/uncategorize/', defaults={'category': ''})
@app.route('/tree/<string:tree_uuid>/uncategorize/<string:category>', methods=['GET'])
def uncategorize_capture(tree_uuid: str, category: str):
if not enable_categorization:
return jsonify({'response': 'Categorization not enabled.'})
lookyloo.uncategorize_capture(tree_uuid, category)
return jsonify({'response': f'{category} successfully added to {tree_uuid}'})
@ -199,6 +203,8 @@ def uncategorize_capture(tree_uuid: str, category: str):
@app.route('/tree/<string:tree_uuid>/categorize/', defaults={'category': ''})
@app.route('/tree/<string:tree_uuid>/categorize/<string:category>', methods=['GET'])
def categorize_capture(tree_uuid: str, category: str):
if not enable_categorization:
return jsonify({'response': 'Categorization not enabled.'})
lookyloo.categorize_capture(tree_uuid, category)
return jsonify({'response': f'{category} successfully removed from {tree_uuid}'})
@ -305,6 +311,8 @@ def cache_tree(tree_uuid: str):
@app.route('/tree/<string:tree_uuid>/send_mail', methods=['POST', 'GET'])
def send_mail(tree_uuid: str):
if not enable_mail_notification:
return redirect(url_for('tree', tree_uuid=tree_uuid))
email: str = request.form.get('email') if request.form.get('email') else '' # type: ignore
if '@' not in email:
# skip clearly incorrect emails
@ -334,18 +342,6 @@ def tree(tree_uuid: str, urlnode_uuid: Optional[str]=None):
flash(cache['error'], 'error')
try:
if get_config('generic', 'enable_mail_notification'):
enable_mail_notification = True
else:
enable_mail_notification = False
if get_config('generic', 'enable_context_by_users'):
enable_context_by_users = True
else:
enable_context_by_users = False
if get_config('generic', 'enable_categorization'):
enable_categorization = True
else:
enable_categorization = False
tree_json, start_time, user_agent, root_url, meta = lookyloo.load_tree(tree_uuid)
return render_template('tree.html', tree_json=tree_json, start_time=start_time,
user_agent=user_agent, root_url=root_url, tree_uuid=tree_uuid,
@ -582,6 +578,9 @@ def hashes_urlnode(tree_uuid: str, node_uuid: str):
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/add_context', methods=['POST'])
@auth.login_required
def add_context(tree_uuid: str, node_uuid: str):
if not enable_context_by_users:
return redirect(url_for('ressources'))
context_data = request.form
ressource_hash: str = context_data.get('hash_to_contextualize') # type: ignore
hostnode_uuid: str = context_data.get('hostnode_uuid') # type: ignore

21
website/web/templates/tree.html
View File

@ -318,6 +318,7 @@
</div>
</div>
{% if enable_context_by_users %}
<div class="modal fade" id="categoriesModal" tabindex="-1" role="dialog">
<div class="modal-dialog modal-xl" role="document">
<div class="modal-content">
@ -343,7 +344,9 @@
</div>
</div>
</div>
{% endif %}
{% if enable_mail_notification %}
<div class="modal fade" id="emailModal" tabindex="-1" role="dialog">
<div class="modal-dialog modal-xl" role="document">
<form role="form" action="{{ tree_uuid }}/send_mail" method=post enctype=multipart/form-data>
@ -355,14 +358,15 @@
</button>
</div>
<div class="modal-body">
<div class="form-group">
<label for="email">Email address - used to get back in touch with you if needed (optional)</label>
<input type="email" class="form-control" name="email" id="email" placeholder="Enter email">
</div>
<div class="form-group">
<label for="comment">Please write a comment (optional)</label>
<textarea class="form-control" name="comment" id=comment rows="3"></textarea>
</div>
<p>A notification of this capture will be sent to the owners of this Lookyloo instance. They may or may not act on it.</p>
<div class="form-group">
<label for="email">Email address - used to get back in touch with you if needed (optional)</label>
<input type="email" class="form-control" name="email" id="email" placeholder="Enter email">
</div>
<div class="form-group">
<label for="comment">Please write a comment (optional)</label>
<textarea class="form-control" name="comment" id=comment rows="3"></textarea>
</div>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-success">Send email</button>
@ -372,4 +376,5 @@
</form>
</div>
</div>
{% endif %}
{% endblock content %}