From 9f88edd74d2da6103de0d32aa168c71a91866578 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Tue, 30 Mar 2021 16:31:58 +0200
Subject: [PATCH] new: Check if an event with the same lookyloo capture is
 already on MISP

Fix #181
---
 lookyloo/modules.py                       | 7 +++++++
 website/web/__init__.py                   | 4 ++++
 website/web/templates/misp_push_view.html | 3 +++
 3 files changed, 14 insertions(+)

diff --git a/lookyloo/modules.py b/lookyloo/modules.py
index 8a237cf0..94d5b326 100644
--- a/lookyloo/modules.py
+++ b/lookyloo/modules.py
@@ -63,6 +63,13 @@ class MISP():
         else:
             return {'error': 'Module not available or push not enabled.'}
 
+    def get_existing_event(self, permaurl: str) -> Optional[str]:
+        attributes = self.client.search('attributes', value=permaurl, limit=1, page=1, pythonify=True)
+        if not attributes:
+            return None
+        url = f'{self.client.root_url}/events/{attributes[0].event_id}'
+        return url
+
 
 class SaneJavaScript():
 
diff --git a/website/web/__init__.py b/website/web/__init__.py
index 8dece979..753b60ce 100644
--- a/website/web/__init__.py
+++ b/website/web/__init__.py
@@ -898,11 +898,15 @@ def web_misp_push_view(tree_uuid: str):
         else:
             flash(f'Unable to create event: {event}', 'error')
         return redirect(url_for('tree', tree_uuid=tree_uuid))
+    else:
+        # the 1st attribute in the event is the link to lookyloo
+        existing_misp_url = lookyloo.misp.get_existing_event(event.attributes[0].value)
 
     fav_tags = lookyloo.misp.get_fav_tags()
 
     return render_template('misp_push_view.html', tree_uuid=tree_uuid,
                            event=event, fav_tags=fav_tags,
+                           existing_event=existing_misp_url,
                            auto_publish=lookyloo.misp.auto_publish,
                            default_tags=lookyloo.misp.default_tags)
 
diff --git a/website/web/templates/misp_push_view.html b/website/web/templates/misp_push_view.html
index 758c5257..3eefec89 100644
--- a/website/web/templates/misp_push_view.html
+++ b/website/web/templates/misp_push_view.html
@@ -1,4 +1,7 @@
 <div>
+  {% if existing_event %}
+  <p>There is already an <a href="{{existing_event}}">event</a> on your MISP instance with this lookyloo capture.</p>
+  {% endif %}
   <p>Event to push: {{event.info}}</p>
   <p>Auto Publish: {{auto_publish}}</p>
   <p>Default tags: {{', '.join(default_tags)}}</p>