new: Add checkmark for legitimate nodes.

lookyloo/lookyloo.py

@@ -189,7 +189,7 @@ class Context():
                     p.sadd('bh|malicious', h)
             elif filename == 'legitimate':
                 for h, details in file_content.items():
-                    if 'domain' in details:
+                    if 'domain' in details and details['domain']:
                         p.sadd(f'bh|{h}|legitimate', *details['domain'])
                     elif 'description' in details:
                         p.hset('known_content', h, details['description'])
@@ -289,9 +289,20 @@ class Context():
             if malicious is True:
                 urlnode.add_feature('malicious', malicious)
                 hostnodes_with_malicious_content.add(urlnode.hostnode_uuid)
+            elif malicious is False:
+                # Marked as legitimate
+                urlnode.add_feature('legitimate', True)
+
         for hostnode_with_malicious_content in hostnodes_with_malicious_content:
             hostnode = tree.root_hartree.get_host_node_by_uuid(hostnode_with_malicious_content)
             hostnode.add_feature('malicious', malicious)
+
+        for hostnode in tree.root_hartree.hostname_tree.traverse():
+            if 'malicious' not in hostnode.features:
+                legit = [urlnode.legitimate for urlnode in hostnode.urls if hasattr(urlnode, 'legitimate')]
+                if legit and all(legit):
+                    hostnode.add_feature('legitimate', True)
+
         return tree
 
     def legitimate_body(self, body_hash: str, legitimate_hostname: str) -> None:

website/web/static/tree.js

@@ -479,7 +479,7 @@ function update(root, computed_node_width=0) {
                 };
                 const malicious_icon_size = 24;
                 if (d.data.malicious) {
-                    // set lock insecure connection
+                    // set bomb
                     d3.select(this).append("svg").append('rect')
                         .attr('x', selected_node_bbox.width - 22 - http_icon_size)
                         .attr('y', selected_node_bbox.height - 13)
@@ -504,6 +504,32 @@ function update(root, computed_node_width=0) {
                         })
                         .on('mouseout', () => d3.select('#tooltip').style('opacity', 0));
                 };
+                if (d.data.legitimate) {
+                    // set checkmark
+                    d3.select(this).append("svg").append('rect')
+                        .attr('x', selected_node_bbox.width - 22 - http_icon_size)
+                        .attr('y', selected_node_bbox.height - 13)
+                        .attr('width', malicious_icon_size)
+                        .attr('height', malicious_icon_size)
+                        .attr('fill', 'white')
+                        .attr('stroke', 'black');
+
+                    d3.select(this).append('image')
+                        .attr('x', selected_node_bbox.width - 22 - http_icon_size)
+                        .attr('y', selected_node_bbox.height - 13)
+                        .attr('id', 'insecure_image')
+                        .attr("width", malicious_icon_size)
+                        .attr("height", malicious_icon_size)
+                        .attr("xlink:href", '/static/check.svg')
+                        .on('mouseover', () => {
+                            d3.select('#tooltip')
+                                .style('opacity', 1)
+                                .style('left', `${d3.event.pageX + 10}px`)
+                                .style('top', `${d3.event.pageY + 10}px`)
+                                .text('This node containts only legitimate content');
+                        })
+                        .on('mouseout', () => d3.select('#tooltip').style('opacity', 0));
+                }
             });
 
             return node_group;