From a5c210a5dea9609a7c3675932a55e1d9cc015c28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 28 Aug 2020 19:11:19 +0200 Subject: [PATCH] new: Add checkmark for legitimate nodes. --- lookyloo/lookyloo.py | 13 ++++++++++++- website/web/static/tree.js | 28 +++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/lookyloo/lookyloo.py b/lookyloo/lookyloo.py index 06fde7af..0b853996 100644 --- a/lookyloo/lookyloo.py +++ b/lookyloo/lookyloo.py @@ -189,7 +189,7 @@ class Context(): p.sadd('bh|malicious', h) elif filename == 'legitimate': for h, details in file_content.items(): - if 'domain' in details: + if 'domain' in details and details['domain']: p.sadd(f'bh|{h}|legitimate', *details['domain']) elif 'description' in details: p.hset('known_content', h, details['description']) @@ -289,9 +289,20 @@ class Context(): if malicious is True: urlnode.add_feature('malicious', malicious) hostnodes_with_malicious_content.add(urlnode.hostnode_uuid) + elif malicious is False: + # Marked as legitimate + urlnode.add_feature('legitimate', True) + for hostnode_with_malicious_content in hostnodes_with_malicious_content: hostnode = tree.root_hartree.get_host_node_by_uuid(hostnode_with_malicious_content) hostnode.add_feature('malicious', malicious) + + for hostnode in tree.root_hartree.hostname_tree.traverse(): + if 'malicious' not in hostnode.features: + legit = [urlnode.legitimate for urlnode in hostnode.urls if hasattr(urlnode, 'legitimate')] + if legit and all(legit): + hostnode.add_feature('legitimate', True) + return tree def legitimate_body(self, body_hash: str, legitimate_hostname: str) -> None: diff --git a/website/web/static/tree.js b/website/web/static/tree.js index c05bcb86..aaa2c63c 100644 --- a/website/web/static/tree.js +++ b/website/web/static/tree.js @@ -479,7 +479,7 @@ function update(root, computed_node_width=0) { }; const malicious_icon_size = 24; if (d.data.malicious) { - // set lock insecure connection + // set bomb d3.select(this).append("svg").append('rect') .attr('x', selected_node_bbox.width - 22 - http_icon_size) .attr('y', selected_node_bbox.height - 13) @@ -504,6 +504,32 @@ function update(root, computed_node_width=0) { }) .on('mouseout', () => d3.select('#tooltip').style('opacity', 0)); }; + if (d.data.legitimate) { + // set checkmark + d3.select(this).append("svg").append('rect') + .attr('x', selected_node_bbox.width - 22 - http_icon_size) + .attr('y', selected_node_bbox.height - 13) + .attr('width', malicious_icon_size) + .attr('height', malicious_icon_size) + .attr('fill', 'white') + .attr('stroke', 'black'); + + d3.select(this).append('image') + .attr('x', selected_node_bbox.width - 22 - http_icon_size) + .attr('y', selected_node_bbox.height - 13) + .attr('id', 'insecure_image') + .attr("width", malicious_icon_size) + .attr("height", malicious_icon_size) + .attr("xlink:href", '/static/check.svg') + .on('mouseover', () => { + d3.select('#tooltip') + .style('opacity', 1) + .style('left', `${d3.event.pageX + 10}px`) + .style('top', `${d3.event.pageY + 10}px`) + .text('This node containts only legitimate content'); + }) + .on('mouseout', () => d3.select('#tooltip').style('opacity', 0)); + } }); return node_group;