updates

- add bundle_id to SantaEvent JSON serialization - return separate bundle/binary context keys for events - add ability to set white/blacklist for each host - add go to bundle from event page
farmersbusinessnetwork · Nov 2, 2018 · 45aa766 · 45aa766
1 parent e6541df
commit 45aa766
Show file tree

Hide file tree

Showing 11 changed files with 122 additions and 13 deletions.
diff --git a/fbn/deploy.sh b/fbn/deploy.sh
@@ -11,6 +11,12 @@ NC='\033[0m' # No Color
 PROJ_ID="santaupvote"
 
 
+if [ $# -eq 0 ]; then
+    DEPLOY_PARAMS="app.yaml santa_api.yml"
+else
+    DEPLOY_PARAMS="$@"
+fi
+
 # Instructions
 # To setup your environment to allow deploys, install google cloud sdk: https://cloud.google.com/sdk/docs/#install_the_latest_cloud_tools_version_cloudsdk_current_version
 # and run the following prior to running this script:
@@ -26,7 +32,7 @@ if grep -q "SANTA_DEFAULT_CLIENT_MODE = constants.SANTA_CLIENT_MODE.MONITOR" "${
     # NOTE: first run needs to be done w/o anything after PROJ_ID
     # NOTE: in order to do a full clean, run: bazel clean --expunge
     # NOTE: for initial deploy you need to remove app.yaml + santa_api.yaml, when you do this it only deploys app.yaml (upvote)
-    bazel run upvote/gae:monolith_binary.deploy -- ${PROJ_ID} app.yaml santa_api.yml "$@"
+    bazel run upvote/gae:monolith_binary.deploy -- ${PROJ_ID} ${DEPLOY_PARAMS}
 else
     echo -e "${RED}Error: Branch does not contain required FBN changes!!!${NC}"
 fi
diff --git a/upvote/gae/datastore/models/santa.py b/upvote/gae/datastore/models/santa.py
@@ -91,6 +91,11 @@ def _DedupeEarlierEvent(self, earlier_event):
     if not self.quarantine and earlier_event.quarantine:
       self.quarantine = earlier_event.quarantine
 
+  def to_dict(self, include=None, exclude=None):  # pylint: disable=g-bad-name
+    result = super(SantaEvent, self).to_dict(include=include, exclude=exclude)
+    result['bundle_id'] = self.bundle_key.id() if self.bundle_key else None
+    return result
+
 
 class SantaBlockable(mixin.Santa, base.Binary):
   """An binary that has been blocked by Santa.

diff --git a/upvote/gae/modules/upvote_app/api/web/events.py b/upvote/gae/modules/upvote_app/api/web/events.py
@@ -55,8 +55,9 @@ def _GetEventContext(events):
       ndb.Key(base_models.Host, event.host_id) for event in events)
 
   # Fetch the entities associated with Event.blockable_key.
-  blockable_futures = ndb.get_multi_async(
-      event.blockable_key for event in events)
+  blockable_futures = [
+    event.blockable_key.get_async() for event in events]
+
   vote_futures = ndb.get_multi_async(
       vote_models.Vote.GetKey(event.blockable_key, event.user_key)
       for event in events)
@@ -87,26 +88,35 @@ def _GetEventContext(events):
 
   # Merge all Event context entities into their associated dicts.
   events_with_context = []
+  bundle_cert_futures = []
+
   for i, event in enumerate(events):
     context_dict = {
         'event': event,
         'host': host_futures[i].get_result(),
+        'blockable': blockable_futures[i].get_result(),
+        'cert': cert_futures[i].get_result(),
+        'vote': vote_futures[i].get_result(),
     }
+
     bundle = bundle_futures[i].get_result()
-    if bundle is None:
-      context_dict.update({
-          'blockable': blockable_futures[i].get_result(),
-          'cert': cert_futures[i].get_result(),
-          'vote': vote_futures[i].get_result(),
-      })
+    if bundle is None or bundle.main_cert_key is None:
+      bundle_cert_futures.append(datastore_utils.GetNoOpFuture())
     else:
+      bundle_cert_futures.append(bundle.main_cert_key.get_async())
+
       context_dict.update({
-          'blockable': bundle,
-          'cert': bundle.main_cert_key,
-          'vote': bundle_vote_futures[i].get_result(),
+          'bundle': bundle,
+          'bundle_cert': bundle.main_cert_key,
+          'bundle_vote': bundle_vote_futures[i].get_result(),
       })
     events_with_context.append(context_dict)
 
+  for i, bundle_cert_future in enumerate(bundle_cert_futures):
+    bundle_cert = bundle_cert_future.get_result()
+    if bundle_cert is not None:
+      events_with_context[i]['bundle_cert'] = bundle_cert
+
   return events_with_context
 
 
@@ -182,6 +192,9 @@ def get(self, event_key):  # pylint: disable=g-bad-name
         response_data = _GetEventContext([event])[0] if with_context else event
         if event.executing_user != self.user.nickname:
           self.RequireCapability(constants.PERMISSIONS.VIEW_OTHER_EVENTS)
+
+        with_context = (self.request.get('withContext').lower() == 'true')
+        response_data = _GetEventContext([event])[0] if with_context else event
         self.respond_json(response_data)
       else:
         self.abort(httplib.NOT_FOUND, explanation='Event not found')

diff --git a/upvote/gae/modules/upvote_app/api/web/hosts.py b/upvote/gae/modules/upvote_app/api/web/hosts.py
@@ -92,6 +92,12 @@ def post(self, host_id):
       host.transitive_whitelisting_enabled = (
           self.request.get('transitiveWhitelistingEnabled') == 'true')
 
+    if isinstance(host, santa_models.SantaHost):
+      if self.request.get('directoryWhitelistRegex'):
+        host.directory_whitelist_regex = self.request.get('directoryWhitelistRegex')
+      if self.request.get('directoryBlacklistRegex'):
+        host.directory_blacklist_regex = self.request.get('directoryBlacklistRegex')
+
     host.put()
 
     self.respond_json(host)

diff --git a/upvote/gae/modules/upvote_app/frontend/admin_ui/app.js b/upvote/gae/modules/upvote_app/frontend/admin_ui/app.js
@@ -72,6 +72,7 @@ upvote.admin.app.module = angular.module('upvote.admin.app', [
   'ngResource',
   'ngMaterial',
   'ngSanitize',
+  'ngMessages',
 ]);
 
 /**

diff --git a/upvote/gae/modules/upvote_app/frontend/admin_ui/eventpage/eventpage-controller.js b/upvote/gae/modules/upvote_app/frontend/admin_ui/eventpage/eventpage-controller.js
@@ -87,6 +87,14 @@ upvote.admin.eventpage.EventController = class extends ModelController {
     goog.dom.safe.openInWindow('/admin/blockables/' + this.card.blockableId);
   }
 
+  /**
+   * Navigate to the Blockable page associated with the selected Event.
+   * @export
+   */
+  goToBundle() {
+    goog.dom.safe.openInWindow('/admin/blockables/' + this.card.bundleId);
+  }
+
   /**
    * Navigate to the Host page associated with the selected Event.
    * @export

diff --git a/upvote/gae/modules/upvote_app/frontend/admin_ui/eventpage/events.html b/upvote/gae/modules/upvote_app/frontend/admin_ui/eventpage/events.html
@@ -12,6 +12,9 @@
     <md-button class="md-raised md-primary" ng-click="eventCtrl.goToBlockable()">
       Go to Blockable
     </md-button>
+    <md-button class="md-raised md-primary" ng-click="eventCtrl.goToBundle()" ng-show="eventCtrl.card.bundleId">
+      Go to Bundle
+    </md-button>
     <md-button class="md-raised md-primary" ng-click="eventCtrl.goToHost()">
       Go to Host
     </md-button>

diff --git a/upvote/gae/modules/upvote_app/frontend/admin_ui/hostpage/hostpage-controller.js b/upvote/gae/modules/upvote_app/frontend/admin_ui/hostpage/hostpage-controller.js
@@ -34,6 +34,7 @@ upvote.admin.hostpage.HostController = class extends ModelController {
    * @param {!upvote.hosts.HostUtilsService} hostUtilsService
    * @param {!upvote.errornotifier.ErrorService} errorService
    * @param {!angular.$routeParams} $routeParams
+   * @param {!md.$dialog} $mdDialog
    * @param {!angular.Scope} $scope
    * @param {!angular.Scope} $rootScope
    * @param {!angular.$location} $location
@@ -42,7 +43,7 @@ upvote.admin.hostpage.HostController = class extends ModelController {
    */
   constructor(
       hostResource, hostQueryResource, userResource, hostService,
-      hostUtilsService, errorService, $routeParams, $scope, $rootScope,
+      hostUtilsService, errorService, $routeParams, $mdDialog, $scope, $rootScope,
       $location, page) {
     super(hostResource, hostQueryResource, $routeParams, $scope, $location);
 
@@ -60,6 +61,8 @@ upvote.admin.hostpage.HostController = class extends ModelController {
     this.rootScope = $rootScope;
     /** @export {?upvote.shared.models.User} */
     this.user = null;
+    /** @private {!md.$dialog} */
+    this.mdDialog_ = $mdDialog;
 
     // A list of hostnames that have visible host details
     /** @private {!Set<string>} */
@@ -113,6 +116,60 @@ upvote.admin.hostpage.HostController = class extends ModelController {
     this.location_.path(requestPath);
   }
 
+  /**
+   * Opens Prompt to change host's whitelist REGEX
+   * @param {!Object} host
+   * @param {!object} event
+   * @export
+   */
+  changeWhitelistREGEX(host, event) {
+    let previousWhitelistREGEX = host['directoryWhitelistRegex'];
+    let resource = this.resource;
+
+    // .required(true)  doesn't seem to be supported
+    let confirm = this.mdDialog_.prompt()
+        .title('Whitelist REGEX')
+        .textContent('Enter updated whitelist REGEX')
+        .initialValue(previousWhitelistREGEX)
+        .targetEvent(event)
+        .ok('Update')
+        .cancel('Cancel');
+
+    this.mdDialog_.show(confirm).then(function(result) {
+      host['directoryWhitelistRegex'] = result;
+      resource.update(host)['$promise'].catch(() => {
+        host['directoryWhitelistRegex'] = previousWhitelistREGEX;
+      });
+    }, function() { /* nop */});
+  }
+
+  /**
+   * Opens Prompt to change host's blacklist REGEX
+   * @param {!Object} host
+   * @param {!object} event
+   * @export
+   */
+  changeBlacklistREGEX(host, event) {
+    let previousBlacklistREGEX = host['directoryBlacklistRegex'];
+    let resource = this.resource;
+
+    // .required(true)  doesn't seem to be supported
+    let confirm = this.mdDialog_.prompt()
+        .title('Blacklist REGEX')
+        .textContent('Enter updated blacklist REGEX')
+        .initialValue(previousBlacklistREGEX)
+        .targetEvent(event)
+        .ok('Update')
+        .cancel('Cancel');
+
+    this.mdDialog_.show(confirm).then(function(result) {
+      host['directoryBlacklistRegex'] = result;
+      resource.update(host)['$promise'].catch(() => {
+        host['directoryBlacklistRegex'] = previousBlacklistREGEX;
+      });
+    }, function() { /* nop */});
+  }
+
   /**
    * Requests logs for a santa host
    * @param {!Object} host

diff --git a/upvote/gae/modules/upvote_app/frontend/admin_ui/hostpage/hosts.html b/upvote/gae/modules/upvote_app/frontend/admin_ui/hostpage/hosts.html
@@ -206,6 +206,14 @@
                 ng-disabled="host.shouldUploadLogs">
           <span class="ng-scope">Request Logs</span>
         </button>
+
+          <!-- Change White/Black list button -->
+        <md-button class="md-primary md-raised" ng-click="hostCtrl.changeWhitelistREGEX(host, $event)">
+          Change Whitelist REGEX
+        </md-button>
+        <md-button class="md-primary md-raised" ng-click="hostCtrl.changeBlacklistREGEX(host, $event)">
+          Change Blacklist REGEX
+        </md-button>
       </md-card-actions>
     </md-card>
 

diff --git a/upvote/gae/modules/upvote_app/frontend/web_ui/shared/models.js b/upvote/gae/modules/upvote_app/frontend/web_ui/shared/models.js
@@ -230,6 +230,7 @@ upvote.shared.models.QuarantineMetadata;
  *
  *   id: string,
  *   blockableId: string,
+ *   bundleId: string,
  *   eventType: string,
  *   recordedDt: string,
  *   hostId: string,

diff --git a/upvote/gae/shared/templates/admin-index.html b/upvote/gae/shared/templates/admin-index.html
@@ -89,6 +89,7 @@
     <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular-sanitize.min.js"></script>
     <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular-aria.min.js"></script>
     <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular-animate.min.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular-messages.min.js"></script>
     <script src="https://ajax.googleapis.com/ajax/libs/angular_material/1.1.0/angular-material.min.js"></script>
     {% if debug %}
       <script src="/admin/app_debug.js"></script>