Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backend] fix file access restriction to also target trash index (#9424) #9455

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[backend] fix file access restriction to also target trash index (#9424) #9455

wants to merge 2 commits into from

Conversation

labo-flg
Copy link
Member

@labo-flg labo-flg commented Dec 23, 2024
edited
Loading

Proposed changes

When using internalLoadById to do a file access check, target also the trash index and not only the read indices.

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case (coverage and e2e)
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

@github-actions github-actions bot added the filigran team use to identify PR from the Filigran team label Dec 23, 2024
@labo-flg labo-flg self-assigned this Dec 23, 2024
@labo-flg labo-flg added this to the Release 6.4.6 milestone Dec 23, 2024
@codecov Codecov
Copy link

codecov bot commented Dec 23, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.33%. Comparing base (29a7824) to head (9eb76ef).
Report is 9 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9455      +/-   ##
==========================================
- Coverage   65.34%   65.33%   -0.01%     
==========================================
  Files         624      624              
  Lines       59696    59696              
  Branches     6685     6689       +4     
==========================================
- Hits        39009    39005       -4     
- Misses      20687    20691       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

labo-flg
labo-flg commented Dec 24, 2024
View reviewed changes
opencti-platform/opencti-graphql/src/python/testing/local_exporter.py
Comment on lines -20 to +21
entity_type="Malware", entity_id=self.entity_id, mode="full"
entity_type=self.entity_type, entity_id=self.entity_id, mode="full"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is unrelated to the fix. It's just to make this script more usable in other conditions.
I have updated it during my dev, but I thought it was still something good to keep.

labo-flg
labo-flg commented Dec 24, 2024
View reviewed changes
opencti-platform/opencti-graphql/src/python/testing/local_uploader.py
opencti_api_client = OpenCTIApiClient(self.api_url, self.api_token)

# Upload the given file to the entity
opencti_api_client.stix_domain_object.add_file(
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

new utility for our tests, to upload a file to an entity

@JeremyCloarec
Copy link
Contributor

JeremyCloarec commented Jan 3, 2025
edited
Loading

I don't get why the file attached to the report is deleted/sent to the trash when the report is deleted. It should simply be marked as removed with the await elUpdateRemovedFiles(element, true); line in internalDeleteElementById ? I'll investigate it more to better understand

EDIT: after testing, I understand your change better now. I thought the file was sent to the trash as well, but that's not the case, your change is to make it possible to load the entity related to the file.
I did encounter something that no longer seems to work though: the files are no longer flagged as 'removed'. It looks like the files no longer have an entity_id, making the elUpdateRemovedFiles method obsolete: the query can never match the correct files. Maybe we could also fix this in this PR

@SamuelHassine SamuelHassine removed this from the Release 6.4.6 milestone Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SouadHadjiat SouadHadjiat Awaiting requested review from SouadHadjiat

@JeremyCloarec JeremyCloarec Awaiting requested review from JeremyCloarec

At least 1 approving review is required to merge this pull request.

Assignees

@labo-flg labo-flg

Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot delete permanently an entity from trash if a file is associated
3 participants
@labo-flg @JeremyCloarec @SamuelHassine