Merge branch 'release/2.12.1'

Conflicts:
	CHANGELOG.md
	thehive-backend/app/models/Alert.scala

Author: To-om

CHANGELOG.md

@@ -1,26 +1,46 @@
 # Change Log
 
-## [2.12.0](https://github.com/CERT-BDF/TheHive/tree/2.12.0)
+## [2.12.1](https://github.com/CERT-BDF/TheHive/tree/2.12.1) (2017-08-01)
 
+[Full Changelog](https://github.com/CERT-BDF/TheHive/compare/2.12.0...2.12.1)
+
+**Implemented enhancements:**
+
+- Fix warnings in debian package [\#267](https://github.com/CERT-BDF/TheHive/issues/267)
+- Merging alert into existing case does not merge alert description into case description [\#255](https://github.com/CERT-BDF/TheHive/issues/255)
+
+**Fixed bugs:**
+
+- Case similarity reports merged cases [\#272](https://github.com/CERT-BDF/TheHive/issues/272)
+- Closing a case with an open task does not dismiss task in "My tasks" [\#269](https://github.com/CERT-BDF/TheHive/issues/269)
+- API: cannot create alert if one alert artifact contains the IOC field set [\#268](https://github.com/CERT-BDF/TheHive/issues/268)
+- Can't get logs of a task via API [\#259](https://github.com/CERT-BDF/TheHive/issues/259)
+- Add multiple attachments in a single task log doesn't work [\#257](https://github.com/CERT-BDF/TheHive/issues/257)
+- Cortex Connector Not Found [\#256](https://github.com/CERT-BDF/TheHive/issues/256)
+- TheHive doesn't send the file name to Cortex [\#254](https://github.com/CERT-BDF/TheHive/issues/254)
+- Renaming of users does not work [\#249](https://github.com/CERT-BDF/TheHive/issues/249)
+
+## [2.12.0](https://github.com/CERT-BDF/TheHive/tree/2.12.0) (2017-07-04)
 [Full Changelog](https://github.com/CERT-BDF/TheHive/compare/2.11.3...2.12.0)
 
 **Implemented enhancements:**
 
+- Use local font files [\#250](https://github.com/CERT-BDF/TheHive/issues/250)
 - Sort the analyzers list in observable details page [\#245](https://github.com/CERT-BDF/TheHive/issues/245)
 - More options to sort cases [\#243](https://github.com/CERT-BDF/TheHive/issues/243)
 - Alert Preview and management improvements [\#232](https://github.com/CERT-BDF/TheHive/issues/232)
-- Ability to Reopen Tasks [\#156](https://github.com/CERT-BDF/TheHive/issues/156)
-- Display short reports on the Observables tab [\#131](https://github.com/CERT-BDF/TheHive/issues/131)
-- Custom fields for case template [\#12](https://github.com/CERT-BDF/TheHive/issues/12)
 - Show case status and category \(FP, TP, IND\) in related cases  [\#229](https://github.com/CERT-BDF/TheHive/issues/229)
 - Open External Links in New Tab [\#228](https://github.com/CERT-BDF/TheHive/issues/228)
 - Observable analyzers view reports. [\#191](https://github.com/CERT-BDF/TheHive/issues/191)
 - Specifying tags on statistics page or performing a search [\#186](https://github.com/CERT-BDF/TheHive/issues/186)
 - Choose case template while importing events from MISP [\#175](https://github.com/CERT-BDF/TheHive/issues/175)
-- Use local font files [\#250](https://github.com/CERT-BDF/TheHive/issues/250)
+- Ability to Reopen Tasks [\#156](https://github.com/CERT-BDF/TheHive/issues/156)
+- Display short reports on the Observables tab [\#131](https://github.com/CERT-BDF/TheHive/issues/131)
+- Custom fields for case template [\#12](https://github.com/CERT-BDF/TheHive/issues/12)
 
 **Fixed bugs:**
 
+- A locked user can use the API to create / delete / list cases \(and more\) [\#251](https://github.com/CERT-BDF/TheHive/issues/251)
 - Fix case metrics malformed definitions [\#248](https://github.com/CERT-BDF/TheHive/issues/248)
 - Sorting alerts by severity fails [\#242](https://github.com/CERT-BDF/TheHive/issues/242)
 - Alerting Panel: Typo Correction [\#240](https://github.com/CERT-BDF/TheHive/issues/240)

build.sbt

@@ -49,6 +49,7 @@ lazy val rpmPackageRelease = (project in file("package/rpm-release"))
     ))
   )
 
+
 Release.releaseVersionUIFile := baseDirectory.value / "ui" / "package.json"
 Release.changelogFile := baseDirectory.value / "CHANGELOG.md"
 
@@ -79,31 +80,39 @@ mappings in Universal ~= {
 maintainer := "TheHive Project <support@thehive-project.org>"
 packageSummary := "Scalable, Open Source and Free Security Incident Response Solutions"
 packageDescription :=
-  """TheHive is a scalable 3-in-1 open source and free security incident response platform designed to make life easier
-    | for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be
-    | investigated and acted upon swiftly.""".stripMargin
+  """TheHive is a scalable 3-in-1 open source and free security incident response
+    | platform designed to make life easier for SOCs, CSIRTs, CERTs and any
+    | information security practitioner dealing with security incidents that need to
+    | be investigated and acted upon swiftly.""".stripMargin
 defaultLinuxInstallLocation := "/opt"
 linuxPackageMappings ~= {
   _.map { pm =>
     val mappings = pm.mappings.filterNot {
       case (_, path) => path.startsWith("/opt/thehive/package") || path.startsWith("/opt/thehive/conf")
     }
-    com.typesafe.sbt.packager.linux.LinuxPackageMapping(mappings, pm.fileData).withConfig()
-  } :+ packageMapping(
-    file("package/thehive.service") -> "/etc/systemd/system/thehive.service",
+    com.typesafe.sbt.packager.linux.LinuxPackageMapping(mappings, pm.fileData)
+  }
+}
+linuxPackageMappings ++= Seq(
+  packageMapping(
+    file("package/thehive.service") -> "/usr/lib/systemd/system/thehive.service"
+  ).withPerms("644"),
+  packageMapping(
     file("package/thehive.conf") -> "/etc/init/thehive.conf",
-    file("package/thehive") -> "/etc/init.d/thehive",
     file("conf/application.sample") -> "/etc/thehive/application.conf",
     file("conf/logback.xml") -> "/etc/thehive/logback.xml"
-  ).withConfig()
-}
+  ).withPerms("644").withConfig(),
+  packageMapping(
+    file("package/thehive") -> "/etc/init.d/thehive"
+  ).withPerms("755").withConfig())
 
 packageBin := {
   (packageBin in Universal).value
   (packageBin in Debian).value
   (packageBin in Rpm).value
 }
 // DEB //
+linuxPackageMappings in Debian += packageMapping(file("LICENSE") -> "/usr/share/doc/thehive/copyright").withPerms("644")
 version in Debian := version.value + "-1"
 debianPackageRecommends := Seq("elasticsearch")
 debianPackageDependencies += "openjdk-8-jre-headless"

package/thehive

@@ -113,6 +113,11 @@ case "$1" in
     start
     ;;
 
+  force-reload)
+    stop
+    start
+    ;;
+    
   *)
     log_action_msg "Usage: /etc/init.d/thehive {start|stop|restart|status}" || true
     exit 1

package/thehive.conf-perso

@@ -42,8 +42,8 @@ class AlertCtrl @Inject() (
     for {
       alert ← alertSrv.get(alertId)
       caze ← caseSrv.get(caseId)
-      _ ← alertSrv.mergeWithCase(alert, caze)
-    } yield renderer.toOutput(CREATED, caze)
+      updatedCaze ← alertSrv.mergeWithCase(alert, caze)
+    } yield renderer.toOutput(CREATED, updatedCaze)
   }
 
   @Timed
@@ -151,7 +151,7 @@ class AlertCtrl @Inject() (
   }
 
   @Timed
-  def fixStatus() = authenticated(Role.admin).async { implicit request ⇒
+  def fixStatus(): Action[AnyContent] = authenticated(Role.admin).async { implicit request ⇒
     alertSrv.fixStatus()
       .map(_ ⇒ NoContent)
   }

thehive-backend/app/controllers/AlertCtrl.scala

@@ -2,25 +2,21 @@ package controllers
 
 import javax.inject.{ Inject, Singleton }
 
-import scala.concurrent.{ ExecutionContext, Future }
-import scala.reflect.runtime.universe
-import scala.util.{ Failure, Success }
 import akka.stream.Materializer
 import akka.stream.scaladsl.Sink
+import models.CaseStatus
+import org.elastic4play.controllers.{ Authenticated, Fields, FieldsBodyParser, Renderer }
+import org.elastic4play.models.JsonFormat.baseModelEntityWrites
+import org.elastic4play.services.JsonFormat.{ aggReads, queryReads }
+import org.elastic4play.services._
+import org.elastic4play.{ BadRequestError, Timed }
 import play.api.Logger
 import play.api.http.Status
 import play.api.libs.json.{ JsArray, JsObject, Json }
-import play.api.libs.json.Json.toJsFieldJsValueWrapper
 import play.api.mvc.{ Action, AnyContent, Controller }
-import org.elastic4play.{ BadRequestError, CreateError, Timed }
-import org.elastic4play.controllers.{ Authenticated, Fields, FieldsBodyParser, Renderer }
-import org.elastic4play.models.JsonFormat.{ baseModelEntityWrites, multiFormat }
-import org.elastic4play.services.{ Agg, AuxSrv }
-import org.elastic4play.services.{ QueryDSL, QueryDef, Role }
-import org.elastic4play.services.JsonFormat.{ aggReads, queryReads }
-import models.{ Case, CaseStatus }
 import services.{ CaseMergeSrv, CaseSrv, CaseTemplateSrv, TaskSrv }
 
+import scala.concurrent.{ ExecutionContext, Future }
 import scala.util.Try
 
 @Singleton

thehive-backend/app/controllers/CaseCtrl.scala

@@ -2,17 +2,17 @@ package controllers
 
 import javax.inject.{ Inject, Singleton }
 
-import scala.concurrent.ExecutionContext
-import scala.reflect.runtime.universe
-import play.api.http.Status
-import play.api.mvc.{ Action, AnyContent, Controller }
 import org.elastic4play.Timed
 import org.elastic4play.controllers.{ Authenticated, Fields, FieldsBodyParser, Renderer }
-import org.elastic4play.models.JsonFormat.baseModelEntityWrites
-import org.elastic4play.services.{ QueryDSL, QueryDef, Role }
 import org.elastic4play.services.JsonFormat.queryReads
+import org.elastic4play.services.{ QueryDSL, QueryDef, Role }
+import org.elastic4play.models.JsonFormat.baseModelEntityWrites
+import play.api.http.Status
+import play.api.mvc.{ Action, AnyContent, Controller }
 import services.LogSrv
 
+import scala.concurrent.ExecutionContext
+
 @Singleton
 class LogCtrl @Inject() (
     logSrv: LogSrv,
@@ -49,7 +49,7 @@ class LogCtrl @Inject() (
   def findInTask(taskId: String): Action[Fields] = authenticated(Role.read).async(fieldsBodyParser) { implicit request ⇒
     import org.elastic4play.services.QueryDSL._
     val childQuery = request.body.getValue("query").fold[QueryDef](QueryDSL.any)(_.as[QueryDef])
-    val query = and(childQuery, "_parent" ~= taskId)
+    val query = and(childQuery, parent("case_task", withId(taskId)))
     val range = request.body.getString("range")
     val sort = request.body.getStrings("sort").getOrElse(Nil)
 

thehive-backend/app/controllers/LogCtrl.scala

@@ -41,7 +41,7 @@ trait AlertAttributes {
       Attribute("alert", "remoteAttachment", OptionalAttributeFormat(F.objectFmt(remoteAttachmentAttributes)), Nil, None, ""),
       Attribute("alert", "tlp", OptionalAttributeFormat(F.numberFmt), Nil, None, ""),
       Attribute("alert", "tags", MultiAttributeFormat(F.stringFmt), Nil, None, ""),
-      Attribute("alert", "ioc", OptionalAttributeFormat(F.stringFmt), Nil, None, ""))
+      Attribute("alert", "ioc", OptionalAttributeFormat(F.booleanFmt), Nil, None, ""))
   }
 
   val alertId: A[String] = attribute("_id", F.stringFmt, "Alert id", O.readonly)