From 2f7350ea1977eacb2dbb9c829ead247b42e2ab3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9line=20S=C3=A8be?= <87119259+CelineSebe@users.noreply.github.com> Date: Thu, 30 May 2024 13:56:49 +0200 Subject: [PATCH 1/6] [frontend] Fix the redirect to content during a quick export to PDF (#6704) Signed-off-by: Celine Sebe --- .../src/private/components/analyses/groupings/Root.tsx | 3 ++- .../src/private/components/analyses/notes/Root.jsx | 1 + .../src/private/components/analyses/reports/Root.tsx | 3 ++- .../src/private/components/cases/case_incidents/Root.tsx | 3 ++- .../src/private/components/cases/case_rfis/Root.tsx | 3 ++- .../src/private/components/cases/case_rfts/Root.tsx | 3 ++- .../src/private/components/cases/feedbacks/Root.tsx | 1 + .../opencti-front/src/private/components/cases/tasks/Root.tsx | 3 ++- 8 files changed, 14 insertions(+), 6 deletions(-) diff --git a/opencti-platform/opencti-front/src/private/components/analyses/groupings/Root.tsx b/opencti-platform/opencti-front/src/private/components/analyses/groupings/Root.tsx index 77e67731e2b5..ce2c89302a0c 100644 --- a/opencti-platform/opencti-front/src/private/components/analyses/groupings/Root.tsx +++ b/opencti-platform/opencti-front/src/private/components/analyses/groupings/Root.tsx @@ -3,7 +3,7 @@ // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-nocheck import React, { useMemo } from 'react'; -import { Link, Route, Routes, Navigate, useParams, useLocation } from 'react-router-dom'; +import { Link, Navigate, Route, Routes, useLocation, useParams } from 'react-router-dom'; import { graphql, useSubscription } from 'react-relay'; import Box from '@mui/material/Box'; import Tabs from '@mui/material/Tabs'; @@ -129,6 +129,7 @@ const RootGrouping = () => { enableQuickSubscription={true} enableQuickExport={true} enableAskAi={true} + redirectToContent={true} /> } + redirectToContent={true} /> } > diff --git a/opencti-platform/opencti-front/src/private/components/analyses/reports/Root.tsx b/opencti-platform/opencti-front/src/private/components/analyses/reports/Root.tsx index 1476957da16b..a49462bc844e 100644 --- a/opencti-platform/opencti-front/src/private/components/analyses/reports/Root.tsx +++ b/opencti-platform/opencti-front/src/private/components/analyses/reports/Root.tsx @@ -4,7 +4,7 @@ // @ts-nocheck import React, { useMemo } from 'react'; import { graphql, useSubscription } from 'react-relay'; -import { Link, Route, Routes, useParams, useLocation, Navigate } from 'react-router-dom'; +import { Link, Navigate, Route, Routes, useLocation, useParams } from 'react-router-dom'; import { GraphQLSubscriptionConfig } from 'relay-runtime'; import Box from '@mui/material/Box'; import Tabs from '@mui/material/Tabs'; @@ -131,6 +131,7 @@ const RootReport = () => { enableQuickExport={true} enableAskAi={true} overview={isOverview} + redirectToContent={true} /> { PopoverComponent={} enableQuickSubscription={true} enableAskAi={true} + redirectToContent={true} /> { PopoverComponent={} enableQuickSubscription={true} enableAskAi={true} + redirectToContent={true} /> { PopoverComponent={} enableQuickSubscription={true} enableAskAi={true} + redirectToContent={true} /> { enableQuickSubscription enableManageAuthorizedMembers={canManage} authorizedMembersMutation={feedbackAuthorizedMembersMutation} + redirectToContent={true} /> { container={data} PopoverComponent={} enableSuggestions={false} + redirectToContent={true} /> Date: Thu, 30 May 2024 14:24:48 +0200 Subject: [PATCH 2/6] [platform] Enable multi-repository CI from forks (#7062) --- .drone.yml | 68 +++++++++--------- scripts/clone-dependencies.sh | 128 ++++++++++++++++++++++++++++++++++ 2 files changed, 164 insertions(+), 32 deletions(-) create mode 100644 scripts/clone-dependencies.sh diff --git a/.drone.yml b/.drone.yml index fc676ad6e2f1..0658a71795f1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,17 +3,16 @@ kind: pipeline name: opencti-tests steps: - - name: branch-definition + - name: dependencies-checkout image: nikolaik/python-nodejs:python3.11-nodejs20-alpine + environment: + GITHUB_TOKEN: + from_secret: github_token commands: - - apk add git - - export OPENCTI_BRANCH=$DRONE_SOURCE_BRANCH - - if [ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/client-python.git refs/heads/$DRONE_SOURCE_BRANCH)")" != '' ]; then CLIENT_PYTHON_BRANCH=$DRONE_SOURCE_BRANCH; else CLIENT_PYTHON_BRANCH=$([[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/client-python.git refs/heads/opencti/$DRONE_SOURCE_BRANCH)")" != '' ]] && echo opencti/$DRONE_SOURCE_BRANCH || echo 'master'); fi - - if [ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/connectors.git refs/heads/$DRONE_SOURCE_BRANCH)")" != '' ]; then CONNECTOR_BRANCH=$DRONE_SOURCE_BRANCH; else CONNECTOR_BRANCH=$([[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/connectors.git refs/heads/opencti/$DRONE_SOURCE_BRANCH)")" != '' ]] && echo opencti/$DRONE_SOURCE_BRANCH || echo 'master'); fi - - echo "OPENCTI_BRANCH=$DRONE_SOURCE_BRANCH" >> variables - - echo "CLIENT_PYTHON_BRANCH=$CLIENT_PYTHON_BRANCH" >> variables - - echo "CONNECTOR_BRANCH=$CONNECTOR_BRANCH" >> variables - - echo [INFO] Using opencti@$OPENCTI_BRANCH, client-python@$CLIENT_PYTHON_BRANCH and connectors@$CONNECTOR_BRANCH + - apk add git github-cli + - chmod 777 scripts/* + - ./scripts/clone-dependencies.sh ${DRONE_SOURCE_BRANCH} $(pwd) ${DRONE_PULL_REQUEST} + - ls -lart - name: api-tests image: nikolaik/python-nodejs:python3.11-nodejs20-alpine @@ -44,22 +43,20 @@ steps: commands: - apk add build-base git libffi-dev cargo - pip3 install --upgrade setuptools - - source ./variables - - cd opencti-platform - - echo [INFO] Using opencti@$OPENCTI_BRANCH, client-python@$CLIENT_PYTHON_BRANCH and connectors@$CONNECTOR_BRANCH - - cd .. - - git clone -b $CONNECTOR_BRANCH https://github.com/OpenCTI-Platform/connectors.git opencti-connectors - - cd opencti-connectors - - CONNECTOR_COMMIT=$(git rev-parse --short HEAD) - - echo [INFO] using connectors@$CONNECTOR_BRANCH:$CONNECTOR_COMMIT - - cd ../opencti-platform/opencti-graphql + - echo "DRONE_WORKSPACE=$DRONE_WORKSPACE" + - echo "DRONE_WORKSPACE=${DRONE_WORKSPACE}" + - cd "$DRONE_WORKSPACE/opencti-platform/opencti-graphql" - yarn install - yarn build - yarn check-ts - yarn lint - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH - - echo [INFO] using package client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - echo "[INFO] using client-python on branch $(git branch --show-current)" + - pip3 install --upgrade --force . + - cd "$DRONE_WORKSPACE/opencti-platform/opencti-graphql" - NODE_OPTIONS=--max_old_space_size=8192 yarn test + depends_on: + - dependencies-checkout - name: api-coverage image: plugins/codecov @@ -204,13 +201,15 @@ services: SUBSCRIPTION_SCHEDULER__ENABLED: false commands: - sleep 10 + - ls -lart - cp -a opencti-platform/* /tmp/raw-start-platform/ - - source ./variables - apk add build-base git libffi-dev cargo - cd /tmp/raw-start-platform/opencti-graphql - yarn install - yarn install:python - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - pip3 install --upgrade --force . + - cd /tmp/raw-start-platform/opencti-graphql - NODE_OPTIONS=--max_old_space_size=8192 yarn start - name: opencti-live-start image: nikolaik/python-nodejs:python3.11-nodejs20-alpine @@ -235,12 +234,13 @@ services: commands: - sleep 10 - cp -a opencti-platform/* /tmp/live-start-platform/ - - source ./variables - apk add build-base git libffi-dev cargo - cd /tmp/live-start-platform/opencti-graphql - yarn install - yarn install:python - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - pip3 install --upgrade --force . + - cd /tmp/live-start-platform/opencti-graphql - NODE_OPTIONS=--max_old_space_size=8192 yarn start - name: opencti-direct-start image: nikolaik/python-nodejs:python3.11-nodejs20-alpine @@ -265,12 +265,13 @@ services: commands: - sleep 10 - cp -a opencti-platform/* /tmp/direct-start-platform/ - - source ./variables - apk add build-base git libffi-dev cargo - cd /tmp/direct-start-platform/opencti-graphql - yarn install - yarn install:python - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - pip3 install --upgrade --force . + - cd /tmp/direct-start-platform/opencti-graphql - NODE_OPTIONS=--max_old_space_size=8192 yarn start - name: opencti-direct-worker image: nikolaik/python-nodejs:python3.11-nodejs20-alpine @@ -284,12 +285,13 @@ services: commands: - sleep 10 - cp -a opencti-worker /tmp/direct-start-worker - - source ./variables - apk add build-base git libffi-dev cargo - while ! nc -z opencti-direct-start 4300 ; do sleep 1 ; done - cd /tmp/direct-start-worker - pip3 install -r src/requirements.txt - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - pip3 install --upgrade --force . + - cd /tmp/direct-start-worker - python3 src/worker.py - name: opencti-restore-start image: nikolaik/python-nodejs:python3.11-nodejs20-alpine @@ -315,11 +317,12 @@ services: - sleep 10 - cp -a opencti-platform/* /tmp/restore-start-platform/ - apk add build-base git libffi-dev cargo - - source ./variables - cd /tmp/restore-start-platform/opencti-graphql - yarn install - yarn install:python - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - pip3 install --upgrade --force . + - cd /tmp/restore-start-platform/opencti-graphql - NODE_OPTIONS=--max_old_space_size=8192 yarn start - name: opencti-e2e-start image: nikolaik/python-nodejs:python3.11-nodejs20-alpine @@ -349,8 +352,9 @@ services: - yarn install - yarn install:python - BRANCH=$(echo $DRONE_COMMIT_BRANCH | cut -d "/" -f 2) - - CLIENT_PYTHON_BRANCH=$([[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/client-python.git opencti/$BRANCH)")" != '' ]] && echo opencti/$BRANCH || echo 'master') - - pip3 install --upgrade --force git+https://github.com/OpenCTI-Platform/client-python@$CLIENT_PYTHON_BRANCH + - cd "$DRONE_WORKSPACE/client-python" + - pip3 install --upgrade --force . + - cd /tmp/e2e-start-platform/opencti-graphql - yarn build:dev - yarn wait-api && yarn insert:dev & - NODE_OPTIONS=--max_old_space_size=8192 yarn start diff --git a/scripts/clone-dependencies.sh b/scripts/clone-dependencies.sh new file mode 100644 index 000000000000..c3d613ec6f8d --- /dev/null +++ b/scripts/clone-dependencies.sh @@ -0,0 +1,128 @@ +#!/bin/sh + +if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$3" ]] +then + echo "[CLONE-DEPS] This scripts $0 requires 3 paramaters: branch_name:$1, workspace:$2 (optional: PR_number:$3)" + exit 0 +fi + +PR_BRANCH_NAME=$1 +WORKSPACE=$2 +PR_NUMBER=$3 + + +CLI_PYTHON_DIR="${WORKSPACE}/client-python" +CONNECTOR_DIR="${WORKSPACE}/opencti-connectors" +echo "CLI_PYTHON_DIR=${CLI_PYTHON_DIR}" +echo "CONNECTOR_DIR=${CONNECTOR_DIR}" + +clone_for_pr_build() { + cd ${WORKSPACE} + export GH_TOKEN="${GITHUB_TOKEN}" + + gh auth login --hostname github.com --with-token ${GH_TOKEN} + gh auth status + gh repo set-default https://github.com/OpenCTI-Platform/opencti + + #Check current PR to see if label "multi-repository" is set + IS_MULTI_REPO=$(gh pr view ${PR_NUMBER} --json labels | grep -c "multi-repository") + if [[ ${IS_MULTI_REPO} -eq 1 ]] + then + TARGET_BRANCH="${PR_BRANCH_NAME}" + + # ------ + # For client-python, maybe one day we will refactor to a function. + echo "[CLONE-DEPS][CLIENT-PYTHON] Multi repository PR, looking for client-python related branch" + gh repo clone https://github.com/OpenCTI-Platform/client-python ${CLI_PYTHON_DIR} + cd ${CLI_PYTHON_DIR} + + # search for the first opencti PR that matches OPENCTI_BRANCH + gh repo set-default https://github.com/OpenCTI-Platform/client-python + gh pr list --label "multi-repository" > multi-repo-cli-python-prs.txt + + cat multi-repo-cli-python-prs.txt + + CLI_PYTHON_PR_NUMBER=$(cat multi-repo-cli-python-prs.txt | grep "${TARGET_BRANCH}" | head -n 1 | sed 's/#//g' | awk '{print $1}') + echo "CLI_PYTHON_PR_NUMBER=${CLI_PYTHON_PR_NUMBER}" + + if [[ "${CLI_PYTHON_PR_NUMBER}" != "" ]] + then + echo "[CLONE-DEPS][CLIENT-PYTHON] Found a PR in client-python with number ${CLI_PYTHON_PR_NUMBER}, using it." + gh pr checkout ${CLI_PYTHON_PR_NUMBER} + else + echo "[CLONE-DEPS][CLIENT-PYTHON] No PR found in client-python side, keeping client-python:master" + # Repository already clone on master branch + fi + + # ------ + # For connector, maybe one day we will refactor to a function. + echo "[CLONE-DEPS][CONNECTOR] Multi repository PR, looking for connectors related branch" + gh repo clone https://github.com/OpenCTI-Platform/connectors ${CONNECTOR_DIR} + cd ${CONNECTOR_DIR} + + # search for the first opencti PR that matches OPENCTI_BRANCH + gh repo set-default https://github.com/OpenCTI-Platform/connectors + gh pr list --label "multi-repository" > multi-repo-connector-prs.txt + + cat multi-repo-connector-prs.txt + + CONNECTOR_PR_NUMBER=$(cat multi-repo-connector-prs.txt | grep "${TARGET_BRANCH}" | head -n 1 | sed 's/#//g' | awk '{print $1}') + echo "CONNECTOR_PR_NUMBER=${CONNECTOR_PR_NUMBER}" + + if [[ "${CONNECTOR_PR_NUMBER}" != "" ]] + then + echo "[CLONE-DEPS][CONNECTOR] Found a PR in connectors with number ${CONNECTOR_PR_NUMBER}, using it." + gh pr checkout ${CONNECTOR_PR_NUMBER} + else + echo "[CLONE-DEPS][CONNECTOR] No PR found in connectors side, keeping connector:master" + # Repository already clone on master branch + fi + + else + echo "[CLONE-DEPS] NOT multi repo, cloning client-python:master and connector:master" + gh repo clone https://github.com/OpenCTI-Platform/client-python ${CLI_PYTHON_DIR} + gh repo clone https://github.com/OpenCTI-Platform/connectors ${CONNECTOR_DIR} + fi +} + +clone_for_push_build() { + echo "[CLONE-DEPS][CLIENT-PYTHON] Build from a commit, checking if a dedicated branch is required." + if [[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/client-python.git refs/heads/$PR_BRANCH_NAME)")" != '' ]] + then + CLIENT_PYTHON_BRANCH=${PR_BRANCH_NAME} + else + CLIENT_PYTHON_BRANCH=$([[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/client-python.git refs/heads/opencti/$PR_BRANCH_NAME)")" != '' ]] && echo opencti/$PR_BRANCH_NAME || echo 'master') + fi + git clone -b $CLIENT_PYTHON_BRANCH https://github.com/OpenCTI-Platform/client-python.git ${CLI_PYTHON_DIR} + + echo "[CLONE-DEPS][CONNECTOR] Build from a commit, checking if a dedicated branch is required." + if [[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/connectors.git refs/heads/$PR_BRANCH_NAME)")" != '' ]] + then + CONNECTOR_BRANCH=${PR_BRANCH_NAME} + else + CONNECTOR_BRANCH=$([[ "$(echo "$(git ls-remote --heads https://github.com/OpenCTI-Platform/connectors.git refs/heads/opencti/$PR_BRANCH_NAME)")" != '' ]] && echo opencti/$PR_BRANCH_NAME || echo 'master') + fi + + git clone -b $CONNECTOR_BRANCH https://github.com/OpenCTI-Platform/connectors.git ${CONNECTOR_DIR} +} + +echo "[CLONE-DEPS] START; with PR_BRANCH_NAME=${PR_BRANCH_NAME}, PR_NUMBER=${PR_NUMBER}, OPENCTI_DIR=${OPENCTI_DIR}." +if [[ -z ${PR_NUMBER} ]] || [[ ${PR_NUMBER} == "" ]] +then + # No PR number from Drone = "Push build". And it's only for repository branch (not fork) + # Only check branches from OpenCTI-Platform org + echo "[CLONE-DEPS] No PR number from Drone = "Push build"; it's only for repository branch (not fork)." + clone_for_push_build +else + # PR build is trigger from Pull Request coming both from branch and forks. + # We need to have this clone accross repository that works for forks (community PR) + echo "[CLONE-DEPS] Got PR number ${PR_NUMBER} from Drone = "PR build"; Pull Request coming both from branch and forks." + clone_for_pr_build +fi + +cd ${CONNECTOR_DIR} +echo "[CLONE-DEPS] END; Using connectors on branch:$(git branch --show-current)" +cd ${CLI_PYTHON_DIR} +echo "[CLONE-DEPS] END; Using client-python on branch:$(git branch --show-current)" + +cd ${WORKSPACE} \ No newline at end of file From afdb3f3d7c107158d74be8f5ee479afb5eb1d230 Mon Sep 17 00:00:00 2001 From: Samuel Hassine Date: Thu, 30 May 2024 15:10:28 +0200 Subject: [PATCH 3/6] [integration] Fix permission on folders in Docker build (#7090, #7188) --- opencti-platform/Dockerfile | 7 +++---- opencti-platform/Dockerfile_circleci | 7 +++---- opencti-platform/Dockerfile_circleci_fips | 7 +++---- opencti-platform/Dockerfile_fips | 7 +++---- 4 files changed, 12 insertions(+), 16 deletions(-) diff --git a/opencti-platform/Dockerfile b/opencti-platform/Dockerfile index 738905b5bf2c..51ccde9e9d72 100644 --- a/opencti-platform/Dockerfile +++ b/opencti-platform/Dockerfile @@ -98,10 +98,9 @@ RUN set -ex \ -S \ -u "${UID}" \ "${USERNAME}" \ - && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' - -RUN mkdir -p /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support \ - && chmod -R 0733 /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/telemetry' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/.support' VOLUME ["/opt/opencti/logs", "/opt/opencti/telemetry", "/opt/opencti/.support"] diff --git a/opencti-platform/Dockerfile_circleci b/opencti-platform/Dockerfile_circleci index 4b1c6eaa579d..fb6908a5bea1 100644 --- a/opencti-platform/Dockerfile_circleci +++ b/opencti-platform/Dockerfile_circleci @@ -70,10 +70,9 @@ RUN set -ex \ -S \ -u "${UID}" \ "${USERNAME}" \ - && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' - -RUN mkdir -p /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support \ - && chmod -R 0733 /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/telemetry' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/.support' VOLUME ["/opt/opencti/logs", "/opt/opencti/telemetry", "/opt/opencti/.support"] diff --git a/opencti-platform/Dockerfile_circleci_fips b/opencti-platform/Dockerfile_circleci_fips index 4d5489ccb18d..149a35e97cbd 100644 --- a/opencti-platform/Dockerfile_circleci_fips +++ b/opencti-platform/Dockerfile_circleci_fips @@ -60,10 +60,9 @@ RUN set -ex \ -S \ -u "${UID}" \ "${USERNAME}" \ - && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' - -RUN mkdir -p /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support \ - && chmod -R 0733 /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/telemetry' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/.support' VOLUME ["/opt/opencti/logs", "/opt/opencti/telemetry", "/opt/opencti/.support"] diff --git a/opencti-platform/Dockerfile_fips b/opencti-platform/Dockerfile_fips index a521bfaaee83..94d5d8690f71 100644 --- a/opencti-platform/Dockerfile_fips +++ b/opencti-platform/Dockerfile_fips @@ -83,10 +83,9 @@ RUN set -ex \ -S \ -u "${UID}" \ "${USERNAME}" \ - && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' - -RUN mkdir -p /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support \ - && chmod -R 0733 /opt/opencti/logs /opt/opencti/telemetry /opt/opencti/.support + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/logs' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/telemetry' \ + && install -o "${UID}" -g "${GID}" -m 0755 -d '/opt/opencti/.support' VOLUME ["/opt/opencti/logs", "/opt/opencti/telemetry", "/opt/opencti/.support"] From c3c3c87700d912020963237c38e470b9b9679f00 Mon Sep 17 00:00:00 2001 From: "A. Jard" Date: Thu, 30 May 2024 15:12:57 +0200 Subject: [PATCH 4/6] [platform] Fix parameters multi-repository CI from forks (#7062) --- scripts/clone-dependencies.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/clone-dependencies.sh b/scripts/clone-dependencies.sh index c3d613ec6f8d..23ed660b0cfb 100644 --- a/scripts/clone-dependencies.sh +++ b/scripts/clone-dependencies.sh @@ -1,8 +1,8 @@ #!/bin/sh -if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$3" ]] +if [[ -z "$1" ]] || [[ -z "$2" ]] then - echo "[CLONE-DEPS] This scripts $0 requires 3 paramaters: branch_name:$1, workspace:$2 (optional: PR_number:$3)" + echo "[CLONE-DEPS] This scripts $0 requires 2 paramaters: branch_name:$1, workspace:$2 (optional: PR_number:$3)" exit 0 fi From a470823d8642c921d134aac9c06aecbea964e5e5 Mon Sep 17 00:00:00 2001 From: troll-os <39793416+troll-os@users.noreply.github.com> Date: Thu, 30 May 2024 17:16:46 +0200 Subject: [PATCH 5/6] Fix/feature branch (#7189) --- .github/workflows/test-feature-branch.yml | 2 +- opencti-platform/Dockerfile_ga | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-feature-branch.yml b/.github/workflows/test-feature-branch.yml index ff733893e983..254a38ac2334 100644 --- a/.github/workflows/test-feature-branch.yml +++ b/.github/workflows/test-feature-branch.yml @@ -49,7 +49,7 @@ jobs: - uses: actions/checkout@v4 - uses: jirutka/setup-alpine@v1 with: - branch: v3.18 + branch: v3.20 packages: > nodejs npm git tini gcc g++ make musl-dev cargo python3 py3-pip python3-dev postfix postfix-pcre diff --git a/opencti-platform/Dockerfile_ga b/opencti-platform/Dockerfile_ga index 8540596c4cad..6893445324ff 100644 --- a/opencti-platform/Dockerfile_ga +++ b/opencti-platform/Dockerfile_ga @@ -1,4 +1,4 @@ -FROM node:20-alpine AS app +FROM node:20-alpine3.20 AS app WORKDIR /opt RUN apk add tini python3 py3-pip python3-dev git From 6343b82b0b0a5d3ded3b30d08ce282328a556268 Mon Sep 17 00:00:00 2001 From: Samuel Hassine Date: Thu, 30 May 2024 21:13:41 +0200 Subject: [PATCH 6/6] [backend] Enhance prompts to generate scenarios --- .../src/modules/xtm/xtm-domain.js | 86 ++++++++++++------- 1 file changed, 53 insertions(+), 33 deletions(-) diff --git a/opencti-platform/opencti-graphql/src/modules/xtm/xtm-domain.js b/opencti-platform/opencti-graphql/src/modules/xtm/xtm-domain.js index 0052c2bf32fd..adc724c6290a 100644 --- a/opencti-platform/opencti-graphql/src/modules/xtm/xtm-domain.js +++ b/opencti-platform/opencti-graphql/src/modules/xtm/xtm-domain.js @@ -125,13 +125,13 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att - The context is a cybersecurity breach and attack simulation and cybersecurity crisis management exercise - The enterprise is under attack! The incident response team and the CISO will need to answer to fake injections and questions. - You should fake it and not writing about the simulation but like if it is a true cybersecurity threat and / or incident. - - Order of kill chain phases is ${killChainPhasesListOfNames} - - We are in the kill chain phase ${killChainPhaseName} - - You should write an email message representing this kill chain phase (${killChainPhaseName}) targeting the enterprise of 3 paragraphs with 3 lines in each paragraph - - The email message should be addressed from the security operation center team to the incident response team, talking about the phase of the attack - - The incident response team is under attack - - Ensure that all words are accurately spelled and that the grammar is correct. - - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format + - Order of kill chain phases is ${killChainPhasesListOfNames}. + - We are in the kill chain phase ${killChainPhaseName}. + - You should write an email message (only the content, NOT the subject) representing this kill chain phase (${killChainPhaseName}) targeting the enterprise of 3 paragraphs with 3 lines in each paragraph in HTML. + - The email message should be addressed from the security operation center team to the incident response team, talking about the phase of the attack. + - The incident response team is under attack. + - Ensure that all words are accurately spelled and that the grammar is correct and the output format is in HTML. + - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format. # Context about the attack ${content} @@ -139,8 +139,8 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att const responseIncidentResponse = await compute(null, promptIncidentResponse, user); const promptIncidentResponseSubject = ` # Instructions - - Generate a subject for the following email - - The subject should be short and comprehensible + - Generate a subject for the following email. + - The subject should be short and comprehensible. - Ensure that all words are accurately spelled and that the grammar is correct. # Email content @@ -156,7 +156,7 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att dependsOnDuration, { expectations: [], - subject: `[${killChainPhaseName}] ${responseIncidentResponseSubject}`, + subject: responseIncidentResponseSubject, body: responseIncidentResponse }, [{ value: 'opencti', color: '#001bda' }, { value: 'csirt', color: '#c28b0d' }] @@ -168,13 +168,13 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att - The context is a cybersecurity breach and attack simulation and cybersecurity crisis management exercise - The enterprise is under attack! The incident response team and the CISO will need to answer to fake injections and questions. - You should fake it and not writing about the simulation but like if it is a true cybersecurity threat and / or incident. - - Order of kill chain phases is ${killChainPhasesListOfNames} - - We are in the kill chain phase ${killChainPhaseName} - - You should write an email message representing this kill chain phase (${killChainPhaseName}) targeting the enterprise of 3 paragraphs with 3 lines in each paragraph - - The email message should be addressed from the security operation center team to the chief security officer, talking about the phase of the attack - - The incident response team is under attack + - Order of kill chain phases is ${killChainPhasesListOfNames}. + - We are in the kill chain phase ${killChainPhaseName}. + - You should write an email message (only the content, NOT the subject) representing this kill chain phase (${killChainPhaseName}) targeting the enterprise of 3 paragraphs with 3 lines in each paragraph in HTML. + - The email message should be addressed from the security operation center team to the chief security officer, talking about the phase of the attack. + - The incident response team is under attack. - Ensure that all words are accurately spelled and that the grammar is correct. - - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format + - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format. # Context about the attack ${content} @@ -199,7 +199,7 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att dependsOnDuration, { expectations: [], - subject: `[${killChainPhaseName}] ${responseCisoSubject}`, + subject: responseCisoSubject, body: responseCiso }, [{ value: 'opencti', color: '#001bda' }, { value: 'ciso', color: '#b41313' }] @@ -239,14 +239,14 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att - The context is a cybersecurity breach and attack simulation and cybersecurity crisis management exercise - The enterprise is under attack! The incident response team and the CISO will need to answer to fake injections and questions. - You should fake it and not writing about the simulation but like if it is a true cybersecurity threat and / or incident. - - Order of kill chain phases is ${killChainPhasesListOfNames} - - Examine the provided content which describes an attack technique in the context of the kill chain phase ${killChainPhaseName} - - You should take into account the context about the attack - - You should write an email message representing this attack technique targeting the enterprise of 3 paragraphs with 3 lines in each paragraph - - The email message should be addressed from the security operation center team to the incident response team, talking about the phase of the attack - - The incident response team is under attack + - Order of kill chain phases is ${killChainPhasesListOfNames}. + - Examine the provided content which describes an attack technique in the context of the kill chain phase ${killChainPhaseName}. + - You should take into account the context about the attack. + - You should write an email message (only the content, NOT the subject) representing this attack technique targeting the enterprise of 3 paragraphs with 3 lines in each paragraph in HTML. + - The email message should be addressed from the security operation center team to the incident response team, talking about the phase of the attack. + - The incident response team is under attack. - Ensure that all words are accurately spelled and that the grammar is correct. - - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format + - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format. # Context about the attack ${content} @@ -255,6 +255,16 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att ${obasAttackPattern.attack_pattern_description} `; const responseIncidentResponse = await compute(null, promptIncidentResponse, user); + const promptIncidentResponseSubject = ` + # Instructions + - Generate a subject for the following email + - The subject should be short and comprehensible + - Ensure that all words are accurately spelled and that the grammar is correct. + + # Email content + ${responseIncidentResponse} + `; + const responseIncidentResponseSubject = await compute(null, promptIncidentResponseSubject, user); const titleIncidentResponse = `[${killChainPhaseName}] ${obasAttackPattern.attack_pattern_name} - Email to the incident response team`; await createInjectInScenario( obasScenario.scenario_id, @@ -262,7 +272,7 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att '2790bd39-37d4-4e39-be7e-53f3ca783f86', titleIncidentResponse, dependsOnDuration, - { expectations: [], subject: `[${killChainPhaseName}] ${obasAttackPattern.attack_pattern_name}`, body: responseIncidentResponse }, + { expectations: [], subject: responseIncidentResponseSubject, body: responseIncidentResponse }, [{ value: 'opencti', color: '#001bda' }, { value: 'csirt', color: '#c28b0d' }] ); dependsOnDuration += (interval * 60); @@ -271,14 +281,14 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att - The context is a cybersecurity breach and attack simulation and cybersecurity crisis management exercise - The enterprise is under attack! The incident response team and the CISO will need to answer to fake injections and questions. - You should fake it and not writing about the simulation but like if it is a true cybersecurity threat and / or incident. - - Order of kill chain phases is ${killChainPhasesListOfNames} - - Examine the provided content which describes an attack technique in the context of the kill chain phase ${killChainPhaseName} - - You should write an email message representing this attack technique targeting the enterprise of 3 paragraphs with 3 lines in each paragraph - - You should take into account the context about the attack - - The email message should be addressed from the security operation center team to the chief information security officer - - The CISO is under attack + - Order of kill chain phases is ${killChainPhasesListOfNames}. + - Examine the provided content which describes an attack technique in the context of the kill chain phase ${killChainPhaseName}. + - You should write an email message (only the content, NOT the subject) representing this attack technique targeting the enterprise of 3 paragraphs with 3 lines in each paragraph in HTML. + - You should take into account the context about the attack. + - The email message should be addressed from the security operation center team to the chief information security officer. + - The CISO is under attack. - Ensure that all words are accurately spelled and that the grammar is correct. - - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format + - Your response should be in HTML format. Be sure to respect this format and to NOT output anything else than the format. # Context about the attack ${content} @@ -287,6 +297,16 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att ${obasAttackPattern.attack_pattern_description} `; const responseCiso = await compute(null, promptCiso, user); + const promptCisoSubject = ` + # Instructions + - Generate a subject for the following email + - The subject should be short and comprehensible + - Ensure that all words are accurately spelled and that the grammar is correct. + + # Email content + ${responseCiso} + `; + const responseCisoSubject = await compute(null, promptCisoSubject, user); const titleCiso = `[${killChainPhaseName}] ${obasAttackPattern.attack_pattern_name} - Email to the CISO`; await createInjectInScenario( obasScenario.scenario_id, @@ -294,7 +314,7 @@ export const generateOpenBasScenario = async (context, user, stixCoreObject, att '2790bd39-37d4-4e39-be7e-53f3ca783f86', titleCiso, dependsOnDuration, - { expectations: [], subject: `[${killChainPhaseName}] ${obasAttackPattern.attack_pattern_name}`, body: responseCiso }, + { expectations: [], subject: responseCisoSubject, body: responseCiso }, [{ value: 'opencti', color: '#001bda' }, { value: 'ciso', color: '#b41313' }] ); dependsOnDuration += (interval * 60);