OpenCTI-Platform
[frontend/backend] Apply marking definition to export files (#5797)
Proposed changes
- Update InternalFile entity model with content, file, and object markings
- Update export generation forms with required fields: content and file max definition levels
- Add markings to API and export report pdf connector communications
Related issues
- https://github.com/OpenCTI-Platform/opencti/issues/5797
Checklist
- [ ] I consider the submitted work as finished
- [x] I tested the code for its functionality
- [ ] I wrote test cases for the relevant uses case
- [ ] I added/update the relevant documentation (either on github or on notion)
- [x] Where necessary I refactored code to improve the overall quality
Further comments
This pull request is related to the ones in the Client-Python and Connectors :
- https://github.com/OpenCTI-Platform/client-python/pull/561
- https://github.com/OpenCTI-Platform/connectors/pull/1833
The current work submitted in this Pull Request fulfills 1 / 3 acceptance criteria. Please take a look at the brainstorming for more details.
We have to update the export list in the frontend to finalize this feature :
- The
exportFilespagination only contains the id of every file. Despite the spread fragment presence. The idea was to compare the current user markings and the file ones for every file. Julien has mentioned a mechanism to control the access to data with the markings. It is supposed to automatically compare the resolved allowed markings of the user and the markings of the data to file in the current location. - The initial approach to store the Internal File in Elastic was to replace the manual file indexing with the usual Entity creation: indexFileToDocument -> createEntity. I kept both because
createEntityalone was breaking the exportFiles pagination in the frontend. And, importing createEntity in file storage provokes a dependency cycle betweenfile-storage.jsandmiddleware.js
I have left comments in the code source where I made some attempts.
/!\ maxMarking (string) is now renamed to contentMarkings or contentMaxMarkings (array) :
impact of this change still needs to be tested.
When I try to generate an export without 'file marking definition level', I get no error and nothing happens when I click on 'create' ( --> an error should be indicated):
Whereas trying to create it without 'content max marking definition levels' indicates an error :
Generate the export of an attack pattern, after clicking on 'create', we are redirected towards this page (instead of the 'Data' tab) :
When I try to generate an export without 'file marking definition level', I get no error and nothing happens when I click on 'create' ( --> an error should be indicated):
Whereas trying to create it without 'content max marking definition levels' indicates an error :
An error is only indicated when the input is touched for both, not before. This behavior appears to be consistent. @nino-filigran But when I try to generate an export without 'file marking definition level', I get error on my side.
Generate the export of an attack pattern, after clicking on 'create', we are redirected towards this page (instead of the 'Data' tab) :
This bug has been resolved on master.
Generate the export of an attack pattern, after clicking on 'create', we are redirected towards this page (instead of the 'Data' tab) :
This bug has been resolved on master.
No, i still have the bug on master (for attack patterns)
Csv export connector doesn't seem to take content max markings into account.
I exported a report with marking TLP:AMBER,
using TLP:GREEN as content max markings
but the exported file contains the report and the observable in it:
This doesn't occur with stix export connector
EDIT: this bug is already occuring on testing
--> created an issue: https://github.com/OpenCTI-Platform/opencti/issues/6745
Issue with observables export
Go to the observables tab. Generate an export. The pop-up only contains 'max markings':
and an error occurs at export:
Go to a feedback overview. Generate a csv simple export (ie only the entity).
You are redirected to (instead of the Data tab) :
And if you go to the Data tab, the generated file contains both the feedback and its related entities :
--> create an issue : https://github.com/OpenCTI-Platform/opencti/issues/6746
Codecov Report
Attention: Patch coverage is 63.93443% with 44 lines in your changes are missing coverage. Please review.
Project coverage is 68.03%. Comparing base (
023ed33) to head (6d8ba59).
Additional details and impacted files
@@ Coverage Diff @@
## master #6030 +/- ##
==========================================
+ Coverage 68.01% 68.03% +0.02%
==========================================
Files 538 538
Lines 65715 65779 +64
Branches 5568 5569 +1
==========================================
+ Hits 44695 44752 +57
- Misses 21020 21027 +7
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}