Merge remote-tracking branch 'gammelalf/finding-notify'

myOmikron · Mar 20, 2024 · 4e00844 · 4e00844
2 parents 33244d6 + cdc5537
commit 4e00844
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 0 deletions.
diff --git a/kraken/src/api/handler/finding_affected/handler.rs b/kraken/src/api/handler/finding_affected/handler.rs
@@ -28,6 +28,7 @@ use crate::api::handler::hosts::schema::SimpleHost;
 use crate::api::handler::ports::schema::SimplePort;
 use crate::api::handler::services::schema::SimpleService;
 use crate::chan::global::GLOBAL;
+use crate::chan::ws_manager::schema::WsMessage;
 use crate::models::Domain;
 use crate::models::Finding;
 use crate::models::FindingAffected;
@@ -92,6 +93,18 @@ pub async fn create_finding_affected(
     .await?;
 
     tx.commit().await?;
+    GLOBAL
+        .ws
+        .message_workspace(
+            w_uuid,
+            WsMessage::AddedFindingAffected {
+                workspace: w_uuid,
+                finding: f_uuid,
+                affected_uuid: request.uuid,
+                affected_type: request.r#type,
+            },
+        )
+        .await;
     Ok(HttpResponse::Ok().finish())
 }
 
@@ -348,6 +361,18 @@ pub async fn update_finding_affected(
     };
 
     tx.commit().await?;
+    GLOBAL
+        .ws
+        .message_workspace(
+            w_uuid,
+            WsMessage::UpdatedFindingAffected {
+                workspace: w_uuid,
+                finding: f_uuid,
+                affected_uuid: a_uuid,
+                update: request,
+            },
+        )
+        .await;
     Ok(HttpResponse::Ok().finish())
 }
 
@@ -382,5 +407,16 @@ pub async fn delete_finding_affected(
     FindingAffected::delete(&mut tx, uuid).await?;
 
     tx.commit().await?;
+    GLOBAL
+        .ws
+        .message_workspace(
+            w_uuid,
+            WsMessage::RemovedFindingAffected {
+                workspace: w_uuid,
+                finding: f_uuid,
+                affected_uuid: a_uuid,
+            },
+        )
+        .await;
     Ok(HttpResponse::Ok().finish())
 }
diff --git a/kraken/src/api/handler/finding_affected/schema.rs b/kraken/src/api/handler/finding_affected/schema.rs
@@ -39,15 +39,20 @@ pub struct CreateFindingAffectedRequest {
 }
 
 /// The request to update an affected object's details
+// The `#[serde(skip_serializing_if = "Option::is_none")]` is required by the frontend.
+// The update is echoed over the websocket to allow live editing
+// and the frontend needs to differentiate between no update and set to `None`.
 #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
 pub struct UpdateFindingAffectedRequest {
     /// A screenshot
     ///
     /// The file must have been uploaded through the image upload.
+    #[serde(skip_serializing_if = "Option::is_none")] // see above
     #[serde(default, deserialize_with = "de_optional")]
     pub screenshot: Option<Option<Uuid>>,
 
     /// A log file
+    #[serde(skip_serializing_if = "Option::is_none")] // see above
     #[serde(default, deserialize_with = "de_optional")]
     pub log_file: Option<Option<Uuid>>,
 }

diff --git a/kraken/src/api/handler/findings/handler.rs b/kraken/src/api/handler/findings/handler.rs
@@ -24,6 +24,7 @@ use crate::api::handler::findings::schema::SimpleFinding;
 use crate::api::handler::findings::schema::UpdateFindingRequest;
 use crate::api::handler::findings::utils::finding_affected_into_simple;
 use crate::chan::global::GLOBAL;
+use crate::chan::ws_manager::schema::WsMessage;
 use crate::models::Finding;
 use crate::models::FindingAffected;
 use crate::models::FindingDefinition;
@@ -267,6 +268,17 @@ pub async fn update_finding(
     .await?;
 
     tx.commit().await?;
+    GLOBAL
+        .ws
+        .message_workspace(
+            w_uuid,
+            WsMessage::UpdatedFinding {
+                workspace: w_uuid,
+                finding: f_uuid,
+                update: request,
+            },
+        )
+        .await;
     Ok(HttpResponse::Ok().finish())
 }
 

diff --git a/kraken/src/api/handler/findings/schema.rs b/kraken/src/api/handler/findings/schema.rs
@@ -38,23 +38,30 @@ pub struct CreateFindingRequest {
 }
 
 /// The request to update an existing finding
+// The `#[serde(skip_serializing_if = "Option::is_none")]` is required by the frontend.
+// The update is echoed over the websocket to allow live editing
+// and the frontend needs to differentiate between no update and set to `None`.
 #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
 pub struct UpdateFindingRequest {
     /// Name of the new finding definition
     ///
     /// This must be unique
+    #[serde(skip_serializing_if = "Option::is_none")] // see above
     pub definition: Option<Uuid>,
 
     /// The severity of this specific instance of the finding
+    #[serde(skip_serializing_if = "Option::is_none")] // see above
     pub severity: Option<FindingSeverity>,
 
     /// A screenshot
     ///
     /// The file must have been uploaded through the image upload.
+    #[serde(skip_serializing_if = "Option::is_none")] // see above
     #[serde(default, deserialize_with = "de_optional")]
     pub screenshot: Option<Option<Uuid>>,
 
     /// A log file
+    #[serde(skip_serializing_if = "Option::is_none")] // see above
     #[serde(default, deserialize_with = "de_optional")]
     pub log_file: Option<Option<Uuid>>,
 }

diff --git a/kraken/src/chan/ws_manager/schema.rs b/kraken/src/chan/ws_manager/schema.rs
@@ -13,6 +13,8 @@ use uuid::Uuid;
 use crate::api::handler::attack_results::schema::FullDnsTxtScanResult;
 use crate::api::handler::attacks::schema::SimpleAttack;
 use crate::api::handler::domains::schema::SimpleDomain;
+use crate::api::handler::finding_affected::schema::UpdateFindingAffectedRequest;
+use crate::api::handler::findings::schema::UpdateFindingRequest;
 use crate::api::handler::hosts::schema::SimpleHost;
 use crate::api::handler::ports::schema::SimplePort;
 use crate::api::handler::services::schema::SimpleService;
@@ -271,6 +273,46 @@ pub enum WsMessage {
         /// The new cursor position
         cursor: CursorPosition,
     },
+    /// A finding has been updated
+    UpdatedFinding {
+        /// The workspace the updated finding is in
+        workspace: Uuid,
+        /// The finding which has been updated
+        finding: Uuid,
+        /// The update
+        update: UpdateFindingRequest,
+    },
+    /// An affected has been added to a finding
+    AddedFindingAffected {
+        /// The workspace the updated finding is in
+        workspace: Uuid,
+        /// The finding which has been updated
+        finding: Uuid,
+        /// The affected's uuid
+        affected_uuid: Uuid,
+        /// The affected's type
+        affected_type: AggregationType,
+    },
+    /// A finding's affected has been updated
+    UpdatedFindingAffected {
+        /// The workspace the updated finding is in
+        workspace: Uuid,
+        /// The finding which has been updated
+        finding: Uuid,
+        /// The affected's uuid
+        affected_uuid: Uuid,
+        /// The update
+        update: UpdateFindingAffectedRequest,
+    },
+    /// An affected has been removed to a finding
+    RemovedFindingAffected {
+        /// The workspace the updated finding is in
+        workspace: Uuid,
+        /// The finding which has been updated
+        finding: Uuid,
+        /// The affected's uuid
+        affected_uuid: Uuid,
+    },
 }
 
 /// The target of the editor