new: Submit any file to Pandora (if available)

Fix proposal for #670
Lookyloo · Apr 26, 2023 · 134ccf1 · 134ccf1
1 parent 952a530
commit 134ccf1
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 6 deletions.
diff --git a/website/web/__init__.py b/website/web/__init__.py
@@ -792,9 +792,24 @@ def tree_body_hashes(tree_uuid: str):
     return render_template('tree_body_hashes.html', tree_uuid=tree_uuid, body_hashes=body_hashes)
 
 
-@app.route('/tree/<string:tree_uuid>/pandora', methods=['GET'])
+@app.route('/tree/<string:tree_uuid>/pandora', methods=['GET', 'POST'])
 def pandora_submit(tree_uuid: str):
-    filename, content = lookyloo.get_data(tree_uuid)
+    node_uuid = None
+    if request.method == 'POST':
+        input_json = request.get_json(force=True)
+        node_uuid = input_json.get('node_uuid')
+        h_request = input_json.get('ressource_hash')
+    if node_uuid:
+        ressource = lookyloo.get_ressource(tree_uuid, node_uuid, h_request)
+        if ressource:
+            filename, content, mimetype = ressource
+        elif h_request:
+            return {'error': 'Unable to find resource {h_request} in node {node_uuid} of tree {tree_uuid}'}
+        else:
+            return {'error': 'Unable to find resource in node {node_uuid} of tree {tree_uuid}'}
+    else:
+        filename, content = lookyloo.get_data(tree_uuid)
+
     response = lookyloo.pandora.submit_file(content, filename)
     return jsonify(response)
 

diff --git a/website/web/templates/hostname_popup.html b/website/web/templates/hostname_popup.html
@@ -9,6 +9,7 @@
 {% from "macros.html" import other_captures_table %}
 {% from "macros.html" import get_ressource_button %}
 {% from "macros.html" import context_form %}
+{% from "macros.html" import pandora_submit %}
 
 {% block title %}Details for {{ hostnode.name }} {% endblock %}
 
@@ -63,9 +64,17 @@
   });
   </script>
   <script>
-  function submit_pandora(){
+  function submit_pandora(node_uuid, ressource_hash){
+    let data = {};
+    if (node_uuid) {
+        data.node_uuid = node_uuid;
+    };
+    if (ressource_hash) {
+        data.ressource_hash = ressource_hash;
+    };
     fetch("{{ url_for('pandora_submit', tree_uuid=tree_uuid)}}", {
-         method: "GET",
+        method: "POST",
+        body: JSON.stringify(data),
       })
       .then(response => response.json())
       .then(data => {
@@ -232,8 +241,7 @@ <h5>Domain IPs from a standalone DNS lookup:</h5>
           {% if url['url_object'].downloaded_filename %}
             {% if has_pandora %}
             <div> Downloaded file: <b>{{url['url_object'].downloaded_filename}}</b> ({{sizeof_fmt(url['url_object'].downloaded_file.getbuffer().nbytes)}})</div>
-            <button id="pandora_submit_button" type="button" class="btn btn-primary" onclick="submit_pandora()">Submit to Pandora</button>
-            <div>After clicking on the button above, a link to the report on Pandora will be copied in your clipboard.</div>
+            {{ pandora_submit() }}
             {% else %}
             <a href="{{ url_for('data', tree_uuid=tree_uuid)}}">
               Download {{url['url_object'].downloaded_filename}}
@@ -255,6 +263,9 @@ <h5>Domain IPs from a standalone DNS lookup:</h5>
             Empty body.
             {% else %}
             {{ ressource_legitimacy_details(url['legitimacy'], url['url_object'].body.getbuffer().nbytes) }}
+            {% if has_pandora %}
+            {{ pandora_submit(url['url_object'].uuid) }}
+            {% endif %}
             {% endif %}
             </div>
           {%endif%}
@@ -305,6 +316,9 @@ <h5>Domain IPs from a standalone DNS lookup:</h5>
               {% endif %}
               {{ ressource_legitimacy_details(details['legitimacy'], details['body_size']) }}
               </div>
+              {% if has_pandora %}
+              {{ pandora_submit(url['url_object'].uuid, hash) }}
+              {% endif %}
               <div>
                 This file {% if details['type'] %}(<b>{{ details['type'] }}</b>){% endif %} can be found <b>{{ details['hash_freq'] }}</b> times
                 across all the captures on this lookyloo instance, in <b>{{ details['hash_domains_freq'] }}</b> unique domains.

diff --git a/website/web/templates/macros.html b/website/web/templates/macros.html
@@ -271,6 +271,22 @@
 </div>
 {% endmacro %}
 
+
+{% macro pandora_submit(node_uuid, ressource_hash) %}
+<div class="col-sm-8">
+  <button id="pandora_submit_button" type="button" class="btn btn-primary btn-sm" title="open a new tab with the pandora report"
+  {% if node_uuid and ressource_hash %}
+    onclick="submit_pandora('{{node_uuid}}', '{{ressource_hash}}')"
+  {% elif node_uuid %}
+    onclick="submit_pandora('{{node_uuid}}')"
+  {% else %}
+    onclick="submit_pandora()"
+  {% endif %}
+  >Submit to Pandora</button>
+</div>
+{% endmacro %}
+
+
 {% macro popup_icons_response(urlnode, tree_uuid) %}
 <div>
   {% if urlnode.response_cookie %}