MISP plugin added

Author: aleksejsv

.gitignore

@@ -1,7 +1,5 @@
-certs/graph.*
-certs/graph-*
-certs/certca2.crt
-certs/cluster.crt
+certs/*
+!certs/graphoscope.*
 definitions/*.yaml
 !definitions/sources/*.example
 !definitions/processors/*.example

Dockerfile.example

@@ -29,11 +29,12 @@ RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/elasticsearc
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/http.so              plugins/src/http/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/rest.so              plugins/src/rest/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/mongodb.so           plugins/src/mongodb/*.go
-RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/pastelyzer.so        plugins/src/pastelyzer/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/postgresql.so        plugins/src/postgresql/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/redis.so             plugins/src/redis/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/mysql.so             plugins/src/mysql/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/file-csv.so          plugins/src/file/csv/*.go
+RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/misp.so              plugins/src/misp/*.go
+RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/pastelyzer.so        plugins/src/pastelyzer/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/abuseipdb.so         plugins/src/abuseipdb/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/hashlookup.so        plugins/src/hashlookup/*.go
 RUN go build -buildmode=plugin -ldflags="-w" -o /go/plugins/sources/circl_passive_ssl.so plugins/src/circl_passive_ssl/*.go

Makefile.example

@@ -170,22 +170,23 @@ uninstall-remote:
 
 # Build plugins locally, mainly for development
 plugins-local:
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/elasticsearch.v7.so plugins/src/elasticsearch.v7/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/http.so             plugins/src/http/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/rest.so             plugins/src/rest/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/mongodb.so          plugins/src/mongodb/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/pastelyzer.so       plugins/src/pastelyzer/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/postgresql.so       plugins/src/postgresql/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/redis.so            plugins/src/redis/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/mysql.so            plugins/src/mysql/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/file-csv.so         plugins/src/file/csv/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/abuseipdb.so        plugins/src/abuseipdb/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/hashlookup.so       plugins/src/hashlookup/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/elasticsearch.v7.so  plugins/src/elasticsearch.v7/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/http.so              plugins/src/http/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/rest.so              plugins/src/rest/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/mongodb.so           plugins/src/mongodb/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/postgresql.so        plugins/src/postgresql/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/redis.so             plugins/src/redis/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/mysql.so             plugins/src/mysql/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/file-csv.so          plugins/src/file/csv/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/misp.so              plugins/src/misp/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/pastelyzer.so        plugins/src/pastelyzer/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/abuseipdb.so         plugins/src/abuseipdb/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/hashlookup.so        plugins/src/hashlookup/*.go
 	go build -buildmode=plugin -ldflags="-w" -o plugins/sources/circl_passive_ssl.so plugins/src/circl_passive_ssl/*.go
 	CGO_CFLAGS="-g -O2 -Wno-return-local-addr" go build -buildmode=plugin -ldflags="-w" -o plugins/sources/sqlite.so plugins/src/sqlite/*.go
 
-	go build -buildmode=plugin -ldflags="-w" -o plugins/processors/taxonomy.so      plugins/src/taxonomy/*.go
-	go build -buildmode=plugin -ldflags="-w" -o plugins/processors/modify.so        plugins/src/modify/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/processors/taxonomy.so       plugins/src/taxonomy/*.go
+	go build -buildmode=plugin -ldflags="-w" -o plugins/processors/modify.so         plugins/src/modify/*.go
 
 	go build -buildmode=plugin -ldflags="-w" -o /dev/null plugins/src/template/*.go
 
@@ -195,21 +196,23 @@ test:
 	go test plugins/src/http/*.go
 	go test plugins/src/rest/*.go
 	go test plugins/src/mongodb/*.go
-	go test plugins/src/pastelyzer/*.go
 	go test plugins/src/postgresql/*.go
 	go test plugins/src/redis/*.go
 	go test plugins/src/mysql/*.go
 	go test plugins/src/file/csv/*.go
+	go test plugins/src/misp/*.go
+	go test plugins/src/pastelyzer/*.go
 	go test plugins/src/abuseipdb/*.go
 	go test plugins/src/hashlookup/*.go
 	go test plugins/src/circl_passive_ssl/*.go
 	CGO_CFLAGS="-g -O2 -Wno-return-local-addr" go test plugins/src/sqlite/*.go
 
 	go test plugins/src/taxonomy/*.go
+	go test plugins/src/modify/*.go
 
 # Check for Golang errors & inefficient code. Install with:
 # curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh
 # mv bin/golangci-lint "$GOPATH/bin/" && rm -rf bin
 lint:
-	golangci-lint run --enable=golint --enable=gosec --enable=maligned --enable=prealloc --skip-dirs "(ideas)" ./...
+	golangci-lint run --timeout=2m --enable=revive --enable=gosec --enable=govet --enable=prealloc --exclude-dirs "(ideas)" ./...
 	# golint .

README.md

@@ -88,6 +88,7 @@ Available plugins are in [plugins/src](plugins/src):
 - AbuseIPDB
 - Hashlookup
 - CIRCL Passive SSL
+- MISP
 
 3rd party compiled `*.so` plugins should be placed in [plugins/sources](plugins/sources) directory.
 
@@ -199,14 +200,14 @@ Response example for the first query:
 - [ ] Implement other SQL features, like `NOT BETWEEN`
 - [ ] Filters `Edit` button doesn't work if data source is not available any more
 - [ ] API can return an image instead of JSON
+- [ ] Use the official package for the Elasticsearch plugin
 - [ ] Data source plugins:
   - [ ] RTIR
   - [ ] MS SQL
   - [ ] Oracle SQL
   - [ ] Apache Cassandra
   - [ ] Genji
   - [ ] Presto
-  - [ ] MISP
   - [ ] VirusTotal
   - [ ] Shodan
   - [ ] General TCP

VERSION

@@ -1 +1 @@
-2.5.7
+2.5.8

assets/js/graph.js

@@ -572,8 +572,13 @@ class Graph {
 
         for (var i = 0; i < selected.length; i++) {
             const node = this.application.graph.network.body.nodes[selected[i]];
-            this.application.search.query('FROM ' + source + ' WHERE ' + node.options.search + '=\'' + node.options.attributes[node.options.group] + '\'');
 
+            if (node.options.search === '') {
+                this.application.modal.error('Can not expand graph!', 'Search for this node type is not supported yet!');
+                return;
+            }
+
+            this.application.search.query('FROM ' + source + ' WHERE ' + node.options.search + '=\'' + node.options.attributes[node.options.group] + '\'');
             console.log('Expanding by', node.options.search, '=', node.id, 'from', source);
         }
     }

assets/js/sql-autocomplete.js

@@ -78,15 +78,15 @@ class SQLAutocomplete {
                 option.innerHTML = '<strong>' + field.substr(0, word.length) + '</strong>';
                 option.innerHTML += field.substr(word.length);
 
-                // Insert a data attribute that will hold the current array item's value
+                // Insert data attribute that will hold current array item's value
                 option.dataset.field = field;
 
                 // Execute a function when someone clicks on the item value (DIV element)
                 option.addEventListener('click', (e) => {
                     let value = option.dataset.field;
 
-                    // If field contains "-" character - backticks mush be added
-                    if (value.includes('-'))
+                    // If field name contains special characters - backticks must be added
+                    if (value.includes('-') || value.includes('|') || value.includes('/'))
                         value = '`' + value + '`';
 
                     // Insert the value for the autocomplete text field

go.mod

@@ -5,25 +5,26 @@ go 1.22
 toolchain go1.22.2
 
 require (
+	github.com/0xrawsec/golang-utils v1.1.8
 	github.com/Jeffail/gabs/v2 v2.7.0
 	github.com/blastrain/vitess-sqlparser v0.0.0-20201030050434-a139afbb1aba
 	github.com/georgysavva/scany v1.2.1
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/securecookie v1.1.2
-	github.com/gorilla/sessions v1.2.2
-	github.com/gorilla/websocket v1.5.1
+	github.com/gorilla/sessions v1.3.0
+	github.com/gorilla/websocket v1.5.3
 	github.com/jackc/pgx/v4 v4.18.1
 	github.com/mattn/go-sqlite3 v1.14.20
 	github.com/mithrandie/csvq-driver v1.7.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/olivere/elastic/v7 v7.0.32
 	github.com/redis/go-redis/v9 v9.4.0
-	github.com/rs/zerolog v1.32.0
+	github.com/rs/zerolog v1.33.0
 	github.com/umpc/go-sortedmap v0.0.0-20180422175548-64ab94c482f4
 	github.com/yukithm/json2csv v0.1.2
-	go.mongodb.org/mongo-driver v1.15.0
-	golang.org/x/crypto v0.22.0
+	go.mongodb.org/mongo-driver v1.15.1
+	golang.org/x/crypto v0.24.0
 	golang.org/x/sync v0.7.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
@@ -43,7 +44,7 @@ require (
 	github.com/jackc/puddle v1.3.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/juju/errors v1.0.0 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -60,8 +61,7 @@ require (
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 // indirect
-	golang.org/x/net v0.24.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/term v0.19.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 )