Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitise HTML from Unfurl #2959

Merged
merged 5 commits into from
Oct 25, 2023
Merged

Sanitise HTML from Unfurl #2959

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
49cf738
change layout
berggren Oct 25, 2023
397f597
dialog bugfix
berggren Oct 25, 2023
e13733d
layout fixes
berggren Oct 25, 2023
60689a5
Hide controls until unfurl is ready
jkppr Oct 25, 2023
f4f4405
Merge branch 'master' into unfurl
jkppr Oct 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 34 additions & 35 deletions timesketch/frontend-ng/src/components/Explore/EventDetail.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ limitations under the License.
@mouseleave="c_key = -1"
>
<!-- Event field name actions -->
<td v-if="key == c_key" class="text-right" style="min-width: 105px;">
<td v-if="key == c_key" class="text-right" style="min-width: 105px">
<!-- Open aggregation dialog for this field -->
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
Expand All @@ -49,13 +49,7 @@ limitations under the License.
<!-- Include field:value as filter chip -->
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn
@click.stop="applyFilterChip(key, value, 'must')"
icon
x-small
class="mr-1"
v-on="on"
>
<v-btn @click.stop="applyFilterChip(key, value, 'must')" icon x-small class="mr-1" v-on="on">
<v-icon>mdi-filter-plus-outline</v-icon>
</v-btn>
</template>
Expand Down Expand Up @@ -106,15 +100,11 @@ limitations under the License.
</td>

<!-- Event field value action icons -->
<td
v-if="checkContextLinkDisplay(key, value) || key == c_key"
class="text-right pr-1"
>
<td v-if="checkContextLinkDisplay(key, value) || key == c_key" class="text-right pr-1">
<!-- Copy event value -->
<v-btn icon x-small style="cursor: pointer" @click="copyToClipboard(value)" v-show="key == c_key">
<v-icon small>mdi-content-copy</v-icon>
</v-btn>

<!-- Context link submenu -->
<v-menu v-if="checkContextLinkDisplay(key, value)" offset-y transition="slide-y-transition">
<template v-slot:activator="{ on, attrs }">
Expand All @@ -128,35 +118,45 @@ limitations under the License.
</v-btn>
</template>
<v-list dense>
<!-- redirect dialog -->
<v-dialog v-model="redirectWarnDialog" max-width="515" :retain-focus="false">
<ts-link-redirect-warning
app
@cancel="redirectWarnDialog = false"
:context-value="contextValue"
:context-url="contextUrl"
></ts-link-redirect-warning>
</v-dialog>
<!-- unfurl dialog -->
<v-dialog
v-model="dfirUnfurlDialog"
max-width="80%"
min-width="1000px"
max-height="80%"
min-height="600px"
:retain-focus="false"
class="asdf"
>
<ts-unfurl-dialog @cancel="dfirUnfurlDialog = false" :url="contextValue"></ts-unfurl-dialog>
</v-dialog>
<!-- XML prettify dialog -->
<v-dialog v-model="formatXMLString">
<ts-format-xml-string
@close="formatXMLString = false"
:xmlString="value"
></ts-format-xml-string>
</v-dialog>

<v-list-item
v-for="(item, index) in getContextLinkItems(key)"
:key="index"
style="cursor: pointer"
@click.stop="contextLinkRedirect(key, item, value)"
>
<v-list-item-title v-if="getContextLinkRedirectState(key, item)">
{{ item }} (ext.)</v-list-item-title>
{{ item }} (ext.)</v-list-item-title
>
<v-list-item-title v-else>{{ item }}</v-list-item-title>
<!-- redirect dialog -->
<v-dialog v-model="redirectWarnDialog" max-width="515" :retain-focus="false">
<ts-link-redirect-warning
app
@cancel="redirectWarnDialog = false"
:context-value="contextValue"
:context-url="contextUrl"
></ts-link-redirect-warning>
</v-dialog>
<!-- unfurl dialog -->
<v-dialog v-model="dfirUnfurlDialog" max-width="80%" min-width="1000px" max-height="80%" min-height="600px" :retain-focus="false" class="asdf">
<ts-unfurl-dialog
@cancel="dfirUnfurlDialog = false"
:url="contextValue"
></ts-unfurl-dialog>
</v-dialog>
<!-- XML prettify dialog -->
<v-dialog v-model="formatXMLString">
<ts-format-xml-string @close="formatXMLString = false" :xmlString="value"></ts-format-xml-string>
</v-dialog>
</v-list-item>
</v-list>
</v-menu>
Expand Down Expand Up @@ -334,7 +334,6 @@ export default {
this.redirectWarnDialog = false
}
}

}
}
},
Expand Down
106 changes: 52 additions & 54 deletions timesketch/frontend-ng/src/components/Explore/UnfurlDialog.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,66 +12,61 @@ limitations under the License.
-->
<template>
<v-card>
<v-card-title>
<v-img :src="getUnfurlLogo" max-height="32" contain class="mb-2"></v-img>
</v-card-title>
<v-toolbar flat color="transparent">
<v-img position="left" :src="getUnfurlLogo" max-height="24" contain class="ml-2"></v-img>
</v-toolbar>

<v-card-subtitle class="pt-1">
<span><b>Input:</b> {{ url }}</span>
<div class="mb-2"><b>Input:</b> {{ url }}</div>
<div v-if="nodeContext">
jkppr marked this conversation as resolved.
Show resolved Hide resolved
<b>Selected node info: </b>
<span v-html="sanitizeHtml(nodeContext)"></span>
</div>
<div v-else>Select a node in the graph below to get more information.</div>
</v-card-subtitle>

<v-card-text>
<div v-show="!unfurlReady">
<v-progress-linear color="primary" indeterminate> </v-progress-linear>
</div>
<v-divider></v-divider>
<v-container fluid v-show="unfurlReady">
<!-- Cytoscape container -->
<div style="font-size: medium" class="py-1 px-1">
<span style="font-weight: bold">Selected node context: </span>
<br />
<span style="font-style: italic" v-html="nodeContext"></span>

<v-toolbar dense flat color="transparent" class="mt-n8">
jkppr marked this conversation as resolved.
Show resolved Hide resolved
<v-spacer></v-spacer>
<div>
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn icon v-on="on" @click="resizeCanvas()">
<v-icon>mdi-fit-to-page-outline</v-icon>
</v-btn>
</template>
<span>resize graph</span>
</v-tooltip>
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn icon v-on="on" @click="zoomGraph('plus')">
<v-icon>mdi-plus</v-icon>
</v-btn>
</template>
<span>zoom in</span>
</v-tooltip>
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn icon v-on="on" @click="zoomGraph('minus')">
<v-icon>mdi-minus</v-icon>
</v-btn>
</template>
<span>zoom out</span>
</v-tooltip>
</div>
</v-toolbar>

<v-card v-show="unfurlReady" outlined>
<!-- Cytoscape container -->
<div ref="graphContainer" :style="{ height: canvasHeight, width: '100%' }">
<v-row no-gutters>
<v-col>
<div
ref="cy"
width="100%"
class="pa-2"
:style="{ 'min-height': canvasHeight, border: '1px', 'border-style': 'solid' }"
></div>
</v-col>
<v-col cols="auto">
<div class="iconWrapper">
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn icon v-on="on" @click="resizeCanvas()">
<v-icon>mdi-fit-to-page-outline</v-icon>
</v-btn>
</template>
<span>resize graph</span>
</v-tooltip>
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn icon v-on="on" @click="zoomGraph('plus')">
<v-icon>mdi-plus</v-icon>
</v-btn>
</template>
<span>zoom in</span>
</v-tooltip>
<v-tooltip top open-delay="500">
<template v-slot:activator="{ on }">
<v-btn icon v-on="on" @click="zoomGraph('minus')">
<v-icon>mdi-minus</v-icon>
</v-btn>
</template>
<span>zoom out</span>
</v-tooltip>
</div>
</v-col>
</v-row>
<div ref="cy" width="100%" class="pa-2" :style="{ 'min-height': canvasHeight }"></div>
</div>
</v-container>
<span>Powered by <a href="https://github.com/obsidianforensics/unfurl" target="_blank">dfir-unfurl</a></span>
</v-card>
<small>Powered by <a href="https://github.com/obsidianforensics/unfurl" target="_blank">dfir-unfurl</a></small>
</v-card-text>
<v-card-actions>
<v-spacer></v-spacer>
Expand All @@ -85,6 +80,9 @@ import ApiClient from '../../utils/RestApiClient'
import cytoscape from 'cytoscape'
import dagre from 'cytoscape-dagre'

import DOMPurify from 'dompurify'
import { marked } from 'marked'

cytoscape.use(dagre)

export default {
Expand Down Expand Up @@ -157,9 +155,6 @@ export default {
}
},
computed: {
nodeContextValue() {
return this.nodeContext
},
getUnfurlLogo() {
if (this.$vuetify.theme.dark) {
return '/unfurl-logo-dark.png'
Expand All @@ -169,6 +164,9 @@ export default {
},
},
methods: {
sanitizeHtml(html) {
return DOMPurify.sanitize(marked(html))
},
clearAndCancel: function () {
this.$emit('cancel')
},
Expand Down
Loading