Refactor Plugin Config

[carellamartina]

Description

Refactor Plugin Config

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue).
• New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

• I have read and understood the rules about how to Contribute to this project
• The pull request is for the branch develop
• A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • I strictly followed the documentation "How to create a Plugin"
  • Usage file was updated.
  • Advanced-Usage was updated (in case the plugin provides additional optional configuration).
  • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
  • If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
  • If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
  • Check if it could make sense to add that analyzer/connector to other freely available playbooks.
  • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks.
  • If the plugin requires mocked testing, _monkeypatch() was used in its class to apply the necessary decorators.
  • I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method. This serves us to provide a valid sample for testing.
• If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
• Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).
• If the GUI has been modified:
  • I have a provided a screenshot of the result in the PR.
  • I have created new frontend tests for the new component or updated existing ones.
• After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.

[drosetti]

I found a bug in the user experience:

• After I save a plugin config in the analyzer the modal doesn't close
• I pruned the volumes, customized classic_dns with "AAAA" and the moved to scan page and in the runtime config still was present the default value even if it ran correctly with the new value.
• The create playbook's modal is empty
• The create pivot's modal send 2 requests on save the first one to save the pivot works correctly, the second one fails: AttributeError at /api/pivot/testtttt21/plugin_config 'str' object has no attribute 'get'

I suggest to split tests/api_app/test_views.py into multiple tests. Also you could use different classes, as you prefer: class for user test and class for org test or a different class for each method or as you want.

[drosetti]

I created a new playbook and then edited it and i have this problem with the modal

[drosetti]

I didn't find any bug! Excellent work!

Just one question: can you add a message in the org config for the user without admin or owner role where is specified that they can view the config, but they cannot edit it because is an operation reserved to owner and admins ?

Reminder: convert this pr from draft to normal one.

[drosetti]

Admin cannot modify the org config, also they cannot change their own config

[code-review-doctor]

Some food for thought. View full project report here.

[code-review-doctor]

Some things to consider. View full project report here.

[code-review-doctor]

Worth considering. View full project report here.

[drosetti]

Everything works fine in the plugin config section, but I found a bug when I try to create a pivot. here the stacktrace:

Environment:


Request Method: PATCH
Request URL: http://localhost:80/api/pivot/test_pivot/plugin_config

Django Version: 4.2.16
Python Version: 3.11.7
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.postgres',
 'prettyjson',
 'django_celery_results',
 'django_elasticsearch_dsl',
 'rest_framework',
 'rest_framework_filters',
 'rest_framework.authtoken',
 'drf_spectacular',
 'durin',
 'certego_saas',
 'certego_saas.apps.user',
 'certego_saas.apps.notifications',
 'certego_saas.apps.organization',
 'authentication',
 'api_app',
 'api_app.analyzers_manager',
 'api_app.connectors_manager',
 'api_app.visualizers_manager',
 'api_app.playbooks_manager',
 'api_app.pivots_manager',
 'api_app.ingestors_manager',
 'api_app.investigations_manager',
 'api_app.data_model_manager',
 'rest_email_auth',
 'silk',
 'django_celery_beat',
 'channels',
 'treebeard']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'whitenoise.middleware.WhiteNoiseMiddleware',
 'certego_saas.ext.middlewares.StatsMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'certego_saas.ext.middlewares.LogMiddleware',
 'silk.middleware.SilkyMiddleware']



Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/views/decorators/csrf.py", line 56, in wrapper_view
    return view_func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/viewsets.py", line 124, in view
    return self.dispatch(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
    ^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/deploy/intel_owl/api_app/views.py", line 1634, in update
    instance = PluginConfig.objects.get(id=data["id"])
                                           ^^^^^^^^^^

Exception Type: KeyError at /api/pivot/test_pivot/plugin_config
Exception Value: 'id'

[drosetti]

Everything works! Just make the note message to modify the org config visible only for the normal user. Or add a part where it's specified if you are allowed or not to change the config.