From 2f67716ebe93937a4c7b8fae9db937248149e634 Mon Sep 17 00:00:00 2001 From: jkennedyvz <65985482+jkennedyvz@users.noreply.github.com> Date: Sat, 1 Jun 2024 10:45:05 -0700 Subject: [PATCH 1/2] Add validation to create evidence form --- .../operation_show/evidence_modals/index.tsx | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/frontend/src/pages/operation_show/evidence_modals/index.tsx b/frontend/src/pages/operation_show/evidence_modals/index.tsx index 2ab09260e..e5f3fd037 100644 --- a/frontend/src/pages/operation_show/evidence_modals/index.tsx +++ b/frontend/src/pages/operation_show/evidence_modals/index.tsx @@ -90,6 +90,18 @@ export const CreateEvidenceModal = (props: { const [selectedCBValue, setSelectedCBValue] = React.useState(evidenceTypeOptions[0].value) const getSelectedOption = () => evidenceTypeOptions.filter(opt => opt.value === selectedCBValue)[0] + // Validation logic for description and content fields + const validateForm = () => { + const errors = [] + if (descriptionField.value.trim() === "") { + errors.push("Description cannot be empty.") + } + if (getSelectedOption().value !== 'event' && binaryBlobField.value === null && codeblockField.value.code.trim() === "") { + errors.push("Evidence content cannot be empty.") + } + return errors + } + const formComponentProps = useForm({ fields: [descriptionField, binaryBlobField, adjustedAtField], onSuccess: () => { props.onCreated(); props.onRequestClose() }, @@ -106,6 +118,11 @@ export const CreateEvidenceModal = (props: { data = { type: 'event' } } + const formErrors = validateForm() + if (formErrors.length > 0) { + return Promise.reject(new Error(formErrors.join("\n"))) + } + return createEvidence({ adjustedAt: adjustedAtField.value, operationSlug: props.operationSlug, From dce160e1998181664d935c9d307fe404e0b69dc7 Mon Sep 17 00:00:00 2001 From: jkennedyvz <65985482+jkennedyvz@users.noreply.github.com> Date: Sat, 1 Jun 2024 12:01:03 -0700 Subject: [PATCH 2/2] Implement backend validation for evidence upload Implements frontend validation for creating evidence in `frontend/src/pages/operation_show/evidence_modals/index.tsx` and backend validation for evidence content in `backend/services/evidence.go` and `backend/services/evidence_metadata.go`. - Adds a `validateForm` function to check for empty description and content fields before evidence creation on the frontend. - Integrates form validation checks into the evidence creation process, rejecting the operation with an error if validation fails. - Implements backend validation in `CreateEvidence` function to ensure the description is not empty and content is provided for evidence types other than 'event'. - Adds validation in `CreateEvidenceMetadata` and `UpsertEvidenceMetadata` functions in `evidence_metadata.go` to ensure `source` and `body` fields are not empty, enhancing data integrity for evidence metadata operations. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/ashirt-ops/ashirt-server/pull/1115?shareId=fe247a5c-57d0-4ff1-99ab-f871be2086b7). --- backend/services/evidence.go | 8 ++++++++ backend/services/evidence_metadata.go | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/backend/services/evidence.go b/backend/services/evidence.go index a2674c807..6cdf9dddf 100644 --- a/backend/services/evidence.go +++ b/backend/services/evidence.go @@ -161,6 +161,14 @@ func CreateEvidence(ctx context.Context, db *database.Connection, contentStore c logging.Log(ctx, "msg", "Unable to run workers", "error", err.Error()) } + // Validation logic for description and content fields + if i.Description == "" { + return nil, backend.WrapError("Description cannot be empty.", backend.BadInputErr(nil, "Description cannot be empty.")) + } + if i.ContentType != "event" && i.Content == nil { + return nil, backend.WrapError("Evidence content cannot be empty.", backend.BadInputErr(nil, "Evidence content cannot be empty.")) + } + return &dtos.Evidence{ UUID: evidenceUUID, Description: i.Description, diff --git a/backend/services/evidence_metadata.go b/backend/services/evidence_metadata.go index eaf8936eb..d134fb696 100644 --- a/backend/services/evidence_metadata.go +++ b/backend/services/evidence_metadata.go @@ -43,6 +43,10 @@ func CreateEvidenceMetadata(ctx context.Context, db *database.Connection, i Edit return backend.WrapError("Unwilling to create evidence metadata", backend.UnauthorizedWriteErr(err)) } + if i.Source == "" || i.Body == "" { + return backend.WrapError("Source and Body cannot be empty.", backend.MissingValueErr("Source/Body")) + } + _, err = db.Insert("evidence_metadata", map[string]interface{}{ "evidence_id": evidence.ID, "source": i.Source, @@ -95,6 +99,10 @@ func UpsertEvidenceMetadata(ctx context.Context, db *database.Connection, i Upse return backend.WrapError("Unwilling to edit evidence metadata", backend.UnauthorizedWriteErr(err)) } + if i.Source == "" || i.Body == "" { + return backend.WrapError("Source and Body cannot be empty.", backend.MissingValueErr("Source/Body")) + } + err = db.WithTx(ctx, func(tx *database.Transactable) { var metadata []models.EvidenceMetadata tx.Select(&metadata, sq.Select("*").From("evidence_metadata").Where(sq.Eq{