Patch testing

assemblyline_ui/api/v4/user.py

@@ -195,16 +195,10 @@ def who_am_i(**kwargs):
 
     # Prepare submission profile configurations for UI
     submission_profiles = {}
-    if config.submission.profiles == DEFAULT_SUBMISSION_PROFILES:
-        # If these are exactly the same as the default values, then it's accessible to everyone
-        submission_profiles = {profile['name']: deepcopy(profile['params']) for profile in DEFAULT_SUBMISSION_PROFILES}
-    else:
-        # Filter profiles based on accessibility to the user
-        for name, profile in SUBMISSION_PROFILES.items():
-            if CLASSIFICATION.is_accessible(kwargs['user']['classification'], profile.classification):
-                # We want to pass forward the configurations that have been explicitly set as a configuration
-                submission_profiles[name] = {p_cls.name: getattr(profile.params, p_cls.name)
-                                            for p_cls in profile.params.fields().values() if p_cls.default_set == False}
+    for name, profile in SUBMISSION_PROFILES.items():
+        if CLASSIFICATION.is_accessible(kwargs['user']['classification'], profile.classification):
+            # We want to pass forward the configurations that have been explicitly set as a configuration
+            submission_profiles[name] = profile.params.as_primitives(strip_null=True)
 
     # Expand service categories if used in submission profiles (assists with the UI locking down service selection)
     service_categories = list(STORAGE.service.facet('category').keys())

assemblyline_ui/helper/submission.py

@@ -159,13 +159,8 @@ def update_submission_parameters(s_params: dict, data: dict, user: dict):
             # User isn't allowed to use the submission profile specified
             raise PermissionError(f"You aren't allowed to use '{s_profile.name}' submission profile")
         # Apply the profile (but allow the user to change some properties)
-        s_params = recursive_update(s_params, s_profile.params.as_primitives())
-        s_fields = s_profile.params.fields()
-        params_data = data.get("params", {})
-        for param, value in params_data.items():
-            if param in s_fields and s_fields[param].default_set == True:
-                # Set parameter with user-defined input since it wasn't explicitly declared in the configuration
-                s_params[param] = value
+        s_params = recursive_update(s_params, data.get("params", {}))
+        s_params = recursive_update(s_params, s_profile.params.as_primitives(strip_null=True))
     else:
         # No profile specified, raise an exception back to the user
         raise Exception(f"You must specify a submission profile. One of: {list(SUBMISSION_PROFILES.keys())}")

test/test_ingest.py

@@ -10,7 +10,7 @@
 
 from assemblyline.common import forge
 from assemblyline.odm.messages.submission import Submission
-from assemblyline.odm.models.config import HASH_PATTERN_MAP
+from assemblyline.odm.models.config import HASH_PATTERN_MAP, DEFAULT_SUBMISSION_PROFILES
 from assemblyline.odm.models.file import File
 from assemblyline.odm.randomizer import random_model_obj, get_random_phrase
 from assemblyline.odm.random_data import create_users, wipe_users, create_services, wipe_services
@@ -345,11 +345,14 @@ def test_ingest_submission_profile(datastore, login_session, scheduler):
         get_api_data(session, f"{host}/api/v4/ingest/", method="POST", data=json.dumps(data))
 
     # Try using a submission profile with no parameters
-    data['submission_profile'] = "Static Analysis"
+    profile = DEFAULT_SUBMISSION_PROFILES[0]
+    data['submission_profile'] = profile["name"]
     get_api_data(session, f"{host}/api/v4/ingest/", method="POST", data=json.dumps(data))
 
     # Try using a submission profile with a parameter you aren't allowed to set
     # The system should silently ignore your parameter and still create a submission
+    data['params'] = {'services': {'selected': ['blah']}}
+    # But also try setting a parameter that you are allowed to set
     data['params'] = {'deep_scan': True}
     get_api_data(session, f"{host}/api/v4/ingest/", method="POST", data=json.dumps(data))
 

test/test_submit.py

@@ -9,7 +9,7 @@
 from conftest import get_api_data, APIError
 
 from assemblyline.common import forge
-from assemblyline.odm.models.config import HASH_PATTERN_MAP
+from assemblyline.odm.models.config import HASH_PATTERN_MAP, DEFAULT_SUBMISSION_PROFILES
 from assemblyline.odm.random_data import create_users, wipe_users, create_submission, wipe_submissions
 from assemblyline.odm.randomizer import get_random_phrase
 from assemblyline.remote.datatypes.queues.named import NamedQueue
@@ -301,14 +301,18 @@ def test_submit_submission_profile(datastore, login_session, scheduler):
         get_api_data(session, f"{host}/api/v4/submit/", method="POST", data=json.dumps(data))
 
     # Try using a submission profile with no parameters
-    data['submission_profile'] = "Static Analysis"
+    profile = DEFAULT_SUBMISSION_PROFILES[0]
+    data['submission_profile'] = profile['name']
     get_api_data(session, f"{host}/api/v4/submit/", method="POST", data=json.dumps(data))
 
     # Try using a submission profile with a parameter you aren't allowed to set
     # The system should silently ignore your parameter and still create a submission
+    data['params'] = {'services': {'selected': ['blah']}}
+    # But also try setting a parameter that you are allowed to set
     data['params'] = {'deep_scan': True}
     resp = get_api_data(session, f"{host}/api/v4/submit/", method="POST", data=json.dumps(data))
-    assert resp['params']['deep_scan'] == False
+    assert resp['params']['services']['selected'] == profile['params']['services']['selected']
+    assert resp['params']['deep_scan'] == True
 
     # Restore original roles for later tests
     datastore.user.update('admin', [(datastore.user.UPDATE_REMOVE, 'type', 'user'),