Skip to content

Commit

Permalink
Improve in-page and PDF output of raw evidence to use monospaced font…
Browse files Browse the repository at this point in the history 
…s and not trim leading whitespace
  • Loading branch information
@neonbunny
neonbunny committed Nov 11, 2024
1 parent b3044d5 commit 778fa30
Show file tree
Hide file tree
Showing 5 changed files with 63 additions and 13 deletions.
Binary file added event_tracker/static/fonts/RobotoMono-Regular.ttf
View file
Binary file not shown.
1 change: 0 additions & 1 deletion event_tracker/templates/base/external-libs/datatables-pdfexport.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,5 @@
<script src="https://cdn.datatables.net/v/bs5/dt-2.1.4/b-3.1.1/b-html5-3.1.1/date-1.5.3/fh-4.0.1/sb-1.8.0/datatables.min.js" integrity="sha384-PY3/gZOyFRGQ4i6UqwA4QGhCYOsN83rNljQd62TwzlxUnCRyRdAmf9SF8lak6bGQ" crossorigin="anonymous"></script>

<script src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/pdfmake.min.js" integrity="sha512-a9NgEEK7tsCvABL7KqtUTQjl69z7091EVPpw5KxPlZ93T141ffe1woLtbXTX+r2/8TtTvRX/v4zTL2UlMUPgwg==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/vfs_fonts.min.js" integrity="sha512-P0bOMePRS378NwmPDVPU455C/TuxDS+8QwJozdc7PGgN8kLqR4ems0U/3DeJkmiE31749vYWHvBOtR+37qDCZQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>

{% include "base/external-libs/datatables-common.html" %}
65 changes: 58 additions & 7 deletions event_tracker/templates/cobalt_strike_monitor/archive_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,22 @@
padding-top: 0.5em;
padding-bottom: 1em;
}
.description ~ pre {
margin-top: 1rem;

.description ~ div, .input ~ div {
margin-top: 0.5rem;
margin-bottom: 0;
}


.input::before {
content: "\00BB ";
}

.input, .output {
display: block;
font-family: monospace;
white-space: pre-wrap;
}

.output {
font-style: italic;
}
Expand Down Expand Up @@ -138,6 +148,34 @@
extend: 'pdfHtml5', // Required to pull in default config
orientation: "landscape",
customize: function (doc, config, dt) {
pdfMake.fonts = {
RobotoMono: {
normal: '{{request.scheme}}://{{request.META.HTTP_HOST}}{% static "fonts/RobotoMono-Regular.ttf" %}',
},
Roboto: {
normal: 'https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.1.66/fonts/Roboto/Roboto-Regular.ttf',
bold: 'https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.1.66/fonts/Roboto/Roboto-Medium.ttf',
},
}

doc.styles['terminal'] = {
font: 'RobotoMono',
bold: false
}

for (const row of doc.content[1].table.body) {
let description = row[3] // the 4th (i.e. [3]) column of each row should be "Description"
const parts = description.text.split("\n\n")
if (parts.length > 1) {
// Attach 'terminal' style to everything after the first "\n\n"
description.text = [parts[0], "\n\n", {
text: parts.slice(1).join("\n\n"),
style: 'terminal',
preserveLeadingSpaces: true
}]
}
}

// Ensure the main text column doesn't stretch when given long content
doc.content[1].table.widths=['auto','auto','auto',400,'auto','auto'];
// Sprinkle in some corporate branding
Expand All @@ -161,7 +199,8 @@
},
title: "Cobalt Strike Logs",
exportOptions: {
stripNewlines: false
stripNewlines: false,
orthogonal: 'export' // Force a fresh call to the render function below passing in "export" as the type
}
},
],
Expand All @@ -174,11 +213,23 @@
{ searchBuilderType: "moment-{% datetime_format_moment %}" },
{ orderable: false },
{ orderable: false },
null,
{
render: function (data, type, row) {
if (type === "export") {
// When exporting to PDF, before the HTML is stripped and passed to pdfMake,
// add a double new line to show where the <div>s end. Used by customize function above.
return data.split("</div>").join("</div>\n\n")
} else {
return data;
}
}
},
null,
{ orderable: false },
],
drawCallback: function(settings) { $('.output').expander({slicePoint: 200}); }
drawCallback: function (settings) {
$('.output').expander({slicePoint: 200, normalizeWhitespace: false, detailPrefix: '',});
}
} )
})
</script>
Expand Down
8 changes: 4 additions & 4 deletions event_tracker/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -997,13 +997,13 @@ def render_column(self, row, column):
return result
elif column == 'data':
result = ""
if row.associated_archive_tasks_description:
result += f"<span class='description'>{row.associated_archive_tasks_description}</span>"
if row.associated_archive_task_description:
result += f"<div class='description'>{row.associated_archive_task_description}</div>"

if row.type == "input":
result += f"<pre><code>{row.data}</code></pre>"
result += f"<div class='input'>{row.data}</div>"

result += f"<pre class='output'><code>{html.escape(chr(13).join(row.associated_beaconlog_output.values_list('data', flat=True)))}</code><pre>"
result += f"<div class='output'>{html.escape('\n'.join(row.associated_beaconlog_output.values_list('data', flat=True)))}</div>"

return result
elif column == '': # The column with button in
Expand Down
2 changes: 1 addition & 1 deletion stepping_stones/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@
CSP_STYLE_SRC_ELEM = ("'self'", "cdnjs.cloudflare.com", "cdn.datatables.net", "cdn.jsdelivr.net", "fonts.googleapis.com",)
CSP_FONT_SRC = ("'self'", "fonts.gstatic.com")
CSP_IMG_SRC = ("'self'", "data:", "cdnjs.cloudflare.com")
CSP_CONNECT_SRC = ("'self'",)
CSP_CONNECT_SRC = ("'self'", "cdnjs.cloudflare.com") # Used for pdfMake to fetch fonts
CSP_INCLUDE_NONCE_IN = ['script-src-elem', 'style-src-elem']
CSP_FRAME_ANCESTORS = ("'self'",)
CSP_MANIFEST_SRC = ("'self'",) # Hash of http://127.0.0.1:8000/static/favicons/site.webmanifest generated by https://report-uri.com/home/hash/
Expand Down

0 comments on commit 778fa30

Please sign in to comment.