From acdad58a8890eb5ca019997e95c83732b6f1e0ce Mon Sep 17 00:00:00 2001
From: YellowMan <101886885+YellowMan02@users.noreply.github.com>
Date: Tue, 5 Nov 2024 11:30:24 +0100
Subject: [PATCH] Missing information added to historical flow (#8790)

* Missing information added to historical flow

* Minor consistency fix

* Fixed hassh fingerprint key

* Fix ssh hassh fingerprint - fixed i18n key consistency
---
 scripts/locales/en.lua                        |  2 ++
 .../historical_flow_details_formatter.lua     | 12 ++++++---
 scripts/lua/modules/historical_flow_utils.lua | 18 ++++++++++---
 scripts/lua/modules/lua_utils_gui.lua         | 27 +++++++++++++++++--
 src/Flow.cpp                                  |  4 +--
 5 files changed, 52 insertions(+), 11 deletions(-)

diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
index 8c7e8400f4f3..be16fd1d887d 100644
--- a/scripts/locales/en.lua
+++ b/scripts/locales/en.lua
@@ -126,6 +126,7 @@ local lang = {
     ["client_count"] = "Clients Contacts",
     ["client_fingerprint"] = "Client Fingerprint",
     ["client_fingerprint_type"] = "Type",
+    ["client_hash_hassh"] = "HASSH Client Fingerprint",
     ["client_name"] = "Client Name",
     ["client_requested_server_name"] = "Requested Server Name",
     ["client_server"] = "Client / Server",
@@ -632,6 +633,7 @@ local lang = {
     ["serial"] = "Serial",
     ["server"] = "Server",
     ["server_count"] = "Contacted Servers",
+    ["server_hash_hassh"] = "HASSH Server Fingerprint",
     ["server_name"] = "Server Name",
     ["server_names"] = "Server Names",
     ["server_ports_analysis"] = "Server Ports Analysis",
diff --git a/scripts/lua/modules/historical_flow_details_formatter.lua b/scripts/lua/modules/historical_flow_details_formatter.lua
index c1eb309cd0f9..6ac02100a018 100644
--- a/scripts/lua/modules/historical_flow_details_formatter.lua
+++ b/scripts/lua/modules/historical_flow_details_formatter.lua
@@ -403,8 +403,14 @@ end
 
 local function format_historical_community_id(flow)
     return {
-        name = i18n("db_explorer.community_id"),
-        values = {flow["COMMUNITY_ID"]}
+        name = "<A class='ntopng-external-link' href=\"https://github.com/corelight/community-id-spec\">" .. 
+            i18n("db_explorer.community_id") ..
+            " <i class=\"fas fa-external-link-alt\"></i></A>",
+        values = {flow["COMMUNITY_ID"] ..
+            "<button style=\"\" class=\"btn btn-sm border ms-1\" data=\"" .. flow["COMMUNITY_ID"] .. 
+            "\" onclick=\"NtopUtils.copyToClipboard(this.getAttribute('data'), '" .. i18n('copied') .. 
+            "', '" .. i18n('request_failed_message') .. "', this)\">" ..
+            "<i class=\"fas fa-copy\"></i></button>"}
     }
 end
 
@@ -627,7 +633,7 @@ function historical_flow_details_formatter.formatHistoricalFlowDetails(flow)
             flow_details = format_historical_issues(flow_details, flow)
         end
 
-        if (info['COMMUNITY_ID']) and (not isEmptyString(info['COMMUNITY_ID'])) then
+        if (info['community_id']) and (not isEmptyString(info['community_id'])) then
             flow_details[#flow_details + 1] = format_historical_community_id(flow)
         end
 
diff --git a/scripts/lua/modules/historical_flow_utils.lua b/scripts/lua/modules/historical_flow_utils.lua
index 0da2e9354a30..60cf0badb7e9 100644
--- a/scripts/lua/modules/historical_flow_utils.lua
+++ b/scripts/lua/modules/historical_flow_utils.lua
@@ -942,6 +942,8 @@ local function dt_format_flow(processed_record, record)
       local cli_port = {}
       local srv_port = {}
 
+      local cli_mac = processed_record["cli_mac"]
+      local srv_mac = processed_record["srv_mac"]
       -- Converting to the same format used for alert flows (see DataTableRenders.formatFlowTuple)
 
       cli_ip["value"]      = cli["ip"]                                                        -- IP address
@@ -985,6 +987,8 @@ local function dt_format_flow(processed_record, record)
       flow["srv_ip"] = srv_ip
       flow["cli_port"] = cli_port
       flow["srv_port"] = srv_port
+      flow["cli_mac"] = cli_mac
+      flow["srv_mac"] = srv_mac
 
       processed_record["flow"] = flow
 
@@ -1719,6 +1723,12 @@ end
 
 -- #####################################
 
+function historical_flow_utils.get_historical_mac(mac)
+   return "<a href=\"" .. ntop.getHttpPrefix() .. "/lua/hosts_stats.lua?mac=" .. mac .. "\">" .. mac .. "</a>"
+end
+
+-- #####################################
+
 function historical_flow_utils.getHistoricalFlowLabel(record, add_hyperlinks, add_hostnames, add_country_flags)
    local label = ""
    local vlan = ""
@@ -1769,7 +1779,7 @@ function historical_flow_utils.getHistoricalFlowLabel(record, add_hyperlinks, ad
       if info.cli_asn and info.cli_asn.value > 0 and not isEmptyString(info.cli_asn.title) then
          label = label .. " [ " ..historical_flow_utils.get_historical_url(info.cli_asn.title, "cli_asn", info.cli_asn.value, add_hyperlinks) .. " ]"
       elseif not isEmptyString(info.cli_mac) and (info.cli_mac ~= '00:00:00:00:00:00') then
-         label = label .. " [ " .. info. cli_mac .. " ]"
+         label = label .. " [ " .. historical_flow_utils.get_historical_mac(info.cli_mac) .. " ]"
       end
    end
    
@@ -1813,7 +1823,7 @@ function historical_flow_utils.getHistoricalFlowLabel(record, add_hyperlinks, ad
       if info.srv_asn and info.srv_asn.value > 0 and not isEmptyString(info.srv_asn.title) then
          label = label .. " [ " ..historical_flow_utils.get_historical_url(info.srv_asn.title, "srv_asn", info.srv_asn.value, add_hyperlinks) .. " ]"
       elseif not isEmptyString(info.srv_mac) and (info.srv_mac ~= '00:00:00:00:00:00') then
-         label = label .. " [ " .. info. srv_mac .. " ]"
+         label = label .. " [ " .. historical_flow_utils.get_historical_mac(info.srv_mac) .. " ]"
       end
    end
 
@@ -1827,7 +1837,7 @@ function historical_flow_utils.getHistoricalProtocolLabel(record, add_hyperlinks
   local label = ""
 
   local info = historical_flow_utils.format_clickhouse_record(record)
-  local alert_json = json.decode(info["ALERT_JSON"] or '') or {}
+  local alert_json = json.decode(info["json"] or '') or {}
   
   if info.l4proto then
     label = label ..historical_flow_utils.get_historical_url(info.l4proto.label, "l4proto", info.l4proto.value, add_hyperlinks)
@@ -1851,7 +1861,7 @@ function historical_flow_utils.getHistoricalProtocolLabel(record, add_hyperlinks
   end
 
   if (alert_json.proto) and (alert_json.proto.confidence) and (not isEmptyString(alert_json.proto.confidence)) then
-    label = label .. " [" .. i18n("confidence") .. ": " .. get_confidence(alert_json.proto.confidence) .. "]"
+   label = label .. "[Confidence: " .. format_confidence_badge(alert_json.proto.confidence) .. "]"
   end
 
   return label
diff --git a/scripts/lua/modules/lua_utils_gui.lua b/scripts/lua/modules/lua_utils_gui.lua
index f43a034d383d..2818a7fedd30 100644
--- a/scripts/lua/modules/lua_utils_gui.lua
+++ b/scripts/lua/modules/lua_utils_gui.lua
@@ -1207,6 +1207,27 @@ end
 
 -- ##############################################
 
+function format_ssh_info(ssh_info)
+    local formatted_ssh_info = {}
+
+    if not isEmptyString(ssh_info["client_signature"]) then
+        formatted_ssh_info["client_signature"] = string.format('<span>%s</span>', ssh_info["client_signature"])
+    end
+    if not isEmptyString(ssh_info["client_hash_hassh"]) then
+        formatted_ssh_info["client_hash_hassh"] = string.format('<span>%s</span>', ssh_info["client_hash_hassh"])
+    end
+    if not isEmptyString(ssh_info["server_signature"]) then
+        formatted_ssh_info["server_signature"] = string.format('<span>%s</span>', ssh_info["server_signature"])
+    end
+    if not isEmptyString(ssh_info["server_hash_hassh"]) then
+        formatted_ssh_info["server_hash_hassh"] = string.format('<span>%s</span>', ssh_info["server_hash_hassh"])
+    end
+
+    return formatted_ssh_info
+end
+
+-- ##############################################
+
 function format_http_info(http_info, no_html)
 
     local formatted_http_info = {}
@@ -1256,7 +1277,7 @@ function format_http_info(http_info, no_html)
         if no_html then
             formatted_http_info["last_user_agent"] = http_info["last_user_agent"]
         else
-            formatted_http_info["last_user_agent"] = string.format('<span">%s</span>', http_info["last_user_agent"])
+            formatted_http_info["last_user_agent"] = string.format('<span>%s</span>', http_info["last_user_agent"])
         end
     end
 
@@ -1289,7 +1310,7 @@ function format_proto_info(flow_details, proto_info)
             proto_info[key] = nil
         end
     end
-    
+
     for proto, info in pairs(proto_info or {}) do
         if proto == "tls" then
             proto_details[proto] = format_tls_info(info)
@@ -1303,6 +1324,8 @@ function format_proto_info(flow_details, proto_info)
         elseif proto == "icmp" then
             proto_details[proto] = format_icmp_info(info)
             break
+        elseif proto == "ssh" then
+            proto_details[proto] = format_ssh_info(info)
         end
     end
 
diff --git a/src/Flow.cpp b/src/Flow.cpp
index f1b30428af70..0e47291cfc82 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -7667,10 +7667,10 @@ void Flow::getSSHInfo(ndpi_serializer *serializer) const {
                                    protos.ssh.server_signature);
 
     if (protos.ssh.hassh.client_hash)
-      ndpi_serialize_string_string(serializer, "hassh.client_hash",
+      ndpi_serialize_string_string(serializer, "client_hash_hassh",
                                    protos.ssh.hassh.client_hash);
     if (protos.ssh.hassh.server_hash)
-      ndpi_serialize_string_string(serializer, "hassh.server_hash",
+      ndpi_serialize_string_string(serializer, "server_hash_hassh",
                                    protos.ssh.hassh.server_hash);
   }
 }