DFIQ new UI and navigation #3041
Conversation
| class QuestionTemplateListResource(resources.ResourceMixin, Resource): | ||
| """List all scenarios available.""" | ||
|
|
||
| @login_required | ||
| def get(self): | ||
| """Handles GET request to the resource. | ||
|
|
||
| Returns: | ||
| A list of JSON representations of the scenarios. | ||
| """ | ||
| dfiq = load_dfiq_from_config() | ||
| if not dfiq: | ||
| return jsonify({"objects": []}) | ||
|
|
||
| scenarios = [scenario.__dict__ for scenario in dfiq.questions] | ||
| return jsonify({"objects": scenarios}) |
There was a problem hiding this comment.
The name and docstring do not match here. QuestionTemplateListResource suggests this is a class to list Question Templates. The docstring List all scenarios available. suggests it is listing all available scenarios.
This seems to be a copy of class ScenarioTemplateListResource in line 57, so I assume the title of the class is what this function is supposed to archive.
Please clarify the docstring/comments for this class to make it's task more clear.
timesketch/frontend-ng/src/components/Scenarios/QuestionApproach.vue
Outdated
Show resolved
Hide resolved
timesketch/frontend-ng/src/components/Scenarios/QuestionCard.vue
Outdated
Show resolved
Hide resolved
| let approaches = this.activeQuestion.approaches.map((approach) => JSON.parse(approach.spec_json)) | ||
| approaches.forEach((approach) => { | ||
| approach._view.processors.forEach((processor) => { | ||
| processor.analysis.forEach((analysis) => { |
There was a problem hiding this comment.
While testing I ran into a situation where this line resulted in the following error:
Error in render: "TypeError: processor.analysis.forEach is not a function"
found in
---> <TsQuestionCard> at src/components/Scenarios/QuestionCard.vue
To reproduce:
- Load dfiq questions into Timesketch
- Select one of the DFIQ questions as your context that has suggested queries e.g.
Has there been any executions of PsExec? - Click "change question" and in the DFIQ list, click the same question again (text, not plus). This should trigger the error.
Looks like there are DFIQ questions that have another layer in the processor that is not an array (with this example above it is processor.analysis.timesketch.array. So it could also be me having an old version of DFIQ questions. Therefore I don't consider this blocking the PR!
There was a problem hiding this comment.
When I select a question from the predefined DFIQ questions, it gets added to the left side Questions column. However, it also stays in the right side DFIQ list. This results in a situation where you can add the same question multiple times. And since there is no option to edit questions yet, it can get confusing.
This is the new DFIQ UI.
Selected question
Select or create new questions