z1pti3 / jimi Goto Github PK

When using the timeBetween function if you configure to go past midnight the function always returns false.

if timeBetween("21:00","07:00") == True

As a workaround I have had to use an or statement.

if timeBetween("21:00","24:00") == True or timeBetween("00:00","07:00") == True

Although ACL allows you to only make object visible for those who have access. It would be nice to enable greater control over this by selecting user, conduct, group, everyone to reduced the number of objects you have to search. maybe this is a search filter?

It has been talked about before to see how we can add a feature to permit a remote jimi agent to execution part of all of a jimiFlow. For this to work we would need to look at how we proxy database communications and hook the core db model so that it can relay via jimi_core.

Protections to prevent breakout would need to be considered, this feature would make a good addition on the 3.0 update to the backend.

It would be good to have an ability to order links and also thread off sections of the flow into new threads

Codify and testTrigger wait for a flow to execute fully before returning results, it would be good if these results were polled and could be updated when results are provided by a given function instead of waiting

Is your feature request related to a problem? Please describe.
Some fields should be required as mandatory to be completed/filled in for a form to save. This would avoid users maybe missing critical fields such as entity in assets, or searchRepository in Humio.

Describe the solution you'd like
This could be done on client-side as this might be easier to override the individual form items like how we do for tool tips etc, but server-side would also be beneficial for future-proofing it.

Describe alternatives you've considered
Telling the users to do it properly. But unfortunately users are stupid sometimes. e.g. myself.

A concept to set variables globally that result in triggers or other flows similar to a state system.

jimi_core does not implement any form of API authentication

If the logout is triggered on the iframe then the login page is loaded within the iframe

Functions are currently static, it would be good if these could be expanded by plugins

Describe the bug
Test trigger used to provide the error message if the flow crashed. This is no longer the case.

To Reproduce

1. Run a test trigger that will fail

Expected behaviour
The error message for the failure should appear in the test trigger codify output

Desktop (please complete the following information):

• OS: Windows 10
• Browser: Chrome
• Version: JIMI v1.7

Cant import existing flows unless the append option is used.

The following needs to be added to the settings.json file on the Wiki installation page:

{
"system" : {
"systemID" : 0,
"accessAddress" : "127.0.0.1",
"accessPort" : 5000
},

Describe the bug
Tabs don't quite seem to work as expected. Either tabs aren't loading or are appearing blank.

To Reproduce
Login to JIMI
Select a few conducts/status/workers etc
Try and switch between them using the tab shortkey (CTRL-`)

Expected behaviour
Tab should switch between the selected tab and the last tab

Screenshots
Tab appears blank

Desktop (please complete the following information):

• OS: Windows 10
• Browser: Chrome
• Version: JIMI v1.5

Status page is really nice, but we should look at a few nice looking options:

• Hide/Show Disabled Triggers
• Group By Cluster

I may add more here before I sort these out.

If you want to set a var on an object that creates the output then you have to use action[data] but if this was the next object along it would be data[action][data].

Why is this inconsistent and confusing?

Describe the bug
When you change the security settings of an object, you should be able to do so repeatedly while working on the security settings of other objects within a flow.

To Reproduce

1. Right click an object and click Security Settings
2. Change the ACL of the object or Flow UI and save, not closing the window.
3. Right click another object and click Security Settings
4. Close the security settings window of the initial object
5. Right click the initial object and click Security Settings
6. Security Settings object will not re-open.

Expected behaviour
You should be able to change the security settings of an object without having to re-refresh the page.

Additional context
Only 200 status codes are seen

To add customer properties UI currently you have to push the change to jimi web. It would be ideal if like the rest of jimi if plugin developers can do this from within there own plugins. This will make the UI very flexible for advanced developers and still easy for simple plugins as it is today with the standard controls.

Over time we can then merge custom UI into native jimi

Could you please add functionality which would allow the display name to store a different value as opposed to the value located in the core action class. I'll be able to use the generic values instead of creating my own (as I'll be able to change the display name)

Thanks

Sometimes the UI gets out of sync on other screens, this appears to be caused by the assumption that the database has committed a push at the time a sync is requested.

Maybe an alternative would be to post the dictionary of items, positions and settings back the UI server so it can then work out what needs to be updated to bring it all in sync?

The jimi plugin system is core to its functionality and although it is functional there are a number of items that need to be overhauled.

Core

• Update
• Uninstall and Cleanup
• Enable and Disable
• Dependency checking and improved error handling
• Core API

Web

• Plugin view/panel + upgrade and install options
• Web API
• Static Includes
• Component Framework
• Dashboard / visualization Framework

Documentation

Object to collect events into a list for use in bulk processing part way into a flow. Similar to forEach but the opposite.

Other nice feature would be for dev options to do this on a given action so that a dev can make use of mongodb bulk queries to reduce overheads. Assets come to mind as each asset is collected one at a time?

If I import the same data twice on the same flow it overwrites the existing objects.

When running a test fire trigger on a flow that has callbacks i.e. occurrence clear, it does not work as the test fire trigger runs on codify which does not have a flow to call back to.

Can we make it optional to run the real flow instead of codify?

Unset object properties do not show in model Editor i.e. it is not possible to see the Scope option

Upon creating a large conduct, it has progressively become slower and slower. It has been identified that each conductEditor POST request is trying to send updates for every object in the flow, whether an update is required or not.

PUI instead of PUT. I guess this means that a PUT request does not actually get checked against CSRF?

When using a touch device the conduct editor works for selecting and moving objects but does not allow double click to edit. It is also not possible to connect flow objects when using a touch device.

Furthermore, the context menu ( right click ) does not work and is a bit small to use on a touch device.

Add conductID, ConductName and TriggerID to log output to make debugging easier

Is your feature request related to a problem? Please describe.
Nope

Describe the solution you'd like
Currently all form items are shown. It would be neater if we could hide certain items unless a certain requirement is met, e.g. a checkbox. For example, in the Humio plugin we have a number of Humio overrides. If the override checkbox is not ticked we should hide the four other items.

Developers have to remember to append the right checks when preforming database operations, this leaves it open to attack if forgotten.

We should look to enforce authorisation checks by default as part of all operations within jimi_web and jimi_core. The entire ACL system could use an overhaul

When using codify if you create a link within the flow from one object back to an earlier part of the flow codify is hangs during generation.

Ability to enable 2FA for user logins

Within jimi we use a Cache maxSzie value that is used to reduce the size of a given cache item only when adding new items to the cache. To get maximum performance jimi never clears this cache unless the maxSize value is met and you attempt to add a new item to the cache.

It is arguable how effective this feature was, but it does have significant overheads to the speed and performance of jimi.

Without this feature it is easier for developers to create plugins that use excessive amounts of memory, developers will need to be aware of this and make sure that checks are made within there own plugins if they use jimi core Cache feature to speed up certain operations.

Main jimi functions already keep memory footprints to a minimum and wont be impacted

Being able to draw or add text on conducts would be particularly useful for the initial planning/development stages of creating complex conducts but can also be beneficial in general to add notes on how flows work for other peers to see.

TestTrigger on the latest dev version does not include any output text - it does run however and log to file / db

Importing the jimiFlow example for beats software the objects do not import custom properties just the class and name etc is imported correctly.

e.g. localFile and remoteFile are not populated

Describe the bug

To Reproduce
Steps to reproduce the behavior:

1. Login to JIMI
2. Navigate through Administration -> Object Editor -> assetUpdate
3. Attempt to load an object within the list

Expected behaviour
The object attributes should be displayed.

Desktop (please complete the following information):

• OS: Windows 10
• Browser: Chrome
• Version: JIMI 1.6 (latest)

Additional context
Although this looks like it only affects assetUpdate at the moment, we should consider futureproofing the API to only return "readable" attributes.

Is your feature request related to a problem? Please describe.
Something that we run into now and again is when an object is mirrored (as in a direct copy of the object, rather than a duplicate) and is subsequently changed, all other copies are of course changed as well. It would be useful to be able to identify somehow if an object is re-used anywhere else.

Describe the solution you'd like
When a user attempts to make a change, perhaps a popup letting them know that the object is shared? Alternatively, we could have some sort of icon/indicator that lets a user easily identify shared objects.

When importing an existing object it does not appear and complains about the index being out of range.

Is your feature request related to a problem? Please describe.
Flow should inherit ACL from the initial trigger. This would stop users who can create flows from escalating their privilege to the JIMI users (as JIMI runs everything in core as himself)

Using the system on a mobile device such as a mobile phone results in the system being rendered as a desktop site. - This is not usable on such a device

Cache defaults are hard coded and cant be changed, this should be added to settings.json

It would be good if you could create a trigger that would run continuously within a worker thread without the need to be scheduled ( which can be an overhead on fast acting triggers e.g. 1s )

Plugin class names must not be reused across plugins, long term this could mean incompatibility between different plugins.

Action names are not correctly labelled within the output of codify / test trigger

Is your feature request related to a problem? Please describe.
Over time unused objects can build up within JIMI which can cause a messy object explorer and difficulty with creating additional objects that may have the same name.

Describe the solution you'd like
Implement a button which clears up stale/unused/unlinked objects.

Describe alternatives you've considered
Could also use a cron job but this could increase the risk of objects being removed that users may still want.

The scheduler does not make us of jimi cache and as a result impacts database and system performance.

When running a jimiFlow that contains a forEach object test trigger and codify functions stall on the object and do not progress to loop over events as expected.

Just noticed that when I restarted Node 1, a trigger running on Node 3 will re-run as if it has been reset.
This possibly only affects failed triggers.

I suspect we just need to update the trigger reset function (below) in system install to only search for triggers that match its system ID?