dfir-iris · c8y3 · Oct 8, 2025 · Oct 8, 2025 · Oct 8, 2025 · Oct 8, 2025
diff --git a/tests/data/basic.env → .env.tests.model b/tests/data/basic.env → .env.tests.model
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -31,12 +31,14 @@ jobs:
         uses: astral-sh/ruff-action@v3
         with:
           args: check --output-format=github
-      - name: Check dependencies with import-linter
+      - name: Check import dependencies with import-linter
         run: |
-          python -m venv venv
-          source venv/bin/activate
           pip install import-linter
           PYTHONPATH=source lint-imports
+      - name: Looking for dead code with vulture
+        run: |
+          pip install vulture
+          vulture
 
   build-docker-db:
     name: Build docker db
@@ -131,10 +133,8 @@ jobs:
         uses: actions/checkout@v4
       - name: Start development server
         run: |
-          # Even though, we use --env-file option when running docker compose, this is still necessary, because the compose has a env_file attribute :(
-          # TODO should move basic.env file, which is in directory tests, up. It's used in several places. Maybe, rename it into dev.env
-          cp tests/data/basic.env .env
-          docker compose --file docker-compose.dev.yml --env-file tests/data/basic.env up --detach --wait
+          cp .env.tests.model .env
+          docker compose --file docker-compose.dev.yml up --detach --wait
       - name: Generate GraphQL documentation
         run: |
           npx spectaql@^3.0.2 source/spectaql/config.yml
@@ -170,9 +170,7 @@ jobs:
         uses: actions/checkout@v4
       - name: Start development server
         run: |
-          # Even though, we use --env-file option when running docker compose, this is still necessary, because the compose has a env_file attribute :(
-          # TODO should move basic.env file, which is in directory tests, up. It's used in several places. Maybe, rename it into dev.env
-          cp tests/data/basic.env .env
+          cp .env.tests.model .env
           docker compose --file docker-compose.dev.yml up --detach --wait
       - name: Inspect development server start failure
         if: ${{ failure() || cancelled() }}
@@ -226,8 +224,7 @@ jobs:
       - name: Check out iris
         uses: actions/checkout@v4
       - name: Set up .env file
-        # TODO should move basic.env file, which is in directory tests, up. It's used in several places. Maybe, rename it into dev.env?
-        run: cp tests/data/basic.env .env
+        run: cp .env.tests.model .env
       - name: Run tests
         working-directory: tests_database_migration
         run: |
@@ -277,8 +274,7 @@ jobs:
         run: npx playwright install chromium firefox
       - name: Start development server
         run: |
-          # TODO should move basic.env file, which is in directory tests, up. It's used in several places. Maybe, rename it into dev.env
-          cp tests/data/basic.env .env
+          cp .env.tests.model .env
           docker compose --file docker-compose.dev.yml up --detach --wait
       - name: Run end to end tests
         working-directory: e2e

diff --git a/.vulture.ignore b/.vulture.ignore
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,8 +1,12 @@
 [tool.ruff.lint]
 preview = true
-select = ["E101", "E225", "E23", "E24", "E3", "E4", "E7", "E9", "F", "PLR0402", "RET506", "TID252", "UP032", "W29"]
+select = ["ARG003", "ARG005", "B00", "E101", "E20", "E225", "E23", "E24", "E3", "E4", "E7", "E9", "F", "FURB142", "FURB145", "FURB148", "PLR0402", "RET506", "RUF029", "RUF100", "TID252", "UP032", "W29", "W391"]
 ignore = ["E402", "E711", "E712", "E721", "E722"]
 
+[tool.vulture]
+paths = ["source/app", ".vulture.ignore"]
+ignore_decorators = ["@*.route", "@app.*", "@*.post", "@*.get", "@*.put", "@*.delete", "@pre_load", "@post_load"]
+
 [tool.importlinter]
 root_package = "app"
 include_external_packages = true
@@ -24,7 +28,7 @@ allow_indirect_imports = true
 [[tool.importlinter.contracts]]
 name = "Do not import API layer from the business layer"
 type = "forbidden"
-source_modules = ["app.business.access_controls", "app.business.assets"]
+source_modules = ["app.business.access_controls", "app.business.assets", "app.business.cases"]
 forbidden_modules = "app.blueprints.iris_user"
 allow_indirect_imports = true
 
@@ -42,3 +46,24 @@ source_modules = "app.datamgmt.dashboard"
 forbidden_modules = "app.blueprints.iris_user"
 allow_indirect_imports = true
 
+[[tool.importlinter.contracts]]
+name = "Do not import marshables from the persistence layer"
+type = "forbidden"
+source_modules = ["app.datamgmt.manage.manage_case_state_db", "app.datamgmt.manage.manage_groups_db"]
+forbidden_modules = "app.schema.marshables"
+allow_indirect_imports = true
+
+[[tool.importlinter.contracts]]
+name = "Do not import marshmallow from the persistence layer"
+type = "forbidden"
+source_modules = "app.datamgmt.client"
+forbidden_modules = "marshmallow"
+allow_indirect_imports = true
+
+[[tool.importlinter.contracts]]
+name = "Do not import the engine from the persistence layer"
+type = "forbidden"
+source_modules = "app.datamgmt.case"
+forbidden_modules = "app.iris_engine"
+allow_indirect_imports = true
+
diff --git a/scripts/gunicorn-cfg.py b/scripts/gunicorn-cfg.py
@@ -27,4 +27,3 @@
 
 def worker_exit(server, worker):
     sys.exit(4)
-
diff --git a/source/app/alembic/versions/10a7616f3cc7_add_module_types.py b/source/app/alembic/versions/10a7616f3cc7_add_module_types.py
@@ -42,4 +42,3 @@ def upgrade():
 
 def downgrade():
     pass
-
diff --git a/source/app/alembic/versions/ad4e0cd17597_add_ioctype_validation.py b/source/app/alembic/versions/ad4e0cd17597_add_ioctype_validation.py
@@ -93,4 +93,3 @@ def upgrade():
 def downgrade():
     op.drop_column('ioc_type', 'type_validation_regex')
     op.drop_column('ioc_type', 'type_validation_expect')
-
diff --git a/source/app/alembic/versions/cd519d2d24df_password_policy_edition.py b/source/app/alembic/versions/cd519d2d24df_password_policy_edition.py
@@ -57,4 +57,3 @@ def upgrade():
 
 def downgrade():
     pass
-
diff --git a/source/app/alembic/versions/d5a720d1b99b_add_alerts_indexes.py b/source/app/alembic/versions/d5a720d1b99b_add_alerts_indexes.py
@@ -61,4 +61,3 @@ def downgrade():
 
     # Drop AlertSimilarity table
     op.drop_table('alert_similarity')
-
diff --git a/source/app/blueprints/graphql/cases.py b/source/app/blueprints/graphql/cases.py
@@ -36,7 +36,7 @@
 from app.business.cases import cases_delete
 from app.business.cases import cases_update
 from app.business.cases import cases_get_by_identifier
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.blueprints.graphql.permissions import permissions_check_current_user_has_some_permission
 from app.blueprints.graphql.permissions import permissions_check_current_user_has_some_case_access
 from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
@@ -115,7 +115,7 @@ def mutate(root, info, name, description, client_id, soc_id=None, classification
         schema = CaseSchema()
         case = schema.load(request_data)
         case_template_id = request_data.pop('case_template_id', None)
-        result = cases_create(case, case_template_id)
+        result = cases_create(iris_current_user, case, case_template_id)
         return CaseCreate(case=result)
 
 

diff --git a/source/app/blueprints/graphql/sliced_result.py b/source/app/blueprints/graphql/sliced_result.py
@@ -29,4 +29,3 @@ def __getitem__(self, index: slice) -> any:
 
     def __len__(self) -> int:
         return self._total
-
diff --git a/source/app/blueprints/pages/case/case_ioc_routes.py b/source/app/blueprints/pages/case/case_ioc_routes.py
@@ -22,7 +22,7 @@
 from flask import url_for
 
 from app.business.iocs import iocs_get
-from app.business.errors import ObjectNotFoundError
+from app.models.errors import ObjectNotFoundError
 from app.datamgmt.case.assets_type import get_assets_types
 from app.datamgmt.case.case_db import get_case
 from app.datamgmt.case.case_iocs_db import get_case_iocs_comments_count

diff --git a/source/app/blueprints/pages/manage/manage_cases_routes.py b/source/app/blueprints/pages/manage/manage_cases_routes.py
@@ -41,6 +41,7 @@
 from app.blueprints.access_controls import ac_api_return_access_denied, ac_fast_check_current_user_has_case_access
 from app.blueprints.access_controls import ac_requires
 from app.blueprints.responses import response_error
+from app.schema.marshables import CaseStateSchema
 
 manage_cases_blueprint = Blueprint('manage_case',
                                    __name__,
@@ -81,6 +82,7 @@ def _details_case(cur_id: int, caseid: int, url_redir: bool) -> Union[str, Respo
 
     case_classifications = get_case_classifications_list()
     case_states = get_case_states_list()
+    dumped_case_states = CaseStateSchema(many=True).dump(case_states)
     user_is_server_administrator = ac_current_user_has_permission(Permissions.server_administrator)
 
     customers = get_client_list(current_user_id=iris_current_user.id,
@@ -92,7 +94,7 @@ def _details_case(cur_id: int, caseid: int, url_redir: bool) -> Union[str, Respo
     form = FlaskForm()
 
     return render_template("modal_case_info_from_case.html", data=res, form=form, protagonists=protagonists,
-                           case_classifications=case_classifications, case_states=case_states, customers=customers,
+                           case_classifications=case_classifications, case_states=dumped_case_states, customers=customers,
                            severities=severities)
 
 

diff --git a/source/app/blueprints/pages/manage/manage_customers_routes.py b/source/app/blueprints/pages/manage/manage_customers_routes.py
@@ -22,7 +22,7 @@
 from flask import url_for
 from flask_wtf import FlaskForm
 
-from app.datamgmt.client.client_db import get_client
+from app.datamgmt.client.client_db import get_customer
 from app.datamgmt.client.client_db import get_client_api
 from app.datamgmt.client.client_db import get_client_contact
 from app.datamgmt.client.client_db import get_client_contacts
@@ -92,7 +92,7 @@ def customer_edit_contact_modal(client_id, contact_id, caseid, url_redir):
     if url_redir:
         return redirect(url_for('manage_customers.manage_customers', cid=caseid))
 
-    contact = get_client_contact(client_id, contact_id)
+    contact = get_client_contact(contact_id)
     if not contact:
         return response_error(f"Invalid Contact ID {contact_id}")
 
@@ -115,7 +115,7 @@ def view_customer_modal(client_id, caseid, url_redir):
         return redirect(url_for('manage_customers.manage_customers', cid=caseid))
 
     form = AddCustomerForm()
-    customer = get_client(client_id)
+    customer = get_customer(client_id)
     if not customer:
         return response_error("Invalid Customer ID")
 

diff --git a/source/app/blueprints/rest/activities_routes.py b/source/app/blueprints/rest/activities_routes.py
@@ -27,7 +27,7 @@
 activities_rest_blueprint = Blueprint('activities_rest', __name__)
 
 
-@activities_rest_blueprint.route('/activities/list', methods=['GET'])
+@activities_rest_blueprint.get('/activities/list')
 @ac_api_requires(Permissions.activities_read, Permissions.all_activities_read)
 def list_activities():
     # Get User activities from database

diff --git a/source/app/blueprints/rest/alerts_routes.py b/source/app/blueprints/rest/alerts_routes.py
@@ -60,7 +60,7 @@
 from app.blueprints.responses import response_error
 from app.util import add_obj_history_entry
 from app.blueprints.responses import response_success
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.business.alerts import alerts_create
 
 alerts_rest_blueprint = Blueprint('alerts_rest', __name__)
@@ -439,7 +439,7 @@ def alerts_batch_update_route() -> Response:
             if not user_has_client_access(iris_current_user.id, alert.alert_customer_id):
                 return response_error('User not entitled to update alerts for the client', status=403)
 
-            if getattr(alert, 'alert_owner_id') is None:
+            if alert.alert_owner_id is None:
                 updates['alert_owner_id'] = iris_current_user.id
 
             if data.get('alert_owner_id') == "-1" or data.get('alert_owner_id') == -1:
@@ -606,7 +606,7 @@ def alerts_escalate_route(alert_id) -> Response:
         if not case:
             return response_error('Failed to create case from alert')
 
-        ac_set_new_case_access(None, case.case_id, case.client_id)
+        ac_set_new_case_access(iris_current_user, case.case_id, case.client_id)
 
         case = call_modules_hook('on_postload_case_create', data=case)
 
@@ -884,7 +884,7 @@ def alerts_batch_escalate_route() -> Response:
         if not case:
             return response_error('Failed to create case from alert')
 
-        ac_set_new_case_access(None, case.case_id, case.client_id)
+        ac_set_new_case_access(iris_current_user, case.case_id, case.client_id)
 
         case = call_modules_hook('on_postload_case_create', data=case)
 

diff --git a/source/app/blueprints/rest/api_v2_routes.py b/source/app/blueprints/rest/api_v2_routes.py
@@ -31,6 +31,7 @@
 from app.blueprints.rest.v2.tags import tags_blueprint
 from app.blueprints.rest.v2.tasks import tasks_blueprint
 from app.blueprints.rest.v2.profile import profile_blueprint
+from app.blueprints.rest.v2.alerts_filters import alerts_filters_blueprint
 
 
 # Create root /api/v2 blueprint
@@ -50,3 +51,4 @@
 rest_v2_blueprint.register_blueprint(manage_v2_blueprint)
 rest_v2_blueprint.register_blueprint(tags_blueprint)
 rest_v2_blueprint.register_blueprint(profile_blueprint)
+rest_v2_blueprint.register_blueprint(alerts_filters_blueprint)
diff --git a/source/app/blueprints/rest/case/case_assets_routes.py b/source/app/blueprints/rest/case/case_assets_routes.py
@@ -30,7 +30,7 @@
 from app.business.assets import assets_get
 from app.business.assets import assets_update
 from app.blueprints.iris_user import iris_current_user
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.datamgmt.case.case_assets_db import get_raw_assets
 from app.datamgmt.case.case_assets_db import get_linked_iocs_finfo_from_asset
 from app.datamgmt.case.case_assets_db import add_comment_to_asset

diff --git a/source/app/blueprints/rest/case/case_evidences_routes.py b/source/app/blueprints/rest/case/case_evidences_routes.py
@@ -45,7 +45,7 @@
 from app.business.evidences import evidences_create
 from app.business.evidences import evidences_delete
 from app.business.evidences import evidences_update
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
 
 

diff --git a/source/app/blueprints/rest/case/case_ioc_routes.py b/source/app/blueprints/rest/case/case_ioc_routes.py
@@ -33,8 +33,8 @@
 from app.business.iocs import iocs_update
 from app.business.iocs import iocs_delete
 from app.business.iocs import iocs_get
-from app.business.errors import BusinessProcessingError
-from app.business.errors import ObjectNotFoundError
+from app.models.errors import BusinessProcessingError
+from app.models.errors import ObjectNotFoundError
 from app.datamgmt.case.case_iocs_db import add_comment_to_ioc
 from app.datamgmt.case.case_iocs_db import add_ioc
 from app.datamgmt.case.case_iocs_db import delete_ioc_comment
@@ -51,12 +51,14 @@
 from app.models.authorization import CaseAccessLevel
 from app.schema.marshables import CommentSchema
 from app.schema.marshables import IocSchema
-from app.blueprints.access_controls import ac_requires_case_identifier, ac_fast_check_current_user_has_case_access
+from app.blueprints.access_controls import ac_requires_case_identifier
+from app.blueprints.access_controls import ac_fast_check_current_user_has_case_access
 from app.blueprints.access_controls import ac_api_requires
 from app.blueprints.access_controls import ac_api_return_access_denied
 from app.blueprints.responses import response_error
 from app.blueprints.responses import response_success
 from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
+from app.iris_engine.access_control.utils import ac_get_fast_user_cases_access
 
 case_ioc_rest_blueprint = Blueprint('case_ioc_rest', __name__)
 
@@ -74,7 +76,8 @@ def case_list_ioc(caseid):
         out = ioc._asdict()
 
         # Get links of the IoCs seen in other cases
-        ial = get_ioc_links(ioc.ioc_id)
+        user_search_limitations = ac_get_fast_user_cases_access(iris_current_user.id)
+        ial = get_ioc_links(ioc.ioc_id, user_search_limitations)
 
         out['link'] = [row._asdict() for row in ial]
         # Legacy, must be changed next version

diff --git a/source/app/blueprints/rest/case/case_notes_routes.py b/source/app/blueprints/rest/case/case_notes_routes.py
@@ -26,7 +26,7 @@
 from app.blueprints.rest.case_comments import case_comment_update
 from app.blueprints.rest.endpoints import endpoint_deprecated
 from app.blueprints.iris_user import iris_current_user
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.business.notes import notes_create
 from app.business.notes import notes_list_revisions
 from app.business.notes import notes_get_revision

diff --git a/source/app/blueprints/rest/case/case_tasks_routes.py b/source/app/blueprints/rest/case/case_tasks_routes.py
@@ -26,7 +26,7 @@
 from app.blueprints.rest.case_comments import case_comment_update
 from app.blueprints.rest.endpoints import endpoint_deprecated
 from app.blueprints.iris_user import iris_current_user
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.business.tasks import tasks_delete
 from app.business.tasks import tasks_create
 from app.business.tasks import tasks_get

diff --git a/source/app/blueprints/rest/case/case_timeline_routes.py b/source/app/blueprints/rest/case/case_timeline_routes.py
@@ -73,7 +73,7 @@
 from app.util import add_obj_history_entry
 from app.blueprints.responses import response_error
 from app.blueprints.responses import response_success
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.business.events import events_create
 from app.business.events import events_update
 from app.business.events import events_delete

diff --git a/source/app/blueprints/rest/case_comments.py b/source/app/blueprints/rest/case_comments.py
@@ -24,7 +24,7 @@
 from app.blueprints.responses import response_error
 from app.blueprints.responses import response_success
 from app.business.comments import comments_update_for_case
-from app.business.errors import BusinessProcessingError
+from app.models.errors import BusinessProcessingError
 from app.blueprints.iris_user import iris_current_user
Original file line number	Diff line number	Diff line change
Expand Up		@@ -27,4 +27,3 @@

		def worker_exit(server, worker):
		sys.exit(4)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -42,4 +42,3 @@ def upgrade():

		def downgrade():
		pass
Original file line number	Diff line number	Diff line change
Expand Up		@@ -93,4 +93,3 @@ def upgrade():
		def downgrade():
		op.drop_column('ioc_type', 'type_validation_regex')
		op.drop_column('ioc_type', 'type_validation_expect')
Original file line number	Diff line number	Diff line change
Expand Up		@@ -57,4 +57,3 @@ def upgrade():

		def downgrade():
		pass
Original file line number	Diff line number	Diff line change
Expand Up		@@ -61,4 +61,3 @@ def downgrade():

		# Drop AlertSimilarity table
		op.drop_table('alert_similarity')
Original file line number	Diff line number	Diff line change
Expand Up		@@ -29,4 +29,3 @@ def __getitem__(self, index: slice) -> any:

		def __len__(self) -> int:
		return self._total