From 31b85c29966880263662aa6c836eb575cf9c6ee4 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 21 Mar 2022 10:43:27 -0400
Subject: [PATCH 01/12] ES8 will not provide _type field

---
 server/modules/elastic/converter.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/modules/elastic/converter.go b/server/modules/elastic/converter.go
index 541f5753..434b86c8 100644
--- a/server/modules/elastic/converter.go
+++ b/server/modules/elastic/converter.go
@@ -320,7 +320,9 @@ func convertFromElasticResults(store *ElasticEventstore, esJson string, results
 		esRecord := record.(map[string]interface{})
 		event.Source = esRecord["_index"].(string)
 		event.Id = esRecord["_id"].(string)
-		event.Type = esRecord["_type"].(string)
+		if esRecord["_type"] != nil {
+			event.Type = esRecord["_type"].(string)
+		}
 		if esRecord["_score"] != nil {
 			event.Score = esRecord["_score"].(float64)
 		}

From 5414b2d1a346b3033212b4801f47ecfa4e4bda5b Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 8 Jun 2022 16:55:39 -0400
Subject: [PATCH 02/12] Support group-by sorting memory on first group only

---
 html/index.html             |  3 ++-
 html/js/routes/hunt.js      | 25 +++++++++++++++++++++++++
 html/js/routes/hunt.test.js |  8 ++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/html/index.html b/html/index.html
index 5be37187..2cf8708e 100644
--- a/html/index.html
+++ b/html/index.html
@@ -509,7 +509,8 @@ <h4 v-if="loaded">{{ i18n.eventTotal }} {{ totalEvents.toLocaleString() }}</h4>
                         <bar-chart v-if="group.chart_type == 'bar'" :chartdata="group.chart_data" :options="group.chart_options"/>
                         <sankey-chart v-if="group.chart_type == 'sankey'" :chartdata="group.chart_data" :options="group.chart_options"/>
                       </div>
-                      <v-data-table v-if="!group.chart_type" class="elevation-1" :search="groupByFilter" dense :footer-props="groupByFooters" sort-by="count" sort-desc="true"
+                      <v-data-table v-if="!group.chart_type" class="elevation-1" :search="groupByFilter" dense 
+                       :footer-props="groupByFooters" :sort-by.sync="group.sortBy" :sort-desc.sync="group.sortDesc" @update:sort-by="updateGroupBySort" @update:sort-desc="updateGroupBySort"
                         :items-per-page.sync="groupByItemsPerPage" must-sort :headers="group.headers" :items="group.data" :custom-sort="sortEvents">
                         <template v-for="(header, headerIdx) in group.headers" v-slot:["header." + header.value]="{ props }">
                           {{ header.text }}
diff --git a/html/js/routes/hunt.js b/html/js/routes/hunt.js
index 6c506d6f..b2d7b6a3 100644
--- a/html/js/routes/hunt.js
+++ b/html/js/routes/hunt.js
@@ -70,6 +70,8 @@ const huntComponent = {
     groupByItemsPerPage: 10,
     groupByFooters: { 'items-per-page-options': [10,25,50,100,200,500] },
     groupByPage: 1,
+    groupBySortBy: 'count',
+    groupBySortDesc: true,
     chartLabelMaxLength: 30,
     chartLabelOtherLimit: 10,
     chartLabelFieldSeparator: ', ',
@@ -160,6 +162,8 @@ const huntComponent = {
   },
   watch: {
     '$route': 'loadData',
+    'groupBySortBy': 'saveLocalSettings',
+    'groupBySortDesc': 'saveLocalSettings',
     'groupByItemsPerPage': 'groupByItemsPerPageChanged',
     'groupByLimit': 'groupByLimitChanged',
     'sortBy': 'saveLocalSettings',
@@ -989,6 +993,8 @@ const huntComponent = {
           // chart_options: ChartJS options. See setupBarChart, etc.
           // chart_data:    ChartJS labels and datasets. See setupBarChart and populateBarChart.
           // is_incomplete: True if only partial data is rendered to avoid complete render failure.
+          // sortBy:        Optional name of a field to sort by.
+          // sortDesc:      True if the optional sort should be in descending order.
           var group = {};
           group.title = fields.join(this.chartLabelFieldSeparator);
           group.fields = [...fields];
@@ -999,6 +1005,15 @@ const huntComponent = {
           }
           group.headers = this.constructHeaders(fields);
           group.chart_metrics = this.constructChartMetrics(metrics[key]);
+
+          // Preserve group-by sort settings only for first group. Useful for non-advanced views.
+          group.sortBy = 'count';
+          group.sortDesc = true;
+          if (this.groupBys.length == 0 && this.groupBySortBy) {
+            group.sortBy = this.groupBySortBy;
+            group.sortDesc = this.groupBySortDesc;
+          }
+
           this.groupBys.push(group);
 
           var options = this.queryGroupByOptions[groupIdx];
@@ -1014,6 +1029,12 @@ const huntComponent = {
       }
       return false;
     },
+    updateGroupBySort() {
+      if (this.groupBys.length > 0) {
+        this.groupBySortBy = this.groupBys[0].sortBy;
+        this.groupBySortDesc = this.groupBys[0].sortDesc;
+      }
+    },
     populateEventTable(events) {
       var records = [];
       var fields = [];
@@ -1526,6 +1547,8 @@ const huntComponent = {
       localStorage['timezone'] = this.zone;
     },
     saveLocalSettings() {
+      this.saveSetting('groupBySortBy', this.groupBySortBy, 'count');
+      this.saveSetting('groupBySortDesc', this.groupBySortDesc, true);
       this.saveSetting('groupByItemsPerPage', this.groupByItemsPerPage, this.params['groupItemsPerPage']);
       this.saveSetting('groupByLimit', this.groupByLimit, this.params['groupFetchLimit']);
       this.saveSetting('sortBy', this.sortBy, 'timestamp');
@@ -1543,6 +1566,8 @@ const huntComponent = {
 
       // Module settings
       var prefix = 'settings.' + this.category;
+      if (localStorage[prefix + '.groupBySortBy']) this.groupBySortBy = localStorage[prefix + '.groupBySortBy'];
+      if (localStorage[prefix + '.groupBySortDesc']) this.groupBySortDesc = localStorage[prefix + '.groupBySortDesc'] == "true";
       if (localStorage[prefix + '.groupByItemsPerPage']) this.groupByItemsPerPage = parseInt(localStorage[prefix + '.groupByItemsPerPage']);
       if (localStorage[prefix + '.groupByLimit']) this.groupByLimit = parseInt(localStorage[prefix + '.groupByLimit']);
       if (localStorage[prefix + '.sortBy']) this.sortBy = localStorage[prefix + '.sortBy'];
diff --git a/html/js/routes/hunt.test.js b/html/js/routes/hunt.test.js
index cdbed5d5..80c74f10 100644
--- a/html/js/routes/hunt.test.js
+++ b/html/js/routes/hunt.test.js
@@ -367,6 +367,10 @@ test('populateGroupByTables', () => {
     "groupby_0|foo|bar": [{ value: 23, keys: ['moo', 'mar'] }],
     "groupby_1|car": [{ value: 9, keys: ['mis'] }],
   }
+
+  comp.groupBySortBy = "foo";
+  comp.groupBySortDesc = false;
+
   comp.queryGroupByOptions = [[],[]];
   var result = comp.populateGroupByTables(metrics);
   expect(comp.groupBys.length).toBe(2);
@@ -377,12 +381,16 @@ test('populateGroupByTables', () => {
   expect(comp.groupBys[0].data[0].bar).toBe('mar');
   expect(comp.groupBys[0].headers).toStrictEqual([{text: 'Count', value:'count'}, {text: 'foo', value: 'foo'}, {text: 'bar', value: 'bar'}]);
   expect(comp.groupBys[0].chart_metrics).toStrictEqual([{value: 23, keys:['moo, mar']}]);
+  expect(comp.groupBys[0].sortBy).toBe('foo');
+  expect(comp.groupBys[0].sortDesc).toBe(false);
   expect(comp.groupBys[1].title).toBe("car");
   expect(comp.groupBys[1].fields.length).toBe(1);
   expect(comp.groupBys[1].data[0].count).toBe(9);
   expect(comp.groupBys[1].data[0].car).toBe('mis');
   expect(comp.groupBys[1].headers).toStrictEqual([{text: 'Count', value:'count'}, {text: 'car', value: 'car'}]);
   expect(comp.groupBys[1].chart_metrics).toStrictEqual([{value: 9, keys:['mis']}]);
+  expect(comp.groupBys[1].sortBy).toBe('count');
+  expect(comp.groupBys[1].sortDesc).toBe(true);
 
   // Now include action column
   comp.aggregationActionsEnabled = true;

From 4b4e524cde6d70006c0303fdb9bf0ed6416b51d8 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Fri, 17 Jun 2022 12:58:33 -0400
Subject: [PATCH 03/12] Pin to v1.6.0

---
 .github/workflows/leaktest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/leaktest.yml b/.github/workflows/leaktest.yml
index e66a06fa..cc6d913d 100644
--- a/.github/workflows/leaktest.yml
+++ b/.github/workflows/leaktest.yml
@@ -12,4 +12,4 @@ jobs:
         fetch-depth: '0'
 
     - name: Gitleaks
-      uses: zricethezav/gitleaks-action@master
+      uses: gitleaks/gitleaks-action@v1.6.0

From 7048007879a6e67c763b15077910fa2e415fec6f Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 Jun 2022 11:19:46 -0400
Subject: [PATCH 04/12] Support maximized group views; remember nav drawer
 toggle setting

---
 html/css/app.css            | 10 +++++++++
 html/index.html             | 24 +++++++++++++-------
 html/js/app.js              | 43 ++++++++++++++++++++++++++++++++++-
 html/js/app.test.js         | 45 ++++++++++++++++++++++++++++++++++++-
 html/js/i18n.js             |  1 +
 html/js/routes/hunt.js      | 20 ++++++++++++++++-
 html/js/routes/hunt.test.js | 18 ++++++++++++---
 html/js/test_common.js      |  6 +++++
 8 files changed, 153 insertions(+), 14 deletions(-)

diff --git a/html/css/app.css b/html/css/app.css
index de381f82..11f7dd67 100644
--- a/html/css/app.css
+++ b/html/css/app.css
@@ -403,3 +403,13 @@ td {
 .case.markdown-icon:hover i {
   color: var(--v-primary-base);
 }
+
+.maximized {
+  position: absolute;
+  left: 0px;
+  top: 0px;
+  width: 100%;
+  height: calc(100vh - 100px);
+  background-color: var(--v-background-base);
+  z-index: 1;
+}
\ No newline at end of file
diff --git a/html/index.html b/html/index.html
index 2cf8708e..d91332aa 100644
--- a/html/index.html
+++ b/html/index.html
@@ -248,7 +248,7 @@
           </template>
           {{ tipMessage }}
         </v-snackbar>
-        <router-view></router-view>
+        <router-view id="main-view"></router-view>
         <textarea id="clipboardBuffer"></textarea>
       </v-main>
       <v-footer app>
@@ -502,17 +502,22 @@ <h4 v-if="loaded">{{ i18n.eventTotal }} {{ totalEvents.toLocaleString() }}</h4>
                         <router-link class="mx-1" :to="buildToggleLegendRoute(group, groupIdx)" :title="i18n.toggleLegend" style="text-decoration: none; cursor: 'pointer'">
                           <v-icon>fa-list</v-icon>
                         </router-link>
+                        <router-link class="mx-1" :to="buildMaximizeRoute(group, groupIdx)" :title="i18n.maximize" style="text-decoration: none; cursor: 'pointer'">
+                          <v-icon>fa-expand</v-icon>
+                        </router-link>
                         <v-btn icon class="mx-1" @click="removeGroupBy(groupIdx, -1)" :title="i18n.remove">
                           <v-icon>fa-trash</v-icon>
                         </v-btn>
-                        <pie-chart v-if="group.chart_type == 'pie'" :chartdata="group.chart_data" :options="group.chart_options"/>
-                        <bar-chart v-if="group.chart_type == 'bar'" :chartdata="group.chart_data" :options="group.chart_options"/>
-                        <sankey-chart v-if="group.chart_type == 'sankey'" :chartdata="group.chart_data" :options="group.chart_options"/>
+                        <pie-chart v-if="group.chart_type == 'pie'" :id="'group-' + groupIdx" :chartdata="group.chart_data" :options="group.chart_options"/>
+                        <bar-chart v-if="group.chart_type == 'bar'" :id="'group-' + groupIdx" :chartdata="group.chart_data" :options="group.chart_options"/>
+                        <sankey-chart v-if="group.chart_type == 'sankey'" :id="'group-' + groupIdx" :chartdata="group.chart_data" :options="group.chart_options"/>
                       </div>
-                      <v-data-table v-if="!group.chart_type" class="elevation-1" :search="groupByFilter" dense 
-                       :footer-props="groupByFooters" :sort-by.sync="group.sortBy" :sort-desc.sync="group.sortDesc" @update:sort-by="updateGroupBySort" @update:sort-desc="updateGroupBySort"
+                      <v-data-table v-if="!group.chart_type" :id="'group-' + groupIdx" class="elevation-1" 
+                        :search="groupByFilter" dense 
+                        :footer-props="groupByFooters" :sort-by.sync="group.sortBy" :sort-desc.sync="group.sortDesc" 
+                        @update:sort-by="updateGroupBySort" @update:sort-desc="updateGroupBySort"
                         :items-per-page.sync="groupByItemsPerPage" must-sort :headers="group.headers" :items="group.data" :custom-sort="sortEvents">
-                        <template v-for="(header, headerIdx) in group.headers" v-slot:["header." + header.value]="{ props }">
+                        <template v-if="!group.maximized" v-for="(header, headerIdx) in group.headers" v-slot:["header." + header.value]="{ props }">
                           {{ header.text }}
                           <span class="table-header-actions mx-2">
                             <router-link v-if="header.value == 'count' && isAdvanced()" :to="buildGroupOptionRoute(groupIdx, [], 'pie')" :title="i18n.showPieChart" style="text-decoration: none; cursor: 'pointer'">
@@ -524,12 +529,15 @@ <h4 v-if="loaded">{{ i18n.eventTotal }} {{ totalEvents.toLocaleString() }}</h4>
                             <router-link v-if="header.value == 'count' && isAdvanced() && isGroupSankeyCapable(group, groupIdx)" icon x-small :to="buildGroupOptionRoute(groupIdx, [], 'sankey')" :title="i18n.showSankeyChart" style="text-decoration: none; cursor: 'pointer'">
                               <v-icon>fa-diagram-project</v-icon>
                             </router-link>
+                            <router-link v-if="header.value == 'count' && isAdvanced()" class="mx-1" :to="buildMaximizeRoute(group, groupIdx)" :title="i18n.maximize" style="text-decoration: none; cursor: 'pointer'">
+                              <v-icon>fa-expand</v-icon>
+                            </router-link>
                             <v-btn v-if="header.value != 'count' && header.value != ''" icon x-small @click.stop="removeGroupBy(groupIdx,headerIdx - getGroupByFieldStartIndex())" :title="i18n.remove">
                               <v-icon>fa-trash</v-icon>
                             </v-btn>
                           </span>
                         </template>
-                        <template v-slot:item="{ item, index }">
+                        <template v-if="!group.maximized" v-slot:item="{ item, index }">
                           <tr>
                             <td v-if="aggregationActionsEnabled">
                               <v-btn id="alertButton" v-if="ackEnabled && item['event.severity_label']" class="mx-2" icon x-small
diff --git a/html/js/app.js b/html/js/app.js
index 3ab91805..d854cf0e 100644
--- a/html/js/app.js
+++ b/html/js/app.js
@@ -86,9 +86,14 @@ $(document).ready(function() {
       loadServerSettingsTime: 0,
       user: null,
       username: '',
+      maximizedParent: null,
+      maximizedOrigWidth: null,
+      maximizedOrigHeight: null,
+      maximizedCancelFn: null,
     },
     watch: {
       '$vuetify.theme.dark': 'saveLocalSettings',
+      'toolbar': 'saveLocalSettings',
     },
     methods: {
       formatActionContent(content, event, field, value, uriEncode = true) {
@@ -532,11 +537,15 @@ $(document).ready(function() {
       },
       saveLocalSettings() {
         localStorage['settings.app.dark'] = this.$vuetify.theme.dark;
+        localStorage['settings.app.navbar'] = this.toolbar;
       },
       loadLocalSettings() {
         if (localStorage['settings.app.dark'] != undefined) {
           this.$vuetify.theme.dark = localStorage['settings.app.dark'] == "true";
         }
+        if (localStorage['settings.app.navbar'] != undefined) {
+          this.toolbar = localStorage['settings.app.navbar'] == "true";
+        }
       },
       subscribe(kind, fn) {
         this.ensureConnected();
@@ -796,7 +805,39 @@ $(document).ready(function() {
       },
       isAttentionNeeded() {
         return this.isNewAlert() || this.isGridUnhealthy() || !this.connected || this.reconnecting;
-      }
+      },
+      isMaximized() {
+        return this.maximizedTarget != null;
+      },
+      maximizeById(targetId, escapeFn=null) {
+        this.maximize(document.getElementById(targetId), escapeFn);
+      },
+      maximize(target, escapeFn=null) {
+        this.unmaximize();
+        this.maximizedTarget = target;
+        this.maximizedOrigWidth = target.style.width;
+        this.maximizedOrigHeight = target.style.height;
+        target.classList.add("maximized");
+        this.maximizedCancelFn = escapeFn;
+        document.addEventListener('keydown', this.unmaximizeEscapeListener);
+      },
+      unmaximize(userInitiated=false) {
+        if (!this.maximizedTarget) return;
+        if (userInitiated && this.maximizedCancelFn) {
+          if (this.maximizedCancelFn(this.maximizeTarget)) return;
+        }
+        this.maximizedTarget.classList.remove("maximized");
+        this.maximizedTarget.style.width = this.maximizedOrigWidth;
+        this.maximizedTarget.style.height = this.maximizedOrigHeight;
+        this.maximizedTarget = null;
+        this.maximizedCancelFn = null;
+        document.removeEventListener('keydown', this.unmaximizeEscapeListener); 
+      },
+      unmaximizeEscapeListener(event) {
+        if (event.code == "Escape") { 
+          this.unmaximize(true);
+        }
+      },
     },
     created() {
       this.log("Initializing application components");
diff --git a/html/js/app.test.js b/html/js/app.test.js
index c880ef2a..d0a788b8 100644
--- a/html/js/app.test.js
+++ b/html/js/app.test.js
@@ -149,4 +149,47 @@ test('truncate', () => {
   expect(app.truncate("atthelimit!!", 10)).toBe("atthelimit!!");
   expect(app.truncate("atthelimit!!!", 10)).toBe("atthelimit!!!");
   expect(app.truncate("much longer value", 10)).toBe("much...value");
-});
\ No newline at end of file
+});
+
+test('localSettings', () => {
+	app.toolbar = true;
+	app.saveLocalSettings();
+	app.toolbar = null;
+	app.loadLocalSettings();
+	expect(app.toolbar).toBe(true);
+});
+
+test('maximize', () => {
+	const element = document.createElement('div');
+	element.style.width = '12px';
+	element.style.height = '13px';
+
+	const cancelMock = jest.fn();
+	expect(app.isMaximized()).toBe(false);
+
+	app.maximize(element, cancelMock);
+
+	expect(app.isMaximized()).toBe(true);
+	expect(app.maximizedOrigWidth).toBe("12px");
+	expect(app.maximizedOrigHeight).toBe("13px");
+
+	app.unmaximize(true);
+
+	expect(app.isMaximized()).toBe(false);
+	expect(app.maximizedCancelFn).toBeNull();
+	expect(cancelMock).toHaveBeenCalledTimes(1);
+
+	// Maximize again
+	app.maximize(element);
+
+	expect(app.isMaximized()).toBe(true);
+
+	app.unmaximize(false);
+
+	expect(app.isMaximized()).toBe(false);
+
+	// should still only have been called once
+	expect(cancelMock).toHaveBeenCalledTimes(1);
+
+	expect(app.maximizedCancelFn).toBeNull();
+});
diff --git a/html/js/i18n.js b/html/js/i18n.js
index 96c913a7..8466de59 100644
--- a/html/js/i18n.js
+++ b/html/js/i18n.js
@@ -328,6 +328,7 @@ const i18n = {
       logout: 'Logout',
       logoutFailure: 'Unable to initiate logout. Ensure server is accessible.',
       markdownFormattingSupported: 'Markdown formatting supported',
+      maximize: 'Maximize View (ESC to cancel)',
       md5: 'MD5',
       message: 'Message',
       minutes: 'minutes',
diff --git a/html/js/routes/hunt.js b/html/js/routes/hunt.js
index b2d7b6a3..95e64ea8 100644
--- a/html/js/routes/hunt.js
+++ b/html/js/routes/hunt.js
@@ -791,8 +791,14 @@ const huntComponent = {
       var removal = group.chart_options && group.chart_options.plugins.legend.display ? "legend" : "nolegend";
       return this.buildGroupOptionRoute(groupIdx, [removal], addition);
     },
+    buildMaximizeRoute(group, groupIdx) {
+      return this.buildGroupOptionRoute(groupIdx, [], "maximize");
+    },
+    buildNonMaximizedRoute(group, groupIdx) {
+      return this.buildGroupOptionRoute(groupIdx, ["maximize"], '');
+    },
     buildGroupWithoutOptionsRoute(groupIdx) {
-      const removals = ["pie", "bar", "legend", "nolegend", "sankey"];
+      const removals = ["pie", "bar", "legend", "nolegend", "sankey", "maximize"];
       return this.buildGroupOptionRoute(groupIdx, removals, '');
     },
     countDrilldown(event) {
@@ -971,6 +977,7 @@ const huntComponent = {
       while (this.populateGroupByTable(metrics, idx++)) {};
     },
     populateGroupByTable(metrics, groupIdx) {
+      const route = this;
       var key = this.lookupGroupByMetricKey(metrics, groupIdx, true);
       if (key) {
         var fields = key.split("|");
@@ -995,6 +1002,7 @@ const huntComponent = {
           // is_incomplete: True if only partial data is rendered to avoid complete render failure.
           // sortBy:        Optional name of a field to sort by.
           // sortDesc:      True if the optional sort should be in descending order.
+          // maximized:     True if this group view has been maximized.
           var group = {};
           group.title = fields.join(this.chartLabelFieldSeparator);
           group.fields = [...fields];
@@ -1024,6 +1032,16 @@ const huntComponent = {
           } else if (options.indexOf("sankey") != -1) {
             this.displaySankeyChart(group, groupIdx);
           }
+          group.maximized = options.indexOf("maximize") != -1;
+          if (group.maximized) {
+            const unmaximizeFn = function() {
+              const newRoute = route.buildNonMaximizedRoute(group, groupIdx);
+              route.$router.push(newRoute, function() {}, function() {});
+            };
+            this.$nextTick(() => { 
+              route.$root.maximizeById("group-" + groupIdx, unmaximizeFn);
+            });
+          }
         }
         return true;
       }
diff --git a/html/js/routes/hunt.test.js b/html/js/routes/hunt.test.js
index 80c74f10..68f36adc 100644
--- a/html/js/routes/hunt.test.js
+++ b/html/js/routes/hunt.test.js
@@ -371,7 +371,7 @@ test('populateGroupByTables', () => {
   comp.groupBySortBy = "foo";
   comp.groupBySortDesc = false;
 
-  comp.queryGroupByOptions = [[],[]];
+  comp.queryGroupByOptions = [[],["maximize"]];
   var result = comp.populateGroupByTables(metrics);
   expect(comp.groupBys.length).toBe(2);
   expect(comp.groupBys[0].title).toBe("foo, bar");
@@ -383,6 +383,7 @@ test('populateGroupByTables', () => {
   expect(comp.groupBys[0].chart_metrics).toStrictEqual([{value: 23, keys:['moo, mar']}]);
   expect(comp.groupBys[0].sortBy).toBe('foo');
   expect(comp.groupBys[0].sortDesc).toBe(false);
+  expect(comp.groupBys[0].maximized).toBe(false);
   expect(comp.groupBys[1].title).toBe("car");
   expect(comp.groupBys[1].fields.length).toBe(1);
   expect(comp.groupBys[1].data[0].count).toBe(9);
@@ -391,6 +392,7 @@ test('populateGroupByTables', () => {
   expect(comp.groupBys[1].chart_metrics).toStrictEqual([{value: 9, keys:['mis']}]);
   expect(comp.groupBys[1].sortBy).toBe('count');
   expect(comp.groupBys[1].sortDesc).toBe(true);
+  expect(comp.groupBys[1].maximized).toBe(true);
 
   // Now include action column
   comp.aggregationActionsEnabled = true;
@@ -646,10 +648,20 @@ test('buildToggleLegendRoute', () => {
   expect(route.query.q).toBe("* | groupby -legend -pie something | groupby something else");
 });
 
-test('buildGroupWithoutOptionsRoute', () => {
+test('buildMaximizeRoute', () => {
+  var group = {};
   comp.query = "* | groupby -pie something | groupby something else";
-  var route = comp.buildGroupWithoutOptionsRoute(1);
+  var route = comp.buildMaximizeRoute(group, 0);
+  expect(route.query.q).toBe("* | groupby -maximize -pie something | groupby something else");
+
+  route = comp.buildNonMaximizedRoute(group, 0);
   expect(route.query.q).toBe("* | groupby -pie something | groupby something else");
+});
+
+test('buildGroupWithoutOptionsRoute', () => {
+  comp.query = "* | groupby -maximize -pie something | groupby something else";
+  var route = comp.buildGroupWithoutOptionsRoute(1);
+  expect(route.query.q).toBe("* | groupby -maximize -pie something | groupby something else");
 
   var route = comp.buildGroupWithoutOptionsRoute(0);
   expect(route.query.q).toBe("* | groupby something | groupby something else");
diff --git a/html/js/test_common.js b/html/js/test_common.js
index c12ce850..3ce850be 100644
--- a/html/js/test_common.js
+++ b/html/js/test_common.js
@@ -23,6 +23,12 @@ var app = null;
 global.Vue = function(obj) {
 	app = this;
 	app.$root = this;
+	app.$vuetify = { 
+		theme: { 
+			dark: false,
+			currentTheme: {}
+		}
+	};
 	app.debug = true;
 	Object.assign(app, obj.data, obj.methods);
 	this.ensureConnected = jest.fn();

From 65f062dacff928a5e9ee5723d35e700859f492de Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 Jun 2022 15:04:08 -0400
Subject: [PATCH 05/12] Update unit tests to match nextTick usage

---
 html/js/app.js         | 9 ++++++++-
 html/js/test_common.js | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/html/js/app.js b/html/js/app.js
index d854cf0e..fc21205e 100644
--- a/html/js/app.js
+++ b/html/js/app.js
@@ -810,7 +810,11 @@ $(document).ready(function() {
         return this.maximizedTarget != null;
       },
       maximizeById(targetId, escapeFn=null) {
-        this.maximize(document.getElementById(targetId), escapeFn);
+        const target = document.getElementById(targetId);
+        if (target) {
+          return this.maximize(target, escapeFn);
+        }
+        return false;
       },
       maximize(target, escapeFn=null) {
         this.unmaximize();
@@ -818,8 +822,10 @@ $(document).ready(function() {
         this.maximizedOrigWidth = target.style.width;
         this.maximizedOrigHeight = target.style.height;
         target.classList.add("maximized");
+        window.scrollTo(0,0);
         this.maximizedCancelFn = escapeFn;
         document.addEventListener('keydown', this.unmaximizeEscapeListener);
+        return true;
       },
       unmaximize(userInitiated=false) {
         if (!this.maximizedTarget) return;
@@ -837,6 +843,7 @@ $(document).ready(function() {
         if (event.code == "Escape") { 
           this.unmaximize(true);
         }
+        event.cancel();
       },
     },
     created() {
diff --git a/html/js/test_common.js b/html/js/test_common.js
index 3ce850be..d536684f 100644
--- a/html/js/test_common.js
+++ b/html/js/test_common.js
@@ -15,7 +15,7 @@ global.$ = function(doc) {
 	return doc;
 };
 global.document.ready = function(fn) { fn(); };
-
+global.window.scrollTo = jest.fn();
 ////////////////////////////////////
 // Mock Vue
 ////////////////////////////////////

From 527fd4a850bcaeea9e6e31685d47fde287a33575 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 Jun 2022 15:30:50 -0400
Subject: [PATCH 06/12] Prevent scrolling of background when chart or table is
 maximized

---
 html/css/app.css    | 4 ++++
 html/js/app.js      | 2 ++
 html/js/app.test.js | 6 ++++++
 3 files changed, 12 insertions(+)

diff --git a/html/css/app.css b/html/css/app.css
index 11f7dd67..8a6570ab 100644
--- a/html/css/app.css
+++ b/html/css/app.css
@@ -412,4 +412,8 @@ td {
   height: calc(100vh - 100px);
   background-color: var(--v-background-base);
   z-index: 1;
+}
+
+.maximized-bg {
+  overflow: hidden;
 }
\ No newline at end of file
diff --git a/html/js/app.js b/html/js/app.js
index fc21205e..560be261 100644
--- a/html/js/app.js
+++ b/html/js/app.js
@@ -822,6 +822,7 @@ $(document).ready(function() {
         this.maximizedOrigWidth = target.style.width;
         this.maximizedOrigHeight = target.style.height;
         target.classList.add("maximized");
+        document.documentElement.classList.add("maximized-bg");
         window.scrollTo(0,0);
         this.maximizedCancelFn = escapeFn;
         document.addEventListener('keydown', this.unmaximizeEscapeListener);
@@ -833,6 +834,7 @@ $(document).ready(function() {
           if (this.maximizedCancelFn(this.maximizeTarget)) return;
         }
         this.maximizedTarget.classList.remove("maximized");
+        document.documentElement.classList.remove("maximized-bg");
         this.maximizedTarget.style.width = this.maximizedOrigWidth;
         this.maximizedTarget.style.height = this.maximizedOrigHeight;
         this.maximizedTarget = null;
diff --git a/html/js/app.test.js b/html/js/app.test.js
index d0a788b8..03720c72 100644
--- a/html/js/app.test.js
+++ b/html/js/app.test.js
@@ -172,12 +172,16 @@ test('maximize', () => {
 	expect(app.isMaximized()).toBe(true);
 	expect(app.maximizedOrigWidth).toBe("12px");
 	expect(app.maximizedOrigHeight).toBe("13px");
+	expect(element.classList).toContain('maximized');
+	expect(document.documentElement.classList).toContain('maximized-bg');
 
 	app.unmaximize(true);
 
 	expect(app.isMaximized()).toBe(false);
 	expect(app.maximizedCancelFn).toBeNull();
 	expect(cancelMock).toHaveBeenCalledTimes(1);
+	expect(element.classList).not.toContain('maximized');
+	expect(document.documentElement.classList).not.toContain('maximized-bg');
 
 	// Maximize again
 	app.maximize(element);
@@ -192,4 +196,6 @@ test('maximize', () => {
 	expect(cancelMock).toHaveBeenCalledTimes(1);
 
 	expect(app.maximizedCancelFn).toBeNull();
+	expect(element.classList).not.toContain('maximized');
+	expect(document.documentElement.classList).not.toContain('maximized-bg');
 });

From 83aa4a296f03847b42592ef00fe4d77a45fcd64c Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 Jun 2022 16:19:55 -0400
Subject: [PATCH 07/12] Omit locked/disabled users from the assignee list

---
 html/js/app.js              |  4 ++++
 html/js/app.test.js         | 19 +++++++++++++++++++
 html/js/routes/case.js      |  2 +-
 html/js/routes/case.test.js |  2 +-
 4 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/html/js/app.js b/html/js/app.js
index 560be261..8323ff40 100644
--- a/html/js/app.js
+++ b/html/js/app.js
@@ -753,6 +753,10 @@ $(document).ready(function() {
         }
         return this.i18n.na;
       },
+      async getActiveUsers() {
+        const users = await this.getUsers();
+        return users.filter(user => user.status != 'locked');
+      },
       async getUsers() {
         try {
           const response = await this.papi.get('users/');
diff --git a/html/js/app.test.js b/html/js/app.test.js
index 03720c72..52116446 100644
--- a/html/js/app.test.js
+++ b/html/js/app.test.js
@@ -199,3 +199,22 @@ test('maximize', () => {
 	expect(element.classList).not.toContain('maximized');
 	expect(document.documentElement.classList).not.toContain('maximized-bg');
 });
+
+test('getUsers', async () => {
+	const fakeUsers = [{ status: ''}, {status: 'locked'}];
+	var mock = mockPapi("get", {data: fakeUsers});
+  const showErrorMock = mockShowError(true);
+
+  const users = await app.getUsers();
+
+  expect(mock).toHaveBeenCalledWith('users/');
+  expect(showErrorMock).toHaveBeenCalledTimes(0);
+  expect(users.length).toBe(2);
+
+	mock = mockPapi("get", {data: fakeUsers});
+  const activeUsers = await app.getActiveUsers();
+
+  expect(mock).toHaveBeenCalledTimes(2);
+  expect(showErrorMock).toHaveBeenCalledTimes(0);
+  expect(activeUsers.length).toBe(1);
+});
diff --git a/html/js/routes/case.js b/html/js/routes/case.js
index e5edc726..cbc73766 100644
--- a/html/js/routes/case.js
+++ b/html/js/routes/case.js
@@ -427,7 +427,7 @@ routes.push({ path: '/case/:id', name: 'case', component: {
         const response = await this.$root.papi.get('case/', { params: {
             id: this.$route.params.id
         }});
-        this.userList = await this.$root.getUsers();
+        this.userList = await this.$root.getActiveUsers();
         await this.updateCaseDetails(response.data);
         this.loadAssociations();
       } catch (error) {
diff --git a/html/js/routes/case.test.js b/html/js/routes/case.test.js
index a7676840..ac5b1e33 100644
--- a/html/js/routes/case.test.js
+++ b/html/js/routes/case.test.js
@@ -204,7 +204,7 @@ test('loadData', async () => {
   mock = mockPapi("get", {'data':fakeUsers});
 
   comp.$route.params.id = 'myCaseId';
-  const showErrorMock = mockShowError();
+  const showErrorMock = mockShowError(true);
   comp.loadAssociations = jest.fn();
 
   await comp.loadData();

From 7de14f04106103e71dc20e9f8beb9b0ea573239c Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 27 Jun 2022 11:13:08 -0400
Subject: [PATCH 08/12] Add gh action for contrib check

---
 .github/workflows/contrib.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/contrib.yml

diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml
new file mode 100644
index 00000000..1cb3b773
--- /dev/null
+++ b/.github/workflows/contrib.yml
@@ -0,0 +1,24 @@
+name: contrib
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened,closed,synchronize]
+
+jobs:
+  CLAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Contributor Check"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        uses: cla-assistant/github-action@v2.1.3-beta
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        with:
+          path-to-signatures: 'signatures_v1.json'
+          path-to-document: 'https://securityonionsolutions.com/cla' 
+          allowlist: dependabot[bot],jertel,dougburks,TOoSmOotH,weslambert,defensivedepth,m0duspwnens
+          remote-organization-name: Security-Onion-Solutions
+          remote-repository-name: licensing
+

From 11227eba29ad97596a43126f4e26142737bde98a Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 28 Jun 2022 10:24:00 -0400
Subject: [PATCH 09/12] Strip whitespace around analyzer input strings

---
 agent/modules/analyze/analyze.go                    | 8 +++++++-
 agent/modules/analyze/analyze_test.go               | 4 +++-
 agent/modules/analyze/test-resources/whois/whois.py | 5 ++++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/agent/modules/analyze/analyze.go b/agent/modules/analyze/analyze.go
index 443a4211..0796e0a6 100644
--- a/agent/modules/analyze/analyze.go
+++ b/agent/modules/analyze/analyze.go
@@ -135,7 +135,13 @@ func (analyze *Analyze) ProcessJob(job *model.Job, reader io.ReadCloser) (io.Rea
 	} else {
 		input := "{}"
 		if val, ok := job.Filter.Parameters["artifact"]; ok {
-			bytes, err := json.WriteJson(val)
+			var bytes []byte
+			switch val.(type) {
+			case string:
+				bytes, err = json.WriteJson(strings.TrimSpace(val.(string)))
+			default:
+				bytes, err = json.WriteJson(val)
+			}
 			if err != nil {
 				log.WithError(err).Error("Unable to convert artifact parameter to JSON string")
 			} else {
diff --git a/agent/modules/analyze/analyze_test.go b/agent/modules/analyze/analyze_test.go
index 951c79ef..3da74f36 100644
--- a/agent/modules/analyze/analyze_test.go
+++ b/agent/modules/analyze/analyze_test.go
@@ -126,13 +126,15 @@ func TestAnalyzersExecuted(tester *testing.T) {
 
 	job := model.NewJob()
 	job.Kind = "analyze"
-	job.Filter.Parameters["foo"] = "bar"
+	job.Filter.Parameters["artifact"] = " bar\n"
 	reader, err := sq.ProcessJob(job, nil)
 	assert.Nil(tester, reader)
 	assert.Nil(tester, err)
 	assert.Len(tester, job.Results, 1)
 	assert.Equal(tester, "whois", job.Results[0].Id)
 	assert.Equal(tester, "something here that is so long it will need to be ...", job.Results[0].Summary)
+	data := job.Results[0].Data.(map[string]interface{})
+	assert.Equal(tester, "bar", data["input"])
 }
 
 func TestCreateResult(tester *testing.T) {
diff --git a/agent/modules/analyze/test-resources/whois/whois.py b/agent/modules/analyze/test-resources/whois/whois.py
index 01c0a60e..91aa9790 100644
--- a/agent/modules/analyze/test-resources/whois/whois.py
+++ b/agent/modules/analyze/test-resources/whois/whois.py
@@ -1,5 +1,8 @@
+import sys
+
 def main():
-	print('{"result":{ "requestId": "something-generated-by-whois", "someother_field": "more data" }, "summary": "something here that is so long it will need to be shortened"}')
+	input = sys.argv[1]
+	print('{"input": %s, "result":{ "requestId": "something-generated-by-whois", "someother_field": "more data"}, "summary": "something here that is so long it will need to be shortened"}' % (input))
 
 if __name__ == "__main__":
 	main()
\ No newline at end of file

From caa1667d32894c9e4b4f2d4f02e7456648ccf34f Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 29 Jun 2022 11:35:44 -0400
Subject: [PATCH 10/12] Support bulk observable adds

---
 html/index.html             |  1 +
 html/js/i18n.js             |  3 ++-
 html/js/routes/case.js      | 41 +++++++++++++++++++++++++++++++------
 html/js/routes/case.test.js | 37 +++++++++++++++++++++++++++++++++
 4 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/html/index.html b/html/index.html
index d91332aa..7349582c 100644
--- a/html/index.html
+++ b/html/index.html
@@ -1726,6 +1726,7 @@ <h3 class="text--primary">{{ i18n.evidenceAdd }}</h3>
                             <v-combobox id="evidence-type" v-if="isPresetCustomEnabled('artifactType')" v-model="associatedForms['evidence'].artifactType" :items="selectList('artifactType')" persistent-hint :hint="i18n.artifactTypeHelp"/>
                             <v-file-input id="evidence-value" v-if="associatedForms['evidence'].artifactType == 'file'" show-size v-model="attachment" persistent-hint :hint="getAttachmentHelp()" :rules="[rules.fileSizeLimit, rules.fileNotEmpty, rules.fileRequired]"/>
                             <v-textarea id="evidence-value" v-if="associatedForms['evidence'].artifactType != 'file'" rows="2" :value="associatedForms['evidence'].value" @change="val => associatedForms['evidence'].value = val" :rules="[rules.required]" :placeholder="i18n.artifactValue" persistent-hint :hint="i18n.artifactValueHelp"/>
+                            <v-checkbox v-if="isEvidenceBulkCapable()" id="evidence-bulk" v-model="associatedForms['evidence'].bulk" persistent-hint :hint="i18n.artifactBulkHelp"/>
                             <v-textarea id="evidence-description" rows="2" :value="associatedForms['evidence'].description" @change="val => associatedForms['evidence'].description = val" :placeholder="i18n.artifactDescription" persistent-hint :hint="i18n.artifactDescriptionHelp"/>
                             <v-checkbox id="evidence-ioc" v-model="associatedForms['evidence'].ioc" persistent-hint :hint="i18n.artifactIocHelp"/>
                             <v-select id="evidence-tlp" v-if="!isPresetCustomEnabled('tlp')" v-model="associatedForms['evidence'].tlp" :items="selectList('tlp')" persistent-hint :hint="i18n.caseTlpHelp"/>
diff --git a/html/js/i18n.js b/html/js/i18n.js
index 8466de59..d3f78329 100644
--- a/html/js/i18n.js
+++ b/html/js/i18n.js
@@ -75,7 +75,8 @@ const i18n = {
       analyzer_urlhaus_invalid_url: 'Invalid URL',
       analyzer_urlhaus_malware_download: 'Malware download',
       
-
+      artifactBulk: 'Bulk Add',
+      artifactBulkHelp: 'Enable this checkbox to have a separate observable added for each line of the provided value above',
       artifactDescription: 'Description',
       artifactDescriptionHelp: 'Provide an optional description',
       artifactIoc: 'IOC',
diff --git a/html/js/routes/case.js b/html/js/routes/case.js
index cbc73766..68a4400a 100644
--- a/html/js/routes/case.js
+++ b/html/js/routes/case.js
@@ -501,18 +501,43 @@ routes.push({ path: '/case/:id', name: 'case', component: {
         form.caseId = this.caseObj.id;
         form.id = '';
 
+        let response = undefined;
         let config = undefined;
-        let data = JSON.stringify(form);
         if (this.attachment && form.artifactType == 'file') {
-          let jsonData = data;
-          data = new FormData();
-          data.append("json", jsonData);
+          const data = new FormData();
+          data.append("json", JSON.stringify(form));
           data.append("attachment", this.attachment);
           headers = { 'Content-Type': 'multipart/form-data; boundary=' + data._boundary }
           config = { 'headers': headers };
+          response = await this.$root.papi.post('case/' + this.mapAssociatedPath(association), data, config);
+        } else if (association == 'evidence' && this.isEvidenceBulkCapable() && form.bulk) {
+          let added = 0;
+          const combined = form.value;
+          const values = combined.split("\n")
+          for (var i = 0; i < values.length; i++) {
+            const val = values[i];
+            if (val.trim().length > 0) {
+              form.value = val.trim();
+              let data = JSON.stringify(form);
+              response = await this.$root.papi.post('case/' + this.mapAssociatedPath(association), data, config);
+              if (response && response.data) {
+                await this.$root.populateUserDetails(response.data, "userId", "owner");
+                this.associations[association].push(response.data);
+                added++;
+              }
+              response = null;
+            }
+          }
+          if (added > 0) {
+            this.resetForm(association);
+            this.$root.showTip(this.i18n.saveSuccess);
+          }
+        } else {
+          let data = JSON.stringify(form);
+          response = await this.$root.papi.post('case/' + this.mapAssociatedPath(association), data, config);
         }
-        const response = await this.$root.papi.post('case/' + this.mapAssociatedPath(association), data, config);
-        if (response.data) {
+        
+        if (response && response.data) {
           await this.$root.populateUserDetails(response.data, "userId", "owner");
           this.associations[association].push(response.data);
           this.resetForm(association);
@@ -634,6 +659,9 @@ routes.push({ path: '/case/:id', name: 'case', component: {
       }
       return tlp;
     },
+    isEvidenceBulkCapable() {
+      return this.associatedForms['evidence'].artifactType != "file";
+    },
     resetFormDefaults(form, ref) {
       switch (ref) {
         case "attachments": 
@@ -641,6 +669,7 @@ routes.push({ path: '/case/:id', name: 'case', component: {
           break;
         case "evidence": 
           form.tlp = this.getTlp();
+          form.bulk = false;
           form.artifactType = this.getDefaultPreset('artifactType');
           break;
         case "comments":
diff --git a/html/js/routes/case.test.js b/html/js/routes/case.test.js
index ac5b1e33..d3acff60 100644
--- a/html/js/routes/case.test.js
+++ b/html/js/routes/case.test.js
@@ -311,6 +311,31 @@ test('addAssociation', async () => {
   expect(getApp().showTip).toHaveBeenCalledWith(comp.i18n.saveSuccess);
 });
 
+test('addAssociationBulk', async () => {
+  // Mock two responses
+  mockPapi("post", {'data':fakeComment});
+  mock = mockPapi("post", {'data':fakeComment});
+  getApp().showTip = jest.fn();
+
+  comp.associatedForms['evidence'].artifactType = "domain";
+  comp.associatedForms['evidence'].bulk = true;
+  comp.associatedForms['evidence'].value = "line1\nline2";
+  comp.caseObj.id = 'myCaseId';
+  const showErrorMock = mockShowError();
+  expect(comp.associations['evidence'].length).toBe(0);
+
+  await comp.addAssociation('evidence');
+
+  const body1 =  "{\"artifactType\":\"domain\",\"bulk\":true,\"value\":\"line1\",\"caseId\":\"myCaseId\",\"id\":\"\"}";
+  const body2 =  "{\"artifactType\":\"domain\",\"bulk\":true,\"value\":\"line2\",\"caseId\":\"myCaseId\",\"id\":\"\"}";
+  expect(mock).toHaveBeenNthCalledWith(1, 'case/artifacts', body1, undefined);
+  expect(mock).toHaveBeenNthCalledWith(2, 'case/artifacts', body2, undefined);
+  expect(showErrorMock).toHaveBeenCalledTimes(0);
+  expect(comp.associations['evidence'].length).toBe(2);
+  expect(comp.$root.loading).toBe(false);
+  expect(getApp().showTip).toHaveBeenCalledWith(comp.i18n.saveSuccess);
+});
+
 test('addAssociationError', async () => {
   const showErrorMock = mockShowError();
   mockPapi("post", null, new Error("something bad"));
@@ -408,8 +433,20 @@ test('resetFormComments', () => {
 
 test('resetFormEvidence', () => {
   comp.associatedForms['evidence'].description = "something";
+  comp.associatedForms['evidence'].bulk = true;
   comp.resetForm('evidence');
   expect(comp.associatedForms['evidence'].description).toBe(undefined);
+  expect(comp.associatedForms['evidence'].bulk).toBe(false);
+});
+
+test('isEvidenceBulkCapable', () => {
+  comp.associatedForms['evidence'].artifactType = 'domain';
+  var result = comp.isEvidenceBulkCapable();
+  expect(result).toBe(true);
+
+  comp.associatedForms['evidence'].artifactType = 'file';
+  var result = comp.isEvidenceBulkCapable();
+  expect(result).toBe(false);
 });
 
 test('presets', () => {

From 5f1557e78c856a9e3eef44b0a01bd6a60a2d1d16 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Thu, 30 Jun 2022 14:50:34 -0400
Subject: [PATCH 11/12] Strip whitespace before sending observable values to
 API

---
 html/js/routes/case.js      | 3 +++
 html/js/routes/case.test.js | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/html/js/routes/case.js b/html/js/routes/case.js
index 68a4400a..25289696 100644
--- a/html/js/routes/case.js
+++ b/html/js/routes/case.js
@@ -500,6 +500,9 @@ routes.push({ path: '/case/:id', name: 'case', component: {
         }
         form.caseId = this.caseObj.id;
         form.id = '';
+        if (form.value) {
+          form.value = form.value.trim();
+        }
 
         let response = undefined;
         let config = undefined;
diff --git a/html/js/routes/case.test.js b/html/js/routes/case.test.js
index d3acff60..3fc06285 100644
--- a/html/js/routes/case.test.js
+++ b/html/js/routes/case.test.js
@@ -297,13 +297,14 @@ test('addAssociation', async () => {
   getApp().showTip = jest.fn();
 
   comp.associatedForms['comments'].description = 'myDescription';
+  comp.associatedForms['comments'].value = ' some padding \n';
   comp.caseObj.id = 'myCaseId';
   const showErrorMock = mockShowError();
   expect(comp.associations['comments'].length).toBe(0);
 
   await comp.addAssociation('comments');
 
-  const body =  "{\"description\":\"myDescription\",\"caseId\":\"myCaseId\",\"id\":\"\"}";
+  const body =  "{\"description\":\"myDescription\",\"value\":\"some padding\",\"caseId\":\"myCaseId\",\"id\":\"\"}";
   expect(mock).toHaveBeenCalledWith('case/comments', body, undefined);
   expect(showErrorMock).toHaveBeenCalledTimes(0);
   expect(comp.associations['comments'].length).toBe(1);

From c2ccc4ccdd5220bd9abd85a86fe0d949d65494cb Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 1 Jul 2022 13:34:04 -0400
Subject: [PATCH 12/12] Upgrade kratos to v0.10.1

---
 Dockerfile.kratos | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.kratos b/Dockerfile.kratos
index ddd5e3a2..b6243377 100644
--- a/Dockerfile.kratos
+++ b/Dockerfile.kratos
@@ -11,7 +11,7 @@
 FROM ghcr.io/security-onion-solutions/golang:alpine AS builder
 
 ARG OWNER=ory
-ARG VERSION=v0.9.0-alpha.3
+ARG VERSION=v0.10.1
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -H -s /bin/nologin