From a4e94c5458b7f523f264e0fe7f3216d26012f6c6 Mon Sep 17 00:00:00 2001
From: Davide Arcuri <davide.arcuri@leonardo.com>
Date: Fri, 9 Feb 2024 16:54:46 +0100
Subject: [PATCH] folder, ws, yara 4.3

---
 compose/local/dask/Dockerfile                 |   2 +-
 compose/local/django/Dockerfile               |   2 +-
 orochi/static/css/style.css                   |   4 +
 orochi/templates/website/index.html           |  65 ++++++++-
 orochi/templates/website/partial_folder.html  |  28 ++++
 orochi/templates/website/partial_indices.html |  16 ++-
 orochi/utils/volatility_dask_elk.py           |  63 ++++++---
 orochi/website/forms.py                       |  59 +++++++--
 .../migrations/0050_folder_dump_folder.py     |  52 ++++++++
 ..._superuser.py => 0051_create_superuser.py} |   2 +-
 orochi/website/models.py                      |  14 ++
 orochi/website/urls.py                        |   3 +
 orochi/website/views.py                       | 124 +++++++++---------
 13 files changed, 336 insertions(+), 98 deletions(-)
 create mode 100644 orochi/templates/website/partial_folder.html
 create mode 100644 orochi/website/migrations/0050_folder_dump_folder.py
 rename orochi/website/migrations/{0050_create_superuser.py => 0051_create_superuser.py} (92%)

diff --git a/compose/local/dask/Dockerfile b/compose/local/dask/Dockerfile
index 62ffba4b..e1e74f4e 100644
--- a/compose/local/dask/Dockerfile
+++ b/compose/local/dask/Dockerfile
@@ -36,7 +36,7 @@ RUN ./bootstrap.sh \
   && make install \
   && echo "Install yara-python..."
 WORKDIR /tmp
-RUN git clone --branch v4.2.x --recursive https://github.com/VirusTotal/yara-python
+RUN git clone --branch v4.3.x --recursive https://github.com/VirusTotal/yara-python
 WORKDIR /tmp/yara-python
 RUN python setup.py build \
   && python setup.py install \
diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
index 0543b135..ec13df63 100644
--- a/compose/local/django/Dockerfile
+++ b/compose/local/django/Dockerfile
@@ -48,7 +48,7 @@ RUN ./bootstrap.sh \
   && make install \
   && echo "Install yara-python..."
 WORKDIR /tmp
-RUN git clone --branch v4.2.x --recursive https://github.com/VirusTotal/yara-python
+RUN git clone --branch v4.3.x --recursive https://github.com/VirusTotal/yara-python
 WORKDIR /tmp/yara-python
 RUN python setup.py build
 
diff --git a/orochi/static/css/style.css b/orochi/static/css/style.css
index 43fe5621..eebad8ef 100644
--- a/orochi/static/css/style.css
+++ b/orochi/static/css/style.css
@@ -184,6 +184,10 @@ main {
   border: 0px;
 }
 
+ul.nested-list li.list-group-item {
+  padding: 6px 1px 1px 5px;
+}
+
 /********************************************************
   OROCHI LOGO
 ********************************************************/
diff --git a/orochi/templates/website/index.html b/orochi/templates/website/index.html
index cb7c4b88..eaf10274 100644
--- a/orochi/templates/website/index.html
+++ b/orochi/templates/website/index.html
@@ -12,7 +12,14 @@
 
 {% block sidebar %}
 <h6 class="sidebar-heading d-flex justify-content-between align-items-center px-3 mt-4 mb-1 text-muted">
-    <span>dumps <button id="new_index" type="button" class="btn btn-outline-success btn-sm">+</button></span>
+    <span>dumps
+        <button id="new-index" type="button" class="btn btn-outline-success btn-sm">
+            <i class="fa-solid fa-plus"></i>
+        </button>
+        <button id="new-folder" type="button" class="btn btn-outline-warning btn-sm">
+            <i class="fa-solid fa-folder-plus"></i>
+        </button>
+    </span>
     <input type="text" id="filter_dump" name="filter_dump" style="width: 60%;" class="form-control form-control-sm" placeholder="Filter">
 </h6>
 {% include "website/partial_indices.html" %}
@@ -156,15 +163,15 @@ <h5 class="offcanvas-title" id="leftNoteLabel">History Log</h5>
         };
 
         // FILTER DUMP LIST
-        $("#filter_dump").on("keyup", function () {
+        $(document).on("keyup", "#filter_dump", function () {
             var value = $(this).val().toLowerCase();
-            $("#index-list li").filter(function () {
+            $(".nested-list li").filter(function () {
                 $(this).toggle($(this).text().toLowerCase().indexOf(value) > -1)
             });
         });
 
         // FILTER PLUGIN LIST
-        $("#filter_plugin").on("keyup", function () {
+        $(document).on("keyup", "#filter_plugin", function () {
             var value = $(this).val().toLowerCase();
             $("#list_plugin li").filter(function () {
                 $(this).toggle($(this).text().toLowerCase().indexOf(value) > -1)
@@ -334,7 +341,6 @@ <h5 class="offcanvas-title" id="leftNoteLabel">History Log</h5>
             }
         });
 
-
         // RERUN PLUGIN FORM
         var res_call = null;
         $(document).on('click', '#btn-resubmit', function () {
@@ -397,7 +403,7 @@ <h5 class="offcanvas-title" id="leftNoteLabel">History Log</h5>
         });
 
         // ADD INDEX FORM
-        $(document).on("click", "#new_index", function () {
+        $(document).on("click", "#new-index", function () {
             $.ajax({
                 url: "{% url 'website:index_create'%}",
                 type: 'get',
@@ -443,6 +449,52 @@ <h5 class="offcanvas-title" id="leftNoteLabel">History Log</h5>
             });
         });
 
+        // ADD FOLDER FORM
+        $(document).on("click", "#new-folder", function () {
+            $.ajax({
+                url: "{% url 'website:folder_create'%}",
+                type: 'get',
+                dataType: 'json',
+                beforeSend: function () {
+                    $("#modal-update").modal("show");
+                },
+                success: function (data) {
+                    $("#modal-update .modal-content").html(data.html_form);
+                }
+            });
+        });
+
+        // ADD FOLDER FORM SUBMIT
+        $(document).on("submit", "#create-folder", function (e) {
+            e.preventDefault();
+            var form = $(this);
+            $.ajax({
+                url: form.attr("action"),
+                data: form.serialize(),
+                type: form.attr("method"),
+                dataType: 'json',
+                success: function (data) {
+                    $.toast({
+                        title: 'Operation successful!',
+                        content: 'Folder has been created',
+                        type: 'success',
+                        delay: 5000
+                    });
+                    $("#modal-update").modal('hide');
+                },
+                error: function () {
+                    $.toast({
+                        title: 'Operation error!',
+                        content: 'Error during folder creation.',
+                        type: 'error',
+                        delay: 5000
+                    });
+                    $("#modal-update").modal('hide');
+                }
+            });
+        });
+
+
         // RESTART INDEX FORM SUBMIT
         $(document).on("click", ".restart-index", function (e) {
             var btn = $(this);
@@ -489,7 +541,6 @@ <h5 class="offcanvas-title" id="leftNoteLabel">History Log</h5>
             });
         });
 
-
         // DOWNLOAD SYMBOLS FROM BANNER FORM
         $(document).on("click", ".symbols-download", function () {
             var btn = $(this);
diff --git a/orochi/templates/website/partial_folder.html b/orochi/templates/website/partial_folder.html
new file mode 100644
index 00000000..d5bccc09
--- /dev/null
+++ b/orochi/templates/website/partial_folder.html
@@ -0,0 +1,28 @@
+{% load widget_tweaks %}
+
+<form method="post" action="{% url 'website:folder_create' %}" id="create-folder">
+    {{ form.media }}
+    {% csrf_token %}
+    <div class="modal-header">
+        <h5 class="modal-title">Create a new foledr</h5>
+        <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+    </div>
+    <div class="modal-body">
+        {% for field in form.visible_fields %}
+        <div class="form-group{% if field.errors %} has-error{% endif %}">
+            <label for="{{ field.id_for_label }}">{{ field.label }}</label>
+            {% render_field field class="form-control" %}
+            {% for error in field.errors %}
+            <p class="help-block">{{ error }}</p>
+            {% endfor %}
+        </div>
+        {% endfor %}
+        {% for hidden in form.hidden_fields %}
+        {{ hidden }}
+        {% endfor %}
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+        <button type="submit" class="btn btn-primary">Create Folder</button>
+    </div>
+</form>
diff --git a/orochi/templates/website/partial_indices.html b/orochi/templates/website/partial_indices.html
index a375ebfd..ddba5838 100644
--- a/orochi/templates/website/partial_indices.html
+++ b/orochi/templates/website/partial_indices.html
@@ -1,7 +1,14 @@
 {% if dumps %}
 <ul class="nav flex-column" id="index-list">
-    {% for index, name, color, os, author, missing_symbols, status, description in dumps %}
-    <li class="nav-item">
+    {% for folder, index, name, color, os, author, missing_symbols, status, description in dumps %}
+    {% ifchanged folder %}
+    {% if not forloop.first %}
+</ul>
+{% endif %}
+<li class="nav-item ms-2"><i class="fa-regular fa-folder"></i> {{folder|default:" - "}}</li>
+<ul class="list-group list-group-flush nested-list" id="folder_{{folder}}">
+    {% endifchanged %}
+    <li class="list-group-item">
         <label class="check_container" data-index="{{index}}" data-color="{{color}}">
             {% if os == 'Linux' %}
             <i class="fab fa-linux me-1"></i>
@@ -83,7 +90,10 @@
             {% endif %}
         </label>
     </li>
-    {% endfor %}
+    {% if forloop.last %}
+</ul>
+{% endif %}
+{% endfor %}
 </ul>
 {% else %}
 <ul class="nav flex-column" id="index-list">
diff --git a/orochi/utils/volatility_dask_elk.py b/orochi/utils/volatility_dask_elk.py
index e53db032..7ec5ed0c 100644
--- a/orochi/utils/volatility_dask_elk.py
+++ b/orochi/utils/volatility_dask_elk.py
@@ -16,6 +16,7 @@
 from urllib.request import pathname2url
 
 import attr
+import elasticsearch
 import magic
 import requests
 import volatility3.plugins
@@ -80,7 +81,15 @@
     "Changed Date": "#FFFF00",
 }
 
-TOAST_COLORS = {1: "green", 2: "green", 3: "orange", 4: "red"}
+TOAST_COLORS = {
+    0: "blue",
+    1: "yellow",
+    2: "green",
+    3: "green",
+    4: "orange",
+    5: "red",
+    6: "black",
+}
 
 
 class MuteProgress(object):
@@ -348,7 +357,10 @@ def send_to_ws(dump, result=None, plugin_name=None, message=None, color=None):
                     f"""Message on dump <b>{dump.name}</b><br><b style='color:{TOAST_COLORS[color]}'>{message}</b>""",
                 },
             )
-    channel_layer.close()
+    try:
+        channel_layer.close()
+    except RuntimeError as excp:
+        logging.error(str(excp))
 
 
 def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
@@ -514,7 +526,7 @@ def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
                 else:
                     match = []
 
-                # CALCOLATE HASH AND CHECK FOR CLAMAC SIGNATURE
+                # CALCOLATE HASH AND CHECK FOR CLAMAV SIGNATURE
                 for x in json_data:
                     filename = x["File output"].replace('"', "")
                     down_path = f"{local_path}/{filename}"
@@ -588,7 +600,7 @@ def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
             result.save()
 
             logging.debug(f"[dump {dump_obj.pk} - plugin {plugin_obj.pk}] empty")
-        # send_to_ws(dump_obj, result, plugin_obj.name)
+        send_to_ws(dump_obj, result, plugin_obj.name)
         return 0
 
     except Exception as excp:
@@ -598,7 +610,7 @@ def run_plugin(dump_obj, plugin_obj, params=None, user_pk=None):
         result.result = RESULT_STATUS_ERROR
         result.description = "\n".join(fulltrace)
         result.save()
-        # send_to_ws(dump_obj, result, plugin_obj.name)
+        send_to_ws(dump_obj, result, plugin_obj.name)
         logging.error(f"[dump {dump_obj.pk} - plugin {plugin_obj.pk}] generic error")
         return 0
 
@@ -687,12 +699,17 @@ def get_banner(result):
     """
     Get banner from elastic for a specific dump. If multiple gets first
     """
-    es_client = Elasticsearch([settings.ELASTICSEARCH_URL])
-    s = Search(
-        using=es_client,
-        index=f"{result.dump.index}_{result.plugin.name.lower()}",
-    )
-    banners = [hit.to_dict().get("Banner", None) for hit in s.execute()]
+    try:
+        es_client = Elasticsearch([settings.ELASTICSEARCH_URL])
+        s = Search(
+            using=es_client,
+            index=f"{result.dump.index}_{result.plugin.name.lower()}",
+        )
+        banners = [hit.to_dict().get("Banner", None) for hit in s.execute()]
+    except elasticsearch.NotFoundError:
+        logging.error(f"[dump {result.dump.pk}] no index found")
+        return None
+
     logging.error(f"banners: {banners}")
     if len(banners) > 0:
         for hit in banners:
@@ -723,7 +740,8 @@ def check_runnable(dump_pk, operating_system, banner):
             m.groupdict()
             dump_kernel = m["kernel"]
         else:
-            logging.error("Error extracting kernel info from dump")
+            logging.error("[dump {dump_pk}] Error extracting kernel info from dump")
+            return False
 
         ctx = contexts.Context()
         automagics = automagic.available(ctx)
@@ -739,7 +757,9 @@ def check_runnable(dump_pk, operating_system, banner):
                     if m["kernel"] == dump_kernel:
                         return True
                 else:
-                    logging.error("Error extracting kernel info from dump")
+                    logging.error(
+                        "[dump {dump_pk}] Error extracting kernel info from dump"
+                    )
             logging.error(f"[dump {dump_pk}] Banner not found")
             logging.error(
                 "Available banners: {}".format(
@@ -808,7 +828,7 @@ def unzip_then_run(dump_pk, user_pk, password, restart):
                 elif len(extracted_files) > 1:
                     for x in extracted_files:
                         if x.lower().endswith(".vmem"):
-                            newpath = Path(extract_path, x)
+                            newpath = x
                 if not newpath:
                     # archive is unvalid
                     logging.error(f"[dump {dump_pk}] Invalid archive dump data")
@@ -885,9 +905,22 @@ def unzip_then_run(dump_pk, user_pk, password, restart):
             for result in tasks_list:
                 result.result = RESULT_STATUS_DISABLED
                 result.save()
-            send_to_ws(dump, message="Missing symbols all plugin are disabled", color=4)
+            send_to_ws(
+                dump, message="Missing symbols! All plugin are disabled", color=4
+            )
     except Exception as excp:
         logging.error(f"[dump {dump_pk}] - {excp}")
         dump.description = excp
         dump.status = DUMP_STATUS_ERROR
         dump.save()
+        tasks_list = (
+            dump.result_set.all()
+            if dump.operating_system != "Linux"
+            else dump.result_set.exclude(plugin__name="banners.Banners")
+        )
+        for result in tasks_list:
+            result.result = RESULT_STATUS_DISABLED
+            result.save()
+        send_to_ws(
+            dump, message="Error in file creation! All plugin are disabled", color=4
+        )
diff --git a/orochi/website/forms.py b/orochi/website/forms.py
index 25e5be4f..e37ce34c 100644
--- a/orochi/website/forms.py
+++ b/orochi/website/forms.py
@@ -1,6 +1,8 @@
 from datetime import datetime
 
 from django import forms
+from django.contrib.admin import site as admin_site
+from django.contrib.admin.widgets import RelatedFieldWidgetWrapper
 from django.contrib.auth import get_user_model
 from django.contrib.postgres.forms import SimpleArrayField
 from django.forms.widgets import CheckboxInput
@@ -11,18 +13,21 @@
 )
 
 from orochi.utils.plugin_install import plugin_install
-from orochi.website.models import OPERATING_SYSTEM, Bookmark, Dump, Plugin
+from orochi.website.models import OPERATING_SYSTEM, Bookmark, Dump, Folder, Plugin
 
 
-class DumpForm(FileFormMixin, forms.ModelForm):
-    upload = UploadedFileField()
-    password = forms.CharField(required=False)
-
+######################################
+# FOLDERS
+######################################
+class FolderForm(forms.ModelForm):
     class Meta:
-        model = Dump
-        fields = ("upload", "name", "operating_system", "comment", "password", "color")
+        model = Folder
+        fields = ("name",)
 
 
+######################################
+# BOOKMARKS
+######################################
 class BookmarkForm(FileFormMixin, forms.ModelForm):
     selected_indexes = forms.CharField(widget=forms.HiddenInput(), required=False)
     selected_plugin = forms.CharField(widget=forms.HiddenInput(), required=False)
@@ -51,6 +56,32 @@ class Meta:
         fields = ("icon", "name", "query")
 
 
+######################################
+# DUMPS
+######################################
+class DumpForm(FileFormMixin, forms.ModelForm):
+    upload = UploadedFileField()
+    password = forms.CharField(required=False)
+
+    class Meta:
+        model = Dump
+        fields = (
+            "upload",
+            "name",
+            "folder",
+            "operating_system",
+            "comment",
+            "password",
+            "color",
+        )
+
+    def __init__(self, current_user, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["folder"] = forms.ModelChoiceField(
+            queryset=Folder.objects.filter(user=current_user), required=False
+        )
+
+
 class EditDumpForm(forms.ModelForm):
     authorized_users = forms.TypedMultipleChoiceField(
         required=False,
@@ -62,13 +93,19 @@ def __init__(self, *args, **kwargs):
         self.fields["authorized_users"].choices = [
             (x.pk, x.username) for x in get_user_model().objects.exclude(pk=user.pk)
         ]
+        self.fields["folder"] = forms.ModelChoiceField(
+            queryset=Folder.objects.filter(user=user), required=False
+        )
 
     class Meta:
         model = Dump
-        fields = ("name", "color", "comment", "index", "authorized_users")
+        fields = ("name", "folder", "color", "comment", "index", "authorized_users")
         widgets = {"index": forms.HiddenInput()}
 
 
+######################################
+# PLUGIN PARAMETERS
+######################################
 class ParametersForm(forms.Form):
     selected_plugin = forms.CharField(widget=forms.HiddenInput())
     selected_indexes = forms.CharField(widget=forms.HiddenInput())
@@ -113,6 +150,9 @@ def __init__(self, *args, **kwargs):
                     )
 
 
+######################################
+# SYMBOLS MANAGEMENT
+######################################
 class SymbolISFForm(forms.Form):
     path = forms.CharField(required=True)
 
@@ -146,6 +186,9 @@ class Meta:
         }
 
 
+######################################
+# CREATE PLUGIN FROM ADMIN
+######################################
 class PluginCreateAdminForm(FileFormMixin, forms.ModelForm):
     plugin = UploadedFileField(required=True)
 
diff --git a/orochi/website/migrations/0050_folder_dump_folder.py b/orochi/website/migrations/0050_folder_dump_folder.py
new file mode 100644
index 00000000..d426d04f
--- /dev/null
+++ b/orochi/website/migrations/0050_folder_dump_folder.py
@@ -0,0 +1,52 @@
+# Generated by Django 5.0.2 on 2024-02-09 08:48
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("website", "0049_plugin_comment_alter_result_result"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Folder",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(max_length=250)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="folders",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "unique_together": {("name", "user")},
+            },
+        ),
+        migrations.AddField(
+            model_name="dump",
+            name="folder",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="website.folder",
+            ),
+        ),
+    ]
diff --git a/orochi/website/migrations/0050_create_superuser.py b/orochi/website/migrations/0051_create_superuser.py
similarity index 92%
rename from orochi/website/migrations/0050_create_superuser.py
rename to orochi/website/migrations/0051_create_superuser.py
index ebb03dfc..686b97e1 100644
--- a/orochi/website/migrations/0050_create_superuser.py
+++ b/orochi/website/migrations/0051_create_superuser.py
@@ -19,7 +19,7 @@ def generate_superuser(app, schema_editor):
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("website", "0049_plugin_comment_alter_result_result"),
+        ("website", "0050_folder_dump_folder"),
         ("ya", "0005_auto_20210618_0947"),
     ]
 
diff --git a/orochi/website/models.py b/orochi/website/models.py
index 89c0d65d..4df5f014 100644
--- a/orochi/website/models.py
+++ b/orochi/website/models.py
@@ -202,12 +202,26 @@ def __str__(self):
         return self.plugin.name
 
 
+class Folder(models.Model):
+    name = models.CharField(max_length=250)
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name="folders"
+    )
+
+    class Meta:
+        unique_together = ["name", "user"]
+
+    def __str__(self):
+        return self.name
+
+
 class Dump(models.Model):
     operating_system = models.CharField(
         choices=OPERATING_SYSTEM, default="Linux", max_length=10
     )
     banner = models.CharField(max_length=500, blank=True, null=True)
     upload = models.FileField(upload_to="uploads")
+    folder = models.ForeignKey(Folder, on_delete=models.SET_NULL, blank=True, null=True)
     comment = models.TextField(blank=True, null=True)
     description = models.TextField(blank=True, null=True)
     name = models.CharField(max_length=250)
diff --git a/orochi/website/urls.py b/orochi/website/urls.py
index bf556ad4..dbcc287c 100644
--- a/orochi/website/urls.py
+++ b/orochi/website/urls.py
@@ -59,6 +59,9 @@ def to_url(self, value):
     path("plugin", views.plugin, name="plugin"),
     path("parameters", views.parameters, name="parameters"),
     path("export", views.export, name="export"),
+    # FOLDERS
+    path("folder_create", views.folder_create, name="folder_create"),
+    path("folder_delete", views.folder_delete, name="folder_delete"),
     # DOWNLOAD FILES
     path("download", views.download, name="download"),
     # RUNNING TASKS
diff --git a/orochi/website/views.py b/orochi/website/views.py
index ff899a74..c3fb04c3 100644
--- a/orochi/website/views.py
+++ b/orochi/website/views.py
@@ -51,6 +51,7 @@
     DumpForm,
     EditBookmarkForm,
     EditDumpForm,
+    FolderForm,
     ParametersForm,
     SymbolBannerForm,
     SymbolISFForm,
@@ -67,6 +68,7 @@
     Bookmark,
     CustomRule,
     Dump,
+    Folder,
     Plugin,
     Result,
     Service,
@@ -100,6 +102,18 @@
     "windows.registry.userassist.userassist",
 ]
 
+INDEX_VALUES_LIST = [
+    "folder__name",
+    "index",
+    "name",
+    "color",
+    "operating_system",
+    "author",
+    "missing_symbols",
+    "status",
+    "description",
+]
+
 
 ##############################
 # CHANGELOG
@@ -931,22 +945,8 @@ def bookmarks(request, indexes, plugin, query=None):
     """Open index but from a stored configuration of indexes and plugin"""
     context = {
         "dumps": get_objects_for_user(request.user, "website.can_see")
-        .values_list(
-            "index",
-            "name",
-            "color",
-            "operating_system",
-            "author",
-            "missing_symbols",
-            "md5",
-            "sha256",
-            "size",
-            "upload",
-            "comment",
-            "status",
-            "description",
-        )
-        .order_by("name"),  # "-created_at"),
+        .values_list(*INDEX_VALUES_LIST)
+        .order_by("folder__name", "name"),
         "selected_indexes": indexes,
         "selected_plugin": plugin,
         "selected_query": query,
@@ -954,6 +954,42 @@ def bookmarks(request, indexes, plugin, query=None):
     return TemplateResponse(request, "website/index.html", context)
 
 
+##############################
+# FOLDER
+##############################
+@login_required
+def folder_create(request):
+    data = {}
+    if request.method == "POST":
+        form = FolderForm(request.POST)
+        if form.is_valid():
+            folder = form.save(commit=False)
+            folder.user = request.user
+            folder.save()
+        else:
+            data["form_is_valid"] = False
+    else:
+        form = FolderForm()
+
+    context = {"form": form}
+    data["html_form"] = render_to_string(
+        "website/partial_folder.html",
+        context,
+        request=request,
+    )
+    return JsonResponse(data)
+
+
+@login_required
+def folder_delete(request):
+    if request.method == "POST":
+        folder = request.POST.get("folder")
+        up = get_object_or_404(Folder, pk=folder, user=request.user)
+        up.delete()
+        return JsonResponse({"ok": True})
+    raise Http404("404")
+
+
 ##############################
 # DUMP
 ##############################
@@ -982,17 +1018,8 @@ def index(request):
     """List of available indexes"""
     context = {
         "dumps": get_objects_for_user(request.user, "website.can_see")
-        .values_list(
-            "index",
-            "name",
-            "color",
-            "operating_system",
-            "author",
-            "missing_symbols",
-            "status",
-            "description",
-        )
-        .order_by("name"),  # "-created_at"),
+        .values_list(*INDEX_VALUES_LIST)
+        .order_by("folder__name", "name"),
         "selected_indexes": [],
         "selected_plugin": None,
         "selected_query": None,
@@ -1067,17 +1094,8 @@ def edit(request):
                 "website/partial_indices.html",
                 {
                     "dumps": get_objects_for_user(request.user, "website.can_see")
-                    .values_list(
-                        "index",
-                        "name",
-                        "color",
-                        "operating_system",
-                        "author",
-                        "missing_symbols",
-                        "status",
-                        "description",
-                    )
-                    .order_by("name")  # "-created_at")
+                    .values_list(*INDEX_VALUES_LIST)
+                    .order_by("folder__name", "name")
                 },
                 request=request,
             )
@@ -1111,7 +1129,7 @@ def create(request):
     data = {}
 
     if request.method == "POST":
-        form = DumpForm(data=request.POST)
+        form = DumpForm(current_user=request.user, data=request.POST)
         if form.is_valid():
             with transaction.atomic():
                 upload = form.cleaned_data["upload"]
@@ -1163,24 +1181,15 @@ def create(request):
                 "website/partial_indices.html",
                 {
                     "dumps": get_objects_for_user(request.user, "website.can_see")
-                    .values_list(
-                        "index",
-                        "name",
-                        "color",
-                        "operating_system",
-                        "author",
-                        "missing_symbols",
-                        "status",
-                        "description",
-                    )
-                    .order_by("name")  # "-created_at")
+                    .values_list(*INDEX_VALUES_LIST)
+                    .order_by("folder__name", "name")
                 },
                 request=request,
             )
         else:
             data["form_is_valid"] = False
     else:
-        form = DumpForm()
+        form = DumpForm(current_user=request.user)
 
     context = {"form": form}
     data["html_form"] = render_to_string(
@@ -1259,17 +1268,8 @@ def banner_symbols(request):
                 "website/partial_indices.html",
                 {
                     "dumps": get_objects_for_user(request.user, "website.can_see")
-                    .values_list(
-                        "index",
-                        "name",
-                        "color",
-                        "operating_system",
-                        "author",
-                        "missing_symbols",
-                        "status",
-                        "description",
-                    )
-                    .order_by("name")  # "-created_at")
+                    .values_list(*INDEX_VALUES_LIST)
+                    .order_by("folder__name", "name")
                 },
                 request=request,
             )