2016-04-21 22:58:49 +02:00
|
|
|
<?php
|
|
|
|
App::uses('AppModel', 'Model');
|
2020-09-03 15:24:03 +02:00
|
|
|
|
2020-09-07 10:06:33 +02:00
|
|
|
/**
|
|
|
|
* @property WarninglistType $WarninglistType
|
2020-09-07 12:03:04 +02:00
|
|
|
* @property WarninglistEntry $WarninglistEntry
|
2020-09-07 10:06:33 +02:00
|
|
|
*/
|
2018-07-19 11:48:22 +02:00
|
|
|
class Warninglist extends AppModel
|
|
|
|
{
|
|
|
|
public $useTable = 'warninglists';
|
|
|
|
|
|
|
|
public $recursive = -1;
|
|
|
|
|
|
|
|
public $actsAs = array(
|
|
|
|
'Containable',
|
|
|
|
);
|
|
|
|
|
|
|
|
public $validate = array(
|
|
|
|
'name' => array(
|
|
|
|
'rule' => array('valueNotEmpty'),
|
|
|
|
),
|
|
|
|
'description' => array(
|
|
|
|
'rule' => array('valueNotEmpty'),
|
|
|
|
),
|
|
|
|
'version' => array(
|
|
|
|
'rule' => array('numeric'),
|
|
|
|
),
|
|
|
|
);
|
|
|
|
|
|
|
|
public $hasMany = array(
|
2020-09-04 17:11:45 +02:00
|
|
|
'WarninglistEntry' => array(
|
|
|
|
'dependent' => true
|
|
|
|
),
|
|
|
|
'WarninglistType' => array(
|
|
|
|
'dependent' => true
|
|
|
|
)
|
2018-07-19 11:48:22 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
private $__tlds = array(
|
|
|
|
'TLDs as known by IANA'
|
|
|
|
);
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
/** @var array */
|
|
|
|
private $entriesCache = [];
|
|
|
|
|
|
|
|
/** @var array|null */
|
|
|
|
private $enabledCache = null;
|
2018-07-19 11:48:22 +02:00
|
|
|
|
2020-09-07 10:06:33 +02:00
|
|
|
private $showForAll;
|
|
|
|
|
|
|
|
public function __construct($id = false, $table = null, $ds = null)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2020-09-07 10:06:33 +02:00
|
|
|
parent::__construct($id, $table, $ds);
|
|
|
|
$this->showForAll = Configure::read('MISP.warning_for_all');
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
/**
|
2020-09-04 17:13:39 +02:00
|
|
|
* Attach warninglist matches to attributes or proposals with IDS mark.
|
2020-09-03 15:24:03 +02:00
|
|
|
*
|
|
|
|
* @param array $attributes
|
|
|
|
* @return array Warninglist ID => name
|
|
|
|
*/
|
|
|
|
public function attachWarninglistToAttributes(array &$attributes)
|
|
|
|
{
|
|
|
|
if (empty($attributes)) {
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
|
2020-09-07 10:20:30 +02:00
|
|
|
$enabledWarninglists = $this->getEnabled();
|
|
|
|
if (empty($enabledWarninglists)) {
|
|
|
|
return []; // no warninglist is enabled
|
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
try {
|
|
|
|
$redis = $this->setupRedisWithException();
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// fallback to default implementation when redis is not available
|
|
|
|
$eventWarnings = [];
|
|
|
|
foreach ($attributes as $pos => $attribute) {
|
2020-09-07 10:20:30 +02:00
|
|
|
$attributes[$pos] = $this->checkForWarning($attribute, $enabledWarninglists);
|
|
|
|
if (isset($attributes[$pos]['warnings'])) {
|
2020-09-03 15:24:03 +02:00
|
|
|
foreach ($attribute['warnings'] as $match) {
|
|
|
|
$eventWarnings[$match['warninglist_id']] = $match['warninglist_name'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $eventWarnings;
|
|
|
|
}
|
|
|
|
|
|
|
|
$warninglistIdToName = [];
|
|
|
|
$enabledTypes = [];
|
2020-09-07 10:20:30 +02:00
|
|
|
foreach ($enabledWarninglists as $warninglist) {
|
2020-09-03 15:24:03 +02:00
|
|
|
$warninglistIdToName[$warninglist['Warninglist']['id']] = $warninglist['Warninglist']['name'];
|
|
|
|
foreach ($warninglist['types'] as $type) {
|
|
|
|
$enabledTypes[$type] = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$pipe = $redis->multi(Redis::PIPELINE);
|
|
|
|
$redisResultToAttributePos = [];
|
|
|
|
foreach ($attributes as $pos => $attribute) {
|
2020-09-07 10:06:33 +02:00
|
|
|
if (($attribute['to_ids'] || $this->showForAll) && (isset($enabledTypes[$attribute['type']]) || isset($enabledTypes['ALL']))) {
|
2020-09-03 15:24:03 +02:00
|
|
|
$redisResultToAttributePos[] = $pos;
|
2020-10-02 19:32:50 +02:00
|
|
|
$redis->get('misp:wlc:' . md5($attribute['type'] . ':' . $attribute['value'], true));
|
2020-09-03 15:24:03 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
$results = $pipe->exec();
|
|
|
|
|
|
|
|
$eventWarnings = [];
|
|
|
|
$saveToCache = [];
|
|
|
|
foreach ($results as $pos => $result) {
|
|
|
|
if ($result === false) { // not in cache
|
|
|
|
$attribute = $attributes[$redisResultToAttributePos[$pos]];
|
2020-09-07 19:40:06 +02:00
|
|
|
$attribute = $this->checkForWarning($attribute, $enabledWarninglists);
|
2020-09-03 15:24:03 +02:00
|
|
|
|
|
|
|
$store = [];
|
|
|
|
if (isset($attribute['warnings'])) {
|
|
|
|
foreach ($attribute['warnings'] as $match) {
|
|
|
|
$warninglistId = $match['warninglist_id'];
|
|
|
|
$attributes[$redisResultToAttributePos[$pos]]['warnings'][] = [
|
|
|
|
'value' => $match['value'],
|
|
|
|
'match' => $match['match'],
|
|
|
|
'warninglist_id' => $warninglistId,
|
|
|
|
'warninglist_name' => $warninglistIdToName[$warninglistId],
|
|
|
|
];
|
|
|
|
$eventWarnings[$warninglistId] = $warninglistIdToName[$warninglistId];
|
|
|
|
|
2020-09-07 19:40:06 +02:00
|
|
|
$store[$warninglistId] = [$match['value'], $match['match']];
|
2020-09-03 15:24:03 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-02 19:32:50 +02:00
|
|
|
$attributeHash = md5($attribute['type'] . ':' . $attribute['value'], true);
|
2020-09-07 12:03:04 +02:00
|
|
|
$saveToCache[$attributeHash] = empty($store) ? '' : json_encode($store);
|
2020-09-03 15:24:03 +02:00
|
|
|
|
|
|
|
} elseif (!empty($result)) { // empty string means no warning list match
|
|
|
|
$matchedWarningList = json_decode($result, true);
|
|
|
|
foreach ($matchedWarningList as $warninglistId => $matched) {
|
|
|
|
$attributes[$redisResultToAttributePos[$pos]]['warnings'][] = [
|
|
|
|
'value' => $matched[0],
|
|
|
|
'match' => $matched[1],
|
|
|
|
'warninglist_id' => $warninglistId,
|
|
|
|
'warninglist_name' => $warninglistIdToName[$warninglistId],
|
|
|
|
];
|
|
|
|
$eventWarnings[$warninglistId] = $warninglistIdToName[$warninglistId];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!empty($saveToCache)) {
|
|
|
|
$pipe = $redis->multi(Redis::PIPELINE);
|
2020-09-07 12:03:04 +02:00
|
|
|
foreach ($saveToCache as $attributeHash => $json) {
|
2020-10-02 19:32:50 +02:00
|
|
|
$redis->setex('misp:wlc:' . $attributeHash, 3600, $json); // cache for one hour
|
2020-09-03 15:24:03 +02:00
|
|
|
}
|
|
|
|
$pipe->exec();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $eventWarnings;
|
|
|
|
}
|
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public function update()
|
|
|
|
{
|
|
|
|
$directories = glob(APP . 'files' . DS . 'warninglists' . DS . 'lists' . DS . '*', GLOB_ONLYDIR);
|
2020-05-15 18:26:06 +02:00
|
|
|
$updated = array('success' => [], 'fails' => []);
|
2018-07-19 11:48:22 +02:00
|
|
|
foreach ($directories as $dir) {
|
|
|
|
$file = new File($dir . DS . 'list.json');
|
2020-09-07 10:04:18 +02:00
|
|
|
$list = $this->jsonDecode($file->read());
|
2018-07-19 11:48:22 +02:00
|
|
|
$file->close();
|
2020-09-07 10:04:18 +02:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
if (!isset($list['version'])) {
|
|
|
|
$list['version'] = 1;
|
|
|
|
}
|
|
|
|
if (!isset($list['type'])) {
|
|
|
|
$list['type'] = 'string';
|
|
|
|
} elseif (is_array($list['type'])) {
|
|
|
|
$list['type'] = $list['type'][0];
|
|
|
|
}
|
|
|
|
$current = $this->find('first', array(
|
2020-09-07 10:04:18 +02:00
|
|
|
'conditions' => array('name' => $list['name']),
|
|
|
|
'recursive' => -1,
|
|
|
|
'fields' => array('*')
|
2018-07-19 11:48:22 +02:00
|
|
|
));
|
|
|
|
if (empty($current) || $list['version'] > $current['Warninglist']['version']) {
|
|
|
|
$result = $this->__updateList($list, $current);
|
|
|
|
if (is_numeric($result)) {
|
|
|
|
$updated['success'][$result] = array('name' => $list['name'], 'new' => $list['version']);
|
|
|
|
if (!empty($current)) {
|
|
|
|
$updated['success'][$result]['old'] = $current['Warninglist']['version'];
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$updated['fails'][] = array('name' => $list['name'], 'fail' => json_encode($result));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$this->regenerateWarninglistCaches();
|
|
|
|
return $updated;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function quickDelete($id)
|
|
|
|
{
|
|
|
|
$result = $this->WarninglistEntry->deleteAll(
|
|
|
|
array('WarninglistEntry.warninglist_id' => $id)
|
|
|
|
);
|
|
|
|
if ($result) {
|
|
|
|
$result = $this->WarninglistType->deleteAll(
|
|
|
|
array('WarninglistType.warninglist_id' => $id)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
if ($result) {
|
|
|
|
$result = $this->delete($id, false);
|
|
|
|
}
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
2020-09-07 10:04:18 +02:00
|
|
|
private function __updateList(array $list, array $current)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
|
|
|
$list['enabled'] = 0;
|
|
|
|
$warninglist = array();
|
|
|
|
if (!empty($current)) {
|
|
|
|
if ($current['Warninglist']['enabled']) {
|
|
|
|
$list['enabled'] = 1;
|
|
|
|
}
|
|
|
|
$this->quickDelete($current['Warninglist']['id']);
|
|
|
|
}
|
|
|
|
$fieldsToSave = array('name', 'version', 'description', 'type', 'enabled');
|
|
|
|
foreach ($fieldsToSave as $fieldToSave) {
|
|
|
|
$warninglist['Warninglist'][$fieldToSave] = $list[$fieldToSave];
|
|
|
|
}
|
|
|
|
$this->create();
|
|
|
|
if ($this->save($warninglist)) {
|
|
|
|
$db = $this->getDataSource();
|
|
|
|
$values = array();
|
|
|
|
foreach ($list['list'] as $value) {
|
|
|
|
if (!empty($value)) {
|
|
|
|
$values[] = array('value' => $value, 'warninglist_id' => $this->id);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
unset($list['list']);
|
|
|
|
$count = count($values);
|
|
|
|
$values = array_chunk($values, 100);
|
|
|
|
foreach ($values as $chunk) {
|
|
|
|
$result = $db->insertMulti('warninglist_entries', array('value', 'warninglist_id'), $chunk);
|
|
|
|
}
|
|
|
|
if ($result) {
|
|
|
|
$this->saveField('warninglist_entry_count', $count);
|
|
|
|
} else {
|
|
|
|
return 'Could not insert values.';
|
|
|
|
}
|
|
|
|
if (!empty($list['matching_attributes'])) {
|
|
|
|
$values = array();
|
|
|
|
foreach ($list['matching_attributes'] as $type) {
|
|
|
|
$values[] = array('type' => $type, 'warninglist_id' => $this->id);
|
|
|
|
}
|
|
|
|
$this->WarninglistType->saveMany($values);
|
|
|
|
} else {
|
|
|
|
$this->WarninglistType->create();
|
|
|
|
$this->WarninglistType->save(array('WarninglistType' => array('type' => 'ALL', 'warninglist_id' => $this->id)));
|
|
|
|
}
|
|
|
|
return $this->id;
|
|
|
|
} else {
|
|
|
|
return $this->validationErrors;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-07 10:04:18 +02:00
|
|
|
/**
|
|
|
|
* Regenerate the warninglist caches, but if an ID is passed along, only regen the entries for the given ID.
|
|
|
|
* This allows us to enable/disable a single warninglist without regenerating all caches.
|
|
|
|
* @param int|null $id
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function regenerateWarninglistCaches($id = null)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
|
|
|
$redis = $this->setupRedis();
|
|
|
|
if ($redis === false) {
|
|
|
|
return false;
|
|
|
|
}
|
2020-09-07 12:03:04 +02:00
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
// Delete cache
|
|
|
|
$redis->del($redis->keys('misp:wl-cache:*'));
|
|
|
|
|
2020-09-07 12:03:04 +02:00
|
|
|
if ($id === null) {
|
|
|
|
// delete all cached entries when regenerating whole cache
|
|
|
|
$redis->del($redis->keys('misp:warninglist_entries_cache:*'));
|
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
$warninglists = $this->find('all', array(
|
|
|
|
'contain' => array('WarninglistType'),
|
|
|
|
'conditions' => array('enabled' => 1),
|
|
|
|
'fields' => ['id', 'name', 'type'],
|
|
|
|
));
|
2018-07-19 11:48:22 +02:00
|
|
|
$this->cacheWarninglists($warninglists);
|
2020-09-07 10:04:18 +02:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
foreach ($warninglists as $warninglist) {
|
|
|
|
if ($id && $warninglist['Warninglist']['id'] != $id) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$entries = $this->WarninglistEntry->find('list', array(
|
2020-09-03 15:24:03 +02:00
|
|
|
'recursive' => -1,
|
|
|
|
'conditions' => array('warninglist_id' => $warninglist['Warninglist']['id']),
|
|
|
|
'fields' => array('value')
|
2018-07-19 11:48:22 +02:00
|
|
|
));
|
|
|
|
$this->cacheWarninglistEntries($entries, $warninglist['Warninglist']['id']);
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2020-09-07 12:03:04 +02:00
|
|
|
private function cacheWarninglists(array $warninglists)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
|
|
|
$redis = $this->setupRedis();
|
|
|
|
if ($redis !== false) {
|
|
|
|
$redis->del('misp:warninglist_cache');
|
|
|
|
foreach ($warninglists as $warninglist) {
|
|
|
|
$redis->sAdd('misp:warninglist_cache', json_encode($warninglist));
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-09-07 12:03:04 +02:00
|
|
|
private function cacheWarninglistEntries(array $warninglistEntries, $id)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
|
|
|
$redis = $this->setupRedis();
|
|
|
|
if ($redis !== false) {
|
2019-08-16 19:49:35 +02:00
|
|
|
$key = 'misp:warninglist_entries_cache:' . $id;
|
|
|
|
$redis->del($key);
|
2019-09-16 09:28:43 +02:00
|
|
|
if (method_exists($redis, 'saddArray')) {
|
|
|
|
$redis->sAddArray($key, $warninglistEntries);
|
|
|
|
} else {
|
|
|
|
foreach ($warninglistEntries as $entry) {
|
2020-09-07 12:03:04 +02:00
|
|
|
$redis->sAdd($key, $entry);
|
2019-09-16 09:28:43 +02:00
|
|
|
}
|
2019-09-15 11:15:34 +02:00
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
/**
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function getEnabled()
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2020-09-03 15:24:03 +02:00
|
|
|
if (isset($this->enabledCache)) {
|
|
|
|
return $this->enabledCache;
|
|
|
|
}
|
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
$redis = $this->setupRedis();
|
2020-09-03 15:24:03 +02:00
|
|
|
if ($redis !== false && $redis->exists('misp:warninglist_cache')) {
|
|
|
|
$warninglists = $redis->sMembers('misp:warninglist_cache');
|
|
|
|
foreach ($warninglists as $k => $v) {
|
|
|
|
$warninglists[$k] = json_decode($v, true);
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2020-09-03 15:24:03 +02:00
|
|
|
} else {
|
|
|
|
$warninglists = $this->find('all', array(
|
|
|
|
'contain' => array('WarninglistType'),
|
|
|
|
'conditions' => array('enabled' => 1),
|
|
|
|
'fields' => ['id', 'name', 'type'],
|
|
|
|
));
|
|
|
|
$this->cacheWarninglists($warninglists);
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2020-09-03 15:24:03 +02:00
|
|
|
|
|
|
|
foreach ($warninglists as &$warninglist) {
|
|
|
|
$warninglist['types'] = [];
|
|
|
|
foreach ($warninglist['WarninglistType'] as $wt) {
|
|
|
|
$warninglist['types'][] = $wt['type'];
|
|
|
|
}
|
|
|
|
unset($warninglist['WarninglistType']);
|
|
|
|
}
|
|
|
|
$this->enabledCache = $warninglists;
|
|
|
|
return $warninglists;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
/**
|
|
|
|
* @param int $id
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
private function getWarninglistEntries($id)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
|
|
|
$redis = $this->setupRedis();
|
2020-09-03 15:24:03 +02:00
|
|
|
if ($redis !== false && $redis->exists('misp:warninglist_entries_cache:' . $id)) {
|
|
|
|
return $redis->sMembers('misp:warninglist_entries_cache:' . $id);
|
2018-07-19 11:48:22 +02:00
|
|
|
} else {
|
2020-09-03 15:24:03 +02:00
|
|
|
$entries = array_values($this->WarninglistEntry->find('list', array(
|
|
|
|
'recursive' => -1,
|
|
|
|
'conditions' => array('warninglist_id' => $id),
|
|
|
|
'fields' => array('value')
|
|
|
|
)));
|
|
|
|
$this->cacheWarninglistEntries($entries, $id);
|
|
|
|
return $entries;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-16 17:10:30 +02:00
|
|
|
/**
|
|
|
|
* Filter out invalid IPv4 or IPv4 CIDR and append maximum netmaks if no netmask is given.
|
|
|
|
* @param array $inputValues
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
private function filterCidrList($inputValues)
|
|
|
|
{
|
|
|
|
$outputValues = [];
|
|
|
|
foreach ($inputValues as $v) {
|
2020-09-07 19:28:59 +02:00
|
|
|
$v = strtolower($v);
|
2019-08-16 17:10:30 +02:00
|
|
|
$parts = explode('/', $v, 2);
|
|
|
|
if (filter_var($parts[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
|
|
|
$maximumNetmask = 32;
|
|
|
|
} else if (filter_var($parts[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
|
|
|
$maximumNetmask = 128;
|
|
|
|
} else {
|
|
|
|
// IP address part of CIDR is invalid
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isset($parts[1])) {
|
|
|
|
// If CIDR doesnt contains '/', we will consider CIDR as /32 for IPv4 or /128 for IPv6
|
|
|
|
$v = "$v/$maximumNetmask";
|
|
|
|
} else if ($parts[1] > $maximumNetmask || $parts[1] < 0) {
|
|
|
|
// Netmask part of CIDR is invalid
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2020-09-07 13:46:10 +02:00
|
|
|
$outputValues[$v] = true;
|
2019-08-16 17:10:30 +02:00
|
|
|
}
|
|
|
|
return $outputValues;
|
|
|
|
}
|
|
|
|
|
2020-09-07 13:46:10 +02:00
|
|
|
/**
|
|
|
|
* For 'hostname', 'string' and 'cidr' warninglist type, values are just in keys to save memory.
|
|
|
|
*
|
|
|
|
* @param array $warninglist
|
|
|
|
* @return array
|
|
|
|
*/
|
2020-09-07 12:03:04 +02:00
|
|
|
public function getFilteredEntries(array $warninglist)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2020-09-07 13:46:10 +02:00
|
|
|
$id = $warninglist['Warninglist']['id'];
|
|
|
|
if (isset($this->entriesCache[$id])) {
|
|
|
|
return $this->entriesCache[$id];
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2019-08-16 17:10:30 +02:00
|
|
|
|
2020-09-07 13:46:10 +02:00
|
|
|
$values = $this->getWarninglistEntries($id);
|
2020-09-03 15:24:03 +02:00
|
|
|
if ($warninglist['Warninglist']['type'] === 'hostname') {
|
|
|
|
$output = [];
|
|
|
|
foreach ($values as $v) {
|
2020-09-07 19:28:59 +02:00
|
|
|
$v = strtolower(trim($v, '.'));
|
2020-09-07 13:46:10 +02:00
|
|
|
$output[$v] = true;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2020-09-03 15:24:03 +02:00
|
|
|
$values = $output;
|
|
|
|
} else if ($warninglist['Warninglist']['type'] === 'string') {
|
2020-09-07 13:46:10 +02:00
|
|
|
$output = [];
|
|
|
|
foreach ($values as $v) {
|
|
|
|
$output[$v] = true;
|
|
|
|
}
|
|
|
|
$values = $output;
|
2020-09-03 15:24:03 +02:00
|
|
|
} else if ($warninglist['Warninglist']['type'] === 'cidr') {
|
|
|
|
$values = $this->filterCidrList($values);
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2020-09-03 15:24:03 +02:00
|
|
|
|
2020-09-07 13:46:10 +02:00
|
|
|
$this->entriesCache[$id] = $values;
|
2020-09-03 15:24:03 +02:00
|
|
|
|
|
|
|
return $values;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
|
2020-09-04 17:11:45 +02:00
|
|
|
/**
|
|
|
|
* @param array $object
|
|
|
|
* @param array|null $warninglists If null, all enabled warninglists will be used
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function checkForWarning(array $object, $warninglists = null)
|
2019-05-09 17:14:25 +02:00
|
|
|
{
|
2020-09-03 15:24:03 +02:00
|
|
|
if ($warninglists === null) {
|
|
|
|
$warninglists = $this->getEnabled();
|
|
|
|
}
|
|
|
|
|
2020-09-07 10:06:33 +02:00
|
|
|
if ($object['to_ids'] || $this->showForAll) {
|
2020-09-03 15:24:03 +02:00
|
|
|
foreach ($warninglists as $list) {
|
2019-05-09 17:14:25 +02:00
|
|
|
if (in_array('ALL', $list['types']) || in_array($object['type'], $list['types'])) {
|
2020-09-03 15:24:03 +02:00
|
|
|
$result = $this->__checkValue($this->getFilteredEntries($list), $object['value'], $object['type'], $list['Warninglist']['type']);
|
|
|
|
if ($result !== false) {
|
|
|
|
$object['warnings'][] = array(
|
|
|
|
'match' => $result[0],
|
|
|
|
'value' => $result[1],
|
|
|
|
'warninglist_name' => $list['Warninglist']['name'],
|
|
|
|
'warninglist_id' => $list['Warninglist']['id'],
|
|
|
|
);
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $object;
|
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
/**
|
|
|
|
* @param array $listValues
|
|
|
|
* @param string $value
|
|
|
|
* @param string $type
|
|
|
|
* @param string $listType
|
|
|
|
* @return array|false [Matched value, attribute value that matched]
|
|
|
|
*/
|
|
|
|
private function __checkValue($listValues, $value, $type, $listType)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2019-08-08 19:11:22 +02:00
|
|
|
if ($type === 'malware-sample' || strpos($type, '|') !== false) {
|
2020-09-07 19:14:17 +02:00
|
|
|
$value = explode('|', $value, 2);
|
2018-07-19 11:48:22 +02:00
|
|
|
} else {
|
|
|
|
$value = array($value);
|
|
|
|
}
|
2020-09-07 19:14:17 +02:00
|
|
|
foreach ($value as $v) {
|
2018-07-19 11:48:22 +02:00
|
|
|
if ($listType === 'cidr') {
|
2020-09-07 19:14:17 +02:00
|
|
|
$result = $this->__evalCidrList($listValues, $v);
|
2018-07-19 11:48:22 +02:00
|
|
|
} elseif ($listType === 'string') {
|
2020-09-07 19:14:17 +02:00
|
|
|
$result = $this->__evalString($listValues, $v);
|
2018-07-19 11:48:22 +02:00
|
|
|
} elseif ($listType === 'substring') {
|
2020-09-07 19:14:17 +02:00
|
|
|
$result = $this->__evalSubString($listValues, $v);
|
2018-07-19 11:48:22 +02:00
|
|
|
} elseif ($listType === 'hostname') {
|
2020-09-07 19:14:17 +02:00
|
|
|
$result = $this->__evalHostname($listValues, $v);
|
2018-07-19 11:48:22 +02:00
|
|
|
} elseif ($listType === 'regex') {
|
2020-09-07 19:14:17 +02:00
|
|
|
$result = $this->__evalRegex($listValues, $v);
|
2020-09-03 15:24:03 +02:00
|
|
|
} else {
|
|
|
|
$result = false;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2020-09-03 15:24:03 +02:00
|
|
|
if ($result !== false) {
|
2020-09-07 19:14:17 +02:00
|
|
|
return [$result, $v];
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-11-23 14:11:33 +01:00
|
|
|
public function quickCheckValue($listValues, $value, $type)
|
|
|
|
{
|
2020-09-03 15:24:03 +02:00
|
|
|
return $this->__checkValue($listValues, $value, '', $type) !== false;
|
2018-11-23 14:11:33 +01:00
|
|
|
}
|
2018-10-16 17:57:14 +02:00
|
|
|
|
2020-09-04 10:53:31 +02:00
|
|
|
private function __evalCidrList($listValues, $value)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2020-09-04 10:53:31 +02:00
|
|
|
$valueMask = null;
|
|
|
|
if (strpos($value, '/') !== false) {
|
|
|
|
list($value, $valueMask) = explode('/', $value);
|
|
|
|
}
|
|
|
|
|
|
|
|
$match = false;
|
2018-07-19 11:48:22 +02:00
|
|
|
if (filter_var($value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
2019-08-20 15:44:32 +02:00
|
|
|
// This code converts IP address to all possible CIDRs that can contains given IP address
|
|
|
|
// and then check if given hash table contains that CIDR.
|
|
|
|
$ip = ip2long($value);
|
2020-09-07 13:31:26 +02:00
|
|
|
// Start from 1, because doesn't make sense to check 0.0.0.0/0 match
|
|
|
|
for ($bits = 1; $bits <= 32; $bits++) {
|
2019-08-20 15:44:32 +02:00
|
|
|
$mask = -1 << (32 - $bits);
|
|
|
|
$needle = long2ip($ip & $mask) . "/$bits";
|
|
|
|
if (isset($listValues[$needle])) {
|
2020-09-07 19:40:06 +02:00
|
|
|
$match = $needle;
|
2020-09-04 10:53:31 +02:00
|
|
|
break;
|
2019-08-20 15:44:32 +02:00
|
|
|
}
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
|
2019-08-20 15:44:32 +02:00
|
|
|
} elseif (filter_var($value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
2020-09-07 19:17:23 +02:00
|
|
|
foreach ($listValues as $lv => $foo) {
|
|
|
|
if (strpos($lv, ':') !== false) { // Filter out IPv4 CIDR, IPv6 CIDR must contain colon
|
2019-08-20 15:44:32 +02:00
|
|
|
if ($this->__ipv6InCidr($value, $lv)) {
|
2020-09-04 10:53:31 +02:00
|
|
|
$match = $lv;
|
|
|
|
break;
|
2019-09-16 09:28:43 +02:00
|
|
|
}
|
2019-08-20 15:44:32 +02:00
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-04 10:53:31 +02:00
|
|
|
if ($match && $valueMask) {
|
|
|
|
$matchMask = explode('/', $match)[1];
|
|
|
|
if ($valueMask < $matchMask) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $match;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
|
2020-09-07 12:03:04 +02:00
|
|
|
/**
|
|
|
|
* Using solution from https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/IpUtils.php
|
|
|
|
*
|
|
|
|
* @param string $ip
|
|
|
|
* @param string $cidr
|
|
|
|
* @return bool
|
|
|
|
*/
|
2018-07-19 11:48:22 +02:00
|
|
|
private function __ipv6InCidr($ip, $cidr)
|
2019-09-16 09:28:43 +02:00
|
|
|
{
|
2019-08-02 13:06:06 +02:00
|
|
|
list($address, $netmask) = explode('/', $cidr);
|
2019-09-16 09:28:43 +02:00
|
|
|
|
2019-08-02 13:06:06 +02:00
|
|
|
$bytesAddr = unpack('n*', inet_pton($address));
|
|
|
|
$bytesTest = unpack('n*', inet_pton($ip));
|
2019-09-16 09:28:43 +02:00
|
|
|
|
2019-08-02 13:06:06 +02:00
|
|
|
for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) {
|
|
|
|
$left = $netmask - 16 * ($i - 1);
|
|
|
|
$left = ($left <= 16) ? $left : 16;
|
|
|
|
$mask = ~(0xffff >> $left) & 0xffff;
|
|
|
|
if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) {
|
|
|
|
return false;
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2019-09-16 09:28:43 +02:00
|
|
|
|
2019-08-02 13:06:06 +02:00
|
|
|
return true;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
|
2020-09-07 19:40:06 +02:00
|
|
|
/**
|
|
|
|
* Check for exact match.
|
|
|
|
*
|
|
|
|
* @param array $listValues
|
|
|
|
* @param string $value
|
|
|
|
* @return false
|
|
|
|
*/
|
2018-07-19 11:48:22 +02:00
|
|
|
private function __evalString($listValues, $value)
|
|
|
|
{
|
|
|
|
if (isset($listValues[$value])) {
|
2020-09-07 19:40:06 +02:00
|
|
|
return $value;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function __evalSubString($listValues, $value)
|
|
|
|
{
|
|
|
|
foreach ($listValues as $listValue) {
|
|
|
|
if (strpos($value, $listValue) !== false) {
|
2020-09-03 15:24:03 +02:00
|
|
|
return $listValue;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function __evalHostname($listValues, $value)
|
|
|
|
{
|
|
|
|
// php's parse_url is dumb, so let's use some hacky workarounds
|
2020-09-07 12:03:04 +02:00
|
|
|
if (strpos($value, '//') === false) {
|
2018-07-19 11:48:22 +02:00
|
|
|
$value = explode('/', $value);
|
|
|
|
$hostname = $value[0];
|
|
|
|
} else {
|
|
|
|
$value = explode('/', $value);
|
|
|
|
$hostname = $value[2];
|
|
|
|
}
|
|
|
|
// If the hostname is not found, just return false
|
|
|
|
if (!isset($hostname)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
$hostname = rtrim($hostname, '.');
|
|
|
|
$hostname = explode('.', $hostname);
|
|
|
|
$rebuilt = '';
|
2020-09-07 12:03:04 +02:00
|
|
|
foreach (array_reverse($hostname) as $piece) {
|
2018-07-19 11:48:22 +02:00
|
|
|
if (empty($rebuilt)) {
|
|
|
|
$rebuilt = $piece;
|
|
|
|
} else {
|
|
|
|
$rebuilt = $piece . '.' . $rebuilt;
|
|
|
|
}
|
|
|
|
if (isset($listValues[$rebuilt])) {
|
2020-09-07 19:40:06 +02:00
|
|
|
return $rebuilt;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function __evalRegex($listValues, $value)
|
|
|
|
{
|
|
|
|
foreach ($listValues as $listValue) {
|
|
|
|
if (preg_match($listValue, $value)) {
|
2020-09-03 15:24:03 +02:00
|
|
|
return $listValue;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-09-07 10:06:33 +02:00
|
|
|
/**
|
|
|
|
* @return array
|
|
|
|
*/
|
2018-07-19 11:48:22 +02:00
|
|
|
public function fetchTLDLists()
|
|
|
|
{
|
2020-09-03 15:24:03 +02:00
|
|
|
$tldLists = $this->find('list', array(
|
|
|
|
'conditions' => array('Warninglist.name' => $this->__tlds),
|
|
|
|
'recursive' => -1,
|
|
|
|
'fields' => array('Warninglist.id', 'Warninglist.id')
|
|
|
|
));
|
2018-07-19 11:48:22 +02:00
|
|
|
$tlds = array();
|
|
|
|
if (!empty($tldLists)) {
|
2020-09-03 15:24:03 +02:00
|
|
|
$tlds = $this->WarninglistEntry->find('list', array(
|
|
|
|
'conditions' => array('WarninglistEntry.warninglist_id' => $tldLists),
|
|
|
|
'fields' => array('WarninglistEntry.value')
|
|
|
|
));
|
|
|
|
foreach ($tlds as $key => $value) {
|
|
|
|
$tlds[$key] = strtolower($value);
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!in_array('onion', $tlds)) {
|
|
|
|
$tlds[] = 'onion';
|
|
|
|
}
|
|
|
|
return $tlds;
|
|
|
|
}
|
|
|
|
|
2020-09-03 15:24:03 +02:00
|
|
|
/**
|
|
|
|
* @param array $attribute
|
|
|
|
* @param array|null $warninglists If null, all enabled warninglists will be used
|
|
|
|
* @return bool
|
|
|
|
*/
|
2020-09-07 16:37:38 +02:00
|
|
|
public function filterWarninglistAttribute(array $attribute, $warninglists = null)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2020-09-03 15:24:03 +02:00
|
|
|
if ($warninglists === null) {
|
|
|
|
$warninglists = $this->getEnabled();
|
|
|
|
}
|
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
foreach ($warninglists as $warninglist) {
|
|
|
|
if (in_array('ALL', $warninglist['types']) || in_array($attribute['type'], $warninglist['types'])) {
|
2020-09-03 15:24:03 +02:00
|
|
|
$result = $this->__checkValue($this->getFilteredEntries($warninglist), $attribute['value'], $attribute['type'], $warninglist['Warninglist']['type']);
|
2018-07-19 11:48:22 +02:00
|
|
|
if ($result !== false) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
2020-09-07 10:05:56 +02:00
|
|
|
|
|
|
|
public function missingTldLists()
|
|
|
|
{
|
|
|
|
$missingTldLists = array();
|
|
|
|
foreach ($this->__tlds as $tldList) {
|
|
|
|
$temp = $this->find('first', array(
|
|
|
|
'recursive' => -1,
|
|
|
|
'conditions' => array('Warninglist.name' => $tldList),
|
|
|
|
'fields' => array('Warninglist.id')
|
|
|
|
));
|
|
|
|
if (empty($temp)) {
|
|
|
|
$missingTldLists[] = $tldList;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $missingTldLists;
|
|
|
|
}
|
2016-05-31 18:06:37 +02:00
|
|
|
}
|