mirror of https://github.com/MISP/MISP
REST XML request also received base64 encoded file content
parent
93c96ff7c3
commit
00d62ab722
|
@ -69,8 +69,7 @@ class AttributesController extends AppController {
|
|||
|
||||
// Give error if someone tried to submit a attribute with attachment or malware-sample type.
|
||||
// FIXME this is bad ... it should rather by a messagebox or should be filtered out on the view level
|
||||
if('attachment' == $this->request->data['Attribute']['type'] ||
|
||||
'malware-sample' == $this->request->data['Attribute']['type']) {
|
||||
if($this->Attribute->typeIsAttachment($this->request->data['Attribute']['type'])) {
|
||||
$this->Session->setFlash(__('Attribute has not been added: attachments are added by "Add attachment" button', true), 'default', array(), 'error');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
|
||||
}
|
||||
|
|
|
@ -77,13 +77,19 @@ class EventsController extends AppController {
|
|||
if (!$this->Event->exists()) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$this->set('event', $this->Event->read(null, $id));
|
||||
$this->Event->read(null, $id);
|
||||
|
||||
$relatedAttributes = array();
|
||||
$this->loadModel('Attribute');
|
||||
$fields = array('Attribute.id', 'Attribute.event_id', 'Attribute.uuid');
|
||||
foreach ($this->Event->data['Attribute'] as $attribute) {
|
||||
foreach ($this->Event->data['Attribute'] as $i => $attribute) {
|
||||
$relatedAttributes[$attribute['id']] = $this->Attribute->getRelatedAttributes($attribute, $fields);
|
||||
// for REST requests also add the encoded attachment
|
||||
if ($this->_isRest() && $this->Attribute->typeIsAttachment($attribute['type'])) {
|
||||
// LATER check if this has a serious performance impact on XML conversion and memory usage
|
||||
$encoded_file = $this->Attribute->base64EncodeAttachment($attribute);
|
||||
$this->Event->data['Attribute'][$i]['data'] = $encoded_file;
|
||||
}
|
||||
}
|
||||
$this->set('relatedAttributes', $relatedAttributes);
|
||||
|
||||
|
@ -107,6 +113,8 @@ class EventsController extends AppController {
|
|||
);
|
||||
$relatedEvents = $this->Event->find('all', $find_params);
|
||||
}
|
||||
|
||||
$this->set('event', $this->Event->data);
|
||||
$this->set('relatedEvents', $relatedEvents);
|
||||
|
||||
$this->set('categories', $this->Attribute->validate['category']['rule'][1]);
|
||||
|
|
|
@ -203,8 +203,7 @@ class Attribute extends AppModel {
|
|||
function beforeDelete() {
|
||||
// delete attachments from the disk
|
||||
$this->read(); // first read the attribute from the db
|
||||
if('attachment' == $this->data['Attribute']['type'] ||
|
||||
'malware-sample'== $this->data['Attribute']['type'] ) {
|
||||
if($this->typeIsAttachment($this->data['Attribute']['type'])) {
|
||||
// FIXME secure this filesystem access/delete by not allowing to change directories or go outside of the directory container.
|
||||
// only delete the file if it exists
|
||||
$filepath = APP."files/".$this->data['Attribute']['event_id']."/".$this->data['Attribute']['id'];
|
||||
|
@ -457,4 +456,20 @@ class Attribute extends AppModel {
|
|||
return $similar_events;
|
||||
}
|
||||
|
||||
function typeIsAttachment($type) {
|
||||
switch ($type) {
|
||||
case 'attachment':
|
||||
case 'malware-sample':
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function base64EncodeAttachment($attribute) {
|
||||
$filepath = APP."files/".$attribute['event_id']."/".$attribute['id'];
|
||||
$binary = fread(fopen($filepath, 'r'), filesize($filepath));
|
||||
return base64_encode($binary);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue