MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

REST XML request also received base64 encoded file content

pull/61/head
Christophe Vandeplas 2012-05-21 15:20:25 +02:00
parent 93c96ff7c3
commit 00d62ab722
3 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/AttributesController.php
View File

@ -69,8 +69,7 @@ class AttributesController extends AppController {
// Give error if someone tried to submit a attribute with attachment or malware-sample type.
// FIXME this is bad ... it should rather by a messagebox or should be filtered out on the view level
if('attachment' == $this->request->data['Attribute']['type'] ||
'malware-sample' == $this->request->data['Attribute']['type']) {
if($this->Attribute->typeIsAttachment($this->request->data['Attribute']['type'])) {
$this->Session->setFlash(__('Attribute has not been added: attachments are added by "Add attachment" button', true), 'default', array(), 'error');
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
}

12
app/Controller/EventsController.php
View File

@ -77,13 +77,19 @@ class EventsController extends AppController {
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
}
$this->set('event', $this->Event->read(null, $id));
$this->Event->read(null, $id);
$relatedAttributes = array();
$this->loadModel('Attribute');
$fields = array('Attribute.id', 'Attribute.event_id', 'Attribute.uuid');
foreach ($this->Event->data['Attribute'] as $attribute) {
foreach ($this->Event->data['Attribute'] as $i => $attribute) {
$relatedAttributes[$attribute['id']] = $this->Attribute->getRelatedAttributes($attribute, $fields);
// for REST requests also add the encoded attachment
if ($this->_isRest() && $this->Attribute->typeIsAttachment($attribute['type'])) {
// LATER check if this has a serious performance impact on XML conversion and memory usage
$encoded_file = $this->Attribute->base64EncodeAttachment($attribute);
$this->Event->data['Attribute'][$i]['data'] = $encoded_file;
}
}
$this->set('relatedAttributes', $relatedAttributes);
@ -107,6 +113,8 @@ class EventsController extends AppController {
);
$relatedEvents = $this->Event->find('all', $find_params);
}
$this->set('event', $this->Event->data);
$this->set('relatedEvents', $relatedEvents);
$this->set('categories', $this->Attribute->validate['category']['rule'][1]);

19
app/Model/Attribute.php
View File

@ -203,8 +203,7 @@ class Attribute extends AppModel {
function beforeDelete() {
// delete attachments from the disk
$this->read(); // first read the attribute from the db
if('attachment' == $this->data['Attribute']['type'] ||
'malware-sample'== $this->data['Attribute']['type'] ) {
if($this->typeIsAttachment($this->data['Attribute']['type'])) {
// FIXME secure this filesystem access/delete by not allowing to change directories or go outside of the directory container.
// only delete the file if it exists
$filepath = APP."files/".$this->data['Attribute']['event_id']."/".$this->data['Attribute']['id'];
@ -457,4 +456,20 @@ class Attribute extends AppModel {
return $similar_events;
}
function typeIsAttachment($type) {
switch ($type) {
case 'attachment':
case 'malware-sample':
return true;
default:
return false;
}
}
function base64EncodeAttachment($attribute) {
$filepath = APP."files/".$attribute['event_id']."/".$attribute['id'];
$binary = fread(fopen($filepath, 'r'), filesize($filepath));
return base64_encode($binary);
}
}