MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [enrichment] Avoiding errors on distribution and sharing group data 

- Making sure we do have a value for distribution
  and sharing group
- Avoid translating distribution levels into their
  human meaning because the output process capturing
  data from the form will anyway use the numeric
  values. Readable values are btw displayed in the
  form for users confort
- Also sanitized data displayed
pull/4584/head
chrisr3d 2019-04-04 14:21:10 +02:00
parent 8983ddf009
commit 041ee4d5da
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 14 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Controller/EventsController.php
View File

@ -5105,11 +5105,8 @@ class EventsController extends AppController
}
if (isset($result['results']['Object']) && !empty($result['results']['Object'])) {
foreach ($result['results']['Object'] as $tmp_object) {
if (!isset($tmp_object['distribution'])) {
$tmp_object['distribution'] = $defaultDistribution;
} else {
$tmp_object['distribution'] = (int)$tmp_object['distribution'];
}
$tmp_object['distribution'] = (isset($tmp_object['distribution']) ? (int)$tmp_object['distribution'] : $defaultDistribution);
$tmp_object['sharing_group_id'] = (isset($tmp_object['sharing_group_id']) ? (int)$tmp_object['sharing_group_id'] : 0);
if (isset($tmp_object['Attribute']) && $tmp_object['Attribute']) {
foreach ($tmp_object['Attribute'] as &$tmp_attribute) {
$tmp_attribute = $this->__fillAttribute($tmp_attribute, $defaultDistribution);
@ -5146,9 +5143,8 @@ class EventsController extends AppController
if (!isset($attribute['to_ids'])) {
$attribute['to_ids'] = $this->Event->Attribute->typeDefinitions[$attribute['type']]['to_ids'];
}
if (!isset($attribute['distribution'])) {
$attribute['distribution'] = $defaultDistribution;
}
$attribute['distribution'] = (isset($attribute['distribution']) ? (int)$attribute['distribution'] : $defaultDistribution);
$attribute['sharing_group_id'] = (isset($attribute['sharing_group_id']) ? (int)$attribute['sharing_group_id'] : 0);
return $attribute;
}

30
app/View/Events/resolved_misp_format.ctp
View File

@ -61,18 +61,18 @@
<td style="width:60px;text-align:center;">
<select class='ObjectDistribution' style='padding:0px;height:20px;margin-bottom:0px;'>
<?php
foreach ($distributions as $distKey => $distValue) {
echo '<option value="' . $distKey . '" ' . ($distKey == $object['distribution'] ? 'selected="selected"' : '') . '>' . $distValue . '</option>';
}
foreach ($distributions as $distKey => $distValue) {
echo '<option value="' . h($distKey) . '" ' . ($distKey == $object['distribution'] ? 'selected="selected"' : '') . '>' . h($distValue) . '</option>';
}
?>
</select>
</td>
<div style="display:none;">
<select class='ObjectSharingGroup' style='padding:0px;height:20px;margin-top:3px;margin-bottom:0px;'>
<?php
foreach ($sgs as $sgKey => $sgValue) {
echo '<option value="' . h($sgKey) . '">' . h($sgValue) . '</option>';
}
foreach ($sgs as $sgKey => $sgValue) {
echo '<option value="' . h($sgKey) . '" ' . ($sgKey == $object['sharing_group_id'] ? 'selected="selected"' : '') . '>' . h($sgValue) . '</option>';
}
?>
</select>
</div>
@ -141,11 +141,6 @@
foreach ($object['Attribute'] as $a => $attribute) {
echo '<tr class="ObjectAttribute">';
echo '<td class="ObjectRelation">' . h($attribute['object_relation']) . '</td>';
if ($attribute['distribution'] != 4) {
$attribute['distribution'] = $distributions[$attribute['distribution']];
} else {
$attribute['distribution'] = $sgs[$attribute['sharing_group_id']];
}
foreach ($attributeFields as $field) {
echo '<td class="Attribute' . ucfirst($field) . '">' . (isset($attribute[$field]) ? h($attribute[$field]) : '') . '</td>';
}
@ -163,7 +158,7 @@
<select class='AttributeDistribution' style='padding:0px;height:20px;margin-bottom:0px;'>
<?php
foreach ($distributions as $distKey => $distValue) {
echo '<option value="' . $distKey . '" ' . ($distKey == $attribute['distribution'] ? 'selected="selected"' : '') . '>' . $distValue . '</option>';
echo '<option value="' . h($distKey) . '" ' . ($distKey == $attribute['distribution'] ? 'selected="selected"' : '') . '>' . h($distValue) . '</option>';
}
?>
</select>
@ -171,7 +166,7 @@
<select class='AttributeSharingGroup' style='padding:0px;height:20px;margin-top:3px;margin-bottom:0px;'>
<?php
foreach ($sgs as $sgKey => $sgValue) {
echo '<option value="' . h($sgKey) . '">' . h($sgValue) . '</option>';
echo '<option value="' . h($sgKey) . '" ' . ($sgKey == $attribute['sharing_group_id'] ? 'selected="selected"' : '') . '>' . h($sgValue) . '</option>';
}
?>
</select>
@ -210,11 +205,6 @@
<?php
foreach ($event['Attribute'] as $a => $attribute) {
echo '<tr class="MISPAttribute">';
if ($attribute['distribution'] != 4) {
$attribute['distribution'] = $distributions[$attribute['distribution']];
} else {
$attribute['distribution'] = $sgs[$attribute['sharing_group_id']];
}
foreach ($attributeFields as $field) {
echo '<td class="Attribute' . ucfirst($field) . '">' . (isset($attribute[$field]) ? h($attribute[$field]) : '') . '</td>';
}
@ -232,7 +222,7 @@
<select class='AttributeDistribution' style='padding:0px;height:20px;margin-bottom:0px;'>
<?php
foreach ($distributions as $distKey => $distValue) {
echo '<option value="' . $distKey . '" ' . ($distKey == $attribute['distribution'] ? 'selected="selected"' : '') . '>' . $distValue . '</option>';
echo '<option value="' . h($distKey) . '" ' . ($distKey == $attribute['distribution'] ? 'selected="selected"' : '') . '>' . h($distValue) . '</option>';
}
?>
</select>
@ -240,7 +230,7 @@
<select class='AttributeSharingGroup' style='padding:0px;height:20px;margin-top:3px;margin-bottom:0px;'>
<?php
foreach ($sgs as $sgKey => $sgValue) {
echo '<option value="' . h($sgKey) . '">' . h($sgValue) . '</option>';
echo '<option value="' . h($sgKey) . '" ' . ($sgKey == $attribute['sharing_group_id'] ? 'selected="selected"' : '') . '>' . h($sgValue) . '</option>';
}
?>
</select>