MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of https://github.com/MISP/MISP

pull/734/head
aaronkaplan 2016-01-12 11:02:16 +01:00
parent 32344f3bee 3d8e5add03
commit 04f3650fe1
8 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":175}
{"major":2, "minor":3, "hotfix":178}

3
app/Controller/EventsController.php
View File

@ -1496,7 +1496,7 @@ class EventsController extends AppController {
if (!Configure::read('MISP.background_jobs')) {
if (!is_array($result)) {
// redirect to the view event page
$this->Session->setFlash(__('Event published, but NO mail sent to any participants.', true));
$this->Session->setFlash(__('Event published without alerts.', true));
} else {
$lastResult = array_pop($result);
$resultString = (count($result) > 0) ? implode(', ', $result) . ' and ' . $lastResult : $lastResult;
@ -2917,6 +2917,7 @@ class EventsController extends AppController {
if (isset($resultArray[$i]) && $v == $resultArray[$i]) unset ($resultArray[$k]);
}
}
$resultArray = array_values($resultArray);
$typeCategoryMapping = array();
foreach ($this->Event->Attribute->categoryDefinitions as $k => $cat) {
foreach ($cat['types'] as $type) {

4
app/Controller/ShadowAttributesController.php
View File

@ -1167,9 +1167,9 @@ class ShadowAttributesController extends AppController {
$fails = array_diff($ids, $successes);
$this->autoRender = false;
if (count($fails) == 0 && count($successes) > 0) {
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' deleted.')),'status'=>200));
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' accepted.')),'status'=>200));
} else {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' deleted, but ' . count($fails) . ' proposal' . (count($fails) != 1 ? 's' : '') . ' could not be deleted.')),'status'=>200));
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' accepted, but ' . count($fails) . ' proposal' . (count($fails) != 1 ? 's' : '') . ' could not be deleted.')),'status'=>200));
}
}
}

2
app/Lib/Tools/ComplexTypeTool.php
View File

@ -110,7 +110,7 @@ class ComplexTypeTool {
if (strpos($inputRefangedNoPort, '/')) {
$temp = explode('/', $inputRefangedNoPort);
if (count($temp == 2)) {
if (filter_var($temp[0], FILTER_VALIDATE_IP)) return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $comment, 'value' => $inputRefangedNoPort);
if (filter_var($temp[0], FILTER_VALIDATE_IP) && is_numeric($temp[1])) return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $comment, 'value' => $inputRefangedNoPort);
}
}

15
app/Model/Attribute.php
View File

@ -110,6 +110,7 @@ class Attribute extends AppModel {
'ip-dst' => array('desc' => 'A destination IP address of the attacker or C&C server', 'formdesc' => "A destination IP address of the attacker or C&C server. Also set the IDS flag on when this IP is hardcoded in malware"),
'hostname' => array('desc' => 'A full host/dnsname of an attacker', 'formdesc' => "A full host/dnsname of an attacker. Also set the IDS flag on when this hostname is hardcoded in malware"),
'domain' => array('desc' => 'A domain name used in the malware', 'formdesc' => "A domain name used in the malware. Use this instead of hostname when the upper domain is important or can be used to create links between events."),
'domain|ip' => array('desc' => 'A domain name and its IP address (as found in DNS lookup) separated by a |','formdesc' => "A domain name and its IP address (as found in DNS lookup) separated by a | (no spaces)"),
'email-src' => array('desc' => "The email address (or domainname) used to send the malware."),
'email-dst' => array('desc' => "A recipient email address", 'formdesc' => "A recipient email address that is not related to your constituency."),
'email-subject' => array('desc' => "The subject of the email"),
@ -179,7 +180,7 @@ class Attribute extends AppModel {
),
'Network activity' => array(
'desc' => 'Information about network traffic generated by the malware',
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'domain|ip', 'email-dst', 'url', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
),
'Payload type' => array(
'desc' => 'Information about the final payload(s)',
@ -193,7 +194,7 @@ class Attribute extends AppModel {
'External analysis' => array(
'desc' => 'Any other result from additional analysis of the malware like tools output',
'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'hostname', 'domain', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'other')
'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'other')
),
'Other' => array(
'desc' => 'Attributes that are not part of any other category',
@ -459,6 +460,7 @@ class Attribute extends AppModel {
case 'sha1':
case 'sha256':
case 'domain':
case 'domain|ip':
case 'hostname':
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
break;
@ -667,6 +669,15 @@ class Attribute extends AppModel {
$returnValue = 'Domain name has invalid format. Please double check the value or select "other" for a type.';
}
break;
case 'domain|ip':
if (preg_match("#^[A-Z0-9.\-_]+\.[A-Z]{2,}\|.*$#i", $value)) {
$parts = explode('|', $value);
if (filter_var($parts[1],FILTER_VALIDATE_IP)) {$returnValue = true;}
else {$returnValue = 'IP address has invalid format.';}
} else {
$returnValue = 'Domain name has invalid format.';
}
break;
case 'email-src':
// we don't use the native function to prevent issues with partial email addresses
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.\-_]+\.[A-Z]{2,}$#i", $value)) {

2
app/View/Attributes/ajax/attributeEditCommentForm.ctp
View File

@ -8,7 +8,7 @@
echo $this->Form->input('comment', array(
'type' => 'textarea',
'label' => false,
'value' => h($object['comment']),
'value' => $object['comment'],
'error' => array('escape' => false),
'class' => 'inline-input',
'id' => 'Attribute' . '_' . $object['id'] . '_comment_field',

2
app/View/Posts/add.ctp
View File

@ -39,7 +39,7 @@
'type' => 'textarea',
'div' => 'input clear',
'class' => 'input-xxlarge',
'default' => h($quote)
'default' => $quote
));
?>
</fieldset>

2
app/View/ShadowAttributes/ajax/attributeEditCommentForm.ctp
View File

@ -8,7 +8,7 @@
echo $this->Form->input('comment', array(
'type' => 'textarea',
'label' => false,
'value' => h($object['comment']),
'value' => $object['comment'],
'error' => array('escape' => false),
'class' => 'inline-input',
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_comment_field',