mirror of https://github.com/MISP/MISP
Merge branch 'master' of https://github.com/MISP/MISP
commit
04f3650fe1
|
@ -1 +1 @@
|
||||||
{"major":2, "minor":3, "hotfix":175}
|
{"major":2, "minor":3, "hotfix":178}
|
||||||
|
|
|
@ -1496,7 +1496,7 @@ class EventsController extends AppController {
|
||||||
if (!Configure::read('MISP.background_jobs')) {
|
if (!Configure::read('MISP.background_jobs')) {
|
||||||
if (!is_array($result)) {
|
if (!is_array($result)) {
|
||||||
// redirect to the view event page
|
// redirect to the view event page
|
||||||
$this->Session->setFlash(__('Event published, but NO mail sent to any participants.', true));
|
$this->Session->setFlash(__('Event published without alerts.', true));
|
||||||
} else {
|
} else {
|
||||||
$lastResult = array_pop($result);
|
$lastResult = array_pop($result);
|
||||||
$resultString = (count($result) > 0) ? implode(', ', $result) . ' and ' . $lastResult : $lastResult;
|
$resultString = (count($result) > 0) ? implode(', ', $result) . ' and ' . $lastResult : $lastResult;
|
||||||
|
@ -2917,6 +2917,7 @@ class EventsController extends AppController {
|
||||||
if (isset($resultArray[$i]) && $v == $resultArray[$i]) unset ($resultArray[$k]);
|
if (isset($resultArray[$i]) && $v == $resultArray[$i]) unset ($resultArray[$k]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$resultArray = array_values($resultArray);
|
||||||
$typeCategoryMapping = array();
|
$typeCategoryMapping = array();
|
||||||
foreach ($this->Event->Attribute->categoryDefinitions as $k => $cat) {
|
foreach ($this->Event->Attribute->categoryDefinitions as $k => $cat) {
|
||||||
foreach ($cat['types'] as $type) {
|
foreach ($cat['types'] as $type) {
|
||||||
|
|
|
@ -1167,9 +1167,9 @@ class ShadowAttributesController extends AppController {
|
||||||
$fails = array_diff($ids, $successes);
|
$fails = array_diff($ids, $successes);
|
||||||
$this->autoRender = false;
|
$this->autoRender = false;
|
||||||
if (count($fails) == 0 && count($successes) > 0) {
|
if (count($fails) == 0 && count($successes) > 0) {
|
||||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' deleted.')),'status'=>200));
|
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' accepted.')),'status'=>200));
|
||||||
} else {
|
} else {
|
||||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' deleted, but ' . count($fails) . ' proposal' . (count($fails) != 1 ? 's' : '') . ' could not be deleted.')),'status'=>200));
|
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => count($successes) . ' proposal' . (count($successes) != 1 ? 's' : '') . ' accepted, but ' . count($fails) . ' proposal' . (count($fails) != 1 ? 's' : '') . ' could not be deleted.')),'status'=>200));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -110,7 +110,7 @@ class ComplexTypeTool {
|
||||||
if (strpos($inputRefangedNoPort, '/')) {
|
if (strpos($inputRefangedNoPort, '/')) {
|
||||||
$temp = explode('/', $inputRefangedNoPort);
|
$temp = explode('/', $inputRefangedNoPort);
|
||||||
if (count($temp == 2)) {
|
if (count($temp == 2)) {
|
||||||
if (filter_var($temp[0], FILTER_VALIDATE_IP)) return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $comment, 'value' => $inputRefangedNoPort);
|
if (filter_var($temp[0], FILTER_VALIDATE_IP) && is_numeric($temp[1])) return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $comment, 'value' => $inputRefangedNoPort);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -110,6 +110,7 @@ class Attribute extends AppModel {
|
||||||
'ip-dst' => array('desc' => 'A destination IP address of the attacker or C&C server', 'formdesc' => "A destination IP address of the attacker or C&C server. Also set the IDS flag on when this IP is hardcoded in malware"),
|
'ip-dst' => array('desc' => 'A destination IP address of the attacker or C&C server', 'formdesc' => "A destination IP address of the attacker or C&C server. Also set the IDS flag on when this IP is hardcoded in malware"),
|
||||||
'hostname' => array('desc' => 'A full host/dnsname of an attacker', 'formdesc' => "A full host/dnsname of an attacker. Also set the IDS flag on when this hostname is hardcoded in malware"),
|
'hostname' => array('desc' => 'A full host/dnsname of an attacker', 'formdesc' => "A full host/dnsname of an attacker. Also set the IDS flag on when this hostname is hardcoded in malware"),
|
||||||
'domain' => array('desc' => 'A domain name used in the malware', 'formdesc' => "A domain name used in the malware. Use this instead of hostname when the upper domain is important or can be used to create links between events."),
|
'domain' => array('desc' => 'A domain name used in the malware', 'formdesc' => "A domain name used in the malware. Use this instead of hostname when the upper domain is important or can be used to create links between events."),
|
||||||
|
'domain|ip' => array('desc' => 'A domain name and its IP address (as found in DNS lookup) separated by a |','formdesc' => "A domain name and its IP address (as found in DNS lookup) separated by a | (no spaces)"),
|
||||||
'email-src' => array('desc' => "The email address (or domainname) used to send the malware."),
|
'email-src' => array('desc' => "The email address (or domainname) used to send the malware."),
|
||||||
'email-dst' => array('desc' => "A recipient email address", 'formdesc' => "A recipient email address that is not related to your constituency."),
|
'email-dst' => array('desc' => "A recipient email address", 'formdesc' => "A recipient email address that is not related to your constituency."),
|
||||||
'email-subject' => array('desc' => "The subject of the email"),
|
'email-subject' => array('desc' => "The subject of the email"),
|
||||||
|
@ -179,7 +180,7 @@ class Attribute extends AppModel {
|
||||||
),
|
),
|
||||||
'Network activity' => array(
|
'Network activity' => array(
|
||||||
'desc' => 'Information about network traffic generated by the malware',
|
'desc' => 'Information about network traffic generated by the malware',
|
||||||
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
|
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'domain|ip', 'email-dst', 'url', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
|
||||||
),
|
),
|
||||||
'Payload type' => array(
|
'Payload type' => array(
|
||||||
'desc' => 'Information about the final payload(s)',
|
'desc' => 'Information about the final payload(s)',
|
||||||
|
@ -193,7 +194,7 @@ class Attribute extends AppModel {
|
||||||
'External analysis' => array(
|
'External analysis' => array(
|
||||||
'desc' => 'Any other result from additional analysis of the malware like tools output',
|
'desc' => 'Any other result from additional analysis of the malware like tools output',
|
||||||
'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
|
'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
|
||||||
'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'hostname', 'domain', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'other')
|
'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'other')
|
||||||
),
|
),
|
||||||
'Other' => array(
|
'Other' => array(
|
||||||
'desc' => 'Attributes that are not part of any other category',
|
'desc' => 'Attributes that are not part of any other category',
|
||||||
|
@ -459,6 +460,7 @@ class Attribute extends AppModel {
|
||||||
case 'sha1':
|
case 'sha1':
|
||||||
case 'sha256':
|
case 'sha256':
|
||||||
case 'domain':
|
case 'domain':
|
||||||
|
case 'domain|ip':
|
||||||
case 'hostname':
|
case 'hostname':
|
||||||
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
|
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
|
||||||
break;
|
break;
|
||||||
|
@ -667,6 +669,15 @@ class Attribute extends AppModel {
|
||||||
$returnValue = 'Domain name has invalid format. Please double check the value or select "other" for a type.';
|
$returnValue = 'Domain name has invalid format. Please double check the value or select "other" for a type.';
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case 'domain|ip':
|
||||||
|
if (preg_match("#^[A-Z0-9.\-_]+\.[A-Z]{2,}\|.*$#i", $value)) {
|
||||||
|
$parts = explode('|', $value);
|
||||||
|
if (filter_var($parts[1],FILTER_VALIDATE_IP)) {$returnValue = true;}
|
||||||
|
else {$returnValue = 'IP address has invalid format.';}
|
||||||
|
} else {
|
||||||
|
$returnValue = 'Domain name has invalid format.';
|
||||||
|
}
|
||||||
|
break;
|
||||||
case 'email-src':
|
case 'email-src':
|
||||||
// we don't use the native function to prevent issues with partial email addresses
|
// we don't use the native function to prevent issues with partial email addresses
|
||||||
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.\-_]+\.[A-Z]{2,}$#i", $value)) {
|
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.\-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
echo $this->Form->input('comment', array(
|
echo $this->Form->input('comment', array(
|
||||||
'type' => 'textarea',
|
'type' => 'textarea',
|
||||||
'label' => false,
|
'label' => false,
|
||||||
'value' => h($object['comment']),
|
'value' => $object['comment'],
|
||||||
'error' => array('escape' => false),
|
'error' => array('escape' => false),
|
||||||
'class' => 'inline-input',
|
'class' => 'inline-input',
|
||||||
'id' => 'Attribute' . '_' . $object['id'] . '_comment_field',
|
'id' => 'Attribute' . '_' . $object['id'] . '_comment_field',
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
'type' => 'textarea',
|
'type' => 'textarea',
|
||||||
'div' => 'input clear',
|
'div' => 'input clear',
|
||||||
'class' => 'input-xxlarge',
|
'class' => 'input-xxlarge',
|
||||||
'default' => h($quote)
|
'default' => $quote
|
||||||
));
|
));
|
||||||
?>
|
?>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
echo $this->Form->input('comment', array(
|
echo $this->Form->input('comment', array(
|
||||||
'type' => 'textarea',
|
'type' => 'textarea',
|
||||||
'label' => false,
|
'label' => false,
|
||||||
'value' => h($object['comment']),
|
'value' => $object['comment'],
|
||||||
'error' => array('escape' => false),
|
'error' => array('escape' => false),
|
||||||
'class' => 'inline-input',
|
'class' => 'inline-input',
|
||||||
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_comment_field',
|
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_comment_field',
|
||||||
|
|
Loading…
Reference in New Issue