mirror of https://github.com/MISP/MISP
new: [object add] make add event / edit event breakOnDuplicate aware
- cull objects that would be duplicates - cache the fetching of existing objects to speed up the query - thanks to @github-germ for the suggested fixes to the duplicate checking to accomodate this patchpull/6898/head
parent
8ee0555798
commit
0a062215b8
|
@ -81,6 +81,8 @@ class MispObject extends AppModel
|
|||
)
|
||||
);
|
||||
|
||||
private $__objectDuplicationCheckCache = [];
|
||||
|
||||
public function buildFilterConditions(&$params)
|
||||
{
|
||||
$conditions = [];
|
||||
|
@ -302,7 +304,12 @@ class MispObject extends AppModel
|
|||
{
|
||||
$newObjectAttributes = array();
|
||||
$existingObjectAttributes = array();
|
||||
foreach ($object['Attribute'] as $attribute) {
|
||||
if (isset($object['Object']['Attribute'])) {
|
||||
$attributeArray = $object['Object']['Attribute'];
|
||||
} else {
|
||||
$attributeArray = $object['Attribute'];
|
||||
}
|
||||
foreach ($attributeArray as $attribute) {
|
||||
if ($attribute['type'] === 'malware-sample') {
|
||||
if (strpos($attribute['value'], '|') === false && !empty($attribute['data'])) {
|
||||
$attribute['value'] = $attribute['value'] . '|' . md5(base64_decode($attribute['data']));
|
||||
|
@ -314,19 +321,21 @@ class MispObject extends AppModel
|
|||
);
|
||||
}
|
||||
$newObjectAttributeCount = count($newObjectAttributes);
|
||||
$existingObjects = $this->find('all', array(
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Attribute' => array(
|
||||
'fields' => array('value', 'type', 'category', 'object_relation'),
|
||||
'conditions' => array('Attribute.deleted' => 0)
|
||||
)
|
||||
),
|
||||
'fields' => array('template_uuid'),
|
||||
'conditions' => array('template_uuid' => $object['Object']['template_uuid'], 'Object.deleted' => 0, 'event_id' => $eventId)
|
||||
));
|
||||
if (!isset($this->__objectDuplicationCheckCache[$object['Object']['template_uuid']])) {
|
||||
$this->__objectDuplicationCheckCache[$object['Object']['template_uuid']] = $this->find('all', array(
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Attribute' => array(
|
||||
'fields' => array('value', 'type', 'category', 'object_relation'),
|
||||
'conditions' => array('Attribute.deleted' => 0)
|
||||
)
|
||||
),
|
||||
'fields' => array('template_uuid'),
|
||||
'conditions' => array('template_uuid' => $object['Object']['template_uuid'], 'Object.deleted' => 0, 'event_id' => $eventId)
|
||||
));
|
||||
}
|
||||
$oldObjects = array();
|
||||
foreach ($existingObjects as $k => $existingObject) {
|
||||
foreach ($this->__objectDuplicationCheckCache[$object['Object']['template_uuid']] as $k => $existingObject) {
|
||||
$temp = array();
|
||||
if (!empty($existingObject['Attribute']) && $newObjectAttributeCount == count($existingObject['Attribute'])) {
|
||||
foreach ($existingObject['Attribute'] as $existingAttribute) {
|
||||
|
@ -889,6 +898,23 @@ class MispObject extends AppModel
|
|||
if (!isset($object['Object'])) {
|
||||
$object = array('Object' => $object);
|
||||
}
|
||||
if (!empty($object['Object']['breakOnDuplicate'])) {
|
||||
$duplicate = $this->checkForDuplicateObjects($object, $eventId);
|
||||
if ($duplicate) {
|
||||
$log->create();
|
||||
$log->save(array(
|
||||
'org' => $user['Organisation']['name'],
|
||||
'model' => 'Object',
|
||||
'model_id' => 0,
|
||||
'email' => $user['email'],
|
||||
'action' => 'add',
|
||||
'user_id' => $user['id'],
|
||||
'title' => 'Object dropped due to it being a duplicate and breakOnDuplicate being requested for Event ' . $eventId,
|
||||
'change' => 'Duplicate object found.',
|
||||
));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
if (empty($log)) {
|
||||
$log = ClassRegistry::init('Log');
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue