mirror of https://github.com/MISP/MISP
Further work on the exports
- Performance improvements for the event search exports - JSON view code moved to Lib - Fixed an issue that didn't restrict the dates correctly with the from / to parameterspull/409/head
parent
3c3e36781e
commit
0dd8318fb3
|
@ -2367,7 +2367,6 @@ class EventsController extends AppController {
|
|||
throw new UnauthorizedException('This authentication key is not authorized to be used for exports. Contact your administrator.');
|
||||
}
|
||||
$value = str_replace('|', '/', $value);
|
||||
|
||||
// request handler for POSTed queries. If the request is a post, the parameters (apart from the key) will be ignored and replaced by the terms defined in the posted json or xml object.
|
||||
// The correct format for both is a "request" root element, as shown by the examples below:
|
||||
// For Json: {"request":{"value": "7.7.7.7&&1.1.1.1","type":"ip-src"}}
|
||||
|
@ -2394,16 +2393,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
if ($searchall === 'true') $searchall = "1";
|
||||
|
||||
if (!isset($this->request->params['ext']) || $this->request->params['ext'] !== 'json') {
|
||||
$this->response->type('xml'); // set the content type
|
||||
$this->layout = 'xml/default';
|
||||
$this->header('Content-Disposition: download; filename="misp.search.events.results.xml"');
|
||||
} else {
|
||||
$this->response->type('json'); // set the content type
|
||||
$this->layout = 'json/default';
|
||||
$this->header('Content-Disposition: download; filename="misp.search.events.results.json"');
|
||||
}
|
||||
|
||||
$conditions['AND'] = array();
|
||||
$subcondition = array();
|
||||
$this->loadModel('Attribute');
|
||||
|
@ -2476,13 +2466,14 @@ class EventsController extends AppController {
|
|||
}
|
||||
$conditions['AND'][] = $temp;
|
||||
}
|
||||
$params = array(
|
||||
'conditions' => $conditions,
|
||||
'fields' => array('Attribute.event_id'),
|
||||
);
|
||||
|
||||
if ($from) $conditions['AND'][] = array('Event.date >=' => $from);
|
||||
if ($to) $conditions['AND'][] = array('Event.date <=' => $to);
|
||||
|
||||
$params = array(
|
||||
'conditions' => $conditions,
|
||||
'fields' => array('DISTINCT(Attribute.event_id)'),
|
||||
);
|
||||
$attributes = $this->Attribute->find('all', $params);
|
||||
$eventIds = array();
|
||||
foreach ($attributes as $attribute) {
|
||||
|
@ -2490,14 +2481,41 @@ class EventsController extends AppController {
|
|||
}
|
||||
}
|
||||
if (!empty($eventIds)) {
|
||||
$results = $this->__fetchEvent(null, $eventIds, $user['User']['org'], true);
|
||||
$this->loadModel('Whitelist');
|
||||
if ((!isset($this->request->params['ext']) || $this->request->params['ext'] !== 'json') && $this->response->type() !== 'application/json') {
|
||||
App::uses('XMLConverterTool', 'Tools');
|
||||
$converter = new XMLConverterTool();
|
||||
$final = "";
|
||||
$final .= '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . '<response>' . PHP_EOL;
|
||||
foreach ($eventIds as $currentEventId) {
|
||||
$result = $this->__fetchEvent($currentEventId, null, $user['User']['org'], true);
|
||||
$result = $this->Whitelist->removeWhitelistedFromArray($result, false);
|
||||
$final .= $converter->event2XML($result[0]) . PHP_EOL;
|
||||
}
|
||||
$final .= '</response>' . PHP_EOL;
|
||||
$final_filename="misp.search.events.results.xml";
|
||||
$this->response->body($final);
|
||||
$this->response->type('xml');
|
||||
$this->response->download($final_filename);
|
||||
} else {
|
||||
App::uses('JSONConverterTool', 'Tools');
|
||||
$converter = new JSONConverterTool();
|
||||
$temp = array();
|
||||
$final = '{"response":[';
|
||||
foreach ($eventIds as $currentEventId) {
|
||||
$result = $this->__fetchEvent($currentEventId, null, $user['User']['org'], true);
|
||||
$final .= $converter->event2JSON($result[0]);
|
||||
}
|
||||
$final .= ']}';
|
||||
$final_filename="misp.search.events.results.json";
|
||||
$this->response->body($final);
|
||||
$this->response->type('json');
|
||||
$this->response->download($final_filename);
|
||||
}
|
||||
} else {
|
||||
throw new NotFoundException('No matches.');
|
||||
}
|
||||
$this->loadModel('Whitelist');
|
||||
$results = $this->Whitelist->removeWhitelistedFromArray($results, false);
|
||||
$this->response->type('xml');
|
||||
$this->set('results', $results);
|
||||
return $this->response;
|
||||
}
|
||||
|
||||
public function downloadOpenIOCEvent($eventid) {
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
class JSONConverterTool {
|
||||
public function event2JSON($event, $isSiteAdmin=false) {
|
||||
$event['Event']['Attribute'] = $event['Attribute'];
|
||||
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
|
||||
$event['Event']['RelatedEvent'] = $event['RelatedEvent'];
|
||||
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
unset($event['Event']['user_id']);
|
||||
// hide the org field is we are not in showorg mode
|
||||
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
|
||||
unset($event['Event']['org']);
|
||||
unset($event['Event']['orgc']);
|
||||
unset($event['Event']['from']);
|
||||
}
|
||||
|
||||
if (isset($event['Event']['Attribute'])) {
|
||||
// remove value1 and value2 from the output and remove invalid utf8 characters for the xml parser
|
||||
foreach ($event['Event']['Attribute'] as $key => $value) {
|
||||
unset($event['Event']['Attribute'][$key]['value1']);
|
||||
unset($event['Event']['Attribute'][$key]['value2']);
|
||||
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($event['Event']['RelatedEvent'])) {
|
||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||
$temp = $value['Event'];
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event']);
|
||||
$event['Event']['RelatedEvent'][$key]['Event'][0] = $temp;
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['user_id']);
|
||||
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['org']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['orgc']);
|
||||
}
|
||||
unset($temp);
|
||||
}
|
||||
}
|
||||
$result = array('Event' => $event['Event']);
|
||||
return json_encode($result);
|
||||
}
|
||||
}
|
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
class XMLConverterTool {
|
||||
public function recursiveEcho($array) {
|
||||
$text = "";
|
||||
|
@ -24,7 +23,7 @@ class XMLConverterTool {
|
|||
return $text;
|
||||
}
|
||||
|
||||
public function event2xmlArray($event) {
|
||||
public function event2xmlArray($event, $isSiteAdmin=false) {
|
||||
$toEscape = array("&", "<", ">", "\"", "'");
|
||||
$escapeWith = array('&', '<', '>', '"', ''');
|
||||
$event['Event']['Attribute'] = $event['Attribute'];
|
||||
|
@ -81,7 +80,7 @@ class XMLConverterTool {
|
|||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['user_id']);
|
||||
$event['Event']['RelatedEvent'][$key]['Event'][0]['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['RelatedEvent'][$key]['Event'][0]['info']);
|
||||
$event['Event']['RelatedEvent'][$key]['Event'][0]['info'] = str_replace($toEscape, $escapeWith, $event['Event']['RelatedEvent'][$key]['Event'][0]['info']);
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['org']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['orgc']);
|
||||
}
|
||||
|
@ -91,8 +90,8 @@ class XMLConverterTool {
|
|||
return array('Event' => $event['Event']);
|
||||
}
|
||||
|
||||
public function event2XML($event) {
|
||||
$xmlArray = $this->event2xmlArray($event);
|
||||
public function event2XML($event, $isSiteAdmin=false) {
|
||||
$xmlArray = $this->event2xmlArray($event, $isSiteAdmin);
|
||||
return $this->recursiveEcho(array('Event' => array(0 => $xmlArray['Event'])));
|
||||
}
|
||||
}
|
|
@ -1,37 +1,4 @@
|
|||
<?php
|
||||
$event['Event']['Attribute'] = $event['Attribute'];
|
||||
unset($event['Attribute']);
|
||||
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
|
||||
unset($event['ShadowAttribute']);
|
||||
|
||||
unset($event['Event']['user_id']);
|
||||
// hide the org field is we are not in showorg mode
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($event['Event']['org']);
|
||||
unset($event['Event']['orgc']);
|
||||
unset($event['Event']['from']);
|
||||
}
|
||||
|
||||
// remove value1 and value2 from the output
|
||||
foreach ($event['Event']['Attribute'] as $key => $value) {
|
||||
unset($event['Event']['Attribute'][$key]['value1']);
|
||||
unset($event['Event']['Attribute'][$key]['value2']);
|
||||
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||
}
|
||||
if (isset($event['Event']['RelatedEvent'])) {
|
||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['user_id']);
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['org']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['orgc']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($relatedEvents)) {
|
||||
foreach ($relatedEvents as $relatedEvent) {
|
||||
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
|
||||
}
|
||||
}
|
||||
$result['Event'] = $event['Event'];
|
||||
echo json_encode($result);
|
||||
App::uses('JSONConverterTool', 'Tools');
|
||||
$converter = new JSONConverterTool();
|
||||
echo json_encode($converter->event2JSON($event));
|
|
@ -1,47 +1,7 @@
|
|||
<?php
|
||||
$xmlArray = array();
|
||||
// rearrange things to be compatible with the Xml::fromArray()
|
||||
$event['Event']['Attribute'] = $event['Attribute'];
|
||||
unset($event['Attribute']);
|
||||
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
|
||||
unset($event['ShadowAttribute']);
|
||||
|
||||
// build up a list of the related events
|
||||
if (isset($relatedEvents)) {
|
||||
foreach ($relatedEvents as $relatedEvent) {
|
||||
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
unset($event['Event']['user_id']);
|
||||
// hide the org field is we are not in showorg mode
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($event['Event']['org']);
|
||||
unset($event['Event']['orgc']);
|
||||
unset($event['Event']['from']);
|
||||
}
|
||||
|
||||
// remove value1 and value2 from the output
|
||||
foreach ($event['Event']['Attribute'] as $key => $value) {
|
||||
unset($event['Event']['Attribute'][$key]['value1']);
|
||||
unset($event['Event']['Attribute'][$key]['value2']);
|
||||
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||
}
|
||||
if (isset($event['Event']['RelatedEvent'])) {
|
||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['user_id']);
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['org']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['orgc']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// display the XML to the user
|
||||
$xmlArray['response']['Event'][] = $event['Event'];
|
||||
$xmlArray['response']['xml_version'] = $mispVersion;
|
||||
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
|
||||
echo $xmlObject->asXML();
|
||||
App::uses('XMLConverterTool', 'Tools');
|
||||
$converter = new XMLConverterTool();
|
||||
echo '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . '<response>' . PHP_EOL;
|
||||
echo $converter->event2XML($event) . PHP_EOL;
|
||||
echo '<xml_version>' . $mispVersion . '</xml_version>';
|
||||
echo '</response>' . PHP_EOL;
|
||||
|
|
Loading…
Reference in New Issue