MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/3450/head
chrisr3d 2018-07-03 10:31:16 +02:00
parent d674612858 c3158b50ba
commit 116da2fb9f
9 changed files with 104 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Controller/Component/ACLComponent.php
View File

@ -106,6 +106,7 @@ class ACLComponent extends Component {
'filterEventIdsForPush' => array('perm_sync'), 'filterEventIdsForPush' => array('perm_sync'),
'filterEventIndex' => array('*'), 'filterEventIndex' => array('*'),
'freeTextImport' => array('perm_add'), 'freeTextImport' => array('perm_add'),
'getEditStrategy' => array('perm_add'),
'getEventInfoById' => array('*'), 'getEventInfoById' => array('*'),
'getEventGraphReferences' => array('*'), 'getEventGraphReferences' => array('*'),
'getEventGraphTags' => array('*'), 'getEventGraphTags' => array('*'),

41
app/Controller/EventsController.php
View File

@ -5098,4 +5098,45 @@ class EventsController extends AppController {
return $this->RestResponse->viewData(array(), $this->response->type()); return $this->RestResponse->viewData(array(), $this->response->type());
} }
} }
public function getEditStrategy($id) {
// find the id of the event, change $id to it and proceed to read the event as if the ID was entered.
if (Validation::uuid($id)) {
$this->Event->recursive = -1;
$event = $this->Event->find('first', array(
'recursive' => -1,
'conditions' => array('Event.uuid' => $id),
'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id')
));
if ($event == null) throw new NotFoundException('Invalid event');
$id = $event['Event']['id'];
} else if (!is_numeric($id)) {
throw new NotFoundException(__('Invalid event'));
} else {
$event = $this->Event->find('first', array(
'recursive' => -1,
'conditions' => array('Event.id' => $id),
'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id')
));
}
if (empty($event)) throw new NotFoundException(__('Invalid event'));
$response = array('extensions' => array());
if ($event['Event']['orgc_id'] === $this->Auth->user('org_id')) {
$response['strategy'] = 'edit';
} else {
$response['strategy'] = 'extend';
}
$extendedEvents = $this->Event->find('all', array(
'recursive' => -1,
'fields' => array('Event.id', 'Event.info', 'Event.uuid'),
'conditions' => array(
'Event.extends_uuid' => $event['Event']['uuid'],
'Event.orgc_id' => $this->Auth->user('org_id')
)
));
foreach ($extendedEvents as $extendedEvent) {
$response['extensions'][] = $extendedEvent['Event'];
}
return $this->RestResponse->viewData($response, $this->response->type());
}
} }

2
app/Controller/ServersController.php
View File

@ -377,7 +377,7 @@ class ServersController extends AppController {
} }
if (!$fail) { if (!$fail) {
// say what fields are to be updated // say what fields are to be updated
$fieldList = array('id', 'url', 'push', 'pull', 'unpublish_event', 'publish_without_email', 'remote_org_id', 'name' ,'self_signed', 'cert_file', 'client_cert_file', 'push_rules', 'pull_rules', 'internal'); $fieldList = array('id', 'url', 'push', 'pull', 'unpublish_event', 'publish_without_email', 'remote_org_id', 'name' ,'self_signed', 'cert_file', 'client_cert_file', 'push_rules', 'pull_rules', 'internal', 'skip_proxy');
$this->request->data['Server']['id'] = $id; $this->request->data['Server']['id'] = $id;
if (isset($this->request->data['Server']['authkey']) && "" != $this->request->data['Server']['authkey']) $fieldList[] = 'authkey'; if (isset($this->request->data['Server']['authkey']) && "" != $this->request->data['Server']['authkey']) $fieldList[] = 'authkey';
if(isset($this->request->data['Server']['organisation_type']) && isset($json)) { if(isset($this->request->data['Server']['organisation_type']) && isset($json)) {

7
app/Lib/Tools/SyncTool.php
View File

@ -16,9 +16,10 @@ class SyncTool {
} }
} }
$HttpSocket = new HttpSocket($params); $HttpSocket = new HttpSocket($params);
if (empty($server['Server']['skip_proxy'])) {
$proxy = Configure::read('Proxy'); $proxy = Configure::read('Proxy');
if (isset($proxy['host']) && !empty($proxy['host'])) $HttpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']); if (isset($proxy['host']) && !empty($proxy['host'])) $HttpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']);
}
return $HttpSocket; return $HttpSocket;
} }

6
app/Model/AppModel.php
View File

@ -63,7 +63,8 @@ class AppModel extends Model {
public $db_changes = array( public $db_changes = array(
1 => false, 2 => false, 3 => false, 4 => true, 5 => false, 6 => false, 1 => false, 2 => false, 3 => false, 4 => true, 5 => false, 6 => false,
7 => false, 8 => false, 9 => false, 10 => false, 11 => false, 12 => false 7 => false, 8 => false, 9 => false, 10 => false, 11 => false, 12 => false,
13 => false
); );
function afterSave($created, $options = array()) { function afterSave($created, $options = array()) {
@ -957,6 +958,9 @@ class AppModel extends Model {
INDEX `timestamp` (`timestamp`) INDEX `timestamp` (`timestamp`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;"; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
break; break;
case 13:
$sqlArray[] = "ALTER TABLE `servers` ADD `skip_proxy` tinyint(1) NOT NULL DEFAULT 0;";
break;
case 'fixNonEmptySharingGroupID': case 'fixNonEmptySharingGroupID':
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';

66
app/Model/Attribute.php
View File

@ -2605,39 +2605,57 @@ class Attribute extends AppModel {
)); ));
return $results; return $results;
} }
$results = $this->find('all', $params);
// return false if we're paginating
if (isset($options['limit']) && empty($results)) return false;
if ($options['enforceWarninglist']) { if ($options['enforceWarninglist']) {
$this->Warninglist = ClassRegistry::init('Warninglist'); $this->Warninglist = ClassRegistry::init('Warninglist');
$warninglists = $this->Warninglist->fetchForEventView(); $warninglists = $this->Warninglist->fetchForEventView();
} }
$results = array_values($results);
$proposals_block_attributes = Configure::read('MISP.proposals_block_attributes'); if (empty($params['limit'])) {
foreach ($results as $key => $attribute) { $pagesToFetch = $this->find('count', array('conditions' => $params['conditions']));
if ($options['enforceWarninglist'] && !$this->Warninglist->filterWarninglistAttributes($warninglists, $attribute['Attribute'])) { $loopLimit = 100000;
unset($results[$key]); $pagesToFetch = ceil($pagesToFetch / $loopLimit);
continue; $loop = true;
} else {
$loop = false;
$pagesToFetch = 1;
}
$attributes = array();
for ($i = 0; $i < $pagesToFetch; $i++) {
if ($loop) {
$params['limit'] = $loopLimit;
$params['page'] = $i+1;
} }
if (!empty($options['includeAttributeUuid']) || !empty($options['includeEventUuid'])) { $results = $this->find('all', $params);
$results[$key]['Attribute']['event_uuid'] = $results[$key]['Event']['uuid']; // return false if we're paginating
} if (isset($options['limit']) && empty($results)) return false;
if ($proposals_block_attributes) { $results = array_values($results);
if (!empty($attribute['ShadowAttribute'])) { $proposals_block_attributes = Configure::read('MISP.proposals_block_attributes');
unset($results[$key]); foreach ($results as $key => $attribute) {
} else { if ($options['enforceWarninglist'] && !$this->Warninglist->filterWarninglistAttributes($warninglists, $attribute['Attribute'])) {
unset($results[$key]['ShadowAttribute']); continue;
} }
} if (!empty($options['includeAttributeUuid']) || !empty($options['includeEventUuid'])) {
if ($options['withAttachments']) { $results[$key]['Attribute']['event_uuid'] = $results[$key]['Event']['uuid'];
if ($this->typeIsAttachment($attribute['Attribute']['type'])) {
$encodedFile = $this->base64EncodeAttachment($attribute['Attribute']);
$results[$key]['Attribute']['data'] = $encodedFile;
} }
if ($proposals_block_attributes) {
if (!empty($attribute['ShadowAttribute'])) {
continue;
} else {
unset($results[$key]['ShadowAttribute']);
}
}
if ($options['withAttachments']) {
if ($this->typeIsAttachment($attribute['Attribute']['type'])) {
$encodedFile = $this->base64EncodeAttachment($attribute['Attribute']);
$results[$key]['Attribute']['data'] = $encodedFile;
}
}
$attributes[] = $results[$key];
} }
} }
$results = array_values($results); return $attributes;
return $results;
} }
// Method gets and converts the contents of a file passed along as a base64 encoded string with the original filename into a zip archive // Method gets and converts the contents of a file passed along as a base64 encoded string with the original filename into a zip archive

4
app/View/Servers/add.ctp
View File

@ -88,6 +88,10 @@
echo $this->Form->input('self_signed', array( echo $this->Form->input('self_signed', array(
'type' => 'checkbox', 'type' => 'checkbox',
)); ));
?>
<div class = "input clear"></div>
<?php
echo $this->Form->input('skip_proxy', array('type' => 'checkbox', 'label' => 'Skip proxy (if applicable)'));
echo $this->Form->input('Server.submitted_cert', array( echo $this->Form->input('Server.submitted_cert', array(
'label' => '<b>' . __('Server certificate file') . '</b>', 'label' => '<b>' . __('Server certificate file') . '</b>',

4
app/View/Servers/edit.ctp
View File

@ -94,6 +94,10 @@
echo $this->Form->input('self_signed', array( echo $this->Form->input('self_signed', array(
'type' => 'checkbox', 'type' => 'checkbox',
)); ));
?>
<div class = "input clear"></div>
<?php
echo $this->Form->input('skip_proxy', array('type' => 'checkbox', 'label' => 'Skip proxy (if applicable)'));
?> ?>
<div class="clear"> <div class="clear">
<p> <p>

2
app/View/Servers/index.ctp
View File

@ -31,6 +31,7 @@
<th><?php echo $this->Paginator->sort('cert_file');?></th> <th><?php echo $this->Paginator->sort('cert_file');?></th>
<th><?php echo $this->Paginator->sort('client_cert_file');?></th> <th><?php echo $this->Paginator->sort('client_cert_file');?></th>
<th><?php echo $this->Paginator->sort('self_signed');?></th> <th><?php echo $this->Paginator->sort('self_signed');?></th>
<th><?php echo $this->Paginator->sort('skip_proxy');?></th>
<th><?php echo $this->Paginator->sort('org');?></th> <th><?php echo $this->Paginator->sort('org');?></th>
<th class="actions"><?php echo __('Actions');?></th> <th class="actions"><?php echo __('Actions');?></th>
</tr> </tr>
@ -78,6 +79,7 @@ foreach ($servers as $server):
<td class="short"><?php echo h($server['Server']['cert_file']); ?>&nbsp;</td> <td class="short"><?php echo h($server['Server']['cert_file']); ?>&nbsp;</td>
<td class="short"><?php echo h($server['Server']['client_cert_file']); ?>&nbsp;</td> <td class="short"><?php echo h($server['Server']['client_cert_file']); ?>&nbsp;</td>
<td class="short"><span class="<?php echo ($server['Server']['self_signed'] ? 'icon-ok' : 'icon-remove'); ?>"></span></td> <td class="short"><span class="<?php echo ($server['Server']['self_signed'] ? 'icon-ok' : 'icon-remove'); ?>"></span></td>
<td class="short"><span class="<?php echo ($server['Server']['skip_proxy'] ? 'icon-ok' : 'icon-remove'); ?>"></span></td>
<td class="short"><a href="/organisations/view/<?php echo h($server['Organisation']['id']); ?>"><?php echo h($server['Organisation']['name']); ?></a></td> <td class="short"><a href="/organisations/view/<?php echo h($server['Organisation']['id']); ?>"><?php echo h($server['Organisation']['name']); ?></a></td>
<td class="short action-links"> <td class="short action-links">
<?php <?php