From e9352bf81115ed8b51731544d8d8af37bfef4e3e Mon Sep 17 00:00:00 2001 From: frpet Date: Sat, 13 Apr 2019 04:32:04 +0200 Subject: [PATCH 1/6] Update README.md Makes API Authorization work --- app/Plugin/ShibbAuth/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Plugin/ShibbAuth/README.md b/app/Plugin/ShibbAuth/README.md index 12763f27c..c84989211 100644 --- a/app/Plugin/ShibbAuth/README.md +++ b/app/Plugin/ShibbAuth/README.md @@ -44,7 +44,7 @@ in the list given by apache. If used with Apache as webserver it might be useful to make a distinction to filter out API/Syncs from SSO login. It can be added to the vhost as follows: ```Apache - + Require all granted AuthType None From e01f813f5b887c410bf2f15a814ec154e1731c86 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 13 Apr 2019 15:25:11 +0200 Subject: [PATCH 2/6] chg: [misp-objects] object templates updated + relationships --- app/files/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-objects b/app/files/misp-objects index bfcfe7aae..81924c519 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit bfcfe7aae9a13db637281c8ccd10f9d89d33b593 +Subproject commit 81924c519f2d5899023da427cc2d5f8cf29e076b From 8613ed1bedfff1f6ce07b45076955e8c5df8f469 Mon Sep 17 00:00:00 2001 From: iglocska Date: Sun, 14 Apr 2019 21:25:37 +0200 Subject: [PATCH 3/6] chg: [download as] updated - now works on non published events in all cases and uses restsearch whenever possible. Fixes #4468 --- app/Controller/EventsController.php | 46 ++++++++++++++--------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 49f60cb6f..96535ea91 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -4204,60 +4204,60 @@ class EventsController extends AppController // #TODO i18n $exports = array( 'xml' => array( - 'url' => '/events/restSearch/xml/false/false/false/false/false/false/false/false/false/' . $id . '/false.xml', + 'url' => '/events/restSearch/xml/eventid:' . $id . '.xml', 'text' => 'MISP XML (metadata + all attributes)', 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Encode Attachments', - 'checkbox_set' => '/events/restSearch/xml/false/false/false/false/false/false/false/false/false/' . $id . '/true.xml', + 'checkbox_set' => '/events/restSearch/xml/eventid:' . $id . '/withAttachments:1.xml', 'checkbox_default' => true ), 'json' => array( - 'url' => '/events/restSearch/json/false/false/false/false/false/false/false/false/false/' . $id . '/false.json', + 'url' => '/events/restSearch/json/eventid:' . $id . '.json', 'text' => 'MISP JSON (metadata + all attributes)', 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Encode Attachments', - 'checkbox_set' => '/events/restSearch/json/false/false/false/false/false/false/false/false/false/' . $id . '/true.json', + 'checkbox_set' => '/events/restSearch/json/withAttachments:1/eventid:' . $id . '.json', 'checkbox_default' => true ), 'openIOC' => array( 'url' => '/events/downloadOpenIOCEvent/download/' . $id, 'text' => 'OpenIOC (all indicators marked to IDS)', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => false, ), 'csv' => array( 'url' => '/events/csv/download/' . $id, 'text' => 'CSV', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Include non-IDS marked attributes', 'checkbox_set' => '/events/csv/download/' . $id . '/1' ), 'csv_with_context' => array( - 'url' => '/events/csv/download/' . $id . '/0/0/0/0/1', + 'url' => '/events/restSearch/returnFormat:csv/eventid:' . $id, 'text' => 'CSV with additional context', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Include non-IDS marked attributes', - 'checkbox_set' => '/events/csv/download/' . $id . '/1/0/0/0/1' + 'checkbox_set' => '/events/restSearch/returnFormat:csv/to_ids:1||0/published:1||0/eventid:' . $id ), 'stix_xml' => array( 'url' => '/events/restSearch/stix/eventid:' . $id, 'text' => 'STIX XML (metadata + all attributes)', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Encode Attachments', 'checkbox_set' => '/events/restSearch/stix/eventid:' . $id . '/withAttachments:1' ), 'stix_json' => array( - 'url' => '/events/stix/download/' . $id . '.json', + 'url' => '/events/restSearch/stix/eventid:' . $id . '.json', 'text' => 'STIX JSON (metadata + all attributes)', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Encode Attachments', - 'checkbox_set' => '/events/stix/download/' . $id . '/true.json' + 'checkbox_set' => '/events/restSearch/stix/withAttachments:1/eventid:' . $id . '.json' ), 'stix2_json' => array( 'url' => '/events/restSearch/stix2/eventid:' . $id, @@ -4268,36 +4268,36 @@ class EventsController extends AppController 'checkbox_set' => '/events/restSearch/stix2/eventid:' . $id . '/withAttachments:1' ), 'rpz' => array( - 'url' => '/attributes/rpz/download/false/' . $id, + 'url' => '/attributes/restSearch/returnFormat:rpz/published:1||0/eventid:' . $id, 'text' => 'RPZ Zone file', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => false, ), 'suricata' => array( - 'url' => '/events/nids/suricata/download/' . $id, + 'url' => '/events/restSearch/returnFormat:suricata/published:1||0/eventid:' . $id, 'text' => 'Download Suricata rules', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => false, ), 'snort' => array( - 'url' => '/events/nids/snort/download/' . $id, + 'url' => '/events/restSearch/returnFormat:snort/published:1||0/eventid:' . $id, 'text' => 'Download Snort rules', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => false, ), 'bro' => array( 'url' => '/attributes/bro/download/all/false/' . $id, 'text' => 'Download Bro rules', - 'requiresPublished' => true, + 'requiresPublished' => false, 'checkbox' => false ), 'text' => array( - 'url' => '/attributes/text/download/all/false/' . $id, 'text' => 'Export all attribute values as a text file', - 'requiresPublished' => true, + 'url' => '/attributes/restSearch/returnFormat:text/published:1||0/eventid:' . $id, + 'requiresPublished' => false, 'checkbox' => true, 'checkbox_text' => 'Include non-IDS marked attributes', - 'checkbox_set' => '/attributes/text/download/all/false/' . $id . '/true' + 'checkbox_set' => '/attributes/restSearch/returnFormat:text/published:1||0/to_ids:1||0/eventid:' . $id ), ); if ($event['Event']['published'] == 0) { From fa52f40b847f6de8f8ccf21a0dde49bcd98ff4b0 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 15 Apr 2019 10:48:00 +0200 Subject: [PATCH 4/6] fix: [export] Fixed broken bro export, fixes #4050 --- app/Model/Job.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/app/Model/Job.php b/app/Model/Job.php index b5d6d881e..71e944bd1 100644 --- a/app/Model/Job.php +++ b/app/Model/Job.php @@ -42,7 +42,7 @@ class Job extends AppModel $this->save($data); $id = $this->id; $this->Event = ClassRegistry::init('Event'); - if (in_array($type, array_keys($this->Event->export_types))) { + if (in_array($type, array_keys($this->Event->export_types)) && $type !== 'bro') { $process_id = CakeResque::enqueue( 'cache', $shell . 'Shell', @@ -50,13 +50,11 @@ class Job extends AppModel true ); } elseif ($type === 'bro') { - $extra = $type; $type = 'bro'; - $extra2 = isset($user['nids_sid']) ? $user['nids_sid'] : 0; $process_id = CakeResque::enqueue( 'cache', $shell . 'Shell', - array('cachebro' . $type, $user['id'], $id, $extra, $extra2), + array('cachebro', $user['id'], $id), true ); } else { From 7c8f91cfc4a6fd28f56b8731c8c3e4dfd47c8b3b Mon Sep 17 00:00:00 2001 From: mokaddem Date: Mon, 15 Apr 2019 10:51:06 +0200 Subject: [PATCH 5/6] chg: [popovers] Added dedicated popover container for expansions and sightings (instead of a shared one with the screenshots) --- app/View/Attributes/index.ctp | 2 +- app/View/Elements/eventattribute.ctp | 2 +- app/View/Layouts/default.ctp | 1 + app/webroot/css/main.css | 10 ++++++++ app/webroot/js/misp.js | 38 +++++++++++++++------------- 5 files changed, 33 insertions(+), 20 deletions(-) diff --git a/app/View/Attributes/index.ctp b/app/View/Attributes/index.ctp index 3cb070591..e3c7bff26 100755 --- a/app/View/Attributes/index.ctp +++ b/app/View/Attributes/index.ctp @@ -169,7 +169,7 @@ $(document).ready(function () { object_id = selected.join('|'); } url = "" + "/sightings/advanced/" + object_id + "/" + object_context; - genericPopup(url, '#screenshot_box'); + genericPopup(url, '#popover_box'); }); $('.correlation-toggle').click(function() { var attribute_id = $(this).data('attribute-id'); diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index c8fa1d08f..cf68945a9 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -317,7 +317,7 @@ attributes or the appropriate distribution level. If you think there is a mistak object_id = selected.join('|'); } url = "" + "/sightings/advanced/" + object_id + "/" + object_context; - genericPopup(url, '#screenshot_box'); + genericPopup(url, '#popover_box'); }); }); $('#attributesFilterField').bind("keydown", function(e) { diff --git a/app/View/Layouts/default.ctp b/app/View/Layouts/default.ctp index a2ea78334..65fc8cb54 100644 --- a/app/View/Layouts/default.ctp +++ b/app/View/Layouts/default.ctp @@ -40,6 +40,7 @@
+
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index 25a929348..3b70d121a 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -846,6 +846,16 @@ a.proposal_link_red:hover { left: calc(50% - 700px); } +.popover_box { + display:none; + position: fixed; + top:150px; + background-color:#f4f4f4; + border-radius: 11px 11px 10px 10px; + box-shadow: 4px 4px 4px #333; + z-index:5; +} + .screenshot_box { display:none; position: absolute; diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index e1cce37dc..89777ae87 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -1265,6 +1265,7 @@ function cancelPopoverForm(id) { $("#popover_form").fadeOut(); $("#popover_form_large").fadeOut(); $("#screenshot_box").fadeOut(); + $("#popover_box").fadeOut(); $("#confirmation_box").fadeOut(); $('#gray_out').fadeOut(); $('#popover_form').fadeOut(); @@ -3262,7 +3263,7 @@ $(".cortex-json").click(function() { // add the same as below for click popup $(document).on( "click", ".eventViewAttributePopup", function() { - $('#screenshot_box').empty(); + $('#popover_box').empty(); type = $(this).attr('data-object-type'); id = $(this).attr('data-object-id'); if (!(type + "_" + id in ajaxResults["persistent"])) { @@ -3278,16 +3279,16 @@ $(document).on( "click", ".eventViewAttributePopup", function() { if (type + "_" + id in ajaxResults["persistent"]) { var enrichment_popover = ajaxResults["persistent"][type + "_" + id]; enrichment_popover += '
'; - $('#screenshot_box').html('
' + enrichment_popover + '
'); - $('#screenshot_box').show(); + $('#popover_box').html('
' + enrichment_popover + '
'); + $('#popover_box').show(); $("#gray_out").fadeIn(); - $('#screenshot_box').css({'padding': '5px'}); - $('#screenshot_box').css( "maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" ); - $('#screenshot_box').css( "maxHeight", ( $( window ).width() - 300 | 0 ) + "px" ); - $('#screenshot_box').css( "overflow-y", "auto"); + $('#popover_box').css({'padding': '5px'}); + $('#popover_box').css( "maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" ); + $('#popover_box').css( "maxHeight", ( $( window ).width() - 300 | 0 ) + "px" ); + $('#popover_box').css( "overflow-y", "auto"); - var left = ($(window).width() / 2) - ($('#screenshot_box').width() / 2); - $('#screenshot_box').css({'left': left + 'px'}); + var left = ($(window).width() / 2) - ($('#popover_box').width() / 2); + $('#popover_box').css({'left': left + 'px'}); } $('#' + currentPopover).popover('destroy'); }); @@ -3670,6 +3671,7 @@ $(document).keyup(function(e){ $("#popover_form").fadeOut(); $("#popover_form_large").fadeOut(); $("#screenshot_box").fadeOut(); + $("#popover_box").fadeOut(); $("#confirmation_box").fadeOut(); $(".loading").hide(); resetForms(); @@ -4017,16 +4019,16 @@ $(document).ready(function() { cortex_data = htmlEncode(JSON.stringify(cortex_data, null, 2)); var popupHtml = '
' + cortex_data + '
'; popupHtml += '
'; - $('#screenshot_box').html(popupHtml); - $('#screenshot_box').show(); - $('#screenshot_box').css({'padding': '5px'}); - left = ($(window).width() / 2) - ($('#screenshot_box').width() / 2); - if (($('#screenshot_box').height() + 250) > $(window).height()) { - $('#screenshot_box').height($(window).height() - 250); - $('#screenshot_box').css("overflow-y", "scroll"); - $('#screenshot_box').css("overflow-x", "hidden"); + $('#popover_box').html(popupHtml); + $('#popover_box').show(); + $('#popover_box').css({'padding': '5px'}); + left = ($(window).width() / 2) - ($('#popover_box').width() / 2); + if (($('#popover_box').height() + 250) > $(window).height()) { + $('#popover_box').height($(window).height() - 250); + $('#popover_box').css("overflow-y", "scroll"); + $('#popover_box').css("overflow-x", "hidden"); } - $('#screenshot_box').css({'left': left + 'px'}); + $('#popover_box').css({'left': left + 'px'}); $("#gray_out").fadeIn(); }); $('.add_object_attribute_row').click(function() { From a94f1deea61964308c2dbeedc13dd3425b06aa2f Mon Sep 17 00:00:00 2001 From: mokaddem Date: Mon, 15 Apr 2019 10:58:31 +0200 Subject: [PATCH 6/6] chg: [queryversion] bumped queryversion --- app/Controller/AppController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 47b150e1c..43a4943ca 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -46,7 +46,7 @@ class AppController extends Controller public $helpers = array('Utility', 'OrgImg', 'FontAwesome'); - private $__queryVersion = '65'; + private $__queryVersion = '66'; public $pyMispVersion = '2.4.103'; public $phpmin = '7.0'; public $phprec = '7.2';