mirror of https://github.com/MISP/MISP
new: [paranoid logging] Added POST/PUT body logging on demand
parent
f71bb17ea4
commit
1aef957d5f
|
@ -46,7 +46,7 @@ class AppController extends Controller
|
|||
|
||||
public $helpers = array('Utility', 'OrgImg', 'FontAwesome');
|
||||
|
||||
private $__queryVersion = '69';
|
||||
private $__queryVersion = '68';
|
||||
public $pyMispVersion = '2.4.106';
|
||||
public $phpmin = '7.0';
|
||||
public $phprec = '7.2';
|
||||
|
@ -447,6 +447,14 @@ class AppController extends Controller
|
|||
if (Configure::read('MISP.log_paranoid')) {
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->Log->create();
|
||||
$change = 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here;
|
||||
if (($this->request->is('post') || $this->request->is('put')) && !empty(Configure::read('MISP.log_paranoid_include_post_body'))) {
|
||||
$payload = $this->request->data;
|
||||
if (!empty($payload['_Token'])) {
|
||||
unset($payload['_Token']);
|
||||
}
|
||||
$change .= PHP_EOL . 'Request body: ' . json_encode($payload);
|
||||
}
|
||||
$log = array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'User',
|
||||
|
@ -454,7 +462,7 @@ class AppController extends Controller
|
|||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'request',
|
||||
'title' => 'Paranoid log entry',
|
||||
'change' => 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here,
|
||||
'change' => $change,
|
||||
);
|
||||
$this->Log->save($log);
|
||||
}
|
||||
|
|
|
@ -730,6 +730,15 @@ class Server extends AppModel
|
|||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'log_paranoid_include_post_body' => array(
|
||||
'level' => 0,
|
||||
'description' => __('If paranoid logging is enabled, include the POST body in the entries.'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'delegation' => array(
|
||||
'level' => 1,
|
||||
'description' => __('This feature allows users to create org only events and ask another organisation to take ownership of the event. This allows organisations to remain anonymous by asking a partner to publish an event for them.'),
|
||||
|
|
Loading…
Reference in New Issue