MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

distribution 

conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities

Push is tested, pull not yet.
pull/63/head
noud 2012-11-16 15:25:57 +01:00
parent 5d37e93eb6
commit 1cddb6abe0
12 changed files with 144 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Config/Schema/schema_0.2.2.1.php
View File

@ -29,6 +29,7 @@ class AppSchema extends CakeSchema {
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
@ -64,6 +65,7 @@ class AppSchema extends CakeSchema {
'revision' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'private' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => NULL),
'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => NULL, 'length' => 11),
//'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),

10
app/Controller/EventsController.php
View File

@ -395,8 +395,8 @@ class EventsController extends AppController {
}
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster')
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie')
);
if ('true' == Configure::read('CyDefSIG.private')) {
@ -444,8 +444,8 @@ class EventsController extends AppController {
unset($this->Event->Attribute->validate['value']['unique']); // otherwise gives bugs because event_id is not set
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private')
'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private', 'communitie'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie')
);
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
@ -468,7 +468,7 @@ class EventsController extends AppController {
}
// say what fields are to be updated
$fieldList = array('date', 'risk', 'info', 'published', 'private', 'cluster');
$fieldList = array('date', 'risk', 'info', 'published', 'private', 'cluster', 'communitie');
// always force the org, but do not force it for admins
if ($this->_isAdmin()) {
// set the same org as existed before

45
app/Controller/ServersController.php
View File

@ -177,33 +177,35 @@ class ServersController extends AppController {
if (null != $event) {
// we have an Event array
if ('true' == Configure::read('CyDefSIG.private')) {
// Distribution, no Org only in Event
if ($event['Event']['distribution'] == 'Org') {
continue;
}
// Distribution, correct Community to Org only in Event
if ($event['Event']['distribution'] == 'Community') {
$event['Event']['distribution'] = 'Org';
}
// Distribution, correct All to Community in Event
if ($event['Event']['distribution'] == 'All') {
$event['Event']['distribution'] = 'Community';
// Distribution
switch($event['Event']['distribution']) {
case 'Your organization only': // Distribution, no Org only in Event
case 'This server-only':
continue;
break;
case 'This Community-only': // Distribution, correct Community to Org only in Event
$event['Event']['distribution'] = 'Your organization only';
break;
case 'Connected communities': // Distribution, correct All to Community in Event
$event['Event']['distribution'] = 'This Community-only';
break;
}
if (is_array($event['Event']['Attribute']) && !isset($event['Event']['Attribute']['id'])) {
$toRemove = array();
$size = count($event['Event']['Attribute']);
for ($i = 0; $i < $size; $i++) {
switch($event['Event']['Attribute'][$i]['distribution']) {
case 'Org':
case 'Your organization only':
case 'This server-only':
$toRemove[] = $i;
break;
case 'Community':
case 'This Community-only':
$event['Event']['Attribute'][$i]['private'] = true;
$event['Event']['Attribute'][$i]['distribution'] = 'Org';
$event['Event']['Attribute'][$i]['distribution'] = 'Your organization only';
break;
case 'All':
case 'Connected communities':
$event['Event']['Attribute'][$i]['cluster'] = true;
$event['Event']['Attribute'][$i]['distribution'] = 'Community';
$event['Event']['Attribute'][$i]['distribution'] = 'This Community-only';
break;
}
}
@ -213,16 +215,17 @@ class ServersController extends AppController {
$event['Event']['Attribute'] = array_values($event['Event']['Attribute']);
} elseif (is_array($event['Event']['Attribute']) && isset($event['Event']['Attribute']['id'])) {
switch($event['Event']['Attribute']['distribution']) {
case 'Org':
case 'Your organization only':
case 'This server-only':
unset($event['Event']['Attribute']);
break;
case 'Community':
case 'This Community-only':
$event['Event']['Attribute']['private'] = true;
$event['Event']['Attribute']['distribution'] = 'Org';
$event['Event']['Attribute']['distribution'] = 'Your organization only';
break;
case 'All':
case 'Connected communities':
$event['Event']['Attribute']['cluster'] = true;
$event['Event']['Attribute']['distribution'] = 'Community';
$event['Event']['Attribute']['distribution'] = 'This Community-only';
break;
}
}

5
app/MYSQL.private.sql
View File

@ -5,4 +5,7 @@ ALTER TABLE `events` ADD `pull` tinyint(1) NOT NULL;
ALTER TABLE `attributes` ADD `pull` tinyint(1) NOT NULL;
ALTER TABLE `correlations` ADD private tinyint(1) NOT NULL;
ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;
ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;
ALTER TABLE `events` ADD `communitie` tinyint(1) NOT NULL;
ALTER TABLE `attributes` ADD `communitie` tinyint(1) NOT NULL;

2
app/MYSQL.txt
View File

@ -31,6 +31,7 @@ CREATE TABLE `attributes` (
`revision` int(10) NOT NULL DEFAULT '0',
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`communitie` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `event_id` (`event_id`),
KEY `value1_key` (`value1`(5)),
@ -88,6 +89,7 @@ CREATE TABLE `events` (
`revision` int(10) NOT NULL DEFAULT '0',
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`communitie` tinyint(1) NOT NULL,
`attribute_count` int(11) UNSIGNED DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;

64
app/Model/Attribute.php
View File

@ -58,10 +58,17 @@ class Attribute extends AppModel {
'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of <em>this single Attribute</em> to other CyDefSIG servers.<br/>Used only when the Event is NOT set as Private')
);
// public $distributionDescriptions = array(
// 'Org' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Only organization members will see the attribute"),
// 'Community' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Attribute visible to all on this CyDefSIG instance but will not be shared past it"),
// 'All' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "To be distributed to other connected CyDefSIG servers"),
// );
public $distributionDescriptions = array(
'Org' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Only organization members will see the attribute"),
'Community' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Attribute visible to all on this CyDefSIG instance but will not be shared past it"),
'All' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "To be distributed to other connected CyDefSIG servers"),
'Your organization only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Only organization members will see the attribute"),
'This server-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Every organisation on the server can see this attribute"),
'This Community-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Attribute visible to all on this and _allied_ CyDefSIG instances but will not be shared past it"),
'Connected communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Attribute visible to CyDefSIG instances with more then two servers but will not be shared past it"),
'All communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "To be distributed to every connected CyDefSIG server"),
);
// these are definition of possible types + their descriptions and maybe later other behaviors
@ -286,7 +293,8 @@ class Attribute extends AppModel {
if ('true' == Configure::read('CyDefSIG.private')) {
$this->virtualFields = Set::merge($this->virtualFields,array(
'distribution' => 'IF (Attribute.private=true, "Org", IF (Attribute.cluster=true, "Community", "All"))',
//'distribution' => 'IF (Attribute.private=true, "Your organization only", IF (Attribute.cluster=true, "This Community-only", "All communities"))',
'distribution' => 'IF (Attribute.private=true AND Attribute.cluster=false, "Your organization only", IF (Attribute.private=true AND Attribute.cluster=true, "This server-only", IF (Attribute.private=false AND Attribute.cluster=true, "This Community-only", IF (Attribute.communitie=true, "Connected communities" , "All communities"))))',
));
$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
@ -304,8 +312,18 @@ class Attribute extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'communitie' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'distribution' => array(
'rule' => array('inList', array('Org', 'Community', 'All')),
'rule' => array('inList', array("Your organization only", "This server-only", "This Community-only", "Connected communities", "All communities")),
//'message' => 'Your custom message here',
'allowEmpty' => false,
'required' => false,
@ -405,19 +423,49 @@ class Attribute extends AppModel {
}
}
// public function massageData(&$data) {
// switch ($data['Attribute']['distribution']) {
// case 'Your organization only':
// $data['Attribute']['private'] = true;
// $data['Attribute']['cluster'] = false;
// break;
// case 'This Community-only':
// $data['Attribute']['private'] = false;
// $data['Attribute']['cluster'] = true;
// break;
// case 'All communities':
// $data['Attribute']['private'] = false;
// $data['Attribute']['cluster'] = false;
// break;
// }
// return $data;
// }
public function massageData(&$data) {
switch ($data['Attribute']['distribution']) {
case 'Org':
case 'Your organization only':
$data['Attribute']['private'] = true;
$data['Attribute']['cluster'] = false;
$data['Attribute']['communitie'] = false;
break;
case 'Community':
case 'This server-only': // TODO
$data['Attribute']['private'] = true;
$data['Attribute']['cluster'] = true;
$data['Attribute']['communitie'] = false;
break;
case 'This Community-only':
$data['Attribute']['private'] = false;
$data['Attribute']['cluster'] = true;
$data['Attribute']['communitie'] = false;
break;
case 'All':
case 'Connected communities': // TODO
$data['Attribute']['private'] = false;
$data['Attribute']['cluster'] = false;
$data['Attribute']['communitie'] = true;
break;
case 'All communities':
$data['Attribute']['private'] = false;
$data['Attribute']['cluster'] = false;
$data['Attribute']['communitie'] = false;
break;
}
return $data;

61
app/Model/Event.php
View File

@ -44,10 +44,17 @@ class Event extends AppModel {
'High' => array('desc' => '*high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Sophisticated APT malware or 0-day attack')
);
// public $distributionDescriptions = array(
// 'Org' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Only organization members will see the event"),
// 'Community' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Event visible to all on this CyDefSIG instance but will not be shared past it"),
// 'All' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "To be distributed to other connected CyDefSIG servers"),
// );
public $distributionDescriptions = array(
'Org' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Only organization members will see the event"),
'Community' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Event visible to all on this CyDefSIG instance but will not be shared past it"),
'All' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "To be distributed to other connected CyDefSIG servers"),
'Your organization only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Only organization members will see the event"),
'This server-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Every organisation on the server can see this event"),
'This Community-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Event visible to all on this and _allied_ CyDefSIG instances but will not be shared past it"), // former Community
'Connected communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Event visible to CyDefSIG instances with more then two servers but will not be shared past it"),
'All communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "To be distributed to every connected CyDefSIG server"),
);
/**
@ -160,7 +167,7 @@ class Event extends AppModel {
if ('true' == Configure::read('CyDefSIG.private')) {
$this->virtualFields = Set::merge($this->virtualFields, array(
'distribution' => 'IF (Event.private=true, "Org", IF (Event.cluster=true, "Community", "All"))',
'distribution' => 'IF (Event.private=true AND Event.cluster=false, "Your organization only", IF (Event.private=true AND Event.cluster=true, "This server-only", IF (Event.private=false AND Event.cluster=true, "This Community-only", IF (Event.communitie=true, "Connected communities" , "All communities"))))',
));
$this->fieldDescriptions = Set::merge($this->fieldDescriptions, array(
@ -178,8 +185,18 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'communitie' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'distribution' => array(
'rule' => array('inList', array('Org', 'Community', 'All')),
'rule' => array('inList', array("Your organization only", "This server-only", "This Community-only", "Connected communities", "All communities")),
//'message' => 'Your custom message here',
'allowEmpty' => false,
'required' => false,
@ -272,17 +289,30 @@ class Event extends AppModel {
public function massageData(&$data) {
switch ($data['Event']['distribution']) {
case 'Org':
case 'Your organization only':
$data['Event']['private'] = true;
$data['Event']['cluster'] = false;
$data['Event']['communitie'] = false;
break;
case 'Community':
case 'This server-only': // TODO
$data['Event']['private'] = true;
$data['Event']['cluster'] = true;
$data['Event']['communitie'] = false;
break;
case 'This Community-only':
$data['Event']['private'] = false;
$data['Event']['cluster'] = true;
$data['Event']['communitie'] = false;
break;
case 'All':
case 'Connected communities': // TODO
$data['Event']['private'] = false;
$data['Event']['cluster'] = false;
$data['Event']['communitie'] = true;
break;
case 'All communities':
$data['Event']['private'] = false;
$data['Event']['cluster'] = false;
$data['Event']['communitie'] = false;
break;
}
return $data;
@ -386,7 +416,7 @@ class Event extends AppModel {
// remove value1 and value2 from the output
foreach ($event['Event']['Attribute'] as $key => &$attribute) {
// do not keep attributes that are private, nor cluster
if ($attribute['private'] || $attribute['cluster']) {
if (($attribute['private'] && !$attribute['cluster'] && !$attribute['communitie']) || ($attribute['private'] && $attribute['cluster'] && !$attribute['communitie'])) {
unset($event['Event']['Attribute'][$key]);
continue; // stop processing this
}
@ -394,12 +424,13 @@ class Event extends AppModel {
if ($attribute['cluster'] && !$attribute['private']) {
$attribute['private'] = true;
$attribute['cluster'] = false;
$attribute['distribution'] = 'Org';
//$attribute['communitie'] = false;
$attribute['distribution'] = 'Your organization only';
}
// Distribution, correct All to Community in Attribute
if (!$attribute['cluster'] && !$attribute['private']) {
if (!$attribute['cluster'] && !$attribute['private'] && $attribute['communitie']) {
$attribute['cluster'] = true;
$attribute['distribution'] = 'Community';
$attribute['distribution'] = 'This Community-only';
}
// remove value1 and value2 from the output
unset($attribute['value1']);
@ -414,12 +445,12 @@ class Event extends AppModel {
if ($event['Event']['cluster'] && !$event['Event']['private']) {
$event['Event']['private'] = true;
$event['Event']['cluster'] = false;
$event['Event']['distribution'] = 'Org';
$event['Event']['distribution'] = 'Your organization only';
}
// Distribution, correct All to Community in Event
if (!$event['Event']['cluster'] && !$event['Event']['private']) {
if (!$event['Event']['cluster'] && !$event['Event']['private'] && $event['Event']['communitie']) {
$event['Event']['cluster'] = true;
$event['Event']['distribution'] = 'Community';
$event['Event']['distribution'] = 'This Community-only';
}
// display the XML to the user

2
app/View/Attributes/add.ctp
View File

@ -15,7 +15,7 @@ echo $this->Form->input('type', array(
));
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('distribution', array('label' => 'Distribution', 'selected' => 'All',
echo $this->Form->input('distribution', array('label' => 'Distribution', 'selected' => 'All communities',
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv'))
));
} else {

2
app/View/Attributes/add_attachment.ctp
View File

@ -15,7 +15,7 @@ echo $this->Form->input('malware', array(
));
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('distribution', array('label' => 'Distribution', 'selected' => 'All',
echo $this->Form->input('distribution', array('label' => 'Distribution', 'selected' => 'All communities',
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv'))
));
//'before' => $this->Html->div('forminfo', isset($attrDescriptions['distribution']['formdesc']) ? $attrDescriptions['distribution']['formdesc'] : $attrDescriptions['distribution']['desc']),));

2
app/View/Events/add.ctp
View File

@ -6,7 +6,7 @@
echo $this->Form->input('date');
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('distribution', array('label' => 'Distribution', 'selected' => 'All',
echo $this->Form->input('distribution', array('label' => 'Distribution', 'selected' => 'All communities',
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
));
} else {

2
app/View/Events/index.ctp
View File

@ -54,7 +54,7 @@
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<?php if ('true' == Configure::read('CyDefSIG.private')): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo $event['Event']['distribution'] == 'Org' ? 'Org' : ($event['Event']['distribution'] == 'Community' ? 'Community' : '&nbsp;');?></td>
<?php echo $event['Event']['distribution'] != 'All communities' ? $event['Event']['distribution'] : '&nbsp;';?></td>
<?php else: ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo ($event['Event']['private']) ? 'Private' : ''; ?>&nbsp;</td>

3
app/View/Events/view.ctp
View File

@ -171,7 +171,7 @@ if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$
<td class="short" style="text-align: center;"><?php echo $attribute['to_ids'] ? 'Yes' : 'No';?></td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<?php if ('true' == Configure::read('CyDefSIG.private')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['distribution'] == 'Org' ? 'Org' : ($attribute['distribution'] == 'Community' ? 'Community' : '&nbsp;');?></td>
<td class="short" style="text-align: center;"><?php echo $attribute['distribution'] != 'All communities' ? $attribute['distribution'] : '&nbsp;';?></td>
<?php else:?>
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
@ -180,7 +180,6 @@ if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td>
<?php endif;?>