mirror of https://github.com/MISP/MISP
Merge remote-tracking branch 'origin/2.4' into decaying
mokaddem
commit
1d378fd7bd
|
|
@ -105,6 +105,7 @@ install:
|
|||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.host_org_id" 1'
|
||||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.email" "info@admin.test"'
|
||||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.disable_emailing" true'
|
||||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "debug" true'
|
||||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.CustomAuth_disable_logout" false'
|
||||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"'
|
||||
- sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_port" 6379'
|
||||
|
|
|
|||
2
PyMISP
2
PyMISP
|
|
@ -1 +1 @@
|
|||
Subproject commit f133cb9477dab9cd81f8631db8c27af6c0d291c0
|
||||
Subproject commit 73c8d8b87d259cfa3200067f3a1d9d209595c86d
|
||||
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":4, "hotfix":113}
|
||||
{"major":2, "minor":4, "hotfix":114}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class AdminShell extends AppShell
|
|||
$this->Job->id = $jobId;
|
||||
$result = $this->Server->updateAfterPull($submodule_name, $userId);
|
||||
$this->Job->saveField('progress', 100);
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
if ($result) {
|
||||
$this->Job->saveField('message', __('Database updated: ' . $submodule_name));
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class EventShell extends AppShell
|
|||
$this->Job->saveField('progress', 100);
|
||||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('message', 'Job Failed due to invalid export format. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
return false;
|
||||
}
|
||||
if ($export_type == 'text') {
|
||||
|
|
@ -65,7 +65,7 @@ class EventShell extends AppShell
|
|||
$this->Job->saveField('progress', 100);
|
||||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
private function __runCaching($user, $typeData, $id, $export_type, $subType = '')
|
||||
|
|
@ -115,7 +115,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', 100);
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cachejson() {
|
||||
|
|
@ -149,7 +149,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', 100);
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cachestix() {
|
||||
|
|
@ -166,7 +166,7 @@ class EventShell extends AppShell
|
|||
}
|
||||
$result = $this->Event->stix(false, false, Configure::read('MISP.cached_attachments'), $user, 'xml', false, false, false, $id, true);
|
||||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
if ($result['success']) {
|
||||
rename($result['data'], $stixFilePath);
|
||||
unlink($result['data']);
|
||||
|
|
@ -231,7 +231,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', '100');
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cacherpz() {
|
||||
|
|
@ -272,7 +272,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', '100');
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cachecsv() {
|
||||
|
|
@ -311,7 +311,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', '100');
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cachetext() {
|
||||
|
|
@ -340,7 +340,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', 100);
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cachenids() {
|
||||
|
|
@ -376,7 +376,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = time()-$timeStart;
|
||||
$this->Job->saveField('progress', '100');
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function cachebro()
|
||||
|
|
@ -411,7 +411,7 @@ class EventShell extends AppShell
|
|||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('progress', 100);
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
public function alertemail() {
|
||||
|
|
@ -424,7 +424,7 @@ class EventShell extends AppShell
|
|||
$result = $this->Event->sendAlertEmail($eventId, $user, $oldpublish, $processId);
|
||||
$job['Job']['progress'] = 100;
|
||||
$job['Job']['message'] = 'Emails sent.';
|
||||
//$job['Job']['date_modified'] = date("y-m-d H:i:s");
|
||||
//$job['Job']['date_modified'] = date("Y-m-d H:i:s");
|
||||
$this->Job->save($job);
|
||||
}
|
||||
|
||||
|
|
@ -439,7 +439,7 @@ class EventShell extends AppShell
|
|||
$user = $this->User->getAuthUser($userId);
|
||||
$result = $this->Event->sendContactEmail($id, $message, $all, array('User' => $user), $isSiteAdmin);
|
||||
$this->Job->saveField('progress', '100');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
$this->Job->saveField('date_modified', date("Y-m-d H:i:s"));
|
||||
if ($result != true) $this->Job->saveField('message', 'Job done.');
|
||||
}
|
||||
|
||||
|
|
@ -454,7 +454,7 @@ class EventShell extends AppShell
|
|||
$result = $this->Post->sendPostsEmail($userId, $postId, $eventId, $title, $message);
|
||||
$job['Job']['progress'] = 100;
|
||||
$job['Job']['message'] = 'Emails sent.';
|
||||
$job['Job']['date_modified'] = date("y-m-d H:i:s");
|
||||
$job['Job']['date_modified'] = date("Y-m-d H:i:s");
|
||||
$this->Job->save($job);
|
||||
}
|
||||
|
||||
|
|
@ -519,7 +519,7 @@ class EventShell extends AppShell
|
|||
$this->Event->Behaviors->unload('SysLogLogable.SysLogLogable');
|
||||
$result = $this->Event->publish($id, $passAlong);
|
||||
$job['Job']['progress'] = 100;
|
||||
$job['Job']['date_modified'] = date("y-m-d H:i:s");
|
||||
$job['Job']['date_modified'] = date("Y-m-d H:i:s");
|
||||
if ($result) {
|
||||
$job['Job']['message'] = 'Event published.';
|
||||
} else {
|
||||
|
|
@ -569,7 +569,7 @@ class EventShell extends AppShell
|
|||
);
|
||||
$result = $this->Event->enrichment($options);
|
||||
$job['Job']['progress'] = 100;
|
||||
$job['Job']['date_modified'] = date("y-m-d H:i:s");
|
||||
$job['Job']['date_modified'] = date("Y-m-d H:i:s");
|
||||
if ($result) {
|
||||
$job['Job']['message'] = 'Added ' . $result . ' attribute' . ($result > 1 ? 's.' : '.');
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -253,13 +253,19 @@ class ServerShell extends AppShell
|
|||
$jobId = $this->Job->id;
|
||||
}
|
||||
$this->Job->read(null, $jobId);
|
||||
$result = $this->Feed->cacheFeedInitiator($user, $jobId, $scope);
|
||||
try {
|
||||
$result = $this->Feed->cacheFeedInitiator($user, $jobId, $scope);
|
||||
} catch (Exception $e) {
|
||||
CakeLog::error($e->getMessage());
|
||||
$result = false;
|
||||
}
|
||||
|
||||
$this->Job->id = $jobId;
|
||||
if ($result !== true) {
|
||||
$message = 'Job Failed. Reason: ';
|
||||
$message = 'Job failed. See logs for more details.';
|
||||
$this->Job->save(array(
|
||||
'id' => $jobId,
|
||||
'message' => $message . $result,
|
||||
'message' => $message,
|
||||
'progress' => 0,
|
||||
'status' => 3
|
||||
));
|
||||
|
|
@ -401,12 +407,26 @@ class ServerShell extends AppShell
|
|||
);
|
||||
$this->Job->save($data);
|
||||
$jobId = $this->Job->id;
|
||||
$result = $this->Feed->cacheFeedInitiator($user, $jobId, 'all');
|
||||
$this->Job->save(array(
|
||||
'message' => 'Job done.',
|
||||
'progress' => 100,
|
||||
'status' => 4
|
||||
));
|
||||
try {
|
||||
$result = $this->Feed->cacheFeedInitiator($user, $jobId, 'all');
|
||||
} catch (Exception $e) {
|
||||
CakeLog::error($e->getMessage());
|
||||
$result = false;
|
||||
}
|
||||
if ($result) {
|
||||
$this->Job->save(array(
|
||||
'message' => 'Job done.',
|
||||
'progress' => 100,
|
||||
'status' => 4
|
||||
));
|
||||
} else {
|
||||
$this->Job->save(array(
|
||||
'message' => 'Job failed. See logs for more details.',
|
||||
'progress' => 100,
|
||||
'status' => 3,
|
||||
));
|
||||
}
|
||||
|
||||
$this->Task->id = $task['Task']['id'];
|
||||
$this->Task->saveField('message', 'Job completed at ' . date('d/m/Y - H:i:s'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class AppController extends Controller
|
|||
public $helpers = array('Utility', 'OrgImg', 'FontAwesome', 'UserName');
|
||||
|
||||
private $__queryVersion = '84';
|
||||
public $pyMispVersion = '2.4.113';
|
||||
public $pyMispVersion = '2.4.114';
|
||||
public $phpmin = '7.0';
|
||||
public $phprec = '7.2';
|
||||
public $isApiAuthed = false;
|
||||
|
|
@ -76,8 +76,6 @@ class AppController extends Controller
|
|||
'Session',
|
||||
'Auth' => array(
|
||||
'authError' => 'Unauthorised access.',
|
||||
'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'),
|
||||
'logoutRedirect' => array('controller' => 'users', 'action' => 'login', 'admin' => false),
|
||||
'authenticate' => array(
|
||||
'Form' => array(
|
||||
'passwordHasher' => 'Blowfish',
|
||||
|
|
@ -105,6 +103,8 @@ class AppController extends Controller
|
|||
|
||||
public function beforeFilter()
|
||||
{
|
||||
$this->Auth->loginRedirect = Configure::read('MISP.baseurl') . '/users/routeafterlogin';
|
||||
$this->Auth->logoutRedirect = Configure::read('MISP.baseurl') . '/users/login';
|
||||
$this->__sessionMassage();
|
||||
if (Configure::read('Security.allow_cors')) {
|
||||
// Add CORS headers
|
||||
|
|
|
|||
|
|
@ -76,11 +76,19 @@ class CommunitiesController extends AppController
|
|||
'recursive' => -1,
|
||||
'fields' => array('User.gpgkey')
|
||||
));
|
||||
if (!empty($gpgkey['User']['gpgkey'])) {
|
||||
$gpgkey = $gpgkey['User']['gpgkey'];
|
||||
} else {
|
||||
$gpgkey = '';
|
||||
}
|
||||
if (!$this->request->is('post')) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->describe('Communities', 'requestAccess', false, $this->response->type());
|
||||
}
|
||||
$this->request->data['Server']['email'] = $this->Auth->user('email');
|
||||
$this->request->data['Server']['org_name'] = $this->Auth->user('Organisation')['name'];
|
||||
$this->request->data['Server']['org_uuid'] = $this->Auth->user('Organisation')['uuid'];
|
||||
$this->request->data['Server']['gpgkey'] = $gpgkey['User']['gpgkey'];
|
||||
$this->request->data['Server']['gpgkey'] = $gpgkey;
|
||||
} else {
|
||||
if (empty($this->request->data['Server'])) {
|
||||
$this->request->data = array('Server' => $this->request->data);
|
||||
|
|
@ -100,12 +108,12 @@ My e-mail address that I wish to use as my username:
|
|||
%s%s
|
||||
|
||||
Thank you in advance!',
|
||||
$this->request->data['Server']['org_name'],
|
||||
$this->request->data['Server']['org_uuid'],
|
||||
empty($this->request->data['Server']['org_name']) ? $this->Auth->user('Organisation')['name'] : $this->request->data['Server']['org_name'],
|
||||
empty($this->request->data['Server']['org_uuid']) ? $this->Auth->user('Organisation')['uuid'] : $this->request->data['Server']['org_uuid'],
|
||||
empty($this->request->data['Server']['sync']) ? '' : 'synchronisation ',
|
||||
$community['community_name'],
|
||||
$this->request->data['Server']['org_description'],
|
||||
$this->request->data['Server']['email'],
|
||||
$community['name'],
|
||||
empty($this->request->data['Server']['org_description']) ? '' : $this->request->data['Server']['org_description'],
|
||||
empty($this->request->data['Server']['email']) ? '' : $this->request->data['Server']['email'],
|
||||
empty($this->request->data['Server']['message']) ? '' : sprintf(
|
||||
'%sAdditional information:%s%s%s',
|
||||
PHP_EOL,
|
||||
|
|
@ -135,34 +143,47 @@ Thank you in advance!',
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!isset($this->request->data['Server']['gpgkey'])) {
|
||||
$this->request->data['Server']['gpgkey'] = $gpgkey;
|
||||
}
|
||||
if (!empty($image)) {
|
||||
$params['attachments']['logo.png'] = $image;
|
||||
}
|
||||
if (!empty($gpgkey)) {
|
||||
$params['attachments']['requestor.asc'] = $gpgkey;
|
||||
if (!empty($this->request->data['Server']['gpgkey'])) {
|
||||
$params['attachments']['requestor.asc'] = $this->request->data['Server']['gpgkey'];
|
||||
}
|
||||
$params = array();
|
||||
$params['to'] = $community['email'];
|
||||
$params['reply-to'] = $this->request->data['Server']['email'];
|
||||
$params['requestor_gpgkey'] = $this->request->data['Server']['gpgkey'];
|
||||
$params['reply-to'] = empty($this->request->data['Server']['email']) ? $this->Auth->user('email') : $this->request->data['Server']['email'];
|
||||
$params['requestor_gpgkey'] = empty($this->request->data['Server']['gpgkey']) ? $gpgkey : $this->request->data['Server']['gpgkey'];
|
||||
$params['gpgkey'] = $community['pgp_key'];
|
||||
$params['body'] = $body;
|
||||
$params['subject'] = '[' . $community['community_name'] . '] Requesting MISP access';
|
||||
$params['subject'] = '[' . $community['name'] . '] Requesting MISP access';
|
||||
$params['mock'] = !empty($this->request->data['Server']['mock']);
|
||||
$result = $this->User->sendEmailExternal($this->Auth->user(), $params);
|
||||
$message = $result ? __('Request sent.') : __('Something went wrong and the request could not be sent.');
|
||||
if ($this->_isRest()) {
|
||||
if ($result) {
|
||||
if ($result === true) {
|
||||
return $this->RestResponse->saveSuccessResponse('Communities', 'requestAccess', $id, false, $message);
|
||||
} elseif ($result) {
|
||||
return $this->RestResponse->viewData($result);
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('Communities', 'requestAccess', false, $message);
|
||||
}
|
||||
} else {
|
||||
if ($result) {
|
||||
if ($result === true) {
|
||||
$this->Flash->success($message);
|
||||
$this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
|
||||
} elseif ($result) {
|
||||
$this->set('result', $result);
|
||||
$this->render('request_access_email');
|
||||
} else {
|
||||
$this->Flash->error($message);
|
||||
$this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
|
||||
}
|
||||
$this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
|
||||
}
|
||||
if (!empty($this->request->data['Server']['mock'])) {
|
||||
$this->set('mock', $this->request->data['Server']['mock']);
|
||||
}
|
||||
}
|
||||
$this->set('community', $community);
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -64,7 +64,7 @@ class EventDelegationsController extends AppController
|
|||
$org_id = $this->Toolbox->findIdByUuid($this->EventDelegation->Event->Org, $this->request->data['EventDelegation']['org_id']);
|
||||
$this->request->data['EventDelegation']['org_id'] = $org_id;
|
||||
$this->EventDelegation->create();
|
||||
$this->EventDelegation->save($this->request->data['EventDelegation']);
|
||||
$result = $this->EventDelegation->save($this->request->data['EventDelegation']);
|
||||
$org = $this->EventDelegation->Event->Org->find('first', array(
|
||||
'conditions' => array('id' => $org_id),
|
||||
'recursive' => -1,
|
||||
|
|
@ -72,6 +72,19 @@ class EventDelegationsController extends AppController
|
|||
));
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->Log->create();
|
||||
if (empty($result)) {
|
||||
$this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Event',
|
||||
'model_id' => $event['Event']['id'],
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'request_delegation',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Request of event delegation failed',
|
||||
'change' => 'Request of the delegation of event ' . $event['Event']['id'] . ' to organisation ' . $org['Org']['name'] . ' failed.',
|
||||
));
|
||||
throw new InvalidArgumentException('Invalid input, could not create the Delegation Request.');
|
||||
}
|
||||
$this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Event',
|
||||
|
|
@ -91,8 +104,16 @@ class EventDelegationsController extends AppController
|
|||
));
|
||||
return $this->RestResponse->viewData($delegation_request, $this->response->type());
|
||||
}
|
||||
$this->Flash->success('Delegation request created.');
|
||||
$this->redirect('/events/view/' . $id);
|
||||
if (!$this->_isRest()) {
|
||||
$this->Flash->success('Delegation request created.');
|
||||
$this->redirect('/events/view/' . $id);
|
||||
} else {
|
||||
$delegationRequest = $this->EventDelegation->find("first", array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('EventDelegation.id' => $this->EventDelegation->id)
|
||||
));
|
||||
return $this->RestResponse->viewData($delegationRequest, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
$orgs = $this->EventDelegation->Event->Org->find('list', array(
|
||||
'conditions' => array(
|
||||
|
|
@ -153,11 +174,21 @@ class EventDelegationsController extends AppController
|
|||
'title' => 'Completed event delegation',
|
||||
'change' => 'Event ' . $delegation['Event']['id'] . ' successfully transferred to organisation ' . $this->Auth->user('Organisation')['name'],
|
||||
));
|
||||
$this->Flash->success('Event ownership transferred.');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $result));
|
||||
$message = 'Event ownership transferred.';
|
||||
if (!$this->_isRest()) {
|
||||
$this->Flash->success($message);
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $result));
|
||||
} else {
|
||||
return $this->RestResponse->saveSuccessResponse('EventDelegation', 'acceptDelegation', $id, $this->response->type(), $message);
|
||||
}
|
||||
} else {
|
||||
$this->Flash->error('Something went wrong and the event could not be transferred.');
|
||||
$this->redirect(array('controller' => 'Event', 'action' => 'view', $delegation['EventDelegation']['event_id']));
|
||||
$message = 'Something went wrong and the event could not be transferred.';
|
||||
if (!$this->_isRest()) {
|
||||
$this->Flash->error($message);
|
||||
$this->redirect(array('controller' => 'Event', 'action' => 'view', $delegation['EventDelegation']['event_id']));
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('EventDelegation', 'acceptDelegation', $id, $message, $this->response->type());
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$this->set('delegationRequest', $delegation);
|
||||
|
|
@ -177,8 +208,14 @@ class EventDelegationsController extends AppController
|
|||
}
|
||||
if ($this->request->is('post')) {
|
||||
$this->EventDelegation->delete($delegation['EventDelegation']['id']);
|
||||
$this->Flash->success('Delegation request deleted.');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
$message = 'Delegation request deleted.';
|
||||
if (!$this->_isRest()) {
|
||||
$this->Flash->success($message);
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
} else {
|
||||
return $this->RestResponse->saveSuccessResponse('EventDelegation', 'deleteDelegation', $id, $this->response->type(), $message);
|
||||
}
|
||||
|
||||
} else {
|
||||
$this->set('delegationRequest', $delegation);
|
||||
$this->render('ajax/delete_delegation');
|
||||
|
|
|
|||
|
|
@ -731,6 +731,7 @@ class EventsController extends AppController
|
|||
unset($rules['contain']);
|
||||
$rules['recursive'] = -1;
|
||||
$rules['fields'] = array('id', 'timestamp', 'published', 'uuid');
|
||||
$rules['contain'] = array('Orgc.uuid');
|
||||
}
|
||||
$paginationRules = array('page', 'limit', 'sort', 'direction', 'order');
|
||||
foreach ($paginationRules as $paginationRule) {
|
||||
|
|
@ -836,6 +837,7 @@ class EventsController extends AppController
|
|||
return $this->RestResponse->viewData($events, $this->response->type(), false, false, false, array('X-Result-Count' => $absolute_total));
|
||||
} else {
|
||||
foreach ($events as $key => $event) {
|
||||
$event['Event']['orgc_uuid'] = $event['Orgc']['uuid'];
|
||||
$events[$key] = $event['Event'];
|
||||
}
|
||||
return $this->RestResponse->viewData($events, $this->response->type(), false, false, false, array('X-Result-Count' => $absolute_total));
|
||||
|
|
@ -3435,7 +3437,18 @@ class EventsController extends AppController
|
|||
$this->render('/Events/module_views/' . $renderView);
|
||||
} else {
|
||||
$responseType = $this->Event->validFormats[$returnFormat][0];
|
||||
return $this->RestResponse->viewData($final, $responseType, false, true, false, array('X-Result-Count' => $elementCounter, 'X-Export-Module-Used' => $returnFormat, 'X-Response-Format' => $responseType));
|
||||
$filename = 'misp.event.';
|
||||
if (!empty($filters['eventid']) && !is_array($filters['eventid'])) {
|
||||
if (Validation::uuid(trim($filters['eventid']))) {
|
||||
$filename .= trim($filters['eventid']);
|
||||
} else if (!empty(intval(trim($filters['eventid'])))) {
|
||||
$filename .= intval(trim($filters['eventid']));
|
||||
}
|
||||
} else {
|
||||
$filename .= 'list';
|
||||
}
|
||||
$filename .= '.' . $responseType;
|
||||
return $this->RestResponse->viewData($final, $responseType, false, true, $filename, array('X-Result-Count' => $elementCounter, 'X-Export-Module-Used' => $returnFormat, 'X-Response-Format' => $responseType));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -520,7 +520,13 @@ class FeedsController extends AppController
|
|||
$this->Flash->info(__('Feed is currently not enabled. Make sure you enable it.'));
|
||||
$this->redirect(array('action' => 'previewIndex', $feedId));
|
||||
}
|
||||
$result = $this->Feed->downloadAndSaveEventFromFeed($this->Feed->data, $eventUuid, $this->Auth->user());
|
||||
try {
|
||||
$result = $this->Feed->downloadAndSaveEventFromFeed($this->Feed->data, $eventUuid, $this->Auth->user());
|
||||
} catch (Exception $e) {
|
||||
$this->Flash->error(__('Download failed.') . ' ' . $e->getMessage());
|
||||
$this->redirect(array('action' => 'previewIndex', $feedId));
|
||||
}
|
||||
|
||||
if (isset($result['action'])) {
|
||||
if ($result['result']) {
|
||||
if ($result['action'] == 'add') {
|
||||
|
|
@ -579,11 +585,13 @@ class FeedsController extends AppController
|
|||
App::uses('SyncTool', 'Tools');
|
||||
$syncTool = new SyncTool();
|
||||
$HttpSocket = $syncTool->setupHttpSocketFeed($feed);
|
||||
$events = $this->Feed->getManifest($feed, $HttpSocket);
|
||||
if (!is_array($events)) {
|
||||
$this->Flash->info($events);
|
||||
try {
|
||||
$events = $this->Feed->getManifest($feed, $HttpSocket);
|
||||
} catch (Exception $e) {
|
||||
$this->Flash->error("Could not fetch manifest for feed: {$e->getMessage()}");
|
||||
$this->redirect(array('controller' => 'feeds', 'action' => 'index'));
|
||||
}
|
||||
|
||||
if (!empty($this->params['named']['searchall'])) {
|
||||
foreach ($events as $uuid => $event) {
|
||||
$found = false;
|
||||
|
|
@ -672,10 +680,10 @@ class FeedsController extends AppController
|
|||
$HttpSocket = $syncTool->setupHttpSocketFeed($feed);
|
||||
$params = array();
|
||||
// params is passed as reference here, the pagination happens in the method, which isn't ideal but considering the performance gains here it's worth it
|
||||
$resultArray = $this->Feed->getFreetextFeed($feed, $HttpSocket, $feed['Feed']['source_format'], $currentPage, 60, $params);
|
||||
// we want false as a valid option for the split fetch, but we don't want it for the preview
|
||||
if (!is_array($resultArray)) {
|
||||
$this->Flash->info($resultArray);
|
||||
try {
|
||||
$resultArray = $this->Feed->getFreetextFeed($feed, $HttpSocket, $feed['Feed']['source_format'], $currentPage, 60, $params);
|
||||
} catch (Exception $e) {
|
||||
$this->Flash->error("Could not fetch feed: {$e->getMessage()}");
|
||||
$this->redirect(array('controller' => 'feeds', 'action' => 'index'));
|
||||
}
|
||||
$this->params->params['paging'] = array($this->modelClass => $params);
|
||||
|
|
@ -721,7 +729,12 @@ class FeedsController extends AppController
|
|||
throw new MethodNotAllowedException(__('Invalid feed type.'));
|
||||
}
|
||||
$HttpSocket = $syncTool->setupHttpSocketFeed($feed);
|
||||
$resultArray = $this->Feed->getFreetextFeed($feed, $HttpSocket, $feed['Feed']['source_format'], $currentPage);
|
||||
try {
|
||||
$resultArray = $this->Feed->getFreetextFeed($feed, $HttpSocket, $feed['Feed']['source_format'], $currentPage);
|
||||
} catch (Exception $e) {
|
||||
$this->Flash->error("Could not fetch feed: {$e->getMessage()}");
|
||||
$this->redirect(array('controller' => 'feeds', 'action' => 'index'));
|
||||
}
|
||||
// we want false as a valid option for the split fetch, but we don't want it for the preview
|
||||
if ($resultArray == false) {
|
||||
$resultArray = array();
|
||||
|
|
@ -755,7 +768,11 @@ class FeedsController extends AppController
|
|||
throw new NotFoundException(__('Invalid feed.'));
|
||||
}
|
||||
$this->Feed->read();
|
||||
$event = $this->Feed->downloadEventFromFeed($this->Feed->data, $eventUuid, $this->Auth->user());
|
||||
try {
|
||||
$event = $this->Feed->downloadEventFromFeed($this->Feed->data, $eventUuid, $this->Auth->user());
|
||||
} catch (Exception $e) {
|
||||
throw new Exception(__('Could not download the selected Event'), 0, $e);
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->viewData($event, $this->response->type());
|
||||
}
|
||||
|
|
@ -858,11 +875,11 @@ class FeedsController extends AppController
|
|||
$feed['Feed']['settings'] = json_decode($feed['Feed']['settings'], true);
|
||||
}
|
||||
$data = json_decode($this->request->data['Feed']['data'], true);
|
||||
$result = $this->Feed->saveFreetextFeedData($feed, $data, $this->Auth->user());
|
||||
if ($result === true) {
|
||||
try {
|
||||
$this->Feed->saveFreetextFeedData($feed, $data, $this->Auth->user());
|
||||
$this->Flash->success(__('Data pulled.'));
|
||||
} else {
|
||||
$this->Flash->error(__('Could not pull the selected data. Reason: %s', $result));
|
||||
} catch (Exception $e) {
|
||||
$this->Flash->error(__('Could not pull the selected data. Reason: %s', $e->getMessage()));
|
||||
}
|
||||
$this->redirect(array('controller' => 'feeds', 'action' => 'index'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr "Instansens debug-niveauet for webstedsadmins. Denne funktion lader webstedsadmins eksekvere debug-tilstand på en idriftsat instans uden at afsløre dette overfor andre brugere. Den mest detaljerigholdige Indstilling for debug og site_admin_debug benyttes for admins."
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3890,7 +3890,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2254
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2258
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr "Le niveau de debuggage de l'instance pour les adminstrateurs. Cette option permet aux administrateurs de l'instance de lancer le mode debug sur une instance active sans exposer les autres utilisateurs. L'option la plus verbeuse de debug et site_admin_debug sont utilisés pour les administrateurs d'instance."
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr "サイト管理者用のインスタンスのデバッグレベル。 この機能により、サイト管理者は、他のユーザーに公開することなく、動作中のインスタンスでデバッグモードを実行できます。 debug と site_admin_debug の最も冗長なオプションは、サイト管理者に使用されます。"
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3891,8 +3891,8 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr "Feilsøkingsnivået for forekomsten for nettstedadministratorer. Denne funksjonen tillater at webansvarlige kan kjøre feilsøkingsmodus på en levende forekomst uten å utsette den for andre brukere. Det mest fordelaktige alternativet for feilsøking og site_admin_debug brukes til administratorer på nettstedet."
|
||||
|
||||
#: Model/Server.php:2254
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgstr "Mislyktes (delvis?) På grunn av valideringsfeil: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr "Mislyktes (delvis?) På grunn av feil: "
|
||||
|
||||
#: Model/Server.php:2258
|
||||
msgid "Blocked an edit to an event that was created locally. This can happen if a synchronised event that was created on this instance was modified by an administrator on the remote side."
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr "Уровень отладки приложения для администраторов сайта. Данный функционал позволяет администраторам сайта включать режим отладки на рабтающих инстансах без воздействия на других пользователей."
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -3705,7 +3705,7 @@ msgid "The debug level of the instance for site admins. This feature allows site
|
|||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2172
|
||||
msgid "Failed (partially?) because of validation errors: "
|
||||
msgid "Failed (partially?) because of errors: "
|
||||
msgstr ""
|
||||
|
||||
#: Model/Server.php:2176
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class Community extends AppModel
|
|||
} catch (Exception $e) {
|
||||
throw new NotFoundException(__('Default community list not in the expected format.'));
|
||||
}
|
||||
$fieldsToCheck = array('community_name', 'community_uuid', 'description', 'url', 'sector', 'nationality', 'type_of_community', 'org_uuid', 'org_name', 'rules');
|
||||
$fieldsToCheck = array('name', 'uuid', 'description', 'url', 'sector', 'nationality', 'type', 'org_uuid', 'org_name', 'rules');
|
||||
foreach ($community_list as $k => $v) {
|
||||
if ($v['misp_project_vetted'] === ($context === 'vetted')) {
|
||||
$community_list[$k]['id'] = $k + 1;
|
||||
|
|
@ -85,7 +85,7 @@ class Community extends AppModel
|
|||
$lookupField = 'uuid';
|
||||
}
|
||||
foreach ($community_list as $s) {
|
||||
if ($s[$lookupField === 'uuid' ? 'community_uuid' : 'id'] === $id) {
|
||||
if ($s[$lookupField === 'uuid' ? 'uuid' : 'id'] === $id) {
|
||||
$community = $s;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1887,6 +1887,13 @@ class Event extends AppModel
|
|||
$delegatedEventIDs = $this->__cachedelegatedEventIDs($user, $useCache);
|
||||
$conditions['AND']['OR']['Event.id'] = $delegatedEventIDs;
|
||||
}
|
||||
$attributeCondSelect = '(SELECT events.org_id FROM events WHERE events.id = Attribute.event_id)';
|
||||
$objectCondSelect = '(SELECT events.org_id FROM events WHERE events.id = Object.event_id)';
|
||||
if ($this->getDataSource()->config['datasource'] == 'Database/Postgres') {
|
||||
$schemaName = $this->getDataSource()->config['schema'];
|
||||
$attributeCondSelect = sprintf('(SELECT "%s"."events"."org_id" FROM "%s"."events" WHERE "%s"."events"."id" = "Attribute"."event_id")', $schemaName, $schemaName, $schemaName);
|
||||
$objectCondSelect = sprintf('(SELECT "%s"."events"."org_id" FROM "%s"."events" WHERE "%s"."events"."id" = "Object"."event_id")', $schemaName, $schemaName, $schemaName);
|
||||
}
|
||||
$conditionsAttributes['AND'][0]['OR'] = array(
|
||||
array('AND' => array(
|
||||
'Attribute.distribution >' => 0,
|
||||
|
|
@ -1896,7 +1903,7 @@ class Event extends AppModel
|
|||
'Attribute.distribution' => 4,
|
||||
'Attribute.sharing_group_id' => $sgids,
|
||||
)),
|
||||
'(SELECT events.org_id FROM events WHERE events.id = Attribute.event_id)' => $user['org_id']
|
||||
$attributeCondSelect => $user['org_id']
|
||||
);
|
||||
|
||||
$conditionsObjects['AND'][0]['OR'] = array(
|
||||
|
|
@ -1908,7 +1915,7 @@ class Event extends AppModel
|
|||
'Object.distribution' => 4,
|
||||
'Object.sharing_group_id' => $sgids,
|
||||
)),
|
||||
'(SELECT events.org_id FROM events WHERE events.id = Object.event_id)' => $user['org_id']
|
||||
$objectCondSelect => $user['org_id']
|
||||
);
|
||||
}
|
||||
if ($options['distribution']) {
|
||||
|
|
@ -3459,13 +3466,12 @@ class Event extends AppModel
|
|||
}
|
||||
if (isset($data['Event']['uuid'])) {
|
||||
// check if the uuid already exists
|
||||
$existingEventCount = $this->find('count', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
|
||||
if ($existingEventCount > 0) {
|
||||
$existingEvent = $this->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
|
||||
if ($existingEvent) {
|
||||
// RESTful, set response location header so client can find right URL to edit
|
||||
if ($fromPull) {
|
||||
return false;
|
||||
}
|
||||
$existingEvent = $this->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
|
||||
if ($fromXml) {
|
||||
$created_id = $existingEvent['Event']['id'];
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -138,8 +138,8 @@ class Organisation extends AppModel
|
|||
foreach ($results as $k => $organisation) {
|
||||
if (!empty($organisation['Organisation']['restricted_to_domain'])) {
|
||||
$results[$k]['Organisation']['restricted_to_domain'] = json_decode($organisation['Organisation']['restricted_to_domain'], true);
|
||||
foreach ($results[$k]['Organisation']['restricted_to_domain'] as $k => $v) {
|
||||
$results[$k]['Organisation']['restricted_to_domain'][$k] = trim($v);
|
||||
foreach ($results[$k]['Organisation']['restricted_to_domain'] as $k2 => $v) {
|
||||
$results[$k]['Organisation']['restricted_to_domain'][$k2] = trim($v);
|
||||
}
|
||||
} else if (isset($organisation['Organisation']['restricted_to_domain'])){
|
||||
$results[$k]['Organisation']['restricted_to_domain'] = array();
|
||||
|
|
|
|||
|
|
@ -2289,10 +2289,10 @@ class Server extends AppModel
|
|||
if (!$existingEvent) {
|
||||
// add data for newly imported events
|
||||
$result = $eventModel->_add($event, true, $user, $server['Server']['org_id'], $passAlong, true, $jobId);
|
||||
if ($result) {
|
||||
if ($result === true) {
|
||||
$successes[] = $eventId;
|
||||
} else {
|
||||
$fails[$eventId] = __('Failed (partially?) because of validation errors: ') . json_encode($eventModel->validationErrors, true);
|
||||
$fails[$eventId] = __('Failed (partially?) because of errors: ') . $result;
|
||||
}
|
||||
} else {
|
||||
if (!$existingEvent['Event']['locked'] && !$server['Server']['internal']) {
|
||||
|
|
@ -2316,7 +2316,6 @@ class Server extends AppModel
|
|||
$eventId,
|
||||
$server
|
||||
);
|
||||
;
|
||||
if (!empty($event)) {
|
||||
if ($this->__checkIfEventIsBlockedBeforePull($event)) {
|
||||
return false;
|
||||
|
|
@ -2329,7 +2328,7 @@ class Server extends AppModel
|
|||
}
|
||||
} else {
|
||||
// error
|
||||
$fails[$eventId] = __('failed downloading the event');
|
||||
$fails[$eventId] = __('failed downloading the event') . ': ' . json_encode($event);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
|
@ -2528,6 +2527,7 @@ class Server extends AppModel
|
|||
$request = $this->setupSyncRequest($server);
|
||||
$uri = $url . '/events/index';
|
||||
$filter_rules['minimal'] = 1;
|
||||
$filter_rules['published'] = 1;
|
||||
try {
|
||||
$response = $HttpSocket->post($uri, json_encode($filter_rules), $request);
|
||||
if ($response->isOk()) {
|
||||
|
|
@ -2549,9 +2549,38 @@ class Server extends AppModel
|
|||
} else {
|
||||
// multiple events, iterate over the array
|
||||
$this->Event = ClassRegistry::init('Event');
|
||||
$blacklisting = array();
|
||||
if (Configure::read('MISP.enableEventBlacklisting') !== false) {
|
||||
$this->EventBlacklist = ClassRegistry::init('EventBlacklist');
|
||||
$blacklisting['EventBlacklist'] = array(
|
||||
'index_field' => 'uuid',
|
||||
'blacklist_field' => 'event_uuid'
|
||||
);
|
||||
}
|
||||
if (Configure::read('MISP.enableOrgBlacklisting') !== false) {
|
||||
$this->OrgBlacklist = ClassRegistry::init('OrgBlacklist');
|
||||
$blacklisting['OrgBlacklist'] = array(
|
||||
'index_field' => 'orgc_uuid',
|
||||
'blacklist_field' => 'org_uuid'
|
||||
);
|
||||
}
|
||||
foreach ($eventArray as $k => $event) {
|
||||
if (1 != $event['published']) {
|
||||
unset($eventArray[$k]); // do not keep non-published events
|
||||
continue;
|
||||
}
|
||||
foreach ($blacklisting as $type => $blacklist) {
|
||||
if (!empty($eventArray[$k][$blacklist['index_field']])) {
|
||||
$blacklist_hit = $this->{$type}->find('first', array(
|
||||
'conditions' => array($blacklist['blacklist_field'] => $eventArray[$k][$blacklist['index_field']]),
|
||||
'recursive' => -1,
|
||||
'fields' => array($type . '.id')
|
||||
));
|
||||
if (!empty($blacklist_hit)) {
|
||||
unset($eventArray[$k]);
|
||||
continue 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->Event->removeOlder($eventArray);
|
||||
|
|
@ -2565,20 +2594,6 @@ class Server extends AppModel
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!empty($eventIds) && Configure::read('MISP.enableEventBlacklisting') !== false) {
|
||||
$this->EventBlacklist = ClassRegistry::init('EventBlacklist');
|
||||
foreach ($eventIds as $k => $eventUuid) {
|
||||
$blacklistEntry = $this->EventBlacklist->find('first', array(
|
||||
'conditions' => array('event_uuid' => $eventUuid),
|
||||
'recursive' => -1,
|
||||
'fields' => array('EventBlacklist.id')
|
||||
));
|
||||
if (!empty($blacklistEntry)) {
|
||||
unset($eventIds[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
$eventIds = array_values($eventIds);
|
||||
return $eventIds;
|
||||
}
|
||||
if ($response->code == '403') {
|
||||
|
|
@ -4193,7 +4208,7 @@ class Server extends AppModel
|
|||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function writeableDirsDiagnostics(&$diagnostic_errors)
|
||||
|
|
|
|||
|
|
@ -216,26 +216,6 @@ class User extends AppModel
|
|||
'Containable'
|
||||
);
|
||||
|
||||
private function __generatePassword()
|
||||
{
|
||||
$groups = array(
|
||||
'0123456789',
|
||||
'abcdefghijklmnopqrstuvwxyz',
|
||||
'ABCDEFGHIJKLOMNOPQRSTUVWXYZ',
|
||||
'!@#$%^&*()_-'
|
||||
);
|
||||
$passwordLength = (Configure::read('Security.password_policy_length') && Configure::read('Security.password_policy_length') >= 12) ? Configure::read('Security.password_policy_length') : 12;
|
||||
$pw = '';
|
||||
for ($i = 0; $i < $passwordLength; $i++) {
|
||||
$chars = implode('', $groups);
|
||||
$pw .= $chars[mt_rand(0, strlen($chars)-1)];
|
||||
}
|
||||
foreach ($groups as $group) {
|
||||
$pw .= $group[mt_rand(0, strlen($group)-1)];
|
||||
}
|
||||
return $pw;
|
||||
}
|
||||
|
||||
public function beforeValidate($options = array())
|
||||
{
|
||||
if (!isset($this->data['User']['id'])) {
|
||||
|
|
@ -742,19 +722,6 @@ class User extends AppModel
|
|||
public function sendEmailExternal($user, $params)
|
||||
{
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
if (Configure::read('MISP.disable_emailing')) {
|
||||
$this->Log->create();
|
||||
$this->Log->save(array(
|
||||
'org' => 'SYSTEM',
|
||||
'model' => 'User',
|
||||
'model_id' => $user['id'],
|
||||
'email' => $user['email'],
|
||||
'action' => 'email',
|
||||
'title' => 'Email to ' . $user['email'] . ', titled "' . $params['subject'] . '" failed. Reason: Emailing is currently disabled on this instance.',
|
||||
'change' => null,
|
||||
));
|
||||
return true;
|
||||
}
|
||||
$params['body'] = str_replace('\n', PHP_EOL, $params['body']);
|
||||
$Email = new CakeEmail();
|
||||
$recipient = array('User' => array('email' => $params['to']));
|
||||
|
|
@ -790,8 +757,16 @@ class User extends AppModel
|
|||
}
|
||||
}
|
||||
$Email->attachments($attachments);
|
||||
$mock = false;
|
||||
if (Configure::read('MISP.disable_emailing') || !empty($params['mock'])) {
|
||||
$Email->transport('Debug');
|
||||
$mock = true;
|
||||
}
|
||||
$result = $Email->send($params['body']);
|
||||
$Email->reset();
|
||||
if ($result && !$mock) {
|
||||
return true;
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
return false;
|
||||
|
|
@ -1054,50 +1029,46 @@ class User extends AppModel
|
|||
App::uses('SyncTool', 'Tools');
|
||||
$syncTool = new SyncTool();
|
||||
$HttpSocket = $syncTool->setupHttpSocket();
|
||||
$response = $HttpSocket->get('https://pgp.circl.lu/pks/lookup?search=' . $email . '&op=index&fingerprint=on');
|
||||
$response = $HttpSocket->get('https://pgp.circl.lu/pks/lookup?search=' . urlencode($email) . '&op=index&fingerprint=on&options=mr');
|
||||
if ($response->code != 200) {
|
||||
return $response->code;
|
||||
}
|
||||
$string = str_replace(array("\r", "\n"), "", $response->body);
|
||||
$result = preg_match_all('/<pre>pub(.*?)<\/pre>/', $string, $matches);
|
||||
$results = $this->__extractPGPInfo($matches[1]);
|
||||
return $results;
|
||||
return $this->__extractPGPInfo($response->body);
|
||||
}
|
||||
|
||||
private function __extractPGPInfo($lines)
|
||||
private function __extractPGPInfo($body)
|
||||
{
|
||||
$extractionRules = array(
|
||||
'key_id' => array('regex' => '/\">(.*?)<\/a>/', 'all' => false, 'alternate' => false),
|
||||
'date' => array('regex' => '/([0-9]{4}\-[0-9]{2}\-[0-9]{2})/', 'all' => false, 'alternate' => false),
|
||||
'fingerprint' => array('regex' => '/Fingerprint=(.*)$/m', 'all' => false, 'alternate' => false),
|
||||
'uri' => array('regex' => '/<a href=\"(.*?)\">/', 'all' => false, 'alternate' => false),
|
||||
'address' => array('regex' => '/<a href="\/pks\/lookup\?op=vindex[^>]*>([^\<]*)<\/a>(.*)Fingerprint/s', 'all' => true, 'alternate' => true),
|
||||
);
|
||||
$final = array();
|
||||
$lines = explode("\n", $body);
|
||||
foreach ($lines as $line) {
|
||||
if (strpos($line, 'KEY REVOKED')) {
|
||||
continue;
|
||||
$parts = explode(":", $line);
|
||||
|
||||
if ($parts[0] === 'pub') {
|
||||
if (!empty($temp)) {
|
||||
$final[] = $temp;
|
||||
$temp = array();
|
||||
}
|
||||
|
||||
if (strpos($parts[6], 'r') !== false || strpos($parts[6], 'd') !== false || strpos($parts[6], 'e') !== false) {
|
||||
continue; // skip if key is expired, revoked or disabled
|
||||
}
|
||||
|
||||
$temp = array(
|
||||
'fingerprint' => chunk_split($parts[1], 4, ' '),
|
||||
'key_id' => substr($parts[1], -8),
|
||||
'date' => date('Y-m-d', $parts[4]),
|
||||
'uri' => 'pks/lookup?op=get&search=0x' . $parts[1],
|
||||
);
|
||||
|
||||
} else if ($parts[0] === 'uid' && !empty($temp)) {
|
||||
$temp['address'] = urldecode($parts[1]);
|
||||
}
|
||||
$temp = array();
|
||||
foreach ($extractionRules as $ruleName => $rule) {
|
||||
if ($rule['all']) {
|
||||
preg_match_all($rule['regex'], $line, ${$ruleName});
|
||||
} else {
|
||||
preg_match($rule['regex'], $line, ${$ruleName});
|
||||
}
|
||||
if ($rule['alternate'] && isset(${$ruleName}[2]) && trim(${$ruleName}[2][0]) != '') {
|
||||
$temp[$ruleName] = ${$ruleName}[2];
|
||||
} else {
|
||||
$temp[$ruleName] = ${$ruleName}[1];
|
||||
}
|
||||
if ($rule['all']) {
|
||||
$temp[$ruleName] = $temp[$ruleName][0];
|
||||
}
|
||||
$temp[$ruleName] = html_entity_decode($temp[$ruleName]);
|
||||
}
|
||||
$temp['address'] = preg_replace('/\s{2,}/', PHP_EOL, trim($temp['address']));
|
||||
}
|
||||
|
||||
if (!empty($temp)) {
|
||||
$final[] = $temp;
|
||||
}
|
||||
|
||||
return $final;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,9 +51,9 @@
|
|||
),
|
||||
array(
|
||||
'name' => __('Community name'),
|
||||
'sort' => 'community_name',
|
||||
'sort' => 'name',
|
||||
'class' => 'short',
|
||||
'data_path' => 'community_name',
|
||||
'data_path' => 'name',
|
||||
),
|
||||
array(
|
||||
'name' => __('Description'),
|
||||
|
|
@ -61,19 +61,19 @@
|
|||
)
|
||||
),
|
||||
'title' => __('Communities index'),
|
||||
'description' => __('You can find a list of communities below that chose to advertise their existence to the general MISP user-base.\nRequesting access to any of those communities is of course no guarantee of being permitted access, it is simply meant to simplify to means of finding the various communities that one may be eligible for. Get in touch with the misp-project maintainers if you would like your community to be included in the list.'),
|
||||
'description' => __('You can find a list of communities below that chose to advertise their existence to the general MISP user-base. Requesting access to any of those communities is of course no guarantee of being permitted access, it is only meant to simplify the means of finding the various communities that one may be eligible for. Get in touch with the MISP project maintainers if you would like your community to be included in the list.'),
|
||||
'actions' => array(
|
||||
array(
|
||||
'url' => '/communities/view',
|
||||
'url_params_data_paths' => array(
|
||||
'community_uuid'
|
||||
'uuid'
|
||||
),
|
||||
'icon' => 'eye'
|
||||
),
|
||||
array(
|
||||
'url' => '/communities/requestAccess',
|
||||
'url_params_data_paths' => array(
|
||||
'community_uuid'
|
||||
'uuid'
|
||||
),
|
||||
'icon' => 'comments'
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<div class="attributes form">
|
||||
<?php
|
||||
echo $this->Form->create('Server', array('id', 'url' => '/communities/requestAccess/' . $community['community_uuid']));
|
||||
echo $this->Form->create('Server', array('id', 'url' => '/communities/requestAccess/' . $community['uuid']));
|
||||
echo sprintf(
|
||||
'<fieldset><legend>%s</legend><p style="width:550px;">%s</p>%s</fieldset>%s',
|
||||
'Request access to ' . h($community['community_name']),
|
||||
'Request access to ' . h($community['name']),
|
||||
__('Describe both yourself and your organisation as best as you can - keep in mind this information is to be used by the hosts of the community you are requesting access to in order to determine whether you\'re a good fit for their community. The sending server\'s basic metadata is included by default, you can opt out using the "anonymise" checkbox (server url, uuid, version are shared otherwise - though this can be a useful step in establishing trust.).'),
|
||||
(
|
||||
$this->Form->input('email', array(
|
||||
|
|
@ -48,6 +48,11 @@
|
|||
$this->Form->input('anonymise', array(
|
||||
'label' => __('Anonymise information on the server used to issue the request'),
|
||||
'type' => 'checkbox'
|
||||
)) .
|
||||
$this->element('/genericElements/Forms/clear') .
|
||||
$this->Form->input('mock', array(
|
||||
'label' => __('Generate e-mail for later use, but do not send it'),
|
||||
'type' => 'checkbox'
|
||||
))
|
||||
),
|
||||
$this->Form->button('Submit', array(
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
<?php
|
||||
$table_data = array();
|
||||
$table_data[] = array('key' => __('Id'), 'value' => $community['id']);
|
||||
$table_data[] = array('key' => __('UUID'), 'value' => $community['community_uuid']);
|
||||
$table_data[] = array('key' => __('Name'), 'value' => $community['community_name']);
|
||||
$table_data[] = array('key' => __('UUID'), 'value' => $community['uuid']);
|
||||
$table_data[] = array('key' => __('Name'), 'value' => $community['name']);
|
||||
$table_data[] = array('key' => __('Host organisation'), 'value' => $community['org_name'] . '(' . $community['org_uuid'] . ')');
|
||||
$table_data[] = array(
|
||||
'key' => __('Vetted by MISP-project'),
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
)
|
||||
);
|
||||
$optional_fields = array(
|
||||
'type_of_community', 'description', 'rules', 'email', 'sector', 'nationality', 'eligibility', 'pgp_key'
|
||||
'type', 'description', 'rules', 'email', 'sector', 'nationality', 'eligibility', 'pgp_key'
|
||||
);
|
||||
foreach ($optional_fields as $field) {
|
||||
if (!empty($community[$field])) {
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
h($community['org_name']),
|
||||
h($community['org_name'])
|
||||
),
|
||||
__('Community ') . h($community['community_name']),
|
||||
__('Community ') . h($community['name']),
|
||||
$this->element('genericElements/viewMetaTable', array('table_data' => $table_data))
|
||||
)
|
||||
);
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
'<a href="%s%s%s" class="btn btn-primary">%s</a>',
|
||||
$baseurl,
|
||||
'/communities/requestAccess/',
|
||||
h($community['community_uuid']),
|
||||
h($community['uuid']),
|
||||
__('Request Access')
|
||||
);
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -30,12 +30,12 @@
|
|||
);
|
||||
} else {
|
||||
echo sprintf(
|
||||
'<a href="%s" class="black %s" title="%s" aria-label="%s" %s></a>',
|
||||
'<a href="%s" title="%s" aria-label="%s" %s><i class="black %s"></i></a> ',
|
||||
$url,
|
||||
$this->FontAwesome->getClass($action['icon']),
|
||||
empty($action['title']) ? '' : h($action['title']),
|
||||
empty($action['title']) ? '' : h($action['title']),
|
||||
empty($action['onclick']) ? '' : sprintf('onclick="%s"', $action['onclick'])
|
||||
empty($action['onclick']) ? '' : sprintf('onclick="%s"', $action['onclick']),
|
||||
$this->FontAwesome->getClass($action['icon'])
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -595,16 +595,22 @@
|
|||
if ($menuItem === 'view_community' || $menuItem === 'request_community_access') {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'text' => __('Request Access'),
|
||||
'url' => '/communities/requestAccesss/' . h($community['community_uuid']),
|
||||
'url' => '/communities/requestAccess/' . h($community['uuid']),
|
||||
'element_id' => 'request_community_access'
|
||||
));
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'text' => __('View community'),
|
||||
'url' => '/communities/view/' . h($community['community_uuid']),
|
||||
'url' => '/communities/view/' . h($community['uuid']),
|
||||
'element_id' => 'view_community'
|
||||
|
||||
));
|
||||
}
|
||||
if ($menuItem === 'view_email') {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'text' => __('Request E-mail'),
|
||||
'element_id' => 'view_email'
|
||||
));
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@
|
|||
'<td>%s%s</td>',
|
||||
h($type['description']),
|
||||
empty($type['params']['includeAttachments']) ? '' : sprintf(
|
||||
'<span class="%s">%s</span>',
|
||||
' <span class="%s">%s.</span>',
|
||||
Configure::read('MISP.cached_attachments') ? 'green' : 'red',
|
||||
Configure::read('MISP.cached_attachments') ? __('Attachments are enabled on this instance') : __('Attachments are disabled on this instance')
|
||||
)
|
||||
|
|
|
|||
|
|
@ -4,12 +4,18 @@
|
|||
<legend><?php echo __('Edit MISP Feed');?></legend>
|
||||
<p><?php echo __('Edit a new MISP feed source.');?></p>
|
||||
<?php
|
||||
echo $this->Form->input('enabled', array());
|
||||
echo $this->Form->input('caching_enabled', array());
|
||||
echo $this->Form->input('enabled', array(
|
||||
'type' => 'checkbox'
|
||||
));
|
||||
echo $this->Form->input('caching_enabled', array(
|
||||
'type' => 'checkbox'
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('lookup_visible', array());
|
||||
echo $this->Form->input('lookup_visible', array(
|
||||
'type' => 'checkbox'
|
||||
));
|
||||
echo $this->Form->input('name', array(
|
||||
'div' => 'input clear',
|
||||
'placeholder' => __('Feed name'),
|
||||
|
|
|
|||
|
|
@ -67,21 +67,3 @@ $disabledBtnText = $updateLocked ? 'title="' . __('An action is already in progr
|
|||
<?php
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'admin', 'menuItem' => 'adminTools'));
|
||||
?>
|
||||
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function(){
|
||||
$('.submitButtonToUpdateProgress').click(function() {
|
||||
var form = $(this).closest("form");
|
||||
$.ajax({
|
||||
data: form.serialize(),
|
||||
cache: false,
|
||||
timeout: 100,
|
||||
complete: function (data, textStatus) {
|
||||
window.location.href = $('#btnShowProgress').prop('href');
|
||||
},
|
||||
type:"post",
|
||||
url: form.prop('action')
|
||||
});
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -1 +1 @@
|
|||
Subproject commit 9926ea88262d06a8155fb2756a53c487f282ba1f
|
||||
Subproject commit b986f06cb415262c18c25e0e9c37107eb463cc54
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 81c37aff51c91bb511c5f8ed2cccc025b6d68fcf
|
||||
Subproject commit 56dddf2f9f61899063cf91112249f2edeae966f9
|
||||
|
|
@ -89,7 +89,8 @@ class StixBuilder(object):
|
|||
idgen.set_id_namespace(Namespace(self.baseurl, self.orgname, "MISP"))
|
||||
self.namespace_prefix = idgen.get_id_namespace_alias()
|
||||
## MAPPING FOR ATTRIBUTES
|
||||
self.simple_type_to_method = {"port": self.generate_port_observable, "domain|ip": self.generate_domain_ip_observable}
|
||||
self.simple_type_to_method = {"port": self.generate_port_observable, "domain|ip": self.generate_domain_ip_observable,
|
||||
"named pipe": self.generate_pipe_observable}
|
||||
self.simple_type_to_method.update(dict.fromkeys(list(hash_type_attributes["single"]) + list(hash_type_attributes["composite"]) + ["filename"], self.resolve_file_observable))
|
||||
self.simple_type_to_method.update(dict.fromkeys(["ip-src", "ip-dst"], self.generate_ip_observable))
|
||||
self.simple_type_to_method.update(dict.fromkeys(["ip-src|port", "ip-dst|port", "hostname|port"], self.generate_socket_address_observable))
|
||||
|
|
@ -531,6 +532,17 @@ class StixBuilder(object):
|
|||
observable.id_ = "{}:Observable-{}".format(self.namespace_prefix, attribute_uuid)
|
||||
return observable
|
||||
|
||||
def generate_pipe_observable(self, attribute):
|
||||
attribute_uuid = attribute['uuid']
|
||||
pipe_object = Pipe()
|
||||
pipe.named = True
|
||||
pipe.name = attribute['value']
|
||||
pipe.name.condition = 'Equals'
|
||||
pipe.parent.id_ = "{}PipeObject-{}".format(self.namesapce_prefix, attribute_uuid)
|
||||
observable = Observable(pipe_object)
|
||||
observable.id_ = "{}:Pipe-{}".format(self.namespace_prefix, attribute_uuid)
|
||||
return observable
|
||||
|
||||
def generate_port_observable(self, attribute):
|
||||
attribute_uuid = attribute['uuid']
|
||||
port_object = self.create_port_object(attribute['value'])
|
||||
|
|
|
|||
|
|
@ -436,7 +436,7 @@ class StixBuilder():
|
|||
|
||||
def add_custom(self, attribute):
|
||||
custom_object_id = "x-misp-object--{}".format(attribute['uuid'])
|
||||
custom_object_type = "x-misp-object-{}".format(attribute['type'].replace('|', '-').lower())
|
||||
custom_object_type = "x-misp-object-{}".format(attribute['type'].replace('|', '-').replace(' ', '-').lower())
|
||||
labels, markings = self.create_labels(attribute)
|
||||
custom_object_args = {'id': custom_object_id, 'x_misp_category': attribute['category'], 'labels': labels,
|
||||
'x_misp_timestamp': self.get_datetime_from_timestamp(attribute['timestamp']),
|
||||
|
|
|
|||
|
|
@ -578,7 +578,8 @@ class StixFromMISPParser(StixParser):
|
|||
def parse_custom_attribute(self, o, labels):
|
||||
attribute_type = o['type'].split('x-misp-object-')[1]
|
||||
if attribute_type not in misp_types:
|
||||
attribute_type = attribute_type.replace('-', '|')
|
||||
replacement = ' ' if attribute_type == 'named-pipe' else '|'
|
||||
attribute_type = attribute_type.replace('-', replacement)
|
||||
attribute = {'type': attribute_type,
|
||||
'timestamp': self.getTimestampfromDate(o['x_misp_timestamp']),
|
||||
'to_ids': bool(labels[1].split('=')[1]),
|
||||
|
|
|
|||
|
|
@ -108,6 +108,7 @@ class StixParser():
|
|||
'NetworkConnectionObjectType': self.handle_network_connection,
|
||||
'NetworkSocketObjectType': self.handle_network_socket,
|
||||
'PDFFileObjectType': self.handle_file,
|
||||
'PipeObjectType': self.handle_pipe,
|
||||
'PortObjectType': self.handle_port,
|
||||
'ProcessObjectType': self.handle_process,
|
||||
'SocketAddressObjectType': self.handle_socket_address,
|
||||
|
|
@ -419,6 +420,11 @@ class StixParser():
|
|||
if attributes:
|
||||
return "network-socket", self.return_attributes(attributes), ""
|
||||
|
||||
# Return type & value of a names pipe attribute
|
||||
@staticmethod
|
||||
def handle_pipe(properties):
|
||||
return "named pipe", properties.name.value, ""
|
||||
|
||||
# Return type & value of a port attribute
|
||||
@staticmethod
|
||||
def handle_port(*kwargs):
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 554360add3b90335ec2a058680ae48c4602df1e8
|
||||
Subproject commit bc1bcceac6639c881d97ad3b59ea974650b8a131
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit b204b9fddafed1a9688449b27e300855046b30b4
|
||||
Subproject commit a739c1154e6c2be0ebb619c581b62481025d7ecc
|
||||
Loading…
Reference in New Issue