MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [internal] Optimise ssdeep correlation

pull/7727/head
Jakub Onderka 2021-09-03 12:09:22 +02:00
parent 2c2d879996
commit 1dd4f7e2da
1 changed files with 5 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Model/FuzzyCorrelateSsdeep.php
View File

@ -1,5 +1,6 @@
<?php
App::uses('AppModel', 'Model');
class FuzzyCorrelateSsdeep extends AppModel
{
public $useTable = 'fuzzy_correlate_ssdeep';
@ -8,14 +9,6 @@ class FuzzyCorrelateSsdeep extends AppModel
public $actsAs = array('Containable');
public $validate = array();
public function beforeValidate($options = array())
{
parent::beforeValidate();
return true;
}
public function ssdeep_prepare($hash)
{
list($block_size, $hash) = explode(':', $hash, 2);
@ -72,12 +65,12 @@ class FuzzyCorrelateSsdeep extends AppModel
// Original algo from article https://www.virusbulletin.com/virusbulletin/2015/11/optimizing-ssdeep-use-scale
// also propose to insert chunk size to database, but current database schema doesn't contain that column.
// This optimisation can be add in future versions.
$result = $this->find('list', array(
$result = $this->find('column', array(
'conditions' => array(
'FuzzyCorrelateSsdeep.chunk' => array_merge($chunks[1], $chunks[2]),
),
'fields' => array('FuzzyCorrelateSsdeep.attribute_id', 'FuzzyCorrelateSsdeep.attribute_id'),
'group' => 'FuzzyCorrelateSsdeep.attribute_id', // remove duplicates at database side
'fields' => array('FuzzyCorrelateSsdeep.attribute_id'),
'unique' => true,
));
$to_save = array();
@ -101,7 +94,7 @@ class FuzzyCorrelateSsdeep extends AppModel
$this->query('TRUNCATE TABLE fuzzy_correlate_ssdeep;');
} elseif (!$attributeId) {
$this->Attribute = ClassRegistry::init('Attribute');
$attributeId = $this->Attribute->find('list', array(
$attributeId = $this->Attribute->find('column', array(
'conditions' => array(
'Attribute.event_id' => $eventId,
'Attribute.type' => 'ssdeep',