mirror of https://github.com/MISP/MISP
chg: [warning-list] Filter CIDR warning list before eval
parent
8e58e27697
commit
20632d5e10
|
@ -257,6 +257,33 @@ class Warninglist extends AppModel
|
|||
return $entries;
|
||||
}
|
||||
|
||||
private function filterCidrList($inputValues)
|
||||
{
|
||||
$outputValues = [];
|
||||
foreach ($inputValues as $v) {
|
||||
$parts = explode('/', $v, 2);
|
||||
if (filter_var($parts[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
$maximumNetmask = 32;
|
||||
} else if (filter_var($parts[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$maximumNetmask = 128;
|
||||
} else {
|
||||
// IP address part of CIDR is invalid
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!isset($parts[1])) {
|
||||
// If CIDR doesnt contains '/', we will consider CIDR as /32 for IPv4 or /128 for IPv6
|
||||
$v = "$v/$maximumNetmask";
|
||||
} else if ($parts[1] > $maximumNetmask || $parts[1] < 0) {
|
||||
// Netmask part of CIDR is invalid
|
||||
continue;
|
||||
}
|
||||
|
||||
$outputValues[] = $v;
|
||||
}
|
||||
return $outputValues;
|
||||
}
|
||||
|
||||
public function fetchForEventView()
|
||||
{
|
||||
$warninglists = $this->getWarninglists(array('enabled' => 1));
|
||||
|
@ -270,10 +297,12 @@ class Warninglist extends AppModel
|
|||
foreach ($t['values'] as $vk => $v) {
|
||||
$t['values'][$vk] = rtrim($v, '.');
|
||||
}
|
||||
}
|
||||
if ($t['Warninglist']['type'] == 'string' || $t['Warninglist']['type'] == 'hostname') {
|
||||
} else if ($t['Warninglist']['type'] == 'string' || $t['Warninglist']['type'] == 'hostname') {
|
||||
$t['values'] = array_combine($t['values'], $t['values']);
|
||||
} else if ($t['Warninglist']['type'] === 'cidr') {
|
||||
$t['values'] = $this->filterCidrList($t['values']);
|
||||
}
|
||||
|
||||
foreach ($t['WarninglistType'] as &$wt) {
|
||||
$t['types'][] = $wt['type'];
|
||||
}
|
||||
|
@ -411,10 +440,9 @@ class Warninglist extends AppModel
|
|||
$ipv6cidrlist = array();
|
||||
// separate the CIDR list into IPv4 and IPv6
|
||||
foreach ($listValues as $lv) {
|
||||
$base = substr($lv, 0, strpos($lv, '/'));
|
||||
if (filter_var($base, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
if (strpos($lv, '.') !== false) { // IPv4 address must contain dot
|
||||
$ipv4cidrlist[] = $lv;
|
||||
} elseif (filter_var($base, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
} else {
|
||||
$ipv6cidrlist[] = $lv;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue