Basic JSON API CRUD [ci skip]

- adds JSON example to shell scripts - adds sample JSON event - ??? for some redundant Attribute model conditions - updates travis with CakePHP installation
2013-11-14 12:43:31 +01:00 · 2013-11-14 12:43:31 +01:00 · 233a30b9fd
parent 67eb138800
commit 233a30b9fd
9 changed files with 107 additions and 6 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -5,7 +5,8 @@ php:
    - 5.3

 env:
-    - DB=mysql
+    - CAKE_VERSION=2.4.2 DB=mysql
+    - CAKE_VERSION=master DB=mysql

 matrix:
    allow_failures:
@ -14,3 +15,21 @@ matrix:
 before_script:
    - pecl install Crypt_GPG
    - pecl install Net_GeoIP
+    - phpenv rehash
+    - sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'CREATE DATABASE misp_test;'; fi"
+    - git clone git://github.com/cakephp/cakephp ../cakephp && cd ../cakephp && git checkout $CAKE_VERSION
+    - chmod -R 777 ../cakephp/app/tmp
+    - echo "<?php
+        class DATABASE_CONFIG {
+        public \$test = array(
+          'datasource' => 'Database/Mysql',
+          'database' => 'misp_test',
+          'host' => '0.0.0.0',
+          'login' => 'travis',
+          'host' => '',
+          'persistent' => false
+        );
+        }" > app/Config/database.php
+
+script:
+    - ./lib/Cake/Console/cake test app AllTests --stderr
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -153,7 +153,7 @@ class AppController extends Controller {
 	//}

 	protected function _isRest() {
-		return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
+		return (isset($this->RequestHandler) && ($this->RequestHandler->isXml() || $this->isJson()));
 	}

 /**
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -593,7 +593,9 @@ class EventsController extends AppController {
 				'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'timestamp', 'distribution', 'locked'),
 				'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'timestamp', 'distribution')
 		);
-		$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
+
+		$saveResult = $this->Event->saveAssociated($data, array('validate' => false, 'fieldList' => $fieldList,
+			'atomic' => true));
 		// FIXME chri: check if output of $saveResult is what we expect when data not valid, see issue #104
 		if ($saveResult) {
 			if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -819,6 +819,7 @@ class Attribute extends AppModel {
 			if ($fromGFI) $this->data['Attribute']['comment'] = 'GFI import';
 		}

+		//???
 		if ($this->save($this->data)) {
 			// attribute saved correctly in the db
 		} else {
@ -828,6 +829,7 @@ class Attribute extends AppModel {
 		// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
 		// no sanitization is required on the filename, path or type as we save
 		// create directory structure
+		// ???
 		if (PHP_OS == 'WINNT') {
 			$rootDir = APP . "files" . DS . $eventId;
 		} else {
@ -878,11 +880,11 @@ class Attribute extends AppModel {
 			$this->Correlation = ClassRegistry::init('Correlation');
 			// When we add/update an attribute we need to
 			// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
-	
+
 			// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
 			// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
 			$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
-	
+
 			// now build a correlation array of things that will need to be added in the db
 			// we do this twice, once for value1 and once for value2
 			$correlations = array();   // init variable
@ -898,7 +900,7 @@ class Attribute extends AppModel {
 			            	),
 			            	'AND' => array(
 			            		'Attribute.type !=' => 'vulnerability',
-			            		'Attribute.type !=' => 'comment',			            				
+			            		'Attribute.type !=' => 'comment',
 						)),
 			            'recursive' => 0,
 			            //'fields' => '', // we want to have the Attribute AND Event, so do not filter here
--- a/tools/curl/addEvent.sh
+++ b/tools/curl/addEvent.sh
@ -1,2 +1,5 @@
 curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
 --data "@input/event.xml" -X POST http://localhost/events
+
+#curl -i -H "Accept: application/json" -H "content-type: text/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#--data "@input/event.json" -X POST http://localhost/events
--- a/tools/curl/editEvent.sh
+++ b/tools/curl/editEvent.sh
@ -4,3 +4,6 @@
 # POST can be used as well..
 curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
 --data "@input/event.xml" -X POST http://localhost/events/$1
+
+#curl -i -H "Accept: application/json" -H "content-type: text/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#--data "@input/event.json" -X POST http://localhost/events/$1
--- a/tools/curl/indexEvents.sh
+++ b/tools/curl/indexEvents.sh
@ -1,2 +1,5 @@
 curl -H "Accept: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
 -X GET http://localhost/events
+
+#curl -H "Accept: application/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#-X GET http://localhost/events
--- a/tools/curl/input/event.json
+++ b/tools/curl/input/event.json
@ -0,0 +1,66 @@
+{
+  "Event": {
+    "id": "15",
+    "org": "ORG",
+    "date": "2012-04-12",
+    "risk": "Medium",
+    "info": "info",
+    "user_id": "1",
+    "uuid": "4f8c2c4e-00dc-42c9-83ad-76e9ff32448e",
+    "distribution": "0",
+    "analysis": "0",
+    "timestamp": "1",
+    "Attribute": [
+      {
+        "id": "116",
+        "event_id": "14",
+        "type": "ip-dst",
+        "category": "Network activity",
+        "to_ids": "1",
+        "uuid": "4f8c2cc3-0410-4bf0-8559-5b9dff32448e",
+        "distribution": "0",
+        "value": "1.1.1.111",
+        "timestamp": "0"
+      },
+      {
+        "id": "117",
+        "event_id": "14",
+        "type": "malware-sample",
+        "category": "Payload delivery",
+        "to_ids": "0",
+        "uuid": "4f8c2d08-7e6c-4648-8730-50a7ff32448e",
+        "distribution": "0",
+        "value": "A.doc|3f6f1aaab6171925c81de9b34a8fcf8e",
+        "timestamp": "0"
+      },
+      {
+        "id": "115",
+        "event_id": "14",
+        "type": "vulnerability",
+        "category": "Payload delivery",
+        "to_ids": "1",
+        "uuid": "4f8c2c69-9bf8-4279-8d03-2138ff32448e",
+        "distribution": "0",
+        "value": "CVE-XXXX-XXXX",
+        "timestamp": "0"
+      }
+    ],
+    "RelatedEvent": [
+      {
+        "id": "11",
+        "date": "2011-01-03",
+        "uuid": "4f8812ff-ded0-4592-9227-0615ff32448e"
+      },
+      {
+        "id": "9",
+        "date": "2011-02-02",
+        "uuid": "4f85981e-d044-4b16-bc16-0a35ff32448e"
+      },
+      {
+        "id": "6",
+        "date": "2011-03-01",
+        "uuid": "4f7a9faa-91d4-4c91-8ec6-0878ff32448e"
+      }
+    ]
+  }
+}
--- a/tools/curl/viewEvent.sh
+++ b/tools/curl/viewEvent.sh
@ -1,2 +1,5 @@
 curl -H "Accept: application/xml" -H "Authorization: 3xoBdRRCjr3dLS0WyqETzWZrMhmpK5iNCGpQxgsR" \
 -X GET http://localhost:8888/events/$1
+
+#curl -H "Accept: application/json" -H "Authorization: 3xoBdRRCjr3dLS0WyqETzWZrMhmpK5iNCGpQxgsR" \
+#-X GET http://localhost:8888/events/$1