From 233a30b9fd2ec0d93c051acc98d969ceb7616c3c Mon Sep 17 00:00:00 2001
From: Alexandru Ciobanu <iscandr@gmail.com>
Date: Thu, 14 Nov 2013 12:43:31 +0100
Subject: [PATCH] Basic JSON API CRUD [ci skip]     - adds JSON example to
 shell scripts     - adds sample JSON event     - ??? for some redundant
 Attribute model conditions     - updates travis with CakePHP installation

---
 .travis.yml                         | 21 ++++++++-
 app/Controller/AppController.php    |  2 +-
 app/Controller/EventsController.php |  4 +-
 app/Model/Attribute.php             |  8 ++--
 tools/curl/addEvent.sh              |  3 ++
 tools/curl/editEvent.sh             |  3 ++
 tools/curl/indexEvents.sh           |  3 ++
 tools/curl/input/event.json         | 66 +++++++++++++++++++++++++++++
 tools/curl/viewEvent.sh             |  3 ++
 9 files changed, 107 insertions(+), 6 deletions(-)
 create mode 100644 tools/curl/input/event.json

diff --git a/.travis.yml b/.travis.yml
index 41af9bde9..f72812f87 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,7 +5,8 @@ php:
     - 5.3
 
 env:
-    - DB=mysql
+    - CAKE_VERSION=2.4.2 DB=mysql
+    - CAKE_VERSION=master DB=mysql
 
 matrix:
     allow_failures:
@@ -14,3 +15,21 @@ matrix:
 before_script:
     - pecl install Crypt_GPG
     - pecl install Net_GeoIP
+    - phpenv rehash
+    - sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'CREATE DATABASE misp_test;'; fi"
+    - git clone git://github.com/cakephp/cakephp ../cakephp && cd ../cakephp && git checkout $CAKE_VERSION
+    - chmod -R 777 ../cakephp/app/tmp
+    - echo "<?php
+        class DATABASE_CONFIG {
+        public \$test = array(
+          'datasource' => 'Database/Mysql',
+          'database' => 'misp_test',
+          'host' => '0.0.0.0',
+          'login' => 'travis',
+          'host' => '',
+          'persistent' => false
+        );
+        }" > app/Config/database.php
+
+script:
+    - ./lib/Cake/Console/cake test app AllTests --stderr
diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 39d5f06f1..df63da29e 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -153,7 +153,7 @@ class AppController extends Controller {
 	//}
 
 	protected function _isRest() {
-		return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
+		return (isset($this->RequestHandler) && ($this->RequestHandler->isXml() || $this->isJson()));
 	}
 
 /**
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 3246aa1c9..7ec4e4964 100755
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -593,7 +593,9 @@ class EventsController extends AppController {
 				'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'timestamp', 'distribution', 'locked'),
 				'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'timestamp', 'distribution')
 		);
-		$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
+
+		$saveResult = $this->Event->saveAssociated($data, array('validate' => false, 'fieldList' => $fieldList,
+			'atomic' => true));
 		// FIXME chri: check if output of $saveResult is what we expect when data not valid, see issue #104
 		if ($saveResult) {
 			if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 911f822ae..ebb14796c 100755
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -819,6 +819,7 @@ class Attribute extends AppModel {
 			if ($fromGFI) $this->data['Attribute']['comment'] = 'GFI import';
 		}
 
+		//???
 		if ($this->save($this->data)) {
 			// attribute saved correctly in the db
 		} else {
@@ -828,6 +829,7 @@ class Attribute extends AppModel {
 		// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
 		// no sanitization is required on the filename, path or type as we save
 		// create directory structure
+		// ???
 		if (PHP_OS == 'WINNT') {
 			$rootDir = APP . "files" . DS . $eventId;
 		} else {
@@ -878,11 +880,11 @@ class Attribute extends AppModel {
 			$this->Correlation = ClassRegistry::init('Correlation');
 			// When we add/update an attribute we need to
 			// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
-	
+
 			// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
 			// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
 			$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
-	
+
 			// now build a correlation array of things that will need to be added in the db
 			// we do this twice, once for value1 and once for value2
 			$correlations = array();   // init variable
@@ -898,7 +900,7 @@ class Attribute extends AppModel {
 			            	),
 			            	'AND' => array(
 			            		'Attribute.type !=' => 'vulnerability',
-			            		'Attribute.type !=' => 'comment',			            				
+			            		'Attribute.type !=' => 'comment',
 						)),
 			            'recursive' => 0,
 			            //'fields' => '', // we want to have the Attribute AND Event, so do not filter here
diff --git a/tools/curl/addEvent.sh b/tools/curl/addEvent.sh
index e2cd80ba3..b0c90a994 100755
--- a/tools/curl/addEvent.sh
+++ b/tools/curl/addEvent.sh
@@ -1,2 +1,5 @@
 curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
 --data "@input/event.xml" -X POST http://localhost/events
+
+#curl -i -H "Accept: application/json" -H "content-type: text/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#--data "@input/event.json" -X POST http://localhost/events
\ No newline at end of file
diff --git a/tools/curl/editEvent.sh b/tools/curl/editEvent.sh
index a88beb3e7..666d0579b 100755
--- a/tools/curl/editEvent.sh
+++ b/tools/curl/editEvent.sh
@@ -4,3 +4,6 @@
 # POST can be used as well..
 curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
 --data "@input/event.xml" -X POST http://localhost/events/$1
+
+#curl -i -H "Accept: application/json" -H "content-type: text/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#--data "@input/event.json" -X POST http://localhost/events/$1
\ No newline at end of file
diff --git a/tools/curl/indexEvents.sh b/tools/curl/indexEvents.sh
index 4deb43dc1..f417f638d 100755
--- a/tools/curl/indexEvents.sh
+++ b/tools/curl/indexEvents.sh
@@ -1,2 +1,5 @@
 curl -H "Accept: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
 -X GET http://localhost/events
+
+#curl -H "Accept: application/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#-X GET http://localhost/events
diff --git a/tools/curl/input/event.json b/tools/curl/input/event.json
new file mode 100644
index 000000000..f0c6619db
--- /dev/null
+++ b/tools/curl/input/event.json
@@ -0,0 +1,66 @@
+{
+  "Event": {
+    "id": "15",
+    "org": "ORG",
+    "date": "2012-04-12",
+    "risk": "Medium",
+    "info": "info",
+    "user_id": "1",
+    "uuid": "4f8c2c4e-00dc-42c9-83ad-76e9ff32448e",
+    "distribution": "0",
+    "analysis": "0",
+    "timestamp": "1",
+    "Attribute": [
+      {
+        "id": "116",
+        "event_id": "14",
+        "type": "ip-dst",
+        "category": "Network activity",
+        "to_ids": "1",
+        "uuid": "4f8c2cc3-0410-4bf0-8559-5b9dff32448e",
+        "distribution": "0",
+        "value": "1.1.1.111",
+        "timestamp": "0"
+      },
+      {
+        "id": "117",
+        "event_id": "14",
+        "type": "malware-sample",
+        "category": "Payload delivery",
+        "to_ids": "0",
+        "uuid": "4f8c2d08-7e6c-4648-8730-50a7ff32448e",
+        "distribution": "0",
+        "value": "A.doc|3f6f1aaab6171925c81de9b34a8fcf8e",
+        "timestamp": "0"
+      },
+      {
+        "id": "115",
+        "event_id": "14",
+        "type": "vulnerability",
+        "category": "Payload delivery",
+        "to_ids": "1",
+        "uuid": "4f8c2c69-9bf8-4279-8d03-2138ff32448e",
+        "distribution": "0",
+        "value": "CVE-XXXX-XXXX",
+        "timestamp": "0"
+      }
+    ],
+    "RelatedEvent": [
+      {
+        "id": "11",
+        "date": "2011-01-03",
+        "uuid": "4f8812ff-ded0-4592-9227-0615ff32448e"
+      },
+      {
+        "id": "9",
+        "date": "2011-02-02",
+        "uuid": "4f85981e-d044-4b16-bc16-0a35ff32448e"
+      },
+      {
+        "id": "6",
+        "date": "2011-03-01",
+        "uuid": "4f7a9faa-91d4-4c91-8ec6-0878ff32448e"
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/tools/curl/viewEvent.sh b/tools/curl/viewEvent.sh
index 38f3f6491..2bff21d8e 100755
--- a/tools/curl/viewEvent.sh
+++ b/tools/curl/viewEvent.sh
@@ -1,2 +1,5 @@
 curl -H "Accept: application/xml" -H "Authorization: 3xoBdRRCjr3dLS0WyqETzWZrMhmpK5iNCGpQxgsR" \
 -X GET http://localhost:8888/events/$1
+
+#curl -H "Accept: application/json" -H "Authorization: 3xoBdRRCjr3dLS0WyqETzWZrMhmpK5iNCGpQxgsR" \
+#-X GET http://localhost:8888/events/$1