MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of https://github.com/MISP/MISP into 2.4

pull/5206/head
chrisr3d 2019-09-23 11:27:23 +02:00
parent 6aa636bece 1ebf403ee8
commit 25003e13ae
6 changed files with 103 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/Controller/AttributesController.php
View File

@ -3063,13 +3063,21 @@ class AttributesController extends AppController
$success = 0; $success = 0;
$fails = 0; $fails = 0;
foreach ($idList as $id) { foreach ($idList as $id) {
$attribute = $this->Attribute->find('first', array( $attributes = $this->Attribute->fetchAttributes(
'recursive' => -1, $this->Auth->user(),
array(
'conditions' => array('Attribute.id' => $id, 'Attribute.deleted' => 0), 'conditions' => array('Attribute.id' => $id, 'Attribute.deleted' => 0),
'contain' => array('Event.orgc_id') 'contain' => array('Event.orgc_id')
)); )
if (empty($attribute)) { );
if (empty($attributes)) {
throw new NotFoundException(__('Invalid attribute')); throw new NotFoundException(__('Invalid attribute'));
} else {
$attribute = $attributes[0];
}
if (!$this->userRole['perm_tagger']) {
$fails++;
continue;
} }
if ((!$this->userRole['perm_sync'] && !$this->_isSiteAdmin()) && $attribute['Event']['orgc_id'] !== $this->Auth->user('org_id')) { if ((!$this->userRole['perm_sync'] && !$this->_isSiteAdmin()) && $attribute['Event']['orgc_id'] !== $this->Auth->user('org_id')) {
if (Configure::read('MISP.host_org_id') != $this->Auth->user('org_id') || !$local) { if (Configure::read('MISP.host_org_id') != $this->Auth->user('org_id') || !$local) {
@ -3082,11 +3090,6 @@ class AttributesController extends AppController
'conditions' => array('Event.id' => $eventId), 'conditions' => array('Event.id' => $eventId),
'recursive' => -1 'recursive' => -1
)); ));
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
if (!$this->userRole['perm_tagger'] || ($this->Auth->user('org_id') !== $event['Event']['org_id'] && $this->Auth->user('org_id') !== $event['Event']['orgc_id'])) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You do not have permission to do that.')), 'status' => 200, 'type' => 'json'));
}
}
if (!$this->_isRest()) { if (!$this->_isRest()) {
$this->Attribute->Event->insertLock($this->Auth->user(), $eventId); $this->Attribute->Event->insertLock($this->Auth->user(), $eventId);
} }

11
app/Controller/TagsController.php
View File

@ -463,15 +463,15 @@ class TagsController extends AppController
throw new MethodNotAllowedException('Invalid event.'); throw new MethodNotAllowedException('Invalid event.');
} }
$this->loadModel('GalaxyCluster'); $this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.id', 'GalaxyCluster.tag_name'))); $cluster_names = $this->GalaxyCluster->find('list', array(
'fields' => array('GalaxyCluster.tag_name'),
'group' => array('GalaxyCluster.id', 'GalaxyCluster.tag_name')
));
$this->helpers[] = 'TextColour'; $this->helpers[] = 'TextColour';
$conditions = array( $conditions = array(
'event_id' => $id, 'event_id' => $id,
'Tag.name !=' => $cluster_names 'Tag.name !=' => $cluster_names
); );
if (empty($this->Auth->user()['Role']['perm_sync'])) {
$conditions['EventTag.local'] = false;
}
$tags = $this->EventTag->find('all', array( $tags = $this->EventTag->find('all', array(
'conditions' => $conditions, 'conditions' => $conditions,
'contain' => array('Tag'), 'contain' => array('Tag'),
@ -505,9 +505,6 @@ class TagsController extends AppController
$eventId = $this->Tag->AttributeTag->Attribute->data['Attribute']['event_id']; $eventId = $this->Tag->AttributeTag->Attribute->data['Attribute']['event_id'];
$conditions = array('attribute_id' => $id); $conditions = array('attribute_id' => $id);
if (empty($this->Auth->user()['Role']['perm_sync'])) {
$conditions['AttributeTag.local'] = false;
}
$attributeTags = $this->AttributeTag->find('all', array( $attributeTags = $this->AttributeTag->find('all', array(
'conditions' => $conditions, 'conditions' => $conditions,
'contain' => array('Tag'), 'contain' => array('Tag'),

12
app/Model/AppModel.php
View File

@ -1460,13 +1460,15 @@ class AppModel extends Model
public function cleanCacheFiles() public function cleanCacheFiles()
{ {
Cache::clear(); Cache::clear();
Cache::clear(false, '_cake_core_');
Cache::clear(false, '_cake_model_');
clearCache(); clearCache();
$files = array();
$files = array_merge($files, glob(CACHE . 'models' . DS . 'myapp*')); $files = glob(CACHE . 'models' . DS . 'myapp*');
$files = array_merge($files, glob(CACHE . 'persistent' . DS . 'myapp*')); $files = array_merge($files, glob(CACHE . 'persistent' . DS . 'myapp*'));
foreach ($files as $f) { foreach ($files as $file) {
if (is_file($f)) { if (is_file($file)) {
unlink($f); unlink($file);
} }
} }
} }

38
app/Model/Log.php
View File

@ -177,10 +177,38 @@ class Log extends AppModel
return $data; return $data;
} }
public function createLogEntry($user = array('Organisation' => array('name' => 'SYSTEM'), 'email' => 'SYSTEM', 'id' => 0), $action, $model, $model_id = 0, $title = '', $change = '') /**
* @param string|array $user
* @param string $action
* @param string $model
* @param int $modelId
* @param string $title
* @param string|array $change
* @throws Exception
*/
public function createLogEntry($user, $action, $model, $modelId = 0, $title = '', $change = '')
{ {
if ($user === 'SYSTEM') {
$user = array('Organisation' => array('name' => 'SYSTEM'), 'email' => 'SYSTEM', 'id' => 0);
} else if (!is_array($user)) {
throw new InvalidArgumentException("User must be array or 'SYSTEM' string.");
}
if (is_array($change)) {
$output = array();
foreach ($change as $field => $values) {
if (strpos($field, 'password') !== false) { // if field name contains password, replace value with asterisk
$oldValue = $newValue = "*****";
} else {
list($oldValue, $newValue) = $values;
}
$output[] = "$field ($oldValue) => ($newValue)";
}
$change = implode(", ", $output);
}
$this->create(); $this->create();
$this->save(array( $result = $this->save(array(
'org' => $user['Organisation']['name'], 'org' => $user['Organisation']['name'],
'email' => $user['email'], 'email' => $user['email'],
'user_id' => $user['id'], 'user_id' => $user['id'],
@ -188,8 +216,12 @@ class Log extends AppModel
'title' => $title, 'title' => $title,
'change' => $change, 'change' => $change,
'model' => $model, 'model' => $model,
'model_id' => $model_id, 'model_id' => $modelId,
)); ));
if (!$result) {
throw new Exception("Cannot save log because of validation errors: " . json_encode($this->validationErrors));
}
} }
// to combat a certain bug that causes the upgrade scripts to loop without being able to set the correct version // to combat a certain bug that causes the upgrade scripts to loop without being able to set the correct version

30
app/Model/Server.php
View File

@ -3726,34 +3726,18 @@ class Server extends AppModel
} else { } else {
$oldValue = Configure::read($setting['name']); $oldValue = Configure::read($setting['name']);
$settingSaveResult = $this->serverSettingsSaveValue($setting['name'], $value); $settingSaveResult = $this->serverSettingsSaveValue($setting['name'], $value);
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
if ($settingSaveResult) { if ($settingSaveResult) {
$result = $this->Log->save(array( $this->Log = ClassRegistry::init('Log');
'org' => $user['Organisation']['name'], $change = array($setting['name'] => array($oldValue, $value));
'model' => 'Server', $this->Log->createLogEntry($user, 'serverSettingsEdit', 'Server', 0, 'Server setting changed', $change);
'model_id' => 0,
'email' => $user['email'],
'action' => 'serverSettingsEdit',
'user_id' => $user['id'],
'title' => 'Server setting changed',
'change' => $setting['name'] . ' (' . $oldValue . ') => (' . $value . ')',
));
// execute after hook // execute after hook
if (isset($setting['afterHook'])) { if (isset($setting['afterHook'])) {
$afterResult = call_user_func_array(array($this, $setting['afterHook']), array($setting['name'], $value)); $afterResult = call_user_func_array(array($this, $setting['afterHook']), array($setting['name'], $value));
if ($afterResult !== true) { if ($afterResult !== true) {
$this->Log->create(); $change = 'There was an issue after setting a new setting. The error message returned is: ' . $afterResult;
$result = $this->Log->save(array( $this->Log->createLogEntry($user, 'serverSettingsEdit', 'Server', 0, 'Server setting issue', $change);
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => 0,
'email' => $user['email'],
'action' => 'serverSettingsEdit',
'user_id' => $user['id'],
'title' => 'Server setting issue',
'change' => 'There was an issue after setting a new setting. The error message returned is: ' . $afterResult,
));
return $afterResult; return $afterResult;
} }
} }

28
app/files/feed-metadata/defaults.json
View File

@ -1941,5 +1941,33 @@
"org_id": "0", "org_id": "0",
"hide_tag": false "hide_tag": false
} }
},
{
"Feed": {
"id": "114",
"name": "DigitalSide Threat-Intel OSINT Feed",
"provider": "osint.digitalside.it",
"url": "https:\/\/osint.digitalside.it\/Threat-Intel\/digitalside-misp-feed\/",
"rules": "",
"enabled": false,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "0",
"default": false,
"source_format": "misp",
"fixed_event": true,
"delta_merge": false,
"event_id": "0",
"publish": false,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": false,
"headers": "",
"caching_enabled": false,
"force_to_ids": false,
"cache_timestamp": "1568901075"
}
} }
] ]