mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
26459f1b63
2
PyMISP
2
PyMISP
|
@ -1 +1 @@
|
|||
Subproject commit c5dfa9b5090de50d782f1903455a4d4b604c072e
|
||||
Subproject commit a32256f1959cc3fb6a4481b77dbe2589385e4f5b
|
|
@ -190,7 +190,9 @@ class AppController extends Controller
|
|||
if ($this->_isRest()) {
|
||||
$this->Security->unlockedActions = array($this->action);
|
||||
}
|
||||
|
||||
if (!empty(Configure::read('Security.disable_form_security'))) {
|
||||
$this->Security->csrfCheck = false;
|
||||
}
|
||||
if (!$userLoggedIn) {
|
||||
// REST authentication
|
||||
if ($this->_isRest() || $this->_isAutomation()) {
|
||||
|
|
|
@ -197,24 +197,6 @@ class ShadowAttributesController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
// If we accept a proposed attachment, then the attachment itself needs to be moved from files/eventId/shadow/shadowId to files/eventId/attributeId
|
||||
private function _moveFile($shadowId, $newId, $eventId)
|
||||
{
|
||||
$attachments_dir = Configure::read('MISP.attachments_dir');
|
||||
if (empty($attachments_dir)) {
|
||||
$attachments_dir = $this->ShadowAttribute->getDefaultAttachments_dir();
|
||||
}
|
||||
$pathOld = $attachments_dir . DS . 'shadow' . DS . $shadowId;
|
||||
$pathNew = $attachments_dir . DS . $newId;
|
||||
if (rename($pathOld, $pathNew)) {
|
||||
return true;
|
||||
} else {
|
||||
$this->Flash->error(__('Moving of the file that this attachment references failed.', true), 'default', array());
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private function __discard($id)
|
||||
{
|
||||
$sa = $this->ShadowAttribute->find(
|
||||
|
|
|
@ -1799,10 +1799,12 @@ class UsersController extends AppController
|
|||
'group' => 'Event.orgc_id',
|
||||
'conditions' => array('Event.orgc_id' => array_keys($orgs)),
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.orgc_id', 'count(*)')
|
||||
'fields' => array('Event.orgc_id', 'count(*)', 'sum(Event.attribute_count) as attributeCount')
|
||||
));
|
||||
foreach ($events as $event) {
|
||||
$orgs[$event['Event']['orgc_id']]['eventCount'] = $event[0]['count(*)'];
|
||||
$orgs[$event['Event']['orgc_id']]['attributeCount'] = $event[0]['attributeCount'];
|
||||
$orgs[$event['Event']['orgc_id']]['orgActivity'] = $this->User->getOrgActivity($event['Event']['orgc_id'], array('event_timestamp' => '365d'));
|
||||
}
|
||||
unset($events);
|
||||
$orgs = Set::combine($orgs, '{n}.name', '{n}');
|
||||
|
|
|
@ -3581,11 +3581,6 @@ class Attribute extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
public function convertToOpenIOC($user, $attributes)
|
||||
{
|
||||
return $this->IOCExport->buildAll($user, $event);
|
||||
}
|
||||
|
||||
private function __createTagSubQuery($tag_id, $blocked = false, $scope = 'Event', $limitAttributeHitsTo = 'event')
|
||||
{
|
||||
$conditionKey = $blocked ? array('NOT' => array('EventTag.tag_id' => $tag_id)) : array('EventTag.tag_id' => $tag_id);
|
||||
|
|
|
@ -365,19 +365,12 @@ class Feed extends AppModel
|
|||
if ($scope === 'Server' || $source[$scope]['source_format'] == 'misp') {
|
||||
$pipe = $redis->multi(Redis::PIPELINE);
|
||||
$eventUuidHitPosition = array();
|
||||
$i = 0;
|
||||
foreach ($objects as $k => $object) {
|
||||
if (isset($object[$scope])) {
|
||||
foreach ($object[$scope] as $currentFeed) {
|
||||
if ($source[$scope]['id'] == $currentFeed['id']) {
|
||||
$eventUuidHitPosition[$i] = $k;
|
||||
$i++;
|
||||
if (in_array($object['type'], $compositeTypes)) {
|
||||
$value = explode('|', $object['value']);
|
||||
$redis->smembers($cachePrefix . 'event_uuid_lookup:' . md5($value[0]));
|
||||
} else {
|
||||
$redis->smembers($cachePrefix . 'event_uuid_lookup:' . md5($object['value']));
|
||||
}
|
||||
$eventUuidHitPosition[] = $k;
|
||||
$redis->smembers($cachePrefix . 'event_uuid_lookup:' . $hashTable[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1176,6 +1176,15 @@ class Server extends AppModel
|
|||
),
|
||||
'Security' => array(
|
||||
'branch' => 1,
|
||||
'disable_form_security' => array(
|
||||
'level' => 0,
|
||||
'description' => __('Disabling this setting will remove all form tampering protection. Do not set this setting pretty much ever. You were warned.'),
|
||||
'value' => false,
|
||||
'errorMessage' => 'This setting leaves your users open to CSRF attacks. Do not please consider disabling this setting.',
|
||||
'test' => 'testBoolFalse',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'salt' => array(
|
||||
'level' => 0,
|
||||
'description' => __('The salt used for the hashed passwords. You cannot reset this from the GUI, only manually from the settings.php file. Keep in mind, this will invalidate all passwords in the database.'),
|
||||
|
@ -4700,6 +4709,7 @@ class Server extends AppModel
|
|||
'binary' => Configure::read('GnuPG.binary') ?: '/usr/bin/gpg'
|
||||
));
|
||||
} catch (Exception $e) {
|
||||
$this->logException("Error during initializing GPG.", $e, LOG_NOTICE);
|
||||
$gpgStatus = 2;
|
||||
$continue = false;
|
||||
}
|
||||
|
@ -4707,6 +4717,7 @@ class Server extends AppModel
|
|||
try {
|
||||
$key = $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password'));
|
||||
} catch (Exception $e) {
|
||||
$this->logException("Error during adding GPG signing key.", $e, LOG_NOTICE);
|
||||
$gpgStatus = 3;
|
||||
$continue = false;
|
||||
}
|
||||
|
@ -4716,6 +4727,7 @@ class Server extends AppModel
|
|||
$gpgStatus = 0;
|
||||
$signed = $gpg->sign('test', Crypt_GPG::SIGN_MODE_CLEAR);
|
||||
} catch (Exception $e) {
|
||||
$this->logException("Error during GPG signing.", $e, LOG_NOTICE);
|
||||
$gpgStatus = 4;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1461,4 +1461,57 @@ class User extends AppModel
|
|||
|
||||
return new Crypt_GPG($options);
|
||||
}
|
||||
|
||||
public function getOrgActivity($orgId, $params=array())
|
||||
{
|
||||
$conditions = array();
|
||||
$options = array();
|
||||
foreach($params as $paramName => $value) {
|
||||
$options['filter'] = $paramName;
|
||||
$filterParam[$paramName] = $value;
|
||||
$conditions = $this->Event->set_filter_timestamp($filterParam, $conditions, $options);
|
||||
}
|
||||
$conditions['Event.orgc_id'] = $orgId;
|
||||
$events = $this->Event->find('all', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.orgc_id', 'Event.timestamp', 'Event.attribute_count'),
|
||||
'conditions' => $conditions,
|
||||
'order' => 'Event.timestamp'
|
||||
));
|
||||
$sparklineData = array();
|
||||
foreach ($events as $event) {
|
||||
$date = date("Y-m-d", $event['Event']['timestamp']);
|
||||
if (!isset($sparklineData[$event['Event']['attribute_count']][$date])) {
|
||||
$sparklineData[$date] = $event['Event']['attribute_count'];
|
||||
} else {
|
||||
$sparklineData[$date] += $event['Event']['attribute_count'];
|
||||
}
|
||||
}
|
||||
|
||||
// get first and last timestamp
|
||||
if (isset($params['from'])) {
|
||||
$startDate = $params['from'];
|
||||
} else {
|
||||
$startDate = $this->resolveTimeDelta($params['event_timestamp']);
|
||||
}
|
||||
if (isset($params['to'])) {
|
||||
$endDate = $params['to'];
|
||||
} else {
|
||||
$endDate = time();
|
||||
}
|
||||
$dates = array();
|
||||
for ($d=$startDate; $d < $endDate; $d=$d+3600*24) {
|
||||
$dates[] = date('Y-m-d', $d);
|
||||
}
|
||||
$csv = 'Date,Close\n';
|
||||
foreach ($dates as $date) {
|
||||
$csv .= sprintf('%s,%s\n', $date, isset($sparklineData[$date]) ? $sparklineData[$date] : 0);
|
||||
}
|
||||
$data = array(
|
||||
'csv' => $csv,
|
||||
'data' => $sparklineData,
|
||||
'orgId' => $orgId
|
||||
);
|
||||
return $data;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -31,9 +31,11 @@
|
|||
<th><?php echo __('Name');?></th>
|
||||
<th><?php echo __('Users');?></th>
|
||||
<th><?php echo __('Events');?></th>
|
||||
<th><?php echo __('Attributes');?></th>
|
||||
<th><?php echo __('Nationality');?></th>
|
||||
<th><?php echo __('Type');?></th>
|
||||
<th><?php echo __('Sector');?></th>
|
||||
<th><?php echo __('Activity (1 year)');?></th>
|
||||
</tr>
|
||||
<?php
|
||||
foreach ($orgs as $data):
|
||||
|
@ -47,9 +49,17 @@
|
|||
<td class="short"><?php echo h($data['name']); ?></td>
|
||||
<td class="short"><span class="<?php echo isset($data['userCount']) ? 'blue bold' : 'grey'; ?>"><?php echo isset($data['userCount']) ? h($data['userCount']) : '0';?></span></td>
|
||||
<td class="short"><span class="<?php echo isset($data['eventCount']) ? 'blue bold' : 'grey'; ?>"><?php echo isset($data['eventCount']) ? h($data['eventCount']) : '0';?></span></td>
|
||||
<td class="short"><span class="<?php echo isset($data['attributeCount']) ? 'blue bold' : 'grey'; ?>"><?php echo isset($data['attributeCount']) ? h($data['attributeCount']) : '0';?></span></td>
|
||||
<td class="shortish"><?php echo isset($data['nationality']) && $data['nationality'] !== 'Not specified' ? h($data['nationality']) : ' '; ?></td>
|
||||
<td class="shortish"><?php echo isset($data['type']) ? h($data['type']) : ' '; ?></td>
|
||||
<td class="shortish"><?php echo isset($data['sector']) ? h($data['sector']) : ' '; ?></td>
|
||||
<td class="shortish">
|
||||
<?php
|
||||
if (isset($data['orgActivity'])) {
|
||||
echo $this->element('sparkline', array('scope' => 'organisation', 'id' => $data['id'], 'csv' => $data['orgActivity']['csv']));
|
||||
}
|
||||
?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
endforeach;
|
||||
|
|
Loading…
Reference in New Issue