From 28cf7d44e96b6d85b28caae886a013f8609c647f Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Mon, 26 Mar 2012 15:06:01 +0200
Subject: [PATCH] XML export ... woohoo !!!

---
 app/Controller/EventsController.php | 45 ++++++++++++-----------------
 app/View/Events/xml.ctp             |  8 +----
 app/View/Users/news.ctp             |  2 +-
 3 files changed, 21 insertions(+), 34 deletions(-)

diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 21f8c61f3..c815e697f 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -497,7 +497,7 @@ class EventsController extends AppController {
 
 
 	public function xml($key) {
-	    // FIXME implement XML output
+	    // LATER filter out private events AND private signatures
 	    // check if the key is valid -> search for users based on key
 	    $this->loadModel('User');
 	    // no input sanitization necessary, it's done by model
@@ -506,40 +506,32 @@ class EventsController extends AppController {
 	        throw new UnauthorizedException('Incorrect authentication key');
 	    }
 	    // display the full xml
-	    $this->header('Content-Type: text/xml');    // set the content type
+	    $this->response->type('xml');    // set the content type
 	    $this->layout = 'xml/default';
-// 	    $this->header('Content-Disposition: attachment; filename="cydefsig.xml"');
+	    $this->header('Content-Disposition: inline; filename="cydefsig.xml"');
 
 	    $conditions = array("Event.alerted" => 1);
-	    $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info');
+	    // do not expose all the data like user_id, ...
+	    $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info', 'Event.uuid');
 	    if ('true' == Configure::read('CyDefSIG.showorg')) {
 	        $fields[] = 'Event.org';
 	    }
-	    //         $this->Event->Behaviors->attach('Containable');
-	    //         $contain = array('Signature.id', 'Signature.type', 'Signature.value', 'Signature.to_snort');
 	    $params = array('conditions' => $conditions,
-	                        'recursive' => 1,
-	                        'fields' => $fields,
-	    //                         'contain' => $contain
+                        'recursive' => 1,
+                        'fields' => $fields,
 	    );
 	    $results = $this->Event->find('all', $params);
 
 
-/* 	    $xml = Xml::build('<?xml version="1.0" encoding="UTF-8" ?><CyDefSIG></CyDefSIG>'); */
-
-	    $myXmlOriginal = '<?xml version="1.0"?><root><child>value</child></root>';
-	    $xml = Xml::build($myXmlOriginal);
-	    $xml->root->addChild('young', 'new value');
-
-// 	    foreach ($results as $result) {
-// 	        debug($result);
-// 	        $xml->CyDefSIG->addChild('f', 'b');
-// 	        debug($xml);
-// 	    }
-// 	        debug($results);
-// 	        $xml= Xml::fromArray(array('event' =>$results), array('format' => 'tags', 'return' => 'domdocument'));
-// 	        debug($xml->saveXML());
+	    $xmlArray = array();
+	    foreach ($results as $result) {
+	        $result['Event']['signature'] = $result['Signature'];
+            $xmlArray['CyDefSIG']['event'][] = $result['Event'];
+	    }
 
+	    $xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags')); // You can use Xml::build() too
+	    $xmlString = $xmlObject->asXML();
+	    $this->set('xml', $xmlString);
 	}
 
 
@@ -552,8 +544,8 @@ class EventsController extends AppController {
 	        throw new UnauthorizedException('Incorrect authentication key');
 	    }
 	    // display the full snort rulebase
-	    $this->header('Content-Type: text/plain');    // set the content type
-	    $this->header('Content-Disposition: attachment; filename="cydefsig.rules"');
+	    $this->response->type('txt');    // set the content type
+	    $this->header('Content-Disposition: inline; filename="cydefsig.rules"');
 	    $this->layout = 'text/default';
 
 	    $rules= array();
@@ -788,7 +780,8 @@ class EventsController extends AppController {
 	        throw new UnauthorizedException('Incorrect authentication key');
 	    }
 
-	    $this->header('Content-Type: text/plain');    // set the content type
+	    $this->response->type('txt');    // set the content type
+	    $this->header('Content-Disposition: inline; filename="cydefsig.'.$type.'.txt"');
 	    $this->layout = 'text/default';
 
 	    $this->loadModel('Signature');
diff --git a/app/View/Events/xml.ctp b/app/View/Events/xml.ctp
index ee54f056c..2a1d10593 100755
--- a/app/View/Events/xml.ctp
+++ b/app/View/Events/xml.ctp
@@ -1,8 +1,2 @@
 <?php
-// $xml = Xml::build($events);
-//echo $this->Xml->header(); 
-?><?php echo '<?xml version="1.0" encoding="UTF-8" ?><CyDefSIG>';?>
-<CyDefSIG>
-<?php // echo $this->Xml->serialize($events, array('format' => 'tags')); ?>
-<?php  // echo Xml::fromArray($events, array('format' => 'tags')); ?>
-</CyDefSIG>
\ No newline at end of file
+echo $xml;
diff --git a/app/View/Users/news.ctp b/app/View/Users/news.ctp
index 02d3fbe32..22fd8e27c 100644
--- a/app/View/Users/news.ctp
+++ b/app/View/Users/news.ctp
@@ -5,7 +5,7 @@
 A special CSS exists now to give a better layout when printing pages.
 All the pages should now look a lot better on paper.</p>
 <p><b>File upload</b><br/>
-Andrzej Dereszowski (NCIRC) added the file-uploading functionality.
+Andrzej Dereszowski (NCIRC) added the file-uploading functionality. Malware samples are password protected with the password <em>infected</em>.
 </p>
 <p><b>Backend rewrite + security</b><br/>
 Complete rewrite of the backend code to migrate to CakePHP 2.x (from CakePHP 1.3). <br/>