From 28cf7d44e96b6d85b28caae886a013f8609c647f Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas
Date: Mon, 26 Mar 2012 15:06:01 +0200
Subject: [PATCH] XML export ... woohoo !!!
---
app/Controller/EventsController.php | 45 ++++++++++++-----------------
app/View/Events/xml.ctp | 8 +----
app/View/Users/news.ctp | 2 +-
3 files changed, 21 insertions(+), 34 deletions(-)
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 21f8c61f3..c815e697f 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -497,7 +497,7 @@ class EventsController extends AppController {
public function xml($key) {
- // FIXME implement XML output
+ // LATER filter out private events AND private signatures
// check if the key is valid -> search for users based on key
$this->loadModel('User');
// no input sanitization necessary, it's done by model
@@ -506,40 +506,32 @@ class EventsController extends AppController {
throw new UnauthorizedException('Incorrect authentication key');
}
// display the full xml
- $this->header('Content-Type: text/xml'); // set the content type
+ $this->response->type('xml'); // set the content type
$this->layout = 'xml/default';
-// $this->header('Content-Disposition: attachment; filename="cydefsig.xml"');
+ $this->header('Content-Disposition: inline; filename="cydefsig.xml"');
$conditions = array("Event.alerted" => 1);
- $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info');
+ // do not expose all the data like user_id, ...
+ $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info', 'Event.uuid');
if ('true' == Configure::read('CyDefSIG.showorg')) {
$fields[] = 'Event.org';
}
- // $this->Event->Behaviors->attach('Containable');
- // $contain = array('Signature.id', 'Signature.type', 'Signature.value', 'Signature.to_snort');
$params = array('conditions' => $conditions,
- 'recursive' => 1,
- 'fields' => $fields,
- // 'contain' => $contain
+ 'recursive' => 1,
+ 'fields' => $fields,
);
$results = $this->Event->find('all', $params);
-/* $xml = Xml::build(''); */
-
- $myXmlOriginal = 'value';
- $xml = Xml::build($myXmlOriginal);
- $xml->root->addChild('young', 'new value');
-
-// foreach ($results as $result) {
-// debug($result);
-// $xml->CyDefSIG->addChild('f', 'b');
-// debug($xml);
-// }
-// debug($results);
-// $xml= Xml::fromArray(array('event' =>$results), array('format' => 'tags', 'return' => 'domdocument'));
-// debug($xml->saveXML());
+ $xmlArray = array();
+ foreach ($results as $result) {
+ $result['Event']['signature'] = $result['Signature'];
+ $xmlArray['CyDefSIG']['event'][] = $result['Event'];
+ }
+ $xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags')); // You can use Xml::build() too
+ $xmlString = $xmlObject->asXML();
+ $this->set('xml', $xmlString);
}
@@ -552,8 +544,8 @@ class EventsController extends AppController {
throw new UnauthorizedException('Incorrect authentication key');
}
// display the full snort rulebase
- $this->header('Content-Type: text/plain'); // set the content type
- $this->header('Content-Disposition: attachment; filename="cydefsig.rules"');
+ $this->response->type('txt'); // set the content type
+ $this->header('Content-Disposition: inline; filename="cydefsig.rules"');
$this->layout = 'text/default';
$rules= array();
@@ -788,7 +780,8 @@ class EventsController extends AppController {
throw new UnauthorizedException('Incorrect authentication key');
}
- $this->header('Content-Type: text/plain'); // set the content type
+ $this->response->type('txt'); // set the content type
+ $this->header('Content-Disposition: inline; filename="cydefsig.'.$type.'.txt"');
$this->layout = 'text/default';
$this->loadModel('Signature');
diff --git a/app/View/Events/xml.ctp b/app/View/Events/xml.ctp
index ee54f056c..2a1d10593 100755
--- a/app/View/Events/xml.ctp
+++ b/app/View/Events/xml.ctp
@@ -1,8 +1,2 @@
Xml->header();
-?>';?>
-
-Xml->serialize($events, array('format' => 'tags')); ?>
- 'tags')); ?>
-
\ No newline at end of file
+echo $xml;
diff --git a/app/View/Users/news.ctp b/app/View/Users/news.ctp
index 02d3fbe32..22fd8e27c 100644
--- a/app/View/Users/news.ctp
+++ b/app/View/Users/news.ctp
@@ -5,7 +5,7 @@
A special CSS exists now to give a better layout when printing pages.
All the pages should now look a lot better on paper.
File upload
-Andrzej Dereszowski (NCIRC) added the file-uploading functionality.
+Andrzej Dereszowski (NCIRC) added the file-uploading functionality. Malware samples are password protected with the password infected.
Backend rewrite + security
Complete rewrite of the backend code to migrate to CakePHP 2.x (from CakePHP 1.3).