MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into develop 

Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
pull/63/head
noud 2012-12-13 16:03:35 +01:00
parent 094719fa01 276cb5df10
commit 2903493205
7 changed files with 97 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Config/bootstrap.default.php
View File

@ -153,6 +153,10 @@ Configure::write('CyDefSIG.correlation', 'db'); // correlation between at
*/
Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available to do resolution.
Configure::write('CyDefSIG.rest', 'ii'); // RESTfull, possible values:
// - i, event without attributes
// - ii, event with attributes (more framework friendly and more RESTfull friendly)
/**
* The settings below can be used to set additional paths to models, views and controllers.
*
@ -239,4 +243,4 @@ CakeLog::config('error', array(
'engine' => 'FileLog',
'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
'file' => 'error',
));
));

56
app/Controller/AttributesController.php
View File

@ -145,7 +145,7 @@ class AttributesController extends AppController {
$successes = "";
foreach ($attributes as $key => $attribute) {
$attribute = trim($attribute);
if (strlen($attribute) == 0 )
if (strlen($attribute) == 0)
continue; // don't do anything for empty lines
$this->Attribute->create();
@ -202,12 +202,16 @@ class AttributesController extends AppController {
$this->request->data = $this->Attribute->massageData(&$this->request->data);
}
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
if ("i" == Configure::read('CyDefSIG.rest')) {
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
//$this->request->data['Attribute']['event_id'] = $eventId;
}
$savedId = $this->request->data['Attribute']['id'];
if ($this->Attribute->save($this->request->data)) {
if ($this->_isRest()) {
// REST users want to see the newly created event
// REST users want to see the newly created attribute
$this->view($this->Attribute->getId());
$this->render('view');
} else {
@ -216,8 +220,14 @@ class AttributesController extends AppController {
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
}
} else {
if (!CakeSession::read('Message.flash')) {
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.'));
if ($this->_isRest()) { // TODO return error if REST
// REST users want to see the failed attribute
$this->view($savedId);
$this->render('view');
} else {
if (!CakeSession::read('Message.flash')) {
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.'));
}
}
}
}
@ -464,11 +474,19 @@ class AttributesController extends AppController {
$this->request->data = $this->Attribute->massageData(&$this->request->data);
}
// reposition to get the attribute.id with given uuid
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute']['id'] = $existingAttribute['Attribute']['id'];
}
// say what fields are to be updated
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
if ("i" == Configure::read('CyDefSIG.rest')) {
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
}
if ($this->Attribute->save($this->request->data)) {
$this->Session->setFlash(__('The attribute has been saved'));
@ -477,7 +495,13 @@ class AttributesController extends AppController {
$this->Event->id = $eventId;
$this->Event->saveField('published', 0);
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
if ($this->_isRest()) {
// REST users want to see the newly created event
$this->view($this->Attribute->getId());
$this->render('view');
} else {
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
}
} else {
if (!CakeSession::read('Message.flash')) {
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.'));
@ -559,19 +583,11 @@ class AttributesController extends AppController {
* TODO move this to a component(?)
*/
private function __deleteAttributeFromServers($uuid) {
$result = $this->Attribute->find('first', array('conditions' => array('Attribute.uuid' => $uuid)));
$id = $result['Attribute']['id'];
// TODO private and delete .. bring up ..
//if (true == $result['Attribute']['private']) { // never upload private attributes
// return "Attribute is private and non exportable";
//}
// make sure we have all the data of the Attribute
$this->Attribute->id = $id;
$this->Attribute->recursive = 1; // TODO ERROR, was 1 so this could even whipe out things!!(?)
$this->Attribute->read();
// get a list of the servers
$this->loadModel('Server');
$servers = $this->Server->find('all', array());
@ -583,7 +599,7 @@ class AttributesController extends AppController {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
foreach ($servers as &$server) {
$this->Attribute->deleteAttributeFromServer($this->Attribute->data['Attribute']['uuid'], $server, $HttpSocket);
$this->Attribute->deleteAttributeFromServer($uuid, $server, $HttpSocket);
}
}

58
app/Controller/EventsController.php
View File

@ -349,7 +349,7 @@ class EventsController extends AppController {
}
} else {
if ($this->_isRest()) { // TODO return error if REST
// REST users want to see the newly created event
// REST users want to see the failed event
$this->view($savedId);
$this->render('view');
} else {
@ -432,11 +432,16 @@ class EventsController extends AppController {
$data = $this->Event->massageData(&$data);
}
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
unset($data['Attribute']);
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
if ($this->Event->save($data, array('validate' => true, 'fieldList' => $fieldList))) {
if ("i" == Configure::read('CyDefSIG.baseurl')) {
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
unset($data['Attribute']);
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
$saveResult = $this->Event->save($data, array('validate' => true, 'fieldList' => $fieldList));
} else {
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
}
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
// do the necessary actions to publish the event (email, upload,...)
$this->__publish($this->Event->getId());
@ -495,28 +500,35 @@ class EventsController extends AppController {
$this->request->data['Event']['id'] = $existingEvent['Event']['id'];
}
// reposition to get the attribute.id with given uuid
$c = 0;
if (isset($this->request->data['Attribute'])) {
foreach ($this->request->data['Attribute'] as $attribute) {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
}
$c++;
}
}
if ("ii" == Configure::read('CyDefSIG.rest')) {
// reposition to get the attribute.id with given uuid
$c = 0;
if (isset($this->request->data['Attribute'])) {
foreach ($this->request->data['Attribute'] as $attribute) {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
}
$c++;
}
}
}
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private', 'communitie'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie')
);
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
// the following 2 lines can be out-commented if we opt to save associated (Event.php:263-264)
unset($this->request->data['Attribute']);
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
if ($this->Event->save($this->request->data, array('validate' => true, 'fieldList' => $fieldList))) {
if ("i" == Configure::read('CyDefSIG.rest')) {
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
// the following 2 lines can be out-commented if we opt to save associated (Event.php:263-264)
unset($this->request->data['Attribute']);
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
$saveResult = $this->Event->save($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
} else {
$saveResult = $this->Event->saveAssociated($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
}
if ($saveResult) {
// TODO RESTfull: we now need to compare attributes, to see if we need to do a RESTfull attribute delete

25
app/Model/Event.php
View File

@ -375,14 +375,19 @@ class Event extends AppModel {
return $data;
}
public function uploadEventToServer($event, $server, $HttpSocket=null) {
public function uploadEventToServer($event, $server, $HttpSocket = null) {
$newLocation = $newTextBody = '';
$result = $this->RESTfullEventToServer($event, $server, null, $HttpSocket, &$newLocation, &$newTextBody);
if (strlen($newLocation) || $result) { // HTTP/1.1 302 Found and Location: http://<newLocation>
if (strlen($newLocation)) { // HTTP/1.1 302 Found and Location: http://<newLocation>
$result = $this->RESTfullEventToServer($event, $server, $newLocation, $HttpSocket, &$newLocation, &$newTextBody);
}
$xml = Xml::build($newTextBody);
try { // TODO Xml::build() does not throw the XmlException
$xml = Xml::build($newTextBody);
} catch (XmlException $e) {
throw new InternalErrorException();
//return false;
}
// get the remote event_id
foreach ($xml as $xmlEvent) {
foreach ($xmlEvent as $key => $value) {
@ -398,11 +403,13 @@ class Event extends AppModel {
foreach ($event['Attribute'] as $attribute) {
$newerUuids[$attribute['id']] = $attribute['uuid'];
$attribute['event_id'] = $remoteId;
// do the add attributes here i.s.o. saveAssociates() or save()
// and unset Attributes and hasMany for this
// following 2 lines can be out-commented if. (EventsController.php:364-365)
$anAttr = ClassRegistry::init('Attribute');
$anAttr->uploadAttributeToServer($attribute, $server, $HttpSocket);
if ("i" == Configure::read('CyDefSIG.rest')) {
// do the add attributes here i.s.o. saveAssociates() or save()
// and unset Attributes and hasMany for this
// following 2 lines can be out-commented if. (EventsController.php:364-365)
$anAttr = ClassRegistry::init('Attribute');
$anAttr->uploadAttributeToServer($attribute, $server, $HttpSocket);
}
}
// get the already existing attributes and delete the ones that are not there
foreach ($xml->Event->Attribute as $attribute) {
@ -519,7 +526,7 @@ class Event extends AppModel {
// parse the XML response and keep the reason why it failed
$xmlArray = Xml::toArray(Xml::build($response->body));
} catch (XmlException $e) {
return true;
return true; // TODO should be false
}
if (strpos($xmlArray['response']['name'],"Event already exists")) { // strpos, so i can piggyback some value if needed.
return true;
@ -530,6 +537,8 @@ class Event extends AppModel {
break;
case '302': // Found
case '404': // Not Found
debug($response);
//debug();
$newLocation = $response->headers['Location'];
$newTextBody = $response->body();
return true;

2
tools/curl/addAttribute.sh
View File

@ -1,2 +1,2 @@
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/33529.xml" -X POST http://localhost/attributes
--data "@input/215.xml" -X POST http://localhost/attributes

5
tools/curl/editAttribute.sh
View File

@ -1,7 +1,6 @@
#curl -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
#--data "@input/event.xml" -X PUT http://localhost/events/14'
#http://bel_mod1.local.net:80/events/29
#--data "@input/event.xml" -X PUT http://localhost/attributes/14'
# POST can be used as well..
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/33529.xml" -X POST http://localhost/attributes/33525
--data "@input/215.xml" -X POST http://localhost/attributes/215 # 116 # 33525

2
tools/curl/editEvent.sh
View File

@ -3,4 +3,4 @@
# POST can be used as well..
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/event.xml" -X POST http://localhost/events/$1
--data "@input/14.xml" -X POST http://localhost/events/$1