MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into develop 

Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
pull/63/head
noud 2012-12-13 16:03:35 +01:00
parent 094719fa01 276cb5df10
commit 2903493205
7 changed files with 97 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Config/bootstrap.default.php
View File

@ -153,6 +153,10 @@ Configure::write('CyDefSIG.correlation', 'db'); // correlation between at
*/ */
Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available to do resolution. Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available to do resolution.
Configure::write('CyDefSIG.rest', 'ii'); // RESTfull, possible values:
// - i, event without attributes
// - ii, event with attributes (more framework friendly and more RESTfull friendly)
/** /**
* The settings below can be used to set additional paths to models, views and controllers. * The settings below can be used to set additional paths to models, views and controllers.
* *
@ -239,4 +243,4 @@ CakeLog::config('error', array(
'engine' => 'FileLog', 'engine' => 'FileLog',
'types' => array('warning', 'error', 'critical', 'alert', 'emergency'), 'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
'file' => 'error', 'file' => 'error',
)); ));

56
app/Controller/AttributesController.php
View File

@ -145,7 +145,7 @@ class AttributesController extends AppController {
$successes = ""; $successes = "";
foreach ($attributes as $key => $attribute) { foreach ($attributes as $key => $attribute) {
$attribute = trim($attribute); $attribute = trim($attribute);
if (strlen($attribute) == 0 ) if (strlen($attribute) == 0)
continue; // don't do anything for empty lines continue; // don't do anything for empty lines
$this->Attribute->create(); $this->Attribute->create();
@ -202,12 +202,16 @@ class AttributesController extends AppController {
$this->request->data = $this->Attribute->massageData(&$this->request->data); $this->request->data = $this->Attribute->massageData(&$this->request->data);
} }
unset($this->request->data['Event']); if ("i" == Configure::read('CyDefSIG.rest')) {
$this->Attribute->unbindModel(array('belongsTo' => array('Event'))); unset($this->request->data['Event']);
$this->request->data['Attribute']['event_id'] = $eventId; $this->Attribute->unbindModel(array('belongsTo' => array('Event')));
//$this->request->data['Attribute']['event_id'] = $eventId;
}
$savedId = $this->request->data['Attribute']['id'];
if ($this->Attribute->save($this->request->data)) { if ($this->Attribute->save($this->request->data)) {
if ($this->_isRest()) { if ($this->_isRest()) {
// REST users want to see the newly created event // REST users want to see the newly created attribute
$this->view($this->Attribute->getId()); $this->view($this->Attribute->getId());
$this->render('view'); $this->render('view');
} else { } else {
@ -216,8 +220,14 @@ class AttributesController extends AppController {
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id'])); $this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
} }
} else { } else {
if (!CakeSession::read('Message.flash')) { if ($this->_isRest()) { // TODO return error if REST
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.')); // REST users want to see the failed attribute
$this->view($savedId);
$this->render('view');
} else {
if (!CakeSession::read('Message.flash')) {
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.'));
}
} }
} }
} }
@ -464,11 +474,19 @@ class AttributesController extends AppController {
$this->request->data = $this->Attribute->massageData(&$this->request->data); $this->request->data = $this->Attribute->massageData(&$this->request->data);
} }
// reposition to get the attribute.id with given uuid
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute']['id'] = $existingAttribute['Attribute']['id'];
}
// say what fields are to be updated // say what fields are to be updated
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster'); $fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
unset($this->request->data['Event']); if ("i" == Configure::read('CyDefSIG.rest')) {
$this->Attribute->unbindModel(array('belongsTo' => array('Event'))); unset($this->request->data['Event']);
$this->request->data['Attribute']['event_id'] = $eventId; $this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
}
if ($this->Attribute->save($this->request->data)) { if ($this->Attribute->save($this->request->data)) {
$this->Session->setFlash(__('The attribute has been saved')); $this->Session->setFlash(__('The attribute has been saved'));
@ -477,7 +495,13 @@ class AttributesController extends AppController {
$this->Event->id = $eventId; $this->Event->id = $eventId;
$this->Event->saveField('published', 0); $this->Event->saveField('published', 0);
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId)); if ($this->_isRest()) {
// REST users want to see the newly created event
$this->view($this->Attribute->getId());
$this->render('view');
} else {
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
}
} else { } else {
if (!CakeSession::read('Message.flash')) { if (!CakeSession::read('Message.flash')) {
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.')); $this->Session->setFlash(__('The attribute could not be saved. Please, try again.'));
@ -559,19 +583,11 @@ class AttributesController extends AppController {
* TODO move this to a component(?) * TODO move this to a component(?)
*/ */
private function __deleteAttributeFromServers($uuid) { private function __deleteAttributeFromServers($uuid) {
$result = $this->Attribute->find('first', array('conditions' => array('Attribute.uuid' => $uuid)));
$id = $result['Attribute']['id'];
// TODO private and delete .. bring up .. // TODO private and delete .. bring up ..
//if (true == $result['Attribute']['private']) { // never upload private attributes //if (true == $result['Attribute']['private']) { // never upload private attributes
// return "Attribute is private and non exportable"; // return "Attribute is private and non exportable";
//} //}
// make sure we have all the data of the Attribute
$this->Attribute->id = $id;
$this->Attribute->recursive = 1; // TODO ERROR, was 1 so this could even whipe out things!!(?)
$this->Attribute->read();
// get a list of the servers // get a list of the servers
$this->loadModel('Server'); $this->loadModel('Server');
$servers = $this->Server->find('all', array()); $servers = $this->Server->find('all', array());
@ -583,7 +599,7 @@ class AttributesController extends AppController {
App::uses('HttpSocket', 'Network/Http'); App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket(); $HttpSocket = new HttpSocket();
foreach ($servers as &$server) { foreach ($servers as &$server) {
$this->Attribute->deleteAttributeFromServer($this->Attribute->data['Attribute']['uuid'], $server, $HttpSocket); $this->Attribute->deleteAttributeFromServer($uuid, $server, $HttpSocket);
} }
} }

58
app/Controller/EventsController.php
View File

@ -349,7 +349,7 @@ class EventsController extends AppController {
} }
} else { } else {
if ($this->_isRest()) { // TODO return error if REST if ($this->_isRest()) { // TODO return error if REST
// REST users want to see the newly created event // REST users want to see the failed event
$this->view($savedId); $this->view($savedId);
$this->render('view'); $this->render('view');
} else { } else {
@ -432,11 +432,16 @@ class EventsController extends AppController {
$data = $this->Event->massageData(&$data); $data = $this->Event->massageData(&$data);
} }
// this saveAssociated() function will save not only the event, but also the attributes if ("i" == Configure::read('CyDefSIG.baseurl')) {
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute // this saveAssociated() function will save not only the event, but also the attributes
unset($data['Attribute']); // from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
$this->Event->unbindModel(array('hasMany' => array('Attribute'))); unset($data['Attribute']);
if ($this->Event->save($data, array('validate' => true, 'fieldList' => $fieldList))) { $this->Event->unbindModel(array('hasMany' => array('Attribute')));
$saveResult = $this->Event->save($data, array('validate' => true, 'fieldList' => $fieldList));
} else {
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
}
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) { if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
// do the necessary actions to publish the event (email, upload,...) // do the necessary actions to publish the event (email, upload,...)
$this->__publish($this->Event->getId()); $this->__publish($this->Event->getId());
@ -495,28 +500,35 @@ class EventsController extends AppController {
$this->request->data['Event']['id'] = $existingEvent['Event']['id']; $this->request->data['Event']['id'] = $existingEvent['Event']['id'];
} }
// reposition to get the attribute.id with given uuid if ("ii" == Configure::read('CyDefSIG.rest')) {
$c = 0; // reposition to get the attribute.id with given uuid
if (isset($this->request->data['Attribute'])) { $c = 0;
foreach ($this->request->data['Attribute'] as $attribute) { if (isset($this->request->data['Attribute'])) {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']); foreach ($this->request->data['Attribute'] as $attribute) {
if (count($existingAttribute)) { $existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id']; if (count($existingAttribute)) {
} $this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
$c++; }
} $c++;
} }
}
}
$fieldList = array( $fieldList = array(
'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private', 'communitie'), 'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private', 'communitie'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie') 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie')
); );
// this saveAssociated() function will save not only the event, but also the attributes if ("i" == Configure::read('CyDefSIG.rest')) {
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute // this saveAssociated() function will save not only the event, but also the attributes
// the following 2 lines can be out-commented if we opt to save associated (Event.php:263-264) // from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
unset($this->request->data['Attribute']); // the following 2 lines can be out-commented if we opt to save associated (Event.php:263-264)
$this->Event->unbindModel(array('hasMany' => array('Attribute'))); unset($this->request->data['Attribute']);
if ($this->Event->save($this->request->data, array('validate' => true, 'fieldList' => $fieldList))) { $this->Event->unbindModel(array('hasMany' => array('Attribute')));
$saveResult = $this->Event->save($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
} else {
$saveResult = $this->Event->saveAssociated($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
}
if ($saveResult) {
// TODO RESTfull: we now need to compare attributes, to see if we need to do a RESTfull attribute delete // TODO RESTfull: we now need to compare attributes, to see if we need to do a RESTfull attribute delete

25
app/Model/Event.php
View File

@ -375,14 +375,19 @@ class Event extends AppModel {
return $data; return $data;
} }
public function uploadEventToServer($event, $server, $HttpSocket=null) { public function uploadEventToServer($event, $server, $HttpSocket = null) {
$newLocation = $newTextBody = ''; $newLocation = $newTextBody = '';
$result = $this->RESTfullEventToServer($event, $server, null, $HttpSocket, &$newLocation, &$newTextBody); $result = $this->RESTfullEventToServer($event, $server, null, $HttpSocket, &$newLocation, &$newTextBody);
if (strlen($newLocation) || $result) { // HTTP/1.1 302 Found and Location: http://<newLocation> if (strlen($newLocation) || $result) { // HTTP/1.1 302 Found and Location: http://<newLocation>
if (strlen($newLocation)) { // HTTP/1.1 302 Found and Location: http://<newLocation> if (strlen($newLocation)) { // HTTP/1.1 302 Found and Location: http://<newLocation>
$result = $this->RESTfullEventToServer($event, $server, $newLocation, $HttpSocket, &$newLocation, &$newTextBody); $result = $this->RESTfullEventToServer($event, $server, $newLocation, $HttpSocket, &$newLocation, &$newTextBody);
} }
$xml = Xml::build($newTextBody); try { // TODO Xml::build() does not throw the XmlException
$xml = Xml::build($newTextBody);
} catch (XmlException $e) {
throw new InternalErrorException();
//return false;
}
// get the remote event_id // get the remote event_id
foreach ($xml as $xmlEvent) { foreach ($xml as $xmlEvent) {
foreach ($xmlEvent as $key => $value) { foreach ($xmlEvent as $key => $value) {
@ -398,11 +403,13 @@ class Event extends AppModel {
foreach ($event['Attribute'] as $attribute) { foreach ($event['Attribute'] as $attribute) {
$newerUuids[$attribute['id']] = $attribute['uuid']; $newerUuids[$attribute['id']] = $attribute['uuid'];
$attribute['event_id'] = $remoteId; $attribute['event_id'] = $remoteId;
// do the add attributes here i.s.o. saveAssociates() or save() if ("i" == Configure::read('CyDefSIG.rest')) {
// and unset Attributes and hasMany for this // do the add attributes here i.s.o. saveAssociates() or save()
// following 2 lines can be out-commented if. (EventsController.php:364-365) // and unset Attributes and hasMany for this
$anAttr = ClassRegistry::init('Attribute'); // following 2 lines can be out-commented if. (EventsController.php:364-365)
$anAttr->uploadAttributeToServer($attribute, $server, $HttpSocket); $anAttr = ClassRegistry::init('Attribute');
$anAttr->uploadAttributeToServer($attribute, $server, $HttpSocket);
}
} }
// get the already existing attributes and delete the ones that are not there // get the already existing attributes and delete the ones that are not there
foreach ($xml->Event->Attribute as $attribute) { foreach ($xml->Event->Attribute as $attribute) {
@ -519,7 +526,7 @@ class Event extends AppModel {
// parse the XML response and keep the reason why it failed // parse the XML response and keep the reason why it failed
$xmlArray = Xml::toArray(Xml::build($response->body)); $xmlArray = Xml::toArray(Xml::build($response->body));
} catch (XmlException $e) { } catch (XmlException $e) {
return true; return true; // TODO should be false
} }
if (strpos($xmlArray['response']['name'],"Event already exists")) { // strpos, so i can piggyback some value if needed. if (strpos($xmlArray['response']['name'],"Event already exists")) { // strpos, so i can piggyback some value if needed.
return true; return true;
@ -530,6 +537,8 @@ class Event extends AppModel {
break; break;
case '302': // Found case '302': // Found
case '404': // Not Found case '404': // Not Found
debug($response);
//debug();
$newLocation = $response->headers['Location']; $newLocation = $response->headers['Location'];
$newTextBody = $response->body(); $newTextBody = $response->body();
return true; return true;

2
tools/curl/addAttribute.sh
View File

@ -1,2 +1,2 @@
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/33529.xml" -X POST http://localhost/attributes --data "@input/215.xml" -X POST http://localhost/attributes

5
tools/curl/editAttribute.sh
View File

@ -1,7 +1,6 @@
#curl -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ #curl -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
#--data "@input/event.xml" -X PUT http://localhost/events/14' #--data "@input/event.xml" -X PUT http://localhost/attributes/14'
#http://bel_mod1.local.net:80/events/29
# POST can be used as well.. # POST can be used as well..
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/33529.xml" -X POST http://localhost/attributes/33525 --data "@input/215.xml" -X POST http://localhost/attributes/215 # 116 # 33525

2
tools/curl/editEvent.sh
View File

@ -3,4 +3,4 @@
# POST can be used as well.. # POST can be used as well..
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/event.xml" -X POST http://localhost/events/$1 --data "@input/14.xml" -X POST http://localhost/events/$1