MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of /home/git/cydefsig into develop

pull/63/head
deresz 2013-03-01 09:42:28 +01:00
parent a1d51d4dfa 8e6852e037
commit 29191bdde1
32 changed files with 1827 additions and 1381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

464
INSTALL/MYSQL.sql
View File

@ -1,230 +1,234 @@
-- phpMyAdmin SQL Dump
-- version 3.3.9.2
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jun 14, 2012 at 09:57 AM
-- Server version: 5.5.9
-- PHP Version: 5.3.6
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
--
-- Database: `cydefsig`
--
-- --------------------------------------------------------
--
-- Table structure for table `attributes`
--
CREATE TABLE `attributes` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`event_id` int(11) NOT NULL,
`category` varchar(255) COLLATE utf8_bin NOT NULL,
`type` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`value1` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`value2` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`to_ids` tinyint(1) NOT NULL DEFAULT '1',
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
`revision` int(10) NOT NULL DEFAULT '0',
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`communitie` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `event_id` (`event_id`),
KEY `value1_key` (`value1`(5)),
KEY `value2_key` (`value2`(5))
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `blacklist`
--
CREATE TABLE `blacklist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(254) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `bruteforces`
--
CREATE TABLE `bruteforces` (
`ip` varchar(255) COLLATE utf8_bin NOT NULL,
`username` varchar(255) COLLATE utf8_bin NOT NULL,
`expire` datetime NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Table structure for table `correlations`
--
DROP TABLE IF EXISTS `correlations`;
CREATE TABLE `correlations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`1_event_id` int(11) NOT NULL,
`1_attribute_id` int(11) NOT NULL,
`1_private` tinyint(1) NOT NULL,
`event_id` int(11) NOT NULL,
`attribute_id` int(11) NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`date` date NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Table structure for table `events`
--
CREATE TABLE `events` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`date` date NOT NULL,
`risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL,
`info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`user_id` int(11) NOT NULL,
`published` tinyint(1) NOT NULL DEFAULT '0',
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
`revision` int(10) NOT NULL DEFAULT '0',
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`analysis` tinyint(4) NOT NULL,
`communitie` tinyint(1) NOT NULL,
`attribute_count` int(11) UNSIGNED DEFAULT NULL,
`hop_count` int(11) UNSIGNED DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `roles`
--
CREATE TABLE `roles` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`perm_add` tinyint(1) NOT NULL,
`perm_modify` tinyint(1) NOT NULL,
`perm_modify_org` tinyint(1) NOT NULL,
`perm_publish` tinyint(1) NOT NULL,
`perm_sync` tinyint(1) NOT NULL,
`perm_full` tinyint(1) NOT NULL,
`perm_auth` tinyint(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `logs`
--
CREATE TABLE `logs` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`model` varchar(20) COLLATE utf8_bin NOT NULL,
`model_id` int(11) NOT NULL,
`action` varchar(20) COLLATE utf8_bin NOT NULL,
`user_id` int(11) NOT NULL,
`change` varchar(255) COLLATE utf8_bin,
`email` varchar(255) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`description` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `regexp`
--
CREATE TABLE `regexp` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`regexp` varchar(255) COLLATE utf8_bin NOT NULL,
`replacement` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Table structure for table `servers`
--
CREATE TABLE `servers` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`url` varchar(255) COLLATE utf8_bin NOT NULL,
`authkey` varchar(40) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`organization` varchar(10) COLLATE utf8_bin NOT NULL,
`push` tinyint(1) NOT NULL,
`pull` tinyint(1) NOT NULL,
`lastpushedid` int(11) NOT NULL,
`lastpulledid` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`password` varchar(40) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`email` varchar(255) COLLATE utf8_bin NOT NULL,
`autoalert` tinyint(1) NOT NULL,
`authkey` varchar(40) COLLATE utf8_bin NOT NULL,
`invited_by` int(11) NOT NULL,
`gpgkey` longtext COLLATE utf8_bin NOT NULL,
`nids_sid` int(15) NOT NULL,
`termsaccepted` tinyint(1) NOT NULL,
`change_pw` tinyint(1) NOT NULL,
`newsread` date NOT NULL,
`role_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `email` (`email`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
--
-- Table structure for table `whitelist`
--
CREATE TABLE `whitelist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(254) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
--
-- Dumping data for table `attributes`
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`id`, `password`, `org`, `email`, `autoalert`, `authkey`, `invited_by`, `gpgkey`, `nids_sid`, `termsaccepted`, `newsread`, `role_id`) VALUES(1, 'babc86e0869015b3f0b4d48ca48700d3a9d1b9d7', 'ADMIN', 'admin@admin.test', 0, 'vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb', 1, '', 4000000, 0, '2012-03-13', '');
INSERT INTO `regexp` (`id`, `regexp`, `replacement`) VALUES (1,'/C:.Users.(\\w+).AppData.Local.Temp./','%TEMP%\\\\'),(3,'/C:.Users.(\\w+).AppData.Local./','%LOCALAPPDATA%\\\\'),(4,'/C:.Users.(\\w+).AppData.Roaming./','%APPDATA%\\\\'),(5,'/C:.Users.(\\w+)./','%UserProfile%\\\\'),(6,'/C:.Documents and Settings.(\\w+) (\\w+)./','%UserProfile%\\\\'),(7,'/C:.DOCUME~1.(\\w+)./','%UserProfile%\\\\'),(8,'/C:.Documents and Settings.All Users/','%AllUsersProfile%'),(9,'/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/','HKCU'),(10,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}@','HKCU'),(11,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}@','HKCU'),(13,'@.REGISTRY.MACHINE.@','HKLM\\\\'),(14,'@.Registry.Machine.@','HKLM\\\\'),(15,'','not allowed'),(16,'/not allowed/',''),(26,'/%AppData\\\\\\\\/','%AppData%'),(27,'/%APPDATA%/','%AppData%'),(20,'','replacements to uniform the data'),(25,'/%allusers%/','%AllUsers%'),(28,'/%APPDATA%/','%AppData%'),(29,'/%LocalSettings&\\\\\\\\/','%LocalSettings%'),(30,'/%Programfiles%/','%ProgramFiles%'),(31,'/%systemroot%/','%SystemRoot%'),(32,'/%Temp\\\\\\\\/','%TEMP%'),(33,'/%Temp%/','%TEMP%'),(34,'/%temp%/','%TEMP%'),(35,'/%UserProfile\\\\\\\\/','%UserProfile%'),(36,'/%userprofile%/','%UserProfile%'),(37,'/%Windir%/','%windir%'),(38,'/%WINDIR%/','%windir%');
-- phpMyAdmin SQL Dump
-- version 3.3.9.2
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jun 14, 2012 at 09:57 AM
-- Server version: 5.5.9
-- PHP Version: 5.3.6
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
--
-- Database: `cydefsig`
--
-- --------------------------------------------------------
--
-- Table structure for table `attributes`
--
CREATE TABLE `attributes` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`event_id` int(11) NOT NULL,
`category` varchar(255) COLLATE utf8_bin NOT NULL,
`type` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`value1` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`value2` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`to_ids` tinyint(1) NOT NULL DEFAULT '1',
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
`revision` int(10) NOT NULL DEFAULT '0',
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`communitie` tinyint(1) NOT NULL,
`dist_change` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `event_id` (`event_id`),
KEY `value1_key` (`value1`(5)),
KEY `value2_key` (`value2`(5))
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `blacklist`
--
CREATE TABLE `blacklist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(254) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `bruteforces`
--
CREATE TABLE `bruteforces` (
`ip` varchar(255) COLLATE utf8_bin NOT NULL,
`username` varchar(255) COLLATE utf8_bin NOT NULL,
`expire` datetime NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Table structure for table `correlations`
--
DROP TABLE IF EXISTS `correlations`;
CREATE TABLE `correlations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`1_event_id` int(11) NOT NULL,
`1_attribute_id` int(11) NOT NULL,
`1_private` tinyint(1) NOT NULL,
`event_id` int(11) NOT NULL,
`attribute_id` int(11) NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`date` date NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Table structure for table `events`
--
CREATE TABLE `events` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`date` date NOT NULL,
`risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL,
`info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`user_id` int(11) NOT NULL,
`published` tinyint(1) NOT NULL DEFAULT '0',
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
`revision` int(10) NOT NULL DEFAULT '0',
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`analysis` tinyint(4) NOT NULL,
`communitie` tinyint(1) NOT NULL,
`attribute_count` int(11) UNSIGNED DEFAULT NULL,
`hop_count` int(11) UNSIGNED DEFAULT 0,
`dist_change` int(11) NOT NULL DEFAULT '0'
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `roles`
--
CREATE TABLE `roles` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`perm_add` tinyint(1) NOT NULL DEFAULT 0,
`perm_modify` tinyint(1) NOT NULL DEFAULT 0,
`perm_modify_org` tinyint(1) NOT NULL DEFAULT 0,
`perm_publish` tinyint(1) NOT NULL DEFAULT 0,
`perm_sync` tinyint(1) NOT NULL DEFAULT 0,
`perm_full` tinyint(1) NOT NULL DEFAULT 0,
`perm_audit` tinyint(1) NOT NULL DEFAULT 0,
`perm_admin` tinyint(1) NOT NULL DEFAULT 0,
`perm_auth` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `logs`
--
CREATE TABLE `logs` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`model` varchar(20) COLLATE utf8_bin NOT NULL,
`model_id` int(11) NOT NULL,
`action` varchar(20) COLLATE utf8_bin NOT NULL,
`user_id` int(11) NOT NULL,
`change` varchar(255) COLLATE utf8_bin,
`email` varchar(255) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`description` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `regexp`
--
CREATE TABLE `regexp` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`regexp` varchar(255) COLLATE utf8_bin NOT NULL,
`replacement` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Table structure for table `servers`
--
CREATE TABLE `servers` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`url` varchar(255) COLLATE utf8_bin NOT NULL,
`authkey` varchar(40) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`organization` varchar(10) COLLATE utf8_bin NOT NULL,
`push` tinyint(1) NOT NULL,
`pull` tinyint(1) NOT NULL,
`lastpushedid` int(11) NOT NULL,
`lastpulledid` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`password` varchar(40) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`email` varchar(255) COLLATE utf8_bin NOT NULL,
`autoalert` tinyint(1) NOT NULL,
`authkey` varchar(40) COLLATE utf8_bin NOT NULL,
`invited_by` int(11) NOT NULL,
`gpgkey` longtext COLLATE utf8_bin NOT NULL,
`nids_sid` int(15) NOT NULL,
`termsaccepted` tinyint(1) NOT NULL,
`change_pw` tinyint(1) NOT NULL,
`newsread` date NOT NULL,
`role_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `email` (`email`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
--
-- Table structure for table `whitelist`
--
CREATE TABLE `whitelist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(254) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
--
-- Dumping data for table `attributes`
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`id`, `password`, `org`, `email`, `autoalert`, `authkey`, `invited_by`, `gpgkey`, `nids_sid`, `termsaccepted`, `newsread`, `role_id`) VALUES(1, 'babc86e0869015b3f0b4d48ca48700d3a9d1b9d7', 'ADMIN', 'admin@admin.test', 0, 'vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb', 1, '', 4000000, 0, '2012-03-13', '');
INSERT INTO `regexp` (`id`, `regexp`, `replacement`) VALUES (1,'/C:.Users.(\\w+).AppData.Local.Temp./','%TEMP%\\\\'),(3,'/C:.Users.(\\w+).AppData.Local./','%LOCALAPPDATA%\\\\'),(4,'/C:.Users.(\\w+).AppData.Roaming./','%APPDATA%\\\\'),(5,'/C:.Users.(\\w+)./','%UserProfile%\\\\'),(6,'/C:.Documents and Settings.(\\w+) (\\w+)./','%UserProfile%\\\\'),(7,'/C:.DOCUME~1.(\\w+)./','%UserProfile%\\\\'),(8,'/C:.Documents and Settings.All Users/','%AllUsersProfile%'),(9,'/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/','HKCU'),(10,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}@','HKCU'),(11,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}@','HKCU'),(13,'@.REGISTRY.MACHINE.@','HKLM\\\\'),(14,'@.Registry.Machine.@','HKLM\\\\'),(15,'','not allowed'),(16,'/not allowed/',''),(26,'/%AppData\\\\\\\\/','%AppData%'),(27,'/%APPDATA%/','%AppData%'),(20,'','replacements to uniform the data'),(25,'/%allusers%/','%AllUsers%'),(28,'/%APPDATA%/','%AppData%'),(29,'/%LocalSettings&\\\\\\\\/','%LocalSettings%'),(30,'/%Programfiles%/','%ProgramFiles%'),(31,'/%systemroot%/','%SystemRoot%'),(32,'/%Temp\\\\\\\\/','%TEMP%'),(33,'/%Temp%/','%TEMP%'),(34,'/%temp%/','%TEMP%'),(35,'/%UserProfile\\\\\\\\/','%UserProfile%'),(36,'/%userprofile%/','%UserProfile%'),(37,'/%Windir%/','%windir%'),(38,'/%WINDIR%/','%windir%');

294
app/Config/Schema/schema_0.2.3.php
View File

@ -1,147 +1,147 @@
<?php
class AppSchema extends CakeSchema {
public $file = 'schema_0.2.3.php';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $bruteforces = array(
'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'expire' => array('type' => 'datetime', 'null' => false, 'default' => null),
'indexes' => array(),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $correlations = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $events = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
//'risk' ENUM
'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
//'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'revision' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 11),
'hop_count' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $logs = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'title' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'model' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'model_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'action' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'change' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $regex = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'regex' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $roles = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'modified' => array('type' => 'datetime', 'null' => true, 'default' => null),
'perm_add' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_modify' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_publish' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_full' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_auth' => array('type' => 'boolean', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
public $servers = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'organization' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 10, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'push' => array('type' => 'boolean', 'null' => false, 'default' => null),
'pull' => array('type' => 'boolean', 'null' => false, 'default' => null),
'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null),
'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $users = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null),
'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15),
'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null),
'newsread' => array('type' => 'date', 'null' => false, 'default' => null),
'role_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $whitelists = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}
<?php
class AppSchema extends CakeSchema {
public $file = 'schema_0.2.3.php';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $bruteforces = array(
'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'expire' => array('type' => 'datetime', 'null' => false, 'default' => null),
'indexes' => array(),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $correlations = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $events = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
//'risk' ENUM
'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
//'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'revision' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 11),
'hop_count' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $logs = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'title' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'model' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'model_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'action' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'change' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $regex = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'regex' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $roles = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'modified' => array('type' => 'datetime', 'null' => true, 'default' => null),
'perm_add' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_modify' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_publish' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_full' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_auth' => array('type' => 'boolean', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
public $servers = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'organization' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 10, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'push' => array('type' => 'boolean', 'null' => false, 'default' => null),
'pull' => array('type' => 'boolean', 'null' => false, 'default' => null),
'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null),
'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $users = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null),
'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15),
'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null),
'newsread' => array('type' => 'date', 'null' => false, 'default' => null),
'role_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $whitelists = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

22
app/Config/bootstrap.default.php
View File

@ -114,28 +114,28 @@ Configure::write('CyDefSIG.footerpart1', 'Powered by CyDefSIG');
Configure::write('CyDefSIG.footerpart2', '&copy; Belgian Defense CERT & NCIRC');
Configure::write('CyDefSIG.footer', Configure::read('CyDefSIG.footerpart1') . ' ' . Configure::read('CyDefSIG.footerpart2'));
Configure::write('CyDefSIG.footerversion', Configure::read('CyDefSIG.footerpart1') . ' version ' . Configure::read('CyDefSIG.version') . ' ' . Configure::read('CyDefSIG.footerpart2'));
Configure::write('CyDefSIG.org', 'BE MOD'); // if sync this will be Event.org content on the peer side
Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png'); // used in Events::index for owned events
Configure::write('CyDefSIG.org', 'BE MOD'); // if sync this will be Event.org content on the peer side
Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png'); // used in Events::index for owned events
Configure::write('CyDefSIG.showorg', 'true'); // show the name/flag of the organisation that uploaded the data
Configure::write('CyDefSIG.showowner', 'false'); // show the email of the owner that uploaded the data
Configure::write('CyDefSIG.sync', 'false'); // enable features related to syncing with other CyDefSIG instances
Configure::write('CyDefSIG.private', 'true'); // respect private to org or server.
Configure::write('CyDefSIG.showorg', 'true'); // show the name/flag of the organisation that uploaded the data
Configure::write('CyDefSIG.showowner', 'false'); // show the email of the owner that uploaded the data
Configure::write('CyDefSIG.sync', 'false'); // enable features related to syncing with other CyDefSIG instances
Configure::write('CyDefSIG.private', 'true'); // respect private to org or server.
if ('true' == Configure::read('CyDefSIG.private')) {
Configure::write('CyDefSIG.sync', 'true');
}
Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails
Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails
Configure::write('GnuPG.onlyencrypted', 'true'); // only allow encrypted email, do not allow plaintext mails
Configure::write('GnuPG.onlyencrypted', 'true'); // only allow encrypted email, do not allow plaintext mails
Configure::write('GnuPG.email', 'no-reply@sig.mil.be');
Configure::write('GnuPG.password', 'ii3naxoK|o2a');
Configure::write('GnuPG.homedir', '/Users/chri/Documents/Work/Projects/201107-CyDefSIG/.gnupg/');
Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
Configure::write('CyDefSIG.correlation', 'db'); // correlation between attributes of events.
Configure::write('CyDefSIG.correlation', 'db'); // correlation between attributes of events.
// possible values:
// - default, like it was (this is depreciated, use 'db' instead)
// - db, correlation in database

2
app/Console/Command/PasswordShell.php
View File

@ -27,7 +27,7 @@ class PasswordShell extends AppShell {
$this->out(print_r($this->User->invalidFields(), true));
}
echo 'Updated ', PHP_EOL;
echo 'Updated ', PHP_EOL;
exit;
}
}

42
app/Controller/AppController.php
View File

@ -126,6 +126,7 @@ class AppController extends Controller {
// These variables are required for every view
$this->set('me', Sanitize::clean($this->Auth->user()));
$this->set('isAdmin', $this->_isAdmin());
$this->set('isSiteAdmin', $this->_isSiteAdmin());
// TODO ACL: 5: from Controller to Views
$this->set('isAclAdd', $this->checkAcl('add'));
@ -170,6 +171,9 @@ class AppController extends Controller {
return false;
}
/**
* checks if the currently logged user is a site administrator
*/
protected function _isSiteAdmin() {
$org = $this->Auth->user('org');
if (isset($org) && $org === 'ADMIN') {
@ -178,6 +182,10 @@ class AppController extends Controller {
return false;
}
protected function _checkOrg() {
return $this->Auth->user('org');
}
/**
* Refreshes the Auth session with new/updated data
* @return void
@ -371,10 +379,14 @@ class AppController extends Controller {
throw new NotFoundException();
}
$this->generatePrivate();
// Deprecated - generate Private sets the values for the 3 distribution fields on migration - however the new SQL scheme sets cluster + communitie
// to false, which means that private will become org only and non-private will become all communities - which is desired behaviour.
// $this->generatePrivate();
$this->generateCorrelation(); // TODO
$this->generateCount();
$this->generateHop($yourOrg);
// Deprecated - hop unused currently, also, it would generate hop count 1 for all local events created by other hosted orgs.
// $this->generateHop($yourOrg);
$this->generateArosAcos();
}
public function generateArosAcos() {
@ -389,7 +401,7 @@ class AppController extends Controller {
public function generateACL($inc) {
if (!self::_isAdmin()) throw new NotFoundException();
if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
if ($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
switch ($inc['Role']['permission']) {
case '0':
$permAdd = false;
@ -418,6 +430,7 @@ class AppController extends Controller {
default:
break;
}
//$this->Acl->allow($inc, 'controllers/Events/add');
if ($permAdd) {
$this->Acl->allow($inc, 'controllers/Events/add');
$this->Acl->allow($inc, 'controllers/Attributes/add');
@ -453,12 +466,11 @@ class AppController extends Controller {
$this->Acl->deny($inc, 'controllers/Logs');
}
if (isset($inc['Role']['perm_admin'])) {
if ($inc['Role']['perm_admin']) {
if (isset($inc['Role']['perm_admin']) && $inc['Role']['perm_admin']) {
//$this->Acl->allow($inc, 'controllers/Logs');
}
} else {
$this->Acl->deny($inc, 'controllers/Roles');
//$this->Acl->deny($inc, 'controllers');
}
if (isset($inc['Role']['perm_auth'])) {
if ($inc['Role']['perm_auth']) {
@ -583,6 +595,10 @@ class AppController extends Controller {
$attribute['Attribute']['private'] = true;
$attribute['Attribute']['cluster'] = false;
$attribute['Attribute']['communitie'] = false;
} else {
$attribute['Attribute']['private'] = false;
$attribute['Attribute']['cluster'] = false;
$attribute['Attribute']['communitie'] = false;
}
$this->Attribute->save($attribute);
}
@ -595,10 +611,18 @@ class AppController extends Controller {
$events = $this->Event->find('all', array('recursive' => 0));
foreach ($events as $event) {
if ($event['Event']['private']) {
$attribute['Event']['private'] = true;
$attribute['Event']['cluster'] = false;
$attribute['Event']['communitie'] = false;
$event['Event']['private'] = true;
$event['Event']['cluster'] = false;
$event['Event']['communitie'] = false;
} else {
$event['Event']['private'] = false;
$event['Event']['cluster'] = false;
$event['Event']['communitie'] = false;
}
$event['Event']['orgc'] = $event['Event']['org'];
$event['Event']['dist_change'] = 0;
$event['Event']['analysis'] = 2;
$event['Event']['hop_count'] = 0;
$this->Event->save($event);
}
}

191
app/Controller/AttributesController.php
View File

@ -303,12 +303,8 @@ class AttributesController extends AppController {
}
$this->Attribute->read();
if (PHP_OS == 'WINNT') {
$path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS;
$file = $this->Attribute->data['Attribute']['id'];
} else {
$file = new File(APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS . $this->Attribute->data['Attribute']['id']);
}
$path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS;
$file = $this->Attribute->data['Attribute']['id'];
$filename = '';
if ('attachment' == $this->Attribute->data['Attribute']['type']) {
$filename = Sanitize::clean($this->Attribute->data['Attribute']['value']);
@ -324,23 +320,13 @@ class AttributesController extends AppController {
}
$this->viewClass = 'Media';
if (PHP_OS == 'WINNT') {
$params = array(
$params = array(
'id' => $file,
'name' => $filename,
'extension' => $fileExt,
'download' => true,
'path' => $path
);
} else {
$params = array(
'id' => $file->path,
'name' => $filename,
'extension' => $fileExt,
'download' => true,
'path' => DS
);
}
);
$this->set($params);
}
@ -371,17 +357,18 @@ class AttributesController extends AppController {
// remove the published flag from the event
$this->Event->id = $this->request->data['Attribute']['event_id'];
$this->Event->saveField('published', 0);
// save the file-info in the database
$this->Attribute->create();
if ($this->request->data['Attribute']['malware']) {
$this->request->data['Attribute']['type'] = "malware-sample";
$filename = Sanitize::clean($filename);
preg_replace('/\//:*?"<>/', '', $filename);
$this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
$this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
} else {
$this->request->data['Attribute']['type'] = "attachment";
$filename = Sanitize::clean($filename);
preg_replace('/\/:*?"<>/', '', $filename);
$this->request->data['Attribute']['value'] = $filename;
$this->request->data['Attribute']['to_ids'] = 0;
}
@ -521,11 +508,14 @@ class AttributesController extends AppController {
if (!$this->Attribute->exists()) {
throw new NotFoundException(__('Invalid attribute'));
}
$this->Attribute->read();
//set stuff to fix undefined index: uuid
if (!$this->_isRest()) {
$uuid = $this->Attribute->data['Attribute']['uuid'];
}
// only own attributes verified by isAuthorized
if ('true' == Configure::read('CyDefSIG.private')) {
if (!$this->_IsAdmin()) {
$this->Attribute->read(null, $id);
// check for non-private and re-read
if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) {
$this->Session->setFlash(__('Invalid attribute.'));
@ -534,7 +524,6 @@ class AttributesController extends AppController {
}
}
$this->Attribute->read();
$eventId = $this->Attribute->data['Attribute']['event_id'];
if ('attachment' == $this->Attribute->data['Attribute']['type'] ||
'malware-sample' == $this->Attribute->data['Attribute']['type'] ) {
@ -545,7 +534,6 @@ class AttributesController extends AppController {
} else {
$this->set('attachment', false);
}
if ($this->request->is('post') || $this->request->is('put')) {
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Attribute->massageData($this->request->data);
@ -553,24 +541,44 @@ class AttributesController extends AppController {
// reposition to get the attribute.id with given uuid
// Notice (8): Undefined index: uuid [APP/Controller/AttributesController.php, line 502]
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
// Fixed - uuid was not passed back from the form since it's not a field. Set the uuid in a variable for non rest users, rest should have uuid.
// Generally all of this should be _isRest() only, but that's something for later to think about
if ($this->_isRest()) {
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
} else {
$existingAttribute = $this->Attribute->findByUuid($uuid);
}
if (count($existingAttribute)) {
$this->request->data['Attribute']['id'] = $existingAttribute['Attribute']['id'];
}
// say what fields are to be updated
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster', 'value');
if ("i" == Configure::read('CyDefSIG.rest')) {
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
}
$this->loadModel('Event');
$this->Event->id = $eventId;
// enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event
$this->Event->read();
if(!$this->_isRest()) {
$canEditDist = false;
if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) {
$this->set('canEditDist', true);
$canEditDist = true;
} else {
$this->set('canEditDist', false);
}
if (isset($this->request->data['Attribute']['distribution']) && $this->request->data['Attribute']['distribution'] != $existingAttribute['Attribute']['distribution']) {
$this->request->data['Attribute']['dist_change'] = 1 + $existingAttribute['Attribute']['dist_change'];
}
}
if ($this->Attribute->save($this->request->data)) {
$this->Session->setFlash(__('The attribute has been saved'));
// remove the published flag from the event
$this->loadModel('Event');
$this->Event->id = $eventId;
$this->Event->saveField('published', 0);
if ($this->_isRest()) {
@ -590,9 +598,21 @@ class AttributesController extends AppController {
} else {
$this->request->data = $this->Attribute->read(null, $id);
}
// needed for RBAC
$this->set('attribute', Sanitize::clean($this->request->data));
// enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event
$this->loadModel('Event');
$this->Event->id = $eventId;
$this->Event->read();
$canEditDist = false;
if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) {
$this->set('canEditDist', true);
$canEditDist = true;
} else {
$this->set('canEditDist', false);
}
// needed for RBAC
// combobox for types
$types = array_keys($this->Attribute->typeDefinitions);
$types = $this->_arrayToValuesIndexArray($types);
@ -602,26 +622,29 @@ class AttributesController extends AppController {
array_pop($categories); // remove that last empty/space option
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories', $categories);
$this->loadModel('Event');
$events = $this->Event->findById($eventId);
$maxDist = $events['Event']['distribution'];
$this->set('maxDist', $maxDist);
// combobox for distribution
if (isset($maxDist)) {
$distributionsBeforeCut = array_keys($this->Attribute->distributionDescriptions);
$count = 0;
foreach ($distributionsBeforeCut as $current) {
$distributions[$count] = $current;
if ($distributions[$count] == $maxDist)break;
$count++;
if ($canEditDist) {
$this->loadModel('Event');
$events = $this->Event->findById($eventId);
$maxDist = $events['Event']['distribution'];
$this->set('maxDist', $maxDist);
// combobox for distribution
if (isset($maxDist)) {
$distributionsBeforeCut = array_keys($this->Attribute->distributionDescriptions);
$count = 0;
foreach ($distributionsBeforeCut as $current) {
$distributions[$count] = $current;
if ($distributions[$count] == $maxDist)break;
$count++;
}
} else {
$distributions = array_keys($this->Attribute->distributionDescriptions);
}
} else {
$distributions = array_keys($this->Attribute->distributionDescriptions);
$distributions = $this->_arrayToValuesIndexArray($distributions);
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Attribute->distributionDescriptions);
}
$distributions = $this->_arrayToValuesIndexArray($distributions);
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Attribute->distributionDescriptions);
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
@ -656,12 +679,11 @@ class AttributesController extends AppController {
// attachment will be deleted with the beforeDelete() function in the Model
if ($this->Attribute->delete()) {
// delete the attribute from remote servers
//if ('true' == Configure::read('CyDefSIG.sync')) {
// // find the uuid
// $this->__deleteAttributeFromServers($uuid);
//}
if ('true' == Configure::read('CyDefSIG.sync')) {
// find the uuid
$this->__deleteAttributeFromServers($uuid);
}
$this->Session->setFlash(__('Attribute deleted'));
} else {
@ -678,9 +700,11 @@ class AttributesController extends AppController {
*/
private function __deleteAttributeFromServers($uuid) {
// TODO private and delete .. bring up ..
//if (true == $result['Attribute']['private']) { // never upload private attributes
// return "Attribute is private and non exportable";
//}
//$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
if (true == $result['Attribute']['private']) { // never upload private attributes
// return "Attribute is private and non exportable";
return;
}
// get a list of the servers
$this->loadModel('Server');
@ -710,23 +734,60 @@ class AttributesController extends AppController {
if ($this->request->is('post') && ($this->request->here == $fullAddress)) {
$keyword = $this->request->data['Attribute']['keyword'];
$keyword2 = $this->request->data['Attribute']['keyword2'];
$type = $this->request->data['Attribute']['type'];
$category = $this->request->data['Attribute']['category'];
$this->set('keywordSearch', $keyword);
$keyWordText = null;
$keyWordText2 = null;
$this->set('typeSearch', $type);
$this->set('isSearch', 1);
$this->set('categorySearch', $category);
// search the db
$conditions = array();
if ($keyword) {
$keywordArray = explode("\n", $keyword);
$i = 0;
if (isset($keyword)) {
$keywordArray = preg_split("/\r\n|\n|\r/", $keyword);
$i = 1;
$temp = array();
foreach ($keywordArray as $keywordArrayElement) {
$keywordArrayElement = '%' . trim($keywordArrayElement) . '%';
if ($keywordArrayElement != '%%') array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement));
$saveWord = trim($keywordArrayElement);
$keywordArrayElement = '%' . trim($keywordArrayElement) . '%';
if ($keywordArrayElement != '%%') array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement));
if ($i == 1 && $saveWord != '') $keyWordText = $saveWord;
else if (($i > 1 && $i < 10) && $saveWord != '') $keyWordText = $keyWordText .', '. $saveWord;
else if ($i == 10 && $saveWord != '') $keyWordText = $keyWordText . ' and several other keywords';
$i++;
}
$this->set('keywordSearch', $keyWordText);
if (!empty($temp)){
if (count($temp) == 1) {
$conditions['Attribute.value LIKE'] = '%'.$keyWordText.'%';
} else {
$conditions['OR'] = $temp;
}
}
}
if (isset($keyword2)) {
$keywordArray2 = preg_split("/\r\n|\n|\r/", $keyword2);
$i = 1;
$temp = array();
foreach ($keywordArray2 as $keywordArrayElement) {
$saveWord = trim($keywordArrayElement);
if (!is_numeric($saveWord) || $saveWord < 1) continue;
array_push($temp, array('Attribute.event_id !=' => $keywordArrayElement));
if ($i == 1 && $saveWord != '') $keyWordText2 = $saveWord;
else if (($i > 1 && $i < 10) && $saveWord != '') $keyWordText2 = $keyWordText2 .', '. $saveWord;
else if ($i == 10 && $saveWord != '') $keyWordText2 = $keyWordText2 . ' and several other events';
$i++;
}
$this->set('keywordSearch2', $keyWordText2);
if (!empty($temp)){
if (count($temp) == 1) {
$conditions['Attribute.event_id !='] = $keyWordText2;
} else {
$conditions['AND'] = $temp;
}
}
$conditions['OR'] = $temp;
}
if ($type != 'ALL') {
$conditions['Attribute.type ='] = $type;
@ -757,6 +818,12 @@ class AttributesController extends AppController {
$attributes = Sanitize::clean($this->paginate(), array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true));
foreach ($attributes as &$attribute) {
$attribute['Attribute']['value'] = str_replace('\n', chr(10), $attribute['Attribute']['value']);
foreach ($keywordArray as $keywordArrayElement) {
$keywordArrayElement = trim($keywordArrayElement);
if ($attribute['Attribute']['type'] != 'malware-sample' && $attribute['Attribute']['type'] != 'link' && $attribute['Attribute']['type'] != 'attachment') {
$attribute['Attribute']['value'] = preg_replace('%'.$keywordArrayElement.'%', '<b><i>'.$keywordArrayElement.'</i></b>', $attribute['Attribute']['value']);
}
}
}
$this->set('attributes', $attributes);

256
app/Controller/Component/NidsExportComponent.php
View File

@ -46,7 +46,7 @@ class NidsExportComponent extends Component {
$ruleFormatReference = 'reference:url,' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $item['Event']['id'];
$ruleFormat = '%salert %s %s %s %s %s %s (' . $ruleFormatMsg . '; %s %s classtype:' . $this->classtype . '; sid:%d; rev:%d; priority:' . $priority . '; ' . $ruleFormatReference . ';) ';
$sid = $startSid + ($item['Attribute']['id'] * 10); // leave 9 possible rules per attribute type
$sid = $startSid + ($item['Attribute']['id'] * 10); // leave 9 possible rules per attribute type
$attribute = &$item['Attribute'];
$sid++;
@ -99,17 +99,17 @@ class NidsExportComponent extends Component {
$overruled = in_array($attribute['value'], $this->whitelist);
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'ip', // proto
'ip', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'any', // src_port
'->', // direction
$attribute['value'], // dst_ip
'any', // dst_port
'Outgoing To IP: ' . $attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
'any', // dst_port
'Outgoing To IP: ' . $attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
);
}
@ -117,17 +117,17 @@ class NidsExportComponent extends Component {
$overruled = in_array($attribute['value'], $this->whitelist);
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'ip', // proto
'ip', // proto
$attribute['value'], // src_ip
'any', // src_port
'->', // direction
'any', // src_port
'->', // direction
'$HOME_NET', // dst_ip
'any', // dst_port
'Incoming From IP: ' . $attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
'any', // dst_port
'Incoming From IP: ' . $attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
);
}
@ -135,17 +135,17 @@ class NidsExportComponent extends Component {
$content = 'flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;';
$this->rules[] = sprintf($ruleFormat,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Source Email Address: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
'25', // dst_port
'Source Email Address: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -153,17 +153,17 @@ class NidsExportComponent extends Component {
$content = 'flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;';
$this->rules[] = sprintf($ruleFormat,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Destination Email Address: ' . $attribute['value'],// msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
'25', // dst_port
'Destination Email Address: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -172,17 +172,17 @@ class NidsExportComponent extends Component {
$content = 'flow:established,to_server; content:"Subject|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;';
$this->rules[] = sprintf($ruleFormat,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'25', // dst_port
'Bad Email Subject', // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -191,17 +191,17 @@ class NidsExportComponent extends Component {
$content = 'flow:established,to_server; content:"Content-Disposition: attachment|3b| filename=|22|"; content:"' . $attribute['value'] . '|22|";';
$this->rules[] = sprintf($ruleFormat,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Bad Email Attachment', // msg
$content, // rule_content // LATER nids - test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
'25', // dst_port
'Bad Email Attachment', // msg
$content, // rule_content // LATER nids - test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -210,32 +210,32 @@ class NidsExportComponent extends Component {
$content = 'content:"' . $this->dnsNameToRawFormat($attribute['value'], 'hostname') . '"; nocase;';
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
// also do http requests
@ -243,17 +243,17 @@ class NidsExportComponent extends Component {
$content = 'flow:to_server,established; content: "Host: ' . $attribute['value'] . '"; nocase; http_header; pcre: "/[^A-Za-z0-9-]' . preg_quote($attribute['value']) . '[^A-Za-z0-9-]/";';
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'any', // dst_port
'Outgoing HTTP Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -262,32 +262,32 @@ class NidsExportComponent extends Component {
$content = 'content:"' . $this->dnsNameToRawFormat($attribute['value']) . '"; nocase;';
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
// also do http requests,
@ -295,17 +295,17 @@ class NidsExportComponent extends Component {
$content = 'flow:to_server,established; content: "Host:"; nocase; http_header; content:"' . $attribute['value'] . '"; nocase; http_header; pcre: "/[^A-Za-z0-9-]' . preg_quote($attribute['value']) . '[^A-Za-z0-9-]/";';
$this->rules[] = sprintf($ruleFormat,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'any', // dst_port
'Outgoing HTTP Domain: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -317,17 +317,17 @@ class NidsExportComponent extends Component {
$content = 'flow:to_server,established; content:"' . $attribute['value'] . '"; nocase; http_uri;';
$this->rules[] = sprintf($ruleFormat,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'any', // dst_port
'Outgoing HTTP URL: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
@ -348,18 +348,18 @@ class NidsExportComponent extends Component {
// tag - '/tag\s*:\s*.+?;/'
$replaceCount = array();
$tmpRule = preg_replace('/sid\s*:\s*[0-9]+\s*;/', 'sid:' . $sid . ';', $tmpRule, -1, $replaceCount['sid']);
if (null == $tmpRule ) break; // don't output the rule on error with the regex
if (null == $tmpRule ) break; // don't output the rule on error with the regex
$tmpRule = preg_replace('/rev\s*:\s*[0-9]+\s*;/', 'rev:1;', $tmpRule, -1, $replaceCount['rev']);
if (null == $tmpRule ) break; // don't output the rule on error with the regex
if (null == $tmpRule ) break; // don't output the rule on error with the regex
$tmpRule = preg_replace('/classtype:[a-zA-Z_-]+;/', 'classtype:' . $this->classtype . ';', $tmpRule, -1, $replaceCount['classtype']);
if (null == $tmpRule ) break; // don't output the rule on error with the regex
if (null == $tmpRule ) break; // don't output the rule on error with the regex
$tmpMessage = sprintf($ruleFormatMsg, 'snort-rule');
$tmpRule = preg_replace('/msg\s*:\s*".*?"\s*;/', $tmpMessage . ';', $tmpRule, -1, $replaceCount['msg']);
if (null == $tmpRule ) break; // don't output the rule on error with the regex
if (null == $tmpRule ) break; // don't output the rule on error with the regex
$tmpRule = preg_replace('/reference\s*:\s*.+?;/', $ruleFormatReference . ';', $tmpRule, -1, $replaceCount['reference']);
if (null == $tmpRule ) break; // don't output the rule on error with the regex
if (null == $tmpRule ) break; // don't output the rule on error with the regex
$tmpRule = preg_replace('/reference\s*:\s*.+?;/', $ruleFormatReference . ';', $tmpRule, -1, $replaceCount['reference']);
if (null == $tmpRule ) break; // don't output the rule on error with the regex
if (null == $tmpRule ) break; // don't output the rule on error with the regex
// FIXME nids - implement priority overwriting
// some values were not replaced, so we need to add them ourselves, and insert them in the rule

217
app/Controller/EventsController.php
View File

@ -26,7 +26,7 @@ class EventsController extends AppController {
public $paginate = array(
'limit' => 60,
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
'order' => array(
'Event.id' => 'DESC'
)
@ -299,13 +299,17 @@ class EventsController extends AppController {
// Sanitize::clean
$this->Event->data['Event']['info'] = $this->beforeSanitizeClean($this->Event->data['Event']['info']);
foreach ($this->Event->data['Attribute'] as &$attribute) {
$attribute['value'] = $this->beforeSanitizeClean($attribute['value']);
if (isset($this->Event->data['Attribute'])) {
foreach ($this->Event->data['Attribute'] as &$attribute) {
$attribute['value'] = $this->beforeSanitizeClean($attribute['value']);
}
}
$event = Sanitize::clean($this->Event->data, array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true));
$event['Event']['info'] = $this->counterSanitizeClean($event['Event']['info']);
foreach ($event['Attribute'] as &$attribute) {
$attribute['value'] = $this->counterSanitizeClean($attribute['value']);
if (isset($event['Attribute'])) {
foreach ($event['Attribute'] as &$attribute) {
$attribute['value'] = $this->counterSanitizeClean($attribute['value']);
}
}
$this->set('event', $event);
@ -423,7 +427,11 @@ class EventsController extends AppController {
public function _add(&$data, &$auth, $fromXml, $or='', $passAlong = null, $fromPull = false) {
// force check userid and orgname to be from yourself
$data['Event']['user_id'] = $auth->user('id');
$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem
$data['Event']['org'] = $auth->user('org');
//$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem
if (!$fromXml) {
$data['Event']['orgc'] = $data['Event']['org'];
}
unset ($data['Event']['id']);
$this->Event->create();
//$this->Event->data = $data;
@ -444,7 +452,7 @@ class EventsController extends AppController {
$existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
if ($existingEventCount > 0) {
// TODO RESTfull, set responce location header..so client can find right URL to edit
if($fromPull)return false;
if ($fromPull) return false;
$existingEvent = $this->Event->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
$this->response->header('Location', Configure::read('CyDefSIG.baseurl') . '/events/' . $existingEvent['Event']['id']);
$this->response->send();
@ -454,13 +462,13 @@ class EventsController extends AppController {
if ($upstream) {
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid'),
'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
);
} else {
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'hop_count'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie')
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'hop_count', 'dist_change', 'from'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change')
);
}
@ -478,7 +486,7 @@ class EventsController extends AppController {
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
}
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published'] && $data['Event']['private'] == false) {
// do the necessary actions to publish the event (email, upload,...)
$this->__publish($this->Event->getId(), $passAlong);
}
@ -506,13 +514,28 @@ class EventsController extends AppController {
//if ('true' == Configure::read('CyDefSIG.private')) {
// if (!$this->_IsAdmin()) {
$this->Event->read(null, $id);
// // check for non-private and re-read
// if (($this->Event->data['Event']['org'] != $this->Auth->user('org')) || (($this->Event->data['Event']['org'] == $this->Auth->user('org')) && ($this->Event->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) {
// $this->Session->setFlash(__('Invalid event.'));
// $this->redirect(array('controller' => 'users', 'action' => 'terms'));
// }
// }
// // check for if private and user not authorised to edit, go away
if (!$this->isSiteAdmin() && !$this->checkAction('perm_sync') && $this->Event->data['Event']['distribution'] == 'Your organization only') {
if (($this->Event->data['Event']['org'] != $this->_checkOrg()) || !($this->checkAction('perm_modify'))) {
$this->Session->setFlash(__('You are not authorised to do that.'));
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
}
//if (!$this->Event->data['Event']['org'] == $this->_checkOrg()){
//throw new MethodNotAllowedException();
//$this->Session->setFlash(__('Invalid event.'));
//$this->redirect(array('controller' => 'users', 'action' => 'terms'));
//}
//}
// check if the user is of the creating org, if not, don't let him/her change the distribution.
$canEditDist = false;
if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) {
$canEditDist = true;
$this->set('canEditDist', true);
} else {
$this->set('canEditDist', false);
}
if ($this->request->is('post') || $this->request->is('put')) {
if ($this->_isRest()) {
// Workaround for different structure in XML/array than what CakePHP expects
@ -533,6 +556,17 @@ class EventsController extends AppController {
if (count($existingEvent)) {
$this->request->data['Event']['id'] = $existingEvent['Event']['id'];
}
if ($existingEvent['Event']['orgc'] == $this->_checkOrg()) {
$this->set('canEditDist', true);
} else {
$this->set('canEditDist', false);
}
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'dist_change', 'from'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie', 'cluster', 'dist_change')
);
if ("ii" == Configure::read('CyDefSIG.rest')) {
// reposition to get the attribute.id with given uuid
$c = 0;
@ -541,16 +575,20 @@ class EventsController extends AppController {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) {
unset($this->request->data['Attribute'][$c]['private']);
unset($this->request->data['Attribute'][$c]['cluster']);
unset($this->request->data['Attribute'][$c]['communitie']);
}
}
$c++;
}
}
}
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'analysis', 'info', 'published', 'uuid', 'private', 'communitie'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie')
);
if ($this->request->data['Event']['dist_change'] > $existingEvent['Event']['dist_change']) {
array_push($fieldList['Event'], 'private', 'communitie', 'cluster');
}
if ("i" == Configure::read('CyDefSIG.rest')) {
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
@ -568,6 +606,11 @@ class EventsController extends AppController {
$message = 'Saved';
$this->set('event', Sanitize::clean($this->Event->data));
//if published -> do the actual publishing
if ((!empty($this->request->data['Event']['published']) && 1 == $this->request->data['Event']['published'])) {
// do the necessary actions to publish the event (email, upload,...)
$this->__publish($existingEvent['Event']['id']);
}
// REST users want to see the newly created event
$this->view($this->Event->getId());
@ -581,18 +624,26 @@ class EventsController extends AppController {
return false;
}
}
// say what fields are to be updated
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie');
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie', 'dist_change');
//Moved this out of (if ($this->_isAdmin()) to use for the dist_change
$this->Event->read();
// always force the org, but do not force it for admins
if ($this->_isAdmin()) {
// set the same org as existed before
$this->Event->read();
$this->request->data['Event']['org'] = Sanitize::clean($this->Event->data['Event']['org']);
}
// we probably also want to remove the published flag
$this->request->data['Event']['published'] = 0;
// If the distribution has changed, up the dist_change count
if ($canEditDist) {
if ($this->request->data['Event']['distribution'] != $this->Event->data['Event']['distribution']) {
$this->request->data['Event']['dist_change'] = 1 + $this->Event->data['Event']['dist_change'];
}
}
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Event->massageData($this->request->data);
}
@ -612,6 +663,7 @@ class EventsController extends AppController {
$distributions = array_keys($this->Event->distributionDescriptions);
$distributions = $this->_arrayToValuesIndexArray($distributions);
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Event->distributionDescriptions);
@ -619,6 +671,7 @@ class EventsController extends AppController {
$risks = $this->Event->validate['risk']['rule'][1];
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',$risks);
// tooltip for risk
$this->set('riskDescriptions', $this->Event->riskDescriptions);
@ -626,6 +679,7 @@ class EventsController extends AppController {
$analysiss = $this->Event->validate['analysis']['rule'][1];
$analysiss = $this->_arrayToValuesIndexArray($analysiss);
$this->set('analysiss',$analysiss);
// tooltip for analysis
$this->set('analysisDescriptions', $this->Event->analysisDescriptions);
$this->set('analysisLevels', $this->Event->analysisLevels);
@ -641,6 +695,7 @@ class EventsController extends AppController {
* @throws MethodNotAllowedException
* @throws NotFoundException
*/
public function delete($id = null) {
if (!$this->request->is('post') && !$this->_isRest()) {
throw new MethodNotAllowedException();
@ -657,6 +712,12 @@ class EventsController extends AppController {
$uuid = $result['Event']['uuid'];
}
if (!$this->_isSiteAdmin()) {
if (!$this->Event->data['Event']['org'] == $this->_checkOrg()) {
throw new MethodNotAllowedException();
}
}
if ($this->Event->delete()) {
// delete the event from remote servers
@ -683,12 +744,14 @@ class EventsController extends AppController {
$this->Event->recursive = 1;
$this->Event->read();
//Save the from field of the event to know where it came from originally and then set the event's from field to the current server's host org
$from = $this->Event->data['Event']['from'];
$this->Event->data['Event']['from'] = Configure::read('CyDefSIG.org');
// get a list of the servers
$this->loadModel('Server');
$servers = $this->Server->find('all', array(
'conditions' => array('Server.push' => true)
));
// iterate over the servers and upload the event
if(empty($servers))
return;
@ -698,7 +761,8 @@ class EventsController extends AppController {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
foreach ($servers as &$server) {
if (($passAlong != $server)) {
//Skip servers where the event has come from.
if (($passAlong != $server && $server['Server']['organization'] != $from)) {
$thisUploaded = $this->Event->uploadEventToServer($this->Event->data, $server, $HttpSocket);
if (!$thisUploaded) {
$uploaded = !$uploaded ? $uploaded : $thisUploaded;
@ -706,7 +770,7 @@ class EventsController extends AppController {
}
}
}
$this->Event->data['Event']['from'] = Configure::read('CyDefSIG.org');
if (!$uploaded) {
return $failedServers;
} else {
@ -744,14 +808,13 @@ class EventsController extends AppController {
private function __publish($id, $passAlong = null) {
$this->Event->id = $id;
$this->Event->recursive = 0;
//$this->Event->read();
$event = $this->Event->read(null, $id);
// update the DB to set the published flag
$this->Event->saveField('published', 1);
$event['Event']['from'] = Configure::read('CyDefSIG.sync');
$uploaded = false;
// upload the event to remote servers
//if ($event['Event']['distribution'] == 'Your organization only' || $event['Event']['distribution'] == 'This server-only') return true;
if ('true' == Configure::read('CyDefSIG.sync')) {
$uploaded = $this->__uploadEventToServers($id, $passAlong);
if ((is_bool($uploaded) && !$uploaded) || (is_array($uploaded))) { // TODO remove bool
@ -771,6 +834,7 @@ class EventsController extends AppController {
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
}
$this->Event->saveField('from', Configure::read('CyDefSIG.org'));
// only allow publish for own events verified by isAuthorized
@ -802,7 +866,7 @@ class EventsController extends AppController {
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
}
$this->Event->saveField('from', Configure::read('CyDefSIG.org'));
// only allow alert for own events verified by isAuthorized
// only allow form submit CSRF protection.
@ -1179,17 +1243,43 @@ class EventsController extends AppController {
} else {
$conditions = array();
}
//restricting to non-private or same org if the user is not a site-admin.
if (!$this->isSiteAdmin()) {
$temp = array();
$temp2 = array();
$org = $this->_checkOrg();
$distribution = array();
array_push($distribution, array('Event.private =' => 0));
array_push($distribution, array('Event.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Event.org LIKE' => $org));
$conditions['OR'] = $temp;
$distribution2 = array();
array_push($distribution2, array('Attribute.private =' => 0));
array_push($distribution2, array('Attribute.cluster =' => 1));
array_push($temp2, array('OR' => $distribution2));
array_push($temp2, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $org));
$conditionsAttributes['OR'] = $temp2;
}
// do not expose all the data ...
$fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.analysis', 'Event.info', 'Event.published', 'Event.uuid');
$fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id');
if ('true' == Configure::read('CyDefSIG.showorg')) {
$fields[] = 'Event.org';
}
$params = array('conditions' => $conditions,
'recursive' => 1,
'fields' => $fields,
);
'contain' =>array(
'Attribute' => array(
'fields' => $fieldsAtt,
'conditions' => $conditionsAttributes,
),
)
);
$results = $this->Event->find('all', $params);
$this->set('results', Sanitize::clean($results));
}
@ -1213,8 +1303,20 @@ class EventsController extends AppController {
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array( "AND" => array ('Attribute.to_ids' => 1, "Event.published" => 1)), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY
);
@ -1251,8 +1353,20 @@ class EventsController extends AppController {
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array('Attribute.to_ids' => 1), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY
);
@ -1294,8 +1408,20 @@ class EventsController extends AppController {
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array('Attribute.to_ids' => 1), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY
);
@ -1334,8 +1460,23 @@ class EventsController extends AppController {
$this->layout = 'text/default';
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.type' => $type);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array('Attribute.type' => $type), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'fields' => array('Attribute.value'), //array of field names
'order' => array('Attribute.value'), //string or array defining order

2
app/Controller/PagesController.php
View File

@ -46,7 +46,7 @@ class PagesController extends AppController {
public $uses = array();
public function isAuthorized($user) {
return true;
return true;
}
/**
* Displays a view

3
app/Controller/RolesController.php
View File

@ -65,7 +65,6 @@ class RolesController extends AppController {
$this->Session->setFlash(__(sprintf('The Role has been saved.')));
$this->set('options', $this->options);
$passAlong = $this->Role->read(null, $this->Role->getInsertID());
debug($passAlong);
$this->generateACL($passAlong);
$this->redirect(array('action' => 'index'));
} else {
@ -99,6 +98,8 @@ class RolesController extends AppController {
public function admin_edit($id = null) {
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
$this->AdminCrud->adminEdit($id);
$passAlong = $this->Role->read(null, $id);
$this->generateACL($passAlong);
$this->set('options', $this->options);
}

10
app/Controller/ServersController.php
View File

@ -65,7 +65,7 @@ class ServersController extends AppController {
);
} else {
if (!$this->checkAction('perm_sync')) $this->redirect(array('controller' => 'events', 'action' => 'index'));
$conditions['Server.organization LIKE'] = $this->Auth->user('org');
$conditions['Server.org LIKE'] = $this->Auth->user('org');
$this->paginate = array(
'conditions' => array($conditions),
);
@ -79,7 +79,7 @@ class ServersController extends AppController {
* @return void
*/
public function add() {
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->request->is('post')) {
// force check userid and orgname to be from yourself
$this->request->data['Server']['org'] = $this->Auth->user('org');
@ -102,7 +102,7 @@ class ServersController extends AppController {
* @throws NotFoundException
*/
public function edit($id = null) {
if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
@ -155,7 +155,7 @@ class ServersController extends AppController {
public function pull($id = null, $full=false) {
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
@ -310,7 +310,7 @@ class ServersController extends AppController {
}
public function push($id = null, $full=false) {
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}

2
app/MYSQL.dist_change.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE `events` ADD `dist_change` INT NOT NULL DEFAULT '0'
ALTER TABLE `attributes` ADD `dist_change` INT NOT NULL DEFAULT '0'

1
app/MYSQL.from.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `events` ADD `from` VARCHAR( 10 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL

149
app/MYSQL.migrate.sql Normal file
View File

@ -0,0 +1,149 @@
--
-- Update to attributes
--
ALTER TABLE `attributes` ADD `cluster` tinyint(1) DEFAULT '0';
ALTER TABLE `attributes` ADD `communitie` tinyint(1) DEFAULT '0';
ALTER TABLE `attributes` ADD `dist_change` int(11) DEFAULT '0';
-- --------------------------------------------------------
--
-- Create blacklist
--
CREATE TABLE `blacklist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(254) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Create correlations
--
DROP TABLE IF EXISTS `correlations`;
CREATE TABLE `correlations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`1_event_id` int(11) NOT NULL,
`1_attribute_id` int(11) NOT NULL,
`1_private` tinyint(1) NOT NULL,
`event_id` int(11) NOT NULL,
`attribute_id` int(11) NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`date` date NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Update to events
--
ALTER TABLE `events` ADD `cluster` tinyint(1) NOT NULL;
ALTER TABLE `events` ADD `communitie` tinyint(1) NOT NULL;
ALTER TABLE `events` ADD `analysis` tinyint(4) NOT NULL;
ALTER TABLE `events` ADD `attribute_count` int(11) UNSIGNED DEFAULT NULL;
ALTER TABLE `events` ADD `hop_count` int(11) UNSIGNED DEFAULT NULL;
ALTER TABLE `events` ADD `dist_change` int(11) NOT NULL DEFAULT 0;
ALTER TABLE `events` ADD `orgc` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL;
UPDATE TABLE `events` SET `orgc` = `org` WHERE `orgc` = NULL;
-- --------------------------------------------------------
--
-- Table structure for table `logs`
--
CREATE TABLE `logs` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`model` varchar(20) COLLATE utf8_bin NOT NULL,
`model_id` int(11) NOT NULL,
`action` varchar(20) COLLATE utf8_bin NOT NULL,
`user_id` int(11) NOT NULL,
`change` varchar(255) COLLATE utf8_bin,
`email` varchar(255) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`description` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `regexp`
--
CREATE TABLE `regexp` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`regexp` varchar(255) COLLATE utf8_bin NOT NULL,
`replacement` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Create table roles
--
DROP TABLE IF EXISTS `roles`;
CREATE TABLE `roles` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`perm_add` tinyint(1) NOT NULL,
`perm_modify` tinyint(1) NOT NULL,
`perm_modify_org` tinyint(1) NOT NULL,
`perm_publish` tinyint(1) NOT NULL,
`perm_sync` tinyint(1) NOT NULL,
`perm_full` tinyint(1) NOT NULL,
`perm_auth` tinyint(1) NOT NULL,
`perm_audit` tinyint(1) NOT NULL,
`perm_admin` tinyint(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Creating initial roles
--
-- 1. Admin - has full access
-- 2. Org Admin - read/write/publish/audit/admin/sync/auth
-- 3. User - User - Read / Write, no other permissions (default)
-- 4. Sync user - read/write/publish/sync/auth
--
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('1', 'admin', NOW() , NOW() , '1', '1', '1', '1', '1', '1', '1', '1', '1');
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('2', 'Org Admin', NOW() , NOW() , '1', '1', '0' , '1', '1', '1', '1', '0' , '1');
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('3', 'User', NOW() , NOW() , '1', '1', '0' , '0' , '0' , '0' , '0' , '0' , '0');
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`)
VALUES ('4', 'Sync user', NOW(), NOW(), '1', '1', '1', '1', '1', '0', '1', '0', '1');
-- --------------------------------------------------------
--
-- Update servers
--
ALTER TABLE `servers` DROP `logo`;
-- --------------------------------------------------------
--
-- Update users
-- Collate changed for email - fixes case sensitivity of user names
--
ALTER TABLE `users` ADD `role_id` int(11) NOT NULL;
ALTER TABLE `users` ADD `change_pw` tinyint(1) NOT NULL;
ALTER TABLE `users` CHANGE `email` `email` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL
UPDATE TABLE `users` SET `role_id` = '3';
UPDATE TABLE `users` SET `role_id` = '1' WHERE `org` = 'ADMIN';
-- --------------------------------------------------------

1
app/MYSQL.orgc.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `events` ADD `orgc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL

32
app/Model/Attribute.php
View File

@ -21,8 +21,9 @@ class Attribute extends AppModel {
'userKey' => 'user_id',
'change' => 'full'),
'Trim',
//'Regexp' => array('fields' => array('value', 'value2')),
//'Blacklist' => array('fields' => array('value'))
'Containable',
'Regexp' => array('fields' => array('value', 'value2')),
'Blacklist' => array('fields' => array('value'))
);
/**
@ -369,20 +370,21 @@ class Attribute extends AppModel {
if (!empty($this->data['Attribute']['type'])) {
$compositeTypes = $this->getCompositeTypes();
// explode composite types in value1 and value2
$pieces = explode('|', $this->data['Attribute']['value']);
if (in_array($this->data['Attribute']['type'], $compositeTypes)) {
if (2 != count($pieces)) {
throw new InternalErrorException('Composite type, but value not explodable');
//if (!isset($this->data['Attribute']['value1'])) {
$pieces = explode('|', $this->data['Attribute']['value']);
if (in_array($this->data['Attribute']['type'], $compositeTypes)) {
if (2 != count($pieces)) {
throw new InternalErrorException('Composite type, but value not explodable');
}
$this->data['Attribute']['value1'] = $pieces[0];
$this->data['Attribute']['value2'] = $pieces[1];
} else {
$total = implode('|', $pieces);
$this->data['Attribute']['value1'] = $total;
$this->data['Attribute']['value2'] = '';
}
$this->data['Attribute']['value1'] = $pieces[0];
$this->data['Attribute']['value2'] = $pieces[1];
} else {
$total = implode('|', $pieces);
$this->data['Attribute']['value1'] = $total;
$this->data['Attribute']['value2'] = '';
}
//}
}
// always return true after a beforeSave()
return true;
}
@ -423,6 +425,7 @@ class Attribute extends AppModel {
}
public function massageData(&$data) {
if(!isset($data['Attribute']['distribution'])) return $data;
switch ($data['Attribute']['distribution']) {
case 'Your organization only':
$data['Attribute']['private'] = true;
@ -682,7 +685,6 @@ class Attribute extends AppModel {
break;
case 'link':
if (preg_match('#^(http|ftp)(s)?\:\/\/((([a-z|0-9|\-]{1,25})(\.)?){2,7})($|/.*$)#i', $value) && !preg_match("#\n#", $value)) {
debug('here');
$returnValue = true;
}
break;

8
app/Model/Behavior/RegexpBehavior.php
View File

@ -33,7 +33,6 @@ class RegexpBehavior extends ModelBehavior {
$returnValue = true;
// process some..
$returnValue = $this->regexpStringFields($Model);
return $returnValue;
}
@ -48,9 +47,7 @@ class RegexpBehavior extends ModelBehavior {
foreach ($Model->data[$Model->name] as $key => $field) {
if (in_array($key, $this->settings[$Model->alias]['fields']) && is_string($field)) {
$returnValue = $this->replaceWindowsSpecific($Model, $field);
//if (!$returnValue) {
// $Model->blacklistErrors[] = array($key, $field);
//}
$Model->data[$Model->name][$key] = $returnValue;
}
}
return $returnValue;
@ -70,11 +67,12 @@ class RegexpBehavior extends ModelBehavior {
foreach ($allRegexp as $regexp) {
if (strlen($regexp['Regexp']['replacement'] && strlen($regexp['Regexp']['regexp']))) {
$string = preg_replace($regexp['Regexp']['regexp'], $regexp['Regexp']['replacement'], $string);
$returnValue = $string;
}
if (!strlen($regexp['Regexp']['replacement']) && preg_match($regexp['Regexp']['regexp'], $string)) {
App::uses('SessionComponent', 'Controller/Component');
SessionComponent::setFlash('Blacklisted value!');
$returnValue = false;
return false;
}
}
return $returnValue;

23
app/Model/Event.php
View File

@ -16,8 +16,9 @@ class Event extends AppModel {
'userKey' => 'user_id',
'change' => 'full'),
'Trim',
//'Regexp' => array('fields' => array('info')),
//'Blacklist' => array('fields' => array('info')),
'Containable',
'Regexp' => array('fields' => array('info')),
'Blacklist' => array('fields' => array('info')),
);
/**
@ -83,6 +84,16 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'orgc' => array(
'notempty' => array(
'rule' => array('notempty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'date' => array(
'date' => array(
'rule' => array('date'),
@ -529,16 +540,24 @@ class Event extends AppModel {
$encodedFile = $this->Attribute->base64EncodeAttachment($attribute);
$attribute['data'] = $encodedFile;
}
// Passing the attribute ID together with the attribute could cause the deletion of attributes after a publish/push
// Basically, if the attribute count differed between two instances, and the instance with the lower attribute
// count pushed, the old attributes with the same ID got overwritten. Unsetting the ID before pushing it
// solves the issue and a new attribute is always created.
unset($attribute['id']);
}
// Distribution, correct Community to Org only in Event
if ($event['Event']['cluster'] && !$event['Event']['private']) {
$event['Event']['private'] = true;
$event['Event']['cluster'] = false;
//$event['Event']['communitie'] = false;
$event['Event']['distribution'] = 'Your organization only';
}
// Distribution, correct All to Community in Event
// Potential problem here -> setting cluster gives 0-1-1 (pr/cl/co) settings that don't exist. Adding switch from comm true to false
if (!$event['Event']['cluster'] && !$event['Event']['private'] && $event['Event']['communitie']) {
$event['Event']['cluster'] = true;
$event['Event']['communitie'] = false;
$event['Event']['distribution'] = 'This Community-only';
}
// up the hop count

734
app/Model/User.php
View File

@ -1,367 +1,367 @@
<?php
App::uses('AppModel', 'Model');
App::uses('AuthComponent', 'Controller/Component');
/**
* User Model
*
* @property Role $Role
* @property Event $Event
*/
class User extends AppModel {
/**
* Display field
*
* @var string
*/
public $displayField = 'email';
public $orgField = 'org'; // TODO Audit, LogableBehaviour + org
/**
* Validation rules
*
* @var array
*/
public $validate = array(
'role_id' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'password' => array(
'minlength' => array(
'rule' => array('minlength', 6),
'message' => 'A password of a minimum length of 6 is required.',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'complexity' => array(
'rule' => array('complexPassword'),
'message' => 'The password must contain at least one upper-case, one lower-case, one (digits or special character).',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'identical' => array(
'rule' => array('identicalFieldValues', 'confirm_password'),
'message' => 'Please re-enter your password twice so that the values match.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'org' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Please specify the organisation where you are working.',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'org_id' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Please specify the organisation ID where you are working.', // TODO ACL, org_id in Users
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'email' => array(
'email' => array(
'rule' => array('email'),
'message' => 'Please enter a valid email address.',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'An account with this email address already exists.'
),
),
'autoalert' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'authkey' => array(
'minlength' => array(
'rule' => array('minlength', 40),
'message' => 'A authkey of a minimum length of 40 is required.',
'required' => true,
),
'notempty' => array(
'rule' => array('notempty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'invited_by' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'change_pw' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'gpgkey' => array(
'notempty' => array(
'rule' => array('validateGpgkey'),
'message' => 'GPG key not valid, please enter a valid key.',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'nids_sid' => array(
'numeric' => array(
'rule' => array('numeric'),
'message' => 'A SID should be an integer.',
'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'termsaccepted' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'newsread' => array(
'date' => array(
'rule' => array('date'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
);
//The Associations below have been created with all possible keys, those that are not needed can be removed
/**
* belongsTo associations
*
* @var array
*/
public $belongsTo = array(
'Role' => array(
'className' => 'Role',
'foreignKey' => 'role_id',
'conditions' => '',
'fields' => '',
'order' => ''
)
);
/**
* hasMany associations
*
* @var array
*/
public $hasMany = array(
'Event' => array(
'className' => 'Event',
'foreignKey' => 'user_id',
'dependent' => false,
'conditions' => '',
'fields' => '',
'order' => '',
'limit' => '',
'offset' => '',
'exclusive' => '',
'finderQuery' => '',
'counterQuery' => ''
)
);
/**
* TODO ACL: 1: be requester to CakePHP ACL system
*/
public $actsAs = array(
'Acl' => array( // TODO ACL, + 'enabled' => false
'type' => 'requester',
'enabled' => false
),
'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable
'userModel' => 'User',
'userKey' => 'user_id',
'change' => 'full'
),
'Trim',
//'RemoveNewline' => array('fields' => array('gpgkey')),
);
/**
* TODO ACL: 2: hook User into CakePHP ACL system (so link to aros)
*/
public function parentNode() {
if (!$this->id && empty($this->data)) {
return null;
}
if (isset($this->data['User']['role_id'])) {
$roleId = $this->data['User']['role_id'];
} else {
$roleId = $this->field('role_id');
}
if (!$roleId) {
return null;
} else {
return array('Role' => array('id' => $roleId));
}
}
/**
* TODO ACL: 3: rights on Roles: http://stackoverflow.com/questions/6154285/aros-table-in-cakephp-is-still-including-users-even-after-bindnode
*/
public function bindNode($user) {
// return array('model' => 'Group', 'foreign_key' => $user['User']['role_id']);
return array('Role' => array('id' => $user['User']['role_id']));
}
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
// only accept add and edit in own org
//if ($this->data[$this->alias]['org'] != "TEST") {
// return false;
//}
//return true;
}
/**
* Checks if the GPG key is a valid key
* But also import it in the keychain.
*/
public function validateGpgkey($check) {
// LATER first remove the old gpgkey from the keychain
// empty value
if (empty($check['gpgkey'])) {
return true;
}
// we have a clean, hopefull public, key here
// key is entered
require_once 'Crypt/GPG.php';
try {
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
try {
$keyImportOutput = $gpg->importKey($check['gpgkey']);
if (!empty($keyImportOutput['fingerprint'])) {
return true;
}
} catch (Exception $e) {
//debug($e);
return false;
}
} catch (Exception $e) {
//debug($e);
return true; // TODO was false
}
}
public function complexPassword($check) {
/*
6 characters minimum
1 or more upper-case letters
1 or more lower-case letters
1 or more digits or special characters
example: "EasyPeasy34"
*/
$value = array_values($check);
$value = $value[0];
return preg_match('/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $value);
}
public function identicalFieldValues($field=array(), $compareField=null) {
foreach ($field as $key => $value) {
$v1 = $value;
$v2 = $this->data[$this->name][$compareField];
if ($v1 !== $v2) {
return false;
} else {
continue;
}
}
return true;
}
/**
* Generates an authentication key for each user
*/
public function generateAuthKey() {
//$key = sha1(mt_rand(30, 30).time());
$length = 40;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charLen = strlen($characters) - 1;
$key = '';
for ($p = 0; $p < $length; $p++) {
$key .= $characters[rand(0, $charLen)];
}
return $key;
}
public function checkAndCorrectPgps() {
$fails = array();
$users = $this->find('all', array('recursive' => 0));
foreach ($users as $user) {
if (strlen($user['User']['gpgkey']) && strpos($user['User']['gpgkey'], "\n")) {
$fails[] = $user['User']['id'] . ':' . $user['User']['id'];
//$check['gpgkey'] = trim(preg_replace('/\n', '', $check['gpgkey']));
}
}
return $fails;
}
}
<?php
App::uses('AppModel', 'Model');
App::uses('AuthComponent', 'Controller/Component');
/**
* User Model
*
* @property Role $Role
* @property Event $Event
*/
class User extends AppModel {
/**
* Display field
*
* @var string
*/
public $displayField = 'email';
public $orgField = 'org'; // TODO Audit, LogableBehaviour + org
/**
* Validation rules
*
* @var array
*/
public $validate = array(
'role_id' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'password' => array(
'minlength' => array(
'rule' => array('minlength', 6),
'message' => 'A password of a minimum length of 6 is required.',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'complexity' => array(
'rule' => array('complexPassword'),
'message' => 'The password must contain at least one upper-case, one lower-case, one (digits or special character).',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'identical' => array(
'rule' => array('identicalFieldValues', 'confirm_password'),
'message' => 'Please re-enter your password twice so that the values match.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'org' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Please specify the organisation where you are working.',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'org_id' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Please specify the organisation ID where you are working.', // TODO ACL, org_id in Users
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'email' => array(
'email' => array(
'rule' => array('email'),
'message' => 'Please enter a valid email address.',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'An account with this email address already exists.'
),
),
'autoalert' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'authkey' => array(
'minlength' => array(
'rule' => array('minlength', 40),
'message' => 'A authkey of a minimum length of 40 is required.',
'required' => true,
),
'notempty' => array(
'rule' => array('notempty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'invited_by' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'change_pw' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'gpgkey' => array(
'notempty' => array(
'rule' => array('validateGpgkey'),
'message' => 'GPG key not valid, please enter a valid key.',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'nids_sid' => array(
'numeric' => array(
'rule' => array('numeric'),
'message' => 'A SID should be an integer.',
'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'termsaccepted' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'newsread' => array(
'date' => array(
'rule' => array('date'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
);
//The Associations below have been created with all possible keys, those that are not needed can be removed
/**
* belongsTo associations
*
* @var array
*/
public $belongsTo = array(
'Role' => array(
'className' => 'Role',
'foreignKey' => 'role_id',
'conditions' => '',
'fields' => '',
'order' => ''
)
);
/**
* hasMany associations
*
* @var array
*/
public $hasMany = array(
'Event' => array(
'className' => 'Event',
'foreignKey' => 'user_id',
'dependent' => false,
'conditions' => '',
'fields' => '',
'order' => '',
'limit' => '',
'offset' => '',
'exclusive' => '',
'finderQuery' => '',
'counterQuery' => ''
)
);
/**
* TODO ACL: 1: be requester to CakePHP ACL system
*/
public $actsAs = array(
'Acl' => array( // TODO ACL, + 'enabled' => false
'type' => 'requester',
'enabled' => false
),
'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable
'userModel' => 'User',
'userKey' => 'user_id',
'change' => 'full'
),
'Trim',
//'RemoveNewline' => array('fields' => array('gpgkey')),
);
/**
* TODO ACL: 2: hook User into CakePHP ACL system (so link to aros)
*/
public function parentNode() {
if (!$this->id && empty($this->data)) {
return null;
}
if (isset($this->data['User']['role_id'])) {
$roleId = $this->data['User']['role_id'];
} else {
$roleId = $this->field('role_id');
}
if (!$roleId) {
return null;
} else {
return array('Role' => array('id' => $roleId));
}
}
/**
* TODO ACL: 3: rights on Roles: http://stackoverflow.com/questions/6154285/aros-table-in-cakephp-is-still-including-users-even-after-bindnode
*/
public function bindNode($user) {
// return array('model' => 'Group', 'foreign_key' => $user['User']['role_id']);
return array('Role' => array('id' => $user['User']['role_id']));
}
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
// only accept add and edit in own org
//if ($this->data[$this->alias]['org'] != "TEST") {
// return false;
//}
//return true;
}
/**
* Checks if the GPG key is a valid key
* But also import it in the keychain.
*/
public function validateGpgkey($check) {
// LATER first remove the old gpgkey from the keychain
// empty value
if (empty($check['gpgkey'])) {
return true;
}
// we have a clean, hopefull public, key here
// key is entered
require_once 'Crypt/GPG.php';
try {
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
try {
$keyImportOutput = $gpg->importKey($check['gpgkey']);
if (!empty($keyImportOutput['fingerprint'])) {
return true;
}
} catch (Exception $e) {
//debug($e);
return false;
}
} catch (Exception $e) {
//debug($e);
return true; // TODO was false
}
}
public function complexPassword($check) {
/*
6 characters minimum
1 or more upper-case letters
1 or more lower-case letters
1 or more digits or special characters
example: "EasyPeasy34"
*/
$value = array_values($check);
$value = $value[0];
return preg_match('/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $value);
}
public function identicalFieldValues($field=array(), $compareField=null) {
foreach ($field as $key => $value) {
$v1 = $value;
$v2 = $this->data[$this->name][$compareField];
if ($v1 !== $v2) {
return false;
} else {
continue;
}
}
return true;
}
/**
* Generates an authentication key for each user
*/
public function generateAuthKey() {
//$key = sha1(mt_rand(30, 30).time());
$length = 40;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charLen = strlen($characters) - 1;
$key = '';
for ($p = 0; $p < $length; $p++) {
$key .= $characters[rand(0, $charLen)];
}
return $key;
}
public function checkAndCorrectPgps() {
$fails = array();
$users = $this->find('all', array('recursive' => 0));
foreach ($users as $user) {
if (strlen($user['User']['gpgkey']) && strpos($user['User']['gpgkey'], "\n")) {
$fails[] = $user['User']['id'] . ':' . $user['User']['id'];
//$check['gpgkey'] = trim(preg_replace('/\n', '', $check['gpgkey']));
}
}
return $fails;
}
}

4
app/View/Attributes/add.ctp
View File

@ -89,7 +89,7 @@ var formInfoValues = new Array();
<?php
foreach ($typeDefinitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($categoryDefinitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
@ -97,7 +97,7 @@ foreach ($categoryDefinitions as $category => $def) {
}
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>

2
app/View/Attributes/add_attachment.ctp
View File

@ -47,7 +47,7 @@ foreach ($categoryDefinitions as $category => $def) {
}
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>

257
app/View/Attributes/edit.ctp
View File

@ -1,127 +1,130 @@
<?php
$mayModify = (($isAclModify && $attribute['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $attribute['Event']['org'] == $me['org']));
?>
<div class="attributes form">
<?php echo $this->Form->create('Attribute');?>
<fieldset>
<legend><?php echo __('Edit Attribute'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
if ($attachment) {
echo $this->Form->hidden('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
echo "<BR>Type: " . $this->Form->value('Attribute.type');
} else {
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
}
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv'))
));
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
));
}
}
echo $this->Form->input('to_ids', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['signature']['formdesc'] : $attrDescriptions['signature']['desc']),
'label' => 'IDS Signature?'
));
if ($attachment) {
echo $this->Form->hidden('value');
echo "<BR>Value: " . $this->Form->value('Attribute.value');
} else {
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
));
}
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
$this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#AttributeDistribution")');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
//
//Generate Category / Type filtering array
//
var category_type_mapping = new Array();
<?php
foreach ($categoryDefinitions as $category => $def) {
echo "category_type_mapping['" . addslashes($category) . "'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false;
else echo ', ';
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
}
echo "}; \n";
}
?>
function formCategoryChanged(id) {
showFormInfo(id); // display the tooltip
// fill in the types
var options = $('#AttributeType').prop('options');
$('option', $('#AttributeType')).remove();
$.each(category_type_mapping[$('#AttributeCategory').val()], function(val, text) {
options[options.length] = new Option(text, val);
});
// enable the form element
$('#AttributeType').prop('disabled', false);
}
//
//Generate tooltip information
//
var formInfoValues = new Array();
<?php
foreach ($typeDefinitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($categoryDefinitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($category) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>
function showFormInfo(id) {
idDiv = id+'Div';
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');
}
//hide the formInfo things
$('#AttributeTypeDiv').hide();
$('#AttributeCategoryDiv').hide();
$('#AttributeDistributionDiv').hide();
// fix the select box based on what was selected
var type_value = $('#AttributeType').val();
formCategoryChanged("#AttributeCategory");
$('#AttributeType').val(type_value);
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts
<?php
$mayModify = (($isAclModify && $attribute['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $attribute['Event']['org'] == $me['org']));
?>
<div class="attributes form">
<?php echo $this->Form->create('Attribute');?>
<fieldset>
<legend><?php echo __('Edit Attribute'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
if ($attachment) {
echo $this->Form->hidden('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
echo "<BR>Type: " . $this->Form->value('Attribute.type');
} else {
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
}
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
if ('true' == $canEditDist) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv'))
));
}
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
));
}
}
echo $this->Form->input('to_ids', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['signature']['formdesc'] : $attrDescriptions['signature']['desc']),
'label' => 'IDS Signature?'
));
if ($attachment) {
echo $this->Form->hidden('value');
echo "<BR>Value: " . $this->Form->value('Attribute.value');
} else {
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
));
}
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
if ($canEditDist) {
$this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#AttributeDistribution")');
}
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
//
//Generate Category / Type filtering array
//
var category_type_mapping = new Array();
<?php
foreach ($categoryDefinitions as $category => $def) {
echo "category_type_mapping['" . addslashes($category) . "'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false;
else echo ', ';
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
}
echo "}; \n";
}
?>
function formCategoryChanged(id) {
showFormInfo(id); // display the tooltip
// fill in the types
var options = $('#AttributeType').prop('options');
$('option', $('#AttributeType')).remove();
$.each(category_type_mapping[$('#AttributeCategory').val()], function(val, text) {
options[options.length] = new Option(text, val);
});
// enable the form element
$('#AttributeType').prop('disabled', false);
}
//
//Generate tooltip information
//
var formInfoValues = new Array();
<?php
foreach ($typeDefinitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($categoryDefinitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($category) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>
function showFormInfo(id) {
idDiv = id+'Div';
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');
}
//hide the formInfo things
$('#AttributeTypeDiv').hide();
$('#AttributeCategoryDiv').hide();
$('#AttributeDistributionDiv').hide();
// fix the select box based on what was selected
var type_value = $('#AttributeType').val();
formCategoryChanged("#AttributeCategory");
$('#AttributeType').val(type_value);
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

398
app/View/Attributes/event.ctp
View File

@ -1,200 +1,200 @@
<div class="event view"><!-- bluntly copied from View/Events/view.ctp -->
<div class="actions" style="float:right;"><?php
if ( 0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org'])):
// only show button if alert has not been sent // LATER show the ALERT button in red-ish
?>
<ul><li><?php
echo $this->Form->postLink('Publish Event', array('controller' => 'events', 'action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('controller' => 'events', 'action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
?> </li></ul><?php
elseif (0 == $event['Event']['published']): ?>
<ul><li>Not published</li></ul><?php
else: ?>
<!-- ul><li>Alert already sent</li></ul --><?php
endif; ?>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('controller' => 'events', 'action' => 'contact', $event['Event']['id'])); ?> </li></ul>
</div>
<h2>Event</h2>
<dl>
<dt>ID</dt>
<dd>
<?php echo h($event['Event']['id']); ?>
&nbsp;
</dd><?php
if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<dt>Org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
</dd>
<dt>Email</dt>
<dd>
<?php echo h($event['User']['email']); ?>
&nbsp;
</dd><?php
endif; ?>
<dt>Date</dt>
<dd>
<?php echo h($event['Event']['date']); ?>
&nbsp;
</dd>
<dt<?php echo ' title="' . $eventDescriptions['risk']['desc'] . '"';?>>Risk</dt>
<dd>
<?php echo $event['Event']['risk']; ?>
&nbsp;
</dd><?php
if ('true' == Configure::read('CyDefSIG.sync')): ?>
<dt>Distribution</dt>
<dd>
<?php echo ($event['Event']['private'])? 'Yes, never upload Event or any Attributes.' : 'No, upload Event and all Attributes except those marked as Private.'; ?>
&nbsp;
</dd><?php
endif; ?>
<!-- dt>UUID</dt>
<dd>
<?php echo $event['Event']['uuid']; ?>
&nbsp;
</dd -->
<dt>Info</dt>
<dd>
<?php echo nl2br(h($event['Event']['info'])); ?>
&nbsp;
</dd>
</dl><?php
if (!empty($relatedEvents)):?>
<div class="related">
<h3>Related Events</h3>
<ul><?php
foreach ($relatedEvents as $relatedEvent): ?>
<li><?php
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
$linkText = $relatedEvent['date'] . ' (' . $relatedEvent['id'] . ')';
echo $this->Html->link($linkText, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['id']));
} else {
$linkText = $relatedEvent['Event']['date'] . ' (' . $relatedEvent['Event']['id'] . ')';
echo $this->Html->link($linkText, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['Event']['id']));
}?></li><?php
endforeach; ?>
</ul>
</div><?php
endif; ?>
<div class="related">
<h3>Attributes</h3><?php
if (!empty($event['Attribute'])):?>
<table cellpadding = "0" cellspacing = "0">
<tr>
<th>Category</th>
<th>Type</th>
<th>Value</th>
<th>Related Events</th>
<th <?php echo "title='" . $attrDescriptions['signature']['desc'] . "'";?>>IDS Signature</th><?php
if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th <?php echo "title='" . $attrDescriptions['private']['desc'] . "'";?>>Private</th><?php
endif;?><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<th class="actions">Actions</th><?php
endif;?>
</tr><?php
foreach ($categories as $category):
$first = 1;
foreach ($attributes as $attribute):
if ($attribute['Attribute']['category'] != $category) continue;?>
<tr>
<td class="short" title="<?php if ('' != $attribute['Attribute']['category']) echo $categoryDefinitions[$attribute['Attribute']['category']]['desc'];?>"><?php
if ($first) {
if ('' == $attribute['Attribute']['category']) echo '(no category)';
echo $attribute['Attribute']['category'];
} else {
echo '&nbsp;';
}?></td>
<td class="short" title="<?php echo $typeDefinitions[$attribute['Attribute']['type']]['desc'];?>">
<?php echo $attribute['Attribute']['type'];?></td>
<td><?php
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
if ('attachment' == $attribute['Attribute']['type'] ||
'malware-sample' == $attribute['Attribute']['type'] ) {
$filenameHash = explode('|', h($attribute['Attribute']['value']));
echo $this->Html->link($filenameHash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
} elseif (strpos($attribute['Attribute']['type'], '|') !== false) {
$filenameHash = explode('|', h($attribute['Attribute']['value']));
echo $filenameHash[0];
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
} elseif ('vulnerability' == $attribute['Attribute']['type']) {
echo $this->Html->link($sigDisplay, 'http://www.google.com/search?q=' . $sigDisplay, array('target' => '_blank'));
} elseif ('link' == $attribute['Attribute']['type']) {
echo $this->Html->link($sigDisplay, $sigDisplay);
} else {
echo $sigDisplay;
}?></td>
<td class="short" style="text-align: center;"><?php
$first = 0;
if (isset($relatedAttributes[$attribute['Attribute']['id']]) && (null != $relatedAttributes[$attribute['Attribute']['id']])) {
foreach ($relatedAttributes[$attribute['Attribute']['id']] as $relatedAttribute) {
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
echo $this->Html->link($relatedAttribute['Correlation']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Correlation']['event_id']));
} else {
echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id']));
}
echo ' ';
}
}?>&nbsp;
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No';?></td><?php
if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['private'] ? 'Private' : '&nbsp;';?></td><?php
endif;?><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td><?php
endif;?>
</tr><?php
endforeach; ?><?php
endforeach; ?>
</table>
<p>
<?php
echo $this->Paginator->counter(array(
'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
));
?> </p>
<div class="paging"><?php
echo $this->Paginator->prev('< ' . __('previous'), array(), null, array('class' => 'prev disabled'));
echo $this->Paginator->numbers(array('separator' => ''));
echo $this->Paginator->next(__('next') . ' >', array(), null, array('class' => 'next disabled'));
?>
</div><?php
endif; ?><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div><?php
endif; ?>
</div>
</div>
<div class="actions">
<ul><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Edit Event', true), array('controller' => 'events', 'action' => 'edit', $event['Event']['id'])); ?> </li>
<li><?php echo $this->Form->postLink(__('Delete Event'), array('controller' => 'events', 'action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
<li>&nbsp;</li><?php
endif; ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
<div class="event view"><!-- bluntly copied from View/Events/view.ctp -->
<div class="actions" style="float:right;"><?php
if ( 0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org'])):
// only show button if alert has not been sent // LATER show the ALERT button in red-ish
?>
<ul><li><?php
echo $this->Form->postLink('Publish Event', array('controller' => 'events', 'action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('controller' => 'events', 'action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
?> </li></ul><?php
elseif (0 == $event['Event']['published']): ?>
<ul><li>Not published</li></ul><?php
else: ?>
<!-- ul><li>Alert already sent</li></ul --><?php
endif; ?>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('controller' => 'events', 'action' => 'contact', $event['Event']['id'])); ?> </li></ul>
</div>
<h2>Event</h2>
<dl>
<dt>ID</dt>
<dd>
<?php echo h($event['Event']['id']); ?>
&nbsp;
</dd><?php
if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<dt>Org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
</dd>
<dt>Email</dt>
<dd>
<?php echo h($event['User']['email']); ?>
&nbsp;
</dd><?php
endif; ?>
<dt>Date</dt>
<dd>
<?php echo h($event['Event']['date']); ?>
&nbsp;
</dd>
<dt<?php echo ' title="' . $eventDescriptions['risk']['desc'] . '"';?>>Risk</dt>
<dd>
<?php echo $event['Event']['risk']; ?>
&nbsp;
</dd><?php
if ('true' == Configure::read('CyDefSIG.sync')): ?>
<dt>Distribution</dt>
<dd>
<?php echo ($event['Event']['private'])? 'Yes, never upload Event or any Attributes.' : 'No, upload Event and all Attributes except those marked as Private.'; ?>
&nbsp;
</dd><?php
endif; ?>
<!-- dt>UUID</dt>
<dd>
<?php echo $event['Event']['uuid']; ?>
&nbsp;
</dd -->
<dt>Info</dt>
<dd>
<?php echo nl2br(h($event['Event']['info'])); ?>
&nbsp;
</dd>
</dl><?php
if (!empty($relatedEvents)):?>
<div class="related">
<h3>Related Events</h3>
<ul><?php
foreach ($relatedEvents as $relatedEvent): ?>
<li><?php
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
$linkText = $relatedEvent['date'] . ' (' . $relatedEvent['id'] . ')';
echo $this->Html->link($linkText, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['id']));
} else {
$linkText = $relatedEvent['Event']['date'] . ' (' . $relatedEvent['Event']['id'] . ')';
echo $this->Html->link($linkText, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['Event']['id']));
}?></li><?php
endforeach; ?>
</ul>
</div><?php
endif; ?>
<div class="related">
<h3>Attributes</h3><?php
if (!empty($event['Attribute'])):?>
<table cellpadding = "0" cellspacing = "0">
<tr>
<th>Category</th>
<th>Type</th>
<th>Value</th>
<th>Related Events</th>
<th <?php echo "title='" . $attrDescriptions['signature']['desc'] . "'";?>>IDS Signature</th><?php
if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th <?php echo "title='" . $attrDescriptions['private']['desc'] . "'";?>>Private</th><?php
endif;?><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<th class="actions">Actions</th><?php
endif;?>
</tr><?php
foreach ($categories as $category):
$first = 1;
foreach ($attributes as $attribute):
if ($attribute['Attribute']['category'] != $category) continue;?>
<tr>
<td class="short" title="<?php if ('' != $attribute['Attribute']['category']) echo $categoryDefinitions[$attribute['Attribute']['category']]['desc'];?>"><?php
if ($first) {
if ('' == $attribute['Attribute']['category']) echo '(no category)';
echo $attribute['Attribute']['category'];
} else {
echo '&nbsp;';
}?></td>
<td class="short" title="<?php echo $typeDefinitions[$attribute['Attribute']['type']]['desc'];?>">
<?php echo $attribute['Attribute']['type'];?></td>
<td><?php
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
if ('attachment' == $attribute['Attribute']['type'] ||
'malware-sample' == $attribute['Attribute']['type'] ) {
$filenameHash = explode('|', h($attribute['Attribute']['value']));
echo $this->Html->link($filenameHash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
} elseif (strpos($attribute['Attribute']['type'], '|') !== false) {
$filenameHash = explode('|', h($attribute['Attribute']['value']));
echo $filenameHash[0];
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
} elseif ('vulnerability' == $attribute['Attribute']['type']) {
echo $this->Html->link($sigDisplay, 'http://www.google.com/search?q=' . $sigDisplay, array('target' => '_blank'));
} elseif ('link' == $attribute['Attribute']['type']) {
echo $this->Html->link($sigDisplay, $sigDisplay);
} else {
echo $sigDisplay;
}?></td>
<td class="short" style="text-align: center;"><?php
$first = 0;
if (isset($relatedAttributes[$attribute['Attribute']['id']]) && (null != $relatedAttributes[$attribute['Attribute']['id']])) {
foreach ($relatedAttributes[$attribute['Attribute']['id']] as $relatedAttribute) {
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
echo $this->Html->link($relatedAttribute['Correlation']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Correlation']['event_id']));
} else {
echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id']));
}
echo ' ';
}
}?>&nbsp;
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No';?></td><?php
if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['private'] ? 'Private' : '&nbsp;';?></td><?php
endif;?><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute? Keep in mind that this will also delete this attribute on remote MISP instances.'));
?>
</td><?php
endif;?>
</tr><?php
endforeach; ?><?php
endforeach; ?>
</table>
<p>
<?php
echo $this->Paginator->counter(array(
'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
));
?> </p>
<div class="paging"><?php
echo $this->Paginator->prev('< ' . __('previous'), array(), null, array('class' => 'prev disabled'));
echo $this->Paginator->numbers(array('separator' => ''));
echo $this->Paginator->next(__('next') . ' >', array(), null, array('class' => 'next disabled'));
?>
</div><?php
endif; ?><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div><?php
endif; ?>
</div>
</div>
<div class="actions">
<ul><?php
if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Edit Event', true), array('controller' => 'events', 'action' => 'edit', $event['Event']['id'])); ?> </li>
<li><?php echo $this->Form->postLink(__('Delete Event'), array('controller' => 'events', 'action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
<li>&nbsp;</li><?php
endif; ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

3
app/View/Attributes/index.ctp
View File

@ -20,6 +20,7 @@ function getTitle(incInt, id){
if ($isSearch == 1) {
echo "<h4>Results for all attributes";
if ($keywordSearch != null) echo " with the value containing \"<b>" . h($keywordSearch) . "</b>\"";
if ($keywordSearch2 != null) echo " excluding the events \"<b>" . h($keywordSearch2) . "</b>\"";
if ($categorySearch != "ALL") echo " of category \"<b>" . h($categorySearch) . "</b>\"";
if ($typeSearch != "ALL") echo " of type \"<b>" . h($typeSearch) . "</b>\"";
echo ":</h4>";
@ -53,7 +54,7 @@ foreach ($attributes as $attribute): ?>
<?php echo h($attribute['Attribute']['type']); ?>&nbsp;</td>
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
$sigDisplay = nl2br(($attribute['Attribute']['value']));
if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attribute['Attribute']['type']) {
echo $this->Html->link($sigDisplay, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
} elseif ('link' == $attribute['Attribute']['type']) {

3
app/View/Attributes/search.ctp
View File

@ -3,7 +3,8 @@
<fieldset>
<legend><?php echo __('Search Attribute'); ?></legend>
<?php
echo $this->Form->input('keyword', array('type' => 'textarea'));
echo $this->Form->input('keyword', array('type' => 'textarea', 'label' => 'Containing the following expressions'));
echo $this->Form->input('keyword2', array('type' => 'textarea', 'label' => 'Excluding the following events'));
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
?>

19
app/View/Elements/actions_menu.ctp
View File

@ -1,3 +1,4 @@
<h3><?php echo __('Event Actions'); ?></h3>
<li><?php
if ($isAclAdd) echo $this->Html->link(__('New Event', true), array('controller' => 'events', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('List Events', true), array('controller' => 'events', 'action' => 'index')); ?></li>
@ -5,7 +6,6 @@ if ($isAclAdd) echo $this->Html->link(__('New Event', true), array('controller'
<li><?php echo $this->Html->link(__('Search Attributes', true), array('controller' => 'attributes', 'action' => 'search')); ?> </li>
<li><?php
if ($isAclAuth) echo $this->Html->link(__('Export', true), array('controller' => 'events', 'action' => 'export')); ?></li>
<li>&nbsp;</li>
<h3><?php echo __('Global Actions'); ?></h3>
<li><?php echo $this->Html->link(__('News', true), array('controller' => 'users', 'action' => 'news')); ?> </li>
@ -23,16 +23,16 @@ if (('true' == Configure::read('CyDefSIG.sync')) && ($isAclSync || $isAdmin)): ?
<?php
endif;?>
<?php
//Site admin
if($isAdmin && $isAclAdmin && $me['org'] == 'ADMIN'): ?>
if($isSiteAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index', 'admin' => true)); ?> </li>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<li><?php echo $this->Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('New Role', true), array('controller' => 'roles', 'action' => 'add', 'admin' => true)); ?> </li>
@ -43,13 +43,14 @@ endif;?>
<?php
//org admin
if($isAdmin && $isAclAdmin && $me['org'] != 'ADMIN'): ?>
if($isAdmin && !$isSiteAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index')); ?> </li>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<li><?php echo $this->Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Roles', true), array('controller' => 'roles', 'action' => 'index')); ?> </li>
@ -59,9 +60,9 @@ endif;?>
<?php
//normal user
if(!$isAdmin && !$isAclAdmin): ?>
if(!$isSiteAdmin && !$isAclAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Lists'); ?></h3>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index')); ?> </li>
@ -69,7 +70,7 @@ if(!$isAdmin && !$isAclAdmin): ?>
endif;?>
<?php
if($isAdmin || $isAclAudit): ?>
if($isAclAudit): ?>
<h3><?php echo __('Audit'); ?></h3>
<li><?php echo $this->Html->link(__('List Logs', true), array('controller' => 'logs', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Search Logs', true), array('controller' => 'logs', 'action' => 'admin_search', 'admin' => true)); ?> </li>

6
app/View/Events/add.ctp
View File

@ -50,15 +50,15 @@ var formInfoValues = new Array();
<?php
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($analysisDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>

25
app/View/Events/edit.ctp
View File

@ -12,9 +12,11 @@ echo $this->Form->input('analysis', array(
'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv'))));
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
));
if ('true' == $canEditDist) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
));
}
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
@ -23,7 +25,9 @@ if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('info');
// link an onchange event to the form elements
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
if ('true' == $canEditDist) {
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
}
$this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")');
$this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")');
?>
@ -42,10 +46,13 @@ $this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis"
//
var formInfoValues = new Array();
<?php
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
if ('true' == $canEditDist) {
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
@ -68,7 +75,9 @@ function showFormInfo(id) {
}
// hide the formInfo things
$('#EventDistributionDiv').hide();
if ('true' == $canEditDist) {
$('#EventDistributionDiv').hide();
}
$('#EventRiskDiv').hide();
$('#EventAnalysisDiv').hide();
</script>

14
app/View/Events/index.ctp
View File

@ -7,6 +7,11 @@
if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<th><?php echo $this->Paginator->sort('org');?></th>
<?php
endif; ?>
<?php
if ($isAdmin): ?>
<th><?php echo $this->Paginator->sort('owner org');?></th>
<?php
endif; ?>
<th><?php echo $this->Paginator->sort('id');?></th>
<th><?php echo $this->Paginator->sort('attribute_count', '#Attr.');?></th>
@ -45,6 +50,15 @@ foreach ($events as $event):?>
}?>
&nbsp;</td><?php
if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';"><?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['orgc']) . '.png';
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . $imgRelativePath;
if (file_exists($imgAbsolutePath)) echo $this->Html->image('orgs/' . h($event['Event']['orgc']) . '.png', array('alt' => h($event['Event']['orgc']),'width' => '48','hight' => '48'));
else echo $this->Html->tag('span', h($event['Event']['orgc']), array('class' => 'welcome', 'style' => 'float:right;'));?><?php
?>
&nbsp;</td><?php
endif;
if ('true' == $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';"><?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['org']) . '.png';
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . $imgRelativePath;

14
app/View/Events/view.ctp
View File

@ -49,7 +49,7 @@ endif; ?>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('action' => 'contact', $event['Event']['id'])); ?> </li></ul>
</div>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?><?php echo $this->element('img', array('id' => $event['Event']['org']));?><?php
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?><?php echo $this->element('img', array('id' => $event['Event']['orgc']));?><?php
endif; ?>
<h2>Event</h2>
<dl>
@ -59,7 +59,15 @@ endif; ?>
&nbsp;
</dd>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<dt>Org</dt>
<dt>Creating Org</dt>
<dd>
<?php echo h($event['Event']['orgc']); ?>
&nbsp;
</dd>
<?php
endif; ?>
<?php if ($isAdmin): ?>
<dt>Owner org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
@ -244,7 +252,7 @@ if (!empty($event['Attribute'])):?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute? Keep in mind that this will also delete this attribute on remote MISP instances.'));
?>
</td>
<?php

8
app/View/Pages/using_the_system.ctp
View File

@ -24,10 +24,10 @@ The process of entering an event can be split into 3 phases, the creation of the
<li><em>Date:</em> The date when the incident has happened.<br /><br /></li>
<li><em>Distribution:</em> This setting controls, who will be able to see this event once it becomes published. Apart from being able to set which users on this server are allowed to see the event, this also controls whether the event will be synchronised to other servers or not. The following options are available:<br /><br /></li>
<li style="list-style: none;"><ul>
<li><i>Your organization only:</i> This setting will only allow members of your organisation on this server to see it.<br /><br /></li>
<li><i>This server-only:</i> This setting will only allow members of any organisation on this server to see it.<br /><br /></li>
<li><i>This Community-only:</i> Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on your MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of your community.<br /><br /></li>
<li><i>Connected communities:</i> Users that are part of your MISP community will be able to see the event. This includes all organisations on your own MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it.<br /><br /></li>
<li><i>Your organization only:</i> This setting will only allow members of your organisation on this server to see it. Events with this setting will not be synchronised.<br /><br /></li>
<li><i>This server-only:</i> This setting will allow members of any organisation on this server to see it. Events with this setting will not be synchronised. For more information on community-related distribution levels, click here.<br /><br /></li>
<li><i>This Community-only:</i> Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. For more information on community-related distribution levels, click here.<br /><br /></li>
<li><i>Connected communities:</i> Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. For more information on community-related distribution levels, click here.<br /><br /></li>
<li><i>All communities:</i> This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next.<br /><br /></li>
</ul></li>
<li><em>Risk:</em> This field indicates the risk level of the event. Incidents can be categorised into three different threat categories (low, medium, high). This field can alternatively be left as undefined. The 3 options are:<br /><br /></li>

2
app/View/Users/admin_add.ctp
View File

@ -11,7 +11,7 @@ if ($currentOrg == 'ADMIN') {
}
echo $this->Form->input('role_id', array('label' => 'Role'));
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey', array('value' => $authkey, 'disabled' => 'disabled'));
echo $this->Form->input('authkey', array('value' => $authkey, 'readonly' => 'readonly'));
echo $this->Form->input('nids_sid');
echo $this->Form->input('gpgkey');
?>