MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of /home/git/cydefsig into develop

pull/63/head
deresz 2013-03-01 09:42:28 +01:00
parent a1d51d4dfa 8e6852e037
commit 29191bdde1
32 changed files with 1827 additions and 1381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
INSTALL/MYSQL.sql
View File

@ -32,6 +32,7 @@ CREATE TABLE `attributes` (
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`communitie` tinyint(1) NOT NULL,
`dist_change` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `event_id` (`event_id`),
KEY `value1_key` (`value1`(5)),
@ -105,6 +106,7 @@ CREATE TABLE `events` (
`communitie` tinyint(1) NOT NULL,
`attribute_count` int(11) UNSIGNED DEFAULT NULL,
`hop_count` int(11) UNSIGNED DEFAULT 0,
`dist_change` int(11) NOT NULL DEFAULT '0'
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
@ -119,13 +121,15 @@ CREATE TABLE `roles` (
`name` varchar(100) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`perm_add` tinyint(1) NOT NULL,
`perm_modify` tinyint(1) NOT NULL,
`perm_modify_org` tinyint(1) NOT NULL,
`perm_publish` tinyint(1) NOT NULL,
`perm_sync` tinyint(1) NOT NULL,
`perm_full` tinyint(1) NOT NULL,
`perm_auth` tinyint(1) NOT NULL,
`perm_add` tinyint(1) NOT NULL DEFAULT 0,
`perm_modify` tinyint(1) NOT NULL DEFAULT 0,
`perm_modify_org` tinyint(1) NOT NULL DEFAULT 0,
`perm_publish` tinyint(1) NOT NULL DEFAULT 0,
`perm_sync` tinyint(1) NOT NULL DEFAULT 0,
`perm_full` tinyint(1) NOT NULL DEFAULT 0,
`perm_audit` tinyint(1) NOT NULL DEFAULT 0,
`perm_admin` tinyint(1) NOT NULL DEFAULT 0,
`perm_auth` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;

42
app/Controller/AppController.php
View File

@ -126,6 +126,7 @@ class AppController extends Controller {
// These variables are required for every view
$this->set('me', Sanitize::clean($this->Auth->user()));
$this->set('isAdmin', $this->_isAdmin());
$this->set('isSiteAdmin', $this->_isSiteAdmin());
// TODO ACL: 5: from Controller to Views
$this->set('isAclAdd', $this->checkAcl('add'));
@ -170,6 +171,9 @@ class AppController extends Controller {
return false;
}
/**
* checks if the currently logged user is a site administrator
*/
protected function _isSiteAdmin() {
$org = $this->Auth->user('org');
if (isset($org) && $org === 'ADMIN') {
@ -178,6 +182,10 @@ class AppController extends Controller {
return false;
}
protected function _checkOrg() {
return $this->Auth->user('org');
}
/**
* Refreshes the Auth session with new/updated data
* @return void
@ -371,10 +379,14 @@ class AppController extends Controller {
throw new NotFoundException();
}
$this->generatePrivate();
// Deprecated - generate Private sets the values for the 3 distribution fields on migration - however the new SQL scheme sets cluster + communitie
// to false, which means that private will become org only and non-private will become all communities - which is desired behaviour.
// $this->generatePrivate();
$this->generateCorrelation(); // TODO
$this->generateCount();
$this->generateHop($yourOrg);
// Deprecated - hop unused currently, also, it would generate hop count 1 for all local events created by other hosted orgs.
// $this->generateHop($yourOrg);
$this->generateArosAcos();
}
public function generateArosAcos() {
@ -389,7 +401,7 @@ class AppController extends Controller {
public function generateACL($inc) {
if (!self::_isAdmin()) throw new NotFoundException();
if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
if ($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
switch ($inc['Role']['permission']) {
case '0':
$permAdd = false;
@ -418,6 +430,7 @@ class AppController extends Controller {
default:
break;
}
//$this->Acl->allow($inc, 'controllers/Events/add');
if ($permAdd) {
$this->Acl->allow($inc, 'controllers/Events/add');
$this->Acl->allow($inc, 'controllers/Attributes/add');
@ -453,12 +466,11 @@ class AppController extends Controller {
$this->Acl->deny($inc, 'controllers/Logs');
}
if (isset($inc['Role']['perm_admin'])) {
if ($inc['Role']['perm_admin']) {
if (isset($inc['Role']['perm_admin']) && $inc['Role']['perm_admin']) {
//$this->Acl->allow($inc, 'controllers/Logs');
}
} else {
$this->Acl->deny($inc, 'controllers/Roles');
//$this->Acl->deny($inc, 'controllers');
}
if (isset($inc['Role']['perm_auth'])) {
if ($inc['Role']['perm_auth']) {
@ -583,6 +595,10 @@ class AppController extends Controller {
$attribute['Attribute']['private'] = true;
$attribute['Attribute']['cluster'] = false;
$attribute['Attribute']['communitie'] = false;
} else {
$attribute['Attribute']['private'] = false;
$attribute['Attribute']['cluster'] = false;
$attribute['Attribute']['communitie'] = false;
}
$this->Attribute->save($attribute);
}
@ -595,10 +611,18 @@ class AppController extends Controller {
$events = $this->Event->find('all', array('recursive' => 0));
foreach ($events as $event) {
if ($event['Event']['private']) {
$attribute['Event']['private'] = true;
$attribute['Event']['cluster'] = false;
$attribute['Event']['communitie'] = false;
$event['Event']['private'] = true;
$event['Event']['cluster'] = false;
$event['Event']['communitie'] = false;
} else {
$event['Event']['private'] = false;
$event['Event']['cluster'] = false;
$event['Event']['communitie'] = false;
}
$event['Event']['orgc'] = $event['Event']['org'];
$event['Event']['dist_change'] = 0;
$event['Event']['analysis'] = 2;
$event['Event']['hop_count'] = 0;
$this->Event->save($event);
}
}

137
app/Controller/AttributesController.php
View File

@ -303,12 +303,8 @@ class AttributesController extends AppController {
}
$this->Attribute->read();
if (PHP_OS == 'WINNT') {
$path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS;
$file = $this->Attribute->data['Attribute']['id'];
} else {
$file = new File(APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS . $this->Attribute->data['Attribute']['id']);
}
$filename = '';
if ('attachment' == $this->Attribute->data['Attribute']['type']) {
$filename = Sanitize::clean($this->Attribute->data['Attribute']['value']);
@ -324,7 +320,6 @@ class AttributesController extends AppController {
}
$this->viewClass = 'Media';
if (PHP_OS == 'WINNT') {
$params = array(
'id' => $file,
'name' => $filename,
@ -332,15 +327,6 @@ class AttributesController extends AppController {
'download' => true,
'path' => $path
);
} else {
$params = array(
'id' => $file->path,
'name' => $filename,
'extension' => $fileExt,
'download' => true,
'path' => DS
);
}
$this->set($params);
}
@ -371,17 +357,18 @@ class AttributesController extends AppController {
// remove the published flag from the event
$this->Event->id = $this->request->data['Attribute']['event_id'];
$this->Event->saveField('published', 0);
// save the file-info in the database
$this->Attribute->create();
if ($this->request->data['Attribute']['malware']) {
$this->request->data['Attribute']['type'] = "malware-sample";
$filename = Sanitize::clean($filename);
preg_replace('/\//:*?"<>/', '', $filename);
$this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
$this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
} else {
$this->request->data['Attribute']['type'] = "attachment";
$filename = Sanitize::clean($filename);
preg_replace('/\/:*?"<>/', '', $filename);
$this->request->data['Attribute']['value'] = $filename;
$this->request->data['Attribute']['to_ids'] = 0;
}
@ -521,11 +508,14 @@ class AttributesController extends AppController {
if (!$this->Attribute->exists()) {
throw new NotFoundException(__('Invalid attribute'));
}
$this->Attribute->read();
//set stuff to fix undefined index: uuid
if (!$this->_isRest()) {
$uuid = $this->Attribute->data['Attribute']['uuid'];
}
// only own attributes verified by isAuthorized
if ('true' == Configure::read('CyDefSIG.private')) {
if (!$this->_IsAdmin()) {
$this->Attribute->read(null, $id);
// check for non-private and re-read
if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) {
$this->Session->setFlash(__('Invalid attribute.'));
@ -534,7 +524,6 @@ class AttributesController extends AppController {
}
}
$this->Attribute->read();
$eventId = $this->Attribute->data['Attribute']['event_id'];
if ('attachment' == $this->Attribute->data['Attribute']['type'] ||
'malware-sample' == $this->Attribute->data['Attribute']['type'] ) {
@ -545,7 +534,6 @@ class AttributesController extends AppController {
} else {
$this->set('attachment', false);
}
if ($this->request->is('post') || $this->request->is('put')) {
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Attribute->massageData($this->request->data);
@ -553,24 +541,44 @@ class AttributesController extends AppController {
// reposition to get the attribute.id with given uuid
// Notice (8): Undefined index: uuid [APP/Controller/AttributesController.php, line 502]
// Fixed - uuid was not passed back from the form since it's not a field. Set the uuid in a variable for non rest users, rest should have uuid.
// Generally all of this should be _isRest() only, but that's something for later to think about
if ($this->_isRest()) {
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
} else {
$existingAttribute = $this->Attribute->findByUuid($uuid);
}
if (count($existingAttribute)) {
$this->request->data['Attribute']['id'] = $existingAttribute['Attribute']['id'];
}
// say what fields are to be updated
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster', 'value');
if ("i" == Configure::read('CyDefSIG.rest')) {
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
}
if ($this->Attribute->save($this->request->data)) {
$this->Session->setFlash(__('The attribute has been saved'));
// remove the published flag from the event
$this->loadModel('Event');
$this->Event->id = $eventId;
// enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event
$this->Event->read();
if(!$this->_isRest()) {
$canEditDist = false;
if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) {
$this->set('canEditDist', true);
$canEditDist = true;
} else {
$this->set('canEditDist', false);
}
if (isset($this->request->data['Attribute']['distribution']) && $this->request->data['Attribute']['distribution'] != $existingAttribute['Attribute']['distribution']) {
$this->request->data['Attribute']['dist_change'] = 1 + $existingAttribute['Attribute']['dist_change'];
}
}
if ($this->Attribute->save($this->request->data)) {
$this->Session->setFlash(__('The attribute has been saved'));
// remove the published flag from the event
$this->Event->saveField('published', 0);
if ($this->_isRest()) {
@ -590,9 +598,21 @@ class AttributesController extends AppController {
} else {
$this->request->data = $this->Attribute->read(null, $id);
}
// needed for RBAC
$this->set('attribute', Sanitize::clean($this->request->data));
// enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event
$this->loadModel('Event');
$this->Event->id = $eventId;
$this->Event->read();
$canEditDist = false;
if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) {
$this->set('canEditDist', true);
$canEditDist = true;
} else {
$this->set('canEditDist', false);
}
// needed for RBAC
// combobox for types
$types = array_keys($this->Attribute->typeDefinitions);
$types = $this->_arrayToValuesIndexArray($types);
@ -602,6 +622,8 @@ class AttributesController extends AppController {
array_pop($categories); // remove that last empty/space option
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories', $categories);
if ($canEditDist) {
$this->loadModel('Event');
$events = $this->Event->findById($eventId);
$maxDist = $events['Event']['distribution'];
@ -622,6 +644,7 @@ class AttributesController extends AppController {
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Attribute->distributionDescriptions);
}
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
@ -656,12 +679,11 @@ class AttributesController extends AppController {
// attachment will be deleted with the beforeDelete() function in the Model
if ($this->Attribute->delete()) {
// delete the attribute from remote servers
//if ('true' == Configure::read('CyDefSIG.sync')) {
// // find the uuid
// $this->__deleteAttributeFromServers($uuid);
//}
if ('true' == Configure::read('CyDefSIG.sync')) {
// find the uuid
$this->__deleteAttributeFromServers($uuid);
}
$this->Session->setFlash(__('Attribute deleted'));
} else {
@ -678,9 +700,11 @@ class AttributesController extends AppController {
*/
private function __deleteAttributeFromServers($uuid) {
// TODO private and delete .. bring up ..
//if (true == $result['Attribute']['private']) { // never upload private attributes
//$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
if (true == $result['Attribute']['private']) { // never upload private attributes
// return "Attribute is private and non exportable";
//}
return;
}
// get a list of the servers
$this->loadModel('Server');
@ -710,24 +734,61 @@ class AttributesController extends AppController {
if ($this->request->is('post') && ($this->request->here == $fullAddress)) {
$keyword = $this->request->data['Attribute']['keyword'];
$keyword2 = $this->request->data['Attribute']['keyword2'];
$type = $this->request->data['Attribute']['type'];
$category = $this->request->data['Attribute']['category'];
$this->set('keywordSearch', $keyword);
$keyWordText = null;
$keyWordText2 = null;
$this->set('typeSearch', $type);
$this->set('isSearch', 1);
$this->set('categorySearch', $category);
// search the db
$conditions = array();
if ($keyword) {
$keywordArray = explode("\n", $keyword);
$i = 0;
if (isset($keyword)) {
$keywordArray = preg_split("/\r\n|\n|\r/", $keyword);
$i = 1;
$temp = array();
foreach ($keywordArray as $keywordArrayElement) {
$saveWord = trim($keywordArrayElement);
$keywordArrayElement = '%' . trim($keywordArrayElement) . '%';
if ($keywordArrayElement != '%%') array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement));
if ($i == 1 && $saveWord != '') $keyWordText = $saveWord;
else if (($i > 1 && $i < 10) && $saveWord != '') $keyWordText = $keyWordText .', '. $saveWord;
else if ($i == 10 && $saveWord != '') $keyWordText = $keyWordText . ' and several other keywords';
$i++;
}
$this->set('keywordSearch', $keyWordText);
if (!empty($temp)){
if (count($temp) == 1) {
$conditions['Attribute.value LIKE'] = '%'.$keyWordText.'%';
} else {
$conditions['OR'] = $temp;
}
}
}
if (isset($keyword2)) {
$keywordArray2 = preg_split("/\r\n|\n|\r/", $keyword2);
$i = 1;
$temp = array();
foreach ($keywordArray2 as $keywordArrayElement) {
$saveWord = trim($keywordArrayElement);
if (!is_numeric($saveWord) || $saveWord < 1) continue;
array_push($temp, array('Attribute.event_id !=' => $keywordArrayElement));
if ($i == 1 && $saveWord != '') $keyWordText2 = $saveWord;
else if (($i > 1 && $i < 10) && $saveWord != '') $keyWordText2 = $keyWordText2 .', '. $saveWord;
else if ($i == 10 && $saveWord != '') $keyWordText2 = $keyWordText2 . ' and several other events';
$i++;
}
$this->set('keywordSearch2', $keyWordText2);
if (!empty($temp)){
if (count($temp) == 1) {
$conditions['Attribute.event_id !='] = $keyWordText2;
} else {
$conditions['AND'] = $temp;
}
}
}
if ($type != 'ALL') {
$conditions['Attribute.type ='] = $type;
}
@ -757,6 +818,12 @@ class AttributesController extends AppController {
$attributes = Sanitize::clean($this->paginate(), array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true));
foreach ($attributes as &$attribute) {
$attribute['Attribute']['value'] = str_replace('\n', chr(10), $attribute['Attribute']['value']);
foreach ($keywordArray as $keywordArrayElement) {
$keywordArrayElement = trim($keywordArrayElement);
if ($attribute['Attribute']['type'] != 'malware-sample' && $attribute['Attribute']['type'] != 'link' && $attribute['Attribute']['type'] != 'attachment') {
$attribute['Attribute']['value'] = preg_replace('%'.$keywordArrayElement.'%', '<b><i>'.$keywordArrayElement.'</i></b>', $attribute['Attribute']['value']);
}
}
}
$this->set('attributes', $attributes);

2
app/Controller/Component/NidsExportComponent.php
View File

@ -159,7 +159,7 @@ class NidsExportComponent extends Component {
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Destination Email Address: ' . $attribute['value'],// msg
'Destination Email Address: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid

207
app/Controller/EventsController.php
View File

@ -26,7 +26,7 @@ class EventsController extends AppController {
public $paginate = array(
'limit' => 60,
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
'order' => array(
'Event.id' => 'DESC'
)
@ -299,14 +299,18 @@ class EventsController extends AppController {
// Sanitize::clean
$this->Event->data['Event']['info'] = $this->beforeSanitizeClean($this->Event->data['Event']['info']);
if (isset($this->Event->data['Attribute'])) {
foreach ($this->Event->data['Attribute'] as &$attribute) {
$attribute['value'] = $this->beforeSanitizeClean($attribute['value']);
}
}
$event = Sanitize::clean($this->Event->data, array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true));
$event['Event']['info'] = $this->counterSanitizeClean($event['Event']['info']);
if (isset($event['Attribute'])) {
foreach ($event['Attribute'] as &$attribute) {
$attribute['value'] = $this->counterSanitizeClean($attribute['value']);
}
}
$this->set('event', $event);
$this->set('relatedEvents', $relatedEvents);
@ -423,7 +427,11 @@ class EventsController extends AppController {
public function _add(&$data, &$auth, $fromXml, $or='', $passAlong = null, $fromPull = false) {
// force check userid and orgname to be from yourself
$data['Event']['user_id'] = $auth->user('id');
$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem
$data['Event']['org'] = $auth->user('org');
//$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem
if (!$fromXml) {
$data['Event']['orgc'] = $data['Event']['org'];
}
unset ($data['Event']['id']);
$this->Event->create();
//$this->Event->data = $data;
@ -444,7 +452,7 @@ class EventsController extends AppController {
$existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
if ($existingEventCount > 0) {
// TODO RESTfull, set responce location header..so client can find right URL to edit
if($fromPull)return false;
if ($fromPull) return false;
$existingEvent = $this->Event->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
$this->response->header('Location', Configure::read('CyDefSIG.baseurl') . '/events/' . $existingEvent['Event']['id']);
$this->response->send();
@ -454,13 +462,13 @@ class EventsController extends AppController {
if ($upstream) {
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid'),
'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
);
} else {
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'hop_count'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie')
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'hop_count', 'dist_change', 'from'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change')
);
}
@ -478,7 +486,7 @@ class EventsController extends AppController {
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
}
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published'] && $data['Event']['private'] == false) {
// do the necessary actions to publish the event (email, upload,...)
$this->__publish($this->Event->getId(), $passAlong);
}
@ -506,13 +514,28 @@ class EventsController extends AppController {
//if ('true' == Configure::read('CyDefSIG.private')) {
// if (!$this->_IsAdmin()) {
$this->Event->read(null, $id);
// // check for non-private and re-read
// if (($this->Event->data['Event']['org'] != $this->Auth->user('org')) || (($this->Event->data['Event']['org'] == $this->Auth->user('org')) && ($this->Event->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) {
// $this->Session->setFlash(__('Invalid event.'));
// $this->redirect(array('controller' => 'users', 'action' => 'terms'));
// }
// }
// // check for if private and user not authorised to edit, go away
if (!$this->isSiteAdmin() && !$this->checkAction('perm_sync') && $this->Event->data['Event']['distribution'] == 'Your organization only') {
if (($this->Event->data['Event']['org'] != $this->_checkOrg()) || !($this->checkAction('perm_modify'))) {
$this->Session->setFlash(__('You are not authorised to do that.'));
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
}
//if (!$this->Event->data['Event']['org'] == $this->_checkOrg()){
//throw new MethodNotAllowedException();
//$this->Session->setFlash(__('Invalid event.'));
//$this->redirect(array('controller' => 'users', 'action' => 'terms'));
//}
//}
// check if the user is of the creating org, if not, don't let him/her change the distribution.
$canEditDist = false;
if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) {
$canEditDist = true;
$this->set('canEditDist', true);
} else {
$this->set('canEditDist', false);
}
if ($this->request->is('post') || $this->request->is('put')) {
if ($this->_isRest()) {
// Workaround for different structure in XML/array than what CakePHP expects
@ -533,6 +556,17 @@ class EventsController extends AppController {
if (count($existingEvent)) {
$this->request->data['Event']['id'] = $existingEvent['Event']['id'];
}
if ($existingEvent['Event']['orgc'] == $this->_checkOrg()) {
$this->set('canEditDist', true);
} else {
$this->set('canEditDist', false);
}
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'dist_change', 'from'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie', 'cluster', 'dist_change')
);
if ("ii" == Configure::read('CyDefSIG.rest')) {
// reposition to get the attribute.id with given uuid
$c = 0;
@ -541,16 +575,20 @@ class EventsController extends AppController {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) {
unset($this->request->data['Attribute'][$c]['private']);
unset($this->request->data['Attribute'][$c]['cluster']);
unset($this->request->data['Attribute'][$c]['communitie']);
}
}
$c++;
}
}
}
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'analysis', 'info', 'published', 'uuid', 'private', 'communitie'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie')
);
if ($this->request->data['Event']['dist_change'] > $existingEvent['Event']['dist_change']) {
array_push($fieldList['Event'], 'private', 'communitie', 'cluster');
}
if ("i" == Configure::read('CyDefSIG.rest')) {
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
@ -568,6 +606,11 @@ class EventsController extends AppController {
$message = 'Saved';
$this->set('event', Sanitize::clean($this->Event->data));
//if published -> do the actual publishing
if ((!empty($this->request->data['Event']['published']) && 1 == $this->request->data['Event']['published'])) {
// do the necessary actions to publish the event (email, upload,...)
$this->__publish($existingEvent['Event']['id']);
}
// REST users want to see the newly created event
$this->view($this->Event->getId());
@ -581,18 +624,26 @@ class EventsController extends AppController {
return false;
}
}
// say what fields are to be updated
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie');
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie', 'dist_change');
//Moved this out of (if ($this->_isAdmin()) to use for the dist_change
$this->Event->read();
// always force the org, but do not force it for admins
if ($this->_isAdmin()) {
// set the same org as existed before
$this->Event->read();
$this->request->data['Event']['org'] = Sanitize::clean($this->Event->data['Event']['org']);
}
// we probably also want to remove the published flag
$this->request->data['Event']['published'] = 0;
// If the distribution has changed, up the dist_change count
if ($canEditDist) {
if ($this->request->data['Event']['distribution'] != $this->Event->data['Event']['distribution']) {
$this->request->data['Event']['dist_change'] = 1 + $this->Event->data['Event']['dist_change'];
}
}
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Event->massageData($this->request->data);
}
@ -612,6 +663,7 @@ class EventsController extends AppController {
$distributions = array_keys($this->Event->distributionDescriptions);
$distributions = $this->_arrayToValuesIndexArray($distributions);
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Event->distributionDescriptions);
@ -619,6 +671,7 @@ class EventsController extends AppController {
$risks = $this->Event->validate['risk']['rule'][1];
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',$risks);
// tooltip for risk
$this->set('riskDescriptions', $this->Event->riskDescriptions);
@ -626,6 +679,7 @@ class EventsController extends AppController {
$analysiss = $this->Event->validate['analysis']['rule'][1];
$analysiss = $this->_arrayToValuesIndexArray($analysiss);
$this->set('analysiss',$analysiss);
// tooltip for analysis
$this->set('analysisDescriptions', $this->Event->analysisDescriptions);
$this->set('analysisLevels', $this->Event->analysisLevels);
@ -641,6 +695,7 @@ class EventsController extends AppController {
* @throws MethodNotAllowedException
* @throws NotFoundException
*/
public function delete($id = null) {
if (!$this->request->is('post') && !$this->_isRest()) {
throw new MethodNotAllowedException();
@ -657,6 +712,12 @@ class EventsController extends AppController {
$uuid = $result['Event']['uuid'];
}
if (!$this->_isSiteAdmin()) {
if (!$this->Event->data['Event']['org'] == $this->_checkOrg()) {
throw new MethodNotAllowedException();
}
}
if ($this->Event->delete()) {
// delete the event from remote servers
@ -683,12 +744,14 @@ class EventsController extends AppController {
$this->Event->recursive = 1;
$this->Event->read();
//Save the from field of the event to know where it came from originally and then set the event's from field to the current server's host org
$from = $this->Event->data['Event']['from'];
$this->Event->data['Event']['from'] = Configure::read('CyDefSIG.org');
// get a list of the servers
$this->loadModel('Server');
$servers = $this->Server->find('all', array(
'conditions' => array('Server.push' => true)
));
// iterate over the servers and upload the event
if(empty($servers))
return;
@ -698,7 +761,8 @@ class EventsController extends AppController {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
foreach ($servers as &$server) {
if (($passAlong != $server)) {
//Skip servers where the event has come from.
if (($passAlong != $server && $server['Server']['organization'] != $from)) {
$thisUploaded = $this->Event->uploadEventToServer($this->Event->data, $server, $HttpSocket);
if (!$thisUploaded) {
$uploaded = !$uploaded ? $uploaded : $thisUploaded;
@ -706,7 +770,7 @@ class EventsController extends AppController {
}
}
}
$this->Event->data['Event']['from'] = Configure::read('CyDefSIG.org');
if (!$uploaded) {
return $failedServers;
} else {
@ -744,14 +808,13 @@ class EventsController extends AppController {
private function __publish($id, $passAlong = null) {
$this->Event->id = $id;
$this->Event->recursive = 0;
//$this->Event->read();
$event = $this->Event->read(null, $id);
// update the DB to set the published flag
$this->Event->saveField('published', 1);
$event['Event']['from'] = Configure::read('CyDefSIG.sync');
$uploaded = false;
// upload the event to remote servers
//if ($event['Event']['distribution'] == 'Your organization only' || $event['Event']['distribution'] == 'This server-only') return true;
if ('true' == Configure::read('CyDefSIG.sync')) {
$uploaded = $this->__uploadEventToServers($id, $passAlong);
if ((is_bool($uploaded) && !$uploaded) || (is_array($uploaded))) { // TODO remove bool
@ -771,6 +834,7 @@ class EventsController extends AppController {
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
}
$this->Event->saveField('from', Configure::read('CyDefSIG.org'));
// only allow publish for own events verified by isAuthorized
@ -802,7 +866,7 @@ class EventsController extends AppController {
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
}
$this->Event->saveField('from', Configure::read('CyDefSIG.org'));
// only allow alert for own events verified by isAuthorized
// only allow form submit CSRF protection.
@ -1179,17 +1243,43 @@ class EventsController extends AppController {
} else {
$conditions = array();
}
//restricting to non-private or same org if the user is not a site-admin.
if (!$this->isSiteAdmin()) {
$temp = array();
$temp2 = array();
$org = $this->_checkOrg();
$distribution = array();
array_push($distribution, array('Event.private =' => 0));
array_push($distribution, array('Event.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Event.org LIKE' => $org));
$conditions['OR'] = $temp;
$distribution2 = array();
array_push($distribution2, array('Attribute.private =' => 0));
array_push($distribution2, array('Attribute.cluster =' => 1));
array_push($temp2, array('OR' => $distribution2));
array_push($temp2, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $org));
$conditionsAttributes['OR'] = $temp2;
}
// do not expose all the data ...
$fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.analysis', 'Event.info', 'Event.published', 'Event.uuid');
$fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id');
if ('true' == Configure::read('CyDefSIG.showorg')) {
$fields[] = 'Event.org';
}
$params = array('conditions' => $conditions,
'recursive' => 1,
'fields' => $fields,
'contain' =>array(
'Attribute' => array(
'fields' => $fieldsAtt,
'conditions' => $conditionsAttributes,
),
)
);
$results = $this->Event->find('all', $params);
$this->set('results', Sanitize::clean($results));
}
@ -1213,8 +1303,20 @@ class EventsController extends AppController {
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array( "AND" => array ('Attribute.to_ids' => 1, "Event.published" => 1)), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY
);
@ -1251,8 +1353,20 @@ class EventsController extends AppController {
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array('Attribute.to_ids' => 1), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY
);
@ -1294,8 +1408,20 @@ class EventsController extends AppController {
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array('Attribute.to_ids' => 1), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY
);
@ -1334,8 +1460,23 @@ class EventsController extends AppController {
$this->layout = 'text/default';
$this->loadModel('Attribute');
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array('Attribute.type' => $type);
if (!$this->isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
$params = array(
'conditions' => array('Attribute.type' => $type), //array of conditions
'conditions' => $conditions, //array of conditions
'recursive' => 0, //int
'fields' => array('Attribute.value'), //array of field names
'order' => array('Attribute.value'), //string or array defining order

3
app/Controller/RolesController.php
View File

@ -65,7 +65,6 @@ class RolesController extends AppController {
$this->Session->setFlash(__(sprintf('The Role has been saved.')));
$this->set('options', $this->options);
$passAlong = $this->Role->read(null, $this->Role->getInsertID());
debug($passAlong);
$this->generateACL($passAlong);
$this->redirect(array('action' => 'index'));
} else {
@ -99,6 +98,8 @@ class RolesController extends AppController {
public function admin_edit($id = null) {
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
$this->AdminCrud->adminEdit($id);
$passAlong = $this->Role->read(null, $id);
$this->generateACL($passAlong);
$this->set('options', $this->options);
}

10
app/Controller/ServersController.php
View File

@ -65,7 +65,7 @@ class ServersController extends AppController {
);
} else {
if (!$this->checkAction('perm_sync')) $this->redirect(array('controller' => 'events', 'action' => 'index'));
$conditions['Server.organization LIKE'] = $this->Auth->user('org');
$conditions['Server.org LIKE'] = $this->Auth->user('org');
$this->paginate = array(
'conditions' => array($conditions),
);
@ -79,7 +79,7 @@ class ServersController extends AppController {
* @return void
*/
public function add() {
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->request->is('post')) {
// force check userid and orgname to be from yourself
$this->request->data['Server']['org'] = $this->Auth->user('org');
@ -102,7 +102,7 @@ class ServersController extends AppController {
* @throws NotFoundException
*/
public function edit($id = null) {
if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
@ -155,7 +155,7 @@ class ServersController extends AppController {
public function pull($id = null, $full=false) {
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
@ -310,7 +310,7 @@ class ServersController extends AppController {
}
public function push($id = null, $full=false) {
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}

2
app/MYSQL.dist_change.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE `events` ADD `dist_change` INT NOT NULL DEFAULT '0'
ALTER TABLE `attributes` ADD `dist_change` INT NOT NULL DEFAULT '0'

1
app/MYSQL.from.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `events` ADD `from` VARCHAR( 10 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL

149
app/MYSQL.migrate.sql Normal file
View File

@ -0,0 +1,149 @@
--
-- Update to attributes
--
ALTER TABLE `attributes` ADD `cluster` tinyint(1) DEFAULT '0';
ALTER TABLE `attributes` ADD `communitie` tinyint(1) DEFAULT '0';
ALTER TABLE `attributes` ADD `dist_change` int(11) DEFAULT '0';
-- --------------------------------------------------------
--
-- Create blacklist
--
CREATE TABLE `blacklist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(254) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Create correlations
--
DROP TABLE IF EXISTS `correlations`;
CREATE TABLE `correlations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`1_event_id` int(11) NOT NULL,
`1_attribute_id` int(11) NOT NULL,
`1_private` tinyint(1) NOT NULL,
`event_id` int(11) NOT NULL,
`attribute_id` int(11) NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`private` tinyint(1) NOT NULL,
`cluster` tinyint(1) NOT NULL,
`date` date NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Update to events
--
ALTER TABLE `events` ADD `cluster` tinyint(1) NOT NULL;
ALTER TABLE `events` ADD `communitie` tinyint(1) NOT NULL;
ALTER TABLE `events` ADD `analysis` tinyint(4) NOT NULL;
ALTER TABLE `events` ADD `attribute_count` int(11) UNSIGNED DEFAULT NULL;
ALTER TABLE `events` ADD `hop_count` int(11) UNSIGNED DEFAULT NULL;
ALTER TABLE `events` ADD `dist_change` int(11) NOT NULL DEFAULT 0;
ALTER TABLE `events` ADD `orgc` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL;
UPDATE TABLE `events` SET `orgc` = `org` WHERE `orgc` = NULL;
-- --------------------------------------------------------
--
-- Table structure for table `logs`
--
CREATE TABLE `logs` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`model` varchar(20) COLLATE utf8_bin NOT NULL,
`model_id` int(11) NOT NULL,
`action` varchar(20) COLLATE utf8_bin NOT NULL,
`user_id` int(11) NOT NULL,
`change` varchar(255) COLLATE utf8_bin,
`email` varchar(255) COLLATE utf8_bin NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`description` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `regexp`
--
CREATE TABLE `regexp` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`regexp` varchar(255) COLLATE utf8_bin NOT NULL,
`replacement` varchar(255) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- --------------------------------------------------------
--
-- Create table roles
--
DROP TABLE IF EXISTS `roles`;
CREATE TABLE `roles` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) COLLATE utf8_bin NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`perm_add` tinyint(1) NOT NULL,
`perm_modify` tinyint(1) NOT NULL,
`perm_modify_org` tinyint(1) NOT NULL,
`perm_publish` tinyint(1) NOT NULL,
`perm_sync` tinyint(1) NOT NULL,
`perm_full` tinyint(1) NOT NULL,
`perm_auth` tinyint(1) NOT NULL,
`perm_audit` tinyint(1) NOT NULL,
`perm_admin` tinyint(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Creating initial roles
--
-- 1. Admin - has full access
-- 2. Org Admin - read/write/publish/audit/admin/sync/auth
-- 3. User - User - Read / Write, no other permissions (default)
-- 4. Sync user - read/write/publish/sync/auth
--
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('1', 'admin', NOW() , NOW() , '1', '1', '1', '1', '1', '1', '1', '1', '1');
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('2', 'Org Admin', NOW() , NOW() , '1', '1', '0' , '1', '1', '1', '1', '0' , '1');
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('3', 'User', NOW() , NOW() , '1', '1', '0' , '0' , '0' , '0' , '0' , '0' , '0');
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`)
VALUES ('4', 'Sync user', NOW(), NOW(), '1', '1', '1', '1', '1', '0', '1', '0', '1');
-- --------------------------------------------------------
--
-- Update servers
--
ALTER TABLE `servers` DROP `logo`;
-- --------------------------------------------------------
--
-- Update users
-- Collate changed for email - fixes case sensitivity of user names
--
ALTER TABLE `users` ADD `role_id` int(11) NOT NULL;
ALTER TABLE `users` ADD `change_pw` tinyint(1) NOT NULL;
ALTER TABLE `users` CHANGE `email` `email` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL
UPDATE TABLE `users` SET `role_id` = '3';
UPDATE TABLE `users` SET `role_id` = '1' WHERE `org` = 'ADMIN';
-- --------------------------------------------------------

1
app/MYSQL.orgc.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `events` ADD `orgc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL

10
app/Model/Attribute.php
View File

@ -21,8 +21,9 @@ class Attribute extends AppModel {
'userKey' => 'user_id',
'change' => 'full'),
'Trim',
//'Regexp' => array('fields' => array('value', 'value2')),
//'Blacklist' => array('fields' => array('value'))
'Containable',
'Regexp' => array('fields' => array('value', 'value2')),
'Blacklist' => array('fields' => array('value'))
);
/**
@ -369,6 +370,7 @@ class Attribute extends AppModel {
if (!empty($this->data['Attribute']['type'])) {
$compositeTypes = $this->getCompositeTypes();
// explode composite types in value1 and value2
//if (!isset($this->data['Attribute']['value1'])) {
$pieces = explode('|', $this->data['Attribute']['value']);
if (in_array($this->data['Attribute']['type'], $compositeTypes)) {
if (2 != count($pieces)) {
@ -381,8 +383,8 @@ class Attribute extends AppModel {
$this->data['Attribute']['value1'] = $total;
$this->data['Attribute']['value2'] = '';
}
//}
}
// always return true after a beforeSave()
return true;
}
@ -423,6 +425,7 @@ class Attribute extends AppModel {
}
public function massageData(&$data) {
if(!isset($data['Attribute']['distribution'])) return $data;
switch ($data['Attribute']['distribution']) {
case 'Your organization only':
$data['Attribute']['private'] = true;
@ -682,7 +685,6 @@ class Attribute extends AppModel {
break;
case 'link':
if (preg_match('#^(http|ftp)(s)?\:\/\/((([a-z|0-9|\-]{1,25})(\.)?){2,7})($|/.*$)#i', $value) && !preg_match("#\n#", $value)) {
debug('here');
$returnValue = true;
}
break;

8
app/Model/Behavior/RegexpBehavior.php
View File

@ -33,7 +33,6 @@ class RegexpBehavior extends ModelBehavior {
$returnValue = true;
// process some..
$returnValue = $this->regexpStringFields($Model);
return $returnValue;
}
@ -48,9 +47,7 @@ class RegexpBehavior extends ModelBehavior {
foreach ($Model->data[$Model->name] as $key => $field) {
if (in_array($key, $this->settings[$Model->alias]['fields']) && is_string($field)) {
$returnValue = $this->replaceWindowsSpecific($Model, $field);
//if (!$returnValue) {
// $Model->blacklistErrors[] = array($key, $field);
//}
$Model->data[$Model->name][$key] = $returnValue;
}
}
return $returnValue;
@ -70,11 +67,12 @@ class RegexpBehavior extends ModelBehavior {
foreach ($allRegexp as $regexp) {
if (strlen($regexp['Regexp']['replacement'] && strlen($regexp['Regexp']['regexp']))) {
$string = preg_replace($regexp['Regexp']['regexp'], $regexp['Regexp']['replacement'], $string);
$returnValue = $string;
}
if (!strlen($regexp['Regexp']['replacement']) && preg_match($regexp['Regexp']['regexp'], $string)) {
App::uses('SessionComponent', 'Controller/Component');
SessionComponent::setFlash('Blacklisted value!');
$returnValue = false;
return false;
}
}
return $returnValue;

23
app/Model/Event.php
View File

@ -16,8 +16,9 @@ class Event extends AppModel {
'userKey' => 'user_id',
'change' => 'full'),
'Trim',
//'Regexp' => array('fields' => array('info')),
//'Blacklist' => array('fields' => array('info')),
'Containable',
'Regexp' => array('fields' => array('info')),
'Blacklist' => array('fields' => array('info')),
);
/**
@ -83,6 +84,16 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'orgc' => array(
'notempty' => array(
'rule' => array('notempty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'date' => array(
'date' => array(
'rule' => array('date'),
@ -529,16 +540,24 @@ class Event extends AppModel {
$encodedFile = $this->Attribute->base64EncodeAttachment($attribute);
$attribute['data'] = $encodedFile;
}
// Passing the attribute ID together with the attribute could cause the deletion of attributes after a publish/push
// Basically, if the attribute count differed between two instances, and the instance with the lower attribute
// count pushed, the old attributes with the same ID got overwritten. Unsetting the ID before pushing it
// solves the issue and a new attribute is always created.
unset($attribute['id']);
}
// Distribution, correct Community to Org only in Event
if ($event['Event']['cluster'] && !$event['Event']['private']) {
$event['Event']['private'] = true;
$event['Event']['cluster'] = false;
//$event['Event']['communitie'] = false;
$event['Event']['distribution'] = 'Your organization only';
}
// Distribution, correct All to Community in Event
// Potential problem here -> setting cluster gives 0-1-1 (pr/cl/co) settings that don't exist. Adding switch from comm true to false
if (!$event['Event']['cluster'] && !$event['Event']['private'] && $event['Event']['communitie']) {
$event['Event']['cluster'] = true;
$event['Event']['communitie'] = false;
$event['Event']['distribution'] = 'This Community-only';
}
// up the hop count

7
app/View/Attributes/edit.ctp
View File

@ -16,9 +16,11 @@ if ($attachment) {
}
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
if ('true' == $canEditDist) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv'))
));
}
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
@ -40,8 +42,9 @@ if ($attachment) {
}
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
$this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#AttributeDistribution")');
if ($canEditDist) {
$this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#AttributeDistribution")');
}
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>

2
app/View/Attributes/event.ctp
View File

@ -152,7 +152,7 @@ if (!empty($event['Attribute'])):?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute? Keep in mind that this will also delete this attribute on remote MISP instances.'));
?>
</td><?php
endif;?>

3
app/View/Attributes/index.ctp
View File

@ -20,6 +20,7 @@ function getTitle(incInt, id){
if ($isSearch == 1) {
echo "<h4>Results for all attributes";
if ($keywordSearch != null) echo " with the value containing \"<b>" . h($keywordSearch) . "</b>\"";
if ($keywordSearch2 != null) echo " excluding the events \"<b>" . h($keywordSearch2) . "</b>\"";
if ($categorySearch != "ALL") echo " of category \"<b>" . h($categorySearch) . "</b>\"";
if ($typeSearch != "ALL") echo " of type \"<b>" . h($typeSearch) . "</b>\"";
echo ":</h4>";
@ -53,7 +54,7 @@ foreach ($attributes as $attribute): ?>
<?php echo h($attribute['Attribute']['type']); ?>&nbsp;</td>
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
$sigDisplay = nl2br(($attribute['Attribute']['value']));
if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attribute['Attribute']['type']) {
echo $this->Html->link($sigDisplay, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
} elseif ('link' == $attribute['Attribute']['type']) {

3
app/View/Attributes/search.ctp
View File

@ -3,7 +3,8 @@
<fieldset>
<legend><?php echo __('Search Attribute'); ?></legend>
<?php
echo $this->Form->input('keyword', array('type' => 'textarea'));
echo $this->Form->input('keyword', array('type' => 'textarea', 'label' => 'Containing the following expressions'));
echo $this->Form->input('keyword2', array('type' => 'textarea', 'label' => 'Excluding the following events'));
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
?>

19
app/View/Elements/actions_menu.ctp
View File

@ -1,3 +1,4 @@
<h3><?php echo __('Event Actions'); ?></h3>
<li><?php
if ($isAclAdd) echo $this->Html->link(__('New Event', true), array('controller' => 'events', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('List Events', true), array('controller' => 'events', 'action' => 'index')); ?></li>
@ -5,7 +6,6 @@ if ($isAclAdd) echo $this->Html->link(__('New Event', true), array('controller'
<li><?php echo $this->Html->link(__('Search Attributes', true), array('controller' => 'attributes', 'action' => 'search')); ?> </li>
<li><?php
if ($isAclAuth) echo $this->Html->link(__('Export', true), array('controller' => 'events', 'action' => 'export')); ?></li>
<li>&nbsp;</li>
<h3><?php echo __('Global Actions'); ?></h3>
<li><?php echo $this->Html->link(__('News', true), array('controller' => 'users', 'action' => 'news')); ?> </li>
@ -23,16 +23,16 @@ if (('true' == Configure::read('CyDefSIG.sync')) && ($isAclSync || $isAdmin)): ?
<?php
endif;?>
<?php
//Site admin
if($isAdmin && $isAclAdmin && $me['org'] == 'ADMIN'): ?>
if($isSiteAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index', 'admin' => true)); ?> </li>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<li><?php echo $this->Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('New Role', true), array('controller' => 'roles', 'action' => 'add', 'admin' => true)); ?> </li>
@ -43,13 +43,14 @@ endif;?>
<?php
//org admin
if($isAdmin && $isAclAdmin && $me['org'] != 'ADMIN'): ?>
if($isAdmin && !$isSiteAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index')); ?> </li>
<li>&nbsp;</li>
<h3><?php echo __('Administration'); ?></h3>
<li><?php echo $this->Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Roles', true), array('controller' => 'roles', 'action' => 'index')); ?> </li>
@ -59,9 +60,9 @@ endif;?>
<?php
//normal user
if(!$isAdmin && !$isAclAdmin): ?>
if(!$isSiteAdmin && !$isAclAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Lists'); ?></h3>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index')); ?> </li>
<li><?php echo $this->Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index')); ?> </li>
@ -69,7 +70,7 @@ if(!$isAdmin && !$isAclAdmin): ?>
endif;?>
<?php
if($isAdmin || $isAclAudit): ?>
if($isAclAudit): ?>
<h3><?php echo __('Audit'); ?></h3>
<li><?php echo $this->Html->link(__('List Logs', true), array('controller' => 'logs', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Search Logs', true), array('controller' => 'logs', 'action' => 'admin_search', 'admin' => true)); ?> </li>

15
app/View/Events/edit.ctp
View File

@ -12,9 +12,11 @@ echo $this->Form->input('analysis', array(
'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv'))));
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == Configure::read('CyDefSIG.private')) {
if ('true' == $canEditDist) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
));
}
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
@ -23,7 +25,9 @@ if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('info');
// link an onchange event to the form elements
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
if ('true' == $canEditDist) {
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
}
$this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")');
$this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")');
?>
@ -42,10 +46,13 @@ $this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis"
//
var formInfoValues = new Array();
<?php
foreach ($distributionDescriptions as $type => $def) {
if ('true' == $canEditDist) {
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
@ -68,7 +75,9 @@ function showFormInfo(id) {
}
// hide the formInfo things
$('#EventDistributionDiv').hide();
if ('true' == $canEditDist) {
$('#EventDistributionDiv').hide();
}
$('#EventRiskDiv').hide();
$('#EventAnalysisDiv').hide();
</script>

14
app/View/Events/index.ctp
View File

@ -7,6 +7,11 @@
if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<th><?php echo $this->Paginator->sort('org');?></th>
<?php
endif; ?>
<?php
if ($isAdmin): ?>
<th><?php echo $this->Paginator->sort('owner org');?></th>
<?php
endif; ?>
<th><?php echo $this->Paginator->sort('id');?></th>
<th><?php echo $this->Paginator->sort('attribute_count', '#Attr.');?></th>
@ -45,6 +50,15 @@ foreach ($events as $event):?>
}?>
&nbsp;</td><?php
if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';"><?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['orgc']) . '.png';
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . $imgRelativePath;
if (file_exists($imgAbsolutePath)) echo $this->Html->image('orgs/' . h($event['Event']['orgc']) . '.png', array('alt' => h($event['Event']['orgc']),'width' => '48','hight' => '48'));
else echo $this->Html->tag('span', h($event['Event']['orgc']), array('class' => 'welcome', 'style' => 'float:right;'));?><?php
?>
&nbsp;</td><?php
endif;
if ('true' == $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';"><?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['org']) . '.png';
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . $imgRelativePath;

14
app/View/Events/view.ctp
View File

@ -49,7 +49,7 @@ endif; ?>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('action' => 'contact', $event['Event']['id'])); ?> </li></ul>
</div>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?><?php echo $this->element('img', array('id' => $event['Event']['org']));?><?php
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?><?php echo $this->element('img', array('id' => $event['Event']['orgc']));?><?php
endif; ?>
<h2>Event</h2>
<dl>
@ -59,7 +59,15 @@ endif; ?>
&nbsp;
</dd>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<dt>Org</dt>
<dt>Creating Org</dt>
<dd>
<?php echo h($event['Event']['orgc']); ?>
&nbsp;
</dd>
<?php
endif; ?>
<?php if ($isAdmin): ?>
<dt>Owner org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
@ -244,7 +252,7 @@ if (!empty($event['Attribute'])):?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute? Keep in mind that this will also delete this attribute on remote MISP instances.'));
?>
</td>
<?php

8
app/View/Pages/using_the_system.ctp
View File

@ -24,10 +24,10 @@ The process of entering an event can be split into 3 phases, the creation of the
<li><em>Date:</em> The date when the incident has happened.<br /><br /></li>
<li><em>Distribution:</em> This setting controls, who will be able to see this event once it becomes published. Apart from being able to set which users on this server are allowed to see the event, this also controls whether the event will be synchronised to other servers or not. The following options are available:<br /><br /></li>
<li style="list-style: none;"><ul>
<li><i>Your organization only:</i> This setting will only allow members of your organisation on this server to see it.<br /><br /></li>
<li><i>This server-only:</i> This setting will only allow members of any organisation on this server to see it.<br /><br /></li>
<li><i>This Community-only:</i> Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on your MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of your community.<br /><br /></li>
<li><i>Connected communities:</i> Users that are part of your MISP community will be able to see the event. This includes all organisations on your own MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it.<br /><br /></li>
<li><i>Your organization only:</i> This setting will only allow members of your organisation on this server to see it. Events with this setting will not be synchronised.<br /><br /></li>
<li><i>This server-only:</i> This setting will allow members of any organisation on this server to see it. Events with this setting will not be synchronised. For more information on community-related distribution levels, click here.<br /><br /></li>
<li><i>This Community-only:</i> Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. For more information on community-related distribution levels, click here.<br /><br /></li>
<li><i>Connected communities:</i> Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. For more information on community-related distribution levels, click here.<br /><br /></li>
<li><i>All communities:</i> This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next.<br /><br /></li>
</ul></li>
<li><em>Risk:</em> This field indicates the risk level of the event. Incidents can be categorised into three different threat categories (low, medium, high). This field can alternatively be left as undefined. The 3 options are:<br /><br /></li>

2
app/View/Users/admin_add.ctp
View File

@ -11,7 +11,7 @@ if ($currentOrg == 'ADMIN') {
}
echo $this->Form->input('role_id', array('label' => 'Role'));
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey', array('value' => $authkey, 'disabled' => 'disabled'));
echo $this->Form->input('authkey', array('value' => $authkey, 'readonly' => 'readonly'));
echo $this->Form->input('nids_sid');
echo $this->Form->input('gpgkey');
?>