mirror of https://github.com/MISP/MISP
Merge pull request #2934 from cvandeplas/fix/modules-api
fix - allows upload of files using the misp-modules APIpull/2962/head
commit
297fe776fc
|
@ -3487,21 +3487,8 @@ class EventsController extends AppController {
|
|||
}
|
||||
}
|
||||
|
||||
public function __pushFreetext($resultArray, $eventId, $distribution = false, $sg = false, $adhereToWarninglists = false) {
|
||||
if ($adhereToWarninglists) {
|
||||
$this->Warninglist = ClassRegistry::init('Warninglist');
|
||||
$warninglists = $this->Warninglist->fetchForEventView();
|
||||
}
|
||||
foreach ($resultArray as $k => $result) {
|
||||
$result['type'] = $result['default_type'];
|
||||
unset($result['default_type']);
|
||||
unset($result['types']);
|
||||
if (isset($result['default_category'])) {
|
||||
$result['category'] = $result['default_category'];
|
||||
unset($result['default_category']);
|
||||
} else {
|
||||
$result['category'] = $this->Event->Attribute->defaultCategories[$result['type']];
|
||||
}
|
||||
public function __pushFreetext($attributes, $id, $distribution = false, $sg = false, $adhereToWarninglists = false) {
|
||||
|
||||
if ($distribution === false) {
|
||||
if (Configure::read('MISP.default_attribute_distribution') != null) {
|
||||
if (Configure::read('MISP.default_attribute_distribution') == 'event') {
|
||||
|
@ -3513,47 +3500,45 @@ class EventsController extends AppController {
|
|||
$distribution = 0;
|
||||
}
|
||||
}
|
||||
$result['distribution'] = $distribution;
|
||||
$result['event_id'] = $eventId;
|
||||
$resultArray[$k] = $result;
|
||||
if ($adhereToWarninglists) {
|
||||
if (!$this->Warninglist->filterWarninglistAttributes($warninglists, $result)) {
|
||||
if ($adhereToWarninglists == 'soft') {
|
||||
$result['to_ids'] = 0;
|
||||
// prepare the default choices
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
$attribute['type'] = $attribute['default_type'];
|
||||
unset($attribute['default_type']);
|
||||
unset($attribute['types']);
|
||||
if (isset($attribute['default_category'])) {
|
||||
$attribute['category'] = $attribute['default_category'];
|
||||
unset($attribute['default_category']);
|
||||
} else {
|
||||
unset($resultArray[$k]);
|
||||
continue;
|
||||
$attribute['category'] = $this->Event->Attribute->defaultCategories[$attribute['type']];
|
||||
}
|
||||
$attribute['distribution'] = $distribution;
|
||||
$attribute['event_id'] = $id;
|
||||
$attributes[$k] = $attribute;
|
||||
}
|
||||
}
|
||||
$this->Event->Attribute->create();
|
||||
if (!$this->Event->Attribute->save($result)) {
|
||||
unset($resultArray[$k]);
|
||||
}
|
||||
}
|
||||
$resultArray = array_values($resultArray);
|
||||
return $this->RestResponse->viewData($resultArray, $this->response->type());
|
||||
// actually save the attribute now
|
||||
$this->__processFreeTextData($attributes, $id, '', false, $adhereToWarninglists);
|
||||
// FIXME $attributes does not contain the onteflyattributes
|
||||
$attributes = array_values($attributes);
|
||||
return $this->RestResponse->viewData($attributes, $this->response->type());
|
||||
}
|
||||
|
||||
public function saveFreeText($id) {
|
||||
if (!$this->userRole['perm_add']) {
|
||||
throw new MethodNotAllowedException('Event not found or you don\'t have permissions to create attributes');
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if (!$this->Event->checkIfAuthorised($this->Auth->user(), $id)) {
|
||||
throw new MethodNotAllowedException('Invalid event.');
|
||||
}
|
||||
private function __processFreeTextData($attributes, $id, $default_comment = '', $force = false, $adhereToWarninglists = false) {
|
||||
$event = $this->Event->find('first', array(
|
||||
'conditions' => array('id' => $id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('orgc_id', 'id', 'distribution', 'published', 'uuid'),
|
||||
));
|
||||
if (!$this->_isSiteAdmin() && !empty($event) && $event['Event']['orgc_id'] != $this->Auth->user('org_id')) $objectType = 'ShadowAttribute';
|
||||
else if ($this->_isSiteAdmin() && isset($this->request->data['Attribute']['force']) && $this->request->data['Attribute']['force']) $objectType = 'ShadowAttribute';
|
||||
else if ($this->_isSiteAdmin() && isset($force) && $force) $objectType = 'ShadowAttribute';
|
||||
else $objectType = 'Attribute';
|
||||
|
||||
if ($adhereToWarninglists) {
|
||||
$this->Warninglist = ClassRegistry::init('Warninglist');
|
||||
$warninglists = $this->Warninglist->fetchForEventView();
|
||||
}
|
||||
|
||||
$saved = 0;
|
||||
$failed = 0;
|
||||
$attributes = json_decode($this->request->data['Attribute']['JsonObject'], true);
|
||||
$attributeSources = array('attributes', 'ontheflyattributes');
|
||||
$ontheflyattributes = array();
|
||||
foreach ($attributeSources as $source) {
|
||||
|
@ -3588,7 +3573,7 @@ class EventsController extends AppController {
|
|||
foreach ($types as $type) {
|
||||
$this->Event->$objectType->create();
|
||||
$attribute['type'] = $type;
|
||||
if (empty($attribute['comment'])) $attribute['comment'] = $this->request->data['Attribute']['default_comment'];
|
||||
if (empty($attribute['comment'])) $attribute['comment'] = $default_comment;
|
||||
$attribute['event_id'] = $id;
|
||||
if ($objectType == 'ShadowAttribute') {
|
||||
$attribute['org_id'] = $this->Auth->user('org_id');
|
||||
|
@ -3596,6 +3581,17 @@ class EventsController extends AppController {
|
|||
$attribute['email'] = $this->Auth->user('email');
|
||||
$attribute['event_uuid'] = $event['Event']['uuid'];
|
||||
}
|
||||
// adhere to the warninglist
|
||||
if ($adhereToWarninglists) {
|
||||
if (!$this->Warninglist->filterWarninglistAttributes($warninglists, $attribute)) {
|
||||
if ($adhereToWarninglists == 'soft') {
|
||||
$attribute['to_ids'] = 0;
|
||||
} else {
|
||||
// just ignore the attribute
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
$AttributSave = $this->Event->$objectType->save($attribute);
|
||||
if ($AttributSave) {
|
||||
// If Tags, attache each tags to attribut
|
||||
|
@ -3637,10 +3633,28 @@ class EventsController extends AppController {
|
|||
}
|
||||
}
|
||||
if ($failed > 0) {
|
||||
$this->Session->setFlash($saved . ' ' . $messageScope . ' created' . $emailResult . '. ' . $failed . ' ' . $messageScope . ' could not be saved. This may be due to attributes with similar values already existing.');
|
||||
$flashMessage = $saved . ' ' . $messageScope . ' created' . $emailResult . '. ' . $failed . ' ' . $messageScope . ' could not be saved. This may be due to attributes with similar values already existing.';
|
||||
} else {
|
||||
$this->Session->setFlash($saved . ' ' . $messageScope . ' created' . $emailResult . '.');
|
||||
$flashMessage = $saved . ' ' . $messageScope . ' created' . $emailResult . '.';
|
||||
}
|
||||
return $flashMessage;
|
||||
}
|
||||
|
||||
public function saveFreeText($id) {
|
||||
if (!$this->userRole['perm_add']) {
|
||||
throw new MethodNotAllowedException('Event not found or you don\'t have permissions to create attributes');
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if (!$this->Event->checkIfAuthorised($this->Auth->user(), $id)) {
|
||||
throw new MethodNotAllowedException('Invalid event.');
|
||||
}
|
||||
$attributes = json_decode($this->request->data['Attribute']['JsonObject'], true);
|
||||
$default_comment = $this->request->data['Attribute']['default_comment'];
|
||||
$force = $this->request->data['Attribute']['force'];
|
||||
|
||||
$flashMessage = $this->__processFreeTextData($attributes, $id, $default_comment, $force);
|
||||
|
||||
$this->Session->setFlash($flashMessage);
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $id));
|
||||
} else {
|
||||
throw new MethodNotAllowedException();
|
||||
|
@ -4470,7 +4484,7 @@ class EventsController extends AppController {
|
|||
$eventId,
|
||||
false,
|
||||
false,
|
||||
false
|
||||
'soft'
|
||||
);
|
||||
}
|
||||
if (isset($result['comment'])) {
|
||||
|
|
|
@ -337,6 +337,7 @@ class Attribute extends AppModel {
|
|||
)
|
||||
);
|
||||
|
||||
// FIXME we need a better way to list the defaultCategories knowing that new attribute types will continue to appear in the future. We should generate this dynamically or use a function using the default_category of the $typeDefinitions
|
||||
public $defaultCategories = array(
|
||||
'md5' => 'Payload delivery',
|
||||
'sha1' => 'Payload delivery',
|
||||
|
@ -357,6 +358,7 @@ class Attribute extends AppModel {
|
|||
'filename' => 'Payload delivery',
|
||||
'ip-src' => 'Network activity',
|
||||
'ip-dst' => 'Network activity',
|
||||
'ip-dst|port' => 'Network activity',
|
||||
'mac-address' => 'Network activity',
|
||||
'mac-eui-64' => 'Network activity',
|
||||
'hostname' => 'Network activity',
|
||||
|
|
Loading…
Reference in New Issue