MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Removed vulnerability and comment from correlation

pull/195/head
iglocska 2013-08-23 10:47:46 +02:00
parent 5056744029
commit 29afb82f4d
1 changed files with 61 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
app/Model/Attribute.php
View File

@ -856,61 +856,68 @@ class Attribute extends AppModel {
}
public function __afterSaveCorrelation($a) {
$this->Correlation = ClassRegistry::init('Correlation');
//
// When we add/update an attribute we need to
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
// now build a correlation array of things that will need to be added in the db
// we do this twice, once for value1 and once for value2
$correlations = array(); // init variable
$value_names = array ('value1', 'value2');
// do the correlation for value1 and value2, this needs to be done separately
foreach ($value_names as $value_name) {
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
$params = array(
'conditions' => array('OR' => array(
'Attribute.value1' => $a[$value_name],
'Attribute.value2' => $a[$value_name]
)),
'recursive' => 0,
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
);
// search for the related attributes for that "value(1|2)"
$attributes = $this->find('all', $params);
// build the correlations, each attribute should have a relation in both directions
// this is why we have a double loop.
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
$attributes_right = $attributes;
foreach ($attributes as $attribute) {
foreach ($attributes_right as $attribute_right) {
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
// do not build a relation between the same attributes
// or attributes from the same event
continue;
}
$is_private = ($attribute_right['Event']['distribution'] == 0) || ($attribute_right['Attribute']['distribution'] == 0);
$correlations[] = array(
'value' => $a[$value_name],
'1_event_id' => $attribute['Attribute']['event_id'],
'1_attribute_id' => $attribute['Attribute']['id'],
'event_id' => $attribute_right['Attribute']['event_id'],
'attribute_id' => $attribute_right['Attribute']['id'],
'org' => $attribute_right['Event']['org'],
'private' => $is_private,
'date' => $attribute_right['Event']['date'],
'info' => $attribute_right['Event']['info'],
);
}
}
// Don't do any correlation if the type is vulnerability or comment
if ($a['type'] !== 'vulnerability' && $a['type'] !== 'comment') {
$this->Correlation = ClassRegistry::init('Correlation');
// When we add/update an attribute we need to
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
// now build a correlation array of things that will need to be added in the db
// we do this twice, once for value1 and once for value2
$correlations = array(); // init variable
$value_names = array ('value1', 'value2');
// do the correlation for value1 and value2, this needs to be done separately
foreach ($value_names as $value_name) {
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
$params = array(
'conditions' => array(
'OR' => array(
'Attribute.value1' => $a[$value_name],
'Attribute.value2' => $a[$value_name]
),
'AND' => array(
'Attribute.type !=' => 'vulnerability',
'Attribute.type !=' => 'comment',
)),
'recursive' => 0,
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
);
// search for the related attributes for that "value(1|2)"
$attributes = $this->find('all', $params);
// build the correlations, each attribute should have a relation in both directions
// this is why we have a double loop.
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
$attributes_right = $attributes;
foreach ($attributes as $attribute) {
foreach ($attributes_right as $attribute_right) {
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
// do not build a relation between the same attributes
// or attributes from the same event
continue;
}
$is_private = ($attribute_right['Event']['distribution'] == 0) || ($attribute_right['Attribute']['distribution'] == 0);
$correlations[] = array(
'value' => $a[$value_name],
'1_event_id' => $attribute['Attribute']['event_id'],
'1_attribute_id' => $attribute['Attribute']['id'],
'event_id' => $attribute_right['Attribute']['event_id'],
'attribute_id' => $attribute_right['Attribute']['id'],
'org' => $attribute_right['Event']['org'],
'private' => $is_private,
'date' => $attribute_right['Event']['date'],
'info' => $attribute_right['Event']['info'],
);
}
}
}
// save the new correlations to the database in a single shot
$this->Correlation->saveMany($correlations);
}
// save the new correlations to the database in a single shot
$this->Correlation->saveMany($correlations);
}
private function __beforeDeleteCorrelation($attribute_id) {