mirror of https://github.com/MISP/MISP
Removed vulnerability and comment from correlation
parent
5056744029
commit
29afb82f4d
|
@ -856,61 +856,68 @@ class Attribute extends AppModel {
|
|||
}
|
||||
|
||||
public function __afterSaveCorrelation($a) {
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
//
|
||||
// When we add/update an attribute we need to
|
||||
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
|
||||
|
||||
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
|
||||
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
|
||||
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
|
||||
|
||||
// now build a correlation array of things that will need to be added in the db
|
||||
// we do this twice, once for value1 and once for value2
|
||||
$correlations = array(); // init variable
|
||||
$value_names = array ('value1', 'value2');
|
||||
// do the correlation for value1 and value2, this needs to be done separately
|
||||
foreach ($value_names as $value_name) {
|
||||
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
|
||||
$params = array(
|
||||
'conditions' => array('OR' => array(
|
||||
'Attribute.value1' => $a[$value_name],
|
||||
'Attribute.value2' => $a[$value_name]
|
||||
)),
|
||||
'recursive' => 0,
|
||||
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
|
||||
);
|
||||
// search for the related attributes for that "value(1|2)"
|
||||
$attributes = $this->find('all', $params);
|
||||
// build the correlations, each attribute should have a relation in both directions
|
||||
// this is why we have a double loop.
|
||||
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
|
||||
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
|
||||
$attributes_right = $attributes;
|
||||
foreach ($attributes as $attribute) {
|
||||
foreach ($attributes_right as $attribute_right) {
|
||||
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
|
||||
// do not build a relation between the same attributes
|
||||
// or attributes from the same event
|
||||
continue;
|
||||
}
|
||||
$is_private = ($attribute_right['Event']['distribution'] == 0) || ($attribute_right['Attribute']['distribution'] == 0);
|
||||
$correlations[] = array(
|
||||
'value' => $a[$value_name],
|
||||
'1_event_id' => $attribute['Attribute']['event_id'],
|
||||
'1_attribute_id' => $attribute['Attribute']['id'],
|
||||
'event_id' => $attribute_right['Attribute']['event_id'],
|
||||
'attribute_id' => $attribute_right['Attribute']['id'],
|
||||
'org' => $attribute_right['Event']['org'],
|
||||
'private' => $is_private,
|
||||
'date' => $attribute_right['Event']['date'],
|
||||
'info' => $attribute_right['Event']['info'],
|
||||
);
|
||||
}
|
||||
}
|
||||
// Don't do any correlation if the type is vulnerability or comment
|
||||
if ($a['type'] !== 'vulnerability' && $a['type'] !== 'comment') {
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
// When we add/update an attribute we need to
|
||||
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
|
||||
|
||||
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
|
||||
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
|
||||
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
|
||||
|
||||
// now build a correlation array of things that will need to be added in the db
|
||||
// we do this twice, once for value1 and once for value2
|
||||
$correlations = array(); // init variable
|
||||
$value_names = array ('value1', 'value2');
|
||||
// do the correlation for value1 and value2, this needs to be done separately
|
||||
foreach ($value_names as $value_name) {
|
||||
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
|
||||
$params = array(
|
||||
'conditions' => array(
|
||||
'OR' => array(
|
||||
'Attribute.value1' => $a[$value_name],
|
||||
'Attribute.value2' => $a[$value_name]
|
||||
),
|
||||
'AND' => array(
|
||||
'Attribute.type !=' => 'vulnerability',
|
||||
'Attribute.type !=' => 'comment',
|
||||
)),
|
||||
'recursive' => 0,
|
||||
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
|
||||
);
|
||||
// search for the related attributes for that "value(1|2)"
|
||||
$attributes = $this->find('all', $params);
|
||||
// build the correlations, each attribute should have a relation in both directions
|
||||
// this is why we have a double loop.
|
||||
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
|
||||
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
|
||||
$attributes_right = $attributes;
|
||||
foreach ($attributes as $attribute) {
|
||||
foreach ($attributes_right as $attribute_right) {
|
||||
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
|
||||
// do not build a relation between the same attributes
|
||||
// or attributes from the same event
|
||||
continue;
|
||||
}
|
||||
$is_private = ($attribute_right['Event']['distribution'] == 0) || ($attribute_right['Attribute']['distribution'] == 0);
|
||||
$correlations[] = array(
|
||||
'value' => $a[$value_name],
|
||||
'1_event_id' => $attribute['Attribute']['event_id'],
|
||||
'1_attribute_id' => $attribute['Attribute']['id'],
|
||||
'event_id' => $attribute_right['Attribute']['event_id'],
|
||||
'attribute_id' => $attribute_right['Attribute']['id'],
|
||||
'org' => $attribute_right['Event']['org'],
|
||||
'private' => $is_private,
|
||||
'date' => $attribute_right['Event']['date'],
|
||||
'info' => $attribute_right['Event']['info'],
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
// save the new correlations to the database in a single shot
|
||||
$this->Correlation->saveMany($correlations);
|
||||
}
|
||||
// save the new correlations to the database in a single shot
|
||||
$this->Correlation->saveMany($correlations);
|
||||
}
|
||||
|
||||
private function __beforeDeleteCorrelation($attribute_id) {
|
||||
|
|
Loading…
Reference in New Issue