Merge branch 'hotfix-2.3.113' into develop

VERSION.json

@@ -1 +1 @@
-{"major":2, "minor":3, "hotfix":112}
+{"major":2, "minor":3, "hotfix":113}

app/Controller/Component/IOCImportComponent.php

@@ -9,6 +9,7 @@ class IOCImportComponent extends Component {
 	private $attributePairs = array(
 			array('filename', 'md5', 'filename|md5', 'Payload installation', 'both', '|'),
 			array('filename', 'sha1', 'filename|sha1', 'Payload installation', 'both', '|'),
+			array('filename', 'sha256', 'filename|sha256', 'Payload installation', 'both', '|'),
 			array('regkey', 'tempRegValue', 'regkey|value', 'Persistence mechanism', 'both', '|'),
 			array('filename', 'tempCertificateSubject', 'filename', 'Payload installation', 'first', ''),
 			array('filename', 'tempExtension', 'filename', 'Payload installation', 'both', '.'),
@@ -25,6 +26,33 @@ class IOCImportComponent extends Component {
 			//'FileItem/PEInfo/DigitalSignature/CertificateSubject',
 			);
 
+	// the default settings for the IDS flag / type
+	private $typeToIdsSettings = array(
+			'filename' => true,
+			'md5' => true,
+			'sha1' => true,
+			'sha256' => true,
+			'ip-src' => true,
+			'ip-dst' => true,
+			'domain' => true,
+			'hostname' => true,
+			'email-dst' => true,
+			'email-src' => true,
+			'email-subject' => true,
+			'email-attachment' => true,
+			'url' => true,
+			'user-agent' => false,
+			'regkey' => true,
+			'snort' => true,
+			'pattern-in-file' => true,
+			'comment' => false,
+			'other' => false,
+			'filename|md5' => true,
+			'filename|sha1' => true,
+			'filename|sha256' => true,
+			'regkey|value' => true,
+	);
+	
 	// Set up the data that you would like to fetch from the ioc's root and add as comments.
 	private $iocinfo = array('info', 'uuid', 'date', 'long_info');
 
@@ -51,8 +79,11 @@ class IOCImportComponent extends Component {
 
 	// stores the graph that will be passed back along with the event and attributes
 	private $graph = array();
+	
+	private $filename = "";
 
-	public function readXML($data, $id, $dist) {
+	public function readXML($data, $id, $dist, $filename) {
+		$this->filename = $filename;
 		$event = array();
 		$attributes = array();
 		$this->fails = array();
@@ -118,7 +149,7 @@ class IOCImportComponent extends Component {
 		// Add a special attribute that captures the basic data about the .ioc such as the ioc-s uuid, info, long info, author, etc.
 		// Define the fields used in the global iocinfo variable.
 		foreach ($this->iocinfo as $k => $v) {
-			if (isset($event[$v])) $event['Attribute'][] = array('uuid' => String::uuid(), 'category' => 'Other', 'type' => 'comment', 'event_id' => $id, 'value' => $v . ': ' . $event[$v], 'to_ids' => false, 'distribution' => $this->distribution, 'comment' => 'OpenIOC import');
+			if (isset($event[$v])) $event['Attribute'][] = array('uuid' => String::uuid(), 'category' => 'Other', 'type' => 'comment', 'event_id' => $id, 'value' => $v . ': ' . $event[$v], 'to_ids' => $this->typeToIdsSettings['comment'], 'distribution' => $this->distribution, 'comment' => 'OpenIOC import from file ' . $filename);
 		}
 
 		// attach the graph to the event
@@ -160,7 +191,6 @@ class IOCImportComponent extends Component {
 
 	// dissect the indicator and convert it into an attribute
 	private function __analyseIndicator($attribute) {
-		$attribute['to_ids'] = false;
 		$attribute['distribution'] = $this->distribution;
 		$temp = $this->__checkType($attribute['search']);
 		if ($attribute['condition'] !== 'containsnot') {
@@ -172,11 +202,12 @@ class IOCImportComponent extends Component {
 			$attribute['type'] = 'other';
 			$attribute['value'] = 'containsnot: ' . $attribute['value'];
 		}
+		$attribute['to_ids'] = $this->typeToIdsSettings[$attribute['type']];
 		// If we couldn't figure out the category / type and got Other/other, append the search term in the value
 		if ($temp[0] == 'Other' && $temp[1] == 'other') {
 			$attribute['value'] = $attribute['search'] . ': ' . $attribute['value'];
 		}
-		$attribute['comment'] = 'OpenIOC import';
+		$attribute['comment'] = 'OpenIOC import from file ' . $this->filename;
 		return $attribute;
 	}
 
@@ -238,61 +269,59 @@ class IOCImportComponent extends Component {
 			case 'FileItem/FileName':
 			case 'DriverItem/DriverName':
 			case 'FileItem/FullPath':
-				return array('Payload installation', 'filename');
+				return array('Payload installation', 'filename', true);
 				break;
 			case 'FileItem/Md5sum':
-				return array('Payload installation', 'md5');
-				break;
-			case 'FileItem/Sha1sum':
-				return array('Payload installation', 'sha1');
-				break;
-			case 'FileItem/Sha256sum':
-				return array('Payload installation', 'sha256');
+				return array('Payload installation', 'md5', true);
 				break;
 			case 'TaskItem/sha1sum':
-				return array('Payload installation', 'sha1');
+			case 'FileItem/Sha1sum':
+				return array('Payload installation', 'sha1', true);
+				break;
+			case 'FileItem/Sha256sum':
+				return array('Payload installation', 'sha256', true);
 				break;
 			case 'PortItem/remoteIP':
-				return array('Network activity', 'ip-src');
+				return array('Network activity', 'ip-src', true);
 				break;
 			case 'RouteEntryItem/Gateway':
 			case 'RouteEntryItem/Destination':
-				return array('Network activity', 'ip-dst');
+				return array('Network activity', 'ip-dst', true);
 				break;
 			case 'Network/DNS':
-				return array('Network activity', 'domain');
+				return array('Network activity', 'domain', true);
 				break;
 			case 'Email/To':
-				return array('Payload delivery', 'email-dst');
+				return array('Payload delivery', 'email-dst', true);
 				break;
 			case 'Email/From':
-				return array('Payload delivery', 'email-src');
+				return array('Payload delivery', 'email-src', true);
 				break;
 			case 'Email/Subject':
-				return array('Payload delivery', 'email-subject');
+				return array('Payload delivery', 'email-subject', true);
 				break;
 			case 'Email/Attachment/Na':
-				return array('Payload delivery', 'email-attachment');
+				return array('Payload delivery', 'email-attachment', true);
 				break;
 			case 'UrlHistoryItem/URL':
 			case 'UrlHistoryItem/VisitFrom':
 			case 'FileDownloadHistoryItem/SourceURL':
 			case 'FormHistoryItem/FormSubmitURL':
-				return array('Network activity', 'url');
+				return array('Network activity', 'url', true);
 				break;
 			case 'Network/UserAgent':
-				return array('Network activity', 'user-agent');
+				return array('Network activity', 'user-agent', false);
 				break;
 			case 'RegistryItem/KeyPath':
 			case 'RegistryItem/Modified':
 			case 'RegistryItem/Path':
-				return array('Persistence mechanism', 'regkey');
+				return array('Persistence mechanism', 'regkey', true);
 				break;
 			case 'Snort/Snort':
-				return array('Network activity', 'snort');
+				return array('Network activity', 'snort', true);
 				break;
 			case 'TaskItem/Comment':
-				return array('Other', 'comment');
+				return array('Other', 'comment', false);
 				break;
 			case 'CookieHistoryItem/HostName':
 			case 'FormHistoryItem/HostName':
@@ -300,21 +329,21 @@ class IOCImportComponent extends Component {
 			case 'UrlHistoryItem/HostName':
 			case 'DnsEntryItem/RecordName':
 			case 'DnsEntryItem/Host':
-				return array('Network activity', 'hostname');
+				return array('Network activity', 'hostname', true);
 				break;
 			case 'RegistryItem/Text':
-				return array('Persistence mechanism', 'tempRegValue');
+				return array('Persistence mechanism', 'tempRegValue', false);
 				break;
 				// We don't keep the following, they are often used with AND and a filename. We'll only keep the filename in those cases.
 			case 'FileItem/PEInfo/DigitalSignature/CertificateSubject':
 			case 'FileItem/PEInfo/DigitalSignature/SignatureExists':
-				return array('Payload delivery', 'tempCertificateSubject');
+				return array('Payload delivery', 'tempCertificateSubject', false);
 				break;
 			case 'FileItem/PEInfo/DetectedAnomalies/string':
-				return array('Payload delivery', 'pattern-in-file');
+				return array('Payload delivery', 'pattern-in-file', true);
 				break;
 		}
-		return array('Other', 'other');
+		return array('Other', 'other', false);
 	}
 
 	// Create the array used in the visualisation of the original ioc file
@@ -532,7 +561,7 @@ class IOCImportComponent extends Component {
 					default:
 						$value = $att1['value'] . '|' . $att2['value'];
 				}
-				return array('type' => $pair[2], 'value' => $value, 'uuid' => String::uuid(), 'category' => $pair[3], 'to_ids' => false, 'distribution' => $this->distribution);
+				return array('type' => $pair[2], 'value' => $value, 'uuid' => String::uuid(), 'category' => $pair[3], 'to_ids' => $this->typeToIdsSettings[$pair[2]], 'distribution' => $this->distribution);
 			}
 			// Try the same thing above with the attributes reversed
 			if ($att2['type'] == $pair[0] && $att1['type'] == $pair[1]) {
@@ -550,7 +579,7 @@ class IOCImportComponent extends Component {
 					default:
 						$value = $att2['value'] . '|' . $att1['value'];
 				}
-				return array('type' => $pair[2], 'value' => $value, 'uuid' => String::uuid(), 'category' => $pair[3], 'to_ids' => false, 'distribution' => $this->distribution);
+				return array('type' => $pair[2], 'value' => $value, 'uuid' => String::uuid(), 'category' => $pair[3], 'to_ids' => $this->typeToIdsSettings[$pair[2]], 'distribution' => $this->distribution);
 			}
 		}
 		// If no match found, return false, it's not a valid composite attribute for MISP

app/Controller/EventsController.php

@@ -2144,7 +2144,7 @@ class EventsController extends AppController {
 				}
 			}
 			// read XML
-			$event = $this->IOCImport->readXML($fileData, $id, $dist);
+			$event = $this->IOCImport->readXML($fileData, $id, $dist, $this->data['Event']['submittedioc']['name']);
 
 			// make some changes to have $saveEvent in the format that is needed to save the event together with its attributes
 			$fails = $event['Fails'];

app/Controller/UsersController.php

@@ -862,6 +862,7 @@ class UsersController extends AppController {
 		));
 		if (!$this->_isSiteAdmin() && $this->Auth->user('org') != $user['User']['org']) throw new MethodNotAllowedException('You are not authorised to do that.');
 		if ($this->request->is('post')) {
+			if (isset($this->request->data['User']['firstTime'])) $firstTime = $this->request->data['User']['firstTime']; 
 			$org = Configure::read('MISP.org');
 			$options = array('passwordResetText', 'newUserText');
 			$subjects = array('[' . $org . ' MISP] New user registration', '[' . $org .  ' MISP] Password reset');

app/View/Users/ajax/passwordResetConfirmationForm.ctp

@@ -2,10 +2,13 @@
 <?php 
 	$legend = ($firstTime ? 'Send welcome message to user' : 'Initiate password reset for user');
 	$message = ($firstTime ? 'Are you sure you want to reset the password of ' . $user['User']['email'] . ' and send him/her a welcome message with the credentials?' : 'Are you sure you want to reset the password of ' . $user['User']['email'] . ' and send him/her the temporary credentials? ');
+	echo $this->Form->create('User', array('style' => 'margin:0px;', 'id' => 'PromptForm'));
 ?>
 <legend><?php echo $legend; ?></legend>
 <div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
-<p><?php echo $message; ?><br /><input id ="firstTime" type="checkbox" style="margin:0px;">First time registration</p>
+	<p><?php echo $message; ?><br />
+	<?php echo $this->Form->input('firstTime', array('label' => false, 'type' => 'checkbox', 'div' => false, 'style' => 'border:0px;margin:0px;')); ?>First time registration
+	</p>
 	<table>
 		<tr>
 			<td style="vertical-align:top">
@@ -20,7 +23,6 @@
 	</table>
 </div>
 <?php 
-	echo $this->Form->create('User', array('style' => 'margin:0px;', 'id' => 'PromptForm'));
 	echo $this->Form->end();
 ?>
 </div>

app/webroot/js/ajaxification.js

@@ -78,7 +78,6 @@ function initiatePasswordReset(id) {
 function submitPasswordReset(id) {
 	var formData = $('#PromptForm').serialize();
 	var url = "/users/initiatePasswordReset/" + id;
-	if ($('#firstTime').is(":checked")) url += "/true";
 	$.ajax({
 		beforeSend: function (XMLHttpRequest) {
 			$(".loading").show();