fix: [attribute:bro] Restored bro export

The broExport should probably be rewritten to sue the standard restSearch export later on
2023-02-17 16:14:00 +01:00 · 2023-02-17 16:14:00 +01:00 · 2c30e9af7e
parent edfdc5bfa2
commit 2c30e9af7e
2 changed files with 96 additions and 2 deletions
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -4320,8 +4320,8 @@ class EventsController extends AppController
                'checkbox' => false,
            ),
            'bro' => array(
-                // 'url' => $this->baseurl . '/attributes/bro/download/all/false/' . $id,
-                'url' => $this->baseurl . '/attributes/restSearch/returnFormat:bro/published:1||0/eventid:' . $id,
+                'url' => $this->baseurl . '/attributes/bro/download/all/false/' . $id,
+                // 'url' => $this->baseurl . '/attributes/restSearch/returnFormat:bro/published:1||0/eventid:' . $id,
                'text' => __('Bro rules'),
                'requiresPublished' => false,
                'checkbox' => false,
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -3023,6 +3023,100 @@ class Attribute extends AppModel
        return $totalCount + $incrementTotalBy;
    }

+    public function bro($user, $type, $tags = false, $eventId = false, $from = false, $to = false, $last = false, $enforceWarninglist = false, $skipHeader = false)
+    {
+        App::uses('BroExport', 'Export');
+        $export = new BroExport();
+        if ($type == 'all') {
+            $types = array_keys($export->mispTypes);
+        } else {
+            $types = array($type);
+        }
+        $intel = array();
+        foreach ($types as $type) {
+            //restricting to non-private or same org if the user is not a site-admin.
+            $conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1);
+            if ($from) {
+                $conditions['AND']['Event.date >='] = $from;
+            }
+            if ($to) {
+                $conditions['AND']['Event.date <='] = $to;
+            }
+            if ($last) {
+                $conditions['AND']['Event.publish_timestamp >='] = $last;
+            }
+            if ($eventId !== false) {
+                $temp = array();
+                $args = $this->dissectArgs($eventId);
+                foreach ($args[0] as $accepted) {
+                    $temp['OR'][] = array('Event.id' => $accepted);
+                }
+                $conditions['AND'][] = $temp;
+                $temp = array();
+                foreach ($args[1] as $rejected) {
+                    $temp['AND'][] = array('Event.id !=' => $rejected);
+                }
+                $conditions['AND'][] = $temp;
+            }
+            if ($tags !== false) {
+                // If we sent any tags along, load the associated tag names for each attribute
+                $tag = ClassRegistry::init('Tag');
+                $args = $this->dissectArgs($tags);
+                $tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
+                $temp = array();
+                foreach ($tagArray[0] as $accepted) {
+                    $temp['OR'][] = array('Event.id' => $accepted);
+                }
+                $conditions['AND'][] = $temp;
+                $temp = array();
+                foreach ($tagArray[1] as $rejected) {
+                    $temp['AND'][] = array('Event.id !=' => $rejected);
+                }
+                $conditions['AND'][] = $temp;
+            }
+            $this->Allowedlist = ClassRegistry::init('Allowedlist');
+            $this->allowedlist = $this->Allowedlist->getBlockedValues();
+            $instanceString = 'MISP';
+            if (Configure::read('MISP.host_org_id') && Configure::read('MISP.host_org_id') > 0) {
+                $this->Event->Orgc->id = Configure::read('MISP.host_org_id');
+                if ($this->Event->Orgc->exists()) {
+                    $instanceString = $this->Event->Orgc->field('name') . ' MISP';
+                }
+            }
+            $mispTypes = $export->getMispTypes($type);
+            foreach ($mispTypes as $mispType) {
+                $conditions['AND']['Attribute.type'] = $mispType[0];
+                $intel = array_merge($intel, $this->__bro($user, $conditions, $mispType[1], $export, $this->allowedlist, $instanceString, $enforceWarninglist));
+            }
+        }
+        natsort($intel);
+        $intel = array_unique($intel);
+        if (empty($skipHeader)) {
+            array_unshift($intel, $export->header);
+        }
+        return $intel;
+    }
+
+    private function __bro($user, $conditions, $valueField, $export, $allowedlist, $instanceString, $enforceWarninglist)
+    {
+        $attributes = $this->fetchAttributes(
+            $user,
+            array(
+                'conditions' => $conditions, // array of conditions
+                'order' => 'Attribute.value' . $valueField . ' ASC',
+                'recursive' => -1, // int
+                'fields' => array('Attribute.id', 'Attribute.event_id', 'Attribute.type', 'Attribute.category', 'Attribute.comment', 'Attribute.to_ids', 'Attribute.value', 'Attribute.value' . $valueField),
+                'contain' => array('Event' => array('fields' => array('Event.id', 'Event.threat_level_id', 'Event.orgc_id', 'Event.uuid'))),
+                'enforceWarninglist' => $enforceWarninglist,
+                'flatten' => 1
+            )
+        );
+        $orgs = $this->Event->Orgc->find('list', array(
+            'fields' => array('Orgc.id', 'Orgc.name')
+        ));
+        return $export->export($attributes, $orgs, $valueField, $allowedlist, $instanceString);
+    }
+
    public function set_filter_uuid(&$params, $conditions, $options)
    {
        if (!empty($params['uuid'])) {