MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [CS] coding standards script re-run

pull/3910/head
iglocska 2018-11-23 14:11:33 +01:00
parent e7b964b155
commit 2d0259ce13
38 changed files with 2534 additions and 2500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
app/Controller/AppController.php
View File

@ -52,7 +52,7 @@ class AppController extends Controller
public $phprec = '7.0.16';
public $baseurl = '';
public $sql_dump = false;
public $sql_dump = false;
// Used for _isAutomation(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method
// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats
@ -90,7 +90,7 @@ class AppController extends Controller
'ACL',
'RestResponse',
'Flash'
//,'DebugKit.Toolbar'
//,'DebugKit.Toolbar'
);
private function __isApiFunction($controller, $action)
@ -103,9 +103,9 @@ class AppController extends Controller
public function beforeFilter()
{
if (!empty($this->params['named']['sql'])) {
$this->sql_dump = 1;
}
if (!empty($this->params['named']['sql'])) {
$this->sql_dump = 1;
}
// check for a supported datasource configuration
$dataSourceConfig = ConnectionManager::getDataSource('default')->config;
if (!isset($dataSourceConfig['encoding'])) {
@ -360,20 +360,20 @@ class AppController extends Controller
if ($this->Session->check(AuthComponent::$sessionKey)) {
if ($this->action !== 'checkIfLoggedIn' || $this->request->params['controller'] !== 'users') {
$this->User->id = $this->Auth->user('id');
if (!$this->User->exists()) {
$message = __('Something went wrong. Your user account that you are authenticated with doesn\'t exist anymore.');
if ($this->_isRest) {
$this->RestResponse->throwException(
401,
$message
);
} else {
$this->Flash->info($message);
}
$this->Auth->logout();
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
}
$this->User->id = $this->Auth->user('id');
if (!$this->User->exists()) {
$message = __('Something went wrong. Your user account that you are authenticated with doesn\'t exist anymore.');
if ($this->_isRest) {
$this->RestResponse->throwException(
401,
$message
);
} else {
$this->Flash->info($message);
}
$this->Auth->logout();
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
}
if (!empty(Configure::read('MISP.terms_file')) && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array($base_dir.'/users/terms', $base_dir.'/users/logout', $base_dir.'/users/login', $base_dir.'/users/downloadTerms')))) {
//if ($this->_isRest()) throw new MethodNotAllowedException('You have not accepted the terms of use yet, please log in via the web interface and accept them.');
if (!$this->_isRest()) {
@ -454,13 +454,13 @@ class AppController extends Controller
$this->ACL->checkAccess($this->Auth->user(), Inflector::variable($this->request->params['controller']), $this->action);
}
public function afterFilter()
{
if (Configure::read('debug') > 1 && !empty($this->sql_dump) && $this->_isRest()) {
$this->Log = ClassRegistry::init('Log');
echo json_encode($this->Log->getDataSource()->getLog(false, false), JSON_PRETTY_PRINT);
}
}
public function afterFilter()
{
if (Configure::read('debug') > 1 && !empty($this->sql_dump) && $this->_isRest()) {
$this->Log = ClassRegistry::init('Log');
echo json_encode($this->Log->getDataSource()->getLog(false, false), JSON_PRETTY_PRINT);
}
}
public function queryACL($debugType='findMissingFunctionNames', $content = false)
{
@ -505,14 +505,14 @@ class AppController extends Controller
return $this->request->header('Accept') === 'application/json' || $this->RequestHandler->prefers() === 'json';
}
protected function _isCsv($data=false)
{
if ($this->params['ext'] === 'csv' || $this->request->header('Accept') === 'application/csv' || $this->RequestHandler->prefers() === 'csv') {
return true;
} else {
return false;
}
}
protected function _isCsv($data=false)
{
if ($this->params['ext'] === 'csv' || $this->request->header('Accept') === 'application/csv' || $this->RequestHandler->prefers() === 'csv') {
return true;
} else {
return false;
}
}
protected function _isRest()
{
@ -583,7 +583,7 @@ class AppController extends Controller
);
return false;
}
$key = 'json';
$key = 'json';
} else {
if (!$this->Auth->user('id')) {
$exception = $this->RestResponse->throwException(
@ -631,22 +631,22 @@ class AppController extends Controller
}
}
}
foreach ($data as $k => $v) {
if (!is_array($data[$k])) {
$data[$k] = trim($data[$k]);
}
}
if (!empty($options['additional_delimiters'])) {
if (!is_array($options['additional_delimiters'])) {
$options['additional_delimiters'] = array($options['additional_delimiters']);
}
foreach ($data as $k => $v) {
$data[$k] = explode($options['additional_delimiters'][0], str_replace($options['additional_delimiters'], $options['additional_delimiters'][0], $v));
foreach ($data[$k] as $k2 => $value) {
$data[$k][$k2] = trim($data[$k][$k2]);
}
}
}
foreach ($data as $k => $v) {
if (!is_array($data[$k])) {
$data[$k] = trim($data[$k]);
}
}
if (!empty($options['additional_delimiters'])) {
if (!is_array($options['additional_delimiters'])) {
$options['additional_delimiters'] = array($options['additional_delimiters']);
}
foreach ($data as $k => $v) {
$data[$k] = explode($options['additional_delimiters'][0], str_replace($options['additional_delimiters'], $options['additional_delimiters'][0], $v));
foreach ($data[$k] as $k2 => $value) {
$data[$k][$k2] = trim($data[$k][$k2]);
}
}
}
return $data;
}

393
app/Controller/AttributesController.php
View File

@ -59,18 +59,18 @@ class AttributesController extends AppController
{
$this->Attribute->recursive = -1;
if (!$this->_isRest()) {
$this->paginate['recursive'] = -1;
$this->paginate['contain'] = array(
'Event' => array(
$this->paginate['recursive'] = -1;
$this->paginate['contain'] = array(
'Event' => array(
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id', 'Event.date'),
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
'Org' => array('fields' => array('Org.id', 'Org.name'))
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
'Org' => array('fields' => array('Org.id', 'Org.name'))
),
'AttributeTag' => array('Tag'),
'Object' => array(
'AttributeTag' => array('Tag'),
'Object' => array(
'fields' => array('Object.id', 'Object.distribution', 'Object.sharing_group_id')
)
);
);
$this->Attribute->contain(array('AttributeTag' => array('Tag')));
}
$this->set('isSearch', 0);
@ -91,16 +91,16 @@ class AttributesController extends AppController
'fields' => array('Tag.id', 'Tag.name', 'Tag.colour')
));
}
if (!$this->_isRest()) {
$temp = $this->__searchUI($attributes);
$this->loadModel('Galaxy');
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
$attributes = $temp[0];
$sightingsData = $temp[1];
$this->set('sightingsData', $sightingsData);
}
if (!$this->_isRest()) {
$temp = $this->__searchUI($attributes);
$this->loadModel('Galaxy');
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
$attributes = $temp[0];
$sightingsData = $temp[1];
$this->set('sightingsData', $sightingsData);
}
$this->set('orgs', $orgs);
$this->set('shortDist', $this->Attribute->shortDist);
$this->set('shortDist', $this->Attribute->shortDist);
$this->set('attributes', $attributes);
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
@ -166,7 +166,7 @@ class AttributesController extends AppController
} else {
$values = explode("\n", $this->request->data['Attribute']['value']);
}
$temp = $this->request->data['Attribute'];
$temp = $this->request->data['Attribute'];
foreach ($values as $value) {
$temp['value'] = $value;
$attributes[] = $temp;
@ -301,7 +301,7 @@ class AttributesController extends AppController
$v = explode('_', $v);
$failKeys[$k] = intval($v[1]);
}
$failed = 1;
$failed = 1;
$message = sprintf('Attributes saved, however, %s attributes could not be saved. Click %s for more info', count($fails), '$flashErrorMessage');
} else {
if (!empty($fails["attribute_0"])) {
@ -316,25 +316,25 @@ class AttributesController extends AppController
}
}
}
if (!empty($failKeys)) {
$flashErrorMessage = array();
$original_values = trim($this->request->data['Attribute']['value']);
$original_values = explode("\n", $original_values);
foreach ($original_values as $k => $original_value) {
$original_value = trim($original_value);
if (in_array($k, $failKeys)) {
$reason = '';
foreach ($fails["attribute_" . $k] as $failKey => $failData) {
$reason = $failKey . ': ' . $failData[0];
}
$flashErrorMessage[] = '<span class="red bold">' . h($original_value) . '</span> (' . h($reason) . ')';
} else {
$flashErrorMessage[] = '<span class="green bold">' . h($original_value) . '</span>';
}
}
$flashErrorMessage = implode('<br />', $flashErrorMessage);
$this->Session->write('flashErrorMessage', $flashErrorMessage);
}
if (!empty($failKeys)) {
$flashErrorMessage = array();
$original_values = trim($this->request->data['Attribute']['value']);
$original_values = explode("\n", $original_values);
foreach ($original_values as $k => $original_value) {
$original_value = trim($original_value);
if (in_array($k, $failKeys)) {
$reason = '';
foreach ($fails["attribute_" . $k] as $failKey => $failData) {
$reason = $failKey . ': ' . $failData[0];
}
$flashErrorMessage[] = '<span class="red bold">' . h($original_value) . '</span> (' . h($reason) . ')';
} else {
$flashErrorMessage[] = '<span class="green bold">' . h($original_value) . '</span>';
}
}
$flashErrorMessage = implode('<br />', $flashErrorMessage);
$this->Session->write('flashErrorMessage', $flashErrorMessage);
}
if ($this->request->is('ajax')) {
$this->autoRender = false;
$errors = ($attributeCount > 1) ? $message : $this->Attribute->validationErrors;
@ -874,13 +874,13 @@ class AttributesController extends AppController
|| $this->userRole['perm_modify_org'])) {
// Allow the edit
} else {
$message = __('Invalid attribute.');
if ($this->_isRest()) {
throw new MethodNotAllowedException($message);
} else {
$this->Flash->error($message);
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
$message = __('Invalid attribute.');
if ($this->_isRest()) {
throw new MethodNotAllowedException($message);
} else {
$this->Flash->error($message);
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
}
}
if (!$this->_isRest()) {
@ -1568,138 +1568,139 @@ class AttributesController extends AppController
public function search($continue = false)
{
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
$this->set('shortDist', $this->Attribute->shortDist);
if ($this->request->is('post')) {
if (isset($this->request->data['Attribute'])) {
$this->request->data = $this->request->data['Attribute'];
}
$checkForEmpty = array('value', 'tags', 'uuid', 'org', 'type', 'category');
foreach ($checkForEmpty as $field) {
if (empty($this->request->data[$field]) || $this->request->data[$field] === 'ALL') {
unset($this->request->data[$field]);
}
}
if (empty($this->request->data['to_ids'])) {
unset($this->request->data['to_ids']);
$this->request->data['ignore'] = 1;
}
$paramArray = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags');
$filterData = array(
'request' => $this->request,
'named_params' => $this->params['named'],
'paramArray' => $paramArray,
'ordered_url_params' => compact($paramArray),
'additional_delimiters' => PHP_EOL
);
$exception = false;
$filters = $this->_harvestParameters($filterData, $exception);
unset($filterData);
if ($filters === false) {
return $exception;
}
$this->Session->write('search_attributes_filters', json_encode($filters));
} else if ($continue === 'results') {
$filters = $this->Session->read('search_attributes_filters');
if (empty($filters)) {
$filters = array();
} else {
$filters = json_decode($filters, true);
}
} else {
$types = array('' => array('ALL' => 'ALL'), 'types' => array());
$types['types'] = array_merge($types['types'], $this->_arrayToValuesIndexArray(array_keys($this->Attribute->typeDefinitions)));
ksort($types['types']);
$this->set('types', $types);
// combobox for categories
$categories['categories'] = array_merge(array('ALL' => 'ALL'), $this->_arrayToValuesIndexArray(array_keys($this->Attribute->categoryDefinitions)));
$this->set('categories', $categories);
$this->Session->write('search_attributes_filters', null);
}
if (isset($filters)) {
$params = $this->Attribute->restSearch($this->Auth->user(), 'json', $filters, true);
if (!isset($params['conditions']['Attribute.deleted'])) {
$params['conditions']['Attribute.deleted'] = 0;
}
$this->paginate = $params;
if (empty($this->paginate['limit'])) {
$this->paginate['limit'] = 60;
}
if (empty($this->paginate['page'])) {
$this->paginate['page'] = 1;
}
$this->paginate['recursive'] = -1;
$this->paginate['contain'] = array(
'Event' => array(
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
$this->set('shortDist', $this->Attribute->shortDist);
if ($this->request->is('post')) {
if (isset($this->request->data['Attribute'])) {
$this->request->data = $this->request->data['Attribute'];
}
$checkForEmpty = array('value', 'tags', 'uuid', 'org', 'type', 'category');
foreach ($checkForEmpty as $field) {
if (empty($this->request->data[$field]) || $this->request->data[$field] === 'ALL') {
unset($this->request->data[$field]);
}
}
if (empty($this->request->data['to_ids'])) {
unset($this->request->data['to_ids']);
$this->request->data['ignore'] = 1;
}
$paramArray = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags');
$filterData = array(
'request' => $this->request,
'named_params' => $this->params['named'],
'paramArray' => $paramArray,
'ordered_url_params' => compact($paramArray),
'additional_delimiters' => PHP_EOL
);
$exception = false;
$filters = $this->_harvestParameters($filterData, $exception);
unset($filterData);
if ($filters === false) {
return $exception;
}
$this->Session->write('search_attributes_filters', json_encode($filters));
} elseif ($continue === 'results') {
$filters = $this->Session->read('search_attributes_filters');
if (empty($filters)) {
$filters = array();
} else {
$filters = json_decode($filters, true);
}
} else {
$types = array('' => array('ALL' => 'ALL'), 'types' => array());
$types['types'] = array_merge($types['types'], $this->_arrayToValuesIndexArray(array_keys($this->Attribute->typeDefinitions)));
ksort($types['types']);
$this->set('types', $types);
// combobox for categories
$categories['categories'] = array_merge(array('ALL' => 'ALL'), $this->_arrayToValuesIndexArray(array_keys($this->Attribute->categoryDefinitions)));
$this->set('categories', $categories);
$this->Session->write('search_attributes_filters', null);
}
if (isset($filters)) {
$params = $this->Attribute->restSearch($this->Auth->user(), 'json', $filters, true);
if (!isset($params['conditions']['Attribute.deleted'])) {
$params['conditions']['Attribute.deleted'] = 0;
}
$this->paginate = $params;
if (empty($this->paginate['limit'])) {
$this->paginate['limit'] = 60;
}
if (empty($this->paginate['page'])) {
$this->paginate['page'] = 1;
}
$this->paginate['recursive'] = -1;
$this->paginate['contain'] = array(
'Event' => array(
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id', 'Event.date'),
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
'Org' => array('fields' => array('Org.id', 'Org.name'))
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
'Org' => array('fields' => array('Org.id', 'Org.name'))
),
'AttributeTag' => array('Tag'),
'Object' => array(
'AttributeTag' => array('Tag'),
'Object' => array(
'fields' => array('Object.id', 'Object.distribution', 'Object.sharing_group_id')
)
);
$attributes = $this->paginate();
if (!$this->_isRest()) {
$temp = $this->__searchUI($attributes);
$this->loadModel('Galaxy');
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
$attributes = $temp[0];
$sightingsData = $temp[1];
$this->set('sightingsData', $sightingsData);
} else {
return $this->RestResponse->viewData($attributes, $this->response->type());
}
$this->set('filters', $filters);
$this->set('attributes', $attributes);
$this->set('isSearch', 1);
$this->render('index');
}
);
$attributes = $this->paginate();
if (!$this->_isRest()) {
$temp = $this->__searchUI($attributes);
$this->loadModel('Galaxy');
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
$attributes = $temp[0];
$sightingsData = $temp[1];
$this->set('sightingsData', $sightingsData);
} else {
return $this->RestResponse->viewData($attributes, $this->response->type());
}
$this->set('filters', $filters);
$this->set('attributes', $attributes);
$this->set('isSearch', 1);
$this->render('index');
}
if (isset($attributeTags)) {
$this->set('attributeTags', $attributeTags);
}
}
private function __searchUI($attributes) {
$sightingsData = array();
$sgids = $this->Attribute->Event->cacheSgids($this->Auth->user(), true);
$this->Feed = ClassRegistry::init('Feed');
if (!empty($options['overrideLimit'])) {
$overrideLimit = true;
} else {
$overrideLimit = false;
}
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
$this->loadModel('Sighting');
foreach ($attributes as $k => $attribute) {
$attributes[$k]['Attribute']['AttributeTag'] = $attributes[$k]['AttributeTag'];
$attributes[$k]['Attribute'] = $this->Attribute->Event->massageTags($attributes[$k]['Attribute'], 'Attribute');
unset($attributes[$k]['AttributeTag']);
foreach ($attributes[$k]['Attribute']['AttributeTag'] as $k2 => $attributeTag) {
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
unset($attributes[$k]['Attribute']['AttributeTag'][$k2]);
}
}
$sightingsData = array_merge(
$sightingsData,
$this->Sighting->attachToEvent($attribute, $this->Auth->user(), $attributes[$k]['Attribute']['id'], $extraConditions = false)
);
$correlations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $attributes[$k]['Attribute']['id'], false, false, 'attribute');
if (!empty($correlations)) {
$attributes[$k]['Attribute']['RelatedAttribute'] = $correlations[$attributes[$k]['Attribute']['id']];
}
$temp = $this->Feed->attachFeedCorrelations(array($attributes[$k]['Attribute']), $this->Auth->user, $attributes[$k]['Event'], $overrideLimit);
if (!empty($temp)) {
$attributes[$k]['Attribute'] = $temp[0];
}
}
$sightingsData = $this->Attribute->Event->getSightingData(array('Sighting' => $sightingsData));
return array($attributes, $sightingsData);
}
private function __searchUI($attributes)
{
$sightingsData = array();
$sgids = $this->Attribute->Event->cacheSgids($this->Auth->user(), true);
$this->Feed = ClassRegistry::init('Feed');
if (!empty($options['overrideLimit'])) {
$overrideLimit = true;
} else {
$overrideLimit = false;
}
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
$this->loadModel('Sighting');
foreach ($attributes as $k => $attribute) {
$attributes[$k]['Attribute']['AttributeTag'] = $attributes[$k]['AttributeTag'];
$attributes[$k]['Attribute'] = $this->Attribute->Event->massageTags($attributes[$k]['Attribute'], 'Attribute');
unset($attributes[$k]['AttributeTag']);
foreach ($attributes[$k]['Attribute']['AttributeTag'] as $k2 => $attributeTag) {
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
unset($attributes[$k]['Attribute']['AttributeTag'][$k2]);
}
}
$sightingsData = array_merge(
$sightingsData,
$this->Sighting->attachToEvent($attribute, $this->Auth->user(), $attributes[$k]['Attribute']['id'], $extraConditions = false)
);
$correlations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $attributes[$k]['Attribute']['id'], false, false, 'attribute');
if (!empty($correlations)) {
$attributes[$k]['Attribute']['RelatedAttribute'] = $correlations[$attributes[$k]['Attribute']['id']];
}
$temp = $this->Feed->attachFeedCorrelations(array($attributes[$k]['Attribute']), $this->Auth->user, $attributes[$k]['Event'], $overrideLimit);
if (!empty($temp)) {
$attributes[$k]['Attribute'] = $temp[0];
}
}
$sightingsData = $this->Attribute->Event->getSightingData(array('Sighting' => $sightingsData));
return array($attributes, $sightingsData);
}
// If the checkbox for the alternate search is ticked, then this method is called to return the data to be represented
// This alternate view will show a list of events with matching search results and the percentage of those matched attributes being marked as to_ids
@ -1768,7 +1769,8 @@ class AttributesController extends AppController
$this->set('fails', $this->Attribute->checkComposites());
}
public function restSearch($returnFormat = 'json', $value = false, $type = false, $category = false, $org = false, $tags = false, $from = false, $to = false, $last = false, $eventid = false, $withAttachments = false, $uuid = false, $publish_timestamp = false, $published = false, $timestamp = false, $enforceWarninglist = false, $to_ids = false, $deleted = false, $includeEventUuid = false, $event_timestamp = false, $threat_level_id = false) {
public function restSearch($returnFormat = 'json', $value = false, $type = false, $category = false, $org = false, $tags = false, $from = false, $to = false, $last = false, $eventid = false, $withAttachments = false, $uuid = false, $publish_timestamp = false, $published = false, $timestamp = false, $enforceWarninglist = false, $to_ids = false, $deleted = false, $includeEventUuid = false, $event_timestamp = false, $threat_level_id = false)
{
$paramArray = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags', 'includeProposals');
$filterData = array(
'request' => $this->request,
@ -1776,26 +1778,26 @@ class AttributesController extends AppController
'paramArray' => $paramArray,
'ordered_url_params' => compact($paramArray)
);
$validFormats = $this->Attribute->validFormats;
$validFormats = $this->Attribute->validFormats;
$exception = false;
$filters = $this->_harvestParameters($filterData, $exception);
unset($filterData);
if ($filters === false) {
return $exception;
return $exception;
}
$list = array();
$user = $this->_getApiAuthUser($returnFormat, $exception);
if ($user === false) {
return $exception;
return $exception;
}
if (isset($filters['returnFormat'])) {
$returnFormat = $filters['returnFormat'];
$returnFormat = $filters['returnFormat'];
}
if ($returnFormat === 'download') {
$returnFormat = 'json';
}
$elementCounter = 0;
$final = $this->Attribute->restSearch($user, $returnFormat, $filters, false, false, $elementCounter);
if ($returnFormat === 'download') {
$returnFormat = 'json';
}
$elementCounter = 0;
$final = $this->Attribute->restSearch($user, $returnFormat, $filters, false, false, $elementCounter);
$responseType = $validFormats[$returnFormat][0];
return $this->RestResponse->viewData($final, $responseType, false, true, false, array('X-result-count' => $elementCounter));
}
@ -2720,9 +2722,9 @@ class AttributesController extends AppController
throw new MethodNotAllowedException(__('No valid enrichment options found for this attribute.'));
}
$data = array('module' => $type, $attribute[0]['Attribute']['type'] => $attribute[0]['Attribute']['value']);
if ($persistent) {
$data['persistent'] = 1;
}
if ($persistent) {
$data['persistent'] = 1;
}
if (!empty($options)) {
$data['config'] = $options;
}
@ -3083,19 +3085,18 @@ class AttributesController extends AppController
return new CakeResponse(array('body'=>$counter, 'status'=>200));
}
public function exportSearch($type = false)
{
if (empty($type)) {
$exports = array_keys($this->Attribute->validFormats);
$this->set('exports', $exports);
$this->render('ajax/exportSearch');
} else {
$filters = $this->Session->read('search_attributes_filters');
$filters = json_decode($filters, true);
$final = $this->Attribute->restSearch($this->Auth->user(), $type, $filters);
$responseType = $this->Attribute->validFormats[$type][0];
return $this->RestResponse->viewData($final, $responseType, false, true, 'search.' . $type . '.' . $responseType);
}
}
public function exportSearch($type = false)
{
if (empty($type)) {
$exports = array_keys($this->Attribute->validFormats);
$this->set('exports', $exports);
$this->render('ajax/exportSearch');
} else {
$filters = $this->Session->read('search_attributes_filters');
$filters = json_decode($filters, true);
$final = $this->Attribute->restSearch($this->Auth->user(), $type, $filters);
$responseType = $this->Attribute->validFormats[$type][0];
return $this->RestResponse->viewData($final, $responseType, false, true, 'search.' . $type . '.' . $responseType);
}
}
}

14
app/Controller/Component/ACLComponent.php
View File

@ -48,7 +48,7 @@ class ACLComponent extends Component
'edit' => array('perm_add'),
'editField' => array('perm_add'),
'editSelected' => array('perm_add'),
'exportSearch' => array('*'),
'exportSearch' => array('*'),
'fetchEditForm' => array('perm_add'),
'fetchViewValue' => array('*'),
'generateCorrelation' => array(),
@ -186,7 +186,7 @@ class ACLComponent extends Component
),
'galaxyClusters' => array(
'attachToEvent' => array('perm_tagger'),
'delete' => array('perm_site_admin'),
'delete' => array('perm_site_admin'),
'detach' => array('perm_tagger'),
'index' => array('*'),
'view' => array('*')
@ -314,7 +314,7 @@ class ACLComponent extends Component
'edit' => array(),
'fetchServersForSG' => array('*'),
'filterEventIndex' => array(),
'getApiInfo' => array('*'),
'getApiInfo' => array('*'),
'getGit' => array(),
'getInstanceUUID' => array('perm_sync'),
'getPyMISPVersion' => array('*'),
@ -474,7 +474,7 @@ class ACLComponent extends Component
'view' => array('*'),
),
'warninglists' => array(
'checkValue' => array('perm_auth'),
'checkValue' => array('perm_auth'),
'delete' => array(),
'enableWarninglist' => array(),
'getToggleField' => array(),
@ -549,9 +549,9 @@ class ACLComponent extends Component
private function __error($code, $message, $soft = false)
{
if ($soft) {
return $code;
}
if ($soft) {
return $code;
}
switch ($code) {
case 404:
throw new NotFoundException($message);

6
app/Controller/Component/BlackListComponent.php
View File

@ -12,9 +12,9 @@ class BlackListComponent extends Component
public function index($rest = false, $filters = array())
{
if (!empty($filters)) {
$this->controller->paginate['conditions'] = $filters;
}
if (!empty($filters)) {
$this->controller->paginate['conditions'] = $filters;
}
if ($this->controller->response->type() === 'application/json' || $this->controller->response->type() == 'application/xml' || $rest) {
$blackList = $this->controller->paginate();
$blacklist= array();

368
app/Controller/Component/RestResponseComponent.php
View File

@ -11,7 +11,7 @@ class RestResponseComponent extends Component
)
);
private $___setup = false;
private $___setup = false;
private $__descriptions = array(
'Attribute' => array(
@ -38,16 +38,16 @@ class RestResponseComponent extends Component
'optional' => array('event_id', 'allow_hard_delete'),
'params' => array('event_id')
),
'restSearch' => array(
'description' => "Search MISP using a list of filter parameters and return the data
'restSearch' => array(
'description' => "Search MISP using a list of filter parameters and return the data
in the selected format. The search is available on an event and an attribute level,
just select the scope via the URL (/events/restSearch vs /attributes/restSearch).
Besides the parameters listed, other, format specific ones can be passed along (for example: requested_attributes and includeContext for the CSV export).
This API allows pagination via the page and limit parameters.",
'mandatory' => array('returnFormat'),
'optional' => array('page', 'limit', 'value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'includeEventTags', 'event_timestamp', 'threat_level_id', 'eventinfo', 'includeProposals'),
'params' => array()
)
'mandatory' => array('returnFormat'),
'optional' => array('page', 'limit', 'value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'includeEventTags', 'event_timestamp', 'threat_level_id', 'eventinfo', 'includeProposals'),
'params' => array()
)
),
'Event' => array(
'add' => array(
@ -62,28 +62,28 @@ class RestResponseComponent extends Component
'optional' => array('info', 'threat_level_id', 'analysis', 'distribution', 'sharing_group_id', 'uuid', 'published', 'timestamp', 'date', 'Attribute', 'Object', 'Shadow_Attribute', 'EventTag'),
'params' => array('event_id')
),
'index' => array(
'description' => 'POST a JSON filter object to this API to get the meta-data about matching events.',
'optional' => array('all', 'attribute', 'published', 'eventid', 'datefrom', 'dateuntil', 'org', 'eventinfo', 'tag', 'tags', 'distribution', 'sharinggroup', 'analysis', 'threatlevel', 'email', 'hasproposal', 'timestamp', 'publishtimestamp', 'publish_timestamp', 'minimal')
),
'restSearch' => array(
'description' => "Search MISP using a list of filter parameters and return the data
'index' => array(
'description' => 'POST a JSON filter object to this API to get the meta-data about matching events.',
'optional' => array('all', 'attribute', 'published', 'eventid', 'datefrom', 'dateuntil', 'org', 'eventinfo', 'tag', 'tags', 'distribution', 'sharinggroup', 'analysis', 'threatlevel', 'email', 'hasproposal', 'timestamp', 'publishtimestamp', 'publish_timestamp', 'minimal')
),
'restSearch' => array(
'description' => "Search MISP using a list of filter parameters and return the data
in the selected format. The search is available on an event and an attribute level,
just select the scope via the URL (/events/restSearch vs /attributes/restSearch).
Besides the parameters listed, other, format specific ones can be passed along (for example: requested_attributes and includeContext for the CSV export).
This API allows pagination via the page and limit parameters.",
'mandatory' => array('returnFormat'),
'optional' => array('page', 'limit', 'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments', 'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'eventinfo'),
'params' => array()
)
'mandatory' => array('returnFormat'),
'optional' => array('page', 'limit', 'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments', 'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'eventinfo'),
'params' => array()
)
),
'EventGraph' => array(
'add' => array(
'description' => "POST a network in JSON format to this API to to keep an history of it",
'mandatory' => array('event_id', 'network_json'),
'optional' => array('network_name')
)
),
'EventGraph' => array(
'add' => array(
'description' => "POST a network in JSON format to this API to to keep an history of it",
'mandatory' => array('event_id', 'network_json'),
'optional' => array('network_name')
)
),
'Feed' => array(
'add' => array(
'description' => "POST a MISP Feed descriptor JSON to this API to add a Feed.",
@ -98,15 +98,15 @@ class RestResponseComponent extends Component
'params' => array('feed_id')
),
),
'Log' => array(
'admin_index' => array(
'description' => "POST a filter object to receive a JSON with the log entries matching the query. A simple get request will return the entire DB. You can use the filter parameters as url parameters with a GET request such as: https://path.to.my.misp/admin/logs/page:1/limit:200 - to run substring queries simply append/prepend/encapsulate the search term with %. All restSearch rules apply.",
"optional" => array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip')
),
'event_index' => array(
'description' => "Simply run a get request on this endpoint to get the relevant log entries for a given event. This functionality is open to any user having access to a given event."
)
),
'Log' => array(
'admin_index' => array(
'description' => "POST a filter object to receive a JSON with the log entries matching the query. A simple get request will return the entire DB. You can use the filter parameters as url parameters with a GET request such as: https://path.to.my.misp/admin/logs/page:1/limit:200 - to run substring queries simply append/prepend/encapsulate the search term with %. All restSearch rules apply.",
"optional" => array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip')
),
'event_index' => array(
'description' => "Simply run a get request on this endpoint to get the relevant log entries for a given event. This functionality is open to any user having access to a given event."
)
),
'Organisation' => array(
'admin_add' => array(
'description' => "POST an Organisation object in JSON format to this API to create a new organsiation.",
@ -124,40 +124,40 @@ class RestResponseComponent extends Component
'description' => "POST a Role object in JSON format to this API to create a new role. 'permission' sets the data access permission (0 => read only, 1 => add/edit own, 2 => add/edit org, 3 => publish)",
'mandatory' => array('name'),
'optional' => array(
'perm_delegate',
'perm_sync',
'perm_admin',
'perm_audit',
'perm_auth',
'perm_site_admin',
'perm_regexp_access',
'perm_tagger',
'perm_template',
'perm_sharing_group',
'perm_tag_editor',
'default_role',
'perm_sighting',
'permission'
'perm_delegate',
'perm_sync',
'perm_admin',
'perm_audit',
'perm_auth',
'perm_site_admin',
'perm_regexp_access',
'perm_tagger',
'perm_template',
'perm_sharing_group',
'perm_tag_editor',
'default_role',
'perm_sighting',
'permission'
)
),
'admin_edit' => array(
'description' => "POST a Role object in JSON format to this API to edit a role. 'permission' sets the data access permission (0 => read only, 1 => add/edit own, 2 => add/edit org, 3 => publish)",
'mandatory' => array('name'),
'optional' => array(
'perm_delegate',
'perm_sync',
'perm_admin',
'perm_audit',
'perm_auth',
'perm_site_admin',
'perm_regexp_access',
'perm_tagger',
'perm_template',
'perm_sharing_group',
'perm_tag_editor',
'default_role',
'perm_sighting',
'permission'
'description' => "POST a Role object in JSON format to this API to edit a role. 'permission' sets the data access permission (0 => read only, 1 => add/edit own, 2 => add/edit org, 3 => publish)",
'mandatory' => array('name'),
'optional' => array(
'perm_delegate',
'perm_sync',
'perm_admin',
'perm_audit',
'perm_auth',
'perm_site_admin',
'perm_regexp_access',
'perm_tagger',
'perm_template',
'perm_sharing_group',
'perm_tag_editor',
'default_role',
'perm_sighting',
'permission'
)
)
),
@ -171,9 +171,9 @@ class RestResponseComponent extends Component
'description' => "POST an Server object in JSON format to this API to edit a server.",
'optional' => array('url', 'name', 'authkey', 'json', 'push', 'pull', 'push_rules', 'pull_rules', 'submitted_cert', 'submitted_client_cert', 'remote_org_id')
),
'serverSettings' => array(
'description' => "Send a GET request to this endpoint to get a full diagnostic along with all currently set settings of the current instance. This will also include the worker status"
)
'serverSettings' => array(
'description' => "Send a GET request to this endpoint to get a full diagnostic along with all currently set settings of the current instance. This will also include the worker status"
)
),
'Sighting' => array(
'add' => array(
@ -235,94 +235,96 @@ class RestResponseComponent extends Component
'mandatory' => array('subject', 'body')
)
),
'Warninglist' => array(
'checkValue' => array(
'description' => "POST a JSON list with value(s) to check against the warninglists to get a JSON dictionary as a response with any hits, if there are any (with the key being the passed value triggering a warning).",
'mandatory' => array('[]')
),
'toggleEnable' => array(
'description' => "POST a json object with a single or a list of warninglist IDsIDs, or alternatively a (list of) substring(s) that match the names of warninglist(s) to toggle whether they're enabled or disabled. Specify the optional enabled boolean flag if you would like to enforce the outcome state. Not setting this flag will just toggle the current state.",'mandatory' => array('id'),
'optional' => array('id', 'name', 'enabled')
)
)
'Warninglist' => array(
'checkValue' => array(
'description' => "POST a JSON list with value(s) to check against the warninglists to get a JSON dictionary as a response with any hits, if there are any (with the key being the passed value triggering a warning).",
'mandatory' => array('[]')
),
'toggleEnable' => array(
'description' => "POST a json object with a single or a list of warninglist IDsIDs, or alternatively a (list of) substring(s) that match the names of warninglist(s) to toggle whether they're enabled or disabled. Specify the optional enabled boolean flag if you would like to enforce the outcome state. Not setting this flag will just toggle the current state.",'mandatory' => array('id'),
'optional' => array('id', 'name', 'enabled')
)
)
);
public function getAllApis($user, $Server)
{
$this->__setup();
$result = array();
foreach ($this->__descriptions as $controller => $actions) {
$controller = Inflector::tableize($controller);
foreach ($actions as $action => $data) {
if ($Server->ACL->checkAccess($user, $controller, $action, true) === true) {
$admin_routing = '';
if (substr($action, 0, 6) === 'admin_') {
$action = substr($action, 6);
$admin_routing = 'admin/';
}
$data['api_name'] = '[' . $controller . '] ' . $action;
$data['body'] = array();
$filter_types = array('mandatory', 'optional');
foreach ($filter_types as $filter_type) {
if (!empty($data[$filter_type])) {
foreach ($data[$filter_type] as $filter_items) {
if (!is_array($filter_items)) {
$filter_items = array($filter_items);
}
foreach ($filter_items as $filter) {
if ($filter === lcfirst($filter)) {
$data['body'][$filter] = $filter_type;
} else {
$data['body'][$filter] = array($filter_type);
}
}
}
}
}
$data['body'] = json_encode($data['body'], JSON_PRETTY_PRINT);
$url = '/' . $admin_routing . $controller . '/' . $action;
$data['url'] = $url;
if (!empty($data['params'])) {
foreach ($data['params'] as $param) {
$data['url'] .= '/[' . $param . ']';
}
}
$result[$url] = $data;
}
}
}
return $result;
}
public function getAllApis($user, $Server)
{
$this->__setup();
$result = array();
foreach ($this->__descriptions as $controller => $actions) {
$controller = Inflector::tableize($controller);
foreach ($actions as $action => $data) {
if ($Server->ACL->checkAccess($user, $controller, $action, true) === true) {
$admin_routing = '';
if (substr($action, 0, 6) === 'admin_') {
$action = substr($action, 6);
$admin_routing = 'admin/';
}
$data['api_name'] = '[' . $controller . '] ' . $action;
$data['body'] = array();
$filter_types = array('mandatory', 'optional');
foreach ($filter_types as $filter_type) {
if (!empty($data[$filter_type])) {
foreach ($data[$filter_type] as $filter_items) {
if (!is_array($filter_items)) {
$filter_items = array($filter_items);
}
foreach ($filter_items as $filter) {
if ($filter === lcfirst($filter)) {
$data['body'][$filter] = $filter_type;
} else {
$data['body'][$filter] = array($filter_type);
}
}
}
}
}
$data['body'] = json_encode($data['body'], JSON_PRETTY_PRINT);
$url = '/' . $admin_routing . $controller . '/' . $action;
$data['url'] = $url;
if (!empty($data['params'])) {
foreach ($data['params'] as $param) {
$data['url'] .= '/[' . $param . ']';
}
}
$result[$url] = $data;
}
}
}
return $result;
}
// use a relative path to check if the current api has a description
public function getApiInfo($relative_path)
{
$this->__setup();
$relative_path = trim($relative_path, '/');
$relative_path = explode('/', $relative_path);
$admin = false;
if (count($relative_path) >= 2) {
if ($relative_path[0] == 'admin') {
if (count($relative_path) < 3) {
return '[]';
}
$admin = true;
$relative_path = array_slice($relative_path, 1);
}
$relative_path[0] = Inflector::camelize(Inflector::singularize($relative_path[0]));
if ($admin) {
$relative_path[1] = 'admin_' . $relative_path[1];
}
if (isset($this->__descriptions[$relative_path[0]][$relative_path[1]])) {
$temp = $this->__descriptions[$relative_path[0]][$relative_path[1]];
} else {
$temp = array();
}
if (empty($temp)) return '[]';
return json_encode(array('api_info' => $temp));
}
return '[]';
}
// use a relative path to check if the current api has a description
public function getApiInfo($relative_path)
{
$this->__setup();
$relative_path = trim($relative_path, '/');
$relative_path = explode('/', $relative_path);
$admin = false;
if (count($relative_path) >= 2) {
if ($relative_path[0] == 'admin') {
if (count($relative_path) < 3) {
return '[]';
}
$admin = true;
$relative_path = array_slice($relative_path, 1);
}
$relative_path[0] = Inflector::camelize(Inflector::singularize($relative_path[0]));
if ($admin) {
$relative_path[1] = 'admin_' . $relative_path[1];
}
if (isset($this->__descriptions[$relative_path[0]][$relative_path[1]])) {
$temp = $this->__descriptions[$relative_path[0]][$relative_path[1]];
} else {
$temp = array();
}
if (empty($temp)) {
return '[]';
}
return json_encode(array('api_info' => $temp));
}
return '[]';
}
public function saveFailResponse($controller, $action, $id = false, $validationErrors, $format = false)
{
@ -382,11 +384,11 @@ class RestResponseComponent extends Component
$type = 'json';
}
$cakeResponse = new CakeResponse(array('body'=> $response, 'status' => $code, 'type' => $type));
if (!empty($headers)) {
foreach ($headers as $key => $value) {
$cakeResponse->header($key, $value);
}
}
if (!empty($headers)) {
foreach ($headers as $key => $value) {
$cakeResponse->header($key, $value);
}
}
if ($download) {
$cakeResponse->download($download);
}
@ -417,14 +419,15 @@ class RestResponseComponent extends Component
return $this->__sendResponse($data, 200, $format, $raw, $download, $headers);
}
public function sendFile($path, $format = false, $download = false, $name = 'download') {
$cakeResponse = new CakeResponse(array(
'status' => 200,
'type' => $format
));
$cakeResponse->file($path, array('name' => $name, 'download' => true));
return $cakeResponse;
}
public function sendFile($path, $format = false, $download = false, $name = 'download')
{
$cakeResponse = new CakeResponse(array(
'status' => 200,
'type' => $format
));
$cakeResponse->file($path, array('name' => $name, 'download' => true));
return $cakeResponse;
}
public function throwException($code, $message, $url = '', $format = false, $raw = false)
{
@ -438,7 +441,7 @@ class RestResponseComponent extends Component
public function describe($controller, $action, $id = false, $format = false)
{
$this->__setup();
$this->__setup();
$actionArray = $this->__dissectAdminRouting($action);
$response['name'] = $this->__generateURL($actionArray, $controller, false) . ' API description';
$response['description'] = isset($this->__descriptions[Inflector::singularize($controller)][$action]['description']) ? $this->__descriptions[Inflector::singularize($controller)][$action]['description'] : 'This API is not accessible via GET requests.';
@ -458,20 +461,21 @@ class RestResponseComponent extends Component
return $this->__sendResponse($response, 200, $format);
}
private function __setup() {
if (!$this->__setup) {
$scopes = array('Event', 'Attribute', 'Sighting');
foreach ($scopes as $scope) {
$this->{$scope} = ClassRegistry::init($scope);
$this->__descriptions[$scope]['restSearch'] = array(
'description' => $this->__descriptions[$scope]['restSearch']['description'],
'returnFormat' => array_keys($this->{$scope}->validFormats),
'mandatory' => $this->__descriptions[$scope]['restSearch']['mandatory'],
'optional' => $this->__descriptions[$scope]['restSearch']['optional'],
'params' => $this->__descriptions[$scope]['restSearch']['params']
);
}
}
return true;
}
private function __setup()
{
if (!$this->__setup) {
$scopes = array('Event', 'Attribute', 'Sighting');
foreach ($scopes as $scope) {
$this->{$scope} = ClassRegistry::init($scope);
$this->__descriptions[$scope]['restSearch'] = array(
'description' => $this->__descriptions[$scope]['restSearch']['description'],
'returnFormat' => array_keys($this->{$scope}->validFormats),
'mandatory' => $this->__descriptions[$scope]['restSearch']['mandatory'],
'optional' => $this->__descriptions[$scope]['restSearch']['optional'],
'params' => $this->__descriptions[$scope]['restSearch']['params']
);
}
}
return true;
}
}

14
app/Controller/EventBlacklistsController.php
View File

@ -27,13 +27,13 @@ class EventBlacklistsController extends AppController
public function index()
{
$params = array();
$validParams = array('event_uuid', 'comment');
foreach ($validParams as $validParam) {
if (!empty($this->params['named'][$validParam])) {
$params[$validParam] = $this->params['named'][$validParam];
}
}
$params = array();
$validParams = array('event_uuid', 'comment');
foreach ($validParams as $validParam) {
if (!empty($this->params['named'][$validParam])) {
$params[$validParam] = $this->params['named'][$validParam];
}
}
$this->BlackList->index($this->_isRest(), $params);
}

136
app/Controller/EventsController.php
View File

@ -818,11 +818,11 @@ class EventsController extends AppController
$this->set('analysisLevels', $this->Event->analysisLevels);
$this->set('distributionLevels', $this->Event->distributionLevels);
$this->set('shortDist', $this->Event->shortDist);
if ($this->params['ext'] === 'csv') {
App::uses('CsvExport', 'Export');
$export = new CsvExport();
return $this->RestResponse->viewData($export->eventIndex($events), 'csv');
}
if ($this->params['ext'] === 'csv') {
App::uses('CsvExport', 'Export');
$export = new CsvExport();
return $this->RestResponse->viewData($export->eventIndex($events), 'csv');
}
if ($this->request->is('ajax')) {
$this->autoRender = false;
$this->layout = false;
@ -1001,13 +1001,13 @@ class EventsController extends AppController
}
$conditions['includeFeedCorrelations'] = true;
$conditions['includeAllTags'] = true;
$conditions['includeGranularCorrelations'] = 1;
if (!empty($this->params['named']['includeRelatedTags'])) {
$this->set('includeRelatedTags', 1);
$conditions['includeRelatedTags'] = 1;
} else {
$this->set('includeRelatedTags', 0);
}
$conditions['includeGranularCorrelations'] = 1;
if (!empty($this->params['named']['includeRelatedTags'])) {
$this->set('includeRelatedTags', 1);
$conditions['includeRelatedTags'] = 1;
} else {
$this->set('includeRelatedTags', 0);
}
$results = $this->Event->fetchEvent($this->Auth->user(), $conditions);
if (empty($results)) {
throw new NotFoundException(__('Invalid event'));
@ -1158,7 +1158,7 @@ class EventsController extends AppController
}
$this->set('sightingTypes', $this->Sighting->type);
$this->set('currentUri', $this->params->here);
$this->layout = false;
$this->layout = false;
$this->render('/Elements/eventattribute');
}
@ -1380,7 +1380,7 @@ class EventsController extends AppController
if (isset($this->params['named']['deleted']) && $this->params['named']['deleted']) {
$conditions['deleted'] = 1;
}
if (isset($this->params['named']['includeRelatedTags']) && $this->params['named']['includeRelatedTags']) {
if (isset($this->params['named']['includeRelatedTags']) && $this->params['named']['includeRelatedTags']) {
$conditions['includeRelatedTags'] = 1;
}
if (isset($this->params['named']['public']) && $this->params['named']['public']) {
@ -1399,9 +1399,9 @@ class EventsController extends AppController
$this->set('extended', 0);
}
$conditions['includeFeedCorrelations'] = true;
if (!$this->_isRest()) {
$conditions['includeGranularCorrelations'] = 1;
}
if (!$this->_isRest()) {
$conditions['includeGranularCorrelations'] = 1;
}
$results = $this->Event->fetchEvent($this->Auth->user(), $conditions);
if (empty($results)) {
throw new NotFoundException(__('Invalid event'));
@ -1415,7 +1415,7 @@ class EventsController extends AppController
$this->set('event', $event);
}
$this->set('deleted', isset($this->params['named']['deleted']) && $this->params['named']['deleted']);
$this->set('includeRelatedTags', (!empty($this->params['named']['includeRelatedTags'])) ? 1 : 0);
$this->set('includeRelatedTags', (!empty($this->params['named']['includeRelatedTags'])) ? 1 : 0);
if (!$this->_isRest()) {
$this->__viewUI($event, $continue, $fromEvent);
}
@ -1911,13 +1911,13 @@ class EventsController extends AppController
// check if private and user not authorised to edit
if (!$this->_isSiteAdmin() && !($this->userRole['perm_sync'] && $this->_isRest())) {
if (($this->Event->data['Event']['orgc_id'] != $this->_checkOrg()) || !($this->userRole['perm_modify'])) {
$message = __('You are not authorised to do that. Please consider using the \'propose attribute\' feature.');
if ($this->_isRest()) {
throw new MethodNotAllowedException($message);
} else {
$this->Flash->error($message);
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
$message = __('You are not authorised to do that. Please consider using the \'propose attribute\' feature.');
if ($this->_isRest()) {
throw new MethodNotAllowedException($message);
} else {
$this->Flash->error($message);
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
}
}
if (!$this->_isRest()) {
@ -2323,9 +2323,9 @@ class EventsController extends AppController
$rpzSettings = $this->Server->retrieveCurrentSettings('Plugin', 'RPZ_');
$this->set('rpzSettings', $rpzSettings);
$this->set('hashTypes', array_keys($this->Event->Attribute->hashTypes));
if ($legacy) {
$this->render('legacy_automation');
}
if ($legacy) {
$this->render('legacy_automation');
}
}
public function export()
@ -2727,15 +2727,15 @@ class EventsController extends AppController
if ($user === false) {
return $exception;
}
if (!empty($eventid) && !is_array($eventid)) {
$filename = 'misp.csv.event' . $eventid . '.csv';
} else {
$filename = 'misp.csv.filtered_results.csv';
}
if (!isset($filters['ignore'])) {
$filters['ignore'] = 0;
}
$final = $this->Event->restSearch($user, 'csv', $filters);
if (!empty($eventid) && !is_array($eventid)) {
$filename = 'misp.csv.event' . $eventid . '.csv';
} else {
$filename = 'misp.csv.filtered_results.csv';
}
if (!isset($filters['ignore'])) {
$filters['ignore'] = 0;
}
$final = $this->Event->restSearch($user, 'csv', $filters);
// if it's a search, grab the attributeIDList from the session and get the IDs from it. Use those as the condition
// We don't need to look out for permissions since that's filtered by the search itself
// We just want all the attributes found by the search
@ -2977,16 +2977,30 @@ class EventsController extends AppController
// && - you can use && between two search values to put a logical OR between them. for value, 1.1.1.1&&2.2.2.2 would find attributes with the value being either of the two.
// ! - you can negate a search term. For example: google.com&&!mail would search for all attributes with value google.com but not ones that include mail. www.google.com would get returned, mail.google.com wouldn't.
public function restSearch(
$returnFormat = 'json', $value = false, $type = false, $category = false, $org = false, $tags = false,
$searchall = false, $from = false, $to = false, $last = false, $eventid = false, $withAttachments = false,
$metadata = false, $uuid = false, $publish_timestamp = false, $timestamp = false, $published = false, $enforceWarninglist = false,
$sgReferenceOnly = false
)
{
$returnFormat = 'json',
$value = false,
$type = false,
$category = false,
$org = false,
$tags = false,
$searchall = false,
$from = false,
$to = false,
$last = false,
$eventid = false,
$withAttachments = false,
$metadata = false,
$uuid = false,
$publish_timestamp = false,
$timestamp = false,
$published = false,
$enforceWarninglist = false,
$sgReferenceOnly = false
) {
$paramArray = array(
'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments',
'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly'
);
'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments',
'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly'
);
$filterData = array(
'request' => $this->request,
'named_params' => $this->params['named'],
@ -3007,13 +3021,13 @@ class EventsController extends AppController
if (isset($filters['returnFormat'])) {
$returnFormat = $filters['returnFormat'];
}
if ($returnFormat === 'download') {
$returnFormat = 'json';
}
$elementCounter = 0;
$final = $this->Event->restSearch($user, $returnFormat, $filters, false, false, $elementCounter);
$responseType = $this->Event->validFormats[$returnFormat][0];
return $this->RestResponse->viewData($final, $responseType, false, true, false, array('X-result-count' => $elementCounter));
if ($returnFormat === 'download') {
$returnFormat = 'json';
}
$elementCounter = 0;
$final = $this->Event->restSearch($user, $returnFormat, $filters, false, false, $elementCounter);
$responseType = $this->Event->validFormats[$returnFormat][0];
return $this->RestResponse->viewData($final, $responseType, false, true, false, array('X-result-count' => $elementCounter));
}
public function downloadOpenIOCEvent($key, $eventid, $enforceWarninglist = false)
@ -4275,9 +4289,9 @@ class EventsController extends AppController
public function viewGraph($id)
{
$event = $this->Event->fetchEvent($this->Auth->user(), array(
'eventid' => $id,
'includeGranularCorrelations' => 1
));
'eventid' => $id,
'includeGranularCorrelations' => 1
));
if (empty($event)) {
throw new MethodNotAllowedException(__('Invalid Event.'));
}
@ -4290,8 +4304,8 @@ class EventsController extends AppController
public function viewEventGraph()
{
$event = $this->Event->fetchEvent($this->Auth->user(), array(
'eventid' => $id
));
'eventid' => $id
));
if (empty($event)) {
throw new MethodNotAllowedException(__('Invalid Event.'));
}
@ -5006,9 +5020,9 @@ class EventsController extends AppController
$this->Event->insertLock($this->Auth->user(), $event['Event']['id']);
if ($this->request->is('post')) {
$modules = array();
if (!isset($this->request->data['Event'])) {
$this->request->data = array('Event' => $this->request->data);
}
if (!isset($this->request->data['Event'])) {
$this->request->data = array('Event' => $this->request->data);
}
foreach ($this->request->data['Event'] as $module => $enabled) {
if ($enabled) {
$modules[] = $module;

6
app/Controller/FeedsController.php
View File

@ -127,9 +127,9 @@ class FeedsController extends AppController
$tags = $this->Event->EventTag->Tag->find('list', array('fields' => array('Tag.name'), 'order' => array('lower(Tag.name) asc')));
$tags[0] = 'None';
$this->set('tags', $tags);
if (empty($this->request->data['Feed']['fixed_event'])) {
$this->request->data['Feed']['fixed_event'] = 1;
}
if (empty($this->request->data['Feed']['fixed_event'])) {
$this->request->data['Feed']['fixed_event'] = 1;
}
if ($this->request->is('post')) {
if ($this->_isRest()) {
if (empty($this->request->data['Feed'])) {

4
app/Controller/GalaxiesController.php
View File

@ -35,8 +35,8 @@ class GalaxiesController extends AppController
if (!empty($this->params['named']['force'])) {
$force = 1;
} else {
$force = 0;
}
$force = 0;
}
$result = $this->Galaxy->update($force);
$message = 'Galaxies updated.';
if ($this->_isRest()) {

113
app/Controller/GalaxyClustersController.php
View File

@ -115,14 +115,14 @@ class GalaxyClustersController extends AppController
public function view($id)
{
$conditions = array('GalaxyCluster.id' => $id);
if (Validation::uuid($id)) {
$conditions = array('GalaxyCluster.uuid' => $id);
}
$contain = array('Galaxy');
if ($this->_isRest()) {
$contain[] = 'GalaxyElement';
}
$conditions = array('GalaxyCluster.id' => $id);
if (Validation::uuid($id)) {
$conditions = array('GalaxyCluster.uuid' => $id);
}
$contain = array('Galaxy');
if ($this->_isRest()) {
$contain[] = 'GalaxyElement';
}
$cluster = $this->GalaxyCluster->find('first', array(
'recursive' => -1,
'contain' => $contain,
@ -144,15 +144,15 @@ class GalaxyClustersController extends AppController
$cluster['GalaxyCluster']['tag_id'] = $tag['Tag']['id'];
}
}
if ($this->_isRest()) {
$cluster['GalaxyCluster']['Galaxy'] = $cluster['Galaxy'];
$cluster['GalaxyCluster']['GalaxyElement'] = $cluster['GalaxyElement'];
return $this->RestResponse->viewData(array('GalaxyCluster' => $cluster['GalaxyCluster']), $this->response->type());
} else {
$this->set('id', $id);
$this->set('galaxy_id', $cluster['Galaxy']['id']);
$this->set('cluster', $cluster);
}
if ($this->_isRest()) {
$cluster['GalaxyCluster']['Galaxy'] = $cluster['Galaxy'];
$cluster['GalaxyCluster']['GalaxyElement'] = $cluster['GalaxyElement'];
return $this->RestResponse->viewData(array('GalaxyCluster' => $cluster['GalaxyCluster']), $this->response->type());
} else {
$this->set('id', $id);
$this->set('galaxy_id', $cluster['Galaxy']['id']);
$this->set('cluster', $cluster);
}
}
public function attachToEvent($event_id, $tag_name)
@ -286,43 +286,44 @@ class GalaxyClustersController extends AppController
$this->redirect($this->referer());
}
public function delete($id) {
{
if ($this->request->is('post')) {
$result = false;
$galaxy_cluster = $this->GalaxyCluster->find('first', array(
'recursive' => -1,
'conditions' => array('GalaxyCluster.id' => $id)
));
if (!empty($galaxy_cluster)) {
$result = $this->GalaxyCluster->delete($id, true);
$galaxy_id = $galaxy_cluster['GalaxyCluster']['galaxy_id'];
}
if ($result) {
$message = 'Galaxy cluster successfuly deleted.';
if ($this->_isRest()) {
return $this->RestResponse->saveSuccessResponse('GalaxyCluster', 'delete', $id, $this->response->type());
} else {
$this->Flash->success($message);
$this->redirect(array('controller' => 'galaxies', 'action' => 'view', $galaxy_id));
}
} else {
$message = 'Galaxy cluster could not be deleted.';
if ($this->_isRest()) {
return $this->RestResponse->saveFailResponse('GalaxyCluster', 'delete', $id, $message, $this->response->type());
} else {
$this->Flash->error($message);
$this->redirect(array('controller' => 'taxonomies', 'action' => 'index'));
}
}
} else {
if ($this->request->is('ajax')) {
$this->set('id', $id);
$this->render('ajax/galaxy_cluster_delete_confirmation');
} else {
throw new MethodNotAllowedException('This function can only be reached via AJAX.');
}
}
}
}
public function delete($id)
{
{
if ($this->request->is('post')) {
$result = false;
$galaxy_cluster = $this->GalaxyCluster->find('first', array(
'recursive' => -1,
'conditions' => array('GalaxyCluster.id' => $id)
));
if (!empty($galaxy_cluster)) {
$result = $this->GalaxyCluster->delete($id, true);
$galaxy_id = $galaxy_cluster['GalaxyCluster']['galaxy_id'];
}
if ($result) {
$message = 'Galaxy cluster successfuly deleted.';
if ($this->_isRest()) {
return $this->RestResponse->saveSuccessResponse('GalaxyCluster', 'delete', $id, $this->response->type());
} else {
$this->Flash->success($message);
$this->redirect(array('controller' => 'galaxies', 'action' => 'view', $galaxy_id));
}
} else {
$message = 'Galaxy cluster could not be deleted.';
if ($this->_isRest()) {
return $this->RestResponse->saveFailResponse('GalaxyCluster', 'delete', $id, $message, $this->response->type());
} else {
$this->Flash->error($message);
$this->redirect(array('controller' => 'taxonomies', 'action' => 'index'));
}
}
} else {
if ($this->request->is('ajax')) {
$this->set('id', $id);
$this->render('ajax/galaxy_cluster_delete_confirmation');
} else {
throw new MethodNotAllowedException('This function can only be reached via AJAX.');
}
}
}
}
}

179
app/Controller/LogsController.php
View File

@ -29,98 +29,99 @@ class LogsController extends AppController
}
}
private function __resolveSpecial($data, $type, $fields) {
if (!is_array($data)) {
$data = array($data);
}
foreach ($data as $k => $element) {
if (!is_numeric($data)) {
$this->loadModel($type);
$params = array(
'conditions' => array(),
'recursive' => -1,
'fields' => array($type . '.id')
);
foreach ($fields as $field) {
$params['conditions']['OR'][$type . '.' . $field] = $element;
}
$records = $this->$type->find('all', $params);
if (empty($records)) {
$data[$k] = -1;
} else {
$temp = array();
foreach ($records as $record) {
$temp[] = $record[$type]['id'];
}
$data = array_merge($data, $temp);
}
}
}
return $data;
}
private function __resolveSpecial($data, $type, $fields)
{
if (!is_array($data)) {
$data = array($data);
}
foreach ($data as $k => $element) {
if (!is_numeric($data)) {
$this->loadModel($type);
$params = array(
'conditions' => array(),
'recursive' => -1,
'fields' => array($type . '.id')
);
foreach ($fields as $field) {
$params['conditions']['OR'][$type . '.' . $field] = $element;
}
$records = $this->$type->find('all', $params);
if (empty($records)) {
$data[$k] = -1;
} else {
$temp = array();
foreach ($records as $record) {
$temp[] = $record[$type]['id'];
}
$data = array_merge($data, $temp);
}
}
}
return $data;
}
public function admin_index()
{
if ($this->_isRest()) {
$paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip');
$filterData = array(
'request' => $this->request,
'named_params' => $this->params['named'],
'paramArray' => $paramArray,
'ordered_url_params' => compact($paramArray)
);
$exception = false;
$filters = $this->_harvestParameters($filterData, $exception);
unset($filterData);
if ($filters === false) {
return $exception;
}
$conditions = array();
foreach ($filters as $filter => $data) {
$data = array('OR' => $data);
$conditions = $this->Log->generic_add_filter($conditions, $data, 'Log.' . $filter);
}
if (!$this->_isSiteAdmin()) {
$orgRestriction = $this->Auth->user('Organisation')['name'];
$conditions['AND']['Log.org'] = $orgRestriction;
}
$params = array(
'conditions' => $conditions,
'recursive' => -1
);
if (isset($filters['limit'])) {
$params['limit'] = $filters['limit'];
}
if (isset($filters['page'])) {
$params['page'] = $filters['page'];
}
$log_entries = $this->Log->find('all', $params);
return $this->RestResponse->viewData($log_entries, 'json');
} else {
if (!$this->userRole['perm_audit']) {
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
}
$this->set('isSearch', 0);
$this->recursive = 0;
$validFilters = $this->Log->logMeta;
if (!$this->_isSiteAdmin()) {
$orgRestriction = $this->Auth->user('Organisation')['name'];
$conditions['Log.org'] = $orgRestriction;
$this->paginate = array(
'limit' => 60,
'conditions' => $conditions,
'order' => array('Log.id' => 'DESC')
);
} else {
$validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin);
}
if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) {
$this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values'];
}
$this->set('validFilters', $validFilters);
$this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false);
$this->set('list', $this->paginate());
}
if ($this->_isRest()) {
$paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip');
$filterData = array(
'request' => $this->request,
'named_params' => $this->params['named'],
'paramArray' => $paramArray,
'ordered_url_params' => compact($paramArray)
);
$exception = false;
$filters = $this->_harvestParameters($filterData, $exception);
unset($filterData);
if ($filters === false) {
return $exception;
}
$conditions = array();
foreach ($filters as $filter => $data) {
$data = array('OR' => $data);
$conditions = $this->Log->generic_add_filter($conditions, $data, 'Log.' . $filter);
}
if (!$this->_isSiteAdmin()) {
$orgRestriction = $this->Auth->user('Organisation')['name'];
$conditions['AND']['Log.org'] = $orgRestriction;
}
$params = array(
'conditions' => $conditions,
'recursive' => -1
);
if (isset($filters['limit'])) {
$params['limit'] = $filters['limit'];
}
if (isset($filters['page'])) {
$params['page'] = $filters['page'];
}
$log_entries = $this->Log->find('all', $params);
return $this->RestResponse->viewData($log_entries, 'json');
} else {
if (!$this->userRole['perm_audit']) {
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
}
$this->set('isSearch', 0);
$this->recursive = 0;
$validFilters = $this->Log->logMeta;
if (!$this->_isSiteAdmin()) {
$orgRestriction = $this->Auth->user('Organisation')['name'];
$conditions['Log.org'] = $orgRestriction;
$this->paginate = array(
'limit' => 60,
'conditions' => $conditions,
'order' => array('Log.id' => 'DESC')
);
} else {
$validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin);
}
if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) {
$this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values'];
}
$this->set('validFilters', $validFilters);
$this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false);
$this->set('list', $this->paginate());
}
}
// Shows a minimalistic history for the currently selected event

8
app/Controller/NewsController.php
View File

@ -31,10 +31,10 @@ class NewsController extends AppController
}
}
$this->User->id = $this->Auth->user('id');
//if ($this->User->exists()) {
$this->User->saveField('newsread', time());
$this->set('newsItems', $newsItems);
//}
//if ($this->User->exists()) {
$this->User->saveField('newsread', time());
$this->set('newsItems', $newsItems);
//}
}
public function add()

4
app/Controller/ObjectsController.php
View File

@ -194,7 +194,7 @@ class ObjectsController extends AppController
$error = 'Could not save the object as no attributes were set.';
} else {
foreach ($object['Attribute'] as $k => $attribute) {
unset($object['Attribute'][$k]['id']);
unset($object['Attribute'][$k]['id']);
$object['Attribute'][$k]['event_id'] = $eventId;
$this->MispObject->Event->Attribute->set($attribute);
if (!$this->MispObject->Event->Attribute->validates()) {
@ -221,7 +221,7 @@ class ObjectsController extends AppController
$error = $this->MispObject->ObjectTemplate->checkTemplateConformity($template, $object);
}
if ($error === true) {
unset($object['Object']['id']);
unset($object['Object']['id']);
$result = $this->MispObject->saveObject($object, $eventId, $template, $this->Auth->user(), $errorBehaviour = 'halt');
if (is_numeric($result)) {
$this->MispObject->Event->unpublishEvent($eventId);

407
app/Controller/ServersController.php
View File

@ -31,7 +31,7 @@ class ServersController extends AppController
public function beforeFilter()
{
parent::beforeFilter();
$this->Security->unlockedActions[] = 'getApiInfo';
$this->Security->unlockedActions[] = 'getApiInfo';
// permit reuse of CSRF tokens on some pages.
switch ($this->request->params['action']) {
case 'push':
@ -51,27 +51,27 @@ class ServersController extends AppController
$this->paginate['conditions'] = array('Server.org_id LIKE' => $this->Auth->user('org_id'));
}
if ($this->_isRest()) {
$params = array(
'recursive' => -1,
'contain' => array(
'Organisation' => array('Organisation.id', 'Organisation.name', 'Organisation.uuid', 'Organisation.nationality', 'Organisation.sector', 'Organisation.type'),
'RemoteOrg' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'),
)
);
$servers = $this->Server->find('all', $params);
return $this->RestResponse->viewData($servers, $this->response->type());
} else {
$this->set('servers', $this->paginate());
$collection = array();
$collection['orgs'] = $this->Server->Organisation->find('list', array(
'fields' => array('id', 'name'),
));
$this->loadModel('Tag');
$collection['tags'] = $this->Tag->find('list', array(
'fields' => array('id', 'name'),
));
$this->set('collection', $collection);
}
$params = array(
'recursive' => -1,
'contain' => array(
'Organisation' => array('Organisation.id', 'Organisation.name', 'Organisation.uuid', 'Organisation.nationality', 'Organisation.sector', 'Organisation.type'),
'RemoteOrg' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'),
)
);
$servers = $this->Server->find('all', $params);
return $this->RestResponse->viewData($servers, $this->response->type());
} else {
$this->set('servers', $this->paginate());
$collection = array();
$collection['orgs'] = $this->Server->Organisation->find('list', array(
'fields' => array('id', 'name'),
));
$this->loadModel('Tag');
$collection['tags'] = $this->Tag->find('list', array(
'fields' => array('id', 'name'),
));
$this->set('collection', $collection);
}
}
public function previewIndex($id)
@ -602,66 +602,66 @@ class ServersController extends AppController
throw new NotFoundException(__('Invalid server'));
}
$s = $this->Server->read(null, $id);
$error = false;
$error = false;
if (!$this->_isSiteAdmin() && !($s['Server']['org_id'] == $this->Auth->user('org_id') && $this->_isAdmin())) {
throw new MethodNotAllowedException(__('You are not authorised to do that.'));
throw new MethodNotAllowedException(__('You are not authorised to do that.'));
}
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
}
if (false == $this->Server->data['Server']['pull'] && ($technique == 'full' || $technique == 'incremental')) {
$error = __('Pull setting not enabled for this server.');
$error = __('Pull setting not enabled for this server.');
}
if (empty($error)) {
if (!Configure::read('MISP.background_jobs')) {
$result = $this->Server->pull($this->Auth->user(), $id, $technique, $s);
if (is_array($result)) {
$success = sprintf(__('Pull completed. %s events pulled, %s events could not be pulled, %s proposals pulled.', count($result[0]), count($result[1]), count($result[2])));
} else {
$error = $result;
}
$this->set('successes', $result[0]);
$this->set('fails', $result[1]);
$this->set('pulledProposals', $result[2]);
} else {
$this->loadModel('Job');
$this->Job->create();
$data = array(
'worker' => 'default',
'job_type' => 'pull',
'job_input' => 'Server: ' . $id,
'status' => 0,
'retries' => 0,
'org' => $this->Auth->user('Organisation')['name'],
'message' => 'Pulling.',
);
$this->Job->save($data);
$jobId = $this->Job->id;
$process_id = CakeResque::enqueue(
'default',
'ServerShell',
array('pull', $this->Auth->user('id'), $id, $technique, $jobId)
);
$this->Job->saveField('process_id', $process_id);
$success = sprintf(__('Pull queued for background execution. Job ID: %s'), $jobId);
}
}
if ($this->_isRest()) {
if (!empty($error)) {
return $this->RestResponse->saveFailResponse('Servers', 'pull', false, $error, $this->response->type());
} else {
return $this->RestResponse->saveSuccessResponse('Servers', 'pull', $success, $this->response->type());
}
} else {
if (!empty($error)) {
$this->Flash->error($error);
$this->redirect(array('action' => 'index'));
} else {
$this->Flash->success($success);
$this->redirect($this->referer());
}
}
if (empty($error)) {
if (!Configure::read('MISP.background_jobs')) {
$result = $this->Server->pull($this->Auth->user(), $id, $technique, $s);
if (is_array($result)) {
$success = sprintf(__('Pull completed. %s events pulled, %s events could not be pulled, %s proposals pulled.', count($result[0]), count($result[1]), count($result[2])));
} else {
$error = $result;
}
$this->set('successes', $result[0]);
$this->set('fails', $result[1]);
$this->set('pulledProposals', $result[2]);
} else {
$this->loadModel('Job');
$this->Job->create();
$data = array(
'worker' => 'default',
'job_type' => 'pull',
'job_input' => 'Server: ' . $id,
'status' => 0,
'retries' => 0,
'org' => $this->Auth->user('Organisation')['name'],
'message' => 'Pulling.',
);
$this->Job->save($data);
$jobId = $this->Job->id;
$process_id = CakeResque::enqueue(
'default',
'ServerShell',
array('pull', $this->Auth->user('id'), $id, $technique, $jobId)
);
$this->Job->saveField('process_id', $process_id);
$success = sprintf(__('Pull queued for background execution. Job ID: %s'), $jobId);
}
}
if ($this->_isRest()) {
if (!empty($error)) {
return $this->RestResponse->saveFailResponse('Servers', 'pull', false, $error, $this->response->type());
} else {
return $this->RestResponse->saveSuccessResponse('Servers', 'pull', $success, $this->response->type());
}
} else {
if (!empty($error)) {
$this->Flash->error($error);
$this->redirect(array('action' => 'index'));
} else {
$this->Flash->success($success);
$this->redirect($this->referer());
}
}
}
public function push($id = null, $technique=false)
@ -681,24 +681,24 @@ class ServersController extends AppController
$HttpSocket = $syncTool->setupHttpSocket($server);
$result = $this->Server->push($id, $technique, false, $HttpSocket, $this->Auth->user());
if ($result === false) {
$error = __('The remote server is too outdated to initiate a push towards it. Please notify the hosting organisation of the remote instance.');
} else if (!is_array($result)) {
$error = $result;
}
if (!empty($error)) {
if ($this->_isRest()) {
return $this->RestResponse->saveFailResponse('Servers', 'push', false, $error, $this->response->type());
} else {
$this->Flash->info($error);
$this->redirect(array('action' => 'index'));
}
}
if ($this->_isRest()) {
return $this->RestResponse->saveSuccessResponse('Servers', 'push', array(sprintf(__('Push complete. %s events pushed, %s events could not be pushed.', $result[0], $result[1]))), $this->response->type());
} else {
$this->set('successes', $result[0]);
$this->set('fails', $result[1]);
}
$error = __('The remote server is too outdated to initiate a push towards it. Please notify the hosting organisation of the remote instance.');
} elseif (!is_array($result)) {
$error = $result;
}
if (!empty($error)) {
if ($this->_isRest()) {
return $this->RestResponse->saveFailResponse('Servers', 'push', false, $error, $this->response->type());
} else {
$this->Flash->info($error);
$this->redirect(array('action' => 'index'));
}
}
if ($this->_isRest()) {
return $this->RestResponse->saveSuccessResponse('Servers', 'push', array(sprintf(__('Push complete. %s events pushed, %s events could not be pushed.', $result[0], $result[1]))), $this->response->type());
} else {
$this->set('successes', $result[0]);
$this->set('fails', $result[1]);
}
} else {
$this->loadModel('Job');
$this->Job->create();
@ -719,10 +719,10 @@ class ServersController extends AppController
array('push', $this->Auth->user('id'), $id, $jobId)
);
$this->Job->saveField('process_id', $process_id);
$message = sprintf(__('Push queued for background execution. Job ID: %s'), $jobId);
if ($this->_isRest()) {
return $this->RestResponse->saveSuccessResponse('Servers', 'push', $message, $this->response->type());
}
$message = sprintf(__('Push queued for background execution. Job ID: %s'), $jobId);
if ($this->_isRest()) {
return $this->RestResponse->saveSuccessResponse('Servers', 'push', $message, $this->response->type());
}
$this->Flash->success($message);
$this->redirect(array('action' => 'index'));
}
@ -1614,17 +1614,17 @@ class ServersController extends AppController
public function rest()
{
$allValidApis = $this->RestResponse->getAllApis($this->Auth->user(), $this);
$allValidApis = $this->RestResponse->getAllApis($this->Auth->user(), $this);
if ($this->request->is('post')) {
$request = $this->request->data;
if (!empty($request['Server'])) {
$request = $this->request->data['Server'];
}
$curl = '';
$python = '';
$curl = '';
$python = '';
$result = $this->__doRestQuery($request, $curl, $python);
$this->set('curl', $curl);
$this->set('python', $python);
$this->set('curl', $curl);
$this->set('python', $python);
if (!$result) {
$this->Flash->error('Something went wrong. Make sure you set the http method, body (when sending POST requests) and URL correctly.');
} else {
@ -1636,7 +1636,7 @@ class ServersController extends AppController
'Accept: application/json' . PHP_EOL .
'Content-Type: application/json';
$this->set('header', $header);
$this->set('allValidApis', $allValidApis);
$this->set('allValidApis', $allValidApis);
}
private function __doRestQuery($request, &$curl = false, &$python = false)
@ -1644,20 +1644,20 @@ class ServersController extends AppController
App::uses('SyncTool', 'Tools');
$params = array();
if (!empty($request['url'])) {
if (empty($request['use_full_path'])) {
$path = preg_replace('#^(://|[^/?])+#', '', $request['url']);
$url = Configure::read('MISP.baseurl') . $path;
unset($request['url']);
} else {
$url = $request['url'];
}
if (empty($request['use_full_path'])) {
$path = preg_replace('#^(://|[^/?])+#', '', $request['url']);
$url = Configure::read('MISP.baseurl') . $path;
unset($request['url']);
} else {
$url = $request['url'];
}
} else {
throw new InvalidArgumentException('Url not set.');
}
if (!empty($request['skip_ssl_validation'])) {
$params['ssl_verify_peer'] = false;
}
$params['timeout'] = 300;
if (!empty($request['skip_ssl_validation'])) {
$params['ssl_verify_peer'] = false;
}
$params['timeout'] = 300;
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket($params);
$view_data = array();
@ -1678,24 +1678,24 @@ class ServersController extends AppController
!empty($request['method']) &&
$request['method'] === 'GET'
) {
if ($curl !== false) {
$curl = $this->__generateCurlQuery('get', $request, $url);
}
if ($python !== false) {
$python = $this->__generatePythonScript($request, $url);
}
if ($curl !== false) {
$curl = $this->__generateCurlQuery('get', $request, $url);
}
if ($python !== false) {
$python = $this->__generatePythonScript($request, $url);
}
$response = $HttpSocket->get($url, false, array('header' => $request['header']));
} elseif (
!empty($request['method']) &&
$request['method'] === 'POST' &&
!empty($request['body'])
) {
if ($curl !== false) {
$curl = $this->__generateCurlQuery('post', $request, $url);
}
if ($python !== false) {
$python = $this->__generatePythonScript($request, $url);
}
if ($curl !== false) {
$curl = $this->__generateCurlQuery('post', $request, $url);
}
if ($python !== false) {
$python = $this->__generatePythonScript($request, $url);
}
$response = $HttpSocket->post($url, $request['body'], array('header' => $request['header']));
} else {
return false;
@ -1716,28 +1716,28 @@ class ServersController extends AppController
return $view_data;
}
private function __generatePythonScript($request, $url)
{
$slashCounter = 0;
$baseurl = '';
$relative = '';
$verifyCert = ($url[4] === 's') ? 'True' : 'False';
for ($i = 0; $i < strlen($url); $i++) {
//foreach ($url as $url[$i]) {
if ($url[$i] === '/') {
$slashCounter += 1;
if ($slashCounter == 3) {
continue;
}
}
if ($slashCounter < 3) {
$baseurl .= $url[$i];
} else {
$relative .= $url[$i];
}
}
$python_script =
sprintf(
private function __generatePythonScript($request, $url)
{
$slashCounter = 0;
$baseurl = '';
$relative = '';
$verifyCert = ($url[4] === 's') ? 'True' : 'False';
for ($i = 0; $i < strlen($url); $i++) {
//foreach ($url as $url[$i]) {
if ($url[$i] === '/') {
$slashCounter += 1;
if ($slashCounter == 3) {
continue;
}
}
if ($slashCounter < 3) {
$baseurl .= $url[$i];
} else {
$relative .= $url[$i];
}
}
$python_script =
sprintf(
'misp_url = \'%s\'
misp_key = \'%s\'
misp_verifycert = %s
@ -1749,63 +1749,62 @@ from pymisp import PyMISP
misp = PyMISP(misp_url, misp_key, misp_verifycert)
misp.direct_call(relative_path, body)
',
$baseurl,
$request['header']['Authorization'],
$verifyCert,
$relative,
(empty($request['body']) ? 'Null' : '\'' . $request['body'] . '\'')
);
return $python_script;
}
private function __generateCurlQuery($type, $request, $url)
{
if ($type === 'get') {
$curl = sprintf(
'curl \%s -H "Authorization: %s" \%s -H "Accept: %s" \%s -H "Content-type: %s" \%s %s',
PHP_EOL,
$request['header']['Authorization'],
PHP_EOL,
$request['header']['Accept'],
PHP_EOL,
$request['header']['Content-Type'],
PHP_EOL,
$url
);
} else {
$curl = sprintf(
'curl \%s -d \'%s\' \%s -H "Authorization: %s" \%s -H "Accept: %s" \%s -H "Content-type: %s" \%s -X POST %s',
PHP_EOL,
json_encode(json_decode($request['body']), true),
PHP_EOL,
$request['header']['Authorization'],
PHP_EOL,
$request['header']['Accept'],
PHP_EOL,
$request['header']['Content-Type'],
PHP_EOL,
$url
);
}
return $curl;
}
public function getApiInfo() {
$relative_path = $this->request->data['url'];
$result = $this->RestResponse->getApiInfo($relative_path);
if ($this->_isRest()) {
return $result;
} else {
$result = json_decode($result, true);
if (empty($result)) {
return $this->RestResponse->viewData('&nbsp;', $this->response->type());
}
$this->layout = false;
$this->autoRender = false;
$this->set('api_info', $result);
$this->render('ajax/get_api_info');
}
}
$baseurl,
$request['header']['Authorization'],
$verifyCert,
$relative,
(empty($request['body']) ? 'Null' : '\'' . $request['body'] . '\'')
);
return $python_script;
}
private function __generateCurlQuery($type, $request, $url)
{
if ($type === 'get') {
$curl = sprintf(
'curl \%s -H "Authorization: %s" \%s -H "Accept: %s" \%s -H "Content-type: %s" \%s %s',
PHP_EOL,
$request['header']['Authorization'],
PHP_EOL,
$request['header']['Accept'],
PHP_EOL,
$request['header']['Content-Type'],
PHP_EOL,
$url
);
} else {
$curl = sprintf(
'curl \%s -d \'%s\' \%s -H "Authorization: %s" \%s -H "Accept: %s" \%s -H "Content-type: %s" \%s -X POST %s',
PHP_EOL,
json_encode(json_decode($request['body']), true),
PHP_EOL,
$request['header']['Authorization'],
PHP_EOL,
$request['header']['Accept'],
PHP_EOL,
$request['header']['Content-Type'],
PHP_EOL,
$url
);
}
return $curl;
}
public function getApiInfo()
{
$relative_path = $this->request->data['url'];
$result = $this->RestResponse->getApiInfo($relative_path);
if ($this->_isRest()) {
return $result;
} else {
$result = json_decode($result, true);
if (empty($result)) {
return $this->RestResponse->viewData('&nbsp;', $this->response->type());
}
$this->layout = false;
$this->autoRender = false;
$this->set('api_info', $result);
$this->render('ajax/get_api_info');
}
}
}

3
app/Controller/SightingsController.php
View File

@ -146,7 +146,8 @@ class SightingsController extends AppController
$this->render('/Sightings/ajax/advanced');
}
public function quickAdd($id=false, $onvalue=false) {
public function quickAdd($id=false, $onvalue=false)
{
if (!$this->userRole['perm_modify_org']) {
throw new MethodNotAllowedException(__('You are not authorised to remove sightings data as you don\'t have permission to modify your organisation\'s data.'));
}

14
app/Controller/TagsController.php
View File

@ -500,13 +500,13 @@ class TagsController extends AppController
'contain' => array('Tag'),
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name'),
));
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
foreach ($attributeTags as $k => $attributeTag) {
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
unset($attributeTags[$k]);
}
}
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
foreach ($attributeTags as $k => $attributeTag) {
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
unset($attributeTags[$k]);
}
}
$event = $this->Tag->AttributeTag->Attribute->Event->find('first', array(
'recursive' => -1,
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.user_id'),

22
app/Controller/UsersController.php
View File

@ -1390,17 +1390,17 @@ class UsersController extends AppController
if ($isPostOrPut) {
$recipient = $this->request->data['User']['recipient'];
} else {
$recipient = isset($this->request->query['recipient']) ? $this->request->query['recipient'] : NULL;
$recipient = isset($this->request->query['recipient']) ? $this->request->query['recipient'] : null;
}
if ($isPostOrPut) {
$recipientEmailList = $this->request->data['User']['recipientEmailList'];
} else {
$recipientEmailList = isset($this->request->query['recipientEmailList']) ? $this->request->query['recipientEmailList'] : NULL;
$recipientEmailList = isset($this->request->query['recipientEmailList']) ? $this->request->query['recipientEmailList'] : null;
}
if ($isPostOrPut) {
$orgNameList = $this->request->data['User']['orgNameList'];
} else {
$orgNameList = isset($this->request->query['orgNameList']) ? $this->request->query['orgNameList'] : NULL;
$orgNameList = isset($this->request->query['orgNameList']) ? $this->request->query['orgNameList'] : null;
}
if (!is_null($recipient) && $recipient == 0) {
@ -1408,7 +1408,7 @@ class UsersController extends AppController
throw new NotFoundException(__('Recipient email not provided'));
}
$conditions['id'] = $recipientEmailList;
} else if (!is_null($recipient) && $recipient == 2) {
} elseif (!is_null($recipient) && $recipient == 2) {
if (is_null($orgNameList)) {
throw new NotFoundException(__('Recipient organisation not provided'));
}
@ -1562,15 +1562,15 @@ class UsersController extends AppController
$params = array(
'fields' => array('name'),
'recursive' => -1,
'conditions' => array()
'conditions' => array()
);
if (!$this->_isSiteAdmin() && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
$params['conditions'] = array('Organisation.id' => $this->Auth->user('org_id'));
}
$orgs = $this->User->Organisation->find('all', $params);
$local_orgs_params = $params;
$local_orgs_params['conditions']['Organisation.local'] = 1;
$local_orgs = $this->User->Organisation->find('all', $local_orgs_params);
$local_orgs_params = $params;
$local_orgs_params['conditions']['Organisation.local'] = 1;
$local_orgs = $this->User->Organisation->find('all', $local_orgs_params);
$this->loadModel('Log');
$year = date('Y');
$month = date('n');
@ -1596,10 +1596,10 @@ class UsersController extends AppController
$stats['proposal_count'] = $this->User->Event->ShadowAttribute->find('count', array('recursive' => -1));
$stats['user_count'] = $this->User->find('count', array('recursive' => -1));
$stats['user_count_pgp'] = $this->User->find('count', array('recursive' => -1, 'conditions' => array('User.gpgkey !=' => '')));
$stats['user_count_pgp'] = $this->User->find('count', array('recursive' => -1, 'conditions' => array('User.gpgkey !=' => '')));
$stats['org_count'] = count($orgs);
$stats['local_org_count'] = count($local_orgs);
$stats['average_user_per_org'] = round($stats['user_count'] / $stats['local_org_count'], 1);
$stats['local_org_count'] = count($local_orgs);
$stats['average_user_per_org'] = round($stats['user_count'] / $stats['local_org_count'], 1);
$this->loadModel('Thread');
$stats['thread_count'] = $this->Thread->find('count', array('conditions' => array('Thread.post_count >' => 0), 'recursive' => -1));

163
app/Controller/WarninglistsController.php
View File

@ -117,45 +117,45 @@ class WarninglistsController extends AppController
}
}
/*
* toggle warninglists on or offset
* Simply POST an ID or a list of IDs to toggle the current state
* To control what state the warninglists should have after execution instead of just blindly toggling them, simply pass the enabled flag
* Example:
* {"id": [5, 8], "enabled": 1}
/*
* toggle warninglists on or offset
* Simply POST an ID or a list of IDs to toggle the current state
* To control what state the warninglists should have after execution instead of just blindly toggling them, simply pass the enabled flag
* Example:
* {"id": [5, 8], "enabled": 1}
* Alternatively search by a substring in the warninglist's named, such as:
* {"name": ["%alexa%", "%iana%"], "enabled": 1}
*/
*/
public function toggleEnable()
{
if (!$this->request->is('post')) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'This function only accepts POST requests.')), 'status' => 200, 'type' => 'json'));
}
if (isset($this->request->data['Warninglist']['data'])) {
$id = $this->request->data['Warninglist']['data'];
} else {
if (!empty($this->request->data['id'])) {
$id = $this->request->data['id'];
} else if (!empty($this->request->data['name'])) {
if (!is_array($this->request->data['name'])) {
$names = array($this->request->data['name']);
} else {
$names = $this->request->data['name'];
}
$conditions = array();
foreach ($names as $k => $name) {
$conditions['OR'][] = array('LOWER(Warninglist.name) LIKE' => strtolower($name));
}
$id = $this->Warninglist->find('list', array(
'conditions' => $conditions,
'recursive' => -1,
'fields' => array('Warninglist.id', 'Warninglist.id')
));
}
}
if (isset($this->request->data['enabled'])) {
$enabled = $this->request->data['enabled'];
}
if (!$this->request->is('post')) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'This function only accepts POST requests.')), 'status' => 200, 'type' => 'json'));
}
if (isset($this->request->data['Warninglist']['data'])) {
$id = $this->request->data['Warninglist']['data'];
} else {
if (!empty($this->request->data['id'])) {
$id = $this->request->data['id'];
} elseif (!empty($this->request->data['name'])) {
if (!is_array($this->request->data['name'])) {
$names = array($this->request->data['name']);
} else {
$names = $this->request->data['name'];
}
$conditions = array();
foreach ($names as $k => $name) {
$conditions['OR'][] = array('LOWER(Warninglist.name) LIKE' => strtolower($name));
}
$id = $this->Warninglist->find('list', array(
'conditions' => $conditions,
'recursive' => -1,
'fields' => array('Warninglist.id', 'Warninglist.id')
));
}
}
if (isset($this->request->data['enabled'])) {
$enabled = $this->request->data['enabled'];
}
if (empty($id)) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Warninglist not found.')), 'status' => 200, 'type' => 'json'));
}
@ -163,28 +163,28 @@ class WarninglistsController extends AppController
if (empty($currentState)) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Warninglist(s) not found.')), 'status' => 200, 'type' => 'json'));
}
$success = 0;
foreach ($currentState as $warningList) {
if (isset($enabled)) {
$warningList['Warninglist']['enabled'] = $enabled;
$message = $enabled ? 'enabled' : 'disabled';
} else {
if ($warningList['Warninglist']['enabled']) {
$warningList['Warninglist']['enabled'] = 0;
$message = 'disabled';
} else {
$warningList['Warninglist']['enabled'] = 1;
$message = 'enabled';
}
if (!isset($enabled) && count($currentState) > 1) {
$message = 'toggled';
}
}
if ($this->Warninglist->save($warningList)) {
$success += 1;
}
$this->Warninglist->regenerateWarninglistCaches($warningList['Warninglist']['id']);
}
$success = 0;
foreach ($currentState as $warningList) {
if (isset($enabled)) {
$warningList['Warninglist']['enabled'] = $enabled;
$message = $enabled ? 'enabled' : 'disabled';
} else {
if ($warningList['Warninglist']['enabled']) {
$warningList['Warninglist']['enabled'] = 0;
$message = 'disabled';
} else {
$warningList['Warninglist']['enabled'] = 1;
$message = 'enabled';
}
if (!isset($enabled) && count($currentState) > 1) {
$message = 'toggled';
}
}
if ($this->Warninglist->save($warningList)) {
$success += 1;
}
$this->Warninglist->regenerateWarninglistCaches($warningList['Warninglist']['id']);
}
if ($success) {
$this->Warninglist->regenerateWarninglistCaches($id);
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $success . ' warninglist(s) ' . $message)), 'status' => 200, 'type' => 'json'));
@ -259,30 +259,31 @@ class WarninglistsController extends AppController
}
}
public function checkValue() {
if ($this->request->is('post')) {
$warninglists = $this->Warninglist->getWarninglists(array());
if (empty($this->request->data)) {
throw new NotFoundException('No valid data received.');
}
$data = $this->request->data;
if (!is_array($data)) {
$data = array($data);
}
$hits = array();
foreach ($data as $dataPoint) {
foreach ($warninglists as $warninglist) {
$listValues = $this->Warninglist->getWarninglistEntries($warninglist['Warninglist']['id']);
$listValues = array_combine($listValues, $listValues);
$result = $this->Warninglist->quickCheckValue($listValues, $dataPoint, $warninglist['Warninglist']['type']);
if ($result) {
$hits[$dataPoint][] = array('id' => $warninglist['Warninglist']['id'], 'name' => $warninglist['Warninglist']['name']);
}
}
}
return $this->RestResponse->viewData($hits, $this->response->type());
public function checkValue()
{
if ($this->request->is('post')) {
$warninglists = $this->Warninglist->getWarninglists(array());
if (empty($this->request->data)) {
throw new NotFoundException('No valid data received.');
}
$data = $this->request->data;
if (!is_array($data)) {
$data = array($data);
}
$hits = array();
foreach ($data as $dataPoint) {
foreach ($warninglists as $warninglist) {
$listValues = $this->Warninglist->getWarninglistEntries($warninglist['Warninglist']['id']);
$listValues = array_combine($listValues, $listValues);
$result = $this->Warninglist->quickCheckValue($listValues, $dataPoint, $warninglist['Warninglist']['type']);
if ($result) {
$hits[$dataPoint][] = array('id' => $warninglist['Warninglist']['id'], 'name' => $warninglist['Warninglist']['name']);
}
}
}
return $this->RestResponse->viewData($hits, $this->response->type());
} else {
return $this->RestResponse->describe('Warninglists', 'checkValue', false, $this->response->type());
return $this->RestResponse->describe('Warninglists', 'checkValue', false, $this->response->type());
}
}
}
}

275
app/Model/AppModel.php
View File

@ -163,9 +163,9 @@ class AppModel extends Model
case 12:
$this->__forceSettings();
break;
case 23:
$this->__bumpReferences();
break;
case 23:
$this->__bumpReferences();
break;
default:
$this->updateDatabase($command);
break;
@ -1043,21 +1043,21 @@ class AppModel extends Model
$sqlArray[] = 'ALTER TABLE `taxonomy_predicates` ADD COLUMN numerical_value int(11) NULL;';
$sqlArray[] = 'ALTER TABLE `taxonomy_entries` ADD COLUMN numerical_value int(11) NULL;';
break;
case 22:
$sqlArray[] = 'ALTER TABLE `object_references` MODIFY `deleted` tinyint(1) NOT NULL default 0;';
break;
case 24:
$this->GalaxyCluster = ClassRegistry::init('GalaxyCluster');
if (empty($this->GalaxyCluster->schema('collection_uuid'))) {
$sqlArray[] = 'ALTER TABLE `galaxy_clusters` CHANGE `uuid` `collection_uuid` varchar(255) COLLATE utf8_bin NOT NULL;';
$sqlArray[] = 'ALTER TABLE `galaxy_clusters` ADD COLUMN `uuid` varchar(255) COLLATE utf8_bin NOT NULL default \'\';';
}
break;
case 25:
$this->__dropIndex('galaxy_clusters', 'uuid');
$this->__addIndex('galaxy_clusters', 'uuid');
$this->__addIndex('galaxy_clusters', 'collection_uuid');
break;
case 22:
$sqlArray[] = 'ALTER TABLE `object_references` MODIFY `deleted` tinyint(1) NOT NULL default 0;';
break;
case 24:
$this->GalaxyCluster = ClassRegistry::init('GalaxyCluster');
if (empty($this->GalaxyCluster->schema('collection_uuid'))) {
$sqlArray[] = 'ALTER TABLE `galaxy_clusters` CHANGE `uuid` `collection_uuid` varchar(255) COLLATE utf8_bin NOT NULL;';
$sqlArray[] = 'ALTER TABLE `galaxy_clusters` ADD COLUMN `uuid` varchar(255) COLLATE utf8_bin NOT NULL default \'\';';
}
break;
case 25:
$this->__dropIndex('galaxy_clusters', 'uuid');
$this->__addIndex('galaxy_clusters', 'uuid');
$this->__addIndex('galaxy_clusters', 'collection_uuid');
break;
case 'fixNonEmptySharingGroupID':
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
@ -1712,16 +1712,16 @@ class AppModel extends Model
}
foreach ($filter as $operator => $filters) {
$temp = array();
if (!is_array($filters)) {
$filters = array($filters);
}
if (!is_array($filters)) {
$filters = array($filters);
}
foreach ($filters as $f) {
if ($f === -1) {
foreach ($keys as $key) {
$temp['OR'][$key][] = -1;
}
continue;
}
if ($f === -1) {
foreach ($keys as $key) {
$temp['OR'][$key][] = -1;
}
continue;
}
// split the filter params into two lists, one for substring searches one for exact ones
if (is_string($f) && ($f[strlen($f) - 1] === '%' || $f[0] === '%')) {
foreach ($keys as $key) {
@ -1741,7 +1741,7 @@ class AppModel extends Model
}
}
}
$conditions['AND'][] = array($operator_composition[$operator] => $temp);
$conditions['AND'][] = array($operator_composition[$operator] => $temp);
if ($operator !== 'NOT') {
unset($filter[$operator]);
}
@ -1774,121 +1774,124 @@ class AppModel extends Model
if (!isset($filter['OR']) && !isset($filter['NOT']) && !isset($filter['AND'])) {
$temp = array();
foreach ($filter as $param) {
if (!empty($param)) {
if ($param[0] === '!') {
$temp['NOT'][] = substr($param, 1);
} else {
$temp['OR'][] = $param;
}
}
if (!empty($param)) {
if ($param[0] === '!') {
$temp['NOT'][] = substr($param, 1);
} else {
$temp['OR'][] = $param;
}
}
}
$filter = $temp;
}
return $filter;
}
public function convert_to_memory_limit_to_mb($val) {
$val = trim($val);
if ($val == -1) {
// default to 8GB if no limit is set
return 8 * 1024;
}
$unit = $val[strlen($val)-1];
if (is_numeric($unit)) {
$unit = 'b';
} else {
$val = intval($val);
}
$unit = strtolower($unit);
switch($unit) {
case 'g':
$val *= 1024;
case 'm':
$val *= 1024;
case 'k':
$val *= 1024;
}
return $val / (1024 * 1024);
}
public function convert_to_memory_limit_to_mb($val)
{
$val = trim($val);
if ($val == -1) {
// default to 8GB if no limit is set
return 8 * 1024;
}
$unit = $val[strlen($val)-1];
if (is_numeric($unit)) {
$unit = 'b';
} else {
$val = intval($val);
}
$unit = strtolower($unit);
switch ($unit) {
case 'g':
$val *= 1024;
// no break
case 'm':
$val *= 1024;
// no break
case 'k':
$val *= 1024;
}
return $val / (1024 * 1024);
}
public function getDefaultAttachments_dir()
{
return APP . 'files';
}
public function getDefaultAttachments_dir()
{
return APP . 'files';
}
public function getDefaultTmp_dir()
{
return sys_get_temp_dir();
}
public function getDefaultTmp_dir()
{
return sys_get_temp_dir();
}
private function __bumpReferences()
{
$this->Event = ClassRegistry::init('Event');
$this->AdminSetting = ClassRegistry::init('AdminSetting');
$existingSetting = $this->AdminSetting->find('first', array(
'conditions' => array('AdminSetting.setting' => 'update_23')
));
if (empty($existingSetting)) {
$this->AdminSetting->create();
$data = array(
'setting' => 'update_23',
'value' => 1
);
$this->AdminSetting->save($data);
$references = $this->Event->Object->ObjectReference->find('list', array(
'recursive' => -1,
'fields' => array('ObjectReference.event_id', 'ObjectReference.event_id'),
'group' => array('ObjectReference.event_id')
));
$event_ids = array();
$object_ids = array();
foreach ($references as $reference) {
$event = $this->Event->find('first', array(
'conditions' => array(
'Event.id' => $reference,
'Event.locked' => 0
),
'recursive' => -1,
'fields' => array('Event.id', 'Event.locked')
));
if (!empty($event)) {
$event_ids[] = $event['Event']['id'];
$event_references = $this->Event->Object->ObjectReference->find('list', array(
'conditions' => array('ObjectReference.event_id' => $reference),
'recursive' => -1,
'fields' => array('ObjectReference.object_id', 'ObjectReference.object_id')
));
$object_ids = array_merge($object_ids, array_values($event_references));
}
}
if (!empty($object_ids)) {
$this->Event->Object->updateAll(
array(
'Object.timestamp' => 'Object.timestamp + 1'
),
array('Object.id' => $object_ids)
);
$this->Event->updateAll(
array(
'Event.timestamp' => 'Event.timestamp + 1'
),
array('Event.id' => $event_ids)
);
}
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$entry = array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => 'Bumped the timestamps of locked events containing object references.',
'change' => sprintf('Event timestamps updated: %s; Object timestamps updated: %s', count($event_ids), count($object_ids))
);
$this->Log->save($entry);
}
return true;
}
private function __bumpReferences()
{
$this->Event = ClassRegistry::init('Event');
$this->AdminSetting = ClassRegistry::init('AdminSetting');
$existingSetting = $this->AdminSetting->find('first', array(
'conditions' => array('AdminSetting.setting' => 'update_23')
));
if (empty($existingSetting)) {
$this->AdminSetting->create();
$data = array(
'setting' => 'update_23',
'value' => 1
);
$this->AdminSetting->save($data);
$references = $this->Event->Object->ObjectReference->find('list', array(
'recursive' => -1,
'fields' => array('ObjectReference.event_id', 'ObjectReference.event_id'),
'group' => array('ObjectReference.event_id')
));
$event_ids = array();
$object_ids = array();
foreach ($references as $reference) {
$event = $this->Event->find('first', array(
'conditions' => array(
'Event.id' => $reference,
'Event.locked' => 0
),
'recursive' => -1,
'fields' => array('Event.id', 'Event.locked')
));
if (!empty($event)) {
$event_ids[] = $event['Event']['id'];
$event_references = $this->Event->Object->ObjectReference->find('list', array(
'conditions' => array('ObjectReference.event_id' => $reference),
'recursive' => -1,
'fields' => array('ObjectReference.object_id', 'ObjectReference.object_id')
));
$object_ids = array_merge($object_ids, array_values($event_references));
}
}
if (!empty($object_ids)) {
$this->Event->Object->updateAll(
array(
'Object.timestamp' => 'Object.timestamp + 1'
),
array('Object.id' => $object_ids)
);
$this->Event->updateAll(
array(
'Event.timestamp' => 'Event.timestamp + 1'
),
array('Event.id' => $event_ids)
);
}
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$entry = array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => 'Bumped the timestamps of locked events containing object references.',
'change' => sprintf('Event timestamps updated: %s; Object timestamps updated: %s', count($event_ids), count($object_ids))
);
$this->Log->save($entry);
}
return true;
}
}

698
app/Model/Attribute.php
View File

@ -117,17 +117,17 @@ class Attribute extends AppModel
),
);
public $validFormats = array(
'openioc' => array('xml', 'OpeniocExport', 'ioc'),
'json' => array('json', 'JsonExport', 'json'),
'xml' => array('xml', 'XmlExport', 'xml'),
'suricata' => array('txt', 'NidsSuricataExport', 'rules'),
'snort' => array('txt', 'NidsSnortExport', 'rules'),
'text' => array('txt', 'TextExport', 'txt'),
'rpz' => array('rpz', 'RPZExport', 'rpz'),
'csv' => array('csv', 'CsvExport', 'csv'),
'cache' => array('txt', 'CacheExport', 'cache')
);
public $validFormats = array(
'openioc' => array('xml', 'OpeniocExport', 'ioc'),
'json' => array('json', 'JsonExport', 'json'),
'xml' => array('xml', 'XmlExport', 'xml'),
'suricata' => array('txt', 'NidsSuricataExport', 'rules'),
'snort' => array('txt', 'NidsSnortExport', 'rules'),
'text' => array('txt', 'TextExport', 'txt'),
'rpz' => array('rpz', 'RPZExport', 'rpz'),
'csv' => array('csv', 'CsvExport', 'csv'),
'cache' => array('txt', 'CacheExport', 'cache')
);
public $typeDefinitions = array(
'md5' => array('desc' => 'A checksum in md5 format', 'formdesc' => "You are encouraged to use filename|md5 instead. A checksum in md5 format, only use this if you don't know the correct filename", 'default_category' => 'Payload delivery', 'to_ids' => 1),
@ -615,10 +615,10 @@ class Attribute extends AppModel
public function afterSave($created, $options = array())
{
$passedEvent = false;
if (isset($options['parentEvent'])) {
$passedEvent = $options['parentEvent'];
}
$passedEvent = false;
if (isset($options['parentEvent'])) {
$passedEvent = $options['parentEvent'];
}
parent::afterSave($created, $options);
// update correlation...
if (isset($this->data['Attribute']['deleted']) && $this->data['Attribute']['deleted']) {
@ -1138,7 +1138,7 @@ class Attribute extends AppModel
case 'mutex':
case 'AS':
case 'snort':
case 'bro' :
case 'bro':
case 'pattern-in-file':
case 'pattern-in-traffic':
case 'pattern-in-memory':
@ -2093,41 +2093,41 @@ class Attribute extends AppModel
}
$temp = array();
if (!empty($tagArray[0])) {
if ($tagArray[0][0] === -1) {
$conditions[] = array('Event.id' => -1);
} else {
$subquery_options = array(
'conditions' => array(
'tag_id' => $tagArray[0]
),
'fields' => array(
'event_id'
)
);
$lookup_field = ($options['scope'] === 'Event') ? 'Event.id' : 'Attribute.event_id';
$temp = array_merge(
$temp,
$this->subQueryGenerator($tag->EventTag, $subquery_options, $lookup_field)
);
$subquery_options = array(
'conditions' => array(
'tag_id' => $tagArray[0]
),
'fields' => array(
$options['scope'] === 'Event' ? 'Event.id' : 'attribute_id'
)
);
$lookup_field = $options['scope'] === 'Event' ? 'Event.id' : 'Attribute.id';
$temp = array_merge(
$temp,
$this->subQueryGenerator($tag->AttributeTag, $subquery_options, $lookup_field)
);
}
if ($tagArray[0][0] === -1) {
$conditions[] = array('Event.id' => -1);
} else {
$subquery_options = array(
'conditions' => array(
'tag_id' => $tagArray[0]
),
'fields' => array(
'event_id'
)
);
$lookup_field = ($options['scope'] === 'Event') ? 'Event.id' : 'Attribute.event_id';
$temp = array_merge(
$temp,
$this->subQueryGenerator($tag->EventTag, $subquery_options, $lookup_field)
);
$subquery_options = array(
'conditions' => array(
'tag_id' => $tagArray[0]
),
'fields' => array(
$options['scope'] === 'Event' ? 'Event.id' : 'attribute_id'
)
);
$lookup_field = $options['scope'] === 'Event' ? 'Event.id' : 'Attribute.id';
$temp = array_merge(
$temp,
$this->subQueryGenerator($tag->AttributeTag, $subquery_options, $lookup_field)
);
}
}
if (!empty($temp)) {
$conditions['AND'][] = array('OR' => $temp);
}
$temp = array();
if (!empty($temp)) {
$conditions['AND'][] = array('OR' => $temp);
}
$temp = array();
if (!empty($tagArray[1])) {
if ($options['scope'] == 'all' || $options['scope'] == 'Event') {
$subquery_options = array(
@ -2193,7 +2193,7 @@ class Attribute extends AppModel
if ($eventId !== false) {
$conditions['AND'][] = array('Event.id' => $eventId);
} elseif ($tags !== false) {
$passed_param = array('tags' => $tags);
$passed_param = array('tags' => $tags);
$conditions = $this->set_filter_tags($passed_params, $conditions);
}
$attributes = $this->fetchAttributes($user, array(
@ -2249,7 +2249,7 @@ class Attribute extends AppModel
'conditions' => $tempConditions,
'fields' => array('Attribute.value'), // array of field names
'enforceWarninglist' => $enforceWarninglist,
'flatten' => 1
'flatten' => 1
)
);
if (empty($temp)) {
@ -2471,9 +2471,9 @@ class Attribute extends AppModel
// array 1 will have all of the non negated terms and array 2 all the negated terms
public function dissectArgs($args)
{
if (empty($args)) {
return array(0 => array(), 1 => array());
}
if (empty($args)) {
return array(0 => array(), 1 => array());
}
if (!is_array($args)) {
$args = explode('&&', $args);
}
@ -2790,44 +2790,44 @@ class Attribute extends AppModel
'Event' => array(
'fields' => array('id', 'info', 'org_id', 'orgc_id', 'uuid'),
),
'AttributeTag' => array('Tag' => array()),
'AttributeTag' => array('Tag' => array()),
'Object' => array(
'fields' => array('id', 'distribution', 'sharing_group_id')
)
)
);
if ($options['includeProposals']) {
$this->bindModel(
array('hasMany' => array(
'ShadowAttribute' => array(
'className' => 'ShadowAttribute',
'foreignKey' => 'old_id',
'conditions' => array('ShadowAttribute.deleted' => 0)
)
)
)
);
$params['contain']['ShadowAttribute'] = array('fields' => array(
"id",
"old_id",
"event_id",
"type",
"category",
"value1",
"to_ids",
"uuid",
"value2",
"org_id",
"event_org_id",
"comment",
"event_uuid",
"deleted",
"timestamp",
"proposal_to_delete",
"disable_correlation",
"value"
));
}
if ($options['includeProposals']) {
$this->bindModel(
array('hasMany' => array(
'ShadowAttribute' => array(
'className' => 'ShadowAttribute',
'foreignKey' => 'old_id',
'conditions' => array('ShadowAttribute.deleted' => 0)
)
)
)
);
$params['contain']['ShadowAttribute'] = array('fields' => array(
"id",
"old_id",
"event_id",
"type",
"category",
"value1",
"to_ids",
"uuid",
"value2",
"org_id",
"event_org_id",
"comment",
"event_uuid",
"deleted",
"timestamp",
"proposal_to_delete",
"disable_correlation",
"value"
));
}
if (empty($options['includeAllTags'])) {
$params['contain']['AttributeTag']['Tag']['conditions']['exportable'] = 1;
}
@ -2906,7 +2906,7 @@ class Attribute extends AppModel
if ($options['enforceWarninglist'] && !isset($this->warninglists)) {
$this->Warninglist = ClassRegistry::init('Warninglist');
$this->warninglists = $this->Warninglist->fetchForEventView();
$this->warninglists = $this->Warninglist->fetchForEventView();
}
if (empty($params['limit'])) {
$loopLimit = 50000;
@ -2918,9 +2918,9 @@ class Attribute extends AppModel
$pagesToFetch = 1;
}
$attributes = array();
if (!empty($options['includeEventTags'])) {
$eventTags = array();
}
if (!empty($options['includeEventTags'])) {
$eventTags = array();
}
while ($continue) {
if ($loop) {
$params['page'] = $params['page'] + 1;
@ -2930,20 +2930,20 @@ class Attribute extends AppModel
}
}
$results = $this->find('all', $params);
foreach ($results as $k => $result) {
if (!empty($result['AttributeTag'])) {
$tagCulled = false;
foreach ($result['AttributeTag'] as $k2 => $at) {
if (empty($at['Tag'])) {
unset($results[$k]['AttributeTag'][$k2]);
$tagCulled = true;
}
}
if ($tagCulled) {
$results[$k]['AttributeTag'] = array_values($results[$k]['AttributeTag']);
}
}
}
foreach ($results as $k => $result) {
if (!empty($result['AttributeTag'])) {
$tagCulled = false;
foreach ($result['AttributeTag'] as $k2 => $at) {
if (empty($at['Tag'])) {
unset($results[$k]['AttributeTag'][$k2]);
$tagCulled = true;
}
}
if ($tagCulled) {
$results[$k]['AttributeTag'] = array_values($results[$k]['AttributeTag']);
}
}
}
if (!$loop) {
if (!empty($params['limit']) && count($results) < $params['limit']) {
$continue = false;
@ -2957,9 +2957,9 @@ class Attribute extends AppModel
$results = array_values($results);
$proposals_block_attributes = Configure::read('MISP.proposals_block_attributes');
foreach ($results as $key => $attribute) {
if (!empty($options['includeEventTags'])) {
$results = $this->__attachEventTagsToAttributes($eventTags, $results, $key, $options);
}
if (!empty($options['includeEventTags'])) {
$results = $this->__attachEventTagsToAttributes($eventTags, $results, $key, $options);
}
if ($options['enforceWarninglist'] && !$this->Warninglist->filterWarninglistAttributes($this->warninglists, $attribute['Attribute'])) {
continue;
}
@ -2967,7 +2967,7 @@ class Attribute extends AppModel
$results[$key]['Attribute']['event_uuid'] = $results[$key]['Event']['uuid'];
}
if ($proposals_block_attributes) {
$results = $this->__blockAttributeViaProposal($results, $key);
$results = $this->__blockAttributeViaProposal($results, $key);
}
if ($options['withAttachments']) {
if ($this->typeIsAttachment($attribute['Attribute']['type'])) {
@ -2984,46 +2984,48 @@ class Attribute extends AppModel
return $attributes;
}
private function __attachEventTagsToAttributes($eventTags, &$results, $key, $options) {
if (!isset($eventTags[$results[$key]['Event']['id']])) {
$tagConditions = array('EventTag.event_id' => $results[$key]['Event']['id']);
if (empty($options['includeAllTags'])) {
$tagConditions['Tag.exportable'] = 1;
}
$temp = $this->Event->EventTag->find('all', array(
'recursive' => -1,
'contain' => array('Tag'),
'conditions' => $tagConditions
));
foreach ($temp as $tag) {
$tag['EventTag']['Tag'] = $tag['Tag'];
unset($tag['Tag']);
$eventTags[$results[$key]['Event']['id']][] = $tag;
}
}
foreach ($eventTags[$results[$key]['Event']['id']] as $eventTag) {
$results[$key]['EventTag'][] = $eventTag['EventTag'];
}
return $results;
}
private function __attachEventTagsToAttributes($eventTags, &$results, $key, $options)
{
if (!isset($eventTags[$results[$key]['Event']['id']])) {
$tagConditions = array('EventTag.event_id' => $results[$key]['Event']['id']);
if (empty($options['includeAllTags'])) {
$tagConditions['Tag.exportable'] = 1;
}
$temp = $this->Event->EventTag->find('all', array(
'recursive' => -1,
'contain' => array('Tag'),
'conditions' => $tagConditions
));
foreach ($temp as $tag) {
$tag['EventTag']['Tag'] = $tag['Tag'];
unset($tag['Tag']);
$eventTags[$results[$key]['Event']['id']][] = $tag;
}
}
foreach ($eventTags[$results[$key]['Event']['id']] as $eventTag) {
$results[$key]['EventTag'][] = $eventTag['EventTag'];
}
return $results;
}
private function __blockAttributeViaProposal(&$attributes, $k) {
if (!empty($attributes[$k]['ShadowAttribute'])) {
foreach ($attributes[$k]['ShadowAttribute'] as $sa) {
if ($sa['value'] === $attributes[$k]['Attribute']['value'] &&
$sa['type'] === $attributes[$k]['Attribute']['type'] &&
$sa['category'] === $attributes[$k]['Attribute']['category'] &&
$sa['to_ids'] == 0 &&
$attribute['to_ids'] == 1
) {
unset($attributes[$k]);
}
}
} else {
unset($attributes[$k]['ShadowAttribute']);
}
return $attributes;
}
private function __blockAttributeViaProposal(&$attributes, $k)
{
if (!empty($attributes[$k]['ShadowAttribute'])) {
foreach ($attributes[$k]['ShadowAttribute'] as $sa) {
if ($sa['value'] === $attributes[$k]['Attribute']['value'] &&
$sa['type'] === $attributes[$k]['Attribute']['type'] &&
$sa['category'] === $attributes[$k]['Attribute']['category'] &&
$sa['to_ids'] == 0 &&
$attribute['to_ids'] == 1
) {
unset($attributes[$k]);
}
}
} else {
unset($attributes[$k]['ShadowAttribute']);
}
return $attributes;
}
// Method gets and converts the contents of a file passed along as a base64 encoded string with the original filename into a zip archive
// The zip archive is then passed back as a base64 encoded string along with the md5 hash and a flag whether the transaction was successful
@ -3486,8 +3488,8 @@ class Attribute extends AppModel
unset($attribute['id']);
if (isset($attribute['encrypt'])) {
$result = $this->handleMaliciousBase64($eventId, $attribute['value'], $attribute['data'], array('md5'));
$attribute['data'] = $result['data'];
$attribute['value'] = $attribute['value'] . '|' . $result['md5'];
$attribute['data'] = $result['data'];
$attribute['value'] = $attribute['value'] . '|' . $result['md5'];
}
$fieldList = $this->captureFields;
$this->create();
@ -3497,12 +3499,12 @@ class Attribute extends AppModel
$attribute['distribution'] = 5;
}
}
$params = array(
'fieldList' => $fieldList
);
if (!empty($parentEvent)) {
$params['parentEvent'] = $parentEvent;
}
$params = array(
'fieldList' => $fieldList
);
if (!empty($parentEvent)) {
$params['parentEvent'] = $parentEvent;
}
if (!$this->save($attribute, $params)) {
$attribute_short = (isset($attribute['category']) ? $attribute['category'] : 'N/A') . '/' . (isset($attribute['type']) ? $attribute['type'] : 'N/A') . ' ' . (isset($attribute['value']) ? $attribute['value'] : 'N/A');
$log->create();
@ -3710,197 +3712,197 @@ class Attribute extends AppModel
return $adata;
}
public function buildFilterConditions($user, &$params)
{
$conditions = $this->buildConditions($user);
if (isset($params['wildcard'])) {
$temp = array();
$options = array(
'filter' => 'wildcard',
'scope' => 'Attribute',
'pop' => false,
'context' => 'Event'
);
$conditions['AND'][] = array('OR' => $this->Event->set_filter_wildcard_attributes($params, $temp, $options));
} else {
$attribute_conditions = array();
$object_conditions = array();
if (isset($params['ignore'])) {
$params['to_ids'] = array(0, 1);
$params['published'] = array(0, 1);
}
$simple_params = array(
'Attribute' => array(
'value' => array('function' => 'set_filter_value'),
'category' => array('function' => 'set_filter_simple_attribute'),
'type' => array('function' => 'set_filter_simple_attribute'),
'tags' => array('function' => 'set_filter_tags'),
'uuid' => array('function' => 'set_filter_uuid'),
'deleted' => array('function' => 'set_filter_deleted'),
'timestamp' => array('function' => 'set_filter_timestamp'),
'to_ids' => array('function' => 'set_filter_to_ids'),
'comment' => array('function' => 'set_filter_comment')
),
'Event' => array(
'eventid' => array('function' => 'set_filter_eventid'),
'eventinfo' => array('function' => 'set_filter_eventinfo'),
'ignore' => array('function' => 'set_filter_ignore'),
'from' => array('function' => 'set_filter_timestamp'),
'to' => array('function' => 'set_filter_timestamp'),
'last' => array('function' => 'set_filter_timestamp', 'pop' => true),
'timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
'event_timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
'publish_timestamp' => array('function' => 'set_filter_timestamp'),
'org' => array('function' => 'set_filter_org'),
'uuid' => array('function' => 'set_filter_uuid'),
'published' => array('function' => 'set_filter_published')
),
'Object' => array(
'object_name' => array('function' => 'set_filter_object_name'),
'deleted' => array('function' => 'set_filter_deleted')
)
);
foreach ($params as $param => $paramData) {
foreach ($simple_params as $scope => $simple_param_scoped) {
if (isset($simple_param_scoped[$param]) && $params[$param] !== false) {
$options = array(
'filter' => $param,
'scope' => $scope,
'pop' => !empty($simple_param_scoped[$param]['pop']),
'context' => 'Attribute'
);
$conditions = $this->Event->{$simple_param_scoped[$param]['function']}($params, $conditions, $options);
}
}
}
}
return $conditions;
}
public function buildFilterConditions($user, &$params)
{
$conditions = $this->buildConditions($user);
if (isset($params['wildcard'])) {
$temp = array();
$options = array(
'filter' => 'wildcard',
'scope' => 'Attribute',
'pop' => false,
'context' => 'Event'
);
$conditions['AND'][] = array('OR' => $this->Event->set_filter_wildcard_attributes($params, $temp, $options));
} else {
$attribute_conditions = array();
$object_conditions = array();
if (isset($params['ignore'])) {
$params['to_ids'] = array(0, 1);
$params['published'] = array(0, 1);
}
$simple_params = array(
'Attribute' => array(
'value' => array('function' => 'set_filter_value'),
'category' => array('function' => 'set_filter_simple_attribute'),
'type' => array('function' => 'set_filter_simple_attribute'),
'tags' => array('function' => 'set_filter_tags'),
'uuid' => array('function' => 'set_filter_uuid'),
'deleted' => array('function' => 'set_filter_deleted'),
'timestamp' => array('function' => 'set_filter_timestamp'),
'to_ids' => array('function' => 'set_filter_to_ids'),
'comment' => array('function' => 'set_filter_comment')
),
'Event' => array(
'eventid' => array('function' => 'set_filter_eventid'),
'eventinfo' => array('function' => 'set_filter_eventinfo'),
'ignore' => array('function' => 'set_filter_ignore'),
'from' => array('function' => 'set_filter_timestamp'),
'to' => array('function' => 'set_filter_timestamp'),
'last' => array('function' => 'set_filter_timestamp', 'pop' => true),
'timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
'event_timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
'publish_timestamp' => array('function' => 'set_filter_timestamp'),
'org' => array('function' => 'set_filter_org'),
'uuid' => array('function' => 'set_filter_uuid'),
'published' => array('function' => 'set_filter_published')
),
'Object' => array(
'object_name' => array('function' => 'set_filter_object_name'),
'deleted' => array('function' => 'set_filter_deleted')
)
);
foreach ($params as $param => $paramData) {
foreach ($simple_params as $scope => $simple_param_scoped) {
if (isset($simple_param_scoped[$param]) && $params[$param] !== false) {
$options = array(
'filter' => $param,
'scope' => $scope,
'pop' => !empty($simple_param_scoped[$param]['pop']),
'context' => 'Attribute'
);
$conditions = $this->Event->{$simple_param_scoped[$param]['function']}($params, $conditions, $options);
}
}
}
}
return $conditions;
}
public function restSearch($user, $returnFormat, $filters, $paramsOnly = false, $jobId = false, &$elementCounter = 0)
{
if (!isset($this->validFormats[$returnFormat][1])) {
throw new NotFoundException('Invalid output format.');
}
App::uses($this->validFormats[$returnFormat][1], 'Export');
$exportTool = new $this->validFormats[$returnFormat][1]();
if (empty($exportTool->non_restrictive_export)) {
if (!isset($filters['to_ids'])) {
$filters['to_ids'] = 1;
}
if (!isset($filters['published'])) {
$filters['published'] = 1;
}
}
if (!empty($filters['quickFilter'])) {
$filters['searchall'] = $filters['quickFilter'];
if (!empty($filters['value'])) {
unset($filters['value']);
}
}
if (isset($filters['searchall'])) {
if (!empty($filters['value'])) {
$filters['wildcard'] = $filters['value'];
unset($filters['value']);
} else {
$filters['wildcard'] = $filters['searchall'];
}
}
$conditions = $this->buildFilterConditions($user, $filters);
$params = array(
'conditions' => $conditions,
'fields' => array('Attribute.*', 'Event.org_id', 'Event.distribution'),
'withAttachments' => !empty($filters['withAttachments']) ? $filters['withAttachments'] : 0,
'enforceWarninglist' => !empty($filters['enforceWarninglist']) ? $filters['enforceWarninglist'] : 0,
'includeAllTags' => !empty($filters['includeAllTags']) ? $filters['includeAllTags'] : 0,
'flatten' => 1,
'includeEventUuid' => !empty($filters['includeEventUuid']) ? $filters['includeEventUuid'] : 0,
'includeEventTags' => !empty($filters['includeEventTags']) ? $filters['includeEventTags'] : 0,
'includeProposals' => !empty($filters['includeProposals']) ? $filters['includeProposals'] : 0
);
if (isset($filters['include_event_uuid'])) {
$params['includeEventUuid'] = $filters['include_event_uuid'];
}
if (isset($filters['limit'])) {
$params['limit'] = $filters['limit'];
}
if (isset($filters['page'])) {
$params['page'] = $filters['page'];
}
if (!empty($filtes['deleted'])) {
$params['deleted'] = 1;
if ($params['deleted'] === 'only') {
$params['conditions']['AND'][] = array('Attribute.deleted' => 1);
$params['conditions']['AND'][] = array('Object.deleted' => 1);
}
}
if ($paramsOnly) {
return $params;
}
if (!isset($this->validFormats[$returnFormat])) {
// this is where the new code path for the export modules will go
throw new MethodNotFoundException('Invalid export format.');
}
if (method_exists($exportTool, 'modify_params')) {
$params = $exportTool->modify_params($user, $params);
}
$exportToolParams = array(
'user' => $user,
'params' => $params,
'returnFormat' => $returnFormat,
'scope' => 'Attribute',
'filters' => $filters
);
if (!empty($exportTool->additional_params)) {
$params = array_merge($params, $exportTool->additional_params);
}
$tmpfile = tmpfile();
fwrite($tmpfile, $exportTool->header($exportToolParams));
$loop = false;
if (empty($params['limit'])) {
$memory_in_mb = $this->convert_to_memory_limit_to_mb(ini_get('memory_limit'));
$memory_scaling_factor = isset($exportTool->memory_scaling_factor) ? $exportTool->memory_scaling_factor : 100;
$params['limit'] = $memory_in_mb * $memory_scaling_factor;
$loop = true;
$params['page'] = 1;
}
$this->__iteratedFetch($user, $params, $loop, $tmpfile, $exportTool, $exportToolParams, $elementCounter);
fwrite($tmpfile, $exportTool->footer($exportToolParams));
fseek($tmpfile, 0);
$final = fread($tmpfile, fstat($tmpfile)['size']);
fclose($tmpfile);
return $final;
}
private function __iteratedFetch($user, &$params, &$loop, &$tmpfile, $exportTool, $exportToolParams, &$elementCounter = 0) {
$continue = true;
while ($continue) {
$this->Whitelist = ClassRegistry::init('Whitelist');
$results = $this->fetchAttributes($user, $params, $continue);
$params['page'] += 1;
$results = $this->Whitelist->removeWhitelistedFromArray($results, true);
$results = array_values($results);
$i = 0;
$temp = '';
foreach ($results as $attribute) {
$elementCounter++;
$temp .= $exportTool->handler($attribute, $exportToolParams);
if ($temp !== '') {
if ($i != count($results) -1) {
$temp .= $exportTool->separator($exportToolParams);
}
}
$i++;
}
if (!$loop) {
$continue = false;
}
if ($continue) {
$temp .= $exportTool->separator($exportToolParams);
}
fwrite($tmpfile, $temp);
}
return true;
}
public function restSearch($user, $returnFormat, $filters, $paramsOnly = false, $jobId = false, &$elementCounter = 0)
{
if (!isset($this->validFormats[$returnFormat][1])) {
throw new NotFoundException('Invalid output format.');
}
App::uses($this->validFormats[$returnFormat][1], 'Export');
$exportTool = new $this->validFormats[$returnFormat][1]();
if (empty($exportTool->non_restrictive_export)) {
if (!isset($filters['to_ids'])) {
$filters['to_ids'] = 1;
}
if (!isset($filters['published'])) {
$filters['published'] = 1;
}
}
if (!empty($filters['quickFilter'])) {
$filters['searchall'] = $filters['quickFilter'];
if (!empty($filters['value'])) {
unset($filters['value']);
}
}
if (isset($filters['searchall'])) {
if (!empty($filters['value'])) {
$filters['wildcard'] = $filters['value'];
unset($filters['value']);
} else {
$filters['wildcard'] = $filters['searchall'];
}
}
$conditions = $this->buildFilterConditions($user, $filters);
$params = array(
'conditions' => $conditions,
'fields' => array('Attribute.*', 'Event.org_id', 'Event.distribution'),
'withAttachments' => !empty($filters['withAttachments']) ? $filters['withAttachments'] : 0,
'enforceWarninglist' => !empty($filters['enforceWarninglist']) ? $filters['enforceWarninglist'] : 0,
'includeAllTags' => !empty($filters['includeAllTags']) ? $filters['includeAllTags'] : 0,
'flatten' => 1,
'includeEventUuid' => !empty($filters['includeEventUuid']) ? $filters['includeEventUuid'] : 0,
'includeEventTags' => !empty($filters['includeEventTags']) ? $filters['includeEventTags'] : 0,
'includeProposals' => !empty($filters['includeProposals']) ? $filters['includeProposals'] : 0
);
if (isset($filters['include_event_uuid'])) {
$params['includeEventUuid'] = $filters['include_event_uuid'];
}
if (isset($filters['limit'])) {
$params['limit'] = $filters['limit'];
}
if (isset($filters['page'])) {
$params['page'] = $filters['page'];
}
if (!empty($filtes['deleted'])) {
$params['deleted'] = 1;
if ($params['deleted'] === 'only') {
$params['conditions']['AND'][] = array('Attribute.deleted' => 1);
$params['conditions']['AND'][] = array('Object.deleted' => 1);
}
}
if ($paramsOnly) {
return $params;
}
if (!isset($this->validFormats[$returnFormat])) {
// this is where the new code path for the export modules will go
throw new MethodNotFoundException('Invalid export format.');
}
if (method_exists($exportTool, 'modify_params')) {
$params = $exportTool->modify_params($user, $params);
}
$exportToolParams = array(
'user' => $user,
'params' => $params,
'returnFormat' => $returnFormat,
'scope' => 'Attribute',
'filters' => $filters
);
if (!empty($exportTool->additional_params)) {
$params = array_merge($params, $exportTool->additional_params);
}
$tmpfile = tmpfile();
fwrite($tmpfile, $exportTool->header($exportToolParams));
$loop = false;
if (empty($params['limit'])) {
$memory_in_mb = $this->convert_to_memory_limit_to_mb(ini_get('memory_limit'));
$memory_scaling_factor = isset($exportTool->memory_scaling_factor) ? $exportTool->memory_scaling_factor : 100;
$params['limit'] = $memory_in_mb * $memory_scaling_factor;
$loop = true;
$params['page'] = 1;
}
$this->__iteratedFetch($user, $params, $loop, $tmpfile, $exportTool, $exportToolParams, $elementCounter);
fwrite($tmpfile, $exportTool->footer($exportToolParams));
fseek($tmpfile, 0);
$final = fread($tmpfile, fstat($tmpfile)['size']);
fclose($tmpfile);
return $final;
}
private function __iteratedFetch($user, &$params, &$loop, &$tmpfile, $exportTool, $exportToolParams, &$elementCounter = 0)
{
$continue = true;
while ($continue) {
$this->Whitelist = ClassRegistry::init('Whitelist');
$results = $this->fetchAttributes($user, $params, $continue);
$params['page'] += 1;
$results = $this->Whitelist->removeWhitelistedFromArray($results, true);
$results = array_values($results);
$i = 0;
$temp = '';
foreach ($results as $attribute) {
$elementCounter++;
$temp .= $exportTool->handler($attribute, $exportToolParams);
if ($temp !== '') {
if ($i != count($results) -1) {
$temp .= $exportTool->separator($exportToolParams);
}
}
$i++;
}
if (!$loop) {
$continue = false;
}
if ($continue) {
$temp .= $exportTool->separator($exportToolParams);
}
fwrite($tmpfile, $temp);
}
return true;
}
}

1536
app/Model/Event.php
View File

File diff suppressed because it is too large Load Diff

30
app/Model/Feed.php
View File

@ -229,7 +229,7 @@ class Feed extends AppModel
if ($doFetch) {
$fetchIssue = false;
try {
$request = $this->__createFeedRequest($feed['Feed']['headers']);
$request = $this->__createFeedRequest($feed['Feed']['headers']);
$response = $this->__getRecursive($feed['Feed']['url'], '', $request);
//$response = $HttpSocket->get($feed['Feed']['url'], '', array());
} catch (Exception $e) {
@ -479,9 +479,9 @@ class Feed extends AppModel
foreach ($actions['edit'] as $editTarget) {
$uuid = $editTarget['uuid'];
$result = $this->__updateEventFromFeed($HttpSocket, $feed, $editTarget['uuid'], $editTarget['id'], $user, $filterRules);
if ($result === 'blocked') {
continue;
}
if ($result === 'blocked') {
continue;
}
$this->__cleanupFile($feed, '/' . $uuid . '.json');
if ($result === true) {
$results['edit']['success'] = $uuid;
@ -865,16 +865,16 @@ class Feed extends AppModel
}
$temp = $this->getFreetextFeed($this->data, $HttpSocket, $this->data['Feed']['source_format'], 'all');
$data = array();
if (!empty($temp)) {
foreach ($temp as $key => $value) {
$data[] = array(
'category' => $value['category'],
'type' => $value['default_type'],
'value' => $value['value'],
'to_ids' => $value['to_ids']
);
}
}
if (!empty($temp)) {
foreach ($temp as $key => $value) {
$data[] = array(
'category' => $value['category'],
'type' => $value['default_type'],
'value' => $value['value'],
'to_ids' => $value['to_ids']
);
}
}
if ($jobId) {
$job->saveField('progress', 50);
$job->saveField('message', 'Saving data.');
@ -1227,7 +1227,7 @@ class Feed extends AppModel
$feeds = $this->find('all', array(
'recursive' => -1,
'fields' => $fields,
'conditions' => array('Feed.caching_enabled' => 1)
'conditions' => array('Feed.caching_enabled' => 1)
));
// we'll use this later for the intersect
$fields[] = 'values';

12
app/Model/Galaxy.php
View File

@ -129,9 +129,9 @@ class Galaxy extends AppModel
// create all clusters
foreach ($cluster_package['values'] as $cluster) {
if (empty($cluster['version'])) {
$cluster['version'] = 1;
}
if (empty($cluster['version'])) {
$cluster['version'] = 1;
}
$template['version'] = $cluster['version'];
$this->GalaxyCluster->create();
$cluster_to_save = $template;
@ -141,9 +141,9 @@ class Galaxy extends AppModel
}
$cluster_to_save['value'] = $cluster['value'];
$cluster_to_save['tag_name'] = $cluster_to_save['tag_name'] . $cluster['value'] . '"';
if (!empty($cluster['uuid'])) {
$cluster_to_save['uuid'] = $cluster['uuid'];
}
if (!empty($cluster['uuid'])) {
$cluster_to_save['uuid'] = $cluster['uuid'];
}
unset($cluster['value']);
if (empty($cluster_to_save['description'])) {
$cluster_to_save['description'] = '';

12
app/Model/GalaxyCluster.php
View File

@ -24,7 +24,7 @@ class GalaxyCluster extends AppModel
)
);
private $__clusterCache = array();
private $__clusterCache = array();
public $hasMany = array(
'GalaxyElement' => array('dependent' => true),
@ -91,7 +91,7 @@ class GalaxyCluster extends AppModel
$newCluster = array_intersect_key($cluster, array_flip(array('value', 'description')));
$newCluster['galaxy_id'] = $id;
$newCluster['type'] = $galaxy['type'];
$newCluster['collection_uuid'] = $newCluster['uuid'];
$newCluster['collection_uuid'] = $newCluster['uuid'];
$toSave[] = $newCluster;
}
$final = array();
@ -146,9 +146,9 @@ class GalaxyCluster extends AppModel
if (is_numeric($name)) {
$conditions = array('GalaxyCluster.id' => $name);
}
if (isset($this->__clusterCache[$name])) {
return $this->__clusterCache[$name];
}
if (isset($this->__clusterCache[$name])) {
return $this->__clusterCache[$name];
}
$objects = array('Galaxy', 'GalaxyElement');
$cluster = $this->find('first', array(
'conditions' => $conditions,
@ -184,7 +184,7 @@ class GalaxyCluster extends AppModel
}
$cluster['GalaxyCluster']['meta'] = $elements;
}
$this->__clusterCache[$name] = $cluster;
$this->__clusterCache[$name] = $cluster;
return $cluster;
}

38
app/Model/Job.php
View File

@ -39,29 +39,29 @@ class Job extends AppModel
'org_id' => $user['Role']['perm_site_admin'] ? 0 : $user['org_id'],
'message' => 'Fetching events.',
);
$this->save($data);
$id = $this->id;
$this->Event = ClassRegistry::init('Event');
if (in_array($type, array_keys($this->Event->export_types))) {
$process_id = CakeResque::enqueue(
'cache',
$shell . 'Shell',
array('cache', $user['id'], $id, $type),
true
);
} else if ($type === 'bro') {
$this->save($data);
$id = $this->id;
$this->Event = ClassRegistry::init('Event');
if (in_array($type, array_keys($this->Event->export_types))) {
$process_id = CakeResque::enqueue(
'cache',
$shell . 'Shell',
array('cache', $user['id'], $id, $type),
true
);
} elseif ($type === 'bro') {
$extra = $type;
$type = 'bro';
$extra2 = isset($user['nids_sid']) ? $user['nids_sid'] : 0;
$process_id = CakeResque::enqueue(
'cache',
$shell . 'Shell',
array('cache' . $type, $user['id'], $id, $extra, $extra2),
true
);
$process_id = CakeResque::enqueue(
'cache',
$shell . 'Shell',
array('cache' . $type, $user['id'], $id, $extra, $extra2),
true
);
} else {
throw new MethodNotAllowedException('Invalid export type.');
}
throw new MethodNotAllowedException('Invalid export type.');
}
$this->saveField('process_id', $process_id);
return $id;
}

22
app/Model/MispObject.php
View File

@ -47,17 +47,17 @@ class MispObject extends AppModel
);
public $validate = array(
'uuid' => array(
'uuid' => array(
'rule' => array('custom', '/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/'),
'message' => 'Please provide a valid UUID'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'The UUID provided is not unique',
'required' => 'create'
)
)
'uuid' => array(
'uuid' => array(
'rule' => array('custom', '/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/'),
'message' => 'Please provide a valid UUID'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'The UUID provided is not unique',
'required' => 'create'
)
)
);
public function beforeValidate($options = array())

8
app/Model/Module.php
View File

@ -222,10 +222,10 @@ class Module extends AppModel
if ($post) {
$response = $httpSocket->post($url . $uri, $post, $request);
} else {
if ($moduleFamily == 'Cortex') {
unset($request['header']['Content-Type']);
}
$response = $httpSocket->get($url . $uri, false, $request);
if ($moduleFamily == 'Cortex') {
unset($request['header']['Content-Type']);
}
$response = $httpSocket->get($url . $uri, false, $request);
}
return json_decode($response->body, true);
} catch (Exception $e) {

54
app/Model/Organisation.php
View File

@ -16,7 +16,7 @@ class Organisation extends AppModel
),
);
private $__orgCache = array();
private $__orgCache = array();
public $validate = array(
'name' => array(
@ -377,28 +377,32 @@ class Organisation extends AppModel
return (empty($org)) ? false : $org[$this->alias];
}
public function attachOrgsToEvent($event, $fields)
{
if (empty($this->__orgCache[$event['Event']['orgc_id']])) {
$temp = $this->find('first', array(
'conditions' => array('id' => $event['Event']['orgc_id']),
'recursive' => -1,
'fields' => $fields
));
if (!empty($temp)) $temp = $temp[$this->alias];
$this->__orgCache[$event['Event']['orgc_id']] = $temp;
}
$event['Orgc'] = $this->__orgCache[$event['Event']['orgc_id']];
if (empty($this->__orgCache[$event['Event']['org_id']])) {
$temp = $this->find('first', array(
'conditions' => array('id' => $event['Event']['org_id']),
'recursive' => -1,
'fields' => $fields
));
if (!empty($temp)) $temp = $temp[$this->alias];
$this->__orgCache[$event['Event']['org_id']] = $temp;
}
$event['Org'] = $this->__orgCache[$event['Event']['org_id']];
return $event;
}
public function attachOrgsToEvent($event, $fields)
{
if (empty($this->__orgCache[$event['Event']['orgc_id']])) {
$temp = $this->find('first', array(
'conditions' => array('id' => $event['Event']['orgc_id']),
'recursive' => -1,
'fields' => $fields
));
if (!empty($temp)) {
$temp = $temp[$this->alias];
}
$this->__orgCache[$event['Event']['orgc_id']] = $temp;
}
$event['Orgc'] = $this->__orgCache[$event['Event']['orgc_id']];
if (empty($this->__orgCache[$event['Event']['org_id']])) {
$temp = $this->find('first', array(
'conditions' => array('id' => $event['Event']['org_id']),
'recursive' => -1,
'fields' => $fields
));
if (!empty($temp)) {
$temp = $temp[$this->alias];
}
$this->__orgCache[$event['Event']['org_id']] = $temp;
}
$event['Org'] = $this->__orgCache[$event['Event']['org_id']];
return $event;
}
}

190
app/Model/Server.php
View File

@ -1823,7 +1823,7 @@ class Server extends AppModel
} elseif (is_string($eventIds)) {
return array('error' => array(2, $eventIds));
}
$eventModel = ClassRegistry::init('Event');
$eventModel = ClassRegistry::init('Event');
$local_event_ids = $eventModel->find('list', array(
'fields' => array('uuid'),
'recursive' => -1,
@ -1919,7 +1919,8 @@ class Server extends AppModel
$event = $eventModel->downloadEventFromServer(
$eventId,
$server
);;
);
;
if (!empty($event)) {
if ($this->__checkIfEventIsBlockedBeforePull($event)) {
return false;
@ -2004,27 +2005,27 @@ class Server extends AppModel
// if we are downloading a single event, don't fetch all proposals
$conditions = is_numeric($technique) ? array('Event.id' => $technique) : array();
$eventIds = $this->__getEventIdListBasedOnPullTechnique($technique, $server);
if (!empty($eventIds['error'])) {
$errors = array(
'1' => __('Not authorised. This is either due to an invalid auth key, or due to the sync user not having authentication permissions enabled on the remote server. Another reason could be an incorrect sync server setting.'),
'2' => $eventIds['error'][1],
'3' => __('Sorry, this is not yet implemented'),
'4' => __('Something went wrong while trying to pull')
);
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'error',
'user_id' => $user['id'],
'title' => 'Failed pull from ' . $server['Server']['url'] . ' initiated by ' . $email,
'change' => !empty($errors[$eventIds['error'][0]]) ? $errors[$eventIds['error'][0]] : __('Unknown issue.')
));
return !empty($errors[$eventIds['error'][0]]) ? $errors[$eventIds['error'][0]] : __('Unknown issue.');
}
if (!empty($eventIds['error'])) {
$errors = array(
'1' => __('Not authorised. This is either due to an invalid auth key, or due to the sync user not having authentication permissions enabled on the remote server. Another reason could be an incorrect sync server setting.'),
'2' => $eventIds['error'][1],
'3' => __('Sorry, this is not yet implemented'),
'4' => __('Something went wrong while trying to pull')
);
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'error',
'user_id' => $user['id'],
'title' => 'Failed pull from ' . $server['Server']['url'] . ' initiated by ' . $email,
'change' => !empty($errors[$eventIds['error'][0]]) ? $errors[$eventIds['error'][0]] : __('Unknown issue.')
));
return !empty($errors[$eventIds['error'][0]]) ? $errors[$eventIds['error'][0]] : __('Unknown issue.');
}
$successes = array();
$fails = array();
// now process the $eventIds to pull each of the events sequentially
@ -2039,22 +2040,22 @@ class Server extends AppModel
}
}
}
if (!empty($fails)) {
$this->Log = ClassRegistry::init('Log');
foreach ($fails as $eventid => $message) {
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'pull',
'user_id' => $user['id'],
'title' => 'Failed to pull event #' . $eventid . '.',
'change' => 'Reason:' . $message
));
}
}
if (!empty($fails)) {
$this->Log = ClassRegistry::init('Log');
foreach ($fails as $eventid => $message) {
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'pull',
'user_id' => $user['id'],
'title' => 'Failed to pull event #' . $eventid . '.',
'change' => 'Reason:' . $message
));
}
}
if ($jobId) {
$job->saveField('message', 'Pulling proposals.');
}
@ -2063,7 +2064,7 @@ class Server extends AppModel
'recursive' => -1,
'conditions' => $conditions
));
$pulledProposals = array();
$pulledProposals = array();
if (!empty($events)) {
$proposals = $eventModel->downloadProposalsFromServer($events, $server);
$pulledProposals = $this->__handlePulledProposals($proposals, $events, $job, $jobId, $eventModel, $user);
@ -2201,32 +2202,32 @@ class Server extends AppModel
$this->Event = ClassRegistry::init('Event');
$this->read(null, $id);
$url = $this->data['Server']['url'];
$push = $this->checkVersionCompatibility($id, $user);
if (isset($push['canPush']) && !$push['canPush']) {
$push = 'Remote instance is outdated.';
}
if (!is_array($push)) {
$message = sprintf('Push to server %s failed. Reason: %s', $id, $push);
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'error',
'user_id' => $user['id'],
'title' => 'Failed: Push to ' . $url . ' initiated by ' . $user['email'],
'change' => $message
));
if ($jobId) {
$job->id = $jobId;
$job->saveField('progress', 100);
$job->saveField('message', $message);
$job->saveField('status', 4);
}
return $push;
}
$push = $this->checkVersionCompatibility($id, $user);
if (isset($push['canPush']) && !$push['canPush']) {
$push = 'Remote instance is outdated.';
}
if (!is_array($push)) {
$message = sprintf('Push to server %s failed. Reason: %s', $id, $push);
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'error',
'user_id' => $user['id'],
'title' => 'Failed: Push to ' . $url . ' initiated by ' . $user['email'],
'change' => $message
));
if ($jobId) {
$job->id = $jobId;
$job->saveField('progress', 100);
$job->saveField('message', $message);
$job->saveField('status', 4);
}
return $push;
}
if ("full" == $technique) {
$eventid_conditions_key = 'Event.id >';
$eventid_conditions_value = 0;
@ -2360,7 +2361,7 @@ class Server extends AppModel
} else {
return array($successes, $fails);
}
return true;
return true;
}
public function getEventIdsForPush($id, $HttpSocket, $eventIds, $user)
@ -2719,10 +2720,9 @@ class Server extends AppModel
} else {
return 'Binary file not executable. It is of type: ' . finfo_file($finfo, $value);
}
}
else {
} else {
return false;
}
}
}
public function testForWritableDir($value)
@ -3403,34 +3403,34 @@ class Server extends AppModel
try {
$response = $HttpSocket->get($uri, '', $request);
} catch (Exception $e) {
$error = $e->getMessage;
$error = $e->getMessage;
}
if (!isset($response) || $response->code != '200') {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
if (isset($response->code)) {
$title = 'Error: Connection to the server has failed.' . (isset($response->code) ? ' Returned response code: ' . $response->code : '');
} else {
$title = 'Error: Connection to the server has failed. The returned exception\'s error message was: ' . $e->getMessage();
}
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'error',
'user_id' => $user['id'],
'title' => $title
));
return $title;
}
if (!isset($response) || $response->code != '200') {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
if (isset($response->code)) {
$title = 'Error: Connection to the server has failed.' . (isset($response->code) ? ' Returned response code: ' . $response->code : '');
} else {
$title = 'Error: Connection to the server has failed. The returned exception\'s error message was: ' . $e->getMessage();
}
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
'model_id' => $id,
'email' => $user['email'],
'action' => 'error',
'user_id' => $user['id'],
'title' => $title
));
return $title;
}
$remoteVersion = json_decode($response->body, true);
$canPush = isset($remoteVersion['perm_sync']) ? $remoteVersion['perm_sync'] : false;
$remoteVersion = explode('.', $remoteVersion['version']);
if (!isset($remoteVersion[0])) {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$message = __('Error: Server didn\'t send the expected response. This may be because the remote server version is outdated.');
$message = __('Error: Server didn\'t send the expected response. This may be because the remote server version is outdated.');
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Server',
@ -3796,10 +3796,10 @@ class Server extends AppModel
}
}
$worker_array['proc_accessible'] = $procAccessible;
$worker_array['controls'] = 1;
if (Configure::check('MISP.manage_workers')) {
$worker_array['controls'] = Configure::read('MISP.manage_workers');
}
$worker_array['controls'] = 1;
if (Configure::check('MISP.manage_workers')) {
$worker_array['controls'] = Configure::read('MISP.manage_workers');
}
return $worker_array;
}

56
app/Model/SharingGroup.php
View File

@ -53,7 +53,7 @@ class SharingGroup extends AppModel
)
);
private $__sgoCache = array();
private $__sgoCache = array();
public function beforeValidate($options = array())
@ -156,12 +156,12 @@ class SharingGroup extends AppModel
array(
'fields' => array(
'SharingGroup.id',
'SharingGroup.uuid',
'SharingGroup.modified',
'SharingGroup.uuid',
'SharingGroup.modified',
'SharingGroup.name',
'SharingGroup.releasability',
'SharingGroup.description',
'SharingGroup.org_id'
'SharingGroup.org_id'
),
'contain' => array()
),
@ -181,30 +181,30 @@ class SharingGroup extends AppModel
'fields' => $fieldsSharingGroup[$permissionTree]['fields'],
'order' => 'SharingGroup.name ASC'
));
foreach ($sgs as &$sg) {
if (!isset($this->__sgoCache[$sg['SharingGroup']['org_id']])) {
$this->__sgoCache[$sg['SharingGroup']['org_id']] = $this->Organisation->find('first', array(
'recursive' => -1,
'fields' => $fieldsOrg,
'conditions' => array('id' => $sg['SharingGroup']['org_id'])
));
}
$sg['Organisation'] = $this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation'];
if (!empty($sg['SharingGroupOrg'])) {
foreach ($sg['SharingGroupOrg'] as &$sgo) {
if (!isset($this->__sgoCache[$sgo['org_id']])) {
$this->__sgoCache[$sgo['org_id']] = $this->Organisation->find('first', array(
'recursive' => -1,
'fields' => $fieldsOrg,
'conditions' => array('id' => $sgo['org_id'])
));
}
if (!empty($this->__sgoCache[$sgo['org_id']]['Organisation'])) {
$sgo['Organisation'] = $this->__sgoCache[$sgo['org_id']]['Organisation'];
}
}
}
}
foreach ($sgs as &$sg) {
if (!isset($this->__sgoCache[$sg['SharingGroup']['org_id']])) {
$this->__sgoCache[$sg['SharingGroup']['org_id']] = $this->Organisation->find('first', array(
'recursive' => -1,
'fields' => $fieldsOrg,
'conditions' => array('id' => $sg['SharingGroup']['org_id'])
));
}
$sg['Organisation'] = $this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation'];
if (!empty($sg['SharingGroupOrg'])) {
foreach ($sg['SharingGroupOrg'] as &$sgo) {
if (!isset($this->__sgoCache[$sgo['org_id']])) {
$this->__sgoCache[$sgo['org_id']] = $this->Organisation->find('first', array(
'recursive' => -1,
'fields' => $fieldsOrg,
'conditions' => array('id' => $sgo['org_id'])
));
}
if (!empty($this->__sgoCache[$sgo['org_id']]['Organisation'])) {
$sgo['Organisation'] = $this->__sgoCache[$sgo['org_id']]['Organisation'];
}
}
}
}
return $sgs;
} elseif ($scope == 'name') {
$sgs = $this->find('list', array(

14
app/Model/Sighting.php
View File

@ -299,7 +299,7 @@ class Sighting extends AppModel
'source' => $source
);
// zeroq: allow setting a specific uuid
if($sighting_uuid) {
if ($sighting_uuid) {
$sighting['uuid'] = $sighting_uuid;
// check if sighting with given uuid already exists
$existing_sighting = $this->find('first', array(
@ -468,7 +468,7 @@ class Sighting extends AppModel
$timeCondition = array($filters['from'], $filters['to']);
unset($filters['from']);
unset($filters['to']);
} else if (isset($filters['last'])) {
} elseif (isset($filters['last'])) {
$timeCondition = $filters['last'];
unset($filters['last']);
} else {
@ -490,7 +490,7 @@ class Sighting extends AppModel
if ($filters['context'] === 'attribute') {
$conditions['Sighting.attribute_id'] = $filters['id'];
} else if ($filters['context'] === 'event') {
} elseif ($filters['context'] === 'event') {
$conditions['Sighting.event_id'] = $filters['id'];
}
@ -508,20 +508,20 @@ class Sighting extends AppModel
$allowedSightings = array();
$additional_attribute_added = false;
$additional_event_added = false;
foreach($sightings as $sid) {
foreach ($sightings as $sid) {
$sight = $this->getSighting($sid, $user);
$sight['Sighting']['value'] = $sight['Sighting']['Attribute']['value'];
$sight['Sighting']['value'] = $sight['Sighting']['Attribute']['value'];
// by default, do not include event and attribute
if (!isset($filters['includeAttribute']) || !$filters['includeAttribute']) {
unset($sight["Sighting"]["Attribute"]);
} else if (!$additional_attribute_added) {
} elseif (!$additional_attribute_added) {
$filters['requested_attributes'] = array_merge($filters['requested_attributes'], array('attribute_uuid', 'attribute_type', 'attribute_category', 'attribute_to_ids', 'attribute_value'));
$additional_attribute_added = true;
}
if (!isset($filters['includeEvent']) || !$filters['includeEvent']) {
unset($sight["Sighting"]["Event"]);
} else if (!$additional_event_added) {
} elseif (!$additional_event_added) {
$filters['requested_attributes'] = array_merge($filters['requested_attributes'], array('event_uuid', 'event_orgc_id', 'event_org_id', 'event_info', 'event_Orgc_name'));
$additional_event_added = true;
}

2
app/Model/Tag.php
View File

@ -197,7 +197,7 @@ class Tag extends AppModel
$ids = array();
$tag_ids = array();
if (!is_array($array)) {
$array = array($array);
$array = array($array);
}
foreach ($array as $k => $tag) {
if (is_numeric($tag)) {

26
app/Model/Taxonomy.php
View File

@ -147,9 +147,9 @@ class Taxonomy extends AppModel
if (isset($entry['colour']) && !empty($entry['colour'])) {
$temp['colour'] = $entry['colour'];
}
if (isset($entry['numerical_value']) && $entry['numerical_value'] !== null) {
$temp['numerical_value'] = $entry['numerical_value'];
}
if (isset($entry['numerical_value']) && $entry['numerical_value'] !== null) {
$temp['numerical_value'] = $entry['numerical_value'];
}
$entries[] = $temp;
}
} else {
@ -158,9 +158,9 @@ class Taxonomy extends AppModel
if (isset($predicate['colour']) && !empty($predicate['colour'])) {
$temp['colour'] = $predicate['colour'];
}
if (isset($predicate['numerical_value']) && $predicate['numerical_value'] !== null) {
$temp['numerical_value'] = $predicate['numerical_value'];
}
if (isset($predicate['numerical_value']) && $predicate['numerical_value'] !== null) {
$temp['numerical_value'] = $predicate['numerical_value'];
}
$entries[] = $temp;
}
}
@ -274,19 +274,19 @@ class Taxonomy extends AppModel
if (isset($tags[strtoupper($entry['tag'])])) {
$temp = $tags[strtoupper($entry['tag'])];
if (
(!in_array('colour', $skipUpdateFields) && $temp['Tag']['colour'] != $colours[$k]) ||
(!in_array('name', $skipUpdateFields) && $temp['Tag']['name'] !== $entry['tag']) ||
(!in_array('numerical_value', $skipUpdateFields) && isset($entry['numerical_value']) && isset($temp['Tag']['numerical_value']) && $temp['Tag']['numerical_value'] !== $entry['numerical_value'])
) {
(!in_array('colour', $skipUpdateFields) && $temp['Tag']['colour'] != $colours[$k]) ||
(!in_array('name', $skipUpdateFields) && $temp['Tag']['name'] !== $entry['tag']) ||
(!in_array('numerical_value', $skipUpdateFields) && isset($entry['numerical_value']) && isset($temp['Tag']['numerical_value']) && $temp['Tag']['numerical_value'] !== $entry['numerical_value'])
) {
if (!in_array('colour', $skipUpdateFields)) {
$temp['Tag']['colour'] = (isset($entry['colour']) && !empty($entry['colour'])) ? $entry['colour'] : $colours[$k];
}
if (!in_array('name', $skipUpdateFields)) {
$temp['Tag']['name'] = $entry['tag'];
}
if (!in_array('numerical_value', $skipUpdateFields)) {
$temp['Tag']['numerical_value'] = $entry['numerical_value'];
}
if (!in_array('numerical_value', $skipUpdateFields)) {
$temp['Tag']['numerical_value'] = $entry['numerical_value'];
}
$this->Tag->save($temp['Tag']);
}
}

6
app/Model/TaxonomyEntry.php
View File

@ -26,9 +26,9 @@ class TaxonomyEntry extends AppModel
public function beforeValidate($options = array())
{
if (empty($this->data['TaxonomyEntry']['expanded'])) {
$this->data['TaxonomyEntry']['expanded'] = $this->data['TaxonomyEntry']['value'];
}
if (empty($this->data['TaxonomyEntry']['expanded'])) {
$this->data['TaxonomyEntry']['expanded'] = $this->data['TaxonomyEntry']['value'];
}
parent::beforeValidate();
return true;
}

6
app/Model/TaxonomyPredicate.php
View File

@ -28,9 +28,9 @@ class TaxonomyPredicate extends AppModel
public function beforeValidate($options = array())
{
if (empty($this->data['TaxonomyPredicate']['expanded'])) {
$this->data['TaxonomyPredicate']['expanded'] = $this->data['TaxonomyPredicate']['value'];
}
if (empty($this->data['TaxonomyPredicate']['expanded'])) {
$this->data['TaxonomyPredicate']['expanded'] = $this->data['TaxonomyPredicate']['value'];
}
parent::beforeValidate();
return true;
}

54
app/Model/User.php
View File

@ -273,33 +273,33 @@ class User extends AppModel
{
if (Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_user_notifications_enable')) {
$pubSubTool = $this->getPubSubTool();
if (!empty($this->data)) {
$user = $this->data;
if (!isset($user['User'])) {
$user['User'] = $user;
}
$action = $created ? 'edit' : 'add';
if (isset($user['User']['action'])) {
$action = $user['User']['action'];
}
if (isset($user['User']['id'])) {
$user = $this->find('first', array(
'recursive' => -1,
'conditions' => array('User.id' => $user['User']['id']),
'fields' => array('id', 'email', 'last_login', 'org_id', 'termsaccepted', 'autoalert', 'newsread', 'disabled'),
'contain' => array(
'Organisation' => array(
'fields' => array('Organisation.id', 'Organisation.name', 'Organisation.description', 'Organisation.uuid', 'Organisation.nationality', 'Organisation.sector', 'Organisation.type', 'Organisation.local')
)
)
));
}
if (isset($user['User']['password'])) {
unset($user['User']['password']);
unset($user['User']['confirm_password']);
}
$pubSubTool->modified($user, 'user', $action);
}
if (!empty($this->data)) {
$user = $this->data;
if (!isset($user['User'])) {
$user['User'] = $user;
}
$action = $created ? 'edit' : 'add';
if (isset($user['User']['action'])) {
$action = $user['User']['action'];
}
if (isset($user['User']['id'])) {
$user = $this->find('first', array(
'recursive' => -1,
'conditions' => array('User.id' => $user['User']['id']),
'fields' => array('id', 'email', 'last_login', 'org_id', 'termsaccepted', 'autoalert', 'newsread', 'disabled'),
'contain' => array(
'Organisation' => array(
'fields' => array('Organisation.id', 'Organisation.name', 'Organisation.description', 'Organisation.uuid', 'Organisation.nationality', 'Organisation.sector', 'Organisation.type', 'Organisation.local')
)
)
));
}
if (isset($user['User']['password'])) {
unset($user['User']['password']);
unset($user['User']['confirm_password']);
}
$pubSubTool->modified($user, 'user', $action);
}
}
return true;
}

23
app/Model/Warninglist.php
View File

@ -355,17 +355,18 @@ class Warninglist extends AppModel
return false;
}
public function quickCheckValue($listValues, $value, $type) {
$typeMapping = array(
'cidr' => '__evalCIDRList',
'string' => '__evalString',
'substring' => '__evalSubString',
'hostname' => '__evalHostname',
'regex' => '__evalRegex'
);
$result = $this->{$typeMapping[$type]}($listValues, $value);
return (!empty($result) ? 1 : false);
}
public function quickCheckValue($listValues, $value, $type)
{
$typeMapping = array(
'cidr' => '__evalCIDRList',
'string' => '__evalString',
'substring' => '__evalSubString',
'hostname' => '__evalHostname',
'regex' => '__evalRegex'
);
$result = $this->{$typeMapping[$type]}($listValues, $value);
return (!empty($result) ? 1 : false);
}
// This requires an IP type attribute in a non CIDR notation format
// For the future we can expand this to look for CIDR overlaps?

16
app/Model/Whitelist.php
View File

@ -17,7 +17,7 @@ class Whitelist extends AppModel
),
);
public $whitelistedItems = false;
public $whitelistedItems = false;
public $validate = array(
'name' => array(
@ -68,13 +68,13 @@ class Whitelist extends AppModel
public function getBlockedValues()
{
if ($this->whitelistedItems !== false) {
$Whitelists = $this->find('all', array('fields' => array('name')));
$this->whitelistedItems = array();
foreach ($Whitelists as $item) {
$this->whitelistedItems[] = $item['Whitelist']['name'];
}
}
if ($this->whitelistedItems !== false) {
$Whitelists = $this->find('all', array('fields' => array('name')));
$this->whitelistedItems = array();
foreach ($Whitelists as $item) {
$this->whitelistedItems[] = $item['Whitelist']['name'];
}
}
return $this->whitelistedItems;
}