MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fixed a serious issue with the snort/suricata export which would keep appending all eligible attributes over and over to the file instead of properly fetching them event by event resulting in a massive export file

pull/796/head
iglocska 2015-12-23 00:51:57 +01:00
parent 181566bafb
commit 3061b37fc3
4 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Console/Command/EventShell.php
View File

@ -210,8 +210,7 @@ class EventShell extends AppShell
$this->Job->id = $id;
$format = $this->args[2];
$sid = $this->args[3];
// TEMP: change to passing an options array with the user!!
$eventIds = $this->Event->fetchEventIds($user);
$eventIds = array_values($this->Event->fetchEventIds($user, false, false, false, true));
$eventCount = count($eventIds);
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $format);
if ($user['Role']['perm_site_admin']) {
@ -222,9 +221,9 @@ class EventShell extends AppShell
$file->write('');
foreach ($eventIds as $k => $eventId) {
if ($k == 0) {
$temp = $this->Attribute->nids($user, $format, $eventId['Event']['id']);
$temp = $this->Attribute->nids($user, $format, $eventId);
} else {
$temp = $this->Attribute->nids($user, $format, $eventId['Event']['id'], true);
$temp = $this->Attribute->nids($user, $format, $eventId, true);
}
foreach ($temp as $line) {
$file->append($line . PHP_EOL);

13
app/Model/Attribute.php
View File

@ -1362,11 +1362,6 @@ class Attribute extends AppModel {
$tag = ClassRegistry::init('Tag');
$args = $this->dissectArgs($tags);
$tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
if ($id) {
foreach ($eventIds as $k => $v) {
if ($v['Event']['id'] !== $id) unset($eventIds[$k]);
}
}
if (!empty($tagArray[0])) {
foreach ($eventIds as $k => $v) {
if (!in_array($v['Event']['id'], $tagArray[0])) unset($eventIds[$k]);
@ -1378,6 +1373,12 @@ class Attribute extends AppModel {
}
}
}
if ($id) {
foreach ($eventIds as $k => $v) {
if ($v['Event']['id'] !== $id) unset($eventIds[$k]);
}
}
if ($format == 'suricata') App::uses('NidsSuricataExport', 'Export');
else App::uses('NidsSnortExport', 'Export');
@ -1485,8 +1486,6 @@ class Attribute extends AppModel {
array('type' => $v),
),
'fields' => array('Attribute.value'), //array of field names
'order' => array('Attribute.value'), //string or array defining order
'group' => array('Attribute.value'), //fields to GROUP BY
)
);
if ($k == 'hostname') {

8
app/Model/Server.php
View File

@ -1125,12 +1125,12 @@ class Server extends AppModel {
// get rid of events that are the same timestamp as ours or older, we don't want to transfer the attributes for those
// The event's timestamp also matches the newest attribute timestamp by default
if ($this->Event->checkIfNewer($event)) {
if ($force_uuid) $eventIds[] = $event['uuid'];
else $eventIds[] = $event['id'];
}
if ($force_uuid) $eventIds[] = $event['uuid'];
else $eventIds[] = $event['id'];
}
}
return $eventIds;
}
return $eventIds;
}
if ($response->code == '403') {
return 403;

2
app/View/Servers/index.ctp
View File

@ -78,7 +78,7 @@ foreach ($servers as $server):
<?php
echo $this->Html->link('', array('action' => 'previewIndex', $server['Server']['id']), array('class' => 'icon-search', 'title' => 'Explore'));
if ($server['Server']['pull'])
echo $this->Html->link('', array('action' => 'pull', $server['Server']['id'], 'update'), array('class' => 'icon-refresh', 'title' => 'Pull updates only'));
echo $this->Html->link('', array('action' => 'pull', $server['Server']['id'], 'update'), array('class' => 'icon-refresh', 'title' => 'Pull updates to events that already exist locally'));
echo $this->Html->link('', array('action' => 'pull', $server['Server']['id'], 'full'), array('class' => 'icon-download', 'title' => 'Pull all'));
if ($server['Server']['push'])
echo $this->Html->link('', array('action' => 'push', $server['Server']['id'], 'full'), array('class' => 'icon-upload', 'title' => 'Push all'));