MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Fixed potential double hashing of samples with the encrypt flag

pull/2517/head
iglocska 2017-09-27 15:47:29 +02:00
parent 36f6c9685d
commit 343e5b881f
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Controller/ObjectsController.php
View File

@ -118,15 +118,12 @@ class ObjectsController extends AppController {
if (isset($this->request->data['Object']['data'])) {
$this->request->data = json_decode($this->request->data['Object']['data'], true);
}
if (!isset($this->request->data['Attribute'])) {
$this->request->data = array('Attribute' => $this->request->data);
}
if (!isset($this->request->data['Object'])) {
$attributeTemp = $this->request->data['Attribute'];
unset($this->request->data['Attribute']);
$this->request->data = array('Object' => $this->request->data);
$this->request->data['Attribute'] = $attributeTemp;
unset($attributeTemp);
}
if (!isset($this->request->data['Attribute']) && isset($this->request->data['Object']['Attribute'])) {
$this->request->data['Attribute'] = $this->request->data['Object']['Attribute'];
unset($this->request->data['Object']['Attribute']);
}
$object = $this->MispObject->attributeCleanup($this->request->data);
// we pre-validate the attributes before we create an object at this point

4
app/Model/Attribute.php
View File

@ -2482,6 +2482,10 @@ class Attribute extends AppModel {
public function saveAttributes($attributes) {
foreach ($attributes as $k => $attribute) {
if (!empty($attribute['encrypt']) && $attribute['encrypt']) {
if (strpos($attribute['value'], '|') !== false) {
$temp = explode('|', $attribute['value']);
$attribute['value'] = $temp[0];
}
$result = $this->handleMaliciousBase64($attribute['event_id'], $attribute['value'], $attribute['data'], array('md5'));
$attribute['data'] = $result['data'];
$attribute['value'] = $attribute['value'] . '|' . $result['md5'];