mirror of https://github.com/MISP/MISP
Implemented correct from / to api parameter checks
- based on stevengoossensB's pull requestpull/516/head
parent
c9afc365a8
commit
35134a7f2e
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":63}
|
||||
{"major":2, "minor":3, "hotfix":64}
|
||||
|
|
|
@ -1495,11 +1495,6 @@ class AttributesController extends AppController {
|
|||
// ! - you can negate a search term. For example: google.com&&!mail would search for all attributes with value google.com but not ones that include mail. www.google.com would get returned, mail.google.com wouldn't.
|
||||
public function restSearch($key='download', $value=false, $type=false, $category=false, $org=false, $tags=false, $from=false, $to=false) {
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
if ($tags === 'null') $tags = null;
|
||||
if ($value === 'null') $value = null;
|
||||
if ($type === 'null') $type = null;
|
||||
if ($category === 'null') $category = null;
|
||||
if ($org === 'null') $org = null;
|
||||
if ($key!=null && $key!='download') {
|
||||
$user = $this->checkAuthUser($key);
|
||||
} else {
|
||||
|
@ -1530,6 +1525,13 @@ class AttributesController extends AppController {
|
|||
else ${$p} = null;
|
||||
}
|
||||
}
|
||||
$simpleFalse = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to');
|
||||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
|
||||
if ($from) $from = $this->Attribute->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Attribute->Event->dateFieldCheck($to);
|
||||
if (!isset($this->request->params['ext']) || $this->request->params['ext'] !== 'json') {
|
||||
$this->response->type('xml'); // set the content type
|
||||
$this->layout = 'xml/default';
|
||||
|
@ -1768,8 +1770,8 @@ class AttributesController extends AppController {
|
|||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
if ($type === 'null' || $type === '0' || $type === 'false') $type = 'all';
|
||||
if ($from && !preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/', $from)) $from = false;
|
||||
if ($to && !preg_match('/^[0-9]{4}-[l0-9]{2}-[0-9]{2}$/', $from)) $from = false;
|
||||
if ($from) $from = $this->Attribute->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Attribute->Event->dateFieldCheck($to);
|
||||
if ($key != 'download') {
|
||||
// check if the key is valid -> search for users based on key
|
||||
$user = $this->checkAuthUser($key);
|
||||
|
|
|
@ -1725,6 +1725,8 @@ class EventsController extends AppController {
|
|||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
|
||||
$eventIdArray = array();
|
||||
|
@ -1802,6 +1804,9 @@ class EventsController extends AppController {
|
|||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
// backwards compatibility, swap key and format
|
||||
if ($format != 'snort' && $format != 'suricata') {
|
||||
|
@ -1837,6 +1842,9 @@ class EventsController extends AppController {
|
|||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
$this->response->type('txt'); // set the content type
|
||||
$this->header('Content-Disposition: download; filename="misp.' . $type . '.rules"');
|
||||
|
@ -1869,6 +1877,9 @@ class EventsController extends AppController {
|
|||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
$list = array();
|
||||
if ($key != 'download') {
|
||||
|
@ -2399,6 +2410,9 @@ class EventsController extends AppController {
|
|||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
if ($searchall === 'true') $searchall = "1";
|
||||
|
||||
|
@ -2974,6 +2988,8 @@ class EventsController extends AppController {
|
|||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
|
||||
// set null if a null string is passed
|
||||
$numeric = false;
|
||||
|
|
|
@ -1916,4 +1916,12 @@ class Event extends AppModel {
|
|||
}
|
||||
return $fn;
|
||||
}
|
||||
|
||||
// expects a date string in the DD-MM-YYYY format
|
||||
// returns the passed string or false if the format is invalid
|
||||
// based on the fix provided by stevengoosensB
|
||||
public function dateFieldCheck($date) {
|
||||
// regex check for from / to field by stevengoossensB
|
||||
return (preg_match('/^[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|1[0-9]|2[0-9]|3[01])$/', $date)) ? $date : false;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue