From 56adab6122eede769e912bcfd27f8db7de19b55e Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 19 Nov 2015 16:50:14 +0100 Subject: [PATCH 1/2] Bugfix pack, fixes #724, fixes #721 - Fixed an issue with the new UUID generation method call in OpenIOC - Fixed an invalid validation check on the salt key - Added a note on the server page to make it more obvious that values can be changed by double clicking them --- app/Controller/Component/IOCImportComponent.php | 11 +++++++---- app/Controller/EventsController.php | 6 +++--- app/Model/Server.php | 2 +- app/View/Servers/server_settings.ctp | 1 + 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/app/Controller/Component/IOCImportComponent.php b/app/Controller/Component/IOCImportComponent.php index a07d66000..b74a8f075 100644 --- a/app/Controller/Component/IOCImportComponent.php +++ b/app/Controller/Component/IOCImportComponent.php @@ -148,8 +148,9 @@ class IOCImportComponent extends Component { // Add a special attribute that captures the basic data about the .ioc such as the ioc-s uuid, info, long info, author, etc. // Define the fields used in the global iocinfo variable. + $this->Attribute = ClassRegistry::init('Attribute'); foreach ($this->iocinfo as $k => $v) { - if (isset($event[$v])) $event['Attribute'][] = array('uuid' => $this->{$Model->alias}->generateUuid(), 'category' => 'Other', 'type' => 'comment', 'event_id' => $id, 'value' => $v . ': ' . $event[$v], 'to_ids' => $this->typeToIdsSettings['comment'], 'distribution' => $this->distribution, 'comment' => 'OpenIOC import from file ' . $filename); + if (isset($event[$v])) $event['Attribute'][] = array('uuid' => $this->Attribute->generateUuid(), 'category' => 'Other', 'type' => 'comment', 'event_id' => $id, 'value' => $v . ': ' . $event[$v], 'to_ids' => $this->typeToIdsSettings['comment'], 'distribution' => $this->distribution, 'comment' => 'OpenIOC import from file ' . $filename); } // attach the graph to the event @@ -202,7 +203,7 @@ class IOCImportComponent extends Component { $attribute['type'] = 'other'; $attribute['value'] = 'containsnot: ' . $attribute['value']; } - $attribute['to_ids'] = $this->typeToIdsSettings[$attribute['type']]; + if (isset($this->typeToIdsSettings[$attribute['type']])) $attribute['to_ids'] = $this->typeToIdsSettings[$attribute['type']]; // If we couldn't figure out the category / type and got Other/other, append the search term in the value if ($temp[0] == 'Other' && $temp[1] == 'other') { $attribute['value'] = $attribute['search'] . ': ' . $attribute['value']; @@ -519,6 +520,7 @@ class IOCImportComponent extends Component { $att1 = $this->__analyseIndicator($array[0], $id); $att2 = $this->__analyseIndicator($array[1], $id); $attempt = $this->__convertToCompositeAttribute($att1, $att2, $id); + $attempt['to_ids'] = $this->typeToIdsSettings[$attempt['type']]; if ($attempt) { $this->saved_uuids[] = $id; return $attempt; @@ -542,6 +544,7 @@ class IOCImportComponent extends Component { // Attempt to convert the two attributes retrieved from an AND indicator into a single attribute, if they are eligible to be converted. If not, add it to the array of failures. private function __convertToCompositeAttribute($att1, $att2, $uuid) { + $this->Attribute = ClassRegistry::init('Attribute'); // check if the current attribute is one of the known pairs saved in the array $attributePairs foreach ($this->attributePairs as $pair) { // if attribute 1's type = the first type of the pair and attribute 2's type is the type of the second attribute of the pair, return a new joint attribute with the new type-name (usually type1|type2) and its predefined category @@ -561,7 +564,7 @@ class IOCImportComponent extends Component { default: $value = $att1['value'] . '|' . $att2['value']; } - return array('type' => $pair[2], 'value' => $value, 'uuid' => $this->{$Model->alias}->generateUuid(), 'category' => $pair[3], 'to_ids' => $this->typeToIdsSettings[$pair[2]], 'distribution' => $this->distribution); + return array('type' => $pair[2], 'value' => $value, 'uuid' => $this->Attribute->generateUuid(), 'category' => $pair[3], 'to_ids' => $this->typeToIdsSettings[$pair[2]], 'distribution' => $this->distribution); } // Try the same thing above with the attributes reversed if ($att2['type'] == $pair[0] && $att1['type'] == $pair[1]) { @@ -579,7 +582,7 @@ class IOCImportComponent extends Component { default: $value = $att2['value'] . '|' . $att1['value']; } - return array('type' => $pair[2], 'value' => $value, 'uuid' => $this->{$Model->alias}->generateUuid(), 'category' => $pair[3], 'to_ids' => $this->typeToIdsSettings[$pair[2]], 'distribution' => $this->distribution); + return array('type' => $pair[2], 'value' => $value, 'uuid' => $this->Attribute->generateUuid(), 'category' => $pair[3], 'to_ids' => $this->typeToIdsSettings[$pair[2]], 'distribution' => $this->distribution); } } // If no match found, return false, it's not a valid composite attribute for MISP diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 03116b760..1bc45eeeb 100755 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -2130,7 +2130,7 @@ class EventsController extends AppController { // add the original openIOC file as an attachment $saveEvent['Attribute'][] = array( 'category' => 'External analysis', - 'uuid' => $this->{$Model->alias}->generateUuid(), + 'uuid' => $this->Event->generateUuid(), 'type' => 'attachment', 'value' => $this->data['Event']['submittedioc']['name'], 'to_ids' => false, @@ -2703,7 +2703,7 @@ class EventsController extends AppController { 'org' => $this->Auth->user('org'), 'orgc' => $this->Auth->user('org'), 'timestamp' => $ts, - 'uuid' => $this->{$Model->alias}->generateUuid(), + 'uuid' => $this->Event->generateUuid(), 'user_id' => $this->Auth->user('id'), )); $default['Event']['info'] = 'A junk event for load testing'; @@ -2724,7 +2724,7 @@ class EventsController extends AppController { 'value1' => $value, 'value2' => '', 'comment' => '', - 'uuid' => $this->{$Model->alias}->generateUuid(), + 'uuid' => $this->Event->generateUuid(), 'timestamp' => $ts, ); } diff --git a/app/Model/Server.php b/app/Model/Server.php index 8438a8fb1..a56a57fee 100755 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -1247,7 +1247,7 @@ class Server extends AppModel { public function testSalt($value) { if ($this->testForEmpty($value) !== true) return $this->testForEmpty($value); - if (strlen($value) != 32) return 'The salt has to be a 32 byte long string.'; + if (strlen($value) < 32) return 'The salt has to be an at least 32 byte long string.'; if ($value == "Rooraenietu8Eeyoelement('healthElements/overview'); } ?> +
To edit a setting, simply double click it.
element('side_menu', array('menuList' => 'admin', 'menuItem' => 'serverSettings')); From 2daaee53333d930a635734821e7be1ea9f3eba4f Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 19 Nov 2015 16:52:25 +0100 Subject: [PATCH 2/2] Version bump --- VERSION.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.json b/VERSION.json index 153574102..bdec44cd1 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":3, "hotfix":162} +{"major":2, "minor":3, "hotfix":163}