MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Change to new distribution 

- first stage
pull/217/head
iglocska 2013-06-10 17:33:03 +02:00
parent 7871336164
commit 3c23ac3a86
6 changed files with 94 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/AppController.php
View File

@ -117,6 +117,7 @@ class AppController extends Controller {
$this->set('isAclAdmin', $role['perm_admin']);
$this->set('isAclAudit', $role['perm_audit']);
$this->set('isAclAuth', $role['perm_auth']);
$this->userRole = $role;
} else {
$this->set('me', false);
$this->set('isAdmin', false);
@ -132,6 +133,8 @@ class AppController extends Controller {
}
}
public $userRole = null;
//public function blackhole($type) {
// // handle errors.
// throw new Exception(__d('cake_dev', 'The request has been black-holed'));

20
app/Controller/AttributesController.php
View File

@ -51,18 +51,12 @@ class AttributesController extends AppController {
array(
'Event.org =' => $this->Auth->user('org'),
'AND' => array(
array('OR' => array(
array('Attribute.private !=' => 1),
array('Attribute.cluster =' => 1),
)),
array('OR' => array(
array('Event.private !=' => 1),
array('Event.cluster =' => 1),
)),
'Attribute.distribution' > 0,
'Event.distribution' > 0,
)))));
}
/* We want to show this outside now as discussed with Christophe. Still not pushable, but anything should be pullable that's visible
// do not show cluster outside server
if ($this->_isRest()) {
$this->paginate = Set::merge($this->paginate,array(
@ -71,6 +65,7 @@ class AttributesController extends AppController {
//array("AND" => array(array('Event.private !=' => 2))),
));
}
*/
}
/**
@ -90,7 +85,6 @@ class AttributesController extends AppController {
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
}
/**
* add method
*
@ -750,7 +744,7 @@ class AttributesController extends AppController {
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)))),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.distribution !=' => 0), array('Attribute.distribution !=' => 0)))),
)
);
}
@ -828,9 +822,7 @@ class AttributesController extends AppController {
// restricting to non-private or same org if the user is not a site-admin.
if (!$this->_isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('Attribute.distribution >' => 0));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $this->_checkOrg()));
$put2['OR'][] = $temp;

68
app/Controller/EventsController.php
View File

@ -72,10 +72,8 @@ class EventsController extends AppController {
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array('Event.private !=' => 1),
array('Event.cluster =' => 1))),
)
);
array('Event.distribution >' => 0),
))));
}
}
@ -171,7 +169,7 @@ class EventsController extends AppController {
$myEvent = true;
if (!$isSiteAdmin) {
// check private
if (($this->Event->data['Event']['private'] && !$this->Event->data['Event']['cluster']) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
if (($this->Event->data['Event']['distribution'] > 0) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
$this->Session->setFlash(__('Invalid event.'));
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
@ -184,7 +182,7 @@ class EventsController extends AppController {
// run through each attribute and unset it if it's private and we're not an admin or from the owner org of the event
// if we didn't unset the attribute, rearrange the shadow attributes
foreach ($this->Event->data['Attribute'] as $key => &$attribute) {
if (!$isSiteAdmin && !$myEvent && ($attribute['private'] == 1 && $attribute['cluster'] == 0)) {
if (!$isSiteAdmin && !$myEvent && ($attribute['distribution'] === 'Your organisation only')) {
unset($this->Event->data['Attribute'][$key]);
} else {
if (!isset($attribute['ShadowAttribute'])) $attribute['ShadowAttribute'] = array();
@ -209,9 +207,6 @@ class EventsController extends AppController {
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user());
$relatedAttributes = $this->Event->getRelatedAttributes($this->Auth->user());
$this->loadModel('Attribute');
$this->loadModel('Attribute');
if ($this->_isRest()) {
foreach ($this->Event->data['Attribute'] as &$attribute) {
// for REST requests also add the encoded attachment
@ -266,7 +261,9 @@ class EventsController extends AppController {
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
// combobox for analysis
$this->set('distributionDescriptions', $this->Event->distributionDescriptions);
$this->set('distributionLevels', $this->Event->distributionLevels);
// combobox for analysis
$analysiss = $this->Event->validate['analysis']['rule'][1];
@ -337,6 +334,7 @@ class EventsController extends AppController {
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Event->distributionDescriptions);
$this->set('distributionLevels', $this->Event->distributionLevels);
// combobox for risks
$risks = $this->Event->validate['risk']['rule'][1];
@ -386,6 +384,7 @@ class EventsController extends AppController {
$this->set('distributions', $distributions);
// tooltip for distribution
$this->set('distributionDescriptions', $this->Event->distributionDescriptions);
$this->set('distributionLevels', $this->Event->distributionLevels);
// combobox for risks
$risks = $this->Event->validate['risk']['rule'][1];
@ -421,9 +420,9 @@ class EventsController extends AppController {
$data['Event']['user_id'] = $auth->user('id');
$date = new DateTime();
if ($this->checkAction('perm_sync')) $data['Event']['org'] = Configure::read('CyDefSIG.org');
else $data['Event']['org'] = $auth->user('org');
//if ($this->checkAction('perm_sync')) $data['Event']['org'] = Configure::read('CyDefSIG.org');
//else $data['Event']['org'] = $auth->user('org');
$data['Event']['org'] = $auth->user('org');
// set these fields if the event is freshly created and not pushed from another instance.
// Moved out of if (!$fromXML), since we might get a restful event without the orgc/timestamp set
if (!isset ($data['Event']['orgc'])) $data['Event']['orgc'] = $data['Event']['org'];
@ -459,10 +458,9 @@ class EventsController extends AppController {
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
);
$fieldList = array(
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'timestamp'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'timestamp')
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'timestamp', 'distribution'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'timestamp', 'distribution')
);
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
// FIXME chri: check if output of $saveResult is what we expect when data not valid, see issue #104
if ($saveResult) {
@ -530,8 +528,8 @@ class EventsController extends AppController {
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'from', 'private', 'communitie', 'cluster', 'timestamp'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie', 'cluster', 'timestamp')
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'from', 'distribution', 'timestamp'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'distribution', 'timestamp')
);
$c = 0;
@ -587,7 +585,7 @@ class EventsController extends AppController {
}
}
// say what fields are to be updated
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie', 'timestamp');
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'distribution', 'timestamp');
$this->Event->read();
// always force the org, but do not force it for admins
@ -890,7 +888,7 @@ class EventsController extends AppController {
$body .= $bodyTempOther; // append the 'other' attribute types to the bottom.
// find out whether the event is private, to limit the alerted user's list to the org only
if ($event['Event']['private'] && !$event['Event']['cluster']) {
if ($event['Event']['distribution'] == 0) {
$eventIsPrivate = true;
} else {
$eventIsPrivate = false;
@ -1234,14 +1232,12 @@ class EventsController extends AppController {
$temp2 = array();
$org = $this->_checkOrg();
$distribution = array();
array_push($distribution, array('Event.private =' => 0));
array_push($distribution, array('Event.cluster =' => 1));
array_push($distribution, array('Event.distribution >' => 0));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Event.org LIKE' => $org));
$conditions['OR'] = $temp;
$distribution2 = array();
array_push($distribution2, array('Attribute.private =' => 0));
array_push($distribution2, array('Attribute.cluster =' => 1));
array_push($distribution2, array('Attribute.distribution >' => 0));
array_push($temp2, array('OR' => $distribution2));
array_push($temp2, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org));
$conditionsAttributes['OR'] = $temp2;
@ -1299,9 +1295,7 @@ class EventsController extends AppController {
if (!$this->_isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Attribute.distribution >' => 0));
array_push($temp, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
@ -1350,9 +1344,7 @@ class EventsController extends AppController {
if (!$this->_isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Attribute.distribution >' => 0));
array_push($temp, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
@ -1395,9 +1387,7 @@ class EventsController extends AppController {
if (!$this->_isSiteAdmin()) {
$temp = array();
$distribution = array();
array_push($distribution, array('Attribute.private =' => 0));
array_push($distribution, array('Attribute.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Attribute.distribution >' => 0));
array_push($temp, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $this->_checkOrg()));
$conditions['OR'] = $temp;
}
@ -1539,7 +1529,7 @@ class EventsController extends AppController {
$this->Event->read(null, $id);
$saveEvent['Event'] = $this->Event->data['Event'];
$saveEvent['Event']['published'] = false;
$dist = array($this->Event->data['Event']['private'], $this->Event->data['Event']['cluster'], $this->Event->data['Event']['communitie']);
$dist = $this->Event->data['Event']['distribution'];
// read XML
$event = $this->IOCImport->readXML($fileData, $id, $dist);
@ -1557,7 +1547,7 @@ class EventsController extends AppController {
$fieldList = array(
'Event' => array('published', 'timestamp'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'private', 'cluster', 'communitie', 'timestamp')
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'distribution', 'timestamp')
);
// Save it all
$saveResult = $this->Event->saveAssociated($saveEvent, array('validate' => true, 'fieldList' => $fieldList));
@ -1747,17 +1737,11 @@ class EventsController extends AppController {
$temp = array();
$temp2 = array();
$org = $this->_checkOrg();
$distribution = array();
array_push($distribution, array('Event.private =' => 0));
array_push($distribution, array('Event.cluster =' => 1));
array_push($temp, array('OR' => $distribution));
array_push($temp, array('Event.private >' => 0));
array_push($temp, array('Event.org LIKE' => $org));
$put2['OR'] = $temp;
$conditions['AND'][] = $put2;
$distribution2 = array();
array_push($distribution2, array('Attribute.private =' => 0));
array_push($distribution2, array('Attribute.cluster =' => 1));
array_push($temp2, array('OR' => $distribution2));
array_push($temp2, array('Attribute.private >' => 0));
array_push($temp2, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org));
$conditionsAttributes['OR'] = $temp2;
$conditionsAttributes['AND'] = array('Attribute.to_ids =' => 1);

106
app/Model/Attribute.php
View File

@ -62,13 +62,13 @@ class Attribute extends AppModel {
*/
public $fieldDescriptions = array(
'signature' => array('desc' => 'Is this attribute eligible to automatically create an IDS signature (network IDS or host IDS) out of it ?'),
'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of <em>this single Attribute</em> to other CyDefSIG servers.<br/>Used only when the Event is NOT set as Private')
'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of <em>this single Attribute</em> to other CyDefSIG servers.<br/>Used only when the Event is NOT set as Private'),
'distribution' => array('desc' => 'Describes who will have access to the event.')
);
public $distributionDescriptions = array(
'Your organization only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This setting will only allow members of your organisation on this server to see it."),
'This server-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This setting will only allow members of any organisation on this server to see it."),
'This Community-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of this community."), // former Community
'Your organisation only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This setting will only allow members of your organisation on this server to see it."),
'This community only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of this community."), // former Community
'Connected communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it."),
'All communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next."),
);
@ -279,61 +279,20 @@ class Attribute extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'private' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'distribution' => array(
'rule' => array('inList', array('Your organisation only', 'This community only', 'Connected communities', 'All communities')),
'message' => 'Options : Your organisation only, This community only, Connected communities, All communities',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
);
public function __construct($id = false, $table = null, $ds = null) {
parent::__construct($id, $table, $ds);
$this->virtualFields = Set::merge($this->virtualFields,array(
//'distribution' => 'IF (Attribute.private=true, "Your organization only", IF (Attribute.cluster=true, "This Community-only", "All communities"))',
'distribution' => 'IF (Attribute.private=true AND Attribute.cluster=false, "Your organization only", IF (Attribute.private=true AND Attribute.cluster=true, "This server-only", IF (Attribute.private=false AND Attribute.cluster=true, "This Community-only", IF (Attribute.communitie=true, "Connected communities" , "All communities"))))',
));
$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
'distribution' => array('desc' => 'This fields indicates the intended distribution of the attribute (same as when adding an event, see Add Event)'),
));
$this->validate = Set::merge($this->validate,array(
'cluster' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'communitie' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'distribution' => array(
'rule' => array('inList', array("Your organization only", "This server-only", "This Community-only", "Connected communities", "All communities")),
//'message' => 'Your custom message here',
'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
));
}
}
//The Associations below have been created with all possible keys, those that are not needed can be removed
@ -360,12 +319,6 @@ class Attribute extends AppModel {
* @return bool always true
*/
public function beforeSave($options = array()) {
// increment the revision number
if (empty($this->data['Attribute']['revision'])) {
$this->data['Attribute']['revision'] = 0;
}
$this->data['Attribute']['revision'] = 1 + $this->data['Attribute']['revision'];
// explode value of composite type in value1 and value2
// or copy value to value1 if not composite type
if (!empty($this->data['Attribute']['type'])) {
@ -427,37 +380,6 @@ class Attribute extends AppModel {
public function beforeValidate($options = array()) {
parent::beforeValidate();
// distribution - setting correct vars
if(isset($this->data['Attribute']['distribution'])) {
switch ($this->data['Attribute']['distribution']) {
case 'Your organization only':
$this->data['Attribute']['private'] = true;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = false;
break;
case 'This server-only':
$this->data['Attribute']['private'] = true;
$this->data['Attribute']['cluster'] = true;
$this->data['Attribute']['communitie'] = false;
break;
case 'This Community-only':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = true;
$this->data['Attribute']['communitie'] = false;
break;
case 'Connected communities':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = true;
break;
case 'All communities':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = false;
break;
}
}
// remove leading and trailing blanks
$this->data['Attribute']['value'] = trim($this->data['Attribute']['value']);
@ -822,8 +744,6 @@ class Attribute extends AppModel {
}
public function saveBase64EncodedAttachment($attribute) {
print_r("###### saveBase64EncodedAttachment ######");
print_r($attribute);
$rootDir = APP . DS . "files" . DS . $attribute['event_id'];
$dir = new Folder($rootDir, true); // create directory structure
$destpath = $rootDir . DS . $attribute['id'];
@ -956,7 +876,7 @@ print_r($attribute);
// or attributes from the same event
continue;
}
$is_private = $attribute_right['Event']['private'] || $attribute_right['Attribute']['private'];
$is_private = ($attribute_right['Event']['distribution'] == 0) || ($attribute_right['Attribute']['distribution'] == 0);
$correlations[] = array(
'value' => $a[$value_name],
'1_event_id' => $attribute['Attribute']['event_id'],

124
app/Model/Event.php
View File

@ -41,7 +41,8 @@ class Event extends AppModel {
'classification' => array('desc' => 'Set the Traffic Light Protocol classification. <ol><li><em>TLP:AMBER</em>- Share only within the organization on a need-to-know basis</li><li><em>TLP:GREEN:NeedToKnow</em>- Share within your constituency on the need-to-know basis.</li><li><em>TLP:GREEN</em>- Share within your constituency.</li></ol>'),
'submittedgfi' => array('desc' => 'GFI sandbox: export upload', 'formdesc' => 'GFI sandbox:<br/>export upload'),
'submittedioc' => array('desc' => '', 'formdesc' => ''),
'analysis' => array('desc' => 'Analysis Levels: *Initial* means the event has just been created, *Ongoing* means that the event is being populated, *Complete* means that the event\'s creation is complete', 'formdesc' => 'Analysis levels:<br />Initial: event has been started<br />Ongoing: event population is in progress<br />Complete: event creation has finished')
'analysis' => array('desc' => 'Analysis Levels: *Initial* means the event has just been created, *Ongoing* means that the event is being populated, *Complete* means that the event\'s creation is complete', 'formdesc' => 'Analysis levels:<br />Initial: event has been started<br />Ongoing: event population is in progress<br />Complete: event creation has finished'),
'distribution' => array('desc' => 'Describes who will have access to the event.')
);
public $riskDescriptions = array(
@ -58,17 +59,20 @@ class Event extends AppModel {
);
public $distributionDescriptions = array(
'Your organization only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This setting will only allow members of your organisation on this server to see it."),
'This server-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This setting will only allow members of any organisation on this server to see it."),
'This Community-only' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of this community."), // former Community
'Connected communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it."),
'All communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next."),
0 => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This setting will only allow members of your organisation on this server to see it."),
1 => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of this community."), // former Community
2 => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it."),
3 => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next."),
);
public $analysisLevels = array(
0 => 'Initial', 1 => 'Ongoing', 2 => 'Completed'
);
public $distributionLevels = array(
0 => 'Your organisation only', 1 => 'This community only', 2 => 'Connected communities', 3 => 'All communities'
);
/**
* Validation rules
*
@ -113,6 +117,14 @@ class Event extends AppModel {
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'distribution' => array(
'rule' => array('inList', array('Your organisation only', 'This community only', 'Connected communities', 'All communities')),
'message' => 'Options : Your organisation only, This community only, Connected communities, All communities',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'analysis' => array(
'rule' => array('inList', array('0', '1', '2')),
'message' => 'Options : 0, 1, 2',
@ -171,16 +183,6 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'private' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
//'classification' => array(
// 'rule' => array('inList', array('TLP:AMBER', 'TLP:GREEN:NeedToKnow', 'TLP:GREEN')),
// //'message' => 'Your custom message here',
@ -193,13 +195,9 @@ class Event extends AppModel {
public function __construct($id = false, $table = null, $ds = null) {
parent::__construct($id, $table, $ds);
$this->virtualFields = Set::merge($this->virtualFields, array(
'distribution' => 'IF (Event.private=true AND Event.cluster=false, "Your organization only", IF (Event.private=true AND Event.cluster=true, "This server-only", IF (Event.private=false AND Event.cluster=true, "This Community-only", IF (Event.communitie=true, "Connected communities" , "All communities"))))',
));
$this->fieldDescriptions = Set::merge($this->fieldDescriptions, array(
'distribution' => array('desc' => 'This field determines the current distribution of the event', 'formdesc' => 'This field determines the current distribution of the event:<br/>Org - only organization memebers will see the event<br/>Community - event visible to all on this CyDefSIG instance but will not be shared past it</br>All - to be distributed to other connected CyDefSIG servers'),
));
//$this->virtualFields = Set::merge($this->virtualFields, array(
// 'distribution' => 'IF (Event.private=true AND Event.cluster=false, "Your organization only", IF (Event.private=true AND Event.cluster=true, "This server-only", IF (Event.private=false AND Event.cluster=true, "This Community-only", IF (Event.communitie=true, "Connected communities" , "All communities"))))',
// ));
$this->validate = Set::merge($this->validate,array(
'cluster' => array(
@ -323,37 +321,6 @@ class Event extends AppModel {
public function beforeValidate($options = array()) {
parent::beforeValidate();
// distribution - setting correct vars
if (isset($this->data['Event']['distribution'])) {
switch ($this->data['Event']['distribution']) {
case 'Your organization only':
$this->data['Event']['private'] = true;
$this->data['Event']['cluster'] = false;
$this->data['Event']['communitie'] = false;
break;
case 'This server-only':
$this->data['Event']['private'] = true;
$this->data['Event']['cluster'] = true;
$this->data['Event']['communitie'] = false;
break;
case 'This Community-only':
$this->data['Event']['private'] = false;
$this->data['Event']['cluster'] = true;
$this->data['Event']['communitie'] = false;
break;
case 'Connected communities':
$this->data['Event']['private'] = false;
$this->data['Event']['cluster'] = false;
$this->data['Event']['communitie'] = true;
break;
case 'All communities':
$this->data['Event']['private'] = false;
$this->data['Event']['cluster'] = false;
$this->data['Event']['communitie'] = false;
break;
}
}
// analysis - setting correct vars
// TODO refactor analysis into an Enum (in the database)
if (isset($this->data['Event']['analysis'])) {
@ -370,6 +337,23 @@ class Event extends AppModel {
}
}
if (isset($this->data['Event']['distribution'])) {
switch($this->data['Event']['distribution']){
case 'Your organisation only':
$this->data['Event']['analysis'] = 0;
break;
case 'This community only':
$this->data['Event']['analysis'] = 1;
break;
case 'Connected communities':
$this->data['Event']['analysis'] = 2;
break;
case 'All communities':
$this->data['Event']['analysis'] = 3;
break;
}
}
// generate UUID if it doesn't exist
if (empty($this->data['Event']['uuid'])) {
$this->data['Event']['uuid'] = String::uuid();
@ -535,7 +519,7 @@ class Event extends AppModel {
* @return bool true if success, false or error message if failed
*/
public function restfullEventToServer($event, $server, $urlPath, &$newLocation, &$newTextBody, $HttpSocket = null) {
if (true == $event['Event']['private']) { // never upload private events
if ($event['Event']['distribution'] < 2) { // never upload private events
return "Event is private and non exportable";
}
@ -565,21 +549,13 @@ class Event extends AppModel {
// remove value1 and value2 from the output
foreach ($event['Event']['Attribute'] as $key => &$attribute) {
// do not keep attributes that are private, nor cluster
if (($attribute['private'] && !$attribute['cluster'] && !$attribute['communitie']) || ($attribute['private'] && $attribute['cluster'] && !$attribute['communitie'])) {
if ($attribute['distribution'] < 2) {
unset($event['Event']['Attribute'][$key]);
continue; // stop processing this
}
// Distribution, correct Community to Org only in Attribute
if ($attribute['cluster'] && !$attribute['private']) {
$attribute['private'] = true;
$attribute['cluster'] = false;
//$attribute['communitie'] = false;
$attribute['distribution'] = 'Your organization only';
}
// Distribution, correct All to Community in Attribute
if (!$attribute['cluster'] && !$attribute['private'] && $attribute['communitie']) {
$attribute['cluster'] = true;
$attribute['distribution'] = 'This Community-only';
// Distribution, correct Connected Community to Community in Attribute
if (!$attribute['distribution'] == 2) {
$attribute['distribution'] = 1;
}
// remove value1 and value2 from the output
unset($attribute['value1']);
@ -595,19 +571,9 @@ class Event extends AppModel {
// solves the issue and a new attribute is always created.
unset($attribute['id']);
}
// Distribution, correct Community to Org only in Event
if ($event['Event']['cluster'] && !$event['Event']['private']) {
$event['Event']['private'] = true;
$event['Event']['cluster'] = false;
//$event['Event']['communitie'] = false;
$event['Event']['distribution'] = 'Your organization only';
}
// Distribution, correct All to Community in Event
// Potential problem here -> setting cluster gives 0-1-1 (pr/cl/co) settings that don't exist. Adding switch from comm true to false
if (!$event['Event']['cluster'] && !$event['Event']['private'] && $event['Event']['communitie']) {
$event['Event']['cluster'] = true;
$event['Event']['communitie'] = false;
$event['Event']['distribution'] = 'This Community-only';
if ($event['Event']['distribution'] == 2) {
$event['Event']['distribution'] = 1;
}
// display the XML to the user

2
app/View/Events/view.ctp
View File

@ -96,7 +96,7 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']);
</dd>
<dt>Distribution</dt>
<dd>
<?php echo h($event['Event']['distribution'] . ', ' . strtolower(substr(($distributionDescriptions[$event['Event']['distribution']]['formdesc']), 0, 1)) . substr($distributionDescriptions[$event['Event']['distribution']]['formdesc'], 1) . '.'); ?>
<?php echo h($distributionLevels[$event['Event']['distribution']] . ', ' . strtolower(substr(($distributionDescriptions[$event['Event']['distribution']]['formdesc']), 0, 1)) . substr($distributionDescriptions[$event['Event']['distribution']]['formdesc'], 1) . '.'); ?>
&nbsp;
</dd>
<dt>Info</dt>