MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Added validation for sighting type and fixed responses for adding sightings

pull/2002/head
iglocska 2017-02-20 11:13:39 +01:00
parent 9fbf6a0569
commit 3c558c653d
2 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/SightingsController.php
View File

@ -31,8 +31,10 @@ class SightingsController extends AppController {
$type = '0';
$source = '';
if (isset($result['data']['values'])) $values = $result['data']['values'];
else $error = 'No valid values found could be extracted from the sightings document.';
} $error = $result['message'];
else $error = 'No valid values found that could be extracted from the sightings document.';
} else {
$error = $result['message'];
}
} else {
if (isset($this->request->data['request'])) $this->request->data = $this->request->data['request'];
if (isset($this->request->data['Sighting'])) $this->request->data = $this->request->data['Sighting'];
@ -48,9 +50,12 @@ class SightingsController extends AppController {
$type = isset($this->request->data['type']) ? $this->request->data['type'] : '0';
$source = isset($this->request->data['source']) ? trim($this->request->data['source']) : '';
}
if (!$error) $result = $this->Sighting->saveSightings($id, $values, $timestamp, $this->Auth->user(), $type, $source);
if ($result == 0) $error = 'No valid attributes found that would match the sighting criteria.';
if (!$error) {
$result = $this->Sighting->saveSightings($id, $values, $timestamp, $this->Auth->user(), $type, $source);
}
if (!is_numeric($result)) {
$error = $result;
}
if ($this->request->is('ajax')) {
if ($error) {
$error_message = 'Could not add the Sighting. Reason: ' . $error;

22
app/Model/Sighting.php
View File

@ -16,7 +16,11 @@ class Sighting extends AppModel {
'event_id' => 'numeric',
'attribute_id' => 'numeric',
'org_id' => 'numeric',
'date_sighting' => 'numeric'
'date_sighting' => 'numeric',
'type' => array(
'rule' => array('inList', array(0, 1, 2)),
'message' => 'Invalid type. Valid options are: 0 (Sighting), 1 (False-positive), 2 (Expiration).'
)
);
public $belongsTo = array(
@ -46,7 +50,7 @@ class Sighting extends AppModel {
return true;
}
public function attachToEvent($event, $user, $attribute_id = false) {
public function attachToEvent($event, $user, $attribute_id = false, $extraConditions = false) {
$ownEvent = false;
if ($user['Role']['perm_site_admin'] || $event['Event']['org_id'] == $user['org_id']) $ownEvent = true;
$conditions = array('Sighting.event_id' => $event['Event']['id']);
@ -56,6 +60,9 @@ class Sighting extends AppModel {
if (!$ownEvent && (!Configure::read('Plugin.Sightings_policy') || Configure::read('Plugin.Sightings_policy') == 0)) {
$conditions['Sighting.org_id'] = $user['org_id'];
}
if ($extraConditions !== false) {
$conditions['AND'] = $extraConditions;
}
$contain = array();
if (Configure::read('MISP.showorg')) {
$contain['Organisation'] = array('fields' => array('Organisation.id', 'Organisation.uuid', 'Organisation.name'));
@ -100,7 +107,7 @@ class Sighting extends AppModel {
if (!is_array($id) && strlen($id) == 36) $conditions = array('Attribute.uuid' => $id);
else $conditions = array('Attribute.id' => $id);
} else {
if (!$values) return 0;
if (!$values) return -1;
foreach ($values as $value) {
foreach (array('value1', 'value2') as $field) {
$conditions['OR'][] = array(
@ -110,7 +117,7 @@ class Sighting extends AppModel {
}
}
$attributes = $this->Attribute->fetchAttributes($user, array('conditions' => $conditions));
if (empty($attributes)) return 0;
if (empty($attributes)) return 'No valid attributes found that match the criteria.';
$sightingsAdded = 0;
foreach ($attributes as $attribute) {
if ($type === '2') {
@ -126,8 +133,15 @@ class Sighting extends AppModel {
'type' => $type,
'source' => $source
);
$result = $this->save($sighting);
if ($result === false) {
return json_encode($this->validationErrors);
}
$sightingsAdded += $this->save($sighting) ? 1 : 0;
}
if ($sightingsAdded == 0) {
return 'There was nothing to add.';
}
return $sightingsAdded;
}