MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [freetext] Various code fixes and optimisations

pull/6113/head
Jakub Onderka 2020-07-13 20:18:47 +02:00
parent 9f8a198eaa
commit 3df94f868f
3 changed files with 61 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/EventsController.php
View File

@ -3677,14 +3677,6 @@ class EventsController extends AppController
$resultArray[$key]['types'] = $temp;
}
// remove all duplicates
foreach ($resultArray as $k => $v) {
for ($i = 0; $i < $k; $i++) {
if (isset($resultArray[$i]) && $v == $resultArray[$i]) {
unset($resultArray[$k]);
}
}
}
if ($this->_isRest()) {
if ($returnMetaAttributes || !empty($this->request->data['Attribute']['returnMetaAttributes'])) {
return $this->RestResponse->viewData($resultArray, $this->response->type());

49
app/Lib/Tools/ComplexTypeTool.php
View File

@ -221,9 +221,13 @@ class ComplexTypeTool
if ($typeArray === false) {
continue;
}
$resultArray[] = $typeArray;
// Remove duplicates
if (isset($resultArray[$typeArray['value']])) {
continue;
}
$resultArray[$typeArray['value']] = $typeArray;
}
return $resultArray;
return array_values($resultArray);
}
private $__hexHashTypes = array(
@ -305,7 +309,7 @@ class ComplexTypeTool
$hash = $this->__resolveHash($input['raw']);
if ($hash) {
$types = $hash['single'];
if (!empty($this->__checkForBTC($input))) {
if ($this->__checkForBTC($input)) {
$types[] = 'btc';
}
return array('types' => $types, 'to_ids' => true, 'default_type' => $hash['single'][0], 'value' => $input['raw']);
@ -321,12 +325,11 @@ class ComplexTypeTool
{
// note down and remove the port if it's a url / domain name / hostname / ip
// input2 from here on is the variable containing the original input with the port removed. It is only used by url / domain name / hostname / ip
if (preg_match('/(:[0-9]{2,5})$/', $input['refanged'], $input['port'])) {
$input['comment'] = 'On port ' . substr($input['port'][0], 1);
$input['refanged_no_port'] = str_replace($input['port'][0], '', $input['refanged']);
$input['port'] = substr($input['port'][0], 1);
if (preg_match('/(:[0-9]{2,5})$/', $input['refanged'], $port)) {
$input['comment'] = 'On port ' . substr($port[0], 1);
$input['refanged_no_port'] = str_replace($port[0], '', $input['refanged']);
$input['port'] = substr($port[0], 1);
} else {
unset($input['port']);
$input['comment'] = false;
$input['refanged_no_port'] = $input['refanged'];
}
@ -385,7 +388,11 @@ class ComplexTypeTool
];
}
// IPv6 with port in `[1fff:0:a88:85a3::ac1f]:8001` format
if (isset($input['port']) && $input['refanged_no_port'][0] === '[' && filter_var(substr($input['refanged_no_port'], 1, -1), FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
if (isset($input['port']) &&
!empty($input['refanged_no_port']) &&
$input['refanged_no_port'][0] === '[' &&
filter_var(substr($input['refanged_no_port'], 1, -1), FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
) {
$value = substr($input['refanged_no_port'], 1, -1); // remove brackets
return [
'types' => ['ip-dst|port', 'ip-src|port', 'ip-src|port/ip-dst|port'],
@ -398,10 +405,8 @@ class ComplexTypeTool
// it could still be a CIDR block
if (strpos($input['refanged_no_port'], '/')) {
$temp = explode('/', $input['refanged_no_port']);
if (count($temp) == 2) {
if (filter_var($temp[0], FILTER_VALIDATE_IP) && is_numeric($temp[1])) {
return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $input['comment'], 'value' => $input['refanged_no_port']);
}
if (count($temp) === 2 && filter_var($temp[0], FILTER_VALIDATE_IP) && is_numeric($temp[1])) {
return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $input['comment'], 'value' => $input['refanged_no_port']);
}
}
return false;
@ -409,13 +414,11 @@ class ComplexTypeTool
private function __checkForDomainOrFilename(array $input)
{
if (strpos($input['refanged'], '.') !== false) {
$temp = explode('.', $input['refanged']);
if (strpos($input['refanged_no_port'], '.') !== false) {
$temp = explode('.', $input['refanged_no_port']);
$domainDetection = true;
if (preg_match('/^([-\pL\pN]+\.)+[a-z0-9-]+(:[0-9]{2,5})?$/iu', $input['refanged'])) {
// Remove port
$tldExploded = explode(':', $temp[count($temp)-1]);
if (!$this->isTld($tldExploded[0])) {
if (preg_match('/^([-\pL\pN]+\.)+[a-z0-9-]+$/iu', $input['refanged_no_port'])) {
if (!$this->isTld(end($temp))) {
$domainDetection = false;
}
} else {
@ -447,11 +450,11 @@ class ComplexTypeTool
}
if (strpos($input['raw'], '\\') !== false) {
$temp = explode('\\', $input['raw']);
if (strpos($temp[count($temp)-1], '.') || preg_match('/^.:/i', $temp[0])) {
if ($this->__resolveFilename($temp[count($temp)-1])) {
if (strpos(end($temp), '.') || preg_match('/^.:/i', $temp[0])) {
if ($this->__resolveFilename(end($temp))) {
return array('types' => array('filename'), 'categories' => array('Payload installation'), 'to_ids' => true, 'default_type' => 'filename', 'value' => $input['raw']);
}
} else {
} else if (!empty($temp[0])) {
return array('types' => array('regkey'), 'to_ids' => false, 'default_type' => 'regkey', 'value' => $input['raw']);
}
}
@ -462,7 +465,7 @@ class ComplexTypeTool
{
if ((preg_match('/^.:/', $param) || strpos($param, '.') != 0)) {
$parts = explode('.', $param);
if (!is_numeric($parts[count($parts)-1]) && ctype_alnum($parts[count($parts)-1])) {
if (!is_numeric(end($parts)) && ctype_alnum(end($parts))) {
return true;
}
}

40
app/Test/ComplexTypeToolTest.php
View File

@ -10,16 +10,20 @@ class ComplexTypeToolTest extends TestCase
$complexTypeTool = new ComplexTypeTool();
$results = $complexTypeTool->checkFreeText(<<<EOT
# LAST 1000 # UTC UPDATE 2020-07-13 08:15:00
127.0.0.1,(127.0.0.2), <127.0.0.3>
127.0.0.1,(127.0.0.2), <127.0.0.3>; "127.0.0.4" '127.0.0.5'
EOT
);
$this->assertCount(3, $results);
$this->assertCount(5, $results);
$this->assertEquals('127.0.0.1', $results[0]['value']);
$this->assertEquals('ip-dst', $results[0]['default_type']);
$this->assertEquals('127.0.0.2', $results[1]['value']);
$this->assertEquals('ip-dst', $results[1]['default_type']);
$this->assertEquals('127.0.0.3', $results[2]['value']);
$this->assertEquals('ip-dst', $results[2]['default_type']);
$this->assertEquals('127.0.0.4', $results[3]['value']);
$this->assertEquals('ip-dst', $results[3]['default_type']);
$this->assertEquals('127.0.0.5', $results[4]['value']);
$this->assertEquals('ip-dst', $results[4]['default_type']);
}
public function testCheckFreeTextIpv4(): void
@ -38,6 +42,7 @@ EOT
$this->assertCount(1, $results);
$this->assertEquals('127.0.0.1|8080', $results[0]['value']);
$this->assertEquals('ip-dst|port', $results[0]['default_type']);
$this->assertEquals('On port 8080', $results[0]['comment']);
}
public function testCheckFreeTextIpv4Cidr(): void
@ -83,6 +88,7 @@ EOT
$this->assertCount(1, $results);
$this->assertEquals('1fff:0:a88:85a3::ac1f|8001', $results[0]['value']);
$this->assertEquals('ip-dst|port', $results[0]['default_type']);
$this->assertEquals('On port 8001', $results[0]['comment']);
}
public function testCheckFreeTextDomain(): void
@ -149,6 +155,15 @@ EOT
$this->assertEquals('filename', $results[0]['default_type']);
}
public function testCheckFreeTextRegkey(): void
{
$complexTypeTool = new ComplexTypeTool();
$results = $complexTypeTool->checkFreeText('HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion');
$this->assertCount(1, $results);
$this->assertEquals('HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion', $results[0]['value']);
$this->assertEquals('regkey', $results[0]['default_type']);
}
public function testCheckFreeTextDomainWithPort(): void
{
$complexTypeTool = new ComplexTypeTool();
@ -156,6 +171,7 @@ EOT
$this->assertCount(1, $results);
$this->assertEquals('example.com', $results[0]['value']);
$this->assertEquals('domain', $results[0]['default_type']);
$this->assertEquals('On port 80', $results[0]['comment']);
}
public function testCheckFreeTextDomainUppercase(): void
@ -331,11 +347,9 @@ EOT
{
$complexTypeTool = new ComplexTypeTool();
$results = $complexTypeTool->checkFreeText('as0 AS0');
$this->assertCount(2, $results);
$this->assertCount(1, $results);
$this->assertEquals('AS0', $results[0]['value']);
$this->assertEquals('AS', $results[0]['default_type']);
$this->assertEquals('AS0', $results[1]['value']);
$this->assertEquals('AS', $results[1]['default_type']);
}
public function testCheckFreeTextMd5(): void
@ -379,6 +393,22 @@ EOT
$this->assertCount(0, $results);
}
public function testCheckFreeTextEmptyValues(): void
{
$complexTypeTool = new ComplexTypeTool();
foreach (['|', '&', '$', '0', ':80', '1.2', '[]:80', '\.', '.', ':', 'a:b', 'a:b:c'] as $char) {
$results = $complexTypeTool->checkFreeText($char);
$this->assertCount(0, $results);
}
}
public function testCheckFreeTextRemoveDuplicates(): void
{
$complexTypeTool = new ComplexTypeTool();
$results = $complexTypeTool->checkFreeText('1.2.3.4 1.2.3.4');
$this->assertCount(1, $results);
}
public function testRefangValueUrl(): void
{
$complexTypeTool = new ComplexTypeTool();