mirror of https://github.com/MISP/MISP
new: [CLI] IP address normalization script
parent
8678da10d8
commit
405b918580
|
@ -53,10 +53,21 @@ class EventShell extends AppShell
|
|||
$parser->addSubcommand('mergeTags', [
|
||||
'help' => __('Merge tags'),
|
||||
'parser' => [
|
||||
'arguments' => array(
|
||||
'arguments' => [
|
||||
'source' => ['help' => __('Source tag ID or name. Source tag will be deleted.'), 'required' => true],
|
||||
'destination' => ['help' => __('Destination tag ID or name.'), 'required' => true],
|
||||
)
|
||||
],
|
||||
],
|
||||
]);
|
||||
$parser->addSubcommand('reportValidationIssuesAttributes', [
|
||||
'help' => __('Report validation issues on attributes'),
|
||||
]);
|
||||
$parser->addSubcommand('normalizeIpAddress', [
|
||||
'help' => __('Normalize IP address format in old events'),
|
||||
'parser' => [
|
||||
'options' => [
|
||||
'dry-run' => ['help' => __('Just show what changes will be made.'), 'boolean' => true],
|
||||
],
|
||||
],
|
||||
]);
|
||||
return $parser;
|
||||
|
@ -643,18 +654,21 @@ class EventShell extends AppShell
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param int $userId
|
||||
* @return array
|
||||
*/
|
||||
private function getUser($userId)
|
||||
public function normalizeIpAddress()
|
||||
{
|
||||
$user = $this->User->getAuthUser($userId, true);
|
||||
if (empty($user)) {
|
||||
$this->error("User with ID $userId does not exist.");
|
||||
$dryRun = $this->param('dry-run');
|
||||
|
||||
$count = 0;
|
||||
foreach ($this->Event->Attribute->normalizeIpAddress($dryRun) as $attribute) {
|
||||
$count++;
|
||||
echo JsonTool::encode($attribute) . "\n";
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
$this->err(__n("%s attribute to fix", "%s attributes to fix", $count, $count));
|
||||
} else {
|
||||
$this->err(__n("%s attribute fixed", "%s attributes fixed", $count, $count));
|
||||
}
|
||||
Configure::write('CurrentUserId', $user['id']); // for audit logging purposes
|
||||
return $user;
|
||||
}
|
||||
|
||||
public function generateTopCorrelations()
|
||||
|
@ -675,4 +689,18 @@ class EventShell extends AppShell
|
|||
$this->Job->save($job);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param int $userId
|
||||
* @return array
|
||||
*/
|
||||
private function getUser($userId)
|
||||
{
|
||||
$user = $this->User->getAuthUser($userId, true);
|
||||
if (empty($user)) {
|
||||
$this->error("User with ID $userId does not exist.");
|
||||
}
|
||||
Configure::write('CurrentUserId', $user['id']); // for audit logging purposes
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1278,6 +1278,37 @@ class Attribute extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param bool $dryRun If true, no changes will be made to
|
||||
* @return Generator
|
||||
* @throws Exception
|
||||
*/
|
||||
public function normalizeIpAddress($dryRun = false)
|
||||
{
|
||||
$attributes = $this->fetchAttributesInChunks([
|
||||
'Attribute.type' => ['ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'domain|ip'],
|
||||
]);
|
||||
|
||||
foreach ($attributes as $attribute) {
|
||||
$value = $attribute['Attribute']['value'];
|
||||
$normalizedValue = AttributeValidationTool::modifyBeforeValidation($attribute['Attribute']['type'], $value);
|
||||
if ($value !== $normalizedValue) {
|
||||
if (!$dryRun) {
|
||||
$attribute['Attribute']['value'] = $normalizedValue;
|
||||
$this->save($attribute, true, ['value1', 'value2']);
|
||||
}
|
||||
|
||||
yield [
|
||||
'id' => (int) $attribute['Attribute']['id'],
|
||||
'event_id' => (int) $attribute['Attribute']['event_id'],
|
||||
'type' => $attribute['Attribute']['type'],
|
||||
'value' => $value,
|
||||
'normalized_value' => $normalizedValue,
|
||||
];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This method takes a string from an argument with several elements (separated by '&&' and negated by '!') and returns 2 arrays
|
||||
* array 1 will have all of the non negated terms and array 2 all the negated terms
|
||||
|
@ -3694,7 +3725,7 @@ class Attribute extends AppModel
|
|||
);
|
||||
}
|
||||
|
||||
private function findAttributeByValue($attribute)
|
||||
private function findAttributeByValue(array $attribute)
|
||||
{
|
||||
$type = $attribute['type'];
|
||||
$conditions = [
|
||||
|
|
Loading…
Reference in New Issue