chg: [galaxyCluster] Prevent creation if UUID is in blocklist. Added

default distribution fallback
2020-07-13 16:48:14 +02:00 · 2020-07-13 16:48:14 +02:00 · 45ad28be5d
parent d11bcb0801
commit 45ad28be5d
3 changed files with 39 additions and 4 deletions
--- a/app/Controller/GalaxyClustersController.php
+++ b/app/Controller/GalaxyClustersController.php
@ -297,9 +297,6 @@ class GalaxyClustersController extends AppController
            } else {
                $cluster['GalaxyCluster']['extends_uuid'] = null;
            }
-            if ($cluster['GalaxyCluster']['distribution'] != 4) {
-                $cluster['GalaxyCluster']['sharing_group_id'] = null;
-            }
            $errors = $this->GalaxyCluster->saveCluster($this->Auth->user(), $cluster);
            if (!empty($errors)) {
                $message = implode(', ', $errors);
--- a/app/Model/GalaxyCluster.php
+++ b/app/Model/GalaxyCluster.php
@ -235,7 +235,14 @@ class GalaxyCluster extends AppModel
        }
        unset($cluster['GalaxyCluster']['id']);
        $cluster['GalaxyCluster']['locked'] = false;
+
        if (isset($cluster['GalaxyCluster']['uuid'])) {
+            $this->GalaxyClusterBlocklist = ClassRegistry::init('GalaxyClusterBlocklist');
+            if ($this->GalaxyClusterBlocklist->checkIfBlocked($cluster['GalaxyCluster']['uuid'])) {
+                $errors[] = __('Blocked by blocklist');
+                return $errors;
+            }
+
            // check if the uuid already exists
            $existingGalaxyCluster = $this->find('first', array('conditions' => array('GalaxyCluster.uuid' => $cluster['GalaxyCluster']['uuid'])));
            if ($existingGalaxyCluster) {
@ -275,6 +282,12 @@ class GalaxyCluster extends AppModel
        } else {
            $cluster['GalaxyCluster']['extends_version'] = null;
        }
+        if (!isset($cluster['GalaxyCluster']['distribution'])) {
+            $cluster['GalaxyCluster']['distribution'] = Configure::read('MISP.default_event_distribution'); // use default event distribution
+        }
+        if ($cluster['GalaxyCluster']['distribution'] != 4) {
+            $cluster['GalaxyCluster']['sharing_group_id'] = null;
+        }

        // In contrary to the capture context, we make sure the cluster belongs to the organisation initiating the save
        $cluster['GalaxyCluster']['org_id'] = $user['Organisation']['id'];
@ -368,6 +381,9 @@ class GalaxyCluster extends AppModel
                if (!isset($cluster['GalaxyCluster']['published'])) {
                    $cluster['GalaxyCluster']['published'] = false;
                }
+                if ($cluster['GalaxyCluster']['distribution'] != 4) {
+                    $cluster['GalaxyCluster']['sharing_group_id'] = null;
+                }
                if (empty($fieldList)) {
                    $fieldList = array('value', 'description', 'version', 'source', 'authors', 'distribution', 'sharing_group_id', 'default', 'published');
                }
@ -638,7 +654,7 @@ class GalaxyCluster extends AppModel
     * @param bool  $fromPull If the current capture is performed from a PULL sync
     * @param int   $orgId The organisation id that should own the cluster
     * @param array $server The server for which to capture is ongoing
-     * @return array
+     * @return array Result of the capture including successes, fails and errors
     */
    public function captureCluster($user, $cluster, $fromPull=false, $orgId=0, $server=false)
    {
@ -650,6 +666,13 @@ class GalaxyCluster extends AppModel
            $cluster['GalaxyCluster']['org_id'] = $user['Organisation']['id'];
        }

+        $this->GalaxyClusterBlocklist = ClassRegistry::init('GalaxyClusterBlocklist');
+        if ($this->GalaxyClusterBlocklist->checkIfBlocked($cluster['GalaxyCluster']['uuid'])) {
+            $results['errors'][] = __('Blocked by blocklist');
+            $results['ignored']++;
+            return $results;
+        }
+
        if (!isset($cluster['GalaxyCluster']['orgc_id']) && !isset($cluster['Orgc'])) {
            $cluster['GalaxyCluster']['orgc_id'] = $cluster['GalaxyCluster']['org_id'];
        } else {
@ -692,6 +715,12 @@ class GalaxyCluster extends AppModel
            'GalaxyCluster.uuid' => $cluster['GalaxyCluster']['uuid']
        )));
        $cluster['GalaxyCluster']['tag_name'] = sprintf('misp-galaxy:%s="%s"', $cluster['GalaxyCluster']['type'], $cluster['GalaxyCluster']['uuid']);
+        if (!isset($cluster['GalaxyCluster']['distribution'])) {
+            $cluster['GalaxyCluster']['distribution'] = Configure::read('MISP.default_event_distribution'); // use default event distribution
+        }
+        if ($cluster['GalaxyCluster']['distribution'] != 4) {
+            $cluster['GalaxyCluster']['sharing_group_id'] = null;
+        }
        if (!isset($cluster['GalaxyCluster']['published'])) {
            $cluster['GalaxyCluster']['published'] = false;
        }
--- a/app/Model/GalaxyClusterBlocklist.php
+++ b/app/Model/GalaxyClusterBlocklist.php
@ -41,4 +41,13 @@ class GalaxyClusterBlocklist extends AppModel
        }
        return true;
    }
+
+    public function checkIfBlocked($clusterUUID)
+    {
+        $entry = $this->find('first', array('conditions' => array('cluster_uuid' => $clusterUUID)));
+        if (!empty($entry)) {
+            return true;
+        }
+        return false;
+    }
 }