MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [internal] Code style

pull/7893/head
Jakub Onderka 2021-10-28 11:18:04 +02:00
parent 0bde71130c
commit 4b2d6be4e3
2 changed files with 53 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
app/Lib/Tools/AttributeValidationTool.php
View File

@ -28,12 +28,20 @@ class AttributeValidationTool
'sha3-384' => 96, 'sha3-384' => 96,
'sha3-512' => 128, 'sha3-512' => 128,
]; ];
// do some last second modifications before the validation /**
* Do some last second modifications before the validation
* @param string $type
* @param mixed $value
* @return string
*/
public static function modifyBeforeValidation($type, $value) public static function modifyBeforeValidation($type, $value)
{ {
$value = self::handle4ByteUnicode($value); $value = self::handle4ByteUnicode($value);
switch ($type) { switch ($type) {
case 'ip-src':
case 'ip-dst':
return self::compressIpv6($value);
case 'md5': case 'md5':
case 'sha1': case 'sha1':
case 'sha224': case 'sha224':
@ -75,7 +83,7 @@ class AttributeValidationTool
$value = $punyCode; $value = $punyCode;
} }
} }
break; return $value;
case 'domain|ip': case 'domain|ip':
$value = strtolower($value); $value = strtolower($value);
$parts = explode('|', $value); $parts = explode('|', $value);
@ -110,8 +118,7 @@ class AttributeValidationTool
case 'filename|pehash': case 'filename|pehash':
case 'filename|tlsh': case 'filename|tlsh':
$pieces = explode('|', $value); $pieces = explode('|', $value);
$value = $pieces[0] . '|' . strtolower($pieces[1]); return $pieces[0] . '|' . strtolower($pieces[1]);
break;
case 'http-method': case 'http-method':
case 'hex': case 'hex':
return strtoupper($value); return strtoupper($value);
@ -121,13 +128,11 @@ class AttributeValidationTool
return strtoupper($value); return strtoupper($value);
case 'cc-number': case 'cc-number':
case 'bin': case 'bin':
$value = preg_replace('/[^0-9]+/', '', $value); return preg_replace('/[^0-9]+/', '', $value);
break;
case 'iban': case 'iban':
case 'bic': case 'bic':
$value = strtoupper($value); $value = strtoupper($value);
$value = preg_replace('/[^0-9A-Z]+/', '', $value); return preg_replace('/[^0-9A-Z]+/', '', $value);
break;
case 'prtn': case 'prtn':
case 'whois-registrant-phone': case 'whois-registrant-phone':
case 'phone-number': case 'phone-number':
@ -135,17 +140,12 @@ class AttributeValidationTool
$value = '+' . substr($value, 2); $value = '+' . substr($value, 2);
} }
$value = preg_replace('/\(0\)/', '', $value); $value = preg_replace('/\(0\)/', '', $value);
$value = preg_replace('/[^\+0-9]+/', '', $value); return preg_replace('/[^\+0-9]+/', '', $value);
break;
case 'x509-fingerprint-md5': case 'x509-fingerprint-md5':
case 'x509-fingerprint-sha256': case 'x509-fingerprint-sha256':
case 'x509-fingerprint-sha1': case 'x509-fingerprint-sha1':
$value = str_replace(':', '', $value); $value = str_replace(':', '', $value);
$value = strtolower($value); return strtolower($value);
break;
case 'ip-src':
case 'ip-dst':
return self::compressIpv6($value);
case 'ip-dst|port': case 'ip-dst|port':
case 'ip-src|port': case 'ip-src|port':
if (substr_count($value, ':') >= 2) { // (ipv6|port) - tokenize ip and port if (substr_count($value, ':') >= 2) { // (ipv6|port) - tokenize ip and port
@ -174,13 +174,11 @@ class AttributeValidationTool
} else { } else {
return $value; return $value;
} }
$parts[0] = self::compressIpv6($parts[0]); return self::compressIpv6($parts[0]) . '|' . $parts[1];
return $parts[0] . '|' . $parts[1];
case 'mac-address': case 'mac-address':
case 'mac-eui-64': case 'mac-eui-64':
$value = str_replace(array('.', ':', '-', ' '), '', strtolower($value)); $value = str_replace(array('.', ':', '-', ' '), '', strtolower($value));
$value = wordwrap($value, 2, ':', true); return wordwrap($value, 2, ':', true);
break;
case 'hostname|port': case 'hostname|port':
$value = strtolower($value); $value = strtolower($value);
return str_replace(':', '|', $value); return str_replace(':', '|', $value);
@ -194,11 +192,10 @@ class AttributeValidationTool
return $value ? '1' : '0'; return $value ? '1' : '0';
case 'datetime': case 'datetime':
try { try {
$value = (new DateTime($value, new DateTimeZone('GMT')))->format('Y-m-d\TH:i:s.uO'); // ISO8601 formating with microseconds return (new DateTime($value, new DateTimeZone('GMT')))->format('Y-m-d\TH:i:s.uO'); // ISO8601 formatting with microseconds
} catch (Exception $e) { } catch (Exception $e) {
// silently skip. Rejection will be done in runValidation() return $value; // silently skip. Rejection will be done in validation()
} }
break;
case 'AS': case 'AS':
if (strtoupper(substr($value, 0, 2)) === 'AS') { if (strtoupper(substr($value, 0, 2)) === 'AS') {
$value = substr($value, 2); // remove 'AS' $value = substr($value, 2); // remove 'AS'
@ -209,7 +206,7 @@ class AttributeValidationTool
return $parts[0] * 65536 + $parts[1]; return $parts[0] * 65536 + $parts[1];
} }
} }
break; return $value;
} }
return $value; return $value;
} }
@ -223,7 +220,6 @@ class AttributeValidationTool
*/ */
public static function validate($type, $value) public static function validate($type, $value)
{ {
// check data validation
switch ($type) { switch ($type) {
case 'md5': case 'md5':
case 'imphash': case 'imphash':
@ -306,8 +302,8 @@ class AttributeValidationTool
case 'filename|sha3-384': case 'filename|sha3-384':
case 'filename|sha3-512': case 'filename|sha3-512':
case 'filename|authentihash': case 'filename|authentihash':
$parts = explode('|', $type); $hashType = substr($type, 9); // strip `filename|`
$length = self::HASH_HEX_LENGTH[$parts[1]]; $length = self::HASH_HEX_LENGTH[$hashType];
if (preg_match("#^.+\|[0-9a-f]{" . $length . "}$#", $value)) { if (preg_match("#^.+\|[0-9a-f]{" . $length . "}$#", $value)) {
return true; return true;
} }
@ -672,7 +668,7 @@ class AttributeValidationTool
* Temporary solution for utf8 columns until we migrate to utf8mb4. * Temporary solution for utf8 columns until we migrate to utf8mb4.
* via https://stackoverflow.com/questions/16496554/can-php-detect-4-byte-encoded-utf8-chars * via https://stackoverflow.com/questions/16496554/can-php-detect-4-byte-encoded-utf8-chars
* @param string $input * @param string $input
* @return array|string|string[]|null * @return string
*/ */
private static function handle4ByteUnicode($input) private static function handle4ByteUnicode($input)
{ {

34
app/Test/AttributeValidationToolTest.php
View File

@ -8,18 +8,42 @@ if (!function_exists('__')) {
function __($singular, $args = null) function __($singular, $args = null)
{ {
$arguments = func_get_args(); $arguments = func_get_args();
return sprintf($singular, array_slice($arguments, 1)); return vsprintf($singular, array_slice($arguments, 1));
} }
} }
class AttributeValidationToolTest extends TestCase class AttributeValidationToolTest extends TestCase
{ {
public function testValidateHash(): void
{
$this->shouldBeValid('filename|md5', [
'cmd.exe|0cc175b9c0f1b6a831c399e269772661',
]);
$this->shouldBeInvalid('filename|md5', [
'cmd.exe|86f7e437faa5a7fce15d1ddcb9eaeaea377667b8',
]);
}
public function testValidateIp(): void public function testValidateIp(): void
{ {
$this->assertTrue(AttributeValidationTool::validate('ip-src', '127.0.0.1')); foreach (['ip-src', 'ip-dst'] as $type) {
$this->assertTrue(AttributeValidationTool::validate('ip-src', '127.0.0.1')); $this->shouldBeValid($type, [
$this->assertTrue(AttributeValidationTool::validate('ip-src', '127.0.0.1/32')); '127.0.0.1',
$this->assertTrue(AttributeValidationTool::validate('ip-dst', '127.0.0.1/32')); '127.0.0.1/32',
'::1',
'::1/128',
]);
$this->shouldBeInvalid($type, [
'127',
'127.0.0.',
'127.0.0.1/',
'127.0.0.1/32/1',
'127.0.0.1/128',
'::1/257',
'::1/257',
'::1/128/1',
]);
}
} }
public function testValidatePort(): void public function testValidatePort(): void