MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/3892/head
chrisr3d 2018-11-19 08:47:20 +01:00
parent 31fda3c827 54d69ce41a
commit 4bcad73c1e
13 changed files with 179 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/EventsController.php
View File

@ -2732,7 +2732,9 @@ class EventsController extends AppController
} else {
$filename = 'misp.csv.filtered_results.csv';
}
if (!isset($filters['ignore'])) {
$filters['ignore'] = 0;
}
$final = $this->Event->restSearch($user, 'csv', $filters);
// if it's a search, grab the attributeIDList from the session and get the IDs from it. Use those as the condition
// We don't need to look out for permissions since that's filtered by the search itself

2
app/Controller/ObjectsController.php
View File

@ -194,6 +194,7 @@ class ObjectsController extends AppController
$error = 'Could not save the object as no attributes were set.';
} else {
foreach ($object['Attribute'] as $k => $attribute) {
unset($object['Attribute'][$k]['id']);
$object['Attribute'][$k]['event_id'] = $eventId;
$this->MispObject->Event->Attribute->set($attribute);
if (!$this->MispObject->Event->Attribute->validates()) {
@ -220,6 +221,7 @@ class ObjectsController extends AppController
$error = $this->MispObject->ObjectTemplate->checkTemplateConformity($template, $object);
}
if ($error === true) {
unset($object['Object']['id']);
$result = $this->MispObject->saveObject($object, $eventId, $template, $this->Auth->user(), $errorBehaviour = 'halt');
if (is_numeric($result)) {
$this->MispObject->Event->unpublishEvent($eventId);

148
app/Controller/UsersController.php
View File

@ -1375,70 +1375,110 @@ class UsersController extends AppController
$this->set('user', $user);
}
public function admin_email()
public function admin_email($isPreview=false)
{
if (!$this->_isAdmin()) {
throw new MethodNotAllowedException();
}
// User has filled in his contact form, send out the email.
if ($this->request->is('post') || $this->request->is('put')) {
$conditions = array();
if (!$this->_isSiteAdmin()) {
$conditions = array('org_id' => $this->Auth->user('org_id'));
}
if ($this->request->data['User']['recipient'] != 1) {
$conditions['id'] = $this->request->data['User']['recipientEmailList'];
}
$conditions['AND'][] = array('User.disabled' => 0);
$users = $this->User->find('all', array('recursive' => -1, 'order' => array('email ASC'), 'conditions' => $conditions));
$this->request->data['User']['message'] = $this->User->adminMessageResolve($this->request->data['User']['message']);
$failures = '';
foreach ($users as $user) {
$password = $this->User->generateRandomPassword();
$body = str_replace('$password', $password, $this->request->data['User']['message']);
$body = str_replace('$username', $user['User']['email'], $body);
$result = $this->User->sendEmail($user, $body, false, $this->request->data['User']['subject']);
// if sending successful and action was a password change, update the user's password.
if ($result && $this->request->data['User']['action'] != '0') {
$this->User->id = $user['User']['id'];
$this->User->saveField('password', $password);
$this->User->saveField('change_pw', '1');
}
if (!$result) {
if ($failures != '') {
$failures .= ', ';
}
$failures .= $user['User']['email'];
}
}
if ($failures != '') {
$this->Flash->success(__('E-mails sent, but failed to deliver the messages to the following recipients: ' . $failures));
} else {
$this->Flash->success(__('E-mails sent.'));
}
}
$isPostOrPut = $this->request->is('post') || $this->request->is('put');
$conditions = array();
if (!$this->_isSiteAdmin()) {
$conditions = array('org_id' => $this->Auth->user('org_id'));
}
$conditions['User.disabled'] = 0;
$temp = $this->User->find('all', array('recursive' => -1, 'fields' => array('id', 'email'), 'order' => array('email ASC'), 'conditions' => $conditions));
$emails = array();
// save all the emails of the users and set it for the dropdown list in the form
foreach ($temp as $user) {
$emails[$user['User']['id']] = $user['User']['email'];
// harvest parameters
if ($isPostOrPut) {
$recipient = $this->request->data['User']['recipient'];
} else {
$recipient = isset($this->request->query['recipient']) ? $this->request->query['recipient'] : NULL;
}
$this->set('users', $temp);
$this->set('recipientEmail', $emails);
$this->set('org', Configure::read('MISP.org'));
$textsToFetch = array('newUserText', 'passwordResetText');
$this->loadModel('Server');
foreach ($textsToFetch as $text) {
${$text} = Configure::read('MISP.' . $text);
if (!${$text}) {
${$text} = $this->Server->serverSettings['MISP'][$text]['value'];
if ($isPostOrPut) {
$recipientEmailList = $this->request->data['User']['recipientEmailList'];
} else {
$recipientEmailList = isset($this->request->query['recipientEmailList']) ? $this->request->query['recipientEmailList'] : NULL;
}
if ($isPostOrPut) {
$orgNameList = $this->request->data['User']['orgNameList'];
} else {
$orgNameList = isset($this->request->query['orgNameList']) ? $this->request->query['orgNameList'] : NULL;
}
if (!is_null($recipient) && $recipient == 0) {
if (is_null($recipientEmailList)) {
throw new NotFoundException(__('Recipient email not provided'));
}
$conditions['id'] = $recipientEmailList;
} else if (!is_null($recipient) && $recipient == 2) {
if (is_null($orgNameList)) {
throw new NotFoundException(__('Recipient organisation not provided'));
}
$conditions['org_id'] = $orgNameList;
}
$conditions['AND'][] = array('User.disabled' => 0);
// Allow to mimic real form post
if ($isPreview) {
$users = $this->User->find('list', array('recursive' => -1, 'order' => array('email ASC'), 'conditions' => $conditions, 'fields' => array('email')));
$this->set('emails', $users);
$this->set('emailsCount', count($users));
$this->render('ajax/emailConfirmTemplate');
} else {
$users = $this->User->find('all', array('recursive' => -1, 'order' => array('email ASC'), 'conditions' => $conditions));
// User has filled in his contact form, send out the email.
if ($isPostOrPut) {
$this->request->data['User']['message'] = $this->User->adminMessageResolve($this->request->data['User']['message']);
$failures = '';
foreach ($users as $user) {
$password = $this->User->generateRandomPassword();
$body = str_replace('$password', $password, $this->request->data['User']['message']);
$body = str_replace('$username', $user['User']['email'], $body);
$result = $this->User->sendEmail($user, $body, false, $this->request->data['User']['subject']);
// if sending successful and action was a password change, update the user's password.
if ($result && $this->request->data['User']['action'] != '0') {
$this->User->id = $user['User']['id'];
$this->User->saveField('password', $password);
$this->User->saveField('change_pw', '1');
}
if (!$result) {
if ($failures != '') {
$failures .= ', ';
}
$failures .= $user['User']['email'];
}
}
if ($failures != '') {
$this->Flash->success(__('E-mails sent, but failed to deliver the messages to the following recipients: ' . $failures));
} else {
$this->Flash->success(__('E-mails sent.'));
}
}
$conditions = array();
if (!$this->_isSiteAdmin()) {
$conditions = array('org_id' => $this->Auth->user('org_id'));
}
$conditions['User.disabled'] = 0;
$temp = $this->User->find('all', array('recursive' => -1, 'fields' => array('id', 'email', 'Organisation.name'), 'order' => array('email ASC'), 'conditions' => $conditions, 'contain' => array('Organisation')));
$emails = array();
$orgName = array();
// save all the emails of the users and set it for the dropdown list in the form
foreach ($temp as $user) {
$emails[$user['User']['id']] = $user['User']['email'];
$orgName[$user['Organisation']['id']] = $user['Organisation']['name'];
}
$this->set('users', $temp);
$this->set('recipientEmail', $emails);
$this->set('orgName', $orgName);
$this->set('org', Configure::read('MISP.org'));
$textsToFetch = array('newUserText', 'passwordResetText');
$this->loadModel('Server');
foreach ($textsToFetch as $text) {
${$text} = Configure::read('MISP.' . $text);
if (!${$text}) {
${$text} = $this->Server->serverSettings['MISP'][$text]['value'];
}
$this->set($text, ${$text});
}
$this->set($text, ${$text});
}
}

20
app/Model/Event.php
View File

@ -1412,6 +1412,7 @@ class Event extends AppModel
'category' => array('function' => 'set_filter_simple_attribute'),
'type' => array('function' => 'set_filter_simple_attribute'),
'tags' => array('function' => 'set_filter_tags', 'pop' => true),
'ignore' => array('function' => 'set_filter_ignore'),
'uuid' => array('function' => 'set_filter_uuid'),
'deleted' => array('function' => 'set_filter_deleted'),
'to_ids' => array('function' => 'set_filter_to_ids'),
@ -1706,6 +1707,10 @@ class Event extends AppModel
if (!empty($options['includeRelatedTags'])) {
$options['includeGranularCorrelations'] = 1;
}
if (isset($options['ignore']) && empty($options['ignore'])) {
$conditions['AND'][] = array('Event.published' => 1);
$conditionsAttributes['AND'][] = array('Attribute.to_ids' => 1);
}
$softDeletables = array('Attribute', 'Object', 'ObjectReference');
if (isset($options['deleted']) && $options['deleted']) {
if (!$user['Role']['perm_sync']) {
@ -2234,8 +2239,17 @@ class Event extends AppModel
public function set_filter_ignore(&$params, $conditions, $options)
{
if (empty($params['ignore'])) {
$conditions['AND']['Event.published'] = 1;
$conditions['AND']['Attribute.to_ids'] = 1;
if (empty($options['scope'])) {
$scope = 'Attribute';
} else {
$scope = $options['scope'];
}
if ($scope === 'Attribute') {
$conditions['AND']['Attribute.to_ids'] = 1;
} else {
$conditions['AND']['Event.published'] = 1;
}
}
return $conditions;
}
@ -5461,7 +5475,7 @@ class Event extends AppModel
$filters['published'] = 1;
}
}
if (isset($filters['ignore'])) {
if (!empty($filters['ignore'])) {
$filters['to_ids'] = array(0, 1);
$filters['published'] = array(0, 1);
}

11
app/Model/MispObject.php
View File

@ -47,6 +47,17 @@ class MispObject extends AppModel
);
public $validate = array(
'uuid' => array(
'uuid' => array(
'rule' => array('custom', '/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/'),
'message' => 'Please provide a valid UUID'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'The UUID provided is not unique',
'required' => 'create'
)
)
);
public function beforeValidate($options = array())

4
app/Model/SharingGroup.php
View File

@ -199,7 +199,9 @@ class SharingGroup extends AppModel
'conditions' => array('id' => $sgo['org_id'])
));
}
$sgo['Organisation'] = $this->__sgoCache[$sgo['org_id']];
if (!empty($this->__sgoCache[$sgo['org_id']]['Organisation'])) {
$sgo['Organisation'] = $this->__sgoCache[$sgo['org_id']]['Organisation'];
}
}
}
}

4
app/View/Elements/healthElements/diagnostics.ctp
View File

@ -55,9 +55,7 @@
$branchColour = $branch == '2.4' ? 'green' : 'red bold';
?>
<span class="<?php echo h($branchColour); ?>">
<?php
echo h($branch);
?>
<?=($branch == '2.4') ? h($branch) : "You are not on a branch, Update MISP will fail"; ?>
</span>
</span><br />
<pre class="hidden green bold" id="gitResult"></pre>

28
app/View/Users/admin_email.ctp
View File

@ -16,7 +16,7 @@
<?php
// This choice will determine
$actionOptions=array(__('Custom message'), __('Welcome message'), __('Reset password'));
$recipientOptions=array(__('A single user'), __('All users'));
$recipientOptions=array(__('A single user'), __('All users'), __('All users of the same organisation'));
?>
<div class="row-fluid">
<?php echo $this->Form->input('action', array('type' => 'select', 'options' => $actionOptions, 'id' => 'action')); ?>
@ -29,6 +29,9 @@
<div id="recipientEmailList" class="hideAble">
<?php echo $this->Form->input('recipientEmailList', array('type' => 'select', 'options' => $recipientEmail, 'label' => 'Recipient Email')); ?>
</div>
<div id="orgNameList" class="hideAble">
<?php echo $this->Form->input('orgNameList', array('type' => 'select', 'options' => $orgName, 'label' => 'Recipient Organisation Name')); ?>
</div>
</div>
<div id="customMessage" class="row-fluid hideAble">
<?php
@ -64,13 +67,33 @@ $("#customMessage").change(setAll);
$("#action").change(populateSubject);
var subjects = [];
var standardTexts = [];
var submitAllowed = false;
$(document).ready(function() {
var org = "<?php echo $org;?>";
subjects = ["", "[" + org + " MISP] " + "<?php echo __('New user registration');?>" , "[" + org + " MISP] " + "<?php echo __('Password reset');?>"];
standardTexts = ['', '<?php echo h($newUserText); ?>', '<?php echo h($passwordResetText); ?>'];
//setAll();
setAll();
// Confirm before submit
$('#UserAdminEmailForm').submit(function(e) {
var url = '<?php echo $baseurl; ?>/admin/users/email/true?';
url += 'recipient=' + $('#recipient').val();
url += '&recipientEmailList=' + $('#UserRecipientEmailList').val();
url += '&orgNameList=' + $('#UserOrgNameList').val();
$.get(url, function(data) {
$("#confirmation_box").html(data);
openPopup("#confirmation_box");
});
return submitAllowed;
});
});
function submitMailsForm() {
submitAllowed = true;
$('#UserAdminEmailForm').submit();
}
function populateSubject() {
$("#UserSubject").val(subjects[$("#action").val()]);
$("#UserMessage").html(standardTexts[$("#action").val()]).text();
@ -82,6 +105,7 @@ function setAll() {
if ($("#action option:selected").val() == 0) $("#subject").show();
else $("#customMessage").show();
if ($("#recipient option:selected").val() == 0) $("#recipientEmailList").show();
if ($("#recipient option:selected").val() == 2) $("#orgNameList").show();
}

17
app/View/Users/ajax/emailConfirmTemplate.ctp Normal file
View File

@ -0,0 +1,17 @@
<div class="confirmation">
<legend><?php echo __('Confirm sending'); ?> </legend>
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
<p><?php echo __('You are about to send a mail to %s recipient(s)?', '<strong>' . h($emailsCount) . '</strong>'); ?></p>
<div>
<select multiple=1 size=15 style="width: 100%">
<?php foreach($emails as $email): ?>
<option><?php echo h($email); ?></option>
<?php endforeach; ?>
</select>
</div>
<div>
<span role="button" tabindex="0" aria-label="<?php echo __('Send');?>" title="<?php echo __('Send');?>" class="btn btn-primary" id="PromptYesButton" onClick="submitMailsForm();"><?php echo __('Send');?></span>
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" style="float:right;" onClick="cancelPrompt();"><?php echo __('Cancel');?></span>
</div>
</div>
</div>

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit 34bee5f3bb4953fb00d75e1cb11c346659a692df
Subproject commit 162802f486427933f5cd0602dd4cf62e24f145ae

2
docs/INSTALL.ubuntu1804.md
View File

@ -123,6 +123,8 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
sudo -u www-data git config core.filemode false
# Create a python3 virtualenv
sudo apt-get install python3-pip
pip3 install virtualenv
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
# make pip happy

2
tests/curl_tests.sh
View File

@ -6,7 +6,7 @@ set -x
AUTH="$1"
curl -i -H "Accept: application/json" -H "content-type: application/json" -H "Authorization: $AUTH" --data "@event.json" -X POST http://misp.local/events
curl -H "Authorization: $AUTH" -X GET http://misp.local/events/csv/download/1 | sed -e 's/^M//g' | cut -d, -f2 --complement | sort > 1.csv
curl -H "Authorization: $AUTH" -X GET http://misp.local/events/csv/download/1/ignore:1 | sed -e 's/^M//g' | cut -d, -f2 --complement | sort > 1.csv
cat 1.csv
cut -d, -f2 --complement event.csv | sort > compare.csv
diff compare.csv 1.csv

2
tools/misp-backup/misp-restore.sh
View File

@ -26,7 +26,7 @@ echo '-- Starting MISP restore process'
FILE=./misp-backup.conf
if [ -f $1 ];
if [ ! -z $1 ] && [ -f $1 ];
then
BackupFile=$1
else