chg: [galaxyMatrix] Added sorting by score. Fix #4608

2019-05-13 15:07:38 +02:00 · 2019-05-13 15:07:38 +02:00 · 4fbe857f90
parent 219df09e98
commit 4fbe857f90
5 changed files with 40 additions and 14 deletions
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -4953,6 +4953,7 @@ class EventsController extends AppController
        }
        // end FIXME

+        $this->Galaxy->sortMatrixByScore($tabs, $scores);
        if ($this->_isRest()) {
            $json = array('matrix' => $tabs, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
            $this->response->type('json');
--- a/app/Controller/GalaxyClustersController.php
+++ b/app/Controller/GalaxyClustersController.php
@ -450,7 +450,7 @@ class GalaxyClustersController extends AppController
        }

        $maxScore = count($scores) > 0 ? max(array_values($scores)) : 0;
-        $matrixData = $this->GalaxyCluster->Galaxy->getMatrix($mitreAttackGalaxyId);
+        $matrixData = $this->GalaxyCluster->Galaxy->getMatrix($mitreAttackGalaxyId, $scores);
        $tabs = $matrixData['tabs'];
        $matrixTags = $matrixData['matrixTags'];
        $killChainOrders = $matrixData['killChain'];
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@ -1964,6 +1964,7 @@ class UsersController extends AppController
        }
        // end FIXME

+        $this->Galaxy->sortMatrixByScore($tabs, $scores);
        if ($this->_isRest()) {
            $json = array('matrix' => $tabs, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
            return $this->RestResponse->viewData($json, $this->response->type());
--- a/app/Lib/Export/AttackExport.php
+++ b/app/Lib/Export/AttackExport.php
@ -99,6 +99,7 @@ class AttackExport
                $maxScore = $clusterCount;
            }
        }
+        $this->__GalaxyModel->sortMatrixByScore($this->__tabs, $this->__clusterCounts);
        App::uses('ColourGradientTool', 'Tools');
        $gradientTool = new ColourGradientTool();
        $colours = $gradientTool->createGradientFromValues($this->__clusterCounts);
@ -114,6 +115,10 @@ class AttackExport
            $result['colours'] = $colours['mapping'];
            $result['interpolation'] = $colours['interpolation'];
        }
+        if ($this->__galaxy_id == $this->__GalaxyModel->getMitreAttackGalaxyId()) {
+            $result['defaultTabName'] = 'mitre-attack';
+            $result['removeTrailling'] = 2;
+        }
        $result['galaxyName'] = $this->__galaxy_name;
        $result['galaxyId'] = $this->__galaxy_id;
        $matrixGalaxies = $this->__GalaxyModel->getAllowedMatrixGalaxies();
--- a/app/Model/Galaxy.php
+++ b/app/Model/Galaxy.php
@ -397,7 +397,7 @@ class Galaxy extends AppModel
        return $galaxies;
    }

-    public function getMatrix($galaxy_id)
+    public function getMatrix($galaxy_id, $scores=array())
    {
        $conditions = array('Galaxy.id' => $galaxy_id);
        $contains = array(
@ -454,18 +454,7 @@ class Galaxy extends AppModel
        }
        $matrixData['tabs'] = $cols;

-        foreach ($matrixData['tabs'] as $k => $v) {
-            foreach ($matrixData['tabs'][$k] as $kc => $v2) {
-                // sort clusters in the kill chains
-                usort(
-                    $matrixData['tabs'][$k][$kc],
-                    function($a, $b) {
-                        return strcmp($a['value'], $b['value']);
-                    }
-                );
-            }
-        }
-
+        $this->sortMatrixByScore($matrixData['tabs'], $scores);
        // #FIXME temporary fix: retreive tag name of deprecated mitre galaxies (for the stats)
        if ($galaxy['Galaxy']['id'] == $this->getMitreAttackGalaxyId()) {
            $names = array('Enterprise Attack - Attack Pattern', 'Pre Attack - Attack Pattern', 'Mobile Attack - Attack Pattern');
@ -486,4 +475,34 @@ class Galaxy extends AppModel
        $matrixData['matrixTags'] = array_keys($matrixData['matrixTags']);
        return $matrixData;
    }
+
+    public function sortMatrixByScore(&$tabs, $scores)
+    {
+        foreach (array_keys($tabs) as $i) {
+            foreach (array_keys($tabs[$i]) as $j) {
+                // major ordering based on score, minor based on alphabetical
+                usort($tabs[$i][$j], function ($a, $b) use($scores) {
+                    if ($a['tag_name'] == $b['tag_name']) {
+                        return 0;
+                    }
+                    if (isset($scores[$a['tag_name']]) && isset($scores[$b['tag_name']])) {
+                        if ($scores[$a['tag_name']] < $scores[$b['tag_name']]) {
+                            $ret = 1;
+                        } else if ($scores[$a['tag_name']] == $scores[$b['tag_name']]) {
+                            $ret = strcmp($a['value'], $b['value']);
+                        } else {
+                            $ret = -1;
+                        }
+                    } else if (isset($scores[$a['tag_name']])) {
+                        $ret = -1;
+                    } else if (isset($scores[$b['tag_name']])) {
+                        $ret = 1;
+                    } else { // none is set
+                        $ret = strcmp($a['value'], $b['value']);
+                    }
+                    return $ret;
+                });
+            }
+        }
+    }
 }