MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' into feature/CakeResque 

Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap

Conflicts:
	app/Controller/AppController.php
	app/Controller/EventsController.php
pull/217/head
iglocska 2013-12-04 11:58:01 +01:00
parent 48383fe25b 5f155f47cc
commit 50f3fa40d0
46 changed files with 1046 additions and 933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@ -19,3 +19,13 @@
/cakephp
/app/webroot/gpg.asc
/app/Plugin/CakeResque/Config/bootstrap.php
/app/tmp/cached_exports/csv
/app/tmp/cached_exports/csv_all
/app/tmp/cached_exports/csv_sig
/app/tmp/cached_exports/md5
/app/tmp/cached_exports/sha1
/app/tmp/cached_exports/snort
/app/tmp/cached_exports/suricata
/app/tmp/cached_exports/text
/app/tmp/cached_exports/xml
/app/tmp/logs

35
.travis.yml Normal file
View File

@ -0,0 +1,35 @@
language: php
php:
- 5.5
- 5.4
- 5.3
env:
- CAKE_VERSION=2.4.2 DB=mysql
- CAKE_VERSION=master DB=mysql
matrix:
allow_failures:
- php: 5.5
before_script:
- pecl install Crypt_GPG
- pecl install Net_GeoIP
- phpenv rehash
- sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'CREATE DATABASE misp_test;'; fi"
- git clone git://github.com/cakephp/cakephp ../cakephp && cd ../cakephp && git checkout $CAKE_VERSION
- chmod -R 777 ../cakephp/app/tmp
- echo "<?php
class DATABASE_CONFIG {
public \$test = array(
'datasource' => 'Database/Mysql',
'database' => 'misp_test',
'host' => '0.0.0.0',
'login' => 'travis',
'host' => '',
'persistent' => false
);
}" > app/Config/database.php
script:
- ./lib/Cake/Console/cake test app AllTests --stderr

71
INSTALL/MYSQL.sql Executable file → Normal file
View File

@ -13,13 +13,13 @@ CREATE TABLE IF NOT EXISTS `attributes` (
`value2` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`to_ids` tinyint(1) NOT NULL DEFAULT '1',
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
`timestamp` int(11) NOT NULL DEFAULT '0',
`timestamp` int(11) DEFAULT '0',
`distribution` tinyint(4) NOT NULL DEFAULT '0',
`comment` text COLLATE utf8_bin NOT NULL,
`comment` text COLLATE utf8_bin,
PRIMARY KEY (`id`),
KEY `event_id` (`event_id`),
KEY `uuid` (`uuid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -68,7 +68,8 @@ CREATE TABLE IF NOT EXISTS `correlations` (
KEY `1_event_id` (`1_event_id`),
KEY `1_attribute_id` (`1_attribute_id`),
KEY `attribute_id` (`attribute_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
@ -77,9 +78,9 @@ CREATE TABLE IF NOT EXISTS `correlations` (
CREATE TABLE IF NOT EXISTS `events` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`threat_level_id` int(11) DEFAULT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`date` date NOT NULL,
`risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL,
`info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`user_id` int(11) NOT NULL,
`published` tinyint(1) NOT NULL DEFAULT '0',
@ -94,7 +95,7 @@ CREATE TABLE IF NOT EXISTS `events` (
PRIMARY KEY (`id`),
KEY `uuid` (`uuid`),
FULLTEXT KEY `info` (`info`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -115,13 +116,14 @@ CREATE TABLE IF NOT EXISTS `logs` (
`org` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`description` varchar(255) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `posts`
--
CREATE TABLE IF NOT EXISTS `posts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`date_created` datetime NOT NULL,
@ -131,7 +133,7 @@ CREATE TABLE IF NOT EXISTS `posts` (
`post_id` int(11) NOT NULL DEFAULT '0',
`thread_id` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ;
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -145,7 +147,7 @@ CREATE TABLE IF NOT EXISTS `regexp` (
`replacement` varchar(255) COLLATE utf8_bin NOT NULL,
`type` varchar(100) COLLATE utf8_bin NOT NULL DEFAULT 'ALL',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -167,10 +169,10 @@ CREATE TABLE IF NOT EXISTS `roles` (
`perm_audit` tinyint(1) DEFAULT NULL,
`perm_full` tinyint(1) DEFAULT NULL,
`perm_auth` tinyint(1) NOT NULL DEFAULT '0',
`perm_regexp_access` TINYINT( 1 ) NOT NULL DEFAULT '0',
`perm_site_admin` TINYINT( 1 ) NOT NULL DEFAULT '0',
`perm_regexp_access` tinyint(1) NOT NULL DEFAULT '0',
`perm_site_admin` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=5 ;
-- --------------------------------------------------------
@ -189,7 +191,7 @@ CREATE TABLE IF NOT EXISTS `servers` (
`lastpulledid` int(11) NOT NULL,
`lastpushedid` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -213,12 +215,14 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` (
KEY `event_id` (`event_id`),
KEY `uuid` (`uuid`),
KEY `old_id` (`old_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `threads`
--
CREATE TABLE IF NOT EXISTS `threads` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`date_created` datetime NOT NULL,
@ -230,7 +234,22 @@ CREATE TABLE IF NOT EXISTS `threads` (
`title` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`org` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ;
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `threat_levels`
--
CREATE TABLE IF NOT EXISTS `threat_levels` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(50) NOT NULL,
`description` varchar(255) DEFAULT NULL,
`form_description` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
@ -255,7 +274,7 @@ CREATE TABLE IF NOT EXISTS `users` (
PRIMARY KEY (`id`),
KEY `email` (`email`),
KEY `password` (`password`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
@ -267,7 +286,7 @@ CREATE TABLE IF NOT EXISTS `whitelist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -275,9 +294,9 @@ CREATE TABLE IF NOT EXISTS `whitelist` (
-- Default values for initial installation
--
INSERT INTO `regexp`
INSERT INTO `regexp`
(`regexp`, `replacement`)
VALUES
VALUES
('/.:.ProgramData./i','%ALLUSERSPROFILE%\\\\'),
('/.:.Documents and Settings.All Users./i','%ALLUSERSPROFILE%\\\\'),
('/.:.Program Files.Common Files./i','%COMMONPROGRAMFILES%\\\\'),
@ -328,3 +347,17 @@ INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modi
VALUES ('4', 'Sync user', NOW(), NOW(), '1', '1', '1', '1', '1', '0', '1', '0', '1');
-- --------------------------------------------------------
--
-- Initial threat levels
--
INSERT INTO `threat_levels` (`id`, `name`, `description`, `form_description`)
VALUES
(1,'High','*high* means sophisticated APT malware or 0-day attack','Sophisticated APT malware or 0-day attack'),
(2,'Medium','*medium* means APT malware','APT malware'),
(3,'Low','*low* means mass-malware','Mass-malware'),
(4,'Undefined','*undefined* no risk','No risk');
-- --------------------------------------------------------

27
app/Config/Schema/db_correlation.php
View File

@ -1,27 +0,0 @@
<?php
class DbCorrelationSchema extends CakeSchema {
public $name = 'DbCorrelation';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $correlations = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

28
app/Config/Schema/db_log.php
View File

@ -1,28 +0,0 @@
<?php
class DbLogSchema extends CakeSchema {
public $name = 'DbLog';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $logs = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'title' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'model' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'model_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'action' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'change' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

21
app/Config/Schema/db_log.sql
View File

@ -1,21 +0,0 @@
-- Audit, log table
-- works in conjunction with:
-- https://github.com/alkemann/CakePHP-Assets/wiki
-- also described at:
-- http://bakery.cakephp.org/articles/alkemann/2008/10/21/logablebehavior
DROP TABLE logs;
CREATE TABLE logs (
id int(11) NOT NULL AUTO_INCREMENT,
title varchar(255),
created DATETIME,
description varchar(255),
model varchar(20),
model_id int(11),
action varchar(20),
user_id int(11),
`change` varchar(255),
email varchar(255),
org varchar(255) COLLATE utf8_bin,
PRIMARY KEY (id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ;

20
app/Config/Schema/db_regexp.php
View File

@ -1,20 +0,0 @@
<?php
class DbRegexpSchema extends CakeSchema {
public $name = 'DbRegexp';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $regexp = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'regexp' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'),
'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

49
app/Config/Schema/db_role.php
View File

@ -1,49 +0,0 @@
<?php
class DbRoleSchema extends CakeSchema {
public $name = 'DbRole';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
if (isset($event['create'])) {
switch ($event['create']) {
case 'roles':
// populate roles
//$roles = ClassRegistry::init('Role');
//$roles->create();
//$roles->save(array('Role' => array('name' => 'malware analyst', 'perm_add' => true, 'perm_modify' => true, 'perm_publish' => false, 'perm_full' => false)));
//$roles->create();
//$roles->save(array('Role' => array('name' => 'admin', 'perm_add' => true, 'perm_modify' => true, 'perm_publish' => true, 'perm_full' => true)));
//$roles->create();
//$roles->save(array('Role' => array('name' => 'IDS analyst', 'perm_add' => true, 'perm_modify' => true, 'perm_publish' => true, 'perm_full' => false)));
//$roles->create();
//$roles->save(array('Role' => array('name' => 'guest', 'perm_add' => false, 'perm_modify' => false, 'perm_publish' => false, 'perm_full' => false)));
// populate Users.role_id
//$users = ClassRegistry::init('User');
//$user = $users->read(null, '1');
//$users->saveField('role_id', '2'); // $user['User']['role_id'] = '2';
break;
}
}
}
public $roles = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'modified' => array('type' => 'datetime', 'null' => true, 'default' => null),
'perm_add' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_modify' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_modify_org' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_publish' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_sync' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_admin' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_audit' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_full' => array('type' => 'boolean', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
}

32
app/Config/Schema/db_role.sql
View File

@ -1,32 +0,0 @@
-- ACL, role table
-- works in conjunction with: CakePHP AclComponent
CREATE TABLE roles (
id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100) NOT NULL,
perm_add boolean,
perm_modify boolean,
perm_modify_org boolean,
perm_publish boolean,
perm_full boolean,
created DATETIME,
modified DATETIME
);
-- ALTER TABLE users ADD COLUMN role_id INT(11);
-- data of Roles
-- INSERT INTO roles (name,perm_add,perm_modify,perm_publish,perm_full) VALUES ('malware analyst',true,true,false,false);
-- INSERT INTO roles (name,perm_add,perm_modify,perm_publish,perm_full) VALUES ('admin',true,true,true,true);
-- INSERT INTO roles (name,perm_add,perm_modify,perm_publish,perm_full) VALUES ('IDS analyst',true,true,true,false);
-- INSERT INTO roles (name,perm_add,perm_modify,perm_publish,perm_full) VALUES ('guest',false,false,false,false);
-- CakePHP AclComponent acor & aros tables
-- aros table (should be auto generated on role create)
-- INSERT INTO aros (model,foreign_key,lft,rght) VALUES ('Role',1,1,2);
-- INSERT INTO aros (model,foreign_key,lft,rght) VALUES ('Role',2,3,4);
-- INSERT INTO aros (model,foreign_key,lft,rght) VALUES ('Role',3,5,6);
-- INSERT INTO aros (model,foreign_key,lft,rght) VALUES ('Role',4,7,8);
-- aros_acos

19
app/Config/Schema/db_whitelist.php
View File

@ -1,19 +0,0 @@
<?php
class DbWhitelistSchema extends CakeSchema {
public $name = 'DbWhitelist';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $whitelist = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

183
app/Config/Schema/schema_0.2.3.php → app/Config/Schema/schema.php Executable file → Normal file
View File

@ -1,8 +1,6 @@
<?php
<?php
class AppSchema extends CakeSchema {
public $file = 'schema_0.2.3.php';
public function before($event = array()) {
return true;
}
@ -13,17 +11,20 @@ class AppSchema extends CakeSchema {
public $attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'value2' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'timestamp' => array('type' => 'integer', 'null' => true, 'default' => '0'),
'distribution' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 4),
'comment' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1),
'event_id' => array('column' => 'event_id', 'unique' => 0),
'uuid' => array('column' => 'uuid', 'unique' => 0)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
@ -31,41 +32,33 @@ class AppSchema extends CakeSchema {
'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'expire' => array('type' => 'datetime', 'null' => false, 'default' => null),
'indexes' => array(),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $correlations = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'indexes' => array(
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $events = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'threat_level_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
//'risk' ENUM
'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
//'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'revision' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 11),
'hop_count' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null),
'analysis' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 4),
'orgc' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'timestamp' => array('type' => 'integer', 'null' => false, 'default' => '0'),
'distribution' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 4),
'proposal_email_lock' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'locked' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1),
'uuid' => array('column' => 'uuid', 'unique' => 0),
'info' => array('column' => 'info', 'type' => 'fulltext')
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
@ -81,30 +74,57 @@ class AppSchema extends CakeSchema {
'email' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $regex = array(
public $posts = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'regex' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'date_created' => array('type' => 'datetime', 'null' => false, 'default' => null),
'date_modified' => array('type' => 'datetime', 'null' => false, 'default' => null),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
'contents' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'post_id' => array('type' => 'integer', 'null' => false, 'default' => '0'),
'thread_id' => array('type' => 'integer', 'null' => false, 'default' => '0'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
public $regexp = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'regexp' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'type' => array('type' => 'string', 'null' => false, 'default' => 'ALL', 'length' => 100, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $roles = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'),
'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'created' => array('type' => 'datetime', 'null' => true, 'default' => null),
'modified' => array('type' => 'datetime', 'null' => true, 'default' => null),
'perm_add' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_modify' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_modify_org' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_publish' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_sync' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_admin' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_audit' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_full' => array('type' => 'boolean', 'null' => true, 'default' => null),
'perm_auth' => array('type' => 'boolean', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
'perm_auth' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'perm_regexp_access' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'perm_site_admin' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $servers = array(
@ -117,15 +137,65 @@ class AppSchema extends CakeSchema {
'pull' => array('type' => 'boolean', 'null' => false, 'default' => null),
'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null),
'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $shadow_attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'old_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1),
'event_id' => array('column' => 'event_id', 'unique' => 0),
'uuid' => array('column' => 'uuid', 'unique' => 0),
'old_id' => array('column' => 'old_id', 'unique' => 0)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $threads = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'date_created' => array('type' => 'datetime', 'null' => false, 'default' => null),
'date_modified' => array('type' => 'datetime', 'null' => false, 'default' => null),
'distribution' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 4),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
'post_count' => array('type' => 'integer', 'null' => false, 'default' => null),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null),
'title' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
public $threat_levels = array(
'id' => array('type' => 'boolean', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'string', 'null' => false, 'length' => 50, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'form_description' => array('type' => 'string', 'null' => false, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
public $users = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null),
@ -133,15 +203,24 @@ class AppSchema extends CakeSchema {
'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15),
'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null),
'newsread' => array('type' => 'date', 'null' => false, 'default' => null),
'role_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)),
'role_id' => array('type' => 'integer', 'null' => false, 'default' => null),
'change_pw' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 4),
'contactalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1),
'email' => array('column' => 'email', 'unique' => 0),
'password' => array('column' => 'password', 'unique' => 0)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $whitelists = array(
public $whitelist = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'name' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

77
app/Config/Schema/schema_0.2.1.1.php
View File

@ -1,77 +0,0 @@
<?php
class AppSchema extends CakeSchema {
public $file = 'schema_0.2.1.1.php';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $bruteforces = array(
'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'expire' => array('type' => 'datetime', 'null' => false, 'default' => null),
'indexes' => array(),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $events = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $servers = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'push' => array('type' => 'boolean', 'null' => false, 'default' => null),
'pull' => array('type' => 'boolean', 'null' => false, 'default' => null),
'lastfetchedid' => array('type' => 'integer', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $users = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null),
'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15),
'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null),
'newsread' => array('type' => 'date', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

126
app/Config/Schema/schema_0.2.2.1.php
View File

@ -1,126 +0,0 @@
<?php
class AppSchema extends CakeSchema {
public $file = 'schema_0.2.2.1.php';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
if (isset($event['update'])) {
switch ($event['update']) {
case 'users':
// TDDO Schema,Users.role_id is not here
break;
}
}
}
public $attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $bruteforces = array(
'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'expire' => array('type' => 'datetime', 'null' => false, 'default' => null),
'indexes' => array(),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $correlations = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $events = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
//'risk' ENUM
'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
//'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'revision' => array('type' => 'boolean', 'null' => false, 'default' => null),
'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null),
'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null),
'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 11),
'hop_count' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11),
'analysis' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 4),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $regexp = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'regexp' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $servers = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'organization' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 10, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'push' => array('type' => 'boolean', 'null' => false, 'default' => null),
'pull' => array('type' => 'boolean', 'null' => false, 'default' => null),
'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null),
'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $users = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null),
'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15),
'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null),
'newsread' => array('type' => 'date', 'null' => false, 'default' => null),
'role_id' => array('type' => 'integer', 'null' => true, 'default' => null),
'change_pw' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 1),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $whitelists = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

79
app/Config/Schema/schema_0.2.2.php
View File

@ -1,79 +0,0 @@
<?php
class AppSchema extends CakeSchema {
public $file = 'schema_0.2.2.php';
public function before($event = array()) {
return true;
}
public function after($event = array()) {
}
public $attributes = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'),
'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $bruteforces = array(
'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'expire' => array('type' => 'datetime', 'null' => false, 'default' => null),
'indexes' => array(),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $events = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'date' => array('type' => 'date', 'null' => false, 'default' => null),
//'risk' ENUM
'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'),
'user_id' => array('type' => 'integer', 'null' => false, 'default' => null),
'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'private' => array('type' => 'boolean', 'null' => false, 'default' => null),
'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $servers = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'push' => array('type' => 'boolean', 'null' => false, 'default' => null),
'pull' => array('type' => 'boolean', 'null' => false, 'default' => null),
'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null),
'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
public $users = array(
'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'),
'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null),
'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null),
'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15),
'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null),
'newsread' => array('type' => 'date', 'null' => false, 'default' => null),
'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)),
'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM')
);
}

2
app/Config/routes.php
View File

@ -53,7 +53,7 @@
// Activate REST
Router::mapResources(array('events', 'attributes'));
Router::parseExtensions('xml');
Router::parseExtensions('xml', 'json');
/**
* Load all plugin routes. See the CakePlugin documentation on

43
app/Console/Command/EventShell.php
View File

@ -5,7 +5,7 @@ App::uses('File', 'Utility');
require_once 'AppShell.php';
class EventShell extends AppShell
{
public $uses = array('Event', 'Attribute', 'Job');
public $uses = array('Event', 'Attribute', 'Job', 'User');
public function doPublish() {
$id = $this->args[0];
@ -98,7 +98,11 @@ class EventShell extends AppShell
}
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
$dir = new Folder(APP . DS . '/tmp/cached_exports/xml');
$file = new File($dir->pwd() . DS . 'misp.xml' . '.' . $org . '.xml');
if ($isSiteAdmin) {
$file = new File($dir->pwd() . DS . 'misp.xml' . '.ADMIN.xml');
} else {
$file = new File($dir->pwd() . DS . 'misp.xml' . '.' . $org . '.xml');
}
$file->write($xmlObject->asXML());
$file->close();
$this->Job->saveField('progress', '100');
@ -114,7 +118,11 @@ class EventShell extends AppShell
$rules = $this->Attribute->hids($isSiteAdmin, $org, $extra);
$this->Job->saveField('progress', 80);
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $extra);
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.' . $org . '.txt');
if ($isSiteAdmin) {
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.ADMIN.txt');
} else {
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.' . $org . '.txt');
}
$file->write('');
foreach ($rules as $rule) {
$file->append($rule . PHP_EOL);
@ -144,7 +152,11 @@ class EventShell extends AppShell
$final[] = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'];
}
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $extra);
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.' . $org . '.csv');
if ($isSiteAdmin) {
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.ADMIN.csv');
} else {
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.' . $org . '.csv');
}
$file->write('');
foreach ($final as $line) {
$file->append($line . PHP_EOL);
@ -164,7 +176,11 @@ class EventShell extends AppShell
$dir = new Folder(APP . DS . '/tmp/cached_exports/text');
foreach ($types as $k => $type) {
$final = $this->Attribute->text($org, $isSiteAdmin, $type);
$file = new File($dir->pwd() . DS . 'misp.text_' . $type . '.' . $org . '.txt');
if ($isSiteAdmin) {
$file = new File($dir->pwd() . DS . 'misp.text_' . $type . '.ADMIN.txt');
} else {
$file = new File($dir->pwd() . DS . 'misp.text_' . $type . '.' . $org . '.txt');
}
$file->write('');
foreach ($final as $attribute) {
$file->append($attribute['Attribute']['value'] . PHP_EOL);
@ -185,7 +201,11 @@ class EventShell extends AppShell
$eventIds = $this->Event->fetchEventIds($org, $isSiteAdmin);
$eventCount = count($eventIds);
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $format);
$file = new File($dir->pwd() . DS . 'misp.' . $format . '.' . $org . '.rules');
if ($isSiteAdmin) {
$file = new File($dir->pwd() . DS . 'misp.' . $format . '.ADMIN.rules');
} else {
$file = new File($dir->pwd() . DS . 'misp.' . $format . '.' . $org . '.rules');
}
$file->write('');
foreach ($eventIds as $k => $eventId) {
if ($k == 0) {
@ -203,5 +223,16 @@ class EventShell extends AppShell
$file->close();
$this->Job->saveField('progress', '100');
}
public function alertemail() {
$org = $this->args[0];
$isSiteAdmin = $this->args[1];
$ProcessId = $this->args[2];
$this->Job->id = $ProcessId;
$eventId = $this->args[3];
$result = $this->Event->sendAlertEmail($eventId, $org, $isSiteAdmin, $ProcessId);
$this->Job->saveField('progress', '100');
if ($result != true) $this->Job->saveField('message', 'Job done.');
}
}

18
app/Controller/AppController.php
View File

@ -70,7 +70,7 @@ class AppController extends Controller {
public function beforeFilter() {
// REST authentication
if ($this->_isRest()) {
if ($this->_isRest() || $this->isJson()) {
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
$this->Security->csrfCheck = false;
@ -142,6 +142,10 @@ class AppController extends Controller {
public $userRole = null;
public function isJson(){
return $this->request->header('Accept') === 'application/json';
}
//public function blackhole($type) {
// // handle errors.
// throw new Exception(__d('cake_dev', 'The request has been black-holed'));
@ -149,7 +153,7 @@ class AppController extends Controller {
//}
protected function _isRest() {
return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
return (isset($this->RequestHandler) && ($this->RequestHandler->isXml() || $this->isJson()));
}
/**
@ -209,9 +213,9 @@ class AppController extends Controller {
$this->loadModel('Correlation');
$this->Correlation->deleteAll(array('id !=' => ''), false);
$this->loadModel('Attribute');
$fields = array('Attribute.id', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.cluster', 'Event.date', 'Event.org');
$fields = array('Attribute.id', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.type', 'Attribute.category', 'Attribute.value1', 'Attribute.value2');
// get all attributes..
$attributes = $this->Attribute->find('all', array('recursive' => -1));
$attributes = $this->Attribute->find('all', array('recursive' => -1, 'fields' => $fields));
// for all attributes..
foreach ($attributes as $attribute) {
$this->Attribute->__afterSaveCorrelation($attribute['Attribute']);
@ -246,7 +250,7 @@ class AppController extends Controller {
foreach ($orgs as $k => $org) {
$orgs[$k]['User']['count'] = $this->User->find('count', array(
'conditions' => array(
'org =' => $orgs[$k]['User']['org'],
'org =' => $orgs[$k]['User']['org'],
)));
if ($orgs[$k]['User']['count'] > 1) {
$localOrgs[] = $orgs[$k]['User']['org'];
@ -255,7 +259,7 @@ class AppController extends Controller {
// If we only have a single user for an org, check if that user is a sync user. If not, then it is a valid local org and the events created by him/her should be unlocked.
$this->User->recursive = 1;
$user = ($this->User->find('first', array(
'fields' => array('id', 'role_id'),
'fields' => array('id', 'role_id'),
'conditions' => array('org' => $org['User']['org']),
'contain' => array('Role' => array(
'fields' => array('id', 'perm_sync'),
@ -274,7 +278,7 @@ class AppController extends Controller {
'conditions' => $conditions
));
$this->Event->updateAll(
array('Event.locked' => 1),
array('Event.locked' => 1),
$conditions
);
$this->Session->setFlash('Events updated, '. $toBeUpdated . ' record(s) altered.');

62
app/Controller/AttributesController.php
View File

@ -21,7 +21,7 @@ class AttributesController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('restSearch');
$this->Auth->allow('returnAttributes');
$this->Auth->allow('downloadAttachment');
@ -251,10 +251,10 @@ class AttributesController extends AppController {
throw new NotFoundException(__('Invalid attribute'));
}
$this->Attribute->read();
if (!$this->_isSiteAdmin() &&
$this->Auth->user('org') !=
$this->Attribute->data['Event']['org'] &&
($this->Attribute->data['Event']['distribution'] == 0 ||
if (!$this->_isSiteAdmin() &&
$this->Auth->user('org') !=
$this->Attribute->data['Event']['org'] &&
($this->Attribute->data['Event']['distribution'] == 0 ||
$this->Attribute->data['Attribute']['distribution'] == 0
)) {
throw new UnauthorizedException('You do not have the permission to view this event.');
@ -532,7 +532,7 @@ class AttributesController extends AppController {
$attribute['distribution'] = $this->Event->data['Event']['distribution'];
} else {
$attribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
}
}
}
switch($entry['Type']) {
case 'Address':
@ -644,9 +644,9 @@ class AttributesController extends AppController {
$uuid = $this->Attribute->data['Attribute']['uuid'];
}
if (!$this->_isSiteAdmin()) {
//
//
if ($this->Attribute->data['Event']['orgc'] == $this->Auth->user('org')
&& (($this->userRole['perm_modify'] && $this->Attribute->data['Event']['user_id'] != $this->Auth->user('id'))
&& (($this->userRole['perm_modify'] && $this->Attribute->data['Event']['user_id'] != $this->Auth->user('id'))
|| $this->userRole['perm_modify_org'])) {
// Allow the edit
} else {
@ -785,10 +785,10 @@ class AttributesController extends AppController {
} else {
if ($this->_checkOrg() != $this->Attribute->data['Event']['orgc']) {
throw new MethodNotAllowedException();
}
}
}
}
// attachment will be deleted with the beforeDelete() function in the Model
if ($this->Attribute->delete()) {
// delete the attribute from remote servers
@ -796,7 +796,7 @@ class AttributesController extends AppController {
// find the uuid
$this->__deleteAttributeFromServers($uuid);
}
// We have just deleted the attribute, let's also check if there are any shadow attributes that were attached to it and delete them
$this->loadModel('ShadowAttribute');
$this->ShadowAttribute->deleteAll(array('ShadowAttribute.old_id' => $id), false);
@ -1074,7 +1074,7 @@ class AttributesController extends AppController {
$this->set('fails', $this->Attribute->checkComposites());
}
// Use the rest interface to search for attributes. Usage:
// MISP-base-url/attributes/restSearch/[api-key]/[value]/[type]/[category]/[orgc]
// value, type, category, orgc are optional
@ -1095,7 +1095,7 @@ class AttributesController extends AppController {
// add the values as specified in the 2nd parameter to the conditions
$values = explode('&&', $value);
$parameters = array('value', 'type', 'category', 'org');
foreach ($parameters as $k => $param) {
if (isset(${$parameters[$k]})) {
$elements = explode('&&', ${$parameters[$k]});
@ -1110,9 +1110,9 @@ class AttributesController extends AppController {
$subcondition = array();
}
}
// If we are looking for an attribute, we want to retrieve some extra data about the event to be able to check for the permissions.
if (!$user['User']['siteAdmin']) {
$temp = array();
$temp['AND'] = array('Event.distribution >' => 0, 'Attribute.distribution >' => 0);
@ -1120,23 +1120,23 @@ class AttributesController extends AppController {
$subcondition['OR'][] = array('Event.org' => $user['User']['org']);
array_push($conditions['AND'], $subcondition);
}
// change the fields here for the attribute export!!!! Don't forget to check for the permissions, since you are not going through fetchevent. Maybe create fetchattribute?
$params = array(
'conditions' => $conditions,
'fields' => array('Attribute.*', 'Event.org', 'Event.distribution'),
'contain' => 'Event'
);
$results = $this->Attribute->find('all', $params);
$this->loadModel('Whitelist');
$results = $this->Whitelist->removeWhitelistedFromArray($results, false);
if (empty($results)) throw new NotFoundException('No matches.');
$this->set('results', $results);
}
// returns an XML with attributes that belong to an event. The type of attributes to be returned can be restricted by type using the 3rd parameter.
// returns an XML with attributes that belong to an event. The type of attributes to be returned can be restricted by type using the 3rd parameter.
// Similar to the restSearch, this parameter can be chained with '&&' and negations are accepted too. For example filename&&!filename|md5 would return all filenames that don't have an md5
// The usage of returnAttributes is the following: [MISP-url]/attributes/returnAttributes/<API-key>/<type>/<signature flag>
// The signature flag is off by default, enabling it will only return attribugtes that have the to_ids flag set to true.
@ -1153,11 +1153,11 @@ class AttributesController extends AppController {
if ($user['User']['siteAdmin'] || $this->Event->data['Event']['org'] == $user['User']['org']) {
$myEventOrAdmin = true;
}
if (!$myEventOrAdmin) {
if ($this->Event->data['Event']['distribution'] == 0) {
throw new UnauthorizedException('You don\'t have access to that event.');
}
}
}
$this->response->type('xml'); // set the content type
$this->layout = 'xml/default';
@ -1178,7 +1178,7 @@ class AttributesController extends AppController {
}
}
}
// check each attribute
foreach($this->Event->data['Attribute'] as $k => $attribute) {
$contained = false;
@ -1199,8 +1199,8 @@ class AttributesController extends AppController {
foreach ($exclude as $exc) {
if (strpos($attribute['type'], $exc) !== false) {
$contained = false;
continue 2;
}
continue 2;
}
}
}
// If we still didn't throw the attribute away, let's check if the user requesting the attributes is of the owning organisation of the event
@ -1208,19 +1208,19 @@ class AttributesController extends AppController {
if ($contained && !$myEventOrAdmin && $attribute['distribution'] == 0) {
$contained = false;
}
// If we have set the sigOnly parameter and the attribute has to_ids set to false, discard it!
if ($contained && $sigOnly === 'true' && !$attribute['to_ids']) {
$contained = false;
}
// If after all of this $contained is still true, let's add the attribute to the array
if ($contained) $attributes[] = $attribute;
}
if (empty($attributes)) throw new NotFoundException('No matches.');
$this->set('results', $attributes);
}
public function downloadAttachment($key, $id) {
$user = $this->checkAuthUser($key);
// if the user is authorised to use the api key then user will be populated with the user's account
@ -1233,9 +1233,9 @@ class AttributesController extends AppController {
throw new NotFoundException('Invalid attribute or no authorisation to view it.');
}
$this->Attribute->read(null, $id);
if (!$user['User']['siteAdmin'] &&
$user['User']['org'] != $this->Attribute->data['Event']['org'] &&
($this->Attribute->data['Event']['distribution'] == 0 ||
if (!$user['User']['siteAdmin'] &&
$user['User']['org'] != $this->Attribute->data['Event']['org'] &&
($this->Attribute->data['Event']['distribution'] == 0 ||
$this->Attribute->data['Attribute']['distribution'] == 0
)) {
throw new NotFoundException('Invalid attribute or no authorisation to view it.');

345
app/Controller/EventsController.php
View File

@ -146,6 +146,11 @@ class EventsController extends AppController {
}
}
}
$this->paginate = array('contain' => array(
'ThreatLevel' => array(
'fields' => array(
'ThreatLevel.name'))
));
$this->set('events', $this->paginate());
if (!$this->Auth->user('gpgkey')) {
$this->Session->setFlash(__('No GPG key set in your profile. To receive emails, submit your public key in your profile.'));
@ -459,11 +464,9 @@ class EventsController extends AppController {
$this->set('distributionLevels', $this->Event->distributionLevels);
// combobox for risks
$risks = $this->Event->validate['risk']['rule'][1];
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',$risks);
// tooltip for risk
$this->set('riskDescriptions', $this->Event->riskDescriptions);
$threat_levels = $this->Event->ThreatLevel->find('all');
$this->set('threatLevels', Set::combine($threat_levels, '{n}.ThreatLevel.id', '{n}.ThreatLevel.name'));
$this->set('riskDescriptions', Set::combine($threat_levels, '{n}.ThreatLevel.id', '{n}.ThreatLevel.form_description'));
// combobox for analysis
$analysiss = $this->Event->validate['analysis']['rule'][1];
@ -528,7 +531,7 @@ class EventsController extends AppController {
$this->Session->setFlash(__('You may only upload OpenIOC ioc files.'));
}
if (isset($this->data['Event']['submittedxml'])) $this->_addXMLFile();
// redirect to the view of the newly created event
if (!CakeSession::read('Message.flash')) {
$this->Session->setFlash(__('The event has been saved'));
@ -539,8 +542,8 @@ class EventsController extends AppController {
}
}
}
/**
* Low level function to add an Event based on an Event $data array
*
@ -587,10 +590,12 @@ class EventsController extends AppController {
}
// FIXME chri: validatebut the necessity for all these fields...impact on security !
$fieldList = array(
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'timestamp', 'distribution', 'locked'),
'Event' => array('org', 'orgc', 'date', 'threat_level_id', 'analysis', 'info', 'user_id', 'published', 'uuid', 'timestamp', 'distribution', 'locked'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'timestamp', 'distribution')
);
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList,
'atomic' => true));
// FIXME chri: check if output of $saveResult is what we expect when data not valid, see issue #104
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
@ -619,7 +624,7 @@ class EventsController extends AppController {
return 'Event originated on this instance, any changes to it have to be done locally.';
}
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'from', 'distribution', 'timestamp'),
'Event' => array('date', 'threat_level_id', 'analysis', 'info', 'published', 'uuid', 'from', 'distribution', 'timestamp'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'distribution', 'timestamp')
);
$data['Event']['id'] = $this->Event->data['Event']['id'];
@ -710,7 +715,7 @@ class EventsController extends AppController {
}
}
$fieldList = array(
'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'from', 'distribution', 'timestamp'),
'Event' => array('date', 'threat_level_id', 'analysis', 'info', 'published', 'uuid', 'from', 'distribution', 'timestamp'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'distribution', 'timestamp')
);
@ -763,7 +768,7 @@ class EventsController extends AppController {
}
}
// say what fields are to be updated
$fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'distribution', 'timestamp');
$fieldList = array('date', 'threat_level_id', 'analysis', 'info', 'published', 'distribution', 'timestamp');
$this->Event->read();
// always force the org, but do not force it for admins
@ -796,12 +801,9 @@ class EventsController extends AppController {
$this->set('distributionLevels', $this->Event->distributionLevels);
// combobox for types
$risks = $this->Event->validate['risk']['rule'][1];
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',$risks);
// tooltip for risk
$this->set('riskDescriptions', $this->Event->riskDescriptions);
$threat_levels = $this->Event->ThreatLevel->find('all');
$this->set('threatLevels', Set::combine($threat_levels, '{n}.ThreatLevel.id', '{n}.ThreatLevel.name'));
$this->set('riskDescriptions', Set::combine($threat_levels, '{n}.ThreatLevel.id', '{n}.ThreatLevel.form_description'));
// combobox for analysis
$analysiss = $this->Event->validate['analysis']['rule'][1];
@ -813,7 +815,7 @@ class EventsController extends AppController {
$this->set('analysisLevels', $this->Event->analysisLevels);
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
$this->set('event', $this->Event->data);
}
@ -957,14 +959,6 @@ class EventsController extends AppController {
}
return $uploaded;
}
public function test($id) {
CakeResque::enqueue(
'default',
'EventShell',
array('doPublish', $id)
);
}
/**
* Publishes the event without sending an alert email
@ -1047,144 +1041,7 @@ class EventsController extends AppController {
}
private function __sendAlertEmail($id) {
$this->Event->recursive = 1;
$event = $this->Event->read(null, $id);
// The mail body, h() is NOT needed as we are sending plain-text mails.
$body = "";
$body .= '----------------------------------------------' . "\n";
$appendlen = 20;
$body .= 'URL : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $event['Event']['id'] . "\n";
$body .= 'Event : ' . $event['Event']['id'] . "\n";
$body .= 'Date : ' . $event['Event']['date'] . "\n";
if ('true' == Configure::read('CyDefSIG.showorg')) {
$body .= 'Reported by : ' . $event['Event']['org'] . "\n";
}
$body .= 'Risk : ' . $event['Event']['risk'] . "\n";
$body .= 'Analysis : ' . $this->Event->analysisLevels[$event['Event']['analysis']] . "\n";
$body .= 'Info : ' . "\n";
$body .= $event['Event']['info'] . "\n";
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user(), $this->_isSiteAdmin());
if (!empty($relatedEvents)) {
$body .= '----------------------------------------------' . "\n";
$body .= 'Related to : '. "\n";
foreach ($relatedEvents as &$relatedEvent) {
$body .= Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ') ' ."\n";
}
$body .= '----------------------------------------------' . "\n";
}
$body .= 'Attributes :' . "\n";
$bodyTempOther = "";
if (isset($event['Attribute'])) {
foreach ($event['Attribute'] as &$attribute) {
$line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n";
if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom.
$bodyTempOther .= $line;
else $body .= $line;
}
}
if (!empty($bodyTempOther)) {
$body .= "\n";
}
$body .= $bodyTempOther; // append the 'other' attribute types to the bottom.
$body .= '----------------------------------------------' . "\n";
// find out whether the event is private, to limit the alerted user's list to the org only
if ($event['Event']['distribution'] == 0) {
$eventIsPrivate = true;
} else {
$eventIsPrivate = false;
}
// sign the body
require_once 'Crypt/GPG.php';
try {
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); // , 'debug' => true
$gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password'));
$bodySigned = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR);
$this->loadModel('User');
//
// Build a list of the recipients that get a non-encrypted mail
// But only do this if it is allowed in the bootstrap.php file.
//
if ($eventIsPrivate) {
$conditions = array('User.autoalert' => 1, 'User.gpgkey =' => "", 'User.org =' => $event['Event']['org']);
} else {
$conditions = array('User.autoalert' => 1, 'User.gpgkey =' => "");
}
if ('false' == Configure::read('GnuPG.onlyencrypted')) {
$alertUsers = $this->User->find('all', array(
'conditions' => $conditions,
'recursive' => 0,
));
foreach ($alertUsers as &$user) {
// prepare the the unencrypted email
$this->Email->from = Configure::read('CyDefSIG.email');
$this->Email->to = $user['User']['email'];
$this->Email->subject = "[" . Configure::read('CyDefSIG.org') . " " . Configure::read('CyDefSIG.name') . "] Event " . $id . " - " . $event['Event']['risk'] . " - TLP Amber";
$this->Email->template = 'body';
$this->Email->sendAs = 'text'; // both text or html
$this->set('body', $bodySigned);
// send it
$this->Email->send();
// If you wish to send multiple emails using a loop, you'll need
// to reset the email fields using the reset method of the Email component.
$this->Email->reset();
}
}
//
// Build a list of the recipients that wish to receive encrypted mails.
//
if ($eventIsPrivate) {
$conditions = array('User.autoalert' => 1, 'User.gpgkey !=' => "", 'User.org =' => $event['Event']['org']);
} else {
$conditions = array('User.autoalert' => 1, 'User.gpgkey !=' => "");
}
$alertUsers = $this->User->find('all', array(
'conditions' => $conditions,
'recursive' => 0,
)
);
// encrypt the mail for each user and send it separately
foreach ($alertUsers as &$user) {
// send the email
$this->Email->from = Configure::read('CyDefSIG.email');
$this->Email->to = $user['User']['email'];
$this->Email->subject = "[" . Configure::read('CyDefSIG.org') . " " . Configure::read('CyDefSIG.name') . "] Event " . $id . " - " . $event['Event']['risk'] . " - TLP Amber";
$this->Email->template = 'body';
$this->Email->sendAs = 'text'; // both text or html
// import the key of the user into the keyring
// this is not really necessary, but it enables us to find
// the correct key-id even if it is not the same as the emailaddress
$keyImportOutput = $gpg->importKey($user['User']['gpgkey']);
// say what key should be used to encrypt
try {
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
$gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import
$bodyEncSig = $gpg->encrypt($bodySigned, true);
$this->set('body', $bodyEncSig);
$this->Email->send();
} catch (Exception $e){
// catch errors like expired PGP keys
$this->log($e->getMessage());
// no need to return here, as we want to send out mails to the other users if GPG encryption fails for a single user
}
// If you wish to send multiple emails using a loop, you'll need
// to reset the email fields using the reset method of the Email component.
$this->Email->reset();
}
} catch (Exception $e){
// catch errors like expired PGP keys
$this->log($e->getMessage());
return $e->getMessage();
}
// LATER check if sending email succeeded and return appropriate result
return true;
return ($this->Event->sendAlertEmail($id, $this->Auth->user('org'), $this->_isSiteAdmin()));
}
/**
@ -1277,7 +1134,7 @@ class EventsController extends AppController {
if ('true' == Configure::read('CyDefSIG.showorg')) {
$body .= 'Reported by : ' . $event['Event']['org'] . "\n";
}
$body .= 'Risk : ' . $event['Event']['risk'] . "\n";
$body .= 'Risk : ' . $event['ThreatLevel']['name'] . "\n";
$body .= 'Analysis : ' . $event['Event']['analysis'] . "\n";
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user(), $this->_isSiteAdmin());
if (!empty($relatedEvents)) {
@ -1384,70 +1241,77 @@ class EventsController extends AppController {
}
public function export() {
//$currentTime = time();
$now = time();
// as a site admin we'll use the ADMIN identifier, not to overwrite the cached files of our own org with a file that includes too much data.
if ($this->_isSiteAdmin()) {
$useOrg = 'ADMIN';
$conditions = null;
} else {
$useOrg = $this->Auth->User('org');
$conditions = array('orgc' => $this->Auth-user('org'));
}
$this->Event->recursive = -1;
$newestEvent = $this->Event->find('first', array(
'conditions' => $conditions,
'fields' => 'timestamp',
'order' => 'Event.timestamp DESC',
));
$this->loadModel('Job');
foreach ($this->Event->export_types as $k => $type) {
$job = $this->Job->find('first', array(
'fields' => array('id', 'progress'),
'conditions' => array(
'job_type' => 'cache_' . $k,
'org' => $useOrg
),
'order' => array('Job.id' => 'desc')
));
$dir = new Folder(APP . 'tmp/cached_exports/' . $k);
if ($k === 'text') {
// Since all of the text export files are generated together, we might as well just check for a single one md5.
$file = new File($dir->pwd() . DS . 'misp.text_md5.' . $useOrg . $type['extension']);
} else {
$file = new File($dir->pwd() . DS . 'misp.' . $k . '.' . $useOrg . $type['extension']);
}
if (!$file->exists()) {
$lastModified = 'N/A';
$this->Event->export_types[$k]['recommendation'] = 1;
} else {
$fileChange = $file->lastChange();
$lastModified = $this->__timeDifference($now, $fileChange);
if ($fileChange > $newestEvent['Event']['timestamp']) {
$this->Event->export_types[$k]['recommendation'] = 0;
} else {
$this->Event->export_types[$k]['recommendation'] = 1;
}
}
// Check if the background jobs are enabled - if not, fall back to old export page.
if (Configure::read('MISP.background_jobs')) {
$now = time();
$this->Event->export_types[$k]['lastModified'] = $lastModified;
if (!empty($job)) {
$this->Event->export_types[$k]['job_id'] = $job['Job']['id'];
$this->Event->export_types[$k]['progress'] = $job['Job']['progress'];
// as a site admin we'll use the ADMIN identifier, not to overwrite the cached files of our own org with a file that includes too much data.
if ($this->_isSiteAdmin()) {
$useOrg = 'ADMIN';
$conditions = null;
} else {
$this->Event->export_types[$k]['job_id'] = -1;
$this->Event->export_types[$k]['progress'] = 0;
$useOrg = $this->Auth->User('org');
$conditions = array('orgc' => $this->Auth-user('org'));
}
//$this->Event->export_types[$k]['recommendation']
$this->Event->recursive = -1;
$newestEvent = $this->Event->find('first', array(
'conditions' => $conditions,
'fields' => 'timestamp',
'order' => 'Event.timestamp DESC',
));
$this->loadModel('Job');
foreach ($this->Event->export_types as $k => $type) {
$job = $this->Job->find('first', array(
'fields' => array('id', 'progress'),
'conditions' => array(
'job_type' => 'cache_' . $k,
'org' => $useOrg
),
'order' => array('Job.id' => 'desc')
));
$dir = new Folder(APP . 'tmp/cached_exports/' . $k);
if ($k === 'text') {
// Since all of the text export files are generated together, we might as well just check for a single one md5.
$file = new File($dir->pwd() . DS . 'misp.text_md5.' . $useOrg . $type['extension']);
} else {
$file = new File($dir->pwd() . DS . 'misp.' . $k . '.' . $useOrg . $type['extension']);
}
if (!$file->exists()) {
$lastModified = 'N/A';
$this->Event->export_types[$k]['recommendation'] = 1;
} else {
$fileChange = $file->lastChange();
$lastModified = $this->__timeDifference($now, $fileChange);
if ($fileChange > $newestEvent['Event']['timestamp']) {
$this->Event->export_types[$k]['recommendation'] = 0;
} else {
$this->Event->export_types[$k]['recommendation'] = 1;
}
}
$this->Event->export_types[$k]['lastModified'] = $lastModified;
if (!empty($job)) {
$this->Event->export_types[$k]['job_id'] = $job['Job']['id'];
$this->Event->export_types[$k]['progress'] = $job['Job']['progress'];
} else {
$this->Event->export_types[$k]['job_id'] = -1;
$this->Event->export_types[$k]['progress'] = 0;
}
//$this->Event->export_types[$k]['recommendation']
}
$this->set('useOrg', $useOrg);
$this->set('export_types', $this->Event->export_types);
// generate the list of Attribute types
$this->loadModel('Attribute');
//$lastModified = strftime("%d, %m, %Y, %T", $lastModified);
$this->set('sigTypes', array_keys($this->Attribute->typeDefinitions));
} else {
// generate the list of Attribute types
$this->loadModel('Attribute');
//$lastModified = strftime("%d, %m, %Y, %T", $lastModified);
$this->set('sigTypes', array_keys($this->Attribute->typeDefinitions));
$this->render('/Events/export_alternate');
}
// generate the list of Attribute types
$this->loadModel('Attribute');
//$lastModified = strftime("%d, %m, %Y, %T", $lastModified);
$this->set('useOrg', $useOrg);
$this->set('export_types', $this->Event->export_types);
$this->set('sigTypes', array_keys($this->Attribute->typeDefinitions));
}
@ -1528,9 +1392,7 @@ class EventsController extends AppController {
}
if (!empty($orgFromFetch)) $org = $orgFromFetch;
else $org = $this->_checkOrg();
$results = $this->Event->fetchEvent($eventid, $idList, $org, $isSiteAdmin);
return $results;
}
@ -1830,17 +1692,17 @@ class EventsController extends AppController {
$this->data['Event']['submittedxml']['size']);
App::uses('Xml', 'Utility');
$xmlArray = Xml::toArray(Xml::build($xmlData));
// In case we receive an event that is not encapsulated in a response. This should never happen (unless it's a copy+paste fail),
// In case we receive an event that is not encapsulated in a response. This should never happen (unless it's a copy+paste fail),
// but just in case, let's clean it up anyway.
if (isset($xmlArray['Event'])) {
$xmlArray['response']['Event'] = $xmlArray['Event'];
unset($xmlArray['Event']);
}
if (!isset($xmlArray['response']) || !isset($xmlArray['response']['Event'])) {
throw new Exception('This is not a valid MISP XML file.');
}
}
if (isset($xmlArray['response']['Event'][0])) {
foreach ($xmlArray['response']['Event'] as $event) {
$temp['Event'] = $event;
@ -1852,7 +1714,7 @@ class EventsController extends AppController {
}
}
}
public function _readGfiXML($data, $id) {
$this->loadModel('Attribute');
@ -2142,15 +2004,15 @@ class EventsController extends AppController {
$final = $this->IOCExport->buildAll($event, $isMyEvent, $isSiteAdmin);
$this->set('final', $final);
}
public function create_dummy_event() {
if (!$this->_isSiteAdmin()) throw new MethodNotAllowedException('You don\'t have the privileges to access this.');
$date = new DateTime();
$data['Event']['info'] = 'Test event showing every category-type combination';
$data['Event']['date'] = '2013-10-09';
$data['Event']['risk'] = 'Undefined';
$data['Event']['threat_level_id'] = 4; //'Undefined'
$data['Event']['analysis'] = '0';
$data['Event']['distribution'] = '0';
$data['Event']['distribution'] = '0';
$defaultValues = array(
'md5' => '098f6bcd4621d373cade4e832627b4f6',
@ -2197,15 +2059,10 @@ class EventsController extends AppController {
'type' => $type,
'value' => $defaultValues[$type],
'to_ids' => '0',
'distribution' => '0',
'distribution' => '0',
);
}
}
$this->_add($data, false);
}
public function tester() {
$this->loadModel('Attribute');
debug ($this->Attribute->text('NCIRC', true, 'ip-dst'));
$this->_add($data, false);
}
}

49
app/Controller/JobsController.php
View File

@ -27,10 +27,6 @@ class JobsController extends AppController {
$this->set('list', $this->paginate());
}
public function retry($id) {
}
public function getGenerateCorrelationProgress($id) {
//if (!self::_isSiteAdmin()) throw new NotFoundException();
$progress = $this->Job->findById($id);
@ -49,7 +45,7 @@ class JobsController extends AppController {
'conditions' => array(
'job_type' => $type,
'org' => $org
),
),
'fields' => array('id', 'progress'),
'order' => array('Job.id' => 'desc'),
));
@ -65,7 +61,7 @@ class JobsController extends AppController {
if ($this->_isSiteAdmin()) {
$target = 'All events.';
$jobOrg = 'ADMIN';
} else {
} else {
$target = 'Events visible to: '.$this->Auth->user('org');
$jobOrg = $this->Auth->user('org');
}
@ -74,13 +70,13 @@ class JobsController extends AppController {
$shell = 'Event';
$this->Job->create();
$data = array(
'worker' => 'default',
'job_type' => 'cache_' . $type,
'job_input' => $target,
'status' => 0,
'retries' => 0,
'org' => $jobOrg,
'message' => 'Fetching events.',
'worker' => 'default',
'job_type' => 'cache_' . $type,
'job_input' => $target,
'status' => 0,
'retries' => 0,
'org' => $jobOrg,
'message' => 'Fetching events.',
);
if ($type === 'md5' || $type === 'sha1') {
$extra = $type;
@ -93,16 +89,35 @@ class JobsController extends AppController {
if ($type === 'suricata' || $type === 'snort') {
$extra = $type;
$type = 'nids';
$extra2 = $this->Auth->user('nids_sid');
$extra2 = $this->Auth->user('sid');
}
$this->Job->save($data);
$id = $this->Job->id;
CakeResque::enqueue(
'default',
$shell . 'Shell',
array('cache' . $type, $this->Auth->user('org'), $this->_isSiteAdmin(), $id, $extra, $extra2)
'default',
$shell . 'Shell',
array('cache' . $type, $this->Auth->user('org'), $this->_isSiteAdmin(), $id, $extra, $extra2)
);
return new CakeResponse(array('body' => json_encode($id)));
}
public function sendAlertEmail($id) {
$this->Job->create();
$data = array(
'worker' => 'default',
'job_type' => 'contact_alert',
'job_input' => 'Event: ' . $id,
'status' => 0,
'retries' => 0,
'org' => $this->Auth->user('org'),
'message' => 'Fetching events.',
);
$this->Job->save($data);
$jobId = $this->Job->id;
$result = CakeResque::enqueue(
'default',
'EventShell',
array('alertemail', $this->Auth->user('org'), $this->_isSiteAdmin(), $jobId, $id)
);
}
}

6
app/Lib/Export/NidsExport.php
View File

@ -35,7 +35,7 @@ class NidsExport {
}
// generate the rules
foreach ($items as &$item) {
switch ($item['Event']['risk']) {
/*switch ($item['Event']['risk']) {
case 'Undefined':
$priority = '4';
break;
@ -50,12 +50,12 @@ class NidsExport {
break;
default:
$priority = '4';
}
}*/
# proto src_ip src_port direction dst_ip dst_port msg rule_content tag sid rev
$ruleFormatMsg = 'msg: "' . Configure::read('CyDefSIG.name') . ' e' . $item['Event']['id'] . ' %s"';
$ruleFormatReference = 'reference:url,' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $item['Event']['id'];
$ruleFormat = '%salert %s %s %s %s %s %s (' . $ruleFormatMsg . '; %s %s classtype:' . $this->classtype . '; sid:%d; rev:%d; priority:' . $priority . '; ' . $ruleFormatReference . ';) ';
$ruleFormat = '%salert %s %s %s %s %s %s (' . $ruleFormatMsg . '; %s %s classtype:' . $this->classtype . '; sid:%d; rev:%d; priority:' . $item['Event']['threat_level_id'] . '; ' . $ruleFormatReference . ';) ';
$sid = $startSid + ($item['Attribute']['id'] * 10); // leave 9 possible rules per attribute type
$attribute = &$item['Attribute'];

8
app/Model/Attribute.php
View File

@ -819,6 +819,7 @@ class Attribute extends AppModel {
if ($fromGFI) $this->data['Attribute']['comment'] = 'GFI import';
}
//???
if ($this->save($this->data)) {
// attribute saved correctly in the db
} else {
@ -828,6 +829,7 @@ class Attribute extends AppModel {
// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
// no sanitization is required on the filename, path or type as we save
// create directory structure
// ???
if (PHP_OS == 'WINNT') {
$rootDir = APP . "files" . DS . $eventId;
} else {
@ -878,11 +880,11 @@ class Attribute extends AppModel {
$this->Correlation = ClassRegistry::init('Correlation');
// When we add/update an attribute we need to
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
// now build a correlation array of things that will need to be added in the db
// we do this twice, once for value1 and once for value2
$correlations = array(); // init variable
@ -898,7 +900,7 @@ class Attribute extends AppModel {
),
'AND' => array(
'Attribute.type !=' => 'vulnerability',
'Attribute.type !=' => 'comment',
'Attribute.type !=' => 'comment',
)),
'recursive' => 0,
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here

186
app/Model/Event.php
View File

@ -1,6 +1,6 @@
<?php
App::uses('AppModel', 'Model');
App::uses('CakeEmail', 'Network/Email');
App::import('Controller', 'Attributes');
/**
* Event Model
@ -34,7 +34,7 @@ class Event extends AppModel {
* @var array
*/
public $fieldDescriptions = array(
'risk' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels: low: mass-malware medium: APT malware high: sophisticated APT malware or 0-day attack'),
'threat_level_id' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels: low: mass-malware medium: APT malware high: sophisticated APT malware or 0-day attack'),
'classification' => array('desc' => 'Set the Traffic Light Protocol classification. <ol><li><em>TLP:AMBER</em>- Share only within the organization on a need-to-know basis</li><li><em>TLP:GREEN:NeedToKnow</em>- Share within your constituency on the need-to-know basis.</li><li><em>TLP:GREEN</em>- Share within your constituency.</li></ol>'),
'submittedgfi' => array('desc' => 'GFI sandbox: export upload', 'formdesc' => 'GFI sandbox: export upload'),
'submittedioc' => array('desc' => '', 'formdesc' => ''),
@ -42,12 +42,12 @@ class Event extends AppModel {
'distribution' => array('desc' => 'Describes who will have access to the event.')
);
public $riskDescriptions = array(
/*public $riskDescriptions = array(
'Undefined' => array('desc' => '*undefined* no risk', 'formdesc' => 'No risk'),
'Low' => array('desc' => '*low* means mass-malware', 'formdesc' => 'Mass-malware'),
'Medium' => array('desc' => '*medium* means APT malware', 'formdesc' => 'APT malware'),
'High' => array('desc' => '*high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Sophisticated APT malware or 0-day attack')
);
);*/
public $analysisDescriptions = array(
0 => array('desc' => '*Initial* means the event has just been created', 'formdesc' => 'Creation started'),
@ -149,14 +149,14 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'risk' => array(
'rule' => array('inList', array('Undefined', 'Low','Medium','High')),
'message' => 'Options : Undefined, Low, Medium, High',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
'threat_level_id' => array(
'notempty' => array(
'rule' => array('notempty'),
//'message' => 'Please specify threat level',
'required' => true
),
),
'distribution' => array(
'rule' => array('inList', array('0', '1', '2', '3')),
'message' => 'Options : Your organisation only, This community only, Connected communities, All communities',
@ -262,6 +262,10 @@ class Event extends AppModel {
'conditions' => '',
'fields' => '',
'order' => ''
),
'ThreatLevel' => array(
'className' => 'ThreatLevel',
'foreignKey' => 'threat_level_id'
)
);
@ -617,7 +621,7 @@ class Event extends AppModel {
$newTextBody = $response->body();
return 404;
break;
case '405':
case '405':
return 405;
break;
case '403': // Not authorised
@ -825,7 +829,7 @@ class Event extends AppModel {
// $conditions['AND'][] = array('Event.published =' => 1);
// do not expose all the data ...
$fields = array('Event.id', 'Event.org', 'Event.date', 'Event.risk', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.orgc', 'Event.user_id', 'Event.locked');
$fields = array('Event.id', 'Event.org', 'Event.date', 'Event.threat_level_id', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.orgc', 'Event.user_id', 'Event.locked');
$fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp', 'Attribute.comment');
$fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id');
@ -833,6 +837,9 @@ class Event extends AppModel {
'recursive' => 0,
'fields' => $fields,
'contain' => array(
'ThreatLevel' => array(
'fields' => array('ThreatLevel.name')
),
'Attribute' => array(
'fields' => $fieldsAtt,
'conditions' => $conditionsAttributes,
@ -867,11 +874,11 @@ class Event extends AppModel {
}
return $results;
}
public function csv($org, $isSiteAdmin, $eventid=0, $ignore=0, $attributeIDList = array()) {
$final = array();
public function csv($org, $isSiteAdmin, $eventid=0, $ignore=0, $attributeIDList = array()) {
$final = array();
$attributeList = array();
$conditions = array();
$attributeList = array();
$conditions = array();
$econditions = array();
$this->recursive = -1;
// If we are not in the search result csv download function then we need to check what can be downloaded. CSV downloads are already filtered by the search function.
@ -931,4 +938,149 @@ class Event extends AppModel {
}
return $attributes;
}
public function sendAlertEmail($id, $org, $isSiteAdmin, $processId = null) {
$this->recursive = 1;
$event = $this->read(null, $id);
// Initialise the Job class if we have a background process ID
// This will keep updating the process's progress bar
if ($processId) {
$this->Job = ClassRegistry::init('Job');
}
// The mail body, h() is NOT needed as we are sending plain-text mails.
$body = "";
$body .= '----------------------------------------------' . "\n";
$appendlen = 20;
$body .= 'URL : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $event['Event']['id'] . "\n";
$body .= 'Event : ' . $event['Event']['id'] . "\n";
$body .= 'Date : ' . $event['Event']['date'] . "\n";
if ('true' == Configure::read('CyDefSIG.showorg')) {
$body .= 'Reported by : ' . $event['Event']['org'] . "\n";
}
$body .= 'Risk : ' . $event['ThreatLevel']['name'] . "\n";
$body .= 'Analysis : ' . $this->analysisLevels[$event['Event']['analysis']] . "\n";
$body .= 'Info : ' . "\n";
$body .= $event['Event']['info'] . "\n";
$user['org'] = $org;
$relatedEvents = $this->getRelatedEvents($user, $isSiteAdmin);
if (!empty($relatedEvents)) {
$body .= '----------------------------------------------' . "\n";
$body .= 'Related to : '. "\n";
foreach ($relatedEvents as &$relatedEvent) {
$body .= Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ') ' ."\n";
}
$body .= '----------------------------------------------' . "\n";
}
$body .= 'Attributes :' . "\n";
$bodyTempOther = "";
if (isset($event['Attribute'])) {
foreach ($event['Attribute'] as &$attribute) {
$line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n";
if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom.
$bodyTempOther .= $line;
else $body .= $line;
}
}
if (!empty($bodyTempOther)) {
$body .= "\n";
}
$body .= $bodyTempOther; // append the 'other' attribute types to the bottom.
$body .= '----------------------------------------------' . "\n";
// find out whether the event is private, to limit the alerted user's list to the org only
if ($event['Event']['distribution'] == 0) {
$eventIsPrivate = true;
} else {
$eventIsPrivate = false;
}
// sign the body
require_once 'Crypt/GPG.php';
try {
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); // , 'debug' => true
$gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password'));
$bodySigned = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR);
//
// Build a list of the recipients that get a non-encrypted mail
// But only do this if it is allowed in the bootstrap.php file.
//
if ($eventIsPrivate) {
$conditions = array('User.autoalert' => 1, 'User.gpgkey =' => "", 'User.org =' => $event['Event']['org']);
} else {
$conditions = array('User.autoalert' => 1, 'User.gpgkey =' => "");
}
if ('false' == Configure::read('GnuPG.onlyencrypted')) {
$alertUsers = $this->User->find('all', array(
'conditions' => $conditions,
'recursive' => 0,
));
$max = count($alertUsers);
foreach ($alertUsers as $k => &$user) {
// prepare the the unencrypted email
$Email = new CakeEmail();
$Email->from(Configure::read('CyDefSIG.email'));
$Email->to($user['User']['email']);
$Email->subject("[" . Configure::read('CyDefSIG.org') . " " . Configure::read('CyDefSIG.name') . "] Event " . $id . " - " . $event['ThreatLevel']['name'] . " - TLP Amber");
$Email->emailFormat('text'); // both text or html
// send it
$Email->send($bodySigned);
$Email->reset();
if ($processId) {
$this->Job->saveField('progress', $k / $max * 50);
}
}
}
//
// Build a list of the recipients that wish to receive encrypted mails.
//
if ($eventIsPrivate) {
$conditions = array('User.autoalert' => 1, 'User.gpgkey !=' => "", 'User.org =' => $event['Event']['org']);
} else {
$conditions = array('User.autoalert' => 1, 'User.gpgkey !=' => "");
}
$alertUsers = $this->User->find('all', array(
'conditions' => $conditions,
'recursive' => 0,
)
);
// encrypt the mail for each user and send it separately
foreach ($alertUsers as &$user) {
// send the email
$Email = new CakeEmail();
$Email->from(Configure::read('CyDefSIG.email'));
$Email->to($user['User']['email']);
$Email->subject("[" . Configure::read('CyDefSIG.org') . " " . Configure::read('CyDefSIG.name') . "] Event " . $id . " - " . $event['ThreatLevel']['name'] . " - TLP Amber");
$Email->emailFormat('text'); // both text or html
// import the key of the user into the keyring
// this is not really necessary, but it enables us to find
// the correct key-id even if it is not the same as the emailaddress
$keyImportOutput = $gpg->importKey($user['User']['gpgkey']);
// say what key should be used to encrypt
try {
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
$gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import
$bodyEncSig = $gpg->encrypt($bodySigned, true);
$Email->send($bodyEncSig);
} catch (Exception $e){
// catch errors like expired PGP keys
$this->log($e->getMessage());
// no need to return here, as we want to send out mails to the other users if GPG encryption fails for a single user
}
// If you wish to send multiple emails using a loop, you'll need
// to reset the email fields using the reset method of the Email component.
$Email->reset();
if ($processId) {
$this->Job->saveField('progress', ($k / $max * 50) + 50);
}
}
} catch (Exception $e){
// catch errors like expired PGP keys
$this->log($e->getMessage());
return $e->getMessage();
}
// LATER check if sending email succeeded and return appropriate result
return true;
}
}

1
app/Model/Regexp.php
View File

@ -66,7 +66,6 @@ class Regexp extends AppModel {
}
public function replaceSpecific($string, $allRegexp = null, $type) {
if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
$orig = $string;
foreach ($allRegexp as $regexp) {
if (strlen($regexp['Regexp']['replacement']) && strlen($regexp['Regexp']['regexp']) && ($regexp['Regexp']['type'] === 'ALL' || $regexp['Regexp']['type'] === $type)) {

39
app/Model/ThreatLevel.php Normal file
View File

@ -0,0 +1,39 @@
<?php
App::uses('AppModel', 'Model');
class ThreatLevel extends AppModel {
public $validate = array(
'name' => array(
'notEmpty' => array(
'rule' => array('notEmpty'),
'required' => true
),
),
'description' => array(
'notEmpty' => array(
'rule' => array('notEmpty'),
),
),
'form_description' => array(
'notEmpty' => array(
'rule' => array('notEmpty'),
'required' => true
),
),
);
/**
* hasMany associations
*
* @var array
*/
/*public $hasMany = array(
'Event' => array(
'className' => 'Event',
'foreignKey' => 'threat_level_id',
'dependent' => false,
)
);*/
}

47
app/Test/Case/Model/ThreatLevelTest.php Normal file
View File

@ -0,0 +1,47 @@
<?php
App::uses('ThreatLevel', 'Model');
/**
* ThreatLevel Test Case
*
*/
class ThreatLevelTest extends CakeTestCase {
/**
* Fixtures
*
* @var array
*/
public $fixtures = array(
'app.threat_level',
'app.event',
'app.user',
'app.role',
'app.post',
'app.thread',
'app.attribute',
'app.shadow_attribute'
);
/**
* setUp method
*
* @return void
*/
public function setUp() {
parent::setUp();
$this->ThreatLevel = ClassRegistry::init('ThreatLevel');
}
/**
* tearDown method
*
* @return void
*/
public function tearDown() {
unset($this->ThreatLevel);
parent::tearDown();
}
}

56
app/Test/Fixture/ThreatLevelFixture.php Normal file
View File

@ -0,0 +1,56 @@
<?php
/**
* ThreatLevelFixture
*
*/
class ThreatLevelFixture extends CakeTestFixture {
/**
* Fields
*
* @var array
*/
public $fields = array(
'id' => array('type' => 'boolean', 'null' => false, 'default' => null, 'key' => 'primary'),
'name' => array('type' => 'string', 'null' => false, 'length' => 50, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'form_description' => array('type' => 'string', 'null' => false, 'collate' => 'utf8_bin', 'charset' => 'utf8'),
'indexes' => array(
'PRIMARY' => array('column' => 'id', 'unique' => 1)
),
'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB')
);
/**
* Records
*
* @var array
*/
public $records = array(
array(
'id' => 1,
'name' => 'High',
'description' => '*high* means sophisticated APT malware or 0-day attack',
'form_description' => 'Sophisticated APT malware or 0-day attack'
),
array(
'id' => 2,
'name' => 'Medium',
'description' => '*medium* means APT malware',
'form_description' => 'APT malware'
),
array(
'id' => 3,
'name' => 'Low',
'description' => '*low* means mass-malware',
'form_description' => 'Mass-malware'
),
array(
'id' => 4,
'name' => 'Undefined',
'description' => '*undefined* no risk',
'form_description' => 'No risk'
),
);
}

5
app/View/Attributes/text.ctp Normal file
View File

@ -0,0 +1,5 @@
<?php
foreach ($attributes as $attribute) {
echo $attribute['Attribute']['value'];
echo PHP_EOL;
}

8
app/View/Elements/footer.ctp
View File

@ -2,7 +2,13 @@
<div class="navbar navbar-inverse" style="padding-left:20px;">
<div class="navbar-inner row">
<div class="pull-left footerText" style="float:left;position:absolute;padding-top:12px;z-index:2;">
<span>Download: <?php echo $this->Html->link('PGP/GPG key', '/gpg.asc');?></span>
<?php
$gpgpath = ROOT.DS.APP_DIR.DS.WEBROOT_DIR.DS.'gpg.asc';
if(file_exists($gpgpath) && is_file($gpgpath)){ ?>
<span>Download: <?php echo $this->Html->link('PGP/GPG key', $this->webroot.'gpg.asc');?></span>
<?php }else{ ?>
<span>Could not locate the PGP/GPG public key.</span>
<?php } ?>
</div>
<div class = "footerText footerCenterText">
<span> <?php if (isset($me)) echo Configure::read('CyDefSIG.footerversion'); else echo Configure::read('CyDefSIG.footer')?></span>

12
app/View/Elements/global_menu.ctp
View File

@ -91,10 +91,14 @@
<?php endif; ?>
<li><a href="/admin/roles/index">List Roles</a></li>
<?php if($isSiteAdmin): ?>
<li class="divider"></li>
<li><a href="/admin/users/email">Contact Users</a></li>
<li class="divider"></li>
<li><a href="/pages/display/administration">Administrative tools</a></li>
<li class="divider"></li>
<li><a href="/admin/users/email">Contact Users</a></li>
<li class="divider"></li>
<li><a href="/pages/display/administration">Administrative tools</a></li>
<?php if (Configure::read('MISP.background_jobs')): ?>
<li class="divider"></li>
<li><a href="/jobs/index">Jobs</a></li>
<?php endif; ?>
<?php endif; ?>
</ul>
</li>

2
app/View/Elements/side_menu.ctp
View File

@ -133,6 +133,8 @@
<li class="divider"></li>
<li <?php if ($menuItem === 'contact') echo 'class="active";'?>><?php echo $this->Html->link('Contact users', array('controller' => 'users', 'action' => 'email', 'admin' => true)); ?> </li>
<li <?php if ($menuItem === 'adminTools') echo 'class="active";'?>><a href="/pages/display/administration">Administrative tools</a></li>
<li class="divider"></li>
<li <?php if ($menuItem === 'jobs') echo 'class="active";'?>><a href="/jobs/index">Jobs</a></li>
<?php endif;
break;

15
app/View/Events/add.ctp
View File

@ -18,7 +18,7 @@
'selected' => $initialDistribution,
));
}
echo $this->Form->input('risk', array(
echo $this->Form->input('threat_level_id', array(
'div' => 'input clear'
));
echo $this->Form->input('analysis', array(
@ -41,7 +41,7 @@ echo $this->Form->end();
?>
</div>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'add'));
?>
@ -51,7 +51,7 @@ echo $this->Form->end();
//
var formInfoValues = {
'EventDistribution' : new Array(),
'EventRisk' : new Array(),
'EventThreatLevelId' : new Array(),
'EventAnalysis' : new Array()
};
@ -61,8 +61,7 @@ foreach ($distributionDescriptions as $type => $def) {
echo "formInfoValues['EventDistribution']['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['EventRisk']['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['EventThreatLevelId']['" . addslashes($type) . "'] = \"" . addslashes($def) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($analysisDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
@ -72,11 +71,11 @@ foreach ($analysisDescriptions as $type => $def) {
$(document).ready(function() {
$("#EventAnalysis, #EventRisk, #EventDistribution").on('mouseleave', function(e) {
$("#EventAnalysis, #EventThreatLevelId, #EventDistribution").on('mouseleave', function(e) {
$('#'+e.currentTarget.id).popover('destroy');
});
$("#EventAnalysis, #EventRisk, #EventDistribution").on('mouseover', function(e) {
$("#EventAnalysis, #EventThreatLevelId, #EventDistribution").on('mouseover', function(e) {
var $e = $(e.target);
if ($e.is('option')) {
$('#'+e.currentTarget.id).popover('destroy');
@ -91,7 +90,7 @@ $(document).ready(function() {
// workaround for browsers like IE and Chrome that do now have an onmouseover on the 'options' of a select.
// disadvangate is that user needs to click on the item to see the tooltip.
// no solutions exist, except to generate the select completely using html.
$("#EventAnalysis, #EventRisk, #EventDistribution").on('change', function(e) {
$("#EventAnalysis, #EventThreatLevelId, #EventDistribution").on('change', function(e) {
var $e = $(e.target);
$('#'+e.currentTarget.id).popover('destroy');
$('#'+e.currentTarget.id).popover({

15
app/View/Events/edit.ctp
View File

@ -14,7 +14,7 @@ if ('true' == Configure::read('CyDefSIG.sync')) {
'label' => 'Distribution',
));
}
echo $this->Form->input('risk', array(
echo $this->Form->input('threat_level_id', array(
'div' => 'input clear'
));
echo $this->Form->input('analysis', array(
@ -32,7 +32,7 @@ echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
echo $this->Form->end();
?>
</div>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'editEvent'));
?>
@ -42,7 +42,7 @@ echo $this->Form->end();
//
var formInfoValues = {
'EventDistribution' : new Array(),
'EventRisk' : new Array(),
'EventThreatLevelId' : new Array(),
'EventAnalysis' : new Array()
};
@ -52,8 +52,7 @@ foreach ($distributionDescriptions as $type => $def) {
echo "formInfoValues['EventDistribution']['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['EventRisk']['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['EventThreatLevelId']['" . addslashes($type) . "'] = \"" . addslashes($def) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($analysisDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
@ -63,11 +62,11 @@ foreach ($analysisDescriptions as $type => $def) {
$(document).ready(function() {
$("#EventAnalysis, #EventRisk, #EventDistribution").on('mouseleave', function(e) {
$("#EventAnalysis, #EventThreatLevelId, #EventDistribution").on('mouseleave', function(e) {
$('#'+e.currentTarget.id).popover('destroy');
});
$("#EventAnalysis, #EventRisk, #EventDistribution").on('mouseover', function(e) {
$("#EventAnalysis, #EventThreatLevelId, #EventDistribution").on('mouseover', function(e) {
var $e = $(e.target);
if ($e.is('option')) {
$('#'+e.currentTarget.id).popover('destroy');
@ -82,7 +81,7 @@ $(document).ready(function() {
// workaround for browsers like IE and Chrome that do now have an onmouseover on the 'options' of a select.
// disadvangate is that user needs to click on the item to see the tooltip.
// no solutions exist, except to generate the select completely using html.
$("#EventAnalysis, #EventRisk, #EventDistribution").on('change', function(e) {
$("#EventAnalysis, #EventThreatLevelId, #EventDistribution").on('change', function(e) {
var $e = $(e.target);
$('#'+e.currentTarget.id).popover('destroy');
$('#'+e.currentTarget.id).popover({

3
app/View/Events/export.ctp
View File

@ -128,6 +128,9 @@
editMessage(i, "Completed.");
updateOutdated(i);
}
if (data == -1) {
alert("Warning, the background worker is not responding!");
}
});
}

81
app/View/Events/export_alternate.ctp Normal file
View File

@ -0,0 +1,81 @@
<div class="event index">
<h2>Export</h2>
<p>Export functionality is designed to automatically generate signatures for intrusion detection systems. To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artifacts. Support for more attribute types is planned.
<br/>
<p>Simply click on any of the following buttons to download the appropriate data.</p>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all as XML', array('action' => 'xml', 'download'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all events and attributes that you have access to <small>(except file attachments)</small> in a custom XML format.
</div>
</div>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all signatures as CSV', array('action' => 'csv', 'download'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all attributes that are indicators and that you have access to <small>(except file attachments)</small> in CSV format.
</div>
</div>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all as CSV', array('action' => 'csv', 'download', '0','1'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all attributes that you have access to <small>(except file attachments)</small> in CSV format.
</div>
</div>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download NIDS signatures', array('action' => 'nids', 'download'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all network related attributes that you
have access to under the Snort rule format. Only <em>published</em>
events and attributes marked as <em>IDS Signature</em> are exported.
Administration is able to maintain a whitelist containing host,
domain name and IP numbers to exclude from the NIDS export.
</div>
</div>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all MD5 hashes', array('action' => 'hids', 'md5','download'), array('class' => 'btn btn-block full-width')); ?>
<?php echo $this->Html->link('Download all SHA1 hashes', array('action' => 'hids', 'sha1','download'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click on one of these two buttons to download all MD5 or SHA1
checksums contained in file-related attributes. This list can be
used to feed forensic software when searching for susipicious files.
Only <em>published</em> events and attributes marked as <em>IDS
Signature</em> are exported.
</div>
</div>
<p>
Click on one of these buttons to download all the attributes with the matching type. This list can be used to feed forensic software when searching for susipicious files. Only <em>published</em> events and attributes marked as <em>IDS Signature</em> are exported.
</p>
<ul class="inline">
<?php
foreach ($sigTypes as $sigType): ?>
<li class="actions" style="text-align:center; width: auto; padding: 7px 2px;">
<?php echo $this->Html->link($sigType, array('action' => 'text', 'download' ,$sigType), array('class' => 'btn')) ?>
</li>
<?php endforeach; ?>
</ul>
</div>
<div class="actions <?php echo $debugMode;?>">
<ul class="nav nav-list">
<li><a href="/events/index">List Events</a></li>
<?php if ($isAclAdd): ?>
<li><a href="/events/add">Add Event</a></li>
<?php endif; ?>
<li class="divider"></li>
<li><a href="/attributes/index">List Attributes</a></li>
<li><a href="/attributes/search">Search Attributes</a></li>
<li class="divider"></li>
<li class="active"><a href="/events/export">Export</a></li>
<?php if ($isAclAuth): ?>
<li><a href="/events/automation">Automation</a></li>
<?php endif;?>
</ul>
</div>

50
app/View/Events/index.ctp
View File

@ -100,18 +100,18 @@
<span id="searchorg"><br/>
<?php
echo $this->Form->create('', array('action' => 'index', 'style' => 'margin-bottom:0px'));
echo $this->Form->input('searchpublished', array('value' => $this->passedArgs['searchpublished'], 'type' => 'hidden'));
echo $this->Form->input('searchinfo', array('value' => $this->passedArgs['searchinfo'], 'type' => 'hidden'));
echo $this->Form->input('searchDatefrom', array('value' => $this->passedArgs['searchDatefrom'], 'type' => 'hidden'));
echo $this->Form->input('searchDateuntil', array('value' => $this->passedArgs['searchDateuntil'], 'type' => 'hidden'));
echo $this->Form->input('searchpublished', array('value' => $this->passedArgs['searchpublished'], 'type' => 'hidden'));
echo $this->Form->input('searchinfo', array('value' => $this->passedArgs['searchinfo'], 'type' => 'hidden'));
echo $this->Form->input('searchDatefrom', array('value' => $this->passedArgs['searchDatefrom'], 'type' => 'hidden'));
echo $this->Form->input('searchDateuntil', array('value' => $this->passedArgs['searchDateuntil'], 'type' => 'hidden'));
echo $this->Form->input('searchorg', array(
'value' => $this->passedArgs['searchorg'],
'label' => '',
'class' => 'input-mini'));
?>
<input type="submit" style="visibility:collapse;" />
<?php
echo $this->Form->end();
?>
<input type="submit" style="visibility:collapse;" />
<?php
echo $this->Form->end();
?>
</span>
</th>
@ -135,8 +135,8 @@
<div id="searchdate" class="input-append input-prepend">
<?php
echo $this->Form->create('', array('action' => 'index', 'style' => 'margin-bottom:0px'));
echo $this->Form->input('searchorg', array('value' => $this->passedArgs['searchorg'], 'type' => 'hidden'));
echo $this->Form->input('searchinfo', array('value' => $this->passedArgs['searchinfo'], 'type' => 'hidden'));
echo $this->Form->input('searchorg', array('value' => $this->passedArgs['searchorg'], 'type' => 'hidden'));
echo $this->Form->input('searchinfo', array('value' => $this->passedArgs['searchinfo'], 'type' => 'hidden'));
echo $this->Form->input('searchpublished', array('value' => $this->passedArgs['searchpublished'], 'type' => 'hidden'));
echo $this->Form->input('searchDatefrom', array(
'value' => $this->passedArgs['searchDatefrom'],
@ -153,15 +153,15 @@
'class' => 'span1 datepicker',
'div' => false
));
?>
<input type="submit" style="visibility:collapse;" />
<?php
echo $this->Form->end();
?>
<input type="submit" style="visibility:collapse;" />
<?php
echo $this->Form->end();
?>
</div>
</th>
<th title="<?php echo $eventDescriptions['risk']['desc'];?>">
<?php echo $this->Paginator->sort('risk');?>
<th title="<?php echo $eventDescriptions['threat_level_id']['desc'];?>">
<?php echo $this->Paginator->sort('threat_level_id');?>
</th>
<th title="<?php echo $eventDescriptions['analysis']['desc'];?>">
<?php echo $this->Paginator->sort('analysis');?>
@ -172,18 +172,18 @@
<span id="searchinfo"><br/>
<?php
echo $this->Form->create('', array('action' => 'index', 'style' => 'margin-bottom:0px'));
echo $this->Form->input('searchorg', array('value' => $this->passedArgs['searchorg'], 'type' => 'hidden'));
echo $this->Form->input('searchpublished', array('value' => $this->passedArgs['searchpublished'], 'type' => 'hidden'));
echo $this->Form->input('searchDatefrom', array('value' => $this->passedArgs['searchDatefrom'], 'type' => 'hidden'));
echo $this->Form->input('searchorg', array('value' => $this->passedArgs['searchorg'], 'type' => 'hidden'));
echo $this->Form->input('searchpublished', array('value' => $this->passedArgs['searchpublished'], 'type' => 'hidden'));
echo $this->Form->input('searchDatefrom', array('value' => $this->passedArgs['searchDatefrom'], 'type' => 'hidden'));
echo $this->Form->input('searchDateuntil', array('value' => $this->passedArgs['searchDateuntil'], 'type' => 'hidden'));
echo $this->Form->input('searchinfo', array(
'value' => $this->passedArgs['searchinfo'],
'label' => '',
'class' => 'input-large'));
?>
<input type="submit" style="visibility:collapse;" />
<?php
echo $this->Form->end();
?>
<input type="submit" style="visibility:collapse;" />
<?php
echo $this->Form->end();
?>
</span>
</th>
@ -246,7 +246,7 @@
<?php echo $event['Event']['date']; ?>&nbsp;
</td>
<td class="short" onclick="location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php echo $event['Event']['risk']; ?>&nbsp;
<?php echo $event['ThreatLevel']['name']; ?>&nbsp;
</td>
<td class="short" onclick="location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php echo $analysisLevels[$event['Event']['analysis']]; ?>&nbsp;
@ -294,7 +294,7 @@
</ul>
</div>
</div>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'index'));
?>

17
app/View/Events/json/index.ctp Normal file
View File

@ -0,0 +1,17 @@
<?php
foreach ($events as $key => &$event) {
// rearrange things to be compatible with the Xml::fromArray()
$events[$key] = $events[$key]['Event'];
unset($events[$key]['Event']);
// cleanup the array from things we do not want to expose
unset($events[$key]['user_id']);
// hide the org field is we are not in showorg mode
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($events[$key]['org']);
unset($events[$key]['orgc']);
unset($events[$key]['from']);
}
}
echo json_encode($events);

36
app/View/Events/json/view.ctp Normal file
View File

@ -0,0 +1,36 @@
<?php
$event['Event']['Attribute'] = $event['Attribute'];
unset($event['Attribute']);
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
unset($event['ShadowAttribute']);
unset($event['Event']['user_id']);
// hide the org field is we are not in showorg mode
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($event['Event']['org']);
unset($event['Event']['orgc']);
unset($event['Event']['from']);
}
// remove value1 and value2 from the output
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
unset($event['Event']['Attribute'][$key]['category_order']);
}
if (isset($event['Event']['RelatedEvent'])) {
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
unset($event['Event']['RelatedEvent'][$key]['user_id']);
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($event['Event']['RelatedEvent'][$key]['org']);
unset($event['Event']['RelatedEvent'][$key]['orgc']);
}
}
}
if (isset($relatedEvents)) {
foreach ($relatedEvents as $relatedEvent) {
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
}
}
echo json_encode($event);

10
app/View/Events/view.ctp
View File

@ -2,7 +2,7 @@
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['orgc'] == $me['org']));
$mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']);
?>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'viewEvent'));
?>
@ -54,9 +54,9 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']);
<?php echo h($event['Event']['date']); ?>
&nbsp;
</dd>
<dt title="<?php echo $eventDescriptions['risk']['desc'];?>">Risk</dt>
<dt title="<?php echo $eventDescriptions['threat_level_id']['desc'];?>">Risk</dt>
<dd>
<?php echo h($event['Event']['risk']); ?>
<?php echo h($event['ThreatLevel']['name']); ?>
&nbsp;
</dd>
<dt title="<?php echo $eventDescriptions['analysis']['desc'];?>">Analysis</dt>
@ -203,7 +203,7 @@ if (!empty($event['Attribute'])):?>
$first = 0;
?>
<ul class="inline" style="margin:0px;">
<?php
<?php
if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$attribute['id']])) {
foreach ($relatedAttributes[$attribute['id']] as $relatedAttribute) {
echo '<li style="padding-right: 0px; padding-left:0px;" title ="' . h($relatedAttribute['info']) . '"><span>';
@ -394,7 +394,7 @@ if (!empty($event['Attribute'])):?>
endif; ?>
</div>
<div id="discussions_div">
<?php
<?php
echo $this->element('eventdiscussion');
?>
</div>

4
app/View/Jobs/index.ctp
View File

@ -95,5 +95,7 @@ endforeach; ?>
</ul>
</div>
<?php
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'jobs'));
?>

4
app/View/Users/admin_view.ctp
View File

@ -112,7 +112,7 @@ if (h($user['User']['change_pw']) == 1) {
</td>
<td><?php echo h($event['id']);?></td>
<td><?php echo h($event['date']);?></td>
<td><?php echo h($event['risk']);?></td>
<td><?php echo h($event['threat_level_id']);?></td>
<td><?php echo h($event['info']);?></td>
<td><?php echo h($event['uuid']);?></td>
<td><?php echo h($event['distribution']);?></td>
@ -131,6 +131,6 @@ if (h($user['User']['change_pw']) == 1) {
endif; ?>
</div>
</div>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'viewUser'));
?>

3
tools/curl/addEvent.sh
View File

@ -1,2 +1,5 @@
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/event.xml" -X POST http://localhost/events
#curl -i -H "Accept: application/json" -H "content-type: text/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
#--data "@input/event.json" -X POST http://localhost/events

3
tools/curl/editEvent.sh
View File

@ -4,3 +4,6 @@
# POST can be used as well..
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
--data "@input/event.xml" -X POST http://localhost/events/$1
#curl -i -H "Accept: application/json" -H "content-type: text/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
#--data "@input/event.json" -X POST http://localhost/events/$1

3
tools/curl/indexEvents.sh
View File

@ -1,2 +1,5 @@
curl -H "Accept: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
-X GET http://localhost/events
#curl -H "Accept: application/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
#-X GET http://localhost/events

66
tools/curl/input/event.json Normal file
View File

@ -0,0 +1,66 @@
{
"Event": {
"id": "15",
"org": "ORG",
"date": "2012-04-12",
"threat_level_id": "4",
"info": "info",
"user_id": "1",
"uuid": "4f8c2c4e-00dc-42c9-83ad-76e9ff32448e",
"distribution": "0",
"analysis": "0",
"timestamp": "1",
"Attribute": [
{
"id": "116",
"event_id": "14",
"type": "ip-dst",
"category": "Network activity",
"to_ids": "1",
"uuid": "4f8c2cc3-0410-4bf0-8559-5b9dff32448e",
"distribution": "0",
"value": "1.1.1.111",
"timestamp": "0"
},
{
"id": "117",
"event_id": "14",
"type": "malware-sample",
"category": "Payload delivery",
"to_ids": "0",
"uuid": "4f8c2d08-7e6c-4648-8730-50a7ff32448e",
"distribution": "0",
"value": "A.doc|3f6f1aaab6171925c81de9b34a8fcf8e",
"timestamp": "0"
},
{
"id": "115",
"event_id": "14",
"type": "vulnerability",
"category": "Payload delivery",
"to_ids": "1",
"uuid": "4f8c2c69-9bf8-4279-8d03-2138ff32448e",
"distribution": "0",
"value": "CVE-XXXX-XXXX",
"timestamp": "0"
}
],
"RelatedEvent": [
{
"id": "11",
"date": "2011-01-03",
"uuid": "4f8812ff-ded0-4592-9227-0615ff32448e"
},
{
"id": "9",
"date": "2011-02-02",
"uuid": "4f85981e-d044-4b16-bc16-0a35ff32448e"
},
{
"id": "6",
"date": "2011-03-01",
"uuid": "4f7a9faa-91d4-4c91-8ec6-0878ff32448e"
}
]
}
}

3
tools/curl/viewEvent.sh
View File

@ -1,2 +1,5 @@
curl -H "Accept: application/xml" -H "Authorization: 3xoBdRRCjr3dLS0WyqETzWZrMhmpK5iNCGpQxgsR" \
-X GET http://localhost:8888/events/$1
#curl -H "Accept: application/json" -H "Authorization: 3xoBdRRCjr3dLS0WyqETzWZrMhmpK5iNCGpQxgsR" \
#-X GET http://localhost:8888/events/$1