mirror of https://github.com/MISP/MISP
chg: [stix2 export] Multiple events export prepared in Controller & Model side
- Changes on automation side coming soonpull/3707/head
chrisr3d
parent
b99adf5d76
commit
53ccf51e71
|
|
@ -3981,7 +3981,7 @@ class EventsController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
public function stix2($key, $id)
|
||||
public function stix2($key, $id = false, $withAttachments = false, $tags = false, $from = false, $to = false, $last = false)
|
||||
{
|
||||
if ($key != 'download') {
|
||||
// check if the key is valid -> search for users based on key
|
||||
|
|
@ -3994,9 +3994,53 @@ class EventsController extends AppController
|
|||
throw new UnauthorizedException(__('You have to be logged in to do that.'));
|
||||
}
|
||||
}
|
||||
$result = $this->Event->stix2($id, $this->Auth->user());
|
||||
$this->header('Content-Disposition: download; filename="misp.stix2.event' . $id . '.json"');
|
||||
return $this->RestResponse->viewData($result, 'application/json', false, true, "misp.stix2.event" . $id . ".json");
|
||||
if ($this->request->is('post')) {
|
||||
if (empty($this->request->data)) {
|
||||
throw new BadRequestException(__('Either specify the search terms in the url, or POST an xml (with the root element being "request".'));
|
||||
} else {
|
||||
$data = $this->request->data;
|
||||
}
|
||||
$paramArray = array('id', 'withAttachment', 'tags', 'from', 'to', 'last');
|
||||
foreach ($paramArray as $p) {
|
||||
if (isset($data['request'][$p])) {
|
||||
${$p} = $data['request'][$p];
|
||||
} else {
|
||||
${$p} = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
$simpleFalse = array('id', 'withAttachments', 'tags', 'from', 'to', 'last');
|
||||
foreach ($simpleFalse as $sF) {
|
||||
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) {
|
||||
${$sF} = false;
|
||||
}
|
||||
}
|
||||
if ($from) {
|
||||
$from = $this->Event->dateFieldCheck($from);
|
||||
}
|
||||
if ($to) {
|
||||
$to = $this->Event->dateFieldCheck($to);
|
||||
}
|
||||
if ($last) {
|
||||
$last = $this->Event->resolveTimeDelta($last);
|
||||
}
|
||||
|
||||
// set null if a null string is passed
|
||||
$numeric = false;
|
||||
if (is_numeric($id)) {
|
||||
$numeric = true;
|
||||
}
|
||||
$result = $this->Event->stix2($id, $tags, $withAttachments, $this->Auth->user(), 'json', $from, $to, $last);
|
||||
if ($result['success'] == 1) {
|
||||
if ($numeric) {
|
||||
$this->header('Content-Disposition: download; filename="misp.stix2.event' . $id . '.json"');
|
||||
} else {
|
||||
$this->header('Content-Disposition: download; filename="misp.stix2.event.collection.json"');
|
||||
}
|
||||
$this->set('data', $result['data']);
|
||||
} else {
|
||||
throw new Exception(h($result['message']));
|
||||
}
|
||||
}
|
||||
|
||||
public function stix($key, $id = false, $withAttachments = false, $tags = false, $from = false, $to = false, $last = false)
|
||||
|
|
|
|||
|
|
@ -3648,33 +3648,73 @@ class Event extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
public function stix2($id, $user)
|
||||
public function stix2($id, $tags, $attachments, $user, $returnType = 'json', $from = false, $to = false, $last = false, $jobId = false, $returnFile = false)
|
||||
{
|
||||
$event = $this->fetchEvent($user, array('eventid' => $id, 'includeAttachments' => 1));
|
||||
App::uses('JSONConverterTool', 'Tools');
|
||||
$converter = new JSONConverterTool();
|
||||
$event = $converter->convert($event[0]);
|
||||
$eventIDs = $this->Attribute->dissectArgs($id);
|
||||
$tagIDs = $this->Attribute->dissectArgs($tags);
|
||||
$idList = $this->getAccessibleEventIds($eventIDs[0], $eventIDs[1], $tagIDs[0], $tagIDs[1]);
|
||||
if (!empty($idList)) {
|
||||
$event_ids = $this->fetchEventIds($user, $from, $to, $last, true);
|
||||
$event_ids = array_intersect($event_ids, $idList);
|
||||
}
|
||||
$randomFileName = $this->generateRandomFileName();
|
||||
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
|
||||
$tempFile = new File($tmpDir . DS . $randomFileName, true, 0644);
|
||||
$tempFile->write($event);
|
||||
$scriptFile = APP . "files" . DS . "scripts" . DS . "stix2" . DS . "misp2stix2.py";
|
||||
$result = shell_exec('python3 ' . $scriptFile . ' ' . $tempFile->path . ' json ' . ' ' . escapeshellarg(Configure::read('MISP.baseurl')) . ' ' . escapeshellarg(Configure::read('MISP.org')) . ' 2>' . APP . 'tmp/logs/exec-errors.log');
|
||||
$tempFile->delete();
|
||||
$resultFile = new File($tmpDir . DS . $randomFileName . ".stix2");
|
||||
$resultFile->write("{\"type\": \"bundle\", \"spec_version\": \"2.0\", \"id\": \"bundle--" . CakeText::uuid() . "\", \"objects\": [");
|
||||
if (trim($result) == 1) {
|
||||
$file = new File($tmpDir . DS . $randomFileName . '.out', true, 0644);
|
||||
$result = substr($file->read(), 1, -1);
|
||||
$file->delete();
|
||||
$resultFile->append($result);
|
||||
} else {
|
||||
return false;
|
||||
$stixFile = new File($tmpDir . DS . $randomFileName . ".stix");
|
||||
$stixFile->write("{\"type\": \"bundle\", \"spec_version\": \"2.0\", \"id\": \"bundle--" . CakeText::uuid() . "\", \"objects\": [");
|
||||
if ($jobId) {
|
||||
$this->Job = ClassRegistry::init('Job');
|
||||
$this->Job->id = $jobId;
|
||||
if (!$this->Job->exists()) {
|
||||
$jobId = false;
|
||||
}
|
||||
}
|
||||
$resultFile->append("]}\n");
|
||||
$data2return = $resultFile->read();
|
||||
$resultFile->delete();
|
||||
return $data2return;
|
||||
$i = 0;
|
||||
$eventCount = count($event_ids);
|
||||
if ($event_ids) {
|
||||
foreach ($event_ids as $event_id) {
|
||||
$tempFile = new File($tmpDir . DS . $randomFileName, true, 0644);
|
||||
$event = $this->fetchEvent($user, array('eventid' => $id, 'includeAttachments' => 1));
|
||||
if (empty($event)) {
|
||||
continue;
|
||||
}
|
||||
$event[0]['Tag'] = array();
|
||||
foreach ($event[0]['EventTag'] as $tag) {
|
||||
$event[0]['Tag'][] = $tag['Tag'];
|
||||
}
|
||||
App::uses('JSONConverterTool', 'Tools');
|
||||
$converter = new JSONConverterTool();
|
||||
$event = $converter->convert($event[0]);
|
||||
$tempFile->write($event);
|
||||
unset($event);
|
||||
$scriptFile = APP . "files" . DS . "scripts" . DS . "stix2" . DS . "misp2stix2.py";
|
||||
$result = shell_exec('python3 ' . $scriptFile . ' ' . $tempFile->path . ' json ' . ' ' . escapeshellarg(Configure::read('MISP.baseurl')) . ' ' . escapeshellarg(Configure::read('MISP.org')) . ' 2>' . APP . 'tmp/logs/exec-errors.log');
|
||||
if (trim($result) == 1) {
|
||||
$file = new File($tmpDir . DS . $randomFileName . '.out', true, 0644);
|
||||
$result = substr($file->read(), 1, -1);
|
||||
$file->delete();
|
||||
$stixFile->append($result . (($i + 1) != $eventCount ? ',' : ''));
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
$i++;
|
||||
if ($jobId) {
|
||||
$this->Job->saveField('message', 'Event ' . $i . '/' . $eventCount);
|
||||
if ($i % 10 == 0) {
|
||||
$this->Job->saveField('progress', $i * 80 / $eventCount);
|
||||
}
|
||||
}
|
||||
$tempFile->close();
|
||||
}
|
||||
}
|
||||
$stixFile->append("]}\n");
|
||||
if ($tempFile) {
|
||||
$tempFile->delete();
|
||||
}
|
||||
if (!$returnFile) {
|
||||
$data2return = $stixFile->read();
|
||||
$stixFile->delete();
|
||||
}
|
||||
return array('success' => 1, 'data' => $returnFile ? $stixFile->path : $data2return);
|
||||
}
|
||||
|
||||
public function stix($id, $tags, $attachments, $user, $returnType = 'xml', $from = false, $to = false, $last = false, $jobId = false, $returnFile = false)
|
||||
|
|
|
|||
Loading…
Reference in New Issue