MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hotfix-2.1.18'

pull/195/head
iglocska 2013-09-03 15:42:16 +02:00
parent daf97343da 070c3664c2
commit 55c7dda27c
9 changed files with 192 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Config/bootstrap.default.php
View File

@ -122,6 +122,8 @@ Configure::write('SecureAuth.expire', 300); // the time-window for th
Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available to do resolution.
Configure::write('CyDefSig.cveurl', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId='); // Default URL for NVD/CVE reference.
// The following 3 fields are optional
//Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s'); // used in Events::login before the MISP logo

2
app/Controller/EventsController.php
View File

@ -1283,7 +1283,7 @@ class EventsController extends AppController {
// save the gpg key to a temporary file
$tmpfname = tempnam(TMP, "GPGkey");
$handle = fopen($tmpfname, "w");
fwrite($handle, $meUser['gpgkey']);
fwrite($handle, $this->Auth->user('gpgkey'));
fclose($handle);
// attach it
$this->Email->attachments = array(

2
app/Controller/ServersController.php
View File

@ -150,7 +150,7 @@ class ServersController extends AppController {
* @throws NotFoundException
*/
public function pull($id = null, $technique=false) {
if (!$this->_IsSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->_isSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));

68
app/Controller/ShadowAttributesController.php
View File

@ -142,7 +142,7 @@ class ShadowAttributesController extends AppController {
$event['Event']['published'] = 0;
$this->Event->save($event, array('fieldList' => $fieldList));
$this->Session->setFlash(__('Proposed attribute accepted', true), 'default', array());
$this->redirect(array('controller' => 'events', 'action' => 'index'));
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->Event->id));
}
}
@ -184,6 +184,7 @@ class ShadowAttributesController extends AppController {
}
}
$this->ShadowAttribute->delete($id, $cascade = false);
$this->_setProposalLock($eventId, false);
$this->Session->setFlash(__('Proposed change discarded', true), 'default', array());
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
}
@ -246,7 +247,7 @@ class ShadowAttributesController extends AppController {
if ($successes) {
// list the ones that succeeded
$this->Session->setFlash(__('The lines' . $successes . ' have been saved', true));
$this->_setProposalLock($eventId, 1);
$this->__sendProposalAlertEmail($eventId);
}
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
@ -265,7 +266,7 @@ class ShadowAttributesController extends AppController {
$this->request->data['ShadowAttribute']['email'] = $this->Auth->user('email');
$this->request->data['ShadowAttribute']['org'] = $this->Auth->user('org');
if ($this->ShadowAttribute->save($this->request->data)) {
$this->_setProposalLock($eventId, 1);
$this->__sendProposalAlertEmail($eventId);
// inform the user and redirect
$this->Session->setFlash(__('The proposal has been saved'));
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
@ -368,7 +369,7 @@ class ShadowAttributesController extends AppController {
$this->request->data['ShadowAttribute']['email'] = $this->Auth->user('email');
$this->request->data['ShadowAttribute']['org'] = $this->Auth->user('org');
if ($this->ShadowAttribute->save($this->request->data)) {
$this->_setProposalLock($eventId, 1);
$this->__sendProposalAlertEmail($eventId);
} else {
$this->Session->setFlash(__('The ShadowAttribute could not be saved. Did you already upload this file?'));
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
@ -514,7 +515,7 @@ class ShadowAttributesController extends AppController {
$this->request->data['ShadowAttribute']['email'] = $this->Auth->user('email');
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'value', 'org');
if ($this->ShadowAttribute->save($this->request->data)) {
$this->_setProposalLock($this->request->data['ShadowAttribute']['event_id'], 1);
$this->__sendProposalAlertEmail($this->request->data['ShadowAttribute']['event_id']);
$this->Session->setFlash(__('The proposed Attribute has been saved'));
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
} else {
@ -544,30 +545,33 @@ class ShadowAttributesController extends AppController {
$this->set('typeDefinitions', $this->ShadowAttribute->typeDefinitions);
$this->set('categoryDefinitions', $this->ShadowAttribute->categoryDefinitions);
}
private function _setProposalLock($id, $setting) {
// This method is used to change the proposalLock to the opposite of the passed argument setting if the current setting doesn't match and save the event
private function _setProposalLock($id, $lock = true) {
$this->loadModel('Event');
$this->Event->recursive = -1;
$event = $this->Event->read(null, $id);
if ($setting == 1) {
if ($event['Event']['proposal_email_lock'] == 0) {
$fieldList = array('proposal_email_lock', 'id', 'info');
$event['Event']['proposal_email_lock'] = 1;
$this->Event->save($event, array('fieldList' => $fieldList));
$this->__sendProposalAlertEmail($id);
}
if ($lock) {
$event['Event']['proposal_email_lock'] = 1;
} else {
if ($event['Event']['proposal_email_lock'] == 1) {
$fieldList = array('proposal_email_lock', 'id', 'info');
$event['Event']['proposal_email_lock'] = 0;
$this->Event->save($event, array('fieldList' => $fieldList));
}
$event['Event']['proposal_email_lock'] = 0;
}
$fieldList = array('proposal_email_lock', 'id', 'info');
$this->Event->save($event, array('fieldList' => $fieldList));
}
private function __sendProposalAlertEmail($id) {
$this->loadModel('Event');
$this->Event->recursive = -1;
$event = $this->Event->read(null, $id);
// If the event has an e-mail lock, return
if ($event['Event']['proposal_email_lock'] == 1) {
return;
} else {
$this->_setProposalLock($id);
}
$this->loadModel('User');
$this->User->recursive = -1;
$orgMembers = array();
@ -580,7 +584,7 @@ class ShadowAttributesController extends AppController {
$body = "";
$body .= "Hello, \n";
$body .= "\n";
$body .= "A user of another organisation has proposed a change to an event created by you or your organisations. \n";
$body .= "A user of another organisation has proposed a change to an event created by you or your organisation. \n";
$body .= "\n";
$body .= "To view the event in question, follow this link:";
$body .= ' ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $id . "\n";
@ -649,4 +653,28 @@ class ShadowAttributesController extends AppController {
$this->Email->reset();
}
}
public function index() {
$this->paginate = array(
'conditions' =>
array('OR' =>
array(
'Event.org =' => $this->Auth->user('org'),
'AND' => array(
'ShadowAttribute.org =' => $this->Auth->user('org'),
'Event.distribution >' => 0,
),
)
),
'fields' => array('id', 'org', 'old_id'),
'contain' => array(
'Event' =>array(
'fields' => array('id', 'org', 'info', 'orgc'),
),
),
'recursive' => 1
);
$this->set('shadowAttributes', $this->paginate());
}
}

17
app/Model/Attribute.php
View File

@ -107,6 +107,7 @@ class Attribute extends AppModel {
'email-subject' => array('desc' => "The subject of the email"),
'email-attachment' => array('desc' => "File name of the email attachment."),
'url' => array('desc' => 'url'),
'http-method' => array('desc' => "HTTP method used by the malware (e.g. POST, GET, ...)."),
'user-agent' => array('desc' => "The user-agent used by the malware in the HTTP request."),
'regkey' => array('desc' => "Registry key or value"),
'regkey|value' => array('desc' => "Registry value + data separated by |"),
@ -159,7 +160,7 @@ class Attribute extends AppModel {
),
'Network activity' => array(
'desc' => 'Information about network traffic generated by the malware',
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
),
'Payload type' => array(
'desc' => 'Information about the final payload(s)',
@ -408,6 +409,13 @@ class Attribute extends AppModel {
break;
}
// uppercase the following types
switch($this->data['Attribute']['type']) {
case 'http-method':
$this->data['Attribute']['value'] = strtoupper($this->data['Attribute']['value']);
break;
}
// set to_ids if it doesn't exist
if (empty($this->data['Attribute']['to_ids'])) {
$this->data['Attribute']['to_ids'] = 0;
@ -495,6 +503,13 @@ class Attribute extends AppModel {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
break;
case 'http-method':
if (preg_match("#(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH)#", $value)) {
$returnValue = true;
} else {
$returnValue = 'Unknown HTTP method.';
}
break;
case 'filename':
// no newline
if (!preg_match("#\n#", $value)) {

35
app/Model/ShadowAttribute.php
View File

@ -25,11 +25,21 @@ class ShadowAttribute extends AppModel {
'Regexp' => array('fields' => array('value', 'value2')),
);
/**
* hasMany relation to shadow attributes
*
* @var unknown
*/
/**
* belongsTo associations
*
* @var array
*/
public $belongsTo = array(
'Event' => array(
'className' => 'Event',
'foreignKey' => 'event_id',
'conditions' => '',
'fields' => '',
'order' => '',
'counterCache' => true
)
);
/**
* Display field
@ -266,21 +276,6 @@ class ShadowAttribute extends AppModel {
//The Associations below have been created with all possible keys, those that are not needed can be removed
/**
* belongsTo associations
*
* @var array
*/
public $belongsTo = array(
'Event' => array(
'className' => 'Event',
'foreignKey' => 'id',
'conditions' => '',
'fields' => '',
'order' => '',
'counterCache' => true
)
);
/**
* beforeSave

7
app/View/Events/view.ctp
View File

@ -213,7 +213,12 @@ if (!empty($event['Attribute'])):?>
echo h($filenameHash[0]);
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
} elseif ('vulnerability' == $attribute['type']) {
echo $this->Html->link(h($sigDisplay), 'http://www.google.com/search?q=' . h($sigDisplay), array('target' => '_blank'));
if (! is_null(Configure::read('CyDefSig.cveurl'))) {
$cveUrl = Configure::read('CyDefSig.cveurl');
} else {
$cveUrl = "http://www.google.com/search?q=";
}
echo $this->Html->link(h($sigDisplay), h($cveUrl) . h($sigDisplay), array('target' => '_blank'));
} elseif ('link' == $attribute['type']) {
echo $this->Html->link(h($sigDisplay), h($sigDisplay));
} else {

88
app/View/ShadowAttributes/index.ctp Normal file
View File

@ -0,0 +1,88 @@
<div class="shadowAttributes index">
<h2>Proposals</h2>
<div class="pagination">
<ul>
<?php
$this->Paginator->options(array(
'update' => '.span12',
'evalScripts' => true,
'before' => '$(".progress").show()',
'complete' => '$(".progress").hide()',
));
echo $this->Paginator->prev('&laquo; ' . __('previous'), array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'prev disabled', 'escape' => false, 'disabledTag' => 'span'));
echo $this->Paginator->numbers(array('modulus' => 20, 'separator' => '', 'tag' => 'li', 'currentClass' => 'active', 'currentTag' => 'span'));
echo $this->Paginator->next(__('next') . ' &raquo;', array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'next disabled', 'escape' => false, 'disabledTag' => 'span'));
?>
</ul>
</div>
<table class="table table-striped table-hover table-condensed">
<tr>
<th>Event</th>
<th>
<?php echo $this->Paginator->sort('org', 'Org');?>
</th>
<th>
Type
</th>
<th>
<?php echo $this->Paginator->sort('id', 'Info');?>
</th>
</tr>
<?php foreach ($shadowAttributes as $event):?>
<tr>
<td class="short" onclick="document.location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php echo h($event['Event']['id']);?>
</td>
<td class="short" onclick="document.location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php echo h($event['ShadowAttribute']['org'])?>
</td>
<td class="short" onclick="document.location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php
if ($event['ShadowAttribute']['old_id'] != 0) {
echo 'Attribute edit';
} else {
echo 'New Attribute';
}
?>
</td>
<td onclick="document.location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php echo h($event['Event']['info']); ?>
</td>
</tr>
<?php endforeach; ?>
</table>
<p>
<?php
echo $this->Paginator->counter(array(
'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
));
?>
</p>
<div class="pagination">
<ul>
<?php
echo $this->Paginator->prev('&laquo; ' . __('previous'), array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'prev disabled', 'escape' => false, 'disabledTag' => 'span'));
echo $this->Paginator->numbers(array('modulus' => 20, 'separator' => '', 'tag' => 'li', 'currentClass' => 'active', 'currentTag' => 'span'));
echo $this->Paginator->next(__('next') . ' &raquo;', array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'next disabled', 'escape' => false, 'disabledTag' => 'span'));
?>
</ul>
</div>
</div>
<div class="actions <?php echo $debugMode;?>">
<ul class="nav nav-list">
<li class="active"><a href="/events/index">List Events</a></li>
<?php if ($isAclAdd): ?>
<li><a href="/events/add">Add Event</a></li>
<?php endif; ?>
<li class="divider"></li>
<li><a href="/attributes/index">List Attributes</a></li>
<li><a href="/attributes/search">Search Attributes</a></li>
<li class="divider"></li>
<li><a href="/events/export">Export</a></li>
<?php if ($isAclAuth): ?>
<li><a href="/events/automation">Automation</a></li>
<?php endif;?>
</ul>
</div>

18
app/View/Users/terms.ctp
View File

@ -1,6 +1,18 @@
<div class="users form">
<h2>CyDefSIG Terms and Conditions</h2>
<p>Please add your terms and conditions here</p>
<h2>MISP Terms and Conditions</h2>
<?php
$termsFile = APP ."View/Users/terms";
if (!(file_exists($termsFile))) {
echo "<p>Please add your terms and conditions in file $termsFile.</p>";
}else {
$terms = new File($termsFile, false);
echo $terms->read(true,'r');
$terms->close();
}
?>
<?php
if (!$termsaccepted) {
echo $this->Form->create('User');
@ -17,4 +29,4 @@ if (!$termsaccepted) {
<li><a href="/pages/display/doc/general">User Guide</a></li>
<li class="active"><a href="/users/terms">Terms & Conditions</a></li>
</ul>
</div>
</div>