mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
chrisr3d
commit
56d6e5fd7f
|
|
@ -161,6 +161,9 @@ class AppController extends Controller {
|
|||
}
|
||||
$userLoggedIn = false;
|
||||
if (Configure::read('Plugin.CustomAuth_enable')) $userLoggedIn = $this->__customAuthentication($_SERVER);
|
||||
if ($this->_isRest()) {
|
||||
$this->Security->unlockedActions = array($this->action);
|
||||
}
|
||||
if (!$userLoggedIn) {
|
||||
// REST authentication
|
||||
if ($this->_isRest() || $this->_isAutomation()) {
|
||||
|
|
|
|||
|
|
@ -485,18 +485,24 @@ class ACLComponent extends Component {
|
|||
// If the requested action has a permission, check if the user's role has it flagged. If yes, return true
|
||||
// If we fall through all of the checks, return an exception.
|
||||
public function checkAccess($user, $controller, $action) {
|
||||
$action = strtolower($action);
|
||||
$controller = strtolower($controller);
|
||||
$aclList = $this->__aclList;
|
||||
foreach ($aclList as $k => $v) {
|
||||
$aclList[$k] = array_change_key_case($v);
|
||||
}
|
||||
if ($user['Role']['perm_site_admin']) return true;
|
||||
if (!isset($this->__aclList[$controller])) $this->__error(404, 'Invalid controller.');
|
||||
if (!isset($aclList[$controller])) $this->__error(404, 'Invalid controller.');
|
||||
if ($user['Role']['perm_site_admin']) return true;
|
||||
if (isset($this->__aclList[$controller][$action]) && !empty($this->__aclList[$controller][$action])) {
|
||||
if (in_array('*', $this->__aclList[$controller][$action])) return true;
|
||||
if (isset($this->__aclList[$controller][$action]['OR'])) {
|
||||
foreach ($this->__aclList[$controller][$action]['OR'] as $permission) if ($user['Role'][$permission]) return true;
|
||||
} else if (isset($this->__aclList[$controller][$action]['AND'])) {
|
||||
if (isset($aclList[$controller][$action]) && !empty($aclList[$controller][$action])) {
|
||||
if (in_array('*', $aclList[$controller][$action])) return true;
|
||||
if (isset($aclList[$controller][$action]['OR'])) {
|
||||
foreach ($aclList[$controller][$action]['OR'] as $permission) if ($user['Role'][$permission]) return true;
|
||||
} else if (isset($aclList[$controller][$action]['AND'])) {
|
||||
$allConditionsMet = true;
|
||||
foreach ($this->__aclList[$controller][$action]['AND'] as $permission) if (!$user['Role'][$permission]) $allConditionsMet = false;
|
||||
foreach ($aclList[$controller][$action]['AND'] as $permission) if (!$user['Role'][$permission]) $allConditionsMet = false;
|
||||
if ($allConditionsMet) return true;
|
||||
} else if ($user['Role'][$this->__aclList[$controller][$action][0]]) return true;
|
||||
} else if ($user['Role'][$aclList[$controller][$action][0]]) return true;
|
||||
}
|
||||
$this->__error(403, 'You do not have permission to use this functionality.');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2465,6 +2465,9 @@ class EventsController extends AppController {
|
|||
$requested_attributes = array('uuid', 'event_id', 'category', 'type',
|
||||
'value', 'comment', 'to_ids', 'timestamp');
|
||||
$requested_obj_attributes = array('uuid', 'name', 'meta-category');
|
||||
if ($includeContext) {
|
||||
$requested_attributes[] = 'attribute_tag';
|
||||
}
|
||||
if (isset($this->params['url']['attributes'])) {
|
||||
if (!isset($this->params['url']['obj_attributes'])) $requested_obj_attributes = array();
|
||||
$requested_attributes = explode(',', $this->params['url']['attributes']);
|
||||
|
|
@ -3978,6 +3981,14 @@ class EventsController extends AppController {
|
|||
'checkbox_text' => 'Include non-IDS marked attributes',
|
||||
'checkbox_set' => '/events/csv/download/' . $id . '/1'
|
||||
),
|
||||
'csv_with_context' => array(
|
||||
'url' => '/events/csv/download/' . $id . '/0/0/0/0/1',
|
||||
'text' => 'CSV with additional context',
|
||||
'requiresPublished' => true,
|
||||
'checkbox' => true,
|
||||
'checkbox_text' => 'Include non-IDS marked attributes',
|
||||
'checkbox_set' => '/events/csv/download/' . $id . '/1/0/0/0/1'
|
||||
),
|
||||
'stix_xml' => array(
|
||||
'url' => '/events/stix/download/' . $id . '.xml',
|
||||
'text' => 'STIX XML (metadata + all attributes)',
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ class ObjectsController extends AppController {
|
|||
throw new NotFoundException('Invalid event.');
|
||||
}
|
||||
$eventId = $event['Event']['id'];
|
||||
if (!empty($tempalteId) || !$this->_isRest()) {
|
||||
if (!empty($templateId) || !$this->_isRest()) {
|
||||
$templates = $this->MispObject->ObjectTemplate->find('all', array(
|
||||
'conditions' => array('ObjectTemplate.id' => $templateId),
|
||||
'recursive' => -1,
|
||||
|
|
@ -254,11 +254,16 @@ class ObjectsController extends AppController {
|
|||
}
|
||||
|
||||
public function edit($id) {
|
||||
if (Validation::uuid($id)) {
|
||||
$conditions = array('Object.uuid' => $id);
|
||||
} else {
|
||||
$conditions = array('Object.id' => $id);
|
||||
}
|
||||
if (!$this->userRole['perm_modify']) {
|
||||
throw new MethodNotAllowedException('You don\'t have permissions to edit objects.');
|
||||
}
|
||||
$object = $this->MispObject->find('first', array(
|
||||
'conditions' => array('Object.id' => $id),
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Attribute' => array(
|
||||
|
|
@ -271,6 +276,7 @@ class ObjectsController extends AppController {
|
|||
if (empty($object)) {
|
||||
throw new NotFoundException('Invalid object.');
|
||||
}
|
||||
$id = $object['Object']['id'];
|
||||
$eventFindParams = array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id'),
|
||||
|
|
@ -318,13 +324,13 @@ class ObjectsController extends AppController {
|
|||
if (is_numeric($objectToSave)) {
|
||||
$objectToSave = $this->MispObject->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('Object.id' => $result),
|
||||
'conditions' => array('Object.id' => $id),
|
||||
'contain' => array('Attribute')
|
||||
));
|
||||
$this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
|
||||
return $this->RestResponse->viewData($objectToSave, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('Objects', 'add', false, $result, $this->response->type());
|
||||
return $this->RestResponse->saveFailResponse('Objects', 'add', false, $id, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
$this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
|
||||
|
|
|
|||
|
|
@ -1161,9 +1161,7 @@ class ServersController extends AppController {
|
|||
|
||||
public function restartWorkers() {
|
||||
if (!$this->_isSiteAdmin() || !$this->request->is('post')) throw new MethodNotAllowedException();
|
||||
$this->Server->workerRemoveDead($this->Auth->user());
|
||||
$prepend = '';
|
||||
shell_exec($prepend . APP . 'Console' . DS . 'worker' . DS . 'start.sh > /dev/null 2>&1 &');
|
||||
$this->Server->restartWorkers($this->Auth->user());
|
||||
$this->redirect(array('controller' => 'servers', 'action' => 'serverSettings', 'workers'));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@
|
|||
$this->__addAdditionalDistributionInfo(1, $org);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// org only
|
||||
$thisOrg = $this->__user['Organisation']['name'];
|
||||
$this->__addAdditionalDistributionInfo(0, $thisOrg); // add current community
|
||||
|
|
@ -126,9 +126,9 @@
|
|||
$this->__json['obj_attr'] = $this->init_array_distri();
|
||||
$this->__json['additionalDistributionInfo'] = $this->init_array_distri(array());
|
||||
|
||||
|
||||
|
||||
if (empty($event)) return $this->__json;
|
||||
|
||||
|
||||
if (!empty($event['Object'])) {
|
||||
$object = $event['Object'];
|
||||
} else {
|
||||
|
|
@ -156,11 +156,13 @@
|
|||
$this->__fetchAndAddDistributionInfo($obj);
|
||||
|
||||
$added_value = array();
|
||||
foreach($obj['Attribute'] as $objAttr) {
|
||||
$distri = $objAttr['distribution'];
|
||||
$this->__json['event'][$distri] += 1;
|
||||
$this->__json['obj_attr'][$distri] += 1;
|
||||
$this->__fetchAndAddDistributionInfo($objAttr);
|
||||
if (!empty($obj['Attribute'])) {
|
||||
foreach($obj['Attribute'] as $objAttr) {
|
||||
$distri = $objAttr['distribution'];
|
||||
$this->__json['event'][$distri] += 1;
|
||||
$this->__json['obj_attr'][$distri] += 1;
|
||||
$this->__fetchAndAddDistributionInfo($objAttr);
|
||||
}
|
||||
}
|
||||
}
|
||||
// distribution 5 is inherit event, apply this fact on values
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit bfd2d21d782a69626bcf1ae2d22aad6e565fb29c
|
||||
Subproject commit ab5578dbc9f88e661d2b017489cd156fca961429
|
||||
|
|
@ -61,7 +61,7 @@ class AppModel extends Model {
|
|||
|
||||
public $db_changes = array(
|
||||
1 => false, 2 => false, 3 => false, 4 => true, 5 => false, 6 => false,
|
||||
7 => false
|
||||
7 => false, 8 => false
|
||||
);
|
||||
|
||||
function afterSave($created, $options = array()) {
|
||||
|
|
@ -140,6 +140,10 @@ class AppModel extends Model {
|
|||
$this->Feed = Classregistry::init('Feed');
|
||||
$this->Feed->setEnableFeedCachingDefaults();
|
||||
break;
|
||||
case 8:
|
||||
$this->Server = Classregistry::init('Server');
|
||||
$this->Server->restartWorkers();
|
||||
break;
|
||||
default:
|
||||
$this->updateDatabase($command);
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -2009,9 +2009,9 @@ class Event extends AppModel {
|
|||
$tags[] = $attributeTag['Tag']['name'];
|
||||
}
|
||||
}
|
||||
$attribute['attribute_tag'] = implode(',', $tags);
|
||||
$attribute['Attribute']['attribute_tag'] = implode(',', $tags);
|
||||
}
|
||||
$this->__escapeCSVField($attribute['attribute_tag']);
|
||||
$this->__escapeCSVField($attribute['Attribute']['attribute_tag']);
|
||||
if (!empty($attribute['Event']['EventTag'])) {
|
||||
$tags = array();
|
||||
foreach ($attribute['Event']['EventTag'] as $eventTag) {
|
||||
|
|
|
|||
|
|
@ -324,16 +324,19 @@ class Feed extends AppModel {
|
|||
$hashTable = array();
|
||||
$hitIds = array();
|
||||
$this->Event = ClassRegistry::init('Event');
|
||||
$objectKeys = array();
|
||||
foreach ($objects as $k => $object) {
|
||||
if ($object['disable_correlation']) continue;
|
||||
if (in_array($object['type'], $this->Event->Attribute->getCompositeTypes())) {
|
||||
$value = explode('|', $object['value']);
|
||||
$hashTable[$k] = md5($value[0]);
|
||||
$objectKeys[] = $k;
|
||||
} else {
|
||||
$hashTable[$k] = md5($object['value']);
|
||||
}
|
||||
$redis->sismember('misp:feed_cache:combined', $hashTable[$k]);
|
||||
$objectKeys[] = $k;
|
||||
}
|
||||
$results = array();
|
||||
$results = $pipe->exec();
|
||||
if (!$overrideLimit && count($objects) > 10000) {
|
||||
foreach ($results as $k => $result) {
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ class MispObject extends AppModel {
|
|||
if ($this->save($object)) {
|
||||
$result = $this->id;
|
||||
foreach ($object['Attribute'] as $k => $attribute) {
|
||||
$object['Attribute'][$k]['object_id'] = $id;
|
||||
$object['Attribute'][$k]['object_id'] = $this->id;
|
||||
}
|
||||
$this->Attribute->saveAttributes($object['Attribute']);
|
||||
} else {
|
||||
|
|
@ -412,6 +412,23 @@ class MispObject extends AppModel {
|
|||
}
|
||||
|
||||
public function deltaMerge($object, $objectToSave) {
|
||||
if (!isset($objectToSave['Object'])) {
|
||||
$dataToBackup = array('ObjectReferences', 'Attribute', 'ShadowAttribute');
|
||||
$backup = array();
|
||||
foreach ($dataToBackup as $dtb) {
|
||||
if (isset($objectToSave[$dtb])) {
|
||||
$backup[$dtb] = $objectToSave[$dtb];
|
||||
unset($objectToSave[$dtb]);
|
||||
}
|
||||
}
|
||||
$objectToSave = array('Object' => $objectToSave);
|
||||
foreach ($dataToBackup as $dtb) {
|
||||
if (isset($backup[$dtb])) {
|
||||
$objectToSave[$dtb] = $backup[$dtb];
|
||||
}
|
||||
}
|
||||
unset($dataToBackup);
|
||||
}
|
||||
$object['Object']['comment'] = $objectToSave['Object']['comment'];
|
||||
$object['Object']['distribution'] = $objectToSave['Object']['distribution'];
|
||||
if ($object['Object']['distribution'] == 4) {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ class Noticelist extends AppModel{
|
|||
}
|
||||
|
||||
public function update() {
|
||||
$directories = glob(APP . 'files' . DS . 'noticelist' . DS . 'lists' . DS . '*', GLOB_ONLYDIR);
|
||||
$directories = glob(APP . 'files' . DS . 'noticelists' . DS . 'lists' . DS . '*', GLOB_ONLYDIR);
|
||||
$updated = array();
|
||||
foreach ($directories as $dir) {
|
||||
$file = new File($dir . DS . 'list.json');
|
||||
|
|
|
|||
|
|
@ -3379,7 +3379,7 @@ class Server extends AppModel {
|
|||
}
|
||||
}
|
||||
|
||||
public function workerRemoveDead($user) {
|
||||
public function workerRemoveDead($user = false) {
|
||||
$this->ResqueStatus = new ResqueStatus\ResqueStatus(Resque::redis());
|
||||
$workers = $this->ResqueStatus->getWorkers();
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
|
|
@ -3393,16 +3393,29 @@ class Server extends AppModel {
|
|||
if ($worker['user'] == $currentUser && !$pidTest) {
|
||||
$this->ResqueStatus->removeWorker($pid);
|
||||
$this->Log->create();
|
||||
$this->Log->save(array(
|
||||
'org' => $user['Organisation']['name'],
|
||||
'model' => 'User',
|
||||
'model_id' => $user['id'],
|
||||
'email' => $user['email'],
|
||||
'action' => 'remove_dead_workers',
|
||||
'user_id' => $user['id'],
|
||||
'title' => 'Removing a dead worker.',
|
||||
'change' => 'Removing dead worker data. Worker was of type ' . $worker['queue'] . ' with pid ' . $pid
|
||||
));
|
||||
if (!empty($user)) {
|
||||
$this->Log->save(array(
|
||||
'org' => $user['Organisation']['name'],
|
||||
'model' => 'User',
|
||||
'model_id' => $user['id'],
|
||||
'email' => $user['email'],
|
||||
'action' => 'remove_dead_workers',
|
||||
'user_id' => $user['id'],
|
||||
'title' => 'Removing a dead worker.',
|
||||
'change' => 'Removing dead worker data. Worker was of type ' . $worker['queue'] . ' with pid ' . $pid
|
||||
));
|
||||
} else {
|
||||
$this->Log->save(array(
|
||||
'org' => 'SYSTEM',
|
||||
'model' => 'User',
|
||||
'model_id' => 0,
|
||||
'email' => 'SYSTEM',
|
||||
'action' => 'remove_dead_workers',
|
||||
'user_id' => 0,
|
||||
'title' => 'Removing a dead worker.',
|
||||
'change' => 'Removing dead worker data. Worker was of type ' . $worker['queue'] . ' with pid ' . $pid
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -3763,18 +3776,27 @@ class Server extends AppModel {
|
|||
}
|
||||
|
||||
public function fetchServer($id) {
|
||||
if (empty($id)) return false;
|
||||
$conditions = array('Server.id' => $id);
|
||||
if (!is_numeric($id)) {
|
||||
$conditions = array('OR' => array(
|
||||
'LOWER(Server.name)' => strtolower($id),
|
||||
'LOWER(Server.url)' => strtolower($id)
|
||||
));
|
||||
}
|
||||
$server = $this->find('first', array(
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1
|
||||
if (empty($id)) return false;
|
||||
$conditions = array('Server.id' => $id);
|
||||
if (!is_numeric($id)) {
|
||||
$conditions = array('OR' => array(
|
||||
'LOWER(Server.name)' => strtolower($id),
|
||||
'LOWER(Server.url)' => strtolower($id)
|
||||
));
|
||||
return (empty($server)) ? false : $server;
|
||||
}
|
||||
$server = $this->find('first', array(
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1
|
||||
));
|
||||
return (empty($server)) ? false : $server;
|
||||
}
|
||||
|
||||
public function restartWorkers($user=false) {
|
||||
if (Configure::read('MISP.background_jobs')) {
|
||||
$this->workerRemoveDead($user);
|
||||
$prepend = '';
|
||||
shell_exec($prepend . APP . 'Console' . DS . 'worker' . DS . 'start.sh > /dev/null 2>&1 &');
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<?php
|
||||
$hard_message = __('Are you sure you want to hard-delete Attribute #%s? The Attribute will be permanently deleted and unrecoverable. Also, this will prevent the deletion to be propagated to other instances.', h($id));
|
||||
$soft_message = __('Are you sure you want to soft-delete Attribute #%s? The Attribute will only be soft deleted, meaning that it is not completely purged. Click on show deleted attributes and delete the soft deleted attribute if you want to permanently remove it.', h($id));
|
||||
$soft_message = __('Are you sure you want to soft-delete Attribute #%s? The Attribute will only be soft deleted, meaning that it is not completely purged. Click on Include deleted attributes and delete the soft deleted attribute if you want to permanently remove it.', h($id));
|
||||
?>
|
||||
<p><?php echo $hard ? $hard_message : $soft_message; ?></p>
|
||||
<table>
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@
|
|||
echo $this->element('/side_menu_link', array(
|
||||
'onClick' => array(
|
||||
'function' => 'getPopup',
|
||||
'params' => array($event['Event']['id'], 'events', 'importchoice')
|
||||
'params' => array($event['Event']['id'], 'events', 'importChoice')
|
||||
),
|
||||
'text' => 'Populate from...'
|
||||
));
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
'class' => 'form-control span6'
|
||||
));
|
||||
echo $this->Form->input('input_source', array(
|
||||
'label' => __('Source Format'),
|
||||
'div' => 'input clear',
|
||||
'options' => array('network' => 'Network', 'local' => 'Local'),
|
||||
'class' => 'form-control span6'
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit e3d1ba42e1948afab9f7a87aa1b3ba3a88153160
|
||||
Subproject commit 6c80c0923ac30c66500c041c33c2848dfc563123
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 1f70345ca626873eb26074d35333a083bf99e8d1
|
||||
Subproject commit a701ae51bfdd8f24b58f916f8c4a40f525365b44
|
||||
Loading…
Reference in New Issue