MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [internal] Do not encode/decode base64 for simpleAddMalwareSample

pull/7823/head
Jakub Onderka 2021-10-09 17:28:44 +02:00
parent c89893cbab
commit 5e320a1dbd
2 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
app/Model/Attribute.php
View File

@ -3191,6 +3191,28 @@ class Attribute extends AppModel
return $result;
}
/**
* @param string $originalFilename
* @param string $content
* @param array $hashTypes
* @return array
*/
private function handleMaliciousRaw($originalFilename, $content, array $hashTypes)
{
$attachmentTool = $this->loadAttachmentTool();
$hashes = $attachmentTool->computeHashes($content, $hashTypes);
try {
$encrypted = $attachmentTool->encrypt($originalFilename, $content, $hashes['md5']);
} catch (Exception $e) {
$this->logException("Could not create encrypted malware sample.", $e);
return ['success' => false];
}
$hashes['success'] = true;
$hashes['data_raw'] = $encrypted;
return $hashes;
}
/**
* @return bool Return true if at least one advanced extraction tool is available
*/
@ -3529,7 +3551,7 @@ class Attribute extends AppModel
public function simpleAddMalwareSample($event_id, $attribute_settings, $filename, $tmpfile)
{
$attributes = array(
'malware-sample' => array('type' => 'malware-sample', 'data' => 1, 'category' => '', 'to_ids' => 1, 'disable_correlation' => 0, 'object_relation' => 'malware-sample'),
'malware-sample' => array('type' => 'malware-sample', 'category' => '', 'to_ids' => 1, 'disable_correlation' => 0, 'object_relation' => 'malware-sample'),
'filename' => array('type' => 'filename', 'category' => '', 'to_ids' => 0, 'disable_correlation' => 0, 'object_relation' => 'filename'),
'md5' => array('type' => 'md5', 'category' => '', 'to_ids' => 1, 'disable_correlation' => 0, 'object_relation' => 'md5'),
'sha1' => array('type' => 'sha1', 'category' => '', 'to_ids' => 1, 'disable_correlation' => 0, 'object_relation' => 'sha1'),
@ -3537,16 +3559,14 @@ class Attribute extends AppModel
'size-in-bytes' => array('type' => 'size-in-bytes', 'category' => 'Other', 'to_ids' => 0, 'disable_correlation' => 1, 'object_relation' => 'size-in-bytes')
);
$hashes = array('md5', 'sha1', 'sha256');
$this->Object = ClassRegistry::init('MispObject');
$this->ObjectTemplate = ClassRegistry::init('ObjectTemplate');
$current = $this->ObjectTemplate->find('first', array(
$current = $this->Object->ObjectTemplate->find('first', array(
'fields' => array('MAX(version) AS version', 'uuid'),
'conditions' => array('uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215'),
'recursive' => -1,
'group' => array('uuid')
));
if (!empty($current)) {
$object_template = $this->ObjectTemplate->find('first', array(
$object_template = $this->Object->ObjectTemplate->find('first', array(
'conditions' => array(
'ObjectTemplate.uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215',
'ObjectTemplate.version' => $current[0]['version']
@ -3576,7 +3596,7 @@ class Attribute extends AppModel
'event_id' => $event_id,
'comment' => !empty($attribute_settings['comment']) ? $attribute_settings['comment'] : ''
);
$result = $this->handleMaliciousBase64($event_id, $filename, base64_encode($tmpfile->read()), $hashes);
$result = $this->handleMaliciousRaw($filename, $tmpfile->read(), $hashes);
foreach ($attributes as $k => $v) {
$attribute = array(
'distribution' => 5,
@ -3588,11 +3608,9 @@ class Attribute extends AppModel
'event_id' => $event_id,
'object_relation' => $v['object_relation']
);
if (isset($v['data'])) {
$attribute['data'] = $result['data'];
}
if ($k === 'malware-sample') {
$attribute['value'] = $filename . '|' . $result['md5'];
$attribute['data_raw'] = $result['data_raw'];
} elseif ($k === 'size-in-bytes') {
$attribute['value'] = $tmpfile->size();
} elseif ($k === 'filename') {

1
app/Model/MispObject.php
View File

@ -7,6 +7,7 @@ App::uses('TmpFileTool', 'Tools');
* @property SharingGroup $SharingGroup
* @property Attribute $Attribute
* @property ObjectReference $ObjectReference
* @property ObjectTemplate $ObjectTemplate
*/
class MispObject extends AppModel
{