MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [internal] Use FileAccessTool in MispObject

pull/7910/head
Jakub Onderka 2021-10-30 20:32:04 +02:00
parent aa0c27ef5d
commit 61a8320b4f
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Model/MispObject.php
View File

@ -2,6 +2,7 @@
App::uses('AppModel', 'Model');
App::uses('TmpFileTool', 'Tools');
App::uses('AttributeValidationTool', 'Tools');
App::uses('FileAccessTool', 'Tools');
/**
* @property Event $Event
@ -731,6 +732,8 @@ class MispObject extends AppModel
* Clean the attribute list up from artifacts introduced by the object form
* @param array $attributes
* @return string|array
* @throws InternalErrorException
* @throws Exception
*/
public function attributeCleanup($attributes)
{
@ -751,23 +754,19 @@ class MispObject extends AppModel
if (isset($attribute['Attachment'])) {
// Check if there were problems with the file upload
// only keep the last part of the filename, this should prevent directory attacks
$filename = basename($attribute['Attachment']['name']);
$tmpfile = new File($attribute['Attachment']['tmp_name']);
if ((isset($attribute['Attachment']['error']) && $attribute['Attachment']['error'] == 0) ||
(!empty($attribute['Attachment']['tmp_name']) && $attribute['Attachment']['tmp_name'] != 'none')
) {
if (!is_uploaded_file($tmpfile->path)) {
if (!is_uploaded_file($attribute['Attachment']['tmp_name'])) {
throw new InternalErrorException('PHP says file was not uploaded. Are you attacking me?');
}
} else {
return 'Issues with the file attachment for the ' . $attribute['object_relation'] . ' attribute. The error code returned is ' . $attribute['Attachment']['error'];
throw new InternalErrorException('Issues with the file attachment for the ' . $attribute['object_relation'] . ' attribute. The error code returned is ' . $attribute['Attachment']['error']);
}
$attributes['Attribute'][$k]['value'] = $attribute['Attachment']['name'];
unset($attributes['Attribute'][$k]['Attachment']);
$attributes['Attribute'][$k]['encrypt'] = $attribute['type'] == 'malware-sample' ? 1 : 0;
$attributes['Attribute'][$k]['data'] = base64_encode($tmpfile->read());
$tmpfile->delete();
$tmpfile->close();
$attributes['Attribute'][$k]['encrypt'] = $attribute['type'] === 'malware-sample' ? 1 : 0;
$attributes['Attribute'][$k]['data'] = base64_encode(FileAccessTool::readAndDelete($attribute['Attachment']['tmp_name']));
}
if (!isset($attributes['Attribute'][$k]['first_seen'])) {
$attributes['Attribute'][$k]['first_seen'] = null;

2
app/View/Objects/revise_object.ctp
View File

@ -26,7 +26,7 @@ $tableData = [
echo $this->Form->create('Object', array('id', 'url' => $url));
$formSettings = array(
'type' => 'hidden',
'value' => json_encode($data, true),
'value' => json_encode($data),
'label' => false,
'div' => false
);