mirror of https://github.com/MISP/MISP
Private
Private events are true private and running a server in 2 modes (private and sync), so real private (red) or private to server (amber) or full distributable (green). Mind this needs a change to tables events, attributes and correlation. These are in MYSQL.private.sql.pull/63/head
parent
bf4e46da8f
commit
67e50cb612
|
@ -111,6 +111,10 @@ Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png'); // used in Events::ind
|
|||
Configure::write('CyDefSIG.showorg', 'true'); // show the name/flag of the organisation that uploaded the data
|
||||
Configure::write('CyDefSIG.showowner', 'false'); // show the email of the owner that uploaded the data
|
||||
Configure::write('CyDefSIG.sync', 'false'); // enable features related to syncing with other CyDefSIG instances
|
||||
Configure::write('CyDefSIG.private', 'true'); // respect private to org or server.
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
Configure::write('CyDefSIG.sync', 'true');
|
||||
}
|
||||
Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails
|
||||
|
||||
Configure::write('GnuPG.onlyencrypted', 'true'); // only allow encrypted email, do not allow plaintext mails
|
||||
|
|
|
@ -322,7 +322,7 @@ class AppController extends Controller {
|
|||
|
||||
$this->loadModel('Correlation');
|
||||
$this->loadModel('Attribute');
|
||||
$fields = array('Attribute.id', 'Attribute.event_id', 'Event.date');
|
||||
$fields = array('Attribute.id', 'Attribute.event_id', 'Attribute.private', 'Event.date', 'Event.org');
|
||||
// get all attributes..
|
||||
$attributes = $this->Attribute->find('all',array('recursive' => 0));
|
||||
// for all attributes..
|
||||
|
|
|
@ -41,6 +41,31 @@ class AttributesController extends AppController {
|
|||
$this->params->addParams(array('pass' => array($id))); // FIXME find better way to change id variable if uuid is found. params->url and params->here is not modified accordingly now
|
||||
}
|
||||
}
|
||||
|
||||
// do not show private to other groups
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
// if not admin or own org, check private as well..
|
||||
if (!$this->_IsAdmin()) {
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array('Event.org =' => $this->Auth->user('org')),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)))),
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// do not show cluster outside server
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
if ($this->_isRest()) {
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("AND" => array('Event.cluster !=' => true),array('Attribute.cluster !=' => true)),
|
||||
//array("AND" => array(array('Event.private !=' => 2))),
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function isAuthorized($user) {
|
||||
|
@ -114,6 +139,9 @@ class AttributesController extends AppController {
|
|||
|
||||
$this->Attribute->create();
|
||||
$this->request->data['Attribute']['value'] = $attribute; // set the value as the content of the single line
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$this->request->data = $this->Attribute->massageData(&$this->request->data);
|
||||
}
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
$successes .= " " . ($key + 1);
|
||||
} else {
|
||||
|
@ -140,6 +168,10 @@ class AttributesController extends AppController {
|
|||
// create the attribute
|
||||
$this->Attribute->create();
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$this->request->data = $this->Attribute->massageData(&$this->request->data);
|
||||
}
|
||||
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
// inform the user and redirect
|
||||
$this->Session->setFlash(__('The attribute has been saved'));
|
||||
|
@ -162,6 +194,12 @@ class AttributesController extends AppController {
|
|||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
$this->set('categories',compact('categories'));
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$sharings = array('Org','Server','All');
|
||||
$sharings = $this->_arrayToValuesIndexArray($sharings);
|
||||
$this->set('sharings',compact('sharings'));
|
||||
}
|
||||
|
||||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
|
@ -191,10 +229,10 @@ class AttributesController extends AppController {
|
|||
$this->viewClass = 'Media';
|
||||
$params = array(
|
||||
'id' => $file->path,
|
||||
'name' => $filename,
|
||||
'name' => $filename,
|
||||
'extension' => $fileExt,
|
||||
'download' => true,
|
||||
'path' => DS
|
||||
'path' => DS
|
||||
);
|
||||
$this->set($params);
|
||||
}
|
||||
|
@ -241,6 +279,9 @@ class AttributesController extends AppController {
|
|||
}
|
||||
$this->request->data['Attribute']['uuid'] = String::uuid();
|
||||
$this->request->data['Attribute']['batch_import'] = 0;
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$this->request->data = $this->Attribute->massageData(&$this->request->data);
|
||||
}
|
||||
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
// attribute saved correctly in the db
|
||||
|
@ -329,6 +370,12 @@ class AttributesController extends AppController {
|
|||
|
||||
$this->set('zippedDefinitions', $this->Attribute->zippedDefinitions);
|
||||
$this->set('uploadDefinitions', $this->Attribute->uploadDefinitions);
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$sharings = array('Org','Server','All');
|
||||
$sharings = $this->_arrayToValuesIndexArray($sharings);
|
||||
$this->set('sharings',compact('sharings'));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -358,8 +405,12 @@ class AttributesController extends AppController {
|
|||
}
|
||||
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$this->request->data = $this->Attribute->massageData(&$this->request->data);
|
||||
}
|
||||
|
||||
// say what fields are to be updated
|
||||
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private');
|
||||
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The attribute has been saved'));
|
||||
|
||||
|
@ -385,6 +436,12 @@ class AttributesController extends AppController {
|
|||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
$this->set('categories',compact('categories'));
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$sharings = array('Org','Server','All');
|
||||
$sharings = $this->_arrayToValuesIndexArray($sharings);
|
||||
$this->set('sharings',compact('sharings'));
|
||||
}
|
||||
|
||||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
|
@ -492,6 +549,20 @@ class AttributesController extends AppController {
|
|||
$this->paginate = array(
|
||||
'conditions' => $conditions
|
||||
);
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
if (!$this->_IsAdmin()) {
|
||||
// merge in private conditions
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array('Event.org =' => $this->Auth->user('org')),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)))),
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
$this->set('attributes', $this->paginate());
|
||||
|
||||
// and store into session
|
||||
|
|
|
@ -64,6 +64,30 @@ class EventsController extends AppController {
|
|||
$this->params->addParams(array('pass' => array($id))); // FIXME find better way to change id variable if uuid is found. params->url and params->here is not modified accordingly now
|
||||
}
|
||||
}
|
||||
|
||||
// do not show private to other groups
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
// if not admin or own org, check private as well..
|
||||
if (!$this->_IsAdmin()) {
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array('Event.org =' => $this->Auth->user('org')),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1)))),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
// do not show cluster outside server
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
if ($this->_isRest()) {
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array(array('Event.cluster !=' => true)),
|
||||
//array("AND" => array(array('Event.private !=' => 2))),
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function isAuthorized($user) {
|
||||
|
@ -110,21 +134,44 @@ class EventsController extends AppController {
|
|||
}
|
||||
$this->Event->read(null, $id);
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
if (!$this->_IsAdmin()) {
|
||||
// check for non-private and re-read
|
||||
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
|
||||
$this->Event->hasMany['Attribute']['conditions'] = array('Attribute.private !=' => 1);
|
||||
$this->Event->read(null, $id);
|
||||
}
|
||||
|
||||
// check private
|
||||
if (($this->Event->data['Event']['private']) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
|
||||
$this->Session->setFlash('Invalid event.');
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'terms'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$relatedAttributes = array();
|
||||
$this->loadModel('Attribute');
|
||||
if ('db' == Configure::read('CyDefSIG.correlation')) {
|
||||
$this->loadModel('Correlation');
|
||||
$fields = array('Correlation.event_id', 'Correlation.attribute_id', 'Correlation.date');
|
||||
$fields2 = array('Correlation.1_attribute_id','Correlation.event_id', 'Correlation.attribute_id', 'Correlation.date');
|
||||
$fields2 = array('Correlation.1_attribute_id','Correlation.event_id', 'Correlation.attribute_id', 'Correlation.date', 'Correlation.private', 'Correlation.org');
|
||||
$relatedAttributes2 = array();
|
||||
$relatedAttributes2 = $this->Correlation->find('all',array(
|
||||
'fields' => $fields2,
|
||||
'conditions' => array(
|
||||
'OR' => array(
|
||||
'Correlation.1_event_id' => $id
|
||||
)
|
||||
),
|
||||
'recursive' => 0));
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$conditionsCorrelation =
|
||||
array('AND' => array('Correlation.1_event_id' => $id,),
|
||||
array("OR" => array(
|
||||
array('Correlation.org =' => $this->Event->data['Event']['org']),
|
||||
array("AND" => array('Correlation.org !=' => $this->Event->data['Event']['org']), array('Correlation.private !=' => 1)))));
|
||||
} else {
|
||||
$conditionsCorrelation =
|
||||
array('AND' => array('Correlation.1_event_id' => $id,));
|
||||
}
|
||||
$relatedAttributes2 = $this->Correlation->find('all',array(
|
||||
'fields' => $fields2,
|
||||
'conditions' => $conditionsCorrelation,
|
||||
'recursive' => 0));
|
||||
|
||||
if (empty($relatedAttributes2)) {
|
||||
$relatedEvents = null;
|
||||
} else {
|
||||
|
@ -231,6 +278,12 @@ class EventsController extends AppController {
|
|||
*/
|
||||
public function add() {
|
||||
if ($this->request->is('post')) {
|
||||
|
||||
// TODO or massageData here
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$this->request->data = $this->Event->massageData(&$this->request->data);
|
||||
}
|
||||
|
||||
if (!empty($this->data)) {
|
||||
if (isset($this->data['Event']['submittedfile'])) {
|
||||
App::uses('File', 'Utility');
|
||||
|
@ -244,6 +297,7 @@ class EventsController extends AppController {
|
|||
//return false;
|
||||
$this->Session->setFlash('You may only upload GFI Sandbox zip files.');
|
||||
} else {
|
||||
// TODO or massageData here
|
||||
if ($this->_add($this->request->data, $this->Auth, $this->_isRest(),'')) {
|
||||
if ($this->_isRest()) {
|
||||
// REST users want to see the newly created event
|
||||
|
@ -269,6 +323,12 @@ class EventsController extends AppController {
|
|||
$risks = $this->_arrayToValuesIndexArray($risks);
|
||||
$this->set('risks',compact('risks'));
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$sharings = array('Org','Server','All');
|
||||
$sharings = $this->_arrayToValuesIndexArray($sharings);
|
||||
$this->set('sharings',compact('sharings'));
|
||||
}
|
||||
|
||||
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
|
||||
}
|
||||
|
||||
|
@ -322,9 +382,14 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
$fieldList = array(
|
||||
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private'),
|
||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private')
|
||||
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster'),
|
||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster')
|
||||
);
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$data = $this->Event->massageData(&$data);
|
||||
}
|
||||
|
||||
// this saveAssociated() function will save not only the event, but also the attributes
|
||||
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
|
||||
if ($this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList))) {
|
||||
|
@ -390,7 +455,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
// say what fields are to be updated
|
||||
$fieldList = array('date', 'risk', 'info', 'published', 'private');
|
||||
$fieldList = array('date', 'risk', 'info', 'published', 'private', 'cluster');
|
||||
// always force the org, but do not force it for admins
|
||||
if ($this->_isAdmin()) {
|
||||
// set the same org as existed before
|
||||
|
@ -400,6 +465,10 @@ class EventsController extends AppController {
|
|||
// we probably also want to remove the published flag
|
||||
$this->request->data['Event']['published'] = 0;
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$this->request->data = $this->Event->massageData(&$this->request->data);
|
||||
}
|
||||
|
||||
if ($this->Event->save($this->request->data, true, $fieldList)) {
|
||||
$this->Session->setFlash(__('The event has been saved'));
|
||||
$this->redirect(array('action' => 'view', $id));
|
||||
|
@ -415,7 +484,14 @@ class EventsController extends AppController {
|
|||
$risks = $this->_arrayToValuesIndexArray($risks);
|
||||
$this->set('risks',compact('risks'));
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
$sharings = array('Org', 'Server', 'All');
|
||||
$sharings = $this->_arrayToValuesIndexArray($sharings);
|
||||
$this->set('sharings', compact('sharings'));
|
||||
}
|
||||
|
||||
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
|
||||
$this->set('privateDefinitions', $this->Event->privateDefinitions);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -5,6 +5,11 @@ CREATE TABLE `correlations` (
|
|||
`1_attribute_id` int(11) NOT NULL,
|
||||
`event_id` int(11) NOT NULL,
|
||||
`attribute_id` int(11) NOT NULL,
|
||||
`date` date NOT NULL,
|
||||
`org` varchar(255) COLLATE utf8_bin NOT NULL,
|
||||
`private` tinyint(1) NOT NULL,
|
||||
`date` date NOT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
|
||||
|
||||
-- ALTER TABLE `correlations` ADD private tinyint(1) NOT NULL;
|
||||
-- ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;
|
|
@ -0,0 +1,5 @@
|
|||
ALTER TABLE `events` ADD `cluster` tinyint(1) NOT NULL;
|
||||
ALTER TABLE `attributes` ADD `cluster` tinyint(1) NOT NULL;
|
||||
|
||||
ALTER TABLE `correlations` ADD private tinyint(1) NOT NULL;
|
||||
ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;
|
|
@ -273,6 +273,42 @@ class Attribute extends AppModel {
|
|||
),
|
||||
);
|
||||
|
||||
public function __construct($id = false, $table = null, $ds = null) {
|
||||
parent::__construct($id, $table, $ds);
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
|
||||
$this->virtualFields = Set::merge($this->virtualFields,array(
|
||||
'sharing' => 'IF (Attribute.private=true, "Org", IF (Attribute.cluster=true, "Server", "All"))',
|
||||
));
|
||||
|
||||
$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
|
||||
'sharing' => array('desc' => 'This field tells how and if the attribute should be shared with other CyDefSIG users'),
|
||||
));
|
||||
|
||||
$this->validate = Set::merge($this->validate,array(
|
||||
'cluster' => array(
|
||||
'boolean' => array(
|
||||
'rule' => array('boolean'),
|
||||
//'message' => 'Your custom message here',
|
||||
//'allowEmpty' => false,
|
||||
'required' => false,
|
||||
//'last' => false, // Stop validation after this rule
|
||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
),
|
||||
'sharing' => array(
|
||||
'rule' => array('inList', array('Org','Server','All')),
|
||||
//'message' => 'Your custom message here',
|
||||
'allowEmpty' => false,
|
||||
'required' => false,
|
||||
//'last' => false, // Stop validation after this rule
|
||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
//The Associations below have been created with all possible keys, those that are not needed can be removed
|
||||
|
||||
/**
|
||||
|
@ -361,6 +397,24 @@ class Attribute extends AppModel {
|
|||
}
|
||||
}
|
||||
|
||||
public function massageData(&$data) {
|
||||
switch ($data['Attribute']['sharing']) {
|
||||
case 'Org':
|
||||
$data['Attribute']['private'] = true;
|
||||
$data['Attribute']['cluster'] = false;
|
||||
break;
|
||||
case 'Server':
|
||||
$data['Attribute']['private'] = false;
|
||||
$data['Attribute']['cluster'] = true;
|
||||
break;
|
||||
case 'All':
|
||||
$data['Attribute']['private'] = false;
|
||||
$data['Attribute']['cluster'] = false;
|
||||
break;
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
public function beforeValidate() {
|
||||
// remove leading and trailing blanks
|
||||
$this->data['Attribute']['value'] = trim($this->data['Attribute']['value']);
|
||||
|
@ -761,7 +815,7 @@ class Attribute extends AppModel {
|
|||
private function __afterSaveCorrelation($attribute) {
|
||||
$this->__beforeDeleteCorrelation($attribute);
|
||||
// re-add
|
||||
$this->setRelatedAttributes($attribute, array('Attribute.id', 'Attribute.event_id', 'Event.date'));
|
||||
$this->setRelatedAttributes($attribute, array('Attribute.id', 'Attribute.event_id', 'Attribute.private', 'Event.date', 'Event.org'));
|
||||
}
|
||||
|
||||
private function __beforeDeleteCorrelation($attribute) {
|
||||
|
@ -817,7 +871,7 @@ class Attribute extends AppModel {
|
|||
$params = array(
|
||||
'conditions' => array('Event.id' => $relatedAttribute['Attribute']['event_id']),
|
||||
'recursive' => 0,
|
||||
'fields' => array('Event.date')
|
||||
'fields' => array('Event.date', 'Event.org')
|
||||
);
|
||||
$eventDate = $this->Event->find('first', $params);
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
|
@ -826,6 +880,8 @@ class Attribute extends AppModel {
|
|||
'Correlation' => array(
|
||||
'1_event_id' => $attribute['event_id'], '1_attribute_id' => $attribute['id'],
|
||||
'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],
|
||||
'org' => $eventDate['Event']['org'],
|
||||
'private' => $relatedAttribute['Attribute']['private'],
|
||||
'date' => $eventDate['Event']['date']))
|
||||
);
|
||||
}
|
||||
|
|
|
@ -23,6 +23,8 @@ class Event extends AppModel {
|
|||
*/
|
||||
public $displayField = 'id';
|
||||
|
||||
public $virtualFields = array();
|
||||
|
||||
/**
|
||||
* Description field
|
||||
*
|
||||
|
@ -139,6 +141,42 @@ class Event extends AppModel {
|
|||
//),
|
||||
);
|
||||
|
||||
public function __construct($id = false, $table = null, $ds = null) {
|
||||
parent::__construct($id, $table, $ds);
|
||||
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
|
||||
$this->virtualFields = Set::merge($this->virtualFields,array(
|
||||
'sharing' => 'IF (Event.private=true, "Org", IF (Event.cluster=true, "Server", "All"))',
|
||||
));
|
||||
|
||||
$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
|
||||
'sharing' => array('desc' => 'This field tells how and if the event should be shared with other CyDefSIG users'),
|
||||
));
|
||||
|
||||
$this->validate = Set::merge($this->validate,array(
|
||||
'cluster' => array(
|
||||
'boolean' => array(
|
||||
'rule' => array('boolean'),
|
||||
//'message' => 'Your custom message here',
|
||||
//'allowEmpty' => false,
|
||||
'required' => false,
|
||||
//'last' => false, // Stop validation after this rule
|
||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
),
|
||||
'sharing' => array(
|
||||
'rule' => array('inList', array('Org','Server')),
|
||||
//'message' => 'Your custom message here',
|
||||
'allowEmpty' => false,
|
||||
'required' => false,
|
||||
//'last' => false, // Stop validation after this rule
|
||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
//The Associations below have been created with all possible keys, those that are not needed can be removed
|
||||
|
||||
/**
|
||||
|
@ -212,12 +250,31 @@ class Event extends AppModel {
|
|||
}
|
||||
|
||||
public function beforeValidate() {
|
||||
parent::beforeValidate();
|
||||
// generate UUID if it doesn't exist
|
||||
if (empty($this->data['Event']['uuid'])) {
|
||||
$this->data['Event']['uuid'] = String::uuid();
|
||||
}
|
||||
}
|
||||
|
||||
public function massageData(&$data) {
|
||||
switch ($data['Event']['sharing']) {
|
||||
case 'Org':
|
||||
$data['Event']['private'] = true;
|
||||
$data['Event']['cluster'] = false;
|
||||
break;
|
||||
case 'Server':
|
||||
$data['Event']['private'] = false;
|
||||
$data['Event']['cluster'] = true;
|
||||
break;
|
||||
case 'All':
|
||||
$data['Event']['private'] = false;
|
||||
$data['Event']['cluster'] = false;
|
||||
break;
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
public function isOwnedByOrg($eventid, $org) {
|
||||
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
|
||||
}
|
||||
|
|
|
@ -14,9 +14,15 @@ echo $this->Form->input('type', array(
|
|||
'empty' => '(first choose category)'
|
||||
));
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
|
||||
));
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
echo $this->Form->input('sharing', array('label' => 'Private',
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),
|
||||
));
|
||||
} else {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
|
||||
));
|
||||
}
|
||||
}
|
||||
echo $this->Form->input('to_ids', array(
|
||||
'checked' => true,
|
||||
|
|
|
@ -14,8 +14,13 @@ echo $this->Form->input('malware', array(
|
|||
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
|
||||
));
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
echo $this->Form->input('sharing', array('label' => 'Private',
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),));
|
||||
} else {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),));
|
||||
}
|
||||
}
|
||||
// link an onchange event to the form elements
|
||||
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
|
||||
|
|
|
@ -16,9 +16,15 @@ if ($attachment) {
|
|||
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
|
||||
}
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
|
||||
));
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
echo $this->Form->input('sharing', array('label' => 'Private',
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),
|
||||
));
|
||||
} else {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
|
||||
));
|
||||
}
|
||||
}
|
||||
echo $this->Form->input('to_ids', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
|
||||
|
@ -102,8 +108,8 @@ function showFormInfo(id) {
|
|||
// LATER use nice animations
|
||||
//$(idDiv).hide('fast');
|
||||
// change the content
|
||||
var value = $(id).val(); // get the selected value
|
||||
$(idDiv).html(formInfoValues[value]); // search in a lookup table
|
||||
var value = $(id).val(); // get the selected value
|
||||
$(idDiv).html(formInfoValues[value]); // search in a lookup table
|
||||
|
||||
// show it again
|
||||
$(idDiv).fadeIn('slow');
|
||||
|
|
|
@ -10,6 +10,10 @@ foreach ($attributes as $key => $attribute) {
|
|||
if ('true' != Configure::read('CyDefSIG.sync')) {
|
||||
unset($attributes[$key]['private']);
|
||||
}
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
unset($attributes[$key]['sharing']);
|
||||
unset($attributes[$key]['cluster']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -5,8 +5,13 @@
|
|||
<?php
|
||||
echo $this->Form->input('date');
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
echo $this->Form->input('sharing', array('label' => 'Private',
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['sharing']['formdesc']) ? $eventDescriptions['sharing']['formdesc'] : $eventDescriptions['sharing']['desc']),));
|
||||
} else {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
|
||||
}
|
||||
}
|
||||
echo $this->Form->input('risk', array(
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['risk']['formdesc']) ? $eventDescriptions['risk']['formdesc'] : $eventDescriptions['risk']['desc'])));
|
||||
|
|
|
@ -8,8 +8,13 @@ echo $this->Form->input('date');
|
|||
echo $this->Form->input('risk', array(
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['risk']['formdesc']) ? $eventDescriptions['risk']['formdesc'] : $eventDescriptions['risk']['desc'])));
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
echo $this->Form->input('sharing', array('label' => 'Private',
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['sharing']['formdesc']) ? $eventDescriptions['sharing']['formdesc'] : $eventDescriptions['sharing']['desc']),));
|
||||
} else {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
|
||||
}
|
||||
}
|
||||
echo $this->Form->input('info');
|
||||
?>
|
||||
|
|
|
@ -63,12 +63,20 @@ if ($mayPublish) {
|
|||
|
||||
</dd>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.private')): ?>
|
||||
<dt>Private</dt>
|
||||
<dd>
|
||||
<?php echo ($event['Event']['sharing'] == 'All') ? 'upload Event and all Attributes except those marked as to keep in Org or Server.' : (($event['Event']['sharing'] == 'Server') ? 'Server, Only show Event or any Attributes to Server members.': 'Org, Only show Event or any Attributes to Org members.'); ?>
|
||||
|
||||
</dd>
|
||||
<?php else: ?>
|
||||
<dt>Private</dt>
|
||||
<dd>
|
||||
<?php echo ($event['Event']['private'])? 'Yes, never upload Event or any Attributes.' : 'No, upload Event and all Attributes except those marked as Private.'; ?>
|
||||
|
||||
</dd>
|
||||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
<!-- dt>UUID</dt>
|
||||
<dd>
|
||||
<?php echo $event['Event']['uuid']; ?>
|
||||
|
|
|
@ -11,6 +11,10 @@ foreach ($events as $key => $event) {
|
|||
if ('true' != Configure::read('CyDefSIG.sync')) {
|
||||
unset($events[$key]['private']);
|
||||
}
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
unset($events[$key]['cluster']);
|
||||
unset($events[$key]['sharing']);
|
||||
}
|
||||
// hide the org field is we are not in showorg mode
|
||||
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
|
||||
unset($events[$key]['org']);
|
||||
|
|
|
@ -12,6 +12,15 @@ foreach ($event['Event']['Attribute'] as $key => $value) {
|
|||
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||
}
|
||||
|
||||
// hide the share fields is we are not in private mode
|
||||
if ('true' == Configure::read('CyDefSIG.private')) {
|
||||
unset($event['Event']['cluster']);
|
||||
unset($event['Event']['sharing']);
|
||||
foreach ($event['Event']['Attribute'] as $key => $value) {
|
||||
unset($event['Event']['Attribute'][$key]['cluster']);
|
||||
unset($event['Event']['Attribute'][$key]['sharing']);
|
||||
}
|
||||
}
|
||||
// hide the private fields is we are not in sync mode
|
||||
if ('true' != Configure::read('CyDefSIG.sync')) {
|
||||
unset($event['Event']['private']);
|
||||
|
|
Loading…
Reference in New Issue