MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Private 

Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).

Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
pull/63/head
noud 2012-10-17 14:45:26 +02:00
parent bf4e46da8f
commit 67e50cb612
17 changed files with 357 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Config/bootstrap.default.php
View File

@ -111,6 +111,10 @@ Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png'); // used in Events::ind
Configure::write('CyDefSIG.showorg', 'true'); // show the name/flag of the organisation that uploaded the data
Configure::write('CyDefSIG.showowner', 'false'); // show the email of the owner that uploaded the data
Configure::write('CyDefSIG.sync', 'false'); // enable features related to syncing with other CyDefSIG instances
Configure::write('CyDefSIG.private', 'true'); // respect private to org or server.
if ('true' == Configure::read('CyDefSIG.private')) {
Configure::write('CyDefSIG.sync', 'true');
}
Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails
Configure::write('GnuPG.onlyencrypted', 'true'); // only allow encrypted email, do not allow plaintext mails

2
app/Controller/AppController.php
View File

@ -322,7 +322,7 @@ class AppController extends Controller {
$this->loadModel('Correlation');
$this->loadModel('Attribute');
$fields = array('Attribute.id', 'Attribute.event_id', 'Event.date');
$fields = array('Attribute.id', 'Attribute.event_id', 'Attribute.private', 'Event.date', 'Event.org');
// get all attributes..
$attributes = $this->Attribute->find('all',array('recursive' => 0));
// for all attributes..

77
app/Controller/AttributesController.php
View File

@ -41,6 +41,31 @@ class AttributesController extends AppController {
$this->params->addParams(array('pass' => array($id))); // FIXME find better way to change id variable if uuid is found. params->url and params->here is not modified accordingly now
}
}
// do not show private to other groups
if ('true' == Configure::read('CyDefSIG.private')) {
// if not admin or own org, check private as well..
if (!$this->_IsAdmin()) {
$this->paginate = Set::merge($this->paginate,array(
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)))),
)
);
}
}
// do not show cluster outside server
if ('true' == Configure::read('CyDefSIG.private')) {
if ($this->_isRest()) {
$this->paginate = Set::merge($this->paginate,array(
'conditions' =>
array("AND" => array('Event.cluster !=' => true),array('Attribute.cluster !=' => true)),
//array("AND" => array(array('Event.private !=' => 2))),
));
}
}
}
public function isAuthorized($user) {
@ -114,6 +139,9 @@ class AttributesController extends AppController {
$this->Attribute->create();
$this->request->data['Attribute']['value'] = $attribute; // set the value as the content of the single line
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Attribute->massageData(&$this->request->data);
}
if ($this->Attribute->save($this->request->data)) {
$successes .= " " . ($key + 1);
} else {
@ -140,6 +168,10 @@ class AttributesController extends AppController {
// create the attribute
$this->Attribute->create();
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Attribute->massageData(&$this->request->data);
}
if ($this->Attribute->save($this->request->data)) {
// inform the user and redirect
$this->Session->setFlash(__('The attribute has been saved'));
@ -162,6 +194,12 @@ class AttributesController extends AppController {
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories',compact('categories'));
if ('true' == Configure::read('CyDefSIG.private')) {
$sharings = array('Org','Server','All');
$sharings = $this->_arrayToValuesIndexArray($sharings);
$this->set('sharings',compact('sharings'));
}
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
@ -191,10 +229,10 @@ class AttributesController extends AppController {
$this->viewClass = 'Media';
$params = array(
'id' => $file->path,
'name' => $filename,
'name' => $filename,
'extension' => $fileExt,
'download' => true,
'path' => DS
'path' => DS
);
$this->set($params);
}
@ -241,6 +279,9 @@ class AttributesController extends AppController {
}
$this->request->data['Attribute']['uuid'] = String::uuid();
$this->request->data['Attribute']['batch_import'] = 0;
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Attribute->massageData(&$this->request->data);
}
if ($this->Attribute->save($this->request->data)) {
// attribute saved correctly in the db
@ -329,6 +370,12 @@ class AttributesController extends AppController {
$this->set('zippedDefinitions', $this->Attribute->zippedDefinitions);
$this->set('uploadDefinitions', $this->Attribute->uploadDefinitions);
if ('true' == Configure::read('CyDefSIG.private')) {
$sharings = array('Org','Server','All');
$sharings = $this->_arrayToValuesIndexArray($sharings);
$this->set('sharings',compact('sharings'));
}
}
/**
@ -358,8 +405,12 @@ class AttributesController extends AppController {
}
if ($this->request->is('post') || $this->request->is('put')) {
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Attribute->massageData(&$this->request->data);
}
// say what fields are to be updated
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private');
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
if ($this->Attribute->save($this->request->data)) {
$this->Session->setFlash(__('The attribute has been saved'));
@ -385,6 +436,12 @@ class AttributesController extends AppController {
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories',compact('categories'));
if ('true' == Configure::read('CyDefSIG.private')) {
$sharings = array('Org','Server','All');
$sharings = $this->_arrayToValuesIndexArray($sharings);
$this->set('sharings',compact('sharings'));
}
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
@ -492,6 +549,20 @@ class AttributesController extends AppController {
$this->paginate = array(
'conditions' => $conditions
);
if ('true' == Configure::read('CyDefSIG.private')) {
if (!$this->_IsAdmin()) {
// merge in private conditions
$this->paginate = Set::merge($this->paginate,array(
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)))),
)
);
}
}
$this->set('attributes', $this->paginate());
// and store into session

100
app/Controller/EventsController.php
View File

@ -64,6 +64,30 @@ class EventsController extends AppController {
$this->params->addParams(array('pass' => array($id))); // FIXME find better way to change id variable if uuid is found. params->url and params->here is not modified accordingly now
}
}
// do not show private to other groups
if ('true' == Configure::read('CyDefSIG.private')) {
// if not admin or own org, check private as well..
if (!$this->_IsAdmin()) {
$this->paginate = Set::merge($this->paginate,array(
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1)))),
));
}
}
// do not show cluster outside server
if ('true' == Configure::read('CyDefSIG.private')) {
if ($this->_isRest()) {
$this->paginate = Set::merge($this->paginate,array(
'conditions' =>
array(array('Event.cluster !=' => true)),
//array("AND" => array(array('Event.private !=' => 2))),
));
}
}
}
public function isAuthorized($user) {
@ -110,21 +134,44 @@ class EventsController extends AppController {
}
$this->Event->read(null, $id);
if ('true' == Configure::read('CyDefSIG.private')) {
if (!$this->_IsAdmin()) {
// check for non-private and re-read
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
$this->Event->hasMany['Attribute']['conditions'] = array('Attribute.private !=' => 1);
$this->Event->read(null, $id);
}
// check private
if (($this->Event->data['Event']['private']) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
$this->Session->setFlash('Invalid event.');
$this->redirect(array('controller' => 'users', 'action' => 'terms'));
}
}
}
$relatedAttributes = array();
$this->loadModel('Attribute');
if ('db' == Configure::read('CyDefSIG.correlation')) {
$this->loadModel('Correlation');
$fields = array('Correlation.event_id', 'Correlation.attribute_id', 'Correlation.date');
$fields2 = array('Correlation.1_attribute_id','Correlation.event_id', 'Correlation.attribute_id', 'Correlation.date');
$fields2 = array('Correlation.1_attribute_id','Correlation.event_id', 'Correlation.attribute_id', 'Correlation.date', 'Correlation.private', 'Correlation.org');
$relatedAttributes2 = array();
$relatedAttributes2 = $this->Correlation->find('all',array(
'fields' => $fields2,
'conditions' => array(
'OR' => array(
'Correlation.1_event_id' => $id
)
),
'recursive' => 0));
if ('true' == Configure::read('CyDefSIG.private')) {
$conditionsCorrelation =
array('AND' => array('Correlation.1_event_id' => $id,),
array("OR" => array(
array('Correlation.org =' => $this->Event->data['Event']['org']),
array("AND" => array('Correlation.org !=' => $this->Event->data['Event']['org']), array('Correlation.private !=' => 1)))));
} else {
$conditionsCorrelation =
array('AND' => array('Correlation.1_event_id' => $id,));
}
$relatedAttributes2 = $this->Correlation->find('all',array(
'fields' => $fields2,
'conditions' => $conditionsCorrelation,
'recursive' => 0));
if (empty($relatedAttributes2)) {
$relatedEvents = null;
} else {
@ -231,6 +278,12 @@ class EventsController extends AppController {
*/
public function add() {
if ($this->request->is('post')) {
// TODO or massageData here
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Event->massageData(&$this->request->data);
}
if (!empty($this->data)) {
if (isset($this->data['Event']['submittedfile'])) {
App::uses('File', 'Utility');
@ -244,6 +297,7 @@ class EventsController extends AppController {
//return false;
$this->Session->setFlash('You may only upload GFI Sandbox zip files.');
} else {
// TODO or massageData here
if ($this->_add($this->request->data, $this->Auth, $this->_isRest(),'')) {
if ($this->_isRest()) {
// REST users want to see the newly created event
@ -269,6 +323,12 @@ class EventsController extends AppController {
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',compact('risks'));
if ('true' == Configure::read('CyDefSIG.private')) {
$sharings = array('Org','Server','All');
$sharings = $this->_arrayToValuesIndexArray($sharings);
$this->set('sharings',compact('sharings'));
}
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
}
@ -322,9 +382,14 @@ class EventsController extends AppController {
}
$fieldList = array(
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private')
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster')
);
if ('true' == Configure::read('CyDefSIG.private')) {
$data = $this->Event->massageData(&$data);
}
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
if ($this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList))) {
@ -390,7 +455,7 @@ class EventsController extends AppController {
}
// say what fields are to be updated
$fieldList = array('date', 'risk', 'info', 'published', 'private');
$fieldList = array('date', 'risk', 'info', 'published', 'private', 'cluster');
// always force the org, but do not force it for admins
if ($this->_isAdmin()) {
// set the same org as existed before
@ -400,6 +465,10 @@ class EventsController extends AppController {
// we probably also want to remove the published flag
$this->request->data['Event']['published'] = 0;
if ('true' == Configure::read('CyDefSIG.private')) {
$this->request->data = $this->Event->massageData(&$this->request->data);
}
if ($this->Event->save($this->request->data, true, $fieldList)) {
$this->Session->setFlash(__('The event has been saved'));
$this->redirect(array('action' => 'view', $id));
@ -415,7 +484,14 @@ class EventsController extends AppController {
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',compact('risks'));
if ('true' == Configure::read('CyDefSIG.private')) {
$sharings = array('Org', 'Server', 'All');
$sharings = $this->_arrayToValuesIndexArray($sharings);
$this->set('sharings', compact('sharings'));
}
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
$this->set('privateDefinitions', $this->Event->privateDefinitions);
}
/**

7
app/MYSQL.correlation.sql
View File

@ -5,6 +5,11 @@ CREATE TABLE `correlations` (
`1_attribute_id` int(11) NOT NULL,
`event_id` int(11) NOT NULL,
`attribute_id` int(11) NOT NULL,
`date` date NOT NULL,
`org` varchar(255) COLLATE utf8_bin NOT NULL,
`private` tinyint(1) NOT NULL,
`date` date NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- ALTER TABLE `correlations` ADD private tinyint(1) NOT NULL;
-- ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;

5
app/MYSQL.private.sql Normal file
View File

@ -0,0 +1,5 @@
ALTER TABLE `events` ADD `cluster` tinyint(1) NOT NULL;
ALTER TABLE `attributes` ADD `cluster` tinyint(1) NOT NULL;
ALTER TABLE `correlations` ADD private tinyint(1) NOT NULL;
ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;

60
app/Model/Attribute.php
View File

@ -273,6 +273,42 @@ class Attribute extends AppModel {
),
);
public function __construct($id = false, $table = null, $ds = null) {
parent::__construct($id, $table, $ds);
if ('true' == Configure::read('CyDefSIG.private')) {
$this->virtualFields = Set::merge($this->virtualFields,array(
'sharing' => 'IF (Attribute.private=true, "Org", IF (Attribute.cluster=true, "Server", "All"))',
));
$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
'sharing' => array('desc' => 'This field tells how and if the attribute should be shared with other CyDefSIG users'),
));
$this->validate = Set::merge($this->validate,array(
'cluster' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'sharing' => array(
'rule' => array('inList', array('Org','Server','All')),
//'message' => 'Your custom message here',
'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
));
}
}
//The Associations below have been created with all possible keys, those that are not needed can be removed
/**
@ -361,6 +397,24 @@ class Attribute extends AppModel {
}
}
public function massageData(&$data) {
switch ($data['Attribute']['sharing']) {
case 'Org':
$data['Attribute']['private'] = true;
$data['Attribute']['cluster'] = false;
break;
case 'Server':
$data['Attribute']['private'] = false;
$data['Attribute']['cluster'] = true;
break;
case 'All':
$data['Attribute']['private'] = false;
$data['Attribute']['cluster'] = false;
break;
}
return $data;
}
public function beforeValidate() {
// remove leading and trailing blanks
$this->data['Attribute']['value'] = trim($this->data['Attribute']['value']);
@ -761,7 +815,7 @@ class Attribute extends AppModel {
private function __afterSaveCorrelation($attribute) {
$this->__beforeDeleteCorrelation($attribute);
// re-add
$this->setRelatedAttributes($attribute, array('Attribute.id', 'Attribute.event_id', 'Event.date'));
$this->setRelatedAttributes($attribute, array('Attribute.id', 'Attribute.event_id', 'Attribute.private', 'Event.date', 'Event.org'));
}
private function __beforeDeleteCorrelation($attribute) {
@ -817,7 +871,7 @@ class Attribute extends AppModel {
$params = array(
'conditions' => array('Event.id' => $relatedAttribute['Attribute']['event_id']),
'recursive' => 0,
'fields' => array('Event.date')
'fields' => array('Event.date', 'Event.org')
);
$eventDate = $this->Event->find('first', $params);
$this->Correlation = ClassRegistry::init('Correlation');
@ -826,6 +880,8 @@ class Attribute extends AppModel {
'Correlation' => array(
'1_event_id' => $attribute['event_id'], '1_attribute_id' => $attribute['id'],
'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],
'org' => $eventDate['Event']['org'],
'private' => $relatedAttribute['Attribute']['private'],
'date' => $eventDate['Event']['date']))
);
}

57
app/Model/Event.php
View File

@ -23,6 +23,8 @@ class Event extends AppModel {
*/
public $displayField = 'id';
public $virtualFields = array();
/**
* Description field
*
@ -139,6 +141,42 @@ class Event extends AppModel {
//),
);
public function __construct($id = false, $table = null, $ds = null) {
parent::__construct($id, $table, $ds);
if ('true' == Configure::read('CyDefSIG.private')) {
$this->virtualFields = Set::merge($this->virtualFields,array(
'sharing' => 'IF (Event.private=true, "Org", IF (Event.cluster=true, "Server", "All"))',
));
$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
'sharing' => array('desc' => 'This field tells how and if the event should be shared with other CyDefSIG users'),
));
$this->validate = Set::merge($this->validate,array(
'cluster' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'sharing' => array(
'rule' => array('inList', array('Org','Server')),
//'message' => 'Your custom message here',
'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
));
}
}
//The Associations below have been created with all possible keys, those that are not needed can be removed
/**
@ -212,12 +250,31 @@ class Event extends AppModel {
}
public function beforeValidate() {
parent::beforeValidate();
// generate UUID if it doesn't exist
if (empty($this->data['Event']['uuid'])) {
$this->data['Event']['uuid'] = String::uuid();
}
}
public function massageData(&$data) {
switch ($data['Event']['sharing']) {
case 'Org':
$data['Event']['private'] = true;
$data['Event']['cluster'] = false;
break;
case 'Server':
$data['Event']['private'] = false;
$data['Event']['cluster'] = true;
break;
case 'All':
$data['Event']['private'] = false;
$data['Event']['cluster'] = false;
break;
}
return $data;
}
public function isOwnedByOrg($eventid, $org) {
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
}

12
app/View/Attributes/add.ctp
View File

@ -14,9 +14,15 @@ echo $this->Form->input('type', array(
'empty' => '(first choose category)'
));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
));
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('sharing', array('label' => 'Private',
'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),
));
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
));
}
}
echo $this->Form->input('to_ids', array(
'checked' => true,

7
app/View/Attributes/add_attachment.ctp
View File

@ -14,8 +14,13 @@ echo $this->Form->input('malware', array(
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('sharing', array('label' => 'Private',
'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),));
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),));
}
}
// link an onchange event to the form elements
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');

16
app/View/Attributes/edit.ctp
View File

@ -16,9 +16,15 @@ if ($attachment) {
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
}
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
));
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('sharing', array('label' => 'Private',
'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),
));
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
));
}
}
echo $this->Form->input('to_ids', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
@ -102,8 +108,8 @@ function showFormInfo(id) {
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');

4
app/View/Attributes/xml/index.ctp
View File

@ -10,6 +10,10 @@ foreach ($attributes as $key => $attribute) {
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($attributes[$key]['private']);
}
if ('true' == Configure::read('CyDefSIG.private')) {
unset($attributes[$key]['sharing']);
unset($attributes[$key]['cluster']);
}
}

7
app/View/Events/add.ctp
View File

@ -5,8 +5,13 @@
<?php
echo $this->Form->input('date');
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('sharing', array('label' => 'Private',
'before' => $this->Html->div('forminfo', isset($eventDescriptions['sharing']['formdesc']) ? $eventDescriptions['sharing']['formdesc'] : $eventDescriptions['sharing']['desc']),));
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
}
}
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['risk']['formdesc']) ? $eventDescriptions['risk']['formdesc'] : $eventDescriptions['risk']['desc'])));

9
app/View/Events/edit.ctp
View File

@ -8,8 +8,13 @@ echo $this->Form->input('date');
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['risk']['formdesc']) ? $eventDescriptions['risk']['formdesc'] : $eventDescriptions['risk']['desc'])));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
if ('true' == Configure::read('CyDefSIG.private')) {
echo $this->Form->input('sharing', array('label' => 'Private',
'before' => $this->Html->div('forminfo', isset($eventDescriptions['sharing']['formdesc']) ? $eventDescriptions['sharing']['formdesc'] : $eventDescriptions['sharing']['desc']),));
} else {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),));
}
}
echo $this->Form->input('info');
?>

8
app/View/Events/view.ctp
View File

@ -63,12 +63,20 @@ if ($mayPublish) {
&nbsp;
</dd>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<?php if ('true' == Configure::read('CyDefSIG.private')): ?>
<dt>Private</dt>
<dd>
<?php echo ($event['Event']['sharing'] == 'All') ? 'upload Event and all Attributes except those marked as to keep in Org or Server.' : (($event['Event']['sharing'] == 'Server') ? 'Server, Only show Event or any Attributes to Server members.': 'Org, Only show Event or any Attributes to Org members.'); ?>
&nbsp;
</dd>
<?php else: ?>
<dt>Private</dt>
<dd>
<?php echo ($event['Event']['private'])? 'Yes, never upload Event or any Attributes.' : 'No, upload Event and all Attributes except those marked as Private.'; ?>
&nbsp;
</dd>
<?php endif; ?>
<?php endif; ?>
<!-- dt>UUID</dt>
<dd>
<?php echo $event['Event']['uuid']; ?>

4
app/View/Events/xml/index.ctp
View File

@ -11,6 +11,10 @@ foreach ($events as $key => $event) {
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($events[$key]['private']);
}
if ('true' == Configure::read('CyDefSIG.private')) {
unset($events[$key]['cluster']);
unset($events[$key]['sharing']);
}
// hide the org field is we are not in showorg mode
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($events[$key]['org']);

9
app/View/Events/xml/view.ctp
View File

@ -12,6 +12,15 @@ foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['category_order']);
}
// hide the share fields is we are not in private mode
if ('true' == Configure::read('CyDefSIG.private')) {
unset($event['Event']['cluster']);
unset($event['Event']['sharing']);
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['cluster']);
unset($event['Event']['Attribute'][$key]['sharing']);
}
}
// hide the private fields is we are not in sync mode
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($event['Event']['private']);