MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fix to an error with very large strings in an array causing a failure in the XML conversion of simpleXML, fixes #500 

Moved the XML conversion in restfullEventToServer() to MISP's own xml conversion tool
pull/567/head
Iglocska 2015-07-08 10:37:20 +02:00
parent 01d32cf9cf
commit 6a25471ea4
3 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":93}
{"major":2, "minor":3, "hotfix":94}

18
app/Lib/Tools/XMLConverterTool.php
View File

@ -26,9 +26,9 @@ class XMLConverterTool {
public function event2xmlArray($event, $isSiteAdmin=false) {
$toEscape = array("&", "<", ">", "\"", "'");
$escapeWith = array('&amp;', '&lt;', '&gt;', '&quot;', '&apos;');
$event['Event']['Attribute'] = $event['Attribute'];
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
$event['Event']['RelatedEvent'] = $event['RelatedEvent'];
if (isset($event['Attribute'])) $event['Event']['Attribute'] = $event['Attribute'];
if (isset($event['ShadowAttribute'])) $event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
if (isset($event['RelatedEvent'])) $event['Event']['RelatedEvent'] = $event['RelatedEvent'];
$event['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['info']);
$event['Event']['info'] = str_replace($toEscape, $escapeWith, $event['Event']['info']);
@ -53,11 +53,13 @@ class XMLConverterTool {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
unset($event['Event']['Attribute'][$key]['category_order']);
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
if (isset($event['Event']['Attribute'][$key]['ShadowAttribute'])) {
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
}
}
}
}

11
app/Model/Event.php
View File

@ -575,7 +575,8 @@ class Event extends AppModel {
$event['Event']['Attribute'] = $event['Attribute'];
unset($event['Attribute']);
}
if (isset($event['ShadowAttribute'])) unset($event['ShadowAttribute']);
// cleanup the array from things we do not want to expose
//unset($event['Event']['org']);
// remove value1 and value2 from the output
@ -616,10 +617,10 @@ class Event extends AppModel {
}
// display the XML to the user
$xmlArray['Event'][] = $event['Event'];
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
$eventsXml = $xmlObject->asXML();
// do a REST POST request with the server
$data = $eventsXml;
App::uses('XMLConverterTool', 'Tools');
$converter = new XMLConverterTool();
$data = '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . $converter->event2XML($event) . PHP_EOL;
// LATER validate HTTPS SSL certificate
$this->Dns = ClassRegistry::init('Dns');