From 6b06ba7ff6ea624fe3b0738fc80bf0d98040dbcb Mon Sep 17 00:00:00 2001
From: noud <noud4@home.nl>
Date: Wed, 14 Nov 2012 16:14:04 +0100
Subject: [PATCH] count & GFI Sandbox

count # attributes in events index.
plus various fixes for distribution in correlation of a GFI Sandbox
upload.
---
 app/Controller/AppController.php        | 11 +++++++++
 app/Controller/AttributesController.php |  5 +++++
 app/MYSQL.event.sql                     |  1 +
 app/MYSQL.txt                           |  1 +
 app/Model/Attribute.php                 | 30 ++++++++++++++++++-------
 app/View/Events/index.ctp               |  4 +++-
 6 files changed, 43 insertions(+), 9 deletions(-)
 create mode 100644 app/MYSQL.event.sql

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index af38f09b6..a89ee719d 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -420,6 +420,17 @@ class AppController extends Controller {
 		}
 	}
 
+	public function generateCount() {
+		if (!self::_isAdmin()) throw new NotFoundException();
+
+		$this->loadModel('Attribute');
+		$attributes = $this->Attribute->find('all', array('recursive' => 0));
+		// for all attributes..
+		foreach ($attributes as $attribute) {
+			$this->Attribute->save($attribute);
+		}
+	}
+
 	// CakePHP returns false if filesize is 0 at lib/cake/Utility/File.php:384
 	public function checkEmpty($fileP = '/var/www/cydefsig/app/files/test') {
 		// Check if there were problems with the file upload
diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index fb8cbe512..dd689b21c 100755
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -742,4 +742,9 @@ class AttributesController extends AppController {
 		$this->set('categories', $this->Attribute->validate['category']['rule'][1]);
 	}
 
+	public function checkComposites() {
+		if (!self::_isAdmin()) throw new NotFoundException();
+
+		$this->set('fails', $this->Attribute->checkComposites());
+	}
 }
diff --git a/app/MYSQL.event.sql b/app/MYSQL.event.sql
new file mode 100644
index 000000000..00e8f6876
--- /dev/null
+++ b/app/MYSQL.event.sql
@@ -0,0 +1 @@
+alter table events add column attribute_count int(11) UNSIGNED DEFAULT NULL;
\ No newline at end of file
diff --git a/app/MYSQL.txt b/app/MYSQL.txt
index e2b413ad2..d54165139 100755
--- a/app/MYSQL.txt
+++ b/app/MYSQL.txt
@@ -88,6 +88,7 @@ CREATE TABLE `events` (
   `revision` int(10) NOT NULL DEFAULT '0',
   `private` tinyint(1) NOT NULL,
   `cluster` tinyint(1) NOT NULL,
+  `attribute_count` int(11) UNSIGNED DEFAULT NULL,
   PRIMARY KEY (`id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
 
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index a86a99fac..d8bbab13d 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -329,7 +329,8 @@ class Attribute extends AppModel {
 			'foreignKey' => 'event_id',
 			'conditions' => '',
 			'fields' => '',
-			'order' => ''
+			'order' => '',
+			'counterCache' => true
 		)
 	);
 
@@ -774,9 +775,10 @@ class Attribute extends AppModel {
 		$this->create();
 		$this->data['Attribute']['event_id'] = $eventId;
 		if ($malware) {
+			$md5 = !$tmpfile->size() ? md5_file($fileP) : $tmpfile->md5() ;
 			$this->data['Attribute']['category'] = $category ? $category : "Payload delivery";
 			$this->data['Attribute']['type'] = "malware-sample";
-			$this->data['Attribute']['value'] = $fullFileName ? $fullFileName . '|' . $tmpfile->md5() : $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
+			$this->data['Attribute']['value'] = $fullFileName ? $fullFileName . '|' . $md5 : $filename . '|' . $md5; // TODO gives problems with bigger files
 			$this->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
 		} else {
 			$this->data['Attribute']['category'] = $category ? $category : "Artifacts dropped";
@@ -879,8 +881,8 @@ class Attribute extends AppModel {
 		foreach ($attributes as $attributeFound) {
 			$this->Correlation->read(null, $attributeFound['Correlation']['id']);
 			$this->Correlation->set(array(
-			    'private' => $attribute['private'],
-			    'cluster' => $attribute['cluster']
+			    'private' => isset($attribute['private']) ? $attribute['private'] : false,
+			    'cluster' => isset($attribute['cluster']) ? $attribute['cluster'] : false,
 			));
 			$this->Correlation->save();
 		}
@@ -889,7 +891,7 @@ class Attribute extends AppModel {
 		foreach ($attributes as $attributeFound) {
 			$this->Correlation->read(null, $attributeFound['Correlation']['id']);
 			$this->Correlation->set(array(
-			    '1_private' => $attribute['private'],
+			    '1_private' => isset($attribute['private']) ? $attribute['private'] : false,
 			));
 			$this->Correlation->save();
 		}
@@ -914,7 +916,7 @@ class Attribute extends AppModel {
 				$this->Correlation->create();
 				$this->Correlation->save(array(
 					'Correlation' => array(
-						'1_event_id' => $attribute['event_id'], '1_attribute_id' => $attribute['id'], '1_private' => $attribute['private'],
+						'1_event_id' => $attribute['event_id'], '1_attribute_id' => $attribute['id'], '1_private' => isset($attribute['private']) ? $attribute['private'] : false,
 						'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],
 						'org' => $eventDate['Event']['org'],
 						'private' => $relatedAttribute['Attribute']['private'],
@@ -936,8 +938,8 @@ class Attribute extends AppModel {
 						'1_event_id' => $relatedAttribute['Attribute']['event_id'], '1_attribute_id' => $relatedAttribute['Attribute']['id'], '1_private' => $relatedAttribute['Attribute']['private'],
 						'event_id' => $attribute['event_id'], 'attribute_id' => $attribute['id'],
 						'org' => $eventDate['Event']['org'],
-						'private' => $attribute['private'],
-						'cluster' => $attribute['cluster'],
+						'private' => isset($attribute['private']) ? $attribute['private'] : false,
+						'cluster' => isset($attribute['cluster']) ? $attribute['cluster'] : false,
 						'date' => $eventDate['Event']['date']))
 				);
 			}
@@ -982,4 +984,16 @@ class Attribute extends AppModel {
 		}
 	}
 
+	public function checkComposites() {
+		$compositeTypes = $this->getCompositeTypes();
+		$fails = array();
+		$attributes = $this->find('all',array('recursive' => 0));
+
+		foreach ($attributes as $attribute) {
+			if ((in_array($attribute['Attribute']['type'], $compositeTypes)) && (!strlen($attribute['Attribute']['value1']) || !strlen($attribute['Attribute']['value2']))) {
+				$fails[] = $attribute['Attribute']['event_id'] . ':' . $attribute['Attribute']['id'];
+			}
+		}
+		return $fails;
+	}
 }
diff --git a/app/View/Events/index.ctp b/app/View/Events/index.ctp
index 58efa21d9..f865db11f 100755
--- a/app/View/Events/index.ctp
+++ b/app/View/Events/index.ctp
@@ -6,6 +6,7 @@
 			<th><?php echo $this->Paginator->sort('org');?></th>
 			<?php endif; ?>
 			<th><?php echo $this->Paginator->sort('id');?></th>
+			<th><?php echo $this->Paginator->sort('attribute_count', '#');?></th>
 			<?php if ('true' == Configure::read('CyDefSIG.showowner') || $isAdmin): ?>
 			<th><?php echo $this->Paginator->sort('user_id', 'Email');?></th>
 			<?php endif; ?>
@@ -38,7 +39,8 @@
 		<td class="short">
 		<?php echo $this->Html->link($event['Event']['id'], array('controller' => 'events', 'action' => 'view', $event['Event']['id'])); ?>
 		&nbsp;</td>
-
+		<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
+		<?php echo $event['Event']['attribute_count']; ?>&nbsp;</td>
 		<?php if ('true' == Configure::read('CyDefSIG.showowner') || $isAdmin): ?>
 		<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
 		<?php echo h($event['User']['email']); ?>&nbsp;</td>