MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hotfix-2.3.30' into develop

pull/762/head
iglocska 2014-11-27 11:29:04 +01:00
parent bd84fade5b dc98d6f1d3
commit 6dcffe1d56
12 changed files with 189 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":28}
{"major":2, "minor":3, "hotfix":29}

122
app/Controller/AttributesController.php
View File

@ -1088,12 +1088,14 @@ class AttributesController extends AppController {
if ($this->request->is('post') && ($this->request->here == $fullAddress)) {
$keyword = $this->request->data['Attribute']['keyword'];
$keyword2 = $this->request->data['Attribute']['keyword2'];
$tags = $this->request->data['Attribute']['tags'];
$org = $this->request->data['Attribute']['org'];
$type = $this->request->data['Attribute']['type'];
$ioc = $this->request->data['Attribute']['ioc'];
$this->set('ioc', $ioc);
$category = $this->request->data['Attribute']['category'];
$this->set('keywordSearch', $keyword);
$this->set('tags', $tags);
$keyWordText = null;
$keyWordText2 = null;
$keyWordText3 = null;
@ -1114,26 +1116,67 @@ class AttributesController extends AppController {
$temp = array();
$temp2 = array();
foreach ($keywordArray as $keywordArrayElement) {
$saveWord = trim($keywordArrayElement);
$keywordArrayElement = '%' . trim($keywordArrayElement) . '%';
if ($keywordArrayElement != '%%') {
if ($keywordArrayElement[1] == '!') {
if (preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', substr($saveWord, 2))) {
$cidrresults = $this->Cidr->CIDR($saveWord);
foreach ($cidrresults as $result) {
array_push($temp2, array('Attribute.value NOT LIKE' => $result));
$saveWord = trim(strtolower($keywordArrayElement));
if ($saveWord != '') {
$toInclude = true;
if ($saveWord[0] == '!') {
$toInclude = false;
$saveWord = substr($saveWord, 1);
}
if (preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', $saveWord)) {
$cidrresults = $this->Cidr->CIDR($saveWord);
foreach ($cidrresults as $result) {
$result = strtolower($result);
if (strpos($result, '|')) {
$resultParts = explode('|', $result);
if (!toInclude) {
$temp2[] = array(
'AND' => array(
'LOWER(Attribute.value1) NOT LIKE' => $resultParts[0],
'LOWER(Attribute.value2) NOT LIKE' => $resultParts[1],
));
} else {
$temp[] = array(
'AND' => array(
'LOWER(Attribute.value1)' => $resultParts[0],
'LOWER(Attribute.value2)' => $resultParts[1],
));
}
} else {
if (!$toInclude) {
array_push($temp2, array('LOWER(Attribute.value1) NOT LIKE' => $result));
array_push($temp2, array('LOWER(Attribute.value2) NOT LIKE' => $result));
} else {
array_push($temp, array('LOWER(Attribute.value1) LIKE' => $result));
array_push($temp, array('LOWER(Attribute.value2) LIKE' => $result));
}
}
} else {
array_push($temp2, array('Attribute.value NOT LIKE' => '%' . substr($keywordArrayElement, 2)));
}
} else {
if (preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', $saveWord)) {
$cidrresults = $this->Cidr->CIDR($saveWord);
foreach ($cidrresults as $result) {
array_push($temp, array('Attribute.value LIKE' => $result));
if (strpos($saveWord, '|')) {
$resultParts = explode('|', $saveWord);
if (!$toInclude) {
$temp2[] = array(
'AND' => array(
'LOWER(Attribute.value1) NOT LIKE' => '%' . $resultParts[0],
'LOWER(Attribute.value2) NOT LIKE' => $resultParts[1] . '%',
));
} else {
$temp2[] = array(
'AND' => array(
'LOWER(Attribute.value1)' => '%' . $resultParts[0],
'LOWER(Attribute.value2)' => $resultParts[1] . '%',
));
}
} else {
array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement));
if (!$toInclude) {
array_push($temp2, array('LOWER(Attribute.value1) NOT LIKE' => '%' . $saveWord . '%'));
array_push($temp2, array('LOWER(Attribute.value2) NOT LIKE' => '%' . $saveWord . '%'));
} else {
array_push($temp, array('LOWER(Attribute.value1) LIKE' => '%' . $saveWord . '%'));
array_push($temp, array('LOWER(Attribute.value2) LIKE' => '%' . $saveWord . '%'));
}
}
}
}
@ -1175,6 +1218,19 @@ class AttributesController extends AppController {
$conditions['AND'][] = $temp;
}
}
if (!empty($tags)) {
$include = array();
$exclude = array();
$keywordArray = explode("\n", $tags);
foreach ($keywordArray as $tagname) {
$tagname = trim($tagname);
if (substr($tagname, 0, 1) === '!') $exclude[] = substr($tagname, 1);
else $include[] = $tagname;
}
$this->loadModel('Tag');
if (!empty($include)) $conditions['AND'][] = array('OR' => array('Attribute.event_id' => $this->Tag->findTags($include)));
if (!empty($exclude)) $conditions['AND'][] = array('Attribute.event_id !=' => $this->Tag->findTags($exclude));
}
if ($type != 'ALL') {
$conditions['Attribute.type ='] = $type;
}
@ -1204,7 +1260,6 @@ class AttributesController extends AppController {
$conditions['AND'][] = $temp;
}
}
if ($this->request->data['Attribute']['alternate']) {
$events = $this->searchAlternate($conditions);
$this->set('events', $events);
@ -1244,7 +1299,6 @@ class AttributesController extends AppController {
}
}
$this->set('attributes', $attributes);
// and store into session
$this->Session->write('paginate_conditions', $this->paginate);
$this->Session->write('paginate_conditions_keyword', $keyword);
@ -1252,6 +1306,7 @@ class AttributesController extends AppController {
$this->Session->write('paginate_conditions_org', $org);
$this->Session->write('paginate_conditions_type', $type);
$this->Session->write('paginate_conditions_ioc', $ioc);
$this->Session->write('paginate_conditions_tags', $tags);
$this->Session->write('paginate_conditions_category', $category);
$this->Session->write('search_find_idlist', $idList);
$this->Session->write('search_find_attributeidlist', $attributeIdList);
@ -1278,17 +1333,18 @@ class AttributesController extends AppController {
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
// get from Session
$keyword = $this->Session->read('paginate_conditions_keyword');
$keyword2 = $this->Session->read('paginate_conditions_keyword2');
$org = $this->Session->read('paginate_conditions_org');
$type = $this->Session->read('paginate_conditions_type');
$category = $this->Session->read('paginate_conditions_category');
$tags = $this->Session->read('paginate_conditions_tags');
$this->set('keywordSearch', $keyword);
$this->set('keywordSearch2', $keyword2);
$this->set('orgSearch', $org);
$this->set('typeSearch', $type);
$this->set('tags', $tags);
$this->set('isSearch', 1);
$this->set('categorySearch', $category);
@ -1693,9 +1749,33 @@ class AttributesController extends AppController {
public function generateCorrelation() {
if (!self::_isSiteAdmin()) throw new NotFoundException();
$k = $this->Attribute->generateCorrelation();
$this->Session->setFlash(__('All done. ' . $k . ' attributes processed.'));
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
if (!Configure::read('MISP.background_jobs')) {
$k = $this->Attribute->generateCorrelation();
$this->Session->setFlash(__('All done. ' . $k . ' attributes processed.'));
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
} else {
$job = ClassRegistry::init('Job');
$job->create();
$data = array(
'worker' => 'default',
'job_type' => 'generate correlation',
'job_input' => 'All attributes',
'status' => 0,
'retries' => 0,
'org' => 'ADMIN',
'message' => 'Job created.',
);
$job->save($data);
$jobId = $job->id;
$process_id = CakeResque::enqueue(
'default',
'AdminShell',
array('jobGenerateCorrelation', $jobId)
);
$job->saveField('process_id', $process_id);
$this->Session->setFlash(__('Job queued. You can view the progress if you navigate to the active jobs view (administration -> jobs).'));
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
}
}
public function fetchViewValue($id, $field = null) {

8
app/Controller/EventsController.php
View File

@ -2843,7 +2843,7 @@ class EventsController extends AppController {
if ($attribute['save'] == '1') {
$this->Event->Attribute->create();
$attribute['distribution'] = $event['Event']['distribution'];
$attribute['comment'] = 'Imported via the freetext import.';
if (empty($attribute['comment'])) $attribute['comment'] = 'Imported via the freetext import.';
$attribute['event_id'] = $id;
if ($this->Event->Attribute->save($attribute)) {
$saved++;
@ -2860,7 +2860,11 @@ class EventsController extends AppController {
$event['Event']['published'] = 0;
$this->Event->save($event);
}
$this->Session->setFlash($saved . ' attributes created. ' . $failed . ' attributes could not be saved. This may be due to attributes with similar values already existing.');
if ($failed > 0) {
$this->Session->setFlash($saved . ' attributes created. ' . $failed . ' attributes could not be saved. This may be due to attributes with similar values already existing.');
} else {
$this->Session->setFlash($saved . ' attributes created.');
}
$this->redirect(array('controller' => 'events', 'action' => 'view', $id));
} else {
throw new MethodNotAllowedException();

8
app/Model/Server.php
View File

@ -373,6 +373,14 @@ class Server extends AppModel {
'test' => 'testForTermsFile',
'type' => 'string'
),
'showorgalternate' => array(
'level' => 2,
'description' => 'True enables the alternate org fields for the event index (source org and member org) instead of the traditional way of showing only an org field. This allows users to see if an event was uploaded by a member organisation on their MISP instance, or if it originated on an interconnected instance.',
'value' => '',
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean'
),
),
'GnuPG' => array(
'branch' => 1,

2
app/Model/Tag.php
View File

@ -87,7 +87,7 @@ class Tag extends AppModel {
public function findTags($array) {
$ids = array();
foreach ($array as $a) {
$conditions['OR'][] = array('name like' => '%' . $a . '%');
$conditions['OR'][] = array('LOWER(name) like' => '%' . strtolower($a) . '%');
}
$params = array(
'recursive' => 1,

1
app/View/Attributes/index.ctp
View File

@ -5,6 +5,7 @@ if ($isSearch == 1) {
echo "<h4>Results for all attributes";
if ($keywordSearch != null) echo " with the value containing \"<b>" . h($keywordSearch) . "</b>\"";
if ($keywordSearch2 != null) echo " from the events \"<b>" . h($keywordSearch2) . "</b>\"";
if ($tags != null) echo " from events tagged \"<b>" . h($tags) . "</b>\"";
if ($categorySearch != "ALL") echo " of category \"<b>" . h($categorySearch) . "</b>\"";
if ($typeSearch != "ALL") echo " of type \"<b>" . h($typeSearch) . "</b>\"";
if (isset($orgSearch) && $orgSearch != '' && $orgSearch != null) echo " created by the organisation \"<b>" . h($orgSearch) . "</b>\"";

2
app/View/Attributes/search.ctp
View File

@ -6,6 +6,8 @@
<?php
echo $this->Form->input('keyword', array('type' => 'textarea', 'label' => 'Containing the following expressions', 'div' => 'clear', 'class' => 'input-xxlarge'));
echo $this->Form->input('keyword2', array('type' => 'textarea', 'label' => 'Being attributes of the following event IDs', 'div' => 'clear', 'class' => 'input-xxlarge'));
echo $this->Form->input('tags', array('type' => 'textarea', 'label' => 'Being an attribute of an event matching the following tags', 'div' => 'clear', 'class' => 'input-xxlarge'));
?>
<?php
if (Configure::read('MISP.showorg') || $isAdmin)

17
app/View/Events/free_text_results.ctp
View File

@ -7,13 +7,14 @@
<th>Category</th>
<th>Type</th>
<th>IDS</th>
<th>Comment</th>
<th>Actions</th>
</tr>
<?php
echo $this->Form->create('Attribute', array('url' => '/events/saveFreeText/' . $event_id));
foreach ($resultArray as $k => $item):
?>
<tr id="row_<?php echo $k; ?>">
<tr id="row_<?php echo $k; ?>" class="freetext_row">
<?php
echo $this->Form->input('Attribute.' . $k . '.save', array(
'label' => false,
@ -61,7 +62,7 @@
}
?>
</td>
<td class="short">
<td class="short" style="width:30px;">
<?php
echo $this->Form->input('Attribute.' . $k . '.to_ids', array(
'label' => false,
@ -70,8 +71,18 @@
));
?>
</td>
<td class="short">
<?php
echo $this->Form->input('Attribute.' . $k . '.comment', array(
'label' => false,
'style' => 'padding:0px;height:20px;margin-bottom:0px;',
'type' => 'text',
'placeholder' => 'Imported via the freetext import.',
));
?>
</td>
<td class="action short">
<span class="icon-remove pointer" onClick="freetextRemoveRow('<?php echo $k; ?>');"></span>
<span class="icon-remove pointer" onClick="freetextRemoveRow('<?php echo $k; ?>', '<?php echo $event_id; ?>');"></span>
</td>
</tr>
<?php

28
app/View/Events/index.ctp
View File

@ -46,16 +46,24 @@
<?php echo $this->Paginator->sort('published');?>
</th>
<?php
if (Configure::read('MISP.showorg') || $isAdmin): ?>
<th class="filter"><?php echo $this->Paginator->sort('org'); ?></th>
<?php
endif;
if (Configure::read('MISP.showorgalternate') && Configure::read('MISP.showorg')):
?>
<th class="filter"><?php echo $this->Paginator->sort('org', 'Source org'); ?></th>
<th class="filter"><?php echo $this->Paginator->sort('org', 'Member org'); ?></th>
<?php
else:
if (Configure::read('MISP.showorg') || $isAdmin):
?>
<th class="filter"><?php echo $this->Paginator->sort('org'); ?></th>
<?php
endif;
if ($isSiteAdmin):
?>
<th class="filter"><?php echo $this->Paginator->sort('owner org');?></th>
<?php
endif;
endif;
?>
<?php if ($isSiteAdmin): ?>
<th class="filter">
<?php echo $this->Paginator->sort('owner org');?>
</th>
<?php endif; ?>
<th><?php echo $this->Paginator->sort('id');?></th>
<?php if (Configure::read('MISP.tagging')): ?>
<th class="filter">Tags</th>
@ -101,7 +109,7 @@
&nbsp;
</td>
<?php endif;?>
<?php if ('true' == $isSiteAdmin): ?>
<?php if ($isSiteAdmin || (Configure::read('MISP.showorgalternate') && Configure::read('MISP.showorg'))): ?>
<td class="short" onclick="document.location.href ='/events/view/<?php echo $event['Event']['id'];?>'">
<?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['org']) . '.png';

46
app/View/Events/view.ctp
View File

@ -28,20 +28,38 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']);
<?php echo h($event['Event']['uuid']); ?>
&nbsp;
</dd>
<?php if (Configure::read('MISP.showorg') || $isAdmin): ?>
<dt>Org</dt>
<dd>
<?php echo h($event['Event']['orgc']); ?>
&nbsp;
</dd>
<?php endif; ?>
<?php if ($isSiteAdmin): ?>
<dt>Owner org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
</dd>
<?php endif; ?>
<?php
if (Configure::read('MISP.showorgalternate') && (Configure::read('MISP.showorg') || $isAdmin)): ?>
<dt>Source Organisation</dt>
<dd>
<?php echo h($event['Event']['orgc']); ?>
&nbsp;
</dd>
<dt>Member Organisation</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
</dd>
<?php
else:
if (Configure::read('MISP.showorg') || $isAdmin): ?>
<dt>Org</dt>
<dd>
<?php echo h($event['Event']['orgc']); ?>
&nbsp;
</dd>
<?php endif; ?>
<?php if ($isSiteAdmin): ?>
<dt>Owner org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
&nbsp;
</dd>
<?php
endif;
endif;
?>
<dt>Contributors</dt>
<dd>
<?php

2
app/files/scripts/misp2stix.py
View File

@ -86,7 +86,7 @@ SCHEMALOC_DICT = {
# mappings
status_mapping = {'0' : 'New', '1' : 'Open', '2' : 'Closed'}
TLP_mapping = {'0' : 'AMBER', '1' : 'GREEN', '2' : 'GREEN', '3' : 'GREEN'}
confidence_mapping = {'0' : 'None', '1' : 'High'}
confidence_mapping = {False : 'None', True : 'High'}
not_implemented_attributes = ['yara', 'pattern-in-traffic', 'pattern-in-memory']

5
app/webroot/js/ajaxification.js
View File

@ -897,9 +897,12 @@ function templateFileUploadTriggerBrowse(id) {
$('#upload_' + id + '_file').click();
}
function freetextRemoveRow(id) {
function freetextRemoveRow(id, event_id) {
$('#row_' + id).hide();
$('#Attribute' + id + 'Save').attr("value", "0");
if ($(".freetext_row:visible").length == 0) {
window.location = "/events/" + event_id;
}
}
function indexEvaluateFiltering() {