mirror of https://github.com/MISP/MISP
chg: [workflow:tag_if] Added support of `event_attribute` scope and improved integration with queryModuleServer
parent
f6d752890a
commit
6f15d18e62
|
@ -2378,8 +2378,10 @@ class Attribute extends AppModel
|
|||
*/
|
||||
public function convertToCoreFormat(array $attribute): array
|
||||
{
|
||||
$attribute = array_merge($attribute['Attribute'], $attribute);
|
||||
unset($attribute['Attribute']);
|
||||
if (isset($attribute['Attribute'])) {
|
||||
$attribute = array_merge($attribute['Attribute'], $attribute);
|
||||
unset($attribute['Attribute']);
|
||||
}
|
||||
if (isset($attribute['Object']) && empty($attribute['Object']['id'])) {
|
||||
unset($attribute['Object']);
|
||||
}
|
||||
|
@ -2387,9 +2389,7 @@ class Attribute extends AppModel
|
|||
foreach ($tagTypes as $tagType) {
|
||||
if (isset($attribute[$tagType])) {
|
||||
foreach ($attribute[$tagType] as $tag) {
|
||||
if ($tagType === 'EventTag') {
|
||||
$tag['Tag']['inherited'] = 1;
|
||||
}
|
||||
$tag['Tag']['inherited'] = $tagType === 'EventTag' ? 1 : 0;
|
||||
$attribute['Tag'][] = $tag['Tag'];
|
||||
}
|
||||
unset($attribute[$tagType]);
|
||||
|
|
|
@ -6007,9 +6007,13 @@ class Event extends AppModel
|
|||
} else {
|
||||
$data[$attribute['type']] = $attribute['value'];
|
||||
}
|
||||
$result = $this->Module->queryModuleServer($data, false, 'Enrichment', false, $event);
|
||||
if (!$result) {
|
||||
$triggerData = $event[0];
|
||||
$triggerData['Attribute'] = [$attribute];
|
||||
$result = $this->Module->queryModuleServer($data, false, 'Enrichment', false, $this->convertToCoreFormat($triggerData));
|
||||
if ($result === false) {
|
||||
throw new MethodNotAllowedException(h($module['name']) . ' service not reachable.');
|
||||
} else if (!is_array($result)) {
|
||||
continue 2;
|
||||
}
|
||||
//if (isset($result['error'])) $this->Session->setFlash($result['error']);
|
||||
if (!is_array($result)) {
|
||||
|
@ -6047,6 +6051,29 @@ class Event extends AppModel
|
|||
return $attributes_added;
|
||||
}
|
||||
|
||||
/**
|
||||
* convertToCoreFormat Convert the given event into the core format described in the RFC. Perform conversion such as getting rid of EventTag
|
||||
*
|
||||
* @param array $event
|
||||
* @return array
|
||||
*/
|
||||
public function convertToCoreFormat(array $event) {
|
||||
$event = array_merge($event['Event'], $event);
|
||||
unset($event['Event']);
|
||||
foreach ($event['Attribute'] as $i => $attribute) {
|
||||
$attribute['EventTag'] = $event['EventTag'];
|
||||
$event['Attribute'][$i] = $this->Attribute->convertToCoreFormat($attribute)['Attribute'];
|
||||
}
|
||||
if (isset($event['EventTag'])) {
|
||||
foreach ($event['EventTag'] as $tag) {
|
||||
$tag['Tag']['inherited'] = 0;
|
||||
$event['Tag'][] = $tag['Tag'];
|
||||
}
|
||||
unset($event['EventTag']);
|
||||
}
|
||||
return ['Event' => $event];
|
||||
}
|
||||
|
||||
public function massageTags($user, $data, $dataType = 'Event', $excludeGalaxy = false, $cullGalaxyTags = false)
|
||||
{
|
||||
$data['Galaxy'] = array();
|
||||
|
|
|
@ -231,7 +231,11 @@ class Module extends AppModel
|
|||
$triggerData = !empty($attributes) ? $attributes[0] : [];
|
||||
$logging['message'] = __('The workflow `%s` prevented attribute `%s` (from event `%s`) to query the module `%s`', $trigger_id, $postData['attribute_uuid'], $triggerData['Attribute']['event_id'], $postData['module']);
|
||||
} else {
|
||||
$logging['message'] = __('The workflow `%s` prevented event `%s` to query the module `%s`', $trigger_id, $triggerData['Attribute']['event_id'], $postData['module']);
|
||||
if (isset($triggerData['Attribute'])) {
|
||||
$logging['message'] = __('The workflow `%s` prevented attribute `%s` (from event `%s`) to query the module `%s`', $trigger_id, $triggerData['Attribute']['id'], $triggerData['Attribute']['event_id'], $postData['module']);
|
||||
} else {
|
||||
$logging['message'] = __('The workflow `%s` prevented attribute `%s` (from event `%s`) to query the module `%s`', $trigger_id, $triggerData['Event']['Attribute'][0]['id'], $triggerData['Event']['id'], $postData['module']);
|
||||
}
|
||||
}
|
||||
if (empty($triggerData)) {
|
||||
return false;
|
||||
|
@ -255,7 +259,8 @@ class Module extends AppModel
|
|||
if ($moduleFamily == 'Enrichment') {
|
||||
$success = $this->__prepareAndExectureForTrigger($postData, $triggerData);
|
||||
if (!$success) {
|
||||
return false;
|
||||
$trigger_id = 'enrichment-before-query';
|
||||
return __('Trigger `%s` blocked enrichment', $trigger_id);
|
||||
}
|
||||
}
|
||||
if ($hover) {
|
||||
|
|
|
@ -44,6 +44,7 @@ class Module_tag_if extends WorkflowBaseLogicModule
|
|||
'options' => [
|
||||
'event' => __('Event'),
|
||||
'attribute' => __('Attribute'),
|
||||
'event_attribute' => __('Both Event & Attribute'),
|
||||
],
|
||||
'default' => 'event',
|
||||
'label' => 'Scope',
|
||||
|
@ -91,10 +92,16 @@ class Module_tag_if extends WorkflowBaseLogicModule
|
|||
$path = false;
|
||||
$context = $this->__deduceContextFromData($data);
|
||||
if ($scope == 'attribute') {
|
||||
if ($context == self::CONTEXT_ATTRIBUTE) {
|
||||
$path = 'Attribute.Tag.{n}[inherited=0].id';
|
||||
} elseif ($context == self::CONTEXT_EVENT) {
|
||||
$path = 'Event.Attribute.{n}.Tag.{n}[inherited=0].id';
|
||||
}
|
||||
} elseif ($scope == 'event_attribute') {
|
||||
if ($context == self::CONTEXT_ATTRIBUTE) {
|
||||
$path = 'Attribute.Tag.{n}.id';
|
||||
} elseif ($context == self::CONTEXT_EVENT) {
|
||||
$path = 'Event.Attribute.Tag.{n}.id';
|
||||
$path = 'Event.Attribute.{n}.Tag.{n}.id';
|
||||
}
|
||||
} else {
|
||||
$scope = 'event';
|
||||
|
|
Loading…
Reference in New Issue