mirror of https://github.com/MISP/MISP
new: [API] new parameters added to attributes/restSearch to include additional context, fixes #4935, fixes #4940, affects MISP/PyMISP#415
- includeSightings: include sightings for all attributes returned - includeCorrelations: include the correlations to other attributes (includes a light-weight event object with each attribute)pull/4955/head
iglocska
parent
4781d68a44
commit
7003faa00c
|
|
@ -1949,7 +1949,7 @@ class AttributesController extends AppController
|
|||
'value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp',
|
||||
'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags',
|
||||
'includeProposals', 'returnFormat', 'published', 'limit', 'page', 'requested_attributes', 'includeContext', 'headerless',
|
||||
'includeWarninglistHits', 'attackGalaxy', 'object_relation'
|
||||
'includeWarninglistHits', 'attackGalaxy', 'object_relation', 'includeSightings', 'includeCorrelations'
|
||||
);
|
||||
$filterData = array(
|
||||
'request' => $this->request,
|
||||
|
|
|
|||
|
|
@ -1521,7 +1521,7 @@ class Attribute extends AppModel
|
|||
return $this->data['Event']['org_id'] === $org;
|
||||
}
|
||||
|
||||
public function getRelatedAttributes($attribute, $fields=array())
|
||||
public function getRelatedAttributes($attribute, $fields=array(), $includeEventData = false)
|
||||
{
|
||||
// LATER getRelatedAttributes($attribute) this might become a performance bottleneck
|
||||
|
||||
|
|
@ -1565,14 +1565,36 @@ class Attribute extends AppModel
|
|||
if (empty($fields)) {
|
||||
$fields = array('Attribute.*');
|
||||
}
|
||||
$params = array(
|
||||
'conditions' => $conditions,
|
||||
'fields' => $fields,
|
||||
'recursive' => 0,
|
||||
'group' => array('Attribute.event_id'),
|
||||
'order' => 'Attribute.event_id DESC'
|
||||
);
|
||||
if (!empty($includeEventData)) {
|
||||
$params['contain'] = array(
|
||||
'Event' => array(
|
||||
'fields' => array(
|
||||
'Event.id', 'Event.uuid', 'Event.threat_level_id', 'Event.analysis', 'Event.info', 'Event.extends_uuid', 'Event.distribution', 'Event.sharing_group_id', 'Event.published', 'Event.date', 'Event.orgc_id', 'Event.org_id'
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
$similarEvents = $this->find(
|
||||
'all',
|
||||
array('conditions' => $conditions,
|
||||
'fields' => $fields,
|
||||
'recursive' => 0,
|
||||
'group' => array('Attribute.event_id'),
|
||||
'order' => 'Attribute.event_id DESC', )
|
||||
$params
|
||||
);
|
||||
if (!empty($includeEventData)) {
|
||||
foreach ($similarEvents as $k => $similarEvent) {
|
||||
$similarEvents[$k] = array_merge(
|
||||
$similarEvent['Attribute'],
|
||||
array(
|
||||
'Event' => $similarEvent['Event']
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
return $similarEvents;
|
||||
}
|
||||
|
||||
|
|
@ -2968,7 +2990,13 @@ class Attribute extends AppModel
|
|||
'Event' => array(
|
||||
'fields' => array('id', 'info', 'org_id', 'orgc_id', 'uuid'),
|
||||
),
|
||||
'AttributeTag' => array('Tag' => array()),
|
||||
'AttributeTag' => array(
|
||||
'Tag' => array(
|
||||
'fields' => array(
|
||||
'id', 'name', 'colour', 'numerical_value'
|
||||
)
|
||||
)
|
||||
),
|
||||
'Object' => array(
|
||||
'fields' => array('id', 'distribution', 'sharing_group_id')
|
||||
)
|
||||
|
|
@ -3159,6 +3187,15 @@ class Attribute extends AppModel
|
|||
}
|
||||
unset($results[$k]['Event']['EventTag']);
|
||||
}
|
||||
if (!empty($options['includeSightings'])) {
|
||||
$temp = $result['Attribute'];
|
||||
$temp['Event'] = $result['Event'];
|
||||
$results[$k]['Attribute']['Sighting'] = $this->Sighting->attachToEvent($temp, $user, $temp['id']);
|
||||
}
|
||||
if (!empty($options['includeCorrelations'])) {
|
||||
$attributeFields = array('id', 'event_id', 'object_id', 'object_relation', 'category', 'type', 'value', 'uuid', 'timestamp', 'distribution', 'sharing_group_id', 'to_ids', 'comment');
|
||||
$results[$k]['Attribute']['RelatedAttribute'] = ($this->getRelatedAttributes($results[$k]['Attribute'], $attributeFields, true));
|
||||
}
|
||||
}
|
||||
if (!$loop) {
|
||||
if (!empty($params['limit']) && count($results) < $params['limit']) {
|
||||
|
|
@ -4132,6 +4169,8 @@ class Attribute extends AppModel
|
|||
'includeProposals' => !empty($filters['includeProposals']) ? $filters['includeProposals'] : 0,
|
||||
'includeWarninglistHits' => !empty($filters['includeWarninglistHits']) ? $filters['includeWarninglistHits'] : 0,
|
||||
'includeContext' => !empty($filters['includeContext']) ? $filters['includeContext'] : 0,
|
||||
'includeSightings' => !empty($filters['includeSightings']) ? $filters['includeSightings'] : 0,
|
||||
'includeCorrelations' => !empty($filters['includeCorrelations']) ? $filters['includeCorrelations'] : 0
|
||||
);
|
||||
if (!empty($filters['attackGalaxy'])) {
|
||||
$params['attackGalaxy'] = $filters['attackGalaxy'];
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ class Organisation extends AppModel
|
|||
foreach ($results as $k => $organisation) {
|
||||
if (!empty($organisation['Organisation']['restricted_to_domain'])) {
|
||||
$results[$k]['Organisation']['restricted_to_domain'] = json_decode($organisation['Organisation']['restricted_to_domain'], true);
|
||||
} else {
|
||||
} else if (isset($organisation['Organisation']['restricted_to_domain'])){
|
||||
$results[$k]['Organisation']['restricted_to_domain'] = array();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue