MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [API] Added possibility to include the original file while importing STIX data

pull/3654/head
chrisr3d 2018-09-06 13:37:29 +02:00
parent 7e5be5f37b
commit 71d1b9075a
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
3 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/EventsController.php
View File

@ -1739,13 +1739,14 @@ class EventsController extends AppController
throw new UnauthorizedException(__('You do not have permission to do that.'));
}
if ($this->request->is('post')) {
$original_file = !empty($this->data['Event']['original_file']) ? $this->data['Event']['name'] : None;
if ($this->_isRest()) {
$randomFileName = $this->Event->generateRandomFileName();
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
$tempFile = new File($tmpDir . DS . $randomFileName, true, 0644);
$tempFile->write($this->request->input());
$tempFile->close();
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version);
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version, $original_file);
if (is_array($result)) {
return $this->RestResponse->saveSuccessResponse('Events', 'upload_stix', false, $this->response->type(), 'STIX document imported, event\'s created: ' . implode(', ', $result) . '.');
} elseif (is_numeric($result)) {
@ -1763,7 +1764,7 @@ class EventsController extends AppController
$randomFileName = $this->Event->generateRandomFileName();
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
move_uploaded_file($this->data['Event']['stix']['tmp_name'], $tmpDir . DS . $randomFileName);
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version);
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version, $original_file);
if (is_array($result)) {
$this->Flash->success(__('STIX document imported, event\'s created: ' . implode(', ', $result) . '.'));
$this->redirect(array('action' => 'index'));

4
app/Model/Event.php
View File

@ -4729,7 +4729,7 @@ class Event extends AppModel
return $this->save($event);
}
public function upload_stix($user, $filename, $stix_version)
public function upload_stix($user, $filename, $stix_version, $original_file)
{
App::uses('Folder', 'Utility');
App::uses('File', 'Utility');
@ -4746,7 +4746,7 @@ class Event extends AppModel
} else {
throw new MethodNotAllowedException('Invalid STIX version');
}
$shell_command .= ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
$shell_command .= ' ' . $original_file . ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
$result = shell_exec($shell_command);
unlink($tempFilePath);
if (trim($result) == '1') {

19
app/View/Events/upload_stix.ctp
View File

@ -2,22 +2,29 @@
<?php
echo $this->Form->create('Event', array('type' => 'file'));
?>
<fieldset>
<legend><?php echo __('Import %s file', $stix_version); ?></legend>
<fieldset>
<legend><?php echo __('Import %s file', $stix_version); ?></legend>
<?php
echo $this->Form->input('Event.stix', array(
'label' => '<b>' . __('%s file', $stix_version) . '</b>',
'type' => 'file',
));
?>
<div class="input clear"></div>
<?php
?>
<div class="input clear"></div>
<?php
echo $this->Form->input('publish', array(
'checked' => false,
'label' => __('Publish imported events'),
));
?>
</fieldset>
<div class="input clear"></div>
<?php
echo $this->Form->input('original_file', array(
'checked' => true,
'label' => __('Include the original imported file as attachment')
));
?>
</fieldset>
<?php
echo $this->Form->button(__('Upload'), array('class' => 'btn btn-primary'));
echo $this->Form->end();