From 2f4d38b2f14502b04c3f17d010cf990877b7d3e6 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 11 Oct 2020 15:20:20 +0200 Subject: [PATCH] chg: [internal] Cleanup and simplify ShadowAttribute model code --- app/Lib/Tools/ComplexTypeTool.php | 8 ++-- app/Model/Attribute.php | 3 +- app/Model/ShadowAttribute.php | 77 +++++++++++-------------------- 3 files changed, 32 insertions(+), 56 deletions(-) diff --git a/app/Lib/Tools/ComplexTypeTool.php b/app/Lib/Tools/ComplexTypeTool.php index c6328c605..65a73e2ff 100644 --- a/app/Lib/Tools/ComplexTypeTool.php +++ b/app/Lib/Tools/ComplexTypeTool.php @@ -3,7 +3,7 @@ require_once __DIR__ . '/TmpFileTool.php'; class ComplexTypeTool { - private $__refangRegexTable = array( + private static $__refangRegexTable = array( array( 'from' => '/^(hxxp|hxtp|htxp|meow|h\[tt\]p)/i', 'to' => 'http', @@ -38,9 +38,9 @@ class ComplexTypeTool private $__tlds = null; - public function refangValue($value, $type) + public static function refangValue($value, $type) { - foreach ($this->__refangRegexTable as $regex) { + foreach (self::$__refangRegexTable as $regex) { if (in_array($type, $regex['types'])) { $value = preg_replace($regex['from'], $regex['to'], $value); } @@ -358,7 +358,7 @@ class ComplexTypeTool private function __refangInput($input) { $input['refanged'] = $input['raw']; - foreach ($this->__refangRegexTable as $regex) { + foreach (self::$__refangRegexTable as $regex) { $input['refanged'] = preg_replace($regex['from'], $regex['to'], $input['refanged']); } $input['refanged'] = rtrim($input['refanged'], "."); diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 3941336a9..1d46f5eaf 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -849,8 +849,7 @@ class Attribute extends AppModel return false; } App::uses('ComplexTypeTool', 'Tools'); - $this->complexTypeTool = new ComplexTypeTool(); - $this->data['Attribute']['value'] = $this->complexTypeTool->refangValue($this->data['Attribute']['value'], $this->data['Attribute']['type']); + $this->data['Attribute']['value'] = ComplexTypeTool::refangValue($this->data['Attribute']['value'], $this->data['Attribute']['type']); if (!empty($this->data['Attribute']['object_id']) && empty($this->data['Attribute']['object_relation'])) { $this->validationErrors['type'] = ['Object attribute sent, but no object_relation set.']; diff --git a/app/Model/ShadowAttribute.php b/app/Model/ShadowAttribute.php index e16e5775b..80d8e79ab 100644 --- a/app/Model/ShadowAttribute.php +++ b/app/Model/ShadowAttribute.php @@ -1,12 +1,13 @@ array('desc' => 'Is this attribute eligible to automatically create an IDS signature (network IDS or host IDS) out of it ?'), - //'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of this single Attribute to other CyDefSIG servers.
Used only when the Event is NOT set as Private') ); // if these then a category my have upload to be zipped @@ -122,7 +122,7 @@ class ShadowAttribute extends AppModel ), 'to_ids' => array( 'boolean' => array( - 'rule' => array('boolean'), + 'rule' => 'boolean', 'required' => false, ), ), @@ -133,9 +133,9 @@ class ShadowAttribute extends AppModel ), ), 'proposal_to_delete' => array( - 'boolean' => array( - 'rule' => array('boolean'), - ), + 'boolean' => array( + 'rule' => 'boolean', + ), ), 'first_seen' => array( 'rule' => array('datetimeOrNull'), @@ -152,15 +152,8 @@ class ShadowAttribute extends AppModel public function __construct($id = false, $table = null, $ds = null) { parent::__construct($id, $table, $ds); - $this->virtualFields = Set::merge($this->virtualFields, array( - //'distribution' => 'IF (Attribute.private=true, "Your organization only", IF (Attribute.cluster=true, "This Community-only", "All communities"))', - //'distribution' => 'IF (ShadowAttribute.private=true AND ShadowAttribute.cluster=false, "Your organization only", IF (ShadowAttribute.private=true AND ShadowAttribute.cluster=true, "This server-only", IF (ShadowAttribute.private=false AND ShadowAttribute.cluster=true, "This Community-only", IF (ShadowAttribute.communitie=true, "Connected communities" , "All communities"))))', - )); - $this->fieldDescriptions = Set::merge($this->fieldDescriptions, array( - //'distribution' => array('desc' => 'This fields indicates the intended distribution of the attribute (same as when adding an event, see Add Event)'), - )); - $this->categoryDefinitions = $this->Event->Attribute->categoryDefinitions; - $this->typeDefinitions = $this->Event->Attribute->typeDefinitions; + $this->categoryDefinitions = $this->Attribute->categoryDefinitions; + $this->typeDefinitions = $this->Attribute->typeDefinitions; } // The Associations below have been created with all possible keys, those that are not needed can be removed @@ -211,7 +204,7 @@ class ShadowAttribute extends AppModel if (isset($sa['ShadowAttribute'])) { $sa = $sa['ShadowAttribute']; } - if (in_array($sa['type'], $this->Event->Attribute->nonCorrelatingTypes)) { + if (in_array($sa['type'], $this->Attribute->nonCorrelatingTypes)) { return; } $this->ShadowAttributeCorrelation = ClassRegistry::init('ShadowAttributeCorrelation'); @@ -222,14 +215,14 @@ class ShadowAttribute extends AppModel $correlatingValues[] = $sa['value2']; } foreach ($correlatingValues as $k => $cV) { - $correlatingAttributes[$k] = $this->Event->Attribute->find('all', array( + $correlatingAttributes[$k] = $this->Attribute->find('all', array( 'conditions' => array( 'AND' => array( 'OR' => array( 'Attribute.value1' => $cV, 'Attribute.value2' => $cV ), - 'Attribute.type !=' => $this->Event->Attribute->nonCorrelatingTypes, + 'Attribute.type !=' => $this->Attribute->nonCorrelatingTypes, 'Attribute.deleted' => 0, 'Attribute.event_id !=' => $sa['event_id'] ), @@ -304,9 +297,6 @@ class ShadowAttribute extends AppModel parent::beforeValidate(); // remove leading and trailing blanks //$this->trimStringFields(); // TODO - if (isset($this->data['ShadowAttribute']['value'])) { - $this->data['ShadowAttribute']['value'] = trim($this->data['ShadowAttribute']['value']); - } if (!isset($this->data['ShadowAttribute']['comment'])) { $this->data['ShadowAttribute']['comment'] = ''; @@ -316,6 +306,14 @@ class ShadowAttribute extends AppModel return false; } + // make some changes to the inserted value + if (isset($this->data['ShadowAttribute']['value'])) { + $value = trim($this->data['ShadowAttribute']['value']); + $value = ComplexTypeTool::refangValue($value, $this->data['ShadowAttribute']['type']); + $value = $this->Attribute->modifyBeforeValidation($this->data['ShadowAttribute']['type'], $value); + $this->data['ShadowAttribute']['value'] = $value; + } + if (!isset($this->data['ShadowAttribute']['org'])) { $this->data['ShadowAttribute']['org'] = ''; } @@ -329,9 +327,6 @@ class ShadowAttribute extends AppModel $this->data['ShadowAttribute']['proposal_to_delete'] = 0; } - // make some last changes to the inserted value - $this->data['ShadowAttribute']['value'] = $this->Event->Attribute->modifyBeforeValidation($this->data['ShadowAttribute']['type'], $this->data['ShadowAttribute']['value']); - // generate UUID if it doesn't exist if (empty($this->data['ShadowAttribute']['uuid'])) { $this->data['ShadowAttribute']['uuid'] = CakeText::uuid(); @@ -340,7 +335,7 @@ class ShadowAttribute extends AppModel } if (!empty($this->data['ShadowAttribute']['type']) && empty($this->data['ShadowAttribute']['category'])) { - $this->data['ShadowAttribute']['category'] = $this->Event->Attribute->typeDefinitions[$this->data['ShadowAttribute']['type']]['default_category']; + $this->data['ShadowAttribute']['category'] = $this->Attribute->typeDefinitions[$this->data['ShadowAttribute']['type']]['default_category']; } // always return true, otherwise the object cannot be saved @@ -366,38 +361,28 @@ class ShadowAttribute extends AppModel public function validCategory($fields) { - return $this->Event->Attribute->validCategory($fields); + return $this->Attribute->validCategory($fields); } public function validateAttributeValue($fields) { $value = $fields['value']; - return $this->Event->Attribute->runValidation($value, $this->data['ShadowAttribute']['type']); + return $this->Attribute->runValidation($value, $this->data['ShadowAttribute']['type']); } public function getCompositeTypes() { - // build the list of composite Attribute.type dynamically by checking if type contains a | - // default composite types - $compositeTypes = array('malware-sample'); // TODO hardcoded composite - // dynamically generated list - foreach (array_keys($this->typeDefinitions) as $type) { - $pieces = explode('|', $type); - if (2 == count($pieces)) { - $compositeTypes[] = $type; - } - } - return $compositeTypes; + return $this->Attribute->getCompositeTypes(); } public function typeIsMalware($type) { - return in_array($type, $this->zippedDefinitions); + return $this->Attribute->typeIsAttachment($type); } public function typeIsAttachment($type) { - return in_array($type, $this->zippedDefinitions) || in_array($type, $this->uploadDefinitions); + return $this->Attribute->typeIsAttachment($type); } public function base64EncodeAttachment(array $attribute) @@ -449,15 +434,7 @@ class ShadowAttribute extends AppModel // check whether the variable is null or datetime public function datetimeOrNull($fields) { - $k = array_keys($fields)[0]; - $seen = $fields[$k]; - try { - new DateTime($seen); - $returnValue = true; - } catch (Exception $e) { - $returnValue = false; - } - return $returnValue || is_null($seen); + return $this->Attribute->datetimeOrNull($fields); } public function setDeleted($id) @@ -714,7 +691,7 @@ class ShadowAttribute extends AppModel 'OR' => array( 'Event.org_id' => $user['org_id'], ['AND' => [ - 'Event.distribution' => array(1,2,3,5), + 'Event.distribution' => array(1,2,3), $unpublishedPrivate ? ['Event.published' => 1] : [], ]], ['AND' => [