mirror of https://github.com/MISP/MISP
Merge pull request #6422 from JakubOnderka/shadow-attribute-code-cleanup
chg: [internal] Cleanup and simplify ShadowAttribute model codepull/6432/head
commit
72e2386a87
|
@ -3,7 +3,7 @@ require_once __DIR__ . '/TmpFileTool.php';
|
|||
|
||||
class ComplexTypeTool
|
||||
{
|
||||
private $__refangRegexTable = array(
|
||||
private static $__refangRegexTable = array(
|
||||
array(
|
||||
'from' => '/^(hxxp|hxtp|htxp|meow|h\[tt\]p)/i',
|
||||
'to' => 'http',
|
||||
|
@ -38,9 +38,9 @@ class ComplexTypeTool
|
|||
|
||||
private $__tlds = null;
|
||||
|
||||
public function refangValue($value, $type)
|
||||
public static function refangValue($value, $type)
|
||||
{
|
||||
foreach ($this->__refangRegexTable as $regex) {
|
||||
foreach (self::$__refangRegexTable as $regex) {
|
||||
if (in_array($type, $regex['types'])) {
|
||||
$value = preg_replace($regex['from'], $regex['to'], $value);
|
||||
}
|
||||
|
@ -358,7 +358,7 @@ class ComplexTypeTool
|
|||
private function __refangInput($input)
|
||||
{
|
||||
$input['refanged'] = $input['raw'];
|
||||
foreach ($this->__refangRegexTable as $regex) {
|
||||
foreach (self::$__refangRegexTable as $regex) {
|
||||
$input['refanged'] = preg_replace($regex['from'], $regex['to'], $input['refanged']);
|
||||
}
|
||||
$input['refanged'] = rtrim($input['refanged'], ".");
|
||||
|
|
|
@ -849,8 +849,7 @@ class Attribute extends AppModel
|
|||
return false;
|
||||
}
|
||||
App::uses('ComplexTypeTool', 'Tools');
|
||||
$this->complexTypeTool = new ComplexTypeTool();
|
||||
$this->data['Attribute']['value'] = $this->complexTypeTool->refangValue($this->data['Attribute']['value'], $this->data['Attribute']['type']);
|
||||
$this->data['Attribute']['value'] = ComplexTypeTool::refangValue($this->data['Attribute']['value'], $this->data['Attribute']['type']);
|
||||
|
||||
if (!empty($this->data['Attribute']['object_id']) && empty($this->data['Attribute']['object_relation'])) {
|
||||
$this->validationErrors['type'] = ['Object attribute sent, but no object_relation set.'];
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
<?php
|
||||
|
||||
App::uses('AppModel', 'Model');
|
||||
App::uses('Folder', 'Utility');
|
||||
App::uses('File', 'Utility');
|
||||
App::uses('AttachmentTool', 'Tools');
|
||||
App::uses('ComplexTypeTool', 'Tools');
|
||||
|
||||
/**
|
||||
* @property Event $Event
|
||||
* @property Attribute $Attribute
|
||||
*/
|
||||
class ShadowAttribute extends AppModel
|
||||
{
|
||||
|
@ -58,7 +59,6 @@ class ShadowAttribute extends AppModel
|
|||
// explanations of certain fields to be used in various views
|
||||
public $fieldDescriptions = array(
|
||||
'signature' => array('desc' => 'Is this attribute eligible to automatically create an IDS signature (network IDS or host IDS) out of it ?'),
|
||||
//'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of <em>this single Attribute</em> to other CyDefSIG servers.<br/>Used only when the Event is NOT set as Private')
|
||||
);
|
||||
|
||||
// if these then a category my have upload to be zipped
|
||||
|
@ -122,7 +122,7 @@ class ShadowAttribute extends AppModel
|
|||
),
|
||||
'to_ids' => array(
|
||||
'boolean' => array(
|
||||
'rule' => array('boolean'),
|
||||
'rule' => 'boolean',
|
||||
'required' => false,
|
||||
),
|
||||
),
|
||||
|
@ -133,9 +133,9 @@ class ShadowAttribute extends AppModel
|
|||
),
|
||||
),
|
||||
'proposal_to_delete' => array(
|
||||
'boolean' => array(
|
||||
'rule' => array('boolean'),
|
||||
),
|
||||
'boolean' => array(
|
||||
'rule' => 'boolean',
|
||||
),
|
||||
),
|
||||
'first_seen' => array(
|
||||
'rule' => array('datetimeOrNull'),
|
||||
|
@ -152,15 +152,8 @@ class ShadowAttribute extends AppModel
|
|||
public function __construct($id = false, $table = null, $ds = null)
|
||||
{
|
||||
parent::__construct($id, $table, $ds);
|
||||
$this->virtualFields = Set::merge($this->virtualFields, array(
|
||||
//'distribution' => 'IF (Attribute.private=true, "Your organization only", IF (Attribute.cluster=true, "This Community-only", "All communities"))',
|
||||
//'distribution' => 'IF (ShadowAttribute.private=true AND ShadowAttribute.cluster=false, "Your organization only", IF (ShadowAttribute.private=true AND ShadowAttribute.cluster=true, "This server-only", IF (ShadowAttribute.private=false AND ShadowAttribute.cluster=true, "This Community-only", IF (ShadowAttribute.communitie=true, "Connected communities" , "All communities"))))',
|
||||
));
|
||||
$this->fieldDescriptions = Set::merge($this->fieldDescriptions, array(
|
||||
//'distribution' => array('desc' => 'This fields indicates the intended distribution of the attribute (same as when adding an event, see Add Event)'),
|
||||
));
|
||||
$this->categoryDefinitions = $this->Event->Attribute->categoryDefinitions;
|
||||
$this->typeDefinitions = $this->Event->Attribute->typeDefinitions;
|
||||
$this->categoryDefinitions = $this->Attribute->categoryDefinitions;
|
||||
$this->typeDefinitions = $this->Attribute->typeDefinitions;
|
||||
}
|
||||
|
||||
// The Associations below have been created with all possible keys, those that are not needed can be removed
|
||||
|
@ -211,7 +204,7 @@ class ShadowAttribute extends AppModel
|
|||
if (isset($sa['ShadowAttribute'])) {
|
||||
$sa = $sa['ShadowAttribute'];
|
||||
}
|
||||
if (in_array($sa['type'], $this->Event->Attribute->nonCorrelatingTypes)) {
|
||||
if (in_array($sa['type'], $this->Attribute->nonCorrelatingTypes)) {
|
||||
return;
|
||||
}
|
||||
$this->ShadowAttributeCorrelation = ClassRegistry::init('ShadowAttributeCorrelation');
|
||||
|
@ -222,14 +215,14 @@ class ShadowAttribute extends AppModel
|
|||
$correlatingValues[] = $sa['value2'];
|
||||
}
|
||||
foreach ($correlatingValues as $k => $cV) {
|
||||
$correlatingAttributes[$k] = $this->Event->Attribute->find('all', array(
|
||||
$correlatingAttributes[$k] = $this->Attribute->find('all', array(
|
||||
'conditions' => array(
|
||||
'AND' => array(
|
||||
'OR' => array(
|
||||
'Attribute.value1' => $cV,
|
||||
'Attribute.value2' => $cV
|
||||
),
|
||||
'Attribute.type !=' => $this->Event->Attribute->nonCorrelatingTypes,
|
||||
'Attribute.type !=' => $this->Attribute->nonCorrelatingTypes,
|
||||
'Attribute.deleted' => 0,
|
||||
'Attribute.event_id !=' => $sa['event_id']
|
||||
),
|
||||
|
@ -304,9 +297,6 @@ class ShadowAttribute extends AppModel
|
|||
parent::beforeValidate();
|
||||
// remove leading and trailing blanks
|
||||
//$this->trimStringFields(); // TODO
|
||||
if (isset($this->data['ShadowAttribute']['value'])) {
|
||||
$this->data['ShadowAttribute']['value'] = trim($this->data['ShadowAttribute']['value']);
|
||||
}
|
||||
|
||||
if (!isset($this->data['ShadowAttribute']['comment'])) {
|
||||
$this->data['ShadowAttribute']['comment'] = '';
|
||||
|
@ -316,6 +306,14 @@ class ShadowAttribute extends AppModel
|
|||
return false;
|
||||
}
|
||||
|
||||
// make some changes to the inserted value
|
||||
if (isset($this->data['ShadowAttribute']['value'])) {
|
||||
$value = trim($this->data['ShadowAttribute']['value']);
|
||||
$value = ComplexTypeTool::refangValue($value, $this->data['ShadowAttribute']['type']);
|
||||
$value = $this->Attribute->modifyBeforeValidation($this->data['ShadowAttribute']['type'], $value);
|
||||
$this->data['ShadowAttribute']['value'] = $value;
|
||||
}
|
||||
|
||||
if (!isset($this->data['ShadowAttribute']['org'])) {
|
||||
$this->data['ShadowAttribute']['org'] = '';
|
||||
}
|
||||
|
@ -329,9 +327,6 @@ class ShadowAttribute extends AppModel
|
|||
$this->data['ShadowAttribute']['proposal_to_delete'] = 0;
|
||||
}
|
||||
|
||||
// make some last changes to the inserted value
|
||||
$this->data['ShadowAttribute']['value'] = $this->Event->Attribute->modifyBeforeValidation($this->data['ShadowAttribute']['type'], $this->data['ShadowAttribute']['value']);
|
||||
|
||||
// generate UUID if it doesn't exist
|
||||
if (empty($this->data['ShadowAttribute']['uuid'])) {
|
||||
$this->data['ShadowAttribute']['uuid'] = CakeText::uuid();
|
||||
|
@ -340,7 +335,7 @@ class ShadowAttribute extends AppModel
|
|||
}
|
||||
|
||||
if (!empty($this->data['ShadowAttribute']['type']) && empty($this->data['ShadowAttribute']['category'])) {
|
||||
$this->data['ShadowAttribute']['category'] = $this->Event->Attribute->typeDefinitions[$this->data['ShadowAttribute']['type']]['default_category'];
|
||||
$this->data['ShadowAttribute']['category'] = $this->Attribute->typeDefinitions[$this->data['ShadowAttribute']['type']]['default_category'];
|
||||
}
|
||||
|
||||
// always return true, otherwise the object cannot be saved
|
||||
|
@ -366,38 +361,28 @@ class ShadowAttribute extends AppModel
|
|||
|
||||
public function validCategory($fields)
|
||||
{
|
||||
return $this->Event->Attribute->validCategory($fields);
|
||||
return $this->Attribute->validCategory($fields);
|
||||
}
|
||||
|
||||
public function validateAttributeValue($fields)
|
||||
{
|
||||
$value = $fields['value'];
|
||||
return $this->Event->Attribute->runValidation($value, $this->data['ShadowAttribute']['type']);
|
||||
return $this->Attribute->runValidation($value, $this->data['ShadowAttribute']['type']);
|
||||
}
|
||||
|
||||
public function getCompositeTypes()
|
||||
{
|
||||
// build the list of composite Attribute.type dynamically by checking if type contains a |
|
||||
// default composite types
|
||||
$compositeTypes = array('malware-sample'); // TODO hardcoded composite
|
||||
// dynamically generated list
|
||||
foreach (array_keys($this->typeDefinitions) as $type) {
|
||||
$pieces = explode('|', $type);
|
||||
if (2 == count($pieces)) {
|
||||
$compositeTypes[] = $type;
|
||||
}
|
||||
}
|
||||
return $compositeTypes;
|
||||
return $this->Attribute->getCompositeTypes();
|
||||
}
|
||||
|
||||
public function typeIsMalware($type)
|
||||
{
|
||||
return in_array($type, $this->zippedDefinitions);
|
||||
return $this->Attribute->typeIsAttachment($type);
|
||||
}
|
||||
|
||||
public function typeIsAttachment($type)
|
||||
{
|
||||
return in_array($type, $this->zippedDefinitions) || in_array($type, $this->uploadDefinitions);
|
||||
return $this->Attribute->typeIsAttachment($type);
|
||||
}
|
||||
|
||||
public function base64EncodeAttachment(array $attribute)
|
||||
|
@ -449,15 +434,7 @@ class ShadowAttribute extends AppModel
|
|||
// check whether the variable is null or datetime
|
||||
public function datetimeOrNull($fields)
|
||||
{
|
||||
$k = array_keys($fields)[0];
|
||||
$seen = $fields[$k];
|
||||
try {
|
||||
new DateTime($seen);
|
||||
$returnValue = true;
|
||||
} catch (Exception $e) {
|
||||
$returnValue = false;
|
||||
}
|
||||
return $returnValue || is_null($seen);
|
||||
return $this->Attribute->datetimeOrNull($fields);
|
||||
}
|
||||
|
||||
public function setDeleted($id)
|
||||
|
@ -714,7 +691,7 @@ class ShadowAttribute extends AppModel
|
|||
'OR' => array(
|
||||
'Event.org_id' => $user['org_id'],
|
||||
['AND' => [
|
||||
'Event.distribution' => array(1,2,3,5),
|
||||
'Event.distribution' => array(1,2,3),
|
||||
$unpublishedPrivate ? ['Event.published' => 1] : [],
|
||||
]],
|
||||
['AND' => [
|
||||
|
|
Loading…
Reference in New Issue