MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:MISP/MISP into develop

pull/9044/head
Alexandre Dulaunoy 2023-04-19 11:34:13 +02:00
parent 97610f02b8 1f4e2af37a
commit 778c252e4f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
10 changed files with 148 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Console/Command/Ls22Shell.php
View File

@ -428,7 +428,7 @@ class Ls22Shell extends AppShell
}
$HttpSocket = $this->Server->setupHttpSocket($server, null);
$request = $this->Server->setupSyncRequest($server);
$response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:all', false, $request);
$response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:local', false, $request);
$orgs = json_decode($response->body(), true);
$this->out(__('Organisations fetched. %d found.', count($orgs)), 1, Shell::VERBOSE);
$org_mapping = [];
@ -439,21 +439,28 @@ class Ls22Shell extends AppShell
if ($org['Organisation']['name'] === 'YT') {
continue;
}
if ($org['Organisation']['name'] === 'ORGNAME') {
continue;
}
$org_mapping[$org['Organisation']['name']] = $org['Organisation']['id'];
}
if (!empty($this->param['from'])) {
$time_range[] = $this->param['from'];
$time_range = [];
if (!empty($this->param('from'))) {
$time_range[] = $this->param('from');
}
if (!empty($this->param['to'])) {
if (!empty($this->param('to'))) {
if (empty($time_range)) {
$time_range[] = '365d';
}
$time_range[] = $this->param['to'];
$time_range[] = $this->param('to');
} else {
if (!empty($time_range)) {
$time_range[] = '0h';
}
}
$event_extended_uuids = [];
$event_uuid_per_org = [];
foreach ($org_mapping as $org_name => $org_id) {
$time_range = [];
$params = [
'org' => $org_id
];

4
app/Controller/AppController.php
View File

@ -33,7 +33,7 @@ class AppController extends Controller
public $helpers = array('OrgImg', 'FontAwesome', 'UserName');
private $__queryVersion = '148';
private $__queryVersion = '149';
public $pyMispVersion = '2.4.170';
public $phpmin = '7.2';
public $phprec = '7.4';
@ -1491,7 +1491,7 @@ class AppController extends Controller
protected function __setPagingParams(int $page, int $limit, int $current, string $type = 'named')
{
$this->request->params['paging'] = [
'Correlation' => [
$this->modelClass => [
'page' => $page,
'limit' => $limit,
'current' => $current,

2
app/Controller/LogsController.php
View File

@ -377,7 +377,7 @@ class LogsController extends AppController
$this->set('list', $list);
// set the same view as the index page
$this->render('admin_index');
$this->render('index');
}
} else {
// no search keyword is given, show the search form

10
app/Controller/ServersController.php
View File

@ -57,6 +57,14 @@ class ServersController extends AppController
unset($fields['authkey']);
$fields = array_keys($fields);
$filters = $this->IndexFilter->harvestParameters(['search']);
$conditions = [];
if (!empty($filters['search'])) {
$strSearch = '%' . trim(strtolower($filters['search'])) . '%';
$conditions['OR'][]['LOWER(Server.name) LIKE'] = $strSearch;
$conditions['OR'][]['LOWER(Server.url) LIKE'] = $strSearch;
}
if ($this->_isRest()) {
$params = array(
'fields' => $fields,
@ -72,12 +80,14 @@ class ServersController extends AppController
'fields' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'),
),
),
'conditions' => $conditions,
);
$servers = $this->Server->find('all', $params);
$servers = $this->Server->attachServerCacheTimestamps($servers);
return $this->RestResponse->viewData($servers, $this->response->type());
} else {
$this->paginate['fields'] = $fields;
$this->paginate['conditions'] = $conditions;
$servers = $this->paginate();
$servers = $this->Server->attachServerCacheTimestamps($servers);
$this->set('servers', $servers);

1
app/Model/Event.php
View File

@ -3641,6 +3641,7 @@ class Event extends AppModel
$this->OrgBlocklist = ClassRegistry::init('OrgBlocklist');
}
if ($this->OrgBlocklist->isBlocked($orgc)) {
$this->OrgBlocklist->saveEventBlocked($orgc);
return 'blocked';
}
}

92
app/Model/OrgBlocklist.php
View File

@ -43,6 +43,24 @@ class OrgBlocklist extends AppModel
return true;
}
public function afterDelete()
{
parent::afterDelete();
if (!empty($this->data['OrgBlocklist']['org_uuid'])) {
$this->cleanupBlockedCount($this->data['OrgBlocklist']['org_uuid']);
}
}
public function afterFind($results, $primary = false)
{
foreach ($results as $k => $result) {
if (isset($result['OrgBlocklist']['org_uuid'])) {
$results[$k]['OrgBlocklist']['blocked_data'] = $this->getBlockedData($result['OrgBlocklist']['org_uuid']);
}
}
return $results;
}
/**
* @param array $eventArray
*/
@ -74,16 +92,7 @@ class OrgBlocklist extends AppModel
}
if (is_numeric($orgIdOrUuid)) {
$this->Organisation = ClassRegistry::init('Organisation');
$orgUuid = $this->Organisation->find('first', [
'conditions' => ['Organisation.id' => $orgIdOrUuid],
'fields' => ['Organisation.uuid'],
'recursive' => -1,
]);
if (empty($orgUuid)) {
return false; // org not found by ID, so it is not blocked
}
$orgUuid = $orgUuid['Organisation']['uuid'];
$orgUuid = $this->getUUIDFromID($orgIdOrUuid);
} else {
$orgUuid = $orgIdOrUuid;
}
@ -92,4 +101,67 @@ class OrgBlocklist extends AppModel
$this->blockedCache[$orgIdOrUuid] = $isBlocked;
return $isBlocked;
}
private function getUUIDFromID($orgID)
{
$this->Organisation = ClassRegistry::init('Organisation');
$orgUuid = $this->Organisation->find('first', [
'conditions' => ['Organisation.id' => $orgID],
'fields' => ['Organisation.uuid'],
'recursive' => -1,
]);
if (empty($orgUuid)) {
return false; // org not found by ID, so it is not blocked
}
$orgUuid = $orgUuid['Organisation']['uuid'];
return $orgUuid;
}
public function saveEventBlocked($orgIdOrUUID)
{
if (is_numeric($orgIdOrUUID)) {
$orgcUUID = $this->getUUIDFromID($orgIdOrUUID);
} else {
$orgcUUID = $orgIdOrUUID;
}
$lastBlockTime = time();
$redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}";
$redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}";
$redis = RedisTool::init();
if ($redis !== false) {
$pipe = $redis->multi(Redis::PIPELINE)
->incr($redisKeyBlockAmount)
->set($redisKeyBlockLastTime, $lastBlockTime);
$pipe->exec();
}
}
private function cleanupBlockedCount($orgcUUID)
{
$redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}";
$redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}";
$redis = RedisTool::init();
if ($redis !== false) {
$pipe = $redis->multi(Redis::PIPELINE)
->del($redisKeyBlockAmount)
->del($redisKeyBlockLastTime);
$pipe->exec();
}
}
public function getBlockedData($orgcUUID)
{
$redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}";
$redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}";
$blockData = [
'blocked_amount' => false,
'blocked_last_time' => false,
];
$redis = RedisTool::init();
if ($redis !== false) {
$blockData['blocked_amount'] = $redis->get($redisKeyBlockAmount);
$blockData['blocked_last_time'] = $redis->get($redisKeyBlockLastTime);
}
return $blockData;
}
}

2
app/View/Elements/eventdiscussion.ctp
View File

@ -149,7 +149,7 @@
));
?>
</fieldset>
<button class="btn btn-primary" onclick="submitMessageForm('<?php echo $url;?>', 'PostViewForm', 'top'); return false;"><?php echo __('Send comment');?></button>
<button class="btn btn-primary" onclick="submitMessageForm('<?php echo $url;?>'); return false;"><?php echo __('Send comment');?></button>
<?php
echo $this->Form->end();
?>

3
app/View/Logs/index.ctp
View File

@ -22,6 +22,9 @@
}
}
echo ":</h4>";
$this->LightPaginator->options([
'url' => ['search']
]);
}
?>
<div class="pagination">

11
app/View/OrgBlocklists/index.ctp
View File

@ -32,6 +32,17 @@ echo $this->element('genericElements/IndexTable/scaffold', [
'data_path' => 'OrgBlocklist.comment',
'class' => 'bitwider'
],
[
'name' => 'Blocked amount',
'sort' => 'OrgBlocklist.blocked_data.blocked_amount',
'data_path' => 'OrgBlocklist.blocked_data.blocked_amount',
],
[
'name' => 'Blocked last time ',
'sort' => 'OrgBlocklist.blocked_data.blocked_last_time',
'data_path' => 'OrgBlocklist.blocked_data.blocked_last_time',
'element' => 'datetime'
],
],
'title' => empty($ajax) ? __('Organisation Blocklists') : false,

38
app/webroot/js/misp.js
View File

@ -347,26 +347,36 @@ function submitPasswordReset(id) {
});
}
function submitMessageForm(url, form, target) {
function submitMessageForm(url) {
if (!$('#PostMessage').val()) {
showMessage("fail", "Cannot submit empty message.");
} else {
submitGenericForm(url, form, target);
var message = $('#PostMessage').val()
fetchFormDataAjax(url, function (formData) {
var $formData = $(formData);
$formData.find('#PostMessage').val(message);
$.ajax({
data: $formData.find('form').serialize(),
beforeSend: function () {
$(".loading").show();
},
success: function (data) {
showMessage("success", "Message added.");
$('#top').html(data);
},
error: function () {
showMessage('fail', 'Could not add message.');
},
complete: function () {
$(".loading").hide();
},
type: "post",
url: $formData.find('form').attr('action')
});
});
}
}
function submitGenericForm(url, form, target) {
xhr({
data: $('#' + form).serialize(),
success:function (data, textStatus) {
$('#top').html(data);
showMessage("success", "Message added.");
},
type: "post",
url: url,
});
}
function acceptObject(type, id) {
var name = '#ShadowAttribute_' + id + '_accept';
var formData = $(name).serialize();