MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Some fixes to the upload malware API 

- Threat level ID options correctly set
- Threat level ID validation tightened to reject anything but the existing threat levels
- The upload malware API now logs validation issues during the failed creation of attributes / events
pull/542/merge
Iglocska 2015-08-05 00:11:16 +02:00
parent 5f1e9e9ec7
commit 7e10eb7b46
4 changed files with 34 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":103}
{"major":2, "minor":3, "hotfix":104}

33
app/Controller/EventsController.php
View File

@ -3231,6 +3231,7 @@ class EventsController extends AppController {
// API for pushing samples to MISP
// Either send it to an existing event, or let MISP create a new one automatically
public function upload_sample($event_id = null) {
$this->loadModel('Log');
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
$categoryDefinitions = $this->Event->Attribute->categoryDefinitions;
$types = array();
@ -3239,7 +3240,7 @@ class EventsController extends AppController {
}
$parameter_options = array(
'distribution' => array('valid_options' => array(0, 1, 2, 3), 'default' => 0),
'threat_level_id' => array('valid_options' => array(0, 1, 2 ,3), 'default' => 4),
'threat_level_id' => array('valid_options' => array(1, 2, 3, 4), 'default' => 4),
'analysis' => array('valid_options' => array(0, 1, 2), 'default' => 0),
'info' => array('default' => 'Malware samples uploaded on ' . date('Y-m-d')),
'to_ids' => array('valid_options' => array(0, 1), 'default' => 1),
@ -3309,13 +3310,23 @@ class EventsController extends AppController {
'user_id' => $this->Auth->user('id'),
)
);
if (!$result) throw new BadRequestException('The creation of a new event with the supplied information has failed.');
if (!$result) {
$this->Log->save(array(
'org' => $this->Auth->user('org'),
'model' => 'Event',
'model_id' => 0,
'email' => $this->Auth->user('email'),
'action' => 'upload_sample',
'user_id' => $this->Auth->user('id'),
'title' => 'Error: Failed to create event using the upload sample functionality',
'change' => 'There was an issue creating an event (' . $data['info'] . '). The validation errors were: ' . json_encode($this->Event->validationErrors),
));
throw new BadRequestException('The creation of a new event with the supplied information has failed.');
}
$data['event_id'] = $this->Event->id;
}
if (!isset($data['to_ids']) || !in_array($data['to_ids'], array('0', '1', 0, 1))) $data['to_ids'] = 1;
foreach ($data['files'] as $file) {
$temp = $this->Event->Attribute->handleMaliciousBase64($data['event_id'], $file['filename'], $file['data'], array_keys($hashes));
if ($temp['success']) {
@ -3333,7 +3344,19 @@ class EventsController extends AppController {
'to_ids' => $data['to_ids']
);
if ($hash == 'md5') $attribute['data'] = $file['data'];
$this->Event->Attribute->save($attribute);
$result = $this->Event->Attribute->save($attribute);
if (!$result) {
$this->Log->save(array(
'org' => $this->Auth->user('org'),
'model' => 'Event',
'model_id' => $data['event_id'],
'email' => $this->Auth->user('email'),
'action' => 'upload_sample',
'user_id' => $this->Auth->user('id'),
'title' => 'Error: Failed to create attribute using the upload sample functionality',
'change' => 'There was an issue creating an attribute (' . $typeName . ': ' . $file['filename'] . '|' . $file[$hash] . '). ' . 'The validation errors were: ' . json_encode($this->Event->Attribute->validationErrors),
));
}
}
}
}

6
app/Model/Event.php
View File

@ -169,8 +169,8 @@ class Event extends AppModel {
),
'threat_level_id' => array(
'notempty' => array(
'rule' => array('notempty'),
//'message' => 'Please specify threat level',
'rule' => array('inList', array('1', '2', '3', '4')),
'message' => 'Options : 1, 2, 3, 4 (for High, Medium, Low, Undefined)',
'required' => true
),
),
@ -186,7 +186,7 @@ class Event extends AppModel {
),
'analysis' => array(
'rule' => array('inList', array('0', '1', '2')),
'message' => 'Options : 0, 1, 2',
'message' => 'Options : 0, 1, 2 (for Initial, Ongoing, Completed)',
//'allowEmpty' => false,
'required' => true,
//'last' => false, // Stop validation after this rule

3
app/Model/Log.php
View File

@ -26,7 +26,8 @@ class Log extends AppModel {
'admin_email',
'email',
'serverSettingsEdit',
'remove_dead_workers'
'remove_dead_workers',
'upload_sample'
)),
'message' => 'Options : ...'
)