MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4' into fix-sg-creation

pull/6031/head
mokaddem 2020-07-06 15:52:27 +02:00
parent 60a9707808 f7983719c7
commit 8119dc70b4
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
17 changed files with 97 additions and 552 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/AttributesController.php
View File

@ -305,7 +305,7 @@ class AttributesController extends AppController
// combobox for categories
$categories = array_keys($this->Attribute->categoryDefinitions);
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories', compact('categories'));
$this->set('categories', $categories);
$this->loadModel('Event');
$events = $this->Event->findById($eventId);
$this->set('event_id', $events['Event']['id']);
@ -2243,7 +2243,7 @@ class AttributesController extends AppController
// combobox for categories
$categories = array_keys($this->Attribute->categoryDefinitions);
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories', compact('categories'));
$this->set('categories', $categories);
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);

4
app/Controller/Component/ACLComponent.php
View File

@ -437,11 +437,7 @@ class ACLComponent extends Component
'discardSelected' => array('perm_add'),
'download' => array('*'),
'edit' => array('perm_add'),
'editField' => array('perm_add'),
'fetchEditForm' => array('perm_add'),
'generateCorrelation' => array(),
'getProposalsByUuid' => array('perm_sync'),
'getProposalsByUuidList' => array('perm_sync'),
'index' => array('*'),
'view' => array('*'),
),

150
app/Controller/ShadowAttributesController.php
View File

@ -456,7 +456,7 @@ class ShadowAttributesController extends AppController
// combobox for categories
$categories = array_keys($this->ShadowAttribute->Event->Attribute->categoryDefinitions);
$categories = $this->_arrayToValuesIndexArray($categories);
$this->set('categories', compact('categories'));
$this->set('categories', $categories);
foreach ($this->ShadowAttribute->Event->Attribute->categoryDefinitions as $key => $value) {
$info['category'][$key] = array('key' => $key, 'desc' => isset($value['formdesc'])? $value['formdesc'] : $value['desc']);
}
@ -1003,154 +1003,6 @@ class ShadowAttributesController extends AppController
}
}
// takes a uuid and finds all proposals that belong to an event with the given uuid. These are then returned.
public function getProposalsByUuid($uuid)
{
if (!$this->_isRest() || !$this->userRole['perm_sync']) {
throw new MethodNotAllowedException(__('This feature is only available using the API to Sync users'));
}
if (strlen($uuid) != 36) {
throw new NotFoundException(__('Invalid UUID'));
}
$temp = $this->ShadowAttribute->find('all', array(
'conditions' => array('event_uuid' => $uuid),
'recursive' => -1,
'contain' => array(
'Org' => array('fields' => array('uuid', 'name')),
'EventOrg' => array('fields' => array('uuid', 'name')),
)
));
foreach ($temp as $key => $t) {
if ($this->ShadowAttribute->typeIsAttachment($t['ShadowAttribute']['type'])) {
$temp[$key]['ShadowAttribute']['data'] = $this->ShadowAttribute->base64EncodeAttachment($t['ShadowAttribute']);
}
}
if ($temp == null) {
$this->response->statusCode(404);
$this->set('name', 'No proposals found.');
$this->set('message', 'No proposals found');
$this->set('errors', 'No proposals found');
$this->set('url', '/shadow_attributes/getProposalsByUuid/' . $uuid);
$this->set('_serialize', array('name', 'message', 'url', 'errors'));
$this->response->send();
return false;
} else {
$this->set('proposal', $temp);
$this->render('get_proposals_by_uuid');
}
}
// deprecated function, returns empty array - proposal sync on more modern versions (>=2.4.111) happens via the shadow_attributes/index endpoint
public function getProposalsByUuidList()
{
return $this->RestResponse->viewData(array());
}
public function fetchEditForm($id, $field = null)
{
$validFields = array('value', 'comment', 'type', 'category', 'to_ids');
if (!isset($field) || !in_array($field, $validFields)) {
throw new MethodNotAllowedException(__('Invalid field requested.'));
}
$this->loadModel('Attribute');
$this->Attribute->id = $id;
if (!$this->Attribute->exists()) {
throw new NotFoundException(__('Invalid attribute'));
}
$fields = array('id', 'distribution', 'event_id');
if ($field == 'category' || $field == 'type') {
$fields[] = 'type';
$fields[] = 'category';
} else {
$fields[] = $field;
}
$attribute = $this->Attribute->find('first', array(
'recursive' => -1,
'conditions' => array('Attribute.id' => $id),
'fields' => $fields,
'contain' => array(
'Event' => array(
'fields' => array('distribution', 'id', 'user_id', 'orgc_id', 'org_id'),
)
)
));
if (!$this->_isSiteAdmin()) {
if ($attribute['Event']['orgc_id'] != $this->Auth->user('org_id') && ($attribute['Event']['org_id'] == $this->Auth->user('org_id') || $attribute['Event']['distribution'] > 0)) {
// Allow the edit
} else {
throw new NotFoundException(__('Invalid attribute'));
}
}
$this->layout = 'ajax';
if ($field == 'distribution') {
$this->set('distributionLevels', $this->Attribute->distributionLevels);
}
if ($field == 'category') {
$typeCategory = array();
foreach ($this->Attribute->categoryDefinitions as $k => $category) {
foreach ($category['types'] as $type) {
$typeCategory[$type][] = $k;
}
}
$this->set('typeCategory', $typeCategory);
}
if ($field == 'type') {
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
}
$this->set('object', $attribute['Attribute']);
$fieldURL = ucfirst($field);
$this->render('ajax/attributeEdit' . $fieldURL . 'Form');
}
// ajax edit - post a single edited field and this method will attempt to create a proposal and return a json with the validation errors if they occur.
public function editField($id)
{
if ((!$this->request->is('post') && !$this->request->is('put')) || !$this->request->is('ajax')) {
throw new MethodNotAllowedException();
}
$this->loadModel('Attribute');
$this->Attribute->id = $id;
if (!$this->Attribute->exists()) {
throw new NotFoundException(__('Invalid attribute'));
}
$this->Attribute->recursive = -1;
$this->Attribute->contain('Event');
$attribute = $this->Attribute->read();
if (!$this->_isSiteAdmin()) {
if ($attribute['Event']['orgc_id'] != $this->Auth->user('org_id') && ($attribute['Event']['org_id'] == $this->Auth->user('org_id') || $attribute['Event']['distribution'] > 0)) {
// Allow the edit
} else {
throw new NotFoundException(__('Invalid attribute'));
}
}
$keys = array_flip(array('uuid', 'event_id', 'value', 'type', 'category', 'to_ids', 'first_seen', 'last_seen'));
$proposal = array_intersect_key($attribute['Attribute'], $keys);
$proposal['email'] = $this->Auth->user('email');
$proposal['org_id'] = $this->Auth->user('org_id');
$proposal['event_uuid'] = $attribute['Event']['uuid'];
$proposal['event_org_id'] = $attribute['Event']['orgc_id'];
$proposal['old_id'] = $attribute['Attribute']['id'];
foreach ($this->request->data['ShadowAttribute'] as $changedKey => $changedField) {
if ($proposal[$changedKey] == $changedField) {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode('nochange'), 'status'=>200, 'type' => 'json'));
}
$proposal[$changedKey] = $changedField;
}
if ($this->ShadowAttribute->save($proposal)) {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode(array('saved' => true)), 'status'=>200, 'type' => 'json'));
} else {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode(array('fail' => false, 'errors' => $this->ShadowAttribute->validationErrors)), 'status'=>200, 'type' => 'json'));
}
}
public function discardSelected($id)
{
if (!$this->request->is('post') || !$this->request->is('ajax')) {

88
app/Model/Event.php
View File

@ -1524,20 +1524,6 @@ class Event extends AppModel
return $this->delete($id, false);
}
public function downloadProposalsFromServer($uuidList, $server, $HttpSocket = null)
{
$url = $server['Server']['url'];
$HttpSocket = $this->setupHttpSocket($server, $HttpSocket);
$request = $this->setupSyncRequest($server);
$uri = $url . '/shadow_attributes/getProposalsByUuidList';
$response = $HttpSocket->post($uri, json_encode($uuidList), $request);
if ($response->isOk()) {
return(json_decode($response->body, true));
} else {
return false;
}
}
public function createEventConditions($user)
{
$conditions = array();
@ -3691,7 +3677,7 @@ class Event extends AppModel
$referencesToCapture = array();
if (!empty($data['Event']['Object'])) {
foreach ($data['Event']['Object'] as $object) {
$result = $this->Object->captureObject($object, $this->id, $user, $this->Log);
$result = $this->Object->captureObject($object, $this->id, $user, $this->Log, false);
}
foreach ($data['Event']['Object'] as $object) {
if (isset($object['ObjectReference'])) {
@ -4802,43 +4788,47 @@ class Event extends AppModel
$proposal['objectType'] = 'proposal';
}
$include = $filterType['proposal'] != 2;
$include = true;
if ($filterType) {
$include = $filterType['proposal'] != 2;
/* correlation */
if ($filterType['correlation'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (in_array($proposal['id'], $correlatedShadowAttributes)) { // `include only`
$include = $include && ($filterType['correlation'] == 1);
} else { // `exclude`
$include = $include && ($filterType['correlation'] == 2);
/* correlation */
if ($filterType['correlation'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (in_array($proposal['id'], $correlatedShadowAttributes)) { // `include only`
$include = $include && ($filterType['correlation'] == 1);
} else { // `exclude`
$include = $include && ($filterType['correlation'] == 2);
}
/* feed */
if ($filterType['feed'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($proposal['Feed'])) { // `include only`
$include = $include && ($filterType['feed'] == 1);
} else { // `exclude`
$include = $include && ($filterType['feed'] == 2);
}
/* server */
if ($filterType['server'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($attribute['Server'])) { // `include only`
$include = $include && ($filterType['server'] == 1);
} else { // `exclude`
$include = $include && ($filterType['server'] == 2);
}
/* TypeGroupings */
if (
$filterType['attributeFilter'] != 'all'
&& isset($this->Attribute->typeGroupings[$filterType['attributeFilter']])
&& !in_array($proposal['type'], $this->Attribute->typeGroupings[$filterType['attributeFilter']])
) {
$include = false;
}
}
/* feed */
if ($filterType['feed'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($proposal['Feed'])) { // `include only`
$include = $include && ($filterType['feed'] == 1);
} else { // `exclude`
$include = $include && ($filterType['feed'] == 2);
}
/* server */
if ($filterType['server'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($attribute['Server'])) { // `include only`
$include = $include && ($filterType['server'] == 1);
} else { // `exclude`
$include = $include && ($filterType['server'] == 2);
}
/* TypeGroupings */
if (
$filterType['attributeFilter'] != 'all'
&& isset($this->Attribute->typeGroupings[$filterType['attributeFilter']])
&& !in_array($proposal['type'], $this->Attribute->typeGroupings[$filterType['attributeFilter']])
) {
$include = false;
}
$proposal = $this->__prepareGenericForView($proposal, $eventWarnings, $warningLists);
/* warning */

6
app/Model/MispObject.php
View File

@ -931,7 +931,7 @@ class MispObject extends AppModel
return $this->id;
}
public function captureObject($object, $eventId, $user, $log = false)
public function captureObject($object, $eventId, $user, $log = false, $unpublish = true)
{
$this->create();
if (!isset($object['Object'])) {
@ -945,7 +945,9 @@ class MispObject extends AppModel
}
$object['Object']['event_id'] = $eventId;
if ($this->save($object)) {
$this->Event->unpublishEvent($eventId);
if ($unpublish) {
$this->Event->unpublishEvent($eventId);
}
$objectId = $this->id;
$partialFails = array();
if (!empty($object['Object']['Attribute'])) {

19
app/View/ShadowAttributes/ajax/attributeEditCategoryForm.ctp
View File

@ -1,19 +0,0 @@
<?php
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_category_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
<?php
echo $this->Form->input('category', array(
'options' => array(array_combine($typeCategory[$object['type']], $typeCategory[$object['type']])),
'label' => false,
'selected' => $object['category'],
'error' => array('escape' => false),
'class' => 'inline-input',
'id' => 'ShadowAttribute_' . $object['id'] . '_category_field',
'div' => false
));
echo $this->Form->end();
?>
</div>

22
app/View/ShadowAttributes/ajax/attributeEditCommentForm.ctp
View File

@ -1,22 +0,0 @@
<?php
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_comment_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
<?php
echo $this->Form->input('comment', array(
'type' => 'textarea',
'label' => false,
'value' => $object['comment'],
'error' => array('escape' => false),
'class' => 'inline-input',
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_comment_field',
'div' => false
));
echo $this->Form->end();
?>
</div>
<?php
echo $this->Form->end();
?>

20
app/View/ShadowAttributes/ajax/attributeEditTo_idsForm.ctp
View File

@ -1,20 +0,0 @@
<?php
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute' . '_' . $object['id'] . '_to_ids_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
<?php
$current = 0;
if ($object['to_ids']) $current = 1;
echo $this->Form->input('to_ids', array(
'options' => array(0 => 'No', 1 => 'Yes'),
'label' => false,
'selected' => $current,
'class' => 'inline-input',
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_to_ids_field',
'div' => false
));
echo $this->Form->end();
?>
</div>

19
app/View/ShadowAttributes/ajax/attributeEditTypeForm.ctp
View File

@ -1,19 +0,0 @@
<?php
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_type_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
<?php
echo $this->Form->input('type', array(
'options' => array(array_combine($categoryDefinitions[$object['category']]['types'], $categoryDefinitions[$object['category']]['types'])),
'label' => false,
'selected' => $object['type'],
'error' => array('escape' => false),
'class' => 'inline-input',
'id' => 'ShadowAttribute_' . $object['id'] . '_type_field',
'div' => false
));
echo $this->Form->end();
?>
</div>

21
app/View/ShadowAttributes/ajax/attributeEditValueForm.ctp
View File

@ -1,21 +0,0 @@
<?php
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_value_form', 'url' => '/shadow_attributes/editField/' . $object['id'], 'default' => false));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
<?php
echo $this->Form->input('value', array(
'type' => 'textarea',
'label' => false,
'value' => $object['value'],
'error' => array('escape' => false),
'class' => 'inline-input',
'id' => 'ShadowAttribute_' . $object['id'] . '_value_field',
'div' => false
));
?>
</div>
<?php
echo $this->Form->end();
?>

132
app/View/ShadowAttributes/edit.ctp
View File

@ -1,132 +0,0 @@
<div class="shadow_attributes <?php if (!isset($ajax) || !$ajax) echo 'form';?>">
<?php echo $this->Form->create('ShadowAttribute');?>
<fieldset>
<legend><?php echo __('Add Proposal'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('category', array(
'empty' => __('(choose one)'),
'div' => 'input',
'label' => __('Category ') . $this->element('formInfo', array('type' => 'category')),
));
$typeInputData = array(
'empty' => __('(first choose category)'),
'label' => __('Type ') . $this->element('formInfo', array('type' => 'type')),
);
if ($objectAttribute) {
$typeInputData[] = 'disabled';
}
if (!$attachment) {
echo $this->Form->input('type', $typeInputData);
}
?>
<div class="input clear"></div>
<?php
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
'class' => 'input-xxlarge clear'
));
echo $this->Form->input('comment', array(
'type' => 'text',
'label' => __('Contextual Comment'),
'error' => array('escape' => false),
'div' => 'input clear',
'class' => 'input-xxlarge'
));
?>
<div class="input clear"></div>
<?php
echo $this->Form->input('to_ids', array(
'label' => __('IDS Signature?'),
));
echo $this->Form->input('first_seen', array(
'type' => 'text',
'div' => 'input hidden',
'required' => false,
));
echo $this->Form->input('last_seen', array(
'type' => 'text',
'div' => 'input hidden',
'required' => false,
));
?>
<div id="bothSeenSliderContainer"></div>
</fieldset>
<p style="color:red;font-weight:bold;display:none;<?php if (isset($ajax) && $ajax) echo "text-align:center;"?>" id="warning-message"><?php echo __('Warning: You are about to share data that is of a sensitive nature (Attribution / targeting data). Make sure that you are authorised to share this.');?></p>
<?php if (isset($ajax) && $ajax): ?>
<div class="overlay_spacing">
<table>
<tr>
<td style="vertical-align:top">
<span role="button" tabindex="0" aria-label="<?php echo __('Propose');?>" title="<?php echo __('Propose');?>" id="submitButton" class="btn btn-primary" onClick="submitPopoverForm('<?php echo $event_id;?>', 'propose')"><?php echo __('Propose');?></span>
</td>
<td style="width:540px;">
<p style="color:red;font-weight:bold;display:none;<?php if (isset($ajax) && $ajax) echo "text-align:center;"?>" id="warning-message"><?php echo __('Warning: You are about to share data that is of a sensitive nature (Attribution / targeting data). Make sure that you are authorised to share this.');?></p>
</td>
<td style="vertical-align:top;">
<span class="btn btn-inverse" id="cancel_attribute_add"><?php echo __('Cancel');?></span>
</td>
</tr>
</table>
</div>
<?php
else:
echo $this->Form->button('Propose', array('class' => 'btn btn-primary'));
endif;
echo $this->Form->end();
?>
</div>
<?php
$event['Event']['id'] = $this->request->data['ShadowAttribute']['event_id'];
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'proposeAttribute', 'event' => $event));
echo $this->element('form_seen_input');
?>
<script type="text/javascript">
<?php
$formInfoTypes = array('category' => 'Category', 'type' => 'Type');
echo 'var formInfoFields = ' . json_encode($formInfoTypes) . PHP_EOL;
foreach ($formInfoTypes as $formInfoType => $humanisedName) {
echo 'var ' . $formInfoType . 'FormInfoValues = {' . PHP_EOL;
foreach ($info[$formInfoType] as $key => $formInfoData) {
echo '"' . $key . '": "<span class=\"blue bold\">' . h($formInfoData['key']) . '</span>: ' . h($formInfoData['desc']) . '<br />",' . PHP_EOL;
}
echo '}' . PHP_EOL;
}
?>
//
//Generate Category / Type filtering array
//
var category_type_mapping = new Array();
<?php
foreach ($categoryDefinitions as $category => $def) {
echo "category_type_mapping['" . addslashes($category) . "'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false;
else echo ', ';
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
}
echo "}; \n";
}
?>
$(document).ready(function() {
initPopoverContent('ShadowAttribute');
$("#ShadowAttributeCategory").on('change', function(e) {
formCategoryChanged('ShadowAttribute');
if ($(this).val() === 'Attribution' || $(this).val() === 'Targeting data') {
$("#warning-message").show();
} else {
$("#warning-message").hide();
}
});
$("#ShadowAttributeCategory, #ShadowAttributeType").change(function() {
initPopoverContent('ShadowAttribute');
});
});
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

24
app/View/ShadowAttributes/json/get_proposals_by_uuid.ctp
View File

@ -1,24 +0,0 @@
<?php
$xmlArray = array();
//
// cleanup the array from things we do not want to expose
//
$jsonArray['ShadowAttribute'] = array();
foreach ($proposal as &$temp) {
unset($temp['ShadowAttribute']['email']);
unset($temp['ShadowAttribute']['value1']);
unset($temp['ShadowAttribute']['value2']);
$temp['ShadowAttribute']['Org'] = $temp['Org'];
$temp['ShadowAttribute']['EventOrg'] = $temp['EventOrg'];
// hide the org field is we are not in showorg mode
unset($temp['ShadowAttribute']['org_id']);
unset($temp['ShadowAttribute']['org']);
unset($temp['ShadowAttribute']['event_org_id']);
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($temp['ShadowAttribute']['Org']);
unset($temp['ShadowAttribute']['EventOrg']);
}
$jsonArray['ShadowAttribute'][] = $temp['ShadowAttribute'];
}
echo json_encode($jsonArray);

17
app/View/ShadowAttributes/json/get_proposals_by_uuid_list.ctp
View File

@ -1,17 +0,0 @@
<?php
foreach ($result as &$temp) {
unset($temp['ShadowAttribute']['id']);
unset($temp['ShadowAttribute']['email']);
unset($temp['ShadowAttribute']['value1']);
unset($temp['ShadowAttribute']['value2']);
$temp['ShadowAttribute']['Org'] = $temp['Org'];
$temp['ShadowAttribute']['EventOrg'] = $temp['EventOrg'];
// hide the org field is we are not in showorg mode
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($temp['ShadowAttribute']['Org']);
unset($temp['ShadowAttribute']['EventOrg']);
}
$temp = array('ShadowAttribute' => $temp['ShadowAttribute']);
}
echo json_encode($result);

32
app/View/ShadowAttributes/xml/get_proposals_by_uuid.ctp
View File

@ -1,32 +0,0 @@
<?php
$xmlArray = array();
//
// cleanup the array from things we do not want to expose
//
if (isset($proposal['ShadowAttribute']['id'])) {
$temp = $proposal['ShadowAttribute'];
unset($proposal['ShadowAttribute']);
$proposal['ShadowAttribute'][0] = $temp;
unset($temp);
}
$xmlArray['response']['ShadowAttribute'] = array();
foreach ($proposal as &$temp) {
unset($temp['ShadowAttribute']['email']);
unset($temp['ShadowAttribute']['value1']);
unset($temp['ShadowAttribute']['value2']);
$temp['ShadowAttribute']['Org'] = $temp['Org'];
$temp['ShadowAttribute']['EventOrg'] = $temp['EventOrg'];
// hide the org field is we are not in showorg mode
unset($temp['ShadowAttribute']['org_id']);
unset($temp['ShadowAttribute']['org']);
unset($temp['ShadowAttribute']['event_org_id']);
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($temp['ShadowAttribute']['Org']);
unset($temp['ShadowAttribute']['EventOrg']);
}
$xmlArray['response']['ShadowAttribute'][] = $temp['ShadowAttribute'];
}
// display the XML to the user
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
echo $xmlObject->asXML();

33
app/files/scripts/stix2/misp2stix2.py
View File

@ -410,6 +410,9 @@ class StixBuilder():
custom_object_id = "x-misp-object-{}--{}".format(attribute_type, attribute['uuid'])
custom_object_type = "x-misp-object-{}".format(attribute_type)
labels, markings = self.create_labels(attribute)
stix_labels = ListProperty(StringProperty)
stix_labels.clean(labels)
stix_markings = ListProperty(StringProperty)
timestamp = self.get_datetime_from_timestamp(attribute['timestamp'])
custom_object_args = {'id': custom_object_id, 'x_misp_category': attribute['category'],
'created': timestamp, 'modified': timestamp, 'labels': labels,
@ -419,15 +422,16 @@ class StixBuilder():
if markings:
markings = self.handle_tags(markings)
custom_object_args['object_marking_refs'] = markings
stix_markings.clean(markings)
if custom_object_type not in self.custom_objects:
@CustomObject(custom_object_type, [
('id', StringProperty(required=True)),
('labels', ListProperty(labels, required=True)),
('labels', ListProperty(stix_labels, required=True)),
('x_misp_value', StringProperty(required=True)),
('created', TimestampProperty(required=True, precision='millisecond')),
('modified', TimestampProperty(required=True, precision='millisecond')),
('created_by_ref', StringProperty(required=True)),
('object_marking_refs', ListProperty(markings)),
('object_marking_refs', ListProperty(stix_markings)),
('x_misp_comment', StringProperty()),
('x_misp_category', StringProperty())
])
@ -550,7 +554,14 @@ class StixBuilder():
custom_object_id = 'x-misp-object-{}--{}'.format(name, misp_object['uuid'])
custom_object_type = 'x-misp-object-{}'.format(name)
category = misp_object.get('meta-category')
labels = self.create_object_labels(name, category, to_ids)
labels = [
f'misp:type="{name}"',
f'misp:category="{category}"',
f'misp:to_ids="{to_ids}"',
'from_object'
]
stix_labels = ListProperty(StringProperty)
stix_labels.clean(labels)
values = self.fetch_custom_values(misp_object['Attribute'], custom_object_id)
timestamp = self.get_datetime_from_timestamp(misp_object['timestamp'])
custom_object_args = {'id': custom_object_id, 'x_misp_values': values,
@ -561,7 +572,7 @@ class StixBuilder():
if custom_object_type not in self.custom_objects:
@CustomObject(custom_object_type, [
('id', StringProperty(required=True)),
('labels', ListProperty(labels, required=True)),
('labels', ListProperty(stix_labels, required=True)),
('x_misp_values', DictionaryProperty(required=True)),
('created', TimestampProperty(required=True, precision='millisecond')),
('modified', TimestampProperty(required=True, precision='millisecond')),
@ -666,9 +677,7 @@ class StixBuilder():
@staticmethod
def create_labels(attribute):
labels = ['misp:type="{}"'.format(attribute['type']),
'misp:category="{}"'.format(attribute['category']),
'misp:to_ids="{}"'.format(attribute['to_ids'])]
labels = [f'misp:{feature}="{attribute[feature]}"' for feature in ('type', 'category', 'to_ids')]
markings = []
if attribute.get('Tag'):
for tag in attribute['Tag']:
@ -678,10 +687,12 @@ class StixBuilder():
@staticmethod
def create_object_labels(name, category, to_ids):
return ['misp:type="{}"'.format(name),
'misp:category="{}"'.format(category),
'misp:to_ids="{}"'.format(to_ids),
'from_object']
return [
f'misp:type="{name}"',
f'misp:category="{category}"',
f'misp:to_ids="{to_ids}"',
'from_object'
]
def create_marking(self, tag):
if tag in misp2stix2_mapping.tlp_markings:

50
app/files/scripts/stix2/stix2misp.py
View File

@ -116,14 +116,20 @@ class StixParser():
## PARSING FUNCTIONS USED BY BOTH SUBCLASSES. ##
################################################################################
def create_attribute_with_tag(self, attribute_dict, marking_refs):
attribute = MISPAttribute()
attribute.from_dict(**attribute_dict)
try:
self.marking_refs[attribute.uuid] = (marking.split('--')[1] for marking in marking_refs)
except AttributeError:
self.marking_refs = {attribute.uuid: (marking.split('--')[1] for marking in marking_refs)}
return attribute
def handle_markings(self):
if hasattr(self, 'marking_refs'):
for attribute in self.misp_event.attributes:
if attribute.uuid in self.marking_refs:
for marking_uuid in self.marking_refs[attribute.uuid]:
attribute.add_tag(self.marking_definition[marking_uuid]['object'])
self.marking_definition[marking_uuid]['used'] = True
if self.marking_definition:
for marking_definition in self.marking_definition.values():
if not marking_definition['used']:
self.tags.add(marking_definition['object'])
if self.tags:
for tag in self.tags:
self.misp_event.add_tag(tag)
@staticmethod
def _parse_email_body(body, references):
@ -338,6 +344,12 @@ class StixParser():
def _standard_test_filter(value, main_type):
return isinstance(value, getattr(stix2, main_type))
def update_marking_refs(self, attribute_uuid, marking_refs):
try:
self.marking_refs[attribute_uuid] = tuple(marking.split('--')[1] for marking in marking_refs)
except AttributeError:
self.marking_refs = {attribute_uuid: tuple(marking.split('--')[1] for marking in marking_refs)}
class StixFromMISPParser(StixParser):
def __init__(self):
@ -361,13 +373,7 @@ class StixFromMISPParser(StixParser):
self.parse_galaxies()
if hasattr(self, 'report'):
self.parse_report()
if self.marking_definition:
for marking_definition in self.marking_definition.values():
if not marking_definition['used']:
self.tags.add(marking_definition['object'])
if self.tags:
for tag in self.tags:
self.misp_event.add_tag(tag)
self.handle_markings()
def _parse_custom(self, custom):
if 'from_object' in custom['labels']:
@ -451,7 +457,7 @@ class StixFromMISPParser(StixParser):
'category': self.get_misp_category(custom['labels']),
'uuid': custom['id'].split('--')[1]}
if custom.get('object_marking_refs'):
attribute = self.create_attribute_with_tag(attribute, custom['object_marking_refs'])
self.update_marking_refs(attribute['uuid'], custom['object_marking_refs'])
self.misp_event.add_attribute(**attribute)
def parse_custom_object(self, custom):
@ -494,8 +500,6 @@ class StixFromMISPParser(StixParser):
attribute.update({feature: value for feature, value in zip(('value', 'data'), (value, io.BytesIO(data.encode())))})
else:
attribute['value'] = self.parse_attribute_pattern(pattern)
if hasattr(indicator, 'object_marking_refs'):
attribute = self.create_attribute_with_tag(attribute, indicator.object_marking_refs)
self.misp_event.add_attribute(**attribute)
def parse_indicator_object(self, indicator):
@ -522,8 +526,6 @@ class StixFromMISPParser(StixParser):
value, data = value
attribute['data'] = data
attribute['value'] = value
if hasattr(observable, 'object_marking_refs'):
attribute = self.create_attribute_with_tag(attribute, observable.object_marking_refs)
self.misp_event.add_attribute(**attribute)
def parse_observable_object(self, observable):
@ -1110,6 +1112,8 @@ class StixFromMISPParser(StixParser):
if tags:
attribute['Tag'] = tags
attribute.update(self.parse_timeline(stix_object))
if hasattr(stix_object, 'object_marking_refs'):
self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs)
return attribute
def create_misp_object(self, stix_object):
@ -1197,9 +1201,7 @@ class ExternalStixParser(StixParser):
self.parse_report()
else:
self.misp_event.info = 'Imported with the STIX to MISP import script.'
if self.tags:
for tag in self.tags:
self.misp_event.add_tag(tag)
self.handle_markings()
def parse_galaxy(self, galaxy):
if galaxy.name in self._synonyms_to_tag_names:
@ -1990,6 +1992,8 @@ class ExternalStixParser(StixParser):
attribute.update(self.parse_timeline(stix_object))
if isinstance(stix_object, stix2.Indicator):
attribute['to_ids'] = True
if hasattr(stix_object, 'object_marking_refs'):
self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs)
self.misp_event.add_attribute(**attribute)
except IndexError:
object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects'

8
app/webroot/js/misp.js
View File

@ -480,9 +480,7 @@ function activateField(type, id, field, event) {
if (type == 'denyForm') return;
var objectType = 'attributes';
var containerName = 'Attribute';
if (type == 'ShadowAttribute') {
objectType = 'shadow_attributes';
} else if (type == 'Object') {
if (type == 'Object') {
objectType = 'objects';
containerName = 'Object';
}
@ -623,9 +621,7 @@ function submitForm(type, id, field, context) {
var object_type = 'attributes';
var action = "editField";
var name = '#' + type + '_' + id + '_' + field;
if (type == 'ShadowAttribute') {
object_type = 'shadow_attributes';
} else if (type == 'Object') {
if (type == 'Object') {
object_type = 'objects';
}
$.ajax({