mirror of https://github.com/MISP/MISP
Merge remote-tracking branch 'origin/2.4' into fix-sg-creation
commit
8119dc70b4
|
@ -305,7 +305,7 @@ class AttributesController extends AppController
|
|||
// combobox for categories
|
||||
$categories = array_keys($this->Attribute->categoryDefinitions);
|
||||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
$this->set('categories', compact('categories'));
|
||||
$this->set('categories', $categories);
|
||||
$this->loadModel('Event');
|
||||
$events = $this->Event->findById($eventId);
|
||||
$this->set('event_id', $events['Event']['id']);
|
||||
|
@ -2243,7 +2243,7 @@ class AttributesController extends AppController
|
|||
// combobox for categories
|
||||
$categories = array_keys($this->Attribute->categoryDefinitions);
|
||||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
$this->set('categories', compact('categories'));
|
||||
$this->set('categories', $categories);
|
||||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
|
|
|
@ -437,11 +437,7 @@ class ACLComponent extends Component
|
|||
'discardSelected' => array('perm_add'),
|
||||
'download' => array('*'),
|
||||
'edit' => array('perm_add'),
|
||||
'editField' => array('perm_add'),
|
||||
'fetchEditForm' => array('perm_add'),
|
||||
'generateCorrelation' => array(),
|
||||
'getProposalsByUuid' => array('perm_sync'),
|
||||
'getProposalsByUuidList' => array('perm_sync'),
|
||||
'index' => array('*'),
|
||||
'view' => array('*'),
|
||||
),
|
||||
|
|
|
@ -456,7 +456,7 @@ class ShadowAttributesController extends AppController
|
|||
// combobox for categories
|
||||
$categories = array_keys($this->ShadowAttribute->Event->Attribute->categoryDefinitions);
|
||||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
$this->set('categories', compact('categories'));
|
||||
$this->set('categories', $categories);
|
||||
foreach ($this->ShadowAttribute->Event->Attribute->categoryDefinitions as $key => $value) {
|
||||
$info['category'][$key] = array('key' => $key, 'desc' => isset($value['formdesc'])? $value['formdesc'] : $value['desc']);
|
||||
}
|
||||
|
@ -1003,154 +1003,6 @@ class ShadowAttributesController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
// takes a uuid and finds all proposals that belong to an event with the given uuid. These are then returned.
|
||||
public function getProposalsByUuid($uuid)
|
||||
{
|
||||
if (!$this->_isRest() || !$this->userRole['perm_sync']) {
|
||||
throw new MethodNotAllowedException(__('This feature is only available using the API to Sync users'));
|
||||
}
|
||||
if (strlen($uuid) != 36) {
|
||||
throw new NotFoundException(__('Invalid UUID'));
|
||||
}
|
||||
$temp = $this->ShadowAttribute->find('all', array(
|
||||
'conditions' => array('event_uuid' => $uuid),
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Org' => array('fields' => array('uuid', 'name')),
|
||||
'EventOrg' => array('fields' => array('uuid', 'name')),
|
||||
)
|
||||
));
|
||||
foreach ($temp as $key => $t) {
|
||||
if ($this->ShadowAttribute->typeIsAttachment($t['ShadowAttribute']['type'])) {
|
||||
$temp[$key]['ShadowAttribute']['data'] = $this->ShadowAttribute->base64EncodeAttachment($t['ShadowAttribute']);
|
||||
}
|
||||
}
|
||||
if ($temp == null) {
|
||||
$this->response->statusCode(404);
|
||||
$this->set('name', 'No proposals found.');
|
||||
$this->set('message', 'No proposals found');
|
||||
$this->set('errors', 'No proposals found');
|
||||
$this->set('url', '/shadow_attributes/getProposalsByUuid/' . $uuid);
|
||||
$this->set('_serialize', array('name', 'message', 'url', 'errors'));
|
||||
$this->response->send();
|
||||
return false;
|
||||
} else {
|
||||
$this->set('proposal', $temp);
|
||||
$this->render('get_proposals_by_uuid');
|
||||
}
|
||||
}
|
||||
|
||||
// deprecated function, returns empty array - proposal sync on more modern versions (>=2.4.111) happens via the shadow_attributes/index endpoint
|
||||
public function getProposalsByUuidList()
|
||||
{
|
||||
return $this->RestResponse->viewData(array());
|
||||
}
|
||||
|
||||
public function fetchEditForm($id, $field = null)
|
||||
{
|
||||
$validFields = array('value', 'comment', 'type', 'category', 'to_ids');
|
||||
if (!isset($field) || !in_array($field, $validFields)) {
|
||||
throw new MethodNotAllowedException(__('Invalid field requested.'));
|
||||
}
|
||||
$this->loadModel('Attribute');
|
||||
$this->Attribute->id = $id;
|
||||
if (!$this->Attribute->exists()) {
|
||||
throw new NotFoundException(__('Invalid attribute'));
|
||||
}
|
||||
|
||||
$fields = array('id', 'distribution', 'event_id');
|
||||
if ($field == 'category' || $field == 'type') {
|
||||
$fields[] = 'type';
|
||||
$fields[] = 'category';
|
||||
} else {
|
||||
$fields[] = $field;
|
||||
}
|
||||
$attribute = $this->Attribute->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('Attribute.id' => $id),
|
||||
'fields' => $fields,
|
||||
'contain' => array(
|
||||
'Event' => array(
|
||||
'fields' => array('distribution', 'id', 'user_id', 'orgc_id', 'org_id'),
|
||||
)
|
||||
)
|
||||
));
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($attribute['Event']['orgc_id'] != $this->Auth->user('org_id') && ($attribute['Event']['org_id'] == $this->Auth->user('org_id') || $attribute['Event']['distribution'] > 0)) {
|
||||
// Allow the edit
|
||||
} else {
|
||||
throw new NotFoundException(__('Invalid attribute'));
|
||||
}
|
||||
}
|
||||
$this->layout = 'ajax';
|
||||
if ($field == 'distribution') {
|
||||
$this->set('distributionLevels', $this->Attribute->distributionLevels);
|
||||
}
|
||||
if ($field == 'category') {
|
||||
$typeCategory = array();
|
||||
foreach ($this->Attribute->categoryDefinitions as $k => $category) {
|
||||
foreach ($category['types'] as $type) {
|
||||
$typeCategory[$type][] = $k;
|
||||
}
|
||||
}
|
||||
$this->set('typeCategory', $typeCategory);
|
||||
}
|
||||
if ($field == 'type') {
|
||||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
}
|
||||
$this->set('object', $attribute['Attribute']);
|
||||
$fieldURL = ucfirst($field);
|
||||
$this->render('ajax/attributeEdit' . $fieldURL . 'Form');
|
||||
}
|
||||
|
||||
// ajax edit - post a single edited field and this method will attempt to create a proposal and return a json with the validation errors if they occur.
|
||||
public function editField($id)
|
||||
{
|
||||
if ((!$this->request->is('post') && !$this->request->is('put')) || !$this->request->is('ajax')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
$this->loadModel('Attribute');
|
||||
$this->Attribute->id = $id;
|
||||
if (!$this->Attribute->exists()) {
|
||||
throw new NotFoundException(__('Invalid attribute'));
|
||||
}
|
||||
$this->Attribute->recursive = -1;
|
||||
$this->Attribute->contain('Event');
|
||||
$attribute = $this->Attribute->read();
|
||||
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($attribute['Event']['orgc_id'] != $this->Auth->user('org_id') && ($attribute['Event']['org_id'] == $this->Auth->user('org_id') || $attribute['Event']['distribution'] > 0)) {
|
||||
// Allow the edit
|
||||
} else {
|
||||
throw new NotFoundException(__('Invalid attribute'));
|
||||
}
|
||||
}
|
||||
|
||||
$keys = array_flip(array('uuid', 'event_id', 'value', 'type', 'category', 'to_ids', 'first_seen', 'last_seen'));
|
||||
|
||||
$proposal = array_intersect_key($attribute['Attribute'], $keys);
|
||||
$proposal['email'] = $this->Auth->user('email');
|
||||
$proposal['org_id'] = $this->Auth->user('org_id');
|
||||
$proposal['event_uuid'] = $attribute['Event']['uuid'];
|
||||
$proposal['event_org_id'] = $attribute['Event']['orgc_id'];
|
||||
$proposal['old_id'] = $attribute['Attribute']['id'];
|
||||
foreach ($this->request->data['ShadowAttribute'] as $changedKey => $changedField) {
|
||||
if ($proposal[$changedKey] == $changedField) {
|
||||
$this->autoRender = false;
|
||||
return new CakeResponse(array('body'=> json_encode('nochange'), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
$proposal[$changedKey] = $changedField;
|
||||
}
|
||||
|
||||
if ($this->ShadowAttribute->save($proposal)) {
|
||||
$this->autoRender = false;
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true)), 'status'=>200, 'type' => 'json'));
|
||||
} else {
|
||||
$this->autoRender = false;
|
||||
return new CakeResponse(array('body'=> json_encode(array('fail' => false, 'errors' => $this->ShadowAttribute->validationErrors)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
|
||||
public function discardSelected($id)
|
||||
{
|
||||
if (!$this->request->is('post') || !$this->request->is('ajax')) {
|
||||
|
|
|
@ -1524,20 +1524,6 @@ class Event extends AppModel
|
|||
return $this->delete($id, false);
|
||||
}
|
||||
|
||||
public function downloadProposalsFromServer($uuidList, $server, $HttpSocket = null)
|
||||
{
|
||||
$url = $server['Server']['url'];
|
||||
$HttpSocket = $this->setupHttpSocket($server, $HttpSocket);
|
||||
$request = $this->setupSyncRequest($server);
|
||||
$uri = $url . '/shadow_attributes/getProposalsByUuidList';
|
||||
$response = $HttpSocket->post($uri, json_encode($uuidList), $request);
|
||||
if ($response->isOk()) {
|
||||
return(json_decode($response->body, true));
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public function createEventConditions($user)
|
||||
{
|
||||
$conditions = array();
|
||||
|
@ -3691,7 +3677,7 @@ class Event extends AppModel
|
|||
$referencesToCapture = array();
|
||||
if (!empty($data['Event']['Object'])) {
|
||||
foreach ($data['Event']['Object'] as $object) {
|
||||
$result = $this->Object->captureObject($object, $this->id, $user, $this->Log);
|
||||
$result = $this->Object->captureObject($object, $this->id, $user, $this->Log, false);
|
||||
}
|
||||
foreach ($data['Event']['Object'] as $object) {
|
||||
if (isset($object['ObjectReference'])) {
|
||||
|
@ -4802,6 +4788,8 @@ class Event extends AppModel
|
|||
$proposal['objectType'] = 'proposal';
|
||||
}
|
||||
|
||||
$include = true;
|
||||
if ($filterType) {
|
||||
$include = $filterType['proposal'] != 2;
|
||||
|
||||
/* correlation */
|
||||
|
@ -4839,6 +4827,8 @@ class Event extends AppModel
|
|||
) {
|
||||
$include = false;
|
||||
}
|
||||
}
|
||||
|
||||
$proposal = $this->__prepareGenericForView($proposal, $eventWarnings, $warningLists);
|
||||
|
||||
/* warning */
|
||||
|
|
|
@ -931,7 +931,7 @@ class MispObject extends AppModel
|
|||
return $this->id;
|
||||
}
|
||||
|
||||
public function captureObject($object, $eventId, $user, $log = false)
|
||||
public function captureObject($object, $eventId, $user, $log = false, $unpublish = true)
|
||||
{
|
||||
$this->create();
|
||||
if (!isset($object['Object'])) {
|
||||
|
@ -945,7 +945,9 @@ class MispObject extends AppModel
|
|||
}
|
||||
$object['Object']['event_id'] = $eventId;
|
||||
if ($this->save($object)) {
|
||||
if ($unpublish) {
|
||||
$this->Event->unpublishEvent($eventId);
|
||||
}
|
||||
$objectId = $this->id;
|
||||
$partialFails = array();
|
||||
if (!empty($object['Object']['Attribute'])) {
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
<?php
|
||||
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_category_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
|
||||
?>
|
||||
<div class='inline-input inline-input-container'>
|
||||
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
|
||||
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
|
||||
<?php
|
||||
echo $this->Form->input('category', array(
|
||||
'options' => array(array_combine($typeCategory[$object['type']], $typeCategory[$object['type']])),
|
||||
'label' => false,
|
||||
'selected' => $object['category'],
|
||||
'error' => array('escape' => false),
|
||||
'class' => 'inline-input',
|
||||
'id' => 'ShadowAttribute_' . $object['id'] . '_category_field',
|
||||
'div' => false
|
||||
));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
|
@ -1,22 +0,0 @@
|
|||
<?php
|
||||
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_comment_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
|
||||
?>
|
||||
<div class='inline-input inline-input-container'>
|
||||
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
|
||||
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
|
||||
<?php
|
||||
echo $this->Form->input('comment', array(
|
||||
'type' => 'textarea',
|
||||
'label' => false,
|
||||
'value' => $object['comment'],
|
||||
'error' => array('escape' => false),
|
||||
'class' => 'inline-input',
|
||||
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_comment_field',
|
||||
'div' => false
|
||||
));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
?>
|
|
@ -1,20 +0,0 @@
|
|||
<?php
|
||||
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute' . '_' . $object['id'] . '_to_ids_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
|
||||
?>
|
||||
<div class='inline-input inline-input-container'>
|
||||
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
|
||||
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
|
||||
<?php
|
||||
$current = 0;
|
||||
if ($object['to_ids']) $current = 1;
|
||||
echo $this->Form->input('to_ids', array(
|
||||
'options' => array(0 => 'No', 1 => 'Yes'),
|
||||
'label' => false,
|
||||
'selected' => $current,
|
||||
'class' => 'inline-input',
|
||||
'id' => 'ShadowAttribute' . '_' . $object['id'] . '_to_ids_field',
|
||||
'div' => false
|
||||
));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
|
@ -1,19 +0,0 @@
|
|||
<?php
|
||||
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_type_form', 'url' => '/shadow_attributes/editField/' . $object['id']));
|
||||
?>
|
||||
<div class='inline-input inline-input-container'>
|
||||
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
|
||||
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
|
||||
<?php
|
||||
echo $this->Form->input('type', array(
|
||||
'options' => array(array_combine($categoryDefinitions[$object['category']]['types'], $categoryDefinitions[$object['category']]['types'])),
|
||||
'label' => false,
|
||||
'selected' => $object['type'],
|
||||
'error' => array('escape' => false),
|
||||
'class' => 'inline-input',
|
||||
'id' => 'ShadowAttribute_' . $object['id'] . '_type_field',
|
||||
'div' => false
|
||||
));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
|
@ -1,21 +0,0 @@
|
|||
<?php
|
||||
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-form inline-field-form', 'id' => 'ShadowAttribute_' . $object['id'] . '_value_form', 'url' => '/shadow_attributes/editField/' . $object['id'], 'default' => false));
|
||||
?>
|
||||
<div class='inline-input inline-input-container'>
|
||||
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" title="<?php echo __('Accept');?>" role="button" tabindex="0" aria-label="<?php echo __('Accept');?>"></span></div>
|
||||
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" title="<?php echo __('Discard');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard');?>"></span></div>
|
||||
<?php
|
||||
echo $this->Form->input('value', array(
|
||||
'type' => 'textarea',
|
||||
'label' => false,
|
||||
'value' => $object['value'],
|
||||
'error' => array('escape' => false),
|
||||
'class' => 'inline-input',
|
||||
'id' => 'ShadowAttribute_' . $object['id'] . '_value_field',
|
||||
'div' => false
|
||||
));
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
?>
|
|
@ -1,132 +0,0 @@
|
|||
<div class="shadow_attributes <?php if (!isset($ajax) || !$ajax) echo 'form';?>">
|
||||
<?php echo $this->Form->create('ShadowAttribute');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Add Proposal'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('id');
|
||||
echo $this->Form->input('category', array(
|
||||
'empty' => __('(choose one)'),
|
||||
'div' => 'input',
|
||||
'label' => __('Category ') . $this->element('formInfo', array('type' => 'category')),
|
||||
));
|
||||
$typeInputData = array(
|
||||
'empty' => __('(first choose category)'),
|
||||
'label' => __('Type ') . $this->element('formInfo', array('type' => 'type')),
|
||||
);
|
||||
if ($objectAttribute) {
|
||||
$typeInputData[] = 'disabled';
|
||||
}
|
||||
if (!$attachment) {
|
||||
echo $this->Form->input('type', $typeInputData);
|
||||
}
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('value', array(
|
||||
'type' => 'textarea',
|
||||
'error' => array('escape' => false),
|
||||
'class' => 'input-xxlarge clear'
|
||||
));
|
||||
echo $this->Form->input('comment', array(
|
||||
'type' => 'text',
|
||||
'label' => __('Contextual Comment'),
|
||||
'error' => array('escape' => false),
|
||||
'div' => 'input clear',
|
||||
'class' => 'input-xxlarge'
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('to_ids', array(
|
||||
'label' => __('IDS Signature?'),
|
||||
));
|
||||
echo $this->Form->input('first_seen', array(
|
||||
'type' => 'text',
|
||||
'div' => 'input hidden',
|
||||
'required' => false,
|
||||
));
|
||||
echo $this->Form->input('last_seen', array(
|
||||
'type' => 'text',
|
||||
'div' => 'input hidden',
|
||||
'required' => false,
|
||||
));
|
||||
?>
|
||||
<div id="bothSeenSliderContainer"></div>
|
||||
</fieldset>
|
||||
<p style="color:red;font-weight:bold;display:none;<?php if (isset($ajax) && $ajax) echo "text-align:center;"?>" id="warning-message"><?php echo __('Warning: You are about to share data that is of a sensitive nature (Attribution / targeting data). Make sure that you are authorised to share this.');?></p>
|
||||
<?php if (isset($ajax) && $ajax): ?>
|
||||
<div class="overlay_spacing">
|
||||
<table>
|
||||
<tr>
|
||||
<td style="vertical-align:top">
|
||||
<span role="button" tabindex="0" aria-label="<?php echo __('Propose');?>" title="<?php echo __('Propose');?>" id="submitButton" class="btn btn-primary" onClick="submitPopoverForm('<?php echo $event_id;?>', 'propose')"><?php echo __('Propose');?></span>
|
||||
</td>
|
||||
<td style="width:540px;">
|
||||
<p style="color:red;font-weight:bold;display:none;<?php if (isset($ajax) && $ajax) echo "text-align:center;"?>" id="warning-message"><?php echo __('Warning: You are about to share data that is of a sensitive nature (Attribution / targeting data). Make sure that you are authorised to share this.');?></p>
|
||||
</td>
|
||||
<td style="vertical-align:top;">
|
||||
<span class="btn btn-inverse" id="cancel_attribute_add"><?php echo __('Cancel');?></span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
else:
|
||||
echo $this->Form->button('Propose', array('class' => 'btn btn-primary'));
|
||||
endif;
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
$event['Event']['id'] = $this->request->data['ShadowAttribute']['event_id'];
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'proposeAttribute', 'event' => $event));
|
||||
|
||||
echo $this->element('form_seen_input');
|
||||
?>
|
||||
|
||||
<script type="text/javascript">
|
||||
<?php
|
||||
$formInfoTypes = array('category' => 'Category', 'type' => 'Type');
|
||||
echo 'var formInfoFields = ' . json_encode($formInfoTypes) . PHP_EOL;
|
||||
foreach ($formInfoTypes as $formInfoType => $humanisedName) {
|
||||
echo 'var ' . $formInfoType . 'FormInfoValues = {' . PHP_EOL;
|
||||
foreach ($info[$formInfoType] as $key => $formInfoData) {
|
||||
echo '"' . $key . '": "<span class=\"blue bold\">' . h($formInfoData['key']) . '</span>: ' . h($formInfoData['desc']) . '<br />",' . PHP_EOL;
|
||||
}
|
||||
echo '}' . PHP_EOL;
|
||||
}
|
||||
?>
|
||||
//
|
||||
//Generate Category / Type filtering array
|
||||
//
|
||||
var category_type_mapping = new Array();
|
||||
<?php
|
||||
foreach ($categoryDefinitions as $category => $def) {
|
||||
echo "category_type_mapping['" . addslashes($category) . "'] = {";
|
||||
$first = true;
|
||||
foreach ($def['types'] as $type) {
|
||||
if ($first) $first = false;
|
||||
else echo ', ';
|
||||
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
|
||||
}
|
||||
echo "}; \n";
|
||||
}
|
||||
?>
|
||||
|
||||
$(document).ready(function() {
|
||||
initPopoverContent('ShadowAttribute');
|
||||
$("#ShadowAttributeCategory").on('change', function(e) {
|
||||
formCategoryChanged('ShadowAttribute');
|
||||
if ($(this).val() === 'Attribution' || $(this).val() === 'Targeting data') {
|
||||
$("#warning-message").show();
|
||||
} else {
|
||||
$("#warning-message").hide();
|
||||
}
|
||||
});
|
||||
|
||||
$("#ShadowAttributeCategory, #ShadowAttributeType").change(function() {
|
||||
initPopoverContent('ShadowAttribute');
|
||||
});
|
||||
});
|
||||
</script>
|
||||
<?php echo $this->Js->writeBuffer(); // Write cached scripts
|
|
@ -1,24 +0,0 @@
|
|||
<?php
|
||||
$xmlArray = array();
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
$jsonArray['ShadowAttribute'] = array();
|
||||
foreach ($proposal as &$temp) {
|
||||
unset($temp['ShadowAttribute']['email']);
|
||||
unset($temp['ShadowAttribute']['value1']);
|
||||
unset($temp['ShadowAttribute']['value2']);
|
||||
$temp['ShadowAttribute']['Org'] = $temp['Org'];
|
||||
$temp['ShadowAttribute']['EventOrg'] = $temp['EventOrg'];
|
||||
// hide the org field is we are not in showorg mode
|
||||
unset($temp['ShadowAttribute']['org_id']);
|
||||
unset($temp['ShadowAttribute']['org']);
|
||||
unset($temp['ShadowAttribute']['event_org_id']);
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($temp['ShadowAttribute']['Org']);
|
||||
unset($temp['ShadowAttribute']['EventOrg']);
|
||||
}
|
||||
$jsonArray['ShadowAttribute'][] = $temp['ShadowAttribute'];
|
||||
}
|
||||
|
||||
echo json_encode($jsonArray);
|
|
@ -1,17 +0,0 @@
|
|||
<?php
|
||||
|
||||
foreach ($result as &$temp) {
|
||||
unset($temp['ShadowAttribute']['id']);
|
||||
unset($temp['ShadowAttribute']['email']);
|
||||
unset($temp['ShadowAttribute']['value1']);
|
||||
unset($temp['ShadowAttribute']['value2']);
|
||||
$temp['ShadowAttribute']['Org'] = $temp['Org'];
|
||||
$temp['ShadowAttribute']['EventOrg'] = $temp['EventOrg'];
|
||||
// hide the org field is we are not in showorg mode
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($temp['ShadowAttribute']['Org']);
|
||||
unset($temp['ShadowAttribute']['EventOrg']);
|
||||
}
|
||||
$temp = array('ShadowAttribute' => $temp['ShadowAttribute']);
|
||||
}
|
||||
echo json_encode($result);
|
|
@ -1,32 +0,0 @@
|
|||
<?php
|
||||
$xmlArray = array();
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
if (isset($proposal['ShadowAttribute']['id'])) {
|
||||
$temp = $proposal['ShadowAttribute'];
|
||||
unset($proposal['ShadowAttribute']);
|
||||
$proposal['ShadowAttribute'][0] = $temp;
|
||||
unset($temp);
|
||||
}
|
||||
$xmlArray['response']['ShadowAttribute'] = array();
|
||||
foreach ($proposal as &$temp) {
|
||||
unset($temp['ShadowAttribute']['email']);
|
||||
unset($temp['ShadowAttribute']['value1']);
|
||||
unset($temp['ShadowAttribute']['value2']);
|
||||
$temp['ShadowAttribute']['Org'] = $temp['Org'];
|
||||
$temp['ShadowAttribute']['EventOrg'] = $temp['EventOrg'];
|
||||
// hide the org field is we are not in showorg mode
|
||||
unset($temp['ShadowAttribute']['org_id']);
|
||||
unset($temp['ShadowAttribute']['org']);
|
||||
unset($temp['ShadowAttribute']['event_org_id']);
|
||||
if (!Configure::read('MISP.showorg') && !$isAdmin) {
|
||||
unset($temp['ShadowAttribute']['Org']);
|
||||
unset($temp['ShadowAttribute']['EventOrg']);
|
||||
}
|
||||
$xmlArray['response']['ShadowAttribute'][] = $temp['ShadowAttribute'];
|
||||
}
|
||||
|
||||
// display the XML to the user
|
||||
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
|
||||
echo $xmlObject->asXML();
|
|
@ -410,6 +410,9 @@ class StixBuilder():
|
|||
custom_object_id = "x-misp-object-{}--{}".format(attribute_type, attribute['uuid'])
|
||||
custom_object_type = "x-misp-object-{}".format(attribute_type)
|
||||
labels, markings = self.create_labels(attribute)
|
||||
stix_labels = ListProperty(StringProperty)
|
||||
stix_labels.clean(labels)
|
||||
stix_markings = ListProperty(StringProperty)
|
||||
timestamp = self.get_datetime_from_timestamp(attribute['timestamp'])
|
||||
custom_object_args = {'id': custom_object_id, 'x_misp_category': attribute['category'],
|
||||
'created': timestamp, 'modified': timestamp, 'labels': labels,
|
||||
|
@ -419,15 +422,16 @@ class StixBuilder():
|
|||
if markings:
|
||||
markings = self.handle_tags(markings)
|
||||
custom_object_args['object_marking_refs'] = markings
|
||||
stix_markings.clean(markings)
|
||||
if custom_object_type not in self.custom_objects:
|
||||
@CustomObject(custom_object_type, [
|
||||
('id', StringProperty(required=True)),
|
||||
('labels', ListProperty(labels, required=True)),
|
||||
('labels', ListProperty(stix_labels, required=True)),
|
||||
('x_misp_value', StringProperty(required=True)),
|
||||
('created', TimestampProperty(required=True, precision='millisecond')),
|
||||
('modified', TimestampProperty(required=True, precision='millisecond')),
|
||||
('created_by_ref', StringProperty(required=True)),
|
||||
('object_marking_refs', ListProperty(markings)),
|
||||
('object_marking_refs', ListProperty(stix_markings)),
|
||||
('x_misp_comment', StringProperty()),
|
||||
('x_misp_category', StringProperty())
|
||||
])
|
||||
|
@ -550,7 +554,14 @@ class StixBuilder():
|
|||
custom_object_id = 'x-misp-object-{}--{}'.format(name, misp_object['uuid'])
|
||||
custom_object_type = 'x-misp-object-{}'.format(name)
|
||||
category = misp_object.get('meta-category')
|
||||
labels = self.create_object_labels(name, category, to_ids)
|
||||
labels = [
|
||||
f'misp:type="{name}"',
|
||||
f'misp:category="{category}"',
|
||||
f'misp:to_ids="{to_ids}"',
|
||||
'from_object'
|
||||
]
|
||||
stix_labels = ListProperty(StringProperty)
|
||||
stix_labels.clean(labels)
|
||||
values = self.fetch_custom_values(misp_object['Attribute'], custom_object_id)
|
||||
timestamp = self.get_datetime_from_timestamp(misp_object['timestamp'])
|
||||
custom_object_args = {'id': custom_object_id, 'x_misp_values': values,
|
||||
|
@ -561,7 +572,7 @@ class StixBuilder():
|
|||
if custom_object_type not in self.custom_objects:
|
||||
@CustomObject(custom_object_type, [
|
||||
('id', StringProperty(required=True)),
|
||||
('labels', ListProperty(labels, required=True)),
|
||||
('labels', ListProperty(stix_labels, required=True)),
|
||||
('x_misp_values', DictionaryProperty(required=True)),
|
||||
('created', TimestampProperty(required=True, precision='millisecond')),
|
||||
('modified', TimestampProperty(required=True, precision='millisecond')),
|
||||
|
@ -666,9 +677,7 @@ class StixBuilder():
|
|||
|
||||
@staticmethod
|
||||
def create_labels(attribute):
|
||||
labels = ['misp:type="{}"'.format(attribute['type']),
|
||||
'misp:category="{}"'.format(attribute['category']),
|
||||
'misp:to_ids="{}"'.format(attribute['to_ids'])]
|
||||
labels = [f'misp:{feature}="{attribute[feature]}"' for feature in ('type', 'category', 'to_ids')]
|
||||
markings = []
|
||||
if attribute.get('Tag'):
|
||||
for tag in attribute['Tag']:
|
||||
|
@ -678,10 +687,12 @@ class StixBuilder():
|
|||
|
||||
@staticmethod
|
||||
def create_object_labels(name, category, to_ids):
|
||||
return ['misp:type="{}"'.format(name),
|
||||
'misp:category="{}"'.format(category),
|
||||
'misp:to_ids="{}"'.format(to_ids),
|
||||
'from_object']
|
||||
return [
|
||||
f'misp:type="{name}"',
|
||||
f'misp:category="{category}"',
|
||||
f'misp:to_ids="{to_ids}"',
|
||||
'from_object'
|
||||
]
|
||||
|
||||
def create_marking(self, tag):
|
||||
if tag in misp2stix2_mapping.tlp_markings:
|
||||
|
|
|
@ -116,14 +116,20 @@ class StixParser():
|
|||
## PARSING FUNCTIONS USED BY BOTH SUBCLASSES. ##
|
||||
################################################################################
|
||||
|
||||
def create_attribute_with_tag(self, attribute_dict, marking_refs):
|
||||
attribute = MISPAttribute()
|
||||
attribute.from_dict(**attribute_dict)
|
||||
try:
|
||||
self.marking_refs[attribute.uuid] = (marking.split('--')[1] for marking in marking_refs)
|
||||
except AttributeError:
|
||||
self.marking_refs = {attribute.uuid: (marking.split('--')[1] for marking in marking_refs)}
|
||||
return attribute
|
||||
def handle_markings(self):
|
||||
if hasattr(self, 'marking_refs'):
|
||||
for attribute in self.misp_event.attributes:
|
||||
if attribute.uuid in self.marking_refs:
|
||||
for marking_uuid in self.marking_refs[attribute.uuid]:
|
||||
attribute.add_tag(self.marking_definition[marking_uuid]['object'])
|
||||
self.marking_definition[marking_uuid]['used'] = True
|
||||
if self.marking_definition:
|
||||
for marking_definition in self.marking_definition.values():
|
||||
if not marking_definition['used']:
|
||||
self.tags.add(marking_definition['object'])
|
||||
if self.tags:
|
||||
for tag in self.tags:
|
||||
self.misp_event.add_tag(tag)
|
||||
|
||||
@staticmethod
|
||||
def _parse_email_body(body, references):
|
||||
|
@ -338,6 +344,12 @@ class StixParser():
|
|||
def _standard_test_filter(value, main_type):
|
||||
return isinstance(value, getattr(stix2, main_type))
|
||||
|
||||
def update_marking_refs(self, attribute_uuid, marking_refs):
|
||||
try:
|
||||
self.marking_refs[attribute_uuid] = tuple(marking.split('--')[1] for marking in marking_refs)
|
||||
except AttributeError:
|
||||
self.marking_refs = {attribute_uuid: tuple(marking.split('--')[1] for marking in marking_refs)}
|
||||
|
||||
|
||||
class StixFromMISPParser(StixParser):
|
||||
def __init__(self):
|
||||
|
@ -361,13 +373,7 @@ class StixFromMISPParser(StixParser):
|
|||
self.parse_galaxies()
|
||||
if hasattr(self, 'report'):
|
||||
self.parse_report()
|
||||
if self.marking_definition:
|
||||
for marking_definition in self.marking_definition.values():
|
||||
if not marking_definition['used']:
|
||||
self.tags.add(marking_definition['object'])
|
||||
if self.tags:
|
||||
for tag in self.tags:
|
||||
self.misp_event.add_tag(tag)
|
||||
self.handle_markings()
|
||||
|
||||
def _parse_custom(self, custom):
|
||||
if 'from_object' in custom['labels']:
|
||||
|
@ -451,7 +457,7 @@ class StixFromMISPParser(StixParser):
|
|||
'category': self.get_misp_category(custom['labels']),
|
||||
'uuid': custom['id'].split('--')[1]}
|
||||
if custom.get('object_marking_refs'):
|
||||
attribute = self.create_attribute_with_tag(attribute, custom['object_marking_refs'])
|
||||
self.update_marking_refs(attribute['uuid'], custom['object_marking_refs'])
|
||||
self.misp_event.add_attribute(**attribute)
|
||||
|
||||
def parse_custom_object(self, custom):
|
||||
|
@ -494,8 +500,6 @@ class StixFromMISPParser(StixParser):
|
|||
attribute.update({feature: value for feature, value in zip(('value', 'data'), (value, io.BytesIO(data.encode())))})
|
||||
else:
|
||||
attribute['value'] = self.parse_attribute_pattern(pattern)
|
||||
if hasattr(indicator, 'object_marking_refs'):
|
||||
attribute = self.create_attribute_with_tag(attribute, indicator.object_marking_refs)
|
||||
self.misp_event.add_attribute(**attribute)
|
||||
|
||||
def parse_indicator_object(self, indicator):
|
||||
|
@ -522,8 +526,6 @@ class StixFromMISPParser(StixParser):
|
|||
value, data = value
|
||||
attribute['data'] = data
|
||||
attribute['value'] = value
|
||||
if hasattr(observable, 'object_marking_refs'):
|
||||
attribute = self.create_attribute_with_tag(attribute, observable.object_marking_refs)
|
||||
self.misp_event.add_attribute(**attribute)
|
||||
|
||||
def parse_observable_object(self, observable):
|
||||
|
@ -1110,6 +1112,8 @@ class StixFromMISPParser(StixParser):
|
|||
if tags:
|
||||
attribute['Tag'] = tags
|
||||
attribute.update(self.parse_timeline(stix_object))
|
||||
if hasattr(stix_object, 'object_marking_refs'):
|
||||
self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs)
|
||||
return attribute
|
||||
|
||||
def create_misp_object(self, stix_object):
|
||||
|
@ -1197,9 +1201,7 @@ class ExternalStixParser(StixParser):
|
|||
self.parse_report()
|
||||
else:
|
||||
self.misp_event.info = 'Imported with the STIX to MISP import script.'
|
||||
if self.tags:
|
||||
for tag in self.tags:
|
||||
self.misp_event.add_tag(tag)
|
||||
self.handle_markings()
|
||||
|
||||
def parse_galaxy(self, galaxy):
|
||||
if galaxy.name in self._synonyms_to_tag_names:
|
||||
|
@ -1990,6 +1992,8 @@ class ExternalStixParser(StixParser):
|
|||
attribute.update(self.parse_timeline(stix_object))
|
||||
if isinstance(stix_object, stix2.Indicator):
|
||||
attribute['to_ids'] = True
|
||||
if hasattr(stix_object, 'object_marking_refs'):
|
||||
self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs)
|
||||
self.misp_event.add_attribute(**attribute)
|
||||
except IndexError:
|
||||
object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects'
|
||||
|
|
|
@ -480,9 +480,7 @@ function activateField(type, id, field, event) {
|
|||
if (type == 'denyForm') return;
|
||||
var objectType = 'attributes';
|
||||
var containerName = 'Attribute';
|
||||
if (type == 'ShadowAttribute') {
|
||||
objectType = 'shadow_attributes';
|
||||
} else if (type == 'Object') {
|
||||
if (type == 'Object') {
|
||||
objectType = 'objects';
|
||||
containerName = 'Object';
|
||||
}
|
||||
|
@ -623,9 +621,7 @@ function submitForm(type, id, field, context) {
|
|||
var object_type = 'attributes';
|
||||
var action = "editField";
|
||||
var name = '#' + type + '_' + id + '_' + field;
|
||||
if (type == 'ShadowAttribute') {
|
||||
object_type = 'shadow_attributes';
|
||||
} else if (type == 'Object') {
|
||||
if (type == 'Object') {
|
||||
object_type = 'objects';
|
||||
}
|
||||
$.ajax({
|
||||
|
|
Loading…
Reference in New Issue