fix: [API] proposals overriding attributes wasn't always working as expected, fixes #4032

- until now it was bound to the to_ids setting (badly) which caused nothing but headache - moved the new configuration to instead use the non-permissive nature of the given export formats - non-permissive export: if the proposal block is enabled, override attributes - permissive export types: ignore the proposals The reasoning is simple: we use the permissive export types for types that can express additional structures such as proposals, IDS flags, publish flags etc (meaning the MISP JSON/XML formats for example)
2019-09-29 20:35:51 +02:00 · 2019-09-29 20:35:51 +02:00 · 8168cc79db
parent 480e3b2969
commit 8168cc79db
2 changed files with 9 additions and 4 deletions
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -3104,8 +3104,7 @@ class Attribute extends AppModel
        }
        if (
            Configure::read('MISP.proposals_block_attributes') &&
-            isset($options['conditions']['AND']['Attribute.to_ids']) &&
-            array($options['conditions']['AND']['Attribute.to_ids'] == 1, in_array(1, $options['conditions']['AND']['Attribute.to_ids']))
+            !empty($options['allow_proposal_blocking'])
        ) {
            $this->bindModel(array('hasMany' => array('ShadowAttribute' => array('foreignKey' => 'old_id'))));
            $proposalRestriction =  array(
@ -4239,6 +4238,7 @@ class Attribute extends AppModel
            if (!isset($filters['published'])) {
                $filters['published'] = 1;
            }
+            $filters['allow_proposal_blocking'] = 1;
        }
        if (!empty($filters['quickFilter'])) {
            $filters['searchall'] = $filters['quickFilter'];
@ -4273,7 +4273,8 @@ class Attribute extends AppModel
                'includeSightings' => !empty($filters['includeSightings']) ? $filters['includeSightings'] : 0,
                'includeCorrelations' => !empty($filters['includeCorrelations']) ? $filters['includeCorrelations'] : 0,
                'includeDecayScore' => !empty($filters['includeDecayScore']) ? $filters['includeDecayScore'] : 0,
-                'includeFullModel' => !empty($filters['includeFullModel']) ? $filters['includeFullModel'] : 0
+                'includeFullModel' => !empty($filters['includeFullModel']) ? $filters['includeFullModel'] : 0,
+                'allow_proposal_blocking' => !empty($filters['allow_proposal_blocking']) ? $filters['allow_proposal_blocking'] : 0
        );
        if (!empty($filters['attackGalaxy'])) {
            $params['attackGalaxy'] = $filters['attackGalaxy'];
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -2211,7 +2211,10 @@ class Event extends AppModel
                            }
                        }
                    }
-                    if (Configure::read('MISP.proposals_block_attributes') && isset($options['to_ids']) && $options['to_ids']) {
+                    if (
+                        Configure::read('MISP.proposals_block_attributes') &&
+                        !empty($options['allow_proposal_blocking'])
+                    ) {
                        foreach ($results[$eventKey]['Attribute'][$key]['ShadowAttribute'] as $sa) {
                            if ($sa['proposal_to_delete'] || $sa['to_ids'] == 0) {
                                unset($results[$eventKey]['Attribute'][$key]);
@ -6712,6 +6715,7 @@ class Event extends AppModel
            if (!isset($filters['published'])) {
                $filters['published'] = 1;
            }
+            $filters['allow_proposal_blocking'] = 1;
        }

        if (!empty($exportTool->renderView)) {