From 2eddbb5dccdc16296ab1ef6d55acb115f39b945d Mon Sep 17 00:00:00 2001
From: Richard van den Berg <richard.vandenberg@ncsc.nl>
Date: Mon, 31 Aug 2015 12:55:42 +0200
Subject: [PATCH 1/4] Export MISP tags as STIX journal entries

---
 app/Model/Event.php            |  5 +++++
 app/Model/Tag.php              | 21 ++++++++++++++++++++-
 app/files/scripts/misp2stix.py |  6 ++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/app/Model/Event.php b/app/Model/Event.php
index c02be7981..c039ea590 100755
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -1776,6 +1776,11 @@ class Event extends AppModel {
 				}
 			}
 		}
+                if (Configure::read('MISP.tagging')) {
+			foreach ($events as &$event) {
+				$event['Tag'] = $this->EventTag->Tag->findEventTags($event['Event']['id']);
+                        }
+                }
 		// generate a randomised filename for the temporary file that will be passed to the python script
 		$randomFileName = $this->generateRandomFileName();
 		$tempFile = new File (APP . "files" . DS . "scripts" . DS . "tmp" . DS . $randomFileName, true, 0644);
diff --git a/app/Model/Tag.php b/app/Model/Tag.php
index 27767fc1d..3e06854ba 100644
--- a/app/Model/Tag.php
+++ b/app/Model/Tag.php
@@ -84,6 +84,7 @@ class Tag extends AppModel {
 		return array($acceptIds, $rejectIds);
 	}
 	
+	// find all of the event Ids that belong to tags with certain names
 	public function findTags($array) {
 		$ids = array();
 		foreach ($array as $a) {
@@ -103,4 +104,22 @@ class Tag extends AppModel {
 		}
 		return $ids;
 	}
-}
\ No newline at end of file
+
+	// find all tags that belong to a given eventId
+	public function findEventTags($eventId) {
+		$tags = array();
+		$params = array(
+				'recursive' => 1,
+				'contain' => 'EventTag',
+		);
+		$result = $this->find('all', $params);
+		foreach ($result as $tag) {
+			foreach ($tag['EventTag'] as $eventTag) {
+				if ($eventTag['event_id'] == $eventId) {
+					$tags[] = $tag['Tag'];
+				}
+			}
+		}
+		return $tags;
+	}
+}
diff --git a/app/files/scripts/misp2stix.py b/app/files/scripts/misp2stix.py
index 6f936ce4e..4b697e114 100644
--- a/app/files/scripts/misp2stix.py
+++ b/app/files/scripts/misp2stix.py
@@ -157,6 +157,7 @@ def generateSTIXObjects(event):
         incident.status = IncidentStatus(incident_status_name)
     setTLP(incident, event["Event"]["distribution"])
     setOrg(incident, event["Event"]["org"])
+    setTag(incident, event["Tag"])
     resolveAttributes(incident, ttps, event["Attribute"])
     return [incident, ttps]
 
@@ -307,6 +308,11 @@ def setOrg(target, org):
     information_source = InformationSource(identity = ident)
     target.information_source = information_source
 
+# takes an object and adds the passed tags as journal entries to it. 
+def setTag(target, tags):
+    for tag in tags:
+        addJournalEntry(target, "MISP Tag: " + tag["name"])
+
 def addReference(target, reference):
     if hasattr(target.information_source, "references"):
         target.information_source.add_reference(reference)

From 77adf624d9fd3fd6fbbb628025fa352fd4e9fb27 Mon Sep 17 00:00:00 2001
From: Iglocska <andras.iklody@gmail.com>
Date: Wed, 2 Sep 2015 09:57:59 +0200
Subject: [PATCH 2/4] Fix to a reflected XSS in the event choice

---
 app/View/Events/ajax/exportChoice.ctp | 4 ++--
 app/View/Events/automation.ctp        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/View/Events/ajax/exportChoice.ctp b/app/View/Events/ajax/exportChoice.ctp
index 3a8c36b18..d5560e005 100644
--- a/app/View/Events/ajax/exportChoice.ctp
+++ b/app/View/Events/ajax/exportChoice.ctp
@@ -4,10 +4,10 @@
 		<table style="width:100%;">
 		<?php foreach ($exports as $k => $export): ?>
 			<tr style="border-bottom:1px solid black;" class="templateChoiceButton">
-				<td style="padding-left:10px; text-align:left;width:50%;" onClick="exportChoiceSelect('<?php echo $export['url']; ?>', '<?php echo $k; ?>', '<?php echo $export['checkbox']; ?>')"><?php echo $export['text']; ?></td>
+				<td style="padding-left:10px; text-align:left;width:50%;" onClick="exportChoiceSelect('<?php echo h($export['url']); ?>', '<?php echo h($k); ?>', '<?php echo h($export['checkbox']); ?>')"><?php echo h($export['text']); ?></td>
 				<td style="padding-right:10px; width:50%;text-align:right;">
 					<?php if ($export['checkbox']): 
-						echo $export['checkbox_text'];
+						echo h($export['checkbox_text']);
 					?>
 						<input id = "<?php echo $k . '_toggle';?>" type="checkbox" style="align;vertical-align:top;margin-top:8px;">
 						<span id ="<?php echo $k?>_set" style="display:none;"><?php echo h($export['checkbox_set']); ?></span>
diff --git a/app/View/Events/automation.ctp b/app/View/Events/automation.ctp
index 58a012f0c..03feea3c8 100644
--- a/app/View/Events/automation.ctp
+++ b/app/View/Events/automation.ctp
@@ -359,10 +359,10 @@ The event ID is optional. MISP will accept either a JSON or an XML object posted
 <h3>Add or remove tags from events</h3>
 <p>You can add or remove an existing tag from an event in the following way:</p>
 <pre>
-<?php echo Configure::read('MISP.baseurl').'/attributes/addTag'; ?>
+<?php echo Configure::read('MISP.baseurl').'/events/addTag'; ?>
 </pre>
 <pre>
-<?php  echo Configure::read('MISP.baseurl').'/attributes/removeTag'; ?>
+<?php  echo Configure::read('MISP.baseurl').'/events/removeTag'; ?>
 </pre>
 <p>Just POST a json object in the following format (to the appropriate API depending on whether you want to add or delete a tag from an event):</p>
 <code>{"request": {"Event": {"id": "228", "tag": "8"}}}</code><br /><br />

From 62532260efe31f7da7e29fd07b1f7287fb8fc9ee Mon Sep 17 00:00:00 2001
From: Iglocska <andras.iklody@gmail.com>
Date: Wed, 2 Sep 2015 10:18:08 +0200
Subject: [PATCH 3/4] Addition to the previous commit

---
 app/Controller/EventsController.php   | 1 +
 app/View/Events/ajax/exportChoice.ctp | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 1c5232539..4ae654b6c 100755
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -3190,6 +3190,7 @@ class EventsController extends AppController {
 	}
 	
 	public function exportChoice($id) {
+		if (!is_numeric($id)) throw new MethodNotAllowedException('Invalid ID');
 		$event = $this->Event->find('first' ,array(
 				'conditions' => array('id' => $id),
 				'recursive' => -1,
diff --git a/app/View/Events/ajax/exportChoice.ctp b/app/View/Events/ajax/exportChoice.ctp
index d5560e005..0f9a869c6 100644
--- a/app/View/Events/ajax/exportChoice.ctp
+++ b/app/View/Events/ajax/exportChoice.ctp
@@ -9,8 +9,8 @@
 					<?php if ($export['checkbox']): 
 						echo h($export['checkbox_text']);
 					?>
-						<input id = "<?php echo $k . '_toggle';?>" type="checkbox" style="align;vertical-align:top;margin-top:8px;">
-						<span id ="<?php echo $k?>_set" style="display:none;"><?php echo h($export['checkbox_set']); ?></span>
+						<input id = "<?php echo h($k) . '_toggle';?>" type="checkbox" style="align;vertical-align:top;margin-top:8px;">
+						<span id ="<?php echo h($k);?>_set" style="display:none;"><?php echo h($export['checkbox_set']); ?></span>
 					<?php else: ?>
 						&nbsp;
 					<?php endif; ?>

From 20de4ba9cc8eeed831b6018e0fa49ea3bdafa564 Mon Sep 17 00:00:00 2001
From: Iglocska <andras.iklody@gmail.com>
Date: Wed, 2 Sep 2015 10:20:49 +0200
Subject: [PATCH 4/4] Version bump

---
 VERSION.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.json b/VERSION.json
index 0610c7736..b66430c08 100644
--- a/VERSION.json
+++ b/VERSION.json
@@ -1 +1 @@
-{"major":2, "minor":3, "hotfix":119}
\ No newline at end of file
+{"major":2, "minor":3, "hotfix":121}
\ No newline at end of file