MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [sync] Set org_id to 0 on proposal push if the sighting is anonymised 

- correctly prevents the remote side from misattributing the sighting to the sync user's org
pull/5430/head
iglocska 2019-11-25 15:45:40 +01:00
parent 95f17d6acd
commit 8ee304eff9
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Model/Event.php
View File

@ -1080,6 +1080,11 @@ class Event extends AppModel
$HttpSocket = $this->setupHttpSocket($server, $HttpSocket);
$request = $this->setupSyncRequest($server);
$uri = $server['Server']['url'] . '/sightings/bulkSaveSightings/' . $event_uuid;
foreach ($sightings as &$sighting) {
if (!isset($sighting['org_id'])) {
$sighting['org_id'] = '0';
}
}
$data = json_encode($sightings);
if (!empty(Configure::read('Security.sync_audit'))) {
$pushLogEntry = sprintf(