Merge branch 'develop' of github.com:MISP/MISP into develop

2024-01-31 10:44:43 +01:00 · 2024-01-31 10:44:43 +01:00 · 9425c99894
parent ebdf1c0004 ebbe17b88c
commit 9425c99894
3 changed files with 27 additions and 9 deletions
--- a/app/Lib/Tools/ComplexTypeTool.php
+++ b/app/Lib/Tools/ComplexTypeTool.php
@ -308,14 +308,13 @@ class ComplexTypeTool
     */
    private function parseFreetext($input)
    {
-        $input = str_replace("\xc2\xa0", ' ', $input); // non breaking space to normal space
-        $input = preg_replace('/\p{C}+/u', ' ', $input);
-        $iocArray = preg_split("/\r\n|\n|\r|\s|\s+|,|\<|\>|;/", $input);
+        // convert non breaking space to normal space and all unicode chars from "other" category
+        $input = preg_replace("/\p{C}+|\xc2\xa0/u", ' ', $input);
+        $iocArray = preg_split("/\r\n|\n|\r|\s|\s+|,|<|>|;/", $input);

        preg_match_all('/\"([^\"]+)\"/', $input, $matches);
-        foreach ($matches[1] as $match) {
-            $iocArray[] = $match;
-        }
+        array_push($iocArray, ...$matches[1]);
+
        return $iocArray;
    }

--- a/app/Model/User.php
+++ b/app/Model/User.php
@ -2078,12 +2078,10 @@ class User extends AppModel
            return false;
        }

-        $cutoff = $redis->get('misp:session_destroy:' . $id);
-        $allcutoff = $redis->get('misp:session_destroy:all');
+        list($cutoff, $allcutoff) = $redis->mGet(['misp:session_destroy:' . $id, 'misp:session_destroy:all']);
        if (
            empty($cutoff) ||
            (
-                !empty($cutoff) &&
                !empty($allcutoff) &&
                $allcutoff < $cutoff
            )
--- a/app/Test/ComplexTypeToolTest.php
+++ b/app/Test/ComplexTypeToolTest.php
@ -527,10 +527,31 @@ EOT;
    public function testCheckFreeTextNonBreakableSpace(): void
    {
        $complexTypeTool = new ComplexTypeTool();
+
        $results = $complexTypeTool->checkFreeText("127.0.0.1\xc2\xa0127.0.0.2");
        $this->assertCount(2, $results);
        $this->assertEquals('127.0.0.1', $results[0]['value']);
        $this->assertEquals('ip-dst', $results[0]['default_type']);
+
+        $results = $complexTypeTool->checkFreeText("127.0.0.1\xc2\xa0\xc2\xa0127.0.0.2");
+        $this->assertCount(2, $results);
+        $this->assertEquals('127.0.0.1', $results[0]['value']);
+        $this->assertEquals('ip-dst', $results[0]['default_type']);
+    }
+
+    public function testCheckFreeTextControlCharToSpace(): void
+    {
+        $complexTypeTool = new ComplexTypeTool();
+
+        $results = $complexTypeTool->checkFreeText("127.0.0.1\x1d127.0.0.2");
+        $this->assertCount(2, $results);
+        $this->assertEquals('127.0.0.1', $results[0]['value']);
+        $this->assertEquals('ip-dst', $results[0]['default_type']);
+
+        $results = $complexTypeTool->checkFreeText("127.0.0.1\x1d\x1d127.0.0.2");
+        $this->assertCount(2, $results);
+        $this->assertEquals('127.0.0.1', $results[0]['value']);
+        $this->assertEquals('ip-dst', $results[0]['default_type']);
    }

    public function testCheckFreeTextQuoted(): void