MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [restSearche] Correctly interpret the `deleted` parameter on 

`event` and `attribute` scope.
-- Pair programming with @iglocksa
pull/4666/head
mokaddem 2019-05-22 16:08:27 +02:00
parent 6d5fac0a6c
commit 94332afbf6
3 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/EventsController.php
View File

@ -3286,7 +3286,7 @@ class EventsController extends AppController
$paramArray = array(
'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments',
'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'returnFormat',
'limit', 'page', 'requested_attributes', 'includeContext', 'headerless', 'includeWarninglistHits', 'attackGalaxy'
'limit', 'page', 'requested_attributes', 'includeContext', 'headerless', 'includeWarninglistHits', 'attackGalaxy', 'deleted'
);
$filterData = array(
'request' => $this->request,

13
app/Model/Attribute.php
View File

@ -3017,6 +3017,11 @@ class Attribute extends AppModel
}
if (!$user['Role']['perm_sync'] || !isset($options['deleted']) || !$options['deleted']) {
$params['conditions']['AND']['(Attribute.deleted + 0)'] = 0;
} else {
if ($options['deleted'] === "only") {
$options['deleted'] = 1;
}
$params['conditions']['AND']['(Attribute.deleted + 0)'] = $options['deleted'];
}
if (isset($options['group'])) {
$params['group'] = empty($options['group']) ? $options['group'] : false;
@ -3993,12 +3998,8 @@ class Attribute extends AppModel
if (isset($filters['page'])) {
$params['page'] = $filters['page'];
}
if (!empty($filtes['deleted'])) {
$params['deleted'] = 1;
if ($params['deleted'] === 'only') {
$params['conditions']['AND'][] = array('Attribute.deleted' => 1);
$params['conditions']['AND'][] = array('Object.deleted' => 1);
}
if (!empty($filters['deleted'])) {
$params['deleted'] = $filters['deleted'];
}
if ($paramsOnly) {
return $params;

35
app/Model/Event.php
View File

@ -1918,20 +1918,47 @@ class Event extends AppModel
$conditionsAttributes['AND'][] = array('Attribute.to_ids' => 1);
}
$softDeletables = array('Attribute', 'Object', 'ObjectReference');
if (isset($options['deleted']) && $options['deleted']) {
if (isset($options['deleted'])) {
if (!is_array($options['deleted'])) {
$options['deleted'] = array($options['deleted']);
}
foreach ($options['deleted'] as $deleted_key => $deleted_value) {
if ($deleted_value === 'only') {
$deleted_value = 1;
}
$options['deleted'][$deleted_key] = intval($deleted_value);
}
if (!$user['Role']['perm_sync']) {
foreach ($softDeletables as $softDeletable) {
if (in_array(0, $options['deleted'])) {
$deletion_subconditions = array(
sprintf('%s.deleted', $softDeletable) => 0
);
} else {
$deletion_subconditions = array(
'1=0'
);
}
${'conditions' . $softDeletable . 's'}['AND'][] = array(
'OR' => array(
'(SELECT events.org_id FROM events WHERE events.id = ' . $softDeletable . '.event_id)' => $user['org_id'],
$softDeletable . '.deleted LIKE' => 0
'AND' => array(
sprintf('(SELECT events.org_id FROM events WHERE events.id = %s.event_id)', $softDeletable) => $user['org_id'],
sprintf('%s.deleted', $softDeletable) => $options['deleted']
),
$deletion_subconditions
)
);
}
} else {
foreach ($softDeletables as $softDeletable) {
${'conditions' . $softDeletable . 's'}['AND'][] = array(
sprintf('%s.deleted', $softDeletable) => $options['deleted']
);
}
}
} else {
foreach ($softDeletables as $softDeletable) {
${'conditions' . $softDeletable . 's'}['AND'][$softDeletable . '.deleted LIKE'] = 0;
${'conditions' . $softDeletable . 's'}['AND'][$softDeletable . '.deleted'] = 0;
}
}
$proposal_conditions = array('OR' => array('ShadowAttribute.deleted' => 0));