MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

CakePHP Coding Standards 

http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html

Eclipse:
Window->Preferences
	General->Editors->Text Editors
		Displayed tab width:	4
		Insert spaces for tabs	NOT
	PHP->Code Style->Formatter
		Tab policy:	Tabs
File->Convert Line Delimeters To->Unix [default]

http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/

Not yet done is all camel caps format.
pull/61/head
noud 2012-09-18 15:30:32 +02:00
parent 0f4a0dffea
commit 94a367c2f5
54 changed files with 4398 additions and 4396 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Config/bootstrap.php
View File

@ -108,10 +108,10 @@ Configure::write('SecureAuth.amount', 5); // the maximum amount of
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
Configure::write('CyDefSIG.correlation', 'sql'); // correlation between attributes of events.
// possible values:
// - default, like it was
// - db, correlation in database
// - sql, selection on event i.s.o. per attribute (improvement possible)
// possible values:
// - default, like it was
// - db, correlation in database
// - sql, selection on event i.s.o. per attribute (improvement possible)
/**
* Network activity, ip-src
* 30 class-C network ip addresses

3
app/Console/Command/PasswordShell.php
View File

@ -1,11 +1,12 @@
<?php
/*
* Reset a password
*
*
* arg0 = email
* arg1 = new password
*/
class PasswordShell extends AppShell {
public $uses = array('User');
public function main() {

533
app/Controller/AppController.php
View File

@ -13,11 +13,11 @@
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Controller
* @since CakePHP(tm) v 0.2.9
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Controller
* @since CakePHP(tm) v 0.2.9
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
// TODO GPG encryption has issues when keys are expired
@ -31,307 +31,304 @@ App::uses('Sanitize', 'Utility');
* Add your application-wide methods in the class below, your controllers
* will inherit them.
*
* @package app.Controller
* @package app.Controller
* @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
*/
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'className' => 'SecureAuth',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'authError' => 'Did you really think you are allowed to see that?',
'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller') // Added this line
)
);
public $components = array(
'Session',
'Auth' => array(
'className' => 'SecureAuth',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'authError' => 'Did you really think you are allowed to see that?',
'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller') // Added this line
)
);
public function isAuthorized($user) {
if (self::_isAdmin()) {
return true; // admin can access every action on every controller
}
return false; // The rest don't
}
public function isAuthorized($user) {
if (self::_isAdmin()) {
return true; // admin can access every action on every controller
}
return false; // The rest don't
}
public function beforeFilter() {
// REST things
if ($this->_isRest()) {
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
$this->Security->csrfCheck = false;
function beforeFilter() {
// REST things
if ($this->_isRest()) {
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
$this->Security->csrfCheck = false;
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$authkey = $_SERVER['HTTP_AUTHORIZATION'];
$this->loadModel('User');
$params = array(
'conditions' => array('User.authkey' => $authkey),
'recursive' => 0,
);
$user = $this->User->find('first', $params);
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$authkey = $_SERVER['HTTP_AUTHORIZATION'];
$this->loadModel('User');
$params = array(
'conditions' => array('User.authkey' => $authkey),
'recursive' => 0,
);
$user = $this->User->find('first', $params);
if ($user) {
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
throw new ForbiddenException('Incorrect authentication key');
}
}
}
if ($user) {
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
throw new ForbiddenException('Incorrect authentication key');
}
}
}
// These variables are required for every view
$this->set('me', $this->Auth->user());
$this->set('isAdmin', $this->_isAdmin());
}
// These variables are required for every view
$this->set('me', $this->Auth->user());
$this->set('isAdmin', $this->_isAdmin());
}
protected function _isRest() {
return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
}
protected function _isRest() {
return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
}
/**
* Convert an array to the same array but with the values also as index instead of an interface_exists
*/
public function _arrayToValuesIndexArray($old_array) {
$new_array = Array();
foreach ($old_array as $value)
$new_array[$value] = $value;
return $new_array;
}
/**
* Convert an array to the same array but with the values also as index instead of an interface_exists
*/
function _arrayToValuesIndexArray($old_array) {
$new_array = Array();
foreach ($old_array as $value)
$new_array[$value] = $value;
return $new_array;
}
/**
* checks if the currently logged user is an administrator
*/
public function _isAdmin() {
$org = $this->Auth->user('org');
if (isset($org) && $org === 'ADMIN') {
return true;
}
return false;
}
/**
* checks if the currently logged user is an administrator
*/
public function _isAdmin() {
$org = $this->Auth->user('org');
if (isset($org) && $org === 'ADMIN') {
return true;
}
return false;
}
/**
* Refreshes the Auth session with new/updated data
* @return void
*/
function _refreshAuth() {
/**
* Refreshes the Auth session with new/updated data
* @return void
*/
public function _refreshAuth() {
if (isset($this->User)) {
$user = $this->User->read(false, $this->Auth->user('id'));
$user = $this->User->read(false, $this->Auth->user('id'));
} else {
$user= ClassRegistry::init('User')->findById($this->Auth->user('id'));
$user = ClassRegistry::init('User')->findById($this->Auth->user('id'));
}
$this->Auth->login($user['User']);
}
}
/**
* Updates the missing fields from v0.1 to v0.2 of CyDefSIG
* First you will need to manually update the database to the new schema.
* Log in as admin user and
* Then run this function by setting debug = 1 (or more) and call /events/migrate01to02
*
* @throws NotFoundException
*/
public function migrate01to02() {
if (!self::_isAdmin()) throw new NotFoundException();
/**
* Updates the missing fields from v0.1 to v0.2 of CyDefSIG
* First you will need to manually update the database to the new schema.
* Log in as admin user and
* Then run this function by setting debug = 1 (or more) and call /events/migrate01to02
*/
function migrate01to02() {
if (!self::_isAdmin()) throw new NotFoundException();
// generate uuids for events who have no uuid
$this->loadModel('Event');
$params = array(
'conditions' => array('Event.uuid' => ''),
'recursive' => 0,
'fields' => array('Event.id'),
);
$events = $this->Event->find('all', $params);
// generate uuids for events who have no uuid
$this->loadModel('Event');
$params = array(
'conditions' => array('Event.uuid' => ''),
'recursive' => 0,
'fields' => array('Event.id'),
);
$events = $this->Event->find('all', $params);
echo '<p>Generating UUID for events: ';
foreach ($events as $event) {
$this->Event->id = $event['Event']['id'];
$this->Event->saveField('uuid', String::uuid());
echo $event['Event']['id'] . ' ';
}
echo "</p>";
// generate uuids for attributes who have no uuid
$this->loadModel('Attribute');
$params = array(
'conditions' => array('Attribute.uuid' => ''),
'recursive' => 0,
'fields' => array('Attribute.id'),
);
$attributes = $this->Attribute->find('all', $params);
echo '<p>Generating UUID for attributes: ';
foreach ($attributes as $attribute) {
$this->Attribute->id = $attribute['Attribute']['id'];
$this->Attribute->saveField('uuid', String::uuid());
echo $attribute['Attribute']['id'] . ' ';
}
echo "</p>";
}
echo '<p>Generating UUID for events: ';
foreach ($events as $event) {
$this->Event->id = $event['Event']['id'];
$this->Event->saveField('uuid', String::uuid());
echo $event['Event']['id'].' ';
}
echo "</p>";
// generate uuids for attributes who have no uuid
$this->loadModel('Attribute');
$params = array(
'conditions' => array('Attribute.uuid' => ''),
'recursive' => 0,
'fields' => array('Attribute.id'),
);
$attributes = $this->Attribute->find('all', $params);
echo '<p>Generating UUID for attributes: ';
foreach ($attributes as $attribute) {
$this->Attribute->id = $attribute['Attribute']['id'];
$this->Attribute->saveField('uuid', String::uuid());
echo $attribute['Attribute']['id'].' ';
}
echo "</p>";
}
/**
* Updates the missing fields from v0.2 to v0.2.1 of CyDefSIG
* First you will need to manually update the database to the new schema.
* Log in as admin user and
* Then run this function by setting debug = 1 (or more) and call /events/migrate02to021
*/
public function _explodeValueToValues() {
// search for composite value1 fields and explode it to value1 and value2
$this->loadModel('Attribute');
$params = array(
'conditions' => array(
'OR' => array(
'Attribute.type' => $this->Attribute->getCompositeTypes()
)
),
'recursive' => 0,
'fields' => array('Attribute.id', 'Attribute.value1'),
);
$attributes = $this->Attribute->find('all', $params);
echo '<h2>Exploding composite fields in 2 columns: </h2><ul>';
foreach ($attributes as $attribute) {
$pieces = explode('|', $attribute['Attribute']['value1']);
if (2 != count($pieces)) continue; // do nothing if not 2 pieces
$this->Attribute->id = $attribute['Attribute']['id'];
echo '<li>' . $attribute['Attribute']['id'] . ' --> ' . $attribute['Attribute']['value1'] . ' --> ' . $pieces[0] . ' --> ' . $pieces[1] . '</li> ';
$this->Attribute->saveField('value1', $pieces[0]);
$this->Attribute->id = $attribute['Attribute']['id'];
$this->Attribute->saveField('value2', $pieces[1]);
}
echo "</ul> DONE.";
}
/**
* Updates the missing fields from v0.2 to v0.2.1 of CyDefSIG
* First you will need to manually update the database to the new schema.
* Log in as admin user and
* Then run this function by setting debug = 1 (or more) and call /events/migrate02to021
*/
function _explodeValueToValues() {
// search for composite value1 fields and explode it to value1 and value2
$this->loadModel('Attribute');
$params = array(
'conditions' => array(
'OR' => array(
'Attribute.type' => $this->Attribute->getCompositeTypes()
)
),
'recursive' => 0,
'fields' => array('Attribute.id', 'Attribute.value1'),
);
$attributes = $this->Attribute->find('all', $params);
echo '<h2>Exploding composite fields in 2 columns: </h2><ul>';
foreach ($attributes as $attribute) {
$pieces = explode('|', $attribute['Attribute']['value1']);
if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
$this->Attribute->id = $attribute['Attribute']['id'];
echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';
$this->Attribute->saveField('value1', $pieces[0]);
$this->Attribute->id = $attribute['Attribute']['id'];
$this->Attribute->saveField('value2', $pieces[1]);
}
echo "</ul> DONE.";
}
public function migrate02to021() {
if (!self::_isAdmin()) {
throw new NotFoundException();
}
function migrate02to021() {
if (!self::_isAdmin()) throw new NotFoundException();
// search for composite value1 fields and explode it to value1 and value2
$this->_explodeValueToValues();
}
// search for composite value1 fields and explode it to value1 and value2
$this->_explodeValueToValues();
public function migrate021to022() {
if (!self::_isAdmin()) throw new NotFoundException();
}
// replace description by comment
function migrate021to022() {
if (!self::_isAdmin()) throw new NotFoundException();
// replace empty category
// not easy as we have to guess the category from the type
//$this->loadModel('Attribute');
// $params = array(
// 'conditions' => array('Attribute.type' => ''),
// 'recursive' => 0,
// 'fields' => array('Attribute.id'),
// );
// $attributes = $this->Attribute->find('all', $params);
// echo '<p>Replacing empty categories by OtherExploding composite fields in 2 columns: </p><ul>';
// foreach ($attributes as $attribute) {
// $pieces = explode('|', $attribute['Attribute']['value1']);
// if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
// replace description by comment
// $this->Attribute->id = $attribute['Attribute']['id'];
// echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';
// $this->Attribute->saveField('value1', $pieces[0]);
// $this->Attribute->id = $attribute['Attribute']['id'];
// $this->Attribute->saveField('value2', $pieces[1]);
// }
// echo "</ul> DONE</p>";
// replace empty category
// not easy as we have to guess the category from the type
//$this->loadModel('Attribute');
// $params = array(
// 'conditions' => array('Attribute.type' => ''),
// 'recursive' => 0,
// 'fields' => array('Attribute.id'),
// );
// $attributes = $this->Attribute->find('all', $params);
// echo '<p>Replacing empty categories by OtherExploding composite fields in 2 columns: </p><ul>';
// foreach ($attributes as $attribute) {
// $pieces = explode('|', $attribute['Attribute']['value1']);
// if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
// search for incompatible combination of category / type
}
// $this->Attribute->id = $attribute['Attribute']['id'];
// echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';
// $this->Attribute->saveField('value1', $pieces[0]);
// $this->Attribute->id = $attribute['Attribute']['id'];
// $this->Attribute->saveField('value2', $pieces[1]);
// }
// echo "</ul> DONE</p>";
public function migratemisp02to10() {
if (!self::_isAdmin()) {
throw new NotFoundException();
}
// search for incompatible combination of category / type
// add missing columns, rename other columns
$queries = array(
// ATTRIBUTES
// rename value to value1
"ALTER TABLE `attributes` CHANGE `value` `value1` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL "
// add value2
,"ALTER TABLE `attributes` ADD `value2` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL AFTER `value1` "
// fix the keys
,"ALTER TABLE `attributes` DROP INDEX `uuid`;"
,"ALTER TABLE `attributes` ADD INDEX `value1_key` ( `value1` ( 5 ) ) ;"
,"ALTER TABLE `attributes` ADD INDEX `value2_key` ( `value2` ( 5 ) ) ;"
// EVENTS
// remove useless things
,"ALTER TABLE `events` DROP `user_id`"
,"ALTER TABLE `events` DROP `alerted`"
,"ALTER TABLE `events` ADD `revision` INT( 10 ) NOT NULL DEFAULT '0' AFTER `uuid` "
// fix the keys
,"ALTER TABLE events DROP INDEX uuid"
,"ALTER TABLE events DROP INDEX info"
// SERVERS
// rename lastfetchedid to lastpushedid
,"ALTER TABLE `servers` CHANGE `lastfetchedid` `lastpushedid` INT( 11 ) NOT NULL "
// add lastpulledid
,"ALTER TABLE `servers` ADD `lastpulledid` INT( 11 ) NOT NULL AFTER `lastpushedid` "
// USERS
// fix keys
,"ALTER TABLE `users` DROP INDEX `username`"
,"ALTER TABLE `users` ADD INDEX `email` ( `email` ) "
);
// execute the queries
foreach ($queries as &$query) {
$result = $this->{$this->modelClass}->query($query);
}
}
public function migratemisp10to11() {
if (!self::_isAdmin()) {
throw new NotFoundException();
}
}
// add missing columns, rename other columns
$queries = array(
// EVENTS
// bring user_id back in
"ALTER TABLE `events` ADD `user_id` INT( 11 ) NOT NULL AFTER `info` "
);
// execute the queries
foreach ($queries as &$query) {
$result = $this->{$this->modelClass}->query($query);
}
}
function migratemisp02to10() {
if (!self::_isAdmin()) throw new NotFoundException();
public function generateCorrelation() {
if (!self::_isAdmin()) throw new NotFoundException();
// add missing columns, rename other columns
$queries = array(
// ATTRIBUTES
// rename value to value1
"ALTER TABLE `attributes` CHANGE `value` `value1` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL "
// add value2
,"ALTER TABLE `attributes` ADD `value2` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL AFTER `value1` "
// fix the keys
,"ALTER TABLE `attributes` DROP INDEX `uuid`;"
,"ALTER TABLE `attributes` ADD INDEX `value1_key` ( `value1` ( 5 ) ) ;"
,"ALTER TABLE `attributes` ADD INDEX `value2_key` ( `value2` ( 5 ) ) ;"
// EVENTS
// remove useless things
,"ALTER TABLE `events` DROP `user_id`"
,"ALTER TABLE `events` DROP `alerted`"
,"ALTER TABLE `events` ADD `revision` INT( 10 ) NOT NULL DEFAULT '0' AFTER `uuid` "
// fix the keys
,"ALTER TABLE events DROP INDEX uuid"
,"ALTER TABLE events DROP INDEX info"
// SERVERS
// rename lastfetchedid to lastpushedid
,"ALTER TABLE `servers` CHANGE `lastfetchedid` `lastpushedid` INT( 11 ) NOT NULL "
// add lastpulledid
,"ALTER TABLE `servers` ADD `lastpulledid` INT( 11 ) NOT NULL AFTER `lastpushedid` "
// USERS
// fix keys
,"ALTER TABLE `users` DROP INDEX `username`"
,"ALTER TABLE `users` ADD INDEX `email` ( `email` ) "
);
// execute the queries
foreach ($queries as &$query) {
$result = $this->{$this->modelClass}->query($query);
}
}
function migratemisp10to11() {
if (!self::_isAdmin()) throw new NotFoundException();
// add missing columns, rename other columns
$queries = array(
// EVENTS
// bring user_id back in
"ALTER TABLE `events` ADD `user_id` INT( 11 ) NOT NULL AFTER `info` "
);
// execute the queries
foreach ($queries as &$query) {
$result = $this->{$this->modelClass}->query($query);
}
}
function generateCorrelation() {
if (!self::_isAdmin()) throw new NotFoundException();
$this->loadModel('Correlation');
$this->loadModel('Attribute');
$this->loadModel('Attribute');
$fields = array('Attribute.id', 'Attribute.event_id', 'Event.date');
// get all attributes..
$attributes = $this->Attribute->find('all',array('recursive' => 0));
// for all attributes..
foreach ($attributes as $attribute) {
$this->Attribute->setRelatedAttributes($attribute['Attribute'], $fields=array());
// // i want to keep this in repo for a moment
// $relatedAttributes = $this->Attribute->getRelatedAttributes($attribute['Attribute'], $fields);
// if ($relatedAttributes) {
// foreach ($relatedAttributes as $relatedAttribute) {
// // // and store into table
// $this->Correlation->create();
// $this->Correlation->save(array('Correlation' => array(
// '1_event_id' => $attribute['Attribute']['event_id'], '1_attribute_id' => $attribute['Attribute']['id'],
// 'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],
// 'date' => $relatedAttribute['Event']['date'])));
// }
// }
}
}
// for all attributes..
foreach ($attributes as $attribute) {
$this->Attribute->setRelatedAttributes($attribute['Attribute'], $fields = array());
//// i want to keep this in repo for a moment
//$relatedAttributes = $this->Attribute->getRelatedAttributes($attribute['Attribute'], $fields);
//if ($relatedAttributes) {
// foreach ($relatedAttributes as $relatedAttribute) {
// // and store into table
// $this->Correlation->create();
// $this->Correlation->save(array('Correlation' => array(
// '1_event_id' => $attribute['Attribute']['event_id'], '1_attribute_id' => $attribute['Attribute']['id'],
// 'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],
// 'date' => $relatedAttribute['Event']['date'])));
// }
//}
}
}
}

884
app/Controller/AttributesController.php
View File

File diff suppressed because it is too large Load Diff

91
app/Controller/Component/HidsMd5ExportComponent.php
View File

@ -2,68 +2,61 @@
class HidsMd5ExportComponent extends Component {
public $rules = array();
public $rules = array();
public function explain() {
// unshift add in reverse order
array_unshift($this->rules, '# ');
array_unshift($this->rules, '# Keep in mind MD5 is not collision resistant');
array_unshift($this->rules, '# These HIDS export contains MD5 checksums.');
}
function explain() {
// unshift add in reverse order
array_unshift($this->rules, '# ');
array_unshift($this->rules, '# Keep in mind MD5 is not collision resistant');
array_unshift($this->rules, '# These HIDS export contains MD5 checksums.');
}
function suricataRules($items) {
public function suricataRules($items) {
$itemsDone = array();
foreach ($items as &$item) {
foreach ($items as &$item) {
# md5
$rule_format = '%s';
# md5
$rule_format = '%s';
$attribute = &$item['Attribute'];
$attribute = &$item['Attribute'];
switch ($attribute['type']) {
case 'md5':
if (!in_array ($attribute['value1'], $itemsDone)) {
$this->checksumRule($rule_format, $attribute);
$itemsDone[] = $attribute['value1'];
}
break;
case 'filename|md5':
case 'malware-sample':
if (!in_array ($attribute['value2'], $itemsDone)) {
$this->partRule($rule_format, $attribute);
$itemsDone[] = $attribute['value2'];
}
break;
default:
break;
switch ($attribute['type']) {
case 'md5':
if (!in_array ($attribute['value1'], $itemsDone)) {
$this->checksumRule($rule_format, $attribute);
$itemsDone[] = $attribute['value1'];
}
break;
case 'filename|md5':
case 'malware-sample':
if (!in_array ($attribute['value2'], $itemsDone)) {
$this->partRule($rule_format, $attribute);
$itemsDone[] = $attribute['value2'];
}
break;
default:
break;
}
}
}
}
sort($this->rules);
$this->explain();
$this->explain();
return $this->rules;
}
public function checksumRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value1'] // md5
);
}
}
function checksumRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value1'] // md5
);
}
function partRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value2'] // md5
);
}
public function partRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value2'] // md5
);
}
}

89
app/Controller/Component/HidsSha1ExportComponent.php
View File

@ -2,66 +2,61 @@
class HidsSha1ExportComponent extends Component {
public $rules = array();
public $rules = array();
function explain() {
// unshift add in reverse order
array_unshift($this->rules, '# ');
array_unshift($this->rules, '# Keep in mind SHA-1 still has a theoretical collision possibility');
array_unshift($this->rules, '# These HIDS export contains SHA-1 checksums.');
}
function suricataRules($items) {
public function explain() {
// unshift add in reverse order
array_unshift($this->rules, '# ');
array_unshift($this->rules, '# Keep in mind SHA-1 still has a theoretical collision possibility');
array_unshift($this->rules, '# These HIDS export contains SHA-1 checksums.');
}
public function suricataRules($items) {
$itemsDone = array();
foreach ($items as &$item) {
foreach ($items as &$item) {
# sha-1
$rule_format = '%s';
# sha-1
$rule_format = '%s';
$attribute = &$item['Attribute'];
$attribute = &$item['Attribute'];
switch ($attribute['type']) {
case 'sha1':
if (!in_array ($attribute['value1'], $itemsDone)) {
$this->checksumRule($rule_format, $attribute);
$itemsDone[] = $attribute['value1'];
}
break;
case 'filename|sha1':
if (!in_array ($attribute['value2'], $itemsDone)) {
$this->partRule($rule_format, $attribute);
$itemsDone[] = $attribute['value2'];
}
break;
default:
break;
switch ($attribute['type']) {
case 'sha1':
if (!in_array ($attribute['value1'], $itemsDone)) {
$this->checksumRule($rule_format, $attribute);
$itemsDone[] = $attribute['value1'];
}
break;
case 'filename|sha1':
if (!in_array ($attribute['value2'], $itemsDone)) {
$this->partRule($rule_format, $attribute);
$itemsDone[] = $attribute['value2'];
}
break;
default:
break;
}
}
}
}
sort($this->rules);
$this->explain();
$this->explain();
return $this->rules;
}
public function checksumRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value1'] // md5
);
}
}
function checksumRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value1'] // md5
);
}
function partRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value2'] // md5
);
}
public function partRule($rule_format, $attribute) {
$this->rules[] = sprintf($rule_format,
$attribute['value2'] // md5
);
}
}

881
app/Controller/Component/NidsExportComponent.php
View File

@ -2,482 +2,473 @@
class NidsExportComponent extends Component {
public $rules = array();
public $classtype = 'trojan-activity';
public $rules = array();
function explain() {
$this->rules[] = '# These NIDS rules contain some variables that need to exist in your configuration.';
$this->rules[] = '# Make sure you have set:';
$this->rules[] = '#';
$this->rules[] = '# $HOME_NET - Your internal network range';
$this->rules[] = '# $EXTERNAL_NET - The network considered as outside';
$this->rules[] = '# $SMTP_SERVERS - All your internal SMTP servers';
$this->rules[] = '# $HTTP_PORTS - The ports used to contain HTTP traffic (not required with suricata export)';
$this->rules[] = '# ';
}
public $classtype = 'trojan-activity';
function suricataRules($items, $start_sid) {
public function explain() {
$this->rules[] = '# These NIDS rules contain some variables that need to exist in your configuration.';
$this->rules[] = '# Make sure you have set:';
$this->rules[] = '#';
$this->rules[] = '# $HOME_NET - Your internal network range';
$this->rules[] = '# $EXTERNAL_NET - The network considered as outside';
$this->rules[] = '# $SMTP_SERVERS - All your internal SMTP servers';
$this->rules[] = '# $HTTP_PORTS - The ports used to contain HTTP traffic (not required with suricata export)';
$this->rules[] = '# ';
}
public function suricataRules($items, $start_sid) {
$this->whitelist = $this->populateWhitelist();
$this->explain();
$this->explain();
foreach ($items as &$item) {
switch ($item['Event']['risk']) {
case 'Undefined':
$priority = '4';
break;
case 'Low':
$priority = '3';
break;
case 'Medium':
$priority = '2';
break;
case 'High':
$priority = '1';
break;
default:
$priority = '4';
}
foreach ($items as &$item) {
switch ($item['Event']['risk']) {
case 'Undefined':
$priority = '4';
break;
case 'Low':
$priority = '3';
break;
case 'Medium':
$priority = '2';
break;
case 'High':
$priority = '1';
break;
default:
$priority = '4';
}
# proto src_ip src_port direction dst_ip dst_port msg rule_content tag sid rev
$rule_format_msg = 'msg: "CyDefSIG e'.$item['Event']['id'].' %s"';
$rule_format_reference = 'reference:url,'.Configure::read('CyDefSIG.baseurl').'/events/view/'.$item['Event']['id'];
$rule_format = '%salert %s %s %s %s %s %s ('.$rule_format_msg.'; %s %s classtype:'.$this->classtype.'; sid:%d; rev:%d; priority:'.$priority.'; '.$rule_format_reference.';) ';
# proto src_ip src_port direction dst_ip dst_port msg rule_content tag sid rev
$rule_format_msg = 'msg: "CyDefSIG e' . $item['Event']['id'] . ' %s"';
$rule_format_reference = 'reference:url,' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $item['Event']['id'];
$rule_format = '%salert %s %s %s %s %s %s (' . $rule_format_msg . '; %s %s classtype:' . $this->classtype . '; sid:%d; rev:%d; priority:' . $priority . '; ' . $rule_format_reference . ';) ';
$sid = $start_sid+($item['Attribute']['id']*10); // leave 9 possible rules per attribute type
$attribute = &$item['Attribute'];
$sid++;
switch ($attribute['type']) {
// LATER nids - test all the snort attributes
// LATER nids - add the tag keyword in the rules to capture network traffic
// LATER nids - sanitize every $attribute['value'] to not conflict with snort
case 'ip-dst':
$this->ipDstRule($rule_format, $attribute, $sid);
break;
case 'ip-src':
$this->ipSrcRule($rule_format, $attribute, $sid);
break;
case 'email-src':
$this->emailSrcRule($rule_format, $attribute, $sid);
break;
case 'email-dst':
$this->emailDstRule($rule_format, $attribute, $sid);
break;
case 'email-subject':
$this->emailSubjectRule($rule_format, $attribute, $sid);
break;
case 'email-attachment':
$this->emailAttachmentRule($rule_format, $attribute, $sid);
break;
case 'domain':
$this->domainRule($rule_format, $attribute, $sid);
break;
case 'hostname':
$this->hostnameRule($rule_format, $attribute, $sid);
break;
case 'url':
$this->urlRule($rule_format, $attribute, $sid);
break;
case 'user-agent':
$this->userAgentRule($rule_format, $attribute, $sid);
break;
case 'snort':
$this->snortRule($rule_format, $attribute, $sid, $rule_format_msg, $rule_format_reference);
default:
break;
}
}
$sid = $start_sid + ($item['Attribute']['id'] * 10); // leave 9 possible rules per attribute type
$attribute = &$item['Attribute'];
$sid++;
switch ($attribute['type']) {
// LATER nids - test all the snort attributes
// LATER nids - add the tag keyword in the rules to capture network traffic
// LATER nids - sanitize every $attribute['value'] to not conflict with snort
case 'ip-dst':
$this->ipDstRule($rule_format, $attribute, $sid);
break;
case 'ip-src':
$this->ipSrcRule($rule_format, $attribute, $sid);
break;
case 'email-src':
$this->emailSrcRule($rule_format, $attribute, $sid);
break;
case 'email-dst':
$this->emailDstRule($rule_format, $attribute, $sid);
break;
case 'email-subject':
$this->emailSubjectRule($rule_format, $attribute, $sid);
break;
case 'email-attachment':
$this->emailAttachmentRule($rule_format, $attribute, $sid);
break;
case 'domain':
$this->domainRule($rule_format, $attribute, $sid);
break;
case 'hostname':
$this->hostnameRule($rule_format, $attribute, $sid);
break;
case 'url':
$this->urlRule($rule_format, $attribute, $sid);
break;
case 'user-agent':
$this->userAgentRule($rule_format, $attribute, $sid);
break;
case 'snort':
$this->snortRule($rule_format, $attribute, $sid, $rule_format_msg, $rule_format_reference);
default:
break;
}
}
return $this->rules;
}
public function ipDstRule($rule_format, $attribute, &$sid) {
$overruled = in_array($attribute['value'], $this->whitelist);
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'ip', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
$attribute['value'], // dst_ip
'any', // dst_port
'Outgoing To IP: ' . $attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
);
}
}
public function ipSrcRule($rule_format, $attribute, &$sid) {
$overruled = in_array($attribute['value'], $this->whitelist);
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'ip', // proto
$attribute['value'], // src_ip
'any', // src_port
'->', // direction
'$HOME_NET', // dst_ip
'any', // dst_port
'Incoming From IP: ' . $attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
);
}
function ipDstRule($rule_format, $attribute, &$sid) {
$overruled = in_array($attribute['value'], $this->whitelist);
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'ip', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
$attribute['value'], // dst_ip
'any', // dst_port
'Outgoing To IP: '.$attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
);
public function emailSrcRule($rule_format, $attribute, &$sid) {
$content = 'flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Source Email Address: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
}
public function emailDstRule($rule_format, $attribute, &$sid) {
$content = 'flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Destination Email Address: ' . $attribute['value'],// msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function ipSrcRule($rule_format, $attribute, &$sid) {
$overruled = in_array($attribute['value'], $this->whitelist);
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'ip', // proto
$attribute['value'], // src_ip
'any', // src_port
'->', // direction
'$HOME_NET', // dst_ip
'any', // dst_port
'Incoming From IP: '.$attribute['value'], // msg
'', // rule_content
'', // tag
$sid, // sid
1 // rev
);
}
public function emailSubjectRule($rule_format, $attribute, &$sid) {
// LATER nids - email-subject rule might not match because of line-wrapping
$content = 'flow:established,to_server; content:"Subject|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Bad Email Subject', // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function emailSrcRule($rule_format, $attribute, &$sid) {
$content = 'flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"'.$attribute['value'].'"; nocase;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Source Email Address: '.$attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
public function emailAttachmentRule($rule_format, $attribute, &$sid) {
// LATER nids - email-attachment rule might not match because of line-wrapping
$content = 'flow:established,to_server; content:"Content-Disposition: attachment|3b| filename=|22|"; content:"' . $attribute['value'] . '|22|";';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Bad Email Attachment', // msg
$content, // rule_content // LATER nids - test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function emailDstRule($rule_format, $attribute, &$sid) {
$content = 'flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"'.$attribute['value'].'"; nocase;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Destination Email Address: '.$attribute['value'],// msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function emailSubjectRule($rule_format, $attribute, &$sid) {
// LATER nids - email-subject rule might not match because of line-wrapping
$content = 'flow:established,to_server; content:"Subject|3a|"; nocase; content:"'.$attribute['value'].'"; nocase;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Bad Email Subject', // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function emailAttachmentRule($rule_format, $attribute, &$sid) {
// LATER nids - email-attachment rule might not match because of line-wrapping
$content = 'flow:established,to_server; content:"Content-Disposition: attachment|3b| filename=|22|"; content:"'.$attribute['value'].'|22|";';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'$EXTERNAL_NET', // src_ip
'any', // src_port
'<>', // direction
'$SMTP_SERVERS', // dst_ip
'25', // dst_port
'Bad Email Attachment', // msg
$content, // rule_content // LATER nids - test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function hostnameRule($rule_format, $attribute, &$sid) {
$overruled = $this->checkNames($attribute['value']);
$content = 'content:"'.$this->dnsNameToRawFormat($attribute['value'], 'hostname').'"; nocase;';
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: '.$attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: '.$attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
// also do http requests
// warning: only suricata compatible
$content = 'flow:to_server,established; content: "Host: '.$attribute['value'].'"; nocase; http_header; pcre: "/[^A-Za-z0-9-]'.preg_quote($attribute['value']).'[^A-Za-z0-9-]/";';
$this->rules[] = sprintf($rule_format,
public function hostnameRule($rule_format, $attribute, &$sid) {
$overruled = $this->checkNames($attribute['value']);
$content = 'content:"' . $this->dnsNameToRawFormat($attribute['value'], 'hostname') . '"; nocase;';
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
// also do http requests
// warning: only suricata compatible
$content = 'flow:to_server,established; content: "Host: ' . $attribute['value'] . '"; nocase; http_header; pcre: "/[^A-Za-z0-9-]' . preg_quote($attribute['value']) . '[^A-Za-z0-9-]/";';
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'Outgoing HTTP Hostname: '.$attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'Outgoing HTTP Hostname: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function domainRule($rule_format, $attribute, &$sid) {
$overruled = $this->checkNames($attribute['value']);
$content = 'content:"'.$this->dnsNameToRawFormat($attribute['value']).'"; nocase;';
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: '.$attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: '.$attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
// also do http requests,
// warning: only suricata compatible
$content = 'flow:to_server,established; content: "Host:"; nocase; http_header; content:"'.$attribute['value'].'"; nocase; http_header; pcre: "/[^A-Za-z0-9-]'.preg_quote($attribute['value']).'[^A-Za-z0-9-]/";';
$this->rules[] = sprintf($rule_format,
public function domainRule($rule_format, $attribute, &$sid) {
$overruled = $this->checkNames($attribute['value']);
$content = 'content:"' . $this->dnsNameToRawFormat($attribute['value']) . '"; nocase;';
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'udp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'tcp', // proto
'any', // src_ip
'any', // src_port
'->', // direction
'any', // dst_ip
'53', // dst_port
'Domain: ' . $attribute['value'], // msg
$content, // rule_content
'', // tag
$sid, // sid
1 // rev
);
$sid++;
// also do http requests,
// warning: only suricata compatible
$content = 'flow:to_server,established; content: "Host:"; nocase; http_header; content:"' . $attribute['value'] . '"; nocase; http_header; pcre: "/[^A-Za-z0-9-]' . preg_quote($attribute['value']) . '[^A-Za-z0-9-]/";';
$this->rules[] = sprintf($rule_format,
($overruled) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'Outgoing HTTP Domain: '.$attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'Outgoing HTTP Domain: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function urlRule($rule_format, $attribute, &$sid) {
// TODO in hindsight, an url should not be excluded given a host or domain name.
// $hostpart = parse_url($attribute['value'], PHP_URL_HOST);
// $overruled = $this->checkNames($hostpart);
// warning: only suricata compatible
$content = 'flow:to_server,established; content:"'.$attribute['value'].'"; nocase; http_uri;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'Outgoing HTTP URL: '.$attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
public function urlRule($rule_format, $attribute, &$sid) {
// TODO in hindsight, an url should not be excluded given a host or domain name.
//$hostpart = parse_url($attribute['value'], PHP_URL_HOST);
//$overruled = $this->checkNames($hostpart);
// warning: only suricata compatible
$content = 'flow:to_server,established; content:"' . $attribute['value'] . '"; nocase; http_uri;';
$this->rules[] = sprintf($rule_format,
(false) ? '#OVERRULED BY WHITELIST# ' : '',
'http', // proto
'$HOME_NET', // src_ip
'any', // src_port
'->', // direction
'$EXTERNAL_NET', // dst_ip
'any', // dst_port
'Outgoing HTTP URL: ' . $attribute['value'], // msg
$content, // rule_content
'tag:session,600,seconds;', // tag
$sid, // sid
1 // rev
);
}
function userAgentRule($rule_format, $attribute, &$sid) {
// TODO nids - write snort user-agent rule
public function userAgentRule($rule_format, $attribute, &$sid) {
// TODO nids - write snort user-agent rule
}
}
public function snortRule($rule_format, $attribute, &$sid, $rule_format_msg, $rule_format_reference) {
// LATER nids - test using lots of snort rules.
$tmp_rule = $attribute['value'];
function snortRule($rule_format, $attribute, &$sid, $rule_format_msg, $rule_format_reference) {
// LATER nids - test using lots of snort rules.
$tmp_rule = $attribute['value'];
// rebuild the rule by overwriting the different keywords using preg_replace()
// sid - '/sid\s*:\s*[0-9]+\s*;/'
// rev - '/rev\s*:\s*[0-9]+\s*;/'
// classtype - '/classtype:[a-zA-Z_-]+;/'
// msg - '/msg\s*:\s*".*?"\s*;/'
// reference - '/reference\s*:\s*.+?;/'
// tag - '/tag\s*:\s*.+?;/'
$replace_count = array();
$tmp_rule = preg_replace('/sid\s*:\s*[0-9]+\s*;/', 'sid:' . $sid . ';', $tmp_rule, -1, $replace_count['sid']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/rev\s*:\s*[0-9]+\s*;/', 'rev:1;', $tmp_rule, -1, $replace_count['rev']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/classtype:[a-zA-Z_-]+;/', 'classtype:' . $this->classtype . ';', $tmp_rule, -1, $replace_count['classtype']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_message = sprintf($rule_format_msg, 'snort-rule');
$tmp_rule = preg_replace('/msg\s*:\s*".*?"\s*;/', $tmp_message . ';', $tmp_rule, -1, $replace_count['msg']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/reference\s*:\s*.+?;/', $rule_format_reference . ';', $tmp_rule, -1, $replace_count['reference']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/reference\s*:\s*.+?;/', $rule_format_reference . ';', $tmp_rule, -1, $replace_count['reference']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
// FIXME nids - implement priority overwriting
// rebuild the rule by overwriting the different keywords using preg_replace()
// sid - '/sid\s*:\s*[0-9]+\s*;/'
// rev - '/rev\s*:\s*[0-9]+\s*;/'
// classtype - '/classtype:[a-zA-Z_-]+;/'
// msg - '/msg\s*:\s*".*?"\s*;/'
// reference - '/reference\s*:\s*.+?;/'
// tag - '/tag\s*:\s*.+?;/'
$replace_count=array();
$tmp_rule = preg_replace('/sid\s*:\s*[0-9]+\s*;/', 'sid:'.$sid.';', $tmp_rule, -1, $replace_count['sid']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/rev\s*:\s*[0-9]+\s*;/', 'rev:1;', $tmp_rule, -1, $replace_count['rev']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/classtype:[a-zA-Z_-]+;/', 'classtype:'.$this->classtype.';', $tmp_rule, -1, $replace_count['classtype']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_message = sprintf($rule_format_msg, 'snort-rule');
$tmp_rule = preg_replace('/msg\s*:\s*".*?"\s*;/', $tmp_message.';', $tmp_rule, -1, $replace_count['msg']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/reference\s*:\s*.+?;/', $rule_format_reference.';', $tmp_rule, -1, $replace_count['reference']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
$tmp_rule = preg_replace('/reference\s*:\s*.+?;/', $rule_format_reference.';', $tmp_rule, -1, $replace_count['reference']);
if (null == $tmp_rule ) break; // don't output the rule on error with the regex
// FIXME nids - implement priority overwriting
// some values were not replaced, so we need to add them ourselves, and insert them in the rule
$extra_for_rule = "";
if (0 == $replace_count['sid']) {
$extra_for_rule .= 'sid:' . $sid . ';';
} if (0 == $replace_count['rev']) {
$extra_for_rule .= 'rev:1;';
} if (0 == $replace_count['classtype']) {
$extra_for_rule .= 'classtype:' . $this->classtype . ';';
} if (0 == $replace_count['msg']) {
$extra_for_rule .= $tmp_message . ';';
} if (0 == $replace_count['reference']) {
$extra_for_rule .= $rule_format_reference . ';';
}
$tmp_rule = preg_replace('/;\s*\)/', '; ' . $extra_for_rule . ')', $tmp_rule);
// some values were not replaced, so we need to add them ourselves, and insert them in the rule
$extra_for_rule="";
if (0 == $replace_count['sid']) {
$extra_for_rule .= 'sid:'.$sid.';';
} if (0 == $replace_count['rev']) {
$extra_for_rule .= 'rev:1;';
} if (0 == $replace_count['classtype']) {
$extra_for_rule .= 'classtype:'.$this->classtype.';';
} if (0 == $replace_count['msg']) {
$extra_for_rule .= $tmp_message.';';
} if (0 == $replace_count['reference']) {
$extra_for_rule .= $rule_format_reference.';';
}
$tmp_rule = preg_replace('/;\s*\)/', '; '.$extra_for_rule.')', $tmp_rule);
// finally the rule is cleaned up and can be outputed
$this->rules[] = $tmp_rule;
}
// finally the rule is cleaned up and can be outputed
$this->rules[] = $tmp_rule;
/**
* Converts a DNS name to a raw format usable in NIDS like Snort.
* example host: foobar.com becomes |00||06|foobar|03|com|00|
* example domain: foobar.com becomes |06|foobar|03|com|00|
* @param string $name dns name to be converted
* @param string $type the type of dns name - domain (default) or hostname
* @return string raw snort compatible format of the dns name
*/
public function dnsNameToRawFormat($name, $type='domain') {
$rawName = "";
if ('hostname' == $type) $rawName = '|00|';
// explode using the dot
$explodedNames = explode('.', $name);
// for each part
foreach ($explodedNames as &$explodedName) {
// count the lenght of the part, and add |length| before
$length = strlen($explodedName);
if ($length > 255) exit('ERROR: dns name is to long for RFC'); // LATER log correctly without dying
$hexLength = dechex($length);
if (1 == strlen($hexLength)) $hexLength = '0' . $hexLength;
$rawName .= '|' . $hexLength . '|' . $explodedName;
}
// put all together
$rawName .= '|00|';
// and append |00| to terminate the name
return $rawName;
}
/**
* Converts a DNS name to a MS DNS log format.
* Practical usage is to use these strings to search in logfiles
* example: foobar.com becomes (6)foobar(3)com(0)
* @param string $name dns name to be converted
* @return string raw snort compatible format of the dns name
*/
public function dnsNameToMSDNSLogFormat($name) {
$rawName = "";
// in MS DNS log format we can't use (0) to distinguish between hostname and domain (including subdomains)
// explode using the dot
$explodedNames = explode('.', $name);
// for each part
foreach ($explodedNames as &$explodedName) {
// count the lenght of the part, and add |length| before
$length = strlen($explodedName);
if ($length > 255) exit('ERROR: dns name is to long for RFC'); // LATER log correctly without dying
$hexLength = dechex($length);
$rawName .= '(' . $hexLength . ')' . $explodedName;
}
// put all together
$rawName .= '(0)';
// and append |00| to terminate the name
return $rawName;
}
}
public $whitelist = array();
/**
* Converts a DNS name to a raw format usable in NIDS like Snort.
* example host: foobar.com becomes |00||06|foobar|03|com|00|
* example domain: foobar.com becomes |06|foobar|03|com|00|
* @param string $name dns name to be converted
* @param string $type the type of dns name - domain (default) or hostname
* @return string raw snort compatible format of the dns name
*/
function dnsNameToRawFormat($name, $type='domain') {
$rawName = "";
if ('hostname' == $type) $rawName = '|00|';
// explode using the dot
$explodedNames = explode('.', $name);
// for each part
foreach ($explodedNames as &$explodedName) {
// count the lenght of the part, and add |length| before
$length = strlen($explodedName);
if ($length > 255) exit('ERROR: dns name is to long for RFC'); // LATER log correctly without dying
$hexLength = dechex($length);
if (1 == strlen($hexLength)) $hexLength = '0'.$hexLength;
$rawName .= '|'.$hexLength.'|'.$explodedName;
}
// put all together
$rawName .= '|00|';
// and append |00| to terminate the name
return $rawName;
}
public function populateWhitelist() {
$whitelistCheck = array();
/**
* Converts a DNS name to a MS DNS log format.
* Practical usage is to use these strings to search in logfiles
* example: foobar.com becomes (6)foobar(3)com(0)
* @param string $name dns name to be converted
* @return string raw snort compatible format of the dns name
*/
function dnsNameToMSDNSLogFormat($name) {
$rawName = "";
// in MS DNS log format we can't use (0) to distinguish between hostname and domain (including subdomains)
// explode using the dot
$explodedNames = explode('.', $name);
// for each part
foreach ($explodedNames as &$explodedName) {
// count the lenght of the part, and add |length| before
$length = strlen($explodedName);
if ($length > 255) exit('ERROR: dns name is to long for RFC'); // LATER log correctly without dying
$hexLength = dechex($length);
$rawName .= '('.$hexLength.')'.$explodedName;
}
// put all together
$rawName .= '(0)';
// and append |00| to terminate the name
return $rawName;
}
public $whitelist = array();
function populateWhitelist() {
$whitelistCheck = array();
$this->Whitelist = ClassRegistry::init('Whitelist');
$whitelist = $this->Whitelist->find('all', array('recursive' => 0,'fields' => 'name'));
// loop through whitelist table,
foreach ($whitelist as $whitelistItem) {
$ipl = array();
$ipl = $this->nametoipl($whitelistItem['Whitelist']['name']);
$whitelistCheck = array_merge($whitelistCheck,$ipl);
if (count($ipl) > 0 && $whitelistItem != $ipl[0]) {
$dummyArray = array();
$dummyArray[] = $whitelistItem['Whitelist']['name'];
$whitelistCheck = array_merge($whitelistCheck,$dummyArray);
}
}
return $whitelistCheck;
}
function nametoipl($name) {
if (!$ips = gethostbynamel($name)) $ips = array();
return $ips;
}
function checkNames($name) {
$ipl = $this->nametoipl($name);
$ipl[] = $name;
$overruled = false;
foreach ($ipl as $ip) {
$overruled = in_array($ip, $this->whitelist);
if ($overruled) break;
}
return $overruled;
}
$whitelist = $this->Whitelist->find('all', array('recursive' => 0,'fields' => 'name'));
// loop through whitelist table,
foreach ($whitelist as $whitelistItem) {
$ipl = array();
$ipl = $this->nametoipl($whitelistItem['Whitelist']['name']);
$whitelistCheck = array_merge($whitelistCheck,$ipl);
if (count($ipl) > 0 && $whitelistItem != $ipl[0]) {
$dummyArray = array();
$dummyArray[] = $whitelistItem['Whitelist']['name'];
$whitelistCheck = array_merge($whitelistCheck,$dummyArray);
}
}
return $whitelistCheck;
}
public function nametoipl($name) {
if (!$ips = gethostbynamel($name)) $ips = array();
return $ips;
}
public function checkNames($name) {
$ipl = $this->nametoipl($name);
$ipl[] = $name;
$overruled = false;
foreach ($ipl as $ip) {
$overruled = in_array($ip, $this->whitelist);
if ($overruled) break;
}
return $overruled;
}
}

86
app/Controller/Component/SecureAuthComponent.php
View File

@ -4,49 +4,49 @@ App::uses('AuthComponent', 'Controller/Component');
class SecureAuthComponent extends AuthComponent {
/**
* Log a user in using anti-brute-force protection.
* If a $user is provided that data will be stored as the logged in user. If `$user` is empty or not
* specified, the request will be used to identify a user. If the identification was successful,
* the user record is written to the session key specified in AuthComponent::$sessionKey. Logging in
* will also change the session id in order to help mitigate session replays.
*
* @param mixed $user Either an array of user data, or null to identify a user using the current request.
* @return boolean True on login success, false on failure
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
* @throws ForbiddenException
*/
public function login($user = null) {
$this->_setDefaults();
/**
* Log a user in using anti-brute-force protection.
* If a $user is provided that data will be stored as the logged in user. If `$user` is empty or not
* specified, the request will be used to identify a user. If the identification was successful,
* the user record is written to the session key specified in AuthComponent::$sessionKey. Logging in
* will also change the session id in order to help mitigate session replays.
*
* @param mixed $user Either an array of user data, or null to identify a user using the current request.
* @return boolean True on login success, false on failure
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
*/
public function login($user = null) {
$this->_setDefaults();
if (empty($user)) {
$this->Bruteforce = ClassRegistry::init('Bruteforce');
// do the anti-bruteforce checks
$username_field = $this->authenticate['Form']['fields']['username'];
if (isset($this->request->data['User'][$username_field])) {
$username = $this->request->data['User'][$username_field];
if (!$this->Bruteforce->isBlacklisted($_SERVER['REMOTE_ADDR'], $username)) {
// user - ip combination is not blacklisted
// check if the user credentials are valid
$user = $this->identify($this->request, $this->response);
if ($user === false) {
// insert row in Bruteforce table
$this->Bruteforce->insert($_SERVER['REMOTE_ADDR'], $username);
// do nothing as user is not logged in
}
} else {
// user - ip combination has reached the amount of maximum attempts in the timeframe
throw new ForbiddenException('You have reached the maximum number of login attempts. Please wait '.Configure::read('SecureAuth.expire').' seconds and try again.');
}
} else {
// user didn't fill in all the form fields, nothing to do
}
}
if ($user) {
$this->Session->renew();
$this->Session->write(self::$sessionKey, $user);
}
return $this->loggedIn();
}
if (empty($user)) {
$this->Bruteforce = ClassRegistry::init('Bruteforce');
// do the anti-bruteforce checks
$username_field = $this->authenticate['Form']['fields']['username'];
if (isset($this->request->data['User'][$username_field])) {
$username = $this->request->data['User'][$username_field];
if (!$this->Bruteforce->isBlacklisted($_SERVER['REMOTE_ADDR'], $username)) {
// user - ip combination is not blacklisted
// check if the user credentials are valid
$user = $this->identify($this->request, $this->response);
if ($user === false) {
// insert row in Bruteforce table
$this->Bruteforce->insert($_SERVER['REMOTE_ADDR'], $username);
// do nothing as user is not logged in
}
} else {
// user - ip combination has reached the amount of maximum attempts in the timeframe
throw new ForbiddenException('You have reached the maximum number of login attempts. Please wait ' . Configure::read('SecureAuth.expire') . ' seconds and try again.');
}
} else {
// user didn't fill in all the form fields, nothing to do
}
}
if ($user) {
$this->Session->renew();
$this->Session->write(self::$sessionKey, $user);
}
return $this->loggedIn();
}
}

2141
app/Controller/EventsController.php
View File

File diff suppressed because it is too large Load Diff

342
app/Controller/ServersController.php
View File

@ -9,45 +9,46 @@ App::uses('Xml', 'Utility');
*/
class ServersController extends AppController {
public $components = array('Security' ,'RequestHandler');
public $paginate = array(
'limit' => 60,
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events
'order' => array(
'Server.url' => 'ASC'
)
);
public $components = array('Security' ,'RequestHandler');
public $uses = array('Server', 'Event');
public $paginate = array(
'limit' => 60,
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events
'order' => array(
'Server.url' => 'ASC'
)
);
function beforeFilter() {
parent::beforeFilter();
public $uses = array('Server', 'Event');
// Disable this feature if the sync configuration option is not active
if ('true' != Configure::read('CyDefSIG.sync'))
throw new ConfigureException("The sync feature is not active in the configuration.");
public function beforeFilter() {
parent::beforeFilter();
// permit reuse of CSRF tokens on some pages.
switch ($this->request->params['action']) {
case 'push':
case 'pull':
$this->Security->csrfUseOnce = false;
}
}
// Disable this feature if the sync configuration option is not active
if ('true' != Configure::read('CyDefSIG.sync'))
throw new ConfigureException("The sync feature is not active in the configuration.");
public function isAuthorized($user) {
// Admins can access everything
if (parent::isAuthorized($user)) {
return true;
}
// Only on own servers for these actions
if (in_array($this->action, array('edit', 'delete', 'pull'))) {
$serverid = $this->request->params['pass'][0];
return $this->Server->isOwnedByOrg($serverid, $this->Auth->user('org'));
}
// the other pages are allowed by logged in users
return true;
}
// permit reuse of CSRF tokens on some pages.
switch ($this->request->params['action']) {
case 'push':
case 'pull':
$this->Security->csrfUseOnce = false;
}
}
public function isAuthorized($user) {
// Admins can access everything
if (parent::isAuthorized($user)) {
return true;
}
// Only on own servers for these actions
if (in_array($this->action, array('edit', 'delete', 'pull'))) {
$serverid = $this->request->params['pass'][0];
return $this->Server->isOwnedByOrg($serverid, $this->Auth->user('org'));
}
// the other pages are allowed by logged in users
return true;
}
/**
* index method
@ -57,8 +58,8 @@ class ServersController extends AppController {
public function index() {
$this->Server->recursive = 0;
$this->paginate = array(
'conditions' => array('Server.org' => $this->Auth->user('org')),
$this->paginate = array(
'conditions' => array('Server.org' => $this->Auth->user('org')),
);
$this->set('servers', $this->paginate());
}
@ -88,6 +89,7 @@ class ServersController extends AppController {
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function edit($id = null) {
$this->Server->id = $id;
@ -97,11 +99,11 @@ class ServersController extends AppController {
// only edit own servers verified by isAuthorized
if ($this->request->is('post') || $this->request->is('put')) {
// say what fields are to be updated
$fieldList=array('url', 'push', 'pull', 'organization');
if ("" != $this->request->data['Server']['authkey'])
$fieldList[] = 'authkey';
// Save the data
// say what fields are to be updated
$fieldList = array('url', 'push', 'pull', 'organization');
if ("" != $this->request->data['Server']['authkey'])
$fieldList[] = 'authkey';
// Save the data
if ($this->Server->save($this->request->data, true, $fieldList)) {
$this->Session->setFlash(__('The server has been saved'));
$this->redirect(array('action' => 'index'));
@ -120,6 +122,8 @@ class ServersController extends AppController {
*
* @param string $id
* @return void
* @throws MethodNotAllowedException
* @throws NotFoundException
*/
public function delete($id = null) {
if (!$this->request->is('post')) {
@ -137,155 +141,151 @@ class ServersController extends AppController {
$this->redirect(array('action' => 'index'));
}
public function pull($id = null, $full=false) {
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
public function pull($id = null, $full=false) {
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
}
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
}
App::uses('HttpSocket', 'Network/Http');
$this->Server->read(null, $id);
App::uses('HttpSocket', 'Network/Http');
$this->Server->read(null, $id);
if (false == $this->Server->data['Server']['pull']) {
$this->Session->setFlash(__('Pull setting not enabled for this server.'));
$this->redirect(array('action' => 'index'));
}
if (false == $this->Server->data['Server']['pull']) {
$this->Session->setFlash(__('Pull setting not enabled for this server.'));
$this->redirect(array('action' => 'index'));
}
if ("full" == $full) {
// get a list of the event_ids on the server
$event_ids = $this->Event->getEventIdsFromServer($this->Server->data);
if ("full"==$full) {
// get a list of the event_ids on the server
$event_ids = $this->Event->getEventIdsFromServer($this->Server->data);
$successes = array();
$fails = array();
// download each event
if (null != $event_ids) {
App::import('Controller', 'Events');
$HttpSocket = new HttpSocket();
foreach ($event_ids as &$event_id) {
$event = $this->Event->downloadEventFromServer(
$event_id,
$this->Server->data);
if (null != $event) {
// we have an Event array
$event['Event']['private'] = true;
$event['Event']['info'] .= "\n Imported from " . $this->Server->data['Server']['url'];
$eventsController = new EventsController();
try {
$result = $eventsController->_add($event, $this->Auth, $fromXml = true, $this->Server->data['Server']['organization']);
} catch (MethodNotAllowedException $e) {
if ($e->getMessage() == 'Event already exists') {
//$successes[] = $event_id; // commented given it's in a catch..
continue;
}
}
$successes[] = $event_id; // ..moved, so $successes does keep administration.
//$result = $this->_importEvent($event);
// TODO error handling
} else {
// error
$fails[$event_id] = 'failed';
}
$successes = array();
$fails = array();
// download each event
if (null != $event_ids) {
App::import('Controller', 'Events');
$HttpSocket = new HttpSocket();
foreach ($event_ids as &$event_id) {
$event = $this->Event->downloadEventFromServer(
$event_id,
$this->Server->data);
if (null != $event) {
// we have an Event array
$event['Event']['private'] = true;
$event['Event']['info'] .= "\n Imported from ".$this->Server->data['Server']['url'];
$eventsController = new EventsController();
try {
$result = $eventsController->_add($event, $this->Auth, $fromXml=true, $this->Server->data['Server']['organization']);
} catch (MethodNotAllowedException $e) {
if ($e->getMessage() == 'Event already exists') {
//$successes[] = $event_id; // commented given it's in a catch..
continue;
}
}
$successes[] = $event_id; // ..moved, so $successes does keep administration.
//$result = $this->_importEvent($event);
// TODO error handling
} else {
// error
$fails[$event_id] = 'failed';
}
}
if (count($fails) > 0) {
// there are fails, take the lowest fail
$lastpulledid = min(array_keys($fails));
} else {
// no fails, take the highest success
$lastpulledid = count($successes) > 0 ? max($successes) : 0;
}
// increment lastid based on the highest ID seen
$this->Server->saveField('lastpulledid', $lastpulledid);
}
if (sizeof($fails) > 0) {
// there are fails, take the lowest fail
$lastpulledid = min(array_keys($fails));
} else {
// no fails, take the highest success
$lastpulledid = count($successes) > 0 ? max($successes) : 0;
}
// increment lastid based on the highest ID seen
$this->Server->saveField('lastpulledid', $lastpulledid);
}
}
} else {
// TODO incremental pull
// lastpulledid
throw new NotFoundException('Sorry, this is not yet implemented');
} else {
// TODO incremental pull
// lastpulledid
throw new NotFoundException('Sorry, this is not yet implemented');
// increment lastid based on the highest ID seen
}
// increment lastid based on the highest ID seen
}
$this->set('successes', $successes);
$this->set('fails', $fails);
}
$this->set('successes', $successes);
$this->set('fails', $fails);
}
public function push($id = null, $full=false) {
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
}
App::uses('HttpSocket', 'Network/Http');
$this->Server->read(null, $id);
public function push($id = null, $full=false) {
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
}
if (false == $this->Server->data['Server']['push']) {
$this->Session->setFlash(__('Push setting not enabled for this server.'));
$this->redirect(array('action' => 'index'));
}
App::uses('HttpSocket', 'Network/Http');
$this->Server->read(null, $id);
if ("full" == $full) $lastpushedid = 0;
else $lastpushedid = $this->Server->data['Server']['lastpushedid'];
if (false == $this->Server->data['Server']['push']) {
$this->Session->setFlash(__('Push setting not enabled for this server.'));
$this->redirect(array('action' => 'index'));
}
$find_params = array(
'conditions' => array(
'Event.id >' => $lastpushedid,
'Event.private' => 0,
'Event.published' => 1
), //array of conditions
'recursive' => 1, //int
'fields' => array('Event.*'), //array of field names
);
$events = $this->Event->find('all', $find_params);
if ("full"==$full) $lastpushedid = 0;
else $lastpushedid = $this->Server->data['Server']['lastpushedid'];
$find_params = array(
'conditions' => array(
'Event.id >' => $lastpushedid,
'Event.private' => 0,
'Event.published' =>1
), //array of conditions
'recursive' => 1, //int
'fields' => array('Event.*'), //array of field names
);
$events = $this->Event->find('all', $find_params);
// FIXME now all events are uploaded, even if they exist on the remote server. No merging is done
// FIXME now all events are uploaded, even if they exist on the remote server. No merging is done
$successes = array();
$fails = array();
$lowestfailedid = null;
if (!empty($events)) { // do nothing if there are no events to push
$HttpSocket = new HttpSocket();
$successes = array();
$fails = array();
$lowestfailedid = null;
$this->loadModel('Attribute');
// upload each event separately and keep the results in the $successes and $fails arrays
foreach ($events as &$event) {
$result = $this->Event->uploadEventToServer(
$event,
$this->Server->data,
$HttpSocket);
if (true == $result) {
$successes[] = $event['Event']['id'];
} else {
$fails[$event['Event']['id']] = $result;
}
}
if (sizeof($fails) > 0) {
// there are fails, take the lowest fail
$lastpushedid = min(array_keys($fails));
} else {
// no fails, take the highest success
$lastpushedid = max($successes);
}
// increment lastid based on the highest ID seen
$this->Server->saveField('lastpushedid', $lastpushedid);
}
if (!empty($events)) { // do nothing if there are no events to push
$HttpSocket = new HttpSocket();
$this->set('successes', $successes);
$this->set('fails', $fails);
}
$this->loadModel('Attribute');
// upload each event separately and keep the results in the $successes and $fails arrays
foreach ($events as &$event) {
$result = $this->Event->uploadEventToServer(
$event,
$this->Server->data,
$HttpSocket);
if (true == $result) {
$successes[] = $event['Event']['id'];
} else {
$fails[$event['Event']['id']] = $result;
}
}
if (count($fails) > 0) {
// there are fails, take the lowest fail
$lastpushedid = min(array_keys($fails));
} else {
// no fails, take the highest success
$lastpushedid = max($successes);
}
// increment lastid based on the highest ID seen
$this->Server->saveField('lastpushedid', $lastpushedid);
}
$this->set('successes', $successes);
$this->set('fails', $fails);
}
}

308
app/Controller/UsersController.php
View File

@ -7,51 +7,52 @@ App::uses('AppController', 'Controller');
*/
class UsersController extends AppController {
public $newkey;
public $components = array('Security');
public $paginate = array(
'limit' => 60,
'order' => array(
'User.org' => 'ASC'
)
);
public $newkey;
function beforeFilter() {
parent::beforeFilter();
public $components = array('Security');
// what pages are allowed for non-logged-in users
$this->Auth->allow('login', 'logout');
}
public $paginate = array(
'limit' => 60,
'order' => array(
'User.org' => 'ASC'
)
);
public function isAuthorized($user) {
// Admins can access everything
if (parent::isAuthorized($user)) {
return true;
}
// Do not allow admin routing
if (isset($this->request->params['admin']) && true == $this->request->params['admin'])
return false;
// Only on own user for these actions
if (in_array($this->action, array('view', 'edit', 'delete', 'resetauthkey'))) {
$userid = $this->request->params['pass'][0];
if ("me" == $userid ) return true;
return ($userid === $this->Auth->user('id'));
}
// the other pages are allowed by logged in users
return true;
}
public function beforeFilter() {
parent::beforeFilter();
// what pages are allowed for non-logged-in users
$this->Auth->allow('login', 'logout');
}
public function isAuthorized($user) {
// Admins can access everything
if (parent::isAuthorized($user)) {
return true;
}
// Do not allow admin routing
if (isset($this->request->params['admin']) && true == $this->request->params['admin'])
return false;
// Only on own user for these actions
if (in_array($this->action, array('view', 'edit', 'delete', 'resetauthkey'))) {
$userid = $this->request->params['pass'][0];
if ("me" == $userid ) return true;
return ($userid === $this->Auth->user('id'));
}
// the other pages are allowed by logged in users
return true;
}
/**
* view method
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function view($id = null) {
if ("me" == $id) $id = $this->Auth->user('id');
$this->User->id = $id;
if ("me" == $id) $id = $this->Auth->user('id');
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
@ -59,27 +60,27 @@ class UsersController extends AppController {
$this->set('user', $this->User->read(null, $id));
}
/**
* edit method
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function edit($id = null) {
if ("me" == $id) $id = $this->Auth->user('id');
$this->User->id = $id;
if ("me" == $id) $id = $this->Auth->user('id');
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
// Only own profile verified by isAuthorized
if ($this->request->is('post') || $this->request->is('put')) {
// What fields should be saved (allowed to be saved)
$fieldList=array('email', 'autoalert', 'gpgkey', 'nids_sid' );
if ("" != $this->request->data['User']['password'])
$fieldList[] = 'password';
// Save the data
if ($this->User->save($this->request->data, true ,$fieldList)) {
// What fields should be saved (allowed to be saved)
$fieldList = array('email', 'autoalert', 'gpgkey', 'nids_sid' );
if ("" != $this->request->data['User']['password'])
$fieldList[] = 'password';
// Save the data
if ($this->User->save($this->request->data, true ,$fieldList)) {
$this->Session->setFlash(__('The profile has been updated'));
$this->_refreshAuth();
$this->redirect(array('action' => 'view', $id));
@ -87,12 +88,12 @@ class UsersController extends AppController {
$this->Session->setFlash(__('The profile could not be updated. Please, try again.'));
}
} else {
$this->User->recursive=0;
$this->User->read(null, $id);
$this->User->set('password', '');
$this->User->recursive = 0;
$this->User->read(null, $id);
$this->User->set('password', '');
$this->request->data = $this->User->data;
}
$this->request->data['User']['org']=$this->Auth->user('org');
$this->request->data['User']['org'] = $this->Auth->user('org');
}
/**
@ -100,9 +101,11 @@ class UsersController extends AppController {
*
* @param string $id
* @return void
* @throws MethodNotAllowedException
* @throws NotFoundException
*/
public function delete($id = null) {
if ("me" == $id) $id = $this->Auth->user('id');
if ("me" == $id) $id = $this->Auth->user('id');
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
@ -110,11 +113,11 @@ class UsersController extends AppController {
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
// Replaced by isAuthorized
// // Only own profile
// if ($this->Auth->user('id') != $id) {
// throw new ForbiddenException('You are not authorized to delete this profile.');
// }
//Replaced by isAuthorized
//// Only own profile
//if ($this->Auth->user('id') != $id) {
// throw new ForbiddenException('You are not authorized to delete this profile.');
//}
if ($this->User->delete()) {
$this->Session->setFlash(__('User deleted'));
$this->redirect(array('action' => 'index'));
@ -137,6 +140,7 @@ class UsersController extends AppController {
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function admin_view($id = null) {
$this->User->id = $id;
@ -174,6 +178,7 @@ class UsersController extends AppController {
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function admin_edit($id = null) {
$this->User->id = $id;
@ -195,7 +200,7 @@ class UsersController extends AppController {
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
}
} else {
$this->User->recursive=0;
$this->User->recursive = 0;
$this->User->read(null, $id);
$this->User->set('password', '');
$this->request->data = $this->User->data;
@ -208,6 +213,8 @@ class UsersController extends AppController {
*
* @param string $id
* @return void
* @throws MethodNotAllowedException
* @throws NotFoundException
*/
public function admin_delete($id = null) {
if (!$this->request->is('post')) {
@ -225,137 +232,132 @@ class UsersController extends AppController {
$this->redirect(array('action' => 'index'));
}
public function login() {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
// don't display authError before first login attempt
if (str_replace("//","/",$this->webroot.$this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
$this->Session->delete('Message.auth');
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
// don't display authError before first login attempt
if (str_replace("//","/",$this->webroot . $this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
$this->Session->delete('Message.auth');
}
// don't display "invalid user" before first login attempt
if($this->request->is('post')) $this->Session->setFlash(__('Invalid username or password, try again'));
// don't display "invalid user" before first login attempt
if($this->request->is('post')) $this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
public function routeafterlogin() {
// Terms and Conditions Page
if (!$this->Auth->user('termsaccepted')) {
$this->redirect(array('action' => 'terms'));
}
// Terms and Conditions Page
if (!$this->Auth->user('termsaccepted')) {
$this->redirect(array('action' => 'terms'));
}
// News page
$new_newsdate = new DateTime("2012-03-27");
$newsdate = new DateTime($this->Auth->user('newsread'));
if ($new_newsdate > $newsdate) {
$this->redirect(array('action' => 'news'));
}
// News page
$new_newsdate = new DateTime("2012-03-27");
$newsdate = new DateTime($this->Auth->user('newsread'));
if ($new_newsdate > $newsdate) {
$this->redirect(array('action' => 'news'));
}
// Events list
$this->redirect(array('controller' => 'events', 'action' => 'index'));
// Events list
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
public function logout() {
$this->Session->setFlash('Good-Bye');
$this->redirect($this->Auth->logout());
$this->Session->setFlash('Good-Bye');
$this->redirect($this->Auth->logout());
}
public function resetauthkey($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action'=>'index'));
}
if ('me' == $id ) $id = $this->Auth->user('id');
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action' => 'index'));
}
if ('me' == $id ) $id = $this->Auth->user('id');
// Replaced by isAuthorized
// // only allow reset key for own account, except for admins
// if (!$this->_isAdmin() && $id != $this->Auth->user('id')) {
// throw new ForbiddenException('Not authorized to reset the key for this user');
// }
//Replaced by isAuthorized
//// only allow reset key for own account, except for admins
//if (!$this->_isAdmin() && $id != $this->Auth->user('id')) {
// throw new ForbiddenException('Not authorized to reset the key for this user');
//}
// reset the key
$this->User->id = $id;
$newkey = $this->User->generateAuthKey();
$this->User->saveField('authkey', $newkey);
$this->Session->setFlash(__('New authkey generated.', true));
$this->_refreshAuth();
$this->redirect($this->referer());
// reset the key
$this->User->id = $id;
$newkey = $this->User->generateAuthKey();
$this->User->saveField('authkey', $newkey);
$this->Session->setFlash(__('New authkey generated.', true));
$this->_refreshAuth();
$this->redirect($this->referer());
}
public function memberslist() {
$this->loadModel('Attribute');
$this->loadModel('Event');
$this->loadModel('Attribute');
$this->loadModel('Event');
// Orglist
$fields = array('User.org', 'count(User.id) as `num_members`');
$params = array('recursive' => 0,
'fields' => $fields,
'group' => array('User.org'),
'order' => array('User.org'),
);
$orgs = $this->User->find('all', $params);
$this->set('orgs', $orgs);
// Orglist
$fields = array('User.org', 'count(User.id) as `num_members`');
$params = array('recursive' => 0,
'fields' => $fields,
'group' => array('User.org'),
'order' => array('User.org'),
);
$orgs = $this->User->find('all', $params);
$this->set('orgs', $orgs);
// What org posted what type of attribute
$this->loadModel('Attribute');
$fields = array('Event.org', 'Attribute.type', 'count(Attribute.type) as `num_types`');
$params = array('recursive' => 0,
'fields' => $fields,
'group' => array('Attribute.type', 'Event.org'),
'order' => array('Event.org', 'num_types DESC'),
);
$types_histogram = $this->Attribute->find('all', $params);
$this->set('types_histogram', $types_histogram);
// What org posted what type of attribute
$this->loadModel('Attribute');
$fields = array('Event.org', 'Attribute.type', 'count(Attribute.type) as `num_types`');
$params = array('recursive' => 0,
'fields' => $fields,
'group' => array('Attribute.type', 'Event.org'),
'order' => array('Event.org', 'num_types DESC'),
);
$types_histogram = $this->Attribute->find('all', $params);
$this->set('types_histogram', $types_histogram);
// Nice graphical histogram
$this->loadModel('Attribute');
$sig_types = array_keys($this->Attribute->type_definitions);
// Nice graphical histogram
$this->loadModel('Attribute');
$sig_types = array_keys($this->Attribute->type_definitions);
$graph_fields = '';
foreach ($sig_types as &$sig_type) {
if ($graph_fields != "") $graph_fields .= ", ";
$graph_fields .= "'".$sig_type."'";
}
$this->set('graph_fields', $graph_fields);
$replace = array('-', '|');
$graph_data=array();
$prev_row_org = "";
$i = -1;
foreach ($types_histogram as &$row) {
if ($prev_row_org != $row['Event']['org']) {
$i++; $graph_data[] = "";
$prev_row_org = $row['Event']['org'];
$graph_data[$i] .= "org: '".$row['Event']['org']."'";
}
$graph_data[$i] .= ', '.str_replace($replace, "_", $row['Attribute']['type']).': '.$row[0]['num_types'];
}
$this->set('graph_data', $graph_data);
$graph_fields = '';
foreach ($sig_types as &$sig_type) {
if ($graph_fields != "") $graph_fields .= ", ";
$graph_fields .= "'" . $sig_type . "'";
}
$this->set('graph_fields', $graph_fields);
$replace = array('-', '|');
$graph_data = array();
$prev_row_org = "";
$i = -1;
foreach ($types_histogram as &$row) {
if ($prev_row_org != $row['Event']['org']) {
$i++;
$graph_data[] = "";
$prev_row_org = $row['Event']['org'];
$graph_data[$i] .= "org: '" . $row['Event']['org'] . "'";
}
$graph_data[$i] .= ', ' . str_replace($replace, "_", $row['Attribute']['type']) . ': ' . $row[0]['num_types'];
}
$this->set('graph_data', $graph_data);
}
public function terms() {
if ($this->request->is('post') || $this->request->is('put')) {
$this->User->id = $this->Auth->user('id');
$this->User->saveField('termsaccepted', true);
if ($this->request->is('post') || $this->request->is('put')) {
$this->User->id = $this->Auth->user('id');
$this->User->saveField('termsaccepted', true);
$this->_refreshAuth(); // refresh auth info
$this->Session->setFlash(__('You accepted the Terms and Conditions.'));
$this->redirect(array('action' => 'routeafterlogin'));
}
$this->set('termsaccepted', $this->Auth->user('termsaccepted'));
$this->_refreshAuth(); // refresh auth info
$this->Session->setFlash(__('You accepted the Terms and Conditions.'));
$this->redirect(array('action' => 'routeafterlogin'));
}
$this->set('termsaccepted', $this->Auth->user('termsaccepted'));
}
public function news() {
$this->User->id = $this->Auth->user('id');
$this->User->saveField('newsread', date("Y-m-d"));
$this->_refreshAuth(); // refresh auth info
$this->User->id = $this->Auth->user('id');
$this->User->saveField('newsread', date("Y-m-d"));
$this->_refreshAuth(); // refresh auth info
}
}

5
app/Controller/WhitelistsController.php
View File

@ -7,7 +7,6 @@ App::uses('AppController', 'Controller');
*/
class WhitelistsController extends AppController {
/**
* index method
*
@ -23,6 +22,7 @@ class WhitelistsController extends AppController {
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function admin_view($id = null) {
$this->Whitelist->id = $id;
@ -54,6 +54,7 @@ class WhitelistsController extends AppController {
*
* @param string $id
* @return void
* @throws NotFoundException
*/
public function admin_edit($id = null) {
$this->Whitelist->id = $id;
@ -77,6 +78,8 @@ class WhitelistsController extends AppController {
*
* @param string $id
* @return void
* @throws MethodNotAllowedException
* @throws NotFoundException
*/
public function admin_delete($id = null) {
if (!$this->request->is('post')) {

949
app/Model/Attribute.php
View File

File diff suppressed because it is too large Load Diff

47
app/Model/Bruteforce.php
View File

@ -8,32 +8,27 @@ App::uses('Sanitize', 'Utility');
*/
class Bruteforce extends AppModel {
public function insert($ip, $username) {
$expire = Configure::read('SecureAuth.expire');
// sanitize fields
$ip = Sanitize::clean($ip);
$username = Sanitize::clean($username);
$this->query("INSERT INTO `bruteforces` (`ip` , `username` , `expire` ) VALUES ('$ip', '$username', TIMESTAMPADD(SECOND,$expire, NOW()));");
}
function insert($ip, $username) {
$expire = Configure::read('SecureAuth.expire');
// sanitize fields
$ip = Sanitize::clean($ip);
$username = Sanitize::clean($username);
$this->query("INSERT INTO `bruteforces` (`ip` , `username` , `expire` ) VALUES ('$ip', '$username', TIMESTAMPADD(SECOND,$expire, NOW()));");
}
public function clean() {
$this->query("DELETE FROM `bruteforces` WHERE `expire`<=NOW();");
}
function clean() {
$this->query("DELETE FROM `bruteforces` WHERE `expire`<=NOW();");
}
function isBlacklisted($ip,$username) {
// first remove old expired rows
$this->clean();
// count
$params = array(
'conditions' => array(
'Bruteforce.ip' => $ip,
'Bruteforce.username' => $username
),
);
$count = $this->find('count', $params);
if ($count >= Configure::read('SecureAuth.amount')) return true;
else return false;
}
public function isBlacklisted($ip,$username) {
// first remove old expired rows
$this->clean();
// count
$params = array('conditions' => array(
'Bruteforce.ip' => $ip,
'Bruteforce.username' => $username),);
$count = $this->find('count', $params);
if ($count >= Configure::read('SecureAuth.amount')) return true;
else return false;
}
}

15
app/Model/Dns.php
View File

@ -6,26 +6,27 @@ App::uses('AppModel', 'Model');
* Domain Name System related
*/
class Dns extends AppModel {
var $useTable = false;
public $useTable = false;
/*
* Checks for a valid internet name
* Returns true if Name is an existing Domain Host Name, false otherwise
* TODO should be renamed
*
* @param unknown_type $nametotest The Domain Host Name to check for existence.
*
* @param unknown_type $nametotest The Domain Host Name to check for existence.
* @return boolean
*/
function testipaddress ($nametotest) {
if(intval($nametotest)>0){
public function testipaddress ($nametotest) {
if (intval($nametotest) > 0) {
return true;
} else {
$ipaddress = $nametotest;
$ipaddress = gethostbyname($nametotest);
if ($ipaddress == $nametotest) {
return false;
}
else {
} else {
return true;
}
}

526
app/Model/Event.php
View File

@ -7,22 +7,23 @@ App::uses('AppModel', 'Model');
* @property Attribute $Attribute
*/
class Event extends AppModel {
/**
* Display field
*
* @var string
*/
public $displayField = 'id';
/**
* Description field
*
* @var array
*/
public $field_descriptions = array(
'risk' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels:<br/>low: mass-malware<br/>medium: APT malware<br/>high: sophisticated APT malware or 0-day attack'),
'private' => array('desc' => 'This field tells if the event should be shared with other CyDefSIG servers'),
'classification' => array('desc' => 'Set the Traffic Light Protocol classification. <ol><li><em>TLP:AMBER</em>- Share only within the organization on a need-to-know basis</li><li><em>TLP:GREEN:NeedToKnow</em>- Share within your constituency on the need-to-know basis.</li><li><em>TLP:GREEN</em>- Share within your constituency.</li></ol>')
'classification' => array('desc' => 'Set the Traffic Light Protocol classification. <ol><li><em>TLP:AMBER</em>- Share only within the organization on a need-to-know basis</li><li><em>TLP:GREEN:NeedToKnow</em>- Share within your constituency on the need-to-know basis.</li><li><em>TLP:GREEN</em>- Share within your constituency.</li></ol>')
);
/**
@ -99,24 +100,24 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'private' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'private' => array(
'boolean' => array(
'rule' => array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
// 'classification' => array(
// 'rule' => array('inList', array('TLP:AMBER', 'TLP:GREEN:NeedToKnow', 'TLP:GREEN')),
// //'message' => 'Your custom message here',
// //'allowEmpty' => false,
// 'required' => true,
// //'last' => false, // Stop validation after this rule
// //'on' => 'create', // Limit validation to 'create' or 'update' operations
// ),
//'classification' => array(
// 'rule' => array('inList', array('TLP:AMBER', 'TLP:GREEN:NeedToKnow', 'TLP:GREEN')),
// //'message' => 'Your custom message here',
// //'allowEmpty' => false,
// 'required' => true,
// //'last' => false, // Stop validation after this rule
// //'on' => 'create', // Limit validation to 'create' or 'update' operations
//),
);
//The Associations below have been created with all possible keys, those that are not needed can be removed
@ -127,13 +128,13 @@ class Event extends AppModel {
* @var array
*/
public $belongsTo = array(
// 'Org' => array(
// 'className' => 'Org',
// 'foreignKey' => 'org',
// 'conditions' => '',
// 'fields' => '',
// 'order' => ''
// )
//'Org' => array(
// 'className' => 'Org',
// 'foreignKey' => 'org',
// 'conditions' => '',
// 'fields' => '',
// 'order' => ''
//)
'User' => array(
'className' => 'User',
'foreignKey' => 'user_id',
@ -152,7 +153,7 @@ class Event extends AppModel {
'Attribute' => array(
'className' => 'Attribute',
'foreignKey' => 'event_id',
'dependent' => true, // cascade deletes
'dependent' => true, // cascade deletes
'conditions' => '',
'fields' => '',
'order' => array('Attribute.category ASC', 'Attribute.type ASC'),
@ -164,268 +165,265 @@ class Event extends AppModel {
)
);
function beforeValidate() {
// generate UUID if it doesn't exist
if (empty($this->data['Event']['uuid']))
$this->data['Event']['uuid']= String::uuid();
public function beforeValidate() {
// generate UUID if it doesn't exist
if (empty($this->data['Event']['uuid'])) {
$this->data['Event']['uuid'] = String::uuid();
}
}
public function isOwnedByOrg($eventid, $org) {
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
public function isOwnedByOrg($eventid, $org) {
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
}
function getRelatedEvents() {
// FIXME rewrite this to use the getRelatedAttributes function from the Attributes Model.
// only this way the code will be consistent
public function getRelatedEvents() {
// FIXME rewrite this to use the getRelatedAttributes function from the Attributes Model.
// only this way the code will be consistent
// first get a list of related event_ids
// then do a single query to search for all the events with that id
$relatedEventIds = Array();
foreach ($this->data['Attribute'] as &$attribute ) {
if ($attribute['type'] == 'other')
continue; // sigs of type 'other' should not be matched against the others
$conditions = array('Attribute.value =' => $attribute['value'], 'Attribute.type =' => $attribute['type']);
$similar_attributes = $this->Attribute->find('all',array('conditions' => $conditions));
foreach ($similar_attributes as &$similar_attribute) {
if ($this->id == $similar_attribute['Attribute']['event_id'])
continue; // same as this event, not needed in the list
$relatedEventIds[] = $similar_attribute['Attribute']['event_id'];
}
}
$conditions = array("Event.id" => $relatedEventIds);
$relatedEvents= $this->find('all',
array('conditions' => $conditions,
'recursive' => 0,
'order' => 'Event.date DESC',
'fields' => 'Event.*'
)
);
return $relatedEvents;
// first get a list of related event_ids
// then do a single query to search for all the events with that id
$relatedEventIds = Array();
foreach ($this->data['Attribute'] as &$attribute) {
if ($attribute['type'] == 'other') {
continue; // sigs of type 'other' should not be matched against the others
}
$conditions = array('Attribute.value =' => $attribute['value'], 'Attribute.type =' => $attribute['type']);
$similar_attributes = $this->Attribute->find('all',array('conditions' => $conditions));
foreach ($similar_attributes as &$similar_attribute) {
if ($this->id == $similar_attribute['Attribute']['event_id']) {
continue; // same as this event, not needed in the list
}
$relatedEventIds[] = $similar_attribute['Attribute']['event_id'];
}
}
$conditions = array("Event.id" => $relatedEventIds);
$relatedEvents = $this->find('all',
array('conditions' => $conditions,
'recursive' => 0,
'order' => 'Event.date DESC',
'fields' => 'Event.*'
)
);
return $relatedEvents;
}
/**
* Clean up an Event Array that was received by an XML request.
* The structure needs to be changed a little bit to be compatible with what CakePHP expects
*
* This function receives the reference of the variable, so no return is required as it directly
* modifies the original data.
*
* @param &$data The reference to the variable
*/
public function cleanupEventArrayFromXML(&$data) {
// Workaround for different structure in XML/array than what CakePHP expects
if (is_array($data['Event']['Attribute'])) {
if (is_numeric(implode(array_keys($data['Event']['Attribute']), ''))) {
// normal array of multiple Attributes
$data['Attribute'] = $data['Event']['Attribute'];
} else {
// single attribute
$data['Attribute'][0] = $data['Event']['Attribute'];
}
}
unset($data['Event']['Attribute']);
/**
* Clean up an Event Array that was received by an XML request.
* The structure needs to be changed a little bit to be compatible with what CakePHP expects
*
* This function receives the reference of the variable, so no return is required as it directly
* modifies the original data.
*
* @param &$data The reference to the variable
*/
function cleanupEventArrayFromXML(&$data) {
// Workaround for different structure in XML/array than what CakePHP expects
if (is_array($data['Event']['Attribute'])) {
if (is_numeric(implode(array_keys($data['Event']['Attribute']), ''))) {
// normal array of multiple Attributes
$data['Attribute'] = $data['Event']['Attribute'];
} else {
// single attribute
$data['Attribute'][0] = $data['Event']['Attribute'];
}
}
unset($data['Event']['Attribute']);
return $data;
return $data;
}
/**
* Uploads the event and the associated Attributes to another Server
* TODO move this to a component
*
* @return bool true if success, error message if failed
*/
public function uploadEventToServer($event, $server, $HttpSocket=null) {
if (true == $event['Event']['private']) { // never upload private events
return "Event is private and non exportable";
}
/**
* Uploads the event and the associated Attributes to another Server
* TODO move this to a component
*
* @return bool true if success, error message if failed
*/
function uploadEventToServer($event, $server, $HttpSocket=null) {
if (true ==$event['Event']['private']) // never upload private events
return "Event is private and non exportable";
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url . '/events';
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url.'/events';
// LATER try to do this using a separate EventsController and renderAs() function
$xmlArray = array();
// rearrange things to be compatible with the Xml::fromArray()
$event['Event']['Attribute'] = $event['Attribute'];
unset($event['Attribute']);
// cleanup the array from things we do not want to expose
//unset($event['Event']['org']);
// remove value1 and value2 from the output
foreach($event['Event']['Attribute'] as $key => &$attribute) {
// do not keep attributes that are private
if ($attribute['private']) {
unset($event['Event']['Attribute'][$key]);
continue; // stop processing this
}
// remove value1 and value2 from the output
unset($attribute['value1']);
unset($attribute['value2']);
// also add the encoded attachment
if ($this->Attribute->typeIsAttachment($attribute['type'])) {
$encoded_file = $this->Attribute->base64EncodeAttachment($attribute);
$attribute['data'] = $encoded_file;
}
}
// LATER try to do this using a separate EventsController and renderAs() function
$xmlArray = array();
// rearrange things to be compatible with the Xml::fromArray()
$event['Event']['Attribute'] = $event['Attribute'];
unset($event['Attribute']);
// display the XML to the user
$xmlArray['Event'][] = $event['Event'];
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
$eventsXml = $xmlObject->asXML();
// do a REST POST request with the server
$data = $eventsXml;
// LATER validate HTTPS SSL certificate
$this->Dns = ClassRegistry::init('Dns');
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
// TODO NETWORK for now do not know how to catch the following..
// TODO NETWORK No route to host
$response = $HttpSocket->post($uri, $data, $request);
if ($response->code == '200') { // 200 (OK) + entity-action-result
if ($response->isOk()) {
return true;
}
else {
try {
// parse the XML response and keep the reason why it failed
$xml_array = Xml::toArray(Xml::build($response->body));
// cleanup the array from things we do not want to expose
//unset($event['Event']['org']);
// remove value1 and value2 from the output
foreach ($event['Event']['Attribute'] as $key => &$attribute) {
// do not keep attributes that are private
if ($attribute['private']) {
unset($event['Event']['Attribute'][$key]);
continue; // stop processing this
}
// remove value1 and value2 from the output
unset($attribute['value1']);
unset($attribute['value2']);
// also add the encoded attachment
if ($this->Attribute->typeIsAttachment($attribute['type'])) {
$encoded_file = $this->Attribute->base64EncodeAttachment($attribute);
$attribute['data'] = $encoded_file;
}
}
// display the XML to the user
$xmlArray['Event'][] = $event['Event'];
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
$eventsXml = $xmlObject->asXML();
// do a REST POST request with the server
$data = $eventsXml;
// LATER validate HTTPS SSL certificate
$this->Dns = ClassRegistry::init('Dns');
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
// TODO NETWORK for now do not know how to catch the following..
// TODO NETWORK No route to host
$response = $HttpSocket->post($uri, $data, $request);
if ($response->code == '200') { // 200 (OK) + entity-action-result
if ($response->isOk()) {
return true;
} else {
try {
// parse the XML response and keep the reason why it failed
$xml_array = Xml::toArray(Xml::build($response->body));
} catch (XmlException $e) {
return true;
return true;
}
if (strpos($xml_array['response']['name'],"Event already exists")) { // strpos, so i can piggyback some value if needed.
return true;
} else {
return $xml_array['response']['name'];
}
}
}
}
return true;
} else {
return $xml_array['response']['name'];
}
}
}
}
}
/**
* Deletes the event and the associated Attributes from another Server
* TODO move this to a component
*
* @return bool true if success, error message if failed
*/
function deleteEventFromServer($uuid, $server, $HttpSocket=null) {
/**
* Deletes the event and the associated Attributes from another Server
* TODO move this to a component
*
* @return bool true if success, error message if failed
*/
public function deleteEventFromServer($uuid, $server, $HttpSocket=null) {
// TODO private and delete(?)
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url.'/events/0?uuid='.$uuid;
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url . '/events/0?uuid=' . $uuid;
// LATER validate HTTPS SSL certificate
$this->Dns = ClassRegistry::init('Dns');
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
// TODO NETWORK for now do not know how to catch the following..
// TODO NETWORK No route to host
$response = $HttpSocket->delete($uri, array(), $request);
// TODO REST, DELETE, some responce needed
}
// LATER validate HTTPS SSL certificate
$this->Dns = ClassRegistry::init('Dns');
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
// TODO NETWORK for now do not know how to catch the following..
// TODO NETWORK No route to host
$response = $HttpSocket->delete($uri, array(), $request);
// TODO REST, DELETE, some responce needed
}
}
/**
* Download a specific event from a Server
* TODO move this to a component
* @return array|NULL
*/
function downloadEventFromServer($event_id, $server, $HttpSocket=null) {
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url.'/events/'.$event_id;
// LATER validate HTTPS SSL certificate
$response = $HttpSocket->get($uri, $data='', $request);
if ($response->isOk()) {
$xml_array = Xml::toArray(Xml::build($response->body));
return $xml_array['response'];
}
else {
// TODO parse the XML response and keep the reason why it failed
return null;
}
/**
* Download a specific event from a Server
* TODO move this to a component
* @return array|NULL
*/
public function downloadEventFromServer($event_id, $server, $HttpSocket=null) {
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url . '/events/' . $event_id;
// LATER validate HTTPS SSL certificate
$response = $HttpSocket->get($uri, $data = '', $request);
if ($response->isOk()) {
$xml_array = Xml::toArray(Xml::build($response->body));
return $xml_array['response'];
} else {
// TODO parse the XML response and keep the reason why it failed
return null;
}
}
/**
* Get an array of event_ids that are present on the remote server
* TODO move this to a component
* @return array of event_ids
*/
function getEventIdsFromServer($server, $HttpSocket=null) {
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url.'/events/index/sort:id/direction:desc/limit:999'; // LATER verify if events are missing because we only selected the last 999
$this->Dns = ClassRegistry::init('Dns');
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
$response = $HttpSocket->get($uri, $data='', $request);
if ($response->isOk()) {
$xml = Xml::build($response->body);
$eventArray = Xml::toArray($xml);
$event_ids=array();
foreach ($eventArray['response']['Event'] as &$event) {
if (1 != $event['published']) continue; // do not keep non-published events
$event_ids[] = $event['id'];
}
return $event_ids;
}
}
// error, so return null
return null;
/**
* Get an array of event_ids that are present on the remote server
* TODO move this to a component
* @return array of event_ids
*/
public function getEventIdsFromServer($server, $HttpSocket=null) {
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
if (null == $HttpSocket) {
App::uses('HttpSocket', 'Network/Http');
$HttpSocket = new HttpSocket();
}
$request = array(
'header' => array(
'Authorization' => $authkey,
'Accept' => 'application/xml',
'Content-Type' => 'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri = $url . '/events/index/sort:id/direction:desc/limit:999'; // LATER verify if events are missing because we only selected the last 999
$this->Dns = ClassRegistry::init('Dns');
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
$response = $HttpSocket->get($uri, $data = '', $request);
if ($response->isOk()) {
$xml = Xml::build($response->body);
$eventArray = Xml::toArray($xml);
$event_ids = array();
foreach ($eventArray['response']['Event'] as &$event) {
if (1 != $event['published']) {
continue; // do not keep non-published events
}
$event_ids[] = $event['id'];
}
return $event_ids;
}
}
// error, so return null
return null;
}
}

30
app/Model/Server.php
View File

@ -5,12 +5,14 @@ App::uses('AppModel', 'Model');
*
*/
class Server extends AppModel {
/**
* Display field
*
* @var string
*/
public $displayField = 'url';
/**
* Validation rules
*
@ -25,7 +27,7 @@ class Server extends AppModel {
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
)
),
'authkey' => array(
'notempty' => array(
@ -77,21 +79,19 @@ class Server extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'lastpulledid' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'lastpulledid' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
'allowEmpty' => true,
'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
);
public function isOwnedByOrg($serverid, $org) {
return $this->field('id', array('id' => $serverid, 'org' => $org)) === $serverid;
public function isOwnedByOrg($serverid, $org) {
return $this->field('id', array('id' => $serverid, 'org' => $org)) === $serverid;
}
}
}

150
app/Model/User.php
View File

@ -9,12 +9,14 @@ App::uses('AuthComponent', 'Controller/Component');
* @property Event $Event
*/
class User extends AppModel {
/**
* Display field
*
* @var string
*/
public $displayField = 'email';
/**
* Validation rules
*
@ -40,8 +42,8 @@ class User extends AppModel {
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'complexity' => array(
'rule' => array('complexPassword'),
'complexity' => array(
'rule' => array('complexPassword'),
'message' => 'The password must contain at least one upper-case, one lower-case, one (digits or special character).',
//'allowEmpty' => false,
//'required' => true,
@ -49,12 +51,12 @@ class User extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'identical' => array(
'rule' => array('identicalFieldValues', 'confirm_password'),
'message' => 'Please re-enter your password twice so that the values match.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
'rule' => array('identicalFieldValues', 'confirm_password'),
'message' => 'Please re-enter your password twice so that the values match.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'org' => array(
@ -77,8 +79,8 @@ class User extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'An account with this email address already exists.'
'rule' => 'isUnique',
'message' => 'An account with this email address already exists.'
),
),
'autoalert' => array(
@ -180,84 +182,80 @@ class User extends AppModel {
'counterQuery' => ''
)
);
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
/**
* Checks if the GPG key is a valid key
* But also import it in the keychain.
*/
public function validateGpgkey($check) {
// LATER first remove the old gpgkey from the keychain
/**
* Checks if the GPG key is a valid key
* But also import it in the keychain.
*/
function validateGpgkey($check) {
// LATER first remove the old gpgkey from the keychain
// empty value
if (empty($check['gpgkey'])) {
return true;
}
// empty value
if (empty($check['gpgkey']))
return true;
// key is entered
require_once 'Crypt/GPG.php';
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
try {
$key_import_output = $gpg->importKey($check['gpgkey']);
if (!empty($key_import_output['fingerprint'])) {
return true;
}
} catch (Exception $e) {
debug($e);
return false;
}
// key is entered
require_once 'Crypt/GPG.php';
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
try {
$key_import_output = $gpg->importKey($check['gpgkey']);
if (!empty($key_import_output['fingerprint'])) {
return true;
}
} catch (Exception $e) {
debug($e);
return false;
}
}
function complexPassword($check) {
/*
6 characters minimum
1 or more upper-case letters
1 or more lower-case letters
1 or more digits or special characters
example: "EasyPeasy34"
*/
$value = array_values($check);
$value = $value[0];
return preg_match('/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $value);
public function complexPassword($check) {
/*
6 characters minimum
1 or more upper-case letters
1 or more lower-case letters
1 or more digits or special characters
example: "EasyPeasy34"
*/
$value = array_values($check);
$value = $value[0];
return preg_match('/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $value);
}
function identicalFieldValues( $field=array(), $compare_field=null )
{
foreach( $field as $key => $value ){
$v1 = $value;
$v2 = $this->data[$this->name][ $compare_field ];
if($v1 !== $v2) {
return FALSE;
} else {
continue;
}
}
return TRUE;
public function identicalFieldValues($field=array(), $compare_field=null) {
foreach ($field as $key => $value) {
$v1 = $value;
$v2 = $this->data[$this->name][$compare_field];
if ($v1 !== $v2) {
return false;
} else {
continue;
}
}
return true;
}
/**
* Generates an authentication key for each user
*/
function generateAuthKey() {
//$key = sha1(mt_rand(30, 30).time());
$length = 40;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$char_len = strlen($characters)-1;
$key = '';
for ($p = 0; $p < $length; $p++) {
$key .= $characters[rand(0, $char_len)];
}
/**
* Generates an authentication key for each user
*/
public function generateAuthKey() {
//$key = sha1(mt_rand(30, 30).time());
$length = 40;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$char_len = strlen($characters) - 1;
$key = '';
for ($p = 0; $p < $length; $p++) {
$key .= $characters[rand(0, $char_len)];
}
return $key;
return $key;
}
}

82
app/Model/Whitelist.php
View File

@ -5,18 +5,21 @@ App::uses('AppModel', 'Model');
*
*/
class Whitelist extends AppModel {
/**
* Use table
*
* @var mixed False or table name
*/
public $useTable = 'whitelist';
/**
* Display field
*
* @var string
*/
public $displayField = 'name';
/**
* Validation rules
*
@ -41,53 +44,52 @@ class Whitelist extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'unique' => array(
'rule' => 'isUnique', //array('valueIsUnique'),
'message' => 'A similar name already exists.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
'rule' => 'isUnique', //array('valueIsUnique'),
'message' => 'A similar name already exists.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
);
function validateValue ($fields) {
$value = $fields['name'];
public function validateValue ($fields) {
$value = $fields['name'];
// check data validation
// host domainname maybe..
if(preg_match("#^[A-Z0-9.-]+\.[A-Z]{2,4}$#i", $value))
return true;
// IP maybe..
$parts = explode("/", $value);
// [0] = the ip
// [1] = the network address
if (count($parts) <= 2 ) {
// ipv4 and ipv6 matching
if (filter_var($parts[0],FILTER_VALIDATE_IP)) {
// ip is validated, now check if we have a valid network mask
if (empty($parts[1]))
return true;
else if(is_numeric($parts[1]) && $parts[1] < 129)
return true;
}
}
return false;
// check data validation
// host domainname maybe..
if(preg_match("#^[A-Z0-9.-]+\.[A-Z]{2,4}$#i", $value))
return true;
// IP maybe..
$parts = explode("/", $value);
// [0] = the ip
// [1] = the network address
if (count($parts) <= 2 ) {
// ipv4 and ipv6 matching
if (filter_var($parts[0],FILTER_VALIDATE_IP)) {
// ip is validated, now check if we have a valid network mask
if (empty($parts[1]))
return true;
else if(is_numeric($parts[1]) && $parts[1] < 129)
return true;
}
}
return false;
}
function valueIsUnique ($fields) {
$value = $fields['name'];
$whitelist = $this->find('all', array('recursive' => 0,'fields' => 'name'));
foreach ($whitelist as $whitelistItem) {
if ($value == $whitelistItem['Whitelist']['name']) {
return false;
}
}
public function valueIsUnique ($fields) {
$value = $fields['name'];
return true;
$whitelist = $this->find('all', array('recursive' => 0,'fields' => 'name'));
foreach ($whitelist as $whitelistItem) {
if ($value == $whitelistItem['Whitelist']['name']) {
return false;
}
}
return true;
}
}

88
app/View/Attributes/add.ctp
View File

@ -3,47 +3,47 @@
<?php echo $this->Form->create('Attribute');?>
<fieldset>
<legend><?php echo __('Add Attribute'); ?></legend>
<?php
echo $this->Form->hidden('event_id');
echo $this->Form->input('category', array(
'between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeCategoryDiv')),
'empty' => '(choose one)'
));
echo $this->Form->input('type', array(
'between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeTypeDiv')),
'empty' => '(first choose category)'
));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),
<?php
echo $this->Form->hidden('event_id');
echo $this->Form->input('category', array(
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv')),
'empty' => '(choose one)'
));
}
echo $this->Form->input('to_ids', array(
'checked' => true,
'before' => $this->Html->div('forminfo', isset($attr_descriptions['signature']['formdesc']) ? $attr_descriptions['signature']['formdesc'] : $attr_descriptions['signature']['desc']),
'label' => 'IDS Signature?'
));
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
));
echo $this->Form->input('batch_import', array(
'type' => 'checkbox',
'after' => $this->Html->div('forminfo', 'Create multiple attributes one per line'),
echo $this->Form->input('type', array(
'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv')),
'empty' => '(first choose category)'
));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),
));
}
echo $this->Form->input('to_ids', array(
'checked' => true,
'before' => $this->Html->div('forminfo', isset($attr_descriptions['signature']['formdesc']) ? $attr_descriptions['signature']['formdesc'] : $attr_descriptions['signature']['desc']),
'label' => 'IDS Signature?'
));
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
));
echo $this->Form->input('batch_import', array(
'type' => 'checkbox',
'after' => $this->Html->div('forminfo', 'Create multiple attributes one per line'),
));
// link an onchange event to the form elements
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
// link an onchange event to the form elements
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
?>
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
//
@ -52,14 +52,14 @@
var category_type_mapping = new Array();
<?php
foreach ($category_definitions as $category => $def) {
echo "category_type_mapping['".addslashes($category)."'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false ;
else echo ', ';
echo "'".addslashes($type)."' : '".addslashes($type)."'";
}
echo "}; \n";
echo "category_type_mapping['" . addslashes($category) . "'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false;
else echo ', ';
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
}
echo "}; \n";
}
?>
@ -69,7 +69,7 @@ function formCategoryChanged(id) {
var options = $('#AttributeType').prop('options');
$('option', $('#AttributeType')).remove();
$.each(category_type_mapping[$('#AttributeCategory').val()], function(val, text) {
options[options.length] = new Option(text, val);
options[options.length] = new Option(text, val);
});
// enable the form element
$('#AttributeType').prop('disabled', false);
@ -83,11 +83,11 @@ var formInfoValues = new Array();
<?php
foreach ($type_definitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['".addslashes($type)."'] = \"".addslashes($info)."\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($category_definitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['".addslashes($category)."'] = \"".addslashes($info)."\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($category) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>
@ -110,4 +110,4 @@ $('#AttributeType').prop('disabled', true);
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

150
app/View/Attributes/add_attachment.ctp
View File

@ -2,75 +2,75 @@
<?php echo $this->Form->create('Attribute', array('enctype' => 'multipart/form-data','onSubmit' => 'document.getElementById("AttributeMalware").removeAttribute("disabled");'));?>
<fieldset>
<legend><?php echo __('Add Attachment'); ?></legend>
<?php
echo $this->Form->hidden('event_id');
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeCategoryDiv'))));
echo $this->Form->file('value', array(
'error' => array('escape' => false),
));
echo $this->Form->input('malware', array(
'type' => 'checkbox',
'checked' => false,
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),));
}
// link an onchange event to the form elements
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
$this->Js->get('#AttributeCategory')->event('change', 'showFormInfo("#AttributeCategory")');
?>
<?php
echo $this->Form->hidden('event_id');
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
echo $this->Form->file('value', array(
'error' => array('escape' => false),
));
echo $this->Form->input('malware', array(
'type' => 'checkbox',
'checked' => false,
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),));
}
// link an onchange event to the form elements
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
$this->Js->get('#AttributeCategory')->event('change', 'showFormInfo("#AttributeCategory")');
?>
</fieldset>
<?php echo $this->Form->end(__('Upload'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
var formInfoValues = new Array();
<?php
foreach ($category_definitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['$category'] = \"$info\";\n";
}
<?php
foreach ($category_definitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['$category'] = \"$info\";\n";
}
?>
var formZipTypeValues = new Array();
<?php
foreach ($category_definitions as $category => $def) {
$types = $def['types'];
$alreadySet = false;
foreach ($types as $type) {
if (in_array($type, $zipped_definitions) && !$alreadySet) {
$alreadySet = true;
echo "formZipTypeValues['$category'] = \"true\";\n";
}
}
if (!$alreadySet) {
echo "formZipTypeValues['$category'] = \"false\";\n";
<?php
foreach ($category_definitions as $category => $def) {
$types = $def['types'];
$alreadySet = false;
foreach ($types as $type) {
if (in_array($type, $zipped_definitions) && !$alreadySet) {
$alreadySet = true;
echo "formZipTypeValues['$category'] = \"true\";\n";
}
}
if (!$alreadySet) {
echo "formZipTypeValues['$category'] = \"false\";\n";
}
}
?>
var formAttTypeValues = new Array();
<?php
foreach ($category_definitions as $category => $def) {
$types = $def['types'];
$alreadySet = false;
foreach ($types as $type) {
if (in_array($type, $upload_definitions) && !$alreadySet) {
$alreadySet = true;
echo "formAttTypeValues['$category'] = \"true\";\n";
}
}
if (!$alreadySet) {
echo "formAttTypeValues['$category'] = \"false\";\n";
<?php
foreach ($category_definitions as $category => $def) {
$types = $def['types'];
$alreadySet = false;
foreach ($types as $type) {
if (in_array($type, $upload_definitions) && !$alreadySet) {
$alreadySet = true;
echo "formAttTypeValues['$category'] = \"true\";\n";
}
}
if (!$alreadySet) {
echo "formAttTypeValues['$category'] = \"false\";\n";
}
}
?>
function showFormType(id) {
@ -78,19 +78,19 @@ function showFormType(id) {
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
//$(idDiv).html(formInfoValues[value]); // search in a lookup table
// do checkbox un/ticked when the document is changed
var value = $(id).val(); // get the selected value
//$(idDiv).html(formInfoValues[value]); // search in a lookup table
// do checkbox un/ticked when the document is changed
if (formZipTypeValues[value] == "true") {
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
} else {
document.getElementById("AttributeMalware").removeAttribute("checked");
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
}
document.getElementById("AttributeMalware").removeAttribute("checked");
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
}
}
function showFormInfo(id) {
@ -98,32 +98,32 @@ function showFormInfo(id) {
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');
// do checkbox un/ticked when the document is changed
if (formZipTypeValues[value] == "true") {
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
} else {
document.getElementById("AttributeMalware").removeAttribute("checked");
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
}
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
} else {
document.getElementById("AttributeMalware").removeAttribute("checked");
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
else document.getElementById("AttributeMalware").removeAttribute("disabled");
}
}
// hide the formInfo things
$('#AttributeTypeDiv').hide();
$('#AttributeCategoryDiv').hide();
$(function(){
// do checkbox un/ticked when the document is ready
showFormType("#AttributeCategory");
}
// do checkbox un/ticked when the document is ready
showFormType("#AttributeCategory");
}
);
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

88
app/View/Attributes/edit.ctp
View File

@ -2,44 +2,44 @@
<?php echo $this->Form->create('Attribute');?>
<fieldset>
<legend><?php echo __('Edit Attribute'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeCategoryDiv'))));
if($attachment) {
echo $this->Form->hidden('type', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeTypeDiv'))));
echo "<BR>Type: ".$this->Form->value('Attribute.type');
} else {
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeTypeDiv'))));
}
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),
));
}
echo $this->Form->input('to_ids', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['signature']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),
'label' => 'IDS Signature?'
));
if($attachment) {
echo $this->Form->hidden('value');
echo "<BR>Value: ".$this->Form->value('Attribute.value');
} else {
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
));
}
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
<?php
echo $this->Form->input('id');
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
if ($attachment) {
echo $this->Form->hidden('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
echo "<BR>Type: " . $this->Form->value('Attribute.type');
} else {
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
}
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),
));
}
echo $this->Form->input('to_ids', array(
'before' => $this->Html->div('forminfo', isset($attr_descriptions['signature']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),
'label' => 'IDS Signature?'
));
if ($attachment) {
echo $this->Form->hidden('value');
echo "<BR>Value: " . $this->Form->value('Attribute.value');
} else {
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
));
}
$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
?>
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<li><?php echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id'))); ?></li>
<li>&nbsp;</li>
<li><?php echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id'))); ?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
@ -51,14 +51,14 @@
var category_type_mapping = new Array();
<?php
foreach ($category_definitions as $category => $def) {
echo "category_type_mapping['".addslashes($category)."'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false ;
else echo ', ';
echo "'".addslashes($type)."' : '".addslashes($type)."'";
}
echo "}; \n";
echo "category_type_mapping['" . addslashes($category) . "'] = {";
$first = true;
foreach ($def['types'] as $type) {
if ($first) $first = false;
else echo ', ';
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
}
echo "}; \n";
}
?>
@ -68,7 +68,7 @@ function formCategoryChanged(id) {
var options = $('#AttributeType').prop('options');
$('option', $('#AttributeType')).remove();
$.each(category_type_mapping[$('#AttributeCategory').val()], function(val, text) {
options[options.length] = new Option(text, val);
options[options.length] = new Option(text, val);
});
// enable the form element
$('#AttributeType').prop('disabled', false);
@ -82,11 +82,11 @@ var formInfoValues = new Array();
<?php
foreach ($type_definitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['".addslashes($type)."'] = \"".addslashes($info)."\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($category_definitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['".addslashes($category)."'] = \"".addslashes($info)."\";\n"; // as we output JS code we need to add slashes
echo "formInfoValues['" . addslashes($category) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>
@ -111,4 +111,4 @@ formCategoryChanged("#AttributeCategory");
$('#AttributeType').val(type_value);
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

227
app/View/Attributes/event.ctp
View File

@ -3,16 +3,16 @@
<?php if ( 0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org'])):
// only show button if alert has not been sent // LATER show the ALERT button in red-ish
?>
<ul><li><?php
echo $this->Form->postLink('Publish Event', array('controller' => 'events', 'action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('controller' => 'events', 'action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
?> </li></ul>
<ul><li><?php
echo $this->Form->postLink('Publish Event', array('controller' => 'events', 'action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('controller' => 'events', 'action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
?> </li></ul>
<?php elseif (0 == $event['Event']['published']): ?>
<ul><li>Not published</li></ul>
<ul><li>Not published</li></ul>
<?php else: ?>
<!-- ul><li>Alert already sent</li></ul -->
<!-- ul><li>Alert already sent</li></ul -->
<?php endif; ?>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('controller' => 'events', 'action' => 'contact', $event['Event']['id'])); ?> </li></ul>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('controller' => 'events', 'action' => 'contact', $event['Event']['id'])); ?> </li></ul>
</div>
@ -68,104 +68,105 @@
<div class="related">
<h3>Related Events</h3>
<ul>
<?php foreach ($relatedEvents as $relatedEvent): ?>
<li><?php
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
$link_text = $relatedEvent['date'].' ('.$relatedEvent['id'].')';
echo $this->Html->link($link_text, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['id']));
} else {
$link_text = $relatedEvent['Event']['date'].' ('.$relatedEvent['Event']['id'].')';
echo $this->Html->link($link_text, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['Event']['id']));
}
?></li>
<?php endforeach; ?>
</ul>
<?php foreach ($relatedEvents as $relatedEvent): ?>
<li><?php
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
$link_text = $relatedEvent['date'] . ' (' . $relatedEvent['id'] . ')';
echo $this->Html->link($link_text, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['id']));
} else {
$link_text = $relatedEvent['Event']['date'] . ' (' . $relatedEvent['Event']['id'] . ')';
echo $this->Html->link($link_text, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['Event']['id']));
}
?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<div class="related">
<h3>Attributes</h3>
<?php if (!empty($event['Attribute'])):?>
<table cellpadding = "0" cellspacing = "0">
<tr>
<th>Category</th>
<th>Type</th>
<th>Value</th>
<th>Related Events</th>
<th <?php echo "title='" . $attr_descriptions['signature']['desc'] . "'";?>>IDS Signature</th>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<th class="actions">Actions</th>
<?php endif;?>
</tr>
<?php
foreach ($categories as $category):
<div class="related">
<h3>Attributes</h3>
<?php if (!empty($event['Attribute'])):?>
<table cellpadding = "0" cellspacing = "0">
<tr>
<th>Category</th>
<th>Type</th>
<th>Value</th>
<th>Related Events</th>
<th <?php echo "title='" . $attr_descriptions['signature']['desc'] . "'";?>>IDS Signature</th>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<th class="actions">Actions</th>
<?php endif;?>
</tr>
<?php
foreach ($categories as $category):
$first = 1;
foreach ($attributes as $attribute):
if($attribute['Attribute']['category'] != $category) continue;
?>
<tr>
<td class="short" title="<?php if('' != $attribute['Attribute']['category']) echo $category_definitions[$attribute['Attribute']['category']]['desc'];?>"><?php
if ($first) {
if ('' == $attribute['Attribute']['category']) echo '(no category)';
echo $attribute['Attribute']['category'];
} else {
echo '&nbsp;';
}
?></td>
<td class="short" title="<?php echo $type_definitions[$attribute['Attribute']['type']]['desc'];?>"><?php echo $attribute['Attribute']['type'];?></td>
<td><?php
$sig_display = nl2br(h($attribute['Attribute']['value']));
if('attachment' == $attribute['Attribute']['type'] ||
'malware-sample' == $attribute['Attribute']['type'] ) {
$filename_hash = explode('|', h($attribute['Attribute']['value']));
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
} elseif (strpos($attribute['Attribute']['type'], '|') !== false) {
$filename_hash = explode('|', h($attribute['Attribute']['value']));
echo $filename_hash[0];
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
} elseif ('vulnerability' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, 'http://www.google.com/search?q='.$sig_display, array('target'=> '_blank'));
} elseif ('link' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, $sig_display);
} else {
echo $sig_display;
}
?></td>
<td class="short" style="text-align: center;">
<?php
$first = 0;
if (isset($relatedAttributes[$attribute['Attribute']['id']]) && (null != $relatedAttributes[$attribute['Attribute']['id']])) {
foreach ($relatedAttributes[$attribute['Attribute']['id']] as $relatedAttribute) {
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
echo $this->Html->link($relatedAttribute['Correlation']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Correlation']['event_id']));
} else {
echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id']));
}
echo ' ';
}
}
?>&nbsp;
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No';?></td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td>
<?php endif;?>
</tr>
<?php endforeach; ?>
<?php endforeach; ?>
</table>
foreach ($attributes as $attribute):
if ($attribute['Attribute']['category'] != $category) continue;
?>
<tr>
<td class="short" title="<?php if ('' != $attribute['Attribute']['category']) echo $category_definitions[$attribute['Attribute']['category']]['desc'];?>"><?php
if ($first) {
if ('' == $attribute['Attribute']['category']) echo '(no category)';
echo $attribute['Attribute']['category'];
} else {
echo '&nbsp;';
}
?></td>
<td class="short" title="<?php echo $type_definitions[$attribute['Attribute']['type']]['desc'];?>">
<?php echo $attribute['Attribute']['type'];?></td>
<td><?php
$sig_display = nl2br(h($attribute['Attribute']['value']));
if ('attachment' == $attribute['Attribute']['type'] ||
'malware-sample' == $attribute['Attribute']['type'] ) {
$filename_hash = explode('|', h($attribute['Attribute']['value']));
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
if (isset($filename_hash[1])) echo ' | ' . $filename_hash[1];
} elseif (strpos($attribute['Attribute']['type'], '|') !== false) {
$filename_hash = explode('|', h($attribute['Attribute']['value']));
echo $filename_hash[0];
if (isset($filename_hash[1])) echo ' | ' . $filename_hash[1];
} elseif ('vulnerability' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, 'http://www.google.com/search?q=' . $sig_display, array('target' => '_blank'));
} elseif ('link' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, $sig_display);
} else {
echo $sig_display;
}
?></td>
<td class="short" style="text-align: center;">
<?php
$first = 0;
if (isset($relatedAttributes[$attribute['Attribute']['id']]) && (null != $relatedAttributes[$attribute['Attribute']['id']])) {
foreach ($relatedAttributes[$attribute['Attribute']['id']] as $relatedAttribute) {
if ('db' == Configure::read('CyDefSIG.correlation')) { // TODO array key
echo $this->Html->link($relatedAttribute['Correlation']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Correlation']['event_id']));
} else {
echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id']));
}
echo ' ';
}
}
?>&nbsp;
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No';?></td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['Attribute']['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td>
<?php endif;?>
</tr>
<?php endforeach; ?>
<?php endforeach; ?>
</table>
<p>
<?php
echo $this->Paginator->counter(array(
@ -180,28 +181,28 @@
echo $this->Paginator->next(__('next') . ' >', array(), null, array('class' => 'next disabled'));
?>
</div>
<?php endif; ?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div>
<?php endif; ?>
</div>
</div>
<div class="actions">
<ul>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Edit Event', true), array('controller' => 'events', 'action' => 'edit', $event['Event']['id'])); ?> </li>
<li><?php echo $this->Form->postLink(__('Delete Event'), array('controller' => 'events', 'action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
<li>&nbsp;</li>
<?php endif; ?>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

51
app/View/Attributes/index.ctp
View File

@ -6,7 +6,8 @@
<th><?php echo $this->Paginator->sort('category');?></th>
<th><?php echo $this->Paginator->sort('type');?></th>
<th><?php echo $this->Paginator->sort('value');?></th>
<th<?php echo ' title="' . $attr_descriptions['signature']['desc'] . '"';?>><?php echo $this->Paginator->sort('signature');?></th>
<th<?php echo ' title="' . $attr_descriptions['signature']['desc'] . '"';?>>
<?php echo $this->Paginator->sort('signature');?></th>
<th class="actions"><?php echo __('Actions');?></th>
</tr>
<?php
@ -15,35 +16,35 @@
<td class="short">
<?php echo $this->Html->link($attribute['Event']['id'], array('controller' => 'events', 'action' => 'view', $attribute['Event']['id'])); ?>
</td>
<td title="<?php echo $category_definitions[$attribute['Attribute']['category']]['desc'];?>" class="short" onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
<td title="<?php echo $category_definitions[$attribute['Attribute']['category']]['desc'];?>" class="short" onclick="document.location ='
<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php echo h($attribute['Attribute']['category']); ?>&nbsp;</td>
<td title="<?php echo $type_definitions[$attribute['Attribute']['type']]['desc'];?>" class="short" onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
<td title="<?php echo $type_definitions[$attribute['Attribute']['type']]['desc'];?>" class="short" onclick="document.location ='
<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php echo h($attribute['Attribute']['type']); ?>&nbsp;</td>
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
<?php
$sig_display = nl2br(h($attribute['Attribute']['value']));
if('attachment' == $attribute['Attribute']['type'] ||
'malware-sample' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
} elseif ('link' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, $sig_display);
} else {
echo $sig_display;
}
?>&nbsp;</td>
<td class="short" style="text-align: center;" onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php
$sig_display = nl2br(h($attribute['Attribute']['value']));
if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
} elseif ('link' == $attribute['Attribute']['type']) {
echo $this->Html->link($sig_display, $sig_display);
} else {
echo $sig_display;
}
?>&nbsp;</td>
<td class="short" style="text-align: center;" onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No'; ?>&nbsp;</td>
<td class="actions"><?php
if ($isAdmin || $attribute['Event']['org'] == $me['org']) {
echo $this->Html->link(__('Edit'), array('action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
}
echo $this->Html->link(__('View'), array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']));
?>
if ($isAdmin || $attribute['Event']['org'] == $me['org']) {
echo $this->Html->link(__('Edit'), array('action' => 'edit', $attribute['Attribute']['id']));
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
}
echo $this->Html->link(__('View'), array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']));
?>
</td>
</tr>
<?php endforeach; ?>
<?php endforeach; ?>
</table>
<p>
<?php
@ -64,4 +65,4 @@
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
</div>

32
app/View/Attributes/search.ctp
View File

@ -4,32 +4,32 @@
<legend><?php echo __('Search Attribute'); ?></legend>
<?php
echo $this->Form->input('keyword');
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeTypeDiv'))));
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeCategoryDiv'))));
echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv'))));
echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv'))));
?>
</fieldset>
<?php echo $this->Form->end(__('Search', true));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
var formInfoValues = new Array();
<?php
foreach ($type_definitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['$type'] = \"$info\";\n";
}
foreach ($category_definitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['$category'] = \"$info\";\n";
}
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
$this->Js->get('#AttributeCategory')->event('change', 'showFormInfo("#AttributeCategory")');
<?php
foreach ($type_definitions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['$type'] = \"$info\";\n";
}
foreach ($category_definitions as $category => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['$category'] = \"$info\";\n";
}
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
$this->Js->get('#AttributeCategory')->event('change', 'showFormInfo("#AttributeCategory")');
?>
formInfoValues['ALL'] = '';
@ -51,4 +51,4 @@ $('#AttributeTypeDiv').hide();
$('#AttributeCategoryDiv').hide();
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

42
app/View/Attributes/xml/index.ctp
View File

@ -1,29 +1,29 @@
<?php
$xmlArray = array();
foreach ($attributes as $key => $attribute) {
// rearrange things to be compatible with the Xml::fromArray()
$attributes[$key] = $attributes[$key]['Attribute'];
// rearrange things to be compatible with the Xml::fromArray()
$attributes[$key] = $attributes[$key]['Attribute'];
// cleanup the array from things we do not want to expose
unset($attributes[$key]['Event']);
// hide the private field is we are not in sync mode
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($attributes[$key]['private']);
}
// cleanup the array from things we do not want to expose
unset($attributes[$key]['Event']);
// hide the private field is we are not in sync mode
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($attributes[$key]['private']);
}
}
// display the XML to the user
$xmlArray['response']['Attribute'] = $attributes;
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
// display the XML to the user
$xmlArray['response']['Attribute'] = $attributes;
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
echo $xmlObject->asXML();
?><!--
Please note that this XML page is a representation of the /attributes/index page.
Because the /attributes/index page is paginated you will have a limited number of results.
You can for example ask: /attributes/index/limit:999.xml to get the 999 first records.
(A maximum has been set to 9999)
To export all the attributes at once, with their events, use the export functionality.
?><!--
Please note that this XML page is a representation of the /attributes/index page.
Because the /attributes/index page is paginated you will have a limited number of results.
You can for example ask: /attributes/index/limit:999.xml to get the 999 first records.
(A maximum has been set to 9999)
To export all the attributes at once, with their events, use the export functionality.
-->

2
app/View/Elements/actions_menu.ctp
View File

@ -25,4 +25,4 @@
<li>&nbsp;</li>
<li><?php echo $this->Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
<?php endif; ?>
<?php endif;

6
app/View/Emails/text/new_event.ctp
View File

@ -6,12 +6,12 @@ Reported by : <?php echo h($event['Event']['org']); ?>
Risk : <?php echo $event['Event']['risk']; ?>
Attributes :
<?php if (!empty($event['Attribute'])):
$i = 0;
foreach ($event['Attribute'] as $attribute): ?>
$i = 0;
foreach ($event['Attribute'] as $attribute): ?>
- <?php echo $attribute['type']; echo str_repeat(' ', $appendlen - 2 - strlen( $attribute['type'])); ?>
: <?php echo h($attribute['value']);?>
<?php endforeach; ?><?php endif; ?>
Extra info :
<?php echo h($event['Event']['info']); ?>
<?php //endforeach; ?>
<?php //endforeach;

22
app/View/Events/add.ctp
View File

@ -2,23 +2,23 @@
<?php echo $this->Form->create('Event');?>
<fieldset>
<legend><?php echo __('Add Event'); ?></legend>
<?php
echo $this->Form->input('date');
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['private']['formdesc']) ? $event_descriptions['private']['formdesc'] : $event_descriptions['private']['desc']),));
}
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['risk']['formdesc']) ? $event_descriptions['risk']['formdesc'] : $event_descriptions['risk']['desc'])));
echo $this->Form->input('info');
<?php
echo $this->Form->input('date');
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['private']['formdesc']) ? $event_descriptions['private']['formdesc'] : $event_descriptions['private']['desc']),));
}
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['risk']['formdesc']) ? $event_descriptions['risk']['formdesc'] : $event_descriptions['risk']['desc'])));
echo $this->Form->input('info');
?>
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

6
app/View/Events/contact.ctp
View File

@ -1,12 +1,12 @@
<div class="events form">
<?php echo $this->Form->create('Event');?>
<fieldset>
<legend><?php echo 'Contact reporter of event '.$this->Form->value('Event.id'); ?></legend>
<legend><?php echo 'Contact reporter of event ' . $this->Form->value('Event.id'); ?></legend>
<p>You are about to contact the person who reported event <?php echo $this->Form->value('Event.id'); ?>.<br/>
Feel free to add a custom message that will be sent to the reporter. <br/>
Your email address and details about the event will be added automagically to the message.</p>
<?php
echo $this->Form->input('message', array('type'=> 'textarea'));
echo $this->Form->input('message', array('type' => 'textarea'));
?>
<?php echo $this->Form->end(__('Submit', true));?>
</fieldset>
@ -14,7 +14,7 @@
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

24
app/View/Events/edit.ctp
View File

@ -2,17 +2,17 @@
<?php echo $this->Form->create('Event');?>
<fieldset>
<legend><?php echo __('Edit Event'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('date');
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['risk']['formdesc']) ? $event_descriptions['risk']['formdesc'] : $event_descriptions['risk']['desc'])));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['private']['formdesc']) ? $event_descriptions['private']['formdesc'] : $event_descriptions['private']['desc']),));
}
echo $this->Form->input('info');
?>
<?php
echo $this->Form->input('id');
echo $this->Form->input('date');
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['risk']['formdesc']) ? $event_descriptions['risk']['formdesc'] : $event_descriptions['risk']['desc'])));
if ('true' == Configure::read('CyDefSIG.sync')) {
echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($event_descriptions['private']['formdesc']) ? $event_descriptions['private']['formdesc'] : $event_descriptions['private']['desc']),));
}
echo $this->Form->input('info');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
</div>
@ -21,6 +21,6 @@
<li><?php echo $this->Html->link(__('Delete', true), array('action' => 'delete', $this->Form->value('Event.id')), null, sprintf(__('Are you sure you want to delete # %s?', true), $this->Form->value('Event.id'))); ?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

2
app/View/Events/export.ctp
View File

@ -36,7 +36,7 @@ You can <?php echo $this->Html->link('reset', array('controller' => 'users', 'ac
<p>You can configure your tools to automatically download the following files:</p>
<pre>
<?php foreach ($sig_types as $sig_type):?>
<?php echo Configure::read('CyDefSIG.baseurl');?>/events/text/<?php echo $me['authkey']; ?>/<?php echo $sig_type."\n";?>
<?php echo Configure::read('CyDefSIG.baseurl');?>/events/text/<?php echo $me['authkey']; ?>/<?php echo $sig_type . "\n";?>
<?php endforeach;?>
</pre>
<p></p>

41
app/View/Events/index.ctp
View File

@ -10,10 +10,12 @@
<th><?php echo $this->Paginator->sort('user_id', 'Email');?></th>
<?php endif; ?>
<th><?php echo $this->Paginator->sort('date');?></th>
<th<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>><?php echo $this->Paginator->sort('risk');?></th>
<th<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>>
<?php echo $this->Paginator->sort('risk');?></th>
<th><?php echo $this->Paginator->sort('info');?></th>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th<?php echo ' title="' . $event_descriptions['private']['desc'] . '"';?>><?php echo $this->Paginator->sort('private');?></th>
<th<?php echo ' title="' . $event_descriptions['private']['desc'] . '"';?>>
<?php echo $this->Paginator->sort('private');?></th>
<?php endif; ?>
<th class="actions"><?php echo __('Actions');?></th>
</tr>
@ -21,10 +23,10 @@
foreach ($events as $event):
?>
<tr>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php
echo $this->Html->image('orgs/'.h($event['Event']['org']).'.png', array('alt' => h($event['Event']['org']),'width'=>'50','hight'=>'50'));
echo $this->Html->image('orgs/' . h($event['Event']['org']) . '.png', array('alt' => h($event['Event']['org']),'width' => '50','hight' => '50'));
?>
&nbsp;</td>
<?php endif; ?>
@ -33,31 +35,31 @@
&nbsp;</td>
<?php if ('true' == Configure::read('CyDefSIG.showowner') || $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo h($event['User']['email']); ?>&nbsp;</td>
<?php endif; ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo $event['Event']['date']; ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo $event['Event']['risk']; ?>&nbsp;</td>
<td onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
<td onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo nl2br(h($event['Event']['info'])); ?>&nbsp;</td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo ($event['Event']['private'])? 'Private' : ''; ?>&nbsp;</td>
<?php endif; ?>
<td class="actions">
<?php
if (0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org']))
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
elseif (0 == $event['Event']['published']) echo 'Not published';
?>
<?php
if ($isAdmin || $event['Event']['org'] == $me['org']) {
echo $this->Html->link(__('Edit', true), array('action' => 'edit', $event['Event']['id']));
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
}
?>
<?php
if ($isAdmin || $event['Event']['org'] == $me['org']) {
echo $this->Html->link(__('Edit', true), array('action' => 'edit', $event['Event']['id']));
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
}
?>
<?php echo $this->Html->link(__('View', true), array('controller' => 'events', 'action' => 'view', $event['Event']['id'])); ?>
</td>
</tr>
@ -71,9 +73,8 @@
?> </p>
<div class="paging">
<?php echo $this->Paginator->prev('<< ' . __('previous', true), array(), null, array('class'=>'disabled'));?>
| <?php echo $this->Paginator->numbers();?>
|
<?php echo $this->Paginator->prev('<< ' . __('previous', true), array(), null, array('class' => 'disabled'));?>
<?php echo $this->Paginator->numbers();?>
<?php echo $this->Paginator->next(__('next', true) . ' >>', array(), null, array('class' => 'disabled'));?>
</div>
</div>

7
app/View/Events/text.ctp
View File

@ -1,6 +1,5 @@
<?php
foreach ($attributes as $attribute) {
echo $attribute['Attribute']['value'];
echo "\n";
}
?>
echo $attribute['Attribute']['value'];
echo "\n";
}

203
app/View/Events/view.ctp
View File

@ -3,20 +3,20 @@
<?php if ( 0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org'])):
// only show button if alert has not been sent // LATER show the ALERT button in red-ish
?>
<ul><li><?php
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
?> </li></ul>
<ul><li><?php
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
?> </li></ul>
<?php elseif (0 == $event['Event']['published']): ?>
<ul><li>Not published</li></ul>
<ul><li>Not published</li></ul>
<?php else: ?>
<!-- ul><li>Alert already sent</li></ul -->
<!-- ul><li>Alert already sent</li></ul -->
<?php endif; ?>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('action' => 'contact', $event['Event']['id'])); ?> </li></ul>
<ul><li><?php echo $this->Html->link(__('Contact reporter', true), array('action' => 'contact', $event['Event']['id'])); ?> </li></ul>
</div>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<?php echo $this->Html->image('orgs/'.h($event['Event']['org']).'.png', array('alt' => h($event['Event']['org']),'width'=>'50','hight'=>'50', 'style' => 'float:right;')); ?>
<?php echo $this->Html->image('orgs/' . h($event['Event']['org']) . '.png', array('alt' => h($event['Event']['org']),'width' => '50','hight' => '50', 'style' => 'float:right;')); ?>
<?php endif; ?>
<h2>Event</h2>
<dl>
@ -73,115 +73,116 @@
<ul>
<?php foreach ($relatedEvents as $relatedEvent): ?>
<li><?php
$link_text = $relatedEvent['Event']['date'].' ('.$relatedEvent['Event']['id'].')';
$link_text = $relatedEvent['Event']['date'] . ' (' . $relatedEvent['Event']['id'] . ')';
echo $this->Html->link($link_text, array('controller' => 'events', 'action' => 'view', $relatedEvent['Event']['id']));
?></li>
<?php endforeach; ?>
</ul>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<div class="related">
<h3>Attributes</h3>
<?php if (!empty($event['Attribute'])):?>
<table cellpadding = "0" cellspacing = "0">
<tr>
<th>Category</th>
<th>Type</th>
<th>Value</th>
<th>Related Events</th>
<th <?php echo "title='" . $attr_descriptions['signature']['desc'] . "'";?>>IDS Signature</th>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<th class="actions">Actions</th>
<?php endif;?>
</tr>
<?php
foreach ($categories as $category):
<div class="related">
<h3>Attributes</h3>
<?php if (!empty($event['Attribute'])):?>
<table cellpadding = "0" cellspacing = "0">
<tr>
<th>Category</th>
<th>Type</th>
<th>Value</th>
<th>Related Events</th>
<th <?php echo "title='" . $attr_descriptions['signature']['desc'] . "'";?>>IDS Signature</th>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<th class="actions">Actions</th>
<?php endif;?>
</tr>
<?php
foreach ($categories as $category):
$first = 1;
foreach ($event['Attribute'] as $attribute):
if($attribute['category'] != $category) continue;
?>
<tr>
<td class="short" title="<?php if('' != $attribute['category']) echo $category_definitions[$attribute['category']]['desc'];?>"><?php
if ($first) {
if ('' == $attribute['category']) echo '(no category)';
echo $attribute['category'];
} else {
echo '&nbsp;';
}
?></td>
<td class="short" title="<?php echo $type_definitions[$attribute['type']]['desc'];?>"><?php echo $attribute['type'];?></td>
<td><?php
$sig_display = nl2br(h($attribute['value']));
if('attachment' == $attribute['type'] ||
'malware-sample' == $attribute['type'] ) {
$filename_hash = explode('|', h($attribute['value']));
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['id']));
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
} elseif (strpos($attribute['type'], '|') !== false) {
$filename_hash = explode('|', h($attribute['value']));
echo $filename_hash[0];
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
} elseif ('vulnerability' == $attribute['type']) {
echo $this->Html->link($sig_display, 'http://www.google.com/search?q='.$sig_display, array('target'=> '_blank'));
} elseif ('link' == $attribute['type']) {
echo $this->Html->link($sig_display, $sig_display);
} else {
echo $sig_display;
}
?></td>
<td class="short" style="text-align: center;">
<?php
$first = 0;
if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$attribute['id']])) {
foreach ($relatedAttributes[$attribute['id']] as $relatedAttribute) {
echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id']));
echo ' ';
}
}
?>&nbsp;
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['to_ids'] ? 'Yes' : 'No';?></td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td>
<?php endif;?>
</tr>
<?php endforeach; ?>
<?php endforeach; ?>
</table>
<?php endif; ?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div>
<?php endif; ?>
</div>
foreach ($event['Attribute'] as $attribute):
if ($attribute['category'] != $category) continue;
?>
<tr>
<td class="short" title="<?php if ('' != $attribute['category']) echo $category_definitions[$attribute['category']]['desc'];?>">
<?php if ($first) {
if ('' == $attribute['category']) echo '(no category)';
echo $attribute['category'];
} else {
echo '&nbsp;';
}
?></td>
<td class="short" title="<?php echo $type_definitions[$attribute['type']]['desc'];?>">
<?php echo $attribute['type'];?></td>
<td><?php
$sig_display = nl2br(h($attribute['value']));
if ('attachment' == $attribute['type'] ||
'malware-sample' == $attribute['type'] ) {
$filename_hash = explode('|', h($attribute['value']));
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['id']));
if (isset($filename_hash[1])) echo ' | ' . $filename_hash[1];
} elseif (strpos($attribute['type'], '|') !== false) {
$filename_hash = explode('|', h($attribute['value']));
echo $filename_hash[0];
if (isset($filename_hash[1])) echo ' | ' . $filename_hash[1];
} elseif ('vulnerability' == $attribute['type']) {
echo $this->Html->link($sig_display, 'http://www.google.com/search?q=' . $sig_display, array('target' => '_blank'));
} elseif ('link' == $attribute['type']) {
echo $this->Html->link($sig_display, $sig_display);
} else {
echo $sig_display;
}
?></td>
<td class="short" style="text-align: center;">
<?php
$first = 0;
if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$attribute['id']])) {
foreach ($relatedAttributes[$attribute['id']] as $relatedAttribute) {
echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id']));
echo ' ';
}
}
?>&nbsp;
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['to_ids'] ? 'Yes' : 'No';?></td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">
<?php
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td>
<?php endif;?>
</tr>
<?php endforeach; ?>
<?php endforeach; ?>
</table>
<?php endif; ?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div>
<?php endif; ?>
</div>
</div>
<div class="actions">
<ul>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Edit Event', true), array('action' => 'edit', $event['Event']['id'])); ?> </li>
<li><?php echo $this->Form->postLink(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
<li>&nbsp;</li>
<?php endif; ?>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

4
app/View/Events/xml.ctp
View File

@ -1,8 +1,8 @@
<?php
$xmlArray = array();
foreach ($results as $result) {
$result['Event']['Attribute'] = $result['Attribute'];
$xmlArray['CyDefSIG']['Event'][] = $result['Event'];
$result['Event']['Attribute'] = $result['Attribute'];
$xmlArray['CyDefSIG']['Event'][] = $result['Event'];
}
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));

24
app/View/Events/xml/index.ctp
View File

@ -2,19 +2,19 @@
// TODO also output a kind of status code and data what was requested in the REST result
$xmlArray = array();
foreach ($events as $key => $event) {
// rearrange things to be compatible with the Xml::fromArray()
$events[$key] = $events[$key]['Event'];
// rearrange things to be compatible with the Xml::fromArray()
$events[$key] = $events[$key]['Event'];
// cleanup the array from things we do not want to expose
unset($events[$key]['Event']);
// hide the private field is we are not in sync mode
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($events[$key]['private']);
}
// hide the org field is we are not in showorg mode
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($events[$key]['org']);
}
// cleanup the array from things we do not want to expose
unset($events[$key]['Event']);
// hide the private field is we are not in sync mode
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($events[$key]['private']);
}
// hide the org field is we are not in showorg mode
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($events[$key]['org']);
}
}

24
app/View/Events/xml/view.ctp
View File

@ -6,28 +6,28 @@ unset($event['Attribute']);
// cleanup the array from things we do not want to expose
// remove value1 and value2 from the output
foreach($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
}
// hide the private fields is we are not in sync mode
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($event['Event']['private']);
foreach($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['private']);
}
if ('true' != Configure::read('CyDefSIG.sync')) {
unset($event['Event']['private']);
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['private']);
}
}
// hide the org field is we are not in showorg mode
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($event['Event']['org']);
unset($event['Event']['org']);
}
// build up a list of the related events
if (isset($relatedEvents)) {
foreach ($relatedEvents as $relatedEvent) {
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
}
foreach ($relatedEvents as $relatedEvent) {
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
}
}
// display the XML to the user

300
app/View/Pages/documentation.ctp
View File

@ -13,46 +13,46 @@ any page of the site.</p>
<p>The left menu allows the user navigating to the different features/pages of the site:</p>
<ul>
<li><em>New Event:</em>
<p>Allow user to create a new event. See How to share a malware signatures
section for further details.</p></li>
<p>Allow user to create a new event. See How to share a malware signatures
section for further details.</p></li>
<li><em>List Events: </em>
<p>List all events and allows users to </p>
<ul>
<li>display the details of the events</li>
<li>contact the publishing party of an even by clicking <b>Contact Reporter </b>button in the Event page.</li>
<li>Modify or delete an event and attributes you have imported.</li>
</ul>
<p></p></li>
<p>List all events and allows users to </p>
<ul>
<li>display the details of the events</li>
<li>contact the publishing party of an even by clicking <b>Contact Reporter </b>button in the Event page.</li>
<li>Modify or delete an event and attributes you have imported.</li>
</ul>
<p></p></li>
<li><em>List Attributes:</em>
<p>Lists all attributes cross events.</p></li>
<p>Lists all attributes cross events.</p></li>
<li><em>Search Attribute:</em>
<p>You can search for attributes based on key words
and apply a filtering based on the category and or attribute type.</p></li>
<p>You can search for attributes based on key words
and apply a filtering based on the category and or attribute type.</p></li>
<li><em>Export:</em>
<p>Different format are supported: XML (all or per
event), text (all or per attribute type), and IDS format. Note that
only the attributes that have been selected to be in the part of IDS
will be included in this latter.</p></li>
<p>Different format are supported: XML (all or per
event), text (all or per attribute type), and IDS format. Note that
only the attributes that have been selected to be in the part of IDS
will be included in this latter.</p></li>
<li><em>News:</em>
<p>Provide the latest news regarding the site like last changes.</p></li>
<p>Provide the latest news regarding the site like last changes.</p></li>
<li><em>My Profile:</em>
<p>Allows to setup the user profile:</p>
<ul>
<li>email address to which new events will be sent,</li>
<li>the AuthKey used to automate the export of events/attributes from the application
(see Export),</li>
<li>NIDS starting SID,</li>
<li>PGP public key used to encrypt the events sent by email</li>
</ul>
<p></p></li>
<p>Allows to setup the user profile:</p>
<ul>
<li>email address to which new events will be sent,</li>
<li>the AuthKey used to automate the export of events/attributes from the application
(see Export),</li>
<li>NIDS starting SID,</li>
<li>PGP public key used to encrypt the events sent by email</li>
</ul>
<p></p></li>
<li><em>Member List</em>
<p>Provide statstics about the site.</p></li>
<p>Provide statstics about the site.</p></li>
<li><em>User Guide</em>
<p>Displays this document.</p></li>
<p>Displays this document.</p></li>
<li><em>Terms & Conditions</em>
<p>Defines terms of use of this platform.</p></li>
<p>Defines terms of use of this platform.</p></li>
<li><em>List Servers</em>
<p>Displays a list of servers that the user synchronizes his account to.</p></li>
<p>Displays a list of servers that the user synchronizes his account to.</p></li>
</ul>
@ -81,73 +81,73 @@ events with same attributes.</p>
<ol>
<li>Click on <em>New Event</em> (left menu)</li>
<li>Fill-in the form:
<ul>
<li><em>Date*:</em> date of the malware was discovered</li>
<ul>
<li><em>Date*:</em> date of the malware was discovered</li>
<li><em>Private*:</em> is the event sharable with other servers. <small>(only in sync-mode)</small></li>
<li><em>Risk*:</em> estimated risk level related to the malware.<br/>
Guideline for risk level:
<ul>
<li>Undefined (default)</li>
<li>Low - TBD</li>
<li>Med - Advanced Persistent Threat</li>
<li>High - Very sophisticated APT (e.g. including 0-day)</li>
</ul>
<li><em>Risk*:</em> estimated risk level related to the malware.<br/>
Guideline for risk level:
<ul>
<li>Undefined (default)</li>
<li>Low - TBD</li>
<li>Med - Advanced Persistent Threat</li>
<li>High - Very sophisticated APT (e.g. including 0-day)</li>
</ul>
</li>
<li><em>Info*:</em> High level information that can help to understand the malware/attack,
like title and high level behavior.<br/>
This field should remain as short as possible (recommended max 50 words).
The full description of the malware behavior and its artifacts must
be defined as an attribute (other).</li>
</ul>
</li>
<li style="clear:both;">Click <em>Submit</em>
<img src="/img/doc/add-event-done.png" style="float:right;" />
<p>Note that at this stage, the information is
shared on the site but no notification is sent to the other parties
yet.</p></li>
<li>Click <em>Add Attribute</em> or <em>Add Attachment</em>
<li><em>Info*:</em> High level information that can help to understand the malware/attack,
like title and high level behavior.<br/>
This field should remain as short as possible (recommended max 50 words).
The full description of the malware behavior and its artifacts must
be defined as an attribute (other).</li>
</ul>
</li>
<li style="clear:both;">Click <em>Submit</em>
<img src="/img/doc/add-event-done.png" style="float:right;" />
<p>Note that at this stage, the information is
shared on the site but no notification is sent to the other parties
yet.</p></li>
<li>Click <em>Add Attribute</em> or <em>Add Attachment</em>
</li>
<li style="clear:both;">For Attribute:
<img src="/img/doc/add-attribute.png" style="float:right;" />
<ul>
<li><em>Category*</em>: see Category section below</li>
<li><em>Type*:</em> see Type section below</li>
<li><em>Private*:</em> prevent upload of this specific Attribute to other servers. <small>(only in sync-mode)</small></li>
<li><em>IDS Signature?</em>: Check this box if you want
the attribute to be part of the IDS signature generated by the site.
Make sure that the information in value is usable in an IDS
signature, do not check if it is free text, Vulnerability.</li>
<li><em>Value:</em> enter the attribute value. Note
that the value format will be validated for some types like hash and
IP addresses.</li>
<li><em>Batch Import:</em> check this box to import
data in batch. Enter an attribute value per line, each entry will be
assigned the selected Category and Type.</li>
<li>Click <em>Submit</em></li>
</ul>
</li>
<img src="/img/doc/add-attribute.png" style="float:right;" />
<ul>
<li><em>Category*</em>: see Category section below</li>
<li><em>Type*:</em> see Type section below</li>
<li><em>Private*:</em> prevent upload of this specific Attribute to other servers. <small>(only in sync-mode)</small></li>
<li><em>IDS Signature?</em>: Check this box if you want
the attribute to be part of the IDS signature generated by the site.
Make sure that the information in value is usable in an IDS
signature, do not check if it is free text, Vulnerability.</li>
<li><em>Value:</em> enter the attribute value. Note
that the value format will be validated for some types like hash and
IP addresses.</li>
<li><em>Batch Import:</em> check this box to import
data in batch. Enter an attribute value per line, each entry will be
assigned the selected Category and Type.</li>
<li>Click <em>Submit</em></li>
</ul>
</li>
<li style="clear:both;">For Attachment:
<img src="/img/doc/add-attachment.png" style="float:right;" />
<ul>
<li><em>Category:</em> see Category section below</li>
<li>Select the file to upload</li>
<li><em>Malware:</em> Check this box if the file to upload is
harmful. The system will then encrypt with zip before storing the
file with the default password, <em>"infected"</em>. This will protect
other systems against accidental infection.<br/>
Note that a hash will be automatically computed
and added to the event as an attribute.</li>
<li>Click <em>Upload</em></li>
</ul>
<li>Redo steps 5-6 as many time as attributes you need to upload.</li>
<li>Click <em>Publish Event</em> once all attributes are uploaded.<br/>
<p>The application will then send the event with all uploaded information
to all users of the site.<br/>
In sync-mode the event will also be uploaded to other servers users have configured in their profile.</p>
<p>You can modify, delete or add new attributes after publishing. In that case, any
change will be accessible by other users via the GUI and only
released by email to all users once you re-Publish the event.</p>
<li style="clear:both;">For Attachment:
<img src="/img/doc/add-attachment.png" style="float:right;" />
<ul>
<li><em>Category:</em> see Category section below</li>
<li>Select the file to upload</li>
<li><em>Malware:</em> Check this box if the file to upload is
harmful. The system will then encrypt with zip before storing the
file with the default password, <em>"infected"</em>. This will protect
other systems against accidental infection.<br/>
Note that a hash will be automatically computed
and added to the event as an attribute.</li>
<li>Click <em>Upload</em></li>
</ul>
<li>Redo steps 5-6 as many time as attributes you need to upload.</li>
<li>Click <em>Publish Event</em> once all attributes are uploaded.<br/>
<p>The application will then send the event with all uploaded information
to all users of the site.<br/>
In sync-mode the event will also be uploaded to other servers users have configured in their profile.</p>
<p>You can modify, delete or add new attributes after publishing. In that case, any
change will be accessible by other users via the GUI and only
released by email to all users once you re-Publish the event.</p>
</li>
</ol>
@ -162,36 +162,36 @@ $attr = new Attribute();
<h3>Attribute Categories vs Types</h3>
<table>
<tr>
<th>Category</th>
<?php foreach ($attr->category_definitions as $cat => $cat_def ): ?>
<th style="width:5%; text-align:center; white-space:normal"><?php echo $cat; ?></th>
<?php endforeach;?>
<th>Category</th>
<?php foreach ($attr->category_definitions as $cat => $cat_def): ?>
<th style="width:5%; text-align:center; white-space:normal"><?php echo $cat; ?></th>
<?php endforeach;?>
</tr>
<?php foreach ($attr->type_definitions as $type => $def): ?>
<tr>
<td><?php echo $type; ?></td>
<?php foreach ($attr->category_definitions as $cat => $cat_def ): ?>
<td style="text-align:center"><?php echo in_array($type, $cat_def['types'])? 'X' : ''; ?></td>
<?php endforeach;?>
<td><?php echo $type; ?></td>
<?php foreach ($attr->category_definitions as $cat => $cat_def): ?>
<td style="text-align:center"><?php echo in_array($type, $cat_def['types'])? 'X' : ''; ?></td>
<?php endforeach;?>
<?php endforeach;?>
</tr>
<tr>
<th>Category</th>
<?php foreach ($attr->category_definitions as $cat => $cat_def ): ?>
<th style="width:5%; text-align:center; white-space:normal"><?php echo $cat; ?></th>
<?php endforeach;?>
<th>Category</th>
<?php foreach ($attr->category_definitions as $cat => $cat_def): ?>
<th style="width:5%; text-align:center; white-space:normal"><?php echo $cat; ?></th>
<?php endforeach;?>
</tr>
</table>
<h3>Categories</h3>
<table>
<tr>
<th>Category</th>
<th>Description</th>
<th>Category</th>
<th>Description</th>
</tr>
<?php foreach ($attr->category_definitions as $cat => $def): ?>
<tr>
<td><?php echo $cat; ?></td>
<td><?php echo isset($def['formdesc'])? $def['formdesc'] : $def['desc']; ?></td>
<td><?php echo $cat; ?></td>
<td><?php echo isset($def['formdesc'])? $def['formdesc'] : $def['desc']; ?></td>
<?php endforeach;?>
</tr>
</table>
@ -199,13 +199,13 @@ $attr = new Attribute();
<h3>Types</h3>
<table>
<tr>
<th>Type</th>
<th>Description</th>
<th>Type</th>
<th>Description</th>
</tr>
<?php foreach ($attr->type_definitions as $type => $def): ?>
<tr>
<td><?php echo $type; ?></td>
<td><?php echo isset($def['formdesc'])? $def['formdesc'] : $def['desc']; ?></td>
<td><?php echo $type; ?></td>
<td><?php echo isset($def['formdesc'])? $def['formdesc'] : $def['desc']; ?></td>
<?php endforeach;?>
</tr>
</table>
@ -278,37 +278,37 @@ Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</pre>
<p>The response you're going to get is the following data:</p>
<pre>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;
&lt;response&gt;
&lt;Event&gt;
&lt;id&gt;123&lt;/id&gt;
&lt;date&gt;2012-04-06&lt;/date&gt;
&lt;risk&gt;Undefined&lt;/risk&gt;
&lt;info&gt;TEST&lt;/info&gt;
&lt;published&gt;0&lt;/published&gt;
&lt;uuid&gt;4f7eff11-4e98-47b7-ae96-6a7fff32448e&lt;/uuid&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;Attribute&gt;
&lt;id&gt;9577&lt;/id&gt;
&lt;event_id&gt;123&lt;/event_id&gt;
&lt;category&gt;Artifacts dropped&lt;/category&gt;
&lt;type&gt;other&lt;/type&gt;
&lt;value&gt;test other&lt;/value&gt;
&lt;to_ids&gt;1&lt;/to_ids&gt;
&lt;uuid&gt;4f7fe870-e5a4-4b9e-a89c-a45bff32448e&lt;/uuid&gt;
&lt;revision&gt;1&lt;/revision&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;/Attribute&gt;
&lt;Attribute&gt;
&lt;id&gt;9576&lt;/id&gt;
&lt;event_id&gt;123&lt;/event_id&gt;
&lt;category&gt;Payload delivery&lt;/category&gt;
&lt;type&gt;filename&lt;/type&gt;
&lt;value&gt;test attribute&lt;/value&gt;
&lt;to_ids&gt;1&lt;/to_ids&gt;
&lt;uuid&gt;4f7fe85b-0f78-4e40-91f3-a45aff32448e&lt;/uuid&gt;
&lt;revision&gt;1&lt;/revision&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;/Attribute&gt;
&lt;/Event&gt;
&lt;Event&gt;
&lt;id&gt;123&lt;/id&gt;
&lt;date&gt;2012-04-06&lt;/date&gt;
&lt;risk&gt;Undefined&lt;/risk&gt;
&lt;info&gt;TEST&lt;/info&gt;
&lt;published&gt;0&lt;/published&gt;
&lt;uuid&gt;4f7eff11-4e98-47b7-ae96-6a7fff32448e&lt;/uuid&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;Attribute&gt;
&lt;id&gt;9577&lt;/id&gt;
&lt;event_id&gt;123&lt;/event_id&gt;
&lt;category&gt;Artifacts dropped&lt;/category&gt;
&lt;type&gt;other&lt;/type&gt;
&lt;value&gt;test other&lt;/value&gt;
&lt;to_ids&gt;1&lt;/to_ids&gt;
&lt;uuid&gt;4f7fe870-e5a4-4b9e-a89c-a45bff32448e&lt;/uuid&gt;
&lt;revision&gt;1&lt;/revision&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;/Attribute&gt;
&lt;Attribute&gt;
&lt;id&gt;9576&lt;/id&gt;
&lt;event_id&gt;123&lt;/event_id&gt;
&lt;category&gt;Payload delivery&lt;/category&gt;
&lt;type&gt;filename&lt;/type&gt;
&lt;value&gt;test attribute&lt;/value&gt;
&lt;to_ids&gt;1&lt;/to_ids&gt;
&lt;uuid&gt;4f7fe85b-0f78-4e40-91f3-a45aff32448e&lt;/uuid&gt;
&lt;revision&gt;1&lt;/revision&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;/Attribute&gt;
&lt;/Event&gt;
&lt;/response&gt;</pre>
@ -320,12 +320,12 @@ Accept: application/xml
Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</pre>
<p>And the request body:</p>
<pre>&lt;Event&gt;
&lt;date&gt;2012-05-06&lt;/date&gt;
&lt;risk&gt;Undefined&lt;/risk&gt;
&lt;info&gt;TEST REST&lt;/info&gt;
&lt;published&gt;0&lt;/published&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;attribute/&gt;
&lt;date&gt;2012-05-06&lt;/date&gt;
&lt;risk&gt;Undefined&lt;/risk&gt;
&lt;info&gt;TEST REST&lt;/info&gt;
&lt;published&gt;0&lt;/published&gt;
&lt;private&gt;0&lt;/private&gt;
&lt;attribute/&gt;
&lt;/Event&gt;</pre>
<!-- <p>The response you're going to get is the following data:</p>
<h2>FIXME </h2> -->
@ -341,7 +341,7 @@ Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</pre>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

30
app/View/Servers/add.ctp
View File

@ -4,28 +4,28 @@
<legend><?php echo __('Add Server'); ?></legend>
<?php
echo $this->Form->input('url', array(
'label' => 'Base URL',
'before' => $this->Html->div('forminfo', 'The base-url to the external server you want to sync with.<br/>Example: <i>https://foo.sig.mil.be</i>'),
));
'label' => 'Base URL',
'before' => $this->Html->div('forminfo', 'The base-url to the external server you want to sync with.<br/>Example: <i>https://foo.sig.mil.be</i>'),
));
echo $this->Form->input('organization', array(
'label' => 'Organization',
'before' => $this->Html->div('forminfo', 'The organization having the external server you want to sync with.<br/>Example: <i>BE</i>'),
));
echo $this->Form->input('authkey', array(
'before' => $this->Html->div('forminfo', 'You can find the authentication key on your profile on the external server.'),
));
'label' => 'Organization',
'before' => $this->Html->div('forminfo', 'The organization having the external server you want to sync with.<br/>Example: <i>BE</i>'),
));
echo $this->Form->input('authkey', array(
'before' => $this->Html->div('forminfo', 'You can find the authentication key on your profile on the external server.'),
));
echo $this->Form->input('push', array(
'before' => $this->Html->div('forminfo', 'Allow the <em>upload</em> of events and their attributes.'),
));
'before' => $this->Html->div('forminfo', 'Allow the <em>upload</em> of events and their attributes.'),
));
echo $this->Form->input('pull', array(
'before' => $this->Html->div('forminfo', 'Allow the <em>download</em> of events and their attributes from the server.'),
));
'before' => $this->Html->div('forminfo', 'Allow the <em>download</em> of events and their attributes from the server.'),
));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

24
app/View/Servers/edit.ctp
View File

@ -5,22 +5,22 @@
<?php
echo $this->Form->input('id');
echo $this->Form->input('url', array(
'label' => 'Base URL',
'before' => $this->Html->div('forminfo', 'The base-url to the external server you want to sync with.<br/>Example: <i>https://foo.sig.mil.be</i>'),
));
'label' => 'Base URL',
'before' => $this->Html->div('forminfo', 'The base-url to the external server you want to sync with.<br/>Example: <i>https://foo.sig.mil.be</i>'),
));
echo $this->Form->input('organization', array(
'label' => 'Organization',
'before' => $this->Html->div('forminfo', 'The organization having the external server you want to sync with.<br/>Example: <i>https://foo.sig.mil.be</i>'),
));
'label' => 'Organization',
'before' => $this->Html->div('forminfo', 'The organization having the external server you want to sync with.<br/>Example: <i>https://foo.sig.mil.be</i>'),
));
echo $this->Form->input('authkey', array(
'before' => $this->Html->div('forminfo', 'You can find the authentication key on your profile on the external server.<br/><i>Leave empty if you don\'t want to change it</i>.'),
));
'before' => $this->Html->div('forminfo', 'You can find the authentication key on your profile on the external server.<br/><i>Leave empty if you don\'t want to change it</i>.'),
));
echo $this->Form->input('push', array(
'before' => $this->Html->div('forminfo', 'Allow the <em>upload</em> of events and their attributes.'),
));
'before' => $this->Html->div('forminfo', 'Allow the <em>upload</em> of events and their attributes.'),
));
echo $this->Form->input('pull', array(
'before' => $this->Html->div('forminfo', 'Allow the <em>download</em> of events and their attributes from the server.'),
));
'before' => $this->Html->div('forminfo', 'Allow the <em>download</em> of events and their attributes from the server.'),
));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>

10
app/View/Servers/index.ctp
View File

@ -23,8 +23,8 @@
<?php if ($isAdmin): ?>
<td class="short"><?php echo h($server['Server']['org']); ?>&nbsp;</td>
<?php endif; ?>
<td class="short"><?php echo $server['Server']['lastpulledid']; ?></td>
<td class="short"><?php echo $server['Server']['lastpushedid']; ?></td>
<td class="short"><?php echo $server['Server']['lastpulledid']; ?></td>
<td class="short"><?php echo $server['Server']['lastpushedid']; ?></td>
<td class="actions">
<?php echo $this->Html->link(__('Edit'), array('action' => 'edit', $server['Server']['id'])); ?>
<?php echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $server['Server']['id']), null, __('Are you sure you want to delete # %s?', $server['Server']['id'])); ?>
@ -56,9 +56,9 @@
</div>
<div class="actions">
<ul>
<li><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('List Servers'), array('controller' => 'servers', 'action' => 'index'));?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
</ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

18
app/View/Servers/pull.ctp
View File

@ -1,26 +1,26 @@
<div class="servers index">
<h2>Failed pulls</h2>
<?php if (0==sizeof($fails)):?>
<p>No failed pulls</p>
<?php if (0 == count($fails)):?>
<p>No failed pulls</p>
<?php else:?>
<ul>
<?php foreach ($fails as $key => $value) echo '<li>'.$key.' : '.h($value).'</li>'; ?>
<?php foreach ($fails as $key => $value) echo '<li>' . $key . ' : ' . h($value) . '</li>'; ?>
</ul>
<?php endif;?>
<h2>Succeeded pulls</h2>
<?php if (0==sizeof($successes)):?>
<?php if (0 == count($successes)):?>
<p>No succeeded pulls</p>
<?php else:?>
<ul>
<?php foreach ($successes as $success) echo '<li>'.$success.'</li>'; ?>
<?php foreach ($successes as $success) echo '<li>' . $success . '</li>'; ?>
</ul>
<?php endif;?>
<?php endif;?>
</div>
<div class="actions">
<ul>
<li><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('List Servers'), array('controller' => 'servers', 'action' => 'index'));?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
</ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

18
app/View/Servers/push.ctp
View File

@ -1,26 +1,26 @@
<div class="servers index">
<h2>Failed pushes</h2>
<?php if (0==sizeof($fails)):?>
<p>No failed pushes</p>
<?php if (0 == count($fails)):?>
<p>No failed pushes</p>
<?php else:?>
<ul>
<?php foreach ($fails as $key => $value) echo '<li>'.$key.' : '.h($value).'</li>'; ?>
<?php foreach ($fails as $key => $value) echo '<li>' . $key . ' : ' . h($value) . '</li>'; ?>
</ul>
<?php endif;?>
<h2>Succeeded pushes</h2>
<?php if (0==sizeof($successes)):?>
<?php if (0 == count($successes)):?>
<p>No succeeded pushes</p>
<?php else:?>
<ul>
<?php foreach ($successes as $success) echo '<li>'.$success.'</li>'; ?>
<?php foreach ($successes as $success) echo '<li>' . $success . '</li>'; ?>
</ul>
<?php endif;?>
<?php endif;?>
</div>
<div class="actions">
<ul>
<li><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
<li><?php echo $this->Html->link(__('List Servers'), array('controller' => 'servers', 'action' => 'index'));?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
</ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

4
app/View/Users/admin_add.ctp
View File

@ -9,8 +9,8 @@
echo $this->Form->input('org');
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey', array('value' => $authkey));
echo $this->Form->input('nids_sid');
echo $this->Form->input('termsaccepted');
echo $this->Form->input('nids_sid');
echo $this->Form->input('termsaccepted');
echo $this->Form->input('newsread');
echo $this->Form->input('gpgkey');
?>

4
app/View/Users/admin_edit.ctp
View File

@ -9,8 +9,8 @@
echo $this->Form->input('org');
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey');
echo $this->Form->input('nids_sid');
echo $this->Form->input('termsaccepted');
echo $this->Form->input('nids_sid');
echo $this->Form->input('termsaccepted');
echo $this->Form->input('newsread');
echo $this->Form->input('gpgkey');
?>

18
app/View/Users/admin_index.ctp
View File

@ -15,21 +15,21 @@
<?php
foreach ($users as $user): ?>
<tr>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['id']); ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['org']); ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['email']); ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo $user['User']['autoalert']? 'Yes' : 'No'; ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo $user['User']['gpgkey']? 'Yes' : 'No'; ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['nids_sid']); ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['termsaccepted']); ?>&nbsp;</td>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true) ;?>';">
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['newsread']); ?>&nbsp;</td>
<td class="actions">
<?php echo $this->Html->link(__('View'), array('admin' => true, 'action' => 'view', $user['User']['id'])); ?>
@ -56,6 +56,6 @@
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

8
app/View/Users/admin_view.ctp
View File

@ -41,10 +41,10 @@
</dd>
<dt><?php echo __('Gpgkey'); ?></dt>
<dd style="font-size: 10px; line-height:100%;">
<code><?php echo nl2br(h($user['User']['gpgkey'])); ?></code>
&nbsp;
</dd>
<dd style="font-size: 10px; line-height:100%;">
<code><?php echo nl2br(h($user['User']['gpgkey'])); ?></code>
&nbsp;
</dd>
<dt><?php echo __('Nids Sid'); ?></dt>
<dd>

10
app/View/Users/edit.ctp
View File

@ -4,8 +4,8 @@
<legend><?php __('Edit User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
if ($isAdmin) echo $this->Form->input('org');
else echo $this->Form->input('org', array('disabled' => 'disabled'));
echo $this->Form->input('autoalert');
@ -19,7 +19,7 @@
<div class="actions">
<ul>
<li><?php echo $this->Html->link(__('Delete', true), array('action' => 'delete', $this->Form->value('User.id')), null, sprintf(__('Are you sure you want to delete # %s?', true), $this->Form->value('User.id'))); ?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
</div>

3
app/View/Users/login.ctp
View File

@ -7,5 +7,4 @@ echo $this->Form->inputs(array(
'password' => array('autocomplete' => 'off')
));
echo $this->Form->end('Login');
?>
echo $this->Form->end('Login');

122
app/View/Users/memberslist.ctp
View File

@ -24,66 +24,66 @@
Ext.require('Ext.chart.*');
Ext.require('Ext.layout.container.Fit');
Ext.onReady(function () {
var store = Ext.create('Ext.data.JsonStore', {
fields: [<?php echo $graph_fields;?>],
data: [<?php
foreach ($graph_data as $row) {
echo '{'.$row.'},';
}
?>]
});
var panel1 = Ext.create('widget.panel', {
width: 800,
height: 800,
//title: 'Attributes by Organisation',
renderTo: 'graph',
layout: 'fit',
items: {
xtype: 'chart',
animate: true,
shadow: false,
store: store,
legend: {
position: 'right'
},
axes: [{
type: 'Numeric',
position: 'bottom',
fields: [<?php echo $graph_fields;?>],
title: false,
grid: true,
label: {
renderer: function(v) {
return v;
}
},
roundToDecimal: false
}, {
type: 'Category',
position: 'left',
fields: ['org'],
title: false
}],
series: [{
type: 'bar',
axis: 'bottom',
gutter: 80,
xField: 'org',
yField: [<?php echo $graph_fields;?>],
stacked: true,
tips: {
trackMouse: true,
width: 65,
height: 28,
renderer: function(storeItem, item) {
this.setTitle(item.value[1]);
}
}
}]
}
});
});
Ext.onReady(function () {
var store = Ext.create('Ext.data.JsonStore', {
fields: [<?php echo $graph_fields;?>],
data: [<?php
foreach ($graph_data as $row) {
echo '{' . $row . '},';
}
?>]
});
var panel1 = Ext.create('widget.panel', {
width: 800,
height: 800,
//title: 'Attributes by Organisation',
renderTo: 'graph',
layout: 'fit',
items: {
xtype: 'chart',
animate: true,
shadow: false,
store: store,
legend: {
position: 'right'
},
axes: [{
type: 'Numeric',
position: 'bottom',
fields: [<?php echo $graph_fields;?>],
title: false,
grid: true,
label: {
renderer: function(v) {
return v;
}
},
roundToDecimal: false
}, {
type: 'Category',
position: 'left',
fields: ['org'],
title: false
}],
series: [{
type: 'bar',
axis: 'bottom',
gutter: 80,
xField: 'org',
yField: [<?php echo $graph_fields;?>],
stacked: true,
tips: {
trackMouse: true,
width: 65,
height: 28,
renderer: function(storeItem, item) {
this.setTitle(item.value[1]);
}
}
}]
}
});
});
</script>
<!-- table cellpadding="0" cellspacing="0" style="width:400px;">
@ -108,7 +108,7 @@
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

2
app/View/Users/news.ctp
View File

@ -66,7 +66,7 @@ A bug in the DNS attributes has been corrected.</p>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

8
app/View/Users/terms.ctp
View File

@ -38,15 +38,15 @@ holder or other party has been advised of the possibility of such damages.</li>
<?php
if (!$termsaccepted) {
echo $this->Form->create('User');
echo $this->Form->hidden('termsaccepted', array('default'=> '1'));
echo $this->Form->end(__('Accept Terms', true));
echo $this->Form->create('User');
echo $this->Form->hidden('termsaccepted', array('default' => '1'));
echo $this->Form->end(__('Accept Terms', true));
}
?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

2
app/View/Users/view.ctp
View File

@ -52,6 +52,6 @@
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?> </li>
<li><?php echo $this->Html->link(__('Delete User', true), array('action' => 'delete', $user['User']['id']), null, sprintf(__('Are you sure you want to delete # %s?', true), $user['User']['id'])); ?> </li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>