mirror of https://github.com/MISP/MISP
new: [API] reworked the attribute level restsearch
- use the new filter parameters - use the new condition building mechanism - no more pre-filteringpull/3608/head
iglocska
parent
16f7ac960d
commit
97d075f22f
|
|
@ -2082,7 +2082,77 @@ class AttributesController extends AppController
|
|||
$this->set('fails', $this->Attribute->checkComposites());
|
||||
}
|
||||
|
||||
|
||||
public function restSearch($returnFormat = 'json', $value = false, $type = false, $category = false, $org = false, $tags = false, $from = false, $to = false, $last = false, $eventid = false, $withAttachments = false, $uuid = false, $publish_timestamp = false, $published = false, $timestamp = false, $enforceWarninglist = false, $to_ids = false, $deleted = false, $includeEventUuid = false, $event_timestamp = false, $threat_level_id = false) {
|
||||
$paramArray = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id');
|
||||
$filterData = array(
|
||||
'request' => $this->request,
|
||||
'named_params' => $this->params['named'],
|
||||
'paramArray' => $paramArray,
|
||||
'ordered_url_params' => compact($paramArray)
|
||||
);
|
||||
$exception = false;
|
||||
$filters = $this->_harvestParameters($filterData, $exception);
|
||||
unset($filterData);
|
||||
if ($filters === false) {
|
||||
return $exception;
|
||||
}
|
||||
$list = array();
|
||||
$user = $this->_getApiAuthUser($returnFormat, $exception);
|
||||
if ($user === false) {
|
||||
return $exception;
|
||||
}
|
||||
if (isset($filters['returnFormat'])) {
|
||||
$returnFormat = $filters['returnFormat'];
|
||||
}
|
||||
$conditions = $this->Attribute->buildFilterConditions($this->Auth->user(), $filters);
|
||||
$params = array(
|
||||
'conditions' => $conditions,
|
||||
'fields' => array('Attribute.*', 'Event.org_id', 'Event.distribution'),
|
||||
'withAttachments' => !empty($filters['withAttachments']) ? $filters['withAttachments'] : 0,
|
||||
'enforceWarninglist' => !empty($filters['enforceWarninglist']) ? $filters['enforceWarninglist'] : 0,
|
||||
'includeAllTags' => true,
|
||||
'flatten' => 1,
|
||||
'includeEventUuid' => !empty($filters['includeEventUuid']) ? $filters['includeEventUuid'] : 0,
|
||||
);
|
||||
if (!empty($filtes['deleted'])) {
|
||||
$params['deleted'] = 1;
|
||||
if ($params['deleted'] === 'only') {
|
||||
$params['conditions']['AND'][] = array('Attribute.deleted' => 1);
|
||||
$params['conditions']['AND'][] = array('Object.deleted' => 1);
|
||||
}
|
||||
}
|
||||
$results = $this->Attribute->fetchAttributes($this->Auth->user(), $params);
|
||||
$this->loadModel('Whitelist');
|
||||
$results = $this->Whitelist->removeWhitelistedFromArray($results, true);
|
||||
if ($returnFormat == 'openioc') {
|
||||
App::uses('IOCExportTool', 'Tools');
|
||||
$this->IOCExport = new IOCExportTool();
|
||||
$results = $this->IOCExport->buildAll($this->Auth->user(), $results, 'attribute');
|
||||
} else {
|
||||
if (!empty($results)) {
|
||||
$results = array('response' => array('Attribute' => $results));
|
||||
foreach ($results['response']['Attribute'] as $k => $v) {
|
||||
if (isset($results['response']['Attribute'][$k]['AttributeTag'])) {
|
||||
foreach ($results['response']['Attribute'][$k]['AttributeTag'] as $tk => $tag) {
|
||||
$results['response']['Attribute'][$k]['Attribute']['Tag'][$tk] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
$results['response']['Attribute'][$k] = $results['response']['Attribute'][$k]['Attribute'];
|
||||
unset(
|
||||
$results['response']['Attribute'][$k]['value1'],
|
||||
$results['response']['Attribute'][$k]['value2']
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$results = array('response' => array('Attribute' => array()));
|
||||
}
|
||||
}
|
||||
$responseType = $this->response->type();
|
||||
if ($returnFormat == 'openioc') {
|
||||
$responseType = 'openioc';
|
||||
}
|
||||
return $this->RestResponse->viewData($results, $responseType);
|
||||
}
|
||||
|
||||
// Use the rest interface to search for attributes. Usage:
|
||||
// MISP-base-url/attributes/restSearch/[api-key]/[value]/[type]/[category]/[orgc]
|
||||
|
|
@ -2090,7 +2160,7 @@ class AttributesController extends AppController
|
|||
// the last 4 fields accept the following operators:
|
||||
// && - you can use && between two search values to put a logical OR between them. for value, 1.1.1.1&&2.2.2.2 would find attributes with the value being either of the two.
|
||||
// ! - you can negate a search term. For example: google.com&&!mail would search for all attributes with value google.com but not ones that include mail. www.google.com would get returned, mail.google.com wouldn't.
|
||||
public function restSearch($key = 'download', $value = false, $type = false, $category = false, $org = false, $tags = false, $from = false, $to = false, $last = false, $eventid = false, $withAttachments = false, $uuid = false, $publish_timestamp = false, $published = false, $timestamp = false, $enforceWarninglist = false, $to_ids = false, $deleted = false, $includeEventUuid = false, $event_timestamp = false, $threat_level_id = false)
|
||||
public function restSearch2($key = 'download', $value = false, $type = false, $category = false, $org = false, $tags = false, $from = false, $to = false, $last = false, $eventid = false, $withAttachments = false, $uuid = false, $publish_timestamp = false, $published = false, $timestamp = false, $enforceWarninglist = false, $to_ids = false, $deleted = false, $includeEventUuid = false, $event_timestamp = false, $threat_level_id = false)
|
||||
{
|
||||
if ($tags) {
|
||||
$tags = str_replace(';', ':', $tags);
|
||||
|
|
|
|||
|
|
@ -3581,6 +3581,7 @@ class Attribute extends AppModel
|
|||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function attachValidationWarnings($adata)
|
||||
{
|
||||
if (!$this->__fTool) {
|
||||
|
|
@ -3591,4 +3592,52 @@ class Attribute extends AppModel
|
|||
}
|
||||
return $adata;
|
||||
}
|
||||
|
||||
public function buildFilterConditions($user, &$params)
|
||||
{
|
||||
$conditions = $this->buildConditions($user);
|
||||
$attribute_conditions = array();
|
||||
$object_conditions = array();
|
||||
$simple_params = array(
|
||||
'Attribute' => array(
|
||||
'value' => array('function' => 'set_filter_value'),
|
||||
'category' => array('function' => 'set_filter_simple_attribute'),
|
||||
'type' => array('function' => 'set_filter_simple_attribute'),
|
||||
'tags' => array('function' => 'set_filter_tags'),
|
||||
'uuid' => array('function' => 'set_filter_uuid'),
|
||||
'deleted' => array('function' => 'set_filter_deleted')
|
||||
),
|
||||
'Event' => array(
|
||||
'eventid' => array('function' => 'set_filter_eventid'),
|
||||
'ignore' => array('function' => 'set_filter_ignore'),
|
||||
'tags' => array('function' => 'set_filter_tags'),
|
||||
'tag' => array('function' => 'set_filter_tags'),
|
||||
'from' => array('function' => 'set_filter_timestamp'),
|
||||
'to' => array('function' => 'set_filter_timestamp'),
|
||||
'last' => array('function' => 'set_filter_timestamp'),
|
||||
'timestamp' => array('function' => 'set_filter_timestamp'),
|
||||
'publish_timestamp' => array('function' => 'set_filter_timestamp'),
|
||||
'org' => array('function' => 'set_filter_org'),
|
||||
'uuid' => array('function' => 'set_filter_uuid'),
|
||||
'published' => array('function' => 'set_filter_published')
|
||||
),
|
||||
'Object' => array(
|
||||
'object_name' => array('function' => 'set_filter_object_name'),
|
||||
'deleted' => array('function' => 'set_filter_deleted')
|
||||
)
|
||||
);
|
||||
foreach ($params as $param => $paramData) {
|
||||
foreach ($simple_params as $scope => $simple_param_scoped) {
|
||||
if (isset($simple_param_scoped[$param]) && $params[$param] !== false) {
|
||||
$options = array(
|
||||
'filter' => $param,
|
||||
'scope' => $scope,
|
||||
'pop' => !empty($simple_param_scoped[$param]['pop'])
|
||||
);
|
||||
$conditions = $this->Event->{$simple_param_scoped[$param]['function']}($params, $conditions, $options);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $conditions;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1297,9 +1297,6 @@ class Event extends AppModel
|
|||
public function filterEventIds($user, &$params = array())
|
||||
{
|
||||
$conditions = $this->createEventConditions($user);
|
||||
$paramArray = array('searchall', 'withAttachments', 'metadata', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly');
|
||||
$attribute_conditions = array();
|
||||
$object_conditions = array();
|
||||
$simple_params = array(
|
||||
'Event' => array(
|
||||
'eventid' => array('function' => 'set_filter_eventid', 'pop' => true),
|
||||
|
|
@ -1995,6 +1992,23 @@ class Event extends AppModel
|
|||
return $conditions;
|
||||
}
|
||||
|
||||
public function set_filter_deleted(&$params, $conditions, $options)
|
||||
{
|
||||
if (!empty($params['deleted'])) {
|
||||
if (empty($options['scope'])) {
|
||||
$scope = 'Attribute';
|
||||
} else {
|
||||
$scope = $options['scope'];
|
||||
}
|
||||
if ($params['deleted'])
|
||||
$conditions = $this->
|
||||
$conditions = $this->generic_add_filter($conditions, $params['deleted'], $scope . '.deleted');
|
||||
}
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function set_filter_ignore(&$params, $conditions, $options)
|
||||
{
|
||||
if (empty($params['ignore'])) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue