mirror of https://github.com/MISP/MISP
new: Added option to include base64 encoded attachments in the ZMQ output, fixes #3169
iglocska
parent
0324379ebd
commit
99206201bd
|
|
@ -581,6 +581,11 @@ class Attribute extends AppModel {
|
|||
} else {
|
||||
$this->__afterSaveCorrelation($this->data['Attribute']);
|
||||
}
|
||||
$result = true;
|
||||
// if the 'data' field is set on the $this->data then save the data to the correct file
|
||||
if (isset($this->data['Attribute']['type']) && $this->typeIsAttachment($this->data['Attribute']['type']) && !empty($this->data['Attribute']['data'])) {
|
||||
$result = $result && $this->saveBase64EncodedAttachment($this->data['Attribute']); // TODO : is this correct?
|
||||
}
|
||||
if (Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_attribute_notifications_enable')) {
|
||||
$pubSubTool = $this->getPubSubTool();
|
||||
$attribute = $this->fetchAttribute($this->id);
|
||||
|
|
@ -595,17 +600,15 @@ class Attribute extends AppModel {
|
|||
if (empty($attribute['Object']['id'])) unset($attribute['Object']);
|
||||
$action = $created ? 'add' : 'edit';
|
||||
if (!empty($this->data['Attribute']['deleted'])) $action = 'soft-delete';
|
||||
if (Configure::read('Plugin.ZeroMQ_include_attachments') && $this->typeIsAttachment($attribute['Attribute']['type'])) {
|
||||
$attribute['Attribute']['data'] = $this->base64EncodeAttachment($attribute['Attribute']);
|
||||
}
|
||||
$pubSubTool->attribute_save($attribute, $action);
|
||||
}
|
||||
}
|
||||
if (Configure::read('MISP.enable_advanced_correlations') && in_array($this->data['Attribute']['type'], array('ip-src', 'ip-dst', 'domain-ip')) && strpos($this->data['Attribute']['value'], '/')) {
|
||||
$this->setCIDRList();
|
||||
}
|
||||
$result = true;
|
||||
// if the 'data' field is set on the $this->data then save the data to the correct file
|
||||
if (isset($this->data['Attribute']['type']) && $this->typeIsAttachment($this->data['Attribute']['type']) && !empty($this->data['Attribute']['data'])) {
|
||||
$result = $result && $this->saveBase64EncodedAttachment($this->data['Attribute']); // TODO : is this correct?
|
||||
}
|
||||
if ($created && isset($this->data['Attribute']['event_id']) && empty($this->data['Attribute']['skip_auto_increment'])) {
|
||||
$this->__alterAttributeCount($this->data['Attribute']['event_id']);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3055,7 +3055,11 @@ class Event extends AppModel {
|
|||
$hostOrg = $this->Org->find('first', array('conditions' => array('name' => Configure::read('MISP.org')), 'fields' => array('id')));
|
||||
if (!empty($hostOrg)) {
|
||||
$user = array('org_id' => $hostOrg['Org']['id'], 'Role' => array('perm_sync' => 0, 'perm_audit' => 0, 'perm_site_admin' => 0), 'Organisation' => $hostOrg['Org']);
|
||||
$fullEvent = $this->fetchEvent($user, array('eventid' => $id));
|
||||
$params = array('eventid' => $id);
|
||||
if (Configure::read('Plugin.ZeroMQ_include_attachments')) {
|
||||
$params['includeAttachments'] = 1;
|
||||
}
|
||||
$fullEvent = $this->fetchEvent($user, $params);
|
||||
if (!empty($fullEvent)) $pubSubTool->publishEvent($fullEvent[0], 'publish');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue