From 9af6130d43a92a852eb74701bb5958ece641ffdb Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 9 Feb 2018 11:30:28 +0100
Subject: [PATCH] new: Added STIX import directly to the UI

---
 app/Controller/Component/ACLComponent.php |   1 +
 app/Controller/EventsController.php       | 165 +++++++++++++++++-----
 app/View/Elements/side_menu.ctp           |   2 +-
 3 files changed, 131 insertions(+), 37 deletions(-)

diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php
index b45bb19bb..6b0d7b74c 100644
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@@ -124,6 +124,7 @@ class ACLComponent extends Component {
 					'toggleCorrelation' => array('perm_add'),
 					'updateGraph' => array('*'),
 					'upload_sample' => array('AND' => array('perm_auth', 'perm_add')),
+					'upload_stix' => array('perm_add'),
 					'view' => array('*'),
 					'viewEventAttributes' => array('*'),
 					'viewGraph' => array('*'),
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 7ae423748..065dbd025 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -1424,6 +1424,84 @@ class EventsController extends AppController {
 		}
 	}
 
+	public function upload_stix() {
+		if (!$this->userRole['perm_modify']) {
+			throw new UnauthorizedException('You do not have permission to do that.');
+		}
+		if ($this->request->is('post')) {
+			if ($this->_isRest()) {
+				$randomFileName = $this->Event->generateRandomFileName();
+				$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
+				$tempFile = new File($tmpDir . DS . $randomFileName, true, 0644);
+				$tempFile->write($this->request->input());
+				$tempFile->close();
+				$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName);
+				if (is_array($result)) {
+					return $this->RestResponse->saveSuccessResponse('Events', 'upload_stix', false, $this->response->type(), 'STIX document imported, event\'s created: ' . implode(', ', $result) . '.');
+				} else if (is_numeric($result)) {
+					$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $result));
+					if (!empty($event)) {
+						return $this->RestResponse->viewData($event[0], $this->response->type());
+					} else {
+						return $this->RestResponse->saveFailResponse('Events', 'upload_stix', false, 'Could not read saved event.', $this->response->type());
+					}
+				} else {
+					return $this->RestResponse->saveFailResponse('Events', 'upload_stix', false, $result, $this->response->type());
+				}
+			} else {
+				if (isset($this->data['Event']['stix']) && $this->data['Event']['stix']['size'] > 0 && is_uploaded_file($this->data['Event']['stix']['tmp_name'])) {
+					$randomFileName = $this->Event->generateRandomFileName();
+					$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
+					move_uploaded_file($this->data['Event']['stix']['tmp_name'], $tmpDir . DS . $randomFileName);
+					$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName);
+					if (is_array($result)) {
+						$this->Session->setFlash(__('STIX document imported, event\'s created: ' . implode(', ', $result) . '.'));
+						$this->redirect(array('action' => 'index'));
+					} else if (is_numeric($result)) {
+						$this->Session->setFlash(__('STIX document imported.'));
+						$this->redirect(array('action' => 'view', $result));
+					} else {
+						$this->Session->setFlash(__('Could not import STIX document: ' . $result));
+					}
+				} else {
+					$max_size = intval(ini_get('post_max_size'));
+					if (intval(ini_get('upload_max_filesize')) < $max_size) $max_size = intval(ini_get('upload_max_filesize'));
+					$this->Session->setFlash(__('File upload failed. Make sure that you select a stix file to be uploaded and that the file doesn\'t exceed the maximum file size of ' . $max_size . '.'));
+				}
+			}
+		}
+	}
+
+/*
+	public function upload_stix2() {
+		if (!$this->userRole['perm_modify']) {
+			throw new UnauthorizedException('You do not have permission to do that.');
+		}
+		if ($this->request->is('post')) {
+
+			if ($this->_isRest()) {
+				$randomFileName = $this->Event->generateRandomFileName();
+				$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
+				$tempFile = new File($tmpDir . DS . $randomFileName, true, 0644);
+				$tempFile->write($this->request->input());
+				$tempFile->close();
+				$result = $this->Event->upload_stix2($this->Auth->user(), $randomFileName);
+			} else {
+				if (isset($this->data['Event']['stix']) && $this->data['Event']['stix']['size'] > 0 && is_uploaded_file($this->data['Event']['stix']['tmp_name'])) {
+					$randomFileName = $this->Event->generateRandomFileName();
+					$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
+					move_uploaded_file($this->data['Event']['stix']['tmp_name'], $tmpDir . DS . $randomFileName);
+					$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName);
+				} else {
+					$max_size = intval(ini_get('post_max_size'));
+					if (intval(ini_get('upload_max_filesize')) < $max_size) $max_size = intval(ini_get('upload_max_filesize'));
+					throw new UnauthorizedException('File upload failed. Make sure that you select a stix file to be uploaded and that the file doesn\'t exceed the maximum file size of ' . $max_size . '.');
+				}
+			}
+		}
+	}
+	*/
+
 	public function merge($target_id = null) {
 		$this->Event->id = $target_id;
 		$eIds = $this->Event->fetchEventIds($this->Auth->user(), false, false, false, true);
@@ -3869,45 +3947,60 @@ class EventsController extends AppController {
 		$this->render('ajax/exportChoice');
 	}
 
-	public function importChoice($id) {
-		if (!is_numeric($id)) throw new MethodNotAllowedException('Invalid ID');
-		$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $id));
-		if (empty($event)) throw new NotFoundException('Event not found or you are not authorised to view it.');
-		$event = $event[0];
-		$imports = array(
-				'freetext' => array(
-						'url' => '/events/freeTextImport/' . $id,
-						'text' => 'Freetext Import',
-						'ajax' => true,
-						'target' => 'popover_form'
-				),
-				'template' => array(
-						'url' => '/templates/templateChoices/' . $id,
-						'text' => 'Populate using a Template',
-						'ajax' => true,
-						'target' => 'popover_form'
-				),
-				'OpenIOC' => array(
-						'url' => '/events/addIOC/' . $id,
-						'text' => 'OpenIOC Import',
+	public function importChoice($id = false, $scope = 'event') {
+		if ($scope == 'event') {
+			if (!is_numeric($id)) throw new MethodNotAllowedException('Invalid ID');
+			$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $id));
+			if (empty($event)) throw new NotFoundException('Event not found or you are not authorised to view it.');
+			$event = $event[0];
+			$imports = array(
+					'freetext' => array(
+							'url' => '/events/freeTextImport/' . $id,
+							'text' => 'Freetext Import',
+							'ajax' => true,
+							'target' => 'popover_form'
+					),
+					'template' => array(
+							'url' => '/templates/templateChoices/' . $id,
+							'text' => 'Populate using a Template',
+							'ajax' => true,
+							'target' => 'popover_form'
+					),
+					'OpenIOC' => array(
+							'url' => '/events/addIOC/' . $id,
+							'text' => 'OpenIOC Import',
+							'ajax' => false,
+					),
+					'ThreatConnect' => array(
+							'url' => '/attributes/add_threatconnect/' . $id,
+							'text' => 'ThreatConnect Import',
+							'ajax' => false
+					)
+			);
+			$this->loadModel('Module');
+			$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
+			if (is_array($modules) && !empty($modules)) {
+				foreach ($modules['modules'] as $k => $module) {
+					$imports[$module['name']] = array(
+							'url' => '/events/importModule/' . $module['name'] . '/' . $id,
+							'text' => Inflector::humanize($module['name']),
+							'ajax' => false
+					);
+				}
+			}
+		} else {
+			$imports = array(
+				'MISP' => array(
+						'url' => '/events/add_misp_export',
+						'text' => 'MISP standard (recommended exchange format)',
 						'ajax' => false,
 				),
-				'ThreatConnect' => array(
-						'url' => '/attributes/add_threatconnect/' . $id,
-						'text' => 'ThreatConnect Import',
-						'ajax' => false
+				'STIX' => array(
+						'url' => '/events/upload_stix',
+						'text' => 'STIX 1.1.1 format',
+						'ajax' => false,
 				)
-		);
-		$this->loadModel('Module');
-		$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
-		if (is_array($modules) && !empty($modules)) {
-			foreach ($modules['modules'] as $k => $module) {
-				$imports[$module['name']] = array(
-						'url' => '/events/importModule/' . $module['name'] . '/' . $id,
-						'text' => Inflector::humanize($module['name']),
-						'ajax' => false
-				);
-			}
+			);
 		}
 		$this->set('imports', $imports);
 		$this->set('id', $id);
diff --git a/app/View/Elements/side_menu.ctp b/app/View/Elements/side_menu.ctp
index 0fb22951e..eba37bbfd 100644
--- a/app/View/Elements/side_menu.ctp
+++ b/app/View/Elements/side_menu.ctp
@@ -84,7 +84,7 @@
 					<li id='liindex'><a href="<?php echo $baseurl;?>/events/index"><?php echo __('List Events');?></a></li>
 					<?php if ($isAclAdd): ?>
 					<li id='liadd'><a href="<?php echo $baseurl;?>/events/add"><?php echo __('Add Event');?></a></li>
-					<li id='liaddMISPExport'><a href="<?php echo $baseurl;?>/events/add_misp_export"><?php echo __('Import From MISP Export');?></a></li>
+					<li id='liaddMISPExport'><a onClick="getPopup('0', 'events', 'importChoice/event-collection');" style="cursor:pointer;"><?php echo __('Import from…');?></a></li>
 					<?php endif; ?>
 					<li class="divider"></li>
 					<li id='lilistAttributes'><a href="<?php echo $baseurl;?>/attributes/index"><?php echo __('List Attributes');?></a></li>