diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 64d60dbab..675a4abb2 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -35,6 +35,8 @@ class EventsController extends AppController {
$this->Auth->allow('xml');
$this->Auth->allow('nids');
$this->Auth->allow('text');
+
+ $this->Auth->allow('dot');
}
public function isAuthorized($user) {
@@ -385,7 +387,7 @@ class EventsController extends AppController {
$this->Event->recursive = 1;
$event = $this->Event->read(null, $id);
- // The mail body, Sanitize::html() is NOT needed as we are sending plain-text mails.
+ // The mail body, h() is NOT needed as we are sending plain-text mails.
$body = "";
$appendlen = 20;
$body .= 'URL : '.Configure::read('CyDefSIG.baseurl').'/events/view/'.$event['Event']['id']."\n";
@@ -544,7 +546,7 @@ class EventsController extends AppController {
$event = $this->Event->read(null, $id);
$reporter = $event['User']; // email, gpgkey
- // The mail body, Sanitize::html() is NOT needed as we are sending plain-text mails.
+ // The mail body, h() is NOT needed as we are sending plain-text mails.
$body = "";
$body .="Hello, \n";
$body .="\n";
@@ -961,6 +963,68 @@ class EventsController extends AppController {
}
+// public function dot($key) {
+// // check if the key is valid -> search for users based on key
+// $this->loadModel('User');
+// // no input sanitization necessary, it's done by model
+// // TODO do not fetch recursive
+// $this->User->recursive=0;
+// $user = $this->User->findByAuthkey($key);
+// if (empty($user)) {
+// throw new UnauthorizedException('Incorrect authentication key');
+// }
+// // display the full snort rulebase
+// $this->response->type('txt'); // set the content type
+// $this->header('Content-Disposition: inline; filename="cydefsig.rules"');
+// $this->layout = 'text/default';
+
+// $rules= array();
+// $this->loadModel('Attribute');
+
+// $params = array(
+// 'recursive' => 0,
+// 'fields' => array('Attribute.*')
+// );
+// $items = $this->Attribute->find('all', $params);
+
+// $composite_types = $this->Attribute->getCompositeTypes();
+// // rebuild the array with the correct data
+// foreach ($items as &$item) {
+// if (in_array($item['Attribute']['type'], $composite_types)) {
+// // create a new item that will contain value2
+// $new_item = $item;
+// // set the correct type for the first item
+// $pieces = explode('|', $item['Attribute']['type']);
+// $item['Attribute']['type'] = $pieces[0];
+// // set the correct data for the new item
+// $new_item['Attribute']['type'] = (isset($pieces[1]))? $pieces[1] : 'md5';
+// $new_item['Attribute']['value'] = $item['Attribute']['value2'];
+// unset($new_item['Attribute']['value1']);
+// unset($new_item['Attribute']['value2']);
+// // store the new item
+// $items[] = $new_item;
+// }
+// // set the correct fields for the attribute
+// if (isset($item['Attribute']['value1'])) {
+// $item['Attribute']['value'] = $item['Attribute']['value1'];
+// }
+// unset($item['Attribute']['value1']);
+// unset($item['Attribute']['value2']);
+// }
+// debug($items);
+
+// // iterate over the array to build the GV links
+// require_once 'Image/GraphViz.php';
+// $gv = new Image_GraphViz();
+// $gv->addEdge(array('wake up' => 'visit bathroom'));
+// $gv->addEdge(array('visit bathroom' => 'make coffee'));
+// foreach ($items as &$item) {
+// $gv->addNode('Node 1',
+// array(''));
+// }
+// debug($gv);
+// $gv->image();
+// }
/**
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 3e5df834a..9fb149208 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -142,7 +142,6 @@ class Attribute extends AppModel {
),
),
'type' => array(
- // FIXME inList should be initialized from keys and mapping of $type_definitions but I don't know how to do it now
// currently when adding a new attribute type we need to change it in both places
'rule' => array('validateTypeValue'),
'message' => 'Options depend on the selected category.',
diff --git a/app/Model/Event.php b/app/Model/Event.php
index f7f1b2c0d..6d4523a86 100644
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -18,12 +18,13 @@ class Event extends AppModel {
*
* @var array
*/
-
+
public $field_descriptions = array(
- 'risk' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels:
low: mass-malware
medium: APT malware
high: sophisticated APT malware or 0-day attack'),
- 'private' => array('desc' => 'This field tells if the event should be shared with other CyDefSIG servers')
+ 'risk' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels:
low: mass-malware
medium: APT malware
high: sophisticated APT malware or 0-day attack'),
+ 'private' => array('desc' => 'This field tells if the event should be shared with other CyDefSIG servers'),
+ 'classification' => array('desc' => 'Set the Traffic Light Protocol classification. - TLP:AMBER- Share only within the organization on a need-to-know basis
- TLP:GREEN:NeedToKnow- Share within your constituency on the need-to-know basis.
- TLP:GREEN- Share within your constituency.
')
);
-
+
/**
* Validation rules
*
@@ -108,6 +109,14 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
+// 'classification' => array(
+// 'rule' => array('inList', array('TLP:AMBER', 'TLP:GREEN:NeedToKnow', 'TLP:GREEN')),
+// //'message' => 'Your custom message here',
+// //'allowEmpty' => false,
+// 'required' => true,
+// //'last' => false, // Stop validation after this rule
+// //'on' => 'create', // Limit validation to 'create' or 'update' operations
+// ),
);
//The Associations below have been created with all possible keys, those that are not needed can be removed