fix: When deleting an attirbute/objects, object references to it are not deleted, fixes #2477

- force a reference deletion on attribute/object deletion - changed it to match deletion type - soft-deleting an attribute/object soft-deletes all references to it - hard-deleting an attribute/object hard-deletes all references to it
2017-09-17 12:26:06 +02:00 · 2017-09-17 12:26:06 +02:00 · 9eb3ea2114
parent 80e70fd240
commit 9eb3ea2114
4 changed files with 43 additions and 0 deletions
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@ -1072,6 +1072,17 @@ class AttributesController extends AppController {
 			$result['Attribute']['deleted'] = 1;
 			$result['Attribute']['timestamp'] = $date->getTimestamp();
 			$save = $this->Attribute->save($result);
+			$object_refs = $this->Attribute->Object->ObjectReference->find('all', array(
+				'conditions' => array(
+					'ObjectReference.referenced_type' => 0,
+					'ObjectReference.referenced_id' => $id,
+				),
+				'recursive' => -1
+			));
+			foreach ($object_refs as $ref) {
+				$ref['ObjectReference']['deleted'] = 1;
+				$this->Attribute->Object->ObjectReference->save($ref);
+			}
 		}
 		// attachment will be deleted with the beforeDelete() function in the Model
 		if ($save) {
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@ -477,6 +477,17 @@ class ObjectsController extends AppController {
 			$object['Event']['timestamp'] = $date->getTimestamp();
 			$object['Event']['published'] = 0;
 			$this->MispObject->Event->save($object, array('fieldList' => array('published', 'timestamp', 'info')));
+			$object_refs = $this->MispObject->ObjectReference->find('all', array(
+				'conditions' => array(
+					'ObjectReference.referenced_type' => 1,
+					'ObjectReference.referenced_id' => $id,
+				),
+				'recursive' => -1
+			));
+			foreach ($object_refs as $ref) {
+				$ref['ObjectReference']['deleted'] = 1;
+				$this->MispObject->ObjectReference->save($ref);
+			}
 			return true;
 		}
 	}
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -598,6 +598,15 @@ class Attribute extends AppModel {
 		if (Configure::read('MISP.enable_advanced_correlations') && in_array($this->data['Attribute']['type'], array('ip-src', 'ip-dst', 'domain-ip')) && strpos($this->data['Attribute']['value'], '/')) {
 			$this->setCIDRList();
 		}
+		if (!empty($this->data['Attribute']['id'])) {
+			$this->Object->ObjectReference->deleteAll(
+				array(
+					'ObjectReference.referenced_type' => 0,
+					'ObjectReference.referenced_id' => $this->data['Attribute']['id'],
+				),
+				false
+			);
+		}
 	}

 	public function beforeValidate($options = array()) {
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@ -74,6 +74,18 @@ class MispObject extends AppModel {
 		return true;
 	}

+	public function afterDelete() {
+		if (!empty($this->data[$this->alias]['id'])) {
+			$this->ObjectReference->deleteAll(
+				array(
+					'ObjectReference.referenced_type' => 1,
+					'ObjectReference.referenced_id' => $this->data[$this->alias]['id'],
+				),
+				false
+			);
+		}
+	}
+
 	public function saveObject($object, $eventId, $template, $user, $errorBehaviour = 'drop') {
 		$this->create();
 		$templateFields = array(