mirror of https://github.com/MISP/MISP
Various changes and bug fixes
- contact reporter first tries to contact orgc users on the instance, if they don't exist, it will contact the owner (instead of going straight to the owner) - hostname / domain name validation change broke validation of hostnames/domain names / email addresses with a "-" - Some documentation changes for the REST API (more coming) - some tuning of the freetext importpull/567/head
parent
df4888602a
commit
a0afab66a7
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":83}
|
||||
{"major":2, "minor":3, "hotfix":84}
|
||||
|
|
|
@ -69,6 +69,7 @@ class PagesController extends AppController {
|
|||
if (!empty($path[$count - 1])) {
|
||||
$title_for_layout = Inflector::humanize($path[$count - 1]);
|
||||
}
|
||||
$this->set('user', $this->Auth->User());
|
||||
$this->set(compact('page', 'subpage', 'title_for_layout'));
|
||||
$this->render(implode('/', $path));
|
||||
}
|
||||
|
|
|
@ -125,18 +125,14 @@ class ComplexTypeTool {
|
|||
return array('types' => array('domain'), 'to_ids' => true, 'default_type' => 'domain', 'comment' => $comment, 'value' => $input2);
|
||||
}
|
||||
} else {
|
||||
if (!preg_match('/[?:<>|\\*:\/@]/', $input) && strpos($input, '.') != 0 && strpos($input, '.') != (strlen($input)-1)) {
|
||||
return array('types' => array('filename'), 'to_ids' => true, 'default_type' => 'filename');
|
||||
}
|
||||
if ($this->__resolveFilename($input)) return array('types' => array('filename'), 'to_ids' => true, 'default_type' => 'filename');
|
||||
}
|
||||
}
|
||||
|
||||
if (strpos($input, '\\') !== false) {
|
||||
$temp = explode('\\', $input);
|
||||
if (strpos($temp[count($temp)-1], '.')) {
|
||||
if (!preg_match('/[?:<>|\\*:\/]/', $temp[count($temp)-1]) && strpos($temp[count($temp)-1], '.') != 0 && strpos($temp[count($temp)-1], '.') != (strlen($temp[count($temp)-1])-1)) {
|
||||
return array('types' => array('filename'), 'category' => 'Payload installation', 'to_ids' => false, 'default_type' => 'filename');
|
||||
}
|
||||
if ($this->__resolveFilename($temp[count($temp)-1])) return array('types' => array('filename'), 'category' => 'Payload installation', 'to_ids' => false, 'default_type' => 'filename');
|
||||
} else {
|
||||
return array('types' => array('regkey'), 'to_ids' => false, 'default_type' => 'regkey');
|
||||
}
|
||||
|
@ -151,4 +147,14 @@ class ComplexTypeTool {
|
|||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function __resolveFilename($input) {
|
||||
if (
|
||||
strpos($input, '.') != 0 &&
|
||||
strpos($input, '..') == 0 &&
|
||||
strpos($input, '.') != (strlen($input)-1) &&
|
||||
!preg_match('/[?:<>|\\*:\/@]/', $input)
|
||||
) return true;
|
||||
return false;
|
||||
}
|
||||
}
|
|
@ -628,7 +628,7 @@ class Attribute extends AppModel {
|
|||
break;
|
||||
case 'hostname':
|
||||
case 'domain':
|
||||
if (preg_match("#^[A-Z0-9.-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||
if (preg_match("#^[A-Z0-9.\-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
$returnValue = 'Domain name has invalid format. Please double check the value or select "other" for a type.';
|
||||
|
@ -636,7 +636,7 @@ class Attribute extends AppModel {
|
|||
break;
|
||||
case 'email-src':
|
||||
// we don't use the native function to prevent issues with partial email addresses
|
||||
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.\-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
$returnValue = 'Email address has invalid format. Please double check the value or select "other" for a type.';
|
||||
|
@ -644,7 +644,7 @@ class Attribute extends AppModel {
|
|||
break;
|
||||
case 'email-dst':
|
||||
// we don't use the native function to prevent issues with partial email addresses
|
||||
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||
if (preg_match("#^[A-Z0-9._%+-]*@[A-Z0-9.\-_]+\.[A-Z]{2,}$#i", $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
$returnValue = 'Email address has invalid format. Please double check the value or select "other" for a type.';
|
||||
|
|
|
@ -1221,7 +1221,8 @@ class Event extends AppModel {
|
|||
//limit this array to users with contactalerts turned on!
|
||||
$orgMembers = array();
|
||||
$this->User->recursive = -1;
|
||||
$temp = $this->User->findAllByOrg($event['Event']['org'], array('email', 'gpgkey', 'contactalert', 'id'));
|
||||
$temp = $this->User->findAllByOrg($event['Event']['orgc'], array('email', 'gpgkey', 'contactalert', 'id'));
|
||||
if (empty($temp)) $temp = $this->User->findAllByOrg($event['Event']['org'], array('email', 'gpgkey', 'contactalert', 'id'));
|
||||
foreach ($temp as $tempElement) {
|
||||
if ($tempElement['User']['contactalert'] || $tempElement['User']['id'] == $event['Event']['user_id']) {
|
||||
array_push($orgMembers, $tempElement);
|
||||
|
|
|
@ -421,9 +421,18 @@ If you ever need to change the data about the linked servers or remove any conne
|
|||
</ul>
|
||||
<hr />
|
||||
<a id="rest"></a><h2>Rest API:</h2>
|
||||
The platform is also <a href="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTfull</a>, so this means that you can use structured format (XML) to access Events data.<br /><br />
|
||||
The platform is also <a href="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTfull</a>, so this means that you can use structured format (XML or JSON) to access Events data.<br /><br />
|
||||
<h3>Requests</h3>
|
||||
Use any HTTP compliant library to perform requests. However to make clear you are doing a REST request you need to either specify the Accept type to application/xml, or append .xml to the url<br /><br />
|
||||
Use any HTTP compliant library to perform requests.<br /><br />
|
||||
You can choose which format you would like to use as input/output for the REST calls by specifying the Accept and Content-Type headers.<br /><br />
|
||||
The following headers are required if you wish to recieve / push XML data:<br /><br />
|
||||
<b>Authorization</b>: <span class=red><?php echo h($user['authkey']); ?></span><br />
|
||||
<b>Accept</b>: <span class=red>application/xml</span><br />
|
||||
<b>Content-Type</b>: <span class=red>application/xml</span><br /><br />
|
||||
The following headers are required if you wish to recieve / push JSON data:<br /><br />
|
||||
<b>Authorization</b>: <span class=red><?php echo h($user['authkey']); ?></span><br />
|
||||
<b>Accept</b>: <span class=red>application/json</span><br />
|
||||
<b>Content-Type</b>: <span class=red>application/json</span><br /><br />
|
||||
The following table shows the relation of the request type and the resulting action:<br /><br />
|
||||
|
||||
<table style="width:350px;" summary="">
|
||||
|
@ -467,9 +476,8 @@ The following table shows the relation of the request type and the resulting act
|
|||
</table>
|
||||
<small>(1) Warning, there's a limit on the number of results when you call <code>index</code>.</small><br/>
|
||||
<small>(2) Attachments are included using base64 encoding below the <code>data</code> tag.</small><br/>
|
||||
<br/>
|
||||
<h3>Authentication</h3>
|
||||
<p>REST being stateless you need to authenticate your request by using your <?php echo $this->Html->link(__('authkey/apikey', true), array('controller' => 'users', 'action' => 'view', 'me')); ?>. Simply set the <code>Authorization</code> HTTP header.</p>
|
||||
<br/><br />
|
||||
<h3></h3>
|
||||
<h3>Example - Get single Event</h3>
|
||||
<p>In this example we fetch the details of a single Event (and thus also his Attributes).<br/>
|
||||
The request should be:</p>
|
||||
|
@ -520,39 +528,23 @@ Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</pre>
|
|||
The request should be:</p>
|
||||
<pre>POST <?php echo Configure::read('MISP.baseurl');?>/events
|
||||
Accept: application/xml
|
||||
Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</pre>
|
||||
Authorization: <?php echo h($user['authkey']); ?></pre>
|
||||
<p>And the request body:</p>
|
||||
<pre><Event>
|
||||
<id>72</id>
|
||||
<org>NCIRC</org>
|
||||
<pre><Event>
|
||||
<date>2014-03-04</date>
|
||||
<threat_level_id>1</threat_level_id>
|
||||
<info>Something concise</info>
|
||||
<published>1</published>
|
||||
<uuid>50aa54aa-f7a0-4d74-920d-10f0ff32448e</uuid>
|
||||
<attribute_count>1</attribute_count>
|
||||
<analysis>1</analysis>
|
||||
<timestamp>1393328991</timestamp>
|
||||
<distribution>1</distribution>
|
||||
<proposal_email_lock>0</proposal_email_lock>
|
||||
<orgc>Iglocska</orgc>
|
||||
<locked>0</locked>
|
||||
<publish_timestamp>1393329599</publish_timestamp>
|
||||
<Attribute>
|
||||
<id>9577</id>
|
||||
<type>other</type>
|
||||
<category>Artifacts dropped</category>
|
||||
<to_ids>1</to_ids>
|
||||
<uuid>50aa54bd-adec-4544-b412-10f0ff32448e</uuid>
|
||||
<event_id>57</event_id>
|
||||
<distribution>1</distribution>
|
||||
<timestamp>1393328991</timestamp>
|
||||
<comment>This is an Attribute</comment>
|
||||
<value>Some_attribute</value>
|
||||
<ShadowAttribute />
|
||||
</Attribute>
|
||||
<ShadowAttribute />
|
||||
<RelatedEvent />
|
||||
</Event></pre>
|
||||
<p>The response you're going to get is the following data:</p>
|
||||
<pre>
|
||||
|
|
Loading…
Reference in New Issue