new: [deprecation] Added a new library to handle deprecations

- send X-Deprecation-Warning via the API
- set new Warning flash messages via the UI
- counting the use of these functionalities / API endpoint and / user
  - added a diagnsitic tool to view the outcome of the collection
  - sharing of these collections with the MISP-Project will be optionally available in the future

- two modes of operation:
  - hard deprecation (functions certainly to be removed, reported to the users via API/UI)
  - soft deprecation (gauging interest for the continued use of these functions)

app/Controller/AppController.php

@@ -91,7 +91,8 @@ class AppController extends Controller
             'Flash',
             'Toolbox',
             'RateLimit',
-            'IndexFilter'
+            'IndexFilter',
+            'Deprecation'
             //,'DebugKit.Toolbar'
     );
 
@@ -473,6 +474,18 @@ class AppController extends Controller
         if ($this->_isRest()) {
             $this->__rateLimitCheck();
         }
+        if ($this->modelClass !== 'CakeError') {
+            $deprecationWarnings = $this->Deprecation->checkDeprecation($this->request->params['controller'], $this->action, $this->{$this->modelClass}, $this->Auth->user('id'));
+            if ($deprecationWarnings) {
+                $deprecationWarnings = __('WARNING: This functionality is deprecated and will be removed in the near future. ') . $deprecationWarnings;
+                if ($this->_isRest()) {
+                    $this->response->header('X-Deprecation-Warning', $deprecationWarnings);
+                    $this->components['RestResponse']['deprecationWarnings'] = $deprecationWarnings;
+                } else {
+                    $this->Flash->warning($deprecationWarnings);
+                }
+            }
+        }
         $this->components['RestResponse']['sql_dump'] = $this->sql_dump;
     }
 

app/Controller/Component/RestResponseComponent.php

@@ -486,6 +486,9 @@ class RestResponseComponent extends Component
                 $cakeResponse->header($key, $value);
             }
         }
+        if (!empty($deprecationWarnings)) {
+            $cakeResponse->header('X-Deprecation-Warning', $deprecationWarnings);
+        }
         if ($download) {
             $cakeResponse->download($download);
         }

app/Controller/ServersController.php

@@ -2207,4 +2207,15 @@ misp.direct_call(relative_path, body)
         }
         return $this->RestResponse->viewData($this->Server->dbSchemaDiagnostic(), $this->response->type());
     }
+
+    public function viewDeprecatedFunctionUse()
+    {
+        $data = $this->Deprecation->getDeprecatedAccessList($this->Server);
+        if ($this->_isRest()) {
+            return $this->RestResponse->viewData($data, $this->response->type());
+        } else {
+            $this->layout = false;
+            $this->set('data', $data);
+        }
+    }
 }

app/View/Elements/Flash/warning.ctp

@@ -0,0 +1,4 @@
+<div class="alert alert-warning">
+  <button type="button" class="close" data-dismiss="alert">&times;</button>
+  <?php echo h($message); ?>
+</div>

app/View/Elements/healthElements/diagnostics.ctp

@@ -417,9 +417,20 @@
     <h3><?php echo __('Clean model cache');?></h3>
     <p><?php echo __('If you ever run into issues with missing database fields / tables, please run the following script to clean the model cache.');?></p>
     <?php echo $this->Form->postLink('<span class="btn btn-inverse" style="padding-top:1px;padding-bottom:1px;">' . __('Clean cache') . '</span>', $baseurl . '/events/cleanModelCaches', array('escape' => false));?>
-    <h3><?php echo __('Overwritten objects');?></h3>
-    <p><?php echo __('Prior to 2.4.89, due to a bug a situation could occur where objects got overwritten on a sync pull. This tool allows you to inspect whether you are affected and if yes, remedy the issue.');?></p>
-    <a href="<?php echo $baseurl; ?>/objects/orphanedObjectDiagnostics"><span class="btn btn-inverse"><?php echo __('Reconstruct overwritten objects');?></span></a>
+    <?php
+        echo sprintf(
+            '<h3>%s</h3><p>%s</p><div id="deprecationResults"></div>%s',
+            __('Check for deprecated function usage'),
+            __('In an effort to identify the usage of deprecated functionalities, MISP has started aggregating the count of access requests to these endpoints. Check the frequency of their use below along with the users to potentially warn about better ways of achieving their goals.'),
+            sprintf(
+                '<span class="btn btn-inverse" role="button" tabindex="0" aria-label="%s" title="%s" onClick="%s">%s</span>',
+                __('View deprecated endpoint usage'),
+                __('View deprecated endpoint usage'),
+                'queryDeprecatedEndpointUsage();',
+                __('View deprecated endpoint usage')
+            )
+        );
+    ?>
     <h3><?php echo __('Orphaned attributes');?></h3>
     <p><?php echo __('In some rare cases attributes can remain in the database after an event is deleted becoming orphaned attributes. This means that they do not belong to any event, which can cause issues with the correlation engine (known cases include event deletion directly in the database without cleaning up the attributes and situations involving a race condition with an event deletion happening before all attributes are synchronised over).');?></p>
     <div style="background-color:#f7f7f9;width:400px;">

app/View/Servers/view_deprecated_function_use.ctp

@@ -0,0 +1,43 @@
+<?php
+    foreach ($data as $controller => $controllerData) {
+        echo sprintf(
+            '<div class="bold blue">%s</div>',
+            h($controller)
+        );
+        foreach ($controllerData as $action => $userData) {
+            echo sprintf(
+                '<div class="bold" style="margin-left:8px">%s</div>%s',
+                h($action),
+                sprintf(
+                    '<div style="margin-left:16px;"><span class="bold">Total</span>: %s %s</div>',
+                    h($userData['total']),
+                    sprintf(
+                        '<i class="fas fa-plus-circle" role="button" aria-label="%s" data-toggle="collapse" data-target="#deprecationDetails%s%s"></i>',
+                        __('View details on the usage of %s on the %s controller', h($action), h($controller)),
+                        h($controller),
+                        h($action)
+                    )
+                )
+            );
+            $userDataDiv = '';
+            foreach ($userData as $userId => $count) {
+                if ($userId !== 'total') {
+                    $userDataDiv .= sprintf(
+                        '<div style="margin-left:24px;"><a href="%s" aria-label="%s">%s</a>: %s</div>',
+                        $baseurl . '/admin/users/view/' . h($userId),
+                        __('View user ID ', h($userId)),
+                        __('User #%s', h($userId)),
+                        h($count)
+                    );
+                }
+            }
+            echo sprintf(
+                '<div id="deprecationDetails%s%s" data-toggle="collapse" class="collapse">%s</div>',
+                h($controller),
+                h($action),
+                $userDataDiv
+            );
+        }
+    }
+
+?>

app/webroot/js/misp.js

@@ -4656,6 +4656,19 @@ function checkRoleEnforceRateLimit() {
     }
 }
 
+function queryDeprecatedEndpointUsage() {
+    $.ajax({
+        url: baseurl + '/servers/viewDeprecatedFunctionUse',
+        type: 'GET',
+        success: function(data) {
+            $('#deprecationResults').html(data);
+        },
+        error: function(data) {
+            handleGenericAjaxResponse({'saved':false, 'errors':['Could not query the deprecation statistics.']});
+        }
+    });
+}
+
 (function(){
     "use strict";
     $(".datepicker").datepicker({