MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Attribute http-method added - issue #161 fixed 

The attribute HTTP method added. By default, the values
must match the known HTTP method from RFC2616, RFC2518,
RFC3253, RFC3648, RFC3744, RFC5789, RFC5323. The method
is case sensitive.
pull/217/head
Alexandre Dulaunoy 2013-08-13 13:19:27 +02:00
parent be316c80a2
commit a524d95b34
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Model/Attribute.php
View File

@ -107,6 +107,7 @@ class Attribute extends AppModel {
'email-subject' => array('desc' => "The subject of the email"),
'email-attachment' => array('desc' => "File name of the email attachment."),
'url' => array('desc' => 'url'),
'http-method' => array('desc' => "HTTP method used by the malware (e.g. POST, GET, ...)."),
'user-agent' => array('desc' => "The user-agent used by the malware in the HTTP request."),
'regkey' => array('desc' => "Registry key or value"),
'regkey|value' => array('desc' => "Registry value + data separated by |"),
@ -159,7 +160,7 @@ class Attribute extends AppModel {
),
'Network activity' => array(
'desc' => 'Information about network traffic generated by the malware',
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
),
'Payload type' => array(
'desc' => 'Information about the final payload(s)',
@ -408,6 +409,13 @@ class Attribute extends AppModel {
break;
}
// uppercase the following types
switch($this->data['Attribute']['type']) {
case 'http-method':
$this->data['Attribute']['value'] = strtoupper($this->data['Attribute']['value']);
break;
}
// set to_ids if it doesn't exist
if (empty($this->data['Attribute']['to_ids'])) {
$this->data['Attribute']['to_ids'] = 0;
@ -495,6 +503,13 @@ class Attribute extends AppModel {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
break;
case 'http-method':
if (preg_match("#(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH)#", $value)) {
$returnValue = true;
} else {
$returnValue = 'Unknown HTTP method.';
}
break;
case 'filename':
// no newline
if (!preg_match("#\n#", $value)) {