MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] Always capture attribute sharing groups 

- via object edits it was omitted, leading to a possible misassociation of sharing groups by using the local ID of a referenced SG

- as reported by Jeroen Pinoy
pull/7479/head
iglocska 2021-06-07 14:44:36 +02:00
parent cda48b006e
commit a71aafdeb5
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Model/Attribute.php
View File

@ -3628,6 +3628,13 @@ class Attribute extends AppModel
if (!empty($parentEvent)) {
$params['parentEvent'] = $parentEvent;
}
if (!empty($attribute['SharingGroup'])) {
$attribute['sharing_group_id'] = $this->SharingGroup->captureSG($attribute['SharingGroup'], $user);
} elseif (!empty($attribute['sharing_group_id'])) {
if (!$this->SharingGroup->checkIfAuthorised($user, $attribute['sharing_group_id'])) {
unset($attribute['sharing_group_id']);
}
}
if (!$this->save($attribute, $params)) {
$attribute_short = (isset($attribute['category']) ? $attribute['category'] : 'N/A') . '/' . (isset($attribute['type']) ? $attribute['type'] : 'N/A') . ' ' . (isset($attribute['value']) ? $attribute['value'] : 'N/A');
$log->create();