MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Updated the migration script (SQL) 

- Script updated based on the issues during testing

- Changed the file upload/downoad mechanism.
pull/63/head
Andras Iklody 2013-02-27 15:24:38 +01:00
parent a7bb5c7767
commit a735822ca1
4 changed files with 44 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Controller/AppController.php
View File

@ -428,6 +428,7 @@ class AppController extends Controller {
default: default:
break; break;
} }
//$this->Acl->allow($inc, 'controllers/Events/add');
if ($permAdd) { if ($permAdd) {
$this->Acl->allow($inc, 'controllers/Events/add'); $this->Acl->allow($inc, 'controllers/Events/add');
$this->Acl->allow($inc, 'controllers/Attributes/add'); $this->Acl->allow($inc, 'controllers/Attributes/add');
@ -463,12 +464,11 @@ class AppController extends Controller {
$this->Acl->deny($inc, 'controllers/Logs'); $this->Acl->deny($inc, 'controllers/Logs');
} }
if (isset($inc['Role']['perm_admin'])) { if (isset($inc['Role']['perm_admin']) && $inc['Role']['perm_admin']) {
if ($inc['Role']['perm_admin']) {
//$this->Acl->allow($inc, 'controllers/Logs'); //$this->Acl->allow($inc, 'controllers/Logs');
}
} else { } else {
$this->Acl->deny($inc, 'controllers/Roles'); $this->Acl->deny($inc, 'controllers/Roles');
//$this->Acl->deny($inc, 'controllers');
} }
if (isset($inc['Role']['perm_auth'])) { if (isset($inc['Role']['perm_auth'])) {
if ($inc['Role']['perm_auth']) { if ($inc['Role']['perm_auth']) {

26
app/Controller/AttributesController.php
View File

@ -303,12 +303,8 @@ class AttributesController extends AppController {
} }
$this->Attribute->read(); $this->Attribute->read();
if (PHP_OS == 'WINNT') { $path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS;
$path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS; $file = $this->Attribute->data['Attribute']['id'];
$file = $this->Attribute->data['Attribute']['id'];
} else {
$file = new File(APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS . $this->Attribute->data['Attribute']['id']);
}
$filename = ''; $filename = '';
if ('attachment' == $this->Attribute->data['Attribute']['type']) { if ('attachment' == $this->Attribute->data['Attribute']['type']) {
$filename = Sanitize::clean($this->Attribute->data['Attribute']['value']); $filename = Sanitize::clean($this->Attribute->data['Attribute']['value']);
@ -324,23 +320,13 @@ class AttributesController extends AppController {
} }
$this->viewClass = 'Media'; $this->viewClass = 'Media';
if (PHP_OS == 'WINNT') { $params = array(
$params = array(
'id' => $file, 'id' => $file,
'name' => $filename, 'name' => $filename,
'extension' => $fileExt, 'extension' => $fileExt,
'download' => true, 'download' => true,
'path' => $path 'path' => $path
); );
} else {
$params = array(
'id' => $file->path,
'name' => $filename,
'extension' => $fileExt,
'download' => true,
'path' => DS
);
}
$this->set($params); $this->set($params);
} }
@ -376,13 +362,13 @@ class AttributesController extends AppController {
if ($this->request->data['Attribute']['malware']) { if ($this->request->data['Attribute']['malware']) {
$this->request->data['Attribute']['type'] = "malware-sample"; $this->request->data['Attribute']['type'] = "malware-sample";
$filename = Sanitize::clean($filename); $filename = Sanitize::clean($filename);
preg_replace('\/:*?"<>', '', $filename); preg_replace('/\//:*?"<>/', '', $filename);
$this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files $this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
$this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS $this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
} else { } else {
$this->request->data['Attribute']['type'] = "attachment"; $this->request->data['Attribute']['type'] = "attachment";
$filename = Sanitize::clean($filename); $filename = Sanitize::clean($filename);
preg_replace('\/:*?"<>', '', $filename); preg_replace('/\/:*?"<>/', '', $filename);
$this->request->data['Attribute']['value'] = $filename; $this->request->data['Attribute']['value'] = $filename;
$this->request->data['Attribute']['to_ids'] = 0; $this->request->data['Attribute']['to_ids'] = 0;
} }

38
app/MYSQL.migrate.sql
View File

@ -1,8 +1,9 @@
-- --
-- Update to attributes -- Update to attributes
-- --
ALTER TABLE `attributes` ADD `cluster` tinyint(1) NOT NULL;
ALTER TABLE `attributes` ADD `communitie` tinyint(1) NOT NULL; ALTER TABLE `attributes` ADD `cluster` tinyint(1) DEFAULT '0';
ALTER TABLE `attributes` ADD `communitie` tinyint(1) DEFAULT '0';
ALTER TABLE `attributes` ADD `dist_change` int(11) DEFAULT '0'; ALTER TABLE `attributes` ADD `dist_change` int(11) DEFAULT '0';
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -47,6 +48,8 @@ ALTER TABLE `events` ADD `analysis` tinyint(4) NOT NULL;
ALTER TABLE `events` ADD `attribute_count` int(11) UNSIGNED DEFAULT NULL; ALTER TABLE `events` ADD `attribute_count` int(11) UNSIGNED DEFAULT NULL;
ALTER TABLE `events` ADD `hop_count` int(11) UNSIGNED DEFAULT NULL; ALTER TABLE `events` ADD `hop_count` int(11) UNSIGNED DEFAULT NULL;
ALTER TABLE `events` ADD `dist_change` int(11) NOT NULL DEFAULT 0; ALTER TABLE `events` ADD `dist_change` int(11) NOT NULL DEFAULT 0;
ALTER TABLE `events` ADD `orgc` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL;
UPDATE TABLE `events` SET `orgc` = `org` WHERE `orgc` = NULL;
-- -------------------------------------------------------- -- --------------------------------------------------------
-- --
@ -85,6 +88,7 @@ CREATE TABLE `regexp` (
-- Create table roles -- Create table roles
-- --
DROP TABLE IF EXISTS `roles`;
CREATE TABLE `roles` ( CREATE TABLE `roles` (
`id` int(11) NOT NULL AUTO_INCREMENT, `id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) COLLATE utf8_bin NOT NULL, `name` varchar(100) COLLATE utf8_bin NOT NULL,
@ -97,21 +101,49 @@ CREATE TABLE `roles` (
`perm_sync` tinyint(1) NOT NULL, `perm_sync` tinyint(1) NOT NULL,
`perm_full` tinyint(1) NOT NULL, `perm_full` tinyint(1) NOT NULL,
`perm_auth` tinyint(1) NOT NULL, `perm_auth` tinyint(1) NOT NULL,
`perm_audit` tinyint(1) NOT NULL,
`perm_admin` tinyint(1) NOT NULL,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
-- -------------------------------------------------------- -- --------------------------------------------------------
--
-- Creating initial roles
--
-- 1. Admin - has full access
-- 2. Org Admin - read/write/publish/audit/admin/sync/auth
-- 3. User - User - Read / Write, no other permissions (default)
-- 4. Sync user - read/write/publish/sync/auth
--
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('1', 'admin', NOW() , NOW() , '1', '1', '1', '1', '1', '1', '1', '1', '1');
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('2', 'Org Admin', NOW() , NOW() , '1', '1', '0' , '1', '1', '1', '1', '0' , '1');
INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`)
VALUES ('3', 'User', NOW() , NOW() , '1', '1', '0' , '0' , '0' , '0' , '0' , '0' , '0');
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`)
VALUES ('4', 'Sync user', NOW(), NOW(), '1', '1', '1', '1', '1', '0', '1', '0', '1');
-- --------------------------------------------------------
-- --
-- Update servers -- Update servers
-- --
ALTER TABLE `servers` DROP `logo`; ALTER TABLE `servers` DROP `logo`;
-- -------------------------------------------------------- -- --------------------------------------------------------
-- --
-- Update users -- Update users
-- Collate changed for email - fixes case sensitivity of user names
-- --
ALTER TABLE `users` ADD `role_id` int(11) NOT NULL; ALTER TABLE `users` ADD `role_id` int(11) NOT NULL;
ALTER TABLE `users` ADD `change_pw` tinyint(1) NOT NULL; ALTER TABLE `users` ADD `change_pw` tinyint(1) NOT NULL;
ALTER TABLE `users` CHANGE `email` `email` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL
UPDATE TABLE `users` SET `role_id` = '3';
UPDATE TABLE `users` SET `role_id` = '1' WHERE `org` = 'ADMIN';
-- -------------------------------------------------------- -- --------------------------------------------------------

22
app/MYSQL.migrate2.sql
View File

@ -1,22 +0,0 @@
ALTER TABLE `roles` ADD `perm_admin` TINYINT( 1 ) NOT NULL DEFAULT '0';
ALTER TABLE `roles` ADD `perm_audit` TINYINT( 1 ) NOT NULL DEFAULT '0';
INSERT INTO `roles` (
`id` ,
`name` ,
`created` ,
`modified` ,
`perm_add` ,
`perm_modify` ,
`perm_modify_org` ,
`perm_publish` ,
`perm_sync` ,
`perm_admin` ,
`perm_audit` ,
`perm_full` ,
`perm_auth`
)
VALUES (
'1', 'ADMIN', '2013-02-26 14:27:20', '2013-02-26 14:27:20', '1', '1', '1', '1', '1', '1', '1', '1', '1'
);