diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..d7bb38946 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "composer" + directory: "/app" + schedule: + interval: "daily" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every weekday + interval: "daily" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f2da0572a..f3568770f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,11 +35,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3d04f8998..8ee02442a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,7 +6,7 @@ name: misp # events but only for the 2.4 and develop branches on: push: - branches: [ 2.4, develop, misp-stix ] + branches: [ 2.4, develop, misp-stix, taxii ] pull_request: branches: [ 2.4, develop, misp-stix ] @@ -20,13 +20,13 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-20.04] + os: [ubuntu-22.04] php: ['7.2', '7.3', '7.4'] # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: 'recursive' @@ -75,7 +75,8 @@ jobs: run: | sudo chown $USER:www-data $HOME/.composer pushd app - sudo -H -u $USER php composer.phar install --no-progress + sudo -H -u $USER composer config --no-plugins allow-plugins.composer/installers true + sudo -H -u $USER composer install --no-progress popd cp -fa INSTALL/setup/config.php app/Plugin/CakeResque/Config/config.php # Set perms @@ -138,6 +139,13 @@ jobs: sudo chown -R $USER:www-data `pwd`/app/Config sudo chmod -R 777 `pwd`/app/Config + # fix perms (?) + namei -m /home/runner/work + sudo chmod +x /home/runner/work + sudo chmod +x /home/runner + sudo chmod +x /home + sudo chmod +x / + - name: DB Update run: | sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.osuser" $USER' @@ -192,6 +200,9 @@ jobs: - name: Turn MISP live run: sudo -E su $USER -c 'app/Console/cake Live 1' + - name: Check if Redis is ready + run: sudo -E su $USER -c 'app/Console/cake Admin redisReady' + - name: Start workers run: | sudo chmod +x app/Console/worker/start.sh @@ -221,12 +232,11 @@ jobs: echo 'key = "'${AUTH}'"' >> tests/keys.py cat tests/keys.py popd - - - name: Build test - run: | . ./venv/bin/activate pushd tests - ./build-test.sh + bash ./build-test.sh + popd + deactivate - name: Run PHP tests run: | @@ -240,17 +250,15 @@ jobs: popd sudo chmod -R g+ws `pwd`/app/tmp/logs - + . ./venv/bin/activate pushd PyMISP python tests/testlive_comprehensive.py + python tests/test_mispevent.py popd python tests/testlive_security.py -v python tests/testlive_sync.py python tests/testlive_comprehensive_local.py -v - pushd PyMISP - python tests/test_mispevent.py - popd cp PyMISP/tests/keys.py PyMISP/examples/events/ pushd PyMISP/examples/events/ python ./create_massive_dummy_events.py -l 5 -a 30 @@ -264,3 +272,5 @@ jobs: tail -n +1 `pwd`/app/tmp/logs/* tail -n +1 /var/log/apache2/*.log + sudo -u $USER app/Console/cake Log export /tmp/logs.json.gz --without-changes + zcat /tmp/logs.json.gz diff --git a/.gitignore b/.gitignore index 6ac789180..a7ad03a7e 100755 --- a/.gitignore +++ b/.gitignore @@ -104,6 +104,7 @@ app/Lib/EventWarning/Custom/* /app/tmp/cached_exports/sha256/* /app/tmp/cached_exports/bro/* /app/Plugin/CakeResque +/app/Plugin/DebugKit .gnupg .smime *.swp diff --git a/CODINGSTYLE.md b/CODINGSTYLE.md index 2c9f26679..29351d34d 100644 --- a/CODINGSTYLE.md +++ b/CODINGSTYLE.md @@ -6,11 +6,11 @@ Maintaining proper coding style is very important for any large software project - It allows others (as well as the future you!) to easily understand fragments of code and what they were supposed to do, and thus makes it easier to later extend them with newer functionality or bug fixes - It allows others to easily review the code and catch bugs - It provides for an aesthetically pleasing experience when one reads the code - + ## General typographic conventions - Maintain a maximum line length of 80 characters. Even though today’s monitors often are very wide and it’s often not a problem to have 120 characters displayed in an editor, maintaining shorter line lengths improves readability. It also allows others to have two parallel windows open, side by side, each with different parts of the source code. - Naming conventions: - - `ClassName`, + - `ClassName`, - `someVariable`, `someFunction`, `someArgument` - Maintain a decent amount of horizontal spacing, e.g. add a space after `if` or before `{` in PHP, Python, JavaScript, and similar in other languages. Whether and where to also use spaces within expressions, such as `(y*4+8)` vs. `(y * 4 + 8)` is left to the developer’s judgment. Do not put spaces immediately after or before the brackets in expressions, so avoid constructs like this: `if ( condition )` and use ones like this: `if (condition)` instead. - Use descriptive names for variables and functions. At a time when most editors have auto-completion features, there is no excuse for using short variable names. @@ -25,7 +25,7 @@ Maintaining proper coding style is very important for any large software project ## File naming conventions - Never use spaces within file names - **PHP:** Write file names in title case ,e.g. `AttachmentTool.php` -- **Python:** Write file names with small letters, use a dash to separate words, rather than underscores, e.g. `load_warninglists.py` +- **Python:** Write file names with small letters, use an underscore to separate words, rather than dashes, e.g. `load_warninglists.py` - **JavaScript:** Write file names with small letters, use dashes to separate words, rather than underscores, e.g. `bootstrap-colorpicker.js` ## General programming style guidelines @@ -41,7 +41,7 @@ Maintaining proper coding style is very important for any large software project return style; } - In production code, there should be little to no commented or disabled code fragments. Do not use comments to disable code fragments, unless you need to. But generally, there is little excuse to keep old, unused code fragments in the code. Instead, use the functionality provided by the source code management system, such as git. For example, create a special branch for storing the old, unused code – this way you will always be able to merge this code into upstream in the future. -- Try not to hardcode values in the code. +- Try not to hardcode values in the code. ## Commit message guidelines diff --git a/INSTALL/INSTALL.sh b/INSTALL/INSTALL.sh index ce2132009..4e01e2c20 100755 --- a/INSTALL/INSTALL.sh +++ b/INSTALL/INSTALL.sh @@ -1509,9 +1509,17 @@ coreCAKE () { ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.homedir" "${PATH_TO_MISP}/.gnupg" ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.password" "${GPG_PASSPHRASE}" ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.obscure_subject" true + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.key_fetching_disabled" false # FIXME: what if we have not gpg binary but a gpg2 one? ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.binary" "$(which gpg)" + # LinOTP + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.enabled" false + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.baseUrl" "https://" + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.realm" "lino" + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.verifyssl" true + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.mixedauth" false + # Enable installer org and tune some configurables ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1 ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test" @@ -1870,7 +1878,7 @@ mispmodules () { modulesCAKE () { # Enable Enrichment, set better timeouts ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_services_enable" true - ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_enable" true + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_enable" false ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_popover_only" false ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_timeout" 150 ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_timeout" 300 @@ -2543,7 +2551,7 @@ apacheConfig_RHEL7 () { #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf sudo rm /etc/httpd/conf.d/ssl.conf sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf - sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf + sudo sed -i '/Listen 443/!s/Listen 80/a Listen 443/' /etc/httpd/conf/httpd.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: echo "The Common Name used below will be: ${OPENSSL_CN}" @@ -2591,7 +2599,7 @@ apacheConfig_RHEL8 () { #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf sudo rm /etc/httpd/conf.d/ssl.conf sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf - sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf + sudo sed -i '/Listen 443/!s/Listen 80/a Listen 443/' /etc/httpd/conf/httpd.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: echo "The Common Name used below will be: ${OPENSSL_CN}" diff --git a/INSTALL/INSTALL.sh.sfv b/INSTALL/INSTALL.sh.sfv index 6f53f2312..1e88b1879 100644 --- a/INSTALL/INSTALL.sh.sfv +++ b/INSTALL/INSTALL.sh.sfv @@ -1,5 +1,5 @@ -; Generated by RHash v1.4.2 on 2022-05-23 at 12:45.34 +; Generated by RHash v1.4.2 on 2023-07-01 at 17:15.04 ; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/ ; -; 160126 12:45.34 2022-05-23 INSTALL.sh -INSTALL.sh 4296D40B11B3002DF3FDFD69A508ED5ECACB8C13 D32E5A4B0F37F4C937CD4F85927E998D917BCBE89E4E0E864FFD7EA09E29ADEF BD093D8018C351E3D3722646E269C4B60E6DA19F42150338CE6FD72FEE293B8B89AA69D48A84B19D3EFDDAE25EC9E646 ECACC3071E130058C3DDECC86E1CBF27DD4F11389D10F43B14293B1915F7A24F02D0DA51E299706A38C00F2D2A7505B0FE46E33B705E53594383CE65461F2B08 +; 160686 17:15.04 2023-07-01 INSTALL.sh +INSTALL.sh 9576C31EC5BD942E1C9B12413E6408E4623252F7 78B708FE1FC6B39BE081B9F05C6AA5E1478F8762CAF5A8A7671A12EBA4D3C1C5 27991471FB5788F42AF3BBF86FC80A95341AA17AE9487016EEC94961A48437172702EB8E2D6CB300387E87D9E8E0E3E5 C1C21FD491AEFD662C87C3EF62837D769E63E9CF2446B9BD607CCEF8AFD72528824A8F408C6892FD51109390104010EF90DA7F4828950A8671D2986A6B8E216F diff --git a/INSTALL/INSTALL.sh.sha1 b/INSTALL/INSTALL.sh.sha1 index 90e04e1ef..e1db6c05b 100644 --- a/INSTALL/INSTALL.sh.sha1 +++ b/INSTALL/INSTALL.sh.sha1 @@ -1 +1 @@ -4296d40b11b3002df3fdfd69a508ed5ecacb8c13 INSTALL.sh +9576c31ec5bd942e1c9b12413e6408e4623252f7 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha256 b/INSTALL/INSTALL.sh.sha256 index 80d0ca800..6622f0558 100644 --- a/INSTALL/INSTALL.sh.sha256 +++ b/INSTALL/INSTALL.sh.sha256 @@ -1 +1 @@ -d32e5a4b0f37f4c937cd4f85927e998d917bcbe89e4e0e864ffd7ea09e29adef INSTALL.sh +78b708fe1fc6b39be081b9f05c6aa5e1478f8762caf5a8a7671a12eba4d3c1c5 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha384 b/INSTALL/INSTALL.sh.sha384 index 58d22834f..0f9ebbe68 100644 --- a/INSTALL/INSTALL.sh.sha384 +++ b/INSTALL/INSTALL.sh.sha384 @@ -1 +1 @@ -bd093d8018c351e3d3722646e269c4b60e6da19f42150338ce6fd72fee293b8b89aa69d48a84b19d3efddae25ec9e646 INSTALL.sh +27991471fb5788f42af3bbf86fc80a95341aa17ae9487016eec94961a48437172702eb8e2d6cb300387e87d9e8e0e3e5 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha512 b/INSTALL/INSTALL.sh.sha512 index e83897162..fa8fc6529 100644 --- a/INSTALL/INSTALL.sh.sha512 +++ b/INSTALL/INSTALL.sh.sha512 @@ -1 +1 @@ -ecacc3071e130058c3ddecc86e1cbf27dd4f11389d10f43b14293b1915f7a24f02d0da51e299706a38c00f2d2a7505b0fe46e33b705e53594383ce65461f2b08 INSTALL.sh +c1c21fd491aefd662c87c3ef62837d769e63e9cf2446b9bd607ccef8afd72528824a8f408c6892fd51109390104010ef90da7f4828950a8671d2986a6b8e216f INSTALL.sh diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index 44da990b4..150d9aaa5 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -88,6 +88,12 @@ CREATE TABLE IF NOT EXISTS `attribute_tags` ( INDEX `tag_id` (`tag_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +-- ------------------------------------------------------- + +-- +-- Table structure for table `auth_keys` +-- + CREATE TABLE IF NOT EXISTS `auth_keys` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `uuid` varchar(40) COLLATE utf8mb4_unicode_ci NOT NULL, @@ -98,6 +104,8 @@ CREATE TABLE IF NOT EXISTS `auth_keys` ( `expiration` int(10) unsigned NOT NULL, `user_id` int(10) unsigned NOT NULL, `comment` text COLLATE utf8mb4_unicode_ci, + `allowed_ips` text COLLATE utf8mb4_unicode_ci, + `unique_ips` text COLLATE utf8mb4_unicode_ci, PRIMARY KEY (`id`), KEY `authkey_start` (`authkey_start`), KEY `authkey_end` (`authkey_end`), @@ -1523,16 +1531,16 @@ INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `pe VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1); +VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0); +VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0); +VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); +VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); -- -------------------------------------------------------- @@ -1661,4 +1669,6 @@ INSERT IGNORE INTO `org_blocklists` (`org_uuid`, `created`, `org_name`, `comment ('58d38339-7b24-4386-b4b4-4c0f950d210f', NOW(), 'Setec Astrononomy', 'default example'), ('58d38326-eda8-443a-9fa8-4e12950d210f', NOW(), 'Acme Finance', 'default example'); -INSERT IGNORE INTO `admin_settings` (`setting`, `value`) VALUES ('fix_login', NOW()); +INSERT IGNORE INTO `admin_settings` (`setting`, `value`) VALUES +('fix_login', NOW()), +('default_role', 3); \ No newline at end of file diff --git a/INSTALL/old/INSTALL.ubuntu1604.txt b/INSTALL/old/INSTALL.ubuntu1604.txt deleted file mode 120000 index 19f97ccc3..000000000 --- a/INSTALL/old/INSTALL.ubuntu1604.txt +++ /dev/null @@ -1 +0,0 @@ -../../docs/archive/INSTALL.ubuntu1604.md \ No newline at end of file diff --git a/PyMISP b/PyMISP index 98bb5ebd4..94983c01e 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 98bb5ebd49cf1ab3eb725922c5bbbc6369657b05 +Subproject commit 94983c01ecced6086df28133a38a297111534142 diff --git a/README.md b/README.md index 8e6dc245a..2a28375fb 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ The objective of MISP is to foster the sharing of structured information within MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are: -- An **efficient IOC and indicators** database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence. +- An **efficient IOC and indicators** database, allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence. - Automatic **correlation** finding relationships between attributes and indicators from malware, attack campaigns or analysis. The correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can also be enabled or event disabled per attribute. - A **flexible data model** where complex [objects](https://www.misp-project.org/objects.html) can be expressed and **linked together to express threat intelligence, incidents or connected elements**. - Built-in **sharing functionality** to ease data sharing using different model of distributions. MISP can automatically synchronize events and attributes among different MISP instances. Advanced filtering functionalities can be used to meet each organization's sharing policy including a **flexible sharing group** capacity and an attribute level distribution mechanisms. @@ -50,9 +50,9 @@ MISP, Malware Information Sharing Platform and Threat Sharing, core functionalit - **export**: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), Cache format (used for forensic tools), STIX (XML and JSON) 1 and 2, NIDS export (Suricata, Snort and Bro/Zeek) or RPZ zone. Many other formats can be easily added via the [misp-modules](https://github.com/MISP/misp-modules). - **import**: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, MISP standard format or STIX 1.1/2.0. Many other formats easily added via the [misp-modules](https://github.com/MISP/misp-modules). - Flexible **free text import** tool to ease the integration of unstructured reports into MISP. -- A gentle system to **collaborate** on events and attributes allowing MISP users to propose changes or updates to attributes/indicators. +- A user-friendly system to **collaborate** on events and attributes allowing MISP users to propose changes or updates to attributes/indicators. - **data-sharing**: automatically exchange and synchronize with other parties and trust-groups using MISP. -- **delegating of sharing**: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization. +- **delegating of sharing**: allows for a simple, pseudo-anonymous mechanism to delegate publication of event/indicators to another organization. - Flexible **API** to integrate MISP with your own solutions. MISP is bundled with [PyMISP](https://github.com/MISP/PyMISP) which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes. An exhaustive restSearch API to easily search for indicators in MISP and exports those in all the format supported by MISP. - **Adjustable taxonomy** to classify and tag events following your own classification schemes or [existing classification](https://github.com/MISP/misp-taxonomies). The taxonomy can be local to your MISP but also shareable among MISP instances. - **Intelligence vocabularies** called MISP galaxy and bundled with existing [threat actors, malware, RAT, ransomware or MITRE ATT&CK](https://www.misp-project.org/galaxy.html) which can be easily linked with events and attributes in MISP. @@ -108,16 +108,16 @@ License This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html) -* Copyright (C) 2012-2022 Christophe Vandeplas +* Copyright (C) 2012-2023 Christophe Vandeplas * Copyright (C) 2012 Belgian Defence * Copyright (C) 2012 NATO / NCIRC -* Copyright (C) 2013-2022 Andras Iklody -* Copyright (C) 2015-2022 CIRCL - Computer Incident Response Center Luxembourg +* Copyright (C) 2013-2023 Andras Iklody +* Copyright (C) 2015-2023 CIRCL - Computer Incident Response Center Luxembourg * Copyright (C) 2016 Andreas Ziegler -* Copyright (C) 2018-2022 Sami Mokaddem -* Copyright (C) 2018-2022 Christian Studer -* Copyright (C) 2015-2022 Alexandre Dulaunoy +* Copyright (C) 2018-2023 Sami Mokaddem +* Copyright (C) 2018-2023 Christian Studer +* Copyright (C) 2015-2023 Alexandre Dulaunoy * Copyright (C) 2018-2022 Steve Clement -* Copyright (C) 2020-2022 Jakub Onderka +* Copyright (C) 2020-2023 Jakub Onderka For more information, [the list of authors and contributors](AUTHORS) is available. diff --git a/VERSION.json b/VERSION.json index b534235d8..1f1c3a0c9 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":4, "hotfix":164} +{"major":2, "minor":4, "hotfix":174} diff --git a/app/.htaccess b/app/.htaccess index fc3aac4b2..ec36c63bd 100644 --- a/app/.htaccess +++ b/app/.htaccess @@ -1,5 +1,5 @@ RewriteEngine on - RewriteRule ^$ webroot/ [L] - RewriteRule (.*) webroot/$1 [L] - \ No newline at end of file + RewriteRule ^$ webroot/ "[B= ,L]" + RewriteRule (.*) webroot/$1 "[B= ,L]" + diff --git a/app/Config/config.default.php b/app/Config/config.default.php index abe2c3c1e..5e08ff20f 100644 --- a/app/Config/config.default.php +++ b/app/Config/config.default.php @@ -213,12 +213,13 @@ $config = array( // Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team. // Feel free to enable it and report back to us if you run into any issues. // - // Uncomment the following to enable Kerberos authentication + // Uncomment the following to enable Kerberos/LDAP authentication // needs PHP LDAP support enabled (e.g. compile flag --with-ldap or Debian package php5-ldap) /* - 'ApacheSecureAuth' => array( // Configuration for kerberos authentication + 'ApacheSecureAuth' => array( // Configuration for kerberos/LDAP authentication 'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER, If BasicAuth ldap = PHP_AUTH_USER - 'ldapServer' => 'ldap://example.com', // FQDN or IP + 'ldapServer' => 'ldap://example.com', // FQDN or IP, ldap:// for LDAP or LDAP+STARTTLS, ldaps:// for LDAPS + 'starttls' => true, // true for STARTTLS, ignored for LDAPS 'ldapProtocol' => 3, 'ldapNetworkTimeout' => -1, // use -1 for unlimited network timeout 'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right diff --git a/app/Config/routes.php b/app/Config/routes.php index 673c57177..032267db2 100644 --- a/app/Config/routes.php +++ b/app/Config/routes.php @@ -33,6 +33,7 @@ Router::connect('/roles/admin_index/*', array('controller' => 'roles', 'action' => 'index', 'admin' => true)); Router::connect('/logs/admin_search/*', array('controller' => 'logs', 'action' => 'search', 'admin' => true)); Router::connect('/audit_logs/admin_index/*', array('controller' => 'audit_logs', 'action' => 'index', 'admin' => true)); + Router::connect('/access_logs/admin_index/*', array('controller' => 'access_logs', 'action' => 'index', 'admin' => true)); Router::connect('/logs/admin_index/*', array('controller' => 'logs', 'action' => 'index', 'admin' => true)); Router::connect('/regexp/admin_index/*', array('controller' => 'regexp', 'action' => 'index', 'admin' => true)); diff --git a/app/Console/Command/AdminShell.php b/app/Console/Command/AdminShell.php index 0352c2e46..c7d842f1c 100644 --- a/app/Console/Command/AdminShell.php +++ b/app/Console/Command/AdminShell.php @@ -112,6 +112,18 @@ class AdminShell extends AppShell return $parser; } + public function jobForgot() + { + if (empty($this->args[0])) { + die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Forgot'] . PHP_EOL); + } + + $email = $this->args[0]; + $ip = empty($this->args[1]) ? null : $this->args[1]; + $jobId = empty($this->args[2]) ? null : $this->args[2]; + $this->User->forgot($email, $ip, $jobId); + } + public function jobGenerateCorrelation() { if (empty($this->args[0])) { @@ -524,6 +536,7 @@ class AdminShell extends AppShell $this->out('Executing all updates to bring the database up to date with the current version.'); $processId = empty($this->args[0]) ? false : $this->args[0]; $this->Server->runUpdates(true, false, $processId); + $this->Server->cleanCacheFiles(); $this->out('All updates completed.'); } else { $this->error('This OS user is not allowed to run this command.', 'Run it under `www-data` or `httpd` or `apache` or `wwwrun` or set MISP.osuser in the configuration.' . PHP_EOL . 'You tried to run this command as: ' . $whoami); @@ -554,8 +567,21 @@ class AdminShell extends AppShell public function redisReady() { try { - RedisTool::init()->ping(); - $this->out('Successfully connected to Redis.'); + $redis = RedisTool::init(); + for ($i = 0; $i < 10; $i++) { + $persistence = $redis->info('persistence'); + if (isset($persistence['loading']) && $persistence['loading']) { + $this->out('Redis is still loading...'); + sleep(1); + } else { + break; + } + } + if ($i === 9) { + $this->out('Redis is still loading, but we will continue.'); + } else { + $this->out('Successfully connected to Redis.'); + } } catch (Exception $e) { $this->error('Redis connection is not available', $e->getMessage()); } @@ -845,7 +871,7 @@ class AdminShell extends AppShell ]); foreach ($tables as $table) { - $dataSource->query('OPTIMISE TABLE ' . $dataSource->name($table)); + $dataSource->query('OPTIMIZE TABLE ' . $dataSource->name($table)); $progress->increment(); $progress->draw(); } diff --git a/app/Console/Command/AppShell.php b/app/Console/Command/AppShell.php index d825ea282..77ba8e761 100644 --- a/app/Console/Command/AppShell.php +++ b/app/Console/Command/AppShell.php @@ -89,7 +89,11 @@ abstract class AppShell extends Shell protected function getBackgroundJobsTool() { if (!isset($this->BackgroundJobsTool)) { - $this->BackgroundJobsTool = new BackgroundJobsTool(Configure::read('SimpleBackgroundJobs')); + $settings = ['enabled' => false]; + if (!empty(Configure::read('SimpleBackgroundJobs.enabled'))) { + $settings = Configure::read('SimpleBackgroundJobs'); + } + $this->BackgroundJobsTool = new BackgroundJobsTool($settings); } return $this->BackgroundJobsTool; } diff --git a/app/Console/Command/EventShell.php b/app/Console/Command/EventShell.php index 00ae7253f..9fb01fd45 100644 --- a/app/Console/Command/EventShell.php +++ b/app/Console/Command/EventShell.php @@ -68,7 +68,7 @@ class EventShell extends AppShell $user = $this->getUser($userId); if (!file_exists($path)) { - $this->error("File '$path' does not exists."); + $this->error("File '$path' does not exist."); } if (!is_readable($path)) { $this->error("File '$path' is not readable."); @@ -405,7 +405,17 @@ class EventShell extends AppShell $jobId = $this->args[2]; $userId = $this->args[3]; $user = $this->getUser($userId); - $job = $this->Job->read(null, $jobId); + $job = $this->Job->find('first', [ + 'recursive' => -1, + 'conditions' => [ + 'Job.id' => $jobId + ] + ]); + if (empty($job)) { + $log = ClassRegistry::init('Log'); + $log->createLogEntry($user, 'publish', 'Event', $id, 'Event (' . $id . '): could not be published - valid job not found.', ''); + return true; + } $this->Event->Behaviors->unload('SysLogLogable.SysLogLogable'); $result = $this->Event->publish($id, $passAlong); $job['Job']['progress'] = 100; @@ -632,7 +642,7 @@ class EventShell extends AppShell { $user = $this->User->getAuthUser($userId, true); if (empty($user)) { - $this->error("User with ID $userId does not exists."); + $this->error("User with ID $userId does not exist."); } Configure::write('CurrentUserId', $user['id']); // for audit logging purposes return $user; diff --git a/app/Console/Command/LogShell.php b/app/Console/Command/LogShell.php index 79d1c246d..d4bf5f239 100644 --- a/app/Console/Command/LogShell.php +++ b/app/Console/Command/LogShell.php @@ -3,26 +3,44 @@ /** * @property Log $Log * @property AuditLog $AuditLog + * @property AccessLog $AccessLog * @property Server $Server */ class LogShell extends AppShell { - public $uses = ['Log', 'AuditLog', 'Server']; + public $uses = ['Log', 'AuditLog', 'AccessLog', 'Server']; public function getOptionParser() { $parser = parent::getOptionParser(); $parser->addSubcommand('auditStatistics', [ - 'help' => __('Show statistics from audit logs.'), + 'help' => __('Show statistics for audit logs.'), + ]); + $parser->addSubcommand('accessStatistics', [ + 'help' => __('Show statistics for access logs.'), ]); $parser->addSubcommand('statistics', [ - 'help' => __('Show statistics from logs.'), + 'help' => __('Show statistics for application logs.'), ]); $parser->addSubcommand('export', [ - 'help' => __('Export logs to compressed file in JSON Lines format (one JSON encoded line per entry).'), + 'help' => __('Export application logs to compressed file in JSON Lines format (one JSON encoded line per entry).'), + 'parser' => [ + 'arguments' => [ + 'file' => ['help' => __('Path to output file'), 'required' => true], + ], + 'options' => [ + 'without-changes' => ['boolean' => true, 'help' => __('Do not include add, edit or delete actions.')], + ], + ], + ]); + $parser->addSubcommand('recompress', [ + 'help' => __('Recompress compressed data in logs.'), + ]); + $parser->addSubcommand('accessLogRetention', [ + 'help' => __('Delete logs that are older than specified duration.'), 'parser' => array( 'arguments' => array( - 'file' => ['help' => __('Path to output file'), 'required' => true], + 'duration' => ['help' => __('Duration in days'), 'required' => true], ), ), ]); @@ -32,6 +50,7 @@ class LogShell extends AppShell public function export() { list($path) = $this->args; + $withoutChanges = $this->param('without-changes'); if (file_exists($path)) { $this->error("File $path already exists"); @@ -42,21 +61,24 @@ class LogShell extends AppShell $this->error("Could not open $path for writing"); } - $rows = $this->Log->query("SELECT TABLE_ROWS FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'logs';"); /** @var ProgressShellHelper $progress */ $progress = $this->helper('progress'); $progress->init([ - 'total' => $rows[0]['TABLES']['TABLE_ROWS'], // just estimate, but fast + 'total' => $this->Log->tableRows(), // just estimate, but fast 'width' => 50, ]); $lastId = 0; while (true) { + $conditions = ['Log.id >' => $lastId]; // much faster than offset + if ($withoutChanges) { + $conditions['NOT'] = ['Log.action' => ['add', 'edit', 'delete']]; + } $logs = $this->Log->find('all', [ - 'conditions' => ['id >' => $lastId], // much faster than offset + 'conditions' => $conditions, 'recursive' => -1, 'limit' => 100000, - 'order' => ['id ASC'], + 'order' => ['Log.id ASC'], ]); if (empty($logs)) { break; @@ -77,7 +99,7 @@ class LogShell extends AppShell if ($log['id'] > $lastId) { $lastId = $log['id']; } - $lines .= json_encode($log, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_THROW_ON_ERROR) . "\n"; + $lines .= JsonTool::encode($log) . "\n"; } if (gzwrite($file, $lines) === false) { $this->error("Could not write data to $path"); @@ -144,7 +166,48 @@ class LogShell extends AppShell $this->out('Change field:'); $this->out('-------------'); $this->out(str_pad(__('Compressed items:'), 20) . $this->AuditLog->compressionStats['compressed']); + $this->out(str_pad(__('Total size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_total'])); $this->out(str_pad(__('Uncompressed size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_uncompressed'])); $this->out(str_pad(__('Compressed size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_compressed'])); } + + public function accessStatistics() + { + $count = $this->AccessLog->find('count'); + $first = $this->AccessLog->find('first', [ + 'recursive' => -1, + 'fields' => ['created'], + 'order' => ['id ASC'], + ]); + $last = $this->AccessLog->find('first', [ + 'recursive' => -1, + 'fields' => ['created'], + 'order' => ['id DESC'], + ]); + + $this->out(str_pad(__('Count:'), 20) . $count); + $this->out(str_pad(__('First:'), 20) . $first['AccessLog']['created']); + $this->out(str_pad(__('Last:'), 20) . $last['AccessLog']['created']); + + $usage = $this->Server->dbSpaceUsage()['access_logs']; + $this->out(str_pad(__('Data size:'), 20) . CakeNumber::toReadableSize($usage['data_in_bytes'])); + $this->out(str_pad(__('Index size:'), 20) . CakeNumber::toReadableSize($usage['index_in_bytes'])); + $this->out(str_pad(__('Reclaimable size:'), 20) . CakeNumber::toReadableSize($usage['reclaimable_in_bytes']), 2); + } + + public function recompress() + { + $this->AuditLog->recompress(); + } + + public function accessLogRetention() + { + list($duration) = $this->args; + if ($duration <= 0 || !is_numeric($duration)) { + $this->error("Invalid duration specified."); + } + $duration = new DateTime("-$duration days"); + $deleted = $this->AccessLog->deleteOldLogs($duration); + $this->out(__n("Deleted %s entry", "Deleted %s entries", $deleted, $deleted)); + } } diff --git a/app/Console/Command/Ls22Shell.php b/app/Console/Command/Ls22Shell.php index e5791abcb..fd477411b 100644 --- a/app/Console/Command/Ls22Shell.php +++ b/app/Console/Command/Ls22Shell.php @@ -29,6 +29,8 @@ class Ls22Shell extends AppShell public function getOptionParser() { + $this->stdout->styles('green', array('text' => 'green')); + $parser = parent::getOptionParser(); $parser->addSubcommand('enableTaxonomy', [ 'help' => __('Enable a taxonomy with all its tags.'), @@ -101,6 +103,33 @@ class Ls22Shell extends AppShell ), ), ]); + $parser->addSubcommand('setSetting', [ + 'help' => __('Set a setting on the given MISP instance(s).'), + 'parser' => array( + 'options' => array( + 'instances' => [ + 'help' => 'Path to the instance file, by default "instances.csv" from the local directory', + 'short' => 'i', + 'required' => true + ], + 'misp_url_filter' => [ + 'help' => 'The url of the instance to execute changes on. If not set, all are updated.', + 'short' => 'm', + 'required' => false + ], + 'setting' => [ + 'help' => 'The setting to modify', + 'short' => 's', + 'required' => true + ], + 'value' => [ + 'help' => 'The value to set for the given setting', + 'short' => 'v', + 'required' => true + ] + ), + ), + ]); $parser->addSubcommand('addWarninglist', [ 'help' => __('Inject warninglist'), 'parser' => array( @@ -363,6 +392,26 @@ class Ls22Shell extends AppShell } } + public function setSetting() + { + $setting = $this->param('setting'); + $value = $this->param('value'); + $this->__getInstances($this->param('instances')); + foreach ($this->__servers as $server) { + $HttpSocket = $this->Server->setupHttpSocket($server, null); + $request = $this->Server->setupSyncRequest($server, 'Server'); + $payload = ["value" => $value]; + $response = $HttpSocket->post($server['Server']['url'] . '/server/serverSettingsEdit/' . $setting, json_encode($value), $request); + $statusWrapped = sprintf( + '<%s>%s', + $response->isOk() ? 'info' : 'error', + $response->isOk() ? 'OK' : 'Setting updated', + $response->isOk() ? 'info' : 'error' + ); + $this->out($server['Server']['url'] . ': ' . $statusWrapped, 1, Shell::NORMAL); + } + } + public function scores() { $results = []; @@ -379,7 +428,7 @@ class Ls22Shell extends AppShell } $HttpSocket = $this->Server->setupHttpSocket($server, null); $request = $this->Server->setupSyncRequest($server); - $response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:all', false, $request); + $response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:local', false, $request); $orgs = json_decode($response->body(), true); $this->out(__('Organisations fetched. %d found.', count($orgs)), 1, Shell::VERBOSE); $org_mapping = []; @@ -390,21 +439,31 @@ class Ls22Shell extends AppShell if ($org['Organisation']['name'] === 'YT') { continue; } + if ($org['Organisation']['name'] === 'ORGNAME') { + continue; + } $org_mapping[$org['Organisation']['name']] = $org['Organisation']['id']; } - if (!empty($this->param['from'])) { - $time_range[] = $this->param['from']; + $time_range = []; + if (!empty($this->param('from'))) { + $time_range[] = $this->param('from'); } - if (!empty($this->param['to'])) { + if (!empty($this->param('to'))) { if (empty($time_range)) { $time_range[] = '365d'; } - $time_range[] = $this->param['to']; + $time_range[] = $this->param('to'); + } else { + if (!empty($time_range)) { + $time_range[] = '0h'; + } } + $event_extended_uuids = []; + $event_uuid_per_org = []; foreach ($org_mapping as $org_name => $org_id) { - $time_range = []; $params = [ - 'org' => $org_id + 'org' => $org_id, + 'includeWarninglistHits' => true, ]; if (!empty($time_range)) { $params['publish_timestamp'] = $time_range; @@ -415,6 +474,7 @@ class Ls22Shell extends AppShell $results[$org_name] = [ 'attribute_count' => 0, 'object_count' => 0, + 'event_count' => count($events['response']), 'connected_elements' => 0, 'event_tags' => 0, 'attribute_tags' => 0, @@ -423,9 +483,16 @@ class Ls22Shell extends AppShell 'attribute_attack' => 0, 'attribute_other' => 0, 'score' => 0, - 'warnings' => 0 + 'warnings' => 0, + 'events_extended' => 0, + 'extending_events' => 0, ]; foreach ($events['response'] as $event) { + $event_uuid_per_org[$event['Event']['uuid']] = $event['Event']['Orgc']['name']; + if (!empty($event['Event']['extends_uuid'])) { + $event_extended_uuids[$event['Event']['Orgc']['name']][] = $event['Event']['extends_uuid']; + } + if (!empty($event['Event']['Tag'])) { foreach ($event['Event']['Tag'] as $tag) { if (substr($tag['name'], 0, 32) === 'misp-galaxy:mitre-attack-pattern') { @@ -458,7 +525,7 @@ class Ls22Shell extends AppShell } } if (!empty($attribute['warnings'])) { - $result[$org_name]['warnings'] += 1; + $results[$org_name]['warnings'] += 1; } } $results[$org_name]['attribute_count'] += count($event['Event']['Attribute']); @@ -485,6 +552,22 @@ class Ls22Shell extends AppShell } } + + foreach ($event_extended_uuids as $orgc => $uuids) { + foreach ($uuids as $uuid) { + if (!empty($event_uuid_per_org[$uuid])) { + $org_name = $event_uuid_per_org[$uuid]; + if ($orgc != $org_name) { + // Add point for org extending another event + $results[$orgc]['extending_events'] += 1; + // Add point for org getting their event extended + $results[$org_name]['events_extended'] += 1; + } + } + } + } + + $scores = []; foreach ($results as $k => $result) { $totalCount = $result['attribute_count'] + $result['object_count']; @@ -499,8 +582,10 @@ class Ls22Shell extends AppShell $results[$k]['metrics']['connectedness'] = 100 * ($result['connected_elements'] / ($result['attribute_count'] + $result['object_count'])); $results[$k]['metrics']['attack_weight'] = 100 * (2*($result['attack']) + $result['attribute_attack']) / ($result['attribute_count'] + $result['object_count']); $results[$k]['metrics']['other_weight'] = 100 * (2*($result['other']) + $result['attribute_other']) / ($result['attribute_count'] + $result['object_count']); + $results[$k]['metrics']['collaboration'] = 100 * ((2*$result['events_extended'] + $result['extending_events']) / $result['event_count']); + $results[$k]['metrics']['collaboration'] = 100 * (2*(2*$result['events_extended'] + $result['extending_events']) / $result['event_count']); } - foreach (['connectedness', 'attack_weight', 'other_weight', 'warnings'] as $metric) { + foreach (['connectedness', 'attack_weight', 'other_weight', 'warnings', 'collaboration'] as $metric) { if (empty($results[$k]['metrics'][$metric])) { $results[$k]['metrics'][$metric] = 0; } @@ -512,13 +597,15 @@ class Ls22Shell extends AppShell 20 * $results[$k]['metrics']['warnings'] + 20 * $results[$k]['metrics']['connectedness'] + 40 * $results[$k]['metrics']['attack_weight'] + - 20 * $results[$k]['metrics']['other_weight'] + 10 * $results[$k]['metrics']['other_weight'] + + 10 * $results[$k]['metrics']['collaboration'] ) / 100; $scores[$k]['total'] = $results[$k]['score']; $scores[$k]['warnings'] = round(20 * $results[$k]['metrics']['warnings']); $scores[$k]['connectedness'] = round(20 * $results[$k]['metrics']['connectedness']); $scores[$k]['attack_weight'] = round(40 * $results[$k]['metrics']['attack_weight']); - $scores[$k]['other_weight'] = round(20 * $results[$k]['metrics']['other_weight']); + $scores[$k]['other_weight'] = round(10 * $results[$k]['metrics']['other_weight']); + $scores[$k]['collaboration'] = round(10 * $results[$k]['metrics']['collaboration']); } arsort($scores, SORT_DESC); $this->out(str_repeat('=', 128), 1, Shell::NORMAL); @@ -534,15 +621,17 @@ class Ls22Shell extends AppShell $score_string[1] = str_repeat('█', round($score['connectedness']/100)); $score_string[2] = str_repeat('█', round($score['attack_weight']/100)); $score_string[3] = str_repeat('█', round($score['other_weight']/100)); + $score_string[4] = str_repeat('█', round($score['collaboration']/100)); $this->out(sprintf( '| %s | %s | %s |', str_pad($org, 10, ' ', STR_PAD_RIGHT), sprintf( - '%s%s%s%s%s', + '%s%s%s%s%s%s', $score_string[0], $score_string[1], $score_string[2], $score_string[3], + $score_string[4], str_repeat(' ', 100 - mb_strlen(implode('', $score_string))) ), str_pad($score['total'] . '%', 8, ' ', STR_PAD_RIGHT) @@ -555,6 +644,7 @@ class Ls22Shell extends AppShell '█: Connectedness', '█: ATT&CK context', '█: Other Context', + '█: Collaboration', str_repeat(' ', 52) ), 1, Shell::NORMAL); $this->out(str_repeat('=', 128), 1, Shell::NORMAL); diff --git a/app/Console/Command/ServerShell.php b/app/Console/Command/ServerShell.php index 3de14fca3..a82b9d97d 100644 --- a/app/Console/Command/ServerShell.php +++ b/app/Console/Command/ServerShell.php @@ -11,7 +11,7 @@ require_once 'AppShell.php'; */ class ServerShell extends AppShell { - public $uses = array('Server', 'Task', 'Job', 'User', 'Feed'); + public $uses = array('Server', 'Task', 'Job', 'User', 'Feed', 'TaxiiServer'); public function getOptionParser() { @@ -790,4 +790,30 @@ class ServerShell extends AppShell } return $server; } + + public function push_taxii() + { + if (empty($this->args[0]) || empty($this->args[1])) { + die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Push Taxii'] . PHP_EOL); + } + + $userId = $this->args[0]; + $user = $this->getUser($userId); + $serverId = $this->args[1]; + if (!empty($this->args[2])) { + $jobId = $this->args[2]; + } else { + $jobId = $this->Job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', 'Server: ' . $serverId, 'Pushing.'); + } + $this->Job->read(null, $jobId); + + $result = $this->TaxiiServer->push($serverId, $user, $jobId); + if ($result !== true && !is_array($result)) { + $message = 'Job failed. Reason: ' . $result; + $this->Job->saveStatus($jobId, false, $message); + } else { + $message = 'Job done.'; + $this->Job->saveStatus($jobId, true, $message); + } + } } diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php new file mode 100644 index 000000000..372744744 --- /dev/null +++ b/app/Controller/AccessLogsController.php @@ -0,0 +1,228 @@ + -1, + 'limit' => 60, + 'fields' => ['id', 'created', 'user_id', 'org_id', 'authkey_id', 'ip', 'request_method', 'user_agent', 'request_id', 'controller', 'action', 'url', 'response_code', 'memory_usage', 'duration', 'query_count'], + 'contain' => [ + 'User' => ['fields' => ['id', 'email', 'org_id']], + 'Organisation' => ['fields' => ['id', 'name', 'uuid']], + ], + 'order' => [ + 'AccessLog.id' => 'DESC' + ], + ]; + + public function admin_index() + { + $params = $this->IndexFilter->harvestParameters([ + 'created', + 'ip', + 'user', + 'org', + 'request_id', + 'authkey_id', + 'api_request', + 'request_method', + 'controller', + 'action', + 'url', + 'user_agent', + 'memory_usage', + 'duration', + 'query_count', + 'response_code', + ]); + + $conditions = $this->__searchConditions($params); + + if ($this->_isRest()) { + $list = $this->AccessLog->find('all', [ + 'conditions' => $conditions, + 'contain' => $this->paginate['contain'], + ]); + foreach ($list as &$item) { + if (!empty($item['AccessLog']['request'])) { + $item['AccessLog']['request'] = base64_encode($item['AccessLog']['request']); + } + } + return $this->RestResponse->viewData($list, 'json'); + } + if (empty(Configure::read('MISP.log_skip_access_logs_in_application_logs'))) { + $this->Flash->warning(__('Access logs are logged in both application logs and access logs. Make sure you reconfigure your log monitoring tools and update MISP.log_skip_access_logs_in_application_logs.')); + } + + $this->AccessLog->virtualFields['has_query_log'] = 'query_log IS NOT NULL'; + $this->paginate['fields'][] = 'has_query_log'; + $this->paginate['conditions'] = $conditions; + $list = $this->paginate(); + + $this->set('list', $list); + $this->set('title_for_layout', __('Access logs')); + } + + public function admin_request($id) + { + $request = $this->AccessLog->find('first', [ + 'conditions' => ['AccessLog.id' => $id], + 'fields' => ['AccessLog.request'], + ]); + if (empty($request)) { + throw new NotFoundException(__('Access log not found')); + } + + if (empty($request['AccessLog']['request'])) { + throw new NotFoundException(__('Request body is empty')); + } + + $contentType = explode(';', $request['AccessLog']['request_content_type'], 2)[0]; + if ($contentType === 'application/x-www-form-urlencoded' || $contentType === 'multipart/form-data') { + parse_str($request['AccessLog']['request'], $output); + // highlight PHP array + $highlighted = highlight_string("\\|", "", $highlighted, 1); // remove prefix + $highlighted = preg_replace("|\\\$|", "", $highlighted, 1); // remove suffix 1 + $highlighted = trim($highlighted); // remove line breaks + $highlighted = preg_replace("|\\\$|", "", $highlighted, 1); // remove suffix 2 + $highlighted = trim($highlighted); // remove line breaks + $highlighted = preg_replace("|^(\\)(<\\?php )(.*?)(\\)|", "\$1\$3\$4", $highlighted); // remove custom added "set('request', $data); + } + + public function admin_queryLog($id) + { + $request = $this->AccessLog->find('first', [ + 'conditions' => ['AccessLog.id' => $id], + 'fields' => ['AccessLog.query_log'], + ]); + if (empty($request)) { + throw new NotFoundException(__('Access log not found')); + } + + if (empty($request['AccessLog']['query_log'])) { + throw new NotFoundException(__('Query log is empty')); + } + + $this->set('queryLog', $request['AccessLog']['query_log']); + } + + /** + * @param array $params + * @return array + */ + private function __searchConditions(array $params) + { + $qbRules = []; + foreach ($params as $key => $value) { + if ($key === 'created') { + $qbRules[] = [ + 'id' => $key, + 'operator' => is_array($value) ? 'between' : 'greater_or_equal', + 'value' => $value, + ]; + } else { + if (is_array($value)) { + $value = implode('||', $value); + } + $qbRules[] = [ + 'id' => $key, + 'value' => $value, + ]; + } + } + $this->set('qbRules', $qbRules); + + $conditions = []; + if (isset($params['user'])) { + if (is_numeric($params['user'])) { + $conditions['AccessLog.user_id'] = $params['user']; + } else { + $user = $this->User->find('first', [ + 'conditions' => ['User.email' => $params['user']], + 'fields' => ['id'], + ]); + if (!empty($user)) { + $conditions['AccessLog.user_id'] = $user['User']['id']; + } else { + $conditions['AccessLog.user_id'] = -1; + } + } + } + if (isset($params['ip'])) { + $conditions['AccessLog.ip'] = inet_pton($params['ip']); + } + foreach (['authkey_id', 'request_id', 'controller', 'action'] as $field) { + if (isset($params[$field])) { + $conditions['AccessLog.' . $field] = $params[$field]; + } + } + if (isset($params['url'])) { + $conditions['AccessLog.url LIKE'] = "%{$params['url']}%"; + } + if (isset($params['user_agent'])) { + $conditions['AccessLog.user_agent LIKE'] = "%{$params['user_agent']}%"; + } + if (isset($params['memory_usage'])) { + $conditions['AccessLog.memory_usage >='] = ($params['memory_usage'] * 1024); + } + if (isset($params['memory_usage'])) { + $conditions['AccessLog.memory_usage >='] = ($params['memory_usage'] * 1024); + } + if (isset($params['duration'])) { + $conditions['AccessLog.duration >='] = $params['duration']; + } + if (isset($params['query_count'])) { + $conditions['AccessLog.query_count >='] = $params['query_count']; + } + if (isset($params['request_method'])) { + $methodId = array_flip(AccessLog::REQUEST_TYPES)[$params['request_method']] ?? -1; + $conditions['AccessLog.request_method'] = $methodId; + } + if (isset($params['org'])) { + if (is_numeric($params['org'])) { + $conditions['AccessLog.org_id'] = $params['org']; + } else { + $org = $this->AccessLog->Organisation->fetchOrg($params['org']); + if ($org) { + $conditions['AccessLog.org_id'] = $org['id']; + } else { + $conditions['AccessLog.org_id'] = -1; + } + } + } + if (isset($params['created'])) { + $tempData = is_array($params['created']) ? $params['created'] : [$params['created']]; + foreach ($tempData as $k => $v) { + $tempData[$k] = $this->AccessLog->resolveTimeDelta($v); + } + if (count($tempData) === 1) { + $conditions['AccessLog.created >='] = date("Y-m-d H:i:s", $tempData[0]); + } else { + if ($tempData[0] < $tempData[1]) { + $temp = $tempData[1]; + $tempData[1] = $tempData[0]; + $tempData[0] = $temp; + } + $conditions['AND'][] = ['AccessLog.created <=' => date("Y-m-d H:i:s", $tempData[0])]; + $conditions['AND'][] = ['AccessLog.created >=' => date("Y-m-d H:i:s", $tempData[1])]; + } + } + return $conditions; + } +} \ No newline at end of file diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 390004fcf..a5212bb63 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -33,8 +33,8 @@ class AppController extends Controller public $helpers = array('OrgImg', 'FontAwesome', 'UserName'); - private $__queryVersion = '146'; - public $pyMispVersion = '2.4.162'; + private $__queryVersion = '153'; + public $pyMispVersion = '2.4.174'; public $phpmin = '7.2'; public $phprec = '7.4'; public $phptoonew = '8.0'; @@ -43,7 +43,6 @@ class AppController extends Controller private $isApiAuthed = false; public $baseurl = ''; - public $sql_dump = false; public $restResponsePayload = null; @@ -102,7 +101,9 @@ class AppController extends Controller { $controller = $this->request->params['controller']; $action = $this->request->params['action']; - + if (empty($this->Session->read('creation_timestamp'))) { + $this->Session->write('creation_timestamp', time()); + } if (Configure::read('MISP.system_setting_db')) { App::uses('SystemSetting', 'Model'); SystemSetting::setGlobalSetting(); @@ -136,17 +137,12 @@ class AppController extends Controller $this->response->header('X-XSS-Protection', '1; mode=block'); } - if (!empty($this->request->params['named']['sql'])) { - $this->sql_dump = intval($this->request->params['named']['sql']); - } - $this->_setupDatabaseConnection(); $this->set('debugMode', Configure::read('debug') >= 1 ? 'debugOn' : 'debugOff'); $isAjax = $this->request->is('ajax'); $this->set('ajax', $isAjax); $this->set('queryVersion', $this->__queryVersion); - $this->User = ClassRegistry::init('User'); $language = Configure::read('MISP.language'); if (!empty($language) && $language !== 'eng') { @@ -155,6 +151,26 @@ class AppController extends Controller Configure::write('Config.language', 'eng'); } + $this->User = ClassRegistry::init('User'); + + if (!empty($this->request->params['named']['disable_background_processing'])) { + Configure::write('MISP.background_jobs', 0); + } + + Configure::write('CurrentController', $controller); + Configure::write('CurrentAction', $action); + $versionArray = $this->User->checkMISPVersion(); + $this->mispVersion = implode('.', $versionArray); + $this->Security->blackHoleCallback = 'blackHole'; + + // send users away that are using ancient versions of IE + // Make sure to update this if IE 20 comes out :) + if (isset($_SERVER['HTTP_USER_AGENT'])) { + if (preg_match('/(?i)msie [2-8]/', $_SERVER['HTTP_USER_AGENT']) && !strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) { + throw new MethodNotAllowedException('You are using an unsecure and outdated version of IE, please download Google Chrome, Mozilla Firefox or update to a newer version of IE. If you are running IE9 or newer and still receive this error message, please make sure that you are not running your browser in compatibility mode. If you still have issues accessing the site, get in touch with your administration team at ' . Configure::read('MISP.contact')); + } + } + // For fresh installation (salt empty) generate a new salt if (!Configure::read('Security.salt')) { $this->User->Server->serverSettingsSaveValue('Security.salt', $this->User->generateRandomPassword(32)); @@ -165,6 +181,10 @@ class AppController extends Controller $this->User->Server->serverSettingsSaveValue('MISP.uuid', CakeText::uuid()); } + /** + * Authentication related activities + */ + // Check if Apache provides kerberos authentication data $authUserFields = $this->User->describeAuthFields(); $envvar = Configure::read('ApacheSecureAuth.apacheEnv'); @@ -180,22 +200,7 @@ class AppController extends Controller } else { $this->Auth->authenticate[AuthComponent::ALL]['userFields'] = $authUserFields; } - if (!empty($this->request->params['named']['disable_background_processing'])) { - Configure::write('MISP.background_jobs', 0); - } - Configure::write('CurrentController', $controller); - Configure::write('CurrentAction', $action); - $versionArray = $this->User->checkMISPVersion(); - $this->mispVersion = implode('.', $versionArray); - $this->Security->blackHoleCallback = 'blackHole'; - // send users away that are using ancient versions of IE - // Make sure to update this if IE 20 comes out :) - if (isset($_SERVER['HTTP_USER_AGENT'])) { - if (preg_match('/(?i)msie [2-8]/', $_SERVER['HTTP_USER_AGENT']) && !strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) { - throw new MethodNotAllowedException('You are using an unsecure and outdated version of IE, please download Google Chrome, Mozilla Firefox or update to a newer version of IE. If you are running IE9 or newer and still receive this error message, please make sure that you are not running your browser in compatibility mode. If you still have issues accessing the site, get in touch with your administration team at ' . Configure::read('MISP.contact')); - } - } $userLoggedIn = false; if (Configure::read('Plugin.CustomAuth_enable')) { $userLoggedIn = $this->__customAuthentication($_SERVER); @@ -217,16 +222,19 @@ class AppController extends Controller !$userLoggedIn && ( $controller !== 'users' || - $action !== 'register' || - empty(Configure::read('Security.allow_self_registration')) + ( + ($action !== 'register' || empty(Configure::read('Security.allow_self_registration'))) && + (!in_array($action, ['forgot', 'password_reset']) || empty(Configure::read('Security.allow_password_forgotten'))) + ) ) ) { // REST authentication if ($this->_isRest() || $this->_isAutomation()) { // disable CSRF for REST access $this->Security->csrfCheck = false; - if ($this->__loginByAuthKey() === false || $this->Auth->user() === null) { - if ($this->__loginByAuthKey() === null) { + $loginByAuthKeyResult = $this->__loginByAuthKey(); + if ($loginByAuthKeyResult === false || $this->Auth->user() === null) { + if ($loginByAuthKeyResult === null) { $this->loadModel('Log'); $this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed API authentication. No authkey was provided."); } @@ -304,10 +312,14 @@ class AppController extends Controller $this->__accessMonitor($user); } else { - $preAuthActions = array('login', 'register', 'getGpgPublicKey'); + $preAuthActions = array('login', 'register', 'getGpgPublicKey', 'logout401', 'otp'); if (!empty(Configure::read('Security.email_otp_enabled'))) { $preAuthActions[] = 'email_otp'; } + if (!empty(Configure::read('Security.allow_password_forgotten'))) { + $preAuthActions[] = 'forgot'; + $preAuthActions[] = 'password_reset'; + } if (!$this->_isControllerAction(['users' => $preAuthActions, 'servers' => ['cspReport']])) { if ($isAjax) { $response = $this->RestResponse->throwException(401, "Unauthorized"); @@ -411,9 +423,12 @@ class AppController extends Controller } } if ($foundMispAuthKey) { - $authKeyToStore = substr($authKey, 0, 4) + $start = substr($authKey, 0, 4); + $end = substr($authKey, -4); + $authKeyToStore = $start . str_repeat('*', 32) - . substr($authKey, -4); + . $end; + $this->__logApiKeyUse($start . $end); if ($user) { // User found in the db, add the user info to the session if (Configure::read('MISP.log_auth')) { @@ -430,10 +445,7 @@ class AppController extends Controller ); $this->Log->save($log); } - $storeAPITime = Configure::read('MISP.store_api_access_time'); - if (!empty($storeAPITime) && $storeAPITime) { - $this->User->updateAPIAccessTime($user); - } + $this->User->updateAPIAccessTime($user); $this->Session->renew(); $this->Session->write(AuthComponent::$sessionKey, $user); $this->isApiAuthed = true; @@ -447,6 +459,9 @@ class AppController extends Controller } $this->Session->destroy(); } + } else { + $this->loadModel('Log'); + $this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed authentication using an API key of incorrect length."); } return false; } @@ -483,7 +498,6 @@ class AppController extends Controller if (!$userFromDb) { $message = __('Something went wrong. Your user account that you are authenticated with doesn\'t exist anymore.'); if ($this->_isRest()) { - // TODO: Why not exception? $response = $this->RestResponse->throwException(401, $message); $response->send(); $this->_stop(); @@ -513,12 +527,24 @@ class AppController extends Controller } $this->Flash->info($message); $this->Auth->logout(); - throw new MethodNotAllowedException($message);//todo this should pb be removed? + $this->_redirectToLogin(); + return false; } else { $this->Flash->error(__('Warning: MISP is currently disabled for all users. Enable it in Server Settings (Administration -> Server Settings -> MISP tab -> live). An update might also be in progress, you can see the progress in ') , array('params' => array('url' => $this->baseurl . '/servers/updateProgress/', 'urlName' => __('Update Progress')), 'clear' => 1)); } } + // kill existing sessions for a user if the admin/instance decides so + // exclude API authentication as it doesn't make sense + if (!$this->isApiAuthed && $this->User->checkForSessionDestruction($user['id'])) { + $this->Auth->logout(); + $this->Session->destroy(); + $message = __('User deauthenticated on administrator request. Please reauthenticate.'); + $this->Flash->warning($message); + $this->_redirectToLogin(); + return false; + } + // Force logout doesn't make sense for API key authentication if (!$this->isApiAuthed && $user['force_logout']) { $this->User->id = $user['id']; @@ -581,6 +607,12 @@ class AppController extends Controller return true; } + // Check if user must create TOTP secret, force them to be on that page as long as needed. + if (empty($user['totp']) && Configure::read('Security.otp_required') && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login', 'totp_new']])) { // TOTP is mandatory for users, prevent login until the user has configured their TOTP + $this->redirect(array('controller' => 'users', 'action' => 'totp_new', 'admin' => false)); + return false; + } + // Check if user accepted terms and conditions if (!$user['termsaccepted'] && !empty(Configure::read('MISP.terms_file')) && !$this->_isControllerAction(['users' => ['terms', 'logout', 'login', 'downloadTerms']])) { //if ($this->_isRest()) throw new MethodNotAllowedException('You have not accepted the terms of use yet, please log in via the web interface and accept them.'); @@ -621,6 +653,15 @@ class AppController extends Controller return in_array($this->request->params['action'], $actionsToCheck[$controller], true); } + private function __logApiKeyUse($apikey) + { + $redis = $this->User->setupRedis(); + if (!$redis) { + return; + } + $redis->zIncrBy('misp:authkey_log:' . date("Ymd"), 1, $apikey); + } + /** * User access monitoring * @param array $user @@ -665,11 +706,28 @@ class AppController extends Controller { $userMonitoringEnabled = Configure::read('Security.user_monitoring_enabled'); if ($userMonitoringEnabled) { - $redis = $this->User->setupRedis(); - $userMonitoringEnabled = $redis && $redis->sismember('misp:monitored_users', $user['id']); + try { + $userMonitoringEnabled = RedisTool::init()->sismember('misp:monitored_users', $user['id']); + } catch (Exception $e) { + $userMonitoringEnabled = false; + } } - if (Configure::read('MISP.log_paranoid') || $userMonitoringEnabled) { + $shouldBeLogged = $userMonitoringEnabled || + Configure::read('MISP.log_paranoid') || + (Configure::read('MISP.log_paranoid_api') && isset($user['logged_by_authkey']) && $user['logged_by_authkey']); + + if ($shouldBeLogged) { + $includeRequestBody = !empty(Configure::read('MISP.log_paranoid_include_post_body')) || $userMonitoringEnabled; + /** @var AccessLog $accessLog */ + $accessLog = ClassRegistry::init('AccessLog'); + $accessLog->logRequest($user, $this->_remoteIp(), $this->request, $includeRequestBody); + } + + if ( + empty(Configure::read('MISP.log_skip_access_logs_in_application_logs')) && + $shouldBeLogged + ) { $change = 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->request->here; if ( ( @@ -684,7 +742,7 @@ class AppController extends Controller $payload = $this->request->input(); $change .= PHP_EOL . 'Request body: ' . $payload; } - $this->Log = ClassRegistry::init('Log'); + $this->loadModel('Log'); $this->Log->createLogEntry($user, 'request', 'User', $user['id'], 'Paranoid log entry', $change); } } @@ -1041,7 +1099,7 @@ class AppController extends Controller $headerNamespace = ''; } if (isset($server[$headerNamespace . $header]) && !empty($server[$headerNamespace . $header])) { - if (Configure::read('Plugin.CustomAuth_only_allow_source') && Configure::read('Plugin.CustomAuth_only_allow_source') !== $server['REMOTE_ADDR']) { + if (Configure::read('Plugin.CustomAuth_only_allow_source') && Configure::read('Plugin.CustomAuth_only_allow_source') !== $this->_remoteIp()) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $log = array( @@ -1050,7 +1108,7 @@ class AppController extends Controller 'model_id' => 0, 'email' => 'SYSTEM', 'action' => 'auth_fail', - 'title' => 'Failed authentication using external key (' . trim($server[$headerNamespace . $header]) . ') - the user has not arrived from the expected address. Instead the request came from: ' . $server['REMOTE_ADDR'], + 'title' => 'Failed authentication using external key (' . trim($server[$headerNamespace . $header]) . ') - the user has not arrived from the expected address. Instead the request came from: ' . $this->_remoteIp(), 'change' => null, ); $this->Log->save($log); @@ -1060,7 +1118,7 @@ class AppController extends Controller $user['User'] = $temp; if ($user['User']) { $this->User->updateLoginTimes($user['User']); - $this->Session->renew(); + //$this->Session->renew(); $this->Session->write(AuthComponent::$sessionKey, $user['User']); if (Configure::read('MISP.log_auth')) { $this->Log = ClassRegistry::init('Log'); @@ -1356,9 +1414,10 @@ class AppController extends Controller protected function _remoteIp() { $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - return isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : null; + return isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : $_SERVER['REMOTE_ADDR']; } + /** * @param string $key * @return bool Returns true if the same log defined by $key was not stored in last hour @@ -1452,7 +1511,7 @@ class AppController extends Controller protected function __setPagingParams(int $page, int $limit, int $current, string $type = 'named') { $this->request->params['paging'] = [ - 'Correlation' => [ + $this->modelClass => [ 'page' => $page, 'limit' => $limit, 'current' => $current, diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 2479c5cd1..76eca938e 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -73,6 +73,9 @@ class AttributesController extends AppController { $user = $this->Auth->user(); $this->paginate['conditions']['AND'][] = $this->Attribute->buildConditions($user); + + $this->__setIndexFilterConditions(); + $attributes = $this->paginate(); if ($this->_isRest()) { @@ -299,7 +302,7 @@ class AttributesController extends AppController $conditions['Attribute.type'] = array('attachment', 'malware-sample'); $attributes = $this->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => $conditions, 'flatten' => true)); if (empty($attributes)) { - throw new UnauthorizedException(__('Attribute does not exists or you do not have the permission to download this attribute.')); + throw new UnauthorizedException(__('Attribute does not exist or you do not have the permission to download this attribute.')); } return $this->__downloadAttachment($attributes[0]['Attribute']); } @@ -1536,6 +1539,7 @@ class AttributesController extends AppController $user = $this->Auth->user(); $exception = null; $filters = $this->__getSearchFilters($exception); + $this->set('passedArgsArray', ['results' => $continue]); if ($this->request->is('post') || !empty($this->request->params['named']['tags'])) { if ($filters === false) { return $exception; @@ -1763,7 +1767,7 @@ class AttributesController extends AppController $conditions['Attribute.type'] = array('attachment', 'malware-sample'); $attributes = $this->Attribute->fetchAttributes($user, array('conditions' => $conditions, 'flatten' => true)); if (empty($attributes)) { - throw new UnauthorizedException(__('Attribute does not exists or you do not have the permission to download this attribute.')); + throw new UnauthorizedException(__('Attribute does not exist or you do not have the permission to download this attribute.')); } return $this->__downloadAttachment($attributes[0]['Attribute']); } @@ -1961,7 +1965,7 @@ class AttributesController extends AppController public function fetchViewValue($id, $field = null) { $user = $this->_closeSession(); - $validFields = ['value', 'comment', 'type', 'category', 'to_ids', 'distribution', 'timestamp', 'first_seen', 'last_seen']; + $validFields = ['value', 'comment', 'type', 'category', 'distribution', 'timestamp', 'first_seen', 'last_seen']; if (!isset($field) || !in_array($field, $validFields, true)) { throw new MethodNotAllowedException(__('Invalid field requested.')); } @@ -1989,9 +1993,7 @@ class AttributesController extends AppController $attribute = $attribute[0]; $result = $attribute['Attribute'][$field]; if ($field === 'distribution') { - $result = $this->Attribute->shortDist[$result]; - } elseif ($field === 'to_ids') { - $result = $result == 0 ? 'No' : 'Yes'; + $this->set('shortDist', $this->Attribute->shortDist); } elseif ($field === 'value') { $this->loadModel('Warninglist'); $attribute['Attribute'] = $this->Warninglist->checkForWarning($attribute['Attribute']); @@ -2006,23 +2008,27 @@ class AttributesController extends AppController public function fetchEditForm($id, $field = null) { - $validFields = array('value', 'comment', 'type', 'category', 'to_ids', 'distribution', 'first_seen', 'last_seen'); - if (!isset($field) || !in_array($field, $validFields)) { - throw new MethodNotAllowedException(__('Invalid field requested.')); - } if (!$this->request->is('ajax')) { throw new MethodNotAllowedException(__('This function can only be accessed via AJAX.')); } - $fields = array('id', 'distribution', 'event_id'); - if ($field == 'category' || $field == 'type') { - $fields[] = 'type'; - $fields[] = 'category'; + + $validFields = array('value', 'comment', 'type', 'category', 'to_ids', 'distribution', 'first_seen', 'last_seen'); + if (!isset($field) || !in_array($field, $validFields, true)) { + throw new NotFoundException(__('Invalid field requested.')); + } + $fieldsToFetch = array('id', 'event_id'); + if ($field === 'category' || $field === 'type') { + $fieldsToFetch[] = 'type'; + $fieldsToFetch[] = 'category'; + if ($field === 'type') { + $fieldsToFetch[] = 'value'; + } } else { - $fields[] = $field; + $fieldsToFetch[] = $field; } $params = array( 'conditions' => array('Attribute.id' => $id), - 'fields' => $fields, + 'fields' => $fieldsToFetch, 'flatten' => 1, 'contain' => array( 'Event' => array( @@ -2044,15 +2050,28 @@ class AttributesController extends AppController unset($distributionLevels[4]); $this->set('distributionLevels', $distributionLevels); } elseif ($field === 'category') { - $typeCategory = array(); + $possibleCategories = []; foreach ($this->Attribute->categoryDefinitions as $k => $category) { - foreach ($category['types'] as $type) { - $typeCategory[$type][] = $k; + if (in_array($attribute['Attribute']['type'], $category['types'], true)) { + $possibleCategories[] = $k; } } - $this->set('typeCategory', $typeCategory); + $this->set('possibleCategories', $possibleCategories); } elseif ($field === 'type') { - $this->set('categoryDefinitions', $this->Attribute->categoryDefinitions); + $possibleTypes = $this->Attribute->categoryDefinitions[$attribute['Attribute']['category']]['types']; + $validTypes = AttributeValidationTool::validTypesForValue($possibleTypes, $this->Attribute->getCompositeTypes(), $attribute['Attribute']['value']); + $options = []; + foreach ($possibleTypes as $possibleType) { + if ($this->Attribute->typeIsAttachment($possibleType)) { + continue; // skip attachment types + } + $options[] = [ + 'name' => $possibleType, + 'value' => $possibleType, + 'disabled' => !in_array($possibleType, $validTypes, true), + ]; + } + $this->set('options', $options); } $this->set('object', $attribute['Attribute']); $fieldURL = ucfirst($field); @@ -2798,10 +2817,7 @@ class AttributesController extends AppController 'fields' => ['Attribute.deleted', 'Attribute.event_id', 'Attribute.id', 'Attribute.object_id', 'Event.orgc_id', 'Event.user_id'], 'contain' => ['Event'], ]); - if (empty($attribute)) { - throw new NotFoundException(__('Invalid attribute')); - } - if ($attribute['Attribute']['deleted']) { + if (empty($attribute) || $attribute['Attribute']['deleted']) { throw new NotFoundException(__('Invalid attribute')); } if (empty($tag_id)) { @@ -2831,19 +2847,19 @@ class AttributesController extends AppController if (!$this->__canModifyTag($attribute, !empty($attributeTag['AttributeTag']['local']))) { return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You do not have permission to do that.')), 'status' => 200, 'type' => 'json')); } - if (empty($attributeTag)) { return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid attribute - tag combination.')), 'status' => 200, 'type' => 'json')); } - $tag = $this->Attribute->AttributeTag->Tag->find('first', array( - 'conditions' => array('Tag.id' => $tag_id), - 'recursive' => -1, - 'fields' => array('Tag.name') - )); if ($this->Attribute->AttributeTag->delete($attributeTag['AttributeTag']['id'])) { if (empty($attributeTag['AttributeTag']['local'])) { $this->Attribute->touch($attribute); } + + $tag = $this->Attribute->AttributeTag->Tag->find('first', array( + 'conditions' => array('Tag.id' => $tag_id), + 'recursive' => -1, + 'fields' => array('Tag.name') + )); $log = ClassRegistry::init('Log'); $log->createLogEntry($this->Auth->user(), 'tag', 'Attribute', $id, 'Removed tag (' . $tag_id . ') "' . $tag['Tag']['name'] . '" from attribute (' . $id . ')', 'Attribute (' . $id . ') untagged of Tag (' . $tag_id . ')'); return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Tag removed.', 'check_publish' => empty($attributeTag['AttributeTag']['local']))), 'status' => 200, 'type'=> 'json')); @@ -3005,4 +3021,18 @@ class AttributesController extends AppController $sg = $this->Attribute->Event->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', true, $sharingGroupId); return !empty($sg); } + + private function __setIndexFilterConditions() + { + // search by attribute value + if (isset($this->request->params['named']['searchvalue'])) { + $v = $this->request->params['named']['searchvalue']; + $this->paginate['conditions']['AND'][] = [ + 'OR' => [ + ['Attribute.value1' => $v], + ['Attribute.value2' => $v], + ] + ]; + } + } } diff --git a/app/Controller/AuditLogsController.php b/app/Controller/AuditLogsController.php index 298a46e60..4199c748f 100644 --- a/app/Controller/AuditLogsController.php +++ b/app/Controller/AuditLogsController.php @@ -100,7 +100,9 @@ class AuditLogsController extends AppController if ($this->_isRest()) { $this->paginate['fields'][] = 'request_id'; } - + if (!Configure::read('MISP.log_new_audit')) { + $this->Flash->warning(__("Audit log is not enabled. See 'MISP.log_new_audit' in the Server Settings. (Administration -> Server Settings -> MISP tab)")); + } $params = $this->IndexFilter->harvestParameters([ 'ip', 'user', @@ -190,10 +192,13 @@ class AuditLogsController extends AppController $list[$k]['AuditLog']['action_human'] = $this->actions[$item['AuditLog']['action']]; } - $this->set('list', $list); + $this->set('data', $list); $this->set('event', $event); $this->set('mayModify', $this->__canModifyEvent($event)); - $this->set('title_for_layout', __('Audit logs for event #%s', $event['Event']['id'])); + $this->set('menuData', [ + 'menuList' => 'event', + 'menuItem' => 'eventLog' + ]); } public function fullChange($id) diff --git a/app/Controller/AuthKeysController.php b/app/Controller/AuthKeysController.php index dbcb0ed91..ea7289f26 100644 --- a/app/Controller/AuthKeysController.php +++ b/app/Controller/AuthKeysController.php @@ -18,41 +18,13 @@ class AuthKeysController extends AppController ) ); - public function index($id = false) + public function index($user_id = false) { $conditions = $this->__prepareConditions(); - $canCreateAuthkey = true; - if ($id) { - $this->set('user_id', $id); - if ($this->_isAdmin()) { - if ($this->_isSiteAdmin()) { - $canCreateAuthkey = true; - } else { - $user = $this->AuthKey->User->find('first', [ - 'recursive' => -1, - 'conditions' => [ - 'User.id' => $id, - 'User.disabled' => false - ], - 'fields' => ['User.id', 'User.org_id', 'User.disabled'], - 'contain' => [ - 'Role' => [ - 'fields' => [ - 'Role.perm_site_admin', 'Role.perm_admin' - ] - ] - ] - ]); - if ($user['Role']['perm_site_admin'] || ($user['Role']['perm_admin'] && $user['User']['id'] !== $this->Auth->user('id'))) { - $canCreateAuthkey = false; - } else { - $canCreateAuthkey = true; - } - } - } else { - $canCreateAuthkey = (int)$id === (int)$this->Auth->user('id'); - } - $conditions['AND'][] = ['AuthKey.user_id' => $id]; + $canCreateAuthkey = $this->__canCreateAuthKeyForUser($user_id); + if ($user_id) { + $this->set('user_id', $user_id); + $conditions['AND'][] = ['AuthKey.user_id' => $user_id]; } $this->set('canCreateAuthkey', $canCreateAuthkey); $keyUsageEnabled = Configure::read('MISP.log_user_ips') && Configure::read('MISP.log_user_ips_authkeys'); @@ -90,6 +62,9 @@ class AuthKeysController extends AppController public function delete($id) { + if(!$this->__canEditAuthKey($id)) { + throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to interact with an authkey for the given user.')); + } $this->CRUD->delete($id, [ 'conditions' => $this->__prepareConditions(), 'contain' => ['User'], @@ -101,6 +76,9 @@ class AuthKeysController extends AppController public function edit($id) { + if(!$this->__canEditAuthKey($id)) { + throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to interact with an authkey for the given user.')); + } $this->CRUD->edit($id, [ 'conditions' => $this->__prepareConditions(), 'afterFind' => function (array $authKey) { @@ -152,44 +130,16 @@ class AuthKeysController extends AppController $user_id = $this->Auth->user('id'); } $selectConditions = []; - if (!$this->_isSiteAdmin()) { - if ($this->_isAdmin()) { - $role_ids = $this->AuthKey->User->Role->find('column', [ - 'fields' => ['Role.id'], - 'conditions' => [ - 'AND' => [ - 'Role.perm_site_admin' => false, - 'Role.perm_auth' => true, - 'Role.perm_admin' => false - ] - ] - ]); - $user_ids = $this->AuthKey->User->find('column', [ - 'fields' => ['User.id'], - 'conditions' => [ - 'User.org_id' => $this->Auth->user('org_id'), - 'OR' => [ - 'User.role_id' => $role_ids, - 'User.id' => $this->Auth->user('id') - ] - ] - ]); - if (!empty($user_id)) { - if (in_array($user_id, $user_ids)) { - $user_ids = [$user_id]; - } else { - throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to create an authkey for the given user.')); - } - } - $selectConditions['AND'][] = ['User.id' => $user_ids]; - $params['override']['user_id'] = $user_ids[0]; + if ($user_id) { + if ($this->__canCreateAuthKeyForUser($user_id)) { + $selectConditions['AND'][] = ['User.id' => $user_id]; + $params['override']['user_id'] = $user_id; } else { - $selectConditions['AND'][] = ['User.id' => $this->Auth->user('id')]; - $params['override']['user_id'] = $this->Auth->user('id'); + throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to interact with an authkey for the given user.')); } - } else if ($user_id) { - $selectConditions['AND'][] = ['User.id' => $user_id]; - $params['override']['user_id'] = $user_id; + } else { + $selectConditions['AND'][] = ['User.id' => $this->Auth->user('id')]; + $params['override']['user_id'] = $this->Auth->user('id'); } $this->CRUD->add($params); if ($this->IndexFilter->isRest()) { @@ -238,6 +188,33 @@ class AuthKeysController extends AppController ]); } + public function pin($id, $ip) { + if(!$this->__canEditAuthKey($id)) { + throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to interact with an authkey for the given user.')); + } + if ($this->request->is('post')) { + // find entry, to confirm user is authorized + $conditions = $this->__prepareConditions(); + $conditions['AND'][]['AuthKey.id'] = $id; + $authKey = $this->AuthKey->find( + 'first', + ['conditions' => $conditions, + 'recursive'=> 1 + ] + ); + // update the key with the source IP + if ($authKey) { + $authKey['AuthKey']['allowed_ips'] = $ip; + $this->AuthKey->save($authKey, ['fieldList' => ['allowed_ips']]); + $this->Flash->success(__('IP address set as allowed source for the Key.')); + } else { + $this->Flash->error(__('Failed to set IP as source')); + } + } + $this->redirect($this->referer()); + // $this->redirect(['controller' => 'auth_keys', 'view' => 'index']); + } + /** * Return conditions according to current user permission. * @return array @@ -246,7 +223,7 @@ class AuthKeysController extends AppController { $user = $this->Auth->user(); if ($user['Role']['perm_site_admin']) { - $conditions = []; // site admin can see all keys + $conditions = []; // site admin can see/edit all keys } else if ($user['Role']['perm_admin']) { $conditions['AND'][]['User.org_id'] = $user['org_id']; // org admin can see his/her user org auth keys } else { @@ -254,4 +231,54 @@ class AuthKeysController extends AppController } return $conditions; } + + private function __canCreateAuthKeyForUser($user_id) + { + if (!$user_id) + return true; + if ($this->_isAdmin()) { + if ($this->_isSiteAdmin()) { + return true; // site admin is OK for all + } else { + // org admin only for non-admin users and themselves + $user = $this->AuthKey->User->find('first', [ + 'recursive' => -1, + 'conditions' => [ + 'User.id' => $user_id, + 'User.disabled' => false + ], + 'fields' => ['User.id', 'User.org_id', 'User.disabled'], + 'contain' => [ + 'Role' => [ + 'fields' => [ + 'Role.perm_site_admin', 'Role.perm_admin', 'Role.perm_auth' + ] + ] + ] + ]); + if ($user['Role']['perm_site_admin'] || + ($user['Role']['perm_admin'] && $user['User']['id'] !== $this->Auth->user('id')) || + !$user['Role']['perm_auth']) { + // no create/edit for site_admin or other org admin + return false; + } else { + // ok for themselves or users + return true; + } + } + } else { + // user for themselves + return (int)$user_id === (int)$this->Auth->user('id'); + } + } + + private function __canEditAuthKey($key_id) + { + $user_id = $this->AuthKey->find('column', [ + 'fields' => ['AuthKey.user_id'], + 'conditions' => [ + 'AuthKey.id' => $key_id + ]]); + return $this->__canCreateAuthKeyForUser($user_id); + } } diff --git a/app/Controller/CommunitiesController.php b/app/Controller/CommunitiesController.php index 162d7162a..5b7a651bf 100644 --- a/app/Controller/CommunitiesController.php +++ b/app/Controller/CommunitiesController.php @@ -1,15 +1,13 @@ 60, 'maxLimit' => 9999 diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index c18835589..693703a66 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -72,8 +72,9 @@ class ACLComponent extends Component 'add' => ['AND' => ['perm_auth', 'not_read_only_authkey']], 'delete' => ['AND' => ['perm_auth', 'not_read_only_authkey']], 'edit' => ['AND' => ['perm_auth', 'not_read_only_authkey']], + 'pin' => ['AND' => ['perm_auth', 'not_read_only_authkey']], 'index' => ['perm_auth'], - 'view' => ['perm_auth'] + 'view' => ['perm_auth'], ], 'cerebrates' => [ 'add' => [], @@ -125,7 +126,7 @@ class ACLComponent extends Component 'decayingModel' => array( "update" => array(), "export" => array('*'), - "import" => array('*'), + "import" => array('OR' => array('perm_admin', 'perm_decaying')), "view" => array('*'), "index" => array('*'), "add" => array( 'OR' => array('perm_admin', 'perm_decaying')), @@ -384,23 +385,30 @@ class ACLComponent extends Component 'event_index' => array('*'), 'returnDates' => array('*'), 'testForStolenAttributes' => array(), - 'pruneUpdateLogs' => array() + 'pruneUpdateLogs' => array(), + 'index' => array('perm_audit') ), - 'auditLogs' => [ - 'admin_index' => ['perm_audit'], - 'fullChange' => ['perm_audit'], - 'eventIndex' => ['*'], - 'returnDates' => ['*'], - ], - 'modules' => array( - 'index' => array('perm_auth'), - 'queryEnrichment' => array('perm_auth'), - ), + 'auditLogs' => [ + 'admin_index' => ['perm_audit'], + 'fullChange' => ['perm_audit'], + 'eventIndex' => ['*'], + 'returnDates' => ['*'], + ], + 'accessLogs' => [ + 'admin_index' => [], + 'admin_request' => [], + 'admin_queryLog' => [], + ], + 'modules' => array( + 'index' => array('perm_auth'), + 'queryEnrichment' => array('perm_auth'), + ), 'news' => array( - 'add' => array(), - 'edit' => array(), - 'delete' => array(), - 'index' => array('*'), + 'add' => array(), + 'edit' => array(), + 'delete' => array(), + 'admin_index' => array(), + 'index' => ['*'], ), 'noticelists' => array( 'delete' => array(), @@ -429,6 +437,7 @@ class ACLComponent extends Component 'groupAttributesIntoObject' => array('perm_add'), 'revise_object' => array('perm_add'), 'view' => array('*'), + 'createFromFreetext' => ['perm_add'], ), 'objectReferences' => array( 'add' => array('perm_add'), @@ -446,9 +455,9 @@ class ACLComponent extends Component 'objectChoice' => array('*'), 'objectMetaChoice' => array('perm_add'), 'view' => array('*'), - 'viewElements' => array('*'), 'index' => array('*'), - 'update' => array() + 'update' => array(), + 'possibleObjectTemplates' => ['*'], ), 'objectTemplateElements' => array( 'viewElements' => array('*') @@ -475,9 +484,9 @@ class ACLComponent extends Component 'display' => array('*'), ), 'posts' => array( - 'add' => array('not_read_only_authkey'), - 'delete' => array('not_read_only_authkey'), - 'edit' => array('not_read_only_authkey'), + 'add' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']], + 'delete' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']], + 'edit' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']], 'pushMessageToZMQ' => array() ), 'regexp' => array( @@ -604,7 +613,7 @@ class ACLComponent extends Component ), 'sightings' => array( 'add' => array('perm_sighting'), - 'restSearch' => array('perm_sighting'), + 'restSearch' => array('*'), 'advanced' => array('perm_sighting'), 'delete' => ['AND' => ['perm_sighting', 'perm_modify_org']], 'index' => array('*'), @@ -669,6 +678,7 @@ class ACLComponent extends Component 'taxonomyMassHide' => array('perm_tagger'), 'taxonomyMassUnhide' => array('perm_tagger'), 'toggleRequired' => array(), + 'toggleHighlighted' => array(), 'update' => array(), 'import' => [], 'export' => ['*'], @@ -677,6 +687,19 @@ class ACLComponent extends Component 'hideTag' => array('perm_tagger'), 'normalizeCustomTagsToTaxonomyFormat' => [], ), + 'taxiiServers' => [ + 'add' => ['perm_site_admin'], + 'edit' => ['perm_site_admin'], + 'collectionsIndex' => ['perm_site_admin'], + 'index' => ['perm_site_admin'], + 'objectsIndex' => ['perm_site_admin'], + 'objectView' => ['perm_site_admin'], + 'delete' => ['perm_site_admin'], + 'view' => ['perm_site_admin'], + 'push' => ['perm_site_admin'], + 'getRoot' => ['perm_site_admin'], + 'getCollections' => ['perm_site_admin'] + ], 'templateElements' => array( 'add' => array('perm_template'), 'delete' => array('perm_template'), @@ -698,14 +721,15 @@ class ACLComponent extends Component 'view' => array('*'), ), 'threads' => array( - 'index' => array('*'), - 'view' => array('*'), - 'viewEvent' => array('*'), + 'index' => array('discussion_enabled'), + 'view' => array('discussion_enabled'), + 'viewEvent' => array('discussion_enabled'), ), 'users' => array( 'acceptRegistrations' => array(), 'admin_add' => ['AND' => ['perm_admin', 'add_user_enabled']], 'admin_delete' => array('perm_admin'), + 'admin_destroy' => array(), 'admin_edit' => array('perm_admin'), 'admin_email' => array('perm_admin'), 'admin_filterUserIndex' => array('perm_admin'), @@ -724,13 +748,20 @@ class ACLComponent extends Component 'downloadTerms' => array('*'), 'edit' => array('self_management_enabled'), 'email_otp' => array('*'), + 'forgot' => array('*'), + 'otp' => array('*'), + 'hotp' => array('*'), + 'totp_new' => array('*'), + 'totp_delete' => array('perm_admin'), 'searchGpgKey' => array('*'), 'fetchGpgKey' => array('*'), 'histogram' => array('*'), 'initiatePasswordReset' => ['AND' => ['perm_admin', 'password_change_enabled']], 'login' => array('*'), 'logout' => array('*'), + 'logout401' => array('*'), 'notificationSettings' => ['*'], + 'password_reset' => array('*'), 'register' => array('*'), 'registrations' => array(), 'resetAllSyncAuthKeys' => array(), @@ -759,7 +790,7 @@ class ACLComponent extends Component 'eventIndexColumnToggle' => ['*'], ), 'warninglists' => array( - 'checkValue' => array('perm_auth'), + 'checkValue' => ['*'], 'delete' => ['perm_warninglist'], 'enableWarninglist' => ['perm_warninglist'], 'getToggleField' => ['perm_warninglist'], @@ -849,6 +880,9 @@ class ACLComponent extends Component $this->dynamicChecks['delegation_enabled'] = function (array $user) { return (bool)Configure::read('MISP.delegation'); }; + $this->dynamicChecks['discussion_enabled'] = function (array $user) { + return !Configure::read('MISP.discussion_disable'); + }; // Returns true if current user is not using advanced auth key or if authkey is not read only $this->dynamicChecks['not_read_only_authkey'] = function (array $user) { return !isset($user['authkey_read_only']) || !$user['authkey_read_only']; @@ -998,7 +1032,7 @@ class ACLComponent extends Component */ public function canEditEventReport(array $user, array $eventReport) { - if (!isset($report['Event'])) { + if (!isset($eventReport['Event'])) { throw new InvalidArgumentException('Passed object does not contain an Event.'); } if ($user['Role']['perm_site_admin']) { diff --git a/app/Controller/Component/Auth/ApacheAuthenticate.php b/app/Controller/Component/Auth/ApacheAuthenticate.php index 5fcfd50cb..77979d17e 100644 --- a/app/Controller/Component/Auth/ApacheAuthenticate.php +++ b/app/Controller/Component/Auth/ApacheAuthenticate.php @@ -38,10 +38,10 @@ class ApacheAuthenticate extends BaseAuthenticate } return $returnCode; } - + private function getEmailAddress($ldapEmailField, $ldapUserData) { - // return the email address of an LDAP user if one of the fields in $ldapEmaiLField exists + // return the email address of an LDAP user if one of the fields in $ldapEmaiLField exists foreach($ldapEmailField as $field) { if (isset($ldapUserData[0][$field][0])) { return $ldapUserData[0][$field][0]; @@ -73,6 +73,14 @@ class ApacheAuthenticate extends BaseAuthenticate ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, Configure::read('ApacheSecureAuth.ldapProtocol')); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, Configure::read('ApacheSecureAuth.ldapAllowReferrals', true)); + if (Configure::read('ApacheSecureAuth.starttls', false) == true) { + # Default is false, sine STARTTLS support is a new feature + # Ignored on ldaps://, but can trigger problems for orgs + # using unencrypted LDAP. Loose comparison allows users to + # use # true / 1 / etc. + ldap_start_tls($ldapconn); + } + if ($ldapconn) { // LDAP bind $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass); @@ -105,7 +113,6 @@ class ApacheAuthenticate extends BaseAuthenticate } else { die("User not found in LDAP"); } - // close LDAP connection ldap_close($ldapconn); } diff --git a/app/Controller/Component/BetterSecurityComponent.php b/app/Controller/Component/BetterSecurityComponent.php index df3540a4d..a6eb76a0e 100644 --- a/app/Controller/Component/BetterSecurityComponent.php +++ b/app/Controller/Component/BetterSecurityComponent.php @@ -13,6 +13,15 @@ class BetterSecurityComponent extends SecurityComponent */ public $doNotGenerateToken = false; + public function blackHole(Controller $controller, $error = '', SecurityException $exception = null) + { + $action = $controller->request->params['action']; + $unlockedActions = JsonTool::encode($this->unlockedActions); + $isRest = $controller->IndexFilter->isRest() ? '1' : '0'; + $this->log("Blackhole exception when accessing $controller->here (isRest: $isRest, action: $action, unlockedActions: $unlockedActions): {$exception->getMessage()}"); // log blackhole exception + return parent::blackHole($controller, $error, $exception); + } + public function generateToken(CakeRequest $request) { if (isset($request->params['requested']) && $request->params['requested'] === 1) { diff --git a/app/Controller/Component/CRUDComponent.php b/app/Controller/Component/CRUDComponent.php index fb276e34d..81ad2bfb1 100644 --- a/app/Controller/Component/CRUDComponent.php +++ b/app/Controller/Component/CRUDComponent.php @@ -114,7 +114,7 @@ class CRUDComponent extends Component $this->Controller->Flash->success($message); if (!empty($params['displayOnSuccess'])) { $this->Controller->set('entity', $data); - $this->Controller->set('referer', $this->Controller->referer()); + $this->Controller->set('referer', $this->Controller->referer(['action' => 'view', $model->id], true)); $this->Controller->render($params['displayOnSuccess']); return; } diff --git a/app/Controller/Component/CompressedRequestHandlerComponent.php b/app/Controller/Component/CompressedRequestHandlerComponent.php index 969303257..4aa1135c0 100644 --- a/app/Controller/Component/CompressedRequestHandlerComponent.php +++ b/app/Controller/Component/CompressedRequestHandlerComponent.php @@ -1,19 +1,16 @@ request->setInput($this->decodeBrotliEncodedContent($controller)); } else if ($contentEncoding === 'gzip') { $controller->request->setInput($this->decodeGzipEncodedContent($controller)); } else { - throw new MethodNotAllowedException("Unsupported content encoding '$contentEncoding'."); + throw new BadRequestException("Unsupported content encoding '$contentEncoding'."); } } } @@ -24,10 +21,10 @@ class CompressedRequestHandlerComponent extends Component public function supportedEncodings() { $supportedEncodings = []; - if (function_exists('gzdecode') || function_exists('inflate_init')) { + if (function_exists('gzdecode')) { $supportedEncodings[] = 'gzip'; } - if (function_exists('brotli_uncompress') || function_exists('brotli_uncompress_init')) { + if (function_exists('brotli_uncompress')) { $supportedEncodings[] = 'br'; } return $supportedEncodings; @@ -36,44 +33,17 @@ class CompressedRequestHandlerComponent extends Component /** * @return string * @throws Exception - * @see CakeRequest::_readInput() */ private function decodeGzipEncodedContent(Controller $controller) { - if (function_exists('inflate_init')) { - // Decompress data on the fly if supported - $resource = inflate_init(ZLIB_ENCODING_GZIP); - if ($resource === false) { - throw new Exception('GZIP incremental uncompress init failed.'); - } - $uncompressed = ''; - foreach ($this->streamInput() as $data) { - $uncompressedChunk = inflate_add($resource, $data); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - $uncompressed .= $uncompressedChunk; - if (strlen($uncompressed) > self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); - } - } - $uncompressedChunk = inflate_add($resource, '', ZLIB_FINISH); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - return $uncompressed . $uncompressedChunk; - - } else if (function_exists('gzdecode')) { - $decoded = gzdecode($controller->request->input(), self::MAX_SIZE); + if (function_exists('gzdecode')) { + $decoded = gzdecode($controller->request->input()); if ($decoded === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - if (strlen($decoded) >= self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); + throw new BadRequestException('Invalid compressed data.'); } return $decoded; } else { - throw new MethodNotAllowedException("This server doesn't support GZIP compressed requests."); + throw new BadRequestException("This server doesn't support GZIP compressed requests."); } } @@ -81,65 +51,17 @@ class CompressedRequestHandlerComponent extends Component * @param Controller $controller * @return string * @throws Exception - * @see CakeRequest::_readInput() */ private function decodeBrotliEncodedContent(Controller $controller) { - if (function_exists('brotli_uncompress_init')) { - // Decompress data on the fly if supported - $resource = brotli_uncompress_init(); - if ($resource === false) { - throw new Exception('Brotli incremental uncompress init failed.'); - } - $uncompressed = ''; - foreach ($this->streamInput() as $data) { - $uncompressedChunk = brotli_uncompress_add($resource, $data, BROTLI_PROCESS); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - $uncompressed .= $uncompressedChunk; - if (strlen($uncompressed) > self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); - } - } - $uncompressedChunk = brotli_uncompress_add($resource, '', BROTLI_FINISH); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - return $uncompressed . $uncompressedChunk; - - } else if (function_exists('brotli_uncompress')) { - $decoded = brotli_uncompress($controller->request->input(), self::MAX_SIZE); + if (function_exists('brotli_uncompress')) { + $decoded = brotli_uncompress($controller->request->input()); if ($decoded === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - if (strlen($decoded) >= self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); + throw new BadRequestException('Invalid compressed data.'); } return $decoded; } else { - throw new MethodNotAllowedException("This server doesn't support brotli compressed requests."); + throw new BadRequestException("This server doesn't support brotli compressed requests."); } } - - /** - * @param int $chunkSize - * @return Generator - * @throws Exception - */ - private function streamInput($chunkSize = 8192) - { - $fh = fopen('php://input', 'rb'); - if ($fh === false) { - throw new Exception("Could not open PHP input for reading."); - } - while (!feof($fh)) { - $data = fread($fh, $chunkSize); - if ($data === false) { - throw new Exception("Could not read PHP input."); - } - yield $data; - } - fclose($fh); - } } diff --git a/app/Controller/Component/IOCImportComponent.php b/app/Controller/Component/IOCImportComponent.php index f265d1ed2..163b17c5a 100644 --- a/app/Controller/Component/IOCImportComponent.php +++ b/app/Controller/Component/IOCImportComponent.php @@ -190,7 +190,7 @@ class IOCImportComponent extends Component $duplicateFilter = array(); // check if we have any attributes, if yes, add their UUIDs to our list of success-array - if (count($event['Attribute']) > 0) { + if (isset($event['Attribute']) && count($event['Attribute']) > 0) { foreach ($event['Attribute'] as $k => $attribute) { $condensed = strtolower($attribute['value']) . $attribute['category'] . $attribute['type']; if (!in_array($condensed, $duplicateFilter)) { diff --git a/app/Controller/Component/IndexFilterComponent.php b/app/Controller/Component/IndexFilterComponent.php index fb0d62553..8d78351aa 100644 --- a/app/Controller/Component/IndexFilterComponent.php +++ b/app/Controller/Component/IndexFilterComponent.php @@ -44,15 +44,21 @@ class IndexFilterComponent extends Component } } } + + $data = $this->__massageData($data, $request, $paramArray); + + $this->Controller->set('passedArgs', json_encode($this->Controller->passedArgs)); + return $data; + } + + private function __massageData($data, $request, $paramArray) + { + $data = array_filter($data, function($paramName) use ($paramArray) { + return !empty($paramArray[$paramName]); + }, ARRAY_FILTER_USE_KEY); + if (!empty($paramArray)) { foreach ($paramArray as $p) { - if ( - isset($options['ordered_url_params'][$p]) && - (!in_array(strtolower((string)$options['ordered_url_params'][$p]), array('null', '0', false, 'false', null))) - ) { - $data[$p] = $options['ordered_url_params'][$p]; - $data[$p] = str_replace(';', ':', $data[$p]); - } if (isset($request->params['named'][$p])) { $data[$p] = str_replace(';', ':', $request->params['named'][$p]); } @@ -67,28 +73,8 @@ class IndexFilterComponent extends Component } } unset($v); - if (!empty($options['additional_delimiters'])) { - if (!is_array($options['additional_delimiters'])) { - $options['additional_delimiters'] = array($options['additional_delimiters']); - } - foreach ($data as $k => $v) { - $found = false; - foreach ($options['additional_delimiters'] as $delim) { - if (strpos($v, $delim) !== false) { - $found = true; - break; - } - } - if ($found) { - $data[$k] = explode($options['additional_delimiters'][0], str_replace($options['additional_delimiters'], $options['additional_delimiters'][0], $v)); - foreach ($data[$k] as $k2 => $value) { - $data[$k][$k2] = trim($data[$k][$k2]); - } - } - } - } - $this->Controller->set('passedArgs', json_encode($this->Controller->passedArgs)); return $data; + } public function isRest() diff --git a/app/Controller/Component/RestResponseComponent.php b/app/Controller/Component/RestResponseComponent.php index 28d4a60e0..0e3f4d09d 100644 --- a/app/Controller/Component/RestResponseComponent.php +++ b/app/Controller/Component/RestResponseComponent.php @@ -608,37 +608,47 @@ class RestResponseComponent extends Component $type = 'csv'; } else { $type = $format; - $dumpSql = !empty($this->Controller->sql_dump) && Configure::read('debug') > 1; + + $dumpSql = intval($this->Controller->request->params['named']['sql'] ?? 0); + if ($dumpSql && Configure::read('debug') < 2) { + $dumpSql = 0; // disable dumping SQL if debugging is off + } + if (!$raw) { if (is_string($response)) { $response = array('message' => $response); } if ($dumpSql) { - $this->Log = ClassRegistry::init('Log'); - if ($this->Controller->sql_dump === 2) { - $response = array('sql_dump' => $this->Log->getDataSource()->getLog(false, false)); + if ($dumpSql === 2) { + $response = ['sql_dump' => $this->getSqlLog()]; } else { - $response['sql_dump'] = $this->Log->getDataSource()->getLog(false, false); + $response['sql_dump'] = $this->getSqlLog(); } } - $flags = JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE; - if (!$this->isAutomaticTool()) { - $flags |= JSON_PRETTY_PRINT; // Do not pretty print response for automatic tools + // If response is big array, encode items separately to save memory + if (is_array($response) && count($response) > 10000) { + $output = new TmpFileTool(); + $output->write('['); + + foreach ($response as $item) { + $output->writeWithSeparator(JsonTool::encode($item), ','); + } + + $output->write(']'); + $response = $output; + } else { + $prettyPrint = !$this->isAutomaticTool(); // Do not pretty print response for automatic tools + $response = JsonTool::encode($response, $prettyPrint); } - if (defined('JSON_THROW_ON_ERROR')) { - $flags |= JSON_THROW_ON_ERROR; // Throw exception on error if supported - } - $response = json_encode($response, $flags); } else { if ($dumpSql) { - $this->Log = ClassRegistry::init('Log'); - if ($this->Controller->sql_dump === 2) { - $response = json_encode(array('sql_dump' => $this->Log->getDataSource()->getLog(false, false))); + if ($dumpSql === 2) { + $response = JsonTool::encode(['sql_dump' => $this->getSqlLog()]); } else { $response = substr_replace( $response, - sprintf(', "sql_dump": %s}', json_encode($this->Log->getDataSource()->getLog(false, false))), + sprintf(', "sql_dump": %s}', JsonTool::encode($this->getSqlLog())), -2 ); } @@ -2104,4 +2114,12 @@ class RestResponseComponent extends Component } return '/' . $admin_routing . $controller . '/' . $action; } + + /** + * @return array + */ + private function getSqlLog() + { + return $this->Controller->User->getDataSource()->getLog(false, false); + } } diff --git a/app/Controller/DashboardsController.php b/app/Controller/DashboardsController.php index 9b87e8afd..25df8ec0f 100644 --- a/app/Controller/DashboardsController.php +++ b/app/Controller/DashboardsController.php @@ -88,22 +88,24 @@ class DashboardsController extends AppController public function getForm($action = 'edit') { - if ($this->request->is('post') || $this->request->is('put')) { + if ($this->request->is(['post', 'put'])) { $data = $this->request->data; - if ($action === 'edit' && !isset($data['widget'])) { - throw new InvalidArgumentException(__('No widget name passed.')); - } if (empty($data['config'])) { $data['config'] = ''; } if ($action === 'add') { $data['widget_options'] = $this->Dashboard->loadAllWidgets($this->Auth->user()); - } else { + } else if ($action === 'edit') { + if (!isset($data['widget'])) { + throw new BadRequestException(__('No widget name passed.')); + } $dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $data['widget']); $data['description'] = empty($dashboardWidget->description) ? '' : $dashboardWidget->description; $data['params'] = empty($dashboardWidget->params) ? array() : $dashboardWidget->params; $data['params'] = array_merge($data['params'], array('widget_config' => __('Configuration of the widget that will be passed to the render. Check the view for more information'))); $data['params'] = array_merge(array('alias' => __('Alias to use as the title of the widget')), $data['params']); + } else { + throw new BadRequestException(__('Invalid action provided, just add or edit is supported.')); } $this->set('data', $data); $this->layout = false; @@ -183,13 +185,17 @@ class DashboardsController extends AppController } else { $data = $dashboardWidget->handler($user, $valueConfig); } - + $renderer = method_exists($dashboardWidget, 'getRenderer') ? $dashboardWidget->getRenderer($valueConfig) : $dashboardWidget->render; $config = array( - 'render' => $dashboardWidget->render, + 'render' => $renderer, 'autoRefreshDelay' => empty($dashboardWidget->autoRefreshDelay) ? false : $dashboardWidget->autoRefreshDelay, 'widget_config' => empty($valueConfig['widget_config']) ? array() : $valueConfig['widget_config'] ); + if (!empty($this->request->params['named']['exportjson'])) { + return $this->RestResponse->viewData($data); + } + $this->layout = false; $this->set('title', $dashboardWidget->title); $this->set('widget_id', $widget_id); @@ -316,6 +322,8 @@ class DashboardsController extends AppController public function listTemplates() { $conditions = array(); + // load all widgets for internal use, won't be displayed to the user. Thus we circumvent the ACL on it. + $accessible_widgets = array_keys($this->Dashboard->loadAllWidgets($this->Auth->user())); if (!$this->_isSiteAdmin()) { $permission_flags = array(); foreach ($this->Auth->user('Role') as $perm => $value) { @@ -394,6 +402,15 @@ class DashboardsController extends AppController } $element['Dashboard']['widgets'] = array_keys($widgets); sort($element['Dashboard']['widgets']); + $temp = []; + foreach ($element['Dashboard']['widgets'] as $widget) { + if (in_array($widget, $accessible_widgets)) { + $temp['allow'][] = $widget; + } else { + $temp['deny'][] = $widget; + } + } + $element['Dashboard']['widgets'] = $temp; if ($element['Dashboard']['user_id'] != $this->Auth->user('id')) { $element['User']['email'] = ''; } diff --git a/app/Controller/DecayingModelController.php b/app/Controller/DecayingModelController.php index 3b0ac6377..0d1394ea1 100644 --- a/app/Controller/DecayingModelController.php +++ b/app/Controller/DecayingModelController.php @@ -377,13 +377,15 @@ class DecayingModelController extends AppController $decaying_model['DecayingModel']['enabled'] = 1; if ($this->DecayingModel->save($decaying_model)) { + $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); + if (empty($model)) { + throw new NotFoundException(__('No Decaying Model with the provided ID exists')); + } + $response = array('data' => $model, 'action' => 'enable'); if ($this->request->is('ajax')) { - $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); - if (empty($model)) { - throw new NotFoundException(__('No Decaying Model with the provided ID exists')); - } - $response = array('data' => $model, 'action' => 'enable'); return $this->RestResponse->viewData($response, $this->response->type()); + } else if ($this->_isRest()) { + return $this->RestResponse->successResponse($id, __('Decaying model enabled'), $model); } $this->Flash->success(__('Decaying Model enabled.')); } else { @@ -400,7 +402,7 @@ class DecayingModelController extends AppController } $this->Flash->error(__('Error while enabling decaying model')); } - $this->redirect($this->referer()); + $this->redirect(array('action' => 'index')); } else { $this->set('model', $decaying_model['DecayingModel']); $this->render('ajax/enable_form'); @@ -420,13 +422,15 @@ class DecayingModelController extends AppController $decaying_model['DecayingModel']['enabled'] = 0; if ($this->DecayingModel->save($decaying_model)) { + $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); + if (empty($model)) { + throw new NotFoundException(__('No Decaying Model with the provided ID exists')); + } + $response = array('data' => $model, 'action' => 'disable'); if ($this->request->is('ajax')) { - $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); - if (empty($model)) { - throw new NotFoundException(__('No Decaying Model with the provided ID exists')); - } - $response = array('data' => $model, 'action' => 'disable'); return $this->RestResponse->viewData($response, $this->response->type()); + } else if ($this->_isRest()) { + return $this->RestResponse->successResponse($id, __('Decaying model disabled'), $model); } $this->Flash->success(__('Decaying Model disabled.')); } else { diff --git a/app/Controller/EventReportsController.php b/app/Controller/EventReportsController.php index d4d972d36..0a32b5f8a 100644 --- a/app/Controller/EventReportsController.php +++ b/app/Controller/EventReportsController.php @@ -492,9 +492,9 @@ class EventReportsController extends AppController $this->set('sharingGroups', $sgs); } - private function __injectPermissionsToViewContext($user, $report) + private function __injectPermissionsToViewContext(array $user, array $report) { - $canEdit = $this->EventReport->canEditReport($user, $report) === true; + $canEdit = $this->ACL->canEditEventReport($user, $report); $this->set('canEdit', $canEdit); } diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index d430cfbf1..b2905f6ec 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -111,6 +111,10 @@ class EventsController extends AppController if (in_array($this->request->action, ['checkLocks', 'getDistributionGraph'], true)) { $this->Security->doNotGenerateToken = true; } + + if (Configure::read('Plugin.CustomAuth_enable') && in_array($this->request->action, ['saveFreeText'], true)) { + $this->Security->csrfCheck = false; + } } /** @@ -665,6 +669,25 @@ class EventsController extends AppController [$eventReportQuery] ] ]; + break; + case 'value': + if ($v == "") { + continue 2; + } + $conditions['OR'] = [ + ['Attribute.value1' => $v], + ['Attribute.value2' => $v], + ]; + + $eventIds = $this->Event->Attribute->fetchAttributes($this->Auth->user(), array( + 'conditions' => $conditions, + 'flatten' => true, + 'event_ids' => true, + 'list' => true, + )); + + $this->paginate['conditions']['AND'][] = array('Event.id' => $eventIds); + break; default: continue 2; @@ -678,7 +701,7 @@ class EventsController extends AppController { // list the events $urlparams = ""; - $overrideAbleParams = array('all', 'attribute', 'published', 'eventid', 'datefrom', 'dateuntil', 'org', 'eventinfo', 'tag', 'tags', 'distribution', 'sharinggroup', 'analysis', 'threatlevel', 'email', 'hasproposal', 'timestamp', 'publishtimestamp', 'publish_timestamp', 'minimal'); + $overrideAbleParams = array('all', 'attribute', 'published', 'eventid', 'datefrom', 'dateuntil', 'org', 'eventinfo', 'tag', 'tags', 'distribution', 'sharinggroup', 'analysis', 'threatlevel', 'email', 'hasproposal', 'timestamp', 'publishtimestamp', 'publish_timestamp', 'minimal', 'value'); $paginationParams = array('limit', 'page', 'sort', 'direction', 'order'); $passedArgs = $this->passedArgs; if (!empty($this->request->data)) { @@ -990,7 +1013,7 @@ class EventsController extends AppController $possibleColumns[] = 'proposals'; } - if (Configure::read('MISP.showDiscussionsCountOnIndex')) { + if (Configure::read('MISP.showDiscussionsCountOnIndex') && !Configure::read('MISP.discussion_disable')) { $possibleColumns[] = 'discussion'; } @@ -1022,6 +1045,7 @@ class EventsController extends AppController if (in_array('tags', $columns, true) || in_array('clusters', $columns, true)) { $events = $this->Event->attachTagsToEvents($events); $events = $this->GalaxyCluster->attachClustersToEventIndex($user, $events, true); + $events = $this->__attachHighlightedTagsToEvents($events); } if (in_array('correlations', $columns, true)) { @@ -1036,7 +1060,7 @@ class EventsController extends AppController $events = $this->Event->attachProposalsCountToEvents($user, $events); } - if (in_array('discussion', $columns, true)) { + if (in_array('discussion', $columns, true) && !Configure::read('MISP.discussion_disable')) { $events = $this->Event->attachDiscussionsCountToEvents($user, $events); } @@ -1302,6 +1326,7 @@ class EventsController extends AppController } // remove galaxies tags + $containsProposals = !empty($event['ShadowAttribute']);; $this->loadModel('Taxonomy'); foreach ($event['Object'] as $k => $object) { if (isset($object['Attribute'])) { @@ -1312,6 +1337,9 @@ class EventsController extends AppController $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($attribute['AttributeTag']); $event['Object'][$k]['Attribute'][$k2]['tagConflicts'] = $tagConflicts; } + if (!$containsProposals && !empty($attribute['ShadowAttribute'])) { + $containsProposals = true; + } } } } @@ -1323,6 +1351,9 @@ class EventsController extends AppController $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($attribute['AttributeTag']); $attribute['tagConflicts'] = $tagConflicts; } + if (!$containsProposals && !empty($attribute['ShadowAttribute'])) { + $containsProposals = true; + } } if (empty($this->passedArgs['sort'])) { $filters['sort'] = 'timestamp'; @@ -1337,6 +1368,7 @@ class EventsController extends AppController } $this->params->params['paging'] = array($this->modelClass => $params); $this->set('event', $event); + $this->set('includeOrgColumn', (isset($conditions['extended']) || $containsProposals)); $this->set('includeSightingdb', (!empty($filters['includeSightingdb']) && Configure::read('Plugin.Sightings_sighting_db_enable'))); $this->set('deleted', isset($filters['deleted']) && $filters['deleted'] != 0); $this->set('attributeFilter', isset($filters['attributeFilter']) ? $filters['attributeFilter'] : 'all'); @@ -1386,32 +1418,11 @@ class EventsController extends AppController $emptyEvent = (empty($event['Object']) && empty($event['Attribute'])); $this->set('emptyEvent', $emptyEvent); - $attributeCount = isset($event['Attribute']) ? count($event['Attribute']) : 0; - $objectCount = isset($event['Object']) ? count($event['Object']) : 0; - $oldest_timestamp = false; + // set the data for the contributors / history field $contributors = $this->Event->ShadowAttribute->getEventContributors($event['Event']['id']); $this->set('contributors', $contributors); - if ($this->__canPublishEvent($event, $user)) { - $proposalStatus = false; - if (isset($event['ShadowAttribute']) && !empty($event['ShadowAttribute'])) { - $proposalStatus = true; - } - if (!$proposalStatus && !empty($event['Attribute'])) { - foreach ($event['Attribute'] as $temp) { - if (!empty($temp['ShadowAttribute'])) { - $proposalStatus = true; - break; - } - } - } - $mess = $this->Session->read('Message'); - if ($proposalStatus && empty($mess)) { - $this->Flash->info('This event has active proposals for you to accept or discard.'); - } - } - // set the pivot data $this->helpers[] = 'Pivot'; if ($continue) { @@ -1435,7 +1446,7 @@ class EventsController extends AppController } } foreach ($relatedEventCorrelationCount as $key => $relation) { - $relatedEventCorrelationCount[$key] = count($relatedEventCorrelationCount[$key]); + $relatedEventCorrelationCount[$key] = count($relation); } $this->Event->removeGalaxyClusterTags($event); @@ -1449,11 +1460,15 @@ class EventsController extends AppController } $this->set('tagConflicts', $tagConflicts); + $attributeCount = isset($event['Attribute']) ? count($event['Attribute']) : 0; + $objectCount = isset($event['Object']) ? count($event['Object']) : 0; + $oldestTimestamp = PHP_INT_MAX; + $containsProposals = !empty($event['ShadowAttribute']); $modDate = date("Y-m-d", $event['Event']['timestamp']); $modificationMap = array($modDate => 1); foreach ($event['Attribute'] as $k => $attribute) { - if ($oldest_timestamp === false || $oldest_timestamp > $attribute['timestamp']) { - $oldest_timestamp = $attribute['timestamp']; + if ($oldestTimestamp > $attribute['timestamp']) { + $oldestTimestamp = $attribute['timestamp']; } $modDate = date("Y-m-d", $attribute['timestamp']); $modificationMap[$modDate] = !isset($modificationMap[$modDate]) ? 1 : $modificationMap[$modDate] + 1; @@ -1470,10 +1485,10 @@ class EventsController extends AppController } $event['Attribute'][$k]['tagConflicts'] = $tagConflicts; } + if (!$containsProposals && !empty($attribute['ShadowAttribute'])) { + $containsProposals = true; + } } - $attributeTagsName = $this->Event->Attribute->AttributeTag->extractAttributeTagsNameFromEvent($event); - $this->set('attributeTags', array_values($attributeTagsName['tags'])); - $this->set('attributeClusters', array_values($attributeTagsName['clusters'])); foreach ($event['Object'] as $k => $object) { $modDate = date("Y-m-d", $object['timestamp']); @@ -1481,8 +1496,8 @@ class EventsController extends AppController if (!empty($object['Attribute'])) { $attributeCount += count($object['Attribute']); foreach ($object['Attribute'] as $k2 => $attribute) { - if ($oldest_timestamp === false || $oldest_timestamp > $attribute['timestamp']) { - $oldest_timestamp = $attribute['timestamp']; + if ($oldestTimestamp > $attribute['timestamp']) { + $oldestTimestamp = $attribute['timestamp']; } $modDate = date("Y-m-d", $attribute['timestamp']); @@ -1500,9 +1515,24 @@ class EventsController extends AppController } $event['Object'][$k]['Attribute'][$k2]['tagConflicts'] = $tagConflicts; } + if (!$containsProposals && !empty($attribute['ShadowAttribute'])) { + $containsProposals = true; + } } } } + + if ($containsProposals && $this->__canPublishEvent($event, $user)) { + $mess = $this->Session->read('Message'); + if (empty($mess)) { + $this->Flash->info(__('This event has active proposals for you to accept or discard.')); + } + } + + $attributeTagsName = $this->Event->Attribute->AttributeTag->extractAttributeTagsNameFromEvent($event); + $this->set('attributeTags', array_values($attributeTagsName['tags'])); + $this->set('attributeClusters', array_values($attributeTagsName['clusters'])); + $this->set('warningTagConflicts', $warningTagConflicts); $filters['sort'] = 'timestamp'; $filters['direction'] = 'desc'; @@ -1584,9 +1614,10 @@ class EventsController extends AppController if (!empty($filters['includeSightingdb']) && Configure::read('Plugin.Sightings_sighting_db_enable')) { $this->set('sightingdbs', $this->Sightingdb->getSightingdbList($user)); } + $this->set('includeOrgColumn', $this->viewVars['extended'] || $containsProposals); $this->set('includeSightingdb', !empty($filters['includeSightingdb']) && Configure::read('Plugin.Sightings_sighting_db_enable')); $this->set('relatedEventCorrelationCount', $relatedEventCorrelationCount); - $this->set('oldest_timestamp', $oldest_timestamp); + $this->set('oldest_timestamp', $oldestTimestamp === PHP_INT_MAX ? false : $oldestTimestamp); $this->set('missingTaxonomies', $this->Event->missingTaxonomies($event)); $this->set('currentUri', $attributeUri); $this->set('filters', $filters); @@ -1645,6 +1676,7 @@ class EventsController extends AppController $cortex_modules = $this->Module->getEnabledModules($user, false, 'Cortex'); $this->set('cortex_modules', $cortex_modules); } + $this->set('sightingsDbEnabled', (bool)Configure::read('Plugin.Sightings_sighting_db_enable')); } public function view($id = null, $continue = false, $fromEvent = null) @@ -1805,6 +1837,8 @@ class EventsController extends AppController $this->set('includeRelatedTags', (!empty($namedParams['includeRelatedTags'])) ? 1 : 0); $this->set('includeDecayScore', (!empty($namedParams['includeDecayScore'])) ? 1 : 0); + $this->__setHighlightedTags($event); + if ($this->_isSiteAdmin() && $event['Event']['orgc_id'] !== $this->Auth->user('org_id')) { $this->Flash->info(__('You are currently logged in as a site administrator and about to edit an event not belonging to your organisation. This goes against the sharing model of MISP. Use a normal user account for day to day work.')); } @@ -2273,7 +2307,12 @@ class EventsController extends AppController foreach ($analysisLevels as $key => $value) { $fieldDesc['analysis'][$key] = $this->Event->analysisDescriptions[$key]['formdesc']; } - $this->Flash->info(__('The event created will be visible to the organisations having an account on this platform, but not synchronised to other MISP instances until it is published.')); + + if (Configure::read('MISP.unpublishedprivate')) { + $this->Flash->info(__('The event created will be visible only to your organisation until it is published.')); + } else { + $this->Flash->info(__('The event created will be visible to the organisations having an account on this platform, but not synchronised to other MISP instances until it is published.')); + } $this->set('fieldDesc', $fieldDesc); if (isset($this->params['named']['extends'])) { $this->set('extends_uuid', $this->params['named']['extends']); @@ -2300,7 +2339,7 @@ class EventsController extends AppController // set the id $this->set('id', $id); // set whether it is published or not - $this->set('published', $this->Event->data['Event']['published']); + $this->set('published', $this->Event->data['Event']['published'] ?? false); } public function add_misp_export() @@ -2308,6 +2347,9 @@ class EventsController extends AppController if ($this->request->is('post')) { $results = array(); if (!empty($this->request->data)) { + if (empty($this->request->data['Event'])) { + $this->request->data['Event'] = $this->request->data; + } if (!empty($this->request->data['Event']['filecontent'])) { $data = $this->request->data['Event']['filecontent']; $isXml = $data[0] === '<'; @@ -2341,29 +2383,64 @@ class EventsController extends AppController $results = $this->Event->addMISPExportFile($this->Auth->user(), $data, $isXml, $takeOwnership, $publish); } catch (Exception $e) { $this->log("Exception during processing MISP file import: {$e->getMessage()}"); - $this->Flash->error(__('Could not process MISP export file. Probably file content is invalid.')); + $this->Flash->error(__('Could not process MISP export file. %s.', $e->getMessage())); $this->redirect(['controller' => 'events', 'action' => 'add_misp_export']); } } $this->set('results', $results); $this->render('add_misp_export_result'); } + $this->set('title_for_layout', __('Import from MISP Export File')); } - public function upload_stix($stix_version = '1', $publish = false) + public function upload_stix($stix_version = '1', $publish = false, $galaxies_as_tags = true, $debug = false) { + $sgs = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', 1); + $initialDistribution = 0; + if (Configure::read('MISP.default_event_distribution') != null) { + $initialDistribution = Configure::read('MISP.default_event_distribution'); + } + $distributionLevels = $this->Event->distributionLevels; if ($this->request->is('post')) { if ($this->_isRest()) { if (isset($this->params['named']['publish'])) { $publish = $this->params['named']['publish']; } + if (isset($this->params['named']['distribution'])) { + $distribution = intval($this->params['named']['distribution']); + if (array_key_exists($distribution, $distributionLevels)) { + $initialDistribution = $distribution; + } else { + throw new MethodNotAllowedException(__('Wrong distribution level')); + } + } + $sharingGroupId = null; + if ($initialDistribution == 4) { + if (!isset($this->params['named']['sharing_group_id'])) { + throw new MethodNotAllowedException(__('The sharing group id is needed when the distribution is set to 4 ("Sharing group").')); + } + $sharingGroupId = intval($this->params['named']['sharing_group_id']); + if (!array_key_exists($sharingGroupId, $sgs)) { + throw new MethodNotAllowedException(__('Please select a valid sharing group id.')); + } + } + if (isset($this->params['named']['galaxies_as_tags'])) { + $galaxies_as_tags = $this->params['named']['galaxies_as_tags']; + } + if (isset($this->params['named']['debugging'])) { + $debug = $this->params['named']['debugging']; + } $filePath = FileAccessTool::writeToTempFile($this->request->input()); $result = $this->Event->upload_stix( $this->Auth->user(), $filePath, $stix_version, 'uploaded_stix_file.' . ($stix_version == '1' ? 'xml' : 'json'), - $publish + $publish, + $initialDistribution, + $sharingGroupId, + $galaxies_as_tags, + $debug ); if (is_numeric($result)) { $event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $result)); @@ -2382,12 +2459,19 @@ class EventsController extends AppController if (!move_uploaded_file($this->data['Event']['stix']['tmp_name'], $filePath)) { throw new Exception("Could not move uploaded STIX file."); } + if (isset($this->data['Event']['debug'])) { + $debug = $this->data['Event']['debug']; + } $result = $this->Event->upload_stix( $this->Auth->user(), $filePath, $stix_version, $original_file, - $this->data['Event']['publish'] + $this->data['Event']['publish'], + $this->data['Event']['distribution'], + $this->data['Event']['sharing_group_id'], + !boolval($this->data['Event']['galaxies_parsing']), + $debug ); if (is_numeric($result)) { $this->Flash->success(__('STIX document imported.')); @@ -2405,6 +2489,20 @@ class EventsController extends AppController } } $this->set('stix_version', $stix_version == 2 ? '2.x JSON' : '1.x XML'); + $this->set('initialDistribution', $initialDistribution); + $distributions = array_keys($this->Event->distributionDescriptions); + $distributions = $this->_arrayToValuesIndexArray($distributions); + $this->set('distributions', $distributions); + $fieldDesc = array(); + if (empty($sgs)) { + unset($distributionLevels[4]); + } + $this->set('distributionLevels', $distributionLevels); + foreach ($distributionLevels as $key => $value) { + $fieldDesc['distribution'][$key] = $this->Event->distributionDescriptions[$key]['formdesc']; + } + $this->set('sharingGroups', $sgs); + $this->set('fieldDesc', $fieldDesc); } public function merge($target_id=null, $source_id=null) @@ -2540,7 +2638,7 @@ class EventsController extends AppController } } - public function populate($id) + public function populate($id, $regenerateUUIDs=false) { if ($this->request->is('get') && $this->_isRest()) { return $this->RestResponse->describe('Events', 'populate', false, $this->response->type()); @@ -2562,15 +2660,31 @@ class EventsController extends AppController } if ($this->request->is('post') || $this->request->is('put')) { if (isset($this->request->data['Event'])) { + $regenerateUUIDs = $this->request->data['Event']['regenerate_uuids'] ?? false; $this->request->data = $this->request->data['Event']; } if (isset($this->request->data['json'])) { $this->request->data = $this->_jsonDecode($this->request->data['json']); } + if (isset($this->request->data['Event'])) { + $this->request->data = $this->request->data['Event']; + } $eventToSave = $event; $capturedObjects = ['Attribute', 'Object', 'Tag', 'Galaxy', 'EventReport']; foreach ($capturedObjects as $objectType) { if (!empty($this->request->data[$objectType])) { + if (!empty($regenerateUUIDs)) { + foreach ($this->request->data[$objectType] as $i => $obj) { + unset($this->request->data[$objectType][$i]['id']); + unset($this->request->data[$objectType][$i]['uuid']); + if ($objectType === 'Object' && !empty($this->request->data[$objectType][$i]['Attribute'])) { + foreach ($this->request->data[$objectType][$i]['Attribute'] as $j => $attr) { + unset($this->request->data[$objectType][$i]['Attribute'][$j]['id']); + unset($this->request->data[$objectType][$i]['Attribute'][$j]['uuid']); + } + } + } + } $eventToSave['Event'][$objectType] = $this->request->data[$objectType]; } } @@ -3494,6 +3608,7 @@ class EventsController extends AppController 'category' => 'External analysis', 'uuid' => CakeText::uuid(), 'type' => 'attachment', + 'sharing_group_id' => '0', 'value' => $this->data['Event']['submittedioc']['name'], 'to_ids' => false, 'distribution' => $dist, @@ -3508,7 +3623,7 @@ class EventsController extends AppController $fieldList = array( 'Event' => array('published', 'timestamp'), - 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'distribution', 'timestamp', 'comment') + 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'distribution', 'timestamp', 'comment', 'sharing_group_id') ); // Save it all $saveResult = $this->Event->saveAssociated($saveEvent, array('validate' => true, 'fieldList' => $fieldList)); @@ -3985,6 +4100,7 @@ class EventsController extends AppController $this->set('mayModify', $this->__canModifyEvent($event)); $this->set('typeDefinitions', $this->Event->Attribute->typeDefinitions); $this->set('typeCategoryMapping', $typeCategoryMapping); + $this->set('defaultAttributeDistribution', $this->Event->Attribute->defaultDistribution()); $this->set('resultArray', $resultArray); $this->set('importComment', ''); $this->set('title_for_layout', __('Freetext Import Results')); @@ -4290,7 +4406,7 @@ class EventsController extends AppController ), 'bro' => array( 'url' => $this->baseurl . '/attributes/bro/download/all/false/' . $id, - // 'url' => '/attributes/restSearch/returnFormat:bro/published:1||0/eventid:' . $id, + // 'url' => $this->baseurl . '/attributes/restSearch/returnFormat:bro/published:1||0/eventid:' . $id, 'text' => __('Bro rules'), 'requiresPublished' => false, 'checkbox' => false, @@ -4396,12 +4512,12 @@ class EventsController extends AppController ), 'STIX' => array( 'url' => $this->baseurl . '/events/upload_stix', - 'text' => __('STIX 1.1.1 format (lossy)'), + 'text' => __('STIX 1.x format (lossy)'), 'ajax' => false, ), 'STIX2' => array( 'url' => $this->baseurl . '/events/upload_stix/2', - 'text' => __('STIX 2.0 format (lossy)'), + 'text' => __('STIX 2.x format (lossy)'), 'ajax' => false, ) ); @@ -5094,42 +5210,82 @@ class EventsController extends AppController $this->render('index'); } - // expects an attribute ID and the module to be used - public function queryEnrichment($attribute_id, $module = false, $type = 'Enrichment') + // expects a model ID, model type, the module to be used (optional) and the type of enrichment (optional) + public function queryEnrichment($id, $module = false, $type = 'Enrichment', $model = 'Attribute') { if (!Configure::read('Plugin.' . $type . '_services_enable')) { throw new MethodNotAllowedException(__('%s services are not enabled.', $type)); } - $attribute = $this->Event->Attribute->fetchAttributes($this->Auth->user(), [ - 'conditions' => [ - 'Attribute.id' => $attribute_id - ], - 'flatten' => 1, - 'includeEventTags' => 1, - 'contain' => ['Event' => ['fields' => ['distribution', 'sharing_group_id']]], - ]); - if (empty($attribute)) { - throw new MethodNotAllowedException(__('Attribute not found or you are not authorised to see it.')); + + if (!in_array($model, array('Attribute', 'ShadowAttribute', 'Object', 'Event'))) { + throw new MethodNotAllowedException(__('Invalid model.')); } + $this->loadModel('Module'); $enabledModules = $this->Module->getEnabledModules($this->Auth->user(), false, $type); + if (!is_array($enabledModules) || empty($enabledModules)) { - throw new MethodNotAllowedException(__('No valid %s options found for this attribute.', $type)); + throw new MethodNotAllowedException(__('No valid %s options found for this %s.', $type, strtolower($model))); } + + if ($model === 'Attribute' || $model === 'ShadowAttribute') { + $attribute = $this->Event->Attribute->fetchAttributes($this->Auth->user(), [ + 'conditions' => [ + 'Attribute.id' => $id + ], + 'flatten' => 1, + 'includeEventTags' => 1, + 'contain' => ['Event' => ['fields' => ['distribution', 'sharing_group_id']]], + ]); + if (empty($attribute)) { + throw new MethodNotAllowedException(__('Attribute not found or you are not authorised to see it.')); + } + } + + if ($model === 'Object') { + $object = $this->Event->Object->fetchObjects($this->Auth->user(), [ + 'conditions' => [ + 'Object.id' => $id + ], + 'flatten' => 1, + 'includeEventTags' => 1, + 'contain' => ['Event' => ['fields' => ['distribution', 'sharing_group_id']]], + ]); + if (empty($object)) { + throw new MethodNotAllowedException(__('Object not found or you are not authorised to see it.')); + } + } + if ($this->request->is('ajax')) { - $modules = array(); - foreach ($enabledModules['modules'] as $module) { - if (in_array($attribute[0]['Attribute']['type'], $module['mispattributes']['input'])) { - $modules[] = array('name' => $module['name'], 'description' => $module['meta']['description']); + $modules = []; + + if ($model === 'Attribute' || $model === 'ShadowAttribute') { + foreach ($enabledModules['modules'] as $module) { + if (in_array($attribute[0]['Attribute']['type'], $module['mispattributes']['input'])) { + $modules[] = array('name' => $module['name'], 'description' => $module['meta']['description']); + } } } - foreach (array('attribute_id', 'modules') as $viewVar) { - $this->set($viewVar, $$viewVar); + + if ($model === 'Object') { + foreach ($enabledModules['modules'] as $module) { + if ( + in_array($object[0]['Object']['name'], $module['mispattributes']['input']) || + in_array($object[0]['Object']['uuid'], $module['mispattributes']['input']) + ) { + $modules[] = array('name' => $module['name'], 'description' => $module['meta']['description']); + } + } } + + $this->set('id', $id); + $this->set('modules', $modules); $this->set('type', $type); + $this->set('model', $model); $this->render('ajax/enrichmentChoice'); } else { - $options = array(); + $options = []; + $format = 'simplified'; foreach ($enabledModules['modules'] as $temp) { if ($temp['name'] == $module) { $format = !empty($temp['mispattributes']['format']) ? $temp['mispattributes']['format'] : 'simplified'; @@ -5151,7 +5307,13 @@ class EventsController extends AppController $this->set('title_for_layout', __('Enrichment Results')); $this->set('title', __('Enrichment Results')); if ($format == 'misp_standard') { - $this->__queryEnrichment($attribute, $module, $options, $type); + if ($model === 'Attribute' || $model === 'ShadowAttribute') { + $this->__queryEnrichment($attribute, $module, $options, $type); + } + + if ($model === 'Object') { + $this->__queryObjectEnrichment($object, $module, $options, $type); + } } else { $this->__queryOldEnrichment($attribute, $module, $options, $type); } @@ -5205,6 +5367,57 @@ class EventsController extends AppController } } + private function __queryObjectEnrichment($object, $module, $options, $type) + { + $object[0]['Object']['Attribute'] = $object[0]['Attribute']; + foreach($object[0]['Object']['Attribute'] as &$attribute) { + if ($this->Event->Attribute->typeIsAttachment($attribute['type'])) { + $attribute['data'] = $this->Event->Attribute->base64EncodeAttachment($attribute); + } + } + + $event_id = $object[0]['Event']['id']; + $data = array('module' => $module, 'object' => $object[0]['Object'], 'event_id' => $event_id); + if (!empty($options)) { + $data['config'] = $options; + } + $result = $this->Module->queryModuleServer($data, false, $type, false, $object[0]); + if (!$result) { + throw new InternalErrorException(__('%s service not reachable.', $type)); + } + if (isset($result['error'])) { + $this->Flash->error($result['error']); + } + if (!is_array($result)) { + throw new Exception($result); + } + $event = $this->Event->handleMispFormatFromModuleResult($result); + if (empty($event['Attribute']) && empty($event['Object'])) { + throw new NotImplementedException(__('No Attribute or Object returned by the module.')); + } else { + $importComment = !empty($result['comment']) ? $result['comment'] : $object[0]['Object']['value'] . __(': Enriched via the ') . $module . ($type != 'Enrichment' ? ' ' . $type : '') . ' module'; + $this->set('importComment', $importComment); + $event['Event'] = $object[0]['Event']; + $org_name = $this->Event->Orgc->find('first', array( + 'conditions' => array('Orgc.id' => $event['Event']['orgc_id']), + 'fields' => array('Orgc.name') + )); + $event['Event']['orgc_name'] = $org_name['Orgc']['name']; + if ($attribute[0]['Object']['id']) { + $object_id = $attribute[0]['Object']['id']; + $initial_object = $this->Event->fetchInitialObject($event_id, $object_id); + if (!empty($initial_object)) { + $event['initialObject'] = $initial_object; + } + } + $this->set('event', $event); + $this->set('menuItem', 'enrichmentResults'); + $this->set('title_for_layout', __('Enrichment Results')); + $this->set('title', __('Enrichment Results')); + $this->render('resolved_misp_format'); + } + } + private function __queryOldEnrichment($attribute, $module, $options, $type) { $data = array('module' => $module, $attribute[0]['Attribute']['type'] => $attribute[0]['Attribute']['value'], 'event_id' => $attribute[0]['Attribute']['event_id'], 'attribute_uuid' => $attribute[0]['Attribute']['uuid']); @@ -5258,6 +5471,7 @@ class EventsController extends AppController $this->set('resultArray', $resultArray); $this->set('typeDefinitions', $this->Event->Attribute->typeDefinitions); $this->set('typeCategoryMapping', $typeCategoryMapping); + $this->set('defaultAttributeDistribution', $this->Event->Attribute->defaultDistribution()); $this->set('importComment', $importComment); $this->render('resolved_attributes'); } @@ -5292,7 +5506,7 @@ class EventsController extends AppController } } - public function importModule($module, $eventId) + public function importModule($moduleName, $eventId) { $event = $this->Event->fetchSimpleEvent($this->Auth->user(), $eventId); if (!$event) { @@ -5302,8 +5516,7 @@ class EventsController extends AppController $eventId = $event['Event']['id']; $this->loadModel('Module'); - $moduleName = $module; - $module = $this->Module->getEnabledModule($module, 'Import'); + $module = $this->Module->getEnabledModule($moduleName, 'Import'); if (!is_array($module)) { throw new MethodNotAllowedException($module); } @@ -5311,10 +5524,11 @@ class EventsController extends AppController $module['mispattributes']['inputSource'] = array('paste'); } if ($this->request->is('post')) { + $requestData = $this->request->data['Event']; $fail = false; $modulePayload = array( - 'module' => $module['name'], - 'event_id' => $eventId, + 'module' => $module['name'], + 'event_id' => $eventId, ); if (isset($module['meta']['config'])) { foreach ($module['meta']['config'] as $conf) { @@ -5322,11 +5536,11 @@ class EventsController extends AppController } } if ($moduleName === 'csvimport') { - if (empty($this->request->data['Event']['config']['header']) && $this->request->data['Event']['config']['has_header'] === '1') { - $this->request->data['Event']['config']['header'] = ' '; + if (empty($requestData['config']['header']) && $requestData['config']['has_header'] === '1') { + $requestData['config']['header'] = ' '; } - if (empty($this->request->data['Event']['config']['special_delimiter'])) { - $this->request->data['Event']['config']['special_delimiter'] = ' '; + if (empty($requestData['config']['special_delimiter'])) { + $requestData['config']['special_delimiter'] = ' '; } } if (isset($module['mispattributes']['userConfig'])) { @@ -5337,18 +5551,19 @@ class EventsController extends AppController $validation = true; } } else { - $validation = call_user_func_array(array($this->Module, $this->Module->configTypes[$config['type']]['validation']), array($this->request->data['Event']['config'][$configName])); + $validationMethod = Module::CONFIG_TYPES[$config['type']]['validation']; + $validation = $this->Module->{$validationMethod}($requestData['config'][$configName]); } if ($validation !== true) { $fail = ucfirst($configName) . ': ' . $validation; } else { if (isset($config['regex']) && !empty($config['regex'])) { - $fail = preg_match($config['regex'], $this->request->data['Event']['config'][$configName]) ? false : ucfirst($configName) . ': ' . 'Invalid setting' . ($config['errorMessage'] ? ' - ' . $config['errorMessage'] : ''); + $fail = preg_match($config['regex'], $requestData['config'][$configName]) ? false : ucfirst($configName) . ': ' . 'Invalid setting' . ($config['errorMessage'] ? ' - ' . $config['errorMessage'] : ''); if (!empty($fail)) { - $modulePayload['config'][$configName] = $this->request->data['Event']['config'][$configName]; + $modulePayload['config'][$configName] = $requestData['config'][$configName]; } } else { - $modulePayload['config'][$configName] = $this->request->data['Event']['config'][$configName]; + $modulePayload['config'][$configName] = $requestData['config'][$configName]; } } } @@ -5356,31 +5571,29 @@ class EventsController extends AppController } if (!$fail) { if (!empty($module['mispattributes']['inputSource'])) { - if (!isset($this->request->data['Event']['source'])) { + if (!isset($requestData['source'])) { if (in_array('paste', $module['mispattributes']['inputSource'])) { - $this->request->data['Event']['source'] = '0'; + $requestData['source'] = '0'; } else { - $this->request->data['Event']['source'] = '1'; + $requestData['source'] = '1'; } } - if ($this->request->data['Event']['source'] == '1') { - if (isset($this->request->data['Event']['data'])) { - $modulePayload['data'] = base64_decode($this->request->data['Event']['data']); - } elseif (!isset($this->request->data['Event']['fileupload']) || empty($this->request->data['Event']['fileupload'])) { - $fail = 'Invalid file upload.'; + if ($requestData['source'] == '1') { + if (isset($requestData['data'])) { + $modulePayload['data'] = base64_decode($requestData['data']); + } elseif (empty($requestData['fileupload'])) { + $fail = __('Invalid file upload.'); } else { - $fileupload = $this->request->data['Event']['fileupload']; - $tmpfile = new File($fileupload['tmp_name']); - if ((isset($fileupload['error']) && $fileupload['error'] == 0) || (!empty($fileupload['tmp_name']) && $fileupload['tmp_name'] != 'none') && is_uploaded_file($tmpfile->path)) { + $fileupload = $requestData['fileupload']; + if ((isset($fileupload['error']) && $fileupload['error'] == 0) || (!empty($fileupload['tmp_name']) && $fileupload['tmp_name'] != 'none') && is_uploaded_file($fileupload['tmp_name'])) { $filename = basename($fileupload['name']); - App::uses('FileAccessTool', 'Tools'); - $modulePayload['data'] = FileAccessTool::readFromFile($fileupload['tmp_name'], $fileupload['size']); + $modulePayload['data'] = FileAccessTool::readAndDelete($fileupload['tmp_name']); } else { - $fail = 'Invalid file upload.'; + $fail = __('Invalid file upload.'); } } } else { - $modulePayload['data'] = $this->request->data['Event']['paste']; + $modulePayload['data'] = $requestData['paste']; } } else { $modulePayload['data'] = ''; @@ -5402,13 +5615,13 @@ class EventsController extends AppController } $importComment = !empty($result['comment']) ? $result['comment'] : 'Enriched via the ' . $module['name'] . ' module'; if (!empty($module['mispattributes']['format']) && $module['mispattributes']['format'] === 'misp_standard') { - $event = $this->Event->handleMispFormatFromModuleResult($result); - $event['Event'] = array('id' => $eventId); + $resolvedEvent = $this->Event->handleMispFormatFromModuleResult($result); + $resolvedEvent['Event'] = $event['Event']; if ($this->_isRest()) { - $this->Event->processModuleResultsDataRouter($this->Auth->user(), $event, $eventId, $importComment); - return $this->RestResponse->viewData($event, $this->response->type()); + $this->Event->processModuleResultsDataRouter($this->Auth->user(), $resolvedEvent, $eventId, $importComment); + return $this->RestResponse->viewData($resolvedEvent, $this->response->type()); } - $this->set('event', $event); + $this->set('event', $resolvedEvent); $this->set('menuItem', 'importResults'); $render_name = 'resolved_misp_format'; } else { @@ -5433,15 +5646,13 @@ class EventsController extends AppController $this->set('resultArray', $resultArray); $this->set('typeDefinitions', $this->Event->Attribute->typeDefinitions); $this->set('typeCategoryMapping', $typeCategoryMapping); + $this->set('defaultAttributeDistribution', $this->Event->Attribute->defaultDistribution()); $render_name = 'resolved_attributes'; } - $distributions = $this->Event->Attribute->distributionLevels; - $sgs = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', 1); - if (empty($sgs)) { - unset($distributions[4]); - } - $this->set('distributions', $distributions); - $this->set('sgs', $sgs); + + $distributionData = $this->Event->Attribute->fetchDistributionData($this->Auth->user()); + $this->set('distributions', $distributionData['levels']); + $this->set('sgs', $distributionData['sgs']); $this->set('title', __('Import Results')); $this->set('title_for_layout', __('Import Results')); $this->set('importComment', $importComment); @@ -5452,7 +5663,7 @@ class EventsController extends AppController $this->Flash->error($fail); } } - $this->set('configTypes', $this->Module->configTypes); + $this->set('configTypes', Module::CONFIG_TYPES); $this->set('module', $module); $this->set('eventId', $eventId); $this->set('event', $event); @@ -6217,4 +6428,31 @@ class EventsController extends AppController $this->render('/genericTemplates/confirm'); } } + + /** + * @param array $event + * @return void + */ + private function __setHighlightedTags($event) + { + $this->loadModel('Taxonomy'); + $highlightedTags = $this->Taxonomy->getHighlightedTags($this->Taxonomy->getHighlightedTaxonomies(), $event['EventTag']); + $this->set('highlightedTags', $highlightedTags); + } + + /** + * + * @param array $events + * @return array + */ + private function __attachHighlightedTagsToEvents($events) + { + $this->loadModel('Taxonomy'); + $highlightedTaxonomies = $this->Taxonomy->getHighlightedTaxonomies(); + foreach ($events as $k => $event) { + $events[$k]['Event']['highlightedTags'] = $this->Taxonomy->getHighlightedTags($highlightedTaxonomies, $event['EventTag']); + } + + return $events; + } } diff --git a/app/Controller/FeedsController.php b/app/Controller/FeedsController.php index b7764d5fa..5eafbf435 100644 --- a/app/Controller/FeedsController.php +++ b/app/Controller/FeedsController.php @@ -311,6 +311,7 @@ class FeedsController extends AppController ]; $this->set('allAttributeTypes', $allTypes['attribute']); $this->set('allObjectTypes', $allTypes['object']); + $this->set('supportedUrlparams', Feed::SUPPORTED_URL_PARAM_FILTERS); $this->set(compact('dropdownData')); $this->set('defaultPullRules', json_encode(Feed::DEFAULT_FEED_PULL_RULES)); $this->set('menuData', array('menuList' => 'feeds', 'menuItem' => 'add')); diff --git a/app/Controller/GalaxiesController.php b/app/Controller/GalaxiesController.php index 42898630c..58fb77eed 100644 --- a/app/Controller/GalaxiesController.php +++ b/app/Controller/GalaxiesController.php @@ -22,8 +22,16 @@ class GalaxiesController extends AppController public function index() { $aclConditions = array(); - $filters = $this->IndexFilter->harvestParameters(array('value', 'enabled')); - $searchConditions = array(); + $filterData = array( + 'request' => $this->request, + 'named_params' => $this->params['named'], + 'paramArray' => ['value', 'enabled'], + 'ordered_url_params' => [], + 'additional_delimiters' => PHP_EOL + ); + $exception = false; + $filters = $this->_harvestParameters($filterData, $exception); + $searchConditions = []; if (empty($filters['value'])) { $filters['value'] = ''; } else { @@ -220,14 +228,15 @@ class GalaxiesController extends AppController } else { $data = $this->request->data['Galaxy']; $text = FileAccessTool::getTempUploadedFile($data['submittedjson'], $data['json']); - $clusters = json_decode($text, true); - if ($clusters === null) { - throw new MethodNotAllowedException(__('Error while decoding JSON')); + try { + $clusters = JsonTool::decodeArray($text); + } catch (Exception $e) { + throw new BadRequestException(__('Error while decoding JSON')); } } $saveResult = $this->Galaxy->importGalaxyAndClusters($this->Auth->user(), $clusters); if ($saveResult['success']) { - $message = sprintf(__('Galaxy clusters imported. %s imported, %s ignored, %s failed. %s'), $saveResult['imported'], $saveResult['ignored'], $saveResult['failed'], !empty($saveResult['errors']) ? implode(', ', $saveResult['errors']) : ''); + $message = __('Galaxy clusters imported. %s imported, %s ignored, %s failed. %s', $saveResult['imported'], $saveResult['ignored'], $saveResult['failed'], !empty($saveResult['errors']) ? implode(', ', $saveResult['errors']) : ''); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('Galaxy', 'import', false, $this->response->type(), $message); } else { @@ -235,7 +244,7 @@ class GalaxiesController extends AppController $this->redirect(array('controller' => 'galaxies', 'action' => 'index')); } } else { - $message = sprintf(__('Could not import galaxy clusters. %s imported, %s ignored, %s failed. %s'), $saveResult['imported'], $saveResult['ignored'], $saveResult['failed'], !empty($saveResult['errors']) ? implode(', ', $saveResult['errors']) : ''); + $message = __('Could not import galaxy clusters. %s imported, %s ignored, %s failed. %s', $saveResult['imported'], $saveResult['ignored'], $saveResult['failed'], !empty($saveResult['errors']) ? implode(', ', $saveResult['errors']) : ''); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Galaxy', 'import', false, $message); } else { @@ -525,7 +534,7 @@ class GalaxiesController extends AppController } } - $result = $this->Galaxy->attachCluster($user, $target_type, $target_id, $cluster_id, $local); + $result = $this->Galaxy->attachCluster($user, $target_type, $target, $cluster_id, $local); return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $result, 'check_publish' => true)), 'status'=>200, 'type' => 'json')); } diff --git a/app/Controller/GalaxyClustersController.php b/app/Controller/GalaxyClustersController.php index 52d5721e7..0a6c5e29f 100644 --- a/app/Controller/GalaxyClustersController.php +++ b/app/Controller/GalaxyClustersController.php @@ -37,7 +37,8 @@ class GalaxyClustersController extends AppController public function index($galaxyId) { - $filters = $this->IndexFilter->harvestParameters(array('context', 'searchall')); + $galaxyId = $this->Toolbox->findIdByUuid($this->GalaxyCluster->Galaxy, $galaxyId); + $filters = $this->_harvestParameters(array('context', 'searchall')); $aclConditions = $this->GalaxyCluster->buildConditions($this->Auth->user()); $contextConditions = array(); if (empty($filters['context'])) { @@ -47,7 +48,7 @@ class GalaxyClustersController extends AppController } if ($filters['context'] == 'default') { - $contextConditions['GalaxyCluster.default'] = true; + $contextConditions['GalaxyCluster.default'] = true; } elseif ($filters['context'] == 'custom') { $contextConditions['GalaxyCluster.default'] = false; } elseif ($filters['context'] == 'org') { @@ -146,9 +147,8 @@ class GalaxyClustersController extends AppController 'GalaxyCluster.default' => 0, ] ]); - $this->loadModel('Attribute'); - $distributionLevels = $this->Attribute->distributionLevels; - unset($distributionLevels[5]); + $this->loadModel('Event'); + $distributionLevels = $this->Event->shortDist; $this->set('distributionLevels', $distributionLevels); $this->set('list', $clusters); $this->set('galaxy_id', $galaxyId); diff --git a/app/Controller/GalaxyElementsController.php b/app/Controller/GalaxyElementsController.php index c529a19a6..c09c80fcf 100644 --- a/app/Controller/GalaxyElementsController.php +++ b/app/Controller/GalaxyElementsController.php @@ -1,6 +1,9 @@ _closeSession(); $filters = $this->IndexFilter->harvestParameters(array('context', 'searchall')); - $aclConditions = $this->GalaxyElement->buildClusterConditions($this->Auth->user(), $clusterId); + $aclConditions = $this->GalaxyElement->buildClusterConditions($user, $clusterId); if (empty($filters['context'])) { $filters['context'] = 'all'; } @@ -44,18 +48,15 @@ class GalaxyElementsController extends AppController 'context' => $filters['context'], 'searchall' => isset($filters['searchall']) ? $filters['searchall'] : '' ])); - $cluster = $this->GalaxyElement->GalaxyCluster->fetchIfAuthorized($this->Auth->user(), $clusterId, array('edit', 'delete'), false, false); + $cluster = $this->GalaxyElement->GalaxyCluster->fetchIfAuthorized($user, $clusterId, array('edit', 'delete'), false, false); $canModify = !empty($cluster['authorized']); - $canModify = true; $this->set('canModify', $canModify); - if ($filters['context'] == 'JSONView') { + if ($filters['context'] === 'JSONView') { $expanded = $this->GalaxyElement->getExpandedJSONFromElements($elements); $this->set('JSONElements', $expanded); } - if ($this->request->is('ajax')) { - $this->layout = false; - $this->render('ajax/index'); - } + $this->layout = false; + $this->render('ajax/index'); } public function delete($elementId) diff --git a/app/Controller/LogsController.php b/app/Controller/LogsController.php index 13ee4c3de..b86db15cb 100644 --- a/app/Controller/LogsController.php +++ b/app/Controller/LogsController.php @@ -1,7 +1,9 @@ request->params['action']) { + if ('admin_search' === $this->request->params['action']) { $this->Security->csrfCheck = false; } } - public function admin_index() + public function index() { $paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip'); $filterData = array( 'request' => $this->request, - 'named_params' => $this->params['named'], + 'named_params' => $this->request->params['named'], 'paramArray' => $paramArray, 'ordered_url_params' => func_get_args() ); $exception = false; $filters = $this->_harvestParameters($filterData, $exception); unset($filterData); + if ($this->_isRest()) { if ($filters === false) { return $exception; @@ -71,8 +74,14 @@ class LogsController extends AppController } } if (!$this->_isSiteAdmin()) { - $orgRestriction = $this->Auth->user('Organisation')['name']; - $conditions['AND']['Log.org'] = $orgRestriction; + if ($this->_isAdmin()) { + // ORG admins can see their own org info + $orgRestriction = $this->Auth->user('Organisation')['name']; + $conditions['Log.org'] = $orgRestriction; + } else { + // users can see their own info + $conditions['Log.user_id'] = $this->Auth->user('id'); + } } $params = array( 'conditions' => $conditions, @@ -86,30 +95,42 @@ class LogsController extends AppController } $log_entries = $this->Log->find('all', $params); return $this->RestResponse->viewData($log_entries, 'json'); - } else { - $this->set('isSearch', 0); - $this->recursive = 0; - $validFilters = $this->Log->logMeta; - if (!$this->_isSiteAdmin()) { - $orgRestriction = $this->Auth->user('Organisation')['name']; - $conditions['Log.org'] = $orgRestriction; - $this->paginate['conditions'] = $conditions; - } else { - $validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin); - } - if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) { - $this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values']; - } - foreach ($filters as $key => $value) { - if ($key === 'created') { - $key = 'created >='; - } - $this->paginate['conditions']["Log.$key"] = $value; - } - $this->set('validFilters', $validFilters); - $this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false); - $this->set('list', $this->paginate()); } + + $this->set('isSearch', 0); + $this->recursive = 0; + $validFilters = $this->Log->logMeta; + if ($this->_isSiteAdmin()) { + $validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin); + } + else if (!$this->_isSiteAdmin() && $this->_isAdmin()) { + // ORG admins can see their own org info + $orgRestriction = $this->Auth->user('Organisation')['name']; + $conditions['Log.org'] = $orgRestriction; + $this->paginate['conditions'] = $conditions; + } else { + // users can see their own info + $conditions['Log.email'] = $this->Auth->user('email'); + $this->paginate['conditions'] = $conditions; + } + if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) { + $this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values']; + } + foreach ($filters as $key => $value) { + if ($key === 'created') { + $key = 'created >='; + } + $this->paginate['conditions']["Log.$key"] = $value; + } + $this->set('validFilters', $validFilters); + $this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false); + $this->set('list', $this->paginate()); + } + + public function admin_index() + { + $this->view = 'index'; + return $this->index(); } // Shows a minimalistic history for the currently selected event @@ -313,7 +334,7 @@ class LogsController extends AppController } // set the same view as the index page - $this->render('admin_index'); + $this->render('index'); } } else { // get from Session @@ -356,7 +377,7 @@ class LogsController extends AppController $this->set('list', $list); // set the same view as the index page - $this->render('admin_index'); + $this->render('index'); } } else { // no search keyword is given, show the search form diff --git a/app/Controller/NewsController.php b/app/Controller/NewsController.php index e7ce8c257..f4df8cbd2 100755 --- a/app/Controller/NewsController.php +++ b/app/Controller/NewsController.php @@ -1,6 +1,9 @@ 5, 'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page. - 'order' => array( + 'order' => [ 'News.id' => 'DESC' - ), + ], + 'contain' => [ + 'User' => ['fields' => ['User.email']], + ] ); public function index() { - $this->paginate['contain'] = array('User' => array('fields' => array('User.email'))); + $user = $this->Auth->user(); $newsItems = $this->paginate(); - $newsread = $this->Auth->user('newsread'); - foreach ($newsItems as $key => $item) { - if ($item['News']['date_created'] > $newsread) { - $newsItems[$key]['News']['new'] = true; - } else { - $newsItems[$key]['News']['new'] = false; + $newsread = $user['newsread']; + $hasUnreadNews = false; + foreach ($newsItems as &$item) { + $isNew = $item['News']['date_created'] > $newsread; + $item['News']['new'] = $isNew; + if ($isNew) { + $hasUnreadNews = true; } } $this->set('newsItems', $newsItems); + $this->set('hasUnreadNews', $hasUnreadNews); - $this->loadModel('User'); - $this->User->updateField($this->Auth->user(), 'newsread', time()); + if ($hasUnreadNews) { + $homepage = $this->User->UserSetting->getValueForUser($user['id'], 'homepage'); + if (!empty($homepage)) { + $this->set('homepage', $homepage); + } else { + $this->set('homepage', "{$this->baseurl}/events/index"); + } + + $this->User->updateField($user, 'newsread', time()); + } + } + + public function admin_index() + { + $user = $this->Auth->user(); + $this->paginate['limit'] = 25; + $newsItems = $this->paginate(); + + $this->set('newsItems', $newsItems); + $this->set('user', $user); } public function add() @@ -74,7 +100,6 @@ class NewsController extends AppController public function delete($id) { - $this->defaultModel = 'News'; $this->CRUD->delete($id); if ($this->IndexFilter->isRest()) { return $this->restResponsePayload; diff --git a/app/Controller/ObjectTemplatesController.php b/app/Controller/ObjectTemplatesController.php index f1f52f338..f536b978b 100644 --- a/app/Controller/ObjectTemplatesController.php +++ b/app/Controller/ObjectTemplatesController.php @@ -22,9 +22,10 @@ class ObjectTemplatesController extends AppController public function beforeFilter() { parent::beforeFilter(); - if (in_array($this->request->action, ['objectMetaChoice', 'objectChoice'], true)) { + if (in_array($this->request->action, ['objectMetaChoice', 'objectChoice', 'possibleObjectTemplates'], true)) { $this->Security->doNotGenerateToken = true; } + $this->Security->unlockedActions[] = 'possibleObjectTemplates'; } public function objectMetaChoice($eventId) @@ -162,16 +163,6 @@ class ObjectTemplatesController extends AppController $this->redirect($this->referer()); } - public function viewElements($id, $context = 'all') - { - $elements = $this->ObjectTemplate->ObjectTemplateElement->find('all', array( - 'conditions' => array('ObjectTemplateElement.object_template_id' => $id) - )); - $this->set('list', $elements); - $this->layout = false; - $this->render('ajax/view_elements'); - } - public function index($all = false) { $passedArgsArray = array(); @@ -183,11 +174,12 @@ class ObjectTemplatesController extends AppController $this->set('all', true); } if (!empty($this->params['named']['searchall'])) { + $searchTerm = '%' . strtolower($this->request->params['named']['searchall']) . '%'; $this->paginate['conditions']['AND']['OR'] = array( - 'ObjectTemplate.uuid LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%', - 'LOWER(ObjectTemplate.name) LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%', - 'ObjectTemplate.meta-category LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%', - 'LOWER(ObjectTemplate.description) LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%' + 'ObjectTemplate.uuid LIKE' => $searchTerm, + 'LOWER(ObjectTemplate.name) LIKE' => $searchTerm, + 'ObjectTemplate.meta-category LIKE' => $searchTerm, + 'LOWER(ObjectTemplate.description) LIKE' => $searchTerm, ); } if ($this->_isRest()) { @@ -196,11 +188,11 @@ class ObjectTemplatesController extends AppController unset($rules['order']); $objectTemplates = $this->ObjectTemplate->find('all', $rules); return $this->RestResponse->viewData($objectTemplates, $this->response->type()); - } else { - $this->paginate['order'] = array('ObjectTemplate.name' => 'ASC'); - $objectTemplates = $this->paginate(); - $this->set('list', $objectTemplates); } + + $this->paginate['order'] = array('ObjectTemplate.name' => 'ASC'); + $objectTemplates = $this->paginate(); + $this->set('list', $objectTemplates); $this->set('passedArgs', json_encode($passedArgs)); $this->set('passedArgsArray', $passedArgsArray); } @@ -315,4 +307,28 @@ class ObjectTemplatesController extends AppController } return $this->RestResponse->viewData($template, $this->response->type()); } + + public function possibleObjectTemplates() + { + session_abort(); + $this->request->allowMethod(['post']); + + $attributeTypes = $this->request->data['attributeTypes']; + $templates = $this->ObjectTemplate->fetchPossibleTemplatesBasedOnTypes($attributeTypes)['templates']; + + $results = []; + foreach ($templates as $template) { + $template = $template['ObjectTemplate']; + if ($template['compatibility'] === true && empty($template['invalidTypes'])) { + $results[] = [ + 'id' => $template['id'], + 'name' => $template['name'], + 'description' => $template['description'], + 'meta-category' => $template['meta-category'], + ]; + } + } + + return $this->RestResponse->viewData($results, 'json'); + } } diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php index b5faafaa5..c58aca671 100644 --- a/app/Controller/ObjectsController.php +++ b/app/Controller/ObjectsController.php @@ -60,33 +60,6 @@ class ObjectsController extends AppController $sgs = $this->MispObject->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', false, array_keys($sharing_groups)); $this->set('sharing_groups', $sgs); } - $multiple_template_elements = Hash::extract($template['ObjectTemplateElement'], sprintf('{n}[multiple=true]')); - $multiple_attribute_allowed = array(); - foreach ($multiple_template_elements as $template_element) { - $relation_type = $template_element['object_relation'] . ':' . $template_element['type']; - $multiple_attribute_allowed[$relation_type] = true; - } - $this->set('multiple_attribute_allowed', $multiple_attribute_allowed); - // try to fetch similar objects - $cur_attrs = Hash::extract($this->request->data, 'Attribute.{n}.value'); - $conditions = array( - 'event_id' => $event_id, - 'value1' => $cur_attrs, - 'object_id !=' => '0' - ); - $similar_objects = $this->MispObject->Attribute->find('all', array( - 'conditions' => $conditions, - 'recursive' => -1, - 'fields' => 'object_id, count(object_id) as similarity_amount', - 'group' => 'object_id', - 'order' => 'similarity_amount DESC' - )); - $similar_object_ids = array(); - $similar_object_similarity_amount = array(); - foreach ($similar_objects as $obj) { - $similar_object_ids[] = $obj['Attribute']['object_id']; - $similar_object_similarity_amount[$obj['Attribute']['object_id']] = $obj[0]['similarity_amount']; - } if (isset($this->request->data['Attribute'])) { foreach ($this->request->data['Attribute'] as &$attribute) { @@ -113,33 +86,35 @@ class ObjectsController extends AppController 'cur_object_tmp_uuid' => $curObjectTmpUuid, 'data' => $this->request->data )); - if (!empty($similar_object_ids)) { - $this->set('similar_objects_count', count($similar_object_ids)); - $similar_object_ids = array_slice($similar_object_ids, 0, $similar_objects_display_threshold); // slice to honor the threshold - $similar_objects = $this->MispObject->fetchObjects($this->Auth->user(), array( - 'conditions' => array( - 'Object.id' => $similar_object_ids, - 'Object.template_uuid' => $template['ObjectTemplate']['uuid'] - ) - )); - foreach ($similar_objects as $key => $obj) { - $similar_objects[$key]['Object']['similarity_amount'] = $similar_object_similarity_amount[$obj['Object']['id']]; // sorting function cannot use external variables - } - usort($similar_objects, function ($a, $b) { // fetch Object returns object sorted by IDs, force the sort by the similarity amount - if ($a['Object']['similarity_amount'] == $b['Object']['similarity_amount']) { - return 0; + + if ($action === 'add') { + list($similar_objects_count, $similar_objects, $simple_flattened_attribute, $simple_flattened_attribute_noval) = $this->MispObject->findSimilarObjects( + $this->Auth->user(), + $event_id, + $this->request->data['Attribute'], + $template, + $similar_objects_display_threshold + ); + if ($similar_objects_count) { + $this->set('similar_objects_count', $similar_objects_count); + $this->set('similar_objects', $similar_objects); + $this->set('similar_objects_display_threshold', $similar_objects_display_threshold); + $this->set('simple_flattened_attribute', $simple_flattened_attribute); + $this->set('simple_flattened_attribute_noval', $simple_flattened_attribute_noval); + + $multiple_template_elements = Hash::extract($template['ObjectTemplateElement'],'{n}[multiple=true]'); + $multiple_attribute_allowed = array(); + foreach ($multiple_template_elements as $template_element) { + $relation_type = $template_element['object_relation'] . ':' . $template_element['type']; + $multiple_attribute_allowed[$relation_type] = true; } - return ($a['Object']['similarity_amount'] > $b['Object']['similarity_amount']) ? -1 : 1; - }); - $this->set('similar_objects', $similar_objects); - $this->set('similar_object_similarity_amount', $similar_object_similarity_amount); - $this->set('similar_objects_display_threshold', $similar_objects_display_threshold); + $this->set('multiple_attribute_allowed', $multiple_attribute_allowed); + } } } - /** - * Create an object using a template + * Create an object using a template * POSTing will take the input and validate it against the template * GETing will return the template */ @@ -343,10 +318,16 @@ class ObjectsController extends AppController $template = $this->MispObject->prepareTemplate($template); $element = array(); foreach ($template['ObjectTemplateElement'] as $templateElement) { - if ($templateElement['object_relation'] == $object_relation) { + if ($templateElement['object_relation'] === $object_relation) { $element = $templateElement; + break; } } + + if (empty($element)) { + throw new NotFoundException(__("Object template do not contains object relation $object_relation")); + } + $distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user()); $this->layout = false; $this->set('distributionData', $distributionData); @@ -431,7 +412,7 @@ class ObjectsController extends AppController $savedObject = array(); if (!is_numeric($objectToSave)) { $object_validation_errors = array(); - foreach($objectToSave as $field => $field_errors) { + foreach ($objectToSave as $field => $field_errors) { $object_validation_errors[] = sprintf('%s: %s', $field, implode(', ', $field_errors)); } $error_message = __('Object could not be saved.') . PHP_EOL . implode(PHP_EOL, $object_validation_errors); @@ -458,12 +439,10 @@ class ObjectsController extends AppController return $this->RestResponse->saveFailResponse('Objects', 'edit', false, $id, $this->response->type()); } } else { - $message = __('Object attributes saved.'); if ($this->request->is('ajax')) { - $this->autoRender = false; if (is_numeric($objectToSave)) { $this->MispObject->Event->unpublishEvent($event); - return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $message)), 'status'=>200, 'type' => 'json')); + return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => __('Object attributes saved.'))), 'status'=>200, 'type' => 'json')); } else { return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'errors' => $error_message)), 'status'=>200, 'type' => 'json')); } @@ -597,7 +576,7 @@ class ObjectsController extends AppController $object = $object[0]; $result = $object['Object'][$field]; if ($field === 'distribution') { - $result = $this->MispObject->shortDist[$result]; + $this->set('shortDist', $this->MispObject->Attribute->shortDist); } $this->set('value', $result); $this->set('field', $field); @@ -634,7 +613,7 @@ class ObjectsController extends AppController throw new NotFoundException(__('Invalid object')); } $this->layout = false; - if ($field == 'distribution') { + if ($field === 'distribution') { $distributionLevels = $this->MispObject->shortDist; unset($distributionLevels[4]); $this->set('distributionLevels', $distributionLevels); @@ -732,7 +711,7 @@ class ObjectsController extends AppController 'fields' => array('template_uuid', 'template_version', 'id', 'event_id'), 'flatten' => 1, 'contain' => array( - 'Event' + 'Event' => ['fields' => ['id', 'user_id', 'org_id', 'orgc_id']] ) ); // fetchObjects restrict access based on user @@ -1137,23 +1116,8 @@ class ObjectsController extends AppController $selectedAttributes = $this->_jsonDecode($selectedAttributes); $res = $this->MispObject->validObjectsFromAttributeTypes($this->Auth->user(), $eventId, $selectedAttributes); - $potentialTemplates = $res['templates']; - $attributeTypes = $res['types']; - usort($potentialTemplates, function($a, $b) { - if ($a['ObjectTemplate']['id'] == $b['ObjectTemplate']['id']) { - return 0; - } else if (is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { - return count($a['ObjectTemplate']['compatibility']) > count($b['ObjectTemplate']['compatibility']) ? 1 : -1; - } else if (is_array($a['ObjectTemplate']['compatibility']) && !is_array($b['ObjectTemplate']['compatibility'])) { - return 1; - } else if (!is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { - return -1; - } else { // sort based on invalidTypes count - return count($a['ObjectTemplate']['invalidTypes']) > count($b['ObjectTemplate']['invalidTypes']) ? 1 : -1; - } - }); - $this->set('potential_templates', $potentialTemplates); - $this->set('selected_types', $attributeTypes); + $this->set('potential_templates', $res['templates']); + $this->set('selected_types', $res['types']); $this->set('event_id', $eventId); } @@ -1230,7 +1194,8 @@ class ObjectsController extends AppController if (empty($template)) { throw new NotFoundException(__('Invalid template.')); } - $conformity_result = $this->MispObject->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $selected_attributes); + $attributeTypes = array_column(array_column($selected_attributes, 'Attribute'), 'type'); + $conformity_result = $this->MispObject->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $attributeTypes); $skipped_attributes = 0; foreach ($selected_attributes as $i => $attribute) { if (in_array($attribute['Attribute']['type'], $conformity_result['invalidTypes'], true)) { @@ -1253,8 +1218,18 @@ class ObjectsController extends AppController )); foreach ($object_references as $i => $object_reference) { - $temp_object = $this->MispObject->find('first', array('id' => $object_reference['ObjectReference']['object_id'], 'recursive' => -1)); - $temp_attribute = $this->MispObject->Attribute->find('first', array('id' => $object_reference['ObjectReference']['referenced_id'], 'recursive' => -1)); + $temp_object = $this->MispObject->find('first', [ + 'conditions' => [ + 'id' => $object_reference['ObjectReference']['object_id'] + ], + 'recursive' => -1 + ]); + $temp_attribute = $this->MispObject->Attribute->find('first', [ + 'conditions' => [ + 'id' => $object_reference['ObjectReference']['referenced_id'], + ], + 'recursive' => -1 + ]); if (!empty($temp_object) && !empty($temp_attribute)) { $temp_object = $temp_object['Object']; $temp_attribute = $temp_attribute['Attribute']; @@ -1278,6 +1253,151 @@ class ObjectsController extends AppController } } + public function createFromFreetext($eventId) + { + $this->request->allowMethod(['post']); + + $event = $this->MispObject->Event->find('first', array( + 'recursive' => -1, + 'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id', 'Event.user_id', 'Event.publish_timestamp'), + 'conditions' => array('Event.id' => $eventId) + )); + if (empty($event)) { + throw new NotFoundException(__('Invalid event.')); + } + if (!$this->__canModifyEvent($event)) { + throw new ForbiddenException(__('You do not have permission to do that.')); + } + + $requestData = $this->request->data['Object']; + $selectedTemplateId = $requestData['selectedTemplateId']; + $template = $this->MispObject->ObjectTemplate->find('first', array( + 'recursive' => -1, + 'conditions' => array( + 'ObjectTemplate.id' => $selectedTemplateId, + 'ObjectTemplate.active' => true, + ), + 'contain' => ['ObjectTemplateElement'], + )); + if (empty($template)) { + throw new NotFoundException(__('Invalid template.')); + } + + if (isset($requestData['selectedObjectRelationMapping'])) { + $distribution = $requestData['distribution']; + $sharingGroupId = $requestData['sharing_group_id'] ?? 0; + $comment = $requestData['comment']; + if ($distribution == 4) { + $sg = $this->MispObject->SharingGroup->fetchSG($sharingGroupId, $this->Auth->user()); + if (empty($sg)) { + throw new NotFoundException(__('Invalid sharing group.')); + } + } else { + $sharingGroupId = 0; + } + + $attributes = $this->_jsonDecode($requestData['attributes']); + $selectedObjectRelationMapping = $this->_jsonDecode($requestData['selectedObjectRelationMapping']); + + // Attach object relation to attributes and fix tag format + foreach ($attributes as $k => &$attribute) { + $attribute['object_relation'] = $selectedObjectRelationMapping[$k]; + if (!empty($attribute['tags'])) { + $attribute['Tag'] = []; + foreach (explode(",", $attribute['tags']) as $tagName) { + $attribute['Tag'][] = [ + 'name' => trim($tagName), + ]; + } + unset($attribute['tags']); + } + } + + $object = [ + 'Object' => [ + 'event_id' => $eventId, + 'distribution' => $distribution, + 'sharing_group_id' => $sharingGroupId, + 'comment' => $comment, + 'Attribute' => $attributes, + ], + ]; + + $object = $this->MispObject->fillObjectDataFromTemplate($object, $template); + $result = $this->MispObject->captureObject($object, $eventId, $this->Auth->user(), true, false, $event); + if ($result === true) { + return $this->RestResponse->saveSuccessResponse('Objects', 'Created from Attributes', $result, 'json'); + } else { + $error = __('Failed to create an Object from Attributes. Error: ') . PHP_EOL . h($result); + return $this->RestResponse->saveFailResponse('Objects', 'Created from Attributes', false, $error, 'json'); + } + } else { + $attributes = $this->_jsonDecode($requestData['attributes']); + + $processedAttributes = []; + foreach ($attributes as $attribute) { + if ($attribute['type'] === 'ip-src/ip-dst') { + $types = array('ip-src', 'ip-dst'); + } elseif ($attribute['type'] === 'ip-src|port/ip-dst|port') { + $types = array('ip-src|port', 'ip-dst|port'); + } else { + $types = [$attribute['type']]; + } + foreach ($types as $type) { + $attribute['type'] = $type; + $processedAttributes[] = $attribute; + } + } + + $attributeTypes = array_column($processedAttributes, 'type'); + $conformityResult = $this->MispObject->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $attributeTypes); + + if ($conformityResult['valid'] !== true || !empty($conformityResult['invalidTypes'])) { + throw new NotFoundException(__('Invalid template.')); + } + + $objectRelations = []; + foreach ($template['ObjectTemplateElement'] as $templateElement) { + $objectRelations[$templateElement['type']][] = $templateElement; + } + + // Attach first object_relation according to attribute type that will be considered as default + foreach ($processedAttributes as &$attribute) { + $attribute['object_relation'] = $objectRelations[$attribute['type']][0]['object_relation']; + } + + $distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user()); + $this->set('event', $event); + $this->set('distributionData', $distributionData); + $this->set('distributionLevels', $this->MispObject->Attribute->distributionLevels); + $this->set('template', $template); + $this->set('objectRelations', $objectRelations); + $this->set('attributes', $processedAttributes); + + list($similar_objects_count, $similar_objects, $simple_flattened_attribute, $simple_flattened_attribute_noval) = $this->MispObject->findSimilarObjects( + $this->Auth->user(), + $eventId, + $processedAttributes, + $template + ); + if ($similar_objects_count) { + $this->set('similar_objects_count', $similar_objects_count); + $this->set('similar_objects', $similar_objects); + $this->set('similar_objects_display_threshold', 15); + $this->set('simple_flattened_attribute', $simple_flattened_attribute); + $this->set('simple_flattened_attribute_noval', $simple_flattened_attribute_noval); + + $multiple_template_elements = Hash::extract($template['ObjectTemplateElement'],'{n}[multiple=true]'); + $multiple_attribute_allowed = array(); + foreach ($multiple_template_elements as $template_element) { + $relation_type = $template_element['object_relation'] . ':' . $template_element['type']; + $multiple_attribute_allowed[$relation_type] = true; + } + $this->set('multiple_attribute_allowed', $multiple_attribute_allowed); + } + } + } + private function __objectIdToConditions($id) { if (is_numeric($id)) { diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index d5ab9f747..67699cbf4 100644 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -26,7 +26,7 @@ class ServersController extends AppController 'fields' => array('RemoteOrg.name', 'RemoteOrg.id'), ), ), - 'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events + 'maxLimit' => 9999, 'order' => array( 'Server.priority' => 'ASC' ), @@ -57,6 +57,14 @@ class ServersController extends AppController unset($fields['authkey']); $fields = array_keys($fields); + $filters = $this->IndexFilter->harvestParameters(['search']); + $conditions = []; + if (!empty($filters['search'])) { + $strSearch = '%' . trim(strtolower($filters['search'])) . '%'; + $conditions['OR'][]['LOWER(Server.name) LIKE'] = $strSearch; + $conditions['OR'][]['LOWER(Server.url) LIKE'] = $strSearch; + } + if ($this->_isRest()) { $params = array( 'fields' => $fields, @@ -72,12 +80,14 @@ class ServersController extends AppController 'fields' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'), ), ), + 'conditions' => $conditions, ); $servers = $this->Server->find('all', $params); $servers = $this->Server->attachServerCacheTimestamps($servers); return $this->RestResponse->viewData($servers, $this->response->type()); } else { $this->paginate['fields'] = $fields; + $this->paginate['conditions'] = $conditions; $servers = $this->paginate(); $servers = $this->Server->attachServerCacheTimestamps($servers); $this->set('servers', $servers); @@ -905,30 +915,52 @@ class ServersController extends AppController App::uses('File', 'Utility'); App::uses('Folder', 'Utility'); App::uses('FileAccessTool', 'Tools'); + App::uses('SyncTool', 'Tools'); if (isset($server['Server'][$subm]['name'])) { if ($this->request->data['Server'][$subm]['size'] != 0) { if (!$this->Server->checkFilename($server['Server'][$subm]['name'])) { throw new Exception(__('Filename not allowed')); } - $file = new File($server['Server'][$subm]['name']); - $ext = $file->ext(); + + if (!is_uploaded_file($server['Server'][$subm]['tmp_name'])) { + throw new Exception(__('File not uploaded correctly')); + } + + $ext = pathinfo($server['Server'][$subm]['name'], PATHINFO_EXTENSION); + if (!in_array($ext, SyncTool::ALLOWED_CERT_FILE_EXTENSIONS)) { + $this->Flash->error(__('Invalid extension.')); + $this->redirect(array('action' => 'index')); + } + if (!$server['Server'][$subm]['size'] > 0) { $this->Flash->error(__('Incorrect extension or empty file.')); $this->redirect(array('action' => 'index')); } - // read pem file data - $pemData = FileAccessTool::readFromFile($server['Server'][$subm]['tmp_name'], $server['Server'][$subm]['size']); + // read certificate file data + $certData = FileAccessTool::readFromFile($server['Server'][$subm]['tmp_name'], $server['Server'][$subm]['size']); } else { return true; } } else { - $pemData = base64_decode($server['Server'][$subm]); + $ext = 'pem'; + $certData = base64_decode($server['Server'][$subm]); } + + // check if the file is a valid x509 certificate + try { + $cert = openssl_x509_parse($certData); + if (!$cert) { + throw new Exception(__('Invalid certificate.')); + } + } catch (Exception $e) { + $this->Flash->error(__('Invalid certificate.')); + $this->redirect(array('action' => 'index')); + } + $destpath = APP . "files" . DS . "certs" . DS; - $dir = new Folder(APP . "files" . DS . "certs", true); $pemfile = new File($destpath . $id . $ins . '.' . $ext); - $result = $pemfile->write($pemData); + $result = $pemfile->write($certData); $s = $this->Server->read(null, $id); $s['Server'][$attr] = $s['Server']['id'] . $ins . '.' . $ext; if ($result) { @@ -1075,6 +1107,9 @@ class ServersController extends AppController $this->set('correlation_metrics', $correlation_metrics); } if ($tab === 'files') { + if (!empty(Configure::read('Security.disable_instance_file_uploads'))) { + throw new MethodNotAllowedException(__('This functionality is disabled.')); + } $files = $this->Server->grabFiles(); $this->set('files', $files); } @@ -1624,6 +1659,9 @@ class ServersController extends AppController if (!$this->request->is('post')) { throw new MethodNotAllowedException(); } + if (!empty(Configure::read('Security.disable_instance_file_uploads'))) { + throw new MethodNotAllowedException(__('Feature disabled.')); + } $validItems = $this->Server->getFileRules(); // Check if there were problems with the file upload @@ -1685,8 +1723,9 @@ class ServersController extends AppController if (!function_exists('getallheaders')) { $headers = []; foreach ($_SERVER as $name => $value) { - if (substr($name, 0, 5) === 'HTTP_') { - $headers[strtolower(str_replace('_', '-', substr($name, 5)))] = $value; + $name = strtolower($name); + if (substr($name, 0, 5) === 'http_') { + $headers[str_replace('_', '-', substr($name, 5))] = $value; } } } else { @@ -1719,6 +1758,7 @@ class ServersController extends AppController if (!$server) { throw new NotFoundException(__('Invalid server')); } + @session_write_close(); // close session to allow concurrent requests $result = $this->Server->runConnectionTest($server); if ($result['status'] == 1) { if (isset($result['info']['version']) && preg_match('/^[0-9]+\.+[0-9]+\.[0-9]+$/', $result['info']['version'])) { diff --git a/app/Controller/ShadowAttributesController.php b/app/Controller/ShadowAttributesController.php index 48b448091..bfaf2be34 100644 --- a/app/Controller/ShadowAttributesController.php +++ b/app/Controller/ShadowAttributesController.php @@ -62,8 +62,10 @@ class ShadowAttributesController extends AppController // If the old_id is set to anything but 0 then we're dealing with a proposed edit to an existing attribute if ($shadow['old_id'] != 0) { // Find the live attribute by the shadow attribute's uuid, so we can begin editing it - $this->Attribute->contain = 'Event'; - $activeAttribute = $this->Attribute->findByUuid($shadow['uuid']); + $activeAttribute = $this->Attribute->find('first', [ + 'conditions' => ['Attribute.uuid' => $shadow['uuid']], + 'contain' => ['Event'], + ]); // Send those away that shouldn't be able to edit this if (!$this->__canModifyEvent($activeAttribute)) { @@ -76,7 +78,7 @@ class ShadowAttributesController extends AppController } if (isset($shadow['proposal_to_delete']) && $shadow['proposal_to_delete']) { - $this->Attribute->delete($activeAttribute['Attribute']['id']); + $this->Attribute->deleteAttribute($activeAttribute['Attribute']['id'], $this->Auth->user(), false); } else { // Update the live attribute with the shadow data $fieldsToUpdate = array('value1', 'value2', 'value', 'type', 'category', 'comment', 'to_ids', 'first_seen', 'last_seen'); @@ -597,8 +599,8 @@ class ShadowAttributesController extends AppController // if any of these fields is set, it will create a proposal public function edit($id = null) { - $existingAttribute = $this->ShadowAttribute->Event->Attribute->fetchAttributes($this->Auth->user(), array( - 'contain' => array('Event' => array('fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.distribution', 'Event.uuid'))), + $existingAttribute = $this->ShadowAttribute->Attribute->fetchAttributes($this->Auth->user(), array( + 'contain' => ['Event' => ['fields' => ['Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.distribution', 'Event.uuid', 'Event.user_id']]], 'conditions' => $this->__attributeIdToConditions($id), 'flatten' => 1 )); @@ -673,9 +675,9 @@ class ShadowAttributesController extends AppController $sa = $this->ShadowAttribute->find( 'first', array( - 'conditions' => array('ShadowAttribute.id' => $this->ShadowAttribute->id), - 'recursive' => -1, - 'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp', 'first_seen', 'last_seen') + 'conditions' => array('ShadowAttribute.id' => $this->ShadowAttribute->id), + 'recursive' => -1, + 'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp', 'first_seen', 'last_seen') ) ); $this->set('ShadowAttribute', $sa['ShadowAttribute']); @@ -904,7 +906,24 @@ class ShadowAttributesController extends AppController } $params = array( 'conditions' => $conditions, - 'fields' => array('ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.timestamp', 'ShadowAttribute.first_seen', 'ShadowAttribute.last_seen'), + 'fields' => array( + 'ShadowAttribute.id', + 'ShadowAttribute.old_id', + 'ShadowAttribute.event_id', + 'ShadowAttribute.type', + 'ShadowAttribute.category', + 'ShadowAttribute.uuid', + 'ShadowAttribute.to_ids', + 'ShadowAttribute.value', + 'ShadowAttribute.comment', + 'ShadowAttribute.org_id', + 'ShadowAttribute.timestamp', + 'ShadowAttribute.first_seen', + 'ShadowAttribute.last_seen', + 'ShadowAttribute.deleted', + 'ShadowAttribute.proposal_to_delete', + 'ShadowAttribute.disable_correlation' + ), 'contain' => array( 'Event' => array( 'fields' => array('id', 'org_id', 'info', 'orgc_id', 'uuid'), diff --git a/app/Controller/SightingsController.php b/app/Controller/SightingsController.php index bb5259072..7ba059918 100644 --- a/app/Controller/SightingsController.php +++ b/app/Controller/SightingsController.php @@ -66,7 +66,8 @@ class SightingsController extends AppController $filters = !empty($this->request->data['filters']) ? $this->request->data['filters'] : false; } if (!$error) { - $result = $this->Sighting->saveSightings($id, $values, $timestamp, $this->Auth->user(), $type, $source, false, true, false, $filters); + $publish_sighting = !empty(Configure::read('Sightings_enable_realtime_publish')); + $result = $this->Sighting->saveSightings($id, $values, $timestamp, $this->Auth->user(), $type, $source, false, $publish_sighting, false, $filters); } if (!is_numeric($result)) { $error = $result; diff --git a/app/Controller/TagsController.php b/app/Controller/TagsController.php index 89bec4f2d..d1cabe53f 100644 --- a/app/Controller/TagsController.php +++ b/app/Controller/TagsController.php @@ -60,7 +60,7 @@ class TagsController extends AppController $this->paginate['conditions']['AND'][] = ['LOWER(Tag.name) LIKE' => '%' . strtolower($passedArgsArray['searchall']) . '%']; } foreach (['name', 'filter', 'search'] as $f) { - if (!empty($passedArgsArray['name'])) { + if (!empty($passedArgsArray[$f])) { $this->paginate['conditions']['AND'][] = ['LOWER(Tag.name)' => strtolower($passedArgsArray[$f])]; } } @@ -367,6 +367,9 @@ class TagsController extends AppController // Remove galaxy tags $event = $this->Tag->removeGalaxyClusterTags($user, $event); + $highlightedTags = $this->Taxonomy->getHighlightedTags($this->Taxonomy->getHighlightedTaxonomies(), $event['EventTag']); + $this->set('highlightedTaxonomies', $highlightedTags); + $this->set('tags', $event['EventTag']); $this->set('missingTaxonomies', $this->Tag->EventTag->Event->missingTaxonomies($event)); $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($event['EventTag']); diff --git a/app/Controller/TaxiiServersController.php b/app/Controller/TaxiiServersController.php new file mode 100644 index 000000000..69fa9c4a6 --- /dev/null +++ b/app/Controller/TaxiiServersController.php @@ -0,0 +1,231 @@ +request->params['action'] || 'getCollections' == $this->request->params['action']) { + $this->Security->csrfCheck = false; + } + if ($this->request->params['action'] === 'add' || $this->request->params['action'] === 'edit') { + $this->Security->unlockedFields = ['api_root', 'collection']; + } + parent::beforeFilter(); + } + + public $paginate = array( + 'limit' => 60, + 'maxLimit' => 9999 + ); + + public function index() + { + $params = [ + 'filters' => ['name', 'url', 'uuid'], + 'quickFilters' => ['name'] + ]; + $this->CRUD->index($params); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'list_taxii')); + } + + public function add() + { + $params = []; + $this->CRUD->add($params); + if ($this->restResponsePayload) { + return $this->restResponsePayload; + } + $dropdownData = []; + $this->set(compact('dropdownData')); + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'add_taxii')); + } + + public function edit($id) + { + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'edit_taxii')); + $this->set('id', $id); + $params = []; + $this->CRUD->edit($id, $params); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $dropdownData = []; + $this->set(compact('dropdownData')); + $this->render('add'); + } + + public function delete($id) + { + $this->CRUD->delete($id); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + } + + public function view($id) + { + $this->set('menuData', ['menuList' => 'sync', 'menuItem' => 'view_taxii']); + $this->CRUD->view($id); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $this->set('id', $id); + } + + public function push($id) + { + $this->set('menuData', ['menuList' => 'sync', 'menuItem' => 'push_taxii']); + $taxii_server = $this->TaxiiServer->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + if (empty($taxii_server)) { + throw new NotFoundException(__('Invalid Taxii Server ID provided.')); + } + + if ($this->request->is('post')) { + $result = $this->TaxiiServer->pushRouter($taxii_server['TaxiiServer']['id'], $this->Auth->user()); + $message = __('Taxii push initiated.'); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('TaxiiServers', 'push', $id, false, $message); + } else { + $this->Flash->success($message); + $this->redirect($this->referer()); + } + } else { + $this->set('id', $taxii_server['TaxiiServer']['id']); + $this->set('title', __('Push data to TAXII server')); + $this->set('question', __('Are you sure you want to Push data as configured in the filters to the TAXII server?')); + $this->set('actionName', __('Push')); + $this->layout = 'ajax'; + $this->render('/genericTemplates/confirm'); + } + } + + public function getRoot() + { + if (empty($this->request->data['baseurl'])) { + return $this->RestResponse->saveFailResponse( + 'TaxiiServers', 'getRoot', null, __('No baseurl set.'), $this->response->type() + ); + } else { + $this->request->data['uri'] = '/taxii2/'; + $result = $this->TaxiiServer->queryInstance( + [ + 'TaxiiServer' => $this->request->data, + 'type' => 'get' + ] + ); + if (is_array($result)) { + $results = []; + foreach ($result['api_roots'] as $api_root) { + $api_root = explode('/', trim($api_root, '/')); + $api_root = end($api_root); + $results[$api_root] = $this->request->data['baseurl'] . '/' . $api_root . '/'; + } + return $this->RestResponse->viewData($results, 'json'); + } else { + return $this->RestResponse->saveFailResponse( + 'TaxiiServers', 'getRoot', null, $result, $this->response->type() + ); + } + } + } + + public function getCollections() + { + if (empty($this->request->data['baseurl'])) { + return $this->RestResponse->saveFailResponse( + 'TaxiiServers', 'getCollections', null, __('No baseurl set.'), $this->response->type() + ); + } + if (empty($this->request->data['api_root'])) { + return $this->RestResponse->saveFailResponse( + 'TaxiiServers', 'getCollections', null, __('No api_root set.'), $this->response->type() + ); + } + $this->request->data['uri'] = '/' . $this->request->data['api_root'] . '/collections/'; + $result = $this->TaxiiServer->queryInstance( + [ + 'TaxiiServer' => $this->request->data, + 'type' => 'get' + ] + ); + if (is_array($result)) { + $results = []; + foreach ($result['collections'] as $collection) { + if (!empty($collection['can_write'])) { + $versions = ''; + if (!empty($collection['media_types'])) { + if (!is_array(($collection['media_types']))) { + $collection['media_types'] = [$collection['media_types']]; + } + $versions = []; + foreach ($collection['media_types'] as $media_type) { + $media_type = explode('=', $media_type); + $media_type = end($media_type); + $versions[$media_type] = true; + } + $versions = implode(', ', array_keys($versions)); + } + $text = (empty($versions) ? '' : '[' . $versions . '] ') . $collection['title']; + $results[$collection['id']] = $text; + } + } + return $this->RestResponse->viewData($results, 'json'); + } else { + return $this->RestResponse->saveFailResponse( + 'TaxiiServers', 'getRoot', null, $result, $this->response->type() + ); + } + } + + public function collectionsIndex($id) + { + $result = $this->TaxiiServer->getCollections($id); + if ($this->_isRest()) { + return $this->RestResponse->viewData($result, $this->response->type()); + } else { + App::uses('CustomPaginationTool', 'Tools'); + $customPagination = new CustomPaginationTool(); + $customPagination->truncateAndPaginate($result, $this->params, false, true); + $this->set('data', $result); + $this->set('id', $id); + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'list_taxii_collections')); + } + + } + + public function objectsIndex($id, $collection_id, $next = null) + { + $result = $this->TaxiiServer->getObjects($id, $collection_id, $next); + if ($this->_isRest()) { + return $this->RestResponse->viewData($result, $this->response->type()); + } else { + $this->set('data', $result['objects']); + $this->set('more', $result['more']); + $this->set('next', isset($result['next']) ? $result['next'] : null); + $this->set('id', $id); + $this->set('collection_id', $collection_id); + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'list_taxii_collection_objects')); + } + } + + public function objectView($server_id, $collection_id, $id) + { + $result = $this->TaxiiServer->getObject($id, $server_id, $collection_id); + $result = json_encode($result, JSON_PRETTY_PRINT); + $this->layout = false; + $this->set('title', h($id)); + $this->set('json', $result); + $this->render('/genericTemplates/display'); + } +} diff --git a/app/Controller/TaxonomiesController.php b/app/Controller/TaxonomiesController.php index afbb6c22c..b47b80617 100644 --- a/app/Controller/TaxonomiesController.php +++ b/app/Controller/TaxonomiesController.php @@ -59,7 +59,7 @@ class TaxonomiesController extends AppController public function view($id) { - $taxonomy = $this->Taxonomy->getTaxonomy($id, ['full' => $this->_isRest()]); + $taxonomy = $this->Taxonomy->getTaxonomy($id, $this->_isRest()); if (empty($taxonomy)) { throw new NotFoundException(__('Taxonomy not found.')); } @@ -498,6 +498,32 @@ class TaxonomiesController extends AppController $this->render('ajax/toggle_required'); } + public function toggleHighlighted($id) + { + $taxonomy = $this->Taxonomy->find('first', array( + 'recursive' => -1, + 'conditions' => array('Taxonomy.id' => $id) + )); + if (empty($taxonomy)) { + return $this->RestResponse->saveFailResponse('Taxonomy', 'toggleHighlighted', $id, 'Invalid Taxonomy', $this->response->type()); + } + if ($this->request->is('post')) { + $taxonomy['Taxonomy']['highlighted'] = $this->request->data['Taxonomy']['highlighted']; + $result = $this->Taxonomy->save($taxonomy); + if ($result) { + return $this->RestResponse->saveSuccessResponse('Taxonomy', 'toggleHighlighted', $id, $this->response->type()); + } else { + return $this->RestResponse->saveFailResponse('Taxonomy', 'toggleHighlighted', $id, $this->validationError, $this->response->type()); + } + } + + $this->set('highlighted', !$taxonomy['Taxonomy']['highlighted']); + $this->set('id', $id); + $this->autoRender = false; + $this->layout = false; + $this->render('ajax/toggle_highlighted'); + } + /** * @param string $action * @param int $modelId diff --git a/app/Controller/TemplatesController.php b/app/Controller/TemplatesController.php index 2ea4e9108..05dbd8879 100644 --- a/app/Controller/TemplatesController.php +++ b/app/Controller/TemplatesController.php @@ -18,7 +18,7 @@ class TemplatesController extends AppController public function beforeFilter() { // TODO REMOVE parent::beforeFilter(); - $this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile'); + $this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile', 'saveElementSorting'); } public function index() @@ -188,7 +188,7 @@ class TemplatesController extends AppController $this->request->onlyAllow('ajax'); $orderedElements = $this->request->data; foreach ($orderedElements as $key => $e) { - $orderedElements[$key] = ltrim($e, 'id_'); + $orderedElements[$key] = (int)ltrim($e, 'id_'); } $extractedIds = array(); foreach ($orderedElements as $element) { diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index b8f75c610..ee3f20cb9 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -1,5 +1,5 @@ json_encode(array('saved' => false, 'errors' => 'Something went wrong, please try again later.')), 'status'=>200, 'type' => 'json')); } - public function unsubscribe($code) + public function unsubscribe($code, $type = null) { + if ($type === null) { + $type = 'autoalert'; + } else if (!in_array($type, ['autoalert', 'notification_daily', 'notification_weekly', 'notification_monthly'], true)) { + throw new NotFoundException("Invalid type $type."); + } + $user = $this->Auth->user(); if (!hash_equals($this->User->unsubscribeCode($user), rtrim($code, '.'))) { @@ -126,11 +137,11 @@ class UsersController extends AppController $this->redirect(['action' => 'view', 'me']); } - if ($user['autoalert']) { - $this->User->updateField($this->Auth->user(), 'autoalert', false); - $this->Flash->success(__('Successfully unsubscribed from event alert.')); + if ($user[$type]) { + $this->User->updateField($user, $type, false); + $this->Flash->success(__('Successfully unsubscribed from notification.')); } else { - $this->Flash->info(__('Already unsubscribed from event alert.')); + $this->Flash->info(__('Already unsubscribed from notification.')); } $this->redirect(['action' => 'view', 'me']); } @@ -255,6 +266,77 @@ class UsersController extends AppController $this->set('canFetchPgpKey', $this->__canFetchPgpKey()); } + private function __pw_change($user, $source, &$abortPost, $token = false) + { + if (!isset($this->request->data['User'])) { + $this->request->data = array('User' => $this->request->data); + } + if (Configure::read('Security.require_password_confirmation')) { + if (!empty($this->request->data['User']['current_password'])) { + $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']); + if (!$hashed) { + $message = __('Invalid password. Please enter your current password to continue.'); + if ($this->_isRest()) { + return $this->RestResponse->saveFailResponse('Users', $source, false, $message, $this->response->type()); + } + $abortPost = true; + $this->Flash->error($message); + } + unset($this->request->data['User']['current_password']); + } else if (!$this->_isRest()) { + $message = __('Please enter your current password to continue.'); + if ($this->_isRest()) { + return $this->RestResponse->saveFailResponse('Users', $source, false, $message, $this->response->type()); + } + $abortPost = true; + $this->Flash->info($message); + } + } + $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['password']); + if ($hashed) { + $message = __('Submitted new password cannot be the same as the current one'); + $abortPost = true; + } + if (!$abortPost) { + // What fields should be saved (allowed to be saved) + $user['User']['change_pw'] = 0; + $user['User']['password'] = $this->request->data['User']['password']; + if ($this->_isRest()) { + $user['User']['confirm_password'] = $this->request->data['User']['password']; + } else { + $user['User']['confirm_password'] = $this->request->data['User']['confirm_password']; + } + $temp = $user['User']['password']; + // Save the data + if ($this->User->save($user)) { + if ($token) { + $this->User->purgeForgetToken($token); + } + $message = __('Password Changed.'); + // log as System if the reset comes from an unauthed user using password_reset tokens + $logUser = empty($this->Auth->user()) ? 'SYSTEM' : $this->Auth->user(); + $this->User->extralog($logUser, $source, null, null, $user); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', $source, false, $this->response->type(), $message); + } + $this->Flash->success($message); + $this->redirect(array('action' => 'view', $user['User']['id'])); + } else { + $message = __('The password could not be updated. Make sure you meet the minimum password length / complexity requirements.'); + if ($this->_isRest()) { + return $this->RestResponse->saveFailResponse('Users', $source, false, $message, $this->response->type()); + } + $this->Flash->error($message); + } + } else { + if ($this->_isRest()) { + return $this->RestResponse->saveFailResponse('Users', $source, false, $message, $this->response->type()); + } else { + $this->Flash->error($message); + } + } + } + public function change_pw() { $id = $this->Auth->user('id'); @@ -263,69 +345,8 @@ class UsersController extends AppController 'recursive' => -1 )); if ($this->request->is('post') || $this->request->is('put')) { - if (!isset($this->request->data['User'])) { - $this->request->data = array('User' => $this->request->data); - } $abortPost = false; - if (Configure::read('Security.require_password_confirmation')) { - if (!empty($this->request->data['User']['current_password'])) { - $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']); - if (!$hashed) { - $message = __('Invalid password. Please enter your current password to continue.'); - if ($this->_isRest()) { - return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); - } - $abortPost = true; - $this->Flash->error($message); - } - unset($this->request->data['User']['current_password']); - } else if (!$this->_isRest()) { - $message = __('Please enter your current password to continue.'); - if ($this->_isRest()) { - return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); - } - $abortPost = true; - $this->Flash->info($message); - } - } - $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['password']); - if ($hashed) { - $message = __('Submitted new password cannot be the same as the current one'); - $abortPost = true; - } - if (!$abortPost) { - // What fields should be saved (allowed to be saved) - $user['User']['change_pw'] = 0; - $user['User']['password'] = $this->request->data['User']['password']; - if ($this->_isRest()) { - $user['User']['confirm_password'] = $this->request->data['User']['password']; - } else { - $user['User']['confirm_password'] = $this->request->data['User']['confirm_password']; - } - $temp = $user['User']['password']; - // Save the data - if ($this->User->save($user)) { - $message = __('Password Changed.'); - $this->User->extralog($this->Auth->user(), "change_pw", null, null, $user); - if ($this->_isRest()) { - return $this->RestResponse->saveSuccessResponse('User', 'change_pw', false, $this->response->type(), $message); - } - $this->Flash->success($message); - $this->redirect(array('action' => 'view', $id)); - } else { - $message = __('The password could not be updated. Make sure you meet the minimum password length / complexity requirements.'); - if ($this->_isRest()) { - return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); - } - $this->Flash->error($message); - } - } else { - if ($this->_isRest()) { - return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); - } else { - $this->Flash->error($message); - } - } + return $this->__pw_change($user, 'change_pw', $abortPost); } if ($this->_isRest()) { return $this->RestResponse->describe('Users', 'change_pw', false, $this->response->type()); @@ -410,6 +431,12 @@ class UsersController extends AppController $this->paginate['conditions']['AND'][] = $test; } } + } elseif ("inactive" == $searchTerm) { + if ($v == "1") { + $this->paginate['conditions']['AND'][] = array('User.last_login <' => time() - 60*60*24*30); // older than a month + $this->paginate['conditions']['AND'][] = array('User.current_login <' => time() - 60*60*24*30); // older than a month + $this->paginate['conditions']['AND'][] = array('User.last_api_access <' => time() - 60*60*24*30); // older than a month + } } $passedArgsArray[$searchTerm] = $v; } @@ -487,7 +514,7 @@ class UsersController extends AppController public function admin_filterUserIndex() { $passedArgsArray = array(); - $booleanFields = array('autoalert', 'contactalert', 'termsaccepted', 'disabled'); + $booleanFields = array('autoalert', 'contactalert', 'termsaccepted', 'disabled', 'inactive'); $textFields = array('role', 'email'); if (empty(Configure::read('Security.advanced_authkeys'))) { $textFields[] = 'authkey'; @@ -559,7 +586,7 @@ class UsersController extends AppController { $user = $this->User->find('first', array( 'recursive' => -1, - 'conditions' => $this->__adminFetchConditions($id), + 'conditions' => $this->__adminFetchConditions($id, $edit=False), 'contain' => [ 'UserSetting', 'Role', @@ -582,17 +609,7 @@ class UsersController extends AppController unset($user['User']['authkey']); } if ($this->_isRest()) { - $user['User']['password'] = '*****'; - $temp = array(); - foreach ($user['UserSetting'] as $v) { - $temp[$v['setting']] = $v['value']; - } - $user['UserSetting'] = $temp; - return $this->RestResponse->viewData(array( - 'User' => $user['User'], - 'Role' => $user['Role'], - 'UserSetting' => $user['UserSetting'] - ), $this->response->type()); + return $this->RestResponse->viewData($this->__massageUserObject($user), $this->response->type()); } $this->set('user', $user); @@ -848,9 +865,6 @@ class UsersController extends AppController // MISP automatically chooses the first available option for the user as the selected setting (usually user) // Org admin is downgraded to a user // Now we make an exception for the already assigned role, both in the form and the actual edit. - if (!empty($userToEdit['Role']['perm_site_admin'])) { - throw new NotFoundException(__('Invalid user')); - } $allowedRole = $userToEdit['User']['role_id']; $params = array('conditions' => array( 'OR' => array( @@ -1080,27 +1094,36 @@ class UsersController extends AppController public function admin_delete($id = null) { - $this->request->allowMethod(['post', 'delete']); - - $user = $this->User->find('first', array( - 'conditions' => $this->__adminFetchConditions($id), - 'recursive' => -1 - )); - if (empty($user)) { - throw new NotFoundException(__('Invalid user')); - } - if ($this->User->delete($id)) { - $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; - $this->User->extralog($this->Auth->user(), "delete", $fieldsDescrStr, ''); - if ($this->_isRest()) { - return $this->RestResponse->saveSuccessResponse('User', 'admin_delete', $id, $this->response->type(), 'User deleted.'); - } else { - $this->Flash->success(__('User deleted')); - $this->redirect(array('action' => 'index')); + if ($this->request->is('post') || $this->request->is('delete')) { + $user = $this->User->find('first', array( + 'conditions' => $this->__adminFetchConditions($id), + 'recursive' => -1, + 'contain' => array('Role') + )); + if (empty($user)) { + throw new NotFoundException(__('Invalid user')); } + if ($this->User->delete($id)) { + $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; + $this->User->extralog($this->Auth->user(), "delete", $fieldsDescrStr, ''); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', 'admin_delete', $id, $this->response->type(), 'User deleted.'); + } else { + $this->Flash->success(__('User deleted')); + $this->redirect(array('action' => 'index')); + } + } + $this->Flash->error(__('User was not deleted')); + $this->redirect(array('action' => 'index')); + } else { + $this->set( + 'question', + __('Are you sure you want to delete the user? It is highly recommended to never delete users but to disable them instead.') + ); + $this->set('title', __('Delete user')); + $this->set('actionName', 'Delete'); + $this->render('/genericTemplates/confirm'); } - $this->Flash->error(__('User was not deleted')); - $this->redirect(array('action' => 'index')); } public function admin_massToggleField($fieldName, $enabled) @@ -1115,6 +1138,7 @@ class UsersController extends AppController 'conditions' => $this->__adminFetchConditions($ids), 'recursive' => -1, 'fields' => ['id', $fieldName], + 'contain' => array('Role') ]); if (empty($users)) { throw new NotFoundException(__('Invalid users')); @@ -1167,23 +1191,35 @@ class UsersController extends AppController if ($this->request->is(['post', 'put'])) { $this->Bruteforce = ClassRegistry::init('Bruteforce'); if (!empty($this->request->data['User']['email'])) { - if ($this->Bruteforce->isBlocklisted($_SERVER['REMOTE_ADDR'], $this->request->data['User']['email'])) { + if ($this->Bruteforce->isBlocklisted($this->request->data['User']['email'])) { $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; throw new ForbiddenException('You have reached the maximum number of login attempts. Please wait ' . $expire . ' seconds and try again.'); } } - // Check the length of the user's authkey match old format. This can be removed in future. - $userPass = $this->User->find('first', [ + $unauth_user = $this->User->find('first', [ 'conditions' => ['User.email' => $this->request->data['User']['email']], - 'fields' => ['User.password'], + 'fields' => ['User.password', 'User.totp', 'User.hotp_counter'], 'recursive' => -1, ]); - if (!empty($userPass) && strlen($userPass['User']['password']) === 40) { - $oldHash = true; - unset($this->Auth->authenticate['Form']['passwordHasher']); // use default password hasher - $this->Auth->constructAuthenticate(); + if ($unauth_user) { + // Check the length of the user's authkey match old format. This can be removed in future. + $userPass = $unauth_user['User']['password']; + if (!empty($userPass) && strlen($userPass) === 40) { + $oldHash = true; + unset($this->Auth->authenticate['Form']['passwordHasher']); // use default password hasher + $this->Auth->constructAuthenticate(); + } + // user has TOTP token, check creds and redirect to TOTP validation + if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) { + $user = $this->Auth->identify($this->request, $this->response); + if ($user && !$user['disabled']) { + $this->Session->write('otp_user', $user); + return $this->redirect('otp'); + } + } } } + // if instance requires email OTP if ($this->request->is('post') && Configure::read('Security.email_otp_enabled')) { $user = $this->Auth->identify($this->request, $this->response); if ($user && !$user['disabled']) { @@ -1213,9 +1249,14 @@ class UsersController extends AppController if ($this->request->is('post') || $this->request->is('put')) { $this->Flash->error(__('Invalid username or password, try again')); if (isset($this->request->data['User']['email'])) { - $this->Bruteforce->insert($_SERVER['REMOTE_ADDR'], $this->request->data['User']['email']); + $this->Bruteforce->insert($this->request->data['User']['email']); } } + + // + // Actions needed for the first access, when the database is not populated yet. + // + // populate the DB with the first role (site admin) if it's empty if (!$this->User->Role->hasAny()) { $siteAdmin = array('Role' => array( @@ -1265,7 +1306,6 @@ class UsersController extends AppController } $org_id = $this->User->Organisation->id; } - // populate the DB with the first user if it's empty if (!$this->User->hasAny()) { if (!isset($org_id)) { @@ -1277,7 +1317,6 @@ class UsersController extends AppController $org_id = $firstOrg['Organisation']['id']; } } - $this->User->runUpdates(); $this->User->createInitialUser($org_id); } @@ -1286,25 +1325,25 @@ class UsersController extends AppController private function _postlogin() { - $this->User->extralog($this->Auth->user(), "login"); - $this->User->Behaviors->disable('SysLogLogable.SysLogLogable'); - $this->User->id = $this->Auth->user('id'); - $user = $this->User->find('first', array( - 'conditions' => array( - 'User.id' => $this->Auth->user('id') - ), - 'recursive' => -1 - )); - unset($user['User']['password']); - $this->User->updateLoginTimes($user['User']); - $lastUserLogin = $user['User']['last_login']; - $this->User->Behaviors->enable('SysLogLogable.SysLogLogable'); - if ($lastUserLogin) { - $readableDatetime = (new DateTime())->setTimestamp($lastUserLogin)->format('D, d M y H:i:s O'); // RFC822 - $this->Flash->info(__('Welcome! Last login was on %s', $readableDatetime)); - } - // no state changes are ever done via GET requests, so it is safe to return to the original page: - $this->redirect($this->Auth->redirectUrl()); + $this->User->extralog($this->Auth->user(), "login"); + $this->User->Behaviors->disable('SysLogLogable.SysLogLogable'); + $this->User->id = $this->Auth->user('id'); + $user = $this->User->find('first', array( + 'conditions' => array( + 'User.id' => $this->Auth->user('id') + ), + 'recursive' => -1 + )); + unset($user['User']['password']); + $this->User->updateLoginTimes($user['User']); + $lastUserLogin = $user['User']['last_login']; + $this->User->Behaviors->enable('SysLogLogable.SysLogLogable'); + if ($lastUserLogin) { + $readableDatetime = (new DateTime())->setTimestamp($lastUserLogin)->format('D, d M y H:i:s O'); // RFC822 + $this->Flash->info(__('Welcome! Last login was on %s', $readableDatetime)); + } + // no state changes are ever done via GET requests, so it is safe to return to the original page: + $this->redirect($this->Auth->redirectUrl()); } public function routeafterlogin() @@ -1344,6 +1383,7 @@ class UsersController extends AppController unset($user['User']['password']); $user['User']['action'] = 'logout'; $this->User->save($user['User'], true, array('id')); + $this->Session->write('otp_secret', null); $this->redirect($this->Auth->logout()); } @@ -1536,8 +1576,9 @@ class UsersController extends AppController public function admin_quickEmail($user_id) { $user = $this->User->find('first', array( - 'conditions' => $this->__adminFetchConditions($user_id), - 'recursive' => -1 + 'conditions' => $this->__adminFetchConditions($user_id, $edit=False), + 'recursive' => -1, + 'contain' => array('Role') )); $error = false; if (empty($user)) { @@ -1701,7 +1742,8 @@ class UsersController extends AppController { $user = $this->User->find('first', array( 'conditions' => $this->__adminFetchConditions($id), - 'recursive' => -1 + 'recursive' => -1, + 'contain' => array('Role') )); if (empty($user)) { throw new NotFoundException(__('Invalid user')); @@ -1731,6 +1773,178 @@ class UsersController extends AppController } } + public function otp() + { + $user = $this->Session->read('otp_user'); + if (empty($user)) { + $this->redirect('login'); + } + if ($this->request->is('post') && isset($this->request->data['User']['otp'])) { + $this->Bruteforce = ClassRegistry::init('Bruteforce'); + if ($this->Bruteforce->isBlocklisted($user['email'])) { + $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; + throw new ForbiddenException('You have reached the maximum number of login attempts. Please wait ' . $expire . ' seconds and try again.'); + } + $secret = $user['totp']; + $totp = \OTPHP\TOTP::create($secret); + $hotp = \OTPHP\HOTP::create($secret); + if ($totp->verify(trim($this->request->data['User']['otp']))) { + // OTP is correct, we login the user with CakePHP + $this->Auth->login($user); + $this->_postlogin(); + } elseif (isset($user['hotp_counter']) && $hotp->verify(trim($this->request->data['User']['otp']), $user['hotp_counter'])) { + // HOTP is correct, update the counter and login + $this->User->id = $user['id']; + $this->User->saveField('hotp_counter', $user['hotp_counter']+1); + $this->Auth->login($user); + $this->_postlogin(); + } else { + $this->Flash->error(__("The OTP is incorrect or has expired")); + $fieldsDescrStr = 'User (' . $user['id'] . '): ' . $user['email']. ' wrong OTP token'; + $this->User->extralog($user, "login_fail", $fieldsDescrStr, ''); + $this->Bruteforce->insert($user['email']); + } + } + // GET Request or wrong OTP, just show the form + $this->set('totp', $user['totp']? true : false); + $this->set('hotp_counter', $user['hotp_counter']); + } + + public function hotp() + { + if (!class_exists('\OTPHP\HOTP')) { + $this->Flash->error(__("The required PHP libraries to support OTP are not installed. Please contact your administrator to address this.")); + $this->redirect($this->referer()); + } + + $user = $this->User->find('first', array( + 'recursive' => -1, + 'conditions' => array('User.id' => $this->Auth->user('id')), + 'fields' => array( + 'totp', 'email', 'id', 'hotp_counter' + ) + )); + $hotp = \OTPHP\HOTP::create($user['User']['totp'], $user['User']['hotp_counter']); + $hotp_codes = []; + for ($i=$user['User']['hotp_counter']; $i < $user['User']['hotp_counter']+50 ; $i++) { + $hotp_codes[$i] = $hotp->at($i); + } + $this->set('hotp_codes', $hotp_codes); + } + + public function totp_new() + { + if (Configure::read('LinOTPAuth.enabled')) { + $this->Flash->error(__("LinOTP is enabled for this instance. Built-in TOTP should not be used.")); + $this->redirect($this->referer()); + } + if (!class_exists('\OTPHP\TOTP') || !class_exists('\BaconQrCode\Writer')) { + $this->Flash->error(__("The required PHP libraries to support TOTP are not installed. Please contact your administrator to address this.")); + $this->redirect($this->referer()); + } + // only allow the users themselves to generate a TOTP secret. + // If TOTP is enforced they will be invited to generate it at first login + $user = $this->User->find('first', array( + 'recursive' => -1, + 'conditions' => array('User.id' => $this->Auth->user('id')), + 'fields' => array( + 'totp', 'email', 'id' + ) + )); + if (empty($user)) { + throw new NotFoundException(__('Invalid user')); + } + // do not allow this page to be accessed if the current already has a TOTP. Just redirect to the users details page with a Flash->error() + if ($user['User']['totp']) { + $this->Flash->error(__("Your account already has a TOTP. Please contact your organisational administrator to change or delete it.")); + $this->redirect($this->referer()); + } + + if ($this->request->is('get')) { + $totp = \OTPHP\TOTP::create(); + $secret = $totp->getSecret(); + $this->Session->write('otp_secret', $secret); // Store in session, we want to create a new secret each time the totp_new() function is queried via a GET (this will not impede incorrect confirmation attempty) + } else { + $secret = $this->Session->read('otp_secret'); // Reload secret from session. + if ($secret) { + $totp = \OTPHP\TOTP::create($secret); + } else { + $totp = \OTPHP\TOTP::create(); + $secret = $totp->getSecret(); + $this->Session->write('otp_secret', $secret); // Store in session, we want to keep reusing the same QR code until the user correctly enters the generated key on their authenticator + } + } + if ($this->request->is('post') && isset($this->request->data['User']['otp'])) { + if ($totp->verify(trim($this->request->data['User']['otp']))) { + // we know the user can generate TOTP tokens, save the new TOTP to the database + $this->User->id = $user['User']['id']; + $this->User->saveField('totp', $secret); + $this->User->saveField('hotp_counter', 0); + $this->_refreshAuth(); + $this->Flash->info(__('The OTP is correct and now active for your account.')); + $fieldsDescrStr = 'User (' . $user['User']['id'] . '): ' . $user['User']['email']. ' TOTP token created'; + $this->User->extralog($this->Auth->user(), "update", $fieldsDescrStr, ''); + // redirect to a page that gives the next 50 HOTP + $this->redirect(array('controller' => 'users', 'action'=> 'hotp')); + } else { + $this->Flash->error(__("The OTP is incorrect or has expired.")); + } + } else { + // GET Request, just show the form + } + // generate QR code with the secret + $renderer = new \BaconQrCode\Renderer\ImageRenderer( + new \BaconQrCode\Renderer\RendererStyle\RendererStyle(200), + new \BaconQrCode\Renderer\Image\SvgImageBackEnd() + ); + $writer = new \BaconQrCode\Writer($renderer); + $totp->setLabel($user['User']['email']); + if (Configure::read('Security.otp_issuer')) { + $totp->setIssuer(Configure::read('Security.otp_issuer')); + } else { + $totp->setIssuer(Configure::read('MISP.org') . ' MISP'); + } + $qrcode = $writer->writeString($totp->getProvisioningUri()); + $qrcode = preg_replace('/^.+\n/', '', $qrcode); // ignore first set('qrcode', $qrcode); + $this->set('secret', $secret); + } + + public function totp_delete($id) { + if ($this->request->is('post') || $this->request->is('delete')) { + $user = $this->User->find('first', array( + 'conditions' => $this->__adminFetchConditions($id), + 'recursive' => -1, + 'contain' => array('Role') + )); + if (empty($user)) { + throw new NotFoundException(__('Invalid user')); + } + $this->User->id = $id; + if ($this->User->saveField('totp', null)) { + $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email'] . ' TOTP deleted'; + $this->User->extralog($this->Auth->user(), "update", $fieldsDescrStr, ''); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', 'admin_totp_delete', $id, $this->response->type(), 'User TOTP deleted.'); + } else { + $this->Flash->success(__('User TOTP deleted')); + $this->redirect('/admin/users/index'); + } + } + $this->Flash->error(__('User TOTP was not deleted')); + $this->redirect('/admin/users/index'); + } else { + $this->set( + 'question', + __('Are you sure you want to delete the TOTP of the user?.') + ); + $this->set('title', __('Delete user TOTP')); + $this->set('actionName', 'Delete'); + $this->render('/genericTemplates/confirm'); + } + } + public function email_otp() { $user = $this->Session->read('email_otp_user'); @@ -1750,6 +1964,8 @@ class UsersController extends AppController $this->_postlogin(); } else { $this->Flash->error(__("The OTP is incorrect or has expired")); + $fieldsDescrStr = 'User (' . $user['id'] . '): ' . $user['email']. ' wrong email OTP token'; + $this->User->extralog($user, "login_fail", $fieldsDescrStr, ''); } } else { // GET Request @@ -1784,7 +2000,7 @@ class UsersController extends AppController $body = $this->__replaceEmailVariables($body); $body = str_replace('$validity', $validity, $body); $body = str_replace('$otp', $otp, $body); - $body = str_replace('$ip', $this->__getClientIP(), $body); + $body = str_replace('$ip', $this->_remoteIp(), $body); $body = str_replace('$username', $user['email'], $body); // Fetch user that contains also PGP or S/MIME keys for e-mail encryption @@ -1800,22 +2016,6 @@ class UsersController extends AppController } } - /** - * Helper function to determine the IP of a client (proxy aware) - */ - private function __getClientIP() { - $x_forwarded = filter_input(INPUT_SERVER, 'HTTP_X_FORWARDED_FOR', FILTER_SANITIZE_STRING); - $client_ip = filter_input(INPUT_SERVER, 'HTTP_CLIENT_IP', FILTER_SANITIZE_STRING); - if (!empty($x_forwarded)) { - $x_forwarded = explode(",", $x_forwarded); - return $x_forwarded[0]; - } elseif(!empty($client_ip)){ - return $client_ip; - } else { - return filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_STRING); - } - } - // shows some statistics about the instance public function statistics($page = 'data') { @@ -2831,7 +3031,7 @@ class UsersController extends AppController * @return array * @throws NotFoundException */ - private function __adminFetchConditions($id) + private function __adminFetchConditions($id, $edit = True) { if (empty($id)) { throw new NotFoundException(__('Invalid user')); @@ -2841,7 +3041,133 @@ class UsersController extends AppController $user = $this->Auth->user(); if (!$user['Role']['perm_site_admin']) { $conditions['User.org_id'] = $user['org_id']; // org admin + if ($edit) { + $conditions['Role.perm_site_admin'] = False; + } } return $conditions; } + + public function admin_destroy($id = null) + { + $conditionFields = ['id', 'email']; + $params = $this->IndexFilter->harvestParameters(['id', 'email']); + if (!empty($id)) { + $params['id'] = $id; + } + $conditions = []; + foreach ($conditionFields as $conditionField) { + if (!empty($params[$conditionField])) { + $conditions[$conditionField . ' LIKE'] = $params[$conditionField]; + } + } + if (!empty($conditions)) { + $user_ids = $this->User->find('list', [ + 'recursive' => -1, + 'fields' => ['email', 'id'], + 'conditions' => $conditions + ]); + } else { + $user_ids = [__('Every user') => 'all']; + } + if ($this->request->is('post')) { + $redis = RedisTool::init(); + $kill_before = time(); + foreach (array_values($user_ids) as $user_id) { + $redis->set('misp:session_destroy:' . $user_id, $kill_before); + } + $message = __( + 'Session destruction cutoff set to the current timestamp for the given selection (%s). Session(s) will be destroyed on the next user interaction.', + implode(', ', array_keys($user_ids)) + ); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', 'admin_destroy', false, $this->response->type(), $message); + } + $this->Flash->success($message); + $this->redirect($this->referer()); + } else { + $this->set( + 'question', + __( + 'Do you really wish to destroy the session for: %s ? The session destruction will occur when the users try to interact with MISP the next time.', + implode(', ', array_keys($user_ids)) + ) + ); + $this->set('title', __('Destroy sessions')); + $this->set('actionName', 'Destroy'); + $this->render('/genericTemplates/confirm'); + } + } + public function logout401() { + # You should read the documentation in docs/CONFIG.ApacheSecureAuth.md + # before using this endpoint. It is not useful without webserver config + # changes. + # To use this, set Plugin.CustomAuth_custom_logout to /users/logout401 + $this->response->statusCode(401); + } + + public function forgot() + { + if (empty(Configure::read('Security.allow_password_forgotten'))) { + $this->Flash->error(__('This feature is disabled.')); + $this->redirect('/'); + } + if (!empty($this->Auth->user()) && !$this->_isRest()) { + $this->Flash->info(__('You are already logged in, no need to ask for a password reset. Log out first.')); + $this->redirect('/'); + } + if ($this->request->is('post')) { + if (empty($this->request->data['User'])) { + $this->request->data = ['User' => $this->request->data]; + } + if (empty($this->request->data['User']['email'])) { + throw new MethodNotAllowedException(__('No email provided, cannot generate password reset message.')); + } + $user = [ + 'id' => 0, + 'email' => 'SYSTEM', + 'Organisation' => [ + 'name' => 'SYSTEM' + ] + ]; + $this->loadModel('Log'); + $this->Log->createLogEntry($user, 'forgot', 'User', 0, 'Password reset requested for: ' . $this->request->data['User']['email']); + $this->User->forgotRouter($this->request->data['User']['email'], $this->_remoteIp()); + $message = __('Password reset request submitted. If a valid user is found, you should receive an e-mail with a temporary reset link momentarily. Please be advised that this link is only valid for 10 minutes.'); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', 'forgot', false, $this->response->type(), $message); + } + $this->Flash->info($message); + $this->redirect('/'); + } + } + + public function password_reset($token) + { + if (empty(Configure::read('Security.allow_password_forgotten'))) { + $this->Flash->error(__('This feature is disabled.')); + $this->redirect('/'); + } + $this->loadModel('Server'); + $this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']); + $this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']); + if (!empty($this->Auth->user()) && !$this->_isRest()) { + $this->redirect('/'); + } + $user = $this->User->fetchForgottenPasswordUser($token); + if (empty($user)) { + $message = __('Invalid token, or password request token already expired.'); + if ($this->_isRest()) { + throw new MethodNotAllowedException($message); + } else { + $this->Flash->error($message); + $this->redirect('/'); + } + } + if ($this->request->is('post') || $this->request->is('put')) { + $abortPost = false; + return $this->__pw_change(['User' => $user], 'password_reset', $abortPost, $token); + } + } + } diff --git a/app/Controller/WorkflowsController.php b/app/Controller/WorkflowsController.php index a70962c4b..b935bfee4 100644 --- a/app/Controller/WorkflowsController.php +++ b/app/Controller/WorkflowsController.php @@ -67,6 +67,7 @@ class WorkflowsController extends AppController } else { $successMessage = __('Workflow saved.'); $savedWorkflow = $result['saved']; + $savedWorkflow = $this->Workflow->attachLabelToConnections($savedWorkflow); return $this->__getSuccessResponseBasedOnContext($successMessage, $savedWorkflow, 'edit', false, $redirectTarget); } } else { @@ -101,6 +102,9 @@ class WorkflowsController extends AppController } } $this->CRUD->view($id, [ + 'afterFind' => function($workflow) { + return $this->Workflow->attachLabelToConnections($workflow); + } ]); if ($this->IndexFilter->isRest()) { return $this->restResponsePayload; @@ -151,6 +155,7 @@ class WorkflowsController extends AppController } else { $workflow = $this->Workflow->fetchWorkflow($workflow_id); } + $workflow = $this->Workflow->attachLabelToConnections($workflow, $trigger_id); $modules = $this->Workflow->attachNotificationToModules($modules, $workflow); $this->loadModel('WorkflowBlueprint'); $workflowBlueprints = $this->WorkflowBlueprint->find('all'); @@ -285,6 +290,8 @@ class WorkflowsController extends AppController if ($this->_isRest()) { return $this->RestResponse->viewData($module, $this->response->type()); } + if (!isset($module['Workflow'])) + $module['Workflow'] = ['counter' => false, 'id' => false]; $this->set('data', $module); $this->set('menuData', ['menuList' => 'workflows', 'menuItem' => 'view_module']); } diff --git a/app/Lib/Dashboard/APIActivityWidget.php b/app/Lib/Dashboard/APIActivityWidget.php new file mode 100644 index 000000000..3ff0d7e54 --- /dev/null +++ b/app/Lib/Dashboard/APIActivityWidget.php @@ -0,0 +1,137 @@ + 'A list of filters by organisation meta information (sector, type, nationality, id, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed APIkeys. (-1 will list all) Default: -1', + 'days' => 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', + 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', + 'year' => 'Which contributed most this year? (boolean)', + ]; + public $description = 'Basic widget showing some server statistics in regards to MISP.'; + public $cacheLifetime = 10; + public $autoRefreshDelay = null; + private $User = null; + private $AuthKey = null; + + + private function getDates($options) + { + if (!empty($options['days'])) { + $begin = new DateTime(date('Y-m-d', strtotime(sprintf("-%s days", $options['days'])))); + } else if (!empty($options['month'])) { + $begin = new DateTime(date('Y-m-d', strtotime('first day of this month 00:00:00', time()))); + } else if (!empty($options['previous_month'])) { + $begin = new DateTime(date('Y-m-d', strtotime('first day of last month 00:00:00', time()))); + $end = new DateTime(date('Y-m-d', strtotime('last day of last month 23:59:59', time()))); + } else if (!empty($options['year'])) { + $begin = new DateTime(date('Y-m-d', strtotime('first day of this year 00:00:00', time()))); + } else { + $begin = new DateTime(date('Y-m-d', strtotime('-7 days', time())));; + } + + $end = isset($end) ? $end : new DateTime(); + $dates = new DatePeriod( + $begin, + new DateInterval('P1D'), + $end + ); + $results = []; + foreach ($dates as $date) { + $results[] = $date->format('Ymd'); + } + return $results; + } + + public function handler($user, $options = array()) + { + $this->User = ClassRegistry::init('User'); + $this->AuthKey = ClassRegistry::init('AuthKey'); + $redis = $this->User->setupRedis(); + if (!$redis) { + throw new NotFoundException(__('No redis connection found.')); + } + + $params = ['conditions' => []]; + $dates = $this->getDates($options); + $pipe = $redis->pipeline(); + foreach ($dates as $date) { + $pipe->zrange('misp:authkey_log:' . $date, 0, -1, true); + } + $temp = $pipe->exec(); + $raw_results = []; + $counts = []; + foreach ($dates as $k => $date) { + $raw_results[$date] = $temp[$k]; + if (!empty($temp[$k])) { + foreach ($temp[$k] as $key => $count) { + if (isset($counts[$key])) { + $counts[$key] += (int)$count; + } else { + $counts[$key] = (int)$count; + } + } + } + } + arsort($counts); + $this->AuthKey->Behaviors->load('Containable'); + $temp_apikeys = array_flip(array_keys($counts)); + foreach ($temp_apikeys as $apikey => $value) { + $temp_apikeys[$apikey] = $this->AuthKey->find('first', [ + 'conditions' => [ + 'AuthKey.authkey_start' => substr($apikey, 0, 4), + 'AuthKey.authkey_end' => substr($apikey, 4) + ], + 'fields' => ['AuthKey.authkey_start', 'AuthKey.authkey_end', 'AuthKey.id', 'User.id', 'User.email'], + 'recursive' => 1 + ]); + } + $results = []; + $baseurl = empty(Configure::read('MISP.external_baseurl')) ? h(Configure::read('MISP.baseurl')) : Configure::read('MISP.external_baseurl'); + foreach ($counts as $key => $junk) { + $data = $temp_apikeys[$key]; + if (!empty($data)) { + $results[] = [ + 'html_title' => sprintf( + '%s', + h($baseurl), + h($data['AuthKey']['id']), + $key + ), + 'html' => sprintf( + '%s (%s)', + h($counts[$key]), + h($baseurl), + h($data['User']['id']), + h($data['User']['email']) + ) + ]; + } else { + $results[] = [ + 'title' => $key, + 'html' => sprintf( + '%s (%s)', + h($counts[$key]), + __('An unknown key can be caused by the given key having been permanently deleted or falsely mis-identified (for the purposes of this widget) on instances using legacy API key authentication.'), + __('Unknown key') + ) + ]; + } + } + return $results; + } + + public function checkPermissions($user) + { + if (empty($user['Role']['perm_site_admin'])) { + return false; + } + return true; + } +} diff --git a/app/Lib/Dashboard/AttackWidget.php b/app/Lib/Dashboard/AttackWidget.php new file mode 100644 index 000000000..3c4f38952 --- /dev/null +++ b/app/Lib/Dashboard/AttackWidget.php @@ -0,0 +1,38 @@ + 'A list of restsearch filters to apply to the heatmap. (dictionary, prepending values with ! uses them as a negation)' + ]; + public $cacheLifetime = 1200; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'filters' + ]; + private $Event = null; + public $placeholder = +'{ + "filters": { + "attackGalaxy": "mitre-attack-pattern", + "timestamp": ["2023-01-01", "2023-03-31"], + "published": [0,1] + } +}'; + + public function handler($user, $options = array()) + { + $this->Event = ClassRegistry::init('Event'); + $data = null; + if (!empty($options['filters'])) { + $data = $this->Event->restSearch($user, 'attack', $options['filters']); + $data = JsonTool::decode($data->intoString()); + } + return $data; + } +} +?> diff --git a/app/Lib/Dashboard/EventEvolutionLineWidget.php b/app/Lib/Dashboard/EventEvolutionLineWidget.php new file mode 100644 index 000000000..e8d188813 --- /dev/null +++ b/app/Lib/Dashboard/EventEvolutionLineWidget.php @@ -0,0 +1,136 @@ + 'A list of filters by organisation meta information (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + 'start_date' => 'Start date, expressed in Y-m-d format (e.g. 2012-10-01)' + ]; + private $validFilterKeys = [ + 'nationality', + 'sector', + 'type', + 'name', + 'uuid' + ]; + + public $placeholder = + '{ + "filter": { + "sector": "financial" + }, + "start_date": "2017-01", +}'; + + private $Organisation = null; + private $Event = null; + + private function timeConditions($options) + { + if (!empty($options['start_date'])) { + $condition = strtotime($options['start_date']); + } else { + $condition = strtotime('2012-10-01'); + } + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + return $datetime->format('Y-m-d H:i:s'); + } + + public function handler($user, $options = array()) + { + $this->Organisation = ClassRegistry::init('Organisation'); + $this->Event = ClassRegistry::init('Event'); + $oparams = [ + 'conditions' => [ + 'AND' => ['Organisation.local' => !isset($options['local']) ? 1 : $options['local']] + ], + 'limit' => 10, + 'recursive' => -1 + ]; + $eparams = []; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $oparams['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $timeConditions = $this->timeConditions($options); + if ($timeConditions) { + $eparams['conditions']['AND'][] = ['Event.publish_timestamp >=' => strtotime($timeConditions)]; + } + $org_ids = $this->Organisation->find('list', [ + 'recursive' => -1, + 'conditions' => $oparams['conditions'], + 'fields' => ['id'] + ]); + $this->Event->virtualFields = [ + 'published_date' => null + ]; + $raw = $this->Event->find('all', [ + 'recursive' => -1, + 'conditions' => $eparams['conditions'], + 'fields' => ['DATE_FORMAT(FROM_UNIXTIME(Event.publish_timestamp), "%Y-%m") AS date', 'count(id) AS count'], + 'group' => 'MONTH(FROM_UNIXTIME(Event.publish_timestamp)), YEAR(FROM_UNIXTIME(Event.publish_timestamp))' + + ]); + + usort($raw, [$this, 'sortByCreationDate']); + $raw_padded = []; + $total = 0; + $default_start_date = empty($raw) ? '2012-10-01' : ($raw[0][0]['date'] . '-01'); + $start = new DateTime(empty($options['start_date']) ? $default_start_date : $options['start_date']); + $end = new DateTime(date('Y-m') . '-01'); + $interval = DateInterval::createFromDateString('1 month'); + $period = new DatePeriod($start, $interval, $end); + foreach ($period as $dt) { + $raw_padded[$dt->format('Y-m') . '-01'] = 0; + } + foreach ($raw as $datapoint) { + $raw_padded[$datapoint[0]['date'] . '-01'] = (int)$datapoint[0]['count']; + } + $total = 0; + foreach ($raw_padded as $date => $count) { + $total += $count; + $raw_padded[$date] = $total; + } + $data = []; + foreach ($raw_padded as $date => $count) { + $data['data'][] = [ + 'Events' => (int)$count, + 'date' => $date + ]; + } + return $data; + } + + private function sortByCreationDate($a, $b) { + if ($a[0]['date'] > $b[0]['date']) { + return 1; + } else { + return -1; + } + return 0; + } +} diff --git a/app/Lib/Dashboard/LoginsWidget.php b/app/Lib/Dashboard/LoginsWidget.php new file mode 100644 index 000000000..cb17b8273 --- /dev/null +++ b/app/Lib/Dashboard/LoginsWidget.php @@ -0,0 +1,99 @@ + 'A list of filters by organisation meta information (sector, type, nationality, id, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed APIkeys. (-1 will list all) Default: -1', + 'days' => 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', + 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', + 'year' => 'Which contributed most this year? (boolean)', + ]; + public $description = 'Basic widget showing some server statistics in regards to MISP.'; + public $cacheLifetime = 10; + public $autoRefreshDelay = null; + private $User = null; + private $Log = null; + + + private function getDates($options) + { + if (!empty($options['days'])) { + $begin = date('Y-m-d H:i:s', strtotime(sprintf("-%s days", $options['days']))); + } else if (!empty($options['month'])) { + $begin = date('Y-m-d H:i:s', strtotime('first day of this month 00:00:00', time())); + } else if (!empty($options['previous_month'])) { + $begin = date('Y-m-d H:i:s', strtotime('first day of last month 00:00:00', time())); + $end = date('Y-m-d H:i:s', strtotime('last day of last month 23:59:59', time())); + } else if (!empty($options['year'])) { + $begin = date('Y-m-d', strtotime('first day of this year 00:00:00', time())); + } else { + $begin = date('Y-m-d H:i:s', strtotime('-7 days', time())); + } + $params = []; + if (!empty($end)) { + $params['Log.created <='] = $end; + } + if (!empty($begin)) { + $params['Log.created >='] = $begin; + } + return $params; + } + + public function handler($user, $options = array()) + { + $this->User = ClassRegistry::init('User'); + $this->Log = ClassRegistry::init('Log'); + $conditions = $this->getDates($options); + $conditions['Log.action'] = 'login'; + $this->Log->Behaviors->load('Containable'); + $this->Log->bindModel([ + 'belongsTo' => [ + 'User' + ] + ]); + $this->Log->virtualFields['count'] = 0; + $this->Log->virtualFields['email'] = ''; + $logs = $this->Log->find('all', [ + 'recursive' => -1, + 'conditions' => $conditions, + 'fields' => ['Log.user_id', 'COUNT(Log.id) AS Log__count', 'User.email AS Log__email'], + 'contain' => ['User'], + 'group' => ['Log.user_id'] + ]); + $counts = []; + $emails = []; + foreach ($logs as $log) { + $counts[$log['Log']['user_id']] = $log['Log']['count']; + $emails[$log['Log']['user_id']] = $log['Log']['email']; + } + $results = []; + arsort($counts); + $baseurl = empty(Configure::read('MISP.external_baseurl')) ? h(Configure::read('MISP.baseurl')) : Configure::read('MISP.external_baseurl'); + foreach ($counts as $user_id => $count) { + $results[] = [ + 'html_title' => sprintf( + '%s', + h($baseurl), + h($user_id), + h($emails[$user_id]) + ), + 'value' => $count + ]; + } + return $results; + } + + public function checkPermissions($user) + { + if (empty($user['Role']['perm_site_admin'])) { + return false; + } + return true; + } +} diff --git a/app/Lib/Dashboard/NewOrgsWidget.php b/app/Lib/Dashboard/NewOrgsWidget.php new file mode 100644 index 000000000..141b6adf8 --- /dev/null +++ b/app/Lib/Dashboard/NewOrgsWidget.php @@ -0,0 +1,171 @@ + 'Maximum number of joining organisations shown. (integer, defaults to 10 if not set)', + 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + 'days' => 'How many days back should the list go - for example, setting 7 will only show the organisations that were added in the past 7 days. (integer)', + 'month' => 'Which organisations have been added this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', + 'year' => 'Which organisations have been added this year? (boolean)', + 'local' => 'Should the list only show local organisations? (boolean or list of booleans, defaults to 1. To get both sets, use [0,1])', + 'fields' => 'Which fields should be displayed, by default all are selected. Pass a list with the following options: [id, uuid, name, sector, type, nationality, creation_date]' + ]; + private $validFilterKeys = [ + 'nationality', + 'sector', + 'type', + 'name', + 'uuid' + ]; + + public $placeholder = + '{ + "limit": 5, + "filter": { + "nationality": [ + "Hungary", + "Russia", + "North Korea" + ] + }, + "month": true +}'; + + private $Organisation = null; + + private function timeConditions($options) + { + $limit = empty($options['limit']) ? 10 : $options['limit']; + if (!empty($options['days'])) { + $condition = strtotime(sprintf("-%s days", $options['days'])); + $this->tableDescription = __('The %d newest organisations created in the past %d days', $limit, (int)$options['days']); + } else if (!empty($options['month'])) { + $condition = strtotime('first day of this month 00:00:00', time()); + $this->tableDescription = __('The %d newest organisations created during the current month', $limit); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of last month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); + $this->tableDescription = __('The %d newest organisations created during the previous month', $limit); + } else if (!empty($options['year'])) { + $condition = strtotime('first day of this year 00:00:00', time()); + $this->tableDescription = __('The %d newest organisations created during the current year', $limit); + } else { + $this->tableDescription = __('The %d newest organisations created', $limit); + return null; + } + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Organisation.date_created >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Organisation.date_created <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; + } + + public function handler($user, $options = array()) + { + $this->Organisation = ClassRegistry::init('Organisation'); + $field_options = [ + 'id' => [ + 'name' => '#', + 'url' => Configure::read('MISP.baseurl') . '/organisations/view', + 'element' => 'links', + 'data_path' => 'Organisation.id', + 'url_params_data_paths' => 'Organisation.id' + ], + 'date_created' => [ + 'name' => 'Creation date', + 'data_path' => 'Organisation.date_created' + ], + 'name' => [ + 'name' => 'Name', + 'data_path' => 'Organisation.name', + ], + 'uuid' => [ + 'name' => 'UUID', + 'data_path' => 'Organisation.uuid', + ], + 'sector' => [ + 'name' => 'Sector', + 'data_path' => 'Organisation.sector', + ], + 'nationality' => [ + 'name' => 'Nationality', + 'data_path' => 'Organisation.nationality', + ], + 'type' => [ + 'name' => 'Type', + 'data_path' => 'Organisation.type', + ] + ]; + $params = [ + 'conditions' => [ + 'AND' => ['Organisation.local' => !isset($options['local']) ? 1 : $options['local']] + ], + 'limit' => 10, + 'recursive' => -1 + ]; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $timeConditions = $this->timeConditions($options); + if ($timeConditions) { + $params['conditions']['AND'][] = ['Organisation.date_created >=' => $timeConditions]; + } + if (isset($options['fields'])) { + $fields = []; + foreach ($options['fields'] as $field) { + if (isset($field_options[$field])) { + $fields[$field] = $field_options[$field]; + } + } + } else { + $fields = $field_options; + } + $data = $this->Organisation->find('all', [ + 'recursive' => -1, + 'conditions' => $params['conditions'], + 'limit' => isset($options['limit']) ? (int)$options['limit'] : 10, + 'fields' => array_keys($fields), + 'order' => 'Organisation.date_created DESC' + ]); + + return [ + 'data' => $data, + 'fields' => $fields, + 'description' => $this->tableDescription + ]; + } +} diff --git a/app/Lib/Dashboard/NewUsersWidget.php b/app/Lib/Dashboard/NewUsersWidget.php new file mode 100644 index 000000000..5c66ff6e6 --- /dev/null +++ b/app/Lib/Dashboard/NewUsersWidget.php @@ -0,0 +1,187 @@ + 'Maximum number of joining users shown. (integer, defaults to 10 if not set)', + 'filter' => 'A list of filters for the organisations (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + 'days' => 'How many days back should the list go - for example, setting 7 will only show the organisations that were added in the past 7 days. (integer)', + 'month' => 'Which organisations have been added this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', + 'year' => 'Which organisations have been added this year? (boolean)', + 'fields' => 'Which fields should be displayed, by default all are selected. Pass a list with the following options: [id, email, Organisation.name, Role.name, date_created]' + ]; + private $validFilterKeys = [ + 'id', + 'email', + 'Organisation.name', + 'Role.name', + 'date_created' + ]; + + public $placeholder = + '{ + "limit": 10, + "filter": { + "Organisation.name": [ + "!FSB", + "!GRU", + "!Kaspersky" + ], + "email": [ + "!andras.iklody@circl.lu" + ], + "Role.name": [ + "Publisher", + "User" + ] + }, + "year": true +}'; + + private $User = null; + + private function timeConditions($options) + { + $limit = empty($options['limit']) ? 10 : $options['limit']; + if (!empty($options['days'])) { + $condition = strtotime(sprintf("-%s days", $options['days'])); + $this->tableDescription = __('The %d newest users created in the past %d days', $limit, (int)$options['days']); + } else if (!empty($options['month'])) { + $condition = strtotime('first day of this month 00:00:00', time()); + $this->tableDescription = __('The %d newest users created during the current month', $limit); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of last month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); + $this->tableDescription = __('The %d newest organisations created during the previous month', $limit); + } else if (!empty($options['year'])) { + $condition = strtotime('first day of this year 00:00:00', time()); + $this->tableDescription = __('The %d newest users created during the current year', $limit); + } else { + $this->tableDescription = __('The %d newest users created', $limit); + return null; + } + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Organisation.date_created >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Organisation.date_created <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; + } + + public function handler($user, $options = array()) + { + $this->User = ClassRegistry::init('User'); + $field_options = [ + 'id' => [ + 'name' => '#', + 'url' => empty($user['Role']['perm_site_admin']) ? null : Configure::read('MISP.baseurl') . '/admin/users/view', + 'element' => 'links', + 'data_path' => 'User.id', + 'url_params_data_paths' => 'User.id' + ], + 'date_created' => [ + 'name' => 'Creation date', + 'data_path' => 'User.date_created' + ], + 'email' => [ + 'name' => 'E-mail', + 'data_path' => 'User.email', + ], + 'Organisation.name' => [ + 'name' => 'Organisation', + 'data_path' => 'Organisation.name', + ], + 'Role.name' => [ + 'name' => 'Role', + 'data_path' => 'Role.name', + ] + ]; + $params = [ + 'conditions' => [], + 'limit' => 10, + 'recursive' => -1 + ]; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + $filterName = strpos($filterKey, '.') ? $filterKey : 'User.' . $filterKey; + if ($value[0] === '!') { + $tempConditionBucket[$filterName . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket[$filterName . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $timeConditions = $this->timeConditions($options); + if ($timeConditions) { + $params['conditions']['AND'][] = $timeConditions; + } + if (isset($options['fields'])) { + $fields = []; + foreach ($options['fields'] as $field) { + if (isset($field_options[$field])) { + $fields[$field] = $field_options[$field]; + } + } + } else { + $fields = $field_options; + } + + // redact e-mails for non site admins unless specifically allowed + if ( + empty($user['Role']['perm_site_admin']) && + !Configure::read('Security.disclose_user_emails') && + isset($fields['email']) + ) { + unset($fields['email']); + } + $data = $this->User->find('all', [ + 'recursive' => -1, + 'contain' => ['Organisation.name', 'Role.name'], + 'conditions' => $params['conditions'], + 'limit' => isset($options['limit']) ? $options['limit'] : 10, + 'fields' => array_keys($fields), + 'order' => 'User.date_created DESC' + ]); + + foreach ($data as &$u) { + if (empty($u['User']['date_created'])) { + continue; + } + $tempDate = new DateTime(); + $tempDate->setTimestamp($u['User']['date_created']); + $u['User']['date_created'] = $tempDate->format('Y-m-d H:i:s'); + } + + return [ + 'data' => $data, + 'fields' => $fields, + 'description' => $this->tableDescription + ]; + } +} diff --git a/app/Lib/Dashboard/OrgContributionToplistWidget.php b/app/Lib/Dashboard/OrgContributionToplistWidget.php new file mode 100644 index 000000000..da0e92619 --- /dev/null +++ b/app/Lib/Dashboard/OrgContributionToplistWidget.php @@ -0,0 +1,122 @@ + 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', + 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', + 'year' => 'Which contributed most this year? (boolean)', + 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed tags. Default: 10' + ]; + public $cacheLifetime = null; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'nationality', + 'sector', + 'type', + 'name', + 'uuid' + ]; + public $placeholder = +'{ + "days": "7d", + "threshold": 15, + "filter": { + "sector": "Financial" + } +}'; + private $Org = null; + private $Event = null; + + + private function timeConditions($options) + { + $limit = empty($options['limit']) ? 10 : $options['limit']; + if (!empty($options['days'])) { + $condition = strtotime(sprintf("-%s days", $options['days'])); + } else if (!empty($options['month'])) { + $condition = strtotime('first day of this month 00:00:00', time()); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of previous month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); + } else if (!empty($options['year'])) { + $condition = strtotime('first day of this year 00:00:00', time()); + } else { + return null; + } + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Event.timestamp >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Event.timestamp <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; + } + + + public function handler($user, $options = array()) + { + $params = ['conditions' => []]; + $timeConditions = $this->timeConditions($options); + if ($timeConditions) { + $params['conditions']['AND'][] = $timeConditions; + } + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + if (isset($options['filter']['local'])) { + $params['conditions']['AND']['local'] = $options['filter']['local']; + } + + $this->Org = ClassRegistry::init('Organisation'); + $org_ids = $this->Org->find('list', [ + 'fields' => ['Organisation.id', 'Organisation.name'], + 'conditions' => $params['conditions'] + ]); + $conditions = ['Event.orgc_id IN' => array_keys($org_ids)]; + $this->Event = ClassRegistry::init('Event'); + $this->Event->virtualFields['frequency'] = 0; + $orgs = $this->Event->find('all', [ + 'recursive' => -1, + 'fields' => ['orgc_id', 'count(Event.orgc_id) as Event__frequency'], + 'group' => ['orgc_id'], + 'conditions' => $conditions, + 'order' => 'count(Event.orgc_id) desc', + 'limit' => empty($options['limit']) ? 10 : $options['limit'] + ]); + $results = []; + foreach($orgs as $org) { + $results[$org_ids[$org['Event']['orgc_id']]] = $org['Event']['frequency']; + } + return ['data' => $results]; + } +} +?> diff --git a/app/Lib/Dashboard/OrgEventsWidget.php b/app/Lib/Dashboard/OrgEventsWidget.php new file mode 100644 index 000000000..cf74e9a88 --- /dev/null +++ b/app/Lib/Dashboard/OrgEventsWidget.php @@ -0,0 +1,121 @@ + 'A list of organisation names to filter out', + 'months' => 'Number of past months to consider for the graph', + 'logarithmic' => 'Visualize data on logarithmic scale' + ); + + public $placeholder = +'{ + "blocklist_orgs": ["Orgs to filter"], + "months": "6", + "logarithmic": "true" +}'; + + + + + + /* + * Target_month must be from 1 to 12 + * Target year must be 4 digits + */ + private function org_events_count($user, $org, $target_month, $target_year) { + $events_count = 0; + + $start_date = $target_year.'-'.$target_month.'-01'; + if($target_month == 12) { + $end_date = ($target_year+1).'-01-01'; + } else { + $end_date = $target_year.'-'.($target_month+1).'-01'; + } + $conditions = array('Event.orgc_id' => $org['Organisation']['id'], 'Event.date >=' => $start_date, 'Event.date <' => $end_date); + + //This is required to enforce the ACL (not pull directly from the DB) + $eventIds = $this->Event->fetchSimpleEventIds($user, array('conditions' => $conditions)); + + if(!empty($eventIds)) { + $params = array('Event.id' => $eventIds); + $events = $this->Event->find('all', array('conditions' => array('AND' => $params))); + foreach($events as $event) { + $events_count+= 1; + } + } + return $events_count; + } + + private function filter_ghost_orgs(&$data, $orgs){ + foreach ($data['data'] as &$item) { + foreach(array_keys($orgs) as $org_name) { + unset($item[$org_name]); + } + } + } + + public function handler($user, $options = array()) + { + $this->Log = ClassRegistry::init('Log'); + $this->Org = ClassRegistry::init('Organisation'); + $this->Event = ClassRegistry::init('Event'); + $orgs = $this->Org->find('all', array( 'conditions' => array('Organisation.local' => 1))); + $current_month = date('n'); + $current_year = date('Y'); + $limit = 6; // months + if(!empty($options['months'])) { + $limit = (int) ($options['months']); + } + $offset = 0; + $ghost_orgs = array(); // track orgs without any contribution + // We start by putting all orgs_id in there: + foreach($orgs as $org) { + // We check for blocklisted orgs + if(!empty($options['blocklist_orgs']) && in_array($org['Organisation']['name'], $options['blocklist_orgs'])) { + unset($orgs[$offset]); + } else { + $ghost_orgs[$org['Organisation']['name']] = true; + } + $offset++; + } + $data = array(); + $data['data'] = array(); + for ($i=0; $i < $limit; $i++) { + $target_month = $current_month - $i; + $target_year = $current_year; + if ($target_month < 1) { + $target_month += 12; + $target_year -= 1; + } + $item = array(); + $item ['date'] = $target_year.'-'.$target_month.'-01'; + foreach($orgs as $org) { + $count = $this->org_events_count($user, $org, $target_month, $target_year); + if($options['logarithmic'] === "true" || $options['logarithmic'] === "1") { + $item[$org['Organisation']['name']] = (int) round(log($count, 1.1)); // taking the logarithmic view + } else if(empty($options['logarithmic']) || $options['logarithmic'] === "true" || $options['logarithmic'] === "1"){ + $item[$org['Organisation']['name']] = $count; + } + // if a positive score is detected at least once it's enough to be + // considered for the graph + if($count > 0) { + unset($ghost_orgs[$org['Organisation']['name']]); + } + } + $data['data'][] = $item; + } + $this->filter_ghost_orgs($data, $ghost_orgs); + return $data; + } +} diff --git a/app/Lib/Dashboard/OrgEvolutionLineWidget.php b/app/Lib/Dashboard/OrgEvolutionLineWidget.php new file mode 100644 index 000000000..bdc78a4e8 --- /dev/null +++ b/app/Lib/Dashboard/OrgEvolutionLineWidget.php @@ -0,0 +1,126 @@ + 'A list of filters by organisation meta information (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + 'start_date' => 'Start date, expressed in Y-m-d format (e.g. 2012-10-01)', + 'local' => 'Should the list only show local organisations? (boolean or list of booleans, defaults to 1. To get both sets, use [0,1])' + ]; + private $validFilterKeys = [ + 'nationality', + 'sector', + 'type', + 'name', + 'uuid' + ]; + + public $placeholder = + '{ + "filter": { + "sector": "financial" + }, + "start_date": "2017-01", +}'; + + private $Organisation = null; + + private function timeConditions($options) + { + if (!empty($options['start_date'])) { + $condition = strtotime($options['start_date']); + } else { + $condition = strtotime('2012-10-01'); + } + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + return $datetime->format('Y-m-d H:i:s'); + } + + public function handler($user, $options = array()) + { + $this->Organisation = ClassRegistry::init('Organisation'); + $params = [ + 'conditions' => [ + 'AND' => ['Organisation.local' => !isset($options['local']) ? 1 : $options['local']] + ], + 'limit' => 10, + 'recursive' => -1 + ]; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $timeConditions = $this->timeConditions($options); + if ($timeConditions) { + $params['conditions']['AND'][] = ['Organisation.date_created >=' => $timeConditions]; + } + $raw = $this->Organisation->find('all', [ + 'recursive' => -1, + 'conditions' => $params['conditions'], + 'fields' => ['DATE_FORMAT(date_created, "%Y-%m") AS date', 'count(id) AS count'], + 'group' => 'MONTH(date_created), YEAR(date_created)' + + ]); + usort($raw, [$this, 'sortByCreationDate']); + $raw_padded = []; + $total = 0; + $default_start_date = empty($raw) ? '2012-10-01' : ($raw[0][0]['date'] . '-01'); + $start = new DateTime(empty($options['start_date']) ? $default_start_date : $options['start_date']); + $end = new DateTime(date('Y-m') . '-01'); + $interval = DateInterval::createFromDateString('1 month'); + $period = new DatePeriod($start, $interval, $end); + foreach ($period as $dt) { + $raw_padded[$dt->format('Y-m') . '-01'] = 0; + } + foreach ($raw as $datapoint) { + $raw_padded[$datapoint[0]['date'] . '-01'] = (int)$datapoint[0]['count']; + } + $total = 0; + foreach ($raw_padded as $date => $count) { + $total += $count; + $raw_padded[$date] = $total; + } + $data = []; + foreach ($raw_padded as $date => $count) { + $data['data'][] = [ + 'Organisations' => (int)$count, + 'date' => $date + ]; + } + return $data; + } + + private function sortByCreationDate($a, $b) { + if ($a[0]['date'] > $b[0]['date']) { + return 1; + } else { + return -1; + } + return 0; + } +} diff --git a/app/Lib/Dashboard/OrganisationListWidget.php b/app/Lib/Dashboard/OrganisationListWidget.php new file mode 100644 index 000000000..db988b5a0 --- /dev/null +++ b/app/Lib/Dashboard/OrganisationListWidget.php @@ -0,0 +1,81 @@ + 'A list of filters by organisation meta information (sector, type, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed tags. Default: 10' + ]; + public $cacheLifetime = null; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'sector', + 'type', + 'local' + ]; + public $placeholder = +'{ + "filter": { + "type": "Member", + "local": [0,1] + } +}'; + private $Organisation = null; + + public $countryCodes = []; + + public function handler($user, $options = array()) + { + App::uses('WidgetToolkit', 'Lib/Dashboard/Tools'); + $WidgetToolkit = new WidgetToolkit(); + $this->countryCodes = $WidgetToolkit->getCountryCodeMapping(); + $params = [ + 'conditions' => [ + 'Nationality !=' => '' + ] + ]; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $this->Organisation = ClassRegistry::init('Organisation'); + $orgs = $this->Organisation->find('all', [ + 'recursive' => -1, + 'fields' => ['Organisation.nationality', 'COUNT(Organisation.nationality) AS frequency'], + 'conditions' => $params['conditions'], + 'group' => ['Organisation.nationality'] + ]); + $results = []; + foreach($orgs as $org) { + $country = $org['Organisation']['nationality']; + $count = $org['0']['frequency']; + if (isset($this->countryCodes[$country])) { + $countryCode = $this->countryCodes[$country]; + $results[$countryCode] = $count; + } + } + arsort($results); + return ['data' => $results]; + } +} +?> diff --git a/app/Lib/Dashboard/OrganisationMapWidget.php b/app/Lib/Dashboard/OrganisationMapWidget.php new file mode 100644 index 000000000..4929ac013 --- /dev/null +++ b/app/Lib/Dashboard/OrganisationMapWidget.php @@ -0,0 +1,80 @@ + 'A list of filters by organisation meta information (sector, type, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed tags. Default: 10' + ]; + public $cacheLifetime = null; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'sector', + 'type', + 'local' + ]; + public $placeholder = +'{ + "filter": { + "type": "Member", + "local": [0,1] + } +}'; + private $Organisation = null; + + public $countryCodes = []; + + public function handler($user, $options = array()) + { + App::uses('WidgetToolkit', 'Lib/Dashboard/Tools'); + $WidgetToolkit = new WidgetToolkit(); + $this->countryCodes = $WidgetToolkit->getCountryCodeMapping(); + $params = [ + 'conditions' => [ + 'Nationality !=' => '' + ] + ]; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $this->Organisation = ClassRegistry::init('Organisation'); + $orgs = $this->Organisation->find('all', [ + 'recursive' => -1, + 'fields' => ['Organisation.nationality', 'COUNT(Organisation.nationality) AS frequency'], + 'conditions' => $params['conditions'], + 'group' => ['Organisation.nationality'] + ]); + $results = ['data' => [], 'scope' => 'Organisations']; + foreach($orgs as $org) { + $country = $org['Organisation']['nationality']; + $count = $org['0']['frequency']; + if (isset($this->countryCodes[$country])) { + $countryCode = $this->countryCodes[$country]; + $results['data'][$countryCode] = $count; + } + } + return $results; + } +} +?> diff --git a/app/Lib/Dashboard/RecentSightingsWidget.php b/app/Lib/Dashboard/RecentSightingsWidget.php index 7a34a6c6d..eeb64ab53 100644 --- a/app/Lib/Dashboard/RecentSightingsWidget.php +++ b/app/Lib/Dashboard/RecentSightingsWidget.php @@ -35,21 +35,21 @@ class RecentSightingsWidget $data = array(); $count = 0; - foreach (JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())->{'response'} as $el) { - $sighting = $el->{'Sighting'}; - $event = $sighting->{'Event'}; - $attribute = $sighting->{'Attribute'}; + foreach (JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())['response'] as $el) { + $sighting = $el['Sighting']; + $event = $sighting['Event']; + $attribute = $sighting['Attribute']; - if ($sighting->{'type'} == 0) $type = "Sighting"; - elseif ($sighting->{'type'} == 1) $type = "False positive"; + if ($sighting['type'] == 0) $type = "Sighting"; + elseif ($sighting['type'] == 1) $type = "False positive"; else $type = "Expiration"; - $output = $attribute->{'value'} . " (id: " . $attribute->{'id'} . ") in " . $event->{'info'} . " (id: " . $event->{'id'} . ")"; + $output = $attribute['value'] . " (id: " . $attribute['id'] . ") in " . $event['info'] . " (id: " . $event['id'] . ")"; $data[] = array( 'title' => $type, 'value' => $output, 'html' => sprintf( ' (Event %s)', - Configure::read('MISP.baseurl') . '/events/view/', $event->{'id'}, - $event->{'id'} + Configure::read('MISP.baseurl') . '/events/view/', $event['id'], + $event['id'] ) ); ++$count; diff --git a/app/Lib/Dashboard/Tools/WidgetToolkit.php b/app/Lib/Dashboard/Tools/WidgetToolkit.php new file mode 100644 index 000000000..1da149e94 --- /dev/null +++ b/app/Lib/Dashboard/Tools/WidgetToolkit.php @@ -0,0 +1,189 @@ + 'AF', + 'Albania' => 'AL', + 'Algeria' => 'DZ', + 'Angola' => 'AO', + 'Argentina' => 'AR', + 'Armenia' => 'AM', + 'Australia' => 'AU', + 'Austria' => 'AT', + 'Azerbaijan' => 'AZ', + 'Bahamas' => 'BS', + 'Bangladesh' => 'BD', + 'Belarus' => 'BY', + 'Belgium' => 'BE', + 'Belize' => 'BZ', + 'Benin' => 'BJ', + 'Bhutan' => 'BT', + 'Bolivia' => 'BO', + 'Bosnia and Herz.' => 'BA', + 'Botswana' => 'BW', + 'Brazil' => 'BR', + 'Brunei' => 'BN', + 'Bulgaria' => 'BG', + 'Burkina Faso' => 'BF', + 'Burundi' => 'BI', + 'Cambodia' => 'KH', + 'Cameroon' => 'CM', + 'Canada' => 'CA', + 'Central African Rep.' => 'CF', + 'Chad' => 'TD', + 'Chile' => 'CL', + 'China' => 'CN', + 'Colombia' => 'CO', + 'Congo' => 'CG', + 'Costa Rica' => 'CR', + 'Croatia' => 'HR', + 'Cuba' => 'CU', + 'Cyprus' => 'CY', + 'Czech Rep.' => 'CZ', + 'Czech Republic' => 'CZ', + 'Côte d\'Ivoire' => 'CI', + 'Dem. Rep. Congo' => 'CD', + 'Dem. Rep. Korea' => 'KP', + 'Denmark' => 'DK', + 'Djibouti' => 'DJ', + 'Dominican Rep.' => 'DO', + 'Ecuador' => 'EC', + 'Egypt' => 'EG', + 'El Salvador' => 'SV', + 'Eq. Guinea' => 'GQ', + 'Eritrea' => 'ER', + 'Estonia' => 'EE', + 'Ethiopia' => 'ET', + 'Falkland Is.' => 'FK', + 'Fiji' => 'FJ', + 'Finland' => 'FI', + 'Fr. S. Antarctic Lands' => 'TF', + 'France' => 'FR', + 'Gabon' => 'GA', + 'Gambia' => 'GM', + 'Georgia' => 'GE', + 'Germany' => 'DE', + 'Ghana' => 'GH', + 'Greece' => 'GR', + 'Greenland' => 'GL', + 'Guatemala' => 'GT', + 'Guinea' => 'GN', + 'Guinea-Bissau' => 'GW', + 'Guyana' => 'GY', + 'Haiti' => 'HT', + 'Honduras' => 'HN', + 'Hungary' => 'HU', + 'Iceland' => 'IS', + 'India' => 'IN', + 'Indonesia' => 'ID', + 'Iran' => 'IR', + 'Iraq' => 'IQ', + 'Ireland' => 'IE', + 'Ireland {Republic}' => 'IE', + 'Israel' => 'IL', + 'Italy' => 'IT', + 'Jamaica' => 'JM', + 'Japan' => 'JP', + 'Jordan' => 'JO', + 'Kazakhstan' => 'KZ', + 'Kenya' => 'KE', + 'Korea' => 'KR', + 'Kuwait' => 'KW', + 'Kyrgyzstan' => 'KG', + 'Lao PDR' => 'LA', + 'Latvia' => 'LV', + 'Lebanon' => 'LB', + 'Lesotho' => 'LS', + 'Liberia' => 'LR', + 'Libya' => 'LY', + 'Lithuania' => 'LT', + 'Luxembourg' => 'LU', + 'Macedonia' => 'MK', + 'Madagascar' => 'MG', + 'Mainland China' => 'CN', + 'Malawi' => 'MW', + 'Malaysia' => 'MY', + 'Mali' => 'ML', + 'Malta' => 'MT', + 'Mauritania' => 'MR', + 'Mexico' => 'MX', + 'Moldova' => 'MD', + 'Mongolia' => 'MN', + 'Montenegro' => 'ME', + 'Morocco' => 'MA', + 'Mozamb' => 'MZ', + 'Myanmar' => 'MM', + 'Namibia' => 'NA', + 'Nepal' => 'NP', + 'Netherlands' => 'NL', + 'New Caledonia' => 'NC', + 'New Zealand' => 'NZ', + 'Nicaragua' => 'NI', + 'Niger' => 'NE', + 'Nigeria' => 'NG', + 'Norway' => 'NO', + 'Oman' => 'OM', + 'Pakistan' => 'PK', + 'Palestine' => 'PS', + 'Panama' => 'PA', + 'Papua New Guinea' => 'PG', + 'Paraguay' => 'PY', + 'Peru' => 'PE', + 'Philippines' => 'PH', + 'Poland' => 'PL', + 'Portugal' => 'PT', + 'Puerto Rico' => 'PR', + 'Qatar' => 'QA', + 'Romania' => 'RO', + 'Russia' => 'RU', + 'Russian Federation' => 'RU', + 'Rwanda' => 'RW', + 'S. Sudan' => 'SS', + 'Saudi Arabia' => 'SA', + 'Senegal' => 'SN', + 'Serbia' => 'RS', + 'Sierra Leone' => 'SL', + 'Slovakia' => 'SK', + 'Slovenia' => 'SI', + 'Solomon Is.' => 'SB', + 'Somalia' => 'SO', + 'South Africa' => 'ZA', + 'Spain' => 'ES', + 'Sri Lanka' => 'LK', + 'Sudan' => 'SD', + 'Suriname' => 'SR', + 'Swaziland' => 'SZ', + 'Sweden' => 'SE', + 'Switzerland' => 'CH', + 'Syria' => 'SY', + 'Taiwan' => 'TW', + 'Tajikistan' => 'TJ', + 'Tanzania' => 'TZ', + 'Thailand' => 'TH', + 'Timor-Leste' => 'TL', + 'Togo' => 'TG', + 'Trinidad and Tobago' => 'TT', + 'Tunisia' => 'TN', + 'Turkey' => 'TR', + 'Turkmenistan' => 'TM', + 'Uganda' => 'UG', + 'Ukraine' => 'UA', + 'United Arab Emirates' => 'AE', + 'United Kingdom' => 'GB', + 'United States' => 'US', + 'Uruguay' => 'UY', + 'Uzbekistan' => 'UZ', + 'Vanuatu' => 'VU', + 'Venezuela' => 'VE', + 'Vietnam' => 'VN', + 'W. Sahara' => 'EH', + 'Yemen' => 'YE', + 'Zambia' => 'ZM', + 'Zimbabwe' => 'ZW' + ]; + } +} \ No newline at end of file diff --git a/app/Lib/Dashboard/TrendingAttributesWidget.php b/app/Lib/Dashboard/TrendingAttributesWidget.php new file mode 100644 index 000000000..957b6d7cc --- /dev/null +++ b/app/Lib/Dashboard/TrendingAttributesWidget.php @@ -0,0 +1,137 @@ + 'The time window, going back in seconds, that should be included. (allows for filtering by days - example: 5d. -1 Will fetch all historic data)', + 'exclude' => 'List of values to exclude - for example "8.8.8.8".', + 'threshold' => 'Limits the number of displayed attribute values. Default: 10', + 'type' => 'List of Attribute types to include', + 'category' => 'List of Attribute categories to exclude', + 'to_ids' => 'A list of to_ids settings accepted for the data displayed ([0], [1], [0,1])', + 'org_filter' => 'List of organisation filters to exclude events by, based on organisation meta-data (Organisation.sector, Organisation.type, Organisation.nationality). Pre-pending a value with a "!" negates it.' + ); + private $validOrgFilters = [ + 'sector', + 'type', + 'national', + 'uuid', + 'local' + ]; + public $placeholder = + '{ + "time_window": "7d", + "threshold": 15, + "org_filter": { + "sector": ["Financial"] + } +}'; + public $description = 'Widget showing the trending tags over the past x seconds, along with the possibility to include/exclude tags.'; + public $cacheLifetime = 3; + + private function getOrgList($options) + { + $organisationModel = ClassRegistry::init('Organisation'); + if (!empty($options['org_filter']) && is_array($options['org_filter'])) { + foreach ($this->validOrgFilters as $filterKey) { + if (isset($options['org_filter'][$filterKey])) { + if ($filterKey === 'local') { + $tempConditionBucket['Organisation.local'] = $options['org_filter']['local']; + } else { + if (!is_array($options['org_filter'][$filterKey])) { + $options['org_filter'][$filterKey] = [$options['org_filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['org_filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + } + if (!empty($tempConditionBucket)) { + $orgConditions[] = $tempConditionBucket; + } + } + } + return $organisationModel->find('column', [ + 'recursive' => -1, + 'conditions' => $orgConditions, + 'fields' => ['Organisation.id'] + ]); + } + } + + public function handler($user, $options = array()) + { + /** @var Event $eventModel */ + $attributeModel = ClassRegistry::init('Attribute'); + $threshold = empty($options['threshold']) ? 10 : $options['threshold']; + if (is_string($options['time_window']) && substr($options['time_window'], -1) === 'd') { + $time_window = ((int)substr($options['time_window'], 0, -1)) * 24 * 60 * 60; + } else { + $time_window = empty($options['time_window']) ? (7 * 24 * 60 * 60) : (int)$options['time_window']; + } + $conditions = $time_window === -1 ? [] : ['Attribute.timestamp >=' => time() - $time_window]; + $conditions['Attribute.deleted'] = 0; + $conditionsToParse = ['type', 'category', 'to_ids']; + foreach ($conditionsToParse as $parsedCondition) { + if (!empty($options[$parsedCondition])) { + $conditions['Attribute.' . $parsedCondition] = $options[$parsedCondition]; + } + } + if (!empty($options['exclude'])) { + $conditions['Attribute.value1 NOT IN'] = $options['exclude']; + } + if (!empty($options['org_filter'])) { + $conditions['Event.orgc_id IN'] = $this->getOrgList($options); + if (empty($conditions['Event.orgc_id IN'])) { + $conditions['Event.orgc_id IN'] = [-1]; + } + } + $attributeModel->virtualFields['frequency'] = 0; + if (!empty($user['Role']['perm_site_admin'])) { + $values = $attributeModel->find('all', [ + 'recursive' => -1, + 'fields' => ['Attribute.value1', 'count(Attribute.value1) as Attribute__frequency'], + 'group' => ['Attribute.value1'], + 'conditions' => $conditions, + 'contain' => ['Event.orgc_id'], + 'order' => 'count(Attribute.value1) desc', + 'limit' => empty($options['threshold']) ? 10 : $options['threshold'] + ]); + } else { + $conditions['AND'][] = [ + 'OR' => [ + 'Event.orgc_id' => $user['org_id'], + + ] + ]; + $values = $attributeModel->find('all', [ + 'recursive' => -1, + 'fields' => ['Attribute.value1', 'count(Attribute.value1) as Attribute__frequency', 'Attribute.distribution', 'Attribute.sharing_group_id'], + 'group' => 'Attribute.value1', + 'contain' => [ + 'Event.org_id', + 'Event.distribution', + 'Event.sharing_group_id', + 'Object.distribution', + 'Object.sharing_group_id' + ], + 'conditions' => $conditions, + 'order' => 'count(Attribute.value1) desc', + 'limit' => empty($options['threshold']) ? 10 : $options['threshold'] + ]); + } + $data = []; + foreach ($values as $value) { + $data[$value['Attribute']['value1']] = $value['Attribute']['frequency']; + } + return ['data' => $data]; + } +} diff --git a/app/Lib/Dashboard/TrendingTagsWidget.php b/app/Lib/Dashboard/TrendingTagsWidget.php index b9bdc9b7f..b9d61ce41 100644 --- a/app/Lib/Dashboard/TrendingTagsWidget.php +++ b/app/Lib/Dashboard/TrendingTagsWidget.php @@ -7,56 +7,115 @@ class TrendingTagsWidget public $width = 3; public $height = 4; public $params = array( - 'time_window' => 'The time window, going back in seconds, that should be included.', + 'time_window' => 'The time window, going back in seconds, that should be included. (allows for filtering by days - example: 5d. -1 Will fetch all historic data)', 'exclude' => 'List of substrings to exclude tags by - for example "sofacy" would exclude any tag containing sofacy.', 'include' => 'List of substrings to include tags by - for example "sofacy" would include any tag containing sofacy.', - 'threshold' => 'Limits the number of displayed tags. Default: 10' + 'threshold' => 'Limits the number of displayed tags. Default: 10', + 'filter_event_tags' => 'Filters to be applied on event tags', + 'over_time' => 'Toggle the trending to be over time', ); public $placeholder = -'{ - "time_window": "86400", + '{ + "time_window": "7d", "threshold": 15, "exclude": ["tlp:", "pap:"], - "include": ["misp-galaxy:", "my-internal-taxonomy"] + "include": ["misp-galaxy:", "my-internal-taxonomy"], + "filter_event_tags": ["misp-galaxy:threat-actor="APT 29"], }'; public $description = 'Widget showing the trending tags over the past x seconds, along with the possibility to include/exclude tags.'; - public $cacheLifetime = 600; + public $cacheLifetime = 3; public function handler($user, $options = array()) { /** @var Event $eventModel */ $eventModel = ClassRegistry::init('Event'); $threshold = empty($options['threshold']) ? 10 : $options['threshold']; - $params = [ - 'timestamp' => time() - (empty($options['time_window']) ? 8640000 : $options['time_window']), - ]; + if (is_string($options['time_window']) && substr($options['time_window'], -1) === 'd') { + $time_window = ((int)substr($options['time_window'], 0, -1)) * 24 * 60 * 60; + } else { + $time_window = empty($options['time_window']) ? (7 * 24 * 60 * 60) : (int)$options['time_window']; + } + $params = $time_window === -1 ? [] : ['timestamp' => time() - $time_window]; + + if (!empty($options['filter_event_tags'])) { + $params['event_tags'] = $options['filter_event_tags']; + } $eventIds = $eventModel->filterEventIds($user, $params); - $tags = []; $tagColours = []; - if (!empty($eventIds)) { - $eventTags = $eventModel->EventTag->find('all', [ - 'conditions' => ['EventTag.event_id' => $eventIds], - 'contain' => ['Tag' => ['fields' => ['name', 'colour']]], - 'recursive' => -1, - 'fields' => ['id'], - ]); + $allTags = []; + $this->render = $this->getRenderer($options); + if (!empty($options['over_time'])) { - foreach ($eventTags as $eventTag) { - $tagName = $eventTag['Tag']['name']; - if (isset($tags[$tagName])) { - $tags[$tagName]++; - } else if ($this->checkTag($options, $tagName)) { - $tags[$tagName] = 1; - $tagColours[$tagName] = $eventTag['Tag']['colour']; + $tagOvertime = []; + if (!empty($eventIds)) { + $events = $eventModel->fetchEvent($user, [ + 'eventid' => $eventIds, + 'order' => 'Event.timestamp', + 'metadata' => 1 + ]); + + foreach ($events as $event) { + $timestamp = $event['Event']['timestamp']; + $timestamp = strftime('%Y-%m-%d', $timestamp); + foreach ($event['EventTag'] as $tag) { + $tagName = $tag['Tag']['name']; + if (isset($tagOvertime[$timestamp][$tagName])) { + $tagOvertime[$timestamp][$tagName]++; + } else if ($this->checkTag($options, $tagName)) { + $tagOvertime[$timestamp][$tagName] = 1; + $tagColours[$tagName] = $tag['Tag']['colour']; + $allTags[$tagName] = $tagName; + } + } } } - arsort($tags); + $data = []; + $data['data'] = []; + foreach($tagOvertime as $date => $tagCount) { + $item = []; + $item['date'] = $date; + foreach ($allTags as $tagName) { + if (!empty($tagCount[$tagName])) { + $item[$tagName] = $tagCount[$tagName]; + } else { + $item[$tagName] = 0; + } + } + $data['data'][] = $item; + } + uasort($data['data'], function ($a, $b) { + return ($a['date'] < $b['date']) ? -1 : 1; + }); + $data['data'] = array_values($data['data']); + return $data; + } else { + $tags = []; + if (!empty($eventIds)) { + $eventTags = $eventModel->EventTag->find('all', [ + 'conditions' => ['EventTag.event_id' => $eventIds], + 'contain' => ['Tag' => ['fields' => ['name', 'colour']]], + 'recursive' => -1, + 'fields' => ['id'], + ]); + + foreach ($eventTags as $eventTag) { + $tagName = $eventTag['Tag']['name']; + if (isset($tags[$tagName])) { + $tags[$tagName]++; + } else if ($this->checkTag($options, $tagName)) { + $tags[$tagName] = 1; + $tagColours[$tagName] = $eventTag['Tag']['colour']; + } + } + + arsort($tags); + $data['data'] = array_slice($tags, 0, $threshold); + $data['colours'] = $tagColours; + } + } - - $data['data'] = array_slice($tags, 0, $threshold); - $data['colours'] = $tagColours; return $data; } @@ -80,4 +139,9 @@ class TrendingTagsWidget return true; } } + + public function getRenderer(array $options) + { + return !empty($options['over_time']) ? 'MultiLineChart' : 'BarChart'; + } } diff --git a/app/Lib/Dashboard/TresholdSightingsWidget.php b/app/Lib/Dashboard/TresholdSightingsWidget.php index 95fdf969a..d74dafeb4 100644 --- a/app/Lib/Dashboard/TresholdSightingsWidget.php +++ b/app/Lib/Dashboard/TresholdSightingsWidget.php @@ -31,21 +31,21 @@ class TresholdSightingsWidget $data = array(); $sightings_score = array(); - $restSearch = JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())->{'response'}; + $restSearch = JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())['response']; foreach ($restSearch as $el) { - $sighting = $el->{'Sighting'}; - $attribute = $sighting->{'Attribute'}; - $event = $sighting->{'Event'}; + $sighting = $el['Sighting']; + $attribute = $sighting['Attribute']; + $event = $sighting['Event']; - if (!array_key_exists($attribute->{'id'}, $sightings_score)) $sightings_score[$attribute->{'id'}] = array( 'value' => $attribute->{'value'}, + if (!array_key_exists($attribute['id'], $sightings_score)) $sightings_score[$attribute['id']] = array( 'value' => $attribute['value'], 'score' => 0, - 'event_title' => $event->{'info'}, - 'event_id' => $event->{'id'}); + 'event_title' => $event['info'], + 'event_id' => $event['id']); # Sighting - if ($sighting->{'type'} == 0) $sightings_score[$attribute->{'id'}]['score'] = $sightings_score[$attribute->{'id'}]['score'] - 1; + if ($sighting['type'] == 0) $sightings_score[$attribute['id']]['score'] = $sightings_score[$attribute['id']]['score'] - 1; # False Positive - elseif ($sighting->{'type'} == 1) $sightings_score[$attribute->{'id'}]['score'] = $sightings_score[$attribute->{'id'}]['score'] + 1; + elseif ($sighting['type'] == 1) $sightings_score[$attribute['id']]['score'] = $sightings_score[$attribute['id']]['score'] + 1; } foreach ($sightings_score as $attribute_id => $s) { diff --git a/app/Lib/Dashboard/UsageDataWidget.php b/app/Lib/Dashboard/UsageDataWidget.php index caebbae05..4741722ad 100644 --- a/app/Lib/Dashboard/UsageDataWidget.php +++ b/app/Lib/Dashboard/UsageDataWidget.php @@ -5,40 +5,87 @@ class UsageDataWidget public $render = 'SimpleList'; public $width = 2; public $height = 5; - public $params = array(); public $description = 'Shows usage data / statistics.'; public $cacheLifetime = false; - public $autoRefreshDelay = 3; + public $autoRefreshDelay = false; + public $params = [ + 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', + ]; + private $User = null; + private $Event = null; + private $Correlation = null; + private $Thread = null; + private $AuthKey = null; + private $redis = null; + + private $validFilterKeys = [ + 'nationality', + 'sector', + 'type', + 'name', + 'uuid' + ]; - public function handler($user, $options = array()){ + private $validFields = [ + 'Events', + 'Attributes', + 'Attributes / event', + 'Correlations', + 'Active proposals', + 'Users', + 'Users with PGP keys', + 'Organisations', + 'Local organisations', + 'Event creator orgs', + 'Average users / org', + 'Discussion threads', + 'Discussion posts' + ]; + + public function handler($user, $options = array()) { $this->User = ClassRegistry::init('User'); - - $orgsCount = $this->User->Organisation->find('count'); - $localOrgsParams['conditions']['Organisation.local'] = 1; - $localOrgsCount = $this->User->Organisation->find('count', $localOrgsParams); - - $thisMonth = strtotime('first day of this month'); + $this->redis = $this->User->setupRedis(); + if (!$this->redis) { + throw new NotFoundException(__('No redis connection found.')); + } $this->Event = ClassRegistry::init('Event'); - $eventsCount = $this->Event->find('count', array('recursive' => -1)); - $eventsCountMonth = $this->Event->find('count', array('conditions' => array('Event.timestamp >' => $thisMonth), 'recursive' => -1)); - - $this->Attribute = ClassRegistry::init('Attribute'); - $attributesCount = $this->Attribute->find('count', array('conditions' => array('Attribute.deleted' => 0), 'recursive' => -1)); - $attributesCountMonth = $this->Attribute->find('count', array('conditions' => array('Attribute.timestamp >' => $thisMonth, 'Attribute.deleted' => 0), 'recursive' => -1)); - $attributesPerEvent = round($attributesCount / $eventsCount); - - $this->Correlation = ClassRegistry::init('Correlation'); - $correlationsCount = $this->Correlation->find('count', array('recursive' => -1)) / 2; - - $proposalsCount = $this->Event->ShadowAttribute->find('count', array('recursive' => -1, 'conditions' => array('deleted' => 0))); - - $usersCount = $this->User->find('count', array('recursive' => -1)); - $usersCountPgp = $this->User->find('count', array('recursive' => -1, 'conditions' => array('User.gpgkey !=' => ''))); - $usersCountPgpPercentage = round(100* ($usersCountPgp / $usersCount), 1); - $contributingOrgsCount = $this->Event->find('count', array('recursive' => -1, 'group' => array('Event.orgc_id'))); - $averageUsersPerOrg = round($usersCount / $localOrgsCount, 1); - $this->Thread = ClassRegistry::init('Thread'); + $this->Correlation = ClassRegistry::init('Correlation'); + $thisMonth = strtotime('first day of this month'); + $orgConditions = []; + $orgIdList = null; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $orgConditions[] = $tempConditionBucket; + } + } + } + $orgIdList = $this->User->Organisation->find('column', [ + 'recursive' => -1, + 'conditions' => $orgConditions, + 'fields' => ['Organisation.id'] + ]); + } + $eventsCount = $this->getEventsCount($orgConditions, $orgIdList, $thisMonth); + $attributesCount = $this->getAttributesCount($orgConditions, $orgIdList, $thisMonth); + $usersCount = $this->getUsersCount($orgConditions, $orgIdList, $thisMonth); + $usersCountPgp = $this->getUsersCountPgp($orgConditions, $orgIdList, $thisMonth); + $localOrgsCount = $this->getLocalOrgsCount($orgConditions, $orgIdList, $thisMonth); + + $threadCount = $this->Thread->find('count', array('conditions' => array('Thread.post_count >' => 0), 'recursive' => -1)); $threadCountMonth = $this->Thread->find('count', array('conditions' => array('Thread.date_created >' => date("Y-m-d H:i:s", $thisMonth), 'Thread.post_count >' => 0), 'recursive' => -1)); @@ -47,21 +94,69 @@ class UsageDataWidget //Monhtly data is not added to the widget at the moment, could optionally add these later and give user choice? - $statistics = array( - array('title' => 'Events', 'value' => $eventsCount), - array('title' => 'Attributes', 'value' => $attributesCount), - array('title' => 'Attributes / event', 'value' => $attributesPerEvent), - array('title' => 'Correlations', 'value' => $correlationsCount), - array('title' => 'Active proposals', 'value' => $proposalsCount), - array('title' => 'Users', 'value' => $usersCount), - array('title' => 'Users with PGP keys', 'value' => $usersCountPgp . ' (' . $usersCountPgpPercentage . '%)'), - array('title' => 'Organisations', 'value' => $orgsCount), - array('title' => 'Local organisations', 'value' => $localOrgsCount), - array('title' => 'Event creator orgs', 'value' => $contributingOrgsCount), - array('title' => 'Average users / org', 'value' => $averageUsersPerOrg), - array('title' => 'Discussions threads', 'value' => $threadCount), - array('title' => 'Discussion posts', 'value' => $postCount) - ); + $statistics = [ + 'Events' => [ + 'title' => 'Events', + 'value' => $eventsCount, + 'change' => $this->getEventsCountMonth($orgConditions, $orgIdList, $thisMonth) + ], + 'Attributes' => [ + 'title' => 'Attributes', + 'value' => $attributesCount, + 'change' => $this->getAttributesCountMonth($orgConditions, $orgIdList, $thisMonth) + ], + 'Attributes / event' => [ + 'title' => 'Attributes / event', + 'value' => $eventsCount ? round($attributesCount / $eventsCount) : 0 + ], + 'Correlations' => [ + 'title' => 'Correlations', + 'value' => $this->getCorrelationsCount($orgConditions, $orgIdList, $thisMonth) + ], + 'Active proposals' => [ + 'title' => 'Active proposals', + 'value' => $this->getProposalsCount($orgConditions, $orgIdList, $thisMonth) + ], + 'Users' => [ + 'title' => 'Users', + 'value' => $usersCount, + 'change' => $this->getUsersCountMonth($orgConditions, $orgIdList, $thisMonth) + ], + 'Users with PGP keys' => [ + 'title' => 'Users with PGP keys', + 'value' => sprintf( + '%s (%s %%)', + $usersCountPgp, + $usersCount ? round(100* ($usersCountPgp / $usersCount), 1) : 0 + ) + ], + 'Organisations' => [ + 'title' => 'Organisations', + 'value' => $this->getOrgsCount($orgConditions, $orgIdList, $thisMonth), + 'change' => $this->getOrgsCountMonth($orgConditions, $orgIdList, $thisMonth) + ], + 'Local organisations' => [ + 'title' => 'Local organisations', + 'value' => $localOrgsCount, + 'change' => $this->getLocalOrgsCountMonth($orgConditions, $orgIdList, $thisMonth) + ], + 'Event creator orgs' => [ + 'title' => 'Event creator orgs', 'value' => $this->getContributingOrgsCount($orgConditions, $orgIdList, $thisMonth) + ], + 'Average users / org' => [ + 'title' => 'Average users / org', 'value' => round($usersCount / $localOrgsCount, 1) + ], + 'Discussion threads' => [ + 'title' => 'Discussions threads', + 'value' => $this->getThreadsCount($orgConditions, $orgIdList, $thisMonth), + 'change' => $this->getThreadsCountMonth($orgConditions, $orgIdList, $thisMonth) + ], + 'Discussion posts' => [ + 'title' => 'Discussion posts', + 'value' => $this->getPostsCount($orgConditions, $orgIdList, $thisMonth), + 'change' => $this->getPostsCountMonth($orgConditions, $orgIdList, $thisMonth) + ] + ]; if(!empty(Configure::read('Security.advanced_authkeys'))){ $this->AuthKey = ClassRegistry::init('AuthKey'); $authkeysCount = $this->AuthKey->find('count', array('recursive' => -1)); @@ -70,6 +165,239 @@ class UsageDataWidget return $statistics; } + private function getEventsCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = []; + if (!empty($orgIdList)) { + $conditions['AND'][] = ['Event.orgc_id IN' => $orgIdList]; + } + return $this->Event->find('count', [ + 'recursive' => -1, + 'conditions' => $conditions + ]); + } + + private function getCorrelationsCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = []; + if (!empty($orgIdList)) { + $conditions['AND']['OR'][] = ['Correlation.org_id IN' => $orgIdList]; + $conditions['AND']['OR'][] = ['Correlation.1_org_id IN' => $orgIdList]; + } + return $this->Correlation->find('count', [ + 'recursive' => -1, + 'conditions' => $conditions + ]); + } + + private function getEventsCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['Event.timestamp >' => $thisMonth]; + if (!empty($orgIdList)) { + $conditions['AND'][] = ['Event.orgc_id IN' => $orgIdList]; + } + return $this->Event->find('count', [ + 'conditions' => $conditions, + 'recursive' => -1 + ]); + } + + private function getAttributesCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['Attribute.deleted' => 0]; + if (!empty($orgIdList)) { + $conditions['AND'][] = ['Event.orgc_id IN' => $orgIdList]; + } + $hash = hash('sha256', json_encode($orgIdList)); + $count = $this->redis->get('misp:dashboard:attribute_count:' . $hash); + if (empty($count)) { + $count = $this->Event->Attribute->find('count', [ + 'conditions' => $conditions, + 'contain' => ['Event'], + 'recursive' => -1 + ]); + $this->redis->setEx('misp:dashboard:attribute_count:' . $hash, 3600, $count); + } + return $count; + } + + private function getAttributesCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['Attribute.timestamp >' => $thisMonth, 'Attribute.deleted' => 0]; + if (!empty($orgIdList)) { + $conditions['AND'][] = ['Event.orgc_id IN' => $orgIdList]; + } + return $this->Event->Attribute->find('count', [ + 'conditions' => $conditions, + 'contain' => 'Event.orgc_id', + 'recursive' => -1 + ]); + } + + private function getOrgsCount($orgConditions, $orgIdList, $thisMonth) + { + return $this->User->Organisation->find('count', [ + 'conditions' => [ + 'AND' => $orgConditions + ] + ]); + } + + private function getOrgsCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $datetime = new DateTime(); + $datetime->setTimestamp($thisMonth); + $thisMonth = $datetime->format('Y-m-d H:i:s'); + return $this->User->Organisation->find('count', [ + 'conditions' => [ + 'AND' => $orgConditions, + 'Organisation.date_created >' => $thisMonth + ] + ]); + } + + private function getLocalOrgsCount($orgConditions, $orgIdList, $thisMonth) + { + return $this->User->Organisation->find('count', [ + 'conditions' => [ + 'Organisation.local' => 1, + 'AND' => $orgConditions + ] + ]); + } + + private function getLocalOrgsCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $datetime = new DateTime(); + $datetime->setTimestamp($thisMonth); + $thisMonth = $datetime->format('Y-m-d H:i:s'); + return $this->User->Organisation->find('count', [ + 'conditions' => [ + 'Organisation.local' => 1, + 'AND' => $orgConditions, + 'Organisation.date_created >' => $thisMonth + ] + ]); + } + + private function getProposalsCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['deleted' => 0]; + if (!empty($orgIdList)) { + $conditions['ShadowAttribute.org_id IN'] = $orgIdList; + } + return $this->Event->ShadowAttribute->find('count', [ + 'recursive' => -1, + 'conditions' => $conditions + ]); + } + + private function getUsersCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = []; + if (!empty($orgIdList)) { + $conditions['User.org_id IN'] = $orgIdList; + } + return $this->User->find('count', [ + 'recursive' => -1, + 'conditions' => $conditions + ]); + } + + private function getUsersCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['User.date_created >' => $thisMonth]; + if (!empty($orgIdList)) { + $conditions['User.org_id IN'] = $orgIdList; + } + return $this->User->find('count', [ + 'recursive' => -1, + 'conditions' => $conditions + ]); + } + + private function getUsersCountPgp($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['User.gpgkey !=' => '']; + if (!empty($orgIdList)) { + $conditions['User.org_id IN'] = $orgIdList; + } + return $this->User->find('count', [ + 'recursive' => -1, + 'conditions' => $conditions + ]); + } + + private function getContributingOrgsCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = []; + if ($orgConditions) { + $conditions['AND'][] = ['Event.orgc_id IN' => $orgIdList]; + } + return $this->Event->find('count', [ + 'recursive' => -1, + 'group' => ['Event.orgc_id'], + 'conditions' => $conditions + ]); + } + + private function getThreadsCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = ['Thread.post_count >' => 0]; + if ($orgConditions) { + $conditions['AND'][] = ['Thread.org_id IN' => $orgIdList]; + } + return $this->Thread->find('count', [ + 'conditions' => $conditions, + 'recursive' => -1 + ]); + } + + private function getThreadsCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $conditions = [ + 'Thread.post_count >' => 0, + 'Thread.date_created >=' => $thisMonth + ]; + if ($orgConditions) { + $conditions['AND'][] = ['Thread.org_id IN' => $orgIdList]; + } + return $this->Thread->find('count', [ + 'conditions' => $conditions, + 'recursive' => -1 + ]); + } + + private function getPostsCount($orgConditions, $orgIdList, $thisMonth) + { + $conditions = []; + if ($orgConditions) { + $conditions['AND'][] = ['User.org_id IN' => $orgIdList]; + } + return $this->Thread->Post->find('count', [ + 'conditions' => $conditions, + 'contain' => ['User.org_id'], + 'recursive' => -1 + ]); + } + + private function getPostsCountMonth($orgConditions, $orgIdList, $thisMonth) + { + $conditions = [ + 'Post.date_created >=' => $thisMonth + ]; + if ($orgConditions) { + $conditions['AND'][] = ['User.org_id IN' => $orgIdList]; + } + return $this->Thread->Post->find('count', [ + 'conditions' => $conditions, + 'contain' => ['User.org_id'], + 'recursive' => -1 + ]); + } + + +/* There is nothing sensitive in here. public function checkPermissions($user) { if (empty($user['Role']['perm_site_admin'])) { @@ -77,4 +405,5 @@ class UsageDataWidget } return true; } +*/ } diff --git a/app/Lib/Dashboard/UserContributionToplistWidget.php b/app/Lib/Dashboard/UserContributionToplistWidget.php new file mode 100644 index 000000000..ec434c82b --- /dev/null +++ b/app/Lib/Dashboard/UserContributionToplistWidget.php @@ -0,0 +1,138 @@ + 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', + 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', + 'year' => 'Which contributed most this year? (boolean)', + 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed tags. Default: 10' + ]; + public $cacheLifetime = null; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'nationality', + 'sector', + 'type', + 'name', + 'uuid' + ]; + public $placeholder = +'{ + "days": "7d", + "threshold": 15, + "filter": { + "sector": "Financial" + } +}'; + private $Org = null; + private $Event = null; + + + private function timeConditions($options) + { + $limit = empty($options['limit']) ? 10 : $options['limit']; + if (!empty($options['days'])) { + $condition = strtotime(sprintf("-%s days", $options['days'])); + } else if (!empty($options['month'])) { + $condition = strtotime('first day of this month 00:00:00', time()); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of previous month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); + } else if (!empty($options['year'])) { + $condition = strtotime('first day of this year 00:00:00', time()); + } else { + return null; + } + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Event.timestamp >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Event.timestamp <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; + } + + + public function handler($user, $options = array()) + { + $params = ['conditions' => []]; + $timeConditions = $this->timeConditions($options); + if ($timeConditions) { + $params['conditions']['AND'][] = $timeConditions; + } + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + if (isset($options['filter']['local'])) { + $params['conditions']['AND']['local'] = $options['filter']['local']; + } + + $this->Org = ClassRegistry::init('Organisation'); + $org_ids = $this->Org->find('list', [ + 'fields' => ['Organisation.id', 'Organisation.name'], + 'conditions' => $params['conditions'] + ]); + $userConditions = []; + if (!empty($org_ids)) { + $userConditions = ['User.org_id IN' => array_keys($org_ids)]; + } + $user_ids = $this->Org->User->find('list', [ + 'fields' => ['User.id', 'User.email'], + 'conditions' => $userConditions + ]); + $conditions = empty($user_ids) ? [] : ['Event.user_id IN' => array_keys($user_ids)]; + $this->Event = ClassRegistry::init('Event'); + $this->Event->virtualFields['frequency'] = 0; + $users = $this->Event->find('all', [ + 'recursive' => -1, + 'fields' => ['user_id', 'count(Event.user_id) as Event__frequency'], + 'group' => ['user_id'], + 'conditions' => $conditions, + 'order' => 'count(Event.user_id) desc', + 'limit' => empty($options['limit']) ? 10 : $options['limit'] + ]); + $results = []; + foreach($users as $user) { + $results[$user_ids[$user['Event']['user_id']]] = $user['Event']['frequency']; + } + return ['data' => $results]; + } + + public function checkPermissions($user) + { + if (empty(Configure::read('Security.disclose_user_emails')) && empty($user['Role']['perm_site_admin'])) { + return false; + } + return true; + } +} +?> diff --git a/app/Lib/Dashboard/WhoamiWidget.php b/app/Lib/Dashboard/WhoamiWidget.php index a95620908..40281df22 100644 --- a/app/Lib/Dashboard/WhoamiWidget.php +++ b/app/Lib/Dashboard/WhoamiWidget.php @@ -28,7 +28,7 @@ class WhoamiWidget array('title' => 'Email', 'value' => $user['email']), array('title' => 'Role', 'value' => $user['Role']['name']), array('title' => 'Organisation', 'value' => $user['Organisation']['name']), - array('title' => 'IP', 'value' => empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED_FOR']), + array('title' => 'IP', 'value' => $this->Log->_remoteIp()), array('title' => 'Last logins', 'value' => $entries) ); } diff --git a/app/Lib/Export/Stix2Export.php b/app/Lib/Export/Stix2Export.php index a3c81f82a..66e1fdebc 100644 --- a/app/Lib/Export/Stix2Export.php +++ b/app/Lib/Export/Stix2Export.php @@ -4,7 +4,7 @@ App::uses('StixExport', 'Export'); class Stix2Export extends StixExport { protected $__attributes_limit = 15000; - protected $__default_version = '2.0'; + protected $__default_version = '2.1'; protected $__sane_versions = array('2.0', '2.1'); protected function __initiate_framing_params() diff --git a/app/Lib/Export/StixExport.php b/app/Lib/Export/StixExport.php index 6abc20b75..4c759e991 100644 --- a/app/Lib/Export/StixExport.php +++ b/app/Lib/Export/StixExport.php @@ -83,6 +83,12 @@ abstract class StixExport if ($this->__empty_file) { $this->__tmp_file->close(); $this->__tmp_file->delete(); + if (empty($this->__filenames)) { + $framing = $this->getFraming(); + $tmpFile = new TmpFileTool(); + $tmpFile->write($framing['header'] . $framing['footer']); + return $tmpFile; + } } else { if (!empty($this->__event_galaxies)) { $this->__write_event_galaxies(); diff --git a/app/Lib/Tools/AttachmentTool.php b/app/Lib/Tools/AttachmentTool.php index 52f227832..d95cdd6cd 100644 --- a/app/Lib/Tools/AttachmentTool.php +++ b/app/Lib/Tools/AttachmentTool.php @@ -157,7 +157,7 @@ class AttachmentTool $filepath = $this->attachmentDir() . DS . $path; $file = new File($filepath); if (!is_file($file->path)) { - throw new NotFoundException("File '$filepath' does not exists."); + throw new NotFoundException("File '$filepath' does not exist."); } } diff --git a/app/Lib/Tools/AttributeValidationTool.php b/app/Lib/Tools/AttributeValidationTool.php index 739d3c01d..752fbe1e0 100644 --- a/app/Lib/Tools/AttributeValidationTool.php +++ b/app/Lib/Tools/AttributeValidationTool.php @@ -202,7 +202,7 @@ class AttributeValidationTool $value = substr($value, 2); // remove 'AS' } if (strpos($value, '.') !== false) { // maybe value is in asdot notation - $parts = explode('.', $value); + $parts = explode('.', $value, 2); if (self::isPositiveInteger($parts[0]) && self::isPositiveInteger($parts[1])) { return $parts[0] * 65536 + $parts[1]; } @@ -224,7 +224,6 @@ class AttributeValidationTool switch ($type) { case 'md5': case 'imphash': - case 'telfhash': case 'sha1': case 'sha224': case 'sha256': @@ -255,6 +254,11 @@ class AttributeValidationTool return true; } return __('Checksum has an invalid length or format (expected: at least 35 hexadecimal characters, optionally starting with t1 instead of hexadecimal characters). Please double check the value or select type "other".'); + case 'telfhash': + if (self::isTelfhashValid($value)) { + return true; + } + return __('Checksum has an invalid length or format (expected: %s or %s hexadecimal characters). Please double check the value or select type "other".', 70, 72); case 'pehash': if (self::isHashValid('pehash', $value)) { return true; @@ -412,12 +416,12 @@ class AttributeValidationTool } return __('Email address has an invalid format. Please double check the value or select type "other".'); case 'vulnerability': - if (preg_match("#^(CVE-)[0-9]{4}(-)[0-9]{4,}$#", $value)) { + if (preg_match("#^CVE-[0-9]{4}-[0-9]{4,}$#", $value)) { return true; } return __('Invalid format. Expected: CVE-xxxx-xxxx...'); case 'weakness': - if (preg_match("#^(CWE-)[0-9]{1,}$#", $value)) { + if (preg_match("#^CWE-[0-9]+$#", $value)) { return true; } return __('Invalid format. Expected: CWE-x...'); @@ -526,6 +530,7 @@ class AttributeValidationTool case 'favicon-mmh3': case 'chrome-extension-id': case 'mobile-application-id': + case 'azure-application-id': case 'named pipe': if (strpos($value, "\n") !== false) { return __('Value must not contain new line character.'); @@ -582,6 +587,28 @@ class AttributeValidationTool throw new InvalidArgumentException("Unknown type $type."); } + /** + * This method will generate all valid types for given value. + * @param array $types Typos to check + * @param array $compositeTypes Composite types + * @param string $value Values to check + * @return array + */ + public static function validTypesForValue(array $types, array $compositeTypes, $value) + { + $possibleTypes = []; + foreach ($types as $type) { + if (in_array($type, $compositeTypes, true) && substr_count($value, '|') !== 1) { + continue; // value is not in composite format + } + $modifiedValue = AttributeValidationTool::modifyBeforeValidation($type, $value); + if (AttributeValidationTool::validate($type, $modifiedValue) === true) { + $possibleTypes[] = $type; + } + } + return $possibleTypes; + } + /** * @param string $value * @return bool @@ -612,6 +639,15 @@ class AttributeValidationTool return strlen($value) > 35 && ctype_xdigit($value); } + /** + * @param string $value + * @return bool + */ + private static function isTelfhashValid($value) + { + return strlen($value) == 70 || strlen($value) == 72; + } + /** * @param string $type diff --git a/app/Lib/Tools/BackgroundJobsTool.php b/app/Lib/Tools/BackgroundJobsTool.php index 19d56dada..37e53883e 100644 --- a/app/Lib/Tools/BackgroundJobsTool.php +++ b/app/Lib/Tools/BackgroundJobsTool.php @@ -161,7 +161,7 @@ class BackgroundJobsTool } RedisTool::unlink($this->RedisConnection, self::DATA_CONTENT_PREFIX . ':' . $uuid); return $data; - } else if ($path[0] === '/') { // deprecated storage location when not full path is provided + } else if ($path[0] !== '/') { // deprecated storage location when not full path is provided $path = APP . 'tmp/cache/ingest' . DS . $path; } return JsonTool::decode(FileAccessTool::readAndDelete($path)); diff --git a/app/Lib/Tools/CustomPaginationTool.php b/app/Lib/Tools/CustomPaginationTool.php index 525de8201..ad052af38 100644 --- a/app/Lib/Tools/CustomPaginationTool.php +++ b/app/Lib/Tools/CustomPaginationTool.php @@ -27,6 +27,8 @@ class CustomPaginationTool $params['options'][$v] = $options[$v]; } } + $params['page'] = is_numeric($params['page']) ? $params['page'] : 1; + $params['limit'] = is_numeric($params['limit']) ? $params['limit'] : 60; $maxPage = floor($params['count'] / $params['limit']); if ($params['count'] % $params['limit'] != 0) { $maxPage += 1; diff --git a/app/Lib/Tools/EventTimelineTool.php b/app/Lib/Tools/EventTimelineTool.php index 145ab9909..d684d8882 100644 --- a/app/Lib/Tools/EventTimelineTool.php +++ b/app/Lib/Tools/EventTimelineTool.php @@ -57,6 +57,12 @@ $event['Attribute'] = array(); } + if (!empty($fullevent[0]['Sighting'])) { + $event['Sighting'] = $fullevent[0]['Sighting']; + } else { + $event['Sighting'] = array(); + } + return $event; } @@ -81,6 +87,11 @@ $attribute = array(); } + $sightingsAttributeMap = []; + foreach ($event['Sighting'] as $sighting) { + $sightingsAttributeMap[$sighting['attribute_id']][] = $sighting['date_sighting']; + } + // extract links and node type foreach ($attribute as $attr) { $toPush = array( @@ -93,6 +104,7 @@ 'first_seen' => $attr['first_seen'], 'last_seen' => $attr['last_seen'], 'attribute_type' => $attr['type'], + 'date_sighting' => $sightingsAttributeMap[$attr['id']] ?? [], 'is_image' => $this->__eventModel->Attribute->isImage($attr), ); $this->__json['items'][] = $toPush; @@ -134,6 +146,7 @@ 'group' => 'object_attribute', 'timestamp' => $obj_attr['timestamp'], 'attribute_type' => $obj_attr['type'], + 'date_sighting' => $sightingsAttributeMap[$attr['id']] ?? [], 'is_image' => $this->__eventModel->Attribute->isImage($obj_attr), ); $toPush_obj['Attribute'][] = $toPush_attr; diff --git a/app/Lib/Tools/FileAccessTool.php b/app/Lib/Tools/FileAccessTool.php index 3e3aa01cd..b56338a21 100644 --- a/app/Lib/Tools/FileAccessTool.php +++ b/app/Lib/Tools/FileAccessTool.php @@ -107,8 +107,14 @@ class FileAccessTool } if (file_put_contents($file, $content, LOCK_EX | (!empty($append) ? FILE_APPEND : 0)) === false) { - $freeSpace = disk_free_space($dir); - throw new Exception("An error has occurred while attempt to write to file `$file`. Maybe not enough space? ($freeSpace bytes left)"); + if (file_exists($file) && !is_writable($file)) { + $errorMessage = 'File is not writeable.'; + } else { + $freeSpace = disk_free_space($dir); + $errorMessage = "Maybe not enough space? ($freeSpace bytes left)"; + } + + throw new Exception("An error has occurred while attempt to write to file `$file`. $errorMessage"); } } diff --git a/app/Lib/Tools/RedisTool.php b/app/Lib/Tools/RedisTool.php index 4159322fd..8a68dfe20 100644 --- a/app/Lib/Tools/RedisTool.php +++ b/app/Lib/Tools/RedisTool.php @@ -1,7 +1,7 @@ connect($host, (int) $port)) { + $connection = empty($socket) ? $redis->connect($host, (int) $port) : $redis->connect($host); + if (!$connection) { throw new Exception("Could not connect to Redis: {$redis->getLastError()}"); } if (!empty($pass)) { diff --git a/app/Lib/Tools/SecurityAudit.php b/app/Lib/Tools/SecurityAudit.php index 944b63b24..29c7cc81e 100644 --- a/app/Lib/Tools/SecurityAudit.php +++ b/app/Lib/Tools/SecurityAudit.php @@ -138,7 +138,7 @@ class SecurityAudit if (!Configure::read('MISP.log_new_audit')) { $output['Logging'][] = [ 'hint', - __('New audit log stores more information, like used authkey ID or request ID that can help when analysing or correlating audit logs.'), + __('New audit log stores more information, like used authkey ID or request ID that can help when analysing or correlating audit logs. Set `MISP.log_new_audit` to `true` to enable.'), ]; } diff --git a/app/Lib/Tools/SyncTool.php b/app/Lib/Tools/SyncTool.php index aa621879b..157123d21 100644 --- a/app/Lib/Tools/SyncTool.php +++ b/app/Lib/Tools/SyncTool.php @@ -2,6 +2,9 @@ class SyncTool { + + const ALLOWED_CERT_FILE_EXTENSIONS = ['pem', 'crt']; + /** * Take a server as parameter and return a HttpSocket object using the ssl options defined in the server settings * @param array|null $server @@ -15,10 +18,10 @@ class SyncTool $params = ['compress' => true]; if (!empty($server)) { if (!empty($server[$model]['cert_file'])) { - $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server[$model]['id'] . '.pem'; + $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server[$model]['cert_file']; } if (!empty($server[$model]['client_cert_file'])) { - $params['ssl_local_cert'] = APP . "files" . DS . "certs" . DS . $server[$model]['id'] . '_client.pem'; + $params['ssl_local_cert'] = APP . "files" . DS . "certs" . DS . $server[$model]['client_cert_file']; } if (!empty($server[$model]['self_signed'])) { $params['ssl_allow_self_signed'] = true; diff --git a/app/Lib/Tools/WorkflowFormatConverterTool.php b/app/Lib/Tools/WorkflowFormatConverterTool.php index caa00e57a..267c317be 100644 --- a/app/Lib/Tools/WorkflowFormatConverterTool.php +++ b/app/Lib/Tools/WorkflowFormatConverterTool.php @@ -44,6 +44,17 @@ class WorkflowFormatConverterTool { $converted = []; $converted = JSONConverterTool::convert($event, false, true); + $eventTags = !empty($converted['Event']['Tag']) ? $converted['Event']['Tag'] : []; + if (!empty($converted['Event']['Attribute'])) { + foreach ($converted['Event']['Attribute'] as $i => $attribute) { + $converted['Event']['Attribute'][$i] = self::__propagateTagToAttributes($attribute, $eventTags); + } + } + if (!empty($converted['Event']['Object'])) { + foreach ($converted['Event']['Object'] as $i => $object) { + $converted['Event']['Object'][$i] = self::__propagateTagToObjectAttributes($object, $eventTags); + } + } return $converted; } @@ -101,6 +112,33 @@ class WorkflowFormatConverterTool return $converted; } + private static function __propagateTagToAttributes(array $attribute, array $eventTags): array + { + $allTags = []; + if (!empty($eventTags)) { + foreach ($eventTags as $eventTag) { + $eventTag['inherited'] = true; + $allTags[] = $eventTag; + } + } + if (!empty($attribute['Tag'])) { + foreach ($attribute['Tag'] as $tag) { + $tag['inherited'] = false; + $allTags[] = $tag; + } + } + $attribute['_allTags'] = $allTags; + return $attribute; + } + + private static function __propagateTagToObjectAttributes(array $object, array $eventTags): array + { + foreach ($object['Attribute'] as $i => $attribute) { + $object['Attribute'][$i] = self::__propagateTagToAttributes($attribute, $eventTags); + } + return $object; + } + private static function __encapsulateEntityWithEvent(array $data): array { $eventModel = ClassRegistry::init('Event'); @@ -112,12 +150,11 @@ class WorkflowFormatConverterTool if (empty($event)) { return []; } - $event = self::__convertEvent($event); - $event = $event['Event']; reset($data); $entityType = key($data); - $event[$entityType][] = $data[$entityType]; - return ['Event' => $event]; + $event['Event'][$entityType][] = $data[$entityType]; + $event = self::__convertEvent($event); + return $event; } private static function __includeFlattenedAttributes(array $event): array diff --git a/app/Lib/Tools/WorkflowGraphTool.php b/app/Lib/Tools/WorkflowGraphTool.php index 5762d10bc..60c7b8382 100644 --- a/app/Lib/Tools/WorkflowGraphTool.php +++ b/app/Lib/Tools/WorkflowGraphTool.php @@ -6,16 +6,18 @@ class GraphUtil { public function __construct($graphData) { - $this->graph = $graphData; + $this->graph = array_filter($graphData, function($i) { + return $i != '_frames'; + }, ARRAY_FILTER_USE_KEY); $this->numberNodes = count($this->graph); - $this->edgeList = $this->_buildEdgeList($graphData); + $this->edgeList = $this->_buildEdgeList($this->graph); $this->properties = []; } private function _buildEdgeList($graphData): array { $list = []; - foreach ($graphData as $node) { + foreach ($graphData as $i => $node) { $list[(int)$node['id']] = []; foreach (($node['outputs'] ?? []) as $output_id => $outputs) { foreach ($outputs as $connections) { @@ -162,6 +164,12 @@ class GraphWalker } else if ($node['data']['id'] == 'concurrent-task') { $this->_evaluateConcurrentTask($node, $roamingData, $outputs['output_1']); return ['output_1' => []]; + } else if ($node['data']['id'] == 'generic-filter-data') { + $this->_evaluateFilterAddLogic($node, $roamingData, $outputs['output_1']); + return ['output_1' => $outputs['output_1']]; + } else if ($node['data']['id'] == 'generic-filter-reset') { + $this->_evaluateFilterRemoveLogic($node, $roamingData, $outputs['output_1']); + return ['output_1' => $outputs['output_1']]; } else { $useFirstOutput = $this->_evaluateCustomLogicCondition($node, $roamingData); return $useFirstOutput ? ['output_1' => $outputs['output_1']] : ['output_2' => $outputs['output_2']]; @@ -175,6 +183,18 @@ class GraphWalker return $result; } + private function _evaluateFilterAddLogic($node, WorkflowRoamingData $roamingData): bool + { + $result = $this->WorkflowModel->executeNode($node, $roamingData); + return $result; + } + + private function _evaluateFilterRemoveLogic($node, WorkflowRoamingData $roamingData): bool + { + $result = $this->WorkflowModel->executeNode($node, $roamingData); + return $result; + } + private function _evaluateCustomLogicCondition($node, WorkflowRoamingData $roamingData): bool { $result = $this->WorkflowModel->executeNode($node, $roamingData); @@ -254,6 +274,7 @@ class WorkflowRoamingData private $data; private $workflow; private $current_node; + private $workflowModel; public function __construct(array $workflow_user, array $data, array $workflow, int $current_node) { @@ -270,9 +291,50 @@ class WorkflowRoamingData public function getData(): array { + if (!empty($this->getEnabledFilters())) { + return $this->filterDataIfNeeded(); + } return $this->data; } + public function filterDataIfNeeded(): array + { + $filteredData = $this->data; + $filters = $this->getEnabledFilters(); + foreach ($filters as $filteringLabel => $filteringOptions) { + $filteredData = $this->applyFilter($filteredData, $filteringOptions); + } + return $filteredData; + } + + private function applyFilter(array $data, array $filteringOptions): array + { + if (substr($filteringOptions['selector'], -4) === '.{n}') { + $filteringOptions['selector'] = substr($filteringOptions['selector'], 0, -4); + } + $baseModule = $this->getFilteringModule(); + $extracted = $baseModule->extractData($data, $filteringOptions['selector']); + if ($extracted === false) { + $filteredData = false; + } + $filteredData = $baseModule->getItemsMatchingCondition($extracted, $filteringOptions['value'], $filteringOptions['operator'], $filteringOptions['path']); + $newData = Hash::remove($data, $filteringOptions['selector']); + $newData = Hash::insert($data, $filteringOptions['selector'], $filteredData); + return $newData; + } + + private function getFilteringModule() + { + $this->workflowModel = ClassRegistry::init('Workflow'); + $moduleClass = $this->workflowModel->getModuleClassByType('logic', 'generic-filter-data'); + return $moduleClass; + } + + public function getEnabledFilters(): array + { + return !empty($this->data['enabledFilters']) ? $this->data['enabledFilters'] : []; + } + public function getWorkflow(): array { return $this->workflow; @@ -296,6 +358,20 @@ class WorkflowRoamingData class WorkflowGraphTool { + + /** + * cleanGraphData Remove frame nodes from the graph data + * + * @param array $graphData + * @return array + */ + public static function cleanGraphData(array $graphData): array + { + return array_filter($graphData, function($i) { + return $i != '_frames'; + }, ARRAY_FILTER_USE_KEY); + } + /** * extractTriggerFromWorkflow Return the trigger id (or full module) that are specified in the workflow * @@ -322,8 +398,9 @@ class WorkflowGraphTool */ public static function extractTriggersFromWorkflow(array $graphData, bool $fullNode = false): array { + $graphData = self::cleanGraphData($graphData); $triggers = []; - foreach ($graphData as $node) { + foreach ($graphData as $i => $node) { if ($node['data']['module_type'] == 'trigger') { if (!empty($fullNode)) { $triggers[] = $node; @@ -344,8 +421,9 @@ class WorkflowGraphTool */ public static function extractConcurrentTasksFromWorkflow(array $graphData, bool $fullNode = false): array { + $graphData = self::cleanGraphData($graphData); $nodes = []; - foreach ($graphData as $node) { + foreach ($graphData as $i => $node) { if ($node['data']['module_type'] == 'logic' && $node['data']['id'] == 'concurrent-task') { if (!empty($fullNode)) { $nodes[] = $node; @@ -357,6 +435,52 @@ class WorkflowGraphTool return $nodes; } + /** + * extractFilterNodesFromWorkflow Return the list of generic-filter-data's id (or full module) that are included in the workflow + * + * @param array $workflow + * @param bool $fullNode + * @return array + */ + public static function extractFilterNodesFromWorkflow(array $graphData, bool $fullNode = false): array + { + $graphData = self::cleanGraphData($graphData); + $nodes = []; + foreach ($graphData as $i => $node) { + if ($node['data']['module_type'] == 'logic' && $node['data']['id'] == 'generic-filter-data') { + if (!empty($fullNode)) { + $nodes[] = $node; + } else { + $nodes[] = $node['data']['id']; + } + } + } + return $nodes; + } + + /** + * extractResetFilterFromWorkflow Return the list of generic-filter-reset's id (or full module) that are included in the workflow + * + * @param array $workflow + * @param bool $fullNode + * @return array + */ + public static function extractResetFilterFromWorkflow(array $graphData, bool $fullNode = false): array + { + $graphData = self::cleanGraphData($graphData); + $nodes = []; + foreach ($graphData as $i => $node) { + if ($node['data']['module_type'] == 'logic' && $node['data']['id'] == 'generic-filter-reset') { + if (!empty($fullNode)) { + $nodes[] = $node; + } else { + $nodes[] = $node['data']['id']; + } + } + } + return $nodes; + } + /** * isAcyclic Return if the graph contains a cycle * diff --git a/app/Locale/ara/LC_MESSAGES/default.po b/app/Locale/ara/LC_MESSAGES/default.po index d669fcdb5..ccaa20c24 100644 --- a/app/Locale/ara/LC_MESSAGES/default.po +++ b/app/Locale/ara/LC_MESSAGES/default.po @@ -725,7 +725,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/cake_resque.pot b/app/Locale/cake_resque.pot index fdbc5ab59..a105801bb 100644 --- a/app/Locale/cake_resque.pot +++ b/app/Locale/cake_resque.pot @@ -578,7 +578,7 @@ msgid "Workers number [%s] is not valid. Please enter a valid number" msgstr "" #: Plugin/CakeResque/Console/Command/CakeResqueShell.php:1282 -msgid "User [%s] does not exists. Please enter a valid system user" +msgid "User [%s] does not exist. Please enter a valid system user" msgstr "" #: Plugin/CakeResque/Console/Command/CakeResqueShell.php:1304 diff --git a/app/Locale/cze/LC_MESSAGES/default.po b/app/Locale/cze/LC_MESSAGES/default.po index b1c6c1d00..fa32e5969 100644 --- a/app/Locale/cze/LC_MESSAGES/default.po +++ b/app/Locale/cze/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Neplatná Skupina sdílení nebo není autorizovaná." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/dan/LC_MESSAGES/default.po b/app/Locale/dan/LC_MESSAGES/default.po index 073394e95..8de07eca4 100644 --- a/app/Locale/dan/LC_MESSAGES/default.po +++ b/app/Locale/dan/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Ugyldig Delingsgruppe, eller ingen godkendelse." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/default.pot b/app/Locale/default.pot index 40c15ea69..8800c29b4 100644 --- a/app/Locale/default.pot +++ b/app/Locale/default.pot @@ -848,7 +848,7 @@ msgid "Add attribute" msgstr "" #: Controller/AttributesController.php:287;1725 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:305 diff --git a/app/Locale/deu/LC_MESSAGES/default.po b/app/Locale/deu/LC_MESSAGES/default.po index a447de5b5..0704a865b 100644 --- a/app/Locale/deu/LC_MESSAGES/default.po +++ b/app/Locale/deu/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Ungültige Freigabegruppe oder nicht berechtigt." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/fra/LC_MESSAGES/default.po b/app/Locale/fra/LC_MESSAGES/default.po index ece0e4027..4383c9239 100644 --- a/app/Locale/fra/LC_MESSAGES/default.po +++ b/app/Locale/fra/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Groupe de partage invalide ou non autorisé." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/hun/LC_MESSAGES/default.po b/app/Locale/hun/LC_MESSAGES/default.po index 29959ad24..060ff002d 100644 --- a/app/Locale/hun/LC_MESSAGES/default.po +++ b/app/Locale/hun/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/ita/LC_MESSAGES/default.po b/app/Locale/ita/LC_MESSAGES/default.po index 83ce00e04..3fd797c47 100644 --- a/app/Locale/ita/LC_MESSAGES/default.po +++ b/app/Locale/ita/LC_MESSAGES/default.po @@ -721,7 +721,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Sharing Group non valido o non autorizzato." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/jpn/LC_MESSAGES/default.po b/app/Locale/jpn/LC_MESSAGES/default.po index ba835e83c..8d8b227ac 100644 --- a/app/Locale/jpn/LC_MESSAGES/default.po +++ b/app/Locale/jpn/LC_MESSAGES/default.po @@ -719,7 +719,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "無効な共有グループ、もしくは権限がありません。" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/kor/LC_MESSAGES/default.po b/app/Locale/kor/LC_MESSAGES/default.po index d8348242d..702b70330 100644 --- a/app/Locale/kor/LC_MESSAGES/default.po +++ b/app/Locale/kor/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "잘못된 공유 그룹이거나 권한이 없습니다" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/no/LC_MESSAGES/default.po b/app/Locale/no/LC_MESSAGES/default.po index 1615ea775..2ebb74bc6 100644 --- a/app/Locale/no/LC_MESSAGES/default.po +++ b/app/Locale/no/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Ugyldig delingsgruppe eller ikke autorisert." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/pol/LC_MESSAGES/default.po b/app/Locale/pol/LC_MESSAGES/default.po index 275617176..348da1637 100644 --- a/app/Locale/pol/LC_MESSAGES/default.po +++ b/app/Locale/pol/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/pt_BR/LC_MESSAGES/default.po b/app/Locale/pt_BR/LC_MESSAGES/default.po index 14425a49e..e78b80293 100644 --- a/app/Locale/pt_BR/LC_MESSAGES/default.po +++ b/app/Locale/pt_BR/LC_MESSAGES/default.po @@ -721,7 +721,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Grupo de compartilhamento inválido ou não autorizado." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/ro/LC_MESSAGES/default.po b/app/Locale/ro/LC_MESSAGES/default.po index 00e817fce..0032d1140 100644 --- a/app/Locale/ro/LC_MESSAGES/default.po +++ b/app/Locale/ro/LC_MESSAGES/default.po @@ -721,7 +721,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/rus/LC_MESSAGES/default.po b/app/Locale/rus/LC_MESSAGES/default.po index b3bfb931e..12d435b47 100644 --- a/app/Locale/rus/LC_MESSAGES/default.po +++ b/app/Locale/rus/LC_MESSAGES/default.po @@ -722,7 +722,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/si-LK/LC_MESSAGES/default.po b/app/Locale/si-LK/LC_MESSAGES/default.po index 53160e3aa..ba4d74a52 100644 --- a/app/Locale/si-LK/LC_MESSAGES/default.po +++ b/app/Locale/si-LK/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "වලංගු නොවන බෙදාගැනීමේ කණ්ඩායමක් හෝ අවසරයක් නැත." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "උපලක්ෂණයක් නොපවතී හෝ ඔබට මෙම උපලක්ෂණ බාගැනීමට අවසර නැත." #: Controller/AttributesController.php:334 diff --git a/app/Locale/spa/LC_MESSAGES/default.po b/app/Locale/spa/LC_MESSAGES/default.po index 548973e37..618975630 100644 --- a/app/Locale/spa/LC_MESSAGES/default.po +++ b/app/Locale/spa/LC_MESSAGES/default.po @@ -722,7 +722,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Grupo de uso no válido o no autorizado." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/th_TH/LC_MESSAGES/default.po b/app/Locale/th_TH/LC_MESSAGES/default.po index 45589c869..c22c08e09 100644 --- a/app/Locale/th_TH/LC_MESSAGES/default.po +++ b/app/Locale/th_TH/LC_MESSAGES/default.po @@ -722,7 +722,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "กลุ่มการแบ่งปันไม่ถูกต้องหรือไม่ได้รับอนุญาต" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "ไม่มีแอตทริบิวต์หรือคุณไม่ได้รับอนุญาตให้ดาวน์โหลดแอตทริบิวต์นี้" #: Controller/AttributesController.php:334 diff --git a/app/Locale/zh-s/LC_MESSAGES/default.po b/app/Locale/zh-s/LC_MESSAGES/default.po index 9d554618d..b8a044794 100644 --- a/app/Locale/zh-s/LC_MESSAGES/default.po +++ b/app/Locale/zh-s/LC_MESSAGES/default.po @@ -719,7 +719,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "无效的共享组或未授权." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php new file mode 100644 index 000000000..f1f70b453 --- /dev/null +++ b/app/Model/AccessLog.php @@ -0,0 +1,345 @@ + 'Unknown', + 1 => 'GET', + 2 => 'HEAD', + 3 => 'POST', + 4 => 'PUT', + 5 => 'DELETE', + 6 => 'OPTIONS', + 7 => 'TRACE', + 8 => 'PATCH', + ]; + + public $actsAs = [ + 'Containable', + ]; + + public $belongsTo = [ + 'User' => [ + 'className' => 'User', + 'foreignKey' => 'user_id', + ], + 'Organisation' => [ + 'className' => 'Organisation', + 'foreignKey' => 'org_id', + ], + ]; + + public function afterFind($results, $primary = false) + { + foreach ($results as &$result) { + if (isset($result['AccessLog']['ip'])) { + $result['AccessLog']['ip'] = inet_ntop($result['AccessLog']['ip']); + } + if (isset($result['AccessLog']['request_method'])) { + $result['AccessLog']['request_method'] = self::REQUEST_TYPES[$result['AccessLog']['request_method']]; + } + if (!empty($result['AccessLog']['request'])) { + $decoded = $this->decodeRequest($result['AccessLog']['request']); + if ($decoded) { + list($contentType, $encoding, $data) = $decoded; + $result['AccessLog']['request'] = $data; + $result['AccessLog']['request_content_type'] = $contentType; + $result['AccessLog']['request_content_encoding'] = $encoding; + } else { + $result['AccessLog']['request'] = false; + } + } + if (!empty($result['AccessLog']['query_log'])) { + $result['AccessLog']['query_log'] = JsonTool::decode($this->decompress($result['AccessLog']['query_log'])); + } + if (!empty($result['AccessLog']['memory_usage'])) { + $result['AccessLog']['memory_usage'] = $result['AccessLog']['memory_usage'] * 1024; + } + } + return $results; + } + + public function beforeSave($options = []) + { + $accessLog = &$this->data['AccessLog']; + + $this->externalLog($accessLog); + + if (Configure::read('MISP.log_paranoid_skip_db')) { + return; + } + + // Truncate + foreach (['request_id', 'user_agent', 'url'] as $field) { + if (isset($accessLog[$field]) && strlen($accessLog[$field]) > 255) { + $accessLog[$field] = substr($accessLog[$field], 0, 255); + } + } + + if (isset($accessLog['ip'])) { + $accessLog['ip'] = inet_pton($accessLog['ip']); + } + + if (isset($accessLog['request_method'])) { + $requestMethodIds = array_flip(self::REQUEST_TYPES); + $accessLog['request_method'] = $requestMethodIds[$accessLog['request_method']] ?? 0; + } + + if (!empty($accessLog['request'])) { + $accessLog['request'] = $this->compress($accessLog['request']); + } + + if (!empty($accessLog['query_log'])) { + $accessLog['query_log'] = $this->compress(JsonTool::encode($accessLog['query_log'])); + } + + // In database save size in kb to avoid overflow signed int type + if (isset($accessLog['memory_usage'])) { + $accessLog['memory_usage'] = $accessLog['memory_usage'] >> 10; // same as /= 1024 + } + } + + /** + * @param array $user + * @param string $remoteIp + * @param CakeRequest $request + * @param bool $includeRequestBody + * @return bool + * @throws Exception + */ + public function logRequest(array $user, $remoteIp, CakeRequest $request, $includeRequestBody = true) + { + $requestTime = $this->requestTime(); + $logClientIp = Configure::read('MISP.log_client_ip'); + $includeSqlQueries = Configure::read('MISP.log_paranoid_include_sql_queries'); + + if ($includeSqlQueries) { + $this->getDataSource()->fullDebug = true; // Enable SQL logging + } + + $dataToSave = [ + 'created' => $requestTime->format('Y-m-d H:i:s.u'), + 'request_id' => $_SERVER['HTTP_X_REQUEST_ID'] ?? null, + 'user_id' => (int)$user['id'], + 'org_id' => (int)$user['org_id'], + 'authkey_id' => isset($user['authkey_id']) ? (int)$user['authkey_id'] : null, + 'ip' => $logClientIp ? $remoteIp : null, + 'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? null, + 'request_method' => $_SERVER['REQUEST_METHOD'], + 'controller' => $request->params['controller'], + 'action' => $request->params['action'], + 'url' => $request->here, + ]; + + if ($includeRequestBody && $request->is(['post', 'put', 'delete'])) { + $dataToSave['request'] = $this->requestBody($request); + } + + // Save data on shutdown + register_shutdown_function(function () use ($dataToSave, $requestTime, $includeSqlQueries) { + session_write_close(); // close session to allow concurrent requests + $this->saveOnShutdown($dataToSave, $requestTime, $includeSqlQueries); + }); + + return true; + } + + /** + * @param DateTime $duration + * @return int Number of deleted entries + */ + public function deleteOldLogs(DateTime $duration) + { + $this->deleteAll([ + ['created <' => $duration->format('Y-m-d H:i:s.u')], + ], false); + + $deleted = $this->getAffectedRows(); + if ($deleted > 100) { + $dataSource = $this->getDataSource(); + $dataSource->query('OPTIMIZE TABLE ' . $dataSource->name($this->table)); + } + return $deleted; + } + + /** + * @param CakeRequest $request + * @return string + */ + private function requestBody(CakeRequest $request) + { + $requestContentType = $_SERVER['CONTENT_TYPE'] ?? null; + $requestEncoding = $_SERVER['HTTP_CONTENT_ENCODING'] ?? null; + + if (substr($requestContentType, 0, 19) === 'multipart/form-data') { + $input = http_build_query($request->data, '', '&'); + } else { + $input = $request->input(); + } + + return "$requestContentType\n$requestEncoding\n$input"; + } + + /** + * @param array $data + * @param DateTime $requestTime + * @param bool $includeSqlQueries + * @return bool + * @throws Exception + */ + private function saveOnShutdown(array $data, DateTime $requestTime, $includeSqlQueries) + { + $sqlLog = $this->getDataSource()->getLog(false, false); + $queryCount = $sqlLog['count']; + + if ($includeSqlQueries && !empty($sqlLog['log'])) { + foreach ($sqlLog['log'] as &$log) { + $log['query'] = $this->escapeNonUnicode($log['query']); + unset($log['affected']); // affected is the same as numRows + unset($log['params']); // no need to save for your use case + } + $data['query_log'] = ['time' => $sqlLog['time'], 'log' => $sqlLog['log']]; + } + + $data['response_code'] = http_response_code(); + $data['memory_usage'] = memory_get_peak_usage(); + $data['query_count'] = $queryCount; + $data['duration'] = (int)((microtime(true) - $requestTime->format('U.u')) * 1000); // in milliseconds + + try { + return $this->save($data, ['atomic' => false]); + } catch (Exception $e) { + $this->logException("Could not insert access log to database", $e, LOG_WARNING); + return false; + } + } + + /** + * @param array $data + * @return void + */ + public function externalLog(array $data) + { + if ($this->pubToZmq('audit')) { + $this->getPubSubTool()->publish($data, 'audit', 'log'); + } + + $this->publishKafkaNotification('audit', $data, 'log'); + // In future add support for sending logs to elastic + } + + /** + * @return DateTime + */ + private function requestTime() + { + $requestTime = $_SERVER['REQUEST_TIME_FLOAT'] ?? microtime(true); + $requestTime = (string) $requestTime; + // Fix string if float value doesnt contain decimal part + if (strpos($requestTime, '.') === false) { + $requestTime .= '.0'; + } + return DateTime::createFromFormat('U.u', $requestTime); + } + + /** + * @param string $request + * @return array|false + */ + private function decodeRequest($request) + { + $request = $this->decompress($request); + if ($request === false) { + return false; + } + + list($contentType, $encoding, $data) = explode("\n", $request, 3); + + if ($encoding === 'gzip') { + $data = gzdecode($data); + } elseif ($encoding === 'br') { + if (function_exists('brotli_uncompress')) { + $data = brotli_uncompress($data); + } else { + $data = false; + } + } + + return [$contentType, $encoding, $data]; + } + + /** + * @param string $data + * @return false|string + */ + private function decompress($data) + { + $header = substr($data, 0, 4); + if ($header === self::BROTLI_HEADER) { + if (function_exists('brotli_uncompress')) { + $data = brotli_uncompress(substr($data, 4)); + if ($data === false) { + return false; + } + } else { + return false; + } + } + return $data; + } + + /** + * @param string $data + * @return string + */ + private function compress($data) + { + $compressionEnabled = Configure::read('MISP.log_new_audit_compress') && + function_exists('brotli_compress'); + + if ($compressionEnabled && strlen($data) >= self::COMPRESS_MIN_LENGTH) { + return self::BROTLI_HEADER . brotli_compress($data, 4, BROTLI_TEXT); + } + return $data; + } + + /** + * @param $string + * @return string + */ + private function escapeNonUnicode($string) + { + if (json_encode($string, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS) !== false) { + return $string; // string is valid unicode + } + + if (function_exists('mb_str_split')) { + $result = mb_str_split($string); + } else { + $result = []; + $length = mb_strlen($string); + for ($i = 0; $i < $length; $i++) { + $result[] = mb_substr($string, $i, 1); + } + } + + $string = ''; + foreach ($result as $char) { + if (strlen($char) === 1 && !preg_match('/[[:print:]]/', $char)) { + $string .= '\x' . bin2hex($char); + } else { + $string .= $char; + } + } + + return $string; + } +} \ No newline at end of file diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 8465e5794..b62cadca0 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -41,8 +41,6 @@ class AppModel extends Model private $__profiler = array(); - public $elasticSearchClient; - /** @var AttachmentTool|null */ private $attachmentTool; @@ -85,7 +83,9 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false + 99 => false, 100 => false, 101 => false, 102 => false, 103 => false, 104 => false, + 105 => false, 106 => false, 107 => false, 108 => false, 109 => false, 110 => false, + 111 => false, 112 => false, 113 => true, 114 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1882,6 +1882,97 @@ class AppModel extends Model $sqlArray[] = "ALTER TABLE `event_tags` ADD `relationship_type` varchar(191) NULL DEFAULT '';"; $sqlArray[] = "ALTER TABLE `attribute_tags` ADD `relationship_type` varchar(191) NULL DEFAULT '';"; break; + case 100: + $sqlArray[] = "CREATE TABLE IF NOT EXISTS `access_logs` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `created` datetime(4) NOT NULL, + `user_id` int(11) NOT NULL, + `org_id` int(11) NOT NULL, + `authkey_id` int(11) DEFAULT NULL, + `ip` varbinary(16) DEFAULT NULL, + `request_method` tinyint NOT NULL, + `user_agent` varchar(255) DEFAULT NULL, + `request_id` varchar(255) DEFAULT NULL, + `controller` varchar(20) NOT NULL, + `action` varchar(20) NOT NULL, + `url` varchar(255) NOT NULL, + `request` blob, + `response_code` smallint NOT NULL, + `memory_usage` int(11) NOT NULL, + `duration` int(11) NOT NULL, + `query_count` int(11) NOT NULL, + PRIMARY KEY (`id`), + INDEX `user_id` (`user_id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; + break; + case 101: + $sqlArray[] = "CREATE TABLE IF NOT EXISTS `taxii_servers` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `uuid` varchar(40) COLLATE utf8_bin NOT NULL , + `name` varchar(191) NOT NULL, + `owner` varchar(191) NOT NULL, + `baseurl` varchar(191) NOT NULL, + `api_root` varchar(191) NOT NULL DEFAULT 0, + `description` text, + `filters` text, + `api_key` varchar(255)COLLATE utf8_bin NOT NULL, + PRIMARY KEY (`id`), + INDEX `uuid` (`uuid`), + INDEX `name` (`name`), + INDEX `baseurl` (`baseurl`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; + break; + case 102: + $sqlArray[] = "UPDATE roles SET perm_audit = 1;"; + break; + case 103: + $sqlArray[] = "ALTER TABLE `taxonomies` ADD `highlighted` tinyint(1) DEFAULT 0;"; + break; + case 104: + $sqlArray[] = "ALTER TABLE `access_logs` ADD `query_log` blob DEFAULT NULL"; + break; + case 105: + // set a default role if there is none + if (!$this->AdminSetting->getSetting('default_role')) { + $role = ClassRegistry::init('Role')->findByName('User'); + if ($role) { + $sqlArray[] = "INSERT INTO `admin_settings` (setting, value) VALUES ('default_role', '".$role['Role']['id']."');"; + } else { + // there is no role called User, do nothing + } + } + break; + case 106: + $sqlArray[] = "ALTER TABLE `taxii_servers` MODIFY `baseurl` varchar(191) NOT NULL;"; + break; + case 107: + $sqlArray[] = "ALTER TABLE `auth_keys` ADD `unique_ips` text COLLATE utf8mb4_unicode_ci"; + break; + case 108: + $sqlArray[] = "ALTER TABLE `workflows` MODIFY `data` LONGTEXT;"; + break; + case 109: + $sqlArray[] = "UPDATE `over_correlating_values` SET `value` = LOWER(`value`) COLLATE utf8mb4_unicode_ci;"; + break; + case 110: + $sqlArray[] = "ALTER TABLE `users` ADD `totp` varchar(255) DEFAULT NULL;"; + $sqlArray[] = "ALTER TABLE `users` ADD `hotp_counter` int(11) DEFAULT NULL;"; + break; + case 111: + $sqlArray[] = "ALTER TABLE `taxii_servers` ADD `collection` varchar(40) CHARACTER SET ascii DEFAULT NULL;"; + break; + case 112: + $sqlArray[] = "ALTER TABLE `roles` ADD `perm_view_feed_correlations` tinyint(1) NOT NULL DEFAULT 0;"; + break; + case 113: + // we only want to update the existing roles - going forward the default is still 0 + // Also, we want to execute it as a separate update to ensure that cache clearing is done correctly + $this->cleanCacheFiles(); + $sqlArray[] = "UPDATE roles SET perm_view_feed_correlations = 1;"; + break; + case 114: + $indexArray[] = ['object_references', 'uuid']; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; @@ -2361,7 +2452,7 @@ class AppModel extends Model 'action' => 'update_db_worker', 'user_id' => 0, 'title' => __('Issues executing run_updates'), - 'change' => __('Database updates are locked. Worker not spawned') + 'change' => __('Database updates are locked. Make sure that you have an update worker running. If you do, it might be related to an update\'s execution repeatedly failing or still being in progress.') )); if (!empty($job)) { // if multiple prio worker is enabled, want to mark them as done $job['Job']['progress'] = 100; @@ -2952,17 +3043,6 @@ class AppModel extends Model return self::$loadedPubSubTool; } - protected function getElasticSearchTool() - { - if (!$this->elasticSearchClient) { - App::uses('ElasticSearchClient', 'Tools'); - $client = new ElasticSearchClient(); - $client->initTool(); - $this->elasticSearchClient = $client; - } - return $this->elasticSearchClient; - } - /** * @return BackgroundJobsTool */ @@ -3023,6 +3103,16 @@ class AppModel extends Model return [$subQuery]; } + /** + * Returns estimated number of table rows + * @return int + */ + public function tableRows() + { + $rows = $this->query("SELECT TABLE_ROWS FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '{$this->table}';"); + return $rows[0]['TABLES']['TABLE_ROWS']; + } + // start a benchmark run for the given bench name public function benchmarkInit($name = 'default') { @@ -3244,10 +3334,12 @@ class AppModel extends Model $filter = array(); foreach ($temp as $f) { $f = strval($f); - if ($f[0] === '!') { - $filter['NOT'][] = substr($f, 1); - } else { - $filter['OR'][] = $f; + if ($f !== '') { + if ($f[0] === '!') { + $filter['NOT'][] = substr($f, 1); + } else { + $filter['OR'][] = $f; + } } } return $filter; @@ -3523,6 +3615,11 @@ class AppModel extends Model */ protected function logException($message, Exception $exception, $type = LOG_ERR) { + // If Sentry is installed, send exception to Sentry + if (function_exists('\Sentry\captureException') && $type === LOG_ERR) { + \Sentry\captureException($exception); + } + $message .= "\n"; do { @@ -3860,4 +3957,35 @@ class AppModel extends Model ); "); } + + public function findOrder($order, $order_model, $valid_order_fields) + { + if (!is_array($order)) { + $order_rules = explode(' ', strtolower($order)); + $order_field = explode('.', $order_rules[0]); + $order_field = end($order_field); + if (in_array($order_field, $valid_order_fields)) { + $direction = 'asc'; + if (!empty($order_rules[1]) && trim($order_rules[1]) === 'desc') { + $direction = 'desc'; + } + } else { + return null; + } + return $order_model . '.' . $order_field . ' ' . $direction; + } + return null; + } + + /** + * @return string|null + */ + public function _remoteIp() + { + $ipHeader = Configure::read('MISP.log_client_ip_header') ?: null; + if ($ipHeader && isset($_SERVER[$ipHeader])) { + return trim($_SERVER[$ipHeader]); + } + return $_SERVER['REMOTE_ADDR'] ?? null; + } } diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 93a89e50b..ca2c6658a 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -25,7 +25,7 @@ class Attribute extends AppModel { public $combinedKeys = array('event_id', 'category', 'type'); - public $name = 'Attribute'; // TODO general + public $name = 'Attribute'; public $actsAs = array( 'AuditLog', @@ -36,13 +36,14 @@ class Attribute extends AppModel 'Trim', 'Containable', 'Regexp' => array('fields' => array('value')), + 'LightPaginator' ); public $displayField = 'value'; public $virtualFields = array( 'value' => "CASE WHEN Attribute.value2 = '' THEN Attribute.value1 ELSE CONCAT(Attribute.value1, '|', Attribute.value2) END", - ); // TODO hardcoded + ); // explanations of certain fields to be used in various views public $fieldDescriptions = array( @@ -736,29 +737,9 @@ class Attribute extends AppModel return true; } - $type = $this->data['Attribute']['type']; - $conditions = array( - 'Attribute.event_id' => $this->data['Attribute']['event_id'], - 'Attribute.type' => $type, - 'Attribute.category' => $this->data['Attribute']['category'], - 'Attribute.deleted' => 0, - 'Attribute.object_id' => 0, - ); + $existingAttribute = $this->findAttributeByValue($this->data['Attribute']); - $value = $fields['value']; - if (in_array($type, $this->getCompositeTypes(), true)) { - $value = explode('|', $value); - $conditions['Attribute.value1'] = $value[0]; - $conditions['Attribute.value2'] = $value[1]; - } else { - $conditions['Attribute.value1'] = $value; - } - - if (isset($this->data['Attribute']['id'])) { - $conditions['Attribute.id !='] = $this->data['Attribute']['id']; - } - - return !$this->hasAny($conditions); + return empty($existingAttribute); } public function validateTypeValue($fields) @@ -1606,7 +1587,7 @@ class Attribute extends AppModel * @return array * @throws Exception */ - public function fetchAttributes(array $user, array $options = [], &$result_count = false) + public function fetchAttributes(array $user, array $options = [], &$result_count = false, $real_count = false) { $params = array( 'conditions' => $this->buildConditions($user), @@ -1705,7 +1686,14 @@ class Attribute extends AppModel if (empty($options['flatten'])) { $params['conditions']['AND'][] = array('Attribute.object_id' => 0); } - $params['order'] = isset($options['order']) ? $options['order'] : []; + $params['order'] = []; + if (!empty($options['order'])) { + $options['order'] = $this->findOrder( + $options['order'], + 'Attribute', + ['id', 'event_id', 'object_id', 'type', 'category', 'value', 'distribution', 'timestamp', 'object_relation'] + ); + } if (!isset($options['withAttachments'])) { $options['withAttachments'] = false; } @@ -1780,7 +1768,7 @@ class Attribute extends AppModel } // Do not fetch result count when `$result_count` is false - if ($result_count !== false) { + if ($result_count !== false && $real_count == true) { $find_params = $params; unset($find_params['limit']); $result_count = $this->find('count', $find_params); @@ -1792,11 +1780,15 @@ class Attribute extends AppModel $eventTags = []; // tag cache $attributes = []; do { + $continue = true; $results = $this->find('all', $params); if (empty($results)) { break; } - + $iteration_result_count = count($results); + if ($real_count !== true) { + $result_count += count($results); + } if (!empty($options['includeContext'])) { $eventIds = []; foreach ($results as $result) { @@ -1875,7 +1867,7 @@ class Attribute extends AppModel unset($attribute); if ($loop) { - if (count($results) < $loopLimit) { // we fetched less results than limit, so we can skip next query + if ($iteration_result_count < $loopLimit) { // we fetched fewer results than the limit, so we can exit the loop break; } $params['page']++; @@ -2491,6 +2483,10 @@ class Attribute extends AppModel if (!isset($attribute['distribution'])) { $attribute['distribution'] = $this->defaultDistribution(); } + $breakOnDuplicate = true; + if (isset($params['breakOnDuplicate'])) { + $breakOnDuplicate = (bool)$params['breakOnDuplicate']; + } $params = array( 'fieldList' => self::CAPTURE_FIELDS, ); @@ -2504,6 +2500,16 @@ class Attribute extends AppModel unset($attribute['sharing_group_id']); } } + // if breakOnDuplicate=false, try to find the existing attribute by value and set the id and uuid + if ($breakOnDuplicate === false) { + unset($this->validate['value']['uniqueValue']); + $existingAttribute = $this->findAttributeByValue($attribute); + if (!empty($existingAttribute)) { + $attribute['id'] = $existingAttribute['Attribute']['id']; + $attribute['uuid'] = $existingAttribute['Attribute']['uuid']; + $this->id = $attribute['id']; + } + } if (!$this->save(['Attribute' => $attribute], $params)) { $this->logDropped($user, $attribute); } else { @@ -2916,6 +2922,13 @@ class Attribute extends AppModel if (!empty($filters['score'])) { $params['score'] = $filters['score']; } + if (!empty($filters['order'])) { + $params['order'] = $this->findOrder( + $filters['order'], + 'Attribute', + ['id', 'event_id', 'object_id', 'type', 'category', 'value', 'distribution', 'timestamp', 'object_relation'] + ); + } if ($paramsOnly) { return $params; } @@ -2935,7 +2948,8 @@ class Attribute extends AppModel $exportTool->additional_params ); } - + ClassRegistry::init('ConnectionManager'); + $db = ConnectionManager::getDataSource('default'); $tmpfile = new TmpFileTool(); $tmpfile->write($exportTool->header($exportToolParams)); $loop = false; @@ -2969,9 +2983,15 @@ class Attribute extends AppModel $this->Allowedlist = ClassRegistry::init('Allowedlist'); $separator = $exportTool->separator($exportToolParams); $elementCounter = 0; + $real_count = false; + $incrementTotalBy = $loop || $real_count ? 0 : 1; do { - $results = $this->fetchAttributes($user, $params, $elementCounter); - $totalCount = $elementCounter; + $results = $this->fetchAttributes($user, $params, $elementCounter, $real_count); + if (!$real_count) { + $totalCount = $params['limit'] * ($params['page'] - 1) + $elementCounter; + } else { + $totalCount = $elementCounter; + } $elementCounter = false; // do not call `count` again if (empty($results)) { break; // nothing found, skip rest @@ -2987,13 +3007,109 @@ class Attribute extends AppModel $tmpfile->writeWithSeparator($handlerResult, $separator); } } - if ($loop && count($results) < $params['limit']) { - break; // do not continue if we received less results than limit + if (count($results) < $params['limit']) { + $incrementTotalBy = 0; + if ($loop) { + break; // do not continue if we received less results than limit + } } $params['page'] += 1; } while ($loop); + return $totalCount + $incrementTotalBy; + } - return $totalCount; + public function bro($user, $type, $tags = false, $eventId = false, $from = false, $to = false, $last = false, $enforceWarninglist = false, $skipHeader = false) + { + App::uses('BroExport', 'Export'); + $export = new BroExport(); + if ($type == 'all') { + $types = array_keys($export->mispTypes); + } else { + $types = array($type); + } + $intel = array(); + foreach ($types as $type) { + //restricting to non-private or same org if the user is not a site-admin. + $conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1); + if ($from) { + $conditions['AND']['Event.date >='] = $from; + } + if ($to) { + $conditions['AND']['Event.date <='] = $to; + } + if ($last) { + $conditions['AND']['Event.publish_timestamp >='] = $last; + } + if ($eventId !== false) { + $temp = array(); + $args = $this->dissectArgs($eventId); + foreach ($args[0] as $accepted) { + $temp['OR'][] = array('Event.id' => $accepted); + } + $conditions['AND'][] = $temp; + $temp = array(); + foreach ($args[1] as $rejected) { + $temp['AND'][] = array('Event.id !=' => $rejected); + } + $conditions['AND'][] = $temp; + } + if ($tags !== false) { + // If we sent any tags along, load the associated tag names for each attribute + $tag = ClassRegistry::init('Tag'); + $args = $this->dissectArgs($tags); + $tagArray = $tag->fetchEventTagIds($args[0], $args[1]); + $temp = array(); + foreach ($tagArray[0] as $accepted) { + $temp['OR'][] = array('Event.id' => $accepted); + } + $conditions['AND'][] = $temp; + $temp = array(); + foreach ($tagArray[1] as $rejected) { + $temp['AND'][] = array('Event.id !=' => $rejected); + } + $conditions['AND'][] = $temp; + } + $this->Allowedlist = ClassRegistry::init('Allowedlist'); + $this->allowedlist = $this->Allowedlist->getBlockedValues(); + $instanceString = 'MISP'; + if (Configure::read('MISP.host_org_id') && Configure::read('MISP.host_org_id') > 0) { + $this->Event->Orgc->id = Configure::read('MISP.host_org_id'); + if ($this->Event->Orgc->exists()) { + $instanceString = $this->Event->Orgc->field('name') . ' MISP'; + } + } + $mispTypes = $export->getMispTypes($type); + foreach ($mispTypes as $mispType) { + $conditions['AND']['Attribute.type'] = $mispType[0]; + $intel = array_merge($intel, $this->__bro($user, $conditions, $mispType[1], $export, $this->allowedlist, $instanceString, $enforceWarninglist)); + } + } + natsort($intel); + $intel = array_unique($intel); + if (empty($skipHeader)) { + array_unshift($intel, $export->header); + } + return $intel; + } + + private function __bro($user, $conditions, $valueField, $export, $allowedlist, $instanceString, $enforceWarninglist) + { + $attributes = $this->fetchAttributes( + $user, + array( + 'conditions' => $conditions, // array of conditions + 'order' => 'Attribute.value' . $valueField . ' ASC', + 'recursive' => -1, // int + 'fields' => array('Attribute.id', 'Attribute.event_id', 'Attribute.type', 'Attribute.category', 'Attribute.comment', 'Attribute.to_ids', 'Attribute.value', 'Attribute.value' . $valueField), + 'contain' => array('Event' => array('fields' => array('Event.id', 'Event.threat_level_id', 'Event.orgc_id', 'Event.uuid'))), + 'enforceWarninglist' => $enforceWarninglist, + 'flatten' => 1 + ) + ); + $orgs = $this->Event->Orgc->find('list', array( + 'fields' => array('Orgc.id', 'Orgc.name') + )); + return $export->export($attributes, $orgs, $valueField, $allowedlist, $instanceString); } public function set_filter_uuid(&$params, $conditions, $options) @@ -3139,7 +3255,7 @@ class Attribute extends AppModel 'Payload delivery' => array( 'desc' => __('Information about how the malware is delivered'), 'formdesc' => __('Information about the way the malware payload is initially delivered, for example information about the email or web-site, vulnerability used, originating IP etc. Malware sample itself should be attached here.'), - 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'mac-address', 'mac-eui-64', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'mime-type', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'cpe', 'weakness', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'jarm-fingerprint', 'hassh-md5', 'hasshserver-md5', 'other', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'mobile-application-id', 'chrome-extension-id', 'whois-registrant-email', 'anonymised') + 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'mac-address', 'mac-eui-64', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'mime-type', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'cpe', 'weakness', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'jarm-fingerprint', 'hassh-md5', 'hasshserver-md5', 'other', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'azure-application-id', 'mobile-application-id', 'chrome-extension-id', 'whois-registrant-email', 'anonymised') ), 'Artifacts dropped' => array( 'desc' => __('Any artifact (files, registry keys etc.) dropped by the malware or other modifications to the system'), @@ -3148,7 +3264,7 @@ class Attribute extends AppModel 'Payload installation' => array( 'desc' => __('Info on where the malware gets installed in the system'), 'formdesc' => __('Location where the payload was placed in the system and the way it was installed. For example, a filename|md5 type attribute can be added here like this: c:\\windows\\system32\\malicious.exe|41d8cd98f00b204e9800998ecf8427e.'), - 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy', 'filename|pehash', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'vulnerability', 'cpe','weakness', 'attachment', 'malware-sample', 'malware-type', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'mobile-application-id', 'chrome-extension-id', 'other', 'mime-type', 'anonymised') + 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy', 'filename|pehash', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'vulnerability', 'cpe','weakness', 'attachment', 'malware-sample', 'malware-type', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'azure-application-id', 'azure-application-id', 'mobile-application-id', 'chrome-extension-id', 'other', 'mime-type', 'anonymised') ), 'Persistence mechanism' => array( 'desc' => __('Mechanisms used by the malware to start at boot'), @@ -3206,20 +3322,20 @@ class Attribute extends AppModel private function generateTypeDefinitions() { return array( - 'md5' => array('desc' => __('A checksum in md5 format'), 'formdesc' => __("You are encouraged to use filename|md5 instead. A checksum in md5 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha1' => array('desc' => __('A checksum in sha1 format'), 'formdesc' => __("You are encouraged to use filename|sha1 instead. A checksum in sha1 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha256' => array('desc' => __('A checksum in sha256 format'), 'formdesc' => __("You are encouraged to use filename|sha256 instead. A checksum in sha256 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'md5' => array('desc' => __('A checksum in MD5 format'), 'formdesc' => __("You are encouraged to use filename|md5 instead. A checksum in md5 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha1' => array('desc' => __('A checksum in SHA1 format'), 'formdesc' => __("You are encouraged to use filename|sha1 instead. A checksum in sha1 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha256' => array('desc' => __('A checksum in SHA256 format'), 'formdesc' => __("You are encouraged to use filename|sha256 instead. A checksum in sha256 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'filename' => array('desc' => __('Filename'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'pdb' => array('desc' => __('Microsoft Program database (PDB) path information'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0), - 'filename|md5' => array('desc' => __('A filename and an md5 hash separated by a |'), 'formdesc' => __("A filename and an md5 hash separated by a | (no spaces)"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha1' => array('desc' => __('A filename and an sha1 hash separated by a |'), 'formdesc' => __("A filename and an sha1 hash separated by a | (no spaces)"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha256' => array('desc' => __('A filename and an sha256 hash separated by a |'), 'formdesc' => __("A filename and an sha256 hash separated by a | (no spaces)"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|md5' => array('desc' => __('A filename and an MD5 hash separated by a |'), 'formdesc' => __("A filename and an md5 hash separated by a | (no spaces)"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha1' => array('desc' => __('A filename and an SHA1 hash separated by a |'), 'formdesc' => __("A filename and an sha1 hash separated by a | (no spaces)"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha256' => array('desc' => __('A filename and an SHA256 hash separated by a |'), 'formdesc' => __("A filename and an sha256 hash separated by a | (no spaces)"), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'ip-src' => array('desc' => __("A source IP address of the attacker"), 'default_category' => 'Network activity', 'to_ids' => 1), 'ip-dst' => array('desc' => __('A destination IP address of the attacker or C&C server'), 'formdesc' => __("A destination IP address of the attacker or C&C server. Also set the IDS flag on when this IP is hardcoded in malware"), 'default_category' => 'Network activity', 'to_ids' => 1), 'hostname' => array('desc' => __('A full host/dnsname of an attacker'), 'formdesc' => __("A full host/dnsname of an attacker. Also set the IDS flag on when this hostname is hardcoded in malware"), 'default_category' => 'Network activity', 'to_ids' => 1), 'domain' => array('desc' => __('A domain name used in the malware'), 'formdesc' => __("A domain name used in the malware. Use this instead of hostname when the upper domain is important or can be used to create links between events."), 'default_category' => 'Network activity', 'to_ids' => 1), 'domain|ip' => array('desc' => __('A domain name and its IP address (as found in DNS lookup) separated by a |'),'formdesc' => __("A domain name and its IP address (as found in DNS lookup) separated by a | (no spaces)"), 'default_category' => 'Network activity', 'to_ids' => 1), - 'email' => array('desc' => ('An e-mail address'), 'default_category' => 'Social network', 'to_ids' => 1), + 'email' => array('desc' => ('An email address'), 'default_category' => 'Social network', 'to_ids' => 1), 'email-src' => array('desc' => __("The source email address. Used to describe the sender when describing an e-mail."), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'eppn' => array('desc' => __("eduPersonPrincipalName - eppn - the NetId of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain."), 'default_category' => 'Network activity', 'to_ids' => 1), 'email-dst' => array('desc' => __("The destination email address. Used to describe the recipient when describing an e-mail."), 'default_category' => 'Network activity', 'to_ids' => 1), @@ -3227,8 +3343,8 @@ class Attribute extends AppModel 'email-attachment' => array('desc' => __("File name of the email attachment."), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'email-body' => array('desc' => __('Email body'), 'default_category' => 'Payload delivery', 'to_ids' => 0), 'float' => array('desc' => __("A floating point value."), 'default_category' => 'Other', 'to_ids' => 0), - 'git-commit-id' => array('desc' => __("A git commit ID."), 'default_category' => 'Internal reference', 'to_ids' => 0), - 'url' => array('desc' => __('url'), 'default_category' => 'Network activity', 'to_ids' => 1), + 'git-commit-id' => array('desc' => __("A Git commit ID."), 'default_category' => 'Internal reference', 'to_ids' => 0), + 'url' => array('desc' => __('Uniform Resource Locator'), 'default_category' => 'Network activity', 'to_ids' => 1), 'http-method' => array('desc' => __("HTTP method used by the malware (e.g. POST, GET, ...)."), 'default_category' => 'Network activity', 'to_ids' => 0), 'user-agent' => array('desc' => __("The user-agent used by the malware in the HTTP request."), 'default_category' => 'Network activity', 'to_ids' => 0), 'ja3-fingerprint-md5' => array('desc' => __("JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence."), 'default_category' => 'Network activity', 'to_ids' => 1), @@ -3242,7 +3358,7 @@ class Attribute extends AppModel 'snort' => array('desc' => __('An IDS rule in Snort rule-format'), 'formdesc' => __("An IDS rule in Snort rule-format. This rule will be automatically rewritten in the NIDS exports."), 'default_category' => 'Network activity', 'to_ids' => 1), 'bro' => array('desc' => __('An NIDS rule in the Bro rule-format'), 'formdesc' => __("An NIDS rule in the Bro rule-format."), 'default_category' => 'Network activity', 'to_ids' => 1), 'zeek' => array('desc' => __('An NIDS rule in the Zeek rule-format'), 'formdesc' => __("An NIDS rule in the Zeek rule-format."), 'default_category' => 'Network activity', 'to_ids' => 1), - 'community-id' => array('desc' => __('a community ID flow hashing algorithm to map multiple traffic monitors into common flow id'), 'formdesc' => __("a community ID flow hashing algorithm to map multiple traffic monitors into common flow id"), 'default_category' => 'Network activity', 'to_ids' => 1), + 'community-id' => array('desc' => __('A community ID flow hashing algorithm to map multiple traffic monitors into common flow id'), 'formdesc' => __("a community ID flow hashing algorithm to map multiple traffic monitors into common flow id"), 'default_category' => 'Network activity', 'to_ids' => 1), 'pattern-in-file' => array('desc' => __('Pattern in file that identifies the malware'), 'default_category' => 'Payload installation', 'to_ids' => 1), 'pattern-in-traffic' => array('desc' => __('Pattern in network traffic that identifies the malware'), 'default_category' => 'Network activity', 'to_ids' => 1), 'pattern-in-memory' => array('desc' => __('Pattern in memory dump that identifies the malware'), 'default_category' => 'Payload installation', 'to_ids' => 1), @@ -3250,7 +3366,7 @@ class Attribute extends AppModel 'pgp-public-key' => array('desc' => __('A PGP public key'), 'default_category' => 'Person', 'to_ids' => 0), 'pgp-private-key' => array('desc' => __('A PGP private key'), 'default_category' => 'Person', 'to_ids' => 0), 'ssh-fingerprint' => array('desc' => __('A fingerprint of SSH key material'), 'default_category' => 'Network activity', 'to_ids' => 0), - 'yara' => array('desc' => __('Yara signature'), 'default_category' => 'Payload installation', 'to_ids' => 1), + 'yara' => array('desc' => __('YARA signature'), 'default_category' => 'Payload installation', 'to_ids' => 1), 'stix2-pattern' => array('desc' => __('STIX 2 pattern'), 'default_category' => 'Payload installation', 'to_ids' => 1), 'sigma' => array('desc' => __('Sigma - Generic Signature Format for SIEM Systems'), 'default_category' => 'Payload installation', 'to_ids' => 1), 'gene' => array('desc' => __('GENE - Go Evtx sigNature Engine'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0), @@ -3260,7 +3376,7 @@ class Attribute extends AppModel 'cookie' => array('desc' => __('HTTP cookie as often stored on the user web client. This can include authentication cookie or session cookie.'), 'default_category' => 'Network activity', 'to_ids' => 0), 'vulnerability' => array('desc' => __('A reference to the vulnerability used in the exploit'), 'default_category' => 'External analysis', 'to_ids' => 0), 'cpe' => array('desc' => __('Common Platform Enumeration - structured naming scheme for information technology systems, software, and packages.'), 'default_category' => 'External analysis', 'to_ids' => 0), - 'weakness' => array('desc'=> __('A reference to the weakness used in the exploit'), 'default_category' => 'External analysis', 'to_ids' => 0), + 'weakness' => array('desc'=> __('A reference to the weakness (CWE) used in the exploit'), 'default_category' => 'External analysis', 'to_ids' => 0), 'attachment' => array('desc' => __('Attachment with external information'), 'formdesc' => __("Please upload files using the Upload Attachment button."), 'default_category' => 'External analysis', 'to_ids' => 0), 'malware-sample' => array('desc' => __('Attachment containing encrypted malware sample'), 'formdesc' => __("Please upload files using the Upload Attachment button."), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'link' => array('desc' => __('Link to an external information'), 'default_category' => 'External analysis', 'to_ids' => 0), @@ -3298,34 +3414,34 @@ class Attribute extends AppModel 'ssdeep' => array('desc' => __('A checksum in ssdeep format'), 'formdesc' => __("You are encouraged to use filename|ssdeep instead. A checksum in the SSDeep format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'imphash' => array('desc' => __('Import hash - a hash created based on the imports in the sample.'), 'formdesc' => __("You are encouraged to use filename|imphash instead. A hash created based on the imports in the sample, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'telfhash' => array('desc' => __('telfhash is symbol hash for ELF files, just like imphash is imports hash for PE files.'), 'formdesc' => __("You are encouraged to use a file object with telfash"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'pehash' => array('desc' => __('PEhash - a hash calculated based of certain pieces of a PE executable file'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'pehash' => array('desc' => __('peHash - a hash calculated based of certain pieces of a PE executable file'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'impfuzzy' => array('desc' => __('A fuzzy hash of import table of Portable Executable format'), 'formdesc' => __("You are encouraged to use filename|impfuzzy instead. A fuzzy hash created based on the imports in the sample, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha224' => array('desc' => __('A checksum in sha-224 format'), 'formdesc' => __("You are encouraged to use filename|sha224 instead. A checksum in sha224 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha384' => array('desc' => __('A checksum in sha-384 format'), 'formdesc' => __("You are encouraged to use filename|sha384 instead. A checksum in sha384 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha512' => array('desc' => __('A checksum in sha-512 format'), 'formdesc' => __("You are encouraged to use filename|sha512 instead. A checksum in sha512 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha512/224' => array('desc' => __('A checksum in the sha-512/224 format'), 'formdesc' => __("You are encouraged to use filename|sha512/224 instead. A checksum in sha512/224 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha512/256' => array('desc' => __('A checksum in the sha-512/256 format'), 'formdesc' => __("You are encouraged to use filename|sha512/256 instead. A checksum in sha512/256 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha3-224' => array('desc' => __('A checksum in sha3-224 format'), 'formdesc' => __("You are encouraged to use filename|sha3-224 instead. A checksum in sha3-224 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha3-256' => array('desc' => __('A checksum in sha3-256 format'), 'formdesc' => __("You are encouraged to use filename|sha3-256 instead. A checksum in sha3-256 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha3-384' => array('desc' => __('A checksum in sha3-384 format'), 'formdesc' => __("You are encouraged to use filename|sha3-384 instead. A checksum in sha3-384 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'sha3-512' => array('desc' => __('A checksum in sha3-512 format'), 'formdesc' => __("You are encouraged to use filename|sha3-512 instead. A checksum in sha3-512 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha224' => array('desc' => __('A checksum in SHA-224 format'), 'formdesc' => __("You are encouraged to use filename|sha224 instead. A checksum in sha224 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha384' => array('desc' => __('A checksum in SHA-384 format'), 'formdesc' => __("You are encouraged to use filename|sha384 instead. A checksum in sha384 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha512' => array('desc' => __('A checksum in SHA-512 format'), 'formdesc' => __("You are encouraged to use filename|sha512 instead. A checksum in sha512 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha512/224' => array('desc' => __('A checksum in the SHA-512/224 format'), 'formdesc' => __("You are encouraged to use filename|sha512/224 instead. A checksum in sha512/224 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha512/256' => array('desc' => __('A checksum in the SHA-512/256 format'), 'formdesc' => __("You are encouraged to use filename|sha512/256 instead. A checksum in sha512/256 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha3-224' => array('desc' => __('A checksum in SHA3-224 format'), 'formdesc' => __("You are encouraged to use filename|sha3-224 instead. A checksum in sha3-224 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha3-256' => array('desc' => __('A checksum in SHA3-256 format'), 'formdesc' => __("You are encouraged to use filename|sha3-256 instead. A checksum in sha3-256 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha3-384' => array('desc' => __('A checksum in SHA3-384 format'), 'formdesc' => __("You are encouraged to use filename|sha3-384 instead. A checksum in sha3-384 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'sha3-512' => array('desc' => __('A checksum in SHA3-512 format'), 'formdesc' => __("You are encouraged to use filename|sha3-512 instead. A checksum in sha3-512 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'tlsh' => array('desc' => __('A checksum in the Trend Micro Locality Sensitive Hash format'), 'formdesc' => __("You are encouraged to use filename|tlsh instead. A checksum in the Trend Micro Locality Sensitive Hash format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'cdhash' => array('desc' => __('An Apple Code Directory Hash, identifying a code-signed Mach-O executable file'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|authentihash' => array('desc' => __('A checksum in md5 format'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|authentihash' => array('desc' => __('A filename and Authenticode executable signature hash'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'filename|vhash' => array('desc' => __('A filename and a VirusTotal hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'filename|ssdeep' => array('desc' => __('A checksum in ssdeep format'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'filename|imphash' => array('desc' => __('Import hash - a hash created based on the imports in the sample.'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'filename|impfuzzy' => array('desc' => __('Import fuzzy hash - a fuzzy hash created based on the imports in the sample.'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|pehash' => array('desc' => __('A filename and a PEhash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha224' => array('desc' => __('A filename and a sha-224 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha384' => array('desc' => __('A filename and a sha-384 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha512' => array('desc' => __('A filename and a sha-512 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha512/224' => array('desc' => __('A filename and a sha-512/224 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha512/256' => array('desc' => __('A filename and a sha-512/256 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha3-224' => array('desc' => __('A filename and an sha3-224 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha3-256' => array('desc' => __('A filename and an sha3-256 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha3-384' => array('desc' => __('A filename and an sha3-384 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), - 'filename|sha3-512' => array('desc' => __('A filename and an sha3-512 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|pehash' => array('desc' => __('A filename and a peHash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha224' => array('desc' => __('A filename and a SHA-224 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha384' => array('desc' => __('A filename and a SHA-384 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha512' => array('desc' => __('A filename and a SHA-512 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha512/224' => array('desc' => __('A filename and a SHa-512/224 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha512/256' => array('desc' => __('A filename and a SHA-512/256 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha3-224' => array('desc' => __('A filename and an SHA3-224 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha3-256' => array('desc' => __('A filename and an SHA3-256 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha3-384' => array('desc' => __('A filename and an SHA3-384 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'filename|sha3-512' => array('desc' => __('A filename and an SHA3-512 hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'filename|tlsh' => array('desc' => __('A filename and a Trend Micro Locality Sensitive Hash separated by a |'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'windows-scheduled-task' => array('desc' => __('A scheduled task in windows'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0), 'windows-service-name' => array('desc' => __('A windows service name. This is the name used internally by windows. Not to be confused with the windows-service-displayname.'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0), @@ -3343,7 +3459,7 @@ class Attribute extends AppModel 'x509-fingerprint-sha1' => array('desc' => __('X509 fingerprint in SHA-1 format'), 'default_category' => 'Network activity', 'to_ids' => 1), 'x509-fingerprint-md5' => array('desc' => __('X509 fingerprint in MD5 format'), 'default_category' => 'Network activity', 'to_ids' => 1), 'x509-fingerprint-sha256' => array('desc' => __('X509 fingerprint in SHA-256 format'), 'default_category' => 'Network activity', 'to_ids' => 1), - 'dns-soa-email' => array('desc' => __('RFC1035 mandates that DNS zones should have a SOA (Statement Of Authority) record that contains an email address where a PoC for the domain could be contacted. This can sometimes be used for attribution/linkage between different domains even if protected by whois privacy'), 'default_category' => 'Attribution', 'to_ids' => 0), + 'dns-soa-email' => array('desc' => __('RFC 1035 mandates that DNS zones should have a SOA (Statement Of Authority) record that contains an email address where a PoC for the domain could be contacted. This can sometimes be used for attribution/linkage between different domains even if protected by whois privacy'), 'default_category' => 'Attribution', 'to_ids' => 0), 'size-in-bytes' => array('desc' => __('Size expressed in bytes'), 'default_category' => 'Other', 'to_ids' => 0), 'counter' => array('desc' => __('An integer counter, generally to be used in objects'), 'default_category' => 'Other', 'to_ids' => 0), 'datetime' => array('desc' => __('Datetime in the ISO 8601 format'), 'default_category' => 'Other', 'to_ids' => 0), @@ -3351,8 +3467,8 @@ class Attribute extends AppModel 'ip-dst|port' => array('desc' => __('IP destination and port number separated by a |'), 'default_category' => 'Network activity', 'to_ids' => 1), 'ip-src|port' => array('desc' => __('IP source and port number separated by a |'), 'default_category' => 'Network activity', 'to_ids' => 1), 'hostname|port' => array('desc' => __('Hostname and port number separated by a |'), 'default_category' => 'Network activity', 'to_ids' => 1), - 'mac-address' => array('desc' => __('Mac address'), 'default_category' => 'Network activity', 'to_ids' => 0), - 'mac-eui-64' => array('desc' => __('Mac EUI-64 address'), 'default_category' => 'Network activity', 'to_ids' => 0), + 'mac-address' => array('desc' => __('MAC address'), 'default_category' => 'Network activity', 'to_ids' => 0), + 'mac-eui-64' => array('desc' => __('MAC EUI-64 address'), 'default_category' => 'Network activity', 'to_ids' => 0), // verify IDS flag defaults for these 'email-dst-display-name' => array('desc' => __('Email destination display name'), 'default_category' => 'Payload delivery', 'to_ids' => 0), 'email-src-display-name' => array('desc' => __('Email source display name'), 'default_category' => 'Payload delivery', 'to_ids' => 0), @@ -3362,9 +3478,9 @@ class Attribute extends AppModel 'email-mime-boundary' => array('desc' => __('The email mime boundary separating parts in a multipart email'), 'default_category' => 'Payload delivery', 'to_ids' => 0), 'email-thread-index' => array('desc' => __('The email thread index header'), 'default_category' => 'Payload delivery', 'to_ids' => 0), 'email-message-id' => array('desc' => __('The email message ID'), 'default_category' => 'Payload delivery', 'to_ids' => 0), - 'github-username' => array('desc' => __('A github user name'), 'default_category' => 'Social network', 'to_ids' => 0), - 'github-repository' => array('desc' => __('A github repository'), 'default_category' => 'Social network', 'to_ids' => 0), - 'github-organisation' => array('desc' => __('A github organisation'), 'default_category' => 'Social network', 'to_ids' => 0), + 'github-username' => array('desc' => __('A GitHub user name'), 'default_category' => 'Social network', 'to_ids' => 0), + 'github-repository' => array('desc' => __('A Github repository'), 'default_category' => 'Social network', 'to_ids' => 0), + 'github-organisation' => array('desc' => __('A GitHub organisation'), 'default_category' => 'Social network', 'to_ids' => 0), 'jabber-id' => array('desc' => __('Jabber ID'), 'default_category' => 'Social network', 'to_ids' => 0), 'twitter-id' => array('desc' => __('Twitter ID'), 'default_category' => 'Social network', 'to_ids' => 0), 'dkim' => array('desc' => __('DKIM public key'), 'default_category' => 'Network activity', 'to_ids' => 0), @@ -3396,6 +3512,7 @@ class Attribute extends AppModel 'place-port-of-onward-foreign-destination' => array('desc' => __('A Port where the passenger is transiting to'), 'default_category' => 'Person', 'to_ids' => 0), 'passenger-name-record-locator-number' => array('desc' => __('The Passenger Name Record Locator is a key under which the reservation for a trip is stored in the system. The PNR contains, among other data, the name, flight segments and address of the passenger. It is defined by a combination of five or six letters and numbers.'), 'default_category' => 'Person', 'to_ids' => 0), 'mobile-application-id' => array('desc' => __('The application id of a mobile application'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'azure-application-id' => array('desc' => __('Azure Application ID.'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'chrome-extension-id' => array('desc' => __('Chrome extension id'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'cortex' => array('desc' => __('Cortex analysis result'), 'default_category' => 'External analysis', 'to_ids' => 0), 'boolean' => array('desc' => __('Boolean value - to be used in objects'), 'default_category' => 'Other', 'to_ids' => 0), @@ -3404,4 +3521,37 @@ class Attribute extends AppModel //'url-regex' => array('desc' => '', 'default_category' => 'Person', 'to_ids' => 0), ); } + + private function findAttributeByValue($attribute) + { + $type = $attribute['type']; + $conditions = [ + 'Attribute.event_id' => $attribute['event_id'], + 'Attribute.type' => $type, + 'Attribute.deleted' => 0, + 'Attribute.object_id' => 0, + ]; + + if (isset($attribute['category'])) { + $conditions['Attribute.category'] = $attribute['category']; + } + + if (in_array($type, $this->getCompositeTypes(), true)) { + $value = explode('|', $attribute['value']); + $conditions['Attribute.value1'] = $value[0]; + $conditions['Attribute.value2'] = $value[1]; + } else { + $conditions['Attribute.value1'] = $attribute['value']; + } + + if (isset($attribute['id'])) { + $conditions['Attribute.id !='] = $attribute['id']; + } + + return $this->find('first', [ + 'recursive' => -1, + 'conditions' => $conditions, + 'fields' => ['Attribute.id', 'Attribute.uuid'] + ]); + } } diff --git a/app/Model/AuditLog.php b/app/Model/AuditLog.php index 51cd1542a..83f0093f9 100644 --- a/app/Model/AuditLog.php +++ b/app/Model/AuditLog.php @@ -9,7 +9,7 @@ App::uses('AppModel', 'Model'); class AuditLog extends AppModel { const BROTLI_HEADER = "\xce\xb2\xcf\x81"; - const BROTLI_MIN_LENGTH = 200; + const COMPRESS_MIN_LENGTH = 256; const ACTION_ADD = 'add', ACTION_EDIT = 'edit', @@ -25,7 +25,11 @@ class AuditLog extends AppModel ACTION_REMOVE_GALAXY = 'remove_galaxy', ACTION_REMOVE_GALAXY_LOCAL = 'remove_local_galaxy', ACTION_PUBLISH = 'publish', - ACTION_PUBLISH_SIGHTINGS = 'publish_sightings'; + ACTION_PUBLISH_SIGHTINGS = 'publish_sightings', + ACTION_LOGIN = 'login', + ACTION_PASSWDCHANGE = 'password_change', + ACTION_LOGOUT = 'logout', + ACTION_LOGIN_FAILED = 'login_failed'; const REQUEST_TYPE_DEFAULT = 0, REQUEST_TYPE_API = 1, @@ -45,9 +49,6 @@ class AuditLog extends AppModel /** @var bool */ private $pubToZmq; - /** @var bool */ - private $elasticLogging; - /** @var bool */ private $logClientIp; @@ -59,6 +60,7 @@ class AuditLog extends AppModel public $compressionStats = [ 'compressed' => 0, + 'bytes_total' => 0, 'bytes_compressed' => 0, 'bytes_uncompressed' => 0, ]; @@ -81,9 +83,9 @@ class AuditLog extends AppModel public function __construct($id = false, $table = null, $ds = null) { parent::__construct($id, $table, $ds); - $this->compressionEnabled = Configure::read('MISP.log_new_audit_compress') && function_exists('brotli_compress'); + $this->compressionEnabled = Configure::read('MISP.log_new_audit_compress') && + function_exists('brotli_compress'); $this->pubToZmq = $this->pubToZmq('audit'); - $this->elasticLogging = Configure::read('Plugin.ElasticSearch_logging_enable'); $this->logClientIp = Configure::read('MISP.log_client_ip'); } @@ -145,6 +147,20 @@ class AuditLog extends AppModel return ''; } + /** + * @param mixed $change + * @return string + * @throws JsonException + */ + private function encodeChange($change) + { + $change = JsonTool::encode($change); + if ($this->compressionEnabled && strlen($change) >= self::COMPRESS_MIN_LENGTH) { + return self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT); + } + return $change; + } + /** * @param string $change * @return array|string @@ -152,10 +168,13 @@ class AuditLog extends AppModel */ private function decodeChange($change) { - if (substr($change, 0, 4) === self::BROTLI_HEADER) { + $len = strlen($change); + $this->compressionStats['bytes_total'] += $len; + $header = substr($change, 0, 4); + if ($header === self::BROTLI_HEADER) { $this->compressionStats['compressed']++; if (function_exists('brotli_uncompress')) { - $this->compressionStats['bytes_compressed'] += strlen($change); + $this->compressionStats['bytes_compressed'] += $len; $change = brotli_uncompress(substr($change, 4)); $this->compressionStats['bytes_uncompressed'] += strlen($change); if ($change === false) { @@ -179,10 +198,7 @@ class AuditLog extends AppModel { $auditLog = &$this->data['AuditLog']; if (!isset($auditLog['ip']) && $this->logClientIp) { - $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - if (isset($_SERVER[$ipHeader])) { - $auditLog['ip'] = $_SERVER[$ipHeader]; - } + $auditLog['ip'] = $this->_remoteIp(); } if (!isset($auditLog['user_id'])) { @@ -222,11 +238,7 @@ class AuditLog extends AppModel } if (isset($auditLog['change'])) { - $change = JsonTool::encode($auditLog['change']); - if ($this->compressionEnabled && strlen($change) >= self::BROTLI_MIN_LENGTH) { - $change = self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT); - } - $auditLog['change'] = $change; + $auditLog['change'] = $this->encodeChange($auditLog['change']); } } @@ -243,12 +255,7 @@ class AuditLog extends AppModel $this->publishKafkaNotification('audit', $data, 'log'); - if ($this->elasticLogging) { - // send off our logs to distributed /dev/null - $logIndex = Configure::read("Plugin.ElasticSearch_log_index"); - $elasticSearchClient = $this->getElasticSearchTool(); - $elasticSearchClient->pushDocument($logIndex, "log", $data); - } + // In future add support for sending logs to elastic // write to syslogd as well if enabled if ($this->syslog === null) { @@ -334,15 +341,34 @@ class AuditLog extends AppModel } } + /** + * @throws JsonException + * @throws Exception + */ public function recompress() { $changes = $this->find('all', [ 'fields' => ['AuditLog.id', 'AuditLog.change'], 'recursive' => -1, - 'conditions' => ['length(AuditLog.change) >=' => self::BROTLI_MIN_LENGTH], + 'conditions' => ['OR' => [ + ['length(AuditLog.change) >=' => self::COMPRESS_MIN_LENGTH], + ['AuditLog.change LIKE' => self::BROTLI_HEADER . '%'], + ]], ]); - foreach ($changes as $change) { - $this->save($change, true, ['id', 'change']); + + $options = [ + 'validate' => false, + 'callbacks' => false, + 'fieldList' => ['change'], + ]; + + foreach (array_chunk($changes, 100) as $chunk) { + $toSave = []; + foreach ($chunk as $change) { + $change['AuditLog']['change'] = $this->encodeChange($change['AuditLog']['change']); + $toSave[] = $change; + } + $this->saveMany($toSave, $options); } } diff --git a/app/Model/AuthKey.php b/app/Model/AuthKey.php index e1caa4e10..fbbd80f1e 100644 --- a/app/Model/AuthKey.php +++ b/app/Model/AuthKey.php @@ -55,6 +55,7 @@ class AuthKey extends AppModel $this->data['AuthKey']['authkey_raw'] = $authkey; } + $validAllowedIpFound = false; if (!empty($this->data['AuthKey']['allowed_ips'])) { $allowedIps = &$this->data['AuthKey']['allowed_ips']; if (is_string($allowedIps)) { @@ -70,12 +71,18 @@ class AuthKey extends AppModel if (!is_array($allowedIps)) { $this->invalidate('allowed_ips', 'Allowed IPs must be array'); } + foreach ($allowedIps as $cidr) { if (!CidrTool::validate($cidr)) { $this->invalidate('allowed_ips', "$cidr is not valid IP range"); + } else { + $validAllowedIpFound = true; } } } + if (!empty(Configure::read('Security.mandate_ip_allowlist_advanced_authkeys')) && $validAllowedIpFound === false){ + $this->invalidate('allowed_ips', "Setting an ip allowlist is mandatory on this instance."); + } $creationTime = isset($this->data['AuthKey']['created']) ? $this->data['AuthKey']['created'] : time(); $validity = Configure::read('Security.advanced_authkeys_validity'); @@ -104,6 +111,12 @@ class AuthKey extends AppModel if (isset($val['AuthKey']['allowed_ips'])) { $results[$key]['AuthKey']['allowed_ips'] = JsonTool::decode($val['AuthKey']['allowed_ips']); } + if (isset($val['AuthKey']['unique_ips'])) { + $results[$key]['AuthKey']['unique_ips'] = JsonTool::decode($val['AuthKey']['unique_ips']); + } else { + $results[$key]['AuthKey']['unique_ips'] = []; + } + } return $results; } @@ -117,6 +130,13 @@ class AuthKey extends AppModel $this->data['AuthKey']['allowed_ips'] = JsonTool::encode($this->data['AuthKey']['allowed_ips']); } } + if (isset($this->data['AuthKey']['unique_ips'])) { + if (empty($this->data['AuthKey']['unique_ips'])) { + $this->data['AuthKey']['unique_ips'] = null; + } else { + $this->data['AuthKey']['unique_ips'] = JsonTool::encode($this->data['AuthKey']['unique_ips']); + } + } return true; } @@ -162,12 +182,27 @@ class AuthKey extends AppModel $possibleAuthkeys = $this->find('all', [ 'recursive' => -1, - 'fields' => ['id', 'authkey', 'user_id', 'expiration', 'allowed_ips', 'read_only'], + 'fields' => ['id', 'authkey', 'user_id', 'expiration', 'allowed_ips', 'read_only', 'unique_ips'], 'conditions' => $conditions, ]); $passwordHasher = $this->getHasher(); foreach ($possibleAuthkeys as $possibleAuthkey) { - if ($passwordHasher->check($authkey, $possibleAuthkey['AuthKey']['authkey'])) { + if ($passwordHasher->check($authkey, $possibleAuthkey['AuthKey']['authkey'])) { // valid authkey + // store IP in db if not there yet + $remote_ip = $this->_remoteIp(); + $update_db_ip = true; + if (in_array($remote_ip, $possibleAuthkey['AuthKey']['unique_ips'])) { + $update_db_ip = false; // IP already seen, skip saving in DB + } else { // first time this IP is seen for this API key + $possibleAuthkey['AuthKey']['unique_ips'][] = $remote_ip; + } + if ($update_db_ip) { + // prevent double entries due to race condition + $possibleAuthkey['AuthKey']['unique_ips'] = array_unique($possibleAuthkey['AuthKey']['unique_ips']); + // save in db + $this->save($possibleAuthkey, ['fieldList' => ['unique_ips']]); + } + // fetch user $user = $this->User->getAuthUser($possibleAuthkey['AuthKey']['user_id']); if ($user) { $user = $this->setUserData($user, $possibleAuthkey); @@ -191,9 +226,9 @@ class AuthKey extends AppModel $user['authkey_read_only'] = (bool)$authkey['AuthKey']['read_only']; if ($authkey['AuthKey']['read_only']) { - // Disable all permissions, keep just `perm_auth` unchanged + // Disable all permissions, keep just `perm_auth` and `perm_audit` unchanged foreach ($user['Role'] as $key => &$value) { - if (substr($key, 0, 5) === 'perm_' && $key !== 'perm_auth') { + if (substr($key, 0, 5) === 'perm_' && $key !== 'perm_auth' && $key !== 'perm_audit') { $value = 0; } } diff --git a/app/Model/Behavior/AuditLogBehavior.php b/app/Model/Behavior/AuditLogBehavior.php index 9355373d3..bc87e8e0b 100644 --- a/app/Model/Behavior/AuditLogBehavior.php +++ b/app/Model/Behavior/AuditLogBehavior.php @@ -26,9 +26,10 @@ class AuditLogBehavior extends ModelBehavior 'current_login' => true, // User 'last_login' => true, // User 'newsread' => true, // User + 'unique_ips' => true, // User 'proposal_email_lock' => true, // Event 'enable_password' => true, - 'confirm_password' => true + 'confirm_password' => true, ]; private $modelInfo = [ @@ -62,18 +63,18 @@ class AuditLogBehavior extends ModelBehavior { // Generate model info for attribute and proposals $attributeInfo = function (array $new, array $old) { - $category = isset($new['category']) ? $new['category'] : $old['category']; - $type = isset($new['type']) ? $new['type'] : $old['type']; - $value1 = trim(isset($new['value1']) ? $new['value1'] : $old['value1']); - $value2 = trim(isset($new['value2']) ? $new['value2'] : $old['value2']); + $category = $new['category'] ?? $old['category']; + $type = $new['type'] ?? $old['type']; + $value1 = trim($new['value1'] ?? $old['value1']); + $value2 = trim($new['value2'] ?? $old['value2']); $value = $value1 . (empty($value2) ? '' : '|' . $value2); return "$category/$type $value"; }; $this->modelInfo['Attribute'] = $attributeInfo; $this->modelInfo['ShadowAttribute'] = $attributeInfo; $this->modelInfo['AuthKey'] = function (array $new, array $old) { - $start = isset($new['authkey_start']) ? $new['authkey_start'] : $old['authkey_start']; - $end = isset($new['authkey_end']) ? $new['authkey_end'] : $old['authkey_end']; + $start = $new['authkey_start'] ?? $old['authkey_start']; + $end = $new['authkey_end'] ?? $old['authkey_end']; return "$start********************************$end"; }; } @@ -171,7 +172,7 @@ class AuditLogBehavior extends ModelBehavior if (isset($this->modelInfo[$model->name])) { $modelTitleField = $this->modelInfo[$model->name]; if (is_callable($modelTitleField)) { - $modelTitle = $modelTitleField($data, isset($this->beforeSave[$model->alias]) ? $this->beforeSave[$model->alias] : []); + $modelTitle = $modelTitleField($data, $this->beforeSave[$model->alias] ?? []); } else if (isset($data[$modelTitleField])) { $modelTitle = $data[$modelTitleField]; } else if ($this->beforeSave[$model->alias][$modelTitleField]) { @@ -182,7 +183,7 @@ class AuditLogBehavior extends ModelBehavior $modelName = $model->name === 'MispObject' ? 'Object' : $model->name; if ($modelName === 'AttributeTag' || $modelName === 'EventTag') { - $isLocal = isset($data['local']) ? $data['local'] : false; + $isLocal = $data['local'] ?? false; $action = $isLocal ? AuditLog::ACTION_TAG_LOCAL : AuditLog::ACTION_TAG; $tagInfo = $this->getTagInfo($model, $data['tag_id']); if ($tagInfo) { @@ -242,7 +243,7 @@ class AuditLogBehavior extends ModelBehavior if ($model->name === 'Event') { $eventId = $model->id; } else { - $eventId = isset($model->data[$model->alias]['event_id']) ? $model->data[$model->alias]['event_id'] : null; + $eventId = $model->data[$model->alias]['event_id'] ?? null; } $modelTitle = null; @@ -260,7 +261,7 @@ class AuditLogBehavior extends ModelBehavior $id = $model->id; if ($modelName === 'AttributeTag' || $modelName === 'EventTag') { - $isLocal = isset($model->data[$model->alias]['local']) ? $model->data[$model->alias]['local'] : false; + $isLocal = $model->data[$model->alias]['local'] ?? false; $action = $isLocal ? AuditLog::ACTION_REMOVE_TAG_LOCAL : AuditLog::ACTION_REMOVE_TAG; $tagInfo = $this->getTagInfo($model, $model->data[$model->alias]['tag_id']); if ($tagInfo) { diff --git a/app/Model/Behavior/DefaultCorrelationBehavior.php b/app/Model/Behavior/DefaultCorrelationBehavior.php index 29beaba68..a61271440 100644 --- a/app/Model/Behavior/DefaultCorrelationBehavior.php +++ b/app/Model/Behavior/DefaultCorrelationBehavior.php @@ -95,7 +95,7 @@ class DefaultCorrelationBehavior extends ModelBehavior return [ $value, (int) $a['Event']['id'], - (int) $a['Attribute']['object_id'], + (int) ($a['Attribute']['object_id'] ?? 0), (int) $a['Attribute']['id'], (int) $a['Event']['org_id'], (int) $a['Attribute']['distribution'], @@ -105,7 +105,7 @@ class DefaultCorrelationBehavior extends ModelBehavior (int) $a['Event']['sharing_group_id'], empty($a['Attribute']['object_id']) ? 0 : (int) $a['Object']['sharing_group_id'], (int) $b['Event']['id'], - (int) $b['Attribute']['object_id'], + (int) ($b['Attribute']['object_id'] ?? 0), (int) $b['Attribute']['id'], (int) $b['Event']['org_id'], (int) $b['Attribute']['distribution'], @@ -527,7 +527,6 @@ class DefaultCorrelationBehavior extends ModelBehavior $correlation[$prefix . 'object_id'] && ( $correlation[$prefix . 'object_distribution'] == 0 || - $correlation[$prefix . 'object_distribution'] == 5 || ( $correlation[$prefix . 'object_distribution'] == 4 && !in_array($correlation[$prefix . 'object_sharing_group_id'], $sgids) diff --git a/app/Model/Bruteforce.php b/app/Model/Bruteforce.php index 2c7894ba9..46c8342f7 100644 --- a/app/Model/Bruteforce.php +++ b/app/Model/Bruteforce.php @@ -5,31 +5,50 @@ App::uses('Sanitize', 'Utility'); class Bruteforce extends AppModel { - public function insert($ip, $username) + public function insert($username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); + $ip = $this->_remoteIp(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; - $expire = time() + $expire; - $expire = date('Y-m-d H:i:s', $expire); + $expireTime = time() + $expire; + $expireTime = date('Y-m-d H:i:s', $expireTime); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), - 'expire' => $expire + 'expire' => $expireTime ); $this->save($bruteforceEntry); - $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; - if ($this->isBlocklisted($ip, $username)) { - $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.'; + $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.'; + if ($this->isBlocklisted($username)) { + $change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The source IP/username is now blocklisted for ' . $expire . ' seconds.'; + } else { + $change = ''; } + // lookup the real user details + $this->User = ClassRegistry::init('User'); + $user = $this->User->find('first', array( + 'conditions' => array('User.email' => $username), + 'fields' => array('User.id', 'Organisation.name'), + 'recursive' => 0)); + if ($user) { + $org = $user['Organisation']['name']; + $userId = $user['User']['id']; + } else { + $org = 'SYSTEM'; + $userId = 0; + } + $log = array( - 'org' => 'SYSTEM', + 'org' => $org, 'model' => 'User', - 'model_id' => 0, + 'model_id' => $userId, 'email' => $username, + 'user_id' => $userId, 'action' => 'login_fail', - 'title' => $title + 'title' => $title, + 'change' => $change ); $this->Log->save($log); } @@ -45,11 +64,12 @@ class Bruteforce extends AppModel $this->query($sql); } - public function isBlocklisted($ip, $username) + public function isBlocklisted($username) { // first remove old expired rows $this->clean(); // count + $ip = $this->_remoteIp(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, diff --git a/app/Model/Community.php b/app/Model/Community.php index 60429a0b7..870657685 100644 --- a/app/Model/Community.php +++ b/app/Model/Community.php @@ -4,37 +4,20 @@ class Community extends AppModel { public $useTable = false; - public $recursive = -1; - - public $actsAs = array( - 'Containable', - ); - - public $validate = array( - ); - - public function beforeValidate($options = array()) - { - parent::beforeValidate(); - return true; - } - + /** + * @param string $context + * @param string|null $value + * @return array + */ public function getCommunityList($context, $value) { - $community_file = new File(APP . 'files/community-metadata/defaults.json'); - if (!$community_file->exists()) { - throw new NotFoundException(__('Default community list not found.')); - } - $community_list = $community_file->read(); - if (empty($community_list)) { - throw new NotFoundException(__('Default community list empty.')); - } try { - $community_list = json_decode($community_list, true); + $community_list = FileAccessTool::readJsonFromFile(APP . 'files/community-metadata/defaults.json'); } catch (Exception $e) { throw new NotFoundException(__('Default community list not in the expected format.')); } - $fieldsToCheck = array('name', 'uuid', 'description', 'url', 'sector', 'nationality', 'type', 'org_uuid', 'org_name'); + + $fieldsToCheck = ['name', 'uuid', 'description', 'url', 'sector', 'nationality', 'type', 'org_uuid', 'org_name']; foreach ($community_list as $k => $v) { if ($v['misp_project_vetted'] === ($context === 'vetted')) { $community_list[$k]['id'] = $k + 1; @@ -44,11 +27,12 @@ class Community extends AppModel continue; } if (!empty($value)) { + $value = mb_strtolower($value); $found = false; foreach ($fieldsToCheck as $field) { - if (strpos(strtolower($v[$field]), $value) !== false) { + if (strpos(mb_strtolower($v[$field]), $value) !== false) { $found = true; - continue; + break; } } if (!$found) { @@ -56,42 +40,32 @@ class Community extends AppModel } } } - $community_list = array_values($community_list); - return $community_list; + return array_values($community_list); } + /** + * @param int|string $id Community ID or UUID + * @return array + */ public function getCommunity($id) { - $community_file = new File(APP . 'files/community-metadata/defaults.json'); - if (!$community_file->exists()) { - throw new NotFoundException(__('Default community list not found.')); - } - $community_list = $community_file->read(); - if (empty($community_list)) { - throw new NotFoundException(__('Default community list empty.')); - } try { - $community_list = json_decode($community_list, true); + $community_list = FileAccessTool::readJsonFromFile(APP . 'files/community-metadata/defaults.json'); } catch (Exception $e) { throw new NotFoundException(__('Default community list not in the expected format.')); } + foreach ($community_list as $k => $v) { $community_list[$k]['id'] = $k + 1; $community_list[$k]['Org'] = array('uuid' => $v['org_uuid'], 'name' => $v['org_name']); } - $community = false; - $lookupField = 'id'; - if (Validation::uuid($id)) { - $lookupField = 'uuid'; - } + + $lookupField = Validation::uuid($id) ? 'uuid' : 'id'; foreach ($community_list as $s) { - if ($s[$lookupField === 'uuid' ? 'uuid' : 'id'] === $id) { - $community = $s; + if ($s[$lookupField === 'uuid' ? 'uuid' : 'id'] == $id) { + return $s; } } - if (empty($community)) { - throw new NotFoundException(__('Community not found.')); - } - return $community; + throw new NotFoundException(__('Community not found.')); } } diff --git a/app/Model/Correlation.php b/app/Model/Correlation.php index c1ad604c6..3bff78c84 100644 --- a/app/Model/Correlation.php +++ b/app/Model/Correlation.php @@ -818,6 +818,11 @@ class Correlation extends AppModel return true; } + /** + * @param array $query + * @return array|false + * @throws RedisException + */ public function findTop(array $query) { try { @@ -825,21 +830,23 @@ class Correlation extends AppModel } catch (Exception $e) { return false; } + $start = $query['limit'] * ($query['page'] -1); $end = $query['limit'] * $query['page'] - 1; $list = $redis->zRevRange(self::CACHE_NAME, $start, $end, true); $results = []; - foreach ($list as $value => $count) { - $realValue = $this->CorrelationValue->find('first', - [ - 'recursive' => -1, - 'conditions' => ['CorrelationValue.id' => $value], - 'fields' => 'CorrelationValue.value' - ] - ); + + $realValues = $this->CorrelationValue->find('list', [ + 'recursive' => -1, + 'conditions' => ['CorrelationValue.id' => array_keys($list)], + 'fields' => ['CorrelationValue.id', 'CorrelationValue.value'], + ]); + + foreach ($list as $valueId => $count) { + $value = $realValues[$valueId] ?? null; $results[] = [ 'Correlation' => [ - 'value' => $realValue['CorrelationValue']['value'], + 'value' => $value, 'count' => $count, 'excluded' => $this->__preventExcludedCorrelations($value), ] diff --git a/app/Model/Dashboard.php b/app/Model/Dashboard.php index c74698530..0503b2bd1 100644 --- a/app/Model/Dashboard.php +++ b/app/Model/Dashboard.php @@ -97,6 +97,7 @@ class Dashboard extends AppModel } } } + ksort($widgets); return $widgets; } diff --git a/app/Model/Datasource/Database/MysqlExtended.php b/app/Model/Datasource/Database/MysqlExtended.php index 9e7eafc29..df20c4281 100644 --- a/app/Model/Datasource/Database/MysqlExtended.php +++ b/app/Model/Datasource/Database/MysqlExtended.php @@ -119,6 +119,33 @@ class MysqlExtended extends Mysql return isset($forceIndexHint) ? ('FORCE INDEX ' . $forceIndexHint) : null; } + /** + * - Do not call microtime when not necessary + * - Count query count even when logging is disabled + * + * @param string $sql + * @param array $options + * @param array $params + * @return mixed + */ + public function execute($sql, $options = [], $params = []) + { + $log = $options['log'] ?? $this->fullDebug; + + if ($log) { + $t = microtime(true); + $this->_result = $this->_execute($sql, $params); + $this->took = round((microtime(true) - $t) * 1000); + $this->numRows = $this->affected = $this->lastAffected(); + $this->logQuery($sql, $params); + } else { + $this->_result = $this->_execute($sql, $params); + $this->_queriesCnt++; + } + + return $this->_result; + } + /** * Reduce memory usage for insertMulti * diff --git a/app/Model/DecayingModelsFormulas/PolynomialExtended.php b/app/Model/DecayingModelsFormulas/PolynomialExtended.php index 4fa8ecfbb..71c98a9a3 100644 --- a/app/Model/DecayingModelsFormulas/PolynomialExtended.php +++ b/app/Model/DecayingModelsFormulas/PolynomialExtended.php @@ -18,7 +18,7 @@ class PolynomialExtended extends Polynomial } else { $retention_taxonomy_id = $retention_taxonomy_id['Taxonomy']['id']; } - $taxonomy = $this->Taxonomy->getTaxonomy($retention_taxonomy_id, array('full' => true)); + $taxonomy = $this->Taxonomy->getTaxonomy($retention_taxonomy_id); $this->retention_taxonomy = array(); foreach ($taxonomy['entries'] as $k => $entry) { $this->retention_taxonomy[$entry['tag']] = $entry['numerical_value']; diff --git a/app/Model/Event.php b/app/Model/Event.php index 9e18c47b2..06bb7bf7e 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -540,7 +540,8 @@ class Event extends AppModel 'local' => $local, 'relationship_type' => $relationship, ]; - $success = $success || $this->EventTag->attachTagToEvent($event_id, $tag, $nothingToChange); + $attachSuccess = $this->EventTag->attachTagToEvent($event_id, $tag, $nothingToChange); + $success = $success || $attachSuccess; $touchEvent = $touchEvent || !$nothingToChange; } if ($touchEvent) { @@ -562,7 +563,8 @@ class Event extends AppModel $success = $success || true; continue; } - $success = $success || $this->EventTag->detachTagFromEvent($event_id, $tag_id, $local, $nothingToChange); + $detachSuccess = $this->EventTag->detachTagFromEvent($event_id, $tag_id, $local, $nothingToChange); + $success = $success || $detachSuccess; $touchEvent = $touchEvent || !$nothingToChange; } if ($touchEvent) { @@ -1526,7 +1528,11 @@ class Event extends AppModel 'recursive' => -1, ); if (isset($params['order'])) { - $find_params['order'] = $params['order']; + $find_params['order'] = $this->findOrder( + $params['order'], + 'Event', + ['id', 'info', 'analysis', 'threat_level_id', 'distribution', 'timestamp', 'publish_timestamp'] + ); } if (isset($params['limit'])) { // Get the count (but not the actual data) of results for paginators @@ -2006,7 +2012,11 @@ class Event extends AppModel $params['page'] = $options['page']; } if (!empty($options['order'])) { - $params['order'] = $options['order']; + $options['order'] = $this->findOrder( + $options['order'], + 'Event', + ['id', 'info', 'analysis', 'threat_level_id', 'distribution', 'timestamp', 'publish_timestamp'] + ); } $results = $this->find('all', $params); if (empty($results)) { @@ -2089,7 +2099,7 @@ class Event extends AppModel // Include information about event creator user email. This information is included for: // - users from event creator org // - site admins - // In export, this information will be included in `event_creator_email` field just for auditors of event creator org. + // In export, this information will be included in `event_creator_email` field for auditors of event creator org and site admins. $sameOrg = $event['Event']['orgc_id'] === $user['org_id']; if ($sameOrg || $user['Role']['perm_site_admin']) { if (!isset($userEmails[$event['Event']['user_id']])) { @@ -2097,7 +2107,7 @@ class Event extends AppModel } $userEmail = $userEmails[$event['Event']['user_id']]; - if ($sameOrg && $user['Role']['perm_audit']) { + if ($sameOrg && $user['Role']['perm_audit'] || $user['Role']['perm_site_admin']) { $event['Event']['event_creator_email'] = $userEmail; } $event['User']['email'] = $userEmail; @@ -2852,10 +2862,35 @@ class Event extends AppModel return $conditions; } + /** + * @param string $value + * @return string + */ + private static function compressIpv6($value) + { + if (strpos($value, ':') && $converted = inet_pton($value)) { + return inet_ntop($converted); + } + return $value; + } + public function set_filter_value(&$params, $conditions, $options) { if (!empty($params['value'])) { $params[$options['filter']] = $this->convert_filters($params['value']); + foreach (['OR', 'AND', 'NOT'] as $operand) { + if (!empty($params[$options['filter']][$operand])) { + foreach ($params[$options['filter']][$operand] as $k => $v) { + if ($operand === 'NOT') { + $v = mb_substr($v, 1); + } + if (filter_var($v, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + $v = $this->compressIpv6($v); + } + $params[$options['filter']][$operand][$k] = $operand === 'NOT' ? '!' . $v : $v; + } + } + } $conditions = $this->generic_add_filter($conditions, $params['value'], ['Attribute.value1', 'Attribute.value2']); } @@ -3365,7 +3400,11 @@ class Event extends AppModel foreach ($event['EventTag'] as $tag) { $tagId = $this->captureTagWithCache($tag['Tag'], $user, $capturedTags); if ($tagId && !in_array($tagId, $event_tag_ids)) { - $eventTags[] = array('tag_id' => $tagId); + $eventTags[] = array( + 'tag_id' => $tagId, + 'local' => isset($tag['local']) ? $tag['local'] : 0, + 'relationship_type' => isset($tag['relationship_type']) ? $tag['relationship_type'] : '', + ); $event_tag_ids[] = $tagId; } } @@ -3380,6 +3419,7 @@ class Event extends AppModel $eventTags[] = [ 'tag_id' => $tag_id, 'local' => isset($tag['local']) ? $tag['local'] : 0, + 'relationship_type' => isset($tag['relationship_type']) ? $tag['relationship_type'] : '', ]; $event_tag_ids[] = $tag_id; } @@ -3440,7 +3480,11 @@ class Event extends AppModel $a['AttributeTag'] = array($a['AttributeTag']); } foreach ($a['AttributeTag'] as $tag) { - $attributeTags[] = array('tag_id' => $this->captureTagWithCache($tag['Tag'], $user, $capturedTags)); + $attributeTags[] = array( + 'tag_id' => $this->captureTagWithCache($tag['Tag'], $user, $capturedTags), + 'local' => isset($tag['local']) ? $tag['local'] : 0, + 'relationship_type' => isset($tag['relationship_type']) ? $tag['relationship_type'] : '', + ); } } if (isset($a['Tag'])) { @@ -3453,6 +3497,7 @@ class Event extends AppModel $attributeTags[] = [ 'tag_id' => $tagId, 'local' => isset($tag['local']) ? $tag['local'] : 0, + 'relationship_type' => isset($tag['relationship_type']) ? $tag['relationship_type'] : '', ]; } } @@ -3605,20 +3650,12 @@ class Event extends AppModel if (!isset($data['Event']['orgc_id']) && !isset($data['Event']['orgc'])) { $data['Event']['orgc_id'] = $data['Event']['org_id']; } else { - if (!isset($data['Event']['Orgc'])) { - if (isset($data['Event']['orgc_id']) && $data['Event']['orgc_id'] != $user['org_id'] && !$user['Role']['perm_sync'] && !$user['Role']['perm_site_admin']) { + $orgc_id = $data['Event']['orgc_id'] ?? null; + $orgc_uuid = $data['Event']['Orgc']['uuid'] ?? null; + if (!$user['Role']['perm_sync'] && !$user['Role']['perm_site_admin']) { + if ($orgc_uuid != $user['Organisation']['uuid'] && $orgc_id != $user['org_id']) { throw new MethodNotAllowedException('Event cannot be created as you are not a member of the creator organisation.'); } - } else { - if ($data['Event']['Orgc']['uuid'] != $user['Organisation']['uuid'] && !$user['Role']['perm_sync'] && !$user['Role']['perm_site_admin']) { - throw new MethodNotAllowedException('Event cannot be created as you are not a member of the creator organisation.'); - } - if (isset($data['Event']['orgc']) && $data['Event']['orgc'] != $user['Organisation']['name'] && !$user['Role']['perm_sync'] && !$user['Role']['perm_site_admin']) { - throw new MethodNotAllowedException('Event cannot be created as you are not a member of the creator organisation.'); - } - } - if (isset($data['Event']['orgc_id']) && $data['Event']['orgc_id'] != $user['org_id'] && !$user['Role']['perm_sync'] && !$user['Role']['perm_site_admin']) { - throw new MethodNotAllowedException('Event cannot be created as you are not a member of the creator organisation.'); } } if (!Configure::check('MISP.enableOrgBlocklisting') || Configure::read('MISP.enableOrgBlocklisting') !== false) { @@ -3631,6 +3668,7 @@ class Event extends AppModel $this->OrgBlocklist = ClassRegistry::init('OrgBlocklist'); } if ($this->OrgBlocklist->isBlocked($orgc)) { + $this->OrgBlocklist->saveEventBlocked($orgc); return 'blocked'; } } @@ -4465,7 +4503,7 @@ class Event extends AppModel /** @var Job $job */ $job = ClassRegistry::init('Job'); $message = empty($sightingUuids) ? __('Publishing sightings.') : __('Publishing %s sightings.', count($sightingUuids)); - $jobId = $job->createJob($user, Job::WORKER_PRIO, 'publish_event', "Event ID: $id", $message); + $jobId = $job->createJob($user, Job::WORKER_DEFAULT, 'publish_event', "Event ID: $id", $message); $args = ['publish_sightings', $id, $passAlong, $jobId, $user['id']]; if (!empty($sightingUuids)) { @@ -4473,7 +4511,7 @@ class Event extends AppModel } return $this->getBackgroundJobsTool()->enqueue( - BackgroundJobsTool::PRIO_QUEUE, + BackgroundJobsTool::DEFAULT_QUEUE, BackgroundJobsTool::CMD_EVENT, $args, true, @@ -5586,6 +5624,10 @@ class Event extends AppModel return $resultArray; } + /** + * @param array $result + * @return array + */ public function handleMispFormatFromModuleResult(&$result) { $defaultDistribution = $this->Attribute->defaultDistribution(); @@ -5599,7 +5641,7 @@ class Event extends AppModel $event['Attribute'] = $attributes; } if (!empty($result['results']['Object'])) { - $object = array(); + $objects = array(); foreach ($result['results']['Object'] as $tmp_object) { $tmp_object['distribution'] = (isset($tmp_object['distribution']) ? (int)$tmp_object['distribution'] : $defaultDistribution); $tmp_object['sharing_group_id'] = (isset($tmp_object['sharing_group_id']) ? (int)$tmp_object['sharing_group_id'] : 0); @@ -5623,6 +5665,11 @@ class Event extends AppModel return $event; } + /** + * @param array $attribute + * @param int $defaultDistribution + * @return array + */ private function __fillAttribute($attribute, $defaultDistribution) { if (is_array($attribute['type'])) { @@ -5818,41 +5865,79 @@ class Event extends AppModel * @throws InvalidArgumentException * @throws Exception */ - public function upload_stix(array $user, $file, $stix_version, $original_file, $publish) + public function upload_stix(array $user, $file, $stix_version, $original_file, $publish, $distribution, $sharingGroupId, $galaxiesAsTags, $debug = false) { $scriptDir = APP . 'files' . DS . 'scripts'; - if ($stix_version == '2') { + if ($stix_version == '2' || $stix_version == '2.0' || $stix_version == '2.1') { $scriptFile = $scriptDir . DS . 'stix2' . DS . 'stix2misp.py'; - $output_path = $file . '.stix2'; - $stix_version = "STIX 2.0"; + $output_path = $file . '.out'; + $shell_command = [ + ProcessTool::pythonBin(), + $scriptFile, + '-i', $file, + '--distribution', $distribution + ]; + if ($distribution == 4) { + array_push($shell_command, '--sharing_group_id', $sharingGroupId); + } + if ($galaxiesAsTags) { + $shell_command[] = '--galaxies_as_tags'; + } + if ($debug) { + $shell_command[] = '--debug'; + } + $stix_version = "STIX 2.1"; } elseif ($stix_version == '1' || $stix_version == '1.1' || $stix_version == '1.2') { $scriptFile = $scriptDir . DS . 'stix2misp.py'; $output_path = $file . '.json'; + $shell_command = [ + ProcessTool::pythonBin(), + $scriptFile, + $file, + Configure::read('MISP.default_event_distribution'), + Configure::read('MISP.default_attribute_distribution'), + $this->__getTagNamesFromSynonyms($scriptDir) + ]; $stix_version = "STIX 1.1"; } else { throw new InvalidArgumentException('Invalid STIX version'); } - $shell_command = [ - ProcessTool::pythonBin(), - $scriptFile, - $file, - Configure::read('MISP.default_event_distribution'), - Configure::read('MISP.default_attribute_distribution'), - $this->__getTagNamesFromSynonyms($scriptDir), - ]; - $result = ProcessTool::execute($shell_command, null, true); $result = preg_split("/\r\n|\n|\r/", trim($result)); $result = trim(end($result)); $tempFile = file_get_contents($file); unlink($file); - if ($result === '1') { + $decoded = JsonTool::decode($result); + if (!empty($decoded['success'])) { $data = FileAccessTool::readAndDelete($output_path); $data = $this->jsonDecode($data); if (empty($data['Event'])) { $data = array('Event' => $data); } + if (!$galaxiesAsTags) { + if (!isset($this->GalaxyCluster)) { + $this->GalaxyCluster = ClassRegistry::init('GalaxyCluster'); + } + $this->__handleGalaxiesAndClusters($user, $data['Event']); + if (!empty($data['Event']['Attribute'])) { + foreach ($data['Event']['Attribute'] as &$attribute) { + $this->__handleGalaxiesAndClusters($user, $attribute); + } + } + if (!empty($data['Event']['Object'])) { + foreach ($data['Event']['Object'] as &$misp_object) { + if (!empty($misp_object['Attribute'])) { + foreach ($misp_object['Attribute'] as &$attribute) { + $this->__handleGalaxiesAndClusters($user, $attribute); + } + } + } + } + } + if (!empty($decoded['stix_version'])) { + $stix_version = 'STIX ' . $decoded['stix_version']; + } $created_id = false; $validationIssues = false; $result = $this->_add($data, true, $user, '', null, false, null, $created_id, $validationIssues); @@ -5870,13 +5955,8 @@ class Event extends AppModel return $result; } return $validationIssues; - } else if ($result === '2') { - $response = __('Issues while loading the stix file.'); - } elseif ($result === '3') { - $response = __('Issues with the maec library.'); - } else { - $response = __('Issues executing the ingestion script or invalid input.'); } + $response = __($decoded['error']); if (!$user['Role']['perm_site_admin']) { $response .= ' ' . __('Please ask your administrator to'); } else { @@ -5886,6 +5966,19 @@ class Event extends AppModel return $response; } + private function __handleGalaxiesAndClusters($user, &$data) + { + if (!empty($data['Galaxy'])) { + $tag_names = $this->GalaxyCluster->convertGalaxyClustersToTags($user, $data['Galaxy']); + if (empty($data['Tag'])) { + $data['Tag'] = []; + } + foreach ($tag_names as $tag_name) { + $data['Tag'][] = array('name' => $tag_name); + } + } + } + /** * @param string $scriptDir * @return string @@ -6319,11 +6412,33 @@ class Event extends AppModel return $message; } - public function processModuleResultsData($user, $resolved_data, $id, $default_comment = '', $jobId = false, $adhereToWarninglists = false, $event_level = false) + /** + * @param array $user + * @param array $resolved_data + * @param int $id + * @param string $default_comment + * @param int|false $jobId + * @param bool $adhereToWarninglists + * @param bool $event_level + * @return int|string + * @throws JsonException + */ + public function processModuleResultsData(array $user, $resolved_data, $id, $default_comment = '', $jobId = false, $adhereToWarninglists = false, $event_level = false) { + $event = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['id' => $id], + ]); + if (empty($event)) { + throw new Exception("Event with ID `$id` not found."); + } if ($jobId) { $this->Job = ClassRegistry::init('Job'); $this->Job->id = $jobId; + + /** @var EventLock $eventLock */ + $eventLock = ClassRegistry::init('EventLock'); + $eventLock->insertLockBackgroundJob($event['Event']['id'], $jobId); } $failed_attributes = $failed_objects = $failed_object_attributes = $failed_reports = 0; $saved_attributes = $saved_objects = $saved_object_attributes = $saved_reports = 0; @@ -6369,6 +6484,7 @@ class Event extends AppModel } } } else { + $this->Attribute->logDropped($user, $attribute); $failed_attributes++; $lastAttributeError = $this->Attribute->validationErrors; $original_uuid = $this->__findOriginalUUID( @@ -6384,8 +6500,7 @@ class Event extends AppModel } if ($jobId) { $processedAttributes++; - $this->Job->saveField('message', 'Attribute ' . $processedAttributes . '/' . $total_attributes); - $this->Job->saveField('progress', ($processedAttributes * 100 / $items_count)); + $this->Job->saveProgress($jobId, "Attribute $processedAttributes/$total_attributes", $processedAttributes * 100 / $items_count); } } } else { @@ -6430,7 +6545,7 @@ class Event extends AppModel if (isset($initial_attributes[$object_relation]) && in_array($object_attribute['value'], $initial_attributes[$object_relation])) { continue; } - if ($this->__saveObjectAttribute($object_attribute, $default_comment, $id, $initial_object_id, $user)) { + if ($this->__saveObjectAttribute($object_attribute, null, $event, $initial_object_id, $user)) { $saved_object_attributes++; } else { $failed_object_attributes++; @@ -6463,7 +6578,7 @@ class Event extends AppModel if ($this->Object->save($object)) { $object_id = $this->Object->id; foreach ($object['Attribute'] as $object_attribute) { - if ($this->__saveObjectAttribute($object_attribute, $default_comment, $id, $object_id, $user)) { + if ($this->__saveObjectAttribute($object_attribute, null, $event, $object_id, $user)) { $saved_object_attributes++; } else { $failed_object_attributes++; @@ -6498,8 +6613,7 @@ class Event extends AppModel } if ($jobId) { $processedObjects++; - $this->Job->saveField('message', 'Object ' . $processedObjects . '/' . $total_objects); - $this->Job->saveField('progress', (($processedObjects + $total_attributes) * 100 / $items_count)); + $this->Job->saveProgress($jobId, "Object $processedObjects/$total_objects", ($processedObjects + $total_attributes) * 100 / $items_count); } } @@ -6566,14 +6680,13 @@ class Event extends AppModel } if ($jobId) { $current = ($i + 1); - $this->Job->saveField('message', 'EventReport ' . $current . '/' . $total_reports); - $this->Job->saveField('progress', ($current * 100 / $items_count)); + $this->Job->saveProgress($jobId, "EventReport $current/$total_reports", $current * 100 / $items_count); } } } if ($saved_attributes > 0 || $saved_objects > 0 || $saved_reports > 0) { - $this->unpublishEvent($id); + $this->unpublishEvent($event); } if ($event_level) { return $saved_attributes + $saved_object_attributes + $saved_reports; @@ -6634,8 +6747,8 @@ class Event extends AppModel $message .= $failed_reports . $reason; } if ($jobId) { - $this->Job->saveField('message', 'Processing complete. ' . $message); - $this->Job->saveField('progress', 100); + $this->Job->saveStatus($jobId, true, 'Processing complete. ' . $message); + $eventLock->deleteBackgroundJobLock($event['Event']['id'], $jobId); } return $message; } @@ -6722,28 +6835,39 @@ class Event extends AppModel return (!empty($original_uuid)) ? $original_uuid['Object']['uuid'] : $original_uuid; } - private function __saveObjectAttribute($attribute, $default_comment, $event_id, $object_id, $user) + /** + * @param array $attribute + * @param string|null $default_comment + * @param array $event + * @param int $object_id + * @param array $user + * @return array|bool|mixed + * @throws Exception + */ + private function __saveObjectAttribute(array $attribute, $default_comment, array $event, $object_id, array $user) { $attribute['object_id'] = $object_id; - $attribute['event_id'] = $event_id; - if (empty($attribute['comment'])) { + $attribute['event_id'] = $event['Event']['id']; + if (empty($attribute['comment']) && $default_comment) { $attribute['comment'] = $default_comment; } if (!empty($attribute['data']) && !empty($attribute['encrypt'])) { $attribute = $this->Attribute->onDemandEncrypt($attribute); } $this->Attribute->create(); - $attribute_save = $this->Attribute->save($attribute); + $attribute_save = $this->Attribute->save($attribute, ['parentEvent' => $event]); if ($attribute_save) { if (!empty($attribute['Tag'])) { foreach ($attribute['Tag'] as $tag) { $tag_id = $this->Attribute->AttributeTag->Tag->captureTag($tag, $user); $relationship_type = empty($tag['relationship_type']) ? false : $tag['relationship_type']; if ($tag_id) { - $this->Attribute->AttributeTag->attachTagToAttribute($this->Attribute->id, $event_id, $tag_id, !empty($tag['local']), $relationship_type); + $this->Attribute->AttributeTag->attachTagToAttribute($this->Attribute->id, $event['Event']['id'], $tag_id, !empty($tag['local']), $relationship_type); } } } + } else { + $this->Attribute->logDropped($user, $attribute); } return $attribute_save; } @@ -7047,6 +7171,47 @@ class Event extends AppModel } } + + public function restSearchFilterMassage($filters, $non_restrictive_export, $user) + { + if (!empty($filters['ignore'])) { + $filters['to_ids'] = array(0, 1); + $filters['published'] = array(0, 1); + } + if (!empty($filters['quickFilter'])) { + $filters['searchall'] = $filters['quickFilter']; + if (!empty($filters['value'])) { + unset($filters['value']); + } + } + if (isset($filters['searchall'])) { + if (!empty($filters['value'])) { + $filters['wildcard'] = $filters['value']; + } else { + $filters['wildcard'] = $filters['searchall']; + } + } + + if (isset($filters['tag']) and !isset($filters['tags'])) { + $filters['tags'] = $filters['tag']; + } + if (!empty($filters['withAttachments'])) { + $filters['includeAttachments'] = 1; + } + if (empty($non_restrictive_export)) { + if (!isset($filters['to_ids'])) { + $filters['to_ids'] = 1; + } + if (!isset($filters['published'])) { + $filters['published'] = 1; + } + $filters['allow_proposal_blocking'] = 1; + } + $subqueryElements = $this->harvestSubqueryElements($filters); + $filters = $this->addFiltersFromSubqueryElements($filters, $subqueryElements, $user); + return $filters; + } + /** * @param array $user * @param string $returnFormat @@ -7075,49 +7240,18 @@ class Event extends AppModel $exportTool->setDefaultFilters($filters); } - if (empty($exportTool->non_restrictive_export)) { - if (!isset($filters['to_ids'])) { - $filters['to_ids'] = 1; - } - if (!isset($filters['published'])) { - $filters['published'] = 1; - } - $filters['allow_proposal_blocking'] = 1; - } - if (!empty($exportTool->renderView)) { $renderView = $exportTool->renderView; } + $non_restrictive_export = !empty($exportTool->non_restrictive_export); + $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export, $user); - if (!empty($filters['ignore'])) { - $filters['to_ids'] = array(0, 1); - $filters['published'] = array(0, 1); - } - if (!empty($filters['quickFilter'])) { - $filters['searchall'] = $filters['quickFilter']; - if (!empty($filters['value'])) { - unset($filters['value']); - } - } - if (isset($filters['searchall'])) { - if (!empty($filters['value'])) { - $filters['wildcard'] = $filters['value']; - } else { - $filters['wildcard'] = $filters['searchall']; - } - } - - if (isset($filters['tag']) and !isset($filters['tags'])) { - $filters['tags'] = $filters['tag']; - } - $subqueryElements = $this->harvestSubqueryElements($filters); - $filters = $this->addFiltersFromSubqueryElements($filters, $subqueryElements, $user); $filters = $this->addFiltersFromUserSettings($user, $filters); if (empty($exportTool->mock_query_only)) { $filters['include_attribute_count'] = 1; $eventid = $this->filterEventIds($user, $filters, $elementCounter); $eventCount = count($eventid); - $eventids_chunked = $this->__clusterEventIds($exportTool, $eventid); + $eventids_chunked = $this->clusterEventIds($exportTool, $eventid); unset($eventid); } else { $eventids_chunked = array(); @@ -7143,9 +7277,6 @@ class Event extends AppModel $tmpfile = new TmpFileTool(); $tmpfile->write($exportTool->header($exportToolParams)); $i = 0; - if (!empty($filters['withAttachments'])) { - $filters['includeAttachments'] = 1; - } $this->Allowedlist = ClassRegistry::init('Allowedlist'); $separator = $exportTool->separator($exportToolParams); unset($filters['page']); @@ -7184,7 +7315,7 @@ class Event extends AppModel * Chunk them by the attribute count to fit the memory limits * */ - private function __clusterEventIds($exportTool, $eventIds) + public function clusterEventIds($exportTool, $eventIds) { $memory_in_mb = $this->convert_to_memory_limit_to_mb(ini_get('memory_limit')); $default_attribute_memory_coefficient = Configure::check('MISP.default_attribute_memory_coefficient') ? Configure::read('MISP.default_attribute_memory_coefficient') : 80; diff --git a/app/Model/EventReport.php b/app/Model/EventReport.php index d0c074693..1ab7f3dfe 100644 --- a/app/Model/EventReport.php +++ b/app/Model/EventReport.php @@ -408,7 +408,7 @@ class EventReport extends AppModel return $report; } else { if (in_array('edit', $authorizations) || in_array('delete', $authorizations)) { - $checkResult = $this->canEditReport($user, $report); + $checkResult = $user['Role']['perm_site_admin'] || ($report['Event']['orgc_id'] === $user['org_id']); if ($checkResult !== true) { if ($throwErrors) { throw new UnauthorizedException($checkResult); @@ -420,20 +420,6 @@ class EventReport extends AppModel } } - public function canEditReport(array $user, array $report) - { - if ($user['Role']['perm_site_admin']) { - return true; - } - if (empty($report['Event'])) { - return __('Could not find associated event'); - } - if ($report['Event']['orgc_id'] != $user['org_id']) { - return __('Only the creator organisation of the event can modify the report'); - } - return true; - } - public function reArrangeReport(array $report) { $rearrangeObjects = array('Event', 'SharingGroup'); diff --git a/app/Model/EventTag.php b/app/Model/EventTag.php index f60ba2574..c855de995 100644 --- a/app/Model/EventTag.php +++ b/app/Model/EventTag.php @@ -91,7 +91,7 @@ class EventTag extends AppModel /** * @param int $event_id - * @param int $tagId + * @param array $tag * @param bool $nothingToChange * @return bool * @throws Exception diff --git a/app/Model/Feed.php b/app/Model/Feed.php index d3d16140f..413733880 100644 --- a/app/Model/Feed.php +++ b/app/Model/Feed.php @@ -462,6 +462,9 @@ class Feed extends AppModel */ public function attachFeedCorrelations(array $attributes, array $user, array &$event, $overrideLimit = false, $scope = 'Feed') { + if (!isset($user['Role']['perm_view_feed_correlations']) || $user['Role']['perm_view_feed_correlations'] != true) { + return $attributes; + } if (empty($attributes)) { return $attributes; } diff --git a/app/Model/Galaxy.php b/app/Model/Galaxy.php index 40ef276d7..72a001b57 100644 --- a/app/Model/Galaxy.php +++ b/app/Model/Galaxy.php @@ -278,10 +278,9 @@ class Galaxy extends AppModel /** * Capture the Galaxy * - * @param $user * @param array $user * @param array $galaxy The galaxy to be captured - * @return array the captured galaxy + * @return array|false the captured galaxy or false on error */ public function captureGalaxy(array $user, array $galaxy) { @@ -312,21 +311,20 @@ class Galaxy extends AppModel * Import all clusters into the Galaxy they are shipped with, creating the galaxy if not existant. * * This function is meant to be used with manual import or push from remote instance - * @param $user + * @param array $user * @param array $clusters clusters to import * @return array The import result with errors if any */ - public function importGalaxyAndClusters($user, array $clusters) + public function importGalaxyAndClusters(array $user, array $clusters) { $results = array('success' => false, 'imported' => 0, 'ignored' => 0, 'failed' => 0, 'errors' => array()); - foreach ($clusters as $k => $cluster) { - $conditions = array(); + foreach ($clusters as $cluster) { if (!empty($cluster['GalaxyCluster']['Galaxy'])) { $existingGalaxy = $this->captureGalaxy($user, $cluster['GalaxyCluster']['Galaxy']); } elseif (!empty($cluster['GalaxyCluster']['type'])) { $existingGalaxy = $this->find('first', array( 'recursive' => -1, - 'fields' => array('id', 'version'), + 'fields' => array('id'), 'conditions' => array('Galaxy.type' => $cluster['GalaxyCluster']['type']), )); if (empty($existingGalaxy)) { // We don't have enough info to create the galaxy @@ -380,16 +378,16 @@ class Galaxy extends AppModel /** * @param array $user - * @param string $target_type + * @param string $targetType Can be 'event', 'attribute' or 'tag_collection' * @param array $target * @param int $cluster_id * @param bool $local * @return string * @throws Exception */ - public function attachCluster(array $user, $target_type, array $target, $cluster_id, $local = false) + public function attachCluster(array $user, $targetType, array $target, $cluster_id, $local = false) { - $connectorModel = Inflector::camelize($target_type) . 'Tag'; + $connectorModel = Inflector::camelize($targetType) . 'Tag'; $local = $local == 1 || $local === true ? 1 : 0; $cluster_alias = $this->GalaxyCluster->alias; $galaxy_alias = $this->alias; @@ -409,36 +407,36 @@ class Galaxy extends AppModel } $this->Tag = ClassRegistry::init('Tag'); $tag_id = $this->Tag->captureTag(array('name' => $cluster['GalaxyCluster']['tag_name'], 'colour' => '#0088cc', 'exportable' => 1, 'local_only' => $local_only), $user, true); - if ($target_type === 'event') { + if ($targetType === 'event') { $target_id = $target['Event']['id']; - } elseif ($target_type === 'attribute') { + } elseif ($targetType === 'attribute') { $target_id = $target['Attribute']['id']; } else { $target_id = $target['TagCollection']['id']; } - $existingTag = $this->Tag->$connectorModel->hasAny(array($target_type . '_id' => $target_id, 'tag_id' => $tag_id)); + $existingTag = $this->Tag->$connectorModel->hasAny(array($targetType . '_id' => $target_id, 'tag_id' => $tag_id)); if ($existingTag) { return 'Cluster already attached.'; } $this->Tag->$connectorModel->create(); - $toSave = array($target_type . '_id' => $target_id, 'tag_id' => $tag_id, 'local' => $local); - if ($target_type === 'attribute') { + $toSave = array($targetType . '_id' => $target_id, 'tag_id' => $tag_id, 'local' => $local); + if ($targetType === 'attribute') { $toSave['event_id'] = $target['Attribute']['event_id']; } $result = $this->Tag->$connectorModel->save($toSave); if ($result) { if (!$local) { - if ($target_type === 'attribute') { + if ($targetType === 'attribute') { $this->Tag->AttributeTag->Attribute->touch($target); - } elseif ($target_type === 'event') { + } elseif ($targetType === 'event') { $this->Tag->EventTag->Event->unpublishEvent($target); } } - if ($target_type === 'attribute' || $target_type === 'event') { + if ($targetType === 'attribute' || $targetType === 'event') { $this->Tag->EventTag->Event->insertLock($user, $target['Event']['id']); } - $logTitle = 'Attached ' . $cluster['GalaxyCluster']['value'] . ' (' . $cluster['GalaxyCluster']['id'] . ') to ' . $target_type . ' (' . $target_id . ')'; - $this->loadLog()->createLogEntry($user, 'galaxy', ucfirst($target_type), $target_id, $logTitle); + $logTitle = 'Attached ' . $cluster['GalaxyCluster']['value'] . ' (' . $cluster['GalaxyCluster']['id'] . ') to ' . $targetType . ' (' . $target_id . ')'; + $this->loadLog()->createLogEntry($user, 'galaxy', ucfirst($targetType), $target_id, $logTitle); return 'Cluster attached.'; } return 'Could not attach the cluster'; diff --git a/app/Model/GalaxyCluster.php b/app/Model/GalaxyCluster.php index 89a47bcae..a2321079e 100644 --- a/app/Model/GalaxyCluster.php +++ b/app/Model/GalaxyCluster.php @@ -720,14 +720,14 @@ class GalaxyCluster extends AppModel /** * Gets a cluster then save it. * - * @param $user + * @param array $user * @param array $cluster Cluster to be saved * @param bool $fromPull If the current capture is performed from a PULL sync * @param int $orgId The organisation id that should own the cluster * @param array $server The server for which to capture is ongoing * @return array Result of the capture including successes, fails and errors */ - public function captureCluster($user, $cluster, $fromPull=false, $orgId=0, $server=false) + public function captureCluster(array $user, $cluster, $fromPull=false, $orgId=0, $server=false) { $results = array('success' => false, 'imported' => 0, 'ignored' => 0, 'failed' => 0, 'errors' => array()); @@ -1063,8 +1063,12 @@ class GalaxyCluster extends AppModel if (isset($options['group'])) { $params['group'] = $options['group']; } - if (isset($options['order'])) { - $params['order'] = $options['order']; + if (!empty($options['order'])) { + $options['order'] = $this->findOrder( + $options['order'], + 'GalaxyCluster', + ['id', 'event_id', 'version', 'type', 'value', 'distribution', 'orgc_id', 'org_id', 'tag_name', 'galaxy_id'] + ); } if (isset($options['page'])) { $params['page'] = $options['page']; @@ -1667,7 +1671,7 @@ class GalaxyCluster extends AppModel } try { - if (!$serverSync->isSupported(ServerSyncTool::PERM_SYNC) || $serverSync->isSupported(ServerSyncTool::PERM_GALAXY_EDITOR)) { + if (!$serverSync->isSupported(ServerSyncTool::PERM_SYNC) || !$serverSync->isSupported(ServerSyncTool::PERM_GALAXY_EDITOR)) { return __('The remote user does not have the permission to manipulate galaxies - the upload of the galaxy clusters has been blocked.'); } $serverSync->pushGalaxyCluster($cluster)->json(); @@ -1855,7 +1859,7 @@ class GalaxyCluster extends AppModel } /** - * getClusterIdListBasedOnPullTechnique Collect the list of remote cluster IDs to be pulled based on the technique + * Collect the list of remote cluster IDs to be pulled based on the technique * * @param array $user * @param string|int $technique @@ -1895,15 +1899,13 @@ class GalaxyCluster extends AppModel $clusterIds = $this->Server->getElligibleClusterIdsFromServerForPull($serverSync, $onlyUpdateLocalCluster = false); } } catch (HttpSocketHttpException $e) { - if ($e->getCode() === 403) { - return array('error' => array(1, null)); - } else { + if ($e->getCode() !== 403) { $this->logException("Could not get eligible cluster IDs from server {$serverSync->serverId()} for pull.", $e); - return array('error' => array(2, $e->getMessage())); } + return []; } catch (Exception $e) { $this->logException("Could not get eligible cluster IDs from server {$serverSync->serverId()} for pull.", $e); - return array('error' => array(2, $e->getMessage())); + return []; } return $clusterIds; } @@ -2067,4 +2069,31 @@ class GalaxyCluster extends AppModel } return $CyCatRelations; } + + /** + * convertGalaxyClustersToTags + * + * @param array $user + * @param array $galaxies + * @return array The tag names extracted from galaxy clusters + */ + public function convertGalaxyClustersToTags($user, $galaxies) + { + $galaxyClusters = []; + $tag_names = []; + foreach ($galaxies as $galaxy) { + if (empty($galaxy['GalaxyCluster'])) { + continue; + } + $clusters = $galaxy['GalaxyCluster']; + unset($galaxy['GalaxyCluster']); + foreach ($clusters as $cluster) { + $cluster['Galaxy'] = $galaxy; + $galaxyClusters[] = array('GalaxyCluster' => $cluster); + $tag_names[] = !empty($cluster['tag_name']) ? $cluster['tag_name'] : 'misp-galaxy:' . $cluster['type'] . '="' . $cluster['uuid'] . '"'; + } + } + $this->Galaxy->importGalaxyAndClusters($user, $galaxyClusters); + return $tag_names; + } } diff --git a/app/Model/GalaxyClusterBlocklist.php b/app/Model/GalaxyClusterBlocklist.php index fdf87b1d2..8a874c197 100644 --- a/app/Model/GalaxyClusterBlocklist.php +++ b/app/Model/GalaxyClusterBlocklist.php @@ -1,5 +1,6 @@ array( 'unique' => array( - 'rule' => 'isUnique', - 'message' => 'Galaxy Cluster already blocklisted.' + 'rule' => 'isUnique', + 'message' => 'Galaxy Cluster already blocklisted.' ), 'uuid' => array( - 'rule' => array('uuid'), - 'message' => 'Please provide a valid UUID' + 'rule' => array('uuid'), + 'message' => 'Please provide a valid UUID' ), ) ); @@ -35,9 +36,8 @@ class GalaxyClusterBlocklist extends AppModel public function beforeValidate($options = array()) { parent::beforeValidate(); - $date = date('Y-m-d H:i:s'); if (empty($this->data['GalaxyClusterBlocklist']['id'])) { - $this->data['GalaxyClusterBlocklist']['date_created'] = $date; + $this->data['GalaxyClusterBlocklist']['date_created'] = date('Y-m-d H:i:s'); } if (empty($this->data['GalaxyClusterBlocklist']['comment'])) { $this->data['GalaxyClusterBlocklist']['comment'] = ''; @@ -45,12 +45,14 @@ class GalaxyClusterBlocklist extends AppModel return true; } + /** + * @param string $clusterUUID + * @return bool + */ public function checkIfBlocked($clusterUUID) { - $entry = $this->find('first', array('conditions' => array('cluster_uuid' => $clusterUUID))); - if (!empty($entry)) { - return true; - } - return false; + return $this->hasAny([ + 'cluster_uuid' => $clusterUUID, + ]); } } diff --git a/app/Model/GalaxyClusterRelation.php b/app/Model/GalaxyClusterRelation.php index 7fb182064..6f20fba88 100644 --- a/app/Model/GalaxyClusterRelation.php +++ b/app/Model/GalaxyClusterRelation.php @@ -223,7 +223,7 @@ class GalaxyClusterRelation extends AppModel } if (!$force) { $targetCluster = $this->TargetCluster->fetchIfAuthorized($user, $relation['GalaxyClusterRelation']['referenced_galaxy_cluster_uuid'], 'view', $throwErrors=false, $full=false); - if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exists) + if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exist) $errors[] = array(__('Invalid referenced galaxy cluster')); return $errors; } @@ -315,7 +315,7 @@ class GalaxyClusterRelation extends AppModel return $errors; } $targetCluster = $this->TargetCluster->fetchIfAuthorized($user, $relation['GalaxyClusterRelation']['referenced_galaxy_cluster_uuid'], 'view', $throwErrors=false, $full=false); - if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exists) + if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exist) $errors[] = array(__('Invalid referenced galaxy cluster')); return $errors; } diff --git a/app/Model/GalaxyElement.php b/app/Model/GalaxyElement.php index 58d60e4fc..b648ce605 100644 --- a/app/Model/GalaxyElement.php +++ b/app/Model/GalaxyElement.php @@ -1,5 +1,9 @@ data['Inbox']['uuid'] = CakeText::uuid(); $this->data['Inbox']['timestamp'] = time(); - $this->data['Inbox']['ip'] = $_SERVER['REMOTE_ADDR']; + $this->data['Inbox']['ip'] = $this->_remoteIp(); $this->data['Inbox']['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $this->data['Inbox']['user_agent_sha256'] = hash('sha256', $_SERVER['HTTP_USER_AGENT']); return true; diff --git a/app/Model/Log.php b/app/Model/Log.php index 2d6b983f2..cd0130432 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -44,6 +44,7 @@ class Log extends AppModel 'export', 'fetchEvent', 'file_upload', + 'forgot', 'galaxy', 'include_formula', 'load_module', @@ -51,6 +52,7 @@ class Log extends AppModel 'login_fail', 'logout', 'merge', + 'password_reset', 'pruneUpdateLogs', 'publish', 'publish_sightings', @@ -109,6 +111,8 @@ class Log extends AppModel public $actsAs = ['LightPaginator']; + private $elasticSearchClient; + /** * Null when not defined, false when not enabled * @var Syslog|null|false @@ -121,10 +125,7 @@ class Log extends AppModel return false; } if (Configure::read('MISP.log_client_ip')) { - $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - if (isset($_SERVER[$ipHeader])) { - $this->data['Log']['ip'] = $_SERVER[$ipHeader]; - } + $this->data['Log']['ip'] = $this->_remoteIp(); } $setEmpty = array('title' => '', 'model' => '', 'model_id' => 0, 'action' => '', 'user_id' => 0, 'change' => '', 'email' => '', 'org' => '', 'description' => '', 'ip' => ''); foreach ($setEmpty as $field => $empty) { @@ -151,6 +152,22 @@ class Log extends AppModel return true; } + public function afterSave($created, $options = array()) + { + // run workflow if needed, but skip workflow for certain types, to prevent loops + if (!in_array($this->data['Log']['model'], ['Log', 'Workflow'])) { + $trigger_id = 'log-after-save'; + $workflowErrors = []; + $logging = [ + 'model' => 'Log', + 'action' => 'execute_workflow', + 'id' => $this->data['Log']['user_id'] + ]; + $this->executeTrigger($trigger_id, $this->data, $workflowErrors); + } + return true; + } + public function returnDates($org = 'all') { $conditions = array(); @@ -349,9 +366,8 @@ class Log extends AppModel public function logData($data) { - if (Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_audit_notifications_enable')) { - $pubSubTool = $this->getPubSubTool(); - $pubSubTool->publish($data, 'audit', 'log'); + if ($this->pubToZmq('audit')) { + $this->getPubSubTool()->publish($data, 'audit', 'log'); } $this->publishKafkaNotification('audit', $data, 'log'); @@ -1147,4 +1163,15 @@ class Log extends AppModel break; } } + + private function getElasticSearchTool() + { + if (!$this->elasticSearchClient) { + App::uses('ElasticSearchClient', 'Tools'); + $client = new ElasticSearchClient(); + $client->initTool(); + $this->elasticSearchClient = $client; + } + return $this->elasticSearchClient; + } } diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php index fa1df66cd..778b763e1 100644 --- a/app/Model/MispObject.php +++ b/app/Model/MispObject.php @@ -400,15 +400,7 @@ class MispObject extends AppModel $attributeArray = $object['Attribute']; } foreach ($attributeArray as $attribute) { - if ($attribute['type'] === 'malware-sample') { - if (strpos($attribute['value'], '|') === false && !empty($attribute['data'])) { - $attribute['value'] = $attribute['value'] . '|' . md5(base64_decode($attribute['data'])); - } - } - $attributeValueAfterModification = AttributeValidationTool::modifyBeforeValidation($attribute['type'], $attribute['value']); - $attributeValueAfterModification = $this->Attribute->runRegexp($attribute['type'], $attributeValueAfterModification); - - $newObjectAttributes[] = sha1($attribute['object_relation'] . $attribute['category'] . $attribute['type'] . $attributeValueAfterModification, true); + $newObjectAttributes[] = $this->getObjectAttributeHash($attribute); } $newObjectAttributeCount = count($newObjectAttributes); if (!empty($this->__objectDuplicationCheckCache['new'][$object['Object']['template_uuid']])) { @@ -433,7 +425,7 @@ class MispObject extends AppModel 'conditions' => array('Attribute.deleted' => 0) ) ), - 'fields' => array('template_uuid'), + 'fields' => array('template_uuid', 'uuid'), 'conditions' => array('template_uuid' => $object['Object']['template_uuid'], 'Object.deleted' => 0, 'event_id' => $eventId) )); } @@ -441,10 +433,12 @@ class MispObject extends AppModel $temp = array(); if (!empty($existingObject['Attribute']) && $newObjectAttributeCount === count($existingObject['Attribute'])) { foreach ($existingObject['Attribute'] as $existingAttribute) { - $temp[] = sha1($existingAttribute['object_relation'] . $existingAttribute['category'] . $existingAttribute['type'] . $existingAttribute['value'], true); + $temp[] = $this->getObjectAttributeHash($existingAttribute); } + if (empty(array_diff($temp, $newObjectAttributes))) { $duplicatedObjectId = $existingObject['Object']['id']; + $duplicateObjectUuid = $existingObject['Object']['uuid']; return true; } } @@ -452,7 +446,37 @@ class MispObject extends AppModel return false; } - public function saveObject(array $object, $eventId, $template = false, $user, $errorBehaviour = 'drop', $breakOnDuplicate = false) + /** + * @param array $object + * @param array $template + * @return array + */ + public function fillObjectDataFromTemplate(array $object, array $template) + { + $templateFields = array( + 'name' => 'name', + 'meta-category' => 'meta-category', + 'description' => 'description', + 'template_version' => 'version', + 'template_uuid' => 'uuid' + ); + foreach ($templateFields as $objectField => $templateField) { + $object['Object'][$objectField] = $template['ObjectTemplate'][$templateField]; + } + return $object; + } + + /** + * @param array $object + * @param int $eventId + * @param array $template + * @param array $user + * @param string $errorBehaviour + * @param bool $breakOnDuplicate + * @return array|array[]|bool|int|mixed|string + * @throws Exception + */ + public function saveObject(array $object, $eventId, $template = false, array $user, $errorBehaviour = 'drop', $breakOnDuplicate = false) { $templateFields = array( 'name' => 'name', @@ -562,7 +586,7 @@ class MispObject extends AppModel // conditions // order // group - public function fetchObjects($user, $options = array()) + public function fetchObjects(array $user, array $options = array()) { $attributeConditions = array(); if (!$user['Role']['perm_site_admin']) { @@ -608,8 +632,6 @@ class MispObject extends AppModel } if (isset($options['contain'])) { $params['contain'] = array_merge_recursive($params['contain'], $options['contain']); - } else { - $option['contain']['Event']['fields'] = array('id', 'info', 'org_id', 'orgc_id'); } if ( empty($options['metadata']) && @@ -662,7 +684,6 @@ class MispObject extends AppModel if ($options['enforceWarninglist'] && !isset($this->Warninglist)) { $this->Warninglist = ClassRegistry::init('Warninglist'); } - $results = array_values($results); $proposals_block_attributes = Configure::read('MISP.proposals_block_attributes'); if (empty($options['metadata'])) { foreach ($results as $key => $object) { @@ -764,7 +785,7 @@ class MispObject extends AppModel /** * Clean the attribute list up from artifacts introduced by the object form * @param array $attributes - * @return string|array + * @return array * @throws InternalErrorException * @throws Exception */ @@ -812,6 +833,70 @@ class MispObject extends AppModel return $attributes; } + /** + * @param array $user + * @param int $eventId + * @param array $attributes + * @param array $template + * @param int $threshold + * @return array + */ + public function findSimilarObjects(array $user, $eventId, array $attributes, array $template, $threshold = 15) + { + $attributeValues = array_column($attributes, 'value'); + $conditions = array( + 'event_id' => $eventId, + 'value1' => $attributeValues, + 'object_id !=' => 0, + ); + $similarObjects = $this->Attribute->find('all', array( + 'conditions' => $conditions, + 'recursive' => -1, + 'fields' => 'object_id, count(object_id) as similarity_amount', + 'group' => 'object_id', + 'order' => 'similarity_amount DESC' + )); + + if (empty($similarObjects)) { + return [0, [], [], []]; + } + + $similar_object_ids = array(); + $similar_object_similarity_amount = array(); + foreach ($similarObjects as $obj) { + $similar_object_ids[] = $obj['Attribute']['object_id']; + $similar_object_similarity_amount[$obj['Attribute']['object_id']] = (int)$obj[0]['similarity_amount']; + } + $similar_objects_count = count($similar_object_ids); + $similar_object_ids = array_slice($similar_object_ids, 0, $threshold); // slice to honor the threshold + $similar_objects = $this->fetchObjects($user, array( + 'conditions' => array( + 'Object.id' => $similar_object_ids, + 'Object.template_uuid' => $template['ObjectTemplate']['uuid'] + ) + )); + foreach ($similar_objects as $key => $obj) { + $similar_objects[$key]['Object']['similarity_amount'] = $similar_object_similarity_amount[$obj['Object']['id']]; // sorting function cannot use external variables + } + usort($similar_objects, function ($a, $b) { // fetch Object returns object sorted by IDs, force the sort by the similarity amount + if ($a['Object']['similarity_amount'] == $b['Object']['similarity_amount']) { + return 0; + } + return ($a['Object']['similarity_amount'] > $b['Object']['similarity_amount']) ? -1 : 1; + }); + + $simple_flattened_attribute = []; + $simple_flattened_attribute_noval = []; + foreach ($attributes as $k => $attribute) { + $curFlat = $attribute['object_relation'] . '.' . $attribute['type'] . '.' .$attribute['value']; + $simple_flattened_attribute[$curFlat] = $k; + $curFlatNoval = $attribute['object_relation'] . '.' . $attribute['type']; + $simple_flattened_attribute_noval[$curFlatNoval] = $k; + } + + return [$similar_objects_count, $similar_objects, $simple_flattened_attribute, $simple_flattened_attribute_noval]; + } + // Set Object's *-seen (and ObjectAttribute's *-seen and ObjectAttribute's value if requested) to the provided *-seen value // Therefore, synchronizing the 3 values public function syncObjectAndAttributeSeen($object, $forcedSeenOnElements, $applyOnAttribute=True) { @@ -851,6 +936,14 @@ class MispObject extends AppModel return $object; } + /** + * @param array $object + * @param array $objectToSave + * @param bool $onlyAddNewAttribute + * @param array $user + * @return array|int + * @throws JsonException + */ public function deltaMerge(array $object, array $objectToSave, $onlyAddNewAttribute=false, array $user) { if (!isset($objectToSave['Object'])) { @@ -965,7 +1058,6 @@ class MispObject extends AppModel } } else { // we only add the new attribute $newAttribute = $objectToSave['Attribute'][0]; - $this->Event->Attribute->create(); $newAttribute['event_id'] = $object['Object']['event_id']; $newAttribute['object_id'] = $object['Object']['id']; // Set seen of object at attribute level @@ -980,10 +1072,9 @@ class MispObject extends AppModel (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen'])) ) { $newAttribute['last_seen'] = $object['Object']['last_seen']; - $different = true; } $saveAttributeResult = $this->Attribute->saveAttributes(array($newAttribute), $user); - return $saveAttributeResult ? $this->id : $this->validationErrors; + return $saveAttributeResult ? $this->id : $this->Attribute->validationErrors; } return $this->id; } @@ -1232,51 +1323,14 @@ class MispObject extends AppModel 'Attribute.event_id' => $eventId, 'Attribute.object_id' => 0, ], + 'fields' => ['Attribute.type'], ]); if (empty($attributes)) { return array('templates' => array(), 'types' => array()); } - $attributeTypes = array(); - foreach ($attributes as $i => $attribute) { - $attributeTypes[$attribute['Attribute']['type']] = true; - $attributes[$i]['Attribute']['object_relation'] = $attribute['Attribute']['type']; - } - $attributeTypes = array_keys($attributeTypes); - $potentialTemplateIds = $this->ObjectTemplate->find('column', array( - 'recursive' => -1, - 'fields' => array( - 'ObjectTemplate.id', - ), - 'conditions' => array( - 'ObjectTemplate.active' => true, - 'ObjectTemplateElement.type' => $attributeTypes, - ), - 'joins' => array( - array( - 'table' => 'object_template_elements', - 'alias' => 'ObjectTemplateElement', - 'type' => 'RIGHT', - 'fields' => array('ObjectTemplateElement.object_relation', 'ObjectTemplateElement.type'), - 'conditions' => array('ObjectTemplate.id = ObjectTemplateElement.object_template_id') - ) - ), - 'group' => 'ObjectTemplate.id', - )); - - $templates = $this->ObjectTemplate->find('all', [ - 'recursive' => -1, - 'conditions' => ['id' => $potentialTemplateIds], - 'contain' => ['ObjectTemplateElement' => ['fields' => ['object_relation', 'type', 'multiple']]] - ]); - - foreach ($templates as $i => $template) { - $res = $this->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $attributes); - $templates[$i]['ObjectTemplate']['compatibility'] = $res['valid'] ? true : $res['missingTypes']; - $templates[$i]['ObjectTemplate']['invalidTypes'] = $res['invalidTypes']; - $templates[$i]['ObjectTemplate']['invalidTypesMultiple'] = $res['invalidTypesMultiple']; - } - return array('templates' => $templates, 'types' => $attributeTypes); + $attributeTypes = array_column(array_column($attributes, 'Attribute'), 'type'); + return $this->ObjectTemplate->fetchPossibleTemplatesBasedOnTypes($attributeTypes); } public function groupAttributesIntoObject(array $user, $event_id, array $object, $template, array $selected_attribute_ids, array $selected_object_relation_mapping, $hard_delete_attribute) @@ -1647,4 +1701,17 @@ class MispObject extends AppModel return $newValue != $originalValue; } } + + private function getObjectAttributeHash($attribute) + { + if ($attribute['type'] === 'malware-sample') { + if (strpos($attribute['value'], '|') === false && !empty($attribute['data'])) { + $attribute['value'] = $attribute['value'] . '|' . md5(base64_decode($attribute['data'])); + } + } + $attributeValueAfterModification = AttributeValidationTool::modifyBeforeValidation($attribute['type'], $attribute['value']); + $attributeValueAfterModification = $this->Attribute->runRegexp($attribute['type'], $attributeValueAfterModification); + + return sha1($attribute['object_relation'] . $attribute['category'] . $attribute['type'] . $attributeValueAfterModification, true); + } } diff --git a/app/Model/Module.php b/app/Model/Module.php index 325408ec2..cb99a10fd 100644 --- a/app/Model/Module.php +++ b/app/Model/Module.php @@ -6,7 +6,8 @@ class Module extends AppModel { public $useTable = false; - private $__validTypes = array( + // private + const VALID_TYPES = array( 'Enrichment' => array('hover', 'expansion'), 'Import' => array('import'), 'Export' => array('export'), @@ -14,6 +15,7 @@ class Module extends AppModel 'Cortex' => array('cortex') ); + // private const TYPE_TO_FAMILY = array( 'Import' => 'Import', 'Export' => 'Export', @@ -23,7 +25,7 @@ class Module extends AppModel 'Cortex' => 'Cortex' ); - public $configTypes = array( + const CONFIG_TYPES = array( 'IP' => array( 'validation' => 'validateIPField', 'field' => 'text', @@ -351,7 +353,7 @@ class Module extends AppModel $result = array(); if (is_array($modules)) { foreach ($modules as $module) { - if (array_intersect($this->__validTypes[$moduleFamily], $module['meta']['module-type'])) { + if (array_intersect(self::VALID_TYPES[$moduleFamily], $module['meta']['module-type'])) { $moduleSettings = [ [ 'name' => 'enabled', diff --git a/app/Model/ObjectTemplate.php b/app/Model/ObjectTemplate.php index f82b89681..0062d231b 100644 --- a/app/Model/ObjectTemplate.php +++ b/app/Model/ObjectTemplate.php @@ -207,11 +207,69 @@ class ObjectTemplate extends AppModel } /** - * @param array $template - * @param array $attributes + * @param array $attributeTypes Array of attribute types to check, can contains multiple types * @return array */ - public function checkTemplateConformityBasedOnTypes(array $template, array $attributes) + public function fetchPossibleTemplatesBasedOnTypes(array $attributeTypes) + { + $uniqueAttributeTypes = array_unique($attributeTypes, SORT_REGULAR); + $potentialTemplateIds = $this->find('column', array( + 'recursive' => -1, + 'fields' => array( + 'ObjectTemplate.id', + ), + 'conditions' => array( + 'ObjectTemplate.active' => true, + 'ObjectTemplateElement.type' => $uniqueAttributeTypes, + ), + 'joins' => array( + array( + 'table' => 'object_template_elements', + 'alias' => 'ObjectTemplateElement', + 'type' => 'RIGHT', + 'fields' => array('ObjectTemplateElement.object_relation', 'ObjectTemplateElement.type'), + 'conditions' => array('ObjectTemplate.id = ObjectTemplateElement.object_template_id') + ) + ), + 'group' => 'ObjectTemplate.id', + )); + + $templates = $this->find('all', [ + 'recursive' => -1, + 'conditions' => ['id' => $potentialTemplateIds], + 'contain' => ['ObjectTemplateElement' => ['fields' => ['object_relation', 'type', 'multiple']]] + ]); + + foreach ($templates as $i => $template) { + $res = $this->checkTemplateConformityBasedOnTypes($template, $attributeTypes); + $templates[$i]['ObjectTemplate']['compatibility'] = $res['valid'] ? true : $res['missingTypes']; + $templates[$i]['ObjectTemplate']['invalidTypes'] = $res['invalidTypes']; + $templates[$i]['ObjectTemplate']['invalidTypesMultiple'] = $res['invalidTypesMultiple']; + } + + usort($templates, function($a, $b) { + if ($a['ObjectTemplate']['id'] == $b['ObjectTemplate']['id']) { + return 0; + } else if (is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { + return count($a['ObjectTemplate']['compatibility']) > count($b['ObjectTemplate']['compatibility']) ? 1 : -1; + } else if (is_array($a['ObjectTemplate']['compatibility']) && !is_array($b['ObjectTemplate']['compatibility'])) { + return 1; + } else if (!is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { + return -1; + } else { // sort based on invalidTypes count + return count($a['ObjectTemplate']['invalidTypes']) > count($b['ObjectTemplate']['invalidTypes']) ? 1 : -1; + } + }); + + return array('templates' => $templates, 'types' => $uniqueAttributeTypes); + } + + /** + * @param array $template + * @param array $attributeTypes Array of attribute types to check, can contains multiple types + * @return array + */ + public function checkTemplateConformityBasedOnTypes(array $template, array $attributeTypes) { $to_return = array('valid' => true, 'missingTypes' => array()); if (!empty($template['ObjectTemplate']['requirements'])) { @@ -222,13 +280,7 @@ class ObjectTemplate extends AppModel if (!empty($template['ObjectTemplate']['requirements']['required'])) { foreach ($template['ObjectTemplate']['requirements']['required'] as $requiredField) { $requiredType = $elementsByObjectRelationName[$requiredField]['type']; - $found = false; - foreach ($attributes as $attribute) { - if ($attribute['Attribute']['type'] === $requiredType) { - $found = true; - break; - } - } + $found = in_array($requiredType, $attributeTypes, true); if (!$found) { $to_return = array('valid' => false, 'missingTypes' => array($requiredType)); } @@ -241,11 +293,8 @@ class ObjectTemplate extends AppModel foreach ($template['ObjectTemplate']['requirements']['requiredOneOf'] as $requiredField) { $requiredType = $elementsByObjectRelationName[$requiredField]['type'] ?? null; $allRequiredTypes[] = $requiredType; - foreach ($attributes as $attribute) { - if ($attribute['Attribute']['type'] === $requiredType) { - $found = true; - break; - } + if (!$found) { + $found = in_array($requiredType, $attributeTypes, true); } } if (!$found) { @@ -262,17 +311,17 @@ class ObjectTemplate extends AppModel $valid_types[$templateElement['type']] = $templateElement['multiple']; } $check_for_multiple_type = array(); - foreach ($attributes as $attribute) { - if (isset($valid_types[$attribute['Attribute']['type']])) { - if (!$valid_types[$attribute['Attribute']['type']]) { // is not multiple - if (isset($check_for_multiple_type[$attribute['Attribute']['type']])) { - $to_return['invalidTypesMultiple'][] = $attribute['Attribute']['type']; + foreach ($attributeTypes as $attributeType) { + if (isset($valid_types[$attributeType])) { + if (!$valid_types[$attributeType]) { // is not multiple + if (isset($check_for_multiple_type[$attributeType])) { + $to_return['invalidTypesMultiple'][] = $attributeType; } else { - $check_for_multiple_type[$attribute['Attribute']['type']] = 1; + $check_for_multiple_type[$attributeType] = 1; } } } else { - $to_return['invalidTypes'][] = $attribute['Attribute']['type']; + $to_return['invalidTypes'][] = $attributeType; } } $to_return['invalidTypes'] = array_unique($to_return['invalidTypes'], SORT_REGULAR); diff --git a/app/Model/OrgBlocklist.php b/app/Model/OrgBlocklist.php index 531917390..ba69e1940 100644 --- a/app/Model/OrgBlocklist.php +++ b/app/Model/OrgBlocklist.php @@ -43,6 +43,24 @@ class OrgBlocklist extends AppModel return true; } + public function afterDelete() + { + parent::afterDelete(); + if (!empty($this->data['OrgBlocklist']['org_uuid'])) { + $this->cleanupBlockedCount($this->data['OrgBlocklist']['org_uuid']); + } + } + + public function afterFind($results, $primary = false) + { + foreach ($results as $k => $result) { + if (isset($result['OrgBlocklist']['org_uuid'])) { + $results[$k]['OrgBlocklist']['blocked_data'] = $this->getBlockedData($result['OrgBlocklist']['org_uuid']); + } + } + return $results; + } + /** * @param array $eventArray */ @@ -74,16 +92,7 @@ class OrgBlocklist extends AppModel } if (is_numeric($orgIdOrUuid)) { - $this->Organisation = ClassRegistry::init('Organisation'); - $orgUuid = $this->Organisation->find('first', [ - 'conditions' => ['Organisation.id' => $orgIdOrUuid], - 'fields' => ['Organisation.uuid'], - 'recursive' => -1, - ]); - if (empty($orgUuid)) { - return false; // org not found by ID, so it is not blocked - } - $orgUuid = $orgUuid['Organisation']['uuid']; + $orgUuid = $this->getUUIDFromID($orgIdOrUuid); } else { $orgUuid = $orgIdOrUuid; } @@ -92,4 +101,67 @@ class OrgBlocklist extends AppModel $this->blockedCache[$orgIdOrUuid] = $isBlocked; return $isBlocked; } + + private function getUUIDFromID($orgID) + { + $this->Organisation = ClassRegistry::init('Organisation'); + $orgUuid = $this->Organisation->find('first', [ + 'conditions' => ['Organisation.id' => $orgID], + 'fields' => ['Organisation.uuid'], + 'recursive' => -1, + ]); + if (empty($orgUuid)) { + return false; // org not found by ID, so it is not blocked + } + $orgUuid = $orgUuid['Organisation']['uuid']; + return $orgUuid; + } + + public function saveEventBlocked($orgIdOrUUID) + { + if (is_numeric($orgIdOrUUID)) { + $orgcUUID = $this->getUUIDFromID($orgIdOrUUID); + } else { + $orgcUUID = $orgIdOrUUID; + } + $lastBlockTime = time(); + $redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}"; + $redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}"; + $redis = RedisTool::init(); + if ($redis !== false) { + $pipe = $redis->multi(Redis::PIPELINE) + ->incr($redisKeyBlockAmount) + ->set($redisKeyBlockLastTime, $lastBlockTime); + $pipe->exec(); + } + } + + private function cleanupBlockedCount($orgcUUID) + { + $redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}"; + $redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}"; + $redis = RedisTool::init(); + if ($redis !== false) { + $pipe = $redis->multi(Redis::PIPELINE) + ->del($redisKeyBlockAmount) + ->del($redisKeyBlockLastTime); + $pipe->exec(); + } + } + + public function getBlockedData($orgcUUID) + { + $redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}"; + $redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}"; + $blockData = [ + 'blocked_amount' => false, + 'blocked_last_time' => false, + ]; + $redis = RedisTool::init(); + if ($redis !== false) { + $blockData['blocked_amount'] = $redis->get($redisKeyBlockAmount); + $blockData['blocked_last_time'] = $redis->get($redisKeyBlockLastTime); + } + return $blockData; + } } diff --git a/app/Model/OverCorrelatingValue.php b/app/Model/OverCorrelatingValue.php index 8dd898a95..e252540f1 100644 --- a/app/Model/OverCorrelatingValue.php +++ b/app/Model/OverCorrelatingValue.php @@ -10,6 +10,7 @@ class OverCorrelatingValue extends AppModel public static function truncate(string $value): string { + $value = mb_strtolower($value); return mb_substr($value, 0, 191); } @@ -45,11 +46,15 @@ class OverCorrelatingValue extends AppModel if (!$this->isBlocked($value)) { $value = self::truncate($value); $this->create(); - $this->save([ - 'value' => $value, - 'occurrence' => 0 - ]); - $this->blockedValues[$value] = true; + try { + $this->save([ + 'value' => mb_strtolower($value), + 'occurrence' => 0 + ]); + $this->blockedValues[$value] = true; + } catch (Exception $e) { + //most likely we ran into an issue with capitalisation, there's no reason to break the process for this + } } } diff --git a/app/Model/Role.php b/app/Model/Role.php index d75345067..b4274e33b 100644 --- a/app/Model/Role.php +++ b/app/Model/Role.php @@ -14,7 +14,7 @@ class Role extends AppModel 'name' => array( 'unique' => array( 'rule' => 'isUnique', - 'message' => 'A role with this name already exists.' // TODO i18n? + 'message' => 'A role with this name already exists.' ), 'valueNotEmpty' => array( 'rule' => array('valueNotEmpty'), @@ -324,7 +324,13 @@ class Role extends AppModel 'text' => 'Warninglist Editor', 'readonlyenabled' => false, 'title' => __('Allow to manage warninglists.'), - ) + ), + 'perm_view_feed_correlations' => array( + 'id' => 'RolePermViewFeedCorrelations', + 'text' => 'View Feed Correlations', + 'readonlyenabled' => true, + 'title' => __('Allow the viewing of feed correlations. Enabling this can come at a performance cost.'), + ), ); } } diff --git a/app/Model/Server.php b/app/Model/Server.php index 0d756b991..2c36b9b02 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -746,13 +746,13 @@ class Server extends AppModel } /** - * getElligibleClusterIdsFromServerForPull Get a list of cluster IDs that are present on the remote server and returns clusters that should be pulled + * Get a list of cluster IDs that are present on the remote server and returns clusters that should be pulled * * @param ServerSyncTool $serverSync * @param bool $onlyUpdateLocalCluster If set to true, only cluster present locally will be returned * @param array $eligibleClusters Array of cluster present locally that could potentially be updated. Linked to $onlyUpdateLocalCluster * @param array $conditions Conditions to be sent to the remote server while fetching accessible clusters IDs - * @return array List of cluster IDs to be pulled + * @return array List of cluster UUIDs to be pulled * @throws HttpSocketHttpException * @throws HttpSocketJsonException * @throws JsonException @@ -760,25 +760,47 @@ class Server extends AppModel public function getElligibleClusterIdsFromServerForPull(ServerSyncTool $serverSync, $onlyUpdateLocalCluster=true, array $eligibleClusters=array(), array $conditions=array()) { $this->log("Fetching eligible clusters from server #{$serverSync->serverId()} for pull: " . JsonTool::encode($conditions), LOG_INFO); + + if ($onlyUpdateLocalCluster && empty($eligibleClusters)) { + return []; // no clusters for update + } + $clusterArray = $this->fetchCustomClusterIdsFromServer($serverSync, $conditions=$conditions); if (empty($clusterArray)) { - return []; + return []; // empty remote clusters } + + /** @var GalaxyClusterBlocklist $GalaxyClusterBlocklist */ + $GalaxyClusterBlocklist = ClassRegistry::init('GalaxyClusterBlocklist'); + + if (!$onlyUpdateLocalCluster) { + /** @var GalaxyCluster $GalaxyCluster */ + $GalaxyCluster = ClassRegistry::init('GalaxyCluster'); + // Do not fetch clusters with the same or newer version that already exists on local instance + $eligibleClusters = $GalaxyCluster->find('list', [ + 'conditions' => ['GalaxyCluster.uuid' => array_column(array_column($clusterArray, 'GalaxyCluster'), 'uuid')], + 'fields' => ['GalaxyCluster.uuid', 'GalaxyCluster.version'], + ]); + } + + $clustersForPull = []; foreach ($clusterArray as $cluster) { - if (isset($eligibleClusters[$cluster['GalaxyCluster']['uuid']])) { - $localVersion = $eligibleClusters[$cluster['GalaxyCluster']['uuid']]; - if ($localVersion >= $cluster['GalaxyCluster']['version']) { - unset($eligibleClusters[$cluster['GalaxyCluster']['uuid']]); - } - } else { - if ($onlyUpdateLocalCluster) { - unset($eligibleClusters[$cluster['GalaxyCluster']['uuid']]); - } else { - $eligibleClusters[$cluster['GalaxyCluster']['uuid']] = true; + $clusterUuid = $cluster['GalaxyCluster']['uuid']; + + if ($GalaxyClusterBlocklist->checkIfBlocked($clusterUuid)) { + continue; // skip blocked clusters + } + + if (isset($eligibleClusters[$clusterUuid])) { + $localVersion = $eligibleClusters[$clusterUuid]; + if ($localVersion < $cluster['GalaxyCluster']['version']) { + $clustersForPull[] = $clusterUuid; } + } elseif (!$onlyUpdateLocalCluster) { + $clustersForPull[] = $clusterUuid; } } - return array_keys($eligibleClusters); + return $clustersForPull; } /** @@ -2132,7 +2154,7 @@ class Server extends AppModel return true; } - public function otpBeforeHook($setting, $value) + public function email_otpBeforeHook($setting, $value) { if ($value && !empty(Configure::read('MISP.disable_emailing'))) { return __('Emailing is currently disabled. Enabling OTP without e-mailing being configured would lock all users out.'); @@ -2140,6 +2162,17 @@ class Server extends AppModel return true; } + public function otpBeforeHook($setting, $value) + { + if ($value && (!class_exists('\OTPHP\TOTP') || !class_exists('\BaconQrCode\Writer'))) { + return __('The TOTP and QR code generation libraries are not installed. Enabling OTP without those libraries installed would lock all users out.'); + } + if ($value && Configure::read('LinOTPAuth.enabled')) { + return __('The TOTP and LinOTPAuth should not be used at the same time.'); + } + return true; + } + public function testForRPZSerial($value) { if ($this->testForEmpty($value) !== true) { @@ -3249,7 +3282,7 @@ class Server extends AppModel $indexDiff = array(); foreach ($expectedIndex as $tableName => $indexes) { if (!array_key_exists($tableName, $actualIndex)) { - continue; // If table does not exists, it is covered by the schema diagnostic + continue; // If table does not exist, it is covered by the schema diagnostic } $tableIndexDiff = array_diff(array_keys($indexes), array_keys($actualIndex[$tableName])); // check for missing indexes foreach ($tableIndexDiff as $columnDiff) { @@ -3996,21 +4029,29 @@ class Server extends AppModel try { $composer = FileAccessTool::readJsonFromFile(APP . DS . 'composer.json'); $extensions = []; + $dependencies = []; foreach ($composer['require'] as $require => $foo) { if (substr($require, 0, 4) === 'ext-') { $extensions[substr($require, 4)] = true; } + else if (mb_strpos($require, '/') !== false) { // external dependencies have namespaces, so a / + $dependencies[$require] = true; + } } foreach ($composer['suggest'] as $suggest => $reason) { if (substr($suggest, 0, 4) === 'ext-') { $extensions[substr($suggest, 4)] = $reason; } + else if (mb_strpos($suggest, '/') !== false) { // external dependencies have namespaces, so a / + $dependencies[$suggest] = $reason; + } } } catch (Exception $e) { $this->logException('Could not load extensions from composer.json', $e, LOG_NOTICE); $extensions = ['redis' => '', 'gd' => '', 'ssdeep' => '', 'zip' => '', 'intl' => '']; // Default extensions } + // check PHP extensions $results = ['cli' => false]; foreach ($extensions as $extension => $reason) { $results['extensions'][$extension] = [ @@ -4022,9 +4063,9 @@ class Server extends AppModel 'info' => $reason === true ? null : $reason, ]; } - if (is_readable(APP . '/files/scripts/selftest.php')) { + if (is_readable(APP . DS . 'files' . DS . 'scripts' . DS . 'selftest.php')) { try { - $execResult = ProcessTool::execute(['php', APP . '/files/scripts/selftest.php', json_encode(array_keys($extensions))]); + $execResult = ProcessTool::execute(['php', APP . DS . 'files' . DS . 'scripts' . DS . 'selftest.php', json_encode(array_keys($extensions))]); } catch (Exception $e) { // pass } @@ -4037,6 +4078,7 @@ class Server extends AppModel } } + // version check $minimalVersions = [ 'redis' => '2.2.8', // because of sAddArray method ]; @@ -4052,6 +4094,24 @@ class Server extends AppModel } } } + + // check PHP dependencies, installed in the Vendor directory, just check presence of the folder + if (class_exists('\Composer\InstalledVersions')) { + foreach ($dependencies as $dependency => $reason) { + try { + $version = \Composer\InstalledVersions::getVersion($dependency); + } catch (Exception $e) { + $version = false; + } + $results['dependencies'][$dependency] = [ + 'version' => $version, + 'version_outdated' => false, + 'required' => $reason === true, + 'info' => $reason === true ? null : $reason, + ]; + } + } + return $results; } @@ -4075,7 +4135,11 @@ class Server extends AppModel $current = implode('.', $version_array); $upToDate = version_compare($current, substr($newest, 1)); - if ($upToDate === 0) { + if ($newest === null && (Configure::read('MISP.online_version_check') || !Configure::check('MISP.online_version_check'))) { + $upToDate = 'error'; + } elseif ($newest === null && (!Configure::read('MISP.online_version_check') && Configure::check('MISP.online_version_check'))) { + $upToDate = 'disabled'; + } elseif ($upToDate === 0) { $upToDate = 'same'; } else { $upToDate = $upToDate === -1 ? 'older' : 'newer'; @@ -4111,11 +4175,15 @@ class Server extends AppModel */ public function getCurrentGitStatus($checkVersion = false) { - $HttpSocket = $this->setupHttpSocket(null, null, 3); - try { - $latestCommit = GitTool::getLatestCommit($HttpSocket); - } catch (Exception $e) { - $latestCommit = false; + $latestCommit = false; + + if (Configure::read('MISP.online_version_check') || !Configure::check('MISP.online_version_check')) { + $HttpSocket = $this->setupHttpSocket(null, null, 3); + try { + $latestCommit = GitTool::getLatestCommit($HttpSocket); + } catch (Exception $e) { + $latestCommit = false; + } } $output = [ @@ -4124,7 +4192,7 @@ class Server extends AppModel 'latestCommit' => $latestCommit, ]; if ($checkVersion) { - $output['version'] = $latestCommit ? $this->checkRemoteVersion($HttpSocket) : false; + $output['version'] = $latestCommit ? $this->checkRemoteVersion($HttpSocket) : $this->checkVersion(null); } return $output; } @@ -5539,7 +5607,7 @@ class Server extends AppModel ), 'log_client_ip_header' => array( 'level' => 1, - 'description' => __('If log_client_ip is enabled, you can customize which header field contains the client\'s IP address. This is generally used when you have a reverse proxy infront of your MISP instance.'), + 'description' => __('If log_client_ip is enabled, you can customize which header field contains the client\'s IP address. This is generally used when you have a reverse proxy in front of your MISP instance. Prepend the variable with "HTTP_", for example "HTTP_X_FORWARDED_FOR".'), 'value' => 'REMOTE_ADDR', 'test' => 'testForEmpty', 'type' => 'string', @@ -5568,6 +5636,15 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'log_skip_access_logs_in_application_logs' => [ + 'level' => 0, + 'description' => __('Skip adding the access log entries to the /logs/ application logs. This is **HIGHLY** recommended as your instance will be logging these entries twice otherwise, however, for compatibility reasons for auditing we maintain this behaviour until confirmed otherwise.'), + 'value' => false, + 'errorMessage' => __('Access logs are logged twice. This is generally not recommended, make sure you update your tooling.'), + 'test' => 'testBoolTrue', + 'type' => 'boolean', + 'null' => true + ], 'log_paranoid' => array( 'level' => 0, 'description' => __('If this functionality is enabled all page requests will be logged. Keep in mind this is extremely verbose and will become a burden to your database.'), @@ -5576,9 +5653,17 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'log_paranoid_api' => array( + 'level' => 0, + 'description' => __('If this functionality is enabled all API requests will be logged.'), + 'value' => false, + 'test' => 'testBoolFalse', + 'type' => 'boolean', + 'null' => true + ), 'log_paranoid_skip_db' => array( 'level' => 0, - 'description' => __('You can decide to skip the logging of the paranoid logs to the database.'), + 'description' => __('You can decide to skip the logging of the paranoid logs to the database. Logs will be just published to ZMQ or Kafka.'), 'value' => false, 'test' => 'testParanoidSkipDb', 'type' => 'boolean', @@ -5592,6 +5677,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'log_paranoid_include_sql_queries' => [ + 'level' => 0, + 'description' => __('If paranoid logging is enabled, include the SQL queries in the entries.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ], 'log_user_ips' => array( 'level' => 0, 'description' => __('Log user IPs on each request. 30 day retention for lookups by IP to get the last authenticated user ID for the given IP, whilst on the reverse, indefinitely stores all associated IPs for a user ID.'), @@ -5632,6 +5725,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'discussion_disable' => [ + 'level' => 1, + 'description' => __('Completely disable ability for user to add discussion to events.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ], 'showCorrelationsOnIndex' => array( 'level' => 1, 'description' => __('When enabled, the number of correlations visible to the currently logged in user will be visible on the event index UI. This comes at a performance cost but can be very useful to see correlating events at a glance.'), @@ -6015,12 +6116,30 @@ class Server extends AppModel ], 'thumbnail_in_redis' => [ 'level' => self::SETTING_OPTIONAL, - 'description' => __('Store image thumbnails in Redis insteadof file system.'), + 'description' => __('Store image thumbnails in Redis instead of file system.'), 'value' => false, 'test' => 'testBool', 'type' => 'boolean', 'null' => true, ], + 'self_update' => [ + 'level' => self::SETTING_CRITICAL, + 'description' => __('Enable the GUI button for MISP self-update on the Diagnostics page.'), + 'value' => true, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true, + 'cli_only' => true, + ], + 'online_version_check' => [ + 'level' => self::SETTING_CRITICAL, + 'description' => __('Enable the online MISP version check when loading the Diagnostics page.'), + 'value' => true, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true, + 'cli_only' => true, + ], ), 'GnuPG' => array( 'branch' => 1, @@ -6280,6 +6399,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'mandate_ip_allowlist_advanced_authkeys' => array( + 'level' => 2, + 'description' => __('If enabled, setting an ip allowlist will be mandatory when adding or editing an advanced authkey.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ), 'disable_browser_cache' => array( 'level' => 0, 'description' => __('If enabled, HTTP headers that block browser cache will be send. Static files (like images or JavaScripts) will still be cached, but not generated pages.'), @@ -6304,12 +6431,29 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true, ], + 'otp_required' => array( + 'level' => 2, + 'description' => __('Require authentication with OTP. Users that do not have (T/H)OTP configured will be forced to create a token at first login. You cannot use it in combination with external authentication plugins.'), + 'value' => false, + 'test' => 'testBool', + 'beforeHook' => 'otpBeforeHook', + 'type' => 'boolean', + 'null' => true + ), + 'otp_issuer' => array( + 'level' => 2, + 'description' => __('If OTP is enabled, set the issuer string to an arbitrary value. Otherwise, MISP will default to "[MISP.org] MISP".'), + 'value' => false, + 'test' => 'testForEmpty', + 'type' => 'string', + 'null' => true + ), 'email_otp_enabled' => array( 'level' => 2, 'description' => __('Enable two step authentication with a OTP sent by email. Requires e-mailing to be enabled. Warning: You cannot use it in combination with external authentication plugins.'), 'value' => false, 'test' => 'testBool', - 'beforeHook' => 'otpBeforeHook', + 'beforeHook' => 'email_otpBeforeHook', 'type' => 'boolean', 'null' => true ), @@ -6355,6 +6499,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'allow_password_forgotten' => array( + 'level' => 1, + 'description' => __('Enabling this setting will allow users to request automated password reset tokens via mail and initiate a reset themselves. Users with no encryption keys will not be able to use this feature.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ), 'self_registration_message' => array( 'level' => 1, 'bigField' => true, @@ -6515,7 +6667,24 @@ class Server extends AppModel 'test' => 'testBool', 'type' => 'boolean', 'null' => true - ] + ], + 'disable_instance_file_uploads' => [ + 'level' => self::SETTING_RECOMMENDED, + 'description' => __('When enabled, the "Manage files" menu is disabled on the server settings. You can still copy files via ssh to the appropriate location and link them using MISP.settings.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true, + 'cli_only' => true + ], + 'disclose_user_emails' => array( + 'level' => 0, + 'description' => __('Enable this setting to allow for the user e-mail addresses to be shown to non site-admin users. Keep in mind that in broad communities this can be abused.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ), ), 'SecureAuth' => array( 'branch' => 1, @@ -7124,6 +7293,13 @@ class Server extends AppModel 'test' => 'testBool', 'type' => 'boolean' ), + 'Sightings_enable_realtime_publish' => array( + 'level' => 1, + 'description' => __('By default, sightings will not be immediately pushed to connected instances, as this can have a heavy impact on the performance of sighting attributes. Enable realtime publishing to trigger the publishing of sightings immediately as they are added.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean' + ), 'CustomAuth_enable' => array( 'level' => 2, 'description' => __('Enable this functionality if you would like to handle the authentication via an external tool and authenticate with MISP using a custom header.'), diff --git a/app/Model/ShadowAttribute.php b/app/Model/ShadowAttribute.php index 3c9e1ad2a..a6f4478ec 100644 --- a/app/Model/ShadowAttribute.php +++ b/app/Model/ShadowAttribute.php @@ -17,7 +17,7 @@ class ShadowAttribute extends AppModel { public $combinedKeys = array('event_id', 'category', 'type'); - public $name = 'ShadowAttribute'; // TODO general + public $name = 'ShadowAttribute'; public $recursive = -1; diff --git a/app/Model/Sighting.php b/app/Model/Sighting.php index 67907925d..2562b404d 100644 --- a/app/Model/Sighting.php +++ b/app/Model/Sighting.php @@ -220,18 +220,7 @@ class Sighting extends AppModel return []; } - // Create conditions for fetching just sightings that user can see according to sightings policy - $conditions = $this->createConditionsByAttributes($user, $attributes); - if (empty($conditions)) { - return []; - } - - $conditions['Sighting.id'] = $ids; - $sightings = $this->find('all', [ - 'recursive' => -1, - 'conditions' => $conditions, - 'order' => 'Sighting.id', - ]); + $sightings = $this->filterSightingsByAttributeACL($user, $attributes, $ids); if (empty($sightings)) { return []; @@ -369,6 +358,51 @@ class Sighting extends AppModel return $this->generateStatistics($groupedSightings, $csvWithFalsePositive); } + /** + * @param array $user + * @param array $attributes Attributes with `Attribute.id`, `Event.id` and `Event.org_id` fields + * @param array $ids + * @return array + */ + private function filterSightingsByAttributeACL(array $user, array $attributes, array $ids) + { + $sightingsPolicy = $this->sightingsPolicy(); + $attributesKeyed = []; + $hostOrgId = Configure::read('MISP.host_org_id'); + $userOrgId = $user['org_id']; + foreach ($attributes as $attribute) { + $attributesKeyed[$attribute['Attribute']['id']] = $attribute; + } + unset($attributes); + $sightings = $this->find('all', [ + 'recursive' => -1, + 'conditions' => [ + 'Sighting.id' => $ids + ], + 'order' => 'Sighting.id' + ]); + foreach ($sightings as $k => $sighting) { + $attribute = $attributesKeyed[$sighting['Sighting']['attribute_id']]; + $ownEvent = $attribute['Event']['org_id'] == $userOrgId; + if (!$ownEvent) { + if ($sightingsPolicy === self::SIGHTING_POLICY_EVENT_OWNER) { + if ($sighting['Sighting']['org_id'] != $userOrgId) { + unset($sightings[$k]); + } + } else if ($sightingsPolicy === self::SIGHTING_POLICY_SIGHTING_REPORTER) { + if (!$this->isreporter($attribute['Event']['id'], $userOrgId)) { + unset($sightings[$k]); + } + } else if ($sightingsPolicy === self::SIGHTING_POLICY_HOST_ORG) { + if (!in_array($sighting['Sighting']['org_id'], [$userOrgId, $hostOrgId])) { + unset($sightings[$k]); + } + } + } + } + return array_values($sightings); + } + /** * @param array $user * @param array $attributes Attributes with `Attribute.id`, `Event.id` and `Event.org_id` fields @@ -752,7 +786,7 @@ class Sighting extends AppModel foreach ($values as $value) { foreach (array('value1', 'value2') as $field) { $conditions['OR'][] = array( - 'LOWER(Attribute.' . $field . ') LIKE' => strtolower($value) + 'Attribute.' . $field => $value ); } } @@ -1357,10 +1391,7 @@ class Sighting extends AppModel $sightingsToSave = []; foreach ($sightings as $sighting) { $sighting = $sighting['Sighting']; - $attributeUuid = $sighting['Attribute']['uuid']; - $eventUuid = $sighting['Event']['uuid']; - unset($sighting['Event'], $sighting['Attribute']); - $sighting['attribute_uuid'] = $attributeUuid; + $eventUuid = $sighting['event_uuid']; $sightingsToSave[$eventUuid][] = $sighting; } diff --git a/app/Model/SystemSetting.php b/app/Model/SystemSetting.php index bf98c49f0..d30eefcd4 100644 --- a/app/Model/SystemSetting.php +++ b/app/Model/SystemSetting.php @@ -21,6 +21,8 @@ class SystemSetting extends AppModel 'MISP.tmpdir', 'MISP.system_setting_db', 'MISP.attachments_dir', + 'MISP.self_update', + 'MISP.online_version_check', ]; // Allow to set config values just for these categories diff --git a/app/Model/Tag.php b/app/Model/Tag.php index d3c67fe9a..25388043a 100644 --- a/app/Model/Tag.php +++ b/app/Model/Tag.php @@ -459,7 +459,7 @@ class Tag extends AppModel $tags_temp = $this->find('all', $tag_params); $tags = array(); foreach ($tags_temp as $temp) { - $tags[strtoupper($temp['Tag']['name'])] = $temp; + $tags[mb_strtolower($temp['Tag']['name'])] = $temp; } return $tags; } diff --git a/app/Model/TaxiiServer.php b/app/Model/TaxiiServer.php new file mode 100644 index 000000000..343619965 --- /dev/null +++ b/app/Model/TaxiiServer.php @@ -0,0 +1,251 @@ + [ + 'roleModel' => 'Role', + 'roleKey' => 'role_id', + 'change' => 'full' + ], + 'Containable' + ]; + + private $Job = null; + private $Event = null; + private $Allowedlist = null; + + public function beforeValidate($options = array()) + { + parent::beforeValidate(); + if (empty($this->id) && empty($this->data['TaxiiServer']['uuid'])) { + $this->data['TaxiiServer']['uuid'] = CakeText::uuid(); + } + return true; + } + + public function pushRouter($id, $user) + { + if (Configure::read('MISP.background_jobs')) { + /** @var Job $job */ + $job = ClassRegistry::init('Job'); + $jobId = $job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', "Taxii Server ID: $id", 'Pushing.'); + + return $this->getBackgroundJobsTool()->enqueue( + BackgroundJobsTool::DEFAULT_QUEUE, + BackgroundJobsTool::CMD_SERVER, + [ + 'push_taxii', + $user['id'], + $id, + $jobId + ], + true, + $jobId + ); + } + + return $this->push($id, $user); + } + + public function push($id, $user, $jobId = null) + { + $this->Event = ClassRegistry::init('Event'); + $this->Job = ClassRegistry::init('Job'); + $taxii_server = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + $filters = $this->__setPushFilters($taxii_server); + $elementCounter = 0; + $eventid = $this->Event->filterEventIds($user, $filters, $elementCounter); + $eventCount = count($eventid); + + $attribute_coefficient = Configure::check('MISP.default_attribute_memory_coefficient') ? Configure::read('MISP.default_attribute_memory_coefficient') : 80; + + $exportTool = ['memory_scaling_factor' => $attribute_coefficient]; + $eventids_chunked = $this->Event->clusterEventIds($exportTool, $eventid); + $i = 1; + $this->Allowedlist = ClassRegistry::init('Allowedlist'); + foreach ($eventids_chunked as $eventids) { + $this->__pushEvents($user, $taxii_server, $filters, $eventids, $i, $jobId, $eventCount); + } + unset($eventid); + return true; + } + + private function __setPushFilters($taxii_server) + { + $filters = empty($taxii_server['TaxiiServer']['filters']) ? [] : json_decode($taxii_server['TaxiiServer']['filters'], true); + $filters['include_attribute_count'] = 1; + return $filters; + } + + private function __pushEvents($user, $taxii_server, $filters, $eventids, &$i, $jobId = null, $eventCount) + { + $filters['eventid'] = $eventids; + if (!empty($filters['tags']['NOT'])) { + $filters['blockedAttributeTags'] = $filters['tags']['NOT']; + unset($filters['tags']['NOT']); + } + $result = $this->Event->fetchEvent($user, $filters, true); + + $result = $this->Allowedlist->removeAllowedlistedFromArray($result, false); + $temporaryFolder = $this->temporaryFolder(); + $temporaryFolderPath = $temporaryFolder['dir']->path; + $this->Job->id = $jobId; + foreach ($result as $event) { + $temporaryFile = $this->temporaryFile($temporaryFolderPath); + $temporaryFile->write( + JsonTool::encode( + JSONConverterTool::convert($event, false, true) + ) + ); + $temporaryFile->close(); + if ($jobId && $i % 10 == 0) { + $this->Job->saveField('progress', intval((100 * $i) / $eventCount)); + $this->Job->saveField('message', 'Pushing Event ' . $i . '/' . $eventCount . '.'); + } + $i++; + } + // execute python script here!!! + $scriptFile = APP . 'files/scripts/taxii/taxii_push.py'; + $command = [ + ProcessTool::pythonBin(), + $scriptFile, + '--dir', $temporaryFolder['dir']->path, + '--baseurl', $taxii_server['TaxiiServer']['baseurl'], + '--api_root', $taxii_server['TaxiiServer']['api_root'], + '--key', $taxii_server['TaxiiServer']['api_key'], + '--collection', $taxii_server['TaxiiServer']['collection'] + ]; + $result = ProcessTool::execute($command, null, true); + $temporaryFolder['dir']->delete(); + if ($jobId) { + $this->Job->saveField('progress', 100); + $this->Job->saveField('message', 'Done, pushed ' . $i . ' events to TAXII server.'); + } + } + + private function temporaryFolder() + { + $tmpDir = Configure::check('MISP.tmpdir') ? Configure::read('MISP.tmpdir') : '/tmp'; + $random = (new RandomTool())->random_str(true, 12); + $dir = new Folder($tmpDir . '/Taxii/' . $random, true); + return [ + 'random' => $random, + 'dir' => $dir + ]; + } + + private function temporaryFile($temporaryFolder) + { + $random = (new RandomTool())->random_str(true, 12); + return new File($temporaryFolder . '/' . $random . '.json', true, 0644); + } + + public function queryInstance($options) + { + $url = $options['TaxiiServer']['baseurl'] . $options['TaxiiServer']['uri']; + App::uses('HttpSocket', 'Network/Http'); + $HttpSocket = new HttpSocket(); + $request = [ + 'header' => [ + 'Accept' => 'application/taxii+json;version=2.1', + 'Content-type' => 'application/taxii+json;version=2.1' + ] + ]; + if (!empty($options['TaxiiServer']['api_key'])) { + $request['header']['Authorization'] = 'basic ' . $options['TaxiiServer']['api_key']; + } + try { + if (!empty($options['type']) && $options['type'] === 'post') { + $response = $HttpSocket->post($url, json_encode($options['body']), $request); + } else { + if (empty($options['query'])) { + $options['query'] = null; + } + $response = $HttpSocket->get( + $url, + $options['query'], + $request + ); + } + if ($response->isOk()) { + return json_decode($response->body, true); + } + } catch (SocketException $e) { + throw new BadRequestException(__('Something went wrong. Error returned: %s', $e->getMessage())); + } + if ($response->code === 403 || $response->code === 401) { + throw new ForbiddenException(__('Authentication failed.')); + } + throw new BadRequestException(__('Something went wrong with the request or the remote side is having issues.')); + } + + public function getCollections($id) + { + $taxii_server = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + $taxii_server['TaxiiServer']['uri'] = '/' . $taxii_server['TaxiiServer']['api_root'] . '/collections/'; + $response = $this->queryInstance([ + 'TaxiiServer' => $taxii_server['TaxiiServer'], + 'type' => 'get' + ]); + if (empty($response['collections'])) { + throw new BadRequestException(__('No collections found.')); + } + return $response['collections']; + } + + public function getObjects($id, $collection_id = null, $next = null) + { + $taxii_server = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + if (empty($collection_id)) { + $collection_id = $taxii_server['TaxiiServer']['collection']; + } + $taxii_server['TaxiiServer']['uri'] = '/' . $taxii_server['TaxiiServer']['api_root'] . '/collections/' . $collection_id . '/objects/'; + $response = $this->queryInstance([ + 'TaxiiServer' => $taxii_server['TaxiiServer'], + 'type' => 'get', + 'query' => [ + 'limit' => 50, + 'next' => $next + ] + ]); + if (empty($response['objects'])) { + throw new BadRequestException(__('No objects found in collection with the given query parameters.')); + } + return $response; + } + + public function getObject($id, $server_id, $collection_id) + { + $taxii_server = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $server_id] + ]); + $taxii_server['TaxiiServer']['uri'] = '/' . $taxii_server['TaxiiServer']['api_root'] . '/collections/' . $collection_id . '/objects/' . $id . '/'; + $response = $this->queryInstance([ + 'TaxiiServer' => $taxii_server['TaxiiServer'], + 'type' => 'get' + ]); + if (empty($response['objects'])) { + throw new BadRequestException(__('Invalid object or object not found in the given collection.')); + } + return $response['objects'][0]; + } +} diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index f2360ac86..69da0349d 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -33,6 +33,8 @@ class Taxonomy extends AppModel ) ); + private $__taxonomyConflicts = []; + public function update() { $existing = $this->find('all', array( @@ -118,7 +120,7 @@ class Taxonomy extends AppModel $current = $this->find('first', array( 'conditions' => array('namespace' => $vocab['namespace']), 'recursive' => -1, - 'fields' => array('version', 'enabled', 'namespace') + 'fields' => array('version', 'enabled', 'namespace', 'highlighted') )); $current = empty($current) ? [] : $current['Taxonomy']; $result = $this->__updateVocab($vocab, $current); @@ -147,6 +149,7 @@ class Taxonomy extends AppModel 'version' => $vocab['version'], 'exclusive' => !empty($vocab['exclusive']), 'enabled' => $enabled, + 'highlighted' => !empty($vocab['highlighted']), ]]; $predicateLookup = array(); foreach ($vocab['predicates'] as $k => $predicate) { @@ -176,15 +179,10 @@ class Taxonomy extends AppModel /** * @param int|string $id Taxonomy ID or namespace - * @param string|null $options * @return array|false */ - private function __getTaxonomy($id, $options = array('full' => false, 'filter' => false)) + private function __getTaxonomy($id) { - $filter = false; - if (isset($options['filter'])) { - $filter = $options['filter']; - } if (!is_numeric($id)) { $conditions = ['Taxonomy.namespace' => trim(mb_strtolower($id))]; } else { @@ -236,17 +234,10 @@ class Taxonomy extends AppModel $entries[] = $temp; } } - $taxonomy = array('Taxonomy' => $taxonomy['Taxonomy']); - if ($filter) { - $filter = mb_strtolower($filter); - $namespaceLength = strlen($taxonomy['Taxonomy']['namespace']); - foreach ($entries as $k => $entry) { - if (strpos(substr(mb_strtolower($entry['tag']), $namespaceLength), $filter) === false) { - unset($entries[$k]); - } - } - } - $taxonomy['entries'] = $entries; + $taxonomy = [ + 'Taxonomy' => $taxonomy['Taxonomy'], + 'entries' => $entries, + ]; return $taxonomy; } @@ -264,8 +255,13 @@ class Taxonomy extends AppModel { $taxonomies = $this->find('all', [ 'fields' => ['namespace'], - 'contain' => ['TaxonomyPredicate' => ['TaxonomyEntry']], + 'recursive' => -1, + 'contain' => ['TaxonomyPredicate' => [ + 'fields' => ['value'], + 'TaxonomyEntry' => ['fields' => ['value']]], + ], ]); + $allTaxonomyTags = []; foreach ($taxonomies as $taxonomy) { $namespace = $taxonomy['Taxonomy']['namespace']; @@ -326,7 +322,7 @@ class Taxonomy extends AppModel public function getTaxonomyTags($id, $upperCase = false, $existingOnly = false) { - $taxonomy = $this->__getTaxonomy($id, array('full' => true, 'filter' => false)); + $taxonomy = $this->__getTaxonomy($id); if ($existingOnly) { $this->Tag = ClassRegistry::init('Tag'); $tags = $this->Tag->find('list', array('fields' => array('name'), 'order' => array('UPPER(Tag.name) ASC'))); @@ -352,45 +348,31 @@ class Taxonomy extends AppModel /** * @param int|string $id Taxonomy ID or namespace - * @param array|null $options + * @param bool $full Add tag information to entries * @return array|false */ - public function getTaxonomy($id, $options = array('full' => true)) + public function getTaxonomy($id, $full = true) { - $taxonomy = $this->__getTaxonomy($id, $options); + $taxonomy = $this->__getTaxonomy($id); if (empty($taxonomy)) { return false; } - $this->Tag = ClassRegistry::init('Tag'); - if (isset($options['full']) && $options['full']) { + if ($full) { + $this->Tag = ClassRegistry::init('Tag'); $tagNames = array_column($taxonomy['entries'], 'tag'); $tags = $this->Tag->getTagsByName($tagNames, false); - $filterActive = false; - if (isset($options['enabled'])) { - $filterActive = true; - $enabledTag = isset($options['enabled']) ? $options['enabled'] : null; - } - if (isset($taxonomy['entries'])) { - foreach ($taxonomy['entries'] as $key => $temp) { - if (isset($tags[strtoupper($temp['tag'])])) { - $existingTag = $tags[strtoupper($temp['tag'])]; - if ($filterActive && $options['enabled'] == $existingTag['Tag']['hide_tag']) { - unset($taxonomy['entries'][$key]); - continue; - } - $taxonomy['entries'][$key]['existing_tag'] = $existingTag; - // numerical_value is overridden at tag level. Propagate the override further up - if (isset($existingTag['Tag']['original_numerical_value'])) { - $taxonomy['entries'][$key]['original_numerical_value'] = $existingTag['Tag']['original_numerical_value']; - $taxonomy['entries'][$key]['numerical_value'] = $existingTag['Tag']['numerical_value']; - } - } else { - if ($filterActive) { - unset($taxonomy['entries'][$key]); - } else { - $taxonomy['entries'][$key]['existing_tag'] = false; - } + foreach ($taxonomy['entries'] as $key => $temp) { + $tagLower = mb_strtolower($temp['tag']); + if (isset($tags[$tagLower])) { + $existingTag = $tags[$tagLower]; + $taxonomy['entries'][$key]['existing_tag'] = $existingTag; + // numerical_value is overridden at tag level. Propagate the override further up + if (isset($existingTag['Tag']['original_numerical_value'])) { + $taxonomy['entries'][$key]['original_numerical_value'] = $existingTag['Tag']['original_numerical_value']; + $taxonomy['entries'][$key]['numerical_value'] = $existingTag['Tag']['numerical_value']; } + } else { + $taxonomy['entries'][$key]['existing_tag'] = false; } } } @@ -401,7 +383,7 @@ class Taxonomy extends AppModel { App::uses('ColourPaletteTool', 'Tools'); $paletteTool = new ColourPaletteTool(); - $taxonomy = $this->__getTaxonomy($id, array('full' => true)); + $taxonomy = $this->__getTaxonomy($id); $colours = $paletteTool->generatePaletteFromString($taxonomy['Taxonomy']['namespace'], count($taxonomy['entries'])); $this->Tag = ClassRegistry::init('Tag'); $tags = $this->Tag->getTagsForNamespace($taxonomy['Taxonomy']['namespace'], false); @@ -440,7 +422,7 @@ class Taxonomy extends AppModel $this->Tag = ClassRegistry::init('Tag'); App::uses('ColourPaletteTool', 'Tools'); $paletteTool = new ColourPaletteTool(); - $taxonomy = $this->__getTaxonomy($id, array('full' => true)); + $taxonomy = $this->__getTaxonomy($id); if (empty($taxonomy)) { return false; } @@ -486,7 +468,7 @@ class Taxonomy extends AppModel if ($tagList) { $tags = $tagList; } else { - $taxonomy = $this->__getTaxonomy($id, array('full' => true)); + $taxonomy = $this->__getTaxonomy($id); foreach ($taxonomy['entries'] as $entry) { $tags[] = $entry['tag']; } @@ -513,7 +495,7 @@ class Taxonomy extends AppModel $this->Tag = ClassRegistry::init('Tag'); App::uses('ColourPaletteTool', 'Tools'); $paletteTool = new ColourPaletteTool(); - $taxonomy = $this->__getTaxonomy($id, array('full' => true)); + $taxonomy = $this->__getTaxonomy($id); $tags = $this->Tag->getTagsForNamespace($taxonomy['Taxonomy']['namespace']); $colours = $paletteTool->generatePaletteFromString($taxonomy['Taxonomy']['namespace'], count($taxonomy['entries'])); foreach ($taxonomy['entries'] as $k => $entry) { @@ -546,7 +528,7 @@ class Taxonomy extends AppModel $this->Tag = ClassRegistry::init('Tag'); App::uses('ColourPaletteTool', 'Tools'); $paletteTool = new ColourPaletteTool(); - $taxonomy = $this->__getTaxonomy($id, array('full' => true)); + $taxonomy = $this->__getTaxonomy($id); $tags = $this->Tag->getTagsForNamespace($taxonomy['Taxonomy']['namespace']); $colours = $paletteTool->generatePaletteFromString($taxonomy['Taxonomy']['namespace'], count($taxonomy['entries'])); foreach ($taxonomy['entries'] as $k => $entry) { @@ -613,7 +595,6 @@ class Taxonomy extends AppModel if ($splits === null) { return false; // not a taxonomy tag } - $key = "misp:taxonomies_cache:tagName=$tagName&fullTaxonomy=$fullTaxonomy"; try { @@ -699,6 +680,12 @@ class Taxonomy extends AppModel // at this point, we have a duplicated namespace(-predicate) $taxonomy = $this->getTaxonomyForTag($newTagName); if (!empty($taxonomy['Taxonomy']['exclusive'])) { + if ( + ($newTagName === 'tlp:white' && in_array('tlp:clear', $tagNameList)) || + ($newTagName === 'tlp:clear' && in_array('tlp:white', $tagNameList)) + ) { + return true; + } return false; // only one tag of this taxonomy is allowed } elseif (!empty($taxonomy['TaxonomyPredicate'][0]['exclusive'])) { return false; // only one tag belonging to this predicate is allowed @@ -743,19 +730,33 @@ class Taxonomy extends AppModel $conflictingTaxonomy = array(); foreach ($tagNameList as $tagName) { $tagShortened = $this->stripLastTagComponent($tagName); + // No exclusivity in non taxonomy tags. + if ($tagShortened === '') { + continue; + } if (isset($potentiallyConflictingTaxonomy[$tagShortened])) { - $potentiallyConflictingTaxonomy[$tagShortened]['taxonomy'] = $this->getTaxonomyForTag($tagName); + if (!isset($this->__taxonomyConflicts[$tagShortened])) { + $this->__taxonomyConflicts[$tagShortened] = $this->getTaxonomyForTag($tagName); + } $potentiallyConflictingTaxonomy[$tagShortened]['count']++; } else { - $potentiallyConflictingTaxonomy[$tagShortened] = array( + $potentiallyConflictingTaxonomy[$tagShortened] = [ 'count' => 1 - ); + ]; } $potentiallyConflictingTaxonomy[$tagShortened]['tagNames'][] = $tagName; } - foreach ($potentiallyConflictingTaxonomy as $potTaxonomy) { + if ( + !empty($potentiallyConflictingTaxonomy['tlp']) && + count($potentiallyConflictingTaxonomy['tlp']['tagNames']) == 2 && + in_array('tlp:white', $potentiallyConflictingTaxonomy['tlp']['tagNames']) && + in_array('tlp:clear', $potentiallyConflictingTaxonomy['tlp']['tagNames']) + ) { + unset($potentiallyConflictingTaxonomy['tlp']); + } + foreach ($potentiallyConflictingTaxonomy as $taxonomyName => $potTaxonomy) { if ($potTaxonomy['count'] > 1) { - $taxonomy = $potTaxonomy['taxonomy']; + $taxonomy = $this->__taxonomyConflicts[$taxonomyName]; if (isset($taxonomy['Taxonomy']['exclusive']) && $taxonomy['Taxonomy']['exclusive']) { $conflictingTaxonomy[] = array( 'tags' => $potTaxonomy['tagNames'], @@ -869,4 +870,46 @@ class Taxonomy extends AppModel { return $this->Tag->mergeTag($source_id, $target_id); } + + /** + * @return array + */ + public function getHighlightedTaxonomies() + { + return $this->find('all', [ + 'conditions' => [ + 'highlighted' => 1, + ] + ]); + } + + /** + * + * @param array $highlightedTaxonomies + * @param array $tags + * @return array + */ + public function getHighlightedTags($highlightedTaxonomies, $tags) + { + $highlightedTags = []; + if (is_array($highlightedTaxonomies) && !empty($highlightedTaxonomies)) { + foreach ($highlightedTaxonomies as $k => $taxonomy) { + $highlightedTags[$k] = [ + 'taxonomy' => $taxonomy, + 'tags' => [] + ]; + + foreach ($tags as $tag) { + $splits = $this->splitTagToComponents($tag['Tag']['name']); + if (!empty($splits) && $splits['namespace'] === $taxonomy['Taxonomy']['namespace']) { + $highlightedTags[$k]['tags'][] = $tag; + } + } + } + + return $highlightedTags; + } + + return $highlightedTags; + } } diff --git a/app/Model/User.php b/app/Model/User.php index 74d85e4e8..dee18d411 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -849,7 +849,7 @@ class User extends AppModel return true; } - $this->loadLog(); + $log = $this->loadLog(); $replyToLog = $replyToUser ? ' from ' . $replyToUser['User']['email'] : ''; $gpg = $this->initializeGpg(); @@ -859,8 +859,8 @@ class User extends AppModel } catch (SendEmailException $e) { $this->logException("Exception during sending e-mail", $e); - $this->Log->create(); - $this->Log->save(array( + $log->create(); + $log->save(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], @@ -876,8 +876,8 @@ class User extends AppModel // Intentional two spaces to pass test :) $logTitle .= $replyToLog . ' to ' . $user['User']['email'] . ' sent, titled "' . $result['subject'] . '".'; - $this->Log->create(); - $this->Log->save(array( + $log->create(); + $log->save(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], @@ -1229,6 +1229,15 @@ class User extends AppModel public function extralog($user, $action = null, $description = null, $fieldsResult = null, $modifiedUser = null) { + if (!is_array($user) && $user === 'SYSTEM') { + $user = [ + 'id' => 0, + 'email' => 'SYSTEM', + 'Organisation' => [ + 'name' => 'SYSTEM' + ] + ]; + } // new data $model = 'User'; $modelId = $user['id']; @@ -1414,6 +1423,8 @@ class User extends AppModel /** * Updates `last_api_access` time in database. + * Always update when MISP.store_api_access_time is set. + * Only update every hour when it isn't set * * @param array $user * @return array|bool @@ -1424,8 +1435,11 @@ class User extends AppModel if (!isset($user['id'])) { throw new InvalidArgumentException("Invalid user object provided."); } - $user['last_api_access'] = time(); - return $this->save($user, true, array('id', 'last_api_access')); + $storeAPITime = Configure::read('MISP.store_api_access_time'); + if ((!empty($storeAPITime) && $storeAPITime) || $user['last_api_access'] < time() - 60*60) { + $user['last_api_access'] = time(); + return $this->save($user, true, array('id', 'last_api_access')); + } } /** @@ -1458,18 +1472,23 @@ class User extends AppModel */ public function checkIfUserIsValid(array $user) { - $auth = Configure::read('Security.auth'); - if (!$auth) { - return true; + static $oidc; + + if ($oidc === null) { + $auth = Configure::read('Security.auth'); + if (!$auth) { + return true; + } + if (!is_array($auth)) { + throw new Exception("`Security.auth` config value must be array."); + } + if (!in_array('OidcAuth.Oidc', $auth, true)) { + return true; // this method currently makes sense just for OIDC auth provider + } + App::uses('Oidc', 'OidcAuth.Lib'); + $oidc = new Oidc($this); } - if (!is_array($auth)) { - throw new Exception("`Security.auth` config value must be array."); - } - if (!in_array('OidcAuth.Oidc', $auth, true)) { - return true; // this method currently makes sense just for OIDC auth provider - } - App::uses('Oidc', 'OidcAuth.Lib'); - $oidc = new Oidc($this); + return $oidc->isUserValid($user); } @@ -1971,4 +1990,115 @@ class User extends AppModel } return $users; } + + public function checkForSessionDestruction($id) + { + if (empty(CakeSession::read('creation_timestamp'))) { + return false; + } + $redis = $this->setupRedis(); + if ($redis) { + $cutoff = $redis->get('misp:session_destroy:' . $id); + $allcutoff = $redis->get('misp:session_destroy:all'); + if ( + empty($cutoff) || + ( + !empty($cutoff) && + !empty($allcutoff) && + $allcutoff < $cutoff + ) + ) { + $cutoff = $allcutoff; + } + if ($cutoff && CakeSession::read('creation_timestamp') < $cutoff) { + return true; + } + } + return false; + } + + public function forgotRouter($email, $ip) + { + if (Configure::read('MISP.background_jobs')) { + /** @var Job $job */ + $job = ClassRegistry::init('Job'); + $dummyUser = [ + 'email' => 'SYSTEM', + 'org_id' => 0, + 'role_id' => 0 + ]; + $jobId = $job->createJob($dummyUser, Job::WORKER_EMAIL, 'forgot_password', $email, 'Sending...'); + + $args = [ + 'jobForgot', + $email, + $ip, + $jobId, + ]; + + $this->getBackgroundJobsTool()->enqueue( + BackgroundJobsTool::EMAIL_QUEUE, + BackgroundJobsTool::CMD_ADMIN, + $args, + true, + $jobId + ); + + return true; + } else { + return $this->forgot($email); + } + } + + public function forgot($email, $ip, $jobId = null) + { + $user = $this->find('first', [ + 'recursive' => -1, + 'conditions' => [ + 'User.email' => $email, + 'User.disabled' => 0 + ] + ]); + if (empty($user)) { + return false; + } + $redis = $this->setupRedis(); + $token = RandomTool::random_str(true, 40, '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'); + $redis->set('misp:forgot:' . $token, $user['User']['id'], ['nx', 'ex' => 600]); + $baseurl = Configure::check('MISP.external_baseurl') ? Configure::read('MISP.external_baseurl') : Configure::read('MISP.baseurl'); + $body = __( + "Dear MISP user,\n\nyou have requested a password reset on the MISP instance at %s. Click the link below to change your password.\n\n%s\n\nThe link above is only valid for 10 minutes, feel free to request a new one if it has expired.\n\nIf you haven't requested a password reset, reach out to your admin team and let them know that someone has attempted it in your stead.\n\nMake sure you keep the contents of this e-mail confidential, do NOT ever forward it as it contains a reset token that is equivalent of a password if acted upon. The IP used to trigger the request was: %s\n\nBest regards,\nYour MISP admin team", + $baseurl, + $baseurl . '/users/password_reset/' . $token, + $ip + ); + $bodyNoEnc = __( + "Dear MISP user,\n\nyou have requested a password reset on the MISP instance at %s, however, no valid encryption key was found for your user and thus we cannot deliver your reset token. Please get in touch with your org admin / with an instance site admin to ask for a reset.\n\nThe IP used to trigger the request was: %s\n\nBest regards,\nYour MISP admin team", + $baseurl, + $ip + ); + $this->sendEmail($user, $body, $bodyNoEnc, __('MISP password reset')); + return true; + } + + public function fetchForgottenPasswordUser($token) + { + if (!ctype_alnum($token)) { + return false; + } + $redis = $this->setupRedis(); + $userId = $redis->get('misp:forgot:' . $token); + if (empty($userId)) { + return false; + } + $user = $this->getAuthUser($userId, true); + return $user; + } + + public function purgeForgetToken($token) + { + $redis = $this->setupRedis(); + $userId = $redis->del('misp:forgot:' . $token); + return true; + } } diff --git a/app/Model/Workflow.php b/app/Model/Workflow.php index 8db42d98d..acb10df12 100644 --- a/app/Model/Workflow.php +++ b/app/Model/Workflow.php @@ -13,7 +13,7 @@ class Workflow extends AppModel public $recursive = -1; public $actsAs = [ - 'AuditLog', + // 'AuditLog', 'Containable', 'SysLogLogable.SysLogLogable' => [ 'roleModel' => 'Role', @@ -518,15 +518,14 @@ class Workflow extends AppModel { $this->Log = ClassRegistry::init('Log'); $message = __('Started executing workflow for trigger `%s` (%s)', $triggerModule->id, $workflow['Workflow']['id']); - $this->Log->createLogEntry('SYSTEM', 'execute_workflow', 'Workflow', $workflow['Workflow']['id'], $message); - $this->__logToFile($workflow, $message); + $this->logExecutionIfDebug($workflow, $message); $workflow = $this->__incrementWorkflowExecutionCount($workflow); $walkResult = []; $debugData = ['original' => $data]; $data = $this->__normalizeDataForTrigger($triggerModule, $data); $debugData['normalized'] = $data; $for_path = !empty($triggerModule->blocking) ? GraphWalker::PATH_TYPE_BLOCKING : GraphWalker::PATH_TYPE_NON_BLOCKING; - $this->sendRequestToDebugEndpoint($workflow, [], '/init?type=' . $for_path, $debugData); + $this->sendRequestToDebugEndpointIfDebug($workflow, [], '/init?type=' . $for_path, $debugData); $blockingPathExecutionSuccess = $this->walkGraph($workflow, $startNodeID, $for_path, $data, $blockingErrors, $walkResult); $executionStoppedByStopModule = in_array('stop-execution', Hash::extract($walkResult, 'blocking_nodes.{n}.data.id')); @@ -542,9 +541,8 @@ class Workflow extends AppModel } $message = __('Finished executing workflow for trigger `%s` (%s). Outcome: %s', $triggerModule->id, $workflow['Workflow']['id'], $outcomeText); - $this->Log->createLogEntry('SYSTEM', 'execute_workflow', 'Workflow', $workflow['Workflow']['id'], $message); - $this->__logToFile($workflow, $message); - $this->sendRequestToDebugEndpoint($workflow, [], '/end?outcome=' . $outcomeText, $walkResult); + $this->logExecutionIfDebug($workflow, $message); + $this->sendRequestToDebugEndpointIfDebug($workflow, [], '/end?outcome=' . $outcomeText, $walkResult); return [ 'outcomeText' => $outcomeText, 'walkResult' => $walkResult, @@ -621,16 +619,20 @@ class Workflow extends AppModel 'id' => Configure::read('MISP.host_org_id') ], ]); + $this->User = ClassRegistry::init('User'); if (!empty($hostOrg)) { + $perms = array_keys($this->User->Role->permFlags); + $allPermEnabled = array_map(function($perm) { + return true; + }, array_flip($perms)); $userForWorkflow = [ 'email' => 'SYSTEM', 'id' => 0, 'org_id' => $hostOrg['Organisation']['id'], - 'Role' => ['perm_site_admin' => 1], + 'Role' => $allPermEnabled, 'Organisation' => $hostOrg['Organisation'] ]; } else { - $this->User = ClassRegistry::init('User'); $userForWorkflow = $this->User->find('first', [ 'recursive' => -1, 'conditions' => [ @@ -657,7 +659,7 @@ class Workflow extends AppModel $message = __('Could not execute disabled module `%s`.', $node['data']['id']); $this->logExecutionError($roamingData->getWorkflow(), $message); $errors[] = $message; - $this->sendRequestToDebugEndpoint($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s', $moduleClass->id, 'disabled_module'), $roamingData->getData()); + $this->sendRequestToDebugEndpointIfDebug($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s', $moduleClass->id, 'disabled_module'), $roamingData->getData()); return false; } if (!is_null($moduleClass)) { @@ -667,17 +669,25 @@ class Workflow extends AppModel $message = __('Error while executing module %s. Error: %s', $node['data']['id'], $e->getMessage()); $this->logExecutionError($roamingData->getWorkflow(), $message); $errors[] = $message; - $this->sendRequestToDebugEndpoint($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s&message=%s', $moduleClass->id, 'error', $e->getMessage()), $roamingData->getData()); + $this->sendRequestToDebugEndpointIfDebug($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s&message=%s', $moduleClass->id, 'error', $e->getMessage()), $roamingData->getData()); return false; } } else { $message = sprintf(__('Could not load class for module: %s'), $node['data']['id']); $this->logExecutionError($roamingData->getWorkflow(), $message); $errors[] = $message; - $this->sendRequestToDebugEndpoint($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s', $node['data']['id'], 'loading_error'), $roamingData->getData()); + $this->sendRequestToDebugEndpointIfDebug($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s', $node['data']['id'], 'loading_error'), $roamingData->getData()); return false; } - $this->sendRequestToDebugEndpoint($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s', $moduleClass->id, 'success'), $roamingData->getData()); + $message = __('Executed node `%s`' . PHP_EOL . 'Node `%s` (%s) from Workflow `%s` (%s) executed successfully', + $node['data']['id'], + $node['data']['id'], + $node['id'], + $roamingData->getWorkflow()['Workflow']['name'], + $roamingData->getWorkflow()['Workflow']['id'] + ); + $this->logExecutionIfDebug($roamingData->getWorkflow(), $message); + $this->sendRequestToDebugEndpointIfDebug($roamingData->getWorkflow(), $node, sprintf('/exec/%s?result=%s', $moduleClass->id, 'success'), $roamingData->getData()); return $success; } @@ -989,6 +999,14 @@ class Workflow extends AppModel $this->__logToFile($workflow, $message); } + public function logExecutionIfDebug(array $workflow, $message): void + { + if ($workflow['Workflow']['debug_enabled']) { + $this->Log->createLogEntry('SYSTEM', 'execute_workflow', 'Workflow', $workflow['Workflow']['id'], $message); + $this->__logToFile($workflow, $message); + } + } + /** * __logToFile Log to file * @@ -1022,8 +1040,8 @@ class Workflow extends AppModel $className = explode('/', $filepath); $className = str_replace('.php', '', $className[count($className)-1]); try { - if (!@include_once($filepath)) { - $message = __('Could not load module for path %s. File does not exists.', $filepath); + if (!include_once($filepath)) { + $message = __('Could not load module for path %s. File does not exist.', $filepath); $this->log($message, LOG_ERR); return $message; } @@ -1156,9 +1174,16 @@ class Workflow extends AppModel if (isset($options['contain'])) { $params['contain'] = !empty($options['contain']) ? $options['contain'] : []; } - if (isset($options['order'])) { - $params['order'] = !empty($options['order']) ? $options['order'] : []; + + $params['order'] = []; + if (!empty($options['order'])) { + $options['order'] = $this->findOrder( + $options['order'], + 'Workflow', + ['id', 'name', 'timestmap', 'trigger_id', 'counter'] + ); } + $workflows = $this->find('all', $params); return $workflows; } @@ -1290,6 +1315,83 @@ class Workflow extends AppModel return $data; } + public function getLabelsForConnections($workflow, $trigger_id): array + { + $graphData = !empty($workflow['Workflow']) ? $workflow['Workflow']['data'] : $workflow['data']; + $startNodeID = $this->workflowGraphTool->getNodeIdForTrigger($graphData, $trigger_id); + if ($startNodeID == -1) { + return []; + } + + $connections = []; + + $filterNodes = $this->workflowGraphTool->extractFilterNodesFromWorkflow($graphData, true); + $filterNodeIDToLabel = Hash::combine($filterNodes, '{n}.id', '{n}.data.indexed_params.filtering-label'); + $resetFilterNodes = $this->workflowGraphTool->extractResetFilterFromWorkflow($graphData, true); + $resetFilterNodeIDToLabel = Hash::combine($resetFilterNodes, '{n}.id', '{n}.data.indexed_params.filtering-label'); + $roamingData = $this->workflowGraphTool->getRoamingData(); + $graphWalker = $this->workflowGraphTool->getWalkerIterator($graphData, $this, $startNodeID, GraphWalker::PATH_TYPE_INCLUDE_LOGIC, $roamingData); + foreach ($graphWalker as $graphNode) { + $node = $graphNode['node']; + $nodeID = $node['id']; + $parsedPathList = GraphWalker::parsePathList($graphNode['path_list']); + if (!empty($parsedPathList)) { + $lastNodeInPath = $parsedPathList[count($parsedPathList)-1]; + $previousNodeId = $lastNodeInPath['source_id']; + $connections[$nodeID][$previousNodeId] = []; + } + foreach ($parsedPathList as $pathEntry) { + if (!empty($filterNodeIDToLabel[$pathEntry['source_id']])) { + $connections[$nodeID][$previousNodeId][] = $filterNodeIDToLabel[$pathEntry['source_id']]; + } + if (!empty($resetFilterNodeIDToLabel[$pathEntry['source_id']])) { + if ($resetFilterNodeIDToLabel[$pathEntry['source_id']] == 'all') { + $connections[$nodeID][$previousNodeId] = []; + } else { + $connections[$nodeID][$previousNodeId] = array_values(array_diff($connections[$nodeID][$previousNodeId], [$resetFilterNodeIDToLabel[$pathEntry['source_id']]])); + } + } + } + } + $connections = array_filter($connections, function($connection) { + foreach ($connection as $labels) { + if (!empty($labels)) { + return true; + } + } + return false; + }); + return $connections; + } + + public function attachLabelToConnections($workflow, $trigger_id=null): array + { + $graphData = !empty($workflow['Workflow']) ? $workflow['Workflow']['data'] : $workflow['data']; + if (is_null($trigger_id)) { + $startNode = $this->workflowGraphTool->extractTriggerFromWorkflow($graphData, true); + $trigger_id = $startNode['data']['id']; + } + $labelsByNodes = $this->getLabelsForConnections($workflow, $trigger_id); + foreach ($graphData as $i => $node) { + if ($i == '_frames') { + continue; + } + if (!empty($labelsByNodes[$node['id']])) { + foreach ($node['inputs'] as $inputName => $inputs) { + foreach ($inputs['connections'] as $j => $connection) { + $workflow['Workflow']['data'][$i]['inputs'][$inputName]['connections'][$j]['labels'] = array_map(function($label) { + return [ + 'id' => Inflector::variable($label), + 'name' => $label, + 'variant' => 'info', + ]; + }, $labelsByNodes[$node['id']][$connection['node']]); + } + } + } + } + return $workflow; + } /** * moduleSattelesExecution Executes a module using the provided configuration and returns back the result * @@ -1336,6 +1438,7 @@ class Workflow extends AppModel 'indexed_params' => $indexed_params, 'saved_filters' => $module_config['saved_filters'], 'module_data' => $module_config, + 'expect_misp_core_format' => $module_config['expect_misp_core_format'], ], 'inputs' => [], 'outputs' => [], @@ -1392,12 +1495,16 @@ class Workflow extends AppModel return $saveSuccess; } + public function sendRequestToDebugEndpointIfDebug(array $workflow, array $node, $path='/', array $data=[]) + { + if ($workflow['Workflow']['debug_enabled']) { + $this->sendRequestToDebugEndpoint($workflow, $node, $path, $data); + } + } + public function sendRequestToDebugEndpoint(array $workflow, array $node, $path='/', array $data=[]) { $debug_url = Configure::read('Plugin.Workflow_debug_url'); - if (empty($workflow['Workflow']['debug_enabled'])) { - return; - } App::uses('HttpSocket', 'Network/Http'); $socket = new HttpSocket([ 'timeout' => 5 diff --git a/app/Model/WorkflowModules/Module_misp_module.php b/app/Model/WorkflowModules/Module_misp_module.php index 8d37b0c4c..00c2c02f3 100644 --- a/app/Model/WorkflowModules/Module_misp_module.php +++ b/app/Model/WorkflowModules/Module_misp_module.php @@ -46,7 +46,7 @@ class Module_misp_module extends WorkflowBaseActionModule if (!empty($misp_module_config['meta']['config']['support_filters'])) { $this->support_filters = !empty($misp_module_config['meta']['config']['support_filters']); } - if (!empty($misp_module_config['meta']['config'])) { + if (!empty($misp_module_config['meta']['config']['params'])) { foreach ($misp_module_config['meta']['config']['params'] as $paramName => $moduleParam) { $this->params[] = $this->translateParams($paramName, $moduleParam); } diff --git a/app/Model/WorkflowModules/WorkflowBaseModule.php b/app/Model/WorkflowModules/WorkflowBaseModule.php index c61edc64a..23da2a3ee 100644 --- a/app/Model/WorkflowModules/WorkflowBaseModule.php +++ b/app/Model/WorkflowModules/WorkflowBaseModule.php @@ -23,7 +23,7 @@ class WorkflowBaseModule ]; public $params = []; - private $Event; + private $Workflow; /** @var PubSubTool */ private static $loadedPubSubTool; @@ -32,11 +32,20 @@ class WorkflowBaseModule { } + public function debug(array $node, WorkflowRoamingData $roamingData, array $data=[]): void + { + if (!isset($this->Workflow)) { + $this->Workflow = ClassRegistry::init('Workflow'); + } + $workflow = $roamingData->getWorkflow(); + $path = sprintf('/debug/%s', $node['data']['id'] ?? ''); + $this->Workflow->sendRequestToDebugEndpoint($workflow, $node, $path, $data); + } + protected function mergeNodeConfigIntoParameters($node): array { $fullIndexedParams = []; foreach ($this->params as $param) { - $param['value'] = $nodeParamByID[$param['id']]['value'] ?? null; $param['value'] = $node['data']['indexed_params'][$param['id']] ?? null; $fullIndexedParams[$param['id']] = $param; } @@ -135,7 +144,7 @@ class WorkflowBaseModule return 'The Factory Must Grow'; } - protected function extractData($data, $path) + public function extractData($data, $path) { $extracted = $data; if (!empty($path)) { @@ -211,14 +220,16 @@ class WorkflowBaseModule return false; } - protected function getItemsMatchingCondition($items, $value, $operator, $path) + public function getItemsMatchingCondition($items, $value, $operator, $path) { foreach ($items as $i => $item) { - $subItem = $this->extractData($item, $path, $operator); + $subItem = $this->extractData($item, $path); if (in_array($operator, ['equals', 'not_equals'])) { $subItem = !empty($subItem) ? $subItem[0] : $subItem; } - if (!$this->evaluateCondition($subItem, $operator, $value)) { + if ($operator == 'any_value' && !empty($subItem)) { + continue; + } else if (!$this->evaluateCondition($subItem, $operator, $value)) { unset($items[$i]); } } @@ -297,4 +308,64 @@ class WorkflowBaseLogicModule extends WorkflowBaseModule class WorkflowBaseActionModule extends WorkflowBaseModule { + protected $fastLookupArrayMispFormat = []; + protected $fastLookupArrayFlattened = []; + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + $rData = $roamingData->getData(); + $this->_buildFastLookupForRoamingData($rData); + return true; + } + + protected function _buildFastLookupForRoamingData($rData): void + { + if (!empty($rData['Event']['Attribute'])) { + foreach ($rData['Event']['Attribute'] as $i => $attribute) { + $this->fastLookupArrayMispFormat[$attribute['id']] = $i; + } + } + if (!empty($rData['Event']['Object'])) { + foreach ($rData['Event']['Object'] as $j => $object) { + foreach ($object['Attribute'] as $i => $attribute) { + $this->fastLookupArrayMispFormat[$attribute['id']] = [$j, $i]; + } + } + } + foreach ($rData['Event']['_AttributeFlattened'] as $i => $attribute) { + $this->fastLookupArrayFlattened[$attribute['id']] = $i; + } + } + + protected function _overrideAttribute(array $oldAttribute, array $newAttribute, array $rData): array + { + $attributeID = $oldAttribute['id']; + $rData['Event']['_AttributeFlattened'][$this->fastLookupArrayFlattened[$attributeID]] = $newAttribute; + if (is_array($this->fastLookupArrayMispFormat[$attributeID])) { + $objectID = $this->fastLookupArrayMispFormat[$attributeID][0]; + $attributeID = $this->fastLookupArrayMispFormat[$attributeID][1]; + $rData['Event']['Object'][$objectID]['Attribute'][$attributeID] = $newAttribute; + } else { + $attributeID = $this->fastLookupArrayMispFormat[$attributeID]; + $rData['Event']['Attribute'][$attributeID] = $newAttribute; + } + return $rData; + } } + +class WorkflowFilteringLogicModule extends WorkflowBaseLogicModule +{ + public $blocking = false; + public $inputs = 1; + public $outputs = 2; + + protected function _genFilteringLabels(): array + { + $names = ['A', 'B', 'C', 'D', 'E', 'F']; + $labels = []; + foreach ($names as $name) { + $labels[$name] = __('Label %s', $name); + } + return $labels; + } +} \ No newline at end of file diff --git a/app/Model/WorkflowModules/action/Module_assign_country_from_enrichment.php b/app/Model/WorkflowModules/action/Module_assign_country_from_enrichment.php new file mode 100644 index 000000000..5711f70d6 --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_assign_country_from_enrichment.php @@ -0,0 +1,152 @@ +params = [ + [ + 'id' => 'scope', + 'label' => __('Scope'), + 'type' => 'select', + 'options' => [ + 'event' => __('Event'), + 'attribute' => __('Attributes'), + ], + 'default' => 'event', + ], + [ + 'id' => 'hash_path', + 'label' => 'Country Hash path', + 'type' => 'hashpath', + 'placeholder' => 'enrichment.{n}.{n}.values.0', + 'default' => 'enrichment.{n}.{n}.values.0' + ], + [ + 'id' => 'locality', + 'label' => __('Tag Locality'), + 'type' => 'select', + 'options' => [ + 'local' => __('Local'), + 'global' => __('Global'), + ], + 'default' => 'local', + ], + [ + 'id' => 'galaxy_name', + 'label' => __('Galaxy Name'), + 'type' => 'select', + 'options' => [ + 'country' => 'country', + ], + 'placeholder' => __('Pick a galaxy name'), + ], + [ + 'id' => 'relationship_type', + 'label' => __('Relationship Type'), + 'type' => 'input', + 'display_on' => [ + 'action' => 'add', + ], + ], + ]; + + $this->Galaxy = ClassRegistry::init('Galaxy'); + $this->countryClusters = $this->_fetchCountryGalaxyClusters(); + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + $params = $this->getParamsWithValues($node); + + $rData = $roamingData->getData(); + $user = $roamingData->getUser(); + + $countryExtractionPath = $params['hash_path']['value']; + if ($this->filtersEnabled($node)) { + $filters = $this->getFilters($node); + $extracted = $this->extractData($rData, $filters['selector']); + if ($extracted === false) { + return false; + } + $matchingItems = $this->getItemsMatchingCondition($extracted, $filters['value'], $filters['operator'], $filters['path']); + } else { + $matchingItems = $rData; + } + $matchingAttributes = Hash::extract($matchingItems, 'Event._AttributeFlattened.{n}'); + if ($params['scope']['value'] == 'event') { + if (substr($countryExtractionPath, 0, 4) !== '{n}.') { + $countryExtractionPath = '{n}.' . $countryExtractionPath; + } + } + + $result = false; + if ($params['scope']['value'] == 'event') { + $extractedCountries = array_unique(Hash::extract($matchingAttributes, $countryExtractionPath)); + $guessedCountryTags = $this->guessTagFromPath($extractedCountries); + $options = [ + 'tags' => $guessedCountryTags, + 'local' => ($params['locality']['value'] == 'local' ? true : false), + 'relationship_type' => $params['relationship_type']['value'], + ]; + $result = $this->__addTagsToEvent($matchingItems, $options, $user); + } else { + foreach ($matchingAttributes as $attribute) { + $extractedCountries = Hash::extract($attribute, $countryExtractionPath); + $guessedCountryTags = $this->guessTagFromPath($extractedCountries); + $options = [ + 'tags' => $guessedCountryTags, + 'local' => ($params['locality']['value'] == 'local' ? true : false), + 'relationship_type' => $params['relationship_type']['value'], + ]; + $result = $this->__addTagsToAttributes([$attribute], $options, $user); + } + } + return $result; + } + + protected function _fetchCountryGalaxyClusters(): array + { + $clusters = $this->Galaxy->find('first', [ + 'recursive' => -1, + 'conditions' => [ + 'name' => 'Country', + ], + 'contain' => [ + 'GalaxyCluster' => ['fields' => ['id', 'uuid', 'value', 'tag_name']], + ], + ]); + return $clusters['GalaxyCluster']; + } + + protected function guessTagFromPath($countries) + { + $matchingTags = []; + foreach ($countries as $country) { + foreach ($this->countryClusters as $countryCluster) { + if (strtolower($countryCluster['value']) == strtolower($country)) { + $matchingTags[] = $countryCluster['tag_name']; + } + } + } + return $matchingTags; + } +} diff --git a/app/Model/WorkflowModules/action/Module_attach_enrichment.php b/app/Model/WorkflowModules/action/Module_attach_enrichment.php index b7c6e55b7..cdf05e78d 100644 --- a/app/Model/WorkflowModules/action/Module_attach_enrichment.php +++ b/app/Model/WorkflowModules/action/Module_attach_enrichment.php @@ -5,6 +5,7 @@ class Module_attach_enrichment extends WorkflowBaseActionModule { public $id = 'attach-enrichment'; public $name = 'Attach enrichment'; + public $version = '0.3'; public $description = 'Attach selected enrichment result to Attributes.'; public $icon = 'asterisk'; public $inputs = 1; @@ -14,8 +15,7 @@ class Module_attach_enrichment extends WorkflowBaseActionModule public $params = []; private $Module; - private $fastLookupArrayMispFormat = []; - private $fastLookupArrayFlattened = []; + private $allModulesByName = []; public function __construct() @@ -23,19 +23,30 @@ class Module_attach_enrichment extends WorkflowBaseActionModule parent::__construct(); $this->Module = ClassRegistry::init('Module'); $modules = $this->Module->getModules('Enrichment'); - $moduleOptions = []; if (is_array($modules)) { + $this->allModulesByName = Hash::combine($modules, '{n}.name', '{n}'); + } + $moduleOptions = []; + $pickerOptions = []; + $enrichmentAvailable = false; + if (!empty($modules) && is_array($modules)) { + $enrichmentAvailable = true; $moduleOptions = array_merge([''], Hash::combine($modules, '{n}.name', '{n}.name')); } else { - $moduleOptions[] = $modules; + $pickerOptions = [ + 'placeholder_text_multiple' => __('No enrichment module available'), + ]; } sort($moduleOptions); $this->params = [ [ 'id' => 'modules', 'label' => 'Modules', - 'type' => 'select', + 'type' => 'picker', + 'multiple' => true, + 'disabled' => !$enrichmentAvailable, 'options' => $moduleOptions, + 'picker_options' => $pickerOptions, ], ]; } @@ -47,14 +58,17 @@ class Module_attach_enrichment extends WorkflowBaseActionModule if (empty($params['modules']['value'])) { $errors[] = __('No enrichmnent module selected'); return false; + } else if (is_string($params['modules']['value'])) { + $params['modules']['value'] = [$params['modules']['value']]; } + $selectedModules = array_filter($params['modules']['value'], function($module) { + return $module !== ''; + }); $rData = $roamingData->getData(); $event_id = $rData['Event']['id']; $options = [ 'user' => $roamingData->getUser(), 'event_id' => $event_id, - 'module' => $params['modules']['value'], - 'config' => ['_' => '_'], // avoid casting empty associative array in to empty list ]; $matchingItems = $this->getMatchingItemsForAttributes($node, $rData); @@ -64,10 +78,22 @@ class Module_attach_enrichment extends WorkflowBaseActionModule $this->_buildFastLookupForRoamingData($rData); foreach ($matchingItems as $attribute) { - $moduleData = $options; - $moduleData['attribute'] = $attribute; - $queryResult = $this->_queryModules($moduleData, $attribute, $rData); - $rData = $this->_attachEnrichmentData($attribute, $queryResult, $rData); + foreach ($selectedModules as $selectedModule) { + $moduleConfig = $this->allModulesByName[$selectedModule]; + $moduleData = $options; + $moduleData['config'] = $this->getModuleOptions($moduleConfig); + $moduleData['module'] = $selectedModule; + $moduleData['attribute'] = $attribute; + if (!$this->_checkIfInputSupported($attribute, $moduleConfig)) { // Queried module doesn't support the Attribute's type + continue; + } + if (empty($moduleConfig['mispattributes']['format'])) { // Adapt payload if modules doesn't support the misp-format + $moduleData = $this->_convertPayloadToModuleFormat($moduleData, $moduleConfig); + } + $queryResult = $this->_queryModules($moduleData, $attribute, $rData); + $queryResult = $this->_handleModuleResult($queryResult, $moduleConfig); + $rData = $this->_attachEnrichmentData($attribute, $queryResult, $rData); + } } $roamingData->setData($rData); return true; @@ -82,19 +108,31 @@ class Module_attach_enrichment extends WorkflowBaseActionModule return $result; } - protected function _buildFastLookupForRoamingData($rData): void + protected function _convertPayloadToModuleFormat(array $options, array $moduleConfig): array { - foreach ($rData['Event']['Attribute'] as $i => $attribute) { - $this->fastLookupArrayMispFormat[$attribute['id']] = $i; - } - foreach ($rData['Event']['Object'] as $j => $object) { - foreach ($object['Attribute'] as $i => $attribute) { - $this->fastLookupArrayMispFormat[$attribute['id']] = [$j, $i]; + $attribute = $options['attribute']; + unset($options['attribute']); + foreach ($moduleConfig['mispattributes']['input'] as $supportedAttributeType) { + if ($supportedAttributeType == $attribute['type']) { + $options[$supportedAttributeType] = $attribute['value']; } } - foreach ($rData['Event']['_AttributeFlattened'] as $i => $attribute) { - $this->fastLookupArrayFlattened[$attribute['id']] = $i; + return $options; + } + + protected function _checkIfInputSupported(array $attribute, array $moduleConfig): bool + { + foreach ($moduleConfig['mispattributes']['input'] as $supportedAttributeType) { + if ($supportedAttributeType == $attribute['type']) { + return true; + } } + return false; + } + + protected function _handleModuleResult(array $queryResult, array $moduleConfig): array + { + return $queryResult; } protected function _attachEnrichmentData(array $attribute, array $queryResult, array $rData): array @@ -111,4 +149,16 @@ class Module_attach_enrichment extends WorkflowBaseActionModule } return $rData; } + + protected function getModuleOptions(array $moduleConfig): array + { + $type = 'Enrichment'; + $options = []; + if (isset($moduleConfig['meta']['config'])) { + foreach ($moduleConfig['meta']['config'] as $conf) { + $options[$conf] = Configure::read('Plugin.' . $type . '_' . $moduleConfig['name'] . '_' . $conf); + } + } + return !empty($options) ? $options : ['_' => '_']; // avoid casting empty associative array in to empty list + } } diff --git a/app/Model/WorkflowModules/action/Module_attach_warninglist.php b/app/Model/WorkflowModules/action/Module_attach_warninglist.php new file mode 100644 index 000000000..11e335007 --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_attach_warninglist.php @@ -0,0 +1,84 @@ +Warninglist = ClassRegistry::init('Warninglist'); + $warninglists = $this->Warninglist->getEnabled(); + $this->warninglists = $warninglists; + $moduleOptions = array_merge(['ALL' => __('ALL')], Hash::combine($warninglists, '{n}.Warninglist.name', '{n}.Warninglist.name')); + sort($moduleOptions); + $this->params = [ + [ + 'id' => 'warninglists', + 'label' => __('Warninglists'), + 'type' => 'select', + 'options' => $moduleOptions, + 'default' => 'ALL', + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + parent::exec($node, $roamingData, $errors); + $params = $this->getParamsWithValues($node); + if (empty($params['warninglists']['value'])) { + $errors[] = __('No warninglist module selected'); + return false; + } + $rData = $roamingData->getData(); + + $matchingItems = $this->getMatchingItemsForAttributes($node, $rData); + if ($matchingItems === false) { + return true; + } + + $warninglists = []; + if ($params['warninglists']['value'] == 'ALL') { + $warninglists = $this->warninglists; + } else { + $warninglists = array_filter($this->warninglists, function($wl) use ($params) { + return $wl['Warninglist']['name'] == $params['warninglists']['value']; + }); + } + + $eventWarnings = []; + foreach ($matchingItems as $attribute) { + $attributeWithWarning = $this->Warninglist->checkForWarning($attribute, $warninglists); + if (!empty($attributeWithWarning['warnings'])) { + foreach ($attributeWithWarning['warnings'] as $warning) { + $eventWarnings[$warning['warninglist_id']] = [ + 'id' => $warning['warninglist_id'], + 'name' => $warning['warninglist_name'], + 'category' => $warning['warninglist_category'], + ]; + } + } + $rData = $this->_overrideAttribute($attribute, $attributeWithWarning, $rData); + } + $eventWarnings = array_values($eventWarnings); + $rData['Event']['warnings'] = $eventWarnings; + $roamingData->setData($rData); + return true; + } +} diff --git a/app/Model/WorkflowModules/action/Module_attribute_comment_operation.php b/app/Model/WorkflowModules/action/Module_attribute_comment_operation.php new file mode 100644 index 000000000..2ec0f7ee9 --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_attribute_comment_operation.php @@ -0,0 +1,61 @@ +params = [ + [ + 'id' => 'comment', + 'label' => __('Comment'), + 'type' => 'textarea', + 'placeholder' => 'Comment to be set', + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + parent::exec($node, $roamingData, $errors); + $params = $this->getParamsWithValues($node); + + $rData = $roamingData->getData(); + $user = $roamingData->getUser(); + + $matchingItems = $this->getMatchingItemsForAttributes($node, $rData); + if ($matchingItems === false) { + return true; + } + $result = $this->__saveAttributes($matchingItems, $rData, $params, $user); + $success = $result['success']; + $updatedRData = $result['updated_rData']; + $roamingData->setData($updatedRData); + return $success; + } + + protected function _editAttribute(array $attribute, array $rData, array $params): array + { + $currentRData = $rData; + $currentRData['__currentAttribute'] = $attribute; + $renderedComment = $this->render_jinja_template($params['comment']['value'], $currentRData); + if ($attribute['comment'] !== $params['comment']['value']) { + $attribute['comment'] = $renderedComment; + } + return $attribute; + } +} diff --git a/app/Model/WorkflowModules/action/Module_attribute_edition_operation.php b/app/Model/WorkflowModules/action/Module_attribute_edition_operation.php index c06ded738..7389e0ac5 100644 --- a/app/Model/WorkflowModules/action/Module_attribute_edition_operation.php +++ b/app/Model/WorkflowModules/action/Module_attribute_edition_operation.php @@ -36,15 +36,21 @@ class Module_attribute_edition_operation extends WorkflowBaseActionModule return $attribute; } - protected function __saveAttribute(array $attributes, array $rData, array $params, array $user): bool + protected function __saveAttributes(array $attributes, array $rData, array $params, array $user): array { $success = false; foreach ($attributes as $attribute) { - $attribute = $this->_editAttribute($attribute, $rData, $params); - unset($attribute['timestamp']); - $saveSuccess = $this->Attribute->editAttribute($attribute, $rData, $user, $attribute['object_id']); + $newAttribute = $this->_editAttribute($attribute, $rData, $params); + unset($newAttribute['timestamp']); + $saveSuccess = $this->Attribute->editAttribute($newAttribute, $rData, $user, $newAttribute['object_id']); + if ($saveSuccess) { + $rData = $this->_overrideAttribute($attribute, $newAttribute, $rData); + } $success = $success || !empty($saveSuccess); } - return $success; + return [ + 'success' => $success, + 'updated_rData' => $rData, + ]; } } diff --git a/app/Model/WorkflowModules/action/Module_attribute_ids_flag_operation.php b/app/Model/WorkflowModules/action/Module_attribute_ids_flag_operation.php index e25f31051..640f927fa 100644 --- a/app/Model/WorkflowModules/action/Module_attribute_ids_flag_operation.php +++ b/app/Model/WorkflowModules/action/Module_attribute_ids_flag_operation.php @@ -1,5 +1,5 @@ __saveAttribute($matchingItems, $rData, $params, $user); - return $result; + $result = $this->__saveAttributes($matchingItems, $rData, $params, $user); + $success = $result['success']; + $updatedRData = $result['updated_rData']; + $roamingData->setData($updatedRData); + return $success; } protected function _editAttribute(array $attribute, array $rData, array $params): array diff --git a/app/Model/WorkflowModules/action/Module_enrich_event.php b/app/Model/WorkflowModules/action/Module_enrich_event.php index 55c2034f3..e5b277462 100644 --- a/app/Model/WorkflowModules/action/Module_enrich_event.php +++ b/app/Model/WorkflowModules/action/Module_enrich_event.php @@ -5,6 +5,7 @@ class Module_enrich_event extends WorkflowBaseActionModule { public $id = 'enrich-event'; public $name = 'Enrich Event'; + public $version = '0.2'; public $description = 'Enrich all Attributes contained in the Event with the provided module.'; public $icon = 'asterisk'; public $inputs = 1; @@ -59,7 +60,9 @@ class Module_enrich_event extends WorkflowBaseActionModule return false; } $matchingItems = $this->getItemsMatchingCondition($extracted, $filters['value'], $filters['operator'], $filters['path']); - if (!empty($matchingItems)) { + if ($this->filtersEnabled($node) && empty($matchingItems)) { + return true; // Filters are enabled and no matching items was found + } else if (!empty($matchingItems)) { $extractedUUIDs = $this->extractData($matchingItems, '{n}.uuid'); if ($extractedUUIDs === false) { return false; diff --git a/app/Model/WorkflowModules/action/Module_ms_teams_webhook.php b/app/Model/WorkflowModules/action/Module_ms_teams_webhook.php index d49f08824..4960f094a 100644 --- a/app/Model/WorkflowModules/action/Module_ms_teams_webhook.php +++ b/app/Model/WorkflowModules/action/Module_ms_teams_webhook.php @@ -5,6 +5,7 @@ class Module_ms_teams_webhook extends Module_webhook { public $id = 'ms-teams-webhook'; public $name = 'MS Teams Webhook'; + public $version = '0.4'; public $description = 'Perform callbacks to the MS Teams webhook provided by the "Incoming Webhook" connector'; public $icon_path = 'MS_Teams.png'; @@ -30,16 +31,16 @@ class Module_ms_teams_webhook extends Module_webhook [ 'id' => 'data_extraction_path', 'label' => 'Data extraction path', - 'type' => 'input', + 'type' => 'hashpath', 'default' => '', 'placeholder' => 'Attribute.{n}.AttributeTag.{n}.Tag.name', ], ]; } - protected function doRequest($url, $contentType, $data) + protected function doRequest($url, $contentType, $data, $headers = [], $serverConfig = null) { - $data = '{"text":"' . implode($data) . '"}'; + $data = ['text' => JsonTool::encode($data)]; return parent::doRequest($url, $contentType, $data); } } diff --git a/app/Model/WorkflowModules/action/Module_push_zmq.php b/app/Model/WorkflowModules/action/Module_push_zmq.php index e6ea39ba6..ddab32965 100644 --- a/app/Model/WorkflowModules/action/Module_push_zmq.php +++ b/app/Model/WorkflowModules/action/Module_push_zmq.php @@ -6,6 +6,7 @@ class Module_push_zmq extends WorkflowBaseActionModule public $blocking = false; public $id = 'push-zmq'; public $name = 'Push to ZMQ'; + public $version = '0.2'; public $description = 'Push to the ZMQ channel'; public $icon_path = 'zeromq.png'; public $inputs = 1; @@ -19,7 +20,7 @@ class Module_push_zmq extends WorkflowBaseActionModule [ 'id' => 'data_extraction_path', 'label' => 'Data extraction path', - 'type' => 'input', + 'type' => 'hashpath', 'default' => '', 'placeholder' => 'Attribute.{n}.AttributeTag.{n}.Tag.name', ], @@ -30,14 +31,14 @@ class Module_push_zmq extends WorkflowBaseActionModule { parent::exec($node, $roamingData, $errors); $params = $this->getParamsWithValues($node); - $path = $params['match_condition']['value']; + $path = $params['data_extraction_path']['value']; $data = $roamingData->getData(); $extracted = $this->extractData($data, $path); if ($extracted === false) { $errors[] = __('Error while trying to extract data with path `%s`', $path); return false; } - $this->push_zmq(JsonTool::encode($extracted)); + $this->push_zmq($extracted); return true; } } diff --git a/app/Model/WorkflowModules/action/Module_send_log_mail.php b/app/Model/WorkflowModules/action/Module_send_log_mail.php new file mode 100644 index 000000000..0172decb7 --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_send_log_mail.php @@ -0,0 +1,48 @@ +all_users, 'User'), 'email')); + return $rcpts; + } + + protected function conditionsFromRData(&$conditions, &$params, $rData) + { + // transform 'Org admins' to a search condition + if (in_array('Org admins', $params['recipients']['value'])) { + $params['recipients']['value'] = array_diff($params['recipients']['value'], ['Org admins']); + $org_id = $this->User->find('first', [ + 'conditions' => ['User.id' => $rData['Log']['user_id']], + 'recursive' => -1, + 'fields' => [ 'org_id'] + ]); + if (empty($org_id)) return; // when user_id=0 or other cases we need to have a fail open to not break all email + $admin_roles = $this->User->Role->find('all', [ + 'conditions' => ['Role.perm_admin' => '1'], + 'fields' => 'Role.id']); + $conditions['OR'][]['AND'] = [ + 'User.role_id' => Hash::extract($admin_roles, '{n}.Role.id'), + 'User.org_id' => Hash::extract($org_id, 'User.org_id') + ]; + } + // no need to return as variables are passed as reference + } + + +} diff --git a/app/Model/WorkflowModules/action/Module_send_mail.php b/app/Model/WorkflowModules/action/Module_send_mail.php index 4fc8c8fee..53a03df7d 100644 --- a/app/Model/WorkflowModules/action/Module_send_mail.php +++ b/app/Model/WorkflowModules/action/Module_send_mail.php @@ -5,15 +5,15 @@ class Module_send_mail extends WorkflowBaseActionModule { public $id = 'send-mail'; public $name = 'Send Mail'; - public $description = 'Allow to send a Mail to a list or recipients'; + public $description = 'Allow to send a Mail to a list or recipients. Requires functional misp-modules to be functional.'; public $icon = 'envelope'; public $inputs = 1; public $outputs = 1; public $support_filters = false; public $params = []; - private $User; - private $all_users; + protected $User; + protected $all_users; public function __construct() { @@ -24,7 +24,7 @@ class Module_send_mail extends WorkflowBaseActionModule 'conditions' => [], 'recursive' => -1, ]); - $users = array_merge(['All accounts'], array_column(array_column($this->all_users, 'User'), 'email')); + $users = $this->getRecipientsList(); $this->params = [ [ 'id' => 'recipients', @@ -32,7 +32,7 @@ class Module_send_mail extends WorkflowBaseActionModule 'type' => 'picker', 'multiple' => true, 'options' => $users, - 'default' => ['All accounts'], + 'default' => ['All admins'], ], [ 'id' => 'mail_template_subject', @@ -49,6 +49,14 @@ class Module_send_mail extends WorkflowBaseActionModule ]; } + protected function getRecipientsList() : array + { + return array_merge( + ['All accounts'], + ['All admins'], + array_column(array_column($this->all_users, 'User'), 'email')); + } + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool { parent::exec($node, $roamingData, $errors); @@ -70,11 +78,26 @@ class Module_send_mail extends WorkflowBaseActionModule if (in_array('All accounts', $params['recipients']['value'])) { $users = $this->all_users; } else { + $conditions = []; + // transform 'All admins' to a search condition + if (in_array('All admins', $params['recipients']['value'])) { + $params['recipients']['value'] = array_diff($params['recipients']['value'], ['All admins']); + $admin_roles = $this->User->Role->find('all', [ + 'conditions' => ['Role.perm_site_admin' => '1'], + 'fields' => 'Role.id']); + $conditions['OR']['User.role_id'] = Hash::extract($admin_roles, '{n}.Role.id'); + } + // call any subclass function using the data + $this->conditionsFromRData($conditions, $params, $rData); // variables are passed as reference + // last but not least, add the remaining items from the list + if (!empty($params['recipients']['value'])) + $conditions['OR']['User.email'] = $params['recipients']['value']; + if (empty($conditions)) { + return false; + } $users = $this->User->find('all', [ - 'conditions' => [ - 'User.email' => $params['recipients']['value'] - ], - 'recursive' => -1, + 'conditions' => $conditions, + 'recursive' => 0, ]); } @@ -84,6 +107,10 @@ class Module_send_mail extends WorkflowBaseActionModule return true; } + protected function conditionsFromRData(&$conditions, &$params, $rData) + { + } + protected function sendMail(array $user, string $content, string $subject): void { $res = $this->User->sendEmail($user, $content, false, $subject); diff --git a/app/Model/WorkflowModules/action/Module_splunk_hec_export.php b/app/Model/WorkflowModules/action/Module_splunk_hec_export.php new file mode 100644 index 000000000..6fd3e65eb --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_splunk_hec_export.php @@ -0,0 +1,167 @@ +params = [ + [ + 'id' => 'url', + 'label' => __('HEC URL'), + 'type' => 'input', + 'placeholder' => 'https://splunk:8088/services/collector/event', + ], + [ + 'id' => 'verify_tls', + 'label' => __('Verify HTTPS Certificate'), + 'type' => 'select', + 'options' => [ + '1' => __('True'), + '0' => __('False'), + ], + 'default' => 1, + ], + [ + 'id' => 'hec_token', + 'label' => __('HEC Token'), + 'type' => 'select', + 'type' => 'input', + 'placeholder' => '00000000-0000-0000-000000000000' + ], + [ + 'id' => 'source_type', + 'label' => __('Source Type'), + 'type' => 'select', + 'type' => 'input', + 'default' => '', + 'placeholder' => 'misp:event' + ], + [ + 'id' => 'event_per_attribute', + 'label' => __('Create one Splunk Event per Attribute'), + 'type' => 'select', + 'options' => [ + '1' => __('True'), + '0' => __('False'), + ], + 'default' => 0, + ], + [ + 'id' => 'data_extraction_model', + 'label' => __('Data extraction model (JSON)'), + 'type' => 'textarea', + 'default' => '', + 'placeholder' => '{ "EventInfo": "Event.info", "AttributeValue": "Event.Attribute.{n}.value"}', + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + if (empty(Configure::read('Security.rest_client_enable_arbitrary_urls'))) { + $errors[] = __('`Security.rest_client_enable_arbitrary_urls` is turned off'); + return false; + } + $params = $this->getParamsWithValues($node); + if (empty($params['url']['value'])) { + $errors[] = __('URL not provided.'); + return false; + } + if (empty($params['hec_token']['value'])) { + $errors[] = __('Authorization token not provided.'); + return false; + } + + $rData = $roamingData->getData(); + $event_without_attributes = $rData['Event']; + unset($event_without_attributes['Attribute']); + unset($event_without_attributes['_AttributeFlattened']); + + $splunk_events = []; + if (!empty($params['event_per_attribute']['value'])) { + foreach ($rData['Event']['Attribute'] as $attribute) { + $splunk_events[] = [ + 'Attribute' => $attribute, + 'Event' => $event_without_attributes + ]; + } + } else { + $splunk_events[] = $rData; + } + + if (!empty($params['data_extraction_model']['value'])) { + $data_extraction_model = JsonTool::decode($params['data_extraction_model']['value']); + $extracted_events = []; + foreach ($splunk_events as $splunk_event) { + $event = []; + foreach ($data_extraction_model as $field => $path) { + $field_data = $this->extractData($splunk_event, $path); + $event[$field] = count($field_data) == 1 ? $field_data[0] : $field_data; // unpack if only one element + } + $extracted_events[] = $event; + } + $splunk_events = $extracted_events; + } + + return $this->sendToSplunk($splunk_events, $params['hec_token']['value'], $params['url']['value'], $params['source_type']['value']); + } + + protected function sendToSplunk(array $splunk_events, $token, $url, $source_type): bool + { + foreach ($splunk_events as $splunk_event) { + try { + $headers = [ + 'Authorization' => "Splunk {$token}", + ]; + $serverConfig = [ + 'Server' => ['self_signed' => empty($params['verify_tls']['value'])] + ]; + + $hec_event = [ + 'event' => $splunk_event + ]; + if (!empty($source_type)) { + $hec_event['sourcetype'] = $source_type; + } + + $response = $this->doRequest( + $url, + 'json', + $hec_event, + $headers, + $serverConfig + ); + if (!$response->isOk()) { + if ($response->code === 403 || $response->code === 401) { + $errors[] = __('Authentication failed.'); + return false; + } + $errors[] = __('Something went wrong with the request or the remote side is having issues. Body returned: %s', $response->body); + return false; + } + } catch (SocketException $e) { + $errors[] = __('Something went wrong while sending the request. Error returned: %s', $e->getMessage()); + return false; + } catch (Exception $e) { + $errors[] = __('Something went wrong. Error returned: %s', $e->getMessage()); + return false; + } + } + return true; + } +} diff --git a/app/Model/WorkflowModules/action/Module_tag_operation.php b/app/Model/WorkflowModules/action/Module_tag_operation.php index 76add7559..76830ee2d 100644 --- a/app/Model/WorkflowModules/action/Module_tag_operation.php +++ b/app/Model/WorkflowModules/action/Module_tag_operation.php @@ -130,7 +130,7 @@ class Module_tag_operation extends WorkflowBaseActionModule return $result; } - private function __addTagsToAttributes(array $attributes, array $options, array $user): bool + protected function __addTagsToAttributes(array $attributes, array $options, array $user): bool { $success = false; foreach ($attributes as $attribute) { @@ -140,7 +140,7 @@ class Module_tag_operation extends WorkflowBaseActionModule return $success; } - private function __removeTagsFromAttributes(array $attributes, array $options): bool + protected function __removeTagsFromAttributes(array $attributes, array $options): bool { $success = false; foreach ($attributes as $attribute) { @@ -150,12 +150,12 @@ class Module_tag_operation extends WorkflowBaseActionModule return $success; } - private function __addTagsToEvent(array $event, array $options, array $user): bool + protected function __addTagsToEvent(array $event, array $options, array $user): bool { return !empty($this->Event->attachTagsToEventAndTouch($event['Event']['id'], $options, $user)); } - private function __removeTagsFromEvent(array $event, array $options): bool + protected function __removeTagsFromEvent(array $event, array $options): bool { return !empty($this->Event->detachTagsFromEventAndTouch($event['Event']['id'], $options)); } diff --git a/app/Model/WorkflowModules/action/Module_tag_replacement_generic.php b/app/Model/WorkflowModules/action/Module_tag_replacement_generic.php new file mode 100644 index 000000000..b4508097a --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_tag_replacement_generic.php @@ -0,0 +1,184 @@ +params = [ + [ + 'id' => 'scope', + 'label' => __('Scope'), + 'type' => 'select', + 'options' => [ + 'event' => __('Event'), + 'attribute' => __('Attributes'), + 'all' => __('All'), + ], + 'default' => 'event', + ], + [ + 'id' => 'remove_substituted', + 'label' => 'Removed substituted tag', + 'type' => 'select', + 'default' => '1', + 'options' => [ + 'no' => __('No'), + 'yes' => __('Yes'), + ], + ], + [ + 'id' => 'locality', + 'label' => __('Tag Locality'), + 'type' => 'select', + 'options' => [ + 'local' => __('Local'), + 'global' => __('Global'), + ], + 'default' => 'local', + ], + [ + 'id' => 'relationship_type', + 'label' => __('Relationship Type'), + 'type' => 'input', + 'display_on' => [ + 'action' => 'add', + ], + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + $params = $this->getParamsWithValues($node); + + $rData = $roamingData->getData(); + $user = $roamingData->getUser(); + + if ($this->filtersEnabled($node)) { + $filters = $this->getFilters($node); + $extracted = $this->extractData($rData, $filters['selector']); + if ($extracted === false) { + return false; + } + $matchingItems = $this->getItemsMatchingCondition($extracted, $filters['value'], $filters['operator'], $filters['path']); + } else { + $matchingItems = $rData; + } + + $matchingEvent = $matchingItems; + $matchingAttributes = []; + if ($params['scope']['value'] == 'attribute' || $params['scope']['value'] == 'all') { + $matchingAttributes = Hash::extract($matchingItems, 'Event._AttributeFlattened.{n}'); + } + + if (empty($matchingItems)) { + return true; + } + + $result = false; + $optionsRemove = [ + 'local' => [0, 1], + ]; + $optionsAdd = [ + 'local' => $params['locality']['value'] == 'local' ? true : false, + 'relationship_type' => $params['relationship_type']['value'], + ]; + if ($params['scope']['value'] == 'event' || $params['scope']['value'] == 'all') { + $result = $this->replaceOnEvent($matchingEvent, $params, $user, $optionsRemove, $optionsAdd); + } + if ($params['scope']['value'] == 'attribute' || $params['scope']['value'] == 'all') { + $result = $this->replaceOnAttribute($matchingAttributes, $params, $user, $optionsRemove, $optionsAdd); + } + return $result; + } + + + protected function replaceOnEvent(array $matchingItems, array $params, array $user, array $optionsRemove, array $optionsAdd): bool + { + $result = true; + $extractedTags = Hash::extract($matchingItems['Event']['Tag'], '{n}.name'); + $options = $this->getReplacementOptions($extractedTags); + $optionsRemove['tags'] = $options['remove']; + $optionsAdd['tags'] = $options['add']; + if ($params['remove_substituted']['value'] == 'yes' && !empty($optionsRemove['tags'])) { + $result = $this->__removeTagsFromEvent($matchingItems, $optionsRemove); + } + if (!empty($optionsAdd['tags'])) { + $result = $this->__addTagsToEvent($matchingItems, $optionsAdd, $user); + } + return $result; + } + + protected function replaceOnAttribute(array $matchingItems, array $params, array $user, array $optionsRemove, array $optionsAdd): bool + { + $result = true; + foreach ($matchingItems as $attribute) { + $extractedTags = Hash::extract($attribute['Tag'], '{n}.name'); + $options = $this->getReplacementOptions($extractedTags); + $optionsRemove['tags'] = $options['remove']; + $optionsAdd['tags'] = $options['add']; + if ($params['remove_substituted']['value'] == 'yes' && !empty($optionsRemove['tags'])) { + $result = $this->__removeTagsFromAttributes([$attribute], $optionsRemove); + } + if (!empty($optionsAdd['tags'])) { + $result = $this->__addTagsToAttributes([$attribute], $optionsAdd, $user); + } + } + return $result; + } + + protected function isAMatch($matches): bool + { + return !empty($matches); + } + + protected function searchAndReplaceTag(array $tags): array + { + $toReturn = []; + foreach ($tags as $tag) { + $matches = []; + preg_match($this->searchRegex, $tag, $matches); + if ($this->isAMatch($matches)) { + $toReturn[] = [ + 'matched' => $tag, + 'substitution' => $this->formatSubstitution($matches), + ]; + } + } + return $toReturn; + } + + protected function getReplacementOptions(array $extractedTags) + { + $substitutionResult = $this->searchAndReplaceTag($extractedTags); + $tagsToRemove = Hash::extract($substitutionResult, '{n}.matched'); + $tagsToAdd = Hash::extract($substitutionResult, '{n}.substitution'); + return [ + 'remove' => $tagsToRemove, + 'add' => $tagsToAdd, + ]; + } + + protected function formatSubstitution($matches) + { + return CakeText::insert($this->substitutionTemplate, $matches, ['before' => '{{', 'after' => '}}']); + } +} diff --git a/app/Model/WorkflowModules/action/Module_tag_replacement_pap.php b/app/Model/WorkflowModules/action/Module_tag_replacement_pap.php new file mode 100644 index 000000000..f67b00b5e --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_tag_replacement_pap.php @@ -0,0 +1,36 @@ +white|clear|green|amber|red)"?/i'; + + + protected function isAMatch($matches): bool + { + $namespace = 'pap'; + $predicates = ['white', 'clear', 'green', 'amber', 'red']; + if (empty($matches)) { + return false; + } + return strtolower($matches[1]) == $namespace && in_array(strtolower($matches['predicate']), $predicates); + } + + protected function formatSubstitution($matches) + { + return sprintf('PAP:%s', strtoupper($matches['predicate'])); + } + +} diff --git a/app/Model/WorkflowModules/action/Module_tag_replacement_tlp.php b/app/Model/WorkflowModules/action/Module_tag_replacement_tlp.php new file mode 100644 index 000000000..ad3d19183 --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_tag_replacement_tlp.php @@ -0,0 +1,36 @@ +white|clear|green|amber|amber\+strict|red)"?/i'; + + + protected function isAMatch($matches): bool + { + $namespace = 'tlp'; + $predicates = ['white', 'clear', 'green', 'amber', 'amber+strict', 'red']; + if (empty($matches)) { + return false; + } + return strtolower($matches[1]) == $namespace && in_array(strtolower($matches['predicate']), $predicates); + } + + protected function formatSubstitution($matches) + { + return sprintf('tlp:%s', strtolower($matches['predicate'])); + } + +} diff --git a/app/Model/WorkflowModules/action/Module_telegram_send_alert.php b/app/Model/WorkflowModules/action/Module_telegram_send_alert.php new file mode 100644 index 000000000..241934c73 --- /dev/null +++ b/app/Model/WorkflowModules/action/Module_telegram_send_alert.php @@ -0,0 +1,74 @@ +params = [ + [ + 'id' => 'bot_token', + 'label' => 'Telegram Bot Token', + 'type' => 'input', + 'placeholder' => 'bot123:ABC', + ], + [ + 'id' => 'chat_id', + 'label' => 'Telegram Chat id', + 'type' => 'input', + 'placeholder' => '123', + ], + [ + 'id' => 'message_body_template', + 'label' => 'Message Body Template', + 'type' => 'textarea', + 'placeholder' => __('Template redendered using Jinja2'), + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors = []): bool + { + $params = $this->getParamsWithValues($node); + $rData = $roamingData->getData(); + + $bot_token = $params['bot_token']['value']; + $chat_id = $params['chat_id']['value']; + $message_body = $this->render_jinja_template($params['message_body_template']['value'], $rData); + + $data = [ + 'chat_id' => $chat_id, + 'text' => $message_body, + 'parse_mode' => "HTML", + ]; + + $url = $this->telegram_url . $bot_token . "/sendMessage"; + + $response = $this->doRequest( + $url, + 'json', + $data + ); + + if (!$response->isOk()) { + if ($response->code === 401) { + $errors[] = __('Authentication failed'); + return false; + } + $errors[] = __('Something went wrong with the request: %s', $response->body); + return false; + } + + return true; + } + +} diff --git a/app/Model/WorkflowModules/action/Module_webhook.php b/app/Model/WorkflowModules/action/Module_webhook.php index 51626983b..9baf9500e 100644 --- a/app/Model/WorkflowModules/action/Module_webhook.php +++ b/app/Model/WorkflowModules/action/Module_webhook.php @@ -8,7 +8,7 @@ class Module_webhook extends WorkflowBaseActionModule { public $id = 'webhook'; public $name = 'Webhook'; - public $version = '0.2'; + public $version = '0.4'; public $description = 'Allow to perform custom callbacks to the provided URL'; public $icon_path = 'webhook.png'; public $inputs = 1; @@ -42,7 +42,7 @@ class Module_webhook extends WorkflowBaseActionModule [ 'id' => 'data_extraction_path', 'label' => __('Data extraction path'), - 'type' => 'input', + 'type' => 'hashpath', 'default' => '', 'placeholder' => 'Attribute.{n}.AttributeTag.{n}.Tag.name', ], @@ -106,21 +106,22 @@ class Module_webhook extends WorkflowBaseActionModule return false; } - protected function doRequest($url, $contentType, $data) + protected function doRequest($url, $contentType, $data, $headers = [], $serverConfig = null) { $this->Event = ClassRegistry::init('Event'); // We just need a model to use AppModel functions $version = implode('.', $this->Event->checkMISPVersion()); $commit = $this->Event->checkMIPSCommit(); $request = [ - 'header' => [ + 'header' => array_merge([ 'Accept' => 'application/json', 'Content-Type' => 'application/json', 'User-Agent' => 'MISP ' . $version . (empty($commit) ? '' : ' - #' . $commit), - ] + ], $headers) ]; $syncTool = new SyncTool(); - $HttpSocket = $syncTool->setupHttpSocket(null, $this->timeout); + $serverConfig = !empty($serverConfig['Server']) ? $serverConfig : ['Server' => $serverConfig]; + $HttpSocket = $syncTool->setupHttpSocket($serverConfig, $this->timeout); if ($contentType == 'form') { $request['header']['Content-Type'] = 'application/x-www-form-urlencoded'; $response = $HttpSocket->post($url, $data, $request); diff --git a/app/Model/WorkflowModules/logic/Module_generic_filter_data.php b/app/Model/WorkflowModules/logic/Module_generic_filter_data.php new file mode 100644 index 000000000..581a029b9 --- /dev/null +++ b/app/Model/WorkflowModules/logic/Module_generic_filter_data.php @@ -0,0 +1,103 @@ + 'In', + 'not_in' => 'Not in', + 'equals' => 'Equals', + 'not_equals' => 'Not equals', + 'any_value' => 'Any value', + 'in_or' => 'Any value from', + ]; + + public function __construct() + { + parent::__construct(); + $this->params = [ + [ + 'id' => 'filtering-label', + 'label' => __('Filtering Label'), + 'type' => 'select', + 'options' => $this->_genFilteringLabels(), + 'default' => array_keys($this->_genFilteringLabels())[0], + ], + [ + 'id' => 'selector', + 'label' => __('Data selector'), + 'type' => 'input', + 'placeholder' => 'Event._AttributeFlattened.{n}', + ], + [ + 'id' => 'value', + 'label' => __('Value'), + 'type' => 'input', + 'placeholder' => 'tlp:red', + 'display_on' => [ + 'operator' => ['in', 'not_in', 'equals', 'not_equals',], + ], + ], + [ + 'id' => 'value_list', + 'label' => __('Value list'), + 'type' => 'picker', + 'picker_create_new' => true, + 'placeholder' => '[\'ip-src\', \'ip-dst\']', + 'display_on' => [ + 'operator' => 'in_or', + ], + ], + [ + 'id' => 'operator', + 'label' => __('Operator'), + 'type' => 'select', + 'default' => 'in', + 'options' => $this->operators, + ], + [ + 'id' => 'hash_path', + 'label' => __('Hash path'), + 'type' => 'hashpath', + 'placeholder' => 'Tag.name', + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors=[]): bool + { + parent::exec($node, $roamingData, $errors); + $params = $this->getParamsWithValues($node); + $selector = $params['selector']['value']; + $path = $params['hash_path']['value']; + $operator = $params['operator']['value']; + $value = $params['value']['value']; + $value_list = $params['value_list']['value']; + $valueToEvaluate = $operator == 'in_or' ? $value_list : $value; + $filteringLabel = $params['filtering-label']['value']; + $rData = $roamingData->getData(); + + $newRData = $rData; + if (empty($newRData['_unfilteredData'])) { + $newRData['_unfilteredData'] = $rData; + } + $newRData['enabledFilters'][$filteringLabel] = [ + 'selector' => $selector, + 'path' => $path, + 'operator' => $operator, + 'value' => $valueToEvaluate, + ]; + + $roamingData->setData($newRData); + return true; + } +} diff --git a/app/Model/WorkflowModules/logic/Module_generic_filter_reset.php b/app/Model/WorkflowModules/logic/Module_generic_filter_reset.php new file mode 100644 index 000000000..decf2fd16 --- /dev/null +++ b/app/Model/WorkflowModules/logic/Module_generic_filter_reset.php @@ -0,0 +1,44 @@ +params = [ + [ + 'id' => 'filtering-label', + 'label' => __('Filtering Label to remove'), + 'type' => 'select', + 'default' => 'all', + 'options' => ['all' => __('All filters')] + $this->_genFilteringLabels(), + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors=[]): bool + { + parent::exec($node, $roamingData, $errors); + $params = $this->getParamsWithValues($node); + $filteringLabel = $params['filtering-label']['value']; + $rData = $roamingData->getData(); + + $newRData = $rData['_unfilteredData']; + if (in_array($filteringLabel, array_keys($this->_genFilteringLabels()))) { + unset($newRData['enabledFilters'][$filteringLabel]); + } else if ($filteringLabel === 'all') { + $newRData['enabledFilters'] = []; + } + $roamingData->setData($newRData); + return true; + } +} diff --git a/app/Model/WorkflowModules/logic/Module_generic_if.php b/app/Model/WorkflowModules/logic/Module_generic_if.php index 244efef53..4aafb778c 100644 --- a/app/Model/WorkflowModules/logic/Module_generic_if.php +++ b/app/Model/WorkflowModules/logic/Module_generic_if.php @@ -5,6 +5,7 @@ class Module_generic_if extends WorkflowBaseLogicModule { public $id = 'generic-if'; public $name = 'IF :: Generic'; + public $version = '0.2'; public $description = 'Generic IF / ELSE condition block. The `then` output will be used if the encoded conditions is satisfied, otherwise the `else` output will be used.'; public $icon = 'code-branch'; public $inputs = 1; @@ -17,6 +18,8 @@ class Module_generic_if extends WorkflowBaseLogicModule 'not_in' => 'Not in', 'equals' => 'Equals', 'not_equals' => 'Not equals', + 'any_value' => 'Any value', + 'in_or' => 'Any value from', ]; public function __construct() @@ -28,6 +31,19 @@ class Module_generic_if extends WorkflowBaseLogicModule 'label' => 'Value', 'type' => 'input', 'placeholder' => 'tlp:red', + 'display_on' => [ + 'operator' => ['in', 'not_in', 'equals', 'not_equals',], + ], + ], + [ + 'id' => 'value_list', + 'label' => __('Value list'), + 'type' => 'picker', + 'picker_create_new' => true, + 'placeholder' => '[\'ip-src\', \'ip-dst\']', + 'display_on' => [ + 'operator' => 'in_or', + ], ], [ 'id' => 'operator', @@ -39,7 +55,7 @@ class Module_generic_if extends WorkflowBaseLogicModule [ 'id' => 'hash_path', 'label' => 'Hash path', - 'type' => 'input', + 'type' => 'hashpath', 'placeholder' => 'Attribute.{n}.Tag', ], ]; @@ -52,6 +68,8 @@ class Module_generic_if extends WorkflowBaseLogicModule $path = $params['hash_path']['value']; $operator = $params['operator']['value']; $value = $params['value']['value']; + $value_list = $params['value_list']['value']; + $valueToEvaluate = $operator == 'in_or' ? $value_list : $value; $data = $roamingData->getData(); $extracted = []; if ($operator == 'equals' || $operator == 'not_equals') { @@ -59,7 +77,10 @@ class Module_generic_if extends WorkflowBaseLogicModule } else { $extracted = Hash::extract($data, $path); } - $eval = $this->evaluateCondition($extracted, $operator, $value); + if ($operator == 'any_value' && !empty($extracted)) { + return true; + } + $eval = $this->evaluateCondition($extracted, $operator, $valueToEvaluate); return !empty($eval); } } diff --git a/app/Model/WorkflowModules/logic/Module_tag_if.php b/app/Model/WorkflowModules/logic/Module_tag_if.php index f877419b4..b379d26de 100644 --- a/app/Model/WorkflowModules/logic/Module_tag_if.php +++ b/app/Model/WorkflowModules/logic/Module_tag_if.php @@ -5,6 +5,7 @@ class Module_tag_if extends WorkflowBaseLogicModule { public $id = 'tag-if'; public $name = 'IF :: Tag'; + public $version = '0.4'; public $description = 'Tag IF / ELSE condition block. The `then` output will be used if the encoded conditions is satisfied, otherwise the `else` output will be used.'; public $icon = 'code-branch'; public $inputs = 1; @@ -21,20 +22,34 @@ class Module_tag_if extends WorkflowBaseLogicModule 'not_in_and' => 'Is not tagged with all (AND)', ]; + private function getDisplayTag($fullTag) + { + return substr($fullTag, 12); + } + public function __construct() { parent::__construct(); $conditions = [ - 'Tag.is_galaxy' => 0, + 'Tag.is_galaxy' => [0, 1], ]; $this->Tag = ClassRegistry::init('Tag'); - $tags = $this->Tag->find('all', [ + $allTags = $this->Tag->find('all', [ 'conditions' => $conditions, 'recursive' => -1, 'order' => ['name asc'], - 'fields' => ['Tag.id', 'Tag.name'] + 'fields' => ['Tag.id', 'Tag.name', 'Tag.is_galaxy'] ]); - $tags = array_column(array_column($tags, 'Tag'), 'name'); + $tags = []; + $clusters = []; + foreach ($allTags as $tag) { + if ($tag['Tag']['is_galaxy']) { + $readableTagName = $this->getDisplayTag($tag['Tag']['name']); + $clusters[] = $readableTagName; + } else { + $tags[] = $tag['Tag']['name']; + } + } $this->params = [ [ 'id' => 'scope', @@ -62,6 +77,14 @@ class Module_tag_if extends WorkflowBaseLogicModule 'options' => $tags, 'placeholder' => __('Pick a tag'), ], + [ + 'id' => 'clusters', + 'label' => __('Galaxy Clusters'), + 'type' => 'picker', + 'multiple' => true, + 'options' => $clusters, + 'placeholder' => __('Pick a Galaxy Cluster'), + ], ]; } @@ -70,12 +93,17 @@ class Module_tag_if extends WorkflowBaseLogicModule parent::exec($node, $roamingData, $errors); $params = $this->getParamsWithValues($node); - $value = $params['tags']['value']; + $selectedTags = !empty($params['tags']['value']) ? $params['tags']['value'] : []; + $selectedClusters = !empty($params['clusters']['value']) ? $params['clusters']['value'] : []; + $selectedClusters = array_map(function($tagName) { + return "misp-galaxy:{$tagName}"; // restored stripped part for display purposes + }, $selectedClusters); + $allSelectedTags = array_merge($selectedTags, $selectedClusters); $operator = $params['condition']['value']; $scope = $params['scope']['value']; $data = $roamingData->getData(); $extracted = $this->__getTagFromScope($scope, $data); - $eval = $this->evaluateCondition($extracted, $operator, $value); + $eval = $this->evaluateCondition($extracted, $operator, $allSelectedTags); return !empty($eval); } diff --git a/app/Model/WorkflowModules/logic/Module_threat_level_if.php b/app/Model/WorkflowModules/logic/Module_threat_level_if.php new file mode 100644 index 000000000..6b281ea03 --- /dev/null +++ b/app/Model/WorkflowModules/logic/Module_threat_level_if.php @@ -0,0 +1,96 @@ + 'Is', + 'not_equals' => 'Is not', + 'greater_or_equal_than' => 'Greater or equal than', + 'less_or_equal_than' => 'Less or equal than', + ]; + private $threatlevels_mapping; + + public function __construct() + { + parent::__construct(); + $this->Event = ClassRegistry::init('Event'); + $this->threatlevels_mapping = $this->Event->ThreatLevel->listThreatLevels(); + + $this->params = [ + [ + 'id' => 'condition', + 'label' => 'Condition', + 'type' => 'select', + 'default' => 'equals', + 'options' => $this->operators, + ], + [ + 'id' => 'threatlevel', + 'label' => 'Threat Level', + 'type' => 'select', + 'default' => 'Low', + 'options' => $this->threatlevels_mapping, + 'placeholder' => __('Pick a threat level'), + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors=[]): bool + { + parent::exec($node, $roamingData, $errors); + $params = $this->getParamsWithValues($node); + + $operator = $params['condition']['value']; + $selected_threatlevel = $params['threatlevel']['value']; + + $data = $roamingData->getData(); + $threatlevel_id = $data['Event']['threat_level_id']; + + if ($operator == 'equals') { + if ($threatlevel_id == $selected_threatlevel) { + return true; + } else { + return false; + } + } + + if ($operator == 'not_equals') { + if ($threatlevel_id != $selected_threatlevel) { + return true; + } else { + return false; + } + } + + if ($operator == 'greater_or_equal_than') { + if($threatlevel_id <= $selected_threatlevel) { + return true; + } else { + return false; + } + } + + if ($operator == 'less_or_equal_than') { + if($threatlevel_id >= $selected_threatlevel) { + return true; + } else { + return false; + } + } + + return false; + } + +} diff --git a/app/Model/WorkflowModules/trigger/Module_log_after_save.php b/app/Model/WorkflowModules/trigger/Module_log_after_save.php new file mode 100644 index 000000000..e47bc410d --- /dev/null +++ b/app/Model/WorkflowModules/trigger/Module_log_after_save.php @@ -0,0 +1,21 @@ +trigger_overhead_message = __('This trigger is called each time after Log event has been saved. This means that when a large quantity of Logs are being saved, the workflow will be run for as many time as there are log entries.'); + } +} diff --git a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php index a7a61cddd..11c43ff0f 100755 --- a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php +++ b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php @@ -214,7 +214,7 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate ]; $url = self::$auth_provider . self::$ad_tenant . "/oauth2/v2.0/token"; - $response = (new HttpSocket())->post($url, $params, $options); + $response = ($this->_createHttpSocket())->post($url, $params, $options); if (!$response->isOk()) { $this->_log("warning", "Error received during Bearer token fetch (context)."); @@ -239,7 +239,7 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate ]; $url = self::$auth_provider_user . "/v1.0/me"; - $response = (new HttpSocket())->get($url, null, $options); + $response = ($this->_createHttpSocket())->get($url, null, $options); if (!$response->isOk()) { $this->_log("warning", "Error received during user data fetch."); @@ -303,11 +303,11 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate 'Authorization' => 'Bearer ' . $authdata["access_token"] ] ]; - + $has_next_page = true; $url = self::$auth_provider_user . "/v1.0/me/memberOf"; while ($has_next_page) { - $response = (new HttpSocket())->get($url, array(), $options); + $response = ($this->_createHttpSocket())->get($url, array(), $options); if (!$response->isOk()) { $this->_log("warning", "Error received during user group data fetch."); @@ -346,4 +346,20 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate return false; } + + /** + * Create HttpSocket with proxy settings + * + * @return HttpSocket + */ + private function _createHttpSocket() + { + $httpSocket = new HttpSocket(); + $proxy = Configure::read('Proxy'); + if (isset($proxy['host']) && !empty($proxy['host'])) { + $httpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']); + } + + return $httpSocket; + } } diff --git a/app/Plugin/Assets/models/behaviors/LogableBehavior.php b/app/Plugin/Assets/models/behaviors/LogableBehavior.php index 05e73d75d..a0ce0ba3f 100644 --- a/app/Plugin/Assets/models/behaviors/LogableBehavior.php +++ b/app/Plugin/Assets/models/behaviors/LogableBehavior.php @@ -161,10 +161,17 @@ class LogableBehavior extends ModelBehavior { 'limit' => 50); $params = array_merge($defaults, $params); $options = array( - 'order' => $params['order'], 'conditions' => $params['conditions'], 'fields' => $params['fields'], - 'limit' => $params['limit']); + 'limit' => $params['limit'] + ); + if (!empty($options['order'])) { + $options['order'] = $Model->findOrder( + $options['order'], + 'Attribute', + ['id', 'action', 'model_id', 'model', 'ip', 'org', 'email'] + ); + } if ($params[$this->settings[$Model->alias]['classField']] === NULL) { $params[$this->settings[$Model->alias]['classField']] = $Model->alias; } diff --git a/app/Plugin/OidcAuth/Lib/Oidc.php b/app/Plugin/OidcAuth/Lib/Oidc.php index f254296c8..edec8b65d 100644 --- a/app/Plugin/OidcAuth/Lib/Oidc.php +++ b/app/Plugin/OidcAuth/Lib/Oidc.php @@ -19,6 +19,8 @@ class Oidc { $oidc = $this->prepareClient(); + $this->log(null, 'Authenticate'); + if (!$oidc->authenticate()) { throw new Exception("OIDC authentication was not successful."); } @@ -133,13 +135,13 @@ class Oidc ]; if (!$this->User->save($userData)) { - throw new RuntimeException("Could not save user `$mispUsername` to database."); + throw new RuntimeException("Could not create user `$mispUsername` in database."); } $refreshToken = $this->getConfig('offline_access', false) ? $oidc->getRefreshToken() : null; $this->storeMetadata($this->User->id, $claims, $refreshToken); - $this->log($mispUsername, "User saved in database with ID {$this->User->id}"); + $this->log($mispUsername, "User created in database with ID {$this->User->id}"); $this->log($mispUsername, 'Logged in.'); $user = $this->_findUser($settings, ['User.id' => $this->User->id]); @@ -514,11 +516,21 @@ class Oidc } /** - * @param string $username + * @param string|null $username * @param string $message */ private function log($username, $message) { - CakeLog::info("OIDC: User `$username` – $message"); + $sessionId = substr(session_id(), 0, 6); + $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; + $ip = isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : $_SERVER['REMOTE_ADDR']; + + if ($username) { + $message = "OIDC user `$username` [$ip;$sessionId] – $message"; + } else { + $message = "OIDC [$ip;$sessionId] – $message"; + } + + CakeLog::info($message); } } diff --git a/app/Test/AttributeValidationToolTest.php b/app/Test/AttributeValidationToolTest.php index 16226d308..b1781220d 100644 --- a/app/Test/AttributeValidationToolTest.php +++ b/app/Test/AttributeValidationToolTest.php @@ -110,6 +110,20 @@ class AttributeValidationToolTest extends TestCase ]); } + public function testValidateAs(): void + { + $this->shouldBeValid('AS', [ + '0', + 0, + 1, + '1', + 4294967295, + ]); + $this->shouldBeInvalid('AS', [ + '1.2.3.4', + ]); + } + public function testCompressIpv6(): void { $this->assertEquals('1234:fd2:5621:1:89::4500', AttributeValidationTool::modifyBeforeValidation('ip-src', '1234:0fd2:5621:0001:0089:0000:0000:4500')); diff --git a/app/View/AccessLogs/admin_index.ctp b/app/View/AccessLogs/admin_index.ctp new file mode 100644 index 000000000..d8e0efa50 --- /dev/null +++ b/app/View/AccessLogs/admin_index.ctp @@ -0,0 +1,383 @@ +
+

+
+
+
+ + +
+
+ Html->script('moment.min'); + echo $this->Html->script('doT'); + echo $this->Html->script('extendext'); + echo $this->Html->css('query-builder.default'); + echo $this->Html->script('query-builder'); + ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
LightPaginator->sort('created') ?>LightPaginator->sort('user_id', __('User')) ?>LightPaginator->sort('ip', __('IP')) ?>LightPaginator->sort('org_id', __('Org')) ?>LightPaginator->sort('request_method', __('Request')) ?>LightPaginator->sort('url', __('URL')) ?>LightPaginator->sort('response_code', __('Code')) ?>LightPaginator->sort('memory_usage', __('Memory')) ?>LightPaginator->sort('duration', __('Duration')) ?>LightPaginator->sort('query_count', __('Queries')) ?>
Time->time($item['AccessLog']['created']); ?>' . h($item['User']['email']) . ''; + } else { + echo __('Deleted user #%s', h($item['AccessLog']['user_id'])); + } + + if (!empty($item['AccessLog']['authkey_id'])) { + echo ' '; + } + ?> + OrgImg->getOrgLogo($item, 24); + } else if ($item['AccessLog']['org_id'] != 0) { + echo __('Deleted org #%s', h($item['AccessLog']['org_id'])); + } + ?> + + "> + ' : '' ?> + ms' : '') ?> +
+ +
+ +element('/genericElements/SideMenu/side_menu', ['menuList' => 'logs', 'menuItem' => 'listAccessLogs']); + diff --git a/app/View/AccessLogs/admin_query_log.ctp b/app/View/AccessLogs/admin_query_log.ctp new file mode 100644 index 000000000..f25bc0cb7 --- /dev/null +++ b/app/View/AccessLogs/admin_query_log.ctp @@ -0,0 +1,14 @@ + + + + + + + + + + + + + +
diff --git a/app/View/AccessLogs/admin_request.ctp b/app/View/AccessLogs/admin_request.ctp new file mode 100644 index 000000000..b2eb724d8 --- /dev/null +++ b/app/View/AccessLogs/admin_request.ctp @@ -0,0 +1 @@ +
diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp index 288dd0387..db89756d6 100644 --- a/app/View/Attributes/add.ctp +++ b/app/View/Attributes/add.ctp @@ -52,16 +52,18 @@ 'div' => 'input clear', 'label' => __("Contextual Comment") ), + array( + 'field' => 'batch_import', + 'type' => 'checkbox', + 'requirements' => $action === 'add', + 'label' => __('Batch import') . ' ', + ), array( 'field' => 'to_ids', 'type' => 'checkbox', 'label' => __("For Intrusion Detection System"), //'stayInLine' => 1 ), - array( - 'field' => 'batch_import', - 'type' => 'checkbox' - ), array( 'field' => 'disable_correlation', 'type' => 'checkbox' @@ -89,7 +91,7 @@ ), 'metaFields' => array( '', - '
' + '
' ) ) )); diff --git a/app/View/Attributes/ajax/attributeEditCategoryForm.ctp b/app/View/Attributes/ajax/attributeEditCategoryForm.ctp index 4d45de114..a44a9b7f1 100644 --- a/app/View/Attributes/ajax/attributeEditCategoryForm.ctp +++ b/app/View/Attributes/ajax/attributeEditCategoryForm.ctp @@ -1,12 +1,12 @@ Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_category_form', 'url' => $baseurl . '/attributes/editField/' . $object['id'])); ?> -
+
Form->input('category', array( - 'options' => array(array_combine($typeCategory[$object['type']], $typeCategory[$object['type']])), + 'options' => array_combine($possibleCategories, $possibleCategories), 'label' => false, 'selected' => $object['category'], 'error' => array('escape' => false), diff --git a/app/View/Attributes/ajax/attributeEditTypeForm.ctp b/app/View/Attributes/ajax/attributeEditTypeForm.ctp index 64dc561fa..fb3092932 100644 --- a/app/View/Attributes/ajax/attributeEditTypeForm.ctp +++ b/app/View/Attributes/ajax/attributeEditTypeForm.ctp @@ -1,12 +1,12 @@ Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_type_form', 'url' => $baseurl . '/attributes/editField/' . $object['id'])); ?> -
+
Form->input('type', array( - 'options' => array(array_combine($categoryDefinitions[$object['category']]['types'], $categoryDefinitions[$object['category']]['types'])), + 'options' => $options, 'label' => false, 'selected' => $object['type'], 'error' => array('escape' => false), diff --git a/app/View/Attributes/ajax/attributeViewFieldForm.ctp b/app/View/Attributes/ajax/attributeViewFieldForm.ctp index 9c145fcc9..e89641444 100644 --- a/app/View/Attributes/ajax/attributeViewFieldForm.ctp +++ b/app/View/Attributes/ajax/attributeViewFieldForm.ctp @@ -3,12 +3,12 @@ if ($field === 'value') { echo $this->element('Events/View/value_field', ['object' => $object['Attribute']]); } elseif ($field === 'timestamp') { echo $this->Time->date($value); -} else { - if ($value === 'No') { - echo ''; - } else if ($value === 'Yes') { - echo ''; +} elseif ($field === 'distribution') { + if ($value == 0) { + echo '' . $shortDist[$value] . ''; } else { - echo nl2br(h($value), false); + echo $shortDist[$value]; } +} else { + echo nl2br(h($value), false); } diff --git a/app/View/Attributes/index.ctp b/app/View/Attributes/index.ctp index 788657df6..77dca0fb2 100755 --- a/app/View/Attributes/index.ctp +++ b/app/View/Attributes/index.ctp @@ -8,6 +8,7 @@ echo $this->element('/genericElements/IndexTable/index_table', [ 'title' => __('Attributes'), 'primary_id_path' => 'Attribute.id', 'data' => $attributes, + 'light_paginator' => true, 'fields' => [ [ 'name' => __('Date'), @@ -140,27 +141,24 @@ echo $this->element('/genericElements/IndexTable/index_table', [ 'Attribute.id' ], 'icon' => 'comment', - 'complex_requirement' => [ - 'function' => function ($object) use ($isSiteAdmin, $me) { - return $isSiteAdmin || ($object['Event']['orgc_id'] !== $me['org_id']); - } - ] + 'title' => __('Add proposal'), + 'complex_requirement' => function ($object) use ($isSiteAdmin, $me) { + return $isSiteAdmin || ($object['Event']['orgc_id'] !== $me['org_id']); + }, ], [ 'onclick' => "deleteObject('shadow_attributes', 'delete', '[onclick_params_data_path]');", 'onclick_params_data_path' => 'Attribute.id', 'icon' => 'trash', 'title' => __('Propose deletion'), - 'complex_requirement' => [ - 'function' => function ($object) use ($isSiteAdmin, $me) { - return $isSiteAdmin || ($object['Event']['orgc_id'] !== $me['org_id']); - } - ] + 'complex_requirement' => function ($object) use ($isSiteAdmin, $me) { + return $isSiteAdmin || ($object['Event']['orgc_id'] !== $me['org_id']); + } ], [ 'title' => __('Propose enrichment'), 'icon' => 'asterisk', - 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/ShadowAttribute\');', + 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/Enrichment/ShadowAttribute\');', 'onclick_params_data_path' => 'Attribute.id', 'complex_requirement' => [ 'function' => function ($object) use ($modules, $isSiteAdmin, $me) { @@ -180,7 +178,7 @@ echo $this->element('/genericElements/IndexTable/index_table', [ [ 'title' => __('Propose enrichment through Cortex'), 'icon' => 'eye', - 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/ShadowAttribute/Cortex\');', + 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/Enrichment/ShadowAttribute/Cortex\');', 'onclick_params_data_path' => 'Attribute.id', 'complex_requirement' => [ 'function' => function ($object) use ($cortex_modules, $isSiteAdmin, $me) { @@ -204,7 +202,7 @@ echo $this->element('/genericElements/IndexTable/index_table', [ [ 'title' => __('Add enrichment'), 'icon' => 'asterisk', - 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/Attribute\');', + 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/Enrichment/Attribute\');', 'onclick_params_data_path' => 'Attribute.id', 'complex_requirement' => function ($object) use ($modules) { return $this->Acl->canModifyEvent($object) && @@ -215,7 +213,7 @@ echo $this->element('/genericElements/IndexTable/index_table', [ [ 'title' => __('Add enrichment via Cortex'), 'icon' => 'eye', - 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/Attribute/Cortex\');', + 'onclick' => 'simplePopup(\'' . $baseurl . '/events/queryEnrichment/[onclick_params_data_path]/Enrichment/Attribute/Cortex\');', 'onclick_params_data_path' => 'Attribute.id', 'complex_requirement' => function ($object) use ($cortex_modules) { return $this->Acl->canModifyEvent($object) && @@ -252,7 +250,8 @@ echo $this->element('/genericElements/IndexTable/index_table', [ return $this->Acl->canModifyEvent($object) && empty($object['Event']['publish_timestamp']); }, ] - ] + ], + 'persistUrlParams' => ['results'] ] ]); @@ -272,7 +271,6 @@ $class = $isSearch ? 'searchAttributes' : 'listAttributes'; echo $this->element('/genericElements/SideMenu/side_menu', ['menuList' => 'event-collection', 'menuItem' => $class]); ?> - element('/genericElements/SideMenu/side_menu', array('menuList' => 'event-collection', 'menuItem' => 'searchAttributes')); diff --git a/app/View/AuditLogs/admin_index.ctp b/app/View/AuditLogs/admin_index.ctp index 81c556d48..5230b068b 100644 --- a/app/View/AuditLogs/admin_index.ctp +++ b/app/View/AuditLogs/admin_index.ctp @@ -14,7 +14,7 @@ echo $this->Html->css('query-builder.default'); echo $this->Html->script('query-builder'); ?> - element('/genericElements/SideMenu/side_menu', ['menuList' => 'logs', 'menuItem' => 'listAuditLogs']); diff --git a/app/View/AuditLogs/event_index.ctp b/app/View/AuditLogs/event_index.ctp index 76c88152a..b78afc18b 100644 --- a/app/View/AuditLogs/event_index.ctp +++ b/app/View/AuditLogs/event_index.ctp @@ -1,55 +1,59 @@ -
-

- - - - - - - - - - - - - - - - - - - - - - -
Paginator->sort('created') ?>Paginator->sort('user_id', __('User')) ?>Paginator->sort('org_id', __('Org')) ?>Paginator->sort('action') ?>
Time->time($item['AuditLog']['created']); ?>OrgImg->getOrgLogo($item, 24) : '' ?>element('AuditLog/change', ['item' => $item]) ?>
-

- Paginator->counter(array( - 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}') - )); - ?> -

- -
-element('/genericElements/SideMenu/side_menu', ['menuList' => 'event', 'menuItem' => 'eventLog']); - +', empty($ajax) ? ' class="index"' : ''); +echo $this->element('genericElements/IndexTable/index_table', [ + 'data' => [ + 'light_paginator' => 1, + 'data' => $data, + 'fields' => [ + [ + 'name' => __('Created'), + 'data_path' => 'AuditLog.created', + 'sort' => 'AuditLog.created', + 'class' => 'short', + 'element' => 'time' + ], + [ + 'name' => __('User'), + 'data_path' => 'User.email', + 'sort' => 'User.email', + 'class' => 'short', + 'empty' => 'SYSTEM' + ], + [ + 'name' => __('Organisation'), + 'data_path' => 'Organisation', + 'sort' => 'Organisation.name', + 'element' => 'org', + 'class' => 'short' + ], + [ + 'name' => __('Action'), + 'data_path' => 'AuditLog.action_human', + 'sort' => 'AuditLog.action_human', + 'class' => 'short' + ], + [ + 'name' => __('Model'), + 'data_path' => 'AuditLog', + 'element' => 'model', + 'class' => 'short' + ], + [ + 'name' => __('Title'), + 'data_path' => 'AuditLog.title', + 'class' => 'limitedWidth' + ], + [ + 'name' => __('Change'), + 'data_path' => 'AuditLog', + 'element' => 'custom_element', + 'element_path' => 'AuditLog/change' + ] + ], + 'title' => __('Audit logs for event #%s', intval($event['Event']['id'])) + ] +]); +echo '
'; +if (empty($ajax)) { + echo $this->element('/genericElements/SideMenu/side_menu', $menuData); +} diff --git a/app/View/AuthKeys/authkey_display.ctp b/app/View/AuthKeys/authkey_display.ctp index 5cd4161d3..f64321798 100644 --- a/app/View/AuthKeys/authkey_display.ctp +++ b/app/View/AuthKeys/authkey_display.ctp @@ -12,7 +12,7 @@
- +

- + diff --git a/app/View/AuthKeys/index.ctp b/app/View/AuthKeys/index.ctp index bc61d58fa..cc84c1314 100644 --- a/app/View/AuthKeys/index.ctp +++ b/app/View/AuthKeys/index.ctp @@ -43,6 +43,7 @@ 'element' => empty($user_id) ? 'links' : 'generic_field', 'url' => $baseurl . '/users/view', 'url_params_data_paths' => ['User.id'], + 'requirement' => $me['Role']['perm_admin'] || $me['Role']['perm_site_admin'], ], [ 'name' => __('Auth Key'), @@ -72,6 +73,11 @@ 'name' => __('Allowed IPs'), 'data_path' => 'AuthKey.allowed_ips', ], + [ + 'name' => __('Seen IPs'), + 'data_path' => 'AuthKey.unique_ips', + 'element' => 'authkey_pin', + ] ], 'title' => empty($ajax) ? __('Authentication key Index') : false, 'description' => empty($ajax) ? __('A list of API keys bound to a user.') : false, @@ -93,6 +99,7 @@ ), 'icon' => 'edit', 'title' => 'Edit auth key', + 'requirement' => $canCreateAuthkey ], [ 'class' => 'modal-open', @@ -100,6 +107,7 @@ 'url_params_data_paths' => ['AuthKey.id'], 'icon' => 'trash', 'title' => __('Delete auth key'), + 'requirement' => $canCreateAuthkey ] ] ] diff --git a/app/View/AuthKeys/view.ctp b/app/View/AuthKeys/view.ctp index ff9c8262d..106063b27 100644 --- a/app/View/AuthKeys/view.ctp +++ b/app/View/AuthKeys/view.ctp @@ -48,7 +48,7 @@ echo $this->element('genericElements/SingleViews/single_view', [ 'type' => 'custom', 'function' => function (array $data) { if (is_array($data['AuthKey']['allowed_ips'])) { - return implode("
", array_map('h', $data['AuthKey']['allowed_ips'])); + return implode("
", array_map('h', $data['AuthKey']['allowed_ips'])); } return __('All'); } @@ -83,9 +83,9 @@ echo $this->element('genericElements/SingleViews/single_view', [ 'requirement' => isset($keyUsage), ], [ - 'key' => __('Unique IPs'), - 'raw' => $uniqueIps, - 'requirement' => isset($keyUsage), + 'key' => __('Seen IPs'), + 'path' => 'AuthKey.unique_ips', + 'type' => 'authkey_pin' ] ], ]); diff --git a/app/View/Communities/index.ctp b/app/View/Communities/index.ctp index 4b1498fcd..9280af2cf 100644 --- a/app/View/Communities/index.ctp +++ b/app/View/Communities/index.ctp @@ -31,7 +31,7 @@ ), 'fields' => array( array( - 'name' => __('Id'), + 'name' => __('ID'), 'sort' => 'id', 'class' => 'short', 'data_path' => 'id', @@ -76,14 +76,16 @@ 'url_params_data_paths' => array( 'uuid' ), - 'icon' => 'eye' + 'icon' => 'eye', + 'title' => __('View'), ), array( 'url' => $baseurl . '/communities/requestAccess', 'url_params_data_paths' => array( 'uuid' ), - 'icon' => 'comments' + 'icon' => 'comments', + 'title' => __('Request access'), ) ) ) @@ -91,12 +93,12 @@ echo '
'; echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'sync', 'menuItem' => 'list_communities')); ?> - \ No newline at end of file diff --git a/app/View/Elements/generic_picker.ctp b/app/View/Elements/generic_picker.ctp index a4ae2df31..365fc5e52 100644 --- a/app/View/Elements/generic_picker.ctp +++ b/app/View/Elements/generic_picker.ctp @@ -78,8 +78,7 @@ function setupChosen(id, redrawChosen) { fn = window[fn]; submitFunction(this, fn); } else { - select = this; - $select = $(select); + var $select = $(this); var endpoint; if (selected !== undefined) { endpoint = selected.selected; @@ -87,7 +86,7 @@ function setupChosen(id, redrawChosen) { endpoint = $(event.target).val(); } if (endpoint === '') { - $wrapper = $select.closest('div').find('div.generic-picker-wrapper'); + var $wrapper = $select.closest('div').find('div.generic-picker-wrapper'); $wrapper.hide(0); } else { $select.data('endpoint', endpoint); @@ -112,6 +111,13 @@ function setupChosen(id, redrawChosen) { } else { $elem.filter('[autofocus]').trigger('chosen:activate'); } + + // Hide popover when pressing ESC on closed chosen + $chosenContainer.on('keydown', function (e) { + if (e.keyCode === 27 && !$chosenContainer.hasClass('chosen-with-drop')) { + execAndClose($elem); + } + }); } var debounceTimer; diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index 8c4801f2c..0771b6529 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -1,7 +1,6 @@ 'root', @@ -253,15 +252,18 @@ 'url' => $baseurl . '/users/statistics' ), array( - 'type' => 'separator' + 'type' => 'separator', + 'requirement' => $this->Acl->canAccess('threads', 'index'), ), array( 'text' => __('List Discussions'), - 'url' => $baseurl . '/threads/index' + 'url' => $baseurl . '/threads/index', + 'requirement' => $this->Acl->canAccess('threads', 'index'), ), array( 'text' => __('Start Discussion'), - 'url' => $baseurl . '/posts/add' + 'url' => $baseurl . '/posts/add', + 'requirement' => $this->Acl->canAccess('posts', 'add'), ) ) ), @@ -281,12 +283,12 @@ 'requirement' => $this->Acl->canAccess('servers', 'import'), ), array( - 'text' => __('List Servers'), + 'text' => __('Remote Servers'), 'url' => $baseurl . '/servers/index', 'requirement' => $this->Acl->canAccess('servers', 'index'), ), array( - 'text' => __('List Feeds'), + 'text' => __('Feeds'), 'url' => $baseurl . '/feeds/index', 'requirement' => $this->Acl->canAccess('feeds', 'index'), ), @@ -296,17 +298,12 @@ 'requirement' => $this->Acl->canAccess('feeds', 'searchCaches'), ), array( - 'text' => __('List SightingDB Connections'), + 'text' => __('SightingDB'), 'url' => $baseurl . '/sightingdb/index', 'requirement' => $this->Acl->canAccess('sightingdb', 'index'), ), array( - 'text' => __('Add SightingDB Connection'), - 'url' => $baseurl . '/sightingdb/add', - 'requirement' => $this->Acl->canAccess('sightingdb', 'add'), - ), - array( - 'text' => __('List Communities'), + 'text' => __('Communities'), 'url' => $baseurl . '/communities/index', 'requirement' => $this->Acl->canAccess('communities', 'index'), ), @@ -315,6 +312,11 @@ 'url' => $baseurl . '/cerebrates/index', 'requirement' => $this->Acl->canAccess('cerebrates', 'index'), ), + array( + 'text' => __('List Taxii Servers'), + 'url' => $baseurl . '/TaxiiServers/index', + 'requirement' => $this->Acl->canAccess('taxiiServers', 'index'), + ), array( 'text' => __('Event ID translator'), 'url' => '/servers/idTranslator', @@ -393,65 +395,42 @@ ), array( 'type' => 'separator', - 'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin + 'requirement' => $isSiteAdmin ), array( 'text' => __('Jobs'), 'url' => $baseurl . '/jobs/index', 'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin ), - array( - 'type' => 'separator', - 'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin - ), array( 'text' => __('Scheduled Tasks'), 'url' => $baseurl . '/tasks', 'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin ), - array( - 'text' => __('Event Block Rules'), - 'url' => $baseurl . '/servers/eventBlockRule', - 'requirement' => $isSiteAdmin - ), - array( - 'type' => 'separator', - 'requirement' => Configure::read('MISP.enableEventBlocklisting') !== false && $isSiteAdmin - ), array( 'html' => sprintf( - '%s%s', - __('Workflows'), - __('new') + '%s', + __('Workflows') ), 'url' => $baseurl . '/workflows/triggers', 'requirement' => $isSiteAdmin ), array( 'type' => 'separator', - 'requirement' => Configure::read('MISP.enableEventBlocklisting') !== false && $isSiteAdmin + 'requirement' => $isSiteAdmin ), array( - 'text' => __('Blocklist Event'), - 'url' => $baseurl . '/eventBlocklists/add', - 'requirement' => Configure::read('MISP.enableEventBlocklisting') !== false && $isSiteAdmin + 'text' => __('Event Block Rules'), + 'url' => $baseurl . '/servers/eventBlockRule', + 'requirement' => $isSiteAdmin ), array( - 'text' => __('Manage Event Blocklists'), + 'text' => __('Event Blocklists'), 'url' => $baseurl . '/eventBlocklists', 'requirement' => Configure::read('MISP.enableEventBlocklisting') !== false && $isSiteAdmin ), array( - 'type' => 'separator', - 'requirement' => Configure::read('MISP.enableEventBlocklisting') !== false && $isSiteAdmin - ), - array( - 'text' => __('Blocklist Organisation'), - 'url' => $baseurl . '/orgBlocklists/add', - 'requirement' => Configure::read('MISP.enableOrgBlocklisting') !== false && $isSiteAdmin - ), - array( - 'text' => __('Manage Org Blocklists'), + 'text' => __('Org Blocklists'), 'url' => $baseurl . '/orgBlocklists', 'requirement' => Configure::read('MISP.enableOrgBlocklisting') !== false && $isSiteAdmin ), @@ -466,9 +445,8 @@ ], [ 'html' => sprintf( - '%s%s', - __('Over-correlating values'), - __('new') + '%s', + __('Over-correlating values') ), 'url' => $baseurl . '/correlations/overCorrelations', 'requirement' => $isSiteAdmin @@ -481,20 +459,26 @@ 'requirement' => $isAclAudit, 'children' => array( array( - 'text' => __('List Logs'), - 'url' => $baseurl . '/admin/logs/index' + 'text' => __('Application Logs'), + 'url' => $baseurl . '/logs/index' ), array( - 'text' => __('List Audit Logs'), + 'text' => __('Audit Logs'), 'url' => $baseurl . '/admin/audit_logs/index', - 'requirement' => Configure::read('MISP.log_new_audit'), + 'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), + ), + array( + 'text' => __('Access Logs'), + 'url' => $baseurl . '/admin/access_logs/index', + 'requirement' => $isSiteAdmin ), array( 'text' => __('Search Logs'), - 'url' => $baseurl . '/admin/logs/search' + 'url' => $baseurl . '/admin/logs/search', + 'requirement' => $this->Acl->canAccess('logs', 'admin_search') ) ) - ), + ), array( 'type' => 'root', 'text' => __('API'), diff --git a/app/View/Elements/healthElements/correlations.ctp b/app/View/Elements/healthElements/correlations.ctp index b1e253034..3c7db1e38 100644 --- a/app/View/Elements/healthElements/correlations.ctp +++ b/app/View/Elements/healthElements/correlations.ctp @@ -2,7 +2,7 @@ echo '
'; echo sprintf( '

%s

%s

', - __('This is the correlation management interface. Its goal is to provide youwith information about the currently used correlation engine as well as the data stores of currently dormant engines.'), + __('This is the correlation management interface. Its goal is to provide you with information about the currently used correlation engine as well as the data stores of currently dormant engines.'), __('You will also find management tools for the various engines below, make sure that you keep an eye on the disk requirements as well as the exhaustion of IDs and recorrelate the instance when needed.') ); echo sprintf( diff --git a/app/View/Elements/healthElements/db_schema_diagnostic.ctp b/app/View/Elements/healthElements/db_schema_diagnostic.ctp index 351704f3f..e605e67f0 100644 --- a/app/View/Elements/healthElements/db_schema_diagnostic.ctp +++ b/app/View/Elements/healthElements/db_schema_diagnostic.ctp @@ -19,32 +19,28 @@ ), [...] ); - - */ - function highlightAndSanitize($dirty, $toHighlight, $colorType = 'success') - { - if (is_array($dirty)) { - $arraySane = array(); - foreach ($dirty as $i => $item) { - if (in_array($item, $toHighlight)) { - $arraySane[] = sprintf('', $colorType) . h($item) . ''; - } else { - $arraySane[] = h($item); - } +function highlightAndSanitize($dirty, $toHighlight, $colorType = 'success') +{ + if (is_array($dirty)) { + $arraySane = array(); + foreach ($dirty as $i => $item) { + if (in_array($item, $toHighlight)) { + $arraySane[] = sprintf('', $colorType) . h($item) . ''; + } else { + $arraySane[] = h($item); } - return $arraySane; - } else { - $sane = h($dirty); - $sane = str_replace($toHighlight, sprintf('', $colorType) . h($toHighlight) . '', $sane); - return $sane; } + return $arraySane; + } else { + $sane = h($dirty); + $sane = str_replace($toHighlight, sprintf('', $colorType) . h($toHighlight) . '', $sane); + return $sane; } -?> +} - $tableDiagnostic) { foreach ($tableDiagnostic as $i => $columnDiagnostic) { @@ -171,12 +167,13 @@ __('Updates are locked due to to many update fails') : sprintf(__('Updates unlocked in %s'), h($humanReadableTime))) : __('Updates are not locked'), $updateLocked ? 'times' : 'check' - ); + ); + $validDataSource = in_array($dataSource, ['Database/Mysql', 'Database/MysqlExtended'], true); echo sprintf('%s ', - $dataSource != 'Database/Mysql' ? 'important' : 'success', + $validDataSource ? 'success' : 'important', __('DataSource: ') . h($dataSource), __('DataSource: ') . h($dataSource), - $dataSource != 'Database/Mysql' ? 'times' : 'check' + $validDataSource ? 'check' : 'times' ); if ($expectedDbVersion == $actualDbVersion) { echo $this->element('/healthElements/db_indexes_diagnostic', array( @@ -198,7 +195,7 @@ function adjustRowSpan() { }) } -$(document).ready(function() { +$(function() { // hide non-critical issues if ($('#dbSchemaDiagnosticCheckbox').prop('checked')) { $('#dbSchemaDiagnosticTable').find('tr.noncritical').show(); diff --git a/app/View/Elements/healthElements/diagnostics.ctp b/app/View/Elements/healthElements/diagnostics.ctp index 90ab76710..0ced5e5c9 100644 --- a/app/View/Elements/healthElements/diagnostics.ctp +++ b/app/View/Elements/healthElements/diagnostics.ctp @@ -7,33 +7,48 @@ $humanReadableFilesize = function ($bytes, $dec = 2) { ?>
-
\'utf8\' line in ') . APP; ?>Config/database.php
+
+ \'utf8\' line in ') . APP; ?>Config/database.php +

-

+

" . __('The online version check is disabled, so you will not be warned about an outdated MISP version.') . " "; + } + echo __('Make sure that you update MISP regularly.'); + ?>

- + @@ -45,25 +60,49 @@ $humanReadableFilesize = function ($bytes, $dec = 2) {
- - + +
- +
- +
+ +
+ +

+

+ -

+ + You are using a MISP installation method that does not support or recommend using the MISP self-update, such as a Docker container. Please update using the appropriate update mechanism. + +

+

@@ -238,6 +277,40 @@ $humanReadableFilesize = function ($bytes, $dec = 2) { +

+

+ + + + + + + + + + + $info): ?> + + + + + + + + +
' : '' ?> (' . h($version) .')'; + } else { + echo ''; + if ($outdated) { + echo '
' . __("Version %s installed, but required at least %s", h($version), h($info['required_version'])); + } + } + ?>
+
element('/genericElements/IndexTable/index_table', array( 'data' => array( diff --git a/app/View/Elements/healthElements/tabs.ctp b/app/View/Elements/healthElements/tabs.ctp index daa0ee043..22ad4e038 100644 --- a/app/View/Elements/healthElements/tabs.ctp +++ b/app/View/Elements/healthElements/tabs.ctp @@ -50,12 +50,13 @@ ), 'active' => $active_tab === 'diagnostics' ); - - $data['children'][0]['children'][] = array( - 'url' => $baseurl . '/servers/serverSettings/files', - 'text' => __('Manage files'), - 'active' => $active_tab === 'files' - ); + if (empty(Configure::read('Security.disable_instance_file_uploads'))) { + $data['children'][0]['children'][] = array( + 'url' => $baseurl . '/servers/serverSettings/files', + 'text' => __('Manage files'), + 'active' => $active_tab === 'files' + ); + } $data['children'][0]['children'][] = array( 'url' => $baseurl . '/servers/serverSettings/workers', 'title' => __('Workers'), diff --git a/app/View/Elements/rich_tag.ctp b/app/View/Elements/rich_tag.ctp new file mode 100644 index 000000000..c7a70f97a --- /dev/null +++ b/app/View/Elements/rich_tag.ctp @@ -0,0 +1,99 @@ +TextColour->getTextColour($tag['Tag']['colour']); +$aClass = 'tag nowrap'; +$aText = trim($tag['Tag']['name']); +$aTextModified = null; +if (isset($tag_display_style)) { + if ($tag_display_style == 1) { + // default behaviour, do nothing for now + } else if ($tag_display_style == 2) { + $separator_pos = strpos($aText, ':'); + if ($separator_pos !== false) { + $aTextModified = substr($aText, $separator_pos + 1); + $value_pos = strpos($aTextModified, '='); + if ($value_pos !== false) { + $aTextModified = substr($aTextModified, $value_pos + 1); + $aTextModified = trim($aTextModified, '"'); + } + $aTextModified = h($aTextModified); + } + } else if ($tag_display_style === 0 || $tag_display_style === '0') { + $aTextModified = ' '; + } +} +$aText = h($aText); +$span_scope = !empty($hide_global_scope) ? '' : sprintf( + '', + 'black-white tag', + !empty($tag['local']) ? __('Local tag') : __('Global tag'), + !empty($tag['local']) ? __('Local tag') : __('Global tag'), + !empty($tag['local']) ? 'user' : 'globe-americas' +); +$span_relationship_type = empty($tag['relationship_type']) ? '' : sprintf( + '%s:', + h($tag['relationship_type']), + h($tag['relationship_type']), + h($tag['relationship_type']) +); +if (!empty($tag['Tag']['id'])) { + $span_tag = sprintf( + '%s', + $baseurl . $searchUrl . intval($tag['Tag']['id']), + $aStyle, + $aClass, + isset($aTextModified) ? ' title="' . $aText . '"' : '', + intval($tag['Tag']['id']), + isset($aTextModified) ? $aTextModified : $aText + ); +} else { + $span_tag = sprintf( + '%s', + $aStyle, + $aClass, + $aText + ); +} +$span_delete = ''; +$span_relationship = ''; +if ($canModifyAllTags || ($canModifyLocalTags && $tag['Tag']['local'])) { + $span_relationship = sprintf( + '', + 'black-white tag noPrint modal-open', + __('Modify Tag Relationship'), + __('Modify relationship for tag %s', h($tag['Tag']['name'])), + sprintf( + '%s/tags/modifyTagRelationship/%s/%s', + $baseurl, + h($scope), + h($tag['id']) + ) + ); + $span_delete = sprintf( + 'x', + 'black-white tag useCursorPointer noPrint', + __('Remove tag'), + "button", + "0", + __('Remove tag %s', h($tag['Tag']['name'])), + sprintf( + "removeObjectTagPopup(this, '%s', %s, %s)", + $scope, + $id, + intval($tag['Tag']['id']) + ) + ); +} + +echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ' '; diff --git a/app/View/Elements/sparkline_new.ctp b/app/View/Elements/sparkline_new.ctp index 4dd7142ec..835787cde 100644 --- a/app/View/Elements/sparkline_new.ctp +++ b/app/View/Elements/sparkline_new.ctp @@ -1,6 +1,6 @@ -
+
diff --git a/app/View/Elements/templateElements/populateTemplateAttribute.ctp b/app/View/Elements/templateElements/populateTemplateAttribute.ctp index c6b77ab93..e7d853c92 100644 --- a/app/View/Elements/templateElements/populateTemplateAttribute.ctp +++ b/app/View/Elements/templateElements/populateTemplateAttribute.ctp @@ -65,7 +65,7 @@ ?>
> - +
diff --git a/app/View/Elements/view_event_distribution_graph.ctp b/app/View/Elements/view_event_distribution_graph.ctp index 74a323944..6326133e5 100644 --- a/app/View/Elements/view_event_distribution_graph.ctp +++ b/app/View/Elements/view_event_distribution_graph.ctp @@ -1,7 +1,7 @@
-
+
diff --git a/app/View/Elements/view_timeline.ctp b/app/View/Elements/view_timeline.ctp index ab8bb1bfb..370b09ddd 100644 --- a/app/View/Elements/view_timeline.ctp +++ b/app/View/Elements/view_timeline.ctp @@ -1,4 +1,4 @@ -
+
element('genericElements/assetLoader', [ - 'js' => [ - 'moment.min', - 'event-timeline', - ], - 'css' => [ - 'event-timeline', - ], - ]); + 'js' => [ + 'moment.min', + 'Chart.min', + 'chartjs-adapter-moment.min', + 'event-timeline', + ], + 'css' => [ + 'event-timeline', + ], +]); diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index e9a529d8f..3ed1836f4 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -52,6 +52,16 @@ $mitre_galaxy_tag_prefix = 'misp-galaxy:mitre-attack-pattern="'; $reportLink = sprintf('%s/users/viewPeriodicSummary/%s', $baseurl, $period); $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%s/searchPublishTimestamp:%s', $baseurl, h($start_date->format('Y-m-d H:i:s')), h($now->format('Y-m-d H:i:s'))); +$newCorrelationExplanationText = implode(' ', [ + __('Correlations for the current set of Events are considered as `new` if their matching attribute has been modified during the chosen period.'), + '', + __('Example for a selected period of 7 days:'), + __(' Events from the past 7 days Any other Events'), + __('• Attribute( 3 days ago) → Attribute( 1 days ago) ✓'), + __('• Attribute( 3 days ago) → Attribute( 9 days ago) ✓'), + __('• Attribute(12 days ago) → Attribute( 3 days ago) ⨉'), + __('• Attribute( 9 days ago) → Attribute(11 days ago) ⨉'), +]); $processed_correlations = []; $new_correlations = []; foreach ($events as $event) { @@ -459,7 +469,11 @@ $top_mitre_attack_techniques = array_slice($mitre_attack_techniques, 0, 10); fetch('detailed-summary-correlations')) : ?> -

+

+ + + +

diff --git a/app/View/Events/ajax/enrichmentChoice.ctp b/app/View/Events/ajax/enrichmentChoice.ctp index 98c362a89..4e445c027 100644 --- a/app/View/Events/ajax/enrichmentChoice.ctp +++ b/app/View/Events/ajax/enrichmentChoice.ctp @@ -18,7 +18,7 @@ sprintf( "window.location='%s/events/queryEnrichment/%s';", $baseurl, - implode('/', array(h($attribute_id), h($module['name']), h($type))) + implode('/', array(h($id), h($module['name']), h($type), h($model))) ), h($module['description']), __('Enrich using the %s module', h($module['name'])), diff --git a/app/View/Events/ajax/importChoice.ctp b/app/View/Events/ajax/importChoice.ctp index 6996f364b..285ef97c9 100644 --- a/app/View/Events/ajax/importChoice.ctp +++ b/app/View/Events/ajax/importChoice.ctp @@ -2,9 +2,9 @@
- $import): ?> + - +
')">')">
@@ -12,7 +12,7 @@
\ No newline at end of file diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp index 7008ca72a..d564266dc 100644 --- a/app/View/Events/view.ctp +++ b/app/View/Events/view.ctp @@ -147,8 +147,6 @@ ], [ 'key' => __('Warnings'), - 'key_class' => !empty($warnings) ? 'background-red bold' : '', - 'class' => !empty($warnings) ? 'background-red bold' : '', 'type' => 'warnings', 'warnings' => $warnings, 'requirement' => !empty($warnings) && $mayModify, @@ -181,7 +179,8 @@ ], [ 'key' => __('First recorded change'), - 'raw' => !$oldest_timestamp ? '' : $this->Time->time($oldest_timestamp) + 'raw' => !$oldest_timestamp ? '' : $this->Time->time($oldest_timestamp), + 'requirement' => $oldest_timestamp, ], [ 'key' => __('Last change'), diff --git a/app/View/Events/xml/index.ctp b/app/View/Events/xml/index.ctp index d0b01a3e6..305f47181 100644 --- a/app/View/Events/xml/index.ctp +++ b/app/View/Events/xml/index.ctp @@ -1,5 +1,4 @@ $event) { diff --git a/app/View/Feeds/add.ctp b/app/View/Feeds/add.ctp index 47ccdefbd..936b3b49f 100755 --- a/app/View/Feeds/add.ctp +++ b/app/View/Feeds/add.ctp @@ -73,7 +73,7 @@ echo $this->element('genericElements/Form/genericForm', [ 'field' => 'orgc_id', 'label' => __('Creator organisation'), 'options' => $dropdownData['orgs'], - 'value' => $this->request->params['action'] === 'add' ? $me['org_id'] : '', + 'value' => $this->request->params['action'] === 'add' ? $me['org_id'] : null, 'type' => 'dropdown', 'div' => ['id' => 'OrgcDiv', 'style' => 'display:none', 'class' => 'optionalField'], 'class' => 'form-control span6' @@ -91,7 +91,8 @@ echo $this->element('genericElements/Form/genericForm', [ 'label' => __('Target Event ID'), 'placeholder' => __('Leave blank unless you want to reuse an existing event.'), 'div' => ['id' => 'TargetEventDiv', 'style' => 'display:none', 'class' => 'optionalField'], - 'class' => 'form-control span6' + 'class' => 'form-control span6', + 'required' => 0 ], [ 'field' => 'Feed.settings.csv.value', diff --git a/app/View/Galaxies/import.ctp b/app/View/Galaxies/import.ctp index 633f8d5e0..30588481a 100644 --- a/app/View/Galaxies/import.ctp +++ b/app/View/Galaxies/import.ctp @@ -7,7 +7,7 @@ echo $this->element('genericElements/Form/genericForm', array( 'data' => array( 'model' => 'Galaxy', 'title' => __('Import galaxy clusters'), - 'description' => __('Paste a JSON of cluster to import or provide a JSON file below.'), + 'description' => __('Paste a JSON of cluster to import or provide a JSON file below.
Warning: Use galaxy files generated by a MISP instance. Do NOT try to import a galaxy from the MISP-galaxy file format/github repository, as this will fail. For more information on adding galaxies see the MISP-book '), 'fields' => array( array( 'field' => 'json', diff --git a/app/View/Galaxies/index.ctp b/app/View/Galaxies/index.ctp index 1f56f458f..6fd4f9b22 100644 --- a/app/View/Galaxies/index.ctp +++ b/app/View/Galaxies/index.ctp @@ -40,7 +40,7 @@ ), 'fields' => array( array( - 'name' => __('Galaxy Id'), + 'name' => __('ID'), 'sort' => 'Galaxy.id', 'element' => 'links', 'class' => 'short', @@ -60,13 +60,14 @@ 'data_path' => 'Galaxy.name', ), array( - 'name' => __('version'), + 'name' => __('Version'), 'class' => 'short', 'data_path' => 'Galaxy.version', ), array( 'name' => __('Namespace'), 'class' => 'short', + 'sort' => 'Galaxy.namespace', 'data_path' => 'Galaxy.namespace', ), array( @@ -92,7 +93,7 @@ 'actions' => array( array( 'url' => '/galaxies/view', - 'title' => __('View'), + 'title' => __('View'), 'url_params_data_paths' => array( 'Galaxy.id' ), @@ -106,16 +107,9 @@ 'url' => $baseurl . '/galaxies/enable', 'url_params_data_paths' => ['Galaxy.id'], 'postLinkConfirm' => __('Are you sure you want to enable this galaxy library?'), - 'complex_requirement' => array( - 'function' => function ($row, $options) use ($isSiteAdmin) { - return $isSiteAdmin && !$options['datapath']['enabled']; - }, - 'options' => array( - 'datapath' => array( - 'enabled' => 'Galaxy.enabled' - ) - ) - ), + 'complex_requirement' => function ($row) use ($isSiteAdmin) { + return $isSiteAdmin && !$row['Galaxy']['enabled']; + } ), array( 'title' => __('Disable'), @@ -124,20 +118,13 @@ 'url' => $baseurl . '/galaxies/disable', 'url_params_data_paths' => ['Galaxy.id'], 'postLinkConfirm' => __('Are you sure you want to disable this galaxy library?'), - 'complex_requirement' => array( - 'function' => function ($row, $options) use ($isSiteAdmin) { - return $isSiteAdmin && $options['datapath']['enabled']; - }, - 'options' => array( - 'datapath' => array( - 'enabled' => 'Galaxy.enabled' - ) - ) - ), + 'complex_requirement' => function ($row) use ($isSiteAdmin) { + return $isSiteAdmin && $row['Galaxy']['enabled']; + } ), array( 'url' => '/galaxies/delete', - 'title' => __('Delete'), + 'title' => __('Delete'), 'url_params_data_paths' => array( 'Galaxy.id' ), @@ -152,8 +139,7 @@ echo '
'; echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'galaxies', 'menuItem' => 'galaxy_index')); ?> - +element('/genericElements/SideMenu/side_menu', ['menuList' => 'news', 'menuItem' => 'index']); \ No newline at end of file diff --git a/app/View/Noticelists/index.ctp b/app/View/Noticelists/index.ctp index 0a9b9ac96..60cf13877 100644 --- a/app/View/Noticelists/index.ctp +++ b/app/View/Noticelists/index.ctp @@ -16,21 +16,21 @@ $fields = [ 'data_path' => 'Noticelist.expanded_name' ], [ - 'name' => __('ref'), + 'name' => __('Ref'), 'data_path' => 'Noticelist.ref', 'element' => 'links' ], [ - 'name' => __('geographical_area'), + 'name' => __('Geographical area'), 'data_path' => 'Noticelist.geographical_area', 'element' => 'list' ], [ - 'name' => __('version'), + 'name' => __('Version'), 'data_path' => 'Noticelist.version', ], [ - 'name' => __('enabled'), + 'name' => __('Enabled'), 'data_path' => 'Noticelist.enabled', 'element' => 'toggle', 'url' => '/noticelists/toggleEnable', diff --git a/app/View/Noticelists/view.ctp b/app/View/Noticelists/view.ctp index cadc68ecc..82dc3ea38 100644 --- a/app/View/Noticelists/view.ctp +++ b/app/View/Noticelists/view.ctp @@ -6,7 +6,7 @@ echo $this->element( 'data' => $data, 'fields' => [ [ - 'key' => __('Id'), + 'key' => __('ID'), 'path' => 'Noticelist.id' ], [ @@ -28,7 +28,10 @@ echo $this->element( ], [ 'key' => __('Geographical Area'), - 'path' => 'Noticelist.geographical_area', + 'type' => 'custom', + 'function' => function (array $data) { + return implode('
', array_map('h', $data['Noticelist']['geographical_area'])); + } ], [ 'key' => __('Enabled'), diff --git a/app/View/Objects/add.ctp b/app/View/Objects/add.ctp index 7b7d42d55..d10a9fe1f 100644 --- a/app/View/Objects/add.ctp +++ b/app/View/Objects/add.ctp @@ -15,7 +15,7 @@
+ if ($action === 'edit' && !$update_template_available && $newer_template_version !== false): ?> @@ -30,11 +30,11 @@ -
Requirements
+
Required: ' . h(implode(', ', $template['ObjectTemplate']['requirements']['required'])) . '
'; + echo 'Required: ' . h(implode(', ', $template['ObjectTemplate']['requirements']['required'])) . '
'; } if (!empty($template['ObjectTemplate']['requirements']['requiredOneOf'])) { echo 'Required one of: ' . h(implode(', ', $template['ObjectTemplate']['requirements']['requiredOneOf'])); @@ -83,15 +83,15 @@
Form->input('first_seen', array( - 'type' => 'text', - 'div' => 'input hidden', - 'required' => false, - )); + 'type' => 'text', + 'div' => 'input hidden', + 'required' => false, + )); echo $this->Form->input('last_seen', array( - 'type' => 'text', - 'div' => 'input hidden', - 'required' => false, - )); + 'type' => 'text', + 'div' => 'input hidden', + 'required' => false, + )); if ($update_template_available && $newer_template_version !== false) { echo $this->Form->input('template_version', array( 'type' => 'text', @@ -111,7 +111,7 @@
'; + echo h($warning) . '
'; } ?>
@@ -133,32 +133,33 @@ $element): - $row_list[] = $k; + $row_list[] = $k; echo $this->element( - 'Objects/object_add_attributes', - array( - 'element' => $element, - 'k' => $k, - 'action' => $action, - 'enabledRows' => $enabledRows - ) - ); + 'Objects/object_add_attributes', + array( + 'element' => $element, + 'k' => $k, + 'action' => $action, + 'enabledRows' => $enabledRows + ) + ); if ($element['multiple']): $lastOfType = true; $lookAheadArray = array_slice($template['ObjectTemplateElement'], $k, count($template['ObjectTemplateElement']), true); if (count($lookAheadArray) > 1) { foreach ($lookAheadArray as $k2 => $temp) { if ($k2 == $k) continue; - if ($temp['object_relation'] == $element['object_relation']) { + if ($temp['object_relation'] === $element['object_relation']) { $lastOfType = false; + break; } } } if ($lastOfType): ?> - - + + - + @@ -352,24 +353,30 @@ echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'addObject', 'event' => $event)); } ?> - + +element('/genericElements/SideMenu/side_menu', ['menuList' => 'event', 'menuItem' => 'freetextResults']); \ No newline at end of file diff --git a/app/View/Objects/get_row.ctp b/app/View/Objects/get_row.ctp index cc85899a4..7fa25174d 100644 --- a/app/View/Objects/get_row.ctp +++ b/app/View/Objects/get_row.ctp @@ -8,6 +8,6 @@ ) ); ?> - diff --git a/app/View/Objects/revise_object.ctp b/app/View/Objects/revise_object.ctp index c66979690..e08f12094 100644 --- a/app/View/Objects/revise_object.ctp +++ b/app/View/Objects/revise_object.ctp @@ -26,7 +26,7 @@ $tableData = [ echo $this->Form->create('Object', array('id', 'url' => $url)); $formSettings = array( 'type' => 'hidden', - 'value' => json_encode($data), + 'value' => JsonTool::encode($data), 'label' => false, 'div' => false ); @@ -49,7 +49,7 @@ $tableData = [ - + @@ -61,15 +61,11 @@ $tableData = [ $attribute): - $cur_flat = h($attribute['object_relation']) . '.' . h($attribute['type']) . '.' .h($attribute['value']); - $cur_flat_noval = h($attribute['object_relation']) . '.' . h($attribute['type']); - $simple_flattened_attribute[$cur_flat] = $id; - $simple_flattened_attribute_noval[$cur_flat_noval] = $id; + $cur_flat = $simple_flattened_attribute[$id] ?? ''; + $cur_flat_noval = $simple_flattened_attribute_noval[$id] ?? ''; echo sprintf('', h($cur_flat), h($cur_flat_noval)); echo ''; foreach ($attributeFields as $field) { @@ -103,16 +99,16 @@ $tableData = [ Form->button($action === 'add' ? __('Create new object') : __('Update object'), array('class' => 'btn btn-primary')); ?> - - ' . __('This event contains similar objects.') . ''; ?> - ' . __('Instead of creating a new object, would you like to merge your new object into one of the following?') . ''; ?> + +

+
element('Objects/object_similarities', array( 'object' => $object, + 'attributes' => $data['Attribute'], 'template' => $template, - 'similar_object_similarity_amount' => $similar_object_similarity_amount, 'simple_flattened_attribute_noval' => $simple_flattened_attribute_noval, 'simple_flattened_attribute' => $simple_flattened_attribute, 'merge_button_functionname' => 'setMergeObject' @@ -123,7 +119,7 @@ $tableData = [

- +
@@ -172,7 +168,7 @@ function highlight_rows($panel, state) { } var un_highlight_time; -$(document).ready(function() { +$(function() { $('.similarObjectPanel').hover( function() { var $panel = $(this); diff --git a/app/View/OrgBlocklists/index.ctp b/app/View/OrgBlocklists/index.ctp index b00767d59..62d2a9dbb 100644 --- a/app/View/OrgBlocklists/index.ctp +++ b/app/View/OrgBlocklists/index.ctp @@ -32,6 +32,17 @@ echo $this->element('genericElements/IndexTable/scaffold', [ 'data_path' => 'OrgBlocklist.comment', 'class' => 'bitwider' ], + [ + 'name' => 'Blocked amount', + 'sort' => 'OrgBlocklist.blocked_data.blocked_amount', + 'data_path' => 'OrgBlocklist.blocked_data.blocked_amount', + ], + [ + 'name' => 'Blocked last time ', + 'sort' => 'OrgBlocklist.blocked_data.blocked_last_time', + 'data_path' => 'OrgBlocklist.blocked_data.blocked_last_time', + 'element' => 'datetime' + ], ], 'title' => empty($ajax) ? __('Organisation Blocklists') : false, diff --git a/app/View/Organisations/index.ctp b/app/View/Organisations/index.ctp index 7e2f809ef..346d9cafa 100644 --- a/app/View/Organisations/index.ctp +++ b/app/View/Organisations/index.ctp @@ -91,16 +91,19 @@ echo $this->element('/genericElements/IndexTable/index_table', [ ], [ 'name' => __('Nationality'), + 'sort' => 'Organisation.nationality', 'data_path' => 'Organisation', 'class' => 'short', 'element' => 'country', ], [ 'name' => __('Sector'), + 'sort' => 'Organisation.sector', 'data_path' => 'Organisation.sector', ], [ 'name' => __('Type'), + 'sort' => 'Organisation.type', 'data_path' => 'Organisation.type', ], [ diff --git a/app/View/Pages/doc/administration.ctp b/app/View/Pages/doc/administration.ctp deleted file mode 100644 index 5458a0499..000000000 --- a/app/View/Pages/doc/administration.ctp +++ /dev/null @@ -1,250 +0,0 @@ -
-
    -
  1. Html->link(__('Quick Start'), array('controller' => 'pages', 'action' => 'display', 'doc', 'quickstart')); ?>
    2. -
  2. Html->link(__('General Layout'), array('controller' => 'pages', 'action' => 'display', 'doc', 'general')); ?>
    3. -
  3. Html->link(__('General Concepts'), array('controller' => 'pages', 'action' => 'display', 'doc', 'concepts')); ?>
    4. -
  4. Html->link(__('User Management and Global actions'), array('controller' => 'pages', 'action' => 'display', 'doc', 'user_management')); ?>
    5. -
  5. Html->link(__('Using the system'), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system')); ?>
    6. -
  6. Html->link(__('Administration'), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration')); ?> -
      -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
    -
    7. -
  7. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    8. -
-
- -
-

-

-


-

:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-


-

: -

    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-


-

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

-
-

-
-
-

-
-

- - The second use is blocking, if a regular expression is entered with a blank replacement, any event info or attribute value containing the expression will not be added. Please make sure the entered regexp expression follows the preg_replace pattern rules as described here.');?>
-

-
-


-
-

-
-

:

-
-

:

-
- Allowedlist
-
-

:

-
-

:

- :
- <?php echo __('Add user');?> -
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • : click here.');?>
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

:

- :
- <?php echo __('List users');?>
-
    -
  • Id:
    • -
  • Org:
    • -
  • :
    • -
  • :
    • -
  • Contactalert:
    • -
  • GnuPGkey:
    • -
  • Nids Sid:
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

:

- :
-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • : click here.');?>
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

:

- :
- <?php echo __('Contact');?>
-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
- -
-

-
-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • : .
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

:

-
-

:

-
- <?php echo __('List roles');?>
-
-

-
- :

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

:

- :
- <?php echo __('List logs');?>

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • : :
    - variable (initial_value) => (new_value),...
    - :
    - org() => (ADMIN), date() => (20012-10-19),...
    -
- <?php echo __('Search log');?> -

:

- :

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

-

-
-

- -

- CakeResque, so all of the CakeResque commands work. - To start all of the workers needed by MISP go to your /var/www/MISP/app/Console/worker (assuming a standard installation path) and execute start.sh. - To interact with the workers, here is a list of useful commands. Go to your /var/www/MISP/app/Console (assuming a standard installation path) and execute one of the following commands as a parameter to ./cake CakeResque.CakeResque (for example: ./cake CakeResque.CakeResque tail)');?>:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
- CakeResque list of commands.');?>
-

- :

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

-

- :

-
    -
  • :
    • -
  • :
    • -
  • (h):
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

-

-

-
- :
- /var/www/MISP/app/Console/cake Password my.email@address.com
- -
diff --git a/app/View/Pages/doc/categories_and_types.ctp b/app/View/Pages/doc/categories_and_types.ctp index 296f20d95..11244e8f1 100644 --- a/app/View/Pages/doc/categories_and_types.ctp +++ b/app/View/Pages/doc/categories_and_types.ctp @@ -1,15 +1,10 @@ -
-
    -
  1. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    2. -
-
' . h($attribute['object_relation']) . '
- $catDef): ?> + $catDef): ?> @@ -21,7 +16,7 @@ $catDef): ?> @@ -73,3 +68,4 @@
- +

+element('/genericElements/SideMenu/side_menu', array('menuList' => 'globalActions', 'menuItem' => 'categoriesAndTypes')); \ No newline at end of file diff --git a/app/View/Pages/doc/concepts.ctp b/app/View/Pages/doc/concepts.ctp deleted file mode 100644 index 505b9795d..000000000 --- a/app/View/Pages/doc/concepts.ctp +++ /dev/null @@ -1,46 +0,0 @@ -
-
    -
  1. Html->link(__('Quick Start'), array('controller' => 'pages', 'action' => 'display', 'doc', 'quickstart')); ?>
    2. -
  2. Html->link(__('General Layout'), array('controller' => 'pages', 'action' => 'display', 'doc', 'general')); ?>
    3. -
  3. Html->link(__('General Concepts'), array('controller' => 'pages', 'action' => 'display', 'doc', 'concepts')); ?>
    4. -
  4. Html->link(__('User Management and Global actions'), array('controller' => 'pages', 'action' => 'display', 'doc', 'user_management')); ?>
    5. -
  5. Html->link(__('Using the system'), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system')); ?>
    6. -
  6. Html->link(__('Administration'), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration')); ?>
    7. -
  7. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    8. -
-
- -
-

-

- -

- -

- -

-
-

- -

- -

- -

- -

- -

- -

- -

- -

- -

- -

- -
diff --git a/app/View/Pages/doc/general.ctp b/app/View/Pages/doc/general.ctp deleted file mode 100644 index df8225a2c..000000000 --- a/app/View/Pages/doc/general.ctp +++ /dev/null @@ -1,97 +0,0 @@ -
-
    -
  1. Html->link(__('Quick Start'), array('controller' => 'pages', 'action' => 'display', 'doc', 'quickstart')); ?>
    2. -
  2. Html->link(__('General Layout'), array('controller' => 'pages', 'action' => 'display', 'doc', 'general')); ?>
    3. -
  3. Html->link(__('General Concepts'), array('controller' => 'pages', 'action' => 'display', 'doc', 'concepts')); ?>
    4. -
  4. Html->link(__('User Management and Global actions'), array('controller' => 'pages', 'action' => 'display', 'doc', 'user_management')); ?>
    5. -
  5. Html->link(__('Using the system'), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system')); ?>
    6. -
  6. Html->link(__('Administration'), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration')); ?>
    7. -
  7. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    8. -
-
- -
-

-

-

-

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
- -

-
-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
- -
-
    -
  • :
    • -
  • :
    • -
- -
-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
- -
-
    -
  • :
    • -
- -
-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
- -
-
    -
  • :
    • -
  • :
    • -
- -
-
    -
  • :
    • -
  • :
    • -
-

-

-
diff --git a/app/View/Pages/doc/quickstart.ctp b/app/View/Pages/doc/quickstart.ctp deleted file mode 100644 index 6cd00f014..000000000 --- a/app/View/Pages/doc/quickstart.ctp +++ /dev/null @@ -1,26 +0,0 @@ -
-
    -
  1. Html->link(__('Quick Start'), array('controller' => 'pages', 'action' => 'display', 'doc', 'quickstart')); ?>
    2. -
  2. Html->link(__('General Layout'), array('controller' => 'pages', 'action' => 'display', 'doc', 'general')); ?>
    3. -
  3. Html->link(__('General Concepts'), array('controller' => 'pages', 'action' => 'display', 'doc', 'concepts')); ?>
    4. -
  4. Html->link(__('User Management and Global actions'), array('controller' => 'pages', 'action' => 'display', 'doc', 'user_management')); ?>
    5. -
  5. Html->link(__('Using the system'), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system')); ?>
    6. -
  6. Html->link(__('Administration'), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration')); ?>
    7. -
  7. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    8. -
-
- -
-

-

-

-

-

-

-

-

- -
diff --git a/app/View/Pages/doc/user_management.ctp b/app/View/Pages/doc/user_management.ctp deleted file mode 100644 index 7cd94259b..000000000 --- a/app/View/Pages/doc/user_management.ctp +++ /dev/null @@ -1,72 +0,0 @@ -
-
    -
  1. Html->link(__('Quick Start'), array('controller' => 'pages', 'action' => 'display', 'doc', 'quickstart')); ?>
    2. -
  2. Html->link(__('General Layout'), array('controller' => 'pages', 'action' => 'display', 'doc', 'general')); ?>
    3. -
  3. Html->link(__('General Concepts'), array('controller' => 'pages', 'action' => 'display', 'doc', 'concepts')); ?>
    4. -
  4. Html->link(__('User Management and Global actions'), array('controller' => 'pages', 'action' => 'display', 'doc', 'user_management')); ?> -
      -
      • -
      • -
      • -
    -
    5. -
  5. Html->link(__('Using the system'), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system')); ?>
    6. -
  6. Html->link(__('Administration'), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration')); ?>
    7. -
  7. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    8. -
-
-
-

- -

:

-

-
    -
  • :

    • -
  • :

    -


    • -
  • :

    • -
  • :

    -


    • -
  • :

    -
  • : T

    • -
  • :
-
-

:

-
-
    -
  • -


    -
    • -
  • :

    • -
  • :

    • -
  • :

    • -
  • :

    • -
  • :

    • -
  • :

    -

-
-

:

-

-
    -
  • :

    • -
  • :

    • -
  • :

    • -
  • :

    • -
  • : -
      -
    • - : -
      • -
    • - : -
      • -
    -
    • -
-

:

-

-
    -
  • :

    • -
  • :

    • -
-
diff --git a/app/View/Pages/doc/using_the_system.ctp b/app/View/Pages/doc/using_the_system.ctp deleted file mode 100644 index 241c6c438..000000000 --- a/app/View/Pages/doc/using_the_system.ctp +++ /dev/null @@ -1,621 +0,0 @@ -
-
    -
  1. Html->link(__('Quick Start'), array('controller' => 'pages', 'action' => 'display', 'doc', 'quickstart')); ?>
    2. -
  2. Html->link(__('General Layout'), array('controller' => 'pages', 'action' => 'display', 'doc', 'general')); ?>
    3. -
  3. Html->link(__('General Concepts'), array('controller' => 'pages', 'action' => 'display', 'doc', 'concepts')); ?>
    4. -
  4. Html->link(__('User Management and Global actions'), array('controller' => 'pages', 'action' => 'display', 'doc', 'user_management')); ?>
    5. -
  5. Html->link(__('Using the system'), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system')); ?> -
      -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
      • -
    -
    6. -
  6. Html->link(__('Administration'), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration')); ?>
    7. -
  7. Html->link(__('Categories and Types'), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')); ?>
    8. -
-
-
-

:

-

:

-

- :

-

-
    -
  • :
    • -
  • : - :
    • -
  • -
      -
    • : .
      - -
      • -
    • : .
      - -
      • -
    • :
      - -
      • -
    • :
      - -
      • -
    -
    • -
  • : :
    • -
    • -
    • :
      • -
    • :
      • -
    • :
      • -
    • -
  • : :
    • -
    • -
    • :
      • -
    • :
      • -
    • :
      • -
    • -
  • :
    • -
-
-

:

-
-
-<?php echo __('Attribute tools');?>

-

-

-

:

-

<?php echo __('Add attribute');?>

-
    -
  • : Html->link(__('click here', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')));?>
    • -
  • : Html->link(__('click here', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')));?>
    • -
  • : click here.');?>
    • -
  • :
    • -
  • : Html->link(__('click here', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')));?>
    • -
  • :
    • -
  • : Html->link(__('administration', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration', '#' => 'whitelist'))); ?>
    • -
  • :
    • -
-

-

-For users trying to populate an event, after clicking on the populate from template button, you\'ll be presented with a list of all currently accessible templates. Pick the one that best describes the event that you are creating.');?>

-<?php echo __('Template Choice');?>

-

-Templates are devided into sections, with each section having a title and a description in addition to a series of fields. Each field can be an attribute or a file attachment field. An attribute field has the following components');?>:

-<?php echo __('Template Field');?>

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

-<?php echo __('Freetext');?>

-

-<?php echo __('Freetext');?>

-

-

-

-<?php echo __('Attribute Replace Tool');?>

-

-

:

-:

-

<?php echo __('Add attachment');?>


-
    -
  • :
    • -
  • : click here.');?>
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

- -

<?php echo __('Propose attribute');?>


- -
-

- -

<?php echo __('OpenIOC1');?>


-

<?php echo __('OpenIOC2');?>


-
-

-:
-
-

:

-

Publish


-

-
-
- -
-

:

-

-

:

-:

-<?php echo __('List events');?>

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • : :
    • -
  • -
      -
    • :
      • -
    • :
      • -
    • : /li> -
    • :
      • -
    -
    • -
  • : :
    • -
  • -
      -
    • :
      • -
    • :
      • -
    • :
      • -
    -
    • -
  • :
    • -
  • : here.');?>
    • -
  • : Html->link(__('click here', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'administration', '#' => 'roles'))); ?> :
    • -
  • -
      -
    • : Html->link(__('section on connecting servers', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'using_the_system', '#' => 'connect'))); ?>
      • -
    • : creating an event.');?>
      • -
    • :
      • -
    • : :

      -
    -
    • -
-

-

-

-<?php echo __('Event');?>

- -
    -
  • :
    • -
  • :
    • -
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

-
-

-
-
-
-:
-
    -
    • -
    • -
-
-:
-
    -
  • :
    • -
  • : categories and types.', $baseurl);?>
    • -
  • : categories and types.', $baseurl);?>
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -

-:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
-

-
-:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

:

-

:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

:

- :

-

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

:

-

-<?php echo __('Search attribute');?>

-

-Html->link(__('click here', true), array('controller' => 'pages', 'action' => 'display', 'doc', 'categories_and_types')));?>

-
-

-
-

:

-browsing past events.');?>

-seen here, for an attribute the attribute screen as described here).');?>

-

-
-

:

-

:

-<?php echo __('Add tag');?>

-

:

-
    -
  • :
    • -
  • :
    • -
-
-

:

-



-
-

-<?php echo __('Create Template');?>

-

:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

:

-

-<?php echo __('Template Attribute Element');?>

-

:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

-<?php echo __('Template File Element');?>

-

:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

-<?php echo __('Template Text Element');?>

-

:

-
    -
  • :
    • -
  • :
    • -
-
-

:

-

-

-


-
-
-

:

-

-automation.', $baseurl);?> -
-

:

-

-%s)', (Configure::read('MISP.background_jobs') == true ? __('On') : __('Off')));?>

-

-
-

-

-
-

-

-:

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-

-

-

-


-

-


-
-

:

-

-

:

-:

-

<?php echo __('Add server');?>

-
    -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-, trying to allow another instance to connect to your own, it is vital that two rules are followed when setting up a synchronisation account');?>:
-
    -
    • -
    • -
-

:

-

-


-
    -
  • : that is identical to the new instance view, is loaded, with all the current information of the instance pre-entered.');?>
    • -
  • :
    • -
  • :
    • -
  • :
    • -
-
-

:

-RESTfull, so this means that you can use structured format (XML or JSON) to access Events data.');?>

-

-

-

-:

-Authorization:
-Accept: application/xml
-Content-Type: application/xml

-:

-Authorization:
-Accept: application/json
-Content-Type: application/json

-:

- - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GET/eventsEventsController::index() (1)
GET/events/123EventsController::view(123) (2)
POST/eventsEventsController::add()
PUT/events/123EventsController::edit(123)
DELETE/events/123EventsController::delete(123)
POST/events/123EventsController::edit(123)
-index.');?>
-data tag.');?>
-

-

-

-


-:

-
GET /events/123
-

:

-
Accept: application/xml
-Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-

:

-
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<response>
-    <Event>
-        <id>57</id>
-        <org>NCIRC</org>
-        <date>2014-03-04</date>
-        <threat_level_id>1</threat_level_id>
-        <info></info>
-        <published>1</published>
-        <uuid>50aa54aa-f7a0-4d74-910d-10f0ff32448e</uuid>
-        <attribute_count>1</attribute_count>
-        <analysis>1</analysis>
-        <timestamp>1393327600</timestamp>
-        <distribution>1</distribution>
-        <proposal_email_lock>0</proposal_email_lock>
-        <orgc>Iglocska</orgc>
-        <locked>0</locked>
-        <publish_timestamp>1393327600</publish_timestamp>
-        <Attribute>
-            <id>9577</id>
-            <type>other</type>
-            <category></category>
-            <to_ids>1</to_ids>
-            <uuid>50aa54bd-adec-4544-b494-10f0ff32448e</uuid>
-            <event_id>57</event_id>
-            <distribution>1</distribution>
-            <timestamp>1393327600</timestamp>
-            <comment></comment>
-            <value></value>
-            <ShadowAttribute />
-        </Attribute>
-        <ShadowAttribute />
-        <RelatedEvent />
-    </Event>
-    <xml_version>2.2.0</xml_version>
-</response>
- -

-

-The request should be');?>:

-
POST /events
-Accept: application/xml
-Authorization:
-

:

-
<Event>
-    <date>2014-03-04</date>
-    <threat_level_id>1</threat_level_id>
-    <info></info>
-    <published>1</published>
-    <analysis>1</analysis>
-    <distribution>1</distribution>
-    <Attribute>
-        <type>other</type>
-        <category>Artifacts dropped</category>
-        <to_ids>1</to_ids>
-        <distribution>1</distribution>
-        <comment></comment>
-        <value></value>
-    </Attribute>
-</Event>
-

:

-
-HTTP/1.1 100 Continue
-HTTP/1.1 200 Continue
-Date: Tue, 04-Mar-2014 15:00:00
-Server: Apache/2.2.22 (Ubuntu) PHP/5.4.9-4ubuntu2.3
-X-Powered-By: PHP/5.4.9-4ubuntu2.3
-Set-Cookie: CAKEPHP=deleted; expires=Wed, 05-Mar-2014 15:00:00 GMT; path=/
-Set-Cookie: CAKEPHP=a4ok3lr5p9n5drqj27025i4le3; expires Tue, 04-Mar-2014 15:00:00 GMT; path=/; HttpOnly
-Content-Length: 1 kB
-Content-Type: application/xml
-
-<?xml version="1.0" encoding="UTF-8">
-<response>
-    <Event>
-        <id>76</id>
-        <org>NCIRC</org>
-        <date>2014-03-04</date>
-        <threat_level_id>1</threat_level_id>
-        <info></info>
-        <published>1</published>
-        <uuid>50aa54aa-f7a0-4d74-920d-10f0ff32448e</uuid>
-        <attribute_count>1</attribute_count>
-        <analysis>1</analysis>
-        <timestamp>1393328991</timestamp>
-        <distribution>1</distribution>
-        <proposal_email_lock>0</proposal_email_lock>
-        <orgc>Iglocska</orgc>
-        <locked>0</locked>
-        <publish_timestamp>1393947960</publish_timestamp>
-        <Attribute>
-            <id>10462</id>
-            <type>other</type>
-            <category></category>
-            <to_ids>1</to_ids>
-            <uuid>50aa54bd-adec-4544-b412-10f0ff32448e</uuid>
-            <event_id>76</event_id>
-            <distribution>1</distribution>
-            <timestamp>1393328991</timestamp>
-            <comment/>
-            <value></value>
-            <ShadowAttribute/>
-        </Attribute>
-        <ShadowAttribute/>
-        <RelatedEvent>
-            <id>75</id>
-            <org>NCIRC</org>
-            <date>2012-11-19</date>
-            <info></info>
-            <uuid>50aa54aa-f7a0-4d74-910d-10f0ff32448e</uuid>
-            <published>1</published>
-            <analysis>1</analysis>
-            <attribute_count>1</attribute_count>
-            <orgc>Iglocska</orgc>
-            <timestamp>1393327600</timestamp>
-            <distribution>1</distribution>
-            <proposal_email_lock>0</proposal_email_lock>
-            <locked>0</locked>
-            <threat_level_id>1</threat_level_id>
-            <publish_timestamp>1393947655</publish_timestamp>
-        </RelatedEvent>
-    </Event>
-    <xml_version>2.2.0</xml_version>
-</response>
-
-

-
-<?xml version = "1.0" encoding = "UTF-8"?>
-<response>
-    <name>Not Found</name>
-    <url>/The_meaning_of_life</url>
-</response>
-
-
diff --git a/app/View/Regexp/index.ctp b/app/View/Regexp/index.ctp index 13d822f34..d4d124653 100755 --- a/app/View/Regexp/index.ctp +++ b/app/View/Regexp/index.ctp @@ -11,7 +11,7 @@
- + diff --git a/app/View/Servers/view_export_format_usage.ctp b/app/View/Servers/view_export_format_usage.ctp new file mode 100644 index 000000000..16a19bd09 --- /dev/null +++ b/app/View/Servers/view_export_format_usage.ctp @@ -0,0 +1,49 @@ + + + diff --git a/app/View/SharingGroups/view.ctp b/app/View/SharingGroups/view.ctp index fb08dbe2e..48dada082 100644 --- a/app/View/SharingGroups/view.ctp +++ b/app/View/SharingGroups/view.ctp @@ -50,7 +50,8 @@ echo $this->element( [ 'key' => __('Organisations'), 'type' => 'custom', - 'function' => function ($sharingGroup) { + 'requirement' => isset($sg['SharingGroupOrg']), + 'function' => function (array $sharingGroup) { echo sprintf( '
Paginator->sort('id');?>Paginator->sort('id', __('ID'));?> Paginator->sort('regexp', __('Regexp'));?> Paginator->sort('replacement', __('Replacement'));?> Paginator->sort('type');?>
@@ -77,7 +78,8 @@ echo $this->element( [ 'key' => __('Instances'), 'type' => 'custom', - 'function' => function ($sharingGroup) { + 'requirement' => isset($sg['SharingGroupServer']), + 'function' => function (array $sharingGroup) { echo sprintf( '
diff --git a/app/View/TagCollections/index.ctp b/app/View/TagCollections/index.ctp index 7d4d0195a..2a7cb31fd 100755 --- a/app/View/TagCollections/index.ctp +++ b/app/View/TagCollections/index.ctp @@ -4,7 +4,7 @@ 'alias' => __('Tag Collections'), 'controller' => 'tag_collections', 'headers' => array( - 'id' => array('sort' => 1), + 'id' => array('sort' => 1, 'alias' => __('ID')), 'uuid' => array('sort' => 1, 'alias' => __('UUID')), 'name' => array('sort' => 1), 'tags' => array('alias' => __('Tags')), diff --git a/app/View/TaxiiServers/add.ctp b/app/View/TaxiiServers/add.ctp new file mode 100644 index 000000000..b54cf799c --- /dev/null +++ b/app/View/TaxiiServers/add.ctp @@ -0,0 +1,79 @@ +request->params['action'] === 'edit' ? true : false; +$fields = [ + [ + 'field' => 'name', + 'class' => 'span6' + ], + [ + 'field' => 'owner', + 'class' => 'span6' + ], + [ + 'field' => 'baseurl', + 'class' => 'span6' + ], + [ + 'field' => 'api_key', + 'label' => 'API Key', + 'type' => 'text', + 'class' => 'input span6' + ], + [ + 'field' => 'api_root', + 'class' => 'span6', + 'type' => 'dropdown', + 'options' => [], + 'populateAction' => json_encode([ + 'uri' => '/taxii_servers/getRoot', + 'body' => [ + 'baseurl' => '{{#TaxiiServerBaseurl}}', + 'api_key' => '{{#TaxiiServerApiKey}}' + ], + 'type' => 'POST' + ]) + ], + [ + 'field' => 'collection', + 'class' => 'span6', + 'type' => 'dropdown', + 'options' => [], + 'populateAction' => json_encode([ + 'uri' => '/taxii_servers/getCollections', + 'body' => [ + 'baseurl' => '{{#TaxiiServerBaseurl}}', + 'api_key' => '{{#TaxiiServerApiKey}}', + 'api_root' => '{{#TaxiiServerApiRoot}}' + ], + 'type' => 'POST' + ]) + ], + [ + 'field' => 'description', + 'type' => 'textarea', + 'class' => 'input span6' + ], + [ + 'field' => 'filters', + 'label' => 'Filter Rules (restsearch JSON)', + 'type' => 'textarea', + 'class' => 'input span6' + ] +]; +echo $this->element('genericElements/Form/genericForm', [ + 'data' => [ + 'description' => false, + 'model' => 'TaxiiServer', + 'title' => $edit ? __('Edit TAXII Server connection') : __('Add TAXII Server connection'), + 'fields' => $fields, + 'submit' => [ + 'action' => $this->request->params['action'], + 'ajaxSubmit' => 'submitGenericFormInPlace();' + ] + ] +]); + +if (!$ajax) { + echo $this->element('/genericElements/SideMenu/side_menu', $menuData); +} diff --git a/app/View/TaxiiServers/collections_index.ctp b/app/View/TaxiiServers/collections_index.ctp new file mode 100644 index 000000000..2fad3a43a --- /dev/null +++ b/app/View/TaxiiServers/collections_index.ctp @@ -0,0 +1,59 @@ +element('genericElements/IndexTable/scaffold', [ + 'skip_pagination' => 1, + 'scaffold_data' => [ + 'data' => [ + + 'data' => $data, + 'top_bar' => [ + 'pull' => 'right', + 'children' => [ + ] + ], + 'fields' => [ + [ + 'name' => __('Id'), + 'sort' => 'id', + 'data_path' => 'id' + ], + [ + 'name' => __('Title'), + 'sort' => 'title', + 'data_path' => 'title' + ], + [ + 'name' => __('Description'), + 'data_path' => 'description' + ], + [ + 'name' => __('Writeable'), + 'sort' => 'can_write', + 'element' => 'boolean', + 'data_path' => 'can_write' + ], + [ + 'name' => __('Readable'), + 'sort' => 'can_read', + 'element' => 'boolean', + 'data_path' => 'can_read' + ], + [ + 'name' => __('Media types'), + 'element' => 'list', + 'data_path' => 'media_types' + ] + ], + 'title' => empty($ajax) ? __('The collections found on TaxiiServer #%s.', h($id)) : false, + 'description' => false, + 'actions' => [ + [ + 'url' => $baseurl . '/taxiiServers/objectsIndex/' . h($id) . '/%s/', + 'url_replace' => ['id'], + 'icon' => 'eye' + ] + ] + ] + ] + ]); + +?> \ No newline at end of file diff --git a/app/View/TaxiiServers/index.ctp b/app/View/TaxiiServers/index.ctp new file mode 100644 index 000000000..088b69db7 --- /dev/null +++ b/app/View/TaxiiServers/index.ctp @@ -0,0 +1,117 @@ +element('genericElements/IndexTable/scaffold', [ + 'scaffold_data' => [ + 'data' => [ + 'data' => $data, + 'top_bar' => [ + 'pull' => 'right', + 'children' => [ + [ + 'type' => 'simple', + 'children' => [ + 'data' => [ + 'type' => 'simple', + 'text' => __('Add TAXII Server'), + 'class' => 'btn btn-primary', + 'onClick' => 'openGenericModal', + 'onClickParams' => [ + sprintf( + '%s/taxiiServers/add', + $baseurl + ) + ] + ] + ] + ], + [ + 'type' => 'search', + 'button' => __('Filter'), + 'placeholder' => __('Enter value to search'), + 'data' => '', + 'searchKey' => 'quickFilter' + ] + ] + ], + 'fields' => [ + [ + 'name' => __('Id'), + 'sort' => 'TaxiiServer.id', + 'data_path' => 'TaxiiServer.id' + ], + [ + 'name' => __('Name'), + 'sort' => 'TaxiiServer.name', + 'data_path' => 'TaxiiServer.name' + ], + [ + 'name' => __('Baseurl'), + 'sort' => 'TaxiiServer.baseurl', + 'data_path' => 'TaxiiServer.baseurl' + ], + [ + 'name' => __('API root'), + 'sort' => 'TaxiiServer.api_root', + 'data_path' => 'TaxiiServer.api_root' + ], + [ + 'name' => __('Collection'), + 'sort' => 'TaxiiServer.collection', + 'data_path' => 'TaxiiServer.collection' + ], + [ + 'name' => __('Filters'), + 'sort' => 'TaxiiServer.filters', + 'data_path' => 'TaxiiServer.filters', + 'type' => 'json' + ], + [ + 'name' => __('api_key'), + 'sort' => 'TaxiiServer.api_key', + 'data_path' => 'TaxiiServer.api_key' + ], + [ + 'name' => __('Description'), + 'sort' => 'TaxiiServer.description', + 'data_path' => 'TaxiiServer.description' + ] + ], + 'title' => empty($ajax) ? __('Linked TAXII Servers') : false, + 'description' => empty($ajax) ? __('You can connect your MISP to one or several TAXII servers to push data to using a set of filters.') : false, + 'actions' => [ + [ + 'url' => $baseurl . '/taxiiServers/view', + 'url_params_data_paths' => ['TaxiiServer.id'], + 'icon' => 'eye' + ], + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/taxiiServers/push/[onclick_params_data_path]\');', + $baseurl + ), + 'onclick_params_data_path' => 'TaxiiServer.id', + 'title' => __('Pull all filtered data to TAXII server'), + 'icon' => 'upload' + ], + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/taxiiServers/edit/[onclick_params_data_path]\');', + $baseurl + ), + 'onclick_params_data_path' => 'TaxiiServer.id', + 'title' => __('Edit TAXII server configuration'), + 'icon' => 'edit' + ], + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/taxiiServers/delete/[onclick_params_data_path]\');', + $baseurl + ), + 'onclick_params_data_path' => 'TaxiiServer.id', + 'icon' => 'trash' + ] + ] + ] + ] + ]); + +?> diff --git a/app/View/TaxiiServers/object_view.ctp b/app/View/TaxiiServers/object_view.ctp new file mode 100644 index 000000000..3b5d29d69 --- /dev/null +++ b/app/View/TaxiiServers/object_view.ctp @@ -0,0 +1,14 @@ +%s', + $randomId, + json_encode($data) + );f +?> + + \ No newline at end of file diff --git a/app/View/TaxiiServers/objects_index.ctp b/app/View/TaxiiServers/objects_index.ctp new file mode 100644 index 000000000..b749ba7cd --- /dev/null +++ b/app/View/TaxiiServers/objects_index.ctp @@ -0,0 +1,69 @@ +element('genericElements/IndexTable/scaffold', [ + 'scaffold_data' => [ + 'data' => [ + 'skip_pagination' => 1, + 'data' => $data, + 'top_bar' => [ + 'pull' => 'right', + 'children' => [ + [ + 'type' => 'simple', + 'children' => [ + 'data' => [ + 'type' => 'simple', + 'text' => __('Next page'), + 'class' => 'btn btn-primary', + 'url' => $next_url, + 'requirement' => $more + ] + ] + ], + ] + ], + 'fields' => [ + [ + 'name' => __('Id'), + 'data_path' => 'id' + ], + [ + 'name' => __('Type'), + 'data_path' => 'type' + ], + [ + 'name' => __('Created'), + 'data_path' => 'created' + ], + [ + 'name' => __('Modified'), + 'data_path' => 'modified' + ], + [ + 'name' => __('Labels'), + 'element' => 'list', + 'data_path' => 'labels' + ], + [ + 'name' => __('STIX version'), + 'data_path' => 'spec_version' + ] + ], + 'title' => empty($ajax) ? __('Objects found in Collection %s on TaxiiServer #%s', h($collection_id), h($id)) : false, + 'description' => false, + 'actions' => [ + [ + 'onclick' => 'openGenericModal(\'' . h($baseurl) . '/taxiiServers/objectView/' . h($id) . '/' . h($collection_id) . '/%s\');', + 'onclick_replace' => ['id'], + 'title' => __('View raw STIX object'), + 'icon' => 'eye' + ] + ] + ] + ] + ]); + +?> diff --git a/app/View/TaxiiServers/view.ctp b/app/View/TaxiiServers/view.ctp new file mode 100644 index 000000000..666011694 --- /dev/null +++ b/app/View/TaxiiServers/view.ctp @@ -0,0 +1,72 @@ +element( + 'genericElements/SingleViews/single_view', + [ + 'title' => 'Taxii Server view', + 'data' => $data, + 'fields' => [ + [ + 'key' => __('Id'), + 'path' => 'TaxiiServer.id' + ], + [ + 'key' => __('Name'), + 'path' => 'TaxiiServer.name' + ], + [ + 'key' => __('Owner'), + 'path' => 'TaxiiServer.owner' + ], + [ + 'key' => __('Base URL'), + 'path' => 'TaxiiServer.baseurl' + ], + [ + 'key' => __('API Root'), + 'path' => 'TaxiiServer.api_root' + ], + [ + 'key' => __('Selected Collection'), + 'path' => 'TaxiiServer.collection' + ], + [ + 'key' => __('Description'), + 'path' => 'TaxiiServer.description' + ], + [ + 'key' => __('Filters'), + 'path' => 'TaxiiServer.filters', + 'type' => 'json' + ], + [ + 'key' => __('Owner Organisation'), + 'path' => 'TaxiiServer.Cerebrate.org_id', + 'pathName' => 'Organisation.name', + 'type' => 'model', + 'model' => 'organisations' + ], + [ + 'key' => __('API key'), + 'path' => 'TaxiiServer.api_key' + ], + [ + 'key' => __('Description'), + 'path' => 'TaxiiServer.Cerebrate.description' + ], + ], + 'children' => [ + [ + 'url' => '/taxii_servers/collectionsIndex/{{0}}/', + 'url_params' => ['TaxiiServer.id'], + 'title' => __('Collections'), + 'elementId' => 'taxii_collections' + ], + [ + 'url' => '/taxii_servers/objectsIndex/{{0}}/{{1}}/', + 'url_params' => ['TaxiiServer.id', 'TaxiiServer.collection'], + 'title' => __('Objects in selected Collection'), + 'elementId' => 'taxii_objects' + ], + ] + ] +); diff --git a/app/View/Taxonomies/ajax/taxonomy_tags.ctp b/app/View/Taxonomies/ajax/taxonomy_tags.ctp index 2b92d3fad..e7b422af3 100644 --- a/app/View/Taxonomies/ajax/taxonomy_tags.ctp +++ b/app/View/Taxonomies/ajax/taxonomy_tags.ctp @@ -71,7 +71,9 @@ $actions = [ 'icon' => 'share-alt', 'url' => $baseurl . '/tags/viewGraph', 'url_params_data_paths' => ['existing_tag.Tag.id'], - 'postLinkConfirm' => __('Are you sure you want to create this tag?'), + 'complex_requirement' => function ($row) { + return $row['existing_tag']; + }, 'requirement' => $isAclTagger && $taxonomy['enabled'], ], [ diff --git a/app/View/Taxonomies/ajax/toggle_highlighted.ctp b/app/View/Taxonomies/ajax/toggle_highlighted.ctp new file mode 100644 index 000000000..a17c30252 --- /dev/null +++ b/app/View/Taxonomies/ajax/toggle_highlighted.ctp @@ -0,0 +1,15 @@ +Form->create('Taxonomy', array( + 'id' => 'HighlightedCheckboxForm' . h($id), + 'label' => false, + 'style' => 'display:none;', + 'url' => $baseurl . '/taxonomies/toggleHighlighted/' . $id + )); + echo $this->Form->checkbox('highlighted', array( + 'checked' => $highlighted, + 'label' => false, + 'disabled' => !$isSiteAdmin, + 'class' => 'highlighted-toggle' + )); + echo $this->Form->end(); +?> diff --git a/app/View/Taxonomies/index.ctp b/app/View/Taxonomies/index.ctp index f2aefb7f0..b85fe5790 100644 --- a/app/View/Taxonomies/index.ctp +++ b/app/View/Taxonomies/index.ctp @@ -75,6 +75,18 @@ 'data_path' => 'Taxonomy.required', 'disabled' => !$isSiteAdmin, ), + array( + 'name' => __('Highlighted'), + 'element' => 'toggle', + 'url' => $baseurl . '/taxonomies/toggleHighlighted', + 'url_params_data_paths' => array( + 'Taxonomy.id' + ), + 'sort' => 'highlighted', + 'class' => 'short', + 'data_path' => 'Taxonomy.highlighted', + 'disabled' => !$isSiteAdmin, + ), array( 'name' => __('Active Tags'), 'element' => 'custom', diff --git a/app/View/Taxonomies/view.ctp b/app/View/Taxonomies/view.ctp index e569aa323..5a5cc786f 100644 --- a/app/View/Taxonomies/view.ctp +++ b/app/View/Taxonomies/view.ctp @@ -46,6 +46,11 @@ echo $this->element( 'path' => 'enabled', 'type' => 'boolean' ], + [ + 'key' => __('Highlighted'), + 'path' => 'highlighted', + 'type' => 'boolean' + ], [ 'key' => __('Action'), 'type' => 'custom', diff --git a/app/View/Templates/upload_file.ctp b/app/View/Templates/upload_file.ctp index 77d68182a..315b50be6 100644 --- a/app/View/Templates/upload_file.ctp +++ b/app/View/Templates/upload_file.ctp @@ -6,7 +6,7 @@ if ($batch == 'yes') { $multiple = false; if (isset($filenames)) { $buttonText = __('Replace File'); - } else { + } else { $buttonText = __('Upload File'); } } @@ -18,13 +18,13 @@ if ($batch == 'yes') { echo $this->Form->end(); ?> - + +
+ + + +
+

+
+ + + + + +
+
+ %s', + __('You have been successfully logged out.') + ); + ?> +
+
diff --git a/app/View/Users/otp.ctp b/app/View/Users/otp.ctp new file mode 100644 index 000000000..019b28373 --- /dev/null +++ b/app/View/Users/otp.ctp @@ -0,0 +1,29 @@ +Flash->render(); ?> + +
+
+

+
+
+ +element('/genericElements/Form/genericForm', array( + "form" => $this->Form, + "data" => array( + "title" => __("Validate your One Time Password"), + "fields" => array( + array( + "field" => "otp", + "label" => $label, + "type" => "text", + "placeholder" => __("Enter your OTP here"), + "autofocus" => 1 + ) + ), + "submit" => array ( + "action" => "otp", + ), +))); +?> diff --git a/app/View/Users/password_reset.ctp b/app/View/Users/password_reset.ctp new file mode 100644 index 000000000..90fc5647e --- /dev/null +++ b/app/View/Users/password_reset.ctp @@ -0,0 +1,25 @@ +
+ Form->create('User');?> +
+ + ' . __('Minimal length') . ': ' . h($length) . '
'; + $passwordPopover .= '' . __('Complexity') . ': ' . h($complexity); + echo $this->Form->input('password', array( + 'label' => __('New password') . ' ', 'autofocus' + )); + echo $this->Form->input('confirm_password', [ + 'type' => 'password', + 'label' => __('Confirm new password'), + 'div' => array('class' => 'input password required'), + ]); + ?> +
+
 
+
+
+Form->button(__('Submit'), array('class' => 'btn btn-primary')); +echo $this->Form->end(); +?> +
diff --git a/app/View/Users/totp_new.ctp b/app/View/Users/totp_new.ctp new file mode 100644 index 000000000..9293fba79 --- /dev/null +++ b/app/View/Users/totp_new.ctp @@ -0,0 +1,38 @@ +Flash->render(); ?> +" . $secret . ""; + +echo $this->element('/genericElements/Form/genericForm', array( + "form" => $this->Form, + "data" => array( + "title" => __("Validate your One Time Password"), + "fields" => array( + array( + "type" => 'html', + "field" => "html", + "html" => $detailsHtml + ), + array( + "type" => 'html', + "field" => 'qrcode', + "html" => $qrcode + ), + array( + "type" => 'html', + "field" => "secret", + "html" => $secretHtml + ), + array( + "field" => "otp", + "label" => __("One Time Password verification"), + "type" => "text", + "placeholder" => __("Enter your OTP code here"), + ) + ), + "submit" => array ( + "action" => "totp", + ), +))); +?> +
diff --git a/app/View/Users/view.ctp b/app/View/Users/view.ctp index 158e937a9..cf3b2f546 100755 --- a/app/View/Users/view.ctp +++ b/app/View/Users/view.ctp @@ -1,32 +1,70 @@ '; - foreach ($periodic_notifications as $periodic_notification) { - $active_html = $this->element('genericElements/IndexTable/Fields/boolean', [ - 'row' => ['active' => !empty($user['User'][$periodic_notification])], - 'field' => ['data_path' => 'active', 'colors' => true, ], - ]); - $periodic_notification_settings_html .= sprintf('%s%s', Inflector::humanize($periodic_notification), $active_html); - } - $periodic_notification_settings_html .= ''; - $table_data = array(); - $table_data[] = array('key' => __('ID'), 'value' => $user['User']['id']); - $table_data[] = array( - 'key' => __('Email'), - 'html' => h($user['User']['email']) . ($admin_view ? sprintf( - ' ', - $baseurl, - h($user['User']['id']), - __('Send email to user') - ) : ''), + +$notificationTypes = [ + 'autoalert' => __('Event published notification'), + 'notification_daily' => __('Daily notifications'), + 'notification_weekly' => __('Weekly notifications'), + 'notification_monthly' => __('Monthly notifications'), +]; + +$notificationsHtml = ''; +foreach ($notificationTypes as $notificationType => $description) { + $isEnabled = !empty($user['User'][$notificationType]); + $boolean = sprintf( + '%s', + $isEnabled ? 'label label-success label-padding' : 'label label-important label-padding', + $isEnabled ? __('Yes') : __('No')); + $notificationsHtml .= ''; +} +$notificationsHtml .= '
' . $description . '' . $boolean . '
'; + +$isTotp = isset($user['User']['totp']) ? true : false; +$boolean = sprintf( +'%s', + $isTotp ? 'label label-success label-padding' : 'label label-important label-padding', +$isTotp ? __('Yes') : __('No')); +$totpHtml = $boolean; +$totpHtml .= (!$isTotp && !$admin_view ? $this->Html->link(__('Generate'), array('action' => 'totp_new')) : ''); +$totpHtml .= ($isTotp && !$admin_view ? $this->Html->link(__('View paper tokens'), array('action' => 'hotp', $user['User']['id'])): ''); + +if ($admin_view && $isSiteAdmin && $isTotp) { + $totpHtml .= sprintf( + '%s', + h($baseurl), + h($user['User']['id']), + __('Delete') ); - $table_data[] = array( - 'key' => __('Organisation'), - 'html' => $this->OrgImg->getNameWithImg($user), - ); - $table_data[] = array('key' => __('Role'), 'html' => $this->Html->link($user['Role']['name'], array('controller' => 'roles', 'action' => 'view', $user['Role']['id']))); - $table_data[] = array('key' => __('Event alert enabled'), 'boolean' => $user['User']['autoalert']); - $table_data[] = ['key' => __('Periodic Notifications'), 'html' => $periodic_notification_settings_html]; - $table_data[] = array('key' => __('Contact alert enabled'), 'boolean' => $user['User']['contactalert']); +} + $table_data = [ + array('key' => __('ID'), 'value' => $user['User']['id']), + array( + 'key' => __('Email'), + 'html' => h($user['User']['email']) . ($admin_view ? sprintf( + ' ', + $baseurl, + h($user['User']['id']), + __('Send email to user') + ) : ''), + ), + array( + 'key' => __('Organisation'), + 'html' => $this->OrgImg->getNameWithImg($user), + ), + array( + 'key' => __('Role'), + 'html' => $this->Html->link($user['Role']['name'], array('controller' => 'roles', 'action' => 'view', $user['Role']['id'])), + ), + // array('key' => __('TOTP'), 'boolean' => isset($user['User']['totp']) ? true : false), + array( + 'key' => __('TOTP'), + 'html' => $totpHtml + ), + array( + 'key' => __('Email notifications'), + 'html' => $notificationsHtml, + ), + array('key' => __('Contact alert enabled'), 'boolean' => $user['User']['contactalert']) + ]; if (!$admin_view && !$user['Role']['perm_auth']) { $table_data[] = array( @@ -86,12 +124,12 @@ $table_data[] = array('key' => __('Terms accepted'), 'boolean' => $user['User']['termsaccepted']); $table_data[] = array('key' => __('Must change password'), 'boolean' => $user['User']['change_pw']); } - $table_data[] = array( - 'key' => __('PGP key'), - 'element' => 'genericElements/key', - 'element_params' => array('key' => $user['User']['gpgkey']), - ); if (!empty($user['User']['gpgkey'])) { + $table_data[] = array( + 'key' => __('PGP key'), + 'element' => 'genericElements/key', + 'element_params' => array('key' => $user['User']['gpgkey']), + ); $table_data[] = array( 'key' => __('PGP key fingerprint'), 'value_class' => 'quickSelect', @@ -102,6 +140,11 @@ 'value_class' => (empty($user['User']['pgp_status']) || $user['User']['pgp_status'] !== 'OK') ? 'red': '', 'value' => !empty($user['User']['pgp_status']) ? $user['User']['pgp_status'] : 'N/A' ); + } else { + $table_data[] = array( + 'key' => __('PGP key'), + 'boolean' => false, + ); } if (Configure::read('SMIME.enabled')) { $table_data[] = array( @@ -130,7 +173,7 @@ 'js' => array('vis', 'jquery-ui.min', 'network-distribution-graph') )); echo sprintf( - '
%s
%s
%s%s
', + '
%s
%s%s
%s%s
', sprintf( '

%s

%s', __('User %s', h($user['User']['email'])), @@ -145,6 +188,14 @@ ), __('Download user profile for data portability') ), + sprintf( + ' %s', + sprintf( + '%s/logs/index', + $baseurl + ), + __('Review user logs') + ), $me['Role']['perm_auth'] ? $this->element('/genericElements/accordion', array('title' => __('Auth keys'), 'url' => '/auth_keys/index/' . h($user['User']['id']))) : '', $this->element('/genericElements/accordion', array('title' => 'Events', 'url' => '/events/index/searchemail:' . urlencode(h($user['User']['email'])))) ); diff --git a/app/View/Warninglists/view.ctp b/app/View/Warninglists/view.ctp index abd701275..c51b159be 100644 --- a/app/View/Warninglists/view.ctp +++ b/app/View/Warninglists/view.ctp @@ -12,14 +12,14 @@ array( 'key' => __('Enabled'), 'boolean' => $data['enabled'], - 'html' => sprintf( + 'html' => $me['Role']['perm_warninglist'] ? sprintf( ' %s', $baseurl, h($warninglist['Warninglist']['id']), $data['enabled'] ? '' : '/1', $data['enabled'] ? __('Disable') : __('Enable'), $data['enabled'] ? __('Disable') : __('Enable') - ) + ): '', ), ); @@ -37,7 +37,7 @@ '
%s

%s

', sprintf( '

%s

%s', - h(mb_strtoupper($warninglist['Warninglist']['name'])), + h($warninglist['Warninglist']['name']), $this->element('genericElements/viewMetaTable', array('table_data' => $table_data)) ), __('Values') diff --git a/app/View/Workflows/editor.ctp b/app/View/Workflows/editor.ctp index d5aec5529..6d1ad3ac9 100644 --- a/app/View/Workflows/editor.ctp +++ b/app/View/Workflows/editor.ctp @@ -71,6 +71,12 @@ $debugEnabled = !empty($selectedWorkflow['Workflow']['debug_enabled']);
+ + + + + +
-

+

element('genericElements/json', ['json' => $json]) ?>

diff --git a/app/composer.json b/app/composer.json index 4127df945..af6351540 100644 --- a/app/composer.json +++ b/app/composer.json @@ -11,7 +11,9 @@ "ext-pcre": "*", "kamisama/cake-resque": "4.1.2", "pear/crypt_gpg": "1.6.7", - "monolog/monolog": "1.24.0" + "monolog/monolog": "1.24.0", + "spomky-labs/otphp": "^10.0", + "bacon/bacon-qr-code": "^2.0" }, "require-dev": { "phpunit/phpunit": "^8", @@ -36,12 +38,16 @@ "aws/aws-sdk-php": "To upload samples to S3", "jakub-onderka/openid-connect-php": "For OIDC authentication", "supervisorphp/supervisor": "For managing background jobs", - "lstrojny/fxmlrpc": "Required for supervisorphp/supervisor XML-RPC requests", "guzzlehttp/guzzle": "Required for supervisorphp/supervisor XML-RPC requests", - "php-http/message": "Required for supervisorphp/supervisor XML-RPC requests" + "lstrojny/fxmlrpc": "Required for supervisorphp/supervisor XML-RPC requests", + "php-http/message": "Required for supervisorphp/supervisor XML-RPC requests", + "php-http/message-factory": "Required for supervisorphp/supervisor XML-RPC requests" }, "config": { "vendor-dir": "Vendor", - "optimize-autoloader": true + "optimize-autoloader": true, + "allow-plugins": { + "composer/installers": true + } } } diff --git a/app/composer.phar b/app/composer.phar index 3791ce36e..d39c3e6df 100644 Binary files a/app/composer.phar and b/app/composer.phar differ diff --git a/app/files/community-metadata/defaults.json b/app/files/community-metadata/defaults.json index 14f86f905..c664f602a 100644 --- a/app/files/community-metadata/defaults.json +++ b/app/files/community-metadata/defaults.json @@ -78,21 +78,6 @@ "misp_project_vetted": true, "scope_of_data_to_be_shared": "Cybersecurity Threat Intelligence including indicators, threat intelligence information, reports, contextual threat actor information or financial fraud information." }, - { - "name": "Cognitive Security Collaborative", - "uuid": "1ea46a83-cd51-40f5-a375-104e0acd6729", - "org_uuid": "5e2dd31a-3bcc-45e8-ba7e-2ab890d945c8", - "org_name": "Cogsec Collab", - "description": "The Cognitive Security Collaborative operates as a sharing community dedicated to information operations.", - "url": "https://www.cogsec-collab.org", - "sector": "undefined", - "nationality": "International", - "type": "Vetted Information Sharing Community", - "email": "misp@cogsec-collab.org", - "pgp_key": "\r\n\r\n-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQGNBF55bdcBDAC6+Fcey+0GcUw4iP4j15+/FylnvGa4wl8MRkYR5XryJn+n/O4s\r\nZbNCKpxwUA7lb2prn37lWMX7LswjvoxfmCTKi78UY1YH7Fqg3JG2PsV9Lw7uYnzC\r\nAImyAflzDpewo+eCF1aknvcbcbGkYFwdQ/37UfG/BkwCDQQGrBZ5EtL6CYXXNX/P\r\nX+4vYv23AVuchHvxeyW2dPLL3A6t3Mx8pZQBdN1cGZ1QAtE9IN0Yn2y+rMsNpDG4\r\ncOQ6bRqmue2I8JEB4AsQcufcqx69imBvBERsIZEyGZekLjmiuqDKI9Gti2VKZe/t\r\nxdl++gjplq6OAkdzXDGsMNtwxSk21IBrugAXK6K+4RPiMrPpBh81VGzBe2PRKUwT\r\nAZi06KZdaZudehvzIMLsNP5Aeep4+GXxoZ7Yrka/08SIv7SN5XY4o6xkli658Z+l\r\n8WAj2JiI684D/TK5MlvcBDQk1yKdDI2iC4eTFLkJ2PiDToUDT+vACrcnevstU+c8\r\nrNPFbvbB1DUIIo8AEQEAAbQ5Q29nbml0aXZlIFNlY3VyaXR5IENvbGxhYm9yYXRp\r\ndmUgPG1pc3BAY29nc2VjLWNvbGxhYi5vcmc+iQHUBBMBCAA+FiEEm65FjZ6Jbfp9\r\nCN50hA2Itf18R2cFAl55bdcCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC\r\nF4AACgkQhA2Itf18R2e/ewv7BuCpmNIR0YOJld8RqrS4g5MV6eKJUuTRYUOxDyw9\r\nvgdpdvM1FgHPZ7pJcsijKQ+S+dL7ADmEbsCLWe1UhcwbnVRxJ0T+1yxRf6ONQA0/\r\ntRLmrcF4j6JCkl01irWRnYxMI1w1ABOQj4/J7BcTCzbYUdnxSuWhcZBqcsYIHf8J\r\nHnfbVd7OIML/80IRZbRXn1ST6OeXK9RpzqO7bnfPGnd506dt8sfHCWRidUSv2max\r\nrsi9xSyXeSKSNPQFVBgYnMVwBVUGIaWTnt7Ly4I8Bs5P9NWUpLYrRgYLMbDzLWaD\r\nxX7qNQjAKkNCx9k7qQN0Ck9YqeUIuJQPq2doGuLKnqjJBXizsXbAFqcKitQz7WV2\r\nPUsN/QUguVyZbhy7oJELlWDiDWxS6EwpU+q0SODHjCFKoUXvWFkk9bz1K4/kLDFO\r\nOdTABp7i65nJst5b3pVXimoTKqW7JRyCUWz3aaaqjWSTPKP2GmQbxOwM86rgmnGX\r\nqq8Ces6LQw6zGw08ubDDotEKuQGNBF55bdcBDACbmsVMV7azLYys6iMXTLVERasT\r\nUnw8FpKADA2uDgQme5o3CjeFtBBkgBNe8zdOEEslggETVmntp4n6woQzOknDHNx/\r\nVMliUaGuIYgmC8hTDTF269fdRTpKMrcwu2aBEUpHpG7Xvz91HIr213FTwU0LLq0g\r\n+DefSlwdcMPJiCUqshLw8q/D3qVg/VYVen5li55RQBBFLgYYNgag3WnSejE41uqz\r\nvt40FZ4C88Pj0I3f+PRtfHHeXTZehUjs3+W4jn1fLWNmbIScmIhwp/Vqh8R7JHf2\r\n69UGgWr4cOaLGh6C2Io+TVJ+Sq7TMt47qB6eO53Vr2nyizXTxjrmAWqjw3OLc8QX\r\nWsjbpTMqUaPisnCpog/3SqnE4Fe2rQYkroQao6dRL3FrmgvnyhLgjUtjk6fAfx1+\r\nH6fQFH/JJGCNefG9AWo41Er3oHGoV0yqlI697uk0QGdx/848hc0gXLrus82bw+BI\r\nx36ycevxkpmfvzC8lew/vLEB7t/jqXH2H9Qqtm0AEQEAAYkBvAQYAQgAJhYhBJuu\r\nRY2eiW36fQjedIQNiLX9fEdnBQJeeW3XAhsMBQkJZgGAAAoJEIQNiLX9fEdnmYsM\r\nAJzX6MCYoGPED1VXMoPXVS9s7V7hv+0Q4SKcoUxqROwA0wb3NwvdnzO/WAQlzIIj\r\ny1Sk9VX8qZkATN7+nti8jfhKnlMVqAXFFg9fMsq68WlTzHiyGm06DnM2DXBvdLRT\r\nwbcm5H4Ly1/bCFww6Spbxo3zScrSCeRrIHHGOHEzr/vhcZavRDpFmdpTCD6ID7oG\r\nw5jR6GdSCpvBT6Lq7M2xe6cVw/A9z5tE3cIf75uikKfch8HFVV2l1B9XLJVpvhqv\r\nYf+kUa7l7VP893yyTyf9G6SSaS77VKlHxn+OQ9AX+wdgSpD5SgVkvRFXejXw8oIZ\r\nBeTNYTvYYgV75ApnvT+hyeirGDCRRiTiuva0ijd71PzTRk+5Ad80rav1Jy864dUt\r\nDcSklY5T+wjJf7kb/3nIE5vqO/3YkJxdDTvZM23T+IZsCvamQ5pyyp+bP3HTAZkr\r\no6oiGFXbv5OF6/wkUG6vQ5w1RCUQVLfrM6Dh675dx/sdI+p0JMt6BlvlRUJSofu0\r\nWw==\r\n=4aXp\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n", - "misp_project_vetted": true, - "scope_of_data_to_be_shared": "Information Operation Threat Intelligence including disinformation, indicators, threat intelligence information, reports, contextual threat actor information or financial fraud information." - }, { "name": "COVID-19 MISP community", "uuid": "5e59659e-8e24-4e5d-b3fa-2ba744b7dd05", @@ -121,7 +106,7 @@ "nationality": "International", "type": "Vetted Information Sharing Community", "email": "undefined", - "pgp_key": "undefined", + "pgp_key": null, "misp_project_vetted": true, "scope_of_data_to_be_shared": "Any relevant security information for IXPs and GRXs", "self_registration": true @@ -138,7 +123,7 @@ "nationality": "International", "type": "Vetted Information Sharing Community", "email": "undefined", - "pgp_key": "undefined", + "pgp_key": null, "misp_project_vetted": true, "scope_of_data_to_be_shared": "", "self_registration": false @@ -155,7 +140,7 @@ "nationality": "Germany", "type": "Vetted Information Sharing Community", "email": "undefined", - "pgp_key": "undefined", + "pgp_key": null, "misp_project_vetted": false, "scope_of_data_to_be_shared": "", "self_registration": false @@ -172,7 +157,7 @@ "nationality": "International", "type": "Vetted Information Sharing Community", "email": "undefined", - "pgp_key": "undefined", + "pgp_key": null, "misp_project_vetted": true, "scope_of_data_to_be_shared": "", "self_registration": false @@ -183,20 +168,20 @@ "uuid": "53a830e6-8d07-4dd8-98d5-18cc4e66fc8c", "org_uuid": "", "org_name": "", - "description": "The ultimate goal of the project is to develop a NATO capability, available to all NATO nations, through which nations commit to sharing their information. This community is only open for official government entities, sponsored by their nation representative in the NATO Multinational MISP Steering Board.", + "description": "The ultimate goal of the project is to develop a NATO capability, available to all NATO nations, through which nations commit to sharing their information. This community is only open for official government cyber defense related entities, sponsored by their nation representative in the NATO Multinational MISP Steering Board.", "url": "https://misp.ncirc.nato.int", "sector": "Governmental", "nationality": "International", "type": "Vetted Information Sharing Community", "email": "mispsupport@ncia.nato.int", - "pgp_key": "undefined", + "pgp_key": null, "misp_project_vetted": true, "scope_of_data_to_be_shared": "", "self_registration": false }, { "name": "BEAM SOC MISP Community", - "logo": " https://www.beamteknoloji.com/wp-content/uploads/2020/01/beamlogo.png", + "logo": "https://www.beamteknoloji.com/wp-content/uploads/2020/01/beamlogo.png", "uuid": "45819403-49b9-438f-95bc-e0abb50ba03b", "org_uuid": "", "org_name": "", @@ -206,7 +191,7 @@ "nationality": "Turkey", "type": "Vetted Information Sharing Community", "email": "contact@beamteknoloji.com", - "pgp_key": "undefined", + "pgp_key": null, "misp_project_vetted": true, "scope_of_data_to_be_shared": "", "self_registration": false diff --git a/app/files/feed-metadata/defaults.json b/app/files/feed-metadata/defaults.json index 4c5996dfd..1b63cbe39 100644 --- a/app/files/feed-metadata/defaults.json +++ b/app/files/feed-metadata/defaults.json @@ -827,26 +827,6 @@ "lookup_visible": true } }, - { - "Feed": { - "name": "abuse.ch Dyre SSL IPBL", - "provider": "abuse.ch", - "url": "https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csv", - "rules": "", - "enabled": true, - "distribution": "3", - "default": false, - "source_format": "csv", - "fixed_event": true, - "delta_merge": false, - "publish": false, - "override_ids": false, - "settings": "{\"csv\":{\"value\":\"1\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}", - "input_source": "network", - "delete_local_file": false, - "lookup_visible": true - } - }, { "Feed": { "name": "http://cybercrime-tracker.net hashlist", @@ -1173,26 +1153,6 @@ "lookup_visible": true } }, - { - "Feed": { - "name": "Benkow.cc RAT", - "provider": "benkow.cc", - "url": "https://benkow.cc/export_rat.php", - "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}", - "enabled": false, - "distribution": "0", - "default": false, - "source_format": "csv", - "fixed_event": true, - "delta_merge": false, - "publish": false, - "override_ids": false, - "settings": "{\"csv\":{\"value\":\"3,4\",\"delimiter\":\";\"},\"common\":{\"excluderegex\":\"\"}}", - "input_source": "network", - "delete_local_file": false, - "lookup_visible": true - } - }, { "Feed": { "name": "Panels Tracker", @@ -1703,5 +1663,31 @@ "exportable": true, "hide_tag": false } + }, + { + "Feed": { + "name": "James Brine Bruteforce IPs", + "provider": "jamesbrine.com.au", + "url": "https://jamesbrine.com.au/csv", + "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"type_attributes\":{\"NOT\":[]},\"type_objects\":{\"NOT\":[]},\"url_params\":\"\"}", + "enabled": true, + "distribution": "3", + "default": false, + "source_format": "csv", + "fixed_event": true, + "delta_merge": false, + "publish": false, + "override_ids": false, + "settings": "{\"disable_correlation\":\"0\",\"csv\":{\"value\":\"1\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"}}", + "input_source": "network", + "delete_local_file": false, + "lookup_visible": false + }, + "Tag": { + "name": "osint:source-type=\"block-or-filter-list\"", + "colour": "#004f89", + "exportable": true, + "hide_tag": false + } } ] diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index 55b721a42..f5729ac23 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit 55b721a422827a22fae374803e1a2ef3dcabf273 +Subproject commit f5729ac23a7dcb8fc9dc3194a3e125484c515742 diff --git a/app/files/misp-objects b/app/files/misp-objects index 82c699cc5..4da05293d 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 82c699cc5f139e7d991b5c76099c0cde88dbf806 +Subproject commit 4da05293d723ad6f9db4a3e349e140daa5d2a28d diff --git a/app/files/misp-workflow-blueprints b/app/files/misp-workflow-blueprints index 3f22a11be..7df546216 160000 --- a/app/files/misp-workflow-blueprints +++ b/app/files/misp-workflow-blueprints @@ -1 +1 @@ -Subproject commit 3f22a11be2545e808b734787246739dcd69f7eb5 +Subproject commit 7df546216a1d2b4073714476fd92434cc166e516 diff --git a/app/files/scripts/cti-python-stix2 b/app/files/scripts/cti-python-stix2 index 625576622..344454e39 160000 --- a/app/files/scripts/cti-python-stix2 +++ b/app/files/scripts/cti-python-stix2 @@ -1 +1 @@ -Subproject commit 625576622f3e7f2541d2e788d70ed4997e134837 +Subproject commit 344454e399853c0d969e4efb048e919e04b21140 diff --git a/app/files/scripts/misp-stix b/app/files/scripts/misp-stix index c60a6e76c..a12d40a4f 160000 --- a/app/files/scripts/misp-stix +++ b/app/files/scripts/misp-stix @@ -1 +1 @@ -Subproject commit c60a6e76ccd735d460b382effee9af6aae7fa4ab +Subproject commit a12d40a4ff8a19c0a6b9f4d719c9549e805108c5 diff --git a/app/files/scripts/stix2/misp2stix2.py b/app/files/scripts/stix2/misp2stix2.py index 2c6ffb0ba..cbcd279e5 100644 --- a/app/files/scripts/stix2/misp2stix2.py +++ b/app/files/scripts/stix2/misp2stix2.py @@ -34,15 +34,19 @@ from stix2.base import STIXJSONEncoder from misp_stix_converter import MISPtoSTIX20Parser, MISPtoSTIX21Parser -def _handle_errors(errors: dict): - for identifier, values in errors.items(): +def _handle_messages(field: str, feature: dict): + for identifier, values in feature.items(): values = '\n - '.join(values) if identifier != 'attributes collection': identifier = f'MISP event {identifier}' - print(f'Errors encountered while parsing {identifier}:\n - {values}', file=sys.stderr) + print( + f'{field} encountered while parsing {identifier}:\n - {values}', + file=sys.stderr + ) -def _process_misp_files(version: str, input_names: Union[list, None], debug: bool): +def _process_misp_files( + version: str, input_names: Union[list, None], debug: bool): if input_names is None: print(json.dumps({'error': 'No input file provided.'})) return @@ -51,10 +55,13 @@ def _process_misp_files(version: str, input_names: Union[list, None], debug: boo for name in input_names: parser.parse_json_content(name) with open(f'{name}.out', 'wt', encoding='utf-8') as f: - f.write(f'{json.dumps(parser.stix_objects, cls=STIXJSONEncoder)}') - errors = parser.errors - if errors: - _handle_errors(errors) + f.write( + f'{json.dumps(parser.stix_objects, cls=STIXJSONEncoder)}' + ) + if parser.errors: + _handle_messages('Errors', parser.errors) + if debug and parser.warnings: + _handle_messages('Warnings', parser.warnings) print(json.dumps({'success': 1})) except Exception as e: print(json.dumps({'error': e.__str__()})) @@ -63,11 +70,27 @@ def _process_misp_files(version: str, input_names: Union[list, None], debug: boo if __name__ == "__main__": argparser = argparse.ArgumentParser(description='Export MISP into STIX2.') - argparser.add_argument('-v', '--version', default='2.0', choices=['2.0', '2.1'], help='STIX version (2.0 or 2.1).') - argparser.add_argument('-i', '--input', nargs='+', help='Input file(s) containing MISP standard format.') - argparser.add_argument('-d', '--debug', action='store_true', help='Allow debug mode with warnings.') + argparser.add_argument( + '-v', '--version', default='2.1', choices=['2.0', '2.1'], + help='STIX version (2.0 or 2.1).' + ) + argparser.add_argument( + '-i', '--input', nargs='+', required=True, + help='Input file(s) containing MISP standard format.' + ) + argparser.add_argument( + '-d', '--debug', action='store_true', + help='Allow debug mode with warnings.' + ) try: args = argparser.parse_args() _process_misp_files(args.version, args.input, args.debug) except SystemExit: - print(json.dumps({'error': 'Arguments error, please check you entered a valid version and provided input file names.'})) + print( + json.dumps( + { + 'error': 'Arguments error, please check you entered a valid' + ' version and provided input file names.' + } + ) + ) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 6c1ff87ac..3d80f2f42 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- -# Copyright (C) 2017-2018 CIRCL Computer Incident Response Center Luxembourg (smile gie) -# Copyright (C) 2017-2018 Christian Studer +# Copyright (C) 2017-2023 CIRCL Computer Incident Response Center Luxembourg +# Copyright (C) 2017-2023 Christian Studer # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as @@ -16,2138 +16,96 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -import sys +import argparse import json -import os -import time -import io -import pymisp -import stix2misp_mapping -import uuid -from collections import defaultdict -from copy import deepcopy +import sys +import traceback from pathlib import Path -_misp_dir = Path(os.path.realpath(__file__)).parents[4] -_misp_objects_path = _misp_dir / 'app' / 'files' / 'misp-objects' / 'objects' -_misp_types = pymisp.AbstractMISP().describe_types.get('types') -from pymisp import MISPEvent, MISPObject, MISPAttribute _scripts_path = Path(__file__).resolve().parents[1] sys.path.insert(0, str(_scripts_path / 'cti-python-stix2')) -import stix2 - -_RFC_UUID_VERSIONS = (1, 3, 4, 5) -_UUIDv4 = uuid.UUID('76beed5f-7251-457e-8c2a-b45f7b589d3d') +sys.path.insert(1, str(_scripts_path / 'python-stix')) +sys.path.insert(2, str(_scripts_path / 'python-cybox')) +sys.path.insert(3, str(_scripts_path / 'mixbox')) +sys.path.insert(4, str(_scripts_path / 'misp-stix')) +from misp_stix_converter import ( + ExternalSTIX2toMISPParser, InternalSTIX2toMISPParser, _from_misp) +from stix2.parsing import parse as stix2_parser -class StixParser(): - _galaxy_types = ('intrusion-set', 'malware', 'threat-actor', 'tool') - _stix2misp_mapping = {'marking-definition': '_load_marking', - 'relationship': '_load_relationship', - 'report': '_load_report', - 'indicator': '_parse_indicator', - 'observed-data': '_parse_observable', - 'identity': '_load_identity'} - _stix2misp_mapping.update({galaxy_type: '_load_galaxy' for galaxy_type in _galaxy_types}) - _special_mapping = {'attack-pattern': 'parse_attack_pattern', - 'course-of-action': 'parse_course_of_action', - 'vulnerability': 'parse_vulnerability'} - _timeline_mapping = {'indicator': ('valid_from', 'valid_until'), - 'observed-data': ('first_observed', 'last_observed')} - - def __init__(self): - super().__init__() - self.misp_event = MISPEvent() - self.relationship = defaultdict(list) - self.tags = set() - self.galaxy = {} - self.marking_definition = {} - - def handler(self, event, filename, args): - self.filename = filename - self.stix_version = f"STIX {event['spec_version'] if event.get('spec_version') else '2.1'}" - try: - event_distribution = args[0] - if not isinstance(event_distribution, int): - event_distribution = int(event_distribution) if event_distribution.isdigit() else 0 - except IndexError: - event_distribution = 0 - try: - attribute_distribution = args[1] - if attribute_distribution == 'event': - attribute_distribution = 5 - if not isinstance(attribute_distribution, int): - attribute_distribution = int(attribute_distribution) if attribute_distribution.isdigit() else 5 - except IndexError: - attribute_distribution = 5 - synonyms_to_tag_names = args[2] if len(args) > 2 else '/var/www/MISP/app/files/scripts/synonymsToTagNames.json' - with open(synonyms_to_tag_names, 'rt', encoding='utf-8') as f: - self._synonyms_to_tag_names = json.loads(f.read()) - self.parse_event(event) - - def _load_galaxy(self, galaxy): - self.galaxy[galaxy['id'].split('--')[1]] = {'tag_names': self.parse_galaxy(galaxy), 'used': False} - - def _load_identity(self, identity): - try: - self.identity[identity['id'].split('--')[1]] = identity['name'] - except AttributeError: - self.identity = {identity['id'].split('--')[1]: identity['name']} - - def _load_marking(self, marking): - tag = self.parse_marking(marking) - self.marking_definition[marking['id'].split('--')[1]] = {'object': tag, 'used': False} - - def _load_relationship(self, relationship): - target_uuid = relationship.target_ref.split('--')[1] - reference = (target_uuid, relationship.relationship_type) - source_uuid = relationship.source_ref.split('--')[1] - self.relationship[source_uuid].append(reference) - - def _load_report(self, report): - try: - self.report[report['id'].split('--')[1]] = report - except AttributeError: - self.report = {report['id'].split('--')[1]: report} - - def save_file(self): - for attribute in self.misp_event.attributes: - if uuid.UUID(attribute.uuid).version not in _RFC_UUID_VERSIONS: - attribute.uuid = self._sanitize_uuid(attribute) - for misp_object in self.misp_event.objects: - if uuid.UUID(misp_object.uuid).version not in _RFC_UUID_VERSIONS: - misp_object.uuid = self._sanitize_uuid(misp_object) - for reference in misp_object.references: - reference.object_uuid = misp_object.uuid - if uuid.UUID(reference.referenced_uuid).version not in _RFC_UUID_VERSIONS: - reference.referenced_uuid = uuid.uuid5(_UUIDv4, reference.referenced_uuid) - for attribute in misp_object.attributes: - if uuid.UUID(attribute.uuid).version not in _RFC_UUID_VERSIONS: - attribute.uuid = self._sanitize_uuid(attribute) - event = self.misp_event.to_json() - with open(f'{self.filename}.stix2', 'wt', encoding='utf-8') as f: - f.write(event) - - @staticmethod - def _sanitize_uuid(misp_feature): - comment = f'Original UUID was: {misp_feature.uuid}' - misp_feature.comment = f'{misp_feature.comment} - {comment}' if hasattr(misp_feature, 'comment') else comment - return uuid.uuid5(_UUIDv4, misp_feature.uuid) - - ################################################################################ - ## PARSING FUNCTIONS USED BY BOTH SUBCLASSES. ## - ################################################################################ - - def handle_markings(self): - if hasattr(self, 'marking_refs'): - for attribute in self.misp_event.attributes: - if attribute.uuid in self.marking_refs: - for marking_uuid in self.marking_refs[attribute.uuid]: - if marking_uuid not in self.marking_definition: - continue - attribute.add_tag(self.marking_definition[marking_uuid]['object']) - self.marking_definition[marking_uuid]['used'] = True - if self.marking_definition: - for marking_definition in self.marking_definition.values(): - if not marking_definition['used']: - self.tags.add(marking_definition['object']) - if self.tags: - for tag in self.tags: - self.misp_event.add_tag(tag) - - @staticmethod - def _parse_email_body(body, references): - attributes = [] - for body_multipart in body: - reference = references.pop(body_multipart['body_raw_ref']) - feature = body_multipart['content_disposition'].split(';')[0] - if feature in stix2misp_mapping.email_references_mapping: - attribute = deepcopy(stix2misp_mapping.email_references_mapping[feature]) - else: - print(f'Unknown content disposition in the following email body: {body_multipart}', file=sys.stderr) - continue - if isinstance(reference, stix2.v20.observables.Artifact): - attribute.update({ - 'value': body_multipart['content_disposition'].split('=')[-1].strip("'"), - 'data': reference.payload_bin, - 'to_ids': False - }) - else: - attribute.update({ - 'value': reference.name, - 'to_ids': False - }) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_email_references(email_message, references): - attributes = [] - if hasattr(email_message, 'from_ref'): - reference = references.pop(email_message.from_ref) - attribute = { - 'value': reference.value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.email_references_mapping['from_ref']) - attributes.append(attribute) - for feature in ('to_refs', 'cc_refs'): - if hasattr(email_message, feature): - for ref_id in getattr(email_message, feature): - reference = references.pop(ref_id) - attribute = { - 'value': reference.value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.email_references_mapping[feature]) - attributes.append(attribute) - return attributes - - def parse_galaxies(self): - for galaxy in self.galaxy.values(): - if not galaxy['used']: - for tag_name in galaxy['tag_names']: - self.tags.add(tag_name) - - @staticmethod - def _parse_network_connection_reference(feature_type, feature, value): - if feature == 'type': - return {type: value.format(feature_type) for type, value in stix2misp_mapping.network_traffic_references_mapping[value].items()} - return {feature: value} - - @staticmethod - def _parse_network_traffic_protocol(protocol): - return {'type': 'text', 'value': protocol, 'to_ids': False, - 'object_relation': f'layer{stix2misp_mapping.connection_protocols[protocol]}-protocol'} - - @staticmethod - def _parse_observable_reference(reference, mapping, feature=None): - attribute = { - 'value': reference.value, - 'to_ids': False +def _process_stix_file(args: argparse.ArgumentParser): + try: + with open(args.input, 'rt', encoding='utf-8') as f: + bundle = stix2_parser( + f.read(), allow_custom=True, interoperability=True + ) + stix_version = getattr(bundle, 'version', '2.1') + to_call = 'Internal' if _from_misp(bundle.objects) else 'External' + arguments = { + 'distribution': args.distribution, + 'galaxies_as_tags': args.galaxies_as_tags } - if feature is not None: - attribute.update({key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) - return attribute - attribute.update({key: value for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) - return attribute - - def parse_pe(self, extension): - pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) - self.fill_misp_object(pe_object, extension, 'pe_mapping') - for section in extension['sections']: - section_object = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) - self.fill_misp_object(section_object, section, 'pe_section_mapping') - if hasattr(section, 'hashes'): - self.fill_misp_object(section_object, section.hashes, 'pe_section_mapping') - self.misp_event.add_object(section_object) - pe_object.add_reference(section_object.uuid, 'includes') - self.misp_event.add_object(pe_object) - return pe_object.uuid - - def parse_relationships(self): - attribute_uuids = tuple(attribute.uuid for attribute in self.misp_event.attributes) - object_uuids = tuple(object.uuid for object in self.misp_event.objects) - for source, references in self.relationship.items(): - if source in object_uuids: - source_object = self.misp_event.get_object_by_uuid(source) - for reference in references: - target, reference = reference - if target in attribute_uuids or target in object_uuids: - source_object.add_reference(target, reference) - elif source in attribute_uuids: - for attribute in self.misp_event.attributes: - if attribute.uuid == source: - for reference in references: - target, reference = reference - if target in self.galaxy: - for tag_name in self.galaxy[target]['tag_names']: - attribute.add_tag(tag_name) - self.galaxy[target]['used'] = True - break - - def parse_report(self, event_uuid=None): - event_infos = set() - self.misp_event.uuid = event_uuid if event_uuid and len(self.report) > 1 else tuple(self.report.keys())[0] - for report in self.report.values(): - if hasattr(report, 'name') and report.name: - event_infos.add(report.name) - if hasattr(report, 'labels') and report.labels: - for label in report.labels: - self.tags.add(label) - if hasattr(report, 'object_marking_refs') and report.object_marking_refs: - for marking_ref in report.object_marking_refs: - marking_ref = marking_ref.split('--')[1] - try: - self.tags.add(self.marking_definition[marking_ref]['object']) - self.marking_definition[marking_ref]['used'] = True - except KeyError: - continue - if hasattr(report, 'external_references'): - for reference in report.external_references: - self.misp_event.add_attribute(**{'type': 'link', 'value': reference['url']}) - if len(event_infos) == 1: - self.misp_event.info = event_infos.pop() - else: - self.misp_event.info = f'Imported with MISP import script for {self.stix_version}' - - @staticmethod - def _parse_user_account_groups(groups): - attributes = [{'type': 'text', 'object_relation': 'group', 'to_ids': False, - 'disable_correlation': True, 'value': group} for group in groups] - return attributes - - ################################################################################ - ## UTILITY FUNCTIONS. ## - ################################################################################ - - @staticmethod - def _choose_with_priority(container, first_choice, second_choice): - return first_choice if first_choice in container else second_choice - - def filter_main_object(self, observable, main_type, test_function='_standard_test_filter'): - references = {} - main_objects = [] - for key, value in observable.items(): - if getattr(self, test_function)(value, main_type): - main_objects.append(value) - else: - references[key] = value - if len(main_objects) > 1: - print(f'More than one {main_type} objects in this observable: {observable}', file=sys.stderr) - return main_objects[0] if main_objects else None, references - - @staticmethod - def getTimestampfromDate(date): - try: - return int(date.timestamp()) - except AttributeError: - return int(time.mktime(time.strptime(date.split('+')[0], "%Y-%m-%dT%H:%M:%S.%fZ"))) - - @staticmethod - def _handle_data(data): - return io.BytesIO(data.encode()) - - @staticmethod - def parse_marking(marking): - marking_type = marking.definition_type - tag = getattr(marking.definition, marking_type) - return "{}:{}".format(marking_type, tag) - - def parse_timeline(self, stix_object): - misp_object = {'timestamp': self.getTimestampfromDate(stix_object.modified)} - try: - first, last = self._timeline_mapping[stix_object._type] - first_seen = getattr(stix_object, first) - if stix_object.created != first_seen and stix_object.modified != first_seen: - misp_object['first_seen'] = first_seen - if hasattr(stix_object, last): - misp_object['last_seen'] = getattr(stix_object, last) - elif hasattr(stix_object, last): - misp_object.update({'first_seen': first_seen, 'last_seen': getattr(stix_object, last)}) - except KeyError: - pass - return misp_object - - def _parse_galaxy_name(self, galaxy_name, default = None): - for identifier in galaxy_name.split(' - '): - if identifier[0].isalpha() and any(character.isdecimal() for character in identifier[1:]): - for name, tag_names in self._synonyms_to_tag_names.items(): - if identifier in name: - return tag_names - return default - - @staticmethod - def _process_test_filter(value, main_type): - _is_main_process = any(feature in value for feature in ('parent_ref', 'child_refs')) - return isinstance(value, getattr(stix2.v20.observables, main_type)) and _is_main_process - - @staticmethod - def _standard_test_filter(value, main_type): - return isinstance(value, getattr(stix2.v20.observables, main_type)) - - def update_marking_refs(self, attribute_uuid, marking_refs): - try: - self.marking_refs[attribute_uuid] = tuple(marking.split('--')[1] for marking in marking_refs) - except AttributeError: - self.marking_refs = {attribute_uuid: tuple(marking.split('--')[1] for marking in marking_refs)} - - -class StixFromMISPParser(StixParser): - def __init__(self): - super().__init__() - self._stix2misp_mapping.update({'custom_object': '_parse_custom'}) - self._stix2misp_mapping.update({special_type: '_parse_undefined' for special_type in ('attack-pattern', 'course-of-action', 'vulnerability')}) - self._custom_objects = tuple(filename.name.replace('_', '-') for filename in _misp_objects_path.glob('*') if '_' in filename.name) - - def parse_event(self, stix_event): - for stix_object in stix_event.objects: - object_type = stix_object['type'] - if object_type.startswith('x-misp-object'): - object_type = 'custom_object' - if object_type in self._stix2misp_mapping: - getattr(self, self._stix2misp_mapping[object_type])(stix_object) - else: - print(f'not found: {object_type}', file=sys.stderr) - if self.relationship: - self.parse_relationships() - if self.galaxy: - self.parse_galaxies() - if hasattr(self, 'report'): - self.parse_report() - self.handle_markings() - - def _parse_custom(self, custom): - if 'from_object' in custom['labels']: - self.parse_custom_object(custom) - else: - self.parse_custom_attribute(custom) - - def _parse_indicator(self, indicator): - if 'from_object' in indicator['labels']: - self.parse_indicator_object(indicator) - else: - self.parse_indicator_attribute(indicator) - - def _parse_observable(self, observable): - if 'from_object' in observable['labels']: - self.parse_observable_object(observable) - else: - self.parse_observable_attribute(observable) - - def _parse_undefined(self, stix_object): - if any(label.startswith('misp-galaxy:') for label in stix_object.get('labels', [])): - self._load_galaxy(stix_object) - else: - getattr(self, self._special_mapping[stix_object._type])(stix_object) - - ################################################################################ - ## PARSING FUNCTIONS. ## - ################################################################################ - - def fill_misp_object(self, misp_object, stix_object, mapping, - to_call='_fill_observable_object_attribute'): - for feature, value in stix_object.items(): - if feature not in getattr(stix2misp_mapping, mapping): - if feature.startswith('x_misp_'): - attribute = self.parse_custom_property(feature) - if isinstance(value, list): - self._fill_misp_object_from_list(misp_object, attribute, value) - continue - else: - continue - else: - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[feature]) - attribute.update(getattr(self, to_call)(feature, value)) - misp_object.add_attribute(**attribute) - - @staticmethod - def _fill_misp_object_from_list(misp_object, mapping, values): - for value in values: - attribute = {'value': value} - attribute.update(mapping) - misp_object.add_attribute(**attribute) - - def parse_attack_pattern(self, attack_pattern): - misp_object, _ = self.create_misp_object(attack_pattern) - if hasattr(attack_pattern, 'external_references'): - for reference in attack_pattern.external_references: - value = reference['external_id'].split('-')[1] if reference['source_name'] == 'capec' else reference['url'] - misp_object.add_attribute(**{ - 'type': 'text', 'object_relation': 'id', - 'value': value - }) - self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping', - '_fill_observable_object_attribute') - self.misp_event.add_object(**misp_object) - - def parse_course_of_action(self, course_of_action): - misp_object, _ = self.create_misp_object(course_of_action) - self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping', - '_fill_observable_object_attribute') - self.misp_event.add_object(**misp_object) - - def parse_custom_attribute(self, custom): - attribute_type = custom['type'].split('x-misp-object-')[1] - if attribute_type not in _misp_types: - replacement = ' ' if attribute_type == 'named-pipe' else '|' - attribute_type = attribute_type.replace('-', replacement) - attribute = {'type': attribute_type, - 'timestamp': self.getTimestampfromDate(custom['modified']), - 'to_ids': bool(custom['labels'][1].split('=')[1]), - 'value': custom['x_misp_value'], - 'category': self.get_misp_category(custom['labels']), - 'uuid': custom['id'].split('--')[1]} - if custom.get('object_marking_refs'): - self.update_marking_refs(attribute['uuid'], custom['object_marking_refs']) - self.misp_event.add_attribute(**attribute) - - def parse_custom_object(self, custom): - name = custom['type'].split('x-misp-object-')[1] - if name in self._custom_objects: - name = name.replace('-', '_') - misp_object = MISPObject(name, misp_objects_path_custom=_misp_objects_path) - misp_object.timestamp = self.getTimestampfromDate(custom['modified']) - misp_object.uuid = custom['id'].split('--')[1] - try: - misp_object.category = custom['category'] - except KeyError: - misp_object.category = self.get_misp_category(custom['labels']) - for key, value in custom['x_misp_values'].items(): - attribute_type, object_relation = key.replace('_DOT_', '.').split('_') - if isinstance(value, list): - for single_value in value: - misp_object.add_attribute(**{'type': attribute_type, 'value': single_value, - 'object_relation': object_relation}) - else: - misp_object.add_attribute(**{'type': attribute_type, 'value': value, - 'object_relation': object_relation}) - self.misp_event.add_object(**misp_object) - - def parse_galaxy(self, galaxy): - if hasattr(galaxy, 'labels'): - return [label for label in galaxy.labels if label.startswith('misp-galaxy:')] - try: - return self._synonyms_to_tag_names[galaxy.name] - except KeyError: - print(f'Unknown {galaxy._type} name: {galaxy.name}', file=sys.stderr) - return self._parse_galaxy_name(galaxy.name, default=[f'misp-galaxy:{galaxy._type}="{galaxy.name}"']) - - def parse_indicator_attribute(self, indicator): - attribute = self.create_attribute_dict(indicator) - attribute['to_ids'] = True - pattern = indicator.pattern.replace('\\\\', '\\') - if attribute['type'] in ('malware-sample', 'attachment'): - value, data = self.parse_attribute_pattern_with_data(pattern) - attribute.update({feature: value for feature, value in zip(('value', 'data'), (value, io.BytesIO(data.encode())))}) - else: - attribute['value'] = self.parse_attribute_pattern(pattern) - self.misp_event.add_attribute(**attribute) - - def parse_indicator_object(self, indicator): - misp_object, object_type = self.create_misp_object(indicator) - pattern = self._handle_pattern(indicator.pattern).replace('\\\\', '\\').split(' AND ') - try: - attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['pattern'])(pattern) - except KeyError: - print(f"Unable to map {object_type} object:\n{indicator}", file=sys.stderr) - return - if isinstance(attributes, tuple): - attributes, target_uuid = attributes - misp_object.add_reference(target_uuid, 'includes') - for attribute in attributes: - misp_object.add_attribute(**attribute) - self.misp_event.add_object(misp_object) - - def parse_observable_attribute(self, observable): - attribute = self.create_attribute_dict(observable) - attribute['to_ids'] = False - objects = observable.objects - value = self.parse_single_attribute_observable(objects, attribute['type']) - if isinstance(value, tuple): - value, data = value - attribute['data'] = data - attribute['value'] = value - self.misp_event.add_attribute(**attribute) - - def parse_observable_object(self, observable): - misp_object, object_type = self.create_misp_object(observable) - observable_object = observable.objects - try: - attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['observable'])(observable_object) - except KeyError: - print(f"Unable to map {object_type} object:\n{observable}", file=sys.stderr) - return - if isinstance(attributes, tuple): - attributes, target_uuid = attributes - misp_object.add_reference(target_uuid, 'includes') - for attribute in attributes: - misp_object.add_attribute(**attribute) - self.misp_event.add_object(misp_object) - - def parse_vulnerability(self, vulnerability): - attributes = self.fill_observable_attributes(vulnerability, 'vulnerability_mapping') - if hasattr(vulnerability, 'external_references'): - for reference in vulnerability.external_references: - if reference['source_name'] == 'url': - attributes.append({'type': 'link', 'object_relation': 'references', 'value': reference['url']}) - if len(attributes) > 1: - vulnerability_object, _ = self.create_misp_object(vulnerability) - for attribute in attributes: - vulnerability_object.add_attribute(**attribute) - self.misp_event.add_object(**vulnerability_object) - else: - attribute = self.create_attribute_dict(vulnerability) - attribute['value'] = attributes[0]['value'] - self.misp_event.add_attribute(**attribute) - - ################################################################################ - ## OBSERVABLE PARSING FUNCTIONS ## - ################################################################################ - - @staticmethod - def _define_hash_type(hash_type): - if 'sha' in hash_type: - return f'SHA-{hash_type.split("sha")[1]}' - return hash_type.upper() if hash_type == 'md5' else hash_type - - @staticmethod - def _fetch_file_observable(observable_objects): - for key, observable in observable_objects.items(): - if observable['type'] == 'file': - return key - return '0' - - @staticmethod - def _fill_observable_attribute(attribute_type, object_relation, value): - return {'type': attribute_type, - 'object_relation': object_relation, - 'value': value, - 'to_ids': False} - - def fill_observable_attributes(self, observable, object_mapping): - attributes = [] - for key, value in observable.items(): - if key in getattr(stix2misp_mapping, object_mapping): - attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[key]) - elif key.startswith('x_misp_'): - attribute = self.parse_custom_property(key) - if isinstance(value, list): - for single_value in value: - single_attribute = {'value': single_value, 'to_ids': False} - single_attribute.update(attribute) - attributes.append(single_attribute) - continue - else: - continue - attribute.update({'value': value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - def _handle_multiple_file_fields(self, file): - attributes = [] - for feature, attribute_type in zip(('filename', 'path', 'fullpath'), ('filename', 'text', 'text')): - key = f'x_misp_multiple_{feature}' - if key in file: - attributes.append(self._fill_observable_attribute(attribute_type, feature, file.pop(key))) - elif f'{key}s' in file: - attributes.extend(self._fill_observable_attribute(attribute_type, feature, value) for value in file.pop(key)) - attributes.extend(self.fill_observable_attributes(file, 'file_mapping')) - return attributes - - def parse_asn_observable(self, observable): - attributes = [] - mapping = 'asn_mapping' - for observable_object in observable.values(): - if isinstance(observable_object, stix2.v20.observables.AutonomousSystem): - attributes.extend(self.fill_observable_attributes(observable_object, mapping)) - else: - attributes.append(self._parse_observable_reference(observable_object, mapping)) - return attributes - - def _parse_attachment(self, observable): - if len(observable) > 1: - return self._parse_name(observable), self._parse_payload(observable) - return self._parse_name(observable) - - def parse_credential_observable(self, observable): - return self.fill_observable_attributes(observable['0'], 'credential_mapping') - - def _parse_domain_ip_attribute(self, observable): - return f'{self._parse_domain_value(observable)}|{self._parse_ip_value(observable)}' - - @staticmethod - def _parse_domain_value(observables): - for observable in observables.values(): - if observable.type == 'domain-name': - return observable.value - - @staticmethod - def parse_domain_ip_observable(observable): - attributes = [] - for observable_object in observable.values(): - attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[observable_object._type]) - attribute.update({'value': observable_object.value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_email_message(observable, attribute_type): - return observable['0'].get(attribute_type.split('-')[1]) - - def parse_email_observable(self, observable): - email, references = self.filter_main_object(observable, 'EmailMessage') - attributes = self.fill_observable_attributes(email, 'email_mapping') - if hasattr(email, 'additional_header_fields'): - attributes.extend(self.fill_observable_attributes(email.additional_header_fields, 'email_mapping')) - attributes.extend(self._parse_email_references(email, references)) - if hasattr(email, 'body_multipart') and email.body_multipart: - attributes.extend(self._parse_email_body(email.body_multipart, references)) - return attributes - - @staticmethod - def _parse_email_reply_to(observable): - return observable['0'].additional_header_fields.get('Reply-To') - - @staticmethod - def _parse_email_value(observables): - for observable in observables.values(): - if observable.type == 'email-addr': - return observable.value - - def parse_file_observable(self, observable): - file, references = self.filter_main_object(observable, 'File') - references = {key: {'object': value, 'used': False} for key, value in references.items()} - file = {key: value for key, value in file.items()} - multiple_fields = any(f'x_misp_multiple_{feature}' in file for feature in ('filename', 'path', 'fullpath')) - attributes = self._handle_multiple_file_fields(file) if multiple_fields else self.fill_observable_attributes(file, 'file_mapping') - if 'hashes' in file: - attributes.extend(self.fill_observable_attributes(file['hashes'], 'file_mapping')) - if 'content_ref' in file: - reference = references[file['content_ref']] - value = f'{reference["object"].name}|{reference["object"].hashes["MD5"]}' - attributes.append({'type': 'malware-sample', 'object_relation': 'malware-sample', 'value': value, - 'to_ids': False, 'data': reference['object'].payload_bin}) - reference['used'] = True - if 'parent_directory_ref' in file: - reference = references[file['parent_directory_ref']] - attributes.append({'type': 'text', 'object_relation': 'path', - 'value': reference['object'].path, 'to_ids': False}) - reference['used'] = True - for reference in references.values(): - if not reference['used']: - attributes.append({ - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': reference['object'].name, - 'data': reference['object'].payload_bin, - 'to_ids': False - }) - return attributes - - def _parse_filename_hash(self, observable, attribute_type): - hash_type = attribute_type.split('|')[1] - filename = self._parse_name(observable) - hash_value = self._parse_hash(observable, hash_type) - return f'{filename}|{hash_value}' - - def _parse_hash(self, observables, attribute_type): - hash_type = self._define_hash_type(attribute_type) - for observable in observables.values(): - if observable.type == 'file': - return observable.hashes.get(hash_type) - - def parse_ip_port_observable(self, observable): - network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') - attributes = [] - for feature in ('src', 'dst'): - port = f'{feature}_port' - if hasattr(network_traffic, port): - attribute = deepcopy(stix2misp_mapping.ip_port_mapping[port]) - attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) - attributes.append(attribute) - ref = f'{feature}_ref' - if hasattr(network_traffic, ref): - attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), 'ip_port_references_mapping', feature)) - for reference in references.values(): - attribute = deepcopy(stix2misp_mapping.ip_port_references_mapping[reference._type]) - attribute.update({'value': reference.value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_ip_value(observables): - for observable in observables.values(): - if observable.type in ('ipv4-addr', 'ipv6-addr'): - return observable.value - - @staticmethod - def _parse_mac_value(observables): - for observable in observables.values(): - if observable.type == 'mac-addr': - return observable.value - - def _parse_malware_sample(self, observable): - if len(observable) > 1: - value = self._parse_filename_hash(observable, 'filename|md5') - return value, self._parse_payload(observable) - return self._parse_filename_hash(observable, 'filename|md5') - - @staticmethod - def _parse_name(observables): - for observable in observables.values(): - if observable.type == 'file': - return observable.name - - def _parse_network_attribute(self, observable): - port = self._parse_port(observable) - return f'{self._parse_ip_value(observable)}|{port}' - - def parse_network_connection_observable(self, observable): - network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') - attributes = self._parse_network_traffic(network_traffic, references) - if hasattr(network_traffic, 'protocols'): - attributes.extend(self._parse_network_traffic_protocol(protocol) for protocol in network_traffic.protocols if protocol in stix2misp_mapping.connection_protocols) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) - return attributes - - def parse_network_socket_observable(self, observable): - network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') - attributes = self._parse_network_traffic(network_traffic, references) - if hasattr(network_traffic, 'protocols'): - attributes.append({'type': 'text', 'object_relation': 'protocol', 'to_ids': False, - 'value': network_traffic.protocols[0].strip("'")}) - if hasattr(network_traffic, 'extensions') and network_traffic.extensions: - attributes.extend(self._parse_socket_extension(network_traffic.extensions['socket-ext'])) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) - return attributes - - def _parse_network_traffic(self, network_traffic, references): - attributes = [] - mapping = 'network_traffic_references_mapping' - for feature in ('src', 'dst'): - port = f'{feature}_port' - if hasattr(network_traffic, port): - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[port]) - attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) - attributes.append(attribute) - ref = f'{feature}_ref' - if hasattr(network_traffic, ref): - attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), mapping, feature)) - if hasattr(network_traffic, f'{ref}s'): - for ref in getattr(network_traffic, f'{ref}s'): - attributes.append(self._parse_observable_reference(references.pop(ref), mapping, feature)) - return attributes - - @staticmethod - def _parse_number(observable): - return observable['0'].get('number') - - @staticmethod - def _parse_payload(observables): - for observable in observables.values(): - if observable.type == 'artifact': - return observable.payload_bin - - def parse_pe_observable(self, observable): - key = self._fetch_file_observable(observable) - extension = observable[key]['extensions']['windows-pebinary-ext'] - pe_uuid = self.parse_pe(extension) - return self.parse_file_observable(observable), pe_uuid - - @staticmethod - def _parse_port(observables): - for observable in observables.values(): - if observable.type == 'network-traffic': - return observable.src_port if hasattr(observable, 'src_port') else observable.dst_port - - def parse_process_observable(self, observable): - process, references = self.filter_main_object(observable, 'Process', test_function='_process_test_filter') - attributes = self.fill_observable_attributes(process, 'process_mapping') - if hasattr(process, 'parent_ref'): - attributes.extend(self.fill_observable_attributes(references[process.parent_ref], 'parent_process_reference_mapping')) - if hasattr(process, 'child_refs'): - for reference in process.child_refs: - attributes.extend(self.fill_observable_attributes(references[reference], 'child_process_reference_mapping')) - if hasattr(process, 'binary_ref'): - reference = references[process.binary_ref] - attribute = deepcopy(stix2misp_mapping.process_image_mapping) - attribute.update({'value': reference.name, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_regkey_attribute(observable): - return observable['0'].get('key') - - def parse_regkey_observable(self, observable): - attributes = [] - for key, value in observable['0'].items(): - if key in stix2misp_mapping.regkey_mapping: - attribute = deepcopy(stix2misp_mapping.regkey_mapping[key]) - attribute.update({'value': value.replace('\\\\', '\\'), 'to_ids': False}) - attributes.append(attribute) - if 'values' in observable['0']: - attributes.extend(self.fill_observable_attributes(observable['0']['values'][0], 'regkey_mapping')) - return attributes - - def _parse_regkey_value(self, observable): - regkey = self._parse_regkey_attribute(observable) - return f'{regkey}|{observable["0"]["values"][0].get("data")}' - - def parse_single_attribute_observable(self, observable, attribute_type): - if attribute_type in stix2misp_mapping.attributes_type_mapping: - return getattr(self, stix2misp_mapping.attributes_type_mapping[attribute_type])(observable, attribute_type) - return getattr(self, stix2misp_mapping.attributes_mapping[attribute_type])(observable) - - def _parse_socket_extension(self, extension): - attributes = [] - extension = {key: value for key, value in extension.items()} - if 'x_misp_text_address_family' in extension: - extension.pop('address_family') - for element, value in extension.items(): - if element in stix2misp_mapping.network_socket_extension_mapping: - attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[element]) - if element in ('is_listening', 'is_blocking'): - if value is False: - continue - value = element.split('_')[1] - elif element.startswith('x_misp_'): - attribute = self.parse_custom_property(element) - else: - continue - attribute.update({'value': value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def parse_url_observable(observable): - attributes = [] - for object in observable.values(): - feature = 'dst_port' if isinstance(object, stix2.v20.observables.NetworkTraffic) else 'value' - attribute = deepcopy(stix2misp_mapping.url_mapping[object._type]) - attribute.update({'value': getattr(object, feature), 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def parse_url_value(observables): - for observable in observables.items(): - if observable.type == 'url': - return observable.value - - def parse_user_account_observable(self, observable): - observable = observable['0'] - attributes = self.fill_observable_attributes(observable, 'user_account_mapping') - if 'extensions' in observable and 'unix-account-ext' in observable['extensions']: - extension = observable['extensions']['unix-account-ext'] - if 'groups' in extension: - attributes.extend(self._parse_user_account_groups(extension['groups'])) - attributes.extend(self.fill_observable_attributes(extension, 'user_account_mapping')) - return attributes - - def _parse_x509_attribute(self, observable, attribute_type): - hash_type = attribute_type.split('-')[-1] - return self._parse_hash(observable, hash_type) - - def parse_x509_observable(self, observable): - attributes = self.fill_observable_attributes(observable['0'], 'x509_mapping') - if hasattr(observable['0'], 'hashes') and observable['0'].hashes: - attributes.extend(self.fill_observable_attributes(observable['0'].hashes, 'x509_mapping')) - return attributes - - ################################################################################ - ## PATTERN PARSING FUNCTIONS. ## - ################################################################################ - - def fill_pattern_attributes(self, pattern, object_mapping): - attributes = [] - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if pattern_type not in getattr(stix2misp_mapping, object_mapping): - if 'x_misp_' in pattern_type: - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - return attributes - - def parse_asn_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'asn_mapping') - - def parse_credential_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'credential_mapping') - - def parse_domain_ip_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'domain_ip_mapping') - - def parse_email_pattern(self, pattern): - attributes = [] - attachments = defaultdict(dict) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if 'body_multipart' in pattern_type: - pattern_type = pattern_type.split('.') - feature = 'data' if pattern_type[-1] == 'payload_bin' else 'value' - attachments[pattern_type[0][-2]][feature] = pattern_value.strip("'") - continue - if pattern_type not in stix2misp_mapping.email_mapping: - if 'x_misp_' in pattern_type: - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - for attachment in attachments.values(): - if 'data' in attachment: - attribute = {'type': 'attachment', 'object_relation': 'screenshot', 'data': attachment['data']} - else: - attribute = {'type': 'email-attachment', 'object_relation': 'attachment'} - attribute['value'] = attachment['value'] - attributes.append(attribute) - return attributes - - def parse_file_pattern(self, pattern): - attributes = [] - attachment = {} - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if pattern_type in stix2misp_mapping.attachment_types: - attachment[pattern_type] = pattern_value.strip("'") - if pattern_type not in stix2misp_mapping.file_mapping: - continue - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - if 'file:content_ref.payload_bin' in attachment: - filename = self._choose_with_priority(attachment, 'file:content_ref.name', 'file:name') - md5 = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") - attributes.append({ - 'type': 'malware-sample', - 'object_relation': 'malware-sample', - 'value': f'{attachment[filename]}|{attachment[md5]}', - 'data': attachment['file:content_ref.payload_bin'] - }) - if 'artifact:payload_bin' in attachment: - attributes.append({ - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': attachment['artifact:x_misp_text_name'] if 'artifact:x_misp_text_name' in attachment else attachment['file:name'], - 'data': attachment['artifact:payload_bin'] - }) - return attributes - - def parse_ip_port_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'ip_port_mapping') - - def parse_network_connection_pattern(self, pattern): - attributes = [] - references = defaultdict(dict) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if pattern_type not in stix2misp_mapping.network_traffic_mapping: - pattern_value = pattern_value.strip("'") - if pattern_type.startswith('network-traffic:protocols['): - attributes.append({ - 'type': 'text', 'value': pattern_value, - 'object_relation': f'layer{stix2misp_mapping.connection_protocols[pattern_value]}-protocol' - }) - elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) - continue - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - attributes.extend(attribute for attribute in references.values()) - return attributes - - def parse_network_socket_pattern(self, pattern): - attributes = [] - references = defaultdict(dict) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - pattern_value = pattern_value.strip("'") - if pattern_type not in stix2misp_mapping.network_traffic_mapping: - if pattern_type in stix2misp_mapping.network_socket_extension_mapping: - attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[pattern_type]) - if pattern_type.startswith("network-traffic:extensions.'socket-ext'.is_"): - if pattern_value != 'True': - continue - pattern_value = pattern_type.split('_')[1] - else: - if pattern_type.startswith('network-traffic:protocols['): - attributes.append({'type': 'text', 'object_relation': 'protocol', 'value': pattern_value}) - elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) - continue - else: - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - attributes.extend(attribute for attribute in references.values()) - return attributes - - def parse_pe_pattern(self, pattern): - attributes = [] - sections = defaultdict(dict) - pe = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if ':extensions.' in pattern_type: - if '.sections[' in pattern_type: - pattern_type = pattern_type.split('.') - relation = pattern_type[-1].strip("'") - if relation in stix2misp_mapping.pe_section_mapping: - sections[pattern_type[2][-2]][relation] = pattern_value.strip("'") - else: - pattern_type = pattern_type.split('.')[-1] - if pattern_type not in stix2misp_mapping.pe_mapping: - if pattern_type.startswith('x_misp_'): - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - pe.add_attribute(**attribute) - continue - attribute = deepcopy(stix2misp_mapping.pe_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - pe.add_attribute(**attribute) - else: - if pattern_type not in stix2misp_mapping.file_mapping: - if pattern_type.startswith('x_misp_'): - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - for section in sections.values(): - pe_section = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) - for feature, value in section.items(): - attribute = deepcopy(stix2misp_mapping.pe_section_mapping[feature]) - attribute['value'] = value - pe_section.add_attribute(**attribute) - self.misp_event.add_object(pe_section) - pe.add_reference(pe_section.uuid, 'includes') - self.misp_event.add_object(pe) - return attributes, pe.uuid - - def parse_process_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'process_mapping') - - def parse_regkey_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'regkey_mapping') - - def parse_url_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'url_mapping') - - @staticmethod - def parse_user_account_pattern(pattern): - attributes = [] - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - pattern_type = pattern_type.split('.')[-1].split('[')[0] if "extensions.'unix-account-ext'" in pattern_type else pattern_type.split(':')[-1] - if pattern_type not in stix2misp_mapping.user_account_mapping: - if pattern_type.startswith('group'): - attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value.strip("'")}) - continue - attribute = deepcopy(stix2misp_mapping.user_account_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - return attributes - - def parse_x509_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'x509_mapping') - - ################################################################################ - ## UTILITY FUNCTIONS. ## - ################################################################################ - - def create_attribute_dict(self, stix_object): - labels = stix_object['labels'] - attribute_uuid = stix_object.id.split('--')[1] - attribute = {'uuid': attribute_uuid, - 'type': self.get_misp_type(labels), - 'category': self.get_misp_category(labels)} - tags = [{'name': label} for label in labels[3:]] - if tags: - attribute['Tag'] = tags - attribute.update(self.parse_timeline(stix_object)) - if hasattr(stix_object, 'description') and stix_object.description: - attribute['comment'] = stix_object.description - if hasattr(stix_object, 'object_marking_refs'): - self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs) - return attribute - - def create_misp_object(self, stix_object): - labels = stix_object['labels'] - object_type = self.get_misp_type(labels) - misp_object = MISPObject('file' if object_type == 'WindowsPEBinaryFile' else object_type, - misp_objects_path_custom=_misp_objects_path) - misp_object.uuid = stix_object.id.split('--')[1] - if hasattr(stix_object, 'description') and stix_object.description: - misp_object.comment = stix_object.description - misp_object.update(self.parse_timeline(stix_object)) - return misp_object, object_type - - @staticmethod - def _fill_object_attribute(feature, value): - return {'value': str(value) if feature in ('entropy', 'size') else value} - - @staticmethod - def _fill_observable_object_attribute(feature, value): - return {'value': str(value) if feature in ('entropy', 'size') else value, - 'to_ids': False} - - @staticmethod - def get_misp_category(labels): - return labels[1].split('=')[1].strip('"') - - @staticmethod - def get_misp_type(labels): - for label in labels: - if label.startswith('misp:type=') or label.startswith('misp:name='): - return label.split('=')[1].strip('"') - - @staticmethod - def parse_attribute_pattern(pattern): - if ' AND ' in pattern: - pattern_parts = pattern.strip('[]').split(' AND ') - if len(pattern_parts) == 3: - _, value1 = pattern_parts[2].split(' = ') - _, value2 = pattern_parts[0].split(' = ') - return '{}|{}'.format(value1.strip("'"), value2.strip("'")) - else: - _, value1 = pattern_parts[0].split(' = ') - _, value2 = pattern_parts[1].split(' = ') - if value1 in ("'ipv4-addr'", "'ipv6-addr'"): - return value2.strip("'") - return '{}|{}'.format(value1.strip("'"), value2.strip("'")) - else: - return pattern.split(' = ')[1].strip("]'") - - def parse_attribute_pattern_with_data(self, pattern): - if 'file:content_ref.payload_bin' not in pattern: - return self.parse_attribute_pattern(pattern) - pattern_parts = pattern.strip('[]').split(' AND ') - if len(pattern_parts) == 3: - filename = pattern_parts[0].split(' = ')[1] - md5 = pattern_parts[1].split(' = ')[1] - return "{}|{}".format(filename.strip("'"), md5.strip("'")), pattern_parts[2].split(' = ')[1].strip("'") - return pattern_parts[0].split(' = ')[1].strip("'"), pattern_parts[1].split(' = ')[1].strip("'") - - @staticmethod - def parse_custom_property(custom_property): - properties = custom_property.split('_')[2:] - return {'object_relation': '-'.join(properties)} - - -class ExternalStixParser(StixParser): - def __init__(self): - super().__init__() - self._stix2misp_mapping.update({'attack-pattern': 'parse_attack_pattern', - 'course-of-action': 'parse_course_of_action', - 'vulnerability': 'parse_vulnerability'}) - - ################################################################################ - ## PARSING FUNCTIONS. ## - ################################################################################ - - def parse_event(self, stix_event): - for stix_object in stix_event.objects: - object_type = stix_object['type'] - if object_type in self._stix2misp_mapping: - getattr(self, self._stix2misp_mapping[object_type])(stix_object) - else: - print(f'not found: {object_type}', file=sys.stderr) - if self.relationship: - self.parse_relationships() - if self.galaxy: - self.parse_galaxies() - event_uuid = stix_event.id.split('--')[1] - if hasattr(self, 'report'): - self.parse_report(event_uuid=event_uuid) - else: - self.misp_event.uuid = event_uuid - self.misp_event.info = 'Imported with the STIX to MISP import script.' - self.handle_markings() - - def parse_galaxy(self, galaxy): - galaxy_names = self._check_existing_galaxy_name(galaxy.name) - if galaxy_names is not None: - return galaxy_names - return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] - - def _parse_indicator(self, indicator): - pattern = indicator.pattern - if any(relation in pattern for relation in stix2misp_mapping.pattern_forbidden_relations) or all(relation in pattern for relation in (' OR ', ' AND ')): - self.add_stix2_pattern_object(indicator) - separator = ' OR ' if ' OR ' in pattern else ' AND ' - self.parse_usual_indicator(indicator, separator) - - def _parse_observable(self, observable): - types = self._parse_observable_types(observable.objects) - try: - getattr(self, stix2misp_mapping.observable_mapping[types])(observable) - except KeyError: - print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) - - def _parse_undefined(self, stix_object): - try: - self.objects_to_parse[stix_object['id'].split('--')[1]] = stix_object - except AttributeError: - self.objects_to_parse = {stix_object['id'].split('--')[1]: stix_object} - - def add_stix2_pattern_object(self, indicator): - misp_object = MISPObject('stix2-pattern', misp_objects_path_custom=_misp_objects_path) - misp_object.uuid = indicator.id.split('--')[1] - misp_object.update(self.parse_timeline(indicator)) - version = f'STIX {indicator.pattern_version}' if hasattr(indicator, 'pattern_version') else 'STIX 2.0' - misp_object.add_attribute(**{'type': 'text', 'object_relation': 'version', 'value': version}) - misp_object.add_attribute(**{'type': 'stix2-pattern', 'object_relation': 'stix2-pattern', - 'value': indicator.pattern}) - self.misp_event.add_object(**misp_object) - - @staticmethod - def fill_misp_object(misp_object, stix_object, mapping): - for key, feature in getattr(stix2misp_mapping, mapping).items(): - if hasattr(stix_object, key): - attribute = deepcopy(feature) - attribute['value'] = getattr(stix_object, key) - misp_object.add_attribute(**attribute) - - @staticmethod - def fill_misp_object_from_dict(misp_object, stix_object, mapping): - for key, feature in getattr(stix2misp_mapping, mapping).items(): - if key in stix_object: - attribute = deepcopy(feature) - attribute['value'] = stix_object[key] - misp_object.add_attribute(**attribute) - - def parse_attack_pattern(self, attack_pattern): - galaxy_names = self._check_existing_galaxy_name(attack_pattern.name) - if galaxy_names is not None: - self.galaxy[attack_pattern['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} - else: - misp_object = self.create_misp_object(attack_pattern) - if hasattr(attack_pattern, 'external_references'): - references = defaultdict(set) - for reference in attack_pattern.external_references: - if hasattr(reference, 'url'): - references['references'].add(reference.url) - if hasattr(reference, 'external_id'): - external_id = reference.external_id - references['id'].add(external_id.split('-')[1] if external_id.startswith('CAPEC-') else external_id) - if references: - for feature, values in references.items(): - for value in values: - attribute = {'value': value} - attribute.update(getattr(stix2misp_mapping, f'attack_pattern_{feature}_attribute')) - misp_object.add_attribute(**attribute) - self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping') - self.misp_event.add_object(**misp_object) - - def parse_course_of_action(self, course_of_action): - galaxy_names = self._check_existing_galaxy_name(course_of_action.name) - if galaxy_names is not None: - self.galaxy[course_of_action['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} - else: - misp_object = self.create_misp_object(course_of_action) - self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping') - self.misp_event.add_object(**misp_object) - - def parse_usual_indicator(self, indicator, separator): - pattern = tuple(part.strip() for part in self._handle_pattern(indicator.pattern).split(separator)) - types = self._parse_pattern_types(pattern) - try: - getattr(self, stix2misp_mapping.pattern_mapping[types])(indicator, separator) - except KeyError: - print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) - self.add_stix2_pattern_object(indicator) - - def parse_vulnerability(self, vulnerability): - galaxy_names = self._check_existing_galaxy_name(vulnerability.name) - if galaxy_names is not None: - self.galaxy[vulnerability['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} - else: - attributes = self._get_attributes_from_observable(vulnerability, 'vulnerability_mapping') - if hasattr(vulnerability, 'external_references'): - for reference in vulnerability.external_references: - if reference['source_name'] == 'url': - attribute = deepcopy(stix2misp_mapping.references_attribute_mapping) - attribute['value'] = reference['url'] - attributes.append(attribute) - if len(attributes) == 1 and attributes[0]['object_relation'] == 'id': - attributes[0]['type'] = 'vulnerability' - self.handle_import_case(vulnerability, attributes, 'vulnerability') - - ################################################################################ - ## OBSERVABLE PARSING FUNCTIONS ## - ################################################################################ - - @staticmethod - def _fetch_reference_type(references, object_type): - for key, reference in references.items(): - if isinstance(reference, getattr(stix2.v20.observables, object_type)): - return key - return None - - @staticmethod - def _fetch_user_account_type_observable(observable_objects): - for observable_object in observable_objects.values(): - if hasattr(observable_object, 'extensions') or any(key not in ('user_id', 'credential', 'type') for key in observable_object): - return 'user-account', 'user_account_mapping' - return 'credential', 'credential_mapping' - - @staticmethod - def _get_attributes_from_observable(stix_object, mapping): - attributes = [] - for key, value in stix_object.items(): - if key in getattr(stix2misp_mapping, mapping) and value: - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[key]) - attribute.update({'value': value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - def get_network_traffic_attributes(self, network_traffic, references): - attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') - mapping = 'network_traffic_references_mapping' - attributes.extend(self.parse_network_traffic_references(network_traffic, references, mapping)) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, mapping, 'dst')) - return attributes - - @staticmethod - def _handle_attachment_type(stix_object, is_reference, filename): - _has_md5 = hasattr(stix_object, 'hashes') and 'MD5' in stix_object.hashes - if is_reference and _has_md5: - return 'malware-sample', f'{filename}|{stix_object.hashes["MD5"]}' - return 'attachment', filename - - def handle_pe_observable(self, attributes, extension, observable): - pe_uuid = self.parse_pe(extension) - file = self.create_misp_object(observable, 'file') - file.add_reference(pe_uuid, 'includes') - for attribute in attributes: - file.add_attribute(**attribute) - self.misp_event.add_object(file) - - @staticmethod - def _is_reference(network_traffic, reference): - for feature in ('src', 'dst'): - for reference_type in (f'{feature}_{ref}' for ref in ('ref', 'refs')): - if reference in network_traffic.get(reference_type, []): - return True - return False - - @staticmethod - def _network_traffic_has_extension(network_traffic): - if not hasattr(network_traffic, 'extensions'): - return None - if 'socket-ext' in network_traffic.extensions: - return 'parse_socket_extension_observable' - return None - - def parse_asn_observable(self, observable): - autonomous_system, references = self.filter_main_object(observable.objects, 'AutonomousSystem') - mapping = 'asn_mapping' - attributes = self._get_attributes_from_observable(autonomous_system, mapping) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, mapping)) - self.handle_import_case(observable, attributes, 'asn') - - def parse_domain_ip_observable(self, observable): - domain, references = self.filter_main_object(observable.objects, 'DomainName') - mapping = 'domain_ip_mapping' - attributes = [self._parse_observable_reference(domain, mapping)] - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, mapping)) - self.handle_import_case(observable, attributes, 'domain-ip') - - def parse_domain_ip_network_traffic_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - extension = self._network_traffic_has_extension(network_traffic) - if extension: - attributes, object_name = getattr(self, extension)(network_traffic, references) - return self.handle_import_case(observable, attributes, object_name) - if self._required_protocols(network_traffic.protocols): - attributes = self.parse_network_connection_object(network_traffic, references) - return self.handle_import_case(observable, attributes, 'network-connection') - attributes, object_name = self.parse_network_traffic_objects(network_traffic, references) - self.handle_import_case(observable, attributes, object_name) - - def parse_domain_network_traffic_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - extension = self._network_traffic_has_extension(network_traffic) - if extension: - attributes, object_name = getattr(self, extension)(network_traffic, references) - return self.handle_import_case(observable, attributes, object_name) - attributes = self.parse_network_connection_object(network_traffic, references) - self.handle_import_case(observable, attributes, 'network-connection') - - def parse_email_address_observable(self, observable): - self.add_attributes_from_observable(observable, 'email-src', 'value') - - def parse_email_observable(self, observable): - email_message, references = self.filter_main_object(observable.objects, 'EmailMessage') - attributes = self._get_attributes_from_observable(email_message, 'email_mapping') - if hasattr(email_message, 'additional_header_fields'): - attributes.extend(self._get_attributes_from_observable(email_message.additional_header_fields, 'email_mapping')) - attributes.extend(self._parse_email_references(email_message, references)) - if hasattr(email_message, 'body_multipart') and email_message.body_multipart: - attributes.extend(self._parse_email_body(email_message.body_multipart, references)) - if references: - print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) - self.handle_import_case(observable, attributes, 'email') - - def parse_file_observable(self, observable): - file_object, references = self.filter_main_object(observable.objects, 'File') - attributes = self._get_attributes_from_observable(file_object, 'file_mapping') - if 'hashes' in file_object: - attributes.extend(self._get_attributes_from_observable(file_object.hashes, 'file_mapping')) - if references: - filename = file_object.name if hasattr(file_object, 'name') else 'unknown_filename' - for key, reference in references.items(): - if isinstance(reference, stix2.v20.observables.Artifact): - _is_content_ref = 'content_ref' in file_object and file_object.content_ref == key - attribute_type, value = self._handle_attachment_type(reference, _is_content_ref, filename) - attribute = { - 'type': attribute_type, - 'object_relation': attribute_type, - 'value': value, - 'to_ids': False - } - if hasattr(reference, 'payload_bin'): - attribute['data'] = reference.payload_bin - attributes.append(attribute) - elif isinstance(reference, stix2.v20.observables.Directory): - attribute = { - 'type': 'text', - 'object_relation': 'path', - 'value': reference.path, - 'to_ids': False - } - attributes.append(attribute) - if hasattr(file_object, 'extensions'): - # Support of more extension types probably in the future - if 'windows-pebinary-ext' in file_object.extensions: - # Here we do not go to the standard route of "handle_import_case" - # because we want to make sure a file object is created - return self.handle_pe_observable(attributes, file_object.extensions['windows-pebinary-ext'], observable) - extension_types = (extension_type for extension_type in file_object.extensions.keys()) - print(f'File extension type(s) not supported at the moment: {", ".join(extension_types)}', file=sys.stderr) - self.handle_import_case(observable, attributes, 'file', _force_object=('file-encoding', 'path')) - - def parse_ip_address_observable(self, observable): - attributes = [] - for observable_object in observable.objects.values(): - attribute = { - 'value': observable_object.value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.ip_attribute_mapping) - attributes.append(attribute) - self.handle_import_case(observable, attributes, 'ip-port') - - def parse_ip_network_traffic_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - extension = self._network_traffic_has_extension(network_traffic) - if extension: - attributes, object_name = getattr(self, extension)(network_traffic, references) - return self.handle_import_case(observable, attributes, object_name) - attributes = self.parse_ip_port_object(network_traffic, references) - self.handle_import_case(observable, attributes, 'ip-port') - - def parse_ip_port_object(self, network_traffic, references): - attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') - attributes.extend(self.parse_network_traffic_references(network_traffic, references, 'ip_port_references_mapping')) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) - return attributes - - def parse_mac_address_observable(self, observable): - self.add_attributes_from_observable(observable, 'mac-address', 'value') - - def parse_network_connection_object(self, network_traffic, references): - attributes = self.get_network_traffic_attributes(network_traffic, references) - attributes.extend(self.parse_protocols(network_traffic.protocols, 'observable object')) - return attributes - - def parse_network_traffic_objects(self, network_traffic, references): - _has_domain = self._fetch_reference_type(references.values(), 'DomainName') - if _has_domain and self._is_reference(network_traffic, _has_domain): - return self.parse_network_connection_object(network_traffic, references), 'network-connection' - return self.parse_ip_port_object(network_traffic, references), 'ip-port' - - def parse_network_traffic_references(self, network_traffic, references, mapping): - attributes = [] - for feature in ('src', 'dst'): - ref = f'{feature}_ref' - if hasattr(network_traffic, ref): - reference = getattr(network_traffic, ref) - attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) - if hasattr(network_traffic, f'{ref}s'): - for reference in getattr(network_traffic, f'{ref}s'): - attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) - return attributes - - def parse_mutex_observable(self, observable): - self.add_attributes_from_observable(observable, 'mutex', 'name') - - def parse_process_observable(self, observable): - process, references = self.filter_main_object(observable.objects, 'Process', test_function='_process_test_filter') - attributes = self._get_attributes_from_observable(process, 'process_mapping') - if hasattr(process, 'parent_ref'): - attributes.extend(self._get_attributes_from_observable(references.pop(process.parent_ref), 'parent_process_reference_mapping')) - if hasattr(process, 'child_refs'): - for reference in process.child_refs: - attributes.extend(self._get_attributes_from_observable(references.pop(reference), 'child_process_reference_mapping')) - if hasattr(process, 'binary_ref'): - reference = references.pop(process.binary_ref) - attribute = { - 'value': reference.name, - 'to_ids': False - } - attribute.update(stix2misp_mapping.process_image_mapping) - attributes.append(attribute) - if references: - print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) - self.handle_import_case(observable, attributes, 'process', _force_object=True) - - def parse_protocols(self, protocols, object_type): - attributes = [] - protocols = (protocol.upper() for protocol in protocols) - for protocol in protocols: - try: - attributes.append(self._parse_network_traffic_protocol(protocol)) - except KeyError: - print(f'Unknown protocol in network-traffic {object_type}: {protocol}', file=sys.stderr) - return attributes - - def parse_regkey_observable(self, observable): - attributes = [] - for observable_object in observable.objects.values(): - attributes.extend(self._get_attributes_from_observable(observable_object, 'regkey_mapping')) - if 'values' in observable_object: - for registry_value in observable_object['values']: - attributes.extend(self._get_attributes_from_observable(registry_value, 'regkey_mapping')) - self.handle_import_case(observable, attributes, 'registry-key') - - def parse_socket_extension_observable(self, network_traffic, references): - attributes = self.get_network_traffic_attributes(network_traffic, references) - for key, value in network_traffic.extensions['socket-ext'].items(): - if key not in stix2misp_mapping.network_socket_extension_mapping: - print(f'Unknown socket extension field in observable object: {key}', file=sys.stderr) - continue - if key.startswith('is_') and not value: - continue - attribute = { - 'value': key.split('_')[1] if key.startswith('is_') else value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.network_socket_extension_mapping[key]) - attributes.append(attribute) - return attributes, 'network-socket' - - def parse_url_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') if network_traffic else [] - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'url_mapping')) - self.handle_import_case(observable, attributes, 'url') - - def parse_user_account_extension(self, extension): - attributes = self._parse_user_account_groups(extension['groups']) if 'groups' in extension else [] - attributes.extend(self._get_attributes_from_observable(extension, 'user_account_mapping')) - return attributes - - def parse_user_account_observable(self, observable): - attributes = [] - object_name, mapping = self._fetch_user_account_type_observable(observable.objects) - for observable_object in observable.objects.values(): - attributes.extend(self._get_attributes_from_observable(observable_object, mapping)) - if hasattr(observable_object, 'extensions') and observable_object.extensions.get('unix-account-ext'): - attributes.extend(self.parse_user_account_extension(observable_object.extensions['unix-account-ext'])) - self.handle_import_case(observable, attributes, object_name) - - def parse_x509_observable(self, observable): - attributes = [] - for observable_object in observable.objects.values(): - attributes.extend(self._get_attributes_from_observable(observable_object, 'x509_mapping')) - if hasattr(observable_object, 'hashes'): - attributes.extend(self._get_attributes_from_observable(observable_object.hashes, 'x509_mapping')) - self.handle_import_case(observable, attributes, 'x509') - - ################################################################################ - ## PATTERN PARSING FUNCTIONS. ## - ################################################################################ - - @staticmethod - def _fetch_user_account_type_pattern(pattern): - for stix_object in pattern: - if 'extensions' in stix_object or all(key not in stix_object for key in ('user_id', 'credential', 'type')): - return 'user-account', 'user_account_mapping' - return 'credential', 'credential_mapping' - - def get_attachment(self, attachment, filename): - attribute = { - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': attachment.pop(filename) - } - data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') - attribute['data'] = attachment.pop(data_feature) - return attribute - - def get_attributes_from_pattern(self, pattern, mapping, separator): - attributes = [] - for pattern_part in pattern.strip('[]').split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - try: - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) - except KeyError: - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - continue - attribute['value'] = pattern_value - attributes.append(attribute) - return attributes - - def get_malware_sample(self, attachment, filename): - md5_feature = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") - attribute = { - 'type': 'malware-sample', - 'object_relation': 'malware-sample', - 'value': f'{attachment.pop(filename)}|{attachment.pop(md5_feature)}' - } - data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') - attribute['data'] = attachment.pop(data_feature) - return attribute - - def _handle_file_attachments(self, attachment): - attributes = [] - if any('content_ref' in feature for feature in attachment.keys()): - attribute_type = 'attachment' - value = attachment['file:name'] if 'file:name' in attachment else 'unknown_filename' - if "file:content_ref.hashes.'MD5'" in attachment: - attribute_type = 'malware-sample' - md5 = attachment.pop("file:content_ref.hashes.'MD5'") - value = f'{value}|{md5}' - data = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') - attribute = { - 'type': attribute_type, - 'object_relation': attribute_type, - 'value': value, - 'data': attachment.pop(data) - } - attributes.append(attribute) - if 'artifact:payload_bin' in attachment: - attribute = { - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': attachment['file:name'], - 'data': attachment.pop('artifact:payload_bin') - } - attributes.append(attribute) - return attributes - - def parse_as_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'asn_mapping', separator) - self.handle_import_case(indicator, attributes, 'asn') - - def parse_domain_ip_port_pattern(self, indicator, separator): - attributes = [] - references = defaultdict(dict) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type not in stix2misp_mapping.domain_ip_mapping: - if any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) - else: - print(f'Pattern type not currently mapped: {pattern_type}', file=sys.stderr) - continue - attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - if references: - attributes.extend(references.values()) - object_name = 'ip-port' if 'network-traffic' in indicator.pattern else 'domain-ip' - self.handle_import_case(indicator, attributes, object_name) - - def parse_email_address_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'email-src', separator) - - def parse_email_message_pattern(self, indicator, separator): - attributes = [] - attachments = defaultdict(dict) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type not in stix2misp_mapping.email_mapping: - if pattern_type.startswith('email-message:body_multipart'): - features = pattern_type.split('.') - if len(features) == 3 and features[1] == 'body_raw_ref': - index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' - key = 'data' if features[2] == 'payload_bin' else 'value' - attachments[index][key] = pattern_value - continue - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - continue - attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - if attachments: - for attachment in attachments.values(): - attribute = { - 'type': 'attachment', - 'object_relation': 'screenshot' - } if 'data' in attachment else { - 'type': 'email-attachment', - 'object_relation': 'attachment' - } - attribute.update(attachment) - attributes.append(attribute) - self.handle_import_case(indicator, attributes, 'email') - - def parse_file_pattern(self, indicator, separator): - attributes = [] - attachment = {} - extensions = defaultdict(lambda: defaultdict(dict)) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type in stix2misp_mapping.attachment_types: - attachment[pattern_type] = pattern_value.strip("'") - continue - if pattern_type not in stix2misp_mapping.file_mapping: - if 'extensions' in pattern_type: - features = pattern_type.split('.')[1:] - extension_type = features.pop(0).strip("'") - if 'section' in features[0] and features[0] != 'number_of_sections': - index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' - extensions[extension_type][f'section_{index}'][features[-1].strip("'")] = pattern_value - else: - extensions[extension_type]['.'.join(features)] = pattern_value - continue - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - if any(key.endswith('payload_bin') for key in attachment.keys()): - attributes.extend(self._handle_file_attachments(attachment)) - if attachment: - for pattern_type, value in attachment.items(): - if pattern_type in stix2misp_mapping.file_mapping: - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = value - attributes.append(attribute) - if extensions: - file_object = self.create_misp_object(indicator, 'file') - self.parse_file_extension(file_object, attributes, extensions) - else: - self.handle_import_case(indicator, attributes, 'file', _force_object=('file-encoding', 'path')) - - def parse_file_extension(self, file_object, attributes, extensions): - for attribute in attributes: - file_object.add_attribute(**attribute) - if 'windows-pebinary-ext' in extensions: - pe_extension = extensions['windows-pebinary-ext'] - pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) - sections = self._get_sections(pe_extension) - self.fill_misp_object_from_dict(pe_object, pe_extension, 'pe_mapping') - if sections: - for section in sections: - section_object = MISPObject('pe-section') - self.fill_misp_object_from_dict(section_object, section, 'pe_section_mapping') - self.misp_event.add_object(section_object) - pe_object.add_reference(section_object.uuid, 'includes') - self.misp_event.add_object(pe_object) - file_object.add_reference(pe_object.uuid, 'includes') - self.misp_event.add_object(file_object) - - def parse_ip_address_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'ip-dst', separator) - - def parse_mac_address_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'mac-address', separator) - - def parse_mutex_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'mutex', separator) - - def parse_network_connection_pattern(self, indicator, attributes, references): - attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) - self.handle_import_case(indicator, attributes, 'network-connection') - - @staticmethod - def _parse_network_pattern_references(references, mapping): - attributes = [] - for feature, reference in references.items(): - feature = feature.split('_')[0] - attribute = {key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference['type']].items()} - attribute['value'] = reference['value'] - attributes.append(attribute) - return attributes - - def parse_network_socket_pattern(self, indicator, attributes, references, extension): - attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) - for key, value in extension.items(): - if key not in stix2misp_mapping.network_socket_extension_mapping: - print(f'Unknown socket extension field in pattern: {key}', file=sys.stderr) - continue - if key.startswith('is_') and not json.loads(value.lower()): - continue - attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[key]) - attribute['value'] = key.split('_')[1] if key.startswith('is_') else value - attributes.append(attribute) - self.handle_import_case(indicator, attributes, 'network-socket') - - def parse_network_traffic_pattern(self, indicator, separator): - attributes = [] - protocols = [] - references = defaultdict(dict) - extensions = defaultdict(dict) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type in stix2misp_mapping.network_traffic_mapping: - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - if pattern_type.startswith('network-traffic:protocols['): - protocols.append(pattern_value) - elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update({feature: pattern_value}) - elif pattern_type.startswith('network-traffic:extensions.'): - _, extension_type, feature = pattern_type.split('.') - extensions[extension_type.strip("'")][feature] = pattern_value - else: - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - if extensions: - if 'socket-ext' in extensions: - return self.parse_network_socket_pattern(indicator, attributes, references, extensions['socket-ext']) - print(f'Unknown network extension(s) in pattern: {", ".join(extensions.keys())}', file=sys.stderr) - if protocols and self._required_protocols(protocols): - attributes.extend(self.parse_protocols(protocols, 'pattern')) - return self.parse_network_connection_pattern(indicator, attributes, references) - attributes.extend(self._parse_network_pattern_references(references, 'ip_port_references_mapping')) - self.handle_import_case(indicator, attributes, 'ip-port') - - def parse_process_pattern(self, indicator, separator): - attributes = [] - parent = {} - child = defaultdict(set) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if 'parent_' in pattern_type: - child[pattern_type.split('.')[-1]].add(pattern_value) - elif 'child_' in pattern_type: - parent[pattern_type.split('.')[-1]] = pattern_value - else: - try: - attribute = deepcopy(stix2misp_mapping.process_mapping[pattern_type]) - except KeyError: - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - continue - attribute['value'] = pattern_value - attributes.append(attribute) - if parent: - for key, value in parent.items(): - if key not in stix2misp_mapping.parent_process_reference_mapping: - print(f'Parent process key from pattern not supported at the moment: {key}', file=sys.stderr) - continue - attribute = {'value': value} - attribute.update(stix2misp_mapping.parent_process_reference_mapping[key]) - attributes.append(attribute) - if child: - for key, values in child.items(): - if key not in stix2misp_mapping.child_process_reference_mapping: - print(f'Child process key from pattern not supported at the moment: {key}', file=sys.stderr) - continue - for value in values: - attribute = {'value': value} - attribute.update(stix2misp_mapping.child_process_reference_mapping[key]) - attributes.append(attribute) - self.handle_import_case(indicator, attributes, 'process', _force_object=True) - - def parse_regkey_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'regkey_mapping', separator) - self.handle_import_case(indicator, attributes, 'registry-key') - - def parse_url_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'url_mapping', separator) - self.handle_import_case(indicator, attributes, 'url') - - def parse_user_account_pattern(self, indicator, separator): - attributes = [] - pattern = self._handle_pattern(indicator.pattern).split(separator) - object_name, mapping = self._fetch_user_account_type_pattern(pattern) - for pattern_part in pattern: - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - pattern_type = pattern_type.split(':')[1] - if pattern_type.startswith('extensions.'): - pattern_type = pattern_type.split('.')[-1] - if '[' in pattern_type: - pattern_type = pattern_type.split('[')[0] - if pattern_type in ('group', 'groups'): - attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value}) - continue - if pattern_type in getattr(stix2misp_mapping, mapping): - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - self.handle_import_case(indicator, attributes, object_name) - - def parse_x509_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'x509_mapping', separator) - self.handle_import_case(indicator, attributes, 'x509') - - ################################################################################ - ## UTILITY FUNCTIONS. ## - ################################################################################ - - def add_attributes_from_indicator(self, indicator, attribute_type, separator): - patterns = self._handle_pattern(indicator.pattern).split(separator) - attribute = { - 'type': attribute_type, - 'to_ids': True - } - attribute.update(self.parse_timeline(indicator)) - if hasattr(indicator, 'description') and indicator.description: - attribute['comment'] = indicator.description - if len(patterns) == 1: - _, value = self.get_type_and_value_from_pattern(patterns[0]) - attribute.update( + if args.distribution == 4 and args.sharing_group_id is not None: + arguments['sharing_group_id'] = args.sharing_group_id + parser = globals()[f'{to_call}STIX2toMISPParser'](**arguments) + parser.load_stix_bundle(bundle) + parser.parse_stix_bundle() + with open(f'{args.input}.out', 'wt', encoding='utf-8') as f: + f.write(parser.misp_event.to_json()) + print( + json.dumps( { - 'uuid': indicator.id.split('--')[1], - 'value': value, + 'success': 1, + 'stix_version': stix_version } ) - self.misp_event.add_attribute(**attribute) - else: - for pattern in patterns: - _, value = self.get_type_and_value_from_pattern(pattern) - misp_attribute = {'value': value} - misp_attribute.update(attribute) - self.misp_event.add_attribute(**misp_attribute) - - def add_attributes_from_observable(self, observable, attribute_type, feature): - if len(observable.objects) == 1: - attribute = MISPAttribute() - attribute.from_dict(**{ - 'uuid': observable.id.split('--')[1], - 'type': attribute_type, - 'value': getattr(observable.objects['0'], feature), - 'to_ids': False - }) - attribute.update(self.parse_timeline(observable)) - self.misp_event.add_attribute(**attribute) - else: - tmp_attribute = self.parse_timeline(observable) - for observable_object in observable.objects.values(): - attribute = MISPAttribute() - attribute.from_dict(**{ - 'type': attribute_type, - 'value': getattr(observable_object, feature), - 'to_ids': False - }) - attribute.update(tmp_attribute) - self.misp_event.add_attribute(**attribute) - - def _check_existing_galaxy_name(self, galaxy_name): - if galaxy_name in self._synonyms_to_tag_names: - return self._synonyms_to_tag_names[galaxy_name] - return self._parse_galaxy_name(galaxy_name) - - def create_misp_object(self, stix_object, name=None): - misp_object = MISPObject(name if name is not None else stix_object.type, - misp_objects_path_custom=_misp_objects_path) - misp_object.uuid = stix_object.id.split('--')[1] - if hasattr(stix_object, 'description') and stix_object.description: - misp_object.comment = stix_object.description - misp_object.update(self.parse_timeline(stix_object)) - return misp_object - - @staticmethod - def _get_sections(pe_extension): - sections = [feature for feature in pe_extension.keys() if feature.startswith('section_')] - return (pe_extension.pop(feature) for feature in sections) - - @staticmethod - def get_type_and_value_from_pattern(pattern): - pattern = pattern.strip('[]') - try: - pattern_type, pattern_value = pattern.split(' = \'') - except ValueError: - pattern_type, pattern_value = pattern.split('=') - return pattern_type.strip(), pattern_value.strip("'") - - def handle_import_case(self, stix_object, attributes, name, _force_object=False): - try: - if len(attributes) > 1 or (_force_object and self._handle_object_forcing(_force_object, attributes[0])): - misp_object = self.create_misp_object(stix_object, name) - for attribute in attributes: - misp_object.add_attribute(**attribute) - self.misp_event.add_object(**misp_object) - else: - attribute = {field: attributes[0][field] for field in stix2misp_mapping.single_attribute_fields if attributes[0].get(field) is not None} - attribute['uuid'] = stix_object.id.split('--')[1] - attribute.update(self.parse_timeline(stix_object)) - if isinstance(stix_object, stix2.v20.Indicator): - attribute['to_ids'] = True - if hasattr(stix_object, 'object_marking_refs'): - self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs) - if hasattr(stix_object, 'description') and stix_object.description: - attribute['comment'] = stix_object.description - self.misp_event.add_attribute(**attribute) - except IndexError: - object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects' - print(f'No attribute or object could be imported from the following {object_type}: {stix_object}', file=sys.stderr) - - @staticmethod - def _handle_object_forcing(_force_object, attribute): - if isinstance(_force_object, (list, tuple)): - return attribute['object_relation'] in _force_object - return _force_object - - @staticmethod - def _handle_pattern(pattern): - return pattern.strip().strip('[]') - - @staticmethod - def _parse_observable_types(observable_objects): - types = {observable_object._type for observable_object in observable_objects.values()} - return tuple(sorted(types)) - - @staticmethod - def _parse_pattern_types(pattern): - types = {part.split('=')[0].split(':')[0].strip('[') for part in pattern} - return tuple(sorted(types)) - - @staticmethod - def _required_protocols(protocols): - protocols = tuple(protocol.upper() for protocol in protocols) - if any(protocol not in ('TCP', 'IP') for protocol in protocols): - return True - return False - - -def from_misp(stix_objects): - for stix_object in stix_objects: - if stix_object['type'] == "report" and 'misp:tool="misp2stix2"' in stix_object.get('labels', []): - return True - return False - - -def main(args): - filename = args[1] if args[1][0] == '/' else Path(os.path.dirname(args[0]), args[1]) - with open(filename, 'rt', encoding='utf-8') as f: - event = stix2.parse(f.read(), allow_custom=True, interoperability=True) - stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser() - stix_parser.handler(event, filename, args[2:]) - stix_parser.save_file() - print(1) + ) + if args.debug: + for feature in ('errors', 'warnings'): + if getattr(parser, feature): + print(getattr(parser, feature), file=sys.stderr) + message = '\n - '.join(getattr(parser, feature).values()) + print( + f'{feature.title()} encountered while importing ' + f'STIX {stix_version} content:\n - {message}', + file=sys.stderr + ) + except Exception as e: + print(json.dumps({'error': e.__str__()})) + traceback.print_tb(e.__traceback__) if __name__ == '__main__': - main(sys.argv) + argparser = argparse.ArgumentParser(description='Import STIX 2 content to MISP.') + argparser.add_argument( + '-i', '--input', required=True, type=Path, + help='Input file containing STIX 2 content.' + ) + argparser.add_argument( + '--distribution', type=int, default=0, + help='Distribution level for the resulting MISP Event.' + ) + argparser.add_argument( + '--sharing_group_id', type=int, + help='Sharing group id when the distribution level is 4.' + ) + argparser.add_argument( + '--debug', action='store_true', + help='Display error and warning messages.' + ) + argparser.add_argument( + '--galaxies_as_tags', action='store_true', + help='Import MISP Galaxies as tag names.' + ) + try: + args = argparser.parse_args() + _process_stix_file(args) + except SystemExit: + print( + json.dumps( + { + 'error': 'Arguments error, please check you provided an input file name' + } + ) + ) + diff --git a/app/files/scripts/stix2/stix2misp_mapping.py b/app/files/scripts/stix2/stix2misp_mapping.py deleted file mode 100644 index 3a59cf8f7..000000000 --- a/app/files/scripts/stix2/stix2misp_mapping.py +++ /dev/null @@ -1,463 +0,0 @@ -################################################################################ -# ATTRIBUTES AND OBJECTS MAPPING # -################################################################################ - -attributes_mapping = { - 'filename': '_parse_name', - 'ip-src': '_parse_ip_value', - 'ip-dst': '_parse_ip_value', - 'hostname': '_parse_domain_value', - 'domain': '_parse_domain_value', - 'domain|ip': '_parse_domain_ip_attribute', - 'email-src': '_parse_email_value', - 'email-dst': '_parse_email_value', - 'email-attachment': '_parse_name', - 'url': '_parse_url_value', - 'regkey': '_parse_regkey_attribute', - 'regkey|value': '_parse_regkey_value', - 'malware-sample': '_parse_malware_sample', - 'mutex': '_parse_name', - 'uri': '_parse_url_value', - 'port': '_parse_port', - 'ip-dst|port': '_parse_network_attribute', - 'ip-src|port': '_parse_network_attribute', - 'hostname|port': '_parse_network_attribute', - 'email-reply-to': '_parse_email_reply_to', - 'attachment': '_parse_attachment', - 'mac-address': '_parse_mac_value', - 'AS': '_parse_number', - 'link': '_parse_url_value' -} - -attributes_type_mapping = { - 'md5': '_parse_hash', - 'sha1': '_parse_hash', - 'sha256': '_parse_hash', - 'filename|md5': '_parse_filename_hash', - 'filename|sha1': '_parse_filename_hash', - 'filename|sha256': '_parse_filename_hash', - 'email-subject': '_parse_email_message', - 'email-body': '_parse_email_message', - 'authentihash': '_parse_hash', - 'ssdeep': '_parse_hash', - 'imphash': '_parse_hash', - 'pehash': '_parse_hash', - 'impfuzzy': '_parse_hash', - 'sha224': '_parse_hash', - 'sha384': '_parse_hash', - 'sha512': '_parse_hash', - 'sha512/224': '_parse_hash', - 'sha512/256': '_parse_hash', - 'tlsh': '_parse_hash', - 'cdhash': '_parse_hash', - 'filename|authentihash': '_parse_filename_hash', - 'filename|ssdeep': '_parse_filename_hash', - 'filename|imphash': '_parse_filename_hash', - 'filename|impfuzzy': '_parse_filename_hash', - 'filename|pehash': '_parse_filename_hash', - 'filename|sha224': '_parse_filename_hash', - 'filename|sha384': '_parse_filename_hash', - 'filename|sha512': '_parse_filename_hash', - 'filename|sha512/224': '_parse_filename_hash', - 'filename|sha512/256': '_parse_filename_hash', - 'filename|tlsh': '_parse_filename_hash', - 'x509-fingerprint-md5': '_parse_x509_attribute', - 'x509-fingerprint-sha1': '_parse_x509_attribute', - 'x509-fingerprint-sha256': '_parse_x509_attribute' -} - -objects_mapping = { - 'asn': { - 'observable': 'parse_asn_observable', - 'pattern': 'parse_asn_pattern'}, - 'credential': { - 'observable': 'parse_credential_observable', - 'pattern': 'parse_credential_pattern'}, - 'domain-ip': { - 'observable': 'parse_domain_ip_observable', - 'pattern': 'parse_domain_ip_pattern'}, - 'email': { - 'observable': 'parse_email_observable', - 'pattern': 'parse_email_pattern'}, - 'file': { - 'observable': 'parse_file_observable', - 'pattern': 'parse_file_pattern'}, - 'ip-port': { - 'observable': 'parse_ip_port_observable', - 'pattern': 'parse_ip_port_pattern'}, - 'network-connection': { - 'observable': 'parse_network_connection_observable', - 'pattern': 'parse_network_connection_pattern'}, - 'network-socket': { - 'observable': 'parse_network_socket_observable', - 'pattern': 'parse_network_socket_pattern'}, - 'process': { - 'observable': 'parse_process_observable', - 'pattern': 'parse_process_pattern'}, - 'registry-key': { - 'observable': 'parse_regkey_observable', - 'pattern': 'parse_regkey_pattern'}, - 'url': { - 'observable': 'parse_url_observable', - 'pattern': 'parse_url_pattern'}, - 'user-account': { - 'observable': 'parse_user_account_observable', - 'pattern': 'parse_user_account_pattern'}, - 'WindowsPEBinaryFile': { - 'observable': 'parse_pe_observable', - 'pattern': 'parse_pe_pattern'}, - 'x509': { - 'observable': 'parse_x509_observable', - 'pattern': 'parse_x509_pattern'} -} - -observable_mapping = { - ('artifact', 'file'): 'parse_file_observable', - ('artifact', 'directory', 'file'): 'parse_file_observable', - ('artifact', 'email-addr', 'email-message', 'file'): 'parse_email_observable', - ('autonomous-system',): 'parse_asn_observable', - ('autonomous-system', 'ipv4-addr'): 'parse_asn_observable', - ('autonomous-system', 'ipv6-addr'): 'parse_asn_observable', - ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_asn_observable', - ('directory', 'file'): 'parse_file_observable', - ('domain-name',): 'parse_domain_ip_observable', - ('domain-name', 'ipv4-addr'): 'parse_domain_ip_observable', - ('domain-name', 'ipv6-addr'): 'parse_domain_ip_observable', - ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_observable', - ('domain-name', 'ipv4-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', - ('domain-name', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', - ('domain-name', 'ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', - ('domain-name', 'network-traffic'): 'parse_domain_network_traffic_observable', - ('domain-name', 'network-traffic', 'url'): 'parse_url_observable', - ('email-addr',): 'parse_email_address_observable', - ('email-addr', 'email-message'): 'parse_email_observable', - ('email-addr', 'email-message', 'file'): 'parse_email_observable', - ('email-message',): 'parse_email_observable', - ('file',): 'parse_file_observable', - ('file', 'process'): 'parse_process_observable', - ('ipv4-addr',): 'parse_ip_address_observable', - ('ipv6-addr',): 'parse_ip_address_observable', - ('ipv4-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', - ('ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', - ('ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', - ('mac-addr',): 'parse_mac_address_observable', - ('mutex',): 'parse_mutex_observable', - ('process',): 'parse_process_observable', - ('x509-certificate',): 'parse_x509_observable', - ('url',): 'parse_url_observable', - ('user-account',): 'parse_user_account_observable', - ('windows-registry-key',): 'parse_regkey_observable' -} - -pattern_mapping = { - ('artifact', 'file'): 'parse_file_pattern', - ('artifact', 'directory', 'file'): 'parse_file_pattern', - ('autonomous-system', ): 'parse_as_pattern', - ('autonomous-system', 'ipv4-addr'): 'parse_as_pattern', - ('autonomous-system', 'ipv6-addr'): 'parse_as_pattern', - ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_as_pattern', - ('directory',): 'parse_file_pattern', - ('directory', 'file'): 'parse_file_pattern', - ('domain-name',): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv4-addr'): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv6-addr'): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv4-addr', 'url'): 'parse_url_pattern', - ('domain-name', 'ipv6-addr', 'url'): 'parse_url_pattern', - ('domain-name', 'ipv4-addr', 'ipv6-addr', 'url'): 'parse_url_pattern', - ('domain-name', 'network-traffic'): 'parse_domain_ip_port_pattern', - ('domain-name', 'network-traffic', 'url'): 'parse_url_pattern', - ('email-addr',): 'parse_email_address_pattern', - ('email-message',): 'parse_email_message_pattern', - ('file',): 'parse_file_pattern', - ('ipv4-addr',): 'parse_ip_address_pattern', - ('ipv6-addr',): 'parse_ip_address_pattern', - ('ipv4-addr', 'ipv6-addr'): 'parse_ip_address_pattern', - ('mac-addr',): 'parse_mac_address_pattern', - ('mutex',): 'parse_mutex_pattern', - ('network-traffic',): 'parse_network_traffic_pattern', - ('process',): 'parse_process_pattern', - ('url',): 'parse_url_pattern', - ('user-account',): 'parse_user_account_pattern', - ('windows-registry-key',): 'parse_regkey_pattern', - ('x509-certificate',): 'parse_x509_pattern' -} - -pattern_forbidden_relations = (' LIKE ', ' FOLLOWEDBY ', ' MATCHES ', ' ISSUBSET ', ' ISSUPERSET ', ' REPEATS ') -single_attribute_fields = ('type', 'value', 'to_ids') - - -################################################################################ -# OBSERVABLE OBJECTS AND PATTERNS MAPPING. # -################################################################################ - -address_family_attribute_mapping = {'type': 'text','object_relation': 'address-family'} -as_number_attribute_mapping = {'type': 'AS', 'object_relation': 'asn'} -attack_pattern_id_attribute = {'type': 'text', 'object_relation': 'id'} -attack_pattern_references_attribute = {'type': 'link', 'object_relation': 'references'} -description_attribute_mapping = {'type': 'text', 'object_relation': 'description'} -asn_subnet_attribute_mapping = {'type': 'ip-src', 'object_relation': 'subnet-announced'} -cc_attribute_mapping = {'type': 'email-dst', 'object_relation': 'cc'} -credential_attribute_mapping = {'type': 'text', 'object_relation': 'password'} -data_attribute_mapping = {'type': 'text', 'object_relation': 'data'} -data_type_attribute_mapping = {'type': 'text', 'object_relation': 'data-type'} -domain_attribute_mapping = {'type': 'domain', 'object_relation': 'domain'} -domain_family_attribute_mapping = {'type': 'text', 'object_relation': 'domain-family'} -dst_port_attribute_mapping = {'type': 'port', 'object_relation': 'dst-port'} -email_attachment_attribute_mapping = {'type': 'email-attachment', 'object_relation': 'attachment'} -email_date_attribute_mapping = {'type': 'datetime', 'object_relation': 'send-date'} -email_subject_attribute_mapping = {'type': 'email-subject', 'object_relation': 'subject'} -encoding_attribute_mapping = {'type': 'text', 'object_relation': 'file-encoding'} -end_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-seen'} -entropy_mapping = {'type': 'float', 'object_relation': 'entropy'} -filename_attribute_mapping = {'type': 'filename', 'object_relation': 'filename'} -from_attribute_mapping = {'type': 'email-src', 'object_relation': 'from'} -imphash_mapping = {'type': 'imphash', 'object_relation': 'imphash'} -id_attribute_mapping = {'type': 'text', 'object_relation': 'id'} -ip_attribute_mapping = {'type': 'ip-dst', 'object_relation': 'ip'} -issuer_attribute_mapping = {'type': 'text', 'object_relation': 'issuer'} -key_attribute_mapping = {'type': 'regkey', 'object_relation': 'key'} -malware_sample_attribute_mapping = {'type': 'malware-sample', 'object_relation': 'malware-sample'} -mime_type_attribute_mapping = {'type': 'mime-type', 'object_relation': 'mimetype'} -modified_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-modified'} -name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} -network_traffic_ip = {'type': 'ip-{}', 'object_relation': 'ip-{}'} -number_sections_mapping = {'type': 'counter', 'object_relation': 'number-sections'} -password_mapping = {'type': 'text', 'object_relation': 'password'} -path_attribute_mapping = {'type': 'text', 'object_relation': 'path'} -pe_type_mapping = {'type': 'text', 'object_relation': 'type'} -pid_attribute_mapping = {'type': 'text', 'object_relation': 'pid'} -process_command_line_mapping = {'type': 'text', 'object_relation': 'command-line'} -process_creation_time_mapping = {'type': 'datetime', 'object_relation': 'creation-time'} -process_image_mapping = {'type': 'filename', 'object_relation': 'image'} -process_name_mapping = {'type': 'text', 'object_relation': 'name'} -regkey_name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} -references_attribute_mapping = {'type': 'link', 'object_relation': 'references'} -reply_to_attribute_mapping = {'type': 'email-reply-to', 'object_relation': 'reply-to'} -screenshot_attribute_mapping = {'type': 'attachment', 'object_relation': 'screenshot'} -section_name_mapping = {'type': 'text', 'object_relation': 'name'} -serial_number_attribute_mapping = {'type': 'text', 'object_relation': 'serial-number'} -size_attribute_mapping = {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'} -src_port_attribute_mapping = {'type': 'port', 'object_relation': 'src-port'} -start_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'first-seen'} -state_attribute_mapping = {'type': 'text', 'object_relation': 'state'} -summary_attribute_mapping = {'type': 'text', 'object_relation': 'summary'} -to_attribute_mapping = {'type': 'email-dst', 'object_relation': 'to'} -url_attribute_mapping = {'type': 'url', 'object_relation': 'url'} -url_port_attribute_mapping = {'type': 'port', 'object_relation': 'port'} -user_id_mapping = {'type': 'text', 'object_relation': 'username'} -x_mailer_attribute_mapping = {'type': 'email-x-mailer', 'object_relation': 'x-mailer'} -x509_md5_attribute_mapping = {'type': 'x509-fingerprint-md5', 'object_relation': 'x509-fingerprint-md5'} -x509_sha1_attribute_mapping = {'type': 'x509-fingerprint-sha1', 'object_relation': 'x509-fingerprint-sha1'} -x509_sha256_attribute_mapping = {'type': 'x509-fingerprint-sha256', 'object_relation': 'x509-fingerprint-sha256'} -x509_spka_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-algorithm'} # x509 subject public key algorithm -x509_spke_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-exponent'} # x509 subject public key exponent -x509_spkm_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-modulus'} # x509 subject public key modulus -x509_subject_attribute_mapping = {'type': 'text', 'object_relation': 'subject'} -x509_version_attribute_mapping = {'type': 'text', 'object_relation': 'version'} -x509_vna_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-after'} # x509 validity not after -x509_vnb_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-before'} # x509 validity not before - -asn_mapping = {'number': as_number_attribute_mapping, - 'autonomous-system:number': as_number_attribute_mapping, - 'name': description_attribute_mapping, - 'autonomous-system:name': description_attribute_mapping, - 'ipv4-addr': asn_subnet_attribute_mapping, - 'ipv6-addr': asn_subnet_attribute_mapping, - 'ipv4-addr:value': asn_subnet_attribute_mapping, - 'ipv6-addr:value': asn_subnet_attribute_mapping} - -attack_pattern_mapping = {'name': name_attribute_mapping, - 'description': summary_attribute_mapping} - -attack_pattern_references_mapping = {'mitre-attack': references_attribute_mapping, - 'capec': id_attribute_mapping} - -course_of_action_mapping = {'description': description_attribute_mapping, - 'name': name_attribute_mapping} - -credential_mapping = {'credential': credential_attribute_mapping, - 'user-account:credential': credential_attribute_mapping, - 'user_id': user_id_mapping, - 'user-account:user_id': user_id_mapping} - -domain_ip_mapping = {'domain-name': domain_attribute_mapping, - 'domain-name:value': domain_attribute_mapping, - 'ipv4-addr': ip_attribute_mapping, - 'ipv6-addr': ip_attribute_mapping, - 'ipv4-addr:value': ip_attribute_mapping, - 'ipv6-addr:value': ip_attribute_mapping, - 'domain-name:resolves_to_refs[*].value': ip_attribute_mapping, - 'network-traffic:dst_port': dst_port_attribute_mapping, - 'network-traffic:src_port': src_port_attribute_mapping} - -email_mapping = {'date': email_date_attribute_mapping, - 'email-message:date': email_date_attribute_mapping, - 'email-message:to_refs[*].value': to_attribute_mapping, - 'email-message:cc_refs[*].value': cc_attribute_mapping, - 'subject': email_subject_attribute_mapping, - 'email-message:subject': email_subject_attribute_mapping, - 'X-Mailer': x_mailer_attribute_mapping, - 'email-message:additional_header_fields.x_mailer': x_mailer_attribute_mapping, - 'Reply-To': reply_to_attribute_mapping, - 'email-message:additional_header_fields.reply_to': reply_to_attribute_mapping, - 'email-message:from_ref.value': from_attribute_mapping, - 'email-addr:value': to_attribute_mapping} - -email_references_mapping = {'attachment': email_attachment_attribute_mapping, - 'cc_refs': cc_attribute_mapping, - 'from_ref': from_attribute_mapping, - 'screenshot': screenshot_attribute_mapping, - 'to_refs': to_attribute_mapping} - -file_mapping = {'artifact:mime_type': mime_type_attribute_mapping, - 'file:content_ref.mime_type': mime_type_attribute_mapping, - 'mime_type': mime_type_attribute_mapping, - 'file:mime_type': mime_type_attribute_mapping, - 'name': filename_attribute_mapping, - 'file:name': filename_attribute_mapping, - 'name_enc': encoding_attribute_mapping, - 'file:name_enc': encoding_attribute_mapping, - 'file:parent_directory_ref.path': path_attribute_mapping, - 'directory:path': path_attribute_mapping, - 'size': size_attribute_mapping, - 'file:size': size_attribute_mapping} - -network_traffic_mapping = {'dst_port':dst_port_attribute_mapping, - 'src_port': src_port_attribute_mapping, - 'network-traffic:dst_port': dst_port_attribute_mapping, - 'network-traffic:src_port': src_port_attribute_mapping} - -ip_port_mapping = {'value': domain_attribute_mapping, - 'domain-name:value': domain_attribute_mapping, - 'network-traffic:dst_ref.value': {'type': 'ip-dst', 'object_relation': 'ip-dst'}, - 'network-traffic:src_ref.value': {'type': 'ip-src', 'object_relation': 'ip-src'}} -ip_port_mapping.update(network_traffic_mapping) - -ip_port_references_mapping = {'domain-name': domain_attribute_mapping, - 'ipv4-addr': network_traffic_ip, - 'ipv6-addr': network_traffic_ip} - -network_socket_extension_mapping = {'address_family': address_family_attribute_mapping, - "network-traffic:extensions.'socket-ext'.address_family": address_family_attribute_mapping, - 'protocol_family': domain_family_attribute_mapping, - "network-traffic:extensions.'socket-ext'.protocol_family": domain_family_attribute_mapping, - 'is_blocking': state_attribute_mapping, - "network-traffic:extensions.'socket-ext'.is_blocking": state_attribute_mapping, - 'is_listening': state_attribute_mapping, - "network-traffic:extensions.'socket-ext'.is_listening": state_attribute_mapping} - -network_traffic_references_mapping = {'domain-name': {'type': 'hostname', 'object_relation': 'hostname-{}'}, - 'ipv4-addr': network_traffic_ip, - 'ipv6-addr': network_traffic_ip} - -pe_mapping = {'pe_type': pe_type_mapping, 'number_of_sections': number_sections_mapping, 'imphash': imphash_mapping} - -pe_section_mapping = {'name': section_name_mapping, 'size': size_attribute_mapping, 'entropy': entropy_mapping} - -hash_types = ('MD5', 'SHA-1', 'SHA-256', 'SHA-224', 'SHA-384', 'SHA-512', 'ssdeep', 'tlsh') -for hash_type in hash_types: - misp_hash_type = hash_type.replace('-', '').lower() - attribute = {'type': misp_hash_type, 'object_relation': misp_hash_type} - file_mapping[hash_type] = attribute - file_mapping.update({f"file:hashes.'{feature}'": attribute for feature in (hash_type, misp_hash_type)}) - file_mapping.update({f"file:hashes.{feature}": attribute for feature in (hash_type, misp_hash_type)}) - pe_section_mapping[hash_type] = attribute - pe_section_mapping[misp_hash_type] = attribute - -process_mapping = {'name': process_name_mapping, - 'process:name': process_name_mapping, - 'pid': pid_attribute_mapping, - 'process:pid': pid_attribute_mapping, - 'created': process_creation_time_mapping, - 'process:created': process_creation_time_mapping, - 'command_line': process_command_line_mapping, - 'process:command_line': process_command_line_mapping, - 'process:parent_ref.pid': {'type': 'text', 'object_relation': 'parent-pid'}, - 'process:child_refs[*].pid': {'type': 'text', 'object_relation': 'child-pid'}, - 'process:binary_ref.name': process_image_mapping} - -child_process_reference_mapping = {'pid': {'type': 'text', 'object_relation': 'child-pid'}} - -parent_process_reference_mapping = {'command_line': {'type': 'text', 'object_relation': 'parent-command-line'}, - 'pid': {'type': 'text', 'object_relation': 'parent-pid'}, - 'process-name': {'type': 'text', 'object_relation': 'parent-process-name'}} - -regkey_mapping = {'data': data_attribute_mapping, - 'windows-registry-key:values.data': data_attribute_mapping, - 'data_type': data_type_attribute_mapping, - 'windows-registry-key:values.data_type': data_type_attribute_mapping, - 'modified': modified_attribute_mapping, - 'windows-registry-key:modified': modified_attribute_mapping, - 'name': regkey_name_attribute_mapping, - 'windows-registry-key:values.name': regkey_name_attribute_mapping, - 'key': key_attribute_mapping, - 'windows-registry-key:key': key_attribute_mapping, - 'windows-registry-key:value': {'type': 'text', 'object_relation': 'hive'} - } - -url_mapping = {'url': url_attribute_mapping, - 'url:value': url_attribute_mapping, - 'domain-name': domain_attribute_mapping, - 'domain-name:value': domain_attribute_mapping, - 'network-traffic': url_port_attribute_mapping, - 'network-traffic:dst_port': url_port_attribute_mapping, - 'ipv4-addr:value': ip_attribute_mapping, - 'ipv6-addr:value': ip_attribute_mapping - } - -user_account_mapping = {'account_created': {'type': 'datetime', 'object_relation': 'created'}, - 'account_expires': {'type': 'datetime', 'object_relation': 'expires'}, - 'account_first_login': {'type': 'datetime', 'object_relation': 'first_login'}, - 'account_last_login': {'type': 'datetime', 'object_relation': 'last_login'}, - 'account_login': user_id_mapping, - 'account_type': {'type': 'text', 'object_relation': 'account-type'}, - 'can_escalate_privs': {'type': 'boolean', 'object_relation': 'can_escalate_privs'}, - 'credential': credential_attribute_mapping, - 'credential_last_changed': {'type': 'datetime', 'object_relation': 'password_last_changed'}, - 'display_name': {'type': 'text', 'object_relation': 'display-name'}, - 'gid': {'type': 'text', 'object_relation': 'group-id'}, - 'home_dir': {'type': 'text', 'object_relation': 'home_dir'}, - 'is_disabled': {'type': 'boolean', 'object_relation': 'disabled'}, - 'is_privileged': {'type': 'boolean', 'object_relation': 'privileged'}, - 'is_service_account': {'type': 'boolean', 'object_relation': 'is_service_account'}, - 'shell': {'type': 'text', 'object_relation': 'shell'}, - 'user_id': {'type': 'text', 'object_relation': 'user-id'}} - -vulnerability_mapping = {'name': id_attribute_mapping, - 'description': summary_attribute_mapping} - -x509_mapping = {'issuer': issuer_attribute_mapping, - 'x509-certificate:issuer': issuer_attribute_mapping, - 'serial_number': serial_number_attribute_mapping, - 'x509-certificate:serial_number': serial_number_attribute_mapping, - 'subject': x509_subject_attribute_mapping, - 'x509-certificate:subject': x509_subject_attribute_mapping, - 'subject_public_key_algorithm': x509_spka_attribute_mapping, - 'x509-certificate:subject_public_key_algorithm': x509_spka_attribute_mapping, - 'subject_public_key_exponent': x509_spke_attribute_mapping, - 'x509-certificate:subject_public_key_exponent': x509_spke_attribute_mapping, - 'subject_public_key_modulus': x509_spkm_attribute_mapping, - 'x509-certificate:subject_public_key_modulus': x509_spkm_attribute_mapping, - 'validity_not_before': x509_vnb_attribute_mapping, - 'x509-certificate:validity_not_before': x509_vnb_attribute_mapping, - 'validity_not_after': x509_vna_attribute_mapping, - 'x509-certificate:validity_not_after': x509_vna_attribute_mapping, - 'version': x509_version_attribute_mapping, - 'x509-certificate:version': x509_version_attribute_mapping, - 'SHA-1': x509_sha1_attribute_mapping, - "x509-certificate:hashes.'sha1'": x509_sha1_attribute_mapping, - 'SHA-256': x509_sha256_attribute_mapping, - "x509-certificate:hashes.'sha256'": x509_sha256_attribute_mapping, - 'MD5': x509_md5_attribute_mapping, - "x509-certificate:hashes.'md5'": x509_md5_attribute_mapping, - } - -attachment_types = ('file:content_ref.name', 'file:content_ref.payload_bin', - 'artifact:x_misp_text_name', 'artifact:payload_bin', - "file:hashes.'MD5'", "file:content_ref.hashes.'MD5'", - 'file:name') - -connection_protocols = {"IP": "3", "ICMP": "3", "ARP": "3", - "TCP": "4", "UDP": "4", - "HTTP": "7", "HTTPS": "7", "FTP": "7"} diff --git a/app/files/scripts/stix2misp.py b/app/files/scripts/stix2misp.py index ce36eb613..4a4cbcf05 100644 --- a/app/files/scripts/stix2misp.py +++ b/app/files/scripts/stix2misp.py @@ -22,6 +22,7 @@ import time import uuid import base64 import pymisp +import traceback import stix2misp_mapping from operator import attrgetter from collections import defaultdict @@ -1432,7 +1433,7 @@ class ExternalStixParser(StixParser): if isinstance(attribute_value, list): attributes.extend([{'type': attribute_type, 'value': value, 'to_ids': False} for value in attribute_value]) else: - attribute.append({'type': attribute_type, 'value': attribute_value, 'to_ids': False}) + attributes.append({'type': attribute_type, 'value': attribute_value, 'to_ids': False}) if ttp.exploit_targets and ttp.exploit_targets.exploit_target: for exploit_target in ttp.exploit_targets.exploit_target: if exploit_target.item.vulnerabilities: @@ -1544,19 +1545,18 @@ def generate_event(filename, tries=0): return STIXPackage.from_xml(filename) except NamespaceNotFoundError: if tries == 1: - print(4) + print(json.dump({'error': 'Cannot handle STIX namespace'})) sys.exit() _update_namespaces() return generate_event(filename, 1) except NotImplementedError: - print('ERROR - Missing python library: stix_edh', file=sys.stderr) - except Exception: + print(json.dumps({'error': 'Missing python library: stix_edh'})) + except Exception as e: try: import maec - print(2) + print(json.dumps({'error': f'Error while loading the STIX file: {e.__str__()}'})) except ImportError: - print('ERROR - Missing python library: maec', file=sys.stderr) - print(3) + print(json.dumps({'error': 'Missing python library: maec'})) sys.exit(0) @@ -1572,11 +1572,15 @@ def main(args): filename = args[1] if args[1][0] == '/' else '{}/tmp/{}'.format(os.path.dirname(args[0]), args[1]) event = generate_event(filename) from_misp = is_from_misp(event) - stix_parser = StixFromMISPParser() if from_misp else ExternalStixParser() - stix_parser.load_event(args[2:], filename, from_misp, event.version) - stix_parser.build_misp_event(event) - stix_parser.saveFile() - print(1) + try: + stix_parser = StixFromMISPParser() if from_misp else ExternalStixParser() + stix_parser.load_event(args[2:], filename, from_misp, event.version) + stix_parser.build_misp_event(event) + stix_parser.saveFile() + print(json.dumps({'success': 1})) + except Exception as e: + print(json.dumps({'error': e.__str__()})) + traceback.print_tb(e.__traceback__) if __name__ == "__main__": main(sys.argv) diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py new file mode 100644 index 000000000..9276e9102 --- /dev/null +++ b/app/files/scripts/taxii/taxii_push.py @@ -0,0 +1,444 @@ +""" +Read MISP JSON content from files in a directory, convert it to STIX, and +push the content to a TAXII server. +""" +import argparse +import logging +import logging.config +import sys +import taxii2client +import urllib.parse +from base64 import b64decode +from pathlib import Path +from requests.auth import HTTPBasicAuth + +_script_path = Path(__file__).resolve().parents[1] +sys.path.insert(0, str(_script_path / 'misp-stix')) +import misp_stix_converter + + +# Name of the logger to use for this application +_LOGGER_NAME = "taxii_push" + + +# Surely no multi-byte encodings here, but better safe than sorry. +_TAXII_ENVELOPE_PREFIX = '{"objects":['.encode("utf-8") +_TAXII_ENVELOPE_SUFFIX = "]}".encode("utf-8") +_TAXII_ENVELOPE_COMMA = ",".encode("utf-8") + + +class FileProcessingError(Exception): + """ + Instances represent an error encountered while processing a specific + MISP JSON file. + """ + def __init__(self, filepath, description): + + message = "{}: {}".format( + filepath, description + ) + + super().__init__(message) + + self.filepath = filepath + + +def setup_logging(log_level=logging.WARNING): + """ + Creates and applies a logging configuration. + :param log_level: A logging level. Defaults to warning. May be the level + value as an int, or its name as a string. Strings are checked case- + sensitively against registered level names. + """ + + # A simple made-up config. Customize to taste. + logging_config = { + "version": 1, + + "formatters": { + "simple_format": { + "format": "%(name)s [%(levelname)s] %(message)s", + } + }, + + "handlers": { + "simple_stream": { + "class": "logging.StreamHandler", + "formatter": "simple_format" + } + }, + + # We don't necessarily log via the root logger, but the logging records + # propagate here anyway. Its handlers will act as a catch-all for all + # logging records. + "root": { + "level": log_level, + "handlers": ["simple_stream"] + }, + + # Maybe we let existing loggers continue to work, e.g. anything used + # by dependency libraries? + "disable_existing_loggers": False + } + + logging.config.dictConfig(logging_config) + + +def parse_args(): + """ + Configure expected commandline parameters and process them. + """ + parser = argparse.ArgumentParser( + description="Translate MISP content to STIX 2.1 and push it to a TAXII" + " 2.1 server.", + epilog="This tool reads all files from the given directory and assumes" + " they contain JSON, not just those named as *.json." + ) + + parser.add_argument( + "--dir", + help="A directory with files containing JSON MISP events.", + type=Path, + required=True + ) + + parser.add_argument( + "--baseurl", + help="The base URL of the TAII 2.1 server", + required=True + ) + + parser.add_argument( + "--api_root", + help="The API root of the TAXII 2.1 server to use", + required=True + ) + + parser.add_argument( + "--collection", + help="The collection ID of the TAXII 2.1 server to push content to", + required=True + ) + + parser.add_argument( + "--log_level", + help="Set logging verbosity level. Default: %(default)s", + choices=[ + "fatal", + "error", + "warning", + "info", + "debug" + ], + default="warning" + ) + + parser.add_argument( + '--key', + help='Base64 encoded auth' + ) + args = parser.parse_args() + + return args + + +def api_root_from_collection_url(collection_id): + """ + Strip path components off the end of the path portion of the given TAXII + collection URL, to obtain the API root URL. A TAXII collection URL path + ought to have the form: + + /collections// + + So we want to strip off the last two components. Only the very simplest + sanity check is done on the given URL path. + + :param collection_url: A TAXII collection URL. + :return: The API root URL, or None if it could not be found. + """ + collection_url_parts = urllib.parse.urlparse(collection_url) + + # The "collections//" part ought to have a fixed length, + # since all UUID's have a fixed length (36 chars). And + # len("collections") == 11. + # + # The URL paths are supposed to end with "/", but be robust if they don't. + if collection_url_parts.path.endswith("/"): + suffix_size = 49 + else: + suffix_size = 48 + + if len(collection_url_parts.path) < suffix_size: + api_root_url = None + + else: + api_root_path = collection_url_parts.path[:-suffix_size] + + api_root_url_parts = collection_url_parts[:2] \ + + (api_root_path,) + \ + collection_url_parts[3:] + + api_root_url = urllib.parse.urlunparse(api_root_url_parts) + + return api_root_url + + +def log_status_failures(status): + """ + Log some failure information from a TAXII status resource. + :param status: A Status resource object of the taxii2-client library with + a non-zero failure count. + """ + log = logging.getLogger(_LOGGER_NAME) + + log.error( + "The TAXII server failed to process some objects (%d failures%s)!", + status.failure_count, + # Be clear about whether processing has completed at this + # point or not. + " so far" if status.status == "pending" else "" + ) + + # If there are a large number of objects, there could be a large number of + # failures. Let's log failure messages at a more verbose logging level. + if log.isEnabledFor(logging.DEBUG): + for failure_details in status.failures: + log.debug( + "%s/%s: %s", + failure_details["id"], + failure_details["version"], + # "message" property is optional + failure_details.get("message", "") + ) + + +def push_taxii_envelope(taxii_collection, taxii_envelope_bytes): + """ + Post the given TAXII envelope to the given collection. + :param taxii_collection: A taxii2client Collection instance + :param taxii_envelope_bytes: A bytes/bytearray object containing the TAXII + envelope payload for the request + """ + + # Maybe taxii2client should have been written to accept bytearrays... + if isinstance(taxii_envelope_bytes, bytearray): + taxii_envelope_bytes = bytes(taxii_envelope_bytes) + + # Shall we wait for completion, or just fire-and-forget? Maybe waiting + # would take too long. Note that even if we choose not to wait for + # completion, it's a server implementation detail whether any asynchronous + # processing is actually done. It may always process all objects before + # returning anyway. + status = taxii_collection.add_objects( + taxii_envelope_bytes, + wait_for_completion=False + ) + + # We will get an immediate TAXII status resource even if not waiting for + # completion. It may simply say that the adds are still pending and not + # give us much more information. But it may also indicate some failures. + # If we know of any failures at this point, let's log that. + if status.failure_count: + log_status_failures(status) + + +def make_taxii_envelopes(stix_objects, max_content_length): + """ + Generate TAXII envelopes containing the given STIX objects, such that + no envelope size exceeds max_content_length. The envelopes generated + will be bytearrays, and max_content_length is a byte count. + :param stix_objects: An iterable of stix objects, where each stix object + is an instance of a registered stix2 library class (it needs a + serialize() method to produce JSON). + :param max_content_length: The max TAXII envelope size, in bytes + """ + log = logging.getLogger(_LOGGER_NAME) + + taxii_envelope_bytes = bytearray(_TAXII_ENVELOPE_PREFIX) + + # This won't force us to consume an object on every loop iteration. + # I think the code might be a bit simpler this way... + stix_objects = iter(stix_objects) # ensure we have an iterator + stix_object = next(stix_objects, None) + + # in a TAXII envelope, should we add a comma before a new object? + first_in_envelope = True + + while stix_object: + + stix_object_json = stix_object.serialize() + stix_object_json_bytes = stix_object_json.encode("utf-8") + + # resulting envelope size if we were to add this object and close the + # envelope. + new_envelope_len = len(taxii_envelope_bytes) \ + + len(stix_object_json_bytes) \ + + len(_TAXII_ENVELOPE_SUFFIX) + + if not first_in_envelope: + new_envelope_len += len(_TAXII_ENVELOPE_COMMA) + + if new_envelope_len > max_content_length: + # New envelope would be too large. If we are on the first object, + # we have a problem. We have a single STIX object which is so + # large it can't be posted to the server! Maybe we just skip that + # one and continue? + if first_in_envelope: + log.error( + "STIX object %s is too large to be posted to the TAXII" + " server! Object size: %d, TAXII envelope size: %d," + " API root max content length: %d bytes", + stix_object["id"], + len(stix_object_json_bytes), + new_envelope_len, + max_content_length + ) + + stix_object = next(stix_objects, None) + + else: + # Yield our current envelope and start a fresh one. + taxii_envelope_bytes += _TAXII_ENVELOPE_SUFFIX + + yield taxii_envelope_bytes + + taxii_envelope_bytes.clear() + taxii_envelope_bytes += _TAXII_ENVELOPE_PREFIX + first_in_envelope = True + # ... and we will not consume stix_object. It can be + # checked for size as normal on the next iteration. This + # is where not forcing us to consume the object helps us + # out. It will be re-serialized though... + + else: + # We can fit another object in the TAXII envelope without + # exceeding the limit. + if not first_in_envelope: + taxii_envelope_bytes += _TAXII_ENVELOPE_COMMA + + taxii_envelope_bytes += stix_object_json_bytes + first_in_envelope = False + + stix_object = next(stix_objects, None) + + # Push any remaining objects + if not first_in_envelope: + taxii_envelope_bytes += _TAXII_ENVELOPE_SUFFIX + yield taxii_envelope_bytes + + +def convert_misp_file(misp_file): + """ + Convert the given MISP file to STIX 2.1. + :param misp_file: A path to a file with a MISP event in it. May be + a string or a pathlib path object. + :return: A STIX 2.1 bundle object + """ + log = logging.getLogger(_LOGGER_NAME) + + converter = misp_stix_converter.MISPtoSTIX21Parser() + converter.parse_json_content(str(misp_file)) + + # Log conversion warnings as warnings; errors as errors? + if log.isEnabledFor(logging.WARNING): + for id_, messages in converter.warnings.items(): + for message in messages: + log.warning("STIX conversion: %s: %s", id_, message) + + if log.isEnabledFor(logging.ERROR): + for id_, messages in converter.errors.items(): + for message in messages: + log.error("STIX conversion: %s: %s", id_, message) + + return converter.bundle + + +def convert_misp_dir(content_dir): + """ + Convert all MISP files in the given directory to STIX 2.1, and generate + each converted STIX object one at a time. + :param content_dir: The directory to process for MISP content. + """ + log = logging.getLogger(_LOGGER_NAME) + + for event_file in content_dir.iterdir(): + try: + + if event_file.is_file(): + log.info("Processing: %s", event_file) + + stix_bundle = convert_misp_file(event_file) + + yield from stix_bundle.objects + + except Exception as e: + # Wrap errors occurring with a specific file with an exception + # type which tracks the file name. It hopefully makes for + # better error messages. + raise FileProcessingError(event_file, str(e)) from e + + +def parse_auth(api_key): + return HTTPBasicAuth(*b64decode(api_key.encode()).split(b':')) + + +def push_content(content_dir, baseurl, api_root, collection_url, api_key): + """ + Push MISP content from files in the given directory, to a TAXII 2.1 server. + This will translate each MISP event to STIX 2.1. + :param content_dir: A directory with JSON files containing MISP content. + :param collection_url: A TAXII 2.1 collection URL + """ + + log = logging.getLogger(_LOGGER_NAME) + + auth = parse_auth(api_key) + + #api_root_url = api_root_from_collection_url(collection_url) + api_root_url = baseurl + "/" + api_root + if not api_root_url: + raise ValueError( + "Could not compute API root URL from: " + collection_url + ) + + with taxii2client.ApiRoot(api_root_url, auth=auth) as api_root: + max_content_length = api_root.max_content_length + + log.debug( + "max content length for API root %s: %d", + api_root_url, max_content_length + ) + + all_stix_objects = convert_misp_dir(content_dir) + collection_url = api_root_url + '/collections/' + collection_url + with taxii2client.Collection(collection_url, auth=auth) as taxii_collection: + + for taxii_envelope_bytes in make_taxii_envelopes( + all_stix_objects, max_content_length + ): + push_taxii_envelope(taxii_collection, taxii_envelope_bytes) + + +def main(): + args = parse_args() + + setup_logging(args.log_level.upper()) + log = logging.getLogger(_LOGGER_NAME) + + try: + push_content(args.dir, args.baseurl, args.api_root, args.collection, args.key) + + except Exception: + log.fatal( + "An error occurred!", exc_info=True + ) + exit_status = 1 + + else: + exit_status = 0 + + return exit_status + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/app/files/taxonomies b/app/files/taxonomies index 57b125782..59ec473a5 160000 --- a/app/files/taxonomies +++ b/app/files/taxonomies @@ -1 +1 @@ -Subproject commit 57b125782cd372c8a762db7ce34f8a405752c6c1 +Subproject commit 59ec473a5f7a44755a6098890a1ee290487bfc53 diff --git a/app/files/warninglists b/app/files/warninglists index bc12a5fa8..11101527c 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit bc12a5fa8af4e27bc0fa41fdea851a90dc327c97 +Subproject commit 11101527c0e55810613d3d753f2e770219895c39 diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess index 85e3ae253..c23955f5d 100644 --- a/app/webroot/.htaccess +++ b/app/webroot/.htaccess @@ -2,7 +2,7 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ index.php?/$1 [QSA,L] + RewriteRule ^(.*)$ index.php?/$1 "[QSA,L,B= ]" # Adds AUTH support to Rest Plugin: RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] diff --git a/app/webroot/css/distribution-graph.css b/app/webroot/css/distribution-graph.css index 4d63b47fa..88f06694e 100644 --- a/app/webroot/css/distribution-graph.css +++ b/app/webroot/css/distribution-graph.css @@ -62,6 +62,12 @@ label.center-in-network-header { #eventdistri_graph { position: relative; + height: 290px; + width: 400px; + display: flex; + justify-content: center; + align-items: center; + flex-direction: column-reverse; } #eventdistri_pb_container { @@ -71,13 +77,11 @@ label.center-in-network-header { #eventdistri_pb_background { width: 400px; - display: flex; + display: flex; } .distribution_checkboxes_dataset { - position: absolute; - width: 100%; - display: inline-block; + margin-top: 0.5em; } .distribution_checkboxes_dataset label { margin-bottom: 0px; diff --git a/app/webroot/css/event-timeline.css b/app/webroot/css/event-timeline.css index ba151f3cd..208d426f6 100644 --- a/app/webroot/css/event-timeline.css +++ b/app/webroot/css/event-timeline.css @@ -158,3 +158,8 @@ #timeline-typeahead { width: 400px; } + +#eventtimeline_div > div.timechart-container, +#eventtimeline_div > div.timechart-container > canvas { + position: relative; +} \ No newline at end of file diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index 9af777376..1b691b0a1 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -1035,7 +1035,6 @@ a.black-white:hover { left:calc(50% - 350px); position: fixed; background-color:#f4f4f4; - border-radius: 11px 11px 10px 10px; box-shadow: 4px 4px 4px #333; z-index:5; } @@ -2614,6 +2613,10 @@ ul.correlations li span, ul.correlations li a { margin-right:3px; } +ul.correlations li .popover span { + margin-right: 0; +} + .break-word { word-wrap: break-word; } @@ -2649,7 +2652,7 @@ ul.correlations li span, ul.correlations li a { } #notice_message { - margin: 10px; + margin-bottom: 10px; } .alert form { @@ -2853,7 +2856,7 @@ Query builder } /* Fix text input for query builder */ -.query-builder .rule-value-container input[type="text"] { +.query-builder .rule-value-container input[type="text"], .query-builder .rule-value-container input[type="number"] { padding: 4px !important; height: 30px; } @@ -2920,3 +2923,36 @@ Query builder .warninglist-comment { color: gray; } + +/* Resolved attributes template */ +.freetext_row select, .freetext_row input[type=text] { + padding: 0; + margin-bottom: 0; + height: 20px; +} + +.freetext_row input[type=text] { + padding-left: 3px; + padding-right: 3px; +} + +.special-tag { + animation: special-tag-color 4s infinite linear; +} +@keyframes special-tag-color { + 0%, 100% { + background-color: #FFFFFF; + } + 20% { + background-color: #339900; + } + 40% { + background-color: #FFC000; + } + 60% { + background-color: #CC0033; + } + 80% { + background-color: #d208f4; + } +} \ No newline at end of file diff --git a/app/webroot/css/workflows-editor.css b/app/webroot/css/workflows-editor.css index e1a2e5c3d..4f96eac70 100644 --- a/app/webroot/css/workflows-editor.css +++ b/app/webroot/css/workflows-editor.css @@ -41,6 +41,11 @@ flex-direction: column; position: absolute; top: var(--topbar-height)px; + left: 0; + transition: left 0.15s ease-out; +} +.sidebar.minimized { + left: calc(-1 * var(--editor-sidepanel-width)); } .side-panel { @@ -63,6 +68,31 @@ top: 0; } +.sidebar-minimize-button { + position: absolute; + top: 3px; + right: 5px; + cursor: pointer; +} +.sidebar-maximize-button { + position: absolute; + font-size: 1.25rem; + top: 3px; + right: -32px; + cursor: pointer; + background-color: #fff; + padding: 5px; + border-radius: 3px; + border: 1px #e3e3e3 solid; + display: none; + opacity: 0; + transition: opacity 0.15s ease-out; +} +.sidebar.minimized .sidebar-maximize-button { + display: inline-block; + opacity: 1; +} + .side-panel #block-tabs { margin-bottom: 10px; } @@ -345,7 +375,76 @@ border: 3px solid #e35651; } +.drawflow svg.connection > path.link-hover-for-insertion { + stroke: #7210cd; + filter: drop-shadow(0px 0px 6px #7210cddd); +} + +#core-format-picker { + padding: 5px; + border-radius: 5px; + background-color: #f9f9f9; + border: 1px solid #e1e1e1; +} +#core-format-picker .selectable-key { + font-weight: bold; + padding: 2px 3px; +} +#core-format-picker .selectable-key:hover { + box-shadow: 0 0 5px #00000077; + cursor: pointer; +} + +#core-format-picker .selectable-value { + padding: 2px 3px; +} +#core-format-picker .selectable-value:hover { + box-shadow: 0 0 5px #00000077; + font-weight: bold; + cursor: pointer; +} + +#core-format-picker .children-counter { + background-color: #6b6b6b; + color: #f2f2f2; + padding: 2px 5px; + margin: 0px 0.25rem; + font-size: smaller; + border-radius: 3px; +} +#core-format-picker .collaspe-button { + cursor: pointer; +} +#core-format-picker .collaspe-button:hover { + color: #292929; + cursor: pointer; +} + /* Custom input/output CSS */ +/* .drawflow .drawflow-node.expect-misp-core-format>.inputs>.input { + background-color: #2fa1db; +} */ + +.drawflow .drawflow-framenode { + position: absolute; + z-index: -1; + text-align: center; + background-color: #b5b5b570; + border: 1px solid #333333aa; + border-radius: 5px; +} + +.drawflow .drawflow-framenode.selected { + box-shadow: 0 0 5px 2px #33333366; +} +.drawflow .drawflow-framenode > .drawflow-framenode-text { + line-height: 1.5em; + color: #505050; + font-size: 1.5em; + font-weight: bold; + cursor: text; +} + .drawflow .drawflow-node > .inputs > .input::before { line-height: var(--dfInputHeight); vertical-align: top; @@ -665,4 +764,15 @@ .drawflow .drawflow-node.block-type-concurrent > .outputs > .output_1::after { content: "\f074"; +} + +.drawflow svg.connection .connection-label-container { + display: flex; + flex-direction: column; + row-gap: 3px; + width: fit-content; + transform: translate(-50%, -50%); + background-color: #ffffffaa; + padding: 3px; + border-radius: 5px; } \ No newline at end of file diff --git a/app/webroot/doc/openapi.yaml b/app/webroot/doc/openapi.yaml index fa3cf41c0..7e2ff9e9d 100644 --- a/app/webroot/doc/openapi.yaml +++ b/app/webroot/doc/openapi.yaml @@ -13,7 +13,7 @@ info: To get an API key there are several options: * **[UI]** Go to [My Profile -> Auth Keys](/auth_keys/index) section and click on `+ Add authentication key` - + * **[UI]** As an admin go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key` * **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]` @@ -1896,6 +1896,24 @@ paths: default: $ref: "#/components/responses/ApiErrorResponse" + /objects/restsearch: + post: + summary: "[restSearch] Get a filtered and paginated list of objects" + description: | + **This is the recommended endpoint for searching objects.** + operationId: restSearchObjects + tags: + - Objects + requestBody: + $ref: "#/components/requestBodies/RestSearchObjectsRequest" + responses: + "200": + $ref: "#/components/responses/ObjectsRestSearchResponse" + "403": + $ref: "#/components/responses/UnauthorizedApiErrorResponse" + default: + $ref: "#/components/responses/ApiErrorResponse" + /objects/add/{eventId}/{objectTemplateId}: post: summary: "Add an object to an event" @@ -2854,9 +2872,7 @@ components: eventid: $ref: "#/components/schemas/EventId" withAttachments: - description: "Extends the response with the base64 representation of the attachment, if there is one" - type: boolean - default: false + $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" uuid: $ref: "#/components/schemas/UUID" publish_timestamp: @@ -2870,7 +2886,7 @@ components: enforceWarninglist: $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" to_ids: - $ref: "#/components/schemas/ToIDS" + $ref: "#/components/schemas/ToIDSRestSearchFlag" deleted: $ref: "#/components/schemas/SoftDeletedFlag" event_timestamp: @@ -2883,11 +2899,9 @@ components: sharinggroup: $ref: "#/components/schemas/SharingGroupIDRestSearchFilter" decayingModel: - description: "Specify the decaying model from which the decaying score should be calculated" - type: string + $ref: "#/components/schemas/DecayingModelRestSearchFilter" score: - description: "An alias to override on-the-fly the threshold of the decaying model" - type: string + $ref: "#/components/schemas/DecayingModelScoreRestSearchFilter" first_seen: description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)" type: string @@ -2919,17 +2933,11 @@ components: modelOverrides: $ref: "#/components/schemas/ModelOverridesRestSearchFilter" includeDecayScore: - description: "Include all enabled decaying score" - type: boolean - default: false + $ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag" includeFullModel: - description: "Include all model information of matching events in the response" - type: boolean - default: false + $ref: "#/components/schemas/IncludeFullModelRestSearchFlag" excludeDecayed: - description: "Should the decayed elements by excluded" - type: boolean - default: false + $ref: "#/components/schemas/ExcludeDecayedRestSearchFlag" returnFormat: $ref: "#/components/schemas/AttributesRestSearchReturnFormat" @@ -3391,6 +3399,126 @@ components: maxLength: 10 example: "12345" + ObjectRestSearchList: + type: object + properties: + Object: + $ref: "#/components/schemas/Object" + + ObjectRestSearchFilter: + type: object + properties: + page: + $ref: "#/components/schemas/PageSearchFilter" + limit: + $ref: "#/components/schemas/LimitSearchFilter" + quickFilter: + $ref: "#/components/schemas/SearchAllRestSearchFilter" + searchall: + $ref: "#/components/schemas/SearchAllRestSearchFilter" + timestamp: + $ref: "#/components/schemas/Timestamp" + object_name: + $ref: "#/components/schemas/ObjectName" + object_template_uuid: + $ref: "#/components/schemas/UUID" + object_template_version: + $ref: "#/components/schemas/ObjectTemplateVersion" + eventid: + $ref: "#/components/schemas/EventId" + eventinfo: + $ref: "#/components/schemas/EventInfo" + ignore: + description: "If true matches both true and false values for `to_ids` and `published`" + type: boolean + default: false + from: + $ref: "#/components/schemas/DateRestSearchFilter" + to: + $ref: "#/components/schemas/DateRestSearchFilter" + date: + $ref: "#/components/schemas/DateRestSearchFilter" + tags: + $ref: "#/components/schemas/TagsRestSearchFilter" + last: + $ref: "#/components/schemas/LastRestSearchFilter" + event_timestamp: + $ref: "#/components/schemas/Timestamp" + publish_timestamp: + $ref: "#/components/schemas/Timestamp" + org: + oneOf: + - $ref: "#/components/schemas/OrganisationId" + - $ref: "#/components/schemas/OrganisationName" + uuid: + $ref: "#/components/schemas/UUID" + value: + $ref: "#/components/schemas/AttributeValue" + type: + $ref: "#/components/schemas/AttributeType" + category: + $ref: "#/components/schemas/AttributeCategory" + object_relation: + $ref: "#/components/schemas/ObjectRelationRestSearchFilter" + attribute_timestamp: + $ref: "#/components/schemas/Timestamp" + first_seen: + $ref: "#/components/schemas/NullableMicroTimestamp" + last_seen: + $ref: "#/components/schemas/NullableMicroTimestamp" + comment: + $ref: "#/components/schemas/AttributeComment" + to_ids: + $ref: "#/components/schemas/ToIDSRestSearchFlag" + published: + $ref: "#/components/schemas/PublishedFlag" + deleted: + $ref: "#/components/schemas/SoftDeletedFlag" + withAttachments: + $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" + enforceWarninglist: + $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" + includeAllTags: + $ref: "#/components/schemas/IncludeAllTagsRestSearchFilter" + includeEventUuid: + $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" + include_event_uuid: + $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" + includeEventTags: + $ref: "#/components/schemas/IncludeEventTagsRestSearchFlag" + includeProposals: + $ref: "#/components/schemas/IncludeProposalsRestSearchFlag" + includeWarninglistHits: + $ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag" + includeContext: + $ref: "#/components/schemas/IncludeContextRestSearchFlag" + includeSightings: + $ref: "#/components/schemas/IncludeContextRestSearchFlag" + includeSightingdb: + $ref: "#/components/schemas/IncludeSightingDbRestSearchFlag" + includeCorrelations: + $ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag" + includeDecayScore: + $ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag" + includeFullModel: + $ref: "#/components/schemas/IncludeFullModelRestSearchFlag" + allow_proposal_blocking: + $ref: "#/components/schemas/AllowProposalBlockingRestSearchFlag" + metadata: + $ref: "#/components/schemas/MetadataRestSearchFilter" + attackGalaxy: + $ref: "#/components/schemas/AttackGalaxyRestSearchFilter" + excludeDecayed: + $ref: "#/components/schemas/ExcludeDecayedRestSearchFlag" + decayingModel: + $ref: "#/components/schemas/DecayingModelRestSearchFilter" + modelOverrides: + $ref: "#/components/schemas/ModelOverridesRestSearchFilter" + score: + $ref: "#/components/schemas/DecayingModelScoreRestSearchFilter" + returnFormat: + $ref: "#/components/schemas/ObjectsRestSearchReturnFormat" + # Sightings SightingId: type: string @@ -5391,6 +5519,15 @@ components: type: string example: "tlp:amber" + SearchAllRestSearchFilter: + description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments" + type: string + example: malware + + ToIDSRestSearchFlag: + nullable: true + type: boolean + SharingGroupIDRestSearchFilter: description: "Sharing group ID(s), either as single string or list of IDs" nullable: true @@ -5398,6 +5535,14 @@ components: type: string example: "1" + DecayingModelRestSearchFilter: + description: "Specify the decaying model from which the decaying score should be calculated" + type: string + + DecayingModelScoreRestSearchFilter: + description: "An alias to override on-the-fly the threshold of the decaying model" + type: string + MetadataRestSearchFilter: description: "Will only return the metadata of the given query scope, contained data is omitted." nullable: true @@ -5408,6 +5553,11 @@ components: type: boolean default: false + IncludeAllTagsRestSearchFilter: + description: "Include also exportable tags" + type: boolean + default: false + IncludeEventTagsRestSearchFlag: description: "Include tags of matching events in the response" type: boolean @@ -5423,6 +5573,11 @@ components: nullable: true type: boolean + WithAttachmentsRestSearchFilter: + description: "Extends the response with the base64 representation of the attachment, if there is one" + type: boolean + default: false + RequestedAttributesRestSearchFilter: description: "List of properties that will be selected in the CSV export" type: array @@ -5463,6 +5618,26 @@ components: nullable: true type: boolean + IncludeDecayScoreRestSearchFlag: + description: "Include all enabled decaying score" + type: boolean + default: false + + IncludeFullModelRestSearchFlag: + description: "Include all model information of matching events in the response" + type: boolean + default: false + + AllowProposalBlockingRestSearchFlag: + description: "Allow blocking attributes from to_ids sensitive exports if a proposal has been made to it to remove the IDS flag" + type: boolean + default: false + + ExcludeDecayedRestSearchFlag: + description: "Should the decayed elements by excluded" + type: boolean + default: false + ModelOverridesRestSearchFilter: $ref: "#/components/schemas/DecayingModelParameters" @@ -5600,6 +5775,12 @@ components: - yara - yara-json + ObjectsRestSearchReturnFormat: + description: "Format of the response payload" + type: string + enum: + - json + ObjectRelationRestSearchFilter: description: "Filter by the attribute object relation value" nullable: true @@ -5731,7 +5912,6 @@ components: name: local in: path description: "Whether the object should be attached locally or not to the target" - required: false schema: $ref: "#/components/schemas/Local" @@ -6211,9 +6391,7 @@ components: event_tags: $ref: "#/components/schemas/TagsRestSearchFilter" searchall: - description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments" - type: string - example: malware + $ref: "#/components/schemas/SearchAllRestSearchFilter" from: $ref: "#/components/schemas/DateRestSearchFilter" to: @@ -6223,9 +6401,7 @@ components: eventid: $ref: "#/components/schemas/EventId" withAttachments: - description: "Extends the response with the base64 representation of the attachment, if there is one" - type: boolean - default: false + $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" sharinggroup: $ref: "#/components/schemas/SharingGroupIDRestSearchFilter" metadata: @@ -6626,6 +6802,13 @@ components: type: integer example: 1 + RestSearchObjectsRequest: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ObjectRestSearchFilter" + AddObjectRequest: content: application/json: @@ -8514,6 +8697,25 @@ components: type: string example: "/objects/delete/1" + ObjectsRestSearchResponse: + description: "Rest search objects response" + headers: + X-Result-Count: + $ref: "#/components/headers/X-Result-Count" + X-Export-Module-Used: + $ref: "#/components/headers/X-Export-Module-Used" + X-Response-Format: + $ref: "#/components/headers/X-Response-Format" + content: + application/json: + schema: + type: object + properties: + response: + type: array + items: + $ref: "#/components/schemas/ObjectRestSearchList" + SightingListResponse: description: "Get sightings response" content: diff --git a/app/webroot/img/Splunk.png b/app/webroot/img/Splunk.png new file mode 100644 index 000000000..0c71abaf5 Binary files /dev/null and b/app/webroot/img/Splunk.png differ diff --git a/app/webroot/img/Telegram.png b/app/webroot/img/Telegram.png new file mode 100644 index 000000000..acbf2d0ed Binary files /dev/null and b/app/webroot/img/Telegram.png differ diff --git a/app/webroot/img/doc/add-attachment.png b/app/webroot/img/doc/add-attachment.png deleted file mode 100644 index 4900844dd..000000000 Binary files a/app/webroot/img/doc/add-attachment.png and /dev/null differ diff --git a/app/webroot/img/doc/add-attribute.png b/app/webroot/img/doc/add-attribute.png deleted file mode 100644 index cc323ec8c..000000000 Binary files a/app/webroot/img/doc/add-attribute.png and /dev/null differ diff --git a/app/webroot/img/doc/add_attachment.png b/app/webroot/img/doc/add_attachment.png deleted file mode 100644 index 6f46b4ce6..000000000 Binary files a/app/webroot/img/doc/add_attachment.png and /dev/null differ diff --git a/app/webroot/img/doc/add_attribute.png b/app/webroot/img/doc/add_attribute.png deleted file mode 100644 index 5178a7910..000000000 Binary files a/app/webroot/img/doc/add_attribute.png and /dev/null differ diff --git a/app/webroot/img/doc/add_event.png b/app/webroot/img/doc/add_event.png deleted file mode 100644 index 24a77f785..000000000 Binary files a/app/webroot/img/doc/add_event.png and /dev/null differ diff --git a/app/webroot/img/doc/add_group.png b/app/webroot/img/doc/add_group.png deleted file mode 100644 index cfff9ad15..000000000 Binary files a/app/webroot/img/doc/add_group.png and /dev/null differ diff --git a/app/webroot/img/doc/add_server.png b/app/webroot/img/doc/add_server.png deleted file mode 100644 index 07967f32c..000000000 Binary files a/app/webroot/img/doc/add_server.png and /dev/null differ diff --git a/app/webroot/img/doc/add_user.png b/app/webroot/img/doc/add_user.png deleted file mode 100644 index 2a3a3137c..000000000 Binary files a/app/webroot/img/doc/add_user.png and /dev/null differ diff --git a/app/webroot/img/doc/admin_tools.png b/app/webroot/img/doc/admin_tools.png deleted file mode 100644 index 1c31dcce0..000000000 Binary files a/app/webroot/img/doc/admin_tools.png and /dev/null differ diff --git a/app/webroot/img/doc/alerts.png b/app/webroot/img/doc/alerts.png deleted file mode 100644 index cc5df2a8d..000000000 Binary files a/app/webroot/img/doc/alerts.png and /dev/null differ diff --git a/app/webroot/img/doc/attribute_replace_tool.png b/app/webroot/img/doc/attribute_replace_tool.png deleted file mode 100644 index d45211f8f..000000000 Binary files a/app/webroot/img/doc/attribute_replace_tool.png and /dev/null differ diff --git a/app/webroot/img/doc/attribute_tools.png b/app/webroot/img/doc/attribute_tools.png deleted file mode 100644 index 8e5c30885..000000000 Binary files a/app/webroot/img/doc/attribute_tools.png and /dev/null differ diff --git a/app/webroot/img/doc/autoalert.png b/app/webroot/img/doc/autoalert.png deleted file mode 100644 index 57fe41d26..000000000 Binary files a/app/webroot/img/doc/autoalert.png and /dev/null differ diff --git a/app/webroot/img/doc/bottom_bar.png b/app/webroot/img/doc/bottom_bar.png deleted file mode 100644 index 48c5fcb37..000000000 Binary files a/app/webroot/img/doc/bottom_bar.png and /dev/null differ diff --git a/app/webroot/img/doc/contact.png b/app/webroot/img/doc/contact.png deleted file mode 100644 index 5239007d1..000000000 Binary files a/app/webroot/img/doc/contact.png and /dev/null differ diff --git a/app/webroot/img/doc/contact_reporter.png b/app/webroot/img/doc/contact_reporter.png deleted file mode 100644 index 644f9ba6f..000000000 Binary files a/app/webroot/img/doc/contact_reporter.png and /dev/null differ diff --git a/app/webroot/img/doc/create_template.png b/app/webroot/img/doc/create_template.png deleted file mode 100644 index d9b95d115..000000000 Binary files a/app/webroot/img/doc/create_template.png and /dev/null differ diff --git a/app/webroot/img/doc/edit_user.png b/app/webroot/img/doc/edit_user.png deleted file mode 100644 index 58f2b131b..000000000 Binary files a/app/webroot/img/doc/edit_user.png and /dev/null differ diff --git a/app/webroot/img/doc/event_detail.png b/app/webroot/img/doc/event_detail.png deleted file mode 100644 index 803e96f9d..000000000 Binary files a/app/webroot/img/doc/event_detail.png and /dev/null differ diff --git a/app/webroot/img/doc/eventtag.png b/app/webroot/img/doc/eventtag.png deleted file mode 100644 index 366880e57..000000000 Binary files a/app/webroot/img/doc/eventtag.png and /dev/null differ diff --git a/app/webroot/img/doc/export.png b/app/webroot/img/doc/export.png deleted file mode 100644 index 86f120407..000000000 Binary files a/app/webroot/img/doc/export.png and /dev/null differ diff --git a/app/webroot/img/doc/export_bg.png b/app/webroot/img/doc/export_bg.png deleted file mode 100644 index e52a6fb10..000000000 Binary files a/app/webroot/img/doc/export_bg.png and /dev/null differ diff --git a/app/webroot/img/doc/export_event.png b/app/webroot/img/doc/export_event.png deleted file mode 100644 index a02ec55fa..000000000 Binary files a/app/webroot/img/doc/export_event.png and /dev/null differ diff --git a/app/webroot/img/doc/export_search.png b/app/webroot/img/doc/export_search.png deleted file mode 100644 index 6a8857963..000000000 Binary files a/app/webroot/img/doc/export_search.png and /dev/null differ diff --git a/app/webroot/img/doc/freetext1.png b/app/webroot/img/doc/freetext1.png deleted file mode 100644 index 43a758fd4..000000000 Binary files a/app/webroot/img/doc/freetext1.png and /dev/null differ diff --git a/app/webroot/img/doc/freetext2.png b/app/webroot/img/doc/freetext2.png deleted file mode 100644 index b40e2501a..000000000 Binary files a/app/webroot/img/doc/freetext2.png and /dev/null differ diff --git a/app/webroot/img/doc/heatmap.png b/app/webroot/img/doc/heatmap.png deleted file mode 100644 index f3cf73a5c..000000000 Binary files a/app/webroot/img/doc/heatmap.png and /dev/null differ diff --git a/app/webroot/img/doc/ioc1.png b/app/webroot/img/doc/ioc1.png deleted file mode 100644 index 43eb67750..000000000 Binary files a/app/webroot/img/doc/ioc1.png and /dev/null differ diff --git a/app/webroot/img/doc/ioc2.png b/app/webroot/img/doc/ioc2.png deleted file mode 100644 index c54e14cab..000000000 Binary files a/app/webroot/img/doc/ioc2.png and /dev/null differ diff --git a/app/webroot/img/doc/jobs.png b/app/webroot/img/doc/jobs.png deleted file mode 100644 index 6fbe70a4e..000000000 Binary files a/app/webroot/img/doc/jobs.png and /dev/null differ diff --git a/app/webroot/img/doc/list_attributes2.png b/app/webroot/img/doc/list_attributes2.png deleted file mode 100644 index 6dd6ff149..000000000 Binary files a/app/webroot/img/doc/list_attributes2.png and /dev/null differ diff --git a/app/webroot/img/doc/list_events2.png b/app/webroot/img/doc/list_events2.png deleted file mode 100644 index b58f18715..000000000 Binary files a/app/webroot/img/doc/list_events2.png and /dev/null differ diff --git a/app/webroot/img/doc/list_groups.png b/app/webroot/img/doc/list_groups.png deleted file mode 100644 index 017ce09b3..000000000 Binary files a/app/webroot/img/doc/list_groups.png and /dev/null differ diff --git a/app/webroot/img/doc/list_logs.png b/app/webroot/img/doc/list_logs.png deleted file mode 100644 index b58cd2faf..000000000 Binary files a/app/webroot/img/doc/list_logs.png and /dev/null differ diff --git a/app/webroot/img/doc/list_servers.png b/app/webroot/img/doc/list_servers.png deleted file mode 100644 index 3ff9c94ba..000000000 Binary files a/app/webroot/img/doc/list_servers.png and /dev/null differ diff --git a/app/webroot/img/doc/list_users.png b/app/webroot/img/doc/list_users.png deleted file mode 100644 index 2796a4cad..000000000 Binary files a/app/webroot/img/doc/list_users.png and /dev/null differ diff --git a/app/webroot/img/doc/menu_image.png b/app/webroot/img/doc/menu_image.png deleted file mode 100644 index eed269536..000000000 Binary files a/app/webroot/img/doc/menu_image.png and /dev/null differ diff --git a/app/webroot/img/doc/my_profile.png b/app/webroot/img/doc/my_profile.png deleted file mode 100644 index 14e9dda7c..000000000 Binary files a/app/webroot/img/doc/my_profile.png and /dev/null differ diff --git a/app/webroot/img/doc/password.png b/app/webroot/img/doc/password.png deleted file mode 100644 index 5744b9b74..000000000 Binary files a/app/webroot/img/doc/password.png and /dev/null differ diff --git a/app/webroot/img/doc/proposal.png b/app/webroot/img/doc/proposal.png deleted file mode 100644 index 34588edd6..000000000 Binary files a/app/webroot/img/doc/proposal.png and /dev/null differ diff --git a/app/webroot/img/doc/publish.png b/app/webroot/img/doc/publish.png deleted file mode 100644 index 7d07521f4..000000000 Binary files a/app/webroot/img/doc/publish.png and /dev/null differ diff --git a/app/webroot/img/doc/quick_browse.jpg b/app/webroot/img/doc/quick_browse.jpg deleted file mode 100644 index 3acbca06c..000000000 Binary files a/app/webroot/img/doc/quick_browse.jpg and /dev/null differ diff --git a/app/webroot/img/doc/quick_create.jpg b/app/webroot/img/doc/quick_create.jpg deleted file mode 100644 index 576c5eafa..000000000 Binary files a/app/webroot/img/doc/quick_create.jpg and /dev/null differ diff --git a/app/webroot/img/doc/quick_export.jpg b/app/webroot/img/doc/quick_export.jpg deleted file mode 100644 index e5c1a051e..000000000 Binary files a/app/webroot/img/doc/quick_export.jpg and /dev/null differ diff --git a/app/webroot/img/doc/regexp.png b/app/webroot/img/doc/regexp.png deleted file mode 100644 index bfc70ac5f..000000000 Binary files a/app/webroot/img/doc/regexp.png and /dev/null differ diff --git a/app/webroot/img/doc/reset.png b/app/webroot/img/doc/reset.png deleted file mode 100644 index ba5ae7038..000000000 Binary files a/app/webroot/img/doc/reset.png and /dev/null differ diff --git a/app/webroot/img/doc/schedule.png b/app/webroot/img/doc/schedule.png deleted file mode 100644 index 79a46e794..000000000 Binary files a/app/webroot/img/doc/schedule.png and /dev/null differ diff --git a/app/webroot/img/doc/search_attribute.png b/app/webroot/img/doc/search_attribute.png deleted file mode 100644 index 8b0645572..000000000 Binary files a/app/webroot/img/doc/search_attribute.png and /dev/null differ diff --git a/app/webroot/img/doc/search_attribute_result.png b/app/webroot/img/doc/search_attribute_result.png deleted file mode 100644 index 464594dc0..000000000 Binary files a/app/webroot/img/doc/search_attribute_result.png and /dev/null differ diff --git a/app/webroot/img/doc/search_log.png b/app/webroot/img/doc/search_log.png deleted file mode 100644 index 2ebc73bda..000000000 Binary files a/app/webroot/img/doc/search_log.png and /dev/null differ diff --git a/app/webroot/img/doc/settings_1.png b/app/webroot/img/doc/settings_1.png deleted file mode 100644 index 2a21c5243..000000000 Binary files a/app/webroot/img/doc/settings_1.png and /dev/null differ diff --git a/app/webroot/img/doc/settings_2.png b/app/webroot/img/doc/settings_2.png deleted file mode 100644 index 347530525..000000000 Binary files a/app/webroot/img/doc/settings_2.png and /dev/null differ diff --git a/app/webroot/img/doc/settings_3.png b/app/webroot/img/doc/settings_3.png deleted file mode 100644 index 821d531a2..000000000 Binary files a/app/webroot/img/doc/settings_3.png and /dev/null differ diff --git a/app/webroot/img/doc/statistics.png b/app/webroot/img/doc/statistics.png deleted file mode 100644 index c002e6953..000000000 Binary files a/app/webroot/img/doc/statistics.png and /dev/null differ diff --git a/app/webroot/img/doc/tag.png b/app/webroot/img/doc/tag.png deleted file mode 100644 index 91f018aaa..000000000 Binary files a/app/webroot/img/doc/tag.png and /dev/null differ diff --git a/app/webroot/img/doc/template_attribute.png b/app/webroot/img/doc/template_attribute.png deleted file mode 100644 index 81f7ff5ab..000000000 Binary files a/app/webroot/img/doc/template_attribute.png and /dev/null differ diff --git a/app/webroot/img/doc/template_choice.png b/app/webroot/img/doc/template_choice.png deleted file mode 100644 index 2d0951c0c..000000000 Binary files a/app/webroot/img/doc/template_choice.png and /dev/null differ diff --git a/app/webroot/img/doc/template_field.png b/app/webroot/img/doc/template_field.png deleted file mode 100644 index 38affe790..000000000 Binary files a/app/webroot/img/doc/template_field.png and /dev/null differ diff --git a/app/webroot/img/doc/template_file.png b/app/webroot/img/doc/template_file.png deleted file mode 100644 index d71941e78..000000000 Binary files a/app/webroot/img/doc/template_file.png and /dev/null differ diff --git a/app/webroot/img/doc/template_text.png b/app/webroot/img/doc/template_text.png deleted file mode 100644 index 11358ae07..000000000 Binary files a/app/webroot/img/doc/template_text.png and /dev/null differ diff --git a/app/webroot/img/doc/whitelist.png b/app/webroot/img/doc/whitelist.png deleted file mode 100644 index 7f82454c8..000000000 Binary files a/app/webroot/img/doc/whitelist.png and /dev/null differ diff --git a/app/webroot/js/Chart.min.js b/app/webroot/js/Chart.min.js index 875689e3e..58e7c2adc 100644 --- a/app/webroot/js/Chart.min.js +++ b/app/webroot/js/Chart.min.js @@ -1,10 +1 @@ -/*! - * Chart.js - * http://chartjs.org/ - * Version: 2.7.2 - * - * Copyright 2018 Chart.js Contributors - * Released under the MIT license - * https://github.com/chartjs/Chart.js/blob/master/LICENSE.md - */ -!function(t){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).Chart=t()}}(function(){return function t(e,i,n){function a(r,s){if(!i[r]){if(!e[r]){var l="function"==typeof require&&require;if(!s&&l)return l(r,!0);if(o)return o(r,!0);var u=new Error("Cannot find module '"+r+"'");throw u.code="MODULE_NOT_FOUND",u}var d=i[r]={exports:{}};e[r][0].call(d.exports,function(t){var i=e[r][1][t];return a(i||t)},d,d.exports,t,e,i,n)}return i[r].exports}for(var o="function"==typeof require&&require,r=0;ri?(e+.05)/(i+.05):(i+.05)/(e+.05)},level:function(t){var e=this.contrast(t);return e>=7.1?"AAA":e>=4.5?"AA":""},dark:function(){var t=this.values.rgb;return(299*t[0]+587*t[1]+114*t[2])/1e3<128},light:function(){return!this.dark()},negate:function(){for(var t=[],e=0;e<3;e++)t[e]=255-this.values.rgb[e];return this.setValues("rgb",t),this},lighten:function(t){var e=this.values.hsl;return e[2]+=e[2]*t,this.setValues("hsl",e),this},darken:function(t){var e=this.values.hsl;return e[2]-=e[2]*t,this.setValues("hsl",e),this},saturate:function(t){var e=this.values.hsl;return e[1]+=e[1]*t,this.setValues("hsl",e),this},desaturate:function(t){var e=this.values.hsl;return e[1]-=e[1]*t,this.setValues("hsl",e),this},whiten:function(t){var e=this.values.hwb;return e[1]+=e[1]*t,this.setValues("hwb",e),this},blacken:function(t){var e=this.values.hwb;return e[2]+=e[2]*t,this.setValues("hwb",e),this},greyscale:function(){var t=this.values.rgb,e=.3*t[0]+.59*t[1]+.11*t[2];return this.setValues("rgb",[e,e,e]),this},clearer:function(t){var e=this.values.alpha;return this.setValues("alpha",e-e*t),this},opaquer:function(t){var e=this.values.alpha;return this.setValues("alpha",e+e*t),this},rotate:function(t){var e=this.values.hsl,i=(e[0]+t)%360;return e[0]=i<0?360+i:i,this.setValues("hsl",e),this},mix:function(t,e){var i=this,n=t,a=void 0===e?.5:e,o=2*a-1,r=i.alpha()-n.alpha(),s=((o*r==-1?o:(o+r)/(1+o*r))+1)/2,l=1-s;return this.rgb(s*i.red()+l*n.red(),s*i.green()+l*n.green(),s*i.blue()+l*n.blue()).alpha(i.alpha()*a+n.alpha()*(1-a))},toJSON:function(){return this.rgb()},clone:function(){var t,e,i=new o,n=this.values,a=i.values;for(var r in n)n.hasOwnProperty(r)&&(t=n[r],"[object Array]"===(e={}.toString.call(t))?a[r]=t.slice(0):"[object Number]"===e?a[r]=t:console.error("unexpected color value:",t));return i}},o.prototype.spaces={rgb:["red","green","blue"],hsl:["hue","saturation","lightness"],hsv:["hue","saturation","value"],hwb:["hue","whiteness","blackness"],cmyk:["cyan","magenta","yellow","black"]},o.prototype.maxes={rgb:[255,255,255],hsl:[360,100,100],hsv:[360,100,100],hwb:[360,100,100],cmyk:[100,100,100,100]},o.prototype.getValues=function(t){for(var e=this.values,i={},n=0;n.04045?Math.pow((e+.055)/1.055,2.4):e/12.92)+.3576*(i=i>.04045?Math.pow((i+.055)/1.055,2.4):i/12.92)+.1805*(n=n>.04045?Math.pow((n+.055)/1.055,2.4):n/12.92)),100*(.2126*e+.7152*i+.0722*n),100*(.0193*e+.1192*i+.9505*n)]}function d(t){var e=u(t),i=e[0],n=e[1],a=e[2];return n/=100,a/=108.883,i=(i/=95.047)>.008856?Math.pow(i,1/3):7.787*i+16/116,[116*(n=n>.008856?Math.pow(n,1/3):7.787*n+16/116)-16,500*(i-n),200*(n-(a=a>.008856?Math.pow(a,1/3):7.787*a+16/116))]}function c(t){var e,i,n,a,o,r=t[0]/360,s=t[1]/100,l=t[2]/100;if(0==s)return[o=255*l,o,o];e=2*l-(i=l<.5?l*(1+s):l+s-l*s),a=[0,0,0];for(var u=0;u<3;u++)(n=r+1/3*-(u-1))<0&&n++,n>1&&n--,o=6*n<1?e+6*(i-e)*n:2*n<1?i:3*n<2?e+(i-e)*(2/3-n)*6:e,a[u]=255*o;return a}function h(t){var e=t[0]/60,i=t[1]/100,n=t[2]/100,a=Math.floor(e)%6,o=e-Math.floor(e),r=255*n*(1-i),s=255*n*(1-i*o),l=255*n*(1-i*(1-o));n*=255;switch(a){case 0:return[n,l,r];case 1:return[s,n,r];case 2:return[r,n,l];case 3:return[r,s,n];case 4:return[l,r,n];case 5:return[n,r,s]}}function f(t){var e,i,n,a,o=t[0]/360,s=t[1]/100,l=t[2]/100,u=s+l;switch(u>1&&(s/=u,l/=u),n=6*o-(e=Math.floor(6*o)),0!=(1&e)&&(n=1-n),a=s+n*((i=1-l)-s),e){default:case 6:case 0:r=i,g=a,b=s;break;case 1:r=a,g=i,b=s;break;case 2:r=s,g=i,b=a;break;case 3:r=s,g=a,b=i;break;case 4:r=a,g=s,b=i;break;case 5:r=i,g=s,b=a}return[255*r,255*g,255*b]}function p(t){var e=t[0]/100,i=t[1]/100,n=t[2]/100,a=t[3]/100;return[255*(1-Math.min(1,e*(1-a)+a)),255*(1-Math.min(1,i*(1-a)+a)),255*(1-Math.min(1,n*(1-a)+a))]}function m(t){var e,i,n,a=t[0]/100,o=t[1]/100,r=t[2]/100;return i=-.9689*a+1.8758*o+.0415*r,n=.0557*a+-.204*o+1.057*r,e=(e=3.2406*a+-1.5372*o+-.4986*r)>.0031308?1.055*Math.pow(e,1/2.4)-.055:e*=12.92,i=i>.0031308?1.055*Math.pow(i,1/2.4)-.055:i*=12.92,n=n>.0031308?1.055*Math.pow(n,1/2.4)-.055:n*=12.92,[255*(e=Math.min(Math.max(0,e),1)),255*(i=Math.min(Math.max(0,i),1)),255*(n=Math.min(Math.max(0,n),1))]}function v(t){var e=t[0],i=t[1],n=t[2];return i/=100,n/=108.883,e=(e/=95.047)>.008856?Math.pow(e,1/3):7.787*e+16/116,[116*(i=i>.008856?Math.pow(i,1/3):7.787*i+16/116)-16,500*(e-i),200*(i-(n=n>.008856?Math.pow(n,1/3):7.787*n+16/116))]}function x(t){var e,i,n,a,o=t[0],r=t[1],s=t[2];return o<=8?a=(i=100*o/903.3)/100*7.787+16/116:(i=100*Math.pow((o+16)/116,3),a=Math.pow(i/100,1/3)),[e=e/95.047<=.008856?e=95.047*(r/500+a-16/116)/7.787:95.047*Math.pow(r/500+a,3),i,n=n/108.883<=.008859?n=108.883*(a-s/200-16/116)/7.787:108.883*Math.pow(a-s/200,3)]}function y(t){var e,i=t[0],n=t[1],a=t[2];return(e=360*Math.atan2(a,n)/2/Math.PI)<0&&(e+=360),[i,Math.sqrt(n*n+a*a),e]}function k(t){return m(x(t))}function M(t){var e,i=t[0],n=t[1];return e=t[2]/360*2*Math.PI,[i,n*Math.cos(e),n*Math.sin(e)]}function w(t){return S[t]}e.exports={rgb2hsl:n,rgb2hsv:a,rgb2hwb:o,rgb2cmyk:s,rgb2keyword:l,rgb2xyz:u,rgb2lab:d,rgb2lch:function(t){return y(d(t))},hsl2rgb:c,hsl2hsv:function(t){var e=t[0],i=t[1]/100,n=t[2]/100;if(0===n)return[0,0,0];return[e,100*(2*(i*=(n*=2)<=1?n:2-n)/(n+i)),100*((n+i)/2)]},hsl2hwb:function(t){return o(c(t))},hsl2cmyk:function(t){return s(c(t))},hsl2keyword:function(t){return l(c(t))},hsv2rgb:h,hsv2hsl:function(t){var e,i,n=t[0],a=t[1]/100,o=t[2]/100;return e=a*o,[n,100*(e=(e/=(i=(2-a)*o)<=1?i:2-i)||0),100*(i/=2)]},hsv2hwb:function(t){return o(h(t))},hsv2cmyk:function(t){return s(h(t))},hsv2keyword:function(t){return l(h(t))},hwb2rgb:f,hwb2hsl:function(t){return n(f(t))},hwb2hsv:function(t){return a(f(t))},hwb2cmyk:function(t){return s(f(t))},hwb2keyword:function(t){return l(f(t))},cmyk2rgb:p,cmyk2hsl:function(t){return n(p(t))},cmyk2hsv:function(t){return a(p(t))},cmyk2hwb:function(t){return o(p(t))},cmyk2keyword:function(t){return l(p(t))},keyword2rgb:w,keyword2hsl:function(t){return n(w(t))},keyword2hsv:function(t){return a(w(t))},keyword2hwb:function(t){return o(w(t))},keyword2cmyk:function(t){return s(w(t))},keyword2lab:function(t){return d(w(t))},keyword2xyz:function(t){return u(w(t))},xyz2rgb:m,xyz2lab:v,xyz2lch:function(t){return y(v(t))},lab2xyz:x,lab2rgb:k,lab2lch:y,lch2lab:M,lch2xyz:function(t){return x(M(t))},lch2rgb:function(t){return k(M(t))}};var S={aliceblue:[240,248,255],antiquewhite:[250,235,215],aqua:[0,255,255],aquamarine:[127,255,212],azure:[240,255,255],beige:[245,245,220],bisque:[255,228,196],black:[0,0,0],blanchedalmond:[255,235,205],blue:[0,0,255],blueviolet:[138,43,226],brown:[165,42,42],burlywood:[222,184,135],cadetblue:[95,158,160],chartreuse:[127,255,0],chocolate:[210,105,30],coral:[255,127,80],cornflowerblue:[100,149,237],cornsilk:[255,248,220],crimson:[220,20,60],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgoldenrod:[184,134,11],darkgray:[169,169,169],darkgreen:[0,100,0],darkgrey:[169,169,169],darkkhaki:[189,183,107],darkmagenta:[139,0,139],darkolivegreen:[85,107,47],darkorange:[255,140,0],darkorchid:[153,50,204],darkred:[139,0,0],darksalmon:[233,150,122],darkseagreen:[143,188,143],darkslateblue:[72,61,139],darkslategray:[47,79,79],darkslategrey:[47,79,79],darkturquoise:[0,206,209],darkviolet:[148,0,211],deeppink:[255,20,147],deepskyblue:[0,191,255],dimgray:[105,105,105],dimgrey:[105,105,105],dodgerblue:[30,144,255],firebrick:[178,34,34],floralwhite:[255,250,240],forestgreen:[34,139,34],fuchsia:[255,0,255],gainsboro:[220,220,220],ghostwhite:[248,248,255],gold:[255,215,0],goldenrod:[218,165,32],gray:[128,128,128],green:[0,128,0],greenyellow:[173,255,47],grey:[128,128,128],honeydew:[240,255,240],hotpink:[255,105,180],indianred:[205,92,92],indigo:[75,0,130],ivory:[255,255,240],khaki:[240,230,140],lavender:[230,230,250],lavenderblush:[255,240,245],lawngreen:[124,252,0],lemonchiffon:[255,250,205],lightblue:[173,216,230],lightcoral:[240,128,128],lightcyan:[224,255,255],lightgoldenrodyellow:[250,250,210],lightgray:[211,211,211],lightgreen:[144,238,144],lightgrey:[211,211,211],lightpink:[255,182,193],lightsalmon:[255,160,122],lightseagreen:[32,178,170],lightskyblue:[135,206,250],lightslategray:[119,136,153],lightslategrey:[119,136,153],lightsteelblue:[176,196,222],lightyellow:[255,255,224],lime:[0,255,0],limegreen:[50,205,50],linen:[250,240,230],magenta:[255,0,255],maroon:[128,0,0],mediumaquamarine:[102,205,170],mediumblue:[0,0,205],mediumorchid:[186,85,211],mediumpurple:[147,112,219],mediumseagreen:[60,179,113],mediumslateblue:[123,104,238],mediumspringgreen:[0,250,154],mediumturquoise:[72,209,204],mediumvioletred:[199,21,133],midnightblue:[25,25,112],mintcream:[245,255,250],mistyrose:[255,228,225],moccasin:[255,228,181],navajowhite:[255,222,173],navy:[0,0,128],oldlace:[253,245,230],olive:[128,128,0],olivedrab:[107,142,35],orange:[255,165,0],orangered:[255,69,0],orchid:[218,112,214],palegoldenrod:[238,232,170],palegreen:[152,251,152],paleturquoise:[175,238,238],palevioletred:[219,112,147],papayawhip:[255,239,213],peachpuff:[255,218,185],peru:[205,133,63],pink:[255,192,203],plum:[221,160,221],powderblue:[176,224,230],purple:[128,0,128],rebeccapurple:[102,51,153],red:[255,0,0],rosybrown:[188,143,143],royalblue:[65,105,225],saddlebrown:[139,69,19],salmon:[250,128,114],sandybrown:[244,164,96],seagreen:[46,139,87],seashell:[255,245,238],sienna:[160,82,45],silver:[192,192,192],skyblue:[135,206,235],slateblue:[106,90,205],slategray:[112,128,144],slategrey:[112,128,144],snow:[255,250,250],springgreen:[0,255,127],steelblue:[70,130,180],tan:[210,180,140],teal:[0,128,128],thistle:[216,191,216],tomato:[255,99,71],turquoise:[64,224,208],violet:[238,130,238],wheat:[245,222,179],white:[255,255,255],whitesmoke:[245,245,245],yellow:[255,255,0],yellowgreen:[154,205,50]},C={};for(var _ in S)C[JSON.stringify(S[_])]=_},{}],5:[function(t,e,i){var n=t(4),a=function(){return new u};for(var o in n){a[o+"Raw"]=function(t){return function(e){return"number"==typeof e&&(e=Array.prototype.slice.call(arguments)),n[t](e)}}(o);var r=/(\w+)2(\w+)/.exec(o),s=r[1],l=r[2];(a[s]=a[s]||{})[l]=a[o]=function(t){return function(e){"number"==typeof e&&(e=Array.prototype.slice.call(arguments));var i=n[t](e);if("string"==typeof i||void 0===i)return i;for(var a=0;a0&&(t[0].yLabel?i=t[0].yLabel:e.labels.length>0&&t[0].index0?Math.min(r,n-i):r,i=n;return r}(i,u):-1,pixels:u,start:s,end:l,stackCount:n,scale:i}},calculateBarValuePixels:function(t,e){var i,n,a,o,r,s,l=this.chart,u=this.getMeta(),d=this.getValueScale(),c=l.data.datasets,h=d.getRightValue(c[t].data[e]),f=d.options.stacked,g=u.stack,p=0;if(f||void 0===f&&void 0!==g)for(i=0;i=0&&a>0)&&(p+=a));return o=d.getPixelForValue(p),{size:s=((r=d.getPixelForValue(p+h))-o)/2,base:o,head:r,center:r+s/2}},calculateBarIndexPixels:function(t,e,i){var n,a,r,s,l,u,d,c,h,f,g,p,m,v,b,x,y,k=i.scale.options,M="flex"===k.barThickness?(h=e,g=k,m=(f=i).pixels,v=m[h],b=h>0?m[h-1]:null,x=h');var i=t.data,n=i.datasets,a=i.labels;if(n.length)for(var o=0;o'),a[o]&&e.push(a[o]),e.push("");return e.push(""),e.join("")},legend:{labels:{generateLabels:function(t){var e=t.data;return e.labels.length&&e.datasets.length?e.labels.map(function(i,n){var a=t.getDatasetMeta(0),r=e.datasets[0],s=a.data[n],l=s&&s.custom||{},u=o.valueAtIndexOrDefault,d=t.options.elements.arc;return{text:i,fillStyle:l.backgroundColor?l.backgroundColor:u(r.backgroundColor,n,d.backgroundColor),strokeStyle:l.borderColor?l.borderColor:u(r.borderColor,n,d.borderColor),lineWidth:l.borderWidth?l.borderWidth:u(r.borderWidth,n,d.borderWidth),hidden:isNaN(r.data[n])||a.data[n].hidden,index:n}}):[]}},onClick:function(t,e){var i,n,a,o=e.index,r=this.chart;for(i=0,n=(r.data.datasets||[]).length;i=Math.PI?-1:g<-Math.PI?1:0))+f,m=Math.cos(g),v=Math.sin(g),b=Math.cos(p),x=Math.sin(p),y=g<=0&&p>=0||g<=2*Math.PI&&2*Math.PI<=p,k=g<=.5*Math.PI&&.5*Math.PI<=p||g<=2.5*Math.PI&&2.5*Math.PI<=p,M=g<=-Math.PI&&-Math.PI<=p||g<=Math.PI&&Math.PI<=p,w=g<=.5*-Math.PI&&.5*-Math.PI<=p||g<=1.5*Math.PI&&1.5*Math.PI<=p,S=h/100,C=M?-1:Math.min(m*(m<0?1:S),b*(b<0?1:S)),_=w?-1:Math.min(v*(v<0?1:S),x*(x<0?1:S)),D=y?1:Math.max(m*(m>0?1:S),b*(b>0?1:S)),I=k?1:Math.max(v*(v>0?1:S),x*(x>0?1:S)),P=.5*(D-C),A=.5*(I-_);u=Math.min(s/P,l/A),d={x:-.5*(D+C),y:-.5*(I+_)}}i.borderWidth=e.getMaxBorderWidth(c.data),i.outerRadius=Math.max((u-i.borderWidth)/2,0),i.innerRadius=Math.max(h?i.outerRadius/100*h:0,0),i.radiusLength=(i.outerRadius-i.innerRadius)/i.getVisibleDatasetCount(),i.offsetX=d.x*i.outerRadius,i.offsetY=d.y*i.outerRadius,c.total=e.calculateTotal(),e.outerRadius=i.outerRadius-i.radiusLength*e.getRingIndex(e.index),e.innerRadius=Math.max(e.outerRadius-i.radiusLength,0),o.each(c.data,function(i,n){e.updateElement(i,n,t)})},updateElement:function(t,e,i){var n=this,a=n.chart,r=a.chartArea,s=a.options,l=s.animation,u=(r.left+r.right)/2,d=(r.top+r.bottom)/2,c=s.rotation,h=s.rotation,f=n.getDataset(),g=i&&l.animateRotate?0:t.hidden?0:n.calculateCircumference(f.data[e])*(s.circumference/(2*Math.PI)),p=i&&l.animateScale?0:n.innerRadius,m=i&&l.animateScale?0:n.outerRadius,v=o.valueAtIndexOrDefault;o.extend(t,{_datasetIndex:n.index,_index:e,_model:{x:u+a.offsetX,y:d+a.offsetY,startAngle:c,endAngle:h,circumference:g,outerRadius:m,innerRadius:p,label:v(f.label,e,a.data.labels[e])}});var b=t._model;this.removeHoverStyle(t),i&&l.animateRotate||(b.startAngle=0===e?s.rotation:n.getMeta().data[e-1]._model.endAngle,b.endAngle=b.startAngle+b.circumference),t.pivot()},removeHoverStyle:function(e){t.DatasetController.prototype.removeHoverStyle.call(this,e,this.chart.options.elements.arc)},calculateTotal:function(){var t,e=this.getDataset(),i=this.getMeta(),n=0;return o.each(i.data,function(i,a){t=e.data[a],isNaN(t)||i.hidden||(n+=Math.abs(t))}),n},calculateCircumference:function(t){var e=this.getMeta().total;return e>0&&!isNaN(t)?2*Math.PI*(Math.abs(t)/e):0},getMaxBorderWidth:function(t){for(var e,i,n=0,a=this.index,o=t.length,r=0;r(n=e>n?e:n)?i:n;return n}})}},{25:25,40:40,45:45}],18:[function(t,e,i){"use strict";var n=t(25),a=t(40),o=t(45);n._set("line",{showLines:!0,spanGaps:!1,hover:{mode:"label"},scales:{xAxes:[{type:"category",id:"x-axis-0"}],yAxes:[{type:"linear",id:"y-axis-0"}]}}),e.exports=function(t){function e(t,e){return o.valueOrDefault(t.showLine,e.showLines)}t.controllers.line=t.DatasetController.extend({datasetElementType:a.Line,dataElementType:a.Point,update:function(t){var i,n,a,r=this,s=r.getMeta(),l=s.dataset,u=s.data||[],d=r.chart.options,c=d.elements.line,h=r.getScaleForId(s.yAxisID),f=r.getDataset(),g=e(f,d);for(g&&(a=l.custom||{},void 0!==f.tension&&void 0===f.lineTension&&(f.lineTension=f.tension),l._scale=h,l._datasetIndex=r.index,l._children=u,l._model={spanGaps:f.spanGaps?f.spanGaps:d.spanGaps,tension:a.tension?a.tension:o.valueOrDefault(f.lineTension,c.tension),backgroundColor:a.backgroundColor?a.backgroundColor:f.backgroundColor||c.backgroundColor,borderWidth:a.borderWidth?a.borderWidth:f.borderWidth||c.borderWidth,borderColor:a.borderColor?a.borderColor:f.borderColor||c.borderColor,borderCapStyle:a.borderCapStyle?a.borderCapStyle:f.borderCapStyle||c.borderCapStyle,borderDash:a.borderDash?a.borderDash:f.borderDash||c.borderDash,borderDashOffset:a.borderDashOffset?a.borderDashOffset:f.borderDashOffset||c.borderDashOffset,borderJoinStyle:a.borderJoinStyle?a.borderJoinStyle:f.borderJoinStyle||c.borderJoinStyle,fill:a.fill?a.fill:void 0!==f.fill?f.fill:c.fill,steppedLine:a.steppedLine?a.steppedLine:o.valueOrDefault(f.steppedLine,c.stepped),cubicInterpolationMode:a.cubicInterpolationMode?a.cubicInterpolationMode:o.valueOrDefault(f.cubicInterpolationMode,c.cubicInterpolationMode)},l.pivot()),i=0,n=u.length;i');var i=t.data,n=i.datasets,a=i.labels;if(n.length)for(var o=0;o'),a[o]&&e.push(a[o]),e.push("");return e.push(""),e.join("")},legend:{labels:{generateLabels:function(t){var e=t.data;return e.labels.length&&e.datasets.length?e.labels.map(function(i,n){var a=t.getDatasetMeta(0),r=e.datasets[0],s=a.data[n].custom||{},l=o.valueAtIndexOrDefault,u=t.options.elements.arc;return{text:i,fillStyle:s.backgroundColor?s.backgroundColor:l(r.backgroundColor,n,u.backgroundColor),strokeStyle:s.borderColor?s.borderColor:l(r.borderColor,n,u.borderColor),lineWidth:s.borderWidth?s.borderWidth:l(r.borderWidth,n,u.borderWidth),hidden:isNaN(r.data[n])||a.data[n].hidden,index:n}}):[]}},onClick:function(t,e){var i,n,a,o=e.index,r=this.chart;for(i=0,n=(r.data.datasets||[]).length;i0&&!isNaN(t)?2*Math.PI/e:0}})}},{25:25,40:40,45:45}],20:[function(t,e,i){"use strict";var n=t(25),a=t(40),o=t(45);n._set("radar",{scale:{type:"radialLinear"},elements:{line:{tension:0}}}),e.exports=function(t){t.controllers.radar=t.DatasetController.extend({datasetElementType:a.Line,dataElementType:a.Point,linkScales:o.noop,update:function(t){var e=this,i=e.getMeta(),n=i.dataset,a=i.data,r=n.custom||{},s=e.getDataset(),l=e.chart.options.elements.line,u=e.chart.scale;void 0!==s.tension&&void 0===s.lineTension&&(s.lineTension=s.tension),o.extend(i.dataset,{_datasetIndex:e.index,_scale:u,_children:a,_loop:!0,_model:{tension:r.tension?r.tension:o.valueOrDefault(s.lineTension,l.tension),backgroundColor:r.backgroundColor?r.backgroundColor:s.backgroundColor||l.backgroundColor,borderWidth:r.borderWidth?r.borderWidth:s.borderWidth||l.borderWidth,borderColor:r.borderColor?r.borderColor:s.borderColor||l.borderColor,fill:r.fill?r.fill:void 0!==s.fill?s.fill:l.fill,borderCapStyle:r.borderCapStyle?r.borderCapStyle:s.borderCapStyle||l.borderCapStyle,borderDash:r.borderDash?r.borderDash:s.borderDash||l.borderDash,borderDashOffset:r.borderDashOffset?r.borderDashOffset:s.borderDashOffset||l.borderDashOffset,borderJoinStyle:r.borderJoinStyle?r.borderJoinStyle:s.borderJoinStyle||l.borderJoinStyle}}),i.dataset.pivot(),o.each(a,function(i,n){e.updateElement(i,n,t)},e),e.updateBezierControlPoints()},updateElement:function(t,e,i){var n=this,a=t.custom||{},r=n.getDataset(),s=n.chart.scale,l=n.chart.options.elements.point,u=s.getPointPositionForValue(e,r.data[e]);void 0!==r.radius&&void 0===r.pointRadius&&(r.pointRadius=r.radius),void 0!==r.hitRadius&&void 0===r.pointHitRadius&&(r.pointHitRadius=r.hitRadius),o.extend(t,{_datasetIndex:n.index,_index:e,_scale:s,_model:{x:i?s.xCenter:u.x,y:i?s.yCenter:u.y,tension:a.tension?a.tension:o.valueOrDefault(r.lineTension,n.chart.options.elements.line.tension),radius:a.radius?a.radius:o.valueAtIndexOrDefault(r.pointRadius,e,l.radius),backgroundColor:a.backgroundColor?a.backgroundColor:o.valueAtIndexOrDefault(r.pointBackgroundColor,e,l.backgroundColor),borderColor:a.borderColor?a.borderColor:o.valueAtIndexOrDefault(r.pointBorderColor,e,l.borderColor),borderWidth:a.borderWidth?a.borderWidth:o.valueAtIndexOrDefault(r.pointBorderWidth,e,l.borderWidth),pointStyle:a.pointStyle?a.pointStyle:o.valueAtIndexOrDefault(r.pointStyle,e,l.pointStyle),hitRadius:a.hitRadius?a.hitRadius:o.valueAtIndexOrDefault(r.pointHitRadius,e,l.hitRadius)}}),t._model.skip=a.skip?a.skip:isNaN(t._model.x)||isNaN(t._model.y)},updateBezierControlPoints:function(){var t=this.chart.chartArea,e=this.getMeta();o.each(e.data,function(i,n){var a=i._model,r=o.splineCurve(o.previousItem(e.data,n,!0)._model,a,o.nextItem(e.data,n,!0)._model,a.tension);a.controlPointPreviousX=Math.max(Math.min(r.previous.x,t.right),t.left),a.controlPointPreviousY=Math.max(Math.min(r.previous.y,t.bottom),t.top),a.controlPointNextX=Math.max(Math.min(r.next.x,t.right),t.left),a.controlPointNextY=Math.max(Math.min(r.next.y,t.bottom),t.top),i.pivot()})},setHoverStyle:function(t){var e=this.chart.data.datasets[t._datasetIndex],i=t.custom||{},n=t._index,a=t._model;a.radius=i.hoverRadius?i.hoverRadius:o.valueAtIndexOrDefault(e.pointHoverRadius,n,this.chart.options.elements.point.hoverRadius),a.backgroundColor=i.hoverBackgroundColor?i.hoverBackgroundColor:o.valueAtIndexOrDefault(e.pointHoverBackgroundColor,n,o.getHoverColor(a.backgroundColor)),a.borderColor=i.hoverBorderColor?i.hoverBorderColor:o.valueAtIndexOrDefault(e.pointHoverBorderColor,n,o.getHoverColor(a.borderColor)),a.borderWidth=i.hoverBorderWidth?i.hoverBorderWidth:o.valueAtIndexOrDefault(e.pointHoverBorderWidth,n,a.borderWidth)},removeHoverStyle:function(t){var e=this.chart.data.datasets[t._datasetIndex],i=t.custom||{},n=t._index,a=t._model,r=this.chart.options.elements.point;a.radius=i.radius?i.radius:o.valueAtIndexOrDefault(e.pointRadius,n,r.radius),a.backgroundColor=i.backgroundColor?i.backgroundColor:o.valueAtIndexOrDefault(e.pointBackgroundColor,n,r.backgroundColor),a.borderColor=i.borderColor?i.borderColor:o.valueAtIndexOrDefault(e.pointBorderColor,n,r.borderColor),a.borderWidth=i.borderWidth?i.borderWidth:o.valueAtIndexOrDefault(e.pointBorderWidth,n,r.borderWidth)}})}},{25:25,40:40,45:45}],21:[function(t,e,i){"use strict";t(25)._set("scatter",{hover:{mode:"single"},scales:{xAxes:[{id:"x-axis-1",type:"linear",position:"bottom"}],yAxes:[{id:"y-axis-1",type:"linear",position:"left"}]},showLines:!1,tooltips:{callbacks:{title:function(){return""},label:function(t){return"("+t.xLabel+", "+t.yLabel+")"}}}}),e.exports=function(t){t.controllers.scatter=t.controllers.line}},{25:25}],22:[function(t,e,i){"use strict";var n=t(25),a=t(26),o=t(45);n._set("global",{animation:{duration:1e3,easing:"easeOutQuart",onProgress:o.noop,onComplete:o.noop}}),e.exports=function(t){t.Animation=a.extend({chart:null,currentStep:0,numSteps:60,easing:"",render:null,onAnimationProgress:null,onAnimationComplete:null}),t.animationService={frameDuration:17,animations:[],dropFrames:0,request:null,addAnimation:function(t,e,i,n){var a,o,r=this.animations;for(e.chart=t,n||(t.animating=!0),a=0,o=r.length;a1&&(i=Math.floor(t.dropFrames),t.dropFrames=t.dropFrames%1),t.advance(1+i);var n=Date.now();t.dropFrames+=(n-e)/t.frameDuration,t.animations.length>0&&t.requestAnimationFrame()},advance:function(t){for(var e,i,n=this.animations,a=0;a=e.numSteps?(o.callback(e.onAnimationComplete,[e],i),i.animating=!1,n.splice(a,1)):++a}},Object.defineProperty(t.Animation.prototype,"animationObject",{get:function(){return this}}),Object.defineProperty(t.Animation.prototype,"chartInstance",{get:function(){return this.chart},set:function(t){this.chart=t}})}},{25:25,26:26,45:45}],23:[function(t,e,i){"use strict";var n=t(25),a=t(45),o=t(28),r=t(30),s=t(48),l=t(31);e.exports=function(t){function e(t){return"top"===t||"bottom"===t}t.types={},t.instances={},t.controllers={},a.extend(t.prototype,{construct:function(e,i){var o,r,l=this;(r=(o=(o=i)||{}).data=o.data||{}).datasets=r.datasets||[],r.labels=r.labels||[],o.options=a.configMerge(n.global,n[o.type],o.options||{}),i=o;var u=s.acquireContext(e,i),d=u&&u.canvas,c=d&&d.height,h=d&&d.width;l.id=a.uid(),l.ctx=u,l.canvas=d,l.config=i,l.width=h,l.height=c,l.aspectRatio=c?h/c:null,l.options=i.options,l._bufferedRender=!1,l.chart=l,l.controller=l,t.instances[l.id]=l,Object.defineProperty(l,"data",{get:function(){return l.config.data},set:function(t){l.config.data=t}}),u&&d?(l.initialize(),l.update()):console.error("Failed to create chart: can't acquire context from the given item")},initialize:function(){var t=this;return l.notify(t,"beforeInit"),a.retinaScale(t,t.options.devicePixelRatio),t.bindEvents(),t.options.responsive&&t.resize(!0),t.ensureScalesHaveIDs(),t.buildOrUpdateScales(),t.initToolTip(),l.notify(t,"afterInit"),t},clear:function(){return a.canvas.clear(this),this},stop:function(){return t.animationService.cancelAnimation(this),this},resize:function(t){var e=this,i=e.options,n=e.canvas,o=i.maintainAspectRatio&&e.aspectRatio||null,r=Math.max(0,Math.floor(a.getMaximumWidth(n))),s=Math.max(0,Math.floor(o?r/o:a.getMaximumHeight(n)));if((e.width!==r||e.height!==s)&&(n.width=e.width=r,n.height=e.height=s,n.style.width=r+"px",n.style.height=s+"px",a.retinaScale(e,i.devicePixelRatio),!t)){var u={width:r,height:s};l.notify(e,"resize",[u]),e.options.onResize&&e.options.onResize(e,u),e.stop(),e.update(e.options.responsiveAnimationDuration)}},ensureScalesHaveIDs:function(){var t=this.options,e=t.scales||{},i=t.scale;a.each(e.xAxes,function(t,e){t.id=t.id||"x-axis-"+e}),a.each(e.yAxes,function(t,e){t.id=t.id||"y-axis-"+e}),i&&(i.id=i.id||"scale")},buildOrUpdateScales:function(){var i=this,n=i.options,o=i.scales||{},r=[],s=Object.keys(o).reduce(function(t,e){return t[e]=!1,t},{});n.scales&&(r=r.concat((n.scales.xAxes||[]).map(function(t){return{options:t,dtype:"category",dposition:"bottom"}}),(n.scales.yAxes||[]).map(function(t){return{options:t,dtype:"linear",dposition:"left"}}))),n.scale&&r.push({options:n.scale,dtype:"radialLinear",isDefault:!0,dposition:"chartArea"}),a.each(r,function(n){var r=n.options,l=r.id,u=a.valueOrDefault(r.type,n.dtype);e(r.position)!==e(n.dposition)&&(r.position=n.dposition),s[l]=!0;var d=null;if(l in o&&o[l].type===u)(d=o[l]).options=r,d.ctx=i.ctx,d.chart=i;else{var c=t.scaleService.getScaleConstructor(u);if(!c)return;d=new c({id:l,type:u,options:r,ctx:i.ctx,chart:i}),o[d.id]=d}d.mergeTicksOptions(),n.isDefault&&(i.scale=d)}),a.each(s,function(t,e){t||delete o[e]}),i.scales=o,t.scaleService.addScalesToLayout(this)},buildOrUpdateControllers:function(){var e=this,i=[],n=[];return a.each(e.data.datasets,function(a,o){var r=e.getDatasetMeta(o),s=a.type||e.config.type;if(r.type&&r.type!==s&&(e.destroyDatasetMeta(o),r=e.getDatasetMeta(o)),r.type=s,i.push(r.type),r.controller)r.controller.updateIndex(o),r.controller.linkScales();else{var l=t.controllers[r.type];if(void 0===l)throw new Error('"'+r.type+'" is not a chart type.');r.controller=new l(e,o),n.push(r.controller)}},e),n},resetElements:function(){var t=this;a.each(t.data.datasets,function(e,i){t.getDatasetMeta(i).controller.reset()},t)},reset:function(){this.resetElements(),this.tooltip.initialize()},update:function(e){var i,n,o=this;if(e&&"object"==typeof e||(e={duration:e,lazy:arguments[1]}),n=(i=o).options,a.each(i.scales,function(t){r.removeBox(i,t)}),n=a.configMerge(t.defaults.global,t.defaults[i.config.type],n),i.options=i.config.options=n,i.ensureScalesHaveIDs(),i.buildOrUpdateScales(),i.tooltip._options=n.tooltips,i.tooltip.initialize(),l._invalidate(o),!1!==l.notify(o,"beforeUpdate")){o.tooltip._data=o.data;var s=o.buildOrUpdateControllers();a.each(o.data.datasets,function(t,e){o.getDatasetMeta(e).controller.buildOrUpdateElements()},o),o.updateLayout(),o.options.animation&&o.options.animation.duration&&a.each(s,function(t){t.reset()}),o.updateDatasets(),o.tooltip.initialize(),o.lastActive=[],l.notify(o,"afterUpdate"),o._bufferedRender?o._bufferedRequest={duration:e.duration,easing:e.easing,lazy:e.lazy}:o.render(e)}},updateLayout:function(){!1!==l.notify(this,"beforeLayout")&&(r.update(this,this.width,this.height),l.notify(this,"afterScaleUpdate"),l.notify(this,"afterLayout"))},updateDatasets:function(){if(!1!==l.notify(this,"beforeDatasetsUpdate")){for(var t=0,e=this.data.datasets.length;t=0;--i)e.isDatasetVisible(i)&&e.drawDataset(i,t);l.notify(e,"afterDatasetsDraw",[t])}},drawDataset:function(t,e){var i=this.getDatasetMeta(t),n={meta:i,index:t,easingValue:e};!1!==l.notify(this,"beforeDatasetDraw",[n])&&(i.controller.draw(e),l.notify(this,"afterDatasetDraw",[n]))},_drawTooltip:function(t){var e=this.tooltip,i={tooltip:e,easingValue:t};!1!==l.notify(this,"beforeTooltipDraw",[i])&&(e.draw(),l.notify(this,"afterTooltipDraw",[i]))},getElementAtEvent:function(t){return o.modes.single(this,t)},getElementsAtEvent:function(t){return o.modes.label(this,t,{intersect:!0})},getElementsAtXAxis:function(t){return o.modes["x-axis"](this,t,{intersect:!0})},getElementsAtEventForMode:function(t,e,i){var n=o.modes[e];return"function"==typeof n?n(this,t,i):[]},getDatasetAtEvent:function(t){return o.modes.dataset(this,t,{intersect:!0})},getDatasetMeta:function(t){var e=this.data.datasets[t];e._meta||(e._meta={});var i=e._meta[this.id];return i||(i=e._meta[this.id]={type:null,data:[],dataset:null,controller:null,hidden:null,xAxisID:null,yAxisID:null}),i},getVisibleDatasetCount:function(){for(var t=0,e=0,i=this.data.datasets.length;e0||(e.forEach(function(e){delete t[e]}),delete t._chartjs)}}t.DatasetController=function(t,e){this.initialize(t,e)},n.extend(t.DatasetController.prototype,{datasetElementType:null,dataElementType:null,initialize:function(t,e){this.chart=t,this.index=e,this.linkScales(),this.addElements()},updateIndex:function(t){this.index=t},linkScales:function(){var t=this,e=t.getMeta(),i=t.getDataset();null!==e.xAxisID&&e.xAxisID in t.chart.scales||(e.xAxisID=i.xAxisID||t.chart.options.scales.xAxes[0].id),null!==e.yAxisID&&e.yAxisID in t.chart.scales||(e.yAxisID=i.yAxisID||t.chart.options.scales.yAxes[0].id)},getDataset:function(){return this.chart.data.datasets[this.index]},getMeta:function(){return this.chart.getDatasetMeta(this.index)},getScaleForId:function(t){return this.chart.scales[t]},reset:function(){this.update(!0)},destroy:function(){this._data&&i(this._data,this)},createMetaDataset:function(){var t=this.datasetElementType;return t&&new t({_chart:this.chart,_datasetIndex:this.index})},createMetaData:function(t){var e=this.dataElementType;return e&&new e({_chart:this.chart,_datasetIndex:this.index,_index:t})},addElements:function(){var t,e,i=this.getMeta(),n=this.getDataset().data||[],a=i.data;for(t=0,e=n.length;ti&&this.insertElements(i,n-i)},insertElements:function(t,e){for(var i=0;i=i[e].length&&i[e].push({}),!i[e][r].type||l.type&&l.type!==i[e][r].type?o.merge(i[e][r],[t.scaleService.getScaleDefaults(s),l]):o.merge(i[e][r],l)}else o._merger(e,i,n,a)}})},o.where=function(t,e){if(o.isArray(t)&&Array.prototype.filter)return t.filter(e);var i=[];return o.each(t,function(t){e(t)&&i.push(t)}),i},o.findIndex=Array.prototype.findIndex?function(t,e,i){return t.findIndex(e,i)}:function(t,e,i){i=void 0===i?t:i;for(var n=0,a=t.length;n=0;n--){var a=t[n];if(e(a))return a}},o.isNumber=function(t){return!isNaN(parseFloat(t))&&isFinite(t)},o.almostEquals=function(t,e,i){return Math.abs(t-e)t},o.max=function(t){return t.reduce(function(t,e){return isNaN(e)?t:Math.max(t,e)},Number.NEGATIVE_INFINITY)},o.min=function(t){return t.reduce(function(t,e){return isNaN(e)?t:Math.min(t,e)},Number.POSITIVE_INFINITY)},o.sign=Math.sign?function(t){return Math.sign(t)}:function(t){return 0===(t=+t)||isNaN(t)?t:t>0?1:-1},o.log10=Math.log10?function(t){return Math.log10(t)}:function(t){var e=Math.log(t)*Math.LOG10E,i=Math.round(e);return t===Math.pow(10,i)?i:e},o.toRadians=function(t){return t*(Math.PI/180)},o.toDegrees=function(t){return t*(180/Math.PI)},o.getAngleFromPoint=function(t,e){var i=e.x-t.x,n=e.y-t.y,a=Math.sqrt(i*i+n*n),o=Math.atan2(n,i);return o<-.5*Math.PI&&(o+=2*Math.PI),{angle:o,distance:a}},o.distanceBetweenPoints=function(t,e){return Math.sqrt(Math.pow(e.x-t.x,2)+Math.pow(e.y-t.y,2))},o.aliasPixel=function(t){return t%2==0?0:.5},o.splineCurve=function(t,e,i,n){var a=t.skip?e:t,o=e,r=i.skip?e:i,s=Math.sqrt(Math.pow(o.x-a.x,2)+Math.pow(o.y-a.y,2)),l=Math.sqrt(Math.pow(r.x-o.x,2)+Math.pow(r.y-o.y,2)),u=s/(s+l),d=l/(s+l),c=n*(u=isNaN(u)?0:u),h=n*(d=isNaN(d)?0:d);return{previous:{x:o.x-c*(r.x-a.x),y:o.y-c*(r.y-a.y)},next:{x:o.x+h*(r.x-a.x),y:o.y+h*(r.y-a.y)}}},o.EPSILON=Number.EPSILON||1e-14,o.splineCurveMonotone=function(t){var e,i,n,a,r,s,l,u,d,c=(t||[]).map(function(t){return{model:t._model,deltaK:0,mK:0}}),h=c.length;for(e=0;e0?c[e-1]:null,(a=e0?c[e-1]:null,a=e=t.length-1?t[0]:t[e+1]:e>=t.length-1?t[t.length-1]:t[e+1]},o.previousItem=function(t,e,i){return i?e<=0?t[t.length-1]:t[e-1]:e<=0?t[0]:t[e-1]},o.niceNum=function(t,e){var i=Math.floor(o.log10(t)),n=t/Math.pow(10,i);return(e?n<1.5?1:n<3?2:n<7?5:10:n<=1?1:n<=2?2:n<=5?5:10)*Math.pow(10,i)},o.requestAnimFrame="undefined"==typeof window?function(t){t()}:window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame||function(t){return window.setTimeout(t,1e3/60)},o.getRelativePosition=function(t,e){var i,n,a=t.originalEvent||t,r=t.currentTarget||t.srcElement,s=r.getBoundingClientRect(),l=a.touches;l&&l.length>0?(i=l[0].clientX,n=l[0].clientY):(i=a.clientX,n=a.clientY);var u=parseFloat(o.getStyle(r,"padding-left")),d=parseFloat(o.getStyle(r,"padding-top")),c=parseFloat(o.getStyle(r,"padding-right")),h=parseFloat(o.getStyle(r,"padding-bottom")),f=s.right-s.left-u-c,g=s.bottom-s.top-d-h;return{x:i=Math.round((i-s.left-u)/f*r.width/e.currentDevicePixelRatio),y:n=Math.round((n-s.top-d)/g*r.height/e.currentDevicePixelRatio)}},o.getConstraintWidth=function(t){return r(t,"max-width","clientWidth")},o.getConstraintHeight=function(t){return r(t,"max-height","clientHeight")},o.getMaximumWidth=function(t){var e=t.parentNode;if(!e)return t.clientWidth;var i=parseInt(o.getStyle(e,"padding-left"),10),n=parseInt(o.getStyle(e,"padding-right"),10),a=e.clientWidth-i-n,r=o.getConstraintWidth(t);return isNaN(r)?a:Math.min(a,r)},o.getMaximumHeight=function(t){var e=t.parentNode;if(!e)return t.clientHeight;var i=parseInt(o.getStyle(e,"padding-top"),10),n=parseInt(o.getStyle(e,"padding-bottom"),10),a=e.clientHeight-i-n,r=o.getConstraintHeight(t);return isNaN(r)?a:Math.min(a,r)},o.getStyle=function(t,e){return t.currentStyle?t.currentStyle[e]:document.defaultView.getComputedStyle(t,null).getPropertyValue(e)},o.retinaScale=function(t,e){var i=t.currentDevicePixelRatio=e||window.devicePixelRatio||1;if(1!==i){var n=t.canvas,a=t.height,o=t.width;n.height=a*i,n.width=o*i,t.ctx.scale(i,i),n.style.height||n.style.width||(n.style.height=a+"px",n.style.width=o+"px")}},o.fontString=function(t,e,i){return e+" "+t+"px "+i},o.longestText=function(t,e,i,n){var a=(n=n||{}).data=n.data||{},r=n.garbageCollect=n.garbageCollect||[];n.font!==e&&(a=n.data={},r=n.garbageCollect=[],n.font=e),t.font=e;var s=0;o.each(i,function(e){null!=e&&!0!==o.isArray(e)?s=o.measureText(t,a,r,s,e):o.isArray(e)&&o.each(e,function(e){null==e||o.isArray(e)||(s=o.measureText(t,a,r,s,e))})});var l=r.length/2;if(l>i.length){for(var u=0;un&&(n=o),n},o.numberOfLabelLines=function(t){var e=1;return o.each(t,function(t){o.isArray(t)&&t.length>e&&(e=t.length)}),e},o.color=n?function(t){return t instanceof CanvasGradient&&(t=a.global.defaultColor),n(t)}:function(t){return console.error("Color.js not found!"),t},o.getHoverColor=function(t){return t instanceof CanvasPattern?t:o.color(t).saturate(.5).darken(.1).rgbString()}}},{25:25,3:3,45:45}],28:[function(t,e,i){"use strict";var n=t(45);function a(t,e){return t.native?{x:t.x,y:t.y}:n.getRelativePosition(t,e)}function o(t,e){var i,n,a,o,r;for(n=0,o=t.data.datasets.length;n0&&(u=t.getDatasetMeta(u[0]._datasetIndex).data),u},"x-axis":function(t,e){return u(t,e,{intersect:!1})},point:function(t,e){return r(t,a(e,t))},nearest:function(t,e,i){var n=a(e,t);i.axis=i.axis||"xy";var o=l(i.axis),r=s(t,n,i.intersect,o);return r.length>1&&r.sort(function(t,e){var i=t.getArea()-e.getArea();return 0===i&&(i=t._datasetIndex-e._datasetIndex),i}),r.slice(0,1)},x:function(t,e,i){var n=a(e,t),r=[],s=!1;return o(t,function(t){t.inXRange(n.x)&&r.push(t),t.inRange(n.x,n.y)&&(s=!0)}),i.intersect&&!s&&(r=[]),r},y:function(t,e,i){var n=a(e,t),r=[],s=!1;return o(t,function(t){t.inYRange(n.y)&&r.push(t),t.inRange(n.x,n.y)&&(s=!0)}),i.intersect&&!s&&(r=[]),r}}}},{45:45}],29:[function(t,e,i){"use strict";t(25)._set("global",{responsive:!0,responsiveAnimationDuration:0,maintainAspectRatio:!0,events:["mousemove","mouseout","click","touchstart","touchmove"],hover:{onHover:null,mode:"nearest",intersect:!0,animationDuration:400},onClick:null,defaultColor:"rgba(0,0,0,0.1)",defaultFontColor:"#666",defaultFontFamily:"'Helvetica Neue', 'Helvetica', 'Arial', sans-serif",defaultFontSize:12,defaultFontStyle:"normal",showLines:!0,elements:{},layout:{padding:{top:0,right:0,bottom:0,left:0}}}),e.exports=function(){var t=function(t,e){return this.construct(t,e),this};return t.Chart=t,t}},{25:25}],30:[function(t,e,i){"use strict";var n=t(45);function a(t,e){return n.where(t,function(t){return t.position===e})}function o(t,e){t.forEach(function(t,e){return t._tmpIndex_=e,t}),t.sort(function(t,i){var n=e?i:t,a=e?t:i;return n.weight===a.weight?n._tmpIndex_-a._tmpIndex_:n.weight-a.weight}),t.forEach(function(t){delete t._tmpIndex_})}e.exports={defaults:{},addBox:function(t,e){t.boxes||(t.boxes=[]),e.fullWidth=e.fullWidth||!1,e.position=e.position||"top",e.weight=e.weight||0,t.boxes.push(e)},removeBox:function(t,e){var i=t.boxes?t.boxes.indexOf(e):-1;-1!==i&&t.boxes.splice(i,1)},configure:function(t,e,i){for(var n,a=["fullWidth","position","weight"],o=a.length,r=0;rh&&lt.maxHeight){l--;break}l++,c=u*d}t.labelRotation=l},afterCalculateTickRotation:function(){o.callback(this.options.afterCalculateTickRotation,[this])},beforeFit:function(){o.callback(this.options.beforeFit,[this])},fit:function(){var t=this,n=t.minSize={width:0,height:0},a=s(t._ticks),l=t.options,u=l.ticks,d=l.scaleLabel,c=l.gridLines,h=l.display,f=t.isHorizontal(),g=i(u),p=l.gridLines.tickMarkLength;if(n.width=f?t.isFullWidth()?t.maxWidth-t.margins.left-t.margins.right:t.maxWidth:h&&c.drawTicks?p:0,n.height=f?h&&c.drawTicks?p:0:t.maxHeight,d.display&&h){var m=r(d)+o.options.toPadding(d.padding).height;f?n.height+=m:n.width+=m}if(u.display&&h){var v=o.longestText(t.ctx,g.font,a,t.longestTextCache),b=o.numberOfLabelLines(a),x=.5*g.size,y=t.options.ticks.padding;if(f){t.longestLabelWidth=v;var k=o.toRadians(t.labelRotation),M=Math.cos(k),w=Math.sin(k)*v+g.size*b+x*(b-1)+x;n.height=Math.min(t.maxHeight,n.height+w+y),t.ctx.font=g.font;var S=e(t.ctx,a[0],g.font),C=e(t.ctx,a[a.length-1],g.font);0!==t.labelRotation?(t.paddingLeft="bottom"===l.position?M*S+3:M*x+3,t.paddingRight="bottom"===l.position?M*x+3:M*C+3):(t.paddingLeft=S/2+3,t.paddingRight=C/2+3)}else u.mirror?v=0:v+=y+x,n.width=Math.min(t.maxWidth,n.width+v),t.paddingTop=g.size/2,t.paddingBottom=g.size/2}t.handleMargins(),t.width=n.width,t.height=n.height},handleMargins:function(){var t=this;t.margins&&(t.paddingLeft=Math.max(t.paddingLeft-t.margins.left,0),t.paddingTop=Math.max(t.paddingTop-t.margins.top,0),t.paddingRight=Math.max(t.paddingRight-t.margins.right,0),t.paddingBottom=Math.max(t.paddingBottom-t.margins.bottom,0))},afterFit:function(){o.callback(this.options.afterFit,[this])},isHorizontal:function(){return"top"===this.options.position||"bottom"===this.options.position},isFullWidth:function(){return this.options.fullWidth},getRightValue:function(t){if(o.isNullOrUndef(t))return NaN;if("number"==typeof t&&!isFinite(t))return NaN;if(t)if(this.isHorizontal()){if(void 0!==t.x)return this.getRightValue(t.x)}else if(void 0!==t.y)return this.getRightValue(t.y);return t},getLabelForIndex:o.noop,getPixelForValue:o.noop,getValueForPixel:o.noop,getPixelForTick:function(t){var e=this,i=e.options.offset;if(e.isHorizontal()){var n=(e.width-(e.paddingLeft+e.paddingRight))/Math.max(e._ticks.length-(i?0:1),1),a=n*t+e.paddingLeft;i&&(a+=n/2);var o=e.left+Math.round(a);return o+=e.isFullWidth()?e.margins.left:0}var r=e.height-(e.paddingTop+e.paddingBottom);return e.top+t*(r/(e._ticks.length-1))},getPixelForDecimal:function(t){var e=this;if(e.isHorizontal()){var i=(e.width-(e.paddingLeft+e.paddingRight))*t+e.paddingLeft,n=e.left+Math.round(i);return n+=e.isFullWidth()?e.margins.left:0}return e.top+t*e.height},getBasePixel:function(){return this.getPixelForValue(this.getBaseValue())},getBaseValue:function(){var t=this.min,e=this.max;return this.beginAtZero?0:t<0&&e<0?e:t>0&&e>0?t:0},_autoSkip:function(t){var e,i,n,a,r=this,s=r.isHorizontal(),l=r.options.ticks.minor,u=t.length,d=o.toRadians(r.labelRotation),c=Math.cos(d),h=r.longestLabelWidth*c,f=[];for(l.maxTicksLimit&&(a=l.maxTicksLimit),s&&(e=!1,(h+l.autoSkipPadding)*u>r.width-(r.paddingLeft+r.paddingRight)&&(e=1+Math.floor((h+l.autoSkipPadding)*u/(r.width-(r.paddingLeft+r.paddingRight)))),a&&u>a&&(e=Math.max(e,Math.floor(u/a)))),i=0;i1&&i%e>0||i%e==0&&i+e>=u)&&i!==u-1&&delete n.label,f.push(n);return f},draw:function(t){var e=this,a=e.options;if(a.display){var s=e.ctx,u=n.global,d=a.ticks.minor,c=a.ticks.major||d,h=a.gridLines,f=a.scaleLabel,g=0!==e.labelRotation,p=e.isHorizontal(),m=d.autoSkip?e._autoSkip(e.getTicks()):e.getTicks(),v=o.valueOrDefault(d.fontColor,u.defaultFontColor),b=i(d),x=o.valueOrDefault(c.fontColor,u.defaultFontColor),y=i(c),k=h.drawTicks?h.tickMarkLength:0,M=o.valueOrDefault(f.fontColor,u.defaultFontColor),w=i(f),S=o.options.toPadding(f.padding),C=o.toRadians(e.labelRotation),_=[],D=e.options.gridLines.lineWidth,I="right"===a.position?e.right:e.right-D-k,P="right"===a.position?e.right+k:e.right,A="bottom"===a.position?e.top+D:e.bottom-k-D,T="bottom"===a.position?e.top+D+k:e.bottom+D;if(o.each(m,function(i,n){if(!o.isNullOrUndef(i.label)){var r,s,c,f,v,b,x,y,M,w,S,F,O,R,L=i.label;n===e.zeroLineIndex&&a.offset===h.offsetGridLines?(r=h.zeroLineWidth,s=h.zeroLineColor,c=h.zeroLineBorderDash,f=h.zeroLineBorderDashOffset):(r=o.valueAtIndexOrDefault(h.lineWidth,n),s=o.valueAtIndexOrDefault(h.color,n),c=o.valueOrDefault(h.borderDash,u.borderDash),f=o.valueOrDefault(h.borderDashOffset,u.borderDashOffset));var z="middle",B="middle",W=d.padding;if(p){var N=k+W;"bottom"===a.position?(B=g?"middle":"top",z=g?"right":"center",R=e.top+N):(B=g?"middle":"bottom",z=g?"left":"center",R=e.bottom-N);var V=l(e,n,h.offsetGridLines&&m.length>1);V1);j3?i[2]-i[1]:i[1]-i[0];Math.abs(a)>1&&t!==Math.floor(t)&&(a=t-Math.floor(t));var o=n.log10(Math.abs(a)),r="";if(0!==t){var s=-1*Math.floor(o);s=Math.max(Math.min(s,20),0),r=t.toFixed(s)}else r="0";return r},logarithmic:function(t,e,i){var a=t/Math.pow(10,Math.floor(n.log10(t)));return 0===t?"0":1===a||2===a||5===a||0===e||e===i.length-1?t.toExponential():""}}}},{45:45}],35:[function(t,e,i){"use strict";var n=t(25),a=t(26),o=t(45);n._set("global",{tooltips:{enabled:!0,custom:null,mode:"nearest",position:"average",intersect:!0,backgroundColor:"rgba(0,0,0,0.8)",titleFontStyle:"bold",titleSpacing:2,titleMarginBottom:6,titleFontColor:"#fff",titleAlign:"left",bodySpacing:2,bodyFontColor:"#fff",bodyAlign:"left",footerFontStyle:"bold",footerSpacing:2,footerMarginTop:6,footerFontColor:"#fff",footerAlign:"left",yPadding:6,xPadding:6,caretPadding:2,caretSize:5,cornerRadius:6,multiKeyBackground:"#fff",displayColors:!0,borderColor:"rgba(0,0,0,0)",borderWidth:0,callbacks:{beforeTitle:o.noop,title:function(t,e){var i="",n=e.labels,a=n?n.length:0;if(t.length>0){var o=t[0];o.xLabel?i=o.xLabel:a>0&&o.indexl.height-e.height&&(c="bottom");var h=(u.left+u.right)/2,f=(u.top+u.bottom)/2;"center"===c?(i=function(t){return t<=h},n=function(t){return t>h}):(i=function(t){return t<=e.width/2},n=function(t){return t>=l.width-e.width/2}),a=function(t){return t+e.width+s.caretSize+s.caretPadding>l.width},o=function(t){return t-e.width-s.caretSize-s.caretPadding<0},r=function(t){return t<=f?"top":"bottom"},i(s.x)?(d="left",a(s.x)&&(d="center",c=r(s.y))):n(s.x)&&(d="right",o(s.x)&&(d="center",c=r(s.y)));var g=t._options;return{xAlign:g.xAlign?g.xAlign:d,yAlign:g.yAlign?g.yAlign:c}}(this,F=function(t,e){var i=t._chart.ctx,n=2*e.yPadding,a=0,r=e.body,s=r.reduce(function(t,e){return t+e.before.length+e.lines.length+e.after.length},0);s+=e.beforeBody.length+e.afterBody.length;var l=e.title.length,u=e.footer.length,d=e.titleFontSize,c=e.bodyFontSize,h=e.footerFontSize;n+=l*d,n+=l?(l-1)*e.titleSpacing:0,n+=l?e.titleMarginBottom:0,n+=s*c,n+=s?(s-1)*e.bodySpacing:0,n+=u?e.footerMarginTop:0,n+=u*h,n+=u?(u-1)*e.footerSpacing:0;var f=0,g=function(t){a=Math.max(a,i.measureText(t).width+f)};return i.font=o.fontString(d,e._titleFontStyle,e._titleFontFamily),o.each(e.title,g),i.font=o.fontString(c,e._bodyFontStyle,e._bodyFontFamily),o.each(e.beforeBody.concat(e.afterBody),g),f=e.displayColors?c+2:0,o.each(r,function(t){o.each(t.before,g),o.each(t.lines,g),o.each(t.after,g)}),f=0,i.font=o.fontString(h,e._footerFontStyle,e._footerFontFamily),o.each(e.footer,g),{width:a+=2*e.xPadding,height:n}}(this,D)),a=D,s=F,l=A,u=S._chart,d=a.x,c=a.y,h=a.caretSize,f=a.caretPadding,g=a.cornerRadius,p=l.xAlign,m=l.yAlign,v=h+f,b=g+f,"right"===p?d-=s.width:"center"===p&&((d-=s.width/2)+s.width>u.width&&(d=u.width-s.width),d<0&&(d=0)),"top"===m?c+=v:c-="bottom"===m?s.height+v:s.height/2,"center"===m?"left"===p?d+=v:"right"===p&&(d-=v):"left"===p?d-=b:"right"===p&&(d+=b),T={x:d,y:c}}else D.opacity=0;return D.xAlign=A.xAlign,D.yAlign=A.yAlign,D.x=T.x,D.y=T.y,D.width=F.width,D.height=F.height,D.caretX=O.x,D.caretY=O.y,S._model=D,e&&C.custom&&C.custom.call(S,D),S},drawCaret:function(t,e){var i=this._chart.ctx,n=this._view,a=this.getCaretPosition(t,e,n);i.lineTo(a.x1,a.y1),i.lineTo(a.x2,a.y2),i.lineTo(a.x3,a.y3)},getCaretPosition:function(t,e,i){var n,a,o,r,s,l,u=i.caretSize,d=i.cornerRadius,c=i.xAlign,h=i.yAlign,f=t.x,g=t.y,p=e.width,m=e.height;if("center"===h)s=g+m/2,"left"===c?(a=(n=f)-u,o=n,r=s+u,l=s-u):(a=(n=f+p)+u,o=n,r=s-u,l=s+u);else if("left"===c?(n=(a=f+d+u)-u,o=a+u):"right"===c?(n=(a=f+p-d-u)-u,o=a+u):(n=(a=i.caretX)-u,o=a+u),"top"===h)s=(r=g)-u,l=r;else{s=(r=g+m)+u,l=r;var v=o;o=n,n=v}return{x1:n,x2:a,x3:o,y1:r,y2:s,y3:l}},drawTitle:function(t,i,n,a){var r=i.title;if(r.length){n.textAlign=i._titleAlign,n.textBaseline="top";var s,l,u=i.titleFontSize,d=i.titleSpacing;for(n.fillStyle=e(i.titleFontColor,a),n.font=o.fontString(u,i._titleFontStyle,i._titleFontFamily),s=0,l=r.length;s0&&n.stroke()},draw:function(){var t=this._chart.ctx,e=this._view;if(0!==e.opacity){var i={width:e.width,height:e.height},n={x:e.x,y:e.y},a=Math.abs(e.opacity<.001)?0:e.opacity,o=e.title.length||e.beforeBody.length||e.body.length||e.afterBody.length||e.footer.length;this._options.enabled&&o&&(this.drawBackground(n,e,t,i,a),n.x+=e.xPadding,n.y+=e.yPadding,this.drawTitle(n,e,t,a),this.drawBody(n,e,t,a),this.drawFooter(n,e,t,a))}},handleEvent:function(t){var e,i=this,n=i._options;return i._lastActive=i._lastActive||[],"mouseout"===t.type?i._active=[]:i._active=i._chart.getElementsAtEventForMode(t,n.mode,n),(e=!o.arrayEquals(i._active,i._lastActive))&&(i._lastActive=i._active,(n.enabled||n.custom)&&(i._eventPosition={x:t.x,y:t.y},i.update(!0),i.pivot())),e}}),t.Tooltip.positioners={average:function(t){if(!t.length)return!1;var e,i,n=0,a=0,o=0;for(e=0,i=t.length;el;)a-=2*Math.PI;for(;a=s&&a<=l,d=r>=i.innerRadius&&r<=i.outerRadius;return u&&d}return!1},getCenterPoint:function(){var t=this._view,e=(t.startAngle+t.endAngle)/2,i=(t.innerRadius+t.outerRadius)/2;return{x:t.x+Math.cos(e)*i,y:t.y+Math.sin(e)*i}},getArea:function(){var t=this._view;return Math.PI*((t.endAngle-t.startAngle)/(2*Math.PI))*(Math.pow(t.outerRadius,2)-Math.pow(t.innerRadius,2))},tooltipPosition:function(){var t=this._view,e=t.startAngle+(t.endAngle-t.startAngle)/2,i=(t.outerRadius-t.innerRadius)/2+t.innerRadius;return{x:t.x+Math.cos(e)*i,y:t.y+Math.sin(e)*i}},draw:function(){var t=this._chart.ctx,e=this._view,i=e.startAngle,n=e.endAngle;t.beginPath(),t.arc(e.x,e.y,e.outerRadius,i,n),t.arc(e.x,e.y,e.innerRadius,n,i,!0),t.closePath(),t.strokeStyle=e.borderColor,t.lineWidth=e.borderWidth,t.fillStyle=e.backgroundColor,t.fill(),t.lineJoin="bevel",e.borderWidth&&t.stroke()}})},{25:25,26:26,45:45}],37:[function(t,e,i){"use strict";var n=t(25),a=t(26),o=t(45),r=n.global;n._set("global",{elements:{line:{tension:.4,backgroundColor:r.defaultColor,borderWidth:3,borderColor:r.defaultColor,borderCapStyle:"butt",borderDash:[],borderDashOffset:0,borderJoinStyle:"miter",capBezierPoints:!0,fill:!0}}}),e.exports=a.extend({draw:function(){var t,e,i,n,a=this._view,s=this._chart.ctx,l=a.spanGaps,u=this._children.slice(),d=r.elements.line,c=-1;for(this._loop&&u.length&&u.push(u[0]),s.save(),s.lineCap=a.borderCapStyle||d.borderCapStyle,s.setLineDash&&s.setLineDash(a.borderDash||d.borderDash),s.lineDashOffset=a.borderDashOffset||d.borderDashOffset,s.lineJoin=a.borderJoinStyle||d.borderJoinStyle,s.lineWidth=a.borderWidth||d.borderWidth,s.strokeStyle=a.borderColor||r.defaultColor,s.beginPath(),c=-1,t=0;tt?1:-1,o=1,r=l.borderSkipped||"left"):(t=l.x-l.width/2,e=l.x+l.width/2,i=l.y,a=1,o=(n=l.base)>i?1:-1,r=l.borderSkipped||"bottom"),u){var d=Math.min(Math.abs(t-e),Math.abs(i-n)),c=(u=u>d?d:u)/2,h=t+("left"!==r?c*a:0),f=e+("right"!==r?-c*a:0),g=i+("top"!==r?c*o:0),p=n+("bottom"!==r?-c*o:0);h!==f&&(i=g,n=p),g!==p&&(t=h,e=f)}s.beginPath(),s.fillStyle=l.backgroundColor,s.strokeStyle=l.borderColor,s.lineWidth=u;var m=[[t,n],[t,i],[e,i],[e,n]],v=["bottom","left","top","right"].indexOf(r,0);function b(t){return m[(v+t)%4]}-1===v&&(v=0);var x=b(0);s.moveTo(x[0],x[1]);for(var y=1;y<4;y++)x=b(y),s.lineTo(x[0],x[1]);s.fill(),u&&s.stroke()},height:function(){var t=this._view;return t.base-t.y},inRange:function(t,e){var i=!1;if(this._view){var n=r(this);i=t>=n.left&&t<=n.right&&e>=n.top&&e<=n.bottom}return i},inLabelRange:function(t,e){if(!this._view)return!1;var i=r(this);return o(this)?t>=i.left&&t<=i.right:e>=i.top&&e<=i.bottom},inXRange:function(t){var e=r(this);return t>=e.left&&t<=e.right},inYRange:function(t){var e=r(this);return t>=e.top&&t<=e.bottom},getCenterPoint:function(){var t,e,i=this._view;return o(this)?(t=i.x,e=(i.y+i.base)/2):(t=(i.x+i.base)/2,e=i.y),{x:t,y:e}},getArea:function(){var t=this._view;return t.width*Math.abs(t.y-t.base)},tooltipPosition:function(){var t=this._view;return{x:t.x,y:t.y}}})},{25:25,26:26}],40:[function(t,e,i){"use strict";e.exports={},e.exports.Arc=t(36),e.exports.Line=t(37),e.exports.Point=t(38),e.exports.Rectangle=t(39)},{36:36,37:37,38:38,39:39}],41:[function(t,e,i){"use strict";var n=t(42);i=e.exports={clear:function(t){t.ctx.clearRect(0,0,t.width,t.height)},roundedRect:function(t,e,i,n,a,o){if(o){var r=Math.min(o,n/2),s=Math.min(o,a/2);t.moveTo(e+r,i),t.lineTo(e+n-r,i),t.quadraticCurveTo(e+n,i,e+n,i+s),t.lineTo(e+n,i+a-s),t.quadraticCurveTo(e+n,i+a,e+n-r,i+a),t.lineTo(e+r,i+a),t.quadraticCurveTo(e,i+a,e,i+a-s),t.lineTo(e,i+s),t.quadraticCurveTo(e,i,e+r,i)}else t.rect(e,i,n,a)},drawPoint:function(t,e,i,n,a){var o,r,s,l,u,d;if(!e||"object"!=typeof e||"[object HTMLImageElement]"!==(o=e.toString())&&"[object HTMLCanvasElement]"!==o){if(!(isNaN(i)||i<=0)){switch(e){default:t.beginPath(),t.arc(n,a,i,0,2*Math.PI),t.closePath(),t.fill();break;case"triangle":t.beginPath(),u=(r=3*i/Math.sqrt(3))*Math.sqrt(3)/2,t.moveTo(n-r/2,a+u/3),t.lineTo(n+r/2,a+u/3),t.lineTo(n,a-2*u/3),t.closePath(),t.fill();break;case"rect":d=1/Math.SQRT2*i,t.beginPath(),t.fillRect(n-d,a-d,2*d,2*d),t.strokeRect(n-d,a-d,2*d,2*d);break;case"rectRounded":var c=i/Math.SQRT2,h=n-c,f=a-c,g=Math.SQRT2*i;t.beginPath(),this.roundedRect(t,h,f,g,g,i/2),t.closePath(),t.fill();break;case"rectRot":d=1/Math.SQRT2*i,t.beginPath(),t.moveTo(n-d,a),t.lineTo(n,a+d),t.lineTo(n+d,a),t.lineTo(n,a-d),t.closePath(),t.fill();break;case"cross":t.beginPath(),t.moveTo(n,a+i),t.lineTo(n,a-i),t.moveTo(n-i,a),t.lineTo(n+i,a),t.closePath();break;case"crossRot":t.beginPath(),s=Math.cos(Math.PI/4)*i,l=Math.sin(Math.PI/4)*i,t.moveTo(n-s,a-l),t.lineTo(n+s,a+l),t.moveTo(n-s,a+l),t.lineTo(n+s,a-l),t.closePath();break;case"star":t.beginPath(),t.moveTo(n,a+i),t.lineTo(n,a-i),t.moveTo(n-i,a),t.lineTo(n+i,a),s=Math.cos(Math.PI/4)*i,l=Math.sin(Math.PI/4)*i,t.moveTo(n-s,a-l),t.lineTo(n+s,a+l),t.moveTo(n-s,a+l),t.lineTo(n+s,a-l),t.closePath();break;case"line":t.beginPath(),t.moveTo(n-i,a),t.lineTo(n+i,a),t.closePath();break;case"dash":t.beginPath(),t.moveTo(n,a),t.lineTo(n+i,a),t.closePath()}t.stroke()}}else t.drawImage(e,n-e.width/2,a-e.height/2,e.width,e.height)},clipArea:function(t,e){t.save(),t.beginPath(),t.rect(e.left,e.top,e.right-e.left,e.bottom-e.top),t.clip()},unclipArea:function(t){t.restore()},lineTo:function(t,e,i,n){if(i.steppedLine)return"after"===i.steppedLine&&!n||"after"!==i.steppedLine&&n?t.lineTo(e.x,i.y):t.lineTo(i.x,e.y),void t.lineTo(i.x,i.y);i.tension?t.bezierCurveTo(n?e.controlPointPreviousX:e.controlPointNextX,n?e.controlPointPreviousY:e.controlPointNextY,n?i.controlPointNextX:i.controlPointPreviousX,n?i.controlPointNextY:i.controlPointPreviousY,i.x,i.y):t.lineTo(i.x,i.y)}};n.clear=i.clear,n.drawRoundedRectangle=function(t){t.beginPath(),i.roundedRect.apply(i,arguments),t.closePath()}},{42:42}],42:[function(t,e,i){"use strict";var n,a={noop:function(){},uid:(n=0,function(){return n++}),isNullOrUndef:function(t){return null==t},isArray:Array.isArray?Array.isArray:function(t){return"[object Array]"===Object.prototype.toString.call(t)},isObject:function(t){return null!==t&&"[object Object]"===Object.prototype.toString.call(t)},valueOrDefault:function(t,e){return void 0===t?e:t},valueAtIndexOrDefault:function(t,e,i){return a.valueOrDefault(a.isArray(t)?t[e]:t,i)},callback:function(t,e,i){if(t&&"function"==typeof t.call)return t.apply(i,e)},each:function(t,e,i,n){var o,r,s;if(a.isArray(t))if(r=t.length,n)for(o=r-1;o>=0;o--)e.call(i,t[o],o);else for(o=0;o=1?t:-(Math.sqrt(1-t*t)-1)},easeOutCirc:function(t){return Math.sqrt(1-(t-=1)*t)},easeInOutCirc:function(t){return(t/=.5)<1?-.5*(Math.sqrt(1-t*t)-1):.5*(Math.sqrt(1-(t-=2)*t)+1)},easeInElastic:function(t){var e=1.70158,i=0,n=1;return 0===t?0:1===t?1:(i||(i=.3),n<1?(n=1,e=i/4):e=i/(2*Math.PI)*Math.asin(1/n),-n*Math.pow(2,10*(t-=1))*Math.sin((t-e)*(2*Math.PI)/i))},easeOutElastic:function(t){var e=1.70158,i=0,n=1;return 0===t?0:1===t?1:(i||(i=.3),n<1?(n=1,e=i/4):e=i/(2*Math.PI)*Math.asin(1/n),n*Math.pow(2,-10*t)*Math.sin((t-e)*(2*Math.PI)/i)+1)},easeInOutElastic:function(t){var e=1.70158,i=0,n=1;return 0===t?0:2==(t/=.5)?1:(i||(i=.45),n<1?(n=1,e=i/4):e=i/(2*Math.PI)*Math.asin(1/n),t<1?n*Math.pow(2,10*(t-=1))*Math.sin((t-e)*(2*Math.PI)/i)*-.5:n*Math.pow(2,-10*(t-=1))*Math.sin((t-e)*(2*Math.PI)/i)*.5+1)},easeInBack:function(t){return t*t*(2.70158*t-1.70158)},easeOutBack:function(t){return(t-=1)*t*(2.70158*t+1.70158)+1},easeInOutBack:function(t){var e=1.70158;return(t/=.5)<1?t*t*((1+(e*=1.525))*t-e)*.5:.5*((t-=2)*t*((1+(e*=1.525))*t+e)+2)},easeInBounce:function(t){return 1-a.easeOutBounce(1-t)},easeOutBounce:function(t){return t<1/2.75?7.5625*t*t:t<2/2.75?7.5625*(t-=1.5/2.75)*t+.75:t<2.5/2.75?7.5625*(t-=2.25/2.75)*t+.9375:7.5625*(t-=2.625/2.75)*t+.984375},easeInOutBounce:function(t){return t<.5?.5*a.easeInBounce(2*t):.5*a.easeOutBounce(2*t-1)+.5}};e.exports={effects:a},n.easingEffects=a},{42:42}],44:[function(t,e,i){"use strict";var n=t(42);e.exports={toLineHeight:function(t,e){var i=(""+t).match(/^(normal|(\d+(?:\.\d+)?)(px|em|%)?)$/);if(!i||"normal"===i[1])return 1.2*e;switch(t=+i[2],i[3]){case"px":return t;case"%":t/=100}return e*t},toPadding:function(t){var e,i,a,o;return n.isObject(t)?(e=+t.top||0,i=+t.right||0,a=+t.bottom||0,o=+t.left||0):e=i=a=o=+t||0,{top:e,right:i,bottom:a,left:o,height:e+a,width:o+i}},resolve:function(t,e,i){var a,o,r;for(a=0,o=t.length;a
';var a=e.childNodes[0],r=e.childNodes[1];e._reset=function(){a.scrollLeft=1e6,a.scrollTop=1e6,r.scrollLeft=1e6,r.scrollTop=1e6};var s=function(){e._reset(),t()};return h(a,"scroll",s.bind(a,"expand")),h(r,"scroll",s.bind(r,"shrink")),e}((u=function(){if(x.resizer)return e(g("resize",i))},c=!1,f=[],function(){f=Array.prototype.slice.call(arguments),d=d||this,c||(c=!0,n.requestAnimFrame.call(window,function(){c=!1,u.apply(d,f)}))}));m=function(){if(x.resizer){var e=t.parentNode;e&&e!==y.parentNode&&e.insertBefore(y,e.firstChild),y._reset()}},v=(p=t)[a]||(p[a]={}),b=v.renderProxy=function(t){t.animationName===s&&m()},n.each(l,function(t){h(p,t,b)}),v.reflow=!!p.offsetParent,p.classList.add(r)}function m(t){var e,i,o,s=t[a]||{},u=s.resizer;delete s.resizer,i=(e=t)[a]||{},(o=i.renderProxy)&&(n.each(l,function(t){f(e,t,o)}),delete i.renderProxy),e.classList.remove(r),u&&u.parentNode&&u.parentNode.removeChild(u)}e.exports={_enabled:"undefined"!=typeof window&&"undefined"!=typeof document,initialize:function(){var t,e,i,n="from{opacity:0.99}to{opacity:1}";e="@-webkit-keyframes "+s+"{"+n+"}@keyframes "+s+"{"+n+"}."+r+"{-webkit-animation:"+s+" 0.001s;animation:"+s+" 0.001s;}",i=(t=this)._style||document.createElement("style"),t._style||(t._style=i,e="/* Chart.js */\n"+e,i.setAttribute("type","text/css"),document.getElementsByTagName("head")[0].appendChild(i)),i.appendChild(document.createTextNode(e))},acquireContext:function(t,e){"string"==typeof t?t=document.getElementById(t):t.length&&(t=t[0]),t&&t.canvas&&(t=t.canvas);var i=t&&t.getContext&&t.getContext("2d");return i&&i.canvas===t?(function(t,e){var i=t.style,n=t.getAttribute("height"),o=t.getAttribute("width");if(t[a]={initial:{height:n,width:o,style:{display:i.display,height:i.height,width:i.width}}},i.display=i.display||"block",null===o||""===o){var r=d(t,"width");void 0!==r&&(t.width=r)}if(null===n||""===n)if(""===t.style.height)t.height=t.width/(e.options.aspectRatio||2);else{var s=d(t,"height");void 0!==r&&(t.height=s)}}(t,e),i):null},releaseContext:function(t){var e=t.canvas;if(e[a]){var i=e[a].initial;["height","width"].forEach(function(t){var a=i[t];n.isNullOrUndef(a)?e.removeAttribute(t):e.setAttribute(t,a)}),n.each(i.style||{},function(t,i){e.style[i]=t}),e.width=e.width,delete e[a]}},addEventListener:function(t,e,i){var o=t.canvas;if("resize"!==e){var r=i[a]||(i[a]={});h(o,e,(r.proxies||(r.proxies={}))[t.id+"_"+e]=function(e){var a,o,r,s;i((o=t,r=u[(a=e).type]||a.type,s=n.getRelativePosition(a,o),g(r,o,s.x,s.y,a)))})}else p(o,i,t)},removeEventListener:function(t,e,i){var n=t.canvas;if("resize"!==e){var o=((i[a]||{}).proxies||{})[t.id+"_"+e];o&&f(n,e,o)}else m(n)}},n.addEvent=h,n.removeEvent=f},{45:45}],48:[function(t,e,i){"use strict";var n=t(45),a=t(46),o=t(47),r=o._enabled?o:a;e.exports=n.extend({initialize:function(){},acquireContext:function(){},releaseContext:function(){},addEventListener:function(){},removeEventListener:function(){}},r)},{45:45,46:46,47:47}],49:[function(t,e,i){"use strict";e.exports={},e.exports.filler=t(50),e.exports.legend=t(51),e.exports.title=t(52)},{50:50,51:51,52:52}],50:[function(t,e,i){"use strict";var n=t(25),a=t(40),o=t(45);n._set("global",{plugins:{filler:{propagate:!0}}});var r={dataset:function(t){var e=t.fill,i=t.chart,n=i.getDatasetMeta(e),a=n&&i.isDatasetVisible(e)&&n.dataset._children||[],o=a.length||0;return o?function(t,e){return e=i)&&n;switch(o){case"bottom":return"start";case"top":return"end";case"zero":return"origin";case"origin":case"start":case"end":return o;default:return!1}}function l(t){var e,i=t.el._model||{},n=t.el._scale||{},a=t.fill,o=null;if(isFinite(a))return null;if("start"===a?o=void 0===i.scaleBottom?n.bottom:i.scaleBottom:"end"===a?o=void 0===i.scaleTop?n.top:i.scaleTop:void 0!==i.scaleZero?o=i.scaleZero:n.getBasePosition?o=n.getBasePosition():n.getBasePixel&&(o=n.getBasePixel()),null!=o){if(void 0!==o.x&&void 0!==o.y)return o;if("number"==typeof o&&isFinite(o))return{x:(e=n.isHorizontal())?o:null,y:e?null:o}}return null}function u(t,e,i){var n,a=t[e].fill,o=[e];if(!i)return a;for(;!1!==a&&-1===o.indexOf(a);){if(!isFinite(a))return a;if(!(n=t[a]))return!1;if(n.visible)return a;o.push(a),a=n.fill}return!1}function d(t){return t&&!t.skip}function c(t,e,i,n,a){var r;if(n&&a){for(t.moveTo(e[0].x,e[0].y),r=1;r0;--r)o.canvas.lineTo(t,i[r],i[r-1],!0)}}e.exports={id:"filler",afterDatasetsUpdate:function(t,e){var i,n,o,d,c,h,f,g=(t.data.datasets||[]).length,p=e.propagate,m=[];for(n=0;n');for(var i=0;i'),t.data.datasets[i].label&&e.push(t.data.datasets[i].label),e.push("");return e.push(""),e.join("")}});var u=a.extend({initialize:function(t){o.extend(this,t),this.legendHitBoxes=[],this.doughnutMode=!1},beforeUpdate:s,update:function(t,e,i){var n=this;return n.beforeUpdate(),n.maxWidth=t,n.maxHeight=e,n.margins=i,n.beforeSetDimensions(),n.setDimensions(),n.afterSetDimensions(),n.beforeBuildLabels(),n.buildLabels(),n.afterBuildLabels(),n.beforeFit(),n.fit(),n.afterFit(),n.afterUpdate(),n.minSize},afterUpdate:s,beforeSetDimensions:s,setDimensions:function(){var t=this;t.isHorizontal()?(t.width=t.maxWidth,t.left=0,t.right=t.width):(t.height=t.maxHeight,t.top=0,t.bottom=t.height),t.paddingLeft=0,t.paddingTop=0,t.paddingRight=0,t.paddingBottom=0,t.minSize={width:0,height:0}},afterSetDimensions:s,beforeBuildLabels:s,buildLabels:function(){var t=this,e=t.options.labels||{},i=o.callback(e.generateLabels,[t.chart],t)||[];e.filter&&(i=i.filter(function(i){return e.filter(i,t.chart.data)})),t.options.reverse&&i.reverse(),t.legendItems=i},afterBuildLabels:s,beforeFit:s,fit:function(){var t=this,e=t.options,i=e.labels,a=e.display,r=t.ctx,s=n.global,u=o.valueOrDefault,d=u(i.fontSize,s.defaultFontSize),c=u(i.fontStyle,s.defaultFontStyle),h=u(i.fontFamily,s.defaultFontFamily),f=o.fontString(d,c,h),g=t.legendHitBoxes=[],p=t.minSize,m=t.isHorizontal();if(m?(p.width=t.maxWidth,p.height=a?10:0):(p.width=a?10:0,p.height=t.maxHeight),a)if(r.font=f,m){var v=t.lineWidths=[0],b=t.legendItems.length?d+i.padding:0;r.textAlign="left",r.textBaseline="top",o.each(t.legendItems,function(e,n){var a=l(i,d)+d/2+r.measureText(e.text).width;v[v.length-1]+a+i.padding>=t.width&&(b+=d+i.padding,v[v.length]=t.left),g[n]={left:0,top:0,width:a,height:d},v[v.length-1]+=a+i.padding}),p.height+=b}else{var x=i.padding,y=t.columnWidths=[],k=i.padding,M=0,w=0,S=d+x;o.each(t.legendItems,function(t,e){var n=l(i,d)+d/2+r.measureText(t.text).width;w+S>p.height&&(k+=M+i.padding,y.push(M),M=0,w=0),M=Math.max(M,n),w+=S,g[e]={left:0,top:0,width:n,height:d}}),k+=M,y.push(M),p.width+=k}t.width=p.width,t.height=p.height},afterFit:s,isHorizontal:function(){return"top"===this.options.position||"bottom"===this.options.position},draw:function(){var t=this,e=t.options,i=e.labels,a=n.global,r=a.elements.line,s=t.width,u=t.lineWidths;if(e.display){var d,c=t.ctx,h=o.valueOrDefault,f=h(i.fontColor,a.defaultFontColor),g=h(i.fontSize,a.defaultFontSize),p=h(i.fontStyle,a.defaultFontStyle),m=h(i.fontFamily,a.defaultFontFamily),v=o.fontString(g,p,m);c.textAlign="left",c.textBaseline="middle",c.lineWidth=.5,c.strokeStyle=f,c.fillStyle=f,c.font=v;var b=l(i,g),x=t.legendHitBoxes,y=t.isHorizontal();d=y?{x:t.left+(s-u[0])/2,y:t.top+i.padding,line:0}:{x:t.left+i.padding,y:t.top+i.padding,line:0};var k=g+i.padding;o.each(t.legendItems,function(n,l){var f,p,m,v,M,w=c.measureText(n.text).width,S=b+g/2+w,C=d.x,_=d.y;y?C+S>=s&&(_=d.y+=k,d.line++,C=d.x=t.left+(s-u[d.line])/2):_+k>t.bottom&&(C=d.x=C+t.columnWidths[d.line]+i.padding,_=d.y=t.top+i.padding,d.line++),function(t,i,n){if(!(isNaN(b)||b<=0)){c.save(),c.fillStyle=h(n.fillStyle,a.defaultColor),c.lineCap=h(n.lineCap,r.borderCapStyle),c.lineDashOffset=h(n.lineDashOffset,r.borderDashOffset),c.lineJoin=h(n.lineJoin,r.borderJoinStyle),c.lineWidth=h(n.lineWidth,r.borderWidth),c.strokeStyle=h(n.strokeStyle,a.defaultColor);var s=0===h(n.lineWidth,r.borderWidth);if(c.setLineDash&&c.setLineDash(h(n.lineDash,r.borderDash)),e.labels&&e.labels.usePointStyle){var l=g*Math.SQRT2/2,u=l/Math.SQRT2,d=t+u,f=i+u;o.canvas.drawPoint(c,n.pointStyle,l,d,f)}else s||c.strokeRect(t,i,b,g),c.fillRect(t,i,b,g);c.restore()}}(C,_,n),x[l].left=C,x[l].top=_,f=n,p=w,v=b+(m=g/2)+C,M=_+m,c.fillText(f.text,v,M),f.hidden&&(c.beginPath(),c.lineWidth=2,c.moveTo(v,M),c.lineTo(v+p,M),c.stroke()),y?d.x+=S+i.padding:d.y+=k})}},handleEvent:function(t){var e=this,i=e.options,n="mouseup"===t.type?"click":t.type,a=!1;if("mousemove"===n){if(!i.onHover)return}else{if("click"!==n)return;if(!i.onClick)return}var o=t.x,r=t.y;if(o>=e.left&&o<=e.right&&r>=e.top&&r<=e.bottom)for(var s=e.legendHitBoxes,l=0;l=u.left&&o<=u.left+u.width&&r>=u.top&&r<=u.top+u.height){if("click"===n){i.onClick.call(e,t.native,e.legendItems[l]),a=!0;break}if("mousemove"===n){i.onHover.call(e,t.native,e.legendItems[l]),a=!0;break}}}return a}});function d(t,e){var i=new u({ctx:t.ctx,options:e,chart:t});r.configure(t,i,e),r.addBox(t,i),t.legend=i}e.exports={id:"legend",_element:u,beforeInit:function(t){var e=t.options.legend;e&&d(t,e)},beforeUpdate:function(t){var e=t.options.legend,i=t.legend;e?(o.mergeIf(e,n.global.legend),i?(r.configure(t,i,e),i.options=e):d(t,e)):i&&(r.removeBox(t,i),delete t.legend)},afterEvent:function(t,e){var i=t.legend;i&&i.handleEvent(e)}}},{25:25,26:26,30:30,45:45}],52:[function(t,e,i){"use strict";var n=t(25),a=t(26),o=t(45),r=t(30),s=o.noop;n._set("global",{title:{display:!1,fontStyle:"bold",fullWidth:!0,lineHeight:1.2,padding:10,position:"top",text:"",weight:2e3}});var l=a.extend({initialize:function(t){o.extend(this,t),this.legendHitBoxes=[]},beforeUpdate:s,update:function(t,e,i){var n=this;return n.beforeUpdate(),n.maxWidth=t,n.maxHeight=e,n.margins=i,n.beforeSetDimensions(),n.setDimensions(),n.afterSetDimensions(),n.beforeBuildLabels(),n.buildLabels(),n.afterBuildLabels(),n.beforeFit(),n.fit(),n.afterFit(),n.afterUpdate(),n.minSize},afterUpdate:s,beforeSetDimensions:s,setDimensions:function(){var t=this;t.isHorizontal()?(t.width=t.maxWidth,t.left=0,t.right=t.width):(t.height=t.maxHeight,t.top=0,t.bottom=t.height),t.paddingLeft=0,t.paddingTop=0,t.paddingRight=0,t.paddingBottom=0,t.minSize={width:0,height:0}},afterSetDimensions:s,beforeBuildLabels:s,buildLabels:s,afterBuildLabels:s,beforeFit:s,fit:function(){var t=this,e=o.valueOrDefault,i=t.options,a=i.display,r=e(i.fontSize,n.global.defaultFontSize),s=t.minSize,l=o.isArray(i.text)?i.text.length:1,u=o.options.toLineHeight(i.lineHeight,r),d=a?l*u+2*i.padding:0;t.isHorizontal()?(s.width=t.maxWidth,s.height=d):(s.width=d,s.height=t.maxHeight),t.width=s.width,t.height=s.height},afterFit:s,isHorizontal:function(){var t=this.options.position;return"top"===t||"bottom"===t},draw:function(){var t=this,e=t.ctx,i=o.valueOrDefault,a=t.options,r=n.global;if(a.display){var s,l,u,d=i(a.fontSize,r.defaultFontSize),c=i(a.fontStyle,r.defaultFontStyle),h=i(a.fontFamily,r.defaultFontFamily),f=o.fontString(d,c,h),g=o.options.toLineHeight(a.lineHeight,d),p=g/2+a.padding,m=0,v=t.top,b=t.left,x=t.bottom,y=t.right;e.fillStyle=i(a.fontColor,r.defaultFontColor),e.font=f,t.isHorizontal()?(l=b+(y-b)/2,u=v+p,s=y-b):(l="left"===a.position?b+p:y-p,u=v+(x-v)/2,s=x-v,m=Math.PI*("left"===a.position?-.5:.5)),e.save(),e.translate(l,u),e.rotate(m),e.textAlign="center",e.textBaseline="middle";var k=a.text;if(o.isArray(k))for(var M=0,w=0;wt.max&&(t.max=n))})});t.min=isFinite(t.min)&&!isNaN(t.min)?t.min:0,t.max=isFinite(t.max)&&!isNaN(t.max)?t.max:1,this.handleTickRangeOptions()},getTickLimit:function(){var t,e=this.options.ticks;if(this.isHorizontal())t=Math.min(e.maxTicksLimit?e.maxTicksLimit:11,Math.ceil(this.width/50));else{var i=a.valueOrDefault(e.fontSize,n.global.defaultFontSize);t=Math.min(e.maxTicksLimit?e.maxTicksLimit:11,Math.ceil(this.height/(2*i)))}return t},handleDirectionalChanges:function(){this.isHorizontal()||this.ticks.reverse()},getLabelForIndex:function(t,e){return+this.getRightValue(this.chart.data.datasets[e].data[t])},getPixelForValue:function(t){var e=this,i=e.start,n=+e.getRightValue(t),a=e.end-i;return e.isHorizontal()?e.left+e.width/a*(n-i):e.bottom-e.height/a*(n-i)},getValueForPixel:function(t){var e=this,i=e.isHorizontal(),n=i?e.width:e.height,a=(i?t-e.left:e.bottom-t)/n;return e.start+(e.end-e.start)*a},getPixelForTick:function(t){return this.getPixelForValue(this.ticksAsNumbers[t])}});t.scaleService.registerScaleType("linear",i,e)}},{25:25,34:34,45:45}],55:[function(t,e,i){"use strict";var n=t(45);e.exports=function(t){var e=n.noop;t.LinearScaleBase=t.Scale.extend({getRightValue:function(e){return"string"==typeof e?+e:t.Scale.prototype.getRightValue.call(this,e)},handleTickRangeOptions:function(){var t=this,e=t.options.ticks;if(e.beginAtZero){var i=n.sign(t.min),a=n.sign(t.max);i<0&&a<0?t.max=0:i>0&&a>0&&(t.min=0)}var o=void 0!==e.min||void 0!==e.suggestedMin,r=void 0!==e.max||void 0!==e.suggestedMax;void 0!==e.min?t.min=e.min:void 0!==e.suggestedMin&&(null===t.min?t.min=e.suggestedMin:t.min=Math.min(t.min,e.suggestedMin)),void 0!==e.max?t.max=e.max:void 0!==e.suggestedMax&&(null===t.max?t.max=e.suggestedMax:t.max=Math.max(t.max,e.suggestedMax)),o!==r&&t.min>=t.max&&(o?t.max=t.min+1:t.min=t.max-1),t.min===t.max&&(t.max++,e.beginAtZero||t.min--)},getTickLimit:e,handleDirectionalChanges:e,buildTicks:function(){var t=this,e=t.options.ticks,i=t.getTickLimit(),a={maxTicks:i=Math.max(2,i),min:e.min,max:e.max,stepSize:n.valueOrDefault(e.fixedStepSize,e.stepSize)},o=t.ticks=function(t,e){var i,a=[];if(t.stepSize&&t.stepSize>0)i=t.stepSize;else{var o=n.niceNum(e.max-e.min,!1);i=n.niceNum(o/(t.maxTicks-1),!0)}var r=Math.floor(e.min/i)*i,s=Math.ceil(e.max/i)*i;t.min&&t.max&&t.stepSize&&n.almostWhole((t.max-t.min)/t.stepSize,i/1e3)&&(r=t.min,s=t.max);var l=(s-r)/i;l=n.almostEquals(l,Math.round(l),i/1e3)?Math.round(l):Math.ceil(l);var u=1;i<1&&(u=Math.pow(10,i.toString().length-2),r=Math.round(r*u)/u,s=Math.round(s*u)/u),a.push(void 0!==t.min?t.min:r);for(var d=1;d0){var i=n.min(e),a=n.max(e);t.min=null===t.min?i:Math.min(t.min,i),t.max=null===t.max?a:Math.max(t.max,a)}})}else n.each(a,function(e,a){var o=i.getDatasetMeta(a);i.isDatasetVisible(a)&&r(o)&&n.each(e.data,function(e,i){var n=+t.getRightValue(e);isNaN(n)||o.data[i].hidden||n<0||(null===t.min?t.min=n:nt.max&&(t.max=n),0!==n&&(null===t.minNotZero||n0?t.minNotZero=t.min:t.max<1?t.minNotZero=Math.pow(10,Math.floor(n.log10(t.max))):t.minNotZero=1)},buildTicks:function(){var t=this,e=t.options.ticks,i=!t.isHorizontal(),a={min:e.min,max:e.max},o=t.ticks=function(t,e){var i,a,o=[],r=n.valueOrDefault,s=r(t.min,Math.pow(10,Math.floor(n.log10(e.min)))),l=Math.floor(n.log10(e.max)),u=Math.ceil(e.max/Math.pow(10,l));0===s?(i=Math.floor(n.log10(e.minNotZero)),a=Math.floor(e.minNotZero/Math.pow(10,i)),o.push(s),s=a*Math.pow(10,i)):(i=Math.floor(n.log10(s)),a=Math.floor(s/Math.pow(10,i)));for(var d=i<0?Math.pow(10,Math.abs(i)):1;o.push(s),10==++a&&(a=1,d=++i>=0?1:d),s=Math.round(a*Math.pow(10,i)*d)/d,ia?{start:e-i-5,end:e}:{start:e,end:e+i+5}}function u(t,e,i,n){if(a.isArray(e))for(var o=i.y,r=1.5*n,s=0;sd.r&&(d.r=b.end,c.r=m),x.startd.b&&(d.b=x.end,c.b=m)}t.setReductions(u,d,c)}(this):(t=this,e=Math.min(t.height/2,t.width/2),t.drawingArea=Math.round(e),t.setCenterPoint(0,0,0,0))},setReductions:function(t,e,i){var n=e.l/Math.sin(i.l),a=Math.max(e.r-this.width,0)/Math.sin(i.r),o=-e.t/Math.cos(i.t),r=-Math.max(e.b-this.height,0)/Math.cos(i.b);n=d(n),a=d(a),o=d(o),r=d(r),this.drawingArea=Math.min(Math.round(t-(n+a)/2),Math.round(t-(o+r)/2)),this.setCenterPoint(n,a,o,r)},setCenterPoint:function(t,e,i,n){var a=this,o=a.width-e-a.drawingArea,r=t+a.drawingArea,s=i+a.drawingArea,l=a.height-n-a.drawingArea;a.xCenter=Math.round((r+o)/2+a.left),a.yCenter=Math.round((s+l)/2+a.top)},getIndexAngle:function(t){return t*(2*Math.PI/r(this))+(this.chart.options&&this.chart.options.startAngle?this.chart.options.startAngle:0)*Math.PI*2/360},getDistanceFromCenterForValue:function(t){var e=this;if(null===t)return 0;var i=e.drawingArea/(e.max-e.min);return e.options.ticks.reverse?(e.max-t)*i:(t-e.min)*i},getPointPosition:function(t,e){var i=this.getIndexAngle(t)-Math.PI/2;return{x:Math.round(Math.cos(i)*e)+this.xCenter,y:Math.round(Math.sin(i)*e)+this.yCenter}},getPointPositionForValue:function(t,e){return this.getPointPosition(t,this.getDistanceFromCenterForValue(e))},getBasePosition:function(){var t=this.min,e=this.max;return this.getPointPositionForValue(0,this.beginAtZero?0:t<0&&e<0?e:t>0&&e>0?t:0)},draw:function(){var t=this,i=t.options,n=i.gridLines,o=i.ticks,l=a.valueOrDefault;if(i.display){var d=t.ctx,c=this.getIndexAngle(0),h=l(o.fontSize,e.defaultFontSize),f=l(o.fontStyle,e.defaultFontStyle),g=l(o.fontFamily,e.defaultFontFamily),p=a.fontString(h,f,g);a.each(t.ticks,function(i,s){if(s>0||o.reverse){var u=t.getDistanceFromCenterForValue(t.ticksAsNumbers[s]);if(n.display&&0!==s&&function(t,e,i,n){var o=t.ctx;if(o.strokeStyle=a.valueAtIndexOrDefault(e.color,n-1),o.lineWidth=a.valueAtIndexOrDefault(e.lineWidth,n-1),t.options.gridLines.circular)o.beginPath(),o.arc(t.xCenter,t.yCenter,i,0,2*Math.PI),o.closePath(),o.stroke();else{var s=r(t);if(0===s)return;o.beginPath();var l=t.getPointPosition(0,i);o.moveTo(l.x,l.y);for(var u=1;u=0;m--){if(o.display){var v=t.getPointPosition(m,g);i.beginPath(),i.moveTo(t.xCenter,t.yCenter),i.lineTo(v.x,v.y),i.stroke(),i.closePath()}if(l.display){var b=t.getPointPosition(m,g+5),x=a.valueAtIndexOrDefault(l.fontColor,m,e.defaultFontColor);i.font=p.font,i.fillStyle=x;var y=t.getIndexAngle(m),k=a.toDegrees(y);i.textAlign=0===(f=k)||180===f?"center":f<180?"left":"right",d=k,c=t._pointLabelSizes[m],h=b,90===d||270===d?h.y-=c.h/2:(d>270||d<90)&&(h.y-=c.h),u(i,t.pointLabels[m]||"",b,p.size)}}}(t)}}});t.scaleService.registerScaleType("radialLinear",c,i)}},{25:25,34:34,45:45}],58:[function(t,e,i){"use strict";var n=t(1);n="function"==typeof n?n:window.moment;var a=t(25),o=t(45),r=Number.MIN_SAFE_INTEGER||-9007199254740991,s=Number.MAX_SAFE_INTEGER||9007199254740991,l={millisecond:{common:!0,size:1,steps:[1,2,5,10,20,50,100,250,500]},second:{common:!0,size:1e3,steps:[1,2,5,10,30]},minute:{common:!0,size:6e4,steps:[1,2,5,10,30]},hour:{common:!0,size:36e5,steps:[1,2,3,6,12]},day:{common:!0,size:864e5,steps:[1,2,5]},week:{common:!1,size:6048e5,steps:[1,2,3,4]},month:{common:!0,size:2628e6,steps:[1,2,3]},quarter:{common:!1,size:7884e6,steps:[1,2,3,4]},year:{common:!0,size:3154e7}},u=Object.keys(l);function d(t,e){return t-e}function c(t){var e,i,n,a={},o=[];for(e=0,i=t.length;e=0&&r<=s;){if(a=t[(n=r+s>>1)-1]||null,o=t[n],!a)return{lo:null,hi:o};if(o[e]i))return{lo:a,hi:o};s=n-1}}return{lo:o,hi:null}}(t,e,i),o=a.lo?a.hi?a.lo:t[t.length-2]:t[0],r=a.lo?a.hi?a.hi:t[t.length-1]:t[1],s=r[e]-o[e],l=s?(i-o[e])/s:0,u=(r[n]-o[n])*l;return o[n]+u}function f(t,e){var i=e.parser,a=e.parser||e.format;return"function"==typeof i?i(t):"string"==typeof t&&"string"==typeof a?n(t,a):(t instanceof n||(t=n(t)),t.isValid()?t:"function"==typeof a?a(t):t)}function g(t,e){if(o.isNullOrUndef(t))return null;var i=e.options.time,n=f(e.getRightValue(t),i);return n.isValid()?(i.round&&n.startOf(i.round),n.valueOf()):null}function p(t){for(var e=u.indexOf(t)+1,i=u.length;e=k&&i<=M&&_.push(i);return y.min=k,y.max=M,y._unit=S.unit||function(t,e,i,a){var o,r,s=n.duration(n(a).diff(n(i)));for(o=u.length-1;o>=u.indexOf(e);o--)if(r=u[o],l[r].common&&s.as(r)>=t.length)return r;return u[e?u.indexOf(e):0]}(_,S.minUnit,y.min,y.max),y._majorUnit=p(y._unit),y._table=function(t,e,i,n){if("linear"===n||!t.length)return[{time:e,pos:0},{time:i,pos:1}];var a,o,r,s,l,u=[],d=[e];for(a=0,o=t.length;ae&&s1?o[1]:s,v=o[0],b=(h(a,"time",c,"pos")-h(a,"time",v,"pos"))/2),d.time.max||(c=o[o.length-1],v=o.length>1?o[o.length-2]:r,x=(h(a,"time",c,"pos")-h(a,"time",v,"pos"))/2)),{left:b,right:x}),y._labelFormat=function(t,e){var i,n,a,o=t.length;for(i=0;i=0&&t0?s:1}});t.scaleService.registerScaleType("time",e,{position:"bottom",distribution:"linear",bounds:"data",time:{parser:!1,format:!1,unit:!1,round:!1,displayFormat:!1,isoWeekday:!1,minUnit:"millisecond",displayFormats:{millisecond:"h:mm:ss.SSS a",second:"h:mm:ss a",minute:"h:mm a",hour:"hA",day:"MMM D",week:"ll",month:"MMM YYYY",quarter:"[Q]Q - YYYY",year:"YYYY"}},ticks:{autoSkip:!1,source:"auto",major:{enabled:!1}}})}},{1:1,25:25,45:45}]},{},[7])(7)}); \ No newline at end of file +!function (t, e) { "object" == typeof exports && "undefined" != typeof module ? module.exports = e() : "function" == typeof define && define.amd ? define(e) : (t = "undefined" != typeof globalThis ? globalThis : t || self).Chart = e() }(this, function () { "use strict"; var s = Object.freeze({ __proto__: null, get Colors() { return nn }, get Decimation() { return ln }, get Filler() { return yn }, get Legend() { return Sn }, get SubTitle() { return On }, get Title() { return Dn }, get Tooltip() { return Nn } }); function t() { } const F = (() => { let t = 0; return () => t++ })(); function P(t) { return null == t } function O(t) { if (Array.isArray && Array.isArray(t)) return !0; const e = Object.prototype.toString.call(t); return "[object" === e.slice(0, 7) && "Array]" === e.slice(-6) } function A(t) { return null !== t && "[object Object]" === Object.prototype.toString.call(t) } function p(t) { return ("number" == typeof t || t instanceof Number) && isFinite(+t) } function g(t, e) { return p(t) ? t : e } function T(t, e) { return void 0 === t ? e : t } const V = (t, e) => "string" == typeof t && t.endsWith("%") ? parseFloat(t) / 100 : +t / e, B = (t, e) => "string" == typeof t && t.endsWith("%") ? parseFloat(t) / 100 * e : +t; function d(t, e, i) { if (t && "function" == typeof t.call) return t.apply(i, e) } function w(t, e, i, s) { let a, n, o; if (O(t)) if (n = t.length, s) for (a = n - 1; 0 <= a; a--)e.call(i, t[a], a); else for (a = 0; a < n; a++)e.call(i, t[a], a); else if (A(t)) for (o = Object.keys(t), n = o.length, a = 0; a < n; a++)e.call(i, t[o[a]], o[a]) } function N(t, e) { let i, s, a, n; if (!t || !e || t.length !== e.length) return !1; for (i = 0, s = t.length; i < s; ++i)if (a = t[i], n = e[i], a.datasetIndex !== n.datasetIndex || a.index !== n.index) return !1; return !0 } function W(e) { if (O(e)) return e.map(W); if (A(e)) { const i = Object.create(null), s = Object.keys(e), a = s.length; let t = 0; for (; t < a; ++t)i[s[t]] = W(e[s[t]]); return i } return e } function H(t) { return -1 === ["__proto__", "prototype", "constructor"].indexOf(t) } function j(t, e, i, s) { var a; H(t) && (a = e[t], i = i[t], A(a) && A(i) ? Y(a, i, s) : e[t] = W(i)) } function Y(i, t, s) { var a, e = O(t) ? t : [t], n = e.length; if (!A(i)) return i; const o = (s = s || {}).merger || j; for (let t = 0; t < n; ++t)if (A(a = e[t])) { const O = Object.keys(a); for (let t = 0, e = O.length; t < e; ++t)o(O[t], i, a, s) } return i } function $(t, e) { return Y(t, e, { merger: U }) } function U(t, e, i) { var s; H(t) && (s = e[t], i = i[t], A(s) && A(i) ? $(s, i) : Object.prototype.hasOwnProperty.call(e, t) || (e[t] = W(i))) } const X = { "": t => t, x: t => t.x, y: t => t.y }; function q(t) { const e = t.split("."), i = []; let s = ""; for (const t of e) s += t, s = s.endsWith("\\") ? s.slice(0, -1) + "." : (i.push(s), ""); return i } function m(t, e) { const i = X[e] || (X[e] = function () { const i = q(e); return t => { for (const e of i) { if ("" === e) break; t = t && t[e] } return t } }()); return i(t) } function K(t) { return t.charAt(0).toUpperCase() + t.slice(1) } const f = t => void 0 !== t, u = t => "function" == typeof t, G = (t, e) => { if (t.size !== e.size) return !1; for (const i of t) if (!e.has(i)) return !1; return !0 }; function Z(t) { return "mouseup" === t.type || "click" === t.type || "contextmenu" === t.type } const S = Math.PI, _ = 2 * S, J = _ + S, Q = Number.POSITIVE_INFINITY, tt = S / 180, D = S / 2, et = S / 4, it = 2 * S / 3, r = Math.log10, y = Math.sign; function st(t, e, i) { return Math.abs(t - e) < i } function at(t) { var e = Math.round(t), e = (t = st(t, e, t / 1e3) ? e : t, Math.pow(10, Math.floor(r(t)))), t = t / e; return (t <= 1 ? 1 : t <= 2 ? 2 : t <= 5 ? 5 : 10) * e } function nt(t) { const e = [], i = Math.sqrt(t); let s; for (s = 1; s < i; s++)t % s == 0 && (e.push(s), e.push(t / s)); return i === (0 | i) && e.push(i), e.sort((t, e) => t - e).pop(), e } function ot(t) { return !isNaN(parseFloat(t)) && isFinite(t) } function rt(t, e) { var i = Math.round(t); return i - e <= t && t <= i + e } function lt(t, e, i) { let s, a, n; for (s = 0, a = t.length; s < a; s++)n = t[s][i], isNaN(n) || (e.min = Math.min(e.min, n), e.max = Math.max(e.max, n)) } function L(t) { return t * (S / 180) } function ht(t) { return t * (180 / S) } function ct(i) { if (p(i)) { let t = 1, e = 0; for (; Math.round(i * t) / t !== i;)t *= 10, e++; return e } } function dt(t, e) { var i = e.x - t.x, e = e.y - t.y, t = Math.sqrt(i * i + e * e); let s = Math.atan2(e, i); return s < -.5 * S && (s += _), { angle: s, distance: t } } function ut(t, e) { return Math.sqrt(Math.pow(e.x - t.x, 2) + Math.pow(e.y - t.y, 2)) } function gt(t, e) { return (t - e + J) % _ - S } function v(t) { return (t % _ + _) % _ } function ft(t, e, i, s) { var t = v(t), e = v(e), i = v(i), a = v(e - t), n = v(i - t), o = v(t - e), r = v(t - i); return t === e || t === i || s && e === i || n < a && o < r } function C(t, e, i) { return Math.max(e, Math.min(i, t)) } function pt(t) { return C(t, -32768, 32767) } function c(t, e, i, s = 1e-6) { return t >= Math.min(e, i) - s && t <= Math.max(e, i) + s } function mt(e, i, t) { t = t || (t => e[t] < i); let s, a = e.length - 1, n = 0; for (; 1 < a - n;)t(s = n + a >> 1) ? n = s : a = s; return { lo: n, hi: a } } const b = (i, s, a, t) => mt(i, a, t ? t => { var e = i[t][s]; return e < a || e === a && i[t + 1][s] === a } : t => i[t][s] < a), bt = (e, i, s) => mt(e, s, t => e[t][i] >= s); function xt(t, e, i) { let s = 0, a = t.length; for (; s < a && t[s] < e;)s++; for (; a > s && t[a - 1] > i;)a--; return 0 < s || a < t.length ? t.slice(s, a) : t } const vt = ["push", "pop", "shift", "splice", "unshift"]; function _t(a, t) { a._chartjs ? a._chartjs.listeners.push(t) : (Object.defineProperty(a, "_chartjs", { configurable: !0, enumerable: !1, value: { listeners: [t] } }), vt.forEach(t => { const i = "_onData" + K(t), s = a[t]; Object.defineProperty(a, t, { configurable: !0, enumerable: !1, value(...e) { var t = s.apply(this, e); return a._chartjs.listeners.forEach(t => { "function" == typeof t[i] && t[i](...e) }), t } }) })) } function yt(e, t) { var i = e._chartjs; if (i) { const s = i.listeners, a = s.indexOf(t); -1 !== a && s.splice(a, 1), 0 < s.length || (vt.forEach(t => { delete e[t] }), delete e._chartjs) } } function Mt(t) { const e = new Set; let i, s; for (i = 0, s = t.length; i < s; ++i)e.add(t[i]); return e.size === s ? t : Array.from(e) } const wt = "undefined" == typeof window ? function (t) { return t() } : window.requestAnimationFrame; function kt(e, i) { let s, a = !1; return function (...t) { s = t, a || (a = !0, wt.call(window, () => { a = !1, e.apply(i, s) })) } } function St(e, i) { let s; return function (...t) { return i ? (clearTimeout(s), s = setTimeout(e, i, t)) : e.apply(this, t), i } } const Pt = t => "start" === t ? "left" : "end" === t ? "right" : "center", E = (t, e, i) => "start" === t ? e : "end" === t ? i : (e + i) / 2, Dt = (t, e, i, s) => t === (s ? "left" : "right") ? i : "center" === t ? (e + i) / 2 : e; function Ct(t, e, i) { var s = e.length; let a = 0, n = s; if (t._sorted) { const { iScale: o, _parsed: r } = t, l = o.axis, { min: h, max: c, minDefined: d, maxDefined: u } = o.getUserBounds(); d && (a = C(Math.min(b(r, o.axis, h).lo, i ? s : b(e, l, o.getPixelForValue(h)).lo), 0, s - 1)), n = u ? C(Math.max(b(r, o.axis, c, !0).hi + 1, i ? 0 : b(e, l, o.getPixelForValue(c), !0).hi + 1), a, s) - a : s - a } return { start: a, count: n } } function Ot(t) { var { xScale: e, yScale: i, _scaleRanges: s } = t, a = { xmin: e.min, xmax: e.max, ymin: i.min, ymax: i.max }; if (!s) return t._scaleRanges = a, !0; t = s.xmin !== e.min || s.xmax !== e.max || s.ymin !== i.min || s.ymax !== i.max; return Object.assign(s, a), t } var l = new class { constructor() { this._request = null, this._charts = new Map, this._running = !1, this._lastDate = void 0 } _notify(e, i, s, t) { const a = i.listeners[t], n = i.duration; a.forEach(t => t({ chart: e, initial: i.initial, numSteps: n, currentStep: Math.min(s - i.start, n) })) } _refresh() { this._request || (this._running = !0, this._request = wt.call(window, () => { this._update(), this._request = null, this._running && this._refresh() })) } _update(o = Date.now()) { let r = 0; this._charts.forEach((s, a) => { if (s.running && s.items.length) { const n = s.items; let t, e = n.length - 1, i = !1; for (; 0 <= e; --e)(t = n[e])._active ? (t._total > s.duration && (s.duration = t._total), t.tick(o), i = !0) : (n[e] = n[n.length - 1], n.pop()); i && (a.draw(), this._notify(a, s, o, "progress")), n.length || (s.running = !1, this._notify(a, s, o, "complete"), s.initial = !1), r += n.length } }), this._lastDate = o, 0 === r && (this._running = !1) } _getAnims(t) { const e = this._charts; let i = e.get(t); return i || (i = { running: !1, initial: !0, items: [], listeners: { complete: [], progress: [] } }, e.set(t, i)), i } listen(t, e, i) { this._getAnims(t).listeners[e].push(i) } add(t, e) { e && e.length && this._getAnims(t).items.push(...e) } has(t) { return 0 < this._getAnims(t).items.length } start(t) { const e = this._charts.get(t); e && (e.running = !0, e.start = Date.now(), e.duration = e.items.reduce((t, e) => Math.max(t, e._duration), 0), this._refresh()) } running(t) { if (!this._running) return !1; t = this._charts.get(t); return !!(t && t.running && t.items.length) } stop(e) { const i = this._charts.get(e); if (i && i.items.length) { const s = i.items; let t = s.length - 1; for (; 0 <= t; --t)s[t].cancel(); i.items = [], this._notify(e, i, Date.now(), "complete") } } remove(t) { return this._charts.delete(t) } }; function At(t) { return t + .5 | 0 } const Tt = (t, e, i) => Math.max(Math.min(t, i), e); function Lt(t) { return Tt(At(2.55 * t), 0, 255) } function Et(t) { return Tt(At(255 * t), 0, 255) } function o(t) { return Tt(At(t / 2.55) / 100, 0, 1) } function Rt(t) { return Tt(At(100 * t), 0, 100) } const n = { 0: 0, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, A: 10, B: 11, C: 12, D: 13, E: 14, F: 15, a: 10, b: 11, c: 12, d: 13, e: 14, f: 15 }, It = [..."0123456789ABCDEF"], zt = t => It[15 & t], Ft = t => It[(240 & t) >> 4] + It[15 & t], Vt = t => (240 & t) >> 4 == (15 & t); const Bt = /^(hsla?|hwb|hsv)\(\s*([-+.e\d]+)(?:deg)?[\s,]+([-+.e\d]+)%[\s,]+([-+.e\d]+)%(?:[\s,]+([-+.e\d]+)(%)?)?\s*\)$/; function Nt(i, t, s) { const a = t * Math.min(s, 1 - s), e = (t, e = (t + i / 30) % 12) => s - a * Math.max(Math.min(e - 3, 9 - e, 1), -1); return [e(0), e(8), e(4)] } function Wt(i, s, a) { i = (t, e = (t + i / 60) % 6) => a - a * s * Math.max(Math.min(e, 4 - e, 1), 0); return [i(5), i(3), i(1)] } function Ht(t, e, i) { const s = Nt(t, 1, .5); let a; for (1 < e + i && (e *= a = 1 / (e + i), i *= a), a = 0; a < 3; a++)s[a] *= 1 - e - i, s[a] += e; return s } function jt(t) { var e = t.r / 255, i = t.g / 255, t = t.b / 255, s = Math.max(e, i, t), a = Math.min(e, i, t), n = (s + a) / 2; let o, r, l; return s !== a && (l = s - a, r = .5 < n ? l / (2 - s - a) : l / (s + a), o = 60 * (o = (a = i, i = t, (t = e) === s ? (a - i) / l + (a < i ? 6 : 0) : a === s ? (i - t) / l + 2 : (t - a) / l + 4)) + .5), [0 | o, r || 0, n] } function Yt(t, e, i, s) { return (Array.isArray(e) ? t(e[0], e[1], e[2]) : t(e, i, s)).map(Et) } function $t(t, e, i) { return Yt(Nt, t, e, i) } function Ut(t) { return (t % 360 + 360) % 360 } const Xt = { x: "dark", Z: "light", Y: "re", X: "blu", W: "gr", V: "medium", U: "slate", A: "ee", T: "ol", S: "or", B: "ra", C: "lateg", D: "ights", R: "in", Q: "turquois", E: "hi", P: "ro", O: "al", N: "le", M: "de", L: "yello", F: "en", K: "ch", G: "arks", H: "ea", I: "ightg", J: "wh" }, qt = { OiceXe: "f0f8ff", antiquewEte: "faebd7", aqua: "ffff", aquamarRe: "7fffd4", azuY: "f0ffff", beige: "f5f5dc", bisque: "ffe4c4", black: "0", blanKedOmond: "ffebcd", Xe: "ff", XeviTet: "8a2be2", bPwn: "a52a2a", burlywood: "deb887", caMtXe: "5f9ea0", KartYuse: "7fff00", KocTate: "d2691e", cSO: "ff7f50", cSnflowerXe: "6495ed", cSnsilk: "fff8dc", crimson: "dc143c", cyan: "ffff", xXe: "8b", xcyan: "8b8b", xgTMnPd: "b8860b", xWay: "a9a9a9", xgYF: "6400", xgYy: "a9a9a9", xkhaki: "bdb76b", xmagFta: "8b008b", xTivegYF: "556b2f", xSange: "ff8c00", xScEd: "9932cc", xYd: "8b0000", xsOmon: "e9967a", xsHgYF: "8fbc8f", xUXe: "483d8b", xUWay: "2f4f4f", xUgYy: "2f4f4f", xQe: "ced1", xviTet: "9400d3", dAppRk: "ff1493", dApskyXe: "bfff", dimWay: "696969", dimgYy: "696969", dodgerXe: "1e90ff", fiYbrick: "b22222", flSOwEte: "fffaf0", foYstWAn: "228b22", fuKsia: "ff00ff", gaRsbSo: "dcdcdc", ghostwEte: "f8f8ff", gTd: "ffd700", gTMnPd: "daa520", Way: "808080", gYF: "8000", gYFLw: "adff2f", gYy: "808080", honeyMw: "f0fff0", hotpRk: "ff69b4", RdianYd: "cd5c5c", Rdigo: "4b0082", ivSy: "fffff0", khaki: "f0e68c", lavFMr: "e6e6fa", lavFMrXsh: "fff0f5", lawngYF: "7cfc00", NmoncEffon: "fffacd", ZXe: "add8e6", ZcSO: "f08080", Zcyan: "e0ffff", ZgTMnPdLw: "fafad2", ZWay: "d3d3d3", ZgYF: "90ee90", ZgYy: "d3d3d3", ZpRk: "ffb6c1", ZsOmon: "ffa07a", ZsHgYF: "20b2aa", ZskyXe: "87cefa", ZUWay: "778899", ZUgYy: "778899", ZstAlXe: "b0c4de", ZLw: "ffffe0", lime: "ff00", limegYF: "32cd32", lRF: "faf0e6", magFta: "ff00ff", maPon: "800000", VaquamarRe: "66cdaa", VXe: "cd", VScEd: "ba55d3", VpurpN: "9370db", VsHgYF: "3cb371", VUXe: "7b68ee", VsprRggYF: "fa9a", VQe: "48d1cc", VviTetYd: "c71585", midnightXe: "191970", mRtcYam: "f5fffa", mistyPse: "ffe4e1", moccasR: "ffe4b5", navajowEte: "ffdead", navy: "80", Tdlace: "fdf5e6", Tive: "808000", TivedBb: "6b8e23", Sange: "ffa500", SangeYd: "ff4500", ScEd: "da70d6", pOegTMnPd: "eee8aa", pOegYF: "98fb98", pOeQe: "afeeee", pOeviTetYd: "db7093", papayawEp: "ffefd5", pHKpuff: "ffdab9", peru: "cd853f", pRk: "ffc0cb", plum: "dda0dd", powMrXe: "b0e0e6", purpN: "800080", YbeccapurpN: "663399", Yd: "ff0000", Psybrown: "bc8f8f", PyOXe: "4169e1", saddNbPwn: "8b4513", sOmon: "fa8072", sandybPwn: "f4a460", sHgYF: "2e8b57", sHshell: "fff5ee", siFna: "a0522d", silver: "c0c0c0", skyXe: "87ceeb", UXe: "6a5acd", UWay: "708090", UgYy: "708090", snow: "fffafa", sprRggYF: "ff7f", stAlXe: "4682b4", tan: "d2b48c", teO: "8080", tEstN: "d8bfd8", tomato: "ff6347", Qe: "40e0d0", viTet: "ee82ee", JHt: "f5deb3", wEte: "ffffff", wEtesmoke: "f5f5f5", Lw: "ffff00", LwgYF: "9acd32" }; let Kt; const Gt = /^rgba?\(\s*([-+.\d]+)(%)?[\s,]+([-+.e\d]+)(%)?[\s,]+([-+.e\d]+)(%)?(?:[\s,/]+([-+.e\d]+)(%)?)?\s*\)$/, Zt = t => t <= .0031308 ? 12.92 * t : 1.055 * Math.pow(t, 1 / 2.4) - .055, Jt = t => t <= .04045 ? t / 12.92 : Math.pow((t + .055) / 1.055, 2.4); function Qt(e, i, s) { if (e) { let t = jt(e); t[i] = Math.max(0, Math.min(t[i] + t[i] * s, 0 === i ? 360 : 1)), t = $t(t), e.r = t[0], e.g = t[1], e.b = t[2] } } function te(t, e) { return t && Object.assign(e || {}, t) } function ee(t) { var e = { r: 0, g: 0, b: 0, a: 255 }; return Array.isArray(t) ? 3 <= t.length && (e = { r: t[0], g: t[1], b: t[2], a: 255 }, 3 < t.length && (e.a = Et(t[3]))) : (e = te(t, { r: 0, g: 0, b: 0, a: 1 })).a = Et(e.a), e } function ie(t) { return ("r" === t.charAt(0) ? function (t) { var e = Gt.exec(t); let i, s, a, n = 255; if (e) { if (e[7] !== i) { const t = +e[7]; n = e[8] ? Lt(t) : Tt(255 * t, 0, 255) } return i = +e[1], s = +e[3], a = +e[5], i = 255 & (e[2] ? Lt(i) : Tt(i, 0, 255)), s = 255 & (e[4] ? Lt(s) : Tt(s, 0, 255)), a = 255 & (e[6] ? Lt(a) : Tt(a, 0, 255)), { r: i, g: s, b: a, a: n } } } : function (t) { var e, i, s, t = Bt.exec(t); let a, n = 255; if (t) return void 0 !== t[5] && (n = (t[6] ? Lt : Et)(+t[5])), e = Ut(+t[2]), i = +t[3] / 100, s = +t[4] / 100, { r: (a = "hwb" === t[1] ? Yt(Ht, e, i, s) : "hsv" === t[1] ? Yt(Wt, e, i, s) : $t(e, i, s))[0], g: a[1], b: a[2], a: n } })(t) } class se { constructor(t) { if (t instanceof se) return t; var e, i, s = typeof t; let a; "object" == s ? a = ee(t) : "string" == s && (i = (s = t).length, "#" === s[0] && (4 === i || 5 === i ? e = { r: 255 & 17 * n[s[1]], g: 255 & 17 * n[s[2]], b: 255 & 17 * n[s[3]], a: 5 === i ? 17 * n[s[4]] : 255 } : 7 !== i && 9 !== i || (e = { r: n[s[1]] << 4 | n[s[2]], g: n[s[3]] << 4 | n[s[4]], b: n[s[5]] << 4 | n[s[6]], a: 9 === i ? n[s[7]] << 4 | n[s[8]] : 255 })), a = e || (i = t, Kt || ((Kt = function () { const t = {}, e = Object.keys(qt), i = Object.keys(Xt); let s, a, n, o, r; for (s = 0; s < e.length; s++) { for (o = r = e[s], a = 0; a < i.length; a++)n = i[a], r = r.replace(n, Xt[n]); n = parseInt(qt[o], 16), t[r] = [n >> 16 & 255, n >> 8 & 255, 255 & n] } return t }()).transparent = [0, 0, 0, 0]), (i = Kt[i.toLowerCase()]) && { r: i[0], g: i[1], b: i[2], a: 4 === i.length ? i[3] : 255 }) || ie(t)), this._rgb = a, this._valid = !!a } get valid() { return this._valid } get rgb() { var t = te(this._rgb); return t && (t.a = o(t.a)), t } set rgb(t) { this._rgb = ee(t) } rgbString() { return this._valid ? (t = this._rgb) && (t.a < 255 ? `rgba(${t.r}, ${t.g}, ${t.b}, ${o(t.a)})` : `rgb(${t.r}, ${t.g}, ${t.b})`) : void 0; var t } hexString() { return this._valid ? (t = this._rgb, e = t, e = Vt(e.r) && Vt(e.g) && Vt(e.b) && Vt(e.a) ? zt : Ft, t ? "#" + e(t.r) + e(t.g) + e(t.b) + ((t = t.a) < 255 ? e(t) : "") : void 0) : void 0; var t, e } hslString() { if (this._valid) { var t, e, i, s = this._rgb; if (s) return i = jt(s), t = i[0], e = Rt(i[1]), i = Rt(i[2]), s.a < 255 ? `hsla(${t}, ${e}%, ${i}%, ${o(s.a)})` : `hsl(${t}, ${e}%, ${i}%)` } } mix(t, e) { if (t) { const s = this.rgb, a = t.rgb; var t = void 0 === e ? .5 : e, e = 2 * t - 1, i = s.a - a.a, e = (1 + (e * i == -1 ? e : (e + i) / (1 + e * i))) / 2, i = 1 - e; s.r = 255 & e * s.r + i * a.r + .5, s.g = 255 & e * s.g + i * a.g + .5, s.b = 255 & e * s.b + i * a.b + .5, s.a = t * s.a + (1 - t) * a.a, this.rgb = s } return this } interpolate(t, e) { return t && (this._rgb = (i = this._rgb, t = t._rgb, e = e, s = Jt(o(i.r)), a = Jt(o(i.g)), n = Jt(o(i.b)), { r: Et(Zt(s + e * (Jt(o(t.r)) - s))), g: Et(Zt(a + e * (Jt(o(t.g)) - a))), b: Et(Zt(n + e * (Jt(o(t.b)) - n))), a: i.a + e * (t.a - i.a) })), this; var i, s, a, n } clone() { return new se(this.rgb) } alpha(t) { return this._rgb.a = Et(t), this } clearer(t) { return this._rgb.a *= 1 - t, this } greyscale() { const t = this._rgb, e = At(.3 * t.r + .59 * t.g + .11 * t.b); return t.r = t.g = t.b = e, this } opaquer(t) { return this._rgb.a *= 1 + t, this } negate() { const t = this._rgb; return t.r = 255 - t.r, t.g = 255 - t.g, t.b = 255 - t.b, this } lighten(t) { return Qt(this._rgb, 2, t), this } darken(t) { return Qt(this._rgb, 2, -t), this } saturate(t) { return Qt(this._rgb, 1, t), this } desaturate(t) { return Qt(this._rgb, 1, -t), this } rotate(t) { return e = this._rgb, t = t, (i = jt(e))[0] = Ut(i[0] + t), i = $t(i), e.r = i[0], e.g = i[1], e.b = i[2], this; var e, i } } function ae(t) { return !(!t || "object" != typeof t) && ("[object CanvasPattern]" === (t = t.toString()) || "[object CanvasGradient]" === t) } function ne(t) { return ae(t) ? t : new se(t) } function oe(t) { return ae(t) ? t : new se(t).saturate(.5).darken(.1).hexString() } const re = ["x", "y", "borderWidth", "radius", "tension"], le = ["color", "borderColor", "backgroundColor"], he = new Map; function ce(t, e, a) { return function (t, e) { e = a || {}; var i = t + JSON.stringify(e); let s = he.get(i); return s || (s = new Intl.NumberFormat(t, e), he.set(i, s)), s }(e).format(t) } const de = { values: t => O(t) ? t : "" + t, numeric(t, e, i) { if (0 === t) return "0"; var s = this.chart.options.locale; let a, n = t; if (1 < i.length) { const e = Math.max(Math.abs(i[0].value), Math.abs(i[i.length - 1].value)); (e < 1e-4 || 1e15 < e) && (a = "scientific"), n = function (t) { let e = 3 < i.length ? i[2].value - i[1].value : i[1].value - i[0].value; return e = 1 <= Math.abs(e) && t !== Math.floor(t) ? t - Math.floor(t) : e }(t) } var o = r(Math.abs(n)), o = Math.max(Math.min(-1 * Math.floor(o), 20), 0), o = { notation: a, minimumFractionDigits: o, maximumFractionDigits: o }; return Object.assign(o, this.options.ticks.format), ce(t, s, o) }, logarithmic(t, e, i) { if (0 === t) return "0"; var s = i[e].significand || t / Math.pow(10, Math.floor(r(t))); return [1, 2, 3, 5, 10, 15].includes(s) || e > .8 * i.length ? de.numeric.call(this, t, e, i) : "" } }; var ue = { formatters: de }; const ge = Object.create(null), fe = Object.create(null); function pe(i, t) { if (!t) return i; var s = t.split("."); for (let t = 0, e = s.length; t < e; ++t) { var a = s[t]; i = i[a] || (i[a] = Object.create(null)) } return i } function me(t, e, i) { return "string" == typeof e ? Y(pe(t, e), i) : Y(pe(t, ""), e) } var R = new class { constructor(t, e) { this.animation = void 0, this.backgroundColor = "rgba(0,0,0,0.1)", this.borderColor = "rgba(0,0,0,0.1)", this.color = "#666", this.datasets = {}, this.devicePixelRatio = t => t.chart.platform.getDevicePixelRatio(), this.elements = {}, this.events = ["mousemove", "mouseout", "click", "touchstart", "touchmove"], this.font = { family: "'Helvetica Neue', 'Helvetica', 'Arial', sans-serif", size: 12, style: "normal", lineHeight: 1.2, weight: null }, this.hover = {}, this.hoverBackgroundColor = (t, e) => oe(e.backgroundColor), this.hoverBorderColor = (t, e) => oe(e.borderColor), this.hoverColor = (t, e) => oe(e.color), this.indexAxis = "x", this.interaction = { mode: "nearest", intersect: !0, includeInvisible: !1 }, this.maintainAspectRatio = !0, this.onHover = null, this.onClick = null, this.parsing = !0, this.plugins = {}, this.responsive = !0, this.scale = void 0, this.scales = {}, this.showLine = !0, this.drawActiveElementsOnTop = !0, this.describe(t), this.apply(e) } set(t, e) { return me(this, t, e) } get(t) { return pe(this, t) } describe(t, e) { return me(fe, t, e) } override(t, e) { return me(ge, t, e) } route(t, e, i, s) { const a = pe(this, t), n = pe(this, i), o = "_" + e; Object.defineProperties(a, { [o]: { value: a[e], writable: !0 }, [e]: { enumerable: !0, get() { var t = this[o], e = n[s]; return A(t) ? Object.assign({}, e, t) : T(t, e) }, set(t) { this[o] = t } } }) } apply(t) { t.forEach(t => t(this)) } }({ _scriptable: t => !t.startsWith("on"), _indexable: t => "events" !== t, hover: { _fallback: "interaction" }, interaction: { _scriptable: !1, _indexable: !1 } }, [function (t) { t.set("animation", { delay: void 0, duration: 1e3, easing: "easeOutQuart", fn: void 0, from: void 0, loop: void 0, to: void 0, type: void 0 }), t.describe("animation", { _fallback: !1, _indexable: !1, _scriptable: t => "onProgress" !== t && "onComplete" !== t && "fn" !== t }), t.set("animations", { colors: { type: "color", properties: le }, numbers: { type: "number", properties: re } }), t.describe("animations", { _fallback: "animation" }), t.set("transitions", { active: { animation: { duration: 400 } }, resize: { animation: { duration: 0 } }, show: { animations: { colors: { from: "transparent" }, visible: { type: "boolean", duration: 0 } } }, hide: { animations: { colors: { to: "transparent" }, visible: { type: "boolean", easing: "linear", fn: t => 0 | t } } } }) }, function (t) { t.set("layout", { autoPadding: !0, padding: { top: 0, right: 0, bottom: 0, left: 0 } }) }, function (t) { t.set("scale", { display: !0, offset: !1, reverse: !1, beginAtZero: !1, bounds: "ticks", grace: 0, grid: { display: !0, lineWidth: 1, drawOnChartArea: !0, drawTicks: !0, tickLength: 8, tickWidth: (t, e) => e.lineWidth, tickColor: (t, e) => e.color, offset: !1 }, border: { display: !0, dash: [], dashOffset: 0, width: 1 }, title: { display: !1, text: "", padding: { top: 4, bottom: 4 } }, ticks: { minRotation: 0, maxRotation: 50, mirror: !1, textStrokeWidth: 0, textStrokeColor: "", padding: 3, display: !0, autoSkip: !0, autoSkipPadding: 3, labelOffset: 0, callback: ue.formatters.values, minor: {}, major: {}, align: "center", crossAlign: "near", showLabelBackdrop: !1, backdropColor: "rgba(255, 255, 255, 0.75)", backdropPadding: 2 } }), t.route("scale.ticks", "color", "", "color"), t.route("scale.grid", "color", "", "borderColor"), t.route("scale.border", "color", "", "borderColor"), t.route("scale.title", "color", "", "color"), t.describe("scale", { _fallback: !1, _scriptable: t => !t.startsWith("before") && !t.startsWith("after") && "callback" !== t && "parser" !== t, _indexable: t => "borderDash" !== t && "tickBorderDash" !== t && "dash" !== t }), t.describe("scales", { _fallback: "scale" }), t.describe("scale.ticks", { _scriptable: t => "backdropPadding" !== t && "callback" !== t, _indexable: t => "backdropPadding" !== t }) }]); function be() { return "undefined" != typeof window && "undefined" != typeof document } function xe(t) { let e = t.parentNode; return e = e && "[object ShadowRoot]" === e.toString() ? e.host : e } function ve(t, e, i) { let s; return "string" == typeof t ? (s = parseInt(t, 10), -1 !== t.indexOf("%") && (s = s / 100 * e.parentNode[i])) : s = t, s } const _e = t => t.ownerDocument.defaultView.getComputedStyle(t, null); function ye(t, e) { return _e(t).getPropertyValue(e) } const Me = ["top", "right", "bottom", "left"]; function we(e, i, s) { const a = {}; s = s ? "-" + s : ""; for (let t = 0; t < 4; t++) { var n = Me[t]; a[n] = parseFloat(e[i + "-" + n + s]) || 0 } return a.width = a.left + a.right, a.height = a.top + a.bottom, a } function ke(t, e) { if ("native" in t) return t; var { canvas: i, currentDevicePixelRatio: s } = e, a = _e(i), n = "border-box" === a.boxSizing, o = we(a, "padding"), a = we(a, "border", "width"), { x: t, y: r, box: l } = function (t, e) { var i = t.touches, i = i && i.length ? i[0] : t, { offsetX: s, offsetY: a } = i; let n, o, r = !1; if (t = t.target, !(0 < s || 0 < a) || t && t.shadowRoot) { const t = e.getBoundingClientRect(); n = i.clientX - t.left, o = i.clientY - t.top, r = !0 } else n = s, o = a; return { x: n, y: o, box: r } }(t, i), h = o.left + (l && a.left), l = o.top + (l && a.top); let { width: c, height: d } = e; return n && (c -= o.width + a.width, d -= o.height + a.height), { x: Math.round((t - h) / c * i.width / s), y: Math.round((r - l) / d * i.height / s) } } const Se = t => Math.round(10 * t) / 10; function Pe(t, e, i, s) { var a = _e(t), n = we(a, "margin"), o = ve(a.maxWidth, t, "clientWidth") || Q, r = ve(a.maxHeight, t, "clientHeight") || Q, t = function (t, e, i) { let s, a; if (void 0 === e || void 0 === i) { const n = xe(t); if (n) { const t = n.getBoundingClientRect(), o = _e(n), r = we(o, "border", "width"), l = we(o, "padding"); e = t.width - l.width - r.width, i = t.height - l.height - r.height, s = ve(o.maxWidth, n, "clientWidth"), a = ve(o.maxHeight, n, "clientHeight") } else e = t.clientWidth, i = t.clientHeight } return { width: e, height: i, maxWidth: s || Q, maxHeight: a || Q } }(t, e, i); let { width: l, height: h } = t; if ("content-box" === a.boxSizing) { const t = we(a, "border", "width"), e = we(a, "padding"); l -= e.width + t.width, h -= e.height + t.height } return l = Math.max(0, l - n.width), h = Math.max(0, s ? l / s : h - n.height), l = Se(Math.min(l, o, t.maxWidth)), h = Se(Math.min(h, r, t.maxHeight)), l && !h && (h = Se(l / 2)), (void 0 !== e || void 0 !== i) && s && t.height && h > t.height && (h = t.height, l = Se(Math.floor(h * s))), { width: l, height: h } } function De(t, e, i) { var e = e || 1, s = Math.floor(t.height * e), a = Math.floor(t.width * e); t.height = Math.floor(t.height), t.width = Math.floor(t.width); const n = t.canvas; return n.style && (i || !n.style.height && !n.style.width) && (n.style.height = t.height + "px", n.style.width = t.width + "px"), (t.currentDevicePixelRatio !== e || n.height !== s || n.width !== a) && (t.currentDevicePixelRatio = e, n.height = s, n.width = a, t.ctx.setTransform(e, 0, 0, e, 0, 0), !0) } var Ce = function () { let t = !1; try { var e = { get passive() { return !(t = !0) } }; window.addEventListener("test", null, e), window.removeEventListener("test", null, e) } catch (t) { } return t }(); function Oe(t, e) { const i = ye(t, e), s = i && i.match(/^(\d+)(\.\d+)?px$/); return s ? +s[1] : void 0 } function Ae(t) { return !t || P(t.size) || P(t.family) ? null : (t.style ? t.style + " " : "") + (t.weight ? t.weight + " " : "") + t.size + "px " + t.family } function Te(t, e, i, s, a) { let n = e[a]; return n || (n = e[a] = t.measureText(a).width, i.push(a)), s = n > s ? n : s } function Le(t, e, i, s) { let a = (s = s || {}).data = s.data || {}, n = s.garbageCollect = s.garbageCollect || [], o = (s.font !== e && (a = s.data = {}, n = s.garbageCollect = [], s.font = e), t.save(), t.font = e, 0); var r = i.length; let l, h, c, d, u; for (l = 0; l < r; l++)if (null != (d = i[l]) && !0 !== O(d)) o = Te(t, a, n, o, d); else if (O(d)) for (h = 0, c = d.length; h < c; h++)null == (u = d[h]) || O(u) || (o = Te(t, a, n, o, u)); t.restore(); var g = n.length / 2; if (g > i.length) { for (l = 0; l < g; l++)delete a[n[l]]; n.splice(0, g) } return o } function Ee(t, e, i) { t = t.currentDevicePixelRatio, i = 0 !== i ? Math.max(i / 2, .5) : 0; return Math.round((e - i) * t) / t + i } function Re(t, e) { (e = e || t.getContext("2d")).save(), e.resetTransform(), e.clearRect(0, 0, t.width, t.height), e.restore() } function Ie(t, e, i, s) { ze(t, e, i, s, null) } function ze(t, e, i, s, a) { let n, o, r, l, h, c, d, u; const g = e.pointStyle, f = e.rotation, p = e.radius; let m = (f || 0) * tt; if (g && "object" == typeof g && ("[object HTMLImageElement]" === (n = g.toString()) || "[object HTMLCanvasElement]" === n)) return t.save(), t.translate(i, s), t.rotate(m), t.drawImage(g, -g.width / 2, -g.height / 2, g.width, g.height), void t.restore(); if (!(isNaN(p) || p <= 0)) { switch (t.beginPath(), g) { default: a ? t.ellipse(i, s, a / 2, p, 0, 0, _) : t.arc(i, s, p, 0, _), t.closePath(); break; case "triangle": c = a ? a / 2 : p, t.moveTo(i + Math.sin(m) * c, s - Math.cos(m) * p), m += it, t.lineTo(i + Math.sin(m) * c, s - Math.cos(m) * p), m += it, t.lineTo(i + Math.sin(m) * c, s - Math.cos(m) * p), t.closePath(); break; case "rectRounded": h = .516 * p, l = p - h, o = Math.cos(m + et) * l, d = Math.cos(m + et) * (a ? a / 2 - h : l), r = Math.sin(m + et) * l, u = Math.sin(m + et) * (a ? a / 2 - h : l), t.arc(i - d, s - r, h, m - S, m - D), t.arc(i + u, s - o, h, m - D, m), t.arc(i + d, s + r, h, m, m + D), t.arc(i - u, s + o, h, m + D, m + S), t.closePath(); break; case "rect": if (!f) { l = Math.SQRT1_2 * p, c = a ? a / 2 : l, t.rect(i - c, s - l, 2 * c, 2 * l); break } m += et; case "rectRot": d = Math.cos(m) * (a ? a / 2 : p), o = Math.cos(m) * p, r = Math.sin(m) * p, u = Math.sin(m) * (a ? a / 2 : p), t.moveTo(i - d, s - r), t.lineTo(i + u, s - o), t.lineTo(i + d, s + r), t.lineTo(i - u, s + o), t.closePath(); break; case "crossRot": m += et; case "cross": d = Math.cos(m) * (a ? a / 2 : p), o = Math.cos(m) * p, r = Math.sin(m) * p, u = Math.sin(m) * (a ? a / 2 : p), t.moveTo(i - d, s - r), t.lineTo(i + d, s + r), t.moveTo(i + u, s - o), t.lineTo(i - u, s + o); break; case "star": d = Math.cos(m) * (a ? a / 2 : p), o = Math.cos(m) * p, r = Math.sin(m) * p, u = Math.sin(m) * (a ? a / 2 : p), t.moveTo(i - d, s - r), t.lineTo(i + d, s + r), t.moveTo(i + u, s - o), t.lineTo(i - u, s + o), m += et, d = Math.cos(m) * (a ? a / 2 : p), o = Math.cos(m) * p, r = Math.sin(m) * p, u = Math.sin(m) * (a ? a / 2 : p), t.moveTo(i - d, s - r), t.lineTo(i + d, s + r), t.moveTo(i + u, s - o), t.lineTo(i - u, s + o); break; case "line": o = a ? a / 2 : Math.cos(m) * p, r = Math.sin(m) * p, t.moveTo(i - o, s - r), t.lineTo(i + o, s + r); break; case "dash": t.moveTo(i, s), t.lineTo(i + Math.cos(m) * (a ? a / 2 : p), s + Math.sin(m) * p); break; case !1: t.closePath() }t.fill(), 0 < e.borderWidth && t.stroke() } } function Fe(t, e, i) { return i = i || .5, !e || t && t.x > e.left - i && t.x < e.right + i && t.y > e.top - i && t.y < e.bottom + i } function Ve(t, e) { t.save(), t.beginPath(), t.rect(e.left, e.top, e.right - e.left, e.bottom - e.top), t.clip() } function Be(t) { t.restore() } function Ne(t, e, i, s, a) { if (!e) return t.lineTo(i.x, i.y); if ("middle" === a) { const s = (e.x + i.x) / 2; t.lineTo(s, e.y), t.lineTo(s, i.y) } else "after" === a != !!s ? t.lineTo(e.x, i.y) : t.lineTo(i.x, e.y); t.lineTo(i.x, i.y) } function We(t, e, i, s) { if (!e) return t.lineTo(i.x, i.y); t.bezierCurveTo(s ? e.cp1x : e.cp2x, s ? e.cp1y : e.cp2y, s ? i.cp2x : i.cp1x, s ? i.cp2y : i.cp1y, i.x, i.y) } function He(t, e, i, s, a, n = {}) { var o, r, l, h = O(e) ? e : [e], c = 0 < n.strokeWidth && "" !== n.strokeColor; let d, u; for (t.save(), t.font = a.string, e = t, (l = n).translation && e.translate(l.translation[0], l.translation[1]), P(l.rotation) || e.rotate(l.rotation), l.color && (e.fillStyle = l.color), l.textAlign && (e.textAlign = l.textAlign), l.textBaseline && (e.textBaseline = l.textBaseline), d = 0; d < h.length; ++d) { u = h[d], n.backdrop && (f = t, g = n.backdrop, p = void 0, p = f.fillStyle, f.fillStyle = g.color, f.fillRect(g.left, g.top, g.width, g.height), f.fillStyle = p), c && (n.strokeColor && (t.strokeStyle = n.strokeColor), P(n.strokeWidth) || (t.lineWidth = n.strokeWidth), t.strokeText(u, i, s, n.maxWidth)), t.fillText(u, i, s, n.maxWidth); { g = void 0; f = void 0; p = void 0; m = void 0; b = void 0; m = void 0; o = void 0; f = void 0; r = void 0; p = void 0; m = void 0; var g = t; var f = i; var p = s; var m = u; var b = n; (b.strikethrough || b.underline) && (m = g.measureText(m), o = f - m.actualBoundingBoxLeft, f = f + m.actualBoundingBoxRight, r = p - m.actualBoundingBoxAscent, p = p + m.actualBoundingBoxDescent, m = b.strikethrough ? (r + p) / 2 : p, g.strokeStyle = g.fillStyle, g.beginPath(), g.lineWidth = b.decorationWidth || 2, g.moveTo(o, m), g.lineTo(f, m), g.stroke()) } s += a.lineHeight } t.restore() } function je(t, e) { var { x: e, y: i, w: s, h: a, radius: n } = e; t.arc(e + n.topLeft, i + n.topLeft, n.topLeft, -D, S, !0), t.lineTo(e, i + a - n.bottomLeft), t.arc(e + n.bottomLeft, i + a - n.bottomLeft, n.bottomLeft, S, D, !0), t.lineTo(e + s - n.bottomRight, i + a), t.arc(e + s - n.bottomRight, i + a - n.bottomRight, n.bottomRight, D, 0, !0), t.lineTo(e + s, i + n.topRight), t.arc(e + s - n.topRight, i + n.topRight, n.topRight, 0, -D, !0), t.lineTo(e + n.topLeft, i) } function Ye(r, l = [""], e = r, i, a = () => r[0]) { f(i) || (i = ti("_fallback", r)); var t = { [Symbol.toStringTag]: "Object", _cacheable: !0, _scopes: r, _rootScopes: e, _fallback: i, _getTarget: a, override: t => Ye([t, ...r], l, e, i) }; return new Proxy(t, { deleteProperty: (t, e) => (delete t[e], delete t._keys, delete r[0][e], !0), get: (n, o) => Ke(n, o, () => { var t, e = o, i = r, s = n; for (const a of l) if (t = ti(Xe(a, e), i), f(t)) return qe(e, t) ? Je(i, s, e, t) : t }), getOwnPropertyDescriptor: (t, e) => Reflect.getOwnPropertyDescriptor(t._scopes[0], e), getPrototypeOf: () => Reflect.getPrototypeOf(r[0]), has: (t, e) => ei(t).includes(e), ownKeys: t => ei(t), set(t, e, i) { const s = t._storage || (t._storage = a()); return t[e] = s[e] = i, delete t._keys, !0 } }) } function $e(s, e, i, a) { var t = { _cacheable: !1, _proxy: s, _context: e, _subProxy: i, _stack: new Set, _descriptors: Ue(s, a), setContext: t => $e(s, t, i, a), override: t => $e(s.override(t), e, i, a) }; return new Proxy(t, { deleteProperty: (t, e) => (delete t[e], delete s[e], !0), get: (l, h, c) => Ke(l, h, () => { { var r = l, e = h, i = c; const { _proxy: s, _context: a, _subProxy: n, _descriptors: o } = r; let t = s[e]; return O(t = u(t) && o.isScriptable(e) ? function (t, e, i) { const { _proxy: s, _context: a, _subProxy: n, _stack: o } = r; if (o.has(t)) throw new Error("Recursion detected: " + Array.from(o).join("->") + "->" + t); return o.add(t), e = e(a, n || i), o.delete(t), e = qe(t, e) ? Je(s._scopes, s, t, e) : e }(e, t, i) : t) && t.length && (t = function (t, e, i, s) { const { _proxy: a, _context: n, _subProxy: o, _descriptors: r } = i; if (f(n.index) && s(t)) e = e[n.index % e.length]; else if (A(e[0])) { const i = e, s = a._scopes.filter(t => t !== i); e = []; for (const A of i) { const i = Je(s, a, t, A); e.push($e(i, n, o && o[t], r)) } } return e }(e, t, r, o.isIndexable)), t = qe(e, t) ? $e(t, a, n && n[e], o) : t } }), getOwnPropertyDescriptor: (t, e) => t._descriptors.allKeys ? Reflect.has(s, e) ? { enumerable: !0, configurable: !0 } : void 0 : Reflect.getOwnPropertyDescriptor(s, e), getPrototypeOf: () => Reflect.getPrototypeOf(s), has: (t, e) => Reflect.has(s, e), ownKeys: () => Reflect.ownKeys(s), set: (t, e, i) => (s[e] = i, delete t[e], !0) }) } function Ue(t, e = { scriptable: !0, indexable: !0 }) { const { _scriptable: i = e.scriptable, _indexable: s = e.indexable, _allKeys: a = e.allKeys } = t; return { allKeys: a, scriptable: i, indexable: s, isScriptable: u(i) ? i : () => i, isIndexable: u(s) ? s : () => s } } const Xe = (t, e) => t ? t + K(e) : e, qe = (t, e) => A(e) && "adapters" !== t && (null === Object.getPrototypeOf(e) || e.constructor === Object); function Ke(t, e, i) { if (Object.prototype.hasOwnProperty.call(t, e)) return t[e]; i = i(); return t[e] = i } function Ge(t, e, i) { return u(t) ? t(e, i) : t } function Ze(t, e, i, s, a) { for (const r of e) { n = i, o = r; const e = !0 === n ? o : "string" == typeof n ? m(o, n) : void 0; if (e) { t.add(e); o = Ge(e._fallback, i, a); if (f(o) && o !== i && o !== s) return o } else if (!1 === e && f(s) && i !== s) return null } var n, o; return !1 } function Je(t, s, a, n) { const e = s._rootScopes, i = Ge(s._fallback, a, n), o = [...t, ...e], r = new Set; r.add(n); t = Qe(r, o, a, i || a, n); return null !== t && (!f(i) || i === a || null !== Qe(r, o, i, t, n)) && Ye(Array.from(r), [""], e, i, () => { { var t = a, e = n; const i = s._getTarget(); return t in i || (i[t] = {}), O(t = i[t]) && A(e) ? e : t || {} } }) } function Qe(t, e, i, s, a) { for (; i;)i = Ze(t, e, i, s, a); return i } function ti(t, e) { for (const i of e) if (i) { const e = i[t]; if (f(e)) return e } } function ei(t) { let e = t._keys; return e = e || (t._keys = function (t) { const e = new Set; for (const i of t) for (const t of Object.keys(i).filter(t => !t.startsWith("_"))) e.add(t); return Array.from(e) }(t._scopes)) } function ii(t, e, i, s) { const a = t["iScale"], { key: n = "r" } = this._parsing, o = new Array(s); let r, l, h, c; for (r = 0, l = s; r < l; ++r)c = e[h = r + i], o[r] = { r: a.parse(m(c, n), h) }; return o } const si = Number.EPSILON || 1e-14, ai = (t, e) => e < t.length && !t[e].skip && t[e], ni = t => "x" === t ? "y" : "x"; function oi(t, e, i, s) { var t = t.skip ? e : t, a = e, e = i.skip ? e : i, i = ut(a, t), n = ut(e, a); let o = i / (i + n), r = n / (i + n); o = isNaN(o) ? 0 : o, r = isNaN(r) ? 0 : r; i = s * o, n = s * r; return { previous: { x: a.x - i * (e.x - t.x), y: a.y - i * (e.y - t.y) }, next: { x: a.x + n * (e.x - t.x), y: a.y + n * (e.y - t.y) } } } function ri(t, n = "x") { const e = ni(n), i = t.length, r = Array(i).fill(0), l = Array(i); let s, a, o, h = ai(t, 0); for (s = 0; s < i; ++s)if (a = o, o = h, h = ai(t, s + 1), o) { if (h) { const t = h[n] - o[n]; r[s] = 0 != t ? (h[e] - o[e]) / t : 0 } l[s] = a ? h ? y(r[s - 1]) !== y(r[s]) ? 0 : (r[s - 1] + r[s]) / 2 : r[s - 1] : r[s] } { var c = t, d = r, u = l, g = c.length; let e, i, s, a, n, o = ai(c, 0); for (let t = 0; t < g - 1; ++t)n = o, o = ai(c, t + 1), n && o && (st(d[t], 0, si) ? u[t] = u[t + 1] = 0 : (e = u[t] / d[t], i = u[t + 1] / d[t], (a = Math.pow(e, 2) + Math.pow(i, 2)) <= 9 || (s = 3 / Math.sqrt(a), u[t] = e * s * d[t], u[t + 1] = i * s * d[t]))) } { var [f, p, m = "x"] = [t, l, n]; const b = ni(m), x = f.length; let e, i, s, a = ai(f, 0); for (let t = 0; t < x; ++t)if (i = s, s = a, a = ai(f, t + 1), s) { const x = s[m], v = s[b]; i && (e = (x - i[m]) / 3, s["cp1" + m] = x - e, s["cp1" + b] = v - e * p[t]), a && (e = (a[m] - x) / 3, s["cp2" + m] = x + e, s["cp2" + b] = v + e * p[t]) } return } } function li(t, e, i) { return Math.max(Math.min(t, i), e) } function hi(o, e, r, i, t) { let s, a, n, l; if (e.spanGaps && (o = o.filter(t => !t.skip)), "monotone" === e.cubicInterpolationMode) ri(o, t); else { let t = i ? o[o.length - 1] : o[0]; for (s = 0, a = o.length; s < a; ++s)n = o[s], l = oi(t, n, o[Math.min(s + 1, a - (i ? 0 : 1)) % a], e.tension), n.cp1x = l.previous.x, n.cp1y = l.previous.y, n.cp2x = l.next.x, n.cp2y = l.next.y, t = n } if (e.capBezierPoints) { var h = o, c = r; let t, e, i, s, a, n = Fe(h[0], c); for (t = 0, e = h.length; t < e; ++t)a = s, s = n, n = t < e - 1 && Fe(h[t + 1], c), s && (i = h[t], a && (i.cp1x = li(i.cp1x, c.left, c.right), i.cp1y = li(i.cp1y, c.top, c.bottom)), n && (i.cp2x = li(i.cp2x, c.left, c.right), i.cp2y = li(i.cp2y, c.top, c.bottom))) } } const ci = t => 0 === t || 1 === t, di = (t, e, i) => -Math.pow(2, 10 * --t) * Math.sin((t - e) * _ / i), ui = (t, e, i) => Math.pow(2, -10 * t) * Math.sin((t - e) * _ / i) + 1, gi = { linear: t => t, easeInQuad: t => t * t, easeOutQuad: t => -t * (t - 2), easeInOutQuad: t => (t /= .5) < 1 ? .5 * t * t : -.5 * (--t * (t - 2) - 1), easeInCubic: t => t * t * t, easeOutCubic: t => --t * t * t + 1, easeInOutCubic: t => (t /= .5) < 1 ? .5 * t * t * t : .5 * ((t -= 2) * t * t + 2), easeInQuart: t => t * t * t * t, easeOutQuart: t => -(--t * t * t * t - 1), easeInOutQuart: t => (t /= .5) < 1 ? .5 * t * t * t * t : -.5 * ((t -= 2) * t * t * t - 2), easeInQuint: t => t * t * t * t * t, easeOutQuint: t => --t * t * t * t * t + 1, easeInOutQuint: t => (t /= .5) < 1 ? .5 * t * t * t * t * t : .5 * ((t -= 2) * t * t * t * t + 2), easeInSine: t => 1 - Math.cos(t * D), easeOutSine: t => Math.sin(t * D), easeInOutSine: t => -.5 * (Math.cos(S * t) - 1), easeInExpo: t => 0 === t ? 0 : Math.pow(2, 10 * (t - 1)), easeOutExpo: t => 1 === t ? 1 : 1 - Math.pow(2, -10 * t), easeInOutExpo: t => ci(t) ? t : t < .5 ? .5 * Math.pow(2, 10 * (2 * t - 1)) : .5 * (2 - Math.pow(2, -10 * (2 * t - 1))), easeInCirc: t => 1 <= t ? t : -(Math.sqrt(1 - t * t) - 1), easeOutCirc: t => Math.sqrt(1 - --t * t), easeInOutCirc: t => (t /= .5) < 1 ? -.5 * (Math.sqrt(1 - t * t) - 1) : .5 * (Math.sqrt(1 - (t -= 2) * t) + 1), easeInElastic: t => ci(t) ? t : di(t, .075, .3), easeOutElastic: t => ci(t) ? t : ui(t, .075, .3), easeInOutElastic(t) { return ci(t) ? t : t < .5 ? .5 * di(2 * t, .1125, .45) : .5 + .5 * ui(2 * t - 1, .1125, .45) }, easeInBack(t) { return t * t * (2.70158 * t - 1.70158) }, easeOutBack(t) { return --t * t * (2.70158 * t + 1.70158) + 1 }, easeInOutBack(t) { let e = 1.70158; return (t /= .5) < 1 ? t * t * ((1 + (e *= 1.525)) * t - e) * .5 : .5 * ((t -= 2) * t * ((1 + (e *= 1.525)) * t + e) + 2) }, easeInBounce: t => 1 - gi.easeOutBounce(1 - t), easeOutBounce(t) { var e = 7.5625, i = 2.75; return t < 1 / i ? e * t * t : t < 2 / i ? e * (t -= 1.5 / i) * t + .75 : t < 2.5 / i ? e * (t -= 2.25 / i) * t + .9375 : e * (t -= 2.625 / i) * t + .984375 }, easeInOutBounce: t => t < .5 ? .5 * gi.easeInBounce(2 * t) : .5 * gi.easeOutBounce(2 * t - 1) + .5 }; function fi(t, e, i, s) { return { x: t.x + i * (e.x - t.x), y: t.y + i * (e.y - t.y) } } function pi(t, e, i, s) { return { x: t.x + i * (e.x - t.x), y: ("middle" === s ? i < .5 ? t : e : "after" === s ? i < 1 ? t : e : 0 < i ? e : t).y } } function mi(t, e, i, s) { var a = { x: t.cp2x, y: t.cp2y }, n = { x: e.cp1x, y: e.cp1y }, t = fi(t, a, i), a = fi(a, n, i), n = fi(n, e, i), e = fi(t, a, i), t = fi(a, n, i); return fi(e, t, i) } const bi = /^(normal|(\d+(?:\.\d+)?)(px|em|%)?)$/, xi = /^(normal|italic|initial|inherit|unset|(oblique( -?[0-9]?[0-9]deg)?))$/; function vi(t, e) { var i = ("" + t).match(bi); if (!i || "normal" === i[1]) return 1.2 * e; switch (t = +i[2], i[3]) { case "px": return t; case "%": t /= 100 }return e * t } function _i(e, i) { const t = {}, s = A(i), a = s ? Object.keys(i) : i, n = A(e) ? s ? t => T(e[t], e[i[t]]) : t => e[t] : () => e; for (const e of a) t[e] = +n(e) || 0; return t } function yi(t) { return _i(t, { top: "y", right: "x", bottom: "y", left: "x" }) } function Mi(t) { return _i(t, ["topLeft", "topRight", "bottomLeft", "bottomRight"]) } function I(t) { const e = yi(t); return e.width = e.left + e.right, e.height = e.top + e.bottom, e } function z(t, e) { e = e || R.font; let i = T((t = t || {}).size, e.size), s = ("string" == typeof i && (i = parseInt(i, 10)), T(t.style, e.style)); s && !("" + s).match(xi) && (console.warn('Invalid font style specified: "' + s + '"'), s = void 0); const a = { family: T(t.family, e.family), lineHeight: vi(T(t.lineHeight, e.lineHeight), i), size: i, style: s, weight: T(t.weight, e.weight), string: "" }; return a.string = Ae(a), a } function wi(t, e, i, s) { let a, n, o, r = !0; for (a = 0, n = t.length; a < n; ++a)if (void 0 !== (o = t[a]) && (void 0 !== e && "function" == typeof o && (o = o(e), r = !1), void 0 !== i && O(o) && (o = o[i % o.length], r = !1), void 0 !== o)) return s && !r && (s.cacheable = !1), o } function ki(t, e, i) { var { min: t, max: s } = t, e = B(e, (s - t) / 2), a = (t, e) => i && 0 === t ? 0 : t + e; return { min: a(t, -Math.abs(e)), max: a(s, e) } } function Si(t, e) { return Object.assign(Object.create(t), e) } function Pi(t, e, i) { return t ? (s = e, a = i, { x: t => s + s + a - t, setWidth(t) { a = t }, textAlign: t => "center" === t ? t : "right" === t ? "left" : "right", xPlus: (t, e) => t - e, leftForLtr: (t, e) => t - e }) : { x: t => t, setWidth(t) { }, textAlign: t => t, xPlus: (t, e) => t + e, leftForLtr: (t, e) => t }; var s, a } function Di(t, e) { let i, s; "ltr" !== e && "rtl" !== e || (s = [(i = t.canvas.style).getPropertyValue("direction"), i.getPropertyPriority("direction")], i.setProperty("direction", e, "important"), t.prevTextDirection = s) } function Ci(t, e) { void 0 !== e && (delete t.prevTextDirection, t.canvas.style.setProperty("direction", e[0], e[1])) } function Oi(t) { return "angle" === t ? { between: ft, compare: gt, normalize: v } : { between: c, compare: (t, e) => t - e, normalize: t => t } } function Ai({ start: t, end: e, count: i, loop: s, style: a }) { return { start: t % i, end: e % i, loop: s && (e - t + 1) % i == 0, style: a } } function Ti(t, i, g) { if (!g) return [t]; const { property: s, start: a, end: n } = g, o = i.length, { compare: r, between: l, normalize: h } = Oi(s), { start: c, end: d, loop: u, style: f } = function (t, e) { const { property: i, start: s, end: a } = g, { between: n, normalize: o } = Oi(i), r = e.length; let l, h, { start: c, end: d, loop: u } = t; if (u) { for (c += r, d += r, l = 0, h = r; l < h && n(o(e[c % r][i]), s, a); ++l)c--, d--; c %= r, d %= r } return d < c && (d += r), { start: c, end: d, loop: u, style: t.style } }(t, i), p = []; let m, b, x, v, _ = null; for (let t = c, e = c; t <= d; ++t)(b = i[t % o]).skip || (m = h(b[s])) !== x && (v = l(m, a, n), null === (_ = null === _ && (v || l(a, x, m) && 0 !== r(a, x)) ? 0 === r(m, a) ? t : e : _) || v && 0 !== r(n, m) && !l(n, x, m) || (p.push(Ai({ start: _, end: t, loop: u, count: o, style: f })), _ = null), e = t, x = m); return null !== _ && p.push(Ai({ start: _, end: d, loop: u, count: o, style: f })), p } function Li(e, i) { const s = [], a = e.segments; for (let t = 0; t < a.length; t++) { var n = Ti(a[t], e.points, i); n.length && s.push(...n) } return s } function Ei(t, e) { var i = t.points, n = t.options.spanGaps, s = i.length; if (!s) return []; var a = !!t._loop, { start: o, end: r } = function (t, e, i) { let s = 0, a = e - 1; if (i && !n) for (; s < e && !t[s].skip;)s++; for (; s < e && t[s].skip;)s++; for (s %= e, i && (a += s); a > s && t[a % e].skip;)a--; return a %= e, { start: s, end: a } }(i, s, a); return Ri(t, !0 === n ? [{ start: o, end: r, loop: a }] : function (t, e, i, s) { const a = t.length, n = []; let o, r = e, l = t[e]; for (o = e + 1; o <= i; ++o) { const i = t[o % a]; i.skip || i.stop ? l.skip || (s = !1, n.push({ start: e % a, end: (o - 1) % a, loop: s }), e = r = i.stop ? o : null) : (r = o, l.skip && (e = o)), l = i } return null !== r && n.push({ start: e % a, end: r % a, loop: s }), n }(i, o, r < o ? r + s : r, !!t._fullLoop && 0 === o && r === s - 1), i, e) } function Ri(t, e, s, a) { if (a && a.setContext && s) { var r, l, h = t, t = e, c = s, d = a; const g = h._chart.getContext(), f = Ii(h.options), { _datasetIndex: p, options: { spanGaps: m } } = h, b = c.length, x = []; let n = f, o = t[0].start, i = o; function u(t, e, i, s) { var a = m ? -1 : 1; if (t !== e) { for (t += b; c[t % b].skip;)t -= a; for (; c[e % b].skip;)e += a; t % b != e % b && (x.push({ start: t % b, end: e % b, loop: i, style: s }), n = s, o = e % b) } } for (const h of t) { o = m ? o : h.start; let t, e = c[o % b]; for (i = o + 1; i <= h.end; i++) { const m = c[i % b]; t = Ii(d.setContext(Si(g, { type: "segment", p0: e, p1: m, p0DataIndex: (i - 1) % b, p1DataIndex: i % b, datasetIndex: p }))), r = t, (l = n) && JSON.stringify(r) !== JSON.stringify(l) && u(o, i - 1, h.loop, n), e = m, n = t } o < i - 1 && u(o, i - 1, h.loop, n) } return x } return e } function Ii(t) { return { backgroundColor: t.backgroundColor, borderCapStyle: t.borderCapStyle, borderDash: t.borderDash, borderDashOffset: t.borderDashOffset, borderJoinStyle: t.borderJoinStyle, borderWidth: t.borderWidth, borderColor: t.borderColor } } var zi = Object.freeze({ __proto__: null, easingEffects: gi, isPatternOrGradient: ae, color: ne, getHoverColor: oe, noop: t, uid: F, isNullOrUndef: P, isArray: O, isObject: A, isFinite: p, finiteOrDefault: g, valueOrDefault: T, toPercentage: V, toDimension: B, callback: d, each: w, _elementsEqual: N, clone: W, _merger: j, merge: Y, mergeIf: $, _mergerIf: U, _deprecated: function (t, e, i, s) { void 0 !== e && console.warn(t + ': "' + i + '" is deprecated. Please use "' + s + '" instead') }, _splitKey: q, resolveObjectKey: m, _capitalize: K, defined: f, isFunction: u, setsEqual: G, _isClickEvent: Z, toFontString: Ae, _measureText: Te, _longestText: Le, _alignPixel: Ee, clearCanvas: Re, drawPoint: Ie, drawPointLegend: ze, _isPointInArea: Fe, clipArea: Ve, unclipArea: Be, _steppedLineTo: Ne, _bezierCurveTo: We, renderText: He, addRoundedRectPath: je, _lookup: mt, _lookupByKey: b, _rlookupByKey: bt, _filterBetween: xt, listenArrayEvents: _t, unlistenArrayEvents: yt, _arrayUnique: Mt, _createResolver: Ye, _attachContext: $e, _descriptors: Ue, _parseObjectDataRadialScale: ii, splineCurve: oi, splineCurveMonotone: ri, _updateBezierControlPoints: hi, _isDomSupported: be, _getParentNode: xe, getStyle: ye, getRelativePosition: ke, getMaximumSize: Pe, retinaScale: De, supportsEventListenerOptions: Ce, readUsedSize: Oe, fontString: function (t, e, i) { return e + " " + t + "px " + i }, requestAnimFrame: wt, throttled: kt, debounce: St, _toLeftRightCenter: Pt, _alignStartEnd: E, _textX: Dt, _getStartAndCountOfVisiblePoints: Ct, _scaleRangesChanged: Ot, _pointInLine: fi, _steppedInterpolation: pi, _bezierInterpolation: mi, formatNumber: ce, toLineHeight: vi, _readValueToProps: _i, toTRBL: yi, toTRBLCorners: Mi, toPadding: I, toFont: z, resolve: wi, _addGrace: ki, createContext: Si, PI: S, TAU: _, PITAU: J, INFINITY: Q, RAD_PER_DEG: tt, HALF_PI: D, QUARTER_PI: et, TWO_THIRDS_PI: it, log10: r, sign: y, almostEquals: st, niceNum: at, _factorize: nt, isNumber: ot, almostWhole: rt, _setMinAndMaxByKey: lt, toRadians: L, toDegrees: ht, _decimalPlaces: ct, getAngleFromPoint: dt, distanceBetweenPoints: ut, _angleDiff: gt, _normalizeAngle: v, _angleBetween: ft, _limitValue: C, _int16Range: pt, _isBetween: c, getRtlAdapter: Pi, overrideTextDirection: Di, restoreTextDirection: Ci, _boundSegment: Ti, _boundSegments: Li, _computeSegments: Ei }); function Fi(t, i, s, a, n) { var o = t.getSortedVisibleDatasetMetas(), r = s[i]; for (let t = 0, e = o.length; t < e; ++t) { const { index: s, data: l } = o[t], { lo: h, hi: c } = function (t, e, i, s) { const { controller: a, data: n, _sorted: o } = t, r = a._cachedMeta.iScale; if (r && e === r.axis && "r" !== e && o && n.length) { const t = r._reversePixels ? bt : b; if (!s) return t(n, e, i); if (a._sharedOptions) { const s = n[0], a = "function" == typeof s.getRange && s.getRange(e); if (a) { const s = t(n, e, i - a), o = t(n, e, i + a); return { lo: s.lo, hi: o.hi } } } } return { lo: 0, hi: n.length - 1 } }(o[t], i, r, n); for (let t = h; t <= c; ++t) { const i = l[t]; i.skip || a(i, s, t) } } } function Vi(s, a, t, n, o) { const r = []; return (o || s.isPointInArea(a)) && Fi(s, t, a, function (t, e, i) { (o || Fe(t, s.chartArea, 0)) && t.inRange(a.x, a.y, n) && r.push({ element: t, datasetIndex: e, index: i }) }, !0), r } function Bi(t, e, i, s, a, r) { { if (r || t.isPointInArea(e)) { if ("r" !== i || s) { var l = t, h = e, c = i, d = s, u = a, g = r; let n = []; const m = function (t) { const s = -1 !== t.indexOf("x"), a = -1 !== t.indexOf("y"); return function (t, e) { var i = s ? Math.abs(t.x - e.x) : 0, t = a ? Math.abs(t.y - e.y) : 0; return Math.sqrt(Math.pow(i, 2) + Math.pow(t, 2)) } }(c); let o = Number.POSITIVE_INFINITY; return Fi(l, c, h, function (t, e, i) { var s, a = t.inRange(h.x, h.y, u); d && !a || (s = t.getCenterPoint(u), (g || l.isPointInArea(s) || a) && ((a = m(h, s)) < o ? (n = [{ element: t, datasetIndex: e, index: i }], o = a) : a === o && n.push({ element: t, datasetIndex: e, index: i }))) }), n } { var f = e, p = a; let o = []; return Fi(t, i, f, function (t, e, i) { var { startAngle: s, endAngle: a } = t.getProps(["startAngle", "endAngle"], p), n = dt(t, { x: f.x, y: f.y })["angle"]; ft(n, s, a) && o.push({ element: t, datasetIndex: e, index: i }) }), o } } return [] } } function Ni(t, s, a, e, n) { const o = [], r = "x" === a ? "inXRange" : "inYRange"; let l = !1; return Fi(t, a, s, (t, e, i) => { t[r](s[a], n) && (o.push({ element: t, datasetIndex: e, index: i }), l = l || t.inRange(s.x, s.y, n)) }), e && !l ? [] : o } var Wi = { evaluateInteractionItems: Fi, modes: { index(t, e, i, s) { const a = ke(e, t), n = i.axis || "x", o = i.includeInvisible || !1, r = i.intersect ? Vi(t, a, n, s, o) : Bi(t, a, n, !1, s, o), l = []; return r.length ? (t.getSortedVisibleDatasetMetas().forEach(t => { var e = r[0].index, i = t.data[e]; i && !i.skip && l.push({ element: i, datasetIndex: t.index, index: e }) }), l) : [] }, dataset(t, e, i, s) { var e = ke(e, t), a = i.axis || "xy", n = i.includeInvisible || !1; let o = i.intersect ? Vi(t, e, a, s, n) : Bi(t, e, a, !1, s, n); if (0 < o.length) { const e = o[0].datasetIndex, i = t.getDatasetMeta(e).data; o = []; for (let t = 0; t < i.length; ++t)o.push({ element: i[t], datasetIndex: e, index: t }) } return o }, point: (t, e, i, s) => Vi(t, ke(e, t), i.axis || "xy", s, i.includeInvisible || !1), nearest(t, e, i, s) { var e = ke(e, t), a = i.axis || "xy", n = i.includeInvisible || !1; return Bi(t, e, a, i.intersect, s, n) }, x: (t, e, i, s) => Ni(t, ke(e, t), "x", i.intersect, s), y: (t, e, i, s) => Ni(t, ke(e, t), "y", i.intersect, s) } }; const Hi = ["left", "top", "right", "bottom"]; function ji(t, e) { return t.filter(t => t.pos === e) } function Yi(t, e) { return t.filter(t => -1 === Hi.indexOf(t.pos) && t.box.axis === e) } function $i(t, s) { return t.sort((t, e) => { var i = s ? e : t, t = s ? t : e; return i.weight === t.weight ? i.index - t.index : i.weight - t.weight }) } function Ui(t, e, i, s) { return Math.max(t[i], e[i]) + Math.max(t[s], e[s]) } function Xi(t, e) { t.top = Math.max(t.top, e.top), t.left = Math.max(t.left, e.left), t.bottom = Math.max(t.bottom, e.bottom), t.right = Math.max(t.right, e.right) } function qi(t, e, i, s) { const a = []; let n, o, r, l, h, c; for (n = 0, o = t.length, h = 0; n < o; ++n) { r = t[n], (l = r.box).update(r.width || e.w, r.height || e.h, function (t, e) { const i = e.maxPadding; { const s = { left: 0, top: 0, right: 0, bottom: 0 }; return (t = t ? ["left", "right"] : ["top", "bottom"]).forEach(t => { s[t] = Math.max(e[t], i[t]) }), s } }(r.horizontal, e)); const { same: o, other: d } = function (t, e, i, s) { const { pos: a, box: n } = i, o = t.maxPadding; if (!A(a)) { i.size && (t[a] -= i.size); const e = s[i.stack] || { size: 0, count: 1 }; e.size = Math.max(e.size, i.horizontal ? n.height : n.width), i.size = e.size / e.count, t[a] += i.size } n.getPadding && Xi(o, n.getPadding()); var s = Math.max(0, e.outerWidth - Ui(o, t, "left", "right")), e = Math.max(0, e.outerHeight - Ui(o, t, "top", "bottom")), r = s !== t.w, l = e !== t.h; return t.w = s, t.h = e, i.horizontal ? { same: r, other: l } : { same: l, other: r } }(e, i, r, s); h |= o && a.length, c = c || d, l.fullSize || a.push(r) } return h && qi(a, e, i, s) || c } function Ki(t, e, i, s, a) { t.top = i, t.left = e, t.right = e + s, t.bottom = i + a, t.width = s, t.height = a } function Gi(t, e, i, s) { var a = i.padding; let { x: n, y: o } = e; for (const r of t) { const t = r.box, l = s[r.stack] || { count: 1, placed: 0, weight: 1 }, h = r.stackWeight / l.weight || 1; if (r.horizontal) { const s = e.w * h, n = l.size || t.height; f(l.start) && (o = l.start), t.fullSize ? Ki(t, a.left, o, i.outerWidth - a.right - a.left, n) : Ki(t, e.left + l.placed, o, s, n), l.start = o, l.placed += s, o = t.bottom } else { const s = e.h * h, o = l.size || t.width; f(l.start) && (n = l.start), t.fullSize ? Ki(t, n, a.top, o, i.outerHeight - a.bottom - a.top) : Ki(t, n, e.top + l.placed, o, s), l.start = n, l.placed += s, n = t.right } } e.x = n, e.y = o } var a = { addBox(t, e) { t.boxes || (t.boxes = []), e.fullSize = e.fullSize || !1, e.position = e.position || "top", e.weight = e.weight || 0, e._layers = e._layers || function () { return [{ z: 0, draw(t) { e.draw(t) } }] }, t.boxes.push(e) }, removeBox(t, e) { e = t.boxes ? t.boxes.indexOf(e) : -1; -1 !== e && t.boxes.splice(e, 1) }, configure(t, e, i) { e.fullSize = i.fullSize, e.position = i.position, e.weight = i.weight }, update(l, t, e, i) { if (l) { const o = I(l.options.layout.padding), r = Math.max(t - o.width, 0), h = Math.max(e - o.height, 0), c = function () { const t = function (t) { const e = []; let i, s, a, n, o, r; for (i = 0, s = (t || []).length; i < s; ++i)({ position: n, options: { stack: o, stackWeight: r = 1 } } = a = t[i]), e.push({ index: i, box: a, pos: n, horizontal: a.isHorizontal(), weight: a.weight, stack: o && n + o, stackWeight: r }); return e }(l.boxes), e = $i(t.filter(t => t.box.fullSize), !0), i = $i(ji(t, "left"), !0), s = $i(ji(t, "right")), a = $i(ji(t, "top"), !0), n = $i(ji(t, "bottom")), o = Yi(t, "x"), r = Yi(t, "y"); return { fullSize: e, leftAndTop: i.concat(a), rightAndBottom: s.concat(r).concat(n).concat(o), chartArea: ji(t, "chartArea"), vertical: i.concat(s).concat(r), horizontal: a.concat(n).concat(o) } }(), d = c.vertical, u = c.horizontal; w(l.boxes, t => { "function" == typeof t.beforeLayout && t.beforeLayout() }); var s = d.reduce((t, e) => e.box.options && !1 === e.box.options.display ? t : t + 1, 0) || 1, t = Object.freeze({ outerWidth: t, outerHeight: e, padding: o, availableWidth: r, availableHeight: h, vBoxMaxWidth: r / 2 / s, hBoxMaxHeight: h / 2 }), e = Object.assign({}, o); Xi(e, I(i)); const g = Object.assign({ maxPadding: e, w: r, h: h, x: o.left, y: o.top }, o), f = function (t, e) { var i = function (t) { const e = {}; for (const i of t) { const { stack: t, pos: s, stackWeight: a } = i; if (t && Hi.includes(s)) { const n = e[t] || (e[t] = { count: 0, placed: 0, weight: 0, size: 0 }); n.count++, n.weight += a } } return e }(t), { vBoxMaxWidth: s, hBoxMaxHeight: a } = e; let n, o, r; for (n = 0, o = t.length; n < o; ++n) { const o = (r = t[n]).box["fullSize"], l = i[r.stack], h = l && r.stackWeight / l.weight; r.horizontal ? (r.width = h ? h * s : o && e.availableWidth, r.height = a) : (r.width = s, r.height = h ? h * a : o && e.availableHeight) } return i }(d.concat(u), t); qi(c.fullSize, g, t, f), qi(d, g, t, f), qi(u, g, t, f) && qi(d, g, t, f); { var a = g; const p = a.maxPadding; function n(t) { var e = Math.max(p[t] - a[t], 0); return a[t] += e, e } a.y += n("top"), a.x += n("left"), n("right"), n("bottom") } Gi(c.leftAndTop, g, t, f), g.x += g.w, g.y += g.h, Gi(c.rightAndBottom, g, t, f), l.chartArea = { left: g.left, top: g.top, right: g.left + g.w, bottom: g.top + g.h, height: g.h, width: g.w }, w(c.chartArea, t => { const e = t.box; Object.assign(e, l.chartArea), e.update(g.w, g.h, { left: 0, top: 0, right: 0, bottom: 0 }) }) } } }; class Zi { acquireContext(t, e) { } releaseContext(t) { return !1 } addEventListener(t, e, i) { } removeEventListener(t, e, i) { } getDevicePixelRatio() { return 1 } getMaximumSize(t, e, i, s) { return e = Math.max(0, e || t.width), i = i || t.height, { width: e, height: Math.max(0, s ? Math.floor(e / s) : i) } } isAttached(t) { return !0 } updateConfig(t) { } } class Ji extends Zi { acquireContext(t) { return t && t.getContext && t.getContext("2d") || null } updateConfig(t) { t.options.animation = !1 } } const Qi = { touchstart: "mousedown", touchmove: "mousemove", touchend: "mouseup", pointerenter: "mouseenter", pointerdown: "mousedown", pointermove: "mousemove", pointerup: "mouseup", pointerleave: "mouseout", pointerout: "mouseout" }, ts = t => null === t || "" === t, es = !!Ce && { passive: !0 }; function is(t, e) { for (const i of t) if (i === e || i.contains(e)) return !0 } function ss(t, e, i) { const s = t.canvas, a = new MutationObserver(t => { let e = !1; for (const i of t) e = e || is(i.addedNodes, s), e = e && !is(i.removedNodes, s); e && i() }); return a.observe(document, { childList: !0, subtree: !0 }), a } function as(t, e, i) { const s = t.canvas, a = new MutationObserver(t => { let e = !1; for (const i of t) e = e || is(i.removedNodes, s), e = e && !is(i.addedNodes, s); e && i() }); return a.observe(document, { childList: !0, subtree: !0 }), a } const ns = new Map; let os = 0; function rs() { const i = window.devicePixelRatio; i !== os && (os = i, ns.forEach((t, e) => { e.currentDevicePixelRatio !== i && t() })) } function ls(t, e, s) { const i = t.canvas, a = i && xe(i); if (a) { const o = kt((t, e) => { var i = a.clientWidth; s(t, e), i < a.clientWidth && s() }, window), r = new ResizeObserver(t => { var t = t[0], e = t.contentRect.width, t = t.contentRect.height; 0 === e && 0 === t || o(e, t) }); return r.observe(a), t = t, n = o, ns.size || window.addEventListener("resize", rs), ns.set(t, n), r; var n } } function hs(t, e, i) { i && i.disconnect(), "resize" === e && (i = t, ns.delete(i), ns.size || window.removeEventListener("resize", rs)) } function cs(e, t, i) { var s = e.canvas, a = kt(t => { null !== e.ctx && i(function (t, e) { var i = Qi[t.type] || t.type, { x: s, y: a } = ke(t, e); return { type: i, chart: e, native: t, x: void 0 !== s ? s : null, y: void 0 !== a ? a : null } }(t, e)) }, e); return s.addEventListener(t, a, es), a } class ds extends Zi { acquireContext(t, e) { var i = t && t.getContext && t.getContext("2d"); { if (i && i.canvas === t) { { var s = e; const a = t.style, n = t.getAttribute("height"), o = t.getAttribute("width"); if (t.$chartjs = { initial: { height: n, width: o, style: { display: a.display, height: a.height, width: a.width } } }, a.display = a.display || "block", a.boxSizing = a.boxSizing || "border-box", ts(o)) { const s = Oe(t, "width"); void 0 !== s && (t.width = s) } if (ts(n)) if ("" === t.style.height) t.height = t.width / (s || 2); else { const s = Oe(t, "height"); void 0 !== s && (t.height = s) } } return i } return null } } releaseContext(t) { const i = t.canvas; if (!i.$chartjs) return !1; const s = i.$chartjs.initial, e = (["height", "width"].forEach(t => { var e = s[t]; P(e) ? i.removeAttribute(t) : i.setAttribute(t, e) }), s.style || {}); return Object.keys(e).forEach(t => { i.style[t] = e[t] }), i.width = i.width, delete i.$chartjs, !0 } addEventListener(t, e, i) { this.removeEventListener(t, e); const s = t.$proxies || (t.$proxies = {}), a = { attach: ss, detach: as, resize: ls }[e] || cs; s[e] = a(t, e, i) } removeEventListener(t, e) { const i = t.$proxies || (t.$proxies = {}), s = i[e]; s && (({ attach: hs, detach: hs, resize: hs }[e] || function (t, e, i) { t.canvas.removeEventListener(e, i, es) })(t, e, s), i[e] = void 0) } getDevicePixelRatio() { return window.devicePixelRatio } getMaximumSize(t, e, i, s) { return Pe(t, e, i, s) } isAttached(t) { t = xe(t); return !(!t || !t.isConnected) } } function us(t) { return !be() || "undefined" != typeof OffscreenCanvas && t instanceof OffscreenCanvas ? Ji : ds } Ce = Object.freeze({ __proto__: null, _detectPlatform: us, BasePlatform: Zi, BasicPlatform: Ji, DomPlatform: ds }); const gs = "transparent", fs = { boolean: (t, e, i) => .5 < i ? e : t, color(t, e, i) { const s = ne(t || gs), a = s.valid && ne(e || gs); return a && a.valid ? a.mix(s, i).hexString() : e }, number: (t, e, i) => t + (e - t) * i }; class ps { constructor(t, e, i, s) { var a = e[i], a = (s = wi([t.to, s, a, t.from]), wi([t.from, a, s])); this._active = !0, this._fn = t.fn || fs[t.type || typeof a], this._easing = gi[t.easing] || gi.linear, this._start = Math.floor(Date.now() + (t.delay || 0)), this._duration = this._total = Math.floor(t.duration), this._loop = !!t.loop, this._target = e, this._prop = i, this._from = a, this._to = s, this._promises = void 0 } active() { return this._active } update(t, e, i) { var s, a, n; this._active && (this._notify(!1), s = this._target[this._prop], a = i - this._start, n = this._duration - a, this._start = i, this._duration = Math.floor(Math.max(n, t.duration)), this._total += a, this._loop = !!t.loop, this._to = wi([t.to, e, s, t.from]), this._from = wi([t.from, s, e])) } cancel() { this._active && (this.tick(Date.now()), this._active = !1, this._notify(!1)) } tick(t) { var t = t - this._start, e = this._duration, i = this._prop, s = this._from, a = this._loop, n = this._to; let o; if (this._active = s !== n && (a || t < e), !this._active) return this._target[i] = n, void this._notify(!0); t < 0 ? this._target[i] = s : (o = t / e % 2, o = a && 1 < o ? 2 - o : o, o = this._easing(Math.min(1, Math.max(0, o))), this._target[i] = this._fn(s, n, o)) } wait() { const i = this._promises || (this._promises = []); return new Promise((t, e) => { i.push({ res: t, rej: e }) }) } _notify(t) { const e = t ? "res" : "rej", i = this._promises || []; for (let t = 0; t < i.length; t++)i[t][e]() } } class ms { constructor(t, e) { this._chart = t, this._properties = new Map, this.configure(e) } configure(s) { if (A(s)) { const a = Object.keys(R.animation), n = this._properties; Object.getOwnPropertyNames(s).forEach(e => { const t = s[e]; if (A(t)) { const i = {}; for (const s of a) i[s] = t[s]; (O(t.properties) && t.properties || [e]).forEach(t => { t !== e && n.has(t) || n.set(t, i) }) } }) } } _animateOptions(t, e) { const i = e.options, s = function (e, i) { if (i) { let t = e.options; if (t) return t.$shared && (e.options = t = Object.assign({}, t, { $shared: !1, $animations: {} })), t; e.options = i } }(t, i); if (!s) return []; e = this._createAnimations(s, i); return i.$shared && function (e, t) { const i = [], s = Object.keys(t); for (let t = 0; t < s.length; t++) { const a = e[s[t]]; a && a.active() && i.push(a.wait()) } return Promise.all(i) }(t.options.$animations, i).then(() => { t.options = i }, () => { }), e } _createAnimations(e, i) { const s = this._properties, a = [], n = e.$animations || (e.$animations = {}), t = Object.keys(i), o = Date.now(); let r; for (r = t.length - 1; 0 <= r; --r) { const c = t[r]; if ("$" !== c.charAt(0)) if ("options" === c) a.push(...this._animateOptions(e, i)); else { var l = i[c]; let t = n[c]; var h = s.get(c); if (t) { if (h && t.active()) { t.update(h, l, o); continue } t.cancel() } h && h.duration ? (n[c] = t = new ps(h, e, c, l), a.push(t)) : e[c] = l } } return a } update(t, e) { { if (0 !== this._properties.size) return (t = this._createAnimations(t, e)).length ? (l.add(this._chart, t), !0) : void 0; Object.assign(t, e) } } } function bs(t, e) { var t = t && t.options || {}, i = t.reverse, s = void 0 === t.min ? e : 0, t = void 0 === t.max ? e : 0; return { start: i ? t : s, end: i ? s : t } } function xs(t, e) { const i = [], s = t._getSortedDatasetMetas(e); let a, n; for (a = 0, n = s.length; a < n; ++a)i.push(s[a].index); return i } function vs(t, e, i, s = {}) { var a = t.keys, n = "single" === s.mode; let o, r, l, h; if (null !== e) { for (o = 0, r = a.length; o < r; ++o) { if ((l = +a[o]) === i) { if (s.all) continue; break } p(h = t.values[l]) && (n || 0 === e || y(e) === y(h)) && (e += h) } return e } } function _s(t, e) { t = t && t.options.stacked; return t || void 0 === t && void 0 !== e.stack } function ys(t, e, i, s) { for (const a of e.getMatchingVisibleMetas(s).reverse()) { const e = t[a.index]; if (i && 0 < e || !i && e < 0) return a.index } return null } function Ms(t, e) { const { chart: i, _cachedMeta: s } = t, a = i._stacks || (i._stacks = {}), { iScale: n, vScale: o, index: r } = s, l = n.axis, h = o.axis, c = `${n.id}.${o.id}.` + (s.stack || s.type), d = e.length; let u; for (let t = 0; t < d; ++t) { const i = e[t], { [l]: n, [h]: d } = i; (u = (i._stacks || (i._stacks = {}))[h] = function (t, e, i) { const s = t[e] || (t[e] = {}); return s[i] || (s[i] = {}) }(a, c, n))[r] = d, u._top = ys(u, o, !0, s.type), u._bottom = ys(u, o, !1, s.type), (u._visualValues || (u._visualValues = {}))[r] = d } } function ws(t, e) { const i = t.scales; return Object.keys(i).filter(t => i[t].axis === e).shift() } function ks(t, e) { var i = t.controller.index, s = t.vScale && t.vScale.axis; if (s) { e = e || t._parsed; for (const t of e) { const e = t._stacks; if (!e || void 0 === e[s] || void 0 === e[s][i]) return; delete e[s][i], void 0 !== e[s]._visualValues && void 0 !== e[s]._visualValues[i] && delete e[s]._visualValues[i] } } } const Ss = t => "reset" === t || "none" === t, Ps = (t, e) => e ? t : Object.assign({}, t); class Ds { static defaults = {}; static datasetElementType = null; static dataElementType = null; constructor(t, e) { this.chart = t, this._ctx = t.ctx, this.index = e, this._cachedDataOpts = {}, this._cachedMeta = this.getMeta(), this._type = this._cachedMeta.type, this.options = void 0, this._parsing = !1, this._data = void 0, this._objectData = void 0, this._sharedOptions = void 0, this._drawStart = void 0, this._drawCount = void 0, this.enableOptionSharing = !1, this.supportsDecimation = !1, this.$context = void 0, this._syncList = [], this.datasetElementType = new.target.datasetElementType, this.dataElementType = new.target.dataElementType, this.initialize() } initialize() { const t = this._cachedMeta; this.configure(), this.linkScales(), t._stacked = _s(t.vScale, t), this.addElements(), this.options.fill && !this.chart.isPluginEnabled("filler") && console.warn("Tried to use the 'fill' option without the 'Filler' plugin enabled. Please import and register the 'Filler' plugin and make sure it is not disabled in the options") } updateIndex(t) { this.index !== t && ks(this._cachedMeta), this.index = t } linkScales() { const t = this.chart, e = this._cachedMeta, i = this.getDataset(), s = (t, e, i, s) => "x" === t ? e : "r" === t ? s : i, a = e.xAxisID = T(i.xAxisID, ws(t, "x")), n = e.yAxisID = T(i.yAxisID, ws(t, "y")), o = e.rAxisID = T(i.rAxisID, ws(t, "r")), r = e.indexAxis, l = e.iAxisID = s(r, a, n, o), h = e.vAxisID = s(r, n, a, o); e.xScale = this.getScaleForId(a), e.yScale = this.getScaleForId(n), e.rScale = this.getScaleForId(o), e.iScale = this.getScaleForId(l), e.vScale = this.getScaleForId(h) } getDataset() { return this.chart.data.datasets[this.index] } getMeta() { return this.chart.getDatasetMeta(this.index) } getScaleForId(t) { return this.chart.scales[t] } _getOtherScale(t) { var e = this._cachedMeta; return t === e.iScale ? e.vScale : e.iScale } reset() { this._update("reset") } _destroy() { var t = this._cachedMeta; this._data && yt(this._data, this), t._stacked && ks(t) } _dataCheck() { const t = this.getDataset(), e = t.data || (t.data = []), i = this._data; if (A(e)) this._data = function (t) { const e = Object.keys(t), i = new Array(e.length); let s, a, n; for (s = 0, a = e.length; s < a; ++s)n = e[s], i[s] = { x: n, y: t[n] }; return i }(e); else if (i !== e) { if (i) { yt(i, this); const t = this._cachedMeta; ks(t), t._parsed = [] } e && Object.isExtensible(e) && _t(e, this), this._syncList = [], this._data = e } } addElements() { const t = this._cachedMeta; this._dataCheck(), this.datasetElementType && (t.dataset = new this.datasetElementType) } buildOrUpdateElements(t) { const e = this._cachedMeta, i = this.getDataset(); let s = !1; this._dataCheck(); var a = e._stacked; e._stacked = _s(e.vScale, e), e.stack !== i.stack && (s = !0, ks(e), e.stack = i.stack), this._resyncElements(t), !s && a === e._stacked || Ms(this, e._parsed) } configure() { const t = this.chart.config, e = t.datasetScopeKeys(this._type), i = t.getOptionScopes(this.getDataset(), e, !0); this.options = t.createResolver(i, this.getContext()), this._parsing = this.options.parsing, this._cachedDataOpts = {} } parse(t, e) { const { _cachedMeta: i, _data: s } = this, { iScale: a, _stacked: n } = i, o = a.axis; let r, l, h, c = 0 === t && e === s.length || i._sorted, d = 0 < t && i._parsed[t - 1]; if (!1 === this._parsing) i._parsed = s, i._sorted = !0, h = s; else { h = O(s[t]) ? this.parseArrayData(i, s, t, e) : A(s[t]) ? this.parseObjectData(i, s, t, e) : this.parsePrimitiveData(i, s, t, e); const a = () => null === l[o] || d && l[o] < d[o]; for (r = 0; r < e; ++r)i._parsed[r + t] = l = h[r], c && (a() && (c = !1), d = l); i._sorted = c } n && Ms(this, h) } parsePrimitiveData(t, e, i, s) { const { iScale: a, vScale: n } = t, o = a.axis, r = n.axis, l = a.getLabels(), h = a === n, c = new Array(s); let d, u, g; for (d = 0, u = s; d < u; ++d)g = d + i, c[d] = { [o]: h || a.parse(l[g], g), [r]: n.parse(e[g], g) }; return c } parseArrayData(t, e, i, s) { const { xScale: a, yScale: n } = t, o = new Array(s); let r, l, h, c; for (r = 0, l = s; r < l; ++r)c = e[h = r + i], o[r] = { x: a.parse(c[0], h), y: n.parse(c[1], h) }; return o } parseObjectData(t, e, i, s) { const { xScale: a, yScale: n } = t, { xAxisKey: o = "x", yAxisKey: r = "y" } = this._parsing, l = new Array(s); let h, c, d, u; for (h = 0, c = s; h < c; ++h)u = e[d = h + i], l[h] = { x: a.parse(m(u, o), d), y: n.parse(m(u, r), d) }; return l } getParsed(t) { return this._cachedMeta._parsed[t] } getDataElement(t) { return this._cachedMeta.data[t] } applyStack(t, e, i) { var s = this.chart, a = this._cachedMeta, n = e[t.axis]; return vs({ keys: xs(s, !0), values: e._stacks[t.axis]._visualValues }, n, a.index, { mode: i }) } updateRangeFromParsed(t, e, i, s) { var a = i[e.axis]; let n = null === a ? NaN : a; i = s && i._stacks[e.axis]; s && i && (s.values = i, n = vs(s, a, this._cachedMeta.index)), t.min = Math.min(t.min, n), t.max = Math.max(t.max, n) } getMinMax(e, t) { const i = this._cachedMeta, s = i._parsed, a = i._sorted && e === i.iScale, n = s.length, o = this._getOtherScale(e), r = (d = this.chart, t && !i.hidden && i._stacked && { keys: xs(d, !0), values: null }), l = { min: Number.POSITIVE_INFINITY, max: Number.NEGATIVE_INFINITY }, { min: h, max: c } = function () { var { min: t, max: e, minDefined: i, maxDefined: s } = o.getUserBounds(); return { min: i ? t : Number.NEGATIVE_INFINITY, max: s ? e : Number.POSITIVE_INFINITY } }(); var d; let u, g; function f() { var t = (g = s[u])[o.axis]; return !p(g[e.axis]) || h > t || c < t } for (u = 0; u < n && (f() || (this.updateRangeFromParsed(l, e, g, r), !a)); ++u); if (a) for (u = n - 1; 0 <= u; --u)if (!f()) { this.updateRangeFromParsed(l, e, g, r); break } return l } getAllParsedValues(t) { const e = this._cachedMeta._parsed, i = []; let s, a, n; for (s = 0, a = e.length; s < a; ++s)p(n = e[s][t.axis]) && i.push(n); return i } getMaxOverflow() { return !1 } getLabelAndValue(t) { const e = this._cachedMeta, i = e.iScale, s = e.vScale, a = this.getParsed(t); return { label: i ? "" + i.getLabelForValue(a[i.axis]) : "", value: s ? "" + s.getLabelForValue(a[s.axis]) : "" } } _update(t) { const e = this._cachedMeta; this.update(t || "default"), e._clip = function (t) { let e, i, s, a; return A(t) ? (e = t.top, i = t.right, s = t.bottom, a = t.left) : e = i = s = a = t, { top: e, right: i, bottom: s, left: a, disabled: !1 === t } }(T(this.options.clip, function (t, e, i) { if (!1 === i) return !1; t = bs(t, i), e = bs(e, i); return { top: e.end, right: t.end, bottom: e.start, left: t.start } }(e.xScale, e.yScale, this.getMaxOverflow()))) } update(t) { } draw() { const t = this._ctx, e = this.chart, i = this._cachedMeta, s = i.data || [], a = e.chartArea, n = [], o = this._drawStart || 0, r = this._drawCount || s.length - o, l = this.options.drawActiveElementsOnTop; let h; for (i.dataset && i.dataset.draw(t, a, o, r), h = o; h < o + r; ++h) { const e = s[h]; e.hidden || (e.active && l ? n.push(e) : e.draw(t, a)) } for (h = 0; h < n.length; ++h)n[h].draw(t, a) } getStyle(t, e) { e = e ? "active" : "default"; return void 0 === t && this._cachedMeta.dataset ? this.resolveDatasetElementOptions(e) : this.resolveDataElementOptions(t || 0, e) } getContext(t, e, i) { var s, a = this.getDataset(); let n; if (0 <= t && t < this._cachedMeta.data.length) { const e = this._cachedMeta.data[t]; (n = e.$context || (e.$context = Si(this.getContext(), { active: !1, dataIndex: t, parsed: void 0, raw: void 0, element: e, index: t, mode: "default", type: "data" }))).parsed = this.getParsed(t), n.raw = a.data[t], n.index = n.dataIndex = t } else (n = this.$context || (this.$context = (t = this.chart.getContext(), s = this.index, Si(t, { active: !1, dataset: void 0, datasetIndex: s, index: s, mode: "default", type: "dataset" })))).dataset = a, n.index = n.datasetIndex = this.index; return n.active = !!e, n.mode = i, n } resolveDatasetElementOptions(t) { return this._resolveElementOptions(this.datasetElementType.id, t) } resolveDataElementOptions(t, e) { return this._resolveElementOptions(this.dataElementType.id, e, t) } _resolveElementOptions(t, e = "default", i) { const s = "active" === e, a = this._cachedDataOpts, n = t + "-" + e, o = a[n], r = this.enableOptionSharing && f(i); if (o) return Ps(o, r); const l = this.chart.config, h = l.datasetElementScopeKeys(this._type, t), c = s ? [t + "Hover", "hover", t, ""] : [t, ""], d = l.getOptionScopes(this.getDataset(), h), u = Object.keys(R.elements[t]), g = l.resolveNamedOptions(d, u, () => this.getContext(i, s, e), c); return g.$shared && (g.$shared = r, a[n] = Object.freeze(Ps(g, r))), g } _resolveAnimations(t, e, i) { const s = this.chart, a = this._cachedDataOpts, n = "animation-" + e, o = a[n]; if (o) return o; let r; if (!1 !== s.options.animation) { const s = this.chart.config, a = s.datasetAnimationScopeKeys(this._type, e), n = s.getOptionScopes(this.getDataset(), a); r = s.createResolver(n, this.getContext(t, i, e)) } t = new ms(s, r && r.animations); return r && r._cacheable && (a[n] = Object.freeze(t)), t } getSharedOptions(t) { if (t.$shared) return this._sharedOptions || (this._sharedOptions = Object.assign({}, t)) } includeOptions(t, e) { return !e || Ss(t) || this.chart._animationsDisabled } _getSharedOptions(t, e) { var t = this.resolveDataElementOptions(t, e), i = this._sharedOptions, s = this.getSharedOptions(t), i = this.includeOptions(e, s) || s !== i; return this.updateSharedOptions(s, e, t), { sharedOptions: s, includeOptions: i } } updateElement(t, e, i, s) { Ss(s) ? Object.assign(t, i) : this._resolveAnimations(e, s).update(t, i) } updateSharedOptions(t, e, i) { t && !Ss(e) && this._resolveAnimations(void 0, e).update(t, i) } _setStyle(t, e, i, s) { t.active = s; var a = this.getStyle(e, s); this._resolveAnimations(e, i, s).update(t, { options: !s && this.getSharedOptions(a) || a }) } removeHoverStyle(t, e, i) { this._setStyle(t, i, "active", !1) } setHoverStyle(t, e, i) { this._setStyle(t, i, "active", !0) } _removeDatasetHoverStyle() { var t = this._cachedMeta.dataset; t && this._setStyle(t, void 0, "active", !1) } _setDatasetHoverStyle() { var t = this._cachedMeta.dataset; t && this._setStyle(t, void 0, "active", !0) } _resyncElements(t) { const e = this._data, i = this._cachedMeta.data; for (const [t, e, i] of this._syncList) this[t](e, i); this._syncList = []; var s = i.length, a = e.length, n = Math.min(a, s); n && this.parse(0, n), s < a ? this._insertElements(s, a - s, t) : a < s && this._removeElements(a, s - a) } _insertElements(t, e, i = !0) { const s = this._cachedMeta, a = s.data, n = t + e; let o; var r = t => { for (t.length += e, o = t.length - 1; o >= n; o--)t[o] = t[o - e] }; for (r(a), o = t; o < n; ++o)a[o] = new this.dataElementType; this._parsing && r(s._parsed), this.parse(t, e), i && this.updateElements(a, t, e, "reset") } updateElements(t, e, i, s) { } _removeElements(t, e) { const i = this._cachedMeta; var s; this._parsing && (s = i._parsed.splice(t, e), i._stacked && ks(i, s)), i.data.splice(t, e) } _sync(t) { var e, i, s; this._parsing ? this._syncList.push(t) : ([e, i, s] = t, this[e](i, s)), this.chart._dataChanges.push([this.index, ...t]) } _onDataPush() { var t = arguments.length; this._sync(["_insertElements", this.getDataset().data.length - t, t]) } _onDataPop() { this._sync(["_removeElements", this._cachedMeta.data.length - 1, 1]) } _onDataShift() { this._sync(["_removeElements", 0, 1]) } _onDataSplice(t, e) { e && this._sync(["_removeElements", t, e]); e = arguments.length - 2; e && this._sync(["_insertElements", t, e]) } _onDataUnshift() { this._sync(["_insertElements", 0, arguments.length]) } } class e { static defaults = {}; static defaultRoutes = void 0; active = !1; tooltipPosition(t) { var { x: t, y: e } = this.getProps(["x", "y"], t); return { x: t, y: e } } hasValue() { return ot(this.x) && ot(this.y) } getProps(t, e) { const i = this.$animations; if (!e || !i) return this; const s = {}; return t.forEach(t => { s[t] = i[t] && i[t].active() ? i[t]._to : this[t] }), s } } function Cs(t, e, i, s, a) { var n = T(s, 0), o = Math.min(T(a, t.length), t.length); let r, l, h, c = 0; for (i = Math.ceil(i), a && (i = (r = a - s) / Math.floor(r / i)), h = n; h < 0;)c++, h = Math.round(n + c * i); for (l = Math.max(n, 0); l < o; l++)l === h && (e.push(t[l]), c++, h = Math.round(n + c * i)) } const Os = (t, e, i) => "top" === e || "left" === e ? t[e] + i : t[e] - i; function As(t, e) { const i = [], s = t.length / e, a = t.length; let n = 0; for (; n < a; n += s)i.push(t[Math.floor(n)]); return i } function Ts(t) { return t.drawTicks ? t.tickLength : 0 } function Ls(t, e) { if (!t.display) return 0; var e = z(t.font, e), i = I(t.padding); return (O(t.text) ? t.text.length : 1) * e.lineHeight + i.height } class Es extends e { constructor(t) { super(), this.id = t.id, this.type = t.type, this.options = void 0, this.ctx = t.ctx, this.chart = t.chart, this.top = void 0, this.bottom = void 0, this.left = void 0, this.right = void 0, this.width = void 0, this.height = void 0, this._margins = { left: 0, right: 0, top: 0, bottom: 0 }, this.maxWidth = void 0, this.maxHeight = void 0, this.paddingTop = void 0, this.paddingBottom = void 0, this.paddingLeft = void 0, this.paddingRight = void 0, this.axis = void 0, this.labelRotation = void 0, this.min = void 0, this.max = void 0, this._range = void 0, this.ticks = [], this._gridLineItems = null, this._labelItems = null, this._labelSizes = null, this._length = 0, this._maxLength = 0, this._longestTextCache = {}, this._startPixel = void 0, this._endPixel = void 0, this._reversePixels = !1, this._userMax = void 0, this._userMin = void 0, this._suggestedMax = void 0, this._suggestedMin = void 0, this._ticksLength = 0, this._borderValue = 0, this._cache = {}, this._dataLimitsCached = !1, this.$context = void 0 } init(t) { this.options = t.setContext(this.getContext()), this.axis = t.axis, this._userMin = this.parse(t.min), this._userMax = this.parse(t.max), this._suggestedMin = this.parse(t.suggestedMin), this._suggestedMax = this.parse(t.suggestedMax) } parse(t, e) { return t } getUserBounds() { var { _userMin: t, _userMax: e, _suggestedMin: i, _suggestedMax: s } = this, t = g(t, Number.POSITIVE_INFINITY), e = g(e, Number.NEGATIVE_INFINITY), i = g(i, Number.POSITIVE_INFINITY), s = g(s, Number.NEGATIVE_INFINITY); return { min: g(t, i), max: g(e, s), minDefined: p(t), maxDefined: p(e) } } getMinMax(i) { let s, { min: a, max: n, minDefined: o, maxDefined: r } = this.getUserBounds(); if (o && r) return { min: a, max: n }; const l = this.getMatchingVisibleMetas(); for (let t = 0, e = l.length; t < e; ++t)s = l[t].controller.getMinMax(this, i), o || (a = Math.min(a, s.min)), r || (n = Math.max(n, s.max)); return a = r && a > n ? n : a, n = o && a > n ? a : n, { min: g(a, g(n, a)), max: g(n, g(a, n)) } } getPadding() { return { left: this.paddingLeft || 0, top: this.paddingTop || 0, right: this.paddingRight || 0, bottom: this.paddingBottom || 0 } } getTicks() { return this.ticks } getLabels() { var t = this.chart.data; return this.options.labels || (this.isHorizontal() ? t.xLabels : t.yLabels) || t.labels || [] } getLabelItems(t = this.chart.chartArea) { return this._labelItems || (this._labelItems = this._computeLabelItems(t)) } beforeLayout() { this._cache = {}, this._dataLimitsCached = !1 } beforeUpdate() { d(this.options.beforeUpdate, [this]) } update(t, e, i) { var { beginAtZero: s, grace: a, ticks: n } = this.options, o = n.sampleSize, t = (this.beforeUpdate(), this.maxWidth = t, this.maxHeight = e, this._margins = i = Object.assign({ left: 0, right: 0, top: 0, bottom: 0 }, i), this.ticks = null, this._labelSizes = null, this._gridLineItems = null, this._labelItems = null, this.beforeSetDimensions(), this.setDimensions(), this.afterSetDimensions(), this._maxLength = this.isHorizontal() ? this.width + i.left + i.right : this.height + i.top + i.bottom, this._dataLimitsCached || (this.beforeDataLimits(), this.determineDataLimits(), this.afterDataLimits(), this._range = ki(this, a, s), this._dataLimitsCached = !0), this.beforeBuildTicks(), this.ticks = this.buildTicks() || [], this.afterBuildTicks(), o < this.ticks.length); this._convertTicksToLabels(t ? As(this.ticks, o) : this.ticks), this.configure(), this.beforeCalculateLabelRotation(), this.calculateLabelRotation(), this.afterCalculateLabelRotation(), n.display && (n.autoSkip || "auto" === n.source) && (this.ticks = function (t, s) { const e = t.options.ticks, i = (c = (t = t).options.offset, d = t._tickSize(), c = t._length / d + (c ? 0 : 1), t = t._maxLength / d, Math.floor(Math.min(c, t))), a = Math.min(e.maxTicksLimit || i, i), n = e.major.enabled ? function (t) { const e = []; let i, s; for (i = 0, s = t.length; i < s; i++)t[i].major && e.push(i); return e }(s) : [], o = n.length, r = n[0], l = n[o - 1], h = []; var c, d; if (a < o) { { var u = s; var g = h; var f = n; var p = o / a; let t, e = 0, i = f[0]; for (p = Math.ceil(p), t = 0; t < u.length; t++)t === i && (g.push(u[t]), e++, i = f[e * p]) } return h } var m = function (t, i, e) { var t = function (t) { var e = t.length; let i, s; if (e < 2) return !1; for (s = t[0], i = 1; i < e; ++i)if (t[i] - t[i - 1] !== s) return !1; return s }(t), s = i.length / e; if (!t) return Math.max(s, 1); var a = nt(t); for (let t = 0, e = a.length - 1; t < e; t++) { const i = a[t]; if (i > s) return i } return Math.max(s, 1) }(n, s, a); if (0 < o) { let t, e; const i = 1 < o ? Math.round((l - r) / (o - 1)) : null; for (Cs(s, h, m, P(i) ? 0 : r - i, r), t = 0, e = o - 1; t < e; t++)Cs(s, h, m, n[t], n[t + 1]); return Cs(s, h, m, l, P(i) ? s.length : l + i), h } return Cs(s, h, m), h }(this, this.ticks), this._labelSizes = null, this.afterAutoSkip()), t && this._convertTicksToLabels(this.ticks), this.beforeFit(), this.fit(), this.afterFit(), this.afterUpdate() } configure() { let t, e, i = this.options.reverse; this.isHorizontal() ? (t = this.left, e = this.right) : (t = this.top, e = this.bottom, i = !i), this._startPixel = t, this._endPixel = e, this._reversePixels = i, this._length = e - t, this._alignToPixels = this.options.alignToPixels } afterUpdate() { d(this.options.afterUpdate, [this]) } beforeSetDimensions() { d(this.options.beforeSetDimensions, [this]) } setDimensions() { this.isHorizontal() ? (this.width = this.maxWidth, this.left = 0, this.right = this.width) : (this.height = this.maxHeight, this.top = 0, this.bottom = this.height), this.paddingLeft = 0, this.paddingTop = 0, this.paddingRight = 0, this.paddingBottom = 0 } afterSetDimensions() { d(this.options.afterSetDimensions, [this]) } _callHooks(t) { this.chart.notifyPlugins(t, this.getContext()), d(this.options[t], [this]) } beforeDataLimits() { this._callHooks("beforeDataLimits") } determineDataLimits() { } afterDataLimits() { this._callHooks("afterDataLimits") } beforeBuildTicks() { this._callHooks("beforeBuildTicks") } buildTicks() { return [] } afterBuildTicks() { this._callHooks("afterBuildTicks") } beforeTickToLabelConversion() { d(this.options.beforeTickToLabelConversion, [this]) } generateTickLabels(t) { var e = this.options.ticks; let i, s, a; for (i = 0, s = t.length; i < s; i++)(a = t[i]).label = d(e.callback, [a.value, i, t], this) } afterTickToLabelConversion() { d(this.options.afterTickToLabelConversion, [this]) } beforeCalculateLabelRotation() { d(this.options.beforeCalculateLabelRotation, [this]) } calculateLabelRotation() { var t, e, i, s, a = this.options, n = a.ticks, o = this.ticks.length, r = n.minRotation || 0, l = n.maxRotation; let h, c, d, u = r; !this._isVisible() || !n.display || l <= r || o <= 1 || !this.isHorizontal() ? this.labelRotation = r : (e = (t = this._getLabelSizes()).widest.width, i = t.highest.height, s = C(this.chart.width - e, 0, this.maxWidth), (a.offset ? this.maxWidth / o : s / (o - 1)) < e + 6 && (h = s / (o - (a.offset ? .5 : 1)), c = this.maxHeight - Ts(a.grid) - n.padding - Ls(a.title, this.chart.options.font), d = Math.sqrt(e * e + i * i), u = ht(Math.min(Math.asin(C((t.highest.height + 6) / h, -1, 1)), Math.asin(C(c / d, -1, 1)) - Math.asin(C(i / d, -1, 1)))), u = Math.max(r, Math.min(l, u))), this.labelRotation = u) } afterCalculateLabelRotation() { d(this.options.afterCalculateLabelRotation, [this]) } afterAutoSkip() { } beforeFit() { d(this.options.beforeFit, [this]) } fit() { const t = { width: 0, height: 0 }, { chart: e, options: { ticks: i, title: s, grid: a } } = this, n = this._isVisible(), o = this.isHorizontal(); if (n) { const n = Ls(s, e.options.font); if (o ? (t.width = this.maxWidth, t.height = Ts(a) + n) : (t.height = this.maxHeight, t.width = Ts(a) + n), i.display && this.ticks.length) { const { first: e, last: s, widest: a, highest: n } = this._getLabelSizes(), r = 2 * i.padding, l = L(this.labelRotation), h = Math.cos(l), c = Math.sin(l); if (o) { const e = i.mirror ? 0 : c * a.width + h * n.height; t.height = Math.min(this.maxHeight, t.height + e + r) } else { const e = i.mirror ? 0 : h * a.width + c * n.height; t.width = Math.min(this.maxWidth, t.width + e + r) } this._calculatePadding(e, s, c, h) } } this._handleMargins(), o ? (this.width = this._length = e.width - this._margins.left - this._margins.right, this.height = t.height) : (this.width = t.width, this.height = this._length = e.height - this._margins.top - this._margins.bottom) } _calculatePadding(i, s, a, n) { const { ticks: { align: o, padding: r }, position: l } = this.options, h = 0 !== this.labelRotation, c = "top" !== l && "x" === this.axis; if (this.isHorizontal()) { const l = this.getPixelForTick(0) - this.left, d = this.right - this.getPixelForTick(this.ticks.length - 1); let t = 0, e = 0; h ? e = c ? (t = n * i.width, a * s.height) : (t = a * i.height, n * s.width) : "start" === o ? e = s.width : "end" === o ? t = i.width : "inner" !== o && (t = i.width / 2, e = s.width / 2), this.paddingLeft = Math.max((t - l + r) * this.width / (this.width - l), 0), this.paddingRight = Math.max((e - d + r) * this.width / (this.width - d), 0) } else { let t = s.height / 2, e = i.height / 2; "start" === o ? (t = 0, e = i.height) : "end" === o && (t = s.height, e = 0), this.paddingTop = t + r, this.paddingBottom = e + r } } _handleMargins() { this._margins && (this._margins.left = Math.max(this.paddingLeft, this._margins.left), this._margins.top = Math.max(this.paddingTop, this._margins.top), this._margins.right = Math.max(this.paddingRight, this._margins.right), this._margins.bottom = Math.max(this.paddingBottom, this._margins.bottom)) } afterFit() { d(this.options.afterFit, [this]) } isHorizontal() { var { axis: t, position: e } = this.options; return "top" === e || "bottom" === e || "x" === t } isFullSize() { return this.options.fullSize } _convertTicksToLabels(t) { let e, i; for (this.beforeTickToLabelConversion(), this.generateTickLabels(t), e = 0, i = t.length; e < i; e++)P(t[e].label) && (t.splice(e, 1), i--, e--); this.afterTickToLabelConversion() } _getLabelSizes() { let e = this._labelSizes; if (!e) { var i = this.options.ticks.sampleSize; let t = this.ticks; i < t.length && (t = As(t, i)), this._labelSizes = e = this._computeLabelSizes(t, t.length) } return e } _computeLabelSizes(t, e) { const { ctx: i, _longestTextCache: s } = this, a = [], n = []; let o, r, l, h, c, d, u, g, f, p, m, b = 0, x = 0; for (o = 0; o < e; ++o) { if (h = t[o].label, c = this._resolveTickFontOptions(o), i.font = d = c.string, u = s[d] = s[d] || { data: {}, gc: [] }, g = c.lineHeight, f = p = 0, P(h) || O(h)) { if (O(h)) for (r = 0, l = h.length; r < l; ++r)P(m = h[r]) || O(m) || (f = Te(i, u.data, u.gc, f, m), p += g) } else f = Te(i, u.data, u.gc, f, h), p = g; a.push(f), n.push(p), b = Math.max(f, b), x = Math.max(p, x) } _ = s, v = e, w(_, t => { const e = t.gc, i = e.length / 2; let s; if (v < i) { for (s = 0; s < i; ++s)delete t.data[e[s]]; e.splice(0, i) } }); var v, _ = a.indexOf(b), y = n.indexOf(x), M = t => ({ width: a[t] || 0, height: n[t] || 0 }); return { first: M(0), last: M(e - 1), widest: M(_), highest: M(y), widths: a, heights: n } } getLabelForValue(t) { return t } getPixelForValue(t, e) { return NaN } getValueForPixel(t) { } getPixelForTick(t) { var e = this.ticks; return t < 0 || t > e.length - 1 ? null : this.getPixelForValue(e[t].value) } getPixelForDecimal(t) { this._reversePixels && (t = 1 - t); t = this._startPixel + t * this._length; return pt(this._alignToPixels ? Ee(this.chart, t, 0) : t) } getDecimalForPixel(t) { t = (t - this._startPixel) / this._length; return this._reversePixels ? 1 - t : t } getBasePixel() { return this.getPixelForValue(this.getBaseValue()) } getBaseValue() { var { min: t, max: e } = this; return t < 0 && e < 0 ? e : 0 < t && 0 < e ? t : 0 } getContext(t) { var e = this.ticks || []; if (0 <= t && t < e.length) { const i = e[t]; return i.$context || (i.$context = Si(this.getContext(), { tick: i, index: t, type: "tick" })) } return this.$context || (this.$context = Si(this.chart.getContext(), { scale: this, type: "scale" })) } _tickSize() { var t = this.options.ticks, e = L(this.labelRotation), i = Math.abs(Math.cos(e)), e = Math.abs(Math.sin(e)), s = this._getLabelSizes(), t = t.autoSkipPadding || 0, a = s ? s.widest.width + t : 0, s = s ? s.highest.height + t : 0; return this.isHorizontal() ? a * e < s * i ? a / i : s / e : s * e < a * i ? s / i : a / e } _isVisible() { var t = this.options.display; return "auto" !== t ? !!t : 0 < this.getMatchingVisibleMetas().length } _computeGridLineItems(t) { function e(t) { return Ee(s, t, f) } const i = this.axis, s = this.chart, a = this.options, { grid: n, position: o, border: r } = a, l = n.offset, h = this.isHorizontal(), c = this.ticks.length + (l ? 1 : 0), d = Ts(n), u = [], g = r.setContext(this.getContext()), f = g.display ? g.width : 0, p = f / 2; let m, b, x, v, _, y, M, w, k, S, P, D; if ("top" === o) m = e(this.bottom), y = this.bottom - d, w = m - p, S = e(t.top) + p, D = t.bottom; else if ("bottom" === o) m = e(this.top), S = t.top, D = e(t.bottom) - p, y = m + p, w = this.top + d; else if ("left" === o) m = e(this.right), _ = this.right - d, M = m - p, k = e(t.left) + p, P = t.right; else if ("right" === o) m = e(this.left), k = t.left, P = e(t.right) - p, _ = m + p, M = this.left + d; else if ("x" === i) { if ("center" === o) m = e((t.top + t.bottom) / 2 + .5); else if (A(o)) { const t = Object.keys(o)[0], i = o[t]; m = e(this.chart.scales[t].getPixelForValue(i)) } S = t.top, D = t.bottom, y = m + p, w = y + d } else if ("y" === i) { if ("center" === o) m = e((t.left + t.right) / 2); else if (A(o)) { const t = Object.keys(o)[0], i = o[t]; m = e(this.chart.scales[t].getPixelForValue(i)) } _ = m - p, M = _ - d, k = t.left, P = t.right } var t = T(a.ticks.maxTicksLimit, c), C = Math.max(1, Math.ceil(c / t)); for (b = 0; b < c; b += C) { const t = this.getContext(b), i = n.setContext(t), a = r.setContext(t), A = i.lineWidth, o = i.color, T = a.dash || [], c = a.dashOffset, d = i.tickWidth, g = i.tickColor, f = i.tickBorderDash || [], p = i.tickBorderDashOffset; void 0 !== (x = function (t, e, i) { var s = t.ticks.length, a = Math.min(e, s - 1), n = t._startPixel, o = t._endPixel; let r, l = t.getPixelForTick(a); if (!(i && (r = 1 === s ? Math.max(l - n, o - l) : 0 === e ? (t.getPixelForTick(1) - l) / 2 : (l - t.getPixelForTick(a - 1)) / 2, (l += a < e ? r : -r) < n - 1e-6 || l > o + 1e-6))) return l }(this, b, l)) && (v = Ee(s, x, A), h ? _ = M = k = P = v : y = w = S = D = v, u.push({ tx1: _, ty1: y, tx2: M, ty2: w, x1: k, y1: S, x2: P, y2: D, width: A, color: o, borderDash: T, borderDashOffset: c, tickWidth: d, tickColor: g, tickBorderDash: f, tickBorderDashOffset: p })) } return this._ticksLength = c, this._borderValue = m, u } _computeLabelItems(s) { const a = this.axis, n = this.options, { position: o, ticks: e } = n, r = this.isHorizontal(), l = this.ticks, { align: h, crossAlign: c, padding: t, mirror: d } = e, i = Ts(n.grid), u = i + t, g = d ? -t : u, f = -L(this.labelRotation), p = []; let m, b, x, v, _, y, M, w, k, S, P, D = "middle"; if ("top" === o) _ = this.bottom - g, y = this._getXAxisLabelAlignment(); else if ("bottom" === o) _ = this.top + g, y = this._getXAxisLabelAlignment(); else if ("left" === o) { const s = this._getYAxisLabelAlignment(i); y = s.textAlign, v = s.x } else if ("right" === o) { const s = this._getYAxisLabelAlignment(i); y = s.textAlign, v = s.x } else if ("x" === a) { if ("center" === o) _ = (s.top + s.bottom) / 2 + u; else if (A(o)) { const s = Object.keys(o)[0], a = o[s]; _ = this.chart.scales[s].getPixelForValue(a) + u } y = this._getXAxisLabelAlignment() } else if ("y" === a) { if ("center" === o) v = (s.left + s.right) / 2 - u; else if (A(o)) { const s = Object.keys(o)[0], a = o[s]; v = this.chart.scales[s].getPixelForValue(a) } y = this._getYAxisLabelAlignment(i).textAlign } "y" === a && ("start" === h ? D = "top" : "end" === h && (D = "bottom")); var C = this._getLabelSizes(); for (m = 0, b = l.length; m < b; ++m) { x = l[m].label; const s = e.setContext(this.getContext(m)), a = (M = this.getPixelForTick(m) + e.labelOffset, k = (w = this._resolveTickFontOptions(m)).lineHeight, (S = O(x) ? x.length : 1) / 2), n = s.color, A = s.textStrokeColor, h = s.textStrokeWidth; let i, t = y; if (r ? (v = M, "inner" === y && (t = m === b - 1 ? this.options.reverse ? "left" : "right" : 0 === m ? this.options.reverse ? "right" : "left" : "center"), P = "top" === o ? "near" === c || 0 != f ? -S * k + k / 2 : "center" === c ? -C.highest.height / 2 - a * k + k : -C.highest.height + k / 2 : "near" === c || 0 != f ? k / 2 : "center" === c ? C.highest.height / 2 - a * k : C.highest.height - S * k, d && (P *= -1), 0 == f || s.showLabelBackdrop || (v += k / 2 * Math.sin(f))) : (_ = M, P = (1 - S) * k / 2), s.showLabelBackdrop) { const a = I(s.backdropPadding), n = C.heights[m], o = C.widths[m]; let t = P - a.top, e = 0 - a.left; switch (D) { case "middle": t -= n / 2; break; case "bottom": t -= n }switch (y) { case "center": e -= o / 2; break; case "right": e -= o }i = { left: e, top: t, width: o + a.width, height: n + a.height, color: s.backdropColor } } p.push({ label: x, font: w, textOffset: P, options: { rotation: f, color: n, strokeColor: A, strokeWidth: h, textAlign: t, textBaseline: D, translation: [v, _], backdrop: i } }) } return p } _getXAxisLabelAlignment() { var { position: t, ticks: e } = this.options; if (-L(this.labelRotation)) return "top" === t ? "left" : "right"; let i = "center"; return "start" === e.align ? i = "left" : "end" === e.align ? i = "right" : "inner" === e.align && (i = "inner"), i } _getYAxisLabelAlignment(t) { var { position: e, ticks: { crossAlign: i, mirror: s, padding: a } } = this.options, t = t + a, n = this._getLabelSizes().widest.width; let o, r; return "left" === e ? s ? (r = this.right + a, "near" === i ? o = "left" : "center" === i ? (o = "center", r += n / 2) : (o = "right", r += n)) : (r = this.right - t, "near" === i ? o = "right" : "center" === i ? (o = "center", r -= n / 2) : (o = "left", r = this.left)) : "right" === e ? s ? (r = this.left + a, "near" === i ? o = "right" : "center" === i ? (o = "center", r -= n / 2) : (o = "left", r -= n)) : (r = this.left + t, "near" === i ? o = "left" : "center" === i ? (o = "center", r += n / 2) : (o = "right", r = this.right)) : o = "right", { textAlign: o, x: r } } _computeLabelArea() { var t, e; if (!this.options.ticks.mirror) return t = this.chart, e = this.options.position, "left" === e || "right" === e ? { top: 0, left: this.left, bottom: t.height, right: this.right } : "top" === e || "bottom" === e ? { top: this.top, left: 0, bottom: this.bottom, right: t.width } : void 0 } drawBackground() { const { ctx: t, options: { backgroundColor: e }, left: i, top: s, width: a, height: n } = this; e && (t.save(), t.fillStyle = e, t.fillRect(i, s, a, n), t.restore()) } getLineWidthForValue(e) { const t = this.options.grid; if (!this._isVisible() || !t.display) return 0; var i = this.ticks.findIndex(t => t.value === e); return 0 <= i ? t.setContext(this.getContext(i)).lineWidth : 0 } drawGrid(t) { const e = this.options.grid, s = this.ctx, i = this._gridLineItems || (this._gridLineItems = this._computeGridLineItems(t)); let a, n; var o = (t, e, i) => { i.width && i.color && (s.save(), s.lineWidth = i.width, s.strokeStyle = i.color, s.setLineDash(i.borderDash || []), s.lineDashOffset = i.borderDashOffset, s.beginPath(), s.moveTo(t.x, t.y), s.lineTo(e.x, e.y), s.stroke(), s.restore()) }; if (e.display) for (a = 0, n = i.length; a < n; ++a) { const t = i[a]; e.drawOnChartArea && o({ x: t.x1, y: t.y1 }, { x: t.x2, y: t.y2 }, t), e.drawTicks && o({ x: t.tx1, y: t.ty1 }, { x: t.tx2, y: t.ty2 }, { color: t.tickColor, width: t.tickWidth, borderDash: t.tickBorderDash, borderDashOffset: t.tickBorderDashOffset }) } } drawBorder() { const { chart: a, ctx: n, options: { border: t, grid: o } } = this, r = t.setContext(this.getContext()), l = t.display ? r.width : 0; if (l) { var h = o.setContext(this.getContext(0)).lineWidth, c = this._borderValue; let t, e, i, s; this.isHorizontal() ? (t = Ee(a, this.left, l) - l / 2, e = Ee(a, this.right, h) + h / 2, i = s = c) : (i = Ee(a, this.top, l) - l / 2, s = Ee(a, this.bottom, h) + h / 2, t = e = c), n.save(), n.lineWidth = r.width, n.strokeStyle = r.color, n.beginPath(), n.moveTo(t, i), n.lineTo(e, s), n.stroke(), n.restore() } } drawLabels(t) { if (this.options.ticks.display) { const e = this.ctx, i = this._computeLabelArea(), s = (i && Ve(e, i), this.getLabelItems(t)); for (const t of s) { const i = t.options, s = t.font; He(e, t.label, 0, t.textOffset, s, i) } i && Be(e) } } drawTitle() { var { ctx: e, options: { position: i, title: s, reverse: a } } = this; if (s.display) { var n = z(s.font), o = I(s.padding), r = s.align; let t = n.lineHeight / 2; "bottom" === i || "center" === i || A(i) ? (t += o.bottom, O(s.text) && (t += n.lineHeight * (s.text.length - 1))) : t += o.top; var { titleX: o, titleY: l, maxWidth: h, rotation: c } = function (t, e, i, s) { const { top: a, left: n, bottom: o, right: r, chart: l } = t, { chartArea: h, scales: c } = l; let d, u, g, f = 0; var p = o - a, m = r - n; if (t.isHorizontal()) { if (u = E(s, n, r), A(i)) { const t = Object.keys(i)[0], s = i[t]; g = c[t].getPixelForValue(s) + p - e } else g = "center" === i ? (h.bottom + h.top) / 2 + p - e : Os(t, i, e); d = r - n } else { if (A(i)) { const t = Object.keys(i)[0], s = i[t]; u = c[t].getPixelForValue(s) - m + e } else u = "center" === i ? (h.left + h.right) / 2 - m + e : Os(t, i, e); g = E(s, o, a), f = "left" === i ? -D : D } return { titleX: u, titleY: g, maxWidth: d, rotation: f } }(this, t, i, r); He(e, s.text, 0, 0, n, { color: s.color, maxWidth: h, rotation: c, textAlign: function (t, e, i) { let s = Pt(t); return s = i && "right" !== e || !i && "right" === e ? "left" === (t = s) ? "right" : "right" === t ? "left" : t : s }(r, i, a), textBaseline: "middle", translation: [o, l] }) } } draw(t) { this._isVisible() && (this.drawBackground(), this.drawGrid(t), this.drawBorder(), this.drawTitle(), this.drawLabels(t)) } _layers() { var t = this.options, e = t.ticks && t.ticks.z || 0, i = T(t.grid && t.grid.z, -1), t = T(t.border && t.border.z, 0); return this._isVisible() && this.draw === Es.prototype.draw ? [{ z: i, draw: t => { this.drawBackground(), this.drawGrid(t), this.drawTitle() } }, { z: t, draw: () => { this.drawBorder() } }, { z: e, draw: t => { this.drawLabels(t) } }] : [{ z: e, draw: t => { this.draw(t) } }] } getMatchingVisibleMetas(t) { const e = this.chart.getSortedVisibleDatasetMetas(), i = this.axis + "AxisID", s = []; let a, n; for (a = 0, n = e.length; a < n; ++a) { const n = e[a]; n[i] !== this.id || t && n.type !== t || s.push(n) } return s } _resolveTickFontOptions(t) { return z(this.options.ticks.setContext(this.getContext(t)).font) } _maxDigits() { var t = this._resolveTickFontOptions(0).lineHeight; return (this.isHorizontal() ? this.width : this.height) / t } } class Rs { constructor(t, e, i) { this.type = t, this.scope = e, this.override = i, this.items = Object.create(null) } isForType(t) { return Object.prototype.isPrototypeOf.call(this.type.prototype, t.prototype) } register(t) { var e, i, r, l, s = Object.getPrototypeOf(t); let a; "id" in (e = s) && "defaults" in e && (a = this.register(s)); const n = this.items, o = t.id, h = this.scope + "." + o; if (o) return o in n || (n[o] = t, e = t, s = h, i = a, i = Y(Object.create(null), [i ? R.get(i) : {}, R.get(s), e.defaults]), R.set(s, i), e.defaultRoutes && (r = s, l = e.defaultRoutes, Object.keys(l).forEach(t => { const e = t.split("."), i = e.pop(), s = [r].concat(e).join("."), a = l[t].split("."), n = a.pop(), o = a.join("."); R.route(s, i, o, n) })), e.descriptors && R.describe(s, e.descriptors), this.override && R.override(t.id, t.overrides)), h; throw new Error("class does not have id: " + t) } get(t) { return this.items[t] } unregister(t) { const e = this.items, i = t.id, s = this.scope; i in e && delete e[i], s && i in R[s] && (delete R[s][i], this.override && delete ge[i]) } } var x = new class { constructor() { this.controllers = new Rs(Ds, "datasets", !0), this.elements = new Rs(e, "elements"), this.plugins = new Rs(Object, "plugins"), this.scales = new Rs(Es, "scales"), this._typedRegistries = [this.controllers, this.scales, this.elements] } add(...t) { this._each("register", t) } remove(...t) { this._each("unregister", t) } addControllers(...t) { this._each("register", t, this.controllers) } addElements(...t) { this._each("register", t, this.elements) } addPlugins(...t) { this._each("register", t, this.plugins) } addScales(...t) { this._each("register", t, this.scales) } getController(t) { return this._get(t, this.controllers, "controller") } getElement(t) { return this._get(t, this.elements, "element") } getPlugin(t) { return this._get(t, this.plugins, "plugin") } getScale(t) { return this._get(t, this.scales, "scale") } removeControllers(...t) { this._each("unregister", t, this.controllers) } removeElements(...t) { this._each("unregister", t, this.elements) } removePlugins(...t) { this._each("unregister", t, this.plugins) } removeScales(...t) { this._each("unregister", t, this.scales) } _each(i, t, s) { [...t].forEach(t => { const e = s || this._getRegistryForType(t); s || e.isForType(t) || e === this.plugins && t.id ? this._exec(i, e, t) : w(t, t => { var e = s || this._getRegistryForType(t); this._exec(i, e, t) }) }) } _exec(t, e, i) { var s = K(t); d(i["before" + s], [], i), e[t](i), d(i["after" + s], [], i) } _getRegistryForType(e) { for (let t = 0; t < this._typedRegistries.length; t++) { const i = this._typedRegistries[t]; if (i.isForType(e)) return i } return this.plugins } _get(t, e, i) { e = e.get(t); if (void 0 === e) throw new Error('"' + t + '" is not a registered ' + i + "."); return e } }; class Is { constructor() { this._init = [] } notify(t, e, i, s) { "beforeInit" === e && (this._init = this._createDescriptors(t, !0), this._notify(this._init, t, "install")); s = s ? this._descriptors(t).filter(s) : this._descriptors(t), i = this._notify(s, t, e, i); return "afterDestroy" === e && (this._notify(s, t, "stop"), this._notify(this._init, t, "uninstall")), i } _notify(t, e, i, s) { s = s || {}; for (const a of t) { const t = a.plugin; if (!1 === d(t[i], [e, s, a.options], t) && s.cancelable) return !1 } return !0 } invalidate() { P(this._cache) || (this._oldCache = this._cache, this._cache = void 0) } _descriptors(t) { if (this._cache) return this._cache; var e = this._cache = this._createDescriptors(t); return this._notifyStateChanges(t), e } _createDescriptors(t, e) { var i, s = t && t.config, a = T(s.options && s.options.plugins, {}), s = function (t) { const e = {}, i = [], s = Object.keys(x.plugins.items); for (let t = 0; t < s.length; t++)i.push(x.getPlugin(s[t])); var a = t.plugins || []; for (let t = 0; t < a.length; t++) { const s = a[t]; -1 === i.indexOf(s) && (i.push(s), e[s.id] = !0) } return { plugins: i, localIds: e } }(s); if (!1 !== a || e) { var [n, { plugins: o, localIds: r }, l, h] = [t, s, a, e]; const c = [], d = n.getContext(); for (const u of o) { const o = u.id, g = (i = l[o], h || !1 !== i ? !0 === i ? {} : i : null); null !== g && c.push({ plugin: u, options: function (t, { plugin: e, local: i }, s, a) { const n = t.pluginScopeKeys(e), o = t.getOptionScopes(s, n); return i && e.defaults && o.push(e.defaults), t.createResolver(o, a, [""], { scriptable: !1, indexable: !1, allKeys: !0 }) }(n.config, { plugin: u, local: r[o] }, g, d) }) } return c } return [] } _notifyStateChanges(t) { var e = this._oldCache || [], i = this._cache, s = (t, i) => t.filter(e => !i.some(t => e.plugin.id === t.plugin.id)); this._notify(s(e, i), t, "stop"), this._notify(s(i, e), t, "start") } } function zs(t, e) { var i = R.datasets[t] || {}; return ((e.datasets || {})[t] || {}).indexAxis || e.indexAxis || i.indexAxis || "x" } function Fs(t, e) { if ("x" === t || "y" === t || "r" === t) return t; var i; if (t = e.axis || ("top" === (i = e.position) || "bottom" === i ? "x" : "left" === i || "right" === i ? "y" : void 0) || 1 < t.length && Fs(t[0].toLowerCase(), e)) return t; throw new Error(`Cannot determine type of '${name}' axis. Please provide 'axis' or 'position' option.`) } function Vs(t) { const e = t.options || (t.options = {}); e.plugins = T(e.plugins, {}), e.scales = function (e, i) { const n = ge[e.type] || { scales: {} }, o = i.scales || {}, r = zs(e.type, i), l = Object.create(null); return Object.keys(o).forEach(t => { var e = o[t]; if (!A(e)) return console.error("Invalid scale configuration for scale: " + t); if (e._proxy) return console.warn("Ignoring resolver passed as options for scale: " + t); const i = Fs(t, e), s = i === r ? "_index_" : "_value_", a = n.scales || {}; l[t] = $(Object.create(null), [{ axis: i }, e, a[i], a[s]]) }), e.data.datasets.forEach(s => { const t = s.type || e.type, a = s.indexAxis || zs(t, i), n = (ge[t] || {}).scales || {}; Object.keys(n).forEach(t => { var e = function (t, e) { let i = t; return "_index_" === t ? i = e : "_value_" === t && (i = "x" === e ? "y" : "x"), i }(t, a), i = s[e + "AxisID"] || e; l[i] = l[i] || Object.create(null), $(l[i], [{ axis: e }, o[i], n[t]]) }) }), Object.keys(l).forEach(t => { t = l[t]; $(t, [R.scales[t.type], R.scale]) }), l }(t, e) } function Bs(t) { return (t = t || {}).datasets = t.datasets || [], t.labels = t.labels || [], t } const Ns = new Map, Ws = new Set; function Hs(t, e) { let i = Ns.get(t); return i || (i = e(), Ns.set(t, i), Ws.add(i)), i } const js = (t, e, i) => { e = m(e, i); void 0 !== e && t.add(e) }; class Ys { constructor(t) { this._config = ((t = (t = t) || {}).data = Bs(t.data), Vs(t), t), this._scopeCache = new Map, this._resolverCache = new Map } get platform() { return this._config.platform } get type() { return this._config.type } set type(t) { this._config.type = t } get data() { return this._config.data } set data(t) { this._config.data = Bs(t) } get options() { return this._config.options } set options(t) { this._config.options = t } get plugins() { return this._config.plugins } update() { var t = this._config; this.clearCache(), Vs(t) } clearCache() { this._scopeCache.clear(), this._resolverCache.clear() } datasetScopeKeys(t) { return Hs(t, () => [["datasets." + t, ""]]) } datasetAnimationScopeKeys(t, e) { return Hs(t + ".transition." + e, () => [[`datasets.${t}.transitions.` + e, "transitions." + e], ["datasets." + t, ""]]) } datasetElementScopeKeys(t, e) { return Hs(t + "-" + e, () => [[`datasets.${t}.elements.` + e, "datasets." + t, "elements." + e, ""]]) } pluginScopeKeys(t) { const e = t.id; return Hs(this.type + "-plugin-" + e, () => [["plugins." + e, ...t.additionalOptionScopes || []]]) } _cachedScopes(t, e) { const i = this._scopeCache; let s = i.get(t); return s && !e || (s = new Map, i.set(t, s)), s } getOptionScopes(e, t, i) { const { options: s, type: a } = this, n = this._cachedScopes(e, i), o = n.get(t); if (o) return o; const r = new Set, l = (t.forEach(t => { e && (r.add(e), t.forEach(t => js(r, e, t))), t.forEach(t => js(r, s, t)), t.forEach(t => js(r, ge[a] || {}, t)), t.forEach(t => js(r, R, t)), t.forEach(t => js(r, fe, t)) }), Array.from(r)); return 0 === l.length && l.push(Object.create(null)), Ws.has(t) && n.set(t, l), l } chartOptionScopes() { var { options: t, type: e } = this; return [t, ge[e] || {}, R.datasets[e] || {}, { type: e }, R, fe] } resolveNamedOptions(t, e, i, s = [""]) { const a = { $shared: !0 }, { resolver: n, subPrefixes: o } = $s(this._resolverCache, t, s); let r = n; !function (t, e) { const { isScriptable: i, isIndexable: s } = Ue(t); for (const a of e) { const e = i(a), n = s(a), o = (n || e) && t[a]; if (e && (u(o) || Us(o)) || n && O(o)) return 1 } }(n, e) || (a.$shared = !1, r = $e(n, i = u(i) ? i() : i, this.createResolver(t, i, o))); for (const t of e) a[t] = r[t]; return a } createResolver(t, e, i = [""], s) { t = $s(this._resolverCache, t, i).resolver; return A(e) ? $e(t, e, void 0, s) : t } } function $s(t, e, i) { let s = t.get(e); s || (s = new Map, t.set(e, s)); t = i.join(); let a = s.get(t); return a || (a = { resolver: Ye(e, i), subPrefixes: i.filter(t => !t.toLowerCase().includes("hover")) }, s.set(t, a)), a } const Us = i => A(i) && Object.getOwnPropertyNames(i).reduce((t, e) => t || u(i[e]), !1), Xs = ["top", "bottom", "left", "right", "chartArea"]; function qs(t, e) { return "top" === t || "bottom" === t || -1 === Xs.indexOf(t) && "x" === e } function Ks(i, s) { return function (t, e) { return t[i] === e[i] ? t[s] - e[s] : t[i] - e[i] } } function Gs(t) { const e = t.chart, i = e.options.animation; e.notifyPlugins("afterRender"), d(i && i.onComplete, [t], e) } function Zs(t) { var e = t.chart, i = e.options.animation; d(i && i.onProgress, [t], e) } function Js(t) { return be() && "string" == typeof t ? t = document.getElementById(t) : t && t.length && (t = t[0]), t = t && t.canvas ? t.canvas : t } const Qs = {}, ta = t => { const e = Js(t); return Object.values(Qs).filter(t => t.canvas === e).pop() }; class i { static defaults = R; static instances = Qs; static overrides = ge; static registry = x; static version = "4.1.1"; static getChart = ta; static register(...t) { x.add(...t), ea() } static unregister(...t) { x.remove(...t), ea() } constructor(t, e) { const i = this.config = new Ys(e), s = Js(t), a = ta(s); if (a) throw new Error("Canvas is already in use. Chart with ID '" + a.id + "' must be destroyed before the canvas with ID '" + a.canvas.id + "' can be reused."); var e = i.createResolver(i.chartOptionScopes(), this.getContext()), t = (this.platform = new (i.platform || us(s)), this.platform.updateConfig(i), this.platform.acquireContext(s, e.aspectRatio)), n = t && t.canvas, o = n && n.height, r = n && n.width; this.id = F(), this.ctx = t, this.canvas = n, this.width = r, this.height = o, this._options = e, this._aspectRatio = this.aspectRatio, this._layers = [], this._metasets = [], this._stacks = void 0, this.boxes = [], this.currentDevicePixelRatio = void 0, this.chartArea = void 0, this._active = [], this._lastEvent = void 0, this._listeners = {}, this._responsiveListeners = void 0, this._sortedMetasets = [], this.scales = {}, this._plugins = new Is, this.$proxies = {}, this._hiddenIndices = {}, this.attached = !1, this._animationsDisabled = void 0, this.$context = void 0, this._doResize = St(t => this.update(t), e.resizeDelay || 0), this._dataChanges = [], Qs[this.id] = this, t && n ? (l.listen(this, "complete", Gs), l.listen(this, "progress", Zs), this._initialize(), this.attached && this.update()) : console.error("Failed to create chart: can't acquire context from the given item") } get aspectRatio() { var { options: { aspectRatio: t, maintainAspectRatio: e }, width: i, height: s, _aspectRatio: a } = this; return P(t) ? e && a ? a : s ? i / s : null : t } get data() { return this.config.data } set data(t) { this.config.data = t } get options() { return this._options } set options(t) { this.config.options = t } get registry() { return x } _initialize() { return this.notifyPlugins("beforeInit"), this.options.responsive ? this.resize() : De(this, this.options.devicePixelRatio), this.bindEvents(), this.notifyPlugins("afterInit"), this } clear() { return Re(this.canvas, this.ctx), this } stop() { return l.stop(this), this } resize(t, e) { l.running(this) ? this._resizeBeforeDraw = { width: t, height: e } : this._resize(t, e) } _resize(t, e) { var i = this.options, s = this.canvas, a = i.maintainAspectRatio && this.aspectRatio, s = this.platform.getMaximumSize(s, t, e, a), t = i.devicePixelRatio || this.platform.getDevicePixelRatio(), e = this.width ? "resize" : "attach"; this.width = s.width, this.height = s.height, this._aspectRatio = this.aspectRatio, De(this, t, !0) && (this.notifyPlugins("resize", { size: s }), d(i.onResize, [this, s], this), this.attached && this._doResize(e) && this.render()) } ensureScalesHaveIDs() { w(this.options.scales || {}, (t, e) => { t.id = e }) } buildOrUpdateScales() { const o = this.options, s = o.scales, r = this.scales, l = Object.keys(r).reduce((t, e) => (t[e] = !1, t), {}); let t = []; w(t = s ? t.concat(Object.keys(s).map(t => { var e = s[t], t = Fs(t, e), i = "r" === t, t = "x" === t; return { options: e, dposition: i ? "chartArea" : t ? "bottom" : "left", dtype: i ? "radialLinear" : t ? "category" : "linear" } })) : t, t => { const e = t.options, i = e.id, s = Fs(i, e), a = T(e.type, t.dtype); void 0 !== e.position && qs(e.position, s) === qs(t.dposition) || (e.position = t.dposition), l[i] = !0; let n = null; i in r && r[i].type === a ? n = r[i] : (n = new (x.getScale(a))({ id: i, type: a, ctx: this.ctx, chart: this }), r[n.id] = n), n.init(e, o) }), w(l, (t, e) => { t || delete r[e] }), w(r, t => { a.configure(this, t, t.options), a.addBox(this, t) }) } _updateMetasets() { const t = this._metasets, e = this.data.datasets.length, i = t.length; if (t.sort((t, e) => t.index - e.index), e < i) { for (let t = e; t < i; ++t)this._destroyDatasetMeta(t); t.splice(e, i - e) } this._sortedMetasets = t.slice(0).sort(Ks("order", "index")) } _removeUnreferencedMetasets() { const { _metasets: t, data: { datasets: i } } = this; t.length > i.length && delete this._stacks, t.forEach((e, t) => { 0 === i.filter(t => t === e._dataset).length && this._destroyDatasetMeta(t) }) } buildOrUpdateControllers() { const e = [], i = this.data.datasets; let s, a; for (this._removeUnreferencedMetasets(), s = 0, a = i.length; s < a; s++) { const a = i[s]; let t = this.getDatasetMeta(s); var n = a.type || this.config.type; if (t.type && t.type !== n && (this._destroyDatasetMeta(s), t = this.getDatasetMeta(s)), t.type = n, t.indexAxis = a.indexAxis || zs(n, this.options), t.order = a.order || 0, t.index = s, t.label = "" + a.label, t.visible = this.isDatasetVisible(s), t.controller) t.controller.updateIndex(s), t.controller.linkScales(); else { const i = x.getController(n), { datasetElementType: a, dataElementType: o } = R.datasets[n]; Object.assign(i, { dataElementType: x.getElement(o), datasetElementType: a && x.getElement(a) }), t.controller = new i(this, s), e.push(t.controller) } } return this._updateMetasets(), e } _resetElements() { w(this.data.datasets, (t, e) => { this.getDatasetMeta(e).controller.reset() }, this) } reset() { this._resetElements(), this.notifyPlugins("reset") } update(t) { const s = this.config, a = (s.update(), this._options = s.createResolver(s.chartOptionScopes(), this.getContext())), n = this._animationsDisabled = !a.animation; if (this._updateScales(), this._checkEventBindings(), this._updateHiddenIndices(), this._plugins.invalidate(), !1 !== this.notifyPlugins("beforeUpdate", { mode: t, cancelable: !0 })) { const o = this.buildOrUpdateControllers(); this.notifyPlugins("beforeElementsUpdate"); let i = 0; for (let t = 0, e = this.data.datasets.length; t < e; t++) { const s = this.getDatasetMeta(t)["controller"], a = !n && -1 === o.indexOf(s); s.buildOrUpdateElements(a), i = Math.max(+s.getMaxOverflow(), i) } i = this._minPadding = a.layout.autoPadding ? i : 0, this._updateLayout(i), n || w(o, t => { t.reset() }), this._updateDatasets(t), this.notifyPlugins("afterUpdate", { mode: t }), this._layers.sort(Ks("z", "_idx")); var { _active: t, _lastEvent: e } = this; e ? this._eventHandler(e, !0) : t.length && this._updateHoverStyles(t, t, !0), this.render() } } _updateScales() { w(this.scales, t => { a.removeBox(this, t) }), this.ensureScalesHaveIDs(), this.buildOrUpdateScales() } _checkEventBindings() { var t = this.options, e = new Set(Object.keys(this._listeners)), i = new Set(t.events); G(e, i) && !!this._responsiveListeners === t.responsive || (this.unbindEvents(), this.bindEvents()) } _updateHiddenIndices() { var t, e, i, s, a = this["_hiddenIndices"]; for ({ method: t, start: e, count: i } of this._getUniformDataChanges() || []) { n = void 0; o = void 0; r = void 0; s = void 0; var n = a; var o = e; var r = "_removeElements" === t ? -i : i; const l = Object.keys(n); for (const h of l) { const l = +h; l >= o && (s = n[h], delete n[h], (0 < r || l > o) && (n[l + r] = s)) } } } _getUniformDataChanges() { const t = this._dataChanges; if (t && t.length) { this._dataChanges = []; var e = this.data.datasets.length, i = e => new Set(t.filter(t => t[0] === e).map((t, e) => e + "," + t.splice(1).join(","))), s = i(0); for (let t = 1; t < e; t++)if (!G(s, i(t))) return; return Array.from(s).map(t => t.split(",")).map(t => ({ method: t[1], start: +t[2], count: +t[3] })) } } _updateLayout(t) { if (!1 !== this.notifyPlugins("beforeLayout", { cancelable: !0 })) { a.update(this, this.width, this.height, t); const e = this.chartArea, i = e.width <= 0 || e.height <= 0; this._layers = [], w(this.boxes, t => { i && "chartArea" === t.position || (t.configure && t.configure(), this._layers.push(...t._layers())) }, this), this._layers.forEach((t, e) => { t._idx = e }), this.notifyPlugins("afterLayout") } } _updateDatasets(i) { if (!1 !== this.notifyPlugins("beforeDatasetsUpdate", { mode: i, cancelable: !0 })) { for (let t = 0, e = this.data.datasets.length; t < e; ++t)this.getDatasetMeta(t).controller.configure(); for (let t = 0, e = this.data.datasets.length; t < e; ++t)this._updateDataset(t, u(i) ? i({ datasetIndex: t }) : i); this.notifyPlugins("afterDatasetsUpdate", { mode: i }) } } _updateDataset(t, e) { const i = this.getDatasetMeta(t), s = { meta: i, index: t, mode: e, cancelable: !0 }; !1 !== this.notifyPlugins("beforeDatasetUpdate", s) && (i.controller._update(e), s.cancelable = !1, this.notifyPlugins("afterDatasetUpdate", s)) } render() { !1 !== this.notifyPlugins("beforeRender", { cancelable: !0 }) && (l.has(this) ? this.attached && !l.running(this) && l.start(this) : (this.draw(), Gs({ chart: this }))) } draw() { let t; if (this._resizeBeforeDraw) { const { width: t, height: e } = this._resizeBeforeDraw; this._resize(t, e), this._resizeBeforeDraw = null } if (this.clear(), !(this.width <= 0 || this.height <= 0) && !1 !== this.notifyPlugins("beforeDraw", { cancelable: !0 })) { const e = this._layers; for (t = 0; t < e.length && e[t].z <= 0; ++t)e[t].draw(this.chartArea); for (this._drawDatasets(); t < e.length; ++t)e[t].draw(this.chartArea); this.notifyPlugins("afterDraw") } } _getSortedDatasetMetas(t) { const e = this._sortedMetasets, i = []; let s, a; for (s = 0, a = e.length; s < a; ++s) { const a = e[s]; t && !a.visible || i.push(a) } return i } getSortedVisibleDatasetMetas() { return this._getSortedDatasetMetas(!0) } _drawDatasets() { if (!1 !== this.notifyPlugins("beforeDatasetsDraw", { cancelable: !0 })) { var e = this.getSortedVisibleDatasetMetas(); for (let t = e.length - 1; 0 <= t; --t)this._drawDataset(e[t]); this.notifyPlugins("afterDatasetsDraw") } } _drawDataset(i) { const t = this.ctx, e = i._clip, s = !e.disabled, a = function () { var { xScale: t, yScale: e } = i; if (t && e) return { left: t.left, right: t.right, top: e.top, bottom: e.bottom } }() || this.chartArea, n = { meta: i, index: i.index, cancelable: !0 }; !1 !== this.notifyPlugins("beforeDatasetDraw", n) && (s && Ve(t, { left: !1 === e.left ? 0 : a.left - e.left, right: !1 === e.right ? this.width : a.right + e.right, top: !1 === e.top ? 0 : a.top - e.top, bottom: !1 === e.bottom ? this.height : a.bottom + e.bottom }), i.controller.draw(), s && Be(t), n.cancelable = !1, this.notifyPlugins("afterDatasetDraw", n)) } isPointInArea(t) { return Fe(t, this.chartArea, this._minPadding) } getElementsAtEventForMode(t, e, i, s) { const a = Wi.modes[e]; return "function" == typeof a ? a(this, t, i, s) : [] } getDatasetMeta(t) { const e = this.data.datasets[t], i = this._metasets; let s = i.filter(t => t && t._dataset === e).pop(); return s || (s = { type: null, data: [], dataset: null, controller: null, hidden: null, xAxisID: null, yAxisID: null, order: e && e.order || 0, index: t, _dataset: e, _parsed: [], _sorted: !1 }, i.push(s)), s } getContext() { return this.$context || (this.$context = Si(null, { chart: this, type: "chart" })) } getVisibleDatasetCount() { return this.getSortedVisibleDatasetMetas().length } isDatasetVisible(t) { var e = this.data.datasets[t]; if (!e) return !1; t = this.getDatasetMeta(t); return "boolean" == typeof t.hidden ? !t.hidden : !e.hidden } setDatasetVisibility(t, e) { this.getDatasetMeta(t).hidden = !e } toggleDataVisibility(t) { this._hiddenIndices[t] = !this._hiddenIndices[t] } getDataVisibility(t) { return !this._hiddenIndices[t] } _updateVisibility(e, t, i) { const s = i ? "show" : "hide", a = this.getDatasetMeta(e), n = a.controller._resolveAnimations(void 0, s); f(t) ? (a.data[t].hidden = !i, this.update()) : (this.setDatasetVisibility(e, i), n.update(a, { visible: i }), this.update(t => t.datasetIndex === e ? s : void 0)) } hide(t, e) { this._updateVisibility(t, e, !1) } show(t, e) { this._updateVisibility(t, e, !0) } _destroyDatasetMeta(t) { const e = this._metasets[t]; e && e.controller && e.controller._destroy(), delete this._metasets[t] } _stop() { let t, e; for (this.stop(), l.remove(this), t = 0, e = this.data.datasets.length; t < e; ++t)this._destroyDatasetMeta(t) } destroy() { this.notifyPlugins("beforeDestroy"); var { canvas: t, ctx: e } = this; this._stop(), this.config.clearCache(), t && (this.unbindEvents(), Re(t, e), this.platform.releaseContext(e), this.canvas = null, this.ctx = null), delete Qs[this.id], this.notifyPlugins("afterDestroy") } toBase64Image(...t) { return this.canvas.toDataURL(...t) } bindEvents() { this.bindUserEvents(), this.options.responsive ? this.bindResponsiveEvents() : this.attached = !0 } bindUserEvents() { const i = this._listeners, s = this.platform, e = (t, e) => { s.addEventListener(this, t, e), i[t] = e }, a = (t, e, i) => { t.offsetX = e, t.offsetY = i, this._eventHandler(t) }; w(this.options.events, t => e(t, a)) } bindResponsiveEvents() { this._responsiveListeners || (this._responsiveListeners = {}); const i = this._responsiveListeners, s = this.platform, t = (t, e) => { s.addEventListener(this, t, e), i[t] = e }, e = (t, e) => { i[t] && (s.removeEventListener(this, t, e), delete i[t]) }, a = (t, e) => { this.canvas && this.resize(t, e) }; let n; const o = () => { e("attach", o), this.attached = !0, this.resize(), t("resize", a), t("detach", n) }; n = () => { this.attached = !1, e("resize", a), this._stop(), this._resize(0, 0), t("attach", o) }, (s.isAttached(this.canvas) ? o : n)() } unbindEvents() { w(this._listeners, (t, e) => { this.platform.removeEventListener(this, e, t) }), this._listeners = {}, w(this._responsiveListeners, (t, e) => { this.platform.removeEventListener(this, e, t) }), this._responsiveListeners = void 0 } updateHoverStyle(t, e, i) { var s = i ? "set" : "remove"; let a, n, o, r; for ("dataset" === e && (a = this.getDatasetMeta(t[0].datasetIndex)).controller["_" + s + "DatasetHoverStyle"](), o = 0, r = t.length; o < r; ++o) { const e = (n = t[o]) && this.getDatasetMeta(n.datasetIndex).controller; e && e[s + "HoverStyle"](n.element, n.datasetIndex, n.index) } } getActiveElements() { return this._active || [] } setActiveElements(t) { var e = this._active || [], t = t.map(({ datasetIndex: t, index: e }) => { var i = this.getDatasetMeta(t); if (i) return { datasetIndex: t, element: i.data[e], index: e }; throw new Error("No dataset found at index " + t) }); N(t, e) || (this._active = t, this._lastEvent = null, this._updateHoverStyles(t, e)) } notifyPlugins(t, e, i) { return this._plugins.notify(this, t, e, i) } isPluginEnabled(e) { return 1 === this._plugins._cache.filter(t => t.plugin.id === e).length } _updateHoverStyles(t, e, i) { var s = this.options.hover, a = (t, i) => t.filter(e => !i.some(t => e.datasetIndex === t.datasetIndex && e.index === t.index)), n = a(e, t), i = i ? t : a(t, e); n.length && this.updateHoverStyle(n, s.mode, !1), i.length && s.mode && this.updateHoverStyle(i, s.mode, !0) } _eventHandler(e, t) { const i = { event: e, replay: t, cancelable: !0, inChartArea: this.isPointInArea(e) }, s = t => (t.options.events || this.options.events).includes(e.native.type); if (!1 !== this.notifyPlugins("beforeEvent", i, s)) return t = this._handleEvent(e, t, i.inChartArea), i.cancelable = !1, this.notifyPlugins("afterEvent", i, s), (t || i.changed) && this.render(), this } _handleEvent(t, e, i) { const { _active: s = [], options: a } = this, n = e, o = this._getActiveElements(t, s, i, n), r = Z(t), l = (h = t, c = this._lastEvent, i && "mouseout" !== h.type ? r ? c : h : null); i && (this._lastEvent = null, d(a.onHover, [t, o, this], this), r && d(a.onClick, [t, o, this], this)); var h, c = !N(o, s); return (c || e) && (this._active = o, this._updateHoverStyles(o, s, e)), this._lastEvent = l, c } _getActiveElements(t, e, i, s) { if ("mouseout" === t.type) return []; if (!i) return e; i = this.options.hover; return this.getElementsAtEventForMode(t, i.mode, i, s) } } function ea() { w(i.instances, t => t._plugins.invalidate()) } function ia() { throw new Error("This method is not implemented: Check that a complete date adapter is provided.") } var sa = { _date: class Wn { static override(t) { Object.assign(Wn.prototype, t) } constructor(t) { this.options = t || {} } init() { } formats() { return ia() } parse() { return ia() } format() { return ia() } add() { return ia() } diff() { return ia() } startOf() { return ia() } endOf() { return ia() } } }; function aa(i, s, a, n) { if (O(i)) { var o = i, r = s, l = a, h = n, c = l.parse(o[0], h), o = l.parse(o[1], h), h = Math.min(c, o), d = Math.max(c, o); let t = h, e = d; Math.abs(h) > Math.abs(d) && (t = d, e = h), r[l.axis] = e, r._custom = { barStart: t, barEnd: e, start: c, end: o, min: h, max: d } } else s[a.axis] = a.parse(i, n); return s } function na(t, e, i, s) { const a = t.iScale, n = t.vScale, o = a.getLabels(), r = a === n, l = []; let h, c, d, u; for (c = (h = i) + s; h < c; ++h)u = e[h], (d = {})[a.axis] = r || a.parse(o[h], h), l.push(aa(u, d, n, h)); return l } function oa(t) { return t && void 0 !== t.barStart && void 0 !== t.barEnd } function ra(t, e, i, s) { return t = s ? la(t = t === e ? i : t === i ? e : t, i, e) : la(t, e, i) } function la(t, e, i) { return "start" === t ? e : "end" === t ? i : t } class ha extends Ds { static id = "doughnut"; static defaults = { datasetElementType: !1, dataElementType: "arc", animation: { animateRotate: !0, animateScale: !1 }, animations: { numbers: { type: "number", properties: ["circumference", "endAngle", "innerRadius", "outerRadius", "startAngle", "x", "y", "offset", "borderWidth", "spacing"] } }, cutout: "50%", rotation: 0, circumference: 360, radius: "100%", spacing: 0, indexAxis: "r" }; static descriptors = { _scriptable: t => "spacing" !== t, _indexable: t => "spacing" !== t }; static overrides = { aspectRatio: 1, plugins: { legend: { labels: { generateLabels(s) { const t = s.data; if (t.labels.length && t.datasets.length) { const { pointStyle: a, color: n } = s.legend.options["labels"]; return t.labels.map((t, e) => { var i = s.getDatasetMeta(0).controller.getStyle(e); return { text: t, fillStyle: i.backgroundColor, strokeStyle: i.borderColor, fontColor: n, lineWidth: i.borderWidth, pointStyle: a, hidden: !s.getDataVisibility(e), index: e } }) } return [] } }, onClick(t, e, i) { i.chart.toggleDataVisibility(e.index), i.chart.update() } } } }; constructor(t, e) { super(t, e), this.enableOptionSharing = !0, this.innerRadius = void 0, this.outerRadius = void 0, this.offsetX = void 0, this.offsetY = void 0 } linkScales() { } parse(s, a) { const n = this.getDataset().data, o = this._cachedMeta; if (!1 === this._parsing) o._parsed = n; else { let t, e, i = t => +n[t]; if (A(n[s])) { const { key: s = "value" } = this._parsing; i = t => +m(n[t], s) } for (e = (t = s) + a; t < e; ++t)o._parsed[t] = i(t) } } _getRotation() { return L(this.options.rotation - 90) } _getCircumference() { return L(this.options.circumference) } _getRotationExtents() { let e = _, i = -_; for (let t = 0; t < this.chart.data.datasets.length; ++t)if (this.chart.isDatasetVisible(t) && this.chart.getDatasetMeta(t).type === this._type) { const s = this.chart.getDatasetMeta(t).controller, a = s._getRotation(), n = s._getCircumference(); e = Math.min(e, a), i = Math.max(i, a + n) } return { rotation: e, circumference: i - e } } update(t) { const e = this.chart, i = e["chartArea"], s = this._cachedMeta, a = s.data, n = this.getMaxBorderWidth() + this.getMaxOffset(a) + this.options.spacing, o = Math.max((Math.min(i.width, i.height) - n) / 2, 0), r = Math.min(V(this.options.cutout, o), 1), l = this._getRingWeight(this.index), { circumference: h, rotation: c } = this._getRotationExtents(), { ratioX: d, ratioY: u, offsetX: g, offsetY: f } = function (t, e, s) { let i = 1, a = 1, n = 0, o = 0; if (e < _) { const r = t, l = r + e, h = Math.cos(r), c = Math.sin(r), d = Math.cos(l), u = Math.sin(l), g = (t, e, i) => ft(t, r, l, !0) ? 1 : Math.max(e, e * s, i, i * s), f = (t, e, i) => ft(t, r, l, !0) ? -1 : Math.min(e, e * s, i, i * s), p = g(0, h, d), m = g(D, c, u), b = f(S, h, d), x = f(S + D, c, u); i = (p - b) / 2, a = (m - x) / 2, n = -(p + b) / 2, o = -(m + x) / 2 } return { ratioX: i, ratioY: a, offsetX: n, offsetY: o } }(c, h, r), p = (i.width - n) / d, m = (i.height - n) / u, b = Math.max(Math.min(p, m) / 2, 0), x = B(this.options.radius, b), v = (x - Math.max(x * r, 0)) / this._getVisibleDatasetWeightTotal(); this.offsetX = g * x, this.offsetY = f * x, s.total = this.calculateTotal(), this.outerRadius = x - v * this._getRingWeightOffset(this.index), this.innerRadius = Math.max(this.outerRadius - v * l, 0), this.updateElements(a, 0, a.length, t) } _circumference(t, e) { var i = this.options, s = this._cachedMeta, a = this._getCircumference(); return e && i.animation.animateRotate || !this.chart.getDataVisibility(t) || null === s._parsed[t] || s.data[t].hidden ? 0 : this.calculateCircumference(s._parsed[t] * a / _) } updateElements(t, e, i, s) { const a = "reset" === s, n = this.chart, o = n.chartArea, r = n.options.animation, l = (o.left + o.right) / 2, h = (o.top + o.bottom) / 2, c = a && r.animateScale, d = c ? 0 : this.innerRadius, u = c ? 0 : this.outerRadius, { sharedOptions: g, includeOptions: f } = this._getSharedOptions(e, s); let p, m = this._getRotation(); for (p = 0; p < e; ++p)m += this._circumference(p, a); for (p = e; p < e + i; ++p) { const e = this._circumference(p, a), i = t[p], n = { x: l + this.offsetX, y: h + this.offsetY, startAngle: m, endAngle: m + e, circumference: e, outerRadius: u, innerRadius: d }; f && (n.options = g || this.resolveDataElementOptions(p, i.active ? "active" : s)), m += e, this.updateElement(i, p, n, s) } } calculateTotal() { var t = this._cachedMeta, e = t.data; let i, s = 0; for (i = 0; i < e.length; i++) { var a = t._parsed[i]; null === a || isNaN(a) || !this.chart.getDataVisibility(i) || e[i].hidden || (s += Math.abs(a)) } return s } calculateCircumference(t) { var e = this._cachedMeta.total; return 0 < e && !isNaN(t) ? _ * (Math.abs(t) / e) : 0 } getLabelAndValue(t) { var e = this._cachedMeta, i = this.chart, s = i.data.labels || [], e = ce(e._parsed[t], i.options.locale); return { label: s[t] || "", value: e } } getMaxBorderWidth(t) { let e = 0; const i = this.chart; let s, a, n, o, r; if (!t) for (s = 0, a = i.data.datasets.length; s < a; ++s)if (i.isDatasetVisible(s)) { t = (n = i.getDatasetMeta(s)).data, o = n.controller; break } if (!t) return 0; for (s = 0, a = t.length; s < a; ++s)"inner" !== (r = o.resolveDataElementOptions(s)).borderAlign && (e = Math.max(e, r.borderWidth || 0, r.hoverBorderWidth || 0)); return e } getMaxOffset(i) { let s = 0; for (let t = 0, e = i.length; t < e; ++t) { const i = this.resolveDataElementOptions(t); s = Math.max(s, i.offset || 0, i.hoverOffset || 0) } return s } _getRingWeightOffset(e) { let i = 0; for (let t = 0; t < e; ++t)this.chart.isDatasetVisible(t) && (i += this._getRingWeight(t)); return i } _getRingWeight(t) { return Math.max(T(this.chart.data.datasets[t].weight, 1), 0) } _getVisibleDatasetWeightTotal() { return this._getRingWeightOffset(this.chart.data.datasets.length) || 1 } } class ca extends Ds { static id = "polarArea"; static defaults = { dataElementType: "arc", animation: { animateRotate: !0, animateScale: !0 }, animations: { numbers: { type: "number", properties: ["x", "y", "startAngle", "endAngle", "innerRadius", "outerRadius"] } }, indexAxis: "r", startAngle: 0 }; static overrides = { aspectRatio: 1, plugins: { legend: { labels: { generateLabels(s) { const t = s.data; if (t.labels.length && t.datasets.length) { const { pointStyle: a, color: n } = s.legend.options["labels"]; return t.labels.map((t, e) => { var i = s.getDatasetMeta(0).controller.getStyle(e); return { text: t, fillStyle: i.backgroundColor, strokeStyle: i.borderColor, fontColor: n, lineWidth: i.borderWidth, pointStyle: a, hidden: !s.getDataVisibility(e), index: e } }) } return [] } }, onClick(t, e, i) { i.chart.toggleDataVisibility(e.index), i.chart.update() } } }, scales: { r: { type: "radialLinear", angleLines: { display: !1 }, beginAtZero: !0, grid: { circular: !0 }, pointLabels: { display: !1 }, startAngle: 0 } } }; constructor(t, e) { super(t, e), this.innerRadius = void 0, this.outerRadius = void 0 } getLabelAndValue(t) { var e = this._cachedMeta, i = this.chart, s = i.data.labels || [], e = ce(e._parsed[t].r, i.options.locale); return { label: s[t] || "", value: e } } parseObjectData(t, e, i, s) { return ii.bind(this)(t, e, i, s) } update(t) { var e = this._cachedMeta.data; this._updateRadius(), this.updateElements(e, 0, e.length, t) } getMinMax() { const t = this._cachedMeta, s = { min: Number.POSITIVE_INFINITY, max: Number.NEGATIVE_INFINITY }; return t.data.forEach((t, e) => { var i = this.getParsed(e).r; !isNaN(i) && this.chart.getDataVisibility(e) && (i < s.min && (s.min = i), i > s.max && (s.max = i)) }), s } _updateRadius() { const t = this.chart, e = t.chartArea, i = t.options, s = Math.min(e.right - e.left, e.bottom - e.top), a = Math.max(s / 2, 0), n = (a - Math.max(i.cutoutPercentage ? a / 100 * i.cutoutPercentage : 1, 0)) / t.getVisibleDatasetCount(); this.outerRadius = a - n * this.index, this.innerRadius = this.outerRadius - n } updateElements(s, a, t, n) { const o = "reset" === n, r = this.chart, l = r.options.animation, h = this._cachedMeta.rScale, c = h.xCenter, d = h.yCenter, u = h.getIndexAngle(0) - .5 * S; let g, f = u; var p = 360 / this.countVisibleElements(); for (g = 0; g < a; ++g)f += this._computeAngle(g, n, p); for (g = a; g < a + t; g++) { const a = s[g]; let t = f, e = f + this._computeAngle(g, n, p), i = r.getDataVisibility(g) ? h.getDistanceFromCenterForValue(this.getParsed(g).r) : 0; f = e, o && (l.animateScale && (i = 0), l.animateRotate && (t = e = u)); var m = { x: c, y: d, innerRadius: 0, outerRadius: i, startAngle: t, endAngle: e, options: this.resolveDataElementOptions(g, a.active ? "active" : n) }; this.updateElement(a, g, m, n) } } countVisibleElements() { const t = this._cachedMeta; let i = 0; return t.data.forEach((t, e) => { !isNaN(this.getParsed(e).r) && this.chart.getDataVisibility(e) && i++ }), i } _computeAngle(t, e, i) { return this.chart.getDataVisibility(t) ? L(this.resolveDataElementOptions(t, e).angle || i) : 0 } } var da = Object.freeze({ __proto__: null, BarController: class extends Ds { static id = "bar"; static defaults = { datasetElementType: !1, dataElementType: "bar", categoryPercentage: .8, barPercentage: .9, grouped: !0, animations: { numbers: { type: "number", properties: ["x", "y", "base", "width", "height"] } } }; static overrides = { scales: { _index_: { type: "category", offset: !0, grid: { offset: !0 } }, _value_: { type: "linear", beginAtZero: !0 } } }; parsePrimitiveData(t, e, i, s) { return na(t, e, i, s) } parseArrayData(t, e, i, s) { return na(t, e, i, s) } parseObjectData(t, e, i, s) { const { iScale: a, vScale: n } = t, { xAxisKey: o = "x", yAxisKey: r = "y" } = this._parsing, l = "x" === a.axis ? o : r, h = "x" === n.axis ? o : r, c = []; let d, u, g, f; for (u = (d = i) + s; d < u; ++d)f = e[d], (g = {})[a.axis] = a.parse(m(f, l), d), c.push(aa(m(f, h), g, n, d)); return c } updateRangeFromParsed(t, e, i, s) { super.updateRangeFromParsed(t, e, i, s); s = i._custom; s && e === this._cachedMeta.vScale && (t.min = Math.min(t.min, s.min), t.max = Math.max(t.max, s.max)) } getMaxOverflow() { return 0 } getLabelAndValue(t) { const e = this._cachedMeta, { iScale: i, vScale: s } = e, a = this.getParsed(t), n = a._custom, o = oa(n) ? "[" + n.start + ", " + n.end + "]" : "" + s.getLabelForValue(a[s.axis]); return { label: "" + i.getLabelForValue(a[i.axis]), value: o } } initialize() { this.enableOptionSharing = !0, super.initialize(), this._cachedMeta.stack = this.getDataset().stack } update(t) { var e = this._cachedMeta; this.updateElements(e.data, 0, e.data.length, t) } updateElements(e, i, s, a) { const n = "reset" === a, { index: o, _cachedMeta: { vScale: r } } = this, l = r.getBasePixel(), h = r.isHorizontal(), c = this._getRuler(), { sharedOptions: d, includeOptions: u } = this._getSharedOptions(i, a); for (let t = i; t < i + s; t++) { const i = this.getParsed(t), s = n || P(i[r.axis]) ? { base: l, head: l } : this._calculateBarValuePixels(t), m = this._calculateBarIndexPixels(t, c), b = (i._stacks || {})[r.axis], x = { horizontal: h, base: s.base, enableBorderRadius: !b || oa(i._custom) || o === b._top || o === b._bottom, x: h ? s.head : m.center, y: h ? m.center : s.head, height: h ? m.size : Math.abs(s.size), width: h ? Math.abs(s.size) : m.size }; u && (x.options = d || this.resolveDataElementOptions(t, e[t].active ? "active" : a)); var g = x.options || e[t].options; (function (n, t, e, i) { let s = t.borderSkipped; const a = {}; if (!s) return n.borderSkipped = a; if (!0 === s) return n.borderSkipped = { top: !0, right: !0, bottom: !0, left: !0 }; var { start: t, end: o, reverse: r, top: l, bottom: h } = function () { let t, e, i, s, a; return i = n.horizontal ? (t = n.base > n.x, e = "left", "right") : (t = n.base < n.y, e = "bottom", "top"), a = t ? (s = "end", "start") : (s = "start", "end"), { start: e, end: i, reverse: t, top: s, bottom: a } }(); "middle" === s && e && (n.enableBorderRadius = !0, s = (e._top || 0) === i ? l : (e._bottom || 0) === i ? h : (a[ra(h, t, o, r)] = !0, l)), a[ra(s, t, o, r)] = !0, n.borderSkipped = a })(x, g, b, o), [g, f, p] = [x, g["inflateAmount"], c.ratio], g.inflateAmount = "auto" === f ? 1 === p ? .33 : 0 : f, this.updateElement(e[t], t, x, a) } var f, p } _getStacks(t, i) { const e = this._cachedMeta["iScale"], s = e.getMatchingVisibleMetas(this._type).filter(t => t.controller.options.grouped), a = e.options.stacked, n = []; for (const e of s) if ((void 0 === i || !(t => { var e = t.controller.getParsed(i), e = e && e[t.vScale.axis]; if (P(e) || isNaN(e)) return !0 })(e)) && ((!1 === a || -1 === n.indexOf(e.stack) || void 0 === a && void 0 === e.stack) && n.push(e.stack), e.index === t)) break; return n.length || n.push(void 0), n } _getStackCount(t) { return this._getStacks(void 0, t).length } _getStackIndex(t, e, i) { const s = this._getStacks(t, i), a = void 0 !== e ? s.indexOf(e) : -1; return -1 === a ? s.length - 1 : a } _getRuler() { const t = this.options, e = this._cachedMeta, i = e.iScale, s = []; let a, n; for (a = 0, n = e.data.length; a < n; ++a)s.push(i.getPixelForValue(this.getParsed(a)[i.axis], a)); var o = t.barThickness; return { min: o || function (t) { const e = t.iScale, i = function (s, t) { if (!s._cache.$bar) { const a = s.getMatchingVisibleMetas(t); let i = []; for (let t = 0, e = a.length; t < e; t++)i = i.concat(a[t].controller.getAllParsedValues(s)); s._cache.$bar = Mt(i.sort((t, e) => t - e)) } return s._cache.$bar }(e, t.type); let s, a, n, o, r = e._length; var l = () => { 32767 !== n && -32768 !== n && (f(o) && (r = Math.min(r, Math.abs(n - o) || r)), o = n) }; for (s = 0, a = i.length; s < a; ++s)n = e.getPixelForValue(i[s]), l(); for (o = void 0, s = 0, a = e.ticks.length; s < a; ++s)n = e.getPixelForTick(s), l(); return r }(e), pixels: s, start: i._startPixel, end: i._endPixel, stackCount: this._getStackCount(), scale: i, grouped: t.grouped, ratio: o ? 1 : t.categoryPercentage * t.barPercentage } } _calculateBarValuePixels(t) { const { _cachedMeta: { vScale: e, _stacked: i, index: s }, options: { base: a, minBarLength: n } } = this, o = a || 0, r = this.getParsed(t), l = r._custom, h = oa(l); let c, d, u = r[e.axis], g = 0, f = i ? this.applyStack(e, r, i) : u; f !== u && (g = f - u, f = u), h && (u = l.barStart, f = l.barEnd - l.barStart, 0 !== u && y(u) !== y(l.barEnd) && (g = 0), g += u); var p, m, b = P(a) || h ? g : a; let x = e.getPixelForValue(b); if (c = this.chart.getDataVisibility(t) ? e.getPixelForValue(g + f) : x, d = c - x, Math.abs(d) < n) { d = (b = d, p = e, m = o, (0 !== b ? y(b) : (p.isHorizontal() ? 1 : -1) * (p.min >= m ? 1 : -1)) * n), u === o && (x -= d / 2); const t = e.getPixelForDecimal(0), P = e.getPixelForDecimal(1), a = Math.min(t, P), l = Math.max(t, P); x = Math.max(Math.min(x, l), a), c = x + d, i && !h && (r._stacks[e.axis]._visualValues[s] = e.getValueForPixel(c) - e.getValueForPixel(x)) } if (x === e.getPixelForValue(o)) { const t = y(d) * e.getLineWidthForValue(o) / 2; x += t, d -= t } return { size: d, base: x, head: c, center: c + d / 2 } } _calculateBarIndexPixels(t, e) { const i = e.scale, s = this.options, a = s.skipNull, n = T(s.maxBarThickness, 1 / 0); let o, r; if (e.grouped) { const i = a ? this._getStackCount(t) : e.stackCount, T = ("flex" === s.barThickness ? function (t, e, i, s) { var a = e.pixels, n = a[t]; let o = 0 < t ? a[t - 1] : null, r = t < a.length - 1 ? a[t + 1] : null; a = i.categoryPercentage, null === o && (o = n - (null === r ? e.end - e.start : r - n)), null === r && (r = n + n - o), t = n - (n - Math.min(o, r)) / 2 * a; return { chunk: Math.abs(r - o) / 2 * a / s, ratio: i.barPercentage, start: t } } : function (t, e, i, s) { var a = i.barThickness; let n, o; return o = P(a) ? (n = e.min * i.categoryPercentage, i.barPercentage) : (n = a * s, 1), { chunk: n / s, ratio: o, start: e.pixels[t] - n / 2 } })(t, e, s, i), l = this._getStackIndex(this.index, this._cachedMeta.stack, a ? t : void 0); o = T.start + T.chunk * l + T.chunk / 2, r = Math.min(n, T.chunk * T.ratio) } else o = i.getPixelForValue(this.getParsed(t)[i.axis], t), r = Math.min(n, e.min * e.ratio); return { base: o - r / 2, head: o + r / 2, center: o, size: r } } draw() { const t = this._cachedMeta, e = t.vScale, i = t.data, s = i.length; let a = 0; for (; a < s; ++a)null !== this.getParsed(a)[e.axis] && i[a].draw(this._ctx) } }, BubbleController: class extends Ds { static id = "bubble"; static defaults = { datasetElementType: !1, dataElementType: "point", animations: { numbers: { type: "number", properties: ["x", "y", "borderWidth", "radius"] } } }; static overrides = { scales: { x: { type: "linear" }, y: { type: "linear" } } }; initialize() { this.enableOptionSharing = !0, super.initialize() } parsePrimitiveData(t, e, i, s) { const a = super.parsePrimitiveData(t, e, i, s); for (let t = 0; t < a.length; t++)a[t]._custom = this.resolveDataElementOptions(t + i).radius; return a } parseArrayData(t, e, i, s) { const a = super.parseArrayData(t, e, i, s); for (let t = 0; t < a.length; t++) { const s = e[i + t]; a[t]._custom = T(s[2], this.resolveDataElementOptions(t + i).radius) } return a } parseObjectData(t, e, i, s) { const a = super.parseObjectData(t, e, i, s); for (let t = 0; t < a.length; t++) { const s = e[i + t]; a[t]._custom = T(s && s.r && +s.r, this.resolveDataElementOptions(t + i).radius) } return a } getMaxOverflow() { const e = this._cachedMeta.data; let i = 0; for (let t = e.length - 1; 0 <= t; --t)i = Math.max(i, e[t].size(this.resolveDataElementOptions(t)) / 2); return 0 < i && i } getLabelAndValue(t) { const e = this._cachedMeta, i = this.chart.data.labels || [], { xScale: s, yScale: a } = e, n = this.getParsed(t), o = s.getLabelForValue(n.x), r = a.getLabelForValue(n.y), l = n._custom; return { label: i[t] || "", value: "(" + o + ", " + r + (l ? ", " + l : "") + ")" } } update(t) { var e = this._cachedMeta.data; this.updateElements(e, 0, e.length, t) } updateElements(e, i, s, a) { const n = "reset" === a, { iScale: o, vScale: r } = this._cachedMeta, { sharedOptions: l, includeOptions: h } = this._getSharedOptions(i, a), c = o.axis, d = r.axis; for (let t = i; t < i + s; t++) { const i = e[t], s = !n && this.getParsed(t), u = {}, g = u[c] = n ? o.getPixelForDecimal(.5) : o.getPixelForValue(s[c]), f = u[d] = n ? r.getBasePixel() : r.getPixelForValue(s[d]); u.skip = isNaN(g) || isNaN(f), h && (u.options = l || this.resolveDataElementOptions(t, i.active ? "active" : a), n && (u.options.radius = 0)), this.updateElement(i, t, u, a) } } resolveDataElementOptions(t, e) { var i = this.getParsed(t); let s = super.resolveDataElementOptions(t, e); t = (s = s.$shared ? Object.assign({}, s, { $shared: !1 }) : s).radius; return "active" !== e && (s.radius = 0), s.radius += T(i && i._custom, t), s } }, DoughnutController: ha, LineController: class extends Ds { static id = "line"; static defaults = { datasetElementType: "line", dataElementType: "point", showLine: !0, spanGaps: !1 }; static overrides = { scales: { _index_: { type: "category" }, _value_: { type: "linear" } } }; initialize() { this.enableOptionSharing = !0, this.supportsDecimation = !0, super.initialize() } update(t) { const e = this._cachedMeta, { dataset: i, data: s = [], _dataset: a } = e, n = this.chart._animationsDisabled; let { start: o, count: r } = Ct(e, s, n); this._drawStart = o, this._drawCount = r, Ot(e) && (o = 0, r = s.length), i._chart = this.chart, i._datasetIndex = this.index, i._decimated = !!a._decimated, i.points = s; const l = this.resolveDatasetElementOptions(t); this.options.showLine || (l.borderWidth = 0), l.segment = this.options.segment, this.updateElement(i, void 0, { animated: !n, options: l }, t), this.updateElements(s, o, r, t) } updateElements(e, i, t, s) { const a = "reset" === s, { iScale: n, vScale: o, _stacked: r, _dataset: l } = this._cachedMeta, { sharedOptions: h, includeOptions: c } = this._getSharedOptions(i, s), d = n.axis, u = o.axis, { spanGaps: g, segment: f } = this.options, p = ot(g) ? g : Number.POSITIVE_INFINITY, m = this.chart._animationsDisabled || a || "none" === s, b = i + t, x = e.length; let v = 0 < i && this.getParsed(i - 1); for (let t = 0; t < x; ++t) { const g = e[t], x = m ? g : {}; var _, y, M, w; t < i || t >= b ? x.skip = !0 : (y = P((_ = this.getParsed(t))[u]), M = x[d] = n.getPixelForValue(_[d], t), w = x[u] = a || y ? o.getBasePixel() : o.getPixelForValue(r ? this.applyStack(o, _, r) : _[u], t), x.skip = isNaN(M) || isNaN(w) || y, x.stop = 0 < t && Math.abs(_[d] - v[d]) > p, f && (x.parsed = _, x.raw = l.data[t]), c && (x.options = h || this.resolveDataElementOptions(t, g.active ? "active" : s)), m || this.updateElement(g, t, x, s), v = _) } } getMaxOverflow() { const t = this._cachedMeta, e = t.dataset, i = e.options && e.options.borderWidth || 0, s = t.data || []; if (!s.length) return i; var a = s[0].size(this.resolveDataElementOptions(0)), n = s[s.length - 1].size(this.resolveDataElementOptions(s.length - 1)); return Math.max(i, a, n) / 2 } draw() { const t = this._cachedMeta; t.dataset.updateControlPoints(this.chart.chartArea, t.iScale.axis), super.draw() } }, PolarAreaController: ca, PieController: class extends ha { static id = "pie"; static defaults = { cutout: 0, rotation: 0, circumference: 360, radius: "100%" } }, RadarController: class extends Ds { static id = "radar"; static defaults = { datasetElementType: "line", dataElementType: "point", indexAxis: "r", showLine: !0, elements: { line: { fill: "start" } } }; static overrides = { aspectRatio: 1, scales: { r: { type: "radialLinear" } } }; getLabelAndValue(t) { const e = this._cachedMeta.vScale, i = this.getParsed(t); return { label: e.getLabels()[t], value: "" + e.getLabelForValue(i[e.axis]) } } parseObjectData(t, e, i, s) { return ii.bind(this)(t, e, i, s) } update(t) { const e = this._cachedMeta, i = e.dataset, s = e.data || [], a = e.iScale.getLabels(); if (i.points = s, "resize" !== t) { const e = this.resolveDatasetElementOptions(t); this.options.showLine || (e.borderWidth = 0); var n = { _loop: !0, _fullLoop: a.length === s.length, options: e }; this.updateElement(i, void 0, n, t) } this.updateElements(s, 0, s.length, t) } updateElements(e, i, s, a) { const n = this._cachedMeta.rScale, o = "reset" === a; for (let t = i; t < i + s; t++) { const i = e[t], s = this.resolveDataElementOptions(t, i.active ? "active" : a), r = n.getPointPositionForValue(t, this.getParsed(t).r), l = o ? n.xCenter : r.x, h = o ? n.yCenter : r.y, c = { x: l, y: h, angle: r.angle, skip: isNaN(l) || isNaN(h), options: s }; this.updateElement(i, t, c, a) } } }, ScatterController: class extends Ds { static id = "scatter"; static defaults = { datasetElementType: !1, dataElementType: "point", showLine: !1, fill: !1 }; static overrides = { interaction: { mode: "point" }, scales: { x: { type: "linear" }, y: { type: "linear" } } }; getLabelAndValue(t) { const e = this._cachedMeta, i = this.chart.data.labels || [], { xScale: s, yScale: a } = e, n = this.getParsed(t), o = s.getLabelForValue(n.x), r = a.getLabelForValue(n.y); return { label: i[t] || "", value: "(" + o + ", " + r + ")" } } update(t) { var e = this._cachedMeta, { data: i = [] } = e, s = this.chart._animationsDisabled; let { start: a, count: n } = Ct(e, i, s); if (this._drawStart = a, this._drawCount = n, Ot(e) && (a = 0, n = i.length), this.options.showLine) { const { dataset: a, _dataset: n } = e, o = (a._chart = this.chart, a._datasetIndex = this.index, a._decimated = !!n._decimated, a.points = i, this.resolveDatasetElementOptions(t)); o.segment = this.options.segment, this.updateElement(a, void 0, { animated: !s, options: o }, t) } this.updateElements(i, a, n, t) } addElements() { var t = this.options["showLine"]; !this.datasetElementType && t && (this.datasetElementType = this.chart.registry.getElement("line")), super.addElements() } updateElements(e, i, s, a) { const n = "reset" === a, { iScale: o, vScale: r, _stacked: l, _dataset: h } = this._cachedMeta, t = this.resolveDataElementOptions(i, a), c = this.getSharedOptions(t), d = this.includeOptions(a, c), u = o.axis, g = r.axis, { spanGaps: f, segment: p } = this.options, m = ot(f) ? f : Number.POSITIVE_INFINITY, b = this.chart._animationsDisabled || n || "none" === a; let x = 0 < i && this.getParsed(i - 1); for (let t = i; t < i + s; ++t) { const i = e[t], s = this.getParsed(t), f = b ? i : {}, v = P(s[g]), _ = f[u] = o.getPixelForValue(s[u], t), y = f[g] = n || v ? r.getBasePixel() : r.getPixelForValue(l ? this.applyStack(r, s, l) : s[g], t); f.skip = isNaN(_) || isNaN(y) || v, f.stop = 0 < t && Math.abs(s[u] - x[u]) > m, p && (f.parsed = s, f.raw = h.data[t]), d && (f.options = c || this.resolveDataElementOptions(t, i.active ? "active" : a)), b || this.updateElement(i, t, f, a), x = s } this.updateSharedOptions(c, a, t) } getMaxOverflow() { const t = this._cachedMeta, i = t.data || []; if (!this.options.showLine) { let e = 0; for (let t = i.length - 1; 0 <= t; --t)e = Math.max(e, i[t].size(this.resolveDataElementOptions(t)) / 2); return 0 < e && e } var e = t.dataset, e = e.options && e.options.borderWidth || 0; if (!i.length) return e; var s = i[0].size(this.resolveDataElementOptions(0)), a = i[i.length - 1].size(this.resolveDataElementOptions(i.length - 1)); return Math.max(e, s, a) / 2 } } }); function ua(t, e, i, s) { return { x: i + t * Math.cos(e), y: s + t * Math.sin(e) } } function ga(t, e, i, s, a, n) { var { x: o, y: r, startAngle: l, pixelMargin: h, innerRadius: c } = e, d = Math.max(e.outerRadius + s + i - h, 0), h = 0 < c ? c + s + i + h : 0; let u = 0; var g = a - l; if (s) { const t = ((0 < c ? c - s : 0) + (0 < d ? d - s : 0)) / 2; u = (g - (0 != t ? g * t / (t + s) : g)) / 2 } var c = (g - Math.max(.001, g * d - i / S) / d) / 2, g = l + c + u, l = a - c - u, { outerStart: c, outerEnd: f, innerStart: p, innerEnd: m } = function (t, e, i, s) { t = _i(t.options.borderRadius, ["outerStart", "outerEnd", "innerStart", "innerEnd"]); const a = (i - e) / 2, n = Math.min(a, s * e / 2), o = t => { var e = (i - Math.min(a, t)) * s / 2; return C(t, 0, Math.min(a, e)) }; return { outerStart: o(t.outerStart), outerEnd: o(t.outerEnd), innerStart: C(t.innerStart, 0, n), innerEnd: C(t.innerEnd, 0, n) } }(e, h, d, l - g), b = d - c, x = d - f, v = g + c / b, _ = l - f / x, y = h + p, M = h + m, w = g + p / y, k = l - m / M; if (t.beginPath(), n) { const e = (v + _) / 2; if (t.arc(o, r, d, v, e), t.arc(o, r, d, e, _), 0 < f) { const e = ua(x, _, o, r); t.arc(e.x, e.y, f, _, l + D) } const i = ua(M, l, o, r); if (t.lineTo(i.x, i.y), 0 < m) { const e = ua(M, k, o, r); t.arc(e.x, e.y, m, l + D, k + Math.PI) } const s = (l - m / h + (g + p / h)) / 2; if (t.arc(o, r, h, l - m / h, s, !0), t.arc(o, r, h, s, g + p / h, !0), 0 < p) { const e = ua(y, w, o, r); t.arc(e.x, e.y, p, w + Math.PI, g - D) } const a = ua(b, g, o, r); if (t.lineTo(a.x, a.y), 0 < c) { const e = ua(b, v, o, r); t.arc(e.x, e.y, c, g - D, v) } } else { t.moveTo(o, r); const e = Math.cos(v) * d + o, i = Math.sin(v) * d + r, s = (t.lineTo(e, i), Math.cos(_) * d + o), a = Math.sin(_) * d + r; t.lineTo(s, a) } t.closePath() } function fa(t, e, i = e) { t.lineCap = T(i.borderCapStyle, e.borderCapStyle), t.setLineDash(T(i.borderDash, e.borderDash)), t.lineDashOffset = T(i.borderDashOffset, e.borderDashOffset), t.lineJoin = T(i.borderJoinStyle, e.borderJoinStyle), t.lineWidth = T(i.borderWidth, e.borderWidth), t.strokeStyle = T(i.borderColor, e.borderColor) } function pa(t, e, i) { t.lineTo(i.x, i.y) } function ma(t, e, i = {}) { var t = t.length, { start: i = 0, end: s = t - 1 } = i, { start: a, end: n } = e, o = Math.max(i, a), r = Math.min(s, n); return { count: t, start: o, loop: e.loop, ilen: r < o && !(i < a && s < a || n < i && n < s) ? t + r - o : r - o } } function ba(t, e, i, s) { const { points: a, options: n } = e, { count: o, start: r, loop: l, ilen: h } = ma(a, i, s), c = n.stepped ? Ne : n.tension || "monotone" === n.cubicInterpolationMode ? We : pa; let d, u, g, { move: f = !0, reverse: p } = s || {}; for (d = 0; d <= h; ++d)(u = a[(r + (p ? h - d : d)) % o]).skip || (f ? (t.moveTo(u.x, u.y), f = !1) : c(t, g, u, p, n.stepped), g = u); return l && (u = a[(r + (p ? h : 0)) % o], c(t, g, u, p, n.stepped)), !!l } function xa(t, e, i, s) { const a = e.points, { count: n, start: o, ilen: r } = ma(a, i, s), { move: l = !0, reverse: h } = s || {}; let c, d, u, g, f, p, m = 0, b = 0; var x = t => (o + (h ? r - t : t)) % n, v = () => { g !== f && (t.lineTo(m, f), t.lineTo(m, g), t.lineTo(m, p)) }; for (l && (d = a[x(0)], t.moveTo(d.x, d.y)), c = 0; c <= r; ++c)if (!(d = a[x(c)]).skip) { const e = d.x, i = d.y, s = 0 | e; s === u ? (i < g ? g = i : i > f && (f = i), m = (b * m + e) / ++b) : (v(), t.lineTo(e, i), u = s, b = 0, g = f = i), p = i } v() } function va(t) { var e = t.options, i = e.borderDash && e.borderDash.length; return t._decimated || t._loop || e.tension || "monotone" === e.cubicInterpolationMode || e.stepped || i ? ba : xa } const _a = "function" == typeof Path2D; class ya extends e { static id = "line"; static defaults = { borderCapStyle: "butt", borderDash: [], borderDashOffset: 0, borderJoinStyle: "miter", borderWidth: 3, capBezierPoints: !0, cubicInterpolationMode: "default", fill: !1, spanGaps: !1, stepped: !1, tension: 0 }; static defaultRoutes = { backgroundColor: "backgroundColor", borderColor: "borderColor" }; static descriptors = { _scriptable: !0, _indexable: t => "borderDash" !== t && "fill" !== t }; constructor(t) { super(), this.animated = !0, this.options = void 0, this._chart = void 0, this._loop = void 0, this._fullLoop = void 0, this._path = void 0, this._points = void 0, this._segments = void 0, this._decimated = !1, this._pointsUpdated = !1, this._datasetIndex = void 0, t && Object.assign(this, t) } updateControlPoints(t, e) { var i, s = this.options; !s.tension && "monotone" !== s.cubicInterpolationMode || s.stepped || this._pointsUpdated || (i = s.spanGaps ? this._loop : this._fullLoop, hi(this._points, s, t, i, e), this._pointsUpdated = !0) } set points(t) { this._points = t, delete this._segments, delete this._path, this._pointsUpdated = !1 } get points() { return this._points } get segments() { return this._segments || (this._segments = Ei(this, this.options.segment)) } first() { var t = this.segments, e = this.points; return t.length && e[t[0].start] } last() { var t = this.segments, e = this.points, i = t.length; return i && e[t[i - 1].end] } interpolate(i, s) { var a = this.options, n = i[s], o = this.points, r = Li(this, { property: s, start: n, end: n }); if (r.length) { const l = [], h = a.stepped ? pi : a.tension || "monotone" === a.cubicInterpolationMode ? mi : fi; let e, t; for (e = 0, t = r.length; e < t; ++e) { const { start: t, end: c } = r[e], d = o[t], u = o[c]; if (d === u) l.push(d); else { const g = h(d, u, Math.abs((n - d[s]) / (u[s] - d[s])), a.stepped); g[s] = i[s], l.push(g) } } return 1 === l.length ? l[0] : l } } pathSegment(t, e, i) { return va(this)(t, this, e, i) } path(t, e, i) { const s = this.segments, a = va(this); let n = this._loop; e = e || 0, i = i || this.points.length - e; for (const o of s) n &= a(t, this, o, { start: e, end: e + i - 1 }); return !!n } draw(t, e, i, s) { var a, n = this.options || {}; (this.points || []).length && n.borderWidth && (t.save(), n = t, a = this, i = i, s = s, (_a && !a.options.segment ? function (t, e, i, s) { let a = e._path; a || (a = e._path = new Path2D, e.path(a, i, s) && a.closePath()), fa(t, e.options), t.stroke(a) } : function (t, e, i, s) { const { segments: a, options: n } = e, o = va(e); for (const r of a) fa(t, n, r.style), t.beginPath(), o(t, e, r, { start: i, end: i + s - 1 }) && t.closePath(), t.stroke() })(n, a, i, s), t.restore()), this.animated && (this._pointsUpdated = !1, this._path = void 0) } } function Ma(t, e, i, s) { var a = t.options, { [i]: t } = t.getProps([i], s); return Math.abs(e - t) < a.radius + a.hitRadius } function wa(t, e) { var { x: e, y: i, base: s, width: a, height: n } = t.getProps(["x", "y", "base", "width", "height"], e); let o, r, l, h, c; return h = t.horizontal ? (c = n / 2, o = Math.min(e, s), r = Math.max(e, s), l = i - c, i + c) : (c = a / 2, o = e - c, r = e + c, l = Math.min(i, s), Math.max(i, s)), { left: o, top: l, right: r, bottom: h } } function ka(t, e, i, s) { return t ? 0 : C(e, i, s) } function Sa(t, e, i, s) { var a = null === e, n = null === i, t = t && !(a && n) && wa(t, s); return t && (a || c(e, t.left, t.right)) && (n || c(i, t.top, t.bottom)) } function Pa(t, e) { t.rect(e.x, e.y, e.w, e.h) } function Da(t, e, i = {}) { var s = t.x !== i.x ? -e : 0, a = t.y !== i.y ? -e : 0, n = (t.x + t.w !== i.x + i.w ? e : 0) - s, i = (t.y + t.h !== i.y + i.h ? e : 0) - a; return { x: t.x + s, y: t.y + a, w: t.w + n, h: t.h + i, radius: t.radius } } var Ca = Object.freeze({ __proto__: null, ArcElement: class extends e { static id = "arc"; static defaults = { borderAlign: "center", borderColor: "#fff", borderJoinStyle: void 0, borderRadius: 0, borderWidth: 2, offset: 0, spacing: 0, angle: void 0, circular: !0 }; static defaultRoutes = { backgroundColor: "backgroundColor" }; constructor(t) { super(), this.options = void 0, this.circumference = void 0, this.startAngle = void 0, this.endAngle = void 0, this.innerRadius = void 0, this.outerRadius = void 0, this.pixelMargin = 0, this.fullCircles = 0, t && Object.assign(this, t) } inRange(t, e, i) { var { angle: t, distance: e } = dt(this.getProps(["x", "y"], i), { x: t, y: e }), { startAngle: i, endAngle: s, innerRadius: a, outerRadius: n, circumference: o } = this.getProps(["startAngle", "endAngle", "innerRadius", "outerRadius", "circumference"], i), r = this.options.spacing / 2, o = T(o, s - i) >= _ || ft(t, i, s), t = c(e, a + r, n + r); return o && t } getCenterPoint(t) { var { x: t, y: e, startAngle: i, endAngle: s, innerRadius: a, outerRadius: n } = this.getProps(["x", "y", "startAngle", "endAngle", "innerRadius", "outerRadius", "circumference"], t), { offset: o, spacing: r } = this.options, i = (i + s) / 2, s = (a + n + r + o) / 2; return { x: t + Math.cos(i) * s, y: e + Math.sin(i) * s } } tooltipPosition(t) { return this.getCenterPoint(t) } draw(e) { var { options: i, circumference: s } = this, a = (i.offset || 0) / 4, n = (i.spacing || 0) / 2, o = i.circular; if (this.pixelMargin = "inner" === i.borderAlign ? .33 : 0, this.fullCircles = s > _ ? Math.floor(s / _) : 0, !(0 === s || this.innerRadius < 0 || this.outerRadius < 0)) { e.save(); var r = (this.startAngle + this.endAngle) / 2, r = (e.translate(Math.cos(r) * a, Math.sin(r) * a), a * (1 - Math.sin(Math.min(S, s || 0)))); e.fillStyle = i.backgroundColor, e.strokeStyle = i.borderColor; { var l = e; a = this; s = r; i = n; var h = o; var { fullCircles: c, startAngle: d, circumference: u } = a; let t = a.endAngle; if (c) { ga(l, a, s, i, t, h); for (let t = 0; t < c; ++t)l.fill(); isNaN(u) || (t = d + (u % _ || _)) } ga(l, a, s, i, t, h), l.fill() } var g = e, d = this, u = r, a = n, s = o, { fullCircles: f, startAngle: i, circumference: h, options: r } = d, { borderWidth: n, borderJoinStyle: o } = r, r = "inner" === r.borderAlign; if (n) { r ? (g.lineWidth = 2 * n, g.lineJoin = o || "round") : (g.lineWidth = n, g.lineJoin = o || "bevel"); let t = d.endAngle; if (f) { ga(g, d, u, a, t, s); for (let t = 0; t < f; ++t)g.stroke(); isNaN(h) || (t = i + (h % _ || _)) } if (r) { n = g; o = d; i = t; var { startAngle: o, pixelMargin: h, x: r, y: p, outerRadius: m, innerRadius: b } = o, x = h / m; n.beginPath(), n.arc(r, p, m, o - x, i + x), h < b ? n.arc(r, p, b, i + (x = h / b), o - x, !0) : n.arc(r, p, h, i + D, o - D), n.closePath(), n.clip() } f || (ga(g, d, u, a, t, s), g.stroke()) } e.restore() } } }, LineElement: ya, PointElement: class extends e { static id = "point"; static defaults = { borderWidth: 1, hitRadius: 1, hoverBorderWidth: 1, hoverRadius: 4, pointStyle: "circle", radius: 3, rotation: 0 }; static defaultRoutes = { backgroundColor: "backgroundColor", borderColor: "borderColor" }; constructor(t) { super(), this.options = void 0, this.parsed = void 0, this.skip = void 0, this.stop = void 0, t && Object.assign(this, t) } inRange(t, e, i) { var s = this.options, { x: i, y: a } = this.getProps(["x", "y"], i); return Math.pow(t - i, 2) + Math.pow(e - a, 2) < Math.pow(s.hitRadius + s.radius, 2) } inXRange(t, e) { return Ma(this, t, "x", e) } inYRange(t, e) { return Ma(this, t, "y", e) } getCenterPoint(t) { var { x: t, y: e } = this.getProps(["x", "y"], t); return { x: t, y: e } } size(t) { var e = (t = t || this.options || {}).radius || 0; return 2 * ((e = Math.max(e, e && t.hoverRadius || 0)) + (e && t.borderWidth || 0)) } draw(t, e) { var i = this.options; this.skip || i.radius < .1 || !Fe(this, e, this.size(i) / 2) || (t.strokeStyle = i.borderColor, t.lineWidth = i.borderWidth, t.fillStyle = i.backgroundColor, Ie(t, i, this.x, this.y)) } getRange() { var t = this.options || {}; return t.radius + t.hitRadius } }, BarElement: class extends e { static id = "bar"; static defaults = { borderSkipped: "start", borderWidth: 0, borderRadius: 0, inflateAmount: "auto", pointStyle: void 0 }; static defaultRoutes = { backgroundColor: "backgroundColor", borderColor: "borderColor" }; constructor(t) { super(), this.options = void 0, this.horizontal = void 0, this.base = void 0, this.width = void 0, this.height = void 0, this.inflateAmount = void 0, t && Object.assign(this, t) } draw(t) { const { inflateAmount: e, options: { borderColor: i, backgroundColor: s } } = this, { inner: a, outer: n } = (u = wa(r = this), g = u.right - u.left, f = u.bottom - u.top, c = g / 2, p = f / 2, d = (h = r).options.borderWidth, h = h.borderSkipped, d = yi(d), p = { t: ka(h.top, d.top, 0, p), r: ka(h.right, d.right, 0, c), b: ka(h.bottom, d.bottom, 0, p), l: ka(h.left, d.left, 0, c) }, h = g / 2, d = f / 2, r = (c = r).getProps(["enableBorderRadius"]).enableBorderRadius, m = c.options.borderRadius, l = Mi(m), h = Math.min(h, d), d = c.borderSkipped, r = { topLeft: ka(!(c = r || A(m)) || d.top || d.left, l.topLeft, 0, h), topRight: ka(!c || d.top || d.right, l.topRight, 0, h), bottomLeft: ka(!c || d.bottom || d.left, l.bottomLeft, 0, h), bottomRight: ka(!c || d.bottom || d.right, l.bottomRight, 0, h) }, { outer: { x: u.left, y: u.top, w: g, h: f, radius: r }, inner: { x: u.left + p.l, y: u.top + p.t, w: g - p.l - p.r, h: f - p.t - p.b, radius: { topLeft: Math.max(0, r.topLeft - Math.max(p.t, p.l)), topRight: Math.max(0, r.topRight - Math.max(p.t, p.r)), bottomLeft: Math.max(0, r.bottomLeft - Math.max(p.b, p.l)), bottomRight: Math.max(0, r.bottomRight - Math.max(p.b, p.r)) } } }), o = (m = n.radius).topLeft || m.topRight || m.bottomLeft || m.bottomRight ? je : Pa; var r, l, h, c, d, u, g, f, p, m; t.save(), n.w === a.w && n.h === a.h || (t.beginPath(), o(t, Da(n, e, a)), t.clip(), o(t, Da(a, -e, n)), t.fillStyle = i, t.fill("evenodd")), t.beginPath(), o(t, Da(a, e)), t.fillStyle = s, t.fill(), t.restore() } inRange(t, e, i) { return Sa(this, t, e, i) } inXRange(t, e) { return Sa(this, t, null, e) } inYRange(t, e) { return Sa(this, null, t, e) } getCenterPoint(t) { var { x: t, y: e, base: i, horizontal: s } = this.getProps(["x", "y", "base", "horizontal"], t); return { x: s ? (t + i) / 2 : t, y: s ? e : (e + i) / 2 } } getRange(t) { return "x" === t ? this.width / 2 : this.height / 2 } } }); function Oa(t) { var e = this.getLabels(); return 0 <= t && t < e.length ? e[t] : t } function Aa(t, e, { horizontal: i, minRotation: s }) { s = L(s), i = (i ? Math.sin(s) : Math.cos(s)) || .001; return Math.min(e / i, .75 * e * ("" + t).length) } class Ta extends Es { constructor(t) { super(t), this.start = void 0, this.end = void 0, this._startValue = void 0, this._endValue = void 0, this._valueRange = 0 } parse(t, e) { return P(t) || ("number" == typeof t || t instanceof Number) && !isFinite(+t) ? null : +t } handleTickRangeOptions() { const t = this.options["beginAtZero"], { minDefined: e, maxDefined: i } = this.getUserBounds(); let { min: s, max: a } = this; var n, o = t => s = e ? s : t, r = t => a = i ? a : t; if (t) { const t = y(s), e = y(a); t < 0 && e < 0 ? r(0) : 0 < t && 0 < e && o(0) } s === a && (n = 0 === a ? 1 : Math.abs(.05 * a), r(a + n), t || o(s - n)), this.min = s, this.max = a } getTickLimit() { let t, { maxTicksLimit: e, stepSize: i } = this.options.ticks; return i ? 1e3 < (t = Math.ceil(this.max / i) - Math.floor(this.min / i) + 1) && (console.warn(`scales.${this.id}.ticks.stepSize: ${i} would result generating up to ${t} ticks. Limiting to 1000.`), t = 1e3) : (t = this.computeTickLimit(), e = e || 11), t = e ? Math.min(e, t) : t } computeTickLimit() { return Number.POSITIVE_INFINITY } buildTicks() { var t = this.options, e = t.ticks, i = this.getTickLimit(); const s = function (t, e) { const i = [], { bounds: s, step: a, min: n, max: o, precision: r, count: l, maxTicks: h, maxDigits: c, includeBounds: d } = t, u = a || 1, g = h - 1, { min: f, max: p } = e, m = !P(n), b = !P(o), x = !P(l), v = (p - f) / (c + 1); let _, y, M, w, k = at((p - f) / g / u) * u; if (k < 1e-14 && !m && !b) return [{ value: f }, { value: p }]; (w = Math.ceil(p / k) - Math.floor(f / k)) > g && (k = at(w * k / g / u) * u), P(r) || (_ = Math.pow(10, r), k = Math.ceil(k * _) / _), M = "ticks" === s ? (y = Math.floor(f / k) * k, Math.ceil(p / k) * k) : (y = f, p), m && b && a && rt((o - n) / a, k / 1e3) ? (w = Math.round(Math.min((o - n) / k, h)), k = (o - n) / w, y = n, M = o) : x ? (y = m ? n : y, M = b ? o : M, w = l - 1, k = (M - y) / w) : w = st(w = (M - y) / k, Math.round(w), k / 1e3) ? Math.round(w) : Math.ceil(w); e = Math.max(ct(k), ct(y)); _ = Math.pow(10, P(r) ? e : r), y = Math.round(y * _) / _, M = Math.round(M * _) / _; let S = 0; for (m && (d && y !== n ? (i.push({ value: n }), y < n && S++, st(Math.round((y + S * k) * _) / _, n, Aa(n, v, t)) && S++) : y < n && S++); S < w; ++S)i.push({ value: Math.round((y + S * k) * _) / _ }); return b && d && M !== o ? i.length && st(i[i.length - 1].value, o, Aa(o, v, t)) ? i[i.length - 1].value = o : i.push({ value: o }) : b && M !== o || i.push({ value: M }), i }({ maxTicks: Math.max(2, i), bounds: t.bounds, min: t.min, max: t.max, precision: e.precision, step: e.stepSize, count: e.count, maxDigits: this._maxDigits(), horizontal: this.isHorizontal(), minRotation: e.minRotation || 0, includeBounds: !1 !== e.includeBounds }, this._range || this); return "ticks" === t.bounds && lt(s, this, "value"), t.reverse ? (s.reverse(), this.start = this.max, this.end = this.min) : (this.start = this.min, this.end = this.max), s } configure() { var t = this.ticks; let e = this.min, i = this.max; super.configure(), this.options.offset && t.length && (t = (i - e) / Math.max(t.length - 1, 1) / 2, e -= t, i += t), this._startValue = e, this._endValue = i, this._valueRange = i - e } getLabelForValue(t) { return ce(t, this.chart.options.locale, this.options.ticks.format) } } class La extends Ta { static id = "linear"; static defaults = { ticks: { callback: ue.formatters.numeric } }; determineDataLimits() { var { min: t, max: e } = this.getMinMax(!0); this.min = p(t) ? t : 0, this.max = p(e) ? e : 1, this.handleTickRangeOptions() } computeTickLimit() { var t = this.isHorizontal(), e = t ? this.width : this.height, i = L(this.options.ticks.minRotation), t = (t ? Math.sin(i) : Math.cos(i)) || .001, i = this._resolveTickFontOptions(0); return Math.ceil(e / Math.min(40, i.lineHeight / t)) } getPixelForValue(t) { return null === t ? NaN : this.getPixelForDecimal((t - this._startValue) / this._valueRange) } getValueForPixel(t) { return this._startValue + this.getDecimalForPixel(t) * this._valueRange } } const Ea = t => Math.floor(r(t)), Ra = (t, e) => Math.pow(10, Ea(t) + e); function Ia(t) { return 1 == t / Math.pow(10, Ea(t)) } function za(t, e, i) { i = Math.pow(10, i), t = Math.floor(t / i); return Math.ceil(e / i) - t } class Fa extends Es { static id = "logarithmic"; static defaults = { ticks: { callback: ue.formatters.logarithmic, major: { enabled: !0 } } }; constructor(t) { super(t), this.start = void 0, this.end = void 0, this._startValue = void 0, this._valueRange = 0 } parse(t, e) { t = Ta.prototype.parse.apply(this, [t, e]); if (0 !== t) return p(t) && 0 < t ? t : null; this._zero = !0 } determineDataLimits() { var { min: t, max: e } = this.getMinMax(!0); this.min = p(t) ? Math.max(0, t) : null, this.max = p(e) ? Math.max(0, e) : null, this.options.beginAtZero && (this._zero = !0), this._zero && this.min !== this._suggestedMin && !p(this._userMin) && (this.min = t === Ra(this.min, 0) ? Ra(this.min, -1) : Ra(this.min, 0)), this.handleTickRangeOptions() } handleTickRangeOptions() { const { minDefined: e, maxDefined: i } = this.getUserBounds(); let s = this.min, a = this.max; var t = t => s = e ? s : t, n = t => a = i ? a : t; s === a && (s <= 0 ? (t(1), n(10)) : (t(Ra(s, -1)), n(Ra(a, 1)))), s <= 0 && t(Ra(a, -1)), a <= 0 && n(Ra(s, 1)), this.min = s, this.max = a } buildTicks() { const t = this.options, e = function (t, { min: e, max: i }) { e = g(t.min, e); const s = [], a = Ea(e); let n = function (t, e) { let i = Ea(e - t); for (; 10 < za(t, e, i);)i++; for (; za(t, e, i) < 10;)i--; return Math.min(i, Ea(t)) }(e, i), o = n < 0 ? Math.pow(10, Math.abs(n)) : 1; var r = Math.pow(10, n), l = a > n ? Math.pow(10, a) : 0, h = Math.round((e - l) * o) / o, c = Math.floor((e - l) / r / 10) * r * 10; let d = Math.floor((h - c) / Math.pow(10, n)), u = g(t.min, Math.round((l + c + d * Math.pow(10, n)) * o) / o); for (; u < i;)s.push({ value: u, major: Ia(u), significand: d }), 10 <= d ? d = d < 15 ? 15 : 20 : d++, 20 <= d && (n++, d = 2, o = 0 <= n ? 1 : o), u = Math.round((l + c + d * Math.pow(10, n)) * o) / o; return e = g(t.max, u), s.push({ value: e, major: Ia(e), significand: d }), s }({ min: this._userMin, max: this._userMax }, this); return "ticks" === t.bounds && lt(e, this, "value"), t.reverse ? (e.reverse(), this.start = this.max, this.end = this.min) : (this.start = this.min, this.end = this.max), e } getLabelForValue(t) { return void 0 === t ? "0" : ce(t, this.chart.options.locale, this.options.ticks.format) } configure() { var t = this.min; super.configure(), this._startValue = r(t), this._valueRange = r(this.max) - r(t) } getPixelForValue(t) { return null === (t = void 0 !== t && 0 !== t ? t : this.min) || isNaN(t) ? NaN : this.getPixelForDecimal(t === this.min ? 0 : (r(t) - this._startValue) / this._valueRange) } getValueForPixel(t) { t = this.getDecimalForPixel(t); return Math.pow(10, this._startValue + t * this._valueRange) } } function Va(t) { var e = t.ticks; if (e.display && t.display) { const t = I(e.backdropPadding); return T(e.font && e.font.size, R.font.size) + t.height } return 0 } function Ba(t, e, i, s, a) { return t === s || t === a ? { start: e - i / 2, end: e + i / 2 } : t < s || a < t ? { start: e - i, end: e } : { start: e, end: e + i } } function Na(e) { const i = { l: e.left + e._padding.left, r: e.right - e._padding.right, t: e.top + e._padding.top, b: e.bottom - e._padding.bottom }, s = Object.assign({}, i), a = [], n = [], o = e._pointLabels.length, r = e.options.pointLabels, l = r.centerPointLabels ? S / o : 0; for (let t = 0; t < o; t++) { const o = r.setContext(e.getPointLabelContext(t)); n[t] = o.padding; var h = e.getPointPosition(t, e.drawingArea + n[t], l), c = z(o.font), d = (d = e.ctx, c = c, u = O(u = e._pointLabels[t]) ? u : [u], { w: Le(d, c.string, u), h: u.length * c.lineHeight }), u = (a[t] = d, v(e.getIndexAngle(t) + l)), c = Math.round(ht(u)); { g = void 0; f = void 0; p = void 0; m = void 0; b = void 0; x = void 0; p = void 0; var g = s; var f = i; var p = u; var m = Ba(c, h.x, d.w, 0, 180); var b = Ba(c, h.y, d.h, 90, 270); var x = Math.abs(Math.sin(p)), p = Math.abs(Math.cos(p)); let t = 0, e = 0; m.start < f.l ? (t = (f.l - m.start) / x, g.l = Math.min(g.l, f.l - t)) : m.end > f.r && (t = (m.end - f.r) / x, g.r = Math.max(g.r, f.r + t)), b.start < f.t ? (e = (f.t - b.start) / p, g.t = Math.min(g.t, f.t - e)) : b.end > f.b && (e = (b.end - f.b) / p, g.b = Math.max(g.b, f.b + e)) } } var d, u; e.setCenterPoint(i.l - s.l, s.r - i.r, i.t - s.t, s.b - i.b), e._pointLabelItems = function (e, i, s) { const a = [], n = e._pointLabels.length, t = e.options, o = Va(t) / 2, r = e.drawingArea, l = t.pointLabels.centerPointLabels ? S / n : 0; for (let t = 0; t < n; t++) { const n = e.getPointPosition(t, r + o + s[t], l), u = Math.round(ht(v(n.angle + D))), g = i[t], f = (h = n.y, c = g.h, 90 === (d = u) || 270 === d ? h -= c / 2 : (270 < d || d < 90) && (h -= c), h), p = 0 === (d = u) || 180 === d ? "center" : d < 180 ? "left" : "right", m = (c = n.x, h = g.w, "right" === (d = p) ? c -= h : "center" === d && (c -= h / 2), c); a.push({ x: n.x, y: f, textAlign: p, left: m, top: f, right: m + g.w, bottom: f + g.h }) } var h, c, d; return a }(e, a, n) } function Wa(e, i, t, s) { const a = e["ctx"]; if (t) a.arc(e.xCenter, e.yCenter, i, 0, _); else { var n = e.getPointPosition(0, i); a.moveTo(n.x, n.y); for (let t = 1; t < s; t++)n = e.getPointPosition(t, i), a.lineTo(n.x, n.y) } } class Ha extends Ta { static id = "radialLinear"; static defaults = { display: !0, animate: !0, position: "chartArea", angleLines: { display: !0, lineWidth: 1, borderDash: [], borderDashOffset: 0 }, grid: { circular: !1 }, startAngle: 0, ticks: { showLabelBackdrop: !0, callback: ue.formatters.numeric }, pointLabels: { backdropColor: void 0, backdropPadding: 2, display: !0, font: { size: 10 }, callback: t => t, padding: 5, centerPointLabels: !1 } }; static defaultRoutes = { "angleLines.color": "borderColor", "pointLabels.color": "color", "ticks.color": "color" }; static descriptors = { angleLines: { _fallback: "grid" } }; constructor(t) { super(t), this.xCenter = void 0, this.yCenter = void 0, this.drawingArea = void 0, this._pointLabels = [], this._pointLabelItems = [] } setDimensions() { var t = this._padding = I(Va(this.options) / 2), e = this.width = this.maxWidth - t.width, i = this.height = this.maxHeight - t.height; this.xCenter = Math.floor(this.left + e / 2 + t.left), this.yCenter = Math.floor(this.top + i / 2 + t.top), this.drawingArea = Math.floor(Math.min(e, i) / 2) } determineDataLimits() { var { min: t, max: e } = this.getMinMax(!1); this.min = p(t) && !isNaN(t) ? t : 0, this.max = p(e) && !isNaN(e) ? e : 0, this.handleTickRangeOptions() } computeTickLimit() { return Math.ceil(this.drawingArea / Va(this.options)) } generateTickLabels(t) { Ta.prototype.generateTickLabels.call(this, t), this._pointLabels = this.getLabels().map((t, e) => { t = d(this.options.pointLabels.callback, [t, e], this); return t || 0 === t ? t : "" }).filter((t, e) => this.chart.getDataVisibility(e)) } fit() { var t = this.options; t.display && t.pointLabels.display ? Na(this) : this.setCenterPoint(0, 0, 0, 0) } setCenterPoint(t, e, i, s) { this.xCenter += Math.floor((t - e) / 2), this.yCenter += Math.floor((i - s) / 2), this.drawingArea -= Math.min(this.drawingArea / 2, Math.max(t, e, i, s)) } getIndexAngle(t) { return v(t * (_ / (this._pointLabels.length || 1)) + L(this.options.startAngle || 0)) } getDistanceFromCenterForValue(t) { if (P(t)) return NaN; var e = this.drawingArea / (this.max - this.min); return this.options.reverse ? (this.max - t) * e : (t - this.min) * e } getValueForDistanceFromCenter(t) { if (P(t)) return NaN; t /= this.drawingArea / (this.max - this.min); return this.options.reverse ? this.max - t : this.min + t } getPointLabelContext(t) { var e = this._pointLabels || []; if (0 <= t && t < e.length) return e = e[t], Si(this.getContext(), { label: e, index: t, type: "pointLabel" }) } getPointPosition(t, e, i = 0) { t = this.getIndexAngle(t) - D + i; return { x: Math.cos(t) * e + this.xCenter, y: Math.sin(t) * e + this.yCenter, angle: t } } getPointPositionForValue(t, e) { return this.getPointPosition(t, this.getDistanceFromCenterForValue(e)) } getBasePosition(t) { return this.getPointPositionForValue(t || 0, this.getBaseValue()) } getPointLabelPosition(t) { var { left: t, top: e, right: i, bottom: s } = this._pointLabelItems[t]; return { left: t, top: e, right: i, bottom: s } } drawBackground() { var { backgroundColor: t, grid: { circular: e } } = this.options; if (t) { const i = this.ctx; i.save(), i.beginPath(), Wa(this, this.getDistanceFromCenterForValue(this._endValue), e, this._pointLabels.length), i.closePath(), i.fillStyle = t, i.fill(), i.restore() } } drawGrid() { const t = this.ctx, e = this.options, { angleLines: i, grid: h, border: c } = e, d = this._pointLabels.length; let s, u, a; if (e.pointLabels.display) { var n = this, o = d; const { ctx: r, options: { pointLabels: l } } = n; for (let t = o - 1; 0 <= t; t--) { const o = l.setContext(n.getPointLabelContext(t)), g = z(o.font), { x: f, y: p, textAlign: m, left: b, top: x, right: v, bottom: _ } = n._pointLabelItems[t], y = o["backdropColor"]; if (!P(y)) { const n = Mi(o.borderRadius), P = I(o.backdropPadding), l = (r.fillStyle = y, b - P.left), M = x - P.top, w = v - b + P.width, k = _ - x + P.height; Object.values(n).some(t => 0 !== t) ? (r.beginPath(), je(r, { x: l, y: M, w: w, h: k, radius: n }), r.fill()) : r.fillRect(l, M, w, k) } He(r, n._pointLabels[t], f, p + g.lineHeight / 2, g, { color: o.color, textAlign: m, textBaseline: "middle" }) } } if (h.display && this.ticks.forEach((t, e) => { if (0 !== e) { u = this.getDistanceFromCenterForValue(t.value); t = this.getContext(e), e = h.setContext(t), t = c.setContext(t); { var i = this, s = u, a = d; const n = i.ctx, o = e.circular, { color: r, lineWidth: l } = e; !o && !a || !r || !l || s < 0 || (n.save(), n.strokeStyle = r, n.lineWidth = l, n.setLineDash(t.dash), n.lineDashOffset = t.dashOffset, n.beginPath(), Wa(i, s, o, a), n.closePath(), n.stroke(), n.restore()) } } }), i.display) { for (t.save(), s = d - 1; 0 <= s; s--) { const P = i.setContext(this.getPointLabelContext(s)), { color: h, lineWidth: c } = P; c && h && (t.lineWidth = c, t.strokeStyle = h, t.setLineDash(P.borderDash), t.lineDashOffset = P.borderDashOffset, u = this.getDistanceFromCenterForValue(e.ticks.reverse ? this.min : this.max), a = this.getPointPosition(s, u), t.beginPath(), t.moveTo(this.xCenter, this.yCenter), t.lineTo(a.x, a.y), t.stroke()) } t.restore() } } drawBorder() { } drawLabels() { const o = this.ctx, r = this.options, l = r.ticks; if (l.display) { var t = this.getIndexAngle(0); let a, n; o.save(), o.translate(this.xCenter, this.yCenter), o.rotate(t), o.textAlign = "center", o.textBaseline = "middle", this.ticks.forEach((t, e) => { if (0 !== e || r.reverse) { var i = l.setContext(this.getContext(e)), s = z(i.font); if (a = this.getDistanceFromCenterForValue(this.ticks[e].value), i.showLabelBackdrop) { o.font = s.string, n = o.measureText(t.label).width, o.fillStyle = i.backdropColor; const r = I(i.backdropPadding); o.fillRect(-n / 2 - r.left, -a - s.size / 2 - r.top, n + r.width, s.size + r.height) } He(o, t.label, 0, -a, s, { color: i.color }) } }), o.restore() } } drawTitle() { } } const ja = { millisecond: { common: !0, size: 1, steps: 1e3 }, second: { common: !0, size: 1e3, steps: 60 }, minute: { common: !0, size: 6e4, steps: 60 }, hour: { common: !0, size: 36e5, steps: 24 }, day: { common: !0, size: 864e5, steps: 30 }, week: { common: !1, size: 6048e5, steps: 4 }, month: { common: !0, size: 2628e6, steps: 12 }, quarter: { common: !1, size: 7884e6, steps: 4 }, year: { common: !0, size: 3154e7 } }, h = Object.keys(ja); function Ya(t, e) { return t - e } function $a(t, e) { if (P(e)) return null; const i = t._adapter, { parser: s, round: a, isoWeekday: n } = t._parseOpts; let o = e; return null === (o = p(o = "function" == typeof s ? s(o) : o) ? o : "string" == typeof s ? i.parse(o, s) : i.parse(o)) ? null : +(o = a ? "week" !== a || !ot(n) && !0 !== n ? i.startOf(o, a) : i.startOf(o, "isoWeek", n) : o) } function Ua(e, i, s, a) { const n = h.length; for (let t = h.indexOf(e); t < n - 1; ++t) { const e = ja[h[t]], n = e.steps || Number.MAX_SAFE_INTEGER; if (e.common && Math.ceil((s - i) / (n * e.size)) <= a) return h[t] } return h[n - 1] } function Xa(t, e, i) { var s, a; i ? i.length && ({ lo: s, hi: a } = mt(i, e), t[i[s] >= e ? i[s] : i[a]] = !0) : t[e] = !0 } function qa(i, t, s) { const a = [], n = {}, e = t.length; let o, r; for (o = 0; o < e; ++o)r = t[o], n[r] = o, a.push({ value: r, major: !1 }); if (0 !== e && s) { var l = a, h = n, c = s; const d = i._adapter, u = +d.startOf(l[0].value, c), g = l[l.length - 1].value; let t, e; for (t = u; t <= g; t = +d.add(t, 1, c))0 <= (e = h[t]) && (l[e].major = !0); return l } return a } class Ka extends Es { static id = "time"; static defaults = { bounds: "data", adapters: {}, time: { parser: !1, unit: !1, round: !1, isoWeekday: !1, minUnit: "millisecond", displayFormats: {} }, ticks: { source: "auto", callback: !1, major: { enabled: !1 } } }; constructor(t) { super(t), this._cache = { data: [], labels: [], all: [] }, this._unit = "day", this._majorUnit = void 0, this._offsets = {}, this._normalized = !1, this._parseOpts = void 0 } init(t, e = {}) { const i = t.time || (t.time = {}), s = this._adapter = new sa._date(t.adapters.date); s.init(e), $(i.displayFormats, s.formats()), this._parseOpts = { parser: i.parser, round: i.round, isoWeekday: i.isoWeekday }, super.init(t), this._normalized = e.normalized } parse(t, e) { return void 0 === t ? null : $a(this, t) } beforeLayout() { super.beforeLayout(), this._cache = { data: [], labels: [], all: [] } } determineDataLimits() { const t = this.options, e = this._adapter, i = t.time.unit || "day"; let { min: s, max: a, minDefined: n, maxDefined: o } = this.getUserBounds(); function r(t) { n || isNaN(t.min) || (s = Math.min(s, t.min)), o || isNaN(t.max) || (a = Math.max(a, t.max)) } n && o || (r(this._getLabelBounds()), "ticks" === t.bounds && "labels" === t.ticks.source || r(this.getMinMax(!1))), s = p(s) && !isNaN(s) ? s : +e.startOf(Date.now(), i), a = p(a) && !isNaN(a) ? a : +e.endOf(Date.now(), i) + 1, this.min = Math.min(s, a - 1), this.max = Math.max(s + 1, a) } _getLabelBounds() { var t = this.getLabelTimestamps(); let e = Number.POSITIVE_INFINITY, i = Number.NEGATIVE_INFINITY; return t.length && (e = t[0], i = t[t.length - 1]), { min: e, max: i } } buildTicks() { var t = this.options, e = t.time, i = t.ticks, s = "labels" === i.source ? this.getLabelTimestamps() : this._generate(); "ticks" === t.bounds && s.length && (this.min = this._userMin || s[0], this.max = this._userMax || s[s.length - 1]); const a = this.min, n = xt(s, a, this.max); return this._unit = e.unit || (i.autoSkip ? Ua(e.minUnit, this.min, this.max, this._getLabelCapacity(a)) : function (e, i, s, a, n) { for (let t = h.length - 1; t >= h.indexOf(s); t--) { const s = h[t]; if (ja[s].common && e._adapter.diff(n, a, s) >= i - 1) return s } return h[s ? h.indexOf(s) : 0] }(this, n.length, e.minUnit, this.min, this.max)), this._majorUnit = i.major.enabled && "year" !== this._unit ? function (i) { for (let t = h.indexOf(i) + 1, e = h.length; t < e; ++t)if (ja[h[t]].common) return h[t] }(this._unit) : void 0, this.initOffsets(s), t.reverse && n.reverse(), qa(this, n, this._majorUnit) } afterAutoSkip() { this.options.offsetAfterAutoskip && this.initOffsets(this.ticks.map(t => +t.value)) } initOffsets(t = []) { let e, i, s = 0, a = 0; this.options.offset && t.length && (e = this.getDecimalForValue(t[0]), s = 1 === t.length ? 1 - e : (this.getDecimalForValue(t[1]) - e) / 2, i = this.getDecimalForValue(t[t.length - 1]), a = 1 === t.length ? i : (i - this.getDecimalForValue(t[t.length - 2])) / 2); t = t.length < 3 ? .5 : .25; s = C(s, 0, t), a = C(a, 0, t), this._offsets = { start: s, end: a, factor: 1 / (s + 1 + a) } } _generate() { const t = this._adapter, e = this.min, i = this.max, s = this.options, a = s.time, n = a.unit || Ua(a.minUnit, e, i, this._getLabelCapacity(e)), o = T(s.ticks.stepSize, 1), r = "week" === n && a.isoWeekday, l = ot(r) || !0 === r, h = {}; let c, d, u = e; if (l && (u = +t.startOf(u, "isoWeek", r)), u = +t.startOf(u, l ? "day" : n), t.diff(i, e, n) > 1e5 * o) throw new Error(e + " and " + i + " are too far apart with stepSize of " + o + " " + n); var g = "data" === s.ticks.source && this.getDataTimestamps(); for (c = u, d = 0; c < i; c = +t.add(c, o, n), d++)Xa(h, c, g); return c !== i && "ticks" !== s.bounds && 1 !== d || Xa(h, c, g), Object.keys(h).sort((t, e) => t - e).map(t => +t) } getLabelForValue(t) { const e = this._adapter, i = this.options.time; return i.tooltipFormat ? e.format(t, i.tooltipFormat) : e.format(t, i.displayFormats.datetime) } _tickFormatFunction(t, e, i, s) { var a = this.options, n = a.ticks.callback; if (n) return d(n, [t, e, i], this); var n = a.time.displayFormats, a = this._unit, o = this._majorUnit, a = a && n[a], n = o && n[o], i = i[e], e = o && n && i && i.major; return this._adapter.format(t, s || (e ? n : a)) } generateTickLabels(t) { let e, i, s; for (e = 0, i = t.length; e < i; ++e)(s = t[e]).label = this._tickFormatFunction(s.value, e, t) } getDecimalForValue(t) { return null === t ? NaN : (t - this.min) / (this.max - this.min) } getPixelForValue(t) { var e = this._offsets, t = this.getDecimalForValue(t); return this.getPixelForDecimal((e.start + t) * e.factor) } getValueForPixel(t) { var e = this._offsets, t = this.getDecimalForPixel(t) / e.factor - e.end; return this.min + t * (this.max - this.min) } _getLabelSize(t) { var e = this.options.ticks, t = this.ctx.measureText(t).width, e = L(this.isHorizontal() ? e.maxRotation : e.minRotation), i = Math.cos(e), e = Math.sin(e), s = this._resolveTickFontOptions(0).size; return { w: t * i + s * e, h: t * e + s * i } } _getLabelCapacity(t) { var e = this.options.time, i = e.displayFormats, e = i[e.unit] || i.millisecond, i = this._tickFormatFunction(t, 0, qa(this, [t], this._majorUnit), e), t = this._getLabelSize(i), e = Math.floor(this.isHorizontal() ? this.width / t.w : this.height / t.h) - 1; return 0 < e ? e : 1 } getDataTimestamps() { let t, e, i = this._cache.data || []; if (i.length) return i; const s = this.getMatchingVisibleMetas(); if (this._normalized && s.length) return this._cache.data = s[0].controller.getAllParsedValues(this); for (t = 0, e = s.length; t < e; ++t)i = i.concat(s[t].controller.getAllParsedValues(this)); return this._cache.data = this.normalize(i) } getLabelTimestamps() { const t = this._cache.labels || []; let e, i; if (t.length) return t; var s = this.getLabels(); for (e = 0, i = s.length; e < i; ++e)t.push($a(this, s[e])); return this._cache.labels = this._normalized ? t : this.normalize(t) } normalize(t) { return Mt(t.sort(Ya)) } } function Ga(t, e, i) { let s, a, n, o, r = 0, l = t.length - 1; i ? (e >= t[r].pos && e <= t[l].pos && ({ lo: r, hi: l } = b(t, "pos", e)), { pos: s, time: n } = t[r], { pos: a, time: o } = t[l]) : (e >= t[r].time && e <= t[l].time && ({ lo: r, hi: l } = b(t, "time", e)), { time: s, pos: n } = t[r], { time: a, pos: o } = t[l]); i = a - s; return i ? n + (o - n) * (e - s) / i : n } var Za = Object.freeze({ __proto__: null, CategoryScale: class extends Es { static id = "category"; static defaults = { ticks: { callback: Oa } }; constructor(t) { super(t), this._startValue = void 0, this._valueRange = 0, this._addedLabels = [] } init(t) { var e = this._addedLabels; if (e.length) { const t = this.getLabels(); for (var { index: i, label: s } of e) t[i] === s && t.splice(i, 1); this._addedLabels = [] } super.init(t) } parse(t, e) { if (P(t)) return null; var i, s, a, n, o, r, l = this.getLabels(); return a = e = isFinite(e) && l[e] === t ? e : (i = l, s = T(e, t = t), a = this._addedLabels, -1 === (r = i.indexOf(t)) ? (o = s, a = a, "string" == typeof (n = t) ? (o = i.push(n) - 1, a.unshift({ index: o, label: n })) : isNaN(n) && (o = null), o) : r !== i.lastIndexOf(t) ? s : r), n = l.length - 1, null === a ? null : C(Math.round(a), 0, n) } determineDataLimits() { var { minDefined: t, maxDefined: e } = this.getUserBounds(); let { min: i, max: s } = this.getMinMax(!0); "ticks" === this.options.bounds && (t || (i = 0), e || (s = this.getLabels().length - 1)), this.min = i, this.max = s } buildTicks() { const e = this.min, i = this.max, t = this.options.offset, s = []; let a = this.getLabels(); a = 0 === e && i === a.length - 1 ? a : a.slice(e, i + 1), this._valueRange = Math.max(a.length - (t ? 0 : 1), 1), this._startValue = this.min - (t ? .5 : 0); for (let t = e; t <= i; t++)s.push({ value: t }); return s } getLabelForValue(t) { return Oa.call(this, t) } configure() { super.configure(), this.isHorizontal() || (this._reversePixels = !this._reversePixels) } getPixelForValue(t) { return null === (t = "number" != typeof t ? this.parse(t) : t) ? NaN : this.getPixelForDecimal((t - this._startValue) / this._valueRange) } getPixelForTick(t) { var e = this.ticks; return t < 0 || t > e.length - 1 ? null : this.getPixelForValue(e[t].value) } getValueForPixel(t) { return Math.round(this._startValue + this.getDecimalForPixel(t) * this._valueRange) } getBasePixel() { return this.bottom } }, LinearScale: La, LogarithmicScale: Fa, RadialLinearScale: Ha, TimeScale: Ka, TimeSeriesScale: class extends Ka { static id = "timeseries"; static defaults = Ka.defaults; constructor(t) { super(t), this._table = [], this._minPos = void 0, this._tableRange = void 0 } initOffsets() { var t = this._getTimestampsForTable(), e = this._table = this.buildLookupTable(t); this._minPos = Ga(e, this.min), this._tableRange = Ga(e, this.max) - this._minPos, super.initOffsets(t) } buildLookupTable(t) { const { min: e, max: i } = this, s = [], a = []; let n, o, r, l, h; for (n = 0, o = t.length; n < o; ++n)(l = t[n]) >= e && l <= i && s.push(l); if (s.length < 2) return [{ time: e, pos: 0 }, { time: i, pos: 1 }]; for (n = 0, o = s.length; n < o; ++n)h = s[n + 1], r = s[n - 1], l = s[n], Math.round((h + r) / 2) !== l && a.push({ time: l, pos: n / (o - 1) }); return a } _getTimestampsForTable() { let t = this._cache.all || []; if (t.length) return t; const e = this.getDataTimestamps(), i = this.getLabelTimestamps(); return t = e.length && i.length ? this.normalize(e.concat(i)) : e.length ? e : i, t = this._cache.all = t } getDecimalForValue(t) { return (Ga(this._table, t) - this._minPos) / this._tableRange } getValueForPixel(t) { var e = this._offsets, t = this.getDecimalForPixel(t) / e.factor - e.end; return Ga(this._table, t * this._tableRange + this._minPos, !0) } } }); const Ja = ["rgb(54, 162, 235)", "rgb(255, 99, 132)", "rgb(255, 159, 64)", "rgb(255, 205, 86)", "rgb(75, 192, 192)", "rgb(153, 102, 255)", "rgb(201, 203, 207)"], Qa = Ja.map(t => t.replace("rgb(", "rgba(").replace(")", ", 0.5)")); function tn(t) { return Ja[t % Ja.length] } function en(t) { return Qa[t % Qa.length] } function sn(n) { let o = 0; return (t, e) => { var i, s, a, e = n.getDatasetMeta(e).controller; e instanceof ha ? o = (s = t, a = o, s.backgroundColor = s.data.map(() => tn(a++)), a) : e instanceof ca ? o = (s = t, i = o, s.backgroundColor = s.data.map(() => en(i++)), i) : e && (o = (e = t, t = o, e.borderColor = tn(t), e.backgroundColor = en(t), ++t)) } } function an(t) { let e; for (e in t) if (t[e].borderColor || t[e].backgroundColor) return 1 } var nn = { id: "colors", defaults: { enabled: !0, forceOverride: !1 }, beforeLayout(t, e, i) { if (i.enabled) { const { options: { elements: s }, data: { datasets: a } } = t.config; !i.forceOverride && (an(a) || s && an(s)) || (i = sn(t), a.forEach(i)) } } }; function on(t) { var e; t._decimated && (e = t._data, delete t._decimated, delete t._data, Object.defineProperty(t, "data", { value: e })) } function rn(t) { t.data.datasets.forEach(t => { on(t) }) } var ln = { id: "decimation", defaults: { algorithm: "min-max", enabled: !1 }, beforeElementsUpdate: (r, t, M) => { if (M.enabled) { const l = r.width; r.data.datasets.forEach((e, t) => { var { _data: i, indexAxis: s } = e, h = r.getDatasetMeta(t), a = i || e.data; if ("y" !== wi([s, r.options.indexAxis]) && h.controller.supportsDecimation) { t = r.scales[h.xAxisID]; if (("linear" === t.type || "time" === t.type) && !r.options.parsing) { var { start: n, count: o } = function (t) { var e = t.length; let i, s = 0; const a = h["iScale"], { min: n, max: o, minDefined: r, maxDefined: l } = a.getUserBounds(); return r && (s = C(b(t, a.axis, n).lo, 0, e - 1)), i = l ? C(b(t, a.axis, o).hi + 1, s, e) - s : e - s, { start: s, count: i } }(a); if (o <= (M.threshold || 4 * l)) on(e); else { let t; switch (P(i) && (e._data = a, delete e.data, Object.defineProperty(e, "data", { configurable: !0, enumerable: !0, get: function () { return this._decimated }, set: function (t) { this._data = t } })), M.algorithm) { case "lttb": t = function (s, a, n, t) { var e = M.samples || t; if (n <= e) return s.slice(a, a + n); const o = [], r = (n - 2) / (e - 2); let l = 0; const h = a + n - 1; let c, d, u, g, f, p = a; for (o[l++] = s[p], c = 0; c < e - 2; c++) { let t, e = 0, i = 0; const h = Math.floor((c + 1) * r) + 1 + a, _ = Math.min(Math.floor((c + 2) * r) + 1, n) + a, y = _ - h; for (t = h; t < _; t++)e += s[t].x, i += s[t].y; e /= y, i /= y; var m = Math.floor(c * r) + 1 + a, b = Math.min(Math.floor((c + 1) * r) + 1, n) + a, { x, y: v } = s[p]; for (u = -1, t = m; t < b; t++)(g = .5 * Math.abs((x - e) * (s[t].y - v) - (x - s[t].x) * (i - v))) > u && (u = g, d = s[t], f = t); o[l++] = d, p = f } return o[l++] = s[h], o }(a, n, o, l); break; case "min-max": t = function (t, e, i, s) { let a, n, o, r, l, h, c, d, u, g, f = 0, p = 0; const m = [], b = e + i - 1, x = t[e].x, v = t[b].x - x; for (a = e; a < e + i; ++a) { o = ((n = t[a]).x - x) / v * s, r = n.y; const e = 0 | o; if (e === l) r < u ? (u = r, h = a) : r > g && (g = r, c = a), f = (p * f + n.x) / ++p; else { const i = a - 1; if (!P(h) && !P(c)) { const e = Math.min(h, c), P = Math.max(h, c); e !== d && e !== i && m.push({ ...t[e], x: f }), P !== d && P !== i && m.push({ ...t[P], x: f }) } 0 < a && i !== d && m.push(t[i]), m.push(n), l = e, p = 0, u = g = r, h = c = d = a } } return m }(a, n, o, l); break; default: throw new Error(`Unsupported decimation algorithm '${M.algorithm}'`) }e._decimated = t } } } }) } else rn(r) }, destroy(t) { rn(t) } }; function hn(i, s, a, t) { if (!t) { let t = s[i], e = a[i]; return "angle" === i && (t = v(t), e = v(e)), { property: i, start: t, end: e } } } function cn(t, e, i) { for (; t < e; e--) { const t = i[e]; if (!isNaN(t.x) && !isNaN(t.y)) break } return e } function dn(t, e, i, s) { return t && e ? s(t[i], e[i]) : t ? t[i] : e ? e[i] : 0 } function un(e, t) { let i = [], s = !1; return (i = O(e) ? (s = !0, e) : function (t) { const { x: i = null, y: s = null } = e || {}, a = t.points, n = []; return t.segments.forEach(({ start: t, end: e }) => { e = cn(t, e, a); t = a[t], e = a[e]; null !== s ? (n.push({ x: t.x, y: s }), n.push({ x: e.x, y: s })) : null !== i && (n.push({ x: i, y: t.y }), n.push({ x: i, y: e.y })) }), n }(t)).length ? new ya({ points: i, options: { tension: 0 }, _loop: s, _fullLoop: s }) : null } function gn(t) { return t && !1 !== t.fill } function fn(e, i, s) { const a = []; for (let t = 0; t < s.length; t++) { var { first: n, last: o, point: r } = function (t, e, i) { const s = t.interpolate(e, i); if (!s) return {}; var a = s[i], n = t.segments, o = t.points; let r = !1, l = !1; for (let t = 0; t < n.length; t++) { const e = n[t], s = o[e.start][i], h = o[e.end][i]; if (c(a, s, h)) { r = a === s, l = a === h; break } } return { first: r, last: l, point: s } }(s[t], i, "x"); if (!(!r || n && o)) if (n) a.unshift(r); else if (e.push(r), !o) break } e.push(...a) } class pn { constructor(t) { this.x = t.x, this.y = t.y, this.radius = t.radius } pathSegment(t, e, i) { var { x: s, y: a, radius: n } = this; return e = e || { start: 0, end: _ }, t.arc(s, a, n, e.end, e.start, !0), !i.bounds } interpolate(t) { var { x: e, y: i, radius: s } = this, t = t.angle; return { x: e + Math.cos(t) * s, y: i + Math.sin(t) * s, angle: t } } } function mn(t) { var e, i, { chart: s, fill: a, line: n } = t; if (p(a)) return e = a, (i = (s = s).getDatasetMeta(e)) && s.isDatasetVisible(e) ? i.dataset : null; if ("stack" === a) { const { scale: o, index: r, line: l } = t, h = [], c = l.segments, d = l.points, u = function (t, e) { const i = [], s = t.getMatchingVisibleMetas("line"); for (let t = 0; t < s.length; t++) { var a = s[t]; if (a.index === e) break; a.hidden || i.unshift(a.dataset) } return i }(o, r); u.push(un({ x: null, y: o.bottom }, l)); for (let t = 0; t < c.length; t++) { const o = c[t]; for (let t = o.start; t <= o.end; t++)fn(h, d[t], u) } return new ya({ points: h, options: {} }) } if ("shape" === a) return !0; s = function (t) { if ((t.scale || {}).getPointPositionForValue) { var e, i = t; const { scale: a, fill: n } = i, o = a.options, r = a.getLabels().length, l = o.reverse ? a.max : a.min, h = (i = n, e = a, "start" === i ? l : "end" === i ? e.options.reverse ? e.min : e.max : A(i) ? i.value : e.getBaseValue()), c = []; if (o.grid.circular) { const i = a.getPointPositionForValue(0, l); return new pn({ x: i.x, y: i.y, radius: a.getDistanceFromCenterForValue(h) }) } for (let t = 0; t < r; ++t)c.push(a.getPointPositionForValue(t, h)); return c } { var s = t; const { scale: d = {}, fill: u } = s, g = function (t, e) { let i = null; return "start" === t ? i = e.bottom : "end" === t ? i = e.top : A(t) ? i = e.getPixelForValue(t.value) : e.getBasePixel && (i = e.getBasePixel()), i }(u, d); if (p(g)) { const s = d.isHorizontal(); return { x: s ? g : null, y: s ? null : g } } return null } }(t); return s instanceof pn ? s : un(s, n) } function bn(t, e, i) { var s, a = mn(e), { line: e, scale: n, axis: o } = e, r = e.options, l = r.fill, r = r.backgroundColor, { above: l = r, below: r = r } = l || {}; a && e.points.length && (Ve(t, i), s = t, { line: a, target: l, above: r, below: i, area: n, scale: o } = e = { line: e, target: a, above: l, below: r, area: i, scale: n, axis: o }, e = a._loop ? "angle" : e.axis, s.save(), "x" === e && i !== r && (xn(s, l, n.top), vn(s, { line: a, target: l, color: r, scale: o, property: e }), s.restore(), s.save(), xn(s, l, n.bottom)), vn(s, { line: a, target: l, color: i, scale: o, property: e }), s.restore(), Be(t)) } function xn(t, e, i) { const { segments: s, points: a } = e; let n = !0, o = !1; t.beginPath(); for (const r of s) { const { start: s, end: l } = r, h = a[s], c = a[cn(s, l, a)]; n ? (t.moveTo(h.x, h.y), n = !1) : (t.lineTo(h.x, i), t.lineTo(h.x, h.y)), (o = !!e.pathSegment(t, r, { move: o })) ? t.closePath() : t.lineTo(c.x, i) } t.lineTo(e.first().x, i), t.closePath(), t.clip() } function vn(e, i) { const { line: s, target: a, property: n, color: o, scale: r } = i, l = function (t, e, i) { const s = t.segments, a = t.points, n = e.points, o = []; for (const t of s) { var { start: r, end: l } = t, l = cn(r, l, a), h = hn(i, a[r], a[l], t.loop); if (e.segments) { var c = Li(e, h); for (const e of c) { const s = hn(i, n[e.start], n[e.end], e.loop), d = Ti(t, a, s); for (const t of d) o.push({ source: t, target: e, start: { [i]: dn(h, s, "start", Math.max) }, end: { [i]: dn(h, s, "end", Math.min) } }) } } else o.push({ source: t, target: h, start: a[r], end: a[l] }) } return o }(s, a, n); for (const { source: i, target: p, start: m, end: b } of l) { const { style: { backgroundColor: l = o } = {} } = i, x = !0 !== a; e.save(), e.fillStyle = l, f = g = d = u = c = d = c = h = void 0; var h = e, c = r, d = x && hn(n, m, b), { top: c, bottom: u } = c.chart.chartArea, { property: d, start: g, end: f } = d || {}, d = ("x" === d && (h.beginPath(), h.rect(g, c, f - g, u - c), h.clip()), e.beginPath(), !!s.pathSegment(e, i)); let t; if (x) { d ? e.closePath() : _n(e, a, b, n); const i = !!a.pathSegment(e, p, { move: d, reverse: !0 }); (t = d && i) || _n(e, a, m, n) } e.closePath(), e.fill(t ? "evenodd" : "nonzero"), e.restore() } } function _n(t, e, i, s) { e = e.interpolate(i, s); e && t.lineTo(e.x, e.y) } var yn = { id: "filler", afterDatasetsUpdate(t, e, i) { const s = (t.data.datasets || []).length, a = []; let n, o, r, l; for (o = 0; o < s; ++o)r = (n = t.getDatasetMeta(o)).dataset, l = null, r && r.options && r instanceof ya && (l = { visible: t.isDatasetVisible(o), index: o, fill: function (s, t, e) { var i = function () { var t = s.options, e = t.fill; let i = T(e && e.target, e); return !1 !== (i = void 0 === i ? !!t.backgroundColor : i) && null !== i && (!0 === i ? "origin" : i) }(); if (A(i)) return !isNaN(i.value) && i; var a, n = parseFloat(i); return p(n) && Math.floor(n) === n ? (a = i[0], n = n, !((n = "-" !== a && "+" !== a ? n : t + n) === t || n < 0 || e <= n) && n) : 0 <= ["origin", "start", "end", "stack", "shape"].indexOf(i) && i }(r, o, s), chart: t, axis: n.controller.options.indexAxis, scale: n.vScale, line: r }), n.$filler = l, a.push(l); for (o = 0; o < s; ++o)(l = a[o]) && !1 !== l.fill && (l.fill = function (t, e, i) { let s = t[e].fill; const a = [e]; var n; if (!i) return s; for (; !1 !== s && -1 === a.indexOf(s);) { if (!p(s)) return s; if (!(n = t[s])) return !1; if (n.visible) return s; a.push(s), s = n.fill } return !1 }(a, o, i.propagate)) }, beforeDraw(e, t, i) { var s = "beforeDraw" === i.drawTime, a = e.getSortedVisibleDatasetMetas(), n = e.chartArea; for (let t = a.length - 1; 0 <= t; --t) { const i = a[t].$filler; i && (i.line.updateControlPoints(n, i.axis), s && i.fill && bn(e.ctx, i, n)) } }, beforeDatasetsDraw(e, t, i) { if ("beforeDatasetsDraw" === i.drawTime) { var s = e.getSortedVisibleDatasetMetas(); for (let t = s.length - 1; 0 <= t; --t) { const i = s[t].$filler; gn(i) && bn(e.ctx, i, e.chartArea) } } }, beforeDatasetDraw(t, e, i) { e = e.meta.$filler; gn(e) && "beforeDatasetDraw" === i.drawTime && bn(t.ctx, e, t.chartArea) }, defaults: { propagate: !0, drawTime: "beforeDatasetDraw" } }; const Mn = (t, e) => { let { boxHeight: i = e, boxWidth: s = e } = t; return t.usePointStyle && (i = Math.min(i, e), s = t.pointStyleWidth || Math.min(s, e)), { boxWidth: s, boxHeight: i, itemHeight: Math.max(e, i) } }; class wn extends e { constructor(t) { super(), this._added = !1, this.legendHitBoxes = [], this._hoveredItem = null, this.doughnutMode = !1, this.chart = t.chart, this.options = t.options, this.ctx = t.ctx, this.legendItems = void 0, this.columnSizes = void 0, this.lineWidths = void 0, this.maxHeight = void 0, this.maxWidth = void 0, this.top = void 0, this.bottom = void 0, this.left = void 0, this.right = void 0, this.height = void 0, this.width = void 0, this._margins = void 0, this.position = void 0, this.weight = void 0, this.fullSize = void 0 } update(t, e, i) { this.maxWidth = t, this.maxHeight = e, this._margins = i, this.setDimensions(), this.buildLabels(), this.fit() } setDimensions() { this.isHorizontal() ? (this.width = this.maxWidth, this.left = this._margins.left, this.right = this.width) : (this.height = this.maxHeight, this.top = this._margins.top, this.bottom = this.height) } buildLabels() { const i = this.options.labels || {}; let t = d(i.generateLabels, [this.chart], this) || []; i.filter && (t = t.filter(t => i.filter(t, this.chart.data))), i.sort && (t = t.sort((t, e) => i.sort(t, e, this.chart.data))), this.options.reverse && t.reverse(), this.legendItems = t } fit() { const { options: i, ctx: s } = this; if (i.display) { var a = i.labels, n = z(a.font), o = n.size, r = this._computeTitleHeight(), { boxWidth: a, itemHeight: l } = Mn(a, o); let t, e; s.font = n.string, this.isHorizontal() ? (t = this.maxWidth, e = this._fitRows(r, o, a, l) + 10) : (e = this.maxHeight, t = this._fitCols(r, n, a, l) + 10), this.width = Math.min(t, i.maxWidth || this.maxWidth), this.height = Math.min(e, i.maxHeight || this.maxHeight) } else this.width = this.height = 0 } _fitRows(t, i, s, a) { const { ctx: n, maxWidth: o, options: { labels: { padding: r } } } = this, l = this.legendHitBoxes = [], h = this.lineWidths = [0], c = a + r; let d = t, u = (n.textAlign = "left", n.textBaseline = "middle", -1), g = -c; return this.legendItems.forEach((t, e) => { t = s + i / 2 + n.measureText(t.text).width; (0 === e || h[h.length - 1] + t + 2 * r > o) && (d += c, h[h.length - (0 < e ? 0 : 1)] = 0, g += c, u++), l[e] = { left: 0, top: g, row: u, width: t, height: a }, h[h.length - 1] += t + r }), d } _fitCols(t, r, l, h) { const { ctx: c, maxHeight: e, options: { labels: { padding: d } } } = this, u = this.legendHitBoxes = [], g = this.columnSizes = [], f = e - t; let p = d, m = 0, b = 0, x = 0, v = 0; return this.legendItems.forEach((t, e) => { o = l, i = r, s = c, a = t, n = h; var i, s, a, n, { itemWidth: t, itemHeight: o } = { itemWidth: function (t, e, i) { let s = a.text; return s && "string" != typeof s && (s = s.reduce((t, e) => t.length > e.length ? t : e)), t + e.size / 2 + i.measureText(s).width }(o, i, s), itemHeight: function (t) { let e = n; return e = "string" != typeof a.text ? kn(a, t) : e }(i.lineHeight) }; 0 < e && b + o + 2 * d > f && (p += m + d, g.push({ width: m, height: b }), x += m + d, v++, m = b = 0), u[e] = { left: x, top: b, col: v, width: t, height: o }, m = Math.max(m, t), b += o + d }), p += m, g.push({ width: m, height: b }), p } adjustHitBoxes() { if (this.options.display) { const i = this._computeTitleHeight(), { legendHitBoxes: s, options: { align: a, labels: { padding: n }, rtl: t } } = this, o = Pi(t, this.left, this.width); if (this.isHorizontal()) { let t = 0, e = E(a, this.left + n, this.right - this.lineWidths[t]); for (const r of s) t !== r.row && (t = r.row, e = E(a, this.left + n, this.right - this.lineWidths[t])), r.top += this.top + i + n, r.left = o.leftForLtr(o.x(e), r.width), e += r.width + n } else { let t = 0, e = E(a, this.top + i + n, this.bottom - this.columnSizes[t].height); for (const l of s) l.col !== t && (t = l.col, e = E(a, this.top + i + n, this.bottom - this.columnSizes[t].height)), l.top = e, l.left += this.left + n, l.left = o.leftForLtr(o.x(l.left), l.width), e += l.height + n } } } isHorizontal() { return "top" === this.options.position || "bottom" === this.options.position } draw() { var t; this.options.display && (Ve(t = this.ctx, this), this._draw(), Be(t)) } _draw() { const { options: h, columnSizes: c, lineWidths: d, ctx: u } = this, { align: g, labels: f } = h, p = R.color, m = Pi(h.rtl, this.left, this.width), b = z(f.font), x = f["padding"], v = b.size, _ = v / 2; let y; this.drawTitle(), u.textAlign = m.textAlign("left"), u.textBaseline = "middle", u.lineWidth = .5, u.font = b.string; const { boxWidth: M, boxHeight: w, itemHeight: k } = Mn(f, v), S = this.isHorizontal(), P = this._computeTitleHeight(), D = (y = S ? { x: E(g, this.left + x, this.right - d[0]), y: this.top + x + P, line: 0 } : { x: this.left + x, y: E(g, this.top + P + x, this.bottom - c[0].height), line: 0 }, Di(this.ctx, h.textDirection), k + x); this.legendItems.forEach((t, e) => { u.strokeStyle = t.fontColor, u.fillStyle = t.fontColor; var i = u.measureText(t.text).width, s = m.textAlign(t.textAlign || (t.textAlign = f.textAlign)), i = M + _ + i; let a = y.x, n = y.y; m.setWidth(this.width), S ? 0 < e && a + i + x > this.right && (n = y.y += D, y.line++, a = y.x = E(g, this.left + x, this.right - d[y.line])) : 0 < e && n + D > this.bottom && (a = y.x = a + c[y.line].width + x, y.line++, n = y.y = E(g, this.top + P + x, this.bottom - c[y.line].height)); var e = m.x(a), o = n, r = t; if (!(isNaN(M) || M <= 0 || isNaN(w) || w < 0)) { u.save(); var l = T(r.lineWidth, 1); if (u.fillStyle = T(r.fillStyle, p), u.lineCap = T(r.lineCap, "butt"), u.lineDashOffset = T(r.lineDashOffset, 0), u.lineJoin = T(r.lineJoin, "miter"), u.lineWidth = l, u.strokeStyle = T(r.strokeStyle, p), u.setLineDash(T(r.lineDash, [])), f.usePointStyle) { const p = { radius: w * Math.SQRT2 / 2, pointStyle: r.pointStyle, rotation: r.rotation, borderWidth: l }, T = m.xPlus(e, M / 2); ze(u, p, T, o + _, f.pointStyleWidth && M) } else { const f = o + Math.max((v - w) / 2, 0), p = m.leftForLtr(e, M), T = Mi(r.borderRadius); u.beginPath(), Object.values(T).some(t => 0 !== t) ? je(u, { x: p, y: f, w: M, h: w, radius: T }) : u.rect(p, f, M, w), u.fill(), 0 !== l && u.stroke() } u.restore() } if (a = Dt(s, a + M + _, S ? a + i : this.right, h.rtl), o = m.x(a), e = n, r = t, He(u, r.text, o, e + k / 2, b, { strikethrough: r.hidden, textAlign: m.textAlign(r.textAlign) }), S) y.x += i + x; else if ("string" != typeof t.text) { const h = b.lineHeight; y.y += kn(t, h) } else y.y += D }), Ci(this.ctx, h.textDirection) } drawTitle() { const s = this.options, a = s.title, n = z(a.font), o = I(a.padding); if (a.display) { const l = Pi(s.rtl, this.left, this.width), h = this.ctx, c = a.position, d = n.size / 2, u = o.top + d; let t, e = this.left, i = this.width; if (this.isHorizontal()) i = Math.max(...this.lineWidths), t = this.top + u, e = E(s.align, e, this.right - i); else { const a = this.columnSizes.reduce((t, e) => Math.max(t, e.height), 0); t = u + E(s.align, this.top, this.bottom - a - s.labels.padding - this._computeTitleHeight()) } var r = E(c, e, e + i); h.textAlign = l.textAlign(Pt(c)), h.textBaseline = "middle", h.strokeStyle = a.color, h.fillStyle = a.color, h.font = n.string, He(h, a.text, r, t, n) } } _computeTitleHeight() { var t = this.options.title, e = z(t.font), i = I(t.padding); return t.display ? e.lineHeight + i.height : 0 } _getLegendItemAt(t, e) { let i, s, a; if (c(t, this.left, this.right) && c(e, this.top, this.bottom)) for (a = this.legendHitBoxes, i = 0; i < a.length; ++i)if (c(t, (s = a[i]).left, s.left + s.width) && c(e, s.top, s.top + s.height)) return this.legendItems[i]; return null } handleEvent(t) { var e, i, s, a = this.options; ("mousemove" !== (e = t.type) && "mouseout" !== e || !a.onHover && !a.onLeave) && (!a.onClick || "click" !== e && "mouseup" !== e) || (e = this._getLegendItemAt(t.x, t.y), "mousemove" === t.type || "mouseout" === t.type ? (s = null !== (i = this._hoveredItem) && null !== e && i.datasetIndex === e.datasetIndex && i.index === e.index, i && !s && d(a.onLeave, [t, i, this], this), (this._hoveredItem = e) && !s && d(a.onHover, [t, e, this], this)) : e && d(a.onClick, [t, e, this], this)) } } function kn(t, e) { return e * (t.text ? t.text.length + .5 : 0) } var Sn = { id: "legend", _element: wn, start(t, e, i) { var s = t.legend = new wn({ ctx: t.ctx, options: i, chart: t }); a.configure(t, s, i), a.addBox(t, s) }, stop(t) { a.removeBox(t, t.legend), delete t.legend }, beforeUpdate(t, e, i) { const s = t.legend; a.configure(t, s, i), s.options = i }, afterUpdate(t) { const e = t.legend; e.buildLabels(), e.adjustHitBoxes() }, afterEvent(t, e) { e.replay || t.legend.handleEvent(e.event) }, defaults: { display: !0, position: "top", align: "center", fullSize: !0, reverse: !1, weight: 1e3, onClick(t, e, i) { const s = e.datasetIndex, a = i.chart; a.isDatasetVisible(s) ? (a.hide(s), e.hidden = !0) : (a.show(s), e.hidden = !1) }, onHover: null, onLeave: null, labels: { color: t => t.chart.options.color, boxWidth: 40, padding: 10, generateLabels(t) { const s = t.data.datasets, { usePointStyle: a, pointStyle: n, textAlign: o, color: r, useBorderRadius: l, borderRadius: h } = t.legend.options["labels"]; return t._getSortedDatasetMetas().map(t => { var e = t.controller.getStyle(a ? 0 : void 0), i = I(e.borderWidth); return { text: s[t.index].label, fillStyle: e.backgroundColor, fontColor: r, hidden: !t.visible, lineCap: e.borderCapStyle, lineDash: e.borderDash, lineDashOffset: e.borderDashOffset, lineJoin: e.borderJoinStyle, lineWidth: (i.width + i.height) / 4, strokeStyle: e.borderColor, pointStyle: n || e.pointStyle, rotation: e.rotation, textAlign: o || e.textAlign, borderRadius: l && (h || e.borderRadius), datasetIndex: t.index } }, this) } }, title: { color: t => t.chart.options.color, display: !1, position: "center", text: "" } }, descriptors: { _scriptable: t => !t.startsWith("on"), labels: { _scriptable: t => !["generateLabels", "filter", "sort"].includes(t) } } }; class Pn extends e { constructor(t) { super(), this.chart = t.chart, this.options = t.options, this.ctx = t.ctx, this._padding = void 0, this.top = void 0, this.bottom = void 0, this.left = void 0, this.right = void 0, this.width = void 0, this.height = void 0, this.position = void 0, this.weight = void 0, this.fullSize = void 0 } update(t, e) { var i = this.options; this.left = 0, this.top = 0, i.display ? (this.width = this.right = t, this.height = this.bottom = e, t = O(i.text) ? i.text.length : 1, this._padding = I(i.padding), e = t * z(i.font).lineHeight + this._padding.height, this.isHorizontal() ? this.height = e : this.width = e) : this.width = this.height = this.right = this.bottom = 0 } isHorizontal() { var t = this.options.position; return "top" === t || "bottom" === t } _drawArgs(t) { var { top: e, left: i, bottom: s, right: a, options: n } = this, o = n.align; let r, l, h, c = 0; return r = this.isHorizontal() ? (l = E(o, i, a), h = e + t, a - i) : (c = "left" === n.position ? (l = i + t, h = E(o, s, e), -.5 * S) : (l = a - t, h = E(o, e, s), .5 * S), s - e), { titleX: l, titleY: h, maxWidth: r, rotation: c } } draw() { var t, e, i, s, a, n = this.ctx, o = this.options; o.display && (e = (t = z(o.font)).lineHeight / 2 + this._padding.top, { titleX: e, titleY: i, maxWidth: s, rotation: a } = this._drawArgs(e), He(n, o.text, 0, 0, t, { color: o.color, maxWidth: s, rotation: a, textAlign: Pt(o.align), textBaseline: "middle", translation: [e, i] })) } } var Dn = { id: "title", _element: Pn, start(t, e, i) { var s; t = t, i = i, s = new Pn({ ctx: t.ctx, options: i, chart: t }), a.configure(t, s, i), a.addBox(t, s), t.titleBlock = s }, stop(t) { var e = t.titleBlock; a.removeBox(t, e), delete t.titleBlock }, beforeUpdate(t, e, i) { const s = t.titleBlock; a.configure(t, s, i), s.options = i }, defaults: { align: "center", display: !1, font: { weight: "bold" }, fullSize: !0, padding: 10, position: "top", text: "", weight: 2e3 }, defaultRoutes: { color: "color" }, descriptors: { _scriptable: !0, _indexable: !1 } }; const Cn = new WeakMap; var On = { id: "subtitle", start(t, e, i) { var s = new Pn({ ctx: t.ctx, options: i, chart: t }); a.configure(t, s, i), a.addBox(t, s), Cn.set(t, s) }, stop(t) { a.removeBox(t, Cn.get(t)), Cn.delete(t) }, beforeUpdate(t, e, i) { const s = Cn.get(t); a.configure(t, s, i), s.options = i }, defaults: { align: "center", display: !1, font: { weight: "normal" }, fullSize: !0, padding: 0, position: "top", text: "", weight: 1500 }, defaultRoutes: { color: "color" }, descriptors: { _scriptable: !0, _indexable: !1 } }; const An = { average(t) { if (!t.length) return !1; let e, i, s = 0, a = 0, n = 0; for (e = 0, i = t.length; e < i; ++e) { const i = t[e].element; if (i && i.hasValue()) { const t = i.tooltipPosition(); s += t.x, a += t.y, ++n } } return { x: s / n, y: a / n } }, nearest(t, e) { if (!t.length) return !1; let i, s, a, n = e.x, o = e.y, r = Number.POSITIVE_INFINITY; for (i = 0, s = t.length; i < s; ++i) { const s = t[i].element; if (s && s.hasValue()) { const t = ut(e, s.getCenterPoint()); t < r && (r = t, a = s) } } if (a) { const t = a.tooltipPosition(); n = t.x, o = t.y } return { x: n, y: o } } }; function M(t, e) { return e && (O(e) ? Array.prototype.push.apply(t, e) : t.push(e)), t } function Tn(t) { return ("string" == typeof t || t instanceof String) && -1 < t.indexOf("\n") ? t.split("\n") : t } function Ln(t, e) { const i = t.chart.ctx, { body: s, footer: a, title: n } = t, { boxWidth: o, boxHeight: r } = e, l = z(e.bodyFont), h = z(e.titleFont), c = z(e.footerFont), d = n.length, u = a.length, g = s.length, f = I(e.padding); let p = f.height, m = 0, b = s.reduce((t, e) => t + e.before.length + e.lines.length + e.after.length, 0), x = (b += t.beforeBody.length + t.afterBody.length, d && (p += d * h.lineHeight + (d - 1) * e.titleSpacing + e.titleMarginBottom), b && (p += g * (e.displayColors ? Math.max(r, l.lineHeight) : l.lineHeight) + (b - g) * l.lineHeight + (b - 1) * e.bodySpacing), u && (p += e.footerMarginTop + u * c.lineHeight + (u - 1) * e.footerSpacing), 0); function v(t) { m = Math.max(m, i.measureText(t).width + x) } return i.save(), i.font = h.string, w(t.title, v), i.font = l.string, w(t.beforeBody.concat(t.afterBody), v), x = e.displayColors ? o + 2 + e.boxPadding : 0, w(s, t => { w(t.before, v), w(t.lines, v), w(t.after, v) }), x = 0, i.font = c.string, w(t.footer, v), i.restore(), { width: m += f.width, height: p } } function En(i, t, s) { var e = s.yAlign || t.yAlign || function () { var { y: t, height: e } = s; return t < e / 2 ? "top" : t > i.height - e / 2 ? "bottom" : "center" }(); return { xAlign: s.xAlign || t.xAlign || function (a, n, o, t) { var { x: e, width: i } = o, { width: s, chartArea: { left: r, right: l } } = a; let h = "center"; return "center" === t ? h = e <= (r + l) / 2 ? "left" : "right" : e <= i / 2 ? h = "left" : s - i / 2 <= e && (h = "right"), h = function (t) { var { x: e, width: i } = o, s = n.caretSize + n.caretPadding; return "left" === t && e + i + s > a.width || "right" === t && e - i - s < 0 }(h) ? "center" : h }(i, t, s, e), yAlign: e } } function Rn(t, i, e, s) { var { caretSize: t, caretPadding: a, cornerRadius: n } = t, { xAlign: o, yAlign: r } = e, l = t + a, { topLeft: e, topRight: a, bottomLeft: n, bottomRight: h } = Mi(n); let c = function () { let { x: t, width: e } = i; return "right" === o ? t -= e : "center" === o && (t -= e / 2), t }(); var d = function () { let { y: t, height: e } = i; return "top" === r ? t += l : t -= "bottom" === r ? e + l : e / 2, t }(); return "center" === r ? "left" === o ? c += l : "right" === o && (c -= l) : "left" === o ? c -= Math.max(e, n) + t : "right" === o && (c += Math.max(a, h) + t), { x: C(c, 0, s.width - i.width), y: C(d, 0, s.height - i.height) } } function In(t, e, i) { i = I(i.padding); return "center" === e ? t.x + t.width / 2 : "right" === e ? t.x + t.width - i.right : t.x + i.left } function zn(t) { return M([], Tn(t)) } function Fn(t, e) { e = e && e.dataset && e.dataset.tooltip && e.dataset.tooltip.callbacks; return e ? t.override(e) : t } const Vn = { beforeTitle: t, title(t) { if (0 < t.length) { var t = t[0], e = t.chart.data.labels, i = e ? e.length : 0; if (this && this.options && "dataset" === this.options.mode) return t.dataset.label || ""; if (t.label) return t.label; if (0 < i && t.dataIndex < i) return e[t.dataIndex] } return "" }, afterTitle: t, beforeBody: t, beforeLabel: t, label(t) { if (this && this.options && "dataset" === this.options.mode) return t.label + ": " + t.formattedValue || t.formattedValue; let e = t.dataset.label || ""; e && (e += ": "); t = t.formattedValue; return P(t) || (e += t), e }, labelColor(t) { t = t.chart.getDatasetMeta(t.datasetIndex).controller.getStyle(t.dataIndex); return { borderColor: t.borderColor, backgroundColor: t.backgroundColor, borderWidth: t.borderWidth, borderDash: t.borderDash, borderDashOffset: t.borderDashOffset, borderRadius: 0 } }, labelTextColor() { return this.options.bodyColor }, labelPointStyle(t) { t = t.chart.getDatasetMeta(t.datasetIndex).controller.getStyle(t.dataIndex); return { pointStyle: t.pointStyle, rotation: t.rotation } }, afterLabel: t, afterBody: t, beforeFooter: t, footer: t, afterFooter: t }; function k(t, e, i, s) { t = t[e].call(i, s); return void 0 === t ? Vn[e].call(i, s) : t } class Bn extends e { static positioners = An; constructor(t) { super(), this.opacity = 0, this._active = [], this._eventPosition = void 0, this._size = void 0, this._cachedAnimations = void 0, this._tooltipItems = [], this.$animations = void 0, this.$context = void 0, this.chart = t.chart, this.options = t.options, this.dataPoints = void 0, this.title = void 0, this.beforeBody = void 0, this.body = void 0, this.afterBody = void 0, this.footer = void 0, this.xAlign = void 0, this.yAlign = void 0, this.x = void 0, this.y = void 0, this.height = void 0, this.width = void 0, this.caretX = void 0, this.caretY = void 0, this.labelColors = void 0, this.labelPointStyles = void 0, this.labelTextColors = void 0 } initialize(t) { this.options = t, this._cachedAnimations = void 0, this.$context = void 0 } _resolveAnimations() { var t = this._cachedAnimations; if (t) return t; var t = this.chart, e = this.options.setContext(this.getContext()), t = e.enabled && t.options.animation && e.animations, e = new ms(this.chart, t); return t._cacheable && (this._cachedAnimations = Object.freeze(e)), e } getContext() { return this.$context || (this.$context = (t = this.chart.getContext(), Si(t, { tooltip: this, tooltipItems: this._tooltipItems, type: "tooltip" }))); var t } getTitle(t, e) { var e = e["callbacks"], i = k(e, "beforeTitle", this, t), s = k(e, "title", this, t), e = k(e, "afterTitle", this, t), t = M([], Tn(i)); return t = M(t, Tn(s)), M(t, Tn(e)) } getBeforeBody(t, e) { return zn(k(e.callbacks, "beforeBody", this, t)) } getBody(t, e) { const s = e["callbacks"], a = []; return w(t, t => { var e = { before: [], lines: [], after: [] }, i = Fn(s, t); M(e.before, Tn(k(i, "beforeLabel", this, t))), M(e.lines, k(i, "label", this, t)), M(e.after, Tn(k(i, "afterLabel", this, t))), a.push(e) }), a } getAfterBody(t, e) { return zn(k(e.callbacks, "afterBody", this, t)) } getFooter(t, e) { var e = e["callbacks"], i = k(e, "beforeFooter", this, t), s = k(e, "footer", this, t), e = k(e, "afterFooter", this, t), t = M([], Tn(i)); return t = M(t, Tn(s)), M(t, Tn(e)) } _createItems(s) { const t = this._active, a = this.chart.data, i = [], n = [], o = []; let e, r, l = []; for (e = 0, r = t.length; e < r; ++e)l.push(function (t, e) { const { element: i, datasetIndex: s, index: a } = e, n = t.getDatasetMeta(s).controller, { label: o, value: r } = n.getLabelAndValue(a); return { chart: t, label: o, parsed: n.getParsed(a), raw: t.data.datasets[s].data[a], formattedValue: r, dataset: n.getDataset(), dataIndex: a, datasetIndex: s, element: i } }(this.chart, t[e])); return s.filter && (l = l.filter((t, e, i) => s.filter(t, e, i, a))), w(l = s.itemSort ? l.sort((t, e) => s.itemSort(t, e, a)) : l, t => { var e = Fn(s.callbacks, t); i.push(k(e, "labelColor", this, t)), n.push(k(e, "labelPointStyle", this, t)), o.push(k(e, "labelTextColor", this, t)) }), this.labelColors = i, this.labelPointStyles = n, this.labelTextColors = o, this.dataPoints = l } update(t, e) { const i = this.options.setContext(this.getContext()), s = this._active; let a, n = []; if (s.length) { const t = An[i.position].call(this, s, this._eventPosition), e = (n = this._createItems(i), this.title = this.getTitle(n, i), this.beforeBody = this.getBeforeBody(n, i), this.body = this.getBody(n, i), this.afterBody = this.getAfterBody(n, i), this.footer = this.getFooter(n, i), this._size = Ln(this, i)), o = Object.assign({}, t, e), r = En(this.chart, i, o), l = Rn(i, o, r, this.chart); this.xAlign = r.xAlign, this.yAlign = r.yAlign, a = { opacity: 1, x: l.x, y: l.y, width: e.width, height: e.height, caretX: t.x, caretY: t.y } } else 0 !== this.opacity && (a = { opacity: 0 }); this._tooltipItems = n, this.$context = void 0, a && this._resolveAnimations().update(this, a), t && i.external && i.external.call(this, { chart: this.chart, tooltip: this, replay: e }) } drawCaret(t, e, i, s) { t = this.getCaretPosition(t, i, s); e.lineTo(t.x1, t.y1), e.lineTo(t.x2, t.y2), e.lineTo(t.x3, t.y3) } getCaretPosition(t, e, i) { var { xAlign: s, yAlign: a } = this, { caretSize: i, cornerRadius: n } = i, { topLeft: n, topRight: o, bottomLeft: r, bottomRight: l } = Mi(n), { x: t, y: h } = t, { width: e, height: c } = e; let d, u, g, f, p, m; return "center" === a ? (p = h + c / 2, m = "left" === s ? (d = t, u = d - i, f = p + i, p - i) : (d = t + e, u = d + i, f = p - i, p + i), g = d) : (u = "left" === s ? t + Math.max(n, r) + i : "right" === s ? t + e - Math.max(o, l) - i : this.caretX, g = "top" === a ? (f = h, p = f - i, d = u - i, u + i) : (f = h + c, p = f + i, d = u + i, u - i), m = f), { x1: d, x2: u, x3: g, y1: f, y2: p, y3: m } } drawTitle(t, e, i) { var s = this.title, a = s.length; let n, o, r; if (a) { const l = Pi(i.rtl, this.x, this.width); for (t.x = In(this, i.titleAlign, i), e.textAlign = l.textAlign(i.titleAlign), e.textBaseline = "middle", n = z(i.titleFont), o = i.titleSpacing, e.fillStyle = i.titleColor, e.font = n.string, r = 0; r < a; ++r)e.fillText(s[r], l.x(t.x), t.y + n.lineHeight / 2), t.y += n.lineHeight + o, r + 1 === a && (t.y += i.titleMarginBottom - o) } } _drawColorBox(t, e, i, s, a) { const n = this.labelColors[i], o = this.labelPointStyles[i], { boxHeight: r, boxWidth: l, boxPadding: h } = a, c = z(a.bodyFont), d = In(this, "left", a), u = s.x(d), g = r < c.lineHeight ? (c.lineHeight - r) / 2 : 0, f = e.y + g; if (a.usePointStyle) { const e = { radius: Math.min(l, r) / 2, pointStyle: o.pointStyle, rotation: o.rotation, borderWidth: 1 }, i = s.leftForLtr(u, l) + l / 2, A = f + r / 2; t.strokeStyle = a.multiKeyBackground, t.fillStyle = a.multiKeyBackground, Ie(t, e, i, A), t.strokeStyle = n.borderColor, t.fillStyle = n.backgroundColor, Ie(t, e, i, A) } else { t.lineWidth = A(n.borderWidth) ? Math.max(...Object.values(n.borderWidth)) : n.borderWidth || 1, t.strokeStyle = n.borderColor, t.setLineDash(n.borderDash || []), t.lineDashOffset = n.borderDashOffset || 0; const e = s.leftForLtr(u, l - h), i = s.leftForLtr(s.xPlus(u, 1), l - h - 2), o = Mi(n.borderRadius); Object.values(o).some(t => 0 !== t) ? (t.beginPath(), t.fillStyle = a.multiKeyBackground, je(t, { x: e, y: f, w: l, h: r, radius: o }), t.fill(), t.stroke(), t.fillStyle = n.backgroundColor, t.beginPath(), je(t, { x: i, y: f + 1, w: l - 2, h: r - 2, radius: o }), t.fill()) : (t.fillStyle = a.multiKeyBackground, t.fillRect(e, f, l, r), t.strokeRect(e, f, l, r), t.fillStyle = n.backgroundColor, t.fillRect(i, f + 1, l - 2, r - 2)) } t.fillStyle = this.labelTextColors[i] } drawBody(e, i, t) { const s = this["body"], { bodySpacing: a, bodyAlign: n, displayColors: o, boxHeight: r, boxWidth: l, boxPadding: h } = t, c = z(t.bodyFont); let d = c.lineHeight, u = 0; function g(t) { i.fillText(t, f.x(e.x + u), e.y + d / 2), e.y += d + a } const f = Pi(t.rtl, this.x, this.width), p = f.textAlign(n); let m, b, x, v, _, y, M; for (i.textAlign = n, i.textBaseline = "middle", i.font = c.string, e.x = In(this, p, t), i.fillStyle = t.bodyColor, w(this.beforeBody, g), u = o && "right" !== p ? "center" === n ? l / 2 + h : l + 2 + h : 0, v = 0, y = s.length; v < y; ++v) { for (m = s[v], b = this.labelTextColors[v], i.fillStyle = b, w(m.before, g), x = m.lines, o && x.length && (this._drawColorBox(i, e, v, f, t), d = Math.max(c.lineHeight, r)), _ = 0, M = x.length; _ < M; ++_)g(x[_]), d = c.lineHeight; w(m.after, g) } u = 0, d = c.lineHeight, w(this.afterBody, g), e.y -= a } drawFooter(t, e, i) { var s = this.footer, a = s.length; let n, o; if (a) { const r = Pi(i.rtl, this.x, this.width); for (t.x = In(this, i.footerAlign, i), t.y += i.footerMarginTop, e.textAlign = r.textAlign(i.footerAlign), e.textBaseline = "middle", n = z(i.footerFont), e.fillStyle = i.footerColor, e.font = n.string, o = 0; o < a; ++o)e.fillText(s[o], r.x(t.x), t.y + n.lineHeight / 2), t.y += n.lineHeight + i.footerSpacing } } drawBackground(t, e, i, s) { var { xAlign: a, yAlign: n } = this, { x: o, y: r } = t, { width: l, height: h } = i, { topLeft: c, topRight: d, bottomLeft: u, bottomRight: g } = Mi(s.cornerRadius); e.fillStyle = s.backgroundColor, e.strokeStyle = s.borderColor, e.lineWidth = s.borderWidth, e.beginPath(), e.moveTo(o + c, r), "top" === n && this.drawCaret(t, e, i, s), e.lineTo(o + l - d, r), e.quadraticCurveTo(o + l, r, o + l, r + d), "center" === n && "right" === a && this.drawCaret(t, e, i, s), e.lineTo(o + l, r + h - g), e.quadraticCurveTo(o + l, r + h, o + l - g, r + h), "bottom" === n && this.drawCaret(t, e, i, s), e.lineTo(o + u, r + h), e.quadraticCurveTo(o, r + h, o, r + h - u), "center" === n && "left" === a && this.drawCaret(t, e, i, s), e.lineTo(o, r + c), e.quadraticCurveTo(o, r, o + c, r), e.closePath(), e.fill(), 0 < s.borderWidth && e.stroke() } _updateAnimationTarget(t) { const e = this.chart, i = this.$animations, s = i && i.x, a = i && i.y; if (s || a) { const i = An[t.position].call(this, this._active, this._eventPosition); var n, o; i && (n = this._size = Ln(this, t), o = Rn(t, o = Object.assign({}, i, this._size), t = En(e, t, o), e), s._to === o.x && a._to === o.y || (this.xAlign = t.xAlign, this.yAlign = t.yAlign, this.width = n.width, this.height = n.height, this.caretX = i.x, this.caretY = i.y, this._resolveAnimations().update(this, o))) } } _willRender() { return !!this.opacity } draw(t) { var e = this.options.setContext(this.getContext()); let i = this.opacity; if (i) { this._updateAnimationTarget(e); const n = { width: this.width, height: this.height }, o = { x: this.x, y: this.y }; i = Math.abs(i) < .001 ? 0 : i; var s = I(e.padding), a = this.title.length || this.beforeBody.length || this.body.length || this.afterBody.length || this.footer.length; e.enabled && a && (t.save(), t.globalAlpha = i, this.drawBackground(o, t, n, e), Di(t, e.textDirection), o.y += s.top, this.drawTitle(o, t, e), this.drawBody(o, t, e), this.drawFooter(o, t, e), Ci(t, e.textDirection), t.restore()) } } getActiveElements() { return this._active || [] } setActiveElements(t, e) { var i = this._active, t = t.map(({ datasetIndex: t, index: e }) => { var i = this.chart.getDatasetMeta(t); if (i) return { datasetIndex: t, element: i.data[e], index: e }; throw new Error("Cannot find a dataset at index " + t) }), i = !N(i, t), s = this._positionChanged(t, e); (i || s) && (this._active = t, this._eventPosition = e, this._ignoreReplayEvents = !0, this.update(!0)) } handleEvent(t, e, i = !0) { if (e && this._ignoreReplayEvents) return !1; this._ignoreReplayEvents = !1; var s = this.options, a = this._active || [], i = this._getActiveElements(t, a, e, i), n = this._positionChanged(i, t), a = e || !N(i, a) || n; return a && (this._active = i, (s.enabled || s.external) && (this._eventPosition = { x: t.x, y: t.y }, this.update(!0, e))), a } _getActiveElements(t, e, i, s) { var a = this.options; if ("mouseout" === t.type) return []; if (!s) return e; const n = this.chart.getElementsAtEventForMode(t, a.mode, a, i); return a.reverse && n.reverse(), n } _positionChanged(t, e) { var { caretX: i, caretY: s, options: a } = this, a = An[a.position].call(this, t, e); return !1 !== a && (i !== a.x || s !== a.y) } } var Nn = { id: "tooltip", _element: Bn, positioners: An, afterInit(t, e, i) { i && (t.tooltip = new Bn({ chart: t, options: i })) }, beforeUpdate(t, e, i) { t.tooltip && t.tooltip.initialize(i) }, reset(t, e, i) { t.tooltip && t.tooltip.initialize(i) }, afterDraw(t) { const e = t.tooltip; var i; e && e._willRender() && (!(i = { tooltip: e }) !== t.notifyPlugins("beforeTooltipDraw", { ...i, cancelable: !0 }) && (e.draw(t.ctx), t.notifyPlugins("afterTooltipDraw", i))) }, afterEvent(t, e) { var i; t.tooltip && (i = e.replay, t.tooltip.handleEvent(e.event, i, e.inChartArea) && (e.changed = !0)) }, defaults: { enabled: !0, external: null, position: "average", backgroundColor: "rgba(0,0,0,0.8)", titleColor: "#fff", titleFont: { weight: "bold" }, titleSpacing: 2, titleMarginBottom: 6, titleAlign: "left", bodyColor: "#fff", bodySpacing: 2, bodyFont: {}, bodyAlign: "left", footerColor: "#fff", footerSpacing: 2, footerMarginTop: 6, footerFont: { weight: "bold" }, footerAlign: "left", padding: 6, caretPadding: 2, caretSize: 5, cornerRadius: 6, boxHeight: (t, e) => e.bodyFont.size, boxWidth: (t, e) => e.bodyFont.size, multiKeyBackground: "#fff", displayColors: !0, boxPadding: 0, borderColor: "rgba(0,0,0,0)", borderWidth: 0, animation: { duration: 400, easing: "easeOutQuart" }, animations: { numbers: { type: "number", properties: ["x", "y", "width", "height", "caretX", "caretY"] }, opacity: { easing: "linear", duration: 200 } }, callbacks: Vn }, defaultRoutes: { bodyFont: "font", footerFont: "font", titleFont: "font" }, descriptors: { _scriptable: t => "filter" !== t && "itemSort" !== t && "external" !== t, _indexable: !1, callbacks: { _scriptable: !1, _indexable: !1 }, animation: { _fallback: !1 }, animations: { _fallback: "animation" } }, additionalOptionScopes: ["interaction"] }; return i.register(da, Za, Ca, s), i.helpers = { ...zi }, i._adapters = sa, i.Animation = ps, i.Animations = ms, i.animator = l, i.controllers = x.controllers.items, i.DatasetController = Ds, i.Element = e, i.elements = Ca, i.Interaction = Wi, i.layouts = a, i.platforms = Ce, i.Scale = Es, i.Ticks = ue, Object.assign(i, da, Za, Ca, s, Ce), i.Chart = i, "undefined" != typeof window && (window.Chart = i), i }); \ No newline at end of file diff --git a/app/webroot/js/action_table.js b/app/webroot/js/action_table.js index 2bd54af97..103e36f4d 100644 --- a/app/webroot/js/action_table.js +++ b/app/webroot/js/action_table.js @@ -162,7 +162,7 @@ class ActionTable { tr.id = "tr_" + this.__uuidv4(); for (var col of row) { var td = document.createElement('td'); - td.innerHTML = col; + td.textContent = col; tr.appendChild(td); } this.__add_action_button(tr); diff --git a/app/webroot/js/attack_matrix.js b/app/webroot/js/attack_matrix.js index 1f3068360..f66b35554 100644 --- a/app/webroot/js/attack_matrix.js +++ b/app/webroot/js/attack_matrix.js @@ -1,13 +1,11 @@ (function () { - var clusterNameToIdMapping = new Map(); - var typeaheadDataMatrixSearch; var pickedGalaxies = []; var chosen_options = { width: '100%', }; - $(document).ready(function() { + $(function() { $('#attack-matrix-tabscontroller span').off('click.tab').on('click.tab', function (e) { $(this).tab('show'); @@ -36,11 +34,11 @@ var tagId = $(this).attr('data-cluster-id'); // trigger contextual menu var target = event.target.getBoundingClientRect(); - var parentDom = document.getElementById('matrix_container').getBoundingClientRect(); + //var parentDom = document.getElementById('matrix_container').getBoundingClientRect(); var x = target.width/2 - 30; var y = target.height/2 - 14; matrixContextualMenu(event.target, x, y, tagName, tagId, [ - 'Tag event', + 'Attach cluster to event', 'Filter event', 'Pick cell' ]); @@ -58,7 +56,7 @@ var scoredCells = $('.statistics_attack_matrix .heatCell').filter(function() { return $(this).attr('data-score') > 0; }); - $('.statistics_attack_matrix .matrix-interaction').off('click.interaction').on('click.interaction', function(event) { + $('.statistics_attack_matrix .matrix-interaction').off('click.interaction').on('click.interaction', function() { var clusterId = $(this).attr('data-cluster-id'); window.location = baseurl + '/galaxy_clusters/view/' + clusterId; }); @@ -107,10 +105,10 @@ function toggleAttackMatrixCells(jfilterOrig) { // get active tab var activeTableId = $('#attack-matrix-tabscontroller > li.active > span').attr('href'); - jfilter = jfilterOrig === undefined ? activeTableId : jfilterOrig+' '+activeTableId; + var jfilter = jfilterOrig === undefined ? activeTableId : jfilterOrig+' '+activeTableId; var visibilityVal, displayVal; - if($(jfilterOrig+' #checkbox_attackMatrix_showAll').prop('checked')) { + if ($(jfilterOrig+' #checkbox_attackMatrix_showAll').prop('checked')) { visibilityVal = 'visible'; displayVal = 'table-cell'; displayVal = ''; @@ -174,7 +172,6 @@ function matrixContextualMenu(cell, x, y, tagName, tagId, func_name) { // get menu if already created - var should_append = false; var div = document.getElementById('matrixContextualMenu'); if (div !== null) { div.remove(); @@ -193,9 +190,9 @@ span.addClass('icon-matrix-contextual-menu'); span.attr('title', func_name[i]); switch(func_name[i]) { - case 'Tag event': + case 'Attach cluster to event': span.addClass('fa fa-tag'); - span.click(function(evt) { + span.click(function() { if(confirm('Are you sure you want to attach ' + tagName + ' to this event?')) { makeTagging([tagId]); } @@ -204,7 +201,7 @@ break; case 'Filter event': span.addClass('fa fa-filter'); - span.click(function(evt) { + span.click(function() { filterEvent(tagName, tagId); div.remove(); }); @@ -215,14 +212,14 @@ } else { span.addClass('fa fa-check'); } - span.click(function(evt) { + span.click(function() { pickCell($(cell), tagId); div.remove(); }); break; default: span.addClass('fa fa-filter'); - span.click(function(evt) { + span.click(function() { filterEvent(tagName, tagId); div.remove(); }); @@ -231,13 +228,13 @@ div.append(span); } // register onClick on matrixTable to dismiss the menu - $('.matrix-table > tbody > tr > td ').off('click.dismissCM').one('click.dismissCM', function(e) { + $('.matrix-table > tbody > tr > td').off('click.dismissCM').one('click.dismissCM', function() { if (!$(this).hasClass('heatCell')) { div.remove(); } }); // register onLeave on the cell to dismiss the menu - $(cell).off('mouseleave.dismissCM').one('mouseleave.dismissCM', function(e) { + $(cell).off('mouseleave.dismissCM').one('mouseleave.dismissCM', function() { div.remove(); }); } diff --git a/app/webroot/js/cal-heatmap.js b/app/webroot/js/cal-heatmap.js index 0ce105e7b..96ffcc948 100644 --- a/app/webroot/js/cal-heatmap.js +++ b/app/webroot/js/cal-heatmap.js @@ -1114,7 +1114,7 @@ CalHeatMap.prototype = { } if (d3.select(options.itemSelector)[0][0] === null) { - throw new Error("The node '" + options.itemSelector + "' specified in itemSelector does not exists"); + throw new Error("The node '" + options.itemSelector + "' specified in itemSelector does not exist"); } try { diff --git a/app/webroot/js/chartjs-adapter-moment.min.js b/app/webroot/js/chartjs-adapter-moment.min.js new file mode 100644 index 000000000..985a16527 --- /dev/null +++ b/app/webroot/js/chartjs-adapter-moment.min.js @@ -0,0 +1,7 @@ +/*! + * chartjs-adapter-moment v1.0.1 + * https://www.chartjs.org + * (c) 2022 chartjs-adapter-moment Contributors + * Released under the MIT license + */ +!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(require("moment"),require("chart.js")):"function"==typeof define&&define.amd?define(["moment","chart.js"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).moment,e.Chart)}(this,(function(e,t){"use strict";function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var f=n(e);const a={datetime:"MMM D, YYYY, h:mm:ss a",millisecond:"h:mm:ss.SSS a",second:"h:mm:ss a",minute:"h:mm a",hour:"hA",day:"MMM D",week:"ll",month:"MMM YYYY",quarter:"[Q]Q - YYYY",year:"YYYY"};t._adapters._date.override("function"==typeof f.default?{_id:"moment",formats:function(){return a},parse:function(e,t){return"string"==typeof e&&"string"==typeof t?e=f.default(e,t):e instanceof f.default||(e=f.default(e)),e.isValid()?e.valueOf():null},format:function(e,t){return f.default(e).format(t)},add:function(e,t,n){return f.default(e).add(t,n).valueOf()},diff:function(e,t,n){return f.default(e).diff(f.default(t),n)},startOf:function(e,t,n){return e=f.default(e),"isoWeek"===t?(n=Math.trunc(Math.min(Math.max(0,n),6)),e.isoWeekday(n).startOf("day").valueOf()):e.startOf(t).valueOf()},endOf:function(e,t){return f.default(e).endOf(t).valueOf()}}:{})})); diff --git a/app/webroot/js/d3.custom.js b/app/webroot/js/d3.custom.js index b7785755d..9ee2c4199 100644 --- a/app/webroot/js/d3.custom.js +++ b/app/webroot/js/d3.custom.js @@ -1,4 +1,9 @@ function sparkline(elemId, data) { + if (typeof data === "undefined") { + data = document.querySelector(elemId).dataset.csv; + data = data.replaceAll("\\n", "\n"); + } + data = d3.csv.parse(data); var width = 100; var height = 25; diff --git a/app/webroot/js/drawflow.js b/app/webroot/js/drawflow.js new file mode 100644 index 000000000..91fdb362f --- /dev/null +++ b/app/webroot/js/drawflow.js @@ -0,0 +1,2224 @@ +class Drawflow { + constructor(container, render = null, parent = null) { + this.events = {}; + this.container = container; + this.precanvas = null; + this.nodeId = 1; + this.ele_selected = null; + this.node_selected = null; + this.framenode_selected = null; + this.drag = false; + this.reroute = false; + this.reroute_fix_curvature = false; + this.curvature = 0.5; + this.reroute_curvature_start_end = 0.5; + this.reroute_curvature = 0.5; + this.reroute_width = 6; + this.drag_point = false; + this.editor_selected = false; + this.connection = false; + this.connection_ele = null; + this.connection_selected = null; + this.canvas_x = 0; + this.canvas_y = 0; + this.pos_x = 0; + this.pos_x_start = 0; + this.pos_y = 0; + this.pos_y_start = 0; + this.mouse_x = 0; + this.mouse_y = 0; + this.line_path = 5; + this.first_click = null; + this.force_first_input = false; + this.draggable_inputs = true; + this.useuuid = false; + this.parent = parent; + this.frame_to_nodes_registry = {}; + this.nodes_to_frames_registry = {}; + + this.noderegister = {}; + this.render = render; + this.drawflow = { "drawflow": { "Home": { "data": { "_frames": {} } } } }; + // Configurable options + this.module = 'Home'; + this.editor_mode = 'edit'; + this.zoom = 1; + this.zoom_max = 1.6; + this.zoom_min = 0.5; + this.zoom_value = 0.1; + this.zoom_last_value = 1; + this.frameNodePadding = { "top": 100, "left": 30, "right": 30, "bottom": 20 } + + // Mobile + this.evCache = new Array(); + this.prevDiff = -1; + } + + start() { + // console.info("Start Drawflow!!"); + this.container.classList.add("parent-drawflow"); + this.container.tabIndex = 0; + this.precanvas = document.createElement('div'); + this.precanvas.classList.add("drawflow"); + this.container.appendChild(this.precanvas); + + /* Mouse and Touch Actions */ + this.container.addEventListener('mouseup', this.dragEnd.bind(this)); + this.container.addEventListener('mousemove', this.position.bind(this)); + this.container.addEventListener('mousedown', this.click.bind(this)); + + this.container.addEventListener('touchend', this.dragEnd.bind(this)); + this.container.addEventListener('touchmove', this.position.bind(this)); + this.container.addEventListener('touchstart', this.click.bind(this)); + + /* Context Menu */ + this.container.addEventListener('contextmenu', this.contextmenu.bind(this)); + /* Delete */ + this.container.addEventListener('keydown', this.key.bind(this)); + + /* Zoom Mouse */ + this.container.addEventListener('wheel', this.zoom_enter.bind(this)); + /* Update data Nodes */ + this.container.addEventListener('input', this.updateNodeValue.bind(this)); + + this.container.addEventListener('dblclick', this.dblclick.bind(this)); + /* Mobile zoom */ + this.container.onpointerdown = this.pointerdown_handler.bind(this); + this.container.onpointermove = this.pointermove_handler.bind(this); + this.container.onpointerup = this.pointerup_handler.bind(this); + this.container.onpointercancel = this.pointerup_handler.bind(this); + this.container.onpointerout = this.pointerup_handler.bind(this); + this.container.onpointerleave = this.pointerup_handler.bind(this); + + this.load(); + } + + /* Mobile zoom */ + pointerdown_handler(ev) { + this.evCache.push(ev); + } + + pointermove_handler(ev) { + for (var i = 0; i < this.evCache.length; i++) { + if (ev.pointerId == this.evCache[i].pointerId) { + this.evCache[i] = ev; + break; + } + } + + if (this.evCache.length == 2) { + // Calculate the distance between the two pointers + var curDiff = Math.abs(this.evCache[0].clientX - this.evCache[1].clientX); + + if (this.prevDiff > 100) { + if (curDiff > this.prevDiff) { + // The distance between the two pointers has increased + + this.zoom_in(); + } + if (curDiff < this.prevDiff) { + // The distance between the two pointers has decreased + this.zoom_out(); + } + } + this.prevDiff = curDiff; + } + } + + pointerup_handler(ev) { + this.remove_event(ev); + if (this.evCache.length < 2) { + this.prevDiff = -1; + } + } + remove_event(ev) { + // Remove this event from the target's cache + for (var i = 0; i < this.evCache.length; i++) { + if (this.evCache[i].pointerId == ev.pointerId) { + this.evCache.splice(i, 1); + break; + } + } + } + /* End Mobile Zoom */ + load() { + for (var key in this.drawflow.drawflow[this.module].data) { + if (!key.startsWith('_')) { + this.addNodeImport(this.drawflow.drawflow[this.module].data[key], this.precanvas); + } + } + + if (this.reroute) { + for (var key in this.drawflow.drawflow[this.module].data) { + this.addRerouteImport(this.drawflow.drawflow[this.module].data[key]); + } + } + + for (var key in this.drawflow.drawflow[this.module].data) { + this.updateConnectionNodes('node-' + key); + } + + const editor = this.drawflow.drawflow; + let number = 1; + Object.keys(editor).map(function (moduleName, index) { + Object.keys(editor[moduleName].data).map(function (id, index2) { + if (parseInt(id) >= number) { + number = parseInt(id) + 1; + } + }); + }); + this.nodeId = number; + } + + removeReouteConnectionSelected() { + this.dispatch('connectionUnselected', true); + if (this.reroute_fix_curvature) { + this.connection_selected.parentElement.querySelectorAll(".main-path").forEach((item, i) => { + item.classList.remove("selected"); + }); + } + } + + click(e) { + this.dispatch('click', e); + if (this.editor_mode === 'fixed') { + //return false; + e.preventDefault(); + if (e.target.classList[0] === 'parent-drawflow' || e.target.classList[0] === 'drawflow') { + this.ele_selected = e.target.closest(".parent-drawflow"); + } else { + return false; + } + } else if (this.editor_mode === 'view') { + if (e.target.closest(".drawflow") != null || e.target.matches('.parent-drawflow')) { + this.ele_selected = e.target.closest(".parent-drawflow"); + e.preventDefault(); + } + } else { + this.first_click = e.target; + this.ele_selected = e.target; + if (e.button === 0) { + this.contextmenuDel(); + } + + if (e.target.closest(".drawflow_content_node") != null) { + this.ele_selected = e.target.closest(".drawflow_content_node").parentElement; + } + } + switch (this.ele_selected.classList[0]) { + case 'drawflow-node': + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + if (this.node_selected != this.ele_selected) { + this.dispatch('nodeUnselected', true); + } + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + if (this.node_selected != this.ele_selected) { + this.dispatch('nodeSelected', this.ele_selected.id.slice(5)); + } + this.node_selected = this.ele_selected; + this.node_selected.classList.add("selected"); + if (!this.draggable_inputs) { + if (e.target.tagName !== 'INPUT' && e.target.tagName !== 'TEXTAREA' && e.target.tagName !== 'SELECT' && e.target.hasAttribute('contenteditable') !== true) { + this.drag = true; + } + } else { + if (e.target.tagName !== 'SELECT') { + this.drag = true; + } + } + break; + case 'output': + this.connection = true; + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + this.node_selected = null; + this.dispatch('nodeUnselected', true); + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + this.drawConnection(e.target); + break; + case 'drawflow-framenode': + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + this.node_selected = null + this.dispatch('nodeUnselected', true); + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + this.framenode_selected = this.ele_selected; + this.framenode_selected.classList.add("selected"); + break; + case 'parent-drawflow': + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + this.node_selected = null; + this.dispatch('nodeUnselected', true); + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + this.editor_selected = true; + break; + case 'drawflow': + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + this.node_selected = null; + this.dispatch('nodeUnselected', true); + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + this.editor_selected = true; + break; + case 'main-path': + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + this.node_selected = null; + this.dispatch('nodeUnselected', true); + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + this.connection_selected = this.ele_selected; + this.connection_selected.classList.add("selected"); + const listclassConnection = this.connection_selected.parentElement.classList; + if (listclassConnection.length > 1) { + this.dispatch('connectionSelected', { output_id: listclassConnection[2].slice(14), input_id: listclassConnection[1].slice(13), output_class: listclassConnection[3], input_class: listclassConnection[4] }); + if (this.reroute_fix_curvature) { + this.connection_selected.parentElement.querySelectorAll(".main-path").forEach((item, i) => { + item.classList.add("selected"); + }); + } + } + break; + case 'point': + this.drag_point = true; + this.ele_selected.classList.add("selected"); + break; + case 'drawflow-delete': + if (this.node_selected) { + this.removeNodeId(this.node_selected.id); + } + + if (this.connection_selected) { + this.removeConnection(); + } + + if (this.framenode_selected) { + this.removeFrameNodeId(this.framenode_selected.id); + } + + if (this.node_selected != null) { + this.node_selected.classList.remove("selected"); + this.node_selected = null; + this.dispatch('nodeUnselected', true); + } + if (this.connection_selected != null) { + this.connection_selected.classList.remove("selected"); + this.removeReouteConnectionSelected(); + this.connection_selected = null; + } + if (this.framenode_selected != null) { + this.framenode_selected.classList.remove("selected"); + this.framenode_selected = null + } + + break; + default: + } + if (e.type === "touchstart") { + this.pos_x = e.touches[0].clientX; + this.pos_x_start = e.touches[0].clientX; + this.pos_y = e.touches[0].clientY; + this.pos_y_start = e.touches[0].clientY; + this.mouse_x = e.touches[0].clientX; + this.mouse_y = e.touches[0].clientY; + } else { + this.pos_x = e.clientX; + this.pos_x_start = e.clientX; + this.pos_y = e.clientY; + this.pos_y_start = e.clientY; + } + if (['input', 'output', 'main-path'].includes(this.ele_selected.classList[0])) { + e.preventDefault(); + } + this.dispatch('clickEnd', e); + } + + position(e) { + if (e.type === "touchmove") { + var e_pos_x = e.touches[0].clientX; + var e_pos_y = e.touches[0].clientY; + } else { + var e_pos_x = e.clientX; + var e_pos_y = e.clientY; + } + + + if (this.connection) { + this.updateConnection(e_pos_x, e_pos_y); + } + if (this.editor_selected) { + x = this.canvas_x + (-(this.pos_x - e_pos_x)) + y = this.canvas_y + (-(this.pos_y - e_pos_y)) + this.dispatch('translate', { x: x, y: y }); + this.precanvas.style.transform = "translate(" + x + "px, " + y + "px) scale(" + this.zoom + ")"; + } + if (this.drag) { + e.preventDefault(); + var x = (this.pos_x - e_pos_x) * this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom); + var y = (this.pos_y - e_pos_y) * this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom); + this.pos_x = e_pos_x; + this.pos_y = e_pos_y; + + this.ele_selected.style.top = (this.ele_selected.offsetTop - y) + "px"; + this.ele_selected.style.left = (this.ele_selected.offsetLeft - x) + "px"; + + this.drawflow.drawflow[this.module].data[this.ele_selected.id.slice(5)].pos_x = (this.ele_selected.offsetLeft - x); + this.drawflow.drawflow[this.module].data[this.ele_selected.id.slice(5)].pos_y = (this.ele_selected.offsetTop - y); + + this.updateConnectionNodes(this.ele_selected.id) + } + + if (this.drag_point) { + + var x = (this.pos_x - e_pos_x) * this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom); + var y = (this.pos_y - e_pos_y) * this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom); + this.pos_x = e_pos_x; + this.pos_y = e_pos_y; + + var pos_x = this.pos_x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom)) - (this.precanvas.getBoundingClientRect().x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom))); + var pos_y = this.pos_y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom)) - (this.precanvas.getBoundingClientRect().y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom))); + + this.ele_selected.setAttributeNS(null, 'cx', pos_x); + this.ele_selected.setAttributeNS(null, 'cy', pos_y); + + const nodeUpdate = this.ele_selected.parentElement.classList[2].slice(9); + const nodeUpdateIn = this.ele_selected.parentElement.classList[1].slice(13); + const output_class = this.ele_selected.parentElement.classList[3]; + const input_class = this.ele_selected.parentElement.classList[4]; + + let numberPointPosition = Array.from(this.ele_selected.parentElement.children).indexOf(this.ele_selected) - 1; + + if (this.reroute_fix_curvature) { + const numberMainPath = this.ele_selected.parentElement.querySelectorAll(".main-path").length - 1; + numberPointPosition -= numberMainPath; + if (numberPointPosition < 0) { + numberPointPosition = 0; + } + } + + const nodeId = nodeUpdate.slice(5); + const searchConnection = this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections.findIndex(function (item, i) { + return item.node === nodeUpdateIn && item.output === input_class; + }); + + this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points[numberPointPosition] = { pos_x: pos_x, pos_y: pos_y }; + + const parentSelected = this.ele_selected.parentElement.classList[2].slice(9); + + this.updateConnectionNodes(parentSelected); + } + + if (e.type === "touchmove") { + this.mouse_x = e_pos_x; + this.mouse_y = e_pos_y; + } + this.dispatch('mouseMove', { x: e_pos_x, y: e_pos_y }); + } + + dragEnd(e) { + if (e.type === "touchend") { + var e_pos_x = this.mouse_x; + var e_pos_y = this.mouse_y; + var ele_last = document.elementFromPoint(e_pos_x, e_pos_y); + } else { + var e_pos_x = e.clientX; + var e_pos_y = e.clientY; + var ele_last = e.target; + } + + if (this.drag) { + if (this.pos_x_start != e_pos_x || this.pos_y_start != e_pos_y) { + this.dispatch('nodeMoved', this.ele_selected.id.slice(5)); + } + } + + if (this.drag_point) { + this.ele_selected.classList.remove("selected"); + if (this.pos_x_start != e_pos_x || this.pos_y_start != e_pos_y) { + this.dispatch('rerouteMoved', this.ele_selected.parentElement.classList[2].slice(14)); + } + } + + if (this.editor_selected) { + this.canvas_x = this.canvas_x + (-(this.pos_x - e_pos_x)); + this.canvas_y = this.canvas_y + (-(this.pos_y - e_pos_y)); + this.editor_selected = false; + } + if (this.connection === true) { + if (ele_last.classList[0] === 'input' || (this.force_first_input && (ele_last.closest(".drawflow_content_node") != null || ele_last.classList[0] === 'drawflow-node'))) { + + if (this.force_first_input && (ele_last.closest(".drawflow_content_node") != null || ele_last.classList[0] === 'drawflow-node')) { + if (ele_last.closest(".drawflow_content_node") != null) { + var input_id = ele_last.closest(".drawflow_content_node").parentElement.id; + } else { + var input_id = ele_last.id; + } + if (Object.keys(this.getNodeFromId(input_id.slice(5)).inputs).length === 0) { + var input_class = false; + } else { + var input_class = "input_1"; + } + + + } else { + // Fix connection; + var input_id = ele_last.parentElement.parentElement.id; + var input_class = ele_last.classList[1]; + } + var output_id = this.ele_selected.parentElement.parentElement.id; + var output_class = this.ele_selected.classList[1]; + + if (output_id !== input_id && input_class !== false) { + + if (this.container.querySelectorAll('.connection.node_in_' + input_id + '.node_out_' + output_id + '.' + output_class + '.' + input_class).length === 0) { + // Conection no exist save connection + + this.connection_ele.classList.add("node_in_" + input_id); + this.connection_ele.classList.add("node_out_" + output_id); + this.connection_ele.classList.add(output_class); + this.connection_ele.classList.add(input_class); + var id_input = input_id.slice(5); + var id_output = output_id.slice(5); + + this.drawflow.drawflow[this.module].data[id_output].outputs[output_class].connections.push({ "node": id_input, "output": input_class }); + this.drawflow.drawflow[this.module].data[id_input].inputs[input_class].connections.push({ "node": id_output, "input": output_class }); + this.updateConnectionNodes('node-' + id_output); + this.updateConnectionNodes('node-' + id_input); + this.dispatch('connectionCreated', { output_id: id_output, input_id: id_input, output_class: output_class, input_class: input_class }); + + } else { + this.dispatch('connectionCancel', true); + this.connection_ele.remove(); + } + + this.connection_ele = null; + } else { + // Connection exists Remove Connection; + this.dispatch('connectionCancel', true); + this.connection_ele.remove(); + this.connection_ele = null; + } + + } else { + // Remove Connection; + this.dispatch('connectionCancel', true); + this.connection_ele.remove(); + this.connection_ele = null; + } + } + + this.drag = false; + this.drag_point = false; + this.connection = false; + this.ele_selected = null; + this.editor_selected = false; + + this.dispatch('mouseUp', e); + } + contextmenu(e) { + this.dispatch('contextmenu', e); + e.preventDefault(); + if (this.editor_mode === 'fixed' || this.editor_mode === 'view') { + return false; + } + if (this.precanvas.getElementsByClassName("drawflow-delete").length) { + this.precanvas.getElementsByClassName("drawflow-delete")[0].remove() + }; + if (this.node_selected || this.connection_selected) { + var deletebox = document.createElement('div'); + deletebox.classList.add("drawflow-delete"); + deletebox.innerHTML = "x"; + if (this.node_selected) { + this.node_selected.appendChild(deletebox); + + } + if (this.connection_selected && (this.connection_selected.parentElement.classList.length > 1)) { + deletebox.style.top = e.clientY * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom)) - (this.precanvas.getBoundingClientRect().y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom))) + "px"; + deletebox.style.left = e.clientX * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom)) - (this.precanvas.getBoundingClientRect().x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom))) + "px"; + + this.precanvas.appendChild(deletebox); + + } + + } else { + if (e.target.classList.contains('drawflow-framenode') || e.target.classList.contains('drawflow-framenode-text')) { + const frameNode = e.target.classList.contains('drawflow-framenode') ? e.target : e.target.parentElement + const deletebox = document.createElement('div'); + deletebox.classList.add("drawflow-delete"); + deletebox.innerHTML = "x"; + + const frameNodeBCR = frameNode.getBoundingClientRect() + const pos_y = frameNodeBCR.top - 30 // roughly include margin and node size + const pos_x = frameNodeBCR.left + frameNodeBCR.width + deletebox.style.top = pos_y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom)) - (this.precanvas.getBoundingClientRect().y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom))) + "px"; + deletebox.style.left = pos_x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom)) - (this.precanvas.getBoundingClientRect().x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom))) + "px"; + + this.precanvas.appendChild(deletebox); + } + } + + } + contextmenuDel() { + if (this.precanvas.getElementsByClassName("drawflow-delete").length) { + this.precanvas.getElementsByClassName("drawflow-delete")[0].remove() + }; + } + + key(e) { + this.dispatch('keydown', e); + if (this.editor_mode === 'fixed' || this.editor_mode === 'view') { + return false; + } + if (e.key === 'Delete' || (e.key === 'Backspace' && e.metaKey)) { + if (this.node_selected != null) { + if (this.first_click.tagName !== 'INPUT' && this.first_click.tagName !== 'TEXTAREA' && this.first_click.hasAttribute('contenteditable') !== true) { + this.removeNodeId(this.node_selected.id); + } + } + if (this.connection_selected != null) { + this.removeConnection(); + } + } + } + + zoom_enter(event, delta) { + if (event.ctrlKey) { + event.preventDefault() + if (event.deltaY > 0) { + // Zoom Out + this.zoom_out(); + } else { + // Zoom In + this.zoom_in(); + } + } + } + zoom_refresh() { + this.dispatch('zoom', this.zoom); + this.canvas_x = (this.canvas_x / this.zoom_last_value) * this.zoom; + this.canvas_y = (this.canvas_y / this.zoom_last_value) * this.zoom; + this.zoom_last_value = this.zoom; + this.precanvas.style.transform = "translate(" + this.canvas_x + "px, " + this.canvas_y + "px) scale(" + this.zoom + ")"; + } + zoom_in() { + if (this.zoom < this.zoom_max) { + this.zoom += this.zoom_value; + this.zoom_refresh(); + } + } + zoom_out() { + if (this.zoom > this.zoom_min) { + this.zoom -= this.zoom_value; + this.zoom_refresh(); + } + } + zoom_reset() { + if (this.zoom != 1) { + this.zoom = 1; + this.zoom_refresh(); + } + } + + createCurvature(start_pos_x, start_pos_y, end_pos_x, end_pos_y, curvature_value, type) { + var line_x = start_pos_x; + var line_y = start_pos_y; + var x = end_pos_x; + var y = end_pos_y; + var curvature = curvature_value; + //type openclose open close other + switch (type) { + case 'open': + if (start_pos_x >= end_pos_x) { + var hx1 = line_x + Math.abs(x - line_x) * curvature; + var hx2 = x - Math.abs(x - line_x) * (curvature * -1); + } else { + var hx1 = line_x + Math.abs(x - line_x) * curvature; + var hx2 = x - Math.abs(x - line_x) * curvature; + } + return ' M ' + line_x + ' ' + line_y + ' C ' + hx1 + ' ' + line_y + ' ' + hx2 + ' ' + y + ' ' + x + ' ' + y; + + break + case 'close': + if (start_pos_x >= end_pos_x) { + var hx1 = line_x + Math.abs(x - line_x) * (curvature * -1); + var hx2 = x - Math.abs(x - line_x) * curvature; + } else { + var hx1 = line_x + Math.abs(x - line_x) * curvature; + var hx2 = x - Math.abs(x - line_x) * curvature; + } + return ' M ' + line_x + ' ' + line_y + ' C ' + hx1 + ' ' + line_y + ' ' + hx2 + ' ' + y + ' ' + x + ' ' + y; + break; + case 'other': + if (start_pos_x >= end_pos_x) { + var hx1 = line_x + Math.abs(x - line_x) * (curvature * -1); + var hx2 = x - Math.abs(x - line_x) * (curvature * -1); + } else { + var hx1 = line_x + Math.abs(x - line_x) * curvature; + var hx2 = x - Math.abs(x - line_x) * curvature; + } + return ' M ' + line_x + ' ' + line_y + ' C ' + hx1 + ' ' + line_y + ' ' + hx2 + ' ' + y + ' ' + x + ' ' + y; + break; + default: + + var hx1 = line_x + Math.abs(x - line_x) * curvature; + var hx2 = x - Math.abs(x - line_x) * curvature; + + return ' M ' + line_x + ' ' + line_y + ' C ' + hx1 + ' ' + line_y + ' ' + hx2 + ' ' + y + ' ' + x + ' ' + y; + } + + } + + drawConnection(ele) { + var connection = document.createElementNS('http://www.w3.org/2000/svg', "svg"); + this.connection_ele = connection; + var path = document.createElementNS('http://www.w3.org/2000/svg', "path"); + path.classList.add("main-path"); + path.setAttributeNS(null, 'd', ''); + // path.innerHTML = 'a'; + connection.classList.add("connection"); + connection.appendChild(path); + this.precanvas.appendChild(connection); + var id_output = ele.parentElement.parentElement.id.slice(5); + var output_class = ele.classList[1]; + this.dispatch('connectionStart', { output_id: id_output, output_class: output_class }); + + } + + updateConnection(eX, eY) { + const precanvas = this.precanvas; + const zoom = this.zoom; + let precanvasWitdhZoom = precanvas.clientWidth / (precanvas.clientWidth * zoom); + precanvasWitdhZoom = precanvasWitdhZoom || 0; + let precanvasHeightZoom = precanvas.clientHeight / (precanvas.clientHeight * zoom); + precanvasHeightZoom = precanvasHeightZoom || 0; + var path = this.connection_ele.children[0]; + + var line_x = this.ele_selected.offsetWidth / 2 + (this.ele_selected.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = this.ele_selected.offsetHeight / 2 + (this.ele_selected.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var x = eX * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom)) - (this.precanvas.getBoundingClientRect().x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom))); + var y = eY * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom)) - (this.precanvas.getBoundingClientRect().y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom))); + + var curvature = this.curvature; + var lineCurve = this.createCurvature(line_x, line_y, x, y, curvature, 'openclose'); + path.setAttributeNS(null, 'd', lineCurve); + + } + + addConnection(id_output, id_input, output_class, input_class, labels) { + var nodeOneModule = this.getModuleFromNodeId(id_output); + var nodeTwoModule = this.getModuleFromNodeId(id_input); + if (nodeOneModule === nodeTwoModule) { + + var dataNode = this.getNodeFromId(id_output); + var exist = false; + for (var checkOutput in dataNode.outputs[output_class].connections) { + var connectionSearch = dataNode.outputs[output_class].connections[checkOutput] + if (connectionSearch.node == id_input && connectionSearch.output == input_class) { + exist = true; + } + } + // Check connection exist + if (exist === false) { + //Create Connection + this.drawflow.drawflow[nodeOneModule].data[id_output].outputs[output_class].connections.push({ "node": id_input.toString(), "output": input_class }); + this.drawflow.drawflow[nodeOneModule].data[id_input].inputs[input_class].connections.push({ "node": id_output.toString(), "input": output_class }); + + if (this.module === nodeOneModule) { + //Draw connection + var connection = document.createElementNS('http://www.w3.org/2000/svg', "svg"); + var path = document.createElementNS('http://www.w3.org/2000/svg', "path"); + path.classList.add("main-path"); + path.setAttributeNS(null, 'd', ''); + // path.innerHTML = 'a'; + connection.classList.add("connection"); + connection.classList.add("node_in_node-" + id_input); + connection.classList.add("node_out_node-" + id_output); + connection.classList.add(output_class); + connection.classList.add(input_class); + connection.appendChild(path); + if (labels) { + var connectionLabel = this.buildConnectionLabels(labels, id_input, id_output) + connection.appendChild(connectionLabel); + } + this.precanvas.appendChild(connection); + this.updateConnectionNodes('node-' + id_output); + this.updateConnectionNodes('node-' + id_input); + } + + this.dispatch('connectionCreated', { output_id: id_output, input_id: id_input, output_class: output_class, input_class: input_class }); + } + } + } + + buildConnectionLabels(labels, id_input, id_output) { + var foreignObject = document.createElementNS('http://www.w3.org/2000/svg', "foreignObject"); + if (!labels || labels.length == 0) { + return foreignObject; + } + foreignObject.setAttributeNS(null, 'width', '100%'); + foreignObject.setAttributeNS(null, 'height', '100%'); + foreignObject.style['overflow'] = 'visible'; + var div = document.createElement('div'); + labels.forEach((labelHtml) => { + var template = document.createElement('template'); + labelHtml = labelHtml.trim(); + template.innerHTML = labelHtml; + div.appendChild(template.content.firstChild); + }) + div.classList.add("connection-label-container"); + div.setAttribute('node_in', id_input); + div.setAttribute('node_out', id_output); + foreignObject.appendChild(div); + return foreignObject; + } + + updateConnectionLabels(labelFOContainer, start_pos_x, start_pos_y, end_pos_x, end_pos_y) { + var xMid = start_pos_x + (end_pos_x - start_pos_x) / 2 + var yMid = start_pos_y + (end_pos_y - start_pos_y) / 2 + labelFOContainer.setAttributeNS(null, 'x', xMid); + labelFOContainer.setAttributeNS(null, 'y', yMid); + } + + updateConnectionNodes(id) { + + // Aquí nos quedamos; + const idSearch = 'node_in_' + id; + const idSearchOut = 'node_out_' + id; + var line_path = this.line_path / 2; + const container = this.container; + const precanvas = this.precanvas; + const curvature = this.curvature; + const createCurvature = this.createCurvature; + const updateConnectionLabels = this.updateConnectionLabels; + const reroute_curvature = this.reroute_curvature; + const reroute_curvature_start_end = this.reroute_curvature_start_end; + const reroute_fix_curvature = this.reroute_fix_curvature; + const rerouteWidth = this.reroute_width; + const zoom = this.zoom; + let precanvasWitdhZoom = precanvas.clientWidth / (precanvas.clientWidth * zoom); + precanvasWitdhZoom = precanvasWitdhZoom || 0; + let precanvasHeightZoom = precanvas.clientHeight / (precanvas.clientHeight * zoom); + precanvasHeightZoom = precanvasHeightZoom || 0; + + const elemsOut = container.querySelectorAll(`.${idSearchOut}`); + + Object.keys(elemsOut).map(function (item, index) { + if (elemsOut[item].querySelector('.point') === null) { + + var elemtsearchId_out = container.querySelector(`#${id}`); + + var id_search = elemsOut[item].classList[1].replace('node_in_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + + var elemtsearch = elemtsearchId.querySelectorAll('.' + elemsOut[item].classList[4])[0] + + var eX = elemtsearch.offsetWidth / 2 + (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var eY = elemtsearch.offsetHeight / 2 + (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var elemtsearchOut = elemtsearchId_out.querySelectorAll('.' + elemsOut[item].classList[3])[0] + + var line_x = elemtsearchOut.offsetWidth / 2 + (elemtsearchOut.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = elemtsearchOut.offsetHeight / 2 + (elemtsearchOut.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var x = eX; + var y = eY; + + const lineCurve = createCurvature(line_x, line_y, x, y, curvature, 'openclose'); + elemsOut[item].children[0].setAttributeNS(null, 'd', lineCurve); + if (elemsOut[item].children[1]) { + updateConnectionLabels(elemsOut[item].children[1], line_x, line_y, x, y); + } + } else { + const points = elemsOut[item].querySelectorAll('.point'); + let linecurve = ''; + const reoute_fix = []; + points.forEach((item, i) => { + if (i === 0 && ((points.length - 1) === 0)) { + + var elemtsearchId_out = container.querySelector(`#${id}`); + var elemtsearch = item; + + var eX = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + + var elemtsearchOut = elemtsearchId_out.querySelectorAll('.' + item.parentElement.classList[3])[0] + var line_x = elemtsearchOut.offsetWidth / 2 + (elemtsearchOut.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = elemtsearchOut.offsetHeight / 2 + (elemtsearchOut.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'open'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + var elemtsearchId_out = item; + var id_search = item.parentElement.classList[1].replace('node_in_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + var elemtsearch = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[4])[0] + + var elemtsearchIn = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[4])[0] + var eX = elemtsearchIn.offsetWidth / 2 + (elemtsearchIn.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var eY = elemtsearchIn.offsetHeight / 2 + (elemtsearchIn.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'close'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + } else if (i === 0) { + + var elemtsearchId_out = container.querySelector(`#${id}`); + var elemtsearch = item; + + var eX = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + + var elemtsearchOut = elemtsearchId_out.querySelectorAll('.' + item.parentElement.classList[3])[0] + var line_x = elemtsearchOut.offsetWidth / 2 + (elemtsearchOut.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = elemtsearchOut.offsetHeight / 2 + (elemtsearchOut.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'open'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + // SECOND + var elemtsearchId_out = item; + var elemtsearch = points[i + 1]; + + var eX = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature, 'other'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + } else if (i === (points.length - 1)) { + + var elemtsearchId_out = item; + + var id_search = item.parentElement.classList[1].replace('node_in_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + var elemtsearch = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[4])[0] + + var elemtsearchIn = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[4])[0] + var eX = elemtsearchIn.offsetWidth / 2 + (elemtsearchIn.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var eY = elemtsearchIn.offsetHeight / 2 + (elemtsearchIn.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * (precanvas.clientWidth / (precanvas.clientWidth * zoom)) + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * (precanvas.clientHeight / (precanvas.clientHeight * zoom)) + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'close'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + } else { + var elemtsearchId_out = item; + var elemtsearch = points[i + 1]; + + var eX = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * (precanvas.clientWidth / (precanvas.clientWidth * zoom)) + rerouteWidth; + var eY = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * (precanvas.clientHeight / (precanvas.clientHeight * zoom)) + rerouteWidth; + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * (precanvas.clientWidth / (precanvas.clientWidth * zoom)) + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * (precanvas.clientHeight / (precanvas.clientHeight * zoom)) + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature, 'other'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + } + + }); + if (reroute_fix_curvature) { + reoute_fix.forEach((itempath, i) => { + elemsOut[item].children[i].setAttributeNS(null, 'd', itempath); + }); + + } else { + elemsOut[item].children[0].setAttributeNS(null, 'd', linecurve); + } + + } + }) + + const elems = container.querySelectorAll(`.${idSearch}`); + Object.keys(elems).map(function (item, index) { + + if (elems[item].querySelector('.point') === null) { + var elemtsearchId_in = container.querySelector(`#${id}`); + + var id_search = elems[item].classList[2].replace('node_out_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + var elemtsearch = elemtsearchId.querySelectorAll('.' + elems[item].classList[3])[0] + + var line_x = elemtsearch.offsetWidth / 2 + (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = elemtsearch.offsetHeight / 2 + (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var elemtsearchId_in = elemtsearchId_in.querySelectorAll('.' + elems[item].classList[4])[0] + var x = elemtsearchId_in.offsetWidth / 2 + (elemtsearchId_in.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var y = elemtsearchId_in.offsetHeight / 2 + (elemtsearchId_in.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + const lineCurve = createCurvature(line_x, line_y, x, y, curvature, 'openclose'); + elems[item].children[0].setAttributeNS(null, 'd', lineCurve); + if (elems[item].children[1]) { + updateConnectionLabels(elems[item].children[1], line_x, line_y, x, y); + } + + } else { + const points = elems[item].querySelectorAll('.point'); + let linecurve = ''; + const reoute_fix = []; + points.forEach((item, i) => { + if (i === 0 && ((points.length - 1) === 0)) { + + var elemtsearchId_out = container.querySelector(`#${id}`); + var elemtsearch = item; + + var line_x = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var line_y = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + + var elemtsearchIn = elemtsearchId_out.querySelectorAll('.' + item.parentElement.classList[4])[0] + var eX = elemtsearchIn.offsetWidth / 2 + (elemtsearchIn.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var eY = elemtsearchIn.offsetHeight / 2 + (elemtsearchIn.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'close'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + var elemtsearchId_out = item; + var id_search = item.parentElement.classList[2].replace('node_out_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + var elemtsearch = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[3])[0] + + var elemtsearchOut = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[3])[0] + var line_x = elemtsearchOut.offsetWidth / 2 + (elemtsearchOut.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = elemtsearchOut.offsetHeight / 2 + (elemtsearchOut.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var eX = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'open'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + + } else if (i === 0) { + // FIRST + var elemtsearchId_out = item; + var id_search = item.parentElement.classList[2].replace('node_out_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + var elemtsearch = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[3])[0] + var elemtsearchOut = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[3])[0] + var line_x = elemtsearchOut.offsetWidth / 2 + (elemtsearchOut.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var line_y = elemtsearchOut.offsetHeight / 2 + (elemtsearchOut.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var eX = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'open'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + // SECOND + var elemtsearchId_out = item; + var elemtsearch = points[i + 1]; + + var eX = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature, 'other'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + } else if (i === (points.length - 1)) { + + var elemtsearchId_out = item; + + var id_search = item.parentElement.classList[1].replace('node_in_', ''); + var elemtsearchId = container.querySelector(`#${id_search}`); + var elemtsearch = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[4])[0] + + var elemtsearchIn = elemtsearchId.querySelectorAll('.' + item.parentElement.classList[4])[0] + var eX = elemtsearchIn.offsetWidth / 2 + (elemtsearchIn.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom; + var eY = elemtsearchIn.offsetHeight / 2 + (elemtsearchIn.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom; + + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature_start_end, 'close'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + + } else { + + var elemtsearchId_out = item; + var elemtsearch = points[i + 1]; + + var eX = (elemtsearch.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var eY = (elemtsearch.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var line_x = (elemtsearchId_out.getBoundingClientRect().x - precanvas.getBoundingClientRect().x) * precanvasWitdhZoom + rerouteWidth; + var line_y = (elemtsearchId_out.getBoundingClientRect().y - precanvas.getBoundingClientRect().y) * precanvasHeightZoom + rerouteWidth; + var x = eX; + var y = eY; + + var lineCurveSearch = createCurvature(line_x, line_y, x, y, reroute_curvature, 'other'); + linecurve += lineCurveSearch; + reoute_fix.push(lineCurveSearch); + } + + }); + if (reroute_fix_curvature) { + reoute_fix.forEach((itempath, i) => { + elems[item].children[i].setAttributeNS(null, 'd', itempath); + }); + + } else { + elems[item].children[0].setAttributeNS(null, 'd', linecurve); + } + + } + }) + + var nodeIdInt = parseInt(id.slice(5)); + if (this.nodes_to_frames_registry[nodeIdInt] !== undefined && this.nodes_to_frames_registry[nodeIdInt].length > 0) { + var _this = this; + this.nodes_to_frames_registry[nodeIdInt].forEach((frameNodeUuid) => { + const containedNodeIDs = _this.frame_to_nodes_registry[frameNodeUuid] + const frameNode = _this.container.querySelector('#framenode-' + frameNodeUuid) + _this.updateFrameNodePosition(frameNode, containedNodeIDs); + }) + } + } + + dblclick(e) { + if (this.connection_selected != null && this.reroute) { + this.createReroutePoint(this.connection_selected); + } + + if (e.target.classList[0] === 'point') { + this.removeReroutePoint(e.target); + } + } + + createReroutePoint(ele) { + this.connection_selected.classList.remove("selected"); + const nodeUpdate = this.connection_selected.parentElement.classList[2].slice(9); + const nodeUpdateIn = this.connection_selected.parentElement.classList[1].slice(13); + const output_class = this.connection_selected.parentElement.classList[3]; + const input_class = this.connection_selected.parentElement.classList[4]; + this.connection_selected = null; + const point = document.createElementNS('http://www.w3.org/2000/svg', "circle"); + point.classList.add("point"); + var pos_x = this.pos_x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom)) - (this.precanvas.getBoundingClientRect().x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom))); + var pos_y = this.pos_y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom)) - (this.precanvas.getBoundingClientRect().y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom))); + + point.setAttributeNS(null, 'cx', pos_x); + point.setAttributeNS(null, 'cy', pos_y); + point.setAttributeNS(null, 'r', this.reroute_width); + + let position_add_array_point = 0; + if (this.reroute_fix_curvature) { + + const numberPoints = ele.parentElement.querySelectorAll(".main-path").length; + var path = document.createElementNS('http://www.w3.org/2000/svg', "path"); + path.classList.add("main-path"); + path.setAttributeNS(null, 'd', ''); + + ele.parentElement.insertBefore(path, ele.parentElement.children[numberPoints]); + if (numberPoints === 1) { + ele.parentElement.appendChild(point); + } else { + const search_point = Array.from(ele.parentElement.children).indexOf(ele) + position_add_array_point = search_point; + ele.parentElement.insertBefore(point, ele.parentElement.children[search_point + numberPoints + 1]); + } + + } else { + ele.parentElement.appendChild(point); + } + + const nodeId = nodeUpdate.slice(5); + const searchConnection = this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections.findIndex(function (item, i) { + return item.node === nodeUpdateIn && item.output === input_class; + }); + + if (this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points === undefined) { + this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points = []; + } + + if (this.reroute_fix_curvature) { + + if (position_add_array_point > 0 || this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points !== []) { + this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points.splice(position_add_array_point, 0, { pos_x: pos_x, pos_y: pos_y }); + } else { + this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points.push({ pos_x: pos_x, pos_y: pos_y }); + } + + ele.parentElement.querySelectorAll(".main-path").forEach((item, i) => { + item.classList.remove("selected"); + }); + + } else { + this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points.push({ pos_x: pos_x, pos_y: pos_y }); + } + + this.dispatch('addReroute', nodeId); + this.updateConnectionNodes(nodeUpdate); + } + + removeReroutePoint(ele) { + const nodeUpdate = ele.parentElement.classList[2].slice(9) + const nodeUpdateIn = ele.parentElement.classList[1].slice(13); + const output_class = ele.parentElement.classList[3]; + const input_class = ele.parentElement.classList[4]; + + let numberPointPosition = Array.from(ele.parentElement.children).indexOf(ele); + const nodeId = nodeUpdate.slice(5); + const searchConnection = this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections.findIndex(function (item, i) { + return item.node === nodeUpdateIn && item.output === input_class; + }); + + if (this.reroute_fix_curvature) { + const numberMainPath = ele.parentElement.querySelectorAll(".main-path").length + ele.parentElement.children[numberMainPath - 1].remove(); + numberPointPosition -= numberMainPath; + if (numberPointPosition < 0) { + numberPointPosition = 0; + } + } else { + numberPointPosition--; + } + this.drawflow.drawflow[this.module].data[nodeId].outputs[output_class].connections[searchConnection].points.splice(numberPointPosition, 1); + + ele.remove(); + this.dispatch('removeReroute', nodeId); + this.updateConnectionNodes(nodeUpdate); + } + + registerNode(name, html, props = null, options = null) { + this.noderegister[name] = { html: html, props: props, options: options }; + } + + getNodeFromId(id) { + var moduleName = this.getModuleFromNodeId(id) + return JSON.parse(JSON.stringify(this.drawflow.drawflow[moduleName].data[id])); + } + getNodesFromName(name) { + var nodes = []; + const editor = this.drawflow.drawflow + Object.keys(editor).map(function (moduleName, index) { + for (var node in editor[moduleName].data) { + if (editor[moduleName].data[node].name == name) { + nodes.push(editor[moduleName].data[node].id); + } + } + }); + return nodes; + } + + addNode(name, num_in, num_out, ele_pos_x, ele_pos_y, classoverride, data, html, typenode = false) { + if (this.useuuid) { + var newNodeId = this.getUuid(); + } else { + var newNodeId = this.nodeId; + } + const parent = document.createElement('div'); + parent.classList.add("parent-node"); + + const node = document.createElement('div'); + node.innerHTML = ""; + node.setAttribute("id", "node-" + newNodeId); + node.classList.add("drawflow-node"); + if (classoverride != '') { + node.classList.add(...classoverride.split(' ')); + } + + const inputs = document.createElement('div'); + inputs.classList.add("inputs"); + + const outputs = document.createElement('div'); + outputs.classList.add("outputs"); + + const json_inputs = {} + for (var x = 0; x < num_in; x++) { + const input = document.createElement('div'); + input.classList.add("input"); + input.classList.add("input_" + (x + 1)); + json_inputs["input_" + (x + 1)] = { "connections": [] }; + inputs.appendChild(input); + } + + const json_outputs = {} + for (var x = 0; x < num_out; x++) { + const output = document.createElement('div'); + output.classList.add("output"); + output.classList.add("output_" + (x + 1)); + json_outputs["output_" + (x + 1)] = { "connections": [] }; + outputs.appendChild(output); + } + + const content = document.createElement('div'); + content.classList.add("drawflow_content_node"); + if (typenode === false) { + content.innerHTML = html; + } else if (typenode === true) { + content.appendChild(this.noderegister[html].html.cloneNode(true)); + } else { + if (parseInt(this.render.version) === 3) { + //Vue 3 + let wrapper = this.render.h(this.noderegister[html].html, this.noderegister[html].props, this.noderegister[html].options); + wrapper.appContext = this.parent; + this.render.render(wrapper, content); + + } else { + // Vue 2 + let wrapper = new this.render({ + parent: this.parent, + render: h => h(this.noderegister[html].html, { props: this.noderegister[html].props }), + ...this.noderegister[html].options + }).$mount() + // + content.appendChild(wrapper.$el); + } + } + + Object.entries(data).forEach(function (key, value) { + if (typeof key[1] === "object") { + insertObjectkeys(null, key[0], key[0]); + } else { + var elems = content.querySelectorAll('[df-' + key[0] + ']'); + for (var i = 0; i < elems.length; i++) { + elems[i].value = key[1]; + if (elems[i].isContentEditable) { + elems[i].innerText = key[1]; + } + } + } + }) + + function insertObjectkeys(object, name, completname) { + if (object === null) { + var object = data[name]; + } else { + var object = object[name] + } + if (object !== null) { + Object.entries(object).forEach(function (key, value) { + if (typeof key[1] === "object") { + insertObjectkeys(object, key[0], completname + '-' + key[0]); + } else { + var elems = content.querySelectorAll('[df-' + completname + '-' + key[0] + ']'); + for (var i = 0; i < elems.length; i++) { + elems[i].value = key[1]; + if (elems[i].isContentEditable) { + elems[i].innerText = key[1]; + } + } + } + }); + } + } + node.appendChild(inputs); + node.appendChild(content); + node.appendChild(outputs); + node.style.top = ele_pos_y + "px"; + node.style.left = ele_pos_x + "px"; + parent.appendChild(node); + this.precanvas.appendChild(parent); + var json = { + id: newNodeId, + name: name, + data: data, + class: classoverride, + html: html, + typenode: typenode, + inputs: json_inputs, + outputs: json_outputs, + pos_x: ele_pos_x, + pos_y: ele_pos_y, + } + this.drawflow.drawflow[this.module].data[newNodeId] = json; + this.dispatch('nodeCreated', newNodeId); + if (!this.useuuid) { + this.nodeId++; + } + return newNodeId; + } + + addNodeImport(dataNode, precanvas) { + const buildConnectionLabels = this.buildConnectionLabels; + const parent = document.createElement('div'); + parent.classList.add("parent-node"); + + const node = document.createElement('div'); + node.innerHTML = ""; + node.setAttribute("id", "node-" + dataNode.id); + node.classList.add("drawflow-node"); + if (dataNode.class != '') { + node.classList.add(...dataNode.class.split(' ')); + } + + const inputs = document.createElement('div'); + inputs.classList.add("inputs"); + + const outputs = document.createElement('div'); + outputs.classList.add("outputs"); + + Object.keys(dataNode.inputs).map(function (input_item, index) { + const input = document.createElement('div'); + input.classList.add("input"); + input.classList.add(input_item); + inputs.appendChild(input); + Object.keys(dataNode.inputs[input_item].connections).map(function (output_item, index) { + + var connection = document.createElementNS('http://www.w3.org/2000/svg', "svg"); + var path = document.createElementNS('http://www.w3.org/2000/svg', "path"); + path.classList.add("main-path"); + path.setAttributeNS(null, 'd', ''); + // path.innerHTML = 'a'; + connection.classList.add("connection"); + connection.classList.add("node_in_node-" + dataNode.id); + connection.classList.add("node_out_node-" + dataNode.inputs[input_item].connections[output_item].node); + connection.classList.add(dataNode.inputs[input_item].connections[output_item].input); + connection.classList.add(input_item); + + connection.appendChild(path); + var labels = dataNode.inputs[input_item].connections[output_item].labels + if (labels) { + var connectionLabel = buildConnectionLabels(labels, dataNode.id, dataNode.inputs[input_item].connections[output_item].node) + connection.appendChild(connectionLabel); + } + precanvas.appendChild(connection); + + }); + }); + + for (var x = 0; x < Object.keys(dataNode.outputs).length; x++) { + const output = document.createElement('div'); + output.classList.add("output"); + output.classList.add("output_" + (x + 1)); + outputs.appendChild(output); + } + + const content = document.createElement('div'); + content.classList.add("drawflow_content_node"); + + if (dataNode.typenode === false) { + content.innerHTML = dataNode.html; + } else if (dataNode.typenode === true) { + content.appendChild(this.noderegister[dataNode.html].html.cloneNode(true)); + } else { + if (parseInt(this.render.version) === 3) { + //Vue 3 + let wrapper = this.render.h(this.noderegister[dataNode.html].html, this.noderegister[dataNode.html].props, this.noderegister[dataNode.html].options); + wrapper.appContext = this.parent; + this.render.render(wrapper, content); + + } else { + //Vue 2 + let wrapper = new this.render({ + parent: this.parent, + render: h => h(this.noderegister[dataNode.html].html, { props: this.noderegister[dataNode.html].props }), + ...this.noderegister[dataNode.html].options + }).$mount() + content.appendChild(wrapper.$el); + } + } + + Object.entries(dataNode.data).forEach(function (key, value) { + if (typeof key[1] === "object") { + insertObjectkeys(null, key[0], key[0]); + } else { + var elems = content.querySelectorAll('[df-' + key[0] + ']'); + for (var i = 0; i < elems.length; i++) { + elems[i].value = key[1]; + if (elems[i].isContentEditable) { + elems[i].innerText = key[1]; + } + } + } + }) + + function insertObjectkeys(object, name, completname) { + if (object === null) { + var object = dataNode.data[name]; + } else { + var object = object[name] + } + if (object !== null) { + Object.entries(object).forEach(function (key, value) { + if (typeof key[1] === "object") { + insertObjectkeys(object, key[0], completname + '-' + key[0]); + } else { + var elems = content.querySelectorAll('[df-' + completname + '-' + key[0] + ']'); + for (var i = 0; i < elems.length; i++) { + elems[i].value = key[1]; + if (elems[i].isContentEditable) { + elems[i].innerText = key[1]; + } + } + } + }); + } + } + node.appendChild(inputs); + node.appendChild(content); + node.appendChild(outputs); + node.style.top = dataNode.pos_y + "px"; + node.style.left = dataNode.pos_x + "px"; + parent.appendChild(node); + this.precanvas.appendChild(parent); + } + + addRerouteImport(dataNode) { + const reroute_width = this.reroute_width + const reroute_fix_curvature = this.reroute_fix_curvature + const container = this.container; + Object.keys(dataNode.outputs).map(function (output_item, index) { + Object.keys(dataNode.outputs[output_item].connections).map(function (input_item, index) { + const points = dataNode.outputs[output_item].connections[input_item].points + if (points !== undefined) { + + points.forEach((item, i) => { + const input_id = dataNode.outputs[output_item].connections[input_item].node; + const input_class = dataNode.outputs[output_item].connections[input_item].output; + const ele = container.querySelector('.connection.node_in_node-' + input_id + '.node_out_node-' + dataNode.id + '.' + output_item + '.' + input_class); + + if (reroute_fix_curvature) { + if (i === 0) { + for (var z = 0; z < points.length; z++) { + var path = document.createElementNS('http://www.w3.org/2000/svg', "path"); + path.classList.add("main-path"); + path.setAttributeNS(null, 'd', ''); + ele.appendChild(path); + + } + } + } + + const point = document.createElementNS('http://www.w3.org/2000/svg', "circle"); + point.classList.add("point"); + var pos_x = item.pos_x; + var pos_y = item.pos_y; + + point.setAttributeNS(null, 'cx', pos_x); + point.setAttributeNS(null, 'cy', pos_y); + point.setAttributeNS(null, 'r', reroute_width); + + ele.appendChild(point); + }); + }; + }); + }); + } + + addFrameNode(frameNodeConfig) { + frameNodeConfig.nodes = [...new Set(frameNodeConfig.nodes)] + if (frameNodeConfig.nodes.length == 0) { + return + } + + var newNodeId = this.getUuid(); + this.frame_to_nodes_registry[newNodeId] = frameNodeConfig.nodes + frameNodeConfig.nodes.forEach(nodeId => { + if (this.nodes_to_frames_registry[nodeId] === undefined) { + this.nodes_to_frames_registry[nodeId] = [] + } + this.nodes_to_frames_registry[nodeId].push(newNodeId) + }); + const parent = document.createElement('div'); + parent.classList.add(...["parent-framenode"]); + + const frameNode = document.createElement('div'); + frameNode.innerHTML = ''; + frameNode.setAttribute('id', 'framenode-' + newNodeId); + frameNode.classList.add(...['drawflow-framenode']); + if (frameNodeConfig.class !== undefined && frameNodeConfig.class != '') { + frameNode.classList.add(...frameNodeConfig.class.split(' ')); + } + + this.updateFrameNodePosition(frameNode, frameNodeConfig.nodes) + + const frameTextNode = document.createElement('span'); + frameTextNode.innerText = frameNodeConfig.text; + frameTextNode.classList.add('drawflow-framenode-text') + frameNode.appendChild(frameTextNode); + + parent.appendChild(frameNode); + this.precanvas.appendChild(parent); + + var json = { + id: newNodeId, + text: frameNodeConfig.text, + nodes: frameNodeConfig.nodes, + class: frameNodeConfig.class, + } + this.drawflow.drawflow[this.module].data._frames[newNodeId] = json; + this.dispatch('frameNodeCreated', newNodeId); + } + + updateFrameNodePosition(frameNode, nodeIDs) { + if (!frameNode) { + return + } + + var _this = this + var nodesHtml = nodeIDs.map(function (id) { + return _this.container.querySelector('#node-' + id) + }) + + function getFrameCoordinatesFromNodes(nodesHtml) { + var topLeft = { x: Number.MAX_SAFE_INTEGER, y: Number.MAX_SAFE_INTEGER } + var bottomRight = { x: Number.MIN_SAFE_INTEGER, y: Number.MIN_SAFE_INTEGER } + nodesHtml.forEach(function (nodeHtml) { + var bcr = nodeHtml.getBoundingClientRect() + topLeft.x = Math.min(topLeft.x, bcr.left) + topLeft.y = Math.min(topLeft.y, bcr.top) + bottomRight.x = Math.max(bottomRight.x, bcr.left + bcr.width) + bottomRight.y = Math.max(bottomRight.y, bcr.top + bcr.height) + }) + return { topLeft: topLeft, bottomRight: bottomRight } + } + + var frameCoordinates = getFrameCoordinatesFromNodes(nodesHtml) + + var pos_x = frameCoordinates.topLeft.x - this.frameNodePadding.left / 2 + var pos_y = frameCoordinates.topLeft.y - this.frameNodePadding.top / 2 + var frameNodeHeight = (frameCoordinates.bottomRight.y - frameCoordinates.topLeft.y) + (this.frameNodePadding.top / 2 + this.frameNodePadding.bottom) + var frameNodeWidth = (frameCoordinates.bottomRight.x - frameCoordinates.topLeft.x) + (this.frameNodePadding.left / 2 + this.frameNodePadding.right) + + var transpositionFactorX = (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom)) + var transpositionOffsetX = -(this.precanvas.getBoundingClientRect().x * (this.precanvas.clientWidth / (this.precanvas.clientWidth * this.zoom))) + var transpositionFactorY = (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom)) + var transpositionOffsetY = -(this.precanvas.getBoundingClientRect().y * (this.precanvas.clientHeight / (this.precanvas.clientHeight * this.zoom))) + + pos_x = pos_x * transpositionFactorX + transpositionOffsetX + pos_y = pos_y * transpositionFactorY + transpositionOffsetY + frameNodeWidth = frameNodeWidth * transpositionFactorX + frameNodeHeight = frameNodeHeight * transpositionFactorY + + frameNode.style.top = pos_y + 'px'; + frameNode.style.left = pos_x + 'px'; + frameNode.style.height = frameNodeHeight + 'px'; + frameNode.style.width = frameNodeWidth + 'px'; + } + + updateFramenode(frameNodeUuid, frameNodeConfig) { + const frameNode = document.getElementById(frameNodeUuid); + frameNode.classList.remove(...frameNode.classList) + frameNode.classList.add(...['drawflow-framenode']); + if (frameNodeConfig.class !== undefined && frameNodeConfig.class != '') { + frameNode.classList.add(...frameNodeConfig.class.split(' ')); + } + + const frameTextNode = frameNode.querySelector('.drawflow-framenode-text') + frameTextNode.innerText = frameNodeConfig.text + + var oldJson = this.drawflow.drawflow[this.module].data._frames[frameNodeUuid.slice(10)] + oldJson.text = frameNodeConfig.text + oldJson.class = frameNodeConfig.class + this.drawflow.drawflow[this.module].data._frames[frameNodeUuid.slice(10)] = oldJson; + + this.dispatch('frameNodeUpdated', frameNodeUuid.slice(10)); + } + + updateNodeValue(event) { + var attr = event.target.attributes + for (var i = 0; i < attr.length; i++) { + if (attr[i].nodeName.startsWith('df-')) { + var keys = attr[i].nodeName.slice(3).split("-"); + var target = this.drawflow.drawflow[this.module].data[event.target.closest(".drawflow_content_node").parentElement.id.slice(5)].data; + for (var index = 0; index < keys.length - 1; index += 1) { + if (target[keys[index]] == null) { + target[keys[index]] = {}; + } + target = target[keys[index]]; + } + target[keys[keys.length - 1]] = event.target.value; + if (event.target.isContentEditable) { + target[keys[keys.length - 1]] = event.target.innerText; + } + this.dispatch('nodeDataChanged', event.target.closest(".drawflow_content_node").parentElement.id.slice(5)); + } + } + } + + updateNodeDataFromId(id, data) { + var moduleName = this.getModuleFromNodeId(id) + this.drawflow.drawflow[moduleName].data[id].data = data; + if (this.module === moduleName) { + const content = this.container.querySelector('#node-' + id); + + Object.entries(data).forEach(function (key, value) { + if (typeof key[1] === "object") { + insertObjectkeys(null, key[0], key[0]); + } else { + var elems = content.querySelectorAll('[df-' + key[0] + ']'); + for (var i = 0; i < elems.length; i++) { + elems[i].value = key[1]; + if (elems[i].isContentEditable) { + elems[i].innerText = key[1]; + } + } + } + }) + + function insertObjectkeys(object, name, completname) { + if (object === null) { + var object = data[name]; + } else { + var object = object[name] + } + if (object !== null) { + Object.entries(object).forEach(function (key, value) { + if (typeof key[1] === "object") { + insertObjectkeys(object, key[0], completname + '-' + key[0]); + } else { + var elems = content.querySelectorAll('[df-' + completname + '-' + key[0] + ']'); + for (var i = 0; i < elems.length; i++) { + elems[i].value = key[1]; + if (elems[i].isContentEditable) { + elems[i].innerText = key[1]; + } + } + } + }); + } + } + + } + } + + addNodeInput(id) { + var moduleName = this.getModuleFromNodeId(id) + const infoNode = this.getNodeFromId(id) + const numInputs = Object.keys(infoNode.inputs).length; + if (this.module === moduleName) { + //Draw input + const input = document.createElement('div'); + input.classList.add("input"); + input.classList.add("input_" + (numInputs + 1)); + const parent = this.container.querySelector('#node-' + id + ' .inputs'); + parent.appendChild(input); + this.updateConnectionNodes('node-' + id); + + } + this.drawflow.drawflow[moduleName].data[id].inputs["input_" + (numInputs + 1)] = { "connections": [] }; + } + + addNodeOutput(id) { + var moduleName = this.getModuleFromNodeId(id) + const infoNode = this.getNodeFromId(id) + const numOutputs = Object.keys(infoNode.outputs).length; + if (this.module === moduleName) { + //Draw output + const output = document.createElement('div'); + output.classList.add("output"); + output.classList.add("output_" + (numOutputs + 1)); + const parent = this.container.querySelector('#node-' + id + ' .outputs'); + parent.appendChild(output); + this.updateConnectionNodes('node-' + id); + + } + this.drawflow.drawflow[moduleName].data[id].outputs["output_" + (numOutputs + 1)] = { "connections": [] }; + } + + removeNodeInput(id, input_class) { + var moduleName = this.getModuleFromNodeId(id) + const infoNode = this.getNodeFromId(id) + if (this.module === moduleName) { + this.container.querySelector('#node-' + id + ' .inputs .input.' + input_class).remove(); + } + const removeInputs = []; + Object.keys(infoNode.inputs[input_class].connections).map(function (key, index) { + const id_output = infoNode.inputs[input_class].connections[index].node; + const output_class = infoNode.inputs[input_class].connections[index].input; + removeInputs.push({ id_output, id, output_class, input_class }) + }) + // Remove connections + removeInputs.forEach((item, i) => { + this.removeSingleConnection(item.id_output, item.id, item.output_class, item.input_class); + }); + + delete this.drawflow.drawflow[moduleName].data[id].inputs[input_class]; + + // Update connection + const connections = []; + const connectionsInputs = this.drawflow.drawflow[moduleName].data[id].inputs + Object.keys(connectionsInputs).map(function (key, index) { + connections.push(connectionsInputs[key]); + }); + this.drawflow.drawflow[moduleName].data[id].inputs = {}; + const input_class_id = input_class.slice(6); + let nodeUpdates = []; + connections.forEach((item, i) => { + item.connections.forEach((itemx, f) => { + nodeUpdates.push(itemx); + }); + this.drawflow.drawflow[moduleName].data[id].inputs['input_' + (i + 1)] = item; + }); + nodeUpdates = new Set(nodeUpdates.map(e => JSON.stringify(e))); + nodeUpdates = Array.from(nodeUpdates).map(e => JSON.parse(e)); + + if (this.module === moduleName) { + const eles = this.container.querySelectorAll("#node-" + id + " .inputs .input"); + eles.forEach((item, i) => { + const id_class = item.classList[1].slice(6); + if (parseInt(input_class_id) < parseInt(id_class)) { + item.classList.remove('input_' + id_class); + item.classList.add('input_' + (id_class - 1)); + } + }); + + } + + nodeUpdates.forEach((itemx, i) => { + this.drawflow.drawflow[moduleName].data[itemx.node].outputs[itemx.input].connections.forEach((itemz, g) => { + if (itemz.node == id) { + const output_id = itemz.output.slice(6); + if (parseInt(input_class_id) < parseInt(output_id)) { + if (this.module === moduleName) { + const ele = this.container.querySelector(".connection.node_in_node-" + id + ".node_out_node-" + itemx.node + "." + itemx.input + ".input_" + output_id); + ele.classList.remove('input_' + output_id); + ele.classList.add('input_' + (output_id - 1)); + } + if (itemz.points) { + this.drawflow.drawflow[moduleName].data[itemx.node].outputs[itemx.input].connections[g] = { node: itemz.node, output: 'input_' + (output_id - 1), points: itemz.points } + } else { + this.drawflow.drawflow[moduleName].data[itemx.node].outputs[itemx.input].connections[g] = { node: itemz.node, output: 'input_' + (output_id - 1) } + } + } + } + }); + }); + this.updateConnectionNodes('node-' + id); + } + + removeNodeOutput(id, output_class) { + var moduleName = this.getModuleFromNodeId(id) + const infoNode = this.getNodeFromId(id) + if (this.module === moduleName) { + this.container.querySelector('#node-' + id + ' .outputs .output.' + output_class).remove(); + } + const removeOutputs = []; + Object.keys(infoNode.outputs[output_class].connections).map(function (key, index) { + const id_input = infoNode.outputs[output_class].connections[index].node; + const input_class = infoNode.outputs[output_class].connections[index].output; + removeOutputs.push({ id, id_input, output_class, input_class }) + }) + // Remove connections + removeOutputs.forEach((item, i) => { + this.removeSingleConnection(item.id, item.id_input, item.output_class, item.input_class); + }); + + delete this.drawflow.drawflow[moduleName].data[id].outputs[output_class]; + + // Update connection + const connections = []; + const connectionsOuputs = this.drawflow.drawflow[moduleName].data[id].outputs + Object.keys(connectionsOuputs).map(function (key, index) { + connections.push(connectionsOuputs[key]); + }); + this.drawflow.drawflow[moduleName].data[id].outputs = {}; + const output_class_id = output_class.slice(7); + let nodeUpdates = []; + connections.forEach((item, i) => { + item.connections.forEach((itemx, f) => { + nodeUpdates.push({ node: itemx.node, output: itemx.output }); + }); + this.drawflow.drawflow[moduleName].data[id].outputs['output_' + (i + 1)] = item; + }); + nodeUpdates = new Set(nodeUpdates.map(e => JSON.stringify(e))); + nodeUpdates = Array.from(nodeUpdates).map(e => JSON.parse(e)); + + if (this.module === moduleName) { + const eles = this.container.querySelectorAll("#node-" + id + " .outputs .output"); + eles.forEach((item, i) => { + const id_class = item.classList[1].slice(7); + if (parseInt(output_class_id) < parseInt(id_class)) { + item.classList.remove('output_' + id_class); + item.classList.add('output_' + (id_class - 1)); + } + }); + + } + + nodeUpdates.forEach((itemx, i) => { + this.drawflow.drawflow[moduleName].data[itemx.node].inputs[itemx.output].connections.forEach((itemz, g) => { + if (itemz.node == id) { + const input_id = itemz.input.slice(7); + if (parseInt(output_class_id) < parseInt(input_id)) { + if (this.module === moduleName) { + + const ele = this.container.querySelector(".connection.node_in_node-" + itemx.node + ".node_out_node-" + id + ".output_" + input_id + "." + itemx.output); + ele.classList.remove('output_' + input_id); + ele.classList.remove(itemx.output); + ele.classList.add('output_' + (input_id - 1)); + ele.classList.add(itemx.output); + } + if (itemz.points) { + this.drawflow.drawflow[moduleName].data[itemx.node].inputs[itemx.output].connections[g] = { node: itemz.node, input: 'output_' + (input_id - 1), points: itemz.points } + } else { + this.drawflow.drawflow[moduleName].data[itemx.node].inputs[itemx.output].connections[g] = { node: itemz.node, input: 'output_' + (input_id - 1) } + } + } + } + }); + }); + + this.updateConnectionNodes('node-' + id); + } + + removeNodeId(id) { + this.removeConnectionNodeId(id); + var moduleName = this.getModuleFromNodeId(id.slice(5)) + if (this.module === moduleName) { + this.container.querySelector(`#${id}`).remove(); + } + + var _this = this + var new_frame_to_nodes_registry = [] + if (this.nodes_to_frames_registry[id.slice(5)] !== undefined) { + this.nodes_to_frames_registry[id.slice(5)].forEach((frameUuid) => { + new_frame_to_nodes_registry = _this.frame_to_nodes_registry[frameUuid].filter((nodeId) => { + return id.slice(5) != nodeId; + }) + if (new_frame_to_nodes_registry.length == 0) { + _this.removeFrameNodeId('framenode-' + frameUuid) + } else { + const frameNode = _this.container.querySelector('#framenode-' + frameUuid) + _this.frame_to_nodes_registry[frameUuid] = new_frame_to_nodes_registry + _this.updateFrameNodePosition(frameNode, _this.frame_to_nodes_registry[frameUuid]); + } + }) + delete this.nodes_to_frames_registry[id.slice(5)] + } + + delete this.drawflow.drawflow[moduleName].data[id.slice(5)]; + this.dispatch('nodeRemoved', id.slice(5)); + } + + removeConnection() { + if (this.connection_selected != null) { + var listclass = this.connection_selected.parentElement.classList; + this.connection_selected.parentElement.remove(); + //console.log(listclass); + var index_out = this.drawflow.drawflow[this.module].data[listclass[2].slice(14)].outputs[listclass[3]].connections.findIndex(function (item, i) { + return item.node === listclass[1].slice(13) && item.output === listclass[4] + }); + this.drawflow.drawflow[this.module].data[listclass[2].slice(14)].outputs[listclass[3]].connections.splice(index_out, 1); + + var index_in = this.drawflow.drawflow[this.module].data[listclass[1].slice(13)].inputs[listclass[4]].connections.findIndex(function (item, i) { + return item.node === listclass[2].slice(14) && item.input === listclass[3] + }); + this.drawflow.drawflow[this.module].data[listclass[1].slice(13)].inputs[listclass[4]].connections.splice(index_in, 1); + this.dispatch('connectionRemoved', { output_id: listclass[2].slice(14), input_id: listclass[1].slice(13), output_class: listclass[3], input_class: listclass[4] }); + this.connection_selected = null; + } + } + + removeSingleConnection(id_output, id_input, output_class, input_class) { + var nodeOneModule = this.getModuleFromNodeId(id_output); + var nodeTwoModule = this.getModuleFromNodeId(id_input); + if (nodeOneModule === nodeTwoModule) { + // Check nodes in same module. + + // Check connection exist + var exists = this.drawflow.drawflow[nodeOneModule].data[id_output].outputs[output_class].connections.findIndex(function (item, i) { + return item.node == id_input && item.output === input_class + }); + if (exists > -1) { + + if (this.module === nodeOneModule) { + // In same module with view. + this.container.querySelector('.connection.node_in_node-' + id_input + '.node_out_node-' + id_output + '.' + output_class + '.' + input_class).remove(); + } + + var index_out = this.drawflow.drawflow[nodeOneModule].data[id_output].outputs[output_class].connections.findIndex(function (item, i) { + return item.node == id_input && item.output === input_class + }); + this.drawflow.drawflow[nodeOneModule].data[id_output].outputs[output_class].connections.splice(index_out, 1); + + var index_in = this.drawflow.drawflow[nodeOneModule].data[id_input].inputs[input_class].connections.findIndex(function (item, i) { + return item.node == id_output && item.input === output_class + }); + this.drawflow.drawflow[nodeOneModule].data[id_input].inputs[input_class].connections.splice(index_in, 1); + + this.dispatch('connectionRemoved', { output_id: id_output, input_id: id_input, output_class: output_class, input_class: input_class }); + return true; + + } else { + return false; + } + } else { + return false; + } + } + + removeConnectionNodeId(id) { + const idSearchIn = 'node_in_' + id; + const idSearchOut = 'node_out_' + id; + + const elemsOut = this.container.querySelectorAll(`.${idSearchOut}`); + for (var i = elemsOut.length - 1; i >= 0; i--) { + var listclass = elemsOut[i].classList; + + var index_in = this.drawflow.drawflow[this.module].data[listclass[1].slice(13)].inputs[listclass[4]].connections.findIndex(function (item, i) { + return item.node === listclass[2].slice(14) && item.input === listclass[3] + }); + this.drawflow.drawflow[this.module].data[listclass[1].slice(13)].inputs[listclass[4]].connections.splice(index_in, 1); + + var index_out = this.drawflow.drawflow[this.module].data[listclass[2].slice(14)].outputs[listclass[3]].connections.findIndex(function (item, i) { + return item.node === listclass[1].slice(13) && item.output === listclass[4] + }); + this.drawflow.drawflow[this.module].data[listclass[2].slice(14)].outputs[listclass[3]].connections.splice(index_out, 1); + + elemsOut[i].remove(); + + this.dispatch('connectionRemoved', { output_id: listclass[2].slice(14), input_id: listclass[1].slice(13), output_class: listclass[3], input_class: listclass[4] }); + } + + const elemsIn = this.container.querySelectorAll(`.${idSearchIn}`); + for (var i = elemsIn.length - 1; i >= 0; i--) { + + var listclass = elemsIn[i].classList; + + var index_out = this.drawflow.drawflow[this.module].data[listclass[2].slice(14)].outputs[listclass[3]].connections.findIndex(function (item, i) { + return item.node === listclass[1].slice(13) && item.output === listclass[4] + }); + this.drawflow.drawflow[this.module].data[listclass[2].slice(14)].outputs[listclass[3]].connections.splice(index_out, 1); + + var index_in = this.drawflow.drawflow[this.module].data[listclass[1].slice(13)].inputs[listclass[4]].connections.findIndex(function (item, i) { + return item.node === listclass[2].slice(14) && item.input === listclass[3] + }); + this.drawflow.drawflow[this.module].data[listclass[1].slice(13)].inputs[listclass[4]].connections.splice(index_in, 1); + + elemsIn[i].remove(); + + this.dispatch('connectionRemoved', { output_id: listclass[2].slice(14), input_id: listclass[1].slice(13), output_class: listclass[3], input_class: listclass[4] }); + } + } + + removeFrameNodeId(fullID) { + const frameUuid = fullID.slice(10); + const moduleName = this.getModuleFromNodeId(this.frame_to_nodes_registry[frameUuid][0]) + this.container.querySelector(`#${fullID}`).remove(); + var _this = this; + this.frame_to_nodes_registry[frameUuid].forEach((nodeID) => { + _this.nodes_to_frames_registry[nodeID] = _this.nodes_to_frames_registry[nodeID].filter((frameNodeUuid) => { + return frameNodeUuid != frameUuid; + }) + }) + delete this.frame_to_nodes_registry[frameUuid]; + delete this.drawflow.drawflow[moduleName].data._frames[frameUuid]; + this.dispatch('frameNodeRemoved', frameUuid); + } + + getModuleFromNodeId(id) { + var nameModule; + const editor = this.drawflow.drawflow + Object.keys(editor).map(function (moduleName, index) { + Object.keys(editor[moduleName].data).map(function (node, index2) { + if (node == id) { + nameModule = moduleName; + } + }) + }); + return nameModule; + } + + addModule(name) { + this.drawflow.drawflow[name] = { "data": { "_frames": {} } }; + this.dispatch('moduleCreated', name); + } + changeModule(name) { + this.dispatch('moduleChanged', name); + this.module = name; + this.precanvas.innerHTML = ""; + this.canvas_x = 0; + this.canvas_y = 0; + this.pos_x = 0; + this.pos_y = 0; + this.mouse_x = 0; + this.mouse_y = 0; + this.zoom = 1; + this.zoom_last_value = 1; + this.precanvas.style.transform = ''; + this.import(this.drawflow, false); + } + + removeModule(name) { + if (this.module === name) { + this.changeModule('Home'); + } + delete this.drawflow.drawflow[name]; + this.dispatch('moduleRemoved', name); + } + + clearModuleSelected() { + this.precanvas.innerHTML = ""; + this.drawflow.drawflow[this.module] = { "data": { "_frames": {}} }; + this.frame_to_nodes_registry = {}; + this.nodes_to_frames_registry = {}; + } + + clear() { + this.precanvas.innerHTML = ""; + this.drawflow = { "drawflow": { "Home": { "data": { "_frames": {} } } } }; + this.frame_to_nodes_registry = {}; + this.nodes_to_frames_registry = {}; + } + export() { + const dataExport = JSON.parse(JSON.stringify(this.drawflow)); + this.dispatch('export', dataExport); + return dataExport; + } + + import(data, notifi = true) { + this.clear(); + this.drawflow = JSON.parse(JSON.stringify(data)); + this.load(); + if (notifi) { + this.dispatch('import', 'import'); + } + } + + /* Events */ + on(event, callback) { + // Check if the callback is not a function + if (typeof callback !== 'function') { + console.error(`The listener callback must be a function, the given type is ${typeof callback}`); + return false; + } + // Check if the event is not a string + if (typeof event !== 'string') { + console.error(`The event name must be a string, the given type is ${typeof event}`); + return false; + } + // Check if this event not exists + if (this.events[event] === undefined) { + this.events[event] = { + listeners: [] + } + } + this.events[event].listeners.push(callback); + } + + removeListener(event, callback) { + // Check if this event not exists + + if (!this.events[event]) return false + + const listeners = this.events[event].listeners + const listenerIndex = listeners.indexOf(callback) + const hasListener = listenerIndex > -1 + if (hasListener) listeners.splice(listenerIndex, 1) + } + + dispatch(event, details) { + // Check if this event not exists + if (this.events[event] === undefined) { + // console.error(`This event: ${event} does not exist`); + return false; + } + this.events[event].listeners.forEach((listener) => { + listener(details); + }); + } + + getUuid() { + // http://www.ietf.org/rfc/rfc4122.txt + var s = []; + var hexDigits = "0123456789abcdef"; + for (var i = 0; i < 36; i++) { + s[i] = hexDigits.substr(Math.floor(Math.random() * 0x10), 1); + } + s[14] = "4"; // bits 12-15 of the time_hi_and_version field to 0010 + s[19] = hexDigits.substr((s[19] & 0x3) | 0x8, 1); // bits 6-7 of the clock_seq_hi_and_reserved to 01 + s[8] = s[13] = s[18] = s[23] = "-"; + + var uuid = s.join(""); + return uuid; + } +} diff --git a/app/webroot/js/event-distribution-graph.js b/app/webroot/js/event-distribution-graph.js index 59cbb9f8f..9cda4334a 100644 --- a/app/webroot/js/event-distribution-graph.js +++ b/app/webroot/js/event-distribution-graph.js @@ -8,15 +8,15 @@ var distribution_chart; var distributionData; function clickHandlerGraph(evt) { - var firstPoint = distribution_chart.getElementAtEvent(evt)[0]; + var firstPoint = distribution_chart.getElementsAtEventForMode(evt, 'nearest', { intersect: true }, false)[0]; var distribution_id; if (firstPoint) { - var value = distribution_chart.data.datasets[firstPoint._datasetIndex].data[firstPoint._index]; + var value = distribution_chart.data.datasets[firstPoint.datasetIndex].data[firstPoint.index]; if (value == 0) { document.getElementById('attributesFilterField').value = ""; filterAttributes('all'); } else { - distribution_id = distribution_chart.data.distribution[firstPoint._index].value; + distribution_id = distribution_chart.data.distribution[firstPoint.index].value; var value_to_set = String(distribution_id); value_to_set += distribution_id == event_distribution ? '|' + '5' : ''; value_to_set = value_to_set.split('|'); @@ -323,6 +323,9 @@ function construct_piechart(data) { count += data.event[i]; } if (count > 0) { + if (distribution_chart) { + distribution_chart.destroy() + } distribution_chart = new Chart(ctx, { type: 'doughnut', data: { @@ -331,13 +334,13 @@ function construct_piechart(data) { datasets: doughnut_dataset, }, options: { - title: { - display: false - }, animation: { duration: 500 }, - tooltips: { + title: { + display: false + }, + tooltip: { callbacks: { label: function(item, data) { return data.datasets[item.datasetIndex].label diff --git a/app/webroot/js/event-graph.js b/app/webroot/js/event-graph.js index 97cf672e8..f44bba489 100644 --- a/app/webroot/js/event-graph.js +++ b/app/webroot/js/event-graph.js @@ -636,7 +636,7 @@ class EventGraph { btn_plot.data('network-preview', preview); btn_plot.popover({ container: 'body', - content: function() { return ''; }, + content: function() { return ''; }, placement: 'right', trigger: 'hover', template: '', @@ -715,7 +715,7 @@ class EventGraph { if ( node.node_type == 'object' ) { var group = 'object'; var label = dataHandler.generate_label(node); - var labelHtml = label + '
' + escapeHtml(node.comment) + '' + var labelHtml = escapeHtml(label) + '
' + escapeHtml(node.comment) + '' label += ' ' + escapeHtml(node.comment) var striped_value = that.strip_text_value(label); node_conf = { @@ -742,7 +742,7 @@ class EventGraph { id: node.id, uuid: node.uuid, label: label, - title: label, + title: escapeHtml(label), group: group, mass: 20, color: { @@ -766,15 +766,15 @@ class EventGraph { node_conf = { id: node.id, label: striped_value, - title: label, + title: escapeHtml(label), group: group }; dataHandler.mapping_value_to_nodeID.set(label, node.id); } else { group = 'attribute'; - label = node.type + ': ' + node.label; + label = escapeHtml(node.type) + ': ' + node.label; label += ' ' + escapeHtml(node.comment) - var labelHtml = label + '
' + escapeHtml(node.comment) + '' + var labelHtml = escapeHtml(label) + '
' + escapeHtml(node.comment) + '' var striped_value = that.strip_text_value(label); node_conf = { id: node.id, @@ -822,7 +822,7 @@ class EventGraph { from: rel.from, to: rel.to, label: rel.type, - title: rel.comment, + title: escapeHtml(rel.comment), color: { opacity: 1.0, } @@ -1053,7 +1053,7 @@ class EventGraph { x: parent_pos.x, y: parent_pos.y, label: attr.object_relation + ': ' + striped_value, - title: attr.object_relation + ': ' + attr.value, + title: escapeHtml(attr.object_relation) + ': ' + escapeHtml(attr.value), group: 'obj_relation', color: { background: parent_color @@ -2002,7 +2002,7 @@ function reset_graph_history() { btn_plot.data('network-preview', preview); btn_plot.popover({ container: 'body', - content: function() { return ''; }, + content: function() { return ''; }, placement: 'right', trigger: 'hover', template: '', diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js index bb0d8a221..2286e4566 100644 --- a/app/webroot/js/event-timeline.js +++ b/app/webroot/js/event-timeline.js @@ -1,5 +1,6 @@ var max_displayed_char_timeline = 64; var imgSize = '80'; +var timeChart; var eventTimeline; var items_timeline; var items_backup; @@ -8,7 +9,7 @@ var mapping_text_to_id = new Map(); var user_manipulation = $('#event_timeline').data('user-manipulation'); var extended_text = $('#event_timeline').data('extended') == 1 ? "extended:1/" : ""; var container_timeline = document.getElementById('event_timeline'); -var hardThreshold = 1000; +var hardThreshold = 500; var softThreshold = 200; var timeline_disabled = false; var default_editable = { @@ -545,13 +546,14 @@ function enable_timeline() { }, success: function( data, textStatus, jQxhr ){ if (data.items.length > hardThreshold) { - $('#eventtimeline_div').html('
Timeline: Too much data to show
'); + $('#eventtimeline_div .sub-container').html('
Event timeline: Too much data to show. Showing timestamp distribution instead
'); timeline_disabled = true; + build_time_chart(data.items) return; } else if (data.items.length > softThreshold) { var res = confirm('You are about to draw a lot ('+data.items.length+') of items in the timeline. Do you wish to continue?'); if (!res) { - $('#eventtimeline_div').html('
Timeline: Too much data to show
'); + $('#eventtimeline_div .sub-container').html('
Timeline: Too much data to show
'); timeline_disabled = true; return; } @@ -694,6 +696,202 @@ $('#fullscreen-btn-timeline').click(function() { eventTimeline.setOptions({maxHeight: height_val}); }); +function build_timestamp_map(data) { + var timestampsMap = { + timestamp: {}, + first_seen: {}, + last_seen: {}, + sightings: {}, + } + data.forEach(function (item) { + if (item.timestamp) { + if (!timestampsMap.timestamp[item.timestamp]) { + timestampsMap.timestamp[item.timestamp] = 0 + } + timestampsMap.timestamp[item.timestamp] += 1 + } + if (item.first_seen) { + if (!timestampsMap.first_seen[item.first_seen]) { + timestampsMap.first_seen[item.first_seen] = 0 + } + timestampsMap.first_seen[item.first_seen] += 1 + } + if (item.last_seen) { + if (!timestampsMap.last_seen[item.last_seen]) { + timestampsMap.last_seen[item.last_seen] = 0 + } + timestampsMap.last_seen[item.last_seen] += 1 + } + if (item.date_sighting.length > 0) { + item.date_sighting.forEach(sighting => { + if (!timestampsMap.sightings[sighting]) { + timestampsMap.sightings[sighting] = 0 + } + timestampsMap.sightings[sighting] += 1 + }); + } + }) + return timestampsMap +} + +function build_time_chart(data) { + var timestampsMap = build_timestamp_map(data) + var timestampData = [] + var timestampFSData = [] + var timestampLSData = [] + var timestampSightingsData = [] + Object.keys(timestampsMap.timestamp).forEach(function (time) { + timestampData.push({ + timestamp: moment.unix(time), + amount: timestampsMap.timestamp[time], + }) + }) + Object.keys(timestampsMap.first_seen).forEach(function (time) { + timestampFSData.push({ + timestamp: moment(time), + amount: timestampsMap.first_seen[time], + }) + }) + Object.keys(timestampsMap.last_seen).forEach(function (time) { + timestampLSData.push({ + timestamp: moment(time), + amount: timestampsMap.last_seen[time], + }) + }) + Object.keys(timestampsMap.sightings).forEach(function (time) { + timestampSightingsData.push({ + timestamp: moment.unix(time), + amount: timestampsMap.sightings[time], + }) + }) + timestampDataGrouped = [] + timestampData.map(function(item) { + var formatedDate = item.timestamp.format('YYYY-MM-d') + if (!timestampDataGrouped[formatedDate]) { + timestampDataGrouped[formatedDate] = { + timestamp: item.timestamp.startOf('day'), + amount: item.amount + } + } else { + timestampDataGrouped[formatedDate].amount += item.amount + } + }) + timestampFSDataGrouped = [] + timestampFSData.map(function(item) { + var formatedDate = item.timestamp.format('YYYY-MM-d') + if (!timestampFSDataGrouped[formatedDate]) { + timestampFSDataGrouped[formatedDate] = { + timestamp: item.timestamp.startOf('day'), + amount: item.amount + } + } else { + timestampFSDataGrouped[formatedDate].amount += item.amount + } + }) + timestampLSDataGrouped = [] + timestampLSData.map(function(item) { + var formatedDate = item.timestamp.format('YYYY-MM-d') + if (!timestampLSDataGrouped[formatedDate]) { + timestampLSDataGrouped[formatedDate] = { + timestamp: item.timestamp.startOf('day'), + amount: item.amount + } + } else { + timestampLSDataGrouped[formatedDate].amount += item.amount + } + }) + timestampSightingsDataGrouped = [] + timestampSightingsData.map(function(item) { + var formatedDate = item.timestamp.format('YYYY-MM-d') + if (!timestampSightingsDataGrouped[formatedDate]) { + timestampSightingsDataGrouped[formatedDate] = { + timestamp: item.timestamp.startOf('day'), + amount: item.amount + } + } else { + timestampSightingsDataGrouped[formatedDate].amount += item.amount + } + }) + timestampDataGrouped = Object.values(timestampDataGrouped) + timestampFSDataGrouped = Object.values(timestampFSDataGrouped) + timestampLSDataGrouped = Object.values(timestampLSDataGrouped) + timestampSightingsDataGrouped = Object.values(timestampSightingsDataGrouped) + var data = { + datasets: [ + { + label: 'Timestamps', + data: timestampDataGrouped, + type: 'bar', + parsing: { + xAxisKey: 'timestamp', + yAxisKey: 'amount' + }, + }, + { + label: 'first_seen Timestamps', + data: timestampFSDataGrouped, + type: 'bar', + parsing: { + xAxisKey: 'timestamp', + yAxisKey: 'amount' + }, + }, + { + label: 'last_seen Timestamps', + data: timestampLSDataGrouped, + type: 'bar', + parsing: { + xAxisKey: 'timestamp', + yAxisKey: 'amount' + }, + }, + { + label: 'Sightings', + data: timestampSightingsDataGrouped, + type: 'line', + parsing: { + xAxisKey: 'timestamp', + yAxisKey: 'amount' + }, + }, + ] + } + var config = { + type: 'line', + data: data, + options: { + plugins: { + title: { + display: true, + text: 'Time Occurences' + } + }, + scales: { + x: { + type: 'timeseries', + display: true, + offset: true, + time: { + unit: 'day', + round: 'day', + tooltipFormat: "YYYY-MM-d", + }, + }, + y: { + type: 'logarithmic', + ticks: { + callback: function (val, index) { + return val % 1 === 0 ? this.getLabelForValue(val) : ''; + }, + }, + } + } + }, + } + var ctx = document.getElementById('timechart-canvas') + timeChart = new Chart(ctx, config) +} + // init_scope_menu var menu_scope_timeline, menu_display_timeline; function init_popover() { diff --git a/app/webroot/js/keyboard-shortcuts-definition.js b/app/webroot/js/keyboard-shortcuts-definition.js index ad60c185c..b23d77dbb 100644 --- a/app/webroot/js/keyboard-shortcuts-definition.js +++ b/app/webroot/js/keyboard-shortcuts-definition.js @@ -45,6 +45,13 @@ function getShortcutsDefinition(controller, action) { $('#create-button').click(); } }); + shortcuts.push({ + "key": "o", + "description": "Add an object", + "action": function () { + $('#object-button').click(); + } + }); shortcuts.push({ "key": "s", "description": "Focus the filter attribute bar", diff --git a/app/webroot/js/markdownEditor/event-report.js b/app/webroot/js/markdownEditor/event-report.js index 7e9b6d23c..9096de7a6 100644 --- a/app/webroot/js/markdownEditor/event-report.js +++ b/app/webroot/js/markdownEditor/event-report.js @@ -886,7 +886,7 @@ function markdownItToggleRenderingRule(rulename, event) { event.stopPropagation() } if (renderingRules[rulename] === undefined) { - console.log('Rule does not exists') + console.log('Rule does not exist') return } renderingRules[rulename] = !renderingRules[rulename] diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index 3f987037b..51b726caa 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -58,7 +58,7 @@ function rgb2hex(rgb) { function xhrFailCallback(xhr) { if (xhr.status === 0) { showMessage('fail', 'Something went wrong – server is not responding.'); - } if (xhr.status === 401) { + } else if (xhr.status === 401) { showMessage('fail', 'Unauthorized. Please reload page to log again.'); } else if (xhr.status === 403 || xhr.status === 405) { showMessage('fail', 'Not allowed.'); @@ -347,26 +347,36 @@ function submitPasswordReset(id) { }); } -function submitMessageForm(url, form, target) { +function submitMessageForm(url) { if (!$('#PostMessage').val()) { showMessage("fail", "Cannot submit empty message."); } else { - submitGenericForm(url, form, target); + var message = $('#PostMessage').val() + fetchFormDataAjax(url, function (formData) { + var $formData = $(formData); + $formData.find('#PostMessage').val(message); + $.ajax({ + data: $formData.find('form').serialize(), + beforeSend: function () { + $(".loading").show(); + }, + success: function (data) { + showMessage("success", "Message added."); + $('#top').html(data); + }, + error: function () { + showMessage('fail', 'Could not add message.'); + }, + complete: function () { + $(".loading").hide(); + }, + type: "post", + url: $formData.find('form').attr('action') + }); + }); } } -function submitGenericForm(url, form, target) { - xhr({ - data: $('#' + form).serialize(), - success:function (data, textStatus) { - $('#top').html(data); - showMessage("success", "Message added."); - }, - type: "post", - url: url, - }); -} - function acceptObject(type, id) { var name = '#ShadowAttribute_' + id + '_accept'; var formData = $(name).serialize(); @@ -475,7 +485,7 @@ function updateFieldOnSuccess($td, type, id, field) { $(".loading").show(); } }, - dataType:"html", + dataType: "html", cache: false, success: function (data) { if (field !== 'timestamp') { @@ -667,8 +677,9 @@ function submitForm($td, type, id, field) { var field = $(this).data('edit-field'); quickEditHover(this, type, objectId, field); }); - // Show popover with advanced sigtings information about given or selected attributes - $(document.body).on('click', '.sightings_advanced_add', function() { + // Show popover with advanced sightings information about given or selected attributes + $(document.body).on('click', '.sightings_advanced_add', function(e) { + e.preventDefault(); var object_context = $(this).data('object-context'); var object_id = $(this).data('object-id'); if (object_id === 'selected') { @@ -913,10 +924,18 @@ function toggleAllTaxonomyCheckboxes() { function attributeListAnyAttributeCheckBoxesChecked() { if ($('.select_attribute:checked').length > 0) { $('.mass-select').removeClass('hidden'); - $('#create-button').removeClass('last'); + if ($("#object-button").length) { + $("#object-button").removeClass('last'); + } else { + $('#create-button').removeClass('last'); + } } else { $('.mass-select').addClass('hidden'); - $('#create-button').addClass('last'); + if ($("#object-button").length) { + $("#object-button").addClass('last'); + } else { + $('#create-button').addClass('last'); + } } } @@ -1695,7 +1714,7 @@ function openPopup(id, adjust_layout, callback) { $id.addClass('vertical-scroll'); } else { if (window_height > (300 + popup_height)) { - var top_offset = ((window_height - popup_height) / 2) - 150; + var top_offset = ((window_height - popup_height) / 2) - 125; } else { var top_offset = (window_height - popup_height) / 2; } @@ -1979,9 +1998,9 @@ function choicePopup(legend, list) { openPopup("#popover_form"); } -function openModal(heading, body, footer, modal_option, css_container, css_body) { +function openModal(heading, body, footer, modal_option, css_container, css_body, class_container) { var modal_id = 'dynamic_modal_' + new Date().getTime(); - var modal_html = '