MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

bugfix in Attribute validation 

Do not search for related attributes for specific types
pull/61/head
Christophe Vandeplas 2012-04-25 10:30:23 +02:00
parent d0b52de85e
commit aea079b8c4
4 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controller/EventsController.php
View File

@ -92,9 +92,12 @@ class EventsController extends AppController {
// This is a lot faster (only additional query) than $this->Event->getRelatedEvents()
$relatedEventIds = array();
$relatedEvents = array();
foreach ($relatedAttributes as $relatedAttribute)
foreach ($relatedAttribute as $item)
$relatedEventsIds[] = $item['Attribute']['event_id'];
foreach ($relatedAttributes as $relatedAttribute) {
if (null == $relatedAttribute) continue;
foreach ($relatedAttribute as $item) {
$relatedEventsIds[] = $item['Attribute']['event_id'];
}
}
if (isset($relatedEventsIds)) {
$relatedEventsIds = array_unique($relatedEventsIds);
$find_params = array(

31
app/Model/Attribute.php
View File

@ -205,6 +205,8 @@ class Attribute extends AppModel {
// lowercase these things
case 'md5':
case 'sha1':
case 'domain':
case 'hostname':
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
break;
}
@ -265,13 +267,13 @@ class Attribute extends AppModel {
break;
case 'filename|md5':
// no newline
if (preg_match("#^.*|[0-9a-f]{32}$#", $value))
if (preg_match("#^.+\|[0-9a-f]{32}$#", $value))
return true;
return 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
break;
case 'filename|sha1':
// no newline
if (preg_match("#^.*|[0-9a-f]{40}$#", $value))
if (preg_match("#^.+\|[0-9a-f]{40}$#", $value))
return true;
return 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
break;
@ -352,7 +354,7 @@ class Attribute extends AppModel {
break;
case 'regkey|value':
// no newline
if (!preg_match("#.*|.*#", $value))
if (!preg_match("#.+\|.+#", $value))
return true;
break;
case 'snort':
@ -375,12 +377,25 @@ class Attribute extends AppModel {
}
function getRelatedAttributes($attribute, $fields=array()) {
// LATER there should be a list of types/categories included here as some are not eligible (AV detection category
// or "other" type could be excluded)
// LATER getRelatedAttributes($attribute) this might become a performance bottleneck
$conditions = array('Attribute.value =' => $attribute['value'],
'Attribute.id !=' => $attribute['id'],
'Attribute.type =' => $attribute['type'], );
// exclude these specific categories to be linked
switch ($attribute['category']) {
case 'Antivirus detection':
return null;
}
// exclude these specific types to be linked
switch ($attribute['type']) {
case 'description':
case 'other':
return null;
}
// do the search
$conditions = array(
'Attribute.value =' => $attribute['value'],
'Attribute.id !=' => $attribute['id'],
'Attribute.type =' => $attribute['type'], );
if (empty($fields)) {
$fields = array('Attribute.*');
}

3
app/Model/Event.php
View File

@ -149,6 +149,9 @@ class Event extends AppModel {
}
function getRelatedEvents() {
// FIXME rewrite this to use the getRelatedAttributes function from the Attributes Model.
// only this way the code will be consistent
// first get a list of related event_ids
// then do a single query to search for all the events with that id
$relatedEventIds = Array();

4
app/View/Events/view.ctp
View File

@ -128,11 +128,11 @@
echo ' ';
}
}
?>
?> 
</td>
<td class="short" style="text-align: center;"><?php echo $attribute['to_ids'] ? 'Yes' : 'No';?></td>
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '';?></td>
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<td class="actions">