From aea079b8c48032e8c70441efc8ddafdb8667c977 Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Wed, 25 Apr 2012 10:30:23 +0200
Subject: [PATCH] bugfix in Attribute validation Do not search for related
 attributes for specific types

---
 app/Controller/EventsController.php |  9 ++++++---
 app/Model/Attribute.php             | 31 +++++++++++++++++++++--------
 app/Model/Event.php                 |  3 +++
 app/View/Events/view.ctp            |  4 ++--
 4 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index dd84c0f3b..accfb1ccb 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -92,9 +92,12 @@ class EventsController extends AppController {
         // This is a lot faster (only additional query) than $this->Event->getRelatedEvents()
         $relatedEventIds = array();
         $relatedEvents = array();
-        foreach ($relatedAttributes as $relatedAttribute)
-            foreach ($relatedAttribute as $item)
-            $relatedEventsIds[] = $item['Attribute']['event_id'];
+        foreach ($relatedAttributes as $relatedAttribute) {
+            if (null == $relatedAttribute) continue;
+            foreach ($relatedAttribute as $item) {
+                $relatedEventsIds[] = $item['Attribute']['event_id'];
+            }
+        }
         if (isset($relatedEventsIds)) {
             $relatedEventsIds = array_unique($relatedEventsIds);
             $find_params = array(
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 5b4fc1f95..b6cdece34 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -205,6 +205,8 @@ class Attribute extends AppModel {
 	        // lowercase these things
 	        case 'md5':
 	        case 'sha1':
+	        case 'domain':
+	        case 'hostname':
 	            $this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
 	            break;
 	    }
@@ -265,13 +267,13 @@ class Attribute extends AppModel {
 	            break;
 	        case 'filename|md5':
 	            // no newline
-	            if (preg_match("#^.*|[0-9a-f]{32}$#", $value))
+	            if (preg_match("#^.+\|[0-9a-f]{32}$#", $value))
 	                return true;
 	            return 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
 	            break;
             case 'filename|sha1':
                 // no newline
-                if (preg_match("#^.*|[0-9a-f]{40}$#", $value))
+                if (preg_match("#^.+\|[0-9a-f]{40}$#", $value))
                     return true;
                 return 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
                 break;
@@ -352,7 +354,7 @@ class Attribute extends AppModel {
 	            break;
 	        case 'regkey|value':
 	            // no newline
-	            if (!preg_match("#.*|.*#", $value))
+	            if (!preg_match("#.+\|.+#", $value))
 	                return true;
 	            break;
 	        case 'snort':
@@ -375,12 +377,25 @@ class Attribute extends AppModel {
 	}
 
 	function getRelatedAttributes($attribute, $fields=array()) {
-	    // LATER there should be a list of types/categories included here as some are not eligible (AV detection category
-	    // or "other" type could be excluded)
 	    // LATER getRelatedAttributes($attribute) this might become a performance bottleneck
-	    $conditions = array('Attribute.value =' => $attribute['value'],
-	        					'Attribute.id !=' => $attribute['id'],
-	        					'Attribute.type =' => $attribute['type'], );
+
+	    // exclude these specific categories to be linked
+	    switch ($attribute['category']) {
+	        case 'Antivirus detection':
+	            return null;
+	    }
+        // exclude these specific types to be linked
+        switch ($attribute['type']) {
+            case 'description':
+            case 'other':
+                return null;
+        }
+
+        // do the search
+        $conditions = array(
+                'Attribute.value =' => $attribute['value'],
+                'Attribute.id !=' => $attribute['id'],
+                'Attribute.type =' => $attribute['type'], );
 	    if (empty($fields)) {
 	        $fields = array('Attribute.*');
 	    }
diff --git a/app/Model/Event.php b/app/Model/Event.php
index 7075876fe..5acbbc855 100644
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -149,6 +149,9 @@ class Event extends AppModel {
 	}
 
 	function getRelatedEvents() {
+	    // FIXME rewrite this to use the getRelatedAttributes function from the Attributes Model.
+	    // only this way the code will be consistent
+
 	    // first get a list of related event_ids
 	    // then do a single query to search for all the events with that id
 	    $relatedEventIds = Array();
diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp
index 2234c93c4..8c3f34738 100755
--- a/app/View/Events/view.ctp
+++ b/app/View/Events/view.ctp
@@ -128,11 +128,11 @@
     			        echo ' ';
     			    }
     			}
-    			?>
+    			?>&nbsp;
     			</td>
     			<td class="short" style="text-align: center;"><?php echo $attribute['to_ids'] ? 'Yes' : 'No';?></td>
     			<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
-    			<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '';?></td>
+    			<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '&nbsp;';?></td>
     			<?php endif;?>
     			<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
     			<td class="actions">