mirror of https://github.com/MISP/MISP
commit
aee185be99
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":94}
|
||||
{"major":2, "minor":3, "hotfix":95}
|
|
@ -116,29 +116,24 @@ class ComplexTypeTool {
|
|||
|
||||
// check for domain name, hostname, filename
|
||||
if (strpos($input, '.') !== false) {
|
||||
$extra = '';
|
||||
$temp = explode('.', $input);
|
||||
if (strpos($temp[0], ':')) {
|
||||
$extra = '([a-z0-9]+):\/\/';
|
||||
}
|
||||
|
||||
// check if it is a URL
|
||||
// Adding http:// infront of the input in case it was left off. github.com/MISP/MISP should still be counted as a valid link
|
||||
if (filter_var($input2, FILTER_VALIDATE_URL) || filter_var('http://' . $input2, FILTER_VALIDATE_URL)) {
|
||||
if (preg_match('/^https:\/\/www.virustotal.com\//i', $input2)) return array('types' => array('link'), 'to_ids' => true, 'default_type' => 'link', 'comment' => $comment, 'value' => $input2);
|
||||
return array('types' => array('url'), 'to_ids' => true, 'default_type' => 'url', 'comment' => $comment, 'value' => $input2);
|
||||
}
|
||||
|
||||
|
||||
//if (filter_var($input, FILTER_VALIDATE_URL)) {
|
||||
if (preg_match('/^' . $extra . '([-\pL\pN]+\.)+([a-z][a-z]|biz|cat|com|edu|gov|int|mil|net|org|pro|tel|aero|arpa|asia|coop|info|jobs|mobi|name|museum|travel)(:[0-9]{2,5})?$/u', $input)) {
|
||||
if (preg_match('/^([-\pL\pN]+\.)+([a-z][a-z]|biz|cat|com|edu|gov|int|mil|net|org|pro|tel|aero|arpa|asia|coop|info|jobs|mobi|name|museum|travel)(:[0-9]{2,5})?$/u', $input)) {
|
||||
if (count($temp) > 2) {
|
||||
return array('types' => array('hostname', 'domain'), 'to_ids' => true, 'default_type' => 'hostname', 'comment' => $comment, 'value' => $input2);
|
||||
return array('types' => array('hostname', 'domain', 'url'), 'to_ids' => true, 'default_type' => 'hostname', 'comment' => $comment, 'value' => $input2);
|
||||
} else {
|
||||
return array('types' => array('domain'), 'to_ids' => true, 'default_type' => 'domain', 'comment' => $comment, 'value' => $input2);
|
||||
}
|
||||
} else {
|
||||
// check if it is a URL
|
||||
// Adding http:// infront of the input in case it was left off. github.com/MISP/MISP should still be counted as a valid link
|
||||
if (filter_var($input2, FILTER_VALIDATE_URL) || filter_var('http://' . $input2, FILTER_VALIDATE_URL)) {
|
||||
if (preg_match('/^https:\/\/www.virustotal.com\//i', $input2)) return array('types' => array('link'), 'to_ids' => true, 'default_type' => 'link', 'comment' => $comment, 'value' => $input2);
|
||||
return array('types' => array('url'), 'to_ids' => true, 'default_type' => 'url', 'comment' => $comment, 'value' => $input2);
|
||||
}
|
||||
if ($this->__resolveFilename($input)) return array('types' => array('filename'), 'to_ids' => true, 'default_type' => 'filename');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (strpos($input, '\\') !== false) {
|
||||
|
|
Loading…
Reference in New Issue