MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4252 from mokaddem/sightingFiltering 

Sighting filtering
pull/3660/merge
Steve Clement 2019-03-28 14:50:15 +01:00 committed by GitHub
parent 0e4f66ee57 f78734d92e
commit b2191c9927
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 91 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/EventsController.php
View File

@ -26,7 +26,7 @@ class EventsController extends AppController
); );
private $acceptedFilteringNamedParams = array('sort', 'direction', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'attributeFilter', 'extended', 'page', private $acceptedFilteringNamedParams = array('sort', 'direction', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'attributeFilter', 'extended', 'page',
'searchFor', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'feed', 'server', 'toIDS' 'searchFor', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'feed', 'server', 'toIDS', 'sighting'
); );
public $defaultFilteringRules = array( public $defaultFilteringRules = array(
@ -41,6 +41,7 @@ class EventsController extends AppController
'feed' => 0, 'feed' => 0,
'server' => 0, 'server' => 0,
'distribution' => array(0, 1, 2, 3, 4, 5), 'distribution' => array(0, 1, 2, 3, 4, 5),
'sighting' => 0,
'taggedAttributes' => '', 'taggedAttributes' => '',
'galaxyAttachedAttributes' => '' 'galaxyAttachedAttributes' => ''
); );
@ -1134,7 +1135,9 @@ class EventsController extends AppController
$filters['sort'] = 'timestamp'; $filters['sort'] = 'timestamp';
$filters['direction'] = 'desc'; $filters['direction'] = 'desc';
} }
$params = $this->Event->rearrangeEventForView($event, $filters, $all); $sightingsData = $this->Event->getSightingData($event);
$this->set('sightingsData', $sightingsData);
$params = $this->Event->rearrangeEventForView($event, $filters, $all, $sightingsData);
$this->params->params['paging'] = array($this->modelClass => $params); $this->params->params['paging'] = array($this->modelClass => $params);
// workaround to get the event dates in to the attribute relations // workaround to get the event dates in to the attribute relations
$relatedDates = array(); $relatedDates = array();
@ -1165,8 +1168,6 @@ class EventsController extends AppController
$this->set($variable, $currentModel->{$variable}); $this->set($variable, $currentModel->{$variable});
} }
} }
$sightingsData = $this->Event->getSightingData($event);
$this->set('sightingsData', $sightingsData);
if (Configure::read('Plugin.Enrichment_services_enable')) { if (Configure::read('Plugin.Enrichment_services_enable')) {
$this->loadModel('Module'); $this->loadModel('Module');
$modules = $this->Module->getEnabledModules($this->Auth->user()); $modules = $this->Module->getEnabledModules($this->Auth->user());
@ -1380,7 +1381,9 @@ class EventsController extends AppController
} }
} }
unset($modificationMap); unset($modificationMap);
$params = $this->Event->rearrangeEventForView($event, $filters); $sightingsData = $this->Event->getSightingData($event);
$this->set('sightingsData', $sightingsData);
$params = $this->Event->rearrangeEventForView($event, $filters, false, $sightingsData);
$this->params->params['paging'] = array($this->modelClass => $params); $this->params->params['paging'] = array($this->modelClass => $params);
$this->set('event', $event); $this->set('event', $event);
@ -1423,8 +1426,6 @@ class EventsController extends AppController
'recursive' => -1, 'recursive' => -1,
'contain' => array('Org', 'RequesterOrg')))); 'contain' => array('Org', 'RequesterOrg'))));
} }
$sightingsData = $this->Event->getSightingData($event);
$this->set('sightingsData', $sightingsData);
if (Configure::read('Plugin.Enrichment_services_enable')) { if (Configure::read('Plugin.Enrichment_services_enable')) {
$this->loadModel('Module'); $this->loadModel('Module');
$modules = $this->Module->getEnabledModules($this->Auth->user()); $modules = $this->Module->getEnabledModules($this->Auth->user());

61
app/Model/Event.php
View File

@ -4412,7 +4412,8 @@ class Event extends AppModel
$correlatedShadowAttributes, $correlatedShadowAttributes,
$filterType = false, $filterType = false,
&$eventWarnings, &$eventWarnings,
$warningLists $warningLists,
$sightingsData
) { ) {
$attribute['objectType'] = 'attribute'; $attribute['objectType'] = 'attribute';
$include = true; $include = true;
@ -4462,6 +4463,15 @@ class Event extends AppModel
$include = $include && ($filterType['server'] == 2); $include = $include && ($filterType['server'] == 2);
} }
/* sightings */
if ($filterType['sighting'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (isset($sightingsData['data'][$attribute['id']])) { // `include only`
$include = $include && ($filterType['sighting'] == 1);
} else { // `exclude`
$include = $include && ($filterType['sighting'] == 2);
}
/* TypeGroupings */ /* TypeGroupings */
if ( if (
$filterType['attributeFilter'] != 'all' $filterType['attributeFilter'] != 'all'
@ -4574,7 +4584,8 @@ class Event extends AppModel
$correlatedShadowAttributes, $correlatedShadowAttributes,
$filterType = false, $filterType = false,
&$eventWarnings, &$eventWarnings,
$warningLists $warningLists,
$sightingsData
) { ) {
$object['category'] = $object['meta-category']; $object['category'] = $object['meta-category'];
$proposal['objectType'] = 'object'; $proposal['objectType'] = 'object';
@ -4590,7 +4601,8 @@ class Event extends AppModel
$correlatedShadowAttributes, $correlatedShadowAttributes,
false, false,
$eventWarnings, $eventWarnings,
$warningLists $warningLists,
$sightingsData
); );
if ($result['include']) { if ($result['include']) {
$temp[] = $result['data']; $temp[] = $result['data'];
@ -4604,16 +4616,17 @@ class Event extends AppModel
|| $filterType['correlation'] != 0 || $filterType['correlation'] != 0
|| $filterType['proposal'] != 0 || $filterType['proposal'] != 0
|| $filterType['warning'] != 0 || $filterType['warning'] != 0
|| $filterType['sighting'] != 0
|| $filterType['feed'] != 0 || $filterType['feed'] != 0
|| $filterType['server'] != 0 || $filterType['server'] != 0
) { ) {
$include = $this->__checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes); $include = $this->__checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes, $sightingsData);
} }
return array('include' => $include, 'data' => $object); return array('include' => $include, 'data' => $object);
} }
private function __checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes) private function __checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes, $sightingsData)
{ {
$include = true; $include = true;
@ -4697,6 +4710,35 @@ class Event extends AppModel
} }
} }
/* sighting */
if ($filterType['sighting'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if ($filterType['sighting'] == 1 || $filterType['sighting'] == 2) {
$flagKeep = false;
foreach ($object['Attribute'] as $k => $attribute) { // check if object contains at least 1 warning
if (isset($sightingsData['data'][$attribute['id']])) {
$flagKeep = ($filterType['sighting'] == 1); // keep if server are included
} else {
$flagKeep = ($filterType['sighting'] == 2); // keep if server are excluded
}
if (!$flagKeep && !empty($attribute['ShadowAttribute'])) {
foreach ($attribute['ShadowAttribute'] as $shadowAttribute) {
if (isset($sightingsData['data'][$attribute['id']])) {
$flagKeep = ($filterType['sighting'] == 1); // do not keep if server are excluded
break;
}
}
}
if ($flagKeep) {
break;
}
}
if (!$flagKeep) {
$include = false;
return $include;
}
}
/* feed */ /* feed */
if ($filterType['feed'] == 0) { // `both` if ($filterType['feed'] == 0) { // `both`
// pass, do not consider as `both` is selected // pass, do not consider as `both` is selected
@ -4790,7 +4832,7 @@ class Event extends AppModel
return $object; return $object;
} }
public function rearrangeEventForView(&$event, $passedArgs = array(), $all = false) public function rearrangeEventForView(&$event, $passedArgs = array(), $all = false, $sightingsData=array())
{ {
$this->Warninglist = ClassRegistry::init('Warninglist'); $this->Warninglist = ClassRegistry::init('Warninglist');
$warningLists = $this->Warninglist->fetchForEventView(); $warningLists = $this->Warninglist->fetchForEventView();
@ -4807,6 +4849,7 @@ class Event extends AppModel
'warning' => isset($passedArgs['warning']) ? $passedArgs['warning'] : 0, 'warning' => isset($passedArgs['warning']) ? $passedArgs['warning'] : 0,
'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0, 'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0,
'toIDS' => isset($passedArgs['toIDS']) ? $passedArgs['toIDS'] : 0, 'toIDS' => isset($passedArgs['toIDS']) ? $passedArgs['toIDS'] : 0,
'sighting' => isset($passedArgs['sighting']) ? $passedArgs['sighting'] : 0,
'feed' => isset($passedArgs['feed']) ? $passedArgs['feed'] : 0, 'feed' => isset($passedArgs['feed']) ? $passedArgs['feed'] : 0,
'server' => isset($passedArgs['server']) ? $passedArgs['server'] : 0 'server' => isset($passedArgs['server']) ? $passedArgs['server'] : 0
); );
@ -4827,7 +4870,8 @@ class Event extends AppModel
$correlatedShadowAttributes, $correlatedShadowAttributes,
$filterType, $filterType,
$eventWarnings, $eventWarnings,
$warningLists $warningLists,
$sightingsData
); );
if ($result['include']) { if ($result['include']) {
$event['objects'][] = $result['data']; $event['objects'][] = $result['data'];
@ -4855,7 +4899,8 @@ class Event extends AppModel
$correlatedShadowAttributes, $correlatedShadowAttributes,
$filterType, $filterType,
$eventWarnings, $eventWarnings,
$warningLists $warningLists,
$sightingsData
); );
if ($result['include']) { if ($result['include']) {
$event['objects'][] = $result['data']; $event['objects'][] = $result['data'];

22
app/View/Elements/Events/View/eventFilteringQueryBuilder.ctp
View File

@ -182,6 +182,21 @@ function triggerEventFilteringTool(clicked) {
5: "Inherit", 5: "Inherit",
} }
}, },
{
"input": "radio",
"type": "integer",
"operators": [
"equal",
],
"unique": true,
"id": "sighting",
"label": "Sightings",
"values": {
0: "Both",
1: "Have sighting(s) only",
2: "Doesn\'t have sighting(s)"
}
},
<?php if (!empty($attributeTags)): ?> <?php if (!empty($attributeTags)): ?>
{ {
"input": "select", "input": "select",
@ -305,6 +320,13 @@ function triggerEventFilteringTool(clicked) {
value: <?php echo isset($filters['server']) ? h($filters['server']) : 0; ?> value: <?php echo isset($filters['server']) ? h($filters['server']) : 0; ?>
}, },
<?php endif; ?> <?php endif; ?>
<?php if (count($advancedFilteringActiveRules) == 0 || isset($advancedFilteringActiveRules['sighting'])): ?>
{
field: 'sighting',
id: 'sighting',
value: <?php echo isset($filters['sighting']) ? h($filters['sighting']) : 0; ?>
},
<?php endif; ?>
<?php if (count($advancedFilteringActiveRules) == 0 || isset($advancedFilteringActiveRules['distribution'])): ?> <?php if (count($advancedFilteringActiveRules) == 0 || isset($advancedFilteringActiveRules['distribution'])): ?>
{ {
field: 'distribution', field: 'distribution',

10
app/View/Elements/Events/eventIndexTable.ctp
View File

@ -172,9 +172,15 @@
</td> </td>
<?php endif; ?> <?php endif; ?>
<?php if (Configure::read('MISP.showSightingsCountOnIndex')):?> <?php if (Configure::read('MISP.showSightingsCountOnIndex')):?>
<td class = "bold" style="width:30px;" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'" title="<?php echo (!empty($event['Event']['sightings_count']) ? h($event['Event']['sightings_count']) : '0') . ' sighting(s)';?>"> <td class = "bold" style="width:30px;">
<?php echo !empty($event['Event']['sightings_count']) ? h($event['Event']['sightings_count']) : ''; ?>&nbsp; <?php if (!empty($event['Event']['sightings_count'])): ?>
<a href="<?php echo $baseurl."/events/view/" . h($event['Event']['id']) . '/sighting:1';?>" title="<?php echo (!empty($event['Event']['sightings_count']) ? h($event['Event']['sightings_count']) : '0') . ' sighting(s). Show filtered event with sighting(s) only.';?>">
<?php echo h($event['Event']['sightings_count']); ?>&nbsp;
</a>
<?php endif; ?>
</td> </td>
<?php endif; ?> <?php endif; ?>
<?php if (Configure::read('MISP.showProposalsOnIndex')): ?> <?php if (Configure::read('MISP.showProposalsOnIndex')): ?>
<td class = "bold" style="width:30px;" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'" title="<?php echo (!empty($event['Event']['proposals_count']) ? h($event['Event']['proposals_count']) : '0') . __(' proposal(s)');?>"> <td class = "bold" style="width:30px;" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'" title="<?php echo (!empty($event['Event']['proposals_count']) ? h($event['Event']['proposals_count']) : '0') . __(' proposal(s)');?>">