From 6e240699abaac5a78bc4f97012e6deda239a6747 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 16 Mar 2020 13:24:01 +0100
Subject: [PATCH 01/21] new: [dashboard] multi line chart UI added

---
 .../dashboard/Widgets/MultiBarChart.ctp       |  32 ------
 .../dashboard/Widgets/MultiLineChart.ctp      | 100 ++++++++++++++++++
 app/webroot/css/multi-line-chart.css          |  20 ++++
 3 files changed, 120 insertions(+), 32 deletions(-)
 delete mode 100644 app/View/Elements/dashboard/Widgets/MultiBarChart.ctp
 create mode 100644 app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
 create mode 100644 app/webroot/css/multi-line-chart.css

diff --git a/app/View/Elements/dashboard/Widgets/MultiBarChart.ctp b/app/View/Elements/dashboard/Widgets/MultiBarChart.ctp
deleted file mode 100644
index 93d1472c8..000000000
--- a/app/View/Elements/dashboard/Widgets/MultiBarChart.ctp
+++ /dev/null
@@ -1,32 +0,0 @@
-<table style="border-spacing:0px;">
-<?php
-    if (!empty($data['logarithmic'])) {
-        $max = max($data['logarithmic']);
-    } else {
-        $max = max($data['data']);
-    }
-    foreach ($data['data'] as $entry => $count) {
-        $value = $count;
-        if (!empty($data['logarithmic'])) {
-            $value = $data['logarithmic'][$entry];
-        }
-        echo sprintf(
-            '<tr><td style="%s">%s</td><td style="%s">%s</td></tr>',
-            'text-align:right;width:33%;',
-            h($entry),
-            'width:100%',
-            sprintf(
-                '<div title="%s" style="%s">%s</div>',
-                h($entry) . ': ' . h($count),
-                sprintf(
-                    'background-color:%s; width:%s; color:white; text-align:center;',
-                    (empty($data['colours'][$entry]) ? '#0088cc' : h($data['colours'][$entry])),
-                    100 * h($value) / $max . '%;'
-                ),
-                h($count)
-            ),
-            '&nbsp;'
-        );
-    }
-?>
-</table>
diff --git a/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp b/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
new file mode 100644
index 000000000..a03955cc3
--- /dev/null
+++ b/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
@@ -0,0 +1,100 @@
+<?php
+    echo $this->Html->script('d3');
+    echo $this->Html->css('multi-line-chart');
+    $seed = rand();
+    if (!empty($data['formula'])) {
+        echo sprintf(
+            '<div style="width:100%%;text-align:center;" class="blue bold">%s</div>',
+            h($data['formula'])
+        );
+    }
+?>
+<svg id="svg-<?= $seed ?>" width="960" height="500"></svg>
+<script>
+
+var margin = {top: 20, right: 80, bottom: 30, left: 50},
+    width = 960 - margin.left - margin.right,
+    height = 500 - margin.top - margin.bottom;
+
+var parseDate = d3.time.format("%Y-%m-%d").parse;
+
+var x = d3.time.scale()
+    .range([0, width]);
+
+var y = d3.scale.linear()
+    .range([height, 0]);
+
+var color = d3.scale.category10();
+
+var xAxis = d3.svg.axis()
+    .scale(x)
+    .orient("bottom");
+
+var yAxis = d3.svg.axis()
+    .scale(y)
+    .orient("left");
+
+var line = d3.svg.line()
+    .interpolate("basis")
+    .x(function(d) { return x(d.date); })
+    .y(function(d) { return y(d.count); });
+
+var svg = d3.select('#svg-<?= $seed ?>')
+    .attr("width", width + margin.left + margin.right)
+    .attr("height", height + margin.top + margin.bottom)
+  .append("g")
+    .attr("transform", "translate(" + margin.left + "," + margin.top + ")");
+
+var data = <?= json_encode($data['data']) ?>;
+var insight = "<?= h($data['insight']) ?>";
+
+  color.domain(d3.keys(data[0]).filter(function(key) { return key !== "date"; }));
+
+  data.forEach(function(d) {
+    d.date = parseDate(d.date);
+  });
+
+  var data_nodes = color.domain().map(function(name) {
+    return {
+      name: name,
+      values: data.map(function(d) {
+        return {
+            date: d.date, count: +d[name]
+        };
+      })
+    };
+  });
+  x.domain(d3.extent(data, function(d) { return d.date; }));
+
+  y.domain([
+    d3.min(data_nodes, function(c) { return d3.min(c.values, function(v) { return v.count; }); }),
+    d3.max(data_nodes, function(c) { return d3.max(c.values, function(v) { return v.count; }); })
+  ]);
+
+  svg.append("g")
+      .attr("class", "x axis")
+      .attr("transform", "translate(0," + height + ")")
+      .call(xAxis);
+
+  svg.append("g")
+      .attr("class", "y axis")
+      .call(yAxis)
+
+  var data_node = svg.selectAll(".data-node-<?= $seed ?>")
+      .data(data_nodes)
+    .enter().append("g")
+      .attr("class", "data-node-<?= $seed ?>");
+
+  data_node.append("path")
+      .attr("class", "line")
+      .attr("d", function(d) { return line(d.values); })
+      .style("stroke", function(d) { return color(d.name); });
+
+  data_node.append("text")
+      .datum(function(d) { return {name: d.name, value: d.values[d.values.length - 1]}; })
+      .attr("transform", function(d) { return "translate(" + x(d.value.date) + "," + y(d.value.count) + ")"; })
+      .attr("x", 3)
+      .attr("dy", ".35em")
+      .text(function(d) { return d.name; });
+
+</script>
diff --git a/app/webroot/css/multi-line-chart.css b/app/webroot/css/multi-line-chart.css
new file mode 100644
index 000000000..860b81c02
--- /dev/null
+++ b/app/webroot/css/multi-line-chart.css
@@ -0,0 +1,20 @@
+path {
+    stroke-width: 1;
+    fill: none;
+    stroke-linejoin: round;
+    stroke-linecap: round;
+}
+circle {
+  stroke-width: 1;
+}
+.axis path,
+.axis line {
+  fill: none;
+  stroke: grey;
+  stroke-width: 1;
+  shape-rendering: crispEdges;
+}
+.legend, .label, .hover-text{
+    font-size: x-small;
+    background-color: white;
+}

From fa0eb43120ebd74518d19450a2068bf895824509 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 16 Mar 2020 13:57:15 +0100
Subject: [PATCH 02/21] fix: [dashboard] css conflict resolved

- in a really hacky way for now
---
 .../dashboard/Widgets/MultiLineChart.ctp        |  8 +++-----
 app/webroot/css/main.css                        | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp b/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
index a03955cc3..7f8457e1a 100644
--- a/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
+++ b/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
@@ -1,6 +1,5 @@
 <?php
     echo $this->Html->script('d3');
-    echo $this->Html->css('multi-line-chart');
     $seed = rand();
     if (!empty($data['formula'])) {
         echo sprintf(
@@ -72,12 +71,12 @@ var insight = "<?= h($data['insight']) ?>";
   ]);
 
   svg.append("g")
-      .attr("class", "x axis")
+      .attr("class", "x axis axis_multi_line_chart")
       .attr("transform", "translate(0," + height + ")")
       .call(xAxis);
 
   svg.append("g")
-      .attr("class", "y axis")
+      .attr("class", "y axis axis_multi_line_chart")
       .call(yAxis)
 
   var data_node = svg.selectAll(".data-node-<?= $seed ?>")
@@ -86,7 +85,7 @@ var insight = "<?= h($data['insight']) ?>";
       .attr("class", "data-node-<?= $seed ?>");
 
   data_node.append("path")
-      .attr("class", "line")
+      .attr("class", "line path_multi_line_chart")
       .attr("d", function(d) { return line(d.values); })
       .style("stroke", function(d) { return color(d.name); });
 
@@ -96,5 +95,4 @@ var insight = "<?= h($data['insight']) ?>";
       .attr("x", 3)
       .attr("dy", ".35em")
       .text(function(d) { return d.name; });
-
 </script>
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 173bda0e2..8fa21e7b2 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -2523,3 +2523,20 @@ table tr:hover .down-expand-button {
     font-size: 125%;
     margin:5px;
 }
+
+.path_multi_line_chart {
+    stroke-width: 1;
+    fill: none;
+    stroke-linejoin: round;
+    stroke-linecap: round;
+}
+.path_multi_line_chart {
+  stroke-width: 1;
+}
+.axis_multi_line_chart path,
+.axis_multi_line_chart line {
+  fill: none;
+  stroke: grey;
+  stroke-width: 1;
+  shape-rendering: crispEdges;
+}

From 502a68e176617bdd59f50504224c3547e9e140ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Wed, 18 Mar 2020 00:37:25 +0100
Subject: [PATCH 03/21] fix: [INSTALL] Properly run tests.

Related: #5209
---
 docs/generic/supportFunctions.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/generic/supportFunctions.md b/docs/generic/supportFunctions.md
index 9ea8719a4..5b480f757 100644
--- a/docs/generic/supportFunctions.md
+++ b/docs/generic/supportFunctions.md
@@ -833,13 +833,12 @@ genRCLOCAL () {
 
 # Run PyMISP tests
 runTests () {
-  echo "url = '${MISP_BASEURL}'
-key = '${AUTH_KEY}'" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
+  echo "url = \"${MISP_BASEURL}\"
+key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
   sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
 
   sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
   sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
-  sudo -H -u $WWW_USER git clone https://github.com/viper-framework/viper-test-files.git $PATH_TO_MISP/PyMISP/tests/viper-test-files
   sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
 }
 

From 2d5fd9227519985133fe6486699bb2b4742e8cf0 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Wed, 18 Mar 2020 13:57:25 +0900
Subject: [PATCH 04/21] fix: [install] Updated installer and checksums

---
 INSTALL/INSTALL.sh        | 5 ++---
 INSTALL/INSTALL.sh.sfv    | 6 +++---
 INSTALL/INSTALL.sh.sha1   | 2 +-
 INSTALL/INSTALL.sh.sha256 | 2 +-
 INSTALL/INSTALL.sh.sha384 | 2 +-
 INSTALL/INSTALL.sh.sha512 | 2 +-
 6 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/INSTALL/INSTALL.sh b/INSTALL/INSTALL.sh
index 3802235bb..86b3437e5 100644
--- a/INSTALL/INSTALL.sh
+++ b/INSTALL/INSTALL.sh
@@ -988,13 +988,12 @@ genRCLOCAL () {
 
 # Run PyMISP tests
 runTests () {
-  echo "url = '${MISP_BASEURL}'
-key = '${AUTH_KEY}'" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
+  echo "url = \"${MISP_BASEURL}\"
+key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
   sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
 
   sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
   sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
-  sudo -H -u $WWW_USER git clone https://github.com/viper-framework/viper-test-files.git $PATH_TO_MISP/PyMISP/tests/viper-test-files
   sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
 }
 
diff --git a/INSTALL/INSTALL.sh.sfv b/INSTALL/INSTALL.sh.sfv
index d4ee7513a..e578da42c 100644
--- a/INSTALL/INSTALL.sh.sfv
+++ b/INSTALL/INSTALL.sh.sfv
@@ -1,5 +1,5 @@
-; Generated by RHash v1.3.9 on 2020-03-10 at 18:43.24
+; Generated by RHash v1.3.9 on 2020-03-18 at 13:56.48
 ; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
 ;
-;       100109  18:43.24 2020-03-10 INSTALL.sh
-INSTALL.sh 68CED66FC4D5C4A7F0041BF7DAC60113FAB614E5 5DFCF61AEB56A736930EE8A77959BD90C2F8AD6AD11CD1B09AB60D1E68D18BD0 D03AECC77CF64A90DA971C562EB49C373954151B712966EF6482F6E032F992B568BB8E0C2FF3EAFB300DB7BF768796E4 3981E487FD3C4822F353232ABFB8A017E299702E1E5B1D75A2DC901D6CC8CF356F848CA944FBD04A25E9CA459645FDC5F03D2AA08A31C471F40E8AABEF01A0EF
+;        99980  13:56.48 2020-03-18 INSTALL.sh
+INSTALL.sh 04A834FCD3BC9DA5282EDE8A3D2C459FBC625E46 FBCA1473FEC26AD5A6C1AE6AE3D9AF11E47E7758F30B160BC047ABE9978F4476 7281B13AA7D6B016152096D35619C2CECC7EC49F8F41CF8A3B8284335D950D35F273FA56FEA63EC5ADB3669038239C61 FA17DF3AA0CBC54D2B48AE14FB296C91C12FC6CF8E3704B8AF1B2CB2CDE9C6FAF591A2E42A38C01C299C62390868E7766EF682A6B3B556BAFC469688E8AED6E7
diff --git a/INSTALL/INSTALL.sh.sha1 b/INSTALL/INSTALL.sh.sha1
index 64518e70c..ec7c207fa 100644
--- a/INSTALL/INSTALL.sh.sha1
+++ b/INSTALL/INSTALL.sh.sha1
@@ -1 +1 @@
-68ced66fc4d5c4a7f0041bf7dac60113fab614e5  INSTALL.sh
+04a834fcd3bc9da5282ede8a3d2c459fbc625e46  INSTALL.sh
diff --git a/INSTALL/INSTALL.sh.sha256 b/INSTALL/INSTALL.sh.sha256
index a49ca79a4..1f4397bb7 100644
--- a/INSTALL/INSTALL.sh.sha256
+++ b/INSTALL/INSTALL.sh.sha256
@@ -1 +1 @@
-5dfcf61aeb56a736930ee8a77959bd90c2f8ad6ad11cd1b09ab60d1e68d18bd0  INSTALL.sh
+fbca1473fec26ad5a6c1ae6ae3d9af11e47e7758f30b160bc047abe9978f4476  INSTALL.sh
diff --git a/INSTALL/INSTALL.sh.sha384 b/INSTALL/INSTALL.sh.sha384
index 33edb6640..36c9ec1e1 100644
--- a/INSTALL/INSTALL.sh.sha384
+++ b/INSTALL/INSTALL.sh.sha384
@@ -1 +1 @@
-d03aecc77cf64a90da971c562eb49c373954151b712966ef6482f6e032f992b568bb8e0c2ff3eafb300db7bf768796e4  INSTALL.sh
+7281b13aa7d6b016152096d35619c2cecc7ec49f8f41cf8a3b8284335d950d35f273fa56fea63ec5adb3669038239c61  INSTALL.sh
diff --git a/INSTALL/INSTALL.sh.sha512 b/INSTALL/INSTALL.sh.sha512
index 107740845..0c79ff282 100644
--- a/INSTALL/INSTALL.sh.sha512
+++ b/INSTALL/INSTALL.sh.sha512
@@ -1 +1 @@
-3981e487fd3c4822f353232abfb8a017e299702e1e5b1d75a2dc901d6cc8cf356f848ca944fbd04a25e9ca459645fdc5f03d2aa08a31c471f40e8aabef01a0ef  INSTALL.sh
+fa17df3aa0cbc54d2b48ae14fb296c91c12fc6cf8e3704b8af1b2cb2cde9c6faf591a2e42a38c01c299c62390868e7766ef682a6b3b556bafc469688e8aed6e7  INSTALL.sh

From c8a111447c52c631218d1928bcc101ec04bf4336 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 19 Mar 2020 09:16:10 +0100
Subject: [PATCH 05/21] fix: [suricata] fixed an invalid validation of https
 hostnames that blocked the attributes from being included in the exports

---
 app/Lib/Export/NidsSuricataExport.php | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/app/Lib/Export/NidsSuricataExport.php b/app/Lib/Export/NidsSuricataExport.php
index 6f88b78ff..76631200d 100644
--- a/app/Lib/Export/NidsSuricataExport.php
+++ b/app/Lib/Export/NidsSuricataExport.php
@@ -109,7 +109,6 @@ class NidsSuricataExport extends NidsExport
                 $data['host'] = '';
             }
         }
-
         switch ($scheme) {
             case "http":
                 $data['host'] = NidsExport::replaceIllegalChars($data['host']);
@@ -126,26 +125,18 @@ class NidsSuricataExport extends NidsExport
                 } else {
                     $content = 'flow:to_server,established; content:"' . $data['host'] . '"; fast_pattern; nocase; http_header; content:"' . $data['path'] . '"; nocase; http_uri;';
                 }
-
                 break;
 
             case "https":
                 $data['host'] = NidsExport::replaceIllegalChars($data['host']);
                 $tag = 'tag:session,600,seconds;';
-
                 # IP: classic IP rule for HTTPS
-                if (filter_var($data['host'], FILTER_VALIDATE_IP)) {
-                    $suricata_protocol = 'tcp';
-                    $suricata_src_ip = '$HOME_NET';
-                    $suricata_src_port = 'any';
-                    $suricata_dst_ip = $data['host'];
-                    $suricata_dst_port = NidsExport::getProtocolPort($scheme, $data['port']);
-                    $content = 'flow:to_server; app-layer-protocol:tls;';
-                }
-                # Domain: rule on https certificate subject
-                else {
-                    $createRule = false;
-                }
+                $suricata_protocol = 'tcp';
+                $suricata_src_ip = '$HOME_NET';
+                $suricata_src_port = 'any';
+                $suricata_dst_ip = $data['host'];
+                $suricata_dst_port = NidsExport::getProtocolPort($scheme, $data['port']);
+                $content = 'flow:to_server; app-layer-protocol:tls;';
                 break;
 
             case "ssh":
@@ -196,7 +187,6 @@ class NidsSuricataExport extends NidsExport
 
                 break;
         }
-
         if ($createRule) {
             $attribute['value'] = NidsExport::replaceIllegalChars($attribute['value']);  // substitute chars not allowed in rule
             $this->rules[] = sprintf(

From e5d775e9c83318ad7f9507dad38255e9fed37f1e Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 19 Mar 2020 11:08:09 +0100
Subject: [PATCH 06/21] fix: [message] user creation shouldn't include the
 "User notified of new credentials" part of the notification mesage if
 emailing is disabled

---
 app/Controller/UsersController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php
index 5516c075c..08fbd0677 100644
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@@ -723,7 +723,7 @@ class UsersController extends AppController
                             $user = $this->User->find('first', array('conditions' => array('User.id' => $this->User->id), 'recursive' => -1));
                             $password = isset($this->request->data['User']['password']) ? $this->request->data['User']['password'] : false;
                             $result = $this->User->initiatePasswordReset($user, true, true, $password);
-                            if ($result) {
+                            if ($result && empty(Configure::read('MISP.disable_emailing'))) {
                                 $notification_message .= ' User notified of new credentials.';
                             }
                         }

From f9ae0bef4876416260c5f27fca2b1b5da28b4821 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 19 Mar 2020 14:05:37 +0100
Subject: [PATCH 07/21] chg: [widgets] Added support of scoped CSS

---
 app/View/Dashboards/widget_loader.ctp | 45 +++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/app/View/Dashboards/widget_loader.ctp b/app/View/Dashboards/widget_loader.ctp
index c71696853..592359fd9 100644
--- a/app/View/Dashboards/widget_loader.ctp
+++ b/app/View/Dashboards/widget_loader.ctp
@@ -1,6 +1,47 @@
-<div id="widgetContentInner_<?= h($widget_id) ?>">
+<?php
+    function endsWith($haystack, $needle)
+    {
+        $length = strlen($needle);
+        if ($length == 0) {
+            return true;
+        }
+        return (substr($haystack, -$length) === $needle);
+    }
+    function preppendScopedId($widgetCSS, $seed)
+    {
+        $prependSelector = sprintf('[data-scoped="%s"]', $seed);
+        $cssLines = explode("\n", $widgetCSS);
+        foreach ($cssLines as $i => $line) {
+            if (strlen($line) > 0) {
+                if (endsWith($line, "{")) {
+                    $cssLines[$i] = sprintf("%s %s", $prependSelector, $line);
+                }
+            }
+        }
+        $cssScopedLines = implode(PHP_EOL, $cssLines);
+        return sprintf("<style>%s%s%s</style>", PHP_EOL, $cssScopedLines, PHP_EOL);
+    }
+
+    $widgetHtml = $this->element('/dashboard/Widgets/' . $config['render']);
+    $widgetCSS = "";
+    $seed = "";
+    $styleTag = "<style scoped>";
+    $styleClosingTag = "</style>";
+    $styleTagIndex = strpos($widgetHtml, $styleTag);
+    $closingStyleTagIndex = strpos($widgetHtml, $styleClosingTag) + strlen($styleClosingTag);
+    if ($styleTagIndex !== false && $closingStyleTagIndex !== false && $closingStyleTagIndex > $styleTagIndex) { // enforced scoped css
+        $seed = rand();
+        $widgetCSS = substr($widgetHtml, $styleTagIndex, $closingStyleTagIndex);
+        $widgetHtml = str_replace($widgetCSS, "", $widgetHtml); // remove CSS
+        $widgetCSS = str_replace($styleTag, "", $widgetCSS);    // remove the style node
+        $widgetCSS = str_replace($styleClosingTag, "", $widgetCSS); // remove closing style node
+        $widgetCSS = preppendScopedId($widgetCSS, $seed);
+    }
+?>
+<div id="widgetContentInner_<?= h($widget_id) ?>" <?php echo !empty($seed) ? sprintf("data-scoped=\"%s\" ", $seed) : "" ?>>
     <?php
-        echo $this->element('/dashboard/Widgets/' . $config['render']);
+        echo $widgetHtml;
+        echo $widgetCSS;
     ?>
 </div>
 <script type="text/javascript">

From 4633d2541803ffd2e01068151b0742970d99d7dd Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 19 Mar 2020 14:39:52 +0100
Subject: [PATCH 08/21] new: [helper:scopedCSS] Moved implementation in a
 helper

---
 app/Controller/DashboardsController.php |  1 +
 app/View/Dashboards/widget_loader.ctp   | 41 ++-----------------
 app/View/Helper/ScopedCSSHelper.php     | 54 +++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 37 deletions(-)
 create mode 100644 app/View/Helper/ScopedCSSHelper.php

diff --git a/app/Controller/DashboardsController.php b/app/Controller/DashboardsController.php
index 9aa96ca2a..4636c1f20 100644
--- a/app/Controller/DashboardsController.php
+++ b/app/Controller/DashboardsController.php
@@ -4,6 +4,7 @@ App::uses('AppController', 'Controller');
 class DashboardsController extends AppController
 {
     public $components = array('Session', 'RequestHandler');
+    public $helpers = array('ScopedCSS');
 
     public function beforeFilter()
     {
diff --git a/app/View/Dashboards/widget_loader.ctp b/app/View/Dashboards/widget_loader.ctp
index 592359fd9..dbb70e324 100644
--- a/app/View/Dashboards/widget_loader.ctp
+++ b/app/View/Dashboards/widget_loader.ctp
@@ -1,42 +1,9 @@
 <?php
-    function endsWith($haystack, $needle)
-    {
-        $length = strlen($needle);
-        if ($length == 0) {
-            return true;
-        }
-        return (substr($haystack, -$length) === $needle);
-    }
-    function preppendScopedId($widgetCSS, $seed)
-    {
-        $prependSelector = sprintf('[data-scoped="%s"]', $seed);
-        $cssLines = explode("\n", $widgetCSS);
-        foreach ($cssLines as $i => $line) {
-            if (strlen($line) > 0) {
-                if (endsWith($line, "{")) {
-                    $cssLines[$i] = sprintf("%s %s", $prependSelector, $line);
-                }
-            }
-        }
-        $cssScopedLines = implode(PHP_EOL, $cssLines);
-        return sprintf("<style>%s%s%s</style>", PHP_EOL, $cssScopedLines, PHP_EOL);
-    }
-
     $widgetHtml = $this->element('/dashboard/Widgets/' . $config['render']);
-    $widgetCSS = "";
-    $seed = "";
-    $styleTag = "<style scoped>";
-    $styleClosingTag = "</style>";
-    $styleTagIndex = strpos($widgetHtml, $styleTag);
-    $closingStyleTagIndex = strpos($widgetHtml, $styleClosingTag) + strlen($styleClosingTag);
-    if ($styleTagIndex !== false && $closingStyleTagIndex !== false && $closingStyleTagIndex > $styleTagIndex) { // enforced scoped css
-        $seed = rand();
-        $widgetCSS = substr($widgetHtml, $styleTagIndex, $closingStyleTagIndex);
-        $widgetHtml = str_replace($widgetCSS, "", $widgetHtml); // remove CSS
-        $widgetCSS = str_replace($styleTag, "", $widgetCSS);    // remove the style node
-        $widgetCSS = str_replace($styleClosingTag, "", $widgetCSS); // remove closing style node
-        $widgetCSS = preppendScopedId($widgetCSS, $seed);
-    }
+    $result = $this->ScopedCSS->createScopedCSS($widgetHtml);
+    $seed = $result['seed'];
+    $widgetHtml = $result['html'];
+    $widgetCSS = $result['css'];
 ?>
 <div id="widgetContentInner_<?= h($widget_id) ?>" <?php echo !empty($seed) ? sprintf("data-scoped=\"%s\" ", $seed) : "" ?>>
     <?php
diff --git a/app/View/Helper/ScopedCSSHelper.php b/app/View/Helper/ScopedCSSHelper.php
new file mode 100644
index 000000000..e575e3372
--- /dev/null
+++ b/app/View/Helper/ScopedCSSHelper.php
@@ -0,0 +1,54 @@
+<?php
+App::uses('AppHelper', 'View/Helper');
+
+    // prepend user names on the header with some text based on the given rules
+    class ScopedCSSHelper extends AppHelper {
+
+        private function endsWith($haystack, $needle)
+        {
+            $length = strlen($needle);
+            if ($length == 0) {
+                return true;
+            }
+            return (substr($haystack, -$length) === $needle);
+        }
+
+        private function preppendScopedId($css, $seed)
+        {
+            $prependSelector = sprintf('[data-scoped="%s"]', $seed);
+            $cssLines = explode("\n", $css);
+            foreach ($cssLines as $i => $line) {
+                if (strlen($line) > 0) {
+                    if (endsWith($line, "{")) {
+                        $cssLines[$i] = sprintf("%s %s", $prependSelector, $line);
+                    }
+                }
+            }
+            $cssScopedLines = implode(PHP_EOL, $cssLines);
+            return sprintf("<style>%s%s%s</style>", PHP_EOL, $cssScopedLines, PHP_EOL);
+        }
+
+        public function createScopedCSS($html)
+        {
+            $css = "";
+            $seed = "";
+            $htmlStyleTag = "<style scoped>";
+            $styleClosingTag = "</style>";
+            $styleTagIndex = strpos($html, $htmlStyleTag);
+            $closingStyleTagIndex = strpos($html, $styleClosingTag) + strlen($styleClosingTag);
+            if ($styleTagIndex !== false && $closingStyleTagIndex !== false && $closingStyleTagIndex > $styleTagIndex) { // enforced scoped css
+                $seed = rand();
+                $css = substr($html, $styleTagIndex, $closingStyleTagIndex);
+                $html = str_replace($css, "", $html);           // remove CSS part
+                $css = str_replace($htmlStyleTag, "", $css);    // remove the style node
+                $css = str_replace($styleClosingTag, "", $css); // remove closing style node
+                $css = preppendScopedId($css, $seed);
+            }
+            return array(
+                "seed" => $seed,
+                "html" => $html,
+                "css" => $css
+            );
+        }
+
+    }

From a20728633b1c0b40d6f1c9995a0050a94828f233 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Thu, 19 Mar 2020 16:06:42 +0100
Subject: [PATCH 09/21] fix: [servers:pull_rules] Allows sync parameter rules
 to be above 40 chars

---
 app/View/Elements/serverRuleElements/pull.ctp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/View/Elements/serverRuleElements/pull.ctp b/app/View/Elements/serverRuleElements/pull.ctp
index 02b045bef..b807138d1 100755
--- a/app/View/Elements/serverRuleElements/pull.ctp
+++ b/app/View/Elements/serverRuleElements/pull.ctp
@@ -58,7 +58,7 @@
                 </table>
                 <div>
                     <p style="color:green;font-weight:bold;"><?php echo __('Additional sync parameters (based on the event index filters)');?></p>
-                    <input style="width:650px;" placeholder='{"timestamp": "30d"}' maxlength="40" type="text" value="" id="urlParams" required="required" data-original-title="" title="">
+                    <input style="width:650px;" placeholder='{"timestamp": "30d"}' type="text" value="" id="urlParams" required="required" data-original-title="" title="">
                 </div>
             </div>
             <div>

From 6f033ee0b57d527bfc0bd3caefe8269413c4ea63 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 20 Mar 2020 07:57:03 +0100
Subject: [PATCH 10/21] chg: [widgets:multiline] Switched to scoped css usage

---
 .../dashboard/Widgets/MultiLineChart.ctp      | 21 +++++++++++++++++++
 app/View/Helper/ScopedCSSHelper.php           |  6 +++---
 app/webroot/css/main.css                      | 17 ---------------
 3 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp b/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
index 7f8457e1a..de9ea8913 100644
--- a/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
+++ b/app/View/Elements/dashboard/Widgets/MultiLineChart.ctp
@@ -96,3 +96,24 @@ var insight = "<?= h($data['insight']) ?>";
       .attr("dy", ".35em")
       .text(function(d) { return d.name; });
 </script>
+
+<style widget-scoped>
+.path_multi_line_chart {
+    stroke-width: 1;
+    fill: none;
+    stroke-linejoin: round;
+    stroke-linecap: round;
+}
+
+.path_multi_line_chart {
+    stroke-width: 1;
+}
+
+.axis_multi_line_chart path,
+.axis_multi_line_chart line {
+    fill: none;
+    stroke: grey;
+    stroke-width: 1;
+    shape-rendering: crispEdges;
+}
+</style>
diff --git a/app/View/Helper/ScopedCSSHelper.php b/app/View/Helper/ScopedCSSHelper.php
index e575e3372..6311f5687 100644
--- a/app/View/Helper/ScopedCSSHelper.php
+++ b/app/View/Helper/ScopedCSSHelper.php
@@ -19,7 +19,7 @@ App::uses('AppHelper', 'View/Helper');
             $cssLines = explode("\n", $css);
             foreach ($cssLines as $i => $line) {
                 if (strlen($line) > 0) {
-                    if (endsWith($line, "{")) {
+                    if ($this->endsWith($line, "{") || $this->endsWith($line, ",")) {
                         $cssLines[$i] = sprintf("%s %s", $prependSelector, $line);
                     }
                 }
@@ -32,7 +32,7 @@ App::uses('AppHelper', 'View/Helper');
         {
             $css = "";
             $seed = "";
-            $htmlStyleTag = "<style scoped>";
+            $htmlStyleTag = "<style widget-scoped>";
             $styleClosingTag = "</style>";
             $styleTagIndex = strpos($html, $htmlStyleTag);
             $closingStyleTagIndex = strpos($html, $styleClosingTag) + strlen($styleClosingTag);
@@ -42,7 +42,7 @@ App::uses('AppHelper', 'View/Helper');
                 $html = str_replace($css, "", $html);           // remove CSS part
                 $css = str_replace($htmlStyleTag, "", $css);    // remove the style node
                 $css = str_replace($styleClosingTag, "", $css); // remove closing style node
-                $css = preppendScopedId($css, $seed);
+                $css = $this->preppendScopedId($css, $seed);
             }
             return array(
                 "seed" => $seed,
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 8fa21e7b2..173bda0e2 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -2523,20 +2523,3 @@ table tr:hover .down-expand-button {
     font-size: 125%;
     margin:5px;
 }
-
-.path_multi_line_chart {
-    stroke-width: 1;
-    fill: none;
-    stroke-linejoin: round;
-    stroke-linecap: round;
-}
-.path_multi_line_chart {
-  stroke-width: 1;
-}
-.axis_multi_line_chart path,
-.axis_multi_line_chart line {
-  fill: none;
-  stroke: grey;
-  stroke-width: 1;
-  shape-rendering: crispEdges;
-}

From ac678e7e48d379351229323122047d92c174a9ec Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 20 Mar 2020 08:27:22 +0100
Subject: [PATCH 11/21] chg: [scopedCSS] Simplified usage and added
 documentation

---
 app/View/Dashboards/widget_loader.ctp | 10 +++------
 app/View/Helper/ScopedCSSHelper.php   | 31 +++++++++++++++++++++------
 2 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/app/View/Dashboards/widget_loader.ctp b/app/View/Dashboards/widget_loader.ctp
index dbb70e324..103bebd9a 100644
--- a/app/View/Dashboards/widget_loader.ctp
+++ b/app/View/Dashboards/widget_loader.ctp
@@ -1,14 +1,10 @@
 <?php
     $widgetHtml = $this->element('/dashboard/Widgets/' . $config['render']);
-    $result = $this->ScopedCSS->createScopedCSS($widgetHtml);
-    $seed = $result['seed'];
-    $widgetHtml = $result['html'];
-    $widgetCSS = $result['css'];
+    $scopedHtml = $this->ScopedCSS->createScopedCSS($widgetHtml);
 ?>
-<div id="widgetContentInner_<?= h($widget_id) ?>" <?php echo !empty($seed) ? sprintf("data-scoped=\"%s\" ", $seed) : "" ?>>
+<div id="widgetContentInner_<?= h($widget_id) ?>">
     <?php
-        echo $widgetHtml;
-        echo $widgetCSS;
+        echo $scopedHtml['bundle'];
     ?>
 </div>
 <script type="text/javascript">
diff --git a/app/View/Helper/ScopedCSSHelper.php b/app/View/Helper/ScopedCSSHelper.php
index 6311f5687..93589fd75 100644
--- a/app/View/Helper/ScopedCSSHelper.php
+++ b/app/View/Helper/ScopedCSSHelper.php
@@ -28,10 +28,25 @@ App::uses('AppHelper', 'View/Helper');
             return sprintf("<style>%s%s%s</style>", PHP_EOL, $cssScopedLines, PHP_EOL);
         }
 
-        public function createScopedCSS($html)
+
+         /**
+         * Replace a declared CSS scoped style and prepend a random CSS data filter to any CSS selector discovered
+         * @param string $param1 HTML potentially containing scoped CSS
+         * @return array Return an array composed of 3 keys (html, css and seed) 
+         *      - bundle:       Include both scoped HTML and scoped CSS or the original html if the scoped feature is not requested
+         *      - html:         Untouched HTML including nested in a scoped DIV or original html if the scoped feature is not requested
+         *      - css:          CSS with an additional filter rule prepended to every selectors or the empty string if the scoped feature is not requested
+         *      - seed:         The random generated number
+         *      - originalHtml: Untouched HTML
+         */
+        public function createScopedCSS(string $html) : array
         {
             $css = "";
             $seed = "";
+            $originalHtml = $html;
+            $bundle = $originalHtml;
+            $scopedHtml = $html;
+            $scopedCss = "";
             $htmlStyleTag = "<style widget-scoped>";
             $styleClosingTag = "</style>";
             $styleTagIndex = strpos($html, $htmlStyleTag);
@@ -39,15 +54,19 @@ App::uses('AppHelper', 'View/Helper');
             if ($styleTagIndex !== false && $closingStyleTagIndex !== false && $closingStyleTagIndex > $styleTagIndex) { // enforced scoped css
                 $seed = rand();
                 $css = substr($html, $styleTagIndex, $closingStyleTagIndex);
-                $html = str_replace($css, "", $html);           // remove CSS part
-                $css = str_replace($htmlStyleTag, "", $css);    // remove the style node
+                $html = str_replace($css, "", $html); // remove CSS part
+                $css = str_replace($htmlStyleTag, "", $css); // remove the style node
                 $css = str_replace($styleClosingTag, "", $css); // remove closing style node
-                $css = $this->preppendScopedId($css, $seed);
+                $scopedCss = $this->preppendScopedId($css, $seed);
+                $scopedHtml = sprintf("<div %s>%s</div>", sprintf("data-scoped=\"%s\" ", $seed), $html);
+                $bundle = sprintf("%s %s", $scopedHtml, $scopedCss);
             }
             return array(
+                "bundle" => $bundle,
+                "html" => $scopedHtml,
+                "css" => $scopedCss,
                 "seed" => $seed,
-                "html" => $html,
-                "css" => $css
+                "originalHtml" => $originalHtml,
             );
         }
 

From f92f09d80f4efe777e73e5d39e6a3810a3ce132e Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 20 Mar 2020 08:37:53 +0100
Subject: [PATCH 12/21] chg: [scopedCSS] Added more doc and allow having scoped
 and not scoped mix

---
 app/View/Helper/ScopedCSSHelper.php | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/app/View/Helper/ScopedCSSHelper.php b/app/View/Helper/ScopedCSSHelper.php
index 93589fd75..6b9c643e1 100644
--- a/app/View/Helper/ScopedCSSHelper.php
+++ b/app/View/Helper/ScopedCSSHelper.php
@@ -30,7 +30,27 @@ App::uses('AppHelper', 'View/Helper');
 
 
          /**
-         * Replace a declared CSS scoped style and prepend a random CSS data filter to any CSS selector discovered
+         * Replace a declared CSS scoped style and prepend a random CSS data filter to any CSS selector discovered.
+         * Usage: Add the following style tag `<style widget-scoped>` to use the scoped feature. Nearly every selector path will have their rule modified to adhere to the scope
+         * Restrictions:
+         *      - Applying class to the root document (i.e. `body`) will not work
+         *      - Selector rules must end with either `{` or `,`, their content MUST be put in a new line:
+         *          [bad]
+         *              element { ... }
+         *          [good] 
+         *              element {
+         *                  ...
+         *              }
+         *      - Selectors with the `and` (`,`) rule MUST be split in multiple lines:
+         *          [bad]
+         *              element,element {
+         *                  ...
+         *              }
+         *          [good] 
+         *              element,
+         *              element {
+         *                  ...
+         *              }
          * @param string $param1 HTML potentially containing scoped CSS
          * @return array Return an array composed of 3 keys (html, css and seed) 
          *      - bundle:       Include both scoped HTML and scoped CSS or the original html if the scoped feature is not requested
@@ -50,7 +70,7 @@ App::uses('AppHelper', 'View/Helper');
             $htmlStyleTag = "<style widget-scoped>";
             $styleClosingTag = "</style>";
             $styleTagIndex = strpos($html, $htmlStyleTag);
-            $closingStyleTagIndex = strpos($html, $styleClosingTag) + strlen($styleClosingTag);
+            $closingStyleTagIndex = strpos($html, $styleClosingTag, $styleTagIndex) + strlen($styleClosingTag);
             if ($styleTagIndex !== false && $closingStyleTagIndex !== false && $closingStyleTagIndex > $styleTagIndex) { // enforced scoped css
                 $seed = rand();
                 $css = substr($html, $styleTagIndex, $closingStyleTagIndex);

From 1371af637715934a80816b7a6d7668f48f288fd3 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 20 Mar 2020 09:11:49 +0100
Subject: [PATCH 13/21] chg: [helper:ScopedCSS] Usage of PHP_EOL

---
 app/View/Helper/ScopedCSSHelper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/View/Helper/ScopedCSSHelper.php b/app/View/Helper/ScopedCSSHelper.php
index 6b9c643e1..49624575c 100644
--- a/app/View/Helper/ScopedCSSHelper.php
+++ b/app/View/Helper/ScopedCSSHelper.php
@@ -16,7 +16,7 @@ App::uses('AppHelper', 'View/Helper');
         private function preppendScopedId($css, $seed)
         {
             $prependSelector = sprintf('[data-scoped="%s"]', $seed);
-            $cssLines = explode("\n", $css);
+            $cssLines = explode(PHP_EOL, $css);
             foreach ($cssLines as $i => $line) {
                 if (strlen($line) > 0) {
                     if ($this->endsWith($line, "{") || $this->endsWith($line, ",")) {

From 93d26f878908b87d2e34bfd49e0109a9e69c9bb2 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 23 Mar 2020 12:08:27 +0100
Subject: [PATCH 14/21] new: country galaxy generator

---
 app/Console/Command/SupportShell.php | 90 ++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 app/Console/Command/SupportShell.php

diff --git a/app/Console/Command/SupportShell.php b/app/Console/Command/SupportShell.php
new file mode 100644
index 000000000..46693db05
--- /dev/null
+++ b/app/Console/Command/SupportShell.php
@@ -0,0 +1,90 @@
+http://download.geonames.org/export/dump/countryInfo.txt
+
+<?php
+class SupportShell extends AppShell {
+
+    public $uses = array();
+
+    private $__fields = false;
+    private $__countries = array();
+    private $__whitelistedFields = array(
+        'ISO',
+        'ISO3',
+        'Country',
+        'Capital',
+        'Area',
+        'Population',
+        'Continent',
+        'tld',
+        'CurrencyCode',
+        'CurrencyName',
+        'Languages'
+    );
+
+    public function getGeoNames()
+    {
+        $raw = file_get_contents('http://download.geonames.org/export/dump/countryInfo.txt');
+        $raw = explode(PHP_EOL, $raw);
+        $lastCommentLine = '';
+        foreach ($raw as $line) {
+            if (empty($line)) {
+                continue;
+            }
+            if ($line[0] === '#') {
+                $lastCommentLine = $line;
+            } else {
+                if (!$this->__fields) {
+                    $this->__setHeaders($lastCommentLine);
+                }
+                $line = preg_split("/[\t]/", $line);
+                $temp = array();
+                foreach ($line as $pos => $value) {
+                    $field = $this->__fields[$pos];
+                    if (in_array($field, $this->__whitelistedFields)) {
+                        $temp[$field] = $value;
+                    }
+                }
+                $this->__countries[] = $temp;
+            }
+        }
+        $clusters = array(
+            'authors' => array('geonames.org'),
+            'category' => 'country',
+            'description' => 'Country meta information based on the database provided by geonames.org.',
+            'name' => 'Country',
+            'source' => 'MISP Project',
+            'type' => 'country',
+            'uuid' => '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',
+            'version' => empty($this->args[0]) ? 1 : intval($this->args[0])
+        );
+        foreach ($this->__countries as $country) {
+            $countryName = $country['Country'];
+            unset($country['Country']);
+            $clusters['values'][] = array(
+                'description' => $countryName,
+                'uuid' => '84668357-5a8c-4bdd-9f0f-6b50b2' . bin2hex($country['ISO3']),
+                'value' => strtolower($countryName),
+                'meta' => $country
+            );
+        }
+        $galaxy = array(
+            'description' => 'Country meta information based on the database provided by geonames.org.',
+            'icon' => 'globe',
+            'name' => 'Country',
+            'namespace' => 'misp',
+            'type' => 'country',
+            'uuid' => '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',
+            'version' => empty($this->args[0]) ? 1 : intval($this->args[0])
+        );
+        file_put_contents('cluster.json', json_encode($clusters, JSON_PRETTY_PRINT));
+        file_put_contents('galaxy.json', json_encode($galaxy, JSON_PRETTY_PRINT));
+        echo PHP_EOL . PHP_EOL . 'cluster.json and galaxy.json created.' . PHP_EOL . PHP_EOL;
+    }
+
+    private function __setHeaders($line)
+    {
+        $line = substr($line, 1);
+        $this->__fields = preg_split("/[\t]/", $line);
+        return true;
+    }
+}

From 2b6cb64bcc07511d076f4d21662e4e88260ae746 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 23 Mar 2020 12:12:43 +0100
Subject: [PATCH 15/21] chg: [galaxy] bump

---
 app/files/misp-galaxy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy
index e37f320df..777c3188d 160000
--- a/app/files/misp-galaxy
+++ b/app/files/misp-galaxy
@@ -1 +1 @@
-Subproject commit e37f320df5a6ba4d9c67662a3670b160e9941bcf
+Subproject commit 777c3188db6fd1f04fc81106a6c2eb293bb19d12

From b1993d210beb19f68fc6d64e675780d0a89771e2 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 23 Mar 2020 14:10:20 +0100
Subject: [PATCH 16/21] chg: [taxonomies] updated to the latest version

---
 app/files/taxonomies | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/files/taxonomies b/app/files/taxonomies
index 0edcb08fa..d89d18599 160000
--- a/app/files/taxonomies
+++ b/app/files/taxonomies
@@ -1 +1 @@
-Subproject commit 0edcb08fa618f15b51a2bbf0eae6b89c5f603ded
+Subproject commit d89d185997fd5b9fd47574785141a0ee81383a7e

From ee8b45a80553979d322a2190e9a34ed445225396 Mon Sep 17 00:00:00 2001
From: GlennHD <glennmbrown@live.com>
Date: Mon, 23 Mar 2020 15:46:34 -0500
Subject: [PATCH 17/21] Added Malware Bazaar

Added abuse.ch Malware Bazaar
---
 app/files/feed-metadata/defaults.json | 36 +++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/app/files/feed-metadata/defaults.json b/app/files/feed-metadata/defaults.json
index a007ecfdd..1aeb3b6dd 100644
--- a/app/files/feed-metadata/defaults.json
+++ b/app/files/feed-metadata/defaults.json
@@ -1857,5 +1857,41 @@
           "org_id": "0",
           "hide_tag": false
         }
+    },
+  {  
+    "Feed": {
+      "id": "116",
+      "name": "Malware Bazaar",
+      "provider": "abuse.ch",
+      "url": "https:\/\/bazaar.abuse.ch\/export\/txt\/md5\/full\/",
+      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
+      "enabled": false,
+      "distribution": "0",
+      "sharing_group_id": "0",
+      "tag_id": "615",
+      "default": false,
+      "source_format": "csv",
+      "fixed_event": true,
+      "delta_merge": false,
+      "event_id": "0",
+      "publish": false,
+      "override_ids": false,
+      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\\\/^#.*\\\/i\"}}",
+      "input_source": "network",
+      "delete_local_file": false,
+      "lookup_visible": true,
+      "headers": "",
+      "caching_enabled": false,
+      "force_to_ids": false,
+      "cache_timestamp": false
+    },
+    "Tag": {
+      "id": "615",
+      "name": "osint:source-type=\"block-or-filter-list\"",
+      "colour": "#004577",
+      "exportable": true,
+      "org_id": "0",
+      "hide_tag": false
     }
+  }
 ]

From 418ef6f7a6f15851fadf53d9857835f71d4b660d Mon Sep 17 00:00:00 2001
From: GlennHD <glennmbrown@live.com>
Date: Mon, 23 Mar 2020 15:50:12 -0500
Subject: [PATCH 18/21] Fixed indentation of DigitalSide & Metasploit CVEs

Fixed indentation of DigitalSide & Metasploit CVEs to align with others.
---
 app/files/feed-metadata/defaults.json | 124 +++++++++++++-------------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/app/files/feed-metadata/defaults.json b/app/files/feed-metadata/defaults.json
index 1aeb3b6dd..0fb6e356f 100644
--- a/app/files/feed-metadata/defaults.json
+++ b/app/files/feed-metadata/defaults.json
@@ -1795,69 +1795,69 @@
     }
   },
   {
-        "Feed": {
-            "id": "114",
-            "name": "DigitalSide Threat-Intel OSINT Feed",
-            "provider": "osint.digitalside.it",
-            "url": "https:\/\/osint.digitalside.it\/Threat-Intel\/digitalside-misp-feed\/",
-            "rules": "",
-            "enabled": false,
-            "distribution": "0",
-            "sharing_group_id": "0",
-            "tag_id": "0",
-            "default": false,
-            "source_format": "misp",
-            "fixed_event": true,
-            "delta_merge": false,
-            "event_id": "0",
-            "publish": false,
-            "override_ids": false,
-            "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
-            "input_source": "network",
-            "delete_local_file": false,
-            "lookup_visible": false,
-            "headers": "",
-            "caching_enabled": false,
-            "force_to_ids": false,
-            "cache_timestamp": "1568901075"
-        }
-    },
-    {
-        "Feed": {
-            "id": "115",
-            "name": "Metasploit exploits with CVE assigned",
-            "provider": "eCrimeLabs",
-            "url": "https:\/\/feeds.ecrimelabs.net\/data\/metasploit-cve",
-            "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
-            "enabled": true,
-            "distribution": "0",
-            "sharing_group_id": "0",
-            "tag_id": "0",
-            "default": false,
-            "source_format": "csv",
-            "fixed_event": true,
-            "delta_merge": true,
-            "event_id": "",
-            "publish": true,
-            "override_ids": false,
-            "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
-            "input_source": "network",
-            "delete_local_file": false,
-            "lookup_visible": true,
-            "headers": "",
-            "caching_enabled": true,
-            "force_to_ids": false,
-            "cache_timestamp": "1571206806"
-        },
-        "Tag": {
-          "id": "615",
-          "name": "osint:source-type=\"block-or-filter-list\"",
-          "colour": "#004577",
-          "exportable": true,
-          "org_id": "0",
-          "hide_tag": false
-        }
+    "Feed": {
+      "id": "114",
+      "name": "DigitalSide Threat-Intel OSINT Feed",
+      "provider": "osint.digitalside.it",
+      "url": "https:\/\/osint.digitalside.it\/Threat-Intel\/digitalside-misp-feed\/",
+      "rules": "",
+      "enabled": false,
+      "distribution": "0",
+      "sharing_group_id": "0",
+      "tag_id": "0",
+      "default": false,
+      "source_format": "misp",
+      "fixed_event": true,
+      "delta_merge": false,
+      "event_id": "0",
+      "publish": false,
+      "override_ids": false,
+      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
+      "input_source": "network",
+      "delete_local_file": false,
+      "lookup_visible": false,
+      "headers": "",
+      "caching_enabled": false,
+      "force_to_ids": false,
+      "cache_timestamp": "1568901075"
+    }
+  },
+  {
+    "Feed": {
+      "id": "115",
+      "name": "Metasploit exploits with CVE assigned",
+      "provider": "eCrimeLabs",
+      "url": "https:\/\/feeds.ecrimelabs.net\/data\/metasploit-cve",
+      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
+      "enabled": true,
+      "distribution": "0",
+      "sharing_group_id": "0",
+      "tag_id": "615",
+      "default": false,
+      "source_format": "csv",
+      "fixed_event": true,
+      "delta_merge": true,
+      "event_id": "0",
+      "publish": true,
+      "override_ids": false,
+      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
+      "input_source": "network",
+      "delete_local_file": false,
+      "lookup_visible": true,
+      "headers": "",
+      "caching_enabled": true,
+      "force_to_ids": false,
+      "cache_timestamp": "1571206806"
     },
+    "Tag": {
+      "id": "615",
+      "name": "osint:source-type=\"block-or-filter-list\"",
+      "colour": "#004577",
+      "exportable": true,
+      "org_id": "0",
+      "hide_tag": false
+    }
+  },
   {  
     "Feed": {
       "id": "116",

From 8e2371705360fcf39b9b42bd8a5d2bcd48112d1b Mon Sep 17 00:00:00 2001
From: VVX7 <info@VVX7.io>
Date: Mon, 23 Mar 2020 22:50:59 -0400
Subject: [PATCH 19/21] chg: [community] CogSec Collab disinformation sharing
 community :D

---
 app/files/community-metadata/defaults.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/app/files/community-metadata/defaults.json b/app/files/community-metadata/defaults.json
index 5a8037477..22dec880e 100644
--- a/app/files/community-metadata/defaults.json
+++ b/app/files/community-metadata/defaults.json
@@ -77,5 +77,20 @@
     "pgp_key": "\r\n\r\n-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQINBF49WD4BEADpDaqhEU1mWlCbqvWWxRLJcBJara4Cg7yGAlabAU/trfw2x0Ob\r\non9Lh6p/CpyTY/CPcJ6fH4IrU18U8wN8RaWxmHLyml0GGKBHcSYNisDu7E4nCC5P\r\nSY8F0OH6yQ9dwX2Os3s6fJNo9ZqC3u9lxzBf0+OzH6cV6x4Olto7slGQAP1922s6\r\nies8M21GhCJ4X+XO1sO9ap1nDlAT/44OvxQuQdYVXy46Letehk3QXo/RU8iVgqDQ\r\n1v/YIaFEibk9/6teeBTe1y77lULUfgl1pd9PnD68+w/WhNUuX+RECmsGH7Snm+kb\r\nL1x+WClQgYDJioVpTA+e4R2KYIBidKfhNw3F2Hcg70wo7Bq6u/i2iM3mtK5kALyb\r\n7jn1MHKpIGUq7vtHCzEa+d9wB1cMPj4HYF7tXIfDdtcl3bTv6IiOsNT6rhpI1+vy\r\nupNXyRplSGRQ6RV1kZ3ACqG8kErEp6L9g2AxCh1S5b4cf79JJvHMkkS60DLPnsF0\r\np8RwZL1JxlNHbQ1UxgWkSHAie2d5FLY8cpTmQwTJ6/z48b68wUS7cvtntvyf6+bq\r\nPKZrUPK4I/ly/tcMlrShx1N+aC5oHGDujuQUmmQjax9Ec2MkLBilBZJd94+avyY3\r\nxZGuI4sfEQurD8cP89/cJOtGNZ24ZVM8NRQVAVEaqDV1r3RzF30XbVdy0QARAQAB\r\ntDVNSVNQIFRocmVhdCBTaGFyaW5nIChlQ3JpbWVMYWJzKSA8bWlzcEBlY3JpbWVs\r\nYWJzLmRrPokCTgQTAQoAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMcp\r\nObUHQyZwszqsoacaYbhQMh7/BQJePVjHAAoJEKcaYbhQMh7/4scP/14BEKdF8qse\r\nf0a4v8VrAjLEuiB97p/RI5EYqvdrPT4FqhpLOLrpGM8lBtemspzRiZyPOE9BQjN6\r\nLPhJumzGukolbCLCwF5/pMXwkAIz1vDL01qLRx1nG/OSdAY/US/gpkjhbAK9J4sU\r\nGpqiHqUwGFT7RMiUlRIzhz1xZaTITBK/LbkVnayU9UX3eoEq9q6k3yqp6dhqyM6r\r\nMF5ai0oouWJ0MaoPmjRSR/r9FA6WMAI2Ni8pnWZqJVJVSmwaZJLMFR7JyXTUpNXP\r\nAwrI+T3VEErMDx3bLhF2salZFCWS0HfQN313yhv81Nk9pDSl4JDahhao77gpSjtm\r\nmp7MaFeGaeOnS3CWI8I57/fMn4Fax9dAoHwoaG4cPTZ9mML6yH39eMCx4ik77Ucs\r\nF5vt4MImF5tucQga3P6JiYAzkDyBSzd5gQR0ocWECYnK7fMF9PmdYj6p56XqVwVs\r\nvR+0rDXc6NrqpELf62NHwnCegn9bPTwNOK158m5CHcZ+veuQBitL/6AbjHX8K7cf\r\nbb0iVJQpCskkIRq9oidNOXBDOt2vyrwLoG0RcfKS6uOJWoQakyO1TNCI87oo+fo3\r\nlUfyUqHhDCXX72lBmW2kXIPAPRhpJmVUaAyc3nzYBU5/5xV1xrH0VhXeyw17tj6w\r\nXpSrwosJzIkrJzto2oaJhAqehBPMTO0n\r\n=FHjc\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n",
     "misp_project_vetted": true,
     "scope_of_data_to_be_shared": "Cybersecurity Threat Intelligence including indicators, threat intelligence information, reports, contextual threat actor information or financial fraud information."
+  },
+  {
+    "name": "Cognitive Security Collaborative",
+    "uuid": "1ea46a83-cd51-40f5-a375-104e0acd6729",
+    "org_uuid": "5e2dd31a-3bcc-45e8-ba7e-2ab890d945c8",
+    "org_name": "Cogsec Collab",
+    "description": "The Cognitive Security Collaborative operates as a sharing community dedicated to information operations.",
+    "url": "https://www.cogsec-collab.org",
+    "sector": "undefined",
+    "nationality": "International",
+    "type": "Vetted Information Sharing Community",
+    "email": "misp@cogsec-collab.org",
+    "pgp_key": "\r\n\r\n-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQGNBF55bdcBDAC6+Fcey+0GcUw4iP4j15+/FylnvGa4wl8MRkYR5XryJn+n/O4s\r\nZbNCKpxwUA7lb2prn37lWMX7LswjvoxfmCTKi78UY1YH7Fqg3JG2PsV9Lw7uYnzC\r\nAImyAflzDpewo+eCF1aknvcbcbGkYFwdQ/37UfG/BkwCDQQGrBZ5EtL6CYXXNX/P\r\nX+4vYv23AVuchHvxeyW2dPLL3A6t3Mx8pZQBdN1cGZ1QAtE9IN0Yn2y+rMsNpDG4\r\ncOQ6bRqmue2I8JEB4AsQcufcqx69imBvBERsIZEyGZekLjmiuqDKI9Gti2VKZe/t\r\nxdl++gjplq6OAkdzXDGsMNtwxSk21IBrugAXK6K+4RPiMrPpBh81VGzBe2PRKUwT\r\nAZi06KZdaZudehvzIMLsNP5Aeep4+GXxoZ7Yrka/08SIv7SN5XY4o6xkli658Z+l\r\n8WAj2JiI684D/TK5MlvcBDQk1yKdDI2iC4eTFLkJ2PiDToUDT+vACrcnevstU+c8\r\nrNPFbvbB1DUIIo8AEQEAAbQ5Q29nbml0aXZlIFNlY3VyaXR5IENvbGxhYm9yYXRp\r\ndmUgPG1pc3BAY29nc2VjLWNvbGxhYi5vcmc+iQHUBBMBCAA+FiEEm65FjZ6Jbfp9\r\nCN50hA2Itf18R2cFAl55bdcCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC\r\nF4AACgkQhA2Itf18R2e/ewv7BuCpmNIR0YOJld8RqrS4g5MV6eKJUuTRYUOxDyw9\r\nvgdpdvM1FgHPZ7pJcsijKQ+S+dL7ADmEbsCLWe1UhcwbnVRxJ0T+1yxRf6ONQA0/\r\ntRLmrcF4j6JCkl01irWRnYxMI1w1ABOQj4/J7BcTCzbYUdnxSuWhcZBqcsYIHf8J\r\nHnfbVd7OIML/80IRZbRXn1ST6OeXK9RpzqO7bnfPGnd506dt8sfHCWRidUSv2max\r\nrsi9xSyXeSKSNPQFVBgYnMVwBVUGIaWTnt7Ly4I8Bs5P9NWUpLYrRgYLMbDzLWaD\r\nxX7qNQjAKkNCx9k7qQN0Ck9YqeUIuJQPq2doGuLKnqjJBXizsXbAFqcKitQz7WV2\r\nPUsN/QUguVyZbhy7oJELlWDiDWxS6EwpU+q0SODHjCFKoUXvWFkk9bz1K4/kLDFO\r\nOdTABp7i65nJst5b3pVXimoTKqW7JRyCUWz3aaaqjWSTPKP2GmQbxOwM86rgmnGX\r\nqq8Ces6LQw6zGw08ubDDotEKuQGNBF55bdcBDACbmsVMV7azLYys6iMXTLVERasT\r\nUnw8FpKADA2uDgQme5o3CjeFtBBkgBNe8zdOEEslggETVmntp4n6woQzOknDHNx/\r\nVMliUaGuIYgmC8hTDTF269fdRTpKMrcwu2aBEUpHpG7Xvz91HIr213FTwU0LLq0g\r\n+DefSlwdcMPJiCUqshLw8q/D3qVg/VYVen5li55RQBBFLgYYNgag3WnSejE41uqz\r\nvt40FZ4C88Pj0I3f+PRtfHHeXTZehUjs3+W4jn1fLWNmbIScmIhwp/Vqh8R7JHf2\r\n69UGgWr4cOaLGh6C2Io+TVJ+Sq7TMt47qB6eO53Vr2nyizXTxjrmAWqjw3OLc8QX\r\nWsjbpTMqUaPisnCpog/3SqnE4Fe2rQYkroQao6dRL3FrmgvnyhLgjUtjk6fAfx1+\r\nH6fQFH/JJGCNefG9AWo41Er3oHGoV0yqlI697uk0QGdx/848hc0gXLrus82bw+BI\r\nx36ycevxkpmfvzC8lew/vLEB7t/jqXH2H9Qqtm0AEQEAAYkBvAQYAQgAJhYhBJuu\r\nRY2eiW36fQjedIQNiLX9fEdnBQJeeW3XAhsMBQkJZgGAAAoJEIQNiLX9fEdnmYsM\r\nAJzX6MCYoGPED1VXMoPXVS9s7V7hv+0Q4SKcoUxqROwA0wb3NwvdnzO/WAQlzIIj\r\ny1Sk9VX8qZkATN7+nti8jfhKnlMVqAXFFg9fMsq68WlTzHiyGm06DnM2DXBvdLRT\r\nwbcm5H4Ly1/bCFww6Spbxo3zScrSCeRrIHHGOHEzr/vhcZavRDpFmdpTCD6ID7oG\r\nw5jR6GdSCpvBT6Lq7M2xe6cVw/A9z5tE3cIf75uikKfch8HFVV2l1B9XLJVpvhqv\r\nYf+kUa7l7VP893yyTyf9G6SSaS77VKlHxn+OQ9AX+wdgSpD5SgVkvRFXejXw8oIZ\r\nBeTNYTvYYgV75ApnvT+hyeirGDCRRiTiuva0ijd71PzTRk+5Ad80rav1Jy864dUt\r\nDcSklY5T+wjJf7kb/3nIE5vqO/3YkJxdDTvZM23T+IZsCvamQ5pyyp+bP3HTAZkr\r\no6oiGFXbv5OF6/wkUG6vQ5w1RCUQVLfrM6Dh675dx/sdI+p0JMt6BlvlRUJSofu0\r\nWw==\r\n=4aXp\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n",
+    "misp_project_vetted": true,
+    "scope_of_data_to_be_shared": "Information Operation Threat Intelligence including disinformation, indicators, threat intelligence information, reports, contextual threat actor information or financial fraud information."
   }
 ]

From c4c0f14224df5afa318fa1bc8a69b575566d4053 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 24 Mar 2020 07:21:49 +0100
Subject: [PATCH 20/21] chg: [feeds metadata] fix incorrect timestamp field

---
 app/files/feed-metadata/defaults.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/files/feed-metadata/defaults.json b/app/files/feed-metadata/defaults.json
index 0fb6e356f..4965e1da9 100644
--- a/app/files/feed-metadata/defaults.json
+++ b/app/files/feed-metadata/defaults.json
@@ -1799,7 +1799,7 @@
       "id": "114",
       "name": "DigitalSide Threat-Intel OSINT Feed",
       "provider": "osint.digitalside.it",
-      "url": "https:\/\/osint.digitalside.it\/Threat-Intel\/digitalside-misp-feed\/",
+      "url": "https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/",
       "rules": "",
       "enabled": false,
       "distribution": "0",
@@ -1827,7 +1827,7 @@
       "id": "115",
       "name": "Metasploit exploits with CVE assigned",
       "provider": "eCrimeLabs",
-      "url": "https:\/\/feeds.ecrimelabs.net\/data\/metasploit-cve",
+      "url": "https://feeds.ecrimelabs.net/data/metasploit-cve",
       "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
       "enabled": true,
       "distribution": "0",
@@ -1858,12 +1858,12 @@
       "hide_tag": false
     }
   },
-  {  
+  {
     "Feed": {
       "id": "116",
       "name": "Malware Bazaar",
       "provider": "abuse.ch",
-      "url": "https:\/\/bazaar.abuse.ch\/export\/txt\/md5\/full\/",
+      "url": "https://bazaar.abuse.ch/export/txt/md5/full/",
       "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
       "enabled": false,
       "distribution": "0",
@@ -1876,14 +1876,14 @@
       "event_id": "0",
       "publish": false,
       "override_ids": false,
-      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\\\/^#.*\\\/i\"}}",
+      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\\/^#.*\\/i\"}}",
       "input_source": "network",
       "delete_local_file": false,
       "lookup_visible": true,
       "headers": "",
       "caching_enabled": false,
       "force_to_ids": false,
-      "cache_timestamp": false
+      "cache_timestamp": "1571206806"
     },
     "Tag": {
       "id": "615",

From 01a33d683fa7c094a88006bc0d75ed0329dbee4b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 24 Mar 2020 10:03:09 +0100
Subject: [PATCH 21/21] chg: [style] Added spaces in JSON used for the
 automation examples

---
 app/View/Events/automation.ctp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/View/Events/automation.ctp b/app/View/Events/automation.ctp
index 160460e49..ef9d166f5 100644
--- a/app/View/Events/automation.ctp
+++ b/app/View/Events/automation.ctp
@@ -124,7 +124,7 @@
         echo 'Accept: application/json' . PHP_EOL;
         echo 'Content-type: application/json';
     ?></pre>
-    <code>{"request": {"type":"ip", "eventid":["!51","!62"],"withAttachment":false,"tags":["APT1","!OSINT"],"from":false,"to":"2015-02-15"}}</code><br /><br />
+    <code>{"request": {"type": "ip", "eventid": ["!51","!62"],"withAttachment": false,"tags": ["APT1","!OSINT"],"from": false,"to": "2015-02-15"}}</code><br /><br />
     <p>XML:</p>
     <pre><?php
         echo 'Headers' . PHP_EOL;