From b519230f28a20b4b21c343ef0fc4d37b978acf6a Mon Sep 17 00:00:00 2001 From: iglocska Date: Sun, 24 Mar 2019 22:30:41 +0100 Subject: [PATCH] fix: [API] fixed adding malware-samples unencrypted with the encrypt key set, fixes #4355 --- app/Controller/AttributesController.php | 2 ++ app/Controller/ObjectsController.php | 4 +++- app/Model/Attribute.php | 23 ++++++++++++++++------- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 31088bc25..fa9f12623 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -254,6 +254,8 @@ class AttributesController extends AppController } foreach ($attributes as $k => $attribute) { if (empty($attribute['blocked'])) { + $attribute = $this->Attribute->onDemandEncrypt($attribute); + $attributes[$k] = $attribute; $this->Attribute->set($attribute); $result = $this->Attribute->validates(); if (!$result) { diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php index e7b6c6f4c..e07dad163 100644 --- a/app/Controller/ObjectsController.php +++ b/app/Controller/ObjectsController.php @@ -198,7 +198,9 @@ class ObjectsController extends AppController $object['Attribute'][$k]['event_id'] = $eventId; $this->MispObject->Event->Attribute->set($attribute); if (!$this->MispObject->Event->Attribute->validates()) { - $error = 'Could not save object as at least one attribute has failed validation (' . $attribute['object_relation'] . '). ' . json_encode($this->MispObject->Event->Attribute->validationErrors); + if ($this->MispObject->Event->Attribute->validationErrors['value'][0] !== 'Composite type found but the value not in the composite (value1|value2) format.') { + $error = 'Could not save object as at least one attribute has failed validation (' . $attribute['object_relation'] . '). ' . json_encode($this->MispObject->Event->Attribute->validationErrors); + } } } } diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index fb1d7c4b6..fc8f41b9f 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -3213,13 +3213,7 @@ class Attribute extends AppModel } foreach ($attributes as $k => $attribute) { if (!empty($attribute['encrypt']) && $attribute['encrypt']) { - if (strpos($attribute['value'], '|') !== false) { - $temp = explode('|', $attribute['value']); - $attribute['value'] = $temp[0]; - } - $result = $this->handleMaliciousBase64($attribute['event_id'], $attribute['value'], $attribute['data'], array('md5')); - $attribute['data'] = $result['data']; - $attribute['value'] = $attribute['value'] . '|' . $result['md5']; + $attribute = $this->onDemandEncrypt($attribute); } if (!isset($attribute['distribution'])) { $attribute['distribution'] = $defaultDistribution; @@ -3231,6 +3225,18 @@ class Attribute extends AppModel return true; } + public function onDemandEncrypt($attribute) + { + if (strpos($attribute['value'], '|') !== false) { + $temp = explode('|', $attribute['value']); + $attribute['value'] = $temp[0]; + } + $result = $this->handleMaliciousBase64($attribute['event_id'], $attribute['value'], $attribute['data'], array('md5')); + $attribute['data'] = $result['data']; + $attribute['value'] = $attribute['value'] . '|' . $result['md5']; + return $attribute; + } + public function saveAndEncryptAttribute($attribute, $user = false) { $hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256'); @@ -3599,6 +3605,9 @@ class Attribute extends AppModel } } } + if (!empty($this->validationErrors)) { + $validationErrors = $this->validationErrors; + } return $attribute; }