mirror of https://github.com/MISP/MISP
fix: [API] fixed adding malware-samples unencrypted with the encrypt key set, fixes #4355
parent
f4936599b8
commit
b519230f28
|
@ -254,6 +254,8 @@ class AttributesController extends AppController
|
|||
}
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
if (empty($attribute['blocked'])) {
|
||||
$attribute = $this->Attribute->onDemandEncrypt($attribute);
|
||||
$attributes[$k] = $attribute;
|
||||
$this->Attribute->set($attribute);
|
||||
$result = $this->Attribute->validates();
|
||||
if (!$result) {
|
||||
|
|
|
@ -198,7 +198,9 @@ class ObjectsController extends AppController
|
|||
$object['Attribute'][$k]['event_id'] = $eventId;
|
||||
$this->MispObject->Event->Attribute->set($attribute);
|
||||
if (!$this->MispObject->Event->Attribute->validates()) {
|
||||
$error = 'Could not save object as at least one attribute has failed validation (' . $attribute['object_relation'] . '). ' . json_encode($this->MispObject->Event->Attribute->validationErrors);
|
||||
if ($this->MispObject->Event->Attribute->validationErrors['value'][0] !== 'Composite type found but the value not in the composite (value1|value2) format.') {
|
||||
$error = 'Could not save object as at least one attribute has failed validation (' . $attribute['object_relation'] . '). ' . json_encode($this->MispObject->Event->Attribute->validationErrors);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3213,13 +3213,7 @@ class Attribute extends AppModel
|
|||
}
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
if (!empty($attribute['encrypt']) && $attribute['encrypt']) {
|
||||
if (strpos($attribute['value'], '|') !== false) {
|
||||
$temp = explode('|', $attribute['value']);
|
||||
$attribute['value'] = $temp[0];
|
||||
}
|
||||
$result = $this->handleMaliciousBase64($attribute['event_id'], $attribute['value'], $attribute['data'], array('md5'));
|
||||
$attribute['data'] = $result['data'];
|
||||
$attribute['value'] = $attribute['value'] . '|' . $result['md5'];
|
||||
$attribute = $this->onDemandEncrypt($attribute);
|
||||
}
|
||||
if (!isset($attribute['distribution'])) {
|
||||
$attribute['distribution'] = $defaultDistribution;
|
||||
|
@ -3231,6 +3225,18 @@ class Attribute extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
public function onDemandEncrypt($attribute)
|
||||
{
|
||||
if (strpos($attribute['value'], '|') !== false) {
|
||||
$temp = explode('|', $attribute['value']);
|
||||
$attribute['value'] = $temp[0];
|
||||
}
|
||||
$result = $this->handleMaliciousBase64($attribute['event_id'], $attribute['value'], $attribute['data'], array('md5'));
|
||||
$attribute['data'] = $result['data'];
|
||||
$attribute['value'] = $attribute['value'] . '|' . $result['md5'];
|
||||
return $attribute;
|
||||
}
|
||||
|
||||
public function saveAndEncryptAttribute($attribute, $user = false)
|
||||
{
|
||||
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
|
||||
|
@ -3599,6 +3605,9 @@ class Attribute extends AppModel
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!empty($this->validationErrors)) {
|
||||
$validationErrors = $this->validationErrors;
|
||||
}
|
||||
return $attribute;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue