Merge branch '2.4' into develop

2021-02-19 19:43:14 +01:00 · 2021-02-19 19:43:14 +01:00 · bf0bc494b2
parent e4bc54ede6 5654b536bd
commit bf0bc494b2
3 changed files with 35 additions and 2 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -1347,6 +1347,18 @@ class AppController extends Controller
        }
        $elementCounter = 0;
        $renderView = false;
+        $responseType = empty($this->$scope->validFormats[$returnFormat][0]) ? 'json' : $this->$scope->validFormats[$returnFormat][0];
+        // halt execution if we were to query for items above the ID. Blocks the endless caching bug
+        if (!empty($filters['page']) && !empty($filters['returnFormat']) && $filters['returnFormat'] === 'cache') {
+            if ($this->__cachingOverflow($filters, $scope)) {
+                $filename = $this->RestSearch->getFilename($filters, $scope, $responseType);
+                return $this->RestResponse->viewData('', $responseType, false, true, $filename, [
+                    'X-Result-Count' => 0,
+                    'X-Export-Module-Used' => $returnFormat,
+                    'X-Response-Format' => $responseType
+                ]);
+            }
+        }
        $final = $this->$scope->restSearch($user, $returnFormat, $filters, false, false, $elementCounter, $renderView);
        if (!empty($renderView) && !empty($final)) {
            $this->layout = false;
@ -1356,12 +1368,29 @@ class AppController extends Controller
            }
            $this->render('/Events/module_views/' . $renderView);
        } else {
-            $responseType = $this->$scope->validFormats[$returnFormat][0];
            $filename = $this->RestSearch->getFilename($filters, $scope, $responseType);
            return $this->RestResponse->viewData($final, $responseType, false, true, $filename, array('X-Result-Count' => $elementCounter, 'X-Export-Module-Used' => $returnFormat, 'X-Response-Format' => $responseType));
        }
    }

+    /**
+     * Halt execution if we were to query for items above the ID. Blocks the endless caching bug.
+     *
+     * @param array $filters
+     * @param string $scope
+     * @return bool
+     */
+    private function __cachingOverflow($filters, $scope)
+    {
+        $offset = ($filters['page'] * (empty($filters['limit']) ? 60 : $filters['limit'])) + 1;
+        $max_id = $this->$scope->query(sprintf('SELECT max(id) as max_id from %s;', Inflector::tableize($scope)));
+        $max_id = intval($max_id[0][0]['max_id']);
+        if ($max_id < $offset) {
+            return true;
+        }
+        return false;
+    }
+
    /**
     * Returns true if user can modify given event.
     *
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@ -505,7 +505,7 @@ class ACLComponent extends Component
                    'import' => array(),
                    'index' => array(),
                    'ondemandAction' => array(),
-                    'postTest' => array('perm_sync'),
+                    'postTest' => array('*'),
                    'previewEvent' => array(),
                    'previewIndex' => array(),
                    'compareServers' => [],
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -4137,6 +4137,10 @@ class Server extends AppModel
                $data = explode(PHP_EOL, trim($data));
                foreach ($data as $entry) {
                    list($value, $uuid) = explode(',', $entry);
+                    if (!Validation::uuid($uuid)) {
+                        $continue = false;
+                        break;
+                    }
                    if (!empty($value)) {
                        $redis->sAdd('misp:server_cache:' . $server['Server']['id'], $value);
                        $redis->sAdd('misp:server_cache:combined', $value);