mirror of https://github.com/MISP/MISP
Merge branch 'develop_0.2.2_fixes' into develop
Conflicts: app/Model/Attribute.phppull/61/head
Andrzej Dereszowski
commit
bf98f2db3c
|
|
@ -0,0 +1,20 @@
|
|||
Existing bugs:
|
||||
|
||||
- timeout admin_user.
|
||||
1 search attributes: next page goes to search, search again, then at next page.
|
||||
- Somehow there got a user_id 0 in events.
|
||||
- View User and Events got lost(?), but is still there in 0.2.2
|
||||
|
||||
Fixed bugs:
|
||||
|
||||
- some admin routing.
|
||||
- timeout user (?).
|
||||
- list servers: error lastpushed/pulledid.
|
||||
- attribute with type filename|md5 -> filename, remove |..
|
||||
- add attachment show only categroies with attachment and malware-sample types.
|
||||
- add attribute, non-valide, correct, ´black-holed´.
|
||||
- view event, edit attribute, no validation.
|
||||
- add user, some validation error then extra: authkey not defined.
|
||||
- authError gets displayed before login.
|
||||
- IE, no download (Js) (CakePHP bug #2554 related?)
|
||||
- uppercases in md5 or sha1 when type filename|md5/sha1 is not lc like type md5/sha1.
|
||||
|
|
@ -24,6 +24,7 @@ class AttributesController extends AppController {
|
|||
if ('search' == $this->request->params['action']) {
|
||||
$this->Security->csrfUseOnce = false;
|
||||
}
|
||||
$this->Security->validatePost = false;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -168,18 +169,21 @@ class AttributesController extends AppController {
|
|||
$filename = '';
|
||||
if('attachment' == $this->Attribute->data['Attribute']['type']) {
|
||||
$filename= $this->Attribute->data['Attribute']['value'];
|
||||
$file_ext = pathinfo($filename, PATHINFO_EXTENSION);
|
||||
$filename= substr($filename,0,strlen($filename)-strlen($file_ext));
|
||||
} elseif ('malware-sample'== $this->Attribute->data['Attribute']['type']) {
|
||||
$filename_hash = explode('|', $this->Attribute->data['Attribute']['value']);
|
||||
$filename = $filename_hash[0].".zip";
|
||||
$filename = $filename_hash[0];
|
||||
$file_ext = "zip";
|
||||
} else {
|
||||
throw new NotFoundException(__('Attribute not an attachment or malware-sample'));
|
||||
}
|
||||
|
||||
$file_ext = explode(".", $filename);
|
||||
$this->viewClass = 'Media';
|
||||
$params = array(
|
||||
'id' => $file->path,
|
||||
'name' => $filename,
|
||||
'name' => $filename,
|
||||
'extension' => $file_ext,
|
||||
'download' => true,
|
||||
'path' => DS
|
||||
);
|
||||
|
|
@ -289,14 +293,32 @@ class AttributesController extends AppController {
|
|||
}
|
||||
|
||||
// combobos for categories
|
||||
$categories = $this->Attribute->validate['category']['rule'][1];
|
||||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
$categories = $this->Attribute->validate['category']['rule'][1];
|
||||
// just get them with attachments..
|
||||
$selectedCategories = array();
|
||||
foreach ($categories as $category) {
|
||||
if (isset($this->Attribute->category_definitions[$category])) {
|
||||
$types = $this->Attribute->category_definitions[$category]['types'];
|
||||
$alreadySet = false;
|
||||
foreach ($types as $type) {
|
||||
if ($this->Attribute->typeIsAttachment($type) && !$alreadySet) {
|
||||
// add to the whole..
|
||||
$selectedCategories[] = $category;
|
||||
$alreadySet = true;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
$categories = $this->_arrayToValuesIndexArray($selectedCategories);
|
||||
$this->set('categories',compact('categories'));
|
||||
|
||||
$this->set('attr_descriptions', $this->Attribute->field_descriptions);
|
||||
$this->set('type_definitions', $this->Attribute->type_definitions);
|
||||
$this->set('category_definitions', $this->Attribute->category_definitions);
|
||||
|
||||
$this->set('zipped_definitions', $this->Attribute->zipped_definitions);
|
||||
$this->set('upload_definitions', $this->Attribute->upload_definitions);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -327,7 +349,7 @@ class AttributesController extends AppController {
|
|||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
// say what fields are to be updated
|
||||
$fieldList=array('category', 'type', 'value1', 'value2', 'to_ids', 'private');
|
||||
if ($this->Attribute->save($this->request->data, true, $fieldList)) {
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The attribute has been saved'));
|
||||
|
||||
// remove the published flag from the event
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ App::uses('AppController', 'Controller');
|
|||
*/
|
||||
class UsersController extends AppController {
|
||||
|
||||
|
||||
public $newkey;
|
||||
|
||||
public $components = array('Security');
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
|
|
@ -157,12 +158,14 @@ class UsersController extends AppController {
|
|||
$this->Session->setFlash(__('The user has been saved'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
// reset auth key for a new user
|
||||
$this->set('authkey', $this->newkey);
|
||||
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
|
||||
}
|
||||
} else {
|
||||
// generate auth key for a new user
|
||||
$newkey = $this->User->generateAuthKey();
|
||||
$this->set('authkey', $newkey);
|
||||
$this->newkey = $this->User->generateAuthKey();
|
||||
$this->set('authkey', $this->newkey);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -227,7 +230,11 @@ class UsersController extends AppController {
|
|||
if ($this->Auth->login()) {
|
||||
$this->redirect($this->Auth->redirect());
|
||||
} else {
|
||||
// don't display "invalid user" before first login attempt
|
||||
// don't display authError before first login attempt
|
||||
if (str_replace("//","/",$this->webroot.$this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
|
||||
$this->Session->delete('Message.auth');
|
||||
}
|
||||
// don't display "invalid user" before first login attempt
|
||||
if($this->request->is('post')) $this->Session->setFlash(__('Invalid username or password, try again'));
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,6 +36,18 @@ class Attribute extends AppModel {
|
|||
// these are definition of possible types + their descriptions and maybe later other behaviors
|
||||
// e.g. if the attribute should be correlated with others or not
|
||||
|
||||
// if these then a category my have upload to be zipped
|
||||
|
||||
public $zipped_definitions = array(
|
||||
'malware-sample'
|
||||
);
|
||||
|
||||
// if these then a category my have upload
|
||||
|
||||
public $upload_definitions = array(
|
||||
'attachment'
|
||||
);
|
||||
|
||||
public $type_definitions = array(
|
||||
'md5' => array('desc' => 'A checksum in md5 format', 'formdesc' => "You are encouraged to use filename|md5 instead. <br/>A checksum in md5 format, only use this if you don't know the correct filename"),
|
||||
'sha1' => array('desc' => 'A checksum in sha1 format', 'formdesc' => "You are encouraged to use filename|sha1 instead. <br/>A checksum in sha1 format, only use this if you don't know the correct filename"),
|
||||
|
|
@ -264,14 +276,15 @@ class Attribute extends AppModel {
|
|||
// or copy value to value1 if not composite type
|
||||
if (!empty($this->data['Attribute']['type'])) {
|
||||
$composite_types = $this->getCompositeTypes();
|
||||
// explode composite types in value1 and value2
|
||||
$pieces = explode('|', $this->data['Attribute']['value']);
|
||||
if (in_array($this->data['Attribute']['type'], $composite_types)) {
|
||||
// explode composite types in value1 and value2
|
||||
$pieces = explode('|', $this->data['Attribute']['value']);
|
||||
if (2 != sizeof($pieces)) throw new InternalErrorException('Composite type, but value not explodable');
|
||||
$this->data['Attribute']['value1'] = $pieces[0];
|
||||
$this->data['Attribute']['value2'] = $pieces[1];
|
||||
} else {
|
||||
$this->data['Attribute']['value1'] = $this->data['Attribute']['value'];
|
||||
$this->data['Attribute']['value1'] = $pieces[0];
|
||||
$this->data['Attribute']['value2'] = '';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -316,6 +329,11 @@ class Attribute extends AppModel {
|
|||
case 'hostname':
|
||||
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
|
||||
break;
|
||||
case 'filename|md5':
|
||||
case 'filename|sha1':
|
||||
$pieces = explode('|', $this->data['Attribute']['value']);
|
||||
$this->data['Attribute']['value'] = $pieces[0].'|'.strtolower($pieces[1]);
|
||||
break;
|
||||
}
|
||||
|
||||
// generate UUID if it doesn't exist
|
||||
|
|
@ -551,16 +569,16 @@ class Attribute extends AppModel {
|
|||
return $similar_events;
|
||||
}
|
||||
|
||||
function typeIsAttachment($type) {
|
||||
switch ($type) {
|
||||
case 'attachment':
|
||||
case 'malware-sample':
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
function typeIsMalware($type) {
|
||||
if (in_array($type, $this->zipped_definitions)) return true;
|
||||
else return false;
|
||||
}
|
||||
|
||||
|
||||
function typeIsAttachment($type) {
|
||||
if ((in_array($type, $this->zipped_definitions)) || (in_array($type, $this->upload_definitions))) return true;
|
||||
else return false;
|
||||
}
|
||||
|
||||
function base64EncodeAttachment($attribute) {
|
||||
$filepath = APP."files/".$attribute['event_id']."/".$attribute['id'];
|
||||
$file = new File($filepath);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<div class="attributes form">
|
||||
<?php echo $this->Form->create('Attribute', array('enctype' => 'multipart/form-data'));?>
|
||||
<?php echo $this->Form->create('Attribute', array('enctype' => 'multipart/form-data','onSubmit' => 'document.getElementById("AttributeMalware").removeAttribute("disabled");'));?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Add Attachment'); ?></legend>
|
||||
<?php
|
||||
|
|
@ -13,9 +13,9 @@
|
|||
'checked' => false,
|
||||
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
|
||||
));
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),));
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('private', array(
|
||||
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),));
|
||||
}
|
||||
// link an onchange event to the form elements
|
||||
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
|
||||
|
|
@ -39,6 +39,60 @@ var formInfoValues = new Array();
|
|||
}
|
||||
?>
|
||||
|
||||
var formZipTypeValues = new Array();
|
||||
<?php
|
||||
foreach ($category_definitions as $category => $def) {
|
||||
$types = $def['types'];
|
||||
$alreadySet = false;
|
||||
foreach ($types as $type) {
|
||||
if (in_array($type, $zipped_definitions) && !$alreadySet) {
|
||||
$alreadySet = true;
|
||||
echo "formZipTypeValues['$category'] = \"true\";\n";
|
||||
}
|
||||
}
|
||||
if (!$alreadySet) {
|
||||
echo "formZipTypeValues['$category'] = \"false\";\n";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
var formAttTypeValues = new Array();
|
||||
<?php
|
||||
foreach ($category_definitions as $category => $def) {
|
||||
$types = $def['types'];
|
||||
$alreadySet = false;
|
||||
foreach ($types as $type) {
|
||||
if (in_array($type, $upload_definitions) && !$alreadySet) {
|
||||
$alreadySet = true;
|
||||
echo "formAttTypeValues['$category'] = \"true\";\n";
|
||||
}
|
||||
}
|
||||
if (!$alreadySet) {
|
||||
echo "formAttTypeValues['$category'] = \"false\";\n";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
function showFormType(id) {
|
||||
idDiv = id+'Div';
|
||||
// LATER use nice animations
|
||||
//$(idDiv).hide('fast');
|
||||
// change the content
|
||||
var value = $(id).val(); // get the selected value
|
||||
//$(idDiv).html(formInfoValues[value]); // search in a lookup table
|
||||
|
||||
// do checkbox un/ticked when the document is changed
|
||||
if (formZipTypeValues[value] == "true") {
|
||||
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
|
||||
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||
} else {
|
||||
document.getElementById("AttributeMalware").removeAttribute("checked");
|
||||
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||
}
|
||||
}
|
||||
|
||||
function showFormInfo(id) {
|
||||
idDiv = id+'Div';
|
||||
// LATER use nice animations
|
||||
|
|
@ -49,11 +103,27 @@ function showFormInfo(id) {
|
|||
|
||||
// show it again
|
||||
$(idDiv).fadeIn('slow');
|
||||
|
||||
// do checkbox un/ticked when the document is changed
|
||||
if (formZipTypeValues[value] == "true") {
|
||||
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
|
||||
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||
} else {
|
||||
document.getElementById("AttributeMalware").removeAttribute("checked");
|
||||
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||
}
|
||||
}
|
||||
|
||||
// hide the formInfo things
|
||||
$('#AttributeTypeDiv').hide();
|
||||
$('#AttributeCategoryDiv').hide();
|
||||
$(function(){
|
||||
// do checkbox un/ticked when the document is ready
|
||||
showFormType("#AttributeCategory");
|
||||
}
|
||||
);
|
||||
|
||||
</script>
|
||||
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue