From 63bdfe2961ae37eef9d196113379f27e1ca5426c Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 4 Jul 2012 14:05:18 +0200 Subject: [PATCH 01/19] Edit composite attribute to non-composite attribute fix. --- app/Model/Attribute.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) mode change 100644 => 100755 app/Model/Attribute.php diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php old mode 100644 new mode 100755 index 7bb70d41e..9617cf12d --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -264,14 +264,15 @@ class Attribute extends AppModel { // or copy value to value1 if not composite type if (!empty($this->data['Attribute']['type'])) { $composite_types = $this->getCompositeTypes(); + // explode composite types in value1 and value2 + $pieces = explode('|', $this->data['Attribute']['value']); if (in_array($this->data['Attribute']['type'], $composite_types)) { - // explode composite types in value1 and value2 - $pieces = explode('|', $this->data['Attribute']['value']); if (2 != sizeof($pieces)) throw new InternalErrorException('Composite type, but value not explodable'); $this->data['Attribute']['value1'] = $pieces[0]; $this->data['Attribute']['value2'] = $pieces[1]; } else { - $this->data['Attribute']['value1'] = $this->data['Attribute']['value']; + $this->data['Attribute']['value1'] = $pieces[0]; + $this->data['Attribute']['value2'] = ''; } } From 6c6086c5c879207b16f824857ab5ac9cb8074a2e Mon Sep 17 00:00:00 2001 From: noud Date: Fri, 6 Jul 2012 13:45:31 +0200 Subject: [PATCH 02/19] List of outstanding and fixed bugs. --- app/BUGS.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 app/BUGS.txt diff --git a/app/BUGS.txt b/app/BUGS.txt new file mode 100644 index 000000000..be0a6c2ad --- /dev/null +++ b/app/BUGS.txt @@ -0,0 +1,13 @@ +Existing bugs: + +- timeout admin_user. +- search attributes: next page goes to search, search again, then at next page. +- Somehow there got a user_id 0 in events. +- View User and Events got lost(?), but is still there in 0.2.2 + +Fixed bugs: + +- some admin routing. +- timeout user (?). +- list servers: error lastpushed/pulledid. +- attribute with type filename|md5 -> filename, remove |.. \ No newline at end of file From ed41233f2ae26bd5478dcb5217271c9288c18c48 Mon Sep 17 00:00:00 2001 From: noud Date: Fri, 6 Jul 2012 13:48:17 +0200 Subject: [PATCH 03/19] No possibility to upload if type attachement or malware-sample is not in category. --- app/Controller/AttributesController.php | 1 + app/Model/Attribute.php | 16 +++++++++------- app/View/Attributes/add_attachment.ctp | 25 +++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 7 deletions(-) mode change 100644 => 100755 app/View/Attributes/add_attachment.ctp diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index d6f71c125..e20d874bf 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -296,6 +296,7 @@ class AttributesController extends AppController { $this->set('type_definitions', $this->Attribute->type_definitions); $this->set('category_definitions', $this->Attribute->category_definitions); + $this->set('upload_definitions', $this->Attribute->upload_definitions); } /** diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 9617cf12d..bbf209139 100755 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -33,6 +33,13 @@ class Attribute extends AppModel { 'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of this single Attribute to other CyDefSIG servers.
Used only when the Event is NOT set as Private') ); + // if these then a category my have upload + + public $upload_definitions = array( + 'attachment', + 'malware-sample' + ); + // these are definition of possible types + their descriptions and maybe LATER other behaviors // e.g. if the attribute should be correlated with others or not @@ -551,13 +558,8 @@ class Attribute extends AppModel { } function typeIsAttachment($type) { - switch ($type) { - case 'attachment': - case 'malware-sample': - return true; - default: - return false; - } + if (in_array($type, $upload_definitions)) return true; + else return false; } function base64EncodeAttachment($attribute) { diff --git a/app/View/Attributes/add_attachment.ctp b/app/View/Attributes/add_attachment.ctp old mode 100644 new mode 100755 index b38eef294..f959e4ebe --- a/app/View/Attributes/add_attachment.ctp +++ b/app/View/Attributes/add_attachment.ctp @@ -5,6 +5,7 @@ Form->hidden('event_id'); echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeCategoryDiv')))); + echo '
'; echo $this->Form->file('value', array( 'error' => array('escape' => false), )); @@ -13,6 +14,7 @@ 'checked' => false, 'after' => '
Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"', )); + echo '
'; if ('true' == Configure::read('CyDefSIG.sync')) { echo $this->Form->input('private', array( 'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),)); @@ -39,6 +41,20 @@ var formInfoValues = new Array(); } ?> +var formTypeValues = new Array(); + $def) { + $types = $def['types']; + $alreadySet = false; + foreach ($types as $type) { + if (in_array($type, $upload_definitions) && !$alreadySet) { + $alreadySet = true; + echo "formTypeValues['$category'] = \"true\";\n"; + } + } + } +?> + function showFormInfo(id) { idDiv = id+'Div'; // LATER use nice animations @@ -49,11 +65,20 @@ function showFormInfo(id) { // show it again $(idDiv).fadeIn('slow'); + + // do/not show upload + if (formTypeValues[value] == "true") { + $('div.upload').show(); + } else { + $('div.upload').hide(); + } } // hide the formInfo things $('#AttributeTypeDiv').hide(); $('#AttributeCategoryDiv').hide(); +// hide upload +$('div.upload').hide(); Js->writeBuffer(); // Write cached scripts ?> From e09c2c9160a2d0b761795445d51de7b2a56ac8e7 Mon Sep 17 00:00:00 2001 From: noud Date: Mon, 9 Jul 2012 14:09:24 +0200 Subject: [PATCH 04/19] 2 extra bugs found. --- app/BUGS.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/BUGS.txt b/app/BUGS.txt index be0a6c2ad..1dbdc4609 100644 --- a/app/BUGS.txt +++ b/app/BUGS.txt @@ -10,4 +10,6 @@ Fixed bugs: - some admin routing. - timeout user (?). - list servers: error lastpushed/pulledid. -- attribute with type filename|md5 -> filename, remove |.. \ No newline at end of file +- attribute with type filename|md5 -> filename, remove |.. +- add attachment show only categroies with attachment and malware-sample types. +- edit attribute, non-valide, correct, ´black-holed´. \ No newline at end of file From 4ac501d54e672864e5ba18a55e9de32569cf0b60 Mon Sep 17 00:00:00 2001 From: noud Date: Mon, 9 Jul 2012 14:14:55 +0200 Subject: [PATCH 05/19] Only show categories with type attachment or malware-sample in Add Attachement view. (this was..No possibility to upload if type attachement or malware-sample is not in category.) --- app/Controller/AttributesController.php | 20 ++++++++++++++++++-- app/Model/Attribute.php | 2 +- app/View/Attributes/add_attachment.ctp | 6 +----- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index e20d874bf..fbcd41dc5 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -288,8 +288,24 @@ class AttributesController extends AppController { } // combobos for categories - $categories = $this->Attribute->validate['category']['rule'][1]; - $categories = $this->_arrayToValuesIndexArray($categories); + $categories = $this->Attribute->validate['category']['rule'][1]; + // just get them with attachments.. + $selectedCategories = array(); + foreach ($categories as $category) { + if (isset($this->Attribute->category_definitions[$category])) { + $types = $this->Attribute->category_definitions[$category]['types']; + $alreadySet = false; + foreach ($types as $type) { + if (in_array($type, $this->Attribute->upload_definitions) && !$alreadySet) { + // add to the whole..207.204.231.231 + $selectedCategories[] = $category; + $alreadySet = true; + continue; + } + } + } + }; + $categories = $this->_arrayToValuesIndexArray($selectedCategories); $this->set('categories',compact('categories')); $this->set('attr_descriptions', $this->Attribute->field_descriptions); diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index bbf209139..5cbaef5cd 100755 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -558,7 +558,7 @@ class Attribute extends AppModel { } function typeIsAttachment($type) { - if (in_array($type, $upload_definitions)) return true; + if (in_array($type, $this->upload_definitions)) return true; else return false; } diff --git a/app/View/Attributes/add_attachment.ctp b/app/View/Attributes/add_attachment.ctp index f959e4ebe..e53ef2be5 100755 --- a/app/View/Attributes/add_attachment.ctp +++ b/app/View/Attributes/add_attachment.ctp @@ -5,16 +5,14 @@ Form->hidden('event_id'); echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id'=> 'AttributeCategoryDiv')))); - echo '
'; echo $this->Form->file('value', array( 'error' => array('escape' => false), )); echo $this->Form->input('malware', array( 'type' => 'checkbox', - 'checked' => false, + 'checked' => true, 'after' => '
Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"', )); - echo '
'; if ('true' == Configure::read('CyDefSIG.sync')) { echo $this->Form->input('private', array( 'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),)); @@ -77,8 +75,6 @@ function showFormInfo(id) { // hide the formInfo things $('#AttributeTypeDiv').hide(); $('#AttributeCategoryDiv').hide(); -// hide upload -$('div.upload').hide(); Js->writeBuffer(); // Write cached scripts ?> From 1143ee265d7beddc004378d9cc2c9ba2f329fa7f Mon Sep 17 00:00:00 2001 From: noud Date: Mon, 9 Jul 2012 14:18:26 +0200 Subject: [PATCH 06/19] =?UTF-8?q?Fix=20to:=20Add=20attribute,=20non-valid,?= =?UTF-8?q?=20correct,=20=C2=B4black-holed=C2=B4.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Controller/AttributesController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index fbcd41dc5..47c7be306 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -24,6 +24,7 @@ class AttributesController extends AppController { if ('search' == $this->request->params['action']) { $this->Security->csrfUseOnce = false; } + $this->Security->validatePost = false; } From aaefa228f09dc67f665b3f1fa518f8617824479c Mon Sep 17 00:00:00 2001 From: noud Date: Mon, 9 Jul 2012 15:12:58 +0200 Subject: [PATCH 07/19] Bug found. --- app/BUGS.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/BUGS.txt b/app/BUGS.txt index 1dbdc4609..7dad86c17 100644 --- a/app/BUGS.txt +++ b/app/BUGS.txt @@ -12,4 +12,5 @@ Fixed bugs: - list servers: error lastpushed/pulledid. - attribute with type filename|md5 -> filename, remove |.. - add attachment show only categroies with attachment and malware-sample types. -- edit attribute, non-valide, correct, ´black-holed´. \ No newline at end of file +- add attribute, non-valide, correct, ´black-holed´. +- view event, edit attribute, no validation. \ No newline at end of file From 1a56db0aacc7ec98f6eba072787f910f0898ad59 Mon Sep 17 00:00:00 2001 From: noud Date: Mon, 9 Jul 2012 15:13:54 +0200 Subject: [PATCH 08/19] Do validation after edit attribute. --- app/Controller/AttributesController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 47c7be306..7e2f5714b 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -344,7 +344,7 @@ class AttributesController extends AppController { if ($this->request->is('post') || $this->request->is('put')) { // say what fields are to be updated $fieldList=array('category', 'type', 'value1', 'value2', 'to_ids', 'private'); - if ($this->Attribute->save($this->request->data, true, $fieldList)) { + if ($this->Attribute->save($this->request->data)) { $this->Session->setFlash(__('The attribute has been saved')); // remove the published flag from the event From 8f4727e3adc0689d91f72b335104d7859ff4cbf6 Mon Sep 17 00:00:00 2001 From: noud Date: Tue, 10 Jul 2012 11:39:43 +0200 Subject: [PATCH 09/19] Correction to upload so zip only ticked when malware and not when attachement. --- app/Controller/AttributesController.php | 5 ++-- app/Model/Attribute.php | 20 +++++++++---- app/View/Attributes/add_attachment.ctp | 39 +++++++++++++++++++------ 3 files changed, 48 insertions(+), 16 deletions(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 7e2f5714b..f13231fd0 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -297,8 +297,8 @@ class AttributesController extends AppController { $types = $this->Attribute->category_definitions[$category]['types']; $alreadySet = false; foreach ($types as $type) { - if (in_array($type, $this->Attribute->upload_definitions) && !$alreadySet) { - // add to the whole..207.204.231.231 + if ($this->Attribute->typeIsAttachment($type) && !$alreadySet) { + // add to the whole.. $selectedCategories[] = $category; $alreadySet = true; continue; @@ -313,6 +313,7 @@ class AttributesController extends AppController { $this->set('type_definitions', $this->Attribute->type_definitions); $this->set('category_definitions', $this->Attribute->category_definitions); + $this->set('zipped_definitions', $this->Attribute->zipped_definitions); $this->set('upload_definitions', $this->Attribute->upload_definitions); } diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 5cbaef5cd..5336341ea 100755 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -33,11 +33,16 @@ class Attribute extends AppModel { 'private' => array('desc' => 'Prevents upload of this single Attribute to other CyDefSIG servers', 'formdesc' => 'Prevents upload of this single Attribute to other CyDefSIG servers.
Used only when the Event is NOT set as Private') ); + // if these then a category my have upload to be zipped + + public $zipped_definitions = array( + 'malware-sample' + ); + // if these then a category my have upload public $upload_definitions = array( - 'attachment', - 'malware-sample' + 'attachment' ); // these are definition of possible types + their descriptions and maybe LATER other behaviors @@ -557,11 +562,16 @@ class Attribute extends AppModel { return $similar_events; } - function typeIsAttachment($type) { - if (in_array($type, $this->upload_definitions)) return true; + function typeIsMalware($type) { + if (in_array($type, $this->zipped_definitions)) return true; else return false; } - + + function typeIsAttachment($type) { + if ((in_array($type, $this->zipped_definitions)) || (in_array($type, $this->upload_definitions))) return true; + else return false; + } + function base64EncodeAttachment($attribute) { $filepath = APP."files/".$attribute['event_id']."/".$attribute['id']; $file = new File($filepath); diff --git a/app/View/Attributes/add_attachment.ctp b/app/View/Attributes/add_attachment.ctp index e53ef2be5..f84651626 100755 --- a/app/View/Attributes/add_attachment.ctp +++ b/app/View/Attributes/add_attachment.ctp @@ -10,12 +10,12 @@ )); echo $this->Form->input('malware', array( 'type' => 'checkbox', - 'checked' => true, + 'checked' => false, 'after' => '
Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"', )); - if ('true' == Configure::read('CyDefSIG.sync')) { - echo $this->Form->input('private', array( - 'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),)); + if ('true' == Configure::read('CyDefSIG.sync')) { + echo $this->Form->input('private', array( + 'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),)); } // link an onchange event to the form elements $this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")'); @@ -45,7 +45,7 @@ var formTypeValues = new Array(); $types = $def['types']; $alreadySet = false; foreach ($types as $type) { - if (in_array($type, $upload_definitions) && !$alreadySet) { + if (in_array($type, $zipped_definitions) && !$alreadySet) { $alreadySet = true; echo "formTypeValues['$category'] = \"true\";\n"; } @@ -53,6 +53,22 @@ var formTypeValues = new Array(); } ?> +function showFormType(id) { + idDiv = id+'Div'; + // LATER use nice animations + //$(idDiv).hide('fast'); + // change the content + var value = $(id).val(); // get the selected value + //$(idDiv).html(formInfoValues[value]); // search in a lookup table + + // do checkbox un/ticked when the document is changed + if (formTypeValues[value] == "true") { + document.getElementById("AttributeMalware").setAttribute("checked", "checked"); + } else { + document.getElementById("AttributeMalware").removeAttribute("checked"); + } +} + function showFormInfo(id) { idDiv = id+'Div'; // LATER use nice animations @@ -64,17 +80,22 @@ function showFormInfo(id) { // show it again $(idDiv).fadeIn('slow'); - // do/not show upload + // do checkbox un/ticked when the document is changed if (formTypeValues[value] == "true") { - $('div.upload').show(); + document.getElementById("AttributeMalware").setAttribute("checked", "checked"); } else { - $('div.upload').hide(); - } + document.getElementById("AttributeMalware").removeAttribute("checked"); + } } // hide the formInfo things $('#AttributeTypeDiv').hide(); $('#AttributeCategoryDiv').hide(); +$(function(){ + // do checkbox un/ticked when the document is ready + showFormType("#AttributeCategory"); + } +); Js->writeBuffer(); // Write cached scripts ?> From 1f894119c70c3e9ec0f17134df81a8626d3bb5d9 Mon Sep 17 00:00:00 2001 From: noud Date: Tue, 10 Jul 2012 11:42:35 +0200 Subject: [PATCH 10/19] One extra bug (IE download). --- app/BUGS.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/BUGS.txt b/app/BUGS.txt index 7dad86c17..ea66450da 100644 --- a/app/BUGS.txt +++ b/app/BUGS.txt @@ -1,9 +1,10 @@ Existing bugs: - timeout admin_user. -- search attributes: next page goes to search, search again, then at next page. +2 search attributes: next page goes to search, search again, then at next page. - Somehow there got a user_id 0 in events. - View User and Events got lost(?), but is still there in 0.2.2 +1 IE, no download (Js) Fixed bugs: From c1bc80ac61b0e02367aae2a116565f91848dc971 Mon Sep 17 00:00:00 2001 From: noud Date: Tue, 10 Jul 2012 13:36:32 +0200 Subject: [PATCH 11/19] Download attachment does not work on MS Internet Explorer. This _can_ be a fix, not sure. If not, CakePHP bug #2554 or others. --- app/Controller/AttributesController.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index f13231fd0..0528ecb14 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -176,11 +176,12 @@ class AttributesController extends AppController { throw new NotFoundException(__('Attribute not an attachment or malware-sample')); } - $file_ext = explode(".", $filename); + $file_ext = pathinfo($filename, PATHINFO_EXTENSION); $this->viewClass = 'Media'; $params = array( 'id' => $file->path, - 'name' => $filename, + 'name' => $filename, + 'extension' => $file_ext, 'download' => true, 'path' => DS ); From a08842e7d427baadb5b9de55af03c83fbd7f9f69 Mon Sep 17 00:00:00 2001 From: noud Date: Tue, 10 Jul 2012 15:38:10 +0200 Subject: [PATCH 12/19] Fix to New User, some validation error then authkey not defined. --- app/Controller/UsersController.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index b0ff283c3..562d09440 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -7,7 +7,8 @@ App::uses('AppController', 'Controller'); */ class UsersController extends AppController { - + public $newkey; + public $components = array('Security'); public $paginate = array( 'limit' => 60, @@ -157,12 +158,14 @@ class UsersController extends AppController { $this->Session->setFlash(__('The user has been saved')); $this->redirect(array('action' => 'index')); } else { + // reset auth key for a new user + $this->set('authkey', $this->newkey); $this->Session->setFlash(__('The user could not be saved. Please, try again.')); } } else { // generate auth key for a new user - $newkey = $this->User->generateAuthKey(); - $this->set('authkey', $newkey); + $this->newkey = $this->User->generateAuthKey(); + $this->set('authkey', $this->newkey); } } From 3f9e1d650b33ef49b5515a67dfa4c029aff5ac6c Mon Sep 17 00:00:00 2001 From: noud Date: Tue, 10 Jul 2012 15:39:08 +0200 Subject: [PATCH 13/19] New bug, Add User and validation error gives extra authkey not defined. --- app/BUGS.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/BUGS.txt b/app/BUGS.txt index ea66450da..d742bc348 100644 --- a/app/BUGS.txt +++ b/app/BUGS.txt @@ -4,7 +4,7 @@ Existing bugs: 2 search attributes: next page goes to search, search again, then at next page. - Somehow there got a user_id 0 in events. - View User and Events got lost(?), but is still there in 0.2.2 -1 IE, no download (Js) +1 IE, no download (Js) (CakePHP bug #2554 related?) Fixed bugs: @@ -14,4 +14,5 @@ Fixed bugs: - attribute with type filename|md5 -> filename, remove |.. - add attachment show only categroies with attachment and malware-sample types. - add attribute, non-valide, correct, ´black-holed´. -- view event, edit attribute, no validation. \ No newline at end of file +- view event, edit attribute, no validation. +- add user, some validation error then extra: authkey not defined. From c1823b1cf494dd25666b40b8bdbba10e5643751e Mon Sep 17 00:00:00 2001 From: noud Date: Tue, 10 Jul 2012 17:23:00 +0200 Subject: [PATCH 14/19] Corrects the download in IE fix, to filename.ext.zip or filename.ext. (Got filename.ext.zip.zip for attachment and filename.ext.ext for malware given the previous fix) --- app/Controller/AttributesController.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 0528ecb14..48cd5c2bd 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -169,14 +169,16 @@ class AttributesController extends AppController { $filename = ''; if('attachment' == $this->Attribute->data['Attribute']['type']) { $filename= $this->Attribute->data['Attribute']['value']; + $file_ext = pathinfo($filename, PATHINFO_EXTENSION); + $filename= substr($filename,0,strlen($filename)-strlen($file_ext)); } elseif ('malware-sample'== $this->Attribute->data['Attribute']['type']) { $filename_hash = explode('|', $this->Attribute->data['Attribute']['value']); - $filename = $filename_hash[0].".zip"; + $filename = $filename_hash[0]; + $file_ext = "zip"; } else { throw new NotFoundException(__('Attribute not an attachment or malware-sample')); } - $file_ext = pathinfo($filename, PATHINFO_EXTENSION); $this->viewClass = 'Media'; $params = array( 'id' => $file->path, From 50e24c7c566535501c742f2b096372d60b8b170c Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 11 Jul 2012 09:48:44 +0200 Subject: [PATCH 15/19] Upload always ticked if malware-sample, always unticked if attachment. --- app/View/Attributes/add_attachment.ctp | 42 +++++++++++++++++++++----- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/app/View/Attributes/add_attachment.ctp b/app/View/Attributes/add_attachment.ctp index f84651626..cf94f5a72 100755 --- a/app/View/Attributes/add_attachment.ctp +++ b/app/View/Attributes/add_attachment.ctp @@ -1,5 +1,5 @@
-Form->create('Attribute', array('enctype' => 'multipart/form-data'));?> +Form->create('Attribute', array('enctype' => 'multipart/form-data','onSubmit' => 'document.getElementById("AttributeMalware").removeAttribute("disabled");'));?>
-var formTypeValues = new Array(); +var formZipTypeValues = new Array(); $def) { $types = $def['types']; @@ -47,9 +47,29 @@ var formTypeValues = new Array(); foreach ($types as $type) { if (in_array($type, $zipped_definitions) && !$alreadySet) { $alreadySet = true; - echo "formTypeValues['$category'] = \"true\";\n"; + echo "formZipTypeValues['$category'] = \"true\";\n"; } } + if (!$alreadySet) { + echo "formZipTypeValues['$category'] = \"false\";\n"; + } + } +?> + +var formAttTypeValues = new Array(); + $def) { + $types = $def['types']; + $alreadySet = false; + foreach ($types as $type) { + if (in_array($type, $upload_definitions) && !$alreadySet) { + $alreadySet = true; + echo "formAttTypeValues['$category'] = \"true\";\n"; + } + } + if (!$alreadySet) { + echo "formAttTypeValues['$category'] = \"false\";\n"; + } } ?> @@ -61,11 +81,15 @@ function showFormType(id) { var value = $(id).val(); // get the selected value //$(idDiv).html(formInfoValues[value]); // search in a lookup table - // do checkbox un/ticked when the document is changed - if (formTypeValues[value] == "true") { + // do checkbox un/ticked when the document is changed + if (formZipTypeValues[value] == "true") { document.getElementById("AttributeMalware").setAttribute("checked", "checked"); - } else { + if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled"); + else document.getElementById("AttributeMalware").removeAttribute("disabled"); + } else { document.getElementById("AttributeMalware").removeAttribute("checked"); + if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled"); + else document.getElementById("AttributeMalware").removeAttribute("disabled"); } } @@ -81,10 +105,14 @@ function showFormInfo(id) { $(idDiv).fadeIn('slow'); // do checkbox un/ticked when the document is changed - if (formTypeValues[value] == "true") { + if (formZipTypeValues[value] == "true") { document.getElementById("AttributeMalware").setAttribute("checked", "checked"); + if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled"); + else document.getElementById("AttributeMalware").removeAttribute("disabled"); } else { document.getElementById("AttributeMalware").removeAttribute("checked"); + if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled"); + else document.getElementById("AttributeMalware").removeAttribute("disabled"); } } From e67d9ebdecc1a2e62765034f089a0ecf72c92d77 Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 11 Jul 2012 10:19:57 +0200 Subject: [PATCH 16/19] Fix to authError getting displayed before login. --- app/Controller/UsersController.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index 562d09440..233ed438c 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -231,7 +231,11 @@ class UsersController extends AppController { if ($this->Auth->login()) { $this->redirect($this->Auth->redirect()); } else { - // don't display "invalid user" before first login attempt + // don't display authError before first login attempt + if (str_replace("//","/",$this->webroot.$this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) { + $this->Session->delete('Message.auth'); + } + // don't display "invalid user" before first login attempt if($this->request->is('post')) $this->Session->setFlash(__('Invalid username or password, try again')); } From 25d33e3578d4b5f6e339710190e93a49c89732c8 Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 11 Jul 2012 10:20:44 +0200 Subject: [PATCH 17/19] New bug, authError gets displayed before login. --- app/BUGS.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/app/BUGS.txt b/app/BUGS.txt index d742bc348..55f337064 100644 --- a/app/BUGS.txt +++ b/app/BUGS.txt @@ -16,3 +16,4 @@ Fixed bugs: - add attribute, non-valide, correct, ´black-holed´. - view event, edit attribute, no validation. - add user, some validation error then extra: authkey not defined. +- authError gets displayed before login. \ No newline at end of file From 5c1a8e22fb234dca81786665366b2f217280050f Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 11 Jul 2012 14:35:46 +0200 Subject: [PATCH 18/19] Fix, do strtolower on types filename|md5 and filename|sha1 conform types md5 and sha1. --- app/Model/Attribute.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 5336341ea..430b9cc63 100755 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -329,6 +329,11 @@ class Attribute extends AppModel { case 'hostname': $this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']); break; + case 'filename|md5': + case 'filename|sha1': + $pieces = explode('|', $this->data['Attribute']['value']); + $this->data['Attribute']['value'] = $pieces[0].'|'.strtolower($pieces[1]); + break; } // generate UUID if it doesn't exist From e353c405e1eaeee4cc30074575c36a6c89443584 Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 11 Jul 2012 14:37:04 +0200 Subject: [PATCH 19/19] New bug.. type filename|md5, conform type md5 strtolower. --- app/BUGS.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/BUGS.txt b/app/BUGS.txt index 55f337064..94bd63ebe 100644 --- a/app/BUGS.txt +++ b/app/BUGS.txt @@ -1,10 +1,9 @@ Existing bugs: - timeout admin_user. -2 search attributes: next page goes to search, search again, then at next page. +1 search attributes: next page goes to search, search again, then at next page. - Somehow there got a user_id 0 in events. - View User and Events got lost(?), but is still there in 0.2.2 -1 IE, no download (Js) (CakePHP bug #2554 related?) Fixed bugs: @@ -16,4 +15,6 @@ Fixed bugs: - add attribute, non-valide, correct, ´black-holed´. - view event, edit attribute, no validation. - add user, some validation error then extra: authkey not defined. -- authError gets displayed before login. \ No newline at end of file +- authError gets displayed before login. +- IE, no download (Js) (CakePHP bug #2554 related?) +- uppercases in md5 or sha1 when type filename|md5/sha1 is not lc like type md5/sha1.