mirror of https://github.com/MISP/MISP
Merge branch 'develop_0.2.2_fixes' into develop
Conflicts: app/Model/Attribute.phppull/61/head
commit
bf98f2db3c
|
@ -0,0 +1,20 @@
|
||||||
|
Existing bugs:
|
||||||
|
|
||||||
|
- timeout admin_user.
|
||||||
|
1 search attributes: next page goes to search, search again, then at next page.
|
||||||
|
- Somehow there got a user_id 0 in events.
|
||||||
|
- View User and Events got lost(?), but is still there in 0.2.2
|
||||||
|
|
||||||
|
Fixed bugs:
|
||||||
|
|
||||||
|
- some admin routing.
|
||||||
|
- timeout user (?).
|
||||||
|
- list servers: error lastpushed/pulledid.
|
||||||
|
- attribute with type filename|md5 -> filename, remove |..
|
||||||
|
- add attachment show only categroies with attachment and malware-sample types.
|
||||||
|
- add attribute, non-valide, correct, ´black-holed´.
|
||||||
|
- view event, edit attribute, no validation.
|
||||||
|
- add user, some validation error then extra: authkey not defined.
|
||||||
|
- authError gets displayed before login.
|
||||||
|
- IE, no download (Js) (CakePHP bug #2554 related?)
|
||||||
|
- uppercases in md5 or sha1 when type filename|md5/sha1 is not lc like type md5/sha1.
|
|
@ -24,6 +24,7 @@ class AttributesController extends AppController {
|
||||||
if ('search' == $this->request->params['action']) {
|
if ('search' == $this->request->params['action']) {
|
||||||
$this->Security->csrfUseOnce = false;
|
$this->Security->csrfUseOnce = false;
|
||||||
}
|
}
|
||||||
|
$this->Security->validatePost = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -168,18 +169,21 @@ class AttributesController extends AppController {
|
||||||
$filename = '';
|
$filename = '';
|
||||||
if('attachment' == $this->Attribute->data['Attribute']['type']) {
|
if('attachment' == $this->Attribute->data['Attribute']['type']) {
|
||||||
$filename= $this->Attribute->data['Attribute']['value'];
|
$filename= $this->Attribute->data['Attribute']['value'];
|
||||||
|
$file_ext = pathinfo($filename, PATHINFO_EXTENSION);
|
||||||
|
$filename= substr($filename,0,strlen($filename)-strlen($file_ext));
|
||||||
} elseif ('malware-sample'== $this->Attribute->data['Attribute']['type']) {
|
} elseif ('malware-sample'== $this->Attribute->data['Attribute']['type']) {
|
||||||
$filename_hash = explode('|', $this->Attribute->data['Attribute']['value']);
|
$filename_hash = explode('|', $this->Attribute->data['Attribute']['value']);
|
||||||
$filename = $filename_hash[0].".zip";
|
$filename = $filename_hash[0];
|
||||||
|
$file_ext = "zip";
|
||||||
} else {
|
} else {
|
||||||
throw new NotFoundException(__('Attribute not an attachment or malware-sample'));
|
throw new NotFoundException(__('Attribute not an attachment or malware-sample'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$file_ext = explode(".", $filename);
|
|
||||||
$this->viewClass = 'Media';
|
$this->viewClass = 'Media';
|
||||||
$params = array(
|
$params = array(
|
||||||
'id' => $file->path,
|
'id' => $file->path,
|
||||||
'name' => $filename,
|
'name' => $filename,
|
||||||
|
'extension' => $file_ext,
|
||||||
'download' => true,
|
'download' => true,
|
||||||
'path' => DS
|
'path' => DS
|
||||||
);
|
);
|
||||||
|
@ -289,14 +293,32 @@ class AttributesController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
// combobos for categories
|
// combobos for categories
|
||||||
$categories = $this->Attribute->validate['category']['rule'][1];
|
$categories = $this->Attribute->validate['category']['rule'][1];
|
||||||
$categories = $this->_arrayToValuesIndexArray($categories);
|
// just get them with attachments..
|
||||||
|
$selectedCategories = array();
|
||||||
|
foreach ($categories as $category) {
|
||||||
|
if (isset($this->Attribute->category_definitions[$category])) {
|
||||||
|
$types = $this->Attribute->category_definitions[$category]['types'];
|
||||||
|
$alreadySet = false;
|
||||||
|
foreach ($types as $type) {
|
||||||
|
if ($this->Attribute->typeIsAttachment($type) && !$alreadySet) {
|
||||||
|
// add to the whole..
|
||||||
|
$selectedCategories[] = $category;
|
||||||
|
$alreadySet = true;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
$categories = $this->_arrayToValuesIndexArray($selectedCategories);
|
||||||
$this->set('categories',compact('categories'));
|
$this->set('categories',compact('categories'));
|
||||||
|
|
||||||
$this->set('attr_descriptions', $this->Attribute->field_descriptions);
|
$this->set('attr_descriptions', $this->Attribute->field_descriptions);
|
||||||
$this->set('type_definitions', $this->Attribute->type_definitions);
|
$this->set('type_definitions', $this->Attribute->type_definitions);
|
||||||
$this->set('category_definitions', $this->Attribute->category_definitions);
|
$this->set('category_definitions', $this->Attribute->category_definitions);
|
||||||
|
|
||||||
|
$this->set('zipped_definitions', $this->Attribute->zipped_definitions);
|
||||||
|
$this->set('upload_definitions', $this->Attribute->upload_definitions);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -327,7 +349,7 @@ class AttributesController extends AppController {
|
||||||
if ($this->request->is('post') || $this->request->is('put')) {
|
if ($this->request->is('post') || $this->request->is('put')) {
|
||||||
// say what fields are to be updated
|
// say what fields are to be updated
|
||||||
$fieldList=array('category', 'type', 'value1', 'value2', 'to_ids', 'private');
|
$fieldList=array('category', 'type', 'value1', 'value2', 'to_ids', 'private');
|
||||||
if ($this->Attribute->save($this->request->data, true, $fieldList)) {
|
if ($this->Attribute->save($this->request->data)) {
|
||||||
$this->Session->setFlash(__('The attribute has been saved'));
|
$this->Session->setFlash(__('The attribute has been saved'));
|
||||||
|
|
||||||
// remove the published flag from the event
|
// remove the published flag from the event
|
||||||
|
|
|
@ -7,7 +7,8 @@ App::uses('AppController', 'Controller');
|
||||||
*/
|
*/
|
||||||
class UsersController extends AppController {
|
class UsersController extends AppController {
|
||||||
|
|
||||||
|
public $newkey;
|
||||||
|
|
||||||
public $components = array('Security');
|
public $components = array('Security');
|
||||||
public $paginate = array(
|
public $paginate = array(
|
||||||
'limit' => 60,
|
'limit' => 60,
|
||||||
|
@ -157,12 +158,14 @@ class UsersController extends AppController {
|
||||||
$this->Session->setFlash(__('The user has been saved'));
|
$this->Session->setFlash(__('The user has been saved'));
|
||||||
$this->redirect(array('action' => 'index'));
|
$this->redirect(array('action' => 'index'));
|
||||||
} else {
|
} else {
|
||||||
|
// reset auth key for a new user
|
||||||
|
$this->set('authkey', $this->newkey);
|
||||||
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
|
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// generate auth key for a new user
|
// generate auth key for a new user
|
||||||
$newkey = $this->User->generateAuthKey();
|
$this->newkey = $this->User->generateAuthKey();
|
||||||
$this->set('authkey', $newkey);
|
$this->set('authkey', $this->newkey);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -227,7 +230,11 @@ class UsersController extends AppController {
|
||||||
if ($this->Auth->login()) {
|
if ($this->Auth->login()) {
|
||||||
$this->redirect($this->Auth->redirect());
|
$this->redirect($this->Auth->redirect());
|
||||||
} else {
|
} else {
|
||||||
// don't display "invalid user" before first login attempt
|
// don't display authError before first login attempt
|
||||||
|
if (str_replace("//","/",$this->webroot.$this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
|
||||||
|
$this->Session->delete('Message.auth');
|
||||||
|
}
|
||||||
|
// don't display "invalid user" before first login attempt
|
||||||
if($this->request->is('post')) $this->Session->setFlash(__('Invalid username or password, try again'));
|
if($this->request->is('post')) $this->Session->setFlash(__('Invalid username or password, try again'));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,6 +36,18 @@ class Attribute extends AppModel {
|
||||||
// these are definition of possible types + their descriptions and maybe later other behaviors
|
// these are definition of possible types + their descriptions and maybe later other behaviors
|
||||||
// e.g. if the attribute should be correlated with others or not
|
// e.g. if the attribute should be correlated with others or not
|
||||||
|
|
||||||
|
// if these then a category my have upload to be zipped
|
||||||
|
|
||||||
|
public $zipped_definitions = array(
|
||||||
|
'malware-sample'
|
||||||
|
);
|
||||||
|
|
||||||
|
// if these then a category my have upload
|
||||||
|
|
||||||
|
public $upload_definitions = array(
|
||||||
|
'attachment'
|
||||||
|
);
|
||||||
|
|
||||||
public $type_definitions = array(
|
public $type_definitions = array(
|
||||||
'md5' => array('desc' => 'A checksum in md5 format', 'formdesc' => "You are encouraged to use filename|md5 instead. <br/>A checksum in md5 format, only use this if you don't know the correct filename"),
|
'md5' => array('desc' => 'A checksum in md5 format', 'formdesc' => "You are encouraged to use filename|md5 instead. <br/>A checksum in md5 format, only use this if you don't know the correct filename"),
|
||||||
'sha1' => array('desc' => 'A checksum in sha1 format', 'formdesc' => "You are encouraged to use filename|sha1 instead. <br/>A checksum in sha1 format, only use this if you don't know the correct filename"),
|
'sha1' => array('desc' => 'A checksum in sha1 format', 'formdesc' => "You are encouraged to use filename|sha1 instead. <br/>A checksum in sha1 format, only use this if you don't know the correct filename"),
|
||||||
|
@ -264,14 +276,15 @@ class Attribute extends AppModel {
|
||||||
// or copy value to value1 if not composite type
|
// or copy value to value1 if not composite type
|
||||||
if (!empty($this->data['Attribute']['type'])) {
|
if (!empty($this->data['Attribute']['type'])) {
|
||||||
$composite_types = $this->getCompositeTypes();
|
$composite_types = $this->getCompositeTypes();
|
||||||
|
// explode composite types in value1 and value2
|
||||||
|
$pieces = explode('|', $this->data['Attribute']['value']);
|
||||||
if (in_array($this->data['Attribute']['type'], $composite_types)) {
|
if (in_array($this->data['Attribute']['type'], $composite_types)) {
|
||||||
// explode composite types in value1 and value2
|
|
||||||
$pieces = explode('|', $this->data['Attribute']['value']);
|
|
||||||
if (2 != sizeof($pieces)) throw new InternalErrorException('Composite type, but value not explodable');
|
if (2 != sizeof($pieces)) throw new InternalErrorException('Composite type, but value not explodable');
|
||||||
$this->data['Attribute']['value1'] = $pieces[0];
|
$this->data['Attribute']['value1'] = $pieces[0];
|
||||||
$this->data['Attribute']['value2'] = $pieces[1];
|
$this->data['Attribute']['value2'] = $pieces[1];
|
||||||
} else {
|
} else {
|
||||||
$this->data['Attribute']['value1'] = $this->data['Attribute']['value'];
|
$this->data['Attribute']['value1'] = $pieces[0];
|
||||||
|
$this->data['Attribute']['value2'] = '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -316,6 +329,11 @@ class Attribute extends AppModel {
|
||||||
case 'hostname':
|
case 'hostname':
|
||||||
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
|
$this->data['Attribute']['value'] = strtolower($this->data['Attribute']['value']);
|
||||||
break;
|
break;
|
||||||
|
case 'filename|md5':
|
||||||
|
case 'filename|sha1':
|
||||||
|
$pieces = explode('|', $this->data['Attribute']['value']);
|
||||||
|
$this->data['Attribute']['value'] = $pieces[0].'|'.strtolower($pieces[1]);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// generate UUID if it doesn't exist
|
// generate UUID if it doesn't exist
|
||||||
|
@ -551,16 +569,16 @@ class Attribute extends AppModel {
|
||||||
return $similar_events;
|
return $similar_events;
|
||||||
}
|
}
|
||||||
|
|
||||||
function typeIsAttachment($type) {
|
function typeIsMalware($type) {
|
||||||
switch ($type) {
|
if (in_array($type, $this->zipped_definitions)) return true;
|
||||||
case 'attachment':
|
else return false;
|
||||||
case 'malware-sample':
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function typeIsAttachment($type) {
|
||||||
|
if ((in_array($type, $this->zipped_definitions)) || (in_array($type, $this->upload_definitions))) return true;
|
||||||
|
else return false;
|
||||||
|
}
|
||||||
|
|
||||||
function base64EncodeAttachment($attribute) {
|
function base64EncodeAttachment($attribute) {
|
||||||
$filepath = APP."files/".$attribute['event_id']."/".$attribute['id'];
|
$filepath = APP."files/".$attribute['event_id']."/".$attribute['id'];
|
||||||
$file = new File($filepath);
|
$file = new File($filepath);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<div class="attributes form">
|
<div class="attributes form">
|
||||||
<?php echo $this->Form->create('Attribute', array('enctype' => 'multipart/form-data'));?>
|
<?php echo $this->Form->create('Attribute', array('enctype' => 'multipart/form-data','onSubmit' => 'document.getElementById("AttributeMalware").removeAttribute("disabled");'));?>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend><?php echo __('Add Attachment'); ?></legend>
|
<legend><?php echo __('Add Attachment'); ?></legend>
|
||||||
<?php
|
<?php
|
||||||
|
@ -13,9 +13,9 @@
|
||||||
'checked' => false,
|
'checked' => false,
|
||||||
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
|
'after' => '<br>Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
|
||||||
));
|
));
|
||||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||||
echo $this->Form->input('private', array(
|
echo $this->Form->input('private', array(
|
||||||
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),));
|
'before' => $this->Html->div('forminfo', isset($attr_descriptions['private']['formdesc']) ? $attr_descriptions['private']['formdesc'] : $attr_descriptions['private']['desc']),));
|
||||||
}
|
}
|
||||||
// link an onchange event to the form elements
|
// link an onchange event to the form elements
|
||||||
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
|
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
|
||||||
|
@ -39,6 +39,60 @@ var formInfoValues = new Array();
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
var formZipTypeValues = new Array();
|
||||||
|
<?php
|
||||||
|
foreach ($category_definitions as $category => $def) {
|
||||||
|
$types = $def['types'];
|
||||||
|
$alreadySet = false;
|
||||||
|
foreach ($types as $type) {
|
||||||
|
if (in_array($type, $zipped_definitions) && !$alreadySet) {
|
||||||
|
$alreadySet = true;
|
||||||
|
echo "formZipTypeValues['$category'] = \"true\";\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$alreadySet) {
|
||||||
|
echo "formZipTypeValues['$category'] = \"false\";\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
var formAttTypeValues = new Array();
|
||||||
|
<?php
|
||||||
|
foreach ($category_definitions as $category => $def) {
|
||||||
|
$types = $def['types'];
|
||||||
|
$alreadySet = false;
|
||||||
|
foreach ($types as $type) {
|
||||||
|
if (in_array($type, $upload_definitions) && !$alreadySet) {
|
||||||
|
$alreadySet = true;
|
||||||
|
echo "formAttTypeValues['$category'] = \"true\";\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$alreadySet) {
|
||||||
|
echo "formAttTypeValues['$category'] = \"false\";\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
function showFormType(id) {
|
||||||
|
idDiv = id+'Div';
|
||||||
|
// LATER use nice animations
|
||||||
|
//$(idDiv).hide('fast');
|
||||||
|
// change the content
|
||||||
|
var value = $(id).val(); // get the selected value
|
||||||
|
//$(idDiv).html(formInfoValues[value]); // search in a lookup table
|
||||||
|
|
||||||
|
// do checkbox un/ticked when the document is changed
|
||||||
|
if (formZipTypeValues[value] == "true") {
|
||||||
|
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
|
||||||
|
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||||
|
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||||
|
} else {
|
||||||
|
document.getElementById("AttributeMalware").removeAttribute("checked");
|
||||||
|
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||||
|
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function showFormInfo(id) {
|
function showFormInfo(id) {
|
||||||
idDiv = id+'Div';
|
idDiv = id+'Div';
|
||||||
// LATER use nice animations
|
// LATER use nice animations
|
||||||
|
@ -49,11 +103,27 @@ function showFormInfo(id) {
|
||||||
|
|
||||||
// show it again
|
// show it again
|
||||||
$(idDiv).fadeIn('slow');
|
$(idDiv).fadeIn('slow');
|
||||||
|
|
||||||
|
// do checkbox un/ticked when the document is changed
|
||||||
|
if (formZipTypeValues[value] == "true") {
|
||||||
|
document.getElementById("AttributeMalware").setAttribute("checked", "checked");
|
||||||
|
if (formAttTypeValues[value] == "false") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||||
|
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||||
|
} else {
|
||||||
|
document.getElementById("AttributeMalware").removeAttribute("checked");
|
||||||
|
if (formAttTypeValues[value] == "true") document.getElementById("AttributeMalware").setAttribute("disabled", "disabled");
|
||||||
|
else document.getElementById("AttributeMalware").removeAttribute("disabled");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// hide the formInfo things
|
// hide the formInfo things
|
||||||
$('#AttributeTypeDiv').hide();
|
$('#AttributeTypeDiv').hide();
|
||||||
$('#AttributeCategoryDiv').hide();
|
$('#AttributeCategoryDiv').hide();
|
||||||
|
$(function(){
|
||||||
|
// do checkbox un/ticked when the document is ready
|
||||||
|
showFormType("#AttributeCategory");
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
|
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>
|
||||||
|
|
Loading…
Reference in New Issue