MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #217 from Xen0ph0n/patch-5 

Code to defang URLs/Emails/Domains/IPs in Alerts
pull/224/head
iglocska 2014-02-25 15:29:06 +01:00
parent 680087b1f4 92ab6ba752
commit c0a4953f81
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Model/Event.php
View File

@ -1094,6 +1094,15 @@ class Event extends AppModel {
} else {
$line = $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . $ids . "\n";
}
//Defanging URLs (Not "links") emails domains/ips in notification emails
if ('url' == $attribute['type']) {
$line = str_ireplace("http","hxxp", $line);
}
elseif ('email-src' == $attribute['type'] or 'email-dst' == $attribute['type']) {
$line = str_replace("@","[at]", $line);
}
elseif ('domain' == $attribute['type'] or 'ip-src' == $attribute['type'] or 'ip-dst' == $attribute['type']) {
$line = str_replace(".","_", $line);
if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom.
$bodyTempOther .= $line;
else $body .= $line;