mirror of https://github.com/MISP/MISP
fix: Only allow malware-samples to be created using the upload_sample api, fixes #1843
- contrary to the documentation, setting the IDS flag decided the type of the resulting upload (malware-sample vs attachment) - attachments can easily be created without any black magic using the add attribute api anyway - also fixed a bug that prevented the timestamp of events receiving a sample via the upload_sample api from being re-timestampedpull/1857/head
Iglocska
parent
ff1e001074
commit
c3225e0679
|
|
@ -3480,10 +3480,10 @@ class EventsController extends AppController {
|
|||
$this->loadModel('Log');
|
||||
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
|
||||
$categoryDefinitions = $this->Event->Attribute->categoryDefinitions;
|
||||
$types = array();
|
||||
$categories = array();
|
||||
foreach ($categoryDefinitions as $k => $v) {
|
||||
if (in_array('malware-sample', $v['types']) && !in_array($k, $types)) {
|
||||
$types[] = $k;
|
||||
if (in_array('malware-sample', $v['types']) && !in_array($k, $categories)) {
|
||||
$categories[] = $k;
|
||||
}
|
||||
}
|
||||
$parameter_options = array(
|
||||
|
|
@ -3492,7 +3492,7 @@ class EventsController extends AppController {
|
|||
'analysis' => array('valid_options' => array(0, 1, 2), 'default' => 0),
|
||||
'info' => array('default' => 'Malware samples uploaded on ' . date('Y-m-d')),
|
||||
'to_ids' => array('valid_options' => array(0, 1), 'default' => 1),
|
||||
'category' => array('valid_options' => $types, 'default' => 'Payload installation'),
|
||||
'category' => array('valid_options' => $categories, 'default' => 'Payload installation'),
|
||||
'comment' => array('default' => '')
|
||||
);
|
||||
|
||||
|
|
@ -3554,6 +3554,8 @@ class EventsController extends AppController {
|
|||
));
|
||||
if (empty($event)) throw new NotFoundException('Event not found.');
|
||||
$this->Event->id = $data['event_id'];
|
||||
$date = new DateTime();
|
||||
$this->Event->saveField('timestamp', $date->getTimestamp());
|
||||
$this->Event->saveField('published', 0);
|
||||
} else {
|
||||
$this->Event->create();
|
||||
|
|
@ -3590,69 +3592,44 @@ class EventsController extends AppController {
|
|||
$successCount = 0;
|
||||
$errors = array();
|
||||
foreach ($data['files'] as $file) {
|
||||
if ($data['to_ids']) {
|
||||
$temp = $this->Event->Attribute->handleMaliciousBase64($data['event_id'], $file['filename'], $file['data'], array_keys($hashes));
|
||||
if ($temp['success']) {
|
||||
foreach ($hashes as $hash => $typeName) {
|
||||
if ($temp[$hash] == false) continue;
|
||||
$file[$hash] = $temp[$hash];
|
||||
$file['data'] = $temp['data'];
|
||||
$this->Event->Attribute->create();
|
||||
$attribute = array(
|
||||
'value' => $file['filename'] . '|' . $file[$hash],
|
||||
'distribution' => $data['distribution'],
|
||||
'category' => $data['category'],
|
||||
'type' => $typeName,
|
||||
'event_id' => $data['event_id'],
|
||||
'to_ids' => $data['to_ids'],
|
||||
'comment' => $data['comment']
|
||||
);
|
||||
if ($hash == 'md5') $attribute['data'] = $file['data'];
|
||||
$result = $this->Event->Attribute->save($attribute);
|
||||
if (!$result) {
|
||||
$this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Event',
|
||||
'model_id' => $data['event_id'],
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'upload_sample',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Error: Failed to create attribute using the upload sample functionality',
|
||||
'change' => 'There was an issue creating an attribute (' . $typeName . ': ' . $file['filename'] . '|' . $file[$hash] . '). ' . 'The validation errors were: ' . json_encode($this->Event->Attribute->validationErrors),
|
||||
));
|
||||
if ($typeName == 'malware-sample') {
|
||||
$errors[] = array('filename' => $file['filename'], 'hash' => $file[$hash], 'error' => $this->Event->Attribute->validationErrors);
|
||||
}
|
||||
} else if ($typeName == 'malware-sample') {
|
||||
$successCount++;
|
||||
$temp = $this->Event->Attribute->handleMaliciousBase64($data['event_id'], $file['filename'], $file['data'], array_keys($hashes));
|
||||
if ($temp['success']) {
|
||||
foreach ($hashes as $hash => $typeName) {
|
||||
if ($temp[$hash] == false) continue;
|
||||
$file[$hash] = $temp[$hash];
|
||||
$file['data'] = $temp['data'];
|
||||
$this->Event->Attribute->create();
|
||||
$attribute = array(
|
||||
'value' => $file['filename'] . '|' . $file[$hash],
|
||||
'distribution' => $data['distribution'],
|
||||
'category' => $data['category'],
|
||||
'type' => $typeName,
|
||||
'event_id' => $data['event_id'],
|
||||
'to_ids' => $data['to_ids'],
|
||||
'comment' => $data['comment']
|
||||
);
|
||||
if ($hash == 'md5') $attribute['data'] = $file['data'];
|
||||
$result = $this->Event->Attribute->save($attribute);
|
||||
if (!$result) {
|
||||
$this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Event',
|
||||
'model_id' => $data['event_id'],
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'upload_sample',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Error: Failed to create attribute using the upload sample functionality',
|
||||
'change' => 'There was an issue creating an attribute (' . $typeName . ': ' . $file['filename'] . '|' . $file[$hash] . '). ' . 'The validation errors were: ' . json_encode($this->Event->Attribute->validationErrors),
|
||||
));
|
||||
if ($typeName == 'malware-sample') {
|
||||
$errors[] = array('filename' => $file['filename'], 'hash' => $file[$hash], 'error' => $this->Event->Attribute->validationErrors);
|
||||
}
|
||||
} else if ($typeName == 'malware-sample') {
|
||||
$successCount++;
|
||||
}
|
||||
} else {
|
||||
$errors[] = array('filename' => $file['filename'], 'hash' => $file['hash'], 'error' => 'Failed to encrypt and compress the file.');
|
||||
}
|
||||
} else {
|
||||
$this->Event->Attribute->create();
|
||||
$attribute = array(
|
||||
'value' => $file['filename'],
|
||||
'distribution' => $data['distribution'],
|
||||
'category' => $data['category'],
|
||||
'type' => 'attachment',
|
||||
'event_id' => $data['event_id'],
|
||||
'to_ids' => $data['to_ids'],
|
||||
'data' => $file['data'],
|
||||
'comment' => $data['comment']
|
||||
);
|
||||
$result = $this->Event->Attribute->save($attribute);
|
||||
$this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Event',
|
||||
'model_id' => $data['event_id'],
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'upload_sample',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Error: Failed to create attribute using the upload sample functionality',
|
||||
'change' => 'There was an issue creating an attribute (attachment: ' . $file['filename'] . '). ' . 'The validation errors were: ' . json_encode($this->Event->Attribute->validationErrors),
|
||||
));
|
||||
$errors[] = array('filename' => $file['filename'], 'hash' => $file['hash'], 'error' => 'Failed to encrypt and compress the file.');
|
||||
}
|
||||
}
|
||||
if (!empty($errors)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue