MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [eventReport:markdownEditor] Improved parsing of context (reduced 

false positive) + find rendered element in doc
pull/6493/head
mokaddem 2020-10-21 11:28:44 +02:00
parent 053f0e9605
commit c39fe850b8
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
2 changed files with 53 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
app/Model/EventReport.php
View File

@ -738,14 +738,16 @@ class EventReport extends AppModel
if ($found) {
$replacedContext[$tagName][$tagName] = $cluster['GalaxyCluster'];
}
$found = strpos($originalContent, $cluster['GalaxyCluster']['value']) !== false;
$toSearch = ' ' . $cluster['GalaxyCluster']['value'] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$cluster['GalaxyCluster']['value']][$tagName] = $cluster['GalaxyCluster'];
}
if ($options['synonyms']) {
foreach ($cluster['GalaxyElement'] as $j => $element) {
if (strlen($element['value']) >= $options['synonyms_min_characters']) {
$found = strpos($originalContent, $element['value']) !== false;
$toSearch = ' ' . $element['value'] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$element['value']][$tagName] = $cluster['GalaxyCluster'];
}
@ -763,16 +765,19 @@ class EventReport extends AppModel
foreach ($attackClusters as $i => $cluster) {
$cluster['GalaxyCluster']['colour'] = '#0088cc';
$tagName = $cluster['GalaxyCluster']['tag_name'];
$found = strpos($originalContent, $cluster['GalaxyCluster']['value']) !== false;
$toSearch = ' ' . $cluster['GalaxyCluster']['value'] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$cluster['GalaxyCluster']['value']][$tagName] = $cluster['GalaxyCluster'];
} else {
$clusterParts = explode(' - ', $cluster['GalaxyCluster']['value']);
$found = strpos($originalContent, $clusterParts[0]) !== false;
$clusterParts = explode(' - ', $cluster['GalaxyCluster']['value'], 2);
$toSearch = ' ' . $clusterParts[0] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$clusterParts[0]][$tagName] = $cluster['GalaxyCluster'];
} else {
$found = strpos($originalContent, $clusterParts[1]) !== false;
$toSearch = ' ' . $clusterParts[1] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$clusterParts[1]][$tagName] = $cluster['GalaxyCluster'];
}
@ -808,9 +813,10 @@ class EventReport extends AppModel
{
$lastIndex = 0;
$allIndices = [];
while (($lastIndex = strpos($content, $tagName, $lastIndex)) !== false) {
$toSearch = ' ' . $tagName . ' ';
while (($lastIndex = strpos($content, $toSearch, $lastIndex)) !== false) {
$allIndices[] = $lastIndex;
$lastIndex = $lastIndex + strlen($tagName);
$lastIndex = $lastIndex + strlen($toSearch);
}
if (empty($allIndices)) {
return false;

45
app/webroot/js/markdownEditor/event-report.js
View File

@ -52,6 +52,7 @@ var unreferencedElements = {
values: null,
context: null
};
var suggestionIDs = []
var suggestions = {}
var pickedSuggestion = { tableID: null, tr: null, entity: null, index: null, isContext: null }
@ -371,7 +372,6 @@ function MISPElementSuggestionRule(state) {
}
/* Parsing Rules */
function MISPElementRule(state, startLine, endLine, silent) {
// debugger;
var pos, start, labelStart, labelEnd, res, elementID, code, content, token, tokens, attrs, scope
var oldPos = state.pos,
max = state.posMax
@ -443,7 +443,6 @@ function MISPElementRule(state, startLine, endLine, silent) {
// We found the end of the link, and know for a fact it's a valid link;
// so all that's left to do is to call tokenizer.
// debugger;
content = {
scope: scope,
elementID: elementID,
@ -455,7 +454,12 @@ function MISPElementRule(state, startLine, endLine, silent) {
token = state.push('MISPPictureElement', 'div', 0);
} else {
token = state.push('MISPElement', 'div', 0);
token.isSuggestion = (scope == 'suggestion')
if (scope == 'suggestion') {
token.isSuggestion = true
content.indexes.suggestionID = consumeSuggestionID()
} else {
token.isSuggestion = false
}
}
token.children = tokens;
@ -493,7 +497,7 @@ function MISPPictureElementRenderer(tokens, idx, options, env, slf) {
function renderMISPElement(scope, elementID, indexes) {
var templateVariables
if (scope == 'suggestion') {
var suggestionKey = 'suggestion-' + String(indexes.lineStart) + '-' + String(indexes.start)
var suggestionKey = 'suggestion-' + String(indexes.lineStart) + '-' + String(indexes.suggestionID)
if (suggestions[elementID] !== undefined) {
var suggestion = suggestions[elementID][suggestionKey]
if (suggestion !== undefined) {
@ -975,6 +979,7 @@ function prepareSuggestionInterface(complexTypeToolResult, replacementValues, re
function highlightPickedSuggestionInReport() {
setEditorData(contentBeforeSuggestions)
resetSuggestionIDs()
for (var i = 0; i < entitiesFromComplexTool.length; i++) {
var entity = entitiesFromComplexTool[i];
if (pickedSuggestion.entity.value == entity.value) {
@ -991,6 +996,7 @@ function highlightPickedReplacementInReport() {
var entity = pickedSuggestion.entity
setEditorData(contentBeforeSuggestions)
var content = contentBeforeSuggestions
resetSuggestionIDs()
var converted = convertEntityIntoSuggestion(content, entity)
setEditorData(converted)
var indicesInCM = getAllSuggestionIndicesOf(converted, entity.value, false)
@ -1032,7 +1038,7 @@ function constructSuggestionMapping(entity, indicesInCM) {
var suggestionBaseKey = 'suggestion-', suggestionKey
suggestions[entity.value] = {}
indicesInCM.forEach(function(index) {
suggestionKey = suggestionBaseKey + index.editorPosition.line + '-' + index.editorPosition.ch
suggestionKey = suggestionBaseKey + index.editorPosition.line + '-' + getNewSuggestionID()
suggestions[entity.value][suggestionKey] = {
startIndex: index,
endIndex: {index: index.index + entity.value.length},
@ -1162,7 +1168,8 @@ function getContentWithCheckedElements(isReplacement) {
var suggestion = suggestions[value][suggestionKey]
contentWithPickedSuggestions += content.substr(nextIndex, suggestion.startIndex.index - nextIndex)
nextIndex = suggestion.startIndex.index
if (suggestion.checked) {
renderedInMardown = $('.misp-element-wrapper.suggestion[data-suggestionkey="' + suggestionKey + '"]').length > 0;
if (suggestion.checked && renderedInMardown) { // If the suggestion is not rendered, ignore it (could happen if parent block is escaped)
if (isReplacement) {
if (suggestion.isContext === true) {
contentWithPickedSuggestions += '@[attribute](' + suggestion.complexTypeToolResult.replacement + ')'
@ -2000,6 +2007,17 @@ function jumpToNextOccurrence() {
}
suggestionToScrollInto.scrollIntoView({ behavior: 'smooth', block: 'nearest' })
pickOccurrence($(suggestionToScrollInto))
} else {
var toSearch = '@[suggestion](' + pickedSuggestion.entity.value + ')'
var match = $('#viewer').find('*').filter(function() {
return $(this).text().includes(toSearch)
})
if (match.length > 0) {
showMessage('success', 'Suggestion element not rendered. Please check manually')
match[0].scrollIntoView({ behavior: 'smooth', block: 'nearest' })
} else {
showMessage('fail', 'Could not find element')
}
}
}
@ -2061,6 +2079,21 @@ function getAllIndicesOf(haystack, needle, caseSensitive, requestLineNum) {
return indices;
}
function getNewSuggestionID() {
var randomID = getRandomID()
suggestionIDs.push(randomID)
return randomID
}
function consumeSuggestionID() {
return suggestionIDs.shift()
}
function resetSuggestionIDs() {
suggestionIDs = []
}
function getRandomID() {
return Math.random().toString(36).substr(2,9)
}
function getLineNumInArrayList(index, arrayToSearchInto) {
for (var lineNum = 0; lineNum < arrayToSearchInto.length; lineNum++) {
var newLineIndex = arrayToSearchInto[lineNum];