mirror of https://github.com/MISP/MISP
fix: [internal] Better error handling when uploading STIX file
Jakub Onderka
parent
b21f673872
commit
cdee859a06
|
|
@ -256,7 +256,7 @@ class ACLComponent extends Component
|
|||
'updateGraph' => array('*'),
|
||||
'upload_analysis_file' => array('perm_add'),
|
||||
'upload_sample' => array('AND' => array('perm_auth', 'perm_add')),
|
||||
'upload_stix' => array('perm_add'),
|
||||
'upload_stix' => array('perm_modify'),
|
||||
'view' => array('*'),
|
||||
'viewClusterRelations' => array('*'),
|
||||
'viewEventAttributes' => array('*'),
|
||||
|
|
|
|||
|
|
@ -2185,15 +2185,14 @@ class EventsController extends AppController
|
|||
|
||||
public function upload_stix($stix_version = '1')
|
||||
{
|
||||
if (!$this->userRole['perm_modify']) {
|
||||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
}
|
||||
$scriptDir = APP . 'files' . DS . 'scripts';
|
||||
if ($this->request->is('post')) {
|
||||
$scriptDir = APP . 'files' . DS . 'scripts';
|
||||
if ($this->_isRest()) {
|
||||
$randomFileName = $this->Event->generateRandomFileName();
|
||||
$tempFile = new File($scriptDir . DS . 'tmp' . DS . $randomFileName, true, 0644);
|
||||
$tempFile->write($this->request->input());
|
||||
if (!$tempFile->write($this->request->input())) {
|
||||
throw new Exception("Could not write content of STIX file.");
|
||||
}
|
||||
$tempFile->close();
|
||||
$result = $this->Event->upload_stix(
|
||||
$this->Auth->user(),
|
||||
|
|
@ -2203,9 +2202,7 @@ class EventsController extends AppController
|
|||
'uploaded_stix_file.' . ($stix_version == '1' ? 'xml' : 'json'),
|
||||
false
|
||||
);
|
||||
if (is_array($result)) {
|
||||
return $this->RestResponse->saveSuccessResponse('Events', 'upload_stix', false, $this->response->type(), 'STIX document imported, event\'s created: ' . implode(', ', $result) . '.');
|
||||
} elseif (is_numeric($result)) {
|
||||
if (is_numeric($result)) {
|
||||
$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $result));
|
||||
if (!empty($event)) {
|
||||
return $this->RestResponse->viewData($event[0], 'json');
|
||||
|
|
@ -2219,7 +2216,9 @@ class EventsController extends AppController
|
|||
$original_file = !empty($this->data['Event']['original_file']) ? $this->data['Event']['stix']['name'] : '';
|
||||
if (isset($this->data['Event']['stix']) && $this->data['Event']['stix']['size'] > 0 && is_uploaded_file($this->data['Event']['stix']['tmp_name'])) {
|
||||
$randomFileName = $this->Event->generateRandomFileName();
|
||||
move_uploaded_file($this->data['Event']['stix']['tmp_name'], $scriptDir . DS . 'tmp' . DS . $randomFileName);
|
||||
if (!move_uploaded_file($this->data['Event']['stix']['tmp_name'], $scriptDir . DS . 'tmp' . DS . $randomFileName)) {
|
||||
throw new Exception("Could not move uploaded STIX file.");
|
||||
}
|
||||
$result = $this->Event->upload_stix(
|
||||
$this->Auth->user(),
|
||||
$scriptDir,
|
||||
|
|
@ -2228,14 +2227,11 @@ class EventsController extends AppController
|
|||
$original_file,
|
||||
$this->data['Event']['publish']
|
||||
);
|
||||
if (is_array($result)) {
|
||||
$this->Flash->success(__('STIX document imported, event\'s created: ' . implode(', ', $result) . '.'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} elseif (is_numeric($result)) {
|
||||
if (is_numeric($result)) {
|
||||
$this->Flash->success(__('STIX document imported.'));
|
||||
$this->redirect(array('action' => 'view', $result));
|
||||
} else {
|
||||
$this->Flash->error(__('Could not import STIX document: ' . $result));
|
||||
$this->Flash->error(__('Could not import STIX document: %s', $result));
|
||||
}
|
||||
} else {
|
||||
$maxUploadSize = intval(ini_get('post_max_size'));
|
||||
|
|
@ -2246,13 +2242,7 @@ class EventsController extends AppController
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($stix_version == 2) {
|
||||
$stix_version = '2.x JSON';
|
||||
} else {
|
||||
$stix_version = '1.x XML';
|
||||
}
|
||||
$this->set('stix_version', $stix_version);
|
||||
$this->set('stix_version', $stix_version == 2 ? '2.x JSON' : '1.x XML');
|
||||
}
|
||||
|
||||
public function merge($target_id=null, $source_id=null)
|
||||
|
|
|
|||
|
|
@ -5917,10 +5917,18 @@ class Event extends AppModel
|
|||
return $this->save($event);
|
||||
}
|
||||
|
||||
public function upload_stix($user, $scriptDir, $filename, $stix_version, $original_file, $publish)
|
||||
/**
|
||||
* @param array $user
|
||||
* @param string $scriptDir
|
||||
* @param string $filename
|
||||
* @param string $stix_version
|
||||
* @param string $original_file
|
||||
* @param bool $publish
|
||||
* @return int|string|array
|
||||
* @throws JsonException
|
||||
*/
|
||||
public function upload_stix(array $user, $scriptDir, $filename, $stix_version, $original_file, $publish)
|
||||
{
|
||||
App::uses('Folder', 'Utility');
|
||||
App::uses('File', 'Utility');
|
||||
$tempFilePath = $scriptDir . DS . 'tmp' . DS . $filename;
|
||||
if ($stix_version == '2') {
|
||||
$scriptFile = $scriptDir . DS . 'stix2' . DS . 'stix2misp.py';
|
||||
|
|
@ -5948,7 +5956,10 @@ class Event extends AppModel
|
|||
unlink($tempFilePath);
|
||||
if (trim($result) == '1') {
|
||||
$data = file_get_contents($output_path);
|
||||
$data = json_decode($data, true);
|
||||
if ($data === false) {
|
||||
throw new Exception("Could not get content of `$output_path` file.");
|
||||
}
|
||||
$data = $this->jsonDecode($data);
|
||||
if (empty($data['Event'])) {
|
||||
$data = array('Event' => $data);
|
||||
}
|
||||
|
|
@ -5956,12 +5967,12 @@ class Event extends AppModel
|
|||
$created_id = false;
|
||||
$validationIssues = false;
|
||||
$result = $this->_add($data, true, $user, '', null, false, null, $created_id, $validationIssues);
|
||||
if ($result) {
|
||||
if ($original_file && !is_numeric($result)) {
|
||||
if ($result === true) {
|
||||
if ($original_file) {
|
||||
$this->add_original_file($tempFile, $original_file, $created_id, $stix_version);
|
||||
}
|
||||
if ($publish && $user['Role']['perm_publish']) {
|
||||
$this->publish($this->getID(), null);
|
||||
$this->publish($created_id);
|
||||
}
|
||||
return $created_id;
|
||||
}
|
||||
|
|
@ -7214,6 +7225,14 @@ class Event extends AppModel
|
|||
return $eventIdList;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $file File content
|
||||
* @param string $original_filename
|
||||
* @param int $event_id
|
||||
* @param string $format
|
||||
* @return bool
|
||||
* @throws Exception
|
||||
*/
|
||||
public function add_original_file($file, $original_filename, $event_id, $format)
|
||||
{
|
||||
if (!Configure::check('MISP.default_attribute_distribution') || Configure::read('MISP.default_attribute_distribution') === 'event') {
|
||||
|
|
@ -7231,7 +7250,9 @@ class Event extends AppModel
|
|||
'event_id' => $event_id,
|
||||
'distribution' => $distribution
|
||||
);
|
||||
$this->Object->save($object);
|
||||
if (!$this->Object->save($object)) {
|
||||
throw new Exception("Could not save object for original file because of validation errors:" . json_encode($this->Object->validationErrors));
|
||||
}
|
||||
$object_id = $this->Object->id;
|
||||
$attributes = array(
|
||||
array(
|
||||
|
|
|
|||
|
|
@ -72,6 +72,7 @@ class MispObject extends AppModel
|
|||
'on' => 'create'
|
||||
),
|
||||
),
|
||||
'event_id' => ['numeric'],
|
||||
'first_seen' => array(
|
||||
'rule' => array('datetimeOrNull'),
|
||||
'required' => false,
|
||||
|
|
|
|||
Loading…
Reference in New Issue