MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hotfix-2.3.85'

pull/567/head v2.3.85
Iglocska 2015-06-22 14:12:00 +02:00
parent b3ea702d96 0e09319eae
commit d01783761a
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":84}
{"major":2, "minor":3, "hotfix":85}

3
app/Controller/EventsController.php
View File

@ -2896,6 +2896,9 @@ class EventsController extends AppController {
'md5' => 'Payload delivery',
'sha1' => 'Payload delivery',
'sha256' => 'Payload delivery',
'filename|md5' => 'Payload delivery',
'filename|sha1' => 'Payload delivery',
'filename|sha256' => 'Payload delivery',
'regkey' => 'Persistence mechanism',
'filename' => 'Payload delivery',
'ip-src' => 'Network activity',

14
app/Lib/Tools/ComplexTypeTool.php
View File

@ -59,7 +59,7 @@ class ComplexTypeTool {
}
public function checkFreeText($input) {
$iocArray = preg_split("/\r\n|\n|\r|\s|\s+/", $input);
$iocArray = preg_split("/\r\n|\n|\r|\s|\s+|,/", $input);
$resultArray = array();
foreach ($iocArray as $ioc) {
$ioc = trim($ioc);
@ -80,6 +80,17 @@ class ComplexTypeTool {
$input = trim($input);
$input = strtolower($input);
if (strpos($input, '|')) {
$compositeParts = explode('|', $input);
if (count($compositeParts) == 2) {
if ($this->__resolveFilename($compositeParts[0])) {
if (strlen($compositeParts[1]) == 32 && preg_match("#[0-9a-f]{32}$#", $compositeParts[1])) return array('types' => array('filename|md5'), 'to_ids' => true, 'default_type' => 'filename|md5');
if (strlen($compositeParts[1]) == 40 && preg_match("#[0-9a-f]{40}$#", $compositeParts[1])) return array('types' => array('filename|sha1'), 'to_ids' => true, 'default_type' => 'filename|sha1');
if (strlen($compositeParts[1]) == 64 && preg_match("#[0-9a-f]{64}$#", $compositeParts[1])) return array('types' => array('filename|sha256'), 'to_ids' => true, 'default_type' => 'filename|sha256');
}
}
}
// check for hashes
if (strlen($input) == 32 && preg_match("#[0-9a-f]{32}$#", $input)) return array('types' => array('md5'), 'to_ids' => true, 'default_type' => 'md5');
if (strlen($input) == 40 && preg_match("#[0-9a-f]{40}$#", $input)) return array('types' => array('sha1'), 'to_ids' => true, 'default_type' => 'sha1');
@ -153,6 +164,7 @@ class ComplexTypeTool {
strpos($input, '.') != 0 &&
strpos($input, '..') == 0 &&
strpos($input, '.') != (strlen($input)-1) &&
preg_match('/(.*)\.[^(\|\<\>\^\=\?\/\[\]\"\;\*)]*$/', $input) &&
!preg_match('/[?:<>|\\*:\/@]/', $input)
) return true;
return false;