Merge branch '2.4' of https://github.com/MISP/MISP into 2.4

2019-09-26 16:54:09 +02:00 · 2019-09-26 16:54:09 +02:00 · d0b99bebda
parent 78dc7e7512 90e1b8807e
commit d0b99bebda
10 changed files with 118 additions and 24 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -426,7 +426,7 @@ class AppController extends Controller
                $this->Log->create();
                $change = 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here;
                if (($this->request->is('post') || $this->request->is('put')) && !empty(Configure::read('MISP.log_paranoid_include_post_body'))) {
-                    $payload = $this->request->data;
+                    $payload = $this->request->input();
                    if (!empty($payload['_Token'])) {
                        unset($payload['_Token']);
                    }
--- a/app/Controller/TagsController.php
+++ b/app/Controller/TagsController.php
@ -894,7 +894,7 @@ class TagsController extends AppController
        return $object;
    }

-    public function attachTagToObject($uuid = false, $tag = false)
+    public function attachTagToObject($uuid = false, $tag = false, $local = false)
    {
        if (!$this->request->is('post')) {
            throw new MethodNotAllowedException('This method is only accessible via POST requests.');
@ -921,6 +921,14 @@ class TagsController extends AppController
        } else {
            $conditions = array('LOWER(Tag.name) LIKE' => strtolower(trim($tag)));
        }
+        if (empty($local)) {
+            if (!empty($this->request->data['local'])) {
+                $local = $this->request->data['local'];
+            }
+        }
+        if (!is_bool($local)) {
+            throw new InvalidArgumentException('Invalid local flag');
+        }
        $objectType = '';
        $object = $this->__findObjectByUuid($uuid, $objectType);
        $existingTag = $this->Tag->find('first', array('conditions' => $conditions, 'recursive' => -1));
@ -948,23 +956,18 @@ class TagsController extends AppController
        $connectorObject = $objectType . 'Tag';
        $conditions = array(
            strtolower($objectType) . '_id' => $object[$objectType]['id'],
-            'tag_id' => $existingTag['Tag']['id']
+            'tag_id' => $existingTag['Tag']['id'],
+            'local' => ($local ? 1 : 0)
        );
        $existingAssociation = $this->$objectType->$connectorObject->find('first', array(
-            'conditions' => array(
-                strtolower($objectType) . '_id' => $object[$objectType]['id'],
-                'tag_id' => $existingTag['Tag']['id']
-            )
+            'conditions' => $conditions
        ));
        if (!empty($existingAssociation)) {
            return $this->RestResponse->saveSuccessResponse('Tags', 'attachTagToObject', false, $this->response->type(), $objectType . ' already has the requested tag attached, no changes had to be made.');
        }
        $this->$objectType->$connectorObject->create();
        $data = array(
-            $connectorObject => array(
-                strtolower($objectType) . '_id' => $object[$objectType]['id'],
-                'tag_id' => $existingTag['Tag']['id']
-            )
+            $connectorObject => $conditions
        );
        if ($objectType == 'Attribute') {
            $data[$connectorObject]['event_id'] = $object['Event']['id'];
@ -983,7 +986,11 @@ class TagsController extends AppController
            } else if ($objectType === 'Event') {
                $this->Event->unpublishEvent($object['Event']['id']);
            }
-            $message = 'Tag ' . $existingTag['Tag']['name'] . '(' . $existingTag['Tag']['id'] . ') successfully attached to ' . $objectType . '(' . $object[$objectType]['id'] . ').';
+            if($local) {
+                $message = 'Local tag ' . $existingTag['Tag']['name'] . '(' . $existingTag['Tag']['id'] . ') successfully attached to ' . $objectType . '(' . $object[$objectType]['id'] . ').';
+            } else {
+                $message = 'Global tag ' . $existingTag['Tag']['name'] . '(' . $existingTag['Tag']['id'] . ') successfully attached to ' . $objectType . '(' . $object[$objectType]['id'] . ').';
+            }
            return $this->RestResponse->saveSuccessResponse('Tags', 'attachTagToObject', false, $this->response->type(), $message);
        } else {
            return $this->RestResponse->saveFailResponse('Tags', 'attachTagToObject', false, 'Failed to attach tag to object.', $this->response->type());
--- a/app/Lib/Export/NetfilterExport.php
+++ b/app/Lib/Export/NetfilterExport.php
@ -0,0 +1,78 @@
+<?php
+
+class NetfilterExport
+{
+    public $additional_params = array(
+        'flatten' => 1,
+        'conditions' => array(
+            'AND' => array(
+                'Attribute.type' => array(
+                    'ip-dst', 'ip-src', 'domain|ip', 'ip-dst|port', 'ip-src|port'
+                )
+            )
+        )
+    );
+
+    public $non_restrictive_export = true;
+
+    private $__attributeTypeMappings = array(
+        'ip-dst' => 'full',
+        'ip-src' => 'full',
+        'domain|ip' => 1,
+        'ip-dst|port' => 0,
+        'ip-src|port' => 0
+    );
+
+    public function handler($data, $options = array())
+    {
+        $action = empty($options['filters']['netfilter_action']) ? 'DROP' : $options['filters']['netfilter_action'];
+        if ($options['scope'] === 'Attribute') {
+            if (in_array($data['Attribute']['type'], array_keys($this->__attributeTypeMappings))) {
+                return $this->__convertToRule($data['Attribute'], $action) . "\n";
+            } else {
+                return '';
+            }
+        }
+        if ($options['scope'] === 'Event') {
+            $result = array();
+            foreach ($data['Attribute'] as $attribute) {
+                if (in_array($data['Attribute']['type'], array_keys($this->__attributeTypeMappings))) {
+                    $result[] = $this->__convertToRule($data['Attribute'], $action);
+                }
+            }
+            return implode($this->separator(), $result) . "\n";
+        }
+        return '';
+    }
+
+    private function __convertToRule($attribute, $action)
+    {
+        $ip = false;
+        if ($this->__attributeTypeMappings[$attribute['type']] === 'full') {
+            $ip = $attribute['value'];
+        } else {
+            $ip = explode('|', $attribute['value']);
+            $ip = $ip[$this->__attributeTypeMappings[$attribute['type']]];
+        }
+        return sprintf(
+            'iptables -A INPUT -s %s -j %s',
+            $ip,
+            $action
+        );
+    }
+
+    public function header($options = array())
+    {
+        return '';
+    }
+
+    public function footer()
+    {
+        return "";
+    }
+
+    public function separator()
+    {
+        return "";
+    }
+}
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -70,7 +70,7 @@ class Attribute extends AppModel

        //
        // NOTE WHEN MODIFYING: please ensure to run the script 'tools/gen_misp_types_categories.py' to update the new definitions everywhere. (docu, website, RFC, ...)
-        //  
+        //
        $this->categoryDefinitions = array(
            'Internal reference' => array(
                    'desc' => __('Reference used by the publishing party (e.g. ticket number)'),
@ -149,7 +149,7 @@ class Attribute extends AppModel

        //
        // NOTE WHEN MODIFYING: please ensure to run the script 'tools/gen_misp_types_categories.py' to update the new definitions everywhere. (docu, website, RFC, ...)
-        //  
+        //
        $this->typeDefinitions = array(
            'md5' => array('desc' => __('A checksum in md5 format'), 'formdesc' => __("You are encouraged to use filename|md5 instead. A checksum in md5 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1),
            'sha1' => array('desc' => __('A checksum in sha1 format'), 'formdesc' => __("You are encouraged to use filename|sha1 instead. A checksum in sha1 format, only use this if you don't know the correct filename"), 'default_category' => 'Payload delivery', 'to_ids' => 1),
@ -405,7 +405,8 @@ class Attribute extends AppModel
        'rpz' => array('txt', 'RPZExport', 'rpz'),
        'csv' => array('csv', 'CsvExport', 'csv'),
        'cache' => array('txt', 'CacheExport', 'cache'),
-        'attack-sightings' => array('json', 'AttackSightingsExport', 'json')
+        'attack-sightings' => array('json', 'AttackSightingsExport', 'json'),
+        'netfilter' => array('txt', 'NetfilterExport', 'sh')
    );

    // FIXME we need a better way to list the defaultCategories knowing that new attribute types will continue to appear in the future. We should generate this dynamically or use a function using the default_category of the $typeDefinitions
@ -4313,7 +4314,10 @@ class Attribute extends AppModel
            'filters' => $filters
        );
        if (!empty($exportTool->additional_params)) {
-            $params = array_merge($params, $exportTool->additional_params);
+            $params = array_merge_recursive(
+                $params,
+                $exportTool->additional_params
+            );
        }
        $tmpfile = tmpfile();
        fwrite($tmpfile, $exportTool->header($exportToolParams));
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -180,7 +180,8 @@ class Event extends AppModel
        'yara-json' => array('json', 'YaraExport', 'json'),
        'cache' => array('txt', 'CacheExport', 'cache'),
        'attack' => array('html', 'AttackExport', 'html'),
-        'attack-sightings' => array('json', 'AttackSightingsExport', 'json')
+        'attack-sightings' => array('json', 'AttackSightingsExport', 'json'),
+        'netfilter' => array('txt', 'NetfilterExport', 'sh')
    );

    public $csv_event_context_fields_to_fetch = array(
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -4054,10 +4054,7 @@ class Server extends AppModel
        if (empty($user)) {
            $user = array('Organisation' => array('name' => 'SYSTEM'), 'email' => 'SYSTEM', 'id' => 0);
        }
-        App::uses('Folder', 'Utility');
-        $file = new File(ROOT . DS . 'VERSION.json', true);
-        $localVersion = json_decode($file->read(), true);
-        $file->close();
+        $localVersion = $this->checkMISPVersion();
        $server = $this->find('first', array('conditions' => array('Server.id' => $id)));
        $HttpSocket = $this->setupHttpSocket($server, $HttpSocket);
        $request = $this->setupSyncRequest($server);
--- a/app/View/Elements/genericElements/IndexTable/Fields/json.ctp
+++ b/app/View/Elements/genericElements/IndexTable/Fields/json.ctp
@ -0,0 +1,7 @@
+<?php
+    $data = h(Hash::extract($row, $field['data_path']));
+    echo sprintf(
+        '<div style="white-space:pre;" class="blue bold">%s</div>',
+        json_encode($data, JSON_PRETTY_PRINT)
+    );
+?>
--- a/app/files/misp-decaying-models
+++ b/app/files/misp-decaying-models
@ -1 +1 @@
-Subproject commit f38d1604f1fbd602d59d5a88fd906a2d7c21dfb3
+Subproject commit 0bf4d8bafc71f44cd65c7ad291bc0b4270dcecb8
--- a/app/files/misp-galaxy
+++ b/app/files/misp-galaxy
@ -1 +1 @@
-Subproject commit 42f457fc22dcec032e93b8bf5b4be54e3d89249d
+Subproject commit 309109eb270966a716edbbbd621bd96aa2a90726
--- a/app/files/misp-objects
+++ b/app/files/misp-objects
@ -1 +1 @@
-Subproject commit 4ab14e785a9d4a696a092495c4d8954fd9fb0e9c
+Subproject commit ffc120106c4ba9ed3b2fd5ae18d41f730e61b3ab