MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hotfix-2.3.126'

pull/663/head v2.3.126
iglocska 2015-09-16 14:36:13 +02:00
parent d8530815f5 0fe9794370
commit d1c4a789dc
18 changed files with 314 additions and 258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":125}
{"major":2, "minor":3, "hotfix":126}

2
app/Controller/AppController.php
View File

@ -79,6 +79,8 @@ class AppController extends Controller {
public $mispVersion = '2.3.0';
public function beforeFilter() {
$versionArray = $this->{$this->modelClass}->checkMISPVersion();
$this->mispVersion = implode('.', array_values($versionArray));
$this->Security->blackHoleCallback = 'blackHole';
// send users away that are using ancient versions of IE
// Make sure to update this if IE 20 comes out :)

23
app/Controller/AttributesController.php
View File

@ -236,7 +236,11 @@ class AttributesController extends AppController {
} else {
if ($this->_isRest()) { // TODO return error if REST
// REST users want to see the failed attribute
throw new NotFoundException('Could not save the attribute. ' . $this->Attribute->validationErrors);
$message = '';
foreach ($this->Attribute->validationErrors as $k => $v) {
$message .= '[' . $k . ']: ' . $v[0] . PHP_EOL;
}
throw new NotFoundException('Could not save the attribute. ' . $message);
} elseif ($this->request->is('ajax')) {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $this->Attribute->validationErrors)),'status'=>200));
@ -1492,7 +1496,7 @@ class AttributesController extends AppController {
}
$simpleFalse = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid');
foreach ($simpleFalse as $sF) {
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF})) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Attribute->Event->dateFieldCheck($from);
@ -1738,7 +1742,7 @@ class AttributesController extends AppController {
public function text($key='download', $type='all', $tags=false, $eventId=false, $allowNonIDS=false, $from=false, $to=false, $last=false) {
$simpleFalse = array('eventId', 'allowNonIDS', 'tags', 'from', 'to', 'last');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($type === 'null' || $type === '0' || $type === 'false') $type = 'all';
if ($from) $from = $this->Attribute->Event->dateFieldCheck($from);
@ -1788,7 +1792,7 @@ class AttributesController extends AppController {
$simpleFalse = array('eventId', 'tags', 'from', 'to', 'policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || ${$sF} === null || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if (!in_array($policy, array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden'))) $policy = false;
App::uses('RPZExport', 'Export');
@ -2109,7 +2113,7 @@ class AttributesController extends AppController {
$simpleFalse = array('hash', 'allSamples', 'eventID');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
// valid combinations of settings are:
@ -2217,7 +2221,14 @@ class AttributesController extends AppController {
$this->set('message', $error);
$this->set('_serialize', array('message'));
}
}
public function pruneOrphanedAttributes() {
if (!$this->_isSiteAdmin()) throw new MethodNotAllowedException('You are not authorised to do that.');
$events = array_keys($this->Attribute->Event->find('list'));
$orphans = $this->Attribute->find('list', array('conditions' => array('Attribute.event_id !=' => $events)));
if (count($orphans) > 0) $this->Attribute->deleteAll(array('Attribute.event_id !=' => $events), false, true);
$this->Session->setFlash('Removed ' . count($orphans) . ' attribute(s).');
$this->redirect('/pages/display/administration');
}
}

57
app/Controller/EventBlacklistsController.php
View File

@ -22,7 +22,6 @@ class EventBlacklistsController extends AppController {
);
public function index() {
if ($this->response->type() === 'application/json' || $this->response->type() == 'application/xml' || $this->_isRest()) {
$blackList = $this->paginate();
$eventBlacklist= array();
@ -57,7 +56,15 @@ class EventBlacklistsController extends AppController {
$uuid = trim($uuid);
if (strlen($uuid) == 36) {
$this->EventBlacklist->create();
if ($this->EventBlacklist->save(array('event_uuid' => $uuid))) {
if ($this->EventBlacklist->save(
array(
'event_uuid' => $uuid,
'comment' => $data['EventBlacklist']['comment'],
'event_info' => $data['EventBlacklist']['info'],
'event_orgc' => $data['EventBlacklist']['orgc'],
)
)
) {
$successes[] = $uuid;
} else {
$fails[] = $uuid;
@ -69,13 +76,57 @@ class EventBlacklistsController extends AppController {
$message = 'Done. Added ' . count($successes) . ' new entries to the blacklist. ' . count($fails) . ' entries could not be saved.';
if ($this->_isRest()) {
$this->set('result', array('successes' => $successes, 'fails' => $fails));
$this->set('_serialize', array('result'));
$this->set('message', $message);
$this->set('_serialize', array('message', 'result'));
} else {
$this->Session->setFlash(__($message));
$this->redirect(array('action' => 'index'));
}
}
}
public function edit($id) {
if (strlen($id) == 36) {
$eb = $this->EventBlacklist->find('first', array('conditions' => array('uuid' => $id)));
} else {
$eb = $this->EventBlacklist->find('first', array('conditions' => array('id' => $id)));
}
if (empty($eb)) throw new NotFoundException('Blacklist item not found.');
$this->set('eb', $eb);
if ($this->request->is('post')) {
if ($this->_isRest()) {
if ($this->response->type() === 'application/json') {
$isJson = true;
$data = $this->request->input('json_decode', true);
} else {
$data = $this->request->data;
}
if (isset($data['request'])) $data = $data['request'];
} else {
$data = $this->request->data;
}
$fields = array('comment', 'event_info', 'event_orgc');
foreach ($fields as $f) {
if (isset($data['EventBlacklist'][$f])) $eb['EventBlacklist'][$f] = $data['EventBlacklist'][$f];
}
if ($this->EventBlacklist->save($eb)) {
if ($this->_isRest()) {
$this->set('message', array('Blacklist item added.'));
$this->set('_serialize', array('message'));
} else {
$this->Session->setFlash(__('Blacklist item added.'));
$this->redirect(array('action' => 'index'));
}
} else {
if ($this->_isRest()) {
throw new MethodNotAllowedException('Could not save the blacklist item.');
} else {
$this->Session->setFlash('Could not save the blacklist item');
$this->redirect(array('action' => 'index'));
}
}
}
}
public function delete($id) {
if (strlen($id) == 36) {

52
app/Controller/EventsController.php
View File

@ -1739,7 +1739,7 @@ class EventsController extends AppController {
$simpleFalse = array('tags', 'eventid', 'withAttachment', 'from', 'to', 'last');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Event->dateFieldCheck($from);
if ($to) $to = $this->Event->dateFieldCheck($to);
@ -1819,7 +1819,7 @@ class EventsController extends AppController {
public function nids($format = 'suricata', $key = 'download', $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false) {
$simpleFalse = array('id', 'continue', 'tags', 'from', 'to', 'last');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Event->dateFieldCheck($from);
@ -1860,7 +1860,7 @@ class EventsController extends AppController {
public function hids($type, $key='download', $tags = false, $from = false, $to = false, $last = false) {
$simpleFalse = array('tags', 'from', 'to', 'last');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Event->dateFieldCheck($from);
if ($to) $to = $this->Event->dateFieldCheck($to);
@ -1895,7 +1895,7 @@ class EventsController extends AppController {
public function csv($key, $eventid=false, $ignore=false, $tags = false, $category=false, $type=false, $includeContext=false, $from=false, $to=false, $last = false) {
$simpleFalse = array('eventid', 'ignore', 'tags', 'category', 'type', 'includeContext', 'from', 'to', 'last');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Event->dateFieldCheck($from);
@ -2428,7 +2428,7 @@ class EventsController extends AppController {
$simpleFalse = array('value' , 'type', 'category', 'org', 'tags', 'searchall', 'from', 'to', 'last', 'eventid');
foreach ($simpleFalse as $sF) {
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF})) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Event->dateFieldCheck($from);
@ -2436,7 +2436,6 @@ class EventsController extends AppController {
if ($tags) $tags = str_replace(';', ':', $tags);
if ($last) $last = $this->Event->resolveTimeDelta($last);
if ($searchall === 'true') $searchall = "1";
$conditions['AND'] = array();
$subcondition = array();
$this->loadModel('Attribute');
@ -2458,12 +2457,15 @@ class EventsController extends AppController {
$subcondition['AND'][] = array('Attribute.value NOT LIKE' => $result);
}
} else {
if ($parameters[$k] === 'org') {
$subcondition['AND'][] = array('Event.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
} elseif ($parameters[$k] === 'eventid') {
$subcondition['AND'][] = array('Attribute.event_id !=' => substr($v, 1));
} else {
$subcondition['AND'][] = array('Attribute.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
$temp = substr($v, 1);
if (!empty($temp)) {
if ($parameters[$k] === 'org') {
$subcondition['AND'][] = array('Event.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
} elseif ($parameters[$k] === 'eventid') {
$subcondition['AND'][] = array('Attribute.event_id !=' => substr($v, 1));
} else {
$subcondition['AND'][] = array('Attribute.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
}
}
}
} else {
@ -2473,12 +2475,14 @@ class EventsController extends AppController {
$subcondition['OR'][] = array('Attribute.value LIKE' => $result);
}
} else {
if ($parameters[$k] === 'org') {
$subcondition['OR'][] = array('Event.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
} elseif ($parameters[$k] === 'eventid') {
$subcondition['OR'][] = array('Attribute.event_id' => $v);
} else {
$subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
if (!empty($v)) {
if ($parameters[$k] === 'org') {
$subcondition['OR'][] = array('Event.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
} elseif ($parameters[$k] === 'eventid') {
$subcondition['OR'][] = array('Attribute.event_id' => $v);
} else {
$subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
}
}
}
}
@ -2522,7 +2526,6 @@ class EventsController extends AppController {
if ($from) $conditions['AND'][] = array('Event.date >=' => $from);
if ($to) $conditions['AND'][] = array('Event.date <=' => $to);
if ($last) $conditions['AND'][] = array('Event.publish_timestamp >=' => $last);
$params = array(
'conditions' => $conditions,
'fields' => array('DISTINCT(Attribute.event_id)'),
@ -3029,7 +3032,7 @@ class EventsController extends AppController {
$simpleFalse = array('id', 'withAttachments', 'tags', 'from', 'to', 'last');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
}
if ($from) $from = $this->Event->dateFieldCheck($from);
if ($to) $to = $this->Event->dateFieldCheck($to);
@ -3300,7 +3303,7 @@ class EventsController extends AppController {
// check if the user has permission to create attributes for an event, if the event ID has been passed
// If not, create an event
if (isset($data['event_id']) && !empty($data['event_id']) && is_numeric($data['event_id'])) {
$conditons = array();
$conditions = array();
if (!$this->_isSiteAdmin()) {
$conditions = array('Event.orgc' => $this->Auth->user('org'));
if (!$this->userRole['perm_modify_org']) $conditions[] = array('Event.user_id' => $this->Auth->user('id'));
@ -3387,15 +3390,18 @@ class EventsController extends AppController {
if ($successCount > 0) {
$this->set('name', 'Partial success');
$this->set('message', 'Successfuly saved ' . $successCount . ' sample(s), but some samples could not be saved.');
$this->set('url', '/events/view/' . $data['event_id']);
$this->set('_serialize', array('name', 'message', 'url', 'errors'));
} else {
$this->set('name', 'Failed');
$this->set('message', 'Failed to save any of the supplied samples.');
$this->set('_serialize', array('name', 'message', 'errors'));
}
$this->set('_serialize', array('name', 'message', 'errors'));
} else {
$this->set('name', 'Success');
$this->set('message', 'Success, saved all attributes.');
$this->set('_serialize', array('name', 'message'));
$this->set('url', '/events/view/' . $data['event_id']);
$this->set('_serialize', array('name', 'message', 'url'));
}
$this->view($data['event_id']);
$this->render('view');

14
app/Controller/UsersController.php
View File

@ -563,14 +563,6 @@ class UsersController extends AppController {
if (!$this->Auth->user('termsaccepted')) {
$this->redirect(array('action' => 'terms'));
}
// News page
$newNewsdate = new DateTime("2012-03-27"); // TODO general, fixed odd date??
$newsdate = new DateTime($this->Auth->user('newsread'));
if ($newNewsdate > $newsdate) {
$this->redirect(array('action' => 'news'));
}
// Events list
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}
@ -737,12 +729,6 @@ class UsersController extends AppController {
return $this->response;
}
public function news() {
$this->User->id = $this->Auth->user('id');
$this->User->saveField('newsread', date("Y-m-d"));
$this->_refreshAuth(); // refresh auth info
}
public function extraLog($action = null, $description = null, $fieldsResult = null) { // TODO move audit to AuditsController?
// new data
$userId = $this->Auth->user('id');

110
app/Model/AppModel.php
View File

@ -45,4 +45,114 @@ class AppModel extends Model {
$this->name = get_class($this);
}
public function updateDatabase($command) {
$sql = '';
$model = 'Event';
$this->Log = ClassRegistry::init('Log');
switch ($command) {
case 'extendServerOrganizationLength':
$sql = 'ALTER TABLE `servers` MODIFY COLUMN `organization` varchar(255) NOT NULL;';
$model = 'Server';
break;
case 'convertLogFieldsToText':
$sql = 'ALTER TABLE `logs` MODIFY COLUMN `title` text, MODIFY COLUMN `change` text;';
$model= 'Log';
break;
case 'addEventBlacklists':
$sql = 'CREATE TABLE IF NOT EXISTS `event_blacklists` ( `id` int(11) NOT NULL AUTO_INCREMENT, `event_uuid` varchar(40) COLLATE utf8_bin NOT NULL, `created` datetime NOT NULL, PRIMARY KEY (`id`), `event_info` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, `comment` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, `event_orgc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin ;';
break;
case 'addEventBlacklistsContext':
$sql = 'ALTER TABLE `event_blacklists` ADD `event_orgc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL , ADD `event_info` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, ADD `comment` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL ;';
break;
case 'makeAttributeUUIDsUnique':
$this->__dropIndex('attributes', 'uuid');
$sql = 'ALTER TABLE `attributes` ADD UNIQUE (uuid);';
break;
case 'makeEventUUIDsUnique':
$this->__dropIndex('events', 'uuid');
$sql = 'ALTER TABLE `events` ADD UNIQUE (uuid);';
break;
default:
return false;
break;
}
$m = ClassRegistry::init($model);
try {
$m->query($sql);
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => 'Successfuly executed the SQL query for ' . $command,
'change' => 'The executed SQL query was: ' . $sql
));
} catch (Exception $e) {
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => 'Issues executing the SQL query for ' . $command,
'change' => 'The executed SQL query was: ' . $sql . PHP_EOL . ' The returned error is: ' . $e->getMessage()
));
}
$this->cleanCacheFiles();
return true;
}
private function __dropIndex($table, $field) {
$this->Log = ClassRegistry::init('Log');
$indexCheck = "SELECT INDEX_NAME FROM INFORMATION_SCHEMA.STATISTICS WHERE table_schema=DATABASE() AND table_name='" . $table . "' AND index_name LIKE '" . $field . "%'";
$indexCheckResult = $this->query($indexCheck);
foreach ($indexCheckResult as $icr) {
$dropIndex = 'ALTER TABLE ' . $table . ' DROP INDEX ' . $icr['STATISTICS']['INDEX_NAME'];
$result = true;
try {
$this->query($dropIndex);
} catch (Exception $e) {
$result = false;
}
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => ($result ? 'Removed index ' : 'Failed to remove index ') . $icr['STATISTICS']['INDEX_NAME'] . ' from ' . $table,
'change' => ($result ? 'Removed index ' : 'Failed to remove index ') . $icr['STATISTICS']['INDEX_NAME'] . ' from ' . $table,
));
}
}
public function cleanCacheFiles() {
$directories = array(APP . '/tmp/cache/models', APP . '/tmp/cache/persistent');
foreach ($directories as $directory) {
$dir = new Folder($directory);
$files = $dir->find('myapp.*');
foreach ($files as $file) {
$file = new File($dir->path . DS . $file);
$file->delete();
$file->close();
}
}
}
public function checkMISPVersion() {
App::uses('Folder', 'Utility');
$file = new File (ROOT . DS . 'VERSION.json', true);
$version_array = json_decode($file->read(), true);
$file->close();
return $version_array;
}
}

21
app/Model/Attribute.php
View File

@ -553,21 +553,24 @@ class Attribute extends AppModel {
switch($type) {
case 'md5':
if (preg_match("#^[0-9a-f]{32}$#", $value)) {
$returnValue = true;
if ($value === 'd41d8cd98f00b204e9800998ecf8427e') $returnValue = 'The supplied hash indicates an empty file.';
else $returnValue = true;
} else {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
break;
case 'sha1':
if (preg_match("#^[0-9a-f]{40}$#", $value)) {
$returnValue = true;
if ($value === 'da39a3ee5e6b4b0d3255bfef95601890afd80709') $returnValue = 'The supplied hash indicates an empty file.';
else $returnValue = true;
} else {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
break;
case 'sha256':
if (preg_match("#^[0-9a-f]{64}$#", $value)) {
$returnValue = true;
if ($value === 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855') $returnValue = 'The supplied hash indicates an empty file.';
else $returnValue = true;
} else {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
@ -588,7 +591,9 @@ class Attribute extends AppModel {
case 'filename|md5':
// no newline
if (preg_match("#^.+\|[0-9a-f]{32}$#", $value)) {
$returnValue = true;
$parts = explode('|', $value);
if ($parts[1] === 'd41d8cd98f00b204e9800998ecf8427e') $returnValue = 'The supplied hash indicates an empty file.';
else $returnValue = true;
} else {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
@ -596,7 +601,9 @@ class Attribute extends AppModel {
case 'filename|sha1':
// no newline
if (preg_match("#^.+\|[0-9a-f]{40}$#", $value)) {
$returnValue = true;
$parts = explode('|', $value);
if ($parts[1] === 'da39a3ee5e6b4b0d3255bfef95601890afd80709') $returnValue = 'The supplied hash indicates an empty file.';
else $returnValue = true;
} else {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}
@ -604,7 +611,9 @@ class Attribute extends AppModel {
case 'filename|sha256':
// no newline
if (preg_match("#^.+\|[0-9a-f]{64}$#", $value)) {
$returnValue = true;
$parts = explode('|', $value);
if ($parts[1] === 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855') $returnValue = 'The supplied hash indicates an empty file.';
else $returnValue = true;
} else {
$returnValue = 'Checksum has invalid length or format. Please double check the value or select "other" for a type.';
}

27
app/Model/Event.php
View File

@ -330,14 +330,9 @@ class Event extends AppModel {
public function beforeDelete($cascade = true) {
// blacklist the event UUID if the feature is enabled
if (Configure::read('MISP.enableEventBlacklisting')) {
$event = $this->find('first', array(
'recursive' => -1,
'fields' => array('uuid'),
'conditions' => array('id' => $this->id),
));
$this->EventBlacklist = ClassRegistry::init('EventBlacklist');
$this->EventBlacklist->create();
$this->EventBlacklist->save(array('event_uuid' => $this->data['Event']['uuid']));
$this->EventBlacklist->save(array('event_uuid' => $this->data['Event']['uuid'], 'event_info' => $this->data['Event']['info'], 'event_orgc' => $this->data['Event']['orgc']));
}
// delete all of the event->tag combinations that involve the deleted event
@ -797,19 +792,21 @@ class Event extends AppModel {
}
$eventIds = array();
if ($all) {
foreach ($eventArray['response']['Event'] as $event) {
if (isset($eventArray['response']['Event']) && !empty($eventArray['response']['Event'])) foreach ($eventArray['response']['Event'] as $event) {
$eventIds[] = $event['uuid'];
}
} else {
// multiple events, iterate over the array
foreach ($eventArray['response']['Event'] as &$event) {
if (1 != $event['published']) {
continue; // do not keep non-published events
}
// get rid of events that are the same timestamp as ours or older, we don't want to transfer the attributes for those
// The event's timestamp also matches the newest attribute timestamp by default
if ($this->checkIfNewer($event)) {
$eventIds[] = $event['id'];
if (isset($eventArray['response']['Event']) && !empty($eventArray['response']['Event'])) {
foreach ($eventArray['response']['Event'] as &$event) {
if (1 != $event['published']) {
continue; // do not keep non-published events
}
// get rid of events that are the same timestamp as ours or older, we don't want to transfer the attributes for those
// The event's timestamp also matches the newest attribute timestamp by default
if ($this->checkIfNewer($event)) {
$eventIds[] = $event['id'];
}
}
}
}

2
app/Model/EventBlacklist.php
View File

@ -22,6 +22,8 @@ class EventBlacklist extends AppModel{
public function beforeValidate($options = array()) {
parent::beforeValidate();
$schema = $this->schema();
if (!isset($schema['event_info'])) $this->updateDatabase('addEventBlacklistsContext');
$date = date('Y-m-d H:i:s');
if (empty($this->data['EventBlacklist']['id'])) {
$this->data['EventBlacklist']['date_created'] = $date;

114
app/Model/Server.php
View File

@ -1329,11 +1329,12 @@ class Server extends AppModel {
}
public function eventBlacklistingBeforeHook($setting, $value) {
$this->__cleanCacheFiles();
$this->cleanCacheFiles();
if ($value) {
try {
$this->EventBlacklist = ClassRegistry::init('EventBlacklist');
$this->EventBlacklist->schema();
$schema = $this->EventBlacklist->schema();
if (!isset($schema['event_info'])) $this->updateDatabase('addEventBlacklistsContext');
} catch (Exception $e) {
$this->updateDatabase('addEventBlacklists');
}
@ -1357,13 +1358,10 @@ class Server extends AppModel {
}
public function checkVersion($newest) {
App::uses('Folder', 'Utility');
$file = new File (ROOT . DS . 'VERSION.json', true);
$version_array = json_decode($file->read());
$file->close();
$current = 'v' . $version_array->major . '.' . $version_array->minor . '.' . $version_array->hotfix;
$version_array = $this->checkMISPVersion();
$current = 'v' . $version_array['major'] . '.' . $version_array['minor'] . '.' . $version_array['hotfix'];
$newest_array = $this->__dissectVersion($newest);
$upToDate = $this->__compareVersions(array($version_array->major, $version_array->minor, $version_array->hotfix), $newest_array, 0);
$upToDate = $this->__compareVersions(array($version_array['major'], $version_array['minor'], $version_array['hotfix']), $newest_array, 0);
return array ('current' => $current, 'newest' => $newest, 'upToDate' => $upToDate);
}
@ -1642,7 +1640,7 @@ class Server extends AppModel {
$workers = $this->ResqueStatus->getWorkers();
$this->Log = ClassRegistry::init('Log');
$currentUser = get_current_user();
foreach ($workers as $pid => $worker) {
foreach ($workers as $pid => $worker) {
if (!is_numeric($pid)) throw new MethodNotAllowedException('Non numeric PID found!');
$pidTest = substr_count(trim(shell_exec('ps -p ' . $pid)), PHP_EOL) > 0 ? true : false;
if ($worker['user'] == $currentUser && !$pidTest) {
@ -1661,102 +1659,4 @@ class Server extends AppModel {
}
}
}
private function __dropIndex($table, $field) {
$this->Log = ClassRegistry::init('Log');
$indexCheck = "SELECT INDEX_NAME FROM INFORMATION_SCHEMA.STATISTICS WHERE table_schema=DATABASE() AND table_name='" . $table . "' AND index_name LIKE '" . $field . "%'";
$indexCheckResult = $this->query($indexCheck);
foreach ($indexCheckResult as $icr) {
$dropIndex = 'ALTER TABLE ' . $table . ' DROP INDEX ' . $icr['STATISTICS']['INDEX_NAME'];
$result = true;
try {
$this->query($dropIndex);
} catch (Exception $e) {
$result = false;
}
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => ($result ? 'Removed index ' : 'Failed to remove index ') . $icr['STATISTICS']['INDEX_NAME'] . ' from ' . $table,
'change' => ($result ? 'Removed index ' : 'Failed to remove index ') . $icr['STATISTICS']['INDEX_NAME'] . ' from ' . $table,
));
}
}
public function updateDatabase($command) {
$sql = '';
$model = 'Event';
$this->Log = ClassRegistry::init('Log');
switch ($command) {
case 'extendServerOrganizationLength':
$sql = 'ALTER TABLE `servers` MODIFY COLUMN `organization` varchar(255) NOT NULL;';
$model = 'Server';
break;
case 'convertLogFieldsToText':
$sql = 'ALTER TABLE `logs` MODIFY COLUMN `title` text, MODIFY COLUMN `change` text;';
$model= 'Log';
break;
case 'addEventBlacklists':
$sql = 'CREATE TABLE IF NOT EXISTS `event_blacklists` ( `id` int(11) NOT NULL AUTO_INCREMENT, `event_uuid` varchar(40) COLLATE utf8_bin NOT NULL, `created` datetime NOT NULL, PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin ;';
break;
case 'makeAttributeUUIDsUnique':
$this->__dropIndex('attributes', 'uuid');
$sql = 'ALTER TABLE `attributes` ADD UNIQUE (uuid);';
break;
case 'makeEventUUIDsUnique':
$this->__dropIndex('events', 'uuid');
$sql = 'ALTER TABLE `events` ADD UNIQUE (uuid);';
break;
default:
$this->Session->setFlash('Invalid command.');
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
break;
}
$m = ClassRegistry::init($model);
try {
$m->query($sql);
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => 'Successfuly executed the SQL query for ' . $command,
'change' => 'The executed SQL query was: ' . $sql
));
} catch (Exception $e) {
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Server',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'update_database',
'user_id' => 0,
'title' => 'Issues executing the SQL query for ' . $command,
'change' => 'The executed SQL query was: ' . $sql . PHP_EOL . ' The returned error is: ' . $e->getMessage()
));
}
$this->__cleanCacheFiles();
}
private function __cleanCacheFiles() {
$directories = array(APP . '/tmp/cache/models', APP . '/tmp/cache/persistent');
foreach ($directories as $directory) {
$dir = new Folder($directory);
$files = $dir->find('myapp.*');
foreach ($files as $file) {
$file = new File($dir->path . DS . $file);
$file->delete();
$file->close();
}
}
}
}

1
app/View/Elements/global_menu.ctp
View File

@ -70,7 +70,6 @@
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="/users/news">News</a></li>
<li><a href="/users/view/me">My Profile</a></li>
<li><a href="/users/memberslist">Members List</a></li>
<li><a href="/roles/index">Role Permissions</a></li>

1
app/View/Elements/side_menu.ctp
View File

@ -107,7 +107,6 @@
<li <?php if ($menuItem === 'edit') echo 'class="active"';?>><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
<li class="divider"></li>
<?php endif; ?>
<li <?php if ($menuItem === 'news') echo 'class="active"';?>><a href="/users/news">News</a></li>
<li <?php if ($menuItem === 'view') echo 'class="active"';?>><a href="/users/view/me">My Profile</a></li>
<li <?php if ($menuItem === 'members') echo 'class="active"';?>><a href="/users/memberslist">Members List</a></li>
<li <?php if ($menuItem === 'roles') echo 'class="active"';?>><a href="/roles/index">Role Permissions</a></li>

22
app/View/EventBlacklists/add.ctp
View File

@ -7,7 +7,27 @@
echo $this->Form->input('uuids', array(
'type' => 'textarea',
'div' => 'input clear',
'class' => 'input-xxlarge'
'class' => 'input-xxlarge',
'placeholder' => 'Enter a single or a list of UUIDs'
));
echo $this->Form->input('event_orgc', array(
'div' => 'input clear',
'class' => 'input-xxlarge',
'label' => 'Creating organisation',
'placeholder' => '(Optional) The organisation that the event is associated with'
));
echo $this->Form->input('event_info', array(
'type' => 'textarea',
'div' => 'input clear',
'class' => 'input-xxlarge',
'label' => 'Event info',
'placeholder' => '(Optional) the event info of the event that you would like to block. It\'s best to leave this empty if you are adding a list of UUIDs.'
));
echo $this->Form->input('comment', array(
'type' => 'textarea',
'div' => 'input clear',
'class' => 'input-xxlarge',
'placeholder' => '(Optional) Any comments you would like to add regarding this (or these) entries.'
));
?>
</fieldset>

35
app/View/EventBlacklists/edit.ctp Normal file
View File

@ -0,0 +1,35 @@
<div class="eventBlacklist form">
<?php echo $this->Form->create('EventBlacklist');?>
<fieldset>
<legend>Add Event Blacklist Entries</legend>
<p>Simply paste a list of all the event UUIDs that you wish to block from being entered.</p>
<?php
echo $this->Form->input('event_orgc', array(
'div' => 'input clear',
'class' => 'input-xxlarge',
'label' => 'Creating organisation',
'default' => $eb['EventBlacklist']['event_orgc'],
));
echo $this->Form->input('event_info', array(
'type' => 'textarea',
'div' => 'input clear',
'class' => 'input-xxlarge',
'label' => 'Event info',
'default' => $eb['EventBlacklist']['event_info'],
));
echo $this->Form->input('comment', array(
'type' => 'textarea',
'div' => 'input clear',
'class' => 'input-xxlarge',
'default' => $eb['EventBlacklist']['comment'],
));
?>
</fieldset>
<?php
echo $this->Form->button('Add', array('class' => 'btn btn-primary'));
echo $this->Form->end();
?>
</div>
<?php
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'eventBlacklistsAdd'));
?>

9
app/View/EventBlacklists/index.ctp
View File

@ -19,17 +19,24 @@
<table class="table table-striped table-hover table-condensed">
<tr>
<th><?php echo $this->Paginator->sort('id');?></th>
<th><?php echo $this->Paginator->sort('org');?></th>
<th><?php echo $this->Paginator->sort('event_uuid');?></th>
<th><?php echo $this->Paginator->sort('created');?></th>
<th><?php echo $this->Paginator->sort('event_info');?></th>
<th><?php echo $this->Paginator->sort('comment');?></th>
<th class="actions"><?php echo __('Actions');?></th>
</tr><?php
foreach ($response as $item): ?>
<tr>
<td class="short"><?php echo h($item['EventBlacklist']['id']); ?>&nbsp;</td>
<td class="short"><?php echo (isset($item['EventBlacklist']['event_orgc']) ? h($item['EventBlacklist']['event_orgc']) : '&nbsp;'); ?></td>
<td class="short"><?php echo h($item['EventBlacklist']['event_uuid']); ?>&nbsp;</td>
<td><?php echo h($item['EventBlacklist']['created']); ?>&nbsp;</td>
<td class="short"><?php echo (isset($item['EventBlacklist']['event_info']) ? h($item['EventBlacklist']['event_info']) : '&nbsp;'); ?></td>
<td class="short"><?php echo (isset($item['EventBlacklist']['comment']) ? h($item['EventBlacklist']['comment']) : '&nbsp;'); ?></td>
<td class="short action-links">
<?php echo $this->Form->postLink('', array('action' => 'delete', $item['EventBlacklist']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete the blacklist entry for the event UUID %s?', $item['EventBlacklist']['event_uuid'])); ?>
<a href="/eventBlacklists/edit/<?php echo h($item['EventBlacklist']['id']); ?>"><span class="icon-edit" title="edit">&nbsp;</span></a>
<?php echo $this->Form->postLink('', array('action' => 'delete', h($item['EventBlacklist']['id'])), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete the blacklist entry for the event UUID %s?', h($item['EventBlacklist']['event_uuid']))); ?>
</td>
</tr><?php
endforeach; ?>

1
app/View/Pages/administration.ctp
View File

@ -20,6 +20,7 @@ if (!$isSiteAdmin) exit();
<li><a href="/servers/updateDatabase/convertLogFieldsToText">Convert log fields to text</a> (Hotfix 2.3.78: Some of the log fields that were varchar(255) ended up truncating the data. This function will change them to "text")</li>
<li><a href="/servers/pruneDuplicateUUIDs">Fix duplicate UUIDs</a> (Hotfix 2.3.107: it was previously possible to get duplicate attribute UUIDs in the database, this script will remove all duplicates and ensure that duplicates will not be entered into the database in the future.)</li>
<li><a href="/servers/removeDuplicateEvents">Remove dupicate events (with the same UUID)</a> (Hotfix 2.3.115: In some rare situations it could occur that a duplicate of an event was created on an instance, with the exact same uuid. This action will remove any such duplicates and make sure that this cannot happen again.)</li>
<li><a href="/attributes/pruneOrphanedAttributes">Prune orphaned attributes</a> (In some rare occasions it can happen that you end up with some attributes in your database that do not belong to an event - for example during a race condition between an event insert and a delete. This tool will collect and delete any such orphaned attributes. If you ever run into an issue where you cannot add an attribute with a specific valid value, this is probably the reason.)</li>
</ul>
</div>
<?php

79
app/View/Users/news.ctp
View File

@ -1,79 +0,0 @@
<div class="news view">
<h2>News</h2>
<h3>June 2012</h3>
<p><b>Audit</b><br>
There is now log on every login, logout, addition, change and deletion.</p>
<p><b>Access Control granulation</b><br>
There is Access Control, an user must be bound to a users-role,<br>
so we are able to grant global add, modify and publish rights.</p>
<h3>April 2012</h3>
<p><b>REST API (output)</b><br>
From now on you can use the REST API that uses this XML export. For more information check out the export page.<br>
If you want to play with it manually, just add <code>.xml</code> to any url <small>(events or attributes)</small> and you should see the page rendered in XML.</p>
<h3>March 2012</h3>
<p><b>Printing</b><br>
A special CSS exists now to give a better layout when printing pages.
All the pages should now look a lot better on paper.</p>
<p><b>File upload</b><br>
Andrzej Dereszowski (NCIRC) added the file-uploading functionality. Malware samples are password protected with the password <em>infected</em>.</p>
<p><b>Backend rewrite + security</b><br>
Complete rewrite of the backend code to migrate to CakePHP 2.x (from CakePHP 1.3). <br>
During this rewrite the code was cleaned up, CSRF protection should now be present on all the important actions.<br>
Password strength validation and better security has been implemented.<br>
Signatures are now known as Attributes.<br>
Many known bugs have been fixed.</p>
<h3>March 2012</h3>
<p><b>Terms and News</b><br>
Terms and conditions have been enabled. You should only see this page once.<br>
When new software updates of MISP are installed you will see the news page.</p>
<h3>February 2012</h3>
<p><b>Automation</b><br>
It is now possible to batch import attributes. To do this simply check the
<em>batch import</em> box and insert one attribute per line in the value field.</p>
<p><b>Network IDS</b><br>
You can now customize your <em>NIDS start SID</em> in your profile.<br>
Using this feature you can choose your own range of SID and avoid any conflict with your IDS solution.</p>
<p><b>Members statistics</b><br>
On the members list page you can now see how many attributes, of what type have been uploaded by what organisation.</p>
<p><b>Text based Export</b><br>
Text based export for all the attribute types.</p>
<h3>January 2012</h3>
<p><b>Related Events</b><br>
When two Events have at least one common attribute a link is automatically made between these two events.<br>
This way you can quickly see the relations and look at the other events that might be of interest to you.</p>
<p><b>Minor UI improvements</b><br>
Fonts are smaller and the screen is better used, and the event ID is shown again.</p>
<p><b>Contact Reporter</b><br>
You can add a custom message when you want to contact the reporter of the event.<br>
This way you can already ask questions, or propose an alternative way to communicate about the event.</p>
<p><b>Privacy Improvements</b><br>
First of all, the organisation name of the reporter is not shown anymore in the events list, details of the event, and exports.<br>
Using the members list button you can see a list of the organisations and the number of members registered on the platform.</p>
<p><b>Security Improvements</b><br>
XSRF protection has been added on some (but not yet all) pages.<br>
You can now reset your authentication key (key for automatic exports) if it is compromised.<br>
The authkey generation algorithm has also been improved.</p>
<p><b>Network IDS Export</b><br>
A bug in the DNS attributes has been corrected.</p>
</div>
<?php
echo $this->element('side_menu', array('menuList' => 'globalActions', 'menuItem' => 'news'));
?>