Merge branch 'hotfix-2.3.143' into develop

AUTHORS

@@ -1,28 +1,49 @@
+Developers
+----------
 
-Developers:
-	Christophe Vandeplas <christophe@vandeplas.com> (creator)
-	Andras Iklody <andras.iklody@gmail.com> (main developer)
-	Andrzej Dereszowski <deresz@gmail.com>
-	
+* Christophe Vandeplas <christophe@vandeplas.com> (original author)
+* Andras Iklody <andras.iklody@gmail.com> (lead developer)
 
-Contributions from:  (incomplete list, contact us to add your name)
-	CERT-EU  http://cert.europa.eu/
-	CIRCL    http://circl.lu
+Contributors
+------------
 
-Copyright Christophe Vandeplas 
-Copyright Belgian Defence
-Copyright NATO / NCIRC
-Copyright Andras Iklody
+Aaron Kaplan
+Alexander J
+Alexandre Dulaunoy
+Alexandru Ciobanu
+Andras Iklody
+Andrzej Dereszowski
+Bâkır Emre
+Chris Clark
+Christophe Vandeplas
+David André
+Guilherme Capilé
+Gábor Molnár
+Iglocska
+Koen Van Impe
+L. Aaron Kaplan
+Noud de Brouwer
+Raphaël Vinot
+Richard van den Berg
+nullprobe
+remg427
 
-This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
+Copyright (C) 2012 Christophe Vandeplas
+Copyright (C) 2012 Belgian Defence
+Copyright (C) 2012 NATO / NCIRC
+Copyright (C) 2013-2015 Andras Iklody
+Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg
+
+MISP is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
 
 
-A little bit of history:
+History
+=======
 
 This project started around June 2011 when Christophe Vandeplas had a frustration that way to many IOCs were shared by email, or in pdf documents and were not parseable by automatic machines. So at home he started to play around with CakePHP and made a proof of concept of his idea. He called it CyDefSIG: Cyber Defence Signatures.
 
 Mid July 2011 he presented his personal project at work (Belgian Defence) where the feedback was rather positive. After giving access to CyDefSIG running on his personal server the Belgian Defence started to use CyDefSIG officially starting mid August 2011.
-Christophe was then allowed to spend some time on CyDefSIG during his work-hours, while still working on it at home. 
+Christophe was then allowed to spend some time on CyDefSIG during his work-hours, while still working on it at home.
 
 At some point NATO heard about this project. On January 2012 a first presentation was done to introduce them in more depth to the project. They looked at other products that the marked offered, but it seemed they deemed the openness of CyDefSIG to be of a great advantage. Andrzej Dereszowski was the first part-time developer from NATO side.
 
@@ -31,9 +52,9 @@ As with many personal projects the license was not explicitely written yet, it w
 
 The project was then renamed to MISP: Malware Information Sharing Project, a name invented by Alex Vandurme from NATO.
 
-In January 2013 Andras Iklody became the main full-time developer of MISP, during the day hired by NATO and during the evening and week-end contributor to an open source project. 
+In January 2013 Andras Iklody became the main full-time developer of MISP, during the day hired by NATO and during the evening and week-end contributor to an open source project.
 
 Meanwhile other organisations started to adopt the software and promoted it around the CERT world.  (CERT-EU, CIRCL, and many others ...)
 
-...
+Nowadays, Andras Iklody is the lead developer of the MISP project and works for CIRCL.
 

INSTALL/logos/diagram/misp-database-01.svg

@@ -27,14 +27,7 @@
      id="metadata346"><rdf:RDF><cc:Work
          rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Database</dc:title><cc:license
-           rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/" /><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator></cc:Work><cc:License
-         rdf:about="http://creativecommons.org/licenses/by-sa/3.0/"><cc:permits
-           rdf:resource="http://creativecommons.org/ns#Reproduction" /><cc:permits
-           rdf:resource="http://creativecommons.org/ns#Distribution" /><cc:requires
-           rdf:resource="http://creativecommons.org/ns#Notice" /><cc:requires
-           rdf:resource="http://creativecommons.org/ns#Attribution" /><cc:permits
-           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" /><cc:requires
-           rdf:resource="http://creativecommons.org/ns#ShareAlike" /></cc:License></rdf:RDF></metadata><defs
+           rdf:resource="http://www.gnu.org/licenses/agpl-3.0.en.html" /><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator></cc:Work></rdf:RDF></metadata><defs
      id="defs344"><inkscape:perspective
        sodipodi:type="inkscape:persp3d"
        inkscape:vp_x="0 : 269.8 : 1"
@@ -147,11 +140,11 @@
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
      inkscape:window-width="1503"
-     inkscape:window-height="1314"
+     inkscape:window-height="848"
      id="namedview342"
      showgrid="false"
      inkscape:zoom="1.7582312"
-     inkscape:cx="308.17494"
+     inkscape:cx="208.64309"
      inkscape:cy="269.8"
      inkscape:window-x="65"
      inkscape:window-y="24"

INSTALL/logos/diagram/misp-flows.svg

@@ -27,14 +27,7 @@
      id="metadata264"><rdf:RDF><cc:Work
          rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Community overview</dc:title><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator><cc:license
-           rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/" /></cc:Work><cc:License
-         rdf:about="http://creativecommons.org/licenses/by-sa/3.0/"><cc:permits
-           rdf:resource="http://creativecommons.org/ns#Reproduction" /><cc:permits
-           rdf:resource="http://creativecommons.org/ns#Distribution" /><cc:requires
-           rdf:resource="http://creativecommons.org/ns#Notice" /><cc:requires
-           rdf:resource="http://creativecommons.org/ns#Attribution" /><cc:permits
-           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" /><cc:requires
-           rdf:resource="http://creativecommons.org/ns#ShareAlike" /></cc:License></rdf:RDF></metadata><defs
+           rdf:resource="http://www.gnu.org/licenses/agpl-3.0.en.html" /></cc:Work></rdf:RDF></metadata><defs
      id="defs262" /><sodipodi:namedview
      pagecolor="#ffffff"
      bordercolor="#666666"
@@ -44,14 +37,14 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="2495"
-     inkscape:window-height="1416"
+     inkscape:window-width="1600"
+     inkscape:window-height="876"
      id="namedview260"
      showgrid="false"
      inkscape:zoom="2.0149341"
-     inkscape:cx="291.40203"
+     inkscape:cx="204.55055"
      inkscape:cy="281.43763"
-     inkscape:window-x="65"
+     inkscape:window-x="0"
      inkscape:window-y="24"
      inkscape:window-maximized="1"
      inkscape:current-layer="svg2" /><g

README.md

@@ -54,4 +54,10 @@ License
 
 This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
 
-Copyright (c) 2012, 2013 Christophe Vandeplas, Belgian Defence, NATO / NCIRC.
+* Copyright (C) 2012 Christophe Vandeplas
+* Copyright (C) 2012 Belgian Defence
+* Copyright (C) 2012 NATO / NCIRC
+* Copyright (C) 2013-2015 Andras Iklody
+* Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg
+
+For more information, [the list of authors and contributors](AUTHORS) is available.

VERSION.json

@@ -1 +1 @@
-{"major":2, "minor":3, "hotfix":142}
+{"major":2, "minor":3, "hotfix":143}

app/Lib/Tools/BitCoinTool.php

@@ -0,0 +1,44 @@
+<?php
+// based on the php implementation of the BTC address validation example from 
+// http://rosettacode.org/wiki/Bitcoin/address_validation
+class BitCoinTool {
+	function validate($address){
+		$decoded = $this->decodeBase58($address);
+		if ($decoded === false) return false;
+		
+		$d1 = hash("sha256", substr($decoded,0,21), true);
+		$d2 = hash("sha256", $d1, true);
+	
+		if(substr_compare($decoded, $d2, 21, 4)){
+			return false;
+		}
+		return true;
+	}
+	function decodeBase58($input) {
+		$alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+	
+		$out = array_fill(0, 25, 0);
+		for($i=0;$i<strlen($input);$i++){
+			if(($p=strpos($alphabet, $input[$i]))===false){
+				return false;
+			}
+			$c = $p;
+			for ($j = 25; $j--; ) {
+				$c += (int)(58 * $out[$j]);
+				$out[$j] = (int)($c % 256);
+				$c /= 256;
+				$c = (int)$c;
+			}
+			if($c != 0){
+				return false;
+			}
+		}
+	
+		$result = "";
+		foreach($out as $val){
+			$result .= chr($val);
+		}
+	
+		return $result;
+	}
+}

app/Lib/Tools/JSONConverterTool.php

@@ -4,7 +4,8 @@ class JSONConverterTool {
 		$event['Event']['Attribute'] = $event['Attribute'];
 		$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
 		$event['Event']['RelatedEvent'] = $event['RelatedEvent'];
-		
+		if (isset($event['RelatedAttribute'])) $event['Event']['RelatedAttribute'] = $event['RelatedAttribute'];
+		else $event['Event']['RelatedAttribute'] = array();
 		//
 		// cleanup the array from things we do not want to expose
 		//
@@ -22,9 +23,11 @@ class JSONConverterTool {
 				unset($event['Event']['Attribute'][$key]['value1']);
 				unset($event['Event']['Attribute'][$key]['value2']);
 				unset($event['Event']['Attribute'][$key]['category_order']);
+				if (isset($event['Event']['RelatedAttribute'][$value['id']])) $event['Event']['Attribute'][$key]['RelatedAttribute'] = $event['Event']['RelatedAttribute'][$value['id']];
 			}
 		}
-
+		unset($event['Event']['RelatedAttribute']);
+		
 		if (isset($event['Event']['RelatedEvent'])) {
 			foreach ($event['Event']['RelatedEvent'] as $key => $value) {
 				$temp = $value['Event'];

app/Lib/Tools/XMLConverterTool.php

@@ -31,6 +31,14 @@ class XMLConverterTool {
 		if (isset($event['RelatedEvent'])) $event['Event']['RelatedEvent'] = $event['RelatedEvent'];
 		$event['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['info']);
 		$event['Event']['info'] = str_replace($toEscape, $escapeWith, $event['Event']['info']);
+		if (isset($event['RelatedAttribute'])) $event['Event']['RelatedAttribute'] = $event['RelatedAttribute'];
+		else $event['Event']['RelatedAttribute'] = array();
+		foreach ($event['Event']['RelatedAttribute'] as &$attribute_w_relation) {
+			foreach ($attribute_w_relation as $relation) {
+				$relation['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $relation['info']);
+				$relation['info'] =  str_replace($toEscape, $escapeWith, $relation['info']);
+			}
+		}
 		
 		//
 		// cleanup the array from things we do not want to expose
@@ -53,6 +61,7 @@ class XMLConverterTool {
 				unset($event['Event']['Attribute'][$key]['value1']);
 				unset($event['Event']['Attribute'][$key]['value2']);
 				unset($event['Event']['Attribute'][$key]['category_order']);
+				if (isset($event['Event']['RelatedAttribute'][$value['id']])) $event['Event']['Attribute'][$key]['RelatedAttribute'] = $event['Event']['RelatedAttribute'][$value['id']];
 				if (isset($event['Event']['Attribute'][$key]['ShadowAttribute'])) {
 					foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
 						$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
@@ -63,6 +72,7 @@ class XMLConverterTool {
 				}
 			}
 		}
+		unset($event['Event']['RelatedAttribute']);
 		
 		if (isset($event['Event']['ShadowAttribute'])) {
 			// remove invalid utf8 characters for the xml parser