Contextual comments

- Attributes now have a comment field
2013-10-30 16:00:46 +01:00 · 2013-10-30 16:00:46 +01:00 · d7b4c28552
parent 088842ad18
commit d7b4c28552
12 changed files with 54 additions and 19 deletions
--- a/INSTALL/upgrade_2.2.sql
+++ b/INSTALL/upgrade_2.2.sql
@ -25,3 +25,4 @@ CREATE TABLE IF NOT EXISTS `posts` (
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB  DEFAULT CHARSET=latin1 ;

+ALTER TABLE  `attributes` ADD  `comment` TEXT CHARACTER SET utf8 COLLATE utf8_bin NOT NULL;
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@ -402,12 +402,12 @@ class AttributesController extends AppController {
 				$temp['Attribute']['type'] = 'filename|sha256';
 				$temp['Attribute']['value'] = $filename . '|' .$sha256;
 				$temp['Attribute']['uuid'] = String::uuid();
-				$this->Attribute->save($temp, array('fieldlist' => array('value', 'type', 'category', 'event_id', 'distribution', 'to_ids')));
+				$this->Attribute->save($temp, array('fieldlist' => array('value', 'type', 'category', 'event_id', 'distribution', 'to_ids', 'comment')));
 				$this->Attribute->create();
 				$temp['Attribute']['type'] = 'filename|sha1';
 				$temp['Attribute']['value'] = $filename . '|' .$sha1;
 				$temp['Attribute']['uuid'] = String::uuid();
-				$this->Attribute->save($temp, array('fieldlist' => array('value', 'type', 'category', 'event_id', 'distribution', 'to_ids')));
+				$this->Attribute->save($temp, array('fieldlist' => array('value', 'type', 'category', 'event_id', 'distribution', 'to_ids', 'comment')));
 			}


@ -689,7 +689,7 @@ class AttributesController extends AppController {
 			} else {
 				$this->request->data['Attribute']['timestamp'] = $date->getTimestamp();
 			}
-			$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'distribution', 'value', 'timestamp');
+			$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'distribution', 'value', 'timestamp', 'comment');

 			$this->loadModel('Event');
 			$this->Event->id = $eventId;
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -1480,7 +1480,7 @@ class EventsController extends AppController {

 		// do not expose all the data ...
 		$fields = array('Event.id', 'Event.org', 'Event.date', 'Event.risk', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.orgc', 'Event.user_id', 'Event.locked');
-		$fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp');
+		$fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp', 'Attribute.comment');
 		$fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id');

 		$params = array('conditions' => $conditions,
--- a/app/Controller/PostsController.php
+++ b/app/Controller/PostsController.php
@ -134,7 +134,6 @@ class PostsController extends AppController {
 				$this->Thread->save();
 			}
 			
-			
 			// Time to create our post! 
 			$this->Post->create();
 			$newPost = array(
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -136,7 +136,7 @@ class Attribute extends AppModel {
 					),
 			'Antivirus detection' => array(
 					'desc' => 'All the info about how the malware is detected by the antivirus products',
-					'formdesc' => 'List of anti-virus vendors detecting the malware or information on detection performance (e.g. 13/43 or 67%).<br/>Attachment with list of detection or link to VirusTotal could be placed here as well.',
+					'formdesc' => 'List of anti-virus vendors detecting the malware or information on detection performance (e.g. 13/43 or 67%). Attachment with list of detection or link to VirusTotal could be placed here as well.',
 					'types' => array('link', 'comment', 'text', 'attachment', 'other')
 					),
 			'Payload delivery' => array(
@ -150,12 +150,12 @@ class Attribute extends AppModel {
 					),
 			'Payload installation' => array(
 					'desc' => 'Info on where the malware gets installed in the system',
-					'formdesc' => 'Location where the payload was placed in the system and the way it was installed.<br/>For example, a filename|md5 type attribute can be added here like this:<br/>c:\\windows\\system32\\malicious.exe|41d8cd98f00b204e9800998ecf8427e.',
+					'formdesc' => 'Location where the payload was placed in the system and the way it was installed. For example, a filename|md5 type attribute can be added here like this: c:\\windows\\system32\\malicious.exe|41d8cd98f00b204e9800998ecf8427e.',
 					'types' => array('md5', 'sha1', 'sha256', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'yara', 'vulnerability', 'attachment', 'malware-sample', 'comment', 'text', 'other')
 					),
 			'Persistence mechanism' => array(
 					'desc' => 'Mechanisms used by the malware to start at boot',
-					'formdesc' => 'Mechanisms used by the malware to start at boot.<br/>This could be a registry key, legitimate driver modification, LNK file in startup',
+					'formdesc' => 'Mechanisms used by the malware to start at boot. This could be a registry key, legitimate driver modification, LNK file in startup',
 					'types' => array('filename', 'regkey', 'regkey|value', 'comment', 'text', 'other')
 					),
 			'Network activity' => array(
@ -164,7 +164,7 @@ class Attribute extends AppModel {
 					),
 			'Payload type' => array(
 					'desc' => 'Information about the final payload(s)',
-					'formdesc' => 'Information about the final payload(s).<br/>Can contain a function of the payload, e.g. keylogger, RAT, or a name if identified, such as Poison Ivy.',
+					'formdesc' => 'Information about the final payload(s). Can contain a function of the payload, e.g. keylogger, RAT, or a name if identified, such as Poison Ivy.',
 					'types' => array('comment', 'text', 'other')
 					),
 			'Attribution' => array(
@ -173,7 +173,7 @@ class Attribute extends AppModel {
 					),
 			'External analysis' => array(
 					'desc' => 'Any other result from additional analysis of the malware like tools output',
-					'formdesc' => 'Any other result from additional analysis of the malware like tools output<br/>Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
+					'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
 					'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'hostname', 'domain', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'other')
 					),
 			'Other' => array(
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -34,11 +34,11 @@ class Event extends AppModel {
 * @var array
 */
 	public $fieldDescriptions = array(
-		'risk' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels:<br/>low: mass-malware<br/>medium: APT malware<br/>high: sophisticated APT malware or 0-day attack'),
+		'risk' => array('desc' => 'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack', 'formdesc' => 'Risk levels: low: mass-malware medium: APT malware high: sophisticated APT malware or 0-day attack'),
 		'classification' => array('desc' => 'Set the Traffic Light Protocol classification. <ol><li><em>TLP:AMBER</em>- Share only within the organization on a need-to-know basis</li><li><em>TLP:GREEN:NeedToKnow</em>- Share within your constituency on the need-to-know basis.</li><li><em>TLP:GREEN</em>- Share within your constituency.</li></ol>'),
-		'submittedgfi' => array('desc' => 'GFI sandbox: export upload', 'formdesc' => 'GFI sandbox:<br/>export upload'),
+		'submittedgfi' => array('desc' => 'GFI sandbox: export upload', 'formdesc' => 'GFI sandbox: export upload'),
 		'submittedioc' => array('desc' => '', 'formdesc' => ''),
-		'analysis' => array('desc' => 'Analysis Levels: *Initial* means the event has just been created, *Ongoing* means that the event is being populated, *Complete* means that the event\'s creation is complete', 'formdesc' => 'Analysis levels:<br />Initial: event has been started<br />Ongoing: event population is in progress<br />Complete: event creation has finished'),
+		'analysis' => array('desc' => 'Analysis Levels: *Initial* means the event has just been created, *Ongoing* means that the event is being populated, *Complete* means that the event\'s creation is complete', 'formdesc' => 'Analysis levels: Initial: event has been started Ongoing: event population is in progress Complete: event creation has finished'),
 		'distribution' => array('desc' => 'Describes who will have access to the event.')
 	);

--- a/app/View/Attributes/add.ctp
+++ b/app/View/Attributes/add.ctp
@ -31,6 +31,13 @@
 				'div' => 'input clear',
 				'class' => 'input-xxlarge'
 		));
+		echo $this->Form->input('comment', array(
+				'type' => 'text',
+				'label' => 'Contextual Comment',
+				'error' => array('escape' => false),
+				'div' => 'input clear',
+				'class' => 'input-xxlarge'
+		));
 		?>
 		<div class="input clear"></div>
 		<?php
@ -43,7 +50,6 @@
 				'type' => 'checkbox',
 				'data-content' => 'Create multiple attributes one per line',
 		));
-
 		// link an onchange event to the form elements
 		$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")');
 		?>
--- a/app/View/Attributes/add_attachment.ctp
+++ b/app/View/Attributes/add_attachment.ctp
@ -22,6 +22,13 @@
 					'label' => 'Distribution',
 					'selected' => $initialDistribution,
 			));
+			echo $this->Form->input('comment', array(
+					'type' => 'text',
+					'label' => 'Contextual Comment',
+					'error' => array('escape' => false),
+					'div' => 'input clear',
+					'class' => 'input-xxlarge'
+			));
 			//'before' => $this->Html->div('forminfo', isset($attrDescriptions['distribution']['formdesc']) ? $attrDescriptions['distribution']['formdesc'] : $attrDescriptions['distribution']['desc']),));
 		}
 		?>
--- a/app/View/Attributes/edit.ctp
+++ b/app/View/Attributes/edit.ctp
@ -22,6 +22,13 @@
 				'div' => 'input clear',
 				'class' => 'input-xxlarge'
 		));
+		echo $this->Form->input('comment', array(
+				'type' => 'text',
+				'label' => 'Contextual Comment',
+				'error' => array('escape' => false),
+				'div' => 'input clear',
+				'class' => 'input-xxlarge'
+		));
 		?>
 		<div class="input clear"></div>
 		<?php
--- a/app/View/Attributes/index.ctp
+++ b/app/View/Attributes/index.ctp
@ -32,6 +32,7 @@ if ($isSearch == 1) {
 			<th><?php echo $this->Paginator->sort('category');?></th>
 			<th><?php echo $this->Paginator->sort('type');?></th>
 			<th><?php echo $this->Paginator->sort('value');?></th>
+			<th><?php echo $this->Paginator->sort('comment');?></th>
 			<th<?php echo ' title="' . $attrDescriptions['signature']['desc'] . '"';?>>
 			<?php echo $this->Paginator->sort('IDS');?></th>
 			<th class="actions">Actions</th>
@ -83,7 +84,11 @@ foreach ($attributes as $attribute):
 			} else {
 				echo $sigDisplay;
 			}
-			?></td>
+			?>
+		</td>
+		<td onclick="document.location ='document.location ='/events/view/<?php echo $attribute['Event']['id'];?>';">
+			<?php echo h($attribute['Attribute']['comment']); ?>&nbsp;
+		</td>
 		<td class="short" onclick="document.location ='document.location ='/events/view/<?php echo $attribute['Event']['id'];?>';">
 			<?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No'; ?>&nbsp;
 		</td>
--- a/app/View/Events/view.ctp
+++ b/app/View/Events/view.ctp
@ -137,6 +137,7 @@ if (!empty($event['Attribute'])):?>
 			<th>Category</th>
 			<th>Type</th>
 			<th>Value</th>
+			<th>Comment</th>
 			<th>Related Events</th>
 			<th title="<?php echo $attrDescriptions['signature']['desc'];?>">IDS</th>
 			<th title="<?php echo $attrDescriptions['distribution']['desc'];?>">Distribution</th>
@ -163,9 +164,7 @@ if (!empty($event['Attribute'])):?>
 			</td>
 			<?php endif; ?>
 			<td class="short <?php echo $extra; ?>" title="<?php echo $typeDefinitions[$attribute['type']]['desc'];?>">
-
 				<?php echo h($attribute['type']);?>
-
 			</td>
 			<td class="showspaces <?php echo $extra; ?>"><?php $sigDisplay = $attribute['value'];
 			if ('attachment' == $attribute['type'] || 'malware-sample' == $attribute['type'] ) {
@ -196,8 +195,10 @@ if (!empty($event['Attribute'])):?>
 				$sigDisplay = str_replace("\r", '', $sigDisplay);
 				echo (h($sigDisplay));
 			}
-				?></td>
-				<td class="shortish <?php echo $extra; ?>">
+				?>
+			</td>
+			<td class="showspaces bitwider <?php echo $extra; ?>"><?php echo h($attribute['comment']); ?></td>
+			<td class="shortish <?php echo $extra; ?>">
 				<?php
 			$first = 0;
 			?>
@ -294,6 +295,8 @@ if (!empty($event['Attribute'])):?>
 					<td class="short highlight2">
 					</td>
 					<td class="short highlight2">
+					</td>
+					<td class="short highlight2">
 					<?php
 						if ($shadowAttribute['to_ids'] != $attribute['to_ids']) echo $shadowAttribute['to_ids'] ? 'Yes' : 'No';
 					?>
@ -366,6 +369,8 @@ if (!empty($event['Attribute'])):?>
 									?></td>
 								<td class="short highlight2">
 								</td>
+								<td class="short highlight2">
+								</td>
 								<td class="short highlight2">
 									<?php
 										echo $remain['to_ids'] ? 'Yes' : 'No';
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@ -240,6 +240,11 @@ td.shortish {
 	text-align: left;
 }

+td.bitwider {
+	width:20%;
+	text-align: left;
+}
+
 td.highlight1 {
 	background-color: #0088cc !important;
 	color: #ffffff !important;