MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:MISP/MISP into develop

pull/7255/head
iglocska 2021-03-24 21:49:21 +01:00
parent e3799d7104 71e8dc9641
commit d91f70377d
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
21 changed files with 109 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Console/Command/AdminShell.php
View File

@ -169,16 +169,24 @@ class AdminShell extends AppShell
}
}
# FIXME: Make Taxonomy->update() return a status string on API if successful
public function updateTaxonomies()
{
$this->ConfigLoad->execute();
$result = $this->Taxonomy->update();
if ($result) {
echo 'Taxonomies updated' . PHP_EOL;
} else {
echo 'Could not update Taxonomies' . PHP_EOL;
$successes = count(!empty($result['success']) ? $result['success'] : []);
$fails = count(!empty($result['fails']) ? $result['fails'] : []);
$message = '';
if ($successes == 0 && $fails == 0) {
$message = __('All taxonomies are up to date already.');
} elseif ($successes == 0 && $fails > 0) {
$message = __('Could not update any of the taxonomies.');
} elseif ($successes > 0 ) {
$message = __('Successfully updated %s taxonomies.', $successes);
if ($fails != 0) {
$message .= __(' However, could not update %s taxonomies.', $fails);
}
}
echo $message . PHP_EOL;
}
public function updateWarningLists()

8
app/Controller/AttributesController.php
View File

@ -2714,15 +2714,15 @@ class AttributesController extends AppController
} else {
$attribute = $attributes[0];
}
if (!$this->__canModifyTag($attribute, $local)) {
$fails++;
continue;
}
$eventId = $attribute['Attribute']['event_id'];
$event = $this->Attribute->Event->find('first', array(
'conditions' => array('Event.id' => $eventId),
'recursive' => -1
));
if (!$this->__canModifyTag($event, $local)) {
$fails++;
continue;
}
if (!$this->_isRest()) {
$this->Attribute->Event->insertLock($this->Auth->user(), $eventId);
}

1
app/Controller/Component/ACLComponent.php
View File

@ -727,6 +727,7 @@ class ACLComponent extends Component
),
'eventGraph' => array(
'view' => array('*'),
'viewPicture' => array('*'),
'add' => array('perm_add'),
'delete' => array('perm_modify'),
)

31
app/Controller/EventGraphController.php
View File

@ -50,6 +50,37 @@ class EventGraphController extends AppController
return $this->RestResponse->viewData($eventGraphs, $this->response->type());
}
public function viewPicture($event_id, $graph_id)
{
$this->loadModel('Event');
$event = $this->Event->fetchSimpleEvent($this->Auth->user(), $event_id);
if (empty($event)) {
throw new NotFoundException('Invalid event');
}
$conditions = [
'EventGraph.event_id' => $event['Event']['id'],
'EventGraph.org_id' => $this->Auth->user('org_id'),
'EventGraph.id' => $graph_id,
];
$eventGraph = $this->EventGraph->find('first', array(
'conditions' => $conditions,
'contain' => array(
'User' => array(
'fields' => array(
'User.email'
)
)
)
));
if (empty($eventGraph)) {
throw new MethodNotAllowedException('Invalid event graph');
}
$eventGraph = $eventGraph;
$imageData = $this->EventGraph->getPictureData($eventGraph);
return new CakeResponse(array('body' => $imageData, 'type' => 'png'));
}
public function add($event_id = false)
{
if ($this->request->is('get')) {

2
app/Model/Attribute.php
View File

@ -4252,7 +4252,7 @@ class Attribute extends AppModel
'tags' => array('function' => 'set_filter_tags', 'pop' => true),
'uuid' => array('function' => 'set_filter_uuid'),
'deleted' => array('function' => 'set_filter_deleted'),
'timestamp' => array('function' => 'set_filter_timestamp'),
'timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
'attribute_timestamp' => array('function' => 'set_filter_timestamp'),
'first_seen' => array('function' => 'set_filter_seen'),
'last_seen' => array('function' => 'set_filter_seen'),

3
app/Model/Event.php
View File

@ -3077,6 +3077,9 @@ class Event extends AppModel
);
foreach ($filters[$options['filter']] as $f) {
$conditions = $this->Attribute->setTimestampConditions($params[$options['filter']], $conditions, $f);
if (!empty($options['pop'])) {
unset($params[$options['filter']]);
}
}
}
return $conditions;

14
app/Model/EventGraph.php
View File

@ -53,4 +53,18 @@ class EventGraph extends AppModel
}
return true;
}
public function getPictureData($eventGraph)
{
$b64 = str_replace('data:image/png;base64,', '', $eventGraph['EventGraph']['preview_img']);
$imageDecoded = base64_decode($b64);
$source = imagecreatefromstring($imageDecoded);
imagesavealpha($source, true);
ob_start();
imagepng($source, null, 9);
$imageData = ob_get_contents();
ob_end_clean();
imagedestroy($source);
return $imageData;
}
}

3
app/View/Attributes/ajax/ajaxAttributeTags.ctp
View File

@ -5,7 +5,8 @@
array(
'attributeId' => $attributeId,
'tags' => $attributeTags,
'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']),
'tagAccess' => ($isSiteAdmin || $mayModify),
'localTagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id'] || (int)$me['org_id'] === Configure::read('MISP.host_org_id')),
'scope' => 'attribute'
)
);

1
app/View/Elements/DecayingModels/View/row_attribute_simulation.ctp
View File

@ -60,6 +60,7 @@
'isSiteAdmin' => false, // prevent add button
'isAclTagger' => false,
'data' => !empty($object['Galaxy']) ? $object['Galaxy'] : array(),
'event' => $object,
'target_id' => $object['id'],
'target_type' => 'attribute'
));

13
app/View/Elements/Events/View/row_attribute.ctp
View File

@ -143,7 +143,17 @@ $quickEdit = function($fieldName) use ($editScope, $object, $event) {
</td>
<td class="short">
<div class="attributeTagContainer">
<?php echo $this->element('ajaxTags', array('attributeId' => $object['id'], 'tags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']), 'context' => $context, 'scope' => 'attribute', 'tagConflicts' => isset($object['tagConflicts']) ? $object['tagConflicts'] : array())); ?>
<?php echo $this->element(
'ajaxTags',
array('attributeId' => $object['id'],
'tags' => $object['AttributeTag'],
'tagAccess' => ($isSiteAdmin || $mayModify),
'localTagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id'] || (int)$me['org_id'] === Configure::read('MISP.host_org_id')),
'context' => $context,
'scope' => 'attribute',
'tagConflicts' => isset($object['tagConflicts']) ? $object['tagConflicts'] : array()
)
); ?>
</div>
</td>
<?php
@ -166,6 +176,7 @@ $quickEdit = function($fieldName) use ($editScope, $object, $event) {
'mayModify' => $mayModify,
'isAclTagger' => $isAclTagger,
'data' => (!empty($object['Galaxy']) ? $object['Galaxy'] : array()),
'event' => $event,
'target_id' => $object['id'],
'target_type' => 'attribute',
));

2
app/View/Elements/Events/eventIndexTable.ctp
View File

@ -110,6 +110,7 @@
'mayModify' => false,
'isAclTagger' => false,
'data' => $galaxies,
'event' => $event,
'target_id' => $event['Event']['id'],
'target_type' => 'event',
'static_tags_only' => 1
@ -127,6 +128,7 @@
'event' => $event,
'tags' => $event['EventTag'],
'tagAccess' => false,
'localTagAccess' => false,
'missingTaxonomies' => false,
'columnised' => true,
'static_tags_only' => 1,

5
app/View/Elements/ajaxTags.ctp
View File

@ -22,6 +22,7 @@
break;
}
$full = $isAclTagger && $tagAccess && empty($static_tags_only);
$fullLocal = $isAclTagger && $localTagAccess && empty($static_tags_only);
$host_org_editor = (int)$me['org_id'] === Configure::read('MISP.host_org_id') && $isAclTagger && empty($static_tags_only);
$tagData = "";
foreach ($tags as $tag) {
@ -85,7 +86,7 @@
);
}
$span_delete = '';
if ($full) {
if ($full || ($fullLocal && $tag['Tag']['local'])) {
$span_delete = sprintf(
'<span class="%s" title="%s" role="%s" tabindex="%s" aria-label="%s" onClick="%s">x</span>',
'black-white tag useCursorPointer noPrint',
@ -121,7 +122,7 @@
'<i class="fas fa-globe-americas"></i> +'
);
}
if ($host_org_editor || $full) {
if ($full || $fullLocal) {
$buttonData[] = sprintf(
'<button title="%s" role="button" tabindex="0" aria-label="%s" class="%s" style="%s" onClick="%s">%s</button>',
__('Add a local tag'),

19
app/View/Elements/galaxyQuickViewNew.ctp
View File

@ -7,8 +7,15 @@ if (isset($preview) && $preview) {
} else {
$preview = false;
}
$tagAccess = ($isSiteAdmin || ($mayModify && $isAclTagger));
if (empty($local_tag_off) || !empty($event)) {
$localTagAccess = ($isSiteAdmin || ($mayModify || $me['org_id'] == $event['Event']['org_id'] || (int)$me['org_id'] === Configure::read('MISP.host_org_id'))) && $isAclTagger;
} else {
$localTagAccess = false;
}
$editButtonsEnabled = !(isset($static_tags_only) && $static_tags_only);
$editButtonsEnabled = empty($static_tags_only) && $tagAccess;
$editButtonsLocalEnabled = empty($static_tags_only) && $localTagAccess && empty($local_tag_off);
$sortClusters = function (array $clusters) {
usort($clusters, function (array $a, array $b) {
@ -94,7 +101,7 @@ $generatePopover = function (array $cluster) use ($normalizeKey) {
<a href="<?= $baseurl ?>/galaxy_clusters/view/<?= h($cluster['id']) ?>" class="black fa fa-search" title="<?= __('View details about this cluster') ?>" aria-label="<?= __('View cluster') ?>"></a>
<a href="<?= $baseurl ?>/events/index/searchtag:<?= h($cluster['tag_id']) ?>" class="black fa fa-list" title="<?= __('View all events containing this cluster') ?>" aria-label="<?= __('View all events containing this cluster') ?>"></a>
<?php endif ;?>
<?php if ($editButtonsEnabled && ($isSiteAdmin || ($mayModify && $isAclTagger))) {
<?php if ($editButtonsEnabled || ($editButtonsLocalEnabled && $cluster['local'])) {
echo $this->Form->create(false, [
'id' => false, // prevent duplicate ids
'url' => $baseurl . '/galaxy_clusters/detach/' . ucfirst(h($target_id)) . '/' . h($target_type) . '/' . $cluster['tag_id'],
@ -115,7 +122,7 @@ echo $this->Form->end();
</div>
<?php endif; ?>
<?php
if ($editButtonsEnabled && ($isSiteAdmin || ($mayModify && $isAclTagger))) {
if ($editButtonsEnabled) {
echo sprintf(
'<button class="%s" data-target-type="%s" data-target-id="%s" data-local="false" role="button" tabindex="0" aria-label="' . __('Add new cluster') . '" title="' . __('Add new cluster') . '">%s</button>',
'useCursorPointer btn btn-inverse addGalaxy',
@ -125,11 +132,7 @@ if ($editButtonsEnabled && ($isSiteAdmin || ($mayModify && $isAclTagger))) {
);
}
if (
$editButtonsEnabled &&
(!isset($local_tag_off) || !$local_tag_off) &&
($isSiteAdmin || ($isAclTagger && $hostOrgUser))
) {
if ($editButtonsLocalEnabled) {
echo sprintf(
'<button class="%s" data-target-type="%s" data-target-id="%s" data-local="true" role="button" tabindex="0" aria-label="' . __('Add new local cluster') . '" title="' . __('Add new local cluster') . '">%s</button>',
'useCursorPointer btn btn-inverse addGalaxy',

1
app/View/Elements/genericElements/IndexTable/Fields/tags.ctp
View File

@ -19,6 +19,7 @@
'attributeId' => 0,
'tags' => $tags,
'tagAccess' => false,
'localTagAccess' => false,
'static_tags_only' => 1,
'scope' => isset($field['scope']) ? $field['scope'] : 'event',
'hide_global_scope' => isset($field['hide_global_scope']) ? $field['hide_global_scope'] : false

1
app/View/Events/ajax/ajaxGalaxies.ctp
View File

@ -7,6 +7,7 @@ echo $this->element('galaxyQuickViewNew', [
'mayModify' => $mayModify,
'isAclTagger' => $isAclTagger,
'data' => $object['Galaxy'],
'event' => $object,
'target_id' => $scope == 'event' ? $object['Event']['id'] : $object['Attribute']['id'],
'target_type' => $scope
]);

1
app/View/Events/ajax/ajaxTags.ctp
View File

@ -7,6 +7,7 @@
'event' => $event,
'tags' => $tags,
'tagAccess' => ($isSiteAdmin || $mayModify),
'localTagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id'] || (int)$me['org_id'] === Configure::read('MISP.host_org_id')),
'tagConflicts' => $tagConflicts
));
?>

2
app/View/Events/get_event_info_by_id.ctp
View File

@ -19,7 +19,7 @@
if ($fieldData === 'Tag') {
echo '<div><span class="blue bold">Tags</span>: ';
if (!empty($event['EventTag'])) {
echo '<span>' . $this->element('ajaxTags', array('event' => $event, 'tags' => $event['EventTag'], 'static_tags_only' => true)) . '</span>';
echo '<span>' . $this->element('ajaxTags', array('event' => $event, 'tags' => $event['EventTag'], 'static_tags_only' => true, 'tagAccess' => false, 'localTagAccess' => false)) . '</span>';
}
echo '</div>';
} else {

3
app/View/Events/resolved_misp_format.ctp
View File

@ -71,7 +71,8 @@
$this->element('ajaxTags', array(
'event' => $event,
'tags' => $event['Tag'],
'tagAccess' => ($isSiteAdmin || $me['org_id'] == $event['Event']['orgc_id']),
'tagAccess' => false,
'localTagAccess' => false,
'static_tags_only' => 1
))
)

4
app/View/Events/view.ctp
View File

@ -105,7 +105,8 @@
array(
'event' => $event,
'tags' => $event['EventTag'],
'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['orgc_id']),
'tagAccess' => ($isSiteAdmin || $mayModify),
'localTagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id'] || (int)$me['org_id'] === Configure::read('MISP.host_org_id')),
'missingTaxonomies' => $missingTaxonomies,
'tagConflicts' => $tagConflicts
)
@ -536,6 +537,7 @@
'mayModify' => $mayModify,
'isAclTagger' => $isAclTagger,
'data' => $event['Galaxy'],
'event' => $event,
'target_id' => $event['Event']['id'],
'target_type' => 'event'
]); ?>

1
app/View/Feeds/view.ctp
View File

@ -22,6 +22,7 @@
'scope' => 'feed',
'tags' => array(array('Tag' => $feed['Tag'])),
'tagAccess' => false,
'localTagAccess' => false,
'static_tags_only' => true
)
)

1
app/View/Servers/preview_event.ctp
View File

@ -98,6 +98,7 @@ $tableData[] = [
<span class="title-section"><?= __('Galaxies') ?></span>
<?= $this->element('galaxyQuickViewNew', [
'data' => $event['Galaxy'],
'event' => $event,
'preview' => true,
]); ?>
</div>