MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [validation] Provide more precise and faster attribute validation

pull/6418/head
Jakub Onderka 2020-10-13 09:23:44 +02:00
parent d1a6a94f78
commit e2c65d2a51
1 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
app/Model/Attribute.php
View File

@ -1082,13 +1082,11 @@ class Attribute extends AppModel
case 'x509-fingerprint-sha256':
case 'x509-fingerprint-sha1':
case 'git-commit-id':
$length = $this->__hexHashLengths[$type];
if (preg_match("#^[0-9a-f]{" . $length . "}$#", $value)) {
$returnValue = true;
if ($this->isHashValid($type, $value)) {
return true;
} else {
$returnValue = __('Checksum has an invalid length or format (expected: %s hexadecimal characters). Please double check the value or select type "other".', $length);
return __('Checksum has an invalid length or format (expected: %s hexadecimal characters). Please double check the value or select type "other".', $length);
}
break;
case 'tlsh':
if (preg_match("#^[0-9a-f]{35,}$#", $value)) {
$returnValue = true;
@ -1097,7 +1095,7 @@ class Attribute extends AppModel
}
break;
case 'pehash':
if (preg_match("#^[0-9a-f]{40}$#", $value)) {
if ($this->isHashValid('pehash', $value)) {
$returnValue = true;
} else {
$returnValue = __('The input doesn\'t match the expected sha1 format (expected: 40 hexadecimal characters). Keep in mind that MISP currently only supports SHA1 for PEhashes, if you would like to get the support extended to other hash types, make sure to create a github ticket about it at https://github.com/MISP/MISP!');
@ -1107,13 +1105,10 @@ class Attribute extends AppModel
if (substr_count($value, ':') == 2) {
$parts = explode(':', $value);
if (is_numeric($parts[0])) {
$returnValue = true;
return true;
}
}
if (!$returnValue) {
$returnValue = __('Invalid SSDeep hash. The format has to be blocksize:hash:hash');
}
break;
return __('Invalid SSDeep hash. The format has to be blocksize:hash:hash');
case 'impfuzzy':
if (substr_count($value, ':') == 2) {
$parts = explode(':', $value);
@ -1136,7 +1131,7 @@ class Attribute extends AppModel
if (preg_match("#(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH)#", $value)) {
$returnValue = true;
} else {
$returnValue = 'Unknown HTTP method.';
$returnValue = __('Unknown HTTP method.');
}
break;
case 'filename|pehash':
@ -1253,7 +1248,7 @@ class Attribute extends AppModel
if ($this->isDomainValid($value)) {
$returnValue = true;
} else {
$returnValue = ucfirst($type) . __(' name has an invalid format. Please double check the value or select type "other".');
$returnValue = __('%s name has an invalid format. Please double check the value or select type "other".', ucfirst($type));
}
break;
case 'hostname|port':
@ -1290,7 +1285,6 @@ class Attribute extends AppModel
}
break;
case 'vulnerability':
$value = str_replace('', '-', $value);
if (preg_match("#^(CVE-)[0-9]{4}(-)[0-9]{4,}$#", $value)) {
$returnValue = true;
} else {
@ -1298,7 +1292,6 @@ class Attribute extends AppModel
}
break;
case 'weakness':
$value = str_replace('', '-', $value);
if (preg_match("#^(CWE-)[0-9]{1,}$#", $value)) {
$returnValue = true;
} else {
@ -1354,16 +1347,14 @@ class Attribute extends AppModel
case 'other':
case 'email-attachment':
case 'email-body':
case 'email-header':
case 'first-name':
case 'middle-name':
case 'last-name':
$returnValue = true;
break;
case 'hex':
if (preg_match("/^[0-9a-f]*$/i", $value)) {
$returnValue = true;
}
break;
return ctype_xdigit($value);
case 'target-user':
case 'campaign-name':
case 'campaign-id':
@ -1421,14 +1412,10 @@ class Attribute extends AppModel
case 'twitter-id':
case 'chrome-extension-id':
case 'mobile-application-id':
// no newline
if (!preg_match("#\n#", $value)) {
$returnValue = true;
if (strpos($value, "\n") !== false) {
return __('Value must not contain new line character.');
}
break;
case 'email-header':
$returnValue = true;
break;
return true;
case 'datetime':
try {
new DateTime($value);
@ -1439,12 +1426,10 @@ class Attribute extends AppModel
break;
case 'size-in-bytes':
case 'counter':
if (!is_numeric($value) || $value < 0) {
$returnValue = __('The value has to be a number greater or equal 0.');
} else {
$returnValue = true;
if ((is_int($value) || ctype_digit($value)) && $value >= 0) {
return true;
}
break;
return __('The value has to be a whole number greater or equal 0.');
case 'targeted-threat-index':
if (!is_numeric($value) || $value < 0 || $value > 10) {
$returnValue = __('The value has to be a number between 0 and 10.');
@ -1573,7 +1558,10 @@ class Attribute extends AppModel
break;
case 'http-method':
case 'hex':
return strtoupper($value);
case 'vulnerability':
case 'weakness':
$value = str_replace('', '-', $value);
return strtoupper($value);
case 'cc-number':
case 'bin':
@ -4731,6 +4719,20 @@ class Attribute extends AppModel
*/
private function isPortValid($value)
{
return is_numeric($value) && $value >= 1 && $value <= 65535;
return (is_int($value) || ctype_digit($value)) && $value >= 1 && $value <= 65535;
}
/**
* @param string $type
* @param string $value
* @return bool
*/
private function isHashValid($type, $value)
{
if (!isset($this->__hexHashLengths[$type])) {
throw new InvalidArgumentException("Invalid hash type '$type'.");
}
$length = $this->__hexHashLengths[$type];
return strlen($value) === $length && ctype_xdigit($value);
}
}