mirror of https://github.com/MISP/MISP
chg: [validation] Provide more precise and faster attribute validation
parent
d1a6a94f78
commit
e2c65d2a51
|
@ -1082,13 +1082,11 @@ class Attribute extends AppModel
|
|||
case 'x509-fingerprint-sha256':
|
||||
case 'x509-fingerprint-sha1':
|
||||
case 'git-commit-id':
|
||||
$length = $this->__hexHashLengths[$type];
|
||||
if (preg_match("#^[0-9a-f]{" . $length . "}$#", $value)) {
|
||||
$returnValue = true;
|
||||
if ($this->isHashValid($type, $value)) {
|
||||
return true;
|
||||
} else {
|
||||
$returnValue = __('Checksum has an invalid length or format (expected: %s hexadecimal characters). Please double check the value or select type "other".', $length);
|
||||
return __('Checksum has an invalid length or format (expected: %s hexadecimal characters). Please double check the value or select type "other".', $length);
|
||||
}
|
||||
break;
|
||||
case 'tlsh':
|
||||
if (preg_match("#^[0-9a-f]{35,}$#", $value)) {
|
||||
$returnValue = true;
|
||||
|
@ -1097,7 +1095,7 @@ class Attribute extends AppModel
|
|||
}
|
||||
break;
|
||||
case 'pehash':
|
||||
if (preg_match("#^[0-9a-f]{40}$#", $value)) {
|
||||
if ($this->isHashValid('pehash', $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
$returnValue = __('The input doesn\'t match the expected sha1 format (expected: 40 hexadecimal characters). Keep in mind that MISP currently only supports SHA1 for PEhashes, if you would like to get the support extended to other hash types, make sure to create a github ticket about it at https://github.com/MISP/MISP!');
|
||||
|
@ -1107,13 +1105,10 @@ class Attribute extends AppModel
|
|||
if (substr_count($value, ':') == 2) {
|
||||
$parts = explode(':', $value);
|
||||
if (is_numeric($parts[0])) {
|
||||
$returnValue = true;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
if (!$returnValue) {
|
||||
$returnValue = __('Invalid SSDeep hash. The format has to be blocksize:hash:hash');
|
||||
}
|
||||
break;
|
||||
return __('Invalid SSDeep hash. The format has to be blocksize:hash:hash');
|
||||
case 'impfuzzy':
|
||||
if (substr_count($value, ':') == 2) {
|
||||
$parts = explode(':', $value);
|
||||
|
@ -1136,7 +1131,7 @@ class Attribute extends AppModel
|
|||
if (preg_match("#(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH)#", $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
$returnValue = 'Unknown HTTP method.';
|
||||
$returnValue = __('Unknown HTTP method.');
|
||||
}
|
||||
break;
|
||||
case 'filename|pehash':
|
||||
|
@ -1253,7 +1248,7 @@ class Attribute extends AppModel
|
|||
if ($this->isDomainValid($value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
$returnValue = ucfirst($type) . __(' name has an invalid format. Please double check the value or select type "other".');
|
||||
$returnValue = __('%s name has an invalid format. Please double check the value or select type "other".', ucfirst($type));
|
||||
}
|
||||
break;
|
||||
case 'hostname|port':
|
||||
|
@ -1290,7 +1285,6 @@ class Attribute extends AppModel
|
|||
}
|
||||
break;
|
||||
case 'vulnerability':
|
||||
$value = str_replace('–', '-', $value);
|
||||
if (preg_match("#^(CVE-)[0-9]{4}(-)[0-9]{4,}$#", $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
|
@ -1298,7 +1292,6 @@ class Attribute extends AppModel
|
|||
}
|
||||
break;
|
||||
case 'weakness':
|
||||
$value = str_replace('–', '-', $value);
|
||||
if (preg_match("#^(CWE-)[0-9]{1,}$#", $value)) {
|
||||
$returnValue = true;
|
||||
} else {
|
||||
|
@ -1354,16 +1347,14 @@ class Attribute extends AppModel
|
|||
case 'other':
|
||||
case 'email-attachment':
|
||||
case 'email-body':
|
||||
case 'email-header':
|
||||
case 'first-name':
|
||||
case 'middle-name':
|
||||
case 'last-name':
|
||||
$returnValue = true;
|
||||
break;
|
||||
case 'hex':
|
||||
if (preg_match("/^[0-9a-f]*$/i", $value)) {
|
||||
$returnValue = true;
|
||||
}
|
||||
break;
|
||||
return ctype_xdigit($value);
|
||||
case 'target-user':
|
||||
case 'campaign-name':
|
||||
case 'campaign-id':
|
||||
|
@ -1421,14 +1412,10 @@ class Attribute extends AppModel
|
|||
case 'twitter-id':
|
||||
case 'chrome-extension-id':
|
||||
case 'mobile-application-id':
|
||||
// no newline
|
||||
if (!preg_match("#\n#", $value)) {
|
||||
$returnValue = true;
|
||||
if (strpos($value, "\n") !== false) {
|
||||
return __('Value must not contain new line character.');
|
||||
}
|
||||
break;
|
||||
case 'email-header':
|
||||
$returnValue = true;
|
||||
break;
|
||||
return true;
|
||||
case 'datetime':
|
||||
try {
|
||||
new DateTime($value);
|
||||
|
@ -1439,12 +1426,10 @@ class Attribute extends AppModel
|
|||
break;
|
||||
case 'size-in-bytes':
|
||||
case 'counter':
|
||||
if (!is_numeric($value) || $value < 0) {
|
||||
$returnValue = __('The value has to be a number greater or equal 0.');
|
||||
} else {
|
||||
$returnValue = true;
|
||||
if ((is_int($value) || ctype_digit($value)) && $value >= 0) {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
return __('The value has to be a whole number greater or equal 0.');
|
||||
case 'targeted-threat-index':
|
||||
if (!is_numeric($value) || $value < 0 || $value > 10) {
|
||||
$returnValue = __('The value has to be a number between 0 and 10.');
|
||||
|
@ -1573,7 +1558,10 @@ class Attribute extends AppModel
|
|||
break;
|
||||
case 'http-method':
|
||||
case 'hex':
|
||||
return strtoupper($value);
|
||||
case 'vulnerability':
|
||||
case 'weakness':
|
||||
$value = str_replace('–', '-', $value);
|
||||
return strtoupper($value);
|
||||
case 'cc-number':
|
||||
case 'bin':
|
||||
|
@ -4731,6 +4719,20 @@ class Attribute extends AppModel
|
|||
*/
|
||||
private function isPortValid($value)
|
||||
{
|
||||
return is_numeric($value) && $value >= 1 && $value <= 65535;
|
||||
return (is_int($value) || ctype_digit($value)) && $value >= 1 && $value <= 65535;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $type
|
||||
* @param string $value
|
||||
* @return bool
|
||||
*/
|
||||
private function isHashValid($type, $value)
|
||||
{
|
||||
if (!isset($this->__hexHashLengths[$type])) {
|
||||
throw new InvalidArgumentException("Invalid hash type '$type'.");
|
||||
}
|
||||
$length = $this->__hexHashLengths[$type];
|
||||
return strlen($value) === $length && ctype_xdigit($value);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue