TLP:AMBER- Share only within the organization on a need-to-know basis
TLP:GREEN:NeedToKnow- Share within your constituency on the need-to-know basis.
TLP:GREEN- Share within your constituency.
'),
+ 'submittedfile' => array('desc' => 'GFI sandbox: export upload', 'formdesc' => 'GFI sandbox: export upload'),
);
/**
@@ -80,6 +91,16 @@ class Event extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
+ 'user_id' => array(
+ 'numeric' => array(
+ 'rule' => array('numeric'),
+ //'message' => 'Your custom message here',
+ //'allowEmpty' => false,
+ //'required' => false,
+ //'last' => false, // Stop validation after this rule
+ //'on' => 'create', // Limit validation to 'create' or 'update' operations
+ ),
+ ),
'published' => array(
'boolean' => array(
'rule' => array('boolean'),
@@ -120,6 +141,52 @@ class Event extends AppModel {
//),
);
+ public function __construct($id = false, $table = null, $ds = null) {
+ parent::__construct($id, $table, $ds);
+
+ if ('true' == Configure::read('CyDefSIG.private')) {
+
+ $this->virtualFields = Set::merge($this->virtualFields,array(
+ 'sharing' => 'IF (Event.private=true, "Org", IF (Event.cluster=true, "Server", IF (Event.pull=true, "Pull only", "All")))',
+ ));
+
+ $this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
+ 'sharing' => array('desc' => 'This field tells how and if the event should be shared with other CyDefSIG users'),
+ ));
+
+ $this->validate = Set::merge($this->validate,array(
+ 'cluster' => array(
+ 'boolean' => array(
+ 'rule' => array('boolean'),
+ //'message' => 'Your custom message here',
+ //'allowEmpty' => false,
+ 'required' => false,
+ //'last' => false, // Stop validation after this rule
+ //'on' => 'create', // Limit validation to 'create' or 'update' operations
+ ),
+ ),
+ 'pull' => array(
+ 'boolean' => array(
+ 'rule' => array('boolean'),
+ //'message' => 'Your custom message here',
+ //'allowEmpty' => false,
+ 'required' => false,
+ //'last' => false, // Stop validation after this rule
+ //'on' => 'create', // Limit validation to 'create' or 'update' operations
+ ),
+ ),
+ 'sharing' => array(
+ 'rule' => array('inList', array('Org', 'Server', 'Pull only')),
+ //'message' => 'Your custom message here',
+ 'allowEmpty' => false,
+ 'required' => false,
+ //'last' => false, // Stop validation after this rule
+ //'on' => 'create', // Limit validation to 'create' or 'update' operations
+ ),
+ ));
+ }
+ }
+
//The Associations below have been created with all possible keys, those that are not needed can be removed
/**
@@ -165,13 +232,67 @@ class Event extends AppModel {
)
);
+ public function beforeDelete() {
+ // delete event from the disk
+ $this->read(); // first read the event from the db
+ // FIXME secure this filesystem access/delete by not allowing to change directories or go outside of the directory container.
+ // only delete the file if it exists
+ $filepath = APP . "files" . DS . $this->data['Event']['id'];
+ App::uses('Folder', 'Utility');
+ $file = new Folder ($filepath);
+ if (is_dir($filepath)) {
+ if (!$this->destroyDir($filepath)) {
+ throw new InternalErrorException('Delete of event file directory failed. Please report to administrator.');
+ }
+ }
+ }
+
+ public function destroyDir($dir) {
+ if (!is_dir($dir) || is_link($dir)) return unlink($dir);
+ foreach (scandir($dir) as $file) {
+ if ($file == '.' || $file == '..') continue;
+ if (!$this->destroyDir($dir . DS . $file)) {
+ chmod($dir . DS . $file, 0777);
+ if (!$this->destroyDir($dir . DS . $file)) return false;
+ };
+ }
+ return rmdir($dir);
+ }
+
public function beforeValidate() {
+ parent::beforeValidate();
// generate UUID if it doesn't exist
if (empty($this->data['Event']['uuid'])) {
$this->data['Event']['uuid'] = String::uuid();
}
}
+ public function massageData(&$data) {
+ switch ($data['Event']['sharing']) {
+ case 'Org':
+ $data['Event']['private'] = true;
+ $data['Event']['cluster'] = false;
+ $data['Event']['pull'] = false;
+ break;
+ case 'Server':
+ $data['Event']['private'] = false;
+ $data['Event']['cluster'] = true;
+ $data['Event']['pull'] = false;
+ break;
+ case 'Pull only':
+ $data['Event']['private'] = false;
+ $data['Event']['cluster'] = false;
+ $data['Event']['pull'] = true;
+ break;
+ case 'All':
+ $data['Event']['private'] = false;
+ $data['Event']['cluster'] = false;
+ $data['Event']['pull'] = false;
+ break;
+ }
+ return $data;
+ }
+
public function isOwnedByOrg($eventid, $org) {
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
}
@@ -239,9 +360,12 @@ class Event extends AppModel {
* @return bool true if success, error message if failed
*/
public function uploadEventToServer($event, $server, $HttpSocket=null) {
- if (true == $event['Event']['private']) { // never upload private events
+ if (('true' != Configure::read('CyDefSIG.private')) && (true == $event['Event']['private'])) { // never upload private events
return "Event is private and non exportable";
}
+ if (('true' == Configure::read('CyDefSIG.private')) && (true == $event['Event']['pull'])) {
+ return "Event is pull only and non exportable";
+ }
$url = $server['Server']['url'];
$authkey = $server['Server']['authkey'];
diff --git a/app/Model/Group.php b/app/Model/Group.php
new file mode 100755
index 000000000..0cf91d66f
--- /dev/null
+++ b/app/Model/Group.php
@@ -0,0 +1,62 @@
+ array(
+ 'notempty' => array(
+ 'rule' => array('notempty'),
+ //'message' => 'Your custom message here',
+ //'allowEmpty' => false,
+ //'required' => false,
+ //'last' => false, // Stop validation after this rule
+ //'on' => 'create', // Limit validation to 'create' or 'update' operations
+ ),
+ ),
+ );
+
+/**
+ * hasMany associations
+ *
+ * @var array
+ */
+ public $hasMany = array(
+ 'User' => array(
+ 'className' => 'User',
+ 'foreignKey' => 'group_id',
+ 'dependent' => false,
+ 'conditions' => '',
+ 'fields' => '',
+ 'order' => '',
+ 'limit' => '',
+ 'offset' => '',
+ 'exclusive' => '',
+ 'finderQuery' => '',
+ 'counterQuery' => ''
+ )
+ );
+
+/**
+ * TODO ACL: 1: be requester to CakePHP ACL system
+ *
+ * @var unknown_type
+ */
+ public $actsAs = array('Acl' => array('type' => 'requester'), 'MagicTools.OrphansProtectable');
+
+/**
+ * TODO ACL: 2: hook Group into CakePHP ACL system (so link to aros)
+ */
+ public function parentNode() {
+ return null;
+ }
+}
\ No newline at end of file
diff --git a/app/Model/Log.php b/app/Model/Log.php
new file mode 100755
index 000000000..168ec5e90
--- /dev/null
+++ b/app/Model/Log.php
@@ -0,0 +1,31 @@
+ array(
+ 'rule' => array('inList', array(
+ 'login',
+ 'logout',
+ 'add',
+ 'edit',
+ 'delete',
+ 'publish' // FIXME remove this once all attributes have a category. Otherwise sigs without category are not shown in the list
+ )),
+ 'message' => 'Options : ...'
+ )
+ );
+
+ public $actionDefinitions = array(
+ 'login' => array('desc' => 'Login action', 'formdesc' => "Login action"),
+ 'logout' => array('desc' => 'Logout action', 'formdesc' => "Logout action"),
+ 'add' => array('desc' => 'Add action', 'formdesc' => "Add action"),
+ 'edit' => array('desc' => 'Edit action', 'formdesc' => "Edit action"),
+ 'delete' => array('desc' => 'Delete action', 'formdesc' => "Delete action"),
+ 'publish' => array('desc' => "Publish action", 'formdesc' => "Publish action")
+ );
+}
\ No newline at end of file
diff --git a/app/Model/Server.php b/app/Model/Server.php
old mode 100644
new mode 100755
index b16b6f7d9..29af76cd8
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@@ -6,6 +6,14 @@ App::uses('AppModel', 'Model');
*/
class Server extends AppModel {
+ public $name = 'Server'; // TODO general
+
+ public $actsAs = array('SysLogLogable.SysLogLogable' => array( // TODO Audit, logable, check: 'userModel' and 'userKey' can be removed given default
+ 'userModel' => 'User',
+ 'userKey' => 'user_id',
+ 'change' => 'full'
+ ));
+
/**
* Display field
*
@@ -94,4 +102,4 @@ class Server extends AppModel {
public function isOwnedByOrg($serverid, $org) {
return $this->field('id', array('id' => $serverid, 'org' => $org)) === $serverid;
}
-}
\ No newline at end of file
+}
diff --git a/app/Model/User.php b/app/Model/User.php
index 3956d8b7b..39ea0b654 100755
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -17,6 +17,14 @@ class User extends AppModel {
*/
public $displayField = 'email';
+ public $orgField = 'org'; // TODO Audit, LogableBehaviour + org
+/**
+ * Model Name
+ *
+ * @var string
+ */
+ public $name = 'User'; // TODO general
+
/**
* Validation rules
*
@@ -69,6 +77,16 @@ class User extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
+ 'org_id' => array(
+ 'notempty' => array(
+ 'rule' => array('notempty'),
+ 'message' => 'Please specify the organisation ID where you are working.', // TODO ACL, org_id in Users
+ //'allowEmpty' => false,
+ //'required' => false,
+ //'last' => false, // Stop validation after this rule
+ //'on' => 'create', // Limit validation to 'create' or 'update' operations
+ ),
+ ),
'email' => array(
'email' => array(
'rule' => array('email'),
@@ -162,6 +180,21 @@ class User extends AppModel {
//The Associations below have been created with all possible keys, those that are not needed can be removed
+/**
+ * belongsTo associations
+ *
+ * @var array
+ */
+ public $belongsTo = array(
+ 'Group' => array(
+ 'className' => 'Group',
+ 'foreignKey' => 'group_id',
+ 'conditions' => '',
+ 'fields' => '',
+ 'order' => ''
+ )
+ );
+
/**
* hasMany associations
*
@@ -183,6 +216,38 @@ class User extends AppModel {
)
);
+/**
+ * TODO ACL: 1: be requester to CakePHP ACL system
+ */
+ public $actsAs = array('Acl' => array('type' => 'requester', 'enabled' => false)); // TODO ACL, + 'enabled' => false
+
+/**
+ * TODO ACL: 2: hook User into CakePHP ACL system (so link to aros)
+ */
+ public function parentNode() {
+ if (!$this->id && empty($this->data)) {
+ return null;
+ }
+ if (isset($this->data['User']['group_id'])) {
+ $groupId = $this->data['User']['group_id'];
+ } else {
+ $groupId = $this->field('group_id');
+ }
+ if (!$groupId) {
+ return null;
+ } else {
+ return array('Group' => array('id' => $groupId));
+ }
+ }
+
+/**
+ * TODO ACL: 3: rights on Groups: http://stackoverflow.com/questions/6154285/aros-table-in-cakephp-is-still-including-users-even-after-bindnode
+ */
+ public function bindNode($user) {
+ // return array('model' => 'Group', 'foreign_key' => $user['User']['group_id']);
+ return array('Group' => array('id' => $user['User']['group_id']));
+ }
+
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
diff --git a/app/Plugin/MagicTools/Model/Behavior/OrphansProtectableBehavior.php b/app/Plugin/MagicTools/Model/Behavior/OrphansProtectableBehavior.php
new file mode 100644
index 000000000..399c935b1
--- /dev/null
+++ b/app/Plugin/MagicTools/Model/Behavior/OrphansProtectableBehavior.php
@@ -0,0 +1,125 @@
+_deletionError = null; // Stores the deletion error message
+ $Model->orphansProtectableOptions = array_merge(array(
+ 'listPossibleOrphans' => true,
+ 'htmlError' => false
+ ), $settings);
+ }
+
+ /**
+ * Checks if there would be orphaned record left behind after deletion of this record; if so, deletion is prevented.
+ *
+ * @param $model Model
+ * @param $cascade boolean
+ * @return boolean
+ */
+ function beforeDelete(&$Model, $cascade) {
+ if($cascade) return true;
+ return !$Model->wouldLeaveOrphanedRecordsBehind();
+ }
+
+ /**
+ * Checks if deletion of this record would leave orphaned associated records behind.
+ *
+ * @param $model Model
+ * @return boolean
+ */
+ function wouldLeaveOrphanedRecordsBehind(&$Model) {
+ $possibleOrphans = array();
+
+ foreach($Model->hasMany as $model => $settings) {
+ // Is relationship is dependent?
+ if($settings['dependent']){ // Yes! Possible orphans are deleted, too!
+ // Do nothing
+ } else { // No! Possible orphans should be protected!
+ // Is there a possible orphan for this relation?
+ $Model->{$model}->recursive = -1;
+ $objects = $Model->{$model}->find('all', array('conditions' => array($settings['className'].'.'.$settings['foreignKey'] => $Model->id), 'order' => 'id asc'));
+ if(count($objects) > 0) { // Yes, there is at least one possible orphan!
+ $objectIds = array();
+ foreach($objects as $object) {
+ $objectIds[] = $object[$model]['id'];
+ }
+ $possibleOrphans[$model] = $objectIds;
+ }
+ }
+ }
+
+ // Would orphans be left behind?
+ if(count($possibleOrphans) > 0) { // Yes! Create deletion error message!
+ $Model->_deletionError = $Model->createDeletionError($possibleOrphans);
+ return true;
+ } else { // No!
+ return false;
+ }
+ }
+
+ /**
+ * Returns the deletion error message (if there is one).
+ *
+ * @param $model Model
+ * @return string
+ */
+ function getDeletionError(&$Model) {
+ return $Model->_deletionError;
+ }
+
+ /**
+ * Creates the deletion error message and returns it.
+ *
+ * @param $model Model
+ * @param $possibleOrphans array
+ * @return string
+ */
+ function createDeletionError(&$Model, $possibleOrphans) {
+ $errorParts = array();
+ foreach($possibleOrphans as $model => $ids) {
+ $count = count($ids);
+ $modelName = $count > 1 ? Inflector::pluralize($model) : $model;
+ $errorParts[] = $count.' '.__($modelName, true).' (ID: '.$Model->createDeletionErrorIds($model, $ids).')';
+ }
+ return __('it has the following dependent items', true).': '.implode($errorParts, ', ');
+ }
+
+ /**
+ * Creates a string containing HTML-links to comma separated IDs of the potentially orphaned records of the specified model.
+ *
+ * @param $model Model
+ * @param $orphanModel string
+ * @param $ids array
+ * @return string
+ */
+ function createDeletionErrorIds(&$Model, $orphanModel, $ids) {
+ $messageParts = array();
+ if($Model->orphansProtectableOptions['htmlError']) {
+ foreach($ids as $id) {
+ $messageParts[] = ''.$id.''; // TODO: Noch unschön! --zivi-muh
+ }
+ } else {
+ $messageParts = $ids;
+ }
+ return implode($messageParts, ', ');
+ }
+}
+?>
\ No newline at end of file
diff --git a/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php b/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php
new file mode 100644
index 000000000..560b5f9ee
--- /dev/null
+++ b/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php
@@ -0,0 +1,220 @@
+settings[$Model->alias]['enabled']) {
+ return true;
+ }
+ if (isset($this->settings[$Model->alias]['skip']['add']) && $this->settings[$Model->alias]['skip']['add'] && $created) {
+ return true;
+ } elseif (isset($this->settings[$Model->alias]['skip']['edit']) && $this->settings[$Model->alias]['skip']['edit'] && !$created) {
+ return true;
+ }
+ $keys = array_keys($Model->data[$Model->alias]);
+ $diff = array_diff($keys, $this->settings[$Model->alias]['ignore']);
+ if (sizeof($diff) == 0 && empty($Model->logableAction)) {
+ return false;
+ }
+ if ($Model->id) {
+ $id = $Model->id;
+ } elseif ($Model->insertId) {
+ $id = $Model->insertId;
+ }
+ if (isset($this->schema[$this->settings[$Model->alias]['foreignKey']])) {
+ $logData['Log'][$this->settings[$Model->alias]['foreignKey']] = $id;
+ }
+ if (isset($this->schema['description'])) {
+ $logData['Log']['description'] = $Model->alias . ' ';
+ if (isset($Model->data[$Model->alias][$Model->displayField]) && $Model->displayField != $Model->primaryKey) {
+ $logData['Log']['description'] .= '"' . $Model->data[$Model->alias][$Model->displayField] . '" ';
+ }
+
+ if ($this->settings[$Model->alias]['description_ids']) {
+ $logData['Log']['description'] .= '(' . $id . ') ';
+ }
+
+ if ($created) {
+ $logData['Log']['description'] .= __('added', TRUE);
+ } else {
+ $logData['Log']['description'] .= __('updated', TRUE);
+ }
+ }
+ if (isset($this->schema['action'])) {
+ if ($created) {
+ $logData['Log']['action'] = 'add';
+ } else {
+ $logData['Log']['action'] = 'edit';
+ }
+
+ }
+ if (isset($this->schema['change'])) {
+ $logData['Log']['change'] = '';
+ $db_fields = array_keys($Model->schema());
+ $changed_fields = array();
+ foreach ( $Model->data[$Model->alias] as $key => $value ) {
+ if (isset($Model->data[$Model->alias][$Model->primaryKey]) && !empty($this->old) && isset($this->old[$Model->alias][$key])) {
+ $old = $this->old[$Model->alias][$key];
+ } else {
+ $old = '';
+ }
+ // TODO Audit, removed 'revision' as well
+ if ($key != 'revision' && $key != 'modified' && !in_array($key, $this->settings[$Model->alias]['ignore']) && $value != $old && in_array($key, $db_fields)) {
+ if ($this->settings[$Model->alias]['change'] == 'full') {
+ $changed_fields[] = $key . ' (' . $old . ') => (' . $value . ')';
+ } else if ($this->settings[$Model->alias]['change'] == 'serialize') {
+ $changed_fields[$key] = array(
+ 'old' => $old,
+ 'value' => $value);
+ } else {
+ $changed_fields[] = $key;
+ }
+ }
+ }
+ $changes = sizeof($changed_fields);
+ if ($changes == 0) {
+ return true;
+ }
+ if ($this->settings[$Model->alias]['change'] == 'serialize') {
+ $logData['Log']['change'] = serialize($changed_fields);
+ } else {
+ $logData['Log']['change'] = implode(', ', $changed_fields);
+ }
+ $logData['Log']['changes'] = $changes;
+ }
+ $this->_saveLog($Model, $logData);
+ }
+
+ function _saveLog(&$Model, $logData, $title = null) {
+
+ if ($title !== NULL) {
+ $logData['Log']['title'] = $title;
+ } elseif ($Model->displayField == $Model->primaryKey) {
+ $logData['Log']['title'] = $Model->alias . ' (' . $Model->id . ')';
+ } elseif (isset($Model->data[$Model->alias][$Model->displayField])) {
+ $logData['Log']['title'] = $Model->data[$Model->alias][$Model->displayField];
+ } else {
+ $logData['Log']['title'] = $Model->field($Model->displayField);
+ }
+
+ if (isset($this->schema[$this->settings[$Model->alias]['classField']])) {
+ // by miha nahtigal
+ $logData['Log'][$this->settings[$Model->alias]['classField']] = $Model->name;
+ }
+
+ if (isset($this->schema[$this->settings[$Model->alias]['foreignKey']]) && !isset($logData['Log'][$this->settings[$Model->alias]['foreignKey']])) {
+ if ($Model->id) {
+ $logData['Log'][$this->settings[$Model->alias]['foreignKey']] = $Model->id;
+ } elseif ($Model->insertId) {
+ $logData['Log'][$this->settings[$Model->alias]['foreignKey']] = $Model->insertId;
+ }
+ }
+
+ if (!isset($this->schema['action'])) {
+ unset($logData['Log']['action']);
+ } elseif (isset($Model->logableAction) && !empty($Model->logableAction)) {
+ $logData['Log']['action'] = implode(',', $Model->logableAction); // . ' ' . $logData['Log']['action'];
+ unset($Model->logableAction);
+ }
+
+ if (isset($this->schema['version_id']) && isset($Model->version_id)) {
+ $logData['Log']['version_id'] = $Model->version_id;
+ unset($Model->version_id);
+ }
+
+ if (isset($this->schema['ip']) && $this->userIP) {
+ $logData['Log']['ip'] = $this->userIP;
+ }
+
+ if (isset($this->schema[$this->settings[$Model->alias]['userKey']]) && $this->user) {
+ $logData['Log'][$this->settings[$Model->alias]['userKey']] = $this->user[$this->UserModel->alias][$this->UserModel->primaryKey];
+ }
+
+ if (isset($this->schema['description'])) {
+ if ($this->user && $this->UserModel) {
+ $logData['Log']['description'] .= ' by ' . $this->settings[$Model->alias]['userModel'] . ' "' . $this->user[$this->UserModel->alias][$this->UserModel->displayField] . '"';
+ if ($this->settings[$Model->alias]['description_ids']) {
+ $logData['Log']['description'] .= ' (' . $this->user[$this->UserModel->alias][$this->UserModel->primaryKey] . ')';
+ }
+
+ } else {
+ // UserModel is active, but the data hasnt been set. Assume system action.
+ $logData['Log']['description'] .= ' by System';
+ }
+ $logData['Log']['description'] .= '.';
+ }
+ if (isset($this->schema['email'])) { // TODO Audit, LogableBehevior email
+ if ($this->user && $this->UserModel) {
+ $logData['Log']['email'] = $this->user[$this->UserModel->alias][$this->UserModel->displayField];
+ } else {
+ // UserModel is active, but the data hasnt been set. Assume system action.
+ $logData['Log']['email'] = 'SYS';
+ }
+ }
+ if (isset($this->schema['org'])) { // TODO Audit, LogableBehevior org CHECK!!!
+ if ($this->user && $this->UserModel) {
+ $logData['Log']['org'] = $this->user[$this->UserModel->alias][$this->UserModel->orgField];
+ } else {
+ // UserModel is active, but the data hasnt been set. Assume system action.
+ $logData['Log']['org'] = 'SYS';
+ }
+ }
+ if (isset($this->schema['title'])) { // TODO LogableBehevior title
+ if ($this->user && $this->UserModel) { // $Model->data[$Model->alias][$Model->displayField]
+ switch ($Model->alias) {
+ case "User": // TODO Audit, not used here but done in UsersController
+ $title = 'User ('. $Model->data[$Model->alias]['id'].') '. $Model->data[$Model->alias]['email'];
+ break;
+ case "Event":
+ $this->Events = new EventsController();
+ $this->Events->constructClasses();
+ $title = 'Event ('. $Model->data[$Model->alias]['id'].'): '.$this->Events->getName($Model->data[$Model->alias]['id']);
+ $logData['Log']['title'] = $title;
+ break;
+ case "Attribute":
+ if (isset($Model->combinedKeys)) {
+ if (is_array($Model->combinedKeys)) {
+ $title = 'Attribute ('. $Model->data[$Model->alias]['id'].') '.'from Event ('. $Model->data[$Model->alias]['event_id'].'): '. $Model->data[$Model->alias][$Model->combinedKeys[1]].'/'. $Model->data[$Model->alias][$Model->combinedKeys[2]].' '. $Model->data[$Model->alias]['value1'];
+ $logData['Log']['title'] = $title;
+ }
+ }
+ break;
+ case "Server":
+ $this->Servers = new ServersController();
+ $this->Servers->constructClasses();
+ $title = 'Server ('. $Model->data[$Model->alias]['id'].'): '. $this->Servers->getName($Model->data[$Model->alias]['id']);
+ $logData['Log']['title'] = $title;
+ break;
+ default:
+ if (isset($Model->combinedKeys)) {
+ if (is_array($Model->combinedKeys)) {
+ $title = '';
+ foreach ($Model->combinedKeys as $combinedKey) {
+ $title .= '/'. $Model->data[$Model->alias][$combinedKey];
+ }
+ $title = substr($title ,1);
+ $logData['Log']['title'] = $title;
+ }
+ }
+ }
+ }
+ }
+ $this->Log->create($logData);
+ $this->Log->save(null, array(
+ 'validate' => false,
+ 'callbacks' => false));
+
+ // write to syslogd as well
+ $syslog = new SysLog();
+ if (isset($logData['Log']['change'])) {
+ $syslog->write('notice', $logData['Log']['description'].' -- '.$logData['Log']['change']);
+ } else {
+ $syslog->write('notice', $logData['Log']['description']);
+ }
+ }
+}
\ No newline at end of file
diff --git a/app/README.txt b/app/README.txt
index 4e24c94ee..9bc174af2 100755
--- a/app/README.txt
+++ b/app/README.txt
@@ -1,14 +1,25 @@
-
-TODOs
+TODOs v0.2.2 to v0.2.3
-----
+DB Update
+- UpdateShell with in/out
+
Auth
- Prevent bruteforce auth attempts
-implement auditing/logging system
-- add / edit events and signatures
-- failed / success logins (with source IP, headers,...)
+Acl
+- inactive buttons
+ - must be non-clickable.
+ - JavaScript include.
+ - DOM read and disable button_offXX.
+- clean-up to first cut.
+ - saveAcl, from GroupsController to AppController and inherit to *Controllers.
+
+auditing/logging system
+- logins
+ - add source IP (headers,...);
+ - failed logins.
Security
- force cookie reset after login
@@ -18,7 +29,7 @@ INSTALLATION INSTRUCTIONS
-------------------------
Install the following libraries:
apt-get install zip
-apt-get install pear
+apt-get install php-pear
pear install Crypt_GPG # need version >1.3.0
pear install Net_GeoIP
# ideally make sure geoip database is updated using crontab
@@ -80,6 +91,17 @@ Don't forget to change the email, password and authentication key after installa
+UPDATE INSTRUCTIONS
+-------------------
+
+To be sure, dump your database before updating.
+
+CyDefSIG from 0.2.2 to 0.2.3 needs a database migration and population.
+This is done executing /var/www/cydefsig/app/Console/shell/migrate-0.2.2-0.2.3.sh
+and answer (y)es to all the questions asked.
+
+
+
Recommended patches
-------------------
By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
diff --git a/app/README.ubuntu.txt b/app/README.ubuntu.txt
new file mode 100755
index 000000000..c7b3bef46
--- /dev/null
+++ b/app/README.ubuntu.txt
@@ -0,0 +1,34 @@
+INSTALLATION INSTRUCTIONS
+-------------------------
+If on Ubuntu, besides the DocumentRoot,
+you have to change the AllowOverride from None to All as well.
+
+ DocumentRoot /var/www/cydefsig/app/webroot/
+
+ Options FollowSymLinks
+ AllowOverride All
+
+
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride All
+ Order allow,deny
+ allow from all
+
+
+Find the original below, for reference.
+
+ DocumentRoot /var/www
+
+
+ Options FollowSymLinks
+ AllowOverride None
+
+
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Order allow,deny
+ allow from all
+
+
+Now /etc/init.d/apache2 restart
+and you are done, and now able to use the application.
\ No newline at end of file
diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp
index 8ac677f89..782093bec 100755
--- a/app/View/Attributes/add.ctp
+++ b/app/View/Attributes/add.ctp
@@ -14,9 +14,15 @@ echo $this->Form->input('type', array(
'empty' => '(first choose category)'
));
if ('true' == Configure::read('CyDefSIG.sync')) {
- echo $this->Form->input('private', array(
- 'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
- ));
+ if ('true' == Configure::read('CyDefSIG.private')) {
+ echo $this->Form->input('sharing', array('label' => 'Private',
+ 'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),
+ ));
+ } else {
+ echo $this->Form->input('private', array(
+ 'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),
+ ));
+ }
}
echo $this->Form->input('to_ids', array(
'checked' => true,
diff --git a/app/View/Attributes/add_attachment.ctp b/app/View/Attributes/add_attachment.ctp
index affc7a2bc..e729e4dbd 100755
--- a/app/View/Attributes/add_attachment.ctp
+++ b/app/View/Attributes/add_attachment.ctp
@@ -14,8 +14,13 @@ echo $this->Form->input('malware', array(
'after' => ' Tick this box to neutralize the sample. Every malware sample will be zipped with the password "infected"',
));
if ('true' == Configure::read('CyDefSIG.sync')) {
- echo $this->Form->input('private', array(
+ if ('true' == Configure::read('CyDefSIG.private')) {
+ echo $this->Form->input('sharing', array('label' => 'Private',
+ 'before' => $this->Html->div('forminfo', isset($attrDescriptions['sharing']['formdesc']) ? $attrDescriptions['sharing']['formdesc'] : $attrDescriptions['sharing']['desc']),));
+ } else {
+ echo $this->Form->input('private', array(
'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']),));
+ }
}
// link an onchange event to the form elements
$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")');
diff --git a/app/View/Attributes/edit.ctp b/app/View/Attributes/edit.ctp
index 7af48bcef..f291de012 100755
--- a/app/View/Attributes/edit.ctp
+++ b/app/View/Attributes/edit.ctp
@@ -1,3 +1,7 @@
+
Form->create('Attribute');?>
-
Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id'))); ?>
+
findById($this->Form->value('Attribute.id')); // TODO ACL $attribute??
+ if ($isAclModify || $attribute['Event']['user_id'] == $me['id']) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id')));
+ else echo $this->Html->link(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), array('id' => $buttonModifyStatus . $buttonCounter++, 'class' => $buttonModifyStatus)); ?>
element('actions_menu'); ?>
@@ -95,8 +108,8 @@ function showFormInfo(id) {
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
- var value = $(id).val(); // get the selected value
- $(idDiv).html(formInfoValues[value]); // search in a lookup table
+ var value = $(id).val(); // get the selected value
+ $(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');
@@ -111,4 +124,12 @@ formCategoryChanged("#AttributeCategory");
$('#AttributeType').val(type_value);
-Js->writeBuffer(); // Write cached scripts
\ No newline at end of file
+Js->writeBuffer(); // Write cached scripts ?>
+
+
+
+Js->writeBuffer(); // Write cached scripts
diff --git a/app/View/Attributes/index.ctp b/app/View/Attributes/index.ctp
index 3d2c67a4a..26699d622 100755
--- a/app/View/Attributes/index.ctp
+++ b/app/View/Attributes/index.ctp
@@ -1,3 +1,7 @@
+
+ Paginator->counter(array(
+ 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
+ ));
+ ?>
+
+
\ No newline at end of file
diff --git a/app/View/Groups/admin_view.ctp b/app/View/Groups/admin_view.ctp
new file mode 100755
index 000000000..6e4c0bef8
--- /dev/null
+++ b/app/View/Groups/admin_view.ctp
@@ -0,0 +1,47 @@
+
\ No newline at end of file
diff --git a/app/View/Groups/edit.ctp b/app/View/Groups/edit.ctp
new file mode 100755
index 000000000..75337df81
--- /dev/null
+++ b/app/View/Groups/edit.ctp
@@ -0,0 +1,21 @@
+
+ Paginator->counter(array(
+ 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
+ ));
+ ?>
diff --git a/app/View/Groups/view.ctp b/app/View/Groups/view.ctp
new file mode 100755
index 000000000..7d3234f3a
--- /dev/null
+++ b/app/View/Groups/view.ctp
@@ -0,0 +1,40 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ element('actions_menu'); ?>
+
+
\ No newline at end of file
diff --git a/app/View/Layouts/default.ctp b/app/View/Layouts/default.ctp
old mode 100644
new mode 100755
index 2a2e4ffcc..39c8378ab
--- a/app/View/Layouts/default.ctp
+++ b/app/View/Layouts/default.ctp
@@ -37,6 +37,8 @@
echo $this->Html->script('jquery-1.8.2.min'); // Include jQuery library
?>
+
+
diff --git a/app/View/Logs/admin_index.ctp b/app/View/Logs/admin_index.ctp
new file mode 100755
index 000000000..e7848b349
--- /dev/null
+++ b/app/View/Logs/admin_index.ctp
@@ -0,0 +1,59 @@
+
+ Paginator->counter(array(
+ 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
+ ));
+ ?>
\ No newline at end of file
diff --git a/app/View/Logs/index.ctp b/app/View/Logs/index.ctp
new file mode 100755
index 000000000..e7848b349
--- /dev/null
+++ b/app/View/Logs/index.ctp
@@ -0,0 +1,59 @@
+
+ Paginator->counter(array(
+ 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
+ ));
+ ?>
+
\ No newline at end of file
diff --git a/app/View/Users/edit.ctp b/app/View/Users/edit.ctp
index b96f38bb3..8b864f41c 100755
--- a/app/View/Users/edit.ctp
+++ b/app/View/Users/edit.ctp
@@ -8,6 +8,7 @@
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
if ($isAdmin) echo $this->Form->input('org');
else echo $this->Form->input('org', array('disabled' => 'disabled'));
+ echo $this->Form->input('group_id', array('disabled' => 'disabled')); // TODO ACL, check, My Profile not edit group_id.
echo $this->Form->input('autoalert');
echo $this->Form->input('nids_sid');
echo $this->Form->input('gpgkey');
@@ -22,4 +23,4 @@
element('actions_menu'); ?>
-
\ No newline at end of file
+
diff --git a/app/View/Users/news.ctp b/app/View/Users/news.ctp
old mode 100644
new mode 100755
index 393f77e42..7658aa57c
--- a/app/View/Users/news.ctp
+++ b/app/View/Users/news.ctp
@@ -1,5 +1,13 @@
News
+
June 2012
+
Audit
+There is now log on every login, logout, addition, change and deletion.
+
+
Access Control granulation
+There is Access Control, an user must be bound to a users-group,
+so we are able to grant global add, modify and publish rights.
+
April 2012
REST API (output)
From now on you can use the REST API that uses this XML export. For more information check out the export page.
diff --git a/app/View/Users/terms.ctp b/app/View/Users/terms.ctp
index a5d742888..57547e074 100644
--- a/app/View/Users/terms.ctp
+++ b/app/View/Users/terms.ctp
@@ -50,3 +50,8 @@ if (!$termsaccepted) {
element('actions_menu'); ?>