mirror of https://github.com/MISP/MISP
Fixed various issues with the attribute REST api
- also updated the sample curl scriptspull/468/head
parent
72f8dc0d3d
commit
e339f0e646
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":60}
|
||||
{"major":2, "minor":3, "hotfix":61}
|
||||
|
|
|
@ -119,7 +119,8 @@ class AttributesController extends AppController {
|
|||
|
||||
// remove the published flag from the event
|
||||
$this->Event->recursive = -1;
|
||||
$this->Event->read(null, $this->request->data['Attribute']['event_id']);
|
||||
if (isset($eventId)) $this->Event->read(null, $eventId);
|
||||
else $this->Event->read(null, $this->request->data['Attribute']['event_id']);
|
||||
if (!$this->_isSiteAdmin() && ($this->Event->data['Event']['orgc'] != $this->_checkOrg() || !$this->userRole['perm_modify'])) {
|
||||
throw new UnauthorizedException('You do not have permission to do that.');
|
||||
}
|
||||
|
@ -195,7 +196,7 @@ class AttributesController extends AppController {
|
|||
// TODO RESTfull, set responce location header..so client can find right URL to edit
|
||||
$this->response->header('Location', Configure::read('MISP.baseurl') . '/attributes/' . $existingAttribute['Attribute']['id']);
|
||||
$this->response->send();
|
||||
$this->view($this->Attribute->getId());
|
||||
$this->view($this->Attribute->getID());
|
||||
$this->render('view');
|
||||
return false;
|
||||
} else {
|
||||
|
@ -216,13 +217,19 @@ class AttributesController extends AppController {
|
|||
// create the attribute
|
||||
$this->Attribute->create();
|
||||
|
||||
$savedId = $this->Attribute->getId();
|
||||
|
||||
$savedId = $this->Attribute->getID();
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
if ($this->_isRest()) {
|
||||
// REST users want to see the newly created attribute
|
||||
$this->view($this->Attribute->getId());
|
||||
$this->render('view');
|
||||
if ($this->_isRest() || $this->response->type() === 'application/json') {
|
||||
$saved_attribute = $this->Attribute->find('first', array(
|
||||
'conditions' => array('id' => $this->Attribute->id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value'),
|
||||
));
|
||||
$response = array('response' => array('Attribute' => $saved_attribute['Attribute']));
|
||||
$this->set('response', $response);
|
||||
if ($this->response->type() === 'application/json') $this->render('/Attributes/json/view');
|
||||
else $this->render('view');
|
||||
return false;
|
||||
} elseif ($this->request->is('ajax')) {
|
||||
$this->autoRender = false;
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Attribute added.')),'status'=>200));
|
||||
|
@ -692,12 +699,11 @@ class AttributesController extends AppController {
|
|||
$this->set('attachment', false);
|
||||
}
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
|
||||
// reposition to get the attribute.id with given uuid
|
||||
// Notice (8): Undefined index: uuid [APP/Controller/AttributesController.php, line 502]
|
||||
// Fixed - uuid was not passed back from the form since it's not a field. Set the uuid in a variable for non rest users, rest should have uuid.
|
||||
// Generally all of this should be _isRest() only, but that's something for later to think about
|
||||
if ($this->_isRest()) {
|
||||
if ($this->_isRest() || $this->response->type() === 'application/json') {
|
||||
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
|
||||
} else {
|
||||
$existingAttribute = $this->Attribute->findByUuid($uuid);
|
||||
|
@ -708,17 +714,18 @@ class AttributesController extends AppController {
|
|||
// check if the attribute has a timestamp already set (from a previous instance that is trying to edit via synchronisation)
|
||||
if (isset($this->request->data['Attribute']['timestamp'])) {
|
||||
// check which attribute is newer
|
||||
if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) {
|
||||
// carry on with adding this attribute - Don't forget! if orgc!=user org, create shadow attribute, not attribute!
|
||||
} else {
|
||||
// the old one is newer or the same, replace the request's attribute with the old one
|
||||
$this->request->data['Attribute'] = $existingAttribute['Attribute'];
|
||||
if (count($existingAttribute)) {
|
||||
if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) {
|
||||
// carry on with adding this attribute - Don't forget! if orgc!=user org, create shadow attribute, not attribute!
|
||||
} else {
|
||||
// the old one is newer or the same, replace the request's attribute with the old one
|
||||
$this->request->data['Attribute'] = $existingAttribute['Attribute'];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$this->request->data['Attribute']['timestamp'] = $date->getTimestamp();
|
||||
}
|
||||
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'distribution', 'value', 'timestamp', 'comment');
|
||||
|
||||
$this->loadModel('Event');
|
||||
$this->Event->id = $eventId;
|
||||
|
||||
|
@ -730,11 +737,17 @@ class AttributesController extends AppController {
|
|||
$this->Event->set('timestamp', $date->getTimestamp());
|
||||
$this->Event->set('published', 0);
|
||||
$this->Event->save($this->Event->data, array('fieldList' => array('published', 'timestamp', 'info')));
|
||||
|
||||
if ($this->_isRest()) {
|
||||
// REST users want to see the newly created event
|
||||
$this->view($this->Attribute->getId());
|
||||
$this->render('view');
|
||||
if ($this->_isRest() || $this->response->type() === 'application/json') {
|
||||
$saved_attribute = $this->Attribute->find('first', array(
|
||||
'conditions' => array('id' => $this->Attribute->id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value'),
|
||||
));
|
||||
$response = array('response' => array('Attribute' => $saved_attribute['Attribute']));
|
||||
$this->set('response', $response);
|
||||
if ($this->response->type() === 'application/json') $this->render('/Attributes/json/view');
|
||||
else $this->render('view');
|
||||
return false;
|
||||
} else {
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
|
||||
}
|
||||
|
@ -824,7 +837,7 @@ class AttributesController extends AppController {
|
|||
}
|
||||
}
|
||||
|
||||
public function view($id, $hasChildren = 0) {
|
||||
public function view($id, $hasChildren = 0, $response = 'ajax') {
|
||||
$this->Attribute->id = $id;
|
||||
if (!$this->Attribute->exists()) {
|
||||
throw new NotFoundException('Invalid attribute');
|
||||
|
@ -838,18 +851,22 @@ class AttributesController extends AppController {
|
|||
throw new MethodNotAllowed('Invalid attribute');
|
||||
}
|
||||
}
|
||||
$eventRelations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $attribute['Attribute']['event_id']);
|
||||
$attribute['Attribute']['relations'] = array();
|
||||
if (isset($eventRelations[$id])) {
|
||||
foreach ($eventRelations[$id] as $relations) {
|
||||
$attribute['Attribute']['relations'][] = array($relations['id'], $relations['info'], $relations['org']);
|
||||
if ($this->request->is('ajax')) {
|
||||
$eventRelations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $attribute['Attribute']['event_id']);
|
||||
$attribute['Attribute']['relations'] = array();
|
||||
if (isset($eventRelations[$id])) {
|
||||
foreach ($eventRelations[$id] as $relations) {
|
||||
$attribute['Attribute']['relations'][] = array($relations['id'], $relations['info'], $relations['org']);
|
||||
}
|
||||
}
|
||||
$object = $attribute['Attribute'];
|
||||
$object['objectType'] = 0;
|
||||
$object['hasChildren'] = $hasChildren;
|
||||
$this->set('object', $object);
|
||||
$this->set('distributionLevels', $this->Attribute->Event->distributionLevels);
|
||||
} else {
|
||||
$this->redirect('/events/view/' . $this->Attribute->data['Attribute']['event_id']);
|
||||
}
|
||||
$object = $attribute['Attribute'];
|
||||
$object['objectType'] = 0;
|
||||
$object['hasChildren'] = $hasChildren;
|
||||
$this->set('object', $object);
|
||||
$this->set('distributionLevels', $this->Attribute->Event->distributionLevels);
|
||||
/*
|
||||
$this->autoRender = false;
|
||||
$responseObject = array();
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
<?php
|
||||
echo (json_encode($response));
|
|
@ -0,0 +1,4 @@
|
|||
<?php
|
||||
App::uses('Xml', 'Utility');
|
||||
$xmlObject = Xml::fromArray($response, array('format' => 'tags'));
|
||||
echo($xmlObject->asXml());
|
|
@ -1,2 +1,5 @@
|
|||
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
--data "@input/215.xml" -X POST http://localhost/attributes
|
||||
curl -i -H "Accept: application/xml" -H "content-type: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
--data "@input/attribute.xml" -X POST http://localhost/attributes
|
||||
|
||||
#curl -i -H "Accept: application/json" -H "content-type: application/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
#--data "@input/attribute.xml" -X POST http://localhost/attributes
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
{"Attribute":{"type": "ip-dst","event_id": "30","category": "Network activity","to_ids": "1","distribution": "1","value": "8.8.4.4","comment": "This is a sample attribute"}}
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Attribute>
|
||||
<event_id>30</event_id>
|
||||
<type>ip-src</type>
|
||||
<category>Network activity</category>
|
||||
<to_ids>0</to_ids>
|
||||
<distribution>1</distribution>
|
||||
<comment>This is a sample Attribute</comment>
|
||||
<value>8.8.4.4</value>
|
||||
</Attribute>
|
|
@ -1,66 +1 @@
|
|||
{
|
||||
"Event": {
|
||||
"id": "15",
|
||||
"org": "ORG",
|
||||
"date": "2012-04-12",
|
||||
"threat_level_id": "4",
|
||||
"info": "info",
|
||||
"user_id": "1",
|
||||
"uuid": "4f8c2c4e-00dc-42c9-83ad-76e9ff32448e",
|
||||
"distribution": "0",
|
||||
"analysis": "0",
|
||||
"timestamp": "1",
|
||||
"Attribute": [
|
||||
{
|
||||
"id": "116",
|
||||
"event_id": "14",
|
||||
"type": "ip-dst",
|
||||
"category": "Network activity",
|
||||
"to_ids": "1",
|
||||
"uuid": "4f8c2cc3-0410-4bf0-8559-5b9dff32448e",
|
||||
"distribution": "0",
|
||||
"value": "1.1.1.111",
|
||||
"timestamp": "0"
|
||||
},
|
||||
{
|
||||
"id": "117",
|
||||
"event_id": "14",
|
||||
"type": "malware-sample",
|
||||
"category": "Payload delivery",
|
||||
"to_ids": "0",
|
||||
"uuid": "4f8c2d08-7e6c-4648-8730-50a7ff32448e",
|
||||
"distribution": "0",
|
||||
"value": "A.doc|3f6f1aaab6171925c81de9b34a8fcf8e",
|
||||
"timestamp": "0"
|
||||
},
|
||||
{
|
||||
"id": "115",
|
||||
"event_id": "14",
|
||||
"type": "vulnerability",
|
||||
"category": "Payload delivery",
|
||||
"to_ids": "1",
|
||||
"uuid": "4f8c2c69-9bf8-4279-8d03-2138ff32448e",
|
||||
"distribution": "0",
|
||||
"value": "CVE-XXXX-XXXX",
|
||||
"timestamp": "0"
|
||||
}
|
||||
],
|
||||
"RelatedEvent": [
|
||||
{
|
||||
"id": "11",
|
||||
"date": "2011-01-03",
|
||||
"uuid": "4f8812ff-ded0-4592-9227-0615ff32448e"
|
||||
},
|
||||
{
|
||||
"id": "9",
|
||||
"date": "2011-02-02",
|
||||
"uuid": "4f85981e-d044-4b16-bc16-0a35ff32448e"
|
||||
},
|
||||
{
|
||||
"id": "6",
|
||||
"date": "2011-03-01",
|
||||
"uuid": "4f7a9faa-91d4-4c91-8ec6-0878ff32448e"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
{"Event": {"id": "25", "orgc": "Iglocska", "date": "2015-04-14", "threat_level_id": "4", "info": "info", "distribution": "1", "analysis": "0", "Attribute": [{"id": "7","type": "ip-dst","category": "Network activity","to_ids": "1","distribution": "1","value": "8.8.8.8"}]}}
|
|
@ -1,31 +1,21 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Event>
|
||||
<id>25</id>
|
||||
<org>NCIRC</org>
|
||||
<date>2013-12-12</date>
|
||||
<date>2015-04-14</date>
|
||||
<threat_level_id>1</threat_level_id>
|
||||
<info>test5</info>
|
||||
<info>This is a sample event</info>
|
||||
<published>0</published>
|
||||
<uuid>52b9bca5-2e04-4fed-acf3-1f60c0a80e0a</uuid>
|
||||
<attribute_count>1</attribute_count>
|
||||
<analysis>0</analysis>
|
||||
<timestamp>1386855599</timestamp>
|
||||
<distribution>1</distribution>
|
||||
<proposal_email_lock>0</proposal_email_lock>
|
||||
<orgc>NCIRC</orgc>
|
||||
<locked>0</locked>
|
||||
<orgc>Iglocska</orgc>
|
||||
<Attribute>
|
||||
<id>7</id>
|
||||
<type>ip-src</type>
|
||||
<category>Network activity</category>
|
||||
<to_ids>0</to_ids>
|
||||
<uuid>52a9bcbe-d87c-4c5e-8408-22e8c0a80e0a</uuid>
|
||||
<event_id>9</event_id>
|
||||
<distribution>1</distribution>
|
||||
<timestamp>1386855599</timestamp>
|
||||
<comment/>
|
||||
<value>1.1.1.2</value>
|
||||
<ShadowAttribute/>
|
||||
<comment>This is a sample attribute</comment>
|
||||
<value>8.8.8.8</value>
|
||||
</Attribute>
|
||||
<ShadowAttribute/>
|
||||
</Event>
|
||||
|
|
Loading…
Reference in New Issue