diff --git a/VERSION.json b/VERSION.json
index 80344d9aa..9441bf88f 100644
--- a/VERSION.json
+++ b/VERSION.json
@@ -1 +1 @@
-{"major":2, "minor":3, "hotfix":60}
+{"major":2, "minor":3, "hotfix":61}
diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index e3fbe3ee8..4b45abdaa 100755
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -119,7 +119,8 @@ class AttributesController extends AppController {
// remove the published flag from the event
$this->Event->recursive = -1;
- $this->Event->read(null, $this->request->data['Attribute']['event_id']);
+ if (isset($eventId)) $this->Event->read(null, $eventId);
+ else $this->Event->read(null, $this->request->data['Attribute']['event_id']);
if (!$this->_isSiteAdmin() && ($this->Event->data['Event']['orgc'] != $this->_checkOrg() || !$this->userRole['perm_modify'])) {
throw new UnauthorizedException('You do not have permission to do that.');
}
@@ -195,7 +196,7 @@ class AttributesController extends AppController {
// TODO RESTfull, set responce location header..so client can find right URL to edit
$this->response->header('Location', Configure::read('MISP.baseurl') . '/attributes/' . $existingAttribute['Attribute']['id']);
$this->response->send();
- $this->view($this->Attribute->getId());
+ $this->view($this->Attribute->getID());
$this->render('view');
return false;
} else {
@@ -216,13 +217,19 @@ class AttributesController extends AppController {
// create the attribute
$this->Attribute->create();
- $savedId = $this->Attribute->getId();
-
+ $savedId = $this->Attribute->getID();
if ($this->Attribute->save($this->request->data)) {
- if ($this->_isRest()) {
- // REST users want to see the newly created attribute
- $this->view($this->Attribute->getId());
- $this->render('view');
+ if ($this->_isRest() || $this->response->type() === 'application/json') {
+ $saved_attribute = $this->Attribute->find('first', array(
+ 'conditions' => array('id' => $this->Attribute->id),
+ 'recursive' => -1,
+ 'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value'),
+ ));
+ $response = array('response' => array('Attribute' => $saved_attribute['Attribute']));
+ $this->set('response', $response);
+ if ($this->response->type() === 'application/json') $this->render('/Attributes/json/view');
+ else $this->render('view');
+ return false;
} elseif ($this->request->is('ajax')) {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Attribute added.')),'status'=>200));
@@ -692,12 +699,11 @@ class AttributesController extends AppController {
$this->set('attachment', false);
}
if ($this->request->is('post') || $this->request->is('put')) {
-
// reposition to get the attribute.id with given uuid
// Notice (8): Undefined index: uuid [APP/Controller/AttributesController.php, line 502]
// Fixed - uuid was not passed back from the form since it's not a field. Set the uuid in a variable for non rest users, rest should have uuid.
// Generally all of this should be _isRest() only, but that's something for later to think about
- if ($this->_isRest()) {
+ if ($this->_isRest() || $this->response->type() === 'application/json') {
$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']);
} else {
$existingAttribute = $this->Attribute->findByUuid($uuid);
@@ -708,17 +714,18 @@ class AttributesController extends AppController {
// check if the attribute has a timestamp already set (from a previous instance that is trying to edit via synchronisation)
if (isset($this->request->data['Attribute']['timestamp'])) {
// check which attribute is newer
- if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) {
- // carry on with adding this attribute - Don't forget! if orgc!=user org, create shadow attribute, not attribute!
- } else {
- // the old one is newer or the same, replace the request's attribute with the old one
- $this->request->data['Attribute'] = $existingAttribute['Attribute'];
+ if (count($existingAttribute)) {
+ if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) {
+ // carry on with adding this attribute - Don't forget! if orgc!=user org, create shadow attribute, not attribute!
+ } else {
+ // the old one is newer or the same, replace the request's attribute with the old one
+ $this->request->data['Attribute'] = $existingAttribute['Attribute'];
+ }
}
} else {
$this->request->data['Attribute']['timestamp'] = $date->getTimestamp();
}
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'distribution', 'value', 'timestamp', 'comment');
-
$this->loadModel('Event');
$this->Event->id = $eventId;
@@ -730,11 +737,17 @@ class AttributesController extends AppController {
$this->Event->set('timestamp', $date->getTimestamp());
$this->Event->set('published', 0);
$this->Event->save($this->Event->data, array('fieldList' => array('published', 'timestamp', 'info')));
-
- if ($this->_isRest()) {
- // REST users want to see the newly created event
- $this->view($this->Attribute->getId());
- $this->render('view');
+ if ($this->_isRest() || $this->response->type() === 'application/json') {
+ $saved_attribute = $this->Attribute->find('first', array(
+ 'conditions' => array('id' => $this->Attribute->id),
+ 'recursive' => -1,
+ 'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value'),
+ ));
+ $response = array('response' => array('Attribute' => $saved_attribute['Attribute']));
+ $this->set('response', $response);
+ if ($this->response->type() === 'application/json') $this->render('/Attributes/json/view');
+ else $this->render('view');
+ return false;
} else {
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId));
}
@@ -824,7 +837,7 @@ class AttributesController extends AppController {
}
}
- public function view($id, $hasChildren = 0) {
+ public function view($id, $hasChildren = 0, $response = 'ajax') {
$this->Attribute->id = $id;
if (!$this->Attribute->exists()) {
throw new NotFoundException('Invalid attribute');
@@ -838,18 +851,22 @@ class AttributesController extends AppController {
throw new MethodNotAllowed('Invalid attribute');
}
}
- $eventRelations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $attribute['Attribute']['event_id']);
- $attribute['Attribute']['relations'] = array();
- if (isset($eventRelations[$id])) {
- foreach ($eventRelations[$id] as $relations) {
- $attribute['Attribute']['relations'][] = array($relations['id'], $relations['info'], $relations['org']);
+ if ($this->request->is('ajax')) {
+ $eventRelations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $attribute['Attribute']['event_id']);
+ $attribute['Attribute']['relations'] = array();
+ if (isset($eventRelations[$id])) {
+ foreach ($eventRelations[$id] as $relations) {
+ $attribute['Attribute']['relations'][] = array($relations['id'], $relations['info'], $relations['org']);
+ }
}
+ $object = $attribute['Attribute'];
+ $object['objectType'] = 0;
+ $object['hasChildren'] = $hasChildren;
+ $this->set('object', $object);
+ $this->set('distributionLevels', $this->Attribute->Event->distributionLevels);
+ } else {
+ $this->redirect('/events/view/' . $this->Attribute->data['Attribute']['event_id']);
}
- $object = $attribute['Attribute'];
- $object['objectType'] = 0;
- $object['hasChildren'] = $hasChildren;
- $this->set('object', $object);
- $this->set('distributionLevels', $this->Attribute->Event->distributionLevels);
/*
$this->autoRender = false;
$responseObject = array();
diff --git a/app/View/Attributes/json/view.ctp b/app/View/Attributes/json/view.ctp
new file mode 100644
index 000000000..d0c9fa29c
--- /dev/null
+++ b/app/View/Attributes/json/view.ctp
@@ -0,0 +1,2 @@
+ 'tags'));
+echo($xmlObject->asXml());
\ No newline at end of file
diff --git a/tools/curl/addAttribute.sh b/tools/curl/addAttribute.sh
index 6f8579fc9..3dd65d5cb 100755
--- a/tools/curl/addAttribute.sh
+++ b/tools/curl/addAttribute.sh
@@ -1,2 +1,5 @@
-curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
---data "@input/215.xml" -X POST http://localhost/attributes
+curl -i -H "Accept: application/xml" -H "content-type: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+--data "@input/attribute.xml" -X POST http://localhost/attributes
+
+#curl -i -H "Accept: application/json" -H "content-type: application/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
+#--data "@input/attribute.xml" -X POST http://localhost/attributes
diff --git a/tools/curl/input/attribute.json b/tools/curl/input/attribute.json
new file mode 100644
index 000000000..f350bc0df
--- /dev/null
+++ b/tools/curl/input/attribute.json
@@ -0,0 +1 @@
+{"Attribute":{"type": "ip-dst","event_id": "30","category": "Network activity","to_ids": "1","distribution": "1","value": "8.8.4.4","comment": "This is a sample attribute"}}
\ No newline at end of file
diff --git a/tools/curl/input/attribute.xml b/tools/curl/input/attribute.xml
new file mode 100644
index 000000000..1d4033b90
--- /dev/null
+++ b/tools/curl/input/attribute.xml
@@ -0,0 +1,10 @@
+
+
+ 30
+ ip-src
+ Network activity
+ 0
+ 1
+ This is a sample Attribute
+ 8.8.4.4
+
\ No newline at end of file
diff --git a/tools/curl/input/event.json b/tools/curl/input/event.json
index 5dbe07233..60bef2962 100644
--- a/tools/curl/input/event.json
+++ b/tools/curl/input/event.json
@@ -1,66 +1 @@
-{
- "Event": {
- "id": "15",
- "org": "ORG",
- "date": "2012-04-12",
- "threat_level_id": "4",
- "info": "info",
- "user_id": "1",
- "uuid": "4f8c2c4e-00dc-42c9-83ad-76e9ff32448e",
- "distribution": "0",
- "analysis": "0",
- "timestamp": "1",
- "Attribute": [
- {
- "id": "116",
- "event_id": "14",
- "type": "ip-dst",
- "category": "Network activity",
- "to_ids": "1",
- "uuid": "4f8c2cc3-0410-4bf0-8559-5b9dff32448e",
- "distribution": "0",
- "value": "1.1.1.111",
- "timestamp": "0"
- },
- {
- "id": "117",
- "event_id": "14",
- "type": "malware-sample",
- "category": "Payload delivery",
- "to_ids": "0",
- "uuid": "4f8c2d08-7e6c-4648-8730-50a7ff32448e",
- "distribution": "0",
- "value": "A.doc|3f6f1aaab6171925c81de9b34a8fcf8e",
- "timestamp": "0"
- },
- {
- "id": "115",
- "event_id": "14",
- "type": "vulnerability",
- "category": "Payload delivery",
- "to_ids": "1",
- "uuid": "4f8c2c69-9bf8-4279-8d03-2138ff32448e",
- "distribution": "0",
- "value": "CVE-XXXX-XXXX",
- "timestamp": "0"
- }
- ],
- "RelatedEvent": [
- {
- "id": "11",
- "date": "2011-01-03",
- "uuid": "4f8812ff-ded0-4592-9227-0615ff32448e"
- },
- {
- "id": "9",
- "date": "2011-02-02",
- "uuid": "4f85981e-d044-4b16-bc16-0a35ff32448e"
- },
- {
- "id": "6",
- "date": "2011-03-01",
- "uuid": "4f7a9faa-91d4-4c91-8ec6-0878ff32448e"
- }
- ]
- }
-}
\ No newline at end of file
+{"Event": {"id": "25", "orgc": "Iglocska", "date": "2015-04-14", "threat_level_id": "4", "info": "info", "distribution": "1", "analysis": "0", "Attribute": [{"id": "7","type": "ip-dst","category": "Network activity","to_ids": "1","distribution": "1","value": "8.8.8.8"}]}}
\ No newline at end of file
diff --git a/tools/curl/input/event.xml b/tools/curl/input/event.xml
index 45d993870..2b9a57fa0 100644
--- a/tools/curl/input/event.xml
+++ b/tools/curl/input/event.xml
@@ -1,31 +1,21 @@
25
- NCIRC
- 2013-12-12
+ 2015-04-14
1
- test5
+ This is a sample event
0
- 52b9bca5-2e04-4fed-acf3-1f60c0a80e0a
- 1
0
- 1386855599
1
- 0
- NCIRC
- 0
+ Iglocska
7
ip-src
Network activity
0
- 52a9bcbe-d87c-4c5e-8408-22e8c0a80e0a
9
1
- 1386855599
-
- 1.1.1.2
-
+ This is a sample attribute
+ 8.8.8.8
-