From e339f0e64636f834c0bcf2def4244577bcf2b62e Mon Sep 17 00:00:00 2001 From: Iglocska Date: Tue, 14 Apr 2015 13:50:51 +0200 Subject: [PATCH] Fixed various issues with the attribute REST api - also updated the sample curl scripts --- VERSION.json | 2 +- app/Controller/AttributesController.php | 81 +++++++++++++++---------- app/View/Attributes/json/view.ctp | 2 + app/View/Attributes/xml/view.ctp | 4 ++ tools/curl/addAttribute.sh | 7 ++- tools/curl/input/attribute.json | 1 + tools/curl/input/attribute.xml | 10 +++ tools/curl/input/event.json | 67 +------------------- tools/curl/input/event.xml | 20 ++---- 9 files changed, 78 insertions(+), 116 deletions(-) create mode 100644 app/View/Attributes/json/view.ctp create mode 100644 app/View/Attributes/xml/view.ctp create mode 100644 tools/curl/input/attribute.json create mode 100644 tools/curl/input/attribute.xml diff --git a/VERSION.json b/VERSION.json index 80344d9aa..9441bf88f 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":3, "hotfix":60} +{"major":2, "minor":3, "hotfix":61} diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index e3fbe3ee8..4b45abdaa 100755 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -119,7 +119,8 @@ class AttributesController extends AppController { // remove the published flag from the event $this->Event->recursive = -1; - $this->Event->read(null, $this->request->data['Attribute']['event_id']); + if (isset($eventId)) $this->Event->read(null, $eventId); + else $this->Event->read(null, $this->request->data['Attribute']['event_id']); if (!$this->_isSiteAdmin() && ($this->Event->data['Event']['orgc'] != $this->_checkOrg() || !$this->userRole['perm_modify'])) { throw new UnauthorizedException('You do not have permission to do that.'); } @@ -195,7 +196,7 @@ class AttributesController extends AppController { // TODO RESTfull, set responce location header..so client can find right URL to edit $this->response->header('Location', Configure::read('MISP.baseurl') . '/attributes/' . $existingAttribute['Attribute']['id']); $this->response->send(); - $this->view($this->Attribute->getId()); + $this->view($this->Attribute->getID()); $this->render('view'); return false; } else { @@ -216,13 +217,19 @@ class AttributesController extends AppController { // create the attribute $this->Attribute->create(); - $savedId = $this->Attribute->getId(); - + $savedId = $this->Attribute->getID(); if ($this->Attribute->save($this->request->data)) { - if ($this->_isRest()) { - // REST users want to see the newly created attribute - $this->view($this->Attribute->getId()); - $this->render('view'); + if ($this->_isRest() || $this->response->type() === 'application/json') { + $saved_attribute = $this->Attribute->find('first', array( + 'conditions' => array('id' => $this->Attribute->id), + 'recursive' => -1, + 'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value'), + )); + $response = array('response' => array('Attribute' => $saved_attribute['Attribute'])); + $this->set('response', $response); + if ($this->response->type() === 'application/json') $this->render('/Attributes/json/view'); + else $this->render('view'); + return false; } elseif ($this->request->is('ajax')) { $this->autoRender = false; return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Attribute added.')),'status'=>200)); @@ -692,12 +699,11 @@ class AttributesController extends AppController { $this->set('attachment', false); } if ($this->request->is('post') || $this->request->is('put')) { - // reposition to get the attribute.id with given uuid // Notice (8): Undefined index: uuid [APP/Controller/AttributesController.php, line 502] // Fixed - uuid was not passed back from the form since it's not a field. Set the uuid in a variable for non rest users, rest should have uuid. // Generally all of this should be _isRest() only, but that's something for later to think about - if ($this->_isRest()) { + if ($this->_isRest() || $this->response->type() === 'application/json') { $existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']); } else { $existingAttribute = $this->Attribute->findByUuid($uuid); @@ -708,17 +714,18 @@ class AttributesController extends AppController { // check if the attribute has a timestamp already set (from a previous instance that is trying to edit via synchronisation) if (isset($this->request->data['Attribute']['timestamp'])) { // check which attribute is newer - if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) { - // carry on with adding this attribute - Don't forget! if orgc!=user org, create shadow attribute, not attribute! - } else { - // the old one is newer or the same, replace the request's attribute with the old one - $this->request->data['Attribute'] = $existingAttribute['Attribute']; + if (count($existingAttribute)) { + if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) { + // carry on with adding this attribute - Don't forget! if orgc!=user org, create shadow attribute, not attribute! + } else { + // the old one is newer or the same, replace the request's attribute with the old one + $this->request->data['Attribute'] = $existingAttribute['Attribute']; + } } } else { $this->request->data['Attribute']['timestamp'] = $date->getTimestamp(); } $fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'distribution', 'value', 'timestamp', 'comment'); - $this->loadModel('Event'); $this->Event->id = $eventId; @@ -730,11 +737,17 @@ class AttributesController extends AppController { $this->Event->set('timestamp', $date->getTimestamp()); $this->Event->set('published', 0); $this->Event->save($this->Event->data, array('fieldList' => array('published', 'timestamp', 'info'))); - - if ($this->_isRest()) { - // REST users want to see the newly created event - $this->view($this->Attribute->getId()); - $this->render('view'); + if ($this->_isRest() || $this->response->type() === 'application/json') { + $saved_attribute = $this->Attribute->find('first', array( + 'conditions' => array('id' => $this->Attribute->id), + 'recursive' => -1, + 'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value'), + )); + $response = array('response' => array('Attribute' => $saved_attribute['Attribute'])); + $this->set('response', $response); + if ($this->response->type() === 'application/json') $this->render('/Attributes/json/view'); + else $this->render('view'); + return false; } else { $this->redirect(array('controller' => 'events', 'action' => 'view', $eventId)); } @@ -824,7 +837,7 @@ class AttributesController extends AppController { } } - public function view($id, $hasChildren = 0) { + public function view($id, $hasChildren = 0, $response = 'ajax') { $this->Attribute->id = $id; if (!$this->Attribute->exists()) { throw new NotFoundException('Invalid attribute'); @@ -838,18 +851,22 @@ class AttributesController extends AppController { throw new MethodNotAllowed('Invalid attribute'); } } - $eventRelations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $attribute['Attribute']['event_id']); - $attribute['Attribute']['relations'] = array(); - if (isset($eventRelations[$id])) { - foreach ($eventRelations[$id] as $relations) { - $attribute['Attribute']['relations'][] = array($relations['id'], $relations['info'], $relations['org']); + if ($this->request->is('ajax')) { + $eventRelations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $attribute['Attribute']['event_id']); + $attribute['Attribute']['relations'] = array(); + if (isset($eventRelations[$id])) { + foreach ($eventRelations[$id] as $relations) { + $attribute['Attribute']['relations'][] = array($relations['id'], $relations['info'], $relations['org']); + } } + $object = $attribute['Attribute']; + $object['objectType'] = 0; + $object['hasChildren'] = $hasChildren; + $this->set('object', $object); + $this->set('distributionLevels', $this->Attribute->Event->distributionLevels); + } else { + $this->redirect('/events/view/' . $this->Attribute->data['Attribute']['event_id']); } - $object = $attribute['Attribute']; - $object['objectType'] = 0; - $object['hasChildren'] = $hasChildren; - $this->set('object', $object); - $this->set('distributionLevels', $this->Attribute->Event->distributionLevels); /* $this->autoRender = false; $responseObject = array(); diff --git a/app/View/Attributes/json/view.ctp b/app/View/Attributes/json/view.ctp new file mode 100644 index 000000000..d0c9fa29c --- /dev/null +++ b/app/View/Attributes/json/view.ctp @@ -0,0 +1,2 @@ + 'tags')); +echo($xmlObject->asXml()); \ No newline at end of file diff --git a/tools/curl/addAttribute.sh b/tools/curl/addAttribute.sh index 6f8579fc9..3dd65d5cb 100755 --- a/tools/curl/addAttribute.sh +++ b/tools/curl/addAttribute.sh @@ -1,2 +1,5 @@ -curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ ---data "@input/215.xml" -X POST http://localhost/attributes +curl -i -H "Accept: application/xml" -H "content-type: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ +--data "@input/attribute.xml" -X POST http://localhost/attributes + +#curl -i -H "Accept: application/json" -H "content-type: application/json" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \ +#--data "@input/attribute.xml" -X POST http://localhost/attributes diff --git a/tools/curl/input/attribute.json b/tools/curl/input/attribute.json new file mode 100644 index 000000000..f350bc0df --- /dev/null +++ b/tools/curl/input/attribute.json @@ -0,0 +1 @@ +{"Attribute":{"type": "ip-dst","event_id": "30","category": "Network activity","to_ids": "1","distribution": "1","value": "8.8.4.4","comment": "This is a sample attribute"}} \ No newline at end of file diff --git a/tools/curl/input/attribute.xml b/tools/curl/input/attribute.xml new file mode 100644 index 000000000..1d4033b90 --- /dev/null +++ b/tools/curl/input/attribute.xml @@ -0,0 +1,10 @@ + + + 30 + ip-src + Network activity + 0 + 1 + This is a sample Attribute + 8.8.4.4 + \ No newline at end of file diff --git a/tools/curl/input/event.json b/tools/curl/input/event.json index 5dbe07233..60bef2962 100644 --- a/tools/curl/input/event.json +++ b/tools/curl/input/event.json @@ -1,66 +1 @@ -{ - "Event": { - "id": "15", - "org": "ORG", - "date": "2012-04-12", - "threat_level_id": "4", - "info": "info", - "user_id": "1", - "uuid": "4f8c2c4e-00dc-42c9-83ad-76e9ff32448e", - "distribution": "0", - "analysis": "0", - "timestamp": "1", - "Attribute": [ - { - "id": "116", - "event_id": "14", - "type": "ip-dst", - "category": "Network activity", - "to_ids": "1", - "uuid": "4f8c2cc3-0410-4bf0-8559-5b9dff32448e", - "distribution": "0", - "value": "1.1.1.111", - "timestamp": "0" - }, - { - "id": "117", - "event_id": "14", - "type": "malware-sample", - "category": "Payload delivery", - "to_ids": "0", - "uuid": "4f8c2d08-7e6c-4648-8730-50a7ff32448e", - "distribution": "0", - "value": "A.doc|3f6f1aaab6171925c81de9b34a8fcf8e", - "timestamp": "0" - }, - { - "id": "115", - "event_id": "14", - "type": "vulnerability", - "category": "Payload delivery", - "to_ids": "1", - "uuid": "4f8c2c69-9bf8-4279-8d03-2138ff32448e", - "distribution": "0", - "value": "CVE-XXXX-XXXX", - "timestamp": "0" - } - ], - "RelatedEvent": [ - { - "id": "11", - "date": "2011-01-03", - "uuid": "4f8812ff-ded0-4592-9227-0615ff32448e" - }, - { - "id": "9", - "date": "2011-02-02", - "uuid": "4f85981e-d044-4b16-bc16-0a35ff32448e" - }, - { - "id": "6", - "date": "2011-03-01", - "uuid": "4f7a9faa-91d4-4c91-8ec6-0878ff32448e" - } - ] - } -} \ No newline at end of file +{"Event": {"id": "25", "orgc": "Iglocska", "date": "2015-04-14", "threat_level_id": "4", "info": "info", "distribution": "1", "analysis": "0", "Attribute": [{"id": "7","type": "ip-dst","category": "Network activity","to_ids": "1","distribution": "1","value": "8.8.8.8"}]}} \ No newline at end of file diff --git a/tools/curl/input/event.xml b/tools/curl/input/event.xml index 45d993870..2b9a57fa0 100644 --- a/tools/curl/input/event.xml +++ b/tools/curl/input/event.xml @@ -1,31 +1,21 @@ 25 - NCIRC - 2013-12-12 + 2015-04-14 1 - test5 + This is a sample event 0 - 52b9bca5-2e04-4fed-acf3-1f60c0a80e0a - 1 0 - 1386855599 1 - 0 - NCIRC - 0 + Iglocska 7 ip-src Network activity 0 - 52a9bcbe-d87c-4c5e-8408-22e8c0a80e0a 9 1 - 1386855599 - - 1.1.1.2 - + This is a sample attribute + 8.8.8.8 -