mirror of https://github.com/MISP/MISP
fixing some REST API and XML issues
parent
5ca8ff9571
commit
e3ed847ba0
|
@ -133,24 +133,8 @@ Configure::write('GnuPG.homedir', '/path/to/your/.gnupg/');
|
|||
Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins
|
||||
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
|
||||
|
||||
/**
|
||||
* Network activity, ip-src
|
||||
* 30 class-C network ip addresses
|
||||
* (time in ms)
|
||||
*
|
||||
* default db sql
|
||||
* all 25366 16601 15941
|
||||
* 24839 16604 15611
|
||||
* paginated 16759 8447 6615
|
||||
* 17734 8639 8846
|
||||
*/
|
||||
Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available to do resolution.
|
||||
|
||||
Configure::write('CyDefSIG.rest', 'ii'); // i is unchecked, use ii
|
||||
// RESTfull, possible values:
|
||||
// - i, event without attributes
|
||||
// - ii, event with attributes (more framework friendly and more RESTfull friendly)
|
||||
|
||||
/**
|
||||
* The settings below can be used to set additional paths to models, views and controllers.
|
||||
*
|
||||
|
|
|
@ -181,11 +181,6 @@ class AttributesController extends AppController {
|
|||
// create the attribute
|
||||
$this->Attribute->create();
|
||||
|
||||
if ("i" == Configure::read('CyDefSIG.rest')) {
|
||||
unset($this->request->data['Event']);
|
||||
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
|
||||
//$this->request->data['Attribute']['event_id'] = $eventId;
|
||||
}
|
||||
// Notice (8): Undefined index: id [APP/Controller/AttributesController.php, line 234]
|
||||
// Should be fixed
|
||||
$savedId = $this->Attribute->getId();
|
||||
|
@ -499,11 +494,6 @@ class AttributesController extends AppController {
|
|||
}
|
||||
|
||||
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster', 'value');
|
||||
if ("i" == Configure::read('CyDefSIG.rest')) {
|
||||
unset($this->request->data['Event']);
|
||||
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
|
||||
$this->request->data['Attribute']['event_id'] = $eventId;
|
||||
}
|
||||
|
||||
$this->loadModel('Event');
|
||||
$this->Event->id = $eventId;
|
||||
|
|
|
@ -130,7 +130,7 @@ class EventsController extends AppController {
|
|||
$this->Event->contain('Attribute', 'Attribute.ShadowAttribute', 'User.email');
|
||||
$this->Event->id = $id;
|
||||
if (!$this->Event->exists()) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
throw new NotFoundException(__('Invalid event, it already exists.'));
|
||||
}
|
||||
$this->Event->read(null, $id);
|
||||
$userEmail = $this->Event->data['User']['email'];
|
||||
|
@ -246,10 +246,10 @@ class EventsController extends AppController {
|
|||
$ext = $file->ext();
|
||||
}
|
||||
$ioc = false;
|
||||
if($this->data['Event']['submittedioc']['error'] != 4) {
|
||||
$ioc = true;
|
||||
}
|
||||
if (isset($this->data['Event']['submittedioc'])) {
|
||||
if($this->data['Event']['submittedioc']['error'] != 4) {
|
||||
$ioc = true;
|
||||
}
|
||||
App::uses('File', 'Utility');
|
||||
$file = new File($this->data['Event']['submittedgfi']['name']);
|
||||
$ext = $file->ext();
|
||||
|
@ -324,18 +324,18 @@ class EventsController extends AppController {
|
|||
* @return bool true if success
|
||||
*/
|
||||
public function _add(&$data, $fromXml, $or='', $passAlong = null, $fromPull = false) {
|
||||
$this->Event->create();
|
||||
// force check userid and orgname to be from yourself
|
||||
$auth = $this->Auth;
|
||||
$data['Event']['user_id'] = $auth->user('id');
|
||||
$data['Event']['org'] = $auth->user('org');
|
||||
//$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem
|
||||
if (!$fromXml) {
|
||||
$data['Event']['orgc'] = $data['Event']['org'];
|
||||
}
|
||||
unset ($data['Event']['id']);
|
||||
$this->Event->create();
|
||||
//$this->Event->data = $data;
|
||||
if ($fromXml) {
|
||||
// FIXME FIXME chri: temporary workaround for unclear org, orgc, from
|
||||
$data['Event']['orgc'] = $data['Event']['org'];
|
||||
$data['Event']['from'] = $data['Event']['org'];
|
||||
// Workaround for different structure in XML/array than what CakePHP expects
|
||||
$this->Event->cleanupEventArrayFromXML($data);
|
||||
// the event_id field is not set (normal) so make sure no validation errors are thrown
|
||||
|
@ -343,15 +343,13 @@ class EventsController extends AppController {
|
|||
unset($this->Event->Attribute->validate['event_id']);
|
||||
unset($this->Event->Attribute->validate['value']['unique']); // otherwise gives bugs because event_id is not set
|
||||
}
|
||||
// upstream: false = distribution
|
||||
// true = reverse distribution, back to origin
|
||||
$upstream = false;
|
||||
|
||||
if (isset($data['Event']['uuid'])) { // TODO here we start RESTful dialog
|
||||
unset ($data['Event']['id']);
|
||||
if (isset($data['Event']['uuid'])) {
|
||||
// check if the uuid already exists
|
||||
$existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
|
||||
if ($existingEventCount > 0) {
|
||||
// TODO RESTfull, set responce location header..so client can find right URL to edit
|
||||
// RESTfull, set responce location header..so client can find right URL to edit
|
||||
if ($fromPull) return false;
|
||||
$existingEvent = $this->Event->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
|
||||
$this->response->header('Location', Configure::read('CyDefSIG.baseurl') . '/events/' . $existingEvent['Event']['id']);
|
||||
|
@ -360,29 +358,20 @@ class EventsController extends AppController {
|
|||
}
|
||||
}
|
||||
|
||||
if ($upstream) {
|
||||
$fieldList = array(
|
||||
'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'),
|
||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
|
||||
);
|
||||
} else {
|
||||
$fieldList = array(
|
||||
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'dist_change', 'from'),
|
||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change')
|
||||
);
|
||||
}
|
||||
// FIXME chri: validate the necessity for all these fields...impact on security !
|
||||
$fieldList = array(
|
||||
'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'),
|
||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
|
||||
);
|
||||
$fieldList = array(
|
||||
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'dist_change', 'from'),
|
||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change')
|
||||
);
|
||||
|
||||
if ("i" == Configure::read('CyDefSIG.baseurl')) {
|
||||
// this saveAssociated() function will save not only the event, but also the attributes
|
||||
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
|
||||
unset($data['Attribute']);
|
||||
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
|
||||
$saveResult = $this->Event->save($data, array('validate' => true, 'fieldList' => $fieldList));
|
||||
} else {
|
||||
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
|
||||
}
|
||||
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
|
||||
// FIXME chri: check if output of $saveResult is what we expect when data not valid, see issue #104
|
||||
if ($saveResult) {
|
||||
if (!empty($data['Event']['published']) && 1 == $data['Event']['published'] && $data['Event']['private'] == false) {
|
||||
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
|
||||
// do the necessary actions to publish the event (email, upload,...)
|
||||
$this->__publish($this->Event->getId(), $passAlong);
|
||||
}
|
||||
|
@ -459,44 +448,35 @@ class EventsController extends AppController {
|
|||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie', 'cluster', 'dist_change')
|
||||
);
|
||||
|
||||
if ("ii" == Configure::read('CyDefSIG.rest')) {
|
||||
// reposition to get the attribute.id with given uuid
|
||||
$c = 0;
|
||||
if (isset($this->request->data['Attribute'])) {
|
||||
foreach ($this->request->data['Attribute'] as $attribute) {
|
||||
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
|
||||
if (count($existingAttribute)) {
|
||||
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
|
||||
if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) {
|
||||
unset($this->request->data['Attribute'][$c]['private']);
|
||||
unset($this->request->data['Attribute'][$c]['cluster']);
|
||||
unset($this->request->data['Attribute'][$c]['communitie']);
|
||||
}
|
||||
// reposition to get the attribute.id with given uuid
|
||||
$c = 0;
|
||||
if (isset($this->request->data['Attribute'])) {
|
||||
foreach ($this->request->data['Attribute'] as $attribute) {
|
||||
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
|
||||
if (count($existingAttribute)) {
|
||||
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
|
||||
if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) {
|
||||
unset($this->request->data['Attribute'][$c]['private']);
|
||||
unset($this->request->data['Attribute'][$c]['cluster']);
|
||||
unset($this->request->data['Attribute'][$c]['communitie']);
|
||||
}
|
||||
$c++;
|
||||
}
|
||||
$c++;
|
||||
}
|
||||
}
|
||||
|
||||
// unclear what this does, more documentation needed
|
||||
if ($this->request->data['Event']['dist_change'] > $existingEvent['Event']['dist_change']) {
|
||||
array_push($fieldList['Event'], 'private', 'communitie', 'cluster');
|
||||
}
|
||||
if ("i" == Configure::read('CyDefSIG.rest')) {
|
||||
// this saveAssociated() function will save not only the event, but also the attributes
|
||||
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
|
||||
// the following 2 lines can be out-commented if we opt to save associated (Event.php:263-264)
|
||||
unset($this->request->data['Attribute']);
|
||||
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
|
||||
$saveResult = $this->Event->save($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
|
||||
} else {
|
||||
$saveResult = $this->Event->saveAssociated($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
|
||||
}
|
||||
|
||||
// this saveAssociated() function will save not only the event, but also the attributes
|
||||
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
|
||||
$saveResult = $this->Event->saveAssociated($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
|
||||
|
||||
if ($saveResult) {
|
||||
|
||||
// TODO RESTfull: we now need to compare attributes, to see if we need to do a RESTfull attribute delete
|
||||
|
||||
$message = 'Saved';
|
||||
|
||||
$this->set('event', $this->Event->data);
|
||||
//if published -> do the actual publishing
|
||||
if ((!empty($this->request->data['Event']['published']) && 1 == $this->request->data['Event']['published'])) {
|
||||
|
@ -642,7 +622,7 @@ class EventsController extends AppController {
|
|||
));
|
||||
// iterate over the servers and upload the event
|
||||
if(empty($servers))
|
||||
return;
|
||||
return true;
|
||||
|
||||
$uploaded = true;
|
||||
$failedServers = array();
|
||||
|
@ -703,10 +683,9 @@ class EventsController extends AppController {
|
|||
$this->Event->save($event, array('fieldList' => $fieldList));
|
||||
$event['Event']['from'] = Configure::read('CyDefSIG.org');
|
||||
$uploaded = false;
|
||||
//if ($event['Event']['distribution'] == 'Your organization only' || $event['Event']['distribution'] == 'This server-only') return true;
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
$uploaded = $this->__uploadEventToServers($id, $passAlong);
|
||||
if ((is_bool($uploaded) && !$uploaded) || (is_array($uploaded))) { // TODO remove bool
|
||||
if (($uploaded == false) || (is_array($uploaded))) {
|
||||
$this->Event->saveField('published', 0);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -411,6 +411,7 @@ class Attribute extends AppModel {
|
|||
$this->__afterSaveCorrelation($this->data['Attribute']);
|
||||
|
||||
$result = true;
|
||||
|
||||
// if the 'data' field is set on the $this->data then save the data to the correct file
|
||||
if (isset($this->data['Attribute']['type']) && $this->typeIsAttachment($this->data['Attribute']['type']) && !empty($this->data['Attribute']['data'])) {
|
||||
$result = $result && $this->saveBase64EncodedAttachment($this->data['Attribute']); // TODO : is this correct?
|
||||
|
@ -442,33 +443,33 @@ class Attribute extends AppModel {
|
|||
parent::beforeValidate();
|
||||
|
||||
// distribution - setting correct vars
|
||||
if(isset($this->data['Attribute']['distribution'])) {
|
||||
switch ($this->data['Attribute']['distribution']) {
|
||||
case 'Your organization only':
|
||||
$this->data['Attribute']['private'] = true;
|
||||
$this->data['Attribute']['cluster'] = false;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
case 'This server-only':
|
||||
$this->data['Attribute']['private'] = true;
|
||||
$this->data['Attribute']['cluster'] = true;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
case 'This Community-only':
|
||||
$this->data['Attribute']['private'] = false;
|
||||
$this->data['Attribute']['cluster'] = true;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
case 'Connected communities':
|
||||
$this->data['Attribute']['private'] = false;
|
||||
$this->data['Attribute']['cluster'] = false;
|
||||
$this->data['Attribute']['communitie'] = true;
|
||||
break;
|
||||
case 'All communities':
|
||||
$this->data['Attribute']['private'] = false;
|
||||
$this->data['Attribute']['cluster'] = false;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
if(isset($this->data['Attribute']['distribution'])) {
|
||||
switch ($this->data['Attribute']['distribution']) {
|
||||
case 'Your organization only':
|
||||
$this->data['Attribute']['private'] = true;
|
||||
$this->data['Attribute']['cluster'] = false;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
case 'This server-only':
|
||||
$this->data['Attribute']['private'] = true;
|
||||
$this->data['Attribute']['cluster'] = true;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
case 'This Community-only':
|
||||
$this->data['Attribute']['private'] = false;
|
||||
$this->data['Attribute']['cluster'] = true;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
case 'Connected communities':
|
||||
$this->data['Attribute']['private'] = false;
|
||||
$this->data['Attribute']['cluster'] = false;
|
||||
$this->data['Attribute']['communitie'] = true;
|
||||
break;
|
||||
case 'All communities':
|
||||
$this->data['Attribute']['private'] = false;
|
||||
$this->data['Attribute']['cluster'] = false;
|
||||
$this->data['Attribute']['communitie'] = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -819,6 +820,8 @@ class Attribute extends AppModel {
|
|||
}
|
||||
|
||||
public function saveBase64EncodedAttachment($attribute) {
|
||||
print_r("###### saveBase64EncodedAttachment ######");
|
||||
print_r($attribute);
|
||||
$rootDir = APP . DS . "files" . DS . $attribute['event_id'];
|
||||
$dir = new Folder($rootDir, true); // create directory structure
|
||||
$destpath = $rootDir . DS . $attribute['id'];
|
||||
|
@ -899,12 +902,12 @@ class Attribute extends AppModel {
|
|||
|
||||
public function __beforeSaveCorrelation($a) {
|
||||
|
||||
// (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
|
||||
// ==> DELETE FROM correlations WHERE 1_attribute_id = $a_id OR attribute_id = $a_id; */
|
||||
// (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
|
||||
// ==> DELETE FROM correlations WHERE 1_attribute_id = $a_id OR attribute_id = $a_id; */
|
||||
// first check if it's an update
|
||||
if (isset($a['id'])) {
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
// FIXME : check that $a['id'] is checked correctly so that the user can't remove attributes he shouldn't
|
||||
// FIXME : check that $a['id'] is checked correctly so that the user can't remove attributes he shouldn't
|
||||
$dummy = $this->Correlation->deleteAll(array('OR' => array(
|
||||
'Correlation.1_attribute_id' => $a['id'],
|
||||
'Correlation.attribute_id' => $a['id']))
|
||||
|
@ -914,59 +917,59 @@ class Attribute extends AppModel {
|
|||
|
||||
public function __afterSaveCorrelation($a) {
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
//
|
||||
// When we add/update an attribute we need to
|
||||
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
|
||||
|
||||
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
|
||||
//
|
||||
// When we add/update an attribute we need to
|
||||
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
|
||||
|
||||
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
|
||||
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
|
||||
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
|
||||
|
||||
// now build a correlation array of things that will need to be added in the db
|
||||
// we do this twice, once for value1 and once for value2
|
||||
$correlations = array(); // init variable
|
||||
$value_names = array ('value1', 'value2');
|
||||
// do the correlation for value1 and value2, this needs to be done separately
|
||||
foreach ($value_names as $value_name) {
|
||||
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
|
||||
$params = array(
|
||||
'conditions' => array('OR' => array(
|
||||
'Attribute.value1' => $a[$value_name],
|
||||
'Attribute.value2' => $a[$value_name]
|
||||
)),
|
||||
'recursive' => 0,
|
||||
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
|
||||
);
|
||||
// search for the related attributes for that "value(1|2)"
|
||||
$attributes = $this->find('all', $params);
|
||||
$correlations = array(); // init variable
|
||||
$value_names = array ('value1', 'value2');
|
||||
// do the correlation for value1 and value2, this needs to be done separately
|
||||
foreach ($value_names as $value_name) {
|
||||
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
|
||||
$params = array(
|
||||
'conditions' => array('OR' => array(
|
||||
'Attribute.value1' => $a[$value_name],
|
||||
'Attribute.value2' => $a[$value_name]
|
||||
)),
|
||||
'recursive' => 0,
|
||||
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
|
||||
);
|
||||
// search for the related attributes for that "value(1|2)"
|
||||
$attributes = $this->find('all', $params);
|
||||
// build the correlations, each attribute should have a relation in both directions
|
||||
// this is why we have a double loop.
|
||||
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
|
||||
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
|
||||
$attributes_right = $attributes;
|
||||
foreach ($attributes as $attribute) {
|
||||
foreach ($attributes_right as $attribute_right) {
|
||||
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
|
||||
// do not build a relation between the same attributes
|
||||
// or attributes from the same event
|
||||
continue;
|
||||
}
|
||||
$is_private = $attribute_right['Event']['private'] || $attribute_right['Attribute']['private'];
|
||||
$correlations[] = array(
|
||||
'value' => $a[$value_name],
|
||||
'1_event_id' => $attribute['Attribute']['event_id'],
|
||||
'1_attribute_id' => $attribute['Attribute']['id'],
|
||||
'event_id' => $attribute_right['Attribute']['event_id'],
|
||||
'attribute_id' => $attribute_right['Attribute']['id'],
|
||||
'org' => $attribute_right['Event']['org'],
|
||||
'private' => $is_private,
|
||||
// this is why we have a double loop.
|
||||
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
|
||||
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
|
||||
$attributes_right = $attributes;
|
||||
foreach ($attributes as $attribute) {
|
||||
foreach ($attributes_right as $attribute_right) {
|
||||
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
|
||||
// do not build a relation between the same attributes
|
||||
// or attributes from the same event
|
||||
continue;
|
||||
}
|
||||
$is_private = $attribute_right['Event']['private'] || $attribute_right['Attribute']['private'];
|
||||
$correlations[] = array(
|
||||
'value' => $a[$value_name],
|
||||
'1_event_id' => $attribute['Attribute']['event_id'],
|
||||
'1_attribute_id' => $attribute['Attribute']['id'],
|
||||
'event_id' => $attribute_right['Attribute']['event_id'],
|
||||
'attribute_id' => $attribute_right['Attribute']['id'],
|
||||
'org' => $attribute_right['Event']['org'],
|
||||
'private' => $is_private,
|
||||
'date' => $attribute_right['Event']['date'],
|
||||
'info' => $attribute_right['Event']['info'],
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
// save the new correlations to the database in a single shot
|
||||
'info' => $attribute_right['Event']['info'],
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
// save the new correlations to the database in a single shot
|
||||
$this->Correlation->saveMany($correlations);
|
||||
}
|
||||
|
||||
|
|
|
@ -440,7 +440,7 @@ class Event extends AppModel {
|
|||
*
|
||||
* @param &$data The reference to the variable
|
||||
*
|
||||
* @throws InternalErrorException // TODO Exception
|
||||
* @throws InternalErrorException
|
||||
*/
|
||||
public function cleanupEventArrayFromXML(&$data) {
|
||||
// Workaround for different structure in XML/array than what CakePHP expects
|
||||
|
@ -491,13 +491,6 @@ class Event extends AppModel {
|
|||
foreach ($event['Attribute'] as $attribute) {
|
||||
$newerUuids[$attribute['id']] = $attribute['uuid'];
|
||||
$attribute['event_id'] = $remoteId;
|
||||
if ("i" == Configure::read('CyDefSIG.rest')) {
|
||||
// do the add attributes here i.s.o. saveAssociates() or save()
|
||||
// and unset Attributes and hasMany for this
|
||||
// following 2 lines can be out-commented if. (EventsController.php:364-365)
|
||||
$anAttr = ClassRegistry::init('Attribute');
|
||||
$anAttr->uploadAttributeToServer($attribute, $server, $HttpSocket);
|
||||
}
|
||||
}
|
||||
// get the already existing attributes and delete the ones that are not there
|
||||
foreach ($xml->Event->Attribute as $attribute) {
|
||||
|
|
|
@ -1,79 +1,80 @@
|
|||
<div class="events form">
|
||||
<?php echo $this->Form->create('Event');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Edit Event'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('id');
|
||||
echo $this->Form->input('date');
|
||||
echo $this->Form->input('risk', array(
|
||||
'before' => $this->Html->div('forminfo', '', array('id' => 'EventRiskDiv'))));
|
||||
echo $this->Form->input('analysis', array(
|
||||
'options' => array($analysisLevels),
|
||||
'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv'))));
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
if ('true' == $canEditDist) {
|
||||
echo $this->Form->input('distribution', array('label' => 'Distribution',
|
||||
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
|
||||
));
|
||||
}
|
||||
}
|
||||
echo $this->Form->input('info');
|
||||
|
||||
// link an onchange event to the form elements
|
||||
if ('true' == $canEditDist) {
|
||||
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
|
||||
}
|
||||
$this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")');
|
||||
$this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")');
|
||||
?>
|
||||
</fieldset>
|
||||
<?php echo $this->Form->end(__('Submit', true));?>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<script type="text/javascript">
|
||||
//
|
||||
//Generate tooltip information
|
||||
//
|
||||
var formInfoValues = new Array();
|
||||
<?php
|
||||
if ('true' == $canEditDist) {
|
||||
foreach ($distributionDescriptions as $type => $def) {
|
||||
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
|
||||
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($riskDescriptions as $type => $def) {
|
||||
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
|
||||
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
|
||||
}
|
||||
foreach ($analysisDescriptions as $type => $def) {
|
||||
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
|
||||
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
|
||||
}
|
||||
?>
|
||||
|
||||
function showFormInfo(id) {
|
||||
idDiv = id+'Div';
|
||||
// LATER use nice animations
|
||||
//$(idDiv).hide('fast');
|
||||
// change the content
|
||||
var value = $(id).val(); // get the selected value
|
||||
$(idDiv).html(formInfoValues[value]); // search in a lookup table
|
||||
// show it again
|
||||
$(idDiv).fadeIn('slow');
|
||||
}
|
||||
|
||||
// hide the formInfo things
|
||||
if ('true' == $canEditDist) {
|
||||
$('#EventDistributionDiv').hide();
|
||||
}
|
||||
$('#EventRiskDiv').hide();
|
||||
$('#EventAnalysisDiv').hide();
|
||||
</script>
|
||||
<div class="events form">
|
||||
<?php echo $this->Form->create('Event');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Edit Event'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('id');
|
||||
echo $this->Form->input('date');
|
||||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
if ('true' == $canEditDist) {
|
||||
echo $this->Form->input('distribution', array('label' => 'Distribution',
|
||||
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
|
||||
));
|
||||
}
|
||||
}
|
||||
echo $this->Form->input('risk', array(
|
||||
'before' => $this->Html->div('forminfo', '', array('id' => 'EventRiskDiv'))));
|
||||
echo $this->Form->input('analysis', array(
|
||||
'options' => array($analysisLevels),
|
||||
'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv'))
|
||||
));
|
||||
echo $this->Form->input('info');
|
||||
|
||||
// link an onchange event to the form elements
|
||||
if ('true' == $canEditDist) {
|
||||
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
|
||||
}
|
||||
$this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")');
|
||||
$this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")');
|
||||
?>
|
||||
</fieldset>
|
||||
<?php echo $this->Form->end(__('Submit', true));?>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<script type="text/javascript">
|
||||
//
|
||||
//Generate tooltip information
|
||||
//
|
||||
var formInfoValues = new Array();
|
||||
<?php
|
||||
if ('true' == $canEditDist) {
|
||||
foreach ($distributionDescriptions as $type => $def) {
|
||||
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
|
||||
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($riskDescriptions as $type => $def) {
|
||||
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
|
||||
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
|
||||
}
|
||||
foreach ($analysisDescriptions as $type => $def) {
|
||||
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
|
||||
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
|
||||
}
|
||||
?>
|
||||
|
||||
function showFormInfo(id) {
|
||||
idDiv = id+'Div';
|
||||
// LATER use nice animations
|
||||
//$(idDiv).hide('fast');
|
||||
// change the content
|
||||
var value = $(id).val(); // get the selected value
|
||||
$(idDiv).html(formInfoValues[value]); // search in a lookup table
|
||||
// show it again
|
||||
$(idDiv).fadeIn('slow');
|
||||
}
|
||||
|
||||
// hide the formInfo things
|
||||
if ('true' == $canEditDist) {
|
||||
$('#EventDistributionDiv').hide();
|
||||
}
|
||||
$('#EventRiskDiv').hide();
|
||||
$('#EventAnalysisDiv').hide();
|
||||
</script>
|
||||
<?php echo $this->Js->writeBuffer();
|
|
@ -36,15 +36,17 @@ foreach ($event['Event']['Attribute'] as $key => $value) {
|
|||
|
||||
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||
}
|
||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['user_id']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['private']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['communitie']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['cluster']);
|
||||
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['org']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['orgc']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['from']);
|
||||
if (isset($event['Event']['RelatedEvent'])) {
|
||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['user_id']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['private']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['communitie']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['cluster']);
|
||||
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
|
||||
unset($event['Event']['RelatedEvent'][$key]['org']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['orgc']);
|
||||
unset($event['Event']['RelatedEvent'][$key]['from']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue