mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
iglocska
commit
e53a0046a9
2
PyMISP
2
PyMISP
|
|
@ -1 +1 @@
|
|||
Subproject commit edb17ab0924b04bc91adff21bc60b3010404cd97
|
||||
Subproject commit a3140f37739b4a8a63f9b224aaaa2209611a33fe
|
||||
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":4, "hotfix":111}
|
||||
{"major":2, "minor":4, "hotfix":112}
|
||||
|
|
|
|||
|
|
@ -46,8 +46,8 @@ class AppController extends Controller
|
|||
|
||||
public $helpers = array('Utility', 'OrgImg', 'FontAwesome', 'UserName');
|
||||
|
||||
private $__queryVersion = '81';
|
||||
public $pyMispVersion = '2.4.111';
|
||||
private $__queryVersion = '82';
|
||||
public $pyMispVersion = '2.4.112';
|
||||
public $phpmin = '7.0';
|
||||
public $phprec = '7.2';
|
||||
public $isApiAuthed = false;
|
||||
|
|
|
|||
|
|
@ -180,117 +180,28 @@ class AttributesController extends AppController
|
|||
}
|
||||
$uuids = array();
|
||||
$this->Warninglist = ClassRegistry::init('Warninglist');
|
||||
$warnings = array();
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
if (isset($attribute['id'])) {
|
||||
unset($attribute['id']);
|
||||
}
|
||||
$attributes[$k]['event_id'] = $eventId;
|
||||
if (isset($attribute['uuid'])) {
|
||||
$uuids[$k] = $attribute['uuid'];
|
||||
if (!isset($attribute['timestamp'])) {
|
||||
$attributes[$k]['timestamp'] = $date->getTimestamp();
|
||||
}
|
||||
if (isset($attribute['base64'])) {
|
||||
$attributes[$k]['data'] = $attribute['base64'];
|
||||
}
|
||||
}
|
||||
if (isset($attribute['type']) && !isset($attribute['category'])) {
|
||||
$attributes[$k]['category'] = $this->Attribute->typeDefinitions[$attribute['type']]['default_category'];
|
||||
}
|
||||
if (!isset($attribute['to_ids'])) {
|
||||
$attributes[$k]['to_ids'] = $this->Attribute->typeDefinitions[$attribute['type']]['to_ids'];
|
||||
}
|
||||
if (!empty($attributes[$k]['enforceWarninglist']) || !empty($this->params['named']['enforceWarninglist'])) {
|
||||
if (empty($warninglists)) {
|
||||
$warninglists = $this->Warninglist->fetchForEventView();
|
||||
}
|
||||
if (!$this->Warninglist->filterWarninglistAttributes($warninglists, $attributes[$k])) {
|
||||
$attributes[$k]['blocked'] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
$fails = array();
|
||||
$successes = 0;
|
||||
$attributeCount = count($attributes);
|
||||
if (!empty($uuids)) {
|
||||
$existingAttributes = $this->Attribute->find('list', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('Attribute.uuid'),
|
||||
'conditions' => array('Attribute.uuid' => array_values($uuids))
|
||||
));
|
||||
if (!empty($existingAttributes)) {
|
||||
foreach ($uuids as $k => $uuid) {
|
||||
if (in_array($uuid, $existingAttributes)) {
|
||||
unset($attributes[$k]);
|
||||
$fails["attribute_$k"] = array('uuid' => array('An attribute with this uuid already exists.'));
|
||||
unset($uuids[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// deduplication
|
||||
$duplicates = 0;
|
||||
$inserted_ids = array();
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
foreach ($attributes as $k2 => $attribute2) {
|
||||
if ($k == $k2) {
|
||||
continue;
|
||||
}
|
||||
if (
|
||||
(
|
||||
!empty($attribute['uuid']) &&
|
||||
!empty($attribute2['uuid']) &&
|
||||
$attribute['uuid'] == $attribute2['uuid']
|
||||
) || (
|
||||
$attribute['value'] == $attribute2['value'] &&
|
||||
$attribute['type'] == $attribute2['type'] &&
|
||||
$attribute['category'] == $attribute2['category']
|
||||
)
|
||||
) {
|
||||
$duplicates++;
|
||||
unset($attributes[$k]);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
if (empty($attribute['blocked'])) {
|
||||
if (!empty($attribute['encrypt'])) {
|
||||
$attribute = $this->Attribute->onDemandEncrypt($attribute);
|
||||
}
|
||||
if (!empty($attribute['Tag'])) {
|
||||
foreach ($attribute['Tag'] as $tag) {
|
||||
$tag_id = $this->Attribute->AttributeTag->Tag->captureTag($tag, $this->Auth->user());
|
||||
if ($tag_id) {
|
||||
$attribute['tag_ids'][] = $tag_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
$attributes[$k] = $attribute;
|
||||
$this->Attribute->set($attribute);
|
||||
$result = $this->Attribute->validates();
|
||||
if (!$result) {
|
||||
$fails["attribute_$k"] = $this->Attribute->validationErrors;
|
||||
unset($attributes[$k]);
|
||||
} else {
|
||||
$successes++;
|
||||
}
|
||||
$validationErrors = array();
|
||||
$this->Attribute->captureAttribute($attribute, $eventId, $this->Auth->user(), false, false, false, $validationErrors, $this->params['named']);
|
||||
if (empty($validationErrors)) {
|
||||
$inserted_ids[] = $this->Attribute->id;
|
||||
$successes +=1;
|
||||
} else {
|
||||
$fails["attribute_$k"] = 'Attribute blocked due to warninglist';
|
||||
unset($attributes[$k]);
|
||||
$fails["attribute_" . $k] = $validationErrors;
|
||||
}
|
||||
}
|
||||
if (!empty($successes)) {
|
||||
$this->Event->unpublishEvent($eventId);
|
||||
}
|
||||
$atomic = Configure::read('MISP.deadlock_avoidance') ? false : true;
|
||||
// skipping validation here, already done above
|
||||
$result = $this->Attribute->saveMany($attributes, array('atomic' => $atomic));
|
||||
if ($this->_isRest()) {
|
||||
if (!empty($successes)) {
|
||||
$attributes = $this->Attribute->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('Attribute.id' => $this->Attribute->inserted_ids),
|
||||
'conditions' => array('Attribute.id' => $inserted_ids),
|
||||
'contain' => array(
|
||||
'AttributeTag' => array(
|
||||
'Tag' => array('fields' => array('Tag.id', 'Tag.name', 'Tag.colour', 'Tag.numerical_value'))
|
||||
|
|
@ -299,6 +210,19 @@ class AttributesController extends AppController
|
|||
));
|
||||
if (count($attributes) == 1) {
|
||||
$attributes = $attributes[0];
|
||||
} else {
|
||||
$result = array('Attribute' => array());
|
||||
foreach ($attributes as $attribute) {
|
||||
$temp = $attribute['Attribute'];
|
||||
if (!empty($attribute['AttributeTag'])) {
|
||||
foreach ($attribute['AttributeTag'] as $at) {
|
||||
$temp['Tag'][] = $at['Tag'];
|
||||
}
|
||||
}
|
||||
$result['Attribute'][] = $temp;
|
||||
}
|
||||
$attributes = $result;
|
||||
unset($result);
|
||||
}
|
||||
return $this->RestResponse->viewData($attributes, $this->response->type(), $fails);
|
||||
} else {
|
||||
|
|
@ -324,11 +248,8 @@ class AttributesController extends AppController
|
|||
$message = sprintf('Attributes saved, however, %s attributes could not be saved. Click %s for more info', count($fails), '$flashErrorMessage');
|
||||
} else {
|
||||
if (!empty($fails["attribute_0"])) {
|
||||
foreach ($fails["attribute_0"] as $k => $v) {
|
||||
$failed = 1;
|
||||
$message = $k . ': ' . $v[0];
|
||||
break;
|
||||
}
|
||||
$failed = 1;
|
||||
$message = '0: ' . $v[0];
|
||||
} else {
|
||||
$failed = 1;
|
||||
$message = 'Attribute could not be saved.';
|
||||
|
|
@ -993,7 +914,7 @@ class AttributesController extends AppController
|
|||
$saved_attribute = $this->Attribute->find('first', array(
|
||||
'conditions' => array('id' => $this->Attribute->id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value', 'disable_correlation'),
|
||||
'fields' => $this->Attribute->defaultFields
|
||||
));
|
||||
$response = array('response' => array('Attribute' => $saved_attribute['Attribute']));
|
||||
$this->set('response', $response);
|
||||
|
|
@ -3122,9 +3043,11 @@ class AttributesController extends AppController
|
|||
if (empty($attribute)) {
|
||||
throw new NotFoundException(__('Invalid attribute'));
|
||||
}
|
||||
if (!$this->_isSiteAdmin() && $attribute['Event']['orgc_id'] !== $this->Auth->user('org_id')) {
|
||||
$fails++;
|
||||
continue;
|
||||
if ((!$this->userRole['perm_sync'] && !$this->_isSiteAdmin()) && $attribute['Event']['orgc_id'] !== $this->Auth->user('org_id')) {
|
||||
if (Configure::read('MISP.host_org_id') != $this->Auth->user('org_id') || !$local) {
|
||||
$fails++;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
$eventId = $attribute['Attribute']['event_id'];
|
||||
$event = $this->Attribute->Event->find('first', array(
|
||||
|
|
|
|||
|
|
@ -3666,8 +3666,15 @@ class EventsController extends AppController
|
|||
$tag_id = $this->request->data['tag'];
|
||||
}
|
||||
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
|
||||
if (!$this->userRole['perm_tagger'] || ($this->Auth->user('org_id') !== $event['Event']['orgc_id'])) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200, 'type' => 'json'));
|
||||
if (
|
||||
!$this->userRole['perm_tagger'] ||
|
||||
(
|
||||
$this->Auth->user('org_id') !== $event['Event']['orgc_id']
|
||||
)
|
||||
) {
|
||||
if (Configure::read('MISP.host_org_id') != $this->Auth->user('org_id') || !$local) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
$conditions = array('LOWER(Tag.name) LIKE' => strtolower(trim($tag_id)));
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ class ObjectReferencesController extends AppController
|
|||
'referenced_type' => $referenced_type,
|
||||
'uuid' => CakeText::uuid()
|
||||
);
|
||||
$object_uuid = $object['Object']['uuid'];
|
||||
$this->ObjectReference->create();
|
||||
$result = $this->ObjectReference->save(array('ObjectReference' => $data));
|
||||
if ($result) {
|
||||
|
|
@ -80,6 +81,7 @@ class ObjectReferencesController extends AppController
|
|||
'recursive' => -1,
|
||||
'conditions' => array('ObjectReference.id' => $this->ObjectReference->id)
|
||||
));
|
||||
$object['ObjectReference']['object_uuid'] = $object_uuid;
|
||||
return $this->RestResponse->viewData($object, $this->response->type());
|
||||
} elseif ($this->request->is('ajax')) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Object reference added.')),'status'=>200, 'type' => 'json'));
|
||||
|
|
|
|||
|
|
@ -528,8 +528,9 @@ class ObjectsController extends AppController
|
|||
if (isset($this->request->data['Object']['data'])) {
|
||||
$this->request->data = json_decode($this->request->data['Object']['data'], true);
|
||||
}
|
||||
if (!isset($this->request->data['Attribute'])) {
|
||||
$this->request->data = array('Attribute' => $this->request->data);
|
||||
if (isset($this->request->data['Object'])) {
|
||||
$this->request->data = array_merge($this->request->data, $this->request->data['Object']);
|
||||
unset($this->request->data['Object']);
|
||||
}
|
||||
$objectToSave = $this->MispObject->attributeCleanup($this->request->data);
|
||||
$objectToSave = $this->MispObject->deltaMerge($object, $objectToSave);
|
||||
|
|
@ -542,7 +543,11 @@ class ObjectsController extends AppController
|
|||
$objectToSave = $this->MispObject->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('Object.id' => $id),
|
||||
'contain' => array('Attribute')
|
||||
'contain' => array(
|
||||
'Attribute' => array(
|
||||
'fields' => $this->MispObject->Attribute->defaultFields
|
||||
)
|
||||
)
|
||||
));
|
||||
if (!empty($objectToSave)) {
|
||||
$objectToSave['Object']['Attribute'] = $objectToSave['Attribute'];
|
||||
|
|
|
|||
|
|
@ -110,16 +110,28 @@ class ServersController extends AppController
|
|||
$combinedArgs['sort'] = 'timestamp';
|
||||
$combinedArgs['direction'] = 'desc';
|
||||
}
|
||||
$events = $this->Server->previewIndex($id, $this->Auth->user(), $combinedArgs);
|
||||
if (empty($combinedArgs['page'])) {
|
||||
$combinedArgs['page'] = 1;
|
||||
}
|
||||
if (empty($combinedArgs['limit'])) {
|
||||
$combinedArgs['limit'] = 60;
|
||||
}
|
||||
$total_count = 0;
|
||||
$events = $this->Server->previewIndex($id, $this->Auth->user(), $combinedArgs, $total_count);
|
||||
$this->loadModel('Event');
|
||||
$threat_levels = $this->Event->ThreatLevel->find('all');
|
||||
$this->set('threatLevels', Set::combine($threat_levels, '{n}.ThreatLevel.id', '{n}.ThreatLevel.name'));
|
||||
App::uses('CustomPaginationTool', 'Tools');
|
||||
$customPagination = new CustomPaginationTool();
|
||||
$params = $customPagination->createPaginationRules($events, $this->passedArgs, $this->alias);
|
||||
if (!empty($total_count)) {
|
||||
$params['pageCount'] = ceil($total_count / $params['limit']);
|
||||
}
|
||||
$this->params->params['paging'] = array($this->modelClass => $params);
|
||||
if (is_array($events)) {
|
||||
$customPagination->truncateByPagination($events, $params);
|
||||
if (count($events) > 60) {
|
||||
$customPagination->truncateByPagination($events, $params);
|
||||
}
|
||||
} else ($events = array());
|
||||
$this->set('events', $events);
|
||||
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ class CsvExport
|
|||
foreach ($requested_obj_attributes as $obj_att) {
|
||||
$this->requested_fields[] = $obj_att;
|
||||
}
|
||||
if (isset($options['filters']['includeContext'])) {
|
||||
if (!empty($options['filters']['includeContext'])) {
|
||||
foreach ($this->event_context_fields as $event_context_field) {
|
||||
$this->requested_fields[] = $event_context_field;
|
||||
}
|
||||
|
|
@ -220,6 +220,9 @@ class CsvExport
|
|||
$options['flatten'] = 1;
|
||||
}
|
||||
$headers = implode(',', $headers) . PHP_EOL;
|
||||
if (!empty($options['filters']['headerless'])) {
|
||||
return '';
|
||||
}
|
||||
return $headers;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -34,6 +34,10 @@ class Attribute extends AppModel
|
|||
'distribution' => array('desc' => 'Describes who will have access to the event.')
|
||||
);
|
||||
|
||||
public $defaultFields = array(
|
||||
'id', 'event_id', 'object_id', 'object_relation', 'category', 'type', 'value', 'to_ids', 'uuid', 'timestamp', 'distribution', 'sharing_group_id', 'comment', 'deleted', 'disable_correlation'
|
||||
);
|
||||
|
||||
public $distributionDescriptions = array(
|
||||
0 => array('desc' => 'This field determines the current distribution of the event', 'formdesc' => "This setting will only allow members of your organisation on this server to see it."),
|
||||
1 => array('desc' => 'This field determines the current distribution of the event', 'formdesc' => "Organisations that are part of this MISP community will be able to see the event."),
|
||||
|
|
@ -100,7 +104,7 @@ class Attribute extends AppModel
|
|||
),
|
||||
'Network activity' => array(
|
||||
'desc' => __('Information about network traffic generated by the malware'),
|
||||
'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'other', 'hex', 'cookie', 'hostname|port', 'bro', 'zeek', 'anonymised', 'community-id')
|
||||
'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'other', 'hex', 'cookie', 'hostname|port', 'bro', 'zeek', 'anonymised', 'community-id', 'email-subject')
|
||||
),
|
||||
'Payload type' => array(
|
||||
'desc' => __('Information about the final payload(s)'),
|
||||
|
|
@ -3754,16 +3758,44 @@ class Attribute extends AppModel
|
|||
|
||||
// gets an attribute, saves it
|
||||
// handles encryption, attaching to event/object, logging of issues, tag capturing
|
||||
public function captureAttribute($attribute, $eventId, $user, $objectId = false, $log = false, $parentEvent = false)
|
||||
public function captureAttribute($attribute, $eventId, $user, $objectId = false, $log = false, $parentEvent = false, &$validationErrors = false, $params = array())
|
||||
{
|
||||
if ($log == false) {
|
||||
$log = ClassRegistry::init('Log');
|
||||
}
|
||||
$attribute['event_id'] = $eventId;
|
||||
$attribute['object_id'] = $objectId ? $objectId : 0;
|
||||
if (!isset($attribute['to_ids'])) {
|
||||
$attribute['to_ids'] = $this->typeDefinitions[$attribute['type']]['to_ids'];
|
||||
}
|
||||
$attribute['to_ids'] = $attribute['to_ids'] ? 1 : 0;
|
||||
$attribute['disable_correlation'] = $attribute['disable_correlation'] ? 1 : 0;
|
||||
$attribute['disable_correlation'] = empty($attribute['disable_correlation']) ? 0 : 1;
|
||||
unset($attribute['id']);
|
||||
if (isset($attribute['base64'])) {
|
||||
$attribute['data'] = $attribute['base64'];
|
||||
}
|
||||
if (!empty($attribute['enforceWarninglist']) || !empty($params['enforceWarninglist'])) {
|
||||
$this->Warninglist = ClassRegistry::init('Warninglist');
|
||||
if (empty($this->warninglists)) {
|
||||
$this->warninglists = $this->Warninglist->fetchForEventView();
|
||||
}
|
||||
if (!$this->Warninglist->filterWarninglistAttributes($warninglists, $attributes[$k])) {
|
||||
$this->validationErrors['warninglist'] = 'Attribute could not be saved as it trips over a warninglist and enforceWarninglist is enforced.';
|
||||
$validationErrors = $this->validationErrors['warninglist'];
|
||||
$log->create();
|
||||
$log->save(array(
|
||||
'org' => $user['Organisation']['name'],
|
||||
'model' => 'Attribute',
|
||||
'model_id' => 0,
|
||||
'email' => $user['email'],
|
||||
'action' => 'add',
|
||||
'user_id' => $user['id'],
|
||||
'title' => 'Attribute dropped due to validation for Event ' . $eventId . ' failed: ' . $attribute_short,
|
||||
'change' => 'Validation errors: ' . json_encode($this->validationErrors) . ' Full Attribute: ' . json_encode($attribute),
|
||||
));
|
||||
return $attribute;
|
||||
}
|
||||
}
|
||||
if (isset($attribute['encrypt'])) {
|
||||
$result = $this->handleMaliciousBase64($eventId, $attribute['value'], $attribute['data'], array('md5'));
|
||||
$attribute['data'] = $result['data'];
|
||||
|
|
@ -3808,6 +3840,9 @@ class Attribute extends AppModel
|
|||
}
|
||||
}
|
||||
if (isset($attribute['Tag'])) {
|
||||
if (!empty($attribute['Tag']['name'])) {
|
||||
$attribute['Tag'] = array($attribute['Tag']);
|
||||
}
|
||||
foreach ($attribute['Tag'] as $tag) {
|
||||
$tag_id = $this->AttributeTag->Tag->captureTag($tag, $user);
|
||||
if ($tag_id) {
|
||||
|
|
|
|||
|
|
@ -264,16 +264,18 @@ class AttributeTag extends AppModel
|
|||
}
|
||||
}
|
||||
foreach ($event['Object'] as $i => $object) {
|
||||
foreach ($object['Attribute'] as $j => $object_attribute) {
|
||||
if ($to_extract == 'tags' || $to_extract == 'both') {
|
||||
foreach ($object_attribute['AttributeTag'] as $tag) {
|
||||
$attribute_tags_name['tags'][] = $tag['Tag']['name'];
|
||||
if (!empty($object['Attribute'])) {
|
||||
foreach ($object['Attribute'] as $j => $object_attribute) {
|
||||
if ($to_extract == 'tags' || $to_extract == 'both') {
|
||||
foreach ($object_attribute['AttributeTag'] as $tag) {
|
||||
$attribute_tags_name['tags'][] = $tag['Tag']['name'];
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($to_extract == 'clusters' || $to_extract == 'both') {
|
||||
foreach ($object_attribute['Galaxy'] as $galaxy) {
|
||||
foreach ($galaxy['GalaxyCluster'] as $cluster) {
|
||||
$attribute_tags_name['clusters'][] = $cluster['tag_name'];
|
||||
if ($to_extract == 'clusters' || $to_extract == 'both') {
|
||||
foreach ($object_attribute['Galaxy'] as $galaxy) {
|
||||
foreach ($galaxy['GalaxyCluster'] as $cluster) {
|
||||
$attribute_tags_name['clusters'][] = $cluster['tag_name'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4120,6 +4120,9 @@ class Event extends AppModel
|
|||
$this->id = $id;
|
||||
$this->recursive = 0;
|
||||
$event = $this->read(null, $id);
|
||||
if (empty($event)) {
|
||||
return false;
|
||||
}
|
||||
if ($jobId) {
|
||||
$this->Behaviors->unload('SysLogLogable.SysLogLogable');
|
||||
} else {
|
||||
|
|
@ -6012,6 +6015,9 @@ class Event extends AppModel
|
|||
'recursive' => -1,
|
||||
'fields' => array('orgc_id', 'id', 'distribution', 'published', 'uuid'),
|
||||
));
|
||||
if (empty($event)) {
|
||||
return false;
|
||||
}
|
||||
$results = array();
|
||||
if (!$user['Role']['perm_site_admin'] && !empty($event) && $event['Event']['orgc_id'] != $user['org_id']) {
|
||||
$objectType = 'ShadowAttribute';
|
||||
|
|
@ -6191,6 +6197,9 @@ class Event extends AppModel
|
|||
if (empty($attribute['comment'])) {
|
||||
$attribute['comment'] = $default_comment;
|
||||
}
|
||||
if (!empty($attribute['data']) && !empty($attribute['encrypt'])) {
|
||||
$attribute = $this->Attribute->onDemandEncrypt($attribute);
|
||||
}
|
||||
$attribute['event_id'] = $id;
|
||||
if ($this->Attribute->save($attribute)) {
|
||||
$saved_attributes++;
|
||||
|
|
@ -6490,6 +6499,9 @@ class Event extends AppModel
|
|||
if (empty($attribute['comment'])) {
|
||||
$attribute['comment'] = $default_comment;
|
||||
}
|
||||
if (!empty($attribute['data']) && !empty($attribute['encrypt'])) {
|
||||
$attribute = $this->Attribute->onDemandEncrypt($attribute);
|
||||
}
|
||||
$this->Attribute->create();
|
||||
$attribute_save = $this->Attribute->save($attribute);
|
||||
if ($attribute_save) {
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ class GalaxyCluster extends AppModel
|
|||
*/
|
||||
public function getCluster($name)
|
||||
{
|
||||
$conditions = array('GalaxyCluster.tag_name ' => $name);
|
||||
$conditions = array('LOWER(GalaxyCluster.tag_name)' => strtolower($name));
|
||||
if (is_numeric($name)) {
|
||||
$conditions = array('GalaxyCluster.id' => $name);
|
||||
}
|
||||
|
|
@ -173,7 +173,7 @@ class GalaxyCluster extends AppModel
|
|||
'first',
|
||||
array(
|
||||
'conditions' => array(
|
||||
'Tag.name' => $cluster['GalaxyCluster']['tag_name']
|
||||
'LOWER(Tag.name)' => strtolower($cluster['GalaxyCluster']['tag_name'])
|
||||
),
|
||||
'recursive' => -1,
|
||||
'fields' => array('Tag.id')
|
||||
|
|
|
|||
|
|
@ -454,7 +454,7 @@ class MispObject extends AppModel
|
|||
public function attributeCleanup($attributes)
|
||||
{
|
||||
if (empty($attributes['Attribute'])) {
|
||||
return 'No attribute data found';
|
||||
return $attributes;
|
||||
}
|
||||
foreach ($attributes['Attribute'] as $k => $attribute) {
|
||||
if (isset($attribute['save']) && $attribute['save'] == 0) {
|
||||
|
|
@ -521,58 +521,60 @@ class MispObject extends AppModel
|
|||
$object['Object']['timestamp'] = $date->getTimestamp();
|
||||
$this->save($object);
|
||||
$checkFields = array('category', 'value', 'to_ids', 'distribution', 'sharing_group_id', 'comment', 'disable_correlation');
|
||||
foreach ($objectToSave['Attribute'] as $newKey => $newAttribute) {
|
||||
foreach ($object['Attribute'] as $origKey => $originalAttribute) {
|
||||
if (!empty($newAttribute['uuid'])) {
|
||||
if ($newAttribute['uuid'] == $originalAttribute['uuid']) {
|
||||
$different = false;
|
||||
foreach ($checkFields as $f) {
|
||||
if ($f == 'sharing_group_id' && empty($newAttribute[$f])) {
|
||||
$newAttribute[$f] = 0;
|
||||
if (!empty($objectToSave['Attribute'])) {
|
||||
foreach ($objectToSave['Attribute'] as $newKey => $newAttribute) {
|
||||
foreach ($object['Attribute'] as $origKey => $originalAttribute) {
|
||||
if (!empty($newAttribute['uuid'])) {
|
||||
if ($newAttribute['uuid'] == $originalAttribute['uuid']) {
|
||||
$different = false;
|
||||
foreach ($checkFields as $f) {
|
||||
if ($f == 'sharing_group_id' && empty($newAttribute[$f])) {
|
||||
$newAttribute[$f] = 0;
|
||||
}
|
||||
if ($newAttribute[$f] != $originalAttribute[$f]) {
|
||||
$different = true;
|
||||
}
|
||||
}
|
||||
if ($newAttribute[$f] != $originalAttribute[$f]) {
|
||||
$different = true;
|
||||
if ($different) {
|
||||
$newAttribute['id'] = $originalAttribute['id'];
|
||||
$newAttribute['event_id'] = $object['Object']['event_id'];
|
||||
$newAttribute['object_id'] = $object['Object']['id'];
|
||||
$newAttribute['timestamp'] = $date->getTimestamp();
|
||||
$result = $this->Event->Attribute->save(array('Attribute' => $newAttribute), array(
|
||||
'category',
|
||||
'value',
|
||||
'to_ids',
|
||||
'distribution',
|
||||
'sharing_group_id',
|
||||
'comment',
|
||||
'timestamp',
|
||||
'object_id',
|
||||
'event_id',
|
||||
'disable_correlation'
|
||||
));
|
||||
}
|
||||
unset($object['Attribute'][$origKey]);
|
||||
continue 2;
|
||||
}
|
||||
if ($different) {
|
||||
$newAttribute['id'] = $originalAttribute['id'];
|
||||
$newAttribute['event_id'] = $object['Object']['event_id'];
|
||||
$newAttribute['object_id'] = $object['Object']['id'];
|
||||
$newAttribute['timestamp'] = $date->getTimestamp();
|
||||
$result = $this->Event->Attribute->save(array('Attribute' => $newAttribute), array(
|
||||
'category',
|
||||
'value',
|
||||
'to_ids',
|
||||
'distribution',
|
||||
'sharing_group_id',
|
||||
'comment',
|
||||
'timestamp',
|
||||
'object_id',
|
||||
'event_id',
|
||||
'disable_correlation'
|
||||
));
|
||||
}
|
||||
unset($object['Attribute'][$origKey]);
|
||||
continue 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->Event->Attribute->create();
|
||||
$newAttribute['event_id'] = $object['Object']['event_id'];
|
||||
$newAttribute['object_id'] = $object['Object']['id'];
|
||||
if (!isset($newAttribute['timestamp'])) {
|
||||
$newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
|
||||
if ($newAttribute['distribution'] == 'event') {
|
||||
$newAttribute['distribution'] = 5;
|
||||
$this->Event->Attribute->create();
|
||||
$newAttribute['event_id'] = $object['Object']['event_id'];
|
||||
$newAttribute['object_id'] = $object['Object']['id'];
|
||||
if (!isset($newAttribute['timestamp'])) {
|
||||
$newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
|
||||
if ($newAttribute['distribution'] == 'event') {
|
||||
$newAttribute['distribution'] = 5;
|
||||
}
|
||||
}
|
||||
$this->Event->Attribute->save($newAttribute);
|
||||
$attributeArrays['add'][] = $newAttribute;
|
||||
unset($objectToSave['Attribute'][$newKey]);
|
||||
}
|
||||
foreach ($object['Attribute'] as $origKey => $originalAttribute) {
|
||||
$originalAttribute['deleted'] = 1;
|
||||
$this->Event->Attribute->save($originalAttribute);
|
||||
}
|
||||
$this->Event->Attribute->save($newAttribute);
|
||||
$attributeArrays['add'][] = $newAttribute;
|
||||
unset($objectToSave['Attribute'][$newKey]);
|
||||
}
|
||||
foreach ($object['Attribute'] as $origKey => $originalAttribute) {
|
||||
$originalAttribute['deleted'] = 1;
|
||||
$this->Event->Attribute->save($originalAttribute);
|
||||
}
|
||||
return $this->id;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4568,7 +4568,7 @@ class Server extends AppModel
|
|||
* 2: no route to host
|
||||
* 3: empty result set
|
||||
*/
|
||||
public function previewIndex($id, $user, $passedArgs)
|
||||
public function previewIndex($id, $user, $passedArgs, &$total_count = 0)
|
||||
{
|
||||
$server = $this->find('first', array(
|
||||
'conditions' => array('Server.id' => $id),
|
||||
|
|
@ -4578,7 +4578,7 @@ class Server extends AppModel
|
|||
}
|
||||
$HttpSocket = $this->setupHttpSocket($server);
|
||||
$request = $this->setupSyncRequest($server);
|
||||
$validArgs = array_merge(array('sort', 'direction'), $this->validEventIndexFilters);
|
||||
$validArgs = array_merge(array('sort', 'direction', 'page', 'limit'), $this->validEventIndexFilters);
|
||||
$urlParams = '';
|
||||
foreach ($validArgs as $v) {
|
||||
if (isset($passedArgs[$v])) {
|
||||
|
|
@ -4587,6 +4587,10 @@ class Server extends AppModel
|
|||
}
|
||||
$uri = $server['Server']['url'] . '/events/index' . $urlParams;
|
||||
$response = $HttpSocket->get($uri, $data = '', $request);
|
||||
if (!empty($response->headers['X-Result-Count'])) {
|
||||
$temp = $response->headers['X-Result-Count'];
|
||||
$total_count = $temp;
|
||||
}
|
||||
if ($response->code == 200) {
|
||||
try {
|
||||
$events = json_decode($response->body, true);
|
||||
|
|
@ -4692,7 +4696,6 @@ class Server extends AppModel
|
|||
}
|
||||
$validServers[] = $server;
|
||||
}
|
||||
|
||||
return $validServers;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -317,7 +317,7 @@ class Taxonomy extends AppModel
|
|||
if (!in_array('name', $skipUpdateFields)) {
|
||||
$temp['Tag']['name'] = $entry['tag'];
|
||||
}
|
||||
if (!in_array('numerical_value', $skipUpdateFields) && isset($entry['numerical_value'])) {
|
||||
if (!in_array('numerical_value', $skipUpdateFields) && (isset($entry['numerical_value']) && $entry['numerical_value'] !== null)) {
|
||||
$temp['Tag']['numerical_value'] = $entry['numerical_value'];
|
||||
}
|
||||
$this->Tag->save($temp['Tag']);
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@
|
|||
'required_taxonomies' => false,
|
||||
'columnised' => true,
|
||||
'static_tags_only' => 1,
|
||||
'tag_display_style' => Configure::check('MISP.full_tags_on_event_index') ? Configure::read('MISP.full_tags_on_event_index') : 2
|
||||
'tag_display_style' => Configure::check('MISP.full_tags_on_event_index') ? Configure::read('MISP.full_tags_on_event_index') : 1
|
||||
)
|
||||
)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -47,8 +47,11 @@
|
|||
$aStyle = 'background-color:' . h($tag['Tag']['colour']) . ';color:' . $this->TextColour->getTextColour($tag['Tag']['colour']) . ';';
|
||||
$aClass = 'tag nowrap';
|
||||
$aText = trim($tag['Tag']['name']);
|
||||
$aTextModified = null;
|
||||
if (isset($tag_display_style)) {
|
||||
if ($tag_display_style == 0) {
|
||||
if (!isset($tag_display_style) || $tag_display_style == 1) {
|
||||
// default behaviour, do nothing for now
|
||||
} else if ($tag_display_style == 2) {
|
||||
$separator_pos = strpos($aText, ':');
|
||||
if ($separator_pos !== false) {
|
||||
$aTextModified = substr($aText, $separator_pos + 1);
|
||||
|
|
@ -59,7 +62,7 @@
|
|||
}
|
||||
$aTextModified = h($aTextModified);
|
||||
}
|
||||
} else if ($tag_display_style == 2) {
|
||||
} else if ($tag_display_style === 0 || $tag_display_style === '0') {
|
||||
$aTextModified = ' ';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@
|
|||
);
|
||||
}
|
||||
if (
|
||||
isset($local_tag_off) && !$local_tag_off &&
|
||||
(!isset($local_tag_off) || !$local_tag_off) &&
|
||||
($isSiteAdmin || ($isAclTagger && Configure::read('MISP.host_org_id') == $me['org_id']))
|
||||
) {
|
||||
echo sprintf(
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@
|
|||
);
|
||||
}
|
||||
if (
|
||||
isset($local_tag_off) && !$local_tag_off &&
|
||||
(!isset($local_tag_off) || !$local_tag_off) &&
|
||||
($isSiteAdmin || ($isAclTagger && Configure::read('MISP.host_org_id') == $me['org_id']))
|
||||
) {
|
||||
echo sprintf(
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
);
|
||||
if ($setting['type'] == 'boolean') $setting['value'] = ($setting['value'] === true ? 'true' : 'false');
|
||||
if (isset($setting['options'])) {
|
||||
$setting['value'] = $setting['options'][$setting['value']];
|
||||
$setting['value'] = empty($setting['options'][$setting['value']]) ? null : $setting['options'][$setting['value']];
|
||||
}
|
||||
if (!empty($setting['redacted'])) {
|
||||
$setting['value'] = '*****';
|
||||
|
|
|
|||
|
|
@ -109,6 +109,17 @@
|
|||
<span class="bold"><?php echo __('Name: ');?></span><span class="ObjectName"><?php echo h($object['name']); ?></span>
|
||||
<span class="fa fa-expand useCursorPointer" title="<?php echo __('Expand or Collapse');?>" role="button" tabindex="0" aria-label="<?php echo __('Expand or Collapse');?>" data-toggle="collapse" data-target="#Object_<?php echo $o; ?>_collapsible"></span><br />
|
||||
<div id="Object_<?php echo $o; ?>_collapsible" class="collapse">
|
||||
<?php
|
||||
if (!empty($object['description'])) {
|
||||
echo '<span class="bold">Description: </span><span class="ObjectDescription">' . h($object['description']) . '</span><br/>';
|
||||
}
|
||||
if (!empty($object['template_uuid'])) {
|
||||
echo '<span class="bold">Template UUID: </span><span class="TemplateUUID">' . h($object['template_uuid']) . '</span><br/>';
|
||||
}
|
||||
if (!empty($object['template_version'])) {
|
||||
echo '<span class="bold">Template version: </span><span class="TemplateVersion">' . h($object['template_version']) . '</span><br/>';
|
||||
}
|
||||
?>
|
||||
<span class="bold"><?php echo __('UUID: ');?></span><span class="ObjectUUID"><?php echo h($object['uuid']); ?></span><br />
|
||||
<span class="bold"><?php echo __('Meta Category: ');?></span><span class="ObjectMetaCategory"><?php echo h($object['meta-category']); ?></span>
|
||||
</div>
|
||||
|
|
@ -189,9 +200,16 @@
|
|||
<span class="AttributeType"><?php echo h($attribute['type']); ?></span>
|
||||
</td>
|
||||
<td class="AttributeValue limitedWidth"><?php echo h($attribute['value']); ?></td>
|
||||
<?php if (in_array($attribute['type'], $typesWithData) && !empty($attribute['data'])) {?>
|
||||
<input class='AttributeData' type='hidden' value="<?php echo h($attribute['data']); ?>"/>
|
||||
<?php } ?>
|
||||
<?php
|
||||
if (in_array($attribute['type'], $typesWithData)) {
|
||||
if (!empty($attribute['data'])) {
|
||||
echo "<input class='AttributeData' type='hidden' value='" . h($attribute['data']) . "'/>";
|
||||
}
|
||||
if (!empty($attribute['encrypt'])) {
|
||||
echo "<input class='AttributeEncrypt' type='hidden' value='" . h($attribute['encrypt']) . "'/>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
<td class="AttributeUuid short"><?php echo h($attribute['uuid']); ?></td>
|
||||
<td style="max-width:150px;width:10px;">
|
||||
<?php if (!empty($attribute['Tag'])) { ?>
|
||||
|
|
@ -288,9 +306,16 @@
|
|||
}
|
||||
?>
|
||||
<td class="AttributeValue limitedWidth"><?php echo h($attribute['value']); ?></td>
|
||||
<?php if (in_array($attribute['type'], $typesWithData) && !empty($attribute['data'])) {?>
|
||||
<input class='AttributeData' type='hidden' value="<?php echo $attribute['data']; ?>"/>
|
||||
<?php } ?>
|
||||
<?php
|
||||
if (in_array($attribute['type'], $typesWithData)) {
|
||||
if (!empty($attribute['data'])) {
|
||||
echo "<input class='AttributeData' type='hidden' value='" . h($attribute['data']) . "'/>";
|
||||
}
|
||||
if (!empty($attribute['encrypt'])) {
|
||||
echo "<input class='AttributeEncrypt' type='hidden' value='" . h($attribute['encrypt']) . "'/>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
<td class="AttributeUuid short"><?php echo h($attribute['uuid']); ?></td>
|
||||
<td style="max-width:150px;width:10px;">
|
||||
<?php if (!empty($attribute['Tag'])) { ?>
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@
|
|||
array('key' => __('Type'), 'value' => $data['type']),
|
||||
array('key' => __('Accepted attribute types'), 'value' => $text),
|
||||
array(
|
||||
'key' => __('Accepted attribute types'),
|
||||
'key' => __('Enabled'),
|
||||
'boolean' => $data['enabled'],
|
||||
'html' => sprintf(
|
||||
'(<a href="%s/warninglists/enableWarninglist/%s%s" title="%s">%s</a>)',
|
||||
' (<a href="%s/warninglists/enableWarninglist/%s%s" title="%s">%s</a>)',
|
||||
$baseurl,
|
||||
h($warninglist['Warninglist']['id']),
|
||||
$data['enabled'] ? '' : '/1',
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 8c445fe1a42ec88bf5e990ffcc48153c433c43e4
|
||||
Subproject commit b92243a8db2b21b86e8e77a93dcfc716efcd2573
|
||||
|
|
@ -397,6 +397,20 @@ class StixBuilder():
|
|||
attack_pattern = AttackPattern(**a_p_args)
|
||||
self.append_object(attack_pattern, a_p_id)
|
||||
|
||||
def add_attack_pattern_object(self, misp_object, to_ids):
|
||||
a_p_id = 'attack-pattern--{}'.format(misp_object['uuid'])
|
||||
attributes_dict = {attribute['object_relation']: attribute['value'] for attribute in misp_object['Attribute']}
|
||||
a_p_args = {'id': a_p_id, 'type': 'attack-pattern', 'created_by_ref': self.identity_id}
|
||||
a_p_args['labels'] = self.create_object_labels(misp_object['name'], misp_object['meta-category'], to_ids)
|
||||
for relation, key in attackPatternObjectMapping.items():
|
||||
if relation in attributes_dict:
|
||||
a_p_args[key] = attributes_dict[relation]
|
||||
if 'id' in attributes_dict:
|
||||
capec_id = "CAPEC-{}".format(attributes_dict['id'])
|
||||
a_p_args['external_references'] = [{'source_name': 'capec', 'external_id': capec_id}]
|
||||
attack_pattern = AttackPattern(**a_p_args)
|
||||
self.append_object(attack_pattern, a_p_id)
|
||||
|
||||
def add_course_of_action(self, misp_object):
|
||||
coa_args, coa_id = self.generate_galaxy_args(misp_object, False, False, 'course-of-action')
|
||||
self.add_coa_stix_object(coa_args, coa_id)
|
||||
|
|
|
|||
|
|
@ -279,6 +279,7 @@ network_traffic_dst_ref = "dst_ref.type = '{0}' AND network-traffic:dst_ref.valu
|
|||
objectsMapping = {'asn': {'to_call': 'handle_usual_object_name',
|
||||
'observable': {'type': 'autonomous-system'},
|
||||
'pattern': "autonomous-system:{0} = '{1}' AND "},
|
||||
'attack-pattern': {'to_call': 'add_attack_pattern_object'},
|
||||
'course-of-action': {'to_call': 'add_course_of_action_from_object'},
|
||||
'credential': {'to_call': 'handle_usual_object_name',
|
||||
'observable': {'type': 'user-account'},
|
||||
|
|
@ -316,6 +317,8 @@ objectsMapping = {'asn': {'to_call': 'handle_usual_object_name',
|
|||
|
||||
asnObjectMapping = {'asn': 'number', 'description': 'name', 'subnet-announced': 'value'}
|
||||
|
||||
attackPatternObjectMapping = {'name': 'name', 'summary': 'description'}
|
||||
|
||||
credentialObjectMapping = {'password': 'credential', 'username': 'user_id'}
|
||||
|
||||
domainIpObjectMapping = {'ip-dst': 'resolves_to_refs[*].value', 'domain': 'value'}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 86e83ecab5a2942173092f7af8d03f9a8774b4cd
|
||||
Subproject commit d5f37d3dc23c8acfe080e7ff04ca5979f3e64625
|
||||
|
|
@ -2501,6 +2501,9 @@ function moduleResultsSubmit(id) {
|
|||
if ($(this).has('.ObjectID').length) {
|
||||
temp['id'] = $(this).find('.ObjectID').text();
|
||||
}
|
||||
if ($(this).has('.ObjectDescription').length) {
|
||||
temp['description'] = $(this).find('.ObjectDescription').text();
|
||||
}
|
||||
if ($(this).has('.TemplateVersion').length) {
|
||||
temp['template_version'] = $(this).find('.TemplateVersion').text();
|
||||
}
|
||||
|
|
@ -2545,8 +2548,13 @@ function moduleResultsSubmit(id) {
|
|||
});
|
||||
attribute['Tag'] = tags;
|
||||
}
|
||||
if (typesWithData.indexOf(attribute_type) != -1 && $(this).find('.AttributeData').length) {
|
||||
attribute['data'] = $(this).find('.AttributeData').val();
|
||||
if (typesWithData.indexOf(attribute_type) != -1) {
|
||||
if ($(this).find('.AttributeData').length) {
|
||||
attribute['data'] = $(this).find('.AttributeData').val();
|
||||
}
|
||||
if ($(this).find('.AttributeEncrypt').length) {
|
||||
attribute['encrypt'] = $(this).find('.AttributeEncrypt').val();
|
||||
}
|
||||
}
|
||||
object_attributes.push(attribute);
|
||||
});
|
||||
|
|
@ -2592,8 +2600,13 @@ function moduleResultsSubmit(id) {
|
|||
});
|
||||
temp['Tag'] = tags;
|
||||
}
|
||||
if (typesWithData.indexOf(type_value) != -1 && $(this).find('.AttributeData').length) {
|
||||
temp['data'] = $(this).find('.AttributeData').val();
|
||||
if (typesWithData.indexOf(type_value) != -1) {
|
||||
if ($(this).find('.AttributeData').length) {
|
||||
temp['data'] = $(this).find('.AttributeData').val();
|
||||
}
|
||||
if ($(this).find('.AttributeEncrypt').length) {
|
||||
temp['encrypt'] = $(this).find('.AttributeEncrypt').val();
|
||||
}
|
||||
}
|
||||
attributes.push(temp);
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in New Issue