MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/5296/head
iglocska 2019-10-10 11:59:28 +02:00
parent 15b10bbcf7 9b99b14e7c
commit e5ed126cc5
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
25 changed files with 70 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PyMISP

@ -1 +1 @@
Subproject commit de6a64ba45b56cef1a233df306da411c49801c03
Subproject commit c80d35fa75dba79d226cb4586397337df9acb7f6

23
app/Console/Command/EventShell.php
View File

@ -180,29 +180,6 @@ class EventShell extends AppShell
}
}
private function __recursiveEcho($array) {
$text = "";
foreach ($array as $k => $v) {
if (is_array($v)) {
if (empty($v)) $text .= '<' . $k . '/>';
else {
foreach ($v as $element) {
$text .= '<' . $k . '>';
$text .= $this->__recursiveEcho($element);
$text .= '</' . $k . '>';
}
}
} else {
if ($v === false) $v = 0;
if ($v === "" || $v === null) $text .= '<' . $k . '/>';
else {
$text .= '<' . $k . '>' . $v . '</' . $k . '>';
}
}
}
return $text;
}
public function cachehids() {
$timeStart = time();
$userId = $this->args[0];

2
app/Controller/AppController.php
View File

@ -46,7 +46,7 @@ class AppController extends Controller
public $helpers = array('Utility', 'OrgImg', 'FontAwesome', 'UserName');
private $__queryVersion = '89';
private $__queryVersion = '90';
public $pyMispVersion = '2.4.114';
public $phpmin = '7.0';
public $phprec = '7.2';

6
app/Controller/TagCollectionsController.php
View File

@ -237,6 +237,9 @@ class TagCollectionsController extends AppController
$RearrangeTool = new RequestRearrangeTool();
$this->request->data = $RearrangeTool->rearrangeArray($this->request->data, $rearrangeRules);
if ($id === false) {
if (!isset($this->request->data['tag_collection'])) {
throw new NotFoundException(__('Invalid tag collection'));
}
$id = $this->request->data['tag_collection'];
}
if (!$this->request->is('post')) {
@ -247,6 +250,9 @@ class TagCollectionsController extends AppController
$this->render('/Events/add_tag');
} else {
if ($tag_id === false) {
if (!isset($this->request->data['tag'])) {
throw new NotFoundException(__('Invalid tag'));
}
$tag_id = $this->request->data['tag'];
}
$conditions = array();

16
app/Lib/Tools/EventGraphTool.php
View File

@ -40,7 +40,7 @@
private function __get_event($id)
{
$this->__json['available_rotation_key'] = $this->__authorized_JSON_key;
$this->__json['available_pivot_key'] = $this->__authorized_JSON_key;
$fullevent = $this->__eventModel->fetchEvent($this->__user, array('eventid' => $id, 'flatten' => 0, 'includeTagRelations' => 1, 'extended' => $this->__extended_view));
$event = array();
@ -265,7 +265,7 @@
foreach ($object as $obj) {
$toPush = array(
'id' => $obj['id'],
'id' => sprintf('o-%s', $obj['id']),
'uuid' => $obj['uuid'],
'type' => $obj['name'],
'label' => '',
@ -290,8 +290,8 @@
$toPush = array(
'id' => $rel['id'],
'uuid' => $rel['uuid'],
'from' => $obj['id'],
'to' => $rel['referenced_id'],
'from' => sprintf('o-%s', $obj['id']),
'to' => $rel['referenced_type'] == 1 ? sprintf('o-%s', $rel['referenced_id']) : $rel['referenced_id'],
'type' => $rel['relationship_type'],
'comment' => $rel['comment'],
'event_id' => $rel['event_id'],
@ -356,7 +356,7 @@
foreach ($object as $obj) {
$toPush = array(
'id' => $obj['id'],
'id' => sprintf('o-%s', $obj['id']),
'uuid' => $obj['uuid'],
'type' => $obj['name'],
'Attribute' => $obj['Attribute'],
@ -382,7 +382,7 @@
if (!in_array($tag['name'], $added_value)) {
$toPush = array(
'id' => "tag_edge_id_" . $i,
'from' => $obj['id'],
'from' => sprintf('o-%s', $obj['id']),
'to' => $tag['name'],
);
$tagSet[$tag['name']] = $tag;
@ -466,7 +466,7 @@
foreach ($object as $obj) {
$toPush = array(
'id' => $obj['id'],
'id' => sprintf('o-%s', $obj['id']),
'uuid' => $obj['uuid'],
'type' => $obj['name'],
'Attribute' => $obj['Attribute'],
@ -491,7 +491,7 @@
if (!in_array($keyVal, $added_value)) {
$toPush = array(
'id' => "keyType_edge_id_" . $i,
'from' => $obj['id'],
'from' => sprintf('o-%s', $obj['id']),
'to' => "keyType_" . $keyVal,
);
array_push($added_value, $keyVal);

2
app/Model/DecayingModelsFormulas/Base.php
View File

@ -124,5 +124,3 @@ abstract class DecayingModelBase
// Return a True if the attribute should be marked as decayed
abstract public function isDecayed($model, $attribute, $score);
}
?>

1
app/Model/DecayingModelsFormulas/Polynomial.php
View File

@ -24,4 +24,3 @@ class Polynomial extends DecayingModelBase
return $threshold > $score;
}
}
?>

1
app/Model/DecayingModelsFormulas/PolynomialExtended.php
View File

@ -51,4 +51,3 @@ class PolynomialExtended extends Polynomial
return parent::isDecayed($model, $attribute, $score);
}
}
?>

6
app/Model/SharingGroup.php
View File

@ -189,7 +189,11 @@ class SharingGroup extends AppModel
'conditions' => array('id' => $sg['SharingGroup']['org_id'])
));
}
$sg['Organisation'] = $this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation'];
if(isset($this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation'])) {
$sg['Organisation'] = $this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation'];
} else {
$sg['Organisation'] = '';
}
if (!empty($sg['SharingGroupOrg'])) {
foreach ($sg['SharingGroupOrg'] as &$sgo) {
if (!isset($this->__sgoCache[$sgo['org_id']])) {

6
app/View/Elements/Events/View/sighting_field.ctp
View File

@ -9,9 +9,9 @@
<?php
if ($isAclSighting):
?>
<span class="icon-thumbs-up useCursorPointer" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" onmouseover="flexibleAddSighting(this, '0', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($object['value']);?>', '<?php echo h($page); ?>', 'top');" onclick="addSighting('0', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');">&nbsp;</span>
<span class="icon-thumbs-down useCursorPointer" title="<?php echo __('Mark as false-positive');?>" role="button" tabindex="0" aria-label="<?php echo __('Mark as false-positive');?>" onmouseover="flexibleAddSighting(this, '1', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($object['value']);?>', '<?php echo h($page); ?>', 'bottom');" onclick="addSighting('1', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');">&nbsp;</span>
<span class="icon-wrench useCursorPointer sightings_advanced_add" title="<?php echo __('Advanced sightings');?>" role="button" tabindex="0" aria-label="<?php echo __('Advanced sightings');?>" data-object-id="<?php echo h($object['id']); ?>" data-object-context="attribute">&nbsp;</span>
<i class="icon-thumbs-up useCursorPointer" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" onmouseover="flexibleAddSighting(this, '0', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($object['value']);?>', '<?php echo h($page); ?>', 'top');" onclick="addSighting('0', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');">&nbsp;</i>
<i class="icon-thumbs-down useCursorPointer" title="<?php echo __('Mark as false-positive');?>" role="button" tabindex="0" aria-label="<?php echo __('Mark as false-positive');?>" onmouseover="flexibleAddSighting(this, '1', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($object['value']);?>', '<?php echo h($page); ?>', 'bottom');" onclick="addSighting('1', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');">&nbsp;</i>
<i class="icon-wrench useCursorPointer sightings_advanced_add" title="<?php echo __('Advanced sightings');?>" role="button" tabindex="0" aria-label="<?php echo __('Advanced sightings');?>" data-object-id="<?php echo h($object['id']); ?>" data-object-context="attribute">&nbsp;</i>
<?php
endif;
?>

2
app/View/Elements/Events/View/value_field.ctp
View File

@ -58,7 +58,7 @@ switch ($object['type']) {
} else {
$sigDisplay = str_replace("\r", '', h($sigDisplay));
$sigDisplay = str_replace(" ", '&nbsp;', $sigDisplay);
echo h($sigDisplay);
echo $sigDisplay;
}
break;

1
app/View/Helper/FontAwesomeHelper.php
View File

@ -446,4 +446,3 @@ App::uses('AppHelper', 'View/Helper');
}
}
}
?>

1
app/View/Helper/GenericPickerHelper.php
View File

@ -113,4 +113,3 @@ class GenericPickerHelper extends AppHelper {
return $template;
}
}
?>

1
app/View/Helper/HighlightHelper.php
View File

@ -40,4 +40,3 @@ App::uses('AppHelper', 'View/Helper');
}
}
?>

1
app/View/Helper/OrgImgHelper.php
View File

@ -58,4 +58,3 @@ App::uses('AppHelper', 'View/Helper');
}
}
}
?>

2
app/View/Helper/PivotHelper.php
View File

@ -80,5 +80,3 @@ App::uses('AppHelper', 'View/Helper');
return $height + $heightToAdd;
}
}
?>

1
app/View/Helper/TextColourHelper.php
View File

@ -17,4 +17,3 @@ App::uses('AppHelper', 'View/Helper');
}
}
}
?>

1
app/View/Helper/UserNameHelper.php
View File

@ -21,4 +21,3 @@ App::uses('AppHelper', 'View/Helper');
return '';
}
}
?>

2
app/View/Helper/UtilityHelper.php
View File

@ -9,4 +9,4 @@ App::uses('AppHelper', 'View/Helper');
return $string;
}
}
?>

1
app/View/Helper/XmlOutputHelper.php
View File

@ -22,4 +22,3 @@ App::uses('AppHelper', 'View/Helper');
}
}
}
?>

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit ac8236d16dca06076150fc9d6e7ec544645a676f
Subproject commit 078a9f5763ec65aab6acbe6b51eafc153947ef00

4
app/files/scripts/generate_file_objects.py
View File

@ -5,7 +5,7 @@ import argparse
import json
try:
from pymisp import MISPEncode
from pymisp import pymisp_json_default
from pymisp.tools import make_binary_objects
except ImportError:
pass
@ -51,7 +51,7 @@ def make_objects(path):
to_return['objects'].append(fo)
if fo.ObjectReference:
to_return['references'] += fo.ObjectReference
return json.dumps(to_return, cls=MISPEncode)
return json.dumps(to_return, default=pymisp_json_default)
if __name__ == '__main__':

2
app/webroot/js/action_table.js
View File

@ -247,7 +247,7 @@ class ActionTable {
var td = document.createElement('td');
var btn = document.createElement('button');
btn.classList.add("btn", "btn-danger");
btn.innerHTML = '<span class="fa fa-trash-o"></span>';
btn.innerHTML = '<span class="fa fa-trash"></span>';
btn.type = "button";
btn.setAttribute('rowID', tr.id);
if (that.row_action_button_style.tooltip !== undefined) {

41
app/webroot/js/event-graph.js
View File

@ -155,7 +155,7 @@ class EventGraph {
$("#select_graph_scope").val(value);
}
if (value == "Rotation key") {
if (value == "Pivot key") {
$("#network-scope-badge").text(value + ": " + eventGraph.scope_keyType);
} else {
$("#network-scope-badge").text(value);
@ -176,30 +176,30 @@ class EventGraph {
label: "Scope",
tooltip: "The scope represented by the network",
event: function(value) {
if (value == "Rotation key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Rotation key scope
if (value == "Pivot key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Pivot key scope
return;
} else {
eventGraph.update_scope(value);
dataHandler.fetch_data_and_update();
}
},
options: ["Reference", "Tag", "Rotation key"],
options: ["Reference", "Tag", "Pivot key"],
default: "Reference"
});
menu_scope.add_select({
id: "input_graph_scope_jsonkey",
label: "Rotation key",
label: "Pivot key",
tooltip: "The key around which the network will be constructed",
event: function(value) {
if (value == "Rotation key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Rotation key scope
if (value == "Pivot key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Pivot key scope
return;
} else {
eventGraph.scope_keyType = value;
eventGraph.update_scope("Rotation key");
eventGraph.update_scope("Pivot key");
dataHandler.fetch_data_and_update();
}
},
options: dataHandler.available_rotation_key ? dataHandler.available_rotation_key : [],
options: dataHandler.available_pivot_key ? dataHandler.available_pivot_key : [],
default: ""
});
return menu_scope;
@ -298,7 +298,8 @@ class EventGraph {
for(var nodeId of objectIds) {
eventGraph.expand_node(nodeId);
}
}
},
title: "Expanding all nodes may takes some time"
});
menu_display.add_button({
label: "Collapse all nodes",
@ -310,7 +311,8 @@ class EventGraph {
for(var nodeId of objectIds) {
eventGraph.collapse_node(nodeId);
}
}
},
title: "Collapsing all nodes may takes some time"
});
menu_display.add_slider({
id: 'slider_display_max_char_num',
@ -1399,7 +1401,7 @@ class DataHandler {
eventGraph.menu_filter.items["table_attr_value"].add_options("table_control_select_attr_value", available_object_references);
}
fetch_data_and_update(stabilize, callback) {
fetch_data_and_update(stabilize, updateOnly, callback) {
eventGraph.network_loading(true, loadingText_fetching);
$.when(this.fetch_objects_template()).done(function() {
var filtering_rules = eventGraph.get_filtering_rules();
@ -1417,7 +1419,9 @@ class DataHandler {
data: JSON.stringify( payload ),
processData: false,
success: function( data, textStatus, jQxhr ){
eventGraph.reset_graphs(true);
if (updateOnly === undefined || updateOnly === false) {
eventGraph.reset_graphs(true);
}
eventGraph.is_filtered = (filtering_rules.presence.length > 0 || filtering_rules.value.length > 0);
eventGraph.first_draw = true;
// update object state
@ -1427,8 +1431,8 @@ class DataHandler {
return [[index, value]];
});
dataHandler.update_filtering_selectors(available_object_references, available_tags);
dataHandler.available_rotation_key = data.available_rotation_key;
eventGraph.menu_scope.add_options("input_graph_scope_jsonkey", dataHandler.available_rotation_key);
dataHandler.available_pivot_key = data.available_pivot_key;
eventGraph.menu_scope.add_options("input_graph_scope_jsonkey", dataHandler.available_pivot_key);
if (data.items.length < nodes_ask_threshold) {
eventGraph.update_graph(data);
} else if (data.items.length > nodes_ask_threshold && confirm("The network contains a lot of nodes, displaying it may slow down your browser. Continue?")) {
@ -1572,7 +1576,8 @@ class MispInteraction {
if (!that.can_create_reference(edgeData.from) || !that.can_be_referenced(edgeData.to)) {
return;
}
genericPopup('/objectReferences/add/'+edgeData.from, '#popover_form', function() {
var edgeFromId = edgeData.from.startsWith('o-') ? edgeData.from.substr(2) : edgeData.from;
genericPopup('/objectReferences/add/'+edgeFromId, '#popover_form', function() {
$('#ObjectReferenceReferencedUuid').val(uuid);
objectReferenceInput();
});
@ -1637,6 +1642,7 @@ class MispInteraction {
var selected_nodes = nodeData.nodes;
for (var nodeID of selected_nodes) {
var node = this.nodes.get(nodeID)
nodeID = nodeID.startsWith('o-') ? nodeID.substr(2) : nodeID;
if (node.group.slice(0, 9) == "attribute") {
deleteObject('attributes', 'delete', nodeID, scope_id);
} else if (node.group == "object") {
@ -1649,6 +1655,7 @@ class MispInteraction {
var that = mispInteraction;
var id = nodeData.id
var group = nodes.get(id).group;
id = id.startsWith('o-') ? id.substr(2) : id;
if (group.slice(0, 9) == 'attribute') {
simplePopup('/attributes/edit/'+id);
} else if (group == 'object') {
@ -1861,7 +1868,7 @@ function genericPopupCallback(result) {
// sucess and eventgraph is enabled
if (result == "success" && dataHandler !== undefined) {
mispInteraction.apply_callback();
dataHandler.fetch_data_and_update(false);
dataHandler.fetch_data_and_update(false, true);
}
}
@ -1958,7 +1965,7 @@ function import_graph_from_json(data) {
$('#checkbox_physics_enable').prop('checked', data.physics.enabled);
// update data
dataHandler.fetch_data_and_update(false, function() {
dataHandler.fetch_data_and_update(false, false, function() {
eventGraph.nodes.update(data.nodes);
eventGraph.expand_previous_expansion(data.nodes);
eventGraph.hiddenNode.clear();
@ -2180,7 +2187,7 @@ $(document).on("keyup", function(evt) {
});
eventGraph.update_scope();
dataHandler.fetch_data_and_update(true, function() {
dataHandler.fetch_data_and_update(true, false, function() {
var $select = $('#network-typeahead');
dataHandler.get_typeaheadData_search().forEach(function(element) {
var $option = $('<option></option>');

23
app/webroot/js/misp.js
View File

@ -57,12 +57,21 @@ function fetchAddSightingForm(type, attribute_id, page, onvalue) {
}
function flexibleAddSighting(clicked, type, attribute_id, event_id, value, page, placement) {
$clicked = $(clicked);
var html = '<div>'
+ '<button class="btn btn-primary" onclick="addSighting(\'' + type + '\', \'' + attribute_id + '\', \'' + event_id + '\', \'' + page + '\')">This attribute</button>'
+ '<button class="btn btn-primary" style="margin-left:5px;" onclick="fetchAddSightingForm(\'' + type + '\', \'' + attribute_id + '\', \'' + page + '\', true)">Global value</button>'
+ '</div>';
openPopover(clicked, html, true, placement);
var $clicked = $(clicked);
var hoverbroken = false;
$clicked.off('mouseleave.temp').on('mouseleave.temp', function() {
hoverbroken = true;
});
setTimeout(function() {
$clicked.off('mouseleave.temp');
if ($clicked.is(":hover") && !hoverbroken) {
var html = '<div>'
+ '<button class="btn btn-primary" onclick="addSighting(\'' + type + '\', \'' + attribute_id + '\', \'' + event_id + '\', \'' + page + '\')">This attribute</button>'
+ '<button class="btn btn-primary" style="margin-left:5px;" onclick="fetchAddSightingForm(\'' + type + '\', \'' + attribute_id + '\', \'' + page + '\', true)">Global value</button>'
+ '</div>';
openPopover(clicked, html, true, placement);
}
}, 1000);
}
function publishPopup(id, type) {
@ -1532,7 +1541,7 @@ function openPopover(clicked, data, hover, placement, callback) {
var randomId = $clicked.attr('data-dismissid') !== undefined ? $clicked.attr('data-dismissid') : Math.random().toString(36).substr(2,9); // used to recover the button that triggered the popover (so that we can destroy the popover)
var loadingHtml = '<div style="height: 75px; width: 75px;"><div class="spinner"></div><div class="loadingText">Loading</div></div>';
$clicked.attr('data-dismissid', randomId);
var closeButtonHtml = '<button type="button" class="close" style="margin-left: 5px;" onclick="$(&apos;[data-dismissid=&quot;' + randomId + '&quot;]&apos;).popover(\'destroy\');">×</button>';
var closeButtonHtml = '<button type="button" class="close" style="margin-left: 5px;" onclick="$(&apos;[data-dismissid=&quot;' + randomId + '&quot;]&apos;).popover(\'hide\');">×</button>';
if (!$clicked.data('popover')) {
$clicked.addClass('have-a-popover');