diff --git a/PyMISP b/PyMISP index de6a64ba4..c80d35fa7 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit de6a64ba45b56cef1a233df306da411c49801c03 +Subproject commit c80d35fa75dba79d226cb4586397337df9acb7f6 diff --git a/app/Console/Command/EventShell.php b/app/Console/Command/EventShell.php index ede2cec53..c5607bef8 100644 --- a/app/Console/Command/EventShell.php +++ b/app/Console/Command/EventShell.php @@ -180,29 +180,6 @@ class EventShell extends AppShell } } - private function __recursiveEcho($array) { - $text = ""; - foreach ($array as $k => $v) { - if (is_array($v)) { - if (empty($v)) $text .= '<' . $k . '/>'; - else { - foreach ($v as $element) { - $text .= '<' . $k . '>'; - $text .= $this->__recursiveEcho($element); - $text .= ''; - } - } - } else { - if ($v === false) $v = 0; - if ($v === "" || $v === null) $text .= '<' . $k . '/>'; - else { - $text .= '<' . $k . '>' . $v . ''; - } - } - } - return $text; - } - public function cachehids() { $timeStart = time(); $userId = $this->args[0]; diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 3b57310dc..74e6e7f91 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -46,7 +46,7 @@ class AppController extends Controller public $helpers = array('Utility', 'OrgImg', 'FontAwesome', 'UserName'); - private $__queryVersion = '89'; + private $__queryVersion = '90'; public $pyMispVersion = '2.4.114'; public $phpmin = '7.0'; public $phprec = '7.2'; diff --git a/app/Controller/TagCollectionsController.php b/app/Controller/TagCollectionsController.php index ea15fc20b..ee3060b39 100644 --- a/app/Controller/TagCollectionsController.php +++ b/app/Controller/TagCollectionsController.php @@ -237,6 +237,9 @@ class TagCollectionsController extends AppController $RearrangeTool = new RequestRearrangeTool(); $this->request->data = $RearrangeTool->rearrangeArray($this->request->data, $rearrangeRules); if ($id === false) { + if (!isset($this->request->data['tag_collection'])) { + throw new NotFoundException(__('Invalid tag collection')); + } $id = $this->request->data['tag_collection']; } if (!$this->request->is('post')) { @@ -247,6 +250,9 @@ class TagCollectionsController extends AppController $this->render('/Events/add_tag'); } else { if ($tag_id === false) { + if (!isset($this->request->data['tag'])) { + throw new NotFoundException(__('Invalid tag')); + } $tag_id = $this->request->data['tag']; } $conditions = array(); diff --git a/app/Lib/Tools/EventGraphTool.php b/app/Lib/Tools/EventGraphTool.php index 9ec0f35e3..b8414d564 100644 --- a/app/Lib/Tools/EventGraphTool.php +++ b/app/Lib/Tools/EventGraphTool.php @@ -40,7 +40,7 @@ private function __get_event($id) { - $this->__json['available_rotation_key'] = $this->__authorized_JSON_key; + $this->__json['available_pivot_key'] = $this->__authorized_JSON_key; $fullevent = $this->__eventModel->fetchEvent($this->__user, array('eventid' => $id, 'flatten' => 0, 'includeTagRelations' => 1, 'extended' => $this->__extended_view)); $event = array(); @@ -265,7 +265,7 @@ foreach ($object as $obj) { $toPush = array( - 'id' => $obj['id'], + 'id' => sprintf('o-%s', $obj['id']), 'uuid' => $obj['uuid'], 'type' => $obj['name'], 'label' => '', @@ -290,8 +290,8 @@ $toPush = array( 'id' => $rel['id'], 'uuid' => $rel['uuid'], - 'from' => $obj['id'], - 'to' => $rel['referenced_id'], + 'from' => sprintf('o-%s', $obj['id']), + 'to' => $rel['referenced_type'] == 1 ? sprintf('o-%s', $rel['referenced_id']) : $rel['referenced_id'], 'type' => $rel['relationship_type'], 'comment' => $rel['comment'], 'event_id' => $rel['event_id'], @@ -356,7 +356,7 @@ foreach ($object as $obj) { $toPush = array( - 'id' => $obj['id'], + 'id' => sprintf('o-%s', $obj['id']), 'uuid' => $obj['uuid'], 'type' => $obj['name'], 'Attribute' => $obj['Attribute'], @@ -382,7 +382,7 @@ if (!in_array($tag['name'], $added_value)) { $toPush = array( 'id' => "tag_edge_id_" . $i, - 'from' => $obj['id'], + 'from' => sprintf('o-%s', $obj['id']), 'to' => $tag['name'], ); $tagSet[$tag['name']] = $tag; @@ -466,7 +466,7 @@ foreach ($object as $obj) { $toPush = array( - 'id' => $obj['id'], + 'id' => sprintf('o-%s', $obj['id']), 'uuid' => $obj['uuid'], 'type' => $obj['name'], 'Attribute' => $obj['Attribute'], @@ -491,7 +491,7 @@ if (!in_array($keyVal, $added_value)) { $toPush = array( 'id' => "keyType_edge_id_" . $i, - 'from' => $obj['id'], + 'from' => sprintf('o-%s', $obj['id']), 'to' => "keyType_" . $keyVal, ); array_push($added_value, $keyVal); diff --git a/app/Model/DecayingModelsFormulas/Base.php b/app/Model/DecayingModelsFormulas/Base.php index 3ba47c53a..73f491037 100644 --- a/app/Model/DecayingModelsFormulas/Base.php +++ b/app/Model/DecayingModelsFormulas/Base.php @@ -124,5 +124,3 @@ abstract class DecayingModelBase // Return a True if the attribute should be marked as decayed abstract public function isDecayed($model, $attribute, $score); } - -?> diff --git a/app/Model/DecayingModelsFormulas/Polynomial.php b/app/Model/DecayingModelsFormulas/Polynomial.php index dcb75d8da..a981122e8 100644 --- a/app/Model/DecayingModelsFormulas/Polynomial.php +++ b/app/Model/DecayingModelsFormulas/Polynomial.php @@ -24,4 +24,3 @@ class Polynomial extends DecayingModelBase return $threshold > $score; } } -?> diff --git a/app/Model/DecayingModelsFormulas/PolynomialExtended.php b/app/Model/DecayingModelsFormulas/PolynomialExtended.php index 4d8e54db8..4fa8ecfbb 100644 --- a/app/Model/DecayingModelsFormulas/PolynomialExtended.php +++ b/app/Model/DecayingModelsFormulas/PolynomialExtended.php @@ -51,4 +51,3 @@ class PolynomialExtended extends Polynomial return parent::isDecayed($model, $attribute, $score); } } -?> diff --git a/app/Model/SharingGroup.php b/app/Model/SharingGroup.php index 6796b3f92..113740579 100644 --- a/app/Model/SharingGroup.php +++ b/app/Model/SharingGroup.php @@ -189,7 +189,11 @@ class SharingGroup extends AppModel 'conditions' => array('id' => $sg['SharingGroup']['org_id']) )); } - $sg['Organisation'] = $this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation']; + if(isset($this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation'])) { + $sg['Organisation'] = $this->__sgoCache[$sg['SharingGroup']['org_id']]['Organisation']; + } else { + $sg['Organisation'] = ''; + } if (!empty($sg['SharingGroupOrg'])) { foreach ($sg['SharingGroupOrg'] as &$sgo) { if (!isset($this->__sgoCache[$sgo['org_id']])) { diff --git a/app/View/Elements/Events/View/sighting_field.ctp b/app/View/Elements/Events/View/sighting_field.ctp index 1357455ee..6073f146e 100644 --- a/app/View/Elements/Events/View/sighting_field.ctp +++ b/app/View/Elements/Events/View/sighting_field.ctp @@ -9,9 +9,9 @@ -   -   -   +   +   +   diff --git a/app/View/Elements/Events/View/value_field.ctp b/app/View/Elements/Events/View/value_field.ctp index 177cab5e7..0b5900c0a 100644 --- a/app/View/Elements/Events/View/value_field.ctp +++ b/app/View/Elements/Events/View/value_field.ctp @@ -58,7 +58,7 @@ switch ($object['type']) { } else { $sigDisplay = str_replace("\r", '', h($sigDisplay)); $sigDisplay = str_replace(" ", ' ', $sigDisplay); - echo h($sigDisplay); + echo $sigDisplay; } break; diff --git a/app/View/Helper/FontAwesomeHelper.php b/app/View/Helper/FontAwesomeHelper.php index 34e806956..521f7f56a 100644 --- a/app/View/Helper/FontAwesomeHelper.php +++ b/app/View/Helper/FontAwesomeHelper.php @@ -446,4 +446,3 @@ App::uses('AppHelper', 'View/Helper'); } } } -?> diff --git a/app/View/Helper/GenericPickerHelper.php b/app/View/Helper/GenericPickerHelper.php index 36b30b210..9f9fe14f1 100644 --- a/app/View/Helper/GenericPickerHelper.php +++ b/app/View/Helper/GenericPickerHelper.php @@ -113,4 +113,3 @@ class GenericPickerHelper extends AppHelper { return $template; } } -?> diff --git a/app/View/Helper/HighlightHelper.php b/app/View/Helper/HighlightHelper.php index d47d17be3..571cb460e 100644 --- a/app/View/Helper/HighlightHelper.php +++ b/app/View/Helper/HighlightHelper.php @@ -40,4 +40,3 @@ App::uses('AppHelper', 'View/Helper'); } } -?> diff --git a/app/View/Helper/OrgImgHelper.php b/app/View/Helper/OrgImgHelper.php index 2a6cac1f5..5482287f5 100644 --- a/app/View/Helper/OrgImgHelper.php +++ b/app/View/Helper/OrgImgHelper.php @@ -58,4 +58,3 @@ App::uses('AppHelper', 'View/Helper'); } } } -?> diff --git a/app/View/Helper/PivotHelper.php b/app/View/Helper/PivotHelper.php index 56227c672..8918f747d 100644 --- a/app/View/Helper/PivotHelper.php +++ b/app/View/Helper/PivotHelper.php @@ -80,5 +80,3 @@ App::uses('AppHelper', 'View/Helper'); return $height + $heightToAdd; } } - -?> diff --git a/app/View/Helper/TextColourHelper.php b/app/View/Helper/TextColourHelper.php index 1a80ab2c0..aacfb0e91 100644 --- a/app/View/Helper/TextColourHelper.php +++ b/app/View/Helper/TextColourHelper.php @@ -17,4 +17,3 @@ App::uses('AppHelper', 'View/Helper'); } } } -?> diff --git a/app/View/Helper/UserNameHelper.php b/app/View/Helper/UserNameHelper.php index f21f04f08..3ba628bb3 100644 --- a/app/View/Helper/UserNameHelper.php +++ b/app/View/Helper/UserNameHelper.php @@ -21,4 +21,3 @@ App::uses('AppHelper', 'View/Helper'); return ''; } } -?> diff --git a/app/View/Helper/UtilityHelper.php b/app/View/Helper/UtilityHelper.php index b4194abb6..7ddd7490e 100644 --- a/app/View/Helper/UtilityHelper.php +++ b/app/View/Helper/UtilityHelper.php @@ -9,4 +9,4 @@ App::uses('AppHelper', 'View/Helper'); return $string; } } -?> + diff --git a/app/View/Helper/XmlOutputHelper.php b/app/View/Helper/XmlOutputHelper.php index b34169b6d..2f80d237a 100644 --- a/app/View/Helper/XmlOutputHelper.php +++ b/app/View/Helper/XmlOutputHelper.php @@ -22,4 +22,3 @@ App::uses('AppHelper', 'View/Helper'); } } } -?> diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index ac8236d16..078a9f576 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit ac8236d16dca06076150fc9d6e7ec544645a676f +Subproject commit 078a9f5763ec65aab6acbe6b51eafc153947ef00 diff --git a/app/files/scripts/generate_file_objects.py b/app/files/scripts/generate_file_objects.py index 73ecfd4b6..5aa74715b 100644 --- a/app/files/scripts/generate_file_objects.py +++ b/app/files/scripts/generate_file_objects.py @@ -5,7 +5,7 @@ import argparse import json try: - from pymisp import MISPEncode + from pymisp import pymisp_json_default from pymisp.tools import make_binary_objects except ImportError: pass @@ -51,7 +51,7 @@ def make_objects(path): to_return['objects'].append(fo) if fo.ObjectReference: to_return['references'] += fo.ObjectReference - return json.dumps(to_return, cls=MISPEncode) + return json.dumps(to_return, default=pymisp_json_default) if __name__ == '__main__': diff --git a/app/webroot/js/action_table.js b/app/webroot/js/action_table.js index d3fe6aecd..96a45b5bb 100644 --- a/app/webroot/js/action_table.js +++ b/app/webroot/js/action_table.js @@ -247,7 +247,7 @@ class ActionTable { var td = document.createElement('td'); var btn = document.createElement('button'); btn.classList.add("btn", "btn-danger"); - btn.innerHTML = ''; + btn.innerHTML = ''; btn.type = "button"; btn.setAttribute('rowID', tr.id); if (that.row_action_button_style.tooltip !== undefined) { diff --git a/app/webroot/js/event-graph.js b/app/webroot/js/event-graph.js index 80228639c..c9c0399ed 100644 --- a/app/webroot/js/event-graph.js +++ b/app/webroot/js/event-graph.js @@ -155,7 +155,7 @@ class EventGraph { $("#select_graph_scope").val(value); } - if (value == "Rotation key") { + if (value == "Pivot key") { $("#network-scope-badge").text(value + ": " + eventGraph.scope_keyType); } else { $("#network-scope-badge").text(value); @@ -176,30 +176,30 @@ class EventGraph { label: "Scope", tooltip: "The scope represented by the network", event: function(value) { - if (value == "Rotation key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Rotation key scope + if (value == "Pivot key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Pivot key scope return; } else { eventGraph.update_scope(value); dataHandler.fetch_data_and_update(); } }, - options: ["Reference", "Tag", "Rotation key"], + options: ["Reference", "Tag", "Pivot key"], default: "Reference" }); menu_scope.add_select({ id: "input_graph_scope_jsonkey", - label: "Rotation key", + label: "Pivot key", tooltip: "The key around which the network will be constructed", event: function(value) { - if (value == "Rotation key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Rotation key scope + if (value == "Pivot key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Pivot key scope return; } else { eventGraph.scope_keyType = value; - eventGraph.update_scope("Rotation key"); + eventGraph.update_scope("Pivot key"); dataHandler.fetch_data_and_update(); } }, - options: dataHandler.available_rotation_key ? dataHandler.available_rotation_key : [], + options: dataHandler.available_pivot_key ? dataHandler.available_pivot_key : [], default: "" }); return menu_scope; @@ -298,7 +298,8 @@ class EventGraph { for(var nodeId of objectIds) { eventGraph.expand_node(nodeId); } - } + }, + title: "Expanding all nodes may takes some time" }); menu_display.add_button({ label: "Collapse all nodes", @@ -310,7 +311,8 @@ class EventGraph { for(var nodeId of objectIds) { eventGraph.collapse_node(nodeId); } - } + }, + title: "Collapsing all nodes may takes some time" }); menu_display.add_slider({ id: 'slider_display_max_char_num', @@ -1399,7 +1401,7 @@ class DataHandler { eventGraph.menu_filter.items["table_attr_value"].add_options("table_control_select_attr_value", available_object_references); } - fetch_data_and_update(stabilize, callback) { + fetch_data_and_update(stabilize, updateOnly, callback) { eventGraph.network_loading(true, loadingText_fetching); $.when(this.fetch_objects_template()).done(function() { var filtering_rules = eventGraph.get_filtering_rules(); @@ -1417,7 +1419,9 @@ class DataHandler { data: JSON.stringify( payload ), processData: false, success: function( data, textStatus, jQxhr ){ - eventGraph.reset_graphs(true); + if (updateOnly === undefined || updateOnly === false) { + eventGraph.reset_graphs(true); + } eventGraph.is_filtered = (filtering_rules.presence.length > 0 || filtering_rules.value.length > 0); eventGraph.first_draw = true; // update object state @@ -1427,8 +1431,8 @@ class DataHandler { return [[index, value]]; }); dataHandler.update_filtering_selectors(available_object_references, available_tags); - dataHandler.available_rotation_key = data.available_rotation_key; - eventGraph.menu_scope.add_options("input_graph_scope_jsonkey", dataHandler.available_rotation_key); + dataHandler.available_pivot_key = data.available_pivot_key; + eventGraph.menu_scope.add_options("input_graph_scope_jsonkey", dataHandler.available_pivot_key); if (data.items.length < nodes_ask_threshold) { eventGraph.update_graph(data); } else if (data.items.length > nodes_ask_threshold && confirm("The network contains a lot of nodes, displaying it may slow down your browser. Continue?")) { @@ -1572,7 +1576,8 @@ class MispInteraction { if (!that.can_create_reference(edgeData.from) || !that.can_be_referenced(edgeData.to)) { return; } - genericPopup('/objectReferences/add/'+edgeData.from, '#popover_form', function() { + var edgeFromId = edgeData.from.startsWith('o-') ? edgeData.from.substr(2) : edgeData.from; + genericPopup('/objectReferences/add/'+edgeFromId, '#popover_form', function() { $('#ObjectReferenceReferencedUuid').val(uuid); objectReferenceInput(); }); @@ -1637,6 +1642,7 @@ class MispInteraction { var selected_nodes = nodeData.nodes; for (var nodeID of selected_nodes) { var node = this.nodes.get(nodeID) + nodeID = nodeID.startsWith('o-') ? nodeID.substr(2) : nodeID; if (node.group.slice(0, 9) == "attribute") { deleteObject('attributes', 'delete', nodeID, scope_id); } else if (node.group == "object") { @@ -1649,6 +1655,7 @@ class MispInteraction { var that = mispInteraction; var id = nodeData.id var group = nodes.get(id).group; + id = id.startsWith('o-') ? id.substr(2) : id; if (group.slice(0, 9) == 'attribute') { simplePopup('/attributes/edit/'+id); } else if (group == 'object') { @@ -1861,7 +1868,7 @@ function genericPopupCallback(result) { // sucess and eventgraph is enabled if (result == "success" && dataHandler !== undefined) { mispInteraction.apply_callback(); - dataHandler.fetch_data_and_update(false); + dataHandler.fetch_data_and_update(false, true); } } @@ -1958,7 +1965,7 @@ function import_graph_from_json(data) { $('#checkbox_physics_enable').prop('checked', data.physics.enabled); // update data - dataHandler.fetch_data_and_update(false, function() { + dataHandler.fetch_data_and_update(false, false, function() { eventGraph.nodes.update(data.nodes); eventGraph.expand_previous_expansion(data.nodes); eventGraph.hiddenNode.clear(); @@ -2180,7 +2187,7 @@ $(document).on("keyup", function(evt) { }); eventGraph.update_scope(); -dataHandler.fetch_data_and_update(true, function() { +dataHandler.fetch_data_and_update(true, false, function() { var $select = $('#network-typeahead'); dataHandler.get_typeaheadData_search().forEach(function(element) { var $option = $(''); diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index f8309215f..cde9b2da6 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -57,12 +57,21 @@ function fetchAddSightingForm(type, attribute_id, page, onvalue) { } function flexibleAddSighting(clicked, type, attribute_id, event_id, value, page, placement) { - $clicked = $(clicked); - var html = '
' - + '' - + '' - + '
'; - openPopover(clicked, html, true, placement); + var $clicked = $(clicked); + var hoverbroken = false; + $clicked.off('mouseleave.temp').on('mouseleave.temp', function() { + hoverbroken = true; + }); + setTimeout(function() { + $clicked.off('mouseleave.temp'); + if ($clicked.is(":hover") && !hoverbroken) { + var html = '
' + + '' + + '' + + '
'; + openPopover(clicked, html, true, placement); + } + }, 1000); } function publishPopup(id, type) { @@ -1532,7 +1541,7 @@ function openPopover(clicked, data, hover, placement, callback) { var randomId = $clicked.attr('data-dismissid') !== undefined ? $clicked.attr('data-dismissid') : Math.random().toString(36).substr(2,9); // used to recover the button that triggered the popover (so that we can destroy the popover) var loadingHtml = '
Loading
'; $clicked.attr('data-dismissid', randomId); - var closeButtonHtml = ''; + var closeButtonHtml = ''; if (!$clicked.data('popover')) { $clicked.addClass('have-a-popover');