MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fixes to the RPZ export based on the testing of elhoim 

- some errors in the format (wrong comment character used, rpz-ip not appended to IP addresses, missing semi-colon)
- removed hostnames that are on domains blocked by the rules based on domain attributes
pull/567/head
Iglocska 2015-07-07 14:42:28 +02:00
parent b2e50768ac
commit e706562cd5
4 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":92}
{"major":2, "minor":3, "hotfix":93}

5
app/Controller/TemplatesController.php
View File

@ -297,6 +297,8 @@ class TemplatesController extends AppController {
}
}
// called when the user is finished populating a template and is has finished reviewing the resulting attributes at the last stage of the process
public function submitEventPopulation($template_id, $event_id) {
if ($this->request->is('post')) {
$this->loadModel('Event');
@ -412,6 +414,9 @@ class TemplatesController extends AppController {
return $array;
}
// deletes a temporary file created by the user while populating a template
// users can add files to attachment fields and when they change their mind about it, they can remove a file (deleting the temporary file)
// before it gets saved as an attribute and moved to the persistent attachment store
public function deleteTemporaryFile($filename) {
if (!$this->request->is('post')) throw new MethodNotAllowedException('This action is restricted to accepting POST requests only.');
//if (!$this->request->is('ajax')) throw new MethodNotAllowedException('This action is only accessible through AJAX.');

10
app/Lib/Export/RPZExport.php
View File

@ -37,9 +37,9 @@ class RPZExport {
public function explain($type, $policy) {
$explanations = array(
'ip' => '# The following list of IP addresses will ',
'domain' => '# The following domain names and all of their sub-domains will ',
'hostname' => '# The following hostnames will '
'ip' => '; The following list of IP addresses will ',
'domain' => '; The following domain names and all of their sub-domains will ',
'hostname' => '; The following hostnames will '
);
$policy_explanations = array(
'walled-garden' => 'returns the defined alternate location.',
@ -53,7 +53,7 @@ class RPZExport {
public function buildHeader($rpzSettings) {
$rpzSettings['serial'] = str_replace('$date', date('Ymd'), $rpzSettings['serial']);
$header = '';
$header .= '$TTL ' . $rpzSettings['ttl'] . PHP_EOL;
$header .= '$TTL ' . $rpzSettings['ttl'] . ';' . PHP_EOL;
$header .= '@ SOA ' . $rpzSettings['ns'] . ' ' . $rpzSettings['email'] . ' (' . $rpzSettings['serial'] . ' ' . $rpzSettings['refresh'] . ' ' . $rpzSettings['retry'] . ' ' . $rpzSettings['expiry'] . ' ' . $rpzSettings['minimum_ttl'] . ')' . PHP_EOL;
$header .= ' NS ' . $rpzSettings['ns'] . PHP_EOL . PHP_EOL;
return $header;
@ -106,7 +106,7 @@ class RPZExport {
if (strpos($input, '/')) {
list($input, $prefix) = explode('/', $input);
}
return $prefix . '.' . $this->{'__' . $type}($input) . ' CNAME ' . $action . PHP_EOL;
return $prefix . '.' . $this->{'__' . $type}($input) . '.rpz-ip CNAME ' . $action . PHP_EOL;
}
private function __ipv6($input) {

14
app/Model/Attribute.php
View File

@ -1323,7 +1323,7 @@ class Attribute extends AppModel {
public function rpz($org, $isSiteAdmin, $tags = false, $eventId = false, $from = false, $to = false) {
// we can group hostname and domain as well as ip-src and ip-dst in this case
$conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1);
$typesToFetch = array('ip' => array('ip-src', 'ip-dst'), 'hostname' => array('hostname'), 'domain' => array('domain'));
$typesToFetch = array('ip' => array('ip-src', 'ip-dst'), 'domain' => array('domain'), 'hostname' => array('hostname'));
if ($from) $conditions['AND']['Event.date >='] = $from;
if ($to) $conditions['AND']['Event.date <='] = $to;
if (!$isSiteAdmin) {
@ -1363,7 +1363,17 @@ class Attribute extends AppModel {
'group' => array('Attribute.value'), //fields to GROUP BY
);
$temp = $this->find('all', $params);
foreach ($temp as $value) $values[$k][] = $value['Attribute']['value'];
if ($k == 'hostname') {
foreach ($temp as $value) {
$found = false;
foreach ($values['domain'] as $domain) {
if (strpos($value['Attribute']['value'], $domain) != 0) {
$found = true;
}
}
if (!$found) $values[$k][] = $value['Attribute']['value'];
}
} else foreach ($temp as $value) $values[$k][] = $value['Attribute']['value'];
unset($temp);
}
return $values;