From e70992c5654dab2106b9b498e707c3898bca35a3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 11 Jun 2018 17:48:36 +0200
Subject: [PATCH] fix: Added impfuzzy validation

---
 app/Model/Attribute.php | 43 ++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 18 deletions(-)

diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index e01b0ac0e..b67cee610 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -815,20 +815,20 @@ class Attribute extends AppModel {
 	}
 
 	private $__hexHashLengths = array(
-			'authentihash' => 64,
-			'md5' => 32,
-			'imphash' => 32,
-			'sha1' => 40,
-            'x509-fingerprint-md5' => 32,
-			'x509-fingerprint-sha1' => 40,
-            'x509-fingerprint-sha256' => 64,
-			'pehash' => 40,
-			'sha224' => 56,
-			'sha256' => 64,
-			'sha384' => 96,
-			'sha512' => 128,
-			'sha512/224' => 56,
-			'sha512/256' => 64,
+		'authentihash' => 64,
+		'md5' => 32,
+		'imphash' => 32,
+		'sha1' => 40,
+		'x509-fingerprint-md5' => 32,
+		'x509-fingerprint-sha1' => 40,
+		'x509-fingerprint-sha256' => 64,
+		'pehash' => 40,
+		'sha224' => 56,
+		'sha256' => 64,
+		'sha384' => 96,
+		'sha512' => 128,
+		'sha512/224' => 56,
+		'sha512/256' => 64
 	);
 
 	public function runValidation($value, $type) {
@@ -845,8 +845,8 @@ class Attribute extends AppModel {
 			case 'sha512/224':
 			case 'sha512/256':
 			case 'authentihash':
-            case 'x509-fingerprint-md5':
-            case 'x509-fingerprint-sha256':
+			case 'x509-fingerprint-md5':
+			case 'x509-fingerprint-sha256':
 			case 'x509-fingerprint-sha1':
 				$length = $this->__hexHashLengths[$type];
 				if (preg_match("#^[0-9a-f]{" . $length . "}$#", $value)) {
@@ -876,6 +876,13 @@ class Attribute extends AppModel {
 				}
 				if (!$returnValue) $returnValue = 'Invalid SSDeep hash. The format has to be blocksize:hash:hash';
 				break;
+			case 'impfuzzy':
+				if (substr_count($value, ':') == 2) {
+					$parts = explode(':', $value);
+					if (is_numeric($parts[0])) $returnValue = true;
+				}
+				if (!$returnValue) $returnValue = 'Invalid impfuzzy format. The format has to be imports:hash:hash';
+				break;
 			case 'http-method':
 				if (preg_match("#(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH)#", $value)) {
 					$returnValue = true;
@@ -1270,8 +1277,8 @@ class Attribute extends AppModel {
 				$value = preg_replace('/^hxxp/i', 'http', $value);
 				$value = preg_replace('/\[\.\]/', '.' , $value);
 				break;
-            case 'x509-fingerprint-md5':
-            case 'x509-fingerprint-sha256':
+      case 'x509-fingerprint-md5':
+      case 'x509-fingerprint-sha256':
 			case 'x509-fingerprint-sha1':
 				$value = str_replace(':', '', $value);
 				$value = strtolower($value);