mirror of https://github.com/MISP/MISP
fix sanitization in Attributes #96
Christophe Vandeplas
parent
d11422831e
commit
e9bcacfbc3
|
|
@ -104,16 +104,7 @@ class AttributesController extends AppController {
|
|||
$this->Attribute->recursive = 0;
|
||||
$this->set('isSearch', 0);
|
||||
|
||||
// Sanitize::clean
|
||||
$paginated = $this->paginate();
|
||||
foreach ($paginated as &$attribute) {
|
||||
$attribute['Attribute']['value'] = $this->beforeSanitizeClean($attribute['Attribute']['value']); // TODO generic
|
||||
}
|
||||
$attributes = Sanitize::clean($paginated, array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true));
|
||||
foreach ($attributes as &$attribute) {
|
||||
$attribute['Attribute']['value'] = $this->counterSanitizeClean($attribute['Attribute']['value']); // TODO generic
|
||||
}
|
||||
$this->set('attributes', $attributes);
|
||||
$this->set('attributes', $this->paginate());
|
||||
|
||||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
|
|
@ -170,7 +161,7 @@ class AttributesController extends AppController {
|
|||
continue; // don't do anything for empty lines
|
||||
|
||||
$this->Attribute->create();
|
||||
$this->request->data['Attribute']['value'] = Sanitize::clean($attribute); // set the value as the content of the single line
|
||||
$this->request->data['Attribute']['value'] = $attribute; // set the value as the content of the single line
|
||||
$this->request->data = $this->Attribute->massageData($this->request->data);
|
||||
// TODO loop-holes,
|
||||
// there seems to be a loop-hole in misp here
|
||||
|
|
@ -305,11 +296,11 @@ class AttributesController extends AppController {
|
|||
$file = $this->Attribute->data['Attribute']['id'];
|
||||
$filename = '';
|
||||
if ('attachment' == $this->Attribute->data['Attribute']['type']) {
|
||||
$filename = Sanitize::clean($this->Attribute->data['Attribute']['value']);
|
||||
$filename = $this->Attribute->data['Attribute']['value'];
|
||||
$fileExt = pathinfo($filename, PATHINFO_EXTENSION);
|
||||
$filename = substr($filename, 0, strlen($filename) - strlen($fileExt) - 1);
|
||||
} elseif ('malware-sample' == $this->Attribute->data['Attribute']['type']) {
|
||||
$filenameHash = explode('|', Sanitize::clean($this->Attribute->data['Attribute']['value']));
|
||||
$filenameHash = explode('|', $this->Attribute->data['Attribute']['value']);
|
||||
$filename = $filenameHash[0];
|
||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||
$fileExt = "zip";
|
||||
|
|
@ -591,7 +582,7 @@ class AttributesController extends AppController {
|
|||
$this->request->data = $this->Attribute->read(null, $id);
|
||||
}
|
||||
|
||||
$this->set('attribute', Sanitize::clean($this->request->data));
|
||||
$this->set('attribute', $this->request->data);
|
||||
|
||||
// enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event
|
||||
$this->loadModel('Event');
|
||||
|
|
@ -735,7 +726,8 @@ class AttributesController extends AppController {
|
|||
|
||||
// search on the value field
|
||||
if (isset($keyword)) {
|
||||
$keywordArray = preg_split("/\r\n|\n|\r/", $keyword);
|
||||
$keywordArray = explode("\n", $keyword);
|
||||
$this->set('keywordArray', $keywordArray);
|
||||
$i = 1;
|
||||
$temp = array();
|
||||
foreach ($keywordArray as $keywordArrayElement) {
|
||||
|
|
@ -759,7 +751,7 @@ class AttributesController extends AppController {
|
|||
|
||||
// event IDs to be excluded
|
||||
if (isset($keyword2)) {
|
||||
$keywordArray2 = preg_split("/\r\n|\n|\r/", $keyword2);
|
||||
$keywordArray2 = explode("\n", $keyword2);
|
||||
$i = 1;
|
||||
$temp = array();
|
||||
foreach ($keywordArray2 as $keywordArrayElement) {
|
||||
|
|
@ -809,19 +801,11 @@ class AttributesController extends AppController {
|
|||
);
|
||||
}
|
||||
$idList = array();
|
||||
$attributes = h($this->paginate());
|
||||
$attributes = $this->paginate();
|
||||
foreach ($attributes as &$attribute) {
|
||||
if (!in_array($attribute['Attribute']['event_id'], $idList)) {
|
||||
$idList[] = $attribute['Attribute']['event_id'];
|
||||
}
|
||||
$attribute['Attribute']['value'] = str_replace('\n', chr(10), $attribute['Attribute']['value']);
|
||||
foreach ($keywordArray as $keywordArrayElement) {
|
||||
$keywordArrayElement = trim($keywordArrayElement);
|
||||
if ($attribute['Attribute']['type'] == 'malware-sample' || $attribute['Attribute']['type'] == 'link' || $attribute['Attribute']['type'] == 'attachment') {
|
||||
$attribute['Attribute']['valueNoScript'] = preg_replace('%' . $keywordArrayElement . '%i', $keywordArrayElement, $attribute['Attribute']['value']);
|
||||
}
|
||||
$attribute['Attribute']['value'] = preg_replace('%' . $keywordArrayElement . '%i', '<span style="color:red">' . $keywordArrayElement . '</span>', $attribute['Attribute']['value']);
|
||||
}
|
||||
}
|
||||
$this->set('attributes', $attributes);
|
||||
|
||||
|
|
@ -866,11 +850,7 @@ class AttributesController extends AppController {
|
|||
// re-get pagination
|
||||
$this->Attribute->recursive = 0;
|
||||
$this->paginate = $this->Session->read('paginate_conditions');
|
||||
$attributes = Sanitize::clean($this->paginate(), array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true));
|
||||
foreach ($attributes as &$attribute) {
|
||||
$attribute['Attribute']['value'] = str_replace('\n', chr(10), $attribute['Attribute']['value']);
|
||||
}
|
||||
$this->set('attributes', $attributes);
|
||||
$this->set('attributes', $this->paginate());
|
||||
|
||||
// set the same view as the index page
|
||||
$this->render('index');
|
||||
|
|
|
|||
|
|
@ -22,12 +22,24 @@ if ($isSearch == 1) {
|
|||
</tr>
|
||||
<?php
|
||||
$currentCount = 0;
|
||||
|
||||
if ($isSearch == 1) {
|
||||
// build the $replacePairs variable used to highlight the keywords
|
||||
$replacementArray = array();
|
||||
foreach ($keywordArray as &$keywordArrayElement) {
|
||||
$keywordArrayElement = trim($keywordArrayElement);
|
||||
if ("" == $keywordArrayElement) continue;
|
||||
$replacementArray[] = '<span style="color:red">'.$keywordArrayElement.'</span>';
|
||||
}
|
||||
if (!empty($replacementArray))
|
||||
$replacePairs = array_combine($keywordArray, $replacementArray);
|
||||
}
|
||||
foreach ($attributes as $attribute):
|
||||
?>
|
||||
<tr>
|
||||
<td class="short">
|
||||
<div id="<?php echo $attribute['Attribute']['id']?>" title="<?php echo h($attribute['Event']['info'])?>">
|
||||
<?php
|
||||
echo "<div id = \"" . $attribute['Attribute']['id'] . "\" title = \"".h($attribute['Event']['info'])."\">";
|
||||
if ($attribute['Event']['orgc'] == $me['org']) {
|
||||
echo $this->Html->link($attribute['Event']['id'], array('controller' => 'events', 'action' => 'view', $attribute['Event']['id']), array('class' => 'SameOrgLink'));
|
||||
} else {
|
||||
|
|
@ -35,6 +47,7 @@ foreach ($attributes as $attribute):
|
|||
}
|
||||
$currentCount++;
|
||||
?>
|
||||
</div>
|
||||
</td>
|
||||
<td title="<?php echo $categoryDefinitions[$attribute['Attribute']['category']]['desc'];?>" class="short" onclick="document.location ='
|
||||
<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
|
||||
|
|
@ -44,15 +57,15 @@ foreach ($attributes as $attribute):
|
|||
<?php echo h($attribute['Attribute']['type']); ?> </td>
|
||||
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
|
||||
<?php
|
||||
$sigDisplay = nl2br($attribute['Attribute']['value']);
|
||||
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
|
||||
if ($isSearch == 1 && !empty($replacePairs)) {
|
||||
// highlight the keywords if there are any
|
||||
$sigDisplay = strtr($sigDisplay, $replacePairs);
|
||||
}
|
||||
if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attribute['Attribute']['type']) {
|
||||
echo $this->Html->link($sigDisplay, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']), array('escape' => FALSE));
|
||||
} elseif ('link' == $attribute['Attribute']['type']) {
|
||||
if (isset($attribute['Attribute']['ValueNoScript'])) {
|
||||
echo $this->Html->link($sigDisplay, nl2br($attribute['Attribute']['valueNoScript']), array('escape' => FALSE));
|
||||
} else {
|
||||
echo $this->Html->link($sigDisplay, nl2br($attribute['Attribute']['value']), array('escape' => FALSE));
|
||||
}
|
||||
echo $this->Html->link($sigDisplay, nl2br(h($attribute['Attribute']['value'])), array('escape' => FALSE));
|
||||
} else {
|
||||
echo $sigDisplay;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -151,7 +151,7 @@ if (!empty($event['Attribute'])):?>
|
|||
<td class="short" title="<?php echo $typeDefinitions[$attribute['type']]['desc'];?>">
|
||||
<?php echo h($attribute['type']);?></td>
|
||||
<td><?php
|
||||
$sigDisplay = nl2br($attribute['value']);
|
||||
$sigDisplay = $attribute['value'];
|
||||
if ('attachment' == $attribute['type'] || 'malware-sample' == $attribute['type'] ) {
|
||||
$filenameHash = explode('|', $attribute['value']);
|
||||
if (strrpos($filenameHash[0], '\\')) {
|
||||
|
|
@ -168,11 +168,11 @@ if (!empty($event['Attribute'])):?>
|
|||
echo h($filenameHash[0]);
|
||||
if (isset($filenameHash[1])) echo ' | ' . h($filenameHash[1]);
|
||||
} elseif ('vulnerability' == $attribute['type']) {
|
||||
echo $this->Html->link($sigDisplay, 'http://www.google.com/search?q=' . $sigDisplay, array('target' => '_blank'));
|
||||
echo $this->Html->link($sigDisplay, 'http://www.google.com/search?q=' . h($sigDisplay), array('target' => '_blank'));
|
||||
} elseif ('link' == $attribute['type']) {
|
||||
echo $this->Html->link($sigDisplay, $sigDisplay);
|
||||
echo $this->Html->link(h($sigDisplay), h($sigDisplay));
|
||||
} else {
|
||||
echo h($sigDisplay);
|
||||
echo nl2br(h($sigDisplay));
|
||||
}?>
|
||||
</td>
|
||||
<td class="short" style="text-align: center;">
|
||||
|
|
|
|||
Loading…
Reference in New Issue