mirror of https://github.com/MISP/MISP
Merge branch 'hotfix-2.1.32' into develop
- Also, added CIDR to rest searches. Make sure you use the following format: a.b.c.d|e Conflicts: app/Controller/AttributesController.phppull/217/head
iglocska
commit
eab4923144
|
|
@ -10,7 +10,7 @@ App::uses('File', 'Utility');
|
|||
*/
|
||||
class AttributesController extends AppController {
|
||||
|
||||
public $components = array('Security', 'RequestHandler');
|
||||
public $components = array('Security', 'RequestHandler', 'Cidr');
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
|
|
@ -873,9 +873,23 @@ class AttributesController extends AppController {
|
|||
$keywordArrayElement = '%' . trim($keywordArrayElement) . '%';
|
||||
if ($keywordArrayElement != '%%') {
|
||||
if ($keywordArrayElement[1] == '!') {
|
||||
array_push($temp2, array('Attribute.value NOT LIKE' => '%' . substr($keywordArrayElement, 2)));
|
||||
if (preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', substr($saveWord, 2))) {
|
||||
$cidrresults = $this->Cidr->CIDR($saveWord);
|
||||
foreach ($cidrresults as $result) {
|
||||
array_push($temp2, array('Attribute.value NOT LIKE' => $result));
|
||||
}
|
||||
} else {
|
||||
array_push($temp2, array('Attribute.value NOT LIKE' => '%' . substr($keywordArrayElement, 2)));
|
||||
}
|
||||
} else {
|
||||
array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement));
|
||||
if (preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', $saveWord)) {
|
||||
$cidrresults = $this->Cidr->CIDR($saveWord);
|
||||
foreach ($cidrresults as $result) {
|
||||
array_push($temp, array('Attribute.value LIKE' => $result));
|
||||
}
|
||||
} else {
|
||||
array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement));
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($i == 1 && $saveWord != '') $keyWordText = $saveWord;
|
||||
|
|
@ -1086,6 +1100,7 @@ class AttributesController extends AppController {
|
|||
if (!$user) {
|
||||
throw new UnauthorizedException('This authentication key is not authorized to be used for exports. Contact your administrator.');
|
||||
}
|
||||
$value = str_replace('|', '/', $value);
|
||||
$this->response->type('xml'); // set the content type
|
||||
$this->layout = 'xml/default';
|
||||
$this->header('Content-Disposition: download; filename="misp.search.attribute.results.xml"');
|
||||
|
|
@ -1095,15 +1110,37 @@ class AttributesController extends AppController {
|
|||
// add the values as specified in the 2nd parameter to the conditions
|
||||
$values = explode('&&', $value);
|
||||
$parameters = array('value', 'type', 'category', 'org');
|
||||
|
||||
|
||||
foreach ($parameters as $k => $param) {
|
||||
if (isset(${$parameters[$k]})) {
|
||||
$elements = explode('&&', ${$parameters[$k]});
|
||||
foreach($elements as $v) {
|
||||
if (substr($v, 0, 1) == '!') {
|
||||
$subcondition['AND'][] = array('Attribute.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
|
||||
if ($parameters[$k] === 'value' && preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', substr($v, 1))) {
|
||||
$cidrresults = $this->Cidr->CIDR(substr($v, 1));
|
||||
foreach ($cidrresults as $result) {
|
||||
$subcondition['AND'][] = array('Attribute.value NOT LIKE' => $result);
|
||||
}
|
||||
} else {
|
||||
if ($parameters[$k] === 'org') {
|
||||
$subcondition['AND'][] = array('Event.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
|
||||
} else {
|
||||
$subcondition['AND'][] = array('Attribute.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
|
||||
if ($parameters[$k] === 'value' && preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', substr($v, 1))) {
|
||||
$cidrresults = $this->Cidr->CIDR($v);
|
||||
foreach ($cidrresults as $result) {
|
||||
$subcondition['OR'][] = array('Attribute.value LIKE' => $result);
|
||||
}
|
||||
} else {
|
||||
if ($parameters[$k] === 'org') {
|
||||
$subcondition['OR'][] = array('Event.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
|
||||
} else {
|
||||
$subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
array_push ($conditions['AND'], $subcondition);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,43 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* CIDR conversion tool
|
||||
*/
|
||||
|
||||
class CidrComponent extends Component {
|
||||
public function CIDR($cidr) {
|
||||
list($address, $prefix) = explode('/', $cidr, 2);
|
||||
$address = decbin(ip2long($address));
|
||||
$address = substr("00000000000000000000000000000000",0,32 - strlen($address)) . $address;
|
||||
$min = '';
|
||||
$max = '';
|
||||
for ($i = 0; $i < $prefix; $i++) {
|
||||
$min .= $address[$i];
|
||||
}
|
||||
$max = $min;
|
||||
$min = str_pad($min, 32, '0', STR_PAD_RIGHT);
|
||||
$max = str_pad($max, 32, '1', STR_PAD_RIGHT);
|
||||
$minArray = array();
|
||||
$maxArray = array();
|
||||
$searchTermLeft = '';
|
||||
$searchTermMin = 0;
|
||||
$searchTermMax = 0;
|
||||
$results = array();
|
||||
for ($i = 0; $i < 4; $i++) {
|
||||
$minArray[] = bindec(substr($min, ($i*8), 8));
|
||||
$maxArray[] = bindec(substr($max, ($i*8), 8));
|
||||
if ($minArray[$i] === $maxArray[$i]) $searchTermLeft .= $minArray[$i] . '.';
|
||||
else {
|
||||
$searchTermMin = $minArray[$i];
|
||||
$searchTermMax = $maxArray[$i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
$length = $i;
|
||||
for ($i = 0; $i < ($searchTermMax - $searchTermMin + 1); $i++) {
|
||||
$results[$i] = $searchTermLeft . ($searchTermMin + $i);
|
||||
if ($length < 3) $results[$i] .= '.%';
|
||||
}
|
||||
return $results;
|
||||
}
|
||||
}
|
||||
|
|
@ -21,7 +21,8 @@ class EventsController extends AppController {
|
|||
'HidsSha1Export',
|
||||
//'NidsSuricataExport',
|
||||
'IOCExport',
|
||||
'IOCImport'
|
||||
'IOCImport',
|
||||
'Cidr'
|
||||
);
|
||||
|
||||
public $paginate = array(
|
||||
|
|
@ -2196,6 +2197,7 @@ class EventsController extends AppController {
|
|||
if (!$user) {
|
||||
throw new UnauthorizedException('This authentication key is not authorized to be used for exports. Contact your administrator.');
|
||||
}
|
||||
$value = str_replace('|', '/', $value);
|
||||
$this->response->type('xml'); // set the content type
|
||||
$this->layout = 'xml/default';
|
||||
$this->header('Content-Disposition: download; filename="misp.search.events.results.xml"');
|
||||
|
|
@ -2211,9 +2213,31 @@ class EventsController extends AppController {
|
|||
$elements = explode('&&', ${$parameters[$k]});
|
||||
foreach($elements as $v) {
|
||||
if (substr($v, 0, 1) == '!') {
|
||||
$subcondition['AND'][] = array('Attribute.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
|
||||
if ($parameters[$k] === 'value' && preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', substr($v, 1))) {
|
||||
$cidrresults = $this->Cidr->CIDR(substr($v, 1));
|
||||
foreach ($cidrresults as $result) {
|
||||
$subcondition['AND'][] = array('Attribute.value NOT LIKE' => $result);
|
||||
}
|
||||
} else {
|
||||
if ($parameters[$k] === 'org') {
|
||||
$subcondition['AND'][] = array('Event.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
|
||||
} else {
|
||||
$subcondition['AND'][] = array('Attribute.' . $parameters[$k] . ' NOT LIKE' => '%'.substr($v, 1).'%');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
|
||||
if ($parameters[$k] === 'value' && preg_match('@^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$@', substr($v, 1))) {
|
||||
$cidrresults = $this->Cidr->CIDR($v);
|
||||
foreach ($cidrresults as $result) {
|
||||
$subcondition['OR'][] = array('Attribute.value LIKE' => $result);
|
||||
}
|
||||
} else {
|
||||
if ($parameters[$k] === 'org') {
|
||||
$subcondition['OR'][] = array('Event.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
|
||||
} else {
|
||||
$subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
array_push ($conditions['AND'], $subcondition);
|
||||
|
|
@ -2347,5 +2371,4 @@ class EventsController extends AppController {
|
|||
}
|
||||
$this->_add($data, false);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
$xmlArray = array();
|
||||
foreach ($results as $result) {
|
||||
$result['Event']['Attribute'] = $result['Attribute'];
|
||||
$result['Event']['ShadowAttribute'] = $result['ShadowAttribute'];
|
||||
$result['Event']['RelatedEvent'] = $result['RelatedEvent'];
|
||||
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
unset($result['Event']['user_id']);
|
||||
// hide the org field is we are not in showorg mode
|
||||
if ('true' != Configure::read('CyDefSIG.showorg') && !$isSiteAdmin) {
|
||||
unset($result['Event']['org']);
|
||||
unset($result['Event']['orgc']);
|
||||
unset($result['Event']['from']);
|
||||
}
|
||||
// remove value1 and value2 from the output and remove invalid utf8 characters for the xml parser
|
||||
foreach ($result['Event']['Attribute'] as $key => $value) {
|
||||
$result['Event']['Attribute'][$key]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $result['Event']['Attribute'][$key]['value']);
|
||||
unset($result['Event']['Attribute'][$key]['value1']);
|
||||
unset($result['Event']['Attribute'][$key]['value2']);
|
||||
unset($result['Event']['Attribute'][$key]['category_order']);
|
||||
}
|
||||
// remove invalid utf8 characters for the xml parser
|
||||
foreach($result['Event']['ShadowAttribute'] as $key => $value) {
|
||||
$result['Event']['ShadowAttribute'][$key]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $result['Event']['ShadowAttribute'][$key]['value']);
|
||||
}
|
||||
|
||||
if (isset($result['Event']['RelatedEvent'])) {
|
||||
foreach ($result['Event']['RelatedEvent'] as $key => $value) {
|
||||
unset($result['Event']['RelatedEvent'][$key]['user_id']);
|
||||
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
|
||||
unset($result['Event']['RelatedEvent'][$key]['org']);
|
||||
unset($result['Event']['RelatedEvent'][$key]['orgc']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$xmlArray['response']['Event'][] = $result['Event'];
|
||||
}
|
||||
|
||||
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
|
||||
echo $xmlObject->asXML();
|
||||
|
|
@ -26,7 +26,7 @@ App::uses('AppHelper', 'View/Helper');
|
|||
if ($pivot['deletable']) {
|
||||
$data[] = '<a class="pivotDelete icon-remove" href="/events/removePivot/' . $pivot['id'] . '/' . $currentEvent . '"></a>';
|
||||
}
|
||||
$data[] = '<a class="' . $pivotType . '" href="/events/view/' . $pivot['id'] . '/1/' . $currentEvent . '" title="' . $pivot['info'] . ' (' . $pivot['date'] . ')">' . $text . '</a>';
|
||||
$data[] = '<a class="' . $pivotType . '" href="/events/view/' . $pivot['id'] . '/1/' . $currentEvent . '" title="' . h($pivot['info']) . ' (' . $pivot['date'] . ')">' . h($text) . '</a>';
|
||||
$data[] = '</span>';
|
||||
if (!empty($pivot['children'])) {
|
||||
foreach ($pivot['children'] as $k => $v) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue