mirror of https://github.com/MISP/MISP
fix: [objects:edit] Added *_seen validation and error reporting
parent
04a5d2a31f
commit
eb9b60032e
|
@ -286,6 +286,12 @@ class ObjectsController extends AppController
|
|||
$result = $this->MispObject->saveObject($object, $eventId, $template, $this->Auth->user(), $errorBehaviour = 'halt');
|
||||
if (is_numeric($result)) {
|
||||
$this->MispObject->Event->unpublishEvent($eventId);
|
||||
} else {
|
||||
$object_validation_errors = array();
|
||||
foreach($result as $field => $field_errors) {
|
||||
$object_validation_errors[] = sprintf('%s: %s', $field, implode(', ', $field_errors));
|
||||
}
|
||||
$error = __('Object could not be saved.') . PHP_EOL . implode(PHP_EOL, $object_validation_errors);
|
||||
}
|
||||
} else {
|
||||
$result = false;
|
||||
|
@ -414,6 +420,14 @@ class ObjectsController extends AppController
|
|||
}
|
||||
$objectToSave = $this->MispObject->attributeCleanup($this->request->data);
|
||||
$objectToSave = $this->MispObject->deltaMerge($object, $objectToSave, $onlyAddNewAttribute);
|
||||
$error_message = __('Object could not be saved.');
|
||||
if (!is_numeric($objectToSave)){
|
||||
$object_validation_errors = array();
|
||||
foreach($objectToSave as $field => $field_errors) {
|
||||
$object_validation_errors[] = sprintf('%s: %s', $field, implode(', ', $field_errors));
|
||||
}
|
||||
$error_message = __('Object could not be saved.') . PHP_EOL . implode(PHP_EOL, $object_validation_errors);
|
||||
}
|
||||
// we pre-validate the attributes before we create an object at this point
|
||||
// This allows us to stop the process and return an error (API) or return
|
||||
// to the add form
|
||||
|
@ -428,11 +442,10 @@ class ObjectsController extends AppController
|
|||
$this->MispObject->Event->unpublishEvent($objectToSave['Object']['event_id']);
|
||||
return $this->RestResponse->viewData($objectToSave, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('Objects', 'add', false, $id, $this->response->type());
|
||||
return $this->RestResponse->saveFailResponse('Objects', 'edit', false, $id, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
$message = __('Object attributes saved.');
|
||||
$error_message = __('Object attributes could not be saved.');
|
||||
if ($this->request->is('ajax')) {
|
||||
$this->autoRender = false;
|
||||
if (is_numeric($objectToSave)) {
|
||||
|
|
|
@ -58,10 +58,34 @@ class MispObject extends AppModel
|
|||
'rule' => 'isUnique',
|
||||
'message' => 'The UUID provided is not unique',
|
||||
'required' => 'create'
|
||||
)
|
||||
),
|
||||
),
|
||||
'first_seen' => array(
|
||||
'rule' => array('datetimeOrNull'),
|
||||
'required' => false,
|
||||
'message' => array('Invalid ISO 8601 format')
|
||||
),
|
||||
'last_seen' => array(
|
||||
'rule' => array('datetimeOrNull'),
|
||||
'required' => false,
|
||||
'message' => array('Invalid ISO 8601 format')
|
||||
)
|
||||
);
|
||||
|
||||
// check whether the variable is null or datetime
|
||||
public function datetimeOrNull($fields)
|
||||
{
|
||||
$k = array_keys($fields)[0];
|
||||
$seen = $fields[$k];
|
||||
try {
|
||||
new DateTime($seen);
|
||||
$returnValue = true;
|
||||
} catch (Exception $e) {
|
||||
$returnValue = false;
|
||||
}
|
||||
return $returnValue || is_null($seen);
|
||||
}
|
||||
|
||||
public function afterFind($results, $primary = false)
|
||||
{
|
||||
foreach ($results as $k => $v) {
|
||||
|
@ -633,7 +657,10 @@ class MispObject extends AppModel
|
|||
$forcedSeenOnElements['last_seen'] = $objectToSave['Object']['last_seen'];
|
||||
}
|
||||
$object = $this->syncObjectAndAttributeSeen($object, $forcedSeenOnElements, false);
|
||||
$this->save($object);
|
||||
$saveResult = $this->save($object);
|
||||
if ($saveResult === false) {
|
||||
return $this->validationErrors;
|
||||
}
|
||||
|
||||
if (!$onlyAddNewAttribute) {
|
||||
$checkFields = array('category', 'value', 'to_ids', 'distribution', 'sharing_group_id', 'comment', 'disable_correlation', 'first_seen', 'last_seen');
|
||||
|
|
Loading…
Reference in New Issue