mirror of https://github.com/MISP/MISP
chg: [internal] Move ssdeep validation to specific method
parent
8c5f9da085
commit
ed1e8f50fa
|
@ -225,6 +225,8 @@ class AttributeValidationTool
|
|||
}
|
||||
|
||||
/**
|
||||
* Validate if value is valid for given attribute type.
|
||||
* At this point, we can be sure, that composite type is really composite.
|
||||
* @param string $type
|
||||
* @param string $value
|
||||
* @return bool|string
|
||||
|
@ -272,11 +274,8 @@ class AttributeValidationTool
|
|||
}
|
||||
return __('The input doesn\'t match the expected sha1 format (expected: 40 hexadecimal characters). Keep in mind that MISP currently only supports SHA1 for PEhashes, if you would like to get the support extended to other hash types, make sure to create a github ticket about it at https://github.com/MISP/MISP!');
|
||||
case 'ssdeep':
|
||||
if (substr_count($value, ':') === 2) {
|
||||
$parts = explode(':', $value);
|
||||
if (self::isPositiveInteger($parts[0])) {
|
||||
return true;
|
||||
}
|
||||
if (self::isSsdeep($value)) {
|
||||
return true;
|
||||
}
|
||||
return __('Invalid SSDeep hash. The format has to be blocksize:hash:hash');
|
||||
case 'impfuzzy':
|
||||
|
@ -324,19 +323,11 @@ class AttributeValidationTool
|
|||
}
|
||||
return __('Checksum has an invalid length or format (expected: filename|%s hexadecimal characters). Please double check the value or select type "other".', $length);
|
||||
case 'filename|ssdeep':
|
||||
if (substr_count($value, '|') != 1 || !preg_match("#^.+\|.+$#", $value)) {
|
||||
return __('Invalid composite type. The format has to be %s.', $type);
|
||||
} else {
|
||||
$composite = explode('|', $value);
|
||||
$value = $composite[1];
|
||||
if (substr_count($value, ':') == 2) {
|
||||
$parts = explode(':', $value);
|
||||
if (self::isPositiveInteger($parts[0])) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
$composite = explode('|', $value);
|
||||
if (self::isSsdeep($composite[1])) {
|
||||
return true;
|
||||
}
|
||||
return __('Invalid SSDeep hash (expected: blocksize:hash:hash).');
|
||||
return __('Invalid ssdeep hash (expected: blocksize:hash:hash).');
|
||||
case 'filename|tlsh':
|
||||
if (preg_match("#^.+\|[0-9a-f]{35,}$#", $value)) {
|
||||
return true;
|
||||
|
@ -656,6 +647,19 @@ class AttributeValidationTool
|
|||
return (is_int($value) && $value >= 0) || ctype_digit($value);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $value
|
||||
* @return bool
|
||||
*/
|
||||
private static function isSsdeep($value)
|
||||
{
|
||||
$parts = explode(':', $value);
|
||||
if (count($parts) !== 3) {
|
||||
return false;
|
||||
}
|
||||
return self::isPositiveInteger($parts[0]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $value
|
||||
* @return bool
|
||||
|
|
|
@ -33,8 +33,36 @@ class AttributeValidationToolTest extends TestCase
|
|||
|
||||
public function testValidateSshFingerprint(): void
|
||||
{
|
||||
$this->assertTrue(AttributeValidationTool::validate('ssh-fingerprint', '7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a'));
|
||||
$this->assertTrue(AttributeValidationTool::validate('ssh-fingerprint', 'MD5:7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a'));
|
||||
$this->assertTrue(AttributeValidationTool::validate('ssh-fingerprint', 'SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE'));
|
||||
$this->shouldBeValid('ssh-fingerprint', [
|
||||
'7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a',
|
||||
'MD5:7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a',
|
||||
'SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE',
|
||||
]);
|
||||
}
|
||||
|
||||
public function testValidateSsdeep(): void
|
||||
{
|
||||
$this->shouldBeValid('ssdeep', [
|
||||
'96:s4Ud1Lj96tHHlZDrwciQmA+4uy1I0G4HYuL8N3TzS8QsO/wqWXLcMSx:sF1LjEtHHlZDrJzrhuyZvHYm8tKp/RWO',
|
||||
'384:EWo4X1WaPW9ZWhWzLo+lWpct/fWbkWsWIwW0/S7dZhgG8:EWo4X1WmW9ZWhWH/WpchfWgWsWTWtf8',
|
||||
'6144:3wSQSlrBHFjOvwYAU/Fsgi/2WDg5+YaNk5xcHrYw+Zg+XrZsGEREYRGAFU25ttR/:ctM7E0L4q',
|
||||
]);
|
||||
$this->shouldBeValid('filename|ssdeep', [
|
||||
'ahoj.txt|96:s4Ud1Lj96tHHlZDrwciQmA+4uy1I0G4HYuL8N3TzS8QsO/wqWXLcMSx:sF1LjEtHHlZDrJzrhuyZvHYm8tKp/RWO',
|
||||
]);
|
||||
}
|
||||
|
||||
private function shouldBeValid($type, array $values)
|
||||
{
|
||||
foreach ($values as $value) {
|
||||
$this->assertTrue(AttributeValidationTool::validate($type, $value));
|
||||
}
|
||||
}
|
||||
|
||||
private function shouldBeInvalid($type, array $values)
|
||||
{
|
||||
foreach ($values as $value) {
|
||||
$this->assertNotTrue(AttributeValidationTool::validate($type, $value));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue