chg: [internal] Move ssdeep validation to specific method

2021-10-28 10:49:23 +02:00 · 2021-10-28 10:49:23 +02:00 · ed1e8f50fa
parent 8c5f9da085
commit ed1e8f50fa
2 changed files with 52 additions and 20 deletions
--- a/app/Lib/Tools/AttributeValidationTool.php
+++ b/app/Lib/Tools/AttributeValidationTool.php
@ -225,6 +225,8 @@ class AttributeValidationTool
    }

    /**
+     * Validate if value is valid for given attribute type.
+     * At this point, we can be sure, that composite type is really composite.
     * @param string $type
     * @param string $value
     * @return bool|string
@ -272,11 +274,8 @@ class AttributeValidationTool
                }
                return __('The input doesn\'t match the expected sha1 format (expected: 40 hexadecimal characters). Keep in mind that MISP currently only supports SHA1 for PEhashes, if you would like to get the support extended to other hash types, make sure to create a github ticket about it at https://github.com/MISP/MISP!');
            case 'ssdeep':
-                if (substr_count($value, ':') === 2) {
-                    $parts = explode(':', $value);
-                    if (self::isPositiveInteger($parts[0])) {
-                        return true;
-                    }
+                if (self::isSsdeep($value)) {
+                    return true;
                }
                return __('Invalid SSDeep hash. The format has to be blocksize:hash:hash');
            case 'impfuzzy':
@ -324,19 +323,11 @@ class AttributeValidationTool
                }
                return __('Checksum has an invalid length or format (expected: filename|%s hexadecimal characters). Please double check the value or select type "other".', $length);
            case 'filename|ssdeep':
-                if (substr_count($value, '|') != 1 || !preg_match("#^.+\|.+$#", $value)) {
-                    return __('Invalid composite type. The format has to be %s.', $type);
-                } else {
-                    $composite = explode('|', $value);
-                    $value = $composite[1];
-                    if (substr_count($value, ':') == 2) {
-                        $parts = explode(':', $value);
-                        if (self::isPositiveInteger($parts[0])) {
-                            return true;
-                        }
-                    }
+                $composite = explode('|', $value);
+                if (self::isSsdeep($composite[1])) {
+                    return true;
                }
-                return __('Invalid SSDeep hash (expected: blocksize:hash:hash).');
+                return __('Invalid ssdeep hash (expected: blocksize:hash:hash).');
            case 'filename|tlsh':
                if (preg_match("#^.+\|[0-9a-f]{35,}$#", $value)) {
                    return true;
@ -656,6 +647,19 @@ class AttributeValidationTool
        return (is_int($value) && $value >= 0) || ctype_digit($value);
    }

+    /**
+     * @param $value
+     * @return bool
+     */
+    private static function isSsdeep($value)
+    {
+        $parts = explode(':', $value);
+        if (count($parts) !== 3) {
+            return false;
+        }
+        return self::isPositiveInteger($parts[0]);
+    }
+
    /**
     * @param string $value
     * @return bool
--- a/app/Test/AttributeValidationToolTest.php
+++ b/app/Test/AttributeValidationToolTest.php
@ -33,8 +33,36 @@ class AttributeValidationToolTest extends TestCase

    public function testValidateSshFingerprint(): void
    {
-        $this->assertTrue(AttributeValidationTool::validate('ssh-fingerprint', '7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a'));
-        $this->assertTrue(AttributeValidationTool::validate('ssh-fingerprint', 'MD5:7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a'));
-        $this->assertTrue(AttributeValidationTool::validate('ssh-fingerprint', 'SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE'));
+        $this->shouldBeValid('ssh-fingerprint', [
+            '7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a',
+            'MD5:7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a',
+            'SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE',
+        ]);
+    }
+
+    public function testValidateSsdeep(): void
+    {
+        $this->shouldBeValid('ssdeep', [
+            '96:s4Ud1Lj96tHHlZDrwciQmA+4uy1I0G4HYuL8N3TzS8QsO/wqWXLcMSx:sF1LjEtHHlZDrJzrhuyZvHYm8tKp/RWO',
+            '384:EWo4X1WaPW9ZWhWzLo+lWpct/fWbkWsWIwW0/S7dZhgG8:EWo4X1WmW9ZWhWH/WpchfWgWsWTWtf8',
+            '6144:3wSQSlrBHFjOvwYAU/Fsgi/2WDg5+YaNk5xcHrYw+Zg+XrZsGEREYRGAFU25ttR/:ctM7E0L4q',
+        ]);
+        $this->shouldBeValid('filename|ssdeep', [
+            'ahoj.txt|96:s4Ud1Lj96tHHlZDrwciQmA+4uy1I0G4HYuL8N3TzS8QsO/wqWXLcMSx:sF1LjEtHHlZDrJzrhuyZvHYm8tKp/RWO',
+        ]);
+    }
+
+    private function shouldBeValid($type, array $values)
+    {
+        foreach ($values as $value) {
+            $this->assertTrue(AttributeValidationTool::validate($type, $value));
+        }
+    }
+
+    private function shouldBeInvalid($type, array $values)
+    {
+        foreach ($values as $value) {
+            $this->assertNotTrue(AttributeValidationTool::validate($type, $value));
+        }
    }
 }