MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8086 from JakubOnderka/event-report-name-required 

chg: [internal] Event report name is required
pull/8099/head
Jakub Onderka 2022-01-10 21:42:19 +01:00 committed by GitHub
parent 1e956aea1a a5eba0a619
commit ee6f35f26c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/Controller/EventReportsController.php
View File

@ -45,7 +45,7 @@ class EventReportsController extends AppController
$errors = $this->EventReport->addReport($this->Auth->user(), $report, $eventId);
$redirectTarget = array('controller' => 'events', 'action' => 'view', $eventId);
if (!empty($errors)) {
return $this->__getFailResponseBasedOnContext($errors, array(), 'add', $this->EventReport->id, $redirectTarget);
return $this->__getFailResponseBasedOnContext($errors, null, 'add', $this->EventReport->id, $redirectTarget);
} else {
$successMessage = __('Report saved.');
$report = $this->EventReport->simpleFetchById($this->Auth->user(), $this->EventReport->id);
@ -440,10 +440,10 @@ class EventReportsController extends AppController
$message = implode(', ', $message);
}
if ($this->_isRest()) {
if (!is_null($data)) {
if ($data !== null) {
return $this->RestResponse->viewData($data, $this->response->type());
} else {
return $this->RestResponse->saveFailResponse('EventReport', $action, $id, $message, false);
return $this->RestResponse->saveFailResponse('EventReport', $action, $id, $message);
}
} elseif ($this->request->is('ajax')) {
return $this->RestResponse->saveFailResponse('EventReport', $action, $id, $message, false, $data);
@ -451,7 +451,6 @@ class EventReportsController extends AppController
$this->Flash->error($message);
$this->redirect($this->referer());
}
return;
}
private function __injectIndexVariablesToViewContext($filters)
@ -519,9 +518,8 @@ class EventReportsController extends AppController
if (!isset($newReport['EventReport'])) {
$newReport = array('EventReport' => $newReport);
}
$fieldList = $this->EventReport->captureFields;
$ignoreFieldList = ['id', 'uuid', 'event_id', 'deleted'];
foreach ($fieldList as $field) {
foreach (EventReport::CAPTURE_FIELDS as $field) {
if (!in_array($field, $ignoreFieldList) && isset($newReport['EventReport'][$field])) {
$savedReport['EventReport'][$field] = $newReport['EventReport'][$field];
}

48
app/Model/EventReport.php
View File

@ -34,14 +34,18 @@ class EventReport extends AppModel
'on' => 'create'
)
),
'name' => [
'rule' => 'notBlank',
'required' => true,
],
'distribution' => array(
'rule' => array('inList', array('0', '1', '2', '3', '4', '5')),
'message' => 'Options: Your organisation only, This community only, Connected communities, All communities, Sharing group, Inherit event',
'required' => true
)
),
);
public $captureFields = array('uuid', 'name', 'content', 'distribution', 'sharing_group_id', 'timestamp', 'deleted', 'event_id');
const CAPTURE_FIELDS = array('uuid', 'name', 'content', 'distribution', 'sharing_group_id', 'timestamp', 'deleted', 'event_id');
public $defaultContain = array(
'SharingGroup' => array('fields' => array('id', 'name', 'uuid')),
'Event' => array(
@ -64,39 +68,39 @@ class EventReport extends AppModel
public function beforeValidate($options = array())
{
parent::beforeValidate();
// generate UUID if it doesn't exist
if (empty($this->data['EventReport']['uuid'])) {
$this->data['EventReport']['uuid'] = CakeText::uuid();
$eventReport = &$this->data['EventReport'];
if (empty($eventReport['uuid'])) {
// generate UUID if it doesn't exist
$eventReport['uuid'] = CakeText::uuid();
} else {
$this->data['EventReport']['uuid'] = strtolower($this->data['EventReport']['uuid']);
$eventReport['uuid'] = strtolower($eventReport['uuid']);
}
// generate timestamp if it doesn't exist
if (empty($this->data['EventReport']['timestamp'])) {
$date = new DateTime();
$this->data['EventReport']['timestamp'] = $date->getTimestamp();
if (empty($eventReport['timestamp'])) {
$eventReport['timestamp'] = time();
}
if ($this->data['EventReport']['distribution'] != 4) {
$this->data['EventReport']['sharing_group_id'] = 0;
if ($eventReport['distribution'] != 4) {
$eventReport['sharing_group_id'] = 0;
}
// Set defaults for when some of the mandatory fields don't have defaults
// These fields all have sane defaults either based on another field, or due to server settings
if (!isset($this->data['EventReport']['distribution'])) {
$this->data['EventReport']['distribution'] = $this->Event->Attribute->defaultDistribution();
if (!isset($eventReport['distribution'])) {
$eventReport['distribution'] = $this->Event->Attribute->defaultDistribution();
}
return true;
}
/**
* captureReport Gets a report then save it
*
* @param array $user
* @param array $report
* @param int|string $eventId
* @param array $user
* @param array $report
* @param int $eventId
* @return array Any errors preventing the capture
* @throws Exception
*/
public function captureReport(array $user, array $report, $eventId)
{
$this->Log = ClassRegistry::init('Log');
if (!isset($report['EventReport'])) {
$report = ['EventReport' => $report];
}
@ -106,10 +110,10 @@ class EventReport extends AppModel
}
$report = $this->captureSG($user, $report);
$this->create();
$errors = $this->saveAndReturnErrors($report, ['fieldList' => $this->captureFields]);
$errors = $this->saveAndReturnErrors($report, ['fieldList' => self::CAPTURE_FIELDS]);
if (!empty($errors)) {
$this->Log->createLogEntry($user, 'add', 'EventReport', 0,
__('Event Report dropped due to validation for Event report %s failed: %s', $report['EventReport']['uuid'], ' failed: ' . $report['EventReport']['name']),
$this->loadLog()->createLogEntry($user, 'add', 'EventReport', 0,
__('Event Report dropped due to validation for Event report %s failed: %s', $this->data['EventReport']['uuid'], $this->data['EventReport']['name']),
__('Validation errors: %s.%sFull report: %s', json_encode($errors), PHP_EOL, json_encode($report['EventReport']))
);
}
@ -176,7 +180,7 @@ class EventReport extends AppModel
} else {
unset($report['EventReport']['timestamp']);
}
$errors = $this->saveAndReturnErrors($report, ['fieldList' => $this->captureFields], $errors);
$errors = $this->saveAndReturnErrors($report, ['fieldList' => self::CAPTURE_FIELDS], $errors);
if (empty($errors)) {
$this->Event->unpublishEvent($eventId);
}

16
tests/testlive_comprehensive_local.py
View File

@ -11,7 +11,7 @@ logging.disable(logging.CRITICAL)
logger = logging.getLogger('pymisp')
from pymisp import PyMISP, MISPOrganisation, MISPUser, MISPRole, MISPSharingGroup, MISPEvent, MISPLog, MISPSighting, Distribution, ThreatLevel, Analysis
from pymisp import PyMISP, MISPOrganisation, MISPUser, MISPRole, MISPSharingGroup, MISPEvent, MISPLog, MISPSighting, Distribution, ThreatLevel, Analysis, MISPEventReport
# Load access information for env variables
url = "http://" + os.environ["HOST"]
@ -587,6 +587,20 @@ class TestComprehensive(unittest.TestCase):
check_response(self.admin_misp_connector.delete_event(event))
def test_event_report_empty_name(self):
event = create_simple_event()
new_event_report = MISPEventReport()
new_event_report.name = ""
new_event_report.content = "# Example report markdown"
new_event_report.distribution = 5 # Inherit
try:
event = check_response(self.user_misp_connector.add_event(event))
new_event_report = self.user_misp_connector.add_event_report(event.id, new_event_report)
self.assertIn("errors", new_event_report)
finally:
self.user_misp_connector.delete_event(event)
def _search(self, query: dict):
response = self.admin_misp_connector._prepare_request('POST', 'events/restSearch', data=query)
response = self.admin_misp_connector._check_response(response)