mirror of https://github.com/MISP/MISP
Merge pull request #8086 from JakubOnderka/event-report-name-required
chg: [internal] Event report name is requiredpull/8099/head
commit
ee6f35f26c
|
@ -45,7 +45,7 @@ class EventReportsController extends AppController
|
|||
$errors = $this->EventReport->addReport($this->Auth->user(), $report, $eventId);
|
||||
$redirectTarget = array('controller' => 'events', 'action' => 'view', $eventId);
|
||||
if (!empty($errors)) {
|
||||
return $this->__getFailResponseBasedOnContext($errors, array(), 'add', $this->EventReport->id, $redirectTarget);
|
||||
return $this->__getFailResponseBasedOnContext($errors, null, 'add', $this->EventReport->id, $redirectTarget);
|
||||
} else {
|
||||
$successMessage = __('Report saved.');
|
||||
$report = $this->EventReport->simpleFetchById($this->Auth->user(), $this->EventReport->id);
|
||||
|
@ -440,10 +440,10 @@ class EventReportsController extends AppController
|
|||
$message = implode(', ', $message);
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
if (!is_null($data)) {
|
||||
if ($data !== null) {
|
||||
return $this->RestResponse->viewData($data, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('EventReport', $action, $id, $message, false);
|
||||
return $this->RestResponse->saveFailResponse('EventReport', $action, $id, $message);
|
||||
}
|
||||
} elseif ($this->request->is('ajax')) {
|
||||
return $this->RestResponse->saveFailResponse('EventReport', $action, $id, $message, false, $data);
|
||||
|
@ -451,7 +451,6 @@ class EventReportsController extends AppController
|
|||
$this->Flash->error($message);
|
||||
$this->redirect($this->referer());
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
private function __injectIndexVariablesToViewContext($filters)
|
||||
|
@ -519,9 +518,8 @@ class EventReportsController extends AppController
|
|||
if (!isset($newReport['EventReport'])) {
|
||||
$newReport = array('EventReport' => $newReport);
|
||||
}
|
||||
$fieldList = $this->EventReport->captureFields;
|
||||
$ignoreFieldList = ['id', 'uuid', 'event_id', 'deleted'];
|
||||
foreach ($fieldList as $field) {
|
||||
foreach (EventReport::CAPTURE_FIELDS as $field) {
|
||||
if (!in_array($field, $ignoreFieldList) && isset($newReport['EventReport'][$field])) {
|
||||
$savedReport['EventReport'][$field] = $newReport['EventReport'][$field];
|
||||
}
|
||||
|
|
|
@ -34,14 +34,18 @@ class EventReport extends AppModel
|
|||
'on' => 'create'
|
||||
)
|
||||
),
|
||||
'name' => [
|
||||
'rule' => 'notBlank',
|
||||
'required' => true,
|
||||
],
|
||||
'distribution' => array(
|
||||
'rule' => array('inList', array('0', '1', '2', '3', '4', '5')),
|
||||
'message' => 'Options: Your organisation only, This community only, Connected communities, All communities, Sharing group, Inherit event',
|
||||
'required' => true
|
||||
)
|
||||
),
|
||||
);
|
||||
|
||||
public $captureFields = array('uuid', 'name', 'content', 'distribution', 'sharing_group_id', 'timestamp', 'deleted', 'event_id');
|
||||
const CAPTURE_FIELDS = array('uuid', 'name', 'content', 'distribution', 'sharing_group_id', 'timestamp', 'deleted', 'event_id');
|
||||
public $defaultContain = array(
|
||||
'SharingGroup' => array('fields' => array('id', 'name', 'uuid')),
|
||||
'Event' => array(
|
||||
|
@ -64,39 +68,39 @@ class EventReport extends AppModel
|
|||
|
||||
public function beforeValidate($options = array())
|
||||
{
|
||||
parent::beforeValidate();
|
||||
// generate UUID if it doesn't exist
|
||||
if (empty($this->data['EventReport']['uuid'])) {
|
||||
$this->data['EventReport']['uuid'] = CakeText::uuid();
|
||||
$eventReport = &$this->data['EventReport'];
|
||||
if (empty($eventReport['uuid'])) {
|
||||
// generate UUID if it doesn't exist
|
||||
$eventReport['uuid'] = CakeText::uuid();
|
||||
} else {
|
||||
$this->data['EventReport']['uuid'] = strtolower($this->data['EventReport']['uuid']);
|
||||
$eventReport['uuid'] = strtolower($eventReport['uuid']);
|
||||
}
|
||||
// generate timestamp if it doesn't exist
|
||||
if (empty($this->data['EventReport']['timestamp'])) {
|
||||
$date = new DateTime();
|
||||
$this->data['EventReport']['timestamp'] = $date->getTimestamp();
|
||||
if (empty($eventReport['timestamp'])) {
|
||||
$eventReport['timestamp'] = time();
|
||||
}
|
||||
if ($this->data['EventReport']['distribution'] != 4) {
|
||||
$this->data['EventReport']['sharing_group_id'] = 0;
|
||||
if ($eventReport['distribution'] != 4) {
|
||||
$eventReport['sharing_group_id'] = 0;
|
||||
}
|
||||
// Set defaults for when some of the mandatory fields don't have defaults
|
||||
// These fields all have sane defaults either based on another field, or due to server settings
|
||||
if (!isset($this->data['EventReport']['distribution'])) {
|
||||
$this->data['EventReport']['distribution'] = $this->Event->Attribute->defaultDistribution();
|
||||
if (!isset($eventReport['distribution'])) {
|
||||
$eventReport['distribution'] = $this->Event->Attribute->defaultDistribution();
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* captureReport Gets a report then save it
|
||||
*
|
||||
* @param array $user
|
||||
* @param array $report
|
||||
* @param int|string $eventId
|
||||
* @param array $user
|
||||
* @param array $report
|
||||
* @param int $eventId
|
||||
* @return array Any errors preventing the capture
|
||||
* @throws Exception
|
||||
*/
|
||||
public function captureReport(array $user, array $report, $eventId)
|
||||
{
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
if (!isset($report['EventReport'])) {
|
||||
$report = ['EventReport' => $report];
|
||||
}
|
||||
|
@ -106,10 +110,10 @@ class EventReport extends AppModel
|
|||
}
|
||||
$report = $this->captureSG($user, $report);
|
||||
$this->create();
|
||||
$errors = $this->saveAndReturnErrors($report, ['fieldList' => $this->captureFields]);
|
||||
$errors = $this->saveAndReturnErrors($report, ['fieldList' => self::CAPTURE_FIELDS]);
|
||||
if (!empty($errors)) {
|
||||
$this->Log->createLogEntry($user, 'add', 'EventReport', 0,
|
||||
__('Event Report dropped due to validation for Event report %s failed: %s', $report['EventReport']['uuid'], ' failed: ' . $report['EventReport']['name']),
|
||||
$this->loadLog()->createLogEntry($user, 'add', 'EventReport', 0,
|
||||
__('Event Report dropped due to validation for Event report %s failed: %s', $this->data['EventReport']['uuid'], $this->data['EventReport']['name']),
|
||||
__('Validation errors: %s.%sFull report: %s', json_encode($errors), PHP_EOL, json_encode($report['EventReport']))
|
||||
);
|
||||
}
|
||||
|
@ -176,7 +180,7 @@ class EventReport extends AppModel
|
|||
} else {
|
||||
unset($report['EventReport']['timestamp']);
|
||||
}
|
||||
$errors = $this->saveAndReturnErrors($report, ['fieldList' => $this->captureFields], $errors);
|
||||
$errors = $this->saveAndReturnErrors($report, ['fieldList' => self::CAPTURE_FIELDS], $errors);
|
||||
if (empty($errors)) {
|
||||
$this->Event->unpublishEvent($eventId);
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ logging.disable(logging.CRITICAL)
|
|||
logger = logging.getLogger('pymisp')
|
||||
|
||||
|
||||
from pymisp import PyMISP, MISPOrganisation, MISPUser, MISPRole, MISPSharingGroup, MISPEvent, MISPLog, MISPSighting, Distribution, ThreatLevel, Analysis
|
||||
from pymisp import PyMISP, MISPOrganisation, MISPUser, MISPRole, MISPSharingGroup, MISPEvent, MISPLog, MISPSighting, Distribution, ThreatLevel, Analysis, MISPEventReport
|
||||
|
||||
# Load access information for env variables
|
||||
url = "http://" + os.environ["HOST"]
|
||||
|
@ -587,6 +587,20 @@ class TestComprehensive(unittest.TestCase):
|
|||
|
||||
check_response(self.admin_misp_connector.delete_event(event))
|
||||
|
||||
def test_event_report_empty_name(self):
|
||||
event = create_simple_event()
|
||||
new_event_report = MISPEventReport()
|
||||
new_event_report.name = ""
|
||||
new_event_report.content = "# Example report markdown"
|
||||
new_event_report.distribution = 5 # Inherit
|
||||
|
||||
try:
|
||||
event = check_response(self.user_misp_connector.add_event(event))
|
||||
new_event_report = self.user_misp_connector.add_event_report(event.id, new_event_report)
|
||||
self.assertIn("errors", new_event_report)
|
||||
finally:
|
||||
self.user_misp_connector.delete_event(event)
|
||||
|
||||
def _search(self, query: dict):
|
||||
response = self.admin_misp_connector._prepare_request('POST', 'events/restSearch', data=query)
|
||||
response = self.admin_misp_connector._check_response(response)
|
||||
|
|
Loading…
Reference in New Issue