mirror of https://github.com/MISP/MISP
Merge branch 'master' into feature/sg
Conflicts: VERSION.json app/Controller/ShadowAttributesController.php app/Lib/Tools/JSONConverterTool.php app/Lib/Tools/XMLConverterTool.php app/Model/User.php app/View/Elements/eventattribute.ctppull/762/head
iglocska
commit
ef1d3949e7
55
AUTHORS
55
AUTHORS
|
|
@ -1,28 +1,49 @@
|
|||
Developers
|
||||
----------
|
||||
|
||||
Developers:
|
||||
Christophe Vandeplas <christophe@vandeplas.com> (creator)
|
||||
Andras Iklody <andras.iklody@gmail.com> (main developer)
|
||||
Andrzej Dereszowski <deresz@gmail.com>
|
||||
|
||||
* Christophe Vandeplas <christophe@vandeplas.com> (original author)
|
||||
* Andras Iklody <andras.iklody@gmail.com> (lead developer)
|
||||
|
||||
Contributions from: (incomplete list, contact us to add your name)
|
||||
CERT-EU http://cert.europa.eu/
|
||||
CIRCL http://circl.lu
|
||||
Contributors
|
||||
------------
|
||||
|
||||
Copyright Christophe Vandeplas
|
||||
Copyright Belgian Defence
|
||||
Copyright NATO / NCIRC
|
||||
Copyright Andras Iklody
|
||||
Aaron Kaplan
|
||||
Alexander J
|
||||
Alexandre Dulaunoy
|
||||
Alexandru Ciobanu
|
||||
Andras Iklody
|
||||
Andrzej Dereszowski
|
||||
Bâkır Emre
|
||||
Chris Clark
|
||||
Christophe Vandeplas
|
||||
David André
|
||||
Guilherme Capilé
|
||||
Gábor Molnár
|
||||
Iglocska
|
||||
Koen Van Impe
|
||||
L. Aaron Kaplan
|
||||
Noud de Brouwer
|
||||
Raphaël Vinot
|
||||
Richard van den Berg
|
||||
nullprobe
|
||||
remg427
|
||||
|
||||
This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
||||
Copyright (C) 2012 Christophe Vandeplas
|
||||
Copyright (C) 2012 Belgian Defence
|
||||
Copyright (C) 2012 NATO / NCIRC
|
||||
Copyright (C) 2013-2015 Andras Iklody
|
||||
Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg
|
||||
|
||||
MISP is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
||||
|
||||
|
||||
A little bit of history:
|
||||
History
|
||||
=======
|
||||
|
||||
This project started around June 2011 when Christophe Vandeplas had a frustration that way to many IOCs were shared by email, or in pdf documents and were not parseable by automatic machines. So at home he started to play around with CakePHP and made a proof of concept of his idea. He called it CyDefSIG: Cyber Defence Signatures.
|
||||
|
||||
Mid July 2011 he presented his personal project at work (Belgian Defence) where the feedback was rather positive. After giving access to CyDefSIG running on his personal server the Belgian Defence started to use CyDefSIG officially starting mid August 2011.
|
||||
Christophe was then allowed to spend some time on CyDefSIG during his work-hours, while still working on it at home.
|
||||
Christophe was then allowed to spend some time on CyDefSIG during his work-hours, while still working on it at home.
|
||||
|
||||
At some point NATO heard about this project. On January 2012 a first presentation was done to introduce them in more depth to the project. They looked at other products that the marked offered, but it seemed they deemed the openness of CyDefSIG to be of a great advantage. Andrzej Dereszowski was the first part-time developer from NATO side.
|
||||
|
||||
|
|
@ -31,9 +52,9 @@ As with many personal projects the license was not explicitely written yet, it w
|
|||
|
||||
The project was then renamed to MISP: Malware Information Sharing Project, a name invented by Alex Vandurme from NATO.
|
||||
|
||||
In January 2013 Andras Iklody became the main full-time developer of MISP, during the day hired by NATO and during the evening and week-end contributor to an open source project.
|
||||
In January 2013 Andras Iklody became the main full-time developer of MISP, during the day hired by NATO and during the evening and week-end contributor to an open source project.
|
||||
|
||||
Meanwhile other organisations started to adopt the software and promoted it around the CERT world. (CERT-EU, CIRCL, and many others ...)
|
||||
|
||||
...
|
||||
Nowadays, Andras Iklody is the lead developer of the MISP project and works for CIRCL.
|
||||
|
||||
|
|
|
|||
|
|
@ -27,14 +27,7 @@
|
|||
id="metadata346"><rdf:RDF><cc:Work
|
||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Database</dc:title><cc:license
|
||||
rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/" /><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator></cc:Work><cc:License
|
||||
rdf:about="http://creativecommons.org/licenses/by-sa/3.0/"><cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#Reproduction" /><cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#Distribution" /><cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#Notice" /><cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#Attribution" /><cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" /><cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#ShareAlike" /></cc:License></rdf:RDF></metadata><defs
|
||||
rdf:resource="http://www.gnu.org/licenses/agpl-3.0.en.html" /><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator></cc:Work></rdf:RDF></metadata><defs
|
||||
id="defs344"><inkscape:perspective
|
||||
sodipodi:type="inkscape:persp3d"
|
||||
inkscape:vp_x="0 : 269.8 : 1"
|
||||
|
|
@ -147,11 +140,11 @@
|
|||
inkscape:pageopacity="0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:window-width="1503"
|
||||
inkscape:window-height="1314"
|
||||
inkscape:window-height="848"
|
||||
id="namedview342"
|
||||
showgrid="false"
|
||||
inkscape:zoom="1.7582312"
|
||||
inkscape:cx="308.17494"
|
||||
inkscape:cx="208.64309"
|
||||
inkscape:cy="269.8"
|
||||
inkscape:window-x="65"
|
||||
inkscape:window-y="24"
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 38 KiB After Width: | Height: | Size: 37 KiB |
|
|
@ -27,14 +27,7 @@
|
|||
id="metadata264"><rdf:RDF><cc:Work
|
||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Community overview</dc:title><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator><cc:license
|
||||
rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/" /></cc:Work><cc:License
|
||||
rdf:about="http://creativecommons.org/licenses/by-sa/3.0/"><cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#Reproduction" /><cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#Distribution" /><cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#Notice" /><cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#Attribution" /><cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" /><cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#ShareAlike" /></cc:License></rdf:RDF></metadata><defs
|
||||
rdf:resource="http://www.gnu.org/licenses/agpl-3.0.en.html" /></cc:Work></rdf:RDF></metadata><defs
|
||||
id="defs262" /><sodipodi:namedview
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
|
|
@ -44,14 +37,14 @@
|
|||
guidetolerance="10"
|
||||
inkscape:pageopacity="0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:window-width="2495"
|
||||
inkscape:window-height="1416"
|
||||
inkscape:window-width="1600"
|
||||
inkscape:window-height="876"
|
||||
id="namedview260"
|
||||
showgrid="false"
|
||||
inkscape:zoom="2.0149341"
|
||||
inkscape:cx="291.40203"
|
||||
inkscape:cx="204.55055"
|
||||
inkscape:cy="281.43763"
|
||||
inkscape:window-x="65"
|
||||
inkscape:window-x="0"
|
||||
inkscape:window-y="24"
|
||||
inkscape:window-maximized="1"
|
||||
inkscape:current-layer="svg2" /><g
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 26 KiB |
|
|
@ -54,4 +54,10 @@ License
|
|||
|
||||
This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
||||
|
||||
Copyright (c) 2012, 2013 Christophe Vandeplas, Belgian Defence, NATO / NCIRC.
|
||||
* Copyright (C) 2012 Christophe Vandeplas
|
||||
* Copyright (C) 2012 Belgian Defence
|
||||
* Copyright (C) 2012 NATO / NCIRC
|
||||
* Copyright (C) 2013-2015 Andras Iklody
|
||||
* Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg
|
||||
|
||||
For more information, [the list of authors and contributors](AUTHORS) is available.
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":4, "hotfix":0}
|
||||
{"major":2, "minor":4, "hotfix":0}
|
||||
|
|
@ -2282,4 +2282,22 @@ class AttributesController extends AppController {
|
|||
$this->Session->setFlash('Removed ' . count($orphans) . ' attribute(s).');
|
||||
$this->redirect('/pages/display/administration');
|
||||
}
|
||||
|
||||
public function arcsight() {
|
||||
if (!$this->userRole['perm_auth']) throw new MethodNotAllowedException('This functionality requires API key access.');
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
$simpleFalse = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to');
|
||||
foreach ($simpleFalse as $sF) {
|
||||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
if ($key!=null && $key!='download') {
|
||||
$user = $this->checkAuthUser($key);
|
||||
} else {
|
||||
if (!$this->Auth->user()) throw new UnauthorizedException('You are not authorized. Please send the Authorization header with your auth key along with an Accept header for application/xml.');
|
||||
$user = $this->checkAuthUser($this->Auth->user('authkey'));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -416,7 +416,6 @@ class ShadowAttributesController extends AppController {
|
|||
// combobox for distribution
|
||||
$count = 0;
|
||||
|
||||
$this->set('attrDescriptions', $this->ShadowAttribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->ShadowAttribute->typeDefinitions);
|
||||
$this->set('categoryDefinitions', $this->ShadowAttribute->categoryDefinitions);
|
||||
}
|
||||
|
|
@ -424,24 +423,37 @@ class ShadowAttributesController extends AppController {
|
|||
public function download($id = null) {
|
||||
$this->ShadowAttribute->id = $id;
|
||||
if (!$this->ShadowAttribute->exists()) {
|
||||
throw new NotFoundException(__('Invalid ShadowAttribute'));
|
||||
throw new NotFoundException(__('Invalid Proposal'));
|
||||
}
|
||||
|
||||
$this->ShadowAttribute->read();
|
||||
$path = APP . "files" . DS . $this->ShadowAttribute->data['ShadowAttribute']['event_id'] . DS . 'shadow' . DS;
|
||||
$file = $this->ShadowAttribute->data['ShadowAttribute']['id'];
|
||||
$sa = $this->ShadowAttribute->find('first', array(
|
||||
'recursive' => -1,
|
||||
'contain' => array('Event' => array('fields' => array('Event.org', 'Event.distribution', 'Event.id'))),
|
||||
'conditions' => array('ShadowAttribute.id' => $id)
|
||||
));
|
||||
if (!$this->_isSiteAdmin() &&
|
||||
$this->Auth->user('org') !=
|
||||
$sa['Event']['org'] &&
|
||||
$sa['Event']['distribution'] == 0) {
|
||||
throw new UnauthorizedException('You do not have the permission to view this event.');
|
||||
}
|
||||
$this->__downloadAttachment($sa['ShadowAttribute']);
|
||||
}
|
||||
|
||||
private function __downloadAttachment($shadowAttribute) {
|
||||
$path = "files" . DS . $shadowAttribute['event_id'] . DS . 'shadow' . DS;
|
||||
$file = $shadowAttribute['id'];
|
||||
$filename = '';
|
||||
if ('attachment' == $this->ShadowAttribute->data['ShadowAttribute']['type']) {
|
||||
$filename = $this->ShadowAttribute->data['ShadowAttribute']['value'];
|
||||
if ('attachment' == $shadowAttribute['type']) {
|
||||
$filename = $shadowAttribute['value'];
|
||||
$fileExt = pathinfo($filename, PATHINFO_EXTENSION);
|
||||
$filename = substr($filename, 0, strlen($filename) - strlen($fileExt) - 1);
|
||||
} elseif ('malware-sample' == $this->ShadowAttribute->data['ShadowAttribute']['type']) {
|
||||
$filenameHash = explode('|', $this->ShadowAttribute->data['ShadowAttribute']['value']);
|
||||
} elseif ('malware-sample' == $shadowAttribute['type']) {
|
||||
$filenameHash = explode('|', $shadowAttribute['value']);
|
||||
$filename = $filenameHash[0];
|
||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||
$fileExt = "zip";
|
||||
} else {
|
||||
throw new NotFoundException(__('ShadowAttribute not an attachment or malware-sample'));
|
||||
throw new NotFoundException(__('Proposal not an attachment or malware-sample'));
|
||||
}
|
||||
$this->autoRender = false;
|
||||
$this->response->type($fileExt);
|
||||
|
|
@ -465,12 +477,13 @@ class ShadowAttributesController extends AppController {
|
|||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
$temp = $this->_getEventData($this->request->data['ShadowAttribute']['event_id']);
|
||||
// Check if there were problems with the file upload
|
||||
// only keep the last part of the filename, this should prevent directory attacks
|
||||
$filename = basename($this->request->data['ShadowAttribute']['value']['name']);
|
||||
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
||||
if ((isset($this->request->data['ShadowAttribute']['value']['error']) && $this->request->data['ShadowAttribute']['value']['error'] == 0) ||
|
||||
(!empty( $this->request->data['ShadowAttribute']['value']['tmp_name']) && $this->request->data['ShadowAttribute']['value']['tmp_name'] != 'none')
|
||||
(!empty( $this->request->data['ShadowAttribute']['value']['tmp_name']) && $this->request->data['ShadowAttribute']['value']['tmp_name'] != 'none')
|
||||
) {
|
||||
if (!is_uploaded_file($tmpfile->path))
|
||||
throw new InternalErrorException('PHP says file was not uploaded. Are you attacking me?');
|
||||
|
|
@ -478,90 +491,73 @@ class ShadowAttributesController extends AppController {
|
|||
$this->Session->setFlash(__('There was a problem to upload the file.', true), 'default', array(), 'error');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||
}
|
||||
$temp = $this->_getEventData($this->request->data['ShadowAttribute']['event_id']);
|
||||
|
||||
$fails = array();
|
||||
$completeFail = false;
|
||||
|
||||
$filename = basename($this->request->data['ShadowAttribute']['value']['name']);
|
||||
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
||||
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
|
||||
$event_uuid = $temp['uuid'];
|
||||
$event_org = $temp['orgc_id'];
|
||||
// save the file-info in the database
|
||||
$this->ShadowAttribute->create();
|
||||
if ($this->request->data['ShadowAttribute']['malware']) {
|
||||
$this->request->data['ShadowAttribute']['type'] = "malware-sample";
|
||||
// Validate filename
|
||||
if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
|
||||
$this->request->data['ShadowAttribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
|
||||
$this->request->data['ShadowAttribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
|
||||
} else {
|
||||
$this->request->data['ShadowAttribute']['type'] = "attachment";
|
||||
// Validate filename
|
||||
if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
|
||||
$this->request->data['ShadowAttribute']['value'] = $filename;
|
||||
$this->request->data['ShadowAttribute']['to_ids'] = 0;
|
||||
}
|
||||
$this->request->data['ShadowAttribute']['uuid'] = $this->{$Model->alias}->generateUuid();
|
||||
$this->request->data['ShadowAttribute']['batch_import'] = 0;
|
||||
$this->request->data['ShadowAttribute']['email'] = $this->Auth->user('email');
|
||||
$this->request->data['ShadowAttribute']['org_id'] = $this->Auth->user('org_id');
|
||||
$this->request->data['ShadowAttribute']['event_uuid'] = $event_uuid;
|
||||
$this->request->data['ShadowAttribute']['event_org_id'] = $event_org;
|
||||
$this->ShadowAttribute->save($this->request->data);
|
||||
|
||||
// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
|
||||
// no sanitization is required on the filename, path or type as we save
|
||||
// create directory structure
|
||||
if (PHP_OS == 'WINNT') {
|
||||
$rootDir = APP . "files" . DS . $this->request->data['ShadowAttribute']['event_id'] . DS . "shadow";
|
||||
} else {
|
||||
$rootDir = APP . DS . "files" . DS . $this->request->data['ShadowAttribute']['event_id'] . DS . "shadow";
|
||||
}
|
||||
$dir = new Folder($rootDir, true);
|
||||
// move the file to the correct location
|
||||
$destpath = $rootDir . DS . $this->ShadowAttribute->id; // id of the new ShadowAttribute in the database
|
||||
$file = new File ($destpath);
|
||||
$zipfile = new File ($destpath . '.zip');
|
||||
$fileInZip = new File($rootDir . DS . $filename); // FIXME do sanitization of the filename
|
||||
|
||||
if ($file->exists() || $zipfile->exists() || $fileInZip->exists()) {
|
||||
// this should never happen as the ShadowAttribute id should be unique
|
||||
$this->Session->setFlash(__('Attachment with this name already exist in this event.', true), 'default', array(), 'error');
|
||||
// remove the entry from the database
|
||||
$this->ShadowAttribute->delete();
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||
}
|
||||
if (!move_uploaded_file($tmpfile->path, $file->path)) {
|
||||
$this->Session->setFlash(__('Problem with uploading attachment. Cannot move it to its final location.', true), 'default', array(), 'error');
|
||||
// remove the entry from the database
|
||||
$this->ShadowAttribute->delete();
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||
}
|
||||
|
||||
// zip and password protect the malware files
|
||||
if ($this->request->data['ShadowAttribute']['malware']) {
|
||||
// TODO check if CakePHP has no easy/safe wrapper to execute commands
|
||||
$execRetval = '';
|
||||
$execOutput = array();
|
||||
rename($file->path, $fileInZip->path); // TODO check if no workaround exists for the current filtering mechanisms
|
||||
if (PHP_OS == 'WINNT') {
|
||||
exec("zip -j -P infected " . $zipfile->path . ' "' . $fileInZip->path . '"', $execOutput, $execRetval);
|
||||
} else {
|
||||
exec("zip -j -P infected " . $zipfile->path . ' "' . addslashes($fileInZip->path) . '"', $execOutput, $execRetval);
|
||||
}
|
||||
if ($execRetval != 0) { // not EXIT_SUCCESS
|
||||
$this->Session->setFlash(__('Problem with zipping the attachment. Please report to administrator. ' . $execOutput, true), 'default', array(), 'error');
|
||||
// remove the entry from the database
|
||||
$this->ShadowAttribute->delete();
|
||||
$fileInZip->delete();
|
||||
$file->delete();
|
||||
$result = $this->Event->Attribute->handleMaliciousBase64($this->request->data['ShadowAttribute']['event_id'], $filename, base64_encode($tmpfile->read()), array_keys($hashes));
|
||||
if (!$result['success']) {
|
||||
$this->Session->setFlash(__('There was a problem to upload the file.', true), 'default', array(), 'error');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||
};
|
||||
$fileInZip->delete(); // delete the original not-zipped-file
|
||||
rename($zipfile->path, $file->path); // rename the .zip to .nothing
|
||||
}
|
||||
foreach ($hashes as $hash => $typeName) {
|
||||
if (!$result[$hash]) continue;
|
||||
$shadowAttribute = array(
|
||||
'ShadowAttribute' => array(
|
||||
'value' => $filename . '|' . $result[$hash],
|
||||
'category' => $this->request->data['ShadowAttribute']['category'],
|
||||
'type' => $typeName,
|
||||
'event_id' => $this->request->data['ShadowAttribute']['event_id'],
|
||||
'to_ids' => 1,
|
||||
'email' => $this->Auth->user('email'),
|
||||
'org_id' => $this->Auth->user('org_id'),
|
||||
'event_uuid' => $event_uuid,
|
||||
'event_org_id' => $event_org,
|
||||
)
|
||||
);
|
||||
if ($hash == 'md5') $shadowAttribute['ShadowAttribute']['data'] = $result['data'];
|
||||
$this->ShadowAttribute->create();
|
||||
$r = $this->ShadowAttribute->save($shadowAttribute);
|
||||
if ($r == false) $fails[] = array($typeName);
|
||||
if (count($fails) == count($hashes)) $completeFail = true;
|
||||
}
|
||||
} else {
|
||||
$shadowAttribute = array(
|
||||
'ShadowAttribute' => array(
|
||||
'value' => $filename,
|
||||
'category' => $this->request->data['ShadowAttribute']['category'],
|
||||
'type' => 'attachment',
|
||||
'event_id' => $this->request->data['ShadowAttribute']['event_id'],
|
||||
'data' => base64_encode($tmpfile->read()),
|
||||
'to_ids' => 0,
|
||||
'email' => $this->Auth->user('email'),
|
||||
'org_id' => $this->Auth->user('org_id'),
|
||||
'event_uuid' => $event_uuid,
|
||||
'event_org_id' => $event_org,
|
||||
)
|
||||
);
|
||||
$this->ShadowAttribute->create();
|
||||
$r = $this->ShadowAttribute->save($shadowAttribute);
|
||||
if ($r == false) {
|
||||
$fails[] = array('attachment');
|
||||
$completeFail = true;
|
||||
}
|
||||
}
|
||||
if (!$completeFail) {
|
||||
if (!$this->__sendProposalAlertEmail($eventId)) $emailResult = " but sending out the alert e-mails has failed for at least one recipient.";
|
||||
if (empty($fails)) $this->Session->setFlash(__('The attachment has been uploaded'));
|
||||
else $this->Session->setFlash(__('The attachment has been uploaded, but some of the proposals could not be created. The failed proposals are: ' . implode(', ', $fails)));
|
||||
} else {
|
||||
$this->Session->setFlash(__('The attachment could not be saved, please contact your administrator.'));
|
||||
}
|
||||
|
||||
// everything is done, now redirect to event view
|
||||
|
||||
$emailResult = "";
|
||||
if (!$this->__sendProposalAlertEmail($eventId)) $emailResult = " but sending out the alert e-mails has failed for at least one recipient.";
|
||||
|
||||
$this->Session->setFlash(__('The attachment has been uploaded' . $emailResult));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||
|
||||
} else {
|
||||
|
|
@ -570,7 +566,8 @@ class ShadowAttributesController extends AppController {
|
|||
}
|
||||
|
||||
// combobox for categories
|
||||
$categories = $this->ShadowAttribute->validate['category']['rule'][1];
|
||||
$categories = array_keys($this->ShadowAttribute->Event->Attribute->categoryDefinitions);
|
||||
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||
// just get them with attachments..
|
||||
$selectedCategories = array();
|
||||
foreach ($categories as $category) {
|
||||
|
|
|
|||
|
|
@ -23,7 +23,9 @@ class JSONConverterTool {
|
|||
$event['Event']['Tag'][$k] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (isset($event['RelatedAttribute'])) $event['Event']['RelatedAttribute'] = $event['RelatedAttribute'];
|
||||
else $event['Event']['RelatedAttribute'] = array();
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
|
|
@ -40,9 +42,12 @@ class JSONConverterTool {
|
|||
foreach ($event['Event']['Attribute'] as $key => $value) {
|
||||
unset($event['Event']['Attribute'][$key]['value1']);
|
||||
unset($event['Event']['Attribute'][$key]['value2']);
|
||||
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||
if (isset($event['Event']['RelatedAttribute'][$value['id']])) $event['Event']['Attribute'][$key]['RelatedAttribute'] = $event['Event']['RelatedAttribute'][$value['id']];
|
||||
}
|
||||
}
|
||||
|
||||
unset($event['Event']['RelatedAttribute']);
|
||||
|
||||
if (isset($event['Event']['RelatedEvent'])) {
|
||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||
$temp = $value['Event'];
|
||||
|
|
|
|||
|
|
@ -60,6 +60,17 @@ class XMLConverterTool {
|
|||
|
||||
$event['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['info']);
|
||||
$event['Event']['info'] = str_replace($toEscape, $escapeWith, $event['Event']['info']);
|
||||
if (isset($event['RelatedAttribute'])) {
|
||||
$event['Event']['RelatedAttribute'] = $event['RelatedAttribute'];
|
||||
unset($event['RelatedAttribute']);
|
||||
}
|
||||
else $event['Event']['RelatedAttribute'] = array();
|
||||
foreach ($event['Event']['RelatedAttribute'] as &$attribute_w_relation) {
|
||||
foreach ($attribute_w_relation as &$relation) {
|
||||
$relation['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $relation['info']);
|
||||
$relation['info'] = str_replace($toEscape, $escapeWith, $relation['info']);
|
||||
}
|
||||
}
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
|
|
@ -77,6 +88,7 @@ class XMLConverterTool {
|
|||
$event['Event']['Attribute'][$key]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['comment']);
|
||||
$event['Event']['Attribute'][$key]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['comment']);
|
||||
unset($event['Event']['Attribute'][$key]['value1'], $event['Event']['Attribute'][$key]['value2'], $event['Event']['Attribute'][$key]['category_order']);
|
||||
if (isset($event['Event']['RelatedAttribute'][$value['id']])) $event['Event']['Attribute'][$key]['RelatedAttribute'] = $event['Event']['RelatedAttribute'][$value['id']];
|
||||
if (isset($event['Event']['Attribute'][$key]['ShadowAttribute'])) {
|
||||
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
||||
|
|
@ -103,6 +115,7 @@ class XMLConverterTool {
|
|||
}
|
||||
}
|
||||
}
|
||||
unset($event['Event']['RelatedAttribute']);
|
||||
|
||||
if (isset($event['Event']['ShadowAttribute'])) {
|
||||
// remove invalid utf8 characters for the xml parser
|
||||
|
|
|
|||
|
|
@ -1774,9 +1774,13 @@ class Attribute extends AppModel {
|
|||
// The zip archive is then passed back as a base64 encoded string along with the md5 hash and a flag whether the transaction was successful
|
||||
// The archive is password protected using the "infected" password
|
||||
// The contents of the archive will be the actual sample, named <md5> and the original filename in a text file named <md5>.filename.txt
|
||||
public function handleMaliciousBase64($event_id, $original_filename, $base64, $hash_types) {
|
||||
public function handleMaliciousBase64($event_id, $original_filename, $base64, $hash_types, $proposal = false) {
|
||||
if (!is_numeric($event_id)) throw new Exception('Something went wrong. Received a non numeric event ID while trying to create a zip archive of an uploaded malware sample.');
|
||||
$dir = new Folder(APP . "files" . DS . $event_id, true);
|
||||
if ($proposal) {
|
||||
$dir = new Folder(APP . "files" . DS . $event_id . DS . 'shadow', true);
|
||||
} else {
|
||||
$dir = new Folder(APP . "files" . DS . $event_id, true);
|
||||
}
|
||||
$tmpFile = new File($dir->path . DS . $this->generateRandomFileName(), true, 0600);
|
||||
$tmpFile->write(base64_decode($base64));
|
||||
$hashes = array();
|
||||
|
|
|
|||
|
|
@ -1840,7 +1840,10 @@ class Server extends AppModel {
|
|||
$this->ResqueStatus = new ResqueStatus\ResqueStatus(Resque::redis());
|
||||
$workers = $this->ResqueStatus->getWorkers();
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$currentUser = get_current_user();
|
||||
if (function_exists('posix_getpwuid')) {
|
||||
$currentUser = posix_getpwuid(posix_geteuid());
|
||||
$currentUser = $currentUser['name'];
|
||||
} else $currentUser = trim(shell_exec('whoami'));
|
||||
foreach ($workers as $pid => $worker) {
|
||||
if (!is_numeric($pid)) throw new MethodNotAllowedException('Non numeric PID found!');
|
||||
$pidTest = substr_count(trim(shell_exec('ps -p ' . $pid)), PHP_EOL) > 0 ? true : false;
|
||||
|
|
|
|||
|
|
@ -200,7 +200,6 @@ class ShadowAttribute extends AppModel {
|
|||
}
|
||||
|
||||
public function afterSave($created, $options = array()) {
|
||||
|
||||
$result = true;
|
||||
// if the 'data' field is set on the $this->data then save the data to the correct file
|
||||
if (isset($this->data['ShadowAttribute']['type']) && $this->typeIsAttachment($this->data['ShadowAttribute']['type']) && !empty($this->data['ShadowAttribute']['data'])) {
|
||||
|
|
@ -310,7 +309,7 @@ class ShadowAttribute extends AppModel {
|
|||
}
|
||||
|
||||
public function saveBase64EncodedAttachment($attribute) {
|
||||
$rootDir = APP . DS . "files" . DS . 'shadow' . DS . $attribute['event_id'];
|
||||
$rootDir = APP . DS . "files" . DS . $attribute['event_id'] . DS . 'shadow';
|
||||
$dir = new Folder($rootDir, true); // create directory structure
|
||||
$destpath = $rootDir . DS . $attribute['id'];
|
||||
$file = new File ($destpath, true); // create the file
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@
|
|||
</td>
|
||||
<td class="showspaces <?php echo $extra; ?> limitedWidth">
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_placeholder'; ?>" class = "inline-field-placeholder"></div>
|
||||
<?php if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ): ?>
|
||||
<?php if ('attachment' == $object['objectType'] || 'malware-sample' == $object['objectType'] ): ?>
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid">
|
||||
<?php else: ?>
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid" ondblclick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'value', <?php echo $event['Event']['id'];?>);">
|
||||
|
|
|
|||
|
|
@ -96,7 +96,6 @@ $('#ShadowAttributeTypeDiv').hide();
|
|||
$('#ShadowAttributeCategoryDiv').hide();
|
||||
$('#ShadowAttributeType').prop('disabled', true);
|
||||
|
||||
|
||||
</script>
|
||||
<?php echo $this->Js->writeBuffer(); // Write cached scripts
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue