mirror of https://github.com/MISP/MISP
Merge branch 'master' into feature/sg
Conflicts: VERSION.json app/Controller/ShadowAttributesController.php app/Lib/Tools/JSONConverterTool.php app/Lib/Tools/XMLConverterTool.php app/Model/User.php app/View/Elements/eventattribute.ctppull/762/head
commit
ef1d3949e7
57
AUTHORS
57
AUTHORS
|
@ -1,23 +1,44 @@
|
||||||
|
Developers
|
||||||
|
----------
|
||||||
|
|
||||||
Developers:
|
* Christophe Vandeplas <christophe@vandeplas.com> (original author)
|
||||||
Christophe Vandeplas <christophe@vandeplas.com> (creator)
|
* Andras Iklody <andras.iklody@gmail.com> (lead developer)
|
||||||
Andras Iklody <andras.iklody@gmail.com> (main developer)
|
|
||||||
Andrzej Dereszowski <deresz@gmail.com>
|
Contributors
|
||||||
|
------------
|
||||||
|
|
||||||
|
Aaron Kaplan
|
||||||
|
Alexander J
|
||||||
|
Alexandre Dulaunoy
|
||||||
|
Alexandru Ciobanu
|
||||||
|
Andras Iklody
|
||||||
|
Andrzej Dereszowski
|
||||||
|
Bâkır Emre
|
||||||
|
Chris Clark
|
||||||
|
Christophe Vandeplas
|
||||||
|
David André
|
||||||
|
Guilherme Capilé
|
||||||
|
Gábor Molnár
|
||||||
|
Iglocska
|
||||||
|
Koen Van Impe
|
||||||
|
L. Aaron Kaplan
|
||||||
|
Noud de Brouwer
|
||||||
|
Raphaël Vinot
|
||||||
|
Richard van den Berg
|
||||||
|
nullprobe
|
||||||
|
remg427
|
||||||
|
|
||||||
|
Copyright (C) 2012 Christophe Vandeplas
|
||||||
|
Copyright (C) 2012 Belgian Defence
|
||||||
|
Copyright (C) 2012 NATO / NCIRC
|
||||||
|
Copyright (C) 2013-2015 Andras Iklody
|
||||||
|
Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg
|
||||||
|
|
||||||
|
MISP is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
||||||
|
|
||||||
|
|
||||||
Contributions from: (incomplete list, contact us to add your name)
|
History
|
||||||
CERT-EU http://cert.europa.eu/
|
=======
|
||||||
CIRCL http://circl.lu
|
|
||||||
|
|
||||||
Copyright Christophe Vandeplas
|
|
||||||
Copyright Belgian Defence
|
|
||||||
Copyright NATO / NCIRC
|
|
||||||
Copyright Andras Iklody
|
|
||||||
|
|
||||||
This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
|
||||||
|
|
||||||
|
|
||||||
A little bit of history:
|
|
||||||
|
|
||||||
This project started around June 2011 when Christophe Vandeplas had a frustration that way to many IOCs were shared by email, or in pdf documents and were not parseable by automatic machines. So at home he started to play around with CakePHP and made a proof of concept of his idea. He called it CyDefSIG: Cyber Defence Signatures.
|
This project started around June 2011 when Christophe Vandeplas had a frustration that way to many IOCs were shared by email, or in pdf documents and were not parseable by automatic machines. So at home he started to play around with CakePHP and made a proof of concept of his idea. He called it CyDefSIG: Cyber Defence Signatures.
|
||||||
|
|
||||||
|
@ -35,5 +56,5 @@ In January 2013 Andras Iklody became the main full-time developer of MISP, durin
|
||||||
|
|
||||||
Meanwhile other organisations started to adopt the software and promoted it around the CERT world. (CERT-EU, CIRCL, and many others ...)
|
Meanwhile other organisations started to adopt the software and promoted it around the CERT world. (CERT-EU, CIRCL, and many others ...)
|
||||||
|
|
||||||
...
|
Nowadays, Andras Iklody is the lead developer of the MISP project and works for CIRCL.
|
||||||
|
|
||||||
|
|
|
@ -27,14 +27,7 @@
|
||||||
id="metadata346"><rdf:RDF><cc:Work
|
id="metadata346"><rdf:RDF><cc:Work
|
||||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Database</dc:title><cc:license
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Database</dc:title><cc:license
|
||||||
rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/" /><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator></cc:Work><cc:License
|
rdf:resource="http://www.gnu.org/licenses/agpl-3.0.en.html" /><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator></cc:Work></rdf:RDF></metadata><defs
|
||||||
rdf:about="http://creativecommons.org/licenses/by-sa/3.0/"><cc:permits
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Reproduction" /><cc:permits
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Distribution" /><cc:requires
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Notice" /><cc:requires
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Attribution" /><cc:permits
|
|
||||||
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" /><cc:requires
|
|
||||||
rdf:resource="http://creativecommons.org/ns#ShareAlike" /></cc:License></rdf:RDF></metadata><defs
|
|
||||||
id="defs344"><inkscape:perspective
|
id="defs344"><inkscape:perspective
|
||||||
sodipodi:type="inkscape:persp3d"
|
sodipodi:type="inkscape:persp3d"
|
||||||
inkscape:vp_x="0 : 269.8 : 1"
|
inkscape:vp_x="0 : 269.8 : 1"
|
||||||
|
@ -147,11 +140,11 @@
|
||||||
inkscape:pageopacity="0"
|
inkscape:pageopacity="0"
|
||||||
inkscape:pageshadow="2"
|
inkscape:pageshadow="2"
|
||||||
inkscape:window-width="1503"
|
inkscape:window-width="1503"
|
||||||
inkscape:window-height="1314"
|
inkscape:window-height="848"
|
||||||
id="namedview342"
|
id="namedview342"
|
||||||
showgrid="false"
|
showgrid="false"
|
||||||
inkscape:zoom="1.7582312"
|
inkscape:zoom="1.7582312"
|
||||||
inkscape:cx="308.17494"
|
inkscape:cx="208.64309"
|
||||||
inkscape:cy="269.8"
|
inkscape:cy="269.8"
|
||||||
inkscape:window-x="65"
|
inkscape:window-x="65"
|
||||||
inkscape:window-y="24"
|
inkscape:window-y="24"
|
||||||
|
|
Before Width: | Height: | Size: 38 KiB After Width: | Height: | Size: 37 KiB |
|
@ -27,14 +27,7 @@
|
||||||
id="metadata264"><rdf:RDF><cc:Work
|
id="metadata264"><rdf:RDF><cc:Work
|
||||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Community overview</dc:title><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator><cc:license
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title>MISP Community overview</dc:title><dc:creator><cc:Agent><dc:title>Alexandre Dulaunoy</dc:title></cc:Agent></dc:creator><cc:license
|
||||||
rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/" /></cc:Work><cc:License
|
rdf:resource="http://www.gnu.org/licenses/agpl-3.0.en.html" /></cc:Work></rdf:RDF></metadata><defs
|
||||||
rdf:about="http://creativecommons.org/licenses/by-sa/3.0/"><cc:permits
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Reproduction" /><cc:permits
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Distribution" /><cc:requires
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Notice" /><cc:requires
|
|
||||||
rdf:resource="http://creativecommons.org/ns#Attribution" /><cc:permits
|
|
||||||
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" /><cc:requires
|
|
||||||
rdf:resource="http://creativecommons.org/ns#ShareAlike" /></cc:License></rdf:RDF></metadata><defs
|
|
||||||
id="defs262" /><sodipodi:namedview
|
id="defs262" /><sodipodi:namedview
|
||||||
pagecolor="#ffffff"
|
pagecolor="#ffffff"
|
||||||
bordercolor="#666666"
|
bordercolor="#666666"
|
||||||
|
@ -44,14 +37,14 @@
|
||||||
guidetolerance="10"
|
guidetolerance="10"
|
||||||
inkscape:pageopacity="0"
|
inkscape:pageopacity="0"
|
||||||
inkscape:pageshadow="2"
|
inkscape:pageshadow="2"
|
||||||
inkscape:window-width="2495"
|
inkscape:window-width="1600"
|
||||||
inkscape:window-height="1416"
|
inkscape:window-height="876"
|
||||||
id="namedview260"
|
id="namedview260"
|
||||||
showgrid="false"
|
showgrid="false"
|
||||||
inkscape:zoom="2.0149341"
|
inkscape:zoom="2.0149341"
|
||||||
inkscape:cx="291.40203"
|
inkscape:cx="204.55055"
|
||||||
inkscape:cy="281.43763"
|
inkscape:cy="281.43763"
|
||||||
inkscape:window-x="65"
|
inkscape:window-x="0"
|
||||||
inkscape:window-y="24"
|
inkscape:window-y="24"
|
||||||
inkscape:window-maximized="1"
|
inkscape:window-maximized="1"
|
||||||
inkscape:current-layer="svg2" /><g
|
inkscape:current-layer="svg2" /><g
|
||||||
|
|
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 26 KiB |
|
@ -54,4 +54,10 @@ License
|
||||||
|
|
||||||
This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
||||||
|
|
||||||
Copyright (c) 2012, 2013 Christophe Vandeplas, Belgian Defence, NATO / NCIRC.
|
* Copyright (C) 2012 Christophe Vandeplas
|
||||||
|
* Copyright (C) 2012 Belgian Defence
|
||||||
|
* Copyright (C) 2012 NATO / NCIRC
|
||||||
|
* Copyright (C) 2013-2015 Andras Iklody
|
||||||
|
* Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg
|
||||||
|
|
||||||
|
For more information, [the list of authors and contributors](AUTHORS) is available.
|
||||||
|
|
|
@ -2282,4 +2282,22 @@ class AttributesController extends AppController {
|
||||||
$this->Session->setFlash('Removed ' . count($orphans) . ' attribute(s).');
|
$this->Session->setFlash('Removed ' . count($orphans) . ' attribute(s).');
|
||||||
$this->redirect('/pages/display/administration');
|
$this->redirect('/pages/display/administration');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function arcsight() {
|
||||||
|
if (!$this->userRole['perm_auth']) throw new MethodNotAllowedException('This functionality requires API key access.');
|
||||||
|
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||||
|
$simpleFalse = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to');
|
||||||
|
foreach ($simpleFalse as $sF) {
|
||||||
|
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||||
|
}
|
||||||
|
if ($key!=null && $key!='download') {
|
||||||
|
$user = $this->checkAuthUser($key);
|
||||||
|
} else {
|
||||||
|
if (!$this->Auth->user()) throw new UnauthorizedException('You are not authorized. Please send the Authorization header with your auth key along with an Accept header for application/xml.');
|
||||||
|
$user = $this->checkAuthUser($this->Auth->user('authkey'));
|
||||||
|
}
|
||||||
|
if ($this->request->is('post')) {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -416,7 +416,6 @@ class ShadowAttributesController extends AppController {
|
||||||
// combobox for distribution
|
// combobox for distribution
|
||||||
$count = 0;
|
$count = 0;
|
||||||
|
|
||||||
$this->set('attrDescriptions', $this->ShadowAttribute->fieldDescriptions);
|
|
||||||
$this->set('typeDefinitions', $this->ShadowAttribute->typeDefinitions);
|
$this->set('typeDefinitions', $this->ShadowAttribute->typeDefinitions);
|
||||||
$this->set('categoryDefinitions', $this->ShadowAttribute->categoryDefinitions);
|
$this->set('categoryDefinitions', $this->ShadowAttribute->categoryDefinitions);
|
||||||
}
|
}
|
||||||
|
@ -424,24 +423,37 @@ class ShadowAttributesController extends AppController {
|
||||||
public function download($id = null) {
|
public function download($id = null) {
|
||||||
$this->ShadowAttribute->id = $id;
|
$this->ShadowAttribute->id = $id;
|
||||||
if (!$this->ShadowAttribute->exists()) {
|
if (!$this->ShadowAttribute->exists()) {
|
||||||
throw new NotFoundException(__('Invalid ShadowAttribute'));
|
throw new NotFoundException(__('Invalid Proposal'));
|
||||||
}
|
}
|
||||||
|
$sa = $this->ShadowAttribute->find('first', array(
|
||||||
|
'recursive' => -1,
|
||||||
|
'contain' => array('Event' => array('fields' => array('Event.org', 'Event.distribution', 'Event.id'))),
|
||||||
|
'conditions' => array('ShadowAttribute.id' => $id)
|
||||||
|
));
|
||||||
|
if (!$this->_isSiteAdmin() &&
|
||||||
|
$this->Auth->user('org') !=
|
||||||
|
$sa['Event']['org'] &&
|
||||||
|
$sa['Event']['distribution'] == 0) {
|
||||||
|
throw new UnauthorizedException('You do not have the permission to view this event.');
|
||||||
|
}
|
||||||
|
$this->__downloadAttachment($sa['ShadowAttribute']);
|
||||||
|
}
|
||||||
|
|
||||||
$this->ShadowAttribute->read();
|
private function __downloadAttachment($shadowAttribute) {
|
||||||
$path = APP . "files" . DS . $this->ShadowAttribute->data['ShadowAttribute']['event_id'] . DS . 'shadow' . DS;
|
$path = "files" . DS . $shadowAttribute['event_id'] . DS . 'shadow' . DS;
|
||||||
$file = $this->ShadowAttribute->data['ShadowAttribute']['id'];
|
$file = $shadowAttribute['id'];
|
||||||
$filename = '';
|
$filename = '';
|
||||||
if ('attachment' == $this->ShadowAttribute->data['ShadowAttribute']['type']) {
|
if ('attachment' == $shadowAttribute['type']) {
|
||||||
$filename = $this->ShadowAttribute->data['ShadowAttribute']['value'];
|
$filename = $shadowAttribute['value'];
|
||||||
$fileExt = pathinfo($filename, PATHINFO_EXTENSION);
|
$fileExt = pathinfo($filename, PATHINFO_EXTENSION);
|
||||||
$filename = substr($filename, 0, strlen($filename) - strlen($fileExt) - 1);
|
$filename = substr($filename, 0, strlen($filename) - strlen($fileExt) - 1);
|
||||||
} elseif ('malware-sample' == $this->ShadowAttribute->data['ShadowAttribute']['type']) {
|
} elseif ('malware-sample' == $shadowAttribute['type']) {
|
||||||
$filenameHash = explode('|', $this->ShadowAttribute->data['ShadowAttribute']['value']);
|
$filenameHash = explode('|', $shadowAttribute['value']);
|
||||||
$filename = $filenameHash[0];
|
$filename = $filenameHash[0];
|
||||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||||
$fileExt = "zip";
|
$fileExt = "zip";
|
||||||
} else {
|
} else {
|
||||||
throw new NotFoundException(__('ShadowAttribute not an attachment or malware-sample'));
|
throw new NotFoundException(__('Proposal not an attachment or malware-sample'));
|
||||||
}
|
}
|
||||||
$this->autoRender = false;
|
$this->autoRender = false;
|
||||||
$this->response->type($fileExt);
|
$this->response->type($fileExt);
|
||||||
|
@ -465,12 +477,13 @@ class ShadowAttributesController extends AppController {
|
||||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||||
}
|
}
|
||||||
if ($this->request->is('post')) {
|
if ($this->request->is('post')) {
|
||||||
|
$temp = $this->_getEventData($this->request->data['ShadowAttribute']['event_id']);
|
||||||
// Check if there were problems with the file upload
|
// Check if there were problems with the file upload
|
||||||
// only keep the last part of the filename, this should prevent directory attacks
|
// only keep the last part of the filename, this should prevent directory attacks
|
||||||
$filename = basename($this->request->data['ShadowAttribute']['value']['name']);
|
$filename = basename($this->request->data['ShadowAttribute']['value']['name']);
|
||||||
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
||||||
if ((isset($this->request->data['ShadowAttribute']['value']['error']) && $this->request->data['ShadowAttribute']['value']['error'] == 0) ||
|
if ((isset($this->request->data['ShadowAttribute']['value']['error']) && $this->request->data['ShadowAttribute']['value']['error'] == 0) ||
|
||||||
(!empty( $this->request->data['ShadowAttribute']['value']['tmp_name']) && $this->request->data['ShadowAttribute']['value']['tmp_name'] != 'none')
|
(!empty( $this->request->data['ShadowAttribute']['value']['tmp_name']) && $this->request->data['ShadowAttribute']['value']['tmp_name'] != 'none')
|
||||||
) {
|
) {
|
||||||
if (!is_uploaded_file($tmpfile->path))
|
if (!is_uploaded_file($tmpfile->path))
|
||||||
throw new InternalErrorException('PHP says file was not uploaded. Are you attacking me?');
|
throw new InternalErrorException('PHP says file was not uploaded. Are you attacking me?');
|
||||||
|
@ -478,90 +491,73 @@ class ShadowAttributesController extends AppController {
|
||||||
$this->Session->setFlash(__('There was a problem to upload the file.', true), 'default', array(), 'error');
|
$this->Session->setFlash(__('There was a problem to upload the file.', true), 'default', array(), 'error');
|
||||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||||
}
|
}
|
||||||
$temp = $this->_getEventData($this->request->data['ShadowAttribute']['event_id']);
|
|
||||||
|
$fails = array();
|
||||||
|
$completeFail = false;
|
||||||
|
|
||||||
|
$filename = basename($this->request->data['ShadowAttribute']['value']['name']);
|
||||||
|
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
||||||
|
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
|
||||||
$event_uuid = $temp['uuid'];
|
$event_uuid = $temp['uuid'];
|
||||||
$event_org = $temp['orgc_id'];
|
$event_org = $temp['orgc_id'];
|
||||||
// save the file-info in the database
|
// save the file-info in the database
|
||||||
$this->ShadowAttribute->create();
|
$this->ShadowAttribute->create();
|
||||||
if ($this->request->data['ShadowAttribute']['malware']) {
|
if ($this->request->data['ShadowAttribute']['malware']) {
|
||||||
$this->request->data['ShadowAttribute']['type'] = "malware-sample";
|
$result = $this->Event->Attribute->handleMaliciousBase64($this->request->data['ShadowAttribute']['event_id'], $filename, base64_encode($tmpfile->read()), array_keys($hashes));
|
||||||
// Validate filename
|
if (!$result['success']) {
|
||||||
if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
|
$this->Session->setFlash(__('There was a problem to upload the file.', true), 'default', array(), 'error');
|
||||||
$this->request->data['ShadowAttribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
|
|
||||||
$this->request->data['ShadowAttribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
|
|
||||||
} else {
|
|
||||||
$this->request->data['ShadowAttribute']['type'] = "attachment";
|
|
||||||
// Validate filename
|
|
||||||
if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
|
|
||||||
$this->request->data['ShadowAttribute']['value'] = $filename;
|
|
||||||
$this->request->data['ShadowAttribute']['to_ids'] = 0;
|
|
||||||
}
|
|
||||||
$this->request->data['ShadowAttribute']['uuid'] = $this->{$Model->alias}->generateUuid();
|
|
||||||
$this->request->data['ShadowAttribute']['batch_import'] = 0;
|
|
||||||
$this->request->data['ShadowAttribute']['email'] = $this->Auth->user('email');
|
|
||||||
$this->request->data['ShadowAttribute']['org_id'] = $this->Auth->user('org_id');
|
|
||||||
$this->request->data['ShadowAttribute']['event_uuid'] = $event_uuid;
|
|
||||||
$this->request->data['ShadowAttribute']['event_org_id'] = $event_org;
|
|
||||||
$this->ShadowAttribute->save($this->request->data);
|
|
||||||
|
|
||||||
// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
|
|
||||||
// no sanitization is required on the filename, path or type as we save
|
|
||||||
// create directory structure
|
|
||||||
if (PHP_OS == 'WINNT') {
|
|
||||||
$rootDir = APP . "files" . DS . $this->request->data['ShadowAttribute']['event_id'] . DS . "shadow";
|
|
||||||
} else {
|
|
||||||
$rootDir = APP . DS . "files" . DS . $this->request->data['ShadowAttribute']['event_id'] . DS . "shadow";
|
|
||||||
}
|
|
||||||
$dir = new Folder($rootDir, true);
|
|
||||||
// move the file to the correct location
|
|
||||||
$destpath = $rootDir . DS . $this->ShadowAttribute->id; // id of the new ShadowAttribute in the database
|
|
||||||
$file = new File ($destpath);
|
|
||||||
$zipfile = new File ($destpath . '.zip');
|
|
||||||
$fileInZip = new File($rootDir . DS . $filename); // FIXME do sanitization of the filename
|
|
||||||
|
|
||||||
if ($file->exists() || $zipfile->exists() || $fileInZip->exists()) {
|
|
||||||
// this should never happen as the ShadowAttribute id should be unique
|
|
||||||
$this->Session->setFlash(__('Attachment with this name already exist in this event.', true), 'default', array(), 'error');
|
|
||||||
// remove the entry from the database
|
|
||||||
$this->ShadowAttribute->delete();
|
|
||||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
|
||||||
}
|
|
||||||
if (!move_uploaded_file($tmpfile->path, $file->path)) {
|
|
||||||
$this->Session->setFlash(__('Problem with uploading attachment. Cannot move it to its final location.', true), 'default', array(), 'error');
|
|
||||||
// remove the entry from the database
|
|
||||||
$this->ShadowAttribute->delete();
|
|
||||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
|
||||||
}
|
|
||||||
|
|
||||||
// zip and password protect the malware files
|
|
||||||
if ($this->request->data['ShadowAttribute']['malware']) {
|
|
||||||
// TODO check if CakePHP has no easy/safe wrapper to execute commands
|
|
||||||
$execRetval = '';
|
|
||||||
$execOutput = array();
|
|
||||||
rename($file->path, $fileInZip->path); // TODO check if no workaround exists for the current filtering mechanisms
|
|
||||||
if (PHP_OS == 'WINNT') {
|
|
||||||
exec("zip -j -P infected " . $zipfile->path . ' "' . $fileInZip->path . '"', $execOutput, $execRetval);
|
|
||||||
} else {
|
|
||||||
exec("zip -j -P infected " . $zipfile->path . ' "' . addslashes($fileInZip->path) . '"', $execOutput, $execRetval);
|
|
||||||
}
|
|
||||||
if ($execRetval != 0) { // not EXIT_SUCCESS
|
|
||||||
$this->Session->setFlash(__('Problem with zipping the attachment. Please report to administrator. ' . $execOutput, true), 'default', array(), 'error');
|
|
||||||
// remove the entry from the database
|
|
||||||
$this->ShadowAttribute->delete();
|
|
||||||
$fileInZip->delete();
|
|
||||||
$file->delete();
|
|
||||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||||
};
|
}
|
||||||
$fileInZip->delete(); // delete the original not-zipped-file
|
foreach ($hashes as $hash => $typeName) {
|
||||||
rename($zipfile->path, $file->path); // rename the .zip to .nothing
|
if (!$result[$hash]) continue;
|
||||||
|
$shadowAttribute = array(
|
||||||
|
'ShadowAttribute' => array(
|
||||||
|
'value' => $filename . '|' . $result[$hash],
|
||||||
|
'category' => $this->request->data['ShadowAttribute']['category'],
|
||||||
|
'type' => $typeName,
|
||||||
|
'event_id' => $this->request->data['ShadowAttribute']['event_id'],
|
||||||
|
'to_ids' => 1,
|
||||||
|
'email' => $this->Auth->user('email'),
|
||||||
|
'org_id' => $this->Auth->user('org_id'),
|
||||||
|
'event_uuid' => $event_uuid,
|
||||||
|
'event_org_id' => $event_org,
|
||||||
|
)
|
||||||
|
);
|
||||||
|
if ($hash == 'md5') $shadowAttribute['ShadowAttribute']['data'] = $result['data'];
|
||||||
|
$this->ShadowAttribute->create();
|
||||||
|
$r = $this->ShadowAttribute->save($shadowAttribute);
|
||||||
|
if ($r == false) $fails[] = array($typeName);
|
||||||
|
if (count($fails) == count($hashes)) $completeFail = true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$shadowAttribute = array(
|
||||||
|
'ShadowAttribute' => array(
|
||||||
|
'value' => $filename,
|
||||||
|
'category' => $this->request->data['ShadowAttribute']['category'],
|
||||||
|
'type' => 'attachment',
|
||||||
|
'event_id' => $this->request->data['ShadowAttribute']['event_id'],
|
||||||
|
'data' => base64_encode($tmpfile->read()),
|
||||||
|
'to_ids' => 0,
|
||||||
|
'email' => $this->Auth->user('email'),
|
||||||
|
'org_id' => $this->Auth->user('org_id'),
|
||||||
|
'event_uuid' => $event_uuid,
|
||||||
|
'event_org_id' => $event_org,
|
||||||
|
)
|
||||||
|
);
|
||||||
|
$this->ShadowAttribute->create();
|
||||||
|
$r = $this->ShadowAttribute->save($shadowAttribute);
|
||||||
|
if ($r == false) {
|
||||||
|
$fails[] = array('attachment');
|
||||||
|
$completeFail = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$completeFail) {
|
||||||
|
if (!$this->__sendProposalAlertEmail($eventId)) $emailResult = " but sending out the alert e-mails has failed for at least one recipient.";
|
||||||
|
if (empty($fails)) $this->Session->setFlash(__('The attachment has been uploaded'));
|
||||||
|
else $this->Session->setFlash(__('The attachment has been uploaded, but some of the proposals could not be created. The failed proposals are: ' . implode(', ', $fails)));
|
||||||
|
} else {
|
||||||
|
$this->Session->setFlash(__('The attachment could not be saved, please contact your administrator.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
// everything is done, now redirect to event view
|
|
||||||
|
|
||||||
$emailResult = "";
|
|
||||||
if (!$this->__sendProposalAlertEmail($eventId)) $emailResult = " but sending out the alert e-mails has failed for at least one recipient.";
|
|
||||||
|
|
||||||
$this->Session->setFlash(__('The attachment has been uploaded' . $emailResult));
|
|
||||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -570,7 +566,8 @@ class ShadowAttributesController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
// combobox for categories
|
// combobox for categories
|
||||||
$categories = $this->ShadowAttribute->validate['category']['rule'][1];
|
$categories = array_keys($this->ShadowAttribute->Event->Attribute->categoryDefinitions);
|
||||||
|
$categories = $this->_arrayToValuesIndexArray($categories);
|
||||||
// just get them with attachments..
|
// just get them with attachments..
|
||||||
$selectedCategories = array();
|
$selectedCategories = array();
|
||||||
foreach ($categories as $category) {
|
foreach ($categories as $category) {
|
||||||
|
|
|
@ -24,6 +24,8 @@ class JSONConverterTool {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($event['RelatedAttribute'])) $event['Event']['RelatedAttribute'] = $event['RelatedAttribute'];
|
||||||
|
else $event['Event']['RelatedAttribute'] = array();
|
||||||
//
|
//
|
||||||
// cleanup the array from things we do not want to expose
|
// cleanup the array from things we do not want to expose
|
||||||
//
|
//
|
||||||
|
@ -40,8 +42,11 @@ class JSONConverterTool {
|
||||||
foreach ($event['Event']['Attribute'] as $key => $value) {
|
foreach ($event['Event']['Attribute'] as $key => $value) {
|
||||||
unset($event['Event']['Attribute'][$key]['value1']);
|
unset($event['Event']['Attribute'][$key]['value1']);
|
||||||
unset($event['Event']['Attribute'][$key]['value2']);
|
unset($event['Event']['Attribute'][$key]['value2']);
|
||||||
|
unset($event['Event']['Attribute'][$key]['category_order']);
|
||||||
|
if (isset($event['Event']['RelatedAttribute'][$value['id']])) $event['Event']['Attribute'][$key]['RelatedAttribute'] = $event['Event']['RelatedAttribute'][$value['id']];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
unset($event['Event']['RelatedAttribute']);
|
||||||
|
|
||||||
if (isset($event['Event']['RelatedEvent'])) {
|
if (isset($event['Event']['RelatedEvent'])) {
|
||||||
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
|
||||||
|
|
|
@ -60,6 +60,17 @@ class XMLConverterTool {
|
||||||
|
|
||||||
$event['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['info']);
|
$event['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['info']);
|
||||||
$event['Event']['info'] = str_replace($toEscape, $escapeWith, $event['Event']['info']);
|
$event['Event']['info'] = str_replace($toEscape, $escapeWith, $event['Event']['info']);
|
||||||
|
if (isset($event['RelatedAttribute'])) {
|
||||||
|
$event['Event']['RelatedAttribute'] = $event['RelatedAttribute'];
|
||||||
|
unset($event['RelatedAttribute']);
|
||||||
|
}
|
||||||
|
else $event['Event']['RelatedAttribute'] = array();
|
||||||
|
foreach ($event['Event']['RelatedAttribute'] as &$attribute_w_relation) {
|
||||||
|
foreach ($attribute_w_relation as &$relation) {
|
||||||
|
$relation['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $relation['info']);
|
||||||
|
$relation['info'] = str_replace($toEscape, $escapeWith, $relation['info']);
|
||||||
|
}
|
||||||
|
}
|
||||||
//
|
//
|
||||||
// cleanup the array from things we do not want to expose
|
// cleanup the array from things we do not want to expose
|
||||||
//
|
//
|
||||||
|
@ -77,6 +88,7 @@ class XMLConverterTool {
|
||||||
$event['Event']['Attribute'][$key]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['comment']);
|
$event['Event']['Attribute'][$key]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['comment']);
|
||||||
$event['Event']['Attribute'][$key]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['comment']);
|
$event['Event']['Attribute'][$key]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['comment']);
|
||||||
unset($event['Event']['Attribute'][$key]['value1'], $event['Event']['Attribute'][$key]['value2'], $event['Event']['Attribute'][$key]['category_order']);
|
unset($event['Event']['Attribute'][$key]['value1'], $event['Event']['Attribute'][$key]['value2'], $event['Event']['Attribute'][$key]['category_order']);
|
||||||
|
if (isset($event['Event']['RelatedAttribute'][$value['id']])) $event['Event']['Attribute'][$key]['RelatedAttribute'] = $event['Event']['RelatedAttribute'][$value['id']];
|
||||||
if (isset($event['Event']['Attribute'][$key]['ShadowAttribute'])) {
|
if (isset($event['Event']['Attribute'][$key]['ShadowAttribute'])) {
|
||||||
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
|
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
|
||||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
||||||
|
@ -103,6 +115,7 @@ class XMLConverterTool {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
unset($event['Event']['RelatedAttribute']);
|
||||||
|
|
||||||
if (isset($event['Event']['ShadowAttribute'])) {
|
if (isset($event['Event']['ShadowAttribute'])) {
|
||||||
// remove invalid utf8 characters for the xml parser
|
// remove invalid utf8 characters for the xml parser
|
||||||
|
|
|
@ -1774,9 +1774,13 @@ class Attribute extends AppModel {
|
||||||
// The zip archive is then passed back as a base64 encoded string along with the md5 hash and a flag whether the transaction was successful
|
// The zip archive is then passed back as a base64 encoded string along with the md5 hash and a flag whether the transaction was successful
|
||||||
// The archive is password protected using the "infected" password
|
// The archive is password protected using the "infected" password
|
||||||
// The contents of the archive will be the actual sample, named <md5> and the original filename in a text file named <md5>.filename.txt
|
// The contents of the archive will be the actual sample, named <md5> and the original filename in a text file named <md5>.filename.txt
|
||||||
public function handleMaliciousBase64($event_id, $original_filename, $base64, $hash_types) {
|
public function handleMaliciousBase64($event_id, $original_filename, $base64, $hash_types, $proposal = false) {
|
||||||
if (!is_numeric($event_id)) throw new Exception('Something went wrong. Received a non numeric event ID while trying to create a zip archive of an uploaded malware sample.');
|
if (!is_numeric($event_id)) throw new Exception('Something went wrong. Received a non numeric event ID while trying to create a zip archive of an uploaded malware sample.');
|
||||||
$dir = new Folder(APP . "files" . DS . $event_id, true);
|
if ($proposal) {
|
||||||
|
$dir = new Folder(APP . "files" . DS . $event_id . DS . 'shadow', true);
|
||||||
|
} else {
|
||||||
|
$dir = new Folder(APP . "files" . DS . $event_id, true);
|
||||||
|
}
|
||||||
$tmpFile = new File($dir->path . DS . $this->generateRandomFileName(), true, 0600);
|
$tmpFile = new File($dir->path . DS . $this->generateRandomFileName(), true, 0600);
|
||||||
$tmpFile->write(base64_decode($base64));
|
$tmpFile->write(base64_decode($base64));
|
||||||
$hashes = array();
|
$hashes = array();
|
||||||
|
|
|
@ -1840,7 +1840,10 @@ class Server extends AppModel {
|
||||||
$this->ResqueStatus = new ResqueStatus\ResqueStatus(Resque::redis());
|
$this->ResqueStatus = new ResqueStatus\ResqueStatus(Resque::redis());
|
||||||
$workers = $this->ResqueStatus->getWorkers();
|
$workers = $this->ResqueStatus->getWorkers();
|
||||||
$this->Log = ClassRegistry::init('Log');
|
$this->Log = ClassRegistry::init('Log');
|
||||||
$currentUser = get_current_user();
|
if (function_exists('posix_getpwuid')) {
|
||||||
|
$currentUser = posix_getpwuid(posix_geteuid());
|
||||||
|
$currentUser = $currentUser['name'];
|
||||||
|
} else $currentUser = trim(shell_exec('whoami'));
|
||||||
foreach ($workers as $pid => $worker) {
|
foreach ($workers as $pid => $worker) {
|
||||||
if (!is_numeric($pid)) throw new MethodNotAllowedException('Non numeric PID found!');
|
if (!is_numeric($pid)) throw new MethodNotAllowedException('Non numeric PID found!');
|
||||||
$pidTest = substr_count(trim(shell_exec('ps -p ' . $pid)), PHP_EOL) > 0 ? true : false;
|
$pidTest = substr_count(trim(shell_exec('ps -p ' . $pid)), PHP_EOL) > 0 ? true : false;
|
||||||
|
|
|
@ -200,7 +200,6 @@ class ShadowAttribute extends AppModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function afterSave($created, $options = array()) {
|
public function afterSave($created, $options = array()) {
|
||||||
|
|
||||||
$result = true;
|
$result = true;
|
||||||
// if the 'data' field is set on the $this->data then save the data to the correct file
|
// if the 'data' field is set on the $this->data then save the data to the correct file
|
||||||
if (isset($this->data['ShadowAttribute']['type']) && $this->typeIsAttachment($this->data['ShadowAttribute']['type']) && !empty($this->data['ShadowAttribute']['data'])) {
|
if (isset($this->data['ShadowAttribute']['type']) && $this->typeIsAttachment($this->data['ShadowAttribute']['type']) && !empty($this->data['ShadowAttribute']['data'])) {
|
||||||
|
@ -310,7 +309,7 @@ class ShadowAttribute extends AppModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function saveBase64EncodedAttachment($attribute) {
|
public function saveBase64EncodedAttachment($attribute) {
|
||||||
$rootDir = APP . DS . "files" . DS . 'shadow' . DS . $attribute['event_id'];
|
$rootDir = APP . DS . "files" . DS . $attribute['event_id'] . DS . 'shadow';
|
||||||
$dir = new Folder($rootDir, true); // create directory structure
|
$dir = new Folder($rootDir, true); // create directory structure
|
||||||
$destpath = $rootDir . DS . $attribute['id'];
|
$destpath = $rootDir . DS . $attribute['id'];
|
||||||
$file = new File ($destpath, true); // create the file
|
$file = new File ($destpath, true); // create the file
|
||||||
|
|
|
@ -167,7 +167,7 @@
|
||||||
</td>
|
</td>
|
||||||
<td class="showspaces <?php echo $extra; ?> limitedWidth">
|
<td class="showspaces <?php echo $extra; ?> limitedWidth">
|
||||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_placeholder'; ?>" class = "inline-field-placeholder"></div>
|
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_placeholder'; ?>" class = "inline-field-placeholder"></div>
|
||||||
<?php if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ): ?>
|
<?php if ('attachment' == $object['objectType'] || 'malware-sample' == $object['objectType'] ): ?>
|
||||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid">
|
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid">
|
||||||
<?php else: ?>
|
<?php else: ?>
|
||||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid" ondblclick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'value', <?php echo $event['Event']['id'];?>);">
|
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid" ondblclick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'value', <?php echo $event['Event']['id'];?>);">
|
||||||
|
|
|
@ -96,7 +96,6 @@ $('#ShadowAttributeTypeDiv').hide();
|
||||||
$('#ShadowAttributeCategoryDiv').hide();
|
$('#ShadowAttributeCategoryDiv').hide();
|
||||||
$('#ShadowAttributeType').prop('disabled', true);
|
$('#ShadowAttributeType').prop('disabled', true);
|
||||||
|
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
<?php echo $this->Js->writeBuffer(); // Write cached scripts
|
<?php echo $this->Js->writeBuffer(); // Write cached scripts
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue