From 4e41b555729f8af7956e5b7e9ff3a2edd46e8099 Mon Sep 17 00:00:00 2001 From: iglocska Date: Sun, 5 Feb 2017 23:48:18 +0100 Subject: [PATCH 01/20] new: First iteration of the improved sightings --- app/Controller/EventsController.php | 4 ++ app/Controller/SightingsController.php | 10 +++- app/Model/AppModel.php | 12 +++- app/Model/Sighting.php | 22 ++++++- app/View/Elements/eventattribute.ctp | 80 ++++++++++++-------------- app/webroot/js/misp2.4.62.js | 3 +- 6 files changed, 83 insertions(+), 48 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 6d05635e1..2ef1bfa0d 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -748,6 +748,8 @@ class EventsController extends AppController { $this->set('attributeFilter', isset($this->params['named']['attributeFilter']) ? $this->params['named']['attributeFilter'] : 'all'); $this->disableCache(); $this->layout = 'ajax'; + $this->loadModel('Sighting'); + $this->set('sightingTypes', $this->Sighting->type); $this->set('currentUri', $this->params->here); $this->render('/Elements/eventattribute'); } @@ -859,6 +861,8 @@ class EventsController extends AppController { } $this->set('contributors', $contributors); $this->set('typeGroups', array_keys($this->Event->Attribute->typeGroupings)); + $this->loadModel('Sighting'); + $this->set('sightingTypes', $this->Sighting->type); } public function view($id = null, $continue=false, $fromEvent=null) { diff --git a/app/Controller/SightingsController.php b/app/Controller/SightingsController.php index b453e4204..80ca45e1f 100644 --- a/app/Controller/SightingsController.php +++ b/app/Controller/SightingsController.php @@ -28,6 +28,8 @@ class SightingsController extends AppController { if ($result['success']) { $result['data'] = json_decode($result['data'], true); $timestamp = isset($result['data']['timestamp']) ? strtotime($result['data']['timestamp']) : $now; + $type = '0'; + $source = ''; if (isset($result['data']['values'])) $values = $result['data']['values']; else $error = 'No valid values found could be extracted from the sightings document.'; } $error = $result['message']; @@ -38,8 +40,10 @@ class SightingsController extends AppController { if (isset($this->request->data['value'])) $this->request->data['values'] = array($this->request->data['value']); $values = isset($this->request->data['values']) ? $this->request->data['values'] : false; if (!$id && isset($this->request->data['id'])) $id = $this->request->data['id']; + $type = isset($this->request->data['type']) ? $this->request->data['type'] : '0'; + $source = isset($this->request->data['type']) ? $this->request->data['type'] : ''; } - if (!$error) $result = $this->Sighting->saveSightings($id, $values, $timestamp, $this->Auth->user()); + if (!$error) $result = $this->Sighting->saveSightings($id, $values, $timestamp, $this->Auth->user(), $type, $source); if ($result == 0) $error = 'No valid attributes found that would match the sighting criteria.'; if ($this->request->is('ajax')) { @@ -47,13 +51,13 @@ class SightingsController extends AppController { $error_message = 'Could not add the Sighting. Reason: ' . $error; return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $error_message)), 'status' => 200)); } else { - return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $result . ' sighting' . (($result == 1) ? '' : 's') . ' added.')), 'status' => 200)); + return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $result . ' ' . $this->Sighting->type[$type] . (($result == 1) ? '' : 's') . ' added.')), 'status' => 200)); } } else { if ($error) { return $this->RestResponse->saveFailResponse('Sighting', 'add', $id, $error); } else { - return $this->RestResponse->saveSuccessResponse('Sighting', 'add', $id, false, $result . ' sighting' . (($result == 1) ? '' : 's') . ' successfuly added.'); + return $this->RestResponse->saveSuccessResponse('Sighting', 'add', $id, false, $result . ' ' . $this->Sighting->type[$type] . (($result == 1) ? '' : 's') . ' successfuly added.'); } } } diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index fe189f585..4decad7bf 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -41,7 +41,7 @@ class AppModel extends Model { 42 => false, 44 => false, 45 => false, 49 => true, 50 => false, 51 => false, 52 => false, 55 => true, 56 => true, 57 => true, 58 => false, 59 => false, 60 => false, 61 => false, 62 => false, - 63 => false + 63 => false, 64 => false ) ) ); @@ -78,6 +78,11 @@ class AppModel extends Model { case '2.4.55': $this->updateDatabase('addSightings'); break; + case '2.4.64': + $this->updateDatabase('2.4.64'); + $this->Sighting = Classregistry::init('Sighting'); + $this->Sighting->addUuids(); + break; default: $this->updateDatabase($command); break; @@ -576,6 +581,11 @@ class AppModel extends Model { $sqlArray[] = 'ALTER TABLE events DROP COLUMN orgc;'; $sqlArray[] = 'ALTER TABLE event_blacklists CHANGE comment comment TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci;'; break; + case '2.4.64': + $sqlArray[] = 'ALTER TABLE sightings ADD COLUMN uuid varchar(255) COLLATE utf8_bin DEFAULT "";'; + $sqlArray[] = 'ALTER TABLE sightings ADD COLUMN source varchar(255) COLLATE utf8_bin DEFAULT "";'; + $sqlArray[] = 'ALTER TABLE sightings ADD COLUMN type int(11) DEFAULT 0;'; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/Model/Sighting.php b/app/Model/Sighting.php index db5b835b3..b6402b253 100644 --- a/app/Model/Sighting.php +++ b/app/Model/Sighting.php @@ -28,12 +28,21 @@ class Sighting extends AppModel { ), ); + public $type = array( + 0 => 'sighting', + 1 => 'false-positive', + 2 => 'expiration' + ); + public function beforeValidate($options = array()) { parent::beforeValidate(); $date = date('Y-m-d H:i:s'); if (empty($this->data['Sighting']['id']) && empty($this->data['Sighting']['date_sighting'])) { $this->data['Sighting']['date_sighting'] = $date; } + if (empty($this->data['Sighting']['uuid'])) { + $this->data['Sighting']['uuid'] = CakeText::uuid(); + } return true; } @@ -81,7 +90,7 @@ class Sighting extends AppModel { return $sightings; } - public function saveSightings($id, $values, $timestamp, $user) { + public function saveSightings($id, $values, $timestamp, $user, $type = false, $source = false) { $conditions = array(); if ($id && $id !== 'stix') { if (strlen($id) == 36) $conditions = array('Attribute.uuid' => $id); @@ -106,6 +115,8 @@ class Sighting extends AppModel { 'event_id' => $attribute['Attribute']['event_id'], 'org_id' => $user['org_id'], 'date_sighting' => $timestamp, + 'type' => $type, + 'source' => $source ); $sightingsAdded += $this->save($sighting) ? 1 : 0; } @@ -139,4 +150,13 @@ class Sighting extends AppModel { public function generateRandomFileName() { return (new RandomTool())->random_str(FALSE, 12); } + + public function addUuids() { + $sightings = $this->find('all', array( + 'recursive' => -1, + 'conditions' => array('uuid' => '') + )); + $this->saveMany($sightings); + return true; + } } diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index a4ecb4368..2a07bc81a 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -15,49 +15,38 @@ $attributeSightings = array(); $attributeOwnSightings = array(); $attributeSightingsPopover = array(); - if (isset($event['Sighting']) && !empty($event['Sighting'])) { + $sightingsData = array(); + if (!empty($event['Sighting'])) { foreach ($event['Sighting'] as $sighting) { - $attributeSightings[$sighting['attribute_id']][] = $sighting; - if (isset($sighting['org_id']) && $sighting['org_id'] == $me['org_id']) { - if (isset($attributeOwnSightings[$sighting['attribute_id']])) { - $attributeOwnSightings[$sighting['attribute_id']]['count']++; - if (!isset($attributeOwnSightings[$sighting['attribute_id']]['date']) || $attributeOwnSightings[$sighting['attribute_id']]['date'] < $sighting['date_sighting']) { - $attributeOwnSightings[$sighting['attribute_id']]['date'] = $sighting['date_sighting']; - } - } else { - $attributeOwnSightings[$sighting['attribute_id']]['count'] = 1; - $attributeOwnSightings[$sighting['attribute_id']]['date'] = $sighting['date_sighting']; - } + $type = $sightingTypes[$sighting['type']]; + if (!isset($sightingsData[$sighting['attribute_id']][$type])) { + $sightingsData[$sighting['attribute_id']][$type] = array('count' => 0); } - if (isset($sighting['org_id'])) { - if (isset($attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']])) { - $attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']]['count']++; - if (!isset($attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']]['date']) || $attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']]['date'] < $sighting['date_sighting']) { - $attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']]['date'] = $sighting['date_sighting']; - } - } else { - $attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']]['count'] = 1; - $attributeSightingsPopover[$sighting['attribute_id']][$sighting['Organisation']['name']]['date'] = $sighting['date_sighting']; - } + $sightingsData[$sighting['attribute_id']][$type]['count']++; + $orgName = isset($sighting['Organisation']['name']) ? $sighting['Organisation']['name'] : 'Others'; + if (!isset($sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName])) { + $sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName] = array('count' => 1, 'date' => $sighting['date_sighting']); } else { - if (isset($attributeSightingsPopover[$sighting['attribute_id']]['Other organisations'])) { - $attributeSightingsPopover[$sighting['attribute_id']]['Other organisations']['count']++; - if (!isset($attributeSightingsPopover[$sighting['attribute_id']]['Other organisations']['date']) || $attributeSightingsPopover[$sighting['attribute_id']]['Other organisations']['date'] < $sighting['date_sighting']) { - $attributeSightingsPopover[$sighting['attribute_id']]['Other organisations']['date'] = $sighting['date_sighting']; - } - } else { - $attributeSightingsPopover[$sighting['attribute_id']]['Other organisations']['count'] = 1; - $attributeSightingsPopover[$sighting['attribute_id']]['Other organisations']['date'] = $sighting['date_sighting']; + $sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName]['count']++; + if ($sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName]['date'] < $sighting['date_sighting']) { + $sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName]['date'] = $sighting['date_sighting']; } } } - if (!empty($attributeSightingsPopover)) { - $attributeSightingsPopoverText = array(); - foreach ($attributeSightingsPopover as $aid => &$attribute) { - $attributeSightingsPopoverText[$aid] = ''; - foreach ($attribute as $org => $data) { - $attributeSightingsPopoverText[$aid] .= '' . h($org) . ': ' . h($data['count']) . ' (' . date('Y-m-d H:i:s', $data['date']) . ')
'; + foreach ($sightingsData as $aid => $data) { + $sightingsData[$aid]['html'] = ''; + foreach ($data as $type => $typeData) { + $name = (($type != 'expiration') ? Inflector::pluralize($type) : $type); + $sightingsData[$aid]['html'] .= '' . ucfirst(h($name)) . '
'; + foreach ($typeData['orgs'] as $org => $orgData) { + $extra = (($org == $me['Organisation']['name']) ? " class= 'bold'" : ""); + if ($type == 'expiration') { + $sightingsData[$aid]['html'] .= '' . h($org) . ': ' . date('Y-m-d H:i:s', $orgData['date']) . '
'; + } else { + $sightingsData[$aid]['html'] .= '' . h($org) . ': ' . h($orgData['count']) . ' (' . date('Y-m-d H:i:s', $orgData['date']) . ')
'; + } } + $sightingsData[$aid]['html'] .= '
'; } } } @@ -452,20 +441,27 @@ endif; if (Configure::read('Plugin.Sightings_enable') !== false): ?> - + Form->create('Sighting', array('id' => 'Sighting_' . $object['id'], 'url' => '/sightings/add/' . $object['id'], 'style' => 'display:none;')); + echo $this->Form->input('type', array('label' => false, 'id' => 'Sighting_' . $object['id'] . '_type')); echo $this->Form->end(); ?> -   - - +   +   +   + + - - + + ' . h($s) . '/' . h($f) . '/' . h($e) . ')'; ?> Date: Mon, 6 Feb 2017 14:08:55 +0100 Subject: [PATCH 02/20] chg: Work on the sightings --- app/Controller/SightingsController.php | 37 ++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/app/Controller/SightingsController.php b/app/Controller/SightingsController.php index 80ca45e1f..7bf0cb832 100644 --- a/app/Controller/SightingsController.php +++ b/app/Controller/SightingsController.php @@ -106,4 +106,41 @@ class SightingsController extends AppController { } return $this->RestResponse->viewData($sightings); } + + public function viewSightings($id, $context = 'attribute') { + $this->loadModel('Event'); + if ($context === 'attribute') { + $object = $this->Event->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => array('Attribute.id' => $id, 'Attribute.deleted' => 0))); + } else { + // let's set the context to event here, since we reuse the variable later on for some additional lookups. + // Passing $context = 'org' could have interesting results otherwise... + $context = 'event'; + $object = $this->Event->fetchEvent($this->Auth->user(), $options = array('eventid' => $id, 'metadata' => true)); + } + if (empty($object)) { + throw new MethodNotAllowedException('Invalid object.'); + } + $results = array(); + $csv = array(); + foreach (array('0', '1') as $type) { + $raw[$type] = $this->Sighting->find('all', array( + 'conditions' => array('Sighting.' . $context . '_id' => $id, 'Sighting.type' => $type), + 'recursive' => -1, + 'contain' => array('Organisation.name') + )); + foreach ($raw[$type] as $sighting) { + $results[$type][date('Y-m-d', $sighting['Sighting']['date_sighting'])][] = $sighting; + } + } + $csv = array('0' => '', '1' => ''); + foreach ($results as $type => $data) { + foreach ($data as $date => $sighting) { + $csv[$type] .= $date . ', ' . count($sighting) . PHP_EOL; + } + } + $this->set('csv', $csv); + $this->set('results', $results); + $this->layout = 'ajax'; + $this->render('ajax/view_sightings'); + } } From 181e81b2153c8634129b737dd5fd3cc512c9f659 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 16 Feb 2017 23:22:11 +0100 Subject: [PATCH 03/20] new: Various fixes to the sightings - sparkline got its own column - delete sightings in the sighting details --- app/View/Elements/eventattribute.ctp | 12 ++++++++---- app/View/Elements/sparkline.ctp | 6 +++--- .../Sightings/ajax/quickDeleteConfirmationForm.ctp | 2 +- app/webroot/js/misp2.4.62.js | 4 ++-- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index 59071f1c4..b5bd0fb85 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -63,8 +63,6 @@ } } } - - unset($sparklineData); foreach ($sightingsData as $aid => $data) { $sightingsData[$aid]['html'] = ''; @@ -209,6 +207,7 @@ Paginator->sort('distribution');?> Sightings + Sparkline Actions @@ -494,8 +493,6 @@ if (isset($csv[$object['id']]['sighting'])) { $temp[1] = $csv[$object['id']]['false-positive']; } - - echo $this->element('sparkline', array('id' => $object['id'], 'csv' => $temp)); ?>     @@ -514,6 +511,13 @@ endif; ?> + + element('sparkline', array('id' => $object['id'], 'csv' => $temp)); + } + ?> + diff --git a/app/View/Elements/sparkline.ctp b/app/View/Elements/sparkline.ctp index 2d28fd9a5..3825d26e6 100644 --- a/app/View/Elements/sparkline.ctp +++ b/app/View/Elements/sparkline.ctp @@ -35,9 +35,9 @@ Modified version of http://www.tnoda.com/blog/2013-12-19 .attr('d', line); svg.append('circle') .attr('class', 'sparkcircle') - .attr('cx', x(data[0].close)) - .attr('cy', y(data[0].date)) - .attr('r', 1.5); + .attr('cx', x(data[data.length - 1].date)) + .attr('cy', y(data[data.length - 1].close)) + .attr('r', 2); } var myData = ""; diff --git a/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp b/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp index 6ee59c9c0..f66099696 100644 --- a/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp +++ b/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp @@ -1,6 +1,6 @@
Form->create('Sighting', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/sightings/quickDelete/' . $id)); + echo $this->Form->create('Sighting', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/sightings/quickDelete/' . $id . '/' . $rawId . '/' . $context)); ?> Remove Sighting
diff --git a/app/webroot/js/misp2.4.62.js b/app/webroot/js/misp2.4.62.js index 5712f702f..6cb53b5ea 100644 --- a/app/webroot/js/misp2.4.62.js +++ b/app/webroot/js/misp2.4.62.js @@ -123,13 +123,13 @@ function removeSighting(id, rawid, context) { $(".loading").hide(); $("#confirmation_box").fadeOut(); var org = "/" + $('#org_id').text(); - $.get( "/sightings/listSightings/" + attribute_id + "/" + context + org, function(data) { + $.get( "/sightings/listSightings/" + rawid + "/" + context + org, function(data) { $("#sightingsData").html(data); }); }, type:"post", cache: false, - url:"/sightings/quickDelete/" + id, + url:"/sightings/quickDelete/" + id + "/" + rawid + "/" + context, }); } From 956758aca5691a59da30c49a50cfa19ef182f67f Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 00:52:56 +0100 Subject: [PATCH 04/20] fix: Some bug fixes --- app/Controller/SightingsController.php | 4 +++- app/View/Sightings/ajax/add_sighting.ctp | 3 ++- app/webroot/js/misp2.4.62.js | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/Controller/SightingsController.php b/app/Controller/SightingsController.php index 9f211362b..beb925b50 100644 --- a/app/Controller/SightingsController.php +++ b/app/Controller/SightingsController.php @@ -71,9 +71,11 @@ class SightingsController extends AppController { } else { $this->layout = false; $this->loadModel('Attribute'); - if (empty($this->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => array('Attribute.id' => $id))))) { + $attributes = $this->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => array('Attribute.id' => $id))); + if (empty($attributes)) { throw new MethodNotAllowedExeption('Invalid Attribute.'); } + $this->set('event_id', $attributes[0]['Attribute']['event_id']); $this->set('id', $id); $this->render('ajax/add_sighting'); } diff --git a/app/View/Sightings/ajax/add_sighting.ctp b/app/View/Sightings/ajax/add_sighting.ctp index a53eb984c..ef3a6cea9 100644 --- a/app/View/Sightings/ajax/add_sighting.ctp +++ b/app/View/Sightings/ajax/add_sighting.ctp @@ -1,9 +1,10 @@

Add Sighting

+ Form->create('Sighting', array('id', 'url' => '/sightings/add/' . $id, 'style' => 'margin-bottom:0px;')); echo $this->Form->input('type', array( 'options' => array('Sighting', 'Fase-positive', 'Expiration'), - 'default' => 2, + 'default' => 0, 'style' => 'width:230px;margin-right:0px;' )); echo $this->Form->input('source', array( diff --git a/app/webroot/js/misp2.4.62.js b/app/webroot/js/misp2.4.62.js index 6cb53b5ea..cb9caf987 100644 --- a/app/webroot/js/misp2.4.62.js +++ b/app/webroot/js/misp2.4.62.js @@ -75,7 +75,7 @@ function editTemplateElement(type, id) { } function cancelPrompt(isolated) { - if (isolated == 'undefined') { + if (isolated == undefined) { $("#gray_out").fadeOut(); } $("#confirmation_box").fadeOut(); From fb16d77e5c75c57a68af5eaa4c01c14d0669d4ab Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 01:27:07 +0100 Subject: [PATCH 05/20] fix: several fixes to the new sightings --- app/Model/Sighting.php | 3 +- app/View/Events/ajax/handleSelected.ctp | 30 +++++++++++++++++++ app/View/Sightings/ajax/add_sighting.ctp | 4 +-- .../ajax/quickDeleteConfirmationForm.ctp | 2 +- app/webroot/js/misp2.4.62.js | 11 +++++++ 5 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 app/View/Events/ajax/handleSelected.ctp diff --git a/app/Model/Sighting.php b/app/Model/Sighting.php index 0d79c2651..ac86735c2 100644 --- a/app/Model/Sighting.php +++ b/app/Model/Sighting.php @@ -96,7 +96,8 @@ class Sighting extends AppModel { public function saveSightings($id, $values, $timestamp, $user, $type = false, $source = false) { $conditions = array(); if ($id && $id !== 'stix') { - if (strlen($id) == 36) $conditions = array('Attribute.uuid' => $id); + $id = $this->explodeIdList($id); + if (!is_array($id) && strlen($id) == 36) $conditions = array('Attribute.uuid' => $id); else $conditions = array('Attribute.id' => $id); } else { if (!$values) return 0; diff --git a/app/View/Events/ajax/handleSelected.ctp b/app/View/Events/ajax/handleSelected.ctp new file mode 100644 index 000000000..a11deeaba --- /dev/null +++ b/app/View/Events/ajax/handleSelected.ctp @@ -0,0 +1,30 @@ +
+ Form->create($model, array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => $url)); + echo $this->Form->input($varName, array( + 'type' => 'text', + 'value' => 'test', + 'style' => 'display:none;', + 'label' => false, + )); + ?> + +
+

+ + + + + + +
+ Yes + + + No +
+
+ Form->end(); + ?> +
diff --git a/app/View/Sightings/ajax/add_sighting.ctp b/app/View/Sightings/ajax/add_sighting.ctp index ef3a6cea9..3c5f80eee 100644 --- a/app/View/Sightings/ajax/add_sighting.ctp +++ b/app/View/Sightings/ajax/add_sighting.ctp @@ -1,7 +1,7 @@

Add Sighting

Form->create('Sighting', array('id', 'url' => '/sightings/add/' . $id, 'style' => 'margin-bottom:0px;')); + echo $this->Form->create('Sighting', array('id', 'url' => '/sightings/add/' . urlencode(h($id)), 'style' => 'margin-bottom:0px;')); echo $this->Form->input('type', array( 'options' => array('Sighting', 'Fase-positive', 'Expiration'), 'default' => 0, @@ -30,7 +30,7 @@ 'label' => false )); ?> -Add +Add
Form->end(); diff --git a/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp b/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp index f66099696..ca22c2788 100644 --- a/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp +++ b/app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp @@ -1,6 +1,6 @@
Form->create('Sighting', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/sightings/quickDelete/' . $id . '/' . $rawId . '/' . $context)); + echo $this->Form->create('Sighting', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/sightings/quickDelete/' . $id . '/' . urlencode($rawId) . '/' . $context)); ?> Remove Sighting
diff --git a/app/webroot/js/misp2.4.62.js b/app/webroot/js/misp2.4.62.js index cb9caf987..78c191209 100644 --- a/app/webroot/js/misp2.4.62.js +++ b/app/webroot/js/misp2.4.62.js @@ -123,6 +123,7 @@ function removeSighting(id, rawid, context) { $(".loading").hide(); $("#confirmation_box").fadeOut(); var org = "/" + $('#org_id').text(); + updateIndex(id, 'event'); $.get( "/sightings/listSightings/" + rawid + "/" + context + org, function(data) { $("#sightingsData").html(data); }); @@ -838,6 +839,16 @@ function submitPopoverForm(context_id, referer, update_context_id) { if (closePopover) { var result = handleAjaxPopoverResponse(data, context_id, url, referer, context, contextNamingConvention); } + if (referer == 'addSighting') { + updateIndex(update_context_id, 'event'); + $.get( "/sightings/listSightings/" + id + "/attribute", function(data) { + $("#sightingsData").html(data); + }); + $('.sightingsToggle').removeClass('btn-primary'); + $('.sightingsToggle').addClass('btn-inverse'); + $('#sightingsListAllToggle').removeClass('btn-inverse'); + $('#sightingsListAllToggle').addClass('btn-primary'); + } if (context == 'event' && (referer == 'add' || referer == 'massEdit' || referer == 'replaceAttributes')) eventUnpublish(); $(".loading").hide(); }, From 74553116ebea47e326402610cf81c82fcb83f484 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 08:30:17 +0100 Subject: [PATCH 06/20] fix: Execute upgrade script --- app/Model/AppModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index b54ac6fc8..de63eac58 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -41,7 +41,7 @@ class AppModel extends Model { 42 => false, 44 => false, 45 => false, 49 => true, 50 => false, 51 => false, 52 => false, 55 => true, 56 => true, 57 => true, 58 => false, 59 => false, 60 => false, 61 => false, 62 => false, - 63 => false, 64 => false, 65 => false + 63 => false, 64 => false, 65 => false, 66 => false ) ) ); From 58c91b96081ce175ac92474ca5630c6ac036dbfb Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 08:36:52 +0100 Subject: [PATCH 07/20] fix: IP:port attribute types should not be line separated --- app/View/Elements/eventattribute.ctp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index b5bd0fb85..ca66bf508 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -335,7 +335,13 @@ } else if (strpos($object['type'], '|') !== false) { $filenameHash = explode('|', $object['value']); echo h($filenameHash[0]); - if (isset($filenameHash[1])) echo '
' . $filenameHash[1]; + if (isset($filenameHash[1])) { + $separator = '
'; + if (in_array($object['type'], array('ip-dst|port', 'ip-src|port'))) { + $separator = ':'; + } + echo $separator . h($filenameHash[1]); + } } else if ('vulnerability' == $object['type']) { if (! is_null(Configure::read('MISP.cveurl'))) { $cveUrl = Configure::read('MISP.cveurl'); From 24e965127bc77073cd8fe74a089ec7a105397fed Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 08:40:25 +0100 Subject: [PATCH 08/20] fix: Fixed a possible issue with the upgrade mechanism - indexer expecting new indeces --- app/Model/AppModel.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index de63eac58..73abe3084 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -660,11 +660,13 @@ class AppModel extends Model { )); } } - foreach ($indexArray as $iA) { - if (isset($iA[2])) { - $this->__addIndex($iA[0], $iA[1], $iA[2]); - } else { - $this->__addIndex($iA[0], $iA[1]); + if (!empty($indexArray)) { + foreach ($indexArray as $iA) { + if (isset($iA[2])) { + $this->__addIndex($iA[0], $iA[1], $iA[2]); + } else { + $this->__addIndex($iA[0], $iA[1]); + } } } if ($clean) $this->cleanCacheFiles(); From e839212b81cdbf943c61503341fff1501261ae0d Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 08:48:02 +0100 Subject: [PATCH 09/20] fix: Execute the cach cleaning before the indexing too --- app/Model/AppModel.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 73abe3084..48a2d42cb 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -661,6 +661,7 @@ class AppModel extends Model { } } if (!empty($indexArray)) { + if ($clean) $this->cleanCacheFiles(); foreach ($indexArray as $iA) { if (isset($iA[2])) { $this->__addIndex($iA[0], $iA[1], $iA[2]); From 19c34bff342a99305c4279a4704eba94a7a3ae8f Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 08:49:00 +0100 Subject: [PATCH 10/20] fix: Fixed some view issues with the sightings --- app/View/Elements/eventattribute.ctp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index ca66bf508..9a23e0d37 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -26,12 +26,12 @@ } $sightingsData[$sighting['attribute_id']][$type]['count']++; $orgName = isset($sighting['Organisation']['name']) ? $sighting['Organisation']['name'] : 'Others'; + if (!isset($startDates[$sighting['attribute_id']]) || $startDates[$sighting['attribute_id']] > $sighting['date_sighting']) { + $startDates[$sighting['attribute_id']] = $sighting['date_sighting']; + } if (!isset($sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName])) { $sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName] = array('count' => 1, 'date' => $sighting['date_sighting']); } else { - if (!isset($startDates[$sighting['attribute_id']]) || $startDates[$sighting['attribute_id']] > $sighting['date_sighting']) { - $startDates[$sighting['attribute_id']] = $sighting['date_sighting']; - } $sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName]['count']++; if ($sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName]['date'] < $sighting['date_sighting']) { $sightingsData[$sighting['attribute_id']][$type]['orgs'][$orgName]['date'] = $sighting['date_sighting']; @@ -496,7 +496,7 @@ if (isset($csv[$object['id']]['sighting'])) { $temp[0] = $csv[$object['id']]['sighting']; } - if (isset($csv[$object['id']]['sighting'])) { + if (isset($csv[$object['id']]['false-positive'])) { $temp[1] = $csv[$object['id']]['false-positive']; } ?> From 2ff14a13c732bf500267ffb737d77f098312157b Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 08:54:07 +0100 Subject: [PATCH 11/20] fix: Fixed an issue with the advanced correlation --- app/Model/Attribute.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 6bf5e9723..de99e38d5 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -1336,6 +1336,7 @@ class Attribute extends AppModel { } } } + $extraConditions = array(); if (!empty($ipValues)) { $extraConditions = array('OR' => array( 'Attribute.value1' => $ipValues, @@ -1378,7 +1379,7 @@ class Attribute extends AppModel { ), 'Attribute.deleted' => 0 ); - if (isset($extraConditions)) { + if (!empty($extraConditions)) { $conditions['AND']['OR'][] = $extraConditions; } $correlatingAttributes[$k] = $this->find('all', array( From b02c76f544e63d1dcdcbe870a4a1d88bfc6df154 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 09:10:51 +0100 Subject: [PATCH 12/20] fix: Fixed an annoying effect when adding a sighting - also, js file renamed to current version --- app/Controller/AppController.php | 4 ++-- app/View/Elements/eventattribute.ctp | 14 ++++++-------- app/webroot/js/{misp2.4.62.js => misp2.4.66.js} | 8 ++++---- 3 files changed, 12 insertions(+), 14 deletions(-) rename app/webroot/js/{misp2.4.62.js => misp2.4.66.js} (99%) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index f50c2f770..4f6e4e819 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -46,9 +46,9 @@ class AppController extends Controller { public $helpers = array('Utility'); - private $__jsVersion = '2.4.62'; + private $__jsVersion = '2.4.66'; public $pyMispVersion = '2.4.65'; - public $phpmin = '5.5.9'; + public $phpmin = '5.6.5'; public $phprec = '7.0.0'; // Used for _isAutomation(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index 9a23e0d37..9ac3cbfc6 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -148,13 +148,13 @@
- - - - - + + + + + - +
@@ -641,8 +641,6 @@ attributes or the appropriate distribution level. If you think there is a mistak popoverStartup(); $('.select_attribute').removeAttr('checked'); $('.select_proposal').removeAttr('checked'); - $('.mass-select').hide(); - $('.mass-proposal-select').hide(); $('.select_attribute').click(function(e) { if ($(this).is(':checked')) { if (e.shiftKey) { diff --git a/app/webroot/js/misp2.4.62.js b/app/webroot/js/misp2.4.66.js similarity index 99% rename from app/webroot/js/misp2.4.62.js rename to app/webroot/js/misp2.4.66.js index 78c191209..5fddf1d77 100644 --- a/app/webroot/js/misp2.4.62.js +++ b/app/webroot/js/misp2.4.66.js @@ -568,13 +568,13 @@ function toggleAllTaxonomyCheckboxes() { } function attributeListAnyAttributeCheckBoxesChecked() { - if ($('.select_attribute:checked').length > 0) $('.mass-select').show(); - else $('.mass-select').hide(); + if ($('.select_attribute:checked').length > 0) $('.mass-select').removeClass('hidden'); + else $('.mass-select').addClass('hidden'); } function attributeListAnyProposalCheckBoxesChecked() { - if ($('.select_proposal:checked').length > 0) $('.mass-proposal-select').show(); - else $('.mass-proposal-select').hide(); + if ($('.select_proposal:checked').length > 0) $('.mass-proposal-select').removeClass('hidden'); + else $('.mass-proposal-select').addClass('hidden'); } function taxonomyListAnyCheckBoxesChecked() { From f40f3311a65e98d71f87685b5e4c0e9626489316 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 09:23:53 +0100 Subject: [PATCH 13/20] fix: Changed name of the activity sparkline graphs --- app/View/Elements/eventattribute.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index 9ac3cbfc6..8c7381f54 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -207,7 +207,7 @@ Paginator->sort('distribution');?> Sightings - Sparkline + Activity Actions From 88c08af7dfdd759ee70c7d028d601afacf6843fb Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 09:34:56 +0100 Subject: [PATCH 14/20] fix: MYSQL.sql brought up to date --- INSTALL/MYSQL.sql | 58 +++++++++++++++++++++++++++++------------- app/Model/AppModel.php | 5 ++-- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index 4988e4053..605dd9c9e 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -29,12 +29,13 @@ CREATE TABLE IF NOT EXISTS `attributes` ( `timestamp` int(11) NOT NULL DEFAULT 0, `distribution` tinyint(4) NOT NULL DEFAULT 0, `sharing_group_id` int(11) NOT NULL, - `comment` text COLLATE utf8_bin NOT NULL, + `comment` text COLLATE utf8_bin, `deleted` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`), INDEX `event_id` (`event_id`), INDEX `value1` (`value1`(255)), INDEX `value2` (`value2`(255)), + INDEX `type` (`type`), INDEX `sharing_group_id` (`sharing_group_id`), UNIQUE INDEX `uuid` (`uuid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; @@ -137,6 +138,7 @@ CREATE TABLE IF NOT EXISTS `events` ( `locked` tinyint(1) NOT NULL DEFAULT 0, `threat_level_id` int(11) NOT NULL, `publish_timestamp` int(11) NOT NULL DEFAULT 0, + `disable_correlation` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`), UNIQUE INDEX `uuid` (`uuid`), FULLTEXT INDEX `info` (`info`(255)), @@ -206,14 +208,26 @@ CREATE TABLE IF NOT EXISTS `feeds` ( `provider` varchar(255) COLLATE utf8_bin NOT NULL, `url` varchar(255) COLLATE utf8_bin NOT NULL, `rules` text COLLATE utf8_bin DEFAULT NULL, - `enabled` BOOLEAN NOT NULL, - `distribution` tinyint(4) NOT NULL, + `enabled` tinyint(1) DEFAULT 0, + `distribution` tinyint(4) NOT NULL DEFAULT 0, `sharing_group_id` int(11) NOT NULL DEFAULT 0, `tag_id` int(11) NOT NULL DEFAULT 0, - `default` tinyint(1) NOT NULL, - PRIMARY KEY (`id`) + `default` tinyint(1) DEFAULT 0, + `source_format` varchar(255) COLLATE utf8_bin DEFAULT 'misp', + `fixed_event` tinyint(1) NOT NULL DEFAULT 0, + `delta_merge` tinyint(1) NOT NULL DEFAULT 0, + `event_id` int(11) NOT NULL DEFAULT 0, + `publish` tinyint(1) NOT NULL DEFAULT 0, + `override_ids` tinyint(1) NOT NULL DEFAULT 0, + `settings` text NOT NULL DEFAULT '', + `input_source` varchar(255) COLLATE utf8_bin NOT NULL DEFAULT "network", + `delete_local_file` tinyint(1) DEFAULT 0, + PRIMARY KEY (`id`), + INDEX `input_source` (`input_source`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + -- ------------------------------------------------------- -- @@ -330,9 +344,9 @@ CREATE TABLE IF NOT EXISTS `logs` ( `model_id` int(11) NOT NULL, `action` varchar(20) COLLATE utf8_bin NOT NULL, `user_id` int(11) NOT NULL, - `change` text CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL, - `email` varchar(255) COLLATE utf8_bin NOT NULL, - `org` varchar(255) COLLATE utf8_bin NOT NULL, + `change` text COLLATE utf8_bin NOT NULL DEFAULT "", + `email` varchar(255) COLLATE utf8_bin NOT NULL DEFAULT "", + `org` varchar(255) COLLATE utf8_bin NOT NULL DEFAULT "", `description` text CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; @@ -478,7 +492,7 @@ CREATE TABLE IF NOT EXISTS `servers` ( CREATE TABLE IF NOT EXISTS `shadow_attributes` ( `id` int(11) NOT NULL AUTO_INCREMENT, - `old_id` int(11) NOT NULL, + `old_id` int(11) DEFAULT 0, `event_id` int(11) NOT NULL, `type` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, `category` varchar(255) COLLATE utf8_bin NOT NULL, @@ -494,6 +508,7 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` ( `deleted` tinyint(1) NOT NULL DEFAULT 0, `timestamp` int(11) NOT NULL DEFAULT 0, `proposal_to_delete` BOOLEAN NOT NULL DEFAULT 0, + `disable_correlation` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`), INDEX `event_id` (`event_id`), INDEX `event_uuid` (`event_uuid`), @@ -599,15 +614,21 @@ CREATE TABLE `sharing_groups` ( -- CREATE TABLE IF NOT EXISTS sightings ( - id int(11) NOT NULL AUTO_INCREMENT, - attribute_id int(11) NOT NULL, - event_id int(11) NOT NULL, - org_id int(11) NOT NULL, - date_sighting bigint(20) NOT NULL, + `id int(11)` NOT NULL AUTO_INCREMENT, + `attribute_id` int(11) NOT NULL, + `event_id` int(11) NOT NULL, + `org_id` int(11) NOT NULL, + `date_sighting` bigint(20) NOT NULL, + `uuid` varchar(255) COLLATE utf8_bin DEFAULT "", + `source` varchar(255) COLLATE utf8_bin DEFAULT "", + `type` int(11) DEFAULT 0, PRIMARY KEY (id), - INDEX attribute_id (attribute_id), - INDEX event_id (event_id), - INDEX org_id (org_id) + INDEX `attribute_id` (`attribute_id`), + INDEX `event_id` (`event_id`), + INDEX `org_id` (`org_id`), + INDEX `uuid` (`uuid`), + INDEX `source` (`source`), + INDEX `type` (`type`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; -- -------------------------------------------------------- @@ -622,6 +643,7 @@ CREATE TABLE IF NOT EXISTS `tags` ( `colour` varchar(7) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `exportable` tinyint(1) NOT NULL, `org_id` tinyint(1) NOT NULL DEFAULT 0, + `hide_tag` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`), FULLTEXT INDEX `name` (`name`), INDEX `org_id` (`org_id`) @@ -922,7 +944,7 @@ CREATE TABLE IF NOT EXISTS `whitelist` ( -- INSERT INTO `admin_settings` (`id`, `setting`, `value`) VALUES -(1, 'db_version', '2.4.51'); +(1, 'db_version', '2.4.66'); INSERT INTO `feeds` (`id`, `provider`, `name`, `url`, `distribution`, `default`, `enabled`) VALUES (1, 'CIRCL', 'CIRCL OSINT Feed', 'https://www.circl.lu/doc/misp/feed-osint', 3, 1, 0), diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 48a2d42cb..a08ade9e2 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -562,8 +562,6 @@ class AppModel extends Model { $sqlArray[] = 'CREATE INDEX idx_attribute_tags_event_id ON attribute_tags (event_id);'; $sqlArray[] = 'CREATE INDEX idx_attribute_tags_tag_id ON attribute_tags (tag_id);'; } - $this->__dropIndex('attribute_tags', 'attribute_id'); - $this->__dropIndex('attribute_tags', 'tag_id'); break; case '2.4.61': $sqlArray[] = 'ALTER TABLE feeds ADD input_source varchar(255) COLLATE utf8_bin NOT NULL DEFAULT "network";'; @@ -611,6 +609,9 @@ class AppModel extends Model { $sqlArray[] = 'ALTER TABLE sightings ADD COLUMN uuid varchar(255) COLLATE utf8_bin DEFAULT "";'; $sqlArray[] = 'ALTER TABLE sightings ADD COLUMN source varchar(255) COLLATE utf8_bin DEFAULT "";'; $sqlArray[] = 'ALTER TABLE sightings ADD COLUMN type int(11) DEFAULT 0;'; + $indexArray[] = array('sightings', 'uuid'); + $indexArray[] = array('sightings', 'source'); + $indexArray[] = array('sightings', 'type'); break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; From 2f80d46dcf1de847aedf2b460f909ed012dc4dd6 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 09:39:24 +0100 Subject: [PATCH 15/20] fix: typo --- INSTALL/MYSQL.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index 605dd9c9e..8a7193f5c 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -614,7 +614,7 @@ CREATE TABLE `sharing_groups` ( -- CREATE TABLE IF NOT EXISTS sightings ( - `id int(11)` NOT NULL AUTO_INCREMENT, + `id` int(11) NOT NULL AUTO_INCREMENT, `attribute_id` int(11) NOT NULL, `event_id` int(11) NOT NULL, `org_id` int(11) NOT NULL, From 1251eb81897fb3665d8877bb1d82ec3c62f78be4 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 09:46:07 +0100 Subject: [PATCH 16/20] fix: Added missing column in MYSQL.sql and some indexing --- INSTALL/MYSQL.sql | 8 ++++++-- app/Model/AppModel.php | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index 8a7193f5c..ab49b8f10 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -31,11 +31,13 @@ CREATE TABLE IF NOT EXISTS `attributes` ( `sharing_group_id` int(11) NOT NULL, `comment` text COLLATE utf8_bin, `deleted` tinyint(1) NOT NULL DEFAULT 0, + `disable_correlation` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`), INDEX `event_id` (`event_id`), INDEX `value1` (`value1`(255)), INDEX `value2` (`value2`(255)), INDEX `type` (`type`), + INDEX `category` (`category`), INDEX `sharing_group_id` (`sharing_group_id`), UNIQUE INDEX `uuid` (`uuid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; @@ -487,7 +489,7 @@ CREATE TABLE IF NOT EXISTS `servers` ( -- -------------------------------------------------------- -- --- Table structure for table `shadow_attributes` +-- Table structure for table ``)ributes` -- CREATE TABLE IF NOT EXISTS `shadow_attributes` ( @@ -516,7 +518,9 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` ( INDEX `uuid` (`uuid`), INDEX `old_id` (`old_id`), INDEX `value1` (`value1`(255)), - INDEX `value2` (`value2`(255)) + INDEX `value2` (`value2`(255)), + INDEX `type` (`type`), + INDEX `category` (`category`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; -- -------------------------------------------------------- diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index a08ade9e2..1915ca347 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -612,6 +612,9 @@ class AppModel extends Model { $indexArray[] = array('sightings', 'uuid'); $indexArray[] = array('sightings', 'source'); $indexArray[] = array('sightings', 'type'); + $indexArray[] = array('attributes', 'category'); + $indexArray[] = array('shadow_attributes', 'category'); + $indexArray[] = array('shadow_attributes', 'type'); break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; From 9d7ca3c39ba537cdd2cbd95dc6aac1472f7623f9 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 09:57:59 +0100 Subject: [PATCH 17/20] fix: Enforce longer value fields on the event view --- app/View/Elements/eventattribute.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp index 8c7381f54..b556cfc9d 100644 --- a/app/View/Elements/eventattribute.ctp +++ b/app/View/Elements/eventattribute.ctp @@ -303,7 +303,7 @@
- +
Date: Fri, 17 Feb 2017 10:05:05 +0100 Subject: [PATCH 18/20] fix: ACL updated --- app/Controller/Component/ACLComponent.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index ddd78d7aa..cb1d3fe2d 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -286,8 +286,12 @@ class ACLComponent extends Component { ), 'sightings' => array( 'add' => array('perm_add'), + 'advanced' => array('perm_add'), 'delete' => array('perm_add'), - 'index' => array('*') + 'index' => array('*'), + 'listSightings' => array('perm_add'), + 'quickDelete' => array('perm_add'), + 'viewSightings' => array('perm_add') ), 'tags' => array( 'add' => array('perm_tag_editor'), From 589e4c3529960e69e32c2ffeb42ce263af9cabd8 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 17 Feb 2017 10:40:59 +0100 Subject: [PATCH 19/20] fix: fixed some permission issues preventing non site admins from using some functionalities correctly --- app/Controller/SightingsController.php | 7 ++++++- app/View/Sightings/ajax/list_sightings.ctp | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/Controller/SightingsController.php b/app/Controller/SightingsController.php index beb925b50..1595e35d7 100644 --- a/app/Controller/SightingsController.php +++ b/app/Controller/SightingsController.php @@ -251,7 +251,12 @@ class SightingsController extends AppController { } $temp = array(); foreach ($sighting as $sightingInstance) { - $temp[$sightingInstance['Organisation']['name']] = isset($temp[$sightingInstance['Organisation']['name']]) ? $temp[$sightingInstance['Organisation']['name']] + 1 : 1; + if (!isset($sightingInstance['Organisation']['name'])) { + $org = 'Anonymised'; + } else { + $org = $sightingInstance['Organisation']['name']; + } + $temp[$org] = isset($temp[$org]) ? $temp[$org] + 1 : 1; } $dataPoints[$date][$type] = array('count' => count($sighting), 'details' => $temp); } diff --git a/app/View/Sightings/ajax/list_sightings.ctp b/app/View/Sightings/ajax/list_sightings.ctp index ba16cfd1a..2ab5c3af8 100644 --- a/app/View/Sightings/ajax/list_sightings.ctp +++ b/app/View/Sightings/ajax/list_sightings.ctp @@ -37,7 +37,7 @@ Date: Fri, 17 Feb 2017 12:14:57 +0100 Subject: [PATCH 20/20] fix: Fixed a JS error causing a feed edit to not populate the filter popover, fixes #1959 --- app/View/Feeds/edit.ctp | 3 +++ app/webroot/js/misp2.4.66.js | 1 + 2 files changed, 4 insertions(+) diff --git a/app/View/Feeds/edit.ctp b/app/View/Feeds/edit.ctp index 515d40bda..62a4dfe68 100644 --- a/app/View/Feeds/edit.ctp +++ b/app/View/Feeds/edit.ctp @@ -187,9 +187,12 @@ var rules = {"pull": {"tags": {"OR":[], "NOT":[]}, "orgs": {"OR":[], "NOT":[]}}} var validOptions = ['pull']; var validFields = ['tags', 'orgs']; var modelContext = 'Feed'; +var tags = []; +var orgs = []; $(document).ready(function() { rules = convertServerFilterRules(rules); + serverRulePopulateTagPicklist(); feedDistributionChange(); $("#pull_modify").click(function() { serverRuleFormActivate('pull'); diff --git a/app/webroot/js/misp2.4.66.js b/app/webroot/js/misp2.4.66.js index 5fddf1d77..1c28d8959 100644 --- a/app/webroot/js/misp2.4.66.js +++ b/app/webroot/js/misp2.4.66.js @@ -2366,6 +2366,7 @@ function serverRuleUpdate() { }); } statusOptions.forEach(function(status) { + console.log(); if (rules[type][field][status].length > 0) { $('#' + type + '_' + field + '_' + status).show(); var t = '';