mirror of https://github.com/MISP/MISP
Merge branch 'master' into feature/sg
Conflicts: VERSION.json app/Lib/Tools/XMLConverterTool.php app/Model/Event.phppull/762/head
commit
f1a5ba52e5
|
@ -484,17 +484,16 @@ class ServersController extends AppController {
|
|||
App::uses('File', 'Utility');
|
||||
App::uses('Folder', 'Utility');
|
||||
$additionalViewVars = array();
|
||||
if ($tab == 'files') {
|
||||
$files = $this->__manageFiles();
|
||||
$this->set('files', $files);
|
||||
}
|
||||
// Only run this check on the diagnostics tab
|
||||
if ($tab == 'diagnostics' || $tab == 'download') {
|
||||
// check if the current version of MISP is outdated or not
|
||||
$version = $this->__checkVersion();
|
||||
$this->set('version', $version);
|
||||
if ($version && (!$version['upToDate'] || $version['upToDate'] == 'older')) $diagnostic_errors++;
|
||||
|
||||
if ($tab == 'files') {
|
||||
$files = $this->__manageFiles();
|
||||
$this->set('files', $files);
|
||||
}
|
||||
|
||||
// check if the STIX and Cybox libraries are working and the correct version using the test script stixtest.py
|
||||
$stix = $this->Server->stixDiagnostics($diagnostic_errors, $stixVersion, $cyboxVersion);
|
||||
|
|
|
@ -22,12 +22,9 @@ class TemplatesController extends AppController {
|
|||
|
||||
public function beforeFilter() { // TODO REMOVE
|
||||
parent::beforeFilter();
|
||||
$this->Security->unlockedActions = array('saveElementSorting', 'populateEventFromTemplate', 'uploadFile', 'deleteTemporaryFile');
|
||||
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile');
|
||||
}
|
||||
|
||||
public function fetchFormFromTemplate($id) {
|
||||
|
||||
}
|
||||
|
||||
public function index() {
|
||||
$conditions = array();
|
||||
|
@ -136,6 +133,7 @@ class TemplatesController extends AppController {
|
|||
}
|
||||
|
||||
public function add() {
|
||||
if (!$this->userRole['perm_template']) throw new MethodNotAllowedException('You are not authorised to do that.');
|
||||
if ($this->request->is('post')) {
|
||||
unset($this->request->data['Template']['tagsPusher']);
|
||||
$tags = $this->request->data['Template']['tags'];
|
||||
|
@ -299,6 +297,8 @@ class TemplatesController extends AppController {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// called when the user is finished populating a template and is has finished reviewing the resulting attributes at the last stage of the process
|
||||
public function submitEventPopulation($template_id, $event_id) {
|
||||
if ($this->request->is('post')) {
|
||||
$this->loadModel('Event');
|
||||
|
@ -332,11 +332,11 @@ class TemplatesController extends AppController {
|
|||
}
|
||||
|
||||
if (isset($this->request->data['Template']['attributes'])) {
|
||||
$attributes = unserialize($this->request->data['Template']['attributes']);
|
||||
$attributes = json_decode($this->request->data['Template']['attributes'], true);
|
||||
$this->loadModel('Attribute');
|
||||
$fails = 0;
|
||||
foreach($attributes as $k => &$attribute) {
|
||||
if (isset($attribute['data'])) {
|
||||
if (isset($attribute['data']) && preg_match('/^[a-zA-Z0-9]{12}$/', $attribute['data'])) {
|
||||
$file = new File(APP . 'tmp/files/' . $attribute['data']);
|
||||
$content = $file->read();
|
||||
$attribute['data'] = base64_encode($content);
|
||||
|
@ -414,6 +414,9 @@ class TemplatesController extends AppController {
|
|||
return $array;
|
||||
}
|
||||
|
||||
// deletes a temporary file created by the user while populating a template
|
||||
// users can add files to attachment fields and when they change their mind about it, they can remove a file (deleting the temporary file)
|
||||
// before it gets saved as an attribute and moved to the persistent attachment store
|
||||
public function deleteTemporaryFile($filename) {
|
||||
if (!$this->request->is('post')) throw new MethodNotAllowedException('This action is restricted to accepting POST requests only.');
|
||||
//if (!$this->request->is('ajax')) throw new MethodNotAllowedException('This action is only accessible through AJAX.');
|
||||
|
|
|
@ -37,9 +37,9 @@ class RPZExport {
|
|||
|
||||
public function explain($type, $policy) {
|
||||
$explanations = array(
|
||||
'ip' => '# The following list of IP addresses will ',
|
||||
'domain' => '# The following domain names and all of their sub-domains will ',
|
||||
'hostname' => '# The following hostnames will '
|
||||
'ip' => '; The following list of IP addresses will ',
|
||||
'domain' => '; The following domain names and all of their sub-domains will ',
|
||||
'hostname' => '; The following hostnames will '
|
||||
);
|
||||
$policy_explanations = array(
|
||||
'walled-garden' => 'returns the defined alternate location.',
|
||||
|
@ -53,7 +53,7 @@ class RPZExport {
|
|||
public function buildHeader($rpzSettings) {
|
||||
$rpzSettings['serial'] = str_replace('$date', date('Ymd'), $rpzSettings['serial']);
|
||||
$header = '';
|
||||
$header .= '$TTL ' . $rpzSettings['ttl'] . PHP_EOL;
|
||||
$header .= '$TTL ' . $rpzSettings['ttl'] . ';' . PHP_EOL;
|
||||
$header .= '@ SOA ' . $rpzSettings['ns'] . ' ' . $rpzSettings['email'] . ' (' . $rpzSettings['serial'] . ' ' . $rpzSettings['refresh'] . ' ' . $rpzSettings['retry'] . ' ' . $rpzSettings['expiry'] . ' ' . $rpzSettings['minimum_ttl'] . ')' . PHP_EOL;
|
||||
$header .= ' NS ' . $rpzSettings['ns'] . PHP_EOL . PHP_EOL;
|
||||
return $header;
|
||||
|
@ -106,7 +106,7 @@ class RPZExport {
|
|||
if (strpos($input, '/')) {
|
||||
list($input, $prefix) = explode('/', $input);
|
||||
}
|
||||
return $prefix . '.' . $this->{'__' . $type}($input) . ' CNAME ' . $action . PHP_EOL;
|
||||
return $prefix . '.' . $this->{'__' . $type}($input) . '.rpz-ip CNAME ' . $action . PHP_EOL;
|
||||
}
|
||||
|
||||
private function __ipv6($input) {
|
||||
|
|
|
@ -42,10 +42,9 @@ class XMLConverterTool {
|
|||
if (isset($event['SharingGroup'])) {
|
||||
$event['Event']['SharingGroup'][0] = $event['SharingGroup'];
|
||||
}
|
||||
$event['Event']['Attribute'] = $event['Attribute'];
|
||||
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
|
||||
|
||||
if (isset($event['RelatedEvent'])) $event['Event']['RelatedEvent'] = $event['RelatedEvent'];
|
||||
if (isset($event['Attribute'])) $event['Event']['Attribute'] = $event['Attribute'];
|
||||
if (isset($event['ShadowAttribute'])) $event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
|
||||
if (isset($event['RelatedEvent'])) if (isset($event['RelatedEvent'])) $event['Event']['RelatedEvent'] = $event['RelatedEvent'];
|
||||
|
||||
// legacy
|
||||
unset($event['Event']['org']);
|
||||
|
@ -56,7 +55,7 @@ class XMLConverterTool {
|
|||
$event['Event']['Tag'][$k] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$event['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['info']);
|
||||
$event['Event']['info'] = str_replace($toEscape, $escapeWith, $event['Event']['info']);
|
||||
//
|
||||
|
@ -75,12 +74,14 @@ class XMLConverterTool {
|
|||
$event['Event']['Attribute'][$key]['value'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['value']);
|
||||
$event['Event']['Attribute'][$key]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['comment']);
|
||||
$event['Event']['Attribute'][$key]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['comment']);
|
||||
unset($event['Event']['Attribute'][$key]['value1'], $event['Event']['Attribute'][$key]['value2']);
|
||||
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
|
||||
unset($event['Event']['Attribute'][$key]['value1'], $event['Event']['Attribute'][$key]['value2'], $event['Event']['Attribute'][$key]['category_order']);
|
||||
if (isset($event['Event']['Attribute'][$key]['ShadowAttribute']))
|
||||
foreach($event['Event']['Attribute'][$key]['ShadowAttribute'] as $skey => $svalue) {
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['value']);
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
|
||||
$event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment'] = str_replace($toEscape, $escapeWith, $event['Event']['Attribute'][$key]['ShadowAttribute'][$skey]['comment']);
|
||||
}
|
||||
}
|
||||
if (isset($event['Event']['Attribute'][$key]['SharingGroup']['SharingGroupOrg'])) {
|
||||
foreach ($event['Event']['Attribute'][$key]['SharingGroup']['SharingGroupOrg'] as $k => $sgo) {
|
||||
|
|
|
@ -1405,7 +1405,7 @@ class Attribute extends AppModel {
|
|||
public function rpz($org, $isSiteAdmin, $tags = false, $eventId = false, $from = false, $to = false) {
|
||||
// we can group hostname and domain as well as ip-src and ip-dst in this case
|
||||
$conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1);
|
||||
$typesToFetch = array('ip' => array('ip-src', 'ip-dst'), 'hostname' => array('hostname'), 'domain' => array('domain'));
|
||||
$typesToFetch = array('ip' => array('ip-src', 'ip-dst'), 'domain' => array('domain'), 'hostname' => array('hostname'));
|
||||
if ($from) $conditions['AND']['Event.date >='] = $from;
|
||||
if ($to) $conditions['AND']['Event.date <='] = $to;
|
||||
if (!$isSiteAdmin) {
|
||||
|
@ -1445,7 +1445,17 @@ class Attribute extends AppModel {
|
|||
'group' => array('Attribute.value'), //fields to GROUP BY
|
||||
);
|
||||
$temp = $this->find('all', $params);
|
||||
foreach ($temp as $value) $values[$k][] = $value['Attribute']['value'];
|
||||
if ($k == 'hostname') {
|
||||
foreach ($temp as $value) {
|
||||
$found = false;
|
||||
foreach ($values['domain'] as $domain) {
|
||||
if (strpos($value['Attribute']['value'], $domain) != 0) {
|
||||
$found = true;
|
||||
}
|
||||
}
|
||||
if (!$found) $values[$k][] = $value['Attribute']['value'];
|
||||
}
|
||||
} else foreach ($temp as $value) $values[$k][] = $value['Attribute']['value'];
|
||||
unset($temp);
|
||||
}
|
||||
return $values;
|
||||
|
|
|
@ -799,14 +799,18 @@ class Event extends AppModel {
|
|||
// Rearranging things to be compatible with the XML conversion
|
||||
// Removing unwanted properties
|
||||
$event = $this->__updateEventForSync($event, $server);
|
||||
$xmlArray['Event'][] = $event['Event'];
|
||||
App::uses('XMLConverterTool', 'Tools');
|
||||
$converter = new XMLConverterTool();
|
||||
$data = '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . $converter->event2XML($event) . PHP_EOL;
|
||||
|
||||
// display the XML to the user
|
||||
$xmlObject = Xml::fromArray(array('Event' => $event['Event']), array('format' => 'tags'));
|
||||
$data = $xmlObject->asXML();
|
||||
// do a REST POST request with the server
|
||||
|
||||
debug($data);
|
||||
throw new Exception();
|
||||
|
||||
|
||||
|
||||
// LATER validate HTTPS SSL certificate
|
||||
$this->Dns = ClassRegistry::init('Dns');
|
||||
if ($this->Dns->testipaddress(parse_url($uri, PHP_URL_HOST))) {
|
||||
|
|
|
@ -430,7 +430,7 @@ class Server extends AppModel {
|
|||
'GnuPG' => array(
|
||||
'branch' => 1,
|
||||
'binary' => array(
|
||||
'level' => 0,
|
||||
'level' => 2,
|
||||
'description' => 'The location of the GPG executable. If you would like to use a different gpg executable than /usr/bin/gpg, you can set it here. If the default is fine, just keep the setting suggested by MISP.',
|
||||
'value' => '/usr/bin/gpg',
|
||||
'errorMessage' => '',
|
||||
|
|
|
@ -20,10 +20,10 @@
|
|||
endif;
|
||||
if ($target_type === 'post'):
|
||||
?>
|
||||
<div class="input clear">
|
||||
<label for="PostResponseTo">In response to</label>
|
||||
<textarea class="input-xxlarge" disabled="disabled" cols="30" rows="6" id="PostResponseTo"><?php echo h($previous); ?></textarea>
|
||||
</div>
|
||||
<div class="input clear">
|
||||
<label for="PostResponseTo">In response to</label>
|
||||
<textarea class="input-xxlarge" disabled="disabled" cols="30" rows="6" id="PostResponseTo"><?php echo h($previous); ?></textarea>
|
||||
</div>
|
||||
<?php
|
||||
$quote = '[QUOTE]' . $previous . '[/QUOTE]' . "\n";
|
||||
endif;
|
||||
|
|
|
@ -56,7 +56,7 @@ var selectedTags = [];
|
|||
var allTags = [
|
||||
<?php
|
||||
foreach ($tagInfo as $tag) {
|
||||
echo "{'id' : '" . $tag['Tags']['id'] . "', 'name' : '" . $tag['Tags']['name'] . "', 'colour' : '" . $tag['Tags']['colour'] . "'},";
|
||||
echo "{'id' : '" . h($tag['Tags']['id']) . "', 'name' : '" . h($tag['Tags']['name']) . "', 'colour' : '" . h($tag['Tags']['colour']) . "'},";
|
||||
}
|
||||
?>
|
||||
];
|
||||
|
|
|
@ -63,7 +63,7 @@ var selectedTags = [
|
|||
var allTags = [
|
||||
<?php
|
||||
foreach ($tagInfo as $tag) {
|
||||
echo "{'id' : '" . $tag['Tags']['id'] . "', 'name' : '" . $tag['Tags']['name'] . "', 'colour' : '" . $tag['Tags']['colour'] . "'},";
|
||||
echo "{'id' : '" . h($tag['Tags']['id']) . "', 'name' : '" . h($tag['Tags']['name']) . "', 'colour' : '" . h($tag['Tags']['colour']) . "'},";
|
||||
}
|
||||
?>
|
||||
];
|
||||
|
|
|
@ -29,7 +29,7 @@ endforeach;?>
|
|||
'id' => 'attributes',
|
||||
'label' => false,
|
||||
'type' => 'hidden',
|
||||
'value' => serialize($attributes),
|
||||
'value' => json_encode($attributes),
|
||||
));
|
||||
?>
|
||||
</fieldset>
|
||||
|
|
|
@ -904,7 +904,13 @@ function templateFileHiddenAdd(files, element_id, batch) {
|
|||
}
|
||||
}
|
||||
|
||||
function htmlEncode(value){
|
||||
return $('<div/>').text(value).html();
|
||||
}
|
||||
|
||||
function templateAddFileBubble(element_id, iframe, filename, tmp_name, batch) {
|
||||
filename = htmlEncode(filename);
|
||||
tmp_name = htmlEncode(tmp_name);
|
||||
if (batch == 'no') {
|
||||
if (iframe == true) {
|
||||
$('#filenames_' + element_id, window.parent.document).html('<div id ="' + tmp_name + '_container" class ="template_file_box_container"><span class="tagFirstHalf template_file_box">' + filename + '</span><span onClick="templateDeleteFileBubble(\'' + filename + '\', \'' + tmp_name + '\', \'' + element_id + '\', \'normal\', \'no\');" class="tagSecondHalf useCursorPointer">x</span></div>');
|
||||
|
|
Loading…
Reference in New Issue