mirror of https://github.com/MISP/MISP
Merge branch 'master' into develop
Conflicts: INSTALL/MYSQL.sql app/Controller/EventsController.php app/Model/Attribute.phppull/217/head
commit
fbe2eddc7a
|
@ -294,34 +294,36 @@ CREATE TABLE IF NOT EXISTS `whitelist` (
|
|||
-- Default values for initial installation
|
||||
--
|
||||
|
||||
INSERT INTO `regexp`
|
||||
(`regexp`, `replacement`)
|
||||
VALUES
|
||||
('/.:.ProgramData./i','%ALLUSERSPROFILE%\\\\'),
|
||||
('/.:.Documents and Settings.All Users./i','%ALLUSERSPROFILE%\\\\'),
|
||||
('/.:.Program Files.Common Files./i','%COMMONPROGRAMFILES%\\\\'),
|
||||
('/.:.Program Files \(x86\).Common Files./i','%COMMONPROGRAMFILES(x86)%\\\\'),
|
||||
('/.:.Users.(\\w+).AppData.Local.Temp./i','%TEMP%\\\\'),
|
||||
('/.:.ProgramData./i','%PROGRAMDATA%\\\\'),
|
||||
('/.:.Program Files./i','%PROGRAMFILES%\\\\'),
|
||||
('/.:.Program Files \(x86\)./i','%PROGRAMFILES(X86)%\\\\'),
|
||||
('/.:.Users.Public./i','%PUBLIC%\\\\'),
|
||||
('/.:.Documents and Settings.(\\w+).Local Settings.Temp./i','%TEMP%\\\\'),
|
||||
('/.:.Users.(\\w+).AppData.Local.Temp./i','%TEMP%\\\\'),
|
||||
('/.:.Users.(\\w+).AppData.Local./i','%LOCALAPPDATA%\\\\'),
|
||||
('/.:.Users.(\\w+).AppData.Roaming./i','%APPDATA%\\\\'),
|
||||
('/.:.Users.(\\w+).Application Data./i','%APPDATA%\\\\'),
|
||||
('/.:.Windows.(\\w+).Application Data./i','%APPDATA%\\\\'),
|
||||
('/.:.Users.(\\w+)./i','%USERPROFILE%\\\\'),
|
||||
('/.:.DOCUME~1.(\\w+)./i','%USERPROFILE%\\\\'),
|
||||
('/.:.Documents and Settings.(\\w+)./i','%USERPROFILE%\\\\'),
|
||||
('/.:.Windows./i','%WINDIR%\\\\'),
|
||||
('/.:.Windows./i','%WINDIR%\\\\'),
|
||||
('/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/i','HKCU'),
|
||||
('/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}/i','HKCU'),
|
||||
('/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}/i','HKCU'),
|
||||
('/.REGISTRY.MACHINE./i','HKLM\\\\'),
|
||||
('/.Registry.Machine./i','HKLM\\\\');
|
||||
INSERT INTO `regexp` (`id`, `regexp`, `replacement`, `type`) VALUES
|
||||
(1, '/.:.ProgramData./i', '%ALLUSERSPROFILE%\\\\', 'ALL'),
|
||||
(2, '/.:.Documents and Settings.All Users./i', '%ALLUSERSPROFILE%\\\\', 'ALL'),
|
||||
(3, '/.:.Program Files.Common Files./i', '%COMMONPROGRAMFILES%\\\\', 'ALL'),
|
||||
(4, '/.:.Program Files (x86).Common Files./i', '%COMMONPROGRAMFILES(x86)%\\\\', 'ALL'),
|
||||
(5, '/.:.Users\\\\(.*?)\\\\AppData.Local.Temp./i', '%TEMP%\\\\', 'ALL'),
|
||||
(6, '/.:.ProgramData./i', '%PROGRAMDATA%\\\\', 'ALL'),
|
||||
(7, '/.:.Program Files./i', '%PROGRAMFILES%\\\\', 'ALL'),
|
||||
(8, '/.:.Program Files (x86)./i', '%PROGRAMFILES(X86)%\\\\', 'ALL'),
|
||||
(9, '/.:.Users.Public./i', '%PUBLIC%\\\\', 'ALL'),
|
||||
(10, '/.:.Documents and Settings\\\\(.*?)\\\\Local Settings.Temp./i', '%TEMP%\\\\', 'ALL'),
|
||||
(11, '/.:.Users\\\\(.*?)\\\\AppData.Local.Temp./i', '%TEMP%\\\\', 'ALL'),
|
||||
(12, '/.:.Users\\\\(.*?)\\\\AppData.Local./i', '%LOCALAPPDATA%\\\\', 'ALL'),
|
||||
(13, '/.:.Users\\\\(.*?)\\\\AppData.Roaming./i', '%APPDATA%\\\\', 'ALL'),
|
||||
(14, '/.:.Users\\\\(.*?)\\\\Application Data./i', '%APPDATA%\\\\', 'ALL'),
|
||||
(15, '/.:.Windows\\\\(.*?)\\\\Application Data./i', '%APPDATA%\\\\', 'ALL'),
|
||||
(16, '/.:.Users\\\\(.*?)\\\\/i', '%USERPROFILE%\\\\', 'ALL'),
|
||||
(17, '/.:.DOCUME~1.\\\\(.*?)\\\\/i', '%USERPROFILE%\\\\', 'ALL'),
|
||||
(18, '/.:.Documents and Settings\\\\(.*?)\\\\/i', '%USERPROFILE%\\\\', 'ALL'),
|
||||
(19, '/.:.Windows./i', '%WINDIR%\\\\', 'ALL'),
|
||||
(20, '/.:.Windows./i', '%WINDIR%\\\\', 'ALL'),
|
||||
(21, '/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/i', 'HKCU', 'ALL'),
|
||||
(22, '/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}/i', 'HKCU', 'ALL'),
|
||||
(23, '/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}/i', 'HKCU', 'ALL'),
|
||||
(24, '/.REGISTRY.MACHINE./i', 'HKLM\\\\', 'ALL'),
|
||||
(25, '/.Registry.Machine./i', 'HKLM\\\\', 'ALL'),
|
||||
(26, '/%USERPROFILE%.Application Data.Microsoft.UProof/i', '', 'ALL'),
|
||||
(27, '/%USERPROFILE%.Local Settings.History/i', '', 'ALL'),
|
||||
(28, '/%APPDATA%.Microsoft.UProof/i ', '', 'ALL'),
|
||||
(29, '/%LOCALAPPDATA%.Microsoft.Windows.Temporary Internet Files/i', '', 'ALL');
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
|
@ -360,4 +362,5 @@ VALUES
|
|||
(3,'Low','*low* means mass-malware','Mass-malware'),
|
||||
(4,'Undefined','*undefined* no risk','No risk');
|
||||
|
||||
-- --------------------------------------------------------
|
||||
-- --------------------------------------------------------
|
||||
|
||||
|
|
|
@ -594,7 +594,7 @@ class AttributesController extends AppController {
|
|||
else
|
||||
$attribute['type'] = 'comment';
|
||||
$attribute['value'] = $reference;
|
||||
$attribute['distribution'] = 3; // 'All communities'
|
||||
$attribute['distribution'] = '3'; // 'All communities'
|
||||
// add attribute to the array that will be saved
|
||||
$attributes[] = $attribute;
|
||||
}
|
||||
|
|
|
@ -7,8 +7,10 @@ class IOCExportComponent extends Component {
|
|||
public function buildAll($event, $isSiteAdmin, $isMyEvent) {
|
||||
$temp = array();
|
||||
if (!$isSiteAdmin) {
|
||||
if ($event['Event']['distribution'] == 1 && !$isMyEvent && !isSiteAdmin) {
|
||||
if (!$isMyEvent) {
|
||||
if ($event['Event']['distribution'] == 0) {
|
||||
throw new Exception('Nothing to see here (not authorised)');
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->__buildTop($event);
|
||||
|
|
|
@ -492,7 +492,7 @@ class NidsExportComponent extends Component {
|
|||
|
||||
public function checkWhitelist($value) {
|
||||
foreach ($this->whitelist as $wlitem) {
|
||||
if (preg_match($wlitem, $value)) {
|
||||
if (preg_match("/".$wlitem."/", $value)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -464,7 +464,7 @@ class UsersController extends AppController {
|
|||
$params = array('recursive' => 0,
|
||||
'fields' => $fields,
|
||||
'group' => array('User.org'),
|
||||
'order' => array('User.org'),
|
||||
'order' => array('UPPER(User.org)'),
|
||||
);
|
||||
$orgs = $this->User->find('all', $params);
|
||||
$this->set('orgs', $orgs);
|
||||
|
|
|
@ -795,7 +795,8 @@ class Attribute extends AppModel {
|
|||
*
|
||||
* @return void
|
||||
*/
|
||||
public function uploadAttachment($fileP, $realFileName, $malware, $eventId = null, $category = null, $extraPath = '', $fullFileName = '', $fromGFI = false) {
|
||||
public function uploadAttachment($fileP, $realFileName, $malware, $eventId = null, $category = null, $extraPath = '', $fullFileName = '', $dist, $fromGFI = false) {
|
||||
|
||||
// Check if there were problems with the file upload
|
||||
// only keep the last part of the filename, this should prevent directory attacks
|
||||
$filename = basename($fileP);
|
||||
|
@ -804,13 +805,15 @@ class Attribute extends AppModel {
|
|||
// save the file-info in the database
|
||||
$this->create();
|
||||
$this->data['Attribute']['event_id'] = $eventId;
|
||||
$this->data['Attribute']['distribution'] = $dist;
|
||||
if ($malware) {
|
||||
$md5 = !$tmpfile->size() ? md5_file($fileP) : $tmpfile->md5();
|
||||
$this->data['Attribute']['category'] = $category ? $category : "Payload delivery";
|
||||
$this->data['Attribute']['type'] = "malware-sample";
|
||||
$this->data['Attribute']['value'] = $fullFileName ? $fullFileName . '|' . $md5 : $filename . '|' . $md5; // TODO gives problems with bigger files
|
||||
$this->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
|
||||
$this->data['Attribute']['to_ids'] = 0; // LATER let user choose to send this to IDS
|
||||
if ($fromGFI) $this->data['Attribute']['comment'] = 'GFI import';
|
||||
$this->data['Attribute']['to_ids'] = 0; // LATER let user choose to send this to IDS
|
||||
} else {
|
||||
$this->data['Attribute']['category'] = $category ? $category : "Artifacts dropped";
|
||||
$this->data['Attribute']['type'] = "attachment";
|
||||
|
@ -823,18 +826,13 @@ class Attribute extends AppModel {
|
|||
if ($this->save($this->data)) {
|
||||
// attribute saved correctly in the db
|
||||
} else {
|
||||
// do some?
|
||||
return;
|
||||
}
|
||||
|
||||
// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
|
||||
// no sanitization is required on the filename, path or type as we save
|
||||
// create directory structure
|
||||
// ???
|
||||
if (PHP_OS == 'WINNT') {
|
||||
$rootDir = APP . "files" . DS . $eventId;
|
||||
} else {
|
||||
$rootDir = APP . "files" . DS . $eventId;
|
||||
}
|
||||
$rootDir = APP . "files" . DS . $eventId;
|
||||
$dir = new Folder($rootDir, true);
|
||||
// move the file to the correct location
|
||||
$destpath = $rootDir . DS . $this->getId(); // id of the new attribute in the database
|
||||
|
|
|
@ -67,7 +67,7 @@ class Whitelist extends AppModel {
|
|||
|
||||
// regexp validation
|
||||
public function validateValue ($fields) {
|
||||
if (preg_match($fields['name'], 'test') === false) return false;
|
||||
if (preg_match("/".$fields['name']."/", 'test') === false) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -104,7 +104,7 @@ class Whitelist extends AppModel {
|
|||
foreach ($data as $k => $attribute) {
|
||||
// loop through each whitelist item and run a preg match against the attribute value. If it matches, unset the attribute
|
||||
foreach ($whitelists as $wlitem) {
|
||||
if (preg_match($wlitem, $attribute['Attribute']['value'])) {
|
||||
if (preg_match("/".$wlitem."/", $attribute['Attribute']['value'])) {
|
||||
unset($data[$k]);
|
||||
}
|
||||
}
|
||||
|
@ -116,7 +116,7 @@ class Whitelist extends AppModel {
|
|||
foreach ($event['Attribute'] as $k => $attribute) {
|
||||
// loop through each whitelist item and run a preg match against the attribute value. If it matches, unset the attribute
|
||||
foreach ($whitelists as $wlitem) {
|
||||
if (preg_match($wlitem, $attribute['value'])) {
|
||||
if (preg_match("/".$wlitem."/", $attribute['value'])) {
|
||||
unset($data[$ke]['Attribute'][$k]);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<?php if ($me != false ):?>
|
||||
<div class="nav-collapse collapse">
|
||||
<ul class="nav">
|
||||
<li class="active"><a href="/">home
|
||||
<li class="active"><a href="/">Home
|
||||
</a></li>
|
||||
|
||||
<li class="dropdown">
|
||||
|
@ -141,4 +141,4 @@
|
|||
<?php endif;?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
<?php
|
||||
echo $this->Session->flash('auth');
|
||||
?>
|
||||
<table style="width:1200px;margin-left:auto;margin-right:auto;">
|
||||
<table style="width:1250px;margin-left:auto;margin-right:auto;">
|
||||
<tr>
|
||||
<td style="text-align:right;width:250px;padding-right:50px">
|
||||
<?php
|
||||
|
@ -20,7 +20,7 @@
|
|||
<?php
|
||||
}
|
||||
?>
|
||||
<td style="width:600px">
|
||||
<td style="width:650px">
|
||||
<span style="font-size:18px;"><?php
|
||||
if (true == Configure::read('MISP.welcome_text_top')) {
|
||||
echo Configure::read('MISP.welcome_text_top');
|
||||
|
|
Loading…
Reference in New Issue