Merge branch 'master' into develop

Conflicts: INSTALL/MYSQL.sql app/Controller/EventsController.php app/Model/Attribute.php
2013-12-20 11:02:21 +01:00 · 2013-12-20 11:02:21 +01:00 · fbe2eddc7a
parent b59965b971 05e720f972
commit fbe2eddc7a
10 changed files with 347 additions and 415 deletions
--- a/INSTALL/MYSQL.sql
+++ b/INSTALL/MYSQL.sql
@ -294,34 +294,36 @@ CREATE TABLE IF NOT EXISTS `whitelist` (
 -- Default values for initial installation
 --

-INSERT INTO `regexp`
-  (`regexp`, `replacement`)
-VALUES
-  ('/.:.ProgramData./i','%ALLUSERSPROFILE%\\\\'),
-  ('/.:.Documents and Settings.All Users./i','%ALLUSERSPROFILE%\\\\'),
-  ('/.:.Program Files.Common Files./i','%COMMONPROGRAMFILES%\\\\'),
-  ('/.:.Program Files \(x86\).Common Files./i','%COMMONPROGRAMFILES(x86)%\\\\'),
-  ('/.:.Users.(\\w+).AppData.Local.Temp./i','%TEMP%\\\\'),
-  ('/.:.ProgramData./i','%PROGRAMDATA%\\\\'),
-  ('/.:.Program Files./i','%PROGRAMFILES%\\\\'),
-  ('/.:.Program Files \(x86\)./i','%PROGRAMFILES(X86)%\\\\'),
-  ('/.:.Users.Public./i','%PUBLIC%\\\\'),
-  ('/.:.Documents and Settings.(\\w+).Local Settings.Temp./i','%TEMP%\\\\'),
-  ('/.:.Users.(\\w+).AppData.Local.Temp./i','%TEMP%\\\\'),
-  ('/.:.Users.(\\w+).AppData.Local./i','%LOCALAPPDATA%\\\\'),
-  ('/.:.Users.(\\w+).AppData.Roaming./i','%APPDATA%\\\\'),
-  ('/.:.Users.(\\w+).Application Data./i','%APPDATA%\\\\'),
-  ('/.:.Windows.(\\w+).Application Data./i','%APPDATA%\\\\'),
-  ('/.:.Users.(\\w+)./i','%USERPROFILE%\\\\'),
-  ('/.:.DOCUME~1.(\\w+)./i','%USERPROFILE%\\\\'),
-  ('/.:.Documents and Settings.(\\w+)./i','%USERPROFILE%\\\\'),
-  ('/.:.Windows./i','%WINDIR%\\\\'),
-  ('/.:.Windows./i','%WINDIR%\\\\'),
-  ('/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/i','HKCU'),
-  ('/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}/i','HKCU'),
-  ('/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}/i','HKCU'),
-  ('/.REGISTRY.MACHINE./i','HKLM\\\\'),
-  ('/.Registry.Machine./i','HKLM\\\\');
+INSERT INTO `regexp` (`id`, `regexp`, `replacement`, `type`) VALUES
+(1, '/.:.ProgramData./i', '%ALLUSERSPROFILE%\\\\', 'ALL'),
+(2, '/.:.Documents and Settings.All Users./i', '%ALLUSERSPROFILE%\\\\', 'ALL'),
+(3, '/.:.Program Files.Common Files./i', '%COMMONPROGRAMFILES%\\\\', 'ALL'),
+(4, '/.:.Program Files (x86).Common Files./i', '%COMMONPROGRAMFILES(x86)%\\\\', 'ALL'),
+(5, '/.:.Users\\\\(.*?)\\\\AppData.Local.Temp./i', '%TEMP%\\\\', 'ALL'),
+(6, '/.:.ProgramData./i', '%PROGRAMDATA%\\\\', 'ALL'),
+(7, '/.:.Program Files./i', '%PROGRAMFILES%\\\\', 'ALL'),
+(8, '/.:.Program Files (x86)./i', '%PROGRAMFILES(X86)%\\\\', 'ALL'),
+(9, '/.:.Users.Public./i', '%PUBLIC%\\\\', 'ALL'),
+(10, '/.:.Documents and Settings\\\\(.*?)\\\\Local Settings.Temp./i', '%TEMP%\\\\', 'ALL'),
+(11, '/.:.Users\\\\(.*?)\\\\AppData.Local.Temp./i', '%TEMP%\\\\', 'ALL'),
+(12, '/.:.Users\\\\(.*?)\\\\AppData.Local./i', '%LOCALAPPDATA%\\\\', 'ALL'),
+(13, '/.:.Users\\\\(.*?)\\\\AppData.Roaming./i', '%APPDATA%\\\\', 'ALL'),
+(14, '/.:.Users\\\\(.*?)\\\\Application Data./i', '%APPDATA%\\\\', 'ALL'),
+(15, '/.:.Windows\\\\(.*?)\\\\Application Data./i', '%APPDATA%\\\\', 'ALL'),
+(16, '/.:.Users\\\\(.*?)\\\\/i', '%USERPROFILE%\\\\', 'ALL'),
+(17, '/.:.DOCUME~1.\\\\(.*?)\\\\/i', '%USERPROFILE%\\\\', 'ALL'),
+(18, '/.:.Documents and Settings\\\\(.*?)\\\\/i', '%USERPROFILE%\\\\', 'ALL'),
+(19, '/.:.Windows./i', '%WINDIR%\\\\', 'ALL'),
+(20, '/.:.Windows./i', '%WINDIR%\\\\', 'ALL'),
+(21, '/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/i', 'HKCU', 'ALL'),
+(22, '/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}/i', 'HKCU', 'ALL'),
+(23, '/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}/i', 'HKCU', 'ALL'),
+(24, '/.REGISTRY.MACHINE./i', 'HKLM\\\\', 'ALL'),
+(25, '/.Registry.Machine./i', 'HKLM\\\\', 'ALL'),
+(26, '/%USERPROFILE%.Application Data.Microsoft.UProof/i', '', 'ALL'),
+(27, '/%USERPROFILE%.Local Settings.History/i', '', 'ALL'),
+(28, '/%APPDATA%.Microsoft.UProof/i ', '', 'ALL'),
+(29, '/%LOCALAPPDATA%.Microsoft.Windows.Temporary Internet Files/i', '', 'ALL');

 -- --------------------------------------------------------

@ -360,4 +362,5 @@ VALUES
  (3,'Low','*low* means mass-malware','Mass-malware'),
  (4,'Undefined','*undefined* no risk','No risk');

-- --------------------------------------------------------
+-- --------------------------------------------------------
+
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@ -594,7 +594,7 @@ class AttributesController extends AppController {
 				else
 					$attribute['type'] = 'comment';
 				$attribute['value'] = $reference;
-				$attribute['distribution'] = 3; // 'All communities'
+				$attribute['distribution'] = '3'; // 'All communities'
 				// add attribute to the array that will be saved
 				$attributes[] = $attribute;
 			}
--- a/app/Controller/Component/IOCExportComponent.php
+++ b/app/Controller/Component/IOCExportComponent.php
@ -7,8 +7,10 @@ class IOCExportComponent extends Component {
 	public function buildAll($event, $isSiteAdmin, $isMyEvent) {
 		$temp = array();
 		if (!$isSiteAdmin) {
-			if ($event['Event']['distribution'] == 1 && !$isMyEvent && !isSiteAdmin) {
+			if (!$isMyEvent) {
+				if ($event['Event']['distribution'] == 0) {
 				throw new Exception('Nothing to see here (not authorised)');
+				}
 			}
 		}
 		$this->__buildTop($event);
--- a/app/Controller/Component/NidsExportComponent.php
+++ b/app/Controller/Component/NidsExportComponent.php
@ -492,7 +492,7 @@ class NidsExportComponent extends Component {

 	public function checkWhitelist($value) {
 		foreach ($this->whitelist as $wlitem) {
-			if (preg_match($wlitem, $value)) {
+			if (preg_match("/".$wlitem."/", $value)) {
 				return true;
 			}
 		}
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@ -464,7 +464,7 @@ class UsersController extends AppController {
 		$params = array('recursive' => 0,
 							'fields' => $fields,
 							'group' => array('User.org'),
-							'order' => array('User.org'),
+							'order' => array('UPPER(User.org)'),
 		);
 		$orgs = $this->User->find('all', $params);
 		$this->set('orgs', $orgs);
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -795,7 +795,8 @@ class Attribute extends AppModel {
 *
 * @return void
 */
-	public function uploadAttachment($fileP, $realFileName, $malware, $eventId = null, $category = null, $extraPath = '', $fullFileName = '', $fromGFI = false) {
+	public function uploadAttachment($fileP, $realFileName, $malware, $eventId = null, $category = null, $extraPath = '', $fullFileName = '', $dist, $fromGFI = false) {
+
 		// Check if there were problems with the file upload
 		// only keep the last part of the filename, this should prevent directory attacks
 		$filename = basename($fileP);
@ -804,13 +805,15 @@ class Attribute extends AppModel {
 		// save the file-info in the database
 		$this->create();
 		$this->data['Attribute']['event_id'] = $eventId;
+		$this->data['Attribute']['distribution'] = $dist;
 		if ($malware) {
 			$md5 = !$tmpfile->size() ? md5_file($fileP) : $tmpfile->md5();
 			$this->data['Attribute']['category'] = $category ? $category : "Payload delivery";
 			$this->data['Attribute']['type'] = "malware-sample";
 			$this->data['Attribute']['value'] = $fullFileName ? $fullFileName . '|' . $md5 : $filename . '|' . $md5; // TODO gives problems with bigger files
-			$this->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
+			$this->data['Attribute']['to_ids'] = 0; // LATER let user choose to send this to IDS
 			if ($fromGFI) $this->data['Attribute']['comment'] = 'GFI import';
+			$this->data['Attribute']['to_ids'] = 0; // LATER let user choose to send this to IDS
 		} else {
 			$this->data['Attribute']['category'] = $category ? $category : "Artifacts dropped";
 			$this->data['Attribute']['type'] = "attachment";
@ -823,18 +826,13 @@ class Attribute extends AppModel {
 		if ($this->save($this->data)) {
 			// attribute saved correctly in the db
 		} else {
-			// do some?
+			return;
 		}

 		// no errors in file upload, entry already in db, now move the file where needed and zip it if required.
 		// no sanitization is required on the filename, path or type as we save
 		// create directory structure
-		// ???
-		if (PHP_OS == 'WINNT') {
-			$rootDir = APP . "files" . DS . $eventId;
-		} else {
-			$rootDir = APP . "files" . DS . $eventId;
-		}
+		$rootDir = APP . "files" . DS . $eventId;
 		$dir = new Folder($rootDir, true);
 		// move the file to the correct location
 		$destpath = $rootDir . DS . $this->getId(); // id of the new attribute in the database
--- a/app/Model/Whitelist.php
+++ b/app/Model/Whitelist.php
@ -67,7 +67,7 @@ class Whitelist extends AppModel {

 	// regexp validation
 	public function validateValue ($fields) {
-		if (preg_match($fields['name'], 'test') === false) return false;
+		if (preg_match("/".$fields['name']."/", 'test') === false) return false;
 		return true;
 	}

@ -104,7 +104,7 @@ class Whitelist extends AppModel {
 				foreach ($data as $k => $attribute) {
 					// loop through each whitelist item and run a preg match against the attribute value. If it matches, unset the attribute
 					foreach ($whitelists as $wlitem) {
-						if (preg_match($wlitem, $attribute['Attribute']['value'])) {
+						if (preg_match("/".$wlitem."/", $attribute['Attribute']['value'])) {
 							unset($data[$k]);
 						}
 					}
@ -116,7 +116,7 @@ class Whitelist extends AppModel {
 					foreach ($event['Attribute'] as $k => $attribute) {
 						// loop through each whitelist item and run a preg match against the attribute value. If it matches, unset the attribute
 						foreach ($whitelists as $wlitem) {
-							if (preg_match($wlitem, $attribute['value'])) {
+							if (preg_match("/".$wlitem."/", $attribute['value'])) {
 								unset($data[$ke]['Attribute'][$k]);
 							}
 						}
--- a/app/View/Elements/global_menu.ctp
+++ b/app/View/Elements/global_menu.ctp
@ -4,7 +4,7 @@
 		<?php if ($me != false ):?>
 			<div class="nav-collapse collapse">
 				<ul class="nav">
-					<li class="active"><a href="/">home
+					<li class="active"><a href="/">Home
 					</a></li>

 					<li class="dropdown">
@ -141,4 +141,4 @@
 		<?php endif;?>
 		</div>
 	</div>
-</div>
+</div>
--- a/app/View/Users/login.ctp
+++ b/app/View/Users/login.ctp
@ -2,7 +2,7 @@
 	<?php
 		echo $this->Session->flash('auth');
 	?>
-<table style="width:1200px;margin-left:auto;margin-right:auto;">
+<table style="width:1250px;margin-left:auto;margin-right:auto;">
 	<tr>
 	<td style="text-align:right;width:250px;padding-right:50px">
 	<?php 
@ -20,7 +20,7 @@
 	<?php
 		}
 	?>
-	<td style="width:600px">
+	<td style="width:650px">
 		<span style="font-size:18px;"><?php
 			if (true == Configure::read('MISP.welcome_text_top')) {
 				echo Configure::read('MISP.welcome_text_top');