MISP
/
MISP
의 미러 https://github.com/MISP/MISP
2
2
포크 0
코드 이슈 0 릴리즈 313 위키 활동
MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform) https://www.misp-project.org/
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
768 커밋
125 브랜치
1.5 GiB
 
 
 
 
 
 
트리: a1d51d4dfa
브랜치 태그
${ item.name }
${ searchTerm } 브랜치 생성
from 'a1d51d4dfa'
${ noResults }
MISP/INSTALL/build/patches/app_Controller_AppControlle...

315 lines
11 KiB
Raw Blame 히스토리 

  1. --- app/Controller/AppController.php.orig	2012-09-01 10:28:02.000000000 +0200

  2. +++ app/Controller/AppController.php	2012-09-25 13:49:19.670674039 +0200

  3. @@ -20,7 +20,10 @@

  4.   * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)

  5.   */

  6.  

  7. +// TODO GPG encryption has issues when keys are expired

  8. +

  9.  App::uses('Controller', 'Controller');

  10. +App::uses('Sanitize', 'Utility');

  11.  

  12.  /**

  13.   * Application Controller

  14. @@ -32,4 +35,300 @@

  15.   * @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller

  16.   */

  17.  class AppController extends Controller {

  18. +

  19. +	public $components = array(

  20. +			'Session',

  21. +			'Auth' => array(

  22. +				'className' => 'SecureAuth',

  23. +				'authenticate' => array(

  24. +					'Form' => array(

  25. +						'fields' => array('username' => 'email')

  26. +					)

  27. +				),

  28. +				'authError' => 'Did you really think you are allowed to see that?',

  29. +				'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'),

  30. +				'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),

  31. +				'authorize' => array('Controller') // Added this line

  32. +	)

  33. +	);

  34. +

  35. +	public function isAuthorized($user) {

  36. +		if (self::_isAdmin()) {

  37. +			return true; // admin can access every action on every controller

  38. +		}

  39. +		return false; // The rest don't

  40. +	}

  41. +

  42. +	public function beforeFilter() {

  43. +		// REST things

  44. +		if ($this->_isRest()) {

  45. +			// disable CSRF for REST access

  46. +			if (array_key_exists('Security', $this->components))

  47. +				$this->Security->csrfCheck = false;

  48. +

  49. +			// Authenticate user with authkey in Authorization HTTP header

  50. +			if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {

  51. +				$authkey = $_SERVER['HTTP_AUTHORIZATION'];

  52. +				$this->loadModel('User');

  53. +				$params = array(

  54. +						'conditions' => array('User.authkey' => $authkey),

  55. +						'recursive' => 0,

  56. +				);

  57. +				$user = $this->User->find('first', $params);

  58. +

  59. +				if ($user) {

  60. +					// User found in the db, add the user info to the session

  61. +					$this->Session->renew();

  62. +					$this->Session->write(AuthComponent::$sessionKey, $user['User']);

  63. +				} else {

  64. +					// User not authenticated correctly

  65. +					// reset the session information

  66. +					$this->Session->destroy();

  67. +					throw new ForbiddenException('Incorrect authentication key');

  68. +				}

  69. +			}

  70. +		}

  71. +

  72. +		// These variables are required for every view

  73. +		$this->set('me', $this->Auth->user());

  74. +		$this->set('isAdmin', $this->_isAdmin());

  75. +	}

  76. +

  77. +	protected function _isRest() {

  78. +		return (isset($this->RequestHandler) && $this->RequestHandler->isXml());

  79. +	}

  80. +

  81. +/**

  82. + * Convert an array to the same array but with the values also as index instead of an interface_exists

  83. + */

  84. +	protected function _arrayToValuesIndexArray($oldArray) {

  85. +		$newArray = Array();

  86. +		foreach ($oldArray as $value)

  87. +		$newArray[$value] = $value;

  88. +		return $newArray;

  89. +	}

  90. +

  91. +/**

  92. + * checks if the currently logged user is an administrator

  93. + */

  94. +	protected function _isAdmin() {

  95. +		$org = $this->Auth->user('org');

  96. +		if (isset($org) && $org === 'ADMIN') {

  97. +			return true;

  98. +		}

  99. +		return false;

  100. +	}

  101. +

  102. +/**

  103. + * Refreshes the Auth session with new/updated data

  104. + * @return void

  105. + */

  106. +	protected function _refreshAuth() {

  107. +		if (isset($this->User)) {

  108. +			$user = $this->User->read(false, $this->Auth->user('id'));

  109. +		} else {

  110. +			$user = ClassRegistry::init('User')->findById($this->Auth->user('id'));

  111. +		}

  112. +		$this->Auth->login($user['User']);

  113. +	}

  114. +

  115. +/**

  116. + * Updates the missing fields from v0.1 to v0.2 of CyDefSIG

  117. + * First you will need to manually update the database to the new schema.

  118. + * Log in as admin user and

  119. + * Then run this function by setting debug = 1 (or more) and call /events/migrate01to02

  120. + *

  121. + * @throws NotFoundException

  122. + */

  123. +	public function migrate01to02() {

  124. +		if (!self::_isAdmin()) throw new NotFoundException();

  125. +

  126. +		// generate uuids for events who have no uuid

  127. +		$this->loadModel('Event');

  128. +		$params = array(

  129. +				'conditions' => array('Event.uuid' => ''),

  130. +				'recursive' => 0,

  131. +				'fields' => array('Event.id'),

  132. +		);

  133. +		$events = $this->Event->find('all', $params);

  134. +

  135. +		echo '<p>Generating UUID for events: ';

  136. +		foreach ($events as $event) {

  137. +			$this->Event->id = $event['Event']['id'];

  138. +			$this->Event->saveField('uuid', String::uuid());

  139. +			echo $event['Event']['id'] . ' ';

  140. +		}

  141. +		echo "</p>";

  142. +		// generate uuids for attributes who have no uuid

  143. +		$this->loadModel('Attribute');

  144. +		$params = array(

  145. +				'conditions' => array('Attribute.uuid' => ''),

  146. +				'recursive' => 0,

  147. +				'fields' => array('Attribute.id'),

  148. +		);

  149. +		$attributes = $this->Attribute->find('all', $params);

  150. +		echo '<p>Generating UUID for attributes: ';

  151. +		foreach ($attributes as $attribute) {

  152. +			$this->Attribute->id = $attribute['Attribute']['id'];

  153. +			$this->Attribute->saveField('uuid', String::uuid());

  154. +			echo $attribute['Attribute']['id'] . ' ';

  155. +		}

  156. +		echo "</p>";

  157. +	}

  158. +

  159. +/**

  160. + * Updates the missing fields from v0.2 to v0.2.1 of CyDefSIG

  161. + * First you will need to manually update the database to the new schema.

  162. + * Log in as admin user and

  163. + * Then run this function by setting debug = 1 (or more) and call /events/migrate02to021

  164. + */

  165. +	private function __explodeValueToValues() {

  166. +		// search for composite value1 fields and explode it to value1 and value2

  167. +		$this->loadModel('Attribute');

  168. +		$params = array(

  169. +				'conditions' => array(

  170. +						'OR' => array(

  171. +								'Attribute.type' => $this->Attribute->getCompositeTypes()

  172. +						)

  173. +				),

  174. +				'recursive' => 0,

  175. +				'fields' => array('Attribute.id', 'Attribute.value1'),

  176. +		);

  177. +		$attributes = $this->Attribute->find('all', $params);

  178. +		echo '<h2>Exploding composite fields in 2 columns: </h2><ul>';

  179. +		foreach ($attributes as $attribute) {

  180. +			$pieces = explode('|', $attribute['Attribute']['value1']);

  181. +			if (2 != count($pieces)) continue;	// do nothing if not 2 pieces

  182. +

  183. +			$this->Attribute->id = $attribute['Attribute']['id'];

  184. +			echo '<li>' . $attribute['Attribute']['id'] . ' --> ' . $attribute['Attribute']['value1'] . ' --> ' . $pieces[0] . ' --> ' . $pieces[1] . '</li> ';

  185. +			$this->Attribute->saveField('value1', $pieces[0]);

  186. +			$this->Attribute->id = $attribute['Attribute']['id'];

  187. +			$this->Attribute->saveField('value2', $pieces[1]);

  188. +		}

  189. +		echo "</ul> DONE.";

  190. +	}

  191. +

  192. +	public function migrate02to021() {

  193. +		if (!self::_isAdmin()) {

  194. +			throw new NotFoundException();

  195. +		}

  196. +

  197. +		// search for composite value1 fields and explode it to value1 and value2

  198. +		$this->__explodeValueToValues();

  199. +	}

  200. +

  201. +	public function migrate021to022() {

  202. +		if (!self::_isAdmin()) throw new NotFoundException();

  203. +

  204. +		// replace description by comment

  205. +

  206. +		// replace empty category

  207. +		// not easy as we have to guess the category from the type

  208. +		//$this->loadModel('Attribute');

  209. +		// $params = array(

  210. +		//		 'conditions' => array('Attribute.type' => ''),

  211. +		//		 'recursive' => 0,

  212. +		//		 'fields' => array('Attribute.id'),

  213. +		// );

  214. +		// $attributes = $this->Attribute->find('all', $params);

  215. +		// echo '<p>Replacing empty categories by OtherExploding composite fields in 2 columns: </p><ul>';

  216. +		// foreach ($attributes as $attribute) {

  217. +		//	 $pieces = explode('|', $attribute['Attribute']['value1']);

  218. +		//	 if (2 != sizeof($pieces)) continue;	// do nothing if not 2 pieces

  219. +

  220. +		//	 $this->Attribute->id = $attribute['Attribute']['id'];

  221. +		//	 echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';

  222. +		//	 $this->Attribute->saveField('value1', $pieces[0]);

  223. +		//	 $this->Attribute->id = $attribute['Attribute']['id'];

  224. +		//	 $this->Attribute->saveField('value2', $pieces[1]);

  225. +		// }

  226. +		// echo "</ul> DONE</p>";

  227. +

  228. +		// search for incompatible combination of category / type

  229. +	}

  230. +

  231. +	public function migratemisp02to10() {

  232. +		if (!self::_isAdmin()) {

  233. +			throw new NotFoundException();

  234. +		}

  235. +

  236. +		// add missing columns, rename other columns

  237. +		$queries = array(

  238. +		// ATTRIBUTES

  239. +				// rename value to value1

  240. +				 "ALTER TABLE `attributes` CHANGE `value` `value1` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL "

  241. +				// add value2

  242. +				,"ALTER TABLE `attributes` ADD `value2` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL AFTER `value1` "

  243. +				// fix the keys

  244. +				,"ALTER TABLE `attributes` DROP INDEX `uuid`;"

  245. +				,"ALTER TABLE `attributes` ADD INDEX `value1_key` ( `value1` ( 5 ) ) ;"

  246. +				,"ALTER TABLE `attributes` ADD INDEX `value2_key` ( `value2` ( 5 ) ) ;"

  247. +		// EVENTS

  248. +				// remove useless things

  249. +				,"ALTER TABLE `events` DROP `user_id`"

  250. +				,"ALTER TABLE `events` DROP `alerted`"

  251. +				,"ALTER TABLE `events` ADD `revision` INT( 10 ) NOT NULL DEFAULT '0' AFTER `uuid` "

  252. +				// fix the keys

  253. +				,"ALTER TABLE events DROP INDEX uuid"

  254. +				,"ALTER TABLE events DROP INDEX info"

  255. +		// SERVERS

  256. +				// rename lastfetchedid to lastpushedid

  257. +				,"ALTER TABLE `servers` CHANGE `lastfetchedid` `lastpushedid` INT( 11 ) NOT NULL "

  258. +				// add lastpulledid

  259. +				,"ALTER TABLE `servers` ADD `lastpulledid` INT( 11 ) NOT NULL AFTER `lastpushedid` "

  260. +		// USERS

  261. +				// fix keys

  262. +				,"ALTER TABLE `users` DROP INDEX `username`"

  263. +				,"ALTER TABLE `users` ADD INDEX `email` ( `email` ) "

  264. +		);

  265. +		// execute the queries

  266. +		foreach ($queries as &$query) {

  267. +			$result = $this->{$this->modelClass}->query($query);

  268. +		}

  269. +	}

  270. +

  271. +	public function migratemisp10to11() {

  272. +		if (!self::_isAdmin()) {

  273. +			throw new NotFoundException();

  274. +		}

  275. +

  276. +		// add missing columns, rename other columns

  277. +		$queries = array(

  278. +		// EVENTS

  279. +				// bring user_id back in

  280. +				"ALTER TABLE `events` ADD `user_id` INT( 11 ) NOT NULL AFTER `info` "

  281. +		);

  282. +		// execute the queries

  283. +		foreach ($queries as &$query) {

  284. +			$result = $this->{$this->modelClass}->query($query);

  285. +		}

  286. +	}

  287. +

  288. +	public function generateCorrelation() {

  289. +		if (!self::_isAdmin()) throw new NotFoundException();

  290. +

  291. +		$this->loadModel('Correlation');

  292. +		$this->loadModel('Attribute');

  293. +		$fields = array('Attribute.id', 'Attribute.event_id', 'Event.date');

  294. +		// get all attributes..

  295. +		$attributes = $this->Attribute->find('all',array('recursive' => 0));

  296. +		// for all attributes..

  297. +		foreach ($attributes as $attribute) {

  298. +			$this->Attribute->setRelatedAttributes($attribute['Attribute'], $fields = array());

  299. +

  300. +			//// i want to keep this in repo for a moment

  301. +			//$relatedAttributes = $this->Attribute->getRelatedAttributes($attribute['Attribute'], $fields);

  302. +			//if ($relatedAttributes) {

  303. +			//	foreach ($relatedAttributes as $relatedAttribute) {

  304. +			//		// and store into table

  305. +			//		$this->Correlation->create();

  306. +			//		$this->Correlation->save(array('Correlation' => array(

  307. +			//		'1_event_id' => $attribute['Attribute']['event_id'], '1_attribute_id' => $attribute['Attribute']['id'],

  308. +			//		'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],

  309. +			//		'date' => $relatedAttribute['Event']['date'])));

  310. +			//	}

  311. +			//}

  312. +		}

  313. +	}

  314.  }