@@ -5079,7 +5079,7 @@ public function upload_stix($user, $filename, $stix_version, $original_file)
50795079 } else {
50805080 throw new MethodNotAllowedException ('Invalid STIX version ' );
50815081 }
5082- $ shell_command .= ' ' . $ original_file . ' ' . escapeshellarg (Configure::read ('MISP.default_event_distribution ' )) . ' ' . escapeshellarg (Configure::read ('MISP.default_attribute_distribution ' )) . ' 2> ' . APP . 'tmp/logs/exec-errors.log ' ;
5082+ $ shell_command .= ' ' . escapeshellarg (Configure::read ('MISP.default_event_distribution ' )) . ' ' . escapeshellarg (Configure::read ('MISP.default_attribute_distribution ' )) . ' 2> ' . APP . 'tmp/logs/exec-errors.log ' ;
50835083 $ result = shell_exec ($ shell_command );
50845084 unlink ($ tempFilePath );
50855085 if (trim ($ result ) == '1 ' ) {
@@ -5090,6 +5090,7 @@ public function upload_stix($user, $filename, $stix_version, $original_file)
50905090 $ validationIssues = false ;
50915091 $ result = $ this ->_add ($ data , true , $ user , '' , null , false , null , $ created_id , $ validationIssues );
50925092 if ($ result ) {
5093+ $ this ->add_original_file ($ tempFilePath , $ original_filename , $ created_id , 'STIX 1.1 ' );
50935094 return $ created_id ;
50945095 }
50955096 return $ validationIssues ;
@@ -5643,4 +5644,55 @@ private function __clusterEventIds($exportTool, $eventIds)
56435644 }
56445645 return $ eventIdList ;
56455646 }
5647+
5648+ public function add_original_file ($ file_path , $ original_filename , $ event_id , $ format )
5649+ {
5650+ if (!Configure::check ('MISP.default_attribute_distribution ' ) || Configure::read ('MISP.default_attribute_distribution ' ) === 'event ' ) {
5651+ $ distribution = 5 ;
5652+ } else {
5653+ $ distribution = Configure::read ('MISP.default_attribute_distribution ' );
5654+ }
5655+ $ this ->MispObject ->create ();
5656+ $ object = array (
5657+ 'name ' => 'original-imported-file ' ,
5658+ 'meta-category ' => 'file ' ,
5659+ 'description ' => 'Object describing the original file used to import data in MISP. ' ,
5660+ 'template_uuid ' => '4cd560e9-2cfe-40a1-9964-7b2e797ecac5 ' ,
5661+ 'template_version ' => '2 ' ,
5662+ 'event_id ' => $ event_id ,
5663+ 'distribution ' => $ distribution
5664+ );
5665+ $ this ->MispObject ->save ($ object );
5666+ $ object_id = $ this ->MispObject ->id ;
5667+ $ file = file_get_contents ($ file_path );
5668+ $ attributes = array (
5669+ array (
5670+ 'type ' => 'attachment ' ,
5671+ 'category ' => 'External analysis ' ,
5672+ 'to_ids ' => false ,
5673+ 'event_id ' => $ event_id ,
5674+ 'distribution ' => $ distribution ,
5675+ 'object_relation ' => 'imported-sample ' ,
5676+ 'value ' => $ original_filename ,
5677+ 'data ' => base64_encode ($ file ),
5678+ 'object_id ' => $ object_id ,
5679+ ),
5680+ array (
5681+ 'type ' => 'text ' ,
5682+ 'category ' => 'Other ' ,
5683+ 'to_ids ' => false ,
5684+ 'uuid ' => '5c08f00d-2174-4ab7-ad0d-1b1a011fb688 ' ,
5685+ 'event_id ' => $ event_id ,
5686+ 'distribution ' => $ distribution ,
5687+ 'object_id ' => $ object_id ,
5688+ 'object_relation ' => 'format ' ,
5689+ 'value ' => 'STIX 1.1 '
5690+ )
5691+ );
5692+ foreach ($ attributes as $ attribute ) {
5693+ $ this ->Attribute ->create ();
5694+ $ this ->Attribute ->save ($ attribute );
5695+ }
5696+ return true ;
5697+ }
56465698}
0 commit comments