Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [internal] Handle the upload of original versions of ingested fi…
…les via a helper function instead of leaving it to external tools
  • Loading branch information
iglocska committed Dec 6, 2018
1 parent 3e4e750 commit 211ac07
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 15 deletions.
54 changes: 53 additions & 1 deletion app/Model/Event.php
Expand Up @@ -5079,7 +5079,7 @@ public function upload_stix($user, $filename, $stix_version, $original_file)
} else {
throw new MethodNotAllowedException('Invalid STIX version');
}
$shell_command .= ' ' . $original_file . ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
$shell_command .= ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
$result = shell_exec($shell_command);
unlink($tempFilePath);
if (trim($result) == '1') {
Expand All @@ -5090,6 +5090,7 @@ public function upload_stix($user, $filename, $stix_version, $original_file)
$validationIssues = false;
$result = $this->_add($data, true, $user, '', null, false, null, $created_id, $validationIssues);
if ($result) {
$this->add_original_file($tempFilePath, $original_filename, $created_id, 'STIX 1.1');
return $created_id;
}
return $validationIssues;
Expand Down Expand Up @@ -5643,4 +5644,55 @@ private function __clusterEventIds($exportTool, $eventIds)
}
return $eventIdList;
}

public function add_original_file($file_path, $original_filename, $event_id, $format)
{
if (!Configure::check('MISP.default_attribute_distribution') || Configure::read('MISP.default_attribute_distribution') === 'event') {
$distribution = 5;
} else {
$distribution = Configure::read('MISP.default_attribute_distribution');
}
$this->MispObject->create();
$object = array(
'name' => 'original-imported-file',
'meta-category' => 'file',
'description' => 'Object describing the original file used to import data in MISP.',
'template_uuid' => '4cd560e9-2cfe-40a1-9964-7b2e797ecac5',
'template_version' => '2',
'event_id' => $event_id,
'distribution' => $distribution
);
$this->MispObject->save($object);
$object_id = $this->MispObject->id;
$file = file_get_contents($file_path);
$attributes = array(
array(
'type' => 'attachment',
'category' => 'External analysis',
'to_ids' => false,
'event_id' => $event_id,
'distribution' => $distribution,
'object_relation' => 'imported-sample',
'value' => $original_filename,
'data' => base64_encode($file),
'object_id' => $object_id,
),
array(
'type' => 'text',
'category' => 'Other',
'to_ids' => false,
'uuid' => '5c08f00d-2174-4ab7-ad0d-1b1a011fb688',
'event_id' => $event_id,
'distribution' => $distribution,
'object_id' => $object_id,
'object_relation' => 'format',
'value' => 'STIX 1.1'
)
);
foreach ($attributes as $attribute) {
$this->Attribute->create();
$this->Attribute->save($attribute);
}
return true;
}
}
16 changes: 2 additions & 14 deletions app/files/scripts/stix2misp.py
Expand Up @@ -53,16 +53,14 @@ def __init__(self):
# Load data from STIX document, and other usefull data
def load_event(self, args, filename, from_misp, stix_version):
self.outputname = '{}.json'.format(filename)
if len(args) > 0 and args[0]:
self.add_original_file(filename, args[0], stix_version)
try:
event_distribution = args[1]
event_distribution = args[0]
if not isinstance(event_distribution, int):
event_distribution = int(event_distribution) if event_distribution.isdigit() else 5
except IndexError:
event_distribution = 5
try:
attribute_distribution = args[2]
attribute_distribution = args[1]
if attribute_distribution == 'event':
attribute_distribution = event_distribution
elif not isinstance(attribute_distribution, int):
Expand All @@ -81,16 +79,6 @@ def saveFile(self):
with open(self.outputname, 'wt', encoding='utf-8') as f:
f.write(eventDict)

def add_original_file(self, filename, original_filename, version):
with open(filename, 'rb') as f:
sample = base64.b64encode(f.read()).decode('utf-8')
original_file = MISPObject('original-imported-file')
original_file.add_attribute(**{'type': 'attachment', 'value': original_filename,
'object_relation': 'imported-sample', 'data': sample})
original_file.add_attribute(**{'type': 'text', 'object_relation': 'format',
'value': 'STIX {}'.format(version)})
self.misp_event.add_object(**original_file)

# Load the mapping dictionary for STIX object types
def load_mapping(self):
self.attribute_types_mapping = {
Expand Down

0 comments on commit 211ac07

Please sign in to comment.