Skip to content

Commit 211ac07

Browse files
committed
fix: [internal] Handle the upload of original versions of ingested files via a helper function instead of leaving it to external tools
1 parent 3e4e750 commit 211ac07

File tree

2 files changed

+55
-15
lines changed

2 files changed

+55
-15
lines changed

Diff for: app/Model/Event.php

+53-1
Original file line numberDiff line numberDiff line change
@@ -5079,7 +5079,7 @@ public function upload_stix($user, $filename, $stix_version, $original_file)
50795079
} else {
50805080
throw new MethodNotAllowedException('Invalid STIX version');
50815081
}
5082-
$shell_command .= ' ' . $original_file . ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
5082+
$shell_command .= ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
50835083
$result = shell_exec($shell_command);
50845084
unlink($tempFilePath);
50855085
if (trim($result) == '1') {
@@ -5090,6 +5090,7 @@ public function upload_stix($user, $filename, $stix_version, $original_file)
50905090
$validationIssues = false;
50915091
$result = $this->_add($data, true, $user, '', null, false, null, $created_id, $validationIssues);
50925092
if ($result) {
5093+
$this->add_original_file($tempFilePath, $original_filename, $created_id, 'STIX 1.1');
50935094
return $created_id;
50945095
}
50955096
return $validationIssues;
@@ -5643,4 +5644,55 @@ private function __clusterEventIds($exportTool, $eventIds)
56435644
}
56445645
return $eventIdList;
56455646
}
5647+
5648+
public function add_original_file($file_path, $original_filename, $event_id, $format)
5649+
{
5650+
if (!Configure::check('MISP.default_attribute_distribution') || Configure::read('MISP.default_attribute_distribution') === 'event') {
5651+
$distribution = 5;
5652+
} else {
5653+
$distribution = Configure::read('MISP.default_attribute_distribution');
5654+
}
5655+
$this->MispObject->create();
5656+
$object = array(
5657+
'name' => 'original-imported-file',
5658+
'meta-category' => 'file',
5659+
'description' => 'Object describing the original file used to import data in MISP.',
5660+
'template_uuid' => '4cd560e9-2cfe-40a1-9964-7b2e797ecac5',
5661+
'template_version' => '2',
5662+
'event_id' => $event_id,
5663+
'distribution' => $distribution
5664+
);
5665+
$this->MispObject->save($object);
5666+
$object_id = $this->MispObject->id;
5667+
$file = file_get_contents($file_path);
5668+
$attributes = array(
5669+
array(
5670+
'type' => 'attachment',
5671+
'category' => 'External analysis',
5672+
'to_ids' => false,
5673+
'event_id' => $event_id,
5674+
'distribution' => $distribution,
5675+
'object_relation' => 'imported-sample',
5676+
'value' => $original_filename,
5677+
'data' => base64_encode($file),
5678+
'object_id' => $object_id,
5679+
),
5680+
array(
5681+
'type' => 'text',
5682+
'category' => 'Other',
5683+
'to_ids' => false,
5684+
'uuid' => '5c08f00d-2174-4ab7-ad0d-1b1a011fb688',
5685+
'event_id' => $event_id,
5686+
'distribution' => $distribution,
5687+
'object_id' => $object_id,
5688+
'object_relation' => 'format',
5689+
'value' => 'STIX 1.1'
5690+
)
5691+
);
5692+
foreach ($attributes as $attribute) {
5693+
$this->Attribute->create();
5694+
$this->Attribute->save($attribute);
5695+
}
5696+
return true;
5697+
}
56465698
}

Diff for: app/files/scripts/stix2misp.py

+2-14
Original file line numberDiff line numberDiff line change
@@ -53,16 +53,14 @@ def __init__(self):
5353
# Load data from STIX document, and other usefull data
5454
def load_event(self, args, filename, from_misp, stix_version):
5555
self.outputname = '{}.json'.format(filename)
56-
if len(args) > 0 and args[0]:
57-
self.add_original_file(filename, args[0], stix_version)
5856
try:
59-
event_distribution = args[1]
57+
event_distribution = args[0]
6058
if not isinstance(event_distribution, int):
6159
event_distribution = int(event_distribution) if event_distribution.isdigit() else 5
6260
except IndexError:
6361
event_distribution = 5
6462
try:
65-
attribute_distribution = args[2]
63+
attribute_distribution = args[1]
6664
if attribute_distribution == 'event':
6765
attribute_distribution = event_distribution
6866
elif not isinstance(attribute_distribution, int):
@@ -81,16 +79,6 @@ def saveFile(self):
8179
with open(self.outputname, 'wt', encoding='utf-8') as f:
8280
f.write(eventDict)
8381

84-
def add_original_file(self, filename, original_filename, version):
85-
with open(filename, 'rb') as f:
86-
sample = base64.b64encode(f.read()).decode('utf-8')
87-
original_file = MISPObject('original-imported-file')
88-
original_file.add_attribute(**{'type': 'attachment', 'value': original_filename,
89-
'object_relation': 'imported-sample', 'data': sample})
90-
original_file.add_attribute(**{'type': 'text', 'object_relation': 'format',
91-
'value': 'STIX {}'.format(version)})
92-
self.misp_event.add_object(**original_file)
93-
9482
# Load the mapping dictionary for STIX object types
9583
def load_mapping(self):
9684
self.attribute_types_mapping = {

0 commit comments

Comments
 (0)