Skip to content

Commit a0f0850

Browse files
committed
fix: [security] Sharing group misassociation on sync
- when an object has a sharing group associated on an event edit, the sharing group object is ignored and instead the passed local ID is reused - as reported by Jeroen Pinoy
1 parent 46a3772 commit a0f0850

File tree

1 file changed

+26
-1
lines changed

1 file changed

+26
-1
lines changed

Diff for: app/Model/MispObject.php

+26-1
Original file line numberDiff line numberDiff line change
@@ -964,6 +964,31 @@ public function captureObject($object, $eventId, $user, $log = false, $unpublish
964964
public function editObject($object, $eventId, $user, $log, $force = false, &$nothingToChange = false)
965965
{
966966
$object['event_id'] = $eventId;
967+
if (isset($object['distribution']) && $object['distribution'] == 4) {
968+
if (!empty($object['SharingGroup'])) {
969+
$object['sharing_group_id'] = $this->SharingGroup->captureSG($object['SharingGroup'], $user);
970+
} elseif (!empty($object['sharing_group_id'])) {
971+
if (!$this->SharingGroup->checkIfAuthorised($user, $object['sharing_group_id'])) {
972+
unset($object['sharing_group_id']);
973+
}
974+
}
975+
if (empty($object['sharing_group_id'])) {
976+
$object_short = (isset($object['meta-category']) ? $object['meta-category'] : 'N/A') . '/' . (isset($object['name']) ? $object['name'] : 'N/A') . ' ' . (isset($object['uuid']) ? $object['uuid'] : 'N/A');
977+
$this->Log = ClassRegistry::init('Log');
978+
$this->Log->create();
979+
$this->Log->save(array(
980+
'org' => $user['Organisation']['name'],
981+
'model' => 'MispObject',
982+
'model_id' => 0,
983+
'email' => $user['email'],
984+
'action' => 'edit',
985+
'user_id' => $user['id'],
986+
'title' => 'Object dropped due to invalid sharing group for Event ' . $eventId . ' failed: ' . $object_short,
987+
'change' => 'Validation errors: ' . json_encode($this->validationErrors) . ' Full Object: ' . json_encode($object),
988+
));
989+
return 'Invalid sharing group choice.';
990+
}
991+
}
967992
if (isset($object['uuid'])) {
968993
$existingObject = $this->find('first', array(
969994
'recursive' => -1,
@@ -976,7 +1001,7 @@ public function editObject($object, $eventId, $user, $log, $force = false, &$not
9761001
$log->create();
9771002
$log->save(array(
9781003
'org' => $user['Organisation']['name'],
979-
'model' => 'Object',
1004+
'model' => 'MispObject',
9801005
'model_id' => 0,
9811006
'email' => $user['email'],
9821007
'action' => 'edit',

0 commit comments

Comments
 (0)