Post on 03-Apr-2020
MISP core development hands-on exerciseBuilding a small nifty feature for the MISP core
Threat Sharing
Team CIRCL
ESDC 20200303
Some practical things first...
If you’d like to take a peak at the main �les alreadyimplemented:https://github.com/iglocska/misp-dev-training-cheat-sheetFull implementation:https://github.com/MISP/MISP/tree/dev_session/app
1 20
Let’s try to develop a feature together
Idea: Users should have the option to set alert �lters for thepublish alert e-mailsBy default receive all alerts as beforeIf a �lter is set, check if the alert is interesting for us or not
2 20
How to ensure that the feature is useful for thecommunity at large?
Always try to think in reusable systems instead of �xing asingle issueI Much higher chance of getting a PR merged if it doesn’t justcover your speci�c use-case
I Try to stay two steps ahead, see how your feature can bereused for other tasks
3 20
User settings - a long overdue feature
Allow users to set preferences for certain viewsFor high level users, all the technical details are sometimeswastedSimply not being interested in certain types of data pointsNon-standard MISP deployments (island only MISPinstances, etc)User pre-sets for certain settings
4 20
Objectives of the feature
User should be able to do the following with �lter rules:I setI getI removeI index
Filter rules should be �exible - we do not want to anticipateall possible settings in advanceEnsure that the system is easy to extend and reuse
5 20
Before we start with anything...
Update our MISP instance (git pull origin 2.4)Fork github.com/MISP/MISP (via the github interface)Add a new remote to our fork:I via username/password auth: git remote add my_forkhttps://github.com/iglocska/MISP
I via ssh: git remote add my_forkgitgithub.com:iglocska/MISP.git
Generally a good idea to work on a new branch: git checkout-b dev_exerciseEnable debug in MISP
6 20
Implementation
Storage:I Single key/value table for all settingsI Each user should be able to set a single instance of a keyI Values could possible become complex, let’s use JSON!I Add timestamping for traceabilityI Consider which �elds we might want to look-up frequentlyfor indexing
7 20
The database changes we need
The table structure:I id int(11) auto increment //primary keyI key varchar(100) //add index!I value text //jsonI user_id int(11) //add index!I timestamp int(11) //add index!
Tie it to into the upgrade system(app/Model/AppModel.php)Test our upgrade process! Check the output in the audit logs
8 20
Checklist
Outline of the changes needed:I New Controller (UserSettingsController.php)I New Model (UserSetting.php)I New Views (setSetting, index)I Add new controller actions to ACLI Update the e-mail alert system to use the functionality
9 20
Create the new Model skeleton
location: /var/www/MISP/app/Model/UserSetting.phpCreate basic skeletonAdd model relationships (hasMany/BelongsTo)Use the hooking functionality to deal with the JSON �eld(beforeSave(), beforeFind())Add a function that can be used to check if a user should getan alert based on �lters (checkPublishFilter())Add a function to check if a user can access/modify a setting(checkAccess())
10 20
Create the Controller skeleton
location: /var/www/MISP/app/Model/UserSetting.phpCreate basic skeletonSet pagination rulesDe�ne CRUD functions (exceptionally, we diverge here fromthe norm)I setSetting()I getSetting()I index()I delete()
11 20
Start with an API only approach at first
setSetting():I Accepted methods: ADD / POSTI Separate handling of API / UII POST should create/update an entryI GET should describe the API
12 20
getSetting / index
getSetting():I Accepted methods: GETI Retrieves a single setting based on either ID or setting keyand user_id
I Encode the data depending on API/UI
I Accepted methods: GETI List all settingsI Filter user scope on demandI Filter available scopes based on role
13 20
delete
delete():I Accepted methods: POST / DELETEI Deletes a single entry based on ID or setting keyI Encode the data depending on API/UI
14 20
Add the ACL functionalities
Tie functions into checkAccess():I Check if user is allowed to execute actions and throwexceptions if not
I Add it to: setSetting() / getSetting() / delete()Consider that:I Site admins have full reignI Org admins can manage their own usersI Everyone else can self-manage
15 20
Test the functionalities
Use the REST clientExpectationsI GET on /setSetting and /delete describing our endpointsI POST /setSetting with "key": "publish_�lter", "value":"Event.tags":"%sofacy%" should return newly added ormodi�ed �lter
I GET on /index should list our entries, GET on /getSettingshould show an individual entry
I DELETE on /delete should delete the entry
16 20
Start adding the UI components
We now have a rudimentary CRUD, let’s add some simple UIviewsI setSetting as a simple formI index should use the parametrised generators (IndexTable)I Add both views to the menu systems (side-menu, globalmenu)
I Don’t forget about sanitisation and translations!
17 20
Add the checkPublishFilter() function to the e-mailing
Trace the code path of the e-mail sending to understand theprocessDecide on the best place to inject our checkDon’t break the �ow of the process!What do we have access to at this point? What format arethey in?
18 20
Test if our code works correctly
Do we see any notices / errors?Is our code easily accessible?Consider other roles! Can users/org admins do things wedon’t want them to do?Is our code-base breaking the default behaviour?Is our update script working as expected?
19 20
Push our code to our fork and create a pullrequest
git status to check what changed / got addedgit add /path/to/�le to add �les we want to commitgit commit (format: is "new/�x/chg: [topic] My description"git push my_forkCreate pull request from the github interfaceWait for Travis to run, update the code if needed
20 / 20