Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@ondj
ondj committed Jan 3, 2022
1 parent 92dcc4b commit 36f5176
Show file tree
Hide file tree
Showing 30 changed files with 2,215 additions and 0 deletions.
76 changes: 76 additions & 0 deletions .github/workflows/docker-image.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
name: Docker Image CI

on:
push:
branches: [ main ]
tags: [ 'v*' ]
pull_request:
branches: [ main ]

env:
TEST_TAG: misp:latest

jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Build and export to Docker
uses: docker/build-push-action@v2
with:
context: .
load: true
tags: ${{ env.TEST_TAG }}
-
name: Test
run: |
docker compose up -d
sleep 10 # Wait until container is ready
AUTHKEY=$(docker exec misp-e su-exec apache /var/www/MISP/app/Console/cake userInit -q)
curl -H "Authorization: $AUTHKEY" -H "Accept: application/json" http://localhost:8081/servers/getVersion | jq
docker compose down
-
name: Container scan
uses: azure/container-scan@v0
with:
image-name: ${{ env.TEST_TAG }}
-
name: Build Docker for linux/arm64
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/arm64
tags: ${{ env.TEST_TAG }}
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Docker meta
if: github.event_name != 'pull_request'
id: meta
uses: docker/metadata-action@v3
with:
images: ghcr.io/nukib/misp
-
name: Build and push
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
35 changes: 35 additions & 0 deletions .jobber
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
version: 1.4

prefs:
logPath: /var/www/MISP/app/tmp/logs/jobber.log
runLog:
type: file
path: /var/www/MISP/app/tmp/logs/jobber-runs
maxFileLen: 100m
maxHistories: 2

jobs:
CacheFeeds:
cmd: su-exec apache /var/www/MISP/app/Console/cake Server cacheFeed 1 all 2>/dev/null
time: 0 R0-10 6,8,10,12,14,16,18
onError: Backoff

FetchFeeds:
cmd: su-exec apache /var/www/MISP/app/Console/cake Server fetchFeed 1 all 2>/dev/null
time: 0 R0-10 6,8,10,12,14,16,18
onError: Backoff

PullServers:
cmd: su-exec apache /var/www/MISP/app/Console/cake Server pullAll 1
time: 0 R0-10 6,10,15
onError: Backoff

ScanAttachment:
cmd: su-exec apache /var/www/MISP/app/Console/cake admin scanAttachment all
time: 0 R0-10 6
onError: Backoff

LogRotate:
cmd: logrotate /etc/logrotate.conf
time: 0 0 5
onError: Backoff
145 changes: 145 additions & 0 deletions Config/bootstrap.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
<?php
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') {
$_SERVER['HTTPS'] = "on"; // because we are behind reverse proxy that supports https

$httpHost = env('HTTP_HOST');
if (isset($httpHost)) {
// `App.fullBaseUrl` is already defined, so we need to changed definition to generate proper redirect
Configure::write('App.fullBaseUrl', 'https://' . $httpHost);
}
unset($httpHost);
}

// If X-Forwarded-For HTTP header is set, use it as remote address
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$_SERVER['REMOTE_ADDR'] = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR'])[0];
}

/**
* This file is loaded automatically by the app/webroot/index.php file after core.php
*
* This file should load/create any application wide configuration settings, such as
* Caching, Logging, loading additional configuration files.
*
* You should also use this file to include any files that provide global functions/constants
* that your application uses.
*/

Cache::config('default', array('engine' => 'File'));
Configure::load('config');

function initializeSentry($sentryDsn) {
$serverName = Configure::read('MISP.baseurl');
$serverName = rtrim(str_replace('https://', '', $serverName), '/');

$init = [
'dsn' => $sentryDsn,
'server_name' => $serverName,
'send_default_pii' => true,
'before_send' => function (\Sentry\Event $event): ?\Sentry\Event {
if (defined('CAKEPHP_SHELL') && CAKEPHP_SHELL) { // do not start session for shell commands
return $event;
}

App::uses('AuthComponent', 'Controller/Component');
$authUser = AuthComponent::user();
if (!empty($authUser)) {
$user = [
'id' => $authUser['id'],
'email' => $authUser['email'],
'ip_address' => $_SERVER['REMOTE_ADDR'],
'logged_by_authkey' => isset($authUser['logged_by_authkey']),
];
if (isset($authUser['authkey_id'])) {
$user['authkey_id'] = $authUser['authkey_id'];
}
$event->setUser(\Sentry\UserDataBag::createFromArray($user));
}

return $event;
},
];
$environment = Configure::read('MISP.sentry_environment');
if ($environment) {
$init['environment'] = $environment;
}

Sentry\init($init);
Sentry\configureScope(function (Sentry\State\Scope $scope): void {
$backgroundJobId = getenv('BACKGROUND_JOB_ID');
if ($backgroundJobId) {
$scope->setTag('job_id', $backgroundJobId);
}
if (isset($_SERVER['HTTP_X_REQUEST_ID'])) {
$scope->setTag('request_id', $_SERVER['HTTP_X_REQUEST_ID']);
}
});
}

$sentryDsn = Configure::read('MISP.sentry_dsn');
if (!empty($sentryDsn)) {
initializeSentry($sentryDsn);

// SimpleBackgroundTask or when SENTRY_ENABLED is set to true
if (getenv('BACKGROUND_JOB_ID') || getenv('SENTRY_ENABLED') === 'true') {
$errorHandler = new ConsoleErrorHandler();

Configure::write('Exception.consoleHandler', function (Throwable $exception) use ($errorHandler) {
Sentry\captureException($exception);
$errorHandler->handleException($exception);
});
Configure::write('Error.consoleHandler', function ($code, $description, $file = null, $line = null, $context = null) use ($errorHandler) {
$exception = new \ErrorException($description, 0, $code, $file, $line);
Sentry\captureException($exception);
$errorHandler->handleError($code, $description, $file, $line, $context);
});
}
}

/**
* Plugins need to be loaded manually, you can either load them one by one or all of them in a single call
* Uncomment one of the lines below, as you need. make sure you read the documentation on CakePlugin to use more
* advanced ways of loading plugins
*
* CakePlugin::loadAll(); // Loads all plugins at once
* CakePlugin::load('DebugKit'); //Loads a single plugin named DebugKit
*
*/

CakePlugin::load('SysLog');
CakePlugin::load('Assets'); // having Logable
CakePlugin::load('SysLogLogable');
CakePlugin::load('OidcAuth');

/**
* Uncomment the following line to enable client SSL certificate authentication.
* It's also necessary to configure the plugin — for more information, please read app/Plugin/CertAuth/reame.md
*/
// CakePlugin::load('CertAuth');
// CakePlugin::load('ShibbAuth');

/**
* Configures default file logging options
*/
App::uses('CakeLog', 'Log');
CakeLog::config('debug', array(
'engine' => 'FileLog',
'types' => array('notice', 'info', 'debug'),
'file' => 'debug',
));
CakeLog::config('error', array(
'engine' => 'FileLog',
'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
'file' => 'error',
));
CakeLog::config('syslog', array(
'engine' => 'Syslog',
'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
'prefix' => 'MISP',
));

// Disable phar wrapper, because can be dangerous
if (in_array('phar', stream_get_wrappers(), true)) {
stream_wrapper_unregister('phar');
}

Loading

0 comments on commit 36f5176

Please sign in to comment.