/** * Execute the console command. * * @return bool */ public final function handle() { $incident = $this->getModelFromRequest(); $this->setEvidenceFile($incident, $this->argument('file')); if (empty($this->evidenceFile)) { $this->error('Error returned while asking to write evidence file, cannot continue'); return false; } /** @var $validation */ $validation = $this->getValidator($incident); if ($validation->fails()) { foreach ($validation->messages()->all() as $message) { $this->error($message); } $this->error(sprintf('Failed to create the %s due to validation warnings', $this->getAsNoun())); return false; } /* * build evidence model, but wait with saving it **/ $evidence = new Evidence(); $evidence->filename = $this->evidenceFile; $evidence->sender = trim(posix_getpwuid(posix_geteuid())['name']) . ' (CLI)'; $evidence->subject = 'CLI Created Incident'; /* * Call IncidentsProcess to validate, store evidence and save incidents */ $incidentsProcess = new IncidentsProcess([$incident], $evidence); // Validate the data set if (!$incidentsProcess->validate()) { return $this->exception('validation of generated objects failed while processing'); } // Write the data set to database if (!$incidentsProcess->save()) { return $this->exception('unable to save generated objects'); } $msg = sprintf('The %s has been created', $this->getAsNoun()); $this->info($msg); return true; }
/** * Execute the command. * * @return void */ public function handle() { Log::info(get_class($this) . ': ' . 'Queued worker is starting the processing of email file: ' . $this->filename); $rawEmail = Storage::get($this->filename); $parsedMail = new MimeParser(); $parsedMail->setText($rawEmail); // Sanity checks if (empty($parsedMail->getHeader('from')) || empty($parsedMail->getMessageBody())) { Log::warning(get_class($this) . ': ' . 'Missing e-mail headers from and/or empty body: ' . $this->filename); $this->exception(); return; } // Ignore email from our own notification address to prevent mail loops if (preg_match('/' . Config::get('main.notifications.from_address') . '/', $parsedMail->getHeader('from'))) { Log::warning(get_class($this) . ': ' . 'Loop prevention: Ignoring email from self ' . Config::get('main.notifications.from_address')); $this->exception(); return; } // Start with detecting valid ARF e-mail $attachments = $parsedMail->getAttachments(); $arfMail = []; foreach ($attachments as $attachment) { if ($attachment->contentType == 'message/feedback-report') { $arfMail['report'] = $attachment->getContent(); } if ($attachment->contentType == 'message/rfc822') { $arfMail['evidence'] = utf8_encode($attachment->getContent()); } if ($attachment->contentType == 'text/plain') { $arfMail['message'] = $attachment->getContent(); } } /* * Sometimes the mime header does not set the main message correctly. This is ment as a fallback and will * use the original content body (which is basicly the same mime element). But only fallback if we actually * have a RFC822 message with a feedback report. */ if (empty($arfMail['message']) && isset($arfMail['report']) && isset($arfMail['evidence'])) { $arfMail['message'] = $parsedMail->getMessageBody(); } // If we do not have a complete e-mail, then we empty the perhaps partially filled arfMail // which is useless, hence reset to false if (!isset($arfMail['report']) || !isset($arfMail['evidence']) || !isset($arfMail['message'])) { $arfMail = false; } // Asking ParserFactory for an object based on mappings, or die trying $parser = ParserFactory::create($parsedMail, $arfMail); if ($parser !== false) { $parserResult = $parser->parse(); } else { Log::error(get_class($this) . ': ' . ': No parser available to handle message from : ' . $parsedMail->getHeader('from') . ' with subject: ' . $parsedMail->getHeader('subject')); $this->exception(); return; } if ($parserResult !== false && $parserResult['errorStatus'] === true) { Log::error(get_class($parser) . ': ' . ': Parser has ended with fatal errors ! : ' . $parserResult['errorMessage']); $this->exception(); return; } else { Log::info(get_class($parser) . ': ' . ': Parser completed with ' . $parserResult['warningCount'] . ' warnings and collected ' . count($parserResult['data']) . ' incidents to save'); } if ($parserResult['warningCount'] !== 0 && Config::get('main.emailparser.notify_on_warnings') === true) { Log::error(get_class($this) . ': ' . 'Configuration has warnings set as critical and ' . $parserResult['warningCount'] . ' warnings were detected. Sending alert to administrator'); $this->exception(); return; } /* * build evidence model, but wait with saving it **/ $evidence = new Evidence(); $evidence->filename = $this->filename; $evidence->sender = $parsedMail->getHeader('from'); $evidence->subject = $parsedMail->getHeader('subject'); /* * Call IncidentsProcess to validate, store evidence and save incidents */ $incidentsProcess = new IncidentsProcess($parserResult['data'], $evidence); // Only continue if not empty, empty set is acceptable (exit OK) if (!$incidentsProcess->notEmpty()) { return; } // Validate the data set if (!$incidentsProcess->validate()) { $this->exception(); return; } // Write the data set to database if (!$incidentsProcess->save()) { $this->exception(); return; } Log::info(get_class($this) . ': ' . 'Queued worker has ended the processing of email file: ' . $this->filename); }
/** * Execute the command. * * @return bool */ public function handle() { Log::info(get_class($this) . ': ' . 'Queued worker is starting the collector: ' . $this->collector); $collector = collectorFactory::create($this->collector); if (!$collector) { Log::error("The requested collector {$this->collector} could not be started check logs for PID:" . getmypid()); $this->exception(); return; } $collectorResult = $collector->parse(); if ($collectorResult['errorStatus'] == true) { Log::error("The requested collector {$this->collector} returned an error. check logs for PID:" . getmypid()); $this->exception(); return; } /* * save evidence onto disk */ $evidence = new EvidenceSave(); $evidenceData = json_encode(['collectorName' => $this->collector, 'collectorData' => $collectorResult]); $evidenceFile = $evidence->save($evidenceData); if (!$evidenceFile) { Log::error(get_class($this) . ': ' . 'Error returned while asking to write evidence file, cannot continue'); $this->exception(); return; } /* * build evidence model, but wait with saving it **/ $evidence = new Evidence(); $evidence->filename = $evidenceFile; $evidence->sender = 'abuse@localhost'; $evidence->subject = "CLI Collector {$this->collector}"; /* * Call IncidentsProcess to validate, store evidence and save incidents */ $incidentsProcess = new IncidentsProcess($collectorResult['data'], $evidence); // Only continue if not empty, empty set is acceptable (exit OK) if (!$incidentsProcess->notEmpty()) { return; } // Validate the data set if (!$incidentsProcess->validate()) { $this->exception(); return; } // Write the data set to database if (!$incidentsProcess->save()) { $this->exception(); return; } Log::info(get_class($this) . ': ' . 'Queued worker has ended the processing of collector: ' . $this->collector); }
/** * Store a newly created ticket in storage. * * @param TicketFormRequest $ticket * * @return \Illuminate\Http\Response */ public function store(TicketFormRequest $ticket) { /* * If there was a file attached then we add this to the evidence as attachment */ $attachment = []; $uploadedFile = Input::file('evidenceFile'); if (!empty($uploadedFile) && is_object($uploadedFile) && $uploadedFile->getError() === 0 && is_file($uploadedFile->getPathname())) { $attachment = ['filename' => $uploadedFile->getClientOriginalName(), 'size' => $uploadedFile->getSize(), 'contentType' => $uploadedFile->getMimeType(), 'data' => file_get_contents($uploadedFile->getPathname())]; } /* * Grab the form and build a incident model from it. The form should be having all the fields except * the form token. We don't need to validate the data as the formRequest already to care of this and * IncidentsSave will do another validation on this. */ $incident = new Incident(); foreach ($ticket->all() as $key => $value) { if ($key != '_token') { $incident->{$key} = $value; } } /* * Incident process required all incidents to be wrapped in an array. */ $incidents = [0 => $incident]; /* * Save the evidence as its required to save events */ $evidence = new EvidenceSave(); $evidenceData = ['createdBy' => trim($this->auth_user->fullName()) . ' (' . $this->auth_user->email . ')', 'receivedOn' => time(), 'submittedData' => $ticket->all(), 'attachments' => []]; if (!empty($attachment)) { $evidenceData['attachments'][0] = $attachment; } $evidenceFile = $evidence->save(json_encode($evidenceData)); if (!$evidenceFile) { Log::error(get_class($this) . ': ' . 'Error returned while asking to write evidence file, cannot continue'); $this->exception(); } $evidence = new Evidence(); $evidence->filename = $evidenceFile; $evidence->sender = $this->auth_user->email; $evidence->subject = 'AbuseDesk Created Incident'; /* * Call IncidentsProcess to validate, store evidence and save incidents */ $incidentsProcess = new IncidentsProcess($incidents, $evidence); // Validate the data set $validated = $incidentsProcess->validate(); if (!$validated) { return Redirect::back()->with('message', "Failed to validate incident model {$validated}"); } // Write the data set to database if (!$incidentsProcess->save()) { return Redirect::back()->with('message', 'Failed to write to database'); } return Redirect::route('admin.tickets.index')->with('message', 'A new incident has been created. Depending on the aggregator result a new ' . 'ticket will be created or existing ticket updated'); }