MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
1,078 Commits
41 Branches
370 Tags
180 MiB
Commit Graph

424 Commits (12e36671bc599af245559099bf91fc318e80f0da)

Author SHA1 Message Date
Christophe Vandeplas a1fae67177 Merge branch 'feature/gui' of https://github.com/MISP/MISP into 
feature/gui
 2013-06-03 14:45:53 +02:00
Christophe Vandeplas bdc973f9ed alignment of action buttons 2013-06-03 14:44:31 +02:00
iglocska 70e5875516 Small mistake in the previous commit 2013-06-03 14:31:08 +02:00
iglocska 3b52bd2643 Attribute edit US change 2013-06-03 14:30:35 +02:00
Christophe Vandeplas d5c5134691 Display related events in multiple columns. fixes #113 2013-06-03 14:23:15 +02:00
iglocska 3549e0c49d More UI changes 2013-06-03 12:29:07 +02:00
iglocska 7eec9c01db Update to the import IOC ui 
- new css class for the graph
 2013-06-03 11:01:14 +02:00
iglocska 7691476fae More UI changes 2013-06-03 10:48:38 +02:00
iglocska 9a8f090b79 Update to the event index view 2013-06-03 08:58:57 +02:00
Iglocska 92416cdea5 Slight changes to the role creation and edit views 2013-06-02 14:41:41 +02:00
Andras b4846370c6 UI changes 2013-06-02 13:57:51 +02:00
Andras a27b3d7208 More UI changes 2013-06-02 13:51:41 +02:00
Andras 3d7355cf14 UI changes to event add/edit and change to events controller 
- updated the UI for the event add and edit views

- change to the privileges when editing events - siteadmins could not edit
  events of other orgs.
 2013-06-02 12:44:11 +02:00
Andras b68994d11f New forminfo tooltip and update to search attribute 
- added tooltip to css

- small update to search attribute
 2013-06-01 20:21:10 +02:00
Christophe Vandeplas 03a9b2bcc2 UI event fixes 2013-06-01 11:05:15 +02:00
Christophe Vandeplas bd50135fe6 UI events partial improvements 2013-06-01 08:46:21 +02:00
Christophe Vandeplas 9a256e04a5 UI rules and users improvements 2013-06-01 08:13:18 +02:00
Christophe Vandeplas 69251490ef Merge branch 'feature/gui' of https://github.com/MISP/MISP into 
feature/gui

Conflicts:
	app/View/Logs/admin_index.ctp
	app/View/Logs/admin_search.ctp
	app/View/Users/memberslist.ctp
 2013-05-31 17:50:00 +02:00
Christophe Vandeplas d3db196699 UI Logs, documentation, memberslist and fixed bug in highlight 2013-05-31 17:38:46 +02:00
iglocska d768d30e79 GUI changes for the user views 2013-05-31 15:42:53 +02:00
iglocska d86eca6982 Merge branch 'feature/gui' of https://github.com/MISP/MISP into feature/gui 2013-05-31 15:22:37 +02:00
Christophe Vandeplas e1296bad7e UI servers 2013-05-31 13:59:56 +02:00
Christophe Vandeplas e865b84d67 UI blacklist whitelist regexp 2013-05-31 13:42:02 +02:00
Christophe Vandeplas b32ad758b8 UI export and automation 2013-05-31 11:56:37 +02:00
Christophe Vandeplas 0deff7d5a5 attribute search and list 2013-05-31 11:35:27 +02:00
iglocska eb7f501b00 UI changes to the logs 2013-05-31 10:30:20 +02:00
Christophe Vandeplas d099ca8e1c hilight row 2013-05-30 16:40:47 +02:00
Christophe Vandeplas d0afda8df5 minor improvements 2013-05-30 11:40:07 +02:00
Christophe Vandeplas 0fa30912a3 mirated first parts of nice GUI proposed by Alexandru of CERT-EU 2013-05-30 11:14:00 +02:00
iglocska 876381d295 Update to the IOC import tool 
- Tries to resolve some branching to increase the number of successful
  imports

- Moved to the event view and the import only adds attributes without
  changing the event's data itself

- Visualisation of the original IOC, showing the successes and failures
 2013-05-29 13:42:04 +02:00
Christophe Vandeplas e3ed847ba0 fixing some REST API and XML issues 2013-05-28 11:15:21 +02:00
Christophe Vandeplas 512c74e7bd minor cleanup 2013-05-22 12:49:40 +02:00
Christophe Vandeplas 3bbd12f461 further cleanup of the REST XML output 2013-05-22 11:21:52 +02:00
Christophe Vandeplas 0614db919e fixes information leakage vulnerability on REST XML outputs 2013-05-22 10:52:03 +02:00
Christophe Vandeplas 62a3da46f2 removed useless hop_count 2013-05-22 08:18:34 +02:00
Iglocska 27a4dc8a41 Disabled HTML5 validation for Users/admin_add 
- the new cakephp HTML5 validation forced users to enter a GPG key under
all circumstances. Removed.
 2013-05-13 15:27:11 +02:00
Iglocska a707df1b31 Strict messages fixes #99 and user edit requiring to change password 
fixes #67

- Plugins and the user model were throwing strict messages in php 5.4+
or with E_STRICT on php 5.3 and lower. Should be fixed.

- New cakePHP added automatic HTML5 validation to form fields, which
breaks fields that can alternatively be left empty to not be edited
(such as the password field in user edits) - removed the html5 form
validation from user edits.
 2013-05-13 14:27:40 +02:00
Iglocska c653b91491 Further progress on the OpenIOC import 
- works fine now, but a lot of data still gets discarded
 2013-05-08 09:57:18 +02:00
Iglocska 60e4190b84 OpenIOC Importer 
- Import from .ioc
- map to MISP attributes and insert them
- try to resolve AND logical operators where possible, otherwise discard
 2013-05-06 16:53:54 +02:00
Iglocska c4bcf1c077 Fixes #88 
- events searchable by uuid
	-> /events/view/<uuid>
 2013-04-30 16:55:13 +02:00
Iglocska cf9546b3b0 Moved the ioc export to a component 
- Less clutter
 2013-04-30 14:17:48 +02:00
Iglocska 2b47fec2a5 Further changes to the export features 
- fixed issues with some download exports not being downloaded
- eliminated some code repetition
 2013-04-30 11:24:02 +02:00
Andras Iklody b98818ebfb Small errors with the merge corrected 
- some errors managed to slip through during the merge, should be fixed
 2013-04-25 15:37:49 +02:00
Andras Iklody 4396cec8ea Integrated ownership, ACL and minor fixes 
- Orgs can propose new attributes or changes to existing attributes for
  events that they do not own

- publishing users of the owner organisation can see, accept or discard
  them

- Reworked the access control

- minor fixes
 2013-04-25 14:04:08 +02:00
Christophe Vandeplas 3be869a9d5 fix sanitization in Events #96 2013-04-24 15:49:35 +02:00
Christophe Vandeplas 8a74635e3a fix sanitization in Regexp #96 2013-04-24 15:33:22 +02:00
Christophe Vandeplas 01f7cc1027 fix sanitization in Roles #96 2013-04-24 15:24:39 +02:00
Christophe Vandeplas e9bcacfbc3 fix sanitization in Attributes #96 2013-04-24 15:20:20 +02:00
Christophe Vandeplas d11422831e fix sanitization in Users #96 2013-04-24 13:06:35 +02:00
Christophe Vandeplas 31aefac521 fix sanitization in Whitelist 2013-04-22 16:45:32 +02:00
Christophe Vandeplas 7fab436229 fix sanitization in Logs 2013-04-22 16:39:47 +02:00
Christophe Vandeplas 665defe7b1 cleanup crappy sanitization 2013-04-22 15:22:20 +02:00
Christophe Vandeplas 23742c543c rewrote fetching of the related events 2013-04-22 15:04:27 +02:00
Andras Iklody 9a6733acfd Removal of deprecated code 
- The flag private is deprecated, removed together with the code that was
  affected by it
 2013-04-17 11:13:09 +02:00
Christophe Vandeplas 8029d7fa29 removes multiple correlation engines Fixes #83 but after testing issue 
#95 comes to light
 2013-04-16 16:59:12 +02:00
Christophe Vandeplas 8d5782125d removed unused CyDefSIG.showowner field. Closes issue #93 2013-04-16 15:29:34 +02:00
iglocska 99e0a91aa8 Small bug with sorting events by validation 
- didn't work properly, fixed.
 2013-03-26 14:32:32 +01:00
iglocska 68ab054433 Updates to the manual 
- new export features

- contact user features
 2013-03-26 14:09:55 +01:00
iglocska c268fac392 Missing view for IOC export 2013-03-26 11:11:13 +01:00
iglocska 5d42b81989 First version of an IOC export feature 
- Builds basic .ioc file of an event, OR-ing all eligible attributes

- mass export via a zip file to be implemented later
 2013-03-26 11:02:01 +01:00
iglocska 0a06ceed3b E-mailing system for site-admins 
- site admins able to contact users by e-mail from within the system
- PGP encrypted where available
- Password reset with automatic temporary key generation
- all of the above options have a mass-email version where every user is
  contacted at once
- Potential new users can be contacted too (GPG key can be supplied)
 2013-03-25 16:38:56 +01:00
iglocska 8c0a7ad716 Double sanitization fixed 2013-03-19 15:13:07 +01:00
iglocska f008eb9f07 Search for attributes by organisation 
- New search functionality on request - restrict attributes by
  organisation

- Also, attributes in the list attributes and search attributes result
  pages, that belong to the user's organisation will have a red event ID
 2013-03-19 11:54:14 +01:00
iglocska ef93e61efb Related events 
- Implemented on request: related events created by the same organisation are now coloured red
 2013-03-19 10:30:32 +01:00
iglocska 91b1787fe8 Change to the location of the add attribute/attachment buttons. Fixes #49 2013-03-18 15:25:32 +01:00
iglocska 64a95fad33 Moved the batch import checkbox, Fixes #50 2013-03-18 14:45:11 +01:00
iglocska 320a9f4e05 Slight change to the xml export of search results 
- Disabled the feature for "List Attributes".
 2013-03-18 13:16:55 +01:00
iglocska 32de082c88 New export feature 
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication

- the old export features still exist for users with perm_auth enabled
  accounts - renamed to automation

- Exporting the events that found attributes belong to in a search
  attributes result page

- exporting of individual events to file by clicking a link in event view
 2013-03-18 11:48:36 +01:00
iglocska 1f074e53f9 Updates to the manual 2013-03-14 11:53:51 +01:00
iglocska d5800206e6 Bug fixes 
- issues of admin orgs not being able to edit/delete org events

- owner org removed for org admins

- email only visible from own org to org admins
 2013-03-13 15:11:49 +01:00
iglocska eb4283ea9c Highlighting in log searches 
- new helper that can be used for highlighting

- highlighting of the search terms in the log search result - index view.
 2013-03-11 13:12:48 +01:00
Andras Iklody 019e976783 Removed the js title bubble for related events 
- Removed javascripts based title bubble showing the event info in related
  events / attributes and in the search attribute view.

- Replaced it with values provided by extra cake queries as the delay for
  fetching the info field through a js rest request was annoyingly slow

- some coding standards
 2013-03-08 13:16:02 +01:00
Andras Iklody 3646bca059 Regexp validation 
- an invalid regexp entry could block any event/attribute from being
  entered. Introduced a check on regexp entry to block faulty patterns.
 2013-03-07 15:19:55 +01:00
Andras Iklody 83294820bf Changes to logs and some minor changes 
- Regexp, blacklist, roles, whitelists now logged

- adminCRUD now sets ID (for the logging) on edit

- some minor UI changes (removal of empty action menues on the left menu
  bar)
 2013-03-07 11:51:43 +01:00
Andras Iklody b9d4ac9cba Subscription to alerts from contact reporter 
- Users can now choose to subscribe to receive e-mails from the "Contact
  Reporter" feature.
 2013-03-06 11:34:22 +01:00
Andras Iklody 64f304da48 Tighter checks so users can't edit events of other orgs 2013-03-05 16:17:34 +01:00
Andras Iklody 4a368918eb Colouring of search terms works in links 
- links now have proper colouring to make the found terms more visible
 2013-03-04 18:05:17 +01:00
Andras Iklody d80ff67aa6 Previous edit was incorrect, fixed 2013-03-01 15:30:00 +01:00
Andras Iklody 047e71ebc4 Tiny Migration and UI edit 
- updates to the migration SQL script

- small change in the new/edit roles UI to solve a misalignment
 2013-03-01 15:25:49 +01:00
deresz 29191bdde1 Merge branch 'develop' of /home/git/cydefsig into develop 2013-03-01 09:42:28 +01:00
Andras Iklody 01649046c0 Several things (search, migration) 
- Changes to the default setting for non private events after migration

- search attribute update to be able to exclude events
 2013-02-27 17:15:09 +01:00
Andras Iklody fad8e809ad Minor changes 
- some changes to the access control

- re-renabled regexp and blacklists, will need a closer look though

- editing a role should update ACL

- some other minor things
 2013-02-21 17:24:41 +01:00
Andras Iklody 07621afa2d Update to the menu 
- minor cosmetic change
 2013-02-19 17:29:35 +01:00
Andras Iklody 0f947085cb Reworked the sync / release control 
- Fixed issues with the sync
	- Secondary publishes on remote servers failed
	- Introduced new fields in events to stop backward traverse of
	  edit information that lead to low performance and eroneous
	  distribution information updates when more than 2 servers were
	  linked
	- Deletion of an attribute now deletes on remote servers

- Changes to the event ownership
	- Original creator org now noted in the event itself
	- Only original creator org can change distribution
	- Events will show up with the original creator org for users
	  (admins can see both that and the owner of the event on the
	  local instance)
	- Server.organization now used in junction with the connecting
	  user's org and the instance's org (from the bootstrap) to
	  determine distribution flow control and access rights

- Lots of minor changes
 2013-02-19 15:37:35 +01:00
Noud de Brouwer ce44cdb529 coding standards 
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
 2013-02-15 14:20:03 +00:00
Christophe Vandeplas 27c809e5f2 further cleanup 2013-02-14 17:01:49 +01:00
Andras Iklody afed0f2046 Changes to link validation and minor fixes 
- Links get validated now to filter malicios code

- removed a double edit button in the case of an admin editing himself

- fixed an error with adding new attributes
 2013-02-11 11:26:34 +01:00
Andras Iklody e88a3a9cf7 Updates to security 
- perm_auth new toggle, can disable auth key usage for a role

- prevents sync / rest with a perm_auth == false key

- some changes to sync to provide better feedback on why it failed

- rewording of distribution options
 2013-02-06 17:45:43 +01:00
Andras Iklody 7f6f166838 Fixes to access rights, some sanitization, etc 
- Admins cannot manually change anyone's authkey, they need to generate a
  new one via the reset link

- Some pages could be accessed by changing the url - fixed (though needs
  further testing)

- Edited a change in the manual that may have been confusing

- Some changes to the way ACL is set up - still needs more work
 2013-02-04 17:55:35 +01:00
Andras Iklody 879a5fb282 Temporary fix for file-uploads under windows 
Added an alternate file-upload/download path creation for PHP_OS ==
'WINNT'

Also removed autofill for the login field
 2013-01-31 10:25:03 +01:00
Andras Iklody 29295e1380 changes to the admin org access and sanitization 
1. Some errors fixed in the way redirects worked for org admins

2. fixed some double sanitization resulting in incorrect characters
displayed in certain fields
 2013-01-30 11:49:55 +01:00
Andras Iklody 6333055cfc Added hover over event IDs in search attributes view 
Hovering over the event IDs now shows the event info in the list generated
by the search attributes page
 2013-01-29 13:33:07 +01:00
Andras Iklody 97f56a2275 Further changes to org admins 
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
 2013-01-29 08:56:38 +01:00
Andras Iklody 2d6d806cca Small update to the regular import regexp view 
An empty table cell caused a cosmetic misalignment of the cell border.
 2013-01-28 15:11:48 +01:00
Noud de Brouwer b7464db288 coding standards 
Coding Standards.
 2013-01-28 11:13:51 +00:00
Noud de Brouwer 9d9dd7b4af coding standards 
Coding Standards.
 2013-01-28 11:05:23 +00:00
Andras Iklody 504599fbcc Org admin privileges 
Added restrictions for org admins and regular users to be able to see
regexp/whitelist/blacklist information without being able to edit them.
Org admins can also see the roles but not edit them.
 2013-01-28 11:44:09 +01:00
Noud de Brouwer 729e1e2206 coding standards 
Coding Standards.
 2013-01-28 08:57:30 +00:00
Noud de Brouwer a6371f5ad8 coding standards 
Coding Standards.
 2013-01-28 08:32:01 +00:00
Noud de Brouwer 78f0d7ce93 coding standards 
Coding Standards.
 2013-01-25 13:02:58 +00:00