MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
21,774 Commits
34 Branches
365 Tags
188 MiB
Commit Graph

1128 Commits (1c0df3687ae3d1e72f61523af8d8367db783ebb7)

Author SHA1 Message Date
Jakub Onderka ff150b8834 chg: [internal] Do not generate export array when initializing Event class 2022-04-10 09:49:21 +02:00
Sami Mokaddem 6c258015a1
chg: [servers:getAllTypes] Moved the type and object collection action for filtering in the model 2022-04-04 11:52:47 +02:00
iglocska 861a9af713
Merge branch '2.4' into develop 2022-03-28 17:49:28 +02:00
Jakub Onderka f1dd24933c fix: [sign] Allow to sign event by key stored in gpg homedir 2022-03-26 12:10:26 +01:00
Luciano Righetti 34df13af81 fix: typo 2022-03-25 16:32:32 +01:00
iglocska f4e390ae27
new: [event locks] have an option to disable them 
- it's annoying and causes headaches
- as discussed in #8204
 2022-03-25 08:52:51 +01:00
Alexandre Dulaunoy ab1305cc18
Merge pull request #8218 from righel/org-svg-logo-setting 
new: add setting for allowing svg org logos
 2022-03-18 11:01:14 +01:00
Luciano Righetti 8dcf414340 fix: [security] restrict setting to cli only. enabling this setting could allow potential ssrf attacks, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 15:55:21 +01:00
iglocska 07b091778a
Merge branch '2.4' into develop 2022-03-17 15:51:06 +01:00
Hendrik Baecker eb7a1301bb [chg] LinOTP now with enable/disable as config feature 2022-03-17 15:19:58 +01:00
Luciano Righetti 2bd4a5b30c fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 14:42:49 +01:00
iglocska e8dcb31623
Merge branch 'feature/protected_mode' into develop 2022-03-17 01:43:44 +01:00
iglocska 8eff854fce
fix: [signing validation] use the existing event rather than the incoming event for edits 
- the ground truth for allowing edits is in the LOCAL version of the event
- prevents tampering attempts

- also cleanup of repetive file upload code
 2022-03-17 00:41:55 +01:00
iglocska d49eca93ea
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-16 01:34:19 +01:00
iglocska d431ee2d31
new: [pull] added protected mode checks and calling the validation functions if a protected event is found 
- also removed leftover breakpoints
 2022-03-16 01:32:01 +01:00
iglocska c33230c2cd
Merge branch '2.4' into feature/protected_mode 2022-03-15 23:49:06 +01:00
iglocska 3122974853
chg: [pull] signing validation WiP 2022-03-15 23:10:51 +01:00
iglocska 4a65714fe9
fix: [sync] version comparison fixes 
- for determining the right version to compare to when deciding if protected events can be synced
 2022-03-14 00:34:44 +01:00
iglocska 37fb2943bf
chg: [check remote MISP version] added flag for protectedMode awareness 2022-03-13 12:37:30 +01:00
Jakub Onderka 2e87d6b7b4
Merge pull request #8197 from JakubOnderka/push-sightings-refactor 
chg: [sync] Simplify code for sighting pushing
 2022-03-12 13:17:38 +01:00
Luciano Righetti fd43c07952 fix: add default supervisor user to default settings 2022-03-09 12:08:54 +01:00
Luciano Righetti 7fae03d226 fix: add default supervisor user to default settings 2022-03-09 12:01:57 +01:00
Jakub Onderka 90cd99685f chg: [sync] Simplify code for sighting pushing 2022-03-07 17:45:06 +01:00
iglocska 639a4929e3
new: [sharing group blueprints] 
- create a rule based blueprint that is used to create and update a sharing group
- nest sharing groups
- filter organisations by metadata fields
- nested via boolean operators
- CLI exposed
- API exposed
- Lightweight ownership model (only blueprint owner can see and edit the blueprint)
 2022-03-02 02:09:20 +01:00
Jakub Onderka 351d2bfa20 fix: [security] Do not allow to fetch value of redacted setting 2022-02-26 10:57:47 +01:00
Andras Iklody 35d0d77788
Merge pull request #8141 from folbricht-stripe/preserve-session-config 
Preserve Session.* configuration in serverSettingsSaveValue
 2022-02-23 11:40:28 +01:00
iglocska 6ab34c5b34
fix: [sync] fixed several issues with the sync attribute filters causing issues 
- if no negative sync filters defined, errors thrown due to check against null
 2022-02-16 15:23:03 +01:00
Frank Olbricht b08f7cf2d8 Preserve Session.* configuration in serverSettingsSaveValue 2022-02-12 14:41:35 -07:00
iglocska 260d84651c
fix: [tmpdir] default value change missing 
- Thanks @Wachizungu for spotting my fail
 2022-02-09 15:44:18 +01:00
iglocska 607de3683c
fix: [tmpdir] default reverted to MISP/app/tmp 
- too many access errors for users with /tmp as the default
 2022-02-09 09:18:02 +01:00
Jakub Onderka 2f33b4ad3d new: [UI] Show TLS version for server test 2022-01-22 11:39:49 +01:00
Jakub Onderka 067e04fcf6 chg: [setting] Check if value is from options 2022-01-21 20:09:39 +01:00
Jakub Onderka 44c4f80c28 chg: [internal] Do not call __evaluateLeaf for branch 2022-01-21 19:39:49 +01:00
Jakub Onderka 7bf1afc093 fix: [internal] testForCABundle should return true 2022-01-21 17:48:22 +01:00
Jakub Onderka f32c526bbe new: [security] Allow to specify min_tls_version 2022-01-21 10:18:22 +01:00
Jakub Onderka 0c243ce4f7 fix: [setting] Default value for MISP.require_password_confirmation is false 2022-01-20 10:53:45 +01:00
Alexandre Dulaunoy 7a62e49e98
Merge branch '2.4' into develop 2022-01-17 23:35:38 +01:00
Hendrik Baecker 7644a19b7f [chg] LinOTP default baseURL 2022-01-17 07:24:59 +01:00
Hendrik Baecker aeeb16ec06 [chg] Make LinOTP configurable via webui and cli 2022-01-14 14:32:43 +01:00
Alexandre Dulaunoy f19661fb21
Merge branch '2.4' into develop 2022-01-04 15:54:42 +01:00
StefanKelm 9897c42ef5
Update Server.php 
fix wording
 2021-12-30 13:44:10 +01:00
Luciano Righetti 57597b9cd7 fix: change simple bg jobs settings to critical, fix notice in server shell 2021-12-23 14:44:38 +01:00
Jakub Onderka 1caf425b2b
Merge pull request #8039 from JakubOnderka/cake-baseurl-deprecated 
chg: [cli] Deprecate `cake baseurl` command
 2021-12-22 19:47:54 +01:00
iglocska f905eef8f0
Merge branch '8042' into develop 2021-12-21 16:42:50 +01:00
Jakub Onderka 73936bc8fe chg: [cli] Deprecate `cake baseurl` command 2021-12-19 14:05:27 +01:00
iglocska 1c5d7d2f2f
chg: [rephrasing] some warnings 2021-12-17 16:09:01 +01:00
Sami Mokaddem 7f53cdc562
fix: [server:pull] Typo in objectAttribute filtering 2021-12-17 15:23:37 +01:00
Hendrik Baecker 2a54c429ed [chg] Safe LinOTP Config 2021-12-14 17:28:52 +01:00
Sami Mokaddem 0bb4f372ff
fix: [server:pull] Typo while unsetting attribute blocked by filtering rule 2021-12-10 13:47:39 +01:00
Sami Mokaddem fee5563c5a
chg: [server:pull] Do not log empty event entries if it was cause by the rules 2021-12-10 10:56:45 +01:00