Noud de Brouwer
ce44cdb529
coding standards
...
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
2013-02-15 14:20:03 +00:00
Andras Iklody
f754eec840
Minor change to the validation
...
- Some types didn't have any validation info, defaulting in an incorrect
input - fixed
- re-enabled the sanitization of file names
2013-02-11 17:23:07 +01:00
Andras Iklody
e17228490b
Minor changes to the validation
2013-02-11 15:56:10 +01:00
Andras Iklody
afed0f2046
Changes to link validation and minor fixes
...
- Links get validated now to filter malicios code
- removed a double edit button in the case of an admin editing himself
- fixed an error with adding new attributes
2013-02-11 11:26:34 +01:00
Andras Iklody
e88a3a9cf7
Updates to security
...
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
2013-02-06 17:45:43 +01:00
Andras Iklody
5706fe183f
Redirect for ServersController
...
Added redirect for index in case of non sync users
2013-02-06 08:34:41 +01:00
Andras Iklody
e976242878
Reworked aros_acos creation
...
- moved and fixed the aros_acos creation on the new role creation
- new method in appController that sets all the aros_acos from scratch
(for example for a new instance, or a changed acos / aros table)
- some minor changes, redirects to the terms page on invalid events
removed, etc.
2013-02-05 17:22:37 +01:00
Andras Iklody
6ef3ea7050
Missing file from the last commit
...
Missed a file from the package
2013-02-05 09:21:29 +01:00
Andras Iklody
7f6f166838
Fixes to access rights, some sanitization, etc
...
- Admins cannot manually change anyone's authkey, they need to generate a
new one via the reset link
- Some pages could be accessed by changing the url - fixed (though needs
further testing)
- Edited a change in the manual that may have been confusing
- Some changes to the way ACL is set up - still needs more work
2013-02-04 17:55:35 +01:00
Andras Iklody
879a5fb282
Temporary fix for file-uploads under windows
...
Added an alternate file-upload/download path creation for PHP_OS ==
'WINNT'
Also removed autofill for the login field
2013-01-31 10:25:03 +01:00
Andras Iklody
4d0fe60347
Corrected a typo preventing the sync from working
2013-01-30 14:02:36 +01:00
Andras Iklody
29295e1380
changes to the admin org access and sanitization
...
1. Some errors fixed in the way redirects worked for org admins
2. fixed some double sanitization resulting in incorrect characters
displayed in certain fields
2013-01-30 11:49:55 +01:00
Andras Iklody
66b9969d29
Security for UsersController
...
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
2013-01-29 10:51:18 +01:00
Andras Iklody
97f56a2275
Further changes to org admins
...
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
2013-01-29 08:56:38 +01:00
Andras Iklody
cd78baeb14
Issue with uploading attachments fixed
...
Uploading an attachment would fail while trying to set the event to
unpublished. Fixed.
2013-01-28 15:51:54 +01:00
Noud de Brouwer
9d9dd7b4af
coding standards
...
Coding Standards.
2013-01-28 11:05:23 +00:00
Andras Iklody
504599fbcc
Org admin privileges
...
Added restrictions for org admins and regular users to be able to see
regexp/whitelist/blacklist information without being able to edit them.
Org admins can also see the roles but not edit them.
2013-01-28 11:44:09 +01:00
Noud de Brouwer
4c83ad3cfe
coding standards
...
Coding Standards.
2013-01-28 08:42:20 +00:00
Noud de Brouwer
a6371f5ad8
coding standards
...
Coding Standards.
2013-01-28 08:32:01 +00:00
Andras
8d88bcb2b5
Fix for the synchronisation
...
An error in the pull fix broke the push/publish feature. Fixed.
2013-01-27 21:27:58 +01:00
Andras Iklody
6afc1e993f
Attribute distributions
...
Added feature to block distribution levels that would get overruled by the
event distribution. The distribution of the event will be the currently
selected distribution when creating an attribute.
2013-01-25 13:44:43 +01:00
Andras Iklody
b0448c4a92
Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into develop
2013-01-25 12:24:37 +01:00
Noud de Brouwer
3b07348849
distribution
...
attributes inherit distribution from event.
2013-01-25 11:25:18 +00:00
Andras Iklody
9739cd1e35
Fix for the org admin privileges
...
Editing / creating users and the organisation permissions for org admins
2013-01-25 12:22:55 +01:00
Andras Iklody
d4c5460d9e
Org admin can only see org logs
...
Added check for the above
2013-01-25 11:21:39 +01:00
Noud de Brouwer
d6adb11f52
RBAC
...
only create users within own organisation.
2013-01-25 07:52:32 +00:00
Noud de Brouwer
3d40095547
coding standards
...
Coding Standards.
2013-01-25 07:51:20 +00:00
Andras Iklody
24b10579ad
Pull fixed
...
Fixed the issues with pull, should work fine now
2013-01-24 17:32:57 +01:00
Noud de Brouwer
3917e93ae6
coding standards
...
Coding Standards.
2013-01-24 14:35:13 +00:00
Andras Iklody
ce4bf4bd1b
Fixed push/publish
...
Fixed a few issues that caused push/publish not to work
2013-01-24 15:10:59 +01:00
Noud de Brouwer
01c0dc0e71
RBAC
...
org admin and RBAC admin.
2013-01-24 10:35:59 +00:00
deresz
b1b47bc56f
Better fix to Sanitize::clean() problem
...
'escape' option was removed.
2013-01-24 10:38:51 +01:00
Noud de Brouwer
f8b9d85c62
Sanitize
...
Sanitize can not be used in PGP key.
2013-01-24 08:19:47 +00:00
Noud de Brouwer
48ad60eb61
GPG
...
start of check/correct.
2013-01-23 15:22:21 +00:00
Noud de Brouwer
8bf8ef17ca
RBAC
...
so role is editable.
(i will not commit/push during after hours ;) )
2013-01-22 18:37:30 +00:00
Noud de Brouwer
732ac3609f
Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig into develop
2013-01-22 15:25:51 +00:00
Noud de Brouwer
7e5c34770e
RBAC
...
role editable on user page (by admin).
2013-01-22 15:25:08 +00:00
deresz
355e9a435e
Roles controller Jquery helper added
...
For some reason I needed it
2013-01-22 16:15:32 +01:00
Noud de Brouwer
125869c1d8
RBAC
...
roles/view/<id>.
2013-01-22 15:12:36 +00:00
Noud de Brouwer
06b062dacc
RBAC
...
ampesant in html.
2013-01-22 14:46:39 +00:00
Noud de Brouwer
8526459173
Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig into develop
2013-01-22 10:06:31 +00:00
Andras Iklody
3e0bc0a4fd
Small change to batch searches
...
An empty new line caused every attribute to be displayed. Fixed.
2013-01-18 11:31:06 +01:00
Andras Iklody
f544ac2e08
Batch search for attributes
...
Implementation of request to be able to do batch attribute searches
2013-01-17 16:03:04 +01:00
Noud de Brouwer
4c4a2bcb89
error
...
behavior error or just plain wrong on our side.
2013-01-16 15:31:52 +00:00
Noud de Brouwer
755f19c560
error
...
behavior error or just plain wrong on our side.
2013-01-16 15:27:15 +00:00
Noud de Brouwer
4073bd9b65
error
...
behavior error or just plain wrong on our side.
2013-01-16 14:11:02 +00:00
Noud de Brouwer
804a0cf0f6
PHP practice
...
array-content.
2013-01-14 16:32:09 +00:00
Noud de Brouwer
89845933a4
CakePHP
...
odity, if i add "tes\ntestt\ntes", blacklist the testt,
i get "tes\ntestt" as content. (other behaviors?)
2013-01-14 16:23:57 +00:00
Noud de Brouwer
2215f1a579
Blacklist
...
AdminCrud looking for Blacklist Flash message
and Import Blacklist menu button.
2013-01-09 15:04:48 +00:00
Noud de Brouwer
5fc0656896
Blacklist
...
A list of stringparts not to be able to enter.
2013-01-09 14:58:52 +00:00
Noud de Brouwer
a9a1bc91a1
AdminCrud and coding standard
...
more AdminCrud and coding standard clean up.
2013-01-04 15:48:46 +00:00
Noud de Brouwer
c7a98aa286
AdminCrud
...
use of the AdminCrud component.
2013-01-04 14:49:52 +00:00
Noud de Brouwer
a982839958
app syntax
...
Controller/Component to share AdminCrud.
2013-01-04 13:14:47 +00:00
Noud de Brouwer
ca290b0357
Import Regexp
...
removed unused code.
2012-12-20 18:56:04 +00:00
Noud de Brouwer
1e518f8bc0
Import Regexp
...
Renamed Import Whitelist to Import Regexp.
2012-12-20 18:47:38 +00:00
Andras Iklody
879154eab2
Fixed deprecated errors
...
Removed cause of deprecated errors (Pass by reference)
2012-12-20 14:48:23 +01:00
Noud de Brouwer
547a80ba7d
Sanitize
...
Sanitize countermeasures.
2012-12-19 15:28:31 +00:00
Noud de Brouwer
534948efad
Sanitize
...
Sanitize countermeasures.
2012-12-19 12:56:42 +00:00
Noud de Brouwer
95158d2ef3
Sanitize
...
Sanitize countermeasures.
2012-12-19 12:42:38 +00:00
Noud de Brouwer
a8434d4830
Sanitize
...
Sanitize countermeasures.
2012-12-19 12:13:37 +00:00
Charlie Root
e474b8e189
generateAllFor<FieldName>
...
conflicts with CAKE/Model/Model::_call() so no findBy<FieldName>.
(and various very minor other things.)
2012-12-19 10:30:10 +00:00
Noud de Brouwer
9ca03f1f37
coding standards
...
Coding Standards.
2012-12-19 01:48:53 +00:00
Noud de Brouwer
0e668e6b90
coding standards
...
Coding Standards.
2012-12-18 19:51:42 +00:00
Noud de Brouwer
ea9aa8eb3a
coding standards
...
Coding Standards.
2012-12-18 19:25:12 +00:00
Noud de Brouwer
d89ab91dee
coding standards
...
Coding Standards.
2012-12-18 16:44:07 +00:00
Noud de Brouwer
8ca550cbe1
event.analysis
...
set analysis* in view().
2012-12-18 03:59:45 +00:00
Noud de Brouwer
b5205163fd
paging
...
6 (used during test) -> 60 again.
2012-12-18 03:54:31 +00:00
Noud de Brouwer
8864ee78f7
generateAllFor<FieldName>
...
so we can use an URL like:
http://localhost/ <TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
2012-12-18 03:50:52 +00:00
Noud de Brouwer
68617350e8
Sanitize
...
Sanitize::clean() but redo the info and value fields.
2012-12-18 03:18:48 +00:00
Noud de Brouwer
9211e4d405
search
...
After added feedback on entered search terms for search attributes
and search logs, this now also works for LogsController::index()
and next and previous page.
Signed-off-by: Noud de Brouwer <noud4@home.nl>
2012-12-18 03:01:02 +00:00
Noud de Brouwer
8c7f8921a7
Sanitize
...
do not Sanitize::clean() $this->request->data.
2012-12-17 17:33:21 +00:00
Andras Iklody
099e5d92be
Fix for the Attributes
2012-12-17 17:21:57 +01:00
Noud de Brouwer
46ab0d2e58
sanitize
...
small correction on a "\n" in info.
2012-12-17 15:51:14 +00:00
Andras Iklody
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud
2903493205
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
2012-12-13 16:03:35 +01:00
noud
276cb5df10
RESTfull sync
...
this is in responce to the email
From: <User1088@QET.BE>
To: <ndebrouwer@hotmail.com>, <andrzej.dereszowski@ncirc.nato.int>
Subject: Re: sync/REST
Date: Fri, 7 Dec 2012 13:30:10 +0000
in this there is a complaint about the RESTfull sync workings.
the email hints about 2 possible options:
i) RESTfull add event without attributes (conform the web interface)
ii) RESTfull add event with attributes (more conform the code)
both are implemented and can be choisen in bootstrap.php by
Configure::write('CyDefSIG.rest', 'ii') or 'i'.
2012-12-13 15:52:00 +01:00
noud
094719fa01
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Model/Event.php
2012-12-12 18:01:39 +01:00
noud
26c8ad57ee
Role
...
renamed everything group to role (i.s.o. renaming just the visable).
2012-12-12 16:15:01 +01:00
noud
52a7625a9d
Source Code Review
...
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
2012-12-12 14:01:00 +01:00
noud
8119d26d35
RBAC and Roles
...
did add Acl Admin and Audit.
2012-12-11 17:40:57 +01:00
noud
079ce88793
RESTfull sync
...
Let RESTfull only work conform the web pages (to Christophes wish),
so add/edit event apart from add/edit attribute.
(there is annotation in the code to revert back to full RESTfull and
add/edit the attribute(s) alongside add/edit the event.)
2012-12-11 16:11:45 +01:00
noud
6f4b72f214
RESTfull sync
...
redone delete attribute and add that to the sync.
2012-12-11 10:33:32 +01:00
noud
718691a627
RESTfull
...
make RESTfull event add and edit work again.
2012-12-10 13:49:56 +01:00
noud
e4dafd3882
RESTfull sync
...
RESTfull attribute add, edit and view, to be usefull in sync.
2012-12-10 11:32:40 +01:00
noud
75dfba2ae1
sync
...
have sync option in role.
and only display the Sync Actions when sync option or admin.
(still has to be disabled if role is below manage org events.
2012-12-07 15:00:40 +01:00
noud
e24ff690bb
RESTfull/sync
...
redid the sync, so if add and exist, send HTTP 302 and different
Location, and do edit there.
Still, the final result has to compare the attributes and if needed
RESTfull delete.
2012-12-07 13:56:19 +01:00
noud
d453ee1d99
Import Whitelist
...
if not regex and only replacement, consider that as a comment.
2012-12-05 10:14:14 +01:00
noud
4ab744ed76
Added bubble when hovering over related events
...
make baseurl variable conform bootstrap.
2012-12-05 09:00:35 +01:00
noud
63811bffb6
Added bubble when hovering over related events
...
make authkey variable conform the authenticated user.
2012-12-05 08:56:58 +01:00
noud
1bd14256e0
coding standards
...
correction conform conding standards.
2012-12-04 09:07:33 +01:00
noud
98a2df0280
Import Whitelist
...
if Import Whitelist item has regex and no replacement, then do not allow
an attribute having value the regex and do not allow events having info
conform that regex.
2012-12-04 08:51:27 +01:00
noud
9a7f160ec4
code
...
a "1" gremlin removed.
2012-12-03 13:07:07 +01:00
noud
053edeb304
regex and blacklist
...
blacklist, as in, do not input attributes, is working now,
for manual, batch and GFI Sandbox import.
2012-12-03 10:34:28 +01:00
noud
2af02aa100
input regex
...
use RegexBehavior on Event.info and Attribute.value.
2012-11-30 13:52:09 +01:00
Andras Iklody
1bf1e6f2a8
Slight change to the histogram
...
Data for types that had "|" or "-" in the name (such as ip-src)
were omitted - should be fixed now
2012-11-29 16:13:31 +01:00
noud
c6bdf794c1
db
...
spit generatePrivate into attr and event part (given long runtime).
2012-11-29 15:10:18 +01:00
noud
2daba5a3c2
correlation
...
do not show the same event id multiple times for one attribute shown.
2012-11-29 14:42:06 +01:00
Christophe Vandeplas
be939c2b9e
fix bug when published event that is added using REST is not pushed to
...
remote servers
2012-11-29 09:15:53 +01:00
noud
d2ab860ff2
distibution
...
generatePrivate conform new distribution.
2012-11-28 16:34:36 +01:00
noud
889492629e
distibution
...
add generateHop to migratemisp11to2.
(generatePrivate should still be looked at.)
2012-11-28 14:30:29 +01:00