MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
853 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

421 Commits (230d7b4ba1a19081b5e303976242e84205c92f47)

Author SHA1 Message Date
Noud de Brouwer ce44cdb529 coding standards 
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
 2013-02-15 14:20:03 +00:00
Andras Iklody f754eec840 Minor change to the validation 
- Some types didn't have any validation info, defaulting in an incorrect
input - fixed

- re-enabled the sanitization of file names
 2013-02-11 17:23:07 +01:00
Andras Iklody e17228490b Minor changes to the validation 2013-02-11 15:56:10 +01:00
Andras Iklody afed0f2046 Changes to link validation and minor fixes 
- Links get validated now to filter malicios code

- removed a double edit button in the case of an admin editing himself

- fixed an error with adding new attributes
 2013-02-11 11:26:34 +01:00
Andras Iklody e88a3a9cf7 Updates to security 
- perm_auth new toggle, can disable auth key usage for a role

- prevents sync / rest with a perm_auth == false key

- some changes to sync to provide better feedback on why it failed

- rewording of distribution options
 2013-02-06 17:45:43 +01:00
Andras Iklody 5706fe183f Redirect for ServersController 
Added redirect for index in case of non sync users
 2013-02-06 08:34:41 +01:00
Andras Iklody e976242878 Reworked aros_acos creation 
- moved and fixed the aros_acos creation on the new role creation

- new method in appController that sets all the aros_acos from scratch
  (for example for a new instance, or a changed acos / aros table)

- some minor changes, redirects to the terms page on invalid events
  removed, etc.
 2013-02-05 17:22:37 +01:00
Andras Iklody 6ef3ea7050 Missing file from the last commit 
Missed a file from the package
 2013-02-05 09:21:29 +01:00
Andras Iklody 7f6f166838 Fixes to access rights, some sanitization, etc 
- Admins cannot manually change anyone's authkey, they need to generate a
  new one via the reset link

- Some pages could be accessed by changing the url - fixed (though needs
  further testing)

- Edited a change in the manual that may have been confusing

- Some changes to the way ACL is set up - still needs more work
 2013-02-04 17:55:35 +01:00
Andras Iklody 879a5fb282 Temporary fix for file-uploads under windows 
Added an alternate file-upload/download path creation for PHP_OS ==
'WINNT'

Also removed autofill for the login field
 2013-01-31 10:25:03 +01:00
Andras Iklody 4d0fe60347 Corrected a typo preventing the sync from working 2013-01-30 14:02:36 +01:00
Andras Iklody 29295e1380 changes to the admin org access and sanitization 
1. Some errors fixed in the way redirects worked for org admins

2. fixed some double sanitization resulting in incorrect characters
displayed in certain fields
 2013-01-30 11:49:55 +01:00
Andras Iklody 66b9969d29 Security for UsersController 
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
 2013-01-29 10:51:18 +01:00
Andras Iklody 97f56a2275 Further changes to org admins 
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
 2013-01-29 08:56:38 +01:00
Andras Iklody cd78baeb14 Issue with uploading attachments fixed 
Uploading an attachment would fail while trying to set the event to
unpublished. Fixed.
 2013-01-28 15:51:54 +01:00
Noud de Brouwer 9d9dd7b4af coding standards 
Coding Standards.
 2013-01-28 11:05:23 +00:00
Andras Iklody 504599fbcc Org admin privileges 
Added restrictions for org admins and regular users to be able to see
regexp/whitelist/blacklist information without being able to edit them.
Org admins can also see the roles but not edit them.
 2013-01-28 11:44:09 +01:00
Noud de Brouwer 4c83ad3cfe coding standards 
Coding Standards.
 2013-01-28 08:42:20 +00:00
Noud de Brouwer a6371f5ad8 coding standards 
Coding Standards.
 2013-01-28 08:32:01 +00:00
Andras 8d88bcb2b5 Fix for the synchronisation 
An error in the pull fix broke the push/publish feature. Fixed.
 2013-01-27 21:27:58 +01:00
Andras Iklody 6afc1e993f Attribute distributions 
Added feature to block distribution levels that would get overruled by the
event distribution. The distribution of the event will be the currently
selected distribution when creating an attribute.
 2013-01-25 13:44:43 +01:00
Andras Iklody b0448c4a92 Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into develop 2013-01-25 12:24:37 +01:00
Noud de Brouwer 3b07348849 distribution 
attributes inherit distribution from event.
 2013-01-25 11:25:18 +00:00
Andras Iklody 9739cd1e35 Fix for the org admin privileges 
Editing / creating users and the organisation permissions for org admins
 2013-01-25 12:22:55 +01:00
Andras Iklody d4c5460d9e Org admin can only see org logs 
Added check for the above
 2013-01-25 11:21:39 +01:00
Noud de Brouwer d6adb11f52 RBAC 
only create users within own organisation.
 2013-01-25 07:52:32 +00:00
Noud de Brouwer 3d40095547 coding standards 
Coding Standards.
 2013-01-25 07:51:20 +00:00
Andras Iklody 24b10579ad Pull fixed 
Fixed the issues with pull, should work fine now
 2013-01-24 17:32:57 +01:00
Noud de Brouwer 3917e93ae6 coding standards 
Coding Standards.
 2013-01-24 14:35:13 +00:00
Andras Iklody ce4bf4bd1b Fixed push/publish 
Fixed a few issues that caused push/publish not to work
 2013-01-24 15:10:59 +01:00
Noud de Brouwer 01c0dc0e71 RBAC 
org admin and RBAC admin.
 2013-01-24 10:35:59 +00:00
deresz b1b47bc56f Better fix to Sanitize::clean() problem 
'escape' option was removed.
 2013-01-24 10:38:51 +01:00
Noud de Brouwer f8b9d85c62 Sanitize 
Sanitize can not be used in PGP key.
 2013-01-24 08:19:47 +00:00
Noud de Brouwer 48ad60eb61 GPG 
start of check/correct.
 2013-01-23 15:22:21 +00:00
Noud de Brouwer 8bf8ef17ca RBAC 
so role is editable.
(i will not commit/push during after hours ;) )
 2013-01-22 18:37:30 +00:00
Noud de Brouwer 732ac3609f Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig into develop 2013-01-22 15:25:51 +00:00
Noud de Brouwer 7e5c34770e RBAC 
role editable on user page (by admin).
 2013-01-22 15:25:08 +00:00
deresz 355e9a435e Roles controller Jquery helper added 
For some reason I needed it
 2013-01-22 16:15:32 +01:00
Noud de Brouwer 125869c1d8 RBAC 
roles/view/<id>.
 2013-01-22 15:12:36 +00:00
Noud de Brouwer 06b062dacc RBAC 
ampesant in html.
 2013-01-22 14:46:39 +00:00
Noud de Brouwer 8526459173 Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig into develop 2013-01-22 10:06:31 +00:00
Andras Iklody 3e0bc0a4fd Small change to batch searches 
An empty new line caused every attribute to be displayed. Fixed.
 2013-01-18 11:31:06 +01:00
Andras Iklody f544ac2e08 Batch search for attributes 
Implementation of request to be able to do batch attribute searches
 2013-01-17 16:03:04 +01:00
Noud de Brouwer 4c4a2bcb89 error 
behavior error or just plain wrong on our side.
 2013-01-16 15:31:52 +00:00
Noud de Brouwer 755f19c560 error 
behavior error or just plain wrong on our side.
 2013-01-16 15:27:15 +00:00
Noud de Brouwer 4073bd9b65 error 
behavior error or just plain wrong on our side.
 2013-01-16 14:11:02 +00:00
Noud de Brouwer 804a0cf0f6 PHP practice 
array-content.
 2013-01-14 16:32:09 +00:00
Noud de Brouwer 89845933a4 CakePHP 
odity, if i add "tes\ntestt\ntes", blacklist the testt,
i get "tes\ntestt" as content. (other behaviors?)
 2013-01-14 16:23:57 +00:00
Noud de Brouwer 2215f1a579 Blacklist 
AdminCrud looking for Blacklist Flash message
and Import Blacklist menu button.
 2013-01-09 15:04:48 +00:00
Noud de Brouwer 5fc0656896 Blacklist 
A list of stringparts not to be able to enter.
 2013-01-09 14:58:52 +00:00
Noud de Brouwer a9a1bc91a1 AdminCrud and coding standard 
more AdminCrud and coding standard clean up.
 2013-01-04 15:48:46 +00:00
Noud de Brouwer c7a98aa286 AdminCrud 
use of the AdminCrud component.
 2013-01-04 14:49:52 +00:00
Noud de Brouwer a982839958 app syntax 
Controller/Component to share AdminCrud.
 2013-01-04 13:14:47 +00:00
Noud de Brouwer ca290b0357 Import Regexp 
removed unused code.
 2012-12-20 18:56:04 +00:00
Noud de Brouwer 1e518f8bc0 Import Regexp 
Renamed Import Whitelist to Import Regexp.
 2012-12-20 18:47:38 +00:00
Andras Iklody 879154eab2 Fixed deprecated errors 
Removed cause of deprecated errors (Pass by reference)
 2012-12-20 14:48:23 +01:00
Noud de Brouwer 547a80ba7d Sanitize 
Sanitize countermeasures.
 2012-12-19 15:28:31 +00:00
Noud de Brouwer 534948efad Sanitize 
Sanitize countermeasures.
 2012-12-19 12:56:42 +00:00
Noud de Brouwer 95158d2ef3 Sanitize 
Sanitize countermeasures.
 2012-12-19 12:42:38 +00:00
Noud de Brouwer a8434d4830 Sanitize 
Sanitize countermeasures.
 2012-12-19 12:13:37 +00:00
Charlie Root e474b8e189 generateAllFor<FieldName> 
conflicts with CAKE/Model/Model::_call() so no findBy<FieldName>.
(and various very minor other things.)
 2012-12-19 10:30:10 +00:00
Noud de Brouwer 9ca03f1f37 coding standards 
Coding Standards.
 2012-12-19 01:48:53 +00:00
Noud de Brouwer 0e668e6b90 coding standards 
Coding Standards.
 2012-12-18 19:51:42 +00:00
Noud de Brouwer ea9aa8eb3a coding standards 
Coding Standards.
 2012-12-18 19:25:12 +00:00
Noud de Brouwer d89ab91dee coding standards 
Coding Standards.
 2012-12-18 16:44:07 +00:00
Noud de Brouwer 8ca550cbe1 event.analysis 
set analysis* in view().
 2012-12-18 03:59:45 +00:00
Noud de Brouwer b5205163fd paging 
6 (used during test) -> 60 again.
 2012-12-18 03:54:31 +00:00
Noud de Brouwer 8864ee78f7 generateAllFor<FieldName> 
so we can use an URL like:
http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
 2012-12-18 03:50:52 +00:00
Noud de Brouwer 68617350e8 Sanitize 
Sanitize::clean() but redo the info and value fields.
 2012-12-18 03:18:48 +00:00
Noud de Brouwer 9211e4d405 search 
After added feedback on entered search terms for search attributes
and search logs, this now also works for LogsController::index()
and next and previous page.

Signed-off-by: Noud de Brouwer <noud4@home.nl>
 2012-12-18 03:01:02 +00:00
Noud de Brouwer 8c7f8921a7 Sanitize 
do not Sanitize::clean() $this->request->data.
 2012-12-17 17:33:21 +00:00
Andras Iklody 099e5d92be Fix for the Attributes 2012-12-17 17:21:57 +01:00
Noud de Brouwer 46ab0d2e58 sanitize 
small correction on a "\n" in info.
 2012-12-17 15:51:14 +00:00
Andras Iklody 1ceadab700 Added features from branch analysis_levels 
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
 2012-12-17 15:51:30 +01:00
noud 2903493205 Merge branch 'master' into develop 
Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
 2012-12-13 16:03:35 +01:00
noud 276cb5df10 RESTfull sync 
this is in responce to the email
From: <User1088@QET.BE>
To: <ndebrouwer@hotmail.com>, <andrzej.dereszowski@ncirc.nato.int>
Subject: Re: sync/REST
Date: Fri, 7 Dec 2012 13:30:10 +0000
in this there is a complaint about the RESTfull sync workings.
the email hints about 2 possible options:
i) RESTfull add event without attributes (conform the web interface)
ii) RESTfull add event with attributes (more conform the code)

both are implemented and can be choisen in bootstrap.php by
Configure::write('CyDefSIG.rest', 'ii') or 'i'.
 2012-12-13 15:52:00 +01:00
noud 094719fa01 Merge branch 'master' into develop 
Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Model/Event.php
 2012-12-12 18:01:39 +01:00
noud 26c8ad57ee Role 
renamed everything group to role (i.s.o. renaming just the visable).
 2012-12-12 16:15:01 +01:00
noud 52a7625a9d Source Code Review 
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
 2012-12-12 14:01:00 +01:00
noud 8119d26d35 RBAC and Roles 
did add Acl Admin and Audit.
 2012-12-11 17:40:57 +01:00
noud 079ce88793 RESTfull sync 
Let RESTfull only work conform the web pages (to Christophes wish),
so add/edit event apart from add/edit attribute.
(there is annotation in the code to revert back to full RESTfull and
add/edit the attribute(s) alongside add/edit the event.)
 2012-12-11 16:11:45 +01:00
noud 6f4b72f214 RESTfull sync 
redone delete attribute and add that to the sync.
 2012-12-11 10:33:32 +01:00
noud 718691a627 RESTfull 
make RESTfull event add and edit work again.
 2012-12-10 13:49:56 +01:00
noud e4dafd3882 RESTfull sync 
RESTfull attribute add, edit and view, to be usefull in sync.
 2012-12-10 11:32:40 +01:00
noud 75dfba2ae1 sync 
have sync option in role.
and only display the Sync Actions when sync option or admin.
(still has to be disabled if role is below manage org events.
 2012-12-07 15:00:40 +01:00
noud e24ff690bb RESTfull/sync 
redid the sync, so if add and exist, send HTTP 302 and different
Location, and do edit there.
Still, the final result has to compare the attributes and if needed
RESTfull delete.
 2012-12-07 13:56:19 +01:00
noud d453ee1d99 Import Whitelist 
if not regex and only replacement, consider that as a comment.
 2012-12-05 10:14:14 +01:00
noud 4ab744ed76 Added bubble when hovering over related events 
make baseurl variable conform bootstrap.
 2012-12-05 09:00:35 +01:00
noud 63811bffb6 Added bubble when hovering over related events 
make authkey variable conform the authenticated user.
 2012-12-05 08:56:58 +01:00
noud 1bd14256e0 coding standards 
correction conform conding standards.
 2012-12-04 09:07:33 +01:00
noud 98a2df0280 Import Whitelist 
if Import Whitelist item has regex and no replacement, then do not allow
an attribute having value the regex and do not allow events having info
conform that regex.
 2012-12-04 08:51:27 +01:00
noud 9a7f160ec4 code 
a "1" gremlin removed.
 2012-12-03 13:07:07 +01:00
noud 053edeb304 regex and blacklist 
blacklist, as in, do not input attributes, is working now,
for manual, batch and GFI Sandbox import.
 2012-12-03 10:34:28 +01:00
noud 2af02aa100 input regex 
use RegexBehavior on Event.info and Attribute.value.
 2012-11-30 13:52:09 +01:00
Andras Iklody 1bf1e6f2a8 Slight change to the histogram 
Data for types that had "|" or "-" in the name (such as ip-src)
were omitted - should be fixed now
 2012-11-29 16:13:31 +01:00
noud c6bdf794c1 db 
spit generatePrivate into attr and event part (given long runtime).
 2012-11-29 15:10:18 +01:00
noud 2daba5a3c2 correlation 
do not show the same event id multiple times for one attribute shown.
 2012-11-29 14:42:06 +01:00
Christophe Vandeplas be939c2b9e fix bug when published event that is added using REST is not pushed to 
remote servers
 2012-11-29 09:15:53 +01:00
noud d2ab860ff2 distibution 
generatePrivate conform new distribution.
 2012-11-28 16:34:36 +01:00
noud 889492629e distibution 
add generateHop to migratemisp11to2.
(generatePrivate should still be looked at.)
 2012-11-28 14:30:29 +01:00