MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
21,710 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

21710 Commits (274e427ce3d2f620e6989b5ee92ac9a21fb9b3fa)

Author SHA1 Message Date
Alexandre Dulaunoy 78d6f8b93f
Merge pull request #8217 from DCSO/linotp_errormessages 
[chg] LinOTP error exceptions up to the ui
 2022-03-17 15:48:35 +01:00
Andras Iklody 440d692bfa
Merge pull request #8219 from DCSO/linotp_on_off_config 
[chg] LinOTP now with enable/disable as config feature
 2022-03-17 15:47:20 +01:00
iglocska 83f1397f96
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 15:37:43 +01:00
iglocska 965b382faa
fix: [cryptographic key view] fixed 
- was just grabbing the first key
 2022-03-17 15:37:22 +01:00
Luciano Righetti 8cc93687dc fix: [security] lfi via custom terms file setting, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 15:36:35 +01:00
iglocska 1b5edc99cf
fix: [event index] minimal mode fixed for signed events 2022-03-17 15:22:02 +01:00
Hendrik Baecker eb7a1301bb [chg] LinOTP now with enable/disable as config feature 2022-03-17 15:19:58 +01:00
iglocska c4cb313f61
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:51:34 +01:00
iglocska 90d232bde2
fix: [signing] removed colour coding of protected/unprotected events 
- gave the idea that one is "right" and one is "wrong", whilst they're just for different use-cases
 2022-03-17 14:50:14 +01:00
Luciano Righetti c2456c8ce3 Merge branch 'org-svg-logo-setting' of github.com:righel/MISP into org-svg-logo-setting 2022-03-17 14:49:59 +01:00
Sami Mokaddem 4af6a4d1aa
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:43:27 +01:00
Sami Mokaddem d65ef9c966
chg: [cryptographicKeys] Indexed more column and bumped db_schema 2022-03-17 14:43:01 +01:00
Luciano Righetti 2bd4a5b30c fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 14:42:49 +01:00
iglocska f16d83c60c
fix: [event view] distribution field fixed 
- didn't display the sharing groups
 2022-03-17 14:38:06 +01:00
Luciano Righetti 08a07a38ae new: add setting for allowing svg org logos 2022-03-17 14:36:07 +01:00
iglocska 63bc2ff77b
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:29:39 +01:00
iglocska 0ada3e9bb5
fix: [signing] add try/catch around the gpg initialisation 
- otherwise instances without gpg set up will fail when viewing events
 2022-03-17 14:28:56 +01:00
Sami Mokaddem 6862f1a9d8
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:25:51 +01:00
Sami Mokaddem 2d14113de9
chg: [events:view] Removed duplicated lockpad icon 2022-03-17 14:25:40 +01:00
Hendrik Baecker c42d34faac [chg] LinOTP error exceptions up to the ui 2022-03-17 14:23:24 +01:00
Nils Kuhnert 48752ba624
Update OidcAuth readme 
Replaced required dependency.
 2022-03-17 14:12:32 +01:00
iglocska 61d4d36705
fix: [security] stored XSS in the user add/edit forms 
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user

- as reported by Ianis BERNARD - NATO Cyber Security Centre
 2022-03-17 14:10:09 +01:00
Jakub Onderka f208c656ea chg: [cryptograhicKey] Simplified code for event pushing 2022-03-17 13:58:25 +01:00
Alexandre Dulaunoy ca036781ca
chg: [taxonomies] updated to the latest version 2022-03-17 13:43:29 +01:00
Alexandre Dulaunoy b365be8e36
chg: [misp-galaxy] updated 2022-03-17 13:42:40 +01:00
iglocska dc63cb772c
Merge branch '2.4' into develop 2022-03-17 13:25:05 +01:00
Sami Mokaddem 9307a07760
fix: [events:edit] Correctly collects saved cryptographic keys when pushing an edit 2022-03-17 12:38:19 +01:00
Sami Mokaddem b92d8ddb8f
chg: [events:index] Check for not empty instead 2022-03-17 11:50:49 +01:00
Sami Mokaddem 188153ffe9
chg: [events] Typo in protected description 2022-03-17 11:50:06 +01:00
Alexandre Dulaunoy bcf8e49654
chg: [misp-objects] updated to the latest version 2022-03-17 10:27:36 +01:00
Jakub Onderka 72b8daa7a5
Merge pull request #8213 from JakubOnderka/oidc_undefined_index 
fix: [oidc] Undefined index
 2022-03-17 09:57:09 +01:00
Jakub Onderka ff39069bbc fix: [oidc] Undefined index 2022-03-17 09:29:02 +01:00
Alexandre Dulaunoy a0e6be2cdd
chg: [PyMISP] updated 2022-03-17 09:25:27 +01:00
iglocska 26ea06f2d9
fix: [gpg key] handle the lack of an instance key more gracefully 2022-03-17 02:31:45 +01:00
iglocska 47a997363c
chg: [CI] make the tests happy 
- trailing comma after the last parameter in a function is not allowed in some PHP versions
 2022-03-17 02:09:22 +01:00
iglocska a63a628a1a
fix: [cryptograhicKey] instance key fingreprint caching fixed 2022-03-17 01:44:58 +01:00
iglocska 20fffac92b
chg: [signing validation] re-added to the new ServerSyncTool 2022-03-17 01:44:33 +01:00
iglocska e8dcb31623
Merge branch 'feature/protected_mode' into develop 2022-03-17 01:43:44 +01:00
iglocska 8ea0b2cb56
chg: [unused endpoint] removed 2022-03-17 00:57:41 +01:00
iglocska f8957cd62e
new: [instance key ingestion] added caching 
- cache the fingerprint of the instance for 5 minutes
- avoid an unnecesary overhead by caching the value for 5 minutes
 2022-03-17 00:53:02 +01:00
iglocska 17adbc26ae
chg: [signing validation] fixes 
- correctly handle edits in regards to tamper proofing events
- handle an edge case of missing organisation data loaded for displaying if an event is removed by failing the validation
 2022-03-17 00:47:06 +01:00
iglocska f8efe5a01e
chg: [event view] added more information about the protected event status 2022-03-17 00:46:23 +01:00
iglocska 0ceeaf5242
new: [single view factory] added key_info constructor key for meta fields 
- will display a font awesome info icon with a configurable title text
 2022-03-17 00:45:11 +01:00
iglocska 57199cabd8
new: [protected event field] in the event view 
- added tooltips with explanations
- added a warning if the instance's signing key is not included
 2022-03-17 00:44:07 +01:00
iglocska 2263f4b194
chg: [event index] include a lock sign for protected events 2022-03-17 00:43:27 +01:00
iglocska 8eff854fce
fix: [signing validation] use the existing event rather than the incoming event for edits 
- the ground truth for allowing edits is in the LOCAL version of the event
- prevents tampering attempts

- also cleanup of repetive file upload code
 2022-03-17 00:41:55 +01:00
iglocska 259a19a374
fix: [sync] removed newly added locked field as a sanitized sync field 
- ends up creating unlocked events on the remote, preventing future edits
 2022-03-16 15:36:58 +01:00
iglocska d49eca93ea
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-16 01:34:19 +01:00
iglocska d431ee2d31
new: [pull] added protected mode checks and calling the validation functions if a protected event is found 
- also removed leftover breakpoints
 2022-03-16 01:32:01 +01:00
iglocska 828a07a128
chg: [cryptographicKey] - load and initialise gpg on class construction 2022-03-16 01:31:16 +01:00