MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
21,711 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

17246 Commits (389ea222eaed2e01b2df1614a19b82f4bc2e7b68)

Author SHA1 Message Date
iglocska d928363523
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-21 11:32:58 +01:00
iglocska 0480794dcf
fix: [cryptographic signing] added more graceful failures when GPG isn't configured 2022-03-21 11:31:58 +01:00
Jakub Onderka 6f25141be3 chg: [UI] Update jQuery to 3.6.0 2022-03-20 15:18:26 +01:00
Jakub Onderka 38fc903501 chg: [UI] Open modal without onclick vol. 2 2022-03-20 14:55:58 +01:00
Jakub Onderka 611f75026f fix: [UI] Do not log exception for invalid key 2022-03-20 14:21:32 +01:00
Jakub Onderka 5ccab0d157 fix: [UI] Undefined variable debugMode 2022-03-20 14:21:32 +01:00
Jakub Onderka f6d1015f95 chg: [UI] Open modal without onclick 2022-03-20 14:21:32 +01:00
Jakub Onderka ec0fae0c94 fix: [internal] Code style 2022-03-20 14:21:31 +01:00
Jakub Onderka ebef28b8cc
Merge pull request #8228 from JakubOnderka/validate-attribute-type 
fix: [api] Validate attribute type to avoid warnings
 2022-03-20 14:18:31 +01:00
Jakub Onderka 840d72dc76
Merge pull request #8227 from JakubOnderka/redis-exception 
chg: [internal] Throw exception if Redis class not found
 2022-03-20 14:17:48 +01:00
Jakub Onderka d133f705ac fix: [UI] Undefined variable 2022-03-20 08:43:49 +01:00
Jakub Onderka f3ed07fefc fix: [api] Validate attribute type to avoid warnings 2022-03-19 13:14:10 +01:00
Jakub Onderka 9d8fc81678 chg: [internal] Throw exception if Redis class not found 2022-03-19 12:31:55 +01:00
iglocska 205ddb0b5a
fix: [event view] make having a valid PGP setup optional for viewing events 
- don't throw an exception, rather set an empty key
 2022-03-18 13:54:31 +01:00
Alexandre Dulaunoy ab1305cc18
Merge pull request #8218 from righel/org-svg-logo-setting 
new: add setting for allowing svg org logos
 2022-03-18 11:01:14 +01:00
iglocska dddcc1dcff
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-18 10:12:39 +01:00
iglocska 891572be9f
fix: [signing] fail gracefully if pgp not configured on event index 
- return the index, but set fingerprint as null rather than throwing an exception
 2022-03-18 10:11:29 +01:00
Sami Mokaddem b0a4660a88
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-18 09:14:29 +01:00
Sami Mokaddem ae0e335a05
chg: [events:restSearchExport] Format export based on the responseType 2022-03-18 09:14:10 +01:00
Jakub Onderka 2d23e0125b
Merge pull request #8215 from JakubOnderka/pgp-signature-optim 
chg: [cryptograhicKey] Simplified code for event pushing
 2022-03-17 17:03:40 +01:00
iglocska 68d1e16fb2
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 16:12:42 +01:00
iglocska ff9cd40221
chg: [queryversion] bumped 2022-03-17 16:12:13 +01:00
Luciano Righetti 8dcf414340 fix: [security] restrict setting to cli only. enabling this setting could allow potential ssrf attacks, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 15:55:21 +01:00
iglocska 07b091778a
Merge branch '2.4' into develop 2022-03-17 15:51:06 +01:00
Alexandre Dulaunoy bb82bd710c
Merge pull request #8216 from 3c7/patch-1 
Update OidcAuth readme
 2022-03-17 15:49:19 +01:00
Alexandre Dulaunoy 78d6f8b93f
Merge pull request #8217 from DCSO/linotp_errormessages 
[chg] LinOTP error exceptions up to the ui
 2022-03-17 15:48:35 +01:00
iglocska 83f1397f96
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 15:37:43 +01:00
iglocska 965b382faa
fix: [cryptographic key view] fixed 
- was just grabbing the first key
 2022-03-17 15:37:22 +01:00
Luciano Righetti 8cc93687dc fix: [security] lfi via custom terms file setting, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 15:36:35 +01:00
iglocska 1b5edc99cf
fix: [event index] minimal mode fixed for signed events 2022-03-17 15:22:02 +01:00
Hendrik Baecker eb7a1301bb [chg] LinOTP now with enable/disable as config feature 2022-03-17 15:19:58 +01:00
iglocska c4cb313f61
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:51:34 +01:00
iglocska 90d232bde2
fix: [signing] removed colour coding of protected/unprotected events 
- gave the idea that one is "right" and one is "wrong", whilst they're just for different use-cases
 2022-03-17 14:50:14 +01:00
Sami Mokaddem 4af6a4d1aa
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:43:27 +01:00
Sami Mokaddem d65ef9c966
chg: [cryptographicKeys] Indexed more column and bumped db_schema 2022-03-17 14:43:01 +01:00
Luciano Righetti 2bd4a5b30c fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 14:42:49 +01:00
iglocska f16d83c60c
fix: [event view] distribution field fixed 
- didn't display the sharing groups
 2022-03-17 14:38:06 +01:00
iglocska 63bc2ff77b
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:29:39 +01:00
iglocska 0ada3e9bb5
fix: [signing] add try/catch around the gpg initialisation 
- otherwise instances without gpg set up will fail when viewing events
 2022-03-17 14:28:56 +01:00
Sami Mokaddem 6862f1a9d8
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-17 14:25:51 +01:00
Sami Mokaddem 2d14113de9
chg: [events:view] Removed duplicated lockpad icon 2022-03-17 14:25:40 +01:00
Hendrik Baecker c42d34faac [chg] LinOTP error exceptions up to the ui 2022-03-17 14:23:24 +01:00
Nils Kuhnert 48752ba624
Update OidcAuth readme 
Replaced required dependency.
 2022-03-17 14:12:32 +01:00
iglocska 61d4d36705
fix: [security] stored XSS in the user add/edit forms 
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user

- as reported by Ianis BERNARD - NATO Cyber Security Centre
 2022-03-17 14:10:09 +01:00
Jakub Onderka f208c656ea chg: [cryptograhicKey] Simplified code for event pushing 2022-03-17 13:58:25 +01:00
Alexandre Dulaunoy ca036781ca
chg: [taxonomies] updated to the latest version 2022-03-17 13:43:29 +01:00
Alexandre Dulaunoy b365be8e36
chg: [misp-galaxy] updated 2022-03-17 13:42:40 +01:00
iglocska dc63cb772c
Merge branch '2.4' into develop 2022-03-17 13:25:05 +01:00
Sami Mokaddem 9307a07760
fix: [events:edit] Correctly collects saved cryptographic keys when pushing an edit 2022-03-17 12:38:19 +01:00
Sami Mokaddem b92d8ddb8f
chg: [events:index] Check for not empty instead 2022-03-17 11:50:49 +01:00
Sami Mokaddem 188153ffe9
chg: [events] Typo in protected description 2022-03-17 11:50:06 +01:00
Alexandre Dulaunoy bcf8e49654
chg: [misp-objects] updated to the latest version 2022-03-17 10:27:36 +01:00
Jakub Onderka ff39069bbc fix: [oidc] Undefined index 2022-03-17 09:29:02 +01:00
iglocska 26ea06f2d9
fix: [gpg key] handle the lack of an instance key more gracefully 2022-03-17 02:31:45 +01:00
iglocska 47a997363c
chg: [CI] make the tests happy 
- trailing comma after the last parameter in a function is not allowed in some PHP versions
 2022-03-17 02:09:22 +01:00
iglocska a63a628a1a
fix: [cryptograhicKey] instance key fingreprint caching fixed 2022-03-17 01:44:58 +01:00
iglocska 20fffac92b
chg: [signing validation] re-added to the new ServerSyncTool 2022-03-17 01:44:33 +01:00
iglocska e8dcb31623
Merge branch 'feature/protected_mode' into develop 2022-03-17 01:43:44 +01:00
iglocska 8ea0b2cb56
chg: [unused endpoint] removed 2022-03-17 00:57:41 +01:00
iglocska f8957cd62e
new: [instance key ingestion] added caching 
- cache the fingerprint of the instance for 5 minutes
- avoid an unnecesary overhead by caching the value for 5 minutes
 2022-03-17 00:53:02 +01:00
iglocska 17adbc26ae
chg: [signing validation] fixes 
- correctly handle edits in regards to tamper proofing events
- handle an edge case of missing organisation data loaded for displaying if an event is removed by failing the validation
 2022-03-17 00:47:06 +01:00
iglocska f8efe5a01e
chg: [event view] added more information about the protected event status 2022-03-17 00:46:23 +01:00
iglocska 0ceeaf5242
new: [single view factory] added key_info constructor key for meta fields 
- will display a font awesome info icon with a configurable title text
 2022-03-17 00:45:11 +01:00
iglocska 57199cabd8
new: [protected event field] in the event view 
- added tooltips with explanations
- added a warning if the instance's signing key is not included
 2022-03-17 00:44:07 +01:00
iglocska 2263f4b194
chg: [event index] include a lock sign for protected events 2022-03-17 00:43:27 +01:00
iglocska 8eff854fce
fix: [signing validation] use the existing event rather than the incoming event for edits 
- the ground truth for allowing edits is in the LOCAL version of the event
- prevents tampering attempts

- also cleanup of repetive file upload code
 2022-03-17 00:41:55 +01:00
iglocska 259a19a374
fix: [sync] removed newly added locked field as a sanitized sync field 
- ends up creating unlocked events on the remote, preventing future edits
 2022-03-16 15:36:58 +01:00
iglocska d49eca93ea
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-16 01:34:19 +01:00
iglocska d431ee2d31
new: [pull] added protected mode checks and calling the validation functions if a protected event is found 
- also removed leftover breakpoints
 2022-03-16 01:32:01 +01:00
iglocska 828a07a128
chg: [cryptographicKey] - load and initialise gpg on class construction 2022-03-16 01:31:16 +01:00
iglocska f6b5c7b7e3
chg: [gpgtool] validateGpgKey now also imports the key 2022-03-16 01:29:44 +01:00
iglocska ab54f9cbfd
fix: [ACL] event protect/unprotect received ACL checks 2022-03-16 01:28:59 +01:00
iglocska 4f706aa331
fix: [ACL] Cryptokey add / delete key from parent received ACL checks 2022-03-16 01:28:09 +01:00
iglocska 9e90513881
new: [CRUD] delete - added the beforeDelete hook 2022-03-16 01:27:42 +01:00
iglocska 29ea45b4fd
chg: [ACL] added the cryptographicKeys functions 2022-03-16 01:27:11 +01:00
iglocska 5cd07f6ff0
fix: [warning] merge fixes 2022-03-15 23:51:43 +01:00
iglocska c33230c2cd
Merge branch '2.4' into feature/protected_mode 2022-03-15 23:49:06 +01:00
iglocska d60e8a39a1
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-15 23:11:19 +01:00
iglocska 3122974853
chg: [pull] signing validation WiP 2022-03-15 23:10:51 +01:00
iglocska f592053f5a
fix: [event] include the protected field in the saving to allow syncing of protected events 2022-03-15 23:10:09 +01:00
iglocska 26de0a8b0c
new: [events] index and view signing checks added 
- exclude events that can't be signed with a valid key as required by the event from the index for automaticTools (MISP + PyMISP)
- sign the data only for automaticTools (MISP + PyMISP)
 2022-03-15 22:59:52 +01:00
iglocska f4fbc62aae
fix: [cryptographicKey] various fixes 
- typoes fixed
- take parent ID from the local ID rather than the synced one
 2022-03-15 22:58:09 +01:00
iglocska 7c3181837b
fix: [eventwarning] path fixed 
- as spotted by @chrisr3d
 2022-03-15 12:54:55 +01:00
Jakub Onderka 0783bda85b fix: [oidc] Specify correct column for user fetch 2022-03-15 10:20:43 +01:00
Jakub Onderka b69c2c4918 fix: [php] Support for PHP 7.2 2022-03-15 10:20:43 +01:00
Jakub Onderka 3c8d07ca75 fix: [oidc] Throw exception if user email is empty 2022-03-15 09:55:50 +01:00
iglocska 98754783f6
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2022-03-15 09:31:50 +01:00
iglocska 364eaa50c2
new: [event warnings] made modular 
- app/Lib/EventWarning contains default warnings
- app/Lib/EventWarning/Custom can be used to just drop event warnings
- use app/Lib/EventWarning/DefaultWarning as a template
 2022-03-15 09:30:56 +01:00
iglocska e5c7e50fcf
fix: [internal] event rearranging before push fixed 
- some elements were at a misaligned level in the array
 2022-03-15 07:16:19 +01:00
iglocska c5d6e4a07c
fix: [signing] canonisation support by culling whitespaces 2022-03-14 15:54:24 +01:00
iglocska 4a65714fe9
fix: [sync] version comparison fixes 
- for determining the right version to compare to when deciding if protected events can be synced
 2022-03-14 00:34:44 +01:00
iglocska 4ca607ea4c
fix: [log] added 2 new actions for the signing system 2022-03-14 00:34:19 +01:00
iglocska 0774086ad2
fix: [event model] fixes 
- fixed class name typo
- removed placeholder exception / breakpoint
 2022-03-14 00:33:41 +01:00
iglocska be34b3899e
fix: [cryptographickey model] internal fixes 
- incorrect variable names fixed
- logging target fixes
- error messages were lacking the actual message
 2022-03-14 00:32:18 +01:00
iglocska 2cfa89d492
chg: [tmpfiletool] allow reading into string without closing the file 2022-03-14 00:31:36 +01:00
iglocska 0f9645f20e
fix: [signing] generating event signature fixes 2022-03-14 00:30:44 +01:00
iglocska 114ac4d66c
chg: [signing] sign contents on restresponse if applicable 2022-03-14 00:29:43 +01:00
iglocska 8e96e2fd00
chg: [cryptographic key] move capture function to a bulk delta function 2022-03-13 17:02:50 +01:00
iglocska c42800718a
chg: [cryptographickey] capturing 
- add summary to logs
 2022-03-13 17:02:11 +01:00
iglocska 6a64dc35e4
chg: [event edit] execute validation for signing keys if applicable 2022-03-13 16:42:07 +01:00
iglocska 4c381157a6
chg: [cryptographickey] execute key update on add() 2022-03-13 15:13:32 +01:00
iglocska 951e95ed5d
new: [cryptographic key] capture mechanism added 
- capture new keys
- remove keys no longer in the data set
- revoke keys if needed
 2022-03-13 15:12:30 +01:00
iglocska cd3efdf225
chg: [JSONconvertertool] include cryptographic key 2022-03-13 15:12:05 +01:00
iglocska 816c1212f8
new: [generic template] for simple displaying of information added 2022-03-13 12:40:48 +01:00
iglocska 4c9a6b21e8
chg: [logo] new logo added 2022-03-13 12:39:29 +01:00
iglocska b1b32fe1f9
new: [cryptographic keys] views added 2022-03-13 12:39:05 +01:00
iglocska f74d664ce7
chg: [event view] missing changes added 
- fixed event view main header
- added padlock sign for locked events
 2022-03-13 12:38:17 +01:00
iglocska a15dff4da5
chg: [logo] update 2022-03-13 12:37:57 +01:00
iglocska 37fb2943bf
chg: [check remote MISP version] added flag for protectedMode awareness 2022-03-13 12:37:30 +01:00
iglocska d165b092f3
new: [event signing] sign events function added 2022-03-13 12:37:02 +01:00
iglocska 09a9e55896
new: [protected mode] functionalities added to the events controller 
- protect/unprotect events
- include pgp signature in event on load when applicable
 2022-03-13 12:35:58 +01:00
iglocska b80a7af2c3
new: [cryptographic keys] model and controllers added 
- sets MISP up for information signing
- sign data during synchronisation
 2022-03-13 12:35:12 +01:00
iglocska b86b8be7f2
new: [protected event mode] view elements added 2022-03-13 12:34:36 +01:00
iglocska 5946ecc52a
fix: [side panel] relatedFeed panel fixed 2022-03-13 12:32:44 +01:00
Jakub Onderka cac0e81001
Merge pull request #8154 from JakubOnderka/server-sync-push 
chg: [sync] Use ServerSyncTool for pushing events
 2022-03-12 13:19:54 +01:00
Jakub Onderka 0ec3f33b30
Merge pull request #8164 from JakubOnderka/fix-folder-not-found 
fix: [internal] Class 'Folder' not found
 2022-03-12 13:19:06 +01:00
Jakub Onderka b00ef27fb5
Merge pull request #8179 from JakubOnderka/upload-event-cleanup 
chg: [internal] Simplify code for pushing events
 2022-03-12 13:18:33 +01:00
Jakub Onderka 2e87d6b7b4
Merge pull request #8197 from JakubOnderka/push-sightings-refactor 
chg: [sync] Simplify code for sighting pushing
 2022-03-12 13:17:38 +01:00
iglocska 86832556a4
chg: [ipUser] API now accepts lists of IPs 
{
    "ip": ["8.8.8.8", "1.1.1.1"]
}
 2022-03-10 13:47:27 +01:00
iglocska 7174b86999
new: [admin API] /servers/ipUser added 
- requires user IP logging to be enabled
- search for a user behind an IP via /servers/ipUser, post a JSON containing the user's IP such as this:

{
   "ip": "8.8.8.8"
}
 2022-03-10 13:41:22 +01:00
Sami Mokaddem c83a7b0b5b
chg: [events:index] Simplified endpoint 2022-03-10 12:10:37 +01:00
Sami Mokaddem 3f9629ad0c
new: [events:index] Multi-select export of events 2022-03-10 10:18:39 +01:00
Sami Mokaddem 21997abc52
fix: [exports:context] Removed spaces 2022-03-10 09:45:47 +01:00
Sami Mokaddem 507625de02
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-09 17:50:06 +01:00
Sami Mokaddem b6c730f8f4
chg: [events:restSearch] Added `context-markdown` export format 2022-03-09 17:49:34 +01:00
Luciano Righetti fd43c07952 fix: add default supervisor user to default settings 2022-03-09 12:08:54 +01:00
Luciano Righetti 7fae03d226 fix: add default supervisor user to default settings 2022-03-09 12:01:57 +01:00
Sami Mokaddem f08d29f1e7
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-08 13:40:37 +01:00
Sami Mokaddem 155bf23776
new: [events:restSearch] Added `context` export format 
The `context` export format includes:
- List of used taxonomies
- List of used galaxy cluster
- List of custom tags
- Mitre Att&ck matrix
 2022-03-08 13:40:15 +01:00
Jakub Onderka 90cd99685f chg: [sync] Simplify code for sighting pushing 2022-03-07 17:45:06 +01:00
Jakub Onderka 625032e58b
Merge pull request #8193 from JakubOnderka/set-sg-uuid 
new: [UI] Site admin can create SG with specific UUID
 2022-03-07 17:44:24 +01:00
iglocska 7537d62e7f
chg: [event view] rework 
- use the factories
- a host of new elements added
- new side panels
- changed the behaviour of several existing functionalities
- various other small improvements
 2022-03-06 23:51:25 +01:00
iglocska 369e314cac
Merge branch '2.4' into develop 2022-03-05 11:07:22 +01:00
iglocska 3aa2d7e310
fix: [sharing group blueprint] fixed 2022-03-05 11:06:24 +01:00
Jakub Onderka 5940187b33 new: [UI] Site admin can create SG with specific UUID 2022-03-04 18:14:13 +01:00
iglocska 82caf0e770
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-04 16:10:42 +01:00
iglocska 870b9d761b
fix: [db schema] fixed 2022-03-04 16:10:12 +01:00
Jakub Onderka bcf3737caa
Merge pull request #8188 from JakubOnderka/code-style 
chg: [internal] Cosmetic code changes
 2022-03-04 09:27:36 +01:00
iglocska b32684561e
chg: [authkeys] add accepts the user_id via URL params and posted JSON body 2022-03-03 18:57:44 +01:00
iglocska ce9fbea4d6
chg: [sharing group blueprint] default to active sharing groups 
- was confusing
 2022-03-03 16:09:03 +01:00
Jakub Onderka d51c052b3f chg: [internal] Cosmetic code changes 2022-03-03 15:59:25 +01:00
Raphaël Vinot cbc7361f40 chg: [PyMISP] BUmp version 2022-03-03 15:13:22 +01:00
iglocska fcbc595a76
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-03 14:39:45 +01:00
iglocska a7eb8fa9ac
chg: [authkeys add] accept "me" as a valid parameter 2022-03-03 14:38:05 +01:00
Jakub Onderka 09877c33f8
Merge pull request #8183 from JakubOnderka/cli-list-filter 
new: [CLI] Filter user by ID or e-mail
 2022-03-03 09:42:44 +01:00
iglocska 11d91386d5
fix: [sync] automatic sync data creation was lacking authkey 
- fixed for both old style and advanced authkeys
 2022-03-02 20:50:57 +01:00
iglocska 7834ec3760
fix: [organisations] made meta fields default to '' and not allow null values 
- fixes a filtering issue with sharing group blueprints leading to sharing groups that are more restrictive than expected
 2022-03-02 17:32:35 +01:00
Jakub Onderka 97f4df6a37 chg: [CLI] Simplify Admin::dumpCurrentDatabaseSchema 2022-03-02 16:54:08 +01:00
Jakub Onderka 0728ea36f9 new: [CLI] Filter user by ID or e-mail 2022-03-02 15:55:34 +01:00
iglocska c66d718a09
fix: [blueprints] appease older php versions 
trailing comma on last function call element removed
 2022-03-02 08:06:50 +01:00