iglocska
d928363523
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-21 11:32:58 +01:00
iglocska
0480794dcf
fix: [cryptographic signing] added more graceful failures when GPG isn't configured
2022-03-21 11:31:58 +01:00
Jakub Onderka
6f25141be3
chg: [UI] Update jQuery to 3.6.0
2022-03-20 15:18:26 +01:00
Jakub Onderka
38fc903501
chg: [UI] Open modal without onclick vol. 2
2022-03-20 14:55:58 +01:00
Jakub Onderka
611f75026f
fix: [UI] Do not log exception for invalid key
2022-03-20 14:21:32 +01:00
Jakub Onderka
5ccab0d157
fix: [UI] Undefined variable debugMode
2022-03-20 14:21:32 +01:00
Jakub Onderka
f6d1015f95
chg: [UI] Open modal without onclick
2022-03-20 14:21:32 +01:00
Jakub Onderka
ec0fae0c94
fix: [internal] Code style
2022-03-20 14:21:31 +01:00
Jakub Onderka
ebef28b8cc
Merge pull request #8228 from JakubOnderka/validate-attribute-type
...
fix: [api] Validate attribute type to avoid warnings
2022-03-20 14:18:31 +01:00
Jakub Onderka
840d72dc76
Merge pull request #8227 from JakubOnderka/redis-exception
...
chg: [internal] Throw exception if Redis class not found
2022-03-20 14:17:48 +01:00
Jakub Onderka
d133f705ac
fix: [UI] Undefined variable
2022-03-20 08:43:49 +01:00
Jakub Onderka
f3ed07fefc
fix: [api] Validate attribute type to avoid warnings
2022-03-19 13:14:10 +01:00
Jakub Onderka
9d8fc81678
chg: [internal] Throw exception if Redis class not found
2022-03-19 12:31:55 +01:00
iglocska
205ddb0b5a
fix: [event view] make having a valid PGP setup optional for viewing events
...
- don't throw an exception, rather set an empty key
2022-03-18 13:54:31 +01:00
Alexandre Dulaunoy
ab1305cc18
Merge pull request #8218 from righel/org-svg-logo-setting
...
new: add setting for allowing svg org logos
2022-03-18 11:01:14 +01:00
iglocska
dddcc1dcff
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-18 10:12:39 +01:00
iglocska
891572be9f
fix: [signing] fail gracefully if pgp not configured on event index
...
- return the index, but set fingerprint as null rather than throwing an exception
2022-03-18 10:11:29 +01:00
Sami Mokaddem
b0a4660a88
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-18 09:14:29 +01:00
Sami Mokaddem
ae0e335a05
chg: [events:restSearchExport] Format export based on the responseType
2022-03-18 09:14:10 +01:00
Jakub Onderka
2d23e0125b
Merge pull request #8215 from JakubOnderka/pgp-signature-optim
...
chg: [cryptograhicKey] Simplified code for event pushing
2022-03-17 17:03:40 +01:00
iglocska
68d1e16fb2
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 16:12:42 +01:00
iglocska
ff9cd40221
chg: [queryversion] bumped
2022-03-17 16:12:13 +01:00
Luciano Righetti
8dcf414340
fix: [security] restrict setting to cli only. enabling this setting could allow potential ssrf attacks, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 15:55:21 +01:00
iglocska
07b091778a
Merge branch '2.4' into develop
2022-03-17 15:51:06 +01:00
Alexandre Dulaunoy
bb82bd710c
Merge pull request #8216 from 3c7/patch-1
...
Update OidcAuth readme
2022-03-17 15:49:19 +01:00
Alexandre Dulaunoy
78d6f8b93f
Merge pull request #8217 from DCSO/linotp_errormessages
...
[chg] LinOTP error exceptions up to the ui
2022-03-17 15:48:35 +01:00
iglocska
83f1397f96
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 15:37:43 +01:00
iglocska
965b382faa
fix: [cryptographic key view] fixed
...
- was just grabbing the first key
2022-03-17 15:37:22 +01:00
Luciano Righetti
8cc93687dc
fix: [security] lfi via custom terms file setting, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 15:36:35 +01:00
iglocska
1b5edc99cf
fix: [event index] minimal mode fixed for signed events
2022-03-17 15:22:02 +01:00
Hendrik Baecker
eb7a1301bb
[chg] LinOTP now with enable/disable as config feature
2022-03-17 15:19:58 +01:00
iglocska
c4cb313f61
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:51:34 +01:00
iglocska
90d232bde2
fix: [signing] removed colour coding of protected/unprotected events
...
- gave the idea that one is "right" and one is "wrong", whilst they're just for different use-cases
2022-03-17 14:50:14 +01:00
Sami Mokaddem
4af6a4d1aa
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:43:27 +01:00
Sami Mokaddem
d65ef9c966
chg: [cryptographicKeys] Indexed more column and bumped db_schema
2022-03-17 14:43:01 +01:00
Luciano Righetti
2bd4a5b30c
fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 14:42:49 +01:00
iglocska
f16d83c60c
fix: [event view] distribution field fixed
...
- didn't display the sharing groups
2022-03-17 14:38:06 +01:00
iglocska
63bc2ff77b
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:29:39 +01:00
iglocska
0ada3e9bb5
fix: [signing] add try/catch around the gpg initialisation
...
- otherwise instances without gpg set up will fail when viewing events
2022-03-17 14:28:56 +01:00
Sami Mokaddem
6862f1a9d8
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:25:51 +01:00
Sami Mokaddem
2d14113de9
chg: [events:view] Removed duplicated lockpad icon
2022-03-17 14:25:40 +01:00
Hendrik Baecker
c42d34faac
[chg] LinOTP error exceptions up to the ui
2022-03-17 14:23:24 +01:00
Nils Kuhnert
48752ba624
Update OidcAuth readme
...
Replaced required dependency.
2022-03-17 14:12:32 +01:00
iglocska
61d4d36705
fix: [security] stored XSS in the user add/edit forms
...
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user
- as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 14:10:09 +01:00
Jakub Onderka
f208c656ea
chg: [cryptograhicKey] Simplified code for event pushing
2022-03-17 13:58:25 +01:00
Alexandre Dulaunoy
ca036781ca
chg: [taxonomies] updated to the latest version
2022-03-17 13:43:29 +01:00
Alexandre Dulaunoy
b365be8e36
chg: [misp-galaxy] updated
2022-03-17 13:42:40 +01:00
iglocska
dc63cb772c
Merge branch '2.4' into develop
2022-03-17 13:25:05 +01:00
Sami Mokaddem
9307a07760
fix: [events:edit] Correctly collects saved cryptographic keys when pushing an edit
2022-03-17 12:38:19 +01:00
Sami Mokaddem
b92d8ddb8f
chg: [events:index] Check for not empty instead
2022-03-17 11:50:49 +01:00
Sami Mokaddem
188153ffe9
chg: [events] Typo in protected description
2022-03-17 11:50:06 +01:00
Alexandre Dulaunoy
bcf8e49654
chg: [misp-objects] updated to the latest version
2022-03-17 10:27:36 +01:00
Jakub Onderka
ff39069bbc
fix: [oidc] Undefined index
2022-03-17 09:29:02 +01:00
iglocska
26ea06f2d9
fix: [gpg key] handle the lack of an instance key more gracefully
2022-03-17 02:31:45 +01:00
iglocska
47a997363c
chg: [CI] make the tests happy
...
- trailing comma after the last parameter in a function is not allowed in some PHP versions
2022-03-17 02:09:22 +01:00
iglocska
a63a628a1a
fix: [cryptograhicKey] instance key fingreprint caching fixed
2022-03-17 01:44:58 +01:00
iglocska
20fffac92b
chg: [signing validation] re-added to the new ServerSyncTool
2022-03-17 01:44:33 +01:00
iglocska
e8dcb31623
Merge branch 'feature/protected_mode' into develop
2022-03-17 01:43:44 +01:00
iglocska
8ea0b2cb56
chg: [unused endpoint] removed
2022-03-17 00:57:41 +01:00
iglocska
f8957cd62e
new: [instance key ingestion] added caching
...
- cache the fingerprint of the instance for 5 minutes
- avoid an unnecesary overhead by caching the value for 5 minutes
2022-03-17 00:53:02 +01:00
iglocska
17adbc26ae
chg: [signing validation] fixes
...
- correctly handle edits in regards to tamper proofing events
- handle an edge case of missing organisation data loaded for displaying if an event is removed by failing the validation
2022-03-17 00:47:06 +01:00
iglocska
f8efe5a01e
chg: [event view] added more information about the protected event status
2022-03-17 00:46:23 +01:00
iglocska
0ceeaf5242
new: [single view factory] added key_info constructor key for meta fields
...
- will display a font awesome info icon with a configurable title text
2022-03-17 00:45:11 +01:00
iglocska
57199cabd8
new: [protected event field] in the event view
...
- added tooltips with explanations
- added a warning if the instance's signing key is not included
2022-03-17 00:44:07 +01:00
iglocska
2263f4b194
chg: [event index] include a lock sign for protected events
2022-03-17 00:43:27 +01:00
iglocska
8eff854fce
fix: [signing validation] use the existing event rather than the incoming event for edits
...
- the ground truth for allowing edits is in the LOCAL version of the event
- prevents tampering attempts
- also cleanup of repetive file upload code
2022-03-17 00:41:55 +01:00
iglocska
259a19a374
fix: [sync] removed newly added locked field as a sanitized sync field
...
- ends up creating unlocked events on the remote, preventing future edits
2022-03-16 15:36:58 +01:00
iglocska
d49eca93ea
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode
2022-03-16 01:34:19 +01:00
iglocska
d431ee2d31
new: [pull] added protected mode checks and calling the validation functions if a protected event is found
...
- also removed leftover breakpoints
2022-03-16 01:32:01 +01:00
iglocska
828a07a128
chg: [cryptographicKey] - load and initialise gpg on class construction
2022-03-16 01:31:16 +01:00
iglocska
f6b5c7b7e3
chg: [gpgtool] validateGpgKey now also imports the key
2022-03-16 01:29:44 +01:00
iglocska
ab54f9cbfd
fix: [ACL] event protect/unprotect received ACL checks
2022-03-16 01:28:59 +01:00
iglocska
4f706aa331
fix: [ACL] Cryptokey add / delete key from parent received ACL checks
2022-03-16 01:28:09 +01:00
iglocska
9e90513881
new: [CRUD] delete - added the beforeDelete hook
2022-03-16 01:27:42 +01:00
iglocska
29ea45b4fd
chg: [ACL] added the cryptographicKeys functions
2022-03-16 01:27:11 +01:00
iglocska
5cd07f6ff0
fix: [warning] merge fixes
2022-03-15 23:51:43 +01:00
iglocska
c33230c2cd
Merge branch '2.4' into feature/protected_mode
2022-03-15 23:49:06 +01:00
iglocska
d60e8a39a1
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode
2022-03-15 23:11:19 +01:00
iglocska
3122974853
chg: [pull] signing validation WiP
2022-03-15 23:10:51 +01:00
iglocska
f592053f5a
fix: [event] include the protected field in the saving to allow syncing of protected events
2022-03-15 23:10:09 +01:00
iglocska
26de0a8b0c
new: [events] index and view signing checks added
...
- exclude events that can't be signed with a valid key as required by the event from the index for automaticTools (MISP + PyMISP)
- sign the data only for automaticTools (MISP + PyMISP)
2022-03-15 22:59:52 +01:00
iglocska
f4fbc62aae
fix: [cryptographicKey] various fixes
...
- typoes fixed
- take parent ID from the local ID rather than the synced one
2022-03-15 22:58:09 +01:00
iglocska
7c3181837b
fix: [eventwarning] path fixed
...
- as spotted by @chrisr3d
2022-03-15 12:54:55 +01:00
Jakub Onderka
0783bda85b
fix: [oidc] Specify correct column for user fetch
2022-03-15 10:20:43 +01:00
Jakub Onderka
b69c2c4918
fix: [php] Support for PHP 7.2
2022-03-15 10:20:43 +01:00
Jakub Onderka
3c8d07ca75
fix: [oidc] Throw exception if user email is empty
2022-03-15 09:55:50 +01:00
iglocska
98754783f6
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2022-03-15 09:31:50 +01:00
iglocska
364eaa50c2
new: [event warnings] made modular
...
- app/Lib/EventWarning contains default warnings
- app/Lib/EventWarning/Custom can be used to just drop event warnings
- use app/Lib/EventWarning/DefaultWarning as a template
2022-03-15 09:30:56 +01:00
iglocska
e5c7e50fcf
fix: [internal] event rearranging before push fixed
...
- some elements were at a misaligned level in the array
2022-03-15 07:16:19 +01:00
iglocska
c5d6e4a07c
fix: [signing] canonisation support by culling whitespaces
2022-03-14 15:54:24 +01:00
iglocska
4a65714fe9
fix: [sync] version comparison fixes
...
- for determining the right version to compare to when deciding if protected events can be synced
2022-03-14 00:34:44 +01:00
iglocska
4ca607ea4c
fix: [log] added 2 new actions for the signing system
2022-03-14 00:34:19 +01:00
iglocska
0774086ad2
fix: [event model] fixes
...
- fixed class name typo
- removed placeholder exception / breakpoint
2022-03-14 00:33:41 +01:00
iglocska
be34b3899e
fix: [cryptographickey model] internal fixes
...
- incorrect variable names fixed
- logging target fixes
- error messages were lacking the actual message
2022-03-14 00:32:18 +01:00
iglocska
2cfa89d492
chg: [tmpfiletool] allow reading into string without closing the file
2022-03-14 00:31:36 +01:00
iglocska
0f9645f20e
fix: [signing] generating event signature fixes
2022-03-14 00:30:44 +01:00
iglocska
114ac4d66c
chg: [signing] sign contents on restresponse if applicable
2022-03-14 00:29:43 +01:00
iglocska
8e96e2fd00
chg: [cryptographic key] move capture function to a bulk delta function
2022-03-13 17:02:50 +01:00
iglocska
c42800718a
chg: [cryptographickey] capturing
...
- add summary to logs
2022-03-13 17:02:11 +01:00
iglocska
6a64dc35e4
chg: [event edit] execute validation for signing keys if applicable
2022-03-13 16:42:07 +01:00
iglocska
4c381157a6
chg: [cryptographickey] execute key update on add()
2022-03-13 15:13:32 +01:00
iglocska
951e95ed5d
new: [cryptographic key] capture mechanism added
...
- capture new keys
- remove keys no longer in the data set
- revoke keys if needed
2022-03-13 15:12:30 +01:00
iglocska
cd3efdf225
chg: [JSONconvertertool] include cryptographic key
2022-03-13 15:12:05 +01:00
iglocska
816c1212f8
new: [generic template] for simple displaying of information added
2022-03-13 12:40:48 +01:00
iglocska
4c9a6b21e8
chg: [logo] new logo added
2022-03-13 12:39:29 +01:00
iglocska
b1b32fe1f9
new: [cryptographic keys] views added
2022-03-13 12:39:05 +01:00
iglocska
f74d664ce7
chg: [event view] missing changes added
...
- fixed event view main header
- added padlock sign for locked events
2022-03-13 12:38:17 +01:00
iglocska
a15dff4da5
chg: [logo] update
2022-03-13 12:37:57 +01:00
iglocska
37fb2943bf
chg: [check remote MISP version] added flag for protectedMode awareness
2022-03-13 12:37:30 +01:00
iglocska
d165b092f3
new: [event signing] sign events function added
2022-03-13 12:37:02 +01:00
iglocska
09a9e55896
new: [protected mode] functionalities added to the events controller
...
- protect/unprotect events
- include pgp signature in event on load when applicable
2022-03-13 12:35:58 +01:00
iglocska
b80a7af2c3
new: [cryptographic keys] model and controllers added
...
- sets MISP up for information signing
- sign data during synchronisation
2022-03-13 12:35:12 +01:00
iglocska
b86b8be7f2
new: [protected event mode] view elements added
2022-03-13 12:34:36 +01:00
iglocska
5946ecc52a
fix: [side panel] relatedFeed panel fixed
2022-03-13 12:32:44 +01:00
Jakub Onderka
cac0e81001
Merge pull request #8154 from JakubOnderka/server-sync-push
...
chg: [sync] Use ServerSyncTool for pushing events
2022-03-12 13:19:54 +01:00
Jakub Onderka
0ec3f33b30
Merge pull request #8164 from JakubOnderka/fix-folder-not-found
...
fix: [internal] Class 'Folder' not found
2022-03-12 13:19:06 +01:00
Jakub Onderka
b00ef27fb5
Merge pull request #8179 from JakubOnderka/upload-event-cleanup
...
chg: [internal] Simplify code for pushing events
2022-03-12 13:18:33 +01:00
Jakub Onderka
2e87d6b7b4
Merge pull request #8197 from JakubOnderka/push-sightings-refactor
...
chg: [sync] Simplify code for sighting pushing
2022-03-12 13:17:38 +01:00
iglocska
86832556a4
chg: [ipUser] API now accepts lists of IPs
...
{
"ip": ["8.8.8.8", "1.1.1.1"]
}
2022-03-10 13:47:27 +01:00
iglocska
7174b86999
new: [admin API] /servers/ipUser added
...
- requires user IP logging to be enabled
- search for a user behind an IP via /servers/ipUser, post a JSON containing the user's IP such as this:
{
"ip": "8.8.8.8"
}
2022-03-10 13:41:22 +01:00
Sami Mokaddem
c83a7b0b5b
chg: [events:index] Simplified endpoint
2022-03-10 12:10:37 +01:00
Sami Mokaddem
3f9629ad0c
new: [events:index] Multi-select export of events
2022-03-10 10:18:39 +01:00
Sami Mokaddem
21997abc52
fix: [exports:context] Removed spaces
2022-03-10 09:45:47 +01:00
Sami Mokaddem
507625de02
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-09 17:50:06 +01:00
Sami Mokaddem
b6c730f8f4
chg: [events:restSearch] Added `context-markdown` export format
2022-03-09 17:49:34 +01:00
Luciano Righetti
fd43c07952
fix: add default supervisor user to default settings
2022-03-09 12:08:54 +01:00
Luciano Righetti
7fae03d226
fix: add default supervisor user to default settings
2022-03-09 12:01:57 +01:00
Sami Mokaddem
f08d29f1e7
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-08 13:40:37 +01:00
Sami Mokaddem
155bf23776
new: [events:restSearch] Added `context` export format
...
The `context` export format includes:
- List of used taxonomies
- List of used galaxy cluster
- List of custom tags
- Mitre Att&ck matrix
2022-03-08 13:40:15 +01:00
Jakub Onderka
90cd99685f
chg: [sync] Simplify code for sighting pushing
2022-03-07 17:45:06 +01:00
Jakub Onderka
625032e58b
Merge pull request #8193 from JakubOnderka/set-sg-uuid
...
new: [UI] Site admin can create SG with specific UUID
2022-03-07 17:44:24 +01:00
iglocska
7537d62e7f
chg: [event view] rework
...
- use the factories
- a host of new elements added
- new side panels
- changed the behaviour of several existing functionalities
- various other small improvements
2022-03-06 23:51:25 +01:00
iglocska
369e314cac
Merge branch '2.4' into develop
2022-03-05 11:07:22 +01:00
iglocska
3aa2d7e310
fix: [sharing group blueprint] fixed
2022-03-05 11:06:24 +01:00
Jakub Onderka
5940187b33
new: [UI] Site admin can create SG with specific UUID
2022-03-04 18:14:13 +01:00
iglocska
82caf0e770
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-04 16:10:42 +01:00
iglocska
870b9d761b
fix: [db schema] fixed
2022-03-04 16:10:12 +01:00
Jakub Onderka
bcf3737caa
Merge pull request #8188 from JakubOnderka/code-style
...
chg: [internal] Cosmetic code changes
2022-03-04 09:27:36 +01:00
iglocska
b32684561e
chg: [authkeys] add accepts the user_id via URL params and posted JSON body
2022-03-03 18:57:44 +01:00
iglocska
ce9fbea4d6
chg: [sharing group blueprint] default to active sharing groups
...
- was confusing
2022-03-03 16:09:03 +01:00
Jakub Onderka
d51c052b3f
chg: [internal] Cosmetic code changes
2022-03-03 15:59:25 +01:00
Raphaël Vinot
cbc7361f40
chg: [PyMISP] BUmp version
2022-03-03 15:13:22 +01:00
iglocska
fcbc595a76
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-03 14:39:45 +01:00
iglocska
a7eb8fa9ac
chg: [authkeys add] accept "me" as a valid parameter
2022-03-03 14:38:05 +01:00
Jakub Onderka
09877c33f8
Merge pull request #8183 from JakubOnderka/cli-list-filter
...
new: [CLI] Filter user by ID or e-mail
2022-03-03 09:42:44 +01:00
iglocska
11d91386d5
fix: [sync] automatic sync data creation was lacking authkey
...
- fixed for both old style and advanced authkeys
2022-03-02 20:50:57 +01:00
iglocska
7834ec3760
fix: [organisations] made meta fields default to '' and not allow null values
...
- fixes a filtering issue with sharing group blueprints leading to sharing groups that are more restrictive than expected
2022-03-02 17:32:35 +01:00
Jakub Onderka
97f4df6a37
chg: [CLI] Simplify Admin::dumpCurrentDatabaseSchema
2022-03-02 16:54:08 +01:00
Jakub Onderka
0728ea36f9
new: [CLI] Filter user by ID or e-mail
2022-03-02 15:55:34 +01:00
iglocska
c66d718a09
fix: [blueprints] appease older php versions
...
trailing comma on last function call element removed
2022-03-02 08:06:50 +01:00