MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
9,454 Commits
34 Branches
364 Tags
187 MiB
Commit Graph

394 Commits (3ee3c6a34da04960f42eced3d20fc7dacae31bf8)

Author SHA1 Message Date
Raphaël Vinot c6cafce47f
chg: Bump PyMISP recommended version 2018-01-28 20:59:57 +01:00
iglocska 24801272cf chg: Get rid of the weird http:// baseurls and set some helper variables for the views 
- Also load the new OrgImg helper
- @SteveClement wubs global view variables
 2018-01-19 15:38:01 +01:00
iglocska dedfea3610 new: Mass enable/disable feeds 
- protecting the sanity of MISP admins since 2012!
 2018-01-15 17:25:11 +01:00
iglocska e1900ba7ee chg: Version bumps for everyone! 2017-12-22 17:46:07 +01:00
iglocska 84f5e8ff5a fix: Collapse attribute correlations 2017-12-22 17:22:49 +01:00
Christophe Vandeplas 64116c54d7 fixes bug where Server model might not yet be loaded 2017-12-20 11:21:46 +01:00
Andras Iklody 6e7a9da729
Merge pull request #2684 from JanSkalny/fix_baseurl_trailing_slash 
fix: remove trailing slash from MISP.baseurl
 2017-12-19 20:09:22 +01:00
Raphaël Vinot 94408193a8 chg: Bump PyMISP 2017-12-13 18:04:30 +01:00
iglocska 1dc795dc4d fix: Updated pyMISP recommended version 2017-12-06 11:30:53 +01:00
iglocska 77acb7c666 fix: Fixed PyMISP version 2017-12-06 00:52:26 +01:00
iglocska fd8c4ede24 chg: Version strings updated 2017-12-06 00:24:04 +01:00
iglocska 4f6dba5f35 new: various improvements 
- use the feed uuid caches to link directly to affected MISP events
- various UI improvements
- Feed preview pagination / POSTed event ID filters added
 2017-12-05 00:05:11 +01:00
iglocska 3d0fb9a688 fix: Updated the duplicate attribute removal tool to actually remove instead of trying to deduplicate 2017-11-30 09:52:34 +01:00
Jan Skalny 6933050e2e fix: remove trailing slash from MISP.baseurl 2017-11-23 01:10:19 +01:00
iglocska a659664447 fix: Fixed a reflected XSS in the sharing group creator tool 
- Fixed a reflected XSS in the sharing group editor that requires malicious organisation names

- Low impact due to the following requirements:
  - organisation names with malicious org names (JS in the orgname)
  - sharing group editor user has to manually add an organisation to the list that has javascript in the org name
  - only vulnerable view is the editor itself, so the impact is limited to
    users that manually add organisations with malicious names to the list themselves / edit such sharing groups

- As reported by Dawid Czarnecki
 2017-11-13 09:25:44 +01:00
dawid-czarnecki b3c35e7b4f
Download terms redirect fix 
When server setting MISP.terms_download=true and MISP.terms_file exists under MISP/app/files/terms directory user wasn't able to download terms and conditions before accepting it.
 2017-11-12 01:57:23 +01:00
iglocska f7418f2d6c chg: PyMISP version bump 2017-11-10 07:53:19 +01:00
iglocska 22804d2eac fix: PyMISP and warninglists updated 2017-10-09 16:20:57 +02:00
iglocska 30d2f8f992 chg: submodules updated 2017-10-09 16:12:07 +02:00
iglocska cd9fe1883e fix: Some cleanup of the attribute filtering 2017-10-05 11:59:59 +02:00
iglocska 36f6c9685d fix: Invalid uuid used in the objectreferences add form 2017-09-27 15:12:45 +02:00
iglocska 5854a15d4c fix: Fixed query string and pymisp version 2017-09-19 09:51:06 +02:00
iglocska 74894a6c95 chg: Update for the version release 
- querystring bump
- version bump
- PyMISP version bump
 2017-08-25 14:40:35 +02:00
iglocska d8123b18d9 fix: Fixes to issues introduced by the ajax JSON rework, fixes #2384 2017-08-09 17:32:47 +02:00
iglocska b0ac802a86 chg: Version bump 2017-08-06 12:39:10 +02:00
iglocska a2d716c4b1 fix: Potential fix to the template element adding issue throwing ajax only exceptions 2017-07-31 13:51:23 +02:00
iglocska f4041cd100 fix: Updated pyMisp and querystring versions 2017-07-12 16:16:20 +02:00
iglocska 3317f56ca1 fix: Upgraded hashing algorithm used and added requirement to confirm password for user profile changes 
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:38:34 +02:00
iglocska a724b69a12 Merge branch 'badattch' into 2.4 2017-06-18 10:13:40 +02:00
iglocska c9784cc4f8 fix: Moved attachment access diagnostic tool to attributes controller 2017-06-18 10:12:48 +02:00
iglocska bb20f232f8 fix: New way of checking for API access 
- meant to resolve some issues such as being redirected to the news page if a new news item exists while running a CSV export via the API
 2017-06-15 09:57:46 +02:00
iglocska 6fad375685 new: Mass delete events 
- simply use the multi select on the event index via the UI
- for the API, simply POST to /events/delete with a payload in the following format:
  `{"id": [15, 16, 17]}`

- if you've accidentally deleted all your events using this functionality, feel free to contact @rommelfs or contact the NSA for backups
 2017-06-01 09:45:10 +02:00
iglocska 1efe4a89ce chg: Querystring version bump 2017-05-30 18:10:24 +02:00
iglocska 314daa4551 new: Add instance uuid 2017-05-11 10:49:23 +02:00
iglocska 6d39e6f191 chg: Version bump on the queryVersion 2017-05-08 16:24:50 +02:00
iglocska 23ecf2738f chg: Querystring bump 2017-04-14 15:56:50 +02:00
iglocska cc57e0eca4 fix: Updated JS to fix Infinite loading when adding an attribute fails, fixes #2102 2017-04-12 23:51:41 +02:00
iglocska 5b13205f44 fix: query string version bump 2017-04-12 11:54:48 +02:00
iglocska 1bc5b51ea2 chg: bumped versions 
- pymisp
- query string version
- php recommended version
 2017-04-11 15:26:44 +02:00
iglocska 72470bacca fix: Cleanup of the role add/edit checkboxes 2017-04-11 11:28:25 +02:00
iglocska 1b3fafc806 fix: Invalid lookup for the queryversion 2017-04-10 10:29:44 +02:00
iglocska 73d90466eb fix: Fixed issues with popups across the board for low res displays, fixes #2101 
- Popups get scrollbars / realligned for potato resolutions
- General cleanup of popup related functions in the JS
- Added version querystring to the css files, no more ctrl+f5ing after some updates
 2017-04-04 10:28:21 +02:00
iglocska 1936ee961d chg: Changed js query string 2017-03-26 18:24:44 +02:00
iglocska 3fbfe08f87 new: Added a POST server connection test 
- hopefully it should help debug some issues
 2017-03-23 11:52:07 +01:00
iglocska 84e4a62aba new: Update MISP from the diagnostics page 
- right now it's pretty dumb, it simply pulls the same branch that the current user is on
- Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line
 2017-03-23 10:01:29 +01:00
iglocska 1b306c94e9 fix: JS version bump 2017-03-10 11:21:50 +01:00
iglocska 99558c9b79 chg: PyMISP update 2017-03-09 17:07:21 +01:00
iglocska 46695b8ca2 fix: Several blacklist related fixes 
- turned the functionality to a default on feature
- added indexes
- fixed some default values
 2017-03-07 17:39:44 +01:00
iglocska 65e0a31f61 chg: Made the role add/edit forms a bit more sane 
- allow for some permissions to be given out to read only users
- hide the permissions that can't be selected for the given access level
 2017-02-20 13:26:49 +01:00
iglocska 41f50bc6ec new: Sightings column added to sightings table 2017-02-20 11:12:43 +01:00
iglocska b02c76f544 fix: Fixed an annoying effect when adding a sighting 
- also, js file renamed to current version
 2017-02-17 09:10:51 +01:00
Raphaël Vinot 8b44ee6849 Update PyMISP 2017-02-09 16:53:30 +01:00
iglocska 1f9a631182 fix: Added missing view file, some small fixes, pymisp version bump 2017-01-31 10:54:33 +01:00
iglocska ad472e8c4b fix: Removing tags now spans its own CSRF tokens in the confirmation popup 
- fixes some CSRF issues
- improves rendering performance
 2017-01-31 09:58:21 +01:00
iglocska c3ef68ea19 fix: PyMISP version bump 2017-01-26 09:44:48 +01:00
Iglocska d39a4857b7 fix: Just force utf8 encoding if it's not set 2017-01-19 17:17:34 +01:00
Iglocska fbcb7480a0 chg: Update of the JS filename 2017-01-17 13:54:51 +01:00
iglocska 2b187d48fc new: Add a new api to check the supported PyMISP version 2017-01-08 20:20:49 +01:00
iglocska ffe880621e new: Disable correlation 
- globally
- on an event level
- on an attribute level
 2016-12-22 15:30:06 +01:00
Liviu Valsan 4c022beafc - Performance improvements when exporting a large number of attributes into Bro format. 
- Fixed file header formatting for the export to Bro format (tabs used consistently).
- Computing the time needed for generating the export to Bro format when done using a background job.
- When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside.
- Changed the file extension of Bro export files from ".intel" to ".txt".
- Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS).
- Fixed some of the API endpoints which were not accepted (ACL issues).
- Added support for a list of events that should be / should not be included in the export.
- Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute.
- Sanitized the exported data for Bro.
- Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
 2016-12-07 16:33:17 +01:00
Iglocska 8cc30bc6ba new: First commit for the user API rework and the new response handler 2016-10-22 15:28:57 +02:00
Iglocska 0c83211796 fix: Don't destroy the session on failed customauth login if customauth is not enforced 2016-10-20 16:42:55 +02:00
Iglocska ef9afedcf2 fix: If the custom auth is not required, throw the user to the usual login if the custom auth login failed 2016-10-20 16:36:49 +02:00
Iglocska 0695efe81b new: Added a way to disable the default HTTP_ header namespace or to alter it to something else for the custom auth plugin 2016-10-20 16:25:45 +02:00
Iglocska 07a358eed9 fix: Fixed an issue with the type restrictions, fixes #1603 
- fixes an issue where the type list in the attribute add/edit view wouldn't automatically restrict to the valid options
 2016-10-10 09:22:18 +02:00
Andreas Ziegler 25e52a6786 chg: remove some references to variables 2016-09-15 17:08:58 +02:00
Iglocska ab50d00b15 fix: Fix the broken bruteforce protection 
- Moved the bruteforce protection directly to the login action
- Fixed the datetime format used by the protection
- Cleaned up the logging of failed attempts
 2016-09-12 11:20:26 +02:00
Andreas Ziegler 4b8a82098d chg: replace 4 spaces after tab by double tab 2016-09-05 00:45:51 +02:00
Andras Iklody 619966fa24 Merge pull request #1448 from TheDr1ver/2.4 
Add support to export an OpenIOC file via API
 2016-09-03 23:50:04 +02:00
Andras Iklody 6cda3fb39b Merge pull request #1485 from MISP/feature/postgresql 
support PostgreSQL database backend
 2016-09-01 09:35:14 +02:00
iglocska 80ed1cf65d fix: Removed filename check from the AppController 
- rerouted all calls to the method to the Model equivalent
 2016-09-01 09:18:54 +02:00
Andreas Ziegler 9bf0e16ac6 new: add basic experimental support for PostgreSQL 2016-08-31 04:11:49 +02:00
iglocska bf370e3f8b fix: inverse conditional for cleaning up the expired sessions 2016-08-30 09:39:40 +02:00
iglocska 48d46c1b0c fix: Fixes to the internal server setup 
- Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync
- This ensures that internal sync only happens when the same organisation owns both instances
 2016-08-28 21:56:56 +02:00
iglocska 873b201eb0 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-08-25 11:38:59 +02:00
iglocska 822b0bf8fa chg: Cleanup of the controllers and models 
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
 2016-08-25 11:38:37 +02:00
Andreas Ziegler e8599fb16c chg: new filename regex & separate functions 2016-08-24 15:31:17 +02:00
Andreas Ziegler fa8300adea chg: fix indention in some files 2016-08-22 03:40:17 +02:00
Nick Driver 4d32a16da8 Add support to export an OpenIOC file via API 
(Change spaces to tabs)
 2016-08-18 10:04:54 -04:00
iglocska 06aa741a0e fix: Added check for instances not using database sessions to skip the automatic session cleanup 
- But... Use database sessions.
 2016-08-17 18:08:22 +02:00
iglocska bf37230735 fix: Some performance tuning for the auto-session-cleanup 2016-08-15 23:20:27 +02:00
iglocska 5ffa4cf842 fix: Added automatic cleanup of expired sessions 
- on page load for site admins
 2016-08-15 22:43:46 +02:00
iglocska 7b6604de5b chg: Added the tracking to all queued jobs 2016-08-15 16:30:37 +02:00
iglocska 3846e9dce6 fix: invalid permission check order leads to a notice 2016-08-15 15:41:54 +02:00
iglocska 4dd4e16b20 fix: Permissions for non-auth enabled users to use the API fixed 2016-08-11 16:14:26 +02:00
Cristian Bell 86a0ff5ac1 GET misp2.4.49.js - 404 Not Found #1428 2016-08-11 09:54:53 +02:00
Iglocska e65bc0db53 Merge branch '2.4' into 2.4.49 
Conflicts:
	app/Controller/AppController.php
 2016-07-22 13:29:27 +02:00
Iglocska 4c186337e4 fix: Don't require users to accept the terms and conditions if they are not set, fixes #1381 2016-07-22 11:16:00 +02:00
Iglocska b14e6e2f5f Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-07-20 12:38:04 +02:00
Iglocska 80b6bca48f new: Added a php version check to teh diagnostics page 2016-07-20 12:37:09 +02:00
Cristian Bell 4f169a8ffa fix: Remove the default defined salt #625 2016-07-20 11:17:23 +02:00
Iglocska e24c421a00 Merge branch 'perm_delegate' into 2.4 2016-07-18 00:50:09 +02:00
Iglocska 0fcf90a926 chg: Added the sharing group roaming setting to various parts of the application 
- sharing group add/edit
- summary view
- push rule checks
 2016-07-18 00:13:12 +02:00
Iglocska 9522c96d54 Revert "Revert "chg: remove obsolete uuid() wrapper"" 
This reverts commit bae6eadfe7.
 2016-07-11 00:59:47 +02:00
Iglocska bae6eadfe7 Revert "chg: remove obsolete uuid() wrapper" 
This reverts commit 77ca0f8dd4.
 2016-07-08 14:50:00 +02:00
Andreas Ziegler 77ca0f8dd4 chg: remove obsolete uuid() wrapper 2016-07-07 15:13:16 +02:00
Richard van den Berg ca2fb7de96 - Allow delegation when unpublishedprivate is set 
- Use perm_delegate instead of perm_publish for delegation
 2016-07-06 09:36:13 +02:00
Cristian Bell 7b65a52a44 issue 993: Graceful maintenance message. 2016-06-30 17:33:23 +02:00
Iglocska bad3f801c0 fix: Empty comments may be added to events #1263 
- moved to plain jquery
- check on back+frontend
- better responses when adding events
- fixed an issue with the org_id not being selected for posts
 2016-06-20 19:11:39 +02:00
Andreas Ziegler 985451642e add space after keywords if/for/foreach/while/switch/catch 2016-06-04 15:45:39 +02:00