Raphaël Vinot
c6cafce47f
chg: Bump PyMISP recommended version
2018-01-28 20:59:57 +01:00
iglocska
24801272cf
chg: Get rid of the weird http:// baseurls and set some helper variables for the views
...
- Also load the new OrgImg helper
- @SteveClement wubs global view variables
2018-01-19 15:38:01 +01:00
iglocska
dedfea3610
new: Mass enable/disable feeds
...
- protecting the sanity of MISP admins since 2012!
2018-01-15 17:25:11 +01:00
iglocska
e1900ba7ee
chg: Version bumps for everyone!
2017-12-22 17:46:07 +01:00
iglocska
84f5e8ff5a
fix: Collapse attribute correlations
2017-12-22 17:22:49 +01:00
Christophe Vandeplas
64116c54d7
fixes bug where Server model might not yet be loaded
2017-12-20 11:21:46 +01:00
Andras Iklody
6e7a9da729
Merge pull request #2684 from JanSkalny/fix_baseurl_trailing_slash
...
fix: remove trailing slash from MISP.baseurl
2017-12-19 20:09:22 +01:00
Raphaël Vinot
94408193a8
chg: Bump PyMISP
2017-12-13 18:04:30 +01:00
iglocska
1dc795dc4d
fix: Updated pyMISP recommended version
2017-12-06 11:30:53 +01:00
iglocska
77acb7c666
fix: Fixed PyMISP version
2017-12-06 00:52:26 +01:00
iglocska
fd8c4ede24
chg: Version strings updated
2017-12-06 00:24:04 +01:00
iglocska
4f6dba5f35
new: various improvements
...
- use the feed uuid caches to link directly to affected MISP events
- various UI improvements
- Feed preview pagination / POSTed event ID filters added
2017-12-05 00:05:11 +01:00
iglocska
3d0fb9a688
fix: Updated the duplicate attribute removal tool to actually remove instead of trying to deduplicate
2017-11-30 09:52:34 +01:00
Jan Skalny
6933050e2e
fix: remove trailing slash from MISP.baseurl
2017-11-23 01:10:19 +01:00
iglocska
a659664447
fix: Fixed a reflected XSS in the sharing group creator tool
...
- Fixed a reflected XSS in the sharing group editor that requires malicious organisation names
- Low impact due to the following requirements:
- organisation names with malicious org names (JS in the orgname)
- sharing group editor user has to manually add an organisation to the list that has javascript in the org name
- only vulnerable view is the editor itself, so the impact is limited to
users that manually add organisations with malicious names to the list themselves / edit such sharing groups
- As reported by Dawid Czarnecki
2017-11-13 09:25:44 +01:00
dawid-czarnecki
b3c35e7b4f
Download terms redirect fix
...
When server setting MISP.terms_download=true and MISP.terms_file exists under MISP/app/files/terms directory user wasn't able to download terms and conditions before accepting it.
2017-11-12 01:57:23 +01:00
iglocska
f7418f2d6c
chg: PyMISP version bump
2017-11-10 07:53:19 +01:00
iglocska
22804d2eac
fix: PyMISP and warninglists updated
2017-10-09 16:20:57 +02:00
iglocska
30d2f8f992
chg: submodules updated
2017-10-09 16:12:07 +02:00
iglocska
cd9fe1883e
fix: Some cleanup of the attribute filtering
2017-10-05 11:59:59 +02:00
iglocska
36f6c9685d
fix: Invalid uuid used in the objectreferences add form
2017-09-27 15:12:45 +02:00
iglocska
5854a15d4c
fix: Fixed query string and pymisp version
2017-09-19 09:51:06 +02:00
iglocska
74894a6c95
chg: Update for the version release
...
- querystring bump
- version bump
- PyMISP version bump
2017-08-25 14:40:35 +02:00
iglocska
d8123b18d9
fix: Fixes to issues introduced by the ajax JSON rework, fixes #2384
2017-08-09 17:32:47 +02:00
iglocska
b0ac802a86
chg: Version bump
2017-08-06 12:39:10 +02:00
iglocska
a2d716c4b1
fix: Potential fix to the template element adding issue throwing ajax only exceptions
2017-07-31 13:51:23 +02:00
iglocska
f4041cd100
fix: Updated pyMisp and querystring versions
2017-07-12 16:16:20 +02:00
iglocska
3317f56ca1
fix: Upgraded hashing algorithm used and added requirement to confirm password for user profile changes
...
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed
- Thanks to cert.govt.nz for the security report.
2017-07-12 15:38:34 +02:00
iglocska
a724b69a12
Merge branch 'badattch' into 2.4
2017-06-18 10:13:40 +02:00
iglocska
c9784cc4f8
fix: Moved attachment access diagnostic tool to attributes controller
2017-06-18 10:12:48 +02:00
iglocska
bb20f232f8
fix: New way of checking for API access
...
- meant to resolve some issues such as being redirected to the news page if a new news item exists while running a CSV export via the API
2017-06-15 09:57:46 +02:00
iglocska
6fad375685
new: Mass delete events
...
- simply use the multi select on the event index via the UI
- for the API, simply POST to /events/delete with a payload in the following format:
`{"id": [15, 16, 17]}`
- if you've accidentally deleted all your events using this functionality, feel free to contact @rommelfs or contact the NSA for backups
2017-06-01 09:45:10 +02:00
iglocska
1efe4a89ce
chg: Querystring version bump
2017-05-30 18:10:24 +02:00
iglocska
314daa4551
new: Add instance uuid
2017-05-11 10:49:23 +02:00
iglocska
6d39e6f191
chg: Version bump on the queryVersion
2017-05-08 16:24:50 +02:00
iglocska
23ecf2738f
chg: Querystring bump
2017-04-14 15:56:50 +02:00
iglocska
cc57e0eca4
fix: Updated JS to fix Infinite loading when adding an attribute fails, fixes #2102
2017-04-12 23:51:41 +02:00
iglocska
5b13205f44
fix: query string version bump
2017-04-12 11:54:48 +02:00
iglocska
1bc5b51ea2
chg: bumped versions
...
- pymisp
- query string version
- php recommended version
2017-04-11 15:26:44 +02:00
iglocska
72470bacca
fix: Cleanup of the role add/edit checkboxes
2017-04-11 11:28:25 +02:00
iglocska
1b3fafc806
fix: Invalid lookup for the queryversion
2017-04-10 10:29:44 +02:00
iglocska
73d90466eb
fix: Fixed issues with popups across the board for low res displays, fixes #2101
...
- Popups get scrollbars / realligned for potato resolutions
- General cleanup of popup related functions in the JS
- Added version querystring to the css files, no more ctrl+f5ing after some updates
2017-04-04 10:28:21 +02:00
iglocska
1936ee961d
chg: Changed js query string
2017-03-26 18:24:44 +02:00
iglocska
3fbfe08f87
new: Added a POST server connection test
...
- hopefully it should help debug some issues
2017-03-23 11:52:07 +01:00
iglocska
84e4a62aba
new: Update MISP from the diagnostics page
...
- right now it's pretty dumb, it simply pulls the same branch that the current user is on
- Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line
2017-03-23 10:01:29 +01:00
iglocska
1b306c94e9
fix: JS version bump
2017-03-10 11:21:50 +01:00
iglocska
99558c9b79
chg: PyMISP update
2017-03-09 17:07:21 +01:00
iglocska
46695b8ca2
fix: Several blacklist related fixes
...
- turned the functionality to a default on feature
- added indexes
- fixed some default values
2017-03-07 17:39:44 +01:00
iglocska
65e0a31f61
chg: Made the role add/edit forms a bit more sane
...
- allow for some permissions to be given out to read only users
- hide the permissions that can't be selected for the given access level
2017-02-20 13:26:49 +01:00
iglocska
41f50bc6ec
new: Sightings column added to sightings table
2017-02-20 11:12:43 +01:00
iglocska
b02c76f544
fix: Fixed an annoying effect when adding a sighting
...
- also, js file renamed to current version
2017-02-17 09:10:51 +01:00
Raphaël Vinot
8b44ee6849
Update PyMISP
2017-02-09 16:53:30 +01:00
iglocska
1f9a631182
fix: Added missing view file, some small fixes, pymisp version bump
2017-01-31 10:54:33 +01:00
iglocska
ad472e8c4b
fix: Removing tags now spans its own CSRF tokens in the confirmation popup
...
- fixes some CSRF issues
- improves rendering performance
2017-01-31 09:58:21 +01:00
iglocska
c3ef68ea19
fix: PyMISP version bump
2017-01-26 09:44:48 +01:00
Iglocska
d39a4857b7
fix: Just force utf8 encoding if it's not set
2017-01-19 17:17:34 +01:00
Iglocska
fbcb7480a0
chg: Update of the JS filename
2017-01-17 13:54:51 +01:00
iglocska
2b187d48fc
new: Add a new api to check the supported PyMISP version
2017-01-08 20:20:49 +01:00
iglocska
ffe880621e
new: Disable correlation
...
- globally
- on an event level
- on an attribute level
2016-12-22 15:30:06 +01:00
Liviu Valsan
4c022beafc
- Performance improvements when exporting a large number of attributes into Bro format.
...
- Fixed file header formatting for the export to Bro format (tabs used consistently).
- Computing the time needed for generating the export to Bro format when done using a background job.
- When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside.
- Changed the file extension of Bro export files from ".intel" to ".txt".
- Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS).
- Fixed some of the API endpoints which were not accepted (ACL issues).
- Added support for a list of events that should be / should not be included in the export.
- Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html ) containing the description of the event and of the attribute.
- Sanitized the exported data for Bro.
- Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
Iglocska
8cc30bc6ba
new: First commit for the user API rework and the new response handler
2016-10-22 15:28:57 +02:00
Iglocska
0c83211796
fix: Don't destroy the session on failed customauth login if customauth is not enforced
2016-10-20 16:42:55 +02:00
Iglocska
ef9afedcf2
fix: If the custom auth is not required, throw the user to the usual login if the custom auth login failed
2016-10-20 16:36:49 +02:00
Iglocska
0695efe81b
new: Added a way to disable the default HTTP_ header namespace or to alter it to something else for the custom auth plugin
2016-10-20 16:25:45 +02:00
Iglocska
07a358eed9
fix: Fixed an issue with the type restrictions, fixes #1603
...
- fixes an issue where the type list in the attribute add/edit view wouldn't automatically restrict to the valid options
2016-10-10 09:22:18 +02:00
Andreas Ziegler
25e52a6786
chg: remove some references to variables
2016-09-15 17:08:58 +02:00
Iglocska
ab50d00b15
fix: Fix the broken bruteforce protection
...
- Moved the bruteforce protection directly to the login action
- Fixed the datetime format used by the protection
- Cleaned up the logging of failed attempts
2016-09-12 11:20:26 +02:00
Andreas Ziegler
4b8a82098d
chg: replace 4 spaces after tab by double tab
2016-09-05 00:45:51 +02:00
Andras Iklody
619966fa24
Merge pull request #1448 from TheDr1ver/2.4
...
Add support to export an OpenIOC file via API
2016-09-03 23:50:04 +02:00
Andras Iklody
6cda3fb39b
Merge pull request #1485 from MISP/feature/postgresql
...
support PostgreSQL database backend
2016-09-01 09:35:14 +02:00
iglocska
80ed1cf65d
fix: Removed filename check from the AppController
...
- rerouted all calls to the method to the Model equivalent
2016-09-01 09:18:54 +02:00
Andreas Ziegler
9bf0e16ac6
new: add basic experimental support for PostgreSQL
2016-08-31 04:11:49 +02:00
iglocska
bf370e3f8b
fix: inverse conditional for cleaning up the expired sessions
2016-08-30 09:39:40 +02:00
iglocska
48d46c1b0c
fix: Fixes to the internal server setup
...
- Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync
- This ensures that internal sync only happens when the same organisation owns both instances
2016-08-28 21:56:56 +02:00
iglocska
873b201eb0
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2016-08-25 11:38:59 +02:00
iglocska
822b0bf8fa
chg: Cleanup of the controllers and models
...
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
2016-08-25 11:38:37 +02:00
Andreas Ziegler
e8599fb16c
chg: new filename regex & separate functions
2016-08-24 15:31:17 +02:00
Andreas Ziegler
fa8300adea
chg: fix indention in some files
2016-08-22 03:40:17 +02:00
Nick Driver
4d32a16da8
Add support to export an OpenIOC file via API
...
(Change spaces to tabs)
2016-08-18 10:04:54 -04:00
iglocska
06aa741a0e
fix: Added check for instances not using database sessions to skip the automatic session cleanup
...
- But... Use database sessions.
2016-08-17 18:08:22 +02:00
iglocska
bf37230735
fix: Some performance tuning for the auto-session-cleanup
2016-08-15 23:20:27 +02:00
iglocska
5ffa4cf842
fix: Added automatic cleanup of expired sessions
...
- on page load for site admins
2016-08-15 22:43:46 +02:00
iglocska
7b6604de5b
chg: Added the tracking to all queued jobs
2016-08-15 16:30:37 +02:00
iglocska
3846e9dce6
fix: invalid permission check order leads to a notice
2016-08-15 15:41:54 +02:00
iglocska
4dd4e16b20
fix: Permissions for non-auth enabled users to use the API fixed
2016-08-11 16:14:26 +02:00
Cristian Bell
86a0ff5ac1
GET misp2.4.49.js - 404 Not Found #1428
2016-08-11 09:54:53 +02:00
Iglocska
e65bc0db53
Merge branch '2.4' into 2.4.49
...
Conflicts:
app/Controller/AppController.php
2016-07-22 13:29:27 +02:00
Iglocska
4c186337e4
fix: Don't require users to accept the terms and conditions if they are not set, fixes #1381
2016-07-22 11:16:00 +02:00
Iglocska
b14e6e2f5f
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2016-07-20 12:38:04 +02:00
Iglocska
80b6bca48f
new: Added a php version check to teh diagnostics page
2016-07-20 12:37:09 +02:00
Cristian Bell
4f169a8ffa
fix: Remove the default defined salt #625
2016-07-20 11:17:23 +02:00
Iglocska
e24c421a00
Merge branch 'perm_delegate' into 2.4
2016-07-18 00:50:09 +02:00
Iglocska
0fcf90a926
chg: Added the sharing group roaming setting to various parts of the application
...
- sharing group add/edit
- summary view
- push rule checks
2016-07-18 00:13:12 +02:00
Iglocska
9522c96d54
Revert "Revert "chg: remove obsolete uuid() wrapper""
...
This reverts commit bae6eadfe7
.
2016-07-11 00:59:47 +02:00
Iglocska
bae6eadfe7
Revert "chg: remove obsolete uuid() wrapper"
...
This reverts commit 77ca0f8dd4
.
2016-07-08 14:50:00 +02:00
Andreas Ziegler
77ca0f8dd4
chg: remove obsolete uuid() wrapper
2016-07-07 15:13:16 +02:00
Richard van den Berg
ca2fb7de96
- Allow delegation when unpublishedprivate is set
...
- Use perm_delegate instead of perm_publish for delegation
2016-07-06 09:36:13 +02:00
Cristian Bell
7b65a52a44
issue 993: Graceful maintenance message.
2016-06-30 17:33:23 +02:00
Iglocska
bad3f801c0
fix: Empty comments may be added to events #1263
...
- moved to plain jquery
- check on back+frontend
- better responses when adding events
- fixed an issue with the org_id not being selected for posts
2016-06-20 19:11:39 +02:00
Andreas Ziegler
985451642e
add space after keywords if/for/foreach/while/switch/catch
2016-06-04 15:45:39 +02:00