MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,625 Commits
41 Branches
370 Tags
180 MiB
Commit Graph

873 Commits (4c75abbb706beafe661a116509c1fe96c9298e5f)

Author SHA1 Message Date
iglocska b121af4c13
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-07-10 15:34:16 +02:00
iglocska 8ff6dc2ea1
new: [forgotten password] optional feature added 2023-07-10 15:30:28 +02:00
iglocska 26ad0ef607
fix: [customauth] Don't renew the session with each query 
- Leave the session handling to the normal life-cycle management
- should solve the issues where CSRF keeps kicking users off
 2023-06-29 12:38:29 +02:00
iglocska 404c71ade6
new: [dashboard widget] added functionalities to download widget raw data 
- download the JSON passed to the front-end of a widget on-demand
 2023-06-26 18:16:31 +02:00
iglocska 7853cf70c2
fix: [UI] index searches will handle spaces correctly 2023-06-14 18:39:06 +02:00
Raphaël Vinot 6a1963930b chg: [PyMISP] Bump 2023-06-08 15:14:58 +02:00
iglocska 3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added 
- without the login the update doesn't execute - chicken & egg issue
 2023-05-31 15:11:51 +02:00
Christophe Vandeplas cb74ad507f chg: [security] OTP support for HOTP 2023-05-25 23:28:14 +02:00
Christophe Vandeplas 6311f7d3e6 Merge branch 'develop' into feature/totp 2023-05-25 20:53:06 +02:00
Christophe Vandeplas a5f5a4e113 chg: [user] log last_api_access hourly if MISP.store_api_access_time is not set 2023-05-21 20:12:44 +02:00
Christophe Vandeplas c5483cf4b5 fix: [cleanup] removes some TODO messages #103 2023-05-21 10:09:05 +02:00
Christophe Vandeplas 81db5958d9 chg: [security] Allow enforcement of TOTP 2023-05-20 08:56:40 +02:00
Christophe Vandeplas 6caccac94d new: [security] TOTP authentication 2023-05-19 06:57:16 +02:00
iglocska 9f5e49995a
Merge branch 'new_widgets' into develop 2023-05-16 14:12:59 +02:00
iglocska a60202d9d1
fix: [junk removed] removed accidentally inserted characters 
- fell asleep on the keyboard?
 2023-05-16 13:41:44 +02:00
iglocska 9e763ba0e5
new: [auth] log api key usage in redis 
- lightweight per day slice of api key use
- built as a ranked set in redis for the dashboards
 2023-05-16 13:39:31 +02:00
Raphaël Vinot 1d53868c99 chg: [PyMISP] Bump version 2023-05-12 00:10:36 +02:00
Sami Mokaddem a2719e3c82
chg: [appController] Bumped queryVersion 2023-05-04 09:13:01 +02:00
Luciano Righetti 1f4e2af37a fix: admin logs pagination 2023-04-18 16:58:35 +02:00
Sami Mokaddem 06d5fa5c5d
fix: [event:discussion] Fixed potential CSRF issue while adding a comment 
Fix #8916
 2023-04-13 15:45:47 +02:00
Raphaël Vinot bc82b38db0 chg: [PyMISP] Bump 2023-04-12 15:59:34 +02:00
Sami Mokaddem 362156daca
fix: [event:viewAttribute] Reset pagination state when using a filter on the attribute table 
- This will certainly make @rommelfs happy :)
 2023-04-06 15:24:15 +02:00
iglocska 13d99cfaca
chg: [pymisp] bump 2023-03-27 11:01:42 +02:00
iglocska e498158208
chg: [pymisp] version string bump 2023-03-27 10:51:41 +02:00
Raphaël Vinot 68c130a099 chg: Bump PyMISP 2023-03-10 15:14:22 +02:00
Anders Einar Hilden ec495da477 [new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth 
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
 2023-03-10 10:34:05 +01:00
iglocska a7905b40ce
Merge branch 'develop' into 2.4 2023-02-01 14:37:06 +01:00
Christophe Vandeplas 827bf50f3c chg: [auth] group authentication code 2023-01-27 02:42:40 +01:00
Raphaël Vinot 5edcd9083f chg: [PyMISP] Bump 2023-01-23 10:09:01 +01:00
Andras Iklody faa1fc5300
fix: [querystring] bumped 2023-01-03 12:20:35 +01:00
Raphaël Vinot 68571e8534 chg: [PyMISP] Bump version 2022-12-22 11:37:28 +01:00
Christophe Vandeplas f18f0514f7 fix: [auth][log] log correct org/userid with failed login fixes #8807 2022-12-07 00:55:20 +01:00
Jakub Onderka 1fc62ef41e fix: [log] Condition for old access log 2022-12-02 09:50:18 +01:00
Jakub Onderka b7d8b39903 fix: [log] Undefined index 2022-12-02 09:50:18 +01:00
Jakub Onderka 00fa78e6ea chg: [internal] Move rest response SQL output 2022-12-02 09:38:14 +01:00
iglocska b6a2c854a4
new: [session killswitch] added endpoint to kill existing sessions for a user 
- required for integration in MeliCERTes II
 2022-12-01 14:07:48 +01:00
Christophe Vandeplas 192ed311b9 fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781 2022-11-28 14:08:11 +01:00
iglocska dbc18f2ca7
fix: [logs] reverted the removal of api logs from the /logs/ logging system unless confirmed 
- breaks logging with existing configurations
 2022-11-28 13:27:40 +01:00
Raphaël Vinot 500fe31615 chg: [PyMISP] Bump version 2022-11-28 10:28:22 +01:00
Jakub Onderka 4aabc2d097 new: [logging] Access log 2022-11-12 13:45:21 +01:00
Raphaël Vinot c20678f212 chg: [PyMISP] Bump 2022-11-09 13:49:12 +01:00
Jakub Onderka eb2396c5cc fix: [view] Remove unused variable 2022-11-02 13:24:34 +01:00
Jakub Onderka ed2bfa236d new: [acl] User AlcHelper more often 2022-11-02 13:24:34 +01:00
Jakub Onderka 645b11e1b1 new: [redis] Store some data in Redis compressed to save memory 2022-10-30 16:19:58 +01:00
Jakub Onderka 9f0c7456bb fix: [internal] AppController cleanup 2022-10-30 15:13:23 +01:00
Jakub Onderka be60ad19e9 chg: [internal] Put most used controller component to defined variables 2022-10-24 09:32:23 +02:00
Jakub Onderka b1371b4906 new: [acl] Move checks from controller to ACL component 2022-10-24 09:32:23 +02:00
Jakub Onderka 74a2982e1a fix: [internal] Cleanup controller code 2022-10-22 17:17:55 +02:00
Jakub Onderka b4bcbfe103 chg: [internal] Use JsonTool more often 2022-10-19 10:11:37 +02:00
Jakub Onderka aacd19a318 fix: [UI] Submit form on CTRL+ENTER on select 2022-10-14 13:00:38 +02:00
Jakub Onderka 6853a03cfb fix: [internal] Check if user is logged after checking if it is ajax request 2022-10-08 18:29:58 +02:00
Jakub Onderka f53063f8af chg: [internal] More clear method name 2022-10-08 13:43:18 +02:00
Jakub Onderka 3e970ad6a6 chg: [internal] Use short isset 2022-10-08 13:41:33 +02:00
Jakub Onderka 0cb3e58881 chg: [internal] Cleanup for RateLimitComponent 2022-10-08 13:26:02 +02:00
Jakub Onderka cb41c4ad92 chg: [internal] Move AUTOMATION_ARRAY definition to IndexFilterComponent 2022-09-22 14:48:50 +02:00
Sami Mokaddem 43db6f02ff
chg: [periodic_notification] Small UI improvements 2022-09-12 14:19:50 +02:00
Raphaël Vinot 25e9684297 chgL [PyMISP] Bump 2022-09-09 14:01:20 +02:00
Sami Mokaddem 0d4aa566fc
chg: [appController] Bumped queryversion 2022-08-24 09:55:13 +02:00
iglocska c764bb0e8f
Merge branch 'log_last_api' into develop 2022-08-11 09:36:30 +02:00
Raphaël Vinot 412dcd7b10 chg: [PyMISP] Bump version 2022-08-04 18:06:16 +02:00
Tom King de351faaac new: [internal] Add option to log last API request 2022-08-01 15:02:49 +01:00
Luciano Righetti e53b10d18b
chg: refactor so can be re-used 2022-07-20 16:11:49 +02:00
Sami Mokaddem 6f9d9a20d4
new: [event-report] Added support of mermaid 2022-07-13 11:41:31 +02:00
Sami Mokaddem 3fe30cdb48
chg: [appController] Bump query version 2022-07-12 14:20:26 +02:00
Jakub Onderka 27ff97a3a3 chg: [internal] restSearch cleanup 2022-06-30 13:35:29 +02:00
Jakub Onderka 83190f31c2
Merge pull request #8452 from JakubOnderka/restSearchExport-description 
chg: [UI] Event export description
 2022-06-30 10:10:06 +02:00
Jakub Onderka 640a732c29
Merge pull request #8358 from JakubOnderka/memory-leak-fix 
fix: [internal] PHP memory leak
 2022-06-29 13:32:26 +02:00
Jakub Onderka 2964335f04 chg: [UI] Event export description 2022-06-16 09:19:53 +02:00
Raphaël Vinot b1a5979fcb chg: [PyMISP] Bump 2022-05-30 11:05:41 +02:00
Jakub Onderka 6c84e7deb9 chg: [internal] Use `BetterCakeEventManager` for AppController 2022-05-22 18:20:15 +02:00
Jakub Onderka e75b706de9 chg: [internal] Show event tags closes sessions soon 2022-05-22 15:40:13 +02:00
Luciano Righetti 217be89e00 new: add MysqlExtended DboSource to support index query hints 2022-05-19 11:08:31 +02:00
Jakub Onderka 2f7c671adb new: [internal] Simplify checking if connection is MySQL/MariaDB 2022-05-14 10:17:06 +02:00
Jakub Onderka e86a02e7c6 chg: [UI] Fetch job progress in one query 2022-05-13 19:17:27 +02:00
Sami Mokaddem 2dfee9f445
fix: [event-graph] Event timeline shortcut do not override the ones from the eventgraph anymore 2022-05-10 15:36:46 +02:00
Jakub Onderka 2294232442 fix: [internal] Strict types 2022-05-07 10:40:41 +02:00
Sami Mokaddem c4f7a6e4f0
new: [clusters:attachMultipleClusters] Allow mirroring attribute clusters to events 
Added a new checkbox while picking tags to also tag the event with the tags to be attached to the attribute.
 2022-04-26 12:27:17 +02:00
iglocska be9fb9e802
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-04-19 15:18:40 +02:00
iglocska bb3b7a7e91
fix: [security] stored XSS fixed in event graph 
- unsanitised javascript insertion of tag name in the filters

- as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
 2022-04-18 00:49:21 +02:00
Jakub Onderka ff55803a17 fix: [internal] User model can be null 2022-04-10 15:08:52 +02:00
Jakub Onderka 2b61648184 new: [internal] Proper method for json decoding in controller 2022-04-10 09:50:12 +02:00
Sami Mokaddem 57b62dc511
chg: [events:index] Usage of UUIDfor restSearchExport feature 2022-03-31 15:27:06 +02:00
Sami Mokaddem 8afcc6552b
chg: [events:index] Usage of UUIDfor restSearchExport feature 2022-03-31 15:25:07 +02:00
Raphaël Vinot 7650f2d003 chg: [PyMISP] Bump version 2022-03-24 15:32:06 +01:00
iglocska bd047201a6
fix: [publish] button missing for users, fixes #8233 2022-03-21 17:08:03 +01:00
iglocska ff9cd40221
chg: [queryversion] bumped 2022-03-17 16:12:13 +01:00
Raphaël Vinot cbc7361f40 chg: [PyMISP] BUmp version 2022-03-03 15:13:22 +01:00
Jakub Onderka e1774abe80 new: [oidc] Check user validity 2022-02-19 16:07:10 +01:00
iglocska c282ea8063
fix: [language] fix (exception text) 2022-02-04 16:25:20 +01:00
Sami Mokaddem a6dd8572ac
chg: [js:markdown-it] Update markdown-it library from version 11.0.0 to version 12.3.2 2022-01-18 15:04:53 +01:00
Sami Mokaddem 2d5d16431a
fix: [appController:loginByAuthkey] Skip authentication with basic authorization 
Fix #7576.
Basic Auth might happen for some setup where the authentication is performed by another component such as LDAP.
For these cases, the Authorization header is present and contains the Basic Auth data used by the authentication plugin. Before this patch, MISP failed to resolve the API key to a user and threw a 403. This was because MISP detected the presence of the Authorization header which triggered an authentication by Authkey that would always fail as the content is not a valid API key.
 2022-01-18 14:28:09 +01:00
Jakub Onderka 50d284b643
Merge pull request #7986 from JakubOnderka/better-security 
chg: [internal] Do not modify session when not necessary
 2021-12-30 14:40:01 +01:00
Raphaël Vinot df84346bb2 chg: [PyMISP] Bump version 2021-12-22 11:14:21 +01:00
Sami Mokaddem 5cdc0cc7a7
chg: [app] Bumped query version 2021-12-17 11:38:34 +01:00
Sami Mokaddem 8cf2914142
new: [event-timeline] Support of image attachments 2021-12-08 12:14:13 +01:00
Luciano Righetti ed85319d7b fix: typos, bump js version 2021-12-06 16:20:51 +01:00
iglocska 72548fd9a4
fix: [UI] Ajax forms lose persistence 
- generic Form builder now has the persistence baked in
- capture all form fields' data before submiting as expected
 2021-12-02 14:03:20 +01:00
Jakub Onderka cb41232777 chg: [internal] Remove useless session closing 2021-11-25 12:01:48 +01:00
Jakub Onderka b100377a73 chg: [internal] Do not modify session when not necessary 2021-11-25 11:58:32 +01:00
Jakub Onderka d20795b08c fix: [internal] Old style view class 2021-11-22 09:58:24 +01:00