MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
3,129 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

3129 Commits (52f429e3c7023725139e43a9c9b37fcefc329072)

Author SHA1 Message Date
iglocska a380458d2e Fixed a security issue with the site admin file uploader 
- as discovered and reported by Egidio Romano of Minded Security

- The site admin file upload tool allowed for unrestricted file upload that could lead to RCE
- Fixed the file uploader to be much more restrictive
- removed the interactive terms file upload
 2015-11-13 23:48:29 +01:00
Alexandre Dulaunoy 0fe4cf63ca PyMISP submodule updated 2015-11-13 11:24:59 +01:00
Alexandre Dulaunoy 4723431ab0 PyMISP submodule updated 2015-11-13 11:12:57 +01:00
Alexandre Dulaunoy c86fa28a90 PyMISP updated 2015-11-13 10:55:40 +01:00
iglocska 5941772b3a Merge branch 'master' into 2.4-beta 
Conflicts:
	VERSION.json
 2015-11-12 09:49:04 +01:00
iglocska 82c9680b10 Merge branch 'hotfix-2.3.157' into develop 2015-11-12 09:47:49 +01:00
iglocska b097435879 Merge branch 'hotfix-2.3.157' 2015-11-12 09:47:34 +01:00
iglocska 69031ab35e Fixed an issue where PGP keys that are set to never expire show up as expired 2015-11-12 09:46:33 +01:00
iglocska 1c6f45de52 Merge branch 'master' into 2.4-beta 
Conflicts:
	VERSION.json
	app/Controller/EventsController.php
 2015-11-12 09:26:29 +01:00
iglocska 620aab4e0e Merge branch 'master' into 2.4-beta 
Conflicts:
	VERSION.json
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Model/Event.php
 2015-11-12 08:44:23 +01:00
iglocska d568803aa8 Merge branch 'hotfix-2.3.156' into develop 2015-11-11 17:05:44 +01:00
iglocska 3a540542ed Merge branch 'hotfix-2.3.156' 2015-11-11 17:04:49 +01:00
iglocska 675ceb2e0e Better verification of PGP keys 
- checks whether the key can be used to encrypt and whether it's expired
 2015-11-11 17:03:59 +01:00
iglocska 2addc61346 Merge branch 'hotfix-2.3.155' into develop 2015-11-10 15:25:20 +01:00
iglocska 6baa3bea00 Merge branch 'hotfix-2.3.155' 2015-11-10 15:23:29 +01:00
iglocska 6548297b80 Merge branch 'hotfix-2.3.154' into hotfix-2.3.155 
Conflicts:
	VERSION.json
 2015-11-10 15:22:10 +01:00
iglocska 9f85c40145 Fix to a security issue 
- as reported by RichieB2B
- Trying to view an event that doesn't exist and one that the user has no access to resulted in different error messages
 2015-11-10 15:18:33 +01:00
iglocska c46922be12 Fix to a security issue in the PGP fetching tool 
- reported by RichieB2B
- The scraped URL for the PGP fetching tool was not sanitised before being echoed
 2015-11-10 15:17:15 +01:00
iglocska ea2420c889 Merge branch 'hotfix-2.3.154' into develop 2015-11-10 13:47:46 +01:00
iglocska db2d7dc8de Merge branch 'hotfix-2.3.154' 2015-11-10 13:47:01 +01:00
iglocska 0d758de89b Fixed an issue where a linebreak in an event info would break the CSV export, fixes #710 
- also added comment field for attributes
- until now multi line fields were both escaped and the line breaks removed
  - this was overkill, linebreaks are now kept intact
 2015-11-10 13:45:40 +01:00
iglocska 596ec80ac9 Merge branch 'master' of https://github.com/MISP/MISP 2015-11-09 23:21:11 +01:00
iglocska ce99344895 Merge branch 'hotfix-2.3.153' 2015-11-09 23:20:59 +01:00
iglocska 62253adaf4 Merge branch 'hotfix-2.3.153' into develop 2015-11-09 23:19:31 +01:00
iglocska 8f485ef98a Fixed a bug with the attribute search API 2015-11-09 23:18:51 +01:00
Alexandre Dulaunoy 7b631c56cd Updated PyMISP to the latest version 2015-11-09 21:28:09 +01:00
iglocska 42eeadb834 Fixed the proposal attachment upload 
- was bugged before since the switch to the new format
- comments were not enabled

- fixed an issue where a proposed attribute could not be downloaded as it was pointing to a file in the attribute attachment directory
 2015-11-09 16:44:40 +01:00
pugilist 79eab81a43 updated an anchor that was missed previously 2015-11-09 09:29:07 -05:00
pugilist e7e76bfc44 patched termsaccepted and change_pw checks to redirect properly when a base directory is specified. 2015-11-09 09:22:24 -05:00
iglocska 9092eb4015 Double click edit of attribute values wasn't working 
- fixed
 2015-11-09 15:17:47 +01:00
iglocska 34e4183854 Moved the logic for flagging an attribute for a validation issue to the model 2015-11-09 14:50:57 +01:00
iglocska 45f0e04738 Warning icon if a financial indicator fails the validation 2015-11-09 13:54:38 +01:00
iglocska 3716b38a60 Bin number added to validation 2015-11-09 13:42:22 +01:00
iglocska 685ba2a0b9 Comments now correctly save on attachments 2015-11-09 12:44:09 +01:00
iglocska 15c72a784d Clarification of the malware checkbox on add attachment 2015-11-09 12:41:33 +01:00
iglocska cd886b4a79 Relaxed financial attribute validation 
- also added 2 new types: bank-account-nr and aba-rtn
- validation is completely relaxed
- idea is to add a visual notification in the view for these attributes types if they are not valid (invalid financial indicators are still interesting)
 2015-11-09 12:36:49 +01:00
iglocska 9faf3df8ae Some fixes to the api authentication 
- Handle user not found gracefully
- Log the failed authentication correctly
 2015-11-09 08:52:06 +01:00
pugilist baa33a618c modified img tags to use baseurl 2015-11-08 19:24:57 -05:00
iglocska 324418dcf9 Merge branch 'master' into 2.4-beta 
Merge and upgrade of several new features

Conflicts:
	VERSION.json
	app/Controller/ShadowAttributesController.php
	app/Controller/TagsController.php
	app/Model/AppModel.php
	app/Model/Event.php
	app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php
 2015-11-08 23:26:19 +01:00
iglocska 68cf9c4960 Merge branch 'hotfix-2.3.152' into develop 2015-11-08 22:58:03 +01:00
iglocska a3661fdcbd Merge branch 'hotfix-2.3.152' 2015-11-08 22:57:17 +01:00
iglocska c83b1e2dd0 Fix to the CSV export, fixes #710 2015-11-08 22:56:00 +01:00
iglocska 16e7974fc0 Improved logging, fixes #695 
- Added logging of failed login attempts
- Added (optional) logging of successful authentications
  - admin setting that has to be enabled
  - will log all API calls (both HTTP method and target url)

- optional logging of user IP address for all logs
  - each log entry created while this setting is enabled will log the IP address of the client
  - disabling it also hides the IPs from the interface
  - added new IP field for the log search (only if enabled)
 2015-11-08 22:35:46 +01:00
pugilist ec7d85332c modified many instances of html anchors and javascript document.location to use 2015-11-08 15:38:24 -05:00
pugilist e451945b11 modified beforefilter to allow to be accessed by all views 2015-11-08 13:21:16 -05:00
iglocska c3ebc18afa Merge branch 'develop' 2015-11-03 17:07:19 +01:00
iglocska 8f1363df37 Merge branch 'hotfix-2.3.151' into develop 2015-11-03 17:07:12 +01:00
iglocska 42ad040d3c Removed obsolete gitignore files, fixes #704 2015-11-03 17:06:21 +01:00
iglocska 5f06e87b6c Merge branch 'hotfix-2.3.150' into develop 2015-10-31 00:29:59 +01:00
iglocska 4b24cf0c65 Documentation changes 2015-10-31 00:29:15 +01:00