MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
21,639 Commits
34 Branches
364 Tags
187 MiB
Commit Graph

21639 Commits (582658545450149fb66c104bcd4ef1bc74ac97f3)

Author SHA1 Message Date
iglocska 61d4d36705
fix: [security] stored XSS in the user add/edit forms 
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user

- as reported by Ianis BERNARD - NATO Cyber Security Centre
 2022-03-17 14:10:09 +01:00
Jakub Onderka f208c656ea chg: [cryptograhicKey] Simplified code for event pushing 2022-03-17 13:58:25 +01:00
Alexandre Dulaunoy ca036781ca
chg: [taxonomies] updated to the latest version 2022-03-17 13:43:29 +01:00
Alexandre Dulaunoy b365be8e36
chg: [misp-galaxy] updated 2022-03-17 13:42:40 +01:00
iglocska dc63cb772c
Merge branch '2.4' into develop 2022-03-17 13:25:05 +01:00
Sami Mokaddem 9307a07760
fix: [events:edit] Correctly collects saved cryptographic keys when pushing an edit 2022-03-17 12:38:19 +01:00
Sami Mokaddem b92d8ddb8f
chg: [events:index] Check for not empty instead 2022-03-17 11:50:49 +01:00
Sami Mokaddem 188153ffe9
chg: [events] Typo in protected description 2022-03-17 11:50:06 +01:00
Alexandre Dulaunoy bcf8e49654
chg: [misp-objects] updated to the latest version 2022-03-17 10:27:36 +01:00
Jakub Onderka 72b8daa7a5
Merge pull request #8213 from JakubOnderka/oidc_undefined_index 
fix: [oidc] Undefined index
 2022-03-17 09:57:09 +01:00
Jakub Onderka ff39069bbc fix: [oidc] Undefined index 2022-03-17 09:29:02 +01:00
Alexandre Dulaunoy a0e6be2cdd
chg: [PyMISP] updated 2022-03-17 09:25:27 +01:00
iglocska 26ea06f2d9
fix: [gpg key] handle the lack of an instance key more gracefully 2022-03-17 02:31:45 +01:00
iglocska 47a997363c
chg: [CI] make the tests happy 
- trailing comma after the last parameter in a function is not allowed in some PHP versions
 2022-03-17 02:09:22 +01:00
iglocska a63a628a1a
fix: [cryptograhicKey] instance key fingreprint caching fixed 2022-03-17 01:44:58 +01:00
iglocska 20fffac92b
chg: [signing validation] re-added to the new ServerSyncTool 2022-03-17 01:44:33 +01:00
iglocska e8dcb31623
Merge branch 'feature/protected_mode' into develop 2022-03-17 01:43:44 +01:00
iglocska 8ea0b2cb56
chg: [unused endpoint] removed 2022-03-17 00:57:41 +01:00
iglocska f8957cd62e
new: [instance key ingestion] added caching 
- cache the fingerprint of the instance for 5 minutes
- avoid an unnecesary overhead by caching the value for 5 minutes
 2022-03-17 00:53:02 +01:00
iglocska 17adbc26ae
chg: [signing validation] fixes 
- correctly handle edits in regards to tamper proofing events
- handle an edge case of missing organisation data loaded for displaying if an event is removed by failing the validation
 2022-03-17 00:47:06 +01:00
iglocska f8efe5a01e
chg: [event view] added more information about the protected event status 2022-03-17 00:46:23 +01:00
iglocska 0ceeaf5242
new: [single view factory] added key_info constructor key for meta fields 
- will display a font awesome info icon with a configurable title text
 2022-03-17 00:45:11 +01:00
iglocska 57199cabd8
new: [protected event field] in the event view 
- added tooltips with explanations
- added a warning if the instance's signing key is not included
 2022-03-17 00:44:07 +01:00
iglocska 2263f4b194
chg: [event index] include a lock sign for protected events 2022-03-17 00:43:27 +01:00
iglocska 8eff854fce
fix: [signing validation] use the existing event rather than the incoming event for edits 
- the ground truth for allowing edits is in the LOCAL version of the event
- prevents tampering attempts

- also cleanup of repetive file upload code
 2022-03-17 00:41:55 +01:00
iglocska 259a19a374
fix: [sync] removed newly added locked field as a sanitized sync field 
- ends up creating unlocked events on the remote, preventing future edits
 2022-03-16 15:36:58 +01:00
iglocska d49eca93ea
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-16 01:34:19 +01:00
iglocska d431ee2d31
new: [pull] added protected mode checks and calling the validation functions if a protected event is found 
- also removed leftover breakpoints
 2022-03-16 01:32:01 +01:00
iglocska 828a07a128
chg: [cryptographicKey] - load and initialise gpg on class construction 2022-03-16 01:31:16 +01:00
iglocska f6b5c7b7e3
chg: [gpgtool] validateGpgKey now also imports the key 2022-03-16 01:29:44 +01:00
iglocska ab54f9cbfd
fix: [ACL] event protect/unprotect received ACL checks 2022-03-16 01:28:59 +01:00
iglocska 4f706aa331
fix: [ACL] Cryptokey add / delete key from parent received ACL checks 2022-03-16 01:28:09 +01:00
iglocska 9e90513881
new: [CRUD] delete - added the beforeDelete hook 2022-03-16 01:27:42 +01:00
iglocska 29ea45b4fd
chg: [ACL] added the cryptographicKeys functions 2022-03-16 01:27:11 +01:00
iglocska 5cd07f6ff0
fix: [warning] merge fixes 2022-03-15 23:51:43 +01:00
iglocska c33230c2cd
Merge branch '2.4' into feature/protected_mode 2022-03-15 23:49:06 +01:00
iglocska d60e8a39a1
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-15 23:11:19 +01:00
iglocska 3122974853
chg: [pull] signing validation WiP 2022-03-15 23:10:51 +01:00
iglocska f592053f5a
fix: [event] include the protected field in the saving to allow syncing of protected events 2022-03-15 23:10:09 +01:00
iglocska 7f7d5f0f0c
chg: [version] bump 2022-03-15 23:09:27 +01:00
iglocska 26de0a8b0c
new: [events] index and view signing checks added 
- exclude events that can't be signed with a valid key as required by the event from the index for automaticTools (MISP + PyMISP)
- sign the data only for automaticTools (MISP + PyMISP)
 2022-03-15 22:59:52 +01:00
iglocska f4fbc62aae
fix: [cryptographicKey] various fixes 
- typoes fixed
- take parent ID from the local ID rather than the synced one
 2022-03-15 22:58:09 +01:00
iglocska 7c3181837b
fix: [eventwarning] path fixed 
- as spotted by @chrisr3d
 2022-03-15 12:54:55 +01:00
Jakub Onderka 2e73166747
Merge pull request #8208 from JakubOnderka/oidc-empty-email 
fix: [oidc] Throw exception if user email is empty
 2022-03-15 10:38:44 +01:00
Jakub Onderka 0783bda85b fix: [oidc] Specify correct column for user fetch 2022-03-15 10:20:43 +01:00
Jakub Onderka b69c2c4918 fix: [php] Support for PHP 7.2 2022-03-15 10:20:43 +01:00
Jakub Onderka 3c8d07ca75 fix: [oidc] Throw exception if user email is empty 2022-03-15 09:55:50 +01:00
iglocska 98754783f6
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2022-03-15 09:31:50 +01:00
iglocska 364eaa50c2
new: [event warnings] made modular 
- app/Lib/EventWarning contains default warnings
- app/Lib/EventWarning/Custom can be used to just drop event warnings
- use app/Lib/EventWarning/DefaultWarning as a template
 2022-03-15 09:30:56 +01:00
iglocska e5c7e50fcf
fix: [internal] event rearranging before push fixed 
- some elements were at a misaligned level in the array
 2022-03-15 07:16:19 +01:00