MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,701 Commits
34 Branches
365 Tags
189 MiB
Commit Graph

794 Commits (5edcd9083f2104e4eeab4be75109b797d756c14b)

Author SHA1 Message Date
Jakub Onderka ff55803a17 fix: [internal] User model can be null 2022-04-10 15:08:52 +02:00
Jakub Onderka 2b61648184 new: [internal] Proper method for json decoding in controller 2022-04-10 09:50:12 +02:00
Sami Mokaddem 57b62dc511
chg: [events:index] Usage of UUIDfor restSearchExport feature 2022-03-31 15:27:06 +02:00
Sami Mokaddem 8afcc6552b
chg: [events:index] Usage of UUIDfor restSearchExport feature 2022-03-31 15:25:07 +02:00
Raphaël Vinot 7650f2d003 chg: [PyMISP] Bump version 2022-03-24 15:32:06 +01:00
iglocska bd047201a6
fix: [publish] button missing for users, fixes #8233 2022-03-21 17:08:03 +01:00
iglocska ff9cd40221
chg: [queryversion] bumped 2022-03-17 16:12:13 +01:00
Raphaël Vinot cbc7361f40 chg: [PyMISP] BUmp version 2022-03-03 15:13:22 +01:00
Jakub Onderka e1774abe80 new: [oidc] Check user validity 2022-02-19 16:07:10 +01:00
iglocska c282ea8063
fix: [language] fix (exception text) 2022-02-04 16:25:20 +01:00
Sami Mokaddem a6dd8572ac
chg: [js:markdown-it] Update markdown-it library from version 11.0.0 to version 12.3.2 2022-01-18 15:04:53 +01:00
Sami Mokaddem 2d5d16431a
fix: [appController:loginByAuthkey] Skip authentication with basic authorization 
Fix #7576.
Basic Auth might happen for some setup where the authentication is performed by another component such as LDAP.
For these cases, the Authorization header is present and contains the Basic Auth data used by the authentication plugin. Before this patch, MISP failed to resolve the API key to a user and threw a 403. This was because MISP detected the presence of the Authorization header which triggered an authentication by Authkey that would always fail as the content is not a valid API key.
 2022-01-18 14:28:09 +01:00
Jakub Onderka 50d284b643
Merge pull request #7986 from JakubOnderka/better-security 
chg: [internal] Do not modify session when not necessary
 2021-12-30 14:40:01 +01:00
Raphaël Vinot df84346bb2 chg: [PyMISP] Bump version 2021-12-22 11:14:21 +01:00
Sami Mokaddem 5cdc0cc7a7
chg: [app] Bumped query version 2021-12-17 11:38:34 +01:00
Sami Mokaddem 8cf2914142
new: [event-timeline] Support of image attachments 2021-12-08 12:14:13 +01:00
Luciano Righetti ed85319d7b fix: typos, bump js version 2021-12-06 16:20:51 +01:00
iglocska 72548fd9a4
fix: [UI] Ajax forms lose persistence 
- generic Form builder now has the persistence baked in
- capture all form fields' data before submiting as expected
 2021-12-02 14:03:20 +01:00
Jakub Onderka cb41232777 chg: [internal] Remove useless session closing 2021-11-25 12:01:48 +01:00
Jakub Onderka b100377a73 chg: [internal] Do not modify session when not necessary 2021-11-25 11:58:32 +01:00
Jakub Onderka d20795b08c fix: [internal] Old style view class 2021-11-22 09:58:24 +01:00
Jakub Onderka 41db04ad47 chg: [internal] Avoid calling unnecessary method 2021-11-22 09:58:23 +01:00
Jakub Onderka 5aa1e0cb3b chg: [internal] Element file cache 2021-11-22 09:58:23 +01:00
Jakub Onderka e2a0644111 chg: [internal] Move some checks to beforeRender method 2021-11-22 09:58:23 +01:00
Raphaël Vinot 94519efb17 chg: Bump PyMISP 2021-11-19 01:55:58 -08:00
Jakub Onderka df5ab6a144 chg: [internal] Code style 2021-11-07 14:51:42 +01:00
Jakub Onderka af234a006c chg: [internal] AppController cleanup 2021-11-07 14:38:39 +01:00
Jakub Onderka 0198c7b0db chg: [internal] Make system setting more secure 2021-11-06 21:23:22 +01:00
Jakub Onderka c9597ba3e9 new: Store system settings in database 2021-11-05 09:19:56 +01:00
Jakub Onderka 24b8c64c58 fix: [UI] Ignore harvest exception 2021-10-29 17:24:35 +02:00
Jakub Onderka a4f9d14602 fix: [API] Remove default filters for viewEventAttributes 2021-10-29 16:30:24 +02:00
Jakub Onderka 0d78d0f994 chg: [internal] Simplified notifications loading 2021-10-23 19:50:38 +02:00
Jakub Onderka 45b4a326ca chg: [ajax] Return correct error code when user is not logged 2021-10-19 14:36:42 +02:00
Jakub Onderka d45ac63bf9 chg: [internal] Do less work when checking if db is updated 2021-10-16 09:58:05 +02:00
Jakub Onderka d469883395 chg: [rest] Close session to allow concurrent requests 2021-10-15 16:17:00 +02:00
iglocska 0ae53cc1f1
chg: [queryversion] bump 2021-10-12 15:02:34 +02:00
Jakub Onderka 544c9ee8b9 new: [internal] Store MISP live status also in Redis 2021-10-04 10:07:32 +02:00
Jakub Onderka 1262b6124c chg: [internal] AppController code cleanup 2021-09-26 13:21:55 +02:00
Jakub Onderka 861fdffada chg: [internal] Move methods to specific controllers 2021-09-26 12:23:23 +02:00
Jakub Onderka aeffc1b204 fix: [internal] Undefined offset in AppController 2021-09-26 11:39:50 +02:00
Jakub Onderka dc05fc1302 chg: [internal] Code cleanup 2021-09-20 10:51:10 +02:00
Jakub Onderka 81eddfdb76 chg: [internal] Do not fetch keys from db for authkey login 2021-09-15 09:51:02 +02:00
Jakub Onderka 617fddd069 chg: [internal] Remove deprecated variables 2021-09-14 15:44:35 +02:00
Jakub Onderka 98b87d8987 chg: [security] Use const hasher also for login 2021-08-24 21:45:37 +02:00
Jakub Onderka b5bb93c51e fix: [API] Deprecation header 2021-08-23 15:39:25 +02:00
Raphaël Vinot 111cbd349d chg: [PyMISP] Bump recommended version 2021-08-05 11:47:42 +02:00
Jakub Onderka 30220e86da
Merge pull request #7525 from JakubOnderka/deprecate-getpymisp-version 
chg: [API] Deprecate getPyMISPVersion
 2021-07-01 09:42:30 +02:00
Jakub Onderka 09e6d41fdf
Merge pull request #7482 from JakubOnderka/authkey-read-only 
new: [API] Read only authkeys
 2021-06-29 10:13:08 +02:00
Jakub Onderka 5fbac2d000 chg: [internal] Simplify generating some JSON responses 2021-06-28 14:43:24 +02:00
Jakub Onderka 017249451b new: [API] Read only authkeys 2021-06-28 12:41:10 +02:00
Jakub Onderka 302faa3150 chg: [API] Deprecate getPyMISPVersion and returns required info in getVersion 2021-06-28 12:36:06 +02:00
Jeroen Pinoy feaaa1ad93
chg: log remote IP for authkey use attempt if remote IP not allowed by key 2021-06-07 18:27:05 +02:00
Raphaël Vinot edc469a47d chg: [PyMISP] Bump 2021-06-07 07:40:09 -07:00
mokaddem c2600b3c94
fix: [appController] Bumped queryversion 2021-06-04 15:33:40 +02:00
Raphaël Vinot 5a31694254 chg: [PyMISP] Bump version 2021-05-13 22:57:50 -07:00
mokaddem d19c7538d3
chg: bumped queryversion 2021-05-04 11:04:10 +02:00
Raphaël Vinot 8e108202d1 chg: [PyMISP] Bump 2021-04-26 10:58:33 +02:00
mokaddem 6407b150eb
new: [event:timeline] Fit visible window from provided start/end dates + help tooltip 2021-04-08 16:34:20 +02:00
Raphaël Vinot c5766f88c8 chg: Bump PyMISP 2021-04-01 14:00:48 +02:00
Jeroen Pinoy b0714a4045 chg: [UI] fix debugon for debug = 1. fix #7131 2021-03-25 16:36:26 +00:00
iglocska c7643515d6
chg: [auth] if no API key is provided for an API action - log it 2021-03-24 23:20:28 +01:00
iglocska 5661adcf8f
chg: [auth key] logging no longer collapsed if the new setting is enabled 
Security.log_each_individual_auth_fail will log all API failures instead of collapsing repeated queries
 2021-03-24 23:03:22 +01:00
mokaddem 2d058b6dc1
chg: bumped queryversion 2021-03-09 10:53:24 +01:00
Jakub Onderka 6a5716b69b
Merge pull request #7150 from JakubOnderka/force-https 
new: [internal] Security setting force_https
 2021-03-04 10:44:33 +01:00
iglocska d4989dbd85
Merge branch '2.4' into develop 2021-03-03 21:31:07 +01:00
Jakub Onderka 2a8ba9020f new: [internal] Security setting force_https 2021-03-03 20:07:07 +01:00
Jakub Onderka 440eb2372c fix: [csp] Incorrect variable name 2021-03-03 18:28:18 +01:00
iglocska e394cfbe66
Merge branch 'develop' of github.com:MISP/MISP into develop 2021-03-03 17:24:36 +01:00
Jakub Onderka 7695b52f0f chg: [csp] Report only by default 2021-03-03 17:19:07 +01:00
Jakub Onderka eb75b5c395 fix: [csp] Custom policies 2021-03-03 15:22:37 +01:00
Raphaël Vinot 9f18cec0ca chg: [PyMISP] Bump version 2021-03-03 13:02:37 +01:00
Raphaël Vinot 9923e30c84 chg: [PyMISP] Bump version 2021-03-03 10:41:50 +01:00
Jakub Onderka 94bba9baca
Merge pull request #7104 from JakubOnderka/authkeys-allowed-ips 
new: [authkeys] Allowed IPs
 2021-03-03 10:05:16 +01:00
Jakub Onderka a646f03aae
Merge pull request #7111 from JakubOnderka/cookie-name 
chg: [internal] Set cookie name just when no name is set
 2021-03-03 09:25:09 +01:00
Jakub Onderka 599819f7f9 new: [authkeys] Allowed IPs 2021-03-03 09:23:07 +01:00
Jakub Onderka 62537961f0 fix: [internal] Undefined index when importing from module 2021-03-02 14:44:41 +01:00
Jakub Onderka 98ec79db60 chg: [internal] Set cookie name just when no name is set 2021-03-01 17:22:39 +01:00
Jakub Onderka 8a3144f112 new: [security] Content-Security-Policy support 2021-02-26 13:21:00 +01:00
iglocska bf0bc494b2
Merge branch '2.4' into develop 2021-02-19 19:43:14 +01:00
iglocska 5654b536bd
fix: [caching] monkey-patching a client side MISP bug causing the caching to loop endlessly 
- MISP caching can run into an endless loop if errors are returned for whatever reason
- This patch handles the specific case when the remote MISP requests an attribute range for caching that has an offset beyond the highest ID (should never happen)

- It's a dirty fix but should have nearly no impact on performance whilst resolving the issue
 2021-02-19 19:41:12 +01:00
mokaddem 487253b712
Merge branch 'develop' of github.com:MISP/MISP into develop 2021-02-19 09:01:26 +01:00
mokaddem 8d9d0e6411
fix: [restClient] Make sure to split value on strings 
Fix #7032
 2021-02-19 09:00:45 +01:00
Jakub Onderka 412d9dba1d
Merge pull request #6906 from JakubOnderka/compressed-requests 
new: [sync] Compressed requests support
 2021-02-18 18:03:11 +01:00
mokaddem 37a724ddf3
fix: [events] Attach cluster from matrix in multiselect. Fix #6956 2021-02-15 15:05:23 +01:00
mokaddem 43db6029db
fix: [eventTimeline] Refrsh attribute index when dragging. Fix #6958 2021-02-15 14:21:32 +01:00
iglocska bf8bd21a35
chg: [connection test] clarified that read only users can pull. 
- Reduced error level to "orange"
- Added a clarification that they can still pull
 2021-02-11 17:46:32 +01:00
Raphaël Vinot 7f85db254c chg: Bump PyMISP & version 2021-02-08 12:09:07 +01:00
iglocska 8f1dd15601
new: [PHP] version notification 
- 8.0 is not supported, let users know in a more obvious way
 2021-01-28 13:09:07 +01:00
mokaddem afe9d26e8a
chg: bumped queryversion 2021-01-25 13:43:36 +01:00
mokaddem d72b626839
chg: bumped queryversion 2021-01-22 14:49:04 +01:00
iglocska a8688501c3
fix: [diagnostics] complain about PHP >= 8.0 2021-01-22 11:55:35 +01:00
Raphaël Vinot 0d9e95679c chg: Bump PyMISP version 2021-01-20 12:58:56 +01:00
Jakub Onderka 69f901110a new: [sync] Compressed requests support 2021-01-19 17:59:08 +01:00
iglocska 3d5c9fb9a6
Merge branch 'develop' of github.com:MISP/MISP into develop 2021-01-05 08:42:47 +01:00
iglocska 44e792617c
fix: [search] don't append the same quicksearch value more than once in the URL 2021-01-05 08:40:37 +01:00
Jakub Onderka ef3d77a4fe chg: [optimisation] Decode JSON input from request just once 2021-01-01 22:17:57 +01:00
Jakub Onderka 1a184ebbb5 new: [internal] Allow to output directly TmpFileTool 2020-12-21 21:02:37 +01:00
Jakub Onderka c7f00b319f fix: [UI] Move debug mode variable before setting database connection 2020-12-17 13:50:26 +01:00
Jakub Onderka 324cdbafce chg: [REST] Close session early for `authkey_keep_session` connections 2020-12-17 13:50:26 +01:00
Jakub Onderka ae5ad7cc36 fix: [monitoring] Do not encode payload, it is string 2020-12-17 13:50:25 +01:00