MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,701 Commits
34 Branches
364 Tags
187 MiB
Commit Graph

794 Commits (5edcd9083f2104e4eeab4be75109b797d756c14b)

Author SHA1 Message Date
Jakub Onderka 197b1a341a chg: [internal] Code cleanup 2020-12-17 13:50:25 +01:00
Jakub Onderka c0f6463d57 new: [security] Cancel API session right after auth key is deleted 2020-12-17 13:50:25 +01:00
Jakub Onderka 640e9492d7 new: [security] Put information about key expiration into response header 2020-12-17 13:50:25 +01:00
Jakub Onderka 8df77748b0 chg: [internal] Small optimisations 2020-12-17 13:50:25 +01:00
Jakub Onderka d92123c915 fix: [security] Do not allow to use API key authenticated session to do non API calls 2020-12-17 13:50:25 +01:00
Jakub Onderka 9896f67358 new: [security] New setting Security.username_in_response_header 2020-12-17 13:50:25 +01:00
Jakub Onderka feab5f553b chg: [interna] AppController code cleanup 2020-12-17 13:50:23 +01:00
Jakub Onderka 4c6ffc6985 chg: [internal] Rename MISP.log_user_ips_auth -> MISP.log_user_ips_authkeys 2020-12-17 13:49:32 +01:00
Jakub Onderka 8662a7efaf chg: [internal] Move access monitoring to own method 2020-12-17 13:49:32 +01:00
Jakub Onderka ee8a495d89 new: [internal] Show auth key usage in key view page 2020-12-17 13:49:32 +01:00
Jakub Onderka c6bf9de3ca fix: [internal] Remove unused variables 2020-12-17 13:49:32 +01:00
Jakub Onderka 6821556000 chg: [internal] Allow to reuse session for API requests 2020-12-17 13:49:32 +01:00
Jakub Onderka e5e855b3c2 new: [internal] Allow to log authkey usage in Redis 2020-12-17 13:49:32 +01:00
Jakub Onderka 6ce13b8168 chg: [internal] Do not log full authkeys 2020-12-17 13:49:32 +01:00
Jakub Onderka a0fb186a3c chg: [internal] Simplify User::describeAuthFields 2020-12-17 13:49:32 +01:00
Jakub Onderka d0ec184796 fix: [internal] Remove unused $user siteadmin variable 2020-12-17 13:49:32 +01:00
Jakub Onderka 49b85ed33c chg: [internal] Load just necessary info when loading homepage info 2020-12-17 13:49:32 +01:00
Jakub Onderka 18402c0489 chg: [internal] Load user role info from session data 2020-12-17 13:49:32 +01:00
Jakub Onderka 7f0d06ae4d chg: [internal] Move user checks to one place 2020-12-17 13:49:32 +01:00
Jakub Onderka becbf95c37 new: [UI] Download GPG public key from GPG homedir 2020-12-17 13:19:55 +01:00
iglocska a332e1379c
Merge branch '2.4' into cerebrate 2020-11-30 23:49:40 +01:00
iglocska 320191bbd8
chg: [querystring] bump 2020-11-30 23:46:37 +01:00
Jakub Onderka 2c7d6e4466 new: [auth] Allow to enforce auth plugin authentication 2020-11-30 14:46:36 +01:00
Jakub Onderka 165da72fdf fix: [internal] Remove unused method from AppController 2020-11-27 09:01:35 +01:00
Jakub Onderka e15ca97f33
Merge pull request #6081 from JakubOnderka/security_disable_browser_cache 
new: [security] HTTP headers hardening
 2020-11-24 21:00:02 +01:00
Raphaël Vinot 7dab02b1e5 chg: [PyMISP] Bump version 2020-11-23 10:07:11 +01:00
mokaddem e45174f83c
fix: [appController] Prevent notice for `perm_galaxy_editor` if update is still running 2020-11-19 17:35:30 +01:00
mokaddem 89f307bd07 Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-11-18 09:22:40 +01:00
Jakub Onderka 12f84b0d69
Merge pull request #6587 from JakubOnderka/authkey-view 
Authkey view permission fix
 2020-11-17 21:25:38 +01:00
mokaddem 9db29821b4
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-11-16 16:11:17 +01:00
Jakub Onderka c51cd36ac3 fix: [internal] Destroy session just when session is started 2020-11-16 14:58:12 +01:00
Jakub Onderka 000706251b fix: [security] Proper check who can view new authkeys 2020-11-15 18:04:34 +01:00
mokaddem dc65c79130
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-11-13 16:26:35 +01:00
mokaddem 1879bc05b7
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-11-12 09:05:12 +01:00
iglocska dbffebe503
Merge branch '2.4' into CRUD 2020-11-11 11:19:23 +01:00
mokaddem 17c793d10f
chg: Bumped queryversion 2020-11-10 13:31:43 +01:00
mokaddem 150b4cb7d1
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-11-09 10:07:43 +01:00
mokaddem 37072e309f
chg: Bumped queryversion 2020-11-09 09:03:55 +01:00
Jakub Onderka 5d6c1abe3c
Merge pull request #6519 from JakubOnderka/update-login-times 
fix: [internal] Properly set login time for custom auth
 2020-11-07 09:58:54 +01:00
mokaddem 1bf5c599f2
chg: bumped queryversion 2020-11-06 16:36:34 +01:00
iglocska 158036f525
chg: [version] bump 2020-11-02 13:56:08 +01:00
Raphaël Vinot 3b6017a5ed chg: [PyMISP] Bump version 2020-11-02 10:55:59 +01:00
mokaddem 0971e50752
chg: Bumped queryversion 2020-10-29 19:26:57 +01:00
Jakub Onderka 5a4ba9cbc1 fix: [internal] Properly set login times for custom auth 2020-10-29 17:53:11 +01:00
iglocska 62bbc95472
Merge branch '2.4' into CRUD 2020-10-20 02:01:21 +02:00
iglocska 68f2425af1
chg: [authkey] system tied into authentication 2020-10-20 01:48:16 +02:00
Jakub Onderka 63ae5c16e0 new: [security] New setting to check `Sec-Fetch-Site` header 2020-10-19 19:24:09 +02:00
Jakub Onderka 1993f2235c chg: [internal] Do not load notifications for ajax requests 2020-10-19 17:28:52 +02:00
Jakub Onderka 5e12063620 new: [security] Add new `Security.disable_browser_cache` option to disable saving data to browser cache 2020-10-18 18:53:57 +02:00
Raphaël Vinot e14192ccf6 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-10-16 13:18:16 +02:00
Raphaël Vinot 5527c24d92 chg: Bump PyMISP 2020-10-16 13:17:04 +02:00
Jakub Onderka 0e80b9f498 fix: [freetext] Do not load event page twice when saving freetext 2020-10-11 12:36:00 +02:00
mokaddem 40b3259b7a
fix: [decayingModelSimulation] Correctly extract part of atomic tags 2020-10-06 14:18:05 +02:00
Jakub Onderka 3be0ab9169 chg: [internal] Use ACLComponent for menu item permission 2020-10-03 16:12:44 +02:00
mokaddem 6bcde44950
chg: bumped queryversion 2020-09-28 10:32:14 +02:00
mokaddem eb84b3344f
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-09-22 12:08:12 +02:00
mokaddem 1287b18106
chg: [queryversion] Bumped 2020-09-15 14:07:41 +02:00
Raphaël Vinot 1684478091 chg: [PyMISP] Bump version 2020-09-08 12:47:30 +02:00
Sami Mokaddem 775514ccf8
chg: Bumped queryversion 2020-09-03 16:41:26 +02:00
Golbark 3fb47d1cce chg: [internal] Using blocklist instead of blacklist 2020-09-01 16:27:36 +02:00
iglocska 704378c919
fix: [JS] broken URLs due to the baseurl refactor 
- no need to prepend URLs taken from the forms themselves directly.
 2020-08-24 17:20:57 +02:00
iglocska 242d25d5e4
chg: [API] GET requests on restsearch with no parameters are no longer allowed. 
- warn the user of the use of GET queries with posted JSON bodies
 2020-08-24 09:04:30 +02:00
Raphaël Vinot db55589512 chg: [PyMISP] Bump tag 2020-08-20 13:04:44 +02:00
Jakub Onderka b6116098c0 fix: [security] Throw exception if invalid data provided 2020-08-05 12:39:11 +02:00
Jakub Onderka 67a9d612d5 fix: [security] ACL check when adding or removing tags 2020-08-04 12:23:41 +02:00
Jakub Onderka db626cf741 fix: [security] Respect ACL when event edit 2020-08-04 12:21:42 +02:00
mokaddem 94aa68c8b4
chg: Bumped queryversion 2020-07-31 13:30:17 +02:00
mokaddem b3dbecb318
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-07-14 16:25:04 +02:00
iglocska bf4610c947
fix: [security] setting a favourite homepage was not CSRF protected 
- a user could be lured into setting a MISP home-page outside of the MISP baseurl
- switched the endpoint to be CSRF protection enabled

- as discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
 2020-07-13 12:19:11 +02:00
mokaddem f3a9481c61
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-07-01 16:22:55 +02:00
Raphaël Vinot 688585b323 chg: [PyMISP] Bump 2020-06-22 14:34:49 +02:00
Raphaël Vinot 5a512063a3 chg: [PyMISP] Bump 2020-06-16 14:30:23 +02:00
mokaddem 5c04b9a8c1
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-05-28 14:06:30 +02:00
Jakub Onderka 8c13330712 fix: [internal] Check if user is logged before checking if he is site admin 2020-05-19 17:11:39 +02:00
Jakub Onderka df1ed1badf fix: [internal] Set notifications count and loggedInUserName just for logged users 2020-05-19 17:10:53 +02:00
Raphaël Vinot b8f0574f71 chg: Bump PyMISP 2020-05-18 12:38:25 +02:00
iglocska c8e9fa1c76
chg: [roles] allow the creation site admin enabled roles without auth access 2020-05-06 14:53:11 +02:00
iglocska f278407e91
chg: [VERSION] bump 2020-04-30 11:50:22 +02:00
iglocska e9c00cb1b4
fix: [otp] pre-auth action list only expanded if otp is enabled 2020-04-29 15:55:22 +02:00
iglocska 6ec8391e46
Merge branch '5726' into 2.4 2020-04-29 15:50:01 +02:00
Andras Iklody f30959f274
Merge pull request #5561 from JakubOnderka/is_rest_cache 
chg: [internal] Cache result of AppController::_isRest method
 2020-04-28 15:46:24 +02:00
iglocska 03c866fe4e
fix: [registrations] Users can now register using the API without a valid key, affects #5783 2020-04-24 11:39:59 +02:00
iglocska 45e42ca84f
new: [privacy] filter added for the authkeys in the admin section to make giving trainings easier 2020-04-21 08:09:26 +02:00
Golbark 93ba84fd02 Hook into native authentication flow instead of beforefilter 
which prevents any after-auth bypass and rely on framework
session management.
 2020-04-20 12:24:47 +02:00
Golbark 3436bc6ae5 Merge branch '2.4' into email-otp-implementation 
Conflicts:
	app/Model/Server.php
 2020-04-20 12:16:25 +02:00
iglocska 078bf123a1
chg: [ACL] added the feed data reload 2020-04-17 14:23:34 +02:00
iglocska 10ab82f830
new: [UI Helper] DataPathCollector helper added 
- helps the index factory fields retrieve data from the currently processed object based on a set of paths
 2020-04-17 14:13:15 +02:00
iglocska 3fa5c3f370
fix: [database] added missing file 2020-04-14 15:17:15 +02:00
mokaddem dd1be03597
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-04-09 14:26:48 +02:00
iglocska 4ebc0a7988
new: [inbox] system added 
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
  - request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
  - they can accept/discard them individually or en masse
  - users will be notified of their credentials automatically
  - quick user creation if the user asks for an org that doesn't exist yet
 2020-04-07 13:21:01 +02:00
Golbark d254d04365 Rely on session_id instead of user_id and address minor comments 2020-03-26 02:55:14 -07:00
Golbark 309bbc6814 new: usr: Implementation of email-based OTP 2020-03-25 07:45:09 -07:00
iglocska d7e3674987
new: [audit] Added user monitoring 
- site admins can set the monitoring flag on a user if the feature is enabled on the instance
- monitored users will have all requests logged along with POST bodies

- keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
 2020-03-25 11:49:33 +01:00
mokaddem 04dcdebb1f
new: [galaxyCluster] Initial import of Galaxy2.0 codebase - WiP 2020-03-12 10:26:09 +01:00
Raphaël Vinot 8beec4e383 chg: Bump PyMISP 2020-03-10 14:31:31 +01:00
iglocska f1faa7845f
fix: [dashboard] grid scope fix 2020-03-10 11:34:30 +01:00
mokaddem 431ccc6a04
chg: [response header] Added `X-XSS-Protection` header 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:06:35 +01:00
iglocska a40c227ca4
chg: [querystring] bumped 2020-03-02 23:14:55 +01:00
iglocska 0d4df7c98b
new: [Dashboard] system 
- Dashboard
  - modular similar to restSearch
  - build your own widgets
  - use a set of visualisation options (more coming!)
  - full access to internal functions for queries
  - auto discover core and 3rd party widgets
  - rearrange / configure widgets for each user individually
  - rearrange / resize widgets
  - settings can be configured by a site-admin on behalf of others
  - modules have a self-explain mode to guide users
  - caching mechanism for the modules / org

- set homepage / user
- various other fixes
 2020-03-01 18:05:21 +01:00
iglocska 4bfcc3211b
new: [API] object level restSearch added 
still WiP
 2020-02-29 08:57:32 +01:00
iglocska 08e0e9d16d
chg: [version] bump 2020-02-26 16:13:12 +01:00
iglocska c310b30177
fix: [custom auth] correctly use HTTP_ as the default header namespace 2020-02-23 19:13:48 +01:00
iglocska 363d0cd69a
new: [logging] Log user IPs on login 
- feature is optional and needs to be enabled in the server settings
- on successful login logs the associated user ID for a given IP (30 day retention)
- also logs the IP for the associated user ID (indefinite retention)
- added two command line tools to query
  - Get IPs For User ID: MISP/app/Console/cake Admin UserIP [user_id]
  - Get User ID For User IP: MISP/app/Console/cake Admin IPUser [ip]
 2020-02-20 16:07:10 +01:00
iglocska 88894fc2e5
chg: [version] bump 2020-02-10 16:22:03 +01:00
Jakub Onderka cdf578be4a
fix: [internal] Remove unused line 2020-02-07 17:57:59 +01:00
Raphaël Vinot 6f2005ff60 chg: Bump PyMISP 2020-02-06 10:54:17 +01:00
Jakub Onderka 110eabb08d chg: [internal] Cache result of AppController::_isRest method 2020-01-27 22:02:08 +01:00
Jakub Onderka a3c07277c4 fix: Proper logout when `CustomAuth_custom_logout` is set 2020-01-23 16:46:02 +01:00
mokaddem 60143aba44
chg: [timeline:display_threshold] Increased display threshold 2020-01-20 15:48:26 +01:00
iglocska 3792e4032c
fix: [update] fixed an issue blocking the updates from executing 
- invalid check for the admin role - too early to check for _isSiteAdmin() at that point
 2020-01-20 12:57:12 +01:00
iglocska 8ca5bfd25a
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-01-20 11:57:28 +01:00
iglocska 2ac7ea62da
fix: [internal] upgrade issues fixed 2020-01-20 11:56:50 +01:00
mokaddem 6dc79425dd
chg: [queryVersion] Bumped version 2020-01-20 10:39:50 +01:00
iglocska a577c69118
chg: [versions] requirements for languages changed 2020-01-17 15:14:53 +01:00
Richard van den Berg f79f90a1e4 Return STIX in JSON format when Accept header asks for it 2020-01-06 17:13:49 +01:00
mokaddem 9d77a5b3f9
chg: bumped queryversion 2019-12-04 12:15:56 +01:00
iglocska 8d14250cbf
chg: [VERSION] bump 2019-12-02 09:56:42 +01:00
Raphaël Vinot 183dee34f0 chg: Bump PyMISP 2019-12-02 09:44:15 +01:00
iglocska 1c5afa49ed
new: [refactor] Massive internal refactor and cleanup of deprecated APIs 
- new centralised restSearch function in AppController as entry point via all controllers
- new component handling restSearch related support functions, such as parameter mapping
- hollowed out all deprecated export functions on the event/attribute controller
  - replaced with a new functionality that remaps them to restSearch
  - all functionality should be maintained with all additional advantages introduced with restsearch
- additional cleanup (some unused functions removed)
 2019-11-29 10:11:30 +01:00
iglocska 26459f1b63
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-11-26 19:04:34 +01:00
iglocska e7173e2ee4
new: [legacy] handler added for Legacy APIs 
- allows for a remap of the parameters and subsequent calls to modern functions
 2019-11-26 19:01:22 +01:00
iglocska 9e74259bdb
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-11-26 17:11:56 +01:00
iglocska cbbe2b3a30
chg: [CSRF] disable CSRF if you absolutely feel like setting yourself up for failure 2019-11-26 17:11:33 +01:00
iglocska a1dcfb1931
new: [deprecation] Added a new library to handle deprecations 
- send X-Deprecation-Warning via the API
- set new Warning flash messages via the UI
- counting the use of these functionalities / API endpoint and / user
  - added a diagnsitic tool to view the outcome of the collection
  - sharing of these collections with the MISP-Project will be optionally available in the future

- two modes of operation:
  - hard deprecation (functions certainly to be removed, reported to the users via API/UI)
  - soft deprecation (gauging interest for the continued use of these functions)
 2019-11-20 15:30:06 +01:00
iglocska 0c15043cfa
new: [sync] view remote user tool added to the server index 
- should help with debugging what user is being used
 2019-11-13 19:09:37 +01:00
iglocska fc5c9d0db6
Revert "Revert "Merge pull request #5304 from JakubOnderka/version-loading"" 
This reverts commit 623bb20cb0.
 2019-11-12 13:12:42 +01:00
Raphaël Vinot 623bb20cb0 Revert "Merge pull request #5304 from JakubOnderka/version-loading" 
This reverts commit 71fb7fcbd7, reversing
changes made to 11ee95aeb3.

Note: broke freetext import.
 2019-11-12 10:16:36 +01:00
Andras Iklody 71fb7fcbd7
Merge pull request #5304 from JakubOnderka/version-loading 
fix: [internal] Load MISP version just once in AppController
 2019-11-11 15:15:20 +01:00
iglocska 463b98c275
new: [API] SQL dump now includes two modes 
- sql_dump:1 - append the SQL dump to the response
- sql_dump:2 - only return the SQL dump in the response
 2019-11-11 08:19:00 +01:00
iglocska 21088005d4
chg: [internal] Hooked the sql_dump flag into the normal flow 2019-11-11 08:13:14 +01:00
mokaddem a2ab30fcab
chg: [queryversion] Bumped queryversion 2019-11-08 11:47:13 +01:00
mokaddem 3babd222ac
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-11-08 11:42:27 +01:00
iglocska 28028869da
new: [UI] Added the index filter component 2019-11-06 21:16:50 +01:00
mokaddem d63f81076b
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-10-30 13:58:43 +01:00
Jakub Onderka 9314e9c968 fix: [internal] Load MISP version just once in AppController 2019-10-13 11:29:43 +02:00
Raphaël Vinot e05c3b9092 chg: Bump recommended PYMISP version 2019-10-10 23:59:11 +02:00
iglocska e5ed126cc5
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-10-10 11:59:28 +02:00
iglocska be509b3833
fix: [API] rate limit should only run on the API 2019-10-10 11:55:33 +02:00
mokaddem 80b1061639
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-10-10 09:54:51 +02:00
mokaddem 8476f667c2
chg: Bumped queryversion 2019-10-10 09:44:19 +02:00
mokaddem d86264b2ba
fix: [live:notice UI] Fixed baseurl variable 2019-10-08 14:25:30 +02:00
mokaddem 901a57c2bd
fix: [live:notice UI] Fixed baseurl variable 2019-10-08 14:20:01 +02:00
iglocska a8c57a8316
new: [API] Added rate limiting option to the API 
- / role setting
- can be enabled/disabled and if enabled a limit can be set
- limit counter / 15 minutes starting from the first query
- x-headers inform the user about their limit/remaining queries/reset in seconds
 2019-10-08 11:43:56 +02:00
iglocska cee439dc80
fix: [performance] notifications lookup on each UI page load was slow 
- introduced a major bottleneck on large instances
- massively reduced the load times for pages that warranted none
 2019-09-30 08:36:13 +02:00
iglocska dc25176384
fix: [internal] paranoid log body didn't contain full body for API calls 2019-09-26 10:28:53 +02:00
Andreas Rammhold 624476a1f9 chg: [AppController] move debugMode setup code to a function so it can be reused 
There were already two places in AppComponent that implemented the same
functionality. It makes sense to move this to a common function so it
can also be used from Controllers that do not inherit the full
beforeFilter functionality.

Since `__preAuthException` is private and only called from the
beforeFilter method after the variable has been setup we can remove
the explicit init from there.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 96311ef480 chg: [AppController] move the database connection setup to a dedicated function on the AppComponent 
This removes a bit of clutter from the already large beforeFilter
method and allows other views to resuse the logic without having to
duplicate it.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 013b3ac619 chg: [AppController] move the `baseurl` configuration into a helper method 
This makes the beforeFilter function a bit smaller while keeping all the
functionality. It will also help with reusing the setup logic in views
that can not execute all of AppComponent::beforeFilter, like the
LinOTPAuth plugin.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 3cbc36af4e chg: [AppController] move loading and initialisation of Auth plugins to reuseable method 
For some authentication workflows it might be desireable to execute the
exact same code without having to call the entire beforeFilter method
from the base class. That way you do not have to work around all the
edge cases without having to reinvent the same code in multiple
locations.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 9edffd01ba chg: [AppController] move login redirects to dedicated functions 
This makes it easier to modify the login redirect behaviour in a unified
way. For now this just uses the default Auth loginAction while setting
the `admin` attribute to `false`. Thus application behaviour should be
unchanged.
 2019-09-18 15:57:28 +02:00
iglocska 71a0fd350b
fix: [UI] Annoying race condition fixed causing redirects to the login, fixes #5172 2019-09-17 12:40:22 +02:00
iglocska 518c83362c
chg: [version] bump 2019-09-16 13:55:16 +02:00
iglocska 850159627a
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-09-13 11:51:05 +02:00
iglocska ffc9147018
new: [sync] Added sync priority system to prioritise the order of instances to push to 2019-09-13 11:49:12 +02:00
mokaddem cfafc2e51f
Merge branch '2.4' of github.com:MISP/MISP into decaying 2019-09-12 13:35:35 +02:00
iglocska 290a92808d
fix: [customauth] default setting for use_header_namespace should adhere to what is displayed (true) 
- as requested by the MELiCERTES consortium for CSP
 2019-09-11 09:28:45 +02:00
mokaddem 35e2c62947
chg: [app] bumped queryversion 2019-09-10 15:43:20 +02:00
mokaddem f3860ade80
Merge remote-tracking branch 'origin/2.4' into decaying 2019-09-10 15:40:25 +02:00
iglocska 77f767ff02
fix: [internal] blackhole function default fixed 2019-09-10 15:22:55 +02:00
iglocska 33f7444fe9
new: [auth key fail logging throttle] Throttle the auth key failed log entries to 1 / hour / key 2019-09-09 14:09:18 +02:00
mokaddem 1d378fd7bd
Merge remote-tracking branch 'origin/2.4' into decaying 2019-09-06 16:21:17 +02:00
iglocska 2053d7e74f
fix: [authentication] prepend the baseurl to the login/logout redirects - fixes #3871 2019-08-30 15:24:29 +02:00
iglocska 145730fe60
chg: [VERSION] bump 2019-08-30 13:09:41 +02:00
mokaddem 673b314ce6
chg: bumped query version 2019-08-29 13:03:25 +02:00
mokaddem a5d06d1333
Merge branch '2.4' of github.com:MISP/MISP into decaying 2019-08-29 10:52:18 +02:00
mokaddem 82e70fee12
fix: [appController] Fixed updateProgress redirection link. Fix #5068 2019-08-27 15:02:02 +02:00
mokaddem 26afe1765d
chg: [roles] Added `perm_decaying` role 2019-08-20 16:37:06 +02:00
iglocska e296288f59
chg: [version] bump 2019-08-16 19:04:17 +02:00
iglocska 519e110f9f
new: [internal / API] new component added to handle repeatable code across all controllers (toolbox controller) 
- added UUID -> ID lookup function and integrated it across several functions
- fixes #4990
- fixes #4999
- fixes #4993
- fixes #4991
- fixes #4989
- fixes #4987
 2019-08-14 15:01:31 +02:00
iglocska 1cb9489839
fix: [sessions] Several minor fixes to the session handling 
- cookieTimeout setting fixed
- moved the session massaging into a separate function
- added some translation calls for some of the setting errors involved
 2019-08-09 15:57:15 +02:00
iglocska 539a7431a4
new: [session handling] Session handling fixes 
- changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions
- timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
 2019-08-09 14:41:17 +02:00
iglocska fc3a38d463
fix: [pymisp / querystring] versions bumped 2019-08-02 17:06:17 +02:00
iglocska 4781d68a44
chg: [UI] Added the new user name helper 2019-08-02 10:45:55 +02:00
iglocska 1434759135
new: [API] Disable background processing on-demand via URL parameters 2019-07-31 15:56:33 +02:00
Andras Iklody 046704b735
Merge pull request #4878 from RichieB2B/ncsc-nl/fix-destroy 
Fix session_destroy errors
 2019-07-16 18:11:53 +02:00
mokaddem 458bd23937
chg: bumped queryversion 2019-07-16 16:08:28 +02:00
Richard van den Berg 50846595c8 Destroy the CakeSession, not the php one. Fixes #4808 2019-07-16 11:56:56 +02:00
Alexandre Dulaunoy 5122299cd4
chg: [version] align PyMISP version with core 2019-07-13 09:16:37 +02:00
iglocska c8018d7daa
new: [API] Proposal sync rework done 2019-07-12 16:03:08 +02:00
mokaddem 41615b7ce4
fix: [eventGraph] Correctly pick the first-matching requiredOneOff to 
generate the object's label
 2019-07-03 11:38:07 +02:00
mokaddem 4ab4318eb2
chg: [event:view] Make `Related *` scrollable 2019-06-24 14:00:51 +02:00
iglocska d69188f66a
new: [correlation graph] Toggle physics on/off 
.,/#&&@@@@@@@@&%(*.
                                                         #@@@@%*..,..,.,,.,,.,.,.,,,,..,*#@@@@(
                                                  .&@@%,,.,,.,,,*#%&&&%#(/**,,**/(%&&&%(/,.......(@@@,
                                              %@@(,,,,,,(&&%*..........  ...*,*..,.........../&,....,%@@,
                                          &@&,,,,,*&&(....  .*....*..//.../../(...*.*(...%..........#&(....*@@/
                                      ,@@,,,.,#......#..#*..(#..(*./,..,...*(...*.,.*..........#/#.....%&,..,/@@.
                                   /@%,,,,(&(.....#/,...#../.(#...,/.,,../,..*(...*...%,.........,*...#./....#&,.,,@@.
                                .@&,.,,%&....,,....(*,.../.(,..(...,..,..*#..,,..,..,...*,....../#...,..(//.....,&/..,&@.
                              %@,,,,#&...,,/./**....(,,..(,.//..,*..............................,.....././(.,..*...,&/,,,@&
                            @%,,.(&,../(*..(#../#....(*. /....................................../,..*.*..//,,..,/.....,&...%@
                         .@(..,&&,......%,,/..../(..(................................................/(..(.,.*.....**....%#,,*@,
                        @(,,*&%*.........*((....*#.......................................................(*.,,.......*,#...*&..,@*
                      @#,,/&%,.(*..........#,/.............................................................../...*..*(.......*&.,*@,
                    #@,.,&&*.#&/(.,...............................................................................,...(...,.,,.*%..*@
                   @*,,%@/......#*(................................................................................./. (./.#.....#%..%@
                 &@,,/..........#,../................................................................................,.#.........&*,,@*
                @/,,&@,............/(..................................................................................#............*&../@
               @*,/&&.................................................................................................................&,..@
             (@,,(&(...................................................................................................................%%..@(
            (&,,#&*.....................................................................................................................,%../%
           #@,,%&........................................................*/,...../(*......................................................&..*@
          /&,,%&....................................................,                  **..................................................&..,@
         *@,,%&..................................................,     . . ..       .  .  *,................................................&..*@
         @*,#%,................................................*   ..                       (................................................&.,*%
        @/,*#*...............................................*%/,,,***,...,,.  ..............,&..............................................,&..&(
       %&,,%@...............................................%**,..,,,,,,,......,. ........   ,,%#............................................./(,.@
       @*,(%................................................*,..*(*.*,,...*,/..*,.. ... .,.*... ...............................................&*..@
      &(,,#,...............................(/**,,,.,,(.*/,%&&%#*/#(....,* .,...... */. ..,/**/(##% *,,.,,.( .   .(..............................&..##
      @*,%#................................*.... .(/..... %,,.,,*.,**.,,,,,,*((*,..... .(. . . .. ,.,,,..,. .....,..............................#(..@
     ,,/,................................*.  ...........#,*.,/*.,,,,,,,,,,,...,*.......  .(. .  *              %...............................&..*#
     @/,##.................#*..,*,,,,..(/,,,*.,***/,,,,/*/*.,,,,,,,,,,,//***,,,**...... ..   ./.%.,*.(*,,,..,.,/,..,***/*#...*%(...............%(..@
    .@*.#*..........,,,,,*,%....,/,**/...,//(/...*/((,.,/&%((/***/*//**///////********,,,,......./%(..........      . .,,,,.....#*.. ...,.........%..%/
    #(*//..........%,.,,,,.%........... . ...............*/****,*,,,,**,,,,,,,,,,,,,..,,.........(,,,,,*,,,*,,,.........     ....( ...../.........&.,.@
    @/,(/........%%,.,,*,(%/*/*...,.,,*,..............,,.,/%%%###%%##%####(#%####%%(/((###(//(%((..................,   .  ....,%%((((//(&.......#/..@
    @/,((..........%......#*...........,..............,.../,//****/***/**,,*/,,/(*,*,,........**.(.,.................*...........&     .*.........,%..@
    @/,#/..........(,,.,,,(*.........../..............,.../,/*/((((//*//*,*#***,./,/,,,........*./...................*...........%....../..........%..%.
    @/,#*..........#......*/...........*..................*.**/,.,*(//**/,..,..,...*,,,..,*,...*.(...................*...........%   .../..........&..(,
   .@(*#,..........%......//...........,.,......,,*,**....*./**(,##,(//*/,/%&&&%%&//,,,..,//,.,*.(...../,,,,.........*.,.,.,.....& .. ../..........&../,
    @(*#,..........#...(,,&/.....,%##(,*.......,,/*,(.,..,*./*/(*/**(/*,/,///***,.*/,,,..,../.,*./.....*/..(........./,*,*#......&,../..*..........&..(,
    @(*#/..........#..*...%/...,.*,..#,,.......,,,..#,,.,,*./*/(*//*(//,(**//,,,,.*/,.,.,*../../,/...../(..(.........(.,..(.,....#. ..*.,,.........%..%
    @/*/*..........#..,...%*...,.*,..#.,.......,*,..(.,,..*,**(#*((/(//,/********,*/*,,,.*..*.,/,(.,...*(..(.........(.,..(......#... *.*,.........%..@
    &//*,..........%..*...&,...../...(,,......,,*...(.,,,,,.///(*/////(*(,/*/***,,*/*.,.,*..*.,*./.,...*(../.........#,,..(......#.   /./..........#..@
    *%/,#..........%..,...%,...........,.......,*...#.,,,./.**((*//*(//*(,/*/**,*,//*,,..,..*.,/,(...,.*#../,........#. .,......./.   /.*.........**..@
     @/,(,.........%..    %....,..,....,,......,*...(,,,,/.,/,./*/(,(((/%#*,(///*//((,...*..*.,*,,#.,,,//  ,.........#...........#.   . ,.........&..%/
     @(/,/....,.........,*..,.........,,.....,.,.,,*,,,*//***,,,,,,**,***,****//(((##%%#######(#(#(..,.***,,,........#............./...    ..,*...%..@
     ,@/,#,...,..,.,**,,,..,,,.,,.....,.,.,...,,/***/,,//(/////////**///(////**,,,,,,**,,,,......./.*,,**,,,,........#.............*,,,*,,,..**..#*.,%
      @/**/...............................,,,,,,,,,,,*&&%%%###%%%%%%%%%&&&&&&%%##((/////***,*,,,,*/#%(&%###%%%%%&&&&&&%########((//**,...........%..@
       @/,/...........,%...............................**,,,,,,,*******//((###%%%&&&&@@@@@@@@@@@@@@%...............................,,,,,,,*/*.**.*&
       /,#.....,*.,%&&%...........,.,..,*.....*,&/......*.*,/....&(#%......,.....*. ,.....,,,............../*........ .............../,..#*,..%..@
        @/*,/..,*@*...../(...........%*(,*%....,/#../#....*%( /.....(*.....,*,....(,......../.,......(,......#(.....#...#...........,.....//...&..%,
         @/,**.*(....(,%./%.........*%,#.,&.....,(..&.....*%.##.....((.....,/.....*/........(........(,......#(....../../........../.......((.**.*&
         (@/,(*..%#....,.,&........................................................................................................#*....../.,%..@
          #%/,(,..**/,..*%..*....................................................................................................,..#,.**(#..#..@
           @%/*#*.,....%*.#*%,,...................................................................................................%.........%.,@
            /,(/...,%.%./.*@*,................../&//...................................................,#*................../#*....&*./..%.,@
             &&/,(%..,./.(&....,/,..............,#(/,/. ,..............................................(*,,.,,...............,*..&..*../.,#.,@
              /&/,*%..,%,....*.(&*%............##.,...*&., ,....................................../.#...,,.../................%,..../&,.*,.,@
               ,@/**%*......,&(...&.#................*&..,(,./(,*.............................*..%./*.....#*,............*......,%.*,..&.,/%
                 @(/*#&..*/@.......%#(%............,/&...,(*#..(#./#.................,*.,.%,, .( ....,*.................,#...,.....(..#,.@*
                  #&/**&%......,,(&/..*.,................,%..../%(,..........///,#(.,*.....(.#,.,....#(...............%.*..%.....(..%,,,@
                    @(/*(&*...*&.((...../%/..................,/(.............*......./##,...(,..#*.....................,#.,..%.*..,/,,@*
                     #@//*#@..##%..../.%...%....................,............(/.../..(*..,../...................#/.....#..%...,..%..*@
                       @&(**%@,.,/.,.(*...//...................................%&(................................& &,..*..%,..%,,.@
                         @&(*/#&(..((..,.#/....../.*.*.......................................................%.,...%*..%/....%...@.
                           @&(//(&@...%#/.......#/%..*.( /,..........................................*,,...../*%*,...#..../(.,.@.
                             &@(///%&/...........,/#.....*/##(.....................................,*,........(.%%#,/...%,.,*@
                               /@#((/(%&*.....*/..((%...*/#...,*((#&.  ,,*///*..............(*.../*.,.*,......&......%#.,,@%
                                  &@((//#%&*...#(**#.../,/...*#*/../,,.*.*...(*,,..((....../,.....,,./........(...%/,,,#@
                                     @@(((((%%&,....../,/...,.**/..*,*..,,,(/..,,.,.,......(,.....(,..(, ...../%*.,,(@*
                                        #@%////#%%&*....#.,(.,#*,..*,...*,./*.....#(........(,....(.......(%/,,,,&@.
                                           .&@#////(#%%&(.....*&&*/*(...*,,..*./,...(...............,/%/,,,,,%@#
                                                #@@/*////(#%%&&/.........,*(#*..(,/*.........,*#%//,,*,,*@@(
                                                     /@@@(/(////((((###%&&&&%%%%%%%%&%%##(/*******/&@@(
                                                            ,%@@@@%#((//////******/////(/#%@@@@%,
                                                                          .,***/***,.
 2019-06-20 17:46:39 +02:00
Andras Iklody 1470d21813
Merge pull request #4674 from juju4/devel-globalstrict 
strict typing - snuffleupagus tests
 2019-06-18 09:29:12 +01:00
mokaddem b42f803110 chg: bumped queryversion 2019-06-12 15:31:06 +02:00
iglocska 3bcd7c57a3
chg: [querystring] bump 2019-06-12 14:24:14 +02:00
mokaddem 210477eaaa chg: bumped queryversion 2019-06-12 14:13:25 +02:00
iglocska 3733f3dd00
fix: [CSRF] END THIS NIGHTMARE 2019-06-07 15:25:32 +02:00
iglocska ab86fd658b
fix: [CSRF] Potential fix for the CSRF issues via tag/galaxy additions 2019-06-07 14:44:39 +02:00
iglocska 75dcaa14e0
fix: [session] Fix to automatic session destruction in previous attempt to fix the overflow of API sessions 2019-06-07 08:49:30 +02:00
iglocska d6fc4272ad
fix: [API] Destroy the session at the end of the execution 2019-06-06 20:31:56 +02:00
juju4 492b076f12 strict typing - snuffleupagus tests 2019-05-26 09:06:16 -04:00
mokaddem 46be1e918e chg: [event:view] Correctly display title to large by truncating 
(+ellipsis)
 2019-05-23 15:07:43 +02:00
mokaddem 6d5fac0a6c chg: Bumped queryversion 2019-05-21 10:11:04 +02:00
mokaddem 75d92190cb chg: bumped queryversion 2019-05-21 09:52:09 +02:00
iglocska 1aef957d5f
new: [paranoid logging] Added POST/PUT body logging on demand 2019-05-17 12:04:19 +02:00
iglocska f71bb17ea4
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-05-17 11:46:12 +02:00
iglocska e89b4525ad
new: [logging] Added paranoid logging mode 
- will log ANY query's (UI/API):
  - http method
  - requested URL

- optionally disable DB logging for paranoid log entries
 2019-05-17 11:45:20 +02:00
mokaddem 711f9d398e chg: Bumped queryVersion 2019-05-16 17:28:40 +02:00
mokaddem ffbbb9292d chg: [eventgraph] Force constant color for the eventgraph's nodes. Fix #4536 2019-05-06 15:19:22 +02:00
Steve Clement fc8f7982df
Zoidberg's son: Update system (#4534) 
Zoidberg's son: Update system
 2019-05-01 18:24:41 +09:00