MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
14,606 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

11443 Commits (6626e5bf2451cffed6ead2a0617f2ca947f4eecb)

Author SHA1 Message Date
iglocska 8c7bef419d
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-03-09 10:36:22 +01:00
iglocska 23f1c9f51d
fix: [logs] pagination settings are lost when flipping pages after a search 2020-03-09 10:35:28 +01:00
mokaddem 83542716e5
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-03-09 09:02:55 +01:00
mokaddem 2ccf3dab76
fix: [user:resetAuthkey] Allows the function to be called 2020-03-09 09:02:06 +01:00
mokaddem e44c77ef88
fix: [flashErrorMessage] Sanitized error message printed by session that 
should never contains user-made text

- Better safe than sorry
 2020-03-09 08:57:27 +01:00
iglocska 584d2c1fdf
fix: [widgets] worldmap fixed 2020-03-09 00:32:21 +01:00
iglocska bebc70a012
chg: [dashboard] show owner email of template to site owners and the owner themselves 2020-03-09 00:14:59 +01:00
iglocska bf2694c490
new: [dashboard] added template delete functionality 2020-03-09 00:08:23 +01:00
iglocska 6773b8d799
fix: [dashboards] fixed invalid recall of dashboard template 2020-03-08 23:54:02 +01:00
iglocska 8d02332b31
new: [dashboard] persistence package 
- export dashboard state
- import dashboard state
- save dashboard state
  - make it available to others on the instance on demand
  - admins can set a default password for users that don't have anything configured yet
  - load another template based on what the community has shared
- added Whoami widget which was an outcome of the ESDC training
- various improvements, new fields for genericElements, etc
 2020-03-08 23:36:27 +01:00
mokaddem 5e15ab1ef1
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-03-06 16:38:22 +01:00
mokaddem 6fad7028b3
fix: [user:edit] Prevent password change with the current password 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:19:12 +01:00
mokaddem 40560b8873
fix: [user:edit] Correctly re-insert form data wipping password 
information
 2020-03-06 16:17:28 +01:00
mokaddem fc0ed4c9a0
chg: [login] Display last time the user logged in 2020-03-06 16:12:40 +01:00
mokaddem 431ccc6a04
chg: [response header] Added `X-XSS-Protection` header 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:06:35 +01:00
mokaddem e24a9eb44c
fix: [security] Fixed presistent xss in the sighting popover tool 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:05:26 +01:00
mokaddem de80d340cf
fix: [user:resetauthkey] Method can only be accessed via POST request 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 15:58:08 +01:00
mokaddem 43a0757fb3
fix: [security] Fix reflected xss via unsanitized URL parameters 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 15:44:58 +01:00
mokaddem 31827905ec
fix: [settings] `require_password_confirmation` set to true 
by default
 2020-03-06 15:41:38 +01:00
iglocska 6c4ea364db
fix: [ACL] added new function to ACL 2020-03-06 15:02:44 +01:00
iglocska 9770555c39
new: [workers] restart all dead workers 2020-03-06 14:56:35 +01:00
mokaddem 9bab7d8217
chg: [server:rest] Query builder gets loaded with body after the POST 
fix #5680
 2020-03-06 11:24:13 +01:00
mokaddem 4f3ed331f0
chg: Removed unwanted indentation 2020-03-06 10:58:50 +01:00
mokaddem 2061707932
fix: [attribute:validation] Better validation of IPv6-[dst/src] and 
improved display.

fix #5682
 2020-03-06 10:54:06 +01:00
iglocska cd4b6936c8
new: [widgets] Whoami widget added 2020-03-06 10:06:31 +01:00
iglocska 60640f4916
fix: [js] fixed invalid defaults passed from php 2020-03-05 10:16:10 +01:00
iglocska 5e56e7dfc7
new: [dashboard] various fixes / improvements 
- simple list now accepts arrays for values
- fixed margin issues
- fixed empty sync test issues
 2020-03-05 10:08:15 +01:00
iglocska c0e25c28ad
chg: [dashboard] cleanup 
prevent @mokaddem's and @rommelfs's eyes from bleeding
 2020-03-04 15:08:18 +01:00
iglocska 1fe4d0dd57
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-03-04 14:46:40 +01:00
iglocska 218ea0333c
new: [dashboard] added a way to auto reload widgets 
- has to be defined in the code of the widget
 2020-03-04 14:46:01 +01:00
Alexandre Dulaunoy 95d6d07c49
chg: [misp-object] updated to the latest version 2020-03-04 14:26:59 +01:00
Alexandre Dulaunoy fd9155239c
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-03-04 14:09:19 +01:00
Alexandre Dulaunoy eb1cbb823d
chg: [misp-objects] updated to the latest version 2020-03-04 14:08:56 +01:00
iglocska 14e2e68db8
fix: [cleanup] removed disabling the caching of dashboard widgets for debug purposes 2020-03-04 11:48:09 +01:00
iglocska 52e8924e6f
chg: [dashboard] Allow for the use of subdirectories in /app/Lib/Dashboard/Custom to be able to git clone repos 2020-03-04 11:46:45 +01:00
iglocska 6d3801d43b
fix: [dashboard] Some widget visualisation fixes 2020-03-03 06:54:37 +01:00
iglocska 33990b1923
fix: [cleanup] 2020-03-02 23:33:57 +01:00
iglocska a40c227ca4
chg: [querystring] bumped 2020-03-02 23:14:55 +01:00
iglocska 03dc9a8206
fix: [synctool] tests improved 2020-03-02 23:09:47 +01:00
iglocska 183812756f
new: [widget] World map widget added 2020-03-02 23:09:10 +01:00
iglocska 1c915cd077
chg: [dashboard] views for widgets updated 2020-03-02 23:07:23 +01:00
iglocska 44ff66445d
new: [dashboard] Resource widget added 2020-03-02 23:06:31 +01:00
iglocska 0e635548b9
new: [favourite] glow orange when on the page that is already bookmarked 
- thanks to @mokaddem (graphman) for the idea
 2020-03-02 23:05:40 +01:00
iglocska 612897d26f
chg: [clenaup] removed old dashboard 2020-03-02 23:05:08 +01:00
iglocska 556efcbf5b
new: [dashboard] Added cachelifetimg setting as opposed to hard-coded value 2020-03-02 23:04:36 +01:00
iglocska 9f3f50544f
fix: [CLI] change authkey description fixed 2020-03-02 23:02:57 +01:00
iglocska 1bcc7cdf2b
fix: [homepage] redirects fixed 2020-03-02 10:30:24 +01:00
iglocska 13926c83eb
fix: [user settings] fixed unlocking of API routes 2020-03-02 00:43:07 +01:00
iglocska 7b5374a81d
new: [dashboard] Added server resource module and some fixes 2020-03-02 00:32:26 +01:00
iglocska 750843725f
new: [Dashboard] added hook to check for permissions on module load 
- allows for modules to have role / host org restrictions
 2020-03-01 23:56:40 +01:00
iglocska ffda2b8778
fix: [dashboard] fixed an issue when adding a widget with an empty config 2020-03-01 23:55:46 +01:00
iglocska 376f6fa358
chg: [dashboard] Custom dir added 2020-03-01 23:25:50 +01:00
iglocska de87ecfaf2
Merge branch '2.4' into feature/dashboard 2020-03-01 23:04:07 +01:00
iglocska 95eb2af765
fix: [API] Json converter fixed 2020-03-01 22:33:49 +01:00
iglocska 46c4cf9eea
fix: [dashboard] fixed multiple adds failing 2020-03-01 19:11:43 +01:00
iglocska ec2c7a5569
fix: [dashboard] Fixed adding widgets losing their config settings 2020-03-01 19:03:31 +01:00
iglocska f6f66e0f31
fix: [dashboard] custom routing fixed 2020-03-01 18:28:52 +01:00
iglocska ab129a12d9
chg: [wip] test 2020-03-01 18:24:12 +01:00
iglocska 0d4df7c98b
new: [Dashboard] system 
- Dashboard
  - modular similar to restSearch
  - build your own widgets
  - use a set of visualisation options (more coming!)
  - full access to internal functions for queries
  - auto discover core and 3rd party widgets
  - rearrange / configure widgets for each user individually
  - rearrange / resize widgets
  - settings can be configured by a site-admin on behalf of others
  - modules have a self-explain mode to guide users
  - caching mechanism for the modules / org

- set homepage / user
- various other fixes
 2020-03-01 18:05:21 +01:00
iglocska 4bfcc3211b
new: [API] object level restSearch added 
still WiP
 2020-02-29 08:57:32 +01:00
Alexandre Dulaunoy e480bd7113
chg: [misp-object] updated to the latest version 2020-02-28 20:02:19 +01:00
Alexandre Dulaunoy 87ec2334ef
chg: [misp-galaxy] updated to the latest version 2020-02-28 19:59:20 +01:00
Raphaël Vinot 8ef9669973 chg: Make contact reporter gender neutral. 2020-02-28 10:45:56 +01:00
Steve Clement 191e1fae64
chg: [i18n] Updated: Simplified Chinese, German, Italian, Spanish, Russian. 2020-02-27 11:24:54 +09:00
Steve Clement 43d22e55dd
Merge branch '2.4' into i18n 2020-02-27 11:10:08 +09:00
Steve Clement 00b310b3a4 chg: [i18n] Updated pot files 2020-02-27 02:07:19 +00:00
Steve Clement 5660467f84
fix: [i18n] Various edits and small __('') addeage. 2020-02-27 10:43:04 +09:00
iglocska eb6b260c5e
fix: [CLI] allow for calling the update via the CLI without passing a process ID 2020-02-26 16:18:37 +01:00
iglocska 08e0e9d16d
chg: [version] bump 2020-02-26 16:13:12 +01:00
iglocska 46a99470ae
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-26 15:18:07 +01:00
iglocska bb3b6b99ef
chg: [submodule] updates 2020-02-26 15:16:09 +01:00
mokaddem 0831a3804a
chg: [database] Added db entry to re-correlate Attributes 2020-02-26 14:37:09 +01:00
iglocska 9913d194fa
fix: [correlations] fix to an issue where attribute edits could purge correlations 
- bug introduced by a merge gone wrong
- attribute edits that modify fields that do not affect the correlations (such as to_ids, comment, etc) would cause correlations to be purged
 2020-02-26 14:28:29 +01:00
iglocska ca6a984992
chg: [UI] show customauth header 2020-02-25 17:47:49 +01:00
iglocska aaafd95c74
fix: [sync] allow for both the minimal and searchminimal keywords to be used on the event index 
- until now due to a bug only searchminimal was used
- sync negotiation uses minimal as the key
- this should greatly speed up the negotiation phase
 2020-02-25 16:48:05 +01:00
iglocska d8afa98736
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-23 19:14:23 +01:00
iglocska c310b30177
fix: [custom auth] correctly use HTTP_ as the default header namespace 2020-02-23 19:13:48 +01:00
mokaddem 980dbf557e
fix: [decaying:tool] Support strict sql mode while fetching available 
Object type
 2020-02-21 16:33:34 +01:00
mokaddem f94c693aa0
fix: [decaying] Attributes not having a DM associated will be defaulted 
as `not decayed`
 2020-02-21 14:47:52 +01:00
mokaddem 49ef787a34
fix: [eventGraph] Request picture for valid attachement only 2020-02-21 14:42:20 +01:00
mokaddem 782ba603c5
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-21 08:50:49 +01:00
mokaddem 1e7f0d5c5a
fix: [server:edit] Prevent undefined variable 2020-02-21 08:26:20 +01:00
iglocska 363d0cd69a
new: [logging] Log user IPs on login 
- feature is optional and needs to be enabled in the server settings
- on successful login logs the associated user ID for a given IP (30 day retention)
- also logs the IP for the associated user ID (indefinite retention)
- added two command line tools to query
  - Get IPs For User ID: MISP/app/Console/cake Admin UserIP [user_id]
  - Get User ID For User IP: MISP/app/Console/cake Admin IPUser [ip]
 2020-02-20 16:07:10 +01:00
iglocska 0f632236fa
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-19 16:13:30 +01:00
iglocska 2de0e3a941
fix: [enveloping] Fixed typo and added actual event ID to the message saved 
gremmar meestakes are anoying.
 2020-02-19 16:12:23 +01:00
Andras Iklody 49100f626d
Merge pull request #5654 from coolacid/issue-5653 
fix: Force schema columns lowercase to match expected
 2020-02-19 14:31:44 +01:00
Jason Kendall 1647d927e4 fix: Force schema columns lowercase to match expected 2020-02-19 08:16:32 -05:00
Alexandre Dulaunoy 7e8a753651
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-19 09:30:54 +01:00
Alexandre Dulaunoy 8131e11cd3
chg: [misp-objects] updated to the latest version 2020-02-19 09:30:19 +01:00
Andras Iklody 42c16351f7
Merge pull request #5647 from coolacid/issue-5598 
Allow forcing tag creation for galaxies
 2020-02-19 09:27:45 +01:00
Jason Kendall 47d0c41a55 Allow forcing tag creation for galaxies 2020-02-18 14:11:54 -05:00
mokaddem 0a605ed4d3
fix: [server:edit] Always echo internal instance notice 2020-02-18 15:04:48 +01:00
Jakub Onderka 9d0c0c1a6a
fix: [UI] Correct title for '+' button 2020-02-18 09:47:52 +01:00
iglocska 4bf9fd2d8d
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-18 09:29:41 +01:00
iglocska c677183069
new: [communities] Added Danish community and some fixes to the community system 2020-02-18 09:29:06 +01:00
Andras Iklody 6776ea2b26
Merge pull request #5612 from coolacid/issue-5611 
Ensure we only have the last line from the shell command
 2020-02-17 08:39:35 +01:00
Jakub Onderka cfe18d8c39
chg: [internal] Removed unused function 2020-02-16 14:13:34 +01:00
Andras Iklody 079ecc0b26
Merge pull request #5628 from JakubOnderka/patch-87 
chg: [internal] Little bit faster ssdeep saving
 2020-02-14 15:50:13 +01:00
Andras Iklody 35536267a2
Merge pull request #5631 from JakubOnderka/patch-90 
fix: [pubsub] Do not fetch setting for every push
 2020-02-14 15:49:41 +01:00
Andras Iklody d7a21e95cf
Merge pull request #5630 from JakubOnderka/patch-89 
chg: [mispzmq] Do not create array every 0.1 sec
 2020-02-14 15:48:50 +01:00
Jakub Onderka 8717c3f1c5
fix: [pubsub] Do not fetch setting for every push 2020-02-14 15:26:49 +01:00
Jakub Onderka 5ef92f5a3f
chg: [mispzmq] Do not create array every 0.1 sec 
Should lead to little bit lower CPU usage
 2020-02-14 15:23:57 +01:00
Jakub Onderka c1d1bd27d0
fix: [UI] UUID term should be uppercase 2020-02-14 15:18:46 +01:00
Jakub Onderka a730dbca66
chg: [internal] Little bit faster ssdeep saving 2020-02-14 15:16:10 +01:00
Jakub Onderka 3770886bb8
fix: [internal] Remove unused function 2020-02-13 15:57:58 +01:00
Andras Iklody 385b777656
Merge pull request #5149 from JakubOnderka/update-composer 
chg: [internal] Update composer.phar to version 1.9.0
 2020-02-13 14:38:25 +01:00
Alexandre Dulaunoy 2309520508
chg: [objects] updated to the latest version 2020-02-13 13:13:17 +01:00
iglocska 88894fc2e5
chg: [version] bump 2020-02-10 16:22:03 +01:00
iglocska 7fdbc8c750
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-10 16:14:11 +01:00
iglocska 5a29964924
chg: [cleanup] Taking out the trash 
- old unused functions removed
 2020-02-10 16:10:55 +01:00
iglocska af881189e5
new: [config load task] Added a task that will reload the settings on any console shell execution, fixes #5498 
- helps with background workers being forced to fetch new settings whenever they start a new job
 2020-02-10 15:15:59 +01:00
Jakub Onderka ee5f1b1e5c
chg: [internal] mispzmqtest.py 
- Also check if Redis Python library is installed
- Do not print "OK" if libraries doesn't exists
- Return error code 1 if library doesn't exists
 2020-02-10 14:52:20 +01:00
iglocska 90009b963b
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-10 14:40:10 +01:00
iglocska 55385e6ca6
fix: [object] object deduplication fixed 2020-02-10 14:39:58 +01:00
mokaddem f7a0b1916e
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-10 14:35:54 +01:00
mokaddem 3d982d92fd
fix: [security] Correctly sanitize search string in Galaxy view 
- As reported by Dawid Czarnecki
 2020-02-10 14:35:09 +01:00
iglocska 8803f47a9e
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-10 14:33:39 +01:00
iglocska 4ea3612dfc
new: [objects] pass the /breakOnDuplicate:1 flag to the /objects/add endpoint to deduplicate 
- returns an error if the object already exists
  - objects of the same template_uuid are compared
  - non deleted attributes only
  - type + category + value + object_relation tuple is compared
 2020-02-10 14:30:34 +01:00
mokaddem 8e2da13e0e
Merge branch '2.4' into enforce-iso-datetime 2020-02-10 14:18:14 +01:00
mokaddem 9c22e02848
chg: [pgpPopover] Transformed text into i18n 2020-02-10 13:45:22 +01:00
mokaddem 2bdc11b5d4
Merge branch '2.4' of github.com:MISP/MISP into pr-5210 2020-02-10 13:41:26 +01:00
Jakub Onderka fc531dc5bc
fix: [UI] Disable autocomplete for authkey 
To prevent saving it into browser cache
 2020-02-10 13:03:12 +01:00
Andras Iklody 8147358e4c
Merge pull request #5607 from JakubOnderka/patch-83 
fix: [internal] Remove unused lines
 2020-02-10 14:00:43 +02:00
Alexandre Dulaunoy 0b31062d4c
chg: [warning-lists] updated to the latest version 2020-02-10 12:09:16 +01:00
iglocska 934c828192
fix: [security] Further fixes to the bruteforce handling 
- resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged
  - as reported by Dawid Czarnecki
- several tightenings of the checks to avoid potential foul play
 2020-02-10 11:41:54 +01:00
mokaddem 6e66256f7a
Merge branch '2.4' of github.com:MISP/MISP into pr-5210 2020-02-10 11:09:14 +01:00
Alexandre Dulaunoy 8839770242
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-10 10:41:50 +01:00
Alexandre Dulaunoy 1d3fc2f799
chg: [misp-objects] updated to the latest version 2020-02-10 10:41:17 +01:00
iglocska 9400b8bc86
fix: [security] discussion thread ACL issues fixed 
- as reported by Dawid Czarnecki
 2020-02-08 10:34:23 +01:00
iglocska c1a0b3b280
fix: [security] brutefoce protection rules tightened 
- as reported by Dawid Czarnecki
 2020-02-08 09:35:37 +01:00
Jason Kendall e3b1e8c74a Ensure we only have the last line from the shell command 2020-02-07 13:43:11 -05:00
Jakub Onderka cdf578be4a
fix: [internal] Remove unused line 2020-02-07 17:57:59 +01:00
mokaddem 38cdd5477f
chg: [dbSchema] Removed log table from the whitelisted tables 2020-02-07 13:12:07 +01:00
mokaddem 5408bb14f8
fix: [indexes] Added SQL index for tag numerical_value 2020-02-07 12:56:27 +01:00
mokaddem 6e613cc54d
chg: [diagnostic:dbSchema] Added SQL queries to fix issues 2020-02-07 12:52:26 +01:00
Andras Iklody 8738aab6b8
Merge pull request #5601 from JakubOnderka/ssdeep_ext 
chg: [UI] Check if ssdeep PHP extension is installed
 2020-02-06 11:22:12 +01:00
Raphaël Vinot b7cee5bf4c chg: Bump expected PyMISP version 2020-02-06 11:07:05 +01:00
Raphaël Vinot 6f2005ff60 chg: Bump PyMISP 2020-02-06 10:54:17 +01:00
Jakub Onderka e2a8c9ee93 chg: [UI] Check if ssdeep PHP extension is installed 2020-02-06 10:44:38 +01:00
Alexandre Dulaunoy 5b53850b9d
chg: [misp-galaxy] updated to the latest version 2020-02-06 09:53:49 +01:00
Alexandre Dulaunoy 9d0c8e915d
chg: [misp-galaxy] updated to the latest version 2020-02-06 09:45:43 +01:00
Alexandre Dulaunoy 555fab2438
chg: [misp-objects] updated to the latest version 2020-02-06 09:45:13 +01:00
Alexandre Dulaunoy 7960ce4ade
chg: [misp-taxonomies] updated to the latest version 2020-02-05 07:32:50 +01:00
iglocska 3bd30e88c2
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-04 15:06:31 +01:00
iglocska 488b66bd59
fix: [sync] Pull filters ignored if no custom url params added, fixes #5594 2020-02-04 15:05:50 +01:00
Alexandre Dulaunoy bb64a80b24
chg: [misp-object] updated to the latest version 2020-02-04 11:48:35 +01:00
Alexandre Dulaunoy 5371d0af0f
chg: [warning-lists] updated to the latest version 2020-02-03 20:14:35 +01:00
Alexandre Dulaunoy 65a01d7de4
chg: [misp-objects] updated to the latest version 2020-02-03 11:12:41 +01:00
Jeroen Pinoy cc99945f31 fix: [API] make param tag alias of tags for /events/restSearch 2020-02-02 00:42:00 +01:00
StefanKelm 11ff5c63ee
Update update_progress.ctp 
tiny typo
 2020-01-31 14:24:23 +01:00