MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
6,648 Commits
63 Branches
383 Tags
216 MiB
Commit Graph

6648 Commits (67d37a283faab5c95e88cb539743b26c8e2743d6)

Author SHA1 Message Date
iglocska 0097e040b1 fix: Previous commit was incorrect, empty filters contain null not false 2017-08-01 01:05:45 +02:00
iglocska 3e4fbcf5ff fix: Fixed "published":0 filter for restsearch 
- also removed an empty function
 2017-08-01 01:02:25 +02:00
iglocska 51be308d08 fix: Added put/post to role deletion 2017-07-31 15:24:54 +02:00
iglocska 4d6013c16c new: Exposed Roles to the API 
- valid commands via the API
  - /admin/roles/add [GET, POST]
  - /admin/roles/delete/{id} [POST, DELETE]
  - /admin/roles/edit/{id} [GET, POST]
  - /admin/roles/index [GET]
  - /admin/roles/set_default/{id} [POST]
  - /roles/index [GET]
 2017-07-31 15:21:14 +02:00
iglocska 66a9031a26 fix: Invalid model used to push ZMQ messages for discussion posts 2017-07-31 14:23:46 +02:00
iglocska a2d716c4b1 fix: Potential fix to the template element adding issue throwing ajax only exceptions 2017-07-31 13:51:23 +02:00
iglocska ad8fc6a233 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2017-07-31 12:14:12 +02:00
iglocska f5f1591335 fix: Fixed an issue with the roles model failing on stricter MySQL settings due to missing group by 2017-07-31 12:10:47 +02:00
Alexandre Dulaunoy f51989cd35 Merge pull request #2364 from strikaco/patch-1 
Adds missing sudo invocation
 2017-07-30 07:53:32 +02:00
Johnny 9eeeb9a4f7 Adds missing sudo invocation 2017-07-27 16:30:26 -07:00
Alexandre Dulaunoy 3d8a7dfbb0
Fix #2347 - cookie attribute type 
HTTP cookie as often stored on the web client and can be authentication
or even session cookie.
 2017-07-21 09:36:55 +02:00
Alexandre Dulaunoy c22f36af25 Merge pull request #2340 from Rafiot/travis 
Update travis file.
 2017-07-17 16:28:49 +02:00
Raphaël Vinot 8801dd0648 Update travis file, use composer for all PHP deps. 2017-07-17 12:30:23 +02:00
Alexandre Dulaunoy b292d81336 MISP website links and references updated 2017-07-15 21:18:33 +02:00
Alexandre Dulaunoy 716d548377 A link to the CONTRIBUTING page added 2017-07-15 21:15:12 +02:00
Andras Iklody 1ee754f3e5 fix: Changed the validation of newsread and change_pw to boolean 2017-07-13 17:07:49 +02:00
iglocska 272d893094 chg: PyMISP version bump 2017-07-12 16:21:10 +02:00
iglocska d7df929500 fix: Remove delegation request once event delegation is accepted 
- TODO, cleanup of zombie delegation requests
 2017-07-12 16:20:21 +02:00
iglocska f4041cd100 fix: Updated pyMisp and querystring versions 2017-07-12 16:16:20 +02:00
iglocska f89a9ce061 fix: Added user password length change to the MYSQL.sql file 2017-07-12 15:59:20 +02:00
iglocska 42ce6a1a4e fix: Tightened the sanitisation of the filenames in the template uploader 
- Data from retained uploaded files when re-editing a template popuplation prior to submission was loaded into the JS directly without sanitisation
- Whilst there was no way found to exploit this, introduced tighter sanitisation for the file data

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:52:33 +02:00
iglocska 1f1ab492b6 fix: Fixed some missing css/scripts from the iframe for the template uploader 2017-07-12 15:51:59 +02:00
iglocska 78f07139bd chg: Redacted certain server settings that could be considered sensitive 
- Encryption passwords as well as redis password are now redacted from the server settings
- Also includes the JSON dump of the server settings

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:49:39 +02:00
iglocska 091175133b fix: GFI uploaded archives don't throw exceptions on failed parsing, instead simply show an error banner after redirect 
- in situations with misconfigured MISPs (debug enabled), a parsing error
  exception thrown while parsing a maliciously malformed archive could include
  arbitrary files in the stacktrace accessed from within the apache user's
  scope if a symlinked file was uploaded in the archive

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:44:02 +02:00
iglocska 722b129b77 chg: version bump 2017-07-12 15:43:45 +02:00
iglocska 3317f56ca1 fix: Upgraded hashing algorithm used and added requirement to confirm password for user profile changes 
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:38:34 +02:00
iglocska d377bc195b fix: Added screenshots to attribute index/attribute search, fixes #2338 
- Flickr can start quivering in its boots!
 2017-07-12 15:32:00 +02:00
iglocska 99b6d319e3 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2017-07-11 16:28:15 +02:00
iglocska 1fee623b2e fix: value1 and value2 removed from attributes/view/id 2017-07-11 16:27:29 +02:00
Andras Iklody 678cc74d72 Merge pull request #2327 from kallix/attachments_dir-settings 
Add an optional setting attachments_dir, and adapt existing code to use this setting
 2017-07-11 14:06:08 +02:00
Alexandre Dulaunoy b11de47462 Merge pull request #2332 from Deventual/patch-12 
minor adjustments
 2017-07-10 17:10:31 +02:00
Deventual e4be865e1b minor adjustments 2017-07-10 17:45:56 +03:00
Alexandre Dulaunoy 79eb9faf64 Merge pull request #2329 from Deventual/patch-10 
added mixbox update instructions
 2017-07-10 16:40:43 +02:00
Alexandre Dulaunoy 7886b58b46 Merge branch '2.4' into patch-10 2017-07-10 16:33:05 +02:00
Alexandre Dulaunoy f6c061d8e2 Merge pull request #2330 from Deventual/patch-11 
fix minor instructions
 2017-07-10 16:29:51 +02:00
Deventual 59be217fae fix minor instructions 2017-07-10 15:25:20 +03:00
Deventual d665a9326f added mixbox update instructions 2017-07-10 15:22:36 +03:00
Kevin Allix 2248846706 attachments_dir: Default value queried through a function to workaround PHP inability to have anything useful stored in a class property 2017-07-10 12:42:23 +02:00
Alexandre Dulaunoy 70dd087287 fix: MISP taxonomies updated to the latest version 2017-07-08 15:01:22 +02:00
Alexandre Dulaunoy 3ab918637a fix: MISP galaxy updated to the latest version 2017-07-08 15:00:47 +02:00
Kevin Allix 1ea33e811a Add an optional setting attachments_dir, and adapt existing code to use that setting 2017-07-07 17:29:13 +02:00
iglocska cab1f15bc7 Merge remote-tracking branch 'origin' into 2.4 2017-07-07 13:01:34 +02:00
iglocska 7a09e2e210 Merge branch 'redis_password' into 2.4 2017-07-07 13:00:32 +02:00
iglocska 6c7c40e773 fix: Further performance tweaks to the feed fetcher 2017-07-07 12:58:51 +02:00
iglocska 6b6ea52b58 fix: Made the feed pull for CSV/Freetext feeds much faster for large feeds 
- value de-duplication is now a lot more efficient
 2017-07-07 10:12:55 +02:00
iglocska 83fdd02294 fix: Massive performance boost when adding attributes to an already large event 2017-07-07 10:12:25 +02:00
iglocska d42d290136 fix: Return json dict instead of string when queuing a feed pull job 2017-07-07 10:11:40 +02:00
iglocska dd27f118f3 new: WIP - change to model aliasing to solve the reserved class name 
- Internal name is now MispObject for the model, but it is used Aliased, removing the need to do any data massaging
- Added WIP edit function
 2017-07-06 15:04:01 +02:00
iglocska a5d582750e fix: Updated fields 2017-07-06 15:02:19 +02:00
Andras Iklody caf89b66cb Merge pull request #2325 from cedricbonhomme/fix-bug-when-redis-connection-fails 
fix: The server settings page (servers/serverSettings) was crashing w…
 2017-07-06 12:11:57 +02:00