MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
13,459 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

344 Commits (745512e71e09580ae533a1e14dfc3026cd9f9cd2)

Author SHA1 Message Date
Andras Iklody 6b42f089cd
Merge pull request #5129 from JakubOnderka/array-copy-remove 
chg: [users] Remove unused method UsersController::arrayCopy
 2019-09-10 11:32:30 +02:00
Jakub Onderka 1cd2ff5ca6 chg: [users] Remove unused method UsersController::arrayCopy 2019-09-09 23:37:37 +02:00
Jakub Onderka 50a0f564c6
fix: [audit] Correct title in audit log when admin edit user 2019-09-09 19:34:38 +02:00
iglocska 75acd63c46
fix: [security] Fix to a vulnerability related to the server index 
- along with various support tools
- more information coming soon
 2019-09-09 13:00:21 +02:00
iglocska 5916de9d5e
fix: [API] Fixed output of the attribute histogram 
- no more STIX-ish barf inducing numeric string keys for dictionaries
 2019-08-27 10:34:29 +02:00
iglocska 96475f59f6
fix: [admin] Invalid domain restriction check for site admins, fixes #5035 2019-08-22 10:41:30 +02:00
iglocska ed1e55b76b
fix: [API] Fixed an edge case when the attribute historgram throws a notice error 
- no idea how to reproduce it, the organisation referenced in an event orgc_id not existing is a pre-condition

- fixes #4880
 2019-07-29 16:28:42 +02:00
iglocska 64fafa1913
fix: [api fix] Deletes broken due to invalid boolean 
- /facepalm
 2019-07-10 13:55:33 +02:00
iglocska ed401d88be
fix: [API] delete http requests properly accepted by some /delete endpoints 2019-07-10 11:57:21 +02:00
mokaddem f850abcdaa fix: [galaxyMatrix] Handle case if deprecated galaxy does not exists 2019-06-12 14:12:06 +02:00
mokaddem 52ae153c0e Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixImprovements 2019-06-11 15:56:10 +02:00
mokaddem 11a4bdb959 chg: [restSearch:attack] Only expose attack return format to the `event` 
scope
 2019-06-11 15:50:51 +02:00
mokaddem acef3a0168 chg: [galaxyMatrix:stats] Only take into account occurences of galaxy 
once per event
 2019-06-11 15:09:02 +02:00
mokaddem fed5556976 fix: [galaxyMatrix:export] Removed multiple bugs providing inconsistent 
result
 2019-06-11 14:13:17 +02:00
iglocska 36b43f1306
fix: [security] Org admins could reset credentials for site admins 
- org admins have the inherent ability to reset passwords for all of their org's users
- this however could be abused if for some reason the host org of an instance would create org admins
  - the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
- the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
- only org admins of the same organisation as the site admin could abuse this

- as reported by Raymond Schippers
 2019-06-11 11:05:34 +02:00
mokaddem 4fafb1541c chg: [galaxyMatrix] Transformed query into cakephp model query 2019-05-15 11:55:22 +02:00
mokaddem 0c69e739cc new: [statistics:galaxyMatrix] Added filtering capabilities 2019-05-15 11:12:09 +02:00
mokaddem 4fbe857f90 chg: [galaxyMatrix] Added sorting by score. Fix #4608 2019-05-13 15:07:38 +02:00
mokaddem d3013a9252 fix: [stats:galaxyMatrix] No longer trim the end of the cluster name 2019-04-23 08:49:04 +02:00
iglocska 7a1dbe4c1f fix: [API] role_id is not required when POSTing users if a default role is set on the instance 2019-04-04 13:42:06 +02:00
4ekin c32d3bce32 fix: Fixed i18n strings in Controllers 2019-04-02 16:57:41 +03:00
mokaddem d60095112f Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixStat 2019-03-15 11:18:34 +01:00
iglocska 7b34e8cacb fix: [API] resetting the authkey didn't respond with the new key before, making automation difficult. 2019-03-12 22:03:34 +01:00
mokaddem 04798bf7e4 new: [galaxyMatrix] Added possibility to pick a galaxy to view it's 
statistic.
 2019-03-12 15:36:00 +01:00
iglocska 66ad17a1ee new: [API] exposed change_pw function to the API, fixes #4256 2019-03-02 23:47:13 +01:00
mokaddem 1ed609872c chg: simplified condition 2 2019-02-15 15:04:07 +01:00
mokaddem 7a2010fb0e chg: [galaxy_matrix] TEMPORARY - Merge scores of both deprecated and mitre-attack 
galaxy namespace for the matrix view.

This commit aims to still have correct scores in the galaxy_matrix until the fixMitreTags functions is not live and running
 2019-02-15 14:41:55 +01:00
mokaddem 12ed3457e8 chg: [galaxy_matrix] cleanup in variable names to be more generic 2019-02-15 09:24:52 +01:00
mokaddem a5653e86ea new: [matrix] Replaced the Att&ck matrix by a generic matrix viewer, 
allowing custom matrix to be displayed.
Also added the external id to the chosen input.
 2019-02-12 13:59:51 +01:00
mokaddem 431529c81c chg: [attackMatrix] UI: improved color scale - WiP 2019-02-11 17:54:29 +01:00
iglocska 9afd0d8600 fix: [redirect] Correctly redirect to the requested URL after a login, fixes #4005, fixes #1301 2019-01-28 17:02:04 +01:00
iglocska 2d0259ce13 fix: [CS] coding standards script re-run 2018-11-23 14:11:33 +01:00
mokaddem 2152493dd0 chg: [users/emails] Better comments 2018-11-09 13:42:28 +01:00
mokaddem 6bb31fbb1d chg: [users/email] Changed behavior of sending mail to avoid code duplication 
If an additional parameter is passed to the url, it will only shows the result of submitting the form without the submission
 2018-11-09 13:38:52 +01:00
mokaddem 296128fe54 fix: [users/emails] submission fix + cleaned code + comments 2018-11-09 12:12:06 +01:00
mokaddem 651861d1d8 new: [users/mails] Added possibility to send a mail to all users of the same organisation 2018-11-09 11:48:39 +01:00
mokaddem 9b44050e1c new: [users/mails] add confirmation popup before sending mails 2018-11-09 11:23:32 +01:00
iglocska 333cafca76 chg: [statistics] Show % of users with pgp keys 2018-10-30 14:58:49 +01:00
iglocska 3bdcca617e new: [statistics] Added local org and user/org counts 2018-10-30 14:51:27 +01:00
iglocska c54538766e Merge branch '2.4' into feature/api_rework 2018-08-21 13:39:34 +02:00
iglocska 1eded5f3c7 fix: [statistics] Solve the issue with the unfiltered total counters in the user and org statistics 2018-08-21 13:37:47 +02:00
iglocska 12ac58f0e1 fix: [statistics] fixed an issue where the org statistics didn't correctly apply the local filters 
- both local and external just showed the sum totals instead of the individual pools
 2018-08-21 13:34:59 +02:00
iglocska f675fb8b29 Merge branch '2.4' into feature/api_rework 2018-08-17 14:49:09 +02:00
Sami Mokaddem 212c11290d fix: [usersStat] allow fetching json of statistics/users 2018-08-13 11:39:25 +00:00
Anthony Vaccaro 1b68005bbe Add a permission check to the change password page. 
The 'MISP.disableUserSelfManagement' config variable is checked
when rendering the link to the change password page, but is not checked
when rendering the page itself. This could lead to unauthorised
password changes by users with existing accounts on the MISP
instance.
 2018-08-13 15:55:51 +10:00
iglocska 0694263e15 Merge branch '2.4' into feature/api_rework 2018-08-09 16:51:20 +02:00
iglocska 4fa5834cbc new: [PGP] Added fingerprint to /users/verifyGPG 2018-08-06 17:00:15 +02:00
iglocska 34ba484b06 chg: [cleanup] Removed todos from userscontroller that have become irrelevant 2018-08-04 22:48:19 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
iglocska 71bb60a702 new: [Statistics] Added a new tab to the statistics showing the user/organisation additions over the past month/year 2018-07-13 12:08:29 +02:00