MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
17,068 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

4146 Commits (791dc9deabd2d7fdfd7c371331eb557d14782372)

Author SHA1 Message Date
iglocska 776ef3ae07 Changes to export validation, CSV export, Whitelist redesign 
- CSV export for individual events, all events, search results
- Whitelists are now preg_matches instead of simple string matches
- whitelist checks are to be applied on almost all exports
(implementation in progress)
- the exception will be the search result exports, if the (to be
implemented) to_ids only checkbox isn't checked
 2013-06-26 14:48:25 +02:00
Christophe Vandeplas 86b1873a80 a 2013-06-24 15:13:33 +02:00
Christophe Vandeplas ac5c59e9af minor changes 2013-06-24 15:12:30 +02:00
Christophe Vandeplas 3b28d6f1e8 (workaround) better error message when HTTP problem with Server Pull 2013-06-18 09:12:09 +02:00
iglocska d2fcda7cc6 Added 2 new type of attributes 
- sha256 / filename|sha256
- uploading a malware sample now automatically creates a filename|sha1
and a filename|sha256 in addition to the sample|md5
 2013-06-12 16:50:21 +02:00
Christophe Vandeplas fdfd3ba486 micro improvement 2013-06-11 00:44:04 +02:00
Iglocska 4242108b3e Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP into feature/sync/timestamp 2013-06-10 23:01:08 +02:00
Iglocska f8f290375e Further changes to the degradation of the distribution 2013-06-10 23:00:45 +02:00
Christophe Vandeplas 68c2fd09fe Merge branch 'develop' of https://github.com/MISP/MISP into feature/sync/timestamp 
Conflicts:
	app/View/Attributes/index.ctp
	app/View/Events/add.ctp
	app/View/Events/edit.ctp
 2013-06-10 23:00:37 +02:00
Iglocska 06ca5ba0cd Further changes to the distribution 
- changed to use the new int field
 2013-06-10 20:49:31 +02:00
Iglocska 638a99e0e7 Few changes 2013-06-10 20:34:05 +02:00
iglocska 3c23ac3a86 Change to new distribution 
- first stage
 2013-06-10 17:33:03 +02:00
iglocska 7871336164 Removed incorrect validation 2013-06-10 09:02:20 +02:00
Christophe Vandeplas bd88c10bf1 removed not necessary sort results in huge performance improvement 2013-06-08 16:55:04 +02:00
iglocska 7059eac08c Small change to the timestamp 
- Moved the timestamp generation for attributes and events that are
being saved and don't have one to Model->beforeValidate()
 2013-06-07 10:24:03 +02:00
iglocska 1e7665cd6d Saving over night, something still blocks the timestamp from being saved 
after a push...
 2013-06-06 18:43:26 +02:00
iglocska 0b834464ac Changes to the event view 
- reworked the way events are loaded and reloaded to check for
privileges
 2013-06-03 17:23:34 +02:00
iglocska 5522578f68 Update to the shadow attributes 
- UI changes
- changed the relationship between shadowattributes and events to be
hasMany
 2013-06-03 16:25:43 +02:00
iglocska 0c30fd1227 Attribute type pipe and mutex 
- 2 new attribute types
- Same change as on develop
 2013-06-03 09:38:55 +02:00
Christophe Vandeplas 03a9b2bcc2 UI event fixes 2013-06-01 11:05:15 +02:00
Christophe Vandeplas 69251490ef Merge branch 'feature/gui' of https://github.com/MISP/MISP into 
feature/gui

Conflicts:
	app/View/Logs/admin_index.ctp
	app/View/Logs/admin_search.ctp
	app/View/Users/memberslist.ctp
 2013-05-31 17:50:00 +02:00
Christophe Vandeplas e3ed847ba0 fixing some REST API and XML issues 2013-05-28 11:15:21 +02:00
Christophe Vandeplas 512c74e7bd minor cleanup 2013-05-22 12:49:40 +02:00
Christophe Vandeplas 62a3da46f2 removed useless hop_count 2013-05-22 08:18:34 +02:00
Iglocska a707df1b31 Strict messages fixes #99 and user edit requiring to change password 
fixes #67

- Plugins and the user model were throwing strict messages in php 5.4+
or with E_STRICT on php 5.3 and lower. Should be fixed.

- New cakePHP added automatic HTML5 validation to form fields, which
breaks fields that can alternatively be left empty to not be edited
(such as the password field in user edits) - removed the html5 form
validation from user edits.
 2013-05-13 14:27:40 +02:00
Christophe Vandeplas 2776513395 moved fragmented massagedata to Model::beforeValidate() 2013-04-30 08:20:23 +02:00
Andras Iklody 6332dbf05b Removal of more remnants of the old ACL and tightening of the filename 
checks

- actAs acl removed from role and user models together with some extra
code related to the ACL

- Fix of the filename regex as pointed out by cvandeplas.
 2013-04-29 10:52:07 +02:00
Andras Iklody b98818ebfb Small errors with the merge corrected 
- some errors managed to slip through during the merge, should be fixed
 2013-04-25 15:37:49 +02:00
Andras Iklody 4396cec8ea Integrated ownership, ACL and minor fixes 
- Orgs can propose new attributes or changes to existing attributes for
  events that they do not own

- publishing users of the owner organisation can see, accept or discard
  them

- Reworked the access control

- minor fixes
 2013-04-25 14:04:08 +02:00
Christophe Vandeplas 23742c543c rewrote fetching of the related events 2013-04-22 15:04:27 +02:00
Christophe Vandeplas 97f93248f9 remove unused function 2013-04-22 11:14:49 +02:00
Christophe Vandeplas bc3921eece new logic to generate correlation, relates to issue #95 . Updated DB 
schema !
 2013-04-22 10:59:55 +02:00
Andras Iklody 63ef768665 Issue with Correlations going missing 
- Update to the delete in afterSaveCorrelation
 2013-04-18 11:06:10 +02:00
Andras Iklody 9a6733acfd Removal of deprecated code 
- The flag private is deprecated, removed together with the code that was
  affected by it
 2013-04-17 11:13:09 +02:00
Christophe Vandeplas 8029d7fa29 removes multiple correlation engines Fixes #83 but after testing issue 
#95 comes to light
 2013-04-16 16:59:12 +02:00
Andras Iklody be2d6ae3b9 Removed leftover debug code 
- forced exception to test debug output left in - removed
 2013-04-12 13:21:21 +02:00
iglocska f18ee0da3c Fix to a validation error 
- regkey|value's validation was inversed only accepting incorrect entries
 2013-03-20 11:02:57 +01:00
iglocska cdb3c908eb Validation of vulnerability to CVE number, Fixes #35 2013-03-18 16:50:28 +01:00
Andras Iklody 019e976783 Removed the js title bubble for related events 
- Removed javascripts based title bubble showing the event info in related
  events / attributes and in the search attribute view.

- Replaced it with values provided by extra cake queries as the delay for
  fetching the info field through a js rest request was annoyingly slow

- some coding standards
 2013-03-08 13:16:02 +01:00
Andras Iklody 3646bca059 Regexp validation 
- an invalid regexp entry could block any event/attribute from being
  entered. Introduced a check on regexp entry to block faulty patterns.
 2013-03-07 15:19:55 +01:00
Andras Iklody 83294820bf Changes to logs and some minor changes 
- Regexp, blacklist, roles, whitelists now logged

- adminCRUD now sets ID (for the logging) on edit

- some minor UI changes (removal of empty action menues on the left menu
  bar)
 2013-03-07 11:51:43 +01:00
Andras Iklody b9d4ac9cba Subscription to alerts from contact reporter 
- Users can now choose to subscribe to receive e-mails from the "Contact
  Reporter" feature.
 2013-03-06 11:34:22 +01:00
Andras Iklody 4a368918eb Colouring of search terms works in links 
- links now have proper colouring to make the found terms more visible
 2013-03-04 18:05:17 +01:00
Andras Iklody a72503161b Fixed some regex issues and file name validation 
- Fixed an issue that caused attribute values to be converted to 1 on
  save in case of an empty regexp table

- Filename validation now happens via whitelisting instead of filename
  sanitization
 2013-03-04 14:53:52 +01:00
Andras Iklody 8e6852e037 Export distribution 
- Export didn't take into account distribution rules, should be fixed

- Fixed a bug with editing attributes
 2013-02-28 17:16:52 +01:00
Andras Iklody a7bb5c7767 Composite type change 
- composite type's value not exploded if value1 already set (to hopefully
  fix issues with the migration tool)
 2013-02-26 15:38:08 +01:00
Andras Iklody 9a92637a91 Regexp fixed 
- Regexp replacement didn't actually change the data in the object. Fixed.
 2013-02-26 13:45:54 +01:00
Andras Iklody 6dc73314bf Changes to the distribution handling of attributes 
- Only the creating org of the event can change the distribution of
  attributes

- Attribute distribution setting are only pushed on edits if they were
  manually changed (so that the distribution level of events on the
  creating server doesn't get degraded by an edit and push of the event at
  a synced server when using connected community settings).

- slight change to the batch attribute search, the search terms are only
  echoed up to 9 terms to prevent the mass echoing of a long list
 2013-02-25 16:38:04 +01:00
Andras Iklody fad8e809ad Minor changes 
- some changes to the access control

- re-renabled regexp and blacklists, will need a closer look though

- editing a role should update ACL

- some other minor things
 2013-02-21 17:24:41 +01:00
Andras Iklody fcd91b1654 Previous commit was slightly off 
Changed the placing of the unset, as it broke the push of attachments.
Should be fine now.
 2013-02-21 10:55:49 +01:00
Andras Iklody b1174c3733 Major bug with attributes disappearing during sync 
Found a bug where an instance that has a lower attribute count pushing to
another would cause the attributes with equal attribute ID to get
overwritten with the pushed ones. Unsetting the attribute ID before the
push fixes this.
 2013-02-21 10:24:48 +01:00
Andras Iklody 0f947085cb Reworked the sync / release control 
- Fixed issues with the sync
	- Secondary publishes on remote servers failed
	- Introduced new fields in events to stop backward traverse of
	  edit information that lead to low performance and eroneous
	  distribution information updates when more than 2 servers were
	  linked
	- Deletion of an attribute now deletes on remote servers

- Changes to the event ownership
	- Original creator org now noted in the event itself
	- Only original creator org can change distribution
	- Events will show up with the original creator org for users
	  (admins can see both that and the owner of the event on the
	  local instance)
	- Server.organization now used in junction with the connecting
	  user's org and the instance's org (from the bootstrap) to
	  determine distribution flow control and access rights

- Lots of minor changes
 2013-02-19 15:37:35 +01:00
Noud de Brouwer ce44cdb529 coding standards 
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
 2013-02-15 14:20:03 +00:00
Andras Iklody f754eec840 Minor change to the validation 
- Some types didn't have any validation info, defaulting in an incorrect
input - fixed

- re-enabled the sanitization of file names
 2013-02-11 17:23:07 +01:00
Andras Iklody e17228490b Minor changes to the validation 2013-02-11 15:56:10 +01:00
Andras Iklody afed0f2046 Changes to link validation and minor fixes 
- Links get validated now to filter malicios code

- removed a double edit button in the case of an admin editing himself

- fixed an error with adding new attributes
 2013-02-11 11:26:34 +01:00
Andras Iklody e88a3a9cf7 Updates to security 
- perm_auth new toggle, can disable auth key usage for a role

- prevents sync / rest with a perm_auth == false key

- some changes to sync to provide better feedback on why it failed

- rewording of distribution options
 2013-02-06 17:45:43 +01:00
Andras Iklody e976242878 Reworked aros_acos creation 
- moved and fixed the aros_acos creation on the new role creation

- new method in appController that sets all the aros_acos from scratch
  (for example for a new instance, or a changed acos / aros table)

- some minor changes, redirects to the terms page on invalid events
  removed, etc.
 2013-02-05 17:22:37 +01:00
Andras Iklody 7f6f166838 Fixes to access rights, some sanitization, etc 
- Admins cannot manually change anyone's authkey, they need to generate a
  new one via the reset link

- Some pages could be accessed by changing the url - fixed (though needs
  further testing)

- Edited a change in the manual that may have been confusing

- Some changes to the way ACL is set up - still needs more work
 2013-02-04 17:55:35 +01:00
Noud de Brouwer a6371f5ad8 coding standards 
Coding Standards.
 2013-01-28 08:32:01 +00:00
Andras 8d88bcb2b5 Fix for the synchronisation 
An error in the pull fix broke the push/publish feature. Fixed.
 2013-01-27 21:27:58 +01:00
Andras Iklody ce4bf4bd1b Fixed push/publish 
Fixed a few issues that caused push/publish not to work
 2013-01-24 15:10:59 +01:00
Noud de Brouwer 48ad60eb61 GPG 
start of check/correct.
 2013-01-23 15:22:21 +00:00
Noud de Brouwer ef0f2201ac PGP 
clean key remark.
 2013-01-23 13:41:34 +00:00
Noud de Brouwer 9da93c51a6 PGP 
direction-like-out-commented try.
 2013-01-23 12:31:55 +00:00
Andras Iklody 41049c4e83 Distribution level explanation 
The description of the distribution levels has been updated
 2013-01-22 15:18:26 +01:00
Andras Iklody 2718bc6c09 Slight change to distribution description 
Changed the explanation for each distribution level on event creation
 2013-01-22 15:14:08 +01:00
Noud de Brouwer 6e06f665a8 Blacklist 
Blacklist gets activated on Event.info and Attribute.value.
 2013-01-10 14:43:37 +00:00
Noud de Brouwer 3dec0d997b Behavior 
Use settings, par-example, name a field to Import Blacklist.
 2013-01-10 12:37:07 +00:00
Noud de Brouwer 5fc0656896 Blacklist 
A list of stringparts not to be able to enter.
 2013-01-09 14:58:52 +00:00
Noud de Brouwer a9a1bc91a1 AdminCrud and coding standard 
more AdminCrud and coding standard clean up.
 2013-01-04 15:48:46 +00:00
Noud de Brouwer 1e518f8bc0 Import Regexp 
Renamed Import Whitelist to Import Regexp.
 2012-12-20 18:47:38 +00:00
Andras Iklody 879154eab2 Fixed deprecated errors 
Removed cause of deprecated errors (Pass by reference)
 2012-12-20 14:48:23 +01:00
Noud de Brouwer f6c140e1dc coding standards 
Coding Standards.
 2012-12-19 13:34:40 +00:00
Noud de Brouwer 71dea125ae Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig into develop 2012-12-19 10:35:07 +00:00
Charlie Root e474b8e189 generateAllFor<FieldName> 
conflicts with CAKE/Model/Model::_call() so no findBy<FieldName>.
(and various very minor other things.)
 2012-12-19 10:30:10 +00:00
Andras Iklody 2497f87a41 Removed option "Sandbox" from analysis 2012-12-19 10:21:34 +01:00
Noud de Brouwer 9ca03f1f37 coding standards 
Coding Standards.
 2012-12-19 01:48:53 +00:00
Noud de Brouwer 2643da164c coding standards 
Coding Standards.
 2012-12-18 19:36:34 +00:00
Noud de Brouwer d89ab91dee coding standards 
Coding Standards.
 2012-12-18 16:44:07 +00:00
Noud de Brouwer 8864ee78f7 generateAllFor<FieldName> 
so we can use an URL like:
http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
 2012-12-18 03:50:52 +00:00
Andras Iklody 38506ecaf8 Added missing 4th option to analysis levels 2012-12-17 17:52:30 +01:00
Andras Iklody 7def9f6afc Fixed an issue with the events 2012-12-17 17:31:10 +01:00
Andras Iklody 1ceadab700 Added features from branch analysis_levels 
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
 2012-12-17 15:51:30 +01:00
noud 9e9f34cb58 Merge branch 'master' into develop 2012-12-13 16:26:29 +01:00
noud 5ae254792c oeps 
leftover debug() removed.
 2012-12-13 16:25:53 +01:00
noud 2903493205 Merge branch 'master' into develop 
Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
 2012-12-13 16:03:35 +01:00
noud 276cb5df10 RESTfull sync 
this is in responce to the email
From: <User1088@QET.BE>
To: <ndebrouwer@hotmail.com>, <andrzej.dereszowski@ncirc.nato.int>
Subject: Re: sync/REST
Date: Fri, 7 Dec 2012 13:30:10 +0000
in this there is a complaint about the RESTfull sync workings.
the email hints about 2 possible options:
i) RESTfull add event without attributes (conform the web interface)
ii) RESTfull add event with attributes (more conform the code)

both are implemented and can be choisen in bootstrap.php by
Configure::write('CyDefSIG.rest', 'ii') or 'i'.
 2012-12-13 15:52:00 +01:00
noud 094719fa01 Merge branch 'master' into develop 
Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Model/Event.php
 2012-12-12 18:01:39 +01:00
noud 26c8ad57ee Role 
renamed everything group to role (i.s.o. renaming just the visable).
 2012-12-12 16:15:01 +01:00
noud 079ce88793 RESTfull sync 
Let RESTfull only work conform the web pages (to Christophes wish),
so add/edit event apart from add/edit attribute.
(there is annotation in the code to revert back to full RESTfull and
add/edit the attribute(s) alongside add/edit the event.)
 2012-12-11 16:11:45 +01:00
noud 6f4b72f214 RESTfull sync 
redone delete attribute and add that to the sync.
 2012-12-11 10:33:32 +01:00
noud 718691a627 RESTfull 
make RESTfull event add and edit work again.
 2012-12-10 13:49:56 +01:00
noud e24ff690bb RESTfull/sync 
redid the sync, so if add and exist, send HTTP 302 and different
Location, and do edit there.
Still, the final result has to compare the attributes and if needed
RESTfull delete.
 2012-12-07 13:56:19 +01:00
noud 2b76d6011f correlation 
corrected very old error if one event got 3 attributes having the
same value1 but variation in value2.
(in the past the correlation got signed to the 1st attribute, not to the
respective attributes.)
 2012-12-05 14:52:03 +01:00
noud d453ee1d99 Import Whitelist 
if not regex and only replacement, consider that as a comment.
 2012-12-05 10:14:14 +01:00
noud 98a2df0280 Import Whitelist 
if Import Whitelist item has regex and no replacement, then do not allow
an attribute having value the regex and do not allow events having info
conform that regex.
 2012-12-04 08:51:27 +01:00
noud 053edeb304 regex and blacklist 
blacklist, as in, do not input attributes, is working now,
for manual, batch and GFI Sandbox import.
 2012-12-03 10:34:28 +01:00
noud 2af02aa100 input regex 
use RegexBehavior on Event.info and Attribute.value.
 2012-11-30 13:52:09 +01:00
noud eff2f77126 trim 
use the TrimBehavior on all inputable models.
 2012-11-29 09:35:57 +01:00
noud 1e4597c009 distribution 
if distribute upstream, do not alter org, user_id nor distribution
settings.
 2012-11-28 11:09:08 +01:00
noud 7ff004f5d6 correlation 
altered so an event distribution preveals over it's attributes
distribution.
 2012-11-28 10:55:23 +01:00
noud a3524bb0ee coding standards 
correct conform coding standards.
 2012-11-27 12:51:00 +01:00
noud be472df5b5 trim 
add TrimBehavior to use in Servers and lateron in Attributes.
 2012-11-26 15:34:54 +01:00
noud fb41a0c2ca validation 
trim all string fields in server.
(later bring this to AppModel or behavior level)
 2012-11-26 12:19:06 +01:00
noud fb6014efc4 coding standards 
better parameters on callback routines.
 2012-11-23 08:57:34 +01:00
noud 016df03ba7 sync 
validation on server.authkey having minlenght of 40 like user.authkey.
 2012-11-20 17:18:16 +01:00
noud 5d58c52281 sync 
corrected pull for events having no distributable attributes.
 2012-11-20 14:35:02 +01:00
noud 957b3e27b8 Merge branch 'master' into develop 
Conflicts:
	app/Controller/ServersController.php
 2012-11-20 11:01:18 +01:00
noud 2f53972b99 code standards 
conform code standards.
 2012-11-20 08:37:33 +01:00
noud b2c268845f code standards 
respect code standards.
 2012-11-19 14:49:38 +01:00
noud 52c9114694 sync 
array correction done so no 2 kinda the same tests during pull.
 2012-11-19 13:42:41 +01:00
noud 543f7c3570 sync 
pull goes okay with just one event.
pull with multiple events was already okay.
 2012-11-19 13:25:40 +01:00
noud 1cddb6abe0 distribution 
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities

Push is tested, pull not yet.
 2012-11-16 15:25:57 +01:00
noud 2a12a5db3e dns 
config if there is a name server available and do not use if not there.
 2012-11-16 11:22:19 +01:00
noud 247525ccbf sync (publish) 
Event publish button in events index and event view does
report push failure(s) if any remote server is down.
 2012-11-16 10:09:04 +01:00
noud fdd999ef35 correlation 
fixed correlations being double accounted.
 2012-11-15 15:53:07 +01:00
noud 7a96c66b49 whitelist 
cleanup whitelist.
 2012-11-15 09:31:34 +01:00
noud ea0ab59e4f code standards 
corrections toward code standards.
 2012-11-14 17:16:36 +01:00
noud 6b06ba7ff6 count & GFI Sandbox 
count # attributes in events index.
plus various fixes for distribution in correlation of a GFI Sandbox
upload.
 2012-11-14 16:14:04 +01:00
noud 7171b5027e correlation 
if second attribute, create the reverse correlation as well.
 2012-11-14 11:28:42 +01:00
noud 723ef6c3d1 correlation 
respect distribution Org in correlations.
(for this
add correlations.1_private conform MYSQL.correlaton.sql
and
AppController::generateCorrelation() must be run)
 2012-11-13 14:13:38 +01:00
noud 1183437606 correlation 
respect distribution Org only.
 2012-11-09 13:42:15 +01:00
noud a2bc237bcd RBAC 
should now respect Manage, so also edit, own and org events.‏
 2012-11-08 14:09:52 +01:00
noud f7c5127da2 RBAC 
change the “Requested Level of User Access” items
conform "draft of Terms-ofUse and Joining Instruction".‏
 2012-11-08 10:31:50 +01:00
noud 2785512268 distribution 
removed No push leftovers as a distribution.
 2012-11-07 15:41:50 +01:00
noud f66b199f26 distribution 
removed No push as a distribution.
 2012-11-05 13:05:31 +01:00
noud d17d5b6b8a distribution 
do not push Community nor No push conform private.
 2012-11-02 13:37:33 +01:00
noud 6495787023 Audit log 
Following events are now being logged: 
1. Adding a new user.
2. Deleting a user.
 2012-10-31 15:34:43 +01:00
noud f82c3f5f0c dropdowns 
let the risk dropdown in event add and edit behave like the other
dropdowns.
 2012-10-30 12:54:04 +01:00
noud 39abe9e589 Distribution 
distribution changes conform func.spec.
 2012-10-29 16:49:04 +01:00
noud cfe6535f97 distribution 
better descriptive tooltip text.
 2012-10-24 11:20:36 +02:00
noud 0232148631 dropdowns 
better optgroup support in dropdowns where 'ALL' or '' is used
in Search Attributes and Search Logs.
 2012-10-24 10:42:32 +02:00
Christophe Vandeplas 1f47003069 Merge branch 'master' of code.lab.modiss.be:cydefsig 2012-10-23 17:55:20 +02:00
noud b6c6fda2ee outcommented a debug (PGP related). 2012-10-23 15:01:34 +02:00
noud 4b096fa584 distribution 
changes and cleanup.
 2012-10-23 11:28:39 +02:00
noud 1f428e4aa5 Wording change 
so this works.
 2012-10-22 16:39:33 +02:00
Andrzej Dereszowski 25e63dda68 Wording change 
Changed Private column to Distribution + some minor vocabulary changes.
 2012-10-22 16:29:08 +02:00
Christophe Vandeplas 9ae92ddd5c fixes download-sync-bug when only one event is present on the remote 
instance
 2012-10-22 15:53:36 +02:00
noud 0d65adc9d5 Merge branch 'master' into develop 2012-10-19 13:31:19 +02:00
noud eae89d95cd Private. 
Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.

Has a generatePrivate for db conversion now.
 2012-10-18 11:40:12 +02:00
Andrzej Dereszowski 0402c291a2 New attribute type - yara sig 2012-10-18 09:56:46 +02:00
noud 67e50cb612 Private 
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).

Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
 2012-10-17 14:45:26 +02:00
noud 5bef441aba GFI Sandbox 2012-10-17 10:42:09 +02:00
noud 7bf0e2f882 Groups 
Do not delete group if there is still Users as children.
 2012-10-10 10:53:52 +02:00
noud d112775251 Merge branch 'master' into develop 2012-10-09 13:10:27 +02:00
noud 739c334a8d validation. 
corrected again..filename was wrong,
filename|md5 was correct.
so reverted the filename|md5 change.
 2012-10-05 13:35:08 +02:00
noud 23776d31bb Code Standards. 
Somehow 2 "!"s got lost in Attribute.php.
Somehow one change from type_definitions to typeDefinitons sliped
through.
 2012-10-03 11:09:30 +02:00
noud ec0892a6ad Merge branch 'master' into develop 
Conflicts:
	app/Config/bootstrap.php
 2012-09-25 15:54:25 +02:00
noud 18fb8a7a64 CakePHP 
Update from CakePHP to version 2.2.2
as well as needed patch files.
 2012-09-25 15:41:58 +02:00
noud 8f3d624c1a Merge branch 'master' into develop 
Conflicts:
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Attributes/edit.ctp
	app/View/Attributes/index.ctp
	app/View/Elements/actions_menu.ctp
	app/View/Events/add.ctp
	app/View/Events/index.ctp
	app/View/Events/view.ctp
	app/View/Events/xml/view.ctp
	app/View/Servers/index.ctp
	app/View/Users/admin_index.ctp
 2012-09-24 16:02:01 +02:00
noud 8179a1a691 Merge and code standards. 
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
 2012-09-24 09:02:09 +02:00
noud 7129bb18a3 Merge. 
validateAttributeValue always has to return true.
 2012-09-24 08:27:22 +02:00
noud 113b445bcf Better placement of plugins (touching RBAC & Audit log) 
If it's just an existing behavior or lib,
place it in a plugin directory structure in <cydefsig>/plugins.

If there is a need to change an extern existing plugin,
extend the existing plugin by a new plugin in <cydefsig>/app/Plugin.

This way there is a very clean devision between own and external code.
The external code can be updated without touching own nor changed code.
 2012-09-20 11:34:41 +02:00
noud df3e6dd765 CakePHP Coding Standards 
Not return in a switch but after that switch statement.
 2012-09-19 11:24:12 +02:00
noud 1d04652476 CakePHP Coding Standards 
changed to camel caps format where needed.
 2012-09-19 11:05:10 +02:00
noud 94a367c2f5 CakePHP Coding Standards 
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html

Eclipse:
Window->Preferences
	General->Editors->Text Editors
		Displayed tab width:	4
		Insert spaces for tabs	NOT
	PHP->Code Style->Formatter
		Tab policy:	Tabs
File->Convert Line Delimeters To->Unix [default]

http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/

Not yet done is all camel caps format.
 2012-09-18 15:30:32 +02:00
noud 253d8e1b58 Merge branch 'master' into develop 
Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/View/Events/view.ctp
 2012-09-17 13:02:53 +02:00
Christophe Vandeplas e07950c68d removed published from 2012-09-05 13:28:40 +02:00
Christophe Vandeplas 35e1a455cd further cleanup of logo improvement 2012-08-31 10:45:54 +02:00
noud 4ae71fc963 Sync. 
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).

To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
 2012-08-28 15:36:14 +02:00
noud ea5ea121e3 Add attribute. 
Add attribute, do not fill in any, and hit Submit, did give error
messages.
 2012-08-24 14:09:17 +02:00
noud 7d98c5f31e GFI Sandbox upload. 
If add event, give a GFI Sandbox export file upload field option.
Unzip, read .xml, add attachment malware, created files and ip-dst.
 2012-08-22 16:04:55 +02:00
noud 19bb9b0a81 LogableBehavior. 
removed some debug() and fixed writing to syslog when deleting event
with attributes.
 2012-08-22 15:57:22 +02:00
noud 7e23e3bc77 Event.user_id rollback(-part). 2012-08-22 15:19:28 +02:00
noud 8c1cfa731a loggable behaviour. 
some merge correction for events and servers, so we log again.
 2012-08-22 14:39:41 +02:00
noud 474058cc24 use DS in stead of '/'. 2012-08-21 16:57:42 +02:00
noud b7a5d8a3f8 Delete (published) event or attribute. 
Previous, upon delete only on the local server the event or attribute
was deleted.
Now, if delete, look for same event or attribute (using it's uuid)
and delete on remote servers as well.
Also look and delete if not published, so no dangling/zombie copies
remain on remote servers.
 2012-08-21 16:55:57 +02:00
noud 44172d244b Authkey validation. 
An authkey with any length, so less then 40, could be entered.
Now authkey has to have a length of 40 (or higher).
 2012-08-17 08:42:21 +02:00
noud cdc7484944 REST edit Event implementation. 
Now after publish, edit and (re)publish an event,
that event will be updated on the other servers.
 2012-08-07 11:57:52 +02:00
noud 8dc4fa383b Event.user_id. 
Event.user_id was re-added but we still missed some,
so an added event would get user_id set to zero.
Now Event gets the correct user_id again from
the person logged in and adding.
(lateron this must not be used during sync.)
 2012-08-06 14:27:55 +02:00
noud b24acfb4a5 Whitelist. 
An admin can maintain a whitelist of host, domain name and ip numbers.
In the NIDS export lines containing whitelist items are commented out.
 2012-08-06 10:42:46 +02:00
noud 2dea0e347d Correlation performance gain. 
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');

possible values: 
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
  (sql improvement possible if result conform db above)

Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)

          default     db    sql
all         25366  16601  15941
            24839  16604  15611
paginated   16759   8447   6615
            17734   8639   8846

this is used in both:
- events/view/<id>
- attributes/event/<id>
 2012-08-03 12:00:16 +02:00
noud 01980dbe88 Fix to pulling from an unknown server. 
- a server having a non-existing internet name gives
  "php_network_getaddresses:
  getaddrinfo failed: Name or service not known"
  on pull.
 2012-08-01 10:20:17 +02:00
noud 0854e19439 Sync Servers, fix if server no MISP or non-existing hostname. 
- a server containing no MISP gives "XML cannot be read." on publish.
- a server having a non-existing internet name gives 
  "php_network_getaddresses: getaddrinfo failed: Name or service not
known" on publish.
 2012-08-01 09:06:39 +02:00
Andrzej Dereszowski 3ff180e898 Merge branch 'develop_0.2.2-0.2.3' into develop 
Conflicts:
	app/Config/Schema/schema_0.2.2.php
	app/Config/routes.php
	app/Controller/AppController.php
	app/Controller/UsersController.php
	app/Model/User.php
	app/README.txt
 2012-07-24 16:09:48 +02:00
noud de89d28caa Fix, paging on event with lots of attributes. 2012-07-20 13:27:55 +02:00
noud e9234bcee7 Fixed non-printable in no-composite attribute. 2012-07-20 08:48:12 +02:00
noud 78f629e6dd Redo Event.user_id 2012-07-19 14:52:27 +02:00
Andrzej Dereszowski bf98f2db3c Merge branch 'develop_0.2.2_fixes' into develop 
Conflicts:
	app/Model/Attribute.php
 2012-07-11 16:15:27 +02:00
noud 5c1a8e22fb Fix, do strtolower on types filename|md5 and filename|sha1 conform types 
md5 and sha1.
 2012-07-11 14:35:46 +02:00
noud 8f4727e3ad Correction to upload so zip only ticked when malware and not when 
attachement.
 2012-07-10 11:39:43 +02:00
noud 4ac501d54e Only show categories with type attachment or malware-sample in Add 
Attachement view. (this was..No possibility to upload if type
attachement or malware-sample is not in category.)
 2012-07-09 14:14:55 +02:00
noud ed41233f2a No possibility to upload if type attachement or malware-sample is not in 
category.
 2012-07-06 13:48:17 +02:00
noud 63bdfe2961 Edit composite attribute to non-composite attribute fix. 2012-07-04 14:05:18 +02:00
deresz 50e3566f3a Some modifications to category/attribute matrix. MISP database is now compatible for sync with CyDefSIG. 2012-07-04 11:28:40 +02:00
noud 5bac9ac928 Forgot LogableBehavior in the first commit. 2012-07-02 12:52:57 +02:00
noud 66c5312ea6 DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
root b4558887ce Revert "Audit and ACL first cut." 
This reverts commit 5818231f48.
 2012-06-26 09:40:52 +02:00
noud 5818231f48 Audit and ACL first cut. 2012-06-25 15:54:52 +02:00
Christophe Vandeplas 7cea666c9b fix an php error when importing attributes with incorrect type - 
category validation
 2012-06-13 16:02:27 +02:00
Christophe Vandeplas 957e4f232b minor memory usage improvements by referencing in foreach ($array as 
&$value) loop
 2012-06-11 11:40:31 +02:00
Christophe Vandeplas 2d335f5dbe cleanup of comments and todos 
minor memory performance improvement
 2012-06-11 11:01:58 +02:00
Christophe Vandeplas 082e1f2784 Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop 2012-06-08 17:04:46 +02:00
Christophe Vandeplas 5eb6a89384 removed reference to useless user_id. 
fixed bug where Contact reporter doesn't work when user does not exist
(contact reporter now sends mails to all the org)
 2012-06-08 16:57:10 +02:00
Andrzej Dereszowski 2b63f955a6 I think comment should not be correlated neither but correct me if I'm wrong 2012-06-08 12:24:01 +02:00
Christophe Vandeplas 0687d3f6f4 fixed huge SQL injection vulnerability created in bruteforce protection. 
Shame on me !!!
 2012-06-06 11:12:19 +02:00
Christophe Vandeplas 9cd1b0469d minor change 2012-06-06 11:03:08 +02:00
Christophe Vandeplas 6e9ab97791 implementation of a anti-brute-force password guessing mechanism. 2012-06-06 11:00:02 +02:00
Christophe Vandeplas c95f8904a0 removed description field ( should be replaced by comment ) 2012-06-03 22:52:46 +02:00
Christophe Vandeplas 39fb9bca1d Attribute types validation is now a separate function that uses the 
Attribute->type_definitions variable
 2012-05-31 17:12:26 +02:00
Christophe Vandeplas aac2f5926f minor fixes 2012-05-31 08:55:51 +02:00
Christophe Vandeplas 8505396b25 select boxes with filtering now 2012-05-30 18:11:44 +02:00
Christophe Vandeplas f35c311651 improved documentation 2012-05-30 17:13:35 +02:00
Christophe Vandeplas 24e7139e45 minor fix in Attribute tooltip 
more documentation (autogenerated)
 2012-05-30 10:24:57 +02:00
Andrzej Dereszowski 7ee4d29fac Fixed merge conflicts with HEAD at belmod 
Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop

Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
 2012-05-29 17:19:36 +02:00
Andrzej Dereszowski 1a91c2f49b Help messages implementation (forms and list views). 2012-05-29 16:53:50 +02:00
Andrzej Dereszowski 51dbbcfa13 Explanation messages implemenented for forms and for list views (using 
"title" html element)
 2012-05-29 16:50:45 +02:00
Christophe Vandeplas 4d70df3b32 fixed error when type was not set 2012-05-25 11:03:38 +02:00
Christophe Vandeplas ad69aeb38f only sync event on publish when sync feature is on 2012-05-25 09:34:54 +02:00
Christophe Vandeplas 747c211723 auto-upload when publish event 2012-05-25 09:31:14 +02:00
Christophe Vandeplas efa590de23 moved some functions around 2012-05-25 08:13:40 +02:00
Christophe Vandeplas cd30bb5d30 push / pull seems to work with attachment support. Lots of testing 
required.
 2012-05-23 16:32:46 +02:00
Christophe Vandeplas 6d8b0a98b0 attachment support in REST API 2012-05-22 13:58:37 +02:00
Christophe Vandeplas 00d62ab722 REST XML request also received base64 encoded file content 2012-05-21 15:20:25 +02:00
Christophe Vandeplas 9e9837d59d Basic sync push seems to work 2012-05-03 14:32:49 +02:00
Christophe Vandeplas 97a5790938 fixes bug in discovered while running migrate02to021 script 2012-04-25 13:56:25 +02:00
Christophe Vandeplas 6e9f0f0d24 split value to value1 and value2. 
You need to update the DB schema and run /events/migrate02to021 to
migrate the data
 2012-04-25 13:17:44 +02:00
Christophe Vandeplas aea079b8c4 bugfix in Attribute validation 
Do not search for related attributes for specific types
 2012-04-25 10:30:23 +02:00
Christophe Vandeplas 388f3cc445 Merge commit '280baac98902789ee69186539474a2e82156659e' into develop 
Resolved Conflicts in:
	app/View/Events/view.ctp
 2012-04-25 09:04:07 +02:00
Andrzej Dereszowski 29c5411ece minor cosmetic changes 2012-04-13 10:53:53 +02:00
Christophe Vandeplas a2d073b7b9 REST POST of event and signatures works (basics, no error-handling) 2012-04-10 15:47:42 +02:00
Christophe Vandeplas a45b70bc8d Add, edit, delete and (basic) Manual Sync server functionality added 2012-04-04 20:22:22 +02:00
Christophe Vandeplas 7f33beaa4c Micro usability improvement 2012-04-04 19:03:39 +02:00
Christophe Vandeplas 49aaced78a Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop 
Fixed conflicts in: app/View/Events/view.ctp
 2012-04-04 17:53:51 +02:00
Andrzej Dereszowski faffe87ea6 - some bugfixes in validation corrected 
- new attribute type - link to external site
 2012-04-02 19:24:50 +02:00
Andrzej Dereszowski 6c5a5aa427 - small bug with "No GPG key" message marked in the code 
- path to homedir for GPG added in User.php
 2012-04-02 12:14:27 +02:00
Christophe Vandeplas 2142585710 Implemented basics for private, nonsyncable, Events or Attributes. 2012-04-01 18:41:47 +02:00
Christophe Vandeplas 67d3a9f9d2 minor changes 2012-04-01 15:49:01 +02:00
Christophe Vandeplas aa8ba55dac First experimental test of importing events from a remote server. 
Only new events are imported.
 2012-03-31 19:06:43 +02:00
Christophe Vandeplas 20cddd07db changed alerted -> published 
other minor fixes
 2012-03-27 14:49:31 +02:00
Christophe Vandeplas da99625a6c minor change in getRelatedAttributes function 2012-03-27 14:02:49 +02:00
Christophe Vandeplas 1518b1ebcc filename|sha1 data validation 2012-03-27 11:03:57 +02:00
Christophe Vandeplas 67907864a1 filename|sha1 2012-03-27 11:01:33 +02:00
Christophe Vandeplas 7c4394682d Renamed Signature to Attribute 2012-03-26 19:56:44 +02:00
Christophe Vandeplas df7efb9d88 number of entries in the index lists 2012-03-26 13:11:06 +02:00
Christophe Vandeplas 7b1673d212 md5 and sha1 hashes now automatically lowercase 
cleaned up some code and fixed some vulnerabilities
 2012-03-25 15:56:29 +02:00
Christophe Vandeplas 0ed69399b1 extra vulnerability type 2012-03-24 10:48:06 +01:00
Christophe Vandeplas da2687846b Implemented file-upload of attachment or password protected 
malware-samples. Base code contributed by Andrzej Dereszowski
 2012-03-23 20:04:22 +01:00
Christophe Vandeplas da48ad4769 Confirm password functionality (thanks to Andrzej) 2012-03-22 10:06:33 +01:00
Christophe Vandeplas 23572019bb Signature is now known as Attribute 2012-03-21 21:25:16 +01:00
Christophe Vandeplas ce0c0aba0e isAuthorized now handles permissions on admin,delete,edit,... actions 2012-03-20 14:57:52 +01:00
Christophe Vandeplas 495cc1a6c2 UUID support for syncing 2012-03-20 13:40:58 +01:00
Christophe Vandeplas b79d16291b Fixes bug: to_ids should be there otherwise you cannot edit the 
signature to change the "to_ids" checkbox. By Andrzej Dereszowski
 2012-03-18 08:02:31 +01:00
Christophe Vandeplas 07f6b5e090 cleanup old __('Actions') and non echo __() 2012-03-16 14:13:31 +01:00
Christophe Vandeplas 865a24d0bd Migration to CakePHP 2.1. 
Most of the functionality migrated, Q&A review required.
 2012-03-15 15:06:45 +01:00