MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
9,443 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

2807 Commits (84f1006ed61ed4eb7860de054d5e49a402d20b2f)

Author SHA1 Message Date
iglocska fc03a21ef7 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-07-17 07:06:52 +02:00
iglocska 064f266159 fix: [API] Attribute edit via uuid fails as non site admin, fixes #3487 2018-07-17 07:04:46 +02:00
Steve Clement c761f78ee3 fix: [i18n] added missing %s 2018-07-14 23:52:55 +02:00
Steve Clement 112323f49a Merge remote-tracking branch 'upstream/2.4' into 2.4 2018-07-13 15:26:56 +02:00
iglocska fefc87ba66 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-07-13 12:09:06 +02:00
iglocska 71bb60a702 new: [Statistics] Added a new tab to the statistics showing the user/organisation additions over the past month/year 2018-07-13 12:08:29 +02:00
Steve Clement c607729e18 chg: [i18n] More __(); 2018-07-12 23:36:47 +02:00
Sami Mokaddem 225c34ef0b Merge remote-tracking branch 'upstream/2.4' into sharingGraph 2018-07-12 14:47:14 +00:00
iglocska 248439f6fb fix: [python3] Missed python3 call instead of python 2018-07-12 16:19:01 +02:00
iglocska cbc09e4540 fix: [i18n] Added default language 2018-07-12 16:12:15 +02:00
iglocska 6b31fc6c2e Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-07-11 10:22:12 +02:00
iglocska 0d45dbc27a new: [API] Check for malformed JSON requests 2018-07-11 10:16:19 +02:00
Sami Mokaddem 508c7a3b68 Merge remote-tracking branch 'upstream/2.4' into sharingGraph 2018-07-10 08:55:42 +00:00
Sami Mokaddem 692b410f92 chg: [eventGraph] refacto after comments from the Overmind 2018-07-10 08:43:38 +00:00
Andras Iklody ad15ffa7ce
Merge pull request #3460 from kalyparker/fix-export-events-csv 
fix: export events csv with CR (fix #3458)
 2018-07-10 09:28:22 +02:00
kalyparker 34f15268d2 fix: export events csv with CR (fix #3458) 
Export using automation functionnality for ids does not clean the special char like CRLF.
When there is a carriage return in the event info, the csv is broken.
 2018-07-09 08:58:12 -07:00
Sami Mokaddem 61cab26e18 Merge remote-tracking branch 'upstream/2.4' into sharingGraph 2018-07-09 12:14:20 +00:00
Sami Mokaddem eb1b8bcba5 chg: [attackMatrix] support of quick tagging from the attackMatrix at 
event view level
 2018-07-09 09:55:17 +00:00
iglocska f48adaf2bc fix: [API] Removed unused optional field from the organisation API descriptions. 2018-07-09 00:45:04 +02:00
iglocska f89d6ba582 fix: [performance] Changed regex clean all function to work in a chunked fashion 2018-07-07 21:30:50 +02:00
Sami Mokaddem b7a16803f3 chg: [appController] bumped query version 2018-07-06 14:48:14 +00:00
Sami Mokaddem 159feba4ea Merge remote-tracking branch 'upstream/2.4' into sharingGraph 2018-07-06 14:20:14 +00:00
Sami Mokaddem 4903a54397 chg: [eventGraph] removed useless comments and checks 2018-07-06 13:44:52 +00:00
Sami Mokaddem b6dc678084 fix: [eventGraph] fix validation and Model class name 2018-07-06 13:26:08 +00:00
Sami Mokaddem 75dd257941 chg: [eventGraph] renaming EventNetworkHistory into simply EventGraph 2018-07-06 13:17:59 +00:00
iglocska f83d799c5a fix: [cleanup] Removed duplicate line, fixes #3448 2018-07-06 13:55:32 +02:00
Sami Mokaddem f836b5650e Merge remote-tracking branch 'upstream/2.4' into sharingGraph 2018-07-06 09:23:50 +00:00
Sami Mokaddem e1c9b21b8e chg: [ACL] bumped to reflect networkHistory controller 2018-07-06 09:12:26 +00:00
Sami Mokaddem 46ecaff0f2 chg: [eventGraph] fixed img_preview size, catch keyboard inputs and 
removed useless function
 2018-07-06 09:10:17 +00:00
Sami Mokaddem b200b1d02f new: [eventGraph] added network preview feature 2018-07-06 08:58:25 +00:00
iglocska 8d567782d9 chg: [cleanup] Removed the deprecated GFI sandbox import 
- Burn the heretic. Kill the mutant. Purge the unclean.
 2018-07-06 10:57:44 +02:00
Sami Mokaddem f45e49e451 chg: [eventGraph] Usage of fetchEvent function, refacto + sorting on 
creation date + disabling button if user is not authorized to
save/delete/.. the network
 2018-07-06 07:39:48 +00:00
iglocska 5ba322076b chg: [refactor] Fixed an issue where too many events would cause a query too large for mysql to handle when querying /events/index via the API, fixes #3444 2018-07-05 18:52:25 +02:00
Sami Mokaddem 03a7ee6f9c chg: [eventGraph] only networkHistory user creator can delete its 
saved network
 2018-07-05 13:15:05 +00:00
Sami Mokaddem 93ba5617ea chg: [eventGraph] Implemented saving/deleting feature 2018-07-05 11:57:28 +00:00
Dawid Czarnecki 124640ce78 chg: Case insensitive sort of organisation list 2018-07-05 11:09:13 +02:00
iglocska 73c18f8833 new: [API] Updated the timestmap handling in the restSearch APIs to use the new smart-system 2018-07-04 15:53:01 +02:00
iglocska 20c00a33be new: [galaxies] Force update galaxies and update improvements in general 
- passing /1 to the galaxy update function now forces updates on all clusters
- performance improvements
 2018-07-04 13:08:47 +02:00
iglocska c3158b50ba new: [edit strategy API] To support a smoother integration with the Hive, new API that describes what the edit strategy is for an event 
- GET on /events/getEditStrategy/[id]
  - where id can be either a local ID or a UUID

- returns a JSON dictionary with the following fields:
  - strategy: edit | extend (edit if it's an own event, extend otherwise)
  - extensions: list of dictionaries with existing extensions created by the user's org (containing the id, uuid, info fields)

- The algorithms implementing this should prioritise as such:

1. Check if user can edit the event (strategy == edit) - if yes, edit
2. If no, check if extensions exist - if yes, edit one of those
3. If no, create a new extension to the original event
 2018-07-02 17:29:53 +02:00
iglocska d428f47655 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-07-02 16:57:35 +02:00
iglocska 59b17b5af6 new: [sync] Added flag to avoid using the proxy 
- in some cases you have internal sync between instances in which case going through the proxy is silly
 2018-07-02 16:56:50 +02:00
Alexandre Dulaunoy e8d8d80aba
chg: [PyMISP] released as 2.4.93 2018-07-01 18:26:06 +02:00
iglocska 09e68880c5 fix: [CSRF] Don't run the CSRF form protection on the attribute search 2018-06-29 13:06:27 +02:00
Sami Mokaddem 04caa5056a new: [eventGraph] SharingGraph: added skeleton of Model/Controller for 
saving and sharing the network among organisations (+ javascript
interaction functions)
 2018-06-28 07:49:17 +00:00
iglocska 81c0fc2279 new: [API] Added unsafe URL parameter to authenticate users 
- for legacy tools that cannot pass headers in HTTP requests for some insane reason
- Needs to be enabled by a site admin - default is that it is disabled
- MISP's diagnostic tool WILL complain if this is ever enabled
 2018-06-27 14:25:40 +02:00
iglocska 67d074ea63 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-06-24 08:32:05 +02:00
iglocska eb7901c882 fix: [UI] fixed Event lock breaking the restoration of soft deleted attributes 2018-06-24 08:31:19 +02:00
iglocska 4bff6092e5 fix: Correlation popup format 2018-06-23 23:59:34 +02:00
Sami Mokaddem 6637d19e46 fix: bump query_version and updated queryACL 2018-06-22 13:37:49 +00:00
Sami Mokaddem 05a56a3048 fix: [attackMatrix] only return the result for the last attached galaxy 
If a galaxy is already attached, just skip the message.
(The return value is a string, we don't want to compare the string value for
each galaxy to be attached)
 2018-06-22 12:16:12 +00:00
Sami Mokaddem 062a303cc7 Merge branch '2.4' of https://github.com/MISP/MISP into attackMatrix 2018-06-22 12:02:17 +00:00
iglocska 72050ec5ea fix: [UI] Fixed a bug with galaxies not being addable 2018-06-22 12:08:26 +02:00
Sami Mokaddem 4730938e5f new: [attackMatrix] Skeleton of multiple galaxy picking 2018-06-22 09:56:31 +00:00
iglocska 0241ddc0fa Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-06-22 09:35:38 +02:00
iglocska 2aaf2c54c4 chg: [diagnostics] Make the STIX diagnostics a bit less cryptic 2018-06-22 09:34:56 +02:00
Sami Mokaddem 925a1dd3fa chg: [attackMatrix] ATT&CK Tactic is put at the top when picking 
galaxies and is shown in All namespace mode
 2018-06-22 05:56:31 +00:00
iglocska 6ffacc1e23 fix: [security] Brute force protection can be bypased with a PUT request 
- fixes an issue where brute forcing the login would work by using PUT requests
- as reported by Silver Saks from CCDCOE
 2018-06-21 15:48:32 +02:00
iglocska 437793a65f fix: Fixed a bug where users couldn't add galaxies after paginating/filtering on event attributes 2018-06-21 09:07:38 +02:00
iglocska 1bafccf30a fix: Fixed broken correlation toggle on the event view 2018-06-21 06:05:09 +02:00
iglocska c721142f9b fix: [sync] pull not working due to invalid lookup against galaxies 2018-06-20 17:03:31 +02:00
iglocska 505cccdbaf fix: [error messages] made some of the error messages a bit more uniform 2018-06-20 15:12:23 +02:00
iglocska a930fdeaeb new: [i18n] Added tools to switch between languages via the server settings 2018-06-20 15:11:43 +02:00
iglocska 214df94bda chg: [i18n] Made the strings more i18n friendly across the application 2018-06-20 12:56:53 +02:00
iglocska 13c144b962 fix: [galaxies] Fixed query causing MYSQL errors due to group by not containing a silently loaded field 2018-06-20 11:33:45 +02:00
iglocska 381a4b8895 fix: Don't require API users to acept the terms / change password to get going 
- to get the API key they need to log in anyway via the interface
 2018-06-20 07:55:04 +02:00
iglocska 87c152d9f3 fix: Use common code-path for user init via the login page and the CLI 
- also, be consistent with initial settings
 2018-06-20 07:32:52 +02:00
Sami Mokaddem e3988c73ad new: [attackMatrix] Also consider attack galaxy at event level in the 
heatmap
fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendTool
 2018-06-18 14:51:29 +00:00
Sami Mokaddem 1f685bf625 fix: [attackMatrix] added missing entries in ACL component 2018-06-18 12:21:45 +00:00
Sami Mokaddem 3a27009775 Merge remote-tracking branch 'upstream/2.4' into attack 2018-06-18 12:18:31 +00:00
Sami Mokaddem 929946f055 new: [attackMatrix] added instance UUID in rest response 2018-06-18 12:04:38 +00:00
Sami Mokaddem 8d145086f0 new: [attackMatrix] statistic about attack tags used in the instance 
chg: [attackMatrix] moved functions in to model and matrix view into elements
 2018-06-18 09:58:20 +00:00
Sami Mokaddem 4785400228 fix: [attackMatrix] cluster ATT&CK Tactic is shown in Mitre namespace 
only
 2018-06-15 13:14:45 +00:00
Sami Mokaddem bc156ab13a new: [AttackMatrix] added Mobile/Pre-Attack Matrix support, UI 
improvements and code refacto
 2018-06-15 09:19:53 +00:00
iglocska 5d925cbf96 fix: [bug] Endless loop when terms are not accepted / password not reset fixed, fixes #3336 2018-06-12 22:41:57 +02:00
iglocska 3e5e432436 fix: Fixed permission check for adding tags to an event 2018-06-12 17:01:54 +02:00
iglocska 1a980185d4 fix: [ACL] added new functions to the ACL 2018-06-12 16:39:08 +02:00
Sami Mokaddem 95e694f054 fix: [AttackMatrix] picking Att&ck tactic correctly redirect on the 
matrix
 2018-06-12 14:25:43 +00:00
iglocska ac0663862f chg: [version bump] querystring bumped 2018-06-12 16:10:49 +02:00
iglocska 48feb7b7d2 new: [functionality] Kick user out if the session is expired instead of only doing it on a page load 2018-06-12 16:09:50 +02:00
iglocska 5b16dda5fa fix: [bug] invalid function call for the event lock via the objects controller 2018-06-12 16:08:32 +02:00
Sami Mokaddem 6c8bdeaff6 chg: [attackMatrix] Restrict view to be ajax only 2018-06-12 13:16:23 +00:00
Sami Mokaddem 635d1fcc5d new: [GalaxyPicking] Choose the galaxy namespace first before showing 
related galaxies
 2018-06-12 13:11:29 +00:00
Sami Mokaddem 5f36725ede new: [attackMatrix] Ability to attach Mitre att&ck galaxy from the 
matrix
 2018-06-12 12:39:48 +00:00
iglocska 6890b734cc new: [UI/UX] Event lock initial version 
- Show if another user is editing the event you're viewing (same org only)
 2018-06-12 09:40:23 +02:00
chrisr3d 009dac1e43
add: [Diagnostic] Added maec python library requirements 2018-06-11 16:27:13 +02:00
Sami Mokaddem 34c69d00e2 fix: [eventView] Hide galaxy tags after search 2018-06-11 14:05:45 +00:00
Sami Mokaddem 5d8c2ccf5e new: [attackMatrix] legend scale of the heatmap with dynamic updates 2018-06-11 10:24:55 +00:00
Sami Mokaddem 4fdf7f6340 new: [attackMatrix] force kill chaine header order 2018-06-08 14:28:42 +00:00
Sami Mokaddem 775001f2cc new: [attackMatrix] addition of heatmap on tiles depending on occurence 
of the tag
 2018-06-08 14:16:40 +00:00
iglocska e3eb71b29a new: [ACL] Added new role permission: publish_zmq 
- permission flag to use the "publish to ZMQ" button
 2018-06-07 17:52:01 +02:00
Sami Mokaddem cd0d75a4c6 new: Initial skeleton of Mitre attack matrix 2018-06-07 14:43:04 +00:00
Raphaël Vinot 4ee0e8dced
chg: Bump PyMISP version. 2018-06-07 12:12:29 +02:00
iglocska 1917ebd096 Merge branch 'deadlockfix' into 2.4 2018-06-05 18:07:06 +02:00
iglocska ed09fdedbf new: [performance] Made the deadlock fix optional 
- old behaviour by default or if the setting is disabled
- new behaviour with non transactional attribute add / correlation add
 2018-06-05 18:06:02 +02:00
iglocska 043c74beaf chg: [API] Adding a tag will no longer throw exceptions if the tag already exists 
- instead the existing tag is returned for further reuse along with a HTTP code of 200
 2018-06-05 17:52:08 +02:00
iglocska e3c8f80421 new: batch delete should hard delete if event hasn't been published yet, fixes #3311 2018-06-05 17:50:26 +02:00
iglocska 020157df00 new: [API] objects/add now supports uuids and the version number 
- API: /objects/add/[template_id]/[version]
  - template_id can be a UUID
  - version is an optional parameter to select the specific version of a template if searching by uuid
 2018-06-05 16:30:26 +02:00
iglocska 755e0c3b34 fix: [object references] Object references can be added to deleted objects/attributes, fixes #3312 2018-06-05 15:35:26 +02:00
iglocska feadeb3ae9 fix: [cleanup] Removed non-sensical line 2018-06-02 23:23:55 +02:00
iglocska a2746418ae fix: Allow updateDatabase to accept numbers 2018-05-31 14:39:28 +02:00
iglocska ba5b5447f4 fix: Added missing lookup for pymisp versions via the diagnostics 2018-05-31 14:34:00 +02:00
iglocska 4e41aa940c Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-05-27 23:34:58 +02:00
iglocska 2ed4ecec02 new: Stricter validation of baseurl when coming via the API tool 2018-05-26 06:55:28 +02:00
iso 215a61895d Remove leading tab 2018-05-26 01:15:55 +09:00
iglocska 008ef4fa35 fix: [API] Add object request has been black-holed. #3271 
- blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
 2018-05-23 11:11:35 +02:00
iglocska e631025dac Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-05-23 10:34:47 +02:00
iglocska 9ffd05e57d fix: [API] Add object request has been black-holed. #3271 
- blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
 2018-05-23 10:33:40 +02:00
iglocska d644d9411d fix: [API] Fixed a black hole on API actions via the Objects controller, fixes #3271 
- Blanket disabling the security component due to the changes in cakePHP for API requests had the side effect that explicit security component stance changes would lead to exceptions
 2018-05-23 10:31:09 +02:00
Andras Iklody 093bfc47fe
Merge pull request #3267 from mokaddem/issue_3247 
fix: [UI filtering] be sure that '0' is not interpreted as empty.
 2018-05-22 16:24:17 +02:00
iglocska 37b856d60a fix: Invalid flash message fixed when editing an attribute 
- was showing an error on success
 2018-05-22 16:18:13 +02:00
Sami Mokaddem 00ec493414 chg: [UI Filtering] Do not set searchFor in the URL if no value. 
After a discussion with iglocksa, it is better to fix it js side than
server side.
 2018-05-22 14:16:27 +00:00
Sami Mokaddem 4d39d3296a fix: [UI filtering] be sure that '0' is not interpreted as empty. 2018-05-22 13:49:03 +00:00
iglocska 6ad4a16718 fix: potential fix for the deadlock issue addressing #3264 
- This will mean a performance hit for correlations / adding attributes in general, but let's see how it goes
 2018-05-22 13:56:46 +02:00
iglocska 5780d0c5d8 fix: [UI filtering] Attribute quick filter broke all the tabbed filters, fixes #3247 2018-05-22 11:29:17 +02:00
iglocska 1dae56527f fix: Fixed editing servers to add a server certificate not saving said certificate 2018-05-18 10:03:50 +02:00
iglocska 2b2a0c25a4 fix: Various fixes to the add feed action/view 2018-05-17 10:03:26 +02:00
iglocska a21fcadd94 fix: Ignore camelised vs underscored controller name differences in the ACL 2018-05-17 09:39:15 +02:00
iglocska c6957ad121 fix: Fixed some issues with the new notifications 2018-05-16 19:56:12 +02:00
iglocska 68b8266584 new: New flash message system, fixes #3252 
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
 2018-05-16 19:32:38 +02:00
iglocska dc57eee534 fix: Fixed invalid org lookup on the attribute index resulting in some notices thrown 2018-05-16 13:39:29 +02:00
iglocska 645d996c14 new: Remove galaxy cluster information from the sync mechanism for now 
- currently galaxy clusters aren't shared anyway, no point in blowing up the data size / processing time
 2018-05-15 07:44:37 +02:00
iglocska d49a190f99 fix: Version bump 2018-05-14 23:22:35 +02:00
iglocska 2be71c596c version bump 2018-05-14 23:22:18 +02:00
iglocska 962461890c new: Added attribute level galaxy clusters 2018-05-14 23:20:09 +02:00
iglocska 5acfac3539 fix: Some cleanup 2018-05-12 17:26:16 +02:00
iglocska 74e77b0511 chg: [API] Attaching a tag to an object no longer throws an exception if the tag already exists, fixes #3245 
- just emits positive vibes by saying that no changes had to be made
 2018-05-11 09:00:46 +02:00
iglocska abd745ce16 chg: [debug] Added debug of failed mass edits to returned JSON 2018-05-10 12:19:05 +02:00
iglocska db7419c96e fix: Don't lowercase the controllername for the ACL Component 2018-05-10 11:55:10 +02:00
iglocska fefe92bde8 new: [Export] Added a secondary CSV export that includes more context to the UI download tool 2018-05-09 14:10:23 +02:00
iglocska e1721e0177 fix: [ACL] Made the ACL system's behaviour more lax when it comes to capitalisation mistakes in the URL, fixes #3240 2018-05-09 13:23:30 +02:00
iglocska 42d86d7b18 fix: [API] Tightened the disabling of the security component to counter the effects of cakephp 2.10.x 2018-05-09 13:08:42 +02:00
iglocska 39f66eb868 fix: Restart the workers due to the new cakephp version causing issues 2018-05-09 09:15:18 +02:00
iglocska 776084130f fix: Remove form tampering for REST requests 
- makes MISP compatible with 2.10.x
- No point in running the security component's test since no form is submitted via REST anyway.
 2018-05-08 18:50:27 +02:00
iglocska 436c9c9a01 fix: Fixed broken objects/edit 2018-05-08 14:07:40 +02:00
iglocska 3c33d82244 fix: Fixed object add 2018-05-08 14:00:19 +02:00
iglocska c01f2d54f0 chg: Allow /objects/edit/id to accept a UUID instead of a local ID 2018-05-08 11:33:36 +02:00
iglocska d49e3cb83f fix: Handle no template being passed to objects/add correctly 2018-05-08 09:44:04 +02:00
iglocska b325a5d2a4 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-05-08 07:52:32 +02:00
iglocska 14c46b11c0 Merge branch 'smallfixes' into 2.4 2018-05-08 07:41:05 +02:00
Sami Mokaddem 680311f68f chg: [Controllers] sets the ajax variable globally 
As well as removing useless set in controllers and accessing it instead
of passing through the request.
 2018-05-07 14:44:59 +00:00
Sami Mokaddem 36fc897e71 fix: [CorrelationGraph] set the undefined ajax variable when pivoting from a taxonomy tag / galaxy cluster in fullscreen 2018-05-07 13:53:38 +00:00
iglocska 05cf0563e1 new: First implementation of the Noticelist system ready 2018-05-07 10:43:21 +02:00
iglocska 13e407fd7c new: added noticelist view 2018-05-07 06:36:56 +02:00
iglocska 2f8686aec3 fix: Don't redirect users to terms page if no terms page is set 2018-05-06 22:42:21 +02:00
iglocska 5b1689071d new: Noticelist system added 2018-05-05 23:04:10 +02:00
iglocska eef8279c40 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-05-04 12:37:07 +02:00
iglocska 5e77af9cb0 fix: Fixed a bug that prevented servers from being added 2018-05-04 12:36:33 +02:00
Sami Mokaddem a3d6fb3497 chg: [EventController] replaced if/else by ternary condition 2018-05-04 06:32:59 +00:00
Sami Mokaddem 507cd0ee85 chg: Trying not to break the MVC pattern 
Server model is not passed to the constructor anymore, as well as the
Organisation model.
 2018-05-04 06:27:54 +00:00
Sami Mokaddem 6d476814b0 Merge remote-tracking branch 'upstream/2.4' into distributionGraphDonut 2018-05-03 13:52:40 +00:00