- added UUID -> ID lookup function and integrated it across several functions
- fixes#4990
- fixes#4999
- fixes#4993
- fixes#4991
- fixes#4989
- fixes#4987
- cookieTimeout setting fixed
- moved the session massaging into a separate function
- added some translation calls for some of the setting errors involved
- changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions
- timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
- event view uses the new parametrised system
- massive reduction of weird custom UI stuff to prepare MISP for a move to bootstrap 4
- should fix the dodgy UI issues that @rommelfs was experiencing on his Playmobil laptop
- view the failed/succeeded saves in batch imports, fixes#3866
- fixed a bug that inserted junk into the flash messages, fixes#3863
- fixed a bug that removed all but the last entry in a failed batch import #3865
- just pass /sql:1 to any query via the API to see a dump of all queries
- Response isn't very clean, JSON pushed infront of whatever the output is
- requires debug mode = 2
- authenticate user via URL params if not already authenticated (to support legacy APIs)
- harvest parameters in a standardised way for filtering all export APIs
- for legacy tools that cannot pass headers in HTTP requests for some insane reason
- Needs to be enabled by a site admin - default is that it is disabled
- MISP's diagnostic tool WILL complain if this is ever enabled
- blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
- Organisation merge is now offered to the user by the edit page if a UUID was used to edit an organisation that is already in use
- Merging a local org with 1+ user(s) into an external organisation converts the target organisation into a local one
- Merging a local organisation with a logo into an organisation without one will move the current logo to over
- caveat: this will only happen for organisations already using the new logo naming ([id].png as opposed to [name].png)
- use the feed uuid caches to link directly to affected MISP events
- various UI improvements
- Feed preview pagination / POSTed event ID filters added
- Fixed a reflected XSS in the sharing group editor that requires malicious organisation names
- Low impact due to the following requirements:
- organisation names with malicious org names (JS in the orgname)
- sharing group editor user has to manually add an organisation to the list that has javascript in the org name
- only vulnerable view is the editor itself, so the impact is limited to
users that manually add organisations with malicious names to the list themselves / edit such sharing groups
- As reported by Dawid Czarnecki
When server setting MISP.terms_download=true and MISP.terms_file exists under MISP/app/files/terms directory user wasn't able to download terms and conditions before accepting it.
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed
- Thanks to cert.govt.nz for the security report.
- simply use the multi select on the event index via the UI
- for the API, simply POST to /events/delete with a payload in the following format:
`{"id": [15, 16, 17]}`
- if you've accidentally deleted all your events using this functionality, feel free to contact @rommelfs or contact the NSA for backups
- Popups get scrollbars / realligned for potato resolutions
- General cleanup of popup related functions in the JS
- Added version querystring to the css files, no more ctrl+f5ing after some updates
- right now it's pretty dumb, it simply pulls the same branch that the current user is on
- Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line
- Fixed file header formatting for the export to Bro format (tabs used consistently).
- Computing the time needed for generating the export to Bro format when done using a background job.
- When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside.
- Changed the file extension of Bro export files from ".intel" to ".txt".
- Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS).
- Fixed some of the API endpoints which were not accepted (ACL issues).
- Added support for a list of events that should be / should not be included in the export.
- Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute.
- Sanitized the exported data for Bro.
- Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
- Moved the bruteforce protection directly to the login action
- Fixed the datetime format used by the protection
- Cleaned up the logging of failed attempts
- Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync
- This ensures that internal sync only happens when the same organisation owns both instances
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments