MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,726 Commits
34 Branches
365 Tags
188 MiB
Commit Graph

583 Commits (a7905b40cededa7fb54e2c735b8196c9aae03f94)

Author SHA1 Message Date
mokaddem f03a5c7b5f
chg: [diagnostic] Exposed dbSchemaDiagnostic to the API 2019-11-08 13:52:00 +01:00
mokaddem e32dcf3c69
fix: [releaseUpdateLock] Fixed error message to reflect the reality 2019-11-08 11:51:53 +01:00
mokaddem 0087a49fcc
chg: Usage of camelCase instead of snake_case 2019-10-29 09:57:25 +01:00
mokaddem b87ee19146
chg: [update] Actually reset `UpdateFailNumber` when manually unlocking 2019-10-15 11:44:34 +02:00
mokaddem 959ef2a1e7
chg: [updateProgress] Do no show negative remaining update anymore in 
the UI
 2019-10-14 10:59:26 +02:00
mokaddem 5d4142f62a
chg: [update] Parametrized ignore_disabled in ondemand_action and 
support of string update in update_progress
 2019-10-14 10:49:41 +02:00
Jakub Onderka 8e197d463d chg: [internal] Much better error handling for feed preview 2019-10-10 19:10:52 +02:00
mokaddem 0e2205c061
chg: [update] Added endpoint to release lock and integration with UI 2019-10-10 12:02:23 +02:00
mokaddem 8760c98c7e
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-10-08 12:02:09 +02:00
mokaddem ce67cc242a
chg: [updateProgress] Added number of remaining db updates 2019-10-07 15:45:55 +02:00
garanews 85c28ce36e Fix some typo 
Fix some typo
 2019-10-04 13:02:59 +02:00
mokaddem c936d4ab51
chg: [updateProgress] Started taking into account stack of updates - WiP 2019-10-03 13:50:55 +02:00
mokaddem f4d06e7fc1
chg: [diagnostic] Exposed mysql and redis diagnostic on the API 2019-10-01 16:55:01 +02:00
mokaddem 39644802ff
fix: [update] Apply restriction of only 1 running process for only the `update` workers 2019-10-01 13:38:27 +02:00
mokaddem 6fd52393b7
chg: [update] Added new worker type `update` to perform updates 2019-10-01 13:36:37 +02:00
mokaddem 900317d5fe
Merge remote-tracking branch 'origin/2.4' into revisedUpdateProcess 2019-09-30 10:40:01 +02:00
Andras Iklody 7a71d76d82
Merge pull request #5198 from JakubOnderka/redis-info 
new: [internal] Redis diagnostic
 2019-09-27 22:19:05 +02:00
mokaddem 84290eaae6
chg: [dbSchemaDiagnostic] Added support of db_version 2019-09-26 15:20:32 +02:00
mokaddem 80b345c24e
chg: [dbSchemaDiagnostic] Improved parsing and UI - WiP 2019-09-26 14:34:05 +02:00
mokaddem c72f04dd90
Merge branch '2.4' into revisedUpdateProcess 2019-09-26 12:13:49 +02:00
Jakub Onderka 2b28d0c39e
fix: [UI] GnuPG diagnostic message 2019-09-23 09:38:15 +02:00
Jakub Onderka 84d100e982 new: [internal] Redis diagnostic 2019-09-21 07:43:35 +02:00
iglocska c6a1941454
fix: [API] Added DELETE http method to the rest client and fixed the JSON response of the API info 2019-09-20 11:53:28 +02:00
iglocska 71d8436cbc
fix: [UI] If a server add with a newly created external organisation fails, set the external organisation as the currently selected option after the validation fail redirect, fixes #5182 2019-09-18 14:37:42 +02:00
iglocska b6ba80e26e
fix: [prio] changePriority function responses fixed 2019-09-13 15:50:06 +02:00
iglocska ffc9147018
new: [sync] Added sync priority system to prioritise the order of instances to push to 2019-09-13 11:49:12 +02:00
iglocska ed0450faf4
new: [API] verbose output for /servers/update 2019-09-11 16:52:14 +02:00
mokaddem 9c02459fd0
new: [servers:DBDiagnostic] Improved indexTable and added new DB schema 
diagnostic (WiP)
 2019-09-10 15:13:06 +02:00
iglocska 75acd63c46
fix: [security] Fix to a vulnerability related to the server index 
- along with various support tools
- more information coming soon
 2019-09-09 13:00:21 +02:00
iglocska bbc05b229f
new: [diagnostics] Added SQL table size tool 
- along with various other small fixes
- increased recommended memory size additionally
 2019-08-21 17:01:52 +02:00
iglocska e8c5dba4f3
new: [API] get a single server setting via /servers/getSetting/[setting_name], fixes #4964 2019-08-15 20:01:36 +02:00
iglocska b2f3481806
fix: [sync] Sync object builder tool fixed 
- was picking the wrong org as the owner of the remote side
 2019-08-12 11:51:37 +02:00
iglocska 7b6a7a5a65
fix: [API] /servers/restartWorkers response fixed for API users, fixes #4966 2019-08-08 11:19:21 +02:00
iglocska e53a0046a9
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-08-07 15:04:51 +02:00
iglocska a46e7a680d
chg: [API] servers/serverSettingsEdit now accepts the force parameter in a posted JSON object 2019-08-07 15:03:32 +02:00
iglocska d6692c44a0
new: [sync] Previewing a remote instance now passes pagination rules in the request instead of fetching the full data-set and paginating in memory 
- fixes issues with empty preview pages
- massive performance boost
- requires the remote side to be the same version or newer
 2019-08-02 14:42:23 +02:00
iglocska 5f9e04aa4f
fix: [rest client] Potential fix to the skip ssl validation flag not working on wrong CN name 2019-07-31 14:10:19 +02:00
iglocska dc0f4741be
Revert "fix: [rest client] Potential fix to the SSL validation skip not working" 
This reverts commit 293871cee8.
 2019-07-31 14:03:22 +02:00
iglocska 293871cee8
fix: [rest client] Potential fix to the SSL validation skip not working 2019-07-31 13:58:34 +02:00
iglocska 118fb6649b
fix: [API] Server deletion now responds correctly via the API 2019-07-29 10:23:00 +02:00
iglocska a89b32d0c4
chg: Server pull/push endpoints allow the passing of the parameters as a POSTed JSON in addition to URL parameters, partially fixes #4889 2019-07-29 10:14:49 +02:00
iglocska c8018d7daa
new: [API] Proposal sync rework done 2019-07-12 16:03:08 +02:00
iglocska c06aa1fd79
fix: [API] Simple worker management added 
- /servers/startWorker/[queue]
- /servers/stopWorker/[pid]
- /servers/getWorkers
 2019-06-19 14:08:06 +02:00
iglocska c097f001dc
new: [security] Made certain settings modifiable via the CLI only 
- some settings are too risky to be exposed, even to site admins, so made them CLI accessible only
 2019-06-18 09:57:27 +02:00
iglocska 304358b162
fix: [sync] Fixed an issue that dropped the remote org 2019-05-30 15:06:51 +02:00
iglocska b23a2395e2
fix: [sync] whitelist fields that can be added via the JSON config 2019-05-30 14:50:51 +02:00
iglocska b706b5860b
fix: [UI] Invalid redirect fixed 2019-05-30 14:46:33 +02:00
iglocska aae9307106
new: [Sync] Add a tool to create MISP sync configuration JSONs and to ingest them, fixes #4696 
- sync user can log into remote instance, extract config JSON
- paste it into own instance as site admin to add MISP sync connection
 2019-05-30 14:42:29 +02:00
Steve Clement fc8f7982df
Zoidberg's son: Update system (#4534) 
Zoidberg's son: Update system
 2019-05-01 18:24:41 +09:00
iglocska 8b127f8fab new: [yara] Added diagnostics 2019-04-30 15:36:13 +02:00
mokaddem 47e13c8369 chg: [updates] Implented changes requested by the PR's review #4534. 2019-04-29 11:09:04 +02:00
mokaddem d6be8023e5 chg: [updateProgress] bit of cleanup 2019-04-26 14:10:26 +02:00
mokaddem ee735f00d4 new: [update] Injected update-related files/changes from zoidberg 2019-04-26 09:45:03 +02:00
iglocska 29598c2475 new: [API] Update JSON exposed to the API 2019-04-10 10:09:25 +02:00
mokaddem fe00c4d193 chg: [diagnostic:submodule] Started integration of update DB after pull 
with workers
 2019-04-05 14:28:19 +02:00
mokaddem 4216c9385b chg: [diagnostic:submodule] General improvements (see below) 
- Allow update button reuse (avoiding blackhole)
- Improved feedback when errors
- Check if submodules are readable
 2019-04-05 10:46:49 +02:00
mokaddem 368dce6bd8 new: [diagnostic:submodule] Added output message after update - WiP 2019-04-04 16:48:41 +02:00
mokaddem f03cae5f46 chg: [diagnostic] Improved submodules version and added individual 
update
 2019-04-02 11:29:10 +02:00
Steve Clement 823ea745be
Merge pull request #4337 from mokaddem/submoduleDiagnostic 
Submodule diagnostic
 2019-03-27 17:27:53 +01:00
4ekin 7a88c87b70 fix: fixed i18n string representation in Server Controller and Model 2019-03-26 17:02:05 +03:00
iglocska 96951afc47 fix: [sync] Adding a new server caused the pull/push rules to be incorrectly set to an empty string over '[]' causing sync issues, fixes #4369 
- this fix resolves the issue - new servers added should be fine
- it also retroactively fixes broken server connections
 2019-03-25 17:36:01 +01:00
iglocska 7fbc4dc34c new: [REST client] Added history/bookmarks 2019-03-19 10:55:27 +01:00
mokaddem 600e4b0573 new: [diagnostic] Fetch submodules git status 2019-03-18 16:17:10 +01:00
iglocska 5f34880010 chg: [REST] Disable all SSL validation if requested by the user 2019-03-14 18:14:01 +01:00
iglocska 7ceb64e0ba new: [exercises] Added a new setup script for configuring exercise infrastructures rapidly 
- assumes a hub MISP and a set of training MISPs for different participating teams
- This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
- each instance has to have the same API key for the site admin (the idea is to clone training VMs)

- configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances
- Just copy /var/www/MISP/app/Console/Command/training.default.json to /var/www/MISP/app/Console/Command/training.json and configure it to get started
 2019-03-13 12:24:53 +01:00
iglocska 11cd59b941 fix: ['rest client'] Python script generator fixed 2019-03-11 16:36:46 +01:00
iglocska 373c8a5c4f fix: [UI] Pass the server ID to the view for the menu's consistency 2019-02-23 12:54:54 +01:00
Christophe Vandeplas 67efc70bf5 fix: [style] consistent space indentation 2019-02-10 13:08:55 +01:00
chrisr3d aef4e51cdb
add: [diagnostic] Added check for STIX2 python library 2019-02-08 11:26:42 +01:00
iglocska fe1a7b8947 new: [CLI] Server settings refactored, fixes #4074 
- moved most of the codebase to the model
- streamlining of the setting change
- hooked the callback system into the CLI version of the setter
 2019-02-01 14:44:52 +01:00
iglocska 498a7ae77c new: [feeds] Opened up feed inspection to host org users and added servers to overlap matrix 2019-01-20 10:19:05 +01:00
iglocska 24146af9db new: [remote caching] First release version of the remote caching 2019-01-18 16:15:22 +01:00
iglocska 9c5fbdd7e9 new: [server caching] Initial version WIP 2019-01-18 09:06:23 +01:00
iglocska 8f9c6c1be6 Merge branch '2.4' into tag_collections 2019-01-01 17:38:32 +01:00
iglocska 6e8afdaa3a new: [tag collections] Add default tag collection per instance 2019-01-01 17:11:10 +01:00
iglocska 262066ecad fix: [cleanup] Fixed a few issues 
- unnecesary access to controller from component fixed (load component instead)
- confusion between private and public variables resolved
- some minor fixes for rules
 2018-12-31 08:02:00 +01:00
Sami Mokaddem 54162e4a82 chg: re-indented view file 2018-12-17 16:43:27 +01:00
Sami Mokaddem ed4f752d3a Merge remote-tracking branch 'origin/2.4' into querybuilder 2018-12-17 16:36:27 +01:00
iglocska af0f40ab97 new: [server settings] Added automatic backup system for the server settings 2018-11-26 09:12:01 +01:00
iglocska 2d0259ce13 fix: [CS] coding standards script re-run 2018-11-23 14:11:33 +01:00
mokaddem 8befc07fb5 new: [restClient] Transform query to json, more descriptions and layout changes 
- Added a lightweight query parser to construct the JSON body from the query builder
- Added more help text on API fields
- Added help hoover on API fields (when applicable)
- Added `optgroup` in template select
- Slight CSS modification on the overall page
- Changed behavior of template fetching (template existance is checked locally, do not wait before pulling the API info HTML)
 2018-11-09 08:58:58 +01:00
mokaddem 7f5225b154 new: [rest client] added first draft of querybuilder widget 2018-11-06 16:54:17 +01:00
iglocska 168fd9f3b0 fix: [server] Allow certificates to be uploaded with other extensions besides .pem, fixes #3797 2018-10-26 21:14:22 +02:00
iglocska 1187fb2a27 new: [API] Added CSV as return format for event index 2018-10-21 22:47:22 +02:00
Andras Iklody 35400ef309
Merge pull request #3765 from IFX-CDC/2.4 
add: workers diagnostics to the server settings
 2018-10-16 10:57:14 +02:00
netjinho c9540f3ad2 Fixed workers tab 2018-10-15 19:17:46 +02:00
netjinho 8a6c202e50 Added workers diagnostics to the server settings 2018-10-15 18:18:47 +02:00
www-data f9183dee3b Merge branch '2.4' into py-virtualenv 2018-10-15 17:09:18 +09:00
iglocska 6b8f846a4e new: [ReST client] generate python output too 
- also, nicer toggle!
 2018-10-09 15:56:09 +02:00
iglocska 7804989159 new: [ReST Client] added curl output to make everyone's lives a bit easier 2018-10-09 13:50:43 +02:00
Steve Clement e26e4a2e92 Merge branch '2.4' into py-virtualenv 2018-10-08 07:45:04 +08:00
iglocska cea4f857bb fix: [ReST] increased ReST client execution time to 300s 2018-10-03 08:00:04 +02:00
Steve Clement 51a3a5cdbf chg: [python] Added and amended varios places where python is called 2018-09-28 14:59:26 +02:00
iglocska 0123f23739 fix: [sync] Fixed some issues throwing notices when pulling 2018-09-09 15:55:42 +02:00
iglocska 1ab8a4e710 fix: [REST client] baseurl can now be set optionally in the url 2018-09-07 13:46:37 +02:00
iglocska 780cc86ca8 new: [REST client] added the api enumeration to the rest client view 2018-09-05 07:43:49 +02:00
iglocska a27a5efd26 fix: [REST client] resolved issues with the URL builder for the REST queries causing double "/"s after the baseurl 2018-09-03 17:57:05 +02:00
iglocska 17e538be05 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-09-01 23:53:39 +02:00
iglocska c91f1a5412 new: [REST client] Resolve urls and show API description if applicable 2018-09-01 23:53:03 +02:00
iglocska 84a146ea2c new: [REST client] Allow skipping SSL validation 2018-08-31 17:48:51 +02:00
iglocska a732cb4102 fix: [REST client] Fixed the url parser for the client not handling named params 2018-08-31 13:19:02 +02:00
iglocska 16f7ac960d fix: [merge conflict] added merge conflict resolution 2018-08-23 07:35:36 +02:00
iglocska 2a10276d07 Merge branch '2.4' into feature/api_rework 2018-08-22 17:39:56 +02:00
iglocska 113fa25471 new: [API] exposed the server related functionalities to the API 
- server index
- server push
- server pull

- improved logging / error reporting of the sync functionalities
 2018-08-22 17:00:13 +02:00
iglocska b407aba746 fix: [CS] Updated recent changes 2018-08-20 10:50:09 +02:00
iglocska 0694263e15 Merge branch '2.4' into feature/api_rework 2018-08-09 16:51:20 +02:00
iglocska 635be01f49 fix: [rest client] corrected the calculation of the rest client duration 
- I can't maff gud
 2018-08-08 13:31:08 +02:00
iglocska c8fcb16881 new: [feature] Built in REST client added to test / interact with the API directly from MISP 
- no more shitty chrome extensions that crash during trainings, rejoice!
 2018-08-08 11:29:38 +02:00
iglocska 9c755af7f7 chg: [cleanup] Removed unused view variable 2018-08-03 20:01:47 +02:00
iglocska c4500c15f0 fix: [sync] Fixed buggy connection test 
- refactor revealed that the sync user access on the remote was never correctly determined
- fallback method that has since been removed for 2+ year old instances was always used due to the above issue
 2018-08-03 19:20:00 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
iglocska 248439f6fb fix: [python3] Missed python3 call instead of python 2018-07-12 16:19:01 +02:00
iglocska 59b17b5af6 new: [sync] Added flag to avoid using the proxy 
- in some cases you have internal sync between instances in which case going through the proxy is silly
 2018-07-02 16:56:50 +02:00
iglocska 2aaf2c54c4 chg: [diagnostics] Make the STIX diagnostics a bit less cryptic 2018-06-22 09:34:56 +02:00
iglocska a930fdeaeb new: [i18n] Added tools to switch between languages via the server settings 2018-06-20 15:11:43 +02:00
iglocska 214df94bda chg: [i18n] Made the strings more i18n friendly across the application 2018-06-20 12:56:53 +02:00
chrisr3d 009dac1e43
add: [Diagnostic] Added maec python library requirements 2018-06-11 16:27:13 +02:00
iglocska ba5b5447f4 fix: Added missing lookup for pymisp versions via the diagnostics 2018-05-31 14:34:00 +02:00
iglocska 1dae56527f fix: Fixed editing servers to add a server certificate not saving said certificate 2018-05-18 10:03:50 +02:00
iglocska 68b8266584 new: New flash message system, fixes #3252 
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
 2018-05-16 19:32:38 +02:00
iglocska 39f66eb868 fix: Restart the workers due to the new cakephp version causing issues 2018-05-09 09:15:18 +02:00
Sami Mokaddem 680311f68f chg: [Controllers] sets the ajax variable globally 
As well as removing useless set in controllers and accessing it instead
of passing through the request.
 2018-05-07 14:44:59 +00:00
iglocska 5e77af9cb0 fix: Fixed a bug that prevented servers from being added 2018-05-04 12:36:33 +02:00
iglocska 2cf4dfbafa fix: Allow "json" not to be set when adding a server via the API 2018-04-29 01:58:23 +02:00
iglocska 728c8bbb1d fix: Fixed /servers/add via REST API not working, fixes #3202 
- corrected list of parameters
- added sane defaults so that only the minimum list of fields is actually required
- fixed a bunch of stuff that was just plain broken with this API
 2018-04-28 21:53:29 +02:00
iglocska f60b16df0f chg: Changed the parameter order for the push server shell 2018-04-16 07:59:01 +02:00
StefanKelm 76deac9ca2
Update ServersController.php 2018-03-27 15:42:21 +02:00
iglocska d20e04ae6c fix: Fixed command execution for site admins 
- a server setting allowing the override of the path variable for esoteric RHEL systems allowed site admins to inject arbitrary commands
- impact was limited by the setting being only accessible to the site administrator

- as reported by Michael Grolimund from Swiss Post (@grolinet)

- CVE-2018-6926
 2018-02-12 17:58:47 +01:00
iglocska 42df9e36f3 fix: Fixed an issue with opcache not being used yet opcache_reset() being called, fixes #2727 2017-12-12 18:38:31 +01:00
Jan Skalny 084a3eb3ba fix: refresh rows in settings editor 2017-11-22 15:58:47 +01:00
iglocska 3ba6636bd5 new: change server settings via the API 
Usage:

Viewing current setting value:

GET /servers/serverSettingsEdit/[mysetting]
Accept: application/json
Content-type: application/json
Authorization: [mykey]

Altering setting value:

POST /servers/serverSettingsEdit/[mysetting]
Accept: application/json
Content-type: application/json
Authorization: [mykey]
Body: {"value":"My new value"}

As a reminder, get all settings and diagnostics via:

GET /servers/serverSettings/download
Accept: application/json
Content-type: application/json
Authorization: [mykey]
 2017-09-21 12:10:22 +02:00
iglocska d77ba1ddba new: Added objects to object preview 2017-09-13 13:53:40 +02:00
iglocska 470b7e5524 new: Added diagnostics for the new attachment tools 2017-09-08 10:31:02 +02:00
iglocska 952fff6252 fix: Fixes to several cases of reflected XSS, fixes #2381 
- as reported by @import-au

- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
 2017-08-08 21:37:03 +02:00
iglocska 78f07139bd chg: Redacted certain server settings that could be considered sensitive 
- Encryption passwords as well as redis password are now redacted from the server settings
- Also includes the JSON dump of the server settings

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:49:39 +02:00
Kevin Allix f612f0c627 allow a setting to NOT define a 'test' function 2017-07-04 12:13:10 +02:00
iglocska d5a8e266e4 fix: Added missing ServersController.php change that populates $php_ini 
- faildev forgot to commit the file
 2017-06-28 15:44:28 +02:00
iglocska 57857c3a32 new: Performance improvements for the pub-sub modules 
- Only load and open connection to redis for the pub-sub connection once.
- Massive performance boost when the ZMQ functionality is enabled
 2017-06-16 08:41:12 +02:00
Richard van den Berg 7b18dc19bb Also test for mixbox version 2017-05-19 15:22:48 +02:00
iglocska 314daa4551 new: Add instance uuid 2017-05-11 10:49:23 +02:00
Ángel González 926895733b Cosmetic changes 
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
 2017-05-08 00:45:57 +02:00
iglocska 9ccdc579a6 new: New module type: Cortex 
- similar to Enrichment modules except for not having the options to run hover
 2017-05-03 13:13:36 +02:00
devnull- 9835b8932f Merge branch '2.4' into issues_1643 2017-04-27 10:04:32 +02:00
iglocska e3eaeed6f5 fix: Added fallback for getallheaders() missing for some systems 2017-04-12 14:17:43 +02:00
iglocska 3fbfe08f87 new: Added a POST server connection test 
- hopefully it should help debug some issues
 2017-03-23 11:52:07 +01:00
iglocska 84e4a62aba new: Update MISP from the diagnostics page 
- right now it's pretty dumb, it simply pulls the same branch that the current user is on
- Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line
 2017-03-23 10:01:29 +01:00
Sebastien Quioc 2dcc704bb9 feature: Adds the api support to ServersController to edit servers 2017-02-23 15:00:19 +01:00
Sebastien Quioc 4aba3518fe refactor(controllers): adds checks for input parameters before editing a server 2017-02-23 15:00:09 +01:00
Sebastien Quioc 6b0895dc66 feature: Adds the api support to ServersController to add new servers 2017-02-23 14:59:47 +01:00
devnull- f24682f86a Merge branch '2.4' into issues_1643 2017-02-16 21:49:45 +01:00
Iglocska ffd087ba38 fix: Added a warning if utf8 encoding isn't set up in the database config 
- also, changed the default database config to enforce utf8
 2017-01-19 16:40:23 +01:00
iglocska 2b187d48fc new: Add a new api to check the supported PyMISP version 2017-01-08 20:20:49 +01:00
devnull- 4795c86295 Quick & Dirty 'without_email' & 'Unpublish_event' options for Sync Server 2017-01-05 16:43:22 +01:00
Iglocska 396ab8046f fix: Fix empty space issues with server settings 
- on input trim the string
- on the not empty check, first trim the string to warn users about existing issues
 2017-01-02 16:32:11 +01:00
Iglocska 354df29301 chg: Added more information to the diagnostics download 2016-11-30 18:10:58 +01:00
Iglocska 6df592b6e0 fix: Fixed an issue where the diagnostics complained about STIX not being installed if the stixtest.py was not readable 2016-11-27 11:39:03 +01:00
Iglocska 28dfc401d0 new: Added checks for the loaded php extensions, fixes #1672 
- Diagnosing not loaded extensions was a nightmare
- New system checks the loaded extensions via php and php-cli (could help with un****ing some RHEL/CentOS issues)
- Version check for the php-cli php version added

- only one extension is checked currently, to be updated at a later point in time (remember to also update the web and the cli extension list!)
 2016-11-19 15:16:14 +01:00
Iglocska 0e015b8b26 fix: removed test code 2016-10-31 20:26:18 +01:00
Iglocska 2e682189e1 fix: Fixed an issue where pushing events worked even if the remote user wasn't a sync user 2016-10-31 20:25:38 +01:00
Andras Iklody 276257c16c Merge pull request #1578 from rotanid/cleanup 
Cleanup
 2016-10-29 20:00:58 +02:00
Iglocska 77a0efdc54 fix: Small fix to the worker start script 2016-09-30 10:24:13 +02:00
Andreas Ziegler e59d42ed2a chg: remove obsolete variables 2016-09-28 03:55:48 +02:00
Iglocska f7c347f9a4 fix: sort server preview events by timestamp, fixes #1558 2016-09-23 15:17:01 +02:00
Andreas Ziegler 9604af90e8 fix: issue resulting from references removal, #1501, 25e52a6 (#1544) 2016-09-18 16:43:09 +02:00
Andreas Ziegler 25e52a6786 chg: remove some references to variables 2016-09-15 17:08:58 +02:00
iglocska 80ed1cf65d fix: Removed filename check from the AppController 
- rerouted all calls to the method to the Model equivalent
 2016-09-01 09:18:54 +02:00
iglocska 0cd7d8c072 fix: invalid indeces used for the MISP.host_org_id setting 2016-08-31 11:54:56 +02:00
iglocska 48d46c1b0c fix: Fixes to the internal server setup 
- Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync
- This ensures that internal sync only happens when the same organisation owns both instances
 2016-08-28 21:56:56 +02:00
iglocska cdf890cfc6 fix: Some minor fixes to the client_certs for the sync to align it with the other upstream changes 2016-08-28 21:37:28 +02:00
iglocska 5a72f84c22 Merge branch '2.4' into 2.4.51 2016-08-28 21:08:02 +02:00
iglocska e013d6429d new: Simple diagnostic tool for the modules added 2016-08-25 17:42:46 +02:00
iglocska 873b201eb0 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-08-25 11:38:59 +02:00
iglocska 822b0bf8fa chg: Cleanup of the controllers and models 
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
 2016-08-25 11:38:37 +02:00
Andreas Ziegler e8599fb16c chg: new filename regex & separate functions 2016-08-24 15:31:17 +02:00
Andreas Ziegler eb66a80c76 chg: filename regex changes 2016-08-24 02:35:04 +02:00
Andreas Ziegler cffcfa81d7 chg: remove whitespace (space/tab) from empty lines 2016-08-22 02:52:51 +02:00
iglocska 3c0f3fb8bb Merge branch '2.4' into 2.4.51 2016-08-21 22:59:30 +02:00
Andreas Ziegler f0905dc536 chg: rename FileAccess to FileAccessTool 
every other tool classes name in the Lib/Tools/ folder also ends with "Tool"
 2016-08-19 19:25:32 +02:00
Andreas Ziegler a2ff5424e1 chg: change FileAccess from static to instantiable class 2016-08-19 19:22:15 +02:00
iglocska 8c83896813 Merge branch 'sslclientsync' into 2.4.51 2016-08-18 10:03:53 +02:00
iglocska 444171bd2d Merge branch '2.4' into sslclientsync 2016-08-18 09:58:52 +02:00
iglocska 15a8000f05 Merge branch '2.4' into 2.4.51 2016-08-18 09:54:15 +02:00
iglocska 28a76076f7 new: Added a way to clear worker queues 2016-08-16 00:46:41 +02:00
iglocska f2f5194d19 First iteration of the internal sync rework 2016-08-10 16:27:24 +02:00
Richard van den Berg 81a5838131 Add support for sync server SSL client certificates 2016-08-01 16:30:22 +02:00
Iglocska 1f1c8c814e new: First revision of the new import system 2016-08-01 16:15:24 +02:00
Iglocska 80b6bca48f new: Added a php version check to teh diagnostics page 2016-07-20 12:37:09 +02:00
Iglocska 9d6a386af3 fix: Cherry picking and pulling updates should not require the pull flag to be set on an instance 2016-07-19 15:02:01 +02:00
Iglocska af2f355cb4 fix: removed the debug from the previous commit 2016-07-19 11:57:11 +02:00
Iglocska 1a97f80977 fix: fixed an issue with certificate uploades when adding an instance / editing an instance 2016-07-19 11:53:51 +02:00
Iglocska b80cc56ec9 Merge branch '2.4' into write 2016-07-04 19:33:45 +02:00
Iglocska 30af4483f4 chg: Added a check for the prio worker, added it to the worker tab 2016-06-24 17:12:42 +02:00
Iglocska 793341123f fix: Fix to a bug that allowed adding server connections without an org 2016-06-08 13:52:55 +02:00
Andreas Ziegler aec73ed50a chg: improve file access using new Lib 2016-06-07 00:21:14 +02:00
Andreas Ziegler 958aa7c414 use consistent spacing around else if 2016-06-04 15:49:54 +02:00
Andreas Ziegler 985451642e add space after keywords if/for/foreach/while/switch/catch 2016-06-04 15:45:39 +02:00
Andreas Ziegler 8a2352f7b8 remove single spaces in front of tabs 2016-06-04 01:14:25 +02:00
Andreas Ziegler 0fe692c56a remove whitespace at end of line 2016-06-04 01:10:45 +02:00
Andreas Ziegler 898ea1d97c remove whitespace (space/tab) from empty lines 2016-06-04 01:08:16 +02:00
Andreas Ziegler 8a9ffc1f9b remove obsolete space from: File ( 2016-05-31 18:03:59 +02:00
Iglocska f152e8afc1 chg: Added options to inject the SCL php paths into the PATH when executing the worker shell scripts on RHEL/CentOS 2016-05-02 08:19:53 +02:00
Iglocska 8db889ce7e SMIME changes 
- tied into auto upgrade system
- tied into server settings
- some cleanup of overly verbose debug
- Enforcing enable/disable everywhere
- Changed temporary file structure
 2016-04-26 16:40:12 +02:00
Iglocska 24c7fa61fe Merge branch 'permissionfix' into 2.4 2016-04-18 17:41:59 +02:00
Iglocska 92952cc5e4 Rework of the ACL 2016-04-18 03:19:01 +02:00
Iglocska 1fec658350 Fixes to the plugin settings not working for any plugin beyond the first one 2016-03-29 10:16:20 +02:00
Iglocska cf42ca42c0 Fix to an issue that causes the server certificate to be removed if a sync connection is edited. 2016-03-24 23:54:26 +01:00
Iglocska 4905578ba1 Dynamic settings retrieved from modules 2016-03-20 01:32:00 +01:00
Iglocska 1ba0db37d3 Better feedback on the sync connection test 
- sync users that have not accepted the terms / have had a password reset initiated were redirected to the login page

- fixes to the issue
  - if a user with automation/sync access uses the API and gets blocked because the terms weren't accepted or there is a pending password change they will be notified in a JSON/XML response
  - the sync test now takes this into consideration starting with this version and will report the cause of the failure

- Both instances have to be 2.4.24+ for this to be reported correctly
 2016-03-07 15:11:00 +01:00
Iglocska cb5a14c3e1 Slightly better error reporting for GPG diagnostic issues 2016-03-03 12:54:08 +01:00
Iglocska f40010ae09 Organisations sorted in the server add/edit views alphabetaically, fixes #974 2016-02-25 13:14:46 +01:00
William Robinet 4fea371c4b Fix permissions 2016-02-11 17:03:51 +01:00
Iglocska 89198e028b Removing PEM from a server connection parameter, fixes #771 
- Added a way to remove the certificate file when editing the server connection
- Also, it shows the currently selected certificate file as it caused some confusion before
 2016-02-07 21:00:40 +01:00
Iglocska 1caebfe1a0 Check permissions on config files, fixes #837 
- red warning on the settings page if the config.php file is not writeable
- failed changes in settings due to the config.php file not being writeable logged
 2016-01-12 10:44:06 +01:00
Iglocska 710828d397 Some small changes to the diagnostics 
- made the PHP settings check look a bit more clear and changed it from failures to recommendations

- added a file permission check for config.php (can add more in the future such as the background worker log files which can prevent the workers from starting)
 2016-01-12 00:19:06 +01:00
Iglocska bad00e9c2d Add check for values on diagnostics page, fixes #839 2016-01-11 23:52:09 +01:00
Iglocska 99e8263447 Small fixes 2015-12-09 02:29:04 +01:00
Iglocska 39945ca39e Fixes to the logging 
- in some places MISP tried to save the org ID instead of the org name in the logs

- fixed
 2015-12-03 10:20:29 +01:00
Iglocska ab26eafd63 Added the possibility to enable debug for site admins 
- new option in server settings
- enable debug (equal to normal debug level 1) for site admins only

- regular users will be unaffected
 2015-12-03 01:45:38 +01:00
Iglocska d433618c71 Also, enabled the filtering on pull 
Merge branch 'master' into 2.4-beta

Conflicts:
	VERSION.json
	app/Controller/EventsController.php
	app/Lib/Tools/XMLConverterTool.php
	app/Model/Event.php
	app/Model/Server.php
 2015-12-03 00:27:56 +01:00
Iglocska 714ed198e5 Various fixes throughout the application 
- org field still used in some places other than the legitimate use-cases
 2015-11-28 23:49:52 +01:00
iglocska 8cc0996c3c Merge branch 'master' into 2.4-beta 
Conflicts:
	VERSION.json
	app/View/Elements/side_menu.ctp
	app/View/Pages/administration.ctp
 2015-11-14 17:16:38 +01:00
iglocska afdcc1af0c Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 
- as discovered and reported by Egidio Romano of Minded Security

- Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts

- Tightened HTTP method verification across the board for actions that modify data
- Turned some administrative tasks to POST only actions
 2015-11-13 23:57:03 +01:00
iglocska fdcac8b72c Further work on the filter UI 2015-10-18 09:36:55 +02:00
Iglocska 328c666e3a Merge branch 'master' into feature/sg 
Merging all the new changes from master

Conflicts:
	VERSION.json
	app/Console/Command/AdminShell.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Log.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Elements/side_menu.ctp
	app/View/Pages/administration.ctp
	app/View/Users/admin_index.ctp
 2015-10-12 09:41:20 +02:00
Iglocska dc638adac2 Upgrade to CakePHP 2.7, fixes #684 
- cakephp submodule updated to 2.7
- make sure that you update your instance!

- not updating will not break compatibility
 2015-10-09 15:59:25 +02:00
Iglocska e242c9add2 Set of changes to the sync 
- finished preview feature
  - can now view events and attributes remotely
  - can copy over new event to local instance

- new sync mode (update)
  - allows to only pull changes to events that exist locally already
  - works well with the manual pull of events, no need to pull events that we didn't manually confirm, but can still update all events that we pulled over

- Fixed an issue with background tasks causing the logging to fail

- reworked connection test showing version numbers of both instances
  - also telling the admin whether the sync is compatible or not

- Further refactoring / tweaking of the vent view
 2015-10-06 01:16:48 +02:00
Iglocska 6bcf104724 Progress on several features 
- implemented a custom pagination tool for data sets that are not directly taken from teh db
  - currently creates a pagination object that mocks CakePHP pagination
  - supports the CakePHP pagination view helper
  - supports: pagination, sorting, custom filters

- implemented first step of the remote instance browser for admins
  - view an index of events on another instance
  - filter the events
  - uses the new pagination

- still missing:
  - remote event view
  - fetch event from remote instance

- reworked the event view
  - separated API and UI code path
    - major speedup for the API!
    - cleaner code as there was almost 0 overlap
  - discussions and attributes are now loaded separately from the event view
    - added after the event view loads via ajax
    - cleaner pagination
  - attribute pagination now finally allows for sorting
    - future improvement (coming soon): Show proposals only filter
    - filtering on the attributes in general
 2015-09-29 02:54:25 +02:00
Iglocska a55e38ffda Fix to the previous commit 2015-09-23 12:32:00 +02:00
Iglocska 6ef7772e0b Fixed an issue with old upgraded instances that didn't use the db session handler 
- diagnostic tool would throw exceptions because the db session tables are still missing in some older instances
- if a different session handler is used, the test is skipped
 2015-09-23 12:14:32 +02:00
iglocska 656a391223 Progress on the sync 
- pull from 2.3 -> 2.4 should work correctly now
 2015-09-21 14:55:40 +02:00
iglocska 7f3996f43b Added an API to quickly check the current MISP version, fixes #664 2015-09-17 00:21:08 +02:00
iglocska 1079c4a1ea Added a diagnostic to check and purge overgrown session tables 2015-09-16 18:55:28 +02:00
Iglocska e1a95c62b0 Merge branch 'master' into feature/sg 
Conflicts:
	VERSION.json
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Model/Attribute.php
	app/View/Users/statistics.ctp
 2015-09-10 15:02:44 +02:00
Iglocska 2142bf87c3 Several issues resolved 
- fixed an issue where pushing a single event would fail

- both event and attribute edits via the API work without providing a timestamp. The current timestamp is instead attached

- both event and attribute edits fill the required fields from the data in the database if not supplied (as long as the uuid is found)
 2015-09-07 14:25:24 +02:00
Iglocska 5f8f22e272 flag incorrectly set for event edit's publishing right check 2015-08-31 04:21:46 +02:00
Iglocska 704880ce59 Merge branch 'master' into feature/sg 
Conflicts:
	VERSION.json
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
 2015-08-30 13:29:05 +02:00
iglocska a93807439d Several bigger changes 
- new functionality: Event blacklisting by UUID
  - site admins cna enable this feature in the server settings
  - enabling the feature will make the required db changes
  - any deleted event will automatically get blacklisted
  - this prevents deleted events from flowing back from a synced instance
  - site admins can manually add UUIDs to the list and remove entries

- fix to UUID duplication issues for attributes
  - simply run the admin script and it will regenerate the UUID of attributes that are duplicates, if any such exist
  - timestamps/event published status will not be affected

- config.core.php now includes a change that prevents from 404 exceptions being logged
  - the sync uses 404s to signal that an event with a given uuid does not exist when negotiating proposal synchronisation
  - this causes a dangerously high amount of noise in the logs
 2015-08-17 16:10:10 +02:00
Iglocska 67bd44f5dc Relaxed visibility of org UUIDs and sharing groups (the latter for sync users) 2015-08-03 16:49:03 +02:00
Iglocska ad21d5c35a Further work on the Sharing Groups 2015-08-03 14:12:20 +02:00
Iglocska 326d62d822 Added the server filters to the server creation 2015-07-30 13:11:07 +02:00
Iglocska a9c737ff2b Further work on the sync filters 2015-07-27 16:30:52 +02:00
Iglocska 47cc0e4d18 Merge branch 'master' into feature/sg 
Conflicts:
	VERSION.json
	app/Model/Attribute.php
	app/Model/Event.php
 2015-07-22 18:04:02 +02:00
Iglocska 1bf2995f4e Merge branch 'master' into feature/sg 
Conflicts:
	VERSION.json
 2015-07-22 17:19:13 +02:00
Iglocska b089cf077f Some changes to the workers 
- some fixes with the previous iteration of the background workers
- PID now checked using ps -p instead of looking for it in /proc
 2015-07-17 15:06:38 +02:00
Iglocska 1645ee1e3b Rework of the diagnostics for background workers 
- shows dead background workers
- allows site admins to add workers to any queue on the fly
- allows site admins to kill workers on the fly
 2015-07-12 21:45:11 +02:00
Iglocska f1a5ba52e5 Merge branch 'master' into feature/sg 
Conflicts:
	VERSION.json
	app/Lib/Tools/XMLConverterTool.php
	app/Model/Event.php
 2015-07-08 14:02:54 +02:00
Iglocska 038ccd99bd Work on the new attribute types 2015-07-06 18:19:51 +02:00
Iglocska 45fdbf7839 File management fixed in server settings 
- a previous patch removed the contents of the page
 2015-07-01 09:50:51 +02:00
Iglocska 0481e6eb02 Merge branch 'master' into feature/sg 
Conflicts:
	VERSION.json
	app/Controller/ServersController.php
	app/Controller/ShadowAttributesController.php
	app/Controller/UsersController.php
	app/Model/Event.php
	app/webroot/js/ajaxification.js
 2015-06-29 14:27:16 +02:00
Iglocska 3f215743f0 Complete rework of the ZeroMQ implementation 
- python server running in the background doing the publishing
- MISP -> python script communication via redis
- configurable / controllable via the admin UI
 2015-06-29 08:56:45 +02:00