mokaddem
f03a5c7b5f
chg: [diagnostic] Exposed dbSchemaDiagnostic to the API
2019-11-08 13:52:00 +01:00
mokaddem
e32dcf3c69
fix: [releaseUpdateLock] Fixed error message to reflect the reality
2019-11-08 11:51:53 +01:00
mokaddem
0087a49fcc
chg: Usage of camelCase instead of snake_case
2019-10-29 09:57:25 +01:00
mokaddem
b87ee19146
chg: [update] Actually reset `UpdateFailNumber` when manually unlocking
2019-10-15 11:44:34 +02:00
mokaddem
959ef2a1e7
chg: [updateProgress] Do no show negative remaining update anymore in
...
the UI
2019-10-14 10:59:26 +02:00
mokaddem
5d4142f62a
chg: [update] Parametrized ignore_disabled in ondemand_action and
...
support of string update in update_progress
2019-10-14 10:49:41 +02:00
Jakub Onderka
8e197d463d
chg: [internal] Much better error handling for feed preview
2019-10-10 19:10:52 +02:00
mokaddem
0e2205c061
chg: [update] Added endpoint to release lock and integration with UI
2019-10-10 12:02:23 +02:00
mokaddem
8760c98c7e
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess
2019-10-08 12:02:09 +02:00
mokaddem
ce67cc242a
chg: [updateProgress] Added number of remaining db updates
2019-10-07 15:45:55 +02:00
garanews
85c28ce36e
Fix some typo
...
Fix some typo
2019-10-04 13:02:59 +02:00
mokaddem
c936d4ab51
chg: [updateProgress] Started taking into account stack of updates - WiP
2019-10-03 13:50:55 +02:00
mokaddem
f4d06e7fc1
chg: [diagnostic] Exposed mysql and redis diagnostic on the API
2019-10-01 16:55:01 +02:00
mokaddem
39644802ff
fix: [update] Apply restriction of only 1 running process for only the `update` workers
2019-10-01 13:38:27 +02:00
mokaddem
6fd52393b7
chg: [update] Added new worker type `update` to perform updates
2019-10-01 13:36:37 +02:00
mokaddem
900317d5fe
Merge remote-tracking branch 'origin/2.4' into revisedUpdateProcess
2019-09-30 10:40:01 +02:00
Andras Iklody
7a71d76d82
Merge pull request #5198 from JakubOnderka/redis-info
...
new: [internal] Redis diagnostic
2019-09-27 22:19:05 +02:00
mokaddem
84290eaae6
chg: [dbSchemaDiagnostic] Added support of db_version
2019-09-26 15:20:32 +02:00
mokaddem
80b345c24e
chg: [dbSchemaDiagnostic] Improved parsing and UI - WiP
2019-09-26 14:34:05 +02:00
mokaddem
c72f04dd90
Merge branch '2.4' into revisedUpdateProcess
2019-09-26 12:13:49 +02:00
Jakub Onderka
2b28d0c39e
fix: [UI] GnuPG diagnostic message
2019-09-23 09:38:15 +02:00
Jakub Onderka
84d100e982
new: [internal] Redis diagnostic
2019-09-21 07:43:35 +02:00
iglocska
c6a1941454
fix: [API] Added DELETE http method to the rest client and fixed the JSON response of the API info
2019-09-20 11:53:28 +02:00
iglocska
71d8436cbc
fix: [UI] If a server add with a newly created external organisation fails, set the external organisation as the currently selected option after the validation fail redirect, fixes #5182
2019-09-18 14:37:42 +02:00
iglocska
b6ba80e26e
fix: [prio] changePriority function responses fixed
2019-09-13 15:50:06 +02:00
iglocska
ffc9147018
new: [sync] Added sync priority system to prioritise the order of instances to push to
2019-09-13 11:49:12 +02:00
iglocska
ed0450faf4
new: [API] verbose output for /servers/update
2019-09-11 16:52:14 +02:00
mokaddem
9c02459fd0
new: [servers:DBDiagnostic] Improved indexTable and added new DB schema
...
diagnostic (WiP)
2019-09-10 15:13:06 +02:00
iglocska
75acd63c46
fix: [security] Fix to a vulnerability related to the server index
...
- along with various support tools
- more information coming soon
2019-09-09 13:00:21 +02:00
iglocska
bbc05b229f
new: [diagnostics] Added SQL table size tool
...
- along with various other small fixes
- increased recommended memory size additionally
2019-08-21 17:01:52 +02:00
iglocska
e8c5dba4f3
new: [API] get a single server setting via /servers/getSetting/[setting_name], fixes #4964
2019-08-15 20:01:36 +02:00
iglocska
b2f3481806
fix: [sync] Sync object builder tool fixed
...
- was picking the wrong org as the owner of the remote side
2019-08-12 11:51:37 +02:00
iglocska
7b6a7a5a65
fix: [API] /servers/restartWorkers response fixed for API users, fixes #4966
2019-08-08 11:19:21 +02:00
iglocska
e53a0046a9
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2019-08-07 15:04:51 +02:00
iglocska
a46e7a680d
chg: [API] servers/serverSettingsEdit now accepts the force parameter in a posted JSON object
2019-08-07 15:03:32 +02:00
iglocska
d6692c44a0
new: [sync] Previewing a remote instance now passes pagination rules in the request instead of fetching the full data-set and paginating in memory
...
- fixes issues with empty preview pages
- massive performance boost
- requires the remote side to be the same version or newer
2019-08-02 14:42:23 +02:00
iglocska
5f9e04aa4f
fix: [rest client] Potential fix to the skip ssl validation flag not working on wrong CN name
2019-07-31 14:10:19 +02:00
iglocska
dc0f4741be
Revert "fix: [rest client] Potential fix to the SSL validation skip not working"
...
This reverts commit 293871cee8
.
2019-07-31 14:03:22 +02:00
iglocska
293871cee8
fix: [rest client] Potential fix to the SSL validation skip not working
2019-07-31 13:58:34 +02:00
iglocska
118fb6649b
fix: [API] Server deletion now responds correctly via the API
2019-07-29 10:23:00 +02:00
iglocska
a89b32d0c4
chg: Server pull/push endpoints allow the passing of the parameters as a POSTed JSON in addition to URL parameters, partially fixes #4889
2019-07-29 10:14:49 +02:00
iglocska
c8018d7daa
new: [API] Proposal sync rework done
2019-07-12 16:03:08 +02:00
iglocska
c06aa1fd79
fix: [API] Simple worker management added
...
- /servers/startWorker/[queue]
- /servers/stopWorker/[pid]
- /servers/getWorkers
2019-06-19 14:08:06 +02:00
iglocska
c097f001dc
new: [security] Made certain settings modifiable via the CLI only
...
- some settings are too risky to be exposed, even to site admins, so made them CLI accessible only
2019-06-18 09:57:27 +02:00
iglocska
304358b162
fix: [sync] Fixed an issue that dropped the remote org
2019-05-30 15:06:51 +02:00
iglocska
b23a2395e2
fix: [sync] whitelist fields that can be added via the JSON config
2019-05-30 14:50:51 +02:00
iglocska
b706b5860b
fix: [UI] Invalid redirect fixed
2019-05-30 14:46:33 +02:00
iglocska
aae9307106
new: [Sync] Add a tool to create MISP sync configuration JSONs and to ingest them, fixes #4696
...
- sync user can log into remote instance, extract config JSON
- paste it into own instance as site admin to add MISP sync connection
2019-05-30 14:42:29 +02:00
Steve Clement
fc8f7982df
Zoidberg's son: Update system ( #4534 )
...
Zoidberg's son: Update system
2019-05-01 18:24:41 +09:00
iglocska
8b127f8fab
new: [yara] Added diagnostics
2019-04-30 15:36:13 +02:00
mokaddem
47e13c8369
chg: [updates] Implented changes requested by the PR's review #4534 .
2019-04-29 11:09:04 +02:00
mokaddem
d6be8023e5
chg: [updateProgress] bit of cleanup
2019-04-26 14:10:26 +02:00
mokaddem
ee735f00d4
new: [update] Injected update-related files/changes from zoidberg
2019-04-26 09:45:03 +02:00
iglocska
29598c2475
new: [API] Update JSON exposed to the API
2019-04-10 10:09:25 +02:00
mokaddem
fe00c4d193
chg: [diagnostic:submodule] Started integration of update DB after pull
...
with workers
2019-04-05 14:28:19 +02:00
mokaddem
4216c9385b
chg: [diagnostic:submodule] General improvements (see below)
...
- Allow update button reuse (avoiding blackhole)
- Improved feedback when errors
- Check if submodules are readable
2019-04-05 10:46:49 +02:00
mokaddem
368dce6bd8
new: [diagnostic:submodule] Added output message after update - WiP
2019-04-04 16:48:41 +02:00
mokaddem
f03cae5f46
chg: [diagnostic] Improved submodules version and added individual
...
update
2019-04-02 11:29:10 +02:00
Steve Clement
823ea745be
Merge pull request #4337 from mokaddem/submoduleDiagnostic
...
Submodule diagnostic
2019-03-27 17:27:53 +01:00
4ekin
7a88c87b70
fix: fixed i18n string representation in Server Controller and Model
2019-03-26 17:02:05 +03:00
iglocska
96951afc47
fix: [sync] Adding a new server caused the pull/push rules to be incorrectly set to an empty string over '[]' causing sync issues, fixes #4369
...
- this fix resolves the issue - new servers added should be fine
- it also retroactively fixes broken server connections
2019-03-25 17:36:01 +01:00
iglocska
7fbc4dc34c
new: [REST client] Added history/bookmarks
2019-03-19 10:55:27 +01:00
mokaddem
600e4b0573
new: [diagnostic] Fetch submodules git status
2019-03-18 16:17:10 +01:00
iglocska
5f34880010
chg: [REST] Disable all SSL validation if requested by the user
2019-03-14 18:14:01 +01:00
iglocska
7ceb64e0ba
new: [exercises] Added a new setup script for configuring exercise infrastructures rapidly
...
- assumes a hub MISP and a set of training MISPs for different participating teams
- This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
- each instance has to have the same API key for the site admin (the idea is to clone training VMs)
- configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances
- Just copy /var/www/MISP/app/Console/Command/training.default.json to /var/www/MISP/app/Console/Command/training.json and configure it to get started
2019-03-13 12:24:53 +01:00
iglocska
11cd59b941
fix: ['rest client'] Python script generator fixed
2019-03-11 16:36:46 +01:00
iglocska
373c8a5c4f
fix: [UI] Pass the server ID to the view for the menu's consistency
2019-02-23 12:54:54 +01:00
Christophe Vandeplas
67efc70bf5
fix: [style] consistent space indentation
2019-02-10 13:08:55 +01:00
chrisr3d
aef4e51cdb
add: [diagnostic] Added check for STIX2 python library
2019-02-08 11:26:42 +01:00
iglocska
fe1a7b8947
new: [CLI] Server settings refactored, fixes #4074
...
- moved most of the codebase to the model
- streamlining of the setting change
- hooked the callback system into the CLI version of the setter
2019-02-01 14:44:52 +01:00
iglocska
498a7ae77c
new: [feeds] Opened up feed inspection to host org users and added servers to overlap matrix
2019-01-20 10:19:05 +01:00
iglocska
24146af9db
new: [remote caching] First release version of the remote caching
2019-01-18 16:15:22 +01:00
iglocska
9c5fbdd7e9
new: [server caching] Initial version WIP
2019-01-18 09:06:23 +01:00
iglocska
8f9c6c1be6
Merge branch '2.4' into tag_collections
2019-01-01 17:38:32 +01:00
iglocska
6e8afdaa3a
new: [tag collections] Add default tag collection per instance
2019-01-01 17:11:10 +01:00
iglocska
262066ecad
fix: [cleanup] Fixed a few issues
...
- unnecesary access to controller from component fixed (load component instead)
- confusion between private and public variables resolved
- some minor fixes for rules
2018-12-31 08:02:00 +01:00
Sami Mokaddem
54162e4a82
chg: re-indented view file
2018-12-17 16:43:27 +01:00
Sami Mokaddem
ed4f752d3a
Merge remote-tracking branch 'origin/2.4' into querybuilder
2018-12-17 16:36:27 +01:00
iglocska
af0f40ab97
new: [server settings] Added automatic backup system for the server settings
2018-11-26 09:12:01 +01:00
iglocska
2d0259ce13
fix: [CS] coding standards script re-run
2018-11-23 14:11:33 +01:00
mokaddem
8befc07fb5
new: [restClient] Transform query to json, more descriptions and layout changes
...
- Added a lightweight query parser to construct the JSON body from the query builder
- Added more help text on API fields
- Added help hoover on API fields (when applicable)
- Added `optgroup` in template select
- Slight CSS modification on the overall page
- Changed behavior of template fetching (template existance is checked locally, do not wait before pulling the API info HTML)
2018-11-09 08:58:58 +01:00
mokaddem
7f5225b154
new: [rest client] added first draft of querybuilder widget
2018-11-06 16:54:17 +01:00
iglocska
168fd9f3b0
fix: [server] Allow certificates to be uploaded with other extensions besides .pem, fixes #3797
2018-10-26 21:14:22 +02:00
iglocska
1187fb2a27
new: [API] Added CSV as return format for event index
2018-10-21 22:47:22 +02:00
Andras Iklody
35400ef309
Merge pull request #3765 from IFX-CDC/2.4
...
add: workers diagnostics to the server settings
2018-10-16 10:57:14 +02:00
netjinho
c9540f3ad2
Fixed workers tab
2018-10-15 19:17:46 +02:00
netjinho
8a6c202e50
Added workers diagnostics to the server settings
2018-10-15 18:18:47 +02:00
www-data
f9183dee3b
Merge branch '2.4' into py-virtualenv
2018-10-15 17:09:18 +09:00
iglocska
6b8f846a4e
new: [ReST client] generate python output too
...
- also, nicer toggle!
2018-10-09 15:56:09 +02:00
iglocska
7804989159
new: [ReST Client] added curl output to make everyone's lives a bit easier
2018-10-09 13:50:43 +02:00
Steve Clement
e26e4a2e92
Merge branch '2.4' into py-virtualenv
2018-10-08 07:45:04 +08:00
iglocska
cea4f857bb
fix: [ReST] increased ReST client execution time to 300s
2018-10-03 08:00:04 +02:00
Steve Clement
51a3a5cdbf
chg: [python] Added and amended varios places where python is called
2018-09-28 14:59:26 +02:00
iglocska
0123f23739
fix: [sync] Fixed some issues throwing notices when pulling
2018-09-09 15:55:42 +02:00
iglocska
1ab8a4e710
fix: [REST client] baseurl can now be set optionally in the url
2018-09-07 13:46:37 +02:00
iglocska
780cc86ca8
new: [REST client] added the api enumeration to the rest client view
2018-09-05 07:43:49 +02:00
iglocska
a27a5efd26
fix: [REST client] resolved issues with the URL builder for the REST queries causing double "/"s after the baseurl
2018-09-03 17:57:05 +02:00
iglocska
17e538be05
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-09-01 23:53:39 +02:00
iglocska
c91f1a5412
new: [REST client] Resolve urls and show API description if applicable
2018-09-01 23:53:03 +02:00
iglocska
84a146ea2c
new: [REST client] Allow skipping SSL validation
2018-08-31 17:48:51 +02:00
iglocska
a732cb4102
fix: [REST client] Fixed the url parser for the client not handling named params
2018-08-31 13:19:02 +02:00
iglocska
16f7ac960d
fix: [merge conflict] added merge conflict resolution
2018-08-23 07:35:36 +02:00
iglocska
2a10276d07
Merge branch '2.4' into feature/api_rework
2018-08-22 17:39:56 +02:00
iglocska
113fa25471
new: [API] exposed the server related functionalities to the API
...
- server index
- server push
- server pull
- improved logging / error reporting of the sync functionalities
2018-08-22 17:00:13 +02:00
iglocska
b407aba746
fix: [CS] Updated recent changes
2018-08-20 10:50:09 +02:00
iglocska
0694263e15
Merge branch '2.4' into feature/api_rework
2018-08-09 16:51:20 +02:00
iglocska
635be01f49
fix: [rest client] corrected the calculation of the rest client duration
...
- I can't maff gud
2018-08-08 13:31:08 +02:00
iglocska
c8fcb16881
new: [feature] Built in REST client added to test / interact with the API directly from MISP
...
- no more shitty chrome extensions that crash during trainings, rejoice!
2018-08-08 11:29:38 +02:00
iglocska
9c755af7f7
chg: [cleanup] Removed unused view variable
2018-08-03 20:01:47 +02:00
iglocska
c4500c15f0
fix: [sync] Fixed buggy connection test
...
- refactor revealed that the sync user access on the remote was never correctly determined
- fallback method that has since been removed for 2+ year old instances was always used due to the above issue
2018-08-03 19:20:00 +02:00
iglocska
a81894f14c
chg: [CS] Changed to PSR-2
...
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
2018-07-19 11:48:22 +02:00
iglocska
248439f6fb
fix: [python3] Missed python3 call instead of python
2018-07-12 16:19:01 +02:00
iglocska
59b17b5af6
new: [sync] Added flag to avoid using the proxy
...
- in some cases you have internal sync between instances in which case going through the proxy is silly
2018-07-02 16:56:50 +02:00
iglocska
2aaf2c54c4
chg: [diagnostics] Make the STIX diagnostics a bit less cryptic
2018-06-22 09:34:56 +02:00
iglocska
a930fdeaeb
new: [i18n] Added tools to switch between languages via the server settings
2018-06-20 15:11:43 +02:00
iglocska
214df94bda
chg: [i18n] Made the strings more i18n friendly across the application
2018-06-20 12:56:53 +02:00
chrisr3d
009dac1e43
add: [Diagnostic] Added maec python library requirements
2018-06-11 16:27:13 +02:00
iglocska
ba5b5447f4
fix: Added missing lookup for pymisp versions via the diagnostics
2018-05-31 14:34:00 +02:00
iglocska
1dae56527f
fix: Fixed editing servers to add a server certificate not saving said certificate
2018-05-18 10:03:50 +02:00
iglocska
68b8266584
new: New flash message system, fixes #3252
...
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
2018-05-16 19:32:38 +02:00
iglocska
39f66eb868
fix: Restart the workers due to the new cakephp version causing issues
2018-05-09 09:15:18 +02:00
Sami Mokaddem
680311f68f
chg: [Controllers] sets the ajax variable globally
...
As well as removing useless set in controllers and accessing it instead
of passing through the request.
2018-05-07 14:44:59 +00:00
iglocska
5e77af9cb0
fix: Fixed a bug that prevented servers from being added
2018-05-04 12:36:33 +02:00
iglocska
2cf4dfbafa
fix: Allow "json" not to be set when adding a server via the API
2018-04-29 01:58:23 +02:00
iglocska
728c8bbb1d
fix: Fixed /servers/add via REST API not working, fixes #3202
...
- corrected list of parameters
- added sane defaults so that only the minimum list of fields is actually required
- fixed a bunch of stuff that was just plain broken with this API
2018-04-28 21:53:29 +02:00
iglocska
f60b16df0f
chg: Changed the parameter order for the push server shell
2018-04-16 07:59:01 +02:00
StefanKelm
76deac9ca2
Update ServersController.php
2018-03-27 15:42:21 +02:00
iglocska
d20e04ae6c
fix: Fixed command execution for site admins
...
- a server setting allowing the override of the path variable for esoteric RHEL systems allowed site admins to inject arbitrary commands
- impact was limited by the setting being only accessible to the site administrator
- as reported by Michael Grolimund from Swiss Post (@grolinet)
- CVE-2018-6926
2018-02-12 17:58:47 +01:00
iglocska
42df9e36f3
fix: Fixed an issue with opcache not being used yet opcache_reset() being called, fixes #2727
2017-12-12 18:38:31 +01:00
Jan Skalny
084a3eb3ba
fix: refresh rows in settings editor
2017-11-22 15:58:47 +01:00
iglocska
3ba6636bd5
new: change server settings via the API
...
Usage:
Viewing current setting value:
GET /servers/serverSettingsEdit/[mysetting]
Accept: application/json
Content-type: application/json
Authorization: [mykey]
Altering setting value:
POST /servers/serverSettingsEdit/[mysetting]
Accept: application/json
Content-type: application/json
Authorization: [mykey]
Body: {"value":"My new value"}
As a reminder, get all settings and diagnostics via:
GET /servers/serverSettings/download
Accept: application/json
Content-type: application/json
Authorization: [mykey]
2017-09-21 12:10:22 +02:00
iglocska
d77ba1ddba
new: Added objects to object preview
2017-09-13 13:53:40 +02:00
iglocska
470b7e5524
new: Added diagnostics for the new attachment tools
2017-09-08 10:31:02 +02:00
iglocska
952fff6252
fix: Fixes to several cases of reflected XSS, fixes #2381
...
- as reported by @import-au
- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
2017-08-08 21:37:03 +02:00
iglocska
78f07139bd
chg: Redacted certain server settings that could be considered sensitive
...
- Encryption passwords as well as redis password are now redacted from the server settings
- Also includes the JSON dump of the server settings
- Thanks to cert.govt.nz for the security report.
2017-07-12 15:49:39 +02:00
Kevin Allix
f612f0c627
allow a setting to NOT define a 'test' function
2017-07-04 12:13:10 +02:00
iglocska
d5a8e266e4
fix: Added missing ServersController.php change that populates $php_ini
...
- faildev forgot to commit the file
2017-06-28 15:44:28 +02:00
iglocska
57857c3a32
new: Performance improvements for the pub-sub modules
...
- Only load and open connection to redis for the pub-sub connection once.
- Massive performance boost when the ZMQ functionality is enabled
2017-06-16 08:41:12 +02:00
Richard van den Berg
7b18dc19bb
Also test for mixbox version
2017-05-19 15:22:48 +02:00
iglocska
314daa4551
new: Add instance uuid
2017-05-11 10:49:23 +02:00
Ángel González
926895733b
Cosmetic changes
...
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
2017-05-08 00:45:57 +02:00
iglocska
9ccdc579a6
new: New module type: Cortex
...
- similar to Enrichment modules except for not having the options to run hover
2017-05-03 13:13:36 +02:00
devnull-
9835b8932f
Merge branch '2.4' into issues_1643
2017-04-27 10:04:32 +02:00
iglocska
e3eaeed6f5
fix: Added fallback for getallheaders() missing for some systems
2017-04-12 14:17:43 +02:00
iglocska
3fbfe08f87
new: Added a POST server connection test
...
- hopefully it should help debug some issues
2017-03-23 11:52:07 +01:00
iglocska
84e4a62aba
new: Update MISP from the diagnostics page
...
- right now it's pretty dumb, it simply pulls the same branch that the current user is on
- Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line
2017-03-23 10:01:29 +01:00
Sebastien Quioc
2dcc704bb9
feature: Adds the api support to ServersController to edit servers
2017-02-23 15:00:19 +01:00
Sebastien Quioc
4aba3518fe
refactor(controllers): adds checks for input parameters before editing a server
2017-02-23 15:00:09 +01:00
Sebastien Quioc
6b0895dc66
feature: Adds the api support to ServersController to add new servers
2017-02-23 14:59:47 +01:00
devnull-
f24682f86a
Merge branch '2.4' into issues_1643
2017-02-16 21:49:45 +01:00
Iglocska
ffd087ba38
fix: Added a warning if utf8 encoding isn't set up in the database config
...
- also, changed the default database config to enforce utf8
2017-01-19 16:40:23 +01:00
iglocska
2b187d48fc
new: Add a new api to check the supported PyMISP version
2017-01-08 20:20:49 +01:00
devnull-
4795c86295
Quick & Dirty 'without_email' & 'Unpublish_event' options for Sync Server
2017-01-05 16:43:22 +01:00
Iglocska
396ab8046f
fix: Fix empty space issues with server settings
...
- on input trim the string
- on the not empty check, first trim the string to warn users about existing issues
2017-01-02 16:32:11 +01:00
Iglocska
354df29301
chg: Added more information to the diagnostics download
2016-11-30 18:10:58 +01:00
Iglocska
6df592b6e0
fix: Fixed an issue where the diagnostics complained about STIX not being installed if the stixtest.py was not readable
2016-11-27 11:39:03 +01:00
Iglocska
28dfc401d0
new: Added checks for the loaded php extensions, fixes #1672
...
- Diagnosing not loaded extensions was a nightmare
- New system checks the loaded extensions via php and php-cli (could help with un****ing some RHEL/CentOS issues)
- Version check for the php-cli php version added
- only one extension is checked currently, to be updated at a later point in time (remember to also update the web and the cli extension list!)
2016-11-19 15:16:14 +01:00
Iglocska
0e015b8b26
fix: removed test code
2016-10-31 20:26:18 +01:00
Iglocska
2e682189e1
fix: Fixed an issue where pushing events worked even if the remote user wasn't a sync user
2016-10-31 20:25:38 +01:00
Andras Iklody
276257c16c
Merge pull request #1578 from rotanid/cleanup
...
Cleanup
2016-10-29 20:00:58 +02:00
Iglocska
77a0efdc54
fix: Small fix to the worker start script
2016-09-30 10:24:13 +02:00
Andreas Ziegler
e59d42ed2a
chg: remove obsolete variables
2016-09-28 03:55:48 +02:00
Iglocska
f7c347f9a4
fix: sort server preview events by timestamp, fixes #1558
2016-09-23 15:17:01 +02:00
Andreas Ziegler
9604af90e8
fix: issue resulting from references removal, #1501 , 25e52a6
( #1544 )
2016-09-18 16:43:09 +02:00
Andreas Ziegler
25e52a6786
chg: remove some references to variables
2016-09-15 17:08:58 +02:00
iglocska
80ed1cf65d
fix: Removed filename check from the AppController
...
- rerouted all calls to the method to the Model equivalent
2016-09-01 09:18:54 +02:00
iglocska
0cd7d8c072
fix: invalid indeces used for the MISP.host_org_id setting
2016-08-31 11:54:56 +02:00
iglocska
48d46c1b0c
fix: Fixes to the internal server setup
...
- Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync
- This ensures that internal sync only happens when the same organisation owns both instances
2016-08-28 21:56:56 +02:00
iglocska
cdf890cfc6
fix: Some minor fixes to the client_certs for the sync to align it with the other upstream changes
2016-08-28 21:37:28 +02:00
iglocska
5a72f84c22
Merge branch '2.4' into 2.4.51
2016-08-28 21:08:02 +02:00
iglocska
e013d6429d
new: Simple diagnostic tool for the modules added
2016-08-25 17:42:46 +02:00
iglocska
873b201eb0
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2016-08-25 11:38:59 +02:00
iglocska
822b0bf8fa
chg: Cleanup of the controllers and models
...
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
2016-08-25 11:38:37 +02:00
Andreas Ziegler
e8599fb16c
chg: new filename regex & separate functions
2016-08-24 15:31:17 +02:00
Andreas Ziegler
eb66a80c76
chg: filename regex changes
2016-08-24 02:35:04 +02:00
Andreas Ziegler
cffcfa81d7
chg: remove whitespace (space/tab) from empty lines
2016-08-22 02:52:51 +02:00
iglocska
3c0f3fb8bb
Merge branch '2.4' into 2.4.51
2016-08-21 22:59:30 +02:00
Andreas Ziegler
f0905dc536
chg: rename FileAccess to FileAccessTool
...
every other tool classes name in the Lib/Tools/ folder also ends with "Tool"
2016-08-19 19:25:32 +02:00
Andreas Ziegler
a2ff5424e1
chg: change FileAccess from static to instantiable class
2016-08-19 19:22:15 +02:00
iglocska
8c83896813
Merge branch 'sslclientsync' into 2.4.51
2016-08-18 10:03:53 +02:00
iglocska
444171bd2d
Merge branch '2.4' into sslclientsync
2016-08-18 09:58:52 +02:00
iglocska
15a8000f05
Merge branch '2.4' into 2.4.51
2016-08-18 09:54:15 +02:00
iglocska
28a76076f7
new: Added a way to clear worker queues
2016-08-16 00:46:41 +02:00
iglocska
f2f5194d19
First iteration of the internal sync rework
2016-08-10 16:27:24 +02:00
Richard van den Berg
81a5838131
Add support for sync server SSL client certificates
2016-08-01 16:30:22 +02:00
Iglocska
1f1c8c814e
new: First revision of the new import system
2016-08-01 16:15:24 +02:00
Iglocska
80b6bca48f
new: Added a php version check to teh diagnostics page
2016-07-20 12:37:09 +02:00
Iglocska
9d6a386af3
fix: Cherry picking and pulling updates should not require the pull flag to be set on an instance
2016-07-19 15:02:01 +02:00
Iglocska
af2f355cb4
fix: removed the debug from the previous commit
2016-07-19 11:57:11 +02:00
Iglocska
1a97f80977
fix: fixed an issue with certificate uploades when adding an instance / editing an instance
2016-07-19 11:53:51 +02:00
Iglocska
b80cc56ec9
Merge branch '2.4' into write
2016-07-04 19:33:45 +02:00
Iglocska
30af4483f4
chg: Added a check for the prio worker, added it to the worker tab
2016-06-24 17:12:42 +02:00
Iglocska
793341123f
fix: Fix to a bug that allowed adding server connections without an org
2016-06-08 13:52:55 +02:00
Andreas Ziegler
aec73ed50a
chg: improve file access using new Lib
2016-06-07 00:21:14 +02:00
Andreas Ziegler
958aa7c414
use consistent spacing around else if
2016-06-04 15:49:54 +02:00
Andreas Ziegler
985451642e
add space after keywords if/for/foreach/while/switch/catch
2016-06-04 15:45:39 +02:00
Andreas Ziegler
8a2352f7b8
remove single spaces in front of tabs
2016-06-04 01:14:25 +02:00
Andreas Ziegler
0fe692c56a
remove whitespace at end of line
2016-06-04 01:10:45 +02:00
Andreas Ziegler
898ea1d97c
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Andreas Ziegler
8a9ffc1f9b
remove obsolete space from: File (
2016-05-31 18:03:59 +02:00
Iglocska
f152e8afc1
chg: Added options to inject the SCL php paths into the PATH when executing the worker shell scripts on RHEL/CentOS
2016-05-02 08:19:53 +02:00
Iglocska
8db889ce7e
SMIME changes
...
- tied into auto upgrade system
- tied into server settings
- some cleanup of overly verbose debug
- Enforcing enable/disable everywhere
- Changed temporary file structure
2016-04-26 16:40:12 +02:00
Iglocska
24c7fa61fe
Merge branch 'permissionfix' into 2.4
2016-04-18 17:41:59 +02:00
Iglocska
92952cc5e4
Rework of the ACL
2016-04-18 03:19:01 +02:00
Iglocska
1fec658350
Fixes to the plugin settings not working for any plugin beyond the first one
2016-03-29 10:16:20 +02:00
Iglocska
cf42ca42c0
Fix to an issue that causes the server certificate to be removed if a sync connection is edited.
2016-03-24 23:54:26 +01:00
Iglocska
4905578ba1
Dynamic settings retrieved from modules
2016-03-20 01:32:00 +01:00
Iglocska
1ba0db37d3
Better feedback on the sync connection test
...
- sync users that have not accepted the terms / have had a password reset initiated were redirected to the login page
- fixes to the issue
- if a user with automation/sync access uses the API and gets blocked because the terms weren't accepted or there is a pending password change they will be notified in a JSON/XML response
- the sync test now takes this into consideration starting with this version and will report the cause of the failure
- Both instances have to be 2.4.24+ for this to be reported correctly
2016-03-07 15:11:00 +01:00
Iglocska
cb5a14c3e1
Slightly better error reporting for GPG diagnostic issues
2016-03-03 12:54:08 +01:00
Iglocska
f40010ae09
Organisations sorted in the server add/edit views alphabetaically, fixes #974
2016-02-25 13:14:46 +01:00
William Robinet
4fea371c4b
Fix permissions
2016-02-11 17:03:51 +01:00
Iglocska
89198e028b
Removing PEM from a server connection parameter, fixes #771
...
- Added a way to remove the certificate file when editing the server connection
- Also, it shows the currently selected certificate file as it caused some confusion before
2016-02-07 21:00:40 +01:00
Iglocska
1caebfe1a0
Check permissions on config files, fixes #837
...
- red warning on the settings page if the config.php file is not writeable
- failed changes in settings due to the config.php file not being writeable logged
2016-01-12 10:44:06 +01:00
Iglocska
710828d397
Some small changes to the diagnostics
...
- made the PHP settings check look a bit more clear and changed it from failures to recommendations
- added a file permission check for config.php (can add more in the future such as the background worker log files which can prevent the workers from starting)
2016-01-12 00:19:06 +01:00
Iglocska
bad00e9c2d
Add check for values on diagnostics page, fixes #839
2016-01-11 23:52:09 +01:00
Iglocska
99e8263447
Small fixes
2015-12-09 02:29:04 +01:00
Iglocska
39945ca39e
Fixes to the logging
...
- in some places MISP tried to save the org ID instead of the org name in the logs
- fixed
2015-12-03 10:20:29 +01:00
Iglocska
ab26eafd63
Added the possibility to enable debug for site admins
...
- new option in server settings
- enable debug (equal to normal debug level 1) for site admins only
- regular users will be unaffected
2015-12-03 01:45:38 +01:00
Iglocska
d433618c71
Also, enabled the filtering on pull
...
Merge branch 'master' into 2.4-beta
Conflicts:
VERSION.json
app/Controller/EventsController.php
app/Lib/Tools/XMLConverterTool.php
app/Model/Event.php
app/Model/Server.php
2015-12-03 00:27:56 +01:00
Iglocska
714ed198e5
Various fixes throughout the application
...
- org field still used in some places other than the legitimate use-cases
2015-11-28 23:49:52 +01:00
iglocska
8cc0996c3c
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
app/View/Elements/side_menu.ctp
app/View/Pages/administration.ctp
2015-11-14 17:16:38 +01:00
iglocska
afdcc1af0c
Fixed a security issue with the CSRF protection being avoidable using some site admin functionality
...
- as discovered and reported by Egidio Romano of Minded Security
- Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts
- Tightened HTTP method verification across the board for actions that modify data
- Turned some administrative tasks to POST only actions
2015-11-13 23:57:03 +01:00
iglocska
fdcac8b72c
Further work on the filter UI
2015-10-18 09:36:55 +02:00
Iglocska
328c666e3a
Merge branch 'master' into feature/sg
...
Merging all the new changes from master
Conflicts:
VERSION.json
app/Console/Command/AdminShell.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Log.php
app/Model/Server.php
app/Model/User.php
app/View/Elements/side_menu.ctp
app/View/Pages/administration.ctp
app/View/Users/admin_index.ctp
2015-10-12 09:41:20 +02:00
Iglocska
dc638adac2
Upgrade to CakePHP 2.7, fixes #684
...
- cakephp submodule updated to 2.7
- make sure that you update your instance!
- not updating will not break compatibility
2015-10-09 15:59:25 +02:00
Iglocska
e242c9add2
Set of changes to the sync
...
- finished preview feature
- can now view events and attributes remotely
- can copy over new event to local instance
- new sync mode (update)
- allows to only pull changes to events that exist locally already
- works well with the manual pull of events, no need to pull events that we didn't manually confirm, but can still update all events that we pulled over
- Fixed an issue with background tasks causing the logging to fail
- reworked connection test showing version numbers of both instances
- also telling the admin whether the sync is compatible or not
- Further refactoring / tweaking of the vent view
2015-10-06 01:16:48 +02:00
Iglocska
6bcf104724
Progress on several features
...
- implemented a custom pagination tool for data sets that are not directly taken from teh db
- currently creates a pagination object that mocks CakePHP pagination
- supports the CakePHP pagination view helper
- supports: pagination, sorting, custom filters
- implemented first step of the remote instance browser for admins
- view an index of events on another instance
- filter the events
- uses the new pagination
- still missing:
- remote event view
- fetch event from remote instance
- reworked the event view
- separated API and UI code path
- major speedup for the API!
- cleaner code as there was almost 0 overlap
- discussions and attributes are now loaded separately from the event view
- added after the event view loads via ajax
- cleaner pagination
- attribute pagination now finally allows for sorting
- future improvement (coming soon): Show proposals only filter
- filtering on the attributes in general
2015-09-29 02:54:25 +02:00
Iglocska
a55e38ffda
Fix to the previous commit
2015-09-23 12:32:00 +02:00
Iglocska
6ef7772e0b
Fixed an issue with old upgraded instances that didn't use the db session handler
...
- diagnostic tool would throw exceptions because the db session tables are still missing in some older instances
- if a different session handler is used, the test is skipped
2015-09-23 12:14:32 +02:00
iglocska
656a391223
Progress on the sync
...
- pull from 2.3 -> 2.4 should work correctly now
2015-09-21 14:55:40 +02:00
iglocska
7f3996f43b
Added an API to quickly check the current MISP version, fixes #664
2015-09-17 00:21:08 +02:00
iglocska
1079c4a1ea
Added a diagnostic to check and purge overgrown session tables
2015-09-16 18:55:28 +02:00
Iglocska
e1a95c62b0
Merge branch 'master' into feature/sg
...
Conflicts:
VERSION.json
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Model/Attribute.php
app/View/Users/statistics.ctp
2015-09-10 15:02:44 +02:00
Iglocska
2142bf87c3
Several issues resolved
...
- fixed an issue where pushing a single event would fail
- both event and attribute edits via the API work without providing a timestamp. The current timestamp is instead attached
- both event and attribute edits fill the required fields from the data in the database if not supplied (as long as the uuid is found)
2015-09-07 14:25:24 +02:00
Iglocska
5f8f22e272
flag incorrectly set for event edit's publishing right check
2015-08-31 04:21:46 +02:00
Iglocska
704880ce59
Merge branch 'master' into feature/sg
...
Conflicts:
VERSION.json
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
2015-08-30 13:29:05 +02:00
iglocska
a93807439d
Several bigger changes
...
- new functionality: Event blacklisting by UUID
- site admins cna enable this feature in the server settings
- enabling the feature will make the required db changes
- any deleted event will automatically get blacklisted
- this prevents deleted events from flowing back from a synced instance
- site admins can manually add UUIDs to the list and remove entries
- fix to UUID duplication issues for attributes
- simply run the admin script and it will regenerate the UUID of attributes that are duplicates, if any such exist
- timestamps/event published status will not be affected
- config.core.php now includes a change that prevents from 404 exceptions being logged
- the sync uses 404s to signal that an event with a given uuid does not exist when negotiating proposal synchronisation
- this causes a dangerously high amount of noise in the logs
2015-08-17 16:10:10 +02:00
Iglocska
67bd44f5dc
Relaxed visibility of org UUIDs and sharing groups (the latter for sync users)
2015-08-03 16:49:03 +02:00
Iglocska
ad21d5c35a
Further work on the Sharing Groups
2015-08-03 14:12:20 +02:00
Iglocska
326d62d822
Added the server filters to the server creation
2015-07-30 13:11:07 +02:00
Iglocska
a9c737ff2b
Further work on the sync filters
2015-07-27 16:30:52 +02:00
Iglocska
47cc0e4d18
Merge branch 'master' into feature/sg
...
Conflicts:
VERSION.json
app/Model/Attribute.php
app/Model/Event.php
2015-07-22 18:04:02 +02:00
Iglocska
1bf2995f4e
Merge branch 'master' into feature/sg
...
Conflicts:
VERSION.json
2015-07-22 17:19:13 +02:00
Iglocska
b089cf077f
Some changes to the workers
...
- some fixes with the previous iteration of the background workers
- PID now checked using ps -p instead of looking for it in /proc
2015-07-17 15:06:38 +02:00
Iglocska
1645ee1e3b
Rework of the diagnostics for background workers
...
- shows dead background workers
- allows site admins to add workers to any queue on the fly
- allows site admins to kill workers on the fly
2015-07-12 21:45:11 +02:00
Iglocska
f1a5ba52e5
Merge branch 'master' into feature/sg
...
Conflicts:
VERSION.json
app/Lib/Tools/XMLConverterTool.php
app/Model/Event.php
2015-07-08 14:02:54 +02:00
Iglocska
038ccd99bd
Work on the new attribute types
2015-07-06 18:19:51 +02:00
Iglocska
45fdbf7839
File management fixed in server settings
...
- a previous patch removed the contents of the page
2015-07-01 09:50:51 +02:00
Iglocska
0481e6eb02
Merge branch 'master' into feature/sg
...
Conflicts:
VERSION.json
app/Controller/ServersController.php
app/Controller/ShadowAttributesController.php
app/Controller/UsersController.php
app/Model/Event.php
app/webroot/js/ajaxification.js
2015-06-29 14:27:16 +02:00
Iglocska
3f215743f0
Complete rework of the ZeroMQ implementation
...
- python server running in the background doing the publishing
- MISP -> python script communication via redis
- configurable / controllable via the admin UI
2015-06-29 08:56:45 +02:00