5f476fa957
Fix for the search
...
- Due to the sanitization being fixed, the search results broke
- This is a quick copy of the fix implemented on develop by cvandeplas
2013-05-29 14:19:36 +02:00
6e9b19ce51
Quick fix to the sanitization
...
- the double sanitization needed a quick fix until the development branch
gets merged in the future
2013-05-24 10:29:08 +02:00
3bbd12f461
further cleanup of the REST XML output
2013-05-22 11:21:52 +02:00
0614db919e
fixes information leakage vulnerability on REST XML outputs
2013-05-22 10:52:03 +02:00
b98818ebfb
Small errors with the merge corrected
...
- some errors managed to slip through during the merge, should be fixed
2013-04-25 15:37:49 +02:00
4396cec8ea
Integrated ownership, ACL and minor fixes
...
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
2013-04-25 14:04:08 +02:00
e9bcacfbc3
fix sanitization in Attributes #96
2013-04-24 15:20:20 +02:00
9a6733acfd
Removal of deprecated code
...
- The flag private is deprecated, removed together with the code that was
affected by it
2013-04-17 11:13:09 +02:00
8029d7fa29
removes multiple correlation engines Fixes #83 but after testing issue
...
#95 comes to light
2013-04-16 16:59:12 +02:00
8c0a7ad716
Double sanitization fixed
2013-03-19 15:13:07 +01:00
f008eb9f07
Search for attributes by organisation
...
- New search functionality on request - restrict attributes by
organisation
- Also, attributes in the list attributes and search attributes result
pages, that belong to the user's organisation will have a red event ID
2013-03-19 11:54:14 +01:00
64a95fad33
Moved the batch import checkbox, Fixes #50
2013-03-18 14:45:11 +01:00
320a9f4e05
Slight change to the xml export of search results
...
- Disabled the feature for "List Attributes".
2013-03-18 13:16:55 +01:00
32de082c88
New export feature
...
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication
- the old export features still exist for users with perm_auth enabled
accounts - renamed to automation
- Exporting the events that found attributes belong to in a search
attributes result page
- exporting of individual events to file by clicking a link in event view
2013-03-18 11:48:36 +01:00
019e976783
Removed the js title bubble for related events
...
- Removed javascripts based title bubble showing the event info in related
events / attributes and in the search attribute view.
- Replaced it with values provided by extra cake queries as the delay for
fetching the info field through a js rest request was annoyingly slow
- some coding standards
2013-03-08 13:16:02 +01:00
64f304da48
Tighter checks so users can't edit events of other orgs
2013-03-05 16:17:34 +01:00
4a368918eb
Colouring of search terms works in links
...
- links now have proper colouring to make the found terms more visible
2013-03-04 18:05:17 +01:00
01649046c0
Several things (search, migration)
...
- Changes to the default setting for non private events after migration
- search attribute update to be able to exclude events
2013-02-27 17:15:09 +01:00
0f947085cb
Reworked the sync / release control
...
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
2013-02-19 15:37:35 +01:00
ce44cdb529
coding standards
...
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
2013-02-15 14:20:03 +00:00
6333055cfc
Added hover over event IDs in search attributes view
...
Hovering over the event IDs now shows the event info in the list generated
by the search attributes page
2013-01-29 13:33:07 +01:00
940df96aa5
coding standards
...
Coding Standards.
2013-01-25 12:58:19 +00:00
6afc1e993f
Attribute distributions
...
Added feature to block distribution levels that would get overruled by the
event distribution. The distribution of the event will be the currently
selected distribution when creating an attribute.
2013-01-25 13:44:43 +01:00
f544ac2e08
Batch search for attributes
...
Implementation of request to be able to do batch attribute searches
2013-01-17 16:03:04 +01:00
afd7977929
coding standards
...
Coding Standards.
2012-12-19 02:33:09 +00:00
31207a5696
coding standards
...
Coding Standards typo.
2012-12-18 20:45:57 +00:00
ea9aa8eb3a
coding standards
...
Coding Standards.
2012-12-18 19:25:12 +00:00
099e5d92be
Fix for the Attributes
2012-12-17 17:21:57 +01:00
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
094719fa01
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Model/Event.php
2012-12-12 18:01:39 +01:00
e4dafd3882
RESTfull sync
...
RESTfull attribute add, edit and view, to be usefull in sync.
2012-12-10 11:32:40 +01:00
ff0237bcb3
event/attribute delete
...
In version 1 and 2 of misp/cydefsig there's a delete button upper left
in the menu that a) does not delete or b) does not return to a visable
url after deletion.
As a 'fix' those delete buttons are now removed, given there does still
exist delete in the index view.
2012-11-27 10:43:42 +01:00
3c18db7dcd
attributes
...
hide attributeDistribution tooltip on open.
2012-11-23 15:41:53 +01:00
1cddb6abe0
distribution
...
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities
Push is tested, pull not yet.
2012-11-16 15:25:57 +01:00
ea0ab59e4f
code standards
...
corrections toward code standards.
2012-11-14 17:16:36 +01:00
ff9acf6fde
count
...
result view for AttributesController::checkComposites()
2012-11-14 16:24:57 +01:00
3af7e001ff
RBAC
...
corrected mayModify in Attribute/edit.ctp.
2012-11-13 14:34:37 +01:00
bcf5e58888
RBAC
...
slight better left menu if no <ul><li>items.
2012-11-09 11:28:51 +01:00
55f9b594d7
RBAC
...
just edit your own did still give edit org as well.
can be tested if now correct.
2012-11-09 10:14:40 +01:00
a2bc237bcd
RBAC
...
should now respect Manage, so also edit, own and org events.
2012-11-08 14:09:52 +01:00
ed1d5bf063
Search attributes
...
disallow invalid combinations of types and
categories which would always throw 0 results.
2012-11-02 11:51:10 +01:00
f56cb25bed
Merge branch 'master' into develop
2012-10-25 15:23:22 +02:00
f296a9381e
RBAC
...
real inactive buttons.
2012-10-25 15:00:43 +02:00
a502b4dde7
IDS Signature
...
corrected wrong description for IDS Signature.
2012-10-24 08:22:49 +02:00
7a7a1142f6
distribution.
...
distribution on add is default "All".
2012-10-23 12:16:16 +02:00
4b096fa584
distribution
...
changes and cleanup.
2012-10-23 11:28:39 +02:00
25e63dda68
Wording change
...
Changed Private column to Distribution + some minor vocabulary changes.
2012-10-22 16:29:08 +02:00
a7347064f7
IDS Signature description
...
wrong description for signature.
(possible commited 2 times)
2012-10-22 12:08:24 +02:00
67e50cb612
Private
...
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).
Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
2012-10-17 14:45:26 +02:00
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
94a367c2f5
CakePHP Coding Standards
...
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
253d8e1b58
Merge branch 'master' into develop
...
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
app/View/Events/view.ctp
2012-09-17 13:02:53 +02:00
4cec4e69f9
correlation.
...
do not use the AttributesController::event now,
just use the old EventsController::view.
2012-08-24 14:06:08 +02:00
17ed90ddc4
Correlation speedup using AttributesController i.s.o. EventsController.
...
We forgot to change some view things using the right controller.
2012-08-07 11:59:11 +02:00
2dea0e347d
Correlation performance gain.
...
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');
possible values:
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
(sql improvement possible if result conform db above)
Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)
default db sql
all 25366 16601 15941
24839 16604 15611
paginated 16759 8447 6615
17734 8639 8846
this is used in both:
- events/view/<id>
- attributes/event/<id>
2012-08-03 12:00:16 +02:00
3ff180e898
Merge branch 'develop_0.2.2-0.2.3' into develop
...
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
2012-07-24 16:09:48 +02:00
de89d28caa
Fix, paging on event with lots of attributes.
2012-07-20 13:27:55 +02:00
bf98f2db3c
Merge branch 'develop_0.2.2_fixes' into develop
...
Conflicts:
app/Model/Attribute.php
2012-07-11 16:15:27 +02:00
50e24c7c56
Upload always ticked if malware-sample, always unticked if attachment.
2012-07-11 09:48:44 +02:00
8f4727e3ad
Correction to upload so zip only ticked when malware and not when
...
attachement.
2012-07-10 11:39:43 +02:00
4ac501d54e
Only show categories with type attachment or malware-sample in Add
...
Attachement view. (this was..No possibility to upload if type
attachement or malware-sample is not in category.)
2012-07-09 14:14:55 +02:00
ed41233f2a
No possibility to upload if type attachement or malware-sample is not in
...
category.
2012-07-06 13:48:17 +02:00
dbf7fafea8
Correction to "link" attribute type - links were not actually created.
...
Also changed it to proper "cake" way.
2012-07-04 15:51:19 +02:00
66c5312ea6
DataBase migrate, Audit and Access Control granulation.
2012-06-28 17:24:12 +02:00
b4558887ce
Revert "Audit and ACL first cut."
...
This reverts commit 5818231f48
2012-06-26 09:40:52 +02:00
5818231f48
Audit and ACL first cut.
2012-06-25 15:54:52 +02:00
66a9950d14
minor improvement in usability on index pages
2012-06-25 08:00:08 +02:00
e453ee0e97
Sanitize::html() to h() for views is the way to go
2012-06-05 10:00:36 +02:00
8505396b25
select boxes with filtering now
2012-05-30 18:11:44 +02:00
24e7139e45
minor fix in Attribute tooltip
...
more documentation (autogenerated)
2012-05-30 10:24:57 +02:00
1a91c2f49b
Help messages implementation (forms and list views).
2012-05-29 16:53:50 +02:00
51dbbcfa13
Explanation messages implemenented for forms and for list views (using
...
"title" html element)
2012-05-29 16:50:45 +02:00
7ee4ab7035
fixes issue 64
2012-04-26 15:18:33 +02:00
8bd7b45248
Fixes issue 66 - https://code.lab.modiss.be/p/cydefsig/issues/66/
2012-04-26 11:15:12 +02:00
388f3cc445
Merge commit '280baac98902789ee69186539474a2e82156659e' into develop
...
Resolved Conflicts in:
app/View/Events/view.ctp
2012-04-25 09:04:07 +02:00
29c5411ece
minor cosmetic changes
2012-04-13 10:53:53 +02:00
c2975a77a4
Allow saving of data using REST API
2012-04-07 08:31:01 +02:00
6cee17bfcd
XML format for attributes index
2012-04-04 18:08:57 +02:00
49aaced78a
Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop
...
Fixed conflicts in: app/View/Events/view.ctp
2012-04-04 17:53:51 +02:00
faffe87ea6
- some bugfixes in validation corrected
...
- new attribute type - link to external site
2012-04-02 19:24:50 +02:00
216b77f854
- Attributes index view fixed (attachments)
2012-04-02 11:59:51 +02:00
2142585710
Implemented basics for private, nonsyncable, Events or Attributes.
2012-04-01 18:41:47 +02:00
0915ce48d3
Added some infoboxes when adding Attributes.
2012-03-31 23:29:56 +02:00
7c4394682d
Renamed Signature to Attribute
2012-03-26 19:56:44 +02:00
iglocska