iglocska
5f476fa957
Fix for the search
...
- Due to the sanitization being fixed, the search results broke
- This is a quick copy of the fix implemented on develop by cvandeplas
2013-05-29 14:19:36 +02:00
iglocska
6e9b19ce51
Quick fix to the sanitization
...
- the double sanitization needed a quick fix until the development branch
gets merged in the future
2013-05-24 10:29:08 +02:00
Christophe Vandeplas
3bbd12f461
further cleanup of the REST XML output
2013-05-22 11:21:52 +02:00
Christophe Vandeplas
0614db919e
fixes information leakage vulnerability on REST XML outputs
2013-05-22 10:52:03 +02:00
Andras Iklody
b98818ebfb
Small errors with the merge corrected
...
- some errors managed to slip through during the merge, should be fixed
2013-04-25 15:37:49 +02:00
Andras Iklody
4396cec8ea
Integrated ownership, ACL and minor fixes
...
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
2013-04-25 14:04:08 +02:00
Christophe Vandeplas
e9bcacfbc3
fix sanitization in Attributes #96
2013-04-24 15:20:20 +02:00
Andras Iklody
9a6733acfd
Removal of deprecated code
...
- The flag private is deprecated, removed together with the code that was
affected by it
2013-04-17 11:13:09 +02:00
Christophe Vandeplas
8029d7fa29
removes multiple correlation engines Fixes #83 but after testing issue
...
#95 comes to light
2013-04-16 16:59:12 +02:00
iglocska
8c0a7ad716
Double sanitization fixed
2013-03-19 15:13:07 +01:00
iglocska
f008eb9f07
Search for attributes by organisation
...
- New search functionality on request - restrict attributes by
organisation
- Also, attributes in the list attributes and search attributes result
pages, that belong to the user's organisation will have a red event ID
2013-03-19 11:54:14 +01:00
iglocska
64a95fad33
Moved the batch import checkbox, Fixes #50
2013-03-18 14:45:11 +01:00
iglocska
320a9f4e05
Slight change to the xml export of search results
...
- Disabled the feature for "List Attributes".
2013-03-18 13:16:55 +01:00
iglocska
32de082c88
New export feature
...
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication
- the old export features still exist for users with perm_auth enabled
accounts - renamed to automation
- Exporting the events that found attributes belong to in a search
attributes result page
- exporting of individual events to file by clicking a link in event view
2013-03-18 11:48:36 +01:00
Andras Iklody
019e976783
Removed the js title bubble for related events
...
- Removed javascripts based title bubble showing the event info in related
events / attributes and in the search attribute view.
- Replaced it with values provided by extra cake queries as the delay for
fetching the info field through a js rest request was annoyingly slow
- some coding standards
2013-03-08 13:16:02 +01:00
Andras Iklody
64f304da48
Tighter checks so users can't edit events of other orgs
2013-03-05 16:17:34 +01:00
Andras Iklody
4a368918eb
Colouring of search terms works in links
...
- links now have proper colouring to make the found terms more visible
2013-03-04 18:05:17 +01:00
Andras Iklody
01649046c0
Several things (search, migration)
...
- Changes to the default setting for non private events after migration
- search attribute update to be able to exclude events
2013-02-27 17:15:09 +01:00
Andras Iklody
0f947085cb
Reworked the sync / release control
...
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
2013-02-19 15:37:35 +01:00
Noud de Brouwer
ce44cdb529
coding standards
...
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
2013-02-15 14:20:03 +00:00
Andras Iklody
6333055cfc
Added hover over event IDs in search attributes view
...
Hovering over the event IDs now shows the event info in the list generated
by the search attributes page
2013-01-29 13:33:07 +01:00
Noud de Brouwer
940df96aa5
coding standards
...
Coding Standards.
2013-01-25 12:58:19 +00:00
Andras Iklody
6afc1e993f
Attribute distributions
...
Added feature to block distribution levels that would get overruled by the
event distribution. The distribution of the event will be the currently
selected distribution when creating an attribute.
2013-01-25 13:44:43 +01:00
Andras Iklody
f544ac2e08
Batch search for attributes
...
Implementation of request to be able to do batch attribute searches
2013-01-17 16:03:04 +01:00
Noud de Brouwer
afd7977929
coding standards
...
Coding Standards.
2012-12-19 02:33:09 +00:00
Noud de Brouwer
31207a5696
coding standards
...
Coding Standards typo.
2012-12-18 20:45:57 +00:00
Noud de Brouwer
ea9aa8eb3a
coding standards
...
Coding Standards.
2012-12-18 19:25:12 +00:00
Andras Iklody
099e5d92be
Fix for the Attributes
2012-12-17 17:21:57 +01:00
Andras Iklody
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud
094719fa01
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Model/Event.php
2012-12-12 18:01:39 +01:00
noud
e4dafd3882
RESTfull sync
...
RESTfull attribute add, edit and view, to be usefull in sync.
2012-12-10 11:32:40 +01:00
noud
ff0237bcb3
event/attribute delete
...
In version 1 and 2 of misp/cydefsig there's a delete button upper left
in the menu that a) does not delete or b) does not return to a visable
url after deletion.
As a 'fix' those delete buttons are now removed, given there does still
exist delete in the index view.
2012-11-27 10:43:42 +01:00
noud
3c18db7dcd
attributes
...
hide attributeDistribution tooltip on open.
2012-11-23 15:41:53 +01:00
noud
1cddb6abe0
distribution
...
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities
Push is tested, pull not yet.
2012-11-16 15:25:57 +01:00
noud
ea0ab59e4f
code standards
...
corrections toward code standards.
2012-11-14 17:16:36 +01:00
noud
ff9acf6fde
count
...
result view for AttributesController::checkComposites()
2012-11-14 16:24:57 +01:00
noud
3af7e001ff
RBAC
...
corrected mayModify in Attribute/edit.ctp.
2012-11-13 14:34:37 +01:00
noud
bcf5e58888
RBAC
...
slight better left menu if no <ul><li>items.
2012-11-09 11:28:51 +01:00
noud
55f9b594d7
RBAC
...
just edit your own did still give edit org as well.
can be tested if now correct.
2012-11-09 10:14:40 +01:00
noud
a2bc237bcd
RBAC
...
should now respect Manage, so also edit, own and org events.
2012-11-08 14:09:52 +01:00
noud
ed1d5bf063
Search attributes
...
disallow invalid combinations of types and
categories which would always throw 0 results.
2012-11-02 11:51:10 +01:00
noud
f56cb25bed
Merge branch 'master' into develop
2012-10-25 15:23:22 +02:00
noud
f296a9381e
RBAC
...
real inactive buttons.
2012-10-25 15:00:43 +02:00
noud
a502b4dde7
IDS Signature
...
corrected wrong description for IDS Signature.
2012-10-24 08:22:49 +02:00
noud
7a7a1142f6
distribution.
...
distribution on add is default "All".
2012-10-23 12:16:16 +02:00
noud
4b096fa584
distribution
...
changes and cleanup.
2012-10-23 11:28:39 +02:00
Andrzej Dereszowski
25e63dda68
Wording change
...
Changed Private column to Distribution + some minor vocabulary changes.
2012-10-22 16:29:08 +02:00
noud
a7347064f7
IDS Signature description
...
wrong description for signature.
(possible commited 2 times)
2012-10-22 12:08:24 +02:00
noud
67e50cb612
Private
...
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).
Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
2012-10-17 14:45:26 +02:00
noud
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
noud
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
noud
94a367c2f5
CakePHP Coding Standards
...
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
noud
253d8e1b58
Merge branch 'master' into develop
...
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
app/View/Events/view.ctp
2012-09-17 13:02:53 +02:00
noud
4cec4e69f9
correlation.
...
do not use the AttributesController::event now,
just use the old EventsController::view.
2012-08-24 14:06:08 +02:00
noud
17ed90ddc4
Correlation speedup using AttributesController i.s.o. EventsController.
...
We forgot to change some view things using the right controller.
2012-08-07 11:59:11 +02:00
noud
2dea0e347d
Correlation performance gain.
...
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');
possible values:
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
(sql improvement possible if result conform db above)
Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)
default db sql
all 25366 16601 15941
24839 16604 15611
paginated 16759 8447 6615
17734 8639 8846
this is used in both:
- events/view/<id>
- attributes/event/<id>
2012-08-03 12:00:16 +02:00
Andrzej Dereszowski
3ff180e898
Merge branch 'develop_0.2.2-0.2.3' into develop
...
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
2012-07-24 16:09:48 +02:00
noud
de89d28caa
Fix, paging on event with lots of attributes.
2012-07-20 13:27:55 +02:00
Andrzej Dereszowski
bf98f2db3c
Merge branch 'develop_0.2.2_fixes' into develop
...
Conflicts:
app/Model/Attribute.php
2012-07-11 16:15:27 +02:00
noud
50e24c7c56
Upload always ticked if malware-sample, always unticked if attachment.
2012-07-11 09:48:44 +02:00
noud
8f4727e3ad
Correction to upload so zip only ticked when malware and not when
...
attachement.
2012-07-10 11:39:43 +02:00
noud
4ac501d54e
Only show categories with type attachment or malware-sample in Add
...
Attachement view. (this was..No possibility to upload if type
attachement or malware-sample is not in category.)
2012-07-09 14:14:55 +02:00
noud
ed41233f2a
No possibility to upload if type attachement or malware-sample is not in
...
category.
2012-07-06 13:48:17 +02:00
deresz
dbf7fafea8
Correction to "link" attribute type - links were not actually created.
...
Also changed it to proper "cake" way.
2012-07-04 15:51:19 +02:00
noud
66c5312ea6
DataBase migrate, Audit and Access Control granulation.
2012-06-28 17:24:12 +02:00
root
b4558887ce
Revert "Audit and ACL first cut."
...
This reverts commit 5818231f48
.
2012-06-26 09:40:52 +02:00
noud
5818231f48
Audit and ACL first cut.
2012-06-25 15:54:52 +02:00
Christophe Vandeplas
66a9950d14
minor improvement in usability on index pages
2012-06-25 08:00:08 +02:00
Christophe Vandeplas
e453ee0e97
Sanitize::html() to h() for views is the way to go
2012-06-05 10:00:36 +02:00
Christophe Vandeplas
8505396b25
select boxes with filtering now
2012-05-30 18:11:44 +02:00
Christophe Vandeplas
24e7139e45
minor fix in Attribute tooltip
...
more documentation (autogenerated)
2012-05-30 10:24:57 +02:00
Andrzej Dereszowski
1a91c2f49b
Help messages implementation (forms and list views).
2012-05-29 16:53:50 +02:00
Andrzej Dereszowski
51dbbcfa13
Explanation messages implemenented for forms and for list views (using
...
"title" html element)
2012-05-29 16:50:45 +02:00
Christophe Vandeplas
7ee4ab7035
fixes issue 64
2012-04-26 15:18:33 +02:00
Christophe Vandeplas
8bd7b45248
Fixes issue 66 - https://code.lab.modiss.be/p/cydefsig/issues/66/
2012-04-26 11:15:12 +02:00
Christophe Vandeplas
388f3cc445
Merge commit '280baac98902789ee69186539474a2e82156659e' into develop
...
Resolved Conflicts in:
app/View/Events/view.ctp
2012-04-25 09:04:07 +02:00
Andrzej Dereszowski
29c5411ece
minor cosmetic changes
2012-04-13 10:53:53 +02:00
Christophe Vandeplas
c2975a77a4
Allow saving of data using REST API
2012-04-07 08:31:01 +02:00
Christophe Vandeplas
6cee17bfcd
XML format for attributes index
2012-04-04 18:08:57 +02:00
Christophe Vandeplas
49aaced78a
Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop
...
Fixed conflicts in: app/View/Events/view.ctp
2012-04-04 17:53:51 +02:00
Andrzej Dereszowski
faffe87ea6
- some bugfixes in validation corrected
...
- new attribute type - link to external site
2012-04-02 19:24:50 +02:00
Andrzej Dereszowski
216b77f854
- Attributes index view fixed (attachments)
2012-04-02 11:59:51 +02:00
Christophe Vandeplas
2142585710
Implemented basics for private, nonsyncable, Events or Attributes.
2012-04-01 18:41:47 +02:00
Christophe Vandeplas
0915ce48d3
Added some infoboxes when adding Attributes.
2012-03-31 23:29:56 +02:00
Christophe Vandeplas
7c4394682d
Renamed Signature to Attribute
2012-03-26 19:56:44 +02:00