Noud de Brouwer
95158d2ef3
Sanitize
...
Sanitize countermeasures.
2012-12-19 12:42:38 +00:00
Charlie Root
e474b8e189
generateAllFor<FieldName>
...
conflicts with CAKE/Model/Model::_call() so no findBy<FieldName>.
(and various very minor other things.)
2012-12-19 10:30:10 +00:00
Noud de Brouwer
d89ab91dee
coding standards
...
Coding Standards.
2012-12-18 16:44:07 +00:00
Noud de Brouwer
8864ee78f7
generateAllFor<FieldName>
...
so we can use an URL like:
http://localhost/ <TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
2012-12-18 03:50:52 +00:00
Andras Iklody
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud
26c8ad57ee
Role
...
renamed everything group to role (i.s.o. renaming just the visable).
2012-12-12 16:15:01 +01:00
noud
52a7625a9d
Source Code Review
...
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
2012-12-12 14:01:00 +01:00
noud
8119d26d35
RBAC and Roles
...
did add Acl Admin and Audit.
2012-12-11 17:40:57 +01:00
noud
75dfba2ae1
sync
...
have sync option in role.
and only display the Sync Actions when sync option or admin.
(still has to be disabled if role is below manage org events.
2012-12-07 15:00:40 +01:00
noud
1bd14256e0
coding standards
...
correction conform conding standards.
2012-12-04 09:07:33 +01:00
noud
c6bdf794c1
db
...
spit generatePrivate into attr and event part (given long runtime).
2012-11-29 15:10:18 +01:00
noud
d2ab860ff2
distibution
...
generatePrivate conform new distribution.
2012-11-28 16:34:36 +01:00
noud
889492629e
distibution
...
add generateHop to migratemisp11to2.
(generatePrivate should still be looked at.)
2012-11-28 14:30:29 +01:00
noud
324d58d532
distribution
...
generate hop count.
2012-11-28 13:19:20 +01:00
noud
80571386ad
audit log & terms
...
do not handle a timed out user log.
and
better check on login and termsaccepted.
2012-11-26 10:50:23 +01:00
noud
7c878af986
terms
...
slight better formulated AppController::beforeFilter()
2012-11-20 08:42:32 +01:00
noud
7a0068936a
terms
...
slight better formulated AppController::beforeFilter()
2012-11-19 15:40:26 +01:00
noud
fdd999ef35
correlation
...
fixed correlations being double accounted.
2012-11-15 15:53:07 +01:00
noud
4f234d1d46
terms
...
take 2, for a user must accept terms.
2012-11-15 13:50:20 +01:00
noud
8d2e665ceb
terms
...
reverted just done commit
(Can't use method return value in write context ).
2012-11-15 13:24:34 +01:00
noud
8125c0c938
terms
...
check for user logged in (if not a server looks total stalled).
2012-11-15 13:23:08 +01:00
noud
ea0ab59e4f
code standards
...
corrections toward code standards.
2012-11-14 17:16:36 +01:00
noud
6b06ba7ff6
count & GFI Sandbox
...
count # attributes in events index.
plus various fixes for distribution in correlation of a GFI Sandbox
upload.
2012-11-14 16:14:04 +01:00
noud
c599c2c23e
GFI Sandbox
...
files having size 0 are not md5 summed in CakePHP.
2012-11-14 15:12:19 +01:00
noud
3a84ffb59f
terms
...
user must accept terms.
2012-11-14 10:52:53 +01:00
noud
723ef6c3d1
correlation
...
respect distribution Org in correlations.
(for this
add correlations.1_private conform MYSQL.correlaton.sql
and
AppController::generateCorrelation() must be run)
2012-11-13 14:13:38 +01:00
noud
4cc6b8055f
RBAC
...
now should be okay on the checkGroup.
(mind, we have a PHP 5.3.10 (dev) and 5.2.10 (f.a.) difference.
for CakePHP should be php > 5.2.8, pear > 1.9.0 and phpunit 3.5.0)
2012-11-08 15:28:21 +01:00
noud
c722205ddf
RBAC
...
check if $user exists, if no, not logged in.
2012-11-08 15:12:20 +01:00
noud
91f96427db
RBAC
...
//$user =
ClassRegistry::init('User')->findById($this->Auth->user('id'));
$this->loadModel('User');
$user = $this->User->findById($this->Auth->user('id'));
2012-11-08 14:36:27 +01:00
noud
a2bc237bcd
RBAC
...
should now respect Manage, so also edit, own and org events.
2012-11-08 14:09:52 +01:00
noud
f56cb25bed
Merge branch 'master' into develop
2012-10-25 15:23:22 +02:00
noud
05085533de
blackhole
...
full out-commented.
2012-10-25 15:16:19 +02:00
noud
fa86316747
blackhole
...
revert the commit, this screws CSRF
(thanks to Christophe for noticing)
2012-10-24 17:16:12 +02:00
noud
eae89d95cd
Private.
...
Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.
Has a generatePrivate for db conversion now.
2012-10-18 11:40:12 +02:00
noud
67e50cb612
Private
...
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).
Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
2012-10-17 14:45:26 +02:00
noud
bf4e46da8f
Merge branch 'master' into develop
2012-10-17 13:26:16 +02:00
noud
899ef6300b
blackhole
...
i have an idea this blackholeCallback seems to overcome a lot of
blackhole situations we got.
Notably during deleting multiple events from the index,
this improved not getting a blackhole a lot.
2012-10-17 13:00:50 +02:00
noud
ec0892a6ad
Merge branch 'master' into develop
...
Conflicts:
app/Config/bootstrap.php
2012-09-25 15:54:25 +02:00
noud
18fb8a7a64
CakePHP
...
Update from CakePHP to version 2.2.2
as well as needed patch files.
2012-09-25 15:41:58 +02:00
noud
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
noud
8179a1a691
Merge and code standards.
...
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
2012-09-24 09:02:09 +02:00
noud
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
noud
94a367c2f5
CakePHP Coding Standards
...
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
noud
253d8e1b58
Merge branch 'master' into develop
...
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
app/View/Events/view.ctp
2012-09-17 13:02:53 +02:00
noud
2dea0e347d
Correlation performance gain.
...
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');
possible values:
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
(sql improvement possible if result conform db above)
Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)
default db sql
all 25366 16601 15941
24839 16604 15611
paginated 16759 8447 6615
17734 8639 8846
this is used in both:
- events/view/<id>
- attributes/event/<id>
2012-08-03 12:00:16 +02:00
Andrzej Dereszowski
3ff180e898
Merge branch 'develop_0.2.2-0.2.3' into develop
...
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
2012-07-24 16:09:48 +02:00
noud
78f629e6dd
Redo Event.user_id
2012-07-19 14:52:27 +02:00
deresz
50e3566f3a
Some modifications to category/attribute matrix. MISP database is now compatible for sync with CyDefSIG.
2012-07-04 11:28:40 +02:00
noud
66c5312ea6
DataBase migrate, Audit and Access Control granulation.
2012-06-28 17:24:12 +02:00
root
b4558887ce
Revert "Audit and ACL first cut."
...
This reverts commit 5818231f48
.
2012-06-26 09:40:52 +02:00
noud
5818231f48
Audit and ACL first cut.
2012-06-25 15:54:52 +02:00
Christophe Vandeplas
3996edca45
first migration script for misp0.2 to misp1.0 (not finished)
2012-06-14 11:03:43 +02:00
Christophe Vandeplas
5eb6a89384
removed reference to useless user_id.
...
fixed bug where Contact reporter doesn't work when user does not exist
(contact reporter now sends mails to all the org)
2012-06-08 16:57:10 +02:00
Christophe Vandeplas
6e9ab97791
implementation of a anti-brute-force password guessing mechanism.
2012-06-06 11:00:02 +02:00
Christophe Vandeplas
fa167bc2c8
.
2012-05-04 14:47:50 +02:00
Christophe Vandeplas
6e9f0f0d24
split value to value1 and value2.
...
You need to update the DB schema and run /events/migrate02to021 to
migrate the data
2012-04-25 13:17:44 +02:00
Christophe Vandeplas
a2d073b7b9
REST POST of event and signatures works (basics, no error-handling)
2012-04-10 15:47:42 +02:00
Christophe Vandeplas
c2975a77a4
Allow saving of data using REST API
2012-04-07 08:31:01 +02:00
Christophe Vandeplas
fb958eaacc
Logging in for REST using Authorized HTTP header field.
2012-04-06 16:32:33 +02:00
Christophe Vandeplas
a45b70bc8d
Add, edit, delete and (basic) Manual Sync server functionality added
2012-04-04 20:22:22 +02:00
Christophe Vandeplas
98402c0faa
Fix admin routing
2012-03-27 09:31:41 +02:00
Christophe Vandeplas
5657a9dd10
Added a migrate() function to generate uuid for events and attributes
...
that didn't have an uuid
2012-03-26 20:25:45 +02:00
Christophe Vandeplas
7c4394682d
Renamed Signature to Attribute
2012-03-26 19:56:44 +02:00
Christophe Vandeplas
ce0c0aba0e
isAuthorized now handles permissions on admin,delete,edit,... actions
2012-03-20 14:57:52 +01:00
Christophe Vandeplas
865a24d0bd
Migration to CakePHP 2.1.
...
Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00