Sami Mokaddem
574deccac8
new: [workflow] Added toggling module state
2022-06-17 09:20:27 +02:00
Sami Mokaddem
d8f8225b9e
Merge branch 'develop' of github.com:MISP/MISP into feature-workflows
2022-05-30 14:37:36 +02:00
Luciano Righetti
6c2a9ee11e
Merge pull request #8393 from righel/test-if-file-session-conf
...
chg: show diagnostic issue if session is file based
2022-05-30 11:09:46 +02:00
Jakub Onderka
d8fd3e937a
chg: [sync] Simplify galaxy cluster pushing
2022-05-30 08:28:22 +02:00
Jakub Onderka
0326d35387
chg: [sync] Reuse ServerSyncTool for pushing sightings
2022-05-30 08:28:22 +02:00
Jakub Onderka
46037748a2
chg: [sync] Use ServerSyncTool for pushing events
2022-05-30 08:28:22 +02:00
Jakub Onderka
d4deca9330
chg: [sync] Optimise event filtering for push
2022-05-30 08:28:22 +02:00
Jakub Onderka
ac82eb3844
chg: [sync] Optimise galaxy cluster pulling
2022-05-30 08:28:21 +02:00
Jakub Onderka
b50daa886f
chg: [sync] Remove duplicate blocklist checking
2022-05-30 08:28:17 +02:00
Jakub Onderka
f7af3c4e4e
chg: [sync] Optimise removing old evens when pulling
2022-05-30 08:27:38 +02:00
Jakub Onderka
9de6069ed9
chg: [sync] Optimise event attribute filtering
2022-05-30 08:27:38 +02:00
Jakub Onderka
2b6365760d
fix: [internal] Enabling/disabling correlations
2022-05-26 15:42:16 +02:00
Jakub Onderka
a0778774d7
new: [setting] MISP.thumbnail_in_redis
2022-05-24 09:18:51 +02:00
Luciano Righetti
5c324ff56b
fix: missing file
2022-05-20 16:23:36 +02:00
Luciano Righetti
097c9f8080
Merge pull request #8361 from righel/optimize-event-view-tags
...
Optimize event view tags
2022-05-17 14:35:19 +02:00
Sami Mokaddem
c5af331bc5
Merge branch 'develop' of github.com:MISP/MISP into feature-workflows
2022-05-16 10:50:47 +02:00
Jakub Onderka
2f7c671adb
new: [internal] Simplify checking if connection is MySQL/MariaDB
2022-05-14 10:17:06 +02:00
Luciano Righetti
5300207ee8
new: add new setting to disable taxonomy checks when browsing data
2022-05-12 11:13:35 +02:00
Sami Mokaddem
140b771989
Merge branch 'webhook' of github.com:MISP/MISP into feature-workflows
2022-05-11 13:05:15 +02:00
Jakub Onderka
2294232442
fix: [internal] Strict types
2022-05-07 10:40:41 +02:00
iglocska
a4cba3fdc6
new: [modules] action module type added
...
- hooking function type
- add a hooking point via `$this->Module->executeActions($hook_name, $user, $input, $logging_options, $error)`
- will execute the enabled modules for the hook name and depending on the module's type (blocking/not blocking) allow for breaking the execution when false is returned.
- For a sample skeleton, see the misp-modules project
2022-05-04 01:23:13 +02:00
Sami Mokaddem
10c611d51b
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-04-26 12:44:32 +02:00
Sami Mokaddem
c4f7a6e4f0
new: [clusters:attachMultipleClusters] Allow mirroring attribute clusters to events
...
Added a new checkbox while picking tags to also tag the event with the tags to be attached to the attribute.
2022-04-26 12:27:17 +02:00
Jakub Onderka
ad6f5a8f64
fix: [internal] Undefined index
2022-04-22 12:08:26 +02:00
Jakub Onderka
ff150b8834
chg: [internal] Do not generate export array when initializing Event class
2022-04-10 09:49:21 +02:00
Sami Mokaddem
6c258015a1
chg: [servers:getAllTypes] Moved the type and object collection action for filtering in the model
2022-04-04 11:52:47 +02:00
iglocska
861a9af713
Merge branch '2.4' into develop
2022-03-28 17:49:28 +02:00
Jakub Onderka
f1dd24933c
fix: [sign] Allow to sign event by key stored in gpg homedir
2022-03-26 12:10:26 +01:00
Luciano Righetti
34df13af81
fix: typo
2022-03-25 16:32:32 +01:00
iglocska
f4e390ae27
new: [event locks] have an option to disable them
...
- it's annoying and causes headaches
- as discussed in #8204
2022-03-25 08:52:51 +01:00
Alexandre Dulaunoy
ab1305cc18
Merge pull request #8218 from righel/org-svg-logo-setting
...
new: add setting for allowing svg org logos
2022-03-18 11:01:14 +01:00
Luciano Righetti
8dcf414340
fix: [security] restrict setting to cli only. enabling this setting could allow potential ssrf attacks, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 15:55:21 +01:00
iglocska
07b091778a
Merge branch '2.4' into develop
2022-03-17 15:51:06 +01:00
Hendrik Baecker
eb7a1301bb
[chg] LinOTP now with enable/disable as config feature
2022-03-17 15:19:58 +01:00
Luciano Righetti
2bd4a5b30c
fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 14:42:49 +01:00
iglocska
e8dcb31623
Merge branch 'feature/protected_mode' into develop
2022-03-17 01:43:44 +01:00
iglocska
8eff854fce
fix: [signing validation] use the existing event rather than the incoming event for edits
...
- the ground truth for allowing edits is in the LOCAL version of the event
- prevents tampering attempts
- also cleanup of repetive file upload code
2022-03-17 00:41:55 +01:00
iglocska
d49eca93ea
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode
2022-03-16 01:34:19 +01:00
iglocska
d431ee2d31
new: [pull] added protected mode checks and calling the validation functions if a protected event is found
...
- also removed leftover breakpoints
2022-03-16 01:32:01 +01:00
iglocska
c33230c2cd
Merge branch '2.4' into feature/protected_mode
2022-03-15 23:49:06 +01:00
iglocska
3122974853
chg: [pull] signing validation WiP
2022-03-15 23:10:51 +01:00
iglocska
4a65714fe9
fix: [sync] version comparison fixes
...
- for determining the right version to compare to when deciding if protected events can be synced
2022-03-14 00:34:44 +01:00
iglocska
37fb2943bf
chg: [check remote MISP version] added flag for protectedMode awareness
2022-03-13 12:37:30 +01:00
Jakub Onderka
2e87d6b7b4
Merge pull request #8197 from JakubOnderka/push-sightings-refactor
...
chg: [sync] Simplify code for sighting pushing
2022-03-12 13:17:38 +01:00
Luciano Righetti
fd43c07952
fix: add default supervisor user to default settings
2022-03-09 12:08:54 +01:00
Luciano Righetti
7fae03d226
fix: add default supervisor user to default settings
2022-03-09 12:01:57 +01:00
Jakub Onderka
90cd99685f
chg: [sync] Simplify code for sighting pushing
2022-03-07 17:45:06 +01:00
iglocska
639a4929e3
new: [sharing group blueprints]
...
- create a rule based blueprint that is used to create and update a sharing group
- nest sharing groups
- filter organisations by metadata fields
- nested via boolean operators
- CLI exposed
- API exposed
- Lightweight ownership model (only blueprint owner can see and edit the blueprint)
2022-03-02 02:09:20 +01:00
Jakub Onderka
351d2bfa20
fix: [security] Do not allow to fetch value of redacted setting
2022-02-26 10:57:47 +01:00
Andras Iklody
35d0d77788
Merge pull request #8141 from folbricht-stripe/preserve-session-config
...
Preserve Session.* configuration in serverSettingsSaveValue
2022-02-23 11:40:28 +01:00
iglocska
6ab34c5b34
fix: [sync] fixed several issues with the sync attribute filters causing issues
...
- if no negative sync filters defined, errors thrown due to check against null
2022-02-16 15:23:03 +01:00
Frank Olbricht
b08f7cf2d8
Preserve Session.* configuration in serverSettingsSaveValue
2022-02-12 14:41:35 -07:00
iglocska
260d84651c
fix: [tmpdir] default value change missing
...
- Thanks @Wachizungu for spotting my fail
2022-02-09 15:44:18 +01:00
iglocska
607de3683c
fix: [tmpdir] default reverted to MISP/app/tmp
...
- too many access errors for users with /tmp as the default
2022-02-09 09:18:02 +01:00
Jakub Onderka
2f33b4ad3d
new: [UI] Show TLS version for server test
2022-01-22 11:39:49 +01:00
Jakub Onderka
067e04fcf6
chg: [setting] Check if value is from options
2022-01-21 20:09:39 +01:00
Jakub Onderka
44c4f80c28
chg: [internal] Do not call __evaluateLeaf for branch
2022-01-21 19:39:49 +01:00
Jakub Onderka
7bf1afc093
fix: [internal] testForCABundle should return true
2022-01-21 17:48:22 +01:00
Jakub Onderka
f32c526bbe
new: [security] Allow to specify min_tls_version
2022-01-21 10:18:22 +01:00
Jakub Onderka
0c243ce4f7
fix: [setting] Default value for MISP.require_password_confirmation is false
2022-01-20 10:53:45 +01:00
Alexandre Dulaunoy
7a62e49e98
Merge branch '2.4' into develop
2022-01-17 23:35:38 +01:00
Hendrik Baecker
7644a19b7f
[chg] LinOTP default baseURL
2022-01-17 07:24:59 +01:00
Hendrik Baecker
aeeb16ec06
[chg] Make LinOTP configurable via webui and cli
2022-01-14 14:32:43 +01:00
Alexandre Dulaunoy
f19661fb21
Merge branch '2.4' into develop
2022-01-04 15:54:42 +01:00
StefanKelm
9897c42ef5
Update Server.php
...
fix wording
2021-12-30 13:44:10 +01:00
Luciano Righetti
57597b9cd7
fix: change simple bg jobs settings to critical, fix notice in server shell
2021-12-23 14:44:38 +01:00
Jakub Onderka
1caf425b2b
Merge pull request #8039 from JakubOnderka/cake-baseurl-deprecated
...
chg: [cli] Deprecate `cake baseurl` command
2021-12-22 19:47:54 +01:00
iglocska
f905eef8f0
Merge branch '8042' into develop
2021-12-21 16:42:50 +01:00
Jakub Onderka
73936bc8fe
chg: [cli] Deprecate `cake baseurl` command
2021-12-19 14:05:27 +01:00
iglocska
1c5d7d2f2f
chg: [rephrasing] some warnings
2021-12-17 16:09:01 +01:00
Sami Mokaddem
7f53cdc562
fix: [server:pull] Typo in objectAttribute filtering
2021-12-17 15:23:37 +01:00
Hendrik Baecker
2a54c429ed
[chg] Safe LinOTP Config
2021-12-14 17:28:52 +01:00
Sami Mokaddem
0bb4f372ff
fix: [server:pull] Typo while unsetting attribute blocked by filtering rule
2021-12-10 13:47:39 +01:00
Sami Mokaddem
fee5563c5a
chg: [server:pull] Do not log empty event entries if it was cause by the rules
2021-12-10 10:56:45 +01:00
Sami Mokaddem
7d87fef8ea
fix: [events:synchronisation] debug and typos
2021-12-10 10:02:49 +01:00
Sami Mokaddem
3db4a4636b
chg: [server:synchronisation] Usage of template_uuid instead of the object name
2021-12-10 09:52:07 +01:00
Sami Mokaddem
014ae34c53
new: [server:synchronisation] Type filtering during PULL synchronisation
...
Warning: This feature can introduce unwanted behaviours and inconsistencies
2021-12-09 12:29:03 +01:00
Luciano Righetti
019bba81af
fix: show error message instead of fatal error when diagnostics tool fails to run
2021-11-26 11:45:10 +01:00
Luciano Righetti
cab5262d65
fix: improve error handling when supervisor is not available or connection settings are wrong
2021-11-25 10:29:16 +01:00
Jakub Onderka
ba71bee293
chg: [internal] testForBinExec cleanup
2021-11-22 09:58:23 +01:00
Jakub Onderka
f895bb21e2
chg: [internal] Optimise setting
2021-11-22 09:58:23 +01:00
Jakub Onderka
82a7be8b4d
chg: [upload] Allow to upload SVG files
2021-11-22 09:58:23 +01:00
Jakub Onderka
e13d0bd4ae
chg: [internal] New method ProcessTool::whoami
2021-11-22 09:57:39 +01:00
Jakub Onderka
bd99d4866f
chg: [diagnostics] Check also MISP.attachments_dir and MISP.tmpdir folders
2021-11-22 09:57:39 +01:00
Jakub Onderka
06107ee622
fix: [internal] User ProcessTool for selfTest
2021-11-22 09:57:39 +01:00
iglocska
ec70caeb61
chg: [submodule update] added --init --recursive
2021-11-21 17:13:57 +01:00
Jakub Onderka
4b380f199d
fix: [internal] Try to create directory if not exist
2021-11-18 10:19:01 +01:00
Jakub Onderka
9626f12f6f
chg: [internal] Use ProcessTool in Server
2021-11-15 10:22:03 +01:00
Jakub Onderka
cc25e2729c
chg: [internal] Simplify checking if folder is writable
2021-11-14 19:09:39 +01:00
Jakub Onderka
9c60d64b04
fix: [internal] Update JSON
2021-11-14 19:09:38 +01:00
Jakub Onderka
db13698ebd
chg: [internal] Better submodule info fetching
2021-11-14 19:09:38 +01:00
Jakub Onderka
aecf9499ad
chg: [internal] Check if update is possible
2021-11-14 19:09:38 +01:00
Jakub Onderka
0cc7804219
chg: [internal] Current branch and commit checking
2021-11-14 19:09:38 +01:00
Jakub Onderka
736aba20a3
chg: [internal] More clear method names
2021-11-14 19:09:38 +01:00
Jakub Onderka
763a9b6e6e
fix: [internal] Param order
2021-11-14 19:09:38 +01:00
Jakub Onderka
a424c01844
chg: [internal] Small optim
2021-11-14 19:09:38 +01:00
Jakub Onderka
c388bb3882
chg: [internal] Move version checking to one function
2021-11-14 19:09:38 +01:00
Jakub Onderka
e41a8a785e
chg: [internal] Use GitTool for remote version fetching
2021-11-14 19:09:38 +01:00
Jakub Onderka
db3183ae54
chg: [internal] Faster way how to get current commit
2021-11-14 19:09:38 +01:00
Jakub Onderka
7074647128
chg: [internal] Authkey resetting
2021-11-14 19:09:37 +01:00