Commit Graph

174 Commits (d7b4c28552d642c0614c108d91b86f1c73235460)

Author SHA1 Message Date
iglocska d7b4c28552 Contextual comments
- Attributes now have a comment field
2013-10-30 16:00:46 +01:00
iglocska 0cb7653d41 Merge branch 'develop' into feature/XML_and_UI 2013-10-24 16:10:58 +02:00
iglocska d5d2e900c4 First revision of the unified menu and XML upload
- centalising the side menu for easier maintainability

- XML upload of event(s) from the interactive interface
2013-10-24 10:33:34 +02:00
iglocska f445c0ddb8 Merge branch 'hotfix-2.1.26' into develop
Conflicts:
	app/Controller/AttributesController.php
2013-10-15 10:35:08 +02:00
iglocska 1deddf0075 Fix to the conditions when doing a restsearch
- Was always searching for 'value' due to a bug. Fixed.
2013-09-27 10:06:36 +02:00
iglocska 10747e9366 Change to the attribute download method
- Permissions weren't checked correctly when downloading attachments
2013-09-20 14:26:06 +02:00
iglocska c48edd6732 First release of the new API features 2013-09-20 11:40:26 +02:00
iglocska 8e75f0826f Security fix and new download attachment feature
- users can now download attachments using the APIkey

- security issue fixed where a user could download attachments that he/she can't even see by navigating to attributes/download/<attribute_id>
2013-09-19 17:28:55 +02:00
iglocska 6d1dc6df95 First round of implementations for the new API searches
- users can search RESTfully for attributes based on various filtering mechanisms and get either an event that includes the located attribute(s) or just an array of attributes returned.

- users can also request all attributes of a (or several) types and get them returned as an XML
2013-09-19 12:05:08 +02:00
iglocska 807cc4c090 Deleting attributes deletes associated shadow attributes
There was a bug causing "zombie" shadowattributes to stay in events if the attribute has been deleted
2013-09-04 08:52:30 +02:00
iglocska 20efca4d79 A previous change reverted by accident in the previous commit 2013-08-21 13:08:28 +02:00
iglocska 285ff481a5 Further updates to the sync 2013-08-12 17:23:32 +02:00
iglocska 49f90b59f2 Fix to the distribution changes breaking threatconnect imports 2013-08-08 13:59:10 +02:00
iglocska 87a03b756e Changes to the initial distribution settings
- The initial attribute distribution level now allows the option for 'event', inheriting the event's distribution level
2013-08-08 12:16:03 +02:00
iglocska 0ee45af902 Default distribution level flags in bootstrap.php
- Each instance can now have its own default event and attribute distribution level set
2013-08-06 11:53:12 +02:00
iglocska 3f0eaa73a4 Changes to the filename validation
- . allowed in filenames to allow for names such as test-1.0.ext
2013-07-29 17:19:08 +02:00
iglocska b3f6032857 Fixes an issue with the upload of malware samples not generating an md5
hash if the file is too large
2013-07-26 10:13:44 +02:00
Christophe Vandeplas ca30cf006f Import ThreatConnect attributes into event, see issue #119 2013-07-15 09:10:18 +02:00
Christophe Vandeplas 130f470c90 Revert "fix bug in removing remote attributes if push is not enabled"
This reverts commit c4d5344153.
2013-07-13 08:22:37 +02:00
Christophe Vandeplas c4d5344153 fix bug in removing remote attributes if push is not enabled 2013-07-13 08:21:42 +02:00
iglocska 3e9a967188 Removal of some references to the old private flag 2013-07-11 17:25:47 +02:00
iglocska 23017fd9a8 Change to the GFI import and the attachment downloads
- GFI import issue fixed with attribute ID 1 not existing causing the
import to fail for several attributes

- GFI import change: registry keys with binary value are now artifacts
dropped instead of persistance mechanism

- GFI import change: files with size of 0 will be omitted

- file attachment download change: moved away from the deprecated media
view in favour of cakeresponse->file()
2013-07-10 17:31:18 +02:00
iglocska eeac31bee8 Regexp changes, UI changes
- first cleanup of regexp

- some changes left off from the UI changes that were not in the views
themselves
2013-07-04 15:45:11 +02:00
iglocska abde2a47af Several fixes
- Fixed the search pagination beyond the first page

- Hard coded routing of the menues in the global actions area
2013-06-28 14:28:58 +02:00
iglocska 5948a7c329 Several copy paste failures fixed in the previous commit
- /facepalm
2013-06-27 17:57:33 +02:00
iglocska 8cdf97ff66 ACL checks changed
- until now checkAction was used to check permissions of a user

- but since all of the role permissions are checked beforefilter in
appcontroller and saved into a public array, doing a lookup of the
array saves an SQL call for each permission check.
2013-06-27 17:53:36 +02:00
iglocska 7cd742dce4 Fix to users not being able to edit attributes 2013-06-27 16:43:03 +02:00
iglocska c604241487 Bugfix for the creation of several attributes with the same UUID
- SHA256 and SHA1 hash attributes that get auto-generated on malware
sample upload had the same hash as the filename|md5. Fixed.
2013-06-26 17:25:38 +02:00
iglocska 39e99554c9 Views updated to include CSV in the menues
- CSV and also IOC downloads on events are now hidden if the event is
not published
2013-06-26 17:20:56 +02:00
iglocska e87c28863e Firther work on the exports
- Some refactoring of the whitelist checks
- tighter rules for published / to_ids on certain exports
- attribute search now has the IOC checkbox
2013-06-26 15:31:28 +02:00
iglocska 776ef3ae07 Changes to export validation, CSV export, Whitelist redesign
- CSV export for individual events, all events, search results
- Whitelists are now preg_matches instead of simple string matches
- whitelist checks are to be applied on almost all exports
(implementation in progress)
- the exception will be the search result exports, if the (to be
implemented) to_ids only checkbox isn't checked
2013-06-26 14:48:25 +02:00
iglocska 24ebbcca5c Update to the attribute search
- Use ! to exclude terms in the value/id/org fields

- org search works the same way as value / id now, you can enter several
terms separated by a newline. Also, adding ! infront of a term will
exclude the organisation from the results

- sub string search for organisations
2013-06-24 13:24:08 +02:00
iglocska 55f47d3166 ShadowAttribute notifications, and some minor fixes
- New field for events, locking an event from sending out a contact
e-mail when a proposal is made to it
- Default setting for the new field is 0, if a shadow attribute is
added an e-mail is sent to all subscribing members of the orgc and the
new field is set to 1
- Accepting a change resets the field to 0
2013-06-20 16:21:55 +02:00
iglocska d2fcda7cc6 Added 2 new type of attributes
- sha256 / filename|sha256
- uploading a malware sample now automatically creates a filename|sha1
and a filename|sha256 in addition to the sample|md5
2013-06-12 16:50:21 +02:00
Christophe Vandeplas 45cfafca98 fix file download missing extension 2013-06-11 14:52:54 +02:00
Iglocska a3edc6a4ee UI changes and more work on the sync
- updated the side menu
2013-06-11 01:20:27 +02:00
Iglocska 040227d66a Some more fixes to the sync 2013-06-10 23:34:47 +02:00
Iglocska b74179bc84 Further work on the distribution 2013-06-10 21:38:04 +02:00
Iglocska 06ca5ba0cd Further changes to the distribution
- changed to use the new int field
2013-06-10 20:49:31 +02:00
iglocska 3c23ac3a86 Change to new distribution
- first stage
2013-06-10 17:33:03 +02:00
iglocska 58c00150ba First cleanup of AttributesController and EventsController after the
move to timestamps
2013-06-07 09:45:26 +02:00
iglocska 1e7665cd6d Saving over night, something still blocks the timestamp from being saved
after a push...
2013-06-06 18:43:26 +02:00
iglocska 4e2685e0c6 More work on the timestamps
- Event correctly changes timestamp when attribute edited in the UI
- Attribute correctly changes timestamp when edited in the UI

- Still very much work in progress, several parts are not supposed to
work yet
2013-06-06 16:03:28 +02:00
iglocska d52b0a6e70 First (still non-working) version of the timestamp + uuid sync
- timestamp field added to events and attributes (int length 11 called
timestamp, default value 0)
- timestamps created on add / edit when apprioriate
- during an add, if an event/attribute is not being pushed through a
sync with an existing timestamp, create a timestamp
- on edit, check whether the timestamp is newer than the old one and
only add the attribute or event then
2013-06-06 14:55:13 +02:00
Christophe Vandeplas e3ed847ba0 fixing some REST API and XML issues 2013-05-28 11:15:21 +02:00
Christophe Vandeplas 3bbd12f461 further cleanup of the REST XML output 2013-05-22 11:21:52 +02:00
Christophe Vandeplas 2776513395 moved fragmented massagedata to Model::beforeValidate() 2013-04-30 08:20:23 +02:00
Andras Iklody 6332dbf05b Removal of more remnants of the old ACL and tightening of the filename
checks

- actAs acl removed from role and user models together with some extra
code related to the ACL

- Fix of the filename regex as pointed out by cvandeplas.
2013-04-29 10:52:07 +02:00
Andras Iklody eeaa071024 Removal of the remains of the old authorization / adding new ones where
needed
2013-04-26 14:43:44 +02:00
Andras Iklody b98818ebfb Small errors with the merge corrected
- some errors managed to slip through during the merge, should be fixed
2013-04-25 15:37:49 +02:00