MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,820 Commits
34 Branches
365 Tags
188 MiB
Commit Graph

797 Commits (e6001bc9fa81938e68042105f43a4002ae9455a4)

Author SHA1 Message Date
Christophe Vandeplas e6001bc9fa
Revert "Feature/api log and pin ip (#8965)" 
This reverts commit d5ce838ddc.
 2023-03-29 09:53:29 +08:00
Christophe Vandeplas d5ce838ddc
Feature/api log and pin ip (#8965) 
* fix: [sightings] don't be case insensitive on code side

* chg: [AuthKey] store IPs used to connect and show them

* chg: [AuthKey] db change

* fix: [AuthKeys] prevent race condition with double IPs

* chg: [git] exclude DebugKit plugin from git

* fix: [AuthKey] integrate mokaddem's remarks

* chg: [authkey] One-click IP as only allowed IP

* chg: [authkey] pin IP on view page

---------
 2023-03-29 09:18:47 +08:00
Sami Mokaddem 8dbcd43b42
Merge branch 'pr-8948' into develop 2023-03-10 11:22:16 +01:00
Anders Einar Hilden b2ad8fc687 new: [ApacheAuthenticate] Add STARTTLS support for LDAP connection 
Controlled by setting `ApacheSecureAuth.starttls`. Default (`ApacheSecureAuth.starttls undefined`) is `false`, since it is a new feature.

config.default.php is updated with `ApacheSecureAuth.starttls = true` as default and extra explanations.
 2023-03-10 10:34:26 +01:00
Anders Einar Hilden ec495da477 [new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth 
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
 2023-03-10 10:34:05 +01:00
Sami Mokaddem 93bf15d3bd
fix: [security] Prevent unauthorized access to decaying import function 
- as reported by Cyber Controls from SIX Group
 2023-01-18 15:05:46 +01:00
Sami Mokaddem 9b6a9d2ef6
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-01-10 10:05:43 +01:00
Sami Mokaddem f7238fe5e7
fix: [security] XSS in authkey add 
- as reported by Dawid Czarnecki from Zigrin Security
 2023-01-10 10:05:22 +01:00
iglocska 206f540f02
chg: [runaway function] split into easier to comprehend ones 2022-12-22 15:35:30 +01:00
iglocska 1edbc25699
chg: [cleanup] indexfilter unused leftover functionality reworked 2022-12-22 13:11:57 +01:00
Jakub Onderka c2b9c472f9 chg: [internal] Add blackhole exception logging 2022-12-15 10:05:13 -05:00
Jakub Onderka 9153234885 new: [UI] Allow to create object from freetext 2022-12-15 10:05:13 -05:00
Jakub Onderka e35c13d0f4 new: [UI] Preparation for creating object from freetext 2022-12-15 10:05:13 -05:00
Jakub Onderka 99473feb2c chg: [ACL] Warninglist::checkValue is available for all 2022-12-15 10:04:45 -05:00
Jakub Onderka e6c174fc58
Merge pull request #8751 from JakubOnderka/disable-discussion 
new: [UI] Add ability to disable discussion
 2022-12-02 10:44:51 +01:00
Jakub Onderka b3fd267105 new: [log] Add ability to log sql queries for access log 2022-12-02 09:39:05 +01:00
Jakub Onderka 00fa78e6ea chg: [internal] Move rest response SQL output 2022-12-02 09:38:14 +01:00
Luciano Righetti 1d919354d2
Merge pull request #8794 from righel/highlighted-tags 
new: highlighted tags
 2022-12-01 15:32:25 +01:00
iglocska 8267d80e15
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-12-01 14:09:34 +01:00
iglocska 14ebd7c775
fix: [ACL] added admin_destroy 2022-12-01 14:09:18 +01:00
Christophe Vandeplas bc4b1e6f49 fix: [logs] only allow for perm_audit & promote the perm to all 2022-12-01 10:49:50 +01:00
Christophe Vandeplas b34933a4a5 chg: [logs] user can see own logs 2022-12-01 10:03:22 +01:00
Luciano Righetti 2e7d1d30c1
fix: conflics and update db_schema.json 2022-11-30 16:00:17 +01:00
iglocska f7c16aa9bc
chg: [ACL] added entries for taxii 2022-11-21 14:39:10 +01:00
Jakub Onderka 757908e81f
Merge pull request #8752 from JakubOnderka/access-log-fixes 
fix: [log] Encode request part of access log as it can contains non u…
 2022-11-15 15:17:49 +01:00
Jakub Onderka dd1d49cc76 fix: [ACL] Event report permission 2022-11-15 09:55:33 +01:00
Jakub Onderka bb1d7c82b6 chg: [internal] Remove stream request decompression, because it was broken 2022-11-14 18:29:58 +01:00
Jakub Onderka 0888578063 new: [UI] Add ability to disable discussion 2022-11-14 18:02:36 +01:00
Jakub Onderka f33b6e8231
Merge pull request #8603 from JakubOnderka/code-fixes 
News view
 2022-11-14 10:10:50 +01:00
Jakub Onderka 4aabc2d097 new: [logging] Access log 2022-11-12 13:45:21 +01:00
Sami Mokaddem 771b4619f5
fix: [acl] Added missing entry about eventReport 2022-11-06 18:33:27 +01:00
Jakub Onderka 014035b475 new: [acl] Checks for publishing or modifying galaxy clusters 2022-11-02 13:24:34 +01:00
Jakub Onderka a1a2109360 new: [acl] canEditEventReport 2022-11-02 13:24:34 +01:00
Jakub Onderka 017c0a1cb6 new: [acl] Check sighting deletion in ACLComponent 2022-11-02 13:24:34 +01:00
Jakub Onderka 5a1a8aace9 chg: [api] Allow to include uuids to sighting 2022-11-01 10:56:14 +01:00
Jakub Onderka 9f0c7456bb fix: [internal] AppController cleanup 2022-10-30 15:13:23 +01:00
Jakub Onderka 7219c98da6 fix: [internal] Remove unused controller method 2022-10-26 09:00:49 +02:00
Jakub Onderka c4dcea7834 fix: [security] Permission for tag collections 2022-10-26 09:00:49 +02:00
Jakub Onderka c5cecdc6fa fix: [acl] Correlation can disable user that can modify event 2022-10-25 16:42:20 +02:00
Jakub Onderka ecd3943e34 chg: [acl] Move org index access to ACLComponent 2022-10-24 09:59:19 +02:00
Jakub Onderka d71f1310e5 new: [acl] Move disabling correlation checking to Acl component 2022-10-24 09:32:23 +02:00
Jakub Onderka 32376e0e2e chg: [acl] Fetch host_org_id just once 2022-10-24 09:32:23 +02:00
Jakub Onderka b1371b4906 new: [acl] Move checks from controller to ACL component 2022-10-24 09:32:23 +02:00
Jakub Onderka 74a2982e1a fix: [internal] Cleanup controller code 2022-10-22 17:17:55 +02:00
Jakub Onderka 8c4bfd7329 fix: [ACL] Permissions for feeds 2022-10-22 14:35:41 +02:00
Jakub Onderka c5e2b39a9a chg: [api] Better specify what `last` attribute means 2022-10-17 16:59:23 +02:00
Jakub Onderka 4be480f4e0 chg: [api] Return REST responses for modifyTagRelationship 2022-10-14 14:56:16 +02:00
Sami Mokaddem 6c82576d35
chg: [events:attributeToolbar] Added bulk relationship add 2022-10-11 08:01:49 +02:00
Jakub Onderka 098adf9f4f new: [news] Show the latest news in nicer view 2022-10-10 17:18:11 +02:00
Jakub Onderka 0cb3e58881 chg: [internal] Cleanup for RateLimitComponent 2022-10-08 13:26:02 +02:00