MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
2,254 Commits
41 Branches
370 Tags
181 MiB
Commit Graph

117 Commits (fcdf36ab61a1ceac89bd754e9b5334dc0a61e5dd)

Author SHA1 Message Date
Christophe Vandeplas dbf1065b3b sync pull backwards compatibility with MISPv2 2013-06-18 11:19:43 +02:00
Christophe Vandeplas 3b28d6f1e8 (workaround) better error message when HTTP problem with Server Pull 2013-06-18 09:12:09 +02:00
Iglocska 1635d99d8f Pull can not edit events / attributes 
- added the _edit method in EventsController
 2013-06-11 00:41:43 +02:00
Iglocska 040227d66a Some more fixes to the sync 2013-06-10 23:34:47 +02:00
Iglocska f8f290375e Further changes to the degradation of the distribution 2013-06-10 23:00:45 +02:00
iglocska cb3ac8be15 Changes to the event filtering 
- there was a bug that pushed the data entered into the "published"
filter field to the date fields -> fixed

- Also a bug in the serverscontroller, pulling threw an undefined
warning from the log controller because a single saveField was used and
the logController couldn't save the url data for the action
 2013-06-06 10:24:27 +02:00
Christophe Vandeplas 0614db919e fixes information leakage vulnerability on REST XML outputs 2013-05-22 10:52:03 +02:00
Christophe Vandeplas 62a3da46f2 removed useless hop_count 2013-05-22 08:18:34 +02:00
Andras Iklody 0eec208b45 Further changes to the authorisation 2013-04-26 15:46:39 +02:00
Andras Iklody eeaa071024 Removal of the remains of the old authorization / adding new ones where 
needed
 2013-04-26 14:43:44 +02:00
Christophe Vandeplas 5c0fc36b79 fix sanitization in Servers #96 2013-04-24 12:23:03 +02:00
Andras Iklody 3e89c80d09 Removed some obsolete code 
- getName functions removed

- Fixed a reference to it in the logable behaviour
 2013-04-18 08:49:59 +02:00
Andras Iklody 9a6733acfd Removal of deprecated code 
- The flag private is deprecated, removed together with the code that was
  affected by it
 2013-04-17 11:13:09 +02:00
Andras Iklody 32dc28adb9 Update to the admin privileges 
- Changed the requirement for a lot of functions to be site admin as
  opposed to admin.
 2013-03-05 15:19:58 +01:00
Andras Iklody fad8e809ad Minor changes 
- some changes to the access control

- re-renabled regexp and blacklists, will need a closer look though

- editing a role should update ACL

- some other minor things
 2013-02-21 17:24:41 +01:00
Andras Iklody 0f947085cb Reworked the sync / release control 
- Fixed issues with the sync
	- Secondary publishes on remote servers failed
	- Introduced new fields in events to stop backward traverse of
	  edit information that lead to low performance and eroneous
	  distribution information updates when more than 2 servers were
	  linked
	- Deletion of an attribute now deletes on remote servers

- Changes to the event ownership
	- Original creator org now noted in the event itself
	- Only original creator org can change distribution
	- Events will show up with the original creator org for users
	  (admins can see both that and the owner of the event on the
	  local instance)
	- Server.organization now used in junction with the connecting
	  user's org and the instance's org (from the bootstrap) to
	  determine distribution flow control and access rights

- Lots of minor changes
 2013-02-19 15:37:35 +01:00
Andras Iklody e88a3a9cf7 Updates to security 
- perm_auth new toggle, can disable auth key usage for a role

- prevents sync / rest with a perm_auth == false key

- some changes to sync to provide better feedback on why it failed

- rewording of distribution options
 2013-02-06 17:45:43 +01:00
Andras Iklody 5706fe183f Redirect for ServersController 
Added redirect for index in case of non sync users
 2013-02-06 08:34:41 +01:00
Andras Iklody 4d0fe60347 Corrected a typo preventing the sync from working 2013-01-30 14:02:36 +01:00
Andras Iklody 97f56a2275 Further changes to org admins 
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
 2013-01-29 08:56:38 +01:00
Andras 8d88bcb2b5 Fix for the synchronisation 
An error in the pull fix broke the push/publish feature. Fixed.
 2013-01-27 21:27:58 +01:00
Noud de Brouwer 3d40095547 coding standards 
Coding Standards.
 2013-01-25 07:51:20 +00:00
Andras Iklody 24b10579ad Pull fixed 
Fixed the issues with pull, should work fine now
 2013-01-24 17:32:57 +01:00
Noud de Brouwer d89ab91dee coding standards 
Coding Standards.
 2012-12-18 16:44:07 +00:00
noud 52a7625a9d Source Code Review 
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
 2012-12-12 14:01:00 +01:00
noud 1e4597c009 distribution 
if distribute upstream, do not alter org, user_id nor distribution
settings.
 2012-11-28 11:09:08 +01:00
noud 4c31bb06cc sync 
lastpushedid reminder.
 2012-11-26 15:37:10 +01:00
noud b00cc0e8b2 sync & code 
a new NameController() needs $Name->constructClasses().
odd this ever did work before (CakePHP 2.2.2 versus 2.2.3 diff?).
 2012-11-20 13:55:53 +01:00
noud 5a35e1a918 sync & merge 
merged develop with master and have to alter ServersController a little.
 2012-11-20 11:14:57 +01:00
noud 957b3e27b8 Merge branch 'master' into develop 
Conflicts:
	app/Controller/ServersController.php
 2012-11-20 11:01:18 +01:00
noud 8b3903cde6 sync 
push from v2 to v1.
 2012-11-20 09:54:54 +01:00
noud 52c9114694 sync 
array correction done so no 2 kinda the same tests during pull.
 2012-11-19 13:42:41 +01:00
noud 8f70b7ce9e sync 
sync attributes on pull.
 2012-11-19 09:13:08 +01:00
noud d3cf89660b sync 
conform the new distribution.
pull on events works too.
 2012-11-19 09:02:43 +01:00
noud 1cddb6abe0 distribution 
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities

Push is tested, pull not yet.
 2012-11-16 15:25:57 +01:00
noud ea0ab59e4f code standards 
corrections toward code standards.
 2012-11-14 17:16:36 +01:00
noud dd979f7325 sync 
make pull work on an event with just one attribute.
 2012-11-09 13:01:00 +01:00
noud d55f226275 distribution 
now attributes do work same for pull like push.
 2012-11-05 12:49:51 +01:00
noud 29c966810e distribution 
let pull behave same way as a push in regard to distribution.
 2012-11-05 10:24:50 +01:00
noud 39abe9e589 Distribution 
distribution changes conform func.spec.
 2012-10-29 16:49:04 +01:00
Christophe Vandeplas 311a09e2b0 fixes bug 87 - on import of existing event: event info changed, tagged 
private. Also fixes events tagged private when added using REST api.
 2012-10-19 13:28:32 +02:00
noud 8f3d624c1a Merge branch 'master' into develop 
Conflicts:
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Attributes/edit.ctp
	app/View/Attributes/index.ctp
	app/View/Elements/actions_menu.ctp
	app/View/Events/add.ctp
	app/View/Events/index.ctp
	app/View/Events/view.ctp
	app/View/Events/xml/view.ctp
	app/View/Servers/index.ctp
	app/View/Users/admin_index.ctp
 2012-09-24 16:02:01 +02:00
noud 1d04652476 CakePHP Coding Standards 
changed to camel caps format where needed.
 2012-09-19 11:05:10 +02:00
noud 94a367c2f5 CakePHP Coding Standards 
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html

Eclipse:
Window->Preferences
	General->Editors->Text Editors
		Displayed tab width:	4
		Insert spaces for tabs	NOT
	PHP->Code Style->Formatter
		Tab policy:	Tabs
File->Convert Line Delimeters To->Unix [default]

http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/

Not yet done is all camel caps format.
 2012-09-18 15:30:32 +02:00
noud 253d8e1b58 Merge branch 'master' into develop 
Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/View/Events/view.ctp
 2012-09-17 13:02:53 +02:00
Christophe Vandeplas 35e1a455cd further cleanup of logo improvement 2012-08-31 10:45:54 +02:00
noud 4ae71fc963 Sync. 
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).

To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
 2012-08-28 15:36:14 +02:00
noud 8c1cfa731a loggable behaviour. 
some merge correction for events and servers, so we log again.
 2012-08-22 14:39:41 +02:00
noud cdc7484944 REST edit Event implementation. 
Now after publish, edit and (re)publish an event,
that event will be updated on the other servers.
 2012-08-07 11:57:52 +02:00
Andrzej Dereszowski 3ff180e898 Merge branch 'develop_0.2.2-0.2.3' into develop 
Conflicts:
	app/Config/Schema/schema_0.2.2.php
	app/Config/routes.php
	app/Controller/AppController.php
	app/Controller/UsersController.php
	app/Model/User.php
	app/README.txt
 2012-07-24 16:09:48 +02:00
noud 66c5312ea6 DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
root b4558887ce Revert "Audit and ACL first cut." 
This reverts commit 5818231f48.
 2012-06-26 09:40:52 +02:00
noud 5818231f48 Audit and ACL first cut. 2012-06-25 15:54:52 +02:00
Christophe Vandeplas 7cea666c9b fix an php error when importing attributes with incorrect type - 
category validation
 2012-06-13 16:02:27 +02:00
Christophe Vandeplas 957e4f232b minor memory usage improvements by referencing in foreach ($array as 
&$value) loop
 2012-06-11 11:40:31 +02:00
Christophe Vandeplas 39fb9bca1d Attribute types validation is now a separate function that uses the 
Attribute->type_definitions variable
 2012-05-31 17:12:26 +02:00
Christophe Vandeplas efa590de23 moved some functions around 2012-05-25 08:13:40 +02:00
Christophe Vandeplas cd30bb5d30 push / pull seems to work with attachment support. Lots of testing 
required.
 2012-05-23 16:32:46 +02:00
Christophe Vandeplas 6d8b0a98b0 attachment support in REST API 2012-05-22 13:58:37 +02:00
Christophe Vandeplas fa167bc2c8 . 2012-05-04 14:47:50 +02:00
Christophe Vandeplas f675d7d6d0 more fixes for the sync 2012-05-03 14:52:49 +02:00
Christophe Vandeplas 9e9837d59d Basic sync push seems to work 2012-05-03 14:32:49 +02:00
Christophe Vandeplas fb958eaacc Logging in for REST using Authorized HTTP header field. 2012-04-06 16:32:33 +02:00
Christophe Vandeplas a45b70bc8d Add, edit, delete and (basic) Manual Sync server functionality added 2012-04-04 20:22:22 +02:00
Christophe Vandeplas 2142585710 Implemented basics for private, nonsyncable, Events or Attributes. 2012-04-01 18:41:47 +02:00
Christophe Vandeplas 67d3a9f9d2 minor changes 2012-04-01 15:49:01 +02:00
Christophe Vandeplas aa8ba55dac First experimental test of importing events from a remote server. 
Only new events are imported.
 2012-03-31 19:06:43 +02:00