cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
993 Commits
12 Branches
30 Tags
21 MiB
Commit Graph

327 Commits (503b9e53b7be591cccd7ac93e0168ece492d28c7)

Author SHA1 Message Date
iglocska 4902a3f8a6
new: [password auth] added setting to disable password auth 
- not needed in some cases for keycloak enabled instances
 2022-02-25 00:33:00 +01:00
iglocska 678ad0fe8e
chg: [templates] for user creation now have a minimalist individiual creation included 2022-02-24 13:48:10 +01:00
iglocska 304586ff19
chg: [user] view add link to user's individual 2022-02-24 13:47:49 +01:00
iglocska 9245b2d720
fix: [genericTemplates] delete template can be invoked without an ID 2022-02-20 15:05:03 +01:00
iglocska 495c4ee93c
fix: [security] XSS in the generic action template 
- a previously assumed internal url can have user input appended via the MISP local tool connector
- requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads

- as reported by Dawid Czarcnecki of Zigrin Security
 2022-02-20 12:07:06 +01:00
Sami Mokaddem e13b4e7bc5
fix: [settings:settingField] Enforce sanitization of input fields 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 11:43:09 +01:00
Sami Mokaddem 14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 10:48:55 +01:00
Sami Mokaddem dfb8d73a92
fix: [userSettings] Renamed template to match the controller endpoint 2022-02-07 10:37:03 +01:00
iglocska e60d97c214
fix: [security] genericForm reflected XSS in form descriptions for user controlled descriptions 
- accessible via the MISP local tool setting change
- sanitise the description

- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-03 23:56:23 +01:00
iglocska 8b6fc78695
fix: [generic fields] org field URL missing slash fixed 2022-01-28 00:51:09 +01:00
iglocska 9dd488e766
fix: [login] hide keycloak login if keycloak login is disabled 2022-01-27 22:11:51 +01:00
iglocska 1ca0f21b86
chg: [user add] form defaults 
- org will default to own org for site admins
- role will default to the default role (if set)
 2022-01-27 21:54:59 +01:00
iglocska 05daa5470a
fix: [sharing group form] default to own org as owner 
- reconsider if this should be a configurable setting at all
 2022-01-27 21:10:00 +01:00
iglocska 589f932fe9
chg: [form] dropdown default key added 2022-01-27 21:09:32 +01:00
Sami Mokaddem 7de1c14407
chg: [userSettings:add] Adhere to the passed user context 2022-01-27 10:44:47 +01:00
Sami Mokaddem dc8710d89e
fix: [users:view] Correctly reload authkey child panel when performing operations 2022-01-27 10:21:55 +01:00
Sami Mokaddem 789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings 2022-01-27 08:41:31 +01:00
Sami Mokaddem 54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 12:11:53 +01:00
Sami Mokaddem f53b458103
fix: [userSettings] Allow admin to edit other user's settings 2022-01-26 12:11:44 +01:00
iglocska acc9c94baa
Merge branch 'main' into develop 2022-01-25 15:59:31 +01:00
Sami Mokaddem 578eacfd89
fix: [templates:common] Removed extra closing tag 2022-01-25 15:02:58 +01:00
Sami Mokaddem 4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception 2022-01-25 15:02:30 +01:00
Sami Mokaddem 6005552e76
fix: [genericElements:tags] List tags when editing an entity 2022-01-25 15:02:04 +01:00
Sami Mokaddem a7e2fb2ea7
chg: [auditlog:index] Break text in changed column 2022-01-25 15:01:48 +01:00
iglocska e9f77aff51
Merge branch 'develop' into main 2022-01-25 11:36:06 +01:00
iglocska 57e2c75352
fix: [users] role based action filtering added 
- to avoid annoying clickable, but blocked actions for og admins
 2022-01-25 11:34:22 +01:00
Andras Iklody 80cd93da40
Merge pull request #80 from righel/add-integration-tests 
Add integration tests
 2022-01-19 16:25:19 +01:00
Sami Mokaddem 1d7fc00a65
chg: [layout:header-profile] Improved spacing 2022-01-19 09:33:57 +01:00
Luciano Righetti ee5c723c71 Merge branch 'develop' into add-integration-tests 2022-01-18 18:11:53 +01:00
iglocska dbaa2ba7b3
fix: [encryption keys] several fixes 
- fix the user view to correctly point to the list of related encryption keys
- fix the lookup on the index to be based on owner_model + owner_id combo
- fix the filtering of the dropdown in the encryption key add form to only valid options
 2022-01-18 16:56:38 +01:00
Luciano Righetti f48c1a5a17 Merge branch 'develop' into add-integration-tests 2022-01-18 14:29:54 +01:00
Sami Mokaddem 46870a4bcc
fix: [organisation:add] Removed useless description field 2022-01-17 15:45:51 +01:00
iglocska 0328bfed46
fix: [inividuals] add shouldn't have the tagging options 
- can't tag that which does not exist yet
 2022-01-17 13:20:34 +01:00
iglocska 244020802c
Merge branch 'main' into develop 2022-01-17 13:17:51 +01:00
iglocska 453c838dfe
fix: [placeholder removed] WiP functionality for local_tool->local_tool connections within the same brood temporarily removed 
- was never fully implemented
 2022-01-17 13:15:26 +01:00
iglocska b4534c373b
fix: [organisation] add/edit doesn't save URL 2022-01-17 12:53:14 +01:00
Sami Mokaddem f18307b3cb
chg: [localTools:local_tool_connectors] Added support of CodeMirror placeholder 2022-01-17 11:30:26 +01:00
Sami Mokaddem aeaa833f64
new: [CodeMirror] Shows a placeholder whenever the textarea is empty 2022-01-17 11:29:50 +01:00
iglocska 12d7607aae
new: [encryption key] view added 
- was missing, despite links to it
 2022-01-17 09:45:45 +01:00
Luciano Righetti a69608530c new: add /api openapi spec view with redoc, add faker to fixtures, validate api responses with openapi spec, add /api/v1/ prefix to api routes 2022-01-07 13:45:52 +01:00
Sami Mokaddem 30ec856dc3
fix: [local_tool:batchApiAction] Various UI and backend fixes 2021-12-21 12:36:36 +01:00
iglocska bb3b264cfb
fix: [sharing group index] fixed members link 2021-12-05 00:02:33 +01:00
iglocska 5041a57e08
fix: [sharing groups] index members column fixed 2021-12-04 23:58:42 +01:00
iglocska 332f374e01
chg: [sharing group index] add button now has the new checkaccess conditions applied 2021-12-01 14:26:20 +01:00
iglocska 2406e31b72
fix: [user add] form fixes 2021-11-26 10:53:24 +01:00
iglocska 2eb2459936
fix: [forms] added missing password form field 2021-11-26 10:52:44 +01:00
iglocska 15d738aa77
fix: [forms] dropdowns overriding values from request 2021-11-26 10:51:58 +01:00
iglocska cc5c750de8
chg: [audit log] change field renamed to changed 
- change is a reserved keyword
- this way quoting of field names is no longer needed in the cakePHP settings
 2021-11-25 00:57:31 +01:00
iglocska a4f6e06e7a
fix: [roles index] correctly allow site admins to modify / remove roles 2021-11-25 00:55:36 +01:00
Sami Mokaddem e8e1a16673
chg: [search_all] Added drafty support of meta-fields 2021-11-24 22:39:22 +01:00