Sami Mokaddem
e13b4e7bc5
fix: [settings:settingField] Enforce sanitization of input fields
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 11:43:09 +01:00
Sami Mokaddem
336dfb091c
chg: [settingTable] Gracefully handle if file not writeable
2022-02-07 11:11:25 +01:00
Sami Mokaddem
14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
Sami Mokaddem
dfb8d73a92
fix: [userSettings] Renamed template to match the controller endpoint
2022-02-07 10:37:03 +01:00
iglocska
bc733e6704
Merge branch 'develop' into main
2022-02-07 02:15:15 +01:00
iglocska
c7b226f844
chg: [flood protection] added cleanup
2022-02-07 02:14:53 +01:00
iglocska
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
iglocska
d1cdbda972
fix: [migrations] initial schema migration fixed for upgrades
...
- check if a table has already been created and block the execution for instances that get updated from before the initial schema was retroactively added
2022-02-07 02:00:35 +01:00
iglocska
6a2b764b97
new: [flood protection] schema added
2022-02-07 01:59:58 +01:00
iglocska
a9c1619bda
new: [Exception] 429 added
2022-02-07 01:59:33 +01:00
iglocska
3b21a746b9
Merge branch 'main' into develop
2022-02-04 01:02:42 +01:00
iglocska
88f3cc7944
fix: [security] user settings allow enumeration of usernames
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
iglocska
a263234917
fix: [security] open endpoints should only be open when enabled
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
iglocska
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska
4a7183d63b
Merge branch 'main' of github.com:cerebrate-project/cerebrate into main
2022-02-03 23:56:39 +01:00
iglocska
e60d97c214
fix: [security] genericForm reflected XSS in form descriptions for user controlled descriptions
...
- accessible via the MISP local tool setting change
- sanitise the description
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-03 23:56:23 +01:00
Alexandre Dulaunoy
a7efe1faf9
Update INSTALL.md
2022-01-31 10:12:01 +01:00
iglocska
4cac47b631
Merge branch 'main' into develop
2022-01-31 09:36:15 +01:00
iglocska
5fbd53883f
fix: [sync] created field rules added
...
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska
a74b84caf5
Merge branch 'main' into develop
2022-01-28 00:51:47 +01:00
iglocska
8b6fc78695
fix: [generic fields] org field URL missing slash fixed
2022-01-28 00:51:09 +01:00
iglocska
4563a397bb
Merge branch 'develop' into main
2022-01-27 22:12:57 +01:00
iglocska
788feab011
chg: [Version] bump
2022-01-27 22:12:35 +01:00
iglocska
9dd488e766
fix: [login] hide keycloak login if keycloak login is disabled
2022-01-27 22:11:51 +01:00
iglocska
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
iglocska
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
iglocska
05daa5470a
fix: [sharing group form] default to own org as owner
...
- reconsider if this should be a configurable setting at all
2022-01-27 21:10:00 +01:00
iglocska
589f932fe9
chg: [form] dropdown default key added
2022-01-27 21:09:32 +01:00
iglocska
93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-27 21:00:32 +01:00
iglocska
c983c6f130
fix: [Keycloak baseurl] remove trailing slashes
2022-01-27 20:59:58 +01:00
iglocska
eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
...
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska
7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
...
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
Andras Iklody
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
Luciano Righetti
ac4275db10
chg: add wiremock stub verification
2022-01-27 15:43:33 +01:00
Luciano Righetti
2f659ff99f
fix: mixed up concepts
2022-01-27 11:29:30 +01:00
Luciano Righetti
f1b73c1a64
chg: do not exit 1 if wiremock was not running
2022-01-27 11:14:58 +01:00
Luciano Righetti
6f10a076a3
fix: mark test as incomplete (better).
2022-01-27 10:57:50 +01:00
Luciano Righetti
290baa2354
fix: mark test as skipped, not critical.
2022-01-27 10:50:13 +01:00
Sami Mokaddem
7de1c14407
chg: [userSettings:add] Adhere to the passed user context
2022-01-27 10:44:47 +01:00
Sami Mokaddem
dc8710d89e
fix: [users:view] Correctly reload authkey child panel when performing operations
2022-01-27 10:21:55 +01:00
Luciano Righetti
ed21afd3d8
fix: wrong namespaces
2022-01-27 09:30:00 +01:00
Sami Mokaddem
789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings
2022-01-27 08:41:31 +01:00
Sami Mokaddem
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
Sami Mokaddem
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
Luciano Righetti
d91a362e99
Merge branch 'develop' into add-inter-connection-tests
2022-01-26 15:31:49 +01:00
Luciano Righetti
2c101d6950
chg: clean test
2022-01-26 15:31:32 +01:00
iglocska
665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:29:53 +01:00
iglocska
95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit
...
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
2022-01-26 15:28:10 +01:00
Luciano Righetti
bd73b620cd
chg: add missing openapi endpoints for sync test
2022-01-26 15:19:23 +01:00