cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
959 Commits
12 Branches
30 Tags
21 MiB
Commit Graph

461 Commits (ad3e89199bb6243cdffd6029ef1d620d5e8009b7)

Author SHA1 Message Date
Sami Mokaddem ad3e89199b
chg: [settingTable] Added value validation before saving the setting 2022-02-07 12:01:07 +01:00
Sami Mokaddem 336dfb091c
chg: [settingTable] Gracefully handle if file not writeable 2022-02-07 11:11:25 +01:00
Sami Mokaddem 14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 10:48:55 +01:00
iglocska c7b226f844
chg: [flood protection] added cleanup 2022-02-07 02:14:53 +01:00
iglocska d45a4dc499
new: [registration] added optional registration flood protection 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 02:03:41 +01:00
iglocska e6643365d2
new: [flood protection] behaviour added 
simple expiration system to allow flood protections to be added to any functionality
 2022-02-07 02:01:59 +01:00
iglocska a9c1619bda
new: [Exception] 429 added 2022-02-07 01:59:33 +01:00
iglocska 88f3cc7944
fix: [security] user settings allow enumeration of usernames 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:45:42 +01:00
iglocska a263234917
fix: [security] open endpoints should only be open when enabled 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:36:31 +01:00
iglocska 15190b930e
fix: [security] Sharing group ACL fixes 
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg

- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:16:24 +01:00
iglocska 5fbd53883f
fix: [sync] created field rules added 
- should stop issues of SG/Individual downloads from remote brood
 2022-01-31 09:35:33 +01:00
iglocska 788feab011
chg: [Version] bump 2022-01-27 22:12:35 +01:00
iglocska cf67c3d1f0
fix: [roles] setting default should be exclusive 
- added aftersave action to remove default from other roles
 2022-01-27 22:06:26 +01:00
iglocska 1ca0f21b86
chg: [user add] form defaults 
- org will default to own org for site admins
- role will default to the default role (if set)
 2022-01-27 21:54:59 +01:00
iglocska 93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-27 21:00:32 +01:00
iglocska c983c6f130
fix: [Keycloak baseurl] remove trailing slashes 2022-01-27 20:59:58 +01:00
iglocska eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation 
- opens it up for modifications by the hooking functions
 2022-01-27 20:59:20 +01:00
iglocska 7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting 
- allows us to modify a value in the processing steps before the value is committed to disk
 2022-01-27 20:57:35 +01:00
Andras Iklody 6443f36650
Merge pull request #86 from righel/add-inter-connection-tests 
Add inter-connection test
 2022-01-27 16:13:35 +01:00
Sami Mokaddem 7de1c14407
chg: [userSettings:add] Adhere to the passed user context 2022-01-27 10:44:47 +01:00
Sami Mokaddem 789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings 2022-01-27 08:41:31 +01:00
Sami Mokaddem 2e7aabf704
fix: [users:toggle] Prevent users to disable admins 2022-01-26 16:10:33 +01:00
Sami Mokaddem fcffad6777
fix: [users:delete] Typo copy paste error 2022-01-26 15:45:57 +01:00
Luciano Righetti d91a362e99 Merge branch 'develop' into add-inter-connection-tests 2022-01-26 15:31:49 +01:00
iglocska 665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 15:29:53 +01:00
iglocska 95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit 
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
 2022-01-26 15:28:10 +01:00
Sami Mokaddem 2602b60eb0
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 15:12:46 +01:00
iglocska 006b0aab99
chg: [MISP connector] user edit/delete temporarily commented out as they're not implemented yet 2022-01-26 15:05:38 +01:00
Sami Mokaddem d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 14:59:57 +01:00
iglocska 519fcd2b1a
fix: [lax URL validation] added for Broodstable 
- can be reused elsewhere too
- allows for http://hostname style urls
 2022-01-26 14:57:43 +01:00
iglocska f695744bd7
fix: [user view] ACL fixed 2022-01-26 14:57:01 +01:00
iglocska b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit 2022-01-26 14:55:47 +01:00
Sami Mokaddem 74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 14:54:03 +01:00
iglocska 4b5bccae28
chg: [Organisation] Entity accessibility rules 
- make created only accessible when creating new objects
 2022-01-26 14:24:53 +01:00
iglocska c186c88d5c
chg: [navigation] Breadcrumb generation is user aware 
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
 2022-01-26 14:21:27 +01:00
iglocska 9a0ddef2af
new: [ACL] added canEditUser() function 
- simple comparison between two users
- checks role + org based permission
 2022-01-26 14:16:28 +01:00
Sami Mokaddem 54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 12:11:53 +01:00
Sami Mokaddem f53b458103
fix: [userSettings] Allow admin to edit other user's settings 2022-01-26 12:11:44 +01:00
Luciano Righetti d18471ba95 fix: failing when request is empty json object 2022-01-25 18:02:41 +01:00
iglocska 19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable 2022-01-25 17:09:29 +01:00
iglocska 1086e41086
fix: [modified] saving fixed for sync captures 
- set the field as not dirty to force an update
- stops the exceptions thrown on pulling these objects in
 2022-01-25 17:01:27 +01:00
iglocska acc9c94baa
Merge branch 'main' into develop 2022-01-25 15:59:31 +01:00
iglocska 55782af52b
fix: [users] add 
- fixed role selection
 2022-01-25 15:58:31 +01:00
Sami Mokaddem 44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users 2022-01-25 15:27:34 +01:00
Sami Mokaddem e05bf61251
chg: [inbox:createEntry] Checks for remote back connection is more flexible 
Handle the case of trailing slash
 2022-01-25 15:02:52 +01:00
Sami Mokaddem eef09f44c4
chg: [brood:connectionTest] Correctly handles network exceptions 2022-01-25 15:02:35 +01:00
Sami Mokaddem 4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception 2022-01-25 15:02:30 +01:00
Sami Mokaddem 7d227a4387
chg: [inbox:index] Sort messages by created datetime 2022-01-25 15:02:25 +01:00
Sami Mokaddem dc2bfcb6b2
fix: [components:CRUD] Support of controller's paginate public variable 2022-01-25 15:02:16 +01:00
iglocska e9f77aff51
Merge branch 'develop' into main 2022-01-25 11:36:06 +01:00