iglocska
6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed
...
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:21:29 +01:00
iglocska
b41b0dd712
fix: [security] privilege escalation via user edit fixed
...
- org admins could circumvent the role restrictions and elevate themselves to a site admin
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:02:49 +01:00
iglocska
2da9d8f7d2
new: [keycloak] log enrollment outcome in the audit log
2022-02-18 11:47:33 +01:00
Sami Mokaddem
20907a45da
chg: [organisation] Removed useless class variable
2022-02-09 15:41:58 +01:00
Sami Mokaddem
d8807cce92
chg: [behavior:meta-fields] Renamed finder function
2022-02-09 15:18:24 +01:00
Sami Mokaddem
28aabe3b08
chg: [libraries:meta-template] Bumped version
2022-02-09 15:12:32 +01:00
Sami Mokaddem
ec37a637f8
chg: [header] moved inline style in css file
2022-02-09 09:51:21 +01:00
Sami Mokaddem
e67c711935
chg: [notifications] Slightly improved UI
2022-02-09 09:30:59 +01:00
Sami Mokaddem
a77e29fa38
new: [layout:sidebar] Notifications in the sidebar
2022-02-08 17:58:30 +01:00
Sami Mokaddem
d1cf408163
new: [helpers:bootstrap] Added notification bubble
2022-02-08 17:57:20 +01:00
iglocska
f24e7bc4c2
Merge branch 'develop' into main
2022-02-08 11:06:51 +01:00
Sami Mokaddem
62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-08 08:42:25 +01:00
Sami Mokaddem
b01d75aaa6
fix: [helpers:bootstrap] Support of cell variant in table
2022-02-07 13:25:33 +01:00
Sami Mokaddem
ad3e89199b
chg: [settingTable] Added value validation before saving the setting
2022-02-07 12:01:07 +01:00
Sami Mokaddem
e13b4e7bc5
fix: [settings:settingField] Enforce sanitization of input fields
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 11:43:09 +01:00
Sami Mokaddem
336dfb091c
chg: [settingTable] Gracefully handle if file not writeable
2022-02-07 11:11:25 +01:00
Sami Mokaddem
14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
Sami Mokaddem
dfb8d73a92
fix: [userSettings] Renamed template to match the controller endpoint
2022-02-07 10:37:03 +01:00
iglocska
bc733e6704
Merge branch 'develop' into main
2022-02-07 02:15:15 +01:00
iglocska
c7b226f844
chg: [flood protection] added cleanup
2022-02-07 02:14:53 +01:00
iglocska
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
iglocska
d1cdbda972
fix: [migrations] initial schema migration fixed for upgrades
...
- check if a table has already been created and block the execution for instances that get updated from before the initial schema was retroactively added
2022-02-07 02:00:35 +01:00
iglocska
6a2b764b97
new: [flood protection] schema added
2022-02-07 01:59:58 +01:00
iglocska
a9c1619bda
new: [Exception] 429 added
2022-02-07 01:59:33 +01:00
iglocska
3b21a746b9
Merge branch 'main' into develop
2022-02-04 01:02:42 +01:00
iglocska
88f3cc7944
fix: [security] user settings allow enumeration of usernames
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
iglocska
a263234917
fix: [security] open endpoints should only be open when enabled
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
iglocska
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska
4a7183d63b
Merge branch 'main' of github.com:cerebrate-project/cerebrate into main
2022-02-03 23:56:39 +01:00
iglocska
e60d97c214
fix: [security] genericForm reflected XSS in form descriptions for user controlled descriptions
...
- accessible via the MISP local tool setting change
- sanitise the description
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-03 23:56:23 +01:00
Alexandre Dulaunoy
a7efe1faf9
Update INSTALL.md
2022-01-31 10:12:01 +01:00
iglocska
4cac47b631
Merge branch 'main' into develop
2022-01-31 09:36:15 +01:00
iglocska
5fbd53883f
fix: [sync] created field rules added
...
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska
a74b84caf5
Merge branch 'main' into develop
2022-01-28 00:51:47 +01:00
iglocska
8b6fc78695
fix: [generic fields] org field URL missing slash fixed
2022-01-28 00:51:09 +01:00
iglocska
4563a397bb
Merge branch 'develop' into main
2022-01-27 22:12:57 +01:00
iglocska
788feab011
chg: [Version] bump
2022-01-27 22:12:35 +01:00
iglocska
9dd488e766
fix: [login] hide keycloak login if keycloak login is disabled
2022-01-27 22:11:51 +01:00
iglocska
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
iglocska
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
iglocska
05daa5470a
fix: [sharing group form] default to own org as owner
...
- reconsider if this should be a configurable setting at all
2022-01-27 21:10:00 +01:00
iglocska
589f932fe9
chg: [form] dropdown default key added
2022-01-27 21:09:32 +01:00
iglocska
93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-27 21:00:32 +01:00
iglocska
c983c6f130
fix: [Keycloak baseurl] remove trailing slashes
2022-01-27 20:59:58 +01:00
iglocska
eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
...
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska
7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
...
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
Andras Iklody
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
Luciano Righetti
ac4275db10
chg: add wiremock stub verification
2022-01-27 15:43:33 +01:00
Luciano Righetti
2f659ff99f
fix: mixed up concepts
2022-01-27 11:29:30 +01:00