Commit Graph

1194 Commits (b90e563aecf1b36cbe0ad573c85e5cdf96f0a791)

Author SHA1 Message Date
iglocska 6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created

- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:21:29 +01:00
iglocska b41b0dd712
fix: [security] privilege escalation via user edit fixed
- org admins could circumvent the role restrictions and elevate themselves to a site admin

- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:02:49 +01:00
iglocska 2da9d8f7d2
new: [keycloak] log enrollment outcome in the audit log 2022-02-18 11:47:33 +01:00
Sami Mokaddem 20907a45da
chg: [organisation] Removed useless class variable 2022-02-09 15:41:58 +01:00
Sami Mokaddem d8807cce92
chg: [behavior:meta-fields] Renamed finder function 2022-02-09 15:18:24 +01:00
Sami Mokaddem 28aabe3b08
chg: [libraries:meta-template] Bumped version 2022-02-09 15:12:32 +01:00
Sami Mokaddem ec37a637f8
chg: [header] moved inline style in css file 2022-02-09 09:51:21 +01:00
Sami Mokaddem e67c711935
chg: [notifications] Slightly improved UI 2022-02-09 09:30:59 +01:00
Sami Mokaddem a77e29fa38
new: [layout:sidebar] Notifications in the sidebar 2022-02-08 17:58:30 +01:00
Sami Mokaddem d1cf408163
new: [helpers:bootstrap] Added notification bubble 2022-02-08 17:57:20 +01:00
iglocska f24e7bc4c2
Merge branch 'develop' into main 2022-02-08 11:06:51 +01:00
Sami Mokaddem 62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-08 08:42:25 +01:00
Sami Mokaddem b01d75aaa6
fix: [helpers:bootstrap] Support of cell variant in table 2022-02-07 13:25:33 +01:00
Sami Mokaddem ad3e89199b
chg: [settingTable] Added value validation before saving the setting 2022-02-07 12:01:07 +01:00
Sami Mokaddem e13b4e7bc5
fix: [settings:settingField] Enforce sanitization of input fields
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 11:43:09 +01:00
Sami Mokaddem 336dfb091c
chg: [settingTable] Gracefully handle if file not writeable 2022-02-07 11:11:25 +01:00
Sami Mokaddem 14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
Sami Mokaddem dfb8d73a92
fix: [userSettings] Renamed template to match the controller endpoint 2022-02-07 10:37:03 +01:00
iglocska bc733e6704
Merge branch 'develop' into main 2022-02-07 02:15:15 +01:00
iglocska c7b226f844
chg: [flood protection] added cleanup 2022-02-07 02:14:53 +01:00
iglocska d45a4dc499
new: [registration] added optional registration flood protection
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska e6643365d2
new: [flood protection] behaviour added
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
iglocska d1cdbda972
fix: [migrations] initial schema migration fixed for upgrades
- check if a table has already been created and block the execution for instances that get updated from before the initial schema was retroactively added
2022-02-07 02:00:35 +01:00
iglocska 6a2b764b97
new: [flood protection] schema added 2022-02-07 01:59:58 +01:00
iglocska a9c1619bda
new: [Exception] 429 added 2022-02-07 01:59:33 +01:00
iglocska 3b21a746b9
Merge branch 'main' into develop 2022-02-04 01:02:42 +01:00
iglocska 88f3cc7944
fix: [security] user settings allow enumeration of usernames
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
iglocska a263234917
fix: [security] open endpoints should only be open when enabled
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
iglocska 15190b930e
fix: [security] Sharing group ACL fixes
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg

- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska 4a7183d63b
Merge branch 'main' of github.com:cerebrate-project/cerebrate into main 2022-02-03 23:56:39 +01:00
iglocska e60d97c214
fix: [security] genericForm reflected XSS in form descriptions for user controlled descriptions
- accessible via the MISP local tool setting change
- sanitise the description

- as reported by Dawid Czarnecki from Zigrin Security
2022-02-03 23:56:23 +01:00
Alexandre Dulaunoy a7efe1faf9
Update INSTALL.md 2022-01-31 10:12:01 +01:00
iglocska 4cac47b631
Merge branch 'main' into develop 2022-01-31 09:36:15 +01:00
iglocska 5fbd53883f
fix: [sync] created field rules added
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska a74b84caf5
Merge branch 'main' into develop 2022-01-28 00:51:47 +01:00
iglocska 8b6fc78695
fix: [generic fields] org field URL missing slash fixed 2022-01-28 00:51:09 +01:00
iglocska 4563a397bb
Merge branch 'develop' into main 2022-01-27 22:12:57 +01:00
iglocska 788feab011
chg: [Version] bump 2022-01-27 22:12:35 +01:00
iglocska 9dd488e766
fix: [login] hide keycloak login if keycloak login is disabled 2022-01-27 22:11:51 +01:00
iglocska cf67c3d1f0
fix: [roles] setting default should be exclusive
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
iglocska 1ca0f21b86
chg: [user add] form defaults
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
iglocska 05daa5470a
fix: [sharing group form] default to own org as owner
- reconsider if this should be a configurable setting at all
2022-01-27 21:10:00 +01:00
iglocska 589f932fe9
chg: [form] dropdown default key added 2022-01-27 21:09:32 +01:00
iglocska 93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-27 21:00:32 +01:00
iglocska c983c6f130
fix: [Keycloak baseurl] remove trailing slashes 2022-01-27 20:59:58 +01:00
iglocska eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska 7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
Andras Iklody 6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
Add inter-connection test
2022-01-27 16:13:35 +01:00
Luciano Righetti ac4275db10 chg: add wiremock stub verification 2022-01-27 15:43:33 +01:00
Luciano Righetti 2f659ff99f fix: mixed up concepts 2022-01-27 11:29:30 +01:00