iglocska
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska
4a7183d63b
Merge branch 'main' of github.com:cerebrate-project/cerebrate into main
2022-02-03 23:56:39 +01:00
iglocska
e60d97c214
fix: [security] genericForm reflected XSS in form descriptions for user controlled descriptions
...
- accessible via the MISP local tool setting change
- sanitise the description
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-03 23:56:23 +01:00
Alexandre Dulaunoy
a7efe1faf9
Update INSTALL.md
2022-01-31 10:12:01 +01:00
iglocska
4cac47b631
Merge branch 'main' into develop
2022-01-31 09:36:15 +01:00
iglocska
5fbd53883f
fix: [sync] created field rules added
...
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska
a74b84caf5
Merge branch 'main' into develop
2022-01-28 00:51:47 +01:00
iglocska
8b6fc78695
fix: [generic fields] org field URL missing slash fixed
2022-01-28 00:51:09 +01:00
iglocska
4563a397bb
Merge branch 'develop' into main
2022-01-27 22:12:57 +01:00
iglocska
788feab011
chg: [Version] bump
2022-01-27 22:12:35 +01:00
iglocska
9dd488e766
fix: [login] hide keycloak login if keycloak login is disabled
2022-01-27 22:11:51 +01:00
iglocska
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
iglocska
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
iglocska
05daa5470a
fix: [sharing group form] default to own org as owner
...
- reconsider if this should be a configurable setting at all
2022-01-27 21:10:00 +01:00
iglocska
589f932fe9
chg: [form] dropdown default key added
2022-01-27 21:09:32 +01:00
iglocska
93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-27 21:00:32 +01:00
iglocska
c983c6f130
fix: [Keycloak baseurl] remove trailing slashes
2022-01-27 20:59:58 +01:00
iglocska
eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
...
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska
7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
...
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
Andras Iklody
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
Luciano Righetti
ac4275db10
chg: add wiremock stub verification
2022-01-27 15:43:33 +01:00
Luciano Righetti
2f659ff99f
fix: mixed up concepts
2022-01-27 11:29:30 +01:00
Luciano Righetti
f1b73c1a64
chg: do not exit 1 if wiremock was not running
2022-01-27 11:14:58 +01:00
Luciano Righetti
6f10a076a3
fix: mark test as incomplete (better).
2022-01-27 10:57:50 +01:00
Luciano Righetti
290baa2354
fix: mark test as skipped, not critical.
2022-01-27 10:50:13 +01:00
Sami Mokaddem
7de1c14407
chg: [userSettings:add] Adhere to the passed user context
2022-01-27 10:44:47 +01:00
Sami Mokaddem
dc8710d89e
fix: [users:view] Correctly reload authkey child panel when performing operations
2022-01-27 10:21:55 +01:00
Luciano Righetti
ed21afd3d8
fix: wrong namespaces
2022-01-27 09:30:00 +01:00
Sami Mokaddem
789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings
2022-01-27 08:41:31 +01:00
Sami Mokaddem
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
Sami Mokaddem
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
Luciano Righetti
d91a362e99
Merge branch 'develop' into add-inter-connection-tests
2022-01-26 15:31:49 +01:00
Luciano Righetti
2c101d6950
chg: clean test
2022-01-26 15:31:32 +01:00
iglocska
665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:29:53 +01:00
iglocska
95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit
...
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
2022-01-26 15:28:10 +01:00
Luciano Righetti
bd73b620cd
chg: add missing openapi endpoints for sync test
2022-01-26 15:19:23 +01:00
Sami Mokaddem
2602b60eb0
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:12:46 +01:00
iglocska
006b0aab99
chg: [MISP connector] user edit/delete temporarily commented out as they're not implemented yet
2022-01-26 15:05:38 +01:00
Sami Mokaddem
d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:59:57 +01:00
iglocska
519fcd2b1a
fix: [lax URL validation] added for Broodstable
...
- can be reused elsewhere too
- allows for http://hostname style urls
2022-01-26 14:57:43 +01:00
iglocska
f695744bd7
fix: [user view] ACL fixed
2022-01-26 14:57:01 +01:00
iglocska
b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit
2022-01-26 14:55:47 +01:00
Sami Mokaddem
74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:54:03 +01:00
iglocska
4b5bccae28
chg: [Organisation] Entity accessibility rules
...
- make created only accessible when creating new objects
2022-01-26 14:24:53 +01:00
iglocska
c186c88d5c
chg: [navigation] Breadcrumb generation is user aware
...
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
2022-01-26 14:21:27 +01:00
iglocska
9a0ddef2af
new: [ACL] added canEditUser() function
...
- simple comparison between two users
- checks role + org based permission
2022-01-26 14:16:28 +01:00
Sami Mokaddem
54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 12:11:53 +01:00
Sami Mokaddem
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
Luciano Righetti
4c60fa0017
chg: tighten tests assertions
2022-01-26 11:00:48 +01:00
Luciano Righetti
d18471ba95
fix: failing when request is empty json object
2022-01-25 18:02:41 +01:00