Light

anttikurittu / kirjuri Goto Github PK

View Code? Open in Web Editor NEW

107.0 28.0 32.0 21.17 MB

Kirjuri is a web application for managing cases and physical forensic evidence items.

Home Page: http://kirjuri.kurittu.org/

License: MIT License

PHP 4.85% HTML 25.96% CSS 8.78% JavaScript 50.67% Twig 6.30% Less 1.71% SCSS 1.73%

kirjuri's Introduction

SECURITY UPDATE (7.5.2021)

As this project has been inactive for years, it was inevitable that some of the dependencies will become out of date. There are several security vulnerabilities in the dependencies involved, and some of the dependencies, like Twig, don't play nice with the newest version of PHP. IF you wish to install and use Kirjuri, please update the dependencies manually & make sure you install it in a safe environment. The original advice was to install in an [air-gapped environment](https://en.wikipedia.org/wiki/Air_gap_(networking) and this advice still stands.

As always, I can not guarantee the security of this software, and any users will be solely responsible of configuring it securely before using. There have been several attempts by well-meaning individuals to develop this project further, but they have all been deterred from it by the quality of the code and the lack of proper commenting.

Use Kirjuri at your own risk.

Kirjuri

Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large (or small!) number of devices submitted for forensic analysis. Kirjuri requires PHP7.

See the official Kirjuri home page for more details.

NOTICE: Kirjuri is no longer actively developed since 09/2017, as I don't have time for this project anymore. If you are interested in developing this tool further, please contact me.

OVERVIEW & LICENSE

Kirjuri is developed by Antti Kurittu. It was started at the Helsinki Police Department as an internal tool. Original development released under the MIT license. Some components are distributed with their own licenses, please see folders & help for details.

CHANGELOG

see CHANGELOG.md

LOOKING TO PARTICIPATE?

Everyone interested is encouraged to submit code and enhancements. If you don't feel confident submitting code, you can submit lanugage files and localized lists of devices etc. These will gladly be accepted.

SCREENSHOTS

kirjuri's People

Contributors

Stargazers

Watchers

kirjuri's Issues

Event time to basic info page

Crime list prone to XSS

The way the list of crimes is handled (raw concatenation inside script tags in base.html) is prone to an XSS attack if someone is able to add code to the autofill list.

LDAP Error

How can i check the LDAP configuration and error log ?
Found: /logs/kirjuri.log

ldap_connect(): Could not create session handle: Bad parameter to an ldap routine, File: /home/xxx/www/web/include_functions.php, line 171";/submit.php?type=login;192.168.2.9;-;Session ID: -;-;

Language files are needlessly complicated

I'm working on replacing the numbers with natural language variables to make the code readable - moving from hardcoded finnish to a language file was a rush job.

Better handling for file downloads

Create a download file handler that serves attachment files as attachments instead of letting the browser deal with the file type.

Insecure dependencies

Kirjuri has several insecure dependencies. These will not be fixed by me, since I do not develop this project anymore.

If you install Kirjuri, update the dependencies to latest versions using Composer or directly pulling fixed versions to their corresponding locations. Install Kirjuri in a secure environment, and make sure it is not available to the internet.

Code is mixed language

The code was originally just for internal use, so a lot of the variables and other stuff is in finnish. That needs to be fixed.

User sessions strict logoff

Current implementation of user session tracking will log off all concurrent same-user sessions when one session logs off. This is problematic for the live demo version, the anonymous account and shared accounts.

Localized lists in settings.conf

These should be moved under the language files.

No user management

Kirjuri has no user / permissions management right now. Will look into user frameworks and implement one of those.

Automatic "alarm" for cases without update in xyz-days

maybe re-color case to new if there is not any updates to case in 3 mounth

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.