HybridAnalysis analyzer does not properly handle filenames on some cases #323
Comments
|
In fact, it seems more generic than that. Example below: {
"errorMessage": "Phrase 'DHL ITALY - Intraship Shipment Notification.bat' should be in double quote.",
"input": "{\"tlp\":2,\"parameters\":{},\"dataType\":\"filename\",\"config\":{\"check_tlp\":true,\"proxy_https\":null,\"max_tlp\":2,\"auto_extract_artifacts\":false,\"secret\":\"[REDACTED]\",\"proxy_http\":null,\"key\":\"REMOVED\"},\"message\":\"41907\",\"data\":\"DHL ITALY - Intraship Shipment Notification.bat\"}",
"success": false
} |
|
Will look into it, but right now it's too hot to do anything. :D |
3c7
added a commit
that referenced
this issue
Oct 23, 2018
|
Sorry, I forgot about this. :/ Fixed now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Type
Bug
Work Environment
(replace with N/A if not applicable)
Description
This is a follow up of TheHive-Project/TheHive#530.
On some cases, the HybridAnalys_GetReport analyzer fails when applied on a filename. I think this happens when the filename contains a
'character.Steps to Reproduce
Complementary information
Here is one result of this kind of analysis:
{ "errorMessage": "Phrase 'srilumpa's file' should be in double quote.", "input": "{\"tlp\":2,\"parameters\":{},\"dataType\":\"filename\",\"config\":{\"check_tlp\":true,\"proxy_https\":null,\"max_tlp\":2,\"auto_extract_artifacts\":false,\"secret\":\"[REDACTED]\",\"proxy_http\":null,\"key\":\"REMOVED\"},\"message\":\"\",\"data\":\"srilumpa's file\"}", "success": false }The text was updated successfully, but these errors were encountered: