Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Mailer Responder is checking for recipient tags starting with "mail:" #847

Open
jan4401 opened this issue Sep 8, 2020 · 3 comments
Open

[Bug] Mailer Responder is checking for recipient tags starting with "mail:" #847

jan4401 opened this issue Sep 8, 2020 · 3 comments
Labels
category:bug Issue is related to a bug

Comments

@jan4401
Copy link
Contributor

jan4401 commented Sep 8, 2020

Describe the bug
The Mailer Responder checks the tags list for the recipient mail address.
In line 43 it checks for tags starting with "mail:" but with TheHive 4.0 the tags are using equal signs and not colons: "mail="
When using colons instead of equal signs in TheHive 4.0 it's automatically converted into an equal sign.

To Reproduce
Steps to reproduce the behavior:

  1. Configure Mailer 1.0 Responder
  2. Create Case
  3. Create Tag: "mail:[email protected]"
  4. Start Responder Mailer for this case.
  5. Check Result of Responder for Error Message: recipient address not found in tags

Expected behavior
Normally the email tag should be detected by the responder python script.

Complementary information
Before clicking on the green hook:
image
After clicking:
image

Work environment

  • Cortex version: 3.0.1-1
  • TheHive version: 4.0.0-1
  • Cortex Analyzer/Responder name: Mailer
  • Cortex Analyzer/Responder version: 1.0

Possible solutions
Change Line 43 from

t.startswith("mail:")

to

t.startswith("mail=")

Additional context
Could not test with TheHive 3.x.
@jan4401 jan4401 added the category:bug Issue is related to a bug label Sep 8, 2020
jan4401 added a commit to jan4401/Cortex-Analyzers that referenced this issue Sep 8, 2020
@jan4401
TheHive4: equal signs instead of colons for tags
60115aa 
TheHive4 does use equal signs instead of colons for tags
See issue: TheHive-Project#847
@jan4401 jan4401 mentioned this issue Sep 8, 2020
Merged
@jan4401
Copy link
Contributor Author

jan4401 commented Sep 8, 2020

see pull rquest #848

@dadokkio dadokkio mentioned this issue Sep 16, 2020
Closed
@viszsec
Copy link

viszsec commented Oct 21, 2020

any solutions to this so far?

@dadokkio
Copy link
Contributor

The pull proposed by @jan4401 is working. At the moment has been just merged in develop but you can test it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:bug Issue is related to a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dadokkio @viszsec @jan4401