#866 Prevent global failure on MISP synchronisation

TheHive-Project · Apr 16, 2020 · aab73ad · aab73ad
1 parent e832f7b
commit aab73ad
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 15 deletions.
diff --git a/thehive-misp/app/connectors/misp/MispSrv.scala b/thehive-misp/app/connectors/misp/MispSrv.scala
@@ -1,17 +1,16 @@
 package connectors.misp
 
 import java.util.Date
+
 import javax.inject.{Inject, Provider, Singleton}
 
 import scala.concurrent.{ExecutionContext, Future}
-
 import play.api.Logger
 import play.api.libs.json.JsLookupResult.jsLookupResultToJsLookup
 import play.api.libs.json.JsValue.jsValueToJsLookup
 import play.api.libs.json.Json.toJsFieldJsValueWrapper
 import play.api.libs.json._
 import play.api.libs.ws.WSBodyWritables.writeableOf_JsValue
-
 import akka.NotUsed
 import akka.stream.Materializer
 import akka.stream.scaladsl.{FileIO, Sink, Source}
@@ -21,11 +20,12 @@ import net.lingala.zip4j.core.ZipFile
 import net.lingala.zip4j.exception.ZipException
 import net.lingala.zip4j.model.FileHeader
 import services._
-
 import org.elastic4play.controllers.{Fields, FileInputValue}
 import org.elastic4play.services.{Attachment, AuthContext, TempSrv}
 import org.elastic4play.{InternalError, NotFoundError}
 
+import scala.util.Try
+
 @Singleton
 class MispSrv @Inject()(
     mispConfig: MispConfig,
@@ -69,13 +69,14 @@ class MispSrv @Inject()(
           .post(Json.obj("searchpublish_timestamp" → date))
       }
       .mapConcat { response ⇒
-        val eventJson = Json
-          .parse(response.body)
-          .asOpt[Seq[JsValue]]
-          .getOrElse {
-            logger.warn(s"Invalid MISP event format:\n${response.body}")
-            Nil
-          }
+        val eventJson = Try {
+          response
+            .body[JsValue]
+            .as[Seq[JsValue]]
+        }.getOrElse {
+          logger.warn(s"Invalid MISP event format:\n${response.body}")
+          Nil
+        }
         val events = eventJson
           .flatMap { j ⇒
             j.asOpt[MispAlert]
@@ -192,7 +193,7 @@ class MispSrv @Inject()(
           )
         )
         .set("tlp", tlp)
-      if attachment.isDefined != data.isDefined
+      if (attachment.isDefined && data.isEmpty) || (dataType != "file" && data.isDefined)
     } yield attachment.fold(Future.successful(fields.set("data", data.get)))(_.map { fiv ⇒
       fields.set("attachment", fiv)
     })) match {

diff --git a/thehive-misp/app/connectors/misp/MispSynchro.scala b/thehive-misp/app/connectors/misp/MispSynchro.scala
@@ -3,24 +3,22 @@ package connectors.misp
 import java.util.Date
 
 import javax.inject.{Inject, Provider, Singleton}
+
 import scala.collection.immutable
 import scala.concurrent.{ExecutionContext, Future}
 import scala.concurrent.duration._
 import scala.util.{Failure, Success, Try}
-
 import play.api.Logger
 import play.api.inject.ApplicationLifecycle
 import play.api.libs.json._
-
 import akka.NotUsed
 import akka.actor.ActorSystem
-import akka.stream.Materializer
+import akka.stream.{ActorAttributes, Materializer, Supervision}
 import akka.stream.scaladsl.{Sink, Source}
 import connectors.misp.JsonFormat.mispArtifactWrites
 import models.{Alert, AlertStatus, Artifact, CaseStatus}
 import services.{AlertSrv, ArtifactSrv, CaseSrv, UserSrv}
 import JsonFormat.mispAlertWrites
-
 import org.elastic4play.controllers.Fields
 import org.elastic4play.services.{Attachment, AuthContext, MigrationSrv, TempSrv}
 import org.elastic4play.utils.Collection
@@ -91,12 +89,14 @@ class MispSynchro @Inject()(
         case (mispConnection, lastSyncDate) ⇒
           synchronize(mispConnection, Some(lastSyncDate))
       }
+      .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
       .runWith(Sink.seq)
   }
 
   def fullSynchronize()(implicit authContext: AuthContext): Future[immutable.Seq[Try[Alert]]] =
     Source(mispConfig.connections.filter(_.canImport).toList)
       .flatMapConcat(mispConnection ⇒ synchronize(mispConnection, None))
+      .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
       .runWith(Sink.seq)
 
   def updateArtifacts(mispConnection: MispConnection, caseId: String, mispArtifacts: Seq[MispArtifact])(
@@ -112,6 +112,7 @@ class MispSynchro @Inject()(
         .map { artifact ⇒
           artifact.data().map(Left.apply).getOrElse(Right(artifact.attachment().get.name))
         }
+        .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
         .runWith(Sink.seq)
       newAttributes ← Future.traverse(mispArtifacts) {
         case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒