Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Observables not being displayed #655

Closed
jcoignet opened this issue Jul 27, 2018 · 8 comments
Closed

Observables not being displayed #655

jcoignet opened this issue Jul 27, 2018 · 8 comments
Labels
bug

Comments

@jcoignet
Copy link

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian 8
OS version (client) Win 10
TheHive version / git hash 3.0.5 and 3.0.10
Package Type From source
Browser type & version Chrome & Firefox

Problem Description

On some cases, the number of Observables is displayed but they do not show when clicking on the tab.

/api/case/CASE_ID/links returns 500

screenshot

Complementary information

TheHive was in version 3.0.5 when this problem first occured, updating to 3.0.10 didn't fix it.
This problem only occurs on a few cases.
maxSimilarCases has been set to 2000 in application.conf, could the request fail if there are too many similar observables ?

Doing a POST request with curl to https://redacted/api/case/artifact/_search successfully returns the case artifacts.

From browser console :

  • Version 3.0.5
    GET hxxps://redacted/api/case/AWTIWoAAWHpZf-A92woe/links 500 (Internal Server Error)

  • Version 3.0.10
    GET hxxps://redacted/api/case/AWTIWoAAWHpZf-A92woe/links 500 (Internal Server Error)
    TypeError: Cannot read property 'type' of null
    at scripts.96c75c38.js:6
    at vendor.8cb403e6.js:6
    at g (vendor.8cb403e6.js:6)
    at vendor.8cb403e6.js:6
    at o.$eval (vendor.8cb403e6.js:6)
    at o.$digest (vendor.8cb403e6.js:6)
    at o.$apply (vendor.8cb403e6.js:6)
    at i (vendor.8cb403e6.js:6)
    at u (vendor.8cb403e6.js:6)
    at XMLHttpRequest.y (vendor.8cb403e6.js:6)

syslog :

Jul 25 17:40:44 redacted thehive[22758]: [#33[37minfo#033[0m] o.e.ErrorHandler - GET /api/case/AWTIWoAAWHpZf-A92woe/links returned 500
Jul 25 17:40:44 redacted thehive[22758]: java.lang.RuntimeException:
Jul 25 17:40:44 redacted thehive[22758]: at scala.sys.package$.error(package.scala:27)
Jul 25 17:40:44 redacted thehive[22758]: at services.ArtifactSrv.similarArtifactFilter(ArtifactSrv.scala:125)
Jul 25 17:40:44 redacted thehive[22758]: at services.ArtifactSrv.findSimilar(ArtifactSrv.scala:113)
Jul 25 17:40:44 redacted thehive[22758]: at services.CaseSrv.$anonfun$linkedCases$1(CaseSrv.scala:153)
Jul 25 17:40:44 redacted thehive[22758]: at akka.stream.impl.fusing.Map$$anon$7.onPush(Ops.scala:47)
Jul 25 17:40:44 redacted thehive[22758]: at akka.stream.impl.fusing.GraphInterpreter.processPush(GraphInterpreter.scala:499)
Jul 25 17:40:44 redacted thehive[22758]: at akka.stream.impl.fusing.GraphInterpreter.execute(GraphInterpreter.scala:401)
Jul 25 17:40:44 redacted thehive[22758]: at akka.stream.impl.fusing.GraphInterpreterShell.runBatch(ActorGraphInterpreter.scala:571)
Jul 25 17:40:44 redacted thehive[22758]: at akka.stream.impl.fusing.GraphInterpreterShell$AsyncInput.execute(ActorGraphInterpreter.scala:457)
Jul 25 17:40:44 redacted thehive[22758]: at akka.stream.impl.fusing.GraphInterpreterShell.processEvent(ActorGraphInterpreter.scala:546)
@nadouani
Copy link
Contributor

When does the TypeError: Cannot read property 'type' of null browser's console error occur? When accessing the observables tab or the case page?

@jcoignet
Copy link
Author

jcoignet commented Jul 27, 2018
edited
Loading

Thanks for the quick reply,
Only when accessing the observables tab

@nadouani
Copy link
Contributor

does this occur in any browser? Do you have some thing stored in your locasstorage under the key th.observables-section?

@jcoignet
Copy link
Author

jcoignet commented Jul 27, 2018
edited
Loading

The previous informations are from Chrome.
The observables aren't displayed on Firefox but nothing shows in the console.
IE :
HTTP500: ERREUR DE SERVEUR. Le serveur ne peut pas exécuter la requête, car il a rencontré une condition inattendue. (XHR)GET - hxxps://redacted/api/case/AWTcFgslWHpZf-A92w76/links
Rough translation : The server can't execute the request because an unexpected condition occured.

I couldn't find that key in local storage.

@nadouani
Copy link
Contributor

Hello, sorry for the delay. Could you find the 500 error's log in application.log file of TheHive?

@jcoignet
Copy link
Author

Hi no problem
Here we go :

2018-08-29 18:44:22,937 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-47 - GET /api/case/AWTIWoAAWHpZf-A92woe/links returned 500
java.lang.RuntimeException:
at scala.sys.package$.error(package.scala:27)
at services.ArtifactSrv.similarArtifactFilter(ArtifactSrv.scala:142)
at services.ArtifactSrv.findSimilar(ArtifactSrv.scala:130)
at services.CaseSrv.$anonfun$linkedCases$1(CaseSrv.scala:186)
at akka.stream.impl.fusing.Map$$anon$7.onPush(Ops.scala:47)
at akka.stream.impl.fusing.GraphInterpreter.processPush(GraphInterpreter.scala:499)
at akka.stream.impl.fusing.GraphInterpreter.execute(GraphInterpreter.scala:401)
at akka.stream.impl.fusing.GraphInterpreterShell.runBatch(ActorGraphInterpreter.scala:571)
at akka.stream.impl.fusing.GraphInterpreterShell$AsyncInput.execute(ActorGraphInterpreter.scala:457)
at akka.stream.impl.fusing.GraphInterpreterShell.processEvent(ActorGraphInterpreter.scala:546)
at akka.stream.impl.fusing.ActorGraphInterpreter.akka$stream$impl$fusing$ActorGraphInterpreter$$processEvent(ActorGraphInterpreter.scala:728)
at akka.stream.impl.fusing.ActorGraphInterpreter.akka$stream$impl$fusing$ActorGraphInterpreter$$shortCircuitBatch(ActorGraphInterpreter.scala:718)
at akka.stream.impl.fusing.ActorGraphInterpreter$$anonfun$receive$1.applyOrElse(ActorGraphInterpreter.scala:744)
at akka.actor.Actor.aroundReceive(Actor.scala:517)
at akka.actor.Actor.aroundReceive$(Actor.scala:515)
at akka.stream.impl.fusing.ActorGraphInterpreter.aroundReceive(ActorGraphInterpreter.scala:653)
at akka.actor.ActorCell.receiveMessage(ActorCell.scala:527)
at akka.actor.ActorCell.invoke(ActorCell.scala:496)
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:257)
at akka.dispatch.Mailbox.run(Mailbox.scala:224)
at akka.dispatch.Mailbox.exec(Mailbox.scala:234)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)

@nadouani
Copy link
Contributor

Well, this is coming from a data inconsistency. There is an observable without data.

Please join me on Gitter by DM

@jcoignet
Copy link
Author

Hello,
You last message put me on the right way:
We changed our observables dataTypes on TheHive, and on some alerts they were still created with the old and now unknown to TheHive dataTypes.

I can now reproduce by creating an alert with an artifact like this : {"dataType" : "UnknownTypeOnTheHive", "data" : "foo"}

Thanks a lot for your help !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadouani @saadkadhi @jcoignet