Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Importing Report Templates not working in 3.1.2-1 #797

Closed
auslaender6 opened this issue Nov 12, 2018 · 24 comments
Closed

Importing Report Templates not working in 3.1.2-1 #797

auslaender6 opened this issue Nov 12, 2018 · 24 comments
Labels
invalid question

Comments

@auslaender6
Copy link

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian (TurnKey Core Server)
OS version (client) Windows 10
TheHive version / git hash 3.1.2-1
Package Type DEB
Browser type & version Chrome Version 70

Problem Description

After installation of TheHive I try to upload the "report-templates.zip" file via the WebGUI, this fails with this Error: AdminReportTemplateImportCtrl: Input length = 1

Steps to Reproduce

  1. Login as Admin into WebGUI
  2. Goto Admin -> report templates
  3. Click on Import templates
  4. Select "report-templates.zip" (must be downloaded before from: https://dl.bintray.com/thehive-project/binary/report-templates.zip) and click "Yes, Import template archive".

Complementary information

Error Message:
image
@auslaender6
Copy link
Author

Wireshark capture of the upload try. (tried 2 times)
thehive2.zip

@auslaender6
Copy link
Author

application.log (During the click of "Import")

error.log

@crackytsi
Copy link

How large is your report-templates.zip?
Can you make a md5 or sha1 checksum?

@auslaender6
Copy link
Author

Size: 139 KB (142'392 Bytes)
SHA1: 5AF403FF957D0413E1560772530F937BB2D0DFB8
MD5: 3C3EF2680006B59499EB42A45DDDD6DC

@crackytsi
Copy link

crackytsi commented Nov 14, 2018
edited
Loading

Hmm Strange...
Can you try to copy just one directory from one analyzer to a zip file and check if it imports.
Format should be:
test.zip

|-- Analyzername_version
|      |-short.html
|      |-long.html

Does it work to import the zip file?

upload the whole zip file,...

@auslaender6
Copy link
Author

I tried it with:

test.zip
|-- Abuse_Finder_2_0
| |-short.html
| |- long.html

That works fine! :)

@crackytsi
Copy link

Sounds great. just to ensure it: If you upload the whole ZIP file containing all analyzers it fails?
Are you able to add more and more files to be able to figure out which analyzer produces the Problem?

I can see that urlscan.io seems to be wrong... But not sure if this has any dependency.

@auslaender6
Copy link
Author

correct.
That`s just what I though right now, urlscan.io has a "." instead of "_".
The strange thing is I used a zip file:

test.zip
|-- Urlscan.io_Search_1.0
| |-short.html
| |- long.html

The import went fine without an error, but the templates are not shown! There are still all default.

@crackytsi
Copy link

I remember, that I also had some issues, and I renamed it from . to _.
But this was just related to the one specific analyzer...

@auslaender6
Copy link
Author

Ok after renaming the folder in the test.zip from Urlscan.io_Search_1.0 to Urlscan_io_Search_1_0 the import ist still ok and the templates are shown on the right side in the GUI :).

@auslaender6
Copy link
Author

I did a rename of the folder also in the report-templates.zip and try it again, but it fails with the same error as before... maybe something else somewehre is wrong too...

image

@crackytsi
Copy link

@To-om Might it be possible that the . is wrongly interpreted as json-sub-structure?

@crackytsi
Copy link

@auslaender6 Does it work, if you completely remove the urlscan-io file and try to import everything else?

@auslaender6
Copy link
Author

After removing the urlscan-io folder it still fails with the same error. :(

So I have to check every 103 analzers manually to figure it out which is failing? ;)

@crackytsi
Copy link

It requires only log tries ;)
split always by half and check if it works...

@auslaender6
Copy link
Author

I`m getting closer, I removed the last 50 analzer folders in the report-templates file.zip, this import is working, so something with the last 50 folders is wrong ;)

@auslaender6
Copy link
Author

Ok just down to the last 13 folders... now the error is back again, I`ll test the rest

@auslaender6
Copy link
Author

Ok it is definitly: URLhaus_1_0

but nervertheless the urlscan-io is also wrong "." instead of "_" but this doesn`t interfere with the import, but should be corrected.

@auslaender6
Copy link
Author

looks like there is something wrong in the long.html

@nadouani
Copy link
Contributor

I don't like this:

<a href="https://urlhaus.abuse.ch{{r.link}}" target=”_blank”>

It looks like the target attribute's value is not wrapped by the right quote character!!

cc @3c7

@nadouani
Copy link
Contributor

Don't ask me how I've catched this :-)

@auslaender6
Copy link
Author

lol 👍 you did it, that counts :)

@auslaender6
Copy link
Author

I just tried it, now the import is fine :) wil you also correct this in the source?

@nadouani
Copy link
Contributor

@auslaender6 Issue created TheHive-Project/Cortex-Analyzers#375.

I'll close this one, and thanks for the investigation cc @crackytsi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nadouani @crackytsi @To-om @auslaender6