Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when uploading password protected zips as observables #805

Closed
Spiderstryder opened this issue Nov 27, 2018 · 4 comments
Closed

Error when uploading password protected zips as observables #805

Spiderstryder opened this issue Nov 27, 2018 · 4 comments
Assignees
@nadouani @To-om
Labels
bug
Milestone
3.2.0

Comments

@Spiderstryder
Copy link

Error when uploading password protected zips as observables)

Request Type

Bug

Work Environment

Question Answer
OS version (server) GKE-optimized ubuntu
OS version (client) Windows
TheHive version / git hash 3.1.2
Package Type Docker
Browser type & version Chrome

Problem Description

When uploading zips and providing a password to the archive, the observables list refuses to display anything (shows (0 of X)).

Steps to Reproduce

Upload a zip with some malware payload,#
Tick it's an archive,
add password,
watch everything explode.

Complementary information

console error log:
  "org.elastic4play.InternalError: Artifact has invalid data : {"createdBy":"stryder","dataType":"file","sighted":false,"createdAt":1543338138910,"message":"","startDate":1543338138913,"ioc":true,"tags":["anyrun"],"reports":"{}","tlp":2,"status":"Ok","attachment":{"name":"RECHNUNG.doc","hashes":["97c692c26ed8c0b79b4748a8e27c3451a6ff97f141798fd004ecc02629424ba4","d6be85221f93e7f62b22ac5d49d7868d8978a13a","4c2fab380f8c7651ccdff738d49e6702"],"size":84736,"contentType":null,"id":"97c692c26ed8c0b79b4748a8e27c3451a6ff97f141798fd004ecc02629424ba4"},"_type":"case_artifact","_routing":"AWdWHhtW2jQ6vlWSRW8w","_parent":"AWdWHhtW2jQ6vlWSRW8w","_id":"a5dbcef7197cc7b88c16a37924b95f0a","_version":1}
	at connectors.cortex.services.CortexAnalyzerSrv.$anonfun$submitJob$9(CortexAnalyzerSrv.scala:317)
	at scala.util.Success.$anonfun$map$1(Try.scala:251)
	at scala.util.Success.map(Try.scala:209)
	at scala.concurrent.Future.$anonfun$map$1(Future.scala:288)
	at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)
	at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
	at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
	at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
	at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
"  
 timestamp:  "2018-11-27T17:03:06Z"

net::ERR_CONNECTION_RESET 200 (OK)
(anonymous) @ vendor.3f801dae.js:6
q @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
x.onload @ vendor.3f801dae.js:6
load (async)
(anonymous) @ vendor.3f801dae.js:6
q @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
x.onload @ vendor.3f801dae.js:6
load (async)
(anonymous) @ vendor.3f801dae.js:6
q @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
x.onload @ vendor.3f801dae.js:6

TypeError: Cannot read property 'type' of null
    at scripts.499bcac5.js:6
    at vendor.3f801dae.js:6
    at g (vendor.3f801dae.js:6)
    at vendor.3f801dae.js:6
    at o.$eval (vendor.3f801dae.js:6)
    at o.$digest (vendor.3f801dae.js:6)
    at o.$apply (vendor.3f801dae.js:6)
    at i (vendor.3f801dae.js:6)
    at u (vendor.3f801dae.js:6)
    at XMLHttpRequest.y (vendor.3f801dae.js:6)
(anonymous) @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:5
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
y @ vendor.3f801dae.js:6
error (async)
(anonymous) @ vendor.3f801dae.js:6
q @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
x.onload @ vendor.3f801dae.js:6
load (async)
(anonymous) @ vendor.3f801dae.js:6
q @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
x.onload @ vendor.3f801dae.js:6
load (async)
(anonymous) @ vendor.3f801dae.js:6
q @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
g @ vendor.3f801dae.js:6
(anonymous) @ vendor.3f801dae.js:6
$eval @ vendor.3f801dae.js:6
$digest @ vendor.3f801dae.js:6
$apply @ vendor.3f801dae.js:6
i @ vendor.3f801dae.js:6
u @ vendor.3f801dae.js:6
x.onload @ vendor.3f801dae.js:6
@axpatito
Copy link

Can't reproduce. Can you confirm the structure of your zip file, please?

@Spiderstryder
Copy link
Author

The sample used is present here;
https://app.any.run/tasks/4163d33a-aabd-4ecf-9138-955b7c569ca5

here is an image of the issue
image

It also seems that Hive has an issue passing these files to Cortex, however if they are uploaded to Cortex directly there is no issue with handling them. Furthermore these issues don't occur with normal files, just password protected zips.

Further logs pertaining the display error:

  "java.lang.RuntimeException: 
	at scala.sys.package$.error(package.scala:27)
	at services.ArtifactSrv.similarArtifactFilter(ArtifactSrv.scala:141)
	at services.ArtifactSrv.findSimilar(ArtifactSrv.scala:129)
	at services.CaseSrv.$anonfun$linkedCases$1(CaseSrv.scala:154)
	at akka.stream.impl.fusing.Map$$anon$9.onPush(Ops.scala:53)
	at akka.stream.impl.fusing.GraphInterpreter.processPush(GraphInterpreter.scala:519)
	at akka.stream.impl.fusing.GraphInterpreter.execute(GraphInterpreter.scala:411)
	at akka.stream.impl.fusing.GraphInterpreterShell.runBatch(ActorGraphInterpreter.scala:585)
	at akka.stream.impl.fusing.GraphInterpreterShell$AsyncInput.execute(ActorGraphInterpreter.scala:469)
	at akka.stream.impl.fusing.GraphInterpreterShell.processEvent(ActorGraphInterpreter.scala:560)
"

@nadouani
Copy link
Contributor

Hello @Spiderstryder we will take a look on it, thanks

@nadouani nadouani added the bug label Nov 28, 2018
@To-om
Copy link
Contributor

To-om commented Nov 28, 2018

The problem occurs when the content type of the file can't be determined. In the error message the contentType is null whereas the value is mandatory.

@To-om To-om added this to the 3.2.0-RC2 milestone Nov 28, 2018
To-om added a commit that referenced this issue Nov 28, 2018
@To-om
#805 Use default content type if it cannot be determined
a0534ea
@To-om To-om closed this as completed Nov 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadouani nadouani

@To-om To-om

Labels
bug
Projects
None yet
Milestone
3.2.0
Development

No branches or pull requests
4 participants
@nadouani @axpatito @Spiderstryder @To-om