Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DOS issue: Firefox crashing TheHive #899

Closed
frikky opened this issue Feb 25, 2019 · 12 comments
Closed

DOS issue: Firefox crashing TheHive #899

frikky opened this issue Feb 25, 2019 · 12 comments

Comments

@frikky
Copy link

frikky commented Feb 25, 2019

Request Type

Bug

Work Environment

Question Answer
OS version (server) ...
OS version (client) ...
TheHive version / git hash 3.3-RC2
Package Type Docker
Browser type & version Firefox 65.0.1

Problem Description

When you click a case TheHive 3.3-RC2 from Firefox 65.0.1, it automatically makes the server use all available CPU. I'm guessing this is an infinite loop issue in Angular. This is specific to Firefox 65.0.1, and was not reproducable with e.g. firefox 60. (Didn't test inbetween 64, 63 etc.). This does not occur on earlier versions of TheHive either (e.g. 3.2.1). Not tested without Docker.

Steps to Reproduce

  1. Set up TheHive version 3.3-RC2
  2. Download and set up Firefox 65.0.1
  3. Login to thehive
  4. Click any case (Doesn't matter if closed or open)
@nadouani
Copy link
Contributor

nadouani commented Feb 25, 2019
edited
Loading

Hello, is there any way to take a look to what the browser does, like for example, from the developer console, take a look to the network tab?

@frikky
Copy link
Author

frikky commented Feb 25, 2019

I tried, but what happened was that you get a reply on the first request, but all subsequent requests (ctrl+shift+R) don't work.

@nadouani
Copy link
Contributor

Tried that on a Mac OS and it works fine. What client OS are you using?

@frikky
Copy link
Author

frikky commented Feb 25, 2019

Tried on Windows and Debian versions :)

@nadouani
Copy link
Contributor

Tested on Ubuntu, works fine.

Do you have any logs? The response of the requests that fail?

@frikky
Copy link
Author

frikky commented Feb 25, 2019

Hmm, I'm starting to think this is something I've done myself, since we have some custom things. I'll get back to you 👍

I couldn't find any relevant logs, as it just seems to DOS itself immediately after the first request.

@crackytsi
Copy link

Could'nt this linked with the button issue? Why didn't you upgrade to 3.3 RC4?

@nadouani
Copy link
Contributor

Yes try even RC5 so we can test on the same version

@frikky
Copy link
Author

frikky commented Feb 25, 2019

Oh, my current custom build is on RC2 (we don't have internet access on servers, so upgrading in general is a hassle, aka I don't do it for every minor upgrade). I'll try, thanks!

@nadouani
Copy link
Contributor

So your version is custom version of TheHive?

@frikky
Copy link
Author

frikky commented Feb 25, 2019

It's basically the normal TheHive with some things like extra severity fields etc. which hasn't broken anything before (been running for a year), hence I thought it might be something happening to everyone. I'll upgrade and test some more before I update you again.

@frikky
Copy link
Author

frikky commented Mar 1, 2019

I finally got around to doing the upgrade from RC-2 to RC-5. Everything seems to be working fine now! Problem is I don't really know why..

Thanks for the help :)

@frikky frikky closed this as completed Mar 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadouani @frikky @crackytsi