Description
[Bug] TheHive V4 API Errors "Operation Not Permitted" and "Date format"
Request Type
Bug
Work Environment
Question | Answer |
---|---|
OS version (server) | Ubuntu 18 (Training VM) |
OS version (client) | Windows 10. |
TheHive version / git hash | 4.0 |
Package Type | Training VM |
Browser type & version | N/A |
Problem Description
"Operation not permitted" and invalid date format errors when posting to TheHive4 "Create Alert" API.
I'm using the training VMs for 3.4 and 4.0. A curl POST to the v4 VM gives me a date format error (below), and when you remove the date parameter you get an "Operation not permitted error".
Steps to Reproduce
TheHive4 Curl:
curl -X POST -H 'Authorization: Bearer 7ywJAe8sk9v0qCPjWF0ysrc7+Q6JouTR' -H 'Content-Type: application/json' http://thehive4.local:9000/api/alert -d '{"title": "Test Alert","description": "Created with curl via the API","type": "CurlTest","source": "API","sourceRef": "TA1","date": "1598453685000"}'
Result:
{"type":"AttributeCheckingError","message":"[Invalid format for date: FString(1598453685000), expected date (date)]","errors":[{"name":"date","format":"date","acceptedInput":["date"],"field":"FString(1598453685000)","type":"InvalidFormatAttributeError"}]}
TheHive4 Curl:
curl -X POST -H 'Authorization: Bearer 7ywJAe8sk9v0qCPjWF0ysrc7+Q6JouTR' -H 'Content-Type: application/json' http://thehive4.local:9000/api/alert -d '{"title": "Test Alert","description": "Created with curl via the API","type": "CurlTest","source": "API","sourceRef": "TA2"}'
Result:
{"type":"AuthorizationError","message":"Operation not permitted"}
TheHive3 Curl:
curl -X POST -H 'Authorization: Bearer SuGd5Aj4NNudH8unh5CpWLm4U/MYDeVc' -H 'Content-Type: application/json' http://thehive3.local:9000/api/alert -d '{"title": "Test Alert","description": "Created with curl via the API","type": "CurlTest","source": "API","sourceRef": "TA1","date": "1598453685000"}'
Result:
{"severity":2,"date":1598453685000,"_routing":"e88708eaf54e196b1826e24ac227bbcd","customFields":{},"_type":"alert","description":"Created with curl via the API","lastSyncDate":1598455169746,"source":"API","type":"CurlTest","follow":true,"title":"Test Alert","createdAt":1598455169743,"_parent":null,"createdBy":"admin","tlp":2,"_id":"e88708eaf54e196b1826e24ac227bbcd","id":"e88708eaf54e196b1826e24ac227bbcd","sourceRef":"TA2","_version":1,"artifacts":[],"status":"New"}