[Bug] Click analyzers mini-report does not load the full report

[albertogordillo]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu
OS version (client)	18.04
TheHive version / git hash	4.0.2
Package Type	DEB
Browser type & version	Chrome

Problem Description

Clicking a mini-report of an observable in the observables tab does not load the full report.

Steps to Reproduce

1. Launch an analyzer that shows a mini-report and wait for completion
2. Go to Observables tab
3. Click on the mini-report

Complementary information

application.log
2020-12-01 00:28:33,190 [WARN] from org.thp.scalligraph.query.QueryExecutor$$anon$1 in application-akka.actor.default-dispatcher-45 [0000007a|] getQuery(org.thp.scalligraph.traversal.Traversal.V[org.thp.thehive.models.Observable], FObject(Map(_name -> FString(jobs)))) fails because query jobs (FObject(Map())) has potential queries List() 2020-12-01 00:28:33,210 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-45 [0000007a|] POST /api/v1/query?name=observable-jobs-~163852448 returned 400 org.thp.scalligraph.AttributeCheckingError: [Invalid format for _name: FObject(Map(_name -> FString(jobs))), expected query (count,similar,page,filter,aggregation,actions,organisations,output,case,sort)] at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$5(Entrypoint.scala:107) at org.scalactic.Bad.fold(Or.scala:1387) at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$2(Entrypoint.scala:107) at org.thp.scalligraph.DiagnosticContext$.$anonfun$withRequest$2(ContextPropagatingDisptacher.scala:99) at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:106) at org.thp.scalligraph.DiagnosticContext$.withRequest(ContextPropagatingDisptacher.scala:97) at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$1(Entrypoint.scala:107) at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.$anonfun$invokeBlock$2(SessionAuthSrv.scala:97) at scala.Option.fold(Option.scala:251) at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:95) at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:92) at play.api.mvc.ActionBuilder$$anon$10.$anonfun$invokeBlock$2(Action.scala:408) at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:441) at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:439) at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:408) at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:404) at play.api.mvc.ActionBuilder$$anon$9.apply(Action.scala:379) at play.api.mvc.Action.$anonfun$apply$4(Action.scala:82) at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:168) at scala.util.Try$.apply(Try.scala:213) at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:168) at scala.Function1.$anonfun$andThen$1(Function1.scala:57) at scala.Function1.$anonfun$andThen$1(Function1.scala:57) at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:200) at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:418) at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41) at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64) at org.thp.scalligraph.ContextPropagatingDisptacher$$anon$1.$anonfun$execute$2(ContextPropagatingDisptacher.scala:56) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) at org.thp.scalligraph.DiagnosticContext$.$anonfun$withDiagnosticContext$2(ContextPropagatingDisptacher.scala:91) at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:106) at org.thp.scalligraph.DiagnosticContext$.withDiagnosticContext(ContextPropagatingDisptacher.scala:89) at org.thp.scalligraph.DiagnosticContext$$anon$2.withContext(ContextPropagatingDisptacher.scala:74) at org.thp.scalligraph.ContextPropagatingDisptacher$$anon$1.$anonfun$execute$1(ContextPropagatingDisptacher.scala:56) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:48) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48) at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175) 2020-12-01 00:28:33,211 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-45 [0000007a|] 127.0.0.1 POST /api/v1/query?name=observable-jobs-~163852448 took 34ms and returned 400 449 bytes

[nadouani]

@To-om

When clicking on an observable mini-report, the following query API is executed:

{
    "query": [{
        "_name": "getObservable",
        "idOrName": "~328867856"
    }, {
        "_name": "jobs"
    }, {
        "_name": "filter",
        "_or": [{
            "analyzerId": "MaxMind_GeoIP_4_0"
        }, {
            "_like": {
                "_field": "analyzerDefinition",
                "_value": "MaxMind_GeoIP_4_0"
            }
        }]
    }, {
        "_name": "sort",
        "_fields": [{
            "startDate": "desc"
        }]
    }, {
        "_name": "page",
        "from": 0,
        "to": 1
    }]
}

It results on

{
    "type": "AttributeCheckingError",
    "message": "[Invalid format for _name: FObject(Map(_name -> FString(jobs))), expected query (count,similar,page,filter,aggregation,actions,organisations,output,case,sort)]",
    "errors": [{
        "name": "_name",
        "format": "query",
        "acceptedInput": ["count", "similar", "page", "filter", "aggregation", "actions", "organisations", "output", "case", "sort"],
        "field": "FObject(Map(_name -> FString(jobs)))",
        "type": "InvalidFormatAttributeError"
    }]
}

The jobs query seems to be missing on the getObservable query