Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Click analyzers mini-report does not load the full report #1694

Closed
albertogordillo opened this issue Nov 30, 2020 · 1 comment
Closed

[Bug] Click analyzers mini-report does not load the full report #1694

albertogordillo opened this issue Nov 30, 2020 · 1 comment
Assignees
@To-om
Labels
bug TheHive4 TheHive4 related issues
Milestone
4.0.3

Comments

@albertogordillo
Copy link

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) 18.04
TheHive version / git hash 4.0.2
Package Type DEB
Browser type & version Chrome

Problem Description

Clicking a mini-report of an observable in the observables tab does not load the full report.

Steps to Reproduce

  1. Launch an analyzer that shows a mini-report and wait for completion
  2. Go to Observables tab
  3. Click on the mini-report

Complementary information

application.log
2020-12-01 00:28:33,190 [WARN] from org.thp.scalligraph.query.QueryExecutor$$anon$1 in application-akka.actor.default-dispatcher-45 [0000007a|] getQuery(org.thp.scalligraph.traversal.Traversal.V[org.thp.thehive.models.Observable], FObject(Map(_name -> FString(jobs)))) fails because query jobs (FObject(Map())) has potential queries List() 2020-12-01 00:28:33,210 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-45 [0000007a|] POST /api/v1/query?name=observable-jobs-~163852448 returned 400 org.thp.scalligraph.AttributeCheckingError: [Invalid format for _name: FObject(Map(_name -> FString(jobs))), expected query (count,similar,page,filter,aggregation,actions,organisations,output,case,sort)] at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$5(Entrypoint.scala:107) at org.scalactic.Bad.fold(Or.scala:1387) at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$2(Entrypoint.scala:107) at org.thp.scalligraph.DiagnosticContext$.$anonfun$withRequest$2(ContextPropagatingDisptacher.scala:99) at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:106) at org.thp.scalligraph.DiagnosticContext$.withRequest(ContextPropagatingDisptacher.scala:97) at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$1(Entrypoint.scala:107) at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.$anonfun$invokeBlock$2(SessionAuthSrv.scala:97) at scala.Option.fold(Option.scala:251) at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:95) at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:92) at play.api.mvc.ActionBuilder$$anon$10.$anonfun$invokeBlock$2(Action.scala:408) at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:441) at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:439) at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:408) at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:404) at play.api.mvc.ActionBuilder$$anon$9.apply(Action.scala:379) at play.api.mvc.Action.$anonfun$apply$4(Action.scala:82) at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:168) at scala.util.Try$.apply(Try.scala:213) at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:168) at scala.Function1.$anonfun$andThen$1(Function1.scala:57) at scala.Function1.$anonfun$andThen$1(Function1.scala:57) at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:200) at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:418) at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41) at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64) at org.thp.scalligraph.ContextPropagatingDisptacher$$anon$1.$anonfun$execute$2(ContextPropagatingDisptacher.scala:56) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) at org.thp.scalligraph.DiagnosticContext$.$anonfun$withDiagnosticContext$2(ContextPropagatingDisptacher.scala:91) at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:106) at org.thp.scalligraph.DiagnosticContext$.withDiagnosticContext(ContextPropagatingDisptacher.scala:89) at org.thp.scalligraph.DiagnosticContext$$anon$2.withContext(ContextPropagatingDisptacher.scala:74) at org.thp.scalligraph.ContextPropagatingDisptacher$$anon$1.$anonfun$execute$1(ContextPropagatingDisptacher.scala:56) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:48) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48) at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175) 2020-12-01 00:28:33,211 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-45 [0000007a|] 127.0.0.1 POST /api/v1/query?name=observable-jobs-~163852448 took 34ms and returned 400 449 bytes
@nadouani nadouani added TheHive4 TheHive4 related issues bug labels Dec 1, 2020
@nadouani nadouani self-assigned this Dec 1, 2020
@nadouani nadouani added this to the 4.0.3 milestone Dec 1, 2020
@nadouani nadouani mentioned this issue Dec 8, 2020
Closed
@nadouani
Copy link
Contributor

@To-om

When clicking on an observable mini-report, the following query API is executed:

{
    "query": [{
        "_name": "getObservable",
        "idOrName": "~328867856"
    }, {
        "_name": "jobs"
    }, {
        "_name": "filter",
        "_or": [{
            "analyzerId": "MaxMind_GeoIP_4_0"
        }, {
            "_like": {
                "_field": "analyzerDefinition",
                "_value": "MaxMind_GeoIP_4_0"
            }
        }]
    }, {
        "_name": "sort",
        "_fields": [{
            "startDate": "desc"
        }]
    }, {
        "_name": "page",
        "from": 0,
        "to": 1
    }]
}

It results on

{
    "type": "AttributeCheckingError",
    "message": "[Invalid format for _name: FObject(Map(_name -> FString(jobs))), expected query (count,similar,page,filter,aggregation,actions,organisations,output,case,sort)]",
    "errors": [{
        "name": "_name",
        "format": "query",
        "acceptedInput": ["count", "similar", "page", "filter", "aggregation", "actions", "organisations", "output", "case", "sort"],
        "field": "FObject(Map(_name -> FString(jobs)))",
        "type": "InvalidFormatAttributeError"
    }]
}

The jobs query seems to be missing on the getObservable query

@nadouani nadouani assigned To-om and unassigned nadouani Dec 14, 2020
To-om added a commit that referenced this issue Dec 15, 2020
@To-om
#1694 Add user to link observables and jobs
a06f056
@To-om To-om closed this as completed Dec 15, 2020
@nadouani nadouani changed the title Click analyzers mini-report does not load the full report [Bug] Click analyzers mini-report does not load the full report Dec 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
bug TheHive4 TheHive4 related issues
Projects
None yet
Milestone
4.0.3
Development

No branches or pull requests
3 participants
@nadouani @To-om @albertogordillo