search

TheHive-Project / Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
https://thehive-project.org
GNU Affero General Public License v3.0
1.28k stars 218 forks source link

[BUG] CA Certs parameter can't be set back to null #377

Closed cyberpescadito closed 1 year ago

cyberpescadito commented 3 years ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
OS version (client) iOS
Cortex version / git hash 3.1.1-1
Package Type Docker
Browser type & version Chrome 91.0.4472.114

Problem Description

When applying a parameter to the "CA Cert" field, it's not possible to go back to the "null" value. if you leave the "CA Certs" field empty, it will define an empty string ( "" ) as cert path, triggering "OpenSSL.SSL.Error: [('x509 certificate routines', 'X509_load_cert_crl_file', 'no certificate or crl found')]" error. This behaviour is applicable to analyzers/responders config, and to global configurations. It means if you configure a certificate in your global configuration, then remove this parameter, every analyzer/responder will have an empty string as "CA Cert" parameter and all jobs will fail (the CA Certs parameter set to "" is invisible to the user)

Steps to Reproduce

  1. apply a parameter to the field "CA Certs" on an analyzer
  2. remove this parameter from the analyzer config
  3. any job run by this analyzer will fail with 'no certificate or crl found' error.

Possible Solutions

when the CA Certs field is changed to "", define it as null

cyberpescadito commented 3 years ago

Workaround: modify the front-end requests when changing the config in the UI. replace "" by null in the request at parameter cacerts