In misp42splunk/bin/misp_common.py, if a username containing the term "proxy" exists in another Splunk app incorrect proxy data may attempt to be loaded if it is returned by Splunk ahead of results for the misp42splunk app, or can fail if returns a NoneType. Consider checking the app_name for the credential attempting to be loaded and validate if it is associated with the app "misp42splunk".
Sample Code
# get clear version of misp_key
config_args['misp_key'] = None
proxy_clear_password = None
for credential in storage_passwords:
cred_app_name = credential.access.get('app')
if (app_name in cred_app_name) and (cred_app_name is not None):
username = credential.content.get('username')
if misp_instance in username:
clear_credentials = credential.content.get('clear_password')
if 'misp_key' in clear_credentials:
misp_instance_key = json.loads(clear_credentials)
config_args['misp_key'] = str(misp_instance_key['misp_key'])
elif 'proxy' in username:
clear_credentials = credential.content.get('clear_password')
if 'proxy_password' in clear_credentials:
proxy_creds = json.loads(clear_credentials)
proxy_clear_password = str(proxy_creds['proxy_password'])
if config_args['misp_key'] is None:
raise Exception(
"misp_key NOT found for instance {}".format(misp_instance)
)
return None
In misp42splunk/bin/misp_common.py, if a username containing the term "proxy" exists in another Splunk app incorrect proxy data may attempt to be loaded if it is returned by Splunk ahead of results for the misp42splunk app, or can fail if returns a NoneType. Consider checking the app_name for the credential attempting to be loaded and validate if it is associated with the app "misp42splunk".
Sample Code