Merge branch 'release/3.4.2'

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Change Log
 
+## [3.4.2](https://github.com/TheHive-Project/TheHive/milestone/57) (2020-04-25)
+
+**Implemented enhancements:**
+
+- [Feature Request] Providing output details for Responders [\#962](https://github.com/TheHive-Project/TheHive/issues/962)
+
+**Fixed bugs:**
+
+- Analyzer's artifacts tags and message are not kept when importing observables [\#1285](https://github.com/TheHive-Project/TheHive/issues/1285)
+- [Bug] File observables in alert are not created in case [\#1292](https://github.com/TheHive-Project/TheHive/issues/1292)
+
 ## [3.4.1](https://github.com/TheHive-Project/TheHive/milestone/53) (2020-04-17)
 
 **Implemented enhancements:**

project/plugins.sbt

@@ -4,4 +4,4 @@ logLevel := Level.Info
 addSbtPlugin("com.typesafe.play"   % "sbt-plugin"           % "2.6.23")
 addSbtPlugin("org.foundweekends"   % "sbt-bintray"          % "0.5.1")
 addSbtPlugin("org.scalameta"       % "sbt-scalafmt"         % "2.0.0")
-addSbtPlugin("org.thehive-project" % "sbt-github-changelog" % "0.2.0")
+addSbtPlugin("org.thehive-project" % "sbt-github-changelog" % "0.3.0")

thehive-backend/app/controllers/ArtifactCtrl.scala

@@ -103,7 +103,9 @@ class ArtifactCtrl @Inject()(
     } yield {
       for {
         hashes ← attachmentSrv.getHashes(attachmentId)
-        size   ← attachmentSrv.getSize(attachmentId)
+        size ← attachmentSrv.getSize(attachmentId).recover {
+          case _: NoSuchElementException ⇒ 0 // workaround until elastic4play#93 is fixed
+        }
       } yield fields.set("attachment", AttachmentInputValue(name, hashes, size.toLong, contentType, attachmentId))
     }
     artifactFields.fold[Future[Seq[Fields]]](Future.successful(Nil))(_.map(f ⇒ Seq(f)))

thehive-backend/app/services/AlertSrv.scala

@@ -302,31 +302,43 @@ class AlertSrv(
       .flatMap { artifact ⇒
         val tags    = (artifact \ "tags").asOpt[Seq[JsString]].getOrElse(Nil) :+ JsString("src:" + alert.tpe())
         val message = (artifact \ "message").asOpt[JsString].getOrElse(JsString(""))
-        (artifact \ "dataType").asOpt[String].flatMap {
-          case "file" ⇒
-            (artifact \ "data").asOpt[String].collect {
-              case dataExtractor(filename, contentType, data) ⇒
-                val f = Files.createTempFile("alert-", "-attachment")
-                Files.write(f, java.util.Base64.getDecoder.decode(data))
+        (artifact \ "dataType")
+          .asOpt[String]
+          .flatMap {
+            case "file" if !artifact.value.contains("attachment") ⇒
+              (artifact \ "data").asOpt[String].collect {
+                case dataExtractor(filename, contentType, data) ⇒
+                  val f = Files.createTempFile("alert-", "-attachment")
+                  Files.write(f, java.util.Base64.getDecoder.decode(data))
+                  Fields(
+                    artifact +
+                      ("tags"    → JsArray(tags)) +
+                      ("message" → message)
+                  ).set("attachment", FileInputValue(filename, f, contentType))
+                    .unset("data")
+              }
+            case "file" ⇒
+              Some(
                 Fields(
                   artifact +
                     ("tags"    → JsArray(tags)) +
                     ("message" → message)
-                ).set("attachment", FileInputValue(filename, f, contentType))
-                  .unset("data")
-            }
-          case _ if artifact.value.contains("data") ⇒
-            Some(
-              Fields(
-                artifact +
-                  ("tags"    → JsArray(tags)) +
-                  ("message" → message)
+                )
               )
-            )
-          case _ ⇒
+            case _ if artifact.value.contains("data") ⇒
+              Some(
+                Fields(
+                  artifact +
+                    ("tags"    → JsArray(tags)) +
+                    ("message" → message)
+                )
+              )
+            case _ ⇒ None
+          }
+          .orElse {
             logger.warn(s"Invalid artifact format: $artifact")
             None
-        }
+          }
       }
 
     val updatedCase = artifactSrv

ui/app/scripts/directives/responder-actions.js

@@ -8,8 +8,14 @@
                 actions: '=',
                 header: '@'
             },
-            templateUrl: 'views/directives/responder-actions.html',            
+            templateUrl: 'views/directives/responder-actions.html',
             controller: function($scope, $uibModal) {
+                _.each($scope.actions.values, function(action) {
+                    if(action.status === 'Failure') {
+                        action.errorMessage = (JSON.parse(action.report) || {}).errorMessage;
+                    }
+                });
+
                 $scope.showResponderJob = function(action) {
                     $uibModal.open({
                         scope: $scope,

ui/app/styles/case.css

@@ -80,3 +80,13 @@ table.case-list .case-tags .label,
     font-size: 12px !important;
     font-weight: normal;
 }
+
+pre.error-trace {
+  color: #a94442;
+  border: none;
+  font-size: 10px;
+  word-wrap: break-word;
+  word-break: break-all;
+  white-space: pre-wrap;
+  background-color: #f9f1f1;
+}

ui/app/views/directives/responder-actions.html

@@ -18,11 +18,18 @@ <h4 class="text-primary">{{header}}</h4>
                     'InProgress': 'label-warning',
                     'Failure': 'label-danger'}[action.status]">{{action.status}}</span>
                 </td>
-                <td>{{action.responderName}}</td>
+                <td>
+                    <div>{{action.responderName}}</div>
+                    <div ng-if="action.status === 'Failure'" class="text-danger wrap mt-xxs">
+                        <a class="text-danger" href
+                            ng-click="action.showError = !!!action.showError">{{action.showError ? 'Hide' : 'Show'}} error</a>
+                        <pre ng-show="action.showError" class="error-trace">{{action.errorMessage}}</pre>
+                    </div>
+                </td>
                 <td>{{action.cortexId}}</td>
                 <td>{{action.startDate | shortDate}}</td>
                 <td class="text-center">
-                    <a href class="noline" ng-click="showResponderJob(action)"><i class="fa fa-search"></i></a>
+                    <a ng-if="action.status !== 'Failure'" href class="noline" ng-click="showResponderJob(action)" uib-tooltip="Show action report" tooltip-placement="left-middle"><i class="fa fa-search"></i></a>
                 </td>
             </tr>
         </tbody>

ui/bower.json

@@ -1,6 +1,6 @@
 {
   "name": "thehive",
-  "version": "3.4.0-RC2",
+  "version": "3.4.2",
   "license": "AGPL-3.0",
   "dependencies": {
     "jquery": "^3.4.1",

ui/package.json

@@ -1,6 +1,6 @@
 {
     "name": "thehive",
-    "version": "3.4.0-RC2",
+    "version": "3.4.2",
     "license": "AGPL-3.0",
     "repository": {
         "type": "git",

version.sbt

@@ -1 +1 @@
-version in ThisBuild := "3.4.1-1"
+version in ThisBuild := "3.4.2-1"