[Bug] API method broken: /api/case/task/log/_search in 4.0.1

[DrJohn1]

API method broken: /api/case/task/log/_search (Bug)

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu
TheHive version / git hash	4.0.1
Package Type	DEB

Problem Description

Any calls to /api/case/task/log/_search return the error 'org.thp.thehive.models.Task$$anon$7$$anon$8 cannot be cast to org.thp.thehive.models.Log'. This also happens with TheHive4py.

Steps to Reproduce

1. Make a call to the API /api/case/task/log/_search
2. Error is returned

Complementary information

The error shown:

[nadouani]

These errors look very weird. Taking a look

[nadouani]

Can you share a curl call that reproduce the issue? or is it occurring only with TheHive4py? I did a test and I cannot reproduce

[nadouani]

@DrJohn1 do you have the issue from the UI or from a custom script?

[DrJohn1]

This error started happening after 4.0.1 when requesting task logs for a specific task using thehive4py. It seems as the data field is no longer parsed as json by default in 4.0.1 (it worked in 4.0.0).

The code that worked in 4.0.0 (this is from PR #167 in thehive4py):

    def get_task_logs(self, task_id, **attributes):
        """
        Get logs of a case task by its id
        Arguments:
            task_id (str): Case task identifier
            query (dict): A query object, defined in JSON format or using utiliy methods from thehive4py.query module
            sort (Array): List of fields to sort the result with. Prefix the field name with `-` for descending order
                and `+` for ascending order
            range (str): A range describing the number of rows to be returned
        Returns:
            response (requests.Response): Response object including a JSON array representing a list of case task logs
        Raises:
            CaseTaskException: An error occured during case task log search
        """

        req = self.url + "/api/case/task/log/_search"

        # Add range and sort parameters
        params = {
            "range": attributes.get("range", "all"),
            "sort": attributes.get("sort", [])
        }

        # Add body
        parent_criteria = Parent('case_task', Id(task_id))

        # Append the custom query if specified
        if "query" in attributes:
            criteria = And(parent_criteria, attributes["query"])
        else:
            criteria = parent_criteria

        data = {
            "query": criteria
        }

        try:
            return requests.post(req, params=params, json=data, proxies=self.proxies, auth=self.auth, verify=self.cert)
        except requests.exceptions.RequestException as e:
            raise CaseTaskException("Case task logs search error: {}".format(e))

However it fails in 4.0.1. To fix it, I changed the request.post to explicitly include json.dumps():

            return requests.post(req, params=params, json=json.dumps(data), proxies=self.proxies, auth=self.auth, verify=self.cert)

For this reason, I think that the issue may be due to recent changes of TheHive.

[nadouani]

Yes, this sounds like a regression in input parsing in v0 apis.