[Bug] File observables with special character in name can not be downloaded #1842

KaanSK · 2021-03-16T18:22:13Z

Work Environment

Question	Answer
OS version (server)	Ubuntu docker base image
OS version (client)	All ...
TheHive version / git hash	4.0.5
Package Type	DEB
Browser type & version	All

Problem Description

File observables with special characters in filenames can not be downloaded. "Invalid filename" error is shown. File can be found in server filesystem.

Steps to Reproduce

Create a file observable with example name: "Re: Re: malicious mail.eml"
Try to download zipped file from TheHive UI
Observe the error

Possible Solutions

Filenaming logic (mapping filename to file) may be investigated
Validations could be added on frontend and backend
Special chars and whitespace could be stripped

To-om · 2021-03-18T08:03:04Z

Some characters are prohibited

KaanSK added TheHive4 TheHive4 related issues bug labels Mar 16, 2021

nadouani assigned nadouani and To-om Mar 17, 2021

nadouani added this to the 4.1.0 milestone Mar 17, 2021

nadouani added the need:investigation label Mar 17, 2021

nadouani removed their assignment Mar 17, 2021

To-om added a commit that referenced this issue Mar 18, 2021

#1842 Replace forbidden characters instead of refuse the download

6f1b9cc

To-om removed the need:investigation label Mar 18, 2021

To-om closed this as completed Mar 18, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] File observables with special character in name can not be downloaded #1842

[Bug] File observables with special character in name can not be downloaded #1842

KaanSK commented Mar 16, 2021

To-om commented Mar 18, 2021

[Bug] File observables with special character in name can not be downloaded #1842

[Bug] File observables with special character in name can not be downloaded #1842

Comments

KaanSK commented Mar 16, 2021

Work Environment

Problem Description

Steps to Reproduce

Possible Solutions

To-om commented Mar 18, 2021