Bug: Feed filtering rules on manifests change introduces issue for default MISP format feeds.
UFOSmuggler opened this issue · comments
Actual behavior
This relates to this fix: d0c9f46
On a fresh MISP install, attempting to fetch an enabled feed results in the following error:
Error: Error: Argument 2 passed to Feed::checkEventAgainstRules() must be of the type array, null given, called in /var/www/MISP/app/Model/Feed.php on line 221
Error: Argument 2 passed to Feed::checkEventAgainstRules() must be of the type array, null given, called in /var/www/MISP/app/Model/Feed.php on line 221
#0 /var/www/MISP/app/Model/Feed.php(221): Feed->checkEventAgainstRules()
#1 /var/www/MISP/app/Model/Feed.php(1262): Feed->getNewEventUuids()
#2 /var/www/MISP/app/Console/Command/ServerShell.php(411): Feed->downloadFromFeedInitiator()
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/Shell.php(459): ServerShell->fetchFeed()
#4 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(222): Shell->runCommand()
#5 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
#6 /var/www/MISP/app/Console/cake.php(45): ShellDispatcher::run()
#7 {main}
This is due to the rules for that feed being NULL:
MariaDB [misp]> select name, enabled, rules from feeds;
+---------------------+---------+-------+
| name | enabled | rules |
+---------------------+---------+-------+
| CIRCL OSINT Feed | 1 | NULL |
| The Botvrij.eu Data | 0 | NULL |
+---------------------+---------+-------+
Editing a feed, and saving it without making changes fixes the issue, and the feeds table looks like this after:
MariaDB [misp]> select name, enabled, rules from feeds;
+---------------------+---------+-----------------------------------------------------------------------+
| name | enabled | rules |
+---------------------+---------+-----------------------------------------------------------------------+
| CIRCL OSINT Feed | 1 | {"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""} |
| The Botvrij.eu Data | 0 | NULL |
+---------------------+---------+-----------------------------------------------------------------------+
Attempting to fetch the feed will now succeed.
Clicking "Load default feed metadata" will load new feeds into the MISP instance with the correct default rules object, but will not fix the CIRCL and Botvrij default feeds. Deleting them and clicking "Load default feed metadata" does fix them.
Expected behavior
Prior to the above fix, the feed would successfully pull. The fix needs to be modified to load the default "empty" rules object when a feed rule is NULL.
Steps to reproduce
- Spin up a completely fresh MISP
- Enable the CIRCL feed
- Fetch feed
- View jobs and observe failed fetch
Version
2.4.193
Operating System
misp-docker:latest
Operating System version
misp-docker:latest
PHP version
misp-docker:latest
Browser
Chrome
Browser version
No response
Relevant log output
No response
Extra attachments
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
I'm having this issue. I've deleted the feeds and then loaded default feed meta, but the fetch feeds cron job (sudo bash -c "/var/www/MISP/app/Console/cake Server fetchFeed 1 all") just never seems to succeed.
Also getting:
2024-06-21 16:46:28 Notice: Undefined index: disable_correlation in [/var/www/MISP/app/Model/Feed.php, line 1352]
Warning Error: Illegal string offset 'disable_correlation' in [/var/www/MISP/app/Model/Feed.php, line 1352]
2024-06-21 16:47:41 Warning: Illegal string offset 'disable_correlation' in [/var/www/MISP/app/Model/Feed.php, line 1352]
I gave it some more time and the feeds did start getting fetched correctly again. Thanks for the info!