Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malware knowledge panel markings issue #6867

Open
JeremyCloarec opened this issue May 2, 2024 · 7 comments
Open

Malware knowledge panel markings issue #6867

JeremyCloarec opened this issue May 2, 2024 · 7 comments
Assignees
@richard-julien @JeremyCloarec
Labels
bug use for describing something not working as expected filters & search Linked to search results and filtering engine
Milestone
Bugs backlog

Comments

@JeremyCloarec
Copy link
Contributor

JeremyCloarec commented May 2, 2024
edited
Loading

Description

"Entities view" in knowledge panel doesn't filter out entities with the markings of their relationship.
When switching to "Relationships view", markings are properly applied.
I found this bug on the malware panel bug the bug should be the same for other entities.

Environment

  1. OS (where OpenCTI server runs): { e.g. Mac OS 10, Windows 10, Ubuntu 16.4, etc. }
  2. OpenCTI version: { e.g. OpenCTI 1.0.2 }
  3. OpenCTI client: { e.g. frontend or python }
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Log in with a user A with access to TLP:RED marking
  2. Create a malware
  3. Go to it's knowledge tab
  4. Go to Victimology
  5. Create two relationships, one with TLP:GREEN marking and one with TLP:RED marking
  6. Log in with a user B with access to TLP:GREEN marking
  7. Go to the same malware's Victimology tab

Expected Output

User B can see both relationship targets in Entities view

Actual Output

User B can only see the TLP:GREEN relationship target in Entities view

Additional information

Bug doesn't occur only on Victimology tab but on other tabs also (tested and reproduced on Threat actors tab, I assume that the bug is there on all tabs)

Relationships view with TLP:GREEN user:
image
Relationships view with TLP:RED user:
image
Entities view with both users:
image
@JeremyCloarec JeremyCloarec added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels May 2, 2024
@jborozco jborozco removed the needs triage use to identify issue needing triage from Filigran Product team label May 3, 2024
@jborozco
Copy link
Member

jborozco commented May 3, 2024

can be reproduced here
https://testing.octi.staging.filigran.io/dashboard/arsenal/malwares/ac682b2a-bbc8-4462-8ea2-e959567d693c/knowledge/victimology

@SamuelHassine SamuelHassine added this to the Release 6.0.11 milestone May 3, 2024
@JeremyCloarec JeremyCloarec self-assigned this May 3, 2024
@Archidoit Archidoit added the filters & search Linked to search results and filtering engine label May 3, 2024
@JeremyCloarec
Copy link
Contributor Author

More info on the bug: the bug occurs on all queries using the "regardingOf" filter.
The "regardingOf" filter uses the denormalized refs of entities to filter for relations (it checks if rel_relationType exists/targets ids given in regardingOf). But by doing so, it doesn't check for access restrictions on the filtered relations.
To fix the "regardingOf" filter, we need a way to also check for access restrictions to the relations

@richard-julien
Copy link
Member

richard-julien commented May 18, 2024
edited
Loading

Known technical limitation. We need to talk about this

@Kedae Kedae modified the milestones: Bugs backlog, Release 6.2.0 May 20, 2024
@JeremyCloarec JeremyCloarec mentioned this issue Jun 6, 2024
Merged
5 tasks
JeremyCloarec added a commit that referenced this issue Jun 17, 2024
@JeremyCloarec
[backend/frontend] modify EntityStixCoreRelationshipsEntitiesComponen…
2019c63 
…t to list entities through relations (#6867)
@JeremyCloarec JeremyCloarec added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jun 17, 2024
daimyo007 pushed a commit to fbicyber/opencti__opencti that referenced this issue Jun 24, 2024
@JeremyCloarec @daimyo007
[backend/frontend] modify EntityStixCoreRelationshipsEntitiesComponen…
c8b5d34 
…t to list entities through relations (OpenCTI-Platform#6867)
Goumies pushed a commit that referenced this issue Jun 25, 2024
@JeremyCloarec @Goumies
[backend/frontend] modify EntityStixCoreRelationshipsEntitiesComponen…
a268617 
…t to list entities through relations (#6867)
SouadHadjiat added a commit that referenced this issue Jul 8, 2024
@SouadHadjiat
Revert "[backend/frontend] modify EntityStixCoreRelationshipsEntities…
f8e32b0 
…Component to list entities through relations (#6867)"

This reverts commit 2019c63.
SouadHadjiat added a commit that referenced this issue Jul 9, 2024
@SouadHadjiat
Revert "[backend/frontend] modify EntityStixCoreRelationshipsEntities…
b6f7240 
…Component to list entities through relations (#6867)" (#7625)
@aHenryJard
Copy link
Member

Reopening since the PR has been revert.

@aHenryJard aHenryJard reopened this Jul 9, 2024
@aHenryJard aHenryJard removed the solved use to identify issue that has been solved (must be linked to the solving PR) label Jul 9, 2024
@Jipegien
Copy link
Member

Jipegien commented Jul 9, 2024

is @JeremyCloarec still on this?

@JeremyCloarec
Copy link
Contributor Author

Yes, I will work on a new fix

JeremyCloarec added a commit that referenced this issue Jul 11, 2024
@JeremyCloarec
Reapply "[backend/frontend] modify EntityStixCoreRelationshipsEntitie…
6edf726 
…sComponent to list entities through relations (#6867)" (#7625)

This reverts commit b6f7240.
@JeremyCloarec
Copy link
Contributor Author

Placing this bug on pause. Fixing it requires current rework of denormalized relations to be finished.

@richard-julien richard-julien self-assigned this Jul 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richard-julien richard-julien

@JeremyCloarec JeremyCloarec

Labels
bug use for describing something not working as expected filters & search Linked to search results and filtering engine
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
8 participants
@richard-julien @SamuelHassine @aHenryJard @jborozco @Kedae @Archidoit @Jipegien @JeremyCloarec