MISP analyzer certpath option doesn't accept bool value

[srilumpa]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu
OS version (client)	N/A
Cortex Analyzer Name	MISP
Cortex Analyzer Version	2.0
Cortex Version	1.1.4
Browser type & version	N/A

Description

Documentation (https://github.com/TheHive-Project/CortexDocs/blob/master/analyzer_requirements.md#misp) says it is possible to set the certpath value to the boolean false to ignore the MISP certificate. When doing so, the analyzer crashes.

Steps to Reproduce

(keep this section only if the issue relates to a bug)

1. Set a MISP instance
2. Set its certpath to false
3. Execute the MISP analyzer on any kind of artifact

Complementary information

Configuration for the MISP analyzer:

MISP {
  url=["https://misp.example.com/"]
  key=["redacted"]
  name=["MISP"]
  certpath=[false]
}

MISP analyzer result:

{
  "errorMessage": "Error: Invalid output\nWARNING [abstract.py:14 - <module>() ] You're using python 2, it is strongly recommended to use python >=3.5\nWARNING [mispevent.py:26 - <module>() ] You're using python 2, it is strongly recommended to use python >=3.5\nWARNING [api.py:32 - <module>() ] You're using python 2, it is strongly recommended to use python >=3.5\nTraceback (most recent call last):\n  File \"./misp.py\", line 67, in <module>\n    MISPAnalyzer().run()\n  File \"./misp.py\", line 20, in __init__\n    name=name)\n  File \"/opt/cortex-analyzers/analyzers/MISP/mispclient.py\", line 31, in __init__\n    if os.path.isfile(ssl[idx]):\n  File \"/usr/lib/python2.7/genericpath.py\", line 37, in isfile\n    st = os.stat(path)\nTypeError: coercing to Unicode: need string or buffer, bool found\n",
  "input": null,
  "success": false
}

[3c7]

This seems to be a problem regarding python2. Double checked it using a list of MISP-servers and a single MISP server:

python misp.py <<< '{
quote> "data": "8.8.8.8",
quote> "dataType": "ip",
quote> "config": {
quote> "url": "https://misp.example.org",
quote> "key": "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
quote> "certpath": false
quote> }
quote> }'

and

python misp.py <<< '{
quote> "data": "8.8.8.8",
quote> "dataType": "ip",
quote> "config": {
quote> "url": ["https://misp.example.org"],
quote> "key": ["ABCDEFGHIJKLMNOPQRSTUVWXYZ"],
quote> "certpath": [false]
quote> }
quote> }'

are working.

[srilumpa]

Seems to be only a python2 issue with the "list" configuration format.

python2 ./misp.py <<< '{"data": "8.8.8.8", "dataType":"ip", "config": {"url":"https://misp.example.com, "key":"redacted", "certpath":false}}'

works but not

python2 ./misp.py <<< '{"data": "8.8.8.8", "dataType":"ip", "config": {"url":["https://misp.example.com"], "key":["redacted"], "certpath":[false]}}'

[3c7]

Fixed the bug, it will be included in the next release (which is most likely today or tomorrow).