Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error on commands manager arguments parsing #244

Closed
Tracked by #349
GGP1 opened this issue Jan 23, 2025 · 0 comments · Fixed by #245
Closed
Tracked by #349

Error on commands manager arguments parsing #244

GGP1 opened this issue Jan 23, 2025 · 0 comments · Fixed by #245
Assignees
@mcasas993
Labels
level/task Task issue mvp Minimum Viable Product type/bug Bug issue

Comments

@GGP1
Copy link
Member

GGP1 commented Jan 23, 2025

Description

During wazuh/wazuh#27765, I've modified the commands action args field to use an object instead of a list. However, when I tried sending commands with the new format, the commands manager failed to parse them.

gasti@gasti:~/work/wazuh/apis/tools/env$ curl -H "Content-Type: application/json" -ksu admin:admin -X POST https://localhost:9200/_plugins/_command_manager/commands -d '{"commands": [{"source": "Users/Services", "user": "Management API", "target": {"id": "0a96a0ab-5bef-415c-bb3c-ea3e294215a0", "type": "agent"}, "action": {"name": "set-group","version": "5.0.0", "args": {"groups": ["group1"]}}, "timeout": 100}]}' | jq
{
  "error": {
    "root_cause": [
      {
        "type": "illegal_state_exception",
        "reason": "Can't get text on a START_ARRAY at 1:215"
      }
    ],
    "type": "illegal_state_exception",
    "reason": "Can't get text on a START_ARRAY at 1:215"
  },
  "status": 500
}

As the error message indicates, the parser is expecting args.groups to have a string value instead of an array.

I tried replacing the array with a string and the commands manager parsed it successfully

String value 
gasti@gasti:~/work/wazuh/apis/tools/env$ curl -H "Content-Type: application/json" -ksu admin:admin -X POST https://localhost:9200/_plugins/_command_manager/commands -d '{"commands": [{"source": "Users/Services", "user": "Management API", "target": {"id": "0a96a0ab-5bef-415c-bb3c-ea3e294215a0", "type": "agent"}, "action": {"name": "set-group","version": "5.0.0", "args": {"groups": "group1"}}, "timeout": 100}]}' | jq
{
  "_index": ".commands",
  "_documents": [
    {
      "_id": "QSoYk5QBINEOAlt36j7M"
    }
  ],
  "result": "OK"
}

I also tried indexing the command directly to see if there was an issue with the template. It didn't fail, so the issue must be in the commands manager parsing

Index command 
gasti@gasti:~/work/wazuh/apis/tools/env$ curl -H "Content-Type: application/json" -ksu admin:admin -X POST https://localhost:9200/.commands/_doc -d '{"source": "Users/Services", "user": "Management API", "target": {"id": "0a96a0ab-5bef-415c-bb3c-ea3e294215a0", "type": "agent"}, "action": {"name": "set-group","version": "5.0.0", "args": {"groups": ["group1"]}}, "timeout": 100}' | jq
{                         
  "_index": ".commands",                         
  "_id": "PioSk5QBINEOAlt3WD5H",                         
  "_version": 1,                         
  "result": "created",                         
  "_shards": {                         
    "total": 1,                         
    "successful": 1,                         
    "failed": 0                         
  },                         
  "_seq_no": 0,                         
  "_primary_term": 1                         
}

The same error was received when I tried using another object as the groups key value

Object value 
gasti@gasti:~/work/wazuh/apis/tools/env$ curl -H "Content-Type: application/json" -ksu admin:admin -X POST https://localhost:9200/_plugins/_command_manager/commands -d '{"commands": [{"source": "Users/Services", "user": "Management API", "target": {"id": "0a96a0ab-5bef-415c-bb3c-ea3e294215a0", "type": "agent"}, "action": {"name": "set-group","version":
 "5.0.0", "args": {"groups": {"1": "group1"}}}, "timeout": 100}]}' | jq
{
  "error": {
    "root_cause": [
      {
        "type": "illegal_state_exception",
        "reason": "Can't get text on a START_OBJECT at 1:215"
      }
    ],
    "type": "illegal_state_exception",
    "reason": "Can't get text on a START_OBJECT at 1:215"
  },
  "status": 500
}

This issue aims at fixing the parsing for it to accept any kind of nested values.
@GGP1 GGP1 added level/task Task issue type/bug Bug issue labels Jan 23, 2025
@AlexRuiz7 AlexRuiz7 changed the title Fix commands manager arguments parsing Error on commands manager arguments parsing Jan 23, 2025
@GGP1 GGP1 mentioned this issue Jan 23, 2025
Closed
4 tasks
@AlexRuiz7 AlexRuiz7 added the mvp Minimum Viable Product label Jan 23, 2025
@AlexRuiz7 AlexRuiz7 transferred this issue from wazuh/wazuh-indexer Jan 23, 2025
@AlexRuiz7 AlexRuiz7 mentioned this issue Jan 23, 2025
Closed
22 tasks
@mcasas993 mcasas993 linked a pull request Jan 23, 2025 that will close this issue
Fix commands manager arguments parsing #245
Merged
@mcasas993 mcasas993 mentioned this issue Jan 23, 2025
Merged
@wazuhci wazuhci moved this from In progress to In review in XDR+SIEM/Release 5.0.0 Jan 24, 2025
@wazuhci wazuhci moved this from In review to On hold in XDR+SIEM/Release 5.0.0 Jan 24, 2025
@wazuhci wazuhci moved this from On hold to Pending review in XDR+SIEM/Release 5.0.0 Jan 24, 2025
@wazuhci wazuhci moved this from Pending review to Pending final review in XDR+SIEM/Release 5.0.0 Jan 24, 2025
@wazuhci wazuhci moved this from Pending final review to Done in XDR+SIEM/Release 5.0.0 Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcasas993 mcasas993

Labels
level/task Task issue mvp Minimum Viable Product type/bug Bug issue
Projects
XDR+SIEM/Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix commands manager arguments parsing wazuh/wazuh-indexer-plugins
3 participants
@AlexRuiz7 @mcasas993 @GGP1