TheHive4py icon indicating copy to clipboard operation
TheHive4py copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

[Bug] New TheHive 4 Permissions not displayed under get_current_user

Open milesflo opened this issue 4 years ago • 0 comments

[Bug] New TheHive 4 Permissions not displayed under get_current_user()

Request Type

Bug

Work Environment

Question Answer
TheHive4py version pip version 1.6.0

Problem Description

TheHive4 introduced more verbose RBAC. These permissions should be displayed under the current user payload's roles key, but they still display the old information.

Steps to Reproduce

  1. Create acct with new permissions, ex: Screenshot in Complimentary Info

  2. Create API token

  3. Configure attached PoC script with URL, token and Organi{z,s}ation

  4. Observe output will contain some combination of Permissions: ['write', 'read', 'alert']

Possible Solutions

This is probably something to fix under TheHive, I'll xpost there as well.

Complementary information

Screenshot: image

PoC Script:

from thehive4py.api import TheHiveApi

url = "<url>"
token = "<token>"
organisation = "<organisation>"

api = TheHiveApi(
    url,
    token,
    organisation=organisation,
    cert=False
)


user = (api.get_current_user()).json()

if user['status'] == 'Ok':

    print("Username:" + user['login'])
    print("Permissions: " +  str(user['roles']))

milesflo avatar Sep 14 '20 16:09 milesflo