caldera icon indicating copy to clipboard operation
caldera copied to clipboard

Published 20 hours ago verified publisher icon mitre

Save & Add button breaks Add an Ability to Adversary window

Open thanoskoutr opened this issue 2 years ago • 6 comments

Describe the bug When editing an existing Ability of an Adversary Profile (not when adding a new one), when you click the Save & Add button it saves the changes, but you can not close the window and the Close button does not do anything. If we then try to press Save or the Save & Add button, we get an ! Error Saving Ability error. Therefore, we can not make any more changes or exit this window (even when clicking outside of the pop-up window) and the only way to access the UI again is to refresh the page.

The only error I can find is in the Browser’s Console, where we get the following errors:

Uncaught TypeError: O is undefined
    Gn http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    m http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Gn http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    de http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Ir http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Lr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Gn http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    <anonymous> http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    r http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    Cr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Rr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Tr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    ht http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    scheduler http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    l http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    P http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    or http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    saveAbility http://192.168.1.99:8888/#home line 41 > injectedScript:571
    promise callback*saveAbility http://192.168.1.99:8888/#home line 41 > injectedScript:566
    anonymous http://192.168.1.99:8888/gui/js/lib/alpine.min.js line 3 > AsyncFunction:3
    Ir http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Lr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    s http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    o http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    o http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    a http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
alpine.min.js:7:25995
    Gn http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    m http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Gn http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    de http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Ir http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Lr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    bind_applyFunctionN self-hosted:1349
    Lr self-hosted:1312
    Gn http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    <anonymous> http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    r http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    Cr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    (Async: VoidFunction)
    Rr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Tr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    ht http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    scheduler http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    l http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    forEach self-hosted:4326
    P http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    or http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    saveAbility http://192.168.1.99:8888/#home line 41 > injectedScript:571
    (Async: promise callback)
    saveAbility http://192.168.1.99:8888/#home line 41 > injectedScript:566
    anonymous http://192.168.1.99:8888/gui/js/lib/alpine.min.js line 3 > AsyncFunction:3
    Ir http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    Lr http://192.168.1.99:8888/gui/js/lib/alpine.min.js:3
    bind_applyFunctionN self-hosted:1349
    Lr self-hosted:1312
    s http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    o http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    o http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7
    a http://192.168.1.99:8888/gui/js/lib/alpine.min.js:7

The logs from the docker container at that moment do not contain any error, only the beacons from the 2 agents that I have running:

2022-08-07 16:04:12 - DEBUG (contact_svc.py:64 handle_heartbeat) Incoming HTTP beacon from xlcdou
2022-08-07 16:04:13 - DEBUG (contact_svc.py:64 handle_heartbeat) Incoming tcp beacon from tzkmfz

I am running CALDERA version 4.0.0 (commit 4fe71ac87468e97665f3f26516137a442c7fab32) with docker-compose up -d and with no modification to the source code or extra plugins downloaded.

To Reproduce Steps to reproduce the behavior:

  1. Download CALDERA from GitHub with all submodules and checkout to v4.0.0:
git clone https://github.com/mitre/caldera.git --recursive --branch 4.0.0
  1. Run CALDERA with docker-compose:
docker-compose up -d
  1. Once started, log in to http://localhost:8888 with the red using the password found in the conf/local.yml file (this file will be generated on server start).
  2. Navigate to the adversaries page and select an adversary from the dropdown, e.g. Discovery.
  3. Click on an existing ability, e.g. Identify active user to open the Add an Ability to Adversary window.
  4. Click the Save & Add button.
  5. Try to close the window either with the Close button or by clicking outside the window area.
  6. Try to click the Save button or the Save & Add button again.

Expected behavior The expected behavior is to be able to close the window after pressing the Save & Add button and not break the functionality of the other buttons in the window.

Screenshots Click the Save & Add button on an existing Ability of an Adversary Profile : caldera_add_ability_save_and_add Trying to click the Save button or the Save & Add button again: caldera_add_ability_save_and_add_2 Trying to click the Close button to close the window: caldera_add_ability_close

Desktop (please complete the following information):

  • OS: Ubuntu 18.04.6 LTS Server, Ubuntu 20.04.4 LTS Server
  • Browser: Firefox, Chrome
  • Version: 103.0.1, 104.0.5112.81

thanoskoutr avatar Aug 07 '22 16:08 thanoskoutr

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

github-actions[bot] avatar Aug 07 '22 16:08 github-actions[bot]

Hi @thanoskoutr, really appreciate the detailed issue and bringing it to our attention. I was able to replicate the problem locally and have identified the source of it.

Could you please try checking out the branch from this pull request and see if the issue persists? https://github.com/mitre/caldera/pull/2637

If that fixes the issue for you we can get that merged in ASAP.

argaudreau avatar Aug 08 '22 17:08 argaudreau

I checked the branch from the pull request and the issue is now fixed. Thanks for the quick response.

I may face another issue now, but before describing it or opening a new issue I need to verify if it is an issue and if it is relevant to the changes made for the fix.

I will reply in a while in this discussion first.

thanoskoutr avatar Aug 08 '22 18:08 thanoskoutr

Ok just checked and the issues I am facing are not relevant to the fix, as they also appear in the 4.0.0 branch.

I will describe them shortly here just to get an opinion and if they are relevant:

  1. The first issue I have is when I select an Adversary and then an Ability and change a field, e.g. the Name, in the Ability window and I save (either with Save and Close or with the Save & Add button) I do not see the Name get changed in the abilities list of the select Adversary. I either have to reselect the Adversary from the Dropdown menu or reload the page and navigate back to the Ability. Is this expected? If not I would gladly open a new issue. If it is expected I would suggest an enhancement as it will improve a lot the UI/UX of the Adversaries page.
  2. The second issue is when adding executors, I almost always get errors when saving and the executor dropdown list changes values randomly every time I select one. For this, I will open a new issue describing the last one, as it certainly out of scope for this fix.

thanoskoutr avatar Aug 08 '22 18:08 thanoskoutr

I was also able to replicate those bugs, thanks again for letting us know. They were fairly easy to patch to please check out the branch again from the PR above and see if those two issues are resolved.

Regarding the latter on #2, it should default to linux as the platform each time but I agree it would make more sense to default to whatever the user had last selected. I'll add that one to our backlog and get that in for a future release.

argaudreau avatar Aug 10 '22 13:08 argaudreau

Ok just checked the new commits from the MR, and the 1st issue is fixed. Great support, thanks!

thanoskoutr avatar Aug 11 '22 17:08 thanoskoutr