Investigate on RSS public Feed 403 issue.

OpenCTI-Platform · Dec 5, 2024 · f858039 · f858039
1 parent 42007fd
commit f858039
Show file tree

Hide file tree

Showing 4 changed files with 146 additions and 8 deletions.
diff --git a/opencti-platform/opencti-graphql/config/test.json b/opencti-platform/opencti-graphql/config/test.json
@@ -42,11 +42,6 @@
       "token": "d434ce02-e58e-4cac-8b4c-42bf16748e84"
     }
   },
-  "http_proxy": "http://proxy.opencti.io:2000",
-  "https_proxy": "https://proxy.opencti.io:2100",
-  "no_proxy": "localhost,127.0.0.0/8,internal.opencti.io,rabbitmq",
-  "https_proxy_ca": [],
-  "https_proxy_reject_unauthorized": false,
   "redis": {
     "namespace": "test",
     "hostname": "localhost",

diff --git a/opencti-platform/opencti-graphql/src/manager/ingestionManager.ts b/opencti-platform/opencti-graphql/src/manager/ingestionManager.ts
@@ -6,6 +6,7 @@ import { v4 as uuidv4 } from 'uuid';
 import { clearIntervalAsync, setIntervalAsync } from 'set-interval-async/fixed';
 import type { SetIntervalAsyncTimer } from 'set-interval-async/fixed';
 import type { Moment } from 'moment';
+import axios from 'axios';
 import { lockResource } from '../database/redis';
 import conf, { booleanConf, logApp } from '../config/conf';
 import { TYPE_LOCK_ERROR, UnsupportedError } from '../config/errors';
@@ -179,6 +180,23 @@ const rssHttpGetter = (): Getter => {
   };
 };
 
+const rssHttpGetterV2 = (): Getter => {
+  return async (uri: string) => {
+    console.log(`${uri}`);
+    const options = {
+      method: 'GET',
+      url: 'https://www.securityweek.com/feed',
+      params: { '': '' },
+      headers: {
+        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0'
+      }
+    };
+
+    const { data } = await axios.request(options);
+    return data;
+  };
+};
+
 // RSS Title is mandatory
 // A valid date is required, and after the current_state_date
 const rssDataFilter = (items: DataItem[], current_state_date: Date | undefined): DataItem[] => {

diff --git a/opencti-platform/opencti-graphql/src/utils/http-client.ts b/opencti-platform/opencti-graphql/src/utils/http-client.ts
@@ -25,7 +25,7 @@ export interface GetHttpClient {
   }
 }
 
-const buildHttpAgentOpts = (uri: string, baseURL: string | undefined, defaultHttpAgent: HttpAgent, defaultHttpsAgent: HttpsAgent) => {
+const buildHttpAgentOpts = (uri: string, baseURL: string | undefined, defaultHttpAgent: HttpAgent | undefined, defaultHttpsAgent: HttpsAgent | undefined) => {
   const agentUri = baseURL ? `${baseURL}${uri}` : uri;
   return {
     httpAgent: getPlatformHttpProxyAgent(agentUri) ?? defaultHttpAgent,
@@ -38,8 +38,12 @@ export const getHttpClient = ({ baseURL, headers, rejectUnauthorized, responseTy
   const cert = isNotEmptyField(certificates?.cert) ? fromBase64(certificates?.cert) : undefined;
   const key = isNotEmptyField(certificates?.key) ? fromBase64(certificates?.key) : undefined;
   const ca = isNotEmptyField(certificates?.ca) ? fromBase64(certificates?.ca) : undefined;
-  const defaultHttpAgent = new http.Agent();
-  const defaultHttpsAgent = new https.Agent({ rejectUnauthorized: rejectUnauthorized === true, cert, key, ca });
+  const defaultHttpAgent: http.Agent | undefined = undefined;
+  let defaultHttpsAgent: https.Agent | undefined;
+
+  if (cert || key || ca) {
+    defaultHttpsAgent = new https.Agent({ rejectUnauthorized: rejectUnauthorized === true, cert, key, ca });
+  }
   // Create the default caller
   const caller = axios.create({
     baseURL,
@@ -54,5 +58,6 @@ export const getHttpClient = ({ baseURL, headers, rejectUnauthorized, responseTy
     get: async (url: string, opts: any = {}) => caller.get(url, { ...opts, ...buildHttpAgentOpts(url, baseURL, defaultHttpAgent, defaultHttpsAgent) }),
     post: async (url: string, data: object, opts: any = {}) => caller.post(url, data, { ...opts, ...buildHttpAgentOpts(url, baseURL, defaultHttpAgent, defaultHttpsAgent) }),
     delete: async (url: string, opts: any = {}) => caller.delete(url, { ...opts, ...buildHttpAgentOpts(url, baseURL, defaultHttpAgent, defaultHttpsAgent) }),
+    request: async (url: string, opts: any = {}) => caller.request({ ...opts, ...buildHttpAgentOpts(url, baseURL, defaultHttpAgent, defaultHttpsAgent) }),
   };
 };
diff --git a/opencti-platform/opencti-graphql/tests/angie-test.ts b/opencti-platform/opencti-graphql/tests/angie-test.ts
@@ -0,0 +1,120 @@
+import { describe, it } from 'vitest';
+import axios, { type AxiosRequestConfig } from 'axios';
+import { getHttpClient, type GetHttpClient } from '../src/utils/http-client';
+
+axios.interceptors.request.use((request) => {
+  console.log('******🐠🐠 Starting Request', JSON.stringify(request, null, 2));
+  return request;
+});
+
+describe('HTTP Get', () => {
+  type Getter = (uri: string) => Promise<object>;
+
+  const userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36';
+  const ingestionURL = 'https://www.redpacketsecurity.com/feed/';
+
+  /*
+  https://dailydarkweb.net/feed/
+  https://cybersecurity.att.com/site/blog-all-rss
+
+  https://www.securityweek.com/feed/
+  */
+
+  const rssHttpGetter = (): Getter => {
+    const httpClientOptions: GetHttpClient = {
+      responseType: 'text',
+      headers: {
+        accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
+        'accept-encoding': 'identity',
+        'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7',
+        'cache-control': 'max-age=0',
+        'if-modified-since': 'Wed, 04 Dec 2024 18:49:00 GMT',
+        'if-none-match': 'W/"54c78a500afa9073204546d19a8ab4c5"',
+        priority: 'u=0, i',
+        'sec-ch-ua': '"Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"',
+        'sec-ch-ua-mobile': '?0',
+        'sec-ch-ua-platform': '"Windows"',
+        'sec-fetch-dest': 'document',
+        'sec-fetch-mode': 'navigate',
+        'sec-fetch-site': 'none',
+        'sec-fetch-user': '?1',
+        'upgrade-insecure-requests': '1',
+        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+        Pragma: 'no-cache'
+      }
+    };
+
+    const httpClientOptionsShort: GetHttpClient = {
+      responseType: 'text',
+      headers: {
+        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+      }
+    };
+
+    const httpClient = getHttpClient(httpClientOptionsShort);
+    return async (uri: string) => {
+      const { data } = await httpClient.get(uri);
+      return data;
+    };
+  };
+
+  const rssHttpGetterV2 = (): Getter => {
+    return async (uri: string) => {
+      const options: AxiosRequestConfig = {
+        method: 'GET',
+        url: uri,
+        headers: {
+          accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
+          'accept-encoding': 'identity',
+          'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7',
+          'cache-control': 'max-age=0',
+          'if-modified-since': 'Wed, 04 Dec 2024 18:49:00 GMT',
+          'if-none-match': 'W/"54c78a500afa9073204546d19a8ab4c5"',
+          priority: 'u=0, i',
+          'sec-ch-ua': '"Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"',
+          'sec-ch-ua-mobile': '?0',
+          'sec-ch-ua-platform': '"Windows"',
+          'sec-fetch-dest': 'document',
+          'sec-fetch-mode': 'navigate',
+          'sec-fetch-site': 'none',
+          'sec-fetch-user': '?1',
+          'upgrade-insecure-requests': '1',
+          'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+          Pragma: 'no-cache'
+        }
+      };
+      const { data } = await axios.request(options);
+      return data;
+    };
+  };
+
+  it('HTTP Get current implementation', async () => {
+    try {
+      const httpGet = rssHttpGetter();
+      const data = await httpGet(ingestionURL);
+      console.log('CURRENT data', data);
+    } catch (e) {
+      console.log('CURRENT error', e);
+    }
+  });
+
+  it('HTTP Get custom implementation', async () => {
+    try {
+      const httpGet = rssHttpGetterV2();
+      const data = await httpGet(ingestionURL);
+      console.log('NEW data', data);
+    } catch (e) {
+      console.log('NEW error', e);
+    }
+  });
+
+  it('HTTP Get fetch implementation', async () => {
+    try {
+      await fetch(ingestionURL)
+        .then((response) => response.text())
+        .then((data) => console.log(data));
+    } catch (e) {
+      console.log('NEW error', e);
+    }
+  });
+});