[Import] Validating a workbench within a report can import a random file into it. about connectors HOT 5 CLOSED

can lead to break of file confidentiality inside a platform

from connectors.

Issue reproduced. On it.

Before validating the workbench on the empty report

After validation : I see the txt file added

from connectors.

The issue seem to be happening in importdocument connector : The connector seem to keep in memory the last uploaded file (global import), and add it to the report bundle. I suspect this part of the code :

if data["file_id"].startswith("import/global"):
    file_data = open(file_name, "rb").read()
    file_data_encoded = base64.b64encode(file_data)
    self.file = {
        "name": data["file_id"].replace("import/global/", ""),
        "data": file_data_encoded,
        "mime_type": "application/pdf",
    }

Then this self.file is used here :

entity_stix["x_opencti_files"] = (
    [self.file] if self.file is not None else []
) 

This connector has been updated recently, I'm not sure yet how to fix this behavior @richard-julien @SamuelHassine

=> Actually I might have a fix, opening PR soon

from connectors.

PR open here in connectors : #2141

from connectors.

To precise the issue : the report will contain the last uploaded file from global import, not a random one. To reproduce, you need to first upload a file (import global), import it to create a workbench, then you import a file in a report and create a workbench from this report, and when validating this report workbench, it will add to the report the last uploaded file in global.

from connectors.