list index out of range

[Zamanry]

Hello! I have two assessments within PurpleOps. Exporting the first assessment is fine. The second assessment export attempts results in a "internal server error" appearing on Google Chrome:

Using docker container attach purpleops yielded this output:

I've tried 1. removing any odd special characters in the applicable fields, 2. removing/adding roles/permissions, 3. using the admin account. The VM I'm using to view PurpleOps' GUI has no endpoint controls that could be stopping it. I am running the PurpleOps server locally. So network controls don't apply either.

I am currently on-site with a client. Any quick assistance would be much appreciated! Happy to help troubleshoot!

[Zamanry]

Just encountered this again at a different client assessment.

[turnernator1]

Hey @Zamanry, sorry for the late reply on this one.

This is due to Test Case attributes (sources, targets, tools, controls, and tags) referencing objects that have been deleted from the Mongo Database.

This should no longer occur if you pull the latest commit of PurpleOps. However, please try the following steps if this occurs again.

1. Save the below JavaScript snippet as mongoFix.js to your machine
2. Download and install mongosh on host
3. Run mongosh in terminal - connecting to PurpleOps mongo
4. In the shell, run use assessment3
5. Then run load ('/path/to/mongoFix.js');
6. This will remove any invalid references to sources, targets, tools, controls , tags (all which cause the internal server error while exporting)

// Define the fields that need to be validated
const listFields = ["sources", "targets", "tools", "controls", "tags"];
 
// Function to clean up TestCase references
async function cleanUpTestCases() {
  // Fetch all TestCase documents
  const testCases = await db.test_case.find().toArray();
 
  for (const testcase of testCases) {
    // Fetch the associated Assessment document
	const assessment_ID = ObjectId(testcase.assessmentid);
	const assessment = await db.assessment.findOne({ _id: assessment_ID });
 
    if (!assessment) {
      print(`Assessment with ID ${testcase.assessmentid} not found for TestCase ${testcase._id}`);
      continue;
    }
 
    const updates = {};
 
    // Iterate over each field in listFields
    for (const field of listFields) {
      // Collect IDs from the Assessment document
      const ids = assessment[field] ? assessment[field].map(item => item.id.toString()) : [];
      const validIds = testcase[field].filter(fieldId => ids.includes(fieldId));
      if (ids.length != validIds.length) {
          print(`Found invalid ${field} reference in Test Case ${testcase['mitreid']}-${testcase['tactic']}`)
       }
      // Add the valid IDs to the updates object
      updates[field] = validIds ? validIds : [];
    }
 
    // Update the TestCase document with the cleaned arrays
    if (Object.keys(updates).length > 0) {
      await db.test_case.updateOne(
        { _id: testcase._id },
        { $set: updates }
      );
      print(`TestCase ${testcase._id} checked and consolidated`);
    }
  }
}
 
// Run the cleanup function
cleanUpTestCases();

[Zamanry]

Thank you, giving this a shot momentarily. We are using the latest commit. Assuming you're referencing the latest commit on your internal branch? I saw somewhere else you mentioned an upcoming release. Excited!

[Zamanry]

So I successfully connected to the Docker container MongoDB via MongoDB Shell and ran the script. I got a response of True when loaded,. No actual print statements which I assume is the issue. I made sure the script was loading by trying a fake file. See below:

Same error even upon 1. PurpleOps shutdown, 2. MongoDB shutdown, 3. MongoDB start, 4. PurpleOps start. My error is occurring on the second assessment within PurpleOps, not the first, in case that matters. Appreciate the help!

[Zamanry]

I accidently typo-ed the db name UGH. Incorrect: use assessment3. Correct: use assessments3 PLURAL. You'd think there would be a MongoDB error there, but nope. Successfully exported. Thanks for the help! I'll leave the issue open until a pull/merge request fixes this issue.