Skip to content

Content update fails due to StrictDynamicMappingException #429

New issue
New issue
Open
Bug
#502
Open
Content update fails due to StrictDynamicMappingException#429
Bug
#502
Assignees
Jorgesnchz
Labels
6.0Pending work for the 6.0.0 major release, which is not being actively worked.level/taskTask issuetype/bugBug issue
@AlexRuiz7

Description

@AlexRuiz7
AlexRuiz7
opened on May 19, 2025

Describe the bug
The Content Updater fails, as it indexes fields not present in the wazuh-cve mappings. In particular, the context field.

[2025-05-19T14:39:05,768][DEBUG][c.w.c.c.CTIClient        ] [node-2] [/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0/changes] replied with status [200]
[2025-05-19T14:39:05,815][DEBUG][c.w.c.u.ContentUpdater   ] [node-2] Fetched offsets from 1950913 to 1951913
[2025-05-19T14:39:05,816][INFO ][c.w.c.i.ContentIndex     ] [node-2] Patching [wazuh-cve] from offset [1950914] to [1951913]
[2025-05-19T14:39:05,816][DEBUG][c.w.c.i.ContentIndex     ] [node-2] Processing offset [1950914]
[2025-05-19T14:39:05,817][DEBUG][c.w.c.i.ContentIndex     ] [node-2] Updating resource with ID [CVE-2022-49011]
[2025-05-19T14:39:05,887][ERROR][c.w.c.i.ContentIndex     ] [node-2] Failed to patch [CVE-2022-49011] due to StrictDynamicMappingException[mapping set to strict, dynamic introduction of [context] within [_doc] is not allowed]
[2025-05-19T14:39:05,887][ERROR][c.w.c.u.ContentUpdater   ] [node-2] Updated finally failed on offset [1950913]

To Reproduce
Steps to reproduce the behavior:

  1. [Prerequisite] Set up an Indexer with the wazuh-cve index initialized.
  2. Change the offset, as described in Fix overwrite of content offset on each start #401.
  3. Restart the indexer.
  4. See error

Expected behavior
The Content Manager correctly applies JSON Patch operations to the content, persisting it in the index.

Plugins
Content Manager.

Additional context

Command to change the offset.

curl -XPOST -k -u admin:admin "https://192.168.56.11:9200/wazuh-context/_update/vd_1.0.0" -H 'Content-Type: application/json' -d'
{
  "doc": {
    "vd_4.8.0": {
      "last_offset": 1950913,
      "last_snapshot_link": "https://cti.wazuh.com/store/contexts/vd_1.0.0/consumers/vd_4.8.0/1950913_1747638988.zip",
      "offset": 1950910
    }
  }
}
'

CTI consumer changes data
https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0/changes?from_offset=1950910&to_offset=1950913&with_empties=true

CTI documentation
https://github.com/wazuh/cti/blob/main/docs/ref/catalog.md#fetching-consumer-changes

Sample of CVE data being indexed

{
  "name": "CVE-2020-21627",
  "offset": 1426212,
  "version": 4,
  "inserted_at": "2024-02-29T23:17:36.191970Z",
  "payload": {
    "containers": {
      "cna": {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "unknown",
            "vendor": "unknown"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors."
          },
          {
            "lang": "es",
            "value": "Se ha detectado que el commit 9071227 de Ruijie RG-UAC contiene una vulnerabilidad en el componente /current_action.php?action=reboot, que permite a los atacantes causar una denegación de servicio (DoS) por medio de vectores no especificados"
          }
        ],
        "metrics": [
          {
            "cvssV2_0": {
              "accessComplexity": "LOW",
              "accessVector": "NETWORK",
              "authentication": "NONE",
              "availabilityImpact": "PARTIAL",
              "baseScore": 5,
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "version": "2.0"
            },
            "format": "CVSS"
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "NVD-CWE-noinfo",
                "lang": "en"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T05:12:44Z",
          "orgId": "00000000-0000-4000-A000-000000000003",
          "shortName": "DISCARDED_CNA",
          "x_subShortName": "nvd"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC"
          }
        ]
      }
    },
    "cveMetadata": {
      "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      "assignerShortName": "mitre",
      "cveId": "CVE-2020-21627",
      "datePublished": "2021-11-16T19:15:07Z",
      "dateUpdated": "2024-11-21T05:12:44Z",
      "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
  }
}

Metadata

Metadata

Assignees

Labels

6.0Pending work for the 6.0.0 major release, which is not being actively worked.level/taskTask issuetype/bugBug issue

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions