Description
Description
When triggering a simulation from OpenCTI (via the "Simulate" button on an incident or report), OpenBAS fails to import the scenario ZIP file. This results in a ZipException: zip END header not found error and returns a 500 DATABASE_ERROR response to OpenCTI. The error is reproducible even with a minimal incident that only includes a single attack pattern
Environment
OS (where OpenBAS server runs): Ubuntu 24.04 (Docker-based deployment)
OpenBAS version: 1.14.1 (latest at time of writing)
OpenBAS client: OpenCTI integration via /api/ endpoint
Other environment details:
OpenCTI version: 6.5.10
Docker Compose used for deployment
PostgreSQL 15
RabbitMQ & MinIO healthy
OpenBAS health check key is configured and reachable from OpenCTI
Reproducible Steps
Steps to create the smallest reproducible scenario:
1 In OpenCTI, navigate to any incident or report (even with minimal data).
2 Click on "Simulate" and attempt to create a scenario in OpenBAS.
3 The simulation fails with a 500 response from OpenBAS, and the following errors appear in logs.
Expected Output
The scenario ZIP should be validated and imported successfully by OpenBAS, or if invalid, a clear and safe error should be returned — not an unhandled exception and backend crash.
Actual Output
OpenBas LOGS
java.util.zip.ZipException: zip END header not found
at io.openbas.service.ImportService.handleFileImport(ImportService.java:68)
OpenCTI Logs
{
"code": "DATABASE_ERROR",
"message": "Error querying OpenBAS",
"http_status": 500,
"name": "DATABASE_ERROR"
}
Additional information
Verified that OpenBAS is healthy via health check API.
Manual scenario creation and export in OpenBAS UI works fine.
Simulation fails regardless of incident content — including clean ones with only 1 attack pattern.
Disabling collectors does not change behavior.
Issue appears to be triggered by invalid scenario ZIP generation in OpenCTI and unhandled in OpenBAS.
Screenshots (optional)
