Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Allowed to set NULL values in Alerts via API #476

Open
wrharding opened this issue May 3, 2024 · 1 comment
Open

[BUG] Allowed to set NULL values in Alerts via API #476

wrharding opened this issue May 3, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@wrharding
Copy link

Describe the bug
When creating a new alert via the API we are allowed to provide IOC's. When setting the IOC description field to NULL I do not get any errors from the API, nor are there web errors when viewing the IOC in the alert. The description is simply empty. However, when merging an alert that has a null description field into a case, I am experiencing a perpetual ellipses on the IOC tab in the case view. The web console produced the following error:

common.js:103 Uncaught TypeError: Cannot read properties of null (reading 'length')
    at ellipsis_field_raw (common.js:103:14)
    at ret_obj_dt_description (common.js:83:15)
    at render (case.ioc.js:399:26)
    at datatables.min.js:17:6970
    at n.fnGetData (datatables.min.js:17:3728)
    at _ (datatables.min.js:17:6174)
    at P (datatables.min.js:17:10069)
    at D (datatables.min.js:17:5951)
    at Vt.<anonymous> (datatables.min.js:17:56611)
    at Vt.iterator (datatables.min.js:17:48247)

When viewing the network traffic in the browser, I see ioc_description: null, as opposed to ioc_description: "" on IOCs manually submitted without adding a description.

To Reproduce
Steps to reproduce the behavior:

  1. Submit an alert via the API with an IOC that has ioc_description set to null.
  2. Merge alert into a new or existing Case.
  3. View the IOC tab in the Case.
  4. A perpetual ellipses will be shown. The UI will be broken/off centered. After a few moments "Updates available" will be shown in the top right.

Expected behavior
Null values are handled appropriately at some point by IRIS. Either by rejecting alerts with null values in required fields or translating null values to empty strings.

Desktop (please complete the following information):

  • OS: Windows 11
  • Browser Chrome 124.0.6367.119
  • Version 2.3.7 (Alert submitted via API v2.0.2); 2.4.7 (Alert submission not tested on API v v2.0.4)

Additional context
I am submitting alerts via the API without using the provided python client.
@wrharding wrharding added the bug Something isn't working label May 3, 2024
@wrharding
Copy link
Author

Discord discussion context:

https://discord.com/channels/922879298786975774/1086175654799745065/1235972930706604084

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wrharding