Some characters like brackets are not correctly encoded in searches

[crackytsi]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Debian
OS version (client)	Seven using Chrome Browser
TheHive version / git hash	3.1.0
Package Type	DEB

Problem Description

If you try to search for a string containting a "(" e.g. "test (" within Search --> All, Cases, ... the search failes: "Invalid search query"
It seems that the bracket is interpreted as a part of the ES query instead of the searchable string.

[rolinh]

I'm affected as well (v3.1.2). This is related to this old bug I reported (#285).
The difference is that now the server reports an HTTP 400 instead of a 500 but it's still not possible to perform a search with special characters such as [, (, : because of improper input sanitization.

[info] o.e.ErrorHandler - POST /api/_search?range=0-10&nparent=10 returned 400                                                                                                                                                         [13/1242]
org.elasticsearch.transport.RemoteTransportException: [foobar][127.0.0.1:9300][indices:data/read/search]
Caused by: org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onPhaseFailure(AbstractSearchAsyncAction.java:272)
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:130)
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onPhaseDone(AbstractSearchAsyncAction.java:241)
        at org.elasticsearch.action.search.InitialSearchPhase.onShardFailure(InitialSearchPhase.java:107)
        at org.elasticsearch.action.search.InitialSearchPhase.access$100(InitialSearchPhase.java:49)
        at org.elasticsearch.action.search.InitialSearchPhase$2.lambda$onFailure$1(InitialSearchPhase.java:217)
        at org.elasticsearch.action.search.InitialSearchPhase.maybeFork(InitialSearchPhase.java:171)
        at org.elasticsearch.action.search.InitialSearchPhase.access$000(InitialSearchPhase.java:49)
        at org.elasticsearch.action.search.InitialSearchPhase$2.onFailure(InitialSearchPhase.java:217)
        at org.elasticsearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:51)
Caused by: org.elasticsearch.index.query.QueryShardException: Failed to parse query [(]
        at org.elasticsearch.index.query.QueryStringQueryBuilder.doToQuery(QueryStringQueryBuilder.java:1042)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)
        at org.elasticsearch.index.query.BoolQueryBuilder.addBooleanClauses(BoolQueryBuilder.java:444)
        at org.elasticsearch.index.query.BoolQueryBuilder.doToQuery(BoolQueryBuilder.java:418)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)
        at org.elasticsearch.index.query.BoolQueryBuilder.addBooleanClauses(BoolQueryBuilder.java:444)
        at org.elasticsearch.index.query.BoolQueryBuilder.doToQuery(BoolQueryBuilder.java:418)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)
        at org.elasticsearch.index.query.QueryShardContext.lambda$toQuery$1(QueryShardContext.java:313)
        at org.elasticsearch.index.query.QueryShardContext.toQuery(QueryShardContext.java:325)
Caused by: org.elasticsearch.common.io.stream.NotSerializableExceptionWrapper: parse_exception: Cannot parse '(': Encountered "<EOF>" at line 1, column 1.
Was expecting one of:
    <NOT> ...
    "+" ...
    "-" ...
    <BAREOPER> ...
    "(" ...
    "*" ...
    <QUOTED> ...
    <TERM> ...
    <PREFIXTERM> ...
    <WILDTERM> ...
    <REGEXPTERM> ...
    "[" ...
    "{" ...
    <NUMBER> ...
    <TERM> ...

        at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:116)
        at org.apache.lucene.queryparser.classic.MapperQueryParser.parse(MapperQueryParser.java:824)
        at org.elasticsearch.index.query.QueryStringQueryBuilder.doToQuery(QueryStringQueryBuilder.java:1040)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)
        at org.elasticsearch.index.query.BoolQueryBuilder.addBooleanClauses(BoolQueryBuilder.java:444)
        at org.elasticsearch.index.query.BoolQueryBuilder.doToQuery(BoolQueryBuilder.java:418)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)
        at org.elasticsearch.index.query.BoolQueryBuilder.addBooleanClauses(BoolQueryBuilder.java:444)
        at org.elasticsearch.index.query.BoolQueryBuilder.doToQuery(BoolQueryBuilder.java:418)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)
Caused by: org.elasticsearch.common.io.stream.NotSerializableExceptionWrapper: parse_exception: Encountered "<EOF>" at line 1, column 1.
Was expecting one of:
    <NOT> ...
    "+" ...
    "-" ...
    <BAREOPER> ...
    "(" ...
    "*" ...
    <QUOTED> ...
    <TERM> ...
    <PREFIXTERM> ...
    <WILDTERM> ...
    <REGEXPTERM> ...
    "[" ...
    "{" ...
    <NUMBER> ...
    <TERM> ...

        at org.apache.lucene.queryparser.classic.QueryParser.generateParseException(QueryParser.java:931)
        at org.apache.lucene.queryparser.classic.QueryParser.jj_consume_token(QueryParser.java:813)
        at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:252)
        at org.apache.lucene.queryparser.classic.QueryParser.Clause(QueryParser.java:359)
        at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:244)
        at org.apache.lucene.queryparser.classic.QueryParser.TopLevelQuery(QueryParser.java:215)
        at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:111)
        at org.apache.lucene.queryparser.classic.MapperQueryParser.parse(MapperQueryParser.java:824)
        at org.elasticsearch.index.query.QueryStringQueryBuilder.doToQuery(QueryStringQueryBuilder.java:1040)
        at org.elasticsearch.index.query.AbstractQueryBuilder.toQuery(AbstractQueryBuilder.java:96)