MISP event filter require manual escapes #87

derDuffy · 2017-01-12T15:20:10Z

Request Type

Bug

Problem Description

The filter for MISP events produces errors if certain characters are not manually escaped before filtering.
This is for example the case if one would like to filter for a tlp tag like tlp:green it will only work if one searches for tlp\:green otherwise shared errors will appear.

Steps to Reproduce

Navigate to the MISP events page
Filter for colon

The text was updated successfully, but these errors were encountered:

nadouani · 2017-01-13T10:47:50Z

Hi @derDuffy, the issue here is that the colon is a "reserved" character, I mean that we cannot escape it since it should not for queries like field:value(example: eventStatus:New).

This requires us to implement a query syntax parser and validator, which is not something with "low priority" if we provide a more elaborated filter form, as described in #86

To escape the field values that contains reserved chars, make sure to wrap the value with quotes: tags:"tlp:white"

nadouani · 2017-03-13T13:49:25Z

Closing as duplicate of #86 where we will add a new filtering form

nadouani self-assigned this Jan 13, 2017

nadouani added this to the 2.11.0 milestone Jan 13, 2017

nadouani added the duplicate label Mar 13, 2017

nadouani closed this as completed Mar 13, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MISP event filter require manual escapes #87

MISP event filter require manual escapes #87

derDuffy commented Jan 12, 2017

nadouani commented Jan 13, 2017

nadouani commented Mar 13, 2017

MISP event filter require manual escapes #87

MISP event filter require manual escapes #87

Comments

derDuffy commented Jan 12, 2017

Request Type

Problem Description

Steps to Reproduce

nadouani commented Jan 13, 2017

nadouani commented Mar 13, 2017