romain-filigran
commented
4 days ago @Lhorus6: Can we exchange on this subject. Impossible to reproduce on my side. An error is returned.
Open Lhorus6 opened 5 days ago
romain-filigran
commented
4 days ago @Lhorus6: Can we exchange on this subject. Impossible to reproduce on my side. An error is returned.
Lhorus6
commented
1 day ago @romain-filigran We can look at this together yes, ping me
Description
Using the API (with pycti), you can add a label using its ID. However, it seems that no check is made on the existence of a label with the ID mentioned.
It is therefore possible to add a label ID that does not exist (i.e. which corresponds to nothing, no label). If this is done, the entity to which the label has been applied will no longer be accessible from the UI (it can still be queried via GraphQL). The added label ID must be removed (using the API once again, thanks to pycti's "remove_label" function), to be able to access the entity again in the UI.
Environment
OCTI 6.2.0
Reproducible Steps
Steps to create the smallest reproducible scenario:
Create an Indicator in the GUI
Get the ID of the Indicator (You can find it in the URL when you are on the Indicator)
Create a script that adds a label to the Indicator) using pycti like this :
opencti_api_client.stix_domain_object.add_label(id=[ID_of_the_Indicator], label_id=[ID_that_corresponds_to_nothing])Go back to the indicator in the UI (refresh the page if you were still on it)
Expected Output
I may have an error telling me that this ID does not correspond to any label.
Actual Output
The ID seems to be added to the entity on which the label is applied, and the entity thus becomes inaccessible from the UI (probably due to an error when the platform searches for the label corresponding to the ID).