search

opensearch-project / security-analytics

Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
Apache License 2.0
72 stars 72 forks source link

[BUG] PUT on source without "name" in request makes the source unable to be fetched/deleted/listed/updated #1366

Open Salar24 opened 2 days ago

Salar24 commented 2 days ago

What is the bug? Threat-intel Sources when modified using the API with PUT, without having the "name" in request body, makes the server throw 500 for every request that includes the source in the response, and the source can also not be DELETED

How can one reproduce the bug? Steps to reproduce the behavior:

  1. Utilize the API
  2. Run POST _plugins/_security_analytics/threat_intel/sources (I utilized file_upload API)
  3. Run PUT _plugins/_security_analytics/threat_intel/sources/ (Without "name" in request body")
  4. Response Body: {"ok":false,"error":"[illegal_state_exception] Can't get text on a VALUE_NULL at 1:26"}

What is the expected behavior? There should be a validation for this, and in case not, the source should still have a way to be deleted. Via the dashboards or API, and it should not break the other endpoints which return this ( Fetch All )

What is your host/environment?

Do you have any screenshots? Error 1 error 2

Do you have any additional context? Crucially, the DELETE isn't working, so I cannot find a way to get rid of the faulty source via the API.

Salar24 commented 2 days ago

Apologies OS: Linux Version: 2.17.0