agents/name/:agent_name is case sensitive

wazuh / wazuh-api

Wazuh - RESTful API

https://wazuh.com

GNU General Public License v2.0

69 stars 57 forks source link

agents/name/:agent_name is case sensitive #467

Closed skiingyac closed 4 years ago

skiingyac commented 4 years ago

Agent name is basically the hostname. Let's say the name is BoB.

This works: GET /agents/name/BoB This doesn't: GET /agents/name/bob This works: /agents?pretty&q=name=BoB This works: /agents?pretty&q=name=bob

Is there a good reason why /agents/name/:agent_name case-sensitive is case sensitive while /agents?q=name=:agent_name is not? I believe they both should be insensitive (rather than both case sensitive).

AdriiiPRodri commented 4 years ago

Hi @skiingyac,

This is because the 'q' parameter is used to search, which is less restrictive than the /agents/:agent_name endpoint. This endpoint is strict since you are trying to access an agent and this requires that you know exactly its name.

This behavior makes that we can have two or more agents with the same name but that are recognized by capital letters. In this last case, the 'q' parameter should show all the agents regardless the capital letters or not, because it is a filter over a list of agents.

I hope that this answer solves your doubt, in any case, if you have any other doubts, please do not hesitate to ask.

Regards

skiingyac commented 4 years ago

This approach is bad for other systems calling the API, which I believe is what the API is for. Using q= is vulnerable to partial matches. For example, if both foo and foobar exist, q=foo returns both and so requires extra processing in the requestor to filter out partial matches. I guess unfortunately this is the approach I'll have to take but it is particularly bad for short names that could return many partial matches and just cause a lot of overhead. The agents/name/:agent_name API can't be used because it returns NO matches since the most requestors would be treating the hostname case-insensitive and so don't know the precise capitalization. I was very surprised by this since I've not come across another API where username or hostname are case sensitive and so assumed it had to have been an oversight.

AdriiiPRodri commented 4 years ago

Hi @skiingyac,

We have created issue #468 to add this functionality to the Wazuh API. This issue will be closed, in order to better track the development of this functionality.

Best regards, Adri