wazuh / wazuh-api

Wazuh - RESTful API
https://wazuh.com
GNU General Public License v2.0
68 stars 57 forks source link

Improvements on `GET /syscheck/:agent_id` request #473

Closed davidjiglesias closed 4 years ago

davidjiglesias commented 4 years ago

We have a regex validation stopping some input values for q parameter:

Filter by mtime or date (any operator):

GET /syscheck/003
{
  "q":"mtime=2006-05-07 09:28:01"
}

{
  "error": 622,
  "message": "Param not valid. Review queries documentation: https://documentation.wazuh.com/current/user-manual/api/queries.html.  Field: q",
  "data": false
}

File When include slash:

GET /syscheck/003
{
  "q":"file!=/usr/bin/c89-gcc"
}

{
  "error": 622,
  "message": "Param not valid. Review queries documentation: https://documentation.wazuh.com/current/user-manual/api/queries.html.  Field: q",
  "data": false
}

We shall adapt the input validation regex to accept some other characters such as : or %