Agents query fails when filtered field includes '/' character

[migruiz4]

Wazuh	Elastic	Rev
3.9.2	6.8.0

Description Agents tab fails to search when using filters that include character '/'.

Steps to reproduce

1. Register an agent with os.name=
2. Go to 'Agents' tab
3. Add a filter for os.name= 'Debian GNU\Linux'
4. See error

Screenshots

Filter was added using the autocomplete option, which do include the agent OS:

When navigating without using filters, the agent is still visible.

[juankaromo]

Hi @wazuh/framework seems that something is wrong in the q param.

Regards.

[migruiz4]

Sorry, I accidentally closed the issue

After some tests, seems like the issue is related to the API. I have tried encoding the forward-slash using %2F but doesn't seem to work.

The q works using q=os.name~Debian%20GNU, but fails when it comes to the / character.

Maybe the Framework team can help us with this

[AdriiiPRodri]

Hi @migruiz4 and @juankaromo ,

Thanks for the report, we've been investigating this issue and it's correct that it is not currently working. The solution is to modify the regular expression in /api/helpers/input_validation.js#L92

As we see in the regular expression below, the specials characters / or \ are not allowed. In order to solve this problem you should just add them like this:

^(?:\(*[\w\.\-]+(?:=|!=|<|>|~)[\w\.\- \/\\]+\)*)(?:(?:;|,)\(*[\w\.\-]+(?:=|!=|<|>|~)[\w\.\- ]+\)*)*$

We will discuss the implications this change may have since the characters / and \ are reserved in http requests. As we can see in the following guide the characters / and \ are unsafe (https://perishablepress.com/stop-using-unsafe-characters-in-urls/) so it is better to encode them.

We're going to study how to proceed with the change. Thank you for the report.

Regards