Skip to content
This repository was archived by the owner on Jun 27, 2025. It is now read-only.

Comments

Fix search issue with author and dedup_titles both selected#30

Open
TheDr1ver wants to merge 1 commit intogcrahay:masterfrom
TheDr1ver:patch-2
Open

Fix search issue with author and dedup_titles both selected#30
TheDr1ver wants to merge 1 commit intogcrahay:masterfrom
TheDr1ver:patch-2

Conversation

@TheDr1ver
Copy link
Contributor

There's an odd issue with PyMISP's search_index() function where it either truncates the search term at | or treats | as an OR statement.

Either way, if you have a large DB filled with stuff like "Alienvault | Pulse Name" you'll get back results for every event that has Alienvault in the title. That is, unless you changing the | to | right before searching, which is what this PR does.

There's an odd issue with PyMISP's search_index() function where it either truncates the search term at | or treats | as an OR statement. 

Either way, if you have a large DB filled with stuff like "Alienvault | Pulse Name" you'll get back results for every event that has Alienvault in the title. That is, unless you changing the | to \| right before searching, which is what this PR does.
@chrisinmtown
Copy link

Just out of curiosity, does this defect actually reveal a SQL injection vulnerability in the MISP search feature? I believe that search strings should never be parsed, so special characters like pipe (|) should have no effect if untrusted data is treated appropriately.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants