Closed
Description
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu |
| TheHive version | 2.13.1 |
| Package Type | DEB |
Problem Description
When creating a new alert using an HTTP POST request to the /api/alert endpoint, it is possible to provide invalid TLP and/or severity attributes values and the API will happily accept it (for example, a TLP value of 42 and a severity value of -273).
Only valid values for these attributes should be accepted, ie (per the doc):
- TLP: (
-1:unknown;0:white;1:green;2:amber;3:red) - severity: (
0:not set;1:low;2:medium;3:high)
The UI is confused when the TLP or severity values of alerts or cases are invalid (see screenshot).
Steps to Reproduce
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/alert -d '{
"title": "New Alert",
"description": "N/A",
"type": "external",
"source": "instance1",
"sourceRef": "alert-ref",
"tlp": 42,
"severity": -273
}'
Possible Solutions
The API shall return a 400 HTTP status code with a message pointing at the wrong attribute(s) value(s) when one of the TLP or severity attribute value is out of range.
Complementary information
