Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error traversing malformed link into security from an action email #94967

Open
pmuellr opened this issue Mar 18, 2021 · 3 comments
Open

error traversing malformed link into security from an action email #94967

pmuellr opened this issue Mar 18, 2021 · 3 comments
Assignees
@rylnd
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Actions Security Solution Rule Actions feature impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. sdh-linked Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@pmuellr
Copy link
Member

pmuellr commented Mar 18, 2021

In this discuss post, a customer notes that a link rendered in an email sent from a security alert got malformed (from our auto-linkification of text in the email). (There's already a separate issue tracking the general issue with email linkification).

The malformed link truncated some data at the end of the URL, and when the customer navigated to that URL from the email, they ended up seeing a stack walkback in their browser:

image

Here's the link they saw rendered in their email:

image

Looks like we need to do better sanitization of the incoming URL query string params. I'd expect this URL to fail with some kind of message in the Kibana UI about the URL being invalid, vs seeing a stack walkback.

As a separate note, I'm not sure if we generated this link, or if the customer did, but if it was us, we could consider using markdown-style links here - [text](url) instead of the flat url, which should then render correctly in email, but be a bit unfortunate for other actions (for example, Slack) which will see the raw markdown. Which isn't horrible, but obviously isn't great. Presumably we'll be able to supply different default messages on a per-action-type basis, once we resolve issue #66095, but we're not there yet.
@pmuellr pmuellr added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Mar 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@peluja1012 peluja1012 added the Team:Threat Hunting Security Solution Threat Hunting Team label Aug 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@MadameSheema MadameSheema removed their assignment Sep 29, 2021
@MadameSheema MadameSheema added Team:Detection Rule Management Security Detection Rule Management Team and removed Team:Threat Hunting Security Solution Threat Hunting Team triage_needed labels Sep 29, 2021
@MadameSheema MadameSheema added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. sdh-linked labels Sep 29, 2021
@banderror banderror removed their assignment Sep 30, 2021
@banderror banderror added the 8.2 candidate considered, but not committed, for 8.2 release label Feb 14, 2022
@MindyRS MindyRS added the Team:Detections and Resp Security Detection Response Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror added v8.2.0 Feature:Rule Actions Security Solution Rule Actions feature labels Mar 10, 2022
@banderror banderror added 8.3 candidate and removed v8.2.0 8.2 candidate considered, but not committed, for 8.2 release labels Apr 11, 2022
@banderror banderror added Team:Detection Alerts Security Detection Alerts Area Team and removed Team:Detection Rule Management Security Detection Rule Management Team labels Oct 25, 2022
@yctercero yctercero added the Team:Detection Engine Security Solution Detection Engine Area label May 13, 2023
@yctercero yctercero removed the Team:Detection Alerts Security Detection Alerts Area Team label May 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rylnd rylnd

Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Actions Security Solution Rule Actions feature impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. sdh-linked Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@pmuellr @peluja1012 @rylnd @MindyRS @banderror @yctercero @elasticmachine @MadameSheema