error traversing malformed link into security from an action email #94967
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Rule Actions
Security Solution Rule Actions feature
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
In this discuss post, a customer notes that a link rendered in an email sent from a security alert got malformed (from our auto-linkification of text in the email). (There's already a separate issue tracking the general issue with email linkification).
The malformed link truncated some data at the end of the URL, and when the customer navigated to that URL from the email, they ended up seeing a stack walkback in their browser:
Here's the link they saw rendered in their email:
Looks like we need to do better sanitization of the incoming URL query string params. I'd expect this URL to fail with some kind of message in the Kibana UI about the URL being invalid, vs seeing a stack walkback.
As a separate note, I'm not sure if we generated this link, or if the customer did, but if it was us, we could consider using markdown-style links here -
[text](url)
instead of the flat url, which should then render correctly in email, but be a bit unfortunate for other actions (for example, Slack) which will see the raw markdown. Which isn't horrible, but obviously isn't great. Presumably we'll be able to supply different default messages on a per-action-type basis, once we resolve issue #66095, but we're not there yet.The text was updated successfully, but these errors were encountered: