PyMISP icon indicating copy to clipboard operation
PyMISP copied to clipboard

Published 20 hours ago verified publisher icon MISP

fix: [search_index] Update date_from and date_to parameters to date str

Open tomking2 opened this issue 1 year ago • 3 comments

I don't think it was always this way, but it now appears that MISP is unable to handle the datefrom and dateto parameters for the event index as timestamps. The value is directly passed to the DB, which has unexpected results depending on the DB choice:

  • MariaDB: Seems to return everything, ignoring the filter
  • Azure MySQL: Returns nothing

The solution is to instead format the field as a date string YYYY-MM-DD which correctly enables you to use these filters on the search_index endpoint. This should be a non-breaking change, as the fields accept the same input types as before.

tomking2 avatar Oct 10 '24 11:10 tomking2

Okay Tom and Jerry 🤣

On Thu, Oct 10, 2024 at 12:12 PM Tom King @.***> wrote:

I don't think it was always this way, but it now appears that MISP is unable to handle the datefrom and dateto parameters for the event index as timestamps. The value is directly passed to the DB, which has unexpected results depending on the DB choice:

  • MariaDB: Seems to return everything, ignoring the filter
  • Azure MySQL: Returns nothing

The solution is to instead format the field as a date string YYYY-MM-DD which correctly enables you to use these filters on the search_index endpoint. This should be a non-breaking change, as the fields accept the same input types as before.

You can view, comment on, or merge this pull request online at:

https://github.com/MISP/PyMISP/pull/1304 Commit Summary

File Changes

(2 files https://github.com/MISP/PyMISP/pull/1304/files)

Patch Links:

  • https://github.com/MISP/PyMISP/pull/1304.patch
  • https://github.com/MISP/PyMISP/pull/1304.diff

— Reply to this email directly, view it on GitHub https://github.com/MISP/PyMISP/pull/1304, or unsubscribe https://github.com/notifications/unsubscribe-auth/BLL6ZRZQSW7AFVODBQYJV4LZ2ZOKPAVCNFSM6AAAAABPWRCC4KVHI2DSMVQWIX3LMV43ASLTON2WKOZSGU3TQNJRGU2DGMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

Lobasin avatar Oct 10 '24 11:10 Lobasin

Just checking, which version of MISP are you using? That might be a new thing with 2.5 and PHP8.

cc @iglocska @mokaddem

Rafiot avatar Oct 10 '24 12:10 Rafiot

I've tested on both 2.4 and 2.5 and a timestamp doesn't appear to work for either. A quick scan of the MISP codebase shows no changes to the index function in months so I think this predates any 2.5 and PHP8 switch, but I'll let @iglocska and @mokaddem confirm.

tomking2 avatar Oct 10 '24 13:10 tomking2