opencti icon indicating copy to clipboard operation
opencti copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

Bad form validation in Create Observable form

Open labo-flg opened this issue 1 year ago • 5 comments

Description

When you try to create a new observable, the form is not validated. There is no red marking or error to tell you which field is missing.

Environment

OCTI 5.12.15 (seen on Testing and Demo platforms)

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. go to observables
  2. click on create button
  3. select File
  4. scroll down and directly click CREATE without filling anything

Expected Output

The form is validated, showing the fields that are required in red with a meaningful error message below the fields.

Actual Output

image

No red marking or error message.

labo-flg avatar Jan 11 '24 08:01 labo-flg

@labo-flg all observables or only File one?

Jipegien avatar Jan 11 '24 08:01 Jipegien

All observables I've tested are problematic. They might show a different error banner than the one in my screenshot (probably the low-level graphql error), but never highlight in red the faulty fields.

labo-flg avatar Jan 11 '24 13:01 labo-flg

Not critical for me as the control is done even if the failure message is not clear sometimes. Will be handle later

richard-julien avatar Jan 14 '24 21:01 richard-julien

@labo-flg @CelineSebe we can close this issue ?

jpkha avatar Feb 29 '24 08:02 jpkha

The issue as a whole was not addressed, only errors related to "associated file" field that were not properly passed down to the component and displayed as form validation.

The form is still not properly validated, the user has to submit a faulty form to get an error from the backend (error might be unclear) and iteratively fix his form values. Not the best UX.

fixing this would require adapting the yup validator dynamically to the type of object being created, not a quick patch.

labo-flg avatar Feb 29 '24 09:02 labo-flg

@jborozco we need to define this as a validation system feature for every form. Can you create a Notion page for 6.3 and take the lead on this (business and tech refinement) ?

Jipegien avatar Mar 04 '24 10:03 Jipegien

FYI @jborozco:

Exact same errors for ("missing required elements for XXXX creation (-)" ):

  • Artifact
  • Files
  • X509

Similar error for the following observables: (error is slightly different but not explicit either "observable is not correctly formatted")

  • Domain
  • Email adress
  • Hostname
  • IPV4
  • IPV6
  • Mac adress
  • Software

Different error, but still a bug for: there is no validation form for the following observables (can be created without entering any value in any field).

  • Windows registry key value
  • Email - MIME part

nino-filigran avatar Apr 04 '24 08:04 nino-filigran

Work have been done on this subject by a partner here : https://github.com/OpenCTI-Platform/opencti/pull/5877. We need to review this PR in regards of our defined requirement listed here. Any identified gaps can be address to the partner. Come see me for details if needed. cc @richard-julien for visibility

Jipegien avatar Apr 04 '24 10:04 Jipegien

Believe this is "improved" after merge of: Add required fields flagging to majority of platform object types w/ some caveats https://github.com/OpenCTI-Platform/opencti/pull/5877 - Test within branch to verify; probably doesn't solve all edge conditions.

ParamConstructor avatar Apr 24 '24 14:04 ParamConstructor

Linked with this: https://github.com/OpenCTI-Platform/opencti/issues/6819

nino-filigran avatar Apr 26 '24 09:04 nino-filigran